Mercurial > dropbear

comparison libtomcrypt/src/hashes/sha3_test.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10 /* based on https://github.com/brainhub/SHA3IUF (public domain) */
11
12 #include "tomcrypt.h"
13
14 #ifdef LTC_SHA3
15
16 int sha3_224_test(void)
17 {
18 #ifndef LTC_TEST
19 return CRYPT_NOP;
20 #else
21 unsigned char buf[200], hash[224 / 8];
22 int i;
23 hash_state c;
24 const unsigned char c1 = 0xa3;
25
26 const unsigned char sha3_224_empty[224 / 8] = {
27 0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,
28 0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,
29 0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,
30 0x5b, 0x5a, 0x6b, 0xc7
31 };
32
33 const unsigned char sha3_224_0xa3_200_times[224 / 8] = {
34 0x93, 0x76, 0x81, 0x6a, 0xba, 0x50, 0x3f, 0x72,
35 0xf9, 0x6c, 0xe7, 0xeb, 0x65, 0xac, 0x09, 0x5d,
36 0xee, 0xe3, 0xbe, 0x4b, 0xf9, 0xbb, 0xc2, 0xa1,
37 0xcb, 0x7e, 0x11, 0xe0
38 };
39
40 XMEMSET(buf, c1, sizeof(buf));
41
42 /* SHA3-224 on an empty buffer */
43 sha3_224_init(&c);
44 sha3_done(&c, hash);
45 if (compare_testvector(hash, sizeof(hash), sha3_224_empty, sizeof(sha3_224_empty), "SHA3-224", 0)) {
46 return CRYPT_FAIL_TESTVECTOR;
47 }
48
49 /* SHA3-224 in two steps. [FIPS 202] */
50 sha3_224_init(&c);
51 sha3_process(&c, buf, sizeof(buf) / 2);
52 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
53 sha3_done(&c, hash);
54 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 1)) {
55 return CRYPT_FAIL_TESTVECTOR;
56 }
57
58 /* SHA3-224 byte-by-byte: 200 steps. [FIPS 202] */
59 i = 200;
60 sha3_224_init(&c);
61 while (i--) {
62 sha3_process(&c, &c1, 1);
63 }
64 sha3_done(&c, hash);
65 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 2)) {
66 return CRYPT_FAIL_TESTVECTOR;
67 }
68
69 return CRYPT_OK;
70 #endif
71 }
72
73 int sha3_256_test(void)
74 {
75 #ifndef LTC_TEST
76 return CRYPT_NOP;
77 #else
78 unsigned char buf[200], hash[256 / 8];
79 int i;
80 hash_state c;
81 const unsigned char c1 = 0xa3;
82
83 const unsigned char sha3_256_empty[256 / 8] = {
84 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
85 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
86 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
87 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a
88 };
89 const unsigned char sha3_256_0xa3_200_times[256 / 8] = {
90 0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07,
91 0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf,
92 0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73,
93 0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87
94 };
95
96 XMEMSET(buf, c1, sizeof(buf));
97
98 /* SHA3-256 on an empty buffer */
99 sha3_256_init(&c);
100 sha3_done(&c, hash);
101 if (compare_testvector(hash, sizeof(hash), sha3_256_empty, sizeof(sha3_256_empty), "SHA3-256", 0)) {
102 return CRYPT_FAIL_TESTVECTOR;
103 }
104
105 /* SHA3-256 as a single buffer. [FIPS 202] */
106 sha3_256_init(&c);
107 sha3_process(&c, buf, sizeof(buf));
108 sha3_done(&c, hash);
109 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 1)) {
110 return CRYPT_FAIL_TESTVECTOR;
111 }
112
113 /* SHA3-256 in two steps. [FIPS 202] */
