Implement ctx struct for fips202
Этот коммит содержится в:
родитель
6953a0b32e
Коммит
b153768783
@ -520,36 +520,36 @@ static void keccak_inc_squeeze(uint8_t *h, size_t outlen,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake128_inc_init(uint64_t *s_inc) {
|
void shake128_inc_init(shake128incctx *state) {
|
||||||
keccak_inc_init(s_inc);
|
keccak_inc_init(state->ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake128_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
void shake128_inc_absorb(shake128incctx *state, const uint8_t *input, size_t inlen) {
|
||||||
keccak_inc_absorb(s_inc, SHAKE128_RATE, input, inlen);
|
keccak_inc_absorb(state->ctx, SHAKE128_RATE, input, inlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake128_inc_finalize(uint64_t *s_inc) {
|
void shake128_inc_finalize(shake128incctx *state) {
|
||||||
keccak_inc_finalize(s_inc, SHAKE128_RATE, 0x1F);
|
keccak_inc_finalize(state->ctx, SHAKE128_RATE, 0x1F);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake128_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) {
|
void shake128_inc_squeeze(uint8_t *output, size_t outlen, shake128incctx *state) {
|
||||||
keccak_inc_squeeze(output, outlen, s_inc, SHAKE128_RATE);
|
keccak_inc_squeeze(output, outlen, state->ctx, SHAKE128_RATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake256_inc_init(uint64_t *s_inc) {
|
void shake256_inc_init(shake256incctx *state) {
|
||||||
keccak_inc_init(s_inc);
|
keccak_inc_init(state->ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
void shake256_inc_absorb(shake256incctx *state, const uint8_t *input, size_t inlen) {
|
||||||
keccak_inc_absorb(s_inc, SHAKE256_RATE, input, inlen);
|
keccak_inc_absorb(state->ctx, SHAKE256_RATE, input, inlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake256_inc_finalize(uint64_t *s_inc) {
|
void shake256_inc_finalize(shake256incctx *state) {
|
||||||
keccak_inc_finalize(s_inc, SHAKE256_RATE, 0x1F);
|
keccak_inc_finalize(state->ctx, SHAKE256_RATE, 0x1F);
|
||||||
}
|
}
|
||||||
|
|
||||||
void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) {
|
void shake256_inc_squeeze(uint8_t *output, size_t outlen, shake256incctx *state) {
|
||||||
keccak_inc_squeeze(output, outlen, s_inc, SHAKE256_RATE);
|
keccak_inc_squeeze(output, outlen, state->ctx, SHAKE256_RATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -564,8 +564,8 @@ void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc) {
|
|||||||
* into s
|
* into s
|
||||||
* - size_t inlen: length of input in bytes
|
* - size_t inlen: length of input in bytes
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
void shake128_absorb(shake128ctx *state, const uint8_t *input, size_t inlen) {
|
||||||
keccak_absorb(s, SHAKE128_RATE, input, inlen, 0x1F);
|
keccak_absorb(state->ctx, SHAKE128_RATE, input, inlen, 0x1F);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -578,10 +578,10 @@ void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
|||||||
* Arguments: - uint8_t *output: pointer to output blocks
|
* Arguments: - uint8_t *output: pointer to output blocks
|
||||||
* - size_t nblocks: number of blocks to be squeezed
|
* - size_t nblocks: number of blocks to be squeezed
|
||||||
* (written to output)
|
* (written to output)
|
||||||
* - uint64_t *s: pointer to input/output Keccak state
|
* - shake128ctx *state: pointer to input/output Keccak state
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) {
|
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, shake128ctx *state) {
|
||||||
keccak_squeezeblocks(output, nblocks, s, SHAKE128_RATE);
|
keccak_squeezeblocks(output, nblocks, state->ctx, SHAKE128_RATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -590,13 +590,13 @@ void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) {
|
|||||||
* Description: Absorb step of the SHAKE256 XOF.
|
* Description: Absorb step of the SHAKE256 XOF.
|
||||||
* non-incremental, starts by zeroeing the state.
