diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index dacbc0df6..b58be411e 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -638,44 +638,35 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) */ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) { -#if defined(BIG_ENDIAN_ORDER) - word32 q = (l + 7) / 8; -#endif - word32 k, rate = p * 8; + word32 rate = p * 8; + word32 j; byte i; - byte *state = (byte *)sha3->s; sha3->t[rate - 1] = 0x00; #ifdef WOLFSSL_HASH_FLAGS - if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) { + if (p == WC_SHA3_256_COUNT && sha3->flags & WC_HASH_SHA3_KECCAK256) padChar = 0x01; - } #endif - sha3->t[ sha3->i] = padChar; + sha3->t[sha3->i ] = padChar; sha3->t[rate - 1] |= 0x80; for (i=sha3->i + 1; i < rate - 1; i++) sha3->t[i] = 0; for (i = 0; i < p; i++) sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); - BlockSha3(sha3->s); -#if defined(BIG_ENDIAN_ORDER) - ByteReverseWords64(sha3->s, sha3->s, (q > p) ? rate : q * 8); -#endif - i = 0; - for (k = 0; k < l; k++) - { - if (i == rate) - { - i = 0; -#if defined(BIG_ENDIAN_ORDER) - ByteReverseWords64(sha3->s, sha3->s, rate); - BlockSha3(sha3->s); - ByteReverseWords64(sha3->s, sha3->s, rate); -#else - BlockSha3(sha3->s); -#endif - } - hash[k] = state[i++]; + for (j = 0; l - j >= rate; j += rate) { + BlockSha3(sha3->s); + #if defined(BIG_ENDIAN_ORDER) + ByteReverseWords64((word64*)(hash + j), sha3->s, rate); + #else + XMEMCPY(hash + j, sha3->s, rate); + #endif + } + if (j != l) { + BlockSha3(sha3->s); + #if defined(BIG_ENDIAN_ORDER) + ByteReverseWords64(sha3->s, sha3->s, rate); + #endif + XMEMCPY(hash + j, sha3->s, l - j); } return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 34524fea0..5be88a07a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -3327,10 +3327,10 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) { #ifndef WOLFSSL_NO_SHAKE256 wc_Shake sha; - byte hash[114]; + byte hash[250]; - testVector a, b, c; - testVector test_sha[3]; + testVector a, b, c, d, e; + testVector test_sha[5]; int ret = 0; int times = sizeof(test_sha) / sizeof(struct testVector), i; @@ -3355,7 +3355,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"; a.inLen = XSTRLEN(a.input); - a.outLen = sizeof(hash); + a.outLen = 114; b.input = "abc"; b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" @@ -3367,7 +3367,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"; b.inLen = XSTRLEN(b.input); - b.outLen = sizeof(hash); + b.outLen = 114; c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" @@ -3379,11 +3379,53 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; c.inLen = XSTRLEN(c.input); - c.outLen = sizeof(hash); + c.outLen = 114; + + /* Taken from NIST CAVP test vectors - full rate output. */ + d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb" + "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8" + "\x85\xe0"; + d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00" + "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d" + "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc" + "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c" + "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6" + "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d" + "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5" + "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b" + "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7" + "\xc2"; + d.inLen = 32; + d.outLen = 136; + /* Taken from NIST CAVP test vectors - more than one output block. */ + e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef" + "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67" + "\x47\xe4"; + e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19" + "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92" + "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c" + "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13" + "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb" + "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44" + "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46" + "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48" + "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a" + "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4" + "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36" + "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09" + "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda" + "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc" + "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7" + "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11" + "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c"; + e.inLen = 32; + e.outLen = 250; test_sha[0] = a; test_sha[1] = b; test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; ret = wc_InitShake256(&sha, HEAP_HINT, devId); if (ret != 0) @@ -3416,7 +3458,7 @@ WOLFSSL_TEST_SUBROUTINE int shake256_test(void) ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash)); if (ret != 0) ERROR_OUT(-3105, exit); - if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) + if (XMEMCMP(hash, large_digest, 114) != 0) ERROR_OUT(-3106, exit); } /* END LARGE HASH TEST */