#include <string.h>
#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
#include <openssl/err.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include "fips_locl.h"
+#include "fips_drbg_selftest.h"
+
typedef struct {
+ int post;
int nid;
unsigned int flags;
+
+ /* KAT data for no PR */
const unsigned char *ent;
size_t entlen;
const unsigned char *nonce;
size_t perslen;
const unsigned char *adin;
size_t adinlen;
- const unsigned char *entpr;
- size_t entprlen;
- const unsigned char *ading;
- size_t adinglen;
- const unsigned char *entg;
- size_t entglen;
+ const unsigned char *entreseed;
+ size_t entreseedlen;
+ const unsigned char *adinreseed;
+ size_t adinreseedlen;
+ const unsigned char *adin2;
+ size_t adin2len;
const unsigned char *kat;
size_t katlen;
+ const unsigned char *kat2;
+ size_t kat2len;
+
+ /* KAT data for PR */
+ const unsigned char *ent_pr;
+ size_t entlen_pr;
+ const unsigned char *nonce_pr;
+ size_t noncelen_pr;
+ const unsigned char *pers_pr;
+ size_t perslen_pr;
+ const unsigned char *adin_pr;
+ size_t adinlen_pr;
+ const unsigned char *entpr_pr;
+ size_t entprlen_pr;
+ const unsigned char *ading_pr;
+ size_t adinglen_pr;
+ const unsigned char *entg_pr;
+ size_t entglen_pr;
+ const unsigned char *kat_pr;
+ size_t katlen_pr;
+ const unsigned char *kat2_pr;
+ size_t kat2len_pr;
+
} DRBG_SELFTEST_DATA;
-#define make_drbg_test_data(nid, flag, pr) { nid, flag | DRBG_FLAG_TEST, \
+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
pr##_entropyinput, sizeof(pr##_entropyinput), \
pr##_nonce, sizeof(pr##_nonce), \
pr##_personalizationstring, sizeof(pr##_personalizationstring), \
pr##_additionalinput, sizeof(pr##_additionalinput), \
- pr##_entropyinputpr, sizeof(pr##_entropyinputpr), \
+ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
+ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
pr##_additionalinput2, sizeof(pr##_additionalinput2), \
- pr##_entropyinputpr2, sizeof(pr##_entropyinputpr2), \
+ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
pr##_returnedbits, sizeof(pr##_returnedbits), \
+ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
+ pr##_pr_nonce, sizeof(pr##_pr_nonce), \
+ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
+ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
+ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
+ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
+ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
+ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
+ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
}
-#define make_drbg_test_data_df(nid, pr) \
- make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr)
-
-/* AES-128 use df PR */
-static const unsigned char aes_128_use_df_entropyinput[] =
- {
- 0x98,0x38,0x99,0x81,0x1d,0x56,0x1a,0x04,0xb0,0x50,0xcd,0x14,
- 0xc3,0x90,0x0b,0x4f
- };
-
-static const unsigned char aes_128_use_df_nonce[] =
- {
- 0xa8,0xa0,0x80,0x8a,0x65,0xb7,0x38,0x22
- };
-
-static const unsigned char aes_128_use_df_personalizationstring[] =
- {
- 0x67,0x4f,0x85,0x01,0x15,0x51,0x85,0xdd,0x97,0xda,0xf7,0x09,
- 0xbc,0x61,0xaf,0x23
- };
-
-static const unsigned char aes_128_use_df_additionalinput[] =
- {
- 0x01,0xba,0xa8,0x13,0x9e,0xd4,0xb7,0xff,0x86,0x34,0x01,0xa0,
- 0xb6,0x17,0x96,0x55
- };
-
-static const unsigned char aes_128_use_df_entropyinputpr[] =
- {
- 0x60,0x76,0xf6,0x12,0x6b,0x92,0xbe,0xd7,0x75,0x6e,0x78,0x1f,
- 0x0d,0xc1,0x0d,0x56
- };
-
-static const unsigned char aes_128_use_df_additionalinput2[] =
- {
- 0xf0,0xd6,0x5b,0xa3,0x7c,0x1e,0xa3,0x65,0x08,0xf9,0xdd,0x90,
- 0xde,0x5f,0xb4,0x27
- };
-
-static const unsigned char aes_128_use_df_entropyinputpr2[] =
- {
- 0x34,0x55,0x02,0xa9,0x30,0xf0,0x78,0x0a,0xa2,0xae,0x74,0x46,
- 0xe5,0xad,0xbb,0xd6
- };
-
-static const unsigned char aes_128_use_df_returnedbits[] =
- {
- 0x48,0x52,0xb6,0x9f,0xf2,0xfe,0xe1,0x12,0xaf,0x22,0x87,0xd7,
- 0x46,0x64,0x96,0xec
- };
-
-
-/* AES-192 use df PR */
-static const unsigned char aes_192_use_df_entropyinput[] =
- {
- 0x12,0xf6,0xff,0xc5,0x81,0x8c,0x15,0xd7,0x33,0x0c,0x4f,0x45,
- 0xbf,0x2a,0x97,0xd2,0xe0,0xe0,0xbd,0x48,0x4e,0x83,0x76,0x25