114 sha3_256_init(&c);
115 sha3_process(&c, buf, sizeof(buf) / 2);
116 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
117 sha3_done(&c, hash);
118 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 2)) {
119 return CRYPT_FAIL_TESTVECTOR;
120 }
121
122 /* SHA3-256 byte-by-byte: 200 steps. [FIPS 202] */
123 i = 200;
124 sha3_256_init(&c);
125 while (i--) {
126 sha3_process(&c, &c1, 1);
127 }
128 sha3_done(&c, hash);
129 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 3)) {
130 return CRYPT_FAIL_TESTVECTOR;
131 }
132
133 /* SHA3-256 byte-by-byte: 135 bytes. Input from [Keccak]. Output
134 * matched with sha3sum. */
135 sha3_256_init(&c);
136 sha3_process(&c, (unsigned char*)
137 "\xb7\x71\xd5\xce\xf5\xd1\xa4\x1a"
138 "\x93\xd1\x56\x43\xd7\x18\x1d\x2a"
139 "\x2e\xf0\xa8\xe8\x4d\x91\x81\x2f"
140 "\x20\xed\x21\xf1\x47\xbe\xf7\x32"
141 "\xbf\x3a\x60\xef\x40\x67\xc3\x73"
142 "\x4b\x85\xbc\x8c\xd4\x71\x78\x0f"
143 "\x10\xdc\x9e\x82\x91\xb5\x83\x39"
144 "\xa6\x77\xb9\x60\x21\x8f\x71\xe7"
145 "\x93\xf2\x79\x7a\xea\x34\x94\x06"
146 "\x51\x28\x29\x06\x5d\x37\xbb\x55"
147 "\xea\x79\x6f\xa4\xf5\x6f\xd8\x89"
148 "\x6b\x49\xb2\xcd\x19\xb4\x32\x15"
149 "\xad\x96\x7c\x71\x2b\x24\xe5\x03"
150 "\x2d\x06\x52\x32\xe0\x2c\x12\x74"
151 "\x09\xd2\xed\x41\x46\xb9\xd7\x5d"
152 "\x76\x3d\x52\xdb\x98\xd9\x49\xd3"
153 "\xb0\xfe\xd6\xa8\x05\x2f\xbb", 1080 / 8);
154 sha3_done(&c, hash);
155 if(compare_testvector(hash, sizeof(hash),
156 "\xa1\x9e\xee\x92\xbb\x20\x97\xb6"
157 "\x4e\x82\x3d\x59\x77\x98\xaa\x18"
158 "\xbe\x9b\x7c\x73\x6b\x80\x59\xab"
159 "\xfd\x67\x79\xac\x35\xac\x81\xb5", 256 / 8, "SHA3-256", 4)) {
160 return CRYPT_FAIL_TESTVECTOR;
161 }
162
163 return CRYPT_OK;
164 #endif
165 }
166
167 int sha3_384_test(void)
168 {
169 #ifndef LTC_TEST
170 return CRYPT_NOP;
171 #else
172 unsigned char buf[200], hash[384 / 8];
173 int i;
174 hash_state c;
175 const unsigned char c1 = 0xa3;
176
177 const unsigned char sha3_384_0xa3_200_times[384 / 8] = {
178 0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9,
179 0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b,
180 0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e,
181 0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd,
182 0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98,
183 0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f
184 };
185
186 XMEMSET(buf, c1, sizeof(buf));
187
188 /* SHA3-384 as a single buffer. [FIPS 202] */
189 sha3_384_init(&c);
190 sha3_process(&c, buf, sizeof(buf));
191 sha3_done(&c, hash);
192 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 0)) {
193 return CRYPT_FAIL_TESTVECTOR;
194 }
195
196 /* SHA3-384 in two steps. [FIPS 202] */
197 sha3_384_init(&c);
198 sha3_process(&c, buf, sizeof(buf) / 2);
199 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
200 sha3_done(&c, hash);
201 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 1)) {
202 return CRYPT_FAIL_TESTVECTOR;
203 }
204
205 /* SHA3-384 byte-by-byte: 200 steps. [FIPS 202] */
206 i = 200;
207 sha3_384_init(&c);
208 while (i--) {
209 sha3_process(&c, &c1, 1);
210 }
211 sha3_done(&c, hash);
