Implement ctx struct for fips202
This commit is contained in:
bovenliggende
6953a0b32e
commit
b153768783
@ -520,36 +520,36 @@ static void keccak_inc_squeeze(uint8_t *h, size_t outlen,
|
||||
}
|
||||
}
|
||||
|
||||
void shake128_inc_init(uint64_t *s_inc) {
|
||||
keccak_inc_init(s_inc);
|
||||
void shake128_inc_init(shake128incctx *state) {
|
||||
keccak_inc_init(state->ctx);
|
||||
}
|
||||
|
||||
void shake128_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(s_inc, SHAKE128_RATE, input, inlen);
|
||||
void shake128_inc_absorb(shake128incctx *state, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(state->ctx, SHAKE128_RATE, input, inlen);
|
||||
}
|
||||
|
||||
void shake128_inc_finalize(uint64_t *s_inc) {
|
||||
keccak_inc_finalize(s_inc, SHAKE128_RATE, 0x1F);
|
||||
void shake128_inc_finalize(shake128incctx *state) {
|
||||
keccak_inc_finalize(state->ctx, SHAKE128_RATE, 0x1F);
|
||||
}
|
||||
|
||||
void shake128_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) {
|
||||
keccak_inc_squeeze(output, outlen, s_inc, SHAKE128_RATE);
|
||||
void shake128_inc_squeeze(uint8_t *output, size_t outlen, shake128incctx *state) {
|
||||
keccak_inc_squeeze(output, outlen, state->ctx, SHAKE128_RATE);
|
||||
}
|
||||
|
||||
void shake256_inc_init(uint64_t *s_inc) {
|
||||
keccak_inc_init(s_inc);
|
||||
void shake256_inc_init(shake256incctx *state) {
|
||||
keccak_inc_init(state->ctx);
|
||||
}
|
||||
|
||||
void shake256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(s_inc, SHAKE256_RATE, input, inlen);
|
||||
void shake256_inc_absorb(shake256incctx *state, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(state->ctx, SHAKE256_RATE, input, inlen);
|
||||
}
|
||||
|
||||
void shake256_inc_finalize(uint64_t *s_inc) {
|
||||
keccak_inc_finalize(s_inc, SHAKE256_RATE, 0x1F);
|
||||
void shake256_inc_finalize(shake256incctx *state) {
|
||||
keccak_inc_finalize(state->ctx, SHAKE256_RATE, 0x1F);
|
||||
}
|
||||
|
||||
void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) {
|
||||
keccak_inc_squeeze(output, outlen, s_inc, SHAKE256_RATE);
|
||||
void shake256_inc_squeeze(uint8_t *output, size_t outlen, shake256incctx *state) {
|
||||
keccak_inc_squeeze(output, outlen, state->ctx, SHAKE256_RATE);
|
||||
}
|
||||
|
||||
|
||||
@ -564,8 +564,8 @@ void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) {
|
||||
* into s
|
||||
* - size_t inlen: length of input in bytes
|
||||
**************************************************/
|
||||
void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
||||
keccak_absorb(s, SHAKE128_RATE, input, inlen, 0x1F);
|
||||
void shake128_absorb(shake128ctx *state, const uint8_t *input, size_t inlen) {
|
||||
keccak_absorb(state->ctx, SHAKE128_RATE, input, inlen, 0x1F);
|
||||
}
|
||||
|
||||
/*************************************************
|
||||
@ -578,10 +578,10 @@ void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
||||
* Arguments: - uint8_t *output: pointer to output blocks
|
||||
* - size_t nblocks: number of blocks to be squeezed
|
||||
* (written to output)
|
||||
* - uint64_t *s: pointer to input/output Keccak state
|
||||
* - shake128ctx *state: pointer to input/output Keccak state
|
||||
**************************************************/
|
||||
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) {
|
||||
keccak_squeezeblocks(output, nblocks, s, SHAKE128_RATE);
|
||||
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, shake128ctx *state) {
|
||||
keccak_squeezeblocks(output, nblocks, state->ctx, SHAKE128_RATE);
|
||||
}
|
||||
|
||||
/*************************************************
|
||||
@ -590,13 +590,13 @@ void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) {
|
||||
* Description: Absorb step of the SHAKE256 XOF.
