From nobody Wed Oct 8 09:06:00 2025 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A049D28C5C3; Mon, 30 Jun 2025 14:38:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294336; cv=none; b=sRKJU1f7T8jnPabHuVGJKriDQuFog4ZuHo0KdD7XqwjU7tXOAK8WYDAaXIgNs1O1zN2MYLtb5zaiLy+6ybZC7nEgCDa5KOE7/0+f/CgezHXl9enHw7h2p8wbWSS636d4ziSSJLLgV7kYEU2zm1ohL3e2o+R0df/tqENLdTGHGMo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294336; c=relaxed/simple; bh=YkpdTWyHs7BogwjbVOCLLOWPQw2lUFU7xGgB8Vz4XiI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hNdVhKMRdZFqtxlSemi93xCv71rba1pmFKyFISa2yFhybEl+BvCIREijxC2v97j9jxMg7sgtkNTykZU0abVRFAf5j5kP7Pa6ELlwmpII1Z/bCrO4jJUhBsNBjrWby/aerRU21FHV7OAxgY8mLIVwKQBoIRpt/RUWBDwAaKxa7X8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=HAyuKSw6; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="HAyuKSw6" Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55U8xoV4015498; Mon, 30 Jun 2025 14:38:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=FoXKg6Hji1p/ojTmp Vp6/rHsjyhOOpO76o2a912PFZE=; b=HAyuKSw6G1bEEBkwwq418GlX3dUv8m1BQ FtvhdX9W5/XPxD+8eAt8onoT17SQuNQCdp5cDonxcQabxSAONdSyV1Bl0aDJ4Qfu l6D/b4WvXFNWigI0Uy5vtWDZjsXGm/ypuUV5pT1EnldKKTUMGPJbjt7zSv1U2ooz RPCZ0WhLi0tDzc7W9nH1ARj5/AA6WCBHTmAf7tKDVQVcC+UTcuVZjoV3Dya/DJUu m7nZzKpYIsq5kRxJJzjTMR67K16BlXdGnGFyc9g82W9f1biDwOFgMuYvqMe9kDW7 vXIDKSIlhNOpAae+reTLHFpiCCBNOBQDSHS+XLqb+i1AINnF8mwow== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47j7wra05s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:45 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55UB733W021371; Mon, 30 Jun 2025 14:38:44 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 47jwe35yax-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:44 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55UEchip17105504 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 30 Jun 2025 14:38:43 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9503C58059; Mon, 30 Jun 2025 14:38:43 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D20B658058; Mon, 30 Jun 2025 14:38:42 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 30 Jun 2025 14:38:42 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [PATCH v2 1/4] crypto: Add squeeze function to shash_alg for support of XOFs Date: Mon, 30 Jun 2025 10:38:31 -0400 Message-ID: <20250630143834.2748285-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250630143834.2748285-1-stefanb@linux.ibm.com> References: <20250630143834.2748285-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=E/PNpbdl c=1 sm=1 tr=0 ts=6862a175 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=n-XTF91Upou305-BhzYA:9 X-Proofpoint-GUID: j1g4INO6doFYn94WUF0KCeDfofzljWv- X-Proofpoint-ORIG-GUID: j1g4INO6doFYn94WUF0KCeDfofzljWv- X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjMwMDExNyBTYWx0ZWRfX0JMMKHrpI+i8 tVnKZ1ZvwHlioFw74gQz98Y/wwo2WxNGCSzIkovOiE3USUS5svXsdc1VJB2Ds8cP+l5e90JXZFY Fg+Zgbe5O9Ek5bW/TueUub9HONcw05qJzbzxecKNnSs/eX0YyJKdwB5qBwkm0NrbzNAvwivlkJ6 A6T4bDmYOyhoU5mloEHh65ElpnbctdWrrkI+vpZI0xb/pr/r9OCqhLXsub0yUXig1TRBrmvqf50 GK1PkWsuCUtkXEjmPx9XNKOe32kAacgKBDSAizfNvCl62oCVFkRz1sMpxG1tIYYY9fML46Nlf+2 v5+wETc7nHAit1WNSx1Gk9l0v0V2kVE2/iPUJNGu7Vibe3vZG+2dT75gzhCUcfI/d7Ofd7Dewmd 6Srwx0PrIskTyiE+T35yoBqXOU/yu1vxaAgIj2DxrEcypPfQ/7TRUSsoBNMc+6xOLn09mBvD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-06-30_03,2025-06-27_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 bulkscore=0 priorityscore=1501 phishscore=0 suspectscore=0 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 clxscore=1015 adultscore=0 impostorscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506300117 Content-Type: text/plain; charset="utf-8" Add a squeeze function for support of shake128/256 XOFs. This function accepts a variable-length output buffer for the XOFs to return their data in. The 'final' parameter clears the state of an XOF and should only be set to 'true' when the last output is