TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a391a9e472254056fbf7f00d00672e670d321e77 / . / library / sha3.c
blob: dbaf8b613efe530995e42dfbda24a97c1025d741 [file] [log] [blame]
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]1/*
2 * FIPS-202 compliant SHA3 implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19/*
20 * The SHA-3 Secure Hash Standard was published by NIST in 2015.
21 *
22 * https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.202.pdf
23 */
24
25#include "common.h"
26
27#if defined(MBEDTLS_SHA3_C)
28
29#include "mbedtls/sha3.h"
30#include "mbedtls/platform_util.h"
31#include "mbedtls/error.h"
32
33#include <string.h>
34
35#if defined(MBEDTLS_SELF_TEST)
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]36#include "mbedtls/platform.h"
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]37#endif /* MBEDTLS_SELF_TEST */
38
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]39/*
40 * List of supported SHA-3 families
41 */
42static mbedtls_sha3_family_functions sha3_families[] = {
43 { MBEDTLS_SHA3_224, 1152, 224, 0x06 },
44 { MBEDTLS_SHA3_256, 1088, 256, 0x06 },
45 { MBEDTLS_SHA3_384, 832, 384, 0x06 },
46 { MBEDTLS_SHA3_512, 576, 512, 0x06 },
47 { MBEDTLS_SHA3_NONE, 0, 0, 0 }
48};
49
50static const uint64_t rc[24] = {
51 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000,
52 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009,
53 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
54 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003,
55 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a,
56 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008,
57};
58
59static const uint8_t rho[24] = {
60 1, 62, 28, 27, 36, 44, 6, 55, 20,
61 3, 10, 43, 25, 39, 41, 45, 15,
62 21, 8, 18, 2, 61, 56, 14
63};
64
65static const uint8_t pi[24] = {
66 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
67 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1,
68};
69
70#define ROT64( x , y ) ( ( ( x ) << ( y ) ) | ( ( x ) >> ( 64U - ( y ) ) ) )
71#define ABSORB( ctx, idx, v ) do { ctx->state[( idx ) >> 3] ^= ( ( uint64_t ) ( v ) ) << ( ( ( idx ) & 0x7 ) << 3 ); } while( 0 )
72#define SQUEEZE( ctx, idx ) ( ( uint8_t )( ctx->state[( idx ) >> 3] >> ( ( ( idx ) & 0x7 ) << 3 ) ) )
73#define SWAP( x, y ) do { uint64_t tmp = ( x ); ( x ) = ( y ); ( y ) = tmp; } while( 0 )
74
75/* The permutation function. */
76static void keccak_f1600(mbedtls_sha3_context *ctx)
77{
78 uint64_t lane[5];
79 uint64_t *s = ctx->state;
80 int i;
81
82 for( int round = 0; round < 24; round++ )
83 {
84 uint64_t t;
85
86 /* Theta */
87 lane[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20];
88 lane[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21];
89 lane[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22];
90 lane[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23];
91 lane[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24];
92
