1 // SPDX-License-Identifier: BSD-2-Clause
2 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 *
4 * LibTomCrypt is a library that provides various cryptographic
5 * algorithms in a highly modular and flexible manner.
6 *
7 * The library is free for all purposes without any express
8 * guarantee it works.
9 */
10
11 /* based on https://github.com/brainhub/SHA3IUF (public domain) */
12
13 #include "tomcrypt_private.h"
14
15 #ifdef LTC_SHA3
16
sha3_224_test(void)17 int sha3_224_test(void)
18 {
19 #ifndef LTC_TEST
20 return CRYPT_NOP;
21 #else
22 unsigned char buf[200], hash[224 / 8];
23 int i;
24 hash_state c;
25 const unsigned char c1 = 0xa3;
26
27 const unsigned char sha3_224_empty[224 / 8] = {
28 0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,
29 0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,
30 0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,
31 0x5b, 0x5a, 0x6b, 0xc7
32 };
33
34 const unsigned char sha3_224_0xa3_200_times[224 / 8] = {
35 0x93, 0x76, 0x81, 0x6a, 0xba, 0x50, 0x3f, 0x72,
36 0xf9, 0x6c, 0xe7, 0xeb, 0x65, 0xac, 0x09, 0x5d,
37 0xee, 0xe3, 0xbe, 0x4b, 0xf9, 0xbb, 0xc2, 0xa1,
38 0xcb, 0x7e, 0x11, 0xe0
39 };
40
41 XMEMSET(buf, c1, sizeof(buf));
42
43 /* SHA3-224 on an empty buffer */
44 sha3_224_init(&c);
45 sha3_done(&c, hash);
46 if (compare_testvector(hash, sizeof(hash), sha3_224_empty, sizeof(sha3_224_empty), "SHA3-224", 0)) {
47 return CRYPT_FAIL_TESTVECTOR;
48 }
49
50 /* SHA3-224 in two steps. [FIPS 202] */
51 sha3_224_init(&c);
52 sha3_process(&c, buf, sizeof(buf) / 2);
53 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
54 sha3_done(&c, hash);
55 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 1)) {
56 return CRYPT_FAIL_TESTVECTOR;
57 }
58
59 /* SHA3-224 byte-by-byte: 200 steps. [FIPS 202] */
60 i = 200;
61 sha3_224_init(&c);
62 while (i--) {
63 sha3_process(&c, &c1, 1);
64 }
65 sha3_done(&c, hash);
66 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 2)) {
67 return CRYPT_FAIL_TESTVECTOR;
68 }
69
70 return CRYPT_OK;
71 #endif
72 }
73
sha3_256_test(void)74 int sha3_256_test(void)
75 {
76 #ifndef LTC_TEST
77 return CRYPT_NOP;
78 #else
79 unsigned char buf[200], hash[256 / 8];
80 int i;
81 hash_state c;
82 const unsigned char c1 = 0xa3;
83
84 const unsigned char sha3_256_empty[256 / 8] = {
85 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
86 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
87 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
88 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a
89 };
90 const unsigned char sha3_256_0xa3_200_times[256 / 8] = {
91 0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07,
92 0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf,
93 0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73,
94 0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87
95 };
96
97 XMEMSET(buf, c1, sizeof(buf));
98
99 /* SHA3-256 on an empty buffer */
100 sha3_256_init(&c);
101 sha3_done(&c, hash);
102 if (compare_testvector(hash, sizeof(hash), sha3_256_empty, sizeof(sha3_256_empty), "SHA3-256", 0)) {
103 return CRYPT_FAIL_TESTVECTOR;
104 }
105
106 /* SHA3-256 as a single buffer. [FIPS 202] */
107 sha3_256_init(&c);
108 sha3_process(&c, buf, sizeof(buf));
109 sha3_done(&c, hash);
110 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 1)) {
111 return CRYPT_FAIL_TESTVECTOR;
112 }
113
114 /* SHA3-256 in two steps. [FIPS 202] */
115 sha3_256_init(&c);