|
||||
* non-incremental, starts by zeroeing the state.
|
||||
*
|
||||
* Arguments: - uint64_t *s: pointer to (uninitialized) output Keccak state
|
||||
* Arguments: - shake256ctx *state: pointer to (uninitialized) output Keccak state
|
||||
* - const uint8_t *input: pointer to input to be absorbed
|
||||
* into s
|
||||
* - size_t inlen: length of input in bytes
|
||||
**************************************************/
|
||||
void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
||||
keccak_absorb(s, SHAKE256_RATE, input, inlen, 0x1F);
|
||||
void shake256_absorb(shake256ctx *state, const uint8_t *input, size_t inlen) {
|
||||
keccak_absorb(state->ctx, SHAKE256_RATE, input, inlen, 0x1F);
|
||||
}
|
||||
|
||||
/*************************************************
|
||||
@ -609,10 +609,10 @@ void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
||||
* Arguments: - uint8_t *output: pointer to output blocks
|
||||
* - size_t nblocks: number of blocks to be squeezed
|
||||
* (written to output)
|
||||
* - uint64_t *s: pointer to input/output Keccak state
|
||||
* - shake256ctx *state: pointer to input/output Keccak state
|
||||
**************************************************/
|
||||
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) {
|
||||
keccak_squeezeblocks(output, nblocks, s, SHAKE256_RATE);
|
||||
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, shake256ctx *state) {
|
||||
keccak_squeezeblocks(output, nblocks, state->ctx, SHAKE256_RATE);
|
||||
}
|
||||
|
||||
/*************************************************
|
||||
@ -629,16 +629,16 @@ void shake128(uint8_t *output, size_t outlen,
|
||||
const uint8_t *input, size_t inlen) {
|
||||
size_t nblocks = outlen / SHAKE128_RATE;
|
||||
uint8_t t[SHAKE128_RATE];
|
||||
uint64_t s[25];
|
||||
shake128ctx s;
|
||||
|
||||
shake128_absorb(s, input, inlen);
|
||||
shake128_squeezeblocks(output, nblocks, s);
|
||||
shake128_absorb(&s, input, inlen);
|
||||
shake128_squeezeblocks(output, nblocks, &s);
|
||||
|
||||
output += nblocks * SHAKE128_RATE;
|
||||
outlen -= nblocks * SHAKE128_RATE;
|
||||
|
||||
if (outlen) {
|
||||
shake128_squeezeblocks(t, 1, s);
|
||||
shake128_squeezeblocks(t, 1, &s);
|
||||
for (size_t i = 0; i < outlen; ++i) {
|
||||
output[i] = t[i];
|
||||
}
|
||||
@ -659,35 +659,35 @@ void shake256(uint8_t *output, size_t outlen,
|
||||
const uint8_t *input, size_t inlen) {
|
||||
size_t nblocks = outlen / SHAKE256_RATE;
|
||||
uint8_t t[SHAKE256_RATE];
|
||||
uint64_t s[25];
|
||||
shake256ctx s;
|
||||
|
||||
shake256_absorb(s, input, inlen);
|
||||
shake256_squeezeblocks(output, nblocks, s);
|
||||
shake256_absorb(&s, input, inlen);
|
||||
shake256_squeezeblocks(output, nblocks, &s);
|
||||
|
||||
output += nblocks * SHAKE256_RATE;
|
||||
outlen -= nblocks * SHAKE256_RATE;
|
||||
|
||||
if (outlen) {
|
||||
shake256_squeezeblocks(t, 1, s);
|
||||
shake256_squeezeblocks(t, 1, &s);
|
||||
for (size_t i = 0; i < outlen; ++i) {
|
||||
output[i] = t[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void sha3_256_inc_init(uint64_t *s_inc) {
|
||||
keccak_inc_init(s_inc);