212 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 2)) {
213 return CRYPT_FAIL_TESTVECTOR;
214 }
215
216 return CRYPT_OK;
217 #endif
218 }
219
220 int sha3_512_test(void)
221 {
222 #ifndef LTC_TEST
223 return CRYPT_NOP;
224 #else
225 unsigned char buf[200], hash[512 / 8];
226 int i;
227 hash_state c;
228 const unsigned char c1 = 0xa3;
229
230 const unsigned char sha3_512_0xa3_200_times[512 / 8] = {
231 0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1,
232 0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b,
233 0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0,
234 0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8,
235 0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3,
236 0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b,
237 0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41,
238 0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00
239 };
240
241 XMEMSET(buf, c1, sizeof(buf));
242
243 /* SHA3-512 as a single buffer. [FIPS 202] */
244 sha3_512_init(&c);
245 sha3_process(&c, buf, sizeof(buf));
246 sha3_done(&c, hash);
247 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 0)) {
248 return CRYPT_FAIL_TESTVECTOR;
249 }
250
251 /* SHA3-512 in two steps. [FIPS 202] */
252 sha3_512_init(&c);
253 sha3_process(&c, buf, sizeof(buf) / 2);
254 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
255 sha3_done(&c, hash);
256 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 1)) {
257 return CRYPT_FAIL_TESTVECTOR;
258 }
259
260 /* SHA3-512 byte-by-byte: 200 steps. [FIPS 202] */
261 i = 200;
262 sha3_512_init(&c);
263 while (i--) {
264 sha3_process(&c, &c1, 1);
265 }
266 sha3_done(&c, hash);
267 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 2)) {
268 return CRYPT_FAIL_TESTVECTOR;
269 }
270
271 return CRYPT_OK;
272 #endif
273 }
274
275 int sha3_shake_test(void)
276 {
277 #ifndef LTC_TEST
278 return CRYPT_NOP;
279 #else
280 unsigned char buf[200], hash[512];
281 int i;
282 hash_state c;
283 const unsigned char c1 = 0xa3;
284 unsigned long len;
285
286 const unsigned char shake256_empty[32] = {
287 0xab, 0x0b, 0xae, 0x31, 0x63, 0x39, 0x89, 0x43,
288 0x04, 0xe3, 0x58, 0x77, 0xb0, 0xc2, 0x8a, 0x9b,
289 0x1f, 0xd1, 0x66, 0xc7, 0x96, 0xb9, 0xcc, 0x25,
290 0x8a, 0x06, 0x4a, 0x8f, 0x57, 0xe2, 0x7f, 0x2a
291 };
292 const unsigned char shake256_0xa3_200_times[32] = {
293 0x6a, 0x1a, 0x9d, 0x78, 0x46, 0x43, 0x6e, 0x4d,
294 0xca, 0x57, 0x28, 0xb6, 0xf7, 0x60, 0xee, 0xf0,
295 0xca, 0x92, 0xbf, 0x0b, 0xe5, 0x61, 0x5e, 0x96,
296 0x95, 0x9d, 0x76, 0x71, 0x97, 0xa0, 0xbe, 0xeb
297 };
298 const unsigned char shake128_empty[32] = {
299 0x43, 0xe4, 0x1b, 0x45, 0xa6, 0x53, 0xf2, 0xa5,
300 0xc4, 0x49, 0x2c, 0x1a, 0xdd, 0x54, 0x45, 0x12,
301 0xdd, 0xa2, 0x52, 0x98, 0x33, 0x46, 0x2b, 0x71,
302 0xa4, 0x1a, 0x45, 0xbe, 0x97, 0x29, 0x0b, 0x6f
303 };
304 const unsigned char shake128_0xa3_200_times[32] = {
305 0x44, 0xc9, 0xfb, 0x35, 0x9f, 0xd5, 0x6a, 0xc0,
306 0xa9, 0xa7, 0x5a, 0x74, 0x3c, 0xff, 0x68, 0x62,
307 0xf1, 0x7d, 0x72, 0x59, 0xab, 0x07, 0x52, 0x16,
308 0xc0, 0x69, 0x95, 0x11, 0x64, 0x3b, 0x64, 0x39
309 };
310
311 XMEMSET(buf, c1, sizeof(buf));
312
313 /* SHAKE256 on an empty buffer */
