From: Eric Biggers Date: Wed, 6 May 2026 00:02:58 +0000 (-0700) Subject: crypto: drbg - Remove support for "prediction resistance" X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd13e630f9d03510012f1a530f08e9cf533e946a;p=thirdparty%2Fkernel%2Flinux.git crypto: drbg - Remove support for "prediction resistance" "Prediction resistance", i.e. the property that the RNG's output is unpredictable even after a state compromise, might sound like a nice property to have. In reality, it's not very practical, as it requires that fresh entropy be pulled on every request. (The normal Linux RNG doesn't provide prediction resistance.) In the case of drbg.c, that means pulling from "jitterentropy", which is extremely slow. For some perspective, running a simple benchmark, generating 32 random bytes takes the following amount of time: get_random_bytes(): 90 ns drbg_nopr_hmac_sha512: 3707 ns drbg_pr_hmac_sha512: 773082 ns So at least in this case, the "pr" (prediction-resistant) DRBG is over 200 times slower than the "nopr" (non-prediction-resistant) DRBG, or over 8000 times slower than the normal Linux RNG. While anyone using drbg.c has always had to tolerate that it's slower than the normal Linux RNG, the "pr" DRBG is clearly at another level of slowness. Thus, the following is also entirely unsurprising: - FIPS 140-3 doesn't actually require that SP800-90A DRBG implementations support prediction resistance. The non-prediction resistant DRBGs can be, and have been, certified. - drbg.c registers "drbg_nopr_hmac_sha512" with a higher cra_priority than "drbg_pr_hmac_sha512". So "drbg_nopr_hmac_sha512" is already the one actually being used in practice. Given these considerations, it's clear that "drbg_pr_hmac_sha512" isn't actually useful, and it essentially just existed as another curiosity in the museum of crypto algorithms. Remove it to simplify the code. Suggested-by: Joachim Vandersmissen Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- diff --git a/crypto/drbg.c b/crypto/drbg.c index ab443be199a0f..d66c7211d6bb0 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1,7 +1,6 @@ /* * DRBG: Deterministic Random Bits Generator - * Implementation of the HMAC SHA-512 DRBG from NIST SP800-90A, - * both with and without prediction resistance + * Implementation of the HMAC SHA-512 DRBG from NIST SP800-90A * * Copyright Stephan Mueller , 2014 * Copyright 2026 Google LLC @@ -131,7 +130,6 @@ struct drbg_state { /* Number of RNG requests since last reseed -- 