├── LICENSE ├── README.md ├── hash_drbg.c ├── hash_drbg.h ├── hash_drbg_error_codes.h ├── test_data_1.txt ├── test_data_2.txt ├── test_data_3.txt ├── test_data_4.txt ├── test_demo.c ├── test_hash_drbg.c └── test_hash_drbg.h /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 greendow 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hash\_DRBG in NIST SP 800-90A Rev.1 2 |     A **DRBG** (Deterministic Random Bit Generator) is used to obtain pseudorandom bits for different purposes. In NIST SP 800-90A Revision 1 *Recommendation for Random Number Generation Using Deterministic Random Bit Generators* (Link: [https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final](https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)), the following three constructions of DRBG are provided: Hash\_DRBG, HMAC\_DRBG and CTR\_DRBG. The construction of the hash DRBG includes the modular arithmetic of big number, which results in its low efficiency. CTR\_DRBG is preferred when performance is more important in practical use. 3 |     The hash DRBG is defined in chapter 10.1.1 of NIST SP 800-90A Rev.1. An implementation based on the big number arithmetic and the hash function provided by OpenSSL 1.1.1 is given here. Header files and library files of OpenSSL 1.1.1 are needed while compiling and linking. OpenSSL website is: [https://www.openssl.org](https://www.openssl.org) 4 |     The security strength of DRBG is determined by the hash algorithm used. This implementation only supports hash functions whose output length is 256-bit or 512-bit. SHA-1 is deprecated for its insecurity. Only SHA-256 or SHA-512 is recommended to use as the building block for DRBG here. As noted in NIST SP 800-90A, there is no efficiency benefit when using SHA-224 rather than SHA-256 since SHA-224 is based on SHA-256. Similarly, there is no efficiency benefit for using SHA-384, SHA-512/224 and SHA-512/256 rather than using SHA-512 since these three SHA mechanisms are based on SHA-512. A structure called EVP\_MD is employed to specify the hash function. EVP\_MD is defined in OpenSSL. Such a structure implies that any hash function can be used to build the hash DRBG here as long as its output length is 256-bit or 512-bit. For example, SHA3-256 and SHA3-512 are not included in NIST SP 800-90A, but either of them can be used to build a non-standard hash DRBG in certain circumstances. 5 | Note: 6 |     There is a macro *\_HASH_DRBG_DEBUG* in hash\_drbg.h. It is undefined at default. The macro can only be defined while displaying intermediate values in debug process. It **MUST** be undefined in practical use! Make sure that it is **UNDEFINED**! 7 | 8 | Work with OpenSSL 3.0.0 ? 9 |     The codes here is designed to be run with OpenSSL 1.1.1. But it can be compiled and run with OpenSSL 3.0.0 on Linux platform. Test with CentOS Linux 7.9 + gcc 4.8.5 + OpenSSL 3.0.0 has passed. The codes cannot be compiled on Windows platform with OpenSSL 3.0.0. 10 | -------------------------------------------------------------------------------- /hash_drbg.c: -------------------------------------------------------------------------------- 1 | /************************************************** 2 | * File name: hash_drbg.c 3 | * Author: HAN Wei 4 | * Author's blog: https://blog.csdn.net/henter/ 5 | * Date: Feb 9th, 2019 6 | * Description: implement hash DRBG construction functions 7 | **************************************************/ 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include "hash_drbg_error_codes.h" 16 | #include "hash_drbg.h" 17 | 18 | int hash_df(HASH_DRBG_CTX *drbg_ctx, 19 | unsigned char *input, 20 | unsigned int input_len, 21 | unsigned int output_len, 22 | unsigned char *output) 23 | { 24 | unsigned int output_bit_len = output_len * 8; /* size in bits */ 25 | unsigned char counter = 1; 26 | unsigned char bits_to_return[4]; 27 | unsigned char md_value[EVP_MAX_MD_SIZE]; 28 | unsigned char *p = output; 29 | #ifdef _HASH_DRBG_DEBUG 30 | int i; 31 | #endif 32 | 33 | int residual; 34 | EVP_MD_CTX *md_ctx; 35 | 36 | if ( (!(input)) || (!(output)) ) 37 | { 38 | return INVALID_NULL_VALUE_INPUT; 39 | } 40 | 41 | if ( (!(input_len)) || (!(output_len)) ) 42 | { 43 | return INVALID_INPUT_LENGTH; 44 | } 45 | 46 | 47 | if ( output_len > (255 * drbg_ctx->hash_output_len) ) 48 | { 49 | return INVALID_INPUT_LENGTH; 50 | } 51 | 52 | /* present an 32-bit unsigned int in big-endian format */ 53 | bits_to_return[0] = (unsigned char)((output_bit_len >> 24) & 0xFF); 54 | bits_to_return[1] = (unsigned char)((output_bit_len >> 16) & 0xFF); 55 | bits_to_return[2] = (unsigned char)((output_bit_len >> 8) & 0xFF); 56 | bits_to_return[3] = (unsigned char)(output_bit_len & 0xFF); 57 | 58 | if ( !(md_ctx = EVP_MD_CTX_new()) ) 59 | { 60 | return MEMOMY_ALLOCATION_FAIL; 61 | } 62 | 63 | residual = (int)(output_len); 64 | while (residual > 0) 65 | { 66 | EVP_DigestInit_ex(md_ctx, drbg_ctx->md, NULL); 67 | EVP_DigestUpdate(md_ctx, &counter, sizeof(counter)); 68 | EVP_DigestUpdate(md_ctx, bits_to_return, sizeof(bits_to_return)); 69 | EVP_DigestUpdate(md_ctx, input, input_len); 70 | EVP_DigestFinal_ex(md_ctx, md_value, NULL); 71 | #ifdef _HASH_DRBG_DEBUG 72 | printf("Hash(counter||no_of_bits_to_return||input_string) value:\n"); 73 | for (i = 0; i < (int)(drbg_ctx->hash_output_len); i++) 74 | { 75 | printf("0x%x ", md_value[i]); 76 | } 77 | printf("\n"); 78 | #endif 79 | 80 | if ( residual >= (int)(drbg_ctx->hash_output_len) ) 81 | { 82 | memcpy(p, md_value, drbg_ctx->hash_output_len); 83 | } 84 | else 85 | { 86 | memcpy(p, md_value, residual); 87 | } 88 | 89 | counter++; 90 | p += drbg_ctx->hash_output_len; 91 | residual -= drbg_ctx->hash_output_len; 92 | } 93 | 94 | EVP_MD_CTX_free(md_ctx); 95 | return 0; 96 | } 97 | 98 | HASH_DRBG_CTX* hash_drbg_ctx_new(void) 99 | { 100 | HASH_DRBG_CTX *p; 101 | 102 | if ( !(p = (HASH_DRBG_CTX *)malloc(sizeof(HASH_DRBG_CTX))) ) 103 | { 104 | return NULL; 105 | } 106 | return p; 107 | } 108 | 109 | void hash_drbg_ctx_free(HASH_DRBG_CTX *drbg_ctx) 110 | { 111 | if (drbg_ctx) 112 | { 113 | memset(drbg_ctx, 0, sizeof(HASH_DRBG_CTX)); 114 | free(drbg_ctx); 115 | } 116 | } 117 | 118 | int hash_drbg_instantiate(const EVP_MD *md, 119 | unsigned char *entropy, 120 | unsigned int entropy_len, 121 | unsigned char *nonce, 122 | unsigned int nonce_len, 123 | unsigned char *per_string, 124 | unsigned int per_string_len, 125 | HASH_DRBG_CTX *drbg_ctx) 126 | { 127 | int error_code; 128 | unsigned int hash_output_len; 129 | unsigned char *seed_material, *buffer, *p; 130 | unsigned int seed_material_len; 131 | #ifdef _HASH_DRBG_DEBUG 132 | int i; 133 | #endif 134 | 135 | if ( (!(md)) || (!(entropy)) || (!(drbg_ctx)) ) 136 | { 137 | return INVALID_NULL_VALUE_INPUT; 138 | } 139 | 140 | if ( !(entropy_len) ) 141 | { 142 | return INVALID_INPUT_LENGTH; 143 | } 144 | 145 | drbg_ctx->md = md; 146 | hash_output_len = EVP_MD_size(md); 147 | switch (hash_output_len) 148 | { 149 | case 32: 150 | drbg_ctx->hash_output_len = 32; 151 | drbg_ctx->seed_byte_len = 55; 152 | drbg_ctx->security_strength = 16; 153 | break; 154 | case 64: 155 | drbg_ctx->hash_output_len = 64; 156 | drbg_ctx->seed_byte_len = 111; 157 | drbg_ctx->security_strength = 32; 158 | break; 159 | default: 160 | return INVALID_HASH_ALGORITHM; 161 | } 162 | 163 | if ( entropy_len < drbg_ctx->security_strength ) 164 | { 165 | return INVALID_INPUT_LENGTH; 166 | } 167 | 168 | seed_material_len = entropy_len + nonce_len + per_string_len; 169 | if ( (!(seed_material = (unsigned char *)malloc(seed_material_len))) ) 170 | { 171 | return MEMOMY_ALLOCATION_FAIL; 172 | } 173 | p = seed_material; 174 | memcpy(p, entropy, entropy_len); 175 | p += entropy_len; 176 | 177 | if (nonce_len) 178 | { 179 | memcpy(p, nonce, nonce_len); 180 | p += nonce_len; 181 | } 182 | 183 | if (per_string_len) 184 | { 185 | memcpy(p, per_string, per_string_len); 186 | } 187 | 188 | #ifdef _HASH_DRBG_DEBUG 189 | printf("Seed material length is %d bytes.\n", seed_material_len); 190 | printf("Seed material:\n"); 191 | for (i = 0; i < (int)seed_material_len; i++) 192 | { 193 | printf("0x%x ", seed_material[i]); 194 | } 195 | printf("\n"); 196 | #endif 197 | if ( error_code = hash_df(drbg_ctx, 198 | seed_material, 199 | seed_material_len, 200 | drbg_ctx->seed_byte_len, 201 | drbg_ctx->V) ) 202 | { 203 | free(seed_material); 204 | return error_code; 205 | } 206 | free(seed_material); 207 | #ifdef _HASH_DRBG_DEBUG 208 | printf("V:\n"); 209 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 210 | { 211 | printf("0x%x ", drbg_ctx->V[i]); 212 | } 213 | printf("\n"); 214 | #endif 215 | 216 | if ( !(buffer = (unsigned char *)malloc((1 + drbg_ctx->seed_byte_len))) ) 217 | { 218 | return MEMOMY_ALLOCATION_FAIL; 219 | } 220 | p = buffer; 221 | p[0] = 0; 222 | p++; 223 | memcpy(p, drbg_ctx->V, drbg_ctx->seed_byte_len); 224 | 225 | if ( error_code = hash_df(drbg_ctx, 226 | buffer, 227 | (1 + drbg_ctx->seed_byte_len), 228 | drbg_ctx->seed_byte_len, 229 | drbg_ctx->C) ) 230 | { 231 | free(buffer); 232 | return error_code; 233 | } 234 | free(buffer); 235 | #ifdef _HASH_DRBG_DEBUG 236 | printf("C:\n"); 237 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 238 | { 239 | printf("0x%x ", drbg_ctx->C[i]); 240 | } 241 | printf("\n"); 242 | #endif 243 | 244 | drbg_ctx->reseed_counter = 1; 245 | return 0; 246 | } 247 | 248 | int reseed_hash_drbg(HASH_DRBG_CTX *drbg_ctx, 249 | unsigned char *entropy, 250 | unsigned int entropy_len, 251 | unsigned char *addition_input, 252 | unsigned int addition_input_len) 253 | { 254 | int error_code; 255 | unsigned char *seed_material, *buffer, *p; 256 | unsigned int seed_material_len; 257 | #ifdef _HASH_DRBG_DEBUG 258 | int i; 259 | #endif 260 | 261 | if ( (!(drbg_ctx)) || (!(entropy)) ) 262 | { 263 | return INVALID_NULL_VALUE_INPUT; 264 | } 265 | 266 | if ( (!(entropy_len)) || (entropy_len < drbg_ctx->security_strength) ) 267 | { 268 | return INVALID_INPUT_LENGTH; 269 | } 270 | 271 | seed_material_len = 1 + drbg_ctx->seed_byte_len + entropy_len + addition_input_len; 272 | if ( (!(seed_material = (unsigned char *)malloc(seed_material_len))) ) 273 | { 274 | return MEMOMY_ALLOCATION_FAIL; 275 | } 276 | 277 | p = seed_material; 278 | p[0] = 1; 279 | p++; 280 | memcpy(p, drbg_ctx->V, drbg_ctx->seed_byte_len); 281 | p += drbg_ctx->seed_byte_len; 282 | memcpy(p, entropy, entropy_len); 283 | p += entropy_len; 284 | 285 | if (addition_input_len) 286 | { 287 | memcpy(p, addition_input, addition_input_len); 288 | } 289 | #ifdef _HASH_DRBG_DEBUG 290 | printf("Seed material length is %d bytes.\n", seed_material_len); 291 | printf("Seed material:\n"); 292 | for (i = 0; i < (int)seed_material_len; i++) 293 | { 294 | printf("0x%x ", seed_material[i]); 295 | } 296 | printf("\n"); 297 | #endif 298 | 299 | if ( error_code = hash_df(drbg_ctx, 300 | seed_material, 301 | seed_material_len, 302 | drbg_ctx->seed_byte_len, 303 | drbg_ctx->V) ) 304 | { 305 | free(seed_material); 306 | return error_code; 307 | } 308 | free(seed_material); 309 | 310 | if ( !(buffer = (unsigned char *)malloc((1 + drbg_ctx->seed_byte_len))) ) 311 | { 312 | return MEMOMY_ALLOCATION_FAIL; 313 | } 314 | p = buffer; 315 | p[0] = 0; 316 | p++; 317 | memcpy(p, drbg_ctx->V, drbg_ctx->seed_byte_len); 318 | #ifdef _HASH_DRBG_DEBUG 319 | printf("V:\n"); 320 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 321 | { 322 | printf("0x%x ", drbg_ctx->V[i]); 323 | } 324 | printf("\n"); 325 | #endif 326 | 327 | if ( error_code = hash_df(drbg_ctx, 328 | buffer, 329 | (1 + drbg_ctx->seed_byte_len), 330 | drbg_ctx->seed_byte_len, 331 | drbg_ctx->C) ) 332 | { 333 | free(buffer); 334 | return error_code; 335 | } 336 | free(buffer); 337 | #ifdef _HASH_DRBG_DEBUG 338 | printf("C:\n"); 339 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 340 | { 341 | printf("0x%x ", drbg_ctx->C[i]); 342 | } 343 | printf("\n"); 344 | #endif 345 | 346 | drbg_ctx->reseed_counter = (long long)(1); 347 | return 0; 348 | } 349 | 350 | int hash_gen(HASH_DRBG_CTX *drbg_ctx, 351 | unsigned int output_len, 352 | unsigned char *output) 353 | { 354 | int error_code; 355 | unsigned char data[MAX_SEED_BYTE_LENGTH]; 356 | unsigned char module_1[56] = {1, 357 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 358 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 359 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 360 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 361 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 362 | unsigned char module_2[112] = {1, 363 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 364 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 365 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 366 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 367 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 368 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 369 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 370 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 371 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 372 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 373 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 374 | int residual; 375 | unsigned char *p; 376 | EVP_MD_CTX *md_ctx; 377 | unsigned char md_value[EVP_MAX_MD_SIZE]; 378 | BN_CTX *bn_ctx = NULL; 379 | BIGNUM *bn_data = NULL, *bn_one = NULL, *bn_module = NULL, *bn_sum = NULL; 380 | #ifdef _HASH_DRBG_DEBUG 381 | int i; 382 | char *q; 383 | #endif 384 | 385 | if ( (!(drbg_ctx)) || (!(output)) ) 386 | { 387 | return INVALID_NULL_VALUE_INPUT; 388 | } 389 | if ( (!(output_len)) ) 390 | { 391 | return INVALID_INPUT_LENGTH; 392 | } 393 | 394 | p = output; 395 | if ( !(md_ctx = EVP_MD_CTX_new()) ) 396 | { 397 | return MEMOMY_ALLOCATION_FAIL; 398 | } 399 | memcpy(data, drbg_ctx->V, drbg_ctx->seed_byte_len); 400 | #ifdef _HASH_DRBG_DEBUG 401 | printf("data:\n"); 402 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 403 | { 404 | printf("0x%x ", data[i]); 405 | } 406 | printf("\n"); 407 | #endif 408 | residual = (int)output_len; 409 | if ( (!(bn_ctx = BN_CTX_secure_new())) ) 410 | { 411 | EVP_MD_CTX_free(md_ctx); 412 | return MEMOMY_ALLOCATION_FAIL; 413 | } 414 | BN_CTX_start(bn_ctx); 415 | bn_data = BN_CTX_get(bn_ctx); 416 | bn_one = BN_CTX_get(bn_ctx); 417 | bn_module = BN_CTX_get(bn_ctx); 418 | bn_sum = BN_CTX_get(bn_ctx); 419 | if ( !(bn_sum) ) 420 | { 421 | BN_CTX_end(bn_ctx); 422 | BN_CTX_free(bn_ctx); 423 | EVP_MD_CTX_free(md_ctx); 424 | return MEMOMY_ALLOCATION_FAIL; 425 | } 426 | 427 | error_code = BIG_NUM_ARITHMETIC_ERROR; 428 | if ( !(BN_one(bn_one)) ) 429 | { 430 | goto clean_up; 431 | } 432 | switch (drbg_ctx->seed_byte_len) 433 | { 434 | case 55: 435 | if ( !(BN_bin2bn(module_1, sizeof(module_1), bn_module)) ) 436 | { 437 | goto clean_up; 438 | } 439 | break; 440 | case 111: 441 | if ( !(BN_bin2bn(module_2, sizeof(module_2), bn_module)) ) 442 | { 443 | goto clean_up; 444 | } 445 | break; 446 | default: 447 | goto clean_up; 448 | } 449 | #ifdef _HASH_DRBG_DEBUG 450 | printf("Module: \n"); 451 | q = BN_bn2hex(bn_module); 452 | printf("%s\n", q); 453 | OPENSSL_free(q); 454 | printf("\n"); 455 | #endif 456 | 457 | while (residual > 0 ) 458 | { 459 | EVP_DigestInit_ex(md_ctx, drbg_ctx->md, NULL); 460 | EVP_DigestUpdate(md_ctx, data, drbg_ctx->seed_byte_len); 461 | EVP_DigestFinal_ex(md_ctx, md_value, NULL); 462 | #ifdef _HASH_DRBG_DEBUG 463 | printf("w:\n"); 464 | for (i = 0; i < (int)(drbg_ctx->hash_output_len); i++) 465 | { 466 | printf("0x%x ", md_value[i]); 467 | } 468 | printf("\n"); 469 | #endif 470 | 471 | if ( residual >= (int)(drbg_ctx->hash_output_len) ) 472 | { 473 | memcpy(p, md_value, drbg_ctx->hash_output_len); 474 | } 475 | else 476 | { 477 | memcpy(p, md_value, residual); 478 | } 479 | 480 | p += drbg_ctx->hash_output_len; 481 | residual -= drbg_ctx->hash_output_len; 482 | 483 | if (residual > 0) 484 | { 485 | if ( !(BN_bin2bn(data, drbg_ctx->seed_byte_len, bn_data)) ) 486 | { 487 | goto clean_up; 488 | } 489 | if ( (!