From nobody Wed Oct 8 23:02:56 2025 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0DF7252912; Mon, 23 Jun 2025 13:18:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684730; cv=none; b=JIV/XAbzOoKjSnoKHRvxyH1x5lPMca5K6j39hTvOj6LoasnjcCkMGCoiB/L6BmrvZmXAmp5EHb+mix09tx3bXkh4vnJZ8I8vCw+SGmG2QDpVzQ6aWqwx/ZoWTBIxeEJTF1ZdJtVZ1H7imSG6MW5knpSuzBkhUrqS2lNexF5ewYs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684730; c=relaxed/simple; bh=ZEvVKr1fw4SqRYALlAyjNhD0pRFYu2CAbdCbtackT7Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bI+qGujx+fgTXBDXYTzfPKz6zPRHrNMYh4Wd7qy8AhSNNF2iby6xb9adBTJWEvjfw+VefxfrsqUHU3lPYns8GpUhaVm27kpgYH7VLxwpucybwgZhszhXTbHigKLHJBnFqyRT7DC4UVa7SIrN4wVUFMREiV8VjkaYpYhYf7JvEak= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=SxBIbubf; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="SxBIbubf" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55NBAhvR009021; Mon, 23 Jun 2025 13:18:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=y09d/LFHtaUMHvnG+ FYVHOuZNJKQNfX/KMoPl7iXM4A=; b=SxBIbubfNJB8s3COlJv6FIboQzN9VGH9G j8lOzKRx/WtRkwqIqlJ39uXoCMohujfIr0dn+JVVbP18EMj8tVFXBnOtkliCo2PC YWTqVMX663reAdmxmKd9uocEC7dJT465PSKHEYtEKKZyEugedgyn0/0pLFAHNRvg ft0512LBs6ubkoWpcGcsgzV4s2Z3/WNxXmpsCFfu9HFo1dh/g7fKb1XfKBWd6SdX QsP/6eMGIqzLC4+h83cf7pi2EOayNPOkHQAeFHUs+07aWz3+kGsV5IZm2FuAhd0r 2Sjgu2QiVayDuT2NNueoGGAkor8Uqe8HHBlKauHmRIsRPZME5Mbcg== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47dj5tj92r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:43 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55NB21Sf015025; Mon, 23 Jun 2025 13:18:42 GMT Received: from smtprelay03.wdc07v.mail.ibm.com ([172.16.1.70]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 47e72tf01t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:42 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay03.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55NDIaPl25625154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Jun 2025 13:18:36 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3F64A5805E; Mon, 23 Jun 2025 13:18:41 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C1E5C58043; Mon, 23 Jun 2025 13:18:40 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Mon, 23 Jun 2025 13:18:40 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [RFC PATCH 1/4] crypto: Add squeeze function to shash_alg for support of XOFs Date: Mon, 23 Jun 2025 09:18:27 -0400 Message-ID: <20250623131830.2194643-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250623131830.2194643-1-stefanb@linux.ibm.com> References: <20250623131830.2194643-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: yqRk7zyWxL5J7MAHA5SAXCg-Bd6d8qgg X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIzMDA4MCBTYWx0ZWRfX2znzapI1azT7 wVpRLSjyPoqRAcaREcwIz5PiM71mEyUYIBZ9IJzdQJjmS2C/f/PQeMTVuX1Z0cs0LSvKVDqk5b/ W2RPTDREND9fSQZEyxdJqJvkGpK9ucOQd0g9essNm5KW8R6Lf0FQ1OIJ3qCYMwgxLCoA/Fo64L/ FPnn4k+SvgXGQlYjznrKBnPzb7Zh0KuoZCbkXZpNVOd7Yb5UpYS3fVSNx2JdKT/hWaQsf05CqNf 0x/g74h+2SxG3TbwX6dXwm+c9FVJbH3SRDKmkFiUSQglibS8qo++VfQQ5Jr3MSyI/fUgTmHQaNY 92u6rDTvm6npdTENcq7AAR4ZEZH5gnZpp1c/YVRmoxLhGJvX+2fk4kkWhEnfaoTe5tlUi3kdTQL jUht5Va5HuDd5Iw2cMR2cMeVWjAgnzZPqzZdbiBaHvHMYspc/S3mHyCr8RLdAv44VrEtJGv+ X-Authority-Analysis: v=2.4 cv=MshS63ae c=1 sm=1 tr=0 ts=68595433 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=n-XTF91Upou305-BhzYA:9 X-Proofpoint-GUID: yqRk7zyWxL5J7MAHA5SAXCg-Bd6d8qgg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-23_03,2025-06-23_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 lowpriorityscore=0 spamscore=0 mlxlogscore=999 impostorscore=0 clxscore=1015 phishscore=0 malwarescore=0 suspectscore=0 adultscore=0 priorityscore=1501 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506230080 Content-Type: text/plain; charset="utf-8" Add a squeeze function for support of shake128/256 XOFs. This function accepts a variable-length output buffer for the XOFs to return their data in. The final parameter clears the state of an XOF and should only be set to 'true' when the last output is requested. Signed-off-by: Stefan Berger --- crypto/shash.c | 9 +++++++++ include/crypto/hash.h | 20 ++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/crypto/shash.c b/crypto/shash.c index 301ab42bf849..258494f49fce 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -59,6 +59,15 @@ int crypto_shash_final(struct shash_desc *desc, u8 *out) } EXPORT_SYMBOL_GPL(crypto_shash_final); =20 +int crypto_shash_squeeze(struct shash_desc *desc, u8 *out, size_t outlen, + bool final) +{ + if (!crypto_shash_alg(desc->tfm)->squeeze) + return -EINVAL; + return crypto_shash_alg(desc->tfm)->squeeze(desc, out, outlen, final); +} +EXPORT_SYMBOL_GPL(crypto_shash_squeeze); + static int shash_default_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out) { diff --git a/include/crypto/hash.h b/include/crypto/hash.h index a67988316d06..9072652e8e60 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -183,6 +183,7 @@ struct shash_desc { * @final: see struct ahash_alg * @finup: see struct ahash_alg * @digest: see struct ahash_alg + * @squeeze: Get data from an XOF type of hash * @export: see struct ahash_alg * @import: see struct ahash_alg * @setkey: see struct ahash_alg @@ -213,6 +214,8 @@ struct shash_alg { unsigned int len, u8 *out); int (*digest)(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out); + int (*squeeze)(struct shash_desc *desc, u8 *out, size_t outlen, + bool final); int (*export)(struct shash_desc *desc, void *out); int (*import)(struct shash_desc *desc, const void *in); int (*setkey)(struct crypto_shash *tfm, const u8 *key, @@ -980,6 +983,23 @@ int crypto_shash_final(struct shash_desc *desc, u8 *ou= t); int crypto_shash_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out); =20 +/** + * crypto_shash_squeeze() - get xof message digest data + * @desc: operational state handle that is already filled with data + * @out: output buffer filled with the XOF message digest + * @outlen: number of bytes to get from the XOF + * @final: whether this is the final squeeze call + * + * Get message digest data from an extend output function (XOF) + * + * Context: Any context. + * Return: 0 if the data could be created successfully; < 0 if an error + * occurred + */ +int crypto_shash_squeeze(struct shash_desc *desc, u8 *out, size_t outlen, + bool final); + + static inline void shash_desc_zero(struct shash_desc *desc) { memzero_explicit(desc, --=20 2.49.0 From nobody Wed Oct 8 23:02:56 2025 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 134AC25394A; Mon, 23 Jun 2025 