93 t = lane[4] ^ ROT64( lane[1], 1 );
94 s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t;
95
96 t = lane[0] ^ ROT64( lane[2], 1 );
97 s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t;
98
99 t = lane[1] ^ ROT64( lane[3], 1 );
100 s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t;
101
102 t = lane[2] ^ ROT64( lane[4], 1 );
103 s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t;
104
105 t = lane[3] ^ ROT64( lane[0], 1 );
106 s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t;
107
108 /* Rho */
109 for( i = 1; i < 25; i++ )
110 s[i] = ROT64( s[i], rho[i-1] );
111
112 /* Pi */
113 t = s[1];
114 for( i = 0; i < 24; i++ )
115 SWAP( s[pi[i]], t );
116
117 /* Chi */
118 lane[0] = s[0]; lane[1] = s[1]; lane[2] = s[2]; lane[3] = s[3]; lane[4] = s[4];
119 s[0] ^= (~lane[1]) & lane[2];
120 s[1] ^= (~lane[2]) & lane[3];
121 s[2] ^= (~lane[3]) & lane[4];
122 s[3] ^= (~lane[4]) & lane[0];
123 s[4] ^= (~lane[0]) & lane[1];
124
125 lane[0] = s[5]; lane[1] = s[6]; lane[2] = s[7]; lane[3] = s[8]; lane[4] = s[9];
126 s[5] ^= (~lane[1]) & lane[2];
127 s[6] ^= (~lane[2]) & lane[3];
128 s[7] ^= (~lane[3]) & lane[4];
129 s[8] ^= (~lane[4]) & lane[0];
130 s[9] ^= (~lane[0]) & lane[1];
131
132 lane[0] = s[10]; lane[1] = s[11]; lane[2] = s[12]; lane[3] = s[13]; lane[4] = s[14];
133 s[10] ^= (~lane[1]) & lane[2];
134 s[11] ^= (~lane[2]) & lane[3];
135 s[12] ^= (~lane[3]) & lane[4];
136 s[13] ^= (~lane[4]) & lane[0];
137 s[14] ^= (~lane[0]) & lane[1];
138
139 lane[0] = s[15]; lane[1] = s[16]; lane[2] = s[17]; lane[3] = s[18]; lane[4] = s[19];
140 s[15] ^= (~lane[1]) & lane[2];
141 s[16] ^= (~lane[2]) & lane[3];
142 s[17] ^= (~lane[3]) & lane[4];
143 s[18] ^= (~lane[4]) & lane[0];
144 s[19] ^= (~lane[0]) & lane[1];
145
146 lane[0] = s[20]; lane[1] = s[21]; lane[2] = s[22]; lane[3] = s[23]; lane[4] = s[24];
147 s[20] ^= (~lane[1]) & lane[2];
148 s[21] ^= (~lane[2]) & lane[3];
149 s[22] ^= (~lane[3]) & lane[4];
150 s[23] ^= (~lane[4]) & lane[0];
151 s[24] ^= (~lane[0]) & lane[1];
152
153 /* Iota */
154 s[0] ^= rc[round];
155 }
156}
157
158void mbedtls_sha3_init( mbedtls_sha3_context *ctx )
159{
160 if( ctx == NULL )
161 return;
162
163 memset( ctx, 0, sizeof( mbedtls_sha3_context ) );
164}
165
166void mbedtls_sha3_free( mbedtls_sha3_context *ctx )
167{
168 if( ctx == NULL )
169 return;
170
171 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha3_context ) );
172}
173
174void mbedtls_sha3_clone( mbedtls_sha3_context *dst,
175 const mbedtls_sha3_context *src )
176{
177 if ( dst == NULL || src == NULL )
178 return;
179
180 *dst = *src;
181}
182
183/*
184 * SHA-3 context setup
185 */
186int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id )
187{
188 mbedtls_sha3_family_functions *p = NULL;
189 if( ctx == NULL )
190 return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA );
191
192 for( p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++ )
193 {
194 if( p->id == id )