|
||||
void sha3_256_inc_init(sha3_256incctx *state) {
|
||||
keccak_inc_init(state->ctx);
|
||||
}
|
||||
|
||||
void sha3_256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(s_inc, SHA3_256_RATE, input, inlen);
|
||||
void sha3_256_inc_absorb(sha3_256incctx *state, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(state->ctx, SHA3_256_RATE, input, inlen);
|
||||
}
|
||||
|
||||
void sha3_256_inc_finalize(uint8_t *output, uint64_t *s_inc) {
|
||||
void sha3_256_inc_finalize(uint8_t *output, sha3_256incctx *state) {
|
||||
uint8_t t[SHA3_256_RATE];
|
||||
keccak_inc_finalize(s_inc, SHA3_256_RATE, 0x06);
|
||||
keccak_inc_finalize(state->ctx, SHA3_256_RATE, 0x06);
|
||||
|
||||
keccak_squeezeblocks(t, 1, s_inc, SHA3_256_RATE);
|
||||
keccak_squeezeblocks(t, 1, state->ctx, SHA3_256_RATE);
|
||||
|
||||
for (size_t i = 0; i < 32; i++) {
|
||||
output[i] = t[i];
|
||||
@ -718,19 +718,19 @@ void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen) {
|
||||
}
|
||||
}
|
||||
|
||||
void sha3_512_inc_init(uint64_t *s_inc) {
|
||||
keccak_inc_init(s_inc);
|
||||
void sha3_512_inc_init(sha3_512incctx *state) {
|
||||
keccak_inc_init(state->ctx);
|
||||
}
|
||||
|
||||
void sha3_512_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(s_inc, SHA3_512_RATE, input, inlen);
|
||||
void sha3_512_inc_absorb(sha3_512incctx *state, const uint8_t *input, size_t inlen) {
|
||||
keccak_inc_absorb(state->ctx, SHA3_512_RATE, input, inlen);
|
||||
}
|
||||
|
||||
void sha3_512_inc_finalize(uint8_t *output, uint64_t *s_inc) {
|
||||
void sha3_512_inc_finalize(uint8_t *output, sha3_512incctx *state) {
|
||||
uint8_t t[SHA3_512_RATE];
|
||||
keccak_inc_finalize(s_inc, SHA3_512_RATE, 0x06);
|
||||
keccak_inc_finalize(state->ctx, SHA3_512_RATE, 0x06);
|
||||
|
||||
keccak_squeezeblocks(t, 1, s_inc, SHA3_512_RATE);
|
||||
keccak_squeezeblocks(t, 1, state->ctx, SHA3_512_RATE);
|
||||
|
||||
for (size_t i = 0; i < 32; i++) {
|
||||
output[i] = t[i];
|
||||
|
@ -9,22 +9,53 @@
|
||||
#define SHA3_256_RATE 136
|
||||
#define SHA3_512_RATE 72
|
||||
|
||||
void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen);
|
||||
|
||||
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s);
|
||||
// Context for incremental API
|
||||
typedef struct {
|
||||
uint64_t ctx[26];
|
||||
} shake128incctx;
|
||||
|
||||
void shake128_inc_init(uint64_t *s_inc);
|
||||
void shake128_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
||||
void shake128_inc_finalize(uint64_t *s_inc);
|
||||
void shake128_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc);
|
||||
// Context for non-incremental API
|
||||
typedef struct {
|
||||
uint64_t ctx[25];
|
||||
} shake128ctx;
|
||||
|
||||
void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen);
|
||||
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s);
|
||||
// Context for incremental API
|
||||
typedef struct {
|
||||
uint64_t ctx[26];
|
||||
} shake256incctx;
|
||||
|
||||
void shake256_inc_init(uint64_t *s_inc);
|
||||
void shake256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
||||
void shake256_inc_finalize(uint64_t *s_inc);