13:18:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684731; cv=none; b=L0kGGp1reKG4lJU1KLEDSSUv4CwHfaX61auXxSTd16IzXItRgqTsoOWwqNDl++h3m6bKxIRv10jt9fDFCLRs/HoUB+jWHQUNHoC9hmn1HYngHLq+LfAFHwRzAEVd2wvGfKZvmIOhJrQeUuBB3cV2qvoDP9kKL3zWwtFdU52zT3Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684731; c=relaxed/simple; bh=ka7DOlStzpdl6AaErLxV2dkMbfEyCE7Z+4tBWDf+LTc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ear215rgXGpSFNuNqBPx1gj1zbUPqU4vr563sIvwvxX+nwQigW40l5nYCT52cZ0UX4+1dBJaHkOHR2Z3jiHXlQNHgztrodJE8Sa+2nM3ZDnnb7hxIQJgok1py+TwcdEIkHEqsK6WEjwmKGJt+amCGt1PBPIOqFir55UhQdXf4AA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=MvG2wGML; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="MvG2wGML" Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55N9b28J019048; Mon, 23 Jun 2025 13:18:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=oowJ2zZXHBno6Zkk9 BIfEe5BYDUDl+9umhi0sKVyiDU=; b=MvG2wGML7TVDt4c5DzpAL6KCc9R1Guidm +E9WRsarTLcoDWC8p/yz5UnPGSowsFh6S7NiXgP1lEWPH/STHUENZ9PGGj3OfiZb MQJFr0uT+kibf4zdv1nyO0tl7lHuOgkCEm9DR1gpR4c81lvGISy30f6pP2sb7EaS KBzK2T7vpDzu9RuWCJ1S24LsGIzBSVQLZNxa64ZiR+WXBENX6B4qIsJIPDGu7k1v N3kBz2oNo0VKnvOwaLAl9gJtquTZKEqBztDyzp/DloztG+P4BcafepXexzj52pVW Lxw7E+KqB7JSWF1f1XoL2F7CMlB7QOUYFzFC09QDcl9lh4wUYlhAg== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47dmfe2568-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:43 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55NB1xou030552; Mon, 23 Jun 2025 13:18:42 GMT Received: from smtprelay03.wdc07v.mail.ibm.com ([172.16.1.70]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 47e7eypx70-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:42 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay03.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55NDIaOw24511182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Jun 2025 13:18:37 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CAEBE58055; Mon, 23 Jun 2025 13:18:41 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 563D558043; Mon, 23 Jun 2025 13:18:41 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Mon, 23 Jun 2025 13:18:41 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [RFC PATCH 2/4] crypto: Add shake128/256 to generic sha3 module Date: Mon, 23 Jun 2025 09:18:28 -0400 Message-ID: <20250623131830.2194643-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250623131830.2194643-1-stefanb@linux.ibm.com> References: <20250623131830.2194643-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 6-Ivb8M0WJMwJ9k8TeSmKnS0_sK2jo0d X-Proofpoint-GUID: 6-Ivb8M0WJMwJ9k8TeSmKnS0_sK2jo0d X-Authority-Analysis: v=2.4 cv=BpqdwZX5 c=1 sm=1 tr=0 ts=68595433 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=7PqV0hYhwxvHinq54jsA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIzMDA4MCBTYWx0ZWRfXx/BMbpXcXIaX GUAwemxa2TYqkZNA9RPGw0nt/2VtmydJohPYx24oDTq5JEwxhO/WvDcKgYQ4TA7y+yew5XCQKSl xjllX6ewNWtY+fytUH8FnFJIymDxaLTUCBLikiF4QmpWO1Fytr+SqdUTVHKILSPTzpDKrg1KfPE M8Zmv8szc272QzhsxrM7DIdf642/L5ERPCCUPnpZSKunAz4CWxgXD1kDEOca8Ud+WqGNMEbMXhy 5ZA3rNmRlYtkI9SAg91o/pjEbjcj411ZZbjCLegpYGkJOxgaLflrhyNMncWTh89suo8a1txqixC jCm148ouHW2WHkg0+fChobqZZwcTDisGr1EwouLd/QDtncd7IS2nOCpIePdBikhJE6ToeHcHs2G u89fyLa42jDas5Bd8uB4bt6K4GKc1ZXd8q/PkewXTDQRFubfJpJAjENIxmK0pKMWCoqJWuzV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-23_03,2025-06-23_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 impostorscore=0 clxscore=1015 spamscore=0 mlxlogscore=999 priorityscore=1501 phishscore=0 malwarescore=0 adultscore=0 bulkscore=0 suspectscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506230080 Content-Type: text/plain; charset="utf-8" Extend the sha3 module with shake128 & shake256. For this, implement functions to get (squeeze) a number of bytes or blocks from the keccak sponge. A block here corresponds to the number of bytes available in a buffer following a keccak permutation. On top of this functionality, implement the general squeeze function that returns a requested number of bytes to the user. Implement the 'final' function on top of the squeeze function. The 'final' function will always request a fixed number of bytes from the squeeze function and set the 'final' parameter to true, clearing the state of the hash as usual. Adjust the maximum hash description and block sizes due to shake128. Extend the arrays for supported hashes with entries for shake128 and shake256. Signed-off-by: Stefan Berger --- crypto/hash_info.c | 4 + crypto/sha3_generic.c | 211 +++++++++++++++++++++++++++++++++ include/crypto/algapi.h | 2 +- include/crypto/hash.h | 5 +- include/crypto/sha3.h | 19 +++ include/uapi/linux/hash_info.h | 2 + 6 files changed, 239 insertions(+), 4 deletions(-) diff --git a/crypto/hash_info.c b/crypto/hash_info.c index 9a467638c971..2e426be89463 100644 --- a/crypto/hash_info.c +++ b/crypto/hash_info.c @@ -32,6 +32,8 @@ const char *const hash_algo_name[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D "sha3-256", [HASH_ALGO_SHA3_384] =3D "sha3-384", [HASH_ALGO_SHA3_512] =3D "sha3-512", + [HASH_ALGO_SHAKE128] =3D "shake128", + [HASH_ALGO_SHAKE256] =3D "shake256", }; EXPORT_SYMBOL_GPL(hash_algo_name); =20 @@ -59,5 +61,7 @@ const int hash_digest_size[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D SHA3_256_DIGEST_SIZE, [HASH_ALGO_SHA3_384] =3D SHA3_384_DIGEST_SIZE, [HASH_ALGO_SHA3_512] =3D SHA3_512_DIGEST_SIZE, + [HASH_ALGO_SHAKE128] =3D SHAKE128_DIGEST_SIZE, + [HASH_ALGO_SHAKE256] =3D SHAKE256_DIGEST_SIZE, }; EXPORT_SYMBOL_GPL(hash_digest_size); diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c index b103642b56ea..4782303527fe 100644 --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c @@ -29,6 +29,8 @@ #define SHA3_INLINE noinline #endif =20 +#define DOMAIN_SEPARATOR_SHAKE 0x1F + #define KECCAK_ROUNDS 24 =20 static const u64 keccakf_rndc[24] =3D { @@ -237,6 +239,189 @@ int crypto_sha3_final(struct shash_desc *desc, u8 *ou= t) } EXPORT_SYMBOL(crypto_sha3_final); =20 +static int crypto_shake_init(struct shash_desc *desc) +{ + struct shake_state *sctx =3D shash_desc_ctx(desc); + unsigned int digest_size =3D crypto_shash_digestsize(desc->tfm); + + sctx->rsiz =3D 200 - 2 * digest_size; + sctx->rsizw =3D sctx->rsiz / 8; + sctx->partial =3D 0; + sctx->ridx =3D 0; + sctx->finalized =3D false; + sctx->permute =3D false; + + memset(sctx->st, 0, sizeof(sctx->st)); + return 0; +} + +static int crypto_shake_update(struct shash_desc *desc, const u8 *data, + unsigned int len) +{ + struct shake_state *sctx =3D shash_desc_ctx(desc); + unsigned int done; + const u8 *src; + + done =3D 0; + src =3D data; + + if ((sctx->partial + len) > (sctx->rsiz - 1)) { + if (sctx->partial) { + done =3D -sctx->partial; + memcpy(sctx->buf + sctx->partial, data, + done + sctx->rsiz); + src =3D sctx->buf; + } + + do { + unsigned int i; + + for (i =3D 0; i < sctx->rsizw; i++) + sctx->st[i] ^=3D get_unaligned_le64(src + 8 * i); + keccakf(sctx->st); + + done +=3D sctx->rsiz; + src =3D data + done; + } while (done + (sctx->rsiz - 1) < len); + + sctx->partial =3D 0; + } + memcpy(sctx->buf + sctx->partial, src, len - done); + sctx->partial +=3D (len - done); + + return 0; +} + +static void crypto_shake_squeeze_bytes(struct shake_state *sctx, + u8 **out, size_t n) +{ + size_t i, to_copy, loops; + __le64 *digest; + u8 *_out =3D *out; + + if (n =3D=3D 0) + return; + + BUG_ON(sctx->ridx + n > sctx->rsiz); + + if (sctx->permute) { + keccakf(sctx->st); + sctx->permute =3D false; + } + + while (n) { + to_copy =3D (n < 8) ? n : 8 - (sctx->ridx & 7); + if (to_copy < 8) { + for (i =3D sctx->ridx; i < sctx->ridx + to_copy; i++) + *_out++ =3D sctx->st[i / 8] >> 8 * (i & 7); + + sctx->ridx +=3D to_copy; + n -=3D to_copy; + if (n =3D=3D 0) + break; + } + + BUG_ON((sctx->ridx & 7) !