Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'libcrypto-tests-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux
Pull crypto library test updates from Eric Biggers:
- Add KUnit test suites for SHA-3, BLAKE2b, and POLYVAL. These are the
algorithms that have new crypto library interfaces this cycle.
- Remove the crypto_shash POLYVAL tests. They're no longer needed
because POLYVAL support was removed from crypto_shash. Better POLYVAL
test coverage is now provided via the KUnit test suite.
* tag 'libcrypto-tests-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux:
crypto: testmgr - Remove polyval tests
lib/crypto: tests: Add KUnit tests for POLYVAL
lib/crypto: tests: Add additional SHAKE tests
lib/crypto: tests: Add SHA3 kunit tests
lib/crypto: tests: Add KUnit tests for BLAKE2b
+1682
-198
+11
Documentation/crypto/sha3.rst
+11
Documentation/crypto/sha3.rst
···
107
107
void shake_zeroize_ctx(struct shake_ctx *ctx);
108
108
109
109
110
+
Testing
111
+
=======
112
+
113
+
To test the SHA-3 code, use sha3_kunit (CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST).
114
+
115
+
Since the SHA-3 algorithms are FIPS-approved, when the kernel is booted in FIPS
116
+
mode the SHA-3 library also performs a simple self-test. This is purely to meet
117
+
a FIPS requirement. Normal testing done by kernel developers and integrators
118
+
should use the much more comprehensive KUnit test suite instead.
119
+
120
+
110
121
References
111
122
==========
112
123
-4
crypto/tcrypt.c
-4
crypto/tcrypt.c
-6
crypto/testmgr.c
-6
crypto/testmgr.c
···
5371
5371
.test = alg_test_null,
5372
5372
.fips_allowed = 1,
5373
5373
}, {
5374
-
.alg = "polyval",
5375
-
.test = alg_test_hash,
5376
-
.suite = {
5377
-
.hash = __VECS(polyval_tv_template)
5378
-
}
5379
-
}, {
5380
5374
.alg = "rfc3686(ctr(aes))",
5381
5375
.test = alg_test_skcipher,
5382
5376
.fips_allowed = 1,
-171
crypto/testmgr.h
-171
crypto/testmgr.h
···
36237
36237
36238
36238
/*
36239
36239
* Test vectors generated using https://github.com/google/hctr2
36240
-
*
36241
-
* To ensure compatibility with RFC 8452, some tests were sourced from
36242
-
* https://datatracker.ietf.org/doc/html/rfc8452
36243
-
*/
36244
-
static const struct hash_testvec polyval_tv_template[] = {
36245
-
{ // From RFC 8452
36246
-
.key = "\x31\x07\x28\xd9\x91\x1f\x1f\x38"
36247
-
"\x37\xb2\x43\x16\xc3\xfa\xb9\xa0",
36248
-
.plaintext = "\x65\x78\x61\x6d\x70\x6c\x65\x00"
36249
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36250
-
"\x48\x65\x6c\x6c\x6f\x20\x77\x6f"
36251
-
"\x72\x6c\x64\x00\x00\x00\x00\x00"
36252
-
"\x38\x00\x00\x00\x00\x00\x00\x00"
36253
-
"\x58\x00\x00\x00\x00\x00\x00\x00",
36254
-
.digest = "\xad\x7f\xcf\x0b\x51\x69\x85\x16"
36255
-
"\x62\x67\x2f\x3c\x5f\x95\x13\x8f",
36256
-
.psize = 48,
36257
-
.ksize = 16,
36258
-
},
36259
-
{ // From RFC 8452
36260
-
.key = "\xd9\xb3\x60\x27\x96\x94\x94\x1a"
36261
-
"\xc5\xdb\xc6\x98\x7a\xda\x73\x77",
36262
-
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
36263
-
"\x00\x00\x00\x00\x00\x00\x00\x00",
36264
-
.digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
36265
-
"\x00\x00\x00\x00\x00\x00\x00\x00",
36266
-
.psize = 16,
36267
-
.ksize = 16,
36268
-
},
36269
-
{ // From RFC 8452
36270
-
.key = "\xd9\xb3\x60\x27\x96\x94\x94\x1a"
36271
-
"\xc5\xdb\xc6\x98\x7a\xda\x73\x77",
36272
-
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
36273
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36274
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36275
-
"\x40\x00\x00\x00\x00\x00\x00\x00",
36276
-
.digest = "\xeb\x93\xb7\x74\x09\x62\xc5\xe4"
36277
-
"\x9d\x2a\x90\xa7\xdc\x5c\xec\x74",
36278
-
.psize = 32,
36279
-
.ksize = 16,
36280
-
},
36281
-
{ // From RFC 8452
36282
-
.key = "\xd9\xb3\x60\x27\x96\x94\x94\x1a"
36283
-
"\xc5\xdb\xc6\x98\x7a\xda\x73\x77",
36284
-
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
36285
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36286
-
"\x02\x00\x00\x00\x00\x00\x00\x00"
36287
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36288
-
"\x03\x00\x00\x00\x00\x00\x00\x00"
36289
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36290
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36291
-
"\x80\x01\x00\x00\x00\x00\x00\x00",
36292
-
.digest = "\x81\x38\x87\x46\xbc\x22\xd2\x6b"
36293
-
"\x2a\xbc\x3d\xcb\x15\x75\x42\x22",
36294
-
.psize = 64,
36295
-
.ksize = 16,
36296
-
},
36297
-
{ // From RFC 8452
36298
-
.key = "\xd9\xb3\x60\x27\x96\x94\x94\x1a"
36299
-
"\xc5\xdb\xc6\x98\x7a\xda\x73\x77",
36300
-
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
36301
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36302
-
"\x02\x00\x00\x00\x00\x00\x00\x00"
36303
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36304
-
"\x03\x00\x00\x00\x00\x00\x00\x00"
36305
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36306
-
"\x04\x00\x00\x00\x00\x00\x00\x00"
36307
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36308
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36309
-
"\x00\x02\x00\x00\x00\x00\x00\x00",
36310
-
.digest = "\x1e\x39\xb6\xd3\x34\x4d\x34\x8f"
36311
-
"\x60\x44\xf8\x99\x35\xd1\xcf\x78",
36312
-
.psize = 80,
36313
-
.ksize = 16,
36314
-
},
36315
-
{ // From RFC 8452
36316
-
.key = "\xd9\xb3\x60\x27\x96\x94\x94\x1a"
36317
-
"\xc5\xdb\xc6\x98\x7a\xda\x73\x77",
36318
-
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
36319
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36320
-
"\x02\x00\x00\x00\x00\x00\x00\x00"
36321
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36322
-
"\x03\x00\x00\x00\x00\x00\x00\x00"
36323
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36324
-
"\x04\x00\x00\x00\x00\x00\x00\x00"
36325
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36326
-
"\x05\x00\x00\x00\x00\x00\x00\x00"
36327
-
"\x00\x00\x00\x00\x00\x00\x00\x00"
36328
-
"\x08\x00\x00\x00\x00\x00\x00\x00"
36329
-
"\x00\x02\x00\x00\x00\x00\x00\x00",
36330
-
.digest = "\xff\xcd\x05\xd5\x77\x0f\x34\xad"
36331
-
"\x92\x67\xf0\xa5\x99\x94\xb1\x5a",
36332
-
.psize = 96,
36333
-
.ksize = 16,
36334
-
},
36335
-
{ // Random ( 1)
36336
-
.key = "\x90\xcc\xac\xee\xba\xd7\xd4\x68"
36337
-
"\x98\xa6\x79\x70\xdf\x66\x15\x6c",
36338
-
.plaintext = "",
36339
-
.digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
36340
-
"\x00\x00\x00\x00\x00\x00\x00\x00",
36341
-
.psize = 0,
36342
-
.ksize = 16,
36343
-
},
36344
-
{ // Random ( 1)
36345
-
.key = "\xc1\x45\x71\xf0\x30\x07\x94\xe7"
36346
-
"\x3a\xdd\xe4\xc6\x19\x2d\x02\xa2",
36347
-
.plaintext = "\xc1\x5d\x47\xc7\x4c\x7c\x5e\x07"
36348
-
"\x85\x14\x8f\x79\xcc\x73\x83\xf7"
36349
-
"\x35\xb8\xcb\x73\x61\xf0\x53\x31"
36350
-
"\xbf\x84\xde\xb6\xde\xaf\xb0\xb8"
36351
-
"\xb7\xd9\x11\x91\x89\xfd\x1e\x4c"
36352
-
"\x84\x4a\x1f\x2a\x87\xa4\xaf\x62"
36353
-
"\x8d\x7d\x58\xf6\x43\x35\xfc\x53"
36354
-
"\x8f\x1a\xf6\x12\xe1\x13\x3f\x66"
36355
-
"\x91\x4b\x13\xd6\x45\xfb\xb0\x7a"
36356
-
"\xe0\x8b\x8e\x99\xf7\x86\x46\x37"
36357
-
"\xd1\x22\x9e\x52\xf3\x3f\xd9\x75"
36358
-
"\x2c\x2c\xc6\xbb\x0e\x08\x14\x29"
36359
-
"\xe8\x50\x2f\xd8\xbe\xf4\xe9\x69"
36360
-
"\x4a\xee\xf7\xae\x15\x65\x35\x1e",
36361
-
.digest = "\x00\x4f\x5d\xe9\x3b\xc0\xd6\x50"
36362
-
"\x3e\x38\x73\x86\xc6\xda\xca\x7f",
36363
-
.psize = 112,
36364
-
.ksize = 16,
36365
-
},
36366
-
{ // Random ( 1)
36367
-
.key = "\x37\xbe\x68\x16\x50\xb9\x4e\xb0"
36368
-
"\x47\xde\xe2\xbd\xde\xe4\x48\x09",
36369
-
.plaintext = "\x87\xfc\x68\x9f\xff\xf2\x4a\x1e"
36370
-
"\x82\x3b\x73\x8f\xc1\xb2\x1b\x7a"
36371
-
"\x6c\x4f\x81\xbc\x88\x9b\x6c\xa3"
36372
-
"\x9c\xc2\xa5\xbc\x14\x70\x4c\x9b"
36373
-
"\x0c\x9f\x59\x92\x16\x4b\x91\x3d"
36374
-
"\x18\x55\x22\x68\x12\x8c\x63\xb2"
36375
-
"\x51\xcb\x85\x4b\xd2\xae\x0b\x1c"
36376
-
"\x5d\x28\x9d\x1d\xb1\xc8\xf0\x77"
36377
-
"\xe9\xb5\x07\x4e\x06\xc8\xee\xf8"
36378
-
"\x1b\xed\x72\x2a\x55\x7d\x16\xc9"
36379
-
"\xf2\x54\xe7\xe9\xe0\x44\x5b\x33"
36380
-
"\xb1\x49\xee\xff\x43\xfb\x82\xcd"
36381
-
"\x4a\x70\x78\x81\xa4\x34\x36\xe8"
36382
-
"\x4c\x28\x54\xa6\x6c\xc3\x6b\x78"
36383
-
"\xe7\xc0\x5d\xc6\x5d\x81\xab\x70"
36384
-
"\x08\x86\xa1\xfd\xf4\x77\x55\xfd"
36385
-
"\xa3\xe9\xe2\x1b\xdf\x99\xb7\x80"
36386
-
"\xf9\x0a\x4f\x72\x4a\xd3\xaf\xbb"
36387
-
"\xb3\x3b\xeb\x08\x58\x0f\x79\xce"
36388
-
"\xa5\x99\x05\x12\x34\xd4\xf4\x86"
36389
-
"\x37\x23\x1d\xc8\x49\xc0\x92\xae"
36390
-
"\xa6\xac\x9b\x31\x55\xed\x15\xc6"
36391
-
"\x05\x17\x37\x8d\x90\x42\xe4\x87"
36392
-
"\x89\x62\x88\x69\x1c\x6a\xfd\xe3"
36393
-
"\x00\x2b\x47\x1a\x73\xc1\x51\xc2"
36394
-
"\xc0\x62\x74\x6a\x9e\xb2\xe5\x21"
36395
-
"\xbe\x90\xb5\xb0\x50\xca\x88\x68"
36396
-
"\xe1\x9d\x7a\xdf\x6c\xb7\xb9\x98"
36397
-
"\xee\x28\x62\x61\x8b\xd1\x47\xf9"
36398
-
"\x04\x7a\x0b\x5d\xcd\x2b\x65\xf5"
36399
-
"\x12\xa3\xfe\x1a\xaa\x2c\x78\x42"
36400
-
"\xb8\xbe\x7d\x74\xeb\x59\xba\xba",
36401
-
.digest = "\xae\x11\xd4\x60\x2a\x5f\x9e\x42"
36402
-
"\x89\x04\xc2\x34\x8d\x55\x94\x0a",
36403
-
.psize = 256,
36404
-
.ksize = 16,
36405
-
},
36406
-
36407
-
};
36408
-
36409
-
/*
36410
-
* Test vectors generated using https://github.com/google/hctr2
36411
36240
*/
36412
36241
static const struct cipher_testvec aes_hctr2_tv_template[] = {
36413
36242
{
+29
lib/crypto/tests/Kconfig
+29
lib/crypto/tests/Kconfig
···
1
1
# SPDX-License-Identifier: GPL-2.0-or-later
2
2
3
+
config CRYPTO_LIB_BLAKE2B_KUNIT_TEST
4
+
tristate "KUnit tests for BLAKE2b" if !KUNIT_ALL_TESTS
5
+
depends on KUNIT
6
+
default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS
7
+
select CRYPTO_LIB_BENCHMARK_VISIBLE
8
+
select CRYPTO_LIB_BLAKE2B
9
+
help
10
+
KUnit tests for the BLAKE2b cryptographic hash function.
11
+
3
12
config CRYPTO_LIB_BLAKE2S_KUNIT_TEST
4
13
tristate "KUnit tests for BLAKE2s" if !KUNIT_ALL_TESTS
5
14
depends on KUNIT
···
47
38
help
48
39
KUnit tests for the Poly1305 library functions.
49
40
41
+
config CRYPTO_LIB_POLYVAL_KUNIT_TEST
42
+
tristate "KUnit tests for POLYVAL" if !KUNIT_ALL_TESTS
43
+
depends on KUNIT
44
+
default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS
45
+
select CRYPTO_LIB_BENCHMARK_VISIBLE
46
+
select CRYPTO_LIB_POLYVAL
47
+
help
48
+
KUnit tests for the POLYVAL library functions.