|
* non-incremental, starts by zeroeing the state.
|
||||||
*
|
*
|
||||||
* Arguments: - uint64_t *s: pointer to (uninitialized) output Keccak state
|
* Arguments: - shake256ctx *state: pointer to (uninitialized) output Keccak state
|
||||||
* - const uint8_t *input: pointer to input to be absorbed
|
* - const uint8_t *input: pointer to input to be absorbed
|
||||||
* into s
|
* into s
|
||||||
* - size_t inlen: length of input in bytes
|
* - size_t inlen: length of input in bytes
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
void shake256_absorb(shake256ctx *state, const uint8_t *input, size_t inlen) {
|
||||||
keccak_absorb(s, SHAKE256_RATE, input, inlen, 0x1F);
|
keccak_absorb(state->ctx, SHAKE256_RATE, input, inlen, 0x1F);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -609,10 +609,10 @@ void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen) {
|
|||||||
* Arguments: - uint8_t *output: pointer to output blocks
|
* Arguments: - uint8_t *output: pointer to output blocks
|
||||||
* - size_t nblocks: number of blocks to be squeezed
|
* - size_t nblocks: number of blocks to be squeezed
|
||||||
* (written to output)
|
* (written to output)
|
||||||
* - uint64_t *s: pointer to input/output Keccak state
|
* - shake256ctx *state: pointer to input/output Keccak state
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s) {
|
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, shake256ctx *state) {
|
||||||
keccak_squeezeblocks(output, nblocks, s, SHAKE256_RATE);
|
keccak_squeezeblocks(output, nblocks, state->ctx, SHAKE256_RATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -629,16 +629,16 @@ void shake128(uint8_t *output, size_t outlen,
|
|||||||
const uint8_t *input, size_t inlen) {
|
const uint8_t *input, size_t inlen) {
|
||||||
size_t nblocks = outlen / SHAKE128_RATE;
|
size_t nblocks = outlen / SHAKE128_RATE;
|
||||||
uint8_t t[SHAKE128_RATE];
|
uint8_t t[SHAKE128_RATE];
|
||||||
uint64_t s[25];
|
shake128ctx s;
|
||||||
|
|
||||||
shake128_absorb(s, input, inlen);
|
shake128_absorb(&s, input, inlen);
|
||||||
shake128_squeezeblocks(output, nblocks, s);
|
shake128_squeezeblocks(output, nblocks, &s);
|
||||||
|
|
||||||
output += nblocks * SHAKE128_RATE;
|
output += nblocks * SHAKE128_RATE;
|
||||||
outlen -= nblocks * SHAKE128_RATE;
|
outlen -= nblocks * SHAKE128_RATE;
|
||||||
|
|
||||||
if (outlen) {
|
if (outlen) {
|
||||||
shake128_squeezeblocks(t, 1, s);
|
shake128_squeezeblocks(t, 1, &s);
|
||||||
for (size_t i = 0; i < outlen; ++i) {
|
for (size_t i = 0; i < outlen; ++i) {
|
||||||
output[i] = t[i];
|
output[i] = t[i];
|
||||||
}
|
}
|
||||||
@ -659,35 +659,35 @@ void shake256(uint8_t *output, size_t outlen,
|
|||||||
const uint8_t *input, size_t inlen) {
|
const uint8_t *input, size_t inlen) {
|
||||||
size_t nblocks = outlen / SHAKE256_RATE;
|
size_t nblocks = outlen / SHAKE256_RATE;
|
||||||
uint8_t t[SHAKE256_RATE];
|
uint8_t t[SHAKE256_RATE];
|
||||||
uint64_t s[25];
|
shake256ctx s;
|
||||||
|
|
||||||
shake256_absorb(s, input, inlen);
|
shake256_absorb(&s, input, inlen);
|
||||||
shake256_squeezeblocks(output, nblocks, s);
|
shake256_squeezeblocks(output, nblocks, &s);