116 sha3_process(&c, buf, sizeof(buf) / 2);
117 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
118 sha3_done(&c, hash);
119 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 2)) {
120 return CRYPT_FAIL_TESTVECTOR;
121 }
122
123 /* SHA3-256 byte-by-byte: 200 steps. [FIPS 202] */
124 i = 200;
125 sha3_256_init(&c);
126 while (i--) {
127 sha3_process(&c, &c1, 1);
128 }
129 sha3_done(&c, hash);
130 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 3)) {
131 return CRYPT_FAIL_TESTVECTOR;
132 }
133
134 /* SHA3-256 byte-by-byte: 135 bytes. Input from [Keccak]. Output
135 * matched with sha3sum. */
136 sha3_256_init(&c);
137 sha3_process(&c, (unsigned char*)
138 "\xb7\x71\xd5\xce\xf5\xd1\xa4\x1a"
139 "\x93\xd1\x56\x43\xd7\x18\x1d\x2a"
140 "\x2e\xf0\xa8\xe8\x4d\x91\x81\x2f"
141 "\x20\xed\x21\xf1\x47\xbe\xf7\x32"
142 "\xbf\x3a\x60\xef\x40\x67\xc3\x73"
143 "\x4b\x85\xbc\x8c\xd4\x71\x78\x0f"
144 "\x10\xdc\x9e\x82\x91\xb5\x83\x39"
145 "\xa6\x77\xb9\x60\x21\x8f\x71\xe7"
146 "\x93\xf2\x79\x7a\xea\x34\x94\x06"
147 "\x51\x28\x29\x06\x5d\x37\xbb\x55"
148 "\xea\x79\x6f\xa4\xf5\x6f\xd8\x89"
149 "\x6b\x49\xb2\xcd\x19\xb4\x32\x15"
150 "\xad\x96\x7c\x71\x2b\x24\xe5\x03"
151 "\x2d\x06\x52\x32\xe0\x2c\x12\x74"
152 "\x09\xd2\xed\x41\x46\xb9\xd7\x5d"
153 "\x76\x3d\x52\xdb\x98\xd9\x49\xd3"
154 "\xb0\xfe\xd6\xa8\x05\x2f\xbb", 1080 / 8);
155 sha3_done(&c, hash);
156 if(compare_testvector(hash, sizeof(hash),
157 "\xa1\x9e\xee\x92\xbb\x20\x97\xb6"
158 "\x4e\x82\x3d\x59\x77\x98\xaa\x18"
159 "\xbe\x9b\x7c\x73\x6b\x80\x59\xab"
160 "\xfd\x67\x79\xac\x35\xac\x81\xb5", 256 / 8, "SHA3-256", 4)) {
161 return CRYPT_FAIL_TESTVECTOR;
162 }
163
164 return CRYPT_OK;
165 #endif
166 }
167
sha3_384_test(void)168 int sha3_384_test(void)
169 {
170 #ifndef LTC_TEST
171 return CRYPT_NOP;
172 #else
173 unsigned char buf[200], hash[384 / 8];
174 int i;
175 hash_state c;
176 const unsigned char c1 = 0xa3;
177
178 const unsigned char sha3_384_0xa3_200_times[384 / 8] = {
179 0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9,
180 0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b,
181 0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e,
182 0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd,
183 0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98,
184 0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f
185 };
186
187 XMEMSET(buf, c1, sizeof(buf));
188
189 /* SHA3-384 as a single buffer. [FIPS 202] */
190 sha3_384_init(&c);
191 sha3_process(&c, buf, sizeof(buf));
192 sha3_done(&c, hash);
193 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 0)) {
194 return CRYPT_FAIL_TESTVECTOR;
195 }
196
197 /* SHA3-384 in two steps. [FIPS 202] */
198 sha3_384_init(&c);
199 sha3_process(&c, buf, sizeof(buf) / 2);
200 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
201 sha3_done(&c, hash);
202 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 1)) {
203 return CRYPT_FAIL_TESTVECTOR;
204 }
205
206 /* SHA3-384 byte-by-byte: 200 steps. [FIPS 202] */
207 i = 200;
208 sha3_384_init(&c);
209 while (i--) {
210 sha3_process(&c, &c1, 1);
211 }
212 sha3_done(&c, hash);
213 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 2)) {
214 return CRYPT_FAIL_TESTVECTOR;
215 }
216
217 return CRYPT_OK;
218 #endif
219 }
220
sha3_512_test(void)221 int sha3_512_test(void)
222 {
223 #ifndef LTC_TEST
224 return CRYPT_NOP;
225 #else
226 unsigned char buf[200], hash[512 / 8];
227 int i;