=3D 0); + digest =3D (__le64 *)_out; + loops =3D n / 8; + for (i =3D sctx->ridx / 8; i < (sctx->ridx / 8) + loops; i++) + put_unaligned_le64(sctx->st[i], digest++); + + sctx->ridx +=3D 8 * loops; + n -=3D 8 * loops; + _out =3D (u8 *)digest; + } + + if (sctx->ridx =3D=3D sctx->rsiz) { + sctx->ridx =3D 0; + sctx->permute =3D true; + } + *out =3D _out; +} + +static void crypto_shake_squeeze_blocks(struct shake_state *sctx, + u8 **out, size_t nblocks) +{ + __le64 *digest =3D (__le64 *)*out; + size_t i, j; + + BUG_ON(sctx->ridx !=3D 0); + + for (i =3D 0; i < nblocks; i++) { + if (sctx->permute) + keccakf(sctx->st); + sctx->permute =3D true; + + for (j =3D 0; j < sctx->rsiz / 8; j++) + put_unaligned_le64(sctx->st[j], digest++); + } + *out =3D (u8 *)digest; +} + +static void crypto_shake_finalize(struct shake_state *sctx, + u8 domsep) +{ + unsigned int inlen, i; + + if (sctx->finalized) + return; + + inlen =3D sctx->partial; + sctx->buf[inlen++] =3D domsep; + memset(sctx->buf + inlen, 0, sctx->rsiz - inlen); + sctx->buf[sctx->rsiz - 1] |=3D 0x80; + + for (i =3D 0; i < sctx->rsizw; i++) + sctx->st[i] ^=3D get_unaligned_le64(sctx->buf + 8 * i); + + sctx->finalized =3D true; + sctx->permute =3D true; +} + +static int crypto_shake_squeeze(struct shash_desc *desc, + u8 *out, size_t outlen, + bool final) +{ + struct shake_state *sctx =3D shash_desc_ctx(desc); + size_t nblocks, to_copy; + + if (!sctx->finalized) + crypto_shake_finalize(sctx, DOMAIN_SEPARATOR_SHAKE); + + if (sctx->ridx > 0) { + to_copy =3D min(outlen, sctx->rsiz - sctx->ridx); + + crypto_shake_squeeze_bytes(sctx, &out, to_copy); + outlen -=3D to_copy; + if (outlen =3D=3D 0) + goto done; + } + + nblocks =3D outlen / sctx->rsiz; + if (nblocks) { + crypto_shake_squeeze_blocks(sctx, &out, nblocks); + outlen -=3D nblocks * sctx->rsiz; + } + + crypto_shake_squeeze_bytes(sctx, &out, outlen); + +done: + if (final) + memset(sctx, 0, sizeof(*sctx)); + + return 0; +} + +static int crypto_shake_final(struct shash_desc *desc, u8 *out) +{ + unsigned int digest_size =3D crypto_shash_digestsize(desc->tfm); + + crypto_shake_squeeze(desc, out, digest_size, true); + + return 0; +} + + static struct shash_alg algs[] =3D { { .digestsize =3D SHA3_224_DIGEST_SIZE, .init =3D crypto_sha3_init, @@ -277,6 +462,28 @@ static struct shash_alg algs[] =3D { { .base.cra_driver_name =3D "sha3-512-generic", .base.cra_blocksize =3D SHA3_512_BLOCK_SIZE, .base.cra_module =3D THIS_MODULE, +}, { + .digestsize =3D SHAKE128_DIGEST_SIZE, + .init =3D crypto_shake_init, + .update =3D crypto_shake_update, + .final =3D crypto_shake_final, + .squeeze =3D crypto_shake_squeeze, + .descsize =3D sizeof(struct shake_state), + .base.cra_name =3D "shake128", + .base.cra_driver_name =3D "shake128-generic", + .base.cra_blocksize =3D SHAKE128_BLOCK_SIZE, + .base.cra_module =3D THIS_MODULE, +}, { + .digestsize =3D SHAKE256_DIGEST_SIZE, + .init =3D crypto_shake_init, + .update =3D crypto_shake_update, + .final =3D crypto_shake_final, + .squeeze =3D crypto_shake_squeeze, + .descsize =3D sizeof(struct shake_state), + .base.cra_name =3D "shake256", + .base.cra_driver_name =3D "shake256-generic", + .base.cra_blocksize =3D SHAKE256_BLOCK_SIZE, + .base.cra_module =3D THIS_MODULE, } }; =20 static int __init sha3_generic_mod_init(void) @@ -303,3 +510,7 @@ MODULE_ALIAS_CRYPTO("sha3-384"); MODULE_ALIAS_CRYPTO("sha3-384-generic"); MODULE_ALIAS_CRYPTO("sha3-512"); MODULE_ALIAS_CRYPTO("sha3-512-generic"); +MODULE_ALIAS_CRYPTO("shake128"); +MODULE_ALIAS_CRYPTO("shake128-generic"); +MODULE_ALIAS_CRYPTO("shake256"); +MODULE_ALIAS_CRYPTO("shake256-generic"); diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 6e07bbc04089..be30f895fe7b 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -20,7 +20,7 @@ * static buffers that are big enough for any combination of * algs and architectures. Ciphers have a lower maximum size. */ -#define MAX_ALGAPI_BLOCKSIZE 160 +#define MAX_ALGAPI_BLOCKSIZE 168 /* shake128 */ #define MAX_ALGAPI_ALIGNMASK 127 #define MAX_CIPHER_BLOCKSIZE 16 #define MAX_CIPHER_ALIGNMASK 15 diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 9072652e8e60..5d69c2d69b96 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -166,10 +166,9 @@ struct shash_desc { #define HASH_MAX_DIGESTSIZE 64 =20 /* - * Worst case is hmac(sha3-224-generic). Its context is a nested 'shash_d= esc' - * containing a 'struct sha3_state'. + * Worst case is shake128 */ -#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 360) +#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 384) =20 #define SHASH_DESC_ON_STACK(shash, ctx) \ char __##shash##_desc[sizeof(struct shash_desc) + HASH_MAX_DESCSIZE] \ diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h index 080f60c2e6b1..d99d2bfbd27f 100644 --- a/include/crypto/sha3.h +++ b/include/crypto/sha3.h @@ -31,4 +31,23 @@ int crypto_sha3_update(struct shash_desc *desc, const u8= *data, unsigned int len); int crypto_sha3_final(struct shash_desc *desc, u8 *out); =20 + +#define SHAKE128_DIGEST_SIZE (128 / 8) +#define SHAKE128_BLOCK_SIZE (200 - 2 * SHAKE128_DIGEST_SIZE) + +#define SHAKE256_DIGEST_SIZE (256 / 8) +#define SHAKE256_BLOCK_SIZE (200 - 2 * SHAKE256_DIGEST_SIZE) + +struct shake_state { + u64 st[25]; + unsigned int rsiz; + unsigned int rsizw; + + unsigned int partial; + u8 buf[SHAKE128_BLOCK_SIZE]; + bool finalized; + bool permute; + unsigned int ridx; +}; + #endif diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h index 0af23ec196d8..97af74326d31 100644 --- a/include/uapi/linux/hash_info.h +++ b/include/uapi/linux/hash_info.h @@ -38,6 +38,8 @@ enum hash_algo { HASH_ALGO_SHA3_256, HASH_ALGO_SHA3_384, HASH_ALGO_SHA3_512, + HASH_ALGO_SHAKE128, + HASH_ALGO_SHAKE256, HASH_ALGO__LAST }; =20 --=20 2.49.0 From nobody Wed Oct 8 23:02:56 2025 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7925B256C83; Mon, 23 Jun 2025 