195 break;
196 }
197
Pol Henarejos116411e2022-05-17 11:45:59 +0200[diff] [blame]198 if( p == NULL || p->id == MBEDTLS_SHA3_NONE )
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]199 return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA );
200
201 ctx->id = id;
202 ctx->r = p->r;
203 ctx->olen = p->olen / 8;
204 ctx->xor_byte = p->xor_byte;
205 ctx->max_block_size = ctx->r / 8;
206
Pol Henarejos938b5ab2022-05-20 16:01:07 +0200[diff] [blame]207 memset( ctx->state, 0, sizeof( ctx->state ) );
208 ctx->index = 0;
209
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]210 return( 0 );
211}
212
213/*
214 * SHA-3 process buffer
215 */
216int mbedtls_sha3_update( mbedtls_sha3_context *ctx,
217 const uint8_t *input,
218 size_t ilen )
219{
220 if( ctx == NULL )
221 return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA );
222
223 if( ilen == 0 || input == NULL )
224 return( 0 );
225
226 while( ilen-- > 0 )
227 {
228 ABSORB( ctx, ctx->index, *input++ );
229 if( ( ctx->index = ( ctx->index + 1) % ctx->max_block_size ) == 0 )
230 keccak_f1600( ctx );
231 }
232
233 return( 0 );
234}
235
236int mbedtls_sha3_finish( mbedtls_sha3_context *ctx,
237 uint8_t *output, size_t olen )
238{
Pol Henarejos85eeda02022-05-17 11:43:15 +0200[diff] [blame]239 if( ctx == NULL || output == NULL )
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]240 return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA );
241
Pol Henarejos1f3ae162022-05-17 12:53:30 +0200[diff] [blame]242 /* Catch SHA-3 families, with fixed output length */
243 if( ctx->olen > 0 )
244 {
245 if ( ctx->olen > olen )
246 return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA );
247 olen = ctx->olen;
248 }
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]249
250 ABSORB( ctx, ctx->index, ctx->xor_byte );
251 ABSORB( ctx, ctx->max_block_size - 1, 0x80 );
252 keccak_f1600( ctx );
253 ctx->index = 0;
254
255 while( olen-- > 0 )
256 {
257 *output++ = SQUEEZE( ctx, ctx->index );
258
259 if( ( ctx->index = ( ctx->index + 1) % ctx->max_block_size ) == 0 )
260 keccak_f1600( ctx );
261 }
262
263 return( 0 );
264}
265
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]266/*
267 * output = SHA3( input buffer )
268 */
269int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input,
270 size_t ilen, uint8_t *output, size_t olen )
271{
272 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
273 mbedtls_sha3_context ctx;
274
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]275 mbedtls_sha3_init( &ctx );
276
Pol Henarejos85eeda02022-05-17 11:43:15 +0200[diff] [blame]277 /* Sanity checks are performed in every mbedtls_sha3_xxx() */
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]278 if( ( ret = mbedtls_sha3_starts( &ctx, id ) ) != 0 )
279 goto exit;
280
281 if( ( ret = mbedtls_sha3_update( &ctx, input, ilen ) ) != 0 )
282 goto exit;
283
284 if( ( ret = mbedtls_sha3_finish( &ctx, output, olen ) ) != 0 )