228 hash_state c;
229 const unsigned char c1 = 0xa3;
230
231 const unsigned char sha3_512_0xa3_200_times[512 / 8] = {
232 0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1,
233 0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b,
234 0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0,
235 0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8,
236 0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3,
237 0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b,
238 0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41,
239 0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00
240 };
241
242 XMEMSET(buf, c1, sizeof(buf));
243
244 /* SHA3-512 as a single buffer. [FIPS 202] */
245 sha3_512_init(&c);
246 sha3_process(&c, buf, sizeof(buf));
247 sha3_done(&c, hash);
248 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 0)) {
249 return CRYPT_FAIL_TESTVECTOR;
250 }
251
252 /* SHA3-512 in two steps. [FIPS 202] */
253 sha3_512_init(&c);
254 sha3_process(&c, buf, sizeof(buf) / 2);
255 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
256 sha3_done(&c, hash);
257 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 1)) {
258 return CRYPT_FAIL_TESTVECTOR;
259 }
260
261 /* SHA3-512 byte-by-byte: 200 steps. [FIPS 202] */
262 i = 200;
263 sha3_512_init(&c);
264 while (i--) {
265 sha3_process(&c, &c1, 1);
266 }
267 sha3_done(&c, hash);
268 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 2)) {
269 return CRYPT_FAIL_TESTVECTOR;
270 }
271
272 return CRYPT_OK;
273 #endif
274 }
275
sha3_shake_test(void)276 int sha3_shake_test(void)
277 {
278 #ifndef LTC_TEST
279 return CRYPT_NOP;
280 #else
281 unsigned char buf[200], hash[512];
282 int i;
283 hash_state c;
284 const unsigned char c1 = 0xa3;
285 unsigned long len;
286
287 const unsigned char shake256_empty[32] = {
288 0xab, 0x0b, 0xae, 0x31, 0x63, 0x39, 0x89, 0x43,
289 0x04, 0xe3, 0x58, 0x77, 0xb0, 0xc2, 0x8a, 0x9b,
290 0x1f, 0xd1, 0x66, 0xc7, 0x96, 0xb9, 0xcc, 0x25,
291 0x8a, 0x06, 0x4a, 0x8f, 0x57, 0xe2, 0x7f, 0x2a
292 };
293 const unsigned char shake256_0xa3_200_times[32] = {
294 0x6a, 0x1a, 0x9d, 0x78, 0x46, 0x43, 0x6e, 0x4d,
295 0xca, 0x57, 0x28, 0xb6, 0xf7, 0x60, 0xee, 0xf0,
296 0xca, 0x92, 0xbf, 0x0b, 0xe5, 0x61, 0x5e, 0x96,
297 0x95, 0x9d, 0x76, 0x71, 0x97, 0xa0, 0xbe, 0xeb
298 };
299 const unsigned char shake128_empty[32] = {
300 0x43, 0xe4, 0x1b, 0x45, 0xa6, 0x53, 0xf2, 0xa5,
301 0xc4, 0x49, 0x2c, 0x1a, 0xdd, 0x54, 0x45, 0x12,
302 0xdd, 0xa2, 0x52, 0x98, 0x33, 0x46, 0x2b, 0x71,
303 0xa4, 0x1a, 0x45, 0xbe, 0x97, 0x29, 0x0b, 0x6f
304 };
305 const unsigned char shake128_0xa3_200_times[32] = {
306 0x44, 0xc9, 0xfb, 0x35, 0x9f, 0xd5, 0x6a, 0xc0,
307 0xa9, 0xa7, 0x5a, 0x74, 0x3c, 0xff, 0x68, 0x62,
308 0xf1, 0x7d, 0x72, 0x59, 0xab, 0x07, 0x52, 0x16,
309 0xc0, 0x69, 0x95, 0x11, 0x64, 0x3b, 0x64, 0x39
310 };
311
312 XMEMSET(buf, c1, sizeof(buf));
313
314 /* SHAKE256 on an empty buffer */
315 sha3_shake_init(&c, 256);
316 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
317 if (compare_testvector(hash, sizeof(shake256_empty), shake256_empty, sizeof(shake256_empty), "SHAKE256", 0)) {
318 return CRYPT_FAIL_TESTVECTOR;
319 }
320
321 /* SHAKE256 via sha3_shake_memory [FIPS 202] */
322 len = 512;
323 sha3_shake_memory(256, buf, sizeof(buf), hash, &len);
324 if (compare_testvector(hash + 480, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 1)) {
325 return CRYPT_FAIL_TESTVECTOR;
326 }