13:18:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684735; cv=none; b=BxOQ1nSSLDTtT5Ibgm1Uhs8qnXZqIdL6LVD6jtgcI4ZAPQuCWcEdUBSj5L8e9dq3SNO8IJg5WBImedtsu3XRsnMIiB+bK6BguxhAhWVQyCsMoafiyrRwx2AF4qbSblIhYqtHGLUMknqSXbg4QcXx4uoF7Oao63u8Me5WFsiqDuY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684735; c=relaxed/simple; bh=e3OzJbB8Wf28/Du+VCLKaLjpFFhqXcCZJTDTmDoy7zw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=b6Gj7Y14kjZBaehHqgjUf+Ki1CVSUNPxVhODa3ZKb3seNqvlUR57+OsKG/EfwVXl5JrgqThckNrVE5r/JSM7Y7RMzUvNsr+VcTwffeFRmLrCD9BWD/3meZBU5A6+HDLVv1j2Eo/AR52sOB2ituFwDxUbzsiDEMCCkR/XIcvumNA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=Ht3etf6I; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="Ht3etf6I" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55N95QUx007226; Mon, 23 Jun 2025 13:18:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=gVMgS5y5O7Jii0xEd Jat2PaINYW81PyVxGrZ7lTrXms=; b=Ht3etf6IdwMsqdVxFKhtoPw+0vMytqQ0B M3pobPmW4ogCnFzRBsRww8tBNvE2nJjXiJI/PtVrV0+NxxUBJqcP6SnVPgaBLMEd usKSl26E1ChvM+FdE3WDA7sd582P8PjHCkv50aAUf250hFjMtUpQGAg5iDATAS34 8MX6w+P7U8pDTWKnLcO9IsyPA7vBDPhDjuggUkZzeWPZJL1x+61ukyC+NTmAQ9Gi RdMSfIflCt6jXLxQSaPLYSbsya3sSx+iRT4cVgxhaJXRUrcvEGVQQuva8af1tDNw vLHo3qcRmYDQqMl77xCXfUqeUXjPyFPRr6z72HqJazok/k2FQZt4w== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47dk63j3tk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:44 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55NCXUfq014775; Mon, 23 Jun 2025 13:18:43 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 47e9s26g54-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:43 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55NDIgB859638214 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Jun 2025 13:18:42 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 609D758055; Mon, 23 Jun 2025 13:18:42 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E1C3158059; Mon, 23 Jun 2025 13:18:41 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Mon, 23 Jun 2025 13:18:41 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [RFC PATCH 3/4] crypto: Add tests cases for shake128 & shake256 to testmgr Date: Mon, 23 Jun 2025 09:18:29 -0400 Message-ID: <20250623131830.2194643-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250623131830.2194643-1-stefanb@linux.ibm.com> References: <20250623131830.2194643-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIzMDA4MCBTYWx0ZWRfX1F5nnKAqYMKw VwWlEVpWX+XzjrcxT6GGPgH7nbo1gQSMgqZZpacjfxIqmVRB9ixbAeQTYoiP2npwnCgQ8r1J4nW rkjGCVY6nASV0PszrXLD3aIyK1qPWgOX294Si6C+LTh/trK9WcTXaUdRMNOVUL1EXG8Hp0zN7EB zM2wj2HLfkUn2OXG8moq/NWxHz2q+ls1wwV6rpCKrfJYJtoU1I1RV1VTuqVbEtnh0rfGnrX+zuM Q1fOwMiOBifZ1Ylz6NqrBn+IbpCmB6DNtb8Uzceap3ftwoyUAHv+owsOObvSjdFQY0PW4EV+LYS y569M4VD/Ofdh5vZIohILQXeQ7Xg0sRydQFMK/fkN7JoT68/eiKWYMkVKHlKpvmianblStnBjYL i9HhhCUrDuYKWzN5tUt1g564mqJyolD+6WrDchWvbpjzaqHkelY2PSHWxwQWwI3g8LwlkiqI X-Proofpoint-ORIG-GUID: lJqUz4S59PtGFCfZyv-d4Etc8kx2B3qH X-Proofpoint-GUID: lJqUz4S59PtGFCfZyv-d4Etc8kx2B3qH X-Authority-Analysis: v=2.4 cv=BfvY0qt2 c=1 sm=1 tr=0 ts=68595434 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=xF6bd4FRdrIRRYsjWBcA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-23_03,2025-06-23_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 priorityscore=1501 lowpriorityscore=0 clxscore=1015 suspectscore=0 adultscore=0 spamscore=0 impostorscore=0 mlxlogscore=602 malwarescore=0 phishscore=0 bulkscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506230080 Content-Type: text/plain; charset="utf-8" Add test cases for shake128 & shake256 to the testmgr. Signed-off-by: Stefan Berger --- crypto/testmgr.c | 14 +++ crypto/testmgr.h | 310 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 324 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 82977ea25db3..2e4740448e3a 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5558,6 +5558,20 @@ static const struct alg_test_desc alg_test_descs[] = =3D { .suite =3D { .hash =3D __VECS(sha512_tv_template) } + }, { + .alg =3D "shake128", + .test =3D alg_test_hash, + .fips_allowed =3D 1, + .suite =3D { + .hash =3D __VECS(shake128_tv_template) + } + }, { + .alg =3D "shake256", + .test =3D alg_test_hash, + .fips_allowed =3D 1, + .suite =3D { + .hash =3D __VECS(shake256_tv_template) + } }, { .alg =3D "sm3", .test =3D alg_test_hash, diff --git a/crypto/testmgr.h b/crypto/testmgr.h index afc10af59b0a..c99dc61353b1 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -5914,6 +5914,316 @@ static const struct hash_testvec sha3_512_tv_templa= te[] =3D { }, }; =20 +static const struct hash_testvec shake128_tv_template[] =3D { + { + .plaintext =3D "", + .digest =3D "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" + "\x61\x60\x45\x50\x76\x05\x85\x3e", + }, { + .plaintext =3D "a", + .psize =3D 1, + .digest =3D "\x85\xc8\xde\x88\xd2\x88\x66\xbf" + "\x08\x68\x09\x0b\x39\x61\x16\x2b", + }, { + .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" + "jklmklmnlmnomnopnopq", + .psize =3D 56, + .digest =3D "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e" + "\x74\xe0\xa7\x07\x78\x8f\x55\xe9", + }, { + .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" + "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" + "\xec\x60\xf7\x8e\x02\x99\x30\xc7" + "\x3b\xd2\x69\x00\x74\x0b\xa2\x16" + "\xad\x44\xdb\x4f\xe6\x7d\x14\x88" + "\x1f\xb6\x2a\xc1\x58\xef\x63\xfa" + "\x91\x05\x9c\x33\xca\x3e\xd5\x6c" + "\x03\x77\x0e\xa5\x19\xb0\x47\xde" + "\x52\xe9\x80\x17\x8b\x22\xb9\x2d" + "\xc4\x5b\xf2\x66\xfd\x94\x08\x9f" + "\x36\xcd\x41\xd8\x6f\x06\x7a\x11" + "\xa8\x1c\xb3\x4a\xe1\x55\xec\x83" + "\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5" + "\x69\x00\x97\x0b\xa2\x39\xd0\x44" + "\xdb\x72\x09\x7d\x14\xab\x1f\xb6" + "\x4d\xe4\x58\xef\x86\x1d\x91\x28" + "\xbf\x33\xca\x61\xf8\x6c\x03\x9a" + "\x0e\xa5\x3c\xd3\x47\xde\x75\x0c" + "\x80\x17\xae\x22\xb9\x50\xe7\x5b" + "\xf2\x89\x20\x94\x2b\xc2\x36\xcd" + "\x64\xfb\x6f\x06\x9d\x11\xa8\x3f" + "\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1" + "\x25\xbc\x53\xea\x5e\xf5\x8c\x00" + "\x97\x2e\xc5\x39\xd0\x67\xfe\x72" + "\x09\xa0\x14\xab\x42\xd9\x4d\xe4" + "\x7b\x12\x86\x1d\xb4\x28\xbf\x56" + "\xed\x61\xf8\x8f\x03\x9a\x31\xc8" + "\x3c\xd3\x6a\x01\x75\x0c\xa3\x17" + "\xae\x45\xdc\x50\xe7\x7e\x15\x89" + "\x20\xb7\x2b\xc2\x59\xf0\x64\xfb" + "\x92\x06\x9d\x34\xcb\x3f\xd6\x6d" + "\x04\x78\x0f\xa6\x1a\xb1\x48\xdf" + "\x53\xea\x81\x18\x8c\x23\xba\x2e" + "\xc5\x5c\xf3\x67\xfe\x95\x09\xa0" + "\x37\xce\x42\xd9\x70\x07\x7b\x12" + "\xa9\x1d\xb4\x4b\xe2\x56\xed\x84" + "\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6" + "\x6a\x01\x98\x0c\xa3\x3a\xd1\x45" + "\xdc\x73\x0a\x7e\x15\xac\x20\xb7" + "\x4e\xe5\x59\xf0\x87\x1e\x92\x29" + "\xc0\x34\xcb\x62\xf9\x6d\x04\x9b" + "\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d" + "\x81\x18\xaf\x23\xba\x51\xe8\x5c" + "\xf3\x8a\x21\x95\x2c\xc3\x37\xce" + "\x65\xfc\x70\x07\x