1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
10 /* based on https://github.com/brainhub/SHA3IUF (public domain) */
16 int sha3_224_test(void)
21 unsigned char buf[200], hash[224 / 8];
24 const unsigned char c1 = 0xa3;
26 const unsigned char sha3_224_empty[224 / 8] = {
27 0x6b, 0x4e, 0x03, 0x42, 0x36, 0x67, 0xdb, 0xb7,
28 0x3b, 0x6e, 0x15, 0x45, 0x4f, 0x0e, 0xb1, 0xab,
29 0xd4, 0x59, 0x7f, 0x9a, 0x1b, 0x07, 0x8e, 0x3f,
30 0x5b, 0x5a, 0x6b, 0xc7
33 const unsigned char sha3_224_0xa3_200_times[224 / 8] = {
34 0x93, 0x76, 0x81, 0x6a, 0xba, 0x50, 0x3f, 0x72,
35 0xf9, 0x6c, 0xe7, 0xeb, 0x65, 0xac, 0x09, 0x5d,
36 0xee, 0xe3, 0xbe, 0x4b, 0xf9, 0xbb, 0xc2, 0xa1,
37 0xcb, 0x7e, 0x11, 0xe0
40 XMEMSET(buf, c1, sizeof(buf));
42 /* SHA3-224 on an empty buffer */
45 if (compare_testvector(hash, sizeof(hash), sha3_224_empty, sizeof(sha3_224_empty), "SHA3-224", 0)) {
46 return CRYPT_FAIL_TESTVECTOR;
49 /* SHA3-224 in two steps. [FIPS 202] */
51 sha3_process(&c, buf, sizeof(buf) / 2);
52 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
54 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 1)) {
55 return CRYPT_FAIL_TESTVECTOR;
58 /* SHA3-224 byte-by-byte: 200 steps. [FIPS 202] */
62 sha3_process(&c, &c1, 1);
65 if (compare_testvector(hash, sizeof(hash), sha3_224_0xa3_200_times, sizeof(sha3_224_0xa3_200_times), "SHA3-224", 2)) {
66 return CRYPT_FAIL_TESTVECTOR;
73 int sha3_256_test(void)
78 unsigned char buf[200], hash[256 / 8];
81 const unsigned char c1 = 0xa3;
83 const unsigned char sha3_256_empty[256 / 8] = {
84 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
85 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
86 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
87 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a
89 const unsigned char sha3_256_0xa3_200_times[256 / 8] = {
90 0x79, 0xf3, 0x8a, 0xde, 0xc5, 0xc2, 0x03, 0x07,
91 0xa9, 0x8e, 0xf7, 0x6e, 0x83, 0x24, 0xaf, 0xbf,
92 0xd4, 0x6c, 0xfd, 0x81, 0xb2, 0x2e, 0x39, 0x73,
93 0xc6, 0x5f, 0xa1, 0xbd, 0x9d, 0xe3, 0x17, 0x87
96 XMEMSET(buf, c1, sizeof(buf));
98 /* SHA3-256 on an empty buffer */
101 if (compare_testvector(hash, sizeof(hash), sha3_256_empty, sizeof(sha3_256_empty), "SHA3-256", 0)) {
102 return CRYPT_FAIL_TESTVECTOR;
105 /* SHA3-256 as a single buffer. [FIPS 202] */
107 sha3_process(&c, buf, sizeof(buf));
109 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 1)) {
110 return CRYPT_FAIL_TESTVECTOR;
113 /* SHA3-256 in two steps. [FIPS 202] */
115 sha3_process(&c, buf, sizeof(buf) / 2);
116 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
118 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 2)) {
119 return CRYPT_FAIL_TESTVECTOR;
122 /* SHA3-256 byte-by-byte: 200 steps. [FIPS 202] */