|
||||||
|
|
||||||
output += nblocks * SHAKE256_RATE;
|
output += nblocks * SHAKE256_RATE;
|
||||||
outlen -= nblocks * SHAKE256_RATE;
|
outlen -= nblocks * SHAKE256_RATE;
|
||||||
|
|
||||||
if (outlen) {
|
if (outlen) {
|
||||||
shake256_squeezeblocks(t, 1, s);
|
shake256_squeezeblocks(t, 1, &s);
|
||||||
for (size_t i = 0; i < outlen; ++i) {
|
for (size_t i = 0; i < outlen; ++i) {
|
||||||
output[i] = t[i];
|
output[i] = t[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha3_256_inc_init(uint64_t *s_inc) {
|
void sha3_256_inc_init(sha3_256incctx *state) {
|
||||||
keccak_inc_init(s_inc);
|
keccak_inc_init(state->ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha3_256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
void sha3_256_inc_absorb(sha3_256incctx *state, const uint8_t *input, size_t inlen) {
|
||||||
keccak_inc_absorb(s_inc, SHA3_256_RATE, input, inlen);
|
keccak_inc_absorb(state->ctx, SHA3_256_RATE, input, inlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha3_256_inc_finalize(uint8_t *output, uint64_t *s_inc) {
|
void sha3_256_inc_finalize(uint8_t *output, sha3_256incctx *state) {
|
||||||
uint8_t t[SHA3_256_RATE];
|
uint8_t t[SHA3_256_RATE];
|
||||||
keccak_inc_finalize(s_inc, SHA3_256_RATE, 0x06);
|
keccak_inc_finalize(state->ctx, SHA3_256_RATE, 0x06);
|
||||||
|
|
||||||
keccak_squeezeblocks(t, 1, s_inc, SHA3_256_RATE);
|
keccak_squeezeblocks(t, 1, state->ctx, SHA3_256_RATE);
|
||||||
|
|
||||||
for (size_t i = 0; i < 32; i++) {
|
for (size_t i = 0; i < 32; i++) {
|
||||||
output[i] = t[i];
|
output[i] = t[i];
|
||||||
@ -718,19 +718,19 @@ void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha3_512_inc_init(uint64_t *s_inc) {
|
void sha3_512_inc_init(sha3_512incctx *state) {
|
||||||
keccak_inc_init(s_inc);
|
keccak_inc_init(state->ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha3_512_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen) {
|
void sha3_512_inc_absorb(sha3_512incctx *state, const uint8_t *input, size_t inlen) {
|
||||||
keccak_inc_absorb(s_inc, SHA3_512_RATE, input, inlen);
|
keccak_inc_absorb(state->ctx, SHA3_512_RATE, input, inlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sha3_512_inc_finalize(uint8_t *output, uint64_t *s_inc) {
|
void sha3_512_inc_finalize(uint8_t *output, sha3_512incctx *state) {
|
||||||
uint8_t t[SHA3_512_RATE];
|
uint8_t t[SHA3_512_RATE];
|
||||||
keccak_inc_finalize(s_inc, SHA3_512_RATE, 0x06);
|
keccak_inc_finalize(state->ctx, SHA3_512_RATE, 0x06);
|
||||||
|
|
||||||
keccak_squeezeblocks(t, 1, s_inc, SHA3_512_RATE);
|
keccak_squeezeblocks(t, 1, state->ctx, SHA3_512_RATE);
|
||||||
|
|
||||||
for (size_t i = 0; i < 32; i++) {
|
for (size_t i = 0; i < 32; i++) {
|
||||||
output[i] = t[i];
|
output[i] = t[i];
|
||||||
|
@ -9,22 +9,53 @@
|
|||||||
#define SHA3_256_RATE 136
|
#define SHA3_256_RATE 136
|
||||||
#define SHA3_512_RATE 72
|
#define SHA3_512_RATE 72
|
||||||
|
|
||||||
void shake128_absorb(uint64_t *s, const uint8_t *input, size_t inlen);
|
|
||||||
|
|
||||||
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s);
|
// Context for incremental API
|
||||||
|