9e\x12\xa9\x40" + "\xd7\x4b\xe2\x79\x10\x84\x1b\xb2" + "\x26\xbd\x54\xeb\x5f\xf6\x8d\x01" + "\x98\x2f\xc6\x3a\xd1\x68\xff\x73" + "\x0a\xa1\x15\xac\x43\xda\x4e\xe5" + "\x7c\x13\x87\x1e\xb5\x29\xc0\x57" + "\xee\x62\xf9\x90\x04\x9b\x32\xc9" + "\x3d\xd4\x6b\x02\x76\x0d\xa4\x18" + "\xaf\x46\xdd\x51\xe8\x7f\x16\x8a" + "\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc" + "\x93\x07\x9e\x35\xcc\x40\xd7\x6e" + "\x05\x79\x10\xa7\x1b\xb2\x49\xe0" + "\x54\xeb\x82\x19\x8d\x24\xbb\x2f" + "\xc6\x5d\xf4\x68\xff\x96\x0a\xa1" + "\x38\xcf\x43\xda\x71\x08\x7c\x13" + "\xaa\x1e\xb5\x4c\xe3\x57\xee\x85" + "\x1c\x90\x27\xbe\x32\xc9\x60\xf7" + "\x6b\x02\x99\x0d\xa4\x3b\xd2\x46" + "\xdd\x74\x0b\x7f\x16\xad\x21\xb8" + "\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a" + "\xc1\x35\xcc\x63\xfa\x6e\x05\x9c" + "\x10\xa7\x3e\xd5\x49\xe0\x77\x0e" + "\x82\x19\xb0\x24\xbb\x52\xe9\x5d" + "\xf4\x8b\x22\x96\x2d\xc4\x38\xcf" + "\x66\xfd\x71\x08\x9f\x13\xaa\x41" + "\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3" + "\x27\xbe\x55\xec\x60\xf7\x8e\x02" + "\x99\x30\xc7\x3b\xd2\x69\x00\x74" + "\x0b\xa2\x16\xad\x44\xdb\x4f\xe6" + "\x7d\x14\x88\x1f\xb6\x2a\xc1\x58" + "\xef\x63\xfa\x91\x05\x9c\x33\xca" + "\x3e\xd5\x6c\x03\x77\x0e\xa5\x19" + "\xb0\x47\xde\x52\xe9\x80\x17\x8b" + "\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd" + "\x94\x08\x9f\x36\xcd\x41\xd8\x6f" + "\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1" + "\x55\xec\x83\x1a\x8e\x25\xbc\x30" + "\xc7\x5e\xf5\x69\x00\x97\x0b\xa2" + "\x39\xd0\x44\xdb\x72\x09\x7d\x14" + "\xab\x1f\xb6\x4d\xe4\x58\xef\x86" + "\x1d\x91\x28\xbf\x33\xca\x61\xf8" + "\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47" + "\xde\x75\x0c\x80\x17\xae\x22\xb9" + "\x50\xe7\x5b\xf2\x89\x20\x94\x2b" + "\xc2\x36\xcd\x64\xfb\x6f\x06\x9d" + "\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f" + "\x83\x1a\xb1\x25\xbc\x53\xea\x5e" + "\xf5\x8c\x00\x97\x2e\xc5\x39\xd0" + "\x67\xfe\x72\x09\xa0\x14\xab\x42" + "\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4" + "\x28\xbf\x56\xed\x61\xf8\x8f\x03" + "\x9a\x31\xc8\x3c\xd3\x6a\x01\x75" + "\x0c\xa3\x17\xae\x45\xdc\x50\xe7" + "\x7e\x15\x89\x20\xb7\x2b\xc2\x59" + "\xf0\x64\xfb\x92\x06\x9d\x34\xcb" + "\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a" + "\xb1\x48\xdf\x53\xea\x81\x18\x8c" + "\x23\xba\x2e\xc5\x5c\xf3\x67\xfe" + "\x95\x09\xa0\x37\xce\x42\xd9\x70" + "\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2" + "\x56\xed\x84\x1b\x8f\x26\xbd\x31" + "\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3" + "\x3a\xd1\x45\xdc\x73\x0a\x7e\x15" + "\xac\x20\xb7\x4e\xe5\x59\xf0\x87" + "\x1e\x92\x29\xc0\x34\xcb\x62\xf9" + "\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48" + "\xdf\x76\x0d\x81\x18\xaf\x23\xba" + "\x51\xe8\x5c\xf3\x8a\x21\x95\x2c" + "\xc3\x37\xce\x65\xfc\x70\x07\x9e" + "\x12\xa9\x40\xd7\x4b\xe2\x79\x10" + "\x84\x1b\xb2\x26\xbd\x54\xeb\x5f" + "\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1" + "\x68\xff\x73\x0a\xa1\x15\xac\x43" + "\xda\x4e\xe5\x7c\x13\x87\x1e\xb5" + "\x29\xc0\x57\xee\x62\xf9\x90\x04" + "\x9b\x32\xc9\x3d\xd4\x6b\x02\x76" + "\x0d\xa4\x18\xaf\x46\xdd\x51\xe8" + "\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a" + "\xf1\x65\xfc\x93\x07\x9e\x35\xcc" + "\x40\xd7\x6e\x05\x79\x10\xa7\x1b" + "\xb2\x49\xe0\x54\xeb\x82\x19\x8d" + "\x24\xbb\x2f\xc6\x5d\xf4\x68\xff" + "\x96\x0a\xa1\x38\xcf\x43\xda\x71" + "\x08\x7c\x13\xaa\x1e\xb5\x4c", + .psize =3D 1023, + .digest =3D "\x13\x0a\x5b\xcb\x83\x9f\x10\x89" + "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8", + }, +}; + +static const struct hash_testvec shake256_tv_template[] =3D { + { + .plaintext =3D "", + .digest =3D "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13" + "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" + "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" + "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f", + }, { + .plaintext =3D "a", + .psize =3D 1, + .digest =3D "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc" + "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" + "\xea\xaf\xca\x50\x25\x56\x26\xca" + "\x73\x6c\x13\x80\x42\x53\x0b\xa4", + }, { + .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" + "jklmklmnlmnomnopnopq", + .psize =3D 56, + .digest =3D "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28" + "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13" + "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1" + "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29", + }, { + .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" + "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" + "\xec\x60\xf7\x8e\x02\x99\x30\xc7" + "\x3b\xd2\x69\x00\x74\x0b\xa2\x16" + "\xad\x44\xdb\x4f\xe6\x7d\x14\x88" + "\x1f\xb6\x2a\xc1\x58\xef\x63\xfa" + "\x91\x05\x9c\x33\xca\x3e\xd5\x6c" + "\x03\x77\x0e\xa5\x19\xb0\x47\xde" + "\x52\xe9\x80\x17\x8b\x22\xb9\x2d" + "\xc4\x5b\xf2\x66\xfd\x94\x08\x9f" + "\x36\xcd\x41\xd8\x6f\x06\x7a\x11" + "\xa8\x1c\xb3\x4a\xe1\x55\xec\x83" + "\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5" + "\x69\x00\x97\x0b\xa2\x39\xd0\x44" + "\xdb\x72\x09\x7d\x14\xab\x1f\xb6" + "\x4d\xe4\x58\xef\x86\x1d\x91\x28" + "\xbf\x33\xca\x61\xf8\x6c\x03\x9a" + "\x0e\xa5\x3c\xd3\x47\xde\x75\x0c" + "\x80\x17\xae\x22\xb9\x50\xe7\x5b" + "\xf2\x89\x20\x94\x2b\xc2\x36\xcd" + "\x64\xfb\x6f\x06\x9d\x11\xa8\x3f" + "\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1" + "\x25\xbc\x53\xea\x5e\xf5\x8c\x00" + "\x97\x2e\xc5\x39\xd0\x67\xfe\x72" + "\x09\xa0\x14\xab\x42\xd9\x4d\xe4" + "\x7b\x12\x86\x1d\xb4\x28\xbf\x56" + "\xed\x61\xf8\x8f\x03\x9a\x31\xc8" + "\x3c\xd3\x6a\x01\x75\x0c\xa3\x17" + "\xae\x45\xdc\x50\xe7\x7e\x15\x89" + "\x20\xb7\x2b\xc2\x59\xf0\x64\xfb" + "\x92\x06\x9d\x34\xcb\x3f\xd6\x6d" + "\x04\x78\x0f\xa6\x1a\xb1\x48\xdf" + "\x53\xea\x81\x18\x8c\x23\xba\x2e" + "\xc5\x5c\xf3\x67\xfe\x95\x09\xa0" + "\x37\xce\x42\xd9\x70\x07\x7b\x12" + "\xa9\x1d\xb4\x4b\xe2\x56\xed\x84" + "\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6" + "\x6a\x01\x98\x0c\xa3\x3a\xd1\x45" + "\xdc\x73\x0a\x7e\x15\xac\x20\xb7" + "\x4e\xe5\x59\xf0\x87\x1e\x92\x29" + "\xc0\x34\xcb\x62\xf9\x6d\x04\x9b" + "\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d" + "\x81\x18\xaf\x23\xba\x51\xe8\x5c" + "\xf3\x8a\x21\x95\x2c\xc3\x37\xce" + "\x65\xfc\x70\x07\x9e\x12\xa9\x40" + "\xd7\x4b\xe2\x79\x10\x84\x1b\xb2" + "\x26\xbd\x54\xeb\x5f\xf6\x8d\x01" + "\x98\x2f\xc6\x3a\xd1\x68\xff\x73" + "\x0a\xa1\x15\xac\x43\xda\x4e\xe5" + "\x7c\x13\x87\x1e\xb5\x29\xc0\x57" + "\xee\x62\xf9\x90\x04\x9b\x32\xc9" + "\x3d\xd4\x6b\x02\x76\x0d\xa4\x18" + "\xaf\x46\xdd\x51\xe8\x7f\x16\x8a" + "\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc" + "\x93\x07\x9e\x35\xcc\x40\xd7\x6e" + "\x05\x79\x10\xa7\x1b\xb2\x49\xe0" + "\x54\xeb\x82\x19\x8d\x24