10.1.2.1 1c */ size_t reseed_ctr; bool instantiated; - bool pr; /* Prediction resistance enabled? */ struct crypto_rng *jent; const u8 *test_entropy; size_t test_entropylen; @@ -370,9 +368,8 @@ static int drbg_generate(struct drbg_state *drbg, u8 *out, size_t outlen, * drbg_seed() then too, since drbg_hmac_generate() adds bytes from * random.c to the additional input, which is a de facto reseed anyway. */ - if (drbg->pr || drbg->reseed_ctr > DRBG_MAX_REQUESTS) { - pr_devel("DRBG: reseeding before generation (prediction resistance: %s)\n", - str_true_false(drbg->pr)); + if (drbg->reseed_ctr > DRBG_MAX_REQUESTS) { + pr_devel("DRBG: reseeding before generation\n"); /* 9.3.1 steps 7.1 through 7.3 */ err = drbg_seed(drbg, addtl, addtl_len, true); if (err) @@ -431,14 +428,13 @@ static void drbg_kcapi_set_entropy(struct crypto_rng *tfm, /* Seed (i.e. instantiate) or re-seed the DRBG. */ static int drbg_kcapi_seed(struct crypto_rng *tfm, - const u8 *pers, size_t pers_len, bool pr) + const u8 *pers, unsigned int pers_len) { static const u8 initial_key[DRBG_STATE_LEN]; /* all zeroes */ struct drbg_state *drbg = crypto_rng_ctx(tfm); int ret; - pr_devel("DRBG: Initializing DRBG with prediction resistance %s\n", - str_enabled_disabled(pr)); + pr_devel("DRBG: Initializing DRBG\n"); guard(mutex)(&drbg->drbg_mutex); if (drbg->instantiated) @@ -447,13 +443,12 @@ static int drbg_kcapi_seed(struct crypto_rng *tfm, /* 9.1 step 1 is implicit with the selected DRBG type */ /* - * 9.1 step 2 is implicit as caller can select prediction resistance - * all DRBG types support prediction resistance + * 9.1 step 2 is implicit, as this implementation doesn't support + * prediction resistance */ /* 9.1 step 4 is implicit in DRBG_SEC_STRENGTH */ - drbg->pr = pr; memset(drbg->V, 1, DRBG_STATE_LEN); hmac_sha512_preparekey(&drbg->key, initial_key, DRBG_STATE_LEN); @@ -479,18 +474,6 @@ static int drbg_kcapi_seed(struct crypto_rng *tfm, return 0; } -static int drbg_kcapi_seed_pr(struct crypto_rng *tfm, - const u8 *seed, unsigned int slen) -{ - return drbg_kcapi_seed(tfm, seed, slen, /* pr= */ true); -} - -static int drbg_kcapi_seed_nopr(struct crypto_rng *tfm, - const u8 *seed, unsigned int slen) -{ - return drbg_kcapi_seed(tfm, seed, slen, /* pr= */ false); -} - /* * Generate random numbers invoked by the kernel crypto API: * @@ -589,31 +572,17 @@ static inline int __init drbg_healthcheck_sanity(void) return 0; } -static struct rng_alg drbg_algs[] = { - { - .base.cra_name = "stdrng", - .base.cra_driver_name = "drbg_pr_hmac_sha512", - .base.cra_priority = 200, - .base.cra_ctxsize = sizeof(struct drbg_state), - .base.cra_module = THIS_MODULE, - .base.cra_init = drbg_kcapi_init, - .set_ent = drbg_kcapi_set_entropy, - .seed = drbg_kcapi_seed_pr, - .generate = drbg_kcapi_generate, - .base.cra_exit = drbg_kcapi_exit, - }, - { - .base.cra_name = "stdrng", - .base.cra_driver_name = "drbg_nopr_hmac_sha512", - .base.cra_priority = 201, - .base.cra_ctxsize = sizeof(struct drbg_state), - .base.cra_module = THIS_MODULE, - .base.cra_init = drbg_kcapi_init, - .set_ent = drbg_kcapi_set_entropy, - .seed = drbg_kcapi_seed_nopr, - .generate = drbg_kcapi_generate, - .base.cra_exit = drbg_kcapi_exit, - }, +static struct rng_alg drbg_alg = { + .base.cra_name = "stdrng", + .base.cra_driver_name = "drbg_nopr_hmac_sha512", + .base.cra_priority = 201, + .base.cra_ctxsize = sizeof(struct drbg_state), + .base.cra_module = THIS_MODULE, + .base.cra_init = drbg_kcapi_init, + .set_ent = drbg_kcapi_set_entropy, + .seed = drbg_kcapi_seed, + .generate = drbg_kcapi_generate, + .base.cra_exit = drbg_kcapi_exit, }; static int __init drbg_init(void) @@ -625,20 +594,18 @@ static int __init drbg_init(void) return ret; /* - * In FIPS mode, boost the algorithm priorities to ensure that when - * users request "stdrng", they really get an algorithm from here. + * In FIPS mode, boost the algorithm priority to ensure that when users + * request "stdrng", they really get the algorithm from here. */ - if (fips_enabled) { - for (size_t i = 0; i < ARRAY_SIZE(drbg_algs); i++) - drbg_algs[i].base.cra_priority += 2000; - } + if (fips_enabled) + drbg_alg.base.cra_priority += 2000; - return crypto_register_rngs(drbg_algs, ARRAY_SIZE(drbg_algs)); + return crypto_register_rng(&drbg_alg); } static void __exit drbg_exit(void) { - crypto_unregister_rngs(drbg_algs, ARRAY_SIZE(drbg_algs)); + crypto_unregister_rng(&drbg_alg); } module_init(drbg_init); @@ -647,5 +614,4 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Stephan Mueller "); MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random Bit Generator (DRBG)"); MODULE_ALIAS_CRYPTO("stdrng"); -MODULE_ALIAS_CRYPTO("drbg_pr_hmac_sha512"); MODULE_ALIAS_CRYPTO("drbg_nopr_hmac_sha512"); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 9059bea7a5b03..a3e80de91d4d6 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3481,8 +3481,8 @@ static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, return err; } -static int drbg_cavs_test(const