(BN_mod_add(bn_sum, bn_data, bn_one, bn_module, bn_ctx))) ) 490 | { 491 | goto clean_up; 492 | } 493 | if ( BN_bn2binpad(bn_sum, 494 | data, 495 | drbg_ctx->seed_byte_len) != drbg_ctx->seed_byte_len ) 496 | { 497 | goto clean_up; 498 | } 499 | } 500 | } 501 | error_code = 0; 502 | 503 | clean_up: 504 | BN_CTX_end(bn_ctx); 505 | BN_CTX_free(bn_ctx); 506 | EVP_MD_CTX_free(md_ctx); 507 | return error_code; 508 | } 509 | 510 | int gen_rnd_bytes_with_hash_drbg(HASH_DRBG_CTX *drbg_ctx, 511 | unsigned int rnd_byte_len, 512 | unsigned char *addition_input, 513 | unsigned int addition_input_len, 514 | unsigned char *rnd) 515 | { 516 | int error_code, rtn_val; 517 | unsigned char module_1[56] = {1, 518 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 519 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 520 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 521 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 522 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 523 | unsigned char module_2[112] = {1, 524 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 525 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 526 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 527 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 528 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 529 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 530 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 531 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 532 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 533 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 534 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 535 | unsigned char prefix_char, reseed_cnt[8]; 536 | EVP_MD_CTX *md_ctx; 537 | unsigned char md_value[EVP_MAX_MD_SIZE]; 538 | BN_CTX *bn_ctx = NULL; 539 | BIGNUM *bn_w = NULL, *bn_V = NULL, *bn_module = NULL, *bn_H = NULL; 540 | BIGNUM *bn_C = NULL, *bn_reseed_cnt = NULL, *bn_sum = NULL; 541 | BIGNUM *bn_tmp_sum_1 = NULL, *bn_tmp_sum_2 = NULL; 542 | #ifdef _HASH_DRBG_DEBUG 543 | int i; 544 | #endif 545 | 546 | if ( (!(drbg_ctx)) || (!(rnd)) ) 547 | { 548 | return INVALID_NULL_VALUE_INPUT; 549 | } 550 | if ( drbg_ctx->reseed_counter > MAX_RESEED_INTERVAL ) 551 | { 552 | return REQUIRE_RESEED; 553 | } 554 | 555 | if ( (!(rnd_byte_len)) || (rnd_byte_len > MAX_BYTE_COUNT_PER_REQUEST) ) 556 | { 557 | return INVALID_INPUT_LENGTH; 558 | } 559 | 560 | reseed_cnt[0] = (unsigned char )((drbg_ctx->reseed_counter >> 56) & 0xFF); 561 | reseed_cnt[1] = (unsigned char )((drbg_ctx->reseed_counter >> 48) & 0xFF); 562 | reseed_cnt[2] = (unsigned char )((drbg_ctx->reseed_counter >> 40) & 0xFF); 563 | reseed_cnt[3] = (unsigned char )((drbg_ctx->reseed_counter >> 32) & 0xFF); 564 | reseed_cnt[4] = (unsigned char )((drbg_ctx->reseed_counter >> 24) & 0xFF); 565 | reseed_cnt[5] = (unsigned char )((drbg_ctx->reseed_counter >> 16) & 0xFF); 566 | reseed_cnt[6] = (unsigned char )((drbg_ctx->reseed_counter >> 8) & 0xFF); 567 | reseed_cnt[7] = (unsigned char )(drbg_ctx->reseed_counter & 0xFF); 568 | 569 | if ( !(md_ctx = EVP_MD_CTX_new()) ) 570 | { 571 | return MEMOMY_ALLOCATION_FAIL; 572 | } 573 | if ( !(bn_ctx = BN_CTX_secure_new()) ) 574 | { 575 | EVP_MD_CTX_free(md_ctx); 576 | return MEMOMY_ALLOCATION_FAIL; 577 | } 578 | BN_CTX_start(bn_ctx); 579 | bn_w = BN_CTX_get(bn_ctx); 580 | bn_V = BN_CTX_get(bn_ctx); 581 | bn_module = BN_CTX_get(bn_ctx); 582 | bn_H = BN_CTX_get(bn_ctx); 583 | bn_C = BN_CTX_get(bn_ctx); 584 | bn_reseed_cnt = BN_CTX_get(bn_ctx); 585 | bn_sum = BN_CTX_get(bn_ctx); 586 | bn_tmp_sum_1 = BN_CTX_get(bn_ctx); 587 | bn_tmp_sum_2 = BN_CTX_get(bn_ctx); 588 | if ( !(bn_tmp_sum_2) ) 589 | { 590 | BN_CTX_end(bn_ctx); 591 | BN_CTX_free(bn_ctx); 592 | EVP_MD_CTX_free(md_ctx); 593 | return MEMOMY_ALLOCATION_FAIL; 594 | } 595 | 596 | error_code = BIG_NUM_ARITHMETIC_ERROR; 597 | switch (drbg_ctx->seed_byte_len) 598 | { 599 | case 55: 600 | if ( !(BN_bin2bn(module_1, sizeof(module_1), bn_module)) ) 601 | { 602 | goto clean_up; 603 | } 604 | break; 605 | case 111: 606 | if ( !(BN_bin2bn(module_2, sizeof(module_2), bn_module)) ) 607 | { 608 | goto clean_up; 609 | } 610 | break; 611 | default: 612 | goto clean_up; 613 | } 614 | 615 | if (addition_input_len) 616 | { 617 | prefix_char = 2; 618 | EVP_DigestInit_ex(md_ctx, drbg_ctx->md, NULL); 619 | EVP_DigestUpdate(md_ctx, &prefix_char, sizeof(prefix_char)); 620 | EVP_DigestUpdate(md_ctx, drbg_ctx->V, drbg_ctx->seed_byte_len); 621 | EVP_DigestUpdate(md_ctx, addition_input, addition_input_len); 622 | EVP_DigestFinal_ex(md_ctx, md_value, NULL); 623 | #ifdef _HASH_DRBG_DEBUG 624 | printf("w = Hash(0x02||V||additional_input) is:\n"); 625 | for (i = 0; i < (int)(drbg_ctx->hash_output_len); i++) 626 | { 627 | printf("0x%x ", md_value[i]); 628 | } 629 | printf("\n"); 630 | #endif 631 | 632 | if ( !(BN_bin2bn(md_value, drbg_ctx->hash_output_len, bn_w)) ) 633 | { 634 | goto clean_up; 635 | } 636 | if ( !(BN_bin2bn(drbg_ctx->V, drbg_ctx->seed_byte_len, bn_V)) ) 637 | { 638 | goto clean_up; 639 | } 640 | if ( !(BN_mod_add(bn_sum, bn_V, bn_w, bn_module, bn_ctx)) ) 641 | { 642 | goto clean_up; 643 | } 644 | if ( BN_bn2binpad(bn_sum, 645 | drbg_ctx->V, 646 | drbg_ctx->seed_byte_len) != drbg_ctx->seed_byte_len ) 647 | { 648 | goto clean_up; 649 | } 650 | #ifdef _HASH_DRBG_DEBUG 651 | printf("V:\n"); 652 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 653 | { 654 | printf("0x%x ", drbg_ctx->V[i]); 655 | } 656 | printf("\n"); 657 | #endif 658 | } 659 | 660 | if ( (rtn_val = hash_gen(drbg_ctx, 661 | rnd_byte_len, 662 | rnd)) ) 663 | { 664 | error_code = rtn_val; 665 | goto clean_up; 666 | } 667 | 668 | prefix_char = 3; 669 | EVP_DigestInit_ex(md_ctx, drbg_ctx->md, NULL); 670 | EVP_DigestUpdate(md_ctx, &prefix_char, sizeof(prefix_char)); 671 | EVP_DigestUpdate(md_ctx, drbg_ctx->V, drbg_ctx->seed_byte_len); 672 | EVP_DigestFinal_ex(md_ctx, md_value, NULL); 673 | #ifdef _HASH_DRBG_DEBUG 674 | printf("H:\n"); 675 | for (i = 0; i < (int)(drbg_ctx->hash_output_len); i++) 676 | { 677 | printf("0x%x ", md_value[i]); 678 | } 679 | printf("\n"); 680 | #endif 681 | 682 | if ( !(BN_bin2bn(md_value, drbg_ctx->hash_output_len, bn_H)) ) 683 | { 684 | goto clean_up; 685 | } 686 | if ( !(BN_bin2bn(drbg_ctx->V, drbg_ctx->seed_byte_len, bn_V)) ) 687 | { 688 | goto clean_up; 689 | } 690 | if ( !(BN_bin2bn(drbg_ctx->C, drbg_ctx->seed_byte_len, bn_C)) ) 691 | { 692 | goto clean_up; 693 | } 694 | if ( !(BN_bin2bn(reseed_cnt, sizeof(reseed_cnt), bn_reseed_cnt)) ) 695 | { 696 | goto clean_up; 697 | } 698 | 699 | if ( (!(BN_mod_add(bn_tmp_sum_1, bn_V, bn_H, bn_module, bn_ctx))) ) 700 | { 701 | goto clean_up; 702 | } 703 | if ( (!(BN_mod_add(bn_tmp_sum_2, bn_tmp_sum_1, bn_C, bn_module, bn_ctx))) ) 704 | { 705 | goto clean_up; 706 | } 707 | if ( (!(BN_mod_add(bn_sum, bn_tmp_sum_2, bn_reseed_cnt, bn_module, bn_ctx))) ) 708 | { 709 | goto clean_up; 710 | } 711 | if ( BN_bn2binpad(bn_sum, 712 | drbg_ctx->V, 713 | drbg_ctx->seed_byte_len) != drbg_ctx->seed_byte_len ) 714 | { 715 | goto clean_up; 716 | } 717 | #ifdef _HASH_DRBG_DEBUG 718 | printf("V:\n"); 719 | for (i = 0; i < (int)(drbg_ctx->seed_byte_len); i++) 720 | { 721 | printf("0x%x ", drbg_ctx->V[i]); 722 | } 723 | printf("\n"); 724 | #endif 725 | error_code = 0; 726 | (drbg_ctx->reseed_counter)++; 727 | 728 | clean_up: 729 | BN_CTX_end(bn_ctx); 730 | BN_CTX_free(bn_ctx); 731 | EVP_MD_CTX_free(md_ctx); 732 | return error_code; 733 | } 734 | -------------------------------------------------------------------------------- /hash_drbg.h: -------------------------------------------------------------------------------- 1 | /************************************************** 2 | * File name: hash_drbg.h 3 | * Author: HAN Wei 4 | * Author's blog: https://blog.csdn.net/henter/ 5 | * Date: Feb 8th, 2019 6 | * Description: declare hash DRBG construction functions 7 | **************************************************/ 8 | 9 | #ifndef HEADER_HASH_DRBG_CONSTRUCTION_FUNCTIONS_H 10 | #define HEADER_HASH_DRBG_CONSTRUCTION_FUNCTIONS_H 11 | 12 | #include 13 | 14 | #define MAX_SEED_BYTE_LENGTH (unsigned int)(111) 15 | #define MAX_RESEED_INTERVAL (long long)(281474976710656) 16 | #define MAX_BYTE_COUNT_PER_REQUEST (unsigned int)(65536) 17 | 18 | /* The macro '_HASH_DRBG_DEBUG' can only be defined in debug version. 19 | It must be undefined in release vesion! */ 20 | //#define _HASH_DRBG_DEBUG 21 | 22 | typedef struct hash_drbg_context { 23 | const EVP_MD *md; 24 | unsigned char V[MAX_SEED_BYTE_LENGTH]; 25 | unsigned char C[MAX_SEED_BYTE_LENGTH]; 26 | unsigned int hash_output_len; 27 | unsigned int security_strength; 28 | unsigned int seed_byte_len; 29 | long long reseed_counter; 30 | } HASH_DRBG_CTX; 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif 35 | 36 | /************************************************** 37 | * Name: hash_df 38 | * Function: evaluate Hash_df (hash derivation function) 39 | * Parameters: 40 | drbg_ctx[in] Hash DRBG context 41 | input[in] input message 42 | input[in] length of input message, size in bytes 43 | output_len[in] the number to be returned, size in bytes 44 | output[out] output of Hash_df function 45 | * Return value: 46 | 0: function executes successfully 47 | any other value: an error occurs 48 | * Notes: 49 | Hash_df function is defined in chapter 10.3.1, 'Derivation Function 50 | Using a Hash Function (Hash_df)' of NIST SP 800-90A Rev.1. 51 | **************************************************/ 52 | int hash_df(HASH_DRBG_CTX *drbg_ctx, 53 | unsigned char *input, 54 | unsigned int input_len, 55 | unsigned int output_len, 56 | unsigned char *output); 57 | 58 | /************************************************** 59 | * Name: hash_drbg_ctx_new 60 | * Function: create a Hash DRBG context 61 | * Return value: 62 | A pointer that points to the new created Hash DRBG context 63 | structure is returned. NULL is returned when an error occurs. 64 | * Notes: 65 | The Hash DRBG context created by this function must be freed 66 | by invoking hash_drbg_ctx_free( ), otherwise memory leak occurs. 67 | **************************************************/ 68 | HASH_DRBG_CTX* hash_drbg_ctx_new(void); 69 | 70 | /************************************************** 71 | * Name: hash_drbg_ctx_free 72 | * Function: free a Hash DRBG context 73 | * Parameters: 74 | drbg_ctx[in] Hash DRBG context 75 | **************************************************/ 76 | void hash_drbg_ctx_free(HASH_DRBG_CTX *drbg_ctx); 77 | 78 | /************************************************** 79 | * Name: hash_drbg_instantiate 80 | * Function: instantiate a Hash DRBG 81 | * Parameters: 82 | md[in] a pointer that points to a EVP_MD 83 | structure defined in OpenSSL 84 | entropy[in] input entropy 85 | entropy_len[in] length of input entropy, size in bytes 86 | nonce[in] input nonce 87 | nonce_len[in] length of input nonce 88 | per_string input personalization string 89 | per_string_len[in] length of personalization string, size in bytes 90 | drbg_ctx[in] Hash DRBG context 91 | * Return value: 92 | 0: function executes successfully 93 | any other value: an error occurs 94 | * Notes: 95 | 1. Minimum entropy and Minimum entropy input length are defined in chapter 96 | 10.1, 'DRBG Mechanisms Based on Hash Functions' of NIST SP 800-90A Rev.1. 97 | 2. The hash algorithm employed by the Hash DRBG is determined by the 98 | parameter 'md'. Optional hash algorithm set includes SHA-256 and SHA-512. 99 | SHA-256 is recommended in this implementation. Implicitly, some other 100 | algorithms, such as SHA3-256 and SHA3-512 can be used here although they 101 | are not included in NIST SP 800-90A Rev.1. 102 | **************************************************/ 103 | int hash_drbg_instantiate(const EVP_MD *md, 104 | unsigned char *entropy, 105 | unsigned int entropy_len, 106 | unsigned char *nonce, 107 | unsigned int nonce_len, 108 | unsigned char *per_string, 109 | unsigned int per_string_len, 110 | HASH_DRBG_CTX *drbg_ctx); 111 | 112 | /************************************************** 113 | * Name: reseed_hash_drbg 114 | * Function: reseed a Hash DRBG 115 | * Parameters: 116 | drbg_ctx[in] Hash DRBG context 117 | entropy[in] input entropy 118 | entropy_len[in] length of input entropy, size in bytes 119 | addition_input[in] additional input 120 | addition_input_len[in] length of additional input, size in bytes 121 | * Return value: 122 | 0: function executes successfully 123 | any other value: an error occurs 124 | * Notes: 125 | 1. Minimum entropy, minimum entropy input length and reseed interval are 126 | defined in chapter 10.1, 'DRBG Mechanisms Based on Hash Functions' of 127 | NIST SP 800-90A Rev.1. 128 | 2. When prediction resistance is required, this function must be invoked 129 | each time before generating random bytes with the Hash DRBG, that is, 130 | before invoking gen_rnd_bytes_with_hash_drbg( ). 131 | **************************************************/ 132 | int reseed_hash_drbg(HASH_DRBG_CTX *drbg_ctx, 133 | unsigned char *entropy, 134 | unsigned int entropy_len, 135 | unsigned char *addition_input, 136 | unsigned int addition_input_len); 137 | 138 | /************************************************** 139 | * Name: hash_gen 140 | * Function: evaluate HashGen function 141 | * Parameters: 142 | drbg_ctx[in] Hash DRBG context 143 | output_len[in] the number to be returned, size in bytes 144 | output[out] output of random bytes 145 | * Return value: 146 | 0: function executes successfully 147 | any other value: an error occurs 148 | * Notes: 149 | HashGen function is defined in chapter 10.1.1.4, 'Generating 150 | Pseudorandom Bits Using Hash_DRBG' of NIST SP 800-90A Rev.1. 151 | **************************************************/ 152 | int hash_gen(HASH_DRBG_CTX *drbg_ctx, 153 | unsigned int output_len, 154 | unsigned char *output); 155 | 156 | /************************************************** 157 | * Name: gen_rnd_bytes_with_hash_drbg 158 | * Function: generate pseudorandom byts using Hash_DRBG 159 | * Parameters: 160 | drbg_ctx[in] Hash DRBG context 161 | rnd_byte_len[in] the number to be returned, size in bytes 162 | addition_input[in] additional input 163 | addition_input_len[in] length of additional input, size in bytes 164 | rnd[out] output of pseudorandom bytes 165 | * Return value: 166 | 0: function executes successfully 167 | any other value: an error occurs 168 | * Notes: 169 | 1. Maximum number of bits per request is defined in chapter 10.1, 170 | 'DRBG Mechanisms Based on Hash Functions' of NIST SP 800-90A Rev.1. 171 | 2. The maximum length of pseudorandom bytes generated by this function 172 | is 65536-byte. When more pseudorandom bytes are required, this 173 | function must be invoked iteratively. 174 | **************************************************/ 175 | int gen_rnd_bytes_with_hash_drbg(HASH_DRBG_CTX *drbg_ctx, 176 | unsigned int rnd_byte_len, 177 | unsigned char *addition_input, 178 | unsigned int addition_input_len, 179 | unsigned char *rnd); 180 | 181 | #ifdef __cplusplus 182 | } 183 | #endif 184 | 185 | #endif /* end of HEADER_HASH_DRBG_CONSTRUCTION_FUNCTIONS_H */ 186 | -------------------------------------------------------------------------------- /hash_drbg_error_codes.h: -------------------------------------------------------------------------------- 1 | /************************************************** 2 | * File name: hash_drbg_error_codes.h 3 | * Author: HAN Wei 4 | * Author's blog: https://blog.csdn.net/henter/ 5 | * Date: Feb 7th, 2019 6 | * Description: define error codes used in hash 7 | DRBG functions 8 | **************************************************/ 9 | 10 | #ifndef HEADER_HASH_DRBG_ERROR_CODES_H 11 | #define HEADER_HASH_DRBG_ERROR_CODES_H 12 | 13 | #define INVALID_NULL_VALUE_INPUT 0x1000 14 | #define INVALID_INPUT_LENGTH 0x1001 15 | #define MEMOMY_ALLOCATION_FAIL 0x1002 16 | #define INVALID_HASH_ALGORITHM 0x1003 17 | #define REQUIRE_RESEED 0x1004 18 | #define BIG_NUM_ARITHMETIC_ERROR 0x1005 19 | 20 | #endif /* end of HEADER_HASH_DRBG_ERROR_CODES_H */ 21 | -------------------------------------------------------------------------------- /test_data_1.txt: -------------------------------------------------------------------------------- 1 | The following data are used in function 'test_sha256_hash_drbg_without_prediction_resistance( )'. They are excerpted from the document provided by NIST. The document can be downloaded from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/Hash_DRBG.pdf 2 | 3 | Page 215.-- 225. 