\xbb\x2f" + "\xc6\x5d\xf4\x68\xff\x96\x0a\xa1" + "\x38\xcf\x43\xda\x71\x08\x7c\x13" + "\xaa\x1e\xb5\x4c\xe3\x57\xee\x85" + "\x1c\x90\x27\xbe\x32\xc9\x60\xf7" + "\x6b\x02\x99\x0d\xa4\x3b\xd2\x46" + "\xdd\x74\x0b\x7f\x16\xad\x21\xb8" + "\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a" + "\xc1\x35\xcc\x63\xfa\x6e\x05\x9c" + "\x10\xa7\x3e\xd5\x49\xe0\x77\x0e" + "\x82\x19\xb0\x24\xbb\x52\xe9\x5d" + "\xf4\x8b\x22\x96\x2d\xc4\x38\xcf" + "\x66\xfd\x71\x08\x9f\x13\xaa\x41" + "\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3" + "\x27\xbe\x55\xec\x60\xf7\x8e\x02" + "\x99\x30\xc7\x3b\xd2\x69\x00\x74" + "\x0b\xa2\x16\xad\x44\xdb\x4f\xe6" + "\x7d\x14\x88\x1f\xb6\x2a\xc1\x58" + "\xef\x63\xfa\x91\x05\x9c\x33\xca" + "\x3e\xd5\x6c\x03\x77\x0e\xa5\x19" + "\xb0\x47\xde\x52\xe9\x80\x17\x8b" + "\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd" + "\x94\x08\x9f\x36\xcd\x41\xd8\x6f" + "\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1" + "\x55\xec\x83\x1a\x8e\x25\xbc\x30" + "\xc7\x5e\xf5\x69\x00\x97\x0b\xa2" + "\x39\xd0\x44\xdb\x72\x09\x7d\x14" + "\xab\x1f\xb6\x4d\xe4\x58\xef\x86" + "\x1d\x91\x28\xbf\x33\xca\x61\xf8" + "\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47" + "\xde\x75\x0c\x80\x17\xae\x22\xb9" + "\x50\xe7\x5b\xf2\x89\x20\x94\x2b" + "\xc2\x36\xcd\x64\xfb\x6f\x06\x9d" + "\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f" + "\x83\x1a\xb1\x25\xbc\x53\xea\x5e" + "\xf5\x8c\x00\x97\x2e\xc5\x39\xd0" + "\x67\xfe\x72\x09\xa0\x14\xab\x42" + "\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4" + "\x28\xbf\x56\xed\x61\xf8\x8f\x03" + "\x9a\x31\xc8\x3c\xd3\x6a\x01\x75" + "\x0c\xa3\x17\xae\x45\xdc\x50\xe7" + "\x7e\x15\x89\x20\xb7\x2b\xc2\x59" + "\xf0\x64\xfb\x92\x06\x9d\x34\xcb" + "\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a" + "\xb1\x48\xdf\x53\xea\x81\x18\x8c" + "\x23\xba\x2e\xc5\x5c\xf3\x67\xfe" + "\x95\x09\xa0\x37\xce\x42\xd9\x70" + "\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2" + "\x56\xed\x84\x1b\x8f\x26\xbd\x31" + "\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3" + "\x3a\xd1\x45\xdc\x73\x0a\x7e\x15" + "\xac\x20\xb7\x4e\xe5\x59\xf0\x87" + "\x1e\x92\x29\xc0\x34\xcb\x62\xf9" + "\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48" + "\xdf\x76\x0d\x81\x18\xaf\x23\xba" + "\x51\xe8\x5c\xf3\x8a\x21\x95\x2c" + "\xc3\x37\xce\x65\xfc\x70\x07\x9e" + "\x12\xa9\x40\xd7\x4b\xe2\x79\x10" + "\x84\x1b\xb2\x26\xbd\x54\xeb\x5f" + "\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1" + "\x68\xff\x73\x0a\xa1\x15\xac\x43" + "\xda\x4e\xe5\x7c\x13\x87\x1e\xb5" + "\x29\xc0\x57\xee\x62\xf9\x90\x04" + "\x9b\x32\xc9\x3d\xd4\x6b\x02\x76" + "\x0d\xa4\x18\xaf\x46\xdd\x51\xe8" + "\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a" + "\xf1\x65\xfc\x93\x07\x9e\x35\xcc" + "\x40\xd7\x6e\x05\x79\x10\xa7\x1b" + "\xb2\x49\xe0\x54\xeb\x82\x19\x8d" + "\x24\xbb\x2f\xc6\x5d\xf4\x68\xff" + "\x96\x0a\xa1\x38\xcf\x43\xda\x71" + "\x08\x7c\x13\xaa\x1e\xb5\x4c", + .psize =3D 1023, + .digest =3D "\x24\xab\xec\xa1\x22\x05\x1c\xf3" + "\xce\xdc\xc1\x02\x31\x6c\x0f\x19" + "\x0a\xb2\x77\x24\xe7\x68\x71\x3b" + "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c", + }, +}; + =20 /* * MD5 test vectors from RFC1321 --=20 2.49.0 From nobody Wed Oct 8 23:02:56 2025 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 841C9253953; Mon, 23 Jun 2025 13:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684732; cv=none; b=nqHZOkgXudpKXyKhUmTDj71d8UT1LEQURvkCjQRo/Plr1wa2dX/1tyifD2QiUSlLaZQF6VUr7hm/N0QSqbLJMIbRPRMVr+Y7Kq1QyUnAX73C+1l+dmkSYDjsaxG+LmWiDyHB0Z3vnd73/px6d6Y39+umXFSmnzje2g+1fYlY9Fo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750684732; c=relaxed/simple; bh=xPgijZ2vIvFu3DtcUE9qnOx/hBOQ95kK1ZVkjD36OdE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tX9S8h49QEI3KVsG7T1KLaUCpGf89Oi4ujEKIsLCHeXh1sEWzZIxir08HBSIZzfxOlD9L/H5CJWkgfHkppfEGCiwKzzSuZ8Zwv5EYEghs6GbG6ZHwownu8gUSjmyp3BttqOGgsy8snPlntLqJrF9XkymCCTxAYyHix768mPFwJU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=F8czoG+i; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="F8czoG+i" Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55NAJPqP020202; Mon, 23 Jun 2025 13:18:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=LO1BiEiorGlsdWrYz 6N+WDgNttGozRQgvWENg3NtHC0=; b=F8czoG+iWnybFrjMS26FTKGiLe4vtIYWP R4Yf8xJeFsmXEwPpuTmAPRUJoqyUOwzoRTpVlaPVt7GyfVio/n2UYjBg4iEnd3Fh NX3datd0h0B0ddqVHH9lqfX/3Ol1Ngs6xx7zUqi259yVGece6VCLjcIRSYz0+AEJ wY4yfa+Z4oW2CLzZRdW9Ila/n83EVkQeuob4Trky6D6dUlj+rNoJ+HNylfUTFiOF lt5bjunpYBM0IRk677DXem2mdlwx2YUk41SiVLOFVKOHoDdBsAtUIUGzLJ+AVSza 57zffJ9zXUfmai7uM3mQjKQ6HkUnYlLp17gdnh04p/SdsioOSx1vw== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47dk63j3tm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:44 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55NBkZjd006397; Mon, 23 Jun 2025 13:18:43 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([172.16.1.72]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 47e82nxtjs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Jun 2025 13:18:43 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55NDIhND25166476 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Jun 2025 13:18:43 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EAC4A5805F; Mon, 23 Jun 2025 13:18:42 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 779EC58059; Mon, 23 Jun 2025 13:18:42 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Mon, 23 Jun 2025 13:18:42 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [RFC PATCH 4/4] crypto: Extend testmgr with tests for shake128/256 XOFs Date: Mon, 23 Jun 2025 09:18:30 -0400 Message-ID: <20250623131830.2194643-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250623131830.2194643-1-stefanb@linux.ibm.com> References: <20250623131830.2194643-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjIzMDA4MCBTYWx0ZWRfX2VaQYqudlpPt JyY1CSenXreER1kaYg5Yi/RdosS6L312gQFhlNXns6vlR5LqBo+jjZAogibgtVZ4paikxIKBiyS 3iVfUxn27N1xt+/TTGdWY/T96HJW14snnqF+pTpMHxYVPJ7wJ42Ike9X+4HxztHzvmcCQ92FRL4 lU1fHrisYZjneEkNvcgvE83KgTIQkT7qYkqBPKI8QbEM/5ieg7fJvSTiNrmV4raYGAZW8S5cIQ7 JgalPulYafxVKUdPZNoI/f45AP0SepjonNK4LDn7Pe1ChKBPtY9QMiPnPduI13vbfItq65CMof3 jRfBxRwPf8lUOOvO7vXz+5B9TwUn39v3abBdrpUZ9cD5W3Rp1QIXRJtQJauG1flf8yP1PG3PbH1 Ri528lhEJHWztzxRXRYz0Iw8wsLxpPqAfax82P1+BCYIOWaRlLXmujLhWIa8Iiq/dq4Nv3Sd X-Proofpoint-ORIG-GUID: avB1Pc-N2yZ73VLVla7JU-pPVmnZ5MQD X-Proofpoint-GUID: avB1Pc-N2yZ73VLVla7JU-pPVmnZ5MQD X-Authority-Analysis: v=2.4 cv=BfvY0qt2 c=1 sm=1 tr=0 ts=68595434 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=RaegE9gVr3S12DfPD4oA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-23_03,2025-06-23_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 priorityscore=1501 lowpriorityscore=0 clxscore=1015 suspectscore=0 adultscore=0 spamscore=0 