327
328 /* SHAKE256 as a single buffer. [FIPS 202] */
329 sha3_shake_init(&c, 256);
330 sha3_shake_process(&c, buf, sizeof(buf));
331 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
332 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 2)) {
333 return CRYPT_FAIL_TESTVECTOR;
334 }
335
336 /* SHAKE256 in two steps. [FIPS 202] */
337 sha3_shake_init(&c, 256);
338 sha3_shake_process(&c, buf, sizeof(buf) / 2);
339 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
340 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
341 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 3)) {
342 return CRYPT_FAIL_TESTVECTOR;
343 }
344
345 /* SHAKE256 byte-by-byte: 200 steps. [FIPS 202] */
346 i = 200;
347 sha3_shake_init(&c, 256);
348 while (i--) sha3_shake_process(&c, &c1, 1);
349 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
350 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 4)) {
351 return CRYPT_FAIL_TESTVECTOR;
352 }
353
354 /* SHAKE128 on an empty buffer */
355 sha3_shake_init(&c, 128);
356 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
357 if (compare_testvector(hash, sizeof(shake128_empty), shake128_empty, sizeof(shake128_empty), "SHAKE128", 0)) {
358 return CRYPT_FAIL_TESTVECTOR;
359 }
360
361 /* SHAKE128 via sha3_shake_memory [FIPS 202] */
362 len = 512;
363 sha3_shake_memory(128, buf, sizeof(buf), hash, &len);
364 if (compare_testvector(hash + 480, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 1)) {
365 return CRYPT_FAIL_TESTVECTOR;
366 }
367
368 /* SHAKE128 as a single buffer. [FIPS 202] */
369 sha3_shake_init(&c, 128);
370 sha3_shake_process(&c, buf, sizeof(buf));
371 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
372 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 2)) {
373 return CRYPT_FAIL_TESTVECTOR;
374 }
375
376 /* SHAKE128 in two steps. [FIPS 202] */
377 sha3_shake_init(&c, 128);
378 sha3_shake_process(&c, buf, sizeof(buf) / 2);
379 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
380 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
381 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 3)) {
382 return CRYPT_FAIL_TESTVECTOR;
383 }
384
385 /* SHAKE128 byte-by-byte: 200 steps. [FIPS 202] */
386 i = 200;
387 sha3_shake_init(&c, 128);
388 while (i--) sha3_shake_process(&c, &c1, 1);
389 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
390 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 4)) {
391 return CRYPT_FAIL_TESTVECTOR;
392 }
393
394 return CRYPT_OK;
395 #endif
396 }
397
398 #endif
399
400 #ifdef LTC_KECCAK
401
keccak_224_test(void)402 int keccak_224_test(void)
403 {
404 #ifndef LTC_TEST
405 return CRYPT_NOP;
406 #else
407 hash_state c;
408 unsigned char hash[MAXBLOCKSIZE];
409
410 keccak_224_init(&c);
411 keccak_process(&c, (unsigned char*) "\xcc", 1);
412 keccak_done(&c, hash);
413 if(compare_testvector(hash, 28,
414 "\xa9\xca\xb5\x9e\xb4\x0a\x10\xb2"
415 "\x46\x29\x0f\x2d\x60\x86\xe3\x2e"
416 "\x36\x89\xfa\xf1\xd2\x6b\x47\x0c"
417 "\x89\x9f\x28\x02", 28,
418 "KECCAK-224", 0) != 0) {
419 return CRYPT_FAIL_TESTVECTOR;
420 }
421
422 keccak_224_init(&c);
423 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
424 keccak_done(&c, hash);
425 if(compare_testvector(hash, 28,
426 "\x61\x5b\xa3\x67\xaf\xdc\x35\xaa"
427 "\xc3\x97\xbc\x7e\xb5\xd5\x8d\x10"
428 "\x6a\x73\x4b\x24\x98\x6d\x5d\x97"
429 "\x8f\xef\xd6\x2c", 28,
430 "KECCAK-224", 1) != 0) {
431 return CRYPT_FAIL_TESTVECTOR;
432 }
433
434 keccak_224_init(&c);
435 keccak_process(&c, (unsigned char*)
436 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
437 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
438 keccak_done(&c, hash);
439 if(compare_testvector(hash, 28,
440 "\x56\x79\xcd\x50\x9c\x51\x20\xaf"
441 "\x54\x79\x5c\xf4\x77\x14\x96\x41"
442 "\xcf\x27\xb2\xeb\xb6\xa5\xf9\x03"
443 "\x40\x70\x4e\x57", 28,
444 "KECCAK-224", 2) != 0) {
445 return CRYPT_FAIL_TESTVECTOR;
446 }
447
448 keccak_224_init(&c);
449 keccak_process(&c, (unsigned char*)
450 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
451 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
452 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
453 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
454 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
455 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
456 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
457 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
458 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
459 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
460 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
461 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
462 "\x6d\xcb\xb4\xce", 100);
463 keccak_done(&c, hash);
464 if(compare_testvector(hash, 28,
465 "\x62\xb1\x0f\x1b\x62\x36\xeb\xc2"
466 "\xda\x72\x95\x77\x42\xa8\xd4\xe4"
467 "\x8e\x21\x3b\x5f\x89\x34\x60\x4b"
468 "\xfd\x4d\x2c\x3a", 28,
469 "KECCAK-224", 3) != 0) {
470 return CRYPT_FAIL_TESTVECTOR;
471 }
472
473 return CRYPT_OK;
474 #endif
475 }
476
keccak_256_test(void)477 int keccak_256_test(void)
478 {
479 #ifndef LTC_TEST
480 return CRYPT_NOP;
481 #else
482 hash_state c;
483 unsigned char hash[MAXBLOCKSIZE];
484
485 keccak_256_init(&c);
486 keccak_process(&c, (unsigned char*) "\xcc", 1);
487 keccak_done(&c, hash);
488 if(compare_testvector(hash, 32,
489 "\xee\xad\x6d\xbf\xc7\x34\x0a\x56"
490 "\xca\xed\xc0\x44\x69\x6a\x16\x88"
491 "\x70\x54\x9a\x6a\x7f\x6f\x56\x96"
492 "\x1e\x84\xa5\x4b\xd9\x97\x0b\x8a", 32,
493 "KECCAK-256", 0) != 0) {
494 return CRYPT_FAIL_TESTVECTOR;
495 }
496
497 keccak_256_init(&c);
498 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
499 keccak_done(&c, hash);
500 if(compare_testvector(hash, 32,
501 "\xa8\xea\xce\xda\x4d\x47\xb3\x28"
502 "\x1a\x79\x5a\xd9\xe1\xea\x21\x22"
503 "\xb4\x07\xba\xf9\xaa\xbc\xb9\xe1"
504 "\x8b\x57\x17\xb7\x87\x35\x37\xd2", 32,
505 "KECCAK-256", 1) != 0) {
506 return CRYPT_FAIL_TESTVECTOR;
507 }
508
509 keccak_256_init(&c);
510 keccak_process(&c, (unsigned char*)
511 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
512 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
513 keccak_done(&c, hash);
514 if(compare_testvector(hash, 32,
515 "\x0e\x32\xde\xfa\x20\x71\xf0\xb5"
516 "\xac\x0e\x6a\x10\x8b\x84\x2e\xd0"
517 "\xf1\xd3\x24\x97\x12\xf5\x8e\xe0"
518 "\xdd\xf9\x56\xfe\x33\x2a\x5f\x95", 32,
519 "KECCAK-256", 2) != 0) {
520 return CRYPT_FAIL_TESTVECTOR;
521 }
522
523 keccak_256_init(&c);
524 keccak_process(&c, (unsigned char*)
525 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
526 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
527 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
528 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
529 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
530 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
531 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
532 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
533 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
534 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
535 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
536 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
537 "\x6d\xcb\xb4\xce", 100);
538 keccak_done(&c, hash);
539 if(compare_testvector(hash, 32,
540 "\xce\x87\xa5\x17\x3b\xff\xd9\x23"
541 "\x99\x22\x16\x58\xf8\x01\xd4\x5c"
542 "\x29\x4d\x90\x06\xee\x9f\x3f\x9d"
543 "\x41\x9c\x8d\x42\x77\x48\xdc\x41", 32,
544 "KECCAK-256", 3) != 0) {
545 return CRYPT_FAIL_TESTVECTOR;
546 }
547
548 return CRYPT_OK;
549 #endif
550 }
551
keccak_384_test(void)552 int keccak_384_test(void)
553 {
554 #ifndef LTC_TEST
555 return CRYPT_NOP;
556 #else
557 hash_state c;
558 unsigned char hash[MAXBLOCKSIZE];
559
560 keccak_384_init(&c);
561 keccak_process(&c, (unsigned char*) "\xcc", 1);
562 keccak_done(&c, hash);
563 if(compare_testvector(hash, 48,
564 "\x1b\x84\xe6\x2a\x46\xe5\xa2\x01"
565 "\x86\x17\x54\xaf\x5d\xc9\x5c\x4a"
566 "\x1a\x69\xca\xf4\xa7\x96\xae\x40"
567 "\x56\x80\x16\x1e\x29\x57\x26\x41"
568 "\xf5\xfa\x1e\x86\x41\xd7\x95\x83"
569 "\x36\xee\x7b\x11\xc5\x8f\x73\xe9", 48,
570 "KECCAK-384", 0) != 0) {
571 return CRYPT_FAIL_TESTVECTOR;
572 }
573
574 keccak_384_init(&c);
575 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
576 keccak_done(&c, hash);
577 if(compare_testvector(hash, 48,
578 "\x49\x5c\xce\x27\x14\xcd\x72\xc8"
579 "\xc5\x3c\x33\x63\xd2\x2c\x58\xb5"
580 "\x59\x60\xfe\x26\xbe\x0b\xf3\xbb"
581 "\xc7\xa3\x31\x6d\xd5\x63\xad\x1d"
582 "\xb8\x41\x0e\x75\xee\xfe\xa6\x55"
583 "\xe3\x9d\x46\x70\xec\x0b\x17\x92", 48,
584 "KECCAK-384", 1) != 0) {
585 return CRYPT_FAIL_TESTVECTOR;
586 }
587
588 keccak_384_init(&c);
589 keccak_process(&c, (unsigned char*)
590 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
591 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
592 keccak_done(&c, hash);
593 if(compare_testvector(hash, 48,
594 "\x18\x42\x2a\xc1\xd3\xa1\xe5\x4b"
595 "\xad\x87\x68\x83\xd2\xd6\xdd\x65"
596 "\xf6\x5c\x1d\x5f\x33\xa7\x12\x5c"
597 "\xc4\xc1\x86\x40\x5a\x12\xed\x64"
598 "\xba\x96\x67\x2e\xed\xda\x8c\x5a"
599 "\x63\x31\xd2\x86\x83\xf4\x88\xeb", 48,
600 "KECCAK-384", 2) != 0) {
601 return CRYPT_FAIL_TESTVECTOR;
602 }
603
604 keccak_384_init(&c);
605 keccak_process(&c, (unsigned char*)
606 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
607 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
608 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
609 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
610 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
611 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
612 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
613 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
614 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
615 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
616 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
617 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
618 "\x6d\xcb\xb4\xce", 100);
619 keccak_done(&c, hash);
620 if(compare_testvector(hash, 48,
621 "\x13\x51\x14\x50\x8d\xd6\x3e\x27"
622 "\x9e\x70\x9c\x26\xf7\x81\x7c\x04"
623 "\x82\x76\x6c\xde\x49\x13\x2e\x3e"
624 "\xdf\x2e\xed\xd8\x99\x6f\x4e\x35"
625 "\x96\xd1\x84\x10\x0b\x38\x48\x68"