struct drbg_testvec *test, int pr, - const char *driver, u32 type, u32 mask) +static int drbg_cavs_test(const struct drbg_testvec *test, const char *driver, + u32 type, u32 mask) { int ret = -EAGAIN; struct crypto_rng *drng; @@ -3519,8 +3519,6 @@ static int drbg_cavs_test(const struct drbg_testvec *test, int pr, } } - if (pr) - crypto_rng_set_entropy(drng, test->entpra, test->entprlen); ret = crypto_rng_generate(drng, test->addtla, test->addtllen, buf, test->expectedlen); if (ret < 0) { @@ -3529,8 +3527,6 @@ static int drbg_cavs_test(const struct drbg_testvec *test, int pr, goto outbuf; } - if (pr) - crypto_rng_set_entropy(drng, test->entprb, test->entprlen); ret = crypto_rng_generate(drng, test->addtlb, test->addtllen, buf, test->expectedlen); if (ret < 0) { @@ -3552,16 +3548,12 @@ static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { int err = 0; - int pr = 0; int i = 0; const struct drbg_testvec *template = desc->suite.drbg.vecs; unsigned int tcount = desc->suite.drbg.count; - if (0 == memcmp(driver, "drbg_pr_", 8)) - pr = 1; - for (i = 0; i < tcount; i++) { - err = drbg_cavs_test(&template[i], pr, driver, type, mask); + err = drbg_cavs_test(&template[i], driver, type, mask); if (err) { printk(KERN_ERR "alg: drbg: Test %d failed for %s\n", i, driver); @@ -4656,13 +4648,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .drbg = __VECS(drbg_nopr_hmac_sha512_tv_template) } - }, { - .alg = "drbg_pr_hmac_sha512", - .test = alg_test_drbg, - .fips_allowed = 1, - .suite = { - .drbg = __VECS(drbg_pr_hmac_sha512_tv_template) - } }, { .alg = "ecb(aes)", .generic_driver = "ecb(aes-lib)", diff --git a/crypto/testmgr.h b/crypto/testmgr.h index c47203f73fd18..b7dcf40af6dbe 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -133,9 +133,6 @@ struct drbg_testvec { size_t addtl_reseed_len; /* Generate (twice) */ - const unsigned char *entpra; - const unsigned char *entprb; - size_t entprlen; const unsigned char *addtla; const unsigned char *addtlb; size_t addtllen; @@ -23433,205 +23430,6 @@ static const struct aead_testvec aegis128_tv_template[] = { }, }; -static const struct drbg_testvec drbg_pr_hmac_sha512_tv_template[] = { - /* - * Borrowed from the first applicable test vector from ACVP: - * https://github.com/usnistgov/ACVP-Server/blob/v1.1.0.33/gen-val/json-files/hmacDRBG-1.0/prompt.json#L1161 - * https://github.com/usnistgov/ACVP-Server/blob/v1.1.0.33/gen-val/json-files/hmacDRBG-1.0/expectedResults.json#L271 - */ - { - /* .entropy = ACVP