4 | 5 | ############################################################## 6 | Hash_DRBG 7 | Requested Security Strength = 128 8 | Requested Hash Algorithm = SHA-256 9 | prediction_resistance_flag = "NOT ENABLED" 10 | 11 | EntropyInput = 12 | 000102 03040506 13 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 14 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 15 | EntropyInput1 (for Reseed1) = 16 | 808182 83848586 17 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 18 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 19 | EntropyInput2 (for Reseed2) = 20 | C0C1C2 C3C4C5C6 21 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 22 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 23 | Nonce = 24 | 20212223 24252627 25 | PersonalizationString = 26 | 404142 43444546 27 | 4748494A 4B4C4D4E 4F505152 53545556 5758595A 5B5C5D5E 28 | 5F606162 63646566 6768696A 6B6C6D6E 6F707172 73747576 29 | AdditionalInput1 = 30 | 606162 63646566 31 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 32 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 33 | AdditionalInput2 = 34 | A0A1A2 A3A4A5A6 35 | A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE 36 | BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 37 | ########################################################### 38 | 39 | ************************************************************** 40 | 41 | Hash_DRBG_Instantiate_algorithm 42 | 43 | entropy_input is 44 | 000102 03040506 45 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 46 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 47 | nonce is 48 | 20212223 24252627 49 | personal_str is 50 | 404142 43444546 51 | 4748494A 4B4C4D4E 4F505152 53545556 5758595A 5B5C5D5E 52 | 5F606162 63646566 6768696A 6B6C6D6E 6F707172 73747576 53 | 54 | prediction_resistance_flag = "No PredictionResistance" 55 | Hash_df - Generate seed(which is V) - Step 2 56 | seed_material is 57 | 0001 02030405 06070809 0A0B0C0D 0E0F1011 12131415 58 | 16171819 1A1B1C1D 1E1F2021 22232425 26272829 2A2B2C2D 59 | 2E2F3031 32333435 36202122 23242526 27404142 43444546 60 | 4748494A 4B4C4D4E 4F505152 53545556 5758595A 5B5C5D5E 61 | 62 | 5F606162 63646566 6768696A 6B6C6D6E 6F707172 73747576 63 | no_of_bits_to_return = 440 64 | ------------ 65 | i = 1 66 | counter||no_of_bits_to_return||input_string is 67 | 010000 68 | 01B80001 02030405 06070809 0A0B0C0D 0E0F1011 12131415 69 | 16171819 1A1B1C1D 1E1F2021 22232425 26272829 2A2B2C2D 70 | 2E2F3031 32333435 36202122 23242526 27404142 43444546 71 | 4748494A 4B4C4D4E 4F505152 53545556 5758595A 5B5C5D5E 72 | 5F606162 63646566 6768696A 6B6C6D6E 6F707172 73747576 73 | 74 | Hash(counter||no_of_bits_to_return||input_string) is 75 | 76 | A3E94E39 26FDA169 77 | C303D664 383905E0 D79962D1 65446D63 BDA654D1 32F72DB4 78 | temp = 79 | A3E94E39 26FDA169 80 | C303D664 383905E0 D79962D1 65446D63 BDA654D1 32F72DB4 81 | ------------ 82 | 83 | i = 2 84 | counter||no_of_bits_to_return||input_string is 85 | 020000 86 | 01B80001 02030405 06070809 0A0B0C0D 0E0F1011 12131415 87 | 16171819 1A1B1C1D 1E1F2021 22232425 26272829 2A2B2C2D 88 | 2E2F3031 32333435 36202122 23242526 27404142 43444546 89 | 4748494A 4B4C4D4E 4F505152 53545556 5758595A 5B5C5D5E 90 | 5F606162 63646566 6768696A 6B6C6D6E 6F707172 73747576 91 | Hash(counter||no_of_bits_to_return||input_string) is 92 | 71564B45 6FF2EEC8 93 | 36422ACC 5A029935 A7992990 94A1CA74 1B916DC0 26A7E107 94 | 95 | temp = 96 | A3E94E 3926FDA1 97 | 69C303D6 64383905 E0D79962 D165446D 63BDA654 D132F72D 98 | B471564B 456FF2EE C836422A CC5A0299 35A79929 9094A1CA 99 | V is 100 | A3E94E 3926FDA1 101 | 69C303D6 64383905 E0D79962 D165446D 63BDA654 D132F72D 102 | B471564B 456FF2EE C836422A CC5A0299 35A79929 9094A1CA 103 | 104 | --------------------------- 105 | Hash_df - Generate C - Step 4 106 | 0x00||V is 107 | 00A3E94E 3926FDA1 108 | 69C303D6 64383905 E0D79962 D165446D 63BDA654 D132F72D 109 | 110 | B471564B 456FF2EE C836422A CC5A0299 35A79929 9094A1CA 111 | 112 | no_of_bits_to_return = 440 113 | ------------ 114 | i = 1 115 | counter||no_of_bits_to_return||input_string is 116 | 01 000001B8 00A3E94E 3926FDA1 117 | 69C303D6 64383905 E0D79962 D165446D 63BDA654 D132F72D 118 | B471564B 456FF2EE C836422A CC5A0299 35A79929 9094A1CA 119 | 120 | Hash(counter||no_of_bits_to_return||input_string) is 121 | 44748A78 B16E7555 122 | 9F881D51 C15DFE6C 52CFB0BB 71620169 C7933427 67E7F887 123 | temp = 124 | 44748A78 B16E7555 125 | 9F881D51 C15DFE6C 52CFB0BB 71620169 C7933427 67E7F887 126 | ------------ 127 | 128 | i = 2 129 | counter||no_of_bits_to_return||input_string is 130 | 02 000001B8 00A3E94E 3926FDA1 131 | 69C303D6 64383905 E0D79962 D165446D 63BDA654 D132F72D 132 | B471564B 456FF2EE C836422A CC5A0299 35A79929 9094A1CA 133 | Hash(counter||no_of_bits_to_return||input_string) is 134 | 5F42CB6A 20C89D7C 135 | 6EF3DC61 0D8FF203 D6766CED 1919D094 ED485EF7 FADDB668 136 | 137 | temp = 138 | 44748A 78B16E75 139 | 559F881D 51C15DFE 6C52CFB0 BB716201 69C79334 2767E7F8 140 | 875F42CB 6A20C89D 7C6EF3DC 610D8FF2 03D6766C ED1919D0 141 | 142 | -------------------------------------------------------------- 143 | C is 144 | 44748A 78B16E75 145 | 559F881D 51C15DFE 6C52CFB0 BB716201 69C79334 2767E7F8 146 | 875F42CB 6A20C89D 7C6EF3DC 610D8FF2 03D6766C ED1919D0 147 | First call to Generate 148 | ************************************************************** 149 | 150 | --------------------------- 151 | Hash_DRBG_Generate_algorithm 152 | requested_number_of_bits = 512 153 | additional_input 154 | 606162 63646566 155 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 156 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 157 | 158 | --------------------------- 159 | Process additional_input 160 | 0x02||V||additional_input is 161 | 02A3E9 4E3926FD A169C303 D6643839 162 | 05E0D799 62D16544 6D63BDA6 54D132F7 2DB47156 4B456FF2 163 | EEC83642 2ACC5A02 9935A799 299094A1 CA606162 63646566 164 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 165 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 166 | w=Hash(0x02||V||additional_input) is 167 | 3CBE9AC4 CEFC9E53 168 | 84B05F3A 13305C81 BB347128 578D087A D9CD6168 A7BBD90A 169 | 170 | -------------------------- 171 | V is 172 | A3E94E 3926FDA1 173 | 69C303D6 64383905 E0D79962 D165446D A07C4119 A02F9581 174 | 3921B585 58A04F70 836AB353 23E70B14 0F74FA92 38507AD4 175 | 176 | Hashgen 177 | requested_no_of_bits = 512 178 | ------------ 179 | i = 1 180 | data is 181 | A3E94E 3926FDA1 182 | 69C303D6 64383905 E0D79962 D165446D A07C4119 A02F9581 183 | 3921B585 58A04F70 836AB353 23E70B14 0F74FA92 38507AD4 184 | w_i is 185 | E0B97C82 1268FD3B 186 | B2CABFD1 F9548478 AE8A6041 7F7B094A 26139546 062B521C 187 | 188 | W is 189 | E0B97C82 1268FD3B 190 | B2CABFD1 F9548478 AE8A6041 7F7B094A 26139546 062B521C 191 | ------------ 192 | i = 2 193 | data is 194 | A3E94E 3926FDA1 195 | 69C303D6 64383905 E0D79962 D165446D A07C4119 A02F9581 196 | 3921B585 58A04F70 836AB353 23E70B14 0F74FA92 38507AD5 197 | w_i is 198 | FD33E4E3 9B9DCD0A 199 | 3DA15209 C72ADBE5 8C20AB34 07026951 297AD254 307553A5 200 | 201 | W is 202 | E0B97C82 1268FD3B B2CABFD1 F9548478 203 | AE8A6041 7F7B094A 26139546 062B521C FD33E4E3 9B9DCD0A 204 | 3DA15209 C72ADBE5 8C20AB34 07026951 297AD254 307553A5 205 | 206 | --------------------------- 207 | returned_bits is 208 | E0B97C82 1268FD3B B2CABFD1 F9548478 209 | AE8A6041 7F7B094A 26139546 062B521C FD33E4E3 9B9DCD0A 210 | 3DA15209 C72ADBE5 8C20AB34 07026951 297AD254 307553A5 211 | Update V 212 | 0x03||V is 213 | 03A3E94E 3926FDA1 214 | 69C303D6 64383905 E0D79962 D165446D A07C4119 A02F9581 215 | 3921B585 58A04F70 836AB353 23E70B14 0F74FA92 38507AD4 216 | H is 217 | 8264A739 7BB8A2B4 218 | 5D09B864 EA8694B4 75668170 5EB44819 680AE7DE AC2CFFE4 219 | 220 | Updated values 221 | V is 222 | E85DD8 B1D86C16 223 | BF628BF3 B5F99704 4D2A6913 8CD6A66F 8CA87B87 4350202E 224 | 1D8AB0B5 AD47ACC2 7540289F E3A8E31F 7B5658DD D1969489 225 | reseed_counter is 226 | 0000 00000002 227 | rnd_val is 228 | E0B97C82 1268FD3B B2CABFD1 F9548478 229 | AE8A6041 7F7B094A 26139546 062B521C FD33E4E3 9B9DCD0A 230 | 3DA15209 C72ADBE5 8C20AB34 07026951 297AD254 307553A5 231 | 232 | -------------------------------------------------------------- 233 | Second call to Generate 234 | 235 | ************************************************************** 236 | 237 | Hash_DRBG_Generate_algorithm 238 | 239 | requested_number_of_bits = 512 240 | additional_input 241 | A0A1A2 A3A4A5A6 242 | A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE 243 | BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 244 | 245 | --------------------------- 246 | --------------------------- 247 | Process additional_input 248 | 0x02||V||additional_input is 249 | 02E85D D8B1D86C 16BF628B F3B5F997 250 | 044D2A69 138CD6A6 6F8CA87B 87435020 2E1D8AB0 B5AD47AC 251 | C2754028 9FE3A8E3 1F7B5658 DDD19694 89A0A1A2 A3A4A5A6 252 | A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE 253 | BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 254 | w=Hash(0x02||V||additional_input) is 255 | A2701C07 02B8A337 256 | 615E949D 0B86D42B 002EF072 58584377 ECBF1094 62AFC8AC 257 | V is 258 | E85DD8 B1D86C16 259 | BF628BF3 B5F99704 4D2A6913 8CD6A670 2F18978E 4608C365 260 | 7EE94552 B8CE80ED 756F1912 3C012697 68156972 34465D35 261 | 262 | Hashgen 263 | requested_no_of_bits = 512 264 | ------------ 265 | i = 1 266 | data is 267 | E85DD8 B1D86C16 268 | BF628BF3 B5F99704 4D2A6913 8CD6A670 2F18978E 4608C365 269 | 7EE94552 B8CE80ED 756F1912 3C012697 68156972 34465D35 270 | 271 | w_i is 272 | C1ACD3AD A4C8C495 273 | BF179DB5 9822C351 BC479ABE 4EB28F84 3957B11E 3C2BC048 274 | W is 275 | C1ACD3AD A4C8C495 276 | BF179DB5 9822C351 BC479ABE 4EB28F84 3957B11E 3C2BC048 277 | ------------ 278 | i = 2 279 | data is 280 | E85DD8 B1D86C16 281 | BF628BF3 B5F99704 4D2A6913 8CD6A670 2F18978E 4608C365 282 | 7EE94552 B8CE80ED 756F1912 3C012697 68156972 34465D36 283 | w_i is 284 | 83964297 975BD72D 285 | 1024ABCF 6F6615D7 F5B4FD1E 40A64EEB 45BA2181 B83937ED 286 | 287 | W is 288 | C1ACD3AD A4C8C495 BF179DB5 9822C351 289 | BC479ABE 4EB28F84 3957B11E 3C2BC048 83964297 975BD72D 290 | 1024ABCF 6F6615D7 F5B4FD1E 40A64EEB 45BA2181 B83937ED 291 | returned_bits is 292 | C1ACD3AD A4C8C495 BF179DB5 9822C351 293 | BC479ABE 4EB28F84 3957B11E 3C2BC048 83964297 975BD72D 294 | 1024ABCF 6F6615D7 F5B4FD1E 40A64EEB 45BA2181 B83937ED 295 | 296 | --------------------------- 297 | Update V 298 | 0x03||V is 299 | 03E85DD8 B1D86C16 300 | BF628BF3 B5F99704 4D2A6913 8CD6A670 2F18978E 4608C365 301 | 302 | 7EE94552 B8CE80ED 756F1912 3C012697 68156972 34465D35 303 | H is 304 | 19978405 921CF6DE 305 | 6BA76D7F 9F5F14C1 8D7A3AC2 2420B3D0 327F4EFB 9ED0F4C6 306 | Updated values 307 | V is 308 | 2CD263 2A89DA8C 309 | 15021411 07BAF502 B97D38C4 48480871 B277AEC7 FF8DA23C 310 | 71EFF59D C24E5E4C 7F5847B0 C12F6A59 9E6B2EDA C0306BCD 311 | reseed_counter is 312 | 0000 00000003 313 | 314 | rnd_val is 315 | C1ACD3AD A4C8C495 BF179DB5 9822C351 316 | BC479ABE 4EB28F84 3957B11E 3C2BC048 83964297 975BD72D 317 | 1024ABCF 6F6615D7 F5B4FD1E 40A64EEB 45BA2181 B83937ED 318 | ############################################################## 319 | -------------------------------------------------------------------------------- /test_data_2.txt: -------------------------------------------------------------------------------- 1 | The following data are used in function 'test_sha256_hash_drbg_with_prediction_resistance( )'. They are excerpted from the document provided by NIST. The document can be downloaded from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/Hash_DRBG.pdf 2 | 3 | Page 225.-- 239. 4 | 5 | ############################################################## 6 | Hash_DRBG 7 | Requested Security Strength = 128 8 | Requested Hash Algorithm = SHA-256 9 | prediction_resistance_flag = "ENABLED" 10 | EntropyInput = 11 | 000102 03040506 12 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 13 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 14 | EntropyInput1 (for Reseed1) = 15 | 808182 83848586 16 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 17 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 18 | 19 | EntropyInput2 (for Reseed2) = 20 | C0C1C2 C3C4C5C6 21 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 22 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 23 | Nonce = 24 | 20212223 24252627 25 | PersonalizationString = 26 | AdditionalInput = 27 | ############################################################## 28 | ************************************************************** 29 | 30 | --------------------------- 31 | ************************************************************** 32 | Hash_DRBG_Instantiate_algorithm 33 | entropy_input is 34 | 000102 03040506 35 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 36 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 37 | nonce is 38 | 20212223 24252627 39 | personal_str is 40 | prediction_resistance_flag = "PredictionResistance" 41 | 42 | --------------------------- 43 | Hash_df - Generate seed(which is V) - St 44 | seed_material is 45 | 000102 0304050 46 | 0F101112 13141516 1718191A 1B1C1D1 47 | 2728292A 2B2C2D2E 2F303132 3334353 48 | no_of_bits_to_return = 440 49 | 50 | ------------ 51 | i = 1 52 | counter||no_of_bits_to_return||input_string is 53 | 01000001 B8000102 03040506 0708090A 0B0C0D0E 54 | 0F101112 13141516 1718191A 1B1C1D1E 1F202122 23242526 55 | 2728292A 2B2C2D2E 2F303132 33343536 20212223 24252627 56 | Hash(counter||no_of_bits_to_return||input_string) is 57 | AB41CDE4 37AB8B09 58 | 1CA7C575 5D10F011 0C1DBD46 2F226CFD ABFBB04A 8BCDEF95 59 | temp = 60 | AB41CDE4 37AB8B09 61 | 1CA7C575 5D10F011 0C1DBD46 2F226CFD ABFBB04A 8BCDEF95 62 | 63 | ------------ 64 | i = 2 65 | counter||no_of_bits_to_return||input_string is 66 | 02000001 B8000102 03040506 0708090A 0B0C0D0E 67 | 0F101112 13141516 1718191A 1B1C1D1E 1F202122 23242526 68 | 2728292A 2B2C2D2E 2F303132 33343536 20212223 24252627 69 | Hash(counter||no_of_bits_to_return||input_string) is 70 | 167D84AF 64128C0D 71 | 71F4D5B8 C0EDFBBE 3DF40448 D2D8E12F A91BA8B0 97969506 72 | temp = 73 | AB41CD E437AB8B 74 | 091CA7C5 755D10F0 110C1DBD 462F226C FDABFBB0 4A8BCDEF 75 | 95167D84 AF64128C 0D71F4D5 B8C0EDFB BE3DF404 48D2D8E1 76 | 77 | V is 78 | AB41CD E437AB8B 79 | 091CA7C5 755D10F0 110C1DBD 462F226C FDABFBB0 4A8BCDEF 80 | 95167D84 AF64128C 0D71F4D5 B8C0EDFB BE3DF404 48D2D8E1 81 | 82 | --------------------------- 83 | Hash_df - Generate C - Step 4 84 | 0x00||V is 85 | 00AB41CD E437AB8B 86 | 091CA7C5 755D10F0 110C1DBD 462F226C FDABFBB0 4A8BCDEF 87 | 95167D84 AF64128C 0D71F4D5 B8C0EDFB BE3DF404 48D2D8E1 88 | no_of_bits_to_return = 440 89 | ------------ 90 | 91 | i = 1 92 | counter||no_of_bits_to_return||input_string is 93 | 01 000001B8 00AB41CD E437AB8B 94 | 091CA7C5 755D10F0 110C1DBD 462F226C FDABFBB0 4A8BCDEF 95 | 95167D84 AF64128C 0D71F4D5 B8C0EDFB BE3DF404 48D2D8E1 96 | Hash(counter||no_of_bits_to_return||input_string) is 97 | E15DE4A8 E3B1419B 98 | 61D534F1 5DBD31EE 19EC595F 8B98111A 94F52237 AD5D66F0 99 | temp = 100 | E15DE4A8 E3B1419B 101 | 61D534F1 5DBD31EE 19EC595F 8B98111A 94F52237 AD5D66F0 102 | 103 | ------------ 104 | i = 2 105 | counter||no_of_bits_to_return||input_string is 106 | 02 000001B8 00AB41CD E437AB8B 107 | 091CA7C5 755D10F0 110C1DBD 462F226C FDABFBB0 4A8BCDEF 108 | 95167D84 AF64128C 0D71F4D5 B8C0EDFB BE3DF404 48D2D8E1 109 | Hash(counter||no_of_bits_to_return||input_string) is 110 | CFAAFDDC 90195902 111 | 112 | -------------------------------------------------------------- 113 | E979F79B 65357FEA 85998E4E 37D2C1D4 FD0F0D66 3A829565 114 | 115 | temp = 116 | E15DE4 A8E3B141 117 | 9B61D534 F15DBD31 EE19EC59 5F8B9811 1A94F522 37AD5D66 118 | F0CFAAFD DC901959 02E979F7 9B65357F EA85998E 4E37D2C1 119 | C is 120 | E15DE4 A8E3B141 121 | 9B61D534 F15DBD31 EE19EC59 5F8B9811 1A94F522 37AD5D66 122 | F0CFAAFD DC901959 02E979F7 9B65357F EA85998E 4E37D2C1 123 | 124 | -------------------------------------------------------------- 125 | -------------------------------------------------------------- 126 | First call to Generate 127 | ************************************************************** 128 | Hash_DRBG_Generate_algorithm 129 | requested_number_of_bits = 512 130 | additional_input 131 | Generate FAILED: Reseed is required 132 | Hash_DRBG_Reseed_algorithm 133 | 134 | --------------------------- 135 | entropy_input 136 | 808182 83848586 137 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 138 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 139 | additional_input 140 | Hash_df - Generate seed(which is V) - Step 2 141 | seed_material is 142 | 01AB41 CDE437AB 8B091CA7 C5755D10 143 | 144 | F0110C1D BD462F22 6CFDABFB B04A8BCD EF95167D 84AF6412 145 | 8C0D71F4 D5B8C0ED FBBE3DF4 0448D2D8 E1808182 83848586 146 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 147 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 148 | no_of_bits_to_return = 440 149 | ------------ 150 | i = 1 151 | counter||no_of_bits_to_return||input_string is 152 | 01000001 B801AB41 CDE437AB 8B091CA7 C5755D10 153 | F0110C1D BD462F22 6CFDABFB B04A8BCD EF95167D 84AF6412 154 | 8C0D71F4 D5B8C0ED FBBE3DF4 0448D2D8 E1808182 83848586 155 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 156 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 157 | 158 | Hash(counter||no_of_bits_to_return||input_string) is 159 | 3C40E8DC 7172FDA2 160 | 32550A1D 8E1447C1 1F474888 F96CD85C 3863D5E4 84266756 161 | temp = 162 | 3C40E8DC 7172FDA2 163 | 32550A1D 8E1447C1 1F474888 F96CD85C 3863D5E4 84266756 164 | ------------ 165 | 166 | i = 2 167 | counter||no_of_bits_to_return||input_string is 168 | 02000001 B801AB41 CDE437AB 8B091CA7 C5755D10 169 | F0110C1D BD462F22 6CFDABFB B04A8BCD EF95167D 84AF6412 170 | 8C0D71F4 D5B8C0ED FBBE3DF4 0448D2D8 E1808182 83848586 171 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 172 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 173 | Hash(counter||no_of_bits_to_return||input_string) is 174 | 28D08885 347C3EFD 175 | 6292FDDC D1A1421E ED51B713 AB090FC9 AFC95C22 731A6AF6 176 | 177 | --------------------------- 178 | temp = 179 | 3C40E8 DC7172FD 180 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 181 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 182 | V is 183 | 3C40E8 DC7172FD 184 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 185 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 186 | 187 | Hash_df - Generate C - Step 4 188 | 0x00||V is 189 | 003C40E8 DC7172FD 190 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 191 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 192 | no_of_bits_to_return = 440 193 | ------------ 194 | 195 | i = 1 196 | counter||no_of_bits_to_return||input_string is 197 | 01 000001B8 003C40E8 DC7172FD 198 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 199 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 200 | Hash(counter||no_of_bits_to_return||input_string) is 201 | E7568384 F264E4A7 202 | E7AE850D 9D501FD6 3183564F D7D39044 6F5BE5F6 7B50195B 203 | temp = 204 | E7568384 F264E4A7 205 | E7AE850D 9D501FD6 3183564F D7D39044 6F5BE5F6 7B50195B 206 | ------------ 207 | 208 | i = 2 209 | counter||no_of_bits_to_return||input_string is 210 | 02 000001B8 003C40E8 DC7172FD 211 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 212 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 213 | Hash(counter||no_of_bits_to_return||input_string) is 214 | 5284692A D4B76DFD 215 | 4F524BCF CCAB62C1 309F2515 17DFFD1F 5C4A6B96 ADC6B9D9 216 | 217 | temp = 218 | E75683 84F264E4 219 | A7E7AE85 0D9D501F D6318356 4FD7D390 446F5BE5 F67B5019 220 | 5B528469 2AD4B76D FD4F524B CFCCAB62 C1309F25 1517DFFD 221 | C is 222 | E75683 84F264E4 223 | A7E7AE85 0D9D501F D6318356 4FD7D390 446F5BE5 F67B5019 224 | 5B528469 2AD4B76D FD4F524B CFCCAB62 C1309F25 1517DFFD 225 | 226 | --------------------------- 227 | ************************************************************** 228 | Hash_DRBG_Generate_algorithm 229 | requested_number_of_bits = 512 230 | additional_input 231 | Hashgen 232 | requested_no_of_bits = 512 233 | ------------ 234 | 235 | i = 1 236 | data is 237 | 3C40E8 DC7172FD 238 | 239 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 240 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 241 | w_i is 242 | 92275523 C70E567B 243 | CF9B35EC 50B933F8 12616DF5 86B7F72E E1BC7735 A5C26543 244 | W is 245 | 92275523 C70E567B 246 | CF9B35EC 50B933F8 12616DF5 86B7F72E E1BC7735 A5C26543 247 | ------------ 248 | 249 | i = 2 250 | data is 251 | 3C40E8 DC7172FD 252 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 253 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB0910 254 | w_i is 255 | 73CBBC72 316DFF84 256 | 20A33BF0 2B97AC8D 1952583F 270ACD70 05CC027F 4CF1187E 257 | W is 258 | 92275523 C70E567B CF9B35EC 50B933F8 259 | 12616DF5 86B7F72E E1BC7735 A5C26543 73CBBC72 316DFF84 260 | 20A33BF0 2B97AC8D 1952583F 270ACD70 05CC027F 4CF1187E 261 | 262 | --------------------------- 263 | returned_bits is 264 | 92275523 C70E567B CF9B35EC 50B933F8 265 | 12616DF5 86B7F72E E1BC7735 A5C26543 73CBBC72 316DFF84 266 | 20A33BF0 2B97AC8D 1952583F 270ACD70 05CC027F 4CF1187E 267 | Update V 268 | 0x03||V is 269 | 270 | 033C40E8 DC7172FD 271 | A232550A 1D8E1447 C11F4748 88F96CD8 5C3863D5 E4842667 272 | 5628D088 85347C3E FD6292FD DCD1A142 1EED51B7 13AB090F 273 | H is 274 | ECBC627D A003201D 275 | BD527DAB FCBC42D1 3210EB57 AA2A2E2B D3399828 DF1D4E6A 276 | Updated values 277 | V is 278 | 23976C 6163D7E2 279 | 4A1A038F 2B2B6467 9750CA9E D8D14069 8D642239 7B02969E 280 | 6ECDD29D ACC5767E 2CC2D0A1 56C87AD0 B3578905 07E03777 281 | 282 | reseed_counter is 283 | 0000 00000002 284 | rnd_val is 285 | 92275523 C70E567B CF9B35EC 50B933F8 286 | 12616DF5 86B7F72E E1BC7735 A5C26543 73CBBC72 316DFF84 287 | 20A33BF0 2B97AC8D 1952583F 270ACD70 05CC027F 4CF1187E 288 | 289 | -------------------------------------------------------------- 290 | -------------------------------------------------------------- 291 | Second call to Generate 292 | ************************************************************** 293 | Hash_DRBG_Generate_algorithm 294 | requested_number_of_bits = 512 295 | additional_input 296 | Generate FAILED: Reseed is required 297 | Hash_DRBG_Reseed_algorithm 298 | entropy_input 299 | 300 | --------------------------- 301 | C0C1C2 C3C4C5C6 302 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 303 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 304 | additional_input 305 | Hash_df - Generate seed(which is V) - Step 2 306 | seed_material is 307 | 012397 6C6163D7 E24A1A03 8F2B2B64 308 | 679750CA 9ED8D140 698D6422 397B0296 9E6ECDD2 9DACC576 309 | 7E2CC2D0 A156C87A D0B35789 0507E037 77C0C1C2 C3C4C5C6 310 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 311 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 312 | 313 | no_of_bits_to_return = 440 314 | ------------ 315 | i = 1 316 | counter||no_of_bits_to_return||input_string is 317 | 01000001 B8012397 6C6163D7 E24A1A03 8F2B2B64 318 | 679750CA 9ED8D140 698D6422 397B0296 9E6ECDD2 9DACC576 319 | 7E2CC2D0 A156C87A D0B35789 0507E037 77C0C1C2 C3C4C5C6 320 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 321 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 322 | Hash(counter||no_of_bits_to_return||input_string) is 323 | E983B166 A92A997E 324 | ABCC966C 6AA3D3B3 A1681FC5 8F582940 3B48601E C1775494 325 | 326 | temp = 327 | E983B166 A92A997E 328 | ABCC966C 6AA3D3B3 A1681FC5 8F582940 3B48601E C1775494 329 | ------------ 330 | i = 2 331 | 332 | counter||no_of_bits_to_return||input_string is 333 | 02000001 B8012397 6C6163D7 E24A1A03 8F2B2B64 334 | 679750CA 9ED8D140 698D6422 397B0296 9E6ECDD2 9DACC576 335 | 7E2CC2D0 A156C87A D0B35789 0507E037 77C0C1C2 C3C4C5C6 336 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 337 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 338 | Hash(counter||no_of_bits_to_return||input_string) is 339 | 2E11C1CD 465B7DBE 340 | 2A78CA04 2CF9B305 71FF12E3 B9F6C945 C634B91C 1BAC2021 341 | temp = 342 | E983B1 66A92A99 343 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 344 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 345 | 346 | --------------------------- 347 | V is 348 | E983B1 66A92A99 349 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 350 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 351 | Hash_df - Generate C - Step 4 352 | 0x00||V is 353 | 00E983B1 66A92A99 354 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 355 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 356 | 357 | no_of_bits_to_return = 440 358 | ------------ 359 | i = 1 360 | counter||no_of_bits_to_return||input_string is 361 | 01 000001B8 00E983B1 66A92A99 362 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 363 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 364 | 365 | Hash(counter||no_of_bits_to_return||input_string) is 366 | A9775CE1 655BFF95 367 | 1BE0AF5B 7959725C 767D86F1 E19B11B8 9004F697 4DBFA046 368 | temp = 369 | A9775CE1 655BFF95 370 | 1BE0AF5B 7959725C 767D86F1 E19B11B8 9004F697 4DBFA046 371 | ------------ 372 | 373 | i = 2 374 | counter||no_of_bits_to_return||input_string is 375 | 02 000001B8 00E983B1 66A92A99 376 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 377 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 378 | Hash(counter||no_of_bits_to_return||input_string) is 379 | 04458E5C 528E7E1D 380 | FAB3887B A4AADBD6 FBDE0B31 6F1D9138 F1EB0DD9 2D80C089 381 | temp = 382 | A9775C E1655BFF 383 | 951BE0AF 5B795972 5C767D86 F1E19B11 B89004F6 974DBFA0 384 | 4604458E 5C528E7E 1DFAB388 7BA4AADB D6FBDE0B 316F1D91 385 | 386 | C is 387 | A9775C E1655BFF 388 | 951BE0AF 5B795972 5C767D86 F1E19B11 B89004F6 974DBFA0 389 | 4604458E 5C528E7E 1DFAB388 7BA4AADB D6FBDE0B 316F1D91 390 | ************************************************************** 391 | Hash_DRBG_Generate_algorithm 392 | requested_number_of_bits = 512 393 | additional_input 394 | 395 | --------------------------- 396 | Hashgen 397 | requested_no_of_bits = 512 398 | ------------ 399 | i = 1 400 | data is 401 | E983B1 66A92A99 402 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 403 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 404 | w_i is 405 | 681A46B2 AA8694A0 406 | FE4DEEA7 20927A84 EAAA985E 59C19F8B E0984D8C BEF8C69B 407 | 408 | W is 409 | 681A46B2 AA8694A0 410 | FE4DEEA7 20927A84 EAAA985E 59C19F8B E0984D8C BEF8C69B 411 | ------------ 412 | i = 2 413 | data is 414 | E983B1 66A92A99 415 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 416 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6CA 417 | w_i is 418 | 75416764 1946E040 419 | EE2043E1 CCB29DCF 063C0A50 830E428E 6DCA262E CD77C542 420 | 421 | W is 422 | 681A46B2 AA8694A0 FE4DEEA7 20927A84 423 | EAAA985E 59C19F8B E0984D8C BEF8C69B 75416764 1946E040 424 | EE2043E1 CCB29DCF 063C0A50 830E428E 6DCA262E CD77C542 425 | 426 | --------------------------- 427 | returned_bits is 428 | 681A46B2 AA8694A0 FE4DEEA7 20927A84 429 | EAAA985E 59C19F8B E0984D8C BEF8C69B 75416764 1946E040 430 | EE2043E1 CCB29DCF 063C0A50 830E428E 6DCA262E CD77C542 431 | 432 | --------------------------- 433 | Update V 434 | 0x03||V is 435 | 03E983B1 66A92A99 436 | 7EABCC96 6C6AA3D3 B3A1681F C58F5829 403B4860 1EC17754 437 | 942E11C1 CD465B7D BE2A78CA 042CF9B3 0571FF12 E3B9F6C9 438 | H is 439 | 3870EB2D 3BBD1F7C 440 | AF12CAA5 C44D44AE D45E84EF 2789B831 45F27D6C 289E074C 441 | Updated values 442 | 443 | V is 444 | 92FB0E 480E8699 445 | 13C7AD45 C7E3FD46 1017E5A6 B770F33B 313C3883 F1CC5671 446 | 894521F5 EDE62EAA B083B141 A75B5CC0 22605A8A 3DC71BA7 447 | reseed_counter is 448 | 0000 00000002 449 | rnd_val is 450 | 681A46B2 AA8694A0 FE4DEEA7 20927A84 451 | EAAA985E 59C19F8B E0984D8C BEF8C69B 75416764 1946E040 452 | EE2043E1 CCB29DCF 063C0A50 830E428E 6DCA262E CD77C542 -------------------------------------------------------------------------------- /test_data_3.txt: -------------------------------------------------------------------------------- 1 | The following data are used in function 'test_sha512_hash_drbg_without_prediction_resistance( )'. They are excerpted from the document provided by NIST. The document can be downloaded from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/Hash_DRBG.pdf 2 | 3 | Page 427.-- 439. 4 | 5 | ############################################################## 6 | Hash_DRBG 7 | Requested Security Strength = 256 8 | Requested Hash Algorithm = SHA-512 9 | prediction_resistance_flag = "NOT ENABLED" 10 | EntropyInput = 11 | 000102 03040506 0708090A 0B0C0D0E 12 | 0F101112 13141516 1718191A 1B1C1D1E 1F202122 23242526 13 | 14 | 2728292A 2B2C2D2E 2F303132 33343536 3738393A 3B3C3D3E 15 | 3F404142 43444546 4748494A 4B4C4D4E 4F505152 53545556 16 | 5758595A 5B5C5D5E 5F606162 63646566 6768696A 6B6C6D6E 17 | EntropyInput1 (for Reseed1) = 18 | 808182 83848586 8788898A 8B8C8D8E 19 | 8F909192 93949596 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 20 | A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE 21 | BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 22 | D7D8D9DA DBDCDDDE DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE 23 | 24 | EntropyInput2 (for Reseed2) = 25 | C0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 26 | CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE DFE0E1E2 E3E4E5E6 27 | E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 F7F8F9FA FBFCFDFE 28 | FF000102 03040506 0708090A 0B0C0D0E 0F101112 13141516 29 | 1718191A 1B1C1D1E 1F202122 23242526 2728292A 2B2C2D2E 30 | Nonce = 31 | 20212223 24252627 28292A2B 2C2D2E2F 32 | PersonalizationString = 33 | AdditionalInput1 = 34 | 606162 63646566 6768696A 6B6C6D6E 35 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 36 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 37 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 38 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 39 | 40 | AdditionalInput2 = 41 | A0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 42 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 43 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 44 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 45 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 46 | ############################################################## 47 | ************************************************************** 48 | 49 | --------------------------- 50 | Hash_DRBG_Instantiate_algorithm 51 | entropy_input is 52 | 000102 03040506 0708090A 0B0C0D0E 53 | 0F101112 13141516 1718191A 1B1C1D1E 1F202122 23242526 54 | 2728292A 2B2C2D2E 2F303132 33343536 3738393A 3B3C3D3E 55 | 3F404142 43444546 4748494A 4B4C4D4E 4F505152 53545556 56 | 5758595A 5B5C5D5E 5F606162 63646566 6768696A 6B6C6D6E 57 | nonce is 58 | 20212223 24252627 28292A2B 2C2D2E2F 59 | personal_str is 60 | prediction_resistance_flag = "No PredictionResistance" 61 | 62 | --------------------------- 63 | Hash_df - Generate seed(which is V) - Step 2 64 | seed_material is 65 | 000102 03040506 66 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 67 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 68 | 3738393A 3B3C3D3E 3F404142 43444546 4748494A 4B4C4D4E 69 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 70 | 6768696A 6B6C6D6E 20212223 24252627 28292A2B 2C2D2E2F 71 | no_of_bits_to_return = 888 72 | ------------ 73 | i = 1 74 | 75 | counter||no_of_bits_to_return||input_string is 76 | 01000003 78000102 03040506 77 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 78 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 79 | 3738393A 3B3C3D3E 3F404142 43444546 4748494A 4B4C4D4E 80 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 81 | 6768696A 6B6C6D6E 20212223 24252627 28292A2B 2C2D2E2F 82 | 83 | Hash(counter||no_of_bits_to_return||input_string) is 84 | 152D908B 0EDF7253 D5D19F0A F96518D3 85 | AD33F2EF 3151A0C9 56D9D3EE 6DC08B70 F1EB7598 2501CE67 86 | BB7294F1 BC43B322 DCD25C14 67212CAB 0CD5E695 4C5B6F6A 87 | temp = 88 | 152D908B 0EDF7253 D5D19F0A F96518D3 89 | AD33F2EF 3151A0C9 56D9D3EE 6DC08B70 F1EB7598 2501CE67 90 | BB7294F1 BC43B322 DCD25C14 67212CAB 0CD5E695 4C5B6F6A 91 | 92 | ------------ 93 | i = 2 94 | counter||no_of_bits_to_return||input_string is 95 | 02000003 78000102 03040506 96 | 0708090A 0B0C0D0E 0F101112 13141516 1718191A 1B1C1D1E 97 | 1F202122 23242526 2728292A 2B2C2D2E 2F303132 33343536 98 | 3738393A 3B3C3D3E 3F404142 43444546 4748494A 4B4C4D4E 99 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 100 | 6768696A 6B6C6D6E 20212223 24252627 28292A2B 2C2D2E2F 101 | Hash(counter||no_of_bits_to_return||input_string) is 102 | D466C1D9 AC010D21 B28CD9FD 124DF56D 103 | 4D3B75B9 604827B3 CF49928E C4DA204F C374888E 278C0319 104 | DB45E1FD 3BCAD38C C355D2D6 55C1D606 60AEA6D6 BBE4E7C1 105 | 106 | temp = 107 | 152D90 8B0EDF72 53D5D19F 0AF96518 108 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 109 | 67BB7294 F1BC43B3 22DCD25C 1467212C AB0CD5E6 954C5B6F 110 | 6AD466C1 D9AC010D 21B28CD9 FD124DF5 6D4D3B75 B9604827 111 | B3CF4992 8EC4DA20 4FC37488 8E278C03 19DB45E1 FD3BCAD3 112 | V is 113 | 152D90 8B0EDF72 53D5D19F 0AF96518 114 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 115 | 67BB7294 F1BC43B3 22DCD25C 1467212C AB0CD5E6 954C5B6F 116 | 6AD466C1 D9AC010D 21B28CD9 FD124DF5 6D4D3B75 B9604827 117 | B3CF4992 8EC4DA20 4FC37488 8E278C03 19DB45E1 FD3BCAD3 118 | 119 | --------------------------- 120 | Hash_df - Generate C - Step 4 121 | 0x00||V is 122 | 00152D90 8B0EDF72 53D5D19F 0AF96518 123 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 124 | 67BB7294 F1BC43B3 22DCD25C 1467212C AB0CD5E6 954C5B6F 125 | 6AD466C1 D9AC010D 21B28CD9 FD124DF5 6D4D3B75 B9604827 126 | B3CF4992 8EC4DA20 4FC37488 8E278C03 19DB45E1 FD3BCAD3 127 | no_of_bits_to_return = 888 128 | ------------ 129 | i = 1 130 | 131 | counter||no_of_bits_to_return||input_string is 132 | 01 00000378 00152D90 8B0EDF72 53D5D19F 0AF96518 133 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 134 | 67BB7294 F1BC43B3 22DCD25C 1467212C AB0CD5E6 954C5B6F 135 | 6AD466C1 D9AC010D 21B28CD9 FD124DF5 6D4D3B75 B9604827 136 | B3CF4992 8EC4DA20 4FC37488 8E278C03 19DB45E1 FD3BCAD3 137 | Hash(counter||no_of_bits_to_return||input_string) is 138 | 2B22189F 32CB92C1 508BC343 69B8C37F 139 | D9593FD9 EC56B559 844E605D 67B4A586 2F1C7B75 3F68DF75 140 | 10BE1F64 A7AAB557 9821195F FF0357CC 5464CAC5 D07655D6 141 | temp = 142 | 2B22189F 32CB92C1 508BC343 69B8C37F 143 | D9593FD9 EC56B559 844E605D 67B4A586 2F1C7B75 3F68DF75 144 | 10BE1F64 A7AAB557 9821195F FF0357CC 5464CAC5 D07655D6 145 | 146 | ------------ 147 | i = 2 148 | counter||no_of_bits_to_return||input_string is 149 | 02 00000378 00152D90 8B0EDF72 53D5D19F 0AF96518 150 | 151 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 152 | 67BB7294 F1BC43B3 22DCD25C 1467212C AB0CD5E6 954C5B6F 153 | 6AD466C1 D9AC010D 21B28CD9 FD124DF5 6D4D3B75 B9604827 154 | B3CF4992 8EC4DA20 4FC37488 8E278C03 19DB45E1 FD3BCAD3 155 | Hash(counter||no_of_bits_to_return||input_string) is 156 | 051F8441 D411B910 71605B9A 44B6643E 157 | 67225358 2AE3148F 4A57E8FD A8E81155 108E4AFC C0E939BF 158 | D95FAB62 E8B1E4FD BDA34B60 C9220A37 EC6BD096 A6DAE159 159 | temp = 160 | 2B2218 9F32CB92 C1508BC3 4369B8C3 161 | 7FD9593F D9EC56B5 59844E60 5D67B4A5 862F1C7B 753F68DF 162 | 7510BE1F 64A7AAB5 57982119 5FFF0357 CC5464CA C5D07655 163 | D6051F84 41D411B9 1071605B 9A44B664 3E672253 582AE314 164 | 8F4A57E8 FDA8E811 55108E4A FCC0E939 BFD95FAB 62E8B1E4 165 | 166 | -------------------------------------------------------------- 167 | C is 168 | 2B2218 9F32CB92 C1508BC3 4369B8C3 169 | 7FD9593F D9EC56B5 59844E60 5D67B4A5 862F1C7B 753F68DF 170 | 7510BE1F 64A7AAB5 57982119 5FFF0357 CC5464CA C5D07655 171 | D6051F84 41D411B9 1071605B 9A44B664 3E672253 582AE314 172 | 8F4A57E8 FDA8E811 55108E4A FCC0E939 BFD95FAB 62E8B1E4 173 | First call to Generate 174 | ************************************************************** 175 | 176 | Hash_DRBG_Generate_algorithm 177 | requested_number_of_bits = 1024 178 | additional_input 179 | 606162 63646566 6768696A 6B6C6D6E 180 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 181 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 182 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 183 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 184 | 185 | --------------------------- 186 | Process additional_input 187 | 0x02||V||additional_input is 188 | 02152D 908B0EDF 189 | 7253D5D1 9F0AF965 18D3AD33 F2EF3151 A0C956D9 D3EE6DC0 190 | 8B70F1EB 75982501 CE67BB72 94F1BC43 B322DCD2 5C146721 191 | 2CAB0CD5 E6954C5B 6F6AD466 C1D9AC01 0D21B28C D9FD124D 192 | F56D4D3B 75B96048 27B3CF49 928EC4DA 204FC374 888E278C 193 | 0319DB45 E1FD3BCA D3606162 63646566 6768696A 6B6C6D6E 194 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 195 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 196 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 197 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 198 | w=Hash(0x02||V||additional_input) is 199 | 79FD8B26 36E78437 378D4914 89E1A32D 200 | D89A9B62 4AD030DD E1748E57 D996D7DB 727AF114 4808A659 201 | 52CBF908 7F4379BC 9DB1D25B 78D27EC8 BDC583D7 63C3122E 202 | 203 | --------------------------- 204 | V is 205 | 152D90 8B0EDF72 53D5D19F 0AF96518 206 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 207 | 67BB7294 F1BC43B3 9CDA5D82 4B4EA563 E29A1EFB 1F2DFE9D 208 | 436F0224 247C31EB 03271B31 D6A925D0 DFC82C8A 0168EE81 209 | 069B429B 0E0853DC ED7546E4 06FA0ACB D7A0C9B9 60FEDD01 210 | Hashgen 211 | requested_no_of_bits = 1024 212 | ------------ 213 | i = 1 214 | 215 | data is 216 | 152D90 8B0EDF72 53D5D19F 0AF96518 217 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 218 | 67BB7294 F1BC43B3 9CDA5D82 4B4EA563 E29A1EFB 1F2DFE9D 219 | 436F0224 247C31EB 03271B31 D6A925D0 DFC82C8A 0168EE81 220 | 221 | 069B429B 0E0853DC ED7546E4 06FA0ACB D7A0C9B9 60FEDD01 222 | w_i is 223 | 3EF283D8 E1A5F5A8 D5D8AD9C 45577576 224 | DD018161 387C97B3 2EB5A104 A9649E9E DC85F9E4 DF40A823 225 | A66E5494 CB3FB655 99D81A02 E415704C A738D2C8 D5020C42 226 | W is 227 | 3EF283D8 E1A5F5A8 D5D8AD9C 45577576 228 | DD018161 387C97B3 2EB5A104 A9649E9E DC85F9E4 DF40A823 229 | A66E5494 CB3FB655 99D81A02 E415704C A738D2C8 D5020C42 230 | 231 | ------------ 232 | i = 2 233 | data is 234 | 152D90 8B0EDF72 53D5D19F 0AF96518 235 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 236 | 67BB7294 F1BC43B3 9CDA5D82 4B4EA563 E29A1EFB 1F2DFE9D 237 | 436F0224 247C31EB 03271B31 D6A925D0 DFC82C8A 0168EE81 238 | 069B429B 0E0853DC ED7546E4 06FA0ACB D7A0C9B9 60FEDD02 239 | 240 | w_i is 241 | 08F364A8 750251A8 74AF6FFD 88638094 242 | 8B7138A6 81E093B5 32A6E67E 9F3AC97E 1364A1E2 BC8E1121 243 | 5771CA69 4D933FCF 86CD3500 121AD1AF 66821B61 92BE3C97 244 | W is 245 | 3EF283D8 E1A5F5A8 246 | D5D8AD9C 45577576 DD018161 387C97B3 2EB5A104 A9649E9E 247 | DC85F9E4 DF40A823 A66E5494 CB3FB655 99D81A02 E415704C 248 | A738D2C8 D5020C42 08F364A8 750251A8 74AF6FFD 88638094 249 | 8B7138A6 81E093B5 32A6E67E 9F3AC97E 1364A1E2 BC8E1121 250 | 5771CA69 4D933FCF 86CD3500 121AD1AF 66821B61 92BE3C97 251 | 252 | returned_bits is 253 | 3EF283D8 E1A5F5A8 254 | D5D8AD9C 45577576 DD018161 387C97B3 2EB5A104 A9649E9E 255 | DC85F9E4 DF40A823 A66E5494 CB3FB655 99D81A02 E415704C 256 | 257 | --------------------------- 258 | A738D2C8 D5020C42 08F364A8 750251A8 74AF6FFD 88638094 259 | 8B7138A6 81E093B5 32A6E67E 9F3AC97E 1364A1E2 BC8E1121 260 | 5771CA69 4D933FCF 86CD3500 121AD1AF 66821B61 92BE3C97 261 | Update V 262 | 0x03||V is 263 | 03152D90 8B0EDF72 53D5D19F 0AF96518 264 | D3AD33F2 EF3151A0 C956D9D3 EE6DC08B 70F1EB75 982501CE 265 | 67BB7294 F1BC43B3 9CDA5D82 4B4EA563 E29A1EFB 1F2DFE9D 266 | 436F0224 247C31EB 03271B31 D6A925D0 DFC82C8A 0168EE81 267 | 069B429B 0E0853DC ED7546E4 06FA0ACB D7A0C9B9 60FEDD01 268 | 269 | H is 270 | E2C0A9BB 3EF85708 AA5C141C 81558C82 271 | 383E2BB6 27DAE468 AB6C9849 CC42948C 7068AD57 D722FDCF 272 | AA7FE7D4 C792F1A1 0FA378F9 21534BAE 4F52B5CE 6E324F13 273 | Updated values 274 | V is 275 | 404FA9 2A41AB05 15265D62 4E631DDC 276 | 53868D32 C91DA856 22DB2834 4BD57530 F72107F1 0D646AAD 277 | DCCC30B4 5663EE69 D7332856 EA45FFC4 594A97E2 66540175 278 | 51B24D5E 8E2B280C BF0513D7 3D3070C1 8E97FC35 30B6CF65 279 | 40658258 D3442D8F 52294E28 250E3FB3 E6CCDF33 3219DDF9 280 | 281 | reseed_counter is 282 | 0000 00000002 283 | rnd_val is 284 | 3EF283D8 E1A5F5A8 285 | D5D8AD9C 45577576 DD018161 387C97B3 2EB5A104 A9649E9E 286 | DC85F9E4 DF40A823 A66E5494 CB3FB655 99D81A02 E415704C 287 | A738D2C8 D5020C42 08F364A8 750251A8 74AF6FFD 88638094 288 | 8B7138A6 81E093B5 32A6E67E 9F3AC97E 1364A1E2 BC8E1121 289 | 5771CA69 4D933FCF 86CD3500 121AD1AF 66821B61 92BE3C97 290 | 291 | -------------------------------------------------------------- 292 | Second call to Generate 293 | ************************************************************** 294 | Hash_DRBG_Generate_algorithm 295 | requested_number_of_bits = 1024 296 | additional_input 297 | A0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 298 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 299 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 300 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 301 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 302 | 303 | --------------------------- 304 | Process additional_input 305 | 0x02||V||additional_input is 306 | 02404F A92A41AB 307 | 0515265D 624E631D DC53868D 32C91DA8 5622DB28 344BD575 308 | 30F72107 F10D646A ADDCCC30 B45663EE 69D73328 56EA45FF 309 | C4594A97 E2665401 7551B24D 5E8E2B28 0CBF0513 D73D3070 310 | C18E97FC 3530B6CF 65406582 58D3442D 8F52294E 28250E3F 311 | B3E6CCDF 333219DD F9A0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 312 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 313 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 314 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 315 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 316 | 317 | w=Hash(0x02||V||additional_input) is 318 | 16873523 6B8FA61E 40744598 B64BD50D 319 | F278C925 8E1A8849 E2EA3F54 70867ABA D5E797B3 C459A0F2 320 | 64B9F8F8 8B5500D6 FDDB804E 6ED9134E EA77C7BF B255702F 321 | V is 322 | 404FA9 2A41AB05 15265D62 4E631DDC 323 | 53868D32 C91DA856 22DB2834 4BD57530 F72107F1 0D646AAD 324 | DCCC30B4 5663EE69 EDBA5D7A 55D5A5E2 99BEDD7B 1C9FD683 325 | 442B1684 1C45B056 A1EF532B ADB6EB7C 647F93E8 F5107057 326 | 327 | --------------------------- 328 | A51F7B51 5E992E66 5004CE76 93E75302 D144A6F2 E46F4E28 329 | Hashgen 330 | requested_no_of_bits = 1024 331 | ------------ 332 | i = 1 333 | 334 | data is 335 | 404FA9 2A41AB05 15265D62 4E631DDC 336 | 53868D32 C91DA856 22DB2834 4BD57530 F72107F1 0D646AAD 337 | DCCC30B4 5663EE69 EDBA5D7A 55D5A5E2 99BEDD7B 1C9FD683 338 | 442B1684 1C45B056 A1EF532B ADB6EB7C 647F93E8 F5107057 339 | A51F7B51 5E992E66 5004CE76 93E75302 D144A6F2 E46F4E28 340 | w_i is 341 | 8EB0575C E1500BB0 52259F8A 995DC7AE 342 | F54FBD38 E9CE6AEA F3F05FA7 0768AF36 99A24D90 BF60E3E6 343 | 509B4326 A5473B2C E98DE137 DB06EF9F 03A125BF 1367DEFB 344 | W is 345 | 8EB0575C E1500BB0 52259F8A 995DC7AE 346 | F54FBD38 E9CE6AEA F3F05FA7 0768AF36 99A24D90 BF60E3E6 347 | 509B4326 A5473B2C E98DE137 DB06EF9F 03A125BF 1367DEFB 348 | 349 | ------------ 350 | i = 2 351 | data is 352 | 404FA9 2A41AB05 15265D62 4E631DDC 353 | 53868D32 C91DA856 22DB2834 4BD57530 F72107F1 0D646AAD 354 | DCCC30B4 5663EE69 EDBA5D7A 55D5A5E2 99BEDD7B 1C9FD683 355 | 442B1684 1C45B056 A1EF532B ADB6EB7C 647F93E8 F5107057 356 | A51F7B51 5E992E66 5004CE76 93E75302 D144A6F2 E46F4E29 357 | w_i is 358 | 359 | 8098633F A2EF8493 454F6792 F1F94C52 360 | 5282EEC9 D0352D93 B966966B AA85DBAC 596B3240 E2E28D35 361 | E71E7B73 05C92473 AE706480 E9061CD8 DA37F147 700B67B8 362 | W is 363 | 8EB0575C E1500BB0 364 | 52259F8A 995DC7AE F54FBD38 E9CE6AEA F3F05FA7 0768AF36 365 | 99A24D90 BF60E3E6 509B4326 A5473B2C E98DE137 DB06EF9F 366 | 03A125BF 1367DEFB 8098633F A2EF8493 454F6792 F1F94C52 367 | 5282EEC9 D0352D93 B966966B AA85DBAC 596B3240 E2E28D35 368 | E71E7B73 05C92473 AE706480 E9061CD8 DA37F147 700B67B8 369 | 370 | --------------------------- 371 | returned_bits is 372 | 8EB0575C E1500BB0 373 | 52259F8A 995DC7AE F54FBD38 E9CE6AEA F3F05FA7 0768AF36 374 | 99A24D90 BF60E3E6 509B4326 A5473B2C E98DE137 DB06EF9F 375 | 03A125BF 1367DEFB 8098633F A2EF8493 454F6792 F1F94C52 376 | 5282EEC9 D0352D93 B966966B AA85DBAC 596B3240 E2E28D35 377 | E71E7B73 05C92473 AE706480 E9061CD8 DA37F147 700B67B8 378 | 379 | Update V 380 | 0x03||V is 381 | 03404FA9 2A41AB05 15265D62 4E631DDC 382 | 53868D32 C91DA856 22DB2834 4BD57530 F72107F1 0D646AAD 383 | DCCC30B4 5663EE69 EDBA5D7A 55D5A5E2 99BEDD7B 1C9FD683 384 | 442B1684 1C45B056 A1EF532B ADB6EB7C 647F93E8 F5107057 385 | A51F7B51 5E992E66 5004CE76 93E75302 D144A6F2 E46F4E28 386 | H is 387 | A2513F21 58ED78EB 67F6DA75 18BA4DEA 388 | E2E65C34 302C18FC 88A55FD2 0D84168D FF0297D3 D129D4B7 389 | B0B35603 CE3C2BDF 5E7A617D 5EC2FAC6 049C7270 C0C39507 390 | 391 | Updated values 392 | V is 393 | 6B71C1 C9747697 D676E925 91CCD69F 394 | D35FE672 A309FF0B 7C5F7694 A93D29D6 7D50246C 82A3D38D 395 | 396 | 51DCEED3 BB0B991F E7A3BDB5 0EC22225 CE0A1CBA FB2A9AC3 397 | FD16923C 8E45DB0C 3B061359 557FB86E A1E94E10 1E652823 398 | E51D293E 2A7E4257 038FBE3E EF6B3702 95BA790F 081B9515 399 | reseed_counter is 400 | 0000 00000003 401 | 402 | rnd_val is 403 | 8EB0575C E1500BB0 404 | 52259F8A 995DC7AE F54FBD38 E9CE6AEA F3F05FA7 0768AF36 405 | 99A24D90 BF60E3E6 509B4326 A5473B2C E98DE137 DB06EF9F 406 | 03A125BF 1367DEFB 8098633F A2EF8493 454F6792 F1F94C52 407 | 5282EEC9 D0352D93 B966966B AA85DBAC 596B3240 E2E28D35 408 | E71E7B73 05C92473 AE706480 E9061CD8 DA37F147 700B67B8 -------------------------------------------------------------------------------- /test_data_4.txt: -------------------------------------------------------------------------------- 1 | The following data are used in function 'test_sha512_hash_drbg_with_prediction_resistance( )'. They are excerpted from the document provided by NIST. The document can be downloaded from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/Hash_DRBG.pdf 2 | 3 | Page 516.-- 536. 4 | 5 | ############################################################## 6 | Hash_DRBG 7 | Requested Security Strength = 256 8 | 9 | Requested Hash Algorithm = SHA-512 10 | prediction_resistance_flag = "ENABLED" 11 | EntropyInput = 12 | 000102 03040506 0708090A 0B0C0D0E 13 | 0F101112 13141516 1718191A 1B1C1D1E 1F202122 23242526 14 | 2728292A 2B2C2D2E 2F303132 33343536 3738393A 3B3C3D3E 15 | 3F404142 43444546 4748494A 4B4C4D4E 4F505152 53545556 16 | 5758595A 5B5C5D5E 5F606162 63646566 6768696A 6B6C6D6E 17 | EntropyInput1 (for Reseed1) = 18 | 808182 83848586 8788898A 8B8C8D8E 19 | 8F909192 93949596 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 20 | A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE 21 | BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 22 | D7D8D9DA DBDCDDDE DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE 23 | EntropyInput2 (for Reseed2) = 24 | C0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 25 | CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE DFE0E1E2 E3E4E5E6 26 | E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 F7F8F9FA FBFCFDFE 27 | FF000102 03040506 0708090A 0B0C0D0E 0F101112 13141516 28 | 1718191A 1B1C1D1E 1F202122 23242526 2728292A 2B2C2D2E 29 | 30 | Nonce = 31 | 20212223 24252627 28292A2B 2C2D2E2F 32 | PersonalizationString = 33 | 404142 43444546 4748494A 4B4C4D4E 34 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 35 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 36 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 37 | 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 38 | AdditionalInput1 = 39 | 606162 63646566 6768696A 6B6C6D6E 40 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 41 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 42 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 43 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 44 | 45 | AdditionalInput2 = 46 | A0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 47 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 48 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 49 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 50 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 51 | ############################################################## 52 | ************************************************************** 53 | Hash_DRBG_Instantiate_algorithm 54 | entropy_input is 55 | 000102 03040506 0708090A 0B0C0D0E 56 | 0F101112 13141516 1718191A 1B1C1D1E 1F202122 23242526 57 | 2728292A 2B2C2D2E 2F303132 33343536 3738393A 3B3C3D3E 58 | 3F404142 43444546 4748494A 4B4C4D4E 4F505152 53545556 59 | 5758595A 5B5C5D5E 5F606162 63646566 6768696A 6B6C6D6E 60 | nonce is 61 | 20212223 24252627 28292A2B 2C2D2E2F 62 | 63 | --------------------------- 64 | personal_str is 65 | 404142 43444546 4748494A 4B4C4D4E 66 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 67 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 68 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 69 | 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 70 | prediction_resistance_flag = "PredictionResistance" 71 | Hash_df - Generate seed(which is V) - Step 2 72 | seed_material is 73 | 0001 02030405 06070809 0A0B0C0D 0E0F1011 12131415 74 | 16171819 1A1B1C1D 1E1F2021 22232425 26272829 2A2B2C2D 75 | 2E2F3031 32333435 36373839 3A3B3C3D 3E3F4041 42434445 76 | 46474849 4A4B4C4D 4E4F5051 52535455 56575859 5A5B5C5D 77 | 78 | 5E5F6061 62636465 66676869 6A6B6C6D 6E202122 23242526 79 | 2728292A 2B2C2D2E 2F404142 43444546 4748494A 4B4C4D4E 80 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 81 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 82 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 83 | 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 84 | no_of_bits_to_return = 888 85 | ------------ 86 | i = 1 87 | 88 | counter||no_of_bits_to_return||input_string is 89 | 010000 90 | 03780001 02030405 06070809 0A0B0C0D 0E0F1011 12131415 91 | 16171819 1A1B1C1D 1E1F2021 22232425 26272829 2A2B2C2D 92 | 2E2F3031 32333435 36373839 3A3B3C3D 3E3F4041 42434445 93 | 46474849 4A4B4C4D 4E4F5051 52535455 56575859 5A5B5C5D 94 | 5E5F6061 62636465 66676869 6A6B6C6D 6E202122 23242526 95 | 2728292A 2B2C2D2E 2F404142 43444546 4748494A 4B4C4D4E 96 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 97 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 98 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 99 | 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 100 | Hash(counter||no_of_bits_to_return||input_string) is 101 | E5A5C585 D6A9E11C 58581F35 14EE19A7 102 | 048CF096 A3E9B139 D9C0A2C0 67931041 4073C104 E2F6F8A3 103 | 7C7C666E 11FF4439 33ABA1CF AD4C620C DFF5DA8C 0860CEEE 104 | 105 | temp = 106 | E5A5C585 D6A9E11C 58581F35 14EE19A7 107 | 048CF096 A3E9B139 D9C0A2C0 67931041 4073C104 E2F6F8A3 108 | 7C7C666E 11FF4439 33ABA1CF AD4C620C DFF5DA8C 0860CEEE 109 | ------------ 110 | i = 2 111 | counter||no_of_bits_to_return||input_string is 112 | 020000 113 | 114 | 03780001 02030405 06070809 0A0B0C0D 0E0F1011 12131415 115 | 16171819 1A1B1C1D 1E1F2021 22232425 26272829 2A2B2C2D 116 | 2E2F3031 32333435 36373839 3A3B3C3D 3E3F4041 42434445 117 | 46474849 4A4B4C4D 4E4F5051 52535455 56575859 5A5B5C5D 118 | 5E5F6061 62636465 66676869 6A6B6C6D 6E202122 23242526 119 | 2728292A 2B2C2D2E 2F404142 