typedef struct {
|
||||||
|
uint64_t ctx[26];
|
||||||
|
} shake128incctx;
|
||||||
|
|
||||||
void shake128_inc_init(uint64_t *s_inc);
|
// Context for non-incremental API
|
||||||
void shake128_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
typedef struct {
|
||||||
void shake128_inc_finalize(uint64_t *s_inc);
|
uint64_t ctx[25];
|
||||||
void shake128_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc);
|
} shake128ctx;
|
||||||
|
|
||||||
void shake256_absorb(uint64_t *s, const uint8_t *input, size_t inlen);
|
// Context for incremental API
|
||||||
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, uint64_t *s);
|
typedef struct {
|
||||||
|
uint64_t ctx[26];
|
||||||
|
} shake256incctx;
|
||||||
|
|
||||||
void shake256_inc_init(uint64_t *s_inc);
|
// Context for non-incremental API
|
||||||
void shake256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
typedef struct {
|
||||||
void shake256_inc_finalize(uint64_t *s_inc);
|
uint64_t ctx[25];
|
||||||
void shake256_inc_squeeze(uint8_t *output, size_t outlen, uint64_t *s_inc);
|
} shake256ctx;
|
||||||
|
|
||||||
|
// Context for incremental API
|
||||||
|
typedef struct {
|
||||||
|
uint64_t ctx[26];
|
||||||
|
} sha3_256incctx;
|
||||||
|
|
||||||
|
// Context for incremental API
|
||||||
|
typedef struct {
|
||||||
|
uint64_t ctx[26];
|
||||||
|
} sha3_512incctx;
|
||||||
|
|
||||||
|
void shake128_absorb(shake128ctx *state, const uint8_t *input, size_t inlen);
|
||||||
|
|
||||||
|
void shake128_squeezeblocks(uint8_t *output, size_t nblocks, shake128ctx *state);
|
||||||
|
|
||||||
|
void shake128_inc_init(shake128incctx *state);
|
||||||
|
void shake128_inc_absorb(shake128incctx *state, const uint8_t *input, size_t inlen);
|
||||||
|
void shake128_inc_finalize(shake128incctx *state);
|
||||||
|
void shake128_inc_squeeze(uint8_t *output, size_t outlen, shake128incctx *state);
|
||||||
|
|
||||||
|
void shake256_absorb(shake256ctx *state, const uint8_t *input, size_t inlen);
|
||||||
|
void shake256_squeezeblocks(uint8_t *output, size_t nblocks, shake256ctx *state);
|
||||||
|
|
||||||
|
void shake256_inc_init(shake256incctx *state);
|
||||||
|
void shake256_inc_absorb(shake256incctx *state, const uint8_t *input, size_t inlen);
|
||||||
|
void shake256_inc_finalize(shake256incctx *state);
|
||||||
|
void shake256_inc_squeeze(uint8_t *output, size_t outlen, shake256incctx *state);
|
||||||
|
|
||||||
void shake128(uint8_t *output, size_t outlen,
|
void shake128(uint8_t *output, size_t outlen,
|
||||||
const uint8_t *input, size_t inlen);
|
const uint8_t *input, size_t inlen);
|
||||||
@ -32,15 +63,15 @@ void shake128(uint8_t *output, size_t outlen,
|
|||||||
void shake256(uint8_t *output, size_t outlen,
|
void shake256(uint8_t *output, size_t outlen,
|
||||||
const uint8_t *input, size_t inlen);
|
const uint8_t *input, size_t inlen);
|
||||||
|
|
||||||
void sha3_256_inc_init(uint64_t *s_inc);
|
void sha3_256_inc_init(sha3_256incctx *state);
|
||||||
void sha3_256_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
void sha3_256_inc_absorb(sha3_256incctx *state, const uint8_t *input, size_t inlen);
|
||||||