entropyInput || nonce */ - .entropy = "\x9B\xE9\xB2\x87\xA3\x9A\x08\x44\x1D\x67\x82\x20" - "\xC9\x53\xFB\xEB\xA4\xB9\x0F\x44\x0B\x98\x33\x18" - "\xAC\x6E\x25\x4A\x85\x83\x2D\x26\x21\x9F\x93\x64" - "\xC8\x5A\x5F\x72\xDB\x88\x45\x96\x71\x41\xF4\xBF" - "\x6E\xA7\x98\x00\x9D\xD1\x0C\x2E\x4D\x7A\xE2\x03" - "\x0D\xE3\xCD\x62\xFE\xF3\x62\xBD\x12\x69\x92\x3D" - "\xBA\xAC\x15\x17\xC7\x80\x93\x8E\x72\x32\x2D\x52" - "\xE5\x2C\x19\x84\x5C\xA5\xCE\x5B\x98\x19\x1F\xF1" - "\x9F\x0C\x17\x04\xD0\x66\xF1\x9B\xFA\x7E\x2C\xB6" - "\x55\x68\xD4\x1B\xD6\x7A\x1D\x2C\xD4\x6D\x6E\x15" - "\xF7\x32\x23\x04\x05\x8C\xBB\xE6\x63\x6B\x80\x9B" - "\x9C\x69\x09\x8F\x5F\x02\xBF\x53\x42\x11\xB7\x80" - "\xAA\xD4\xE8\x54\x00\x83\x5C\x20\xA8\xB3\x6E\xD9" - "\xF5\x51\x9E\xB9\xD1\x6E\xC7\x0C\xE9\x7F\xF0\xBF" - "\xCE\x1D\xB0\x31\x8D\x16\xC9\x65\x0C\x18\x55\xA4" - "\x46\x8D\x54\x2B\x78\x69\x1B\x8C\x29\xD7\xAC\x0F" - "\x34\x4D\x69\x0B\x76\xC3\x98\x00\x78\x2F\xE2\x54" - "\xAF\xD5\x8A\xC3\x40\x97\xB1\xA2\x60\xD3\x07\x3B" - "\x7A\x3E\xD0\x82\x80\x68\xEE\xB0\x72\x5F\x07\x17" - "\xD9\x0A\xFC\xBD\xBA\xB6\x77\x4E\xC9\xCE\x6A\x48" - "\xEB\x9C\xF5\x18\x88\x1E\x6E\x3B\x65\x43\x16\x73" - "\x80\x53\xB7\xF0\x7E\xAB\x23\x19\x1E\x75\x60\x36" - "\xAF\x39\xC0\xCF\x0F\x6D\x7F\x90\xB2\x50\xD5\x37" - "\x58\x6D\x5C\x95\x78\x25\x8D\x3A\x40\xAB\xF6\x7B" - "\x85\x86\xBB\x48\x5E\x1C\x99\xC1\xD3\x4E\x85\xE5" - "\xB4\xE7\x61\xF3\x7D\x56\x1F\x77\xCF\x3C\x76\x3A" - "\xF4\x82\x36\xB7\x37\x33\x84\x34\xBA\x0E\xE2\xE1" - "\xAF\x0C\xD2\xAE\x97\x5C\x80\xD4\xD2\xFD\x37\x71" - "\xC8\x70\x04\x29\x8B\x44\xB9\xD7\xC9\x8F\xE7\x99" - "\x94\x9E\xFC\x49\x66\x24\xCB\x8B\x41\x40\x66\xC5" - "\xA4\x00\xD5\x3F\x68\xDD\xB5\xA5\x62\x96\x7C\xAC" - "\x63\x58\x95\x85\x99\x24\x21\x15\xD2\x76\xAF\x6D", - .entropylen = 384, - .pers = "\xDD\x07\x10\x10\x17\x34\xD5\xBD\x43\xAF\x03\x79\xE4" - "\x64\x2C\x58\x06\xEA\xE0\x39\xDA\x42\x96\x16\x0B\xF9" - "\xB8\xCE\x57\x7D\x53\x67\xBF\xF8\x0C\x40\x02\xB2\x77" - "\x16\xD5\x23\x75\x9F\x6A\x42\x0E\xE8\xCC\xD0\x9F\x40" - "\x64\xE9\x3B\xE9\x48\x13\xC3\x8E\x4B\xAB\xE1\xB9\x4F" - "\x6D\xBB\xF2\x4C\xF8\x29\xA5\x2B\x44\x23\x15\x2C\xDE" - "\x2A\xCF\x88\x04\x7A\x38\x37\xA2\xD5\x7B\xEA\x59\x39" - "\x2C\x58\xA2\x5B\xF9\x39\xA2\x7E\x94\x11\x97\xEC\x47" - "\x08\xD6\xE2\x39\x65\x26\x43\x81\x3F\x1B\x31\xA6\xA4" - "\x1A\x5C\xCD\x02\xCC\x89\x38\x3F\x32\x7C\x0E\x7E\x88" - "\x3B\x6F\x60\x69\xEA\xBA\xAA\x1F\x53\x93\x70\xD7\x48" - "\x74\x91\x79\x5E\xD4\xB0\xD9\x82\x74\x12\xDE\xFE\xFB" - "\x51\x96\x66\x5C\x6A\x53\x11\xAD\x9A\xD