DasIch
commented
11 years ago I've added more test vectors from RFC 3962, which also appear to be commonly for testing. Apart from that after taking a look at both OpenSSL and CommonCrypto it seems that neither tests any other methods. It appears that I might have to create some test vectors myself, then again apparently this is not such an important issue.
RFC 6070 which defines the test vectors we are using, only defines test vectors for hmac-sha1. This means that hmac-sha{224,256,384,512} are untested. While we are not implementing the algorithms, the probability that there is an issue on our side should be negligible, nevertheless I would feel more comfortable knowing all methods are covered.
There are test vectors for hmac-sha256 in a rfc draft for scrypt however that is just a draft and I'm not sure how reliable those vectors are.