void sha3_256_inc_finalize(uint8_t *output, uint64_t *s_inc);
|
void sha3_256_inc_finalize(uint8_t *output, sha3_256incctx *state);
|
||||||
|
|
||||||
void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen);
|
void sha3_256(uint8_t *output, const uint8_t *input, size_t inlen);
|
||||||
|
|
||||||
void sha3_512_inc_init(uint64_t *s_inc);
|
void sha3_512_inc_init(sha3_512incctx *state);
|
||||||
void sha3_512_inc_absorb(uint64_t *s_inc, const uint8_t *input, size_t inlen);
|
void sha3_512_inc_absorb(sha3_512incctx *state, const uint8_t *input, size_t inlen);
|
||||||
void sha3_512_inc_finalize(uint8_t *output, uint64_t *s_inc);
|
void sha3_512_inc_finalize(uint8_t *output, sha3_512incctx *state);
|
||||||
|
|
||||||
void sha3_512(uint8_t *output, const uint8_t *input, size_t inlen);
|
void sha3_512(uint8_t *output, const uint8_t *input, size_t inlen);
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ static int test_sha3_256_incremental(void) {
|
|||||||
unsigned char input[512];
|
unsigned char input[512];
|
||||||
unsigned char check[32];
|
unsigned char check[32];
|
||||||
unsigned char output[32];
|
unsigned char output[32];
|
||||||
uint64_t s_inc[26];
|
sha3_256incctx state;
|
||||||
int i;
|
int i;
|
||||||
int absorbed;
|
int absorbed;
|
||||||
int returncode = 0;
|
int returncode = 0;
|
||||||
@ -67,18 +67,18 @@ static int test_sha3_256_incremental(void) {
|
|||||||
|
|
||||||
sha3_256(check, input, 512);
|
sha3_256(check, input, 512);
|
||||||
|
|
||||||
sha3_256_inc_init(s_inc);
|
sha3_256_inc_init(&state);
|
||||||
|
|
||||||
absorbed = 0;
|
absorbed = 0;
|
||||||
for (i = 0; i < 512 && absorbed + i <= 512; i++) {
|
for (i = 0; i < 512 && absorbed + i <= 512; i++) {
|
||||||
sha3_256_inc_absorb(s_inc, input + absorbed, i);
|
sha3_256_inc_absorb(&state, input + absorbed, i);
|
||||||
absorbed += i;
|
absorbed += i;
|
||||||
}
|
}
|
||||||
sha3_256_inc_absorb(s_inc, input + absorbed, 512 - absorbed);
|
sha3_256_inc_absorb(&state, input + absorbed, 512 - absorbed);
|
||||||
|
|
||||||
sha3_256_inc_finalize(output, s_inc);
|
sha3_256_inc_finalize(output, &state);
|
||||||
|
|
||||||
if (memcmp(check, output, 32)) {
|
if (memcmp(check, output, 32) != 0) {
|
||||||
printf("ERROR sha3_256 incremental did not match sha3_256.\n");
|
printf("ERROR sha3_256 incremental did not match sha3_256.\n");
|
||||||
printf(" Expected: ");
|
printf(" Expected: ");
|
||||||
for (i = 0; i < 32; i++) {
|
for (i = 0; i < 32; i++) {
|
||||||
@ -100,11 +100,11 @@ static int test_shake128_incremental(void) {
|
|||||||
unsigned char input[512];
|
unsigned char input[512];
|
||||||
unsigned char check[512];
|
unsigned char check[512];
|
||||||
unsigned char output[512];
|
unsigned char output[512];
|
||||||
uint64_t s_inc_absorb[26];
|
shake128incctx state_absorb;
|
||||||
uint64_t s_inc_squeeze[26];
|
shake128incctx state_squeeze;
|
||||||
uint64_t s_inc_squeeze_all[26];
|
shake128incctx state_squeeze_all;
|
||||||
uint64_t s_inc_both[26];
|
shake128incctx state_both;
|
||||||
uint64_t s_combined[25];
|
shake128ctx state_combined;
|
||||||
int i;
|
int i;
|
||||||
int absorbed;
|
int absorbed;
|
||||||
int squeezed;
