drbg: Implemented NIST SP-800-90A DRBG
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 9 Oct 2019 22:00:05 +0000 (00:00 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 16 Oct 2019 14:46:24 +0000 (16:46 +0200)
36 files changed:
conf/Makefile.am
conf/plugins/drbg.opt [new file with mode: 0644]
configure.ac
src/libstrongswan/Makefile.am
src/libstrongswan/crypto/crypto_factory.c
src/libstrongswan/crypto/crypto_factory.h
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/crypto_tester.h
src/libstrongswan/crypto/drbgs/drbg.c [new file with mode: 0644]
src/libstrongswan/crypto/drbgs/drbg.h [new file with mode: 0644]
src/libstrongswan/crypto/rngs/rng_tester.c [new file with mode: 0644]
src/libstrongswan/crypto/rngs/rng_tester.h [new file with mode: 0644]
src/libstrongswan/crypto/transform.c
src/libstrongswan/crypto/transform.h
src/libstrongswan/plugins/drbg/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/drbg/drbg_ctr.c [new file with mode: 0644]
src/libstrongswan/plugins/drbg/drbg_ctr.h [new file with mode: 0644]
src/libstrongswan/plugins/drbg/drbg_hmac.c [new file with mode: 0644]
src/libstrongswan/plugins/drbg/drbg_hmac.h [new file with mode: 0644]
src/libstrongswan/plugins/drbg/drbg_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/drbg/drbg_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/plugin_feature.c
src/libstrongswan/plugins/plugin_feature.h
src/libstrongswan/plugins/test_vectors/Makefile.am
src/libstrongswan/plugins/test_vectors/test_vectors.h
src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c [new file with mode: 0644]
src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c [new file with mode: 0644]
src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
src/libstrongswan/tests/Makefile.am
src/libstrongswan/tests/suites/test_mgf1.c
src/libstrongswan/tests/suites/test_rng_tester.c [new file with mode: 0644]
src/libstrongswan/tests/suites/test_test_rng.c [deleted file]
src/libstrongswan/tests/suites/test_vectors.c
src/libstrongswan/tests/tests.h
src/libstrongswan/tests/utils/test_rng.c [deleted file]
src/libstrongswan/tests/utils/test_rng.h [deleted file]

index 0080a55..1c2b412 100644 (file)
@@ -39,6 +39,7 @@ plugins = \
        plugins/curl.opt \
        plugins/dhcp.opt \
        plugins/dnscert.opt \
+       plugins/drbg.opt \
        plugins/duplicheck.opt \
        plugins/eap-aka.opt \
        plugins/eap-aka-3gpp.opt \
diff --git a/conf/plugins/drbg.opt b/conf/plugins/drbg.opt
new file mode 100644 (file)
index 0000000..2d132a1
--- /dev/null
@@ -0,0 +1,3 @@
+charon.plugins.drbg.max_drbg_requests = 4294967294
+       Number of pseudo-random bit requests from the DRBG before an automatic
+       reseeding occurs.
index 6a20ce6..8016f44 100644 (file)
@@ -1,6 +1,6 @@
 #
 # Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2017 Andreas Steffen
+# Copyright (C) 2006-2019 Andreas Steffen
 # Copyright (C) 2006-2014 Martin Willi
 # HSR Hochschule fuer Technik Rapperswil
 #
@@ -132,6 +132,7 @@ ARG_ENABL_SET([chapoly],        [enables the ChaCha20/Poly1305 AEAD plugin.])
 ARG_DISBL_SET([cmac],           [disable CMAC crypto implementation plugin.])
 ARG_ENABL_SET([ctr],            [enables the Counter Mode wrapper crypto plugin.])
 ARG_DISBL_SET([des],            [disable DES/3DES software implementation plugin.])
+ARG_DISBL_SET([drbg],           [disable the NIST Deterministic Random Bit Generator plugin.])
 ARG_DISBL_SET([fips-prf],       [disable FIPS PRF software implementation plugin.])
 ARG_ENABL_SET([gcm],            [enables the GCM AEAD wrapper crypto plugin.])
 ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
@@ -1442,6 +1443,7 @@ ADD_PLUGIN([ctr],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ccm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ntru],                 [s charon scripts nm cmd])
+ADD_PLUGIN([drbg],                 [s charon pki scripts nm cmd])
 ADD_PLUGIN([newhope],              [s charon scripts nm cmd])
 ADD_PLUGIN([bliss],                [s charon pki scripts nm cmd])
 ADD_PLUGIN([curl],                 [s charon scepclient pki scripts nm cmd])
@@ -1611,6 +1613,7 @@ AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
 AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
 AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
 AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
+AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
 
 #  charon plugins
 # ----------------
@@ -1887,6 +1890,7 @@ AC_CONFIG_FILES([
        src/libstrongswan/plugins/ccm/Makefile
        src/libstrongswan/plugins/gcm/Makefile
        src/libstrongswan/plugins/af_alg/Makefile
+       src/libstrongswan/plugins/drbg/Makefile
        src/libstrongswan/plugins/ntru/Makefile
        src/libstrongswan/plugins/bliss/Makefile
        src/libstrongswan/plugins/bliss/tests/Makefile
index 77fe6eb..fda7463 100644 (file)
@@ -5,11 +5,13 @@ library.c \
 asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \
 collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \
 collections/array.c \
-collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \
+collections/linked_list.c crypto/crypters/crypter.c \
+crypto/drbgs/drbg.c crypto/hashers/hasher.c \
 crypto/hashers/hash_algorithm_set.c crypto/proposal/proposal.c \
 crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \
 crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \
-crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
+crypto/rngs/rng.c crypto/rngs/rng_tester.c \
+crypto/prf_plus.c crypto/signers/signer.c \
 crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
 crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
 crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
@@ -68,10 +70,11 @@ library.h \
 asn1/asn1.h asn1/asn1_parser.h asn1/oid.h bio/bio_reader.h bio/bio_writer.h \
 collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \
 collections/linked_list.h collections/array.h collections/dictionary.h \
-crypto/crypters/crypter.h crypto/hashers/hasher.h \
+crypto/crypters/crypter.h crypto/drbgs/drbg.h crypto/hashers/hasher.h \
 crypto/hashers/hash_algorithm_set.h crypto/mac.h crypto/proposal/proposal.h \
 crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \
-crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \
+crypto/rngs/rng.h crypto/rngs/rng_tester.h \
+crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \
 crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
 crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
 crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
@@ -663,6 +666,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_DRBG
+  SUBDIRS += plugins/drbg
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/drbg/libstrongswan-drbg.la
+endif
+endif
+
 if USE_TEST_VECTORS
   SUBDIRS += plugins/test_vectors
 if MONOLITHIC
index 096bcbc..62b9806 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -53,6 +53,7 @@ struct entry_t {
                hasher_constructor_t create_hasher;
                prf_constructor_t create_prf;
                xof_constructor_t create_xof;
+               drbg_constructor_t create_drbg;
                rng_constructor_t create_rng;
                nonce_gen_constructor_t create_nonce_gen;
                dh_constructor_t create_dh;
@@ -103,6 +104,11 @@ struct private_crypto_factory_t {
        linked_list_t *xofs;
 
        /**
+        * registered drbgs, as entry_t
+        */
+       linked_list_t *drbgs;
+
+       /**
         * registered rngs, as entry_t
         */
        linked_list_t *rngs;
@@ -342,6 +348,40 @@ METHOD(crypto_factory_t, create_xof, xof_t*,
        return xof;
 }
 
+METHOD(crypto_factory_t, create_drbg, drbg_t*,
+       private_crypto_factory_t *this, drbg_type_t type, uint32_t strength,
+       rng_t *entropy, chunk_t personalization_str)
+{
+       enumerator_t *enumerator;
+       entry_t *entry;
+       drbg_t *drbg = NULL;
+
+       this->lock->read_lock(this->lock);
+       enumerator = this->drbgs->create_enumerator(this->drbgs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (entry->algo == type)
+               {
+                       if (this->test_on_create &&
+                               !this->tester->test_drbg(this->tester, type,
+                                                                                entry->create_drbg, NULL,
+                                                                                default_plugin_name))
+                       {
+                               continue;
+                       }
+                       drbg = entry->create_drbg(type, strength, entropy,
+                                                                         personalization_str);
+                       if (drbg)
+                       {
+                               break;
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+       return drbg;
+}
+
 METHOD(crypto_factory_t, create_rng, rng_t*,
        private_crypto_factory_t *this, rng_quality_t quality)
 {
@@ -709,6 +749,43 @@ METHOD(crypto_factory_t, remove_xof, void,
        this->lock->unlock(this->lock);
 }
 
+METHOD(crypto_factory_t, add_drbg, bool,
+       private_crypto_factory_t *this, drbg_type_t type,
+       const char *plugin_name, drbg_constructor_t create)
+{
+       u_int speed = 0;
+
+       if (!this->test_on_add ||
+               this->tester->test_drbg(this->tester, type, create,
+                                                          this->bench ? &speed : NULL, plugin_name))
+       {
+               add_entry(this, this->drbgs, type, plugin_name, speed, create);
+               return TRUE;
+       }
+       this->test_failures++;
+       return FALSE;
+}
+
+METHOD(crypto_factory_t, remove_drbg, void,
+       private_crypto_factory_t *this, drbg_constructor_t create)
+{
+       entry_t *entry;
+       enumerator_t *enumerator;
+
+       this->lock->write_lock(this->lock);
+       enumerator = this->drbgs->create_enumerator(this->drbgs);
+       while (enumerator->enumerate(enumerator, &entry))
+       {
+               if (entry->create_drbg == create)
+               {
+                       this->drbgs->remove_at(this->drbgs, enumerator);
+                       free(entry);
+               }
+       }
+       enumerator->destroy(enumerator);
+       this->lock->unlock(this->lock);
+}
+
 METHOD(crypto_factory_t, add_rng, bool,
        private_crypto_factory_t *this, rng_quality_t quality,
        const char *plugin_name, rng_constructor_t create)
@@ -981,6 +1058,30 @@ METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
        return create_enumerator(this, this->xofs, xof_filter);
 }
 
+CALLBACK(drbg_filter, bool,
+       void *n, enumerator_t *orig, va_list args)
+{
+       entry_t *entry;
+       drbg_type_t *type;
+       const char **plugin_name;
+
+       VA_ARGS_VGET(args, type, plugin_name);
+
+       if (orig->enumerate(orig, &entry))
+       {
+               *type = entry->algo;
+               *plugin_name = entry->plugin_name;
+               return TRUE;
+       }
+       return FALSE;
+}
+
+METHOD(crypto_factory_t, create_drbg_enumerator, enumerator_t*,
+       private_crypto_factory_t *this)
+{
+       return create_enumerator(this, this->drbgs, drbg_filter);
+}
+
 CALLBACK(dh_filter, bool,
        void *n, enumerator_t *orig, va_list args)
 {
@@ -1068,6 +1169,8 @@ METHOD(crypto_factory_t, add_test_vector, void,
                        return this->tester->add_prf_vector(this->tester, vector);
                case EXTENDED_OUTPUT_FUNCTION:
                        return this->tester->add_xof_vector(this->tester, vector);
+               case DETERMINISTIC_RANDOM_BIT_GENERATOR:
+                       return this->tester->add_drbg_vector(this->tester, vector);
                case RANDOM_NUMBER_GENERATOR:
                        return this->tester->add_rng_vector(this->tester, vector);
                case DIFFIE_HELLMAN_GROUP:
@@ -1129,6 +1232,10 @@ METHOD(enumerator_t, verify_enumerate, bool,
                        *valid = this->tester->test_xof(this->tester, entry->algo,
                                                        entry->create_xof, NULL, entry->plugin_name);
                        break;
+               case DETERMINISTIC_RANDOM_BIT_GENERATOR:
+                       *valid = this->tester->test_drbg(this->tester, entry->algo,
+                                                       entry->create_drbg, NULL, entry->plugin_name);
+                       break;
                case RANDOM_NUMBER_GENERATOR:
                        *valid = this->tester->test_rng(this->tester, entry->algo,
                                                        entry->create_rng, NULL, entry->plugin_name);
@@ -1180,6 +1287,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*,
                case EXTENDED_OUTPUT_FUNCTION:
                        inner = this->xofs->create_enumerator(this->xofs);
                        break;
+               case DETERMINISTIC_RANDOM_BIT_GENERATOR:
+                       inner = this->drbgs->create_enumerator(this->drbgs);
+                       break;
                case RANDOM_NUMBER_GENERATOR:
                        inner = this->rngs->create_enumerator(this->rngs);
                        break;
@@ -1213,6 +1323,7 @@ METHOD(crypto_factory_t, destroy, void,
        this->hashers->destroy(this->hashers);
        this->prfs->destroy(this->prfs);
        this->xofs->destroy(this->xofs);
+       this->drbgs->destroy(this->drbgs);
        this->rngs->destroy(this->rngs);
        this->nonce_gens->destroy(this->nonce_gens);
        this->dhs->destroy(this->dhs);
@@ -1236,6 +1347,7 @@ crypto_factory_t *crypto_factory_create()
                        .create_hasher = _create_hasher,
                        .create_prf = _create_prf,
                        .create_xof = _create_xof,
+                       .create_drbg = _create_drbg,
                        .create_rng = _create_rng,
                        .create_nonce_gen = _create_nonce_gen,
                        .create_dh = _create_dh,
@@ -1251,6 +1363,8 @@ crypto_factory_t *crypto_factory_create()
                        .remove_prf = _remove_prf,
                        .add_xof = _add_xof,
                        .remove_xof = _remove_xof,
+                       .add_drbg = _add_drbg,
+                       .remove_drbg = _remove_drbg,
                        .add_rng = _add_rng,
                        .remove_rng = _remove_rng,
                        .add_nonce_gen = _add_nonce_gen,
@@ -1263,6 +1377,7 @@ crypto_factory_t *crypto_factory_create()
                        .create_hasher_enumerator = _create_hasher_enumerator,
                        .create_prf_enumerator = _create_prf_enumerator,
                        .create_xof_enumerator = _create_xof_enumerator,
+                       .create_drbg_enumerator = _create_drbg_enumerator,
                        .create_dh_enumerator = _create_dh_enumerator,
                        .create_rng_enumerator = _create_rng_enumerator,
                        .create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
@@ -1276,6 +1391,7 @@ crypto_factory_t *crypto_factory_create()
                .hashers = linked_list_create(),
                .prfs = linked_list_create(),
                .xofs = linked_list_create(),
+               .drbgs = linked_list_create(),
                .rngs = linked_list_create(),
                .nonce_gens = linked_list_create(),
                .dhs = linked_list_create(),
index 7f048c6..87e2cd2 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ typedef struct crypto_factory_t crypto_factory_t;
 #include <crypto/prfs/prf.h>
 #include <crypto/rngs/rng.h>
 #include <crypto/xofs/xof.h>
+#include <crypto/drbgs/drbg.h>
 #include <crypto/nonce_gen.h>
 #include <crypto/diffie_hellman.h>
 #include <crypto/transform.h>
@@ -65,11 +66,17 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo);
 typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo);
 
 /**
- * Constructor function for pseudo random functions
+ * Constructor function for extended output functions
  */
 typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo);
 
 /**
+ * Constructor function for deterministic random bit generators
+ */
+typedef drbg_t* (*drbg_constructor_t)(drbg_type_t type, uint32_t strength,
+                                                               rng_t *entropy, chunk_t personalization_str);
+
+/**
  * Constructor function for source of randomness
  */
 typedef rng_t* (*rng_constructor_t)(rng_quality_t quality);
@@ -148,6 +155,19 @@ struct crypto_factory_t {
        xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo);
 
        /**
+        * Create a deterministic random bit generator instance.
+        *
+        * @param type                                  DRBG type to use
+        * @param strength                              security strength in bits
+        * @param entropy                               entropy source to be used
+        * @param personalization_str   optional personalization string
+        * @return                                              drbg_t instance, NULL if not supported
+        */
+       drbg_t* (*create_drbg)(crypto_factory_t *this, drbg_type_t type,
+                                                  uint32_t strength, rng_t *entropy,
+                                                  chunk_t personalization_str);
+
+       /**
         * Create a source of randomness.
         *
         * @param quality               required randomness quality
@@ -286,6 +306,24 @@ struct crypto_factory_t {
        void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create);
 
        /**
+        * Register a drbg constructor.
+        *
+        * @param type                  type to constructor
+        * @param plugin_name   plugin that registered this algorithm
+        * @param create                constructor function for that algorithm
+        * @return                              TRUE if registered, FALSE if test vector failed
+        */
+       bool (*add_drbg)(crypto_factory_t *this, drbg_type_t type,
+                                        const char *plugin_name, drbg_constructor_t create);
+
+       /**
+        * Unregister a drbg constructor.
+        *
+        * @param create                constructor function to unregister
+        */
+       void (*remove_drbg)(crypto_factory_t *this, drbg_constructor_t create);
+
+       /**
         * Register a source of randomness.
         *
         * @param quality               quality of randomness this RNG serves
@@ -382,6 +420,13 @@ struct crypto_factory_t {
        enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this);
 
        /**
+        * Create an enumerator over all registered DRBGs.
+        *
+        * @return                              enumerator over drbg_type_t, plugin
+        */
+       enumerator_t* (*create_drbg_enumerator)(crypto_factory_t *this);
+
+       /**
         * Create an enumerator over all registered diffie hellman groups.
         *
         * @return                              enumerator over diffie_hellman_group_t, plugin
index f0f64ce..a04543e 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2009-2010 Martin Willi
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 revosec AG
  *
@@ -24,6 +25,7 @@
 
 #include <utils/debug.h>
 #include <collections/linked_list.h>
+#include <crypto/rngs/rng_tester.h>
 
 typedef struct private_crypto_tester_t private_crypto_tester_t;
 
@@ -68,6 +70,11 @@ struct private_crypto_tester_t {
        linked_list_t *xof;
 
        /**
+        * List of DRBG test vectors
+        */
+       linked_list_t *drbg;
+
+       /**
         * List of RNG test vectors
         */
        linked_list_t *rng;
@@ -1180,6 +1187,133 @@ failure:
 }
 
 /**
+ * Benchmark a DRBG
+ */
+static u_int bench_drbg(private_crypto_tester_t *this,
+                                               drbg_type_t type, drbg_constructor_t create)
+{
+       drbg_t *drbg;
+       rng_t *entropy;
+       uint32_t strength = 128;
+       chunk_t seed = chunk_alloca(48);
+
+       memset(seed.ptr, 0x81, seed.len);
+       entropy = rng_tester_create(seed);
+
+       drbg = create(type, strength, entropy, chunk_empty);
+       if (drbg)
+       {
+               struct timespec start;
+               u_int runs = 0;
+               size_t out_len = 128;
+               char out_buf[out_len];
+
+               start_timing(&start);
+               while (end_timing(&start) < this->bench_time)
+               {
+                       if (drbg->generate(drbg, out_len, out_buf))
+                       {
+                               runs++;
+                       }
+               }
+               drbg->destroy(drbg);
+
+               return runs;
+       }
+       return 0;
+}
+
+METHOD(crypto_tester_t, test_drbg, bool,
+       private_crypto_tester_t *this, drbg_type_t type,
+       drbg_constructor_t create, u_int *speed, const char *plugin_name)
+{
+       enumerator_t *enumerator;
+       drbg_test_vector_t *vector;
+       bool failed = FALSE;
+       u_int tested = 0;
+
+       enumerator = this->drbg->create_enumerator(this->drbg);
+       while (enumerator->enumerate(enumerator, &vector))
+       {
+               drbg_t *drbg;
+               rng_t *entropy;
+               chunk_t out = chunk_empty;
+
+               if (vector->type != type)
+               {
+                       continue;
+               }
+               tested++;
+               failed = TRUE;
+
+               entropy = rng_tester_create(vector->entropy);
+               out = chunk_alloc(vector->out.len);
+
+               drbg = create(type, vector->strength, entropy,
+                                         vector->personalization_str);
+               if (!drbg)
+               {
+                       DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
+                                drbg_type_names, type, plugin_name);
+                       entropy->destroy(entropy);
+                       chunk_free(&out);
+                       break;
+               }
+               if (!drbg->reseed(drbg))
+               {
+                       goto failure;
+               }
+               if (!drbg->generate(drbg, out.len, out.ptr))
+               {
+                       goto failure;
+               }
+               if (!drbg->generate(drbg, out.len, out.ptr))
+               {
+                       goto failure;
+               }
+               if (!chunk_equals(out, vector->out))
+               {
+                       goto failure;
+               }
+               failed = FALSE;
+
+failure:
+               drbg->destroy(drbg);
+               entropy->destroy(entropy);
+               chunk_free(&out);
+               if (failed)
+               {
+                       DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
+                                drbg_type_names, type, plugin_name, get_name(vector));
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       if (!tested)
+       {
+               DBG1(DBG_LIB, "%s %N[%s]: no test vectors found",
+                        this->required ? "disabled" : "enabled ",
+                        drbg_type_names, type, plugin_name);
+               return !this->required;
+       }
+       if (!failed)
+       {
+               if (speed)
+               {
+                       *speed = bench_drbg(this, type, create);
+                       DBG1(DBG_LIB, "enabled  %N[%s]: passed %u test vectors, %d points",
+                                drbg_type_names, type, plugin_name, tested, *speed);
+               }
+               else
+               {
+                       DBG1(DBG_LIB, "enabled  %N[%s]: passed %u test vectors",
+                                drbg_type_names, type, plugin_name, tested);
+               }
+       }
+       return !failed;
+}
+
+/**
  * Benchmark a RNG
  */
 static u_int bench_rng(private_crypto_tester_t *this,
@@ -1489,6 +1623,12 @@ METHOD(crypto_tester_t, add_xof_vector, void,
        this->xof->insert_last(this->xof, vector);
 }
 
+METHOD(crypto_tester_t, add_drbg_vector, void,
+       private_crypto_tester_t *this, drbg_test_vector_t *vector)
+{
+       this->drbg->insert_last(this->drbg, vector);
+}
+
 METHOD(crypto_tester_t, add_rng_vector, void,
        private_crypto_tester_t *this, rng_test_vector_t *vector)
 {
@@ -1510,6 +1650,7 @@ METHOD(crypto_tester_t, destroy, void,
        this->hasher->destroy(this->hasher);
        this->prf->destroy(this->prf);
        this->xof->destroy(this->xof);
+       this->drbg->destroy(this->drbg);
        this->rng->destroy(this->rng);
        this->dh->destroy(this->dh);
        free(this);
@@ -1530,6 +1671,7 @@ crypto_tester_t *crypto_tester_create()
                        .test_hasher = _test_hasher,
                        .test_prf = _test_prf,
                        .test_xof = _test_xof,
+                       .test_drbg = _test_drbg,
                        .test_rng = _test_rng,
                        .test_dh = _test_dh,
                        .add_crypter_vector = _add_crypter_vector,
@@ -1538,6 +1680,7 @@ crypto_tester_t *crypto_tester_create()
                        .add_hasher_vector = _add_hasher_vector,
                        .add_prf_vector = _add_prf_vector,
                        .add_xof_vector = _add_xof_vector,
+                       .add_drbg_vector = _add_drbg_vector,
                        .add_rng_vector = _add_rng_vector,
                        .add_dh_vector = _add_dh_vector,
                        .destroy = _destroy,
@@ -1548,6 +1691,7 @@ crypto_tester_t *crypto_tester_create()
                .hasher = linked_list_create(),
                .prf = linked_list_create(),
                .xof = linked_list_create(),
+               .drbg = linked_list_create(),
                .rng = linked_list_create(),
                .dh = linked_list_create(),
 
index 4309295..fcb64a6 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -31,6 +32,7 @@ typedef struct signer_test_vector_t signer_test_vector_t;
 typedef struct hasher_test_vector_t hasher_test_vector_t;
 typedef struct prf_test_vector_t prf_test_vector_t;
 typedef struct xof_test_vector_t xof_test_vector_t;
+typedef struct drbg_test_vector_t drbg_test_vector_t;
 typedef struct rng_test_vector_t rng_test_vector_t;
 typedef struct dh_test_vector_t dh_test_vector_t;
 
@@ -128,6 +130,19 @@ struct xof_test_vector_t {
        u_char *out;
 };
 
+struct drbg_test_vector_t {
+       /** drbg type this test vector tests */
+       drbg_type_t type;
+       /** security strength in bits */
+       uint32_t strength;
+       /** optional personalization string */
+       chunk_t personalization_str;
+       /** entropy_input | nonce | entropy_input_reseed */
+       chunk_t entropy;
+       /** returned output bits */
+       chunk_t out;
+};
+
 /**
  * Test vector for a RNG.
  *
@@ -242,6 +257,17 @@ struct crypto_tester_t {
                                         xof_constructor_t create,
                                         u_int *speed, const char *plugin_name);
        /**
+        * Test a DRBG type.
+        *
+        * @param type                  DRBG type to test
+        * @param create                constructor function for the DRBG
+        * @param speed                 speed test result, NULL to omit
+        * @return                              TRUE if test passed
+        */
+       bool (*test_drbg)(crypto_tester_t *this, drbg_type_t type,
+                                         drbg_constructor_t create,
+                                         u_int *speed, const char *plugin_name);
+       /**
         * Test a RNG implementation.
         *
         * @param alg                   algorithm to test
@@ -307,6 +333,13 @@ struct crypto_tester_t {
        void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector);
 