- };
-
-static const unsigned char aes_192_use_df_nonce[] =
- {
- 0x35,0xc8,0x16,0x8c,0xbd,0x1f,0x53,0xc4,0x6e,0x47,0x3a,0x74,
- 0x83,0xe6,0xe4,0x78
- };
-
-static const unsigned char aes_192_use_df_personalizationstring[] =
- {
- 0xd6,0xe2,0x27,0x88,0xf4,0xce,0x9d,0xfc,0x92,0xde,0x07,0x57,
- 0x43,0x74,0x17,0x6e,0x63,0x54,0xaf,0x5a,0x3c,0xf8,0x23,0x65,
- 0x5a,0x15,0xb0,0x35,0x2a,0x6c,0x3c,0x3a
- };
-
-static const unsigned char aes_192_use_df_additionalinput[] =
- {
- 0xad,0xa4,0x47,0xa4,0xcf,0x46,0x7b,0xf7,0x19,0xcc,0xda,0xbe,
- 0x11,0x42,0x85,0xaa,0x21,0x16,0x27,0xe6,0x35,0xdf,0xb5,0x87,
- 0x96,0x68,0x64,0x35,0x08,0x02,0xe9,0x19
- };
-
-static const unsigned char aes_192_use_df_entropyinputpr[] =
- {
- 0x6f,0x41,0x2d,0x5e,0xd6,0xc9,0xf8,0x6a,0x22,0x00,0xe0,0xfb,
- 0x4b,0xcd,0xbe,0x2d,0x98,0xff,0x1b,0xe2,0xb9,0x95,0x73,0xac
- };
-
-static const unsigned char aes_192_use_df_additionalinput2[] =
- {
- 0x51,0xea,0xd8,0x8e,0xa0,0xd7,0x9c,0x22,0x3c,0x01,0xf6,0xdb,
- 0xe9,0xe4,0x60,0x1e,0x54,0x56,0x3b,0x5c,0xd2,0xf3,0xa0,0x1d,
- 0x5c,0xd0,0x85,0x48,0xc9,0x5f,0x12,0xb7
- };
-
-static const unsigned char aes_192_use_df_entropyinputpr2[] =
- {
- 0xf7,0x1f,0x9f,0x0e,0x14,0x30,0xde,0x4c,0xf9,0x34,0x49,0xc5,
- 0x24,0x91,0xe3,0x30,0xfd,0x5f,0x1e,0x79,0x30,0xf5,0x58,0xe6
- };
-
-static const unsigned char aes_192_use_df_returnedbits[] =
- {
- 0x5b,0x8a,0xca,0x2e,0x74,0xb6,0x6f,0x96,0x48,0xb0,0xe4,0xc1,
- 0x68,0x40,0xac,0xc7
- };
-
-
-/* AES-256 use df PR */
-static const unsigned char aes_256_use_df_entropyinput[] =
- {
- 0x2a,0x02,0xbe,0xaa,0xba,0xb4,0x6a,0x73,0x53,0x85,0xa9,0x2a,
- 0xae,0x4a,0xdc,0xeb,0xe8,0x07,0xfb,0xf3,0xbc,0xe3,0xf4,0x2e,
- 0x00,0x53,0x46,0x00,0x64,0x80,0xdd,0x57
- };
-
-static const unsigned char aes_256_use_df_nonce[] =
- {
- 0x2c,0x86,0xa2,0xf9,0x70,0xb5,0xca,0xd3,0x9a,0x08,0xdc,0xb6,
- 0x6b,0xce,0xe5,0x05
- };
-
-static const unsigned char aes_256_use_df_personalizationstring[] =
- {
- 0xdb,0x6c,0xe1,0x84,0xbe,0x07,0xae,0x55,0x4e,0x34,0x5d,0xb8,
- 0x47,0x98,0x85,0xe0,0x3d,0x3e,0x9f,0x60,0xfa,0x1c,0x7d,0x57,
- 0x19,0xe5,0x09,0xdc,0xe2,0x10,0x41,0xab
- };
-
-static const unsigned char aes_256_use_df_additionalinput[] =
- {
- 0x1d,0xc3,0x11,0x93,0xcb,0xc4,0xf6,0xbb,0x57,0xb0,0x09,0x70,
- 0xb9,0xc6,0x05,0x86,0x4e,0x75,0x95,0x7d,0x3d,0xec,0xce,0xb4,
- 0x0b,0xe4,0xef,0xd1,0x7b,0xab,0x56,0x6f
- };
-
-static const unsigned char aes_256_use_df_entropyinputpr[] =
- {
- 0x8f,0xb9,0xab,0xf9,0x33,0xcc,0xbe,0xc6,0xbd,0x8b,0x61,0x5a,
- 0xec,0xc6,0x4a,0x5b,0x03,0x21,0xe7,0x37,0x03,0x02,0xbc,0xa5,
- 0x28,0xb9,0xfe,0x7a,0xa8,0xef,0x6f,0xb0
- };
-
-static const unsigned char aes_256_use_df_additionalinput2[] =
- {
- 0xd6,0x98,0x63,0x48,0x94,0x9f,0x26,0xf7,0x1f,0x44,0x13,0x23,
- 0xa7,0xde,0x09,0x12,0x90,0x04,0xce,0xbc,0xac,0x82,0x70,0x58,
- 0xba,0x7d,0xdc,0x25,0x1e,0xe4,0xbf,0x7c
- };
-
-static const unsigned char aes_256_use_df_entropyinputpr2[] =
- {
- 0xe5,0x04,0xef,0x7c,0x8d,0x02,0xd7,0x68,0x95,0x4c,0x64,0x34,
- 0x30,0x3a,0xcb,0x07,0xc9,0x0a,0xef,0x26,0xc6,0x57,0x43,0xfb,
- 0x7d,0xbe,0xe2,0x61,0x75,0xcd,0xee,0x34
- };
-
-static const unsigned char aes_256_use_df_returnedbits[] =
- {
- 0x75,0x6d,0x16,0xef,0x14,0xae,0xd9,0xc2,0x28,0x0b,0x66,0xff,
- 0x20,0x1f,0x21,0x33
- };
-
-
-/* AES-128 no df PR */
-static const unsigned char aes_128_no_df_entropyinput[] =
- {
- 0xbe,0x91,0xb9,0x09,0x91,0x13,0x0b,0xbd,0x7b,0x95,0x77,0xed,
- 0xf2,0x00,0xff,0x2a,0xec,0xbd,0x7a,0x11,0x59,0xe1,0x32,0x1a,
- 0xe3,0x9a,0xbd,0xa2,0xe4,0xd9,0x1a,0x39
- };
-
-static const unsigned char aes_128_no_df_nonce[] =
- {
- 0x39,0xeb,0x7a,0x42,0x0b,0x7f,0x4f,0xd5
- };
-
-static const unsigned char aes_128_no_df_personalizationstring[] =
- {
- 0xd0,0xe4,0x9c,0xf6,0x2f,0xc8,0xba,0x6d,0xb9,0x91,0x8f,0xc1,
- 0x45,0x5b,0xb9,0x4f,0xdb,0x36,0xd6,0x71,0x2c,0x4b,0x2a,0x4c,
- 0x50,0x4c,0x74,0xdb,0xc5,0x20,0x0b,0x3b
- };
-
-static const unsigned char aes_128_no_df_additionalinput[] =
- {
- 0x7c,0x35,0x81,0x03,0x58,0x93,0x24,0xf7,0x9c,0x98,0x4a,0x9d,
- 0x94,0xbd,0x9d,0x77,0x64,0xda,0xa4,0x67,0x66,0xb7,0x43,0xde,
- 0xc5,0xd5,0x72,0x42,0x5a,0x7c,0x41,0x9f
- };
-