|
||||
void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc);
|
||||
// Context for non-incremental API
|
||||
typedef struct {
|
||||
uint64_t ctx[25];
|
||||
} shake256ctx;
|
||||
|
||||
// Context for incremental API
|
||||
typedef struct {
|
||||
uint64_t ctx[26];
|
||||
} sha3_256incctx;
|
||||
|
||||
// Context for incremental API
|
||||
typedef struct {
|
||||
uint64_t ctx[26];
|
||||
} sha3_512incctx;
|
||||
|
||||
void shake128_absorb(shake128ctx *state, const uint8_t *input, size_t inlen);
|
||||
|
||||
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, shake128ctx *state);
|
||||
|
||||
void shake128_inc_init(shake128incctx *state);
|
||||
void shake128_inc_absorb(shake128incctx *state, const uint8_t *input, size_t inlen);
|
||||
void shake128_inc_finalize(shake128incctx *state);
|
||||
void shake128_inc_squeeze(uint8_t *output, size_t outlen, shake128incctx *state);
|
||||
|
||||
void shake256_absorb(shake256ctx *state, const uint8_t *input, size_t inlen);
|
||||
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, shake256ctx *state);
|
||||
|
||||
void shake256_inc_init(shake256incctx *state);
|
||||
void shake256_inc_absorb(shake256incctx *state, const uint8_t *input, size_t inlen);
|
||||
void shake256_inc_finalize(shake256incctx *state);
|
||||
void shake256_inc_squeeze(uint8_t *output, size_t outlen, shake256incctx *state);
|
||||
|
||||
void shake128(uint8_t *output, size_t outlen,
|
||||
const uint8_t *input, size_t inlen);
|
||||
@ -32,15 +63,15 @@ void shake128(uint8_t *output, size_t outlen,
|
||||
void shake256(uint8_t *output, size_t outlen,
|
||||
const uint8_t *input, size_t inlen);
|
||||
|
||||
void sha3_256_inc_init(uint64_t *s_inc);
|
||||
void sha3_256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
||||
void sha3_256_inc_finalize(uint8_t *output, uint64_t *s_inc);
|
||||
void sha3_256_inc_init(sha3_256incctx *state);
|
||||
void sha3_256_inc_absorb(sha3_256incctx *state, const uint8_t *input, size_t inlen);
|
||||
void sha3_256_inc_finalize(uint8_t *output, sha3_256incctx *state);
|
||||
|
||||
void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen);
|
||||
|
||||
void sha3_512_inc_init(uint64_t *s_inc);
|
||||
void sha3_512_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
||||
void sha3_512_inc_finalize(uint8_t *output, uint64_t *s_inc);
|
||||
void sha3_512_inc_init(sha3_512incctx *state);
|
||||
void sha3_512_inc_absorb(sha3_512incctx *state, const uint8_t *input, size_t inlen);
|
||||
void sha3_512_inc_finalize(uint8_t *output, sha3_512incctx *state);
|
||||
|
||||
void sha3_512(uint8_t *output, const uint8_t *input, size_t inlen);
|
||||
|
||||
|
@ -56,7 +56,7 @@ static int test_sha3_256_incremental(void) {
|
||||
unsigned char input[512];
|
||||
unsigned char check[32];
|
||||
unsigned char output[32];
|
||||
uint64_t s_inc[26];
|
||||
sha3_256incctx state;
|
||||
int i;
|
||||
int absorbed;
|
||||
int returncode = 0;
|
||||
@ -67,18 +67,18 @@ static int test_sha3_256_incremental(void) {
|
||||
|
||||
sha3_256(check, input, 512);
|
||||
|
||||
sha3_256_inc_init(s_inc);
|