285 goto exit;
286
287exit:
288 mbedtls_sha3_free( &ctx );
289
290 return( ret );
291}
292
Pol Henarejos7dbd5d12022-05-20 20:42:33 +0200[diff] [blame]293/**************** Self-tests ****************/
294
295#if defined(MBEDTLS_SELF_TEST)
296
297static const unsigned char test_data[2][4] =
298{
299 "",
300 "abc",
301};
302
303static const size_t test_data_len[2] =
304{
305 0, /* "" */
306 3 /* "abc" */
307};
308
309static const unsigned char test_hash_sha3_224[2][28] =
310{
311 { /* "" */
312 0x6B, 0x4E, 0x03, 0x42, 0x36, 0x67, 0xDB, 0xB7,
313 0x3B, 0x6E, 0x15, 0x45, 0x4F, 0x0E, 0xB1, 0xAB,
314 0xD4, 0x59, 0x7F, 0x9A, 0x1B, 0x07, 0x8E, 0x3F,
315 0x5B, 0x5A, 0x6B, 0xC7
316 },
317 { /* "abc" */
318 0xE6, 0x42, 0x82, 0x4C, 0x3F, 0x8C, 0xF2, 0x4A,
319 0xD0, 0x92, 0x34, 0xEE, 0x7D, 0x3C, 0x76, 0x6F,
320 0xC9, 0xA3, 0xA5, 0x16, 0x8D, 0x0C, 0x94, 0xAD,
321 0x73, 0xB4, 0x6F, 0xDF
322 }
323};
324
325static const unsigned char test_hash_sha3_256[2][32] =
326{
327 { /* "" */
328 0xA7, 0xFF, 0xC6, 0xF8, 0xBF, 0x1E, 0xD7, 0x66,
329 0x51, 0xC1, 0x47, 0x56, 0xA0, 0x61, 0xD6, 0x62,
330 0xF5, 0x80, 0xFF, 0x4D, 0xE4, 0x3B, 0x49, 0xFA,
331 0x82, 0xD8, 0x0A, 0x4B, 0x80, 0xF8, 0x43, 0x4A
332 },
333 { /* "abc" */
334 0x3A, 0x98, 0x5D, 0xA7, 0x4F, 0xE2, 0x25, 0xB2,
335 0x04, 0x5C, 0x17, 0x2D, 0x6B, 0xD3, 0x90, 0xBD,
336 0x85, 0x5F, 0x08, 0x6E, 0x3E, 0x9D, 0x52, 0x5B,
337 0x46, 0xBF, 0xE2, 0x45, 0x11, 0x43, 0x15, 0x32
338 }
339};
340
341static const unsigned char test_hash_sha3_384[2][48] =
342{
343 { /* "" */
344 0x0C, 0x63, 0xA7, 0x5B, 0x84, 0x5E, 0x4F, 0x7D,
345 0x01, 0x10, 0x7D, 0x85, 0x2E, 0x4C, 0x24, 0x85,
346 0xC5, 0x1A, 0x50, 0xAA, 0xAA, 0x94, 0xFC, 0x61,
347 0x99, 0x5E, 0x71, 0xBB, 0xEE, 0x98, 0x3A, 0x2A,
348 0xC3, 0x71, 0x38, 0x31, 0x26, 0x4A, 0xDB, 0x47,
349 0xFB, 0x6B, 0xD1, 0xE0, 0x58, 0xD5, 0xF0, 0x04
350 },
351 { /* "abc" */
352 0xEC, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6F, 0xC9,
353 0x26, 0x45, 0x9F, 0x58, 0xE2, 0xC6, 0xAD, 0x8D,
354 0xF9, 0xB4, 0x73, 0xCB, 0x0F, 0xC0, 0x8C, 0x25,
355 0x96, 0xDA, 0x7C, 0xF0, 0xE4, 0x9B, 0xE4, 0xB2,
356 0x98, 0xD8, 0x8C, 0xEA, 0x92, 0x7A, 0xC7, 0xF5,
357 0x39, 0xF1, 0xED, 0xF2, 0x28, 0x37, 0x6D, 0x25
358 }
359};
360
361static const unsigned char test_hash_sha3_512[2][64] =
362{
363 { /* "" */
364 0xA6, 0x9F, 0x73, 0xCC, 0xA2, 0x3A, 0x9A, 0xC5,
365 0xC8, 0xB5, 0x67, 0xDC, 0x18, 0x5A, 0x75, 0x6E,
366 0x97, 0xC9, 0x82, 0x16, 0x4F, 0xE2, 0x58, 0x59,
367 0xE0, 0xD1, 0xDC, 0xC1, 0x47, 0x5C, 0x80, 0xA6,
368 0x15, 0xB2, 0x12, 0x3A, 0xF1, 0xF5, 0xF9, 0x4C,
369 0x11, 0xE3, 0xE9, 0x40, 0x2C, 0x3A, 0xC5, 0x58,
370 0xF5, 0x00, 0x19, 0x9D, 0x95, 0xB6, 0xD3, 0xE3,
371 0x01, 0x75, 0x85, 0x86, 0x28, 0x1D, 0xCD, 0x26
372 },
373 { /* "abc" */
374 0xB7, 0x51, 0x85, 0x0B, 0x1A, 0x57, 0x16, 0x8A,
375 0x56, 0x93, 0xCD, 0x92, 0x4B, 0x6B, 0x09, 0x6E,
376 0x08, 0xF6, 0x21, 0x82, 0x74, 0x44, 0xF7, 0x0D,
377 0x88, 0x4F, 0x5D, 0x02, 0x40, 0xD2, 0x71, 0x2E,
