tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lib/crypto: tests: Add SHA3 kunit tests

Add a SHA3 kunit test suite, providing the following:

(*) A simple test of each of SHA3-224, SHA3-256, SHA3-384, SHA3-512,
SHAKE128 and SHAKE256.

(*) NIST 0- and 1600-bit test vectors for SHAKE128 and SHAKE256.

(*) Output tiling (multiple squeezing) tests for SHAKE256.

(*) Standard hash template test for SHA3-256. To make this possible,
gen-hash-testvecs.py is modified to support sha3-256.

(*) Standard benchmark test for SHA3-256.

[EB: dropped some unnecessary changes to gen-hash-testvecs.py, moved
addition of Testing section in doc file into this commit, and
other small cleanups]

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Harald Freudenberger <freude@linux.ibm.com>
Link: https://lore.kernel.org/r/20251026055032.1413733-6-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

authored by

David Howells and committed by
Eric Biggers 15c64c47 6401fd33

+601 -1
+11
Documentation/crypto/sha3.rst
··· 107 107 void shake_zeroize_ctx(struct shake_ctx *ctx); 108 108 109 109 110 + Testing 111 + ======= 112 + 113 + To test the SHA-3 code, use sha3_kunit (CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST). 114 + 115 + Since the SHA-3 algorithms are FIPS-approved, when the kernel is booted in FIPS 116 + mode the SHA-3 library also performs a simple self-test. This is purely to meet 117 + a FIPS requirement. Normal testing done by kernel developers and integrators 118 + should use the much more comprehensive KUnit test suite instead. 119 + 120 + 110 121 References 111 122 ========== 112 123
+11
lib/crypto/tests/Kconfig
··· 81 81 KUnit tests for the SHA-384 and SHA-512 cryptographic hash functions 82 82 and their corresponding HMACs. 83 83 84 + config CRYPTO_LIB_SHA3_KUNIT_TEST 85 + tristate "KUnit tests for SHA-3" if !KUNIT_ALL_TESTS 86 + depends on KUNIT 87 + default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS 88 + select CRYPTO_LIB_BENCHMARK_VISIBLE 89 + select CRYPTO_LIB_SHA3 90 + help 91 + KUnit tests for the SHA3 cryptographic hash and XOF functions, 92 + including SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and 93 + SHAKE256. 94 + 84 95 config CRYPTO_LIB_BENCHMARK_VISIBLE 85 96 bool 86 97
+1
lib/crypto/tests/Makefile
··· 8 8 obj-$(CONFIG_CRYPTO_LIB_SHA1_KUNIT_TEST) += sha1_kunit.o 9 9 obj-$(CONFIG_CRYPTO_LIB_SHA256_KUNIT_TEST) += sha224_kunit.o sha256_kunit.o 10 10 obj-$(CONFIG_CRYPTO_LIB_SHA512_KUNIT_TEST) += sha384_kunit.o sha512_kunit.o 11 + obj-$(CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST) += sha3_kunit.o
+231