4\xFA\x9D\xF0" - "\xE2\x7F\x26\x8F\x6F\xAC\x00\xC8\xDB\xCF\xA5\x8E\xE6" - "\x61\x8F\x36\xD6\x44\x5B\x07\xDA\x9C\x2A\x46\xE3\x03" - "\x1C\xD8\x11\x4F\x61\x1F\xEC\xBA\x12\x68\xB9\x4B\x57" - "\x39\x05\xD6\xEE\xC1\xAC\x3F\x6D\x6F\xE9\xBF\xEA\x36" - "\x1A\x8A\xAA\xF4\xE8\xE0\xDB\xC6\xE5\x06\x9F\xC9\x91" - "\x52\xCD\x53\xD0\x78\xF6\xC1\x7B\x75\x91\x85\x91\x13" - "\x26\xBE\xC9\x02\xDE\xB0\x19\xF2\x71", - .perslen = 256, - - .entpra = "\xDB\xBA\x25\xC7\x02\x0D\x3D\x95\x9C\xEB\xF5\x42" - "\x52\x3A\x6B\xDA\xE8\xAF\xE9\x3D\x76\x2A\x9E\xB5" - "\xD7\xE7\x5D\xC9\xB8\x1F\x3A\xC2\x91\x95\x9D\xFD" - "\xE5\x48\x5F\x63\xD8\x84\x44\x82\x6A\x71\xF9\xDD" - "\xAF\x4B\xE2\x28\xB4\x30\xCF\x78\xB7\x0B\x0F\x61" - "\x71\x16\x1A\xE0\x6D\x5F\xB4\x4B\x17\x1A\x26\xCA" - "\xD8\x9D\x6D\x46\xA3\x56\xC0\xE7\x49\xCF\xE0\xD2" - "\xFF\xA8\x22\x45\xE0\xB4\x18\x0B\x13\x37\x01\x46" - "\xCB\xE7\xD8\x2A\x59\x43\xAD\x90\x1E\xE1\xD0\xD7" - "\x76\xB0\x2D\xCF\x17\x23\x99\x73\x5D\xE5\xC7\x46" - "\x8A\x0D\x8E\xC4\xAB\x45\xAC\xA8\x74\xE4\xF7\xD0" - "\x26\xD7\x0A\xE2\x43\x3D\xB8\xC7\xEE\xAD\x53\x6F" - "\x78\xC3\x51\xC0\xE0\x76\x2A\xC2\xB7\xFE\x02\x64" - "\x25\xF0\xCE\xD7\xA9\xBF\x85\xCA\x20\xA6\x93\x68" - "\xE3\x79\xE9\x88\xA8\x7F\x45\x8D\x71\xB4\xB4\x79" - "\x1C\x56\x68\xF9\xAE\x18\x76\xB9\x3F\xEE\x5B\x2C" - "\xC6\x61\x47\x34\x3B\xC5\x24\x2D\x3C\x6D\x16\x48" - "\x70\xD9\xDB\x2E\xB8\x42\x52\x81\x1C\x94\x39\xF0" - "\xF4\xC0\x8F\x44\xD3\xCF\xD5\xF9\xC1\x59\x61\x83" - "\xAE\xFD\xD0\xC4\x35\xD1\x0E\x55\x46\x5C\xBA\x3D" - "\x5C\x4A\x89\x15\xE8\x1D\x86\x28\xE5\xF5\x31\x0B" - "\x89\x59\xFE\x4A\xC3\x5D\xA5\x2A\x16\x37\x78\x41" - "\x58\x3A\x9E\xA3\xBD\x1F\xE6\x25\xCC\x18\x9E\xD2" - "\x1A\x99\x56\x66\x83\x78\xBB\x27\x3E\x28\xFE\xD4" - "\x74\xCB\x75\x2D\x82\x86\x55\xFB\x1C\xA4\xAF\x3F" - "\x84\x0A\xA0\xA1\x1C\x70\x34\x87\x2E\x73\x15\x38" - "\x8A\x27\xB1\x6C\x33\x95\xE5\x07", - .entprb = "\x38\xF2\xC4\x8F\x4B\x9C\x2F\x03\x67\x8C\x8A\x47" - "\xE1\xF2\x18\xC5\xB8\x4C\x05\x77\x77\x15\xA8\x94" - "\x1F\x1F\x45\x6D\xD0\xEF\x60\x67\x63\x12\x5D\x38" - "\x89\x22\x76\xF5\xF2\xC4\xE1\x15\x26\x7E\x8F\x52" - "\x79\x1E\x96\x71\xCD\xE7\x32\x95\x2B\x4E\xB2\xC2" - "\x92\x21\xC7\x48\xA2\xB1\xC5\x71\x44\x91\xE4\x4F" - "\xBE\xD3\x5E\xA9\xAB\xD3\xE2\xD1\xE2\xD8\x8F\x98" - "\x38\x03\x18\x29\x84\xA2\xCA\x6E\x72\x34\xC9\x51" - "\x6D\x8C\xE8\x09\x50\x71\x2A\x08\xB7\xCF\x74\xE6" - "\x11\xB6\x38\xF5\xBC\x24\xF7\x5B\x73\x34\xD5\x8B" - "\xBB\x15\xE3\x6F\x9A\x9B\x1E\x32\xB9\x6F\x5F\xE3" - "\xC9\x9F\xF6\xD9\x33\x03\xCD\x0D\x8E\xD4\x3F\x67" - "\x11\x65\x0A\x90\x67\x83\xC1\xCC\x70\xB1\xA9\x46" - "\x4B\x5E\x0B\x84\xDC\x02\xBA\x50\x1D\x4A\x5B\xC7" - "\xB4\x5E\xDF\x35\x01\x45\x3D\x64\x5C\x2E\xCD\xA6" - "\x20\xFB\x35\x74\xC0\x7C\x2D\x24\x66\xAB\x38\x12" - "\x38\xCE\x52\xCB\x38\x9B\x95\xDE\x0C\x2A\x8C\x9D" - "\xF7\x81\x48\x9E\xD6\x10\xF1\x83\x71\x44\x53\x2F" - "\xCE\xF3\xEC\xB3\x29\x67\xF1\x41\xFC\xD6\xB6\x49" - "\xE3\x13\x74\x4D\xB2\x3E\xEA\x73\x2B\x03\x68\xAC" - "\x2F\x57\x8C\x58\xEC\x34\xE9\xEF\x18\x36\xDE\xAD" - "\xE9\x48\x1D\xF7\x9E\xB7\xA1\x60\x2E\x78\xF5\x62" - "\x68\xDD\xB8\x5B\x33\x6B\x66\xAD\xA1\xD5\xFB\x46" - "\x5E\x8F\xF8\x9D\x37\xE5\xC2\xD8\x76\xDC\x2B\x6A" - "\x99\x1E\xDF\x91\xB1\x0A\x81\x2A\x9D\xEB\xE7\xE4" - "\xD1\x21\xD4\xDA\x0E\x55\x8A\x14\xB2\xB6\x15\x7D" - "\x48\x52\x6A\xB0\xA2\x92\x4D\x50", - .entprlen = 320, - .addtla = "\xC2\x89\x7C\x07\x46\x74\x02\x2C\xEA\xAD\xFD\x74" - "\x0C\x40\xEF\xA2\x95\x64\x6B\xC4\x2D\xED\xF4\x16" - "\x26\x25\x06\xB3\x36\x6B\xD8\x9A\x5F\xF4\x25\xC1" - "\xC3\x69\x3F\x7A\x19\xB7\x02\xA6\xCC\x3B\xA2\x4E" - "\x05\xA1\x1C\x7B\x2D\xAD\x44\xE7\x4A\x40\x71\x85" - "\xEF\x1C\xE4\xEC\x54\xCA\xB0\xAF\x8F\xF5\x43\xB1" - "\xE0\x99\x71\x71\xD4\x3E\x56\x97\xAA\xF5\xD0\x1A" - "\x58\x2D\x65\x0F\xA4\xB4\xB6\x07\x1B\x1F\x13\x8B" - "\x29\xD6\xE5\x23\xD3\x4D\x43\xD6\xBC\x74\xA8\x92" - "\xBD\xE9\x9B\x01\x47\x8C\xA5\x02\xA8\x0D\xC3\x3A" - "\xED\x83\xFD\xD2\xCB\xFF\x25\x89\x2C\x2F\x5B\x70" - "\x3F\x9E\x24\x50\xF8\x78\x28\x1B\x67\x52\x92\xA2" - "\x87\x81\x07\x40\xA9\x40\xBA\x84\x47\x25\xC1\xF7" - "\x9E\x3B\x4E\xE4\x8F\x10\xE5\x50\x8B\x22\x83\x4F" - "\xCD\x4E\x42\x63\x92\x0A\x5F\xAF\x7A\x9B\x0E\x1A" - "\xE3\xB4\x99\x11\x7F\xE6\x93\xC3\xED\xF1\x9F\x3A", - .addtlb = "\x1E\x75\xB6\x70\x60\xFD\xE6\xD1\xC7\xA5\x74\xCF" - "\xA7\x50\x17\xAE\xDD\xC4\x6E\xC4\xE0\x15\xF0\x3B" - "\xF7\x1C\x46\x45\xEE\x60\x66\x48\x1D\x2C\x36\xCC" - "\x95\x3E\xB7\xEB\x1B\xFF\x8C\xC0\x78\x6D\x56\x3A" - "\xC7\x24\x18\x9E\x7C\xA1\x60\x54\x41\x4B\xAF\x18" - "\xE8\x02\xD1\x54\x65\xEC\x3D\xFD\x8B\xDF\xD2\xF5" - "\x62\xEA\x66\x41\x6A\x32\x87\xA6\x34\x2F\x48\xBF" - "\xB5\xCC\x35\x5A\x2A\xC1\xAB\x68\x34\x1A\xD6\x82" - "\x40\xF7\xF2\x00\x14\x8B\x69\x0F\xE4\xCD\x6B\xB1" - "\xFC\x8B\x16\xEC\xB4\xE3\x33\xBF\x84\x12\x4B\x58" - "\xED\x51\x88\xF5\xEF\xB6\xC3\xCE\x9B\x63\xCC\x80" - "\x1F\x3C\x8A\x67\xEE\xCD\xD2\x01\x25\x22\xAC\xB3" - "\xB6\x9B\x1F\xF8\xE8\x71\xE6\x0D\x78\x11\x3C\x9E" - "\xF2\x57\xDC\xB6\xCF\x90\xD3\xA8\x3E\xCD\x88\xD4" - "\xDC\x1C\x31\x6B\x1F\xC3\x6A\x29\xF0\x7B\x4C\xCC" - "\x6D\x92\x5E\x6F\x0C\x0B\x4D\xA7\x10\x66\x84\x1F", - .addtllen = 192, - - .expected = "\xAA\x76\x91\xAE\x99\xCD\x8D\x83\x49\x9D\xC5\x51" - "\xA5\x95\xC6\x9D\xAD\x4B\x40\x2B\x5F\x8C\x30\x5D" - "\x1E\x89\x58\xD1\x8A\x86\xF9\x61\x2C\x45\x41\x8E" - "\xC5\xC6\x0E\x33\x7C\xFE\x91\x71\xC9\x53\x76\xD6" - "\xC2\x8D\x05\x09\xB8\x2A\x2B\x9B\x36\x1D\x31\xD7" - "\x50\x45\xB1\x08\x58\xC4\x99\x25\xEA\x2F\x18\xDB" - "\x34\x8A\x02\xD8\x38\xDD\x7B\x9E\x0E\xEF\x9C\x45" - "\xC7\x4F\x7E\x36\x3A\x90\x8B\x41\x51\x4A\x1B\xE9" - "\x8A\x61\xE9\xB5\x4E\xA5\xE2\xBD\x16\x59\x61\x0F" - "\x9C\x5A\x63\xA7\x87\x79\x5C\x0A\x16\xDF\x6D\x88" - "\x11\x25\x56\x8B\x5D\xA6\xF8\x4F\xB9\x01\x19\xAE" - "\x57\x3B\xC4\x06\xBB\xE7\xCB\xAF\xB3\x8D\xE2\x40" - "\xED\x42\x29\xB3\x0D\x64\x20\xF2\x66\x58\xB1\xDD" - "\x59\xB1\x39\x7C\xD9\xB2\x34\x08\x53\x9B\x3A\xB7" - "\x18\x35\xD0\x90\x7F\xB5\x30\xF2\x27\xA0\x90\x63" - "\x6F\xF2\x72\x49\xBF\xD0\xAE\x4A\xF4\xCA\xB3\x1A" - "\xAE\x7F\x93\xF3\xB9\x84\x99\x09\x50\xB9\xA0\x43" - "\x4F\x83\x33\x92\xA5\xC7\x25\x44\x6A\x74\xF4\xFA" - "\xBA\x60\x43\x13\x97\x53\x99\x98\xA3\x05\x02\xC1" - "\x03\xDF\x53\x76\x9E\x74\xE7\xA0\xB5\xD7\xA7\x87" - "\x1E\x00\x1D\x29\x47\x8F\x65\x4E\x0F\x76\xCA\xA9" - "\x2A\xC5\x05\x4F\xA6\xFE\x96\xC6\x81\xC0\x55\xFC" - "\x92\x89\xA6\x81\xF0\x37\xF1\x41\xA6\x88\x0B\x01" - "\xE0\xA5\x78\x4C\xF4\x61\xA7\x91\xD8\x4B\xE9\x2C" - "\xF0\x68\xEE\x46\x41\xD2\x74\xE5\x5F\x6F\x1F\xE6" - "\xBE\x5C\xB1\x3C\x60\x1A\xAA\xB9\x88\x3C\xB9\x1C" - "\xCD\x67\x78\x1F\x45\x18\xE7\x8B\xBD\xE4\x24\xDA" - "\xA8\x26\xD1\x03\xF1\xC7\x6B\x28\x62\xAB\x5C\xAB" - "\x98\xCA\xFB\xCB\x0B\x2D\x01\xD9\xC1\xA6\xFA\x91" - "\x71\x3D\x9B\x3B\x60\xEB\xD7\xA2\x61\xC1\x92\x60" - "\xB1\x02\x44\x0C\x97\x70\x77\x83\xF9\x35\xEA\x24" - "\x85\xF8\x0A\x32\xA2\xC7\x05\x40\x90\x83\x4F\x87" - "\x57\x66\xB5\xDE\xEE\xFF\x8B\x01\xBC\x96\xB0\xC5" - "\x29\xB6\xC1\xF0\x11\x31\x51\x11\xB0\xC2\x0F\x08" - "\xCF\x09\x69\x74\xE1\x0D\x6C\x0A\x10\xD0\x73\xF0" - "\x8E\xDC\x5F\xB1\xBD\x47\x8A\xA7\x90\xB3\x08\x86" - "\xD2\xE4\x58\xE5\x68\x33\x67\x3B\x37\xF1\x28\x28" - "\x59\x91\xB5\x5F\x8D\x84\x54\xCE\x18\x76\xE3\x5C" - "\x55\x37\x8E\x10\x34\x9B\x6E\x1F\x73\x88\x31\xBF" - "\x0D\x5C\xED\x7A\xBC\xF2\xCE\x7A\x2E\x2E\xE7\x04" - "\xE7\xF2\x8F\x33\xCC\x06\x77\x96\xBB\xA8\x65\x03" - "\x26\x79\xC0\xF0\x52\x3B\xD4\xF2\x5D\x00\xE4\x80" - "\x7F\x78\xC0\x45\x29\x55\xCA\x63", - .expectedlen = 512, - } -}; - static const struct drbg_testvec drbg_nopr_hmac_sha512_tv_template[] = { /* * Borrowed from the first applicable test vector from ACVP: