1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3
4 /* based on https://github.com/brainhub/SHA3IUF (public domain) */
5
6 #include "tomcrypt_private.h"
7
8 #ifdef LTC_SHA3
9
sha3_224_test(void)10 int sha3_224_test(void)
11 {
12 #ifndef LTC_TEST
13 return CRYPT_NOP;
14 #else
15 unsigned char buf[200], hash[224 / 8];
16 int i;
17 hash_state c;
18 const unsigned char c1 = 0xa3;
19
20 const unsigned char sha3_224_empty[224 / 8] = {
21 0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,
22 0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,
23 0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,
24 0x5b, 0x5a, 0x6b, 0xc7
25 };
26
27 const unsigned char sha3_224_0xa3_200_times[224 / 8] = {
28 0x93, 0x76, 0x81, 0x6a, 0xba, 0x50, 0x3f, 0x72,
29 0xf9, 0x6c, 0xe7, 0xeb, 0x65, 0xac, 0x09, 0x5d,
30 0xee, 0xe3, 0xbe, 0x4b, 0xf9, 0xbb, 0xc2, 0xa1,
31 0xcb, 0x7e, 0x11, 0xe0
32 };
33
34 XMEMSET(buf, c1, sizeof(buf));
35
36 /* SHA3-224 on an empty buffer */
37 sha3_224_init(&c);
38 sha3_done(&c, hash);
39 if (compare_testvector(hash, sizeof(hash), sha3_224_empty, sizeof(sha3_224_empty), "SHA3-224", 0)) {
40 return CRYPT_FAIL_TESTVECTOR;
41 }
42
43 /* SHA3-224 in two steps. [FIPS 202] */
44 sha3_224_init(&c);
45 sha3_process(&c, buf, sizeof(buf) / 2);
46 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
47 sha3_done(&c, hash);
48 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 1)) {
49 return CRYPT_FAIL_TESTVECTOR;
50 }
51
52 /* SHA3-224 byte-by-byte: 200 steps. [FIPS 202] */
53 i = 200;
54 sha3_224_init(&c);
55 while (i--) {
56 sha3_process(&c, &c1, 1);
57 }
58 sha3_done(&c, hash);
59 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 2)) {
60 return CRYPT_FAIL_TESTVECTOR;
61 }
62
63 return CRYPT_OK;
64 #endif
65 }
66
sha3_256_test(void)67 int sha3_256_test(void)
68 {
69 #ifndef LTC_TEST
70 return CRYPT_NOP;
71 #else
72 unsigned char buf[200], hash[256 / 8];
73 int i;
74 hash_state c;
75 const unsigned char c1 = 0xa3;
76
77 const unsigned char sha3_256_empty[256 / 8] = {
78 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
79 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
80 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
81 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a
82 };
83 const unsigned char sha3_256_0xa3_200_times[256 / 8] = {
84 0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07,
85 0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf,
86 0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73,
87 0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87
88 };
89
90 XMEMSET(buf, c1, sizeof(buf));
91
92 /* SHA3-256 on an empty buffer */
93 sha3_256_init(&c);
94 sha3_done(&c, hash);
95 if (compare_testvector(hash, sizeof(hash), sha3_256_empty, sizeof(sha3_256_empty), "SHA3-256", 0)) {
96 return CRYPT_FAIL_TESTVECTOR;
97 }
98
99 /* SHA3-256 as a single buffer. [FIPS 202] */
100 sha3_256_init(&c);
101 sha3_process(&c, buf, sizeof(buf));
102 sha3_done(&c, hash);
103 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 1)) {
104 return CRYPT_FAIL_TESTVECTOR;
105 }
106
107 /* SHA3-256 in two steps. [FIPS 202] */
108 sha3_256_init(&c);
109 sha3_process(&c, buf, sizeof(buf) / 2);
110 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
111 sha3_done(&c, hash);
112 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 2)) {
113 return CRYPT_FAIL_TESTVECTOR;
114 }
115
116 /* SHA3-256 byte-by-byte: 200 steps. [FIPS 202] */
117 i = 200;
118 sha3_256_init(&c);
119 while (i--) {
120 sha3_process(&c, &c1, 1);
121 }
122 sha3_done(&c, hash);
123 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 3)) {
124 return CRYPT_FAIL_TESTVECTOR;
125 }
126
127 /* SHA3-256 byte-by-byte: 135 bytes. Input from [Keccak]. Output
128 * matched with sha3sum. */
129 sha3_256_init(&c);
130 sha3_process(&c, (unsigned char*)
131 "\xb7\x71\xd5\xce\xf5\xd1\xa4\x1a"
132 "\x93\xd1\x56\x43\xd7\x18\x1d\x2a"
133 "\x2e\xf0\xa8\xe8\x4d\x91\x81\x2f"
134 "\x20\xed\x21\xf1\x47\xbe\xf7\x32"
135 "\xbf\x3a\x60\xef\x40\x67\xc3\x73"
136 "\x4b\x85\xbc\x8c\xd4\x71\x78\x0f"
137 "\x10\xdc\x9e\x82\x91\xb5\x83\x39"
138 "\xa6\x77\xb9\x60\x21\x8f\x71\xe7"
139 "\x93\xf2\x79\x7a\xea\x34\x94\x06"
140 "\x51\x28\x29\x06\x5d\x37\xbb\x55"
141 "\xea\x79\x6f\xa4\xf5\x6f\xd8\x89"
142 "\x6b\x49\xb2\xcd\x19\xb4\x32\x15"
143 "\xad\x96\x7c\x71\x2b\x24\xe5\x03"
144 "\x2d\x06\x52\x32\xe0\x2c\x12\x74"
145 "\x09\xd2\xed\x41\x46\xb9\xd7\x5d"
146 "\x76\x3d\x52\xdb\x98\xd9\x49\xd3"
147 "\xb0\xfe\xd6\xa8\x05\x2f\xbb", 1080 / 8);
148 sha3_done(&c, hash);
149 if(compare_testvector(hash, sizeof(hash),
150 "\xa1\x9e\xee\x92\xbb\x20\x97\xb6"
151 "\x4e\x82\x3d\x59\x77\x98\xaa\x18"
152 "\xbe\x9b\x7c\x73\x6b\x80\x59\xab"
153 "\xfd\x67\x79\xac\x35\xac\x81\xb5", 256 / 8, "SHA3-256", 4)) {
154 return CRYPT_FAIL_TESTVECTOR;
155 }
156
157 return CRYPT_OK;
158 #endif
159 }
160
sha3_384_test(void)161 int sha3_384_test(void)
162 {
163 #ifndef LTC_TEST
164 return CRYPT_NOP;
165 #else
166 unsigned char buf[200], hash[384 / 8];
167 int i;
168 hash_state c;
169 const unsigned char c1 = 0xa3;
170
171 const unsigned char sha3_384_0xa3_200_times[384 / 8] = {
172 0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9,
173 0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b,
174 0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e,
175 0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd,
176 0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98,
177 0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f
178 };
179
180 XMEMSET(buf, c1, sizeof(buf));
181
182 /* SHA3-384 as a single buffer. [FIPS 202] */
183 sha3_384_init(&c);
184 sha3_process(&c, buf, sizeof(buf));
185 sha3_done(&c, hash);
186 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 0)) {
187 return CRYPT_FAIL_TESTVECTOR;
188 }
189
190 /* SHA3-384 in two steps. [FIPS 202] */
191 sha3_384_init(&c);
192 sha3_process(&c, buf, sizeof(buf) / 2);
193 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
194 sha3_done(&c, hash);
195 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 1)) {
196 return CRYPT_FAIL_TESTVECTOR;
197 }
198
199 /* SHA3-384 byte-by-byte: 200 steps. [FIPS 202] */
200 i = 200;
201 sha3_384_init(&c);
202 while (i--) {
203 sha3_process(&c, &c1, 1);
204 }
205 sha3_done(&c, hash);
206 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 2)) {
207 return CRYPT_FAIL_TESTVECTOR;
208 }
209
210 return CRYPT_OK;
211 #endif
212 }
213
sha3_512_test(void)214 int sha3_512_test(void)
215 {
216 #ifndef LTC_TEST
217 return CRYPT_NOP;
218 #else
219 unsigned char buf[200], hash[512 / 8];
220 int i;
221 hash_state c;
222 const unsigned char c1 = 0xa3;
223
224 const unsigned char sha3_512_0xa3_200_times[512 / 8] = {
225 0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1,
226 0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b,
227 0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0,
228 0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8,
229 0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3,
230 0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b,
231 0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41,
232 0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00
233 };
234
235 XMEMSET(buf, c1, sizeof(buf));
236
237 /* SHA3-512 as a single buffer. [FIPS 202] */
238 sha3_512_init(&c);
239 sha3_process(&c, buf, sizeof(buf));
240 sha3_done(&c, hash);
241 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 0)) {
242 return CRYPT_FAIL_TESTVECTOR;
243 }
244
245 /* SHA3-512 in two steps. [FIPS 202] */
246 sha3_512_init(&c);
247 sha3_process(&c, buf, sizeof(buf) / 2);
248 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
249 sha3_done(&c, hash);
250 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 1)) {
251 return CRYPT_FAIL_TESTVECTOR;
252 }
253
254 /* SHA3-512 byte-by-byte: 200 steps. [FIPS 202] */
255 i = 200;
256 sha3_512_init(&c);
257 while (i--) {
258 sha3_process(&c, &c1, 1);
259 }
260 sha3_done(&c, hash);
261 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 2)) {
262 return CRYPT_FAIL_TESTVECTOR;
263 }
264
265 return CRYPT_OK;
266 #endif
267 }
268
sha3_shake_test(void)269 int sha3_shake_test(void)
270 {
271 #ifndef LTC_TEST
272 return CRYPT_NOP;
273 #else
274 unsigned char buf[200], hash[512];
275 int i;
276 hash_state c;
277 const unsigned char c1 = 0xa3;
278 unsigned long len;
279
280 const unsigned char shake256_empty[32] = {
281 0xab, 0x0b, 0xae, 0x31, 0x63, 0x39, 0x89, 0x43,
282 0x04, 0xe3, 0x58, 0x77, 0xb0, 0xc2, 0x8a, 0x9b,
283 0x1f, 0xd1, 0x66, 0xc7, 0x96, 0xb9, 0xcc, 0x25,
284 0x8a, 0x06, 0x4a, 0x8f, 0x57, 0xe2, 0x7f, 0x2a
285 };
286 const unsigned char shake256_0xa3_200_times[32] = {
287 0x6a, 0x1a, 0x9d, 0x78, 0x46, 0x43, 0x6e, 0x4d,
288 0xca, 0x57, 0x28, 0xb6, 0xf7, 0x60, 0xee, 0xf0,
289 0xca, 0x92, 0xbf, 0x0b, 0xe5, 0x61, 0x5e, 0x96,
290 0x95, 0x9d, 0x76, 0x71, 0x97, 0xa0, 0xbe, 0xeb
291 };
292 const unsigned char shake128_empty[32] = {
293 0x43, 0xe4, 0x1b, 0x45, 0xa6, 0x53, 0xf2, 0xa5,
294 0xc4, 0x49, 0x2c, 0x1a, 0xdd, 0x54, 0x45, 0x12,
295 0xdd, 0xa2, 0x52, 0x98, 0x33, 0x46, 0x2b, 0x71,
296 0xa4, 0x1a, 0x45, 0xbe, 0x97, 0x29, 0x0b, 0x6f
297 };
298 const unsigned char shake128_0xa3_200_times[32] = {
299 0x44, 0xc9, 0xfb, 0x35, 0x9f, 0xd5, 0x6a, 0xc0,
300 0xa9, 0xa7, 0x5a, 0x74, 0x3c, 0xff, 0x68, 0x62,
301 0xf1, 0x7d, 0x72, 0x59, 0xab, 0x07, 0x52, 0x16,
302 0xc0, 0x69, 0x95, 0x11, 0x64, 0x3b, 0x64, 0x39
303 };
304
305 XMEMSET(buf, c1, sizeof(buf));
306
307 /* SHAKE256 on an empty buffer */
308 sha3_shake_init(&c, 256);
309 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
310 if (compare_testvector(hash, sizeof(shake256_empty), shake256_empty, sizeof(shake256_empty), "SHAKE256", 0)) {
311 return CRYPT_FAIL_TESTVECTOR;
312 }
313
314 /* SHAKE256 via sha3_shake_memory [FIPS 202] */
315 len = 512;
316 sha3_shake_memory(256, buf, sizeof(buf), hash, &len);
317 if (compare_testvector(hash + 480, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 1)) {
318 return CRYPT_FAIL_TESTVECTOR;
319 }
320
321 /* SHAKE256 as a single buffer. [FIPS 202] */
322 sha3_shake_init(&c, 256);
323 sha3_shake_process(&c, buf, sizeof(buf));
324 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
325 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 2)) {
326 return CRYPT_FAIL_TESTVECTOR;
327 }
328
329 /* SHAKE256 in two steps. [FIPS 202] */
330 sha3_shake_init(&c, 256);
331 sha3_shake_process(&c, buf, sizeof(buf) / 2);
332 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
333 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
334 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 3)) {
335 return CRYPT_FAIL_TESTVECTOR;
336 }
337
338 /* SHAKE256 byte-by-byte: 200 steps. [FIPS 202] */
339 i = 200;
340 sha3_shake_init(&c, 256);
341 while (i--) sha3_shake_process(&c, &c1, 1);
342 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
343 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 4)) {
344 return CRYPT_FAIL_TESTVECTOR;
345 }
346
347 /* SHAKE128 on an empty buffer */
348 sha3_shake_init(&c, 128);
349 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
350 if (compare_testvector(hash, sizeof(shake128_empty), shake128_empty, sizeof(shake128_empty), "SHAKE128", 0)) {
351 return CRYPT_FAIL_TESTVECTOR;
352 }
353
354 /* SHAKE128 via sha3_shake_memory [FIPS 202] */
355 len = 512;
356 sha3_shake_memory(128, buf, sizeof(buf), hash, &len);
357 if (compare_testvector(hash + 480, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 1)) {
358 return CRYPT_FAIL_TESTVECTOR;
359 }
360
361 /* SHAKE128 as a single buffer. [FIPS 202] */
362 sha3_shake_init(&c, 128);
363 sha3_shake_process(&c, buf, sizeof(buf));
364 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
365 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 2)) {
366 return CRYPT_FAIL_TESTVECTOR;
367 }
368
369 /* SHAKE128 in two steps. [FIPS 202] */
370 sha3_shake_init(&c, 128);
371 sha3_shake_process(&c, buf, sizeof(buf) / 2);
372 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
373 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
374 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 3)) {
375 return CRYPT_FAIL_TESTVECTOR;
376 }
377
378 /* SHAKE128 byte-by-byte: 200 steps. [FIPS 202] */
379 i = 200;
380 sha3_shake_init(&c, 128);
381 while (i--) sha3_shake_process(&c, &c1, 1);
382 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
383 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 4)) {
384 return CRYPT_FAIL_TESTVECTOR;
385 }
386
387 return CRYPT_OK;
388 #endif
389 }
390
391 #endif
392
393 #ifdef LTC_KECCAK
394
keccak_224_test(void)395 int keccak_224_test(void)
396 {
397 #ifndef LTC_TEST
398 return CRYPT_NOP;
399 #else
400 hash_state c;
401 unsigned char hash[MAXBLOCKSIZE];
402
403 keccak_224_init(&c);
404 keccak_process(&c, (unsigned char*) "\xcc", 1);
405 keccak_done(&c, hash);
406 if(compare_testvector(hash, 28,
407 "\xa9\xca\xb5\x9e\xb4\x0a\x10\xb2"
408 "\x46\x29\x0f\x2d\x60\x86\xe3\x2e"
409 "\x36\x89\xfa\xf1\xd2\x6b\x47\x0c"
410 "\x89\x9f\x28\x02", 28,
411 "KECCAK-224", 0) != 0) {
412 return CRYPT_FAIL_TESTVECTOR;
413 }
414
415 keccak_224_init(&c);
416 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
417 keccak_done(&c, hash);
418 if(compare_testvector(hash, 28,
419 "\x61\x5b\xa3\x67\xaf\xdc\x35\xaa"
420 "\xc3\x97\xbc\x7e\xb5\xd5\x8d\x10"
421 "\x6a\x73\x4b\x24\x98\x6d\x5d\x97"
422 "\x8f\xef\xd6\x2c", 28,
423 "KECCAK-224", 1) != 0) {
424 return CRYPT_FAIL_TESTVECTOR;
425 }
426
427 keccak_224_init(&c);
428 keccak_process(&c, (unsigned char*)
429 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
430 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
431 keccak_done(&c, hash);
432 if(compare_testvector(hash, 28,
433 "\x56\x79\xcd\x50\x9c\x51\x20\xaf"
434 "\x54\x79\x5c\xf4\x77\x14\x96\x41"
435 "\xcf\x27\xb2\xeb\xb6\xa5\xf9\x03"
436 "\x40\x70\x4e\x57", 28,
437 "KECCAK-224", 2) != 0) {
438 return CRYPT_FAIL_TESTVECTOR;
439 }
440
441 keccak_224_init(&c);
442 keccak_process(&c, (unsigned char*)
443 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
444 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
445 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
446 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
447 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
448 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
449 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
450 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
451 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
452 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
453 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
454 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
455 "\x6d\xcb\xb4\xce", 100);
456 keccak_done(&c, hash);
457 if(compare_testvector(hash, 28,
458 "\x62\xb1\x0f\x1b\x62\x36\xeb\xc2"
459 "\xda\x72\x95\x77\x42\xa8\xd4\xe4"
460 "\x8e\x21\x3b\x5f\x89\x34\x60\x4b"
461 "\xfd\x4d\x2c\x3a", 28,
462 "KECCAK-224", 3) != 0) {
463 return CRYPT_FAIL_TESTVECTOR;
464 }
465
466 return CRYPT_OK;
467 #endif
468 }
469
keccak_256_test(void)470 int keccak_256_test(void)
471 {
472 #ifndef LTC_TEST
473 return CRYPT_NOP;
474 #else
475 hash_state c;
476 unsigned char hash[MAXBLOCKSIZE];
477
478 keccak_256_init(&c);
479 keccak_process(&c, (unsigned char*) "\xcc", 1);
480 keccak_done(&c, hash);
481 if(compare_testvector(hash, 32,
482 "\xee\xad\x6d\xbf\xc7\x34\x0a\x56"
483 "\xca\xed\xc0\x44\x69\x6a\x16\x88"
484 "\x70\x54\x9a\x6a\x7f\x6f\x56\x96"
485 "\x1e\x84\xa5\x4b\xd9\x97\x0b\x8a", 32,
486 "KECCAK-256", 0) != 0) {
487 return CRYPT_FAIL_TESTVECTOR;
488 }
489
490 keccak_256_init(&c);
491 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
492 keccak_done(&c, hash);
493 if(compare_testvector(hash, 32,
494 "\xa8\xea\xce\xda\x4d\x47\xb3\x28"
495 "\x1a\x79\x5a\xd9\xe1\xea\x21\x22"
496 "\xb4\x07\xba\xf9\xaa\xbc\xb9\xe1"
497 "\x8b\x57\x17\xb7\x87\x35\x37\xd2", 32,
498 "KECCAK-256", 1) != 0) {
499 return CRYPT_FAIL_TESTVECTOR;
500 }
501
502 keccak_256_init(&c);
503 keccak_process(&c, (unsigned char*)
504 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
505 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
506 keccak_done(&c, hash);
507 if(compare_testvector(hash, 32,
508 "\x0e\x32\xde\xfa\x20\x71\xf0\xb5"
509 "\xac\x0e\x6a\x10\x8b\x84\x2e\xd0"
510 "\xf1\xd3\x24\x97\x12\xf5\x8e\xe0"
511 "\xdd\xf9\x56\xfe\x33\x2a\x5f\x95", 32,
512 "KECCAK-256", 2) != 0) {
513 return CRYPT_FAIL_TESTVECTOR;
514 }
515
516 keccak_256_init(&c);
517 keccak_process(&c, (unsigned char*)
518 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
519 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
520 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
521 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
522 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
523 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
524 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
525 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
526 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
527 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
528 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
529 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
530 "\x6d\xcb\xb4\xce", 100);
531 keccak_done(&c, hash);
532 if(compare_testvector(hash, 32,
533 "\xce\x87\xa5\x17\x3b\xff\xd9\x23"
534 "\x99\x22\x16\x58\xf8\x01\xd4\x5c"
535 "\x29\x4d\x90\x06\xee\x9f\x3f\x9d"
536 "\x41\x9c\x8d\x42\x77\x48\xdc\x41", 32,
537 "KECCAK-256", 3) != 0) {
538 return CRYPT_FAIL_TESTVECTOR;
539 }
540
541 return CRYPT_OK;
542 #endif
543 }
544
keccak_384_test(void)545 int keccak_384_test(void)
546 {
547 #ifndef LTC_TEST
548 return CRYPT_NOP;
549 #else
550 hash_state c;
551 unsigned char hash[MAXBLOCKSIZE];
552
553 keccak_384_init(&c);
554 keccak_process(&c, (unsigned char*) "\xcc", 1);
555 keccak_done(&c, hash);
556 if(compare_testvector(hash, 48,
557 "\x1b\x84\xe6\x2a\x46\xe5\xa2\x01"
558 "\x86\x17\x54\xaf\x5d\xc9\x5c\x4a"
559 "\x1a\x69\xca\xf4\xa7\x96\xae\x40"
560 "\x56\x80\x16\x1e\x29\x57\x26\x41"
561 "\xf5\xfa\x1e\x86\x41\xd7\x95\x83"
562 "\x36\xee\x7b\x11\xc5\x8f\x73\xe9", 48,
563 "KECCAK-384", 0) != 0) {
564 return CRYPT_FAIL_TESTVECTOR;
565 }
566
567 keccak_384_init(&c);
568 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
569 keccak_done(&c, hash);
570 if(compare_testvector(hash, 48,
571 "\x49\x5c\xce\x27\x14\xcd\x72\xc8"
572 "\xc5\x3c\x33\x63\xd2\x2c\x58\xb5"
573 "\x59\x60\xfe\x26\xbe\x0b\xf3\xbb"
574 "\xc7\xa3\x31\x6d\xd5\x63\xad\x1d"
575 "\xb8\x41\x0e\x75\xee\xfe\xa6\x55"
576 "\xe3\x9d\x46\x70\xec\x0b\x17\x92", 48,
577 "KECCAK-384", 1) != 0) {
578 return CRYPT_FAIL_TESTVECTOR;
579 }
580
581 keccak_384_init(&c);
582 keccak_process(&c, (unsigned char*)
583 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
584 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
585 keccak_done(&c, hash);
586 if(compare_testvector(hash, 48,
587 "\x18\x42\x2a\xc1\xd3\xa1\xe5\x4b"
588 "\xad\x87\x68\x83\xd2\xd6\xdd\x65"
589 "\xf6\x5c\x1d\x5f\x33\xa7\x12\x5c"
590 "\xc4\xc1\x86\x40\x5a\x12\xed\x64"
591 "\xba\x96\x67\x2e\xed\xda\x8c\x5a"
592 "\x63\x31\xd2\x86\x83\xf4\x88\xeb", 48,
593 "KECCAK-384", 2) != 0) {
594 return CRYPT_FAIL_TESTVECTOR;
595 }
596
597 keccak_384_init(&c);
598 keccak_process(&c, (unsigned char*)
599 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
600 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
601 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
602 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
603 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
604 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
605 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
606 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
607 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
608 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
609 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
610 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
611 "\x6d\xcb\xb4\xce", 100);
612 keccak_done(&c, hash);
613 if(compare_testvector(hash, 48,
614 "\x13\x51\x14\x50\x8d\xd6\x3e\x27"
615 "\x9e\x70\x9c\x26\xf7\x81\x7c\x04"
616 "\x82\x76\x6c\xde\x49\x13\x2e\x3e"
617 "\xdf\x2e\xed\xd8\x99\x6f\x4e\x35"
618 "\x96\xd1\x84\x10\x0b\x38\x48\x68"
619 "\x24\x9f\x1d\x8b\x8f\xda\xa2\xc9", 48,
620 "KECCAK-384", 3) != 0) {
621 return CRYPT_FAIL_TESTVECTOR;
622 }
623
624 return CRYPT_OK;
625 #endif
626 }
627
keccak_512_test(void)628 int keccak_512_test(void)
629 {
630 #ifndef LTC_TEST
631 return CRYPT_NOP;
632 #else
633 hash_state c;
634 unsigned char hash[MAXBLOCKSIZE];
635
636 keccak_512_init(&c);
637 keccak_process(&c, (unsigned char*) "\xcc", 1);
638 keccak_done(&c, hash);
639 if(compare_testvector(hash, 64,
640 "\x86\x30\xc1\x3c\xbd\x06\x6e\xa7"
641 "\x4b\xbe\x7f\xe4\x68\xfe\xc1\xde"
642 "\xe1\x0e\xdc\x12\x54\xfb\x4c\x1b"
643 "\x7c\x5f\xd6\x9b\x64\x6e\x44\x16"
644 "\x0b\x8c\xe0\x1d\x05\xa0\x90\x8c"
645 "\xa7\x90\xdf\xb0\x80\xf4\xb5\x13"
646 "\xbc\x3b\x62\x25\xec\xe7\xa8\x10"
647 "\x37\x14\x41\xa5\xac\x66\x6e\xb9", 64,
648 "KECCAK-512", 0) != 0) {
649 return CRYPT_FAIL_TESTVECTOR;
650 }
651
652 keccak_512_init(&c);
653 keccak_process(&c, (unsigned char*)"\x41\xfb", 2);
654 keccak_done(&c, hash);
655 if(compare_testvector(hash, 64,
656 "\x55\x1d\xa6\x23\x6f\x8b\x96\xfc"
657 "\xe9\xf9\x7f\x11\x90\xe9\x01\x32"
658 "\x4f\x0b\x45\xe0\x6d\xbb\xb5\xcd"
659 "\xb8\x35\x5d\x6e\xd1\xdc\x34\xb3"
660 "\xf0\xea\xe7\xdc\xb6\x86\x22\xff"
661 "\x23\x2f\xa3\xce\xce\x0d\x46\x16"
662 "\xcd\xeb\x39\x31\xf9\x38\x03\x66"
663 "\x2a\x28\xdf\x1c\xd5\x35\xb7\x31", 64,
664 "KECCAK-512", 1) != 0) {
665 return CRYPT_FAIL_TESTVECTOR;
666 }
667
668 keccak_512_init(&c);
669 keccak_process(&c, (unsigned char*)
670 "\x52\xa6\x08\xab\x21\xcc\xdd\x8a"
671 "\x44\x57\xa5\x7e\xde\x78\x21\x76", 16);
672 keccak_done(&c, hash);
673 if(compare_testvector(hash, 64,
674 "\x4b\x39\xd3\xda\x5b\xcd\xf4\xd9"
675 "\xb7\x69\x01\x59\x95\x64\x43\x11"
676 "\xc1\x4c\x43\x5b\xf7\x2b\x10\x09"
677 "\xd6\xdd\x71\xb0\x1a\x63\xb9\x7c"
678 "\xfb\x59\x64\x18\xe8\xe4\x23\x42"
679 "\xd1\x17\xe0\x74\x71\xa8\x91\x43"
680 "\x14\xba\x7b\x0e\x26\x4d\xad\xf0"
681 "\xce\xa3\x81\x86\x8c\xbd\x43\xd1", 64,
682 "KECCAK-512", 2) != 0) {
683 return CRYPT_FAIL_TESTVECTOR;
684 }
685
686 keccak_512_init(&c);
687 keccak_process(&c, (unsigned char*)
688 "\x43\x3c\x53\x03\x13\x16\x24\xc0"
689 "\x02\x1d\x86\x8a\x30\x82\x54\x75"
690 "\xe8\xd0\xbd\x30\x52\xa0\x22\x18"
691 "\x03\x98\xf4\xca\x44\x23\xb9\x82"
692 "\x14\xb6\xbe\xaa\xc2\x1c\x88\x07"
693 "\xa2\xc3\x3f\x8c\x93\xbd\x42\xb0"
694 "\x92\xcc\x1b\x06\xce\xdf\x32\x24"
695 "\xd5\xed\x1e\xc2\x97\x84\x44\x4f"
696 "\x22\xe0\x8a\x55\xaa\x58\x54\x2b"
697 "\x52\x4b\x02\xcd\x3d\x5d\x5f\x69"
698 "\x07\xaf\xe7\x1c\x5d\x74\x62\x22"
699 "\x4a\x3f\x9d\x9e\x53\xe7\xe0\x84"
700 "\x6d\xcb\xb4\xce", 100);
701 keccak_done(&c, hash);
702 if(compare_testvector(hash, 64,
703 "\x52\x7d\x28\xe3\x41\xe6\xb1\x4f"
704 "\x46\x84\xad\xb4\xb8\x24\xc4\x96"
705 "\xc6\x48\x2e\x51\x14\x95\x65\xd3"
706 "\xd1\x72\x26\x82\x88\x84\x30\x6b"
707 "\x51\xd6\x14\x8a\x72\x62\x2c\x2b"
708 "\x75\xf5\xd3\x51\x0b\x79\x9d\x8b"
709 "\xdc\x03\xea\xed\xe4\x53\x67\x6a"
710 "\x6e\xc8\xfe\x03\xa1\xad\x0e\xab", 64,
711 "KECCAK-512", 3) != 0) {
712 return CRYPT_FAIL_TESTVECTOR;
713 }
714
715 return CRYPT_OK;
716 #endif
717 }
718
719 #endif
720