49
+
50
50
config CRYPTO_LIB_SHA1_KUNIT_TEST
51
51
tristate "KUnit tests for SHA-1" if !KUNIT_ALL_TESTS
52
52
depends on KUNIT
···
89
71
help
90
72
KUnit tests for the SHA-384 and SHA-512 cryptographic hash functions
91
73
and their corresponding HMACs.
74
+
75
+
config CRYPTO_LIB_SHA3_KUNIT_TEST
76
+
tristate "KUnit tests for SHA-3" if !KUNIT_ALL_TESTS
77
+
depends on KUNIT
78
+
default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS
79
+
select CRYPTO_LIB_BENCHMARK_VISIBLE
80
+
select CRYPTO_LIB_SHA3
81
+
help
82
+
KUnit tests for the SHA3 cryptographic hash and XOF functions,
83
+
including SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and
84
+
SHAKE256.
92
85
93
86
config CRYPTO_LIB_BENCHMARK_VISIBLE
94
87
bool
+3
lib/crypto/tests/Makefile
+3
lib/crypto/tests/Makefile
···
1
1
# SPDX-License-Identifier: GPL-2.0-or-later
2
2
3
+
obj-$(CONFIG_CRYPTO_LIB_BLAKE2B_KUNIT_TEST) += blake2b_kunit.o
3
4
obj-$(CONFIG_CRYPTO_LIB_BLAKE2S_KUNIT_TEST) += blake2s_kunit.o
4
5
obj-$(CONFIG_CRYPTO_LIB_CURVE25519_KUNIT_TEST) += curve25519_kunit.o
5
6
obj-$(CONFIG_CRYPTO_LIB_MD5_KUNIT_TEST) += md5_kunit.o
6
7
obj-$(CONFIG_CRYPTO_LIB_POLY1305_KUNIT_TEST) += poly1305_kunit.o
8
+
obj-$(CONFIG_CRYPTO_LIB_POLYVAL_KUNIT_TEST) += polyval_kunit.o
7
9
obj-$(CONFIG_CRYPTO_LIB_SHA1_KUNIT_TEST) += sha1_kunit.o
8
10
obj-$(CONFIG_CRYPTO_LIB_SHA256_KUNIT_TEST) += sha224_kunit.o sha256_kunit.o
9
11
obj-$(CONFIG_CRYPTO_LIB_SHA512_KUNIT_TEST) += sha384_kunit.o sha512_kunit.o
12
+
obj-$(CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST) += sha3_kunit.o
+342
lib/crypto/tests/blake2b-testvecs.h
+342
lib/crypto/tests/blake2b-testvecs.h
···
1
+
/* SPDX-License-Identifier: GPL-2.0-or-later */
2
+
/* This file was generated by: ./scripts/crypto/gen-hash-testvecs.py blake2b */
3
+
4
+
static const struct {
5
+
size_t data_len;
6
+
u8 digest[BLAKE2B_HASH_SIZE];
7
+
} hash_testvecs[] = {
8
+
{
9
+
.data_len = 0,
10
+
.digest = {
11
+
0x78, 0x6a, 0x02, 0xf7, 0x42, 0x01, 0x59, 0x03,
12
+
0xc6, 0xc6, 0xfd, 0x85, 0x25, 0x52, 0xd2, 0x72,
13
+
0x91, 0x2f, 0x47, 0x40, 0xe1, 0x58, 0x47, 0x61,
14
+
0x8a, 0x86, 0xe2, 0x17, 0xf7, 0x1f, 0x54, 0x19,
15
+
0xd2, 0x5e, 0x10, 0x31, 0xaf, 0xee, 0x58, 0x53,
16
+
0x13, 0x89, 0x64, 0x44, 0x93, 0x4e, 0xb0, 0x4b,
17
+
0x90, 0x3a, 0x68, 0x5b, 0x14, 0x48, 0xb7, 0x55,
18
+
0xd5, 0x6f, 0x70, 0x1a, 0xfe, 0x9b, 0xe2, 0xce,
19
+
},
20
+
},
21
+
{
22
+
.data_len = 1,
23
+
.digest = {
24
+
0x6f, 0x2e, 0xcc, 0x83, 0x53, 0xa3, 0x20, 0x16,
25
+
0x5b, 0xda, 0xd0, 0x04, 0xd3, 0xcb, 0xe4, 0x37,
26
+
0x5b, 0xf0, 0x84, 0x36, 0xe1, 0xad, 0x45, 0xcc,
27
+
0x4d, 0x7f, 0x09, 0x68, 0xb2, 0x62, 0x93, 0x7f,
28
+
0x72, 0x32, 0xe8, 0xa7, 0x2f, 0x1f, 0x6f, 0xc6,
29
+
0x14, 0xd6, 0x70, 0xae, 0x0c, 0xf0, 0xf3, 0xce,
30
+
0x64, 0x4d, 0x22, 0xdf, 0xc7, 0xa7, 0xf8, 0xa8,
31
+
0x18, 0x23, 0xd8, 0x6c, 0xaf, 0x65, 0xa2, 0x54,
32
+
},
33
+
},
34
+
{
35
+
.data_len = 2,
36
+
.digest = {
37
+
0x04, 0x13, 0xe2, 0x10, 0xbe, 0x65, 0xde, 0xce,
38
+
0x61, 0xa8, 0xe0, 0xd6, 0x35, 0xb1, 0xb8, 0x88,
39
+
0xd2, 0xea, 0x45, 0x3a, 0xe1, 0x8d, 0x94, 0xb5,
40
+
0x66, 0x06, 0x98, 0x96, 0x39, 0xf8, 0x0e, 0xcb,
41
+
0x34, 0xa6, 0xa8, 0x17, 0xfe, 0x56, 0xbc, 0xa9,
42
+
0x5e, 0x1b, 0xb1, 0xde, 0x3c, 0xc7, 0x78, 0x4f,
43
+
0x39, 0xc6, 0xfc, 0xa8, 0xb3, 0x27, 0x66, 0x3e,
44
+
0x4e, 0xb5, 0x5d, 0x08, 0x89, 0xee, 0xd1, 0xe0,
45
+
},
46
+
},
47
+
{
48
+
.data_len = 3,
49
+
.digest = {
50
+
0x2b, 0x4a, 0xa3, 0x4e, 0x2b, 0x7a, 0x47, 0x20,
51
+
0x30, 0x5b, 0x09, 0x17, 0x3a, 0xf4, 0xcc, 0xf0,
52
+
0xf7, 0x7b, 0x97, 0x68, 0x98, 0x9f, 0x4f, 0x09,
53
+
0x46, 0x25, 0xe7, 0xd6, 0x53, 0x6b, 0xf9, 0x68,
54
+
0x48, 0x12, 0x44, 0x8c, 0x9a, 0xc8, 0xd4, 0x42,
55
+
0xeb, 0x2c, 0x5f, 0x41, 0xba, 0x17, 0xd0, 0xc3,
56
+
0xad, 0xfd, 0xfb, 0x42, 0x33, 0xcb, 0x08, 0x5d,
57
+
0xd2, 0x5c, 0x3d, 0xde, 0x87, 0x4d, 0xd6, 0xe4,
58
+
},
59
+
},
60
+
{
61
+
.data_len = 16,
62
+
.digest = {
63
+
0xbf, 0x40, 0xf2, 0x38, 0x44, 0x8e, 0x24, 0x5e,
64
+
0xbc, 0x67, 0xbb, 0xf0, 0x10, 0x9a, 0x79, 0xbb,
65
+
0x36, 0x55, 0xce, 0xd2, 0xba, 0x04, 0x0d, 0xe8,
66
+
0x30, 0x29, 0x5c, 0x2a, 0xa6, 0x3a, 0x4f, 0x37,
67
+
0xac, 0x5f, 0xd4, 0x13, 0xa2, 0xf4, 0xfe, 0x80,
68
+
0x61, 0xd7, 0x58, 0x66, 0x0c, 0x7f, 0xa2, 0x56,
69
+
0x6b, 0x52, 0x7c, 0x22, 0x73, 0x7f, 0x17, 0xaa,
70
+
0x91, 0x5a, 0x22, 0x06, 0xd9, 0x00, 0x48, 0x12,
71
+
},
72
+
},
73
+
{
74
+
.data_len = 32,
75
+
.digest = {
76
+
0x41, 0x04, 0x65, 0x93, 0x81, 0x9a, 0x20, 0x0a,
77
+
0x00, 0x60, 0x00, 0x64, 0x4c, 0x04, 0x3d, 0xe0,
78
+
0x6b, 0x17, 0x0c, 0xe1, 0x0e, 0x28, 0x8b, 0xa0,
79
+
0x76, 0xd2, 0x79, 0xb0, 0x33, 0x60, 0x61, 0x27,
80
+
0xf2, 0x64, 0xf1, 0x8a, 0xe5, 0x3e, 0xaa, 0x37,
81
+
0x60, 0xad, 0x2d, 0x75, 0x13, 0xae, 0xd8, 0x9e,
82
+
0xec, 0xe0, 0xe4, 0x40, 0x2f, 0x59, 0x44, 0xb0,
83
+
0x66, 0x7a, 0x68, 0x38, 0xce, 0x21, 0x99, 0x2a,
84
+
},
85
+
},
86
+
{
87
+
.data_len = 48,
88
+
.digest = {
89
+
0x19, 0x6f, 0x9d, 0xc7, 0x87, 0x12, 0x5c, 0xa3,
90
+
0xe2, 0xd3, 0xf1, 0x82, 0xec, 0xf3, 0x55, 0x9c,
91
+
0x86, 0xd1, 0x6d, 0xde, 0xcf, 0x5b, 0xec, 0x4c,
92
+
0x43, 0x25, 0x85, 0x90, 0xef, 0xe8, 0xe3, 0x5f,
93
+
0x2c, 0x3a, 0x84, 0x07, 0xb8, 0x55, 0xfd, 0x5e,
94
+
0xa4, 0x45, 0xf2, 0xac, 0xe4, 0xbd, 0xc7, 0x96,
95
+
0x80, 0x59, 0x3e, 0xc9, 0xb1, 0x60, 0xb1, 0x2b,
96
+
0x17, 0x49, 0x7d, 0x3e, 0x7d, 0x4d, 0x70, 0x24,
97
+
},
98
+
},
99
+
{
100
+
.data_len = 49,
101
+
.digest = {
102
+
0x73, 0x72, 0xd5, 0x0a, 0x97, 0xb4, 0x7d, 0xdb,
103
+
0x05, 0x14, 0x8e, 0x40, 0xc2, 0x9a, 0x8a, 0x74,
104
+
0x4b, 0xda, 0x7e, 0xfc, 0x97, 0x57, 0x23, 0x39,
105
+
0xdc, 0x57, 0x09, 0x13, 0x24, 0xfc, 0xf3, 0x23,
106
+
0x55, 0x48, 0xdd, 0xe5, 0x07, 0x9a, 0x6f, 0x7b,
107
+
0x62, 0xea, 0x4d, 0x79, 0xb4, 0xb9, 0xc5, 0x86,
108
+
0xc0, 0x34, 0xd6, 0xd2, 0x6c, 0xc3, 0x94, 0xfb,
109
+
0x34, 0xd6, 0x62, 0xae, 0xb8, 0x99, 0xf1, 0x38,
110
+
},
111
+
},
112
+
{
113
+
.data_len = 63,
114
+
.digest = {
115
+
0x42, 0x3a, 0xe3, 0xa2, 0xae, 0x5a, 0x28, 0xce,
116
+
0xf1, 0x3c, 0x97, 0xc2, 0x34, 0xf6, 0xb5, 0x1e,
117
+
0xfc, 0x31, 0xb4, 0x04, 0x61, 0xb7, 0x54, 0x0b,
118
+
0x0d, 0x1a, 0x22, 0x9c, 0x04, 0x67, 0x5c, 0x4c,
119
+
0x75, 0x1b, 0x10, 0x0b, 0x99, 0xe2, 0xb1, 0x5e,
120
+
0x5d, 0x4b, 0x7a, 0xe6, 0xf6, 0xb5, 0x62, 0xee,
121
+
0x2d, 0x44, 0x57, 0xb2, 0x96, 0x73, 0x5e, 0xb9,
122
+
0x6a, 0xb2, 0xb3, 0x16, 0xa3, 0xd9, 0x6a, 0x60,
123
+
},
124
+
},
125
+
{
126
+
.data_len = 64,
127
+
.digest = {
128
+
0x50, 0xb9, 0xbe, 0xb2, 0x69, 0x07, 0x45, 0x5b,
129
+
0x59, 0xde, 0x8d, 0xbf, 0x08, 0xdc, 0x2e, 0x7f,
130
+
0x93, 0x29, 0xc1, 0x91, 0xe8, 0x74, 0x03, 0x89,
131
+
0x20, 0xfb, 0xb2, 0x4b, 0xe8, 0x68, 0x6f, 0xe1,
132
+
0xb4, 0x30, 0xbe, 0x11, 0x3c, 0x43, 0x19, 0x66,
133
+
0x72, 0x78, 0xb7, 0xf4, 0xe9, 0x09, 0x18, 0x4e,
134
+
0xae, 0x4a, 0x24, 0xe0, 0x6f, 0x44, 0x02, 0xe3,
135
+
0xfd, 0xda, 0xb3, 0x3e, 0x3c, 0x6d, 0x54, 0x2e,
136
+
},
137
+
},
138
+
{
139
+
.data_len = 65,
140
+
.digest = {
141
+
0xd6, 0xf2, 0xa9, 0x61, 0x3f, 0xce, 0x2a, 0x68,
142
+
0x19, 0x86, 0xff, 0xd1, 0xee, 0x89, 0x3b, 0xa4,
143
+
0x10, 0x9a, 0x91, 0x50, 0x35, 0x48, 0x9e, 0xf5,
144
+
0x9c, 0x95, 0xe0, 0xfb, 0x92, 0x0f, 0xa8, 0xf7,
145
+
0x6c, 0x43, 0x85, 0xf1, 0x6e, 0x11, 0x4e, 0x67,
146
+
0x78, 0xd7, 0x53, 0x25, 0x0c, 0xf8, 0xce, 0x38,
147
+
0x74, 0x08, 0xb0, 0x3c, 0x53, 0x20, 0x4d, 0xc4,
148
+
0x9a, 0xf5, 0x78, 0xe8, 0x41, 0x8f, 0xed, 0x1f,
149
+
},
150
+
},
151
+
{
152
+
.data_len = 127,
153
+
.digest = {
154
+
0xe8, 0xb2, 0xc5, 0xa7, 0xf5, 0xfa, 0xee, 0xa0,
155
+
0x57, 0xba, 0x58, 0xf9, 0x0a, 0xf2, 0x64, 0x16,
156
+
0xa8, 0xa6, 0x03, 0x85, 0x3b, 0xb8, 0x6f, 0xca,
157
+
0x76, 0xc3, 0xa1, 0x2b, 0xec, 0xef, 0xc4, 0x66,
158
+
0x11, 0xdf, 0x03, 0x85, 0x9d, 0x0c, 0x37, 0x7b,
159
+
0xa9, 0x7b, 0x44, 0xfb, 0x11, 0x8f, 0x3f, 0x71,
160