impostorscore=0 mlxlogscore=547 malwarescore=0 phishscore=0 bulkscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506230080 Content-Type: text/plain; charset="utf-8" Extend the testmgr to run tests for XOFs where it squeezes a certain number of bytes in a first step and then a different number in subsequent steps to test for issues related to alignments and proper copying of bytes and blocks. Add test case data for shake128 and shake256 XOFs. Signed-off-by: Stefan Berger --- crypto/testmgr.c | 58 +++++++++++++ crypto/testmgr.h | 212 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 270 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 2e4740448e3a..267307bd609d 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1647,6 +1647,59 @@ static int test_ahash_vec_cfg(const struct hash_test= vec *vec, driver, cfg); } =20 +static int test_shash_xof(const struct hash_testvec *vec, + struct shash_desc *desc) +{ + struct shash_alg *alg =3D crypto_shash_alg(desc->tfm); + struct steps { + unsigned int first; + unsigned int other; + } steps[] =3D { + { .first =3D 0, .other =3D alg->base.cra_blocksize, }, + { .first =3D 0, .other =3D alg->base.cra_blocksize + 1, }, + { .first =3D 1, .other =3D alg->base.cra_blocksize, }, + { .first =3D 1, .other =3D 1, }, + { .first =3D 1, .other =3D 33, }, + }; + unsigned char *output =3D NULL, *tmp; + unsigned int off, req; + int ret =3D 0; + size_t i; + + for (i =3D 0; i < ARRAY_SIZE(steps); i++) { + if (!vec->xof) + continue; + + tmp =3D krealloc(output, vec->xof_size, GFP_KERNEL); + if (IS_ERR(output)) + return PTR_ERR(output); + output =3D tmp; + + crypto_shash_init(desc); + crypto_shash_update(desc, vec->plaintext, vec->psize); + crypto_shash_squeeze(desc, output, steps[i].first, false); + off =3D steps[i].first; + + while (off < vec->xof_size) { + req =3D steps[i].other; + if (off + req > vec->xof_size) + req =3D vec->xof_size - off; + crypto_shash_squeeze(desc, &output[off], req, false); + off +=3D req; + } + + if (memcmp(output, vec->xof, vec->xof_size) !=3D 0) { + pr_err("XOF output of %s is wrong! (steps: %d, %d)\n", + alg->base.cra_name, steps[i].first, + steps[i].other); + ret =3D -EINVAL; + } + } + kfree(output); + + return ret; +} + static int test_hash_vec_cfg(const struct hash_testvec *vec, const char *vec_name, const struct testvec_config *cfg, @@ -1998,6 +2051,11 @@ static int __alg_test_hash(const struct hash_testvec= *vecs, err =3D test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate); if (err) goto out; + if (desc && crypto_shash_alg(desc->tfm)->squeeze) { + err =3D test_shash_xof(&vecs[i], desc); + if (err) + return err; + } cond_resched(); } err =3D test_hash_vs_generic_impl(generic_driver, maxkeysize, req, diff --git a/crypto/testmgr.h b/crypto/testmgr.h index c99dc61353b1..5160e5bb0489 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -30,8 +30,10 @@ * @key: Pointer to key (NULL if none) * @plaintext: Pointer to source data * @digest: Pointer to expected digest + * @xof: Pointer to extended output * @psize: Length of source data in bytes * @ksize: Length of @key in bytes (0 if no key) + * @xof_size: Length of extended output * @setkey_error: Expected error from setkey() * @digest_error: Expected error from digest() * @fips_skip: Skip the test vector in FIPS mode @@ -40,8 +42,10 @@ struct hash_testvec { const char *key; const char *plaintext; const char *digest; + const char *xof; unsigned int psize; unsigned short ksize; + unsigned short xof_size; int setkey_error; int digest_error; bool fips_skip; @@ -5919,17 +5923,95 @@ static const struct hash_testvec shake128_tv_templa= te[] =3D { .plaintext =3D "", .digest =3D "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" "\x61\x60\x45\x50\x76\x05\x85\x3e", + .xof =3D "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" + "\x61\x60\x45\x50\x76\x05\x85\x3e" + "\xd7\x3b\x80\x93\xf6\xef\xbc\x88" + "\xeb\x1a\x6e\xac\xfa\x66\xef\x26" + "\x3c\xb1\xee\xa9\x88\x00\x4b\x93" + "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68" + "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63" + "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2" + "\x35\xb8\xcc\x87\x3c\x23\xdc\x62" + "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75" + "\xab\x91\x6a\x58\xd9\x74\x91\x88" + "\x35\xd2\x5e\x6a\x43\x50\x85\xb2" + "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5" + "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38" + "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc" + "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea" + "\x17\xcd\xa7\xcf\xad\x76\x5f\x56" + "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf" + "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f" + "\x16\x7a\x58\x0b\x14\xaa\xbd\xef" + "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9" + "\x76\x7b\xe1\xfd\xa6\x94\x19\xdf" + "\xb9\x27\xe9\xdf\x07\x34\x8b\x19" + "\x66\x91\xab\xae\xb5\x80\xb3\x2d" + "\xef\x58\x53\x8b\x8d\x23\xf8\x77", + .xof_size =3D 200, }, { .plaintext =3D "a", .psize =3D 1, .digest =3D "\x85\xc8\xde\x88\xd2\x88\x66\xbf" "\x08\x68\x09\x0b\x39\x61\x16\x2b", + .xof =3D "\x85\xc8\xde\x88\xd2\x88\x66\xbf" + "\x08\x68\x09\x0b\x39\x61\x16\x2b" + "\xf8\x23\x92\xf6\x90\xd9\xe4\x73" + "\x09\x10\xf4\xaf\x7c\x6a\xb3\xee" + "\x43\x54\xb4\x9c\xa7\x29\xeb\x35" + "\x6e\xe3\xf5\xb0\xfb\xd2\x9b\x66" + "\x76\x93\x83\xe5\xe4\x01\xb1\xf8" + "\x5e\x04\x4c\x92\xbb\x52\x31\xaa" + "\x4d\xee\x17\x99\xaf\x7a\x7c\xee" + "\x21\x3a\x23\xad\xcd\x03\xc4\x80" + "\x6c\x9a\x8b\x0d\x8a\x2e\xea\xd8" + "\xea\x7a\x61\x34\xc1\x3e\x52\x3c" + "\xcf\x93\xad\x39\xd2\x27\xd3\xe7" + "\xd0\x22\xd9\x65\x4f\x3b\x49\x41" + "\x37\x88\x75\x8a\x64\x17\xe4\x2d" + "\x41\x95\x7c\xb3\x0c\xf0\x4d\xa3" + "\x7f\x26\x89\x7c\x2c\xf2\xf8\x00" + "\x55\x84\x62\x93\xfd\xe0\x23\x31" + "\xcf\x4a\x26\x9a\xaf\x2d\x47\xeb" + "\x27\xab\xa0\xfa\xba\x4a\x67\x8e" + "\xc0\x02\xbc\x0d\x30\x64\xea\xd0" + "\xa3\xf2\xe0\xd8\xa7\xfa\x40\x4a" + "\xf5\x4e\xbf\x4f\x5b\x18\x35\x62" + "\xa8\xda\xd7\x3b\x9a\x55\xbf\x1c" + "\x06\x6e\x00\x07\xe7\xab\x8a\x89", + .xof_size =3D 200, }, { .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" "jklmklmnlmnomnopnopq", .psize =3D 56, .digest =3D "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e" "\x74\xe0\xa7\x07\x78\x8f\x55\xe9", + .xof =3D "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e" + "\x74\xe0\xa7\x07\x78\x8f\x55\xe9" + "\x82\x09\xb8\xd9\x1f\xad\xe8\xf3" + "\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5" + "\x4e\xe5\xf1\x95\x50\x82\x5a\x6e" + "\x07\x00\x30\x51\x9e\x94\x42\x63" + "\xac\x1c\x67\x65\x28\x70\x65\x62" + "\x1f\x9f\xcb\x32\x01\x72\x3e\x32" + "\x23\xb6\x3a\x46\xc2\x93\x8a\xa9" + "\x53\xba\x84\x01\xd0\xea\x77\xb8" + "\xd2\x64\x90\x77\x55\x66\x40\x7b" + "\x95\x67\x3c\x0f\x4c\xc1\xce\x9f" + "\xd9\x66\x14\x8d\x7e\xfd\xff\x26" + "\xbb\xf9\xf4\x8a\x21\xc6\xda\x35" + "\xbf\xaa\x54\x56\x54\xf7\x0a\xe5" + "\x86\xff\x10\x13\x14\x20\x77\x14" + "\x83\xec\x92\xed\xab\x40\x8c\x76" + "\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c" + "\x8c\xa2\x14\xd8\x4c\x4d\xc7\x00" + "\xd0\xc5\x06\x30\xb2\xff\xc3\x79" + "\x3e\xa4\xd8\x72\x58\xb4\xc9\x54" + "\x8c\x54\x85\xa5\xca\x66\x6e\xf7" + "\x3f\xbd\x81\x6d\x41\x8a\xea\x63" + "\x95\xb5\x03\xad\xdd\x9b\x15\x0f" + "\x9e\x06\x63\x32\x5f\x01\xe5\x51", + .xof_size =3D 200, }, { .