        /**
+        * Add a test vector to test a DRBG.
+        *
+        * @param vector                pointer to test vector
+        */
+       void (*add_drbg_vector)(crypto_tester_t *this, drbg_test_vector_t *vector);
+
+       /**
         * Add a test vector to test a RNG.
         *
         * @param vector                pointer to test vector
diff --git a/src/libstrongswan/crypto/drbgs/drbg.c b/src/libstrongswan/crypto/drbgs/drbg.c
new file mode 100644 (file)
index 0000000..7e76384
--- /dev/null
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the "GNU General Public License as published by the
+ * Free Software Foundatio"n; either version 2 of the License, or (at your
+ * option) any later version".  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+**/
+
+#include "drbg.h"
+
+ENUM(drbg_type_names, DRBG_UNDEFINED, DRBG_CTR_AES256,
+       "DRBG_UNDEFINED",
+       "DRBG_HMAC_SHA1",
+       "DRBG_HMAC_SHA256",
+       "DRBG_HMAC_SHA384",
+       "DRBG_HMAC_SHA512",
+       "DRBG_CTR_AES128",
+       "DRBG_CTR_AES192",
+       "DRBG_CTR_AES256",
+);
+
diff --git a/src/libstrongswan/crypto/drbgs/drbg.h b/src/libstrongswan/crypto/drbgs/drbg.h
new file mode 100644 (file)
index 0000000..620d44d
--- /dev/null
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup drbg drbg
+ * @{ @ingroup crypto
+ */
+
+#ifndef DRBG_H_
+#define DRBG_H_
+
+typedef enum drbg_type_t drbg_type_t;
+typedef struct drbg_t drbg_t;
+
+#include <library.h>
+
+/**
+ * Deterministic Random Bit Generator.(DRBG) Type
+ */
+enum drbg_type_t {
+       DRBG_UNDEFINED,
+       DRBG_HMAC_SHA1,
+       DRBG_HMAC_SHA256,
+       DRBG_HMAC_SHA384,
+       DRBG_HMAC_SHA512,
+       DRBG_CTR_AES128,
+       DRBG_CTR_AES192,
+       DRBG_CTR_AES256,
+};
+
+/**
+ * enum name for drbg_type_t.
+ */
+extern enum_name_t *drbg_type_names;
+
+/**
+ * Interface for a Deterministic Random Bit Generator (DRBG)
+ * compliant with NIST SP 800-90A
+ */
+struct drbg_t {
+
+       /**
+        * Return the type of the DRBG
+        *
+        * @return                      DRBG type
+        */
+       drbg_type_t (*get_type)(drbg_t *this);
+
+       /**
+        * Return the security strength of the  DRBG
+        *
+        * @return                      configured security strength in bits
+        */
+       uint32_t (*get_strength)(drbg_t *this);
+
+       /**
+        * Reseed the instantiated DRBG
+        *
+        * @return                      TRUE if successful
+        */
+       bool (*reseed)(drbg_t *this);
+
+       /**
+        * Generate pseudorandom bytes.
+        * If the maximum number of requests has been reached, reseeding occurs
+        *
+        * @param len           number of octets to generate
+        * @param out           address of output buffer
+        * @return                      TRUE if successful
+        */
+       bool (*generate)(drbg_t *this, uint32_t len, uint8_t *out);
+
+       /**
+        * Get a reference on an drbg_t object increasing the count by one
+        *
+        * @return                      reference to the drbg_t object
+        */
+       drbg_t* (*get_ref)(drbg_t *this);
+
+       /**
+        * Uninstantiate and destroy the DRBG object
+        */
+       void (*destroy)(drbg_t *this);
+
+};
+
+#endif /** DRBG_H_ @}*/
diff --git a/src/libstrongswan/crypto/rngs/rng_tester.c b/src/libstrongswan/crypto/rngs/rng_tester.c
new file mode 100644 (file)
index 0000000..4c763f1
--- /dev/null
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "rng_tester.h"
+
+typedef struct private_rng_t private_rng_t;
+
+/**
+ * Private data.
+ */
+struct private_rng_t {
+
+       /**
+        * Public interface.
+        */
+       rng_t public;
+
+       /**
+        * Entropy string.
+        */
+       chunk_t entropy;
+};
+
+METHOD(rng_t, get_bytes, bool,
+       private_rng_t *this, size_t bytes, uint8_t *buffer)
+{
+       if (bytes > this->entropy.len)
+       {
+               return FALSE;
+       }
+       memcpy(buffer, this->entropy.ptr, bytes);
+       this->entropy = chunk_skip(this->entropy, bytes);
+       return TRUE;
+}
+
+METHOD(rng_t, allocate_bytes, bool,
+       private_rng_t *this, size_t bytes, chunk_t *chunk)
+{
+       if (bytes > this->entropy.len)
+       {
+               *chunk = chunk_empty;
+               return FALSE;
+       }
+
+       *chunk = chunk_alloc(bytes);
+       memcpy(chunk->ptr, this->entropy.ptr, bytes);
+       this->entropy = chunk_skip(this->entropy, bytes);
+       return TRUE;
+}
+
+METHOD(rng_t, destroy, void,
+       private_rng_t *this)
+{
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+rng_t *rng_tester_create(chunk_t entropy)
+{
+       private_rng_t *this;
+
+       INIT(this,
+               .public = {
+                       .get_bytes = _get_bytes,
+                       .allocate_bytes = _allocate_bytes,
+                       .destroy = _destroy,
+               },
+               .entropy = entropy,
+       );
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/crypto/rngs/rng_tester.h b/src/libstrongswan/crypto/rngs/rng_tester.h
new file mode 100644 (file)
index 0000000..7b7d3ce
--- /dev/null
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013-2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * rng_t providing deterministic output (DO NOT USE IN PRODUCTIVE SYSTEMS!!!)
+ *
+ * @defgroup rng_tester rng_tester
+ * @{ @ingroup crypto
+ */
+
+#ifndef RNG_TESTER_H_
+#define RNG_TESTER_H_
+
+#include <library.h>
+
+/**
+ * Creates a rng_tester_t instance.
+ *
+ * @param entropy      deterministic output
+ * @return                     created rng_tester_t
+ */
+rng_t *rng_tester_create(chunk_t entropy);
+
+#endif /** RNG_TESTER_H_ @} */
index 77a57f5..e30208e 100644 (file)
@@ -23,14 +23,15 @@ ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS
        "INTEGRITY_ALGORITHM",
        "DIFFIE_HELLMAN_GROUP",
        "EXTENDED_SEQUENCE_NUMBERS");
-ENUM_NEXT(transform_type_names, HASH_ALGORITHM, EXTENDED_OUTPUT_FUNCTION,
+ENUM_NEXT(transform_type_names, HASH_ALGORITHM, DETERMINISTIC_RANDOM_BIT_GENERATOR,
                  EXTENDED_SEQUENCE_NUMBERS,
        "HASH_ALGORITHM",
        "RANDOM_NUMBER_GENERATOR",
        "AEAD_ALGORITHM",
        "COMPRESSION_ALGORITHM",
-       "EXTENDED OUTPUT FUNCTION");
-ENUM_END(transform_type_names, EXTENDED_OUTPUT_FUNCTION);
+       "EXTENDED OUTPUT FUNCTION",
+       "DETERMINISTIC RANDOM BIT GENERATOR");
+ENUM_END(transform_type_names, DETERMINISTIC_RANDOM_BIT_GENERATOR);
 
 
 ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
@@ -38,7 +39,6 @@ ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
        "EXT_SEQ",
 );
 
-
 /**
  * See header
  */
@@ -63,6 +63,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type)
                        return extended_sequence_numbers_names;
                case EXTENDED_OUTPUT_FUNCTION:
                        return ext_out_function_names;
+               case DETERMINISTIC_RANDOM_BIT_GENERATOR:
+                       return drbg_type_names;
                case COMPRESSION_ALGORITHM:
                        break;
        }
index 63881b3..f7892b8 100644 (file)
@@ -39,6 +39,7 @@ enum transform_type_t {
        AEAD_ALGORITHM = 258,
        COMPRESSION_ALGORITHM = 259,
        EXTENDED_OUTPUT_FUNCTION = 260,
+       DETERMINISTIC_RANDOM_BIT_GENERATOR = 261,
 };
 
 /**
diff --git a/src/libstrongswan/plugins/drbg/Makefile.am b/src/libstrongswan/plugins/drbg/Makefile.am
new file mode 100644 (file)
index 0000000..560b294
--- /dev/null
@@ -0,0 +1,18 @@
+AM_CPPFLAGS = \
+       -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+       $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-drbg.la
+else
+plugin_LTLIBRARIES = libstrongswan-drbg.la
+endif
+
+libstrongswan_drbg_la_SOURCES = \
+       drbg_plugin.h drbg_plugin.c \
+       drbg_ctr.h drbg_ctr.c \
+       drbg_hmac.h drbg_hmac.c
+
+libstrongswan_drbg_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/drbg/drbg_ctr.c b/src/libstrongswan/plugins/drbg/drbg_ctr.c
new file mode 100644 (file)
index 0000000..9ca9267
--- /dev/null
@@ -0,0 +1,356 @@
+/*
+ * Copyright (C) 2016-2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "drbg_ctr.h"
+
+#define MAX_DRBG_REQUESTS      0xfffffffe
+
+typedef struct private_drbg_ctr_t private_drbg_ctr_t;
+
+/**
+ * Private data of an drbg_ctr_t object.
+ */
+struct private_drbg_ctr_t {
+
+       /**
+        * Public drbg_ctr_t interface.
+        */
+       drbg_ctr_t public;
+
+       /**
+        * DRBG type.
+        */
+       drbg_type_t type;
+
+       /**
+        * Security strength in bits.
+        */
+       uint32_t strength;
+
+       /**
+        * Number of requests for pseudorandom bits
+        */
+       uint32_t reseed_counter;
+
+       /**
+        * Maximum number of requests for pseudorandom bits
+        */
+       uint32_t max_requests;
+
+       /**
+        * True entropy source
+        */
+       rng_t *entropy;
+
+       /**
+        * Block cipher in counter mode used by the DRBG
+        */
+       crypter_t *crypter;
+
+       /**
+        * Internal state of HMAC: key
+        */
+       chunk_t key;
+
+       /**
+        * Internal state of HMAC: value
+        */
+       chunk_t value;
+
+       /**
+        * reference count
+        */
+       refcount_t ref;
+
+};
+
+METHOD(drbg_t, get_type, drbg_type_t,
+       private_drbg_ctr_t *this)
+{
+       return this->type;
+}
+
+METHOD(drbg_t, get_strength, uint32_t,
+       private_drbg_ctr_t *this)
+{
+       return this->strength;
+}
+
+static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out)
+{
+       chunk_t iv = chunk_alloca(this->value.len);
+       chunk_t bl = chunk_alloca(this->value.len);
+       chunk_t block;
+       size_t delta, pos = 0;
+       int bit;
+
+       /* Initialize IV to all zeroes for ECB mode */
+       memset(iv.ptr, 0x00, iv.len);
+
+       if (!this->crypter->set_key(this->crypter, this->key))
+       {
+               return FALSE;
+       }
+
+       while (pos < out.len)
+       {
+               /* Increment counter by one */
+               chunk_increment(this->value);
+
+               /* Copy current counter to input block */
+               delta = out.len - pos;
+               block = (delta < this->value.len) ?
+                                        bl : chunk_create(out.ptr + pos, this->value.len);
+               memcpy(block.ptr, this->value.ptr, this->value.len);
+
+               /* ECB encryption */
+               if (!this->crypter->encrypt(this->crypter, block, iv, NULL))
+               {
+                       return FALSE;
+               }
+
+               /* Partial output block at the end? */
+               if (delta < this->value.len)
+               {
+                       memcpy(out.ptr + pos, block.ptr, delta);
+               }
+               pos += this->value.len;
+       }
+
+       return TRUE;
+}
+
+/**
+ * Update the internal state of the CTR_DRBG
+ */
+static bool update(private_drbg_ctr_t *this, chunk_t data)
+{
+       chunk_t temp;
+
+       if (data.len && data.len != (this->key.len + this->value.len))
+       {
+               return FALSE;
+       }
+       temp = chunk_alloca(this->key.len + this->value.len);
+
+       if (!encrypt_ctr(this, temp))
+       {
+               return FALSE;
+       }
+       /* Apply data */
+       memxor(temp.ptr, data.ptr, data.len);
+
+       /* Copy new key and value */
+       memcpy(this->key.ptr, temp.ptr, this->key.len);
+       memcpy(this->value.ptr, temp.ptr + this->key.len, this->value.len);
+       memwipe(temp.ptr, temp.len);
+       DBG4(DBG_LIB, "CTR_DRBG K: %B", &this->key);
+       DBG4(DBG_LIB, "CTR_DRBG V: %B", &this->value);
+
+       return TRUE;
+}
+
+METHOD(drbg_t, reseed, bool,
+       private_drbg_ctr_t *this)
+{
+       chunk_t seed;
+       bool success;
+
+       seed = chunk_alloc(this->key.len + this->value.len);
+       DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len);
+
+       if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+       {
+               chunk_free(&seed);
+               return FALSE;
+       }
+       DBG4(DBG_LIB, "reseed: %B", &seed);
+
+       success = update(this, seed);
+       chunk_clear(&seed);
+
+       if (!success)
+       {
+               return FALSE;
+       }
+       this->reseed_counter = 1;
+
+       return TRUE;
+}
+
+METHOD(drbg_t, generate, bool,
+       private_drbg_ctr_t *this, uint32_t len, uint8_t *out)
+{
+       chunk_t output;
+
+       if (this->reseed_counter > this->max_requests)
+       {
+               if (!reseed(this))
+               {
+                       return FALSE;
+               }
+       }
+
+       DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
+       if (!out || len == 0)
+       {
+               return FALSE;
+       }
+       output = chunk_create(out, len);
+
+       if (!encrypt_ctr(this, output))
+       {
+               return FALSE;
+       }
+       DBG4(DBG_LIB, "CTR_DRBG Out: %B", &output);
+
+       if (!update(this, chunk_empty))
+       {
+               return FALSE;
+       }
+       this->reseed_counter++;
+
+       return TRUE;
+}
+
+METHOD(drbg_t, get_ref, drbg_t*,
+       private_drbg_ctr_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.interface;
+}
+
+METHOD(drbg_t, destroy, void,
+       private_drbg_ctr_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               this->crypter->destroy(this->crypter);
+               chunk_clear(&this->key);
+               chunk_clear(&this->value);
+               free(this);
+       }
+}
+
+/**
+ * See header
+ */
+drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
+                                                       rng_t *entropy, chunk_t personalization_str)
+{
+       private_drbg_ctr_t *this;
+       encryption_algorithm_t crypter_type;
+       crypter_t *crypter;
+       chunk_t seed;
+       size_t key_len, out_len, seed_len;
+       uint32_t max_requests;
+       bool success;
+
+       switch (type)
+       {
+               case DRBG_CTR_AES128:
+                       crypter_type = ENCR_AES_CBC;
+                       key_len = 16;
+                       break;
+               case DRBG_CTR_AES192:
+                       crypter_type = ENCR_AES_CBC;
+                       key_len = 24;
+                       break;
+               case DRBG_CTR_AES256:
+                       crypter_type = ENCR_AES_CBC;
+                       key_len = 32;
+                       break;
+               default:
+                       DBG1(DBG_LIB, "%N not supported", drbg_type_names, type);
+                       return NULL;
+       }
+
+       if (strength >  key_len * BITS_PER_BYTE)
+       {
+               DBG1(DBG_LIB, "%d bit block encryption key not sufficient for security "
+                        "strength of % bits", key_len * BITS_PER_BYTE, strength);
+               return NULL;
+       }
+
+       crypter = lib->crypto->create_crypter(lib->crypto, crypter_type, key_len);
+       if (!crypter)
+       {
+               DBG1(DBG_LIB, "creation of %N for DRBG failed",
+                        encryption_algorithm_names, crypter_type);
+               return NULL;
+       }
+       out_len = crypter->get_block_size(crypter);
+       seed_len = key_len + out_len;
+
+       if (personalization_str.len > seed_len)
+       {
+               DBG1(DBG_LIB, "personalization string length of %d bytes is larger "
+                        "than seed length of % bytes", personalization_str.len, seed_len);
+               crypter->destroy(crypter);
+               return NULL;
+       }
+
+       max_requests = lib->settings->get_int(lib->settings,
+                                                                                 "%s.plugins.drbg.max_drbg_requests",
+                                                                                 MAX_DRBG_REQUESTS, lib->ns);
+
+       INIT(this,
+               .public = {
+                       .interface = {
+                               .get_type = _get_type,
+                               .get_strength = _get_strength,
+                               .reseed = _reseed,
+                               .generate = _generate,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+               },
+               .type = type,
+               .strength = strength,
+               .entropy = entropy,
+               .crypter = crypter,
+               .key = chunk_alloc(key_len),
+               .value = chunk_alloc(out_len),
+               .max_requests = max_requests,
+               .reseed_counter = 1,
+               .ref = 1,
+       );
+
+       memset(this->key.ptr,   0x00, key_len);
+       memset(this->value.ptr, 0x00, out_len);
+
+       seed = chunk_alloc(seed_len);
+       DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);
+
+       if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+       {
+               chunk_free(&seed);
+               destroy(this);
+               return NULL;
+       }
+       memxor(seed.ptr, personalization_str.ptr, personalization_str.len);
+       DBG4(DBG_LIB, "seed: %B", &seed);
+
+       success = update(this, seed);
+       chunk_clear(&seed);
+
+       if (!success)
+       {
+               destroy(this);
+               return NULL;
+       }
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/drbg/drbg_ctr.h b/src/libstrongswan/plugins/drbg/drbg_ctr.h
new file mode 100644 (file)
index 0000000..9e41a4e
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup drbg_ctr drbg_ctr
+ * @{ @ingroup drbg
+ */
+
+#ifndef DRBG_CTR_H_
+#define DRBG_CTR_H_
+
+#include <crypto/drbgs/drbg.h>
+
+typedef struct drbg_ctr_t drbg_ctr_t;
+
+/**
+ * NIST SP 800-90A CTR DRBC implementation
+ */
+struct drbg_ctr_t {
+
+       /**
+        * Public Deterministic Random Bit Generator (DRBG) Interface
+        */
+       drbg_t interface;
+};
+
+/**
+ * Create a drbg_ctr instance.
+ *
+ * @param type                                 DRBG CTR type
+ * @param strength                             security strength in bits
+ * @param entropy                              entropy source to be used
+ * @param personalization_str  optional personalization string
+ * @return                                             drbg_ctr_t object, NULL if not supported
+ */
+drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
+                                                       rng_t *entropy, chunk_t personalization_str);
+
+#endif /** DRBG_CTR_H_ @}*/
diff --git a/src/libstrongswan/plugins/drbg/drbg_hmac.c b/src/libstrongswan/plugins/drbg/drbg_hmac.c
new file mode 100644 (file)
index 0000000..2006e10
--- /dev/null
@@ -0,0 +1,319 @@
+/*
+ * Copyright (C) 2016-2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "drbg_hmac.h"
+
+#define MAX_DRBG_REQUESTS      0xfffffffe
+
+typedef struct private_drbg_hmac_t private_drbg_hmac_t;
+
+/**
+ * Private data of an drbg_prf_t object.
+ */
+struct private_drbg_hmac_t {
+
+       /**
+        * Public drbg_prf_t interface.
+        */
+       drbg_hmac_t public;
+
+       /**
+        * DRBG type.
+        */
+       drbg_type_t type;
+
+       /**
+        * Security strength in bits.
+        */
+       uint32_t strength;
+
+       /**
+        * Number of requests for pseudorandom bits
+        */
+       size_t reseed_counter;
+
+       /**
+        * Maximum number of requests for pseudorandom bits
+        */
+       size_t max_requests;
+
+       /**
+        * True entropy source
+        */
+       rng_t *entropy;
+
+       /**
+        * HMAC PRF used by the DRBG
+        */
+       prf_t *prf;
+
+       /**
+        * Internal state of HMAC: key
+        */
+       chunk_t key;
+
+       /**
+        * Internal state of HMAC: value
+        */
+       chunk_t value;
+
+       /**
+        * reference count
+        */
+       refcount_t ref;
+
+};
+
+METHOD(drbg_t, get_type, drbg_type_t,
+       private_drbg_hmac_t *this)
+{
+       return this->type;
+}
+
+METHOD(drbg_t, get_strength, uint32_t,
+       private_drbg_hmac_t *this)
+{
+       return this->strength;
+}
+
+/**
+ * Update the internal state of the HMAC_DRBG
+ */
+static bool update(private_drbg_hmac_t *this, chunk_t data)
+{
+       chunk_t ch_00 = chunk_from_chars(0x00);
+       chunk_t ch_01 = chunk_from_chars(0x01);
+
+       if (!this->prf->set_key(this->prf, this->key) ||
+               !this->prf->get_bytes(this->prf, this->value, NULL) ||
+           !this->prf->get_bytes(this->prf, ch_00, NULL) ||
+           !this->prf->get_bytes(this->prf, data, this->key.ptr) ||
+               !this->prf->set_key(this->prf, this->key) ||
+           !this->prf->get_bytes(this->prf, this->value, this->value.ptr))
+       {
+               return FALSE;
+       }
+
+       if (data.len > 0)
+       {
+               if (!this->prf->set_key(this->prf, this->key) ||
+                       !this->prf->get_bytes(this->prf, this->value, NULL) ||
+                       !this->prf->get_bytes(this->prf, ch_01, NULL) ||
+                       !this->prf->get_bytes(this->prf, data, this->key.ptr) ||
+                       !this->prf->set_key(this->prf, this->key) ||
+                       !this->prf->get_bytes(this->prf, this->value, this->value.ptr))
+               {
+                       return FALSE;
+               }
+       }
+       DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key);
+       DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value);
+
+       return TRUE;
+}
+
+METHOD(drbg_t, reseed, bool,
+       private_drbg_hmac_t *this)
+{
+       chunk_t seed;
+       bool success;
+
+       seed = chunk_alloc(this->strength / BITS_PER_BYTE);
+       DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len);
+
+       if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+       {
+               chunk_free(&seed);
+               return FALSE;
+       }
+       DBG4(DBG_LIB, "reseed: %B", &seed);
+
+       success = update(this, seed);
+       chunk_clear(&seed);
+
+       if (!success)
+       {
+               return FALSE;
+       }
+       this->reseed_counter = 1;
+
+       return TRUE;
+}
+
+METHOD(drbg_t, generate, bool,
+       private_drbg_hmac_t *this, uint32_t len, uint8_t *out)
+{
+       size_t delta;
+       chunk_t output;
+
+       DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
+       if (!out || len == 0)
+       {
+               return FALSE;
+       }
+       output = chunk_create(out, len);
+
+       if (this->reseed_counter > this->max_requests)
+       {
+               if (!reseed(this))
+               {
+                       return FALSE;
+               }
+       }
+       while (len)
+       {
+               if (!this->prf->get_bytes(this->prf, this->value, this->value.ptr))
+               {
+                       return FALSE;
+               }
+               delta = min(len, this->value.len);
+               memcpy(out, this->value.ptr, delta);
+               len -= delta;
+               out += delta;
+       }
+       DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output);
+
+       if (!update(this, chunk_empty))
+       {
+               return FALSE;
+       }
+       this->reseed_counter++;
+
+       return TRUE;
+}
+
+METHOD(drbg_t, get_ref, drbg_t*,
+       private_drbg_hmac_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.interface;
+}
+
+METHOD(drbg_t, destroy, void,
+       private_drbg_hmac_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               this->prf->destroy(this->prf);
+               chunk_clear(&this->key);
+               chunk_clear(&this->value);
+               free(this);
+       }
+}
+
+/**
+ * See header
+ */
+drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
+                                                         rng_t *entropy, chunk_t personalization_str)
+{
+       private_drbg_hmac_t *this;
+       pseudo_random_function_t prf_type = PRF_UNDEFINED;
+       size_t out_len, entropy_len;
+       uint32_t max_requests;
+       chunk_t seed;
+       prf_t * prf;
+       bool success;
+
+       switch (type)
+       {
+               case DRBG_HMAC_SHA1:
+                       prf_type = PRF_HMAC_SHA1;
+                       break;
+               case DRBG_HMAC_SHA256:
+                       prf_type = PRF_HMAC_SHA2_256;
+                       break;
+               case DRBG_HMAC_SHA384:
+                       prf_type = PRF_HMAC_SHA2_384;
+                       break;
+               case DRBG_HMAC_SHA512:
+                       prf_type = PRF_HMAC_SHA2_512;
+                       break;
+               default:
+                       DBG1(DBG_LIB, "%N not supported", drbg_type_names, type);
+                       return NULL;
+       }
+
+       prf = lib->crypto->create_prf(lib->crypto, prf_type);
+       if (!prf)
+       {
+               DBG1(DBG_LIB, "creation of %N for DRBG failed",
+                        pseudo_random_function_names, prf_type);
+               return NULL;
+       }
+       out_len = prf->get_key_size(prf);
+
+       if (strength >  out_len * BITS_PER_BYTE)
+       {
+               DBG1(DBG_LIB, "%N not sufficient for security strength of % bits",
+                        pseudo_random_function_names, prf_type, strength);
+               prf->destroy(prf);
+               return NULL;
+       }
+
+       max_requests = lib->settings->get_int(lib->settings,
+                                                                                 "%s.plugins.drbg.max_drbg_requests",
+                                                                                 MAX_DRBG_REQUESTS, lib->ns);
+
+       INIT(this,
+               .public = {
+                       .interface = {
+                               .get_type = _get_type,
+                               .get_strength = _get_strength,
+                               .reseed = _reseed,
+                               .generate = _generate,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+               },
+               .type = type,
+               .strength = strength,
+               .entropy = entropy,
+               .prf = prf,
+               .key = chunk_alloc(out_len),
+               .value = chunk_alloc(out_len),
+               .max_requests = max_requests,
+               .reseed_counter = 1,
+               .ref = 1,
+       );
+
+       memset(this->key.ptr,   0x00, out_len);
+       memset(this->value.ptr, 0x01, out_len);
+
+       entropy_len = (strength + strength/2) / BITS_PER_BYTE;
+       seed = chunk_alloc(entropy_len + personalization_str.len);
+       DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
+
+       if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+       {
+               chunk_free(&seed);
+               destroy(this);
+               return NULL;
+       }
+       memcpy(seed.ptr + entropy_len,
+                  personalization_str.ptr, personalization_str.len);
+       DBG4(DBG_LIB, "seed: %B", &seed);
+
+       success = update(this, seed);
+       chunk_clear(&seed);
+
+       if (!success)
+       {
+               destroy(this);
+               return NULL;
+       }
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/drbg/drbg_hmac.h b/src/libstrongswan/plugins/drbg/drbg_hmac.h
new file mode 100644 (file)
index 0000000..fafd24d
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup drbg_hmac drbg_hmac
+ * @{ @ingroup drbg
+ */
+
+#ifndef DRBG_HMAC_H_
+#define DRBG_HMAC_H_
+
+#include <crypto/drbgs/drbg.h>
+
+typedef struct drbg_hmac_t drbg_hmac_t;
+
+/**
+ * NIST SP 800-90A HMAC DRBC implementation
+ */
+struct drbg_hmac_t {
+
+       /**
+        * Public Deterministic Random Bit Generator (DRBG) Interface
+        */
+       drbg_t interface;
+};
+
+/**
+ * Create a drbg_hmac instance.
+ *
+ * @param type                                 DRBG HMAC type
+ * @param strength                             security strength in bits
+ * @param entropy                              entropy source to be used
+ * @param personalization_str  optional personalization string
+ * @return                                             drbg_hmac_t object, NULL if not supported
+ */
+drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
+                                                         rng_t *entropy, chunk_t personalization_str);
+
+#endif /** DRBG_HMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/drbg/drbg_plugin.c b/src/libstrongswan/plugins/drbg/drbg_plugin.c
new file mode 100644 (file)
index 0000000..bdf17b1
--- /dev/null
@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "drbg_plugin.h"
+#include "drbg_ctr.h"
+#include "drbg_hmac.h"
+
+#include <library.h>
+
+typedef struct private_drbg_plugin_t private_drbg_plugin_t;
+
+/**
+ * private data of drbg_plugin
+ */
+struct private_drbg_plugin_t {
+
+       /**
+        * public functions
+        */
+       drbg_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+       private_drbg_plugin_t *this)
+{
+       return "drbg";
+}
+
+METHOD(plugin_t, get_features, int,
+       private_drbg_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               /* NIST CTR DRBG */
+               PLUGIN_REGISTER(DRBG, drbg_ctr_create),
+                       PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES128),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+                       PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES192),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+                       PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES256),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+               /* NIST HMAC DRBG */
+               PLUGIN_REGISTER(DRBG, drbg_hmac_create),
+                       PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA1),
+                               PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA1),
+                       PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA256),
+                               PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_256),
+                       PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA384),
+                               PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_384),
+                       PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA512),
+                               PLUGIN_DEPENDS(PRF, PRF_HMAC_SHA2_512),
+       };
+       *features = f;
+       return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+       private_drbg_plugin_t *this)
+{
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *drbg_plugin_create()
+{
+       private_drbg_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
+                               .destroy = _destroy,
+                       },
+               },
+       );
+
+       return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/drbg/drbg_plugin.h b/src/libstrongswan/plugins/drbg/drbg_plugin.h
new file mode 100644 (file)
index 0000000..f2fc743
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup drbg_p drbg
+ * @ingroup plugins
+ *
+ * @defgroup drbg_plugin drbg_plugin
+ * @{ @ingroup drbg_p
+ */
+
+#ifndef DRBG_PLUGIN_H_
+#define DRBG_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct drbg_plugin_t drbg_plugin_t;
+
+/**
+ * Plugin providing a NIST CTR and HMAC DRBG implementation
+ */
+struct drbg_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+#endif /** DRBG_PLUGIN_H_ @}*/
index 844698b..fa3d1f3 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
@@ -31,6 +32,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM,
        "HASHER",
        "PRF",
        "XOF",
+       "DRBG",
        "DH",
        "RNG",
        "NONCE_GEN",
@@ -91,6 +93,9 @@ uint32_t plugin_feature_hash(plugin_feature_t *feature)
                case FEATURE_XOF:
                        data = chunk_from_thing(feature->arg.xof);
                        break;
+               case FEATURE_DRBG:
+                       data = chunk_from_thing(feature->arg.drbg);
+                       break;
                case FEATURE_DH:
                        data = chunk_from_thing(feature->arg.dh_group);
                        break;
@@ -166,6 +171,8 @@ bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b)
                                return a->arg.prf == b->arg.prf;
                        case FEATURE_XOF:
                                return a->arg.xof == b->arg.xof;
+                       case FEATURE_DRBG:
+                               return a->arg.drbg == b->arg.drbg;
                        case FEATURE_DH:
                                return a->arg.dh_group == b->arg.dh_group;
                        case FEATURE_RNG:
@@ -225,6 +232,7 @@ bool plugin_feature_equals(plugin_feature_t *a, plugin_feature_t *b)
                        case FEATURE_HASHER:
                        case FEATURE_PRF:
                        case FEATURE_XOF:
+                       case FEATURE_DRBG:
                        case FEATURE_DH:
                        case FEATURE_NONCE_GEN:
                        case FEATURE_RESOLVER:
@@ -319,6 +327,13 @@ char* plugin_feature_get_string(plugin_feature_t *feature)
                                return str;
                        }
                        break;
+               case FEATURE_DRBG:
+                       if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+                                       drbg_type_names, feature->arg.drbg) > 0)
+                       {
+                               return str;
+                       }
+                       break;
                case FEATURE_DH:
                        if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
                                        diffie_hellman_group_names, feature->arg.dh_group) > 0)
@@ -483,6 +498,10 @@ bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature,
                        lib->crypto->add_xof(lib->crypto, feature->arg.xof,
                                                                name, reg->arg.reg.f);
                        break;
+               case FEATURE_DRBG:
+                       lib->crypto->add_drbg(lib->crypto, feature->arg.drbg,
+                                                               name, reg->arg.reg.f);
+                       break;
                case FEATURE_DH:
                        lib->crypto->add_dh(lib->crypto, feature->arg.dh_group,
                                                                name, reg->arg.reg.f);
@@ -573,6 +592,9 @@ bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature,
                case FEATURE_XOF:
                        lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f);
                        break;
+               case FEATURE_DRBG:
+                       lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f);
+                       break;
                case FEATURE_DH:
                        lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f);
                        break;
index d3c2df7..2692de2 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
@@ -112,6 +113,8 @@ struct plugin_feature_t {
                FEATURE_PRF,
                /** xof_t */
                FEATURE_XOF,
+               /** drbg_t */
+               FEATURE_DRBG,
                /** diffie_hellman_t */
                FEATURE_DH,
                /** rng_t */
@@ -175,6 +178,8 @@ struct plugin_feature_t {
                pseudo_random_function_t prf;
                /** FEATURE_XOFF */
                ext_out_function_t xof;
+               /** FEATURE_DRBG */
+               drbg_type_t drbg;
                /** FEATURE_HASHER */
                hash_algorithm_t hasher;
                /** FEATURE_DH */
@@ -283,6 +288,7 @@ struct plugin_feature_t {
 #define _PLUGIN_FEATURE_HASHER(kind, alg)                                      __PLUGIN_FEATURE(kind, HASHER, .hasher = alg)
 #define _PLUGIN_FEATURE_PRF(kind, alg)                                         __PLUGIN_FEATURE(kind, PRF, .prf = alg)
 #define _PLUGIN_FEATURE_XOF(kind, alg)                                         __PLUGIN_FEATURE(kind, XOF, .xof = alg)
+#define _PLUGIN_FEATURE_DRBG(kind, type)                                       __PLUGIN_FEATURE(kind, DRBG, .drbg = type)
 #define _PLUGIN_FEATURE_DH(kind, group)                                                __PLUGIN_FEATURE(kind, DH, .dh_group = group)
 #define _PLUGIN_FEATURE_RNG(kind, quality)                                     __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality)
 #define _PLUGIN_FEATURE_NONCE_GEN(kind, ...)                           __PLUGIN_FEATURE(kind, NONCE_GEN, .custom = NULL)
@@ -316,6 +322,7 @@ struct plugin_feature_t {
 #define _PLUGIN_FEATURE_REGISTER_HASHER(type, f)                       __PLUGIN_FEATURE_REGISTER(type, f)
 #define _PLUGIN_FEATURE_REGISTER_PRF(type, f)                          __PLUGIN_FEATURE_REGISTER(type, f)
 #define _PLUGIN_FEATURE_REGISTER_XOF(type, f)                          __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_DRBG(type, f)                         __PLUGIN_FEATURE_REGISTER(type, f)
 #define _PLUGIN_FEATURE_REGISTER_DH(type, f)                           __PLUGIN_FEATURE_REGISTER(type, f)
 #define _PLUGIN_FEATURE_REGISTER_RNG(type, f)                          __PLUGIN_FEATURE_REGISTER(type, f)
 #define _PLUGIN_FEATURE_REGISTER_NONCE_GEN(type, f)                    __PLUGIN_FEATURE_REGISTER(type, f)
index 3d34cf7..90cb7d3 100644 (file)
@@ -50,6 +50,8 @@ libstrongswan_test_vectors_la_SOURCES = \
        test_vectors/ecpbp.c \
        test_vectors/curve25519.c \
        test_vectors/curve448.c \
+       test_vectors/drbg_ctr.c \
+       test_vectors/drbg_hmac.c \
        test_vectors/rng.c
 
 libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version
index 7c8ac0c..006fea3 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
+ * Copyright (C) 2009-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -274,6 +275,49 @@ TEST_VECTOR_XOF(chacha20_xof_2)
 TEST_VECTOR_XOF(chacha20_xof_3)
 TEST_VECTOR_XOF(chacha20_xof_4)
 
+TEST_VECTOR_DRBG(drbg_ctr_aes128_1)
+TEST_VECTOR_DRBG(drbg_ctr_aes128_2)
+TEST_VECTOR_DRBG(drbg_ctr_aes128_3)
+TEST_VECTOR_DRBG(drbg_ctr_aes128_4)
+TEST_VECTOR_DRBG(drbg_ctr_aes128_5)
+TEST_VECTOR_DRBG(drbg_ctr_aes128_6)
+TEST_VECTOR_DRBG(drbg_ctr_aes192_1)
+TEST_VECTOR_DRBG(drbg_ctr_aes192_2)
+TEST_VECTOR_DRBG(drbg_ctr_aes192_3)
+TEST_VECTOR_DRBG(drbg_ctr_aes192_4)
+TEST_VECTOR_DRBG(drbg_ctr_aes192_5)
+TEST_VECTOR_DRBG(drbg_ctr_aes192_6)
+TEST_VECTOR_DRBG(drbg_ctr_aes256_1)
+TEST_VECTOR_DRBG(drbg_ctr_aes256_2)
+TEST_VECTOR_DRBG(drbg_ctr_aes256_3)
+TEST_VECTOR_DRBG(drbg_ctr_aes256_4)
+TEST_VECTOR_DRBG(drbg_ctr_aes256_5)
+TEST_VECTOR_DRBG(drbg_ctr_aes256_6)
+TEST_VECTOR_DRBG(drbg_hmac_sha1_1)
+TEST_VECTOR_DRBG(drbg_hmac_sha1_2)
+TEST_VECTOR_DRBG(drbg_hmac_sha1_3)
+TEST_VECTOR_DRBG(drbg_hmac_sha1_4)
+TEST_VECTOR_DRBG(drbg_hmac_sha1_5)
+TEST_VECTOR_DRBG(drbg_hmac_sha1_6)
+TEST_VECTOR_DRBG(drbg_hmac_sha256_1)
+TEST_VECTOR_DRBG(drbg_hmac_sha256_2)
+TEST_VECTOR_DRBG(drbg_hmac_sha256_3)
+TEST_VECTOR_DRBG(drbg_hmac_sha256_4)
+TEST_VECTOR_DRBG(drbg_hmac_sha256_5)
+TEST_VECTOR_DRBG(drbg_hmac_sha256_6)
+TEST_VECTOR_DRBG(drbg_hmac_sha384_1)
+TEST_VECTOR_DRBG(drbg_hmac_sha384_2)
+TEST_VECTOR_DRBG(drbg_hmac_sha384_3)
+TEST_VECTOR_DRBG(drbg_hmac_sha384_4)
+TEST_VECTOR_DRBG(drbg_hmac_sha384_5)
+TEST_VECTOR_DRBG(drbg_hmac_sha384_6)
+TEST_VECTOR_DRBG(drbg_hmac_sha512_1)
+TEST_VECTOR_DRBG(drbg_hmac_sha512_2)
+TEST_VECTOR_DRBG(drbg_hmac_sha512_3)
+TEST_VECTOR_DRBG(drbg_hmac_sha512_4)
+TEST_VECTOR_DRBG(drbg_hmac_sha512_5)
+TEST_VECTOR_DRBG(drbg_hmac_sha512_6)
+
 TEST_VECTOR_RNG(rng_monobit_1)
 TEST_VECTOR_RNG(rng_monobit_2)
 TEST_VECTOR_RNG(rng_monobit_3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_ctr.c
new file mode 100644 (file)
index 0000000..66e37c9
--- /dev/null
@@ -0,0 +1,470 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * NIST SP 800-90A DRBG CTR Validation System (DRBGVS)
+ */
+
+/**
+ * AES-128 no df test case 1 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes128_1 = {
+       .type = DRBG_CTR_AES128, .strength = 128,
+       { NULL, 0 },
+       chunk_from_chars(0xed, 0x1e, 0x7f, 0x21, 0xef, 0x66, 0xea, 0x5d, 0x8e, 0x2a,
+                                        0x85, 0xb9, 0x33, 0x72, 0x45, 0x44, 0x5b, 0x71, 0xd6, 0x39,
+                                        0x3a, 0x4e, 0xec, 0xb0, 0xe6, 0x3c, 0x19, 0x3d, 0x0f, 0x72,
+                                        0xf9, 0xa9, 0x30, 0x3f, 0xb5, 0x19, 0xf0, 0xa4, 0xe1, 0x7d,
+                                        0x6d, 0xf0, 0xb6, 0x42, 0x6a, 0xa0, 0xec, 0xb2, 0xa3, 0x60,
+                                        0x79, 0xbd, 0x48, 0xbe, 0x47, 0xad, 0x2a, 0x8d, 0xbf, 0xe4,
+                                        0x8d, 0xa3, 0xef, 0xad),
+       chunk_from_chars(0xf8, 0x01, 0x11, 0xd0, 0x8e, 0x87, 0x46, 0x72, 0xf3, 0x2f,
+                                        0x42, 0x99, 0x71, 0x33, 0xa5, 0x21, 0x0f, 0x7a, 0x93, 0x75,
+                                        0xe2, 0x2c, 0xea, 0x70, 0x58, 0x7f, 0x9c, 0xfa, 0xfe, 0xbe,
+                                        0x0f, 0x6a, 0x6a, 0xa2, 0xeb, 0x68, 0xe7, 0xdd, 0x91, 0x64,
+                                        0x53, 0x6d, 0x53, 0xfa, 0x02, 0x0f, 0xca, 0xb2, 0x0f, 0x54,
+                                        0xca, 0xdd, 0xfa, 0xb7, 0xd6, 0xd9, 0x1e, 0x5f, 0xfe, 0xc1,
+                                        0xdf, 0xd8, 0xde, 0xaa)
+};
+
+/**
+ * AES-128 no df test case 3 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes128_2 = {
+       .type = DRBG_CTR_AES128, .strength = 128,
+       chunk_from_chars(0xe8, 0xfa, 0x4c, 0x5d, 0xe8, 0x25, 0x79, 0x1e, 0x68, 0x18,
+                                        0x0f, 0x2b, 0xa1, 0x07, 0xe8, 0x29, 0xc4, 0x82, 0x99, 0xcb,
+                                        0x01, 0xbe, 0x93, 0x9c, 0xd0, 0xbe, 0x76, 0xda, 0x12, 0x0a,
+                                        0x91, 0xf2),
+       chunk_from_chars(0x34, 0xcb, 0xc2, 0xb2, 0x17, 0xf3, 0xd9, 0x07, 0xfa, 0x2a,
+                                        0xd6, 0xa0, 0xd7, 0xa8, 0x13, 0xb0, 0xfd, 0xa1, 0xe1, 0x7f,
+                                        0xbe, 0xed, 0x94, 0xb0, 0xe0, 0xa0, 0xab, 0xfb, 0xec, 0x94,
+                                        0x71, 0x46, 0x83, 0x26, 0xf8, 0xe9, 0xcf, 0xbd, 0x02, 0xeb,
+                                        0x07, 0x6b, 0xbb, 0x98, 0x19, 0xd9, 0x6a, 0x02, 0x38, 0x6f,
+                                        0x80, 0xbf, 0x91, 0x3c, 0x8e, 0x4a, 0x80, 0x36, 0x1d, 0x82,
+                                        0xca, 0xfa, 0xd5, 0x2e),
+       chunk_from_chars(0x52, 0xf5, 0xe7, 0x18, 0xbf, 0x48, 0xd9, 0x9e, 0x49, 0x87,
+                                        0x75, 0xc0, 0x03, 0x78, 0xe5, 0x45, 0x79, 0x9b, 0xb2, 0x05,
+                                        0x9a, 0xef, 0x0b, 0x74, 0xbe, 0x57, 0x3d, 0x82, 0x83, 0xf0,
+                                        0x2b, 0x52, 0x93, 0x91, 0x79, 0x13, 0xbc, 0x8f, 0x26, 0xfc,
+                                        0x23, 0x76, 0x0a, 0x1c, 0x86, 0xc3, 0xf5, 0xc8, 0x44, 0x85,
+                                        0x74, 0x19, 0x86, 0x8e, 0xaf, 0xeb, 0x17, 0xc9, 0x24, 0x82,
+                                        0x27, 0xd0, 0x26, 0xb8)
+};
+
+/**
+ * AES-128 no df test case 5 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes128_3 = {
+       .type = DRBG_CTR_AES128, .strength = 128,
+       { NULL, 0 },
+       chunk_from_chars(0xb2, 0xb3, 0x29, 0x83, 0x06, 0x47, 0x1b, 0xfc, 0xae, 0x61,
+                                        0x43, 0x8a, 0x3a, 0x79, 0xe2, 0x35, 0x5e, 0xfa, 0x0b, 0x6e,
+                                        0xde, 0x4c, 0xbc, 0xd3, 0xe6, 0x6d, 0xe5, 0x14, 0x0b, 0x3a,
+                                        0xe6, 0x80, 0x26, 0xf0, 0xd1, 0xe4, 0x4b, 0xe5, 0x75, 0xee,
+                                        0x6f, 0x3e, 0xda, 0x89, 0xc1, 0xe7, 0xe4, 0xfb, 0xd1, 0x42,
+                                        0x8f, 0x88, 0x52, 0x60, 0x48, 0x71, 0xc7, 0xa4, 0xf4, 0xc7,
+                                        0x07, 0xa3, 0x93, 0x28),
+       chunk_from_chars(0xb7, 0x1b, 0x6d, 0x73, 0x22, 0x45, 0x3a, 0x61, 0x2c, 0x34,
+                                        0xa9, 0x1c, 0x1e, 0x5c, 0x3f, 0x8c, 0x30, 0x48, 0x6a, 0x69,
+                                        0x2b, 0x1a, 0xd1, 0x3a, 0x4c, 0x08, 0xca, 0xcc, 0xd1, 0x23,
+                                        0xa6, 0x39, 0xfd, 0x2e, 0x0a, 0x7c, 0x38, 0x9c, 0xfa, 0x1a,
+                                        0x97, 0xcb, 0x78, 0xb4, 0x38, 0xdf, 0xf5, 0x7b, 0x0b, 0x5e,
+                                        0xc4, 0xd5, 0x69, 0xa8, 0xb2, 0x81, 0x0a, 0x15, 0xf8, 0x5c,
+                                        0x8c, 0x92, 0x26, 0xbf)
+};
+
+/**
+ * AES-128 no df test case 7 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes128_4 = {
+       .type = DRBG_CTR_AES128, .strength = 128,
+       chunk_from_chars(0x35, 0x14, 0x20, 0xc0, 0x26, 0x3c, 0xe1, 0x1e, 0xe8, 0xb6,
+                                        0x83, 0xf6, 0x10, 0x61, 0x30, 0xc6, 0x7f, 0xf1, 0xc6, 0x55,
+                                        0xc4, 0xe6, 0x78, 0x82, 0x52, 0x93, 0xf0, 0x04, 0xd2, 0x7c,
+                                        0x54, 0x24),
+       chunk_from_chars(0x5c, 0xd1, 0xdf, 0x6d, 0xb5, 0x8e, 0xa5, 0x07, 0x83, 0x8d,
+                                        0x74, 0x26, 0xb3, 0xfb, 0x48, 0x40, 0x2c, 0xd1, 0x4a, 0xb7,
+                                        0x5a, 0xbb, 0xde, 0xf3, 0x3c, 0xe3, 0x0f, 0xb9, 0x7c, 0x53,
+                                        0x09, 0x98, 0x99, 0xe6, 0x85, 0x0f, 0xa2, 0x91, 0x31, 0xbf,
+                                        0xc7, 0x48, 0xb2, 0xe7, 0x4e, 0x0f, 0xd6, 0x2a, 0xcc, 0x4b,
+                                        0xe4, 0xe9, 0xb5, 0xf0, 0x64, 0x47, 0xdc, 0x26, 0xf7, 0x72,
+                                        0xc0, 0x24, 0x15, 0x61),
+       chunk_from_chars(0xf6, 0x04, 0x0a, 0xf8, 0xae, 0x7a, 0xb0, 0x4c, 0xde, 0x02,
+                                        0xbe, 0x25, 0xaf, 0x95, 0xde, 0xda, 0xda, 0x3b, 0x10, 0x32,
+                                        0x1c, 0x41, 0x8c, 0x7a, 0xf4, 0xed, 0x5b, 0xc8, 0x2e, 0x28,
+                                        0xeb, 0xf7, 0x78, 0xae, 0x42, 0x48, 0xc5, 0x65, 0x29, 0x2e,
+                                        0x4c, 0xb8, 0xec, 0xcd, 0x40, 0xf1, 0x8a, 0x38, 0x28, 0x48,
+                                        0xb4, 0x0d, 0x74, 0x41, 0xa2, 0x91, 0xcc, 0x9e, 0xe8, 0x46,
+                                        0x5c, 0xbe, 0x5f, 0xd6)
+};
+
+/**
+ * AES-128 no df test case 9 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes128_5 = {
+       .type = DRBG_CTR_AES128, .strength = 128,
+       { NULL, 0 },
+       chunk_from_chars(0x85, 0x82, 0x04, 0xf2, 0x7e, 0x93, 0xe8, 0x72, 0xa1, 0xce,
+                                        0x62, 0x08, 0xef, 0x6d, 0xe3, 0x98, 0x68, 0xdd, 0xad, 0x55,
+                                        0xea, 0xc8, 0x99, 0xca, 0x05, 0x81, 0xb9, 0xbb, 0x69, 0x7d,
+                                        0x44, 0x17, 0x1e, 0x82, 0x20, 0x08, 0xae, 0xcf, 0x6e, 0x67,
+                                        0xcc, 0x47, 0xf2, 0xb9, 0x8b, 0x04, 0x68, 0x7b, 0x12, 0x1e,
+                                        0xa4, 0x03, 0x6b, 0x6c, 0xab, 0xb0, 0xc3, 0x6e, 0xfb, 0xe1,
+                                        0x51, 0x46, 0x38, 0x0b),
+       chunk_from_chars(0x49, 0xce, 0x84, 0x96, 0x3d, 0xf8, 0x64, 0xaa, 0xe3, 0x6b,
+                                        0xec, 0x3f, 0x3e, 0xd2, 0x23, 0xf9, 0x5d, 0xf4, 0x95, 0x6c,
+                                        0x7c, 0x01, 0xb6, 0x20, 0xd5, 0xf2, 0x10, 0xe6, 0x38, 0x65,
+                                        0x9d, 0x5e, 0x18, 0x86, 0x70, 0x0c, 0x04, 0xe7, 0x9e, 0x57,
+                                        0x9c, 0xa7, 0xc9, 0xb0, 0x54, 0x54, 0xb5, 0x25, 0xc2, 0xea,
+                                        0x73, 0x48, 0x03, 0x2b, 0x3a, 0xb8, 0xd9, 0x1b, 0x4c, 0x47,
+                                        0x00, 0x22, 0x04, 0xaf)
+};
+
+/**
+ * AES-128 no df test case 11 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes128_6 = {
+       .type = DRBG_CTR_AES128, .strength = 128,
+       chunk_from_chars(0xa6, 0xcf, 0xbd, 0xd0, 0x5e, 0xee, 0x36, 0xa3, 0xd1, 0x01,
+                                        0xc3, 0xd0, 0x30, 0x1c, 0xb6, 0xff, 0x21, 0x68, 0x7d, 0x9f,
+                                        0x89, 0xcf, 0xc8, 0x60, 0xd0, 0x5d, 0xfa, 0x1a, 0x95, 0x7f,
+                                        0x56, 0xbd),
+       chunk_from_chars(0x87, 0x64, 0xbf, 0x9c, 0x12, 0xff, 0x37, 0xe2, 0x3a, 0xfe,
+                                        0x28, 0xa4, 0x5c, 0x43, 0x04, 0xc0, 0x5d, 0x54, 0x65, 0x4b,
+                                        0xa1, 0x4c, 0xf5, 0x8d, 0x7a, 0xe3, 0x71, 0x34, 0x7e, 0x1e,
+                                        0x70, 0x35, 0x19, 0x09, 0x33, 0xf0, 0x7a, 0x1d, 0x44, 0x8d,
+                                        0xab, 0x65, 0x07, 0x16, 0xa1, 0xb3, 0x07, 0x14, 0xca, 0xda,
+                                        0x5c, 0xd0, 0xfb, 0xc4, 0x3b, 0x9d, 0x2d, 0xde, 0x79, 0x1c,
+                                        0x4a, 0xd8, 0x52, 0x2d),
+       chunk_from_chars(0x5c, 0xbd, 0x9b, 0x5c, 0xf1, 0x88, 0x33, 0x30, 0xb3, 0x0b,
+                                        0x1d, 0xa9, 0x17, 0xe6, 0x2d, 0x66, 0x82, 0x11, 0x5f, 0x0e,
+                                        0x97, 0x52, 0x39, 0x6c, 0x32, 0xc5, 0x97, 0xb9, 0x0a, 0x95,
+                                        0x72, 0xa7, 0xe9, 0xc6, 0x13, 0x89, 0xf5, 0xec, 0x97, 0x9a,
+                                        0x72, 0xf7, 0x1f, 0xe0, 0x3d, 0x0c, 0xd2, 0xf3, 0x4b, 0x3d,
+                                        0x91, 0x70, 0xcc, 0x96, 0x1a, 0x79, 0x42, 0xc6, 0x52, 0xec,
+                                        0x42, 0x65, 0x1b, 0xd3)
+};
+
+/**
+ * AES-192 no df test case 1 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes192_1 = {
+       .type = DRBG_CTR_AES192, .strength = 192,
+       { NULL, 0 },
+       chunk_from_chars(0xd6, 0xe1, 0x8f, 0x45, 0x65, 0xfd, 0xf2, 0x82, 0x6d, 0x0d,
+                                        0x56, 0x41, 0x96, 0x47, 0xc0, 0x20, 0x41, 0x3b, 0x96, 0x32,
+                                        0x99, 0xd8, 0xde, 0x2c, 0x65, 0x10, 0x27, 0x7f, 0x8c, 0xe9,
+                                        0x88, 0xa7, 0xf0, 0xb3, 0xbc, 0x1d, 0xf8, 0x5b, 0x15, 0x3f,
+                                        0xa8, 0x23, 0xd6, 0x31, 0x1f, 0x9f, 0x66, 0xdf, 0x32, 0x9e,
+                                        0x3d, 0x70, 0x65, 0xe2, 0x4f, 0xe2, 0x50, 0x7e, 0x6b, 0x9d,
+                                        0xbc, 0xc2, 0x28, 0x38, 0x48, 0x3f, 0xa7, 0x29, 0xca, 0x51,
+                                        0x16, 0xd0, 0x3a, 0x91, 0x02, 0x81, 0x39, 0xd7, 0x13, 0x0a),
+       chunk_from_chars(0x4b, 0xf8, 0x06, 0x69, 0x0a, 0xf1, 0x3d, 0xbc, 0xfd, 0x44,
+                                        0x8c, 0x79, 0xa3, 0x53, 0x2e, 0x00, 0x0b, 0xca, 0xbc, 0xef,
+                                        0x36, 0xf2, 0x64, 0x3f, 0x3e, 0x1c, 0x9d, 0xe6, 0x07, 0x10,
+                                        0x42, 0x82, 0xf8, 0x1c, 0xd6, 0xcd, 0xcf, 0x8d, 0xa8, 0x42,
+                                        0x9c, 0x94, 0x10, 0x82, 0x45, 0x11, 0x4d, 0x3d, 0xa1, 0x7b,
+                                        0x9f, 0x48, 0xbb, 0x07, 0x09, 0x4c, 0x07, 0x3a, 0x94, 0xf5,
+                                        0xd2, 0xef, 0x9e, 0x30)
+};
+
+/**
+ * AES-192 no df test case 3 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes192_2 = {
+       .type = DRBG_CTR_AES192, .strength = 192,
+       chunk_from_chars(0x2e, 0xca, 0x97, 0x47, 0x8d, 0x60, 0x6b, 0x0b, 0xca, 0x56,
+                                        0xf0, 0x55, 0xa1, 0xe8, 0x39, 0x4b, 0x44, 0xf5, 0xe3, 0x02,
+                                        0x8d, 0xa5, 0x9a, 0x39, 0x00, 0xd5, 0xd7, 0xbd, 0x34, 0x1b,
+                                        0x06, 0x21, 0xb5, 0xf6, 0xd2, 0x30, 0x9e, 0x36, 0xb4, 0xae),
+       chunk_from_chars(0xe0, 0xe0, 0x3d, 0x4a, 0x9e, 0x4d, 0xe3, 0x62, 0xe6, 0xbb,
+                                        0x9b, 0xa6, 0x35, 0xb8, 0x47, 0x91, 0x2a, 0x3f, 0x9e, 0x1d,
+                                        0x83, 0xb4, 0x36, 0x3f, 0xc2, 0x58, 0xcd, 0xea, 0x29, 0x28,
+                                        0xa8, 0x78, 0x23, 0x18, 0x6f, 0x1c, 0x47, 0xc4, 0x17, 0x5f,
+                                        0x66, 0xaa, 0x3d, 0xb4, 0xbe, 0xa8, 0xf2, 0xe1, 0xb2, 0x46,
+                                        0x97, 0x51, 0x57, 0x8f, 0x24, 0xf1, 0xb4, 0xd0, 0xdf, 0x97,
+                                        0x1c, 0xf2, 0x28, 0x17, 0x12, 0x14, 0x98, 0x12, 0xc2, 0x0e,
+                                        0x80, 0x4b, 0x90, 0xf3, 0xaa, 0xc1, 0x2d, 0x7c, 0x98, 0x32),
+       chunk_from_chars(0x0e, 0x02, 0xf3, 0x44, 0xb1, 0x15, 0x9c, 0xcd, 0x77, 0x95,
+                                        0x97, 0x4e, 0x7b, 0xb9, 0xdf, 0x9e, 0x8c, 0xc3, 0x81, 0xa1,
+                                        0x30, 0xb9, 0x8b, 0x43, 0x46, 0x22, 0x85, 0xfe, 0x3e, 0xd8,
+                                        0x58, 0x78, 0x11, 0xab, 0xde, 0xf4, 0x71, 0xbb, 0xcf, 0xe8,
+                                        0x30, 0xe5, 0x16, 0xb7, 0x8f, 0x78, 0x1a, 0x05, 0xb5, 0x2e,
+                                        0x44, 0xd5, 0x41, 0x22, 0x77, 0x50, 0x84, 0x17, 0x0f, 0xf6,
+                                        0xd8, 0x06, 0x27, 0xe9)
+};
+
+/**
+ * AES-192 no df test case 5 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes192_3 = {
+       .type = DRBG_CTR_AES192, .strength = 192,
+       { NULL, 0 },
+       chunk_from_chars(0x21, 0xa5, 0x3c, 0x17, 0x66, 0x1a, 0xed, 0x92, 0x95, 0x0f,
+                                        0xf4, 0xfd, 0xf4, 0xab, 0x8f, 0xa5, 0xdc, 0x44, 0xe9, 0x9f,
+                                        0x88, 0xaa, 0x95, 0x3e, 0x19, 0xb4, 0xbe, 0x78, 0xba, 0x75,
+                                        0xf2, 0x67, 0xf6, 0x70, 0x34, 0xa1, 0x56, 0x6e, 0x83, 0x3e,
+                                        0x1e, 0xcb, 0x61, 0xa5, 0xdd, 0x70, 0xb1, 0x67, 0xd6, 0x55,
+                                        0x77, 0x41, 0x5c, 0x2f, 0xb8, 0x12, 0xea, 0x20, 0xb3, 0x25,
+                                        0xd2, 0xb5, 0x31, 0x58, 0x69, 0x7c, 0xf9, 0x7c, 0x81, 0xd7,
+                                        0x9e, 0x84, 0x99, 0xf7, 0x45, 0x40, 0x13, 0x7f, 0xd1, 0xe1),
+       chunk_from_chars(0x11, 0xa0, 0x7b, 0x22, 0x31, 0x91, 0x6f, 0x99, 0xc3, 0xf7,
+                                        0xa0, 0x7d, 0x14, 0x51, 0xab, 0x94, 0x0d, 0x2d, 0x66, 0x3c,
+                                        0x97, 0x29, 0xc1, 0x85, 0x71, 0x70, 0xa3, 0x16, 0x55, 0x07,
+                                        0x8a, 0x82, 0x74, 0xec, 0x4a, 0x90, 0x31, 0xbc, 0xfd, 0x2a,
+                                        0xbb, 0x1a, 0xe5, 0x81, 0x3f, 0x49, 0x70, 0xa7, 0x16, 0xe3,
+                                        0xd1, 0x42, 0x87, 0xe4, 0xf2, 0x1e, 0x01, 0x32, 0x3f, 0xdf,
+                                        0xff, 0xb7, 0x61, 0x87)
+};
+
+/**
+ * AES-192 no df test case 7 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes192_4 = {
+       .type = DRBG_CTR_AES192, .strength = 192,
+       chunk_from_chars(0x08, 0x94, 0x30, 0xcf, 0x99, 0x6e, 0x06, 0xa0, 0xdc, 0x31,
+                                        0x32, 0xc8, 0xaa, 0x6e, 0x3e, 0xdc, 0x76, 0x51, 0xff, 0x4f,
+                                        0x01, 0xe7, 0x11, 0x3c, 0xa3, 0xce, 0x2a, 0x21, 0x5e, 0x10,
+                                        0xec, 0x88, 0xad, 0x72, 0x36, 0xb8, 0x30, 0x7c, 0x85, 0x69),
+       chunk_from_chars(0x9d, 0xda, 0x17, 0x5d, 0x9f, 0x26, 0xe5, 0x6b, 0x94, 0x49,
+                                        0xbb, 0x0c, 0x9d, 0x02, 0x2c, 0x47, 0x13, 0x8a, 0xe7, 0x8b,
+                                        0xa3, 0x8c, 0x35, 0xd1, 0x5f, 0x2d, 0x2c, 0x55, 0x5d, 0x69,
+                                        0xd4, 0xd6, 0x94, 0x5a, 0x57, 0xae, 0x39, 0x69, 0x62, 0x52,
+                                        0xd7, 0x5a, 0xae, 0x1b, 0x7b, 0xb4, 0x9b, 0x81, 0xff, 0x43,
+                                        0xa8, 0xe8, 0x9f, 0x7b, 0x0c, 0xcb, 0xf6, 0xf6, 0xaf, 0x46,
+                                        0x47, 0xa5, 0x57, 0xf7, 0x6e, 0xd7, 0x3f, 0x09, 0x25, 0x4d,
+                                        0x67, 0xff, 0xd7, 0xe3, 0x56, 0x29, 0x86, 0x86, 0x23, 0x00),
+       chunk_from_chars(0xbc, 0x80, 0x62, 0x76, 0x71, 0xbc, 0xa2, 0x67, 0xba, 0xe1,
+                                        0xa0, 0xde, 0x9e, 0xb9, 0xe4, 0x81, 0xd8, 0x3b, 0x5c, 0xad,
+                                        0xe6, 0xe3, 0xc5, 0x08, 0x24, 0x34, 0xb0, 0xb7, 0x00, 0xf3,
+                                        0x15, 0x43, 0x9c, 0x2c, 0xa2, 0xe9, 0xde, 0xf4, 0x3b, 0x1b,
+                                        0xf2, 0x05, 0x84, 0x57, 0x7c, 0xef, 0x5b, 0x61, 0xc0, 0x68,
+                                        0x1e, 0x4b, 0xd4, 0x40, 0xe8, 0x8d, 0xa3, 0x79, 0xa0, 0x21,
+                                        0x4c, 0xf5, 0xf5, 0xcf)
+};
+
+/**
+ * AES-192 no df test case 9 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes192_5 = {
+       .type = DRBG_CTR_AES192, .strength = 192,
+       { NULL, 0 },
+       chunk_from_chars(0x3b, 0xb9, 0xb2, 0x66, 0x2a, 0x25, 0x5d, 0xf8, 0xf8, 0x80,
+                                        0x88, 0x47, 0x18, 0x84, 0x06, 0x96, 0x0e, 0xc0, 0x03, 0x35,
+                                        0x1c, 0xab, 0x3a, 0xd2, 0x02, 0x78, 0x71, 0xf1, 0x30, 0x29,
+                                        0x56, 0xaa, 0x31, 0xab, 0xc8, 0xd3, 0x9c, 0x36, 0x29, 0xd9,
+                                        0x7b, 0xc8, 0x63, 0xda, 0x2b, 0x9f, 0xde, 0x00, 0x8b, 0x61,
+                                        0x00, 0x79, 0xf8, 0xbd, 0x80, 0x41, 0x80, 0xa7, 0xe8, 0x65,