378 0x10, 0xE1, 0x16, 0xE9, 0x19, 0x2A, 0xF3, 0xC9,
379 0x1A, 0x7E, 0xC5, 0x76, 0x47, 0xE3, 0x93, 0x40,
380 0x57, 0x34, 0x0B, 0x4C, 0xF4, 0x08, 0xD5, 0xA5,
381 0x65, 0x92, 0xF8, 0x27, 0x4E, 0xEC, 0x53, 0xF0
382 }
383};
384
385static const unsigned char long_kat_hash_sha3_224[28] =
386{
387 0xD6, 0x93, 0x35, 0xB9, 0x33, 0x25, 0x19, 0x2E,
388 0x51, 0x6A, 0x91, 0x2E, 0x6D, 0x19, 0xA1, 0x5C,
389 0xB5, 0x1C, 0x6E, 0xD5, 0xC1, 0x52, 0x43, 0xE7,
390 0xA7, 0xFD, 0x65, 0x3C
391};
392
393static const unsigned char long_kat_hash_sha3_256[32] =
394{
395 0x5C, 0x88, 0x75, 0xAE, 0x47, 0x4A, 0x36, 0x34,
396 0xBA, 0x4F, 0xD5, 0x5E, 0xC8, 0x5B, 0xFF, 0xD6,
397 0x61, 0xF3, 0x2A, 0xCA, 0x75, 0xC6, 0xD6, 0x99,
398 0xD0, 0xCD, 0xCB, 0x6C, 0x11, 0x58, 0x91, 0xC1
399};
400
401static const unsigned char long_kat_hash_sha3_384[48] =
402{
403 0xEE, 0xE9, 0xE2, 0x4D, 0x78, 0xC1, 0x85, 0x53,
404 0x37, 0x98, 0x34, 0x51, 0xDF, 0x97, 0xC8, 0xAD,
405 0x9E, 0xED, 0xF2, 0x56, 0xC6, 0x33, 0x4F, 0x8E,
406 0x94, 0x8D, 0x25, 0x2D, 0x5E, 0x0E, 0x76, 0x84,
407 0x7A, 0xA0, 0x77, 0x4D, 0xDB, 0x90, 0xA8, 0x42,
408 0x19, 0x0D, 0x2C, 0x55, 0x8B, 0x4B, 0x83, 0x40
409};
410
411static const unsigned char long_kat_hash_sha3_512[64] =
412{
413 0x3C, 0x3A, 0x87, 0x6D, 0xA1, 0x40, 0x34, 0xAB,
414 0x60, 0x62, 0x7C, 0x07, 0x7B, 0xB9, 0x8F, 0x7E,
415 0x12, 0x0A, 0x2A, 0x53, 0x70, 0x21, 0x2D, 0xFF,
416 0xB3, 0x38, 0x5A, 0x18, 0xD4, 0xF3, 0x88, 0x59,
417 0xED, 0x31, 0x1D, 0x0A, 0x9D, 0x51, 0x41, 0xCE,
418 0x9C, 0xC5, 0xC6, 0x6E, 0xE6, 0x89, 0xB2, 0x66,
419 0xA8, 0xAA, 0x18, 0xAC, 0xE8, 0x28, 0x2A, 0x0E,
420 0x0D, 0xB5, 0x96, 0xC9, 0x0B, 0x0A, 0x7B, 0x87
421};
422
423static int mbedtls_sha3_kat_test( int verbose,
424 const char* type_name,
425 mbedtls_sha3_id id,
426 int test_num )
427{
428 uint8_t hash[64];
429 int result;
430
431 result = mbedtls_sha3( id,
432 test_data[test_num], test_data_len[test_num],
433 hash, sizeof( hash ) );
434 if( result != 0 )
435 {
436 if( verbose != 0 )
437 {
438 mbedtls_printf( " %s test %d error code: %d\n",
439 type_name, test_num, result );
440 }
441
442 return( result );
443 }
444
445 switch( id )
446 {
447 case MBEDTLS_SHA3_224:
448 result = memcmp( hash, test_hash_sha3_224[test_num], 28 );
449 break;
450 case MBEDTLS_SHA3_256:
451 result = memcmp( hash, test_hash_sha3_256[test_num], 32 );
452 break;
453 case MBEDTLS_SHA3_384:
454 result = memcmp( hash, test_hash_sha3_384[test_num], 48 );
455 break;
456 case MBEDTLS_SHA3_512:
457 result = memcmp( hash, test_hash_sha3_512[test_num], 64 );
458 break;
459 default:
460 break;
461 }
462
463 if( 0 != result )
464 {
465 if( verbose != 0 )
466 {
467 mbedtls_printf( " %s test %d failed\n", type_name, test_num );
468 }
469
470 return( -1 );
471 }
472
473 if( verbose != 0 )
474 {
475 mbedtls_printf( " %s test %d passed\n", type_name, test_num );
476 }
477
478 return( 0 );
479}
480
481static int mbedtls_sha3_long_kat_test( int verbose,
482 const char* type_name,
483 mbedtls_sha3_id id )