|
int squeezed;
|
||||||
@ -116,47 +116,27 @@ static int test_shake128_incremental(void) {
|
|||||||
|
|
||||||
shake128(check, 512, input, 512);
|
shake128(check, 512, input, 512);
|
||||||
|
|
||||||
shake128_inc_init(s_inc_absorb);
|
shake128_inc_init(&state_absorb);
|
||||||
|
|
||||||
absorbed = 0;
|
absorbed = 0;
|
||||||
for (i = 0; i < 512 && absorbed + i <= 512; i++) {
|
for (i = 0; i < 512 && absorbed + i <= 512; i++) {
|
||||||
shake128_inc_absorb(s_inc_absorb, input + absorbed, i);
|
shake128_inc_absorb(&state_absorb, input + absorbed, i);
|
||||||
absorbed += i;
|
absorbed += i;
|
||||||
}
|
}
|
||||||
shake128_inc_absorb(s_inc_absorb, input + absorbed, 512 - absorbed);
|
shake128_inc_absorb(&state_absorb, input + absorbed, 512 - absorbed);
|
||||||
|
|
||||||
shake128_inc_finalize(s_inc_absorb);
|
shake128_inc_finalize(&state_absorb);
|
||||||
|
|
||||||
shake128_absorb(s_combined, input, 512);
|
shake128_absorb(&state_combined, input, 512);
|
||||||
|
|
||||||
if (memcmp(s_inc_absorb, s_combined, 25 * sizeof(uint64_t))) {
|
if (memcmp(&state_absorb, &state_combined, sizeof(shake128ctx)) != 0) {
|
||||||
printf("ERROR shake128 state after incremental absorb did not match all-at-once absorb.\n");
|
printf("ERROR shake128 state after incremental absorb did not match all-at-once absorb.\n");
|
||||||
printf(" Expected: ");
|
|
||||||
for (i = 0; i < 25; i++) {
|
|
||||||
printf("%016" PRIx64, s_combined[i]);
|
|
||||||
}
|
|
||||||
printf("\n");
|
|
||||||
printf(" State: ");
|
|
||||||
for (i = 0; i < 25; i++) {
|
|
||||||
printf("%016" PRIx64, s_inc_absorb[i]);
|
|
||||||
}
|
|
||||||
printf("\n");
|
|
||||||
for (i = 0; i < 8 * 25; i++) {
|
|
||||||
if (((s_combined[i >> 3] >> (8*(i & 0x7))) & 0xFF) !=
|
|
||||||
((s_inc_absorb[i >> 3] >> (8*(i & 0x7))) & 0xFF)) {
|
|
||||||
printf(" First occurred in int %d, byte %d (%02X should be %02X)\n",
|
|
||||||
i >> 3, i & 0x7,
|
|
||||||
(uint8_t)((s_inc_absorb[i >> 3] >> (8*(i & 0x7))) & 0xFF),
|
|
||||||
(uint8_t)((s_combined[i >> 3] >> (8*(i & 0x7))) & 0xFF));
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
returncode = 1;
|
returncode = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(s_inc_both, s_inc_absorb, 26 * sizeof(uint64_t));
|
memcpy(&state_both, &state_absorb, sizeof(shake128incctx));
|
||||||
|
|
||||||
shake128_squeezeblocks(output, 3, s_inc_absorb);
|
shake128_squeezeblocks(output, 3, (shake128ctx*)&state_absorb);
|
||||||
|
|
||||||
if (memcmp(check, output, 3*SHAKE128_RATE)) {
|
if (memcmp(check, output, 3*SHAKE128_RATE)) {
|
||||||
printf("ERROR shake128 incremental absorb did not match shake128.\n");
|
printf("ERROR shake128 incremental absorb did not match shake128.\n");
|
||||||
@ -173,14 +153,14 @@ static int test_shake128_incremental(void) {
|
|||||||
returncode = 1;
|
returncode = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
shake128_absorb(s_inc_squeeze, input, 512);
|
shake128_absorb((shake128ctx*)&state_squeeze, input, 512);
|
||||||
s_inc_squeeze[25] = 0;
|
state_squeeze.ctx[25] = 0;
|
||||||
|
|
||||||
memcpy(s_inc_squeeze_all, s_inc_squeeze, 26 * sizeof(uint64_t));
|