+                                        0x3c, 0xa6, 0xe9, 0x1a, 0x5a, 0x90, 0x61, 0x9c, 0x23, 0xe0,
+                                        0x2c, 0xe4, 0xd6, 0x07, 0xb0, 0x0c, 0x79, 0x24, 0x36, 0xfe),
+       chunk_from_chars(0x50, 0x6c, 0x74, 0x51, 0xe5, 0xee, 0x0f, 0xdc, 0xa4, 0x86,
+                                        0x32, 0x94, 0x2f, 0x2b, 0xa4, 0x73, 0x04, 0xeb, 0x02, 0x10,
+                                        0xf1, 0xfa, 0xc6, 0x6c, 0x62, 0x03, 0x65, 0xf7, 0x53, 0xef,
+                                        0x70, 0x98, 0x9c, 0x40, 0xfe, 0x9f, 0xd5, 0x4d, 0x54, 0xa9,
+                                        0xe4, 0xaa, 0x0b, 0x3f, 0x1a, 0xb7, 0x00, 0xaa, 0x6e, 0x9d,
+                                        0x45, 0xbc, 0x7c, 0xe3, 0x2b, 0x88, 0xbb, 0xed, 0x53, 0x7e,
+                                        0xcb, 0xc4, 0xf3, 0x77)
+};
+
+/**
+ * AES-192 no df test case 11 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes192_6 = {
+       .type = DRBG_CTR_AES192, .strength = 192,
+       chunk_from_chars(0x7a, 0xa6, 0x0c, 0x5a, 0x25, 0x36, 0x0d, 0x8a, 0x0a, 0x9d,
+                                        0x41, 0xe3, 0x4c, 0x76, 0xc4, 0xf1, 0x80, 0x71, 0xb5, 0x6a,
+                                        0xc6, 0x73, 0xd4, 0xba, 0xac, 0xbe, 0xe7, 0x75, 0x49, 0xdd,
+                                        0x36, 0x1d, 0xb6, 0x49, 0x6f, 0x90, 0x34, 0x51, 0x38, 0x88),
+       chunk_from_chars(0xe7, 0xb5, 0xcc, 0x99, 0xdd, 0xe3, 0x12, 0x31, 0x8e, 0xcb,
+                                        0x2a, 0x3b, 0xc4, 0xee, 0x8c, 0x14, 0x76, 0x34, 0x5a, 0xd3,
+                                        0xe8, 0x1b, 0x5d, 0x6d, 0xc0, 0xb7, 0x47, 0xb5, 0x90, 0xc0,
+                                        0xd2, 0x1b, 0xe7, 0x31, 0x39, 0x8f, 0x82, 0x3a, 0xad, 0x02,
+                                        0x31, 0x0e, 0x8e, 0x8d, 0xbc, 0x6a, 0xe5, 0x86, 0x62, 0x5d,
+                                        0x75, 0x0f, 0x5a, 0x1c, 0xee, 0x76, 0x4a, 0x7e, 0x47, 0xa2,
+                                        0xeb, 0x35, 0x5c, 0x5c, 0x94, 0xdd, 0xe9, 0x50, 0x06, 0x5f,
+                                        0xb7, 0x55, 0x46, 0xff, 0x34, 0x7f, 0x7f, 0x17, 0x24, 0xeb),
+       chunk_from_chars(0x21, 0x46, 0x0b, 0xda, 0x25, 0xdc, 0xad, 0x96, 0xd2, 0x91,
+                                        0x44, 0xc9, 0x12, 0xc6, 0x54, 0xe3, 0x07, 0xa0, 0xb5, 0x59,
+                                        0xd7, 0x26, 0xc0, 0x51, 0x3e, 0x2f, 0x07, 0xa4, 0xe6, 0xca,
+                                        0x0c, 0x44, 0x4e, 0xcb, 0x4f, 0xf6, 0xa9, 0x77, 0x88, 0x0c,
+                                        0xba, 0x4b, 0xb9, 0x93, 0xb2, 0xd2, 0x87, 0x3d, 0xab, 0xd3,
+                                        0x59, 0xa8, 0xc4, 0x93, 0xdc, 0x28, 0x38, 0xab, 0xb1, 0x0f,
+                                        0x63, 0xd3, 0xa8, 0xe7)
+};
+
+/**
+ * AES-256 no df test case 1 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes256_1 = {
+       .type = DRBG_CTR_AES256, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0xe4, 0xbc, 0x23, 0xc5, 0x08, 0x9a, 0x19, 0xd8, 0x6f, 0x41,
+                                        0x19, 0xcb, 0x3f, 0xa0, 0x8c, 0x0a, 0x49, 0x91, 0xe0, 0xa1,
+                                        0xde, 0xf1, 0x7e, 0x10, 0x1e, 0x4c, 0x14, 0xd9, 0xc3, 0x23,
+                                        0x46, 0x0a, 0x7c, 0x2f, 0xb5, 0x8e, 0x0b, 0x08, 0x6c, 0x6c,
+                                        0x57, 0xb5, 0x5f, 0x56, 0xca, 0xe2, 0x5b, 0xad, 0xfd, 0x85,
+                                        0xa8, 0x36, 0xbb, 0xa8, 0x50, 0x19, 0x88, 0x1e, 0x8c, 0x6b,
+                                        0xad, 0x23, 0xc9, 0x06, 0x1a, 0xdc, 0x75, 0x47, 0x76, 0x59,
+                                        0xac, 0xae, 0xa8, 0xe4, 0xa0, 0x1d, 0xfe, 0x07, 0xa1, 0x83,
+                                        0x2d, 0xad, 0x1c, 0x13, 0x6f, 0x59, 0xd7, 0x0f, 0x86, 0x53,
+                                        0xa5, 0xdc, 0x11, 0x86, 0x63, 0xd6),
+       chunk_from_chars(0xb2, 0xcb, 0x89, 0x05, 0xc0, 0x5e, 0x59, 0x50, 0xca, 0x31,
+                                        0x89, 0x50, 0x96, 0xbe, 0x29, 0xea, 0x3d, 0x5a, 0x3b, 0x82,
+                                        0xb2, 0x69, 0x49, 0x55, 0x54, 0xeb, 0x80, 0xfe, 0x07, 0xde,
+                                        0x43, 0xe1, 0x93, 0xb9, 0xe7, 0xc3, 0xec, 0xe7, 0x3b, 0x80,
+                                        0xe0, 0x62, 0xb1, 0xc1, 0xf6, 0x82, 0x02, 0xfb, 0xb1, 0xc5,
+                                        0x2a, 0x04, 0x0e, 0xa2, 0x47, 0x88, 0x64, 0x29, 0x52, 0x82,
+                                        0x23, 0x4a, 0xaa, 0xda)
+};
+
+/**
+ * AES-256 no df test case 3 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes256_2 = {
+       .type = DRBG_CTR_AES256, .strength = 256,
+       chunk_from_chars(0x1d, 0x2b, 0xe6, 0xf2, 0x5e, 0x88, 0xfa, 0x30, 0xc4, 0xef,
+                                        0x42, 0xe4, 0xd5, 0x4e, 0xfd, 0x95, 0x7d, 0xec, 0x23, 0x1f,
+                                        0xa0, 0x01, 0x43, 0xca, 0x47, 0x58, 0x0b, 0xe6, 0x66, 0xa8,
+                                        0xc1, 0x43, 0xa9, 0x16, 0xc9, 0x0b, 0x38, 0x19, 0xa0, 0xa7,
+                                        0xea, 0x91, 0x4e, 0x3c, 0x9a, 0x2e, 0x7a, 0x3f),
+       chunk_from_chars(0xff, 0xad, 0x10, 0x10, 0x00, 0x25, 0xa8, 0x79, 0x67, 0x2f,
+                                        0xf5, 0x03, 0x74, 0xb2, 0x86, 0x71, 0x2f, 0x45, 0x7d, 0xd0,
+                                        0x14, 0x41, 0xd7, 0x6a, 0xc1, 0xa1, 0xcd, 0x15, 0xc7, 0x39,
+                                        0x0d, 0xd9, 0x31, 0x79, 0xa2, 0xf5, 0x92, 0x0d, 0x19, 0x8b,
+                                        0xf3, 0x4a, 0x1b, 0x76, 0xfb, 0xc2, 0x12, 0x89, 0x6c, 0x1a,
+                                        0x08, 0x9c, 0xae, 0x31, 0x33, 0x63, 0xbc, 0x76, 0xa7, 0x80,
+                                        0x13, 0x9e, 0xb4, 0xf2, 0xf2, 0x04, 0x8b, 0x1f, 0x6b, 0x07,
+                                        0x89, 0x6c, 0x5c, 0x41, 0x2b, 0xff, 0x03, 0x85, 0x44, 0x0f,
+                                        0xc4, 0x3b, 0x73, 0xfa, 0xcb, 0xb7, 0x9e, 0x3a, 0x25, 0x2f,
+                                        0xa0, 0x1f, 0xe1, 0x7a, 0xb3, 0x91),
+       chunk_from_chars(0xe0, 0x53, 0xc7, 0xd4, 0xbd, 0x90, 0x99, 0xef, 0x6a, 0x99,
+                                        0xf1, 0x90, 0xa5, 0xfd, 0x80, 0x21, 0x94, 0x37, 0xd6, 0x42,
+                                        0x00, 0x66, 0x72, 0x33, 0x8d, 0xa6, 0xe0, 0xfe, 0x73, 0xca,
+                                        0x4d, 0x24, 0xff, 0xa5, 0x11, 0x51, 0xbf, 0xbd, 0xac, 0x78,
+                                        0xd8, 0xa2, 0xf6, 0x25, 0x50, 0x46, 0xed, 0xf5, 0x7a, 0x04,
+                                        0x62, 0x6e, 0x99, 0x77, 0x13, 0x9c, 0x69, 0x33, 0x27, 0x42,
+                                        0x99, 0xf3, 0xbd, 0xff)
+};
+
+/**
+ * AES-256 no df test case 5 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes256_3 = {
+       .type = DRBG_CTR_AES256, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0xfc, 0xa0, 0xb6, 0xe5, 0x57, 0xf5, 0x14, 0x30, 0xdd, 0x78,
+                                        0x7a, 0xb4, 0xd3, 0x3f, 0x18, 0xd9, 0xae, 0xc2, 0x19, 0x62,
+                                        0x9d, 0x1b, 0x83, 0x9a, 0x35, 0xca, 0xaf, 0xc8, 0x25, 0xab,
+                                        0x55, 0xbe, 0x6a, 0x88, 0x03, 0x21, 0xbe, 0x58, 0xc1, 0x6e,
+                                        0xac, 0xb9, 0x45, 0xb7, 0xbb, 0x7c, 0xad, 0xb7, 0x7b, 0x68,
+                                        0x49, 0x23, 0xae, 0x50, 0x86, 0x6f, 0x71, 0x0d, 0x3b, 0x5b,
+                                        0x2e, 0xdf, 0x24, 0x45, 0x59, 0x3f, 0xe6, 0x6d, 0x15, 0xf2,
+                                        0xdc, 0x73, 0x5e, 0x2b, 0x0c, 0x27, 0x8f, 0x1c, 0xc9, 0x73,
+                                        0x50, 0x75, 0xdd, 0x26, 0x8b, 0x91, 0x40, 0x8e, 0xf7, 0x3d,
+                                        0x55, 0x04, 0x23, 0x54, 0x5a, 0xdc),
+       chunk_from_chars(0x29, 0x37, 0x56, 0x71, 0x40, 0x7b, 0x1a, 0x45, 0xb9, 0xfd,
+                                        0x8b, 0x4f, 0x50, 0x7d, 0xda, 0x23, 0x48, 0x22, 0xd5, 0x57,
+                                        0xe4, 0x8b, 0x9a, 0x52, 0x99, 0x7b, 0x13, 0x75, 0x7e, 0x0c,
+                                        0x2f, 0x79, 0x6c, 0x87, 0x41, 0xf9, 0x4b, 0xc2, 0xbd, 0x0d,
+                                        0x8c, 0x98, 0xe5, 0xe2, 0x5e, 0x4c, 0xee, 0x65, 0xe4, 0xdd,
+                                        0x63, 0x4c, 0x98, 0xbc, 0x3b, 0x66, 0xfb, 0x62, 0x79, 0xf9,
+                                        0x46, 0x8a, 0xc8, 0x41)
+};
+
+/**
+ * AES-256 no df test case 7 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes256_4 = {
+       .type = DRBG_CTR_AES256, .strength = 256,
+       chunk_from_chars(0x71, 0x00, 0xbe, 0xe1, 0xf8, 0xca, 0x38, 0xf4, 0xf0, 0x7b,
+                                        0x99, 0x10, 0xb1, 0x2b, 0xae, 0xce, 0x71, 0x52, 0x22, 0x66,
+                                        0x3a, 0x1d, 0x5c, 0x16, 0x99, 0xb5, 0xd4, 0x02, 0x2c, 0x0e,
+                                        0x0b, 0x1a, 0x49, 0xc9, 0x4b, 0x89, 0x8e, 0x53, 0x18, 0xf6,
+                                        0x86, 0x1b, 0x43, 0xa8, 0xf1, 0xa4, 0xa8, 0x82),
+       chunk_from_chars(0x91, 0xe1, 0x5b, 0x57, 0x88, 0x61, 0x56, 0xd0, 0xea, 0xe2,
+                                        0xed, 0xa3, 0x68, 0x7c, 0xc4, 0xb6, 0x17, 0x72, 0x56, 0x47,
+                                        0xfc, 0x34, 0x23, 0xfb, 0x54, 0x8f, 0x18, 0x03, 0x38, 0x06,
+                                        0x4a, 0xb6, 0x68, 0x98, 0x00, 0x50, 0x09, 0xc2, 0xc9, 0xc5,
+                                        0xf7, 0xc4, 0x20, 0xd9, 0x9e, 0x4f, 0x35, 0x1a, 0x25, 0xda,
+                                        0x97, 0x00, 0xe7, 0x98, 0x8a, 0x46, 0xb2, 0xfb, 0x44, 0x35,
+                                        0x8f, 0xc3, 0xb1, 0x40, 0xaf, 0x96, 0xb9, 0xf8, 0x5c, 0xfc,
+                                        0x74, 0x79, 0x78, 0xe8, 0x5a, 0xfc, 0xca, 0x0b, 0xcc, 0x02,
+                                        0xe8, 0x07, 0xaf, 0x83, 0x0b, 0x3c, 0x0e, 0x69, 0x60, 0xa6,
+                                        0x0b, 0xbc, 0x2d, 0xed, 0x89, 0x1b),
+       chunk_from_chars(0xea, 0xa8, 0x0c, 0x6f, 0x59, 0x0f, 0x28, 0xcc, 0x7b, 0x5e,
+                                        0xdb, 0xd3, 0xd8, 0x64, 0x3a, 0x68, 0xf7, 0xe6, 0xde, 0x87,
+                                        0x3b, 0x0b, 0x9d, 0x83, 0x9b, 0x0a, 0xb9, 0x6c, 0xa2, 0x48,
+                                        0xbb, 0x4b, 0x92, 0x34, 0xb1, 0xc0, 0x65, 0x85, 0x7d, 0x93,
+                                        0x6c, 0xe6, 0xdd, 0x0f, 0xc9, 0x2d, 0x6b, 0x3c, 0xf9, 0x8f,
+                                        0x3a, 0x29, 0xc1, 0x6b, 0xb5, 0x49, 0xf6, 0xde, 0xa4, 0x22,
+                                        0x12, 0x26, 0xe5, 0x50)
+};
+
+/**
+ * AES-256 no df test case 9 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes256_5 = {
+       .type = DRBG_CTR_AES256, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x3f, 0xa9, 0x04, 0x74, 0x70, 0x34, 0xcc, 0x30, 0x93, 0xde,
+                                        0xaa, 0xc4, 0x97, 0xe3, 0xc1, 0x43, 0xfa, 0x44, 0x00, 0xac,
+                                        0xcf, 0xc5, 0x58, 0x85, 0x71, 0x7f, 0xa9, 0x43, 0xf4, 0x3c,
+                                        0xba, 0xd1, 0xa8, 0x91, 0x68, 0xaa, 0x76, 0x96, 0x1e, 0x15,
+                                        0x0e, 0x26, 0x49, 0xec, 0x1e, 0xd6, 0x73, 0x61, 0xc6, 0x0c,
+                                        0x5b, 0x41, 0x5b, 0xad, 0x71, 0x54, 0x93, 0x48, 0x6b, 0x7a,
+                                        0x12, 0x3b, 0xa6, 0xc0, 0x46, 0x08, 0x9e, 0x95, 0x49, 0xea,
+                                        0x8b, 0xb2, 0x2a, 0x7a, 0xd4, 0x10, 0x8b, 0xec, 0x98, 0x11,
+                                        0x7f, 0x75, 0x1a, 0x2e, 0x4c, 0xc2, 0x0b, 0x02, 0x51, 0x0d,
+                                        0x2a, 0x3d, 0x02, 0x60, 0x5b, 0x4d),
+       chunk_from_chars(0xab, 0x2d, 0x70, 0x9d, 0xe8, 0x81, 0x16, 0x4b, 0x6c, 0x21,
+                                        0x49, 0xb2, 0x1e, 0xae, 0x15, 0x17, 0xf8, 0x75, 0x61, 0x64,
+                                        0x9e, 0x0d, 0xd9, 0xca, 0x5c, 0xe5, 0x51, 0xc5, 0xbd, 0x12,
+                                        0xfd, 0xf7, 0x09, 0x1e, 0x08, 0x1d, 0x30, 0x71, 0x23, 0xae,
+                                        0xc5, 0xae, 0x7c, 0x30, 0xaf, 0xd2, 0xa6, 0x4c, 0x8d, 0x13,
+                                        0x6e, 0xa0, 0x7f, 0x7e, 0xc5, 0xed, 0xb4, 0x40, 0x0b, 0x9a,
+                                        0x64, 0x45, 0x66, 0x42)
+};
+
+/**
+ * AES-256 no df test case 11 - count 0
+ */
+drbg_test_vector_t drbg_ctr_aes256_6 = {
+       .type = DRBG_CTR_AES256, .strength = 256,
+       chunk_from_chars(0xda, 0x7c, 0x74, 0x2b, 0x40, 0x8d, 0xeb, 0x1b, 0x02, 0x6e,
+                                        0xc5, 0xdf, 0xeb, 0x00, 0xdd, 0x07, 0x5f, 0x48, 0x06, 0x9c,
+                                        0x18, 0x5e, 0x5d, 0x35, 0x5b, 0x09, 0xef, 0xf8, 0x8f, 0xcc,
+                                        0xf2, 0x89, 0xef, 0x04, 0x52, 0x26, 0xc2, 0xe2, 0x99, 0x1e,
+                                        0x20, 0xb0, 0x97, 0x64, 0x33, 0x99, 0x4c, 0x0d),
+       chunk_from_chars(0xa3, 0x68, 0x73, 0x75, 0x12, 0x9c, 0x98, 0x86, 0xea, 0x48,
+                                        0xa2, 0xf4, 0x9b, 0xe3, 0x28, 0xdd, 0x2b, 0xcf, 0x46, 0x68,
+                                        0x9a, 0x59, 0xde, 0x69, 0xa9, 0x29, 0xdc, 0xb0, 0x1e, 0x6b,
+                                        0x79, 0xac, 0x96, 0xf9, 0x8d, 0xde, 0xd9, 0xe1, 0x38, 0x11,
+                                        0xc2, 0x5c, 0x55, 0x59, 0x7b, 0xbd, 0x3f, 0x8b, 0x40, 0xca,
+                                        0x11, 0x4f, 0x31, 0xa5, 0x45, 0xb9, 0x29, 0xc4, 0x22, 0x5d,
+                                        0x0d, 0x21, 0x99, 0x74, 0x3a, 0x5d, 0xf3, 0x6a, 0x83, 0x61,
+                                        0x89, 0x2d, 0x5c, 0xdf, 0x35, 0x21, 0x8e, 0xed, 0x63, 0x54,
+                                        0xa6, 0x5c, 0xaf, 0x04, 0xd8, 0x61, 0xf6, 0x14, 0x75, 0x62,
+                                        0x5b, 0x21, 0x5a, 0xc6, 0x38, 0x3c),
+       chunk_from_chars(0x47, 0xa4, 0x52, 0x1d, 0xd4, 0x5c, 0x7b, 0x72, 0xe3, 0x9b,
+                                        0x7b, 0xb6, 0xbe, 0x14, 0xbf, 0xb4, 0x02, 0x9f, 0x33, 0xea,
+                                        0x87, 0xbf, 0x11, 0xf1, 0x84, 0x1e, 0x01, 0xd3, 0x37, 0x2d,
+                                        0x7a, 0x0c, 0x6d, 0x12, 0x89, 0xe0, 0xec, 0x60, 0x59, 0x9c,
+                                        0x28, 0xc4, 0x0f, 0x38, 0x2f, 0x7d, 0xce, 0x33, 0xcf, 0x81,
+                                        0x57, 0x55, 0x20, 0xbf, 0xf5, 0x58, 0x00, 0x87, 0xf3, 0x01,
+                                        0x08, 0x80, 0xbd, 0xbc)
+};
\ No newline at end of file
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/drbg_hmac.c
new file mode 100644 (file)
index 0000000..d326851
--- /dev/null
@@ -0,0 +1,812 @@
+/*
+ * Copyright (C) 2019 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * NIST SP 800-90A DRBG HMAC Validation System (DRBGVS)
+ */
+
+/**
+ * SHA-1 test case 1 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha1_1 = {
+       .type = DRBG_HMAC_SHA1, .strength = 128,
+       { NULL, 0 },
+       chunk_from_chars(0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57,
+                                        0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a,
+                                        0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4,
+                                        0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, 0xe9, 0x9d, 0xfe, 0xdf),
+       chunk_from_chars(0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34,
+                                        0xab, 0x7f, 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13,
+                                        0x3e, 0x15, 0x9c, 0xa6, 0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe,
+                                        0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a, 0xff, 0xb1, 0x0d, 0x71,
+                                        0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec, 0x1a, 0xe0,
+                                        0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
+                                        0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa,
+                                        0xed, 0x49, 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7)
+};
+
+/**
+ * SHA-1 test case 3 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha1_2 = {
+       .type = DRBG_HMAC_SHA1, .strength = 128,
+       chunk_from_chars(0xb2, 0x4e, 0x39, 0x2c, 0xb1, 0xf3, 0xc1, 0x8a, 0xf2, 0xcb,
+                                        0x50, 0xfe, 0xac, 0x73, 0x3e, 0x32),
+       chunk_from_chars(0x11, 0xc0, 0xa7, 0xe1, 0x47, 0x2c, 0xec, 0x70, 0xfa, 0x8c,
+                                        0x1c, 0xa1, 0x57, 0x59, 0xac, 0x5b, 0xb1, 0xc7, 0x3c, 0x22,
+                                        0xdb, 0x39, 0xcd, 0x7b, 0xc6, 0xab, 0x59, 0xff, 0x70, 0x8a,
+                                        0x5c, 0x1f, 0x59, 0x8e, 0x75, 0xdf, 0x06, 0x0e, 0x19, 0x81),
+       chunk_from_chars(0x07, 0x0e, 0x60, 0x3c, 0xd4, 0x8d, 0x56, 0x43, 0x0a, 0x5a,
+                                        0xb4, 0x61, 0xa7, 0x51, 0xec, 0x2a, 0x4a, 0x6a, 0xa6, 0xfb,
+                                        0x6e, 0xe5, 0x2e, 0xfe, 0x9a, 0x41, 0xe4, 0x61, 0x1e, 0xaf,
+                                        0xdf, 0xc9, 0x57, 0x18, 0x4b, 0x47, 0xbb, 0xb0, 0x17, 0xe4,
+                                        0x84, 0xac, 0x34, 0xc7, 0xde, 0x56, 0xcd, 0x78, 0x13, 0xfe,
+                                        0xb3, 0x01, 0xb5, 0xbe, 0xfc, 0xe5, 0x73, 0xad, 0x0a, 0x25,
+                                        0x4e, 0x6c, 0xfe, 0x35, 0xb7, 0x7c, 0x30, 0xbe, 0x6b, 0x7c,
+                                        0xb5, 0xe7, 0xef, 0xa7, 0x28, 0x13, 0xc7, 0x54, 0x6b, 0xa5)
+};
+
+/**
+ * SHA-1 test case 5 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha1_3 = {
+       .type = DRBG_HMAC_SHA1, .strength = 128,
+       { NULL, 0 },
+       chunk_from_chars(0xe5, 0xa8, 0x13, 0x57, 0xb9, 0x12, 0x15, 0xdd, 0xa0, 0xa0,
+                                        0x98, 0x6a, 0x3f, 0xf5, 0x12, 0x3f, 0x9c, 0x18, 0x38, 0xd7,
+                                        0x36, 0x0e, 0x67, 0x4b, 0x59, 0x2d, 0xd2, 0x32, 0xac, 0x83,
+                                        0xdb, 0x36, 0xab, 0xba, 0xcf, 0xb8, 0xc6, 0x40, 0xdc, 0x60),
+       chunk_from_chars(0xa4, 0xd1, 0x84, 0x3c, 0x7a, 0xf2, 0x08, 0xf7, 0x70, 0xf8,
+                                        0xb5, 0xac, 0xf6, 0x45, 0x28, 0x86, 0x6d, 0x51, 0xe7, 0x31,
+                                        0xed, 0x5e, 0xbc, 0x75, 0x6e, 0x81, 0xef, 0xe8, 0xfb, 0x8f,
+                                        0x9c, 0x9a, 0xf8, 0x9d, 0x52, 0xe8, 0xe8, 0xd1, 0xc0, 0x14,
+                                        0x1e, 0xbe, 0xbc, 0x18, 0xb1, 0xca, 0x78, 0xc7, 0x8a, 0x2f,
+                                        0x21, 0xcb, 0x90, 0x9d, 0x5b, 0xac, 0x3b, 0x6a, 0xe6, 0x0c,
+                                        0x4a, 0x2f, 0xf4, 0x17, 0x6b, 0x14, 0x90, 0x5e, 0x4a, 0xfa,
+                                        0x3b, 0xa9, 0xe4, 0x58, 0x21, 0x6d, 0x57, 0x20, 0xce, 0x83)
+};
+
+/**
+ * SHA-1 test case 7 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha1_4 = {
+       .type = DRBG_HMAC_SHA1, .strength = 128,
+       chunk_from_chars(0x12, 0x91, 0x26, 0xc1, 0x6d, 0x99, 0xa6, 0x84, 0xf3, 0xcb,
+                                        0x47, 0xe7, 0xff, 0xb2, 0x07, 0xac),
+       chunk_from_chars(0x12, 0xbf, 0xb2, 0xbf, 0xf5, 0x78, 0x11, 0x28, 0x96, 0x7e,
+                                        0x9c, 0xe4, 0xd4, 0x29, 0x45, 0x3c, 0x5a, 0xab, 0x2b, 0xe4,