+
0xcd, 0x81, 0x43, 0x2e, 0x71, 0x5c, 0x54, 0x9f,
161
+
0xca, 0x0f, 0x01, 0x91, 0xca, 0xaa, 0x93, 0xe9,
162
+
},
163
+
},
164
+
{
165
+
.data_len = 128,
166
+
.digest = {
167
+
0x05, 0x8e, 0x9d, 0xdc, 0xe9, 0x36, 0x3e, 0x73,
168
+
0x63, 0x59, 0x69, 0x81, 0x0b, 0x8c, 0xc7, 0x9e,
169
+
0xcc, 0xe7, 0x9c, 0x19, 0x54, 0xa7, 0x2f, 0x86,
170
+
0xb5, 0xea, 0xae, 0x6d, 0xfe, 0x4e, 0x6e, 0x83,
171
+
0x8d, 0x1a, 0x1c, 0x70, 0x3f, 0x34, 0xa1, 0x04,
172
+
0x59, 0xd1, 0xbb, 0xaa, 0x58, 0xf7, 0xce, 0xfb,
173
+
0x86, 0x66, 0x22, 0xfc, 0x78, 0x74, 0x6e, 0x85,
174
+
0xf1, 0x59, 0x7d, 0x9e, 0x1c, 0x3b, 0xc6, 0x65,
175
+
},
176
+
},
177
+
{
178
+
.data_len = 129,
179
+
.digest = {
180
+
0x6b, 0x1f, 0x7c, 0x9a, 0x65, 0x7f, 0x09, 0x61,
181
+
0xe5, 0x04, 0x9a, 0xf1, 0x4b, 0x36, 0x8e, 0x41,
182
+
0x86, 0xcf, 0x86, 0x19, 0xd8, 0xc9, 0x34, 0x70,
183
+
0x67, 0xd1, 0x03, 0x72, 0x12, 0xf7, 0x27, 0x92,
184
+
0x2e, 0x3d, 0x2b, 0x54, 0x9a, 0x48, 0xa4, 0xc2,
185
+
0x61, 0xea, 0x6a, 0xe8, 0xdd, 0x07, 0x41, 0x85,
186
+
0x58, 0x6d, 0xcd, 0x12, 0x0d, 0xbc, 0xb1, 0x23,
187
+
0xb2, 0xdb, 0x24, 0x1f, 0xc4, 0xa7, 0xae, 0xda,
188
+
},
189
+
},
190
+
{
191
+
.data_len = 256,
192
+
.digest = {
193
+
0x50, 0xd8, 0xdc, 0xb2, 0x50, 0x24, 0x7a, 0x49,
194
+
0xb1, 0x00, 0x73, 0x16, 0x1f, 0xce, 0xf9, 0xe8,
195
+
0x77, 0x0a, 0x27, 0x74, 0xc7, 0xeb, 0xf0, 0x62,
196
+
0xb9, 0xf3, 0x24, 0xa6, 0x03, 0x18, 0x40, 0xde,
197
+
0x9b, 0x1d, 0xa8, 0xd0, 0xbf, 0x66, 0xa3, 0xc1,
198
+
0x31, 0x04, 0x95, 0xc7, 0xc3, 0xb7, 0x11, 0xe2,
199
+
0x1e, 0x31, 0x49, 0x98, 0x06, 0xab, 0xf0, 0xe6,
200
+
0x5c, 0xac, 0x88, 0x28, 0x0b, 0x3d, 0xb2, 0xc2,
201
+
},
202
+
},
203
+
{
204
+
.data_len = 511,
205
+
.digest = {
206
+
0xd4, 0x2b, 0x6b, 0x9e, 0xfc, 0x44, 0xc0, 0x90,
207
+
0x64, 0x77, 0x5d, 0xf3, 0x44, 0xb6, 0x92, 0x8f,
208
+
0x80, 0xe2, 0xe4, 0x9b, 0xaf, 0x49, 0x04, 0xea,
209
+
0x29, 0xf7, 0x4a, 0x33, 0x3f, 0xc7, 0x3b, 0xab,
210
+
0xa1, 0x71, 0x7f, 0xa2, 0x8e, 0x03, 0xa0, 0xd6,
211
+
0xa7, 0xcd, 0xe0, 0xf8, 0xd7, 0x3b, 0xa4, 0x0d,
212
+
0x84, 0x79, 0x12, 0x72, 0x3f, 0x8e, 0x48, 0x35,
213
+
0x76, 0x4f, 0x56, 0xe9, 0x21, 0x40, 0x19, 0xbe,
214
+
},
215
+
},
216
+
{
217
+
.data_len = 513,
218
+
.digest = {
219
+
0x84, 0xd4, 0xd8, 0x6c, 0x60, 0x3d, 0x6e, 0xfd,
220
+
0x84, 0xb7, 0xdf, 0xba, 0x13, 0x5e, 0x07, 0x94,
221
+
0x5b, 0x6b, 0x62, 0x1d, 0x82, 0x02, 0xa7, 0xb3,
222
+
0x21, 0xdf, 0x42, 0x20, 0x85, 0xa8, 0x6f, 0x30,
223
+
0xf7, 0x03, 0xba, 0x66, 0x0e, 0xa6, 0x42, 0x21,
224
+
0x37, 0xe8, 0xed, 0x5b, 0x22, 0xf5, 0x4e, 0xa5,
225
+
0xe5, 0x80, 0x1b, 0x47, 0xf0, 0x49, 0xb3, 0xe5,
226
+
0x6e, 0xd9, 0xd9, 0x95, 0x3d, 0x2e, 0x42, 0x13,
227
+
},
228
+
},
229
+
{
230
+
.data_len = 1000,
231
+
.digest = {
232
+
0x71, 0x17, 0xab, 0x93, 0xfe, 0x3b, 0xa4, 0xe6,
233
+
0xcb, 0xb0, 0xea, 0x95, 0xe7, 0x1a, 0x01, 0xc0,
234
+
0x12, 0x33, 0xfe, 0xcc, 0x79, 0x15, 0xae, 0x56,
235
+
0xd2, 0x70, 0x44, 0x60, 0x54, 0x42, 0xa8, 0x69,
236
+
0x7e, 0xc3, 0x90, 0xa0, 0x0c, 0x63, 0x39, 0xff,
237
+
0x55, 0x53, 0xb8, 0x46, 0xef, 0x06, 0xcb, 0xba,
238
+
0x73, 0xf4, 0x76, 0x22, 0xf1, 0x60, 0x98, 0xbc,
239
+
0xbf, 0x76, 0x95, 0x85, 0x13, 0x1d, 0x11, 0x3b,
240
+
},
241
+
},
242
+
{
243
+
.data_len = 3333,
244
+
.digest = {
245
+
0x3a, 0xaa, 0x85, 0xa0, 0x8c, 0x8e, 0xe1, 0x9c,
246
+
0x9b, 0x43, 0x72, 0x7f, 0x40, 0x88, 0x3b, 0xd1,
247
+
0xc4, 0xd8, 0x2b, 0x69, 0xa6, 0x74, 0x47, 0x69,
248
+
0x5f, 0x7d, 0xab, 0x75, 0xa9, 0xf9, 0x88, 0x54,
249
+
0xce, 0x57, 0xcc, 0x9d, 0xac, 0x13, 0x91, 0xdb,
250
+
0x6d, 0x5c, 0xd8, 0xf4, 0x35, 0xc9, 0x30, 0xf0,
251
+
0x4b, 0x91, 0x25, 0xab, 0x92, 0xa8, 0xc8, 0x6f,
252
+
0xa0, 0xeb, 0x71, 0x56, 0x95, 0xab, 0xfd, 0xd7,
253
+
},
254
+
},
255
+
{
256
+
.data_len = 4096,
257
+
.digest = {
258
+
0xe1, 0xe9, 0xbe, 0x6c, 0x96, 0xe2, 0xe8, 0xa6,
259
+
0x53, 0xcd, 0x79, 0x77, 0x57, 0x51, 0x2f, 0xb2,
260
+
0x9f, 0xfc, 0x09, 0xaa, 0x2c, 0xbc, 0x6c, 0x5f,
261
+
0xb0, 0xf2, 0x12, 0x39, 0x54, 0xd7, 0x27, 0xf8,
262
+
0x33, 0x5d, 0xd4, 0x8a, 0xca, 0xd8, 0x2e, 0xbb,
263
+
0x02, 0x82, 0xca, 0x1b, 0x54, 0xfa, 0xd6, 0xf4,
264
+
0x49, 0x63, 0xfc, 0xc8, 0x73, 0xd4, 0x26, 0x8d,
265
+
0x4f, 0x1c, 0x56, 0xa7, 0xf4, 0x58, 0x6f, 0x51,
266
+
},
267
+
},
268
+
{
269
+
.data_len = 4128,
270
+
.digest = {
271
+
0xf2, 0xf6, 0xe1, 0x16, 0x98, 0x69, 0x74, 0x5f,
272
+
0x6c, 0xc4, 0x9d, 0x34, 0xa2, 0x84, 0x5d, 0x47,
273
+
0xac, 0x39, 0xe0, 0x14, 0x2d, 0x78, 0xfa, 0x27,
274
+
0xd5, 0x18, 0xaf, 0x26, 0x89, 0xa4, 0x69, 0xd3,
275
+
0x56, 0xde, 0xfe, 0x4b, 0x9f, 0x0c, 0x9d, 0x5a,
276
+
0x9a, 0x73, 0x3e, 0x3c, 0x76, 0x4b, 0x96, 0xca,
277
+
0x49, 0xda, 0x05, 0x8c, 0x53, 0xbb, 0x85, 0x89,
278
+
0x60, 0xc7, 0xe0, 0xb3, 0x51, 0x18, 0xd2, 0xd2,
279
+
},
280
+
},
281
+
{
282
+
.data_len = 4160,
283
+
.digest = {
284
+
0xfc, 0x5c, 0xcf, 0xbf, 0x29, 0xe3, 0x01, 0xef,
285
+
0x4b, 0x40, 0x70, 0x01, 0xca, 0x4d, 0x46, 0xce,
286
+
0xa9, 0x95, 0x5d, 0xb4, 0xf1, 0x79, 0x29, 0xdb,
287
+
0xac, 0x32, 0x3d, 0xd9, 0x60, 0x9e, 0x6b, 0xb8,
288
+
0x28, 0x62, 0xb7, 0x4a, 0xbb, 0x33, 0xb9, 0xd0,
289
+
0x83, 0xe0, 0xd7, 0x5a, 0x2d, 0x01, 0x4c, 0x61,
290
+
0x9e, 0x7d, 0x2d, 0x2d, 0x60, 0x29, 0x5e, 0x60,
291
+
0x10, 0xb7, 0x41, 0x00, 0x3f, 0xe5, 0xf7, 0x52,
292
+
},
293
+
},
294
+
{
295
+
.data_len = 4224,
296
+
.digest = {
297
+
0xf8, 0xe5, 0x4b, 0xe5, 0x89, 0xf9, 0x1b, 0x43,
298
+
0xbb, 0x65, 0x3d, 0xa0, 0xb4, 0xdc, 0x04, 0x26,
299
+
0x68, 0x15, 0xae, 0x4d, 0xd6, 0x03, 0xb7, 0x27,
300
+
0x06, 0x8c, 0x2a, 0x82, 0x51, 0x96, 0xbf, 0x83,
301
+
0x38, 0x96, 0x21, 0x8a, 0xd9, 0xf9, 0x4e, 0x38,
302
+
0xc6, 0xb3, 0xbd, 0xfe, 0xd3, 0x49, 0x90, 0xbc,
303
+
0xa1, 0x77, 0xd0, 0xa0, 0x3c, 0x2b, 0x4e, 0x10,
304
+
0x34, 0xc3, 0x17, 0x85, 0x3d, 0xec, 0xa8, 0x05,
305
+
},
306
+
},
307
+
{
308
+
.data_len = 16384,
309
+
.digest = {
310
+
0x38, 0x56, 0xaf, 0x83, 0x68, 0x9c, 0xba, 0xe3,
311
+
0xec, 0x51, 0xf5, 0xf4, 0x93, 0x48, 0x1d, 0xe6,
312
+
0xad, 0xa8, 0x8c, 0x70, 0x2a, 0xd9, 0xaa, 0x43,
313
+
0x04, 0x40, 0x95, 0xc1, 0xe6, 0x8a, 0xf5, 0x01,
314
+
0x6b, 0x79, 0xd9, 0xb4, 0xd0, 0x1d, 0x93, 0x26,
315
+
0xfe, 0xf5, 0x07, 0x57, 0xda, 0x08, 0x0a, 0x82,
316
+
0xc9, 0x17, 0x13, 0x5b, 0x9e, 0x11, 0x96, 0xa5,
317
+
0xd0, 0x92, 0xcd, 0xf1, 0xa3, 0x5b, 0x43, 0x21,
318
+
},
319
+
},
320
+
};
321
+
322
+
static const u8 hash_testvec_consolidated[BLAKE2B_HASH_SIZE] = {
323
+
0xa4, 0xf8, 0xf6, 0xa1, 0x36, 0x89, 0xc0, 0x2a,
324
+
0xc3, 0x42, 0x32, 0x71, 0xe5, 0xea, 0x14, 0x77,
325
+
0xf3, 0x99, 0x91, 0x87, 0x49, 0xc2, 0x8d, 0xa5,
326
+
0x2f, 0xed, 0x01, 0x35, 0x39, 0x64, 0x09, 0x25,
327
+
0xe3, 0xa8, 0x50, 0x97, 0x35, 0x8b, 0xf5, 0x19,
328
+
0x1e, 0xd5, 0x9f, 0x03, 0x0b, 0x65, 0x55, 0x0e,
329
+
0xa0, 0xb7, 0xda, 0x18, 0x7b, 0x7f, 0x88, 0x55,
330
+
0x1f, 0xdb, 0x82, 0x6b, 0x98, 0x90, 0x1c, 0xdd,
331
+
};
332
+
333
+
static const u8 blake2b_keyed_testvec_consolidated[BLAKE2B_HASH_SIZE] = {
334
+
0x2b, 0x89, 0x36, 0x3a, 0x36, 0xe4, 0x18, 0x38,
335
+
0xc4, 0x5b, 0x5c, 0xa5, 0x9a, 0xed, 0xf2, 0xee,
336
+
0x5a, 0xb6, 0x82, 0x6c, 0x63, 0xf2, 0x29, 0x57,
337
+
0xc7, 0xd5, 0x32, 0x27, 0xba, 0x88, 0xb1, 0xab,
338
+
0xf2, 0x2a, 0xc1, 0xea, 0xf3, 0x91, 0x89, 0x66,
339
+
0x47, 0x1e, 0x5b, 0xc6, 0x98, 0x12, 0xe9, 0x25,
340
+
0xbf, 0x72, 0xd2, 0x3f, 0x88, 0x97, 0x17, 0x51,
341
+
0xed, 0x96, 0xfb, 0xe9, 0xca, 0x52, 0x42, 0xc9,
342
+
};
+133
lib/crypto/tests/blake2b_kunit.c
+133
lib/crypto/tests/blake2b_kunit.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-or-later
2
+
/*
3
+
* Copyright 2025 Google LLC
4
+
*/
5
+
#include <crypto/blake2b.h>
6
+
#include "blake2b-testvecs.h"
7
+
8
+
/*
9
+
* The following are compatibility functions that present BLAKE2b as an unkeyed
10
+
* hash function that produces hashes of fixed length BLAKE2B_HASH_SIZE, so that
11
+
* hash-test-template.h can be reused to test it.
12
+
*/
13
+
14
+
static void blake2b_default(const u8 *data, size_t len,
15
+
u8 out[BLAKE2B_HASH_SIZE])
16
+
{
17
+
blake2b(NULL, 0, data, len, out, BLAKE2B_HASH_SIZE);
18
+
}
19
+
20
+
static void blake2b_init_default(struct blake2b_ctx *ctx)
21
+
{
22
+
blake2b_init(ctx, BLAKE2B_HASH_SIZE);
23
+
}
24
+
25
+
/*
26
+
* Generate the HASH_KUNIT_CASES using hash-test-template.h. These test BLAKE2b
27
+
* with a key length of 0 and a hash length of BLAKE2B_HASH_SIZE.
28
+
*/
29
+
#define HASH blake2b_default
30
+
#define HASH_CTX blake2b_ctx
31
+
#define HASH_SIZE BLAKE2B_HASH_SIZE
32
+
#define HASH_INIT blake2b_init_default
33
+
#define HASH_UPDATE blake2b_update
34
+
#define HASH_FINAL blake2b_final
35
+
#include "hash-test-template.h"
36
+
37
+
/*
38
+
* BLAKE2b specific test case which tests all possible combinations of key
39
+
* length and hash length.
40
+
*/
41
+
static void test_blake2b_all_key_and_hash_lens(struct kunit *test)
42
+
{
43
+
const size_t data_len = 100;
44
+
u8 *data = &test_buf[0];
45
+
u8 *key = data + data_len;
46
+
u8 *hash = key + BLAKE2B_KEY_SIZE;
47
+
struct blake2b_ctx main_ctx;
48
+
u8 main_hash[BLAKE2B_HASH_SIZE];
49
+
50
+
rand_bytes_seeded_from_len(data, data_len);
51
+
blake2b_init(&main_ctx, BLAKE2B_HASH_SIZE);
52
+
for (int key_len = 0; key_len <= BLAKE2B_KEY_SIZE; key_len++) {
53
+
rand_bytes_seeded_from_len(key, key_len);
54
+
for (int out_len = 1; out_len <= BLAKE2B_HASH_SIZE; out_len++) {
55
+
blake2b(key, key_len, data, data_len, hash, out_len);
56
+
blake2b_update(&main_ctx, hash, out_len);
57
+
}
58
+
}
59
+
blake2b_final(&main_ctx, main_hash);
60
+
KUNIT_ASSERT_MEMEQ(test, main_hash, blake2b_keyed_testvec_consolidated,
61
+
BLAKE2B_HASH_SIZE);
62
+
}
63
+
64
+
/*
65
+
* BLAKE2b specific test case which tests using a guarded buffer for all allowed
66
+
* key lengths. Also tests both blake2b() and blake2b_init_key().
67
+
*/
68
+
static void test_blake2b_with_guarded_key_buf(struct kunit *test)
69
+
{
70
+
const size_t data_len = 100;
71
+
72
+
rand_bytes(test_buf, data_len);
73
+
for (int key_len = 0; key_len <= BLAKE2B_KEY_SIZE; key_len++) {
74
+
u8 key[BLAKE2B_KEY_SIZE];
75
+
u8 *guarded_key = &test_buf[TEST_BUF_LEN - key_len];
76
+
u8 hash1[BLAKE2B_HASH_SIZE];
77
+
u8 hash2[BLAKE2B_HASH_SIZE];
78
+
struct blake2b_ctx ctx;
79
+
80
+
rand_bytes(key, key_len);
81
+
memcpy(guarded_key, key, key_len);
82
+
83
+
blake2b(key, key_len, test_buf, data_len,
84
+
hash1, BLAKE2B_HASH_SIZE);
85
+
blake2b(guarded_key, key_len, test_buf, data_len,
86
+
hash2, BLAKE2B_HASH_SIZE);
87
+
KUNIT_ASSERT_MEMEQ(test, hash1, hash2, BLAKE2B_HASH_SIZE);
88
+
89
+
blake2b_init_key(&ctx, BLAKE2B_HASH_SIZE, guarded_key, key_len);
90
+
blake2b_update(&ctx, test_buf, data_len);
91
+
blake2b_final(&ctx, hash2);
92
+
KUNIT_ASSERT_MEMEQ(test, hash1, hash2, BLAKE2B_HASH_SIZE);
93
+
}
94
+
}
95
+
96
+
/*
97
+
* BLAKE2b specific test case which tests using a guarded output buffer for all
98
+
* allowed output lengths.
99
+
*/
100
+
static void test_blake2b_with_guarded_out_buf(struct kunit *test)
101
+
{
102
+
const size_t data_len = 100;
103
+
104
+
rand_bytes(test_buf, data_len);
105
+
for (int out_len = 1; out_len <= BLAKE2B_HASH_SIZE; out_len++) {
106
+
u8 hash[BLAKE2B_HASH_SIZE];
107
+
u8 *guarded_hash = &test_buf[TEST_BUF_LEN - out_len];
108
+
109
+
blake2b(NULL, 0, test_buf, data_len, hash, out_len);
110
+
blake2b(NULL, 0, test_buf, data_len, guarded_hash, out_len);
111
+
KUNIT_ASSERT_MEMEQ(test, hash, guarded_hash, out_len);
112
+
}
113
+
}
114
+
115
+
static struct kunit_case blake2b_test_cases[] = {
116
+
HASH_KUNIT_CASES,
117
+
KUNIT_CASE(test_blake2b_all_key_and_hash_lens),
118
+
KUNIT_CASE(test_blake2b_with_guarded_key_buf),
119
+
KUNIT_CASE(test_blake2b_with_guarded_out_buf),
120
+
KUNIT_CASE(benchmark_hash),
121
+
{},
122
+
};
123
+
124
+
static struct kunit_suite blake2b_test_suite = {
125
+
.name = "blake2b",
126
+
.test_cases = blake2b_test_cases,
127
+
.suite_init = hash_suite_init,
128
+
.suite_exit = hash_suite_exit,
129
+
};
130
+
kunit_test_suite(blake2b_test_suite);
131
+
132
+
MODULE_DESCRIPTION("KUnit tests and benchmark for BLAKE2b");
133
+
MODULE_LICENSE("GPL");
+186
lib/crypto/tests/polyval-testvecs.h
+186
lib/crypto/tests/polyval-testvecs.h
···
1
+
/* SPDX-License-Identifier: GPL-2.0-or-later */
2
+
/* This file was generated by: ./scripts/crypto/gen-hash-testvecs.py polyval */
3
+
4
+
static const struct {
5
+
size_t data_len;
6
+
u8 digest[POLYVAL_DIGEST_SIZE];
7
+
} hash_testvecs[] = {
8
+
{
9
+
.data_len = 0,
10
+
.digest = {
11
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
12
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
13
+
},
14
+
},
15
+
{
16
+
.data_len = 1,
17
+
.digest = {
18
+
0xb5, 0x51, 0x69, 0x89, 0xd4, 0x3c, 0x59, 0xca,
19
+
0x6a, 0x1c, 0x2a, 0xe9, 0xa1, 0x9c, 0x6c, 0x83,
20
+
},
21
+
},
22
+
{
23
+
.data_len = 2,
24
+
.digest = {
25
+
0xf4, 0x50, 0xaf, 0x07, 0xda, 0x42, 0xa7, 0x41,
26
+
0x4d, 0x24, 0x88, 0x87, 0xe3, 0x40, 0x73, 0x7c,
27
+
},
28
+
},
29
+
{
30
+
.data_len = 3,
31
+
.digest = {
32
+
0x9e, 0x88, 0x78, 0x71, 0x4c, 0x55, 0x87, 0xe8,
33
+
0xb4, 0x96, 0x3d, 0x56, 0xc8, 0xb2, 0xe1, 0x68,
34
+
},
35
+
},
36
+
{
37
+
.data_len = 16,
38
+
.digest = {
39
+
0x9e, 0x81, 0x37, 0x8f, 0x49, 0xf7, 0xa2, 0xe4,
40
+
0x04, 0x45, 0x12, 0x78, 0x45, 0x42, 0x27, 0xad,
41
+
},
42
+
},
43
+
{
44
+
.data_len = 32,
45
+
.digest = {
46
+
0x60, 0x19, 0xd0, 0xa4, 0xf0, 0xde, 0x9e, 0xe7,
47
+
0x6a, 0x89, 0x1a, 0xea, 0x80, 0x14, 0xa9, 0xa3,
48
+
},
49
+
},
50
+
{
51
+
.data_len = 48,
52
+
.digest = {
53
+
0x0c, 0xa2, 0x70, 0x4d, 0x7c, 0x89, 0xac, 0x41,
54
+
0xc2, 0x9e, 0x0d, 0x07, 0x07, 0x6a, 0x7f, 0xd5,
55
+
},
56
+
},
57
+
{
58
+
.data_len = 49,
59
+
.digest = {
60
+
0x91, 0xd3, 0xa9, 0x5c, 0x79, 0x3d, 0x6b, 0x84,
61
+
0x99, 0x54, 0xa7, 0xb4, 0x06, 0x66, 0xfd, 0x1c,
62
+
},
63
+
},
64
+
{
65
+
.data_len = 63,
66
+
.digest = {
67
+
0x29, 0x37, 0xb8, 0xe5, 0xd8, 0x27, 0x4d, 0xfb,
68
+
0x83, 0x4f, 0x67, 0xf7, 0xf9, 0xc1, 0x0a, 0x9d,
69
+
},
70
+
},
71
+
{
72
+
.data_len = 64,
73
+
.digest = {
74
+
0x17, 0xa9, 0x06, 0x2c, 0xf3, 0xe8, 0x2e, 0xa6,
75
+
0x6b, 0xb2, 0x1f, 0x5d, 0x94, 0x3c, 0x02, 0xa2,
76
+
},
77
+
},
78
+
{
79
+
.data_len = 65,
80
+
.digest = {
81
+
0x7c, 0x80, 0x74, 0xd7, 0xa1, 0x37, 0x30, 0x64,
82
+
0x3b, 0xa4, 0xa3, 0x98, 0xde, 0x47, 0x10, 0x23,
83
+
},
84
+
},
85
+
{
86
+
.data_len = 127,
87
+
.digest = {
88
+
0x27, 0x3a, 0xcf, 0xf5, 0xaf, 0x9f, 0xd8, 0xd8,
89
+
0x2d, 0x6a, 0x91, 0xfb, 0xb8, 0xfa, 0xbe, 0x0c,
90
+
},
91
+
},
92
+
{
93
+
.data_len = 128,
94
+
.digest = {
95
+
0x97, 0x6e, 0xc4, 0xbe, 0x6b, 0x15, 0xa6, 0x7c,
96
+
0xc4, 0xa2, 0xb8, 0x0a, 0x0e, 0x9c, 0xc7, 0x3a,
97
+
},
98
+
},
99
+
{
100
+
.data_len = 129,
101
+
.digest = {
102
+
0x2b, 0xc3, 0x98, 0xba, 0x6e, 0x42, 0xf8, 0x18,
103
+
0x85, 0x69, 0x15, 0x37, 0x10, 0x60, 0xe6, 0xac,
104
+
},
105
+
},
106
+
{
107
+
.data_len = 256,
108
+
.digest = {
109
+
0x88, 0x21, 0x77, 0x89, 0xd7, 0x93, 0x90, 0xfc,
110
+
0xf3, 0xb0, 0xe3, 0xfb, 0x14, 0xe2, 0xcf, 0x74,
111
+
},
112
+
},
113
+
{
114
+
.data_len = 511,
115
+
.digest = {
116
+
0x66, 0x3d, 0x3e, 0x08, 0xa0, 0x49, 0x81, 0x68,
117
+
0x3e, 0x3b, 0xc8, 0x80, 0x55, 0xd4, 0x15, 0xe9,
118
+
},
119
+
},
120
+
{
121
+
.data_len = 513,
122
+
.digest = {
123
+
0x05, 0xf5, 0x06, 0x66, 0xe7, 0x11, 0x08, 0x84,
124
+
0xff, 0x94, 0x50, 0x85, 0x65, 0x95, 0x2a, 0x20,
125
+
},
126
+
},
127
+
{
128
+
.data_len = 1000,
129
+
.digest = {
130
+
0xd3, 0xa0, 0x51, 0x69, 0xb5, 0x38, 0xae, 0x1b,
131
+
0xe1, 0xa2, 0x89, 0xc6, 0x8d, 0x2b, 0x62, 0x37,
132
+
},
133
+
},
134
+
{
135
+
.data_len = 3333,
136
+
.digest = {
137
+
0x37, 0x6d, 0x6a, 0x14, 0xdc, 0xa5, 0x37, 0xfc,
138
+
0xfe, 0x67, 0x76, 0xb2, 0x64, 0x68, 0x64, 0x05,
139
+
},
140
+
},
141
+
{
142
+
.data_len = 4096,
143
+
.digest = {
144
+
0xe3, 0x12, 0x0c, 0x58, 0x46, 0x45, 0x27, 0x7a,
145
+
0x0e, 0xa2, 0xfa, 0x2c, 0x35, 0x73, 0x6c, 0x94,
146
+
},
147
+
},
148
+
{
149
+
.data_len = 4128,
150
+
.digest = {
151
+
0x63, 0x0d, 0xa1, 0xbc, 0x6e, 0x3e, 0xd3, 0x1d,
152
+
0x28, 0x52, 0xd2, 0xf4, 0x30, 0x2d, 0xff, 0xc4,
153
+
},
154
+
},
155
+
{
156
+
.data_len = 4160,
157
+
.digest = {
158
+
0xb2, 0x91, 0x49, 0xe2, 0x02, 0x98, 0x00, 0x79,
159
+
0x71, 0xb9, 0xd7, 0xd4, 0xb5, 0x94, 0x6d, 0x7d,
160
+
},
161
+
},
162
+
{
163
+
.data_len = 4224,
164
+
.digest = {
165
+
0x58, 0x96, 0x48, 0x69, 0x05, 0x17, 0xe1, 0x6d,
166
+
0xbc, 0xf2, 0x3d, 0x10, 0x96, 0x00, 0x74, 0x58,
167
+
},
168
+
},
169
+
{
170
+
.data_len = 16384,
171
+
.digest = {
172
+
0x99, 0x3c, 0xcb, 0x4d, 0x64, 0xc9, 0xa9, 0x41,
173
+
0x52, 0x93, 0xfd, 0x65, 0xc4, 0xcc, 0xa5, 0xe5,
174
+
},
175
+
},
176
+
};
177
+
178
+
static const u8 hash_testvec_consolidated[POLYVAL_DIGEST_SIZE] = {
179
+
0xdf, 0x68, 0x52, 0x99, 0x92, 0xc3, 0xe8, 0x88,
180
+
0x29, 0x13, 0xc8, 0x35, 0x67, 0xa3, 0xd3, 0xad,
181
+
};
182
+
183
+
static const u8 polyval_allones_hashofhashes[POLYVAL_DIGEST_SIZE] = {
184
+
0xd5, 0xf7, 0xfd, 0xb2, 0xa6, 0xef, 0x0b, 0x85,
185
+
0x0d, 0x0a, 0x06, 0x10, 0xbc, 0x64, 0x94, 0x73,
186
+
};
+223
lib/crypto/tests/polyval_kunit.c
+223
lib/crypto/tests/polyval_kunit.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-or-later
2
+
/*
3
+
* Copyright 2025 Google LLC
4
+
*/
5
+
#include <crypto/polyval.h>
6
+
#include "polyval-testvecs.h"
7
+
8
+
/*
9
+
* A fixed key used when presenting POLYVAL as an unkeyed hash function in order
10
+
* to reuse hash-test-template.h. At the beginning of the test suite, this is
11
+
* initialized to a key prepared from bytes generated from a fixed seed.