126 sha3_process(&c, &c1, 1);
129 if (compare_testvector(hash, sizeof(hash), sha3_256_0xa3_200_times, sizeof(sha3_256_0xa3_200_times), "SHA3-256", 3)) {
130 return CRYPT_FAIL_TESTVECTOR;
133 /* SHA3-256 byte-by-byte: 135 bytes. Input from [Keccak]. Output
134 * matched with sha3sum. */
136 sha3_process(&c, (unsigned char*)
137 "\xb7\x71\xd5\xce\xf5\xd1\xa4\x1a"
138 "\x93\xd1\x56\x43\xd7\x18\x1d\x2a"
139 "\x2e\xf0\xa8\xe8\x4d\x91\x81\x2f"
140 "\x20\xed\x21\xf1\x47\xbe\xf7\x32"
141 "\xbf\x3a\x60\xef\x40\x67\xc3\x73"
142 "\x4b\x85\xbc\x8c\xd4\x71\x78\x0f"
143 "\x10\xdc\x9e\x82\x91\xb5\x83\x39"
144 "\xa6\x77\xb9\x60\x21\x8f\x71\xe7"
145 "\x93\xf2\x79\x7a\xea\x34\x94\x06"
146 "\x51\x28\x29\x06\x5d\x37\xbb\x55"
147 "\xea\x79\x6f\xa4\xf5\x6f\xd8\x89"
148 "\x6b\x49\xb2\xcd\x19\xb4\x32\x15"
149 "\xad\x96\x7c\x71\x2b\x24\xe5\x03"
150 "\x2d\x06\x52\x32\xe0\x2c\x12\x74"
151 "\x09\xd2\xed\x41\x46\xb9\xd7\x5d"
152 "\x76\x3d\x52\xdb\x98\xd9\x49\xd3"
153 "\xb0\xfe\xd6\xa8\x05\x2f\xbb", 1080 / 8);
155 if(compare_testvector(hash, sizeof(hash),
156 "\xa1\x9e\xee\x92\xbb\x20\x97\xb6"
157 "\x4e\x82\x3d\x59\x77\x98\xaa\x18"
158 "\xbe\x9b\x7c\x73\x6b\x80\x59\xab"
159 "\xfd\x67\x79\xac\x35\xac\x81\xb5", 256 / 8, "SHA3-256", 4)) {
160 return CRYPT_FAIL_TESTVECTOR;
167 int sha3_384_test(void)
172 unsigned char buf[200], hash[384 / 8];
175 const unsigned char c1 = 0xa3;
177 const unsigned char sha3_384_0xa3_200_times[384 / 8] = {
178 0x18, 0x81, 0xde, 0x2c, 0xa7, 0xe4, 0x1e, 0xf9,
179 0x5d, 0xc4, 0x73, 0x2b, 0x8f, 0x5f, 0x00, 0x2b,
180 0x18, 0x9c, 0xc1, 0xe4, 0x2b, 0x74, 0x16, 0x8e,
181 0xd1, 0x73, 0x26, 0x49, 0xce, 0x1d, 0xbc, 0xdd,
182 0x76, 0x19, 0x7a, 0x31, 0xfd, 0x55, 0xee, 0x98,
183 0x9f, 0x2d, 0x70, 0x50, 0xdd, 0x47, 0x3e, 0x8f
186 XMEMSET(buf, c1, sizeof(buf));
188 /* SHA3-384 as a single buffer. [FIPS 202] */
190 sha3_process(&c, buf, sizeof(buf));
192 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 0)) {
193 return CRYPT_FAIL_TESTVECTOR;
196 /* SHA3-384 in two steps. [FIPS 202] */
198 sha3_process(&c, buf, sizeof(buf) / 2);
199 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
201 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 1)) {
202 return CRYPT_FAIL_TESTVECTOR;
205 /* SHA3-384 byte-by-byte: 200 steps. [FIPS 202] */
209 sha3_process(&c, &c1, 1);
212 if (compare_testvector(hash, sizeof(hash), sha3_384_0xa3_200_times, sizeof(sha3_384_0xa3_200_times), "SHA3-384", 2)) {
213 return CRYPT_FAIL_TESTVECTOR;
220 int sha3_512_test(void)
225 unsigned char buf[200], hash[512 / 8];
228 const unsigned char c1 = 0xa3;
230 const unsigned char sha3_512_0xa3_200_times[512 / 8] = {
231 0xe7, 0x6d, 0xfa, 0xd2, 0x20, 0x84, 0xa8, 0xb1,