43444546 4748494A 4B4C4D4E 120 | 4F505152 53545556 5758595A 5B5C5D5E 5F606162 63646566 121 | 6768696A 6B6C6D6E 6F707172 73747576 7778797A 7B7C7D7E 122 | 7F808182 83848586 8788898A 8B8C8D8E 8F909192 93949596 123 | 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 124 | Hash(counter||no_of_bits_to_return||input_string) is 125 | 80B87195 7508538D 2D87A4A3 B5728ADB 126 | 4191974A 384F323D 2E585869 5C152F99 D0E8CF4C B41BC2A6 127 | 12955B4C 4838B9FB EB00568D 36F727E1 742FF774 E8542A4B 128 | temp = 129 | E5A5C5 85D6A9E1 1C58581F 3514EE19 130 | A7048CF0 96A3E9B1 39D9C0A2 C0679310 414073C1 04E2F6F8 131 | A37C7C66 6E11FF44 3933ABA1 CFAD4C62 0CDFF5DA 8C0860CE 132 | EE80B871 95750853 8D2D87A4 A3B5728A DB419197 4A384F32 133 | 3D2E5858 695C152F 99D0E8CF 4CB41BC2 A612955B 4C4838B9 134 | 135 | --------------------------- 136 | V is 137 | E5A5C5 85D6A9E1 1C58581F 3514EE19 138 | A7048CF0 96A3E9B1 39D9C0A2 C0679310 414073C1 04E2F6F8 139 | A37C7C66 6E11FF44 3933ABA1 CFAD4C62 0CDFF5DA 8C0860CE 140 | EE80B871 95750853 8D2D87A4 A3B5728A DB419197 4A384F32 141 | 3D2E5858 695C152F 99D0E8CF 4CB41BC2 A612955B 4C4838B9 142 | Hash_df - Generate C - Step 4 143 | 0x00||V is 144 | 00E5A5C5 85D6A9E1 1C58581F 3514EE19 145 | A7048CF0 96A3E9B1 39D9C0A2 C0679310 414073C1 04E2F6F8 146 | A37C7C66 6E11FF44 3933ABA1 CFAD4C62 0CDFF5DA 8C0860CE 147 | EE80B871 95750853 8D2D87A4 A3B5728A DB419197 4A384F32 148 | 3D2E5858 695C152F 99D0E8CF 4CB41BC2 A612955B 4C4838B9 149 | 150 | no_of_bits_to_return = 888 151 | ------------ 152 | i = 1 153 | counter||no_of_bits_to_return||input_string is 154 | 01 00000378 00E5A5C5 85D6A9E1 1C58581F 3514EE19 155 | A7048CF0 96A3E9B1 39D9C0A2 C0679310 414073C1 04E2F6F8 156 | A37C7C66 6E11FF44 3933ABA1 CFAD4C62 0CDFF5DA 8C0860CE 157 | EE80B871 95750853 8D2D87A4 A3B5728A DB419197 4A384F32 158 | 3D2E5858 695C152F 99D0E8CF 4CB41BC2 A612955B 4C4838B9 159 | Hash(counter||no_of_bits_to_return||input_string) is 160 | 0C193DBC 1942C121 C63513ED 95ECA91C 161 | 62C55031 7506462C 47B0F34F 99716F36 EAD9FF51 ACAB423C 162 | 421CAB62 DF4D8C79 2E38D533 9D60AA24 0292E134 A249A577 163 | 164 | temp = 165 | 0C193DBC 1942C121 C63513ED 95ECA91C 166 | 62C55031 7506462C 47B0F34F 99716F36 EAD9FF51 ACAB423C 167 | 421CAB62 DF4D8C79 2E38D533 9D60AA24 0292E134 A249A577 168 | ------------ 169 | i = 2 170 | counter||no_of_bits_to_return||input_string is 171 | 02 00000378 00E5A5C5 85D6A9E1 1C58581F 3514EE19 172 | A7048CF0 96A3E9B1 39D9C0A2 C0679310 414073C1 04E2F6F8 173 | A37C7C66 6E11FF44 3933ABA1 CFAD4C62 0CDFF5DA 8C0860CE 174 | EE80B871 95750853 8D2D87A4 A3B5728A DB419197 4A384F32 175 | 3D2E5858 695C152F 99D0E8CF 4CB41BC2 A612955B 4C4838B9 176 | 177 | Hash(counter||no_of_bits_to_return||input_string) is 178 | 0176FE93 A4C199A2 258615DD A840AE6F 179 | C2E7DB39 1315119E 57774F94 396C81F5 F8D4835D 618D960B 180 | 297E97F1 A21B35E3 E450A877 4819D918 961DFC01 FFC73630 181 | temp = 182 | 0C193D BC1942C1 21C63513 ED95ECA9 183 | 184 | -------------------------------------------------------------- 185 | 1C62C550 31750646 2C47B0F3 4F99716F 36EAD9FF 51ACAB42 186 | 3C421CAB 62DF4D8C 792E38D5 339D60AA 240292E1 34A249A5 187 | 770176FE 93A4C199 A2258615 DDA840AE 6FC2E7DB 39131511 188 | 9E57774F 94396C81 F5F8D483 5D618D96 0B297E97 F1A21B35 189 | C is 190 | 0C193D BC1942C1 21C63513 ED95ECA9 191 | 1C62C550 31750646 2C47B0F3 4F99716F 36EAD9FF 51ACAB42 192 | 3C421CAB 62DF4D8C 792E38D5 339D60AA 240292E1 34A249A5 193 | 770176FE 93A4C199 A2258615 DDA840AE 6FC2E7DB 39131511 194 | 9E57774F 94396C81 F5F8D483 5D618D96 0B297E97 F1A21B35 195 | First call to Generate 196 | ************************************************************** 197 | 198 | -------------------------------------------------------------- 199 | First call to Generate 200 | ************************************************************** 201 | Hash_DRBG_Generate_algorithm 202 | requested_number_of_bits = 1024 203 | additional_input 204 | 606162 63646566 6768696A 6B6C6D6E 205 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 206 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 207 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 208 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 209 | 210 | -------------------------------------------------------------- 211 | Generate FAILED: Reseed is required 212 | Hash_DRBG_Reseed_algorithm 213 | entropy_input 214 | 808182 83848586 8788898A 8B8C8D8E 215 | 8F909192 93949596 9798999A 9B9C9D9E 9FA0A1A2 A3A4A5A6 216 | A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE 217 | BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 218 | D7D8D9DA DBDCDDDE DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE 219 | additional_input 220 | 221 | --------------------------- 222 | 606162 63646566 6768696A 6B6C6D6E 223 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 224 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 225 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 226 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 227 | Hash_df - Generate seed(which is V) - Step 2 228 | 229 | seed_material is 230 | 01E5 A5C585D6 A9E11C58 581F3514 EE19A704 8CF096A3 231 | E9B139D9 C0A2C067 93104140 73C104E2 F6F8A37C 7C666E11 232 | FF443933 ABA1CFAD 4C620CDF F5DA8C08 60CEEE80 B8719575 233 | 08538D2D 87A4A3B5 728ADB41 91974A38 4F323D2E 5858695C 234 | 152F99D0 E8CF4CB4 1BC2A612 955B4C48 38B98081 82838485 235 | 86878889 8A8B8C8D 8E8F9091 92939495 96979899 9A9B9C9D 236 | 9E9FA0A1 A2A3A4A5 A6A7A8A9 AAABACAD AEAFB0B1 B2B3B4B5 237 | B6B7B8B9 BABBBCBD BEBFC0C1 C2C3C4C5 C6C7C8C9 CACBCCCD 238 | CECFD0D1 D2D3D4D5 D6D7D8D9 DADBDCDD DEDFE0E1 E2E3E4E5 239 | E6E7E8E9 EAEBECED EE606162 63646566 6768696A 6B6C6D6E 240 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 241 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 242 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 243 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 244 | 245 | no_of_bits_to_return = 888 246 | ------------ 247 | i = 1 248 | counter||no_of_bits_to_return||input_string is 249 | 010000 250 | 037801E5 A5C585D6 A9E11C58 581F3514 EE19A704 8CF096A3 251 | E9B139D9 C0A2C067 93104140 73C104E2 F6F8A37C 7C666E11 252 | FF443933 ABA1CFAD 4C620CDF F5DA8C08 60CEEE80 B8719575 253 | 08538D2D 87A4A3B5 728ADB41 91974A38 4F323D2E 5858695C 254 | 152F99D0 E8CF4CB4 1BC2A612 955B4C48 38B98081 82838485 255 | 86878889 8A8B8C8D 8E8F9091 92939495 96979899 9A9B9C9D 256 | 9E9FA0A1 A2A3A4A5 A6A7A8A9 AAABACAD AEAFB0B1 B2B3B4B5 257 | B6B7B8B9 BABBBCBD BEBFC0C1 C2C3C4C5 C6C7C8C9 CACBCCCD 258 | CECFD0D1 D2D3D4D5 D6D7D8D9 DADBDCDD DEDFE0E1 E2E3E4E5 259 | E6E7E8E9 EAEBECED EE606162 63646566 6768696A 6B6C6D6E 260 | 261 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 262 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 263 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 264 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 265 | Hash(counter||no_of_bits_to_return||input_string) is 266 | 04F0F3B8 9552F8C0 006FE2BA 33D069A4 267 | 08885EB0 AE9A9618 F8381C83 2B8A6FD8 1FFFFF52 5C4BD7E2 268 | E3EDE6ED 7AC02DED 66DFBFA0 50134D3B 1A828DA2 D4818482 269 | temp = 270 | 04F0F3B8 9552F8C0 006FE2BA 33D069A4 271 | 08885EB0 AE9A9618 F8381C83 2B8A6FD8 1FFFFF52 5C4BD7E2 272 | E3EDE6ED 7AC02DED 66DFBFA0 50134D3B 1A828DA2 D4818482 273 | 274 | ------------ 275 | i = 2 276 | counter||no_of_bits_to_return||input_string is 277 | 020000 278 | 037801E5 A5C585D6 A9E11C58 581F3514 EE19A704 8CF096A3 279 | E9B139D9 C0A2C067 93104140 73C104E2 F6F8A37C 7C666E11 280 | FF443933 ABA1CFAD 4C620CDF F5DA8C08 60CEEE80 B8719575 281 | 08538D2D 87A4A3B5 728ADB41 91974A38 4F323D2E 5858695C 282 | 152F99D0 E8CF4CB4 1BC2A612 955B4C48 38B98081 82838485 283 | 86878889 8A8B8C8D 8E8F9091 92939495 96979899 9A9B9C9D 284 | 9E9FA0A1 A2A3A4A5 A6A7A8A9 AAABACAD AEAFB0B1 B2B3B4B5 285 | B6B7B8B9 BABBBCBD BEBFC0C1 C2C3C4C5 C6C7C8C9 CACBCCCD 286 | CECFD0D1 D2D3D4D5 D6D7D8D9 DADBDCDD DEDFE0E1 E2E3E4E5 287 | E6E7E8E9 EAEBECED EE606162 63646566 6768696A 6B6C6D6E 288 | 6F707172 73747576 7778797A 7B7C7D7E 7F808182 83848586 289 | 8788898A 8B8C8D8E 8F909192 93949596 9798999A 9B9C9D9E 290 | 9FA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE AFB0B1B2 B3B4B5B6 291 | B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 292 | 293 | Hash(counter||no_of_bits_to_return||input_string) is 294 | 6BDA0EED A45C794A 18B04CED 7E8AFAAE 295 | 88B743FE 0833735F C59704C4 3252DAC6 76A4C91B 8D3E78DC 296 | 41782C01 96D73DFD 11C631F3 7B382D42 D0F77A4A A040E727 297 | 298 | temp = 299 | 04F0F3 B89552F8 C0006FE2 BA33D069 300 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 301 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 302 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 303 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 304 | V is 305 | 04F0F3 B89552F8 C0006FE2 BA33D069 306 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 307 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 308 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 309 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 310 | 311 | --------------------------- 312 | Hash_df - Generate C - Step 4 313 | 0x00||V is 314 | 0004F0F3 B89552F8 C0006FE2 BA33D069 315 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 316 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 317 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 318 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 319 | no_of_bits_to_return = 888 320 | 321 | ------------ 322 | i = 1 323 | counter||no_of_bits_to_return||input_string is 324 | 01 00000378 0004F0F3 B89552F8 C0006FE2 BA33D069 325 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 326 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 327 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 328 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 329 | Hash(counter||no_of_bits_to_return||input_string) is 330 | 76878CDA 0362CAD7 DB3F3D92 17093D29 331 | 602FF901 5D2D87A1 8EE4B2F2 88947D33 4565E066 F7E104AC 332 | DDBC773B 1486541E D12488D3 B70FCD34 AE68F5AD 78464189 333 | 334 | temp = 335 | 76878CDA 0362CAD7 DB3F3D92 17093D29 336 | 602FF901 5D2D87A1 8EE4B2F2 88947D33 4565E066 F7E104AC 337 | DDBC773B 1486541E D12488D3 B70FCD34 AE68F5AD 78464189 338 | ------------ 339 | i = 2 340 | 341 | counter||no_of_bits_to_return||input_string is 342 | 02 00000378 0004F0F3 B89552F8 C0006FE2 BA33D069 343 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 344 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 345 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 346 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 347 | Hash(counter||no_of_bits_to_return||input_string) is 348 | A8053FAF A58CA32F EA5C4F5C 7F3AEF74 349 | D699AD57 13E64377 430E4528 E54B6EE6 CE4DB441 907CA52A 350 | 3F90A768 7AA90E89 4E60E54B C1E4E3E5 101AD0F5 CC8DD1E0 351 | 352 | temp = 353 | 76878C DA0362CA D7DB3F3D 9217093D 354 | 29602FF9 015D2D87 A18EE4B2 F288947D 334565E0 66F7E104 355 | ACDDBC77 3B148654 1ED12488 D3B70FCD 34AE68F5 AD784641 356 | 89A8053F AFA58CA3 2FEA5C4F 5C7F3AEF 74D699AD 5713E643 357 | 77430E45 28E54B6E E6CE4DB4 41907CA5 2A3F90A7 687AA90E 358 | C is 359 | 76878C DA0362CA D7DB3F3D 9217093D 360 | 29602FF9 015D2D87 A18EE4B2 F288947D 334565E0 66F7E104 361 | ACDDBC77 3B148654 1ED12488 D3B70FCD 34AE68F5 AD784641 362 | 89A8053F AFA58CA3 2FEA5C4F 5C7F3AEF 74D699AD 5713E643 363 | 77430E45 28E54B6E E6CE4DB4 41907CA5 2A3F90A7 687AA90E 364 | 365 | ************************************************************** 366 | Hash_DRBG_Generate_algorithm 367 | 368 | --------------------------- 369 | requested_number_of_bits = 1024 370 | additional_input 371 | Hashgen 372 | requested_no_of_bits = 1024 373 | ------------ 374 | 375 | i = 1 376 | data is 377 | 04F0F3 B89552F8 C0006FE2 BA33D069 378 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 379 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 380 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 381 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 382 | w_i is 383 | 7596A763 72308BD5 A5613439 934678B3 384 | 5521A94D 81ABFE63 A21ACF61 ABB88B61 E86A12C3 7F308F2B 385 | BBE32BE4 B38D03AE 80838649 4D70EF52 E9E1365D D18B7784 386 | W is 387 | 7596A763 72308BD5 A5613439 934678B3 388 | 5521A94D 81ABFE63 A21ACF61 ABB88B61 E86A12C3 7F308F2B 389 | BBE32BE4 B38D03AE 80838649 4D70EF52 E9E1365D D18B7784 390 | 391 | ------------ 392 | i = 2 393 | data is 394 | 04F0F3 B89552F8 C0006FE2 BA33D069 395 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 396 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 397 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 398 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73E 399 | 400 | w_i is 401 | CAB826F3 1D47579E 4D57F69D 8BF3152B 402 | 95741946 CEBE5857 1DF58ED3 9980D9AF 44E69F01 E8989759 403 | 8E401711 01A0E330 2838E0AD 9E849C01 988993CF 9F6E5263 404 | W is 405 | 7596A763 72308BD5 406 | A5613439 934678B3 5521A94D 81ABFE63 A21ACF61 ABB88B61 407 | E86A12C3 7F308F2B BBE32BE4 B38D03AE 80838649 4D70EF52 408 | E9E1365D D18B7784 CAB826F3 1D47579E 4D57F69D 8BF3152B 409 | 95741946 CEBE5857 1DF58ED3 9980D9AF 44E69F01 E8989759 410 | 8E401711 01A0E330 2838E0AD 9E849C01 988993CF 9F6E5263 411 | 412 | --------------------------- 413 | returned_bits is 414 | 7596A763 72308BD5 415 | A5613439 934678B3 5521A94D 81ABFE63 A21ACF61 ABB88B61 416 | E86A12C3 7F308F2B BBE32BE4 B38D03AE 80838649 4D70EF52 417 | E9E1365D D18B7784 CAB826F3 1D47579E 4D57F69D 8BF3152B 418 | 95741946 CEBE5857 1DF58ED3 9980D9AF 44E69F01 E8989759 419 | 8E401711 01A0E330 2838E0AD 9E849C01 988993CF 9F6E5263 420 | 421 | --------------------------- 422 | Update V 423 | 0x03||V is 424 | 0304F0F3 B89552F8 C0006FE2 BA33D069 425 | A408885E B0AE9A96 18F8381C 832B8A6F D81FFFFF 525C4BD7 426 | E2E3EDE6 ED7AC02D ED66DFBF A050134D 3B1A828D A2D48184 427 | 826BDA0E EDA45C79 4A18B04C ED7E8AFA AE88B743 FE083373 428 | 5FC59704 C43252DA C676A4C9 1B8D3E78 DC41782C 0196D73D 429 | H is 430 | 570B7582 C7A57D2D 0D1631DD 208A507A 431 | 9B9BE4AE 3676F474 C31F49B0 AE96CD64 33D19AEB 51584CEA 432 | F532A3C7 9E0C7208 17510AAB 6AF67458 9AB9180B 51620620 433 | 434 | Updated values 435 | V is 436 | 7B7880 9298B5C3 97DBAF20 4C4AD9A6 437 | 438 | CD68B857 B20BC81D BA871CCF 75B41EED 0B6565DF B9542CDC 439 | 8FC1AA5E 288F4682 634379CB 3BACA047 7CDF1D60 70D71840 440 | A7AFC3FC D3C0DD91 3D22564C F894934E 5730EBDC A67466A1 441 | CC3B4911 8B241051 C495FD28 C8142F76 A13A20DE BB73866C 442 | reseed_counter is 443 | 0000 00000002 444 | rnd_val is 445 | 7596A763 72308BD5 446 | A5613439 934678B3 5521A94D 81ABFE63 A21ACF61 ABB88B61 447 | E86A12C3 7F308F2B BBE32BE4 B38D03AE 80838649 4D70EF52 448 | E9E1365D D18B7784 CAB826F3 1D47579E 4D57F69D 8BF3152B 449 | 95741946 CEBE5857 1DF58ED3 9980D9AF 44E69F01 E8989759 450 | 8E401711 01A0E330 2838E0AD 9E849C01 988993CF 9F6E5263 451 | 452 | -------------------------------------------------------------- 453 | Second call to Generate 454 | ************************************************************** 455 | Hash_DRBG_Generate_algorithm 456 | requested_number_of_bits = 1024 457 | additional_input 458 | A0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 459 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 460 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 461 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 462 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 463 | 464 | -------------------------------------------------------------- 465 | Generate FAILED: Reseed is required 466 | Hash_DRBG_Reseed_algorithm 467 | entropy_input 468 | C0C1C2 C3C4C5C6 C7C8C9CA CBCCCDCE 469 | CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE DFE0E1E2 E3E4E5E6 470 | E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 F7F8F9FA FBFCFDFE 471 | 472 | FF000102 03040506 0708090A 0B0C0D0E 0F101112 13141516 473 | 1718191A 1B1C1D1E 1F202122 23242526 2728292A 2B2C2D2E 474 | additional_input 475 | A0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 476 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 477 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 478 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 479 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 480 | 481 | --------------------------- 482 | Hash_df - Generate seed(which is V) - Step 2 483 | seed_material is 484 | 017B 78809298 B5C397DB AF204C4A D9A6CD68 B857B20B 485 | C81DBA87 1CCF75B4 1EED0B65 65DFB954 2CDC8FC1 AA5E288F 486 | 46826343 79CB3BAC A0477CDF 1D6070D7 1840A7AF C3FCD3C0 487 | DD913D22 564CF894 934E5730 EBDCA674 66A1CC3B 49118B24 488 | 1051C495 FD28C814 2F76A13A 20DEBB73 866CC0C1 C2C3C4C5 489 | C6C7C8C9 CACBCCCD CECFD0D1 D2D3D4D5 D6D7D8D9 DADBDCDD 490 | DEDFE0E1 E2E3E4E5 E6E7E8E9 EAEBECED EEEFF0F1 F2F3F4F5 491 | F6F7F8F9 FAFBFCFD FEFF0001 02030405 06070809 0A0B0C0D 492 | 0E0F1011 12131415 16171819 1A1B1C1D 1E1F2021 22232425 493 | 26272829 2A2B2C2D 2EA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 494 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 495 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 496 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 497 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 498 | 499 | no_of_bits_to_return = 888 500 | ------------ 501 | i = 1 502 | counter||no_of_bits_to_return||input_string is 503 | 010000 504 | 0378017B 78809298 B5C397DB AF204C4A D9A6CD68 B857B20B 505 | C81DBA87 1CCF75B4 1EED0B65 65DFB954 2CDC8FC1 AA5E288F 506 | 46826343 79CB3BAC A0477CDF 1D6070D7 1840A7AF C3FCD3C0 507 | DD913D22 564CF894 934E5730 EBDCA674 66A1CC3B 49118B24 508 | 1051C495 FD28C814 2F76A13A 20DEBB73 866CC0C1 C2C3C4C5 509 | 510 | C6C7C8C9 CACBCCCD CECFD0D1 D2D3D4D5 D6D7D8D9 DADBDCDD 511 | DEDFE0E1 E2E3E4E5 E6E7E8E9 EAEBECED EEEFF0F1 F2F3F4F5 512 | F6F7F8F9 FAFBFCFD FEFF0001 02030405 06070809 0A0B0C0D 513 | 0E0F1011 12131415 16171819 1A1B1C1D 1E1F2021 22232425 514 | 26272829 2A2B2C2D 2EA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 515 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 516 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 517 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 518 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 519 | 520 | Hash(counter||no_of_bits_to_return||input_string) is 521 | 913CA013 D788EAD1 4EDFA1A5 7857414B 522 | 1D68E30D 85930C99 4EC8DEEE 1B2F7E74 4CAC3288 A442A4CD 523 | 55A41FD1 A0B265B4 90812D90 00FFCC62 82474D78 8DFB3781 524 | temp = 525 | 913CA013 D788EAD1 4EDFA1A5 7857414B 526 | 1D68E30D 85930C99 4EC8DEEE 1B2F7E74 4CAC3288 A442A4CD 527 | 55A41FD1 A0B265B4 90812D90 00FFCC62 82474D78 8DFB3781 528 | 529 | ------------ 530 | i = 2 531 | counter||no_of_bits_to_return||input_string is 532 | 020000 533 | 0378017B 78809298 B5C397DB AF204C4A D9A6CD68 B857B20B 534 | C81DBA87 1CCF75B4 1EED0B65 65DFB954 2CDC8FC1 AA5E288F 535 | 46826343 79CB3BAC A0477CDF 1D6070D7 1840A7AF C3FCD3C0 536 | DD913D22 564CF894 934E5730 EBDCA674 66A1CC3B 49118B24 537 | 1051C495 FD28C814 2F76A13A 20DEBB73 866CC0C1 C2C3C4C5 538 | C6C7C8C9 CACBCCCD CECFD0D1 D2D3D4D5 D6D7D8D9 DADBDCDD 539 | DEDFE0E1 E2E3E4E5 E6E7E8E9 EAEBECED EEEFF0F1 F2F3F4F5 540 | F6F7F8F9 FAFBFCFD FEFF0001 02030405 06070809 0A0B0C0D 541 | 0E0F1011 12131415 16171819 1A1B1C1D 1E1F2021 22232425 542 | 26272829 2A2B2C2D 2EA0A1A2 A3A4A5A6 A7A8A9AA ABACADAE 543 | AFB0B1B2 B3B4B5B6 B7B8B9BA BBBCBDBE BFC0C1C2 C3C4C5C6 544 | C7C8C9CA CBCCCDCE CFD0D1D2 D3D4D5D6 D7D8D9DA DBDCDDDE 545 | DFE0E1E2 E3E4E5E6 E7E8E9EA EBECEDEE EFF0F1F2 F3F4F5F6 546 | F7F8F9FA FBFCFDFE FF000102 03040506 0708090A 0B0C0D0E 547 | 548 | Hash(counter||no_of_bits_to_return||input_string) is 549 | 550 | E7F19451 0674954D 9E49CEAC 2FD98109 551 | E08BEBBF FBBBA78C 16FEB723 64F49334 6BB916DB 78563AAD 552 | BD51A07D 55315AFB 4612F770 B4936987 47C3EC71 9C7BF6C0 553 | temp = 554 | 913CA0 13D788EA D14EDFA1 A5785741 555 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 556 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 557 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 558 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 559 | 560 | V is 561 | 913CA0 13D788EA D14EDFA1 A5785741 562 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 563 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 564 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 565 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 566 | 567 | --------------------------- 568 | Hash_df - Generate C - Step 4 569 | 0x00||V is 570 | 00913CA0 13D788EA D14EDFA1 A5785741 571 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 572 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 573 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 574 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 575 | no_of_bits_to_return = 888 576 | 577 | ------------ 578 | i = 1 579 | counter||no_of_bits_to_return||input_string is 580 | 01 00000378 00913CA0 13D788EA D14EDFA1 A5785741 581 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 582 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 583 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 584 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 585 | 586 | Hash(counter||no_of_bits_to_return||input_string) is 587 | 9FA80ADB 6DC1CD99 3C00413B A974350B 588 | 49725E33 4A188BEB 0A992B22 5C49DE64 CFE92B47 8B7589B6 589 | 0649255A 304CA2EB 11BF7BB7 9021A86B A4F7BCD9 3679B8F7 590 | temp = 591 | 9FA80ADB 6DC1CD99 3C00413B A974350B 592 | 49725E33 4A188BEB 0A992B22 5C49DE64 CFE92B47 8B7589B6 593 | 0649255A 304CA2EB 11BF7BB7 9021A86B A4F7BCD9 3679B8F7 594 | 595 | ------------ 596 | i = 2 597 | counter||no_of_bits_to_return||input_string is 598 | 02 00000378 00913CA0 13D788EA D14EDFA1 A5785741 599 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 600 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 601 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 602 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 603 | 604 | Hash(counter||no_of_bits_to_return||input_string) is 605 | 356ED503 70D4A92A 84F44891 788408BE 606 | D41B4F3C 71B4FD1F 90D1480E 506B96A4 180D945C E02C4369 607 | 876C3994 CA9463D6 887B6B27 457709FF FFCA9CE8 CE90D484 608 | temp = 609 | 9FA80A DB6DC1CD 993C0041 3BA97435 610 | 0B49725E 334A188B EB0A992B 225C49DE 64CFE92B 478B7589 611 | B6064925 5A304CA2 EB11BF7B B79021A8 6BA4F7BC D93679B8 612 | F7356ED5 0370D4A9 2A84F448 91788408 BED41B4F 3C71B4FD 613 | 1F90D148 0E506B96 A4180D94 5CE02C43 69876C39 94CA9463 614 | 615 | C is 616 | 9FA80A DB6DC1CD 993C0041 3BA97435 617 | 0B49725E 334A188B EB0A992B 225C49DE 64CFE92B 478B7589 618 | B6064925 5A304CA2 EB11BF7B B79021A8 6BA4F7BC D93679B8 619 | F7356ED5 0370D4A9 2A84F448 91788408 BED41B4F 3C71B4FD 620 | 1F90D148 0E506B96 A4180D94 5CE02C43 69876C39 94CA9463 621 | 622 | --------------------------- 623 | ************************************************************** 624 | Hash_DRBG_Generate_algorithm 625 | requested_number_of_bits = 1024 626 | additional_input 627 | Hashgen 628 | requested_no_of_bits = 1024 629 | ------------ 630 | 631 | i = 1 632 | data is 633 | 913CA0 13D788EA D14EDFA1 A5785741 634 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 635 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 636 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 637 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 638 | w_i is 639 | DBE5EE36 FCD85301 303E1C36 17C1AC5E 640 | 23C08885 D0BEFAAD 0C85A0D8 9F85B9F1 6ECE3D88 A24EB965 641 | 04F2F13E FA704962 1782F5DE 2C416A0D 294CCFE5 3545C4E3 642 | W is 643 | DBE5EE36 FCD85301 303E1C36 17C1AC5E 644 | 23C08885 D0BEFAAD 0C85A0D8 9F85B9F1 6ECE3D88 A24EB965 645 | 04F2F13E FA704962 1782F5DE 2C416A0D 294CCFE5 3545C4E3 646 | 647 | ------------ 648 | i = 2 649 | data is 650 | 913CA0 13D788EA D14EDFA1 A5785741 651 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 652 | 653 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 654 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 655 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315B 656 | w_i is 657 | 09C48E1E 285A2B82 9A574B72 B3C2FBE1 658 | 34D01E37 06B486F2 401B9820 E17298A3 42666918 E15B8462 659 | 87F8C5AF 2D96B20F AF3D0BB3 92E15F4A 06CDB0DE CD1B6AD7 660 | W is 661 | DBE5EE36 FCD85301 662 | 303E1C36 17C1AC5E 23C08885 D0BEFAAD 0C85A0D8 9F85B9F1 663 | 6ECE3D88 A24EB965 04F2F13E FA704962 1782F5DE 2C416A0D 664 | 294CCFE5 3545C4E3 09C48E1E 285A2B82 9A574B72 B3C2FBE1 665 | 34D01E37 06B486F2 401B9820 E17298A3 42666918 E15B8462 666 | 87F8C5AF 2D96B20F AF3D0BB3 92E15F4A 06CDB0DE CD1B6AD7 667 | 668 | --------------------------- 669 | returned_bits is 670 | DBE5EE36 FCD85301 671 | 303E1C36 17C1AC5E 23C08885 D0BEFAAD 0C85A0D8 9F85B9F1 672 | 6ECE3D88 A24EB965 04F2F13E FA704962 1782F5DE 2C416A0D 673 | 294CCFE5 3545C4E3 09C48E1E 285A2B82 9A574B72 B3C2FBE1 674 | 34D01E37 06B486F2 401B9820 E17298A3 42666918 E15B8462 675 | 87F8C5AF 2D96B20F AF3D0BB3 92E15F4A 06CDB0DE CD1B6AD7 676 | 677 | --------------------------- 678 | Update V 679 | 0x03||V is 680 | 03913CA0 13D788EA D14EDFA1 A5785741 681 | 4B1D68E3 0D85930C 994EC8DE EE1B2F7E 744CAC32 88A442A4 682 | CD55A41F D1A0B265 B490812D 9000FFCC 6282474D 788DFB37 683 | 81E7F194 51067495 4D9E49CE AC2FD981 09E08BEB BFFBBBA7 684 | 8C16FEB7 2364F493 346BB916 DB78563A ADBD51A0 7D55315A 685 | H is 686 | 73FD2839 3EFADC11 1ADBC674 E19D8341 687 | 76345539 6AC56861 F86260C7 4918A450 5D41B9D7 5FC254C0 688 | 2EE70292 ED511374 3F2C179A A23149FC 18F27654 98319719 689 | 690 | Updated values 691 | V is 692 | 30E4AA EF454AB8 6A8ADFE2 E121CB76 693 | 5666DB41 40CFAB98 8459620A 1077795C D91C955D D02FB82E 694 | 835BED45 2BD0FF09 139F68E2 868BFD85 E903057F 3361F831 695 | EF51B5A2 BF3CB1A0 70859EDE 86C101DA 25F66112 5C2FC564 696 | DA8ED292 1F06739E 17AFDE45 DA89CC7A 3037342E AA515CD7 697 | reseed_counter is 698 | 0000 00000002 699 | rnd_val is 700 | DBE5EE36 FCD85301 701 | 303E1C36 17C1AC5E 23C08885 D0BEFAAD 0C85A0D8 9F85B9F1 702 | 6ECE3D88 A24EB965 04F2F13E FA704962 1782F5DE 2C416A0D 703 | 294CCFE5 3545C4E3 09C48E1E 285A2B82 9A574B72 B3C2FBE1 704 | 34D01E37 06B486F2 401B9820 E17298A3 42666918 E15B8462 705 | 87F8C5AF 2D96B20F AF3D0BB3 92E15F4A 06CDB0DE CD1B6AD7 706 | 707 | -------------------------------------------------------------------------------- /test_demo.c: -------------------------------------------------------------------------------- 1 | /************************************************** 2 | * File name: test_demo.c 3 | * Author: HAN Wei 4 | * Author's blog: https://blog.csdn.net/henter/ 5 | * Date: Feb 10th, 2019 6 | * Description: implement hash DRBG test demo programs 7 | **************************************************/ 8 | 9 | #include 10 | #include 11 | #include "test_hash_drbg.h" 12 | 13 | int main(void) 14 | { 15 | int error_code; 16 | 17 | printf("\n*******************************************\n"); 18 | printf("Test SHA-256 Hash DRBG without prediction resistance:\n"); 19 | if ( error_code = test_sha256_hash_drbg_without_prediction_resistance() ) 20 | { 21 | printf("Generating random bytes test failed!\n"); 22 | printf("Error code: 0x%x", error_code); 23 | return error_code; 24 | } 25 | printf("Generating random bytes test succeeded!\n"); 26 | 27 | printf("\n*******************************************\n"); 28 | printf("Test SHA-256 Hash DRBG with prediction resistance:\n"); 29 | if ( error_code = test_sha256_hash_drbg_with_prediction_resistance() ) 30 | { 31 | printf("Generating random bytes test failed!\n"); 32 | printf("Error code: 0x%x", error_code); 33 | return error_code; 34 | } 35 | printf("Generating random bytes test succeeded!\n"); 36 | 37 | printf("\n*******************************************\n"); 38 | printf("Test SHA-512 Hash DRBG without prediction resistance:\n"); 39 | if ( error_code = test_sha512_hash_drbg_without_prediction_resistance() ) 40 | { 41 | printf("Generating random bytes test failed!\n"); 42 | printf("Error code: 0x%x", error_code); 43 | return error_code; 44 | } 45 | printf("Generating random bytes test succeeded!\n"); 46 | 47 | printf("\n*******************************************\n"); 48 | printf("Test SHA-512 Hash DRBG with prediction resistance:\n"); 49 | if ( error_code = test_sha512_hash_drbg_with_prediction_resistance() ) 50 | { 51 | printf("Generating random bytes test failed!\n"); 52 | printf("Error code: 0x%x", error_code); 53 | return error_code; 54 | } 55 | printf("Generating random bytes test succeeded!\n"); 56 | 57 | #if defined(_WIN32) || defined(_WIN64) 58 | system("pause"); 59 | #endif 60 | return 0; 61 | } 62 | -------------------------------------------------------------------------------- /test_hash_drbg.c: -------------------------------------------------------------------------------- 1 | /************************************************** 2 | * File name: test_hash_drbg.c 3 | * Author: HAN Wei 4 | * Author's blog: https://blog.csdn.net/henter/ 5 | * Date: Feb 10th, 2019 6 | * Description: implement hash DRBG test functions 7 | **************************************************/ 8 | 9 | #include 10 | #include 11 | #include "hash_drbg_error_codes.h" 12 | #include "hash_drbg.h" 13 | #include "test_hash_drbg.h" 14 | 15 | int test_sha256_hash_drbg_without_prediction_resistance(void) 16 | { 17 | int error_code; 18 | 19 | unsigned char entropy[] = {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 20 | 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x10, 0x11, 0x12, 0x13, 21 | 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 22 | 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 23 | 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 24 | 0x35, 0x36}; 25 | 26 | unsigned char nonce[] = {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27}; 27 | 28 | unsigned char personal_str[] = {0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 29 | 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 30 | 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 31 | 0x5F, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 32 | 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76}; 33 | 34 | unsigned char additional_input[] = {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 35 | 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D,0x6E, 0x6F, 0x70, 0x71, 0x72, 36 | 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 37 | 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 38 | 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96}; 39 | 40 | unsigned char additional_input2[] = {0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 41 | 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 42 | 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 43 | 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 44 | 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6}; 45 | 46 | unsigned int entropy_len, nonce_len, personal_str_len, additional_input_len, additional_input2_len; 47 | unsigned char random_bytes[64]; 48 | unsigned int random_bytes_len; 49 | const EVP_MD *md; 50 | HASH_DRBG_CTX *drbg_ctx; 51 | int i; 52 | 53 | printf("\n****************************************************\n"); 54 | printf("First call to generate random bytes.\n"); 55 | entropy_len = sizeof(entropy); 56 | nonce_len = sizeof(nonce); 57 | personal_str_len = sizeof(personal_str); 58 | additional_input_len = sizeof(additional_input); 59 | additional_input2_len = sizeof(additional_input2); 60 | random_bytes_len = sizeof(random_bytes); 61 | md = EVP_sha256(); 62 | 63 | if ( !(drbg_ctx = hash_drbg_ctx_new()) ) 64 | { 65 | return MEMOMY_ALLOCATION_FAIL; 66 | } 67 | 68 | if ( error_code = hash_drbg_instantiate(md, 69 | entropy, 70 | entropy_len, 71 | nonce, 72 | nonce_len, 73 | personal_str, 74 | personal_str_len, 75 | drbg_ctx) ) 76 | { 77 | hash_drbg_ctx_free(drbg_ctx); 78 | return error_code; 79 | } 80 | 81 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 82 | random_bytes_len, 83 | additional_input, 84 | additional_input_len, 85 | random_bytes) ) 86 | { 87 | hash_drbg_ctx_free(drbg_ctx); 88 | return error_code; 89 | } 90 | 91 | printf("Generated bytes:\n"); 92 | for (i = 0; i < (int)random_bytes_len; i++) 93 | { 94 | printf("0x%x ", random_bytes[i]); 95 | } 96 | printf("\n"); 97 | 98 | printf("\n****************************************************\n"); 99 | printf("Second call to generate random bytes.\n"); 100 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 101 | random_bytes_len, 102 | additional_input2, 103 | additional_input2_len, 104 | random_bytes) ) 105 | { 106 | hash_drbg_ctx_free(drbg_ctx); 107 | return error_code; 108 | } 109 | 110 | printf("Generated bytes:\n"); 111 | for (i = 0; i < (int)random_bytes_len; i++) 112 | { 113 | printf("0x%x ", random_bytes[i]); 114 | } 115 | printf("\n"); 116 | 117 | hash_drbg_ctx_free(drbg_ctx); 118 | return 0; 119 | } 120 | 121 | int test_sha256_hash_drbg_with_prediction_resistance(void) 122 | { 123 | int error_code; 124 | 125 | unsigned char entropy[] = {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 126 | 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x10, 0x11, 0x12, 0x13, 127 | 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 128 | 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 129 | 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 130 | 0x35, 0x36}; 131 | 132 | unsigned char entropy_1[] = {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 133 | 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 134 | 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 135 | 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 136 | 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6}; 137 | 138 | unsigned char entropy_2[] = {0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 139 | 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 140 | 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 141 | 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 142 | 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6}; 143 | 144 | unsigned char nonce[] = {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27}; 145 | 146 | unsigned int entropy_len, entropy_1_len, entropy_2_len, nonce_len; 147 | unsigned char random_bytes[64]; 148 | unsigned int random_bytes_len; 149 | const EVP_MD *md; 150 | HASH_DRBG_CTX *drbg_ctx; 151 | int i; 152 | 153 | printf("\n****************************************************\n"); 154 | printf("First call to generate random bytes.