314 sha3_shake_init(&c, 256);
315 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
316 if (compare_testvector(hash, sizeof(shake256_empty), shake256_empty, sizeof(shake256_empty), "SHAKE256", 0)) {
317 return CRYPT_FAIL_TESTVECTOR;
318 }
319
320 /* SHAKE256 via sha3_shake_memory [FIPS 202] */
321 len = 512;
322 sha3_shake_memory(256, buf, sizeof(buf), hash, &len);
323 if (compare_testvector(hash + 480, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 1)) {
324 return CRYPT_FAIL_TESTVECTOR;
325 }
326
327 /* SHAKE256 as a single buffer. [FIPS 202] */
328 sha3_shake_init(&c, 256);
329 sha3_shake_process(&c, buf, sizeof(buf));
330 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
331 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 2)) {
332 return CRYPT_FAIL_TESTVECTOR;
333 }
334
335 /* SHAKE256 in two steps. [FIPS 202] */
336 sha3_shake_init(&c, 256);
337 sha3_shake_process(&c, buf, sizeof(buf) / 2);
338 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
339 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
340 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 3)) {
341 return CRYPT_FAIL_TESTVECTOR;
342 }
343
344 /* SHAKE256 byte-by-byte: 200 steps. [FIPS 202] */
345 i = 200;
346 sha3_shake_init(&c, 256);
347 while (i--) sha3_shake_process(&c, &c1, 1);
348 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
349 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 4)) {
350 return CRYPT_FAIL_TESTVECTOR;
351 }
352
353 /* SHAKE128 on an empty buffer */
354 sha3_shake_init(&c, 128);
355 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
356 if (compare_testvector(hash, sizeof(shake128_empty), shake128_empty, sizeof(shake128_empty), "SHAKE128", 0)) {
357 return CRYPT_FAIL_TESTVECTOR;
358 }
359
360 /* SHAKE128 via sha3_shake_memory [FIPS 202] */
361 len = 512;
362 sha3_shake_memory(128, buf, sizeof(buf), hash, &len);
363 if (compare_testvector(hash + 480, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 1)) {
364 return CRYPT_FAIL_TESTVECTOR;
365 }
366
367 /* SHAKE128 as a single buffer. [FIPS 202] */
368 sha3_shake_init(&c, 128);
369 sha3_shake_process(&c, buf, sizeof(buf));
370 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
371 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 2)) {
372 return CRYPT_FAIL_TESTVECTOR;
373 }
374
375 /* SHAKE128 in two steps. [FIPS 202] */
376 sha3_shake_init(&c, 128);
377 sha3_shake_process(&c, buf, sizeof(buf) / 2);
378 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
379 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
380 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 3)) {
381 return CRYPT_FAIL_TESTVECTOR;
382 }
383
384 /* SHAKE128 byte-by-byte: 200 steps. [FIPS 202] */
385 i = 200;
386 sha3_shake_init(&c, 128);
387 while (i--) sha3_shake_process(&c, &c1, 1);
388 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
389 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 4)) {
390 return CRYPT_FAIL_TESTVECTOR;
391 }
392
393 return CRYPT_OK;
394 #endif
395 }
396
397 #endif
398
399 /* ref: $Format:%D$ */
400 /* git commit: $Format:%H$ */
401 /* commit time: $Format:%ai$ */