lib/crypto/tests/sha3-testvecs.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 + /* This file was generated by: ./scripts/crypto/gen-hash-testvecs.py sha3-256 */ 3 + 4 + static const struct { 5 + size_t data_len; 6 + u8 digest[SHA3_256_DIGEST_SIZE]; 7 + } hash_testvecs[] = { 8 + { 9 + .data_len = 0, 10 + .digest = { 11 + 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66, 12 + 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62, 13 + 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa, 14 + 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a, 15 + }, 16 + }, 17 + { 18 + .data_len = 1, 19 + .digest = { 20 + 0x11, 0x03, 0xe7, 0x84, 0x51, 0x50, 0x86, 0x35, 21 + 0x71, 0x8a, 0x70, 0xe3, 0xc4, 0x26, 0x7b, 0x21, 22 + 0x02, 0x13, 0xa0, 0x81, 0xe8, 0xe6, 0x14, 0x25, 23 + 0x07, 0x34, 0xe5, 0xc5, 0x40, 0x06, 0xf2, 0x8b, 24 + }, 25 + }, 26 + { 27 + .data_len = 2, 28 + .digest = { 29 + 0x2f, 0x6f, 0x6d, 0x47, 0x48, 0x52, 0x11, 0xb9, 30 + 0xe4, 0x3d, 0xc8, 0x71, 0xcf, 0xb2, 0xee, 0xae, 31 + 0x5b, 0xf4, 0x12, 0x84, 0x5b, 0x1c, 0xec, 0x6c, 32 + 0xc1, 0x66, 0x88, 0xaa, 0xc3, 0x40, 0xbd, 0x7e, 33 + }, 34 + }, 35 + { 36 + .data_len = 3, 37 + .digest = { 38 + 0xec, 0x02, 0xe8, 0x81, 0x4f, 0x84, 0x41, 0x69, 39 + 0x06, 0xd8, 0xdc, 0x1d, 0x01, 0x78, 0xd7, 0xcb, 40 + 0x39, 0xdf, 0xd3, 0x12, 0x1c, 0x99, 0xfd, 0xf3, 41 + 0x5c, 0x83, 0xc9, 0xc2, 0x7a, 0x7b, 0x6a, 0x05, 42 + }, 43 + }, 44 + { 45 + .data_len = 16, 46 + .digest = { 47 + 0xff, 0x6f, 0xc3, 0x41, 0xc3, 0x5f, 0x34, 0x6d, 48 + 0xa7, 0xdf, 0x3e, 0xc2, 0x8b, 0x29, 0xb6, 0xf1, 49 + 0xf8, 0x67, 0xfd, 0xcd, 0xb1, 0x9f, 0x38, 0x08, 50 + 0x1d, 0x8d, 0xd9, 0xc2, 0x43, 0x66, 0x18, 0x6c, 51 + }, 52 + }, 53 + { 54 + .data_len = 32, 55 + .digest = { 56 + 0xe4, 0xb1, 0x06, 0x17, 0xf8, 0x8b, 0x91, 0x95, 57 + 0xe7, 0x57, 0x66, 0xac, 0x08, 0xb2, 0x03, 0x3e, 58 + 0xf7, 0x84, 0x1f, 0xe3, 0x25, 0xa3, 0x11, 0xd2, 59 + 0x11, 0xa4, 0x78, 0x74, 0x2a, 0x43, 0x20, 0xa5, 60 + }, 61 + }, 62 + { 63 + .data_len = 48, 64 + .digest = { 65 + 0xeb, 0x57, 0x5f, 0x20, 0xa3, 0x6b, 0xc7, 0xb4, 66 + 0x66, 0x2a, 0xa0, 0x30, 0x3b, 0x52, 0x00, 0xc9, 67 + 0xce, 0x6a, 0xd8, 0x1e, 0xbe, 0xed, 0xa1, 0xd1, 68 + 0xbe, 0x63, 0xc7, 0xe1, 0xe2, 0x66, 0x67, 0x0c, 69 + }, 70 + }, 71 + { 72 + .data_len = 49, 73 + .digest = { 74 + 0xf0, 0x67, 0xad, 0x66, 0xbe, 0xec, 0x5a, 0xfd, 75 + 0x29, 0xd2, 0x4f, 0x1d, 0xb2, 0x24, 0xb8, 0x90, 76 + 0x05, 0x28, 0x0e, 0x66, 0x67, 0x74, 0x2d, 0xee, 77 + 0x66, 0x25, 0x11, 0xd1, 0x76, 0xa2, 0xfc, 0x3a, 78 + }, 79 + }, 80 + { 81 + .data_len = 63, 82 + .digest = { 83 + 0x57, 0x56, 0x21, 0xb3, 0x2d, 0x2d, 0xe1, 0x9d, 84 + 0xbf, 0x2c, 0x82, 0xa8, 0xad, 0x7e, 0x6c, 0x46, 85 + 0xfb, 0x30, 0xeb, 0xce, 0xcf, 0xed, 0x2d, 0x65, 86 + 0xe7, 0xe4, 0x96, 0x69, 0xe0, 0x48, 0xd2, 0xb6, 87 + }, 88 + }, 89 + { 90 + .data_len = 64, 91 + .digest = { 92 + 0x7b, 0xba, 0x67, 0x15, 0xe5, 0x21, 0xc4, 0x69, 93 + 0xd3, 0xef, 0x5c, 0x97, 0x9f, 0x5b, 0xba, 0x9c, 94 + 0xfa, 0x55, 0x64, 0xec, 0xb5, 0x37, 0x53, 0x1b, 95 + 0x3f, 0x4c, 0x0a, 0xed, 0x51, 0x98, 0x2b, 0x52, 96 + }, 97 + }, 98 + { 99 + .data_len = 65, 100 + .digest = { 101 + 0x44, 0xb6, 0x6b, 0x83, 0x09, 0x83, 0x55, 0x83, 102 + 0xde, 0x1f, 0xcc, 0x33, 0xef, 0xdc, 0x05, 0xbb, 103 + 0x3b, 0x63, 0x76, 0x45, 0xe4, 0x8e, 0x14, 0x7a, 104 + 0x2d, 0xae, 0x90, 0xce, 0x68, 0xc3, 0xa4, 0xf2, 105 + }, 106 + }, 107 + { 108 + .data_len = 127, 109 + .digest = { 110 + 0x50, 0x3e, 0x99, 0x4e, 0x28, 0x2b, 0xc9, 0xf4, 111 + 0xf5, 0xeb, 0x2b, 0x16, 0x04, 0x2d, 0xf5, 0xbe, 112 + 0xc0, 0x91, 0x41, 0x2a, 0x8e, 0x69, 0x5e, 0x39, 113 + 0x53, 0x2c, 0xc1, 0x18, 0xa5, 0xeb, 0xd8, 0xda, 114 + }, 115 + }, 116 + { 117 + .data_len = 128, 118 + .digest = { 119 + 0x90, 0x0b, 0xa6, 0x92, 0x84, 0x30, 0xaf, 0xee, 120 + 0x38, 0x59, 0x83, 0x83, 0xe9, 0xfe, 0xab, 0x86, 121 + 0x79, 0x1b, 0xcd, 0xe7, 0x0a, 0x0f, 0x58, 0x53, 122 + 0x36, 0xab, 0x12, 0xe1, 0x5c, 0x97, 0xc1, 0xfb, 123 + }, 124 + }, 125 + { 126 + .data_len = 129, 127 + .digest = { 128 + 0x2b, 0x52, 0x1e, 0x54, 0xbe, 0x38, 0x4c, 0x3e, 129 + 0x73, 0x37, 0x18, 0xf5, 0x25, 0x2c, 0xc8, 0xc7, 130 + 0xda, 0x7e, 0xb6, 0x47, 0x9d, 0xf4, 0x46, 0xce, 131 + 0xfa, 0x80, 0x20, 0x6b, 0xbd, 0xfd, 0x2a, 0xd8, 132 + }, 133 + }, 134 + { 135 + .data_len = 256, 136 + .digest = { 137 + 0x45, 0xf0, 0xf5, 0x9b, 0xd9, 0x91, 0x26, 0xd5, 138 + 0x91, 0x3b, 0xf8, 0x87, 0x8b, 0x34, 0x02, 0x31, 139 + 0x64, 0xab, 0xf4, 0x1c, 0x6e, 0x34, 0x72, 0xdf, 140 + 0x32, 0x6d, 0xe5, 0xd2, 0x67, 0x5e, 0x86, 0x93, 141 + }, 142 + }, 143 + { 144 + .data_len = 511, 145 + .digest = { 146 + 0xb3, 0xaf, 0x71, 0x64, 0xfa, 0xd4, 0xf1, 0x07, 147 + 0x38, 0xef, 0x04, 0x8e, 0x89, 0xf4, 0x02, 0xd2, 148 + 0xa5, 0xaf, 0x3b, 0xf5, 0x67, 0x56, 0xcf, 0xa9, 149 + 0x8e, 0x43, 0xf5, 0xb5, 0xe3, 0x91, 0x8e, 0xe7, 150 + }, 151 + }, 152 + { 153 + .data_len = 513, 154 + .digest = { 155 + 0x51, 0xac, 0x0a, 0x65, 0xb7, 0x96, 0x20, 0xcf, 156 + 0x88, 0xf6, 0x97, 0x35, 0x89, 0x0d, 0x31, 0x0f, 157 + 0xbe, 0x17, 0xbe, 0x62, 0x03, 0x67, 0xc0, 0xee, 158 + 0x4f, 0xc1, 0xe3, 0x7f, 0x6f, 0xab, 0xac, 0xb4, 159 + }, 160 + }, 161 + { 162 + .data_len = 1000, 163 + .digest = { 164 + 0x7e, 0xea, 0xa8, 0xd7, 0xde, 0x20, 0x1b, 0x58, 165 + 0x24, 0xd8, 0x26, 0x40, 0x36, 0x5f, 0x3f, 0xaa, 166 + 0xe5, 0x5a, 0xea, 0x98, 0x58, 0xd4, 0xd6, 0xfc, 167 + 0x20, 0x4c, 0x5c, 0x4f, 0xaf, 0x56, 0xc7, 0xc3, 168 + }, 169 + }, 170 + { 171 + .data_len = 3333, 172 + .digest = { 173 + 0x61, 0xb1, 0xb1, 0x3e, 0x0e, 0x7e, 0x90, 0x3d, 174 + 0x31, 0x54, 0xbd, 0xc9, 0x0d, 0x53, 0x62, 0xf1, 175 + 0xcd, 0x18, 0x80, 0xf9, 0x91, 0x75, 0x41, 0xb3, 176 + 0x51, 0x39, 0x57, 0xa7, 0xa8, 0x1e, 0xfb, 0xc9, 177 + }, 178 + }, 179 + { 180 + .data_len = 4096, 181 + .digest = { 182 + 0xab, 0x29, 0xda, 0x10, 0xc4, 0x11, 0x2d, 0x5c, 183 + 0xd1, 0xce, 0x1c, 0x95, 0xfa, 0xc6, 0xc7, 0xb0, 184 + 0x1b, 0xd1, 0xdc, 0x6f, 0xa0, 0x9d, 0x1b, 0x23, 185 + 0xfb, 0x6e, 0x90, 0x97, 0xd0, 0x75, 0x44, 0x7a, 186 + }, 187 + }, 188 + { 189 + .data_len = 4128, 190 + .digest = { 191 + 0x02, 0x45, 0x95, 0xf4, 0x19, 0xb5, 0x93, 0x29, 192 + 0x90, 0xf2, 0x63, 0x3f, 0x89, 0xe8, 0xa5, 0x31, 193 + 0x76, 0xf2, 0x89, 0x79, 0x66, 0xd3, 0x96, 0xdf, 194 + 0x33, 0xd1, 0xa6, 0x17, 0x73, 0xb1, 0xd0, 0x45, 195 + }, 196 + }, 197 + { 198 + .data_len = 4160, 199 + .digest = { 200 + 0xd1, 0x8e, 0x22, 0xea, 0x44, 0x87, 0x6e, 0x9d, 201 + 0xfb, 0x36, 0x02, 0x20, 0x63, 0xb7, 0x69, 0x45, 202 + 0x25, 0x41, 0x69, 0xe0, 0x9b, 0x87, 0xcf, 0xa3, 203 + 0x51, 0xbb, 0xfc, 0x8d, 0xf7, 0x29, 0xa7, 0xea, 204 + }, 205 + }, 206 + { 207 + .data_len = 4224, 208 + .digest = { 209 + 0x11, 0x86, 0x7d, 0x84, 0xf9, 0x8c, 0x6e, 0xc4, 210 + 0x64, 0x36, 0xc6, 0xf3, 0x42, 0x92, 0x31, 0x2b, 211 + 0x1e, 0x12, 0xe6, 0x4d, 0xbe, 0xfa, 0x77, 0x3f, 212 + 0x89, 0x41, 0x33, 0x58, 0x1c, 0x98, 0x16, 0x0a, 213 + }, 214 + }, 215 + { 216 + .data_len = 16384, 217 + .digest = { 218 + 0xb2, 0xba, 0x0c, 0x8c, 0x9d, 0xbb, 0x1e, 0xb0, 219 + 0x03, 0xb5, 0xdf, 0x4f, 0xf5, 0x35, 0xdb, 0xec, 220 + 0x60, 0xf2, 0x5b, 0xb6, 0xd0, 0x49, 0xd3, 0xed, 221 + 0x55, 0xc0, 0x7a, 0xd7, 0xaf, 0xa1, 0xea, 0x53, 222 + }, 223 + }, 224 + }; 225 + 226 + static const u8 hash_testvec_consolidated[SHA3_256_DIGEST_SIZE] = { 227 + 0x3b, 0x33, 0x67, 0xf8, 0xea, 0x92, 0x78, 0x62, 228 + 0xdd, 0xbe, 0x72, 0x15, 0xbd, 0x6f, 0xfa, 0xe5, 229 + 0x5e, 0xab, 0x9f, 0xb1, 0xe4, 0x23, 0x7c, 0x2c, 230 + 0x80, 0xcf, 0x09, 0x75, 0xf8, 0xe2, 0xfa, 0x30, 231 + };
+344
lib/crypto/tests/sha3_kunit.c
··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* 3 + * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved. 4 + * Written by David Howells (dhowells@redhat.com) 5 + */ 6 + #include <crypto/sha3.h> 7 + #include "sha3-testvecs.h" 8 + 9 + #define HASH sha3_256 10 + #define HASH_CTX sha3_ctx 11 + #define HASH_SIZE SHA3_256_DIGEST_SIZE 12 + #define HASH_INIT sha3_256_init 13 + #define HASH_UPDATE sha3_update 14 + #define HASH_FINAL sha3_final 15 + #include "hash-test-template.h" 16 + 17 + /* 18 + * Sample message and the output generated for various algorithms by passing it 19 + * into "openssl sha3-224" etc.. 20 + */ 21 + static const u8 test_sha3_sample[] = 22 + "The quick red fox jumped over the lazy brown dog!\n" 23 + "The quick red fox jumped over the lazy brown dog!\n" 24 + "The quick red fox jumped over the lazy brown dog!\n" 25 + "The quick red fox jumped over the lazy brown dog!\n"; 26 + 27 + static const u8 test_sha3_224[8 + SHA3_224_DIGEST_SIZE + 8] = { 28 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */ 29 + 0xd6, 0xe8, 0xd8, 0x80, 0xfa, 0x42, 0x80, 0x70, 30 + 0x7e, 0x7f, 0xd7, 0xd2, 0xd7, 0x7a, 0x35, 0x65, 31 + 0xf0, 0x0b, 0x4f, 0x9f, 0x2a, 0x33, 0xca, 0x0a, 32 + 0xef, 0xa6, 0x4c, 0xb8, 33 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */ 34 + }; 35 + 36 + static const u8 test_sha3_256[8 + SHA3_256_DIGEST_SIZE + 8] = { 37 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */ 38 + 0xdb, 0x3b, 0xb0, 0xb8, 0x8d, 0x15, 0x78, 0xe5, 39 + 0x78, 0x76, 0x8e, 0x39, 0x7e, 0x89, 0x86, 0xb9, 40 + 0x14, 0x3a, 0x1e, 0xe7, 0x96, 0x7c, 0xf3, 0x25, 41 + 0x70, 0xbd, 0xc3, 0xa9, 0xae, 0x63, 0x71, 0x1d, 42 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */ 43 + }; 44 + 45 + static const