232 0x46, 0x7f, 0xcf, 0x2f, 0xfa, 0x58, 0x36, 0x1b,
233 0xec, 0x76, 0x28, 0xed, 0xf5, 0xf3, 0xfd, 0xc0,
234 0xe4, 0x80, 0x5d, 0xc4, 0x8c, 0xae, 0xec, 0xa8,
235 0x1b, 0x7c, 0x13, 0xc3, 0x0a, 0xdf, 0x52, 0xa3,
236 0x65, 0x95, 0x84, 0x73, 0x9a, 0x2d, 0xf4, 0x6b,
237 0xe5, 0x89, 0xc5, 0x1c, 0xa1, 0xa4, 0xa8, 0x41,
238 0x6d, 0xf6, 0x54, 0x5a, 0x1c, 0xe8, 0xba, 0x00
241 XMEMSET(buf, c1, sizeof(buf));
243 /* SHA3-512 as a single buffer. [FIPS 202] */
245 sha3_process(&c, buf, sizeof(buf));
247 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 0)) {
248 return CRYPT_FAIL_TESTVECTOR;
251 /* SHA3-512 in two steps. [FIPS 202] */
253 sha3_process(&c, buf, sizeof(buf) / 2);
254 sha3_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
256 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 1)) {
257 return CRYPT_FAIL_TESTVECTOR;
260 /* SHA3-512 byte-by-byte: 200 steps. [FIPS 202] */
264 sha3_process(&c, &c1, 1);
267 if (compare_testvector(hash, sizeof(hash), sha3_512_0xa3_200_times, sizeof(sha3_512_0xa3_200_times), "SHA3-512", 2)) {
268 return CRYPT_FAIL_TESTVECTOR;
275 int sha3_shake_test(void)
280 unsigned char buf[200], hash[512];
283 const unsigned char c1 = 0xa3;
286 const unsigned char shake256_empty[32] = {
287 0xab, 0x0b, 0xae, 0x31, 0x63, 0x39, 0x89, 0x43,
288 0x04, 0xe3, 0x58, 0x77, 0xb0, 0xc2, 0x8a, 0x9b,
289 0x1f, 0xd1, 0x66, 0xc7, 0x96, 0xb9, 0xcc, 0x25,
290 0x8a, 0x06, 0x4a, 0x8f, 0x57, 0xe2, 0x7f, 0x2a
292 const unsigned char shake256_0xa3_200_times[32] = {
293 0x6a, 0x1a, 0x9d, 0x78, 0x46, 0x43, 0x6e, 0x4d,
294 0xca, 0x57, 0x28, 0xb6, 0xf7, 0x60, 0xee, 0xf0,
295 0xca, 0x92, 0xbf, 0x0b, 0xe5, 0x61, 0x5e, 0x96,
296 0x95, 0x9d, 0x76, 0x71, 0x97, 0xa0, 0xbe, 0xeb
298 const unsigned char shake128_empty[32] = {
299 0x43, 0xe4, 0x1b, 0x45, 0xa6, 0x53, 0xf2, 0xa5,
300 0xc4, 0x49, 0x2c, 0x1a, 0xdd, 0x54, 0x45, 0x12,
301 0xdd, 0xa2, 0x52, 0x98, 0x33, 0x46, 0x2b, 0x71,
302 0xa4, 0x1a, 0x45, 0xbe, 0x97, 0x29, 0x0b, 0x6f
304 const unsigned char shake128_0xa3_200_times[32] = {
305 0x44, 0xc9, 0xfb, 0x35, 0x9f, 0xd5, 0x6a, 0xc0,
306 0xa9, 0xa7, 0x5a, 0x74, 0x3c, 0xff, 0x68, 0x62,
307 0xf1, 0x7d, 0x72, 0x59, 0xab, 0x07, 0x52, 0x16,
308 0xc0, 0x69, 0x95, 0x11, 0x64, 0x3b, 0x64, 0x39
311 XMEMSET(buf, c1, sizeof(buf));
313 /* SHAKE256 on an empty buffer */
314 sha3_shake_init(&c, 256);
315 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
316 if (compare_testvector(hash, sizeof(shake256_empty), shake256_empty, sizeof(shake256_empty), "SHAKE256", 0)) {
317 return CRYPT_FAIL_TESTVECTOR;
320 /* SHAKE256 via sha3_shake_memory [FIPS 202] */
322 sha3_shake_memory(256, buf, sizeof(buf), hash, &len);
323 if (compare_testvector(hash + 480, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 1)) {