484{
485 mbedtls_sha3_context ctx;
486 unsigned char buffer[1000];
487 unsigned char hash[64];
488 int i;
489 int result = 0;
490
491 memset( buffer, 'a', 1000 );
492
493 if( verbose != 0 )
494 {
495 mbedtls_printf( " %s long KAT test ", type_name );
496 }
497
498 mbedtls_sha3_init( &ctx );
499
500 result = mbedtls_sha3_starts( &ctx, id );
501 if( result != 0 )
502 {
503 if( verbose != 0 )
504 {
505 mbedtls_printf( "setup failed\n " );
506 }
507 }
508
509 /* Process 1,000,000 (one million) 'a' characters */
510 for( i = 0; i < 1000; i++ )
511 {
512 result = mbedtls_sha3_update( &ctx, buffer, 1000 );
513 if( result != 0 )
514 {
515 if( verbose != 0 )
516 {
517 mbedtls_printf( "update error code: %i\n", result );
518 }
519
520 goto cleanup;
521 }
522 }
523
524 result = mbedtls_sha3_finish( &ctx, hash, sizeof( hash ) );
525 if( result != 0 )
526 {
527 if( verbose != 0 )
528 {
529 mbedtls_printf( "finish error code: %d\n", result );
530 }
531
532 goto cleanup;
533 }
534
535 switch( id )
536 {
537 case MBEDTLS_SHA3_224:
538 result = memcmp( hash, long_kat_hash_sha3_224, 28 );
539 break;
540 case MBEDTLS_SHA3_256:
541 result = memcmp( hash, long_kat_hash_sha3_256, 32 );
542 break;
543 case MBEDTLS_SHA3_384:
544 result = memcmp( hash, long_kat_hash_sha3_384, 48 );
545 break;
546 case MBEDTLS_SHA3_512:
547 result = memcmp( hash, long_kat_hash_sha3_512, 64 );
548 break;
549 default:
550 break;
551 }
552
553 if( result != 0 )
554 {
555 if( verbose != 0 )
556 {
557 mbedtls_printf( "failed\n" );
558 }
559 }
560
561 if( verbose != 0 )
562 {
563 mbedtls_printf( "passed\n" );
564 }
565
566cleanup:
567 mbedtls_sha3_free( &ctx );
568 return( result );
569}
570
571int mbedtls_sha3_self_test( int verbose )
572{
573 int i;
574
575 /* SHA3 Known Answer Tests (KAT) */
576 for( i = 0; i < 2; i++ )
577 {
578 if( 0 != mbedtls_sha3_kat_test( verbose,
579 "SHA3-224", MBEDTLS_SHA3_224, i ) )
580 return( 1 );
581
582 if( 0 != mbedtls_sha3_kat_test( verbose,
583 "SHA3-256", MBEDTLS_SHA3_256, i ) )
584 return( 1 );
585
586 if( 0 != mbedtls_sha3_kat_test( verbose,
587 "SHA3-384", MBEDTLS_SHA3_384, i ) )
588 return( 1 );
589
590 if( 0 != mbedtls_sha3_kat_test( verbose,
591 "SHA3-512", MBEDTLS_SHA3_512, i ) )
592 return( 1 );
593 }
594
595 /* SHA3 long KAT tests */
596 if( 0 != mbedtls_sha3_long_kat_test( verbose,
597 "SHA3-224", MBEDTLS_SHA3_224 ) )
598 return( 1 );
599
600 if( 0 != mbedtls_sha3_long_kat_test( verbose,
601 "SHA3-256", MBEDTLS_SHA3_256 ) )
602 return( 1 );
603
604 if( 0 != mbedtls_sha3_long_kat_test( verbose,
605 "SHA3-384", MBEDTLS_SHA3_384 ) )
606 return( 1 );
607
608 if( 0 != mbedtls_sha3_long_kat_test( verbose,
609 "SHA3-512", MBEDTLS_SHA3_512 ) )
610 return( 1 );
611
612 if( verbose != 0 )
613 {
614 mbedtls_printf( "\n" );
615 }
616
617 return( 0 );
618}
619#endif /* MBEDTLS_SELF_TEST */
620
Pol Henarejos0cd1f1c2022-05-09 01:04:15 +0200[diff] [blame]621#endif /* MBEDTLS_SHA3_C */