u8 test_sha3_384[8 + SHA3_384_DIGEST_SIZE + 8] = { 46 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */ 47 + 0x2d, 0x4b, 0x29, 0x85, 0x19, 0x94, 0xaa, 0x31, 48 + 0x9b, 0x04, 0x9d, 0x6e, 0x79, 0x66, 0xc7, 0x56, 49 + 0x8a, 0x2e, 0x99, 0x84, 0x06, 0xcf, 0x10, 0x2d, 50 + 0xec, 0xf0, 0x03, 0x04, 0x1f, 0xd5, 0x99, 0x63, 51 + 0x2f, 0xc3, 0x2b, 0x0d, 0xd9, 0x45, 0xf7, 0xbb, 52 + 0x0a, 0xc3, 0x46, 0xab, 0xfe, 0x4d, 0x94, 0xc2, 53 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */ 54 + }; 55 + 56 + static const u8 test_sha3_512[8 + SHA3_512_DIGEST_SIZE + 8] = { 57 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */ 58 + 0xdd, 0x71, 0x3b, 0x44, 0xb6, 0x6c, 0xd7, 0x78, 59 + 0xe7, 0x93, 0xa1, 0x4c, 0xd7, 0x24, 0x16, 0xf1, 60 + 0xfd, 0xa2, 0x82, 0x4e, 0xed, 0x59, 0xe9, 0x83, 61 + 0x15, 0x38, 0x89, 0x7d, 0x39, 0x17, 0x0c, 0xb2, 62 + 0xcf, 0x12, 0x80, 0x78, 0xa1, 0x78, 0x41, 0xeb, 63 + 0xed, 0x21, 0x4c, 0xa4, 0x4a, 0x5f, 0x30, 0x1a, 64 + 0x70, 0x98, 0x4f, 0x14, 0xa2, 0xd1, 0x64, 0x1b, 65 + 0xc2, 0x0a, 0xff, 0x3b, 0xe8, 0x26, 0x41, 0x8f, 66 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */ 67 + }; 68 + 69 + static const u8 test_shake128[8 + SHAKE128_DEFAULT_SIZE + 8] = { 70 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */ 71 + 0x41, 0xd6, 0xb8, 0x9c, 0xf8, 0xe8, 0x54, 0xf2, 72 + 0x5c, 0xde, 0x51, 0x12, 0xaf, 0x9e, 0x0d, 0x91, 73 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */ 74 + }; 75 + 76 + static const u8 test_shake256[8 + SHAKE256_DEFAULT_SIZE + 8] = { 77 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */ 78 + 0xab, 0x06, 0xd4, 0xf9, 0x8b, 0xfd, 0xb2, 0xc4, 79 + 0xfe, 0xf1, 0xcc, 0xe2, 0x40, 0x45, 0xdd, 0x15, 80 + 0xcb, 0xdd, 0x02, 0x8d, 0xb7, 0x9f, 0x1e, 0x67, 81 + 0xd6, 0x7f, 0x98, 0x5e, 0x1b, 0x19, 0xf8, 0x01, 82 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */ 83 + }; 84 + 85 + static void test_sha3_224_basic(struct kunit *test) 86 + { 87 + u8 out[8 + SHA3_224_DIGEST_SIZE + 8]; 88 + 89 + BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_224)); 90 + 91 + memset(out, 0, sizeof(out)); 92 + sha3_224(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8); 93 + 94 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_224, sizeof(test_sha3_224), 95 + "SHA3-224 gives wrong output"); 96 + } 97 + 98 + static void test_sha3_256_basic(struct kunit *test) 99 + { 100 + u8 out[8 + SHA3_256_DIGEST_SIZE + 8]; 101 + 102 + BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_256)); 103 + 104 + memset(out, 0, sizeof(out)); 105 + sha3_256(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8); 106 + 107 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_256, sizeof(test_sha3_256), 108 + "SHA3-256 gives wrong output"); 109 + } 110 + 111 + static void test_sha3_384_basic(struct kunit *test) 112 + { 113 + u8 out[8 + SHA3_384_DIGEST_SIZE + 8]; 114 + 115 + BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_384)); 116 + 117 + memset(out, 