324 return CRYPT_FAIL_TESTVECTOR;
327 /* SHAKE256 as a single buffer. [FIPS 202] */
328 sha3_shake_init(&c, 256);
329 sha3_shake_process(&c, buf, sizeof(buf));
330 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
331 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 2)) {
332 return CRYPT_FAIL_TESTVECTOR;
335 /* SHAKE256 in two steps. [FIPS 202] */
336 sha3_shake_init(&c, 256);
337 sha3_shake_process(&c, buf, sizeof(buf) / 2);
338 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
339 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
340 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 3)) {
341 return CRYPT_FAIL_TESTVECTOR;
344 /* SHAKE256 byte-by-byte: 200 steps. [FIPS 202] */
346 sha3_shake_init(&c, 256);
347 while (i--) sha3_shake_process(&c, &c1, 1);
348 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
349 if (compare_testvector(hash, sizeof(shake256_0xa3_200_times), shake256_0xa3_200_times, sizeof(shake256_0xa3_200_times), "SHAKE256", 4)) {
350 return CRYPT_FAIL_TESTVECTOR;
353 /* SHAKE128 on an empty buffer */
354 sha3_shake_init(&c, 128);
355 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
356 if (compare_testvector(hash, sizeof(shake128_empty), shake128_empty, sizeof(shake128_empty), "SHAKE128", 0)) {
357 return CRYPT_FAIL_TESTVECTOR;
360 /* SHAKE128 via sha3_shake_memory [FIPS 202] */
362 sha3_shake_memory(128, buf, sizeof(buf), hash, &len);
363 if (compare_testvector(hash + 480, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 1)) {
364 return CRYPT_FAIL_TESTVECTOR;
367 /* SHAKE128 as a single buffer. [FIPS 202] */
368 sha3_shake_init(&c, 128);
369 sha3_shake_process(&c, buf, sizeof(buf));
370 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
371 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 2)) {
372 return CRYPT_FAIL_TESTVECTOR;
375 /* SHAKE128 in two steps. [FIPS 202] */
376 sha3_shake_init(&c, 128);
377 sha3_shake_process(&c, buf, sizeof(buf) / 2);
378 sha3_shake_process(&c, buf + sizeof(buf) / 2, sizeof(buf) / 2);
379 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
380 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 3)) {
381 return CRYPT_FAIL_TESTVECTOR;
384 /* SHAKE128 byte-by-byte: 200 steps. [FIPS 202] */
386 sha3_shake_init(&c, 128);
387 while (i--) sha3_shake_process(&c, &c1, 1);
388 for (i = 0; i < 16; i++) sha3_shake_done(&c, hash, 32); /* get 512 bytes, keep in hash the last 32 */
389 if (compare_testvector(hash, sizeof(shake128_0xa3_200_times), shake128_0xa3_200_times, sizeof(shake128_0xa3_200_times), "SHAKE128", 4)) {
390 return CRYPT_FAIL_TESTVECTOR;
399 /* ref: $Format:%D$ */
400 /* git commit: $Format:%H$ */
401 /* commit time: $Format:%ai$ */