12
+
*/
13
+
static struct polyval_key test_key;
14
+
15
+
static void polyval_init_withtestkey(struct polyval_ctx *ctx)
16
+
{
17
+
polyval_init(ctx, &test_key);
18
+
}
19
+
20
+
static void polyval_withtestkey(const u8 *data, size_t len,
21
+
u8 out[POLYVAL_BLOCK_SIZE])
22
+
{
23
+
polyval(&test_key, data, len, out);
24
+
}
25
+
26
+
/* Generate the HASH_KUNIT_CASES using hash-test-template.h. */
27
+
#define HASH polyval_withtestkey
28
+
#define HASH_CTX polyval_ctx
29
+
#define HASH_SIZE POLYVAL_BLOCK_SIZE
30
+
#define HASH_INIT polyval_init_withtestkey
31
+
#define HASH_UPDATE polyval_update
32
+
#define HASH_FINAL polyval_final
33
+
#include "hash-test-template.h"
34
+
35
+
/*
36
+
* Test an example from RFC8452 ("AES-GCM-SIV: Nonce Misuse-Resistant
37
+
* Authenticated Encryption") to ensure compatibility with that.
38
+
*/
39
+
static void test_polyval_rfc8452_testvec(struct kunit *test)
40
+
{
41
+
static const u8 raw_key[POLYVAL_BLOCK_SIZE] =
42
+
"\x31\x07\x28\xd9\x91\x1f\x1f\x38"
43
+
"\x37\xb2\x43\x16\xc3\xfa\xb9\xa0";
44
+
static const u8 data[48] =
45
+
"\x65\x78\x61\x6d\x70\x6c\x65\x00"
46
+
"\x00\x00\x00\x00\x00\x00\x00\x00"
47
+
"\x48\x65\x6c\x6c\x6f\x20\x77\x6f"
48
+
"\x72\x6c\x64\x00\x00\x00\x00\x00"
49
+
"\x38\x00\x00\x00\x00\x00\x00\x00"
50
+
"\x58\x00\x00\x00\x00\x00\x00\x00";
51
+
static const u8 expected_hash[POLYVAL_BLOCK_SIZE] =
52
+
"\xad\x7f\xcf\x0b\x51\x69\x85\x16"
53
+
"\x62\x67\x2f\x3c\x5f\x95\x13\x8f";
54
+
u8 hash[POLYVAL_BLOCK_SIZE];
55
+
struct polyval_key key;
56
+
57
+
polyval_preparekey(&key, raw_key);
58
+
polyval(&key, data, sizeof(data), hash);
59
+
KUNIT_ASSERT_MEMEQ(test, hash, expected_hash, sizeof(hash));
60
+
}
61
+
62
+
/*
63
+
* Test a key and messages containing all one bits. This is useful to detect
64
+
* overflow bugs in implementations that emulate carryless multiplication using
65
+
* a series of standard multiplications with the bits spread out.
66
+
*/
67
+
static void test_polyval_allones_key_and_message(struct kunit *test)
68
+
{
69
+
struct polyval_key key;
70
+
struct polyval_ctx hashofhashes_ctx;
71
+
u8 hash[POLYVAL_BLOCK_SIZE];
72
+
73
+
static_assert(TEST_BUF_LEN >= 4096);
74
+
memset(test_buf, 0xff, 4096);
75
+
76
+
polyval_preparekey(&key, test_buf);
77
+
polyval_init(&hashofhashes_ctx, &key);
78
+
for (size_t len = 0; len <= 4096; len += 16) {
79
+
polyval(&key, test_buf, len, hash);
80
+
polyval_update(&hashofhashes_ctx, hash, sizeof(hash));
81
+
}
82
+
polyval_final(&hashofhashes_ctx, hash);
83
+
KUNIT_ASSERT_MEMEQ(test, hash, polyval_allones_hashofhashes,
84
+
sizeof(hash));
85
+
}
86
+
87
+
#define MAX_LEN_FOR_KEY_CHECK 1024
88
+
89
+
/*
90
+
* Given two prepared keys which should be identical (but may differ in
91
+
* alignment and/or whether they are followed by a guard page or not), verify
92
+
* that they produce consistent results on various data lengths.
93
+
*/
94
+
static void check_key_consistency(struct kunit *test,
95
+
const struct polyval_key *key1,
96
+
const struct polyval_key *key2)
97
+
{
98
+
u8 *data = test_buf;
99
+
u8 hash1[POLYVAL_BLOCK_SIZE];
100
+
u8 hash2[POLYVAL_BLOCK_SIZE];
101
+
102
+
rand_bytes(data, MAX_LEN_FOR_KEY_CHECK);
103
+
KUNIT_ASSERT_MEMEQ(test, key1, key2, sizeof(*key1));
104
+
105
+
for (int i = 0; i < 100; i++) {
106
+
size_t len = rand_length(MAX_LEN_FOR_KEY_CHECK);
107
+
108
+
polyval(key1, data, len, hash1);
109
+
polyval(key2, data, len, hash2);
110
+
KUNIT_ASSERT_MEMEQ(test, hash1, hash2, sizeof(hash1));
111
+
}
112
+
}
113
+
114
+
/* Test that no buffer overreads occur on either raw_key or polyval_key. */
115
+
static void test_polyval_with_guarded_key(struct kunit *test)
116
+
{
117
+
u8 raw_key[POLYVAL_BLOCK_SIZE];
118
+
u8 *guarded_raw_key = &test_buf[TEST_BUF_LEN - sizeof(raw_key)];
119
+
struct polyval_key key1, key2;
120
+
struct polyval_key *guarded_key =
121
+
(struct polyval_key *)&test_buf[TEST_BUF_LEN - sizeof(key1)];
122
+
123
+
/* Prepare with regular buffers. */
124
+
rand_bytes(raw_key, sizeof(raw_key));
125
+
polyval_preparekey(&key1, raw_key);
126
+
127
+
/* Prepare with guarded raw_key, then check that it works. */
128
+
memcpy(guarded_raw_key, raw_key, sizeof(raw_key));
129
+
polyval_preparekey(&key2, guarded_raw_key);
130
+
check_key_consistency(test, &key1, &key2);
131
+
132
+
/* Prepare guarded polyval_key, then check that it works. */
133
+
polyval_preparekey(guarded_key, raw_key);
134
+
check_key_consistency(test, &key1, guarded_key);
135
+
}
136
+
137
+
/*
138
+
* Test that polyval_key only needs to be aligned to
139
+
* __alignof__(struct polyval_key), i.e. 8 bytes. The assembly code may prefer
140
+
* 16-byte or higher alignment, but it musn't require it.
141
+
*/
142
+
static void test_polyval_with_minimally_aligned_key(struct kunit *test)
143
+
{
144
+
u8 raw_key[POLYVAL_BLOCK_SIZE];
145
+
struct polyval_key key;
146
+
struct polyval_key *minaligned_key =
147
+
(struct polyval_key *)&test_buf[MAX_LEN_FOR_KEY_CHECK +
148
+
__alignof__(struct polyval_key)];
149
+
150
+
KUNIT_ASSERT_TRUE(test, IS_ALIGNED((uintptr_t)minaligned_key,
151
+
__alignof__(struct polyval_key)));
152
+
KUNIT_ASSERT_TRUE(test,
153
+
!IS_ALIGNED((uintptr_t)minaligned_key,
154
+
2 * __alignof__(struct polyval_key)));
155
+
156
+
rand_bytes(raw_key, sizeof(raw_key));
157
+
polyval_preparekey(&key, raw_key);
158
+
polyval_preparekey(minaligned_key, raw_key);
159
+
check_key_consistency(test, &key, minaligned_key);
160
+
}
161
+
162
+
struct polyval_irq_test_state {
163
+
struct polyval_key expected_key;
164
+
u8 raw_key[POLYVAL_BLOCK_SIZE];
165
+
};
166
+
167
+
static bool polyval_irq_test_func(void *state_)
168
+
{
169
+
struct polyval_irq_test_state *state = state_;
170
+
struct polyval_key key;
171
+
172
+
polyval_preparekey(&key, state->raw_key);
173
+
return memcmp(&key, &state->expected_key, sizeof(key)) == 0;
174
+
}
175
+
176
+
/*
177
+
* Test that polyval_preparekey() produces the same output regardless of whether
178
+
* FPU or vector registers are usable when it is called.
179
+
*/
180
+
static void test_polyval_preparekey_in_irqs(struct kunit *test)
181
+
{
182
+
struct polyval_irq_test_state state;
183
+
184
+
rand_bytes(state.raw_key, sizeof(state.raw_key));
185
+
polyval_preparekey(&state.expected_key, state.raw_key);
186
+
kunit_run_irq_test(test, polyval_irq_test_func, 20000, &state);
187
+
}
188
+
189
+
static int polyval_suite_init(struct kunit_suite *suite)
190
+
{
191
+
u8 raw_key[POLYVAL_BLOCK_SIZE];
192
+
193
+
rand_bytes_seeded_from_len(raw_key, sizeof(raw_key));
194
+
polyval_preparekey(&test_key, raw_key);
195
+
return hash_suite_init(suite);
196
+
}
197
+
198
+
static void polyval_suite_exit(struct kunit_suite *suite)
199
+
{
200
+
hash_suite_exit(suite);
201
+
}
202
+
203
+
static struct kunit_case polyval_test_cases[] = {
204
+
HASH_KUNIT_CASES,
205
+
KUNIT_CASE(test_polyval_rfc8452_testvec),
206
+
KUNIT_CASE(test_polyval_allones_key_and_message),
207
+
KUNIT_CASE(test_polyval_with_guarded_key),
208
+
KUNIT_CASE(test_polyval_with_minimally_aligned_key),
209
+
KUNIT_CASE(test_polyval_preparekey_in_irqs),
210
+
KUNIT_CASE(benchmark_hash),
211
+
{},
212
+
};
213
+
214
+
static struct kunit_suite polyval_test_suite = {
215
+
.name = "polyval",
216
+
.test_cases = polyval_test_cases,
217
+
.suite_init = polyval_suite_init,
218
+
.suite_exit = polyval_suite_exit,
219
+
};
220
+
kunit_test_suite(polyval_test_suite);
221
+
222
+
MODULE_DESCRIPTION("KUnit tests and benchmark for POLYVAL");
223
+
MODULE_LICENSE("GPL");
+249
lib/crypto/tests/sha3-testvecs.h
+249
lib/crypto/tests/sha3-testvecs.h
···
1
+
/* SPDX-License-Identifier: GPL-2.0-or-later */
2
+
/* This file was generated by: ./scripts/crypto/gen-hash-testvecs.py sha3 */
3
+
4
+
/* SHA3-256 test vectors */
5
+
6
+
static const struct {
7
+
size_t data_len;
8
+
u8 digest[SHA3_256_DIGEST_SIZE];
9
+
} hash_testvecs[] = {
10
+
{
11
+
.data_len = 0,
12
+
.digest = {
13
+
0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66,
14
+
0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62,
15
+
0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa,
16
+
0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a,
17
+
},
18
+
},
19
+
{
20
+
.data_len = 1,
21
+
.digest = {
22
+
0x11, 0x03, 0xe7, 0x84, 0x51, 0x50, 0x86, 0x35,
23
+
0x71, 0x8a, 0x70, 0xe3, 0xc4, 0x26, 0x7b, 0x21,
24
+
0x02, 0x13, 0xa0, 0x81, 0xe8, 0xe6, 0x14, 0x25,
25
+
0x07, 0x34, 0xe5, 0xc5, 0x40, 0x06, 0xf2, 0x8b,
26
+
},
27
+
},
28
+
{
29
+
.data_len = 2,
30
+
.digest = {
31
+
0x2f, 0x6f, 0x6d, 0x47, 0x48, 0x52, 0x11, 0xb9,
32
+
0xe4, 0x3d, 0xc8, 0x71, 0xcf, 0xb2, 0xee, 0xae,
33
+
0x5b, 0xf4, 0x12, 0x84, 0x5b, 0x1c, 0xec, 0x6c,
34
+
0xc1, 0x66, 0x88, 0xaa, 0xc3, 0x40, 0xbd, 0x7e,
35
+
},
36
+
},
37
+
{
38
+
.data_len = 3,
39
+
.digest = {
40
+
0xec, 0x02, 0xe8, 0x81, 0x4f, 0x84, 0x41, 0x69,
41
+
0x06, 0xd8, 0xdc, 0x1d, 0x01, 0x78, 0xd7, 0xcb,
42
+
0x39, 0xdf, 0xd3, 0x12, 0x1c, 0x99, 0xfd, 0xf3,
43
+
0x5c, 0x83, 0xc9, 0xc2, 0x7a, 0x7b, 0x6a, 0x05,
44
+
},
45
+
},
46
+
{
47
+
.data_len = 16,
48
+
.digest = {
49
+
0xff, 0x6f, 0xc3, 0x41, 0xc3, 0x5f, 0x34, 0x6d,
50
+
0xa7, 0xdf, 0x3e, 0xc2, 0x8b, 0x29, 0xb6, 0xf1,
51
+
0xf8, 0x67, 0xfd, 0xcd, 0xb1, 0x9f, 0x38, 0x08,
52
+
0x1d, 0x8d, 0xd9, 0xc2, 0x43, 0x66, 0x18, 0x6c,
53
+
},
54
+
},
55
+
{
56
+
.data_len = 32,
57
+
.digest = {
58
+
0xe4, 0xb1, 0x06, 0x17, 0xf8, 0x8b, 0x91, 0x95,
59
+
0xe7, 0x57, 0x66, 0xac, 0x08, 0xb2, 0x03, 0x3e,
60
+
0xf7, 0x84, 0x1f, 0xe3, 0x25, 0xa3, 0x11, 0xd2,
61
+
0x11, 0xa4, 0x78, 0x74, 0x2a, 0x43, 0x20, 0xa5,
62
+
},
63
+
},
64
+
{
65
+
.data_len = 48,
66
+
.digest = {
67
+
0xeb, 0x57, 0x5f, 0x20, 0xa3, 0x6b, 0xc7, 0xb4,
68
+
0x66, 0x2a, 0xa0, 0x30, 0x3b, 0x52, 0x00, 0xc9,
69
+
0xce, 0x6a, 0xd8, 0x1e, 0xbe, 0xed, 0xa1, 0xd1,
70
+
0xbe, 0x63, 0xc7, 0xe1, 0xe2, 0x66, 0x67, 0x0c,
71
+
},
72
+
},
73
+
{
74
+
.data_len = 49,
75
+
.digest = {
76
+
0xf0, 0x67, 0xad, 0x66, 0xbe, 0xec, 0x5a, 0xfd,
77
+
0x29, 0xd2, 0x4f, 0x1d, 0xb2, 0x24, 0xb8, 0x90,
78
+
0x05, 0x28, 0x0e, 0x66, 0x67, 0x74, 0x2d, 0xee,
79
+
0x66, 0x25, 0x11, 0xd1, 0x76, 0xa2, 0xfc, 0x3a,
80
+
},
81
+
},
82
+
{
83
+
.data_len = 63,
84
+
.digest = {
85
+
0x57, 0x56, 0x21, 0xb3, 0x2d, 0x2d, 0xe1, 0x9d,
86
+
0xbf, 0x2c, 0x82, 0xa8, 0xad, 0x7e, 0x6c, 0x46,
87
+
0xfb, 0x30, 0xeb, 0xce, 0xcf, 0xed, 0x2d, 0x65,
88
+
0xe7, 0xe4, 0x96, 0x69, 0xe0, 0x48, 0xd2, 0xb6,
89
+
},
90
+
},
91
+
{
92
+
.data_len = 64,
93
+
.digest = {
94
+
0x7b, 0xba, 0x67, 0x15, 0xe5, 0x21, 0xc4, 0x69,
95
+
0xd3, 0xef, 0x5c, 0x97, 0x9f, 0x5b, 0xba, 0x9c,
96
+
0xfa, 0x55, 0x64, 0xec, 0xb5, 0x37, 0x53, 0x1b,
97
+
0x3f, 0x4c, 0x0a, 0xed, 0x51, 0x98, 0x2b, 0x52,
98
+
},
99
+
},
100
+
{
101
+
.data_len = 65,
102
+
.digest = {
103
+
0x44, 0xb6, 0x6b, 0x83, 0x09, 0x83, 0x55, 0x83,
104
+
0xde, 0x1f, 0xcc, 0x33, 0xef, 0xdc, 0x05, 0xbb,
105
+
0x3b, 0x63, 0x76, 0x45, 0xe4, 0x8e, 0x14, 0x7a,
106
+
0x2d, 0xae, 0x90, 0xce, 0x68, 0xc3, 0xa4, 0xf2,
107
+
},
108
+
},
109
+
{
110
+
.data_len = 127,
111
+
.digest = {
112
+
0x50, 0x3e, 0x99, 0x4e, 0x28, 0x2b, 0xc9, 0xf4,
113
+
0xf5, 0xeb, 0x2b, 0x16, 0x04, 0x2d, 0xf5, 0xbe,
114
+
0xc0, 0x91, 0x41, 0x2a, 0x8e, 0x69, 0x5e, 0x39,
115
+
0x53, 0x2c, 0xc1, 0x18, 0xa5, 0xeb, 0xd8, 0xda,
116
+
},
117
+
},
118
+
{
119
+
.data_len = 128,
120
+
.digest = {
121
+
0x90, 0x0b, 0xa6, 0x92, 0x84, 0x30, 0xaf, 0xee,
122
+
0x38, 0x59, 0x83, 0x83, 0xe9, 0xfe, 0xab, 0x86,
123
+
0x79, 0x1b, 0xcd, 0xe7, 0x0a, 0x0f, 0x58, 0x53,
124
+
0x36, 0xab, 0x12, 0xe1, 0x5c, 0x97, 0xc1, 0xfb,
125
+
},
126
+
},
127
+
{
128
+
.data_len = 129,
129
+
.digest = {
130
+
0x2b, 0x52, 0x1e, 0x54, 0xbe, 0x38, 0x4c, 0x3e,
131
+
0x73, 0x37, 0x18, 0xf5, 0x25, 0x2c, 0xc8, 0xc7,
132
+
0xda, 0x7e, 0xb6, 0x47, 0x9d, 0xf4, 0x46, 0xce,
133
+
0xfa, 0x80, 0x20, 0x6b, 0xbd, 0xfd, 0x2a, 0xd8,
134
+
},
135
+
},
136
+
{
137
+
.data_len = 256,
138
+
.digest = {
139
+
0x45, 0xf0, 0xf5, 0x9b, 0xd9, 0x91, 0x26, 0xd5,
140
+
0x91, 0x3b, 0xf8, 0x87, 0x8b, 0x34, 0x02, 0x31,
141
+
0x64, 0xab, 0xf4, 0x1c, 0x6e, 0x34, 0x72, 0xdf,
142
+
0x32, 0x6d, 0xe5, 0xd2, 0x67, 0x5e, 0x86, 0x93,
143
+
},
144
+
},
145
+
{
146
+
.data_len = 511,
147
+
.digest = {
148
+
0xb3, 0xaf, 0x71, 0x64, 0xfa, 0xd4, 0xf1, 0x07,
149
+
0x38, 0xef, 0x04, 0x8e, 0x89, 0xf4, 0x02, 0xd2,
150
+
0xa5, 0xaf, 0x3b, 0xf5, 0x67, 0x56, 0xcf, 0xa9,
151
+
0x8e, 0x43, 0xf5, 0xb5, 0xe3, 0x91, 0x8e, 0xe7,
152
+
},
153
+
},
154
+
{
155
+
.data_len = 513,
156
+
.digest = {
157
+
0x51, 0xac, 0x0a, 0x65, 0xb7, 0x96, 0x20, 0xcf,
158
+
0x88, 0xf6, 0x97, 0x35, 0x89, 0x0d, 0x31, 0x0f,
159
+
0xbe, 0x17, 0xbe, 0x62, 0x03, 0x67, 0xc0, 0xee,
160
+
0x4f, 0xc1, 0xe3, 0x7f, 0x6f, 0xab, 0xac, 0xb4,
161
+
},
162
+
},
163
+
{
164
+
.data_len = 1000,
165
+
.digest = {
166
+
0x7e, 0xea, 0xa8, 0xd7, 0xde, 0x20, 0x1b, 0x58,
167
+
0x24, 0xd8, 0x26, 0x40, 0x36, 0x5f, 0x3f, 0xaa,
168
+
0xe5, 0x5a, 0xea, 0x98, 0x58, 0xd4, 0xd6, 0xfc,
169
+
0x20, 0x4c, 0x5c, 0x4f, 0xaf, 0x56, 0xc7, 0xc3,
170
+
},
171
+
},
172
+
{
173
+
.data_len = 3333,
174
+
.digest = {
175
+
0x61, 0xb1, 0xb1, 0x3e, 0x0e, 0x7e, 0x90, 0x3d,
176
+
0x31, 0x54, 0xbd, 0xc9, 0x0d, 0x53, 0x62, 0xf1,
177
+
0xcd, 0x18, 0x80, 0xf9, 0x91, 0x75, 0x41, 0xb3,
178
+
0x51, 0x39, 0x57, 0xa7, 0xa8, 0x1e, 0xfb, 0xc9,
179
+
},
180
+
},
181
+
{
182
+
.data_len = 4096,
183
+
.digest = {
184
+
0xab, 0x29, 0xda, 0x10, 0xc4, 0x11, 0x2d, 0x5c,
185
+
0xd1, 0xce, 0x1c, 0x95, 0xfa, 0xc6, 0xc7, 0xb0,
186
+
0x1b, 0xd1, 0xdc, 0x6f, 0xa0, 0x9d, 0x1b, 0x23,
187
+
0xfb, 0x6e, 0x90, 0x97, 0xd0, 0x75, 0x44, 0x7a,
188
+
},
189
+
},
190
+
{
191
+
.data_len = 4128,
192
+
.digest = {
193
+
0x02, 0x45, 0x95, 0xf4, 0x19, 0xb5, 0x93, 0x29,
194
+
0x90, 0xf2, 0x63, 0x3f, 0x89, 0xe8, 0xa5, 0x31,
195
+
0x76, 0xf2, 0x89, 0x79, 0x66, 0xd3, 0x96, 0xdf,
196
+
0x33, 0xd1, 0xa6, 0x17, 0x73, 0xb1, 0xd0, 0x45,
197
+
},
198
+
},
199
+
{
200
+
.data_len = 4160,
201
+
.digest = {
202
+
0xd1, 0x8e, 0x22, 0xea, 0x44, 0x87, 0x6e, 0x9d,
203
+
0xfb, 0x36, 0x02, 0x20, 0x63, 0xb7, 0x69, 0x45,
204
+
0x25, 0x41, 0x69, 0xe0, 0x9b, 0x87, 0xcf, 0xa3,
205
+
0x51, 0xbb, 0xfc, 0x8d, 0xf7, 0x29, 0xa7, 0xea,
206
+
},
207
+
},
208
+
{
209
+
.data_len = 4224,
210
+
.digest = {
211
+
0x11, 0x86, 0x7d, 0x84, 0xf9, 0x8c, 0x6e, 0xc4,
212
+
0x64, 0x36, 0xc6, 0xf3, 0x42, 0x92, 0x31, 0x2b,
213
+
0x1e, 0x12, 0xe6, 0x4d, 0xbe, 0xfa, 0x77, 0x3f,
214
+
0x89, 0x41, 0x33, 0x58, 0x1c, 0x98, 0x16, 0x0a,
215
+
},
216
+
},
217
+
{
218
+
.data_len = 16384,
219
+
.digest = {
220
+
0xb2, 0xba, 0x0c, 0x8c, 0x9d, 0xbb, 0x1e, 0xb0,
221
+
0x03, 0xb5, 0xdf, 0x4f, 0xf5, 0x35, 0xdb, 0xec,
222
+
0x60, 0xf2, 0x5b, 0xb6, 0xd0, 0x49, 0xd3, 0xed,
223
+
0x55, 0xc0, 0x7a, 0xd7, 0xaf, 0xa1, 0xea, 0x53,
224
+
},
225
+
},
226
+
};
227
+
228
+
static const u8 hash_testvec_consolidated[SHA3_256_DIGEST_SIZE] = {
229
+
0x3b, 0x33, 0x67, 0xf8, 0xea, 0x92, 0x78, 0x62,
230
+
0xdd, 0xbe, 0x72, 0x15, 0xbd, 0x6f, 0xfa, 0xe5,
231
+
0x5e, 0xab, 0x9f, 0xb1, 0xe4, 0x23, 0x7c, 0x2c,
232
+
0x80, 0xcf, 0x09, 0x75, 0xf8, 0xe2, 0xfa, 0x30,
233
+
};
234
+
235
+
/* SHAKE test vectors */
236
+
237
+
static const u8 shake128_testvec_consolidated[SHA3_256_DIGEST_SIZE] = {
238
+
0x89, 0x88, 0x3a, 0x44, 0xec, 0xfe, 0x3c, 0xeb,
239
+
0x2f, 0x1c, 0x1d, 0xda, 0x9e, 0x36, 0x64, 0xf0,
240
+
0x85, 0x4c, 0x49, 0x12, 0x76, 0x5a, 0x4d, 0xe7,
241
+
0xa8, 0xfd, 0xcd, 0xbe, 0x45, 0xb4, 0x6f, 0xb0,
242
+
};
243
+
244
+
static const u8 shake256_testvec_consolidated[SHA3_256_DIGEST_SIZE] = {
245
+
0x5a, 0xfd, 0x66, 0x62, 0x5c, 0x37, 0x2b, 0x41,
246
+
0x77, 0x1c, 0x01, 0x5d, 0x64, 0x7c, 0x63, 0x7a,
247
+
0x7c, 0x76, 0x9e, 0xa8, 0xd1, 0xb0, 0x8e, 0x02,
248
+
0x16, 0x9b, 0xfe, 0x0e, 0xb5, 0xd8, 0x6a, 0xb5,
249
+
};
+422
lib/crypto/tests/sha3_kunit.c
+422
lib/crypto/tests/sha3_kunit.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-or-later
2
+
/*
3
+
* Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
4
+
* Written by David Howells (dhowells@redhat.com)
5
+
*/
6
+
#include <crypto/sha3.h>
7
+
#include "sha3-testvecs.h"
8
+
9
+
#define HASH sha3_256
10
+
#define HASH_CTX sha3_ctx
11
+
#define HASH_SIZE SHA3_256_DIGEST_SIZE
12
+
#define HASH_INIT sha3_256_init
13
+
#define HASH_UPDATE sha3_update
14
+
#define HASH_FINAL sha3_final
15
+
#include "hash-test-template.h"
16
+
17
+
/*
18
+
* Sample message and the output generated for various algorithms by passing it
19
+
* into "openssl sha3-224" etc..