||||
sha3_256_inc_init(&state);
|
||||
|
||||
absorbed = 0;
|
||||
for (i = 0; i < 512 && absorbed + i <= 512; i++) {
|
||||
sha3_256_inc_absorb(s_inc, input + absorbed, i);
|
||||
sha3_256_inc_absorb(&state, input + absorbed, i);
|
||||
absorbed += i;
|
||||
}
|
||||
sha3_256_inc_absorb(s_inc, input + absorbed, 512 - absorbed);
|
||||
sha3_256_inc_absorb(&state, input + absorbed, 512 - absorbed);
|
||||
|
||||
sha3_256_inc_finalize(output, s_inc);
|
||||
sha3_256_inc_finalize(output, &state);
|
||||
|
||||
if (memcmp(check, output, 32)) {
|
||||
if (memcmp(check, output, 32) != 0) {
|
||||
printf("ERROR sha3_256 incremental did not match sha3_256.\n");
|
||||
printf(" Expected: ");
|
||||
for (i = 0; i < 32; i++) {
|
||||
@ -100,11 +100,11 @@ static int test_shake128_incremental(void) {
|
||||
unsigned char input[512];
|
||||
unsigned char check[512];
|
||||
unsigned char output[512];
|
||||
uint64_t s_inc_absorb[26];
|
||||
uint64_t s_inc_squeeze[26];
|
||||
uint64_t s_inc_squeeze_all[26];
|
||||
uint64_t s_inc_both[26];
|
||||
uint64_t s_combined[25];
|
||||
shake128incctx state_absorb;
|
||||
shake128incctx state_squeeze;
|
||||
shake128incctx state_squeeze_all;
|
||||
shake128incctx state_both;
|
||||
shake128ctx state_combined;
|
||||
int i;
|
||||
int absorbed;
|
||||
int squeezed;
|
||||
@ -116,47 +116,27 @@ static int test_shake128_incremental(void) {
|
||||
|
||||
shake128(check, 512, input, 512);
|
||||
|
||||
shake128_inc_init(s_inc_absorb);
|
||||
shake128_inc_init(&state_absorb);
|
||||
|
||||
absorbed = 0;
|
||||
for (i = 0; i < 512 && absorbed + i <= 512; i++) {
|
||||
shake128_inc_absorb(s_inc_absorb, input + absorbed, i);
|
||||
shake128_inc_absorb(&state_absorb, input + absorbed, i);
|
||||
absorbed += i;
|
||||
}
|
||||
shake128_inc_absorb(s_inc_absorb, input + absorbed, 512 - absorbed);
|
||||
shake128_inc_absorb(&state_absorb, input + absorbed, 512 - absorbed);
|
||||
|
||||
shake128_inc_finalize(s_inc_absorb);
|
||||
shake128_inc_finalize(&state_absorb);
|
||||
|
||||
shake128_absorb(s_combined, input, 512);
|
||||
shake128_absorb(&state_combined, input, 512);
|
||||
|
||||
if (memcmp(s_inc_absorb, s_combined, 25 * sizeof(uint64_t))) {
|
||||
if (memcmp(&state_absorb, &state_combined, sizeof(shake128ctx)) != 0) {
|
||||
printf("ERROR shake128 state after incremental absorb did not match all-at-once absorb.\n");
|
||||
printf(" Expected: ");
|
||||
for (i = 0; i < 25; i++) {
|
||||
printf("%016" PRIx64, s_combined[i]);
|
||||
}
|
||||
printf("\n");
|
||||
printf(" State: ");
|
||||
for (i = 0; i < 25; i++) {
|
||||
printf("%016" PRIx64, s_inc_absorb[i]);
|
||||
}
|
||||
printf("\n");
|
||||
for (i = 0; i < 8 * 25; i++) {
|
||||
if (((s_combined[i >> 3] >> (8*(i & 0x7))) & 0xFF) !=
|
||||
((s_inc_absorb[i >> 3] >> (8*(i & 0x7))) & 0xFF)) {
|
||||
printf(" First occurred in int %d, byte %d (%02X should be %02X)\n",
|
||||
i >> 3, i & 0x7,
|
||||
(uint8_t)((s_inc_absorb[i >> 3] >> (8*(i & 0x7))) & 0xFF),
|
||||
(uint8_t)((s_combined[i >> 3] >> (8*(i & 0x7))) & 0xFF));
|
||||
break;
|
||||
}
|
||||
}
|
||||
returncode = 1;
|
||||
}
|
||||
|
||||
memcpy(s_inc_both, s_inc_absorb, 26 * sizeof(uint64_t));
|
||||
memcpy(&state_both, &state_absorb, sizeof(shake128incctx));
|
||||
|
||||
shake128_squeezeblocks(output, 3, s_inc_absorb);
|
||||
shake128_squeezeblocks(output, 3, (shake128ctx*)&state_absorb);
|
||||
|
||||
if (memcmp(check, output, 3*SHAKE128_RATE)) {
|
||||
printf("ERROR shake128 incremental absorb did not match shake128.\n");
|
||||
@ -173,14 +153,14 @@ static int test_shake128_incremental(void) {
|
||||
returncode = 1;
|
||||
}
|
||||
|
||||
shake128_absorb(s_inc_squeeze, input, 512);
|
||||
s_inc_squeeze[25] = 0;
|
||||
shake128_absorb((shake128ctx*)&state_squeeze, input, 512);
|
||||
state_squeeze.ctx[25] = 0;
|
||||
|
||||
memcpy(s_inc_squeeze_all, s_inc_squeeze, 26 * sizeof(uint64_t));
|
||||
memcpy(&state_squeeze_all, &state_squeeze, sizeof(shake128incctx));
|
||||
|
||||
shake128_inc_squeeze(output, 512, s_inc_squeeze_all);
|
||||
shake128_inc_squeeze(output, 512, &state_squeeze_all);
|
||||
|
||||
if (memcmp(check, output, 512)) {
|
||||
if (memcmp(check, output, 512) != 0) {
|
||||
printf("ERROR shake128 incremental squeeze-all did not match shake128.\n");
|
||||
printf(" Expected: ");
|
||||
for (i = 0; i < 512; i++) {
|
||||
@ -198,12 +178,12 @@ static int test_shake128_incremental(void) {
|
||||
squeezed = 0;
|
||||
memset(output, 0, 512);
|
||||
for (i = 0; i < 512 && squeezed + i <= 512; i++) {
|
||||
shake128_inc_squeeze(output + squeezed, i, s_inc_squeeze);
|
||||
shake128_inc_squeeze(output + squeezed, i, &state_squeeze);
|
||||
squeezed += i;
|
||||
}
|
||||
shake128_inc_squeeze(output + squeezed, 512 - squeezed, s_inc_squeeze);
|
||||
shake128_inc_squeeze(output + squeezed, 512 - squeezed, &state_squeeze);
|
||||
|
||||
if (memcmp(check, output, 512)) {
|
||||
if (memcmp(check, output, 512) != 0) {
|
||||
printf("ERROR shake128 incremental squeeze did not match shake128.\n");
|
||||
printf(" Expected: ");
|
||||
for (i = 0; i < 512; i++) {
|
||||
@ -221,12 +201,12 @@ static int test_shake128_incremental(void) {
|
||||
squeezed = 0;
|
||||
memset(output, 0, 512);
|
||||
for (i = 0; i < 512 && squeezed + i <= 512; i++) {
|
||||
shake128_inc_squeeze(output + squeezed, i, s_inc_both);
|
||||
shake128_inc_squeeze(output + squeezed, i, &state_both);
|
||||
squeezed += i;
|
||||
}
|
||||
shake128_inc_squeeze(output + squeezed, 512 - squeezed, s_inc_both);
|
||||
shake128_inc_squeeze(output + squeezed, 512 - squeezed, &state_both);
|
||||
|
||||
if (memcmp(check, output, 512)) {
|
||||
if (memcmp(check, output, 512) != 0) {
|
||||
printf("ERROR shake128 incremental absorb + squeeze did not match shake128.\n");
|
||||
printf(" Expected: ");
|
||||
for (i = 0; i < 512; i++) {
|
||||
@ -250,7 +230,7 @@ static int test_shake128(void) {
|
||||
|
||||
shake128(output, 32, plaintext, 43);
|
||||
|
||||
if (memcmp(expected, output, 32)) {
|
||||
if (memcmp(expected, output, 32) != 0) {
|
||||
printf("ERROR shake128 output did not match test vector.\n");
|
||||
printf("Expected: ");
|
||||
for (i = 0; i < 32; i++) {
|
||||
|
Laden…
Verwijs in nieuw issue
Block a user