-static const unsigned char aes_128_no_df_entropyinputpr[] =
- {
- 0x63,0xf6,0x0e,0xfe,0x56,0xad,0x8f,0x37,0xa8,0xa1,0x6a,0x83,
- 0x01,0xac,0x51,0xe0,0x86,0x26,0xce,0x5c,0x57,0x14,0xd8,0xde,
- 0x4d,0x93,0xb6,0x35,0xf4,0x85,0x18,0x60
- };
-
-static const unsigned char aes_128_no_df_additionalinput2[] =
- {
- 0x90,0x0f,0x35,0x81,0xc5,0xf5,0xc8,0x1b,0x80,0x99,0xcd,0xe2,
- 0xbb,0xe2,0xc7,0x65,0x40,0x74,0x50,0x2b,0x89,0xb4,0x16,0x60,
- 0xd7,0x1e,0x15,0xbf,0x91,0xc9,0x15,0xc2
- };
-
-static const unsigned char aes_128_no_df_entropyinputpr2[] =
- {
- 0xc7,0x9f,0xd6,0x9b,0xe2,0x74,0x3e,0x8c,0x12,0xdd,0x41,0xcd,
- 0x51,0x6b,0xd4,0x71,0x3e,0xd0,0x36,0xc7,0xb9,0xa6,0xaf,0xca,
- 0xc0,0x7e,0x89,0xc4,0x88,0x2b,0x4e,0x43
- };
-
-static const unsigned char aes_128_no_df_returnedbits[] =
- {
- 0x8c,0x7f,0x69,0xbf,0xb8,0x07,0x17,0xa6,0x09,0xef,0xd2,0x0a,
- 0x5f,0x20,0x18,0x2f
- };
-
-
-/* AES-192 no df PR */
-static const unsigned char aes_192_no_df_entropyinput[] =
- {
- 0xd5,0xcb,0x5b,0xc5,0x5b,0xa6,0x97,0xb6,0x1e,0x57,0x92,0xbb,
- 0x14,0x72,0xeb,0xae,0x44,0x85,0x99,0xa3,0xa3,0x24,0xe5,0x91,
- 0x2e,0x34,0xa7,0x3f,0x48,0x7a,0xc4,0x72,0x54,0x65,0xe6,0x57,
- 0x94,0x1a,0x7c,0x2d
- };
-
-static const unsigned char aes_192_no_df_nonce[] =
- {
- 0x74,0x7a,0x38,0x81,0xef,0xca,0xd1,0xb6,0x7b,0xb5,0x1e,0x62,
- 0xf9,0x80,0x2c,0xe5
- };
-
-static const unsigned char aes_192_no_df_personalizationstring[] =
- {
- 0x03,0xf8,0xbe,0xe8,0x6a,0x90,0x2a,0x4f,0xbd,0x80,0xd0,0x31,
- 0xf0,0x59,0xa3,0xf6,0x87,0xd8,0x8d,0x0d,0xac,0x27,0xa2,0xd2,
- 0x91,0x72,0xa5,0xc1,0x07,0xac,0xbf,0xdb,0x5d,0xa1,0x7d,0x56,
- 0x7d,0x3f,0x09,0x8b
- };
-
-static const unsigned char aes_192_no_df_additionalinput[] =
- {
- 0x3e,0x89,0x1b,0x17,0xcb,0xe3,0xc8,0x76,0x71,0x0d,0xaf,0x97,
- 0x1e,0x73,0xa6,0xc4,0x88,0x3d,0x46,0xad,0xf0,0xba,0xc3,0x7e,
- 0x17,0x10,0x0d,0x20,0x80,0x23,0x26,0xcc,0xe6,0xc4,0xc4,0xd8,
- 0xfe,0x1d,0x2a,0xbc
- };
-
-static const unsigned char aes_192_no_df_entropyinputpr[] =
- {
- 0x3f,0x33,0xb8,0x1b,0xe1,0x1b,0xe7,0xbe,0x68,0x6f,0xd2,0xd8,
- 0x6f,0xb6,0xf0,0xd2,0xa1,0x1c,0x83,0x24,0xfe,0x5d,0xf2,0xe9,
- 0x4b,0xf0,0x63,0xa2,0xd8,0x76,0x9e,0x49,0x78,0x64,0x1f,0x98,
- 0xbc,0xee,0x7c,0x99
- };
-
-static const unsigned char aes_192_no_df_additionalinput2[] =
- {
- 0x54,0x48,0xf9,0x6a,0x86,0x93,0xf3,0x7b,0x02,0x1b,0xf6,0x46,
- 0x3a,0x49,0x02,0x87,0x3f,0x54,0x82,0x7f,0xa1,0x45,0x41,0xa5,
- 0x88,0x4b,0xaa,0x90,0x12,0x40,0x46,0x22,0xed,0x7a,0x72,0xf7,
- 0x36,0xd5,0x5f,0x0f
- };
-
-static const unsigned char aes_192_no_df_entropyinputpr2[] =
- {
- 0x00,0xdf,0xa1,0x50,0xc1,0xb9,0x82,0x7f,0x65,0xea,0x0f,0x14,
- 0x79,0xfe,0x6a,0x95,0x4b,0x96,0xae,0x89,0x28,0x52,0x49,0x05,
- 0xd9,0x00,0x9e,0x79,0x5e,0x04,0xdb,0xbb,0xec,0x09,0x16,0x53,
- 0x23,0xe9,0xac,0x08
- };
-
-static const unsigned char aes_192_no_df_returnedbits[] =
- {
- 0x48,0xd6,0x66,0x61,0x93,0x8d,0xff,0x7d,0x42,0xf4,0x41,0x9a,
- 0x01,0x2a,0x34,0x09
- };
-
-
-/* AES-256 no df PR */
-static const unsigned char aes_256_no_df_entropyinput[] =
- {
- 0x7e,0x83,0x3f,0xa6,0x39,0xdc,0xcb,0x38,0x17,0x6a,0xa3,0x59,
- 0xa9,0x8c,0x1f,0x50,0xd3,0xdb,0x34,0xdd,0xa4,0x39,0x65,0xe4,
- 0x77,0x17,0x08,0x57,0x49,0x04,0xbd,0x68,0x5c,0x7d,0x2a,0xee,
- 0x0c,0xf2,0xfb,0x16,0xef,0x16,0x18,0x4d,0x32,0x6a,0x26,0x6c
- };
-
-static const unsigned char aes_256_no_df_nonce[] =
- {
- 0xa3,0x8a,0xa4,0x6d,0xa6,0xc1,0x40,0xf8,0xa3,0x02,0xf1,0xac,
- 0xf3,0xea,0x7f,0x2d
- };
-
-static const unsigned char aes_256_no_df_personalizationstring[] =
- {
- 0xc0,0x54,0x1e,0xa5,0x93,0xd9,0x8b,0x2b,0x43,0x15,0x2c,0x07,
- 0x26,0x25,0xc7,0x08,0xf0,0xb3,0x4b,0x44,0x96,0xfe,0xc7,0xc5,
- 0x64,0x27,0xaa,0x78,0x5b,0xbc,0x40,0x51,0xce,0x89,0x6b,0xc1,
- 0x3f,0x9c,0xa0,0x5c,0x75,0x98,0x24,0xc5,0xe1,0x3e,0x86,0xdb
- };
-
-static const unsigned char aes_256_no_df_additionalinput[] =
- {
- 0x0e,0xe3,0x0f,0x07,0x90,0xe2,0xde,0x20,0xb6,0xf7,0x6f,0xef,
- 0x87,0xdc,0x7f,0xc4,0x0d,0x9d,0x05,0x31,0x91,0x87,0x8c,0x9a,
- 0x19,0x53,0xd2,0xf8,0x20,0x91,0xa0,0xef,0x97,0x59,0xea,0x12,
- 0x1b,0x2f,0x29,0x74,0x76,0x35,0xf7,0x71,0x5a,0x96,0xeb,0xbc
- };
-
-static const unsigned char aes_256_no_df_entropyinputpr[] =
- {
- 0x37,0x26,0x9a,0xa6,0x28,0xe0,0x35,0x78,0x12,0x42,0x44,0x5c,
- 0x55,0xbc,0xc8,0xb6,0x1f,0x24,0xf3,0x32,0x88,0x02,0x69,0xa7,
- 0xed,0x1d,0xb7,0x4d,0x8b,0x44,0x12,0x21,0x5e,0x60,0x53,0x96,
- 0x3b,0xb9,0x31,0x7f,0x2a,0x87,0xbf,0x3c,0x07,0xbb,0x27,0x22
- };
-
-static const unsigned char aes_256_no_df_additionalinput2[] =
- {
- 0xf1,0x24,0x35,0xa6,0x8c,0x93,0x28,0x7e,0x84,0xea,0x3d,0x27,
- 0x44,0x18,0xc9,0x13,0x73,0x49,0xb9,0x83,0x79,0x15,0x29,0x53,
- 0x2f,0xef,0x43,0x06,0xe7,0xcb,0x5c,0x0f,0x9f,0x10,0x4c,0x60,
- 0x7f,0xbf,0x0c,0x37,0x9b,0xe4,0x94,0x26,0xe5,0x3b,0xf5,0x63
- };
-
-static const unsigned char aes_256_no_df_entropyinputpr2[] =
- {
- 0xdc,0x91,0x48,0x11,0x63,0x7b,0x79,0x41,0x36,0x8c,0x4f,0xe2,
- 0xc9,0x84,0x04,0x9c,0xdc,0x5b,0x6c,0x8d,0x61,0x52,0xea,0xfa,
- 0x92,0x3b,0xb4,0x36,0x4c,0x06,0x4a,0xd1,0xb1,0x8e,0x32,0x03,
- 0xfd,0xa4,0xf7,0x5a,0xa6,0x5c,0x63,0xa1,0xb9,0x96,0xfa,0x12
- };
-
-static const unsigned char aes_256_no_df_returnedbits[] =
- {
- 0x1c,0xba,0xfd,0x48,0x0f,0xf4,0x85,0x63,0xd6,0x7d,0x91,0x14,
- 0xef,0x67,0x6b,0x7f
- };
-
-/* SHA-1 PR */
-static const unsigned char sha1_entropyinput[] =
- {
- 0x5b,0xaf,0x30,0x1a,0xdc,0xd1,0x04,0xd7,0x95,0x72,0xd2,0xfb,
- 0xec,0x2d,0x62,0x2b
- };
-
-static const unsigned char sha1_nonce[] =
- {
- 0xf3,0xd9,0xcb,0x92,0x5f,0x50,0x4c,0x99
- };
-
-static const unsigned char sha1_personalizationstring[] =
- {
- 0x8f,0x56,0x70,0xd9,0x27,0xa2,0xb4,0xf1,0xb3,0xad,0xcf,0x10,
- 0x06,0x16,0x5c,0x11
- };
-
-static const unsigned char sha1_additionalinput[] =
- {
- 0x49,0xdd,0x0c,0xb4,0xab,0x84,0xe1,0x7e,0x94,0x20,0xad,0x6c,
- 0xd7,0xd2,0x0b,0x84
- };
-
-static const unsigned char sha1_entropyinputpr[] =
- {
- 0x23,0x4a,0xaf,0xf7,0x1a,0x0b,0x7e,0x51,0xdd,0x23,0x51,0x82,
- 0x2c,0x8c,0xa6,0xc5
- };
-
-static const unsigned char sha1_additionalinput2[] =
- {
- 0x59,0xe6,0x93,0xcb,0x38,0x23,0xf5,0x7b,0x93,0x5a,0x4d,0xfa,
- 0x11,0xb8,0x88,0xde
- };
-
-static const unsigned char sha1_entropyinputpr2[] =
- {
- 0x2e,0x00,0x78,0x5a,0xcd,0x30,0xea,0x73,0x37,0x8a,0x0d,0x12,
- 0x50,0x28,0x28,0x03
- };
-
-static const unsigned char sha1_returnedbits[] =
- {
- 0xe7,0x87,0x8b,0x01,0xc1,0xd3,0xd8,0x43,0xd4,0x8f,0xcd,0x24,
- 0x54,0x67,0xa2,0x6e,0x17,0x94,0x73,0x1c
- };
-
-
-/* SHA-224 PR */
-static const unsigned char sha224_entropyinput[] =
- {
- 0xfc,0x31,0xc1,0x87,0x43,0x07,0xb1,0xe5,0x71,0x48,0x5d,0x0e,
- 0xad,0xf8,0x68,0x09,0x6f,0xfe,0x80,0x2a,0xc1,0x12,0xb8,0xa6
- };
-
-static const unsigned char sha224_nonce[] =
- {
- 0xfd,0xba,0x25,0x2e,0xc1,0x7c,0x4e,0xa1,0x4d,0xef,0xeb,0x5d
- };
-
-static const unsigned char sha224_personalizationstring[] =
- {
- 0xc9,0x15,0xe4,0x8c,0x2a,0x4c,0xc9,0xe6,0x23,0x5c,0xb8,0x5a,
- 0x97,0x89,0x6a,0x10,0x75,0x68,0x27,0x00,0x0e,0x6f,0x44,0x1e
- };
-
-static const unsigned char sha224_additionalinput[] =
- {
- 0xd3,0xab,0x74,0x74,0xe7,0x80,0x87,0x9e,0x89,0x08,0xbe,0xf1,
- 0x99,0x09,0x26,0xa4,0x2b,0x8c,0xb7,0xa0,0xc2,0xcc,0xae,0x0a
- };
-
-static const unsigned char sha224_entropyinputpr[] =
- {
- 0xbd,0xc1,0x21,0x62,0x43,0x19,0x25,0x15,0x19,0xc5,0xcd,0x53,
- 0x9e,0xb4,0x17,0xff,0xaa,0x03,0xf6,0x5a,0x4d,0x69,0x28,0x0b
- };
-
-static const unsigned char sha224_additionalinput2[] =
- {
- 0xdb,0xf5,0x57,0xea,0x5b,0xc8,0x0a,0xa9,0x32,0x72,0xcf,0x7d,
- 0xa4,0xeb,0x4f,0xbf,0x64,0x5d,0x74,0x04,0x0e,0x4e,0x0f,0xed
- };
-
-static const unsigned char sha224_entropyinputpr2[] =
- {
- 0xab,0xce,0xe1,0xfd,0xaa,0x35,0x5c,0x0a,0xfe,0xd8,0x18,0xac,
- 0x92,0x79,0x79,0x53,0xbc,0xb5,0x45,0xf6,0xf9,0x73,0x7f,0x24
- };
-
-static const unsigned char sha224_returnedbits[] =
- {
- 0xb2,0xc2,0x40,0xc4,0x2a,0x25,0x63,0xdb,0x99,0x59,0x7b,0x7b,
- 0xee,0xdb,0x51,0x8d,0x18,0x4c,0x09,0x26,0x22,0x1a,0xe9,0x76,
- 0x54,0x5f,0xb5,0x28
- };
-
-
-/* SHA-256 PR */
-static const unsigned char sha256_entropyinput[] =
- {
- 0xbc,0x67,0x4e,0x95,0xf1,0xca,0x71,0xdd,0xd3,0x97,0x3a,0x39,
- 0x3f,0x3d,0x7f,0xf2,0x99,0x02,0xcf,0x12,0x02,0xea,0xcc,0xf3,
- 0xd7,0xe7,0xcc,0x08,0x6c,0x41,0xb1,0xed
- };
-
-static const unsigned char sha256_nonce[] =
- {
- 0x44,0x06,0xa7,0x61,0x15,0x0a,0x6a,0x2d,0xa9,0x18,0x10,0xb5,
- 0x6d,0xf0,0xd4,0xf7
- };
-
-static const unsigned char sha256_personalizationstring[] =
- {
- 0x8f,0x39,0xd5,0x6a,0x46,0xde,0xa2,0x57,0xdf,0x39,0xdb,0xca,
- 0x13,0xca,0x51,0x0f,0x43,0x2a,0x77,0x3a,0x38,0x7a,0x3b,0x35,
- 0x1e,0x13,0x26,0x0e,0xc1,0x6b,0xb6,0x81
- };
-
-static const unsigned char sha256_additionalinput[] =
- {
- 0x95,0x01,0xbe,0x52,0xaa,0xc4,0x32,0x5a,0x3c,0xea,0x57,0xc4,
- 0x5c,0xfa,0x25,0x4e,0xc5,0xf3,0xc2,0xa6,0x39,0xce,0x00,0x97,
- 0x19,0x50,0x17,0x71,0x44,0x13,0xa5,0xbd
- };
-
-static const unsigned char sha256_entropyinputpr[] =
- {
- 0x8e,0x8a,0x19,0x03,0xa7,0x77,0xaa,0x64,0x4f,0x11,0x45,0x1d,
- 0x66,0x74,0x88,0xdf,0x2c,0x9b,0xc3,0xc8,0xbb,0x8c,0x99,0x34,
- 0xc6,0xc7,0xdb,0xc1,0x92,0xef,0xa3,0xa3
- };
-
-static const unsigned char sha256_additionalinput2[] =
- {
- 0x2b,0x91,0x7f,0xf3,0x78,0x3f,0x18,0x73,0x7c,0x5f,0xc2,0xda,
- 0x1d,0x8c,0xc4,0xcd,0x74,0x4d,0xc1,0x7a,0x6c,0xe2,0x73,0x07,
- 0x9d,0x55,0xa8,0x42,0x69,0xc0,0x7c,0x85
- };
-
-static const unsigned char sha256_entropyinputpr2[] =
- {
- 0x4c,0x3f,0xee,0x8b,0x98,0x0e,0x55,0x7e,0xab,0xc3,0xd3,0x0e,
- 0x35,0x33,0x72,0x75,0x9f,0x4b,0x87,0xce,0x05,0xbe,0xd4,0x6b,
- 0x70,0xec,0xdb,0x5a,0x57,0x14,0x83,0x34
- };
-
-static const unsigned char sha256_returnedbits[] =
- {
- 0xa5,0x2c,0xab,0x93,0x63,0x57,0x5d,0x60,0x80,0x4c,0x71,0xbb,
- 0xc2,0x3d,0x43,0x13,0xd8,0xe1,0x60,0x63,0x5e,0xf8,0xb1,0x4c,
- 0x93,0x06,0x86,0x9e,0x03,0x0a,0x16,0x75
- };
-
-
-/* SHA-384 PR */
-static const unsigned char sha384_entropyinput[] =
- {
- 0xad,0x6c,0xfb,0xdd,0x40,0xd9,0xf1,0x0a,0xc6,0xe4,0x28,0xf9,
- 0x8c,0xb1,0x66,0xce,0x7e,0x7f,0xbb,0xea,0xcd,0x79,0x3d,0x54,
- 0xc6,0xc0,0x07,0x68,0xf0,0xb7,0x73,0xc5
- };
-
-static const unsigned char sha384_nonce[] =
- {
- 0xfb,0xe1,0xb2,0x81,0x77,0xb0,0x14,0x94,0xae,0xbb,0x8d,0x01,
- 0xfb,0x74,0xc9,0xa1
- };
-
-static const unsigned char sha384_personalizationstring[] =
- {
- 0x02,0x8e,0xa9,0xc2,0x7e,0x0e,0x78,0xea,0x29,0xca,0x19,0xd4,
- 0x58,0x89,0x71,0x45,0x18,0xd9,0x1f,0xc0,0x8f,0x92,0x02,0xb8,
- 0x90,0xa7,0xec,0xf6,0x7f,0x33,0xa6,0x47
- };
-
-static const unsigned char sha384_additionalinput[] =
- {
- 0x98,0x0e,0xe3,0x3c,0x8e,0x6b,0x82,0xc0,0x56,0xd0,0x93,0x14,
- 0x6a,0x79,0xa8,0xec,0x09,0xb7,0x49,0x01,0x71,0xdb,0x58,0x97,
- 0x5a,0x61,0xa5,0x4e,0xb4,0x5f,0xce,0x2b
- };
-
-static const unsigned char sha384_entropyinputpr[] =
- {
- 0x50,0xef,0xaa,0x65,0x95,0x0d,0x4f,0x97,0x3e,0x57,0x59,0x48,
- 0xf9,0x4e,0xee,0x51,0xf8,0x46,0xec,0x4c,0x2d,0x55,0x47,0x23,
- 0xc5,0x7b,0xa3,0xda,0xe5,0x12,0x34,0x9a
- };
-
-static const unsigned char sha384_additionalinput2[] =
- {
- 0x1c,0xcd,0xe0,0xc1,0x15,0xd4,0x7f,0xfa,0x9e,0x16,0xe7,0x6d,
- 0x22,0x55,0xfd,0x34,0x3f,0xec,0x1d,0x40,0x9e,0xdd,0x15,0x07,
- 0x13,0x1c,0x65,0x6e,0xf7,0x1c,0xb6,0xf8
- };
-
-static const unsigned char sha384_entropyinputpr2[] =
- {
- 0xa0,0x8b,0x48,0xdc,0x7b,0x74,0x54,0xd0,0x0a,0x10,0x0e,0xc9,
- 0xf2,0xe0,0xf0,0x30,0x38,0xf5,0x46,0x27,0xf4,0x54,0x06,0x95,
- 0x56,0xab,0xf4,0x74,0xd8,0x34,0xf5,0x5d
- };
-
-static const unsigned char sha384_returnedbits[] =
- {
- 0x03,0x54,0x62,0xaa,0x5c,0x61,0x28,0xfc,0x96,0x04,0xd6,0x4f,
- 0x50,0x5c,0x9e,0x7c,0x9e,0x1d,0x41,0x76,0x41,0xa0,0x60,0x70,
- 0x62,0x4f,0x42,0x1a,0x69,0xce,0x30,0xc4,0xf7,0x89,0xc8,0x93,
- 0xed,0xe9,0x42,0xf4,0x59,0x55,0x7c,0x6c,0xd3,0x4e,0xff,0x05
- };
-
-
-/* SHA-512 PR */
-static const unsigned char sha512_entropyinput[] =
- {
- 0x22,0xb1,0x72,0xe3,0xc4,0x87,0xe7,0x76,0x4e,0x85,0xb5,0xca,
- 0x86,0x4f,0x21,0x2b,0x4f,0x29,0x8e,0x8a,0xfc,0x88,0xfc,0xa1,
- 0xf6,0xd7,0xc1,0x63,0x90,0x8d,0x85,0xa9
- };
-
-static const unsigned char sha512_nonce[] =
- {
- 0xcc,0x8b,0x86,0x21,0xa7,0xbe,0xd3,0xe1,0xde,0xd2,0x47,0xfc,
- 0x9c,0x4a,0xdb,0x85
- };
-
-static const unsigned char sha512_personalizationstring[] =
- {
- 0xb7,0x7c,0xb3,0x4f,0xf8,0xcd,0x19,0x89,0xdb,0x0c,0xcf,0xc9,
- 0xce,0xcd,0x48,0xcd,0x62,0x9c,0x51,0x38,0x85,0xe4,0x6c,0x17,
- 0x02,0x1b,0x6b,0xb5,0x3c,0x31,0x4f,0xa1
- };
-
-static const unsigned char sha512_additionalinput[] =
- {
- 0x69,0x3f,0xcf,0xf5,0x38,0x09,0x0d,0x3c,0xfb,0xea,0x94,0xa6,
- 0xf3,0xdc,0xb3,0xa8,0xcb,0x61,0x3b,0x8d,0x8e,0x31,0x94,0xc2,
- 0xe8,0x20,0x1c,0x62,0xa0,0x54,0xc2,0x03
- };
-
-static const unsigned char sha512_entropyinputpr[] =
- {
- 0xa0,0xcf,0x6f,0x0f,0x55,0x88,0x84,0xad,0x8d,0x2e,0x08,0x91,
- 0x8a,0x65,0xc0,0xb4,0xc9,0xbe,0x21,0x29,0xbe,0x23,0x2d,0x2b,
- 0xd1,0x81,0x90,0x66,0x97,0xb6,0xfa,0x84
- };
-
-static const unsigned char sha512_additionalinput2[] =
- {
- 0x1f,0x5e,0x49,0xb5,0xa3,0xfa,0xe8,0x89,0xc5,0x1b,0x39,0x2b,
- 0x9e,0xc7,0x36,0x85,0x5b,0xa9,0x9f,0x91,0x79,0xfe,0x5c,0xe6,
- 0x41,0xbe,0x14,0x87,0x81,0x08,0x0d,0xee
- };
-/* NB: not constant so we can corrupt it */
-static const unsigned char sha512_entropyinputpr2[] =
- {
- 0xed,0x22,0x42,0x61,0xa7,0x4c,0xed,0xc7,0x10,0x82,0x61,0x17,
- 0xaa,0x7d,0xdb,0x4e,0x1c,0x96,0x61,0x23,0xcd,0x8f,0x84,0x77,
- 0xc3,0xa2,0x55,0xff,0xbb,0xc9,0xa6,0x2f
- };
-
-static const unsigned char sha512_returnedbits[] =
- {
- 0x79,0x60,0x41,0xaa,0x6c,0xdd,0x17,0x28,0xc0,0x4d,0xc0,0x17,
- 0xc0,0x66,0x46,0x67,0x0d,0x20,0xe2,0x67,0x96,0xd5,0x2a,0xf4,
- 0x58,0x0a,0x06,0xab,0xc1,0x4c,0x70,0xc1,0xb8,0x9d,0x68,0x79,
- 0x28,0x07,0x38,0x4a,0xc3,0xec,0x3b,0x19,0x02,0xe7,0x13,0x82,
- 0x8f,0xc3,0xed,0x59,0x88,0xdd,0x88,0xaf,0xac,0xf0,0x57,0x6c,
- 0x14,0x0b,0x50,0x11
- };
-
+#define make_drbg_test_data_df(nid, pr, p) \
+ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
+#define make_drbg_test_data_ec(curve, md, pr, p) \
+ make_drbg_test_data((curve << 16) | md , 0, pr, p)
static DRBG_SELFTEST_DATA drbg_test[] = {
- make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df),
- make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df),
- make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df),
- make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df),
- make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df),
- make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df),
- make_drbg_test_data(NID_sha1, 0, sha1),
- make_drbg_test_data(NID_sha224, 0, sha224),
- make_drbg_test_data(NID_sha256, 0, sha256),
- make_drbg_test_data(NID_sha384, 0, sha384),
- make_drbg_test_data(NID_sha512, 0, sha512),
+ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
+ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
+ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
+ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
+ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
+ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
+ make_drbg_test_data(NID_sha1, 0, sha1, 0),
+ make_drbg_test_data(NID_sha224, 0, sha224, 0),
+ make_drbg_test_data(NID_sha256, 0, sha256, 1),
+ make_drbg_test_data(NID_sha384, 0, sha384, 0),
+ make_drbg_test_data(NID_sha512, 0, sha512, 0),
+ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
+ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
+ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
+ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
+ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
+ make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha1, p_256_sha1, 0),
+ make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha224, p_256_sha224, 0),
+ make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha256, p_256_sha256, 1),
+ make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha384, p_256_sha384, 0),
+ make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha512, p_256_sha512, 0),
+ make_drbg_test_data_ec(NID_secp384r1, NID_sha224, p_384_sha224, 0),
+ make_drbg_test_data_ec(NID_secp384r1, NID_sha256, p_384_sha256, 0),
+ make_drbg_test_data_ec(NID_secp384r1, NID_sha384, p_384_sha384, 0),
+ make_drbg_test_data_ec(NID_secp384r1, NID_sha512, p_384_sha512, 0),
+ make_drbg_test_data_ec(NID_secp521r1, NID_sha256, p_521_sha256, 0),
+ make_drbg_test_data_ec(NID_secp521r1, NID_sha384, p_521_sha384, 0),
+ make_drbg_test_data_ec(NID_secp521r1, NID_sha512, p_521_sha512, 0),
{0,0,0}
};
return t->noncelen;
}
-static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
+ int quick)
{
TEST_ENT t;
int rv = 0;
size_t adinlen;
unsigned char randout[1024];
+
+ /* Initial test without PR */
+
+ /* Instantiate DRBG with test entropy, nonce and personalisation
+ * string.
+ */
+
+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+ return 0;
+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+ return 0;
+
+ FIPS_drbg_set_app_data(dctx, &t);
+
+ t.ent = td->ent;
+ t.entlen = td->entlen;
+ t.nonce = td->nonce;
+ t.noncelen = td->noncelen;
+ t.entcnt = 0;
+ t.noncecnt = 0;
+
+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+ goto err;
+
+ /* Note for CTR without DF some additional input values
+ * ignore bytes after the keylength: so reduce adinlen
+ * to half to ensure invalid data is fed in.
+ */
+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
+ adinlen = td->adinlen / 2;
+ else
+ adinlen = td->adinlen;
+
+ /* Generate with no PR and verify output matches expected data */
+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+ td->adin, adinlen))
+ goto err;
+
+ if (memcmp(randout, td->kat, td->katlen))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
+ goto err2;
+ }
+ /* If abbreviated POST end of test */
+ if (quick)
+ {
+ rv = 1;
+ goto err;
+ }
+ /* Reseed DRBG with test entropy and additional input */
+ t.ent = td->entreseed;
+ t.entlen = td->entreseedlen;
+
+ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
+ goto err;
+
+ /* Generate with no PR and verify output matches expected data */
+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
+ td->adin2, td->adin2len))
+ goto err;
+
+ if (memcmp(randout, td->kat2, td->kat2len))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
+ goto err2;
+ }
+
+ FIPS_drbg_uninstantiate(dctx);
+
+ /* Now test with PR */
+
+ /* Instantiate DRBG with test entropy, nonce and personalisation
+ * string.
+ */
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
return 0;
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
FIPS_drbg_set_app_data(dctx, &t);
- t.ent = td->ent;
- t.entlen = td->entlen;
- t.nonce = td->nonce;
- t.noncelen = td->noncelen;
+ t.ent = td->ent_pr;
+ t.entlen = td->entlen_pr;
+ t.nonce = td->nonce_pr;
+ t.noncelen = td->noncelen_pr;
t.entcnt = 0;
t.noncecnt = 0;
- if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
goto err;
- t.ent = td->entpr;
- t.entlen = td->entprlen;
+ /* Now generate with PR: we need to supply entropy as this will
+ * perform a reseed operation. Check output matches expected value.
+ */
+
+ t.ent = td->entpr_pr;
+ t.entlen = td->entprlen_pr;
/* Note for CTR without DF some additional input values
* ignore bytes after the keylength: so reduce adinlen
* to half to ensure invalid data is fed in.
*/
- if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->flags))
- adinlen = td->adinlen / 2;
+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
+ adinlen = td->adinlen_pr / 2;
else
- adinlen = td->adinlen;
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 1,
- td->adin, adinlen))
+ adinlen = td->adinlen_pr;
+ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
+ td->adin_pr, adinlen))
goto err;
- t.ent = td->entg;
- t.entlen = td->entglen;
+ if (memcmp(randout, td->kat_pr, td->katlen_pr))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
+ goto err2;
+ }
+
+ /* Now generate again with PR: supply new entropy again.
+ * Check output matches expected value.
+ */
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 1,
- td->ading, td->adinglen))
- goto err;
+ t.ent = td->entg_pr;
+ t.entlen = td->entglen_pr;
- if (memcmp(randout, td->kat, td->katlen))
+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
+ td->ading_pr, td->adinglen_pr))
goto err;
+ if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
+ goto err2;
+ }
+ /* All OK, test complete */
rv = 1;
err:
if (rv == 0)
FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
+ err2:
FIPS_drbg_uninstantiate(dctx);
return rv;
+
+ }
+
+/* Initialise a DRBG based on selftest data */
+
+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
+ {
+
+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+ return 0;
+
+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+ return 0;
+
+ FIPS_drbg_set_app_data(dctx, t);
+
+ t->ent = td->ent;
+ t->entlen = td->entlen;
+ t->nonce = td->nonce;
+ t->noncelen = td->noncelen;
+ t->entcnt = 0;
+ t->noncecnt = 0;
+ return 1;
+ }
+
+/* Initialise and instantiate DRBG based on selftest data */
+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
+ TEST_ENT *t)
+ {
+ if (!do_drbg_init(dctx, td, t))
+ return 0;
+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+ return 0;
+
+ return 1;
}
-/* This is the "health check" function required by SP800-90. Induce several
- * failure modes and check an error condition is set.
+/* This function performs extensive error checking as required by SP800-90.
+ * Induce several failure modes and check an error condition is set.
+ * This function along with fips_drbg_single_kat peforms the health checking
+ * operation.
*/
-static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
{
unsigned char randout[1024];
TEST_ENT t;
size_t i;
+ unsigned int reseed_counter_tmp;
unsigned char *p = (unsigned char *)dctx;
/* Initialise DRBG */
- if (!FIPS_drbg_init(dctx, td->nid, td->flags))
- goto err;
-
- if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+ if (!do_drbg_init(dctx, td, &t))
goto err;
- FIPS_drbg_set_app_data(dctx, &t);
+ /* Don't report induced errors */
+ dctx->iflags |= DRBG_FLAG_NOERR;
- t.ent = td->ent;
- t.entlen = td->entlen;
- t.nonce = td->nonce;
- t.noncelen = td->noncelen;
- t.entcnt = 0;
- t.noncecnt = 0;
+ /* Personalisation string tests */
- /* Don't report induced errors */
- dctx->flags |= DRBG_FLAG_NOERR;
+ /* Test detection of too large personlisation string */
- /* Try too large a personalisation length */
if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
goto err;
}
- /* Test entropy source failure detection */
+ /* Entropy source tests */
+
+ /* Test entropy source failure detecion: i.e. returns no data */
t.entlen = 0;
+
if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
/* Try to generate output from uninstantiated DRBG */
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, 0,
+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, td->adinlen))
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
goto err;
}
- dctx->flags &= ~DRBG_FLAG_NOERR;
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
- /* Instantiate with valid data. NB: errors now reported again */
- if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+ if (!do_drbg_init(dctx, td, &t))
goto err;
- if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ /* Test insufficient entropy */
+
+ t.entlen = dctx->min_entropy - 1;
+
+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
- FIPS_drbg_set_app_data(dctx, &t);
+ }
- t.entlen = td->entlen;
- if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
+ }
- /* Check generation is now OK */
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 0,
- td->adin, td->adinlen))
+ /* Test too much entropy */
+
+ if (!do_drbg_init(dctx, td, &t))
goto err;
- /* Try to generate with too high a strength.
- */
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ t.entlen = dctx->max_entropy + 1;
+
+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+ goto err;
+ }
+
+ /* Nonce tests */
+
+ /* Test too small nonce */
+
+ if (dctx->min_nonce)
+ {
+
+ if (!do_drbg_init(dctx, td, &t))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
- dctx->flags |= DRBG_FLAG_NOERR;
- if (dctx->strength != 256)
+ t.noncelen = dctx->min_nonce - 1;
+
+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+ goto err;
+ }
+
+ }
+
+ /* Test too large nonce */
+
+ if (dctx->max_nonce)
{
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 256, 0,
- td->adin, td->adinlen))
+
+ if (!do_drbg_init(dctx, td, &t))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ t.noncelen = dctx->max_nonce + 1;
+
+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_STRENGTH_ERROR_UNDETECTED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
+ goto err;
+ }
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
+
}
+ /* Instantiate with valid data. */
+ if (!do_drbg_instantiate(dctx, td, &t))
+ goto err;
+
+ /* Check generation is now OK */
+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+ td->adin, td->adinlen))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
/* Request too much data for one request */
- if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0, 0,
+ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
td->adin, td->adinlen))
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ /* Try too large additional input */
+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+ td->adin, dctx->max_adin + 1))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
goto err;
}
t.entlen = 0;
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, 1,
+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
td->adin, td->adinlen))
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
- dctx->flags &= ~DRBG_FLAG_NOERR;
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Instantiate again with valid data */
- if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+ if (!do_drbg_instantiate(dctx, td, &t))
+ goto err;
+ /* Test reseed counter works */
+ /* Save initial reseed counter */
+ reseed_counter_tmp = dctx->reseed_counter;
+ /* Set reseed counter to beyond interval */
+ dctx->reseed_counter = dctx->reseed_interval;
+
+ /* Generate output and check entropy has been requested for reseed */
+ t.entcnt = 0;
+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+ td->adin, td->adinlen))
goto err;
- if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+ if (t.entcnt != 1)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
goto err;
- FIPS_drbg_set_app_data(dctx, &t);
+ }
+ /* Check reseed counter has been reset */
+ if (dctx->reseed_counter != reseed_counter_tmp + 1)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
+ goto err;
+ }
- t.entlen = td->entlen;
- /* Test reseeding works */
- dctx->reseed_interval = 2;
- if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+ /* Explicit reseed tests */
+
+ /* Test explicit reseed with too large additional input */
+ if (!do_drbg_init(dctx, td, &t))
goto err;
- /* Check generation is now OK */
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 0,
- td->adin, td->adinlen))
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
goto err;
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 0,
+ }
+
+ /* Test explicit reseed with entropy source failure */
+
+ /* Check prediction resistance request fails if entropy source
+ * failure.
+ */
+
+ t.entlen = 0;
+
+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
td->adin, td->adinlen))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
+ }
+
+ dctx->iflags &= ~DRBG_FLAG_NOERR;
- /* DRBG should now require a reseed */
- if (dctx->status != DRBG_STATUS_RESEED)
+ if (!FIPS_drbg_uninstantiate(dctx))
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
- /* Generate again and check entropy has been requested for reseed */
+ if (!do_drbg_instantiate(dctx, td, &t))
+ goto err;
+ /* Test reseed counter works */
+ /* Save initial reseed counter */
+ reseed_counter_tmp = dctx->reseed_counter;
+ /* Set reseed counter to beyond interval */
+ dctx->reseed_counter = dctx->reseed_interval;
+
+ /* Generate output and check entropy has been requested for reseed */
t.entcnt = 0;
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 0,
+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, td->adinlen))
goto err;
if (t.entcnt != 1)
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
+ goto err;
+ }
+ /* Check reseed counter has been reset */
+ if (dctx->reseed_counter != reseed_counter_tmp + 1)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
+ goto err;
+ }
+
+ /* Explicit reseed tests */
+
+ /* Test explicit reseed with too large additional input */
+ if (!do_drbg_init(dctx, td, &t))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ /* Test explicit reseed with entropy source failure */
+
+ if (!do_drbg_init(dctx, td, &t))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ t.entlen = 0;
+
+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+ goto err;
+ }
+
+ /* Test explicit reseed with too much entropy */
+
+ if (!do_drbg_init(dctx, td, &t))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ t.entlen = dctx->max_entropy + 1;
+
+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+ goto err;
+ }
+
+ /* Test explicit reseed with too little entropy */
+
+ if (!do_drbg_init(dctx, td, &t))
+ goto err;
+
+ dctx->iflags |= DRBG_FLAG_NOERR;
+
+ t.entlen = dctx->min_entropy - 1;
+
+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
+ goto err;
+ }
+
+ if (!FIPS_drbg_uninstantiate(dctx))
+ {
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
- FIPS_drbg_uninstantiate(dctx);
p = (unsigned char *)&dctx->d;
/* Standard says we have to check uninstantiate really zeroes
* the data...
{
if (*p != 0)
{
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
goto err;
}
p++;
/* A real error as opposed to an induced one: underlying function will
* indicate the error.
*/
- if (!(dctx->flags & DRBG_FLAG_NOERR))
- FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_FUNCTION_ERROR);
+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
FIPS_drbg_uninstantiate(dctx);
return 0;
}
-
int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
{
- int rv;
DRBG_SELFTEST_DATA *td;
+ flags |= DRBG_FLAG_TEST;
for (td = drbg_test; td->nid != 0; td++)
{
if (td->nid == nid && td->flags == flags)
{
- rv = fips_drbg_single_kat(dctx, td);
- if (rv <= 0)
- return rv;
- return fips_drbg_health_check(dctx, td);
+ if (!fips_drbg_single_kat(dctx, td, 0))
+ return 0;
+ return fips_drbg_error_check(dctx, td);
}
}
return 0;
}
+int FIPS_drbg_health_check(DRBG_CTX *dctx)
+ {
+ int rv;
+ DRBG_CTX *tctx = NULL;
+ tctx = FIPS_drbg_new(0, 0);
+ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
+ if (!tctx)
+ return 0;
+ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
+ if (tctx)
+ FIPS_drbg_free(tctx);
+ if (rv)
+ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
+ else
+ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
+ if (!rv)
+ dctx->status = DRBG_STATUS_ERROR;
+ else
+ dctx->health_check_cnt = 0;
+ return rv;
+ }
+
int FIPS_selftest_drbg(void)
+ {
+ DRBG_CTX *dctx;
+ DRBG_SELFTEST_DATA *td;
+ int rv = 1;
+ dctx = FIPS_drbg_new(0, 0);
+ if (!dctx)
+ return 0;
+ for (td = drbg_test; td->nid != 0; td++)
+ {
+ if (td->post != 1)
+ continue;
+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
+ return 1;
+ if (!fips_drbg_single_kat(dctx, td, 1))
+ {
+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
+ rv = 0;
+ continue;
+ }
+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
+ return 0;
+ }
+ FIPS_drbg_free(dctx);
+ return rv;
+ }
+
+
+int FIPS_selftest_drbg_all(void)
{
DRBG_CTX *dctx;
DRBG_SELFTEST_DATA *td;
{
if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
return 1;
- if (!fips_drbg_single_kat(dctx, td))
+ if (!fips_drbg_single_kat(dctx, td, 0))
{
fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
rv = 0;
continue;
}
- if (!fips_drbg_health_check(dctx, td))
+ if (!fips_drbg_error_check(dctx, td))
{
fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
rv = 0;
return rv;
}
-
-
-