20
+
*/
21
+
static const u8 test_sha3_sample[] =
22
+
"The quick red fox jumped over the lazy brown dog!\n"
23
+
"The quick red fox jumped over the lazy brown dog!\n"
24
+
"The quick red fox jumped over the lazy brown dog!\n"
25
+
"The quick red fox jumped over the lazy brown dog!\n";
26
+
27
+
static const u8 test_sha3_224[8 + SHA3_224_DIGEST_SIZE + 8] = {
28
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */
29
+
0xd6, 0xe8, 0xd8, 0x80, 0xfa, 0x42, 0x80, 0x70,
30
+
0x7e, 0x7f, 0xd7, 0xd2, 0xd7, 0x7a, 0x35, 0x65,
31
+
0xf0, 0x0b, 0x4f, 0x9f, 0x2a, 0x33, 0xca, 0x0a,
32
+
0xef, 0xa6, 0x4c, 0xb8,
33
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */
34
+
};
35
+
36
+
static const u8 test_sha3_256[8 + SHA3_256_DIGEST_SIZE + 8] = {
37
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */
38
+
0xdb, 0x3b, 0xb0, 0xb8, 0x8d, 0x15, 0x78, 0xe5,
39
+
0x78, 0x76, 0x8e, 0x39, 0x7e, 0x89, 0x86, 0xb9,
40
+
0x14, 0x3a, 0x1e, 0xe7, 0x96, 0x7c, 0xf3, 0x25,
41
+
0x70, 0xbd, 0xc3, 0xa9, 0xae, 0x63, 0x71, 0x1d,
42
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */
43
+
};
44
+
45
+
static const u8 test_sha3_384[8 + SHA3_384_DIGEST_SIZE + 8] = {
46
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */
47
+
0x2d, 0x4b, 0x29, 0x85, 0x19, 0x94, 0xaa, 0x31,
48
+
0x9b, 0x04, 0x9d, 0x6e, 0x79, 0x66, 0xc7, 0x56,
49
+
0x8a, 0x2e, 0x99, 0x84, 0x06, 0xcf, 0x10, 0x2d,
50
+
0xec, 0xf0, 0x03, 0x04, 0x1f, 0xd5, 0x99, 0x63,
51
+
0x2f, 0xc3, 0x2b, 0x0d, 0xd9, 0x45, 0xf7, 0xbb,
52
+
0x0a, 0xc3, 0x46, 0xab, 0xfe, 0x4d, 0x94, 0xc2,
53
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */
54
+
};
55
+
56
+
static const u8 test_sha3_512[8 + SHA3_512_DIGEST_SIZE + 8] = {
57
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */
58
+
0xdd, 0x71, 0x3b, 0x44, 0xb6, 0x6c, 0xd7, 0x78,
59
+
0xe7, 0x93, 0xa1, 0x4c, 0xd7, 0x24, 0x16, 0xf1,
60
+
0xfd, 0xa2, 0x82, 0x4e, 0xed, 0x59, 0xe9, 0x83,
61
+
0x15, 0x38, 0x89, 0x7d, 0x39, 0x17, 0x0c, 0xb2,
62
+
0xcf, 0x12, 0x80, 0x78, 0xa1, 0x78, 0x41, 0xeb,
63
+
0xed, 0x21, 0x4c, 0xa4, 0x4a, 0x5f, 0x30, 0x1a,
64
+
0x70, 0x98, 0x4f, 0x14, 0xa2, 0xd1, 0x64, 0x1b,
65
+
0xc2, 0x0a, 0xff, 0x3b, 0xe8, 0x26, 0x41, 0x8f,
66
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */
67
+
};
68
+
69
+
static const u8 test_shake128[8 + SHAKE128_DEFAULT_SIZE + 8] = {
70
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */
71
+
0x41, 0xd6, 0xb8, 0x9c, 0xf8, 0xe8, 0x54, 0xf2,
72
+
0x5c, 0xde, 0x51, 0x12, 0xaf, 0x9e, 0x0d, 0x91,
73
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */
74
+
};
75
+
76
+
static const u8 test_shake256[8 + SHAKE256_DEFAULT_SIZE + 8] = {
77
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-before guard */
78
+
0xab, 0x06, 0xd4, 0xf9, 0x8b, 0xfd, 0xb2, 0xc4,
79
+
0xfe, 0xf1, 0xcc, 0xe2, 0x40, 0x45, 0xdd, 0x15,
80
+
0xcb, 0xdd, 0x02, 0x8d, 0xb7, 0x9f, 0x1e, 0x67,
81
+
0xd6, 0x7f, 0x98, 0x5e, 0x1b, 0x19, 0xf8, 0x01,
82
+
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Write-after guard */
83
+
};
84
+
85
+
static void test_sha3_224_basic(struct kunit *test)
86
+
{
87
+
u8 out[8 + SHA3_224_DIGEST_SIZE + 8];
88
+
89
+
BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_224));
90
+
91
+
memset(out, 0, sizeof(out));
92
+
sha3_224(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8);
93
+
94
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_224, sizeof(test_sha3_224),
95
+
"SHA3-224 gives wrong output");
96
+
}
97
+
98
+
static void test_sha3_256_basic(struct kunit *test)
99
+
{
100
+
u8 out[8 + SHA3_256_DIGEST_SIZE + 8];
101
+
102
+
BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_256));
103
+
104
+
memset(out, 0, sizeof(out));
105
+
sha3_256(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8);
106
+
107
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_256, sizeof(test_sha3_256),
108
+
"SHA3-256 gives wrong output");
109
+
}
110
+
111
+
static void test_sha3_384_basic(struct kunit *test)
112
+
{
113
+
u8 out[8 + SHA3_384_DIGEST_SIZE + 8];
114
+
115
+
BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_384));
116
+
117
+
memset(out, 0, sizeof(out));
118
+
sha3_384(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8);
119
+
120
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_384, sizeof(test_sha3_384),
121
+
"SHA3-384 gives wrong output");
122
+
}
123
+
124
+
static void test_sha3_512_basic(struct kunit *test)
125
+
{
126
+
u8 out[8 + SHA3_512_DIGEST_SIZE + 8];
127
+
128
+
BUILD_BUG_ON(sizeof(out) != sizeof(test_sha3_512));
129
+
130
+
memset(out, 0, sizeof(out));
131
+
sha3_512(test_sha3_sample, sizeof(test_sha3_sample) - 1, out + 8);
132
+
133
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_sha3_512, sizeof(test_sha3_512),
134
+
"SHA3-512 gives wrong output");
135
+
}
136
+
137
+
static void test_shake128_basic(struct kunit *test)
138
+
{
139
+
u8 out[8 + SHAKE128_DEFAULT_SIZE + 8];
140
+
141
+
BUILD_BUG_ON(sizeof(out) != sizeof(test_shake128));
142
+
143
+
memset(out, 0, sizeof(out));
144
+
shake128(test_sha3_sample, sizeof(test_sha3_sample) - 1,
145
+
out + 8, sizeof(out) - 16);
146
+
147
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake128, sizeof(test_shake128),
148
+
"SHAKE128 gives wrong output");
149
+
}
150
+
151
+
static void test_shake256_basic(struct kunit *test)
152
+
{
153
+
u8 out[8 + SHAKE256_DEFAULT_SIZE + 8];
154
+
155
+
BUILD_BUG_ON(sizeof(out) != sizeof(test_shake256));
156
+
157
+
memset(out, 0, sizeof(out));
158
+
shake256(test_sha3_sample, sizeof(test_sha3_sample) - 1,
159
+
out + 8, sizeof(out) - 16);
160
+
161
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256, sizeof(test_shake256),
162
+
"SHAKE256 gives wrong output");
163
+
}
164
+
165
+
/*
166
+
* Usable NIST tests.
167
+
*
168
+
* From: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
169
+
*/
170
+
static const u8 test_nist_1600_sample[] = {
171
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
172
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
173
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
174
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
175
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
176
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
177
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
178
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
179
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
180
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
181
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
182
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
183
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
184
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
185
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
186
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
187
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
188
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
189
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
190
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
191
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
192
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
193
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
194
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3,
195
+
0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3, 0xa3
196
+
};
197
+
198
+
static const u8 test_shake128_nist_0[] = {
199
+
0x7f, 0x9c, 0x2b, 0xa4, 0xe8, 0x8f, 0x82, 0x7d,
200
+
0x61, 0x60, 0x45, 0x50, 0x76, 0x05, 0x85, 0x3e
201
+
};
202
+
203
+
static const u8 test_shake128_nist_1600[] = {
204
+
0x13, 0x1a, 0xb8, 0xd2, 0xb5, 0x94, 0x94, 0x6b,
205
+
0x9c, 0x81, 0x33, 0x3f, 0x9b, 0xb6, 0xe0, 0xce,
206
+
};
207
+
208
+
static const u8 test_shake256_nist_0[] = {
209
+
0x46, 0xb9, 0xdd, 0x2b, 0x0b, 0xa8, 0x8d, 0x13,
210
+
0x23, 0x3b, 0x3f, 0xeb, 0x74, 0x3e, 0xeb, 0x24,
211
+
0x3f, 0xcd, 0x52, 0xea, 0x62, 0xb8, 0x1b, 0x82,
212
+
0xb5, 0x0c, 0x27, 0x64, 0x6e, 0xd5, 0x76, 0x2f
213
+
};
214
+
215
+
static const u8 test_shake256_nist_1600[] = {
216
+
0xcd, 0x8a, 0x92, 0x0e, 0xd1, 0x41, 0xaa, 0x04,
217
+
0x07, 0xa2, 0x2d, 0x59, 0x28, 0x86, 0x52, 0xe9,
218
+
0xd9, 0xf1, 0xa7, 0xee, 0x0c, 0x1e, 0x7c, 0x1c,
219
+
0xa6, 0x99, 0x42, 0x4d, 0xa8, 0x4a, 0x90, 0x4d,
220
+
};
221
+
222
+
static void test_shake128_nist(struct kunit *test)
223
+
{
224
+
u8 out[SHAKE128_DEFAULT_SIZE];
225
+
226
+
shake128("", 0, out, sizeof(out));
227
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake128_nist_0, sizeof(out),
228
+
"SHAKE128 gives wrong output for NIST.0");
229
+
230
+
shake128(test_nist_1600_sample, sizeof(test_nist_1600_sample),
231
+
out, sizeof(out));
232
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake128_nist_1600, sizeof(out),
233
+
"SHAKE128 gives wrong output for NIST.1600");
234
+
}
235
+
236
+
static void test_shake256_nist(struct kunit *test)
237
+
{
238
+
u8 out[SHAKE256_DEFAULT_SIZE];
239
+
240
+
shake256("", 0, out, sizeof(out));
241
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256_nist_0, sizeof(out),
242
+
"SHAKE256 gives wrong output for NIST.0");
243
+
244
+
shake256(test_nist_1600_sample, sizeof(test_nist_1600_sample),
245
+
out, sizeof(out));
246
+
KUNIT_ASSERT_MEMEQ_MSG(test, out, test_shake256_nist_1600, sizeof(out),
247
+
"SHAKE256 gives wrong output for NIST.1600");
248
+
}
249
+
250
+
static void shake(int alg, const u8 *in, size_t in_len, u8 *out, size_t out_len)
251
+
{
252
+
if (alg == 0)
253
+
shake128(in, in_len, out, out_len);
254
+
else
255
+
shake256(in, in_len, out, out_len);
256
+
}
257
+
258
+
static void shake_init(struct shake_ctx *ctx, int alg)
259
+
{
260
+
if (alg == 0)
261
+
shake128_init(ctx);
262
+
else
263
+
shake256_init(ctx);
264
+
}
265
+
266
+
/*
267
+
* Test each of SHAKE128 and SHAKE256 with all input lengths 0 through 4096, for
268
+
* both input and output. The input and output lengths cycle through the values
269
+
* together, so we do 4096 tests total. To verify all the SHAKE outputs,
270
+
* compute and verify the SHA3-256 digest of all of them concatenated together.