0, sizeof(out)); 118 + sha3_384(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8); 119 + 120 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_384, sizeof(test_sha3_384), 121 + "SHA3-384 gives wrong output"); 122 + } 123 + 124 + static void test_sha3_512_basic(struct kunit *test) 125 + { 126 + u8 out[8 + SHA3_512_DIGEST_SIZE + 8]; 127 + 128 + BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_512)); 129 + 130 + memset(out, 0, sizeof(out)); 131 + sha3_512(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8); 132 + 133 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_512, sizeof(test_sha3_512), 134 + "SHA3-512 gives wrong output"); 135 + } 136 + 137 + static void test_shake128_basic(struct kunit *test) 138 + { 139 + u8 out[8 + SHAKE128_DEFAULT_SIZE + 8]; 140 + 141 + BUILD_BUG_ON(sizeof(out) != sizeof(test_shake128)); 142 + 143 + memset(out, 0, sizeof(out)); 144 + shake128(test_sha3_sample, sizeof(test_sha3_sample) - 1, 145 + out + 8, sizeof(out) - 16); 146 + 147 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake128, sizeof(test_shake128), 148 + "SHAKE128 gives wrong output"); 149 + } 150 + 151 + static void test_shake256_basic(struct kunit *test) 152 + { 153 + u8 out[8 + SHAKE256_DEFAULT_SIZE + 8]; 154 + 155 + BUILD_BUG_ON(sizeof(out) != sizeof(test_shake256)); 156 + 157 + memset(out, 0, sizeof(out)); 158 + shake256(test_sha3_sample, sizeof(test_sha3_sample) - 1, 159 + out + 8, sizeof(out) - 16); 160 + 161 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256, sizeof(test_shake256), 162 + "SHAKE256 gives wrong output"); 163 + } 164 + 165 + /* 166 + * Usable NIST tests. 167 + * 168 + * From: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values 169 + */ 170 + static const u8 test_nist_1600_sample[] = { 171 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 172 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 173 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 174 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 175 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 176 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 177 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 178 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 179 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 180 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 181 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 182 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 183 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 184 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 185 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 186 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 187 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 188 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 189 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 190 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 191 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 192 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 193 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 194 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 195 + 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3 196 + }; 197 + 198 + static const u8 test_shake128_nist_0[] = { 199 + 0x7f, 0x9c, 0x2b, 0xa4, 0xe8, 0x8f, 0x82, 0x7d, 200 + 0x61, 0x60, 0x45, 0x50, 0x76, 0x05, 0x85, 0x3e 201 + }; 202 + 203 + static const u8 test_shake128_nist_1600[] = { 204 + 0x13, 0x1a, 0xb8, 0xd2, 0xb5, 0x94, 0x94, 0x6b, 205 + 0x9c, 0x81, 0x33, 0x3f, 0x9b, 0xb6, 0xe0, 0xce, 206 + }; 207 + 208 + static const u8 test_shake256_nist_0[] = { 209 + 0x46, 0xb9, 0xdd, 0x2b, 0x0b, 0xa8, 0x8d, 0x13, 210 + 0x23, 0x3b, 0x3f, 0xeb, 0x74, 0x3e, 0xeb, 0x24, 211 + 0x3f, 0xcd, 0x52, 0xea, 0x62, 0xb8, 0x1b, 0x82, 212 + 0xb5, 0x0c, 0x27, 0x64, 0x6e, 0xd5, 0x76, 0x2f 213 + }; 214 + 215 + static const u8 test_shake256_nist_1600[] = { 216 + 0xcd, 0x8a, 0x92, 0x0e, 0xd1, 0x41, 0xaa, 0x04, 217 + 0x07, 0xa2, 0x2d, 0x59, 0x28, 0x86, 0x52, 0xe9, 218 + 0xd9, 0xf1, 0xa7, 0xee, 0x0c, 0x1e, 0x7c, 0x1c, 219 + 0xa6, 0x99, 0x42, 0x4d, 0xa8, 0x4a, 0x90, 0x4d, 220 + }; 221 + 222 + static void test_shake128_nist(struct kunit *test) 223 + { 224 + u8 out[SHAKE128_DEFAULT_SIZE]; 225 + 226 + shake128("", 0, out, sizeof(out)); 227 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake128_nist_0, sizeof(out), 228 + "SHAKE128 gives wrong output for NIST.0"); 229 + 230 + shake128(test_nist_1600_sample, sizeof(test_nist_1600_sample), 231 + out, sizeof(out)); 232 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake128_nist_1600, sizeof(out), 233 + "SHAKE128 gives wrong output for NIST.1600"); 234 + } 235 + 236 + static void test_shake256_nist(struct kunit *test) 237 + { 238 + u8 out[SHAKE256_DEFAULT_SIZE]; 239 + 240 + shake256("", 0, out, sizeof(out)); 241 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256_nist_0, sizeof(out), 242 + "SHAKE256 gives wrong output for NIST.0"); 243 + 244 + shake256(test_nist_1600_sample, sizeof(test_nist_1600_sample), 245 + out, sizeof(out)); 246 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256_nist_1600, sizeof(out), 247 + "SHAKE256 gives wrong output for NIST.1600"); 248 + } 249 + 250 + /* 251 + * Output tiling test of SHAKE256; equal output tiles barring the last. A 252 + * series of squeezings of the same context should, if laid end-to-end, match a 253 + * single squeezing of the combined size. 254 + */ 255 + static void test_shake256_tiling(struct kunit *test) 256 + { 257 + struct shake_ctx ctx; 258 + u8 out[8 + SHA3_512_DIGEST_SIZE + 8]; 259 + 260 + for (int tile_size = 1; tile_size < SHAKE256_DEFAULT_SIZE; tile_size++) { 261 + int left = SHAKE256_DEFAULT_SIZE; 262 + u8 *p = out + 8; 263 + 264 + memset(out, 0, sizeof(out)); 265 + shake256_init(&ctx); 266 + shake_update(&ctx, test_sha3_sample, 267 + sizeof(test_sha3_sample) - 1); 268 + while (left > 0) { 269 + int part = umin(tile_size, left); 270 + 271 + shake_squeeze(&ctx, p, part); 272 + p += part; 273 + left -= part; 274 + } 275 + 276 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256, sizeof(test_shake256), 277 + "SHAKE tile %u gives wrong output", tile_size); 278 + } 279 + } 280 + 281 + /* 282 + * Output tiling test of SHAKE256; output tiles getting gradually smaller and 283 + * then cycling round to medium sized ones. A series of squeezings of the same 284 + * context should, if laid end-to-end, match a single squeezing of the combined 285 + * size. 286 + */ 287 + static void test_shake256_tiling2(struct kunit *test) 288 + { 289 + struct shake_ctx ctx; 290 + u8 out[8 + SHA3_512_DIGEST_SIZE + 8]; 291 + 292 + for (int first_tile_size = 3; 293 + first_tile_size < SHAKE256_DEFAULT_SIZE; 294 + first_tile_size++) { 295 + int tile_size = first_tile_size; 296 + int left = SHAKE256_DEFAULT_SIZE; 297 + u8 *p = out + 8; 298 + 299 + memset(out, 0, sizeof(out)); 300 + shake256_init(&ctx); 301 + shake_update(&ctx, test_sha3_sample, 302 + sizeof(test_sha3_sample) - 1); 303 + while (left > 0) { 304 + int part = umin(tile_size, left); 305 + 306 + shake_squeeze(&ctx, p, part); 307 + p += part; 308 + left -= part; 309 + tile_size--; 310 + if (tile_size < 1) 311 + tile_size = 5; 312 + } 313 + 314 + KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256, sizeof(test_shake256), 315 + "SHAKE tile %u gives wrong output", tile_size); 316 + } 317 + } 318 + 319 + static struct kunit_case sha3_test_cases[] = { 320 + HASH_KUNIT_CASES, 321 + KUNIT_CASE(test_sha3_224_basic), 322 + KUNIT_CASE(test_sha3_256_basic), 323 + KUNIT_CASE(test_sha3_384_basic), 324 + KUNIT_CASE(test_sha3_512_basic), 325 + KUNIT_CASE(test_shake128_basic), 326 + KUNIT_CASE(test_shake256_basic), 327 + KUNIT_CASE(test_shake128_nist), 328 + KUNIT_CASE(test_shake256_nist), 329 + KUNIT_CASE(test_shake256_tiling), 330 + KUNIT_CASE(test_shake256_tiling2), 331 + KUNIT_CASE(benchmark_hash), 332 + {}, 333 + }; 334 + 335 + static struct kunit_suite sha3_test_suite = { 336 + .name = "sha3", 337 + .test_cases = sha3_test_cases, 338 + .suite_init = hash_suite_init, 339 + .suite_exit = hash_suite_exit, 340 + }; 341 + kunit_test_suite(sha3_test_suite); 342 + 343 + MODULE_DESCRIPTION("KUnit tests and benchmark for SHA3"); 344 + MODULE_LICENSE("GPL");
+3 -1
scripts/crypto/gen-hash-testvecs.py
··· 87 87 def alg_digest_size_const(alg): 88 88 if alg.startswith('blake2'): 89 89 return f'{alg.upper()}_HASH_SIZE' 90 - return f'{alg.upper()}_DIGEST_SIZE' 90 + return f'{alg.upper().replace('-', '_')}_DIGEST_SIZE' 91 91 92 92 def gen_unkeyed_testvecs(alg): 93 93 print('') ··· 167 167 gen_additional_blake2_testvecs(alg) 168 168 elif alg == 'poly1305': 169 169 gen_additional_poly1305_testvecs() 170 + elif alg.startswith('sha3-'): 171 + pass # no HMAC 170 172 else: 171 173 gen_hmac_testvecs(alg)