\n"); 155 | entropy_len = sizeof(entropy); 156 | entropy_1_len = sizeof(entropy_1); 157 | entropy_2_len = sizeof(entropy_2); 158 | nonce_len = sizeof(nonce); 159 | 160 | random_bytes_len = sizeof(random_bytes); 161 | md = EVP_sha256(); 162 | 163 | if ( !(drbg_ctx = hash_drbg_ctx_new()) ) 164 | { 165 | return MEMOMY_ALLOCATION_FAIL; 166 | } 167 | 168 | if ( error_code = hash_drbg_instantiate(md, 169 | entropy, 170 | entropy_len, 171 | nonce, 172 | nonce_len, 173 | NULL, 174 | 0, 175 | drbg_ctx) ) 176 | { 177 | hash_drbg_ctx_free(drbg_ctx); 178 | return error_code; 179 | } 180 | 181 | if ( error_code = reseed_hash_drbg(drbg_ctx, 182 | entropy_1, 183 | entropy_1_len, 184 | NULL, 185 | 0) ) 186 | { 187 | hash_drbg_ctx_free(drbg_ctx); 188 | return error_code; 189 | } 190 | 191 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 192 | random_bytes_len, 193 | NULL, 194 | 0, 195 | random_bytes) ) 196 | { 197 | hash_drbg_ctx_free(drbg_ctx); 198 | return error_code; 199 | } 200 | 201 | printf("Generated bytes:\n"); 202 | for (i = 0; i < (int)random_bytes_len; i++) 203 | { 204 | printf("0x%x ", random_bytes[i]); 205 | } 206 | printf("\n"); 207 | 208 | printf("\n****************************************************\n"); 209 | printf("Second call to generate random bytes.\n"); 210 | if ( error_code = reseed_hash_drbg(drbg_ctx, 211 | entropy_2, 212 | entropy_2_len, 213 | NULL, 214 | 0) ) 215 | { 216 | hash_drbg_ctx_free(drbg_ctx); 217 | return error_code; 218 | } 219 | 220 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 221 | random_bytes_len, 222 | NULL, 223 | 0, 224 | random_bytes) ) 225 | { 226 | hash_drbg_ctx_free(drbg_ctx); 227 | return error_code; 228 | } 229 | 230 | printf("Generated bytes:\n"); 231 | for (i = 0; i < (int)random_bytes_len; i++) 232 | { 233 | printf("0x%x ", random_bytes[i]); 234 | } 235 | printf("\n"); 236 | 237 | hash_drbg_ctx_free(drbg_ctx); 238 | return 0; 239 | } 240 | 241 | int test_sha512_hash_drbg_without_prediction_resistance(void) 242 | { 243 | int error_code; 244 | 245 | unsigned char entropy[] = {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 246 | 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x10, 0x11, 0x12, 0x13, 247 | 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 248 | 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 249 | 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 250 | 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 251 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 252 | 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 253 | 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 0x60, 254 | 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 255 | 0x6C, 0x6D, 0x6E}; 256 | 257 | unsigned char nonce[] = {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 258 | 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F}; 259 | 260 | unsigned char additional_input_1[] = {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 261 | 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D,0x6E, 0x6F, 0x70, 0x71, 0x72, 262 | 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 263 | 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 264 | 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 265 | 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 266 | 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 267 | 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 268 | 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 269 | 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE}; 270 | 271 | unsigned char additional_input_2[] = {0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 272 | 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 273 | 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 274 | 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 275 | 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 276 | 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 277 | 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 278 | 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 279 | 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 280 | 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE}; 281 | 282 | unsigned int entropy_len, nonce_len, additional_input_1_len, additional_input_2_len; 283 | unsigned char random_bytes[128]; 284 | unsigned int random_bytes_len; 285 | const EVP_MD *md; 286 | HASH_DRBG_CTX *drbg_ctx; 287 | int i; 288 | 289 | printf("\n****************************************************\n"); 290 | printf("First call to generate random bytes.\n"); 291 | entropy_len = sizeof(entropy); 292 | nonce_len = sizeof(nonce); 293 | additional_input_1_len = sizeof(additional_input_1); 294 | additional_input_2_len = sizeof(additional_input_2); 295 | random_bytes_len = sizeof(random_bytes); 296 | md = EVP_sha512(); 297 | 298 | if ( !(drbg_ctx = hash_drbg_ctx_new()) ) 299 | { 300 | return MEMOMY_ALLOCATION_FAIL; 301 | } 302 | 303 | if ( error_code = hash_drbg_instantiate(md, 304 | entropy, 305 | entropy_len, 306 | nonce, 307 | nonce_len, 308 | NULL, 309 | 0, 310 | drbg_ctx) ) 311 | { 312 | hash_drbg_ctx_free(drbg_ctx); 313 | return error_code; 314 | } 315 | 316 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 317 | random_bytes_len, 318 | additional_input_1, 319 | additional_input_1_len, 320 | random_bytes) ) 321 | { 322 | hash_drbg_ctx_free(drbg_ctx); 323 | return error_code; 324 | } 325 | 326 | printf("Generated bytes:\n"); 327 | for (i = 0; i < (int)random_bytes_len; i++) 328 | { 329 | printf("0x%x ", random_bytes[i]); 330 | } 331 | printf("\n"); 332 | 333 | printf("\n****************************************************\n"); 334 | printf("Second call to generate random bytes.\n"); 335 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 336 | random_bytes_len, 337 | additional_input_2, 338 | additional_input_2_len, 339 | random_bytes) ) 340 | { 341 | hash_drbg_ctx_free(drbg_ctx); 342 | return error_code; 343 | } 344 | 345 | printf("Generated bytes:\n"); 346 | for (i = 0; i < (int)random_bytes_len; i++) 347 | { 348 | printf("0x%x ", random_bytes[i]); 349 | } 350 | printf("\n"); 351 | 352 | hash_drbg_ctx_free(drbg_ctx); 353 | return 0; 354 | } 355 | 356 | int test_sha512_hash_drbg_with_prediction_resistance(void) 357 | { 358 | int error_code; 359 | 360 | unsigned char entropy[] = {0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 361 | 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x10, 0x11, 0x12, 0x13, 362 | 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 363 | 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 364 | 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 365 | 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 366 | 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 367 | 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 368 | 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 0x60, 369 | 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 370 | 0x6C, 0x6D, 0x6E}; 371 | 372 | unsigned char entropy_1[] = {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 373 | 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 374 | 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 375 | 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 376 | 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 377 | 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 378 | 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 379 | 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 380 | 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 381 | 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE}; 382 | 383 | unsigned char entropy_2[] = {0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 384 | 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 385 | 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 386 | 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 387 | 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 388 | 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x0, 0x1, 0x2, 0x3, 389 | 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0x10, 0x11, 390 | 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 391 | 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 392 | 0x2A, 0x2B, 0x2C, 0x2D, 0x2E}; 393 | 394 | unsigned char nonce[] = {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 395 | 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F}; 396 | 397 | unsigned char personal_str[] = {0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 398 | 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 399 | 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 400 | 0x5F, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 401 | 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 402 | 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F, 0x80, 0x81, 0x82, 403 | 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 404 | 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9A, 405 | 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 406 | 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE}; 407 | 408 | unsigned char additional_input_1[] = {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 409 | 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D,0x6E, 0x6F, 0x70, 0x71, 0x72, 410 | 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 411 | 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 412 | 0x8B, 0x8C, 0x8D, 0x8E, 0x8F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 413 | 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F, 0xA0, 0xA1, 0xA2, 414 | 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 415 | 0xAF, 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 416 | 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 417 | 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE}; 418 | 419 | unsigned char additional_input_2[] = {0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 420 | 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0xB0, 0xB1, 0xB2, 421 | 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 422 | 0xBF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 423 | 0xCB, 0xCC, 0xCD, 0xCE, 0xCF, 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 424 | 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 425 | 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 426 | 0xEF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 427 | 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 428 | 0x8, 0x9, 0xA, 0xB, 0xC, 0xD, 0xE}; 429 | 430 | unsigned int entropy_len, entropy_1_len, entropy_2_len, nonce_len; 431 | unsigned int personal_str_len, additional_input_1_len, additional_input_2_len; 432 | unsigned char random_bytes[128]; 433 | unsigned int random_bytes_len; 434 | const EVP_MD *md; 435 | HASH_DRBG_CTX *drbg_ctx; 436 | int i; 437 | 438 | printf("\n****************************************************\n"); 439 | printf("First call to generate random bytes.\n"); 440 | entropy_len = sizeof(entropy); 441 | entropy_1_len = sizeof(entropy_1); 442 | entropy_2_len = sizeof(entropy_2); 443 | nonce_len = sizeof(nonce); 444 | personal_str_len = sizeof(personal_str); 445 | additional_input_1_len = sizeof(additional_input_1); 446 | additional_input_2_len = sizeof(additional_input_2); 447 | 448 | random_bytes_len = sizeof(random_bytes); 449 | md = EVP_sha512(); 450 | 451 | if ( !(drbg_ctx = hash_drbg_ctx_new()) ) 452 | { 453 | return MEMOMY_ALLOCATION_FAIL; 454 | } 455 | 456 | if ( error_code = hash_drbg_instantiate(md, 457 | entropy, 458 | entropy_len, 459 | nonce, 460 | nonce_len, 461 | personal_str, 462 | personal_str_len, 463 | drbg_ctx) ) 464 | { 465 | hash_drbg_ctx_free(drbg_ctx); 466 | return error_code; 467 | } 468 | 469 | if ( error_code = reseed_hash_drbg(drbg_ctx, 470 | entropy_1, 471 | entropy_1_len, 472 | additional_input_1, 473 | additional_input_1_len) ) 474 | { 475 | hash_drbg_ctx_free(drbg_ctx); 476 | return error_code; 477 | } 478 | 479 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 480 | random_bytes_len, 481 | NULL, 482 | 0, 483 | random_bytes) ) 484 | { 485 | hash_drbg_ctx_free(drbg_ctx); 486 | return error_code; 487 | } 488 | 489 | printf("Generated bytes:\n"); 490 | for (i = 0; i < (int)random_bytes_len; i++) 491 | { 492 | printf("0x%x ", random_bytes[i]); 493 | } 494 | printf("\n"); 495 | 496 | printf("\n****************************************************\n"); 497 | printf("Second call to generate random bytes.\n"); 498 | if ( error_code = reseed_hash_drbg(drbg_ctx, 499 | entropy_2, 500 | entropy_2_len, 501 | additional_input_2, 502 | additional_input_2_len) ) 503 | { 504 | hash_drbg_ctx_free(drbg_ctx); 505 | return error_code; 506 | } 507 | 508 | if ( error_code = gen_rnd_bytes_with_hash_drbg(drbg_ctx, 509 | random_bytes_len, 510 | NULL, 511 | 0, 512 | random_bytes) ) 513 | { 514 | hash_drbg_ctx_free(drbg_ctx); 515 | return error_code; 516 | } 517 | 518 | printf("Generated bytes:\n"); 519 | for (i = 0; i < (int)random_bytes_len; i++) 520 | { 521 | printf("0x%x ", random_bytes[i]); 522 | } 523 | printf("\n"); 524 | 525 | hash_drbg_ctx_free(drbg_ctx); 526 | return 0; 527 | } 528 | -------------------------------------------------------------------------------- /test_hash_drbg.h: -------------------------------------------------------------------------------- 1 | /************************************************** 2 | * File name: test_hash_drbg.h 3 | * Author: HAN Wei 4 | * Author's blog: https://blog.csdn.net/henter/ 5 | * Date: Feb 10th, 2019 6 | * Description: declare hash DRBG test functions 7 | **************************************************/ 8 | 9 | #ifndef HEADER_HASH_DRBG_TEST_FUNCTIONS_H 10 | #define HEADER_HASH_DRBG_TEST_FUNCTIONS_H 11 | 12 | #ifdef __cplusplus 13 | extern "C" { 14 | #endif 15 | 16 | /************************************************** 17 | * Name: test_sha256_hash_drbg_without_prediction_resistance 18 | * Function: evaluate Hash_DRBG output based on SHA-256 19 | * Return value: 20 | 0: function executes successfully 21 | any other value: an error occurs 22 | * Notes: 23 | Test data are excerpted from the document provided by NIST. 24 | See test_data_1.txt for details. 25 | **************************************************/ 26 | int test_sha256_hash_drbg_without_prediction_resistance(void); 27 | 28 | /************************************************** 29 | * Name: test_sha256_hash_drbg_with_prediction_resistance 30 | * Function: evaluate Hash_DRBG output based on SHA-256 31 | * Return value: 32 | 0: function executes successfully 33 | any other value: an error occurs 34 | * Notes: 35 | Test data are excerpted from the document provided by NIST. 36 | See test_data_2.txt for details. 37 | **************************************************/ 38 | int test_sha256_hash_drbg_with_prediction_resistance(void); 39 | 40 | /************************************************** 41 | * Name: test_sha512_hash_drbg_without_prediction_resistance 42 | * Function: evaluate Hash_DRBG output based on SHA-512 43 | * Return value: 44 | 0: function executes successfully 45 | any other value: an error occurs 46 | * Notes: 47 | Test data are excerpted from the document provided by NIST. 48 | See test_data_3.txt for details. 49 | **************************************************/ 50 | int test_sha512_hash_drbg_without_prediction_resistance(void); 51 | 52 | /************************************************** 53 | * Name: test_sha512_hash_drbg_with_prediction_resistance 54 | * Function: evaluate Hash_DRBG output based on SHA-512 55 | * Return value: 56 | 0: function executes successfully 57 | any other value: an error occurs 58 | * Notes: 59 | Test data are excerpted from the document provided by NIST. 60 | See test_data_4.txt for details. 61 | **************************************************/ 62 | int test_sha512_hash_drbg_with_prediction_resistance(void); 63 | 64 | #ifdef __cplusplus 65 | } 66 | #endif 67 | 68 | #endif /* end of HEADER_HASH_DRBG_TEST_FUNCTIONS_H */ --------------------------------------------------------------------------------