271
+
*/
272
+
static void test_shake_all_lens_up_to_4096(struct kunit *test)
273
+
{
274
+
struct sha3_ctx main_ctx;
275
+
const size_t max_len = 4096;
276
+
u8 *const in = test_buf;
277
+
u8 *const out = &test_buf[TEST_BUF_LEN - max_len];
278
+
u8 main_hash[SHA3_256_DIGEST_SIZE];
279
+
280
+
KUNIT_ASSERT_LE(test, 2 * max_len, TEST_BUF_LEN);
281
+
282
+
rand_bytes_seeded_from_len(in, max_len);
283
+
for (int alg = 0; alg < 2; alg++) {
284
+
sha3_256_init(&main_ctx);
285
+
for (size_t in_len = 0; in_len <= max_len; in_len++) {
286
+
size_t out_len = (in_len * 293) % (max_len + 1);
287
+
288
+
shake(alg, in, in_len, out, out_len);
289
+
sha3_update(&main_ctx, out, out_len);
290
+
}
291
+
sha3_final(&main_ctx, main_hash);
292
+
if (alg == 0)
293
+
KUNIT_ASSERT_MEMEQ_MSG(test, main_hash,
294
+
shake128_testvec_consolidated,
295
+
sizeof(main_hash),
296
+
"shake128() gives wrong output");
297
+
else
298
+
KUNIT_ASSERT_MEMEQ_MSG(test, main_hash,
299
+
shake256_testvec_consolidated,
300
+
sizeof(main_hash),
301
+
"shake256() gives wrong output");
302
+
}
303
+
}
304
+
305
+
/*
306
+
* Test that a sequence of SHAKE squeezes gives the same output as a single
307
+
* squeeze of the same total length.
308
+
*/
309
+
static void test_shake_multiple_squeezes(struct kunit *test)
310
+
{
311
+
const size_t max_len = 512;
312
+
u8 *ref_out;
313
+
314
+
KUNIT_ASSERT_GE(test, TEST_BUF_LEN, 2 * max_len);
315
+
316
+
ref_out = kunit_kzalloc(test, max_len, GFP_KERNEL);
317
+
KUNIT_ASSERT_NOT_NULL(test, ref_out);
318
+
319
+
for (int i = 0; i < 2000; i++) {
320
+
const int alg = rand32() % 2;
321
+
const size_t in_len = rand_length(max_len);
322
+
const size_t out_len = rand_length(max_len);
323
+
const size_t in_offs = rand_offset(max_len - in_len);
324
+
const size_t out_offs = rand_offset(max_len - out_len);
325
+
u8 *const in = &test_buf[in_offs];
326
+
u8 *const out = &test_buf[out_offs];
327
+
struct shake_ctx ctx;
328
+
size_t remaining_len, j, num_parts;
329
+
330
+
rand_bytes(in, in_len);
331
+
rand_bytes(out, out_len);
332
+
333
+
/* Compute the output using the one-shot function. */
334
+
shake(alg, in, in_len, ref_out, out_len);
335
+
336
+
/* Compute the output using a random sequence of squeezes. */
337
+
shake_init(&ctx, alg);
338
+
shake_update(&ctx, in, in_len);
339
+
remaining_len = out_len;
340
+
j = 0;
341
+
num_parts = 0;
342
+
while (rand_bool()) {
343
+
size_t part_len = rand_length(remaining_len);
344
+
345
+
shake_squeeze(&ctx, &out[j], part_len);
346
+
num_parts++;
347
+
j += part_len;
348
+
remaining_len -= part_len;
349
+
}
350
+
if (remaining_len != 0 || rand_bool()) {
351
+
shake_squeeze(&ctx, &out[j], remaining_len);
352
+
num_parts++;
353
+
}
354
+
355
+
/* Verify that the outputs are the same. */
356
+
KUNIT_ASSERT_MEMEQ_MSG(
357
+
test, out, ref_out, out_len,
358
+
"Multi-squeeze test failed with in_len=%zu in_offs=%zu out_len=%zu out_offs=%zu num_parts=%zu alg=%d",
359
+
in_len, in_offs, out_len, out_offs, num_parts, alg);
360
+
}
361
+
}
362
+
363
+
/*
364
+
* Test that SHAKE operations on buffers immediately followed by an unmapped
365
+
* page work as expected. This catches out-of-bounds memory accesses even if
366
+
* they occur in assembly code.
367
+
*/
368
+
static void test_shake_with_guarded_bufs(struct kunit *test)
369
+
{
370
+
const size_t max_len = 512;
371
+
u8 *reg_buf;
372
+
373
+
KUNIT_ASSERT_GE(test, TEST_BUF_LEN, max_len);
374
+
375
+
reg_buf = kunit_kzalloc(test, max_len, GFP_KERNEL);
376
+
KUNIT_ASSERT_NOT_NULL(test, reg_buf);
377
+
378
+
for (int alg = 0; alg < 2; alg++) {
379
+
for (size_t len = 0; len <= max_len; len++) {
380
+
u8 *guarded_buf = &test_buf[TEST_BUF_LEN - len];
381
+
382
+
rand_bytes(reg_buf, len);
383
+
memcpy(guarded_buf, reg_buf, len);
384
+
385
+
shake(alg, reg_buf, len, reg_buf, len);
386
+
shake(alg, guarded_buf, len, guarded_buf, len);
387
+
388
+
KUNIT_ASSERT_MEMEQ_MSG(
389
+
test, reg_buf, guarded_buf, len,
390
+
"Guard page test failed with len=%zu alg=%d",
391
+
len, alg);
392
+
}
393
+
}
394
+
}
395
+
396
+
static struct kunit_case sha3_test_cases[] = {
397
+
HASH_KUNIT_CASES,
398
+
KUNIT_CASE(test_sha3_224_basic),
399
+
KUNIT_CASE(test_sha3_256_basic),
400
+
KUNIT_CASE(test_sha3_384_basic),
401
+
KUNIT_CASE(test_sha3_512_basic),
402
+
KUNIT_CASE(test_shake128_basic),
403
+
KUNIT_CASE(test_shake256_basic),
404
+
KUNIT_CASE(test_shake128_nist),
405
+
KUNIT_CASE(test_shake256_nist),
406
+
KUNIT_CASE(test_shake_all_lens_up_to_4096),
407
+
KUNIT_CASE(test_shake_multiple_squeezes),
408
+
KUNIT_CASE(test_shake_with_guarded_bufs),
409
+
KUNIT_CASE(benchmark_hash),
410
+
{},
411
+
};
412
+
413
+
static struct kunit_suite sha3_test_suite = {
414
+
.name = "sha3",
415
+
.test_cases = sha3_test_cases,
416
+
.suite_init = hash_suite_init,
417
+
.suite_exit = hash_suite_exit,
418
+
};
419
+
kunit_test_suite(sha3_test_suite);
420
+
421
+
MODULE_DESCRIPTION("KUnit tests and benchmark for SHA3");
422
+
MODULE_LICENSE("GPL");
+84
-17
scripts/crypto/gen-hash-testvecs.py
+84
-17
scripts/crypto/gen-hash-testvecs.py
···
1
1
#!/usr/bin/env python3
2
2
# SPDX-License-Identifier: GPL-2.0-or-later
3
3
#
4
-
# Script that generates test vectors for the given cryptographic hash function.
4
+
# Script that generates test vectors for the given hash function.
5
5
#
6
6
# Copyright 2025 Google LLC
7
7
···
50
50
m = (self.h + self.s) % 2**128
51
51
return m.to_bytes(16, byteorder='little')
52
52
53
+
POLYVAL_POLY = sum((1 << i) for i in [128, 127, 126, 121, 0])
54
+
POLYVAL_BLOCK_SIZE = 16
55
+
56
+
# A straightforward, unoptimized implementation of POLYVAL.
57
+
# Reference: https://datatracker.ietf.org/doc/html/rfc8452
58
+
class Polyval:
59
+
def __init__(self, key):
60
+
assert len(key) == 16
61
+
self.h = int.from_bytes(key, byteorder='little')
62
+
self.acc = 0
63
+
64
+
# Note: this supports partial blocks only at the end.
65
+
def update(self, data):
66
+
for i in range(0, len(data), 16):
67
+
# acc += block
68
+
self.acc ^= int.from_bytes(data[i:i+16], byteorder='little')
69
+
# acc = (acc * h * x^-128) mod POLYVAL_POLY
70
+
product = 0
71
+
for j in range(128):
72
+
if (self.h & (1 << j)) != 0:
73
+
product ^= self.acc << j
74
+
if (product & (1 << j)) != 0:
75
+
product ^= POLYVAL_POLY << j
76
+
self.acc = product >> 128
77
+
return self
78
+
79
+
def digest(self):
80
+
return self.acc.to_bytes(16, byteorder='little')
81
+
53
82
def hash_init(alg):
54
83
if alg == 'poly1305':
55
84
# Use a fixed random key here, to present Poly1305 as an unkeyed hash.
56
85
# This allows all the test cases for unkeyed hashes to work on Poly1305.
57
86
return Poly1305(rand_bytes(POLY1305_KEY_SIZE))
87
+
if alg == 'polyval':
88
+
return Polyval(rand_bytes(POLYVAL_BLOCK_SIZE))
58
89
return hashlib.new(alg)
59
90
60
91
def hash_update(ctx, data):
···
116
85
print('\t\t},')
117
86
118
87
def alg_digest_size_const(alg):
119
-
if alg == 'blake2s':
120
-
return 'BLAKE2S_HASH_SIZE'
121
-
return f'{alg.upper()}_DIGEST_SIZE'
88
+
if alg.startswith('blake2'):
89
+
return f'{alg.upper()}_HASH_SIZE'
90
+
return f'{alg.upper().replace('-', '_')}_DIGEST_SIZE'
122
91
123
92
def gen_unkeyed_testvecs(alg):
124
93
print('')
···
142
111
f'hash_testvec_consolidated[{alg_digest_size_const(alg)}]',
143
112
hash_final(ctx))
144
113
114
+
def gen_additional_sha3_testvecs():
115
+
max_len = 4096
116
+
in_data = rand_bytes(max_len)
117
+
for alg in ['shake128', 'shake256']:
118
+
ctx = hashlib.new('sha3-256')
119
+
for in_len in range(max_len + 1):
120
+
out_len = (in_len * 293) % (max_len + 1)
121
+
out = hashlib.new(alg, data=in_data[:in_len]).digest(out_len)
122
+
ctx.update(out)
123
+
print_static_u8_array_definition(f'{alg}_testvec_consolidated[SHA3_256_DIGEST_SIZE]',
124
+
ctx.digest())
125
+
145
126
def gen_hmac_testvecs(alg):
146
127
ctx = hmac.new(rand_bytes(32), digestmod=alg)
147
128
data = rand_bytes(4096)
···
167
124
f'hmac_testvec_consolidated[{alg.upper()}_DIGEST_SIZE]',
168
125
ctx.digest())
169
126
170
-
BLAKE2S_KEY_SIZE = 32
171
-
BLAKE2S_HASH_SIZE = 32
172
-
173
-
def gen_additional_blake2s_testvecs():
127
+
def gen_additional_blake2_testvecs(alg):
128
+
if alg == 'blake2s':
129
+
(max_key_size, max_hash_size) = (32, 32)
130
+
elif alg == 'blake2b':
131
+
(max_key_size, max_hash_size) = (64, 64)
132
+
else:
133
+
raise ValueError(f'Unsupported alg: {alg}')
174
134
hashes = b''
175
-
for key_len in range(BLAKE2S_KEY_SIZE + 1):
176
-
for out_len in range(1, BLAKE2S_HASH_SIZE + 1):
177
-
h = hashlib.blake2s(digest_size=out_len, key=rand_bytes(key_len))
135
+
for key_len in range(max_key_size + 1):
136
+
for out_len in range(1, max_hash_size + 1):
137
+
h = hashlib.new(alg, digest_size=out_len, key=rand_bytes(key_len))
178
138
h.update(rand_bytes(100))
179
139
hashes += h.digest()
180
140
print_static_u8_array_definition(
181
-
'blake2s_keyed_testvec_consolidated[BLAKE2S_HASH_SIZE]',
182
-
compute_hash('blake2s', hashes))
141
+
f'{alg}_keyed_testvec_consolidated[{alg_digest_size_const(alg)}]',
142
+
compute_hash(alg, hashes))
183
143
184
144
def gen_additional_poly1305_testvecs():
185
145
key = b'\xff' * POLY1305_KEY_SIZE
···
196
150
'poly1305_allones_macofmacs[POLY1305_DIGEST_SIZE]',
197
151
Poly1305(key).update(data).digest())
198
152
153
+
def gen_additional_polyval_testvecs():
154
+
key = b'\xff' * POLYVAL_BLOCK_SIZE
155
+
hashes = b''
156
+
for data_len in range(0, 4097, 16):
157
+
hashes += Polyval(key).update(b'\xff' * data_len).digest()
158
+
print_static_u8_array_definition(
159
+
'polyval_allones_hashofhashes[POLYVAL_DIGEST_SIZE]',
160
+
Polyval(key).update(hashes).digest())
161
+
199
162
if len(sys.argv) != 2:
200
163
sys.stderr.write('Usage: gen-hash-testvecs.py ALGORITHM\n')
201
-
sys.stderr.write('ALGORITHM may be any supported by Python hashlib, or poly1305.\n')
164
+
sys.stderr.write('ALGORITHM may be any supported by Python hashlib; or poly1305, polyval, or sha3.\n')
202
165
sys.stderr.write('Example: gen-hash-testvecs.py sha512\n')
203
166
sys.exit(1)
204
167
205
168
alg = sys.argv[1]
206
169
print('/* SPDX-License-Identifier: GPL-2.0-or-later */')
207
170
print(f'/* This file was generated by: {sys.argv[0]} {" ".join(sys.argv[1:])} */')
208
-
gen_unkeyed_testvecs(alg)
209
-
if alg == 'blake2s':
210
-
gen_additional_blake2s_testvecs()
171
+
if alg.startswith('blake2'):
172
+
gen_unkeyed_testvecs(alg)
173
+
gen_additional_blake2_testvecs(alg)
211
174
elif alg == 'poly1305':
175
+
gen_unkeyed_testvecs(alg)
212
176
gen_additional_poly1305_testvecs()
177
+
elif alg == 'polyval':
178
+
gen_unkeyed_testvecs(alg)
179
+
gen_additional_polyval_testvecs()
180
+
elif alg == 'sha3':
181
+
print()
182
+
print('/* SHA3-256 test vectors */')
183
+
gen_unkeyed_testvecs('sha3-256')
184
+
print()
185
+
print('/* SHAKE test vectors */')
186
+
gen_additional_sha3_testvecs()
213
187
else:
188
+
gen_unkeyed_testvecs(alg)
214
189
gen_hmac_testvecs(alg)