626 "\x24\x9f\x1d\x8b\x8f\xda\xa2\xc9", 48,
627 "KECCAK-384", 3) != 0) {
628 return CRYPT_FAIL_TESTVECTOR;
629 }
630
631 return CRYPT_OK;
632 #endif
633 }
634
keccak_512_test(void)635 int keccak_512_test(void)
636 {
637 #ifndef LTC_TEST
638 return CRYPT_NOP;
639 #else
640 hash_state c;
641 unsigned char hash[MAXBLOCKSIZE];
642
643 keccak_512_init(&c);
644 keccak_process(&c, (unsigned char*) "\xcc", 1);
645 keccak_done(&c, hash);
646 if(compare_testvector(hash, 64,
647 "\x86\x30\xc1\x3c\xbd\x06\x6e\xa7"
648 "\x4b\xbe\x7f\xe4\x68\xfe\xc1\xde"
649 "\xe1\x0e\xdc\x12\x54\xfb\x4c\x1b"
650 "\x7c\x5f\xd6\x9b\x64\x6e\x44\x16"
651 "\x0b\x8c\xe0\x1d\x05\xa0\x90\x8c"
652 "\xa7\x90\xdf\xb0\x80\xf4\xb5\x13"
653 "\xbc\x3b\x62\x25\xec\xe7\xa8\x10"
654 "\x37\x14\x41\xa5\xac\x66\x6e\xb9", 64,
655 "KECCAK-512", 0) != 0) {
656 return CRYPT_FAIL_TESTVECTOR;
657 }
658
659 keccak_512_init(&c);
660 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
661 keccak_done(&c, hash);
662 if(compare_testvector(hash, 64,
663 "\x55\x1d\xa6\x23\x6f\x8b\x96\xfc"
664 "\xe9\xf9\x7f\x11\x90\xe9\x01\x32"
665 "\x4f\x0b\x45\xe0\x6d\xbb\xb5\xcd"
666 "\xb8\x35\x5d\x6e\xd1\xdc\x34\xb3"
667 "\xf0\xea\xe7\xdc\xb6\x86\x22\xff"
668 "\x23\x2f\xa3\xce\xce\x0d\x46\x16"
669 "\xcd\xeb\x39\x31\xf9\x38\x03\x66"
670 "\x2a\x28\xdf\x1c\xd5\x35\xb7\x31", 64,
671 "KECCAK-512", 1) != 0) {
672 return CRYPT_FAIL_TESTVECTOR;
673 }
674
675 keccak_512_init(&c);
676 keccak_process(&c, (unsigned char*)
677 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
678 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
679 keccak_done(&c, hash);
680 if(compare_testvector(hash, 64,
681 "\x4b\x39\xd3\xda\x5b\xcd\xf4\xd9"
682 "\xb7\x69\x01\x59\x95\x64\x43\x11"
683 "\xc1\x4c\x43\x5b\xf7\x2b\x10\x09"
684 "\xd6\xdd\x71\xb0\x1a\x63\xb9\x7c"
685 "\xfb\x59\x64\x18\xe8\xe4\x23\x42"
686 "\xd1\x17\xe0\x74\x71\xa8\x91\x43"
687 "\x14\xba\x7b\x0e\x26\x4d\xad\xf0"
688 "\xce\xa3\x81\x86\x8c\xbd\x43\xd1", 64,
689 "KECCAK-512", 2) != 0) {
690 return CRYPT_FAIL_TESTVECTOR;
691 }
692
693 keccak_512_init(&c);
694 keccak_process(&c, (unsigned char*)
695 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
696 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
697 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
698 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
699 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
700 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
701 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
702 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
703 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
704 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
705 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
706 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
707 "\x6d\xcb\xb4\xce", 100);
708 keccak_done(&c, hash);
709 if(compare_testvector(hash, 64,
710 "\x52\x7d\x28\xe3\x41\xe6\xb1\x4f"
711 "\x46\x84\xad\xb4\xb8\x24\xc4\x96"
712 "\xc6\x48\x2e\x51\x14\x95\x65\xd3"
713 "\xd1\x72\x26\x82\x88\x84\x30\x6b"
714 "\x51\xd6\x14\x8a\x72\x62\x2c\x2b"
715 "\x75\xf5\xd3\x51\x0b\x79\x9d\x8b"
716 "\xdc\x03\xea\xed\xe4\x53\x67\x6a"
717 "\x6e\xc8\xfe\x03\xa1\xad\x0e\xab", 64,
718 "KECCAK-512", 3) != 0) {
719 return CRYPT_FAIL_TESTVECTOR;
720 }
721
722 return CRYPT_OK;
723 #endif
724 }
725
726 #endif
727
728 /* ref: $Format:%D$ */
729 /* git commit: $Format:%H$ */
730 /* commit time: $Format:%ai$ */
731