+                                        0xe9, 0x2e, 0xc8, 0x55, 0xfa, 0x8b, 0x0d, 0xa2, 0xcd, 0x50,
+                                        0x31, 0x43, 0x3d, 0x64, 0x31, 0x0b, 0xa4, 0x4d, 0x47, 0xe4),
+       chunk_from_chars(0x76, 0x6c, 0x4a, 0x16, 0x70, 0xde, 0xe6, 0x3e, 0xe3, 0xaa,
+                                        0xfb, 0x60, 0x39, 0xe8, 0x6e, 0xc5, 0xca, 0x28, 0x90, 0x53,
+                                        0x19, 0x74, 0xe7, 0x0f, 0xed, 0xb3, 0xc0, 0x21, 0x8b, 0x08,
+                                        0xfa, 0xca, 0x07, 0xdd, 0xfa, 0xaf, 0xf0, 0xa7, 0x7f, 0x0a,
+                                        0xe4, 0x77, 0x62, 0xb0, 0xe1, 0xb3, 0x1c, 0x5f, 0xb0, 0x36,
+                                        0xdc, 0xa4, 0x13, 0xfb, 0x96, 0xf6, 0xe0, 0xec, 0x6a, 0xb7,
+                                        0xdb, 0xcb, 0xb5, 0x58, 0xaa, 0x5d, 0x94, 0xf4, 0x29, 0xc3,
+                                        0x8e, 0x0f, 0xd7, 0xb3, 0x9f, 0x12, 0x72, 0x1c, 0x99, 0x35)
+};
+
+/**
+ * SHA-1 test case 9 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha1_5 = {
+       .type = DRBG_HMAC_SHA1, .strength = 128,
+       { NULL, 0 },
+       chunk_from_chars(0x23, 0xbe, 0xc0, 0x2f, 0x58, 0xa3, 0xa8, 0xd9, 0xd9, 0xfb,
+                                        0x36, 0x8d, 0xd2, 0x62, 0x8c, 0x56, 0xee, 0xda, 0xa5, 0x0c,
+                                        0xea, 0x71, 0x25, 0x46, 0x4d, 0x46, 0x6a, 0x36, 0x08, 0xa4,
+                                        0xac, 0xdb, 0xd6, 0xa5, 0xa7, 0xa7, 0x53, 0xa1, 0x5f, 0x9b),
+       chunk_from_chars(0x98, 0x7f, 0x5c, 0xa0, 0xb5, 0x9d, 0x6f, 0xd1, 0xde, 0x8d,
+                                        0x7e, 0xbb, 0x07, 0xc0, 0xd9, 0x88, 0xe2, 0x46, 0xc3, 0x0f,
+                                        0xea, 0x5d, 0xbf, 0x5c, 0xdd, 0x5b, 0xbe, 0xf7, 0xca, 0x45,
+                                        0x30, 0x18, 0xe2, 0xba, 0xcb, 0xf7, 0x97, 0x7f, 0x49, 0x4c,
+                                        0xa9, 0xbf, 0x5c, 0x12, 0x80, 0x55, 0xe4, 0x1a, 0xb8, 0xf7,
+                                        0xda, 0x93, 0xd8, 0xbb, 0xfa, 0xf9, 0x04, 0x4b, 0x09, 0x4a,
+                                        0x6e, 0xdd, 0x0d, 0x72, 0x96, 0x3f, 0x83, 0xa3, 0xd1, 0xf4,
+                                        0x17, 0xfc, 0x8f, 0x5b, 0x72, 0x39, 0x11, 0xec, 0xa0, 0x62)
+};
+
+/**
+ * SHA-1 test case 11 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha1_6 = {
+       .type = DRBG_HMAC_SHA1, .strength = 128,
+       chunk_from_chars(0x99, 0x9d, 0x6d, 0xa3, 0xb5, 0xdd, 0x45, 0x2c, 0x4b, 0xd9,
+                                        0x72, 0x01, 0x7b, 0x3f, 0xa1, 0x35),
+       chunk_from_chars(0x91, 0x11, 0xd8, 0xc3, 0x3f, 0x0f, 0x58, 0x53, 0x47, 0xd5,
+                                        0x13, 0x54, 0xab, 0xa7, 0xaa, 0x15, 0xbd, 0x05, 0xff, 0x4f,
+                                        0xcb, 0x05, 0x8d, 0xe3, 0x84, 0x47, 0xd0, 0x6c, 0x5f, 0xdb,
+                                        0x5c, 0xf2, 0xad, 0xd7, 0x7b, 0xc5, 0x69, 0xe8, 0x94, 0x4b),
+       chunk_from_chars(0x69, 0x7d, 0x46, 0x8a, 0xcc, 0xc5, 0x26, 0x55, 0x81, 0x98,
+                                        0xa0, 0xd0, 0xaf, 0x81, 0x85, 0x0b, 0xb9, 0x91, 0x0b, 0x70,
+                                        0x51, 0x8c, 0x86, 0xa7, 0xf9, 0x9b, 0x7b, 0x82, 0x65, 0x79,
+                                        0x66, 0xa0, 0x5c, 0x73, 0x89, 0x0c, 0x3a, 0xf4, 0x81, 0x52,
+                                        0x04, 0x5e, 0x66, 0x9a, 0xfd, 0xca, 0x08, 0x07, 0x39, 0x72,
+                                        0x1f, 0xc2, 0xbd, 0xd4, 0x9f, 0x90, 0xa1, 0xe5, 0x65, 0xa6,
+                                        0x90, 0x69, 0x23, 0x6e, 0x83, 0xe5, 0xe1, 0xde, 0x6c, 0x91,
+                                        0xbe, 0x64, 0x02, 0x0a, 0x9a, 0x95, 0xa2, 0xb7, 0x49, 0x82)
+};
+
+/**
+ * SHA-256 test case 1 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha256_1 = {
+       .type = DRBG_HMAC_SHA256, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39, 0x26, 0x5f,
+                        0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11, 0xda, 0x9a, 0xff, 0x2a,
+                        0xf7, 0x12, 0x03, 0xbf, 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd,
+                        0x9c, 0x0d, 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
+                                        0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf, 0x01, 0x92,
+                                        0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8, 0x5a, 0xe8, 0xa3, 0x3b,
+                                        0x35, 0xa7, 0x4a, 0xd7, 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39,
+                                        0x5c, 0xe0, 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
+       chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc, 0xc9, 0x91,
+                                        0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a, 0x83, 0x53, 0x6a, 0xdd,
+                                        0x03, 0xc1, 0x57, 0xfb, 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28,
+                                        0x98, 0xbb, 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
+                                        0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51, 0xbd, 0xb0,
+                                        0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23, 0x35, 0xd5, 0x76, 0xd5,
+                                        0x19, 0x16, 0x08, 0x42, 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d,
+                                        0x1a, 0x9e, 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
+                                        0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f, 0x2d, 0x72,
+                                        0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54, 0x22, 0x91, 0x82, 0x50,
+                                        0xff, 0x66, 0xa4, 0x1b, 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c,
+                                        0xc5, 0xb6, 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
+                                        0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
+};
+
+/**
+ * SHA-256 test case 3 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha256_2 = {
+       .type = DRBG_HMAC_SHA256, .strength = 256,
+       chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59, 0xda, 0xd3,
+                                        0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31, 0x8c, 0xcf, 0x69, 0xd6,
+                                        0x77, 0x80, 0xf6, 0xfa, 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e,
+                                        0x14, 0x4c),
+       chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90, 0xaa, 0x94,
+                                        0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64, 0x34, 0x2b, 0x59, 0x17,
+                                        0x77, 0xf3, 0xe5, 0xf6, 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e,
+                                        0xc8, 0x40, 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
+                                        0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5, 0xe0, 0x62,
+                                        0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa, 0x96, 0xa3, 0x99, 0x64,
+                                        0x87, 0x40, 0xe6, 0x0f, 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3,
+                                        0xd7, 0x41, 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
+       chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20, 0x22, 0x2a,
+                                        0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a, 0xf6, 0xf5, 0xff, 0xc7,
+                                        0xb6, 0x6a, 0x47, 0x3a, 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29,
+                                        0x8f, 0x9b, 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
+                                        0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c, 0x6c, 0x2f,
+                                        0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40, 0xce, 0x9b, 0xd6, 0xa7,
+                                        0x0e, 0x7b, 0x8f, 0x93, 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab,
+                                        0x6b, 0x5f, 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
+                                        0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb, 0x79, 0x1c,
+                                        0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0, 0x40, 0x28, 0xa0, 0x6a,
+                                        0x9c, 0x01, 0xd3, 0xa6, 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe,
+                                        0x69, 0xed, 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
+                                        0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
+};
+
+/**
+ * SHA-256 test case 5 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha256_3 = {
+       .type = DRBG_HMAC_SHA256, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47, 0x60, 0xb2,
+                                        0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a, 0x41, 0xff, 0xf7, 0x2d,
+                                        0xe5, 0x90, 0x83, 0x85, 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd,
+                                        0xc7, 0x4a, 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
+                                        0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b, 0x14, 0xfc,
+                                        0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44, 0xa8, 0xcd, 0x71, 0x30,
+                                        0xa4, 0xcf, 0x05, 0x16, 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24,
+                                        0xc2, 0x7b, 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
+       chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2, 0x94, 0x36,
+                                        0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4, 0x40, 0x81, 0xf8, 0x66,
+                                        0x5f, 0x3d, 0xdb, 0x2b, 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c,
+                                        0x4b, 0x77, 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
+                                        0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00, 0xa3, 0xfc,
+                                        0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a, 0x3d, 0xd7, 0xcf, 0xad,
+                                        0x46, 0xc1, 0xb2, 0x78, 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0,
+                                        0x9e, 0x9b, 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
+                                        0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d, 0xa7, 0xf2,
+                                        0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf, 0xfa, 0xda, 0x41, 0x00,
+                                        0x19, 0xd0, 0x53, 0x38, 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c,
+                                        0xfc, 0xf5, 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
+                                        0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
+};
+
+/**
+ * SHA-256 test case 7 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha256_4 = {
+       .type = DRBG_HMAC_SHA256, .strength = 256,
+       chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0, 0x95, 0x51,
+                                        0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d, 0xb8, 0x5b, 0x73, 0xbd,
+                                        0xd2, 0xb7, 0x8c, 0x46, 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29,
+                                        0xae, 0xf2),
+       chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8, 0xec, 0xce,
+                                        0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00, 0xfb, 0x3b, 0x55, 0xb0,
+                                        0x5d, 0x04, 0x17, 0x08, 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57,
+                                        0xa9, 0xe5, 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
+                                        0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4, 0xa5, 0xf5,
+                                        0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc, 0x93, 0x1e, 0x47, 0x01,
+                                        0x9f, 0xeb, 0x38, 0x96, 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b,
+                                        0x7c, 0x1d, 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
+       chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea, 0x42, 0xb2,
+                                        0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53, 0xb8, 0x59, 0x88, 0x59,
+                                        0xd7, 0x01, 0x1e, 0x52, 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a,
+                                        0x97, 0x2a, 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
+                                        0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae, 0x95, 0x4f,
+                                        0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6, 0xa0, 0x8a, 0xc4, 0x10,
+                                        0xe0, 0x99, 0x16, 0x53, 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe,
+                                        0x91, 0x91, 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
+                                        0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98, 0x8f, 0xd7,
+                                        0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca, 0x35, 0xf1, 0x47, 0x58,
+                                        0x13, 0x69, 0x4a, 0x39, 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a,
+                                        0xc0, 0x57, 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
+                                        0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
+};
+
+/**
+ * SHA-256 test case 9 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha256_5 = {
+       .type = DRBG_HMAC_SHA256, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x6a, 0xe8, 0x03, 0x03, 0x29, 0x23, 0x91, 0x33, 0x5b, 0xf9,
+                                        0xc9, 0x38, 0x7f, 0xbd, 0x3b, 0xf6, 0x15, 0x75, 0x6c, 0x9c,
+                                        0x27, 0xc3, 0x47, 0x8c, 0x87, 0xe2, 0x60, 0xcf, 0x97, 0xd4,
+                                        0x71, 0x10, 0x01, 0xe1, 0x62, 0x47, 0xdd, 0x4c, 0xae, 0x64,
+                                        0x99, 0x33, 0x7d, 0x82, 0x78, 0x4e, 0xa5, 0x7f, 0x03, 0x57,
+                                        0x02, 0xef, 0x4e, 0x11, 0x2b, 0x17, 0x31, 0x12, 0xc5, 0x85,
+                                        0x1d, 0x07, 0xb2, 0x79, 0x30, 0x98, 0x63, 0x74, 0x0d, 0x38,
+                                        0xd0, 0xd0, 0x72, 0x02, 0x23, 0xe2, 0x40, 0x17, 0xbb, 0xc0),
+       chunk_from_chars(0xcf, 0x43, 0x15, 0x59, 0x8f, 0xcd, 0x6a, 0xf1, 0x31, 0x55,
+                                        0x18, 0xc4, 0xbf, 0xba, 0xc0, 0x54, 0x0c, 0x58, 0x96, 0x35,
+                                        0x27, 0x35, 0x48, 0xa7, 0xb5, 0x07, 0xe7, 0xd2, 0xe6, 0x85,
+                                        0xe5, 0x94, 0x7b, 0x87, 0xae, 0x25, 0x7e, 0x58, 0xfa, 0xf2,
+                                        0x14, 0xf2, 0xb5, 0x8e, 0xd1, 0x0c, 0x3b, 0xd3, 0x5f, 0x75,
+                                        0xf6, 0xc3, 0x5d, 0xd6, 0xd4, 0x41, 0xc9, 0x3b, 0xcd, 0x42,
+                                        0xe7, 0x17, 0x20, 0x10, 0x26, 0x31, 0xb1, 0xa6, 0xa4, 0xba,
+                                        0x24, 0x7c, 0x17, 0x5e, 0xd8, 0x00, 0xcf, 0xca, 0x6e, 0x1e,
+                                        0x83, 0x9b, 0x5a, 0xa9, 0x07, 0x60, 0x4c, 0xcf, 0xe6, 0xf9,
+                                        0x84, 0xf6, 0x82, 0x2e, 0x00, 0x1a, 0xb0, 0x2d, 0xd6, 0x63,
+                                        0x49, 0x64, 0xf7, 0x89, 0xcb, 0x10, 0x7a, 0x97, 0x73, 0x46,
+                                        0x69, 0x3f, 0x32, 0x44, 0xc8, 0x95, 0xe8, 0x40, 0xdf, 0xa0,
+                                        0xed, 0xf7, 0xf1, 0x4d, 0xc6, 0x1d, 0x79, 0x4f)
+};
+
+/**
+ * SHA-256 test case 11 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha256_6 = {
+       .type = DRBG_HMAC_SHA256, .strength = 256,
+       chunk_from_chars(0x9f, 0x16, 0x99, 0xc9, 0x9d, 0x60, 0xb0, 0x85, 0xbc, 0x61,
+                                        0xcb, 0x11, 0x0e, 0xf8, 0xab, 0x59, 0x0d, 0x82, 0xa9, 0x70,
+                                        0x02, 0x1c, 0x3c, 0x6a, 0x5d, 0x48, 0x02, 0x1c, 0x45, 0xde,
+                                        0x49, 0x56),
+       chunk_from_chars(0x63, 0x3d, 0x32, 0xe3, 0x00, 0x5f, 0x78, 0x11, 0x47, 0x23,
+                                        0xb3, 0xea, 0x5a, 0xc1, 0x21, 0xba, 0x74, 0xaa, 0x00, 0xc5,
+                                        0x2d, 0x93, 0x96, 0x67, 0xe3, 0x0c, 0x33, 0x51, 0xb3, 0x85,
+                                        0x49, 0xf7, 0x37, 0xaf, 0xff, 0x50, 0x4a, 0x2d, 0x8a, 0xc1,
+                                        0x68, 0xc6, 0x8e, 0x24, 0xd0, 0xfe, 0x66, 0xf6, 0x3e, 0x33,
+                                        0x47, 0xc5, 0x47, 0xf1, 0x7f, 0x4d, 0x0b, 0x9f, 0x46, 0x40,
+                                        0x5a, 0x54, 0xee, 0xdd, 0x7e, 0x98, 0x0d, 0x06, 0xa2, 0x15,
+                                        0xec, 0x15, 0xe8, 0x93, 0x16, 0xab, 0x74, 0x3b, 0x75, 0x47),
+       chunk_from_chars(0x6e, 0x38, 0xe8, 0x29, 0x62, 0xd7, 0x07, 0xce, 0x9a, 0x6a,
+                                        0xc3, 0x83, 0xa7, 0x38, 0xa7, 0x48, 0xf9, 0x75, 0xeb, 0x78,
+                                        0x56, 0x11, 0xfa, 0xd5, 0xe3, 0xf5, 0xa4, 0xfe, 0x44, 0xd7,
+                                        0xb5, 0x9a, 0x98, 0x13, 0x7a, 0x2b, 0xcd, 0xc3, 0x5f, 0x9e,
+                                        0xe9, 0xa1, 0xe2, 0x1b, 0xb1, 0x7d, 0xf1, 0x66, 0x5c, 0xd1,
+                                        0x39, 0x76, 0x25, 0xa1, 0x77, 0x24, 0x7e, 0x2e, 0x32, 0x9a,
+                                        0x66, 0x01, 0x40, 0x63, 0x61, 0x41, 0x56, 0x06, 0x10, 0xa3,
+                                        0x68, 0xbf, 0xd4, 0x99, 0xc2, 0xe2, 0x5b, 0xe3, 0x18, 0xaa,
+                                        0x4d, 0xa9, 0xe7, 0xa3, 0x52, 0xd1, 0x15, 0xdb, 0x82, 0x82,
+                                        0xed, 0x8d, 0x79, 0xec, 0xf9, 0xcd, 0x82, 0x03, 0x60, 0xd3,
+                                        0xd2, 0xd1, 0xa5, 0x8a, 0x93, 0xe0, 0x40, 0xf5, 0x55, 0x48,
+                                        0x87, 0xce, 0x6c, 0x98, 0x58, 0xbc, 0x2b, 0xb1, 0x02, 0x24,
+                                        0x99, 0x80, 0xa8, 0x58, 0x49, 0x8a, 0xbc, 0xda)
+};
+
+/**
+ * SHA-384 test case 1 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha384_1 = {
+       .type = DRBG_HMAC_SHA384, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x09, 0x63, 0x49, 0x50, 0x6f, 0x3a, 0x76, 0x53, 0xd5, 0x4d,
+                                        0xb7, 0xec, 0x1d, 0x09, 0xe9, 0x34, 0x13, 0xed, 0xd1, 0x75,
+                                        0xb6, 0xdd, 0xbe, 0xb0, 0x0e, 0x56, 0x75, 0x2a, 0x52, 0x0a,
+                                        0xc8, 0xff, 0xfc, 0x79, 0x83, 0xb9, 0x18, 0xac, 0xad, 0xaa,
+                                        0x71, 0xa6, 0x7e, 0x16, 0x24, 0xf1, 0xb5, 0x02, 0x42, 0x60,
+                                        0xa0, 0x49, 0x5f, 0xda, 0xba, 0x58, 0xaa, 0xe4, 0x1d, 0xf8,
+                                        0x25, 0x05, 0x01, 0x2d, 0x48, 0x0c, 0x8e, 0x4f, 0x75, 0x1f,
+                                        0xd7, 0xeb, 0xc3, 0x9f, 0x9b, 0xec, 0xd6, 0x94, 0xb2, 0xa3),
+       chunk_from_chars(0xf4, 0xc7, 0xbe, 0xc0, 0xc2, 0x6c, 0xf3, 0x89, 0x2d, 0x21,
+                                        0x45, 0x49, 0xac, 0x6f, 0x3d, 0x82, 0xf3, 0x4c, 0x69, 0x66,
+                                        0xd4, 0x29, 0x50, 0x99, 0xee, 0x56, 0x16, 0x6e, 0x87, 0x9a,
+                                        0x70, 0xec, 0xae, 0x13, 0x02, 0x51, 0xfa, 0xcd, 0xa3, 0x51,
+                                        0xe9, 0x03, 0xd8, 0x77, 0xb6, 0xc5, 0xea, 0xb5, 0x15, 0x3c,
+                                        0xe8, 0x7b, 0xa6, 0xc7, 0xcf, 0x8b, 0xcc, 0x61, 0xcb, 0xd1,
+                                        0x4c, 0xfb, 0xe3, 0x4c, 0xf1, 0xed, 0x43, 0x67, 0x8a, 0xee,
+                                        0x69, 0xcd, 0x87, 0xb6, 0x0e, 0x6b, 0xcb, 0x6f, 0xf4, 0x8e,
+                                        0xbd, 0x44, 0xce, 0x9e, 0x31, 0x98, 0x2d, 0x8f, 0xe2, 0x0a,
+                                        0xec, 0x34, 0xfa, 0x51, 0xd6, 0x25, 0xf8, 0x45, 0xf6, 0x10,
+                                        0x56, 0x57, 0x59, 0x69, 0xbf, 0x78, 0x5c, 0x2f, 0xfa, 0xb4,
+                                        0xdc, 0xc7, 0x54, 0xf1, 0x3d, 0xe6, 0x34, 0x23, 0xe9, 0x4b,
+                                        0xad, 0x8d, 0x5e, 0x16, 0x6d, 0x96, 0xa6, 0x2a, 0x60, 0x2d,
+                                        0x3e, 0xe4, 0x04, 0x5d, 0xf1, 0x62, 0x02, 0x8b, 0x89, 0xca,
+                                        0xc4, 0x5e, 0x62, 0x07, 0xd9, 0x09, 0x7f, 0x2b, 0x3a, 0xc0,
+                                        0xab, 0x17, 0x72, 0x92, 0x51, 0x98, 0x5f, 0x27, 0x6f, 0x12,
+                                        0x87, 0xf5, 0xc5, 0x6c, 0xc9, 0xba, 0x1a, 0x79, 0xfb, 0xdb,
+                                        0xb2, 0x91, 0xf3, 0xa9, 0x45, 0xfb, 0xfd, 0xbd, 0x63, 0xcf,
+                                        0x13, 0xb8, 0x2e, 0xc9, 0x1f, 0x7b, 0x10, 0x85, 0xb3, 0x32,
+                                        0x79, 0xe3)
+};
+
+/**
+ * SHA-384 test case 3 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha384_2 = {
+       .type = DRBG_HMAC_SHA384, .strength = 256,
+       chunk_from_chars(0x43, 0xbf, 0x6f, 0x32, 0xb3, 0xb5, 0xf5, 0x80, 0xb5, 0x41,
+                                        0x79, 0xe4, 0x10, 0x2d, 0x06, 0x35, 0x36, 0xe7, 0xc4, 0x76,
+                                        0x81, 0xd6, 0xde, 0x3c, 0xfe, 0x88, 0xfd, 0x8e, 0xc6, 0x6e,
+                                        0x48, 0x73),
+       chunk_from_chars(0x4d, 0x95, 0xf3, 0x1b, 0x96, 0x06, 0xa5, 0xf6, 0xd0, 0x4d,
+                                        0xff, 0x1d, 0x89, 0xb5, 0x0b, 0xec, 0xfd, 0x08, 0x82, 0xe6,
+                                        0xcf, 0x51, 0xc1, 0xc5, 0xd2, 0x4a, 0xd8, 0x43, 0xbc, 0x12,
+                                        0xd9, 0x77, 0xeb, 0xa4, 0x58, 0x2c, 0x39, 0xd7, 0x93, 0xa6,
+                                        0x3e, 0xad, 0xb6, 0x3f, 0x29, 0x25, 0x68, 0xc7, 0xfc, 0x42,
+                                        0x70, 0xe6, 0xc9, 0xae, 0xc8, 0x31, 0x86, 0xa2, 0x08, 0x19,
+                                        0xa7, 0xd3, 0x5e, 0x7f, 0x11, 0x55, 0xea, 0x10, 0x87, 0x94,
+                                        0x30, 0x2d, 0x59, 0x3c, 0x53, 0xce, 0x9d, 0x25, 0x42, 0x2b),
+       chunk_from_chars(0xe9, 0x91, 0xd0, 0x00, 0xb2, 0x4e, 0xbd, 0xf8, 0x38, 0xba,
+                                        0x11, 0xf9, 0x84, 0x95, 0x91, 0xb0, 0x02, 0x9f, 0xef, 0xf3,
+                                        0x36, 0x04, 0xbc, 0x4d, 0x71, 0xac, 0xd9, 0x43, 0x01, 0xf8,
+                                        0xd0, 0x45, 0xee, 0xb1, 0xf8, 0x1f, 0x3a, 0x10, 0x1a, 0x29,
+                                        0x74, 0x03, 0xa3, 0x58, 0x59, 0x11, 0x3c, 0x09, 0x99, 0x39,
+                                        0x63, 0x86, 0x80, 0xd4, 0x81, 0xc8, 0x60, 0x67, 0xf5, 0x47,
+                                        0x62, 0x89, 0x2f, 0x82, 0x14, 0x6f, 0x61, 0xcc, 0xe7, 0xbc,
+                                        0x2c, 0x85, 0xd3, 0x95, 0x34, 0x8f, 0x3e, 0xa2, 0xab, 0xa6,
+                                        0xbb, 0x3e, 0x59, 0xdb, 0xcf, 0x8e, 0x41, 0xa8, 0x19, 0x18,
+                                        0xb6, 0xca, 0xb3, 0x04, 0xd4, 0x4e, 0xa1, 0xe3, 0x25, 0x73,
+                                        0xcd, 0x69, 0x36, 0xf3, 0x8c, 0xdc, 0x11, 0xd3, 0xc2, 0xf9,
+                                        0x62, 0x90, 0xcc, 0x27, 0xb0, 0xdf, 0xa3, 0xbb, 0xba, 0xfa,
+                                        0x93, 0x94, 0xac, 0xdf, 0x2f, 0x44, 0x35, 0x17, 0x0b, 0x42,
+                                        0x85, 0x63, 0x42, 0x7c, 0x4b, 0x02, 0xed, 0x25, 0x92, 0x42,
+                                        0x26, 0xed, 0xf8, 0xd5, 0xa5, 0xec, 0xa4, 0xee, 0xc4, 0xae,
+                                        0xcf, 0x98, 0xef, 0x2e, 0x6f, 0x75, 0xca, 0xa7, 0x0b, 0xdd,
+                                        0x84, 0x87, 0x7d, 0xf2, 0xe6, 0x37, 0xb7, 0xfa, 0xd6, 0x21,
+                                        0xc6, 0x17, 0x0c, 0xa5, 0xbd, 0x86, 0xe2, 0x1d, 0x0b, 0xb0,
+                                        0x1c, 0xc9, 0x0f, 0xe2, 0xe7, 0x63, 0x53, 0xa9, 0xd5, 0x68,
+                                        0x7b, 0xea)
+};
+
+/**
+ * SHA-384 test case 5 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha384_3 = {
+       .type = DRBG_HMAC_SHA384, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0xdc, 0x46, 0xe3, 0x17, 0xbe, 0xde, 0x8f, 0xf5, 0xb4, 0x51,
+                                        0x20, 0xee, 0xfa, 0x6d, 0xe7, 0x80, 0x31, 0xb0, 0x8c, 0xa7,
+                                        0x87, 0x6d, 0x62, 0xd1, 0x0e, 0xc8, 0x2f, 0x66, 0xa4, 0x8e,
+                                        0xba, 0x3f, 0x60, 0x24, 0xe1, 0x39, 0x63, 0xed, 0x40, 0x42,
+                                        0x29, 0xac, 0xb7, 0x96, 0xba, 0x0b, 0x2d, 0x0b, 0x04, 0x55,
+                                        0xc3, 0xa1, 0xae, 0xe2, 0x0c, 0xcd, 0x66, 0xa3, 0xdd, 0x96,
+                                        0x89, 0x68, 0x3f, 0x5c, 0xae, 0x3a, 0x7c, 0x37, 0xd0, 0x9a,
+                                        0xd6, 0xce, 0x74, 0x6d, 0xb6, 0x69, 0x21, 0x02, 0xc2, 0x89),
+       chunk_from_chars(0xb3, 0xb5, 0x41, 0xca, 0x46, 0x2a, 0x72, 0xa2, 0xcc, 0xb9,
+                                        0x25, 0xf5, 0x8f, 0x40, 0xfc, 0xb1, 0xd5, 0x38, 0x51, 0x38,
+                                        0xb0, 0x95, 0xf7, 0x71, 0x57, 0x5e, 0x62, 0x85, 0x18, 0xd6,
+                                        0x94, 0xb9, 0xed, 0x47, 0xb1, 0x26, 0x34, 0x06, 0x3d, 0x9e,
+                                        0x9f, 0xb6, 0x4d, 0xdb, 0x20, 0xde, 0xcd, 0x20, 0xe5, 0x7f,
+                                        0xac, 0x66, 0x5e, 0xec, 0x16, 0x8a, 0x18, 0xf7, 0xaa, 0xf8,
+                                        0xc8, 0xf9, 0x25, 0xfe, 0x2c, 0x34, 0xfa, 0x9f, 0x76, 0x6d,
+                                        0x5a, 0x17, 0x24, 0x59, 0xf3, 0x2b, 0xcf, 0x24, 0x31, 0x99,
+                                        0xaa, 0xc7, 0x13, 0x9b, 0x2c, 0x1a, 0xa7, 0x98, 0x2f, 0xfb,
+                                        0x24, 0x24, 0xa4, 0x76, 0x5a, 0x9d, 0xd1, 0xdd, 0x46, 0x2f,
+                                        0x08, 0xa2, 0x80, 0x35, 0x0f, 0x0c, 0xea, 0x0c, 0x4b, 0x9c,
+                                        0xd8, 0x73, 0x24, 0xb0, 0xf4, 0x0c, 0x68, 0xf1, 0xa8, 0x77,
+                                        0xe6, 0x99, 0x18, 0x7f, 0x5c, 0x40, 0x61, 0x0d, 0x38, 0xe7,
+                                        0x15, 0x91, 0xe9, 0x85, 0x64, 0x01, 0x8e, 0xd2, 0xe3, 0x09,
+                                        0x00, 0x09, 0xe4, 0x9e, 0x1b, 0xe3, 0x6f, 0x86, 0x2b, 0xfd,
+                                        0x01, 0xf3, 0x8d, 0x95, 0x37, 0xda, 0xa3, 0x4d, 0x75, 0x65,
+                                        0xbb, 0x17, 0x61, 0xb5, 0x72, 0x7d, 0xf7, 0x55, 0x4f, 0xda,
+                                        0xf7, 0xf0, 0x98, 0x0d, 0xe7, 0xc2, 0x03, 0x3c, 0x1d, 0xbb,
+                                        0xea, 0xa2, 0x98, 0xdf, 0x1c, 0x7f, 0x34, 0x05, 0x16, 0x29,
+                                        0xfd, 0x4f)
+};
+
+/**
+ * SHA-384 test case 7 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha384_4 = {
+       .type = DRBG_HMAC_SHA384, .strength = 256,
+       chunk_from_chars(0x8a, 0xf7, 0x9c, 0xed, 0x4b, 0x27, 0x77, 0xf4, 0x4e, 0xb3,
+                                        0xf9, 0x78, 0x1b, 0xab, 0x24, 0x35, 0x85, 0xb8, 0x27, 0x11,
+                                        0xdc, 0x1b, 0x36, 0x2e, 0xe9, 0x8c, 0x8e, 0x65, 0x77, 0x89,
+                                        0x1c, 0x7d),
+       chunk_from_chars(0x79, 0xbe, 0x91, 0xa2, 0x24, 0x86, 0xcf, 0xd6, 0x21, 0x24,
+                                        0x8a, 0xed, 0x9c, 0xd8, 0x20, 0x27, 0x8f, 0x1a, 0xba, 0xc8,
+                                        0x2d, 0xe3, 0x77, 0xc3, 0x66, 0x4d, 0x83, 0xce, 0x2f, 0xf3,
+                                        0xd1, 0x75, 0x24, 0xca, 0x63, 0x07, 0x4b, 0xd6, 0x7b, 0x2e,
+                                        0xff, 0xc6, 0x20, 0xbd, 0xef, 0x61, 0x7b, 0x6f, 0x64, 0x3a,
+                                        0x86, 0x91, 0x9e, 0x5e, 0x98, 0x4d, 0x62, 0x81, 0xde, 0x71,
+                                        0x50, 0x40, 0xb6, 0xf5, 0x21, 0x86, 0x6e, 0xdf, 0xaa, 0xea,
+                                        0xd6, 0x16, 0xe1, 0xd1, 0xbd, 0x83, 0xc2, 0x21, 0x0f, 0x5e),
+       chunk_from_chars(0x5b, 0x6a, 0x4a, 0xb3, 0x60, 0xfb, 0x85, 0x1b, 0xba, 0xa0,
+                                        0x35, 0xac, 0x55, 0xa5, 0x85, 0x3c, 0x4f, 0x06, 0xfd, 0x80,
+                                        0x41, 0xf2, 0x82, 0xde, 0xe1, 0x08, 0x27, 0xb5, 0x61, 0xee,
+                                        0x03, 0x8a, 0x3d, 0x3c, 0x53, 0x7d, 0x55, 0x43, 0x0b, 0x01,
+                                        0x3b, 0x97, 0x25, 0xc0, 0x11, 0xa2, 0x7b, 0x33, 0x49, 0x21,
+                                        0x43, 0x88, 0xb4, 0x23, 0x2d, 0xd3, 0x1a, 0x36, 0x60, 0xe5,
+                                        0xb6, 0xad, 0x1f, 0xab, 0x50, 0x82, 0x04, 0x1a, 0xa3, 0x4f,
+                                        0xc8, 0x04, 0xbf, 0x2b, 0xe3, 0x68, 0xac, 0x6d, 0xea, 0x0b,
+                                        0x3e, 0xbc, 0xaa, 0x5b, 0x54, 0xdb, 0xa5, 0x16, 0x82, 0xec,
+                                        0xa1, 0x9f, 0x9a, 0x5d, 0x59, 0x56, 0x33, 0xff, 0xac, 0xdd,
+                                        0x74, 0x6e, 0x10, 0x89, 0xea, 0x3d, 0x67, 0xb1, 0x56, 0xea,
+                                        0xa2, 0xe9, 0xf9, 0xb7, 0x9c, 0xc1, 0x78, 0x74, 0x55, 0x56,
+                                        0x16, 0x79, 0x2a, 0xf3, 0x70, 0x85, 0xad, 0x3f, 0xfa, 0xa2,
+                                        0x8b, 0xec, 0x60, 0xd5, 0xdb, 0x6e, 0xb0, 0xc2, 0xbc, 0xd6,
+                                        0xf8, 0x70, 0x54, 0x3d, 0x8e, 0xca, 0x7e, 0xeb, 0xfd, 0x63,
+                                        0xda, 0xcd, 0xb7, 0xf3, 0xd3, 0x89, 0xd0, 0xe0, 0xb2, 0xa9,
+                                        0xab, 0x92, 0xe7, 0xa7, 0x8d, 0x11, 0xf8, 0xa3, 0xf0, 0x64,
+                                        0x02, 0xa9, 0xae, 0x75, 0x10, 0xdd, 0x96, 0x48, 0xac, 0x8c,
+                                        0xc3, 0x3d, 0xee, 0xe4, 0x9b, 0xc6, 0xfe, 0xe9, 0x7b, 0xc8,
+                                        0x6d, 0xcf)
+};
+
+/**
+ * SHA-384 test case 9 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha384_5 = {
+       .type = DRBG_HMAC_SHA384, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x54, 0x96, 0x45, 0x38, 0xca, 0x40, 0xae, 0xe8, 0xef, 0xa7,
+                                        0xbf, 0x33, 0x6a, 0x23, 0x78, 0x7d, 0x95, 0x06, 0x40, 0x69,
+                                        0x64, 0xc3, 0x27, 0x43, 0xdf, 0x9c, 0xce, 0x28, 0xe8, 0x92,
+                                        0xc2, 0xa6, 0x9e, 0x7b, 0xdf, 0x08, 0xe8, 0x5e, 0x8d, 0xe7,
+                                        0xe0, 0x49, 0xe7, 0xfc, 0x3a, 0x13, 0x88, 0x85, 0xc9, 0xc8,
+                                        0x4d, 0xf8, 0x1f, 0x73, 0x19, 0x6b, 0xa5, 0x08, 0x8f, 0xe2,
+                                        0x85, 0x43, 0xa8, 0x1b, 0xb5, 0x2c, 0x1d, 0xb4, 0x7f, 0xef,
+                                        0xad, 0x85, 0x51, 0x1f, 0x8d, 0x42, 0xa9, 0x84, 0x23, 0x67),
+       chunk_from_chars(0x91, 0x9f, 0x95, 0x90, 0x97, 0x3f, 0xbb, 0x06, 0xea, 0xf8,
+                                        0xe9, 0x7c, 0x8b, 0x20, 0x2e, 0xc3, 0xbf, 0x6a, 0xd4, 0xeb,
+                                        0x50, 0xb9, 0xe3, 0xd6, 0x63, 0x8b, 0x66, 0x22, 0x01, 0x79,
+                                        0xeb, 0x8c, 0x3e, 0xf1, 0x87, 0xdd, 0x50, 0x27, 0x0f, 0xde,
+                                        0x90, 0x3d, 0x5c, 0x70, 0x13, 0x55, 0x2e, 0x45, 0x18, 0xad,
+                                        0x9c, 0x69, 0xfa, 0x5e, 0x6d, 0xd7, 0x09, 0x5d, 0xbd, 0x3c,
+                                        0x68, 0x03, 0xf2, 0x9d, 0x8b, 0xcf, 0x9d, 0x65, 0xcd, 0xe7,
+                                        0x50, 0xb1, 0x7c, 0x79, 0x73, 0x7e, 0x96, 0xd7, 0xec, 0xc2,
+                                        0x30, 0x40, 0x2e, 0x22, 0x6e, 0x00, 0xc7, 0x25, 0x29, 0x17,
+                                        0xe9, 0x54, 0x99, 0x70, 0x55, 0x23, 0xf3, 0xe1, 0x5c, 0x2c,
+                                        0x59, 0x05, 0x4a, 0xba, 0x3a, 0x40, 0xfa, 0x10, 0x6c, 0x85,
+                                        0xd2, 0xfc, 0xb1, 0xff, 0x9c, 0x11, 0x5e, 0x19, 0xac, 0xc5,
+                                        0x79, 0xef, 0x1a, 0x19, 0x0e, 0xf7, 0x6b, 0x75, 0x29, 0xfe,
+                                        0x79, 0x62, 0x30, 0xfd, 0x7c, 0x67, 0x8a, 0xc9, 0xd2, 0x29,
+                                        0x40, 0x13, 0xee, 0x37, 0x33, 0x1e, 0x45, 0xe0, 0x72, 0xf2,
+                                        0xc8, 0xb5, 0xa9, 0x27, 0x5e, 0xe9, 0x81, 0x3d, 0x51, 0x00,
+                                        0x6f, 0x80, 0x34, 0x3c, 0xb6, 0xa2, 0x16, 0x81, 0xbc, 0x5c,
+                                        0xe0, 0xee, 0x6e, 0xe3, 0xf4, 0x97, 0x10, 0xaa, 0x23, 0xc9,
+                                        0x25, 0xec, 0x8b, 0x01, 0x82, 0x49, 0xf0, 0xe6, 0xf0, 0x0b,
+                                        0x85, 0xd6)
+};
+
+/**
+ * SHA-384 test case 11 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha384_6 = {
+       .type = DRBG_HMAC_SHA384, .strength = 256,
+       chunk_from_chars(0xc9, 0xb4, 0x5f, 0x12, 0x14, 0xb7, 0xfe, 0x12, 0xd5, 0xfa,
+                                        0x54, 0xb5, 0x79, 0xe0, 0x55, 0x02, 0x2c, 0x25, 0xd2, 0x3d,
+                                        0x8a, 0xf6, 0x3e, 0x39, 0x26, 0xc0, 0xec, 0xbd, 0x92, 0xab,
+                                        0x8d, 0x01),
+       chunk_from_chars(0xe9, 0xfe, 0x33, 0xf3, 0xd1, 0x56, 0x8b, 0x14, 0x6b, 0x7a,
+                                        0x86, 0xfc, 0x0f, 0xe8, 0x0e, 0x11, 0xe7, 0xd3, 0xe0, 0x8c,
+                                        0xa3, 0x9c, 0xc5, 0xdd, 0x38, 0x67, 0x6f, 0x8a, 0xcf, 0xdb,
+                                        0x75, 0xbb, 0x9a, 0xa0, 0x91, 0xa0, 0x27, 0xfc, 0x5b, 0x3c,
+                                        0x39, 0x4c, 0x7f, 0x17, 0xc8, 0x16, 0xc3, 0xcf, 0xf6, 0x27,
+                                        0x0e, 0x5b, 0xa1, 0x81, 0x9e, 0x48, 0x2e, 0x42, 0x19, 0x78,
+                                        0x96, 0xb9, 0x24, 0xf6, 0x63, 0x00, 0xa0, 0xd4, 0x25, 0x15,
+                                        0x3d, 0x55, 0x1e, 0xb0, 0x00, 0xea, 0xe8, 0x09, 0xc1, 0x5a),
+       chunk_from_chars(0xc7, 0xd0, 0xb2, 0x7b, 0x36, 0xbc, 0x29, 0x48, 0x31, 0x95,
+                                        0x40, 0x05, 0x5d, 0xf2, 0x29, 0xad, 0x3d, 0x43, 0xb5, 0x08,
+                                        0x6a, 0xe3, 0x45, 0xc1, 0xc3, 0xa5, 0x17, 0x01, 0x2c, 0x24,
+                                        0x7d, 0x5e, 0xdf, 0x25, 0xcc, 0xdf, 0x83, 0xb6, 0xfd, 0xf4,
+                                        0xec, 0x10, 0x41, 0x49, 0x65, 0x2b, 0x1d, 0x26, 0xed, 0x70,
+                                        0x36, 0x7b, 0x24, 0x6d, 0xfe, 0x9f, 0x58, 0x90, 0xf7, 0x26,
+                                        0xca, 0xd6, 0x77, 0x74, 0x4f, 0x64, 0x08, 0xd2, 0x43, 0xd9,
+                                        0x86, 0xef, 0x76, 0x8a, 0xac, 0x65, 0x61, 0x7c, 0x06, 0x20,
+                                        0x4d, 0x35, 0xe3, 0x1a, 0x98, 0xa0, 0x2e, 0xd3, 0x23, 0x5b,
+                                        0x0f, 0x98, 0x99, 0x86, 0x69, 0xca, 0xaa, 0x3f, 0xb5, 0xeb,
+                                        0x94, 0xdb, 0x64, 0xc2, 0xdf, 0xb3, 0xce, 0xf2, 0x31, 0xed,
+                                        0xa1, 0xfd, 0x59, 0xb4, 0x37, 0x7b, 0x0b, 0x00, 0x2a, 0x8c,
+                                        0x0b, 0x53, 0x10, 0xb9, 0x6f, 0x49, 0xe0, 0xfe, 0x3c, 0x46,
+                                        0x94, 0x45, 0x14, 0xe5, 0xf5, 0xae, 0xb4, 0xf6, 0x44, 0xd4,
+                                        0x38, 0x5f, 0x0e, 0x21, 0x09, 0xbf, 0xb9, 0xcf, 0xff, 0xa9,
+                                        0x96, 0x2e, 0x26, 0xab, 0x2c, 0x76, 0x49, 0xa2, 0x7e, 0xfa,
+                                        0x33, 0x09, 0xe7, 0x2c, 0xd1, 0x51, 0x16, 0xa5, 0x78, 0x7c,
+                                        0x13, 0x0c, 0xad, 0xcb, 0x4e, 0x42, 0xba, 0x6e, 0x9d, 0x0b,
+                                        0xd1, 0x4e, 0xed, 0x1c, 0x6a, 0x01, 0x9b, 0x5b, 0xe1, 0x3b,
+                                        0xe0, 0xc4)
+};
+
+/**
+ * SHA-512 test case 1 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha512_1 = {
+       .type = DRBG_HMAC_SHA512, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x48, 0xc1, 0x21, 0xb1, 0x87, 0x33, 0xaf, 0x15, 0xc2, 0x7e,
+                                        0x1d, 0xd9, 0xba, 0x66, 0xa9, 0xa8, 0x1a, 0x55, 0x79, 0xcd,
+                                        0xba, 0x0f, 0x5b, 0x65, 0x7e, 0xc5, 0x3c, 0x2b, 0x9e, 0x90,
+                                        0xbb, 0xf6, 0xbb, 0xb7, 0xc7, 0x77, 0x42, 0x80, 0x68, 0xfa,
+                                        0xd9, 0x97, 0x08, 0x91, 0xf8, 0x79, 0xb1, 0xaf, 0xe0, 0xff,
+                                        0xef, 0xda, 0xdb, 0x9c, 0xcf, 0x99, 0x05, 0x04, 0xd5, 0x68,
+                                        0xbd, 0xb4, 0xd8, 0x62, 0xcb, 0xe1, 0x7c, 0xcc, 0xe6, 0xe2,
+                                        0x2d, 0xfc, 0xab, 0x8b, 0x48, 0x04, 0xfd, 0x21, 0x42, 0x1a),
+       chunk_from_chars(0x05, 0xda, 0x6a, 0xac, 0x7d, 0x98, 0x0d, 0xa0, 0x38, 0xf6,
+                                        0x5f, 0x39, 0x28, 0x41, 0x47, 0x6d, 0x37, 0xfe, 0x70, 0xfb,
+                                        0xd3, 0xe3, 0x69, 0xd1, 0xf8, 0x01, 0x96, 0xe6, 0x6e, 0x54,
+                                        0xb8, 0xfa, 0xdb, 0x1d, 0x60, 0xe1, 0xa0, 0xf3, 0xd4, 0xdc,
+                                        0x17, 0x37, 0x69, 0xd7, 0x5f, 0xc3, 0x41, 0x05, 0x49, 0xd7,
+                                        0xa8, 0x43, 0x27, 0x0a, 0x54, 0xa0, 0x68, 0xb4, 0xfe, 0x76,
+                                        0x7d, 0x7d, 0x9a, 0x59, 0x60, 0x45, 0x10, 0xa8, 0x75, 0xad,
+                                        0x1e, 0x97, 0x31, 0xc8, 0xaf, 0xd0, 0xfd, 0x50, 0xb8, 0x25,
+                                        0xe2, 0xc5, 0x0d, 0x06, 0x25, 0x76, 0x17, 0x51, 0x06, 0xa9,
+                                        0x98, 0x1b, 0xe3, 0x7e, 0x02, 0xec, 0x7c, 0x5c, 0xd0, 0xa6,
+                                        0x9a, 0xa0, 0xca, 0x65, 0xbd, 0xda, 0xee, 0x1b, 0x0d, 0xe5,
+                                        0x32, 0xe1, 0x0c, 0xfa, 0x1f, 0x5b, 0xf6, 0xa0, 0x26, 0xe4,
+                                        0x73, 0x79, 0x73, 0x6a, 0x09, 0x9d, 0x67, 0x50, 0xab, 0x12,
+                                        0x1d, 0xbe, 0x36, 0x22, 0xb8, 0x41, 0xba, 0xf8, 0xbd, 0xcb,
+                                        0xe8, 0x75, 0xc8, 0x5b, 0xa4, 0xb5, 0x86, 0xb8, 0xb5, 0xb5,
+                                        0x7b, 0x0f, 0xec, 0xbe, 0xc0, 0x8c, 0x12, 0xff, 0x2a, 0x94,
+                                        0x53, 0xc4, 0x7c, 0x6e, 0x32, 0xa5, 0x21, 0x03, 0xd9, 0x72,
+                                        0xc6, 0x2a, 0xb9, 0xaf, 0xfb, 0x8e, 0x72, 0x8a, 0x31, 0xfc,
+                                        0xef, 0xbb, 0xcc, 0xc5, 0x56, 0xc0, 0xf0, 0xa3, 0x5f, 0x4b,
+                                        0x10, 0xac, 0xe2, 0xd9, 0x6b, 0x90, 0x6e, 0x36, 0xcb, 0xb7,
+                                        0x22, 0x33, 0x20, 0x1e, 0x53, 0x6d, 0x3e, 0x13, 0xb0, 0x45,
+                                        0x18, 0x7b, 0x41, 0x7d, 0x24, 0x49, 0xca, 0xd1, 0xed, 0xd1,
+                                        0x92, 0xe0, 0x61, 0xf1, 0x2d, 0x22, 0x14, 0x7b, 0x0a, 0x17,
+                                        0x6e, 0xa8, 0xd9, 0xc4, 0xc3, 0x54, 0x04, 0x39, 0x5b, 0x65,
+                                        0x02, 0xef, 0x33, 0x3a, 0x81, 0x3b, 0x65, 0x86, 0x03, 0x74,
+                                        0x79, 0xe0, 0xfa, 0x3c, 0x6a, 0x23)
+};
+
+/**
+ * SHA-512 test case 3 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha512_2 = {
+       .type = DRBG_HMAC_SHA512, .strength = 256,
+       chunk_from_chars(0x21, 0x23, 0x00, 0xf9, 0x38, 0x99, 0xff, 0x7c, 0xb1, 0x44,
+                                        0xf2, 0x04, 0x26, 0x02, 0x8b, 0x97, 0x63, 0x80, 0xa3, 0x48,
+                                        0x25, 0x3b, 0xcc, 0x3f, 0xf4, 0x2b, 0x52, 0x8c, 0xd1, 0x97,
+                                        0x25, 0x49),
+       chunk_from_chars(0x97, 0xae, 0xf9, 0x35, 0xea, 0x33, 0x71, 0x7e, 0x8e, 0x86,
+                                        0x44, 0xbb, 0x8c, 0x47, 0x89, 0xf3, 0x75, 0xc4, 0x8a, 0x94,
+                                        0x5d, 0xed, 0x08, 0x77, 0x11, 0x49, 0xe8, 0x28, 0xa2, 0x2d,
+                                        0xc8, 0x66, 0x82, 0x58, 0x0f, 0x51, 0x07, 0x0b, 0xa1, 0xe9,
+                                        0x91, 0xd9, 0x80, 0x3f, 0x51, 0xfd, 0x9a, 0x6f, 0x63, 0xcd,
+                                        0x91, 0xc1, 0xeb, 0xb2, 0xca, 0xa1, 0x5f, 0x28, 0x37, 0xdf,
+                                        0x8f, 0x35, 0xcb, 0xb6, 0xfe, 0x96, 0xdf, 0x26, 0x74, 0xa1,
+                                        0x36, 0x99, 0x0a, 0x59, 0x76, 0xcb, 0xba, 0xb6, 0x3b, 0xc1),
+       chunk_from_chars(0x0e, 0x85, 0x33, 0xf6, 0x4b, 0x60, 0xc2, 0x3a, 0x26, 0x55,
+                                        0x82, 0x70, 0x37, 0xdb, 0x21, 0x8c, 0x2f, 0xe9, 0xce, 0x43,
+                                        0x0f, 0xa4, 0xed, 0x6e, 0xd9, 0xbe, 0x34, 0x9c, 0x4b, 0xdc,
+                                        0x6f, 0x40, 0x01, 0x8b, 0x42, 0xf4, 0x86, 0xfa, 0x04, 0x28,
+                                        0x8b, 0x3b, 0x0c, 0x62, 0xa1, 0x28, 0x12, 0xe7, 0x6e, 0x08,
+                                        0xc7, 0x60, 0x62, 0xa5, 0x10, 0xcc, 0x60, 0x84, 0x1f, 0x16,
+                                        0x58, 0x69, 0xef, 0xac, 0xee, 0xf9, 0x08, 0x05, 0xbd, 0xde,
+                                        0x2f, 0xd6, 0x6c, 0x36, 0xc3, 0x8a, 0x2a, 0xc9, 0xc3, 0xcb,
+                                        0x86, 0xbf, 0xd3, 0x04, 0x06, 0x56, 0x9e, 0x0a, 0xfd, 0x24,
+                                        0x51, 0x02, 0xf2, 0xea, 0x2d, 0x49, 0xe4, 0xee, 0x5f, 0x69,
+                                        0x18, 0x72, 0x27, 0xa3, 0xf0, 0xed, 0xfb, 0xc1, 0x25, 0x9c,
+                                        0xb6, 0x56, 0x4a, 0x2d, 0x4e, 0x82, 0x9b, 0x3f, 0xc3, 0xb6,
+                                        0x99, 0x6e, 0x37, 0x54, 0x6f, 0x1d, 0x8a, 0x16, 0xfc, 0xd8,
+                                        0x20, 0x1d, 0x1a, 0xd2, 0x86, 0x61, 0xbb, 0xb0, 0x01, 0x2d,
+                                        0xaa, 0xd5, 0x5d, 0x54, 0x03, 0xe8, 0x33, 0xd8, 0xa0, 0x06,
+                                        0x8d, 0x21, 0x6c, 0x87, 0x9b, 0xce, 0xbc, 0x05, 0x4d, 0xf0,
+                                        0xc9, 0xcb, 0xa1, 0x4d, 0xad, 0x48, 0x63, 0xee, 0x1f, 0x75,
+                                        0xb7, 0x8b, 0xc4, 0x88, 0x66, 0x2c, 0xb0, 0xc9, 0x1c, 0xa4,
+                                        0xfd, 0xfc, 0xe7, 0xdf, 0x59, 0x16, 0xb4, 0xe6, 0x25, 0x80,
+                                        0x90, 0x2c, 0x60, 0x1b, 0xe7, 0x06, 0xdc, 0xc7, 0x90, 0x38,
+                                        0x58, 0xe6, 0xb9, 0x92, 0x07, 0x35, 0xbd, 0xaa, 0x63, 0x5a,
+                                        0xdd, 0x5c, 0x06, 0x08, 0x0d, 0x82, 0x26, 0x53, 0x45, 0xb4,
+                                        0x90, 0x37, 0xa3, 0x2f, 0xcf, 0x0a, 0x7c, 0x9e, 0xa6, 0x06,
+                                        0x9e, 0x33, 0x69, 0xf9, 0xb4, 0xaa, 0x45, 0x49, 0x3e, 0xfd,
+                                        0x73, 0x18, 0xda, 0x2a, 0xe9, 0xb4, 0xfc, 0x30, 0x04, 0x98,
+                                        0x24, 0x8a, 0xfa, 0xad, 0x8d, 0x49)
+};
+
+/**
+ * SHA-512 test case 5 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha512_3 = {
+       .type = DRBG_HMAC_SHA512, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x54, 0xda, 0xf8, 0xea, 0xd3, 0xac, 0xcb, 0x38, 0x2c, 0xdf,
+                                        0x25, 0x1c, 0xfb, 0xc8, 0x64, 0x4a, 0xb8, 0xbf, 0x4f, 0x99,
+                                        0x69, 0x37, 0x11, 0x10, 0x2c, 0x02, 0xb2, 0xb6, 0x92, 0x0c,
+                                        0x25, 0xc8, 0x4b, 0xcf, 0x3b, 0x02, 0xdc, 0x3e, 0x13, 0x0f,
+                                        0x50, 0xe8, 0x9b, 0xdf, 0x2c, 0xf7, 0x52, 0xe2, 0x45, 0x30,
+                                        0xe0, 0xb8, 0x95, 0x51, 0x90, 0xec, 0xd3, 0xca, 0x11, 0x7d,
+                                        0x26, 0x20, 0xa0, 0xf5, 0x82, 0x3a, 0x2c, 0x7c, 0x6f, 0x10,
+                                        0x8a, 0x72, 0xae, 0xc6, 0x9a, 0xd5, 0x91, 0x51, 0xc8, 0xec),
+       chunk_from_chars(0xc9, 0x44, 0x4a, 0x93, 0x66, 0x76, 0x4f, 0x89, 0xef, 0x32,
+                                        0x26, 0xee, 0x70, 0xf6, 0x18, 0x49, 0x2f, 0xa9, 0xfa, 0x9a,
+                                        0x1c, 0x96, 0xe5, 0x3e, 0xc8, 0x17, 0xde, 0xc9, 0xc4, 0xc8,
+                                        0x3f, 0xb6, 0xef, 0x7f, 0xcb, 0x2c, 0xae, 0x99, 0x73, 0x29,
+                                        0x3e, 0xaa, 0xa5, 0x96, 0xcb, 0xbf, 0xda, 0x4c, 0x3f, 0xbf,
+                                        0x2d, 0xd9, 0x12, 0x53, 0xbe, 0x2c, 0xe6, 0x64, 0x8c, 0x31,
+                                        0xe2, 0xaa, 0x92, 0x31, 0x5a, 0xb4, 0xad, 0xb9, 0x11, 0xaa,
+                                        0xac, 0x15, 0xb5, 0x6a, 0x27, 0x3d, 0xa7, 0x4c, 0x11, 0x4e,
+                                        0x1f, 0x58, 0xb3, 0x7b, 0x47, 0x05, 0x17, 0x1c, 0x4c, 0xf7,
+                                        0xc7, 0x45, 0x23, 0xf5, 0x2e, 0x72, 0x1f, 0x11, 0xbd, 0x8c,
+                                        0x37, 0x51, 0x99, 0x95, 0xe0, 0xd1, 0x3c, 0x19, 0x0d, 0x7e,
+                                        0x58, 0x6c, 0xd3, 0xe3, 0xe9, 0xfc, 0x2d, 0xa9, 0x48, 0xc5,
+                                        0xa5, 0x2a, 0xa6, 0x9c, 0xdc, 0xc8, 0x42, 0xda, 0x17, 0xb4,
+                                        0x94, 0xcb, 0x33, 0x0f, 0xca, 0x9d, 0x87, 0x24, 0x96, 0x5f,
+                                        0xe7, 0xbb, 0xc4, 0x5c, 0xcd, 0x87, 0x72, 0x14, 0xed, 0x4d,
+                                        0x91, 0x71, 0x1a, 0x4e, 0xcc, 0xf9, 0x32, 0x8f, 0x7a, 0x2e,
+                                        0x39, 0x3c, 0xf5, 0x9e, 0x69, 0xbb, 0xa6, 0x87, 0x16, 0xab,
+                                        0x93, 0x0d, 0x54, 0x62, 0x74, 0xa9, 0xd7, 0xa6, 0x3f, 0xb2,
+                                        0x75, 0xc2, 0x07, 0x12, 0xdd, 0x6b, 0x63, 0x1b, 0x69, 0x33,
+                                        0x73, 0x29, 0x53, 0x11, 0x87, 0x19, 0x21, 0xc5, 0x2e, 0x2e,
+                                        0xc5, 0x46, 0x15, 0x9d, 0x92, 0xeb, 0x15, 0x13, 0x3b, 0xdb,
+                                        0x45, 0x3b, 0xa5, 0x4a, 0xef, 0x09, 0xc4, 0x79, 0x0a, 0x1b,
+                                        0x34, 0x28, 0xb4, 0x44, 0x75, 0xee, 0x8f, 0xab, 0x6d, 0xb2,
+                                        0xd5, 0xa8, 0xaa, 0xaf, 0xc0, 0x46, 0x35, 0x5e, 0xb6, 0x42,
+                                        0x1d, 0xbc, 0xe2, 0xf9, 0x28, 0x3a, 0x03, 0xb4, 0xc3, 0x73,
+                                        0x97, 0x51, 0x31, 0xae, 0xca, 0x69)
+};
+
+/**
+ * SHA-512 test case 7 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha512_4 = {
+       .type = DRBG_HMAC_SHA512, .strength = 256,
+       chunk_from_chars(0x39, 0xa7, 0x19, 0x6a, 0x26, 0x16, 0xa5, 0x32, 0x9c, 0x4b,
+                                        0x09, 0xf3, 0xbe, 0x52, 0x1c, 0x23, 0x91, 0xfa, 0x37, 0xfc,
+                                        0xe9, 0x54, 0xa1, 0xfd, 0x25, 0x9b, 0xde, 0x23, 0x0c, 0x8d,
+                                        0x13, 0x0e),
+       chunk_from_chars(0xcd, 0xed, 0x7a, 0xae, 0xab, 0x10, 0x25, 0xa6, 0x05, 0x3c,
+                                        0x12, 0xb8, 0xbc, 0xa1, 0x97, 0xc7, 0x96, 0x3d, 0xee, 0x09,
+                                        0xf5, 0x0c, 0x1c, 0xb9, 0x73, 0x34, 0x11, 0xc7, 0x2c, 0xd0,
+                                        0x90, 0xb9, 0x1f, 0xf7, 0x7f, 0x52, 0x36, 0x78, 0xc1, 0x92,
+                                        0x6b, 0x2b, 0x11, 0x35, 0x4a, 0x55, 0x51, 0x0f, 0xf9, 0x15,
+                                        0xac, 0x12, 0x6f, 0x3a, 0xc6, 0xed, 0xdc, 0x6f, 0x9b, 0x85,
+                                        0x7b, 0x12, 0x43, 0x63, 0xff, 0xb5, 0x3f, 0xbb, 0x66, 0x4a,
+                                        0x3d, 0x7c, 0xb9, 0x10, 0xfb, 0xf5, 0x58, 0xb8, 0x33, 0xbb),
+       chunk_from_chars(0xa4, 0xc9, 0x7a, 0x54, 0xbe, 0x09, 0x1a, 0x7f, 0x1b, 0x56,
+                                        0x37, 0x2c, 0x08, 0xb4, 0xdb, 0xe9, 0xa1, 0x60, 0xe5, 0x9b,
+                                        0xfb, 0x1b, 0x38, 0xdf, 0xee, 0xff, 0x9b, 0xd8, 0xdb, 0x5b,
+                                        0x4f, 0x19, 0x71, 0x4c, 0x47, 0x19, 0xc9, 0x12, 0x7e, 0x8c,
+                                        0xbd, 0x24, 0xe7, 0x83, 0x90, 0x0e, 0x71, 0xa7, 0x7b, 0x1a,
+                                        0x83, 0x03, 0xc8, 0x86, 0x65, 0x5d, 0x85, 0x9a, 0x0a, 0x50,
+                                        0x54, 0xcd, 0x84, 0xed, 0x1c, 0x6b, 0xa1, 0x11, 0xad, 0x13,
+                                        0xdc, 0x12, 0x1b, 0xd0, 0x86, 0x9b, 0x21, 0x71, 0x2b, 0xc2,
+                                        0x42, 0x24, 0xc7, 0xe3, 0x59, 0xe2, 0xde, 0x8f, 0x09, 0x33,
+                                        0xc9, 0x82, 0xa1, 0x80, 0x11, 0x85, 0x64, 0x63, 0xfd, 0xb4,
+                                        0x9c, 0xca, 0x5c, 0x46, 0x80, 0x26, 0xce, 0x02, 0x4a, 0x56,
+                                        0x9c, 0x98, 0xfa, 0x3b, 0x3c, 0xc4, 0x88, 0x94, 0x6f, 0xe9,
+                                        0xfe, 0x07, 0xdd, 0x18, 0xfd, 0x75, 0x86, 0x3f, 0xfc, 0xfa,
+                                        0xd3, 0x2a, 0x2d, 0x04, 0x80, 0xe4, 0x5b, 0x16, 0x9f, 0x68,
+                                        0xcd, 0x6f, 0x31, 0xc6, 0x23, 0xb4, 0xfb, 0xd3, 0x35, 0x42,
+                                        0x70, 0xc5, 0x1c, 0x49, 0x4c, 0x61, 0x4d, 0xcc, 0xc2, 0x7d,
+                                        0xdb, 0x5e, 0x2f, 0x9b, 0xcb, 0xbc, 0x3f, 0xc3, 0x97, 0x38,
+                                        0x4c, 0x92, 0x37, 0xec, 0xaf, 0x6b, 0x47, 0x59, 0x1f, 0x67,
+                                        0x79, 0xa5, 0x2a, 0xb4, 0xc0, 0x38, 0x1b, 0xd7, 0xfe, 0x73,
+                                        0x44, 0x4c, 0x20, 0xd4, 0x7d, 0x5f, 0x25, 0xa4, 0x41, 0x3f,
+                                        0x80, 0x68, 0x55, 0x7e, 0x7f, 0xd2, 0x74, 0x5f, 0xdb, 0x88,
+                                        0xa8, 0x8d, 0x26, 0x2d, 0x1a, 0x23, 0x86, 0xc9, 0xe8, 0x4a,
+                                        0x11, 0x00, 0x08, 0xec, 0xd8, 0xcb, 0x9a, 0xea, 0x88, 0x3d,
+                                        0x43, 0x52, 0xd9, 0xe6, 0x16, 0xab, 0xe7, 0x59, 0xf1, 0x0c,
+                                        0x86, 0x7d, 0xa1, 0x85, 0x5e, 0xde, 0xd5, 0xa3, 0xeb, 0x5c,
+                                        0x4b, 0x20, 0xc9, 0x5a, 0xab, 0xe6)
+};
+
+/**
+ * SHA-512 test case 9 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha512_5 = {
+       .type = DRBG_HMAC_SHA512, .strength = 256,
+       { NULL, 0 },
+       chunk_from_chars(0x60, 0xf1, 0x2a, 0x1e, 0x56, 0x3c, 0x83, 0xdd, 0xaa, 0x36,
+                                        0x13, 0xa5, 0x15, 0x53, 0x7f, 0x59, 0x0b, 0xf2, 0x2c, 0x23,
+                                        0x95, 0xc3, 0xcc, 0x67, 0x4e, 0x23, 0xcc, 0x7b, 0x3a, 0x7e,
+                                        0x59, 0x57, 0xb0, 0x46, 0xb7, 0x97, 0xa0, 0xaf, 0x84, 0x02,
+                                        0x7c, 0x69, 0x56, 0x88, 0x38, 0xf6, 0x49, 0x0e, 0x68, 0xda,
+                                        0x0a, 0xbd, 0xc0, 0x8a, 0xd5, 0xd9, 0xa3, 0xb8, 0x5a, 0x98,
+                                        0x16, 0xbe, 0xae, 0xe2, 0xda, 0x74, 0x9c, 0xa8, 0xbd, 0x75,
+                                        0x7b, 0x31, 0xd7, 0x56, 0xcb, 0x82, 0x0f, 0x4b, 0x52, 0x17),
+       chunk_from_chars(0x33, 0x95, 0x2b, 0xde, 0x77, 0x3c, 0x0d, 0xc0, 0x09, 0x10,
+                                        0xce, 0x6d, 0xc5, 0x5d, 0xae, 0x77, 0xd6, 0xa5, 0xc5, 0xab,
+                                        0x9a, 0x93, 0xf6, 0x12, 0xa6, 0x56, 0xb9, 0xcc, 0xc1, 0xeb,
+                                        0x24, 0xa6, 0xcc, 0xea, 0x86, 0xd5, 0x09, 0x0d, 0xf3, 0x05,
+                                        0xde, 0x69, 0x29, 0x96, 0x4c, 0x45, 0x60, 0x53, 0x14, 0x81,
+                                        0xea, 0x83, 0x55, 0x64, 0xf1, 0xde, 0x27, 0x10, 0xa7, 0xb1,
+                                        0x55, 0xf3, 0x77, 0x23, 0x47, 0xa2, 0x71, 0xfb, 0x8a, 0x40,
+                                        0x62, 0x13, 0x53, 0xc1, 0x35, 0xbe, 0xd0, 0x18, 0x0d, 0x86,
+                                        0x7d, 0x4b, 0x8e, 0xe6, 0x13, 0x9f, 0x3b, 0x6f, 0x60, 0xa1,
+                                        0xe4, 0x07, 0x2c, 0xce, 0x31, 0x98, 0xb2, 0x01, 0xdd, 0x1a,
+                                        0x0a, 0x31, 0x93, 0xa2, 0xd3, 0x06, 0x1e, 0xf1, 0x21, 0xed,
+                                        0x1d, 0x5c, 0xc1, 0x27, 0xe7, 0xa4, 0x33, 0xae, 0x54, 0x07,
+                                        0xc0, 0x9b, 0x45, 0xce, 0xb1, 0xed, 0xe6, 0x9f, 0x1c, 0x5e,
+                                        0x27, 0xe7, 0xac, 0x7f, 0xf7, 0xdd, 0x65, 0xd0, 0x7c, 0x92,
+                                        0xe9, 0xb0, 0x02, 0xf4, 0x4a, 0x36, 0xb4, 0x98, 0x8b, 0x4b,
+                                        0xab, 0x45, 0xd2, 0x07, 0x54, 0x94, 0x3a, 0xfc, 0x0b, 0xae,
+                                        0x2d, 0xac, 0x20, 0xc3, 0xcc, 0x6e, 0xe0, 0x8f, 0xfd, 0x3c,
+                                        0x6a, 0x94, 0x4e, 0xca, 0xe7, 0xd1, 0x25, 0x1a, 0x81, 0x49,
+                                        0xfb, 0xb8, 0x19, 0xdb, 0x2c, 0xb7, 0xd6, 0xfe, 0x48, 0xae,
+                                        0x98, 0x44, 0xf1, 0xc0, 0xcf, 0xf1, 0xd7, 0x61, 0x67, 0x03,
+                                        0x47, 0x35, 0xc7, 0x99, 0x8a, 0x1d, 0xd0, 0xa0, 0x66, 0xe6,
+                                        0x7e, 0xae, 0xe8, 0x6d, 0xa5, 0x81, 0x68, 0xe4, 0xeb, 0xe0,
+                                        0xfd, 0x36, 0xbc, 0x1e, 0x0e, 0x46, 0x9c, 0xd3, 0x77, 0xb4,
+                                        0x14, 0xb6, 0xe3, 0xc8, 0x92, 0x02, 0x02, 0x40, 0xae, 0x71,
+                                        0xf1, 0x72, 0x86, 0xd1, 0xa4, 0x84, 0xa1, 0x6d, 0xc1, 0x8b,
+                                        0x25, 0xeb, 0xab, 0x47, 0x4c, 0xe6)
+};
+
+/**
+ * SHA-512 test case 11 - count 0
+ */
+drbg_test_vector_t drbg_hmac_sha512_6 = {
+       .type = DRBG_HMAC_SHA512, .strength = 256,
+       chunk_from_chars(0x5e, 0x5b, 0x96, 0xb3, 0x8f, 0xff, 0xb9, 0x29, 0xbf, 0x3d,
+                                        0x74, 0x40, 0xe6, 0x0e, 0x9c, 0x38, 0xe6, 0xea, 0xb0, 0x5f,
+                                        0xd1, 0xe1, 0x2a, 0xb8, 0x2c, 0xb5, 0xfd, 0x5e, 0x6d, 0xa2,
+                                        0x6a, 0xb4),
+       chunk_from_chars(0x29, 0xb9, 0x7c, 0x42, 0x1a, 0xea, 0x05, 0xea, 0x9b, 0x1c,
+                                        0x68, 0x4a, 0x8b, 0x91, 0xcd, 0x04, 0xe5, 0x76, 0xa0, 0x19,
+                                        0x88, 0x31, 0xc4, 0x2a, 0x18, 0x66, 0x82, 0x4a, 0x34, 0x62,
+                                        0xc7, 0xa8, 0x10, 0xa7, 0xce, 0x39, 0x6f, 0x4b, 0xea, 0x52,
+                                        0x27, 0x54, 0x5c, 0x1a, 0x87, 0xd7, 0x4e, 0xb5, 0x24, 0x6c,
+                                        0x56, 0x51, 0x0a, 0x65, 0x2f, 0xd9, 0x0e, 0xa3, 0x77, 0xfe,
+                                        0xd3, 0x15, 0xd7, 0x57, 0x6a, 0x2a, 0x23, 0x0c, 0xef, 0xdf,
+                                        0x4f, 0x45, 0xae, 0x28, 0x72, 0xb9, 0xd9, 0xad, 0xad, 0x3f),
+       chunk_from_chars(0x61, 0x46, 0x67, 0xab, 0x1e, 0xe7, 0x5e, 0xd7, 0x13, 0x1f,
+                                        0x2e, 0x37, 0xda, 0x34, 0xa9, 0xb3, 0x92, 0x4d, 0xd8, 0x99,
+                                        0x7b, 0x35, 0x33, 0x5f, 0xfd, 0xdd, 0x67, 0xaa, 0x3a, 0x5d,
+                                        0xca, 0xec, 0x1b, 0x6c, 0xc9, 0xcf, 0x32, 0xab, 0x0c, 0x27,
+                                        0x7f, 0x2c, 0xb0, 0xcc, 0xa2, 0xae, 0xc7, 0x2d, 0x66, 0x3a,
+                                        0x25, 0x83, 0x08, 0xa6, 0x0c, 0xae, 0xed, 0xe4, 0x3d, 0x11,
+                                        0xd2, 0xd7, 0xcb, 0x81, 0x1f, 0x38, 0x67, 0x7b, 0x81, 0x31,
+                                        0x75, 0xd9, 0x32, 0x79, 0x0a, 0x37, 0x44, 0x9c, 0xf2, 0x8a,
+                                        0xa6, 0x81, 0x3a, 0xc4, 0x98, 0x96, 0x5f, 0x56, 0x92, 0x64,
+                                        0xc3, 0x23, 0xfa, 0x5e, 0x12, 0x0e, 0x95, 0x34, 0x88, 0x18,
+                                        0x2e, 0xc9, 0x7a, 0x32, 0xdd, 0xcb, 0x83, 0x5c, 0x45, 0x51,
+                                        0xf0, 0x85, 0x58, 0x6f, 0x3b, 0xc9, 0x68, 0x94, 0xb3, 0x0a,
+                                        0xfd, 0x77, 0x51, 0xe4, 0xa6, 0x90, 0xb5, 0x7a, 0xfc, 0x84,
+                                        0x19, 0x5f, 0xcb, 0x97, 0xf8, 0xdd, 0x90, 0x51, 0x16, 0xe6,
+                                        0xbc, 0x38, 0xbb, 0xaa, 0xaa, 0x54, 0x3e, 0xd0, 0x06, 0xd0,
+                                        0x28, 0x01, 0x68, 0x13, 0x81, 0x91, 0x89, 0x77, 0x03, 0x82,
+                                        0xe7, 0x5b, 0x66, 0x62, 0x0b, 0xc0, 0x73, 0x76, 0xb7, 0x89,
+                                        0x56, 0x20, 0xe2, 0xd4, 0x44, 0x6c, 0xc2, 0x9e, 0x22, 0xa8,
+                                        0x4b, 0xad, 0x1f, 0x7f, 0x87, 0x11, 0x61, 0x4c, 0x7e, 0x91,
+                                        0x9d, 0x48, 0x21, 0xb4, 0x0d, 0xdb, 0x46, 0x04, 0x88, 0xf1,
+                                        0xad, 0xd3, 0x6b, 0x40, 0xb4, 0x23, 0xfc, 0x9c, 0xed, 0xfe,
+                                        0x10, 0xfe, 0x12, 0x1b, 0xee, 0x24, 0xe2, 0x0c, 0x4f, 0x0b,
+                                        0xb1, 0x8d, 0xbd, 0x71, 0xc6, 0x02, 0xaf, 0x0b, 0x7a, 0x5a,
+                                        0x15, 0xa3, 0xea, 0xf3, 0xce, 0x44, 0xb2, 0xe8, 0x70, 0x90,
+                                        0x15, 0xf1, 0x35, 0xdb, 0xfd, 0x0f, 0x76, 0xe4, 0xb8, 0xde,
+                                        0xf7, 0x75, 0x80, 0x1c, 0x0e, 0x9e)
+};
index 96faa56..7b11b19 100644 (file)
@@ -25,6 +25,7 @@
 #define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x;
 #define TEST_VECTOR_PRF(x) extern prf_test_vector_t x;
 #define TEST_VECTOR_XOF(x) extern xof_test_vector_t x;
+#define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x;
 #define TEST_VECTOR_RNG(x) extern rng_test_vector_t x;
 #define TEST_VECTOR_DH(x) extern dh_test_vector_t x;
 
@@ -36,6 +37,7 @@
 #undef TEST_VECTOR_HASHER
 #undef TEST_VECTOR_PRF
 #undef TEST_VECTOR_XOF
+#undef TEST_VECTOR_DRBG
 #undef TEST_VECTOR_RNG
 #undef TEST_VECTOR_DH
 
@@ -45,6 +47,7 @@
 #define TEST_VECTOR_HASHER(x)
 #define TEST_VECTOR_PRF(x)
 #define TEST_VECTOR_XOF(x)
+#define TEST_VECTOR_DRBG(x)
 #define TEST_VECTOR_RNG(x)
 #define TEST_VECTOR_DH(x)
 
@@ -97,6 +100,14 @@ static xof_test_vector_t *xof[] = {
 #undef TEST_VECTOR_XOF
 #define TEST_VECTOR_XOF(x)
 
+#undef TEST_VECTOR_DRBG
+#define TEST_VECTOR_DRBG(x) &x,
+static drbg_test_vector_t *drbg[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_DRBG
+#define TEST_VECTOR_DRBG(x)
+
 #undef TEST_VECTOR_RNG
 #define TEST_VECTOR_RNG(x) &x,
 static rng_test_vector_t *rng[] = {
@@ -197,6 +208,11 @@ plugin_t *test_vectors_plugin_create()
                lib->crypto->add_test_vector(lib->crypto,
                                                                         EXTENDED_OUTPUT_FUNCTION, xof[i]);
        }
+       for (i = 0; i < countof(drbg); i++)
+       {
+               lib->crypto->add_test_vector(lib->crypto,
+                                                                        DETERMINISTIC_RANDOM_BIT_GENERATOR, drbg[i]);
+       }
        for (i = 0; i < countof(rng); i++)
        {
                lib->crypto->add_test_vector(lib->crypto,
index d4cac5a..ccbedde 100644 (file)
@@ -2,8 +2,7 @@ check_LTLIBRARIES = libtest.la
 
 libtest_la_SOURCES = \
   test_suite.c test_suite.h \
-  test_runner.c test_runner.h \
-  utils/test_rng.c utils/test_rng.h
+  test_runner.c test_runner.h
 
 libtest_la_CFLAGS = \
   -I$(top_srcdir)/src/libstrongswan \
@@ -54,7 +53,7 @@ libstrongswan_tests_SOURCES = tests.h tests.c \
   suites/test_asn1.c \
   suites/test_asn1_parser.c \
   suites/test_printf.c \
-  suites/test_test_rng.c \
+  suites/test_rng_tester.c \
   suites/test_mgf1.c \
   suites/test_ntru.c \
   suites/test_ed25519.c \
index 6945f5c..a42fb5d 100644 (file)
@@ -15,7 +15,6 @@
 
 #include "test_suite.h"
 
-#include <tests/utils/test_rng.h>
 #include <utils/test.h>
 #include <crypto/xofs/xof.h>
 #include <crypto/xofs/xof_bitspender.h>
diff --git a/src/libstrongswan/tests/suites/test_rng_tester.c b/src/libstrongswan/tests/suites/test_rng_tester.c
new file mode 100644 (file)
index 0000000..8a47126
--- /dev/null
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <utils/test.h>
+#include <crypto/rngs/rng_tester.h>
+
+START_TEST(test_rng_tester)
+{
+       rng_t *entropy;
+       chunk_t in, in1, in2, out;
+
+       in1 = chunk_from_chars(0x01, 0x02, 0x03, 0x04, 0x05, 0x06);
+       in2 = chunk_from_chars(0x07, 0x08);
+       in = chunk_cat("cc", in1, in2);
+
+       entropy = rng_tester_create(in);
+       ck_assert(entropy->allocate_bytes(entropy, 6, &out));
+       ck_assert(chunk_equals(in1, out));
+       ck_assert(entropy->get_bytes(entropy, 2, out.ptr));
+       ck_assert(memeq(in2.ptr, out.ptr, in2.len));
+       ck_assert(!entropy->get_bytes(entropy, 4, out.ptr));
+       chunk_free(&out);
+       ck_assert(!entropy->allocate_bytes(entropy, 4, &out));
+       entropy->destroy(entropy);
+       chunk_free(&in);
+}
+END_TEST
+
+
+Suite *rng_tester_suite_create()
+{
+       Suite *s;
+       TCase *tc;
+
+       s = suite_create("rng_tester");
+
+       tc = tcase_create("rng_tester");
+       tcase_add_test(tc, test_rng_tester);
+       suite_add_tcase(s, tc);
+
+       return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_test_rng.c b/src/libstrongswan/tests/suites/test_test_rng.c
deleted file mode 100644 (file)
index 9a983b6..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <tests/utils/test_rng.h>
-#include <utils/test.h>
-
-START_TEST(test_test_rng)
-{
-       rng_t *entropy;
-       chunk_t in, in1, in2, out;
-
-       in1 = chunk_from_chars(0x01, 0x02, 0x03, 0x04, 0x05, 0x06);
-       in2 = chunk_from_chars(0x07, 0x08);
-       in = chunk_cat("cc", in1, in2);
-
-       entropy = test_rng_create(in);
-       ck_assert(entropy->allocate_bytes(entropy, 6, &out));
-       ck_assert(chunk_equals(in1, out));
-       ck_assert(entropy->get_bytes(entropy, 2, out.ptr));
-       ck_assert(memeq(in2.ptr, out.ptr, in2.len));
-       ck_assert(!entropy->get_bytes(entropy, 4, out.ptr));
-       chunk_free(&out);
-       ck_assert(!entropy->allocate_bytes(entropy, 4, &out));
-       entropy->destroy(entropy);
-       chunk_free(&in);
-}
-END_TEST
-
-
-Suite *test_rng_suite_create()
-{
-       Suite *s;
-       TCase *tc;
-
-       s = suite_create("test_rng");
-
-       tc = tcase_create("test_rng");
-       tcase_add_test(tc, test_test_rng);
-       suite_add_tcase(s, tc);
-
-       return s;
-}
index 971b331..b5733fe 100644 (file)
@@ -28,6 +28,8 @@ static transform_type_t tfs[] = {
        INTEGRITY_ALGORITHM,
        HASH_ALGORITHM,
        PSEUDO_RANDOM_FUNCTION,
+       EXTENDED_OUTPUT_FUNCTION,
+       DETERMINISTIC_RANDOM_BIT_GENERATOR,
        RANDOM_NUMBER_GENERATOR,
        DIFFIE_HELLMAN_GROUP,
 };
index 26ff161..4106a42 100644 (file)
@@ -46,7 +46,7 @@ TEST_SUITE_DEPEND(iv_gen_suite_create, RNG, RNG_STRONG)
 TEST_SUITE(pen_suite_create)
 TEST_SUITE(asn1_suite_create)
 TEST_SUITE(asn1_parser_suite_create)
-TEST_SUITE(test_rng_suite_create)
+TEST_SUITE(rng_tester_suite_create)
 TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
 TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
 TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c
deleted file mode 100644 (file)
index 2985a56..0000000
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "test_rng.h"
-
-typedef struct private_rng_t private_rng_t;
-
-/**
- * Private data.
- */
-struct private_rng_t {
-
-       /**
-        * Public interface.
-        */
-       rng_t public;
-
-       /**
-        * Entropy string.
-        */
-       chunk_t entropy;
-};
-
-METHOD(rng_t, get_bytes, bool,
-       private_rng_t *this, size_t bytes, uint8_t *buffer)
-{
-       if (bytes > this->entropy.len)
-       {
-               return FALSE;
-       }
-       memcpy(buffer, this->entropy.ptr, bytes);
-       this->entropy = chunk_skip(this->entropy, bytes);
-       return TRUE;
-}
-
-METHOD(rng_t, allocate_bytes, bool,
-       private_rng_t *this, size_t bytes, chunk_t *chunk)
-{
-       if (bytes > this->entropy.len)
-       {
-               *chunk = chunk_empty;
-               return FALSE;
-       }
-
-       *chunk = chunk_alloc(bytes);
-       memcpy(chunk->ptr, this->entropy.ptr, bytes);
-       this->entropy = chunk_skip(this->entropy, bytes);
-       return TRUE;
-}
-
-METHOD(rng_t, destroy, void,
-       private_rng_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header.
- */
-rng_t *test_rng_create(chunk_t entropy)
-{
-       private_rng_t *this;
-
-       INIT(this,
-               .public = {
-                       .get_bytes = _get_bytes,
-                       .allocate_bytes = _allocate_bytes,
-                       .destroy = _destroy,
-               },
-               .entropy = entropy,
-       );
-
-       return &this->public;
-}
diff --git a/src/libstrongswan/tests/utils/test_rng.h b/src/libstrongswan/tests/utils/test_rng.h
deleted file mode 100644 (file)
index e588f3b..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * rng_t providing NIST SP 800-90A entropy test vectors
- *
- * @defgroup test_rng test_rng
- * @{ @ingroup test_utils
- */
-
-#ifndef TEST_RNG_H_
-#define TEST_RNG_H_
-
-#include <library.h>
-
-/**
- * Creates a test_rng_t instance.
- *
- * @param entropy      entropy test vector
- * @return                     created test_rng_t
- */
-rng_t *test_rng_create(chunk_t entropy);
-
-#endif /** TEST_RNG_H_ @} */