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -6062,6 +6144,32 @@ static const struct hash_testvec shake128_tv_templat= e[] =3D { .psize =3D 1023, .digest =3D "\x13\x0a\x5b\xcb\x83\x9f\x10\x89" "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8", + .xof =3D "\x13\x0a\x5b\xcb\x83\x9f\x10\x89" + "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8" + "\xd1\xa1\x20\xeb\x55\x0a\x93\x04" + "\x9b\xe3\x14\x3c\x18\xd1\x7c\xa7" + "\xcd\xf3\x11\xe7\xe1\xcf\xaf\xbf" + "\x2e\x99\x8b\x4f\x5e\x0a\x13\x81" + "\x6e\x12\x36\x9e\x8e\x3a\xf6\x42" + "\xa1\x85\x4b\xda\xcf\x5a\x36\x65" + "\xe4\xea\x18\x3b\x19\x86\xf0\xd4" + "\xeb\x0f\x33\x98\xb5\x2b\xa7\x9b" + "\xba\x17\xd1\xd4\xc5\x5f\x0d\x8e" + "\x6c\xb0\xba\x4f\x94\x25\x29\x54" + "\xf8\x1d\x03\x14\xb7\xe5\x1e\xb2" + "\xf0\xe7\x0f\x32\x86\xfa\x13\x9f" + "\x60\x8d\x15\x03\x2d\x96\x2a\xa4" + "\x76\xf6\x49\x6c\x8a\x75\x7d\x79" + "\xa4\xcc\xcb\xe0\xf9\xbb\x7a\x80" + "\xc1\x20\x79\x32\x42\xe8\x0e\xd9" + "\x0f\x93\x0b\xaf\x56\x6e\x71\xc8" + "\x3f\xc3\x52\xe0\x4b\x4b\xbc\xf5" + "\x1f\xdf\xed\x88\xb8\x9d\x5a\x75" + "\x77\xa1\x59\x9b\x6a\x7c\x43\xe4" + "\x5b\x58\xaa\x84\x0a\x18\xb5\x37" + "\x3b\xda\xa8\xc9\x35\x76\x1b\x62" + "\x4f\x52\xc7\x42\x4e\x00\xb1\x46", + .xof_size =3D 200, }, }; =20 @@ -6072,6 +6180,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f", + .xof =3D "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13" + "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" + "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" + "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f" + "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00" + "\xcb\x05\x01\x9d\x67\xb5\x92\xf6" + "\xfc\x82\x1c\x49\x47\x9a\xb4\x86" + "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe" + "\x14\x1e\x96\x61\x6f\xb1\x39\x57" + "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3" + "\xdc\x07\x22\x3c\x8e\x92\x93\x7b" + "\xef\x84\xbc\x0e\xab\x86\x28\x53" + "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7" + "\xc2\x77\x5c\x38\x46\x2c\x50\x10" + "\xd8\x46\xc1\x85\xc1\x51\x11\xe5" + "\x95\x52\x2a\x6b\xcd\x16\xcf\x86" + "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd" + "\x94\x3b\x6a\xec\x46\x8a\x2d\x62" + "\x1a\x7c\x06\xc6\xa9\x57\xc6\x2b" + "\x54\xda\xfc\x3b\xe8\x75\x67\xd6" + "\x77\x23\x13\x95\xf6\x14\x72\x93" + "\xb6\x8c\xea\xb7\xa9\xe0\xc5\x8d" + "\x86\x4e\x8e\xfd\xe4\xe1\xb9\xa4" + "\x6c\xbe\x85\x47\x13\x67\x2f\x5c" + "\xaa\xae\x31\x4e\xd9\x08\x3d\xab", + .xof_size =3D 200, }, { .plaintext =3D "a", .psize =3D 1, @@ -6079,6 +6213,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" "\xea\xaf\xca\x50\x25\x56\x26\xca" "\x73\x6c\x13\x80\x42\x53\x0b\xa4", + .xof =3D "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc" + "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" + "\xea\xaf\xca\x50\x25\x56\x26\xca" + "\x73\x6c\x13\x80\x42\x53\x0b\xa4" + "\x36\xb7\xb1\xec\x0e\x06\xa2\x79" + "\xbc\x79\x07\x33\xbb\x0a\xee\x6f" + "\xa8\x02\x68\x3c\x7b\x35\x50\x63" + "\xc4\x34\xe9\x11\x89\xb0\xc6\x51" + "\xd0\x92\xb0\x1e\x55\xce\x4d\x61" + "\x0b\x54\xa5\x46\x6d\x02\xf8\x8f" + "\xc3\x78\x09\x6f\xb0\xda\xd0\x25" + "\x48\x57\xfe\x1e\x63\x81\xab\xc0" + "\x4e\x07\xe3\x3d\x91\x69\x35\x93" + "\x56\x36\x00\x48\x96\xc5\xb1\x25" + "\x34\x64\xf1\xcb\x5e\xa7\x3b\x00" + "\x7b\xc5\x02\x8b\xbb\xea\x13\xeb" + "\xc2\x86\x68\xdb\xfc\x26\xb1\x24" + "\x0c\xe4\x23\x9f\x8d\x50\x62\x7d" + "\xda\xa0\x16\x41\xdf\xea\xa9\xd2" + "\xfe\xf0\x3d\xd0\x25\xe0\xb8\x2c" + "\xf0\x71\xfb\x9c\xa3\x23\x2c\x74" + "\x2d\x83\x6b\x3c\xbc\xc8\xc3\xcb" + "\xa5\xb0\x58\xb7\x67\x95\xc1\x77" + "\x01\x23\x14\x19\x6d\xc8\x22\x76" + "\x89\x91\xc0\xf1\x6f\x8a\x65\x5a", + .xof_size =3D 200, }, { .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" "jklmklmnlmnomnopnopq", @@ -6087,6 +6247,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13" "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1" "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29", + .xof =3D "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28" + "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13" + "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1" + "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29" + "\x40\xd8\x68\x8a\x4e\x6a\x59\xaa" + "\x80\x60\xf1\xf9\xbc\x99\x6c\x05" + "\xac\xa3\xc6\x96\xa8\xb6\x62\x79" + "\xdc\x67\x2c\x74\x0b\xb2\x24\xec" + "\x37\xa9\x2b\x65\xdb\x05\x39\xc0" + "\x20\x34\x55\xf5\x1d\x97\xcc\xe4" + "\xcf\xc4\x91\x27\xd7\x26\x0a\xfc" + "\x67\x3a\xf2\x08\xba\xf1\x9b\xe2" + "\x12\x33\xf3\xde\xbe\x78\xd0\x67" + "\x60\xcf\xa5\x51\xee\x1e\x07\x91" + "\x41\xd4\x9d\xd3\xef\x7e\x18\x2b" + "\x15\x24\xdf\x82\xea\x1c\xef\xe1" + "\xc6\xc3\x96\x61\x75\xf0\x22\x8d" + "\x35\x88\x7c\xd9\xf0\x9b\x05\x45" + "\x7f\x6d\x95\x2f\x9b\x3b\x32\x46" + "\x4e\x0b\x3c\x54\xdc\xc1\x3e\xfd" + "\xb4\xc5\x4e\x29\xcd\xb4\x08\x8f" + "\xaf\x48\x2c\xdd\xd0\xa5\xe6\xb8" + "\x22\xf5\xa8\x0d\x0c\xc7\x8d\x4c" + "\xc9\x01\x31\x90\x6f\xd5\x15\x9e" + "\xb5\x14\x2e\x15\x50\x24\xb6\x24", + .xof_size =3D 200, }, { .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -6221,6 +6407,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\xce\xdc\xc1\x02\x31\x6c\x0f\x19" "\x0a\xb2\x77\x24\xe7\x68\x71\x3b" "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c", + .xof =3D "\x24\xab\xec\xa1\x22\x05\x1c\xf3" + "\xce\xdc\xc1\x02\x31\x6c\x0f\x19" + "\x0a\xb2\x77\x24\xe7\x68\x71\x3b" + "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c" + "\x97\x76\xdc\x50\xda\xa5\x14\x5e" + "\xe6\xb9\x1e\xbc\x42\x1e\x8d\xd5" + "\xb5\xae\xe2\x77\x48\xde\x80\x1f" + "\x7a\x74\x30\x79\x86\xc8\x6f\x2e" + "\x90\x76\x07\xb3\xed\x74\xdf\x44" + "\xcc\x3b\x00\x64\xb4\xb1\xdc\x11" + "\xa8\xcf\xbf\x01\xfc\x21\x00\xac" + "\x2c\xa1\xea\xbd\x84\x1c\x84\xa2" + "\x6b\x02\x7a\x19\xb9\xbf\xbb\xc0" + "\x21\x71\x4b\xb2\xc0\x50\xa4\xe9" + "\xe1\x48\xd2\xca\x14\xcc\x3f\x65" + "\x87\x38\xc5\xfb\xc0\x03\x23\x64" + "\x65\x5d\xb8\xd1\x9d\xd6\xd4\x3a" + "\xeb\x57\xe7\x3c\x22\x17\xb6\x5a" + "\x8e\x4b\x73\xf4\x36\x4a\x36\x17" + "\x8c\xbe\x7d\x2b\x37\xaf\xde\xbc" + "\xc7\xe8\x52\x00\x90\x90\x0e\x3b" + "\x22\x6f\xa7\xec\x2f\x99\x6d\x32" + "\x36\x20\x12\x4d\x14\xa8\x7f\xc4" + "\x9e\xb5\x7f\x6b\xc6\xe9\xe2\x8e" + "\xd5\xc8\x25\xe6\xf1\x97\xbf\x76", + .xof_size =3D 200, }, }; =20 --=20 2.49.0