memcpy(&state_squeeze_all, &state_squeeze, sizeof(shake128incctx));
|
||||||
|
|
||||||
shake128_inc_squeeze(output, 512, s_inc_squeeze_all);
|
shake128_inc_squeeze(output, 512, &state_squeeze_all);
|
||||||
|
|
||||||
if (memcmp(check, output, 512)) {
|
if (memcmp(check, output, 512) != 0) {
|
||||||
printf("ERROR shake128 incremental squeeze-all did not match shake128.\n");
|
printf("ERROR shake128 incremental squeeze-all did not match shake128.\n");
|
||||||
printf(" Expected: ");
|
printf(" Expected: ");
|
||||||
for (i = 0; i < 512; i++) {
|
for (i = 0; i < 512; i++) {
|
||||||
@ -198,12 +178,12 @@ static int test_shake128_incremental(void) {
|
|||||||
squeezed = 0;
|
squeezed = 0;
|
||||||
memset(output, 0, 512);
|
memset(output, 0, 512);
|
||||||
for (i = 0; i < 512 && squeezed + i <= 512; i++) {
|
for (i = 0; i < 512 && squeezed + i <= 512; i++) {
|
||||||
shake128_inc_squeeze(output + squeezed, i, s_inc_squeeze);
|
shake128_inc_squeeze(output + squeezed, i, &state_squeeze);
|
||||||
squeezed += i;
|
squeezed += i;
|
||||||
}
|
}
|
||||||
shake128_inc_squeeze(output + squeezed, 512 - squeezed, s_inc_squeeze);
|
shake128_inc_squeeze(output + squeezed, 512 - squeezed, &state_squeeze);
|
||||||
|
|
||||||
if (memcmp(check, output, 512)) {
|
if (memcmp(check, output, 512) != 0) {
|
||||||
printf("ERROR shake128 incremental squeeze did not match shake128.\n");
|
printf("ERROR shake128 incremental squeeze did not match shake128.\n");
|
||||||
printf(" Expected: ");
|
printf(" Expected: ");
|
||||||
for (i = 0; i < 512; i++) {
|
for (i = 0; i < 512; i++) {
|
||||||
@ -221,12 +201,12 @@ static int test_shake128_incremental(void) {
|
|||||||
squeezed = 0;
|
squeezed = 0;
|
||||||
memset(output, 0, 512);
|
memset(output, 0, 512);
|
||||||
for (i = 0; i < 512 && squeezed + i <= 512; i++) {
|
for (i = 0; i < 512 && squeezed + i <= 512; i++) {
|
||||||
shake128_inc_squeeze(output + squeezed, i, s_inc_both);
|
shake128_inc_squeeze(output + squeezed, i, &state_both);
|
||||||
squeezed += i;
|
squeezed += i;
|
||||||
}
|
}
|
||||||
shake128_inc_squeeze(output + squeezed, 512 - squeezed, s_inc_both);
|
shake128_inc_squeeze(output + squeezed, 512 - squeezed, &state_both);
|
||||||
|
|
||||||
if (memcmp(check, output, 512)) {
|
if (memcmp(check, output, 512) != 0) {
|
||||||
printf("ERROR shake128 incremental absorb + squeeze did not match shake128.\n");
|
printf("ERROR shake128 incremental absorb + squeeze did not match shake128.\n");
|
||||||
printf(" Expected: ");
|
printf(" Expected: ");
|
||||||
for (i = 0; i < 512; i++) {
|
for (i = 0; i < 512; i++) {
|
||||||
@ -250,7 +230,7 @@ static int test_shake128(void) {
|
|||||||
|
|
||||||
shake128(output, 32, plaintext, 43);
|
shake128(output, 32, plaintext, 43);
|
||||||
|
|
||||||
if (memcmp(expected, output, 32)) {
|
if (memcmp(expected, output, 32) != 0) {
|
||||||
printf("ERROR shake128 output did not match test vector.\n");
|
printf("ERROR shake128 output did not match test vector.\n");
|
||||||
printf("Expected: ");
|
printf("Expected: ");
|
||||||
for (i = 0; i < 32; i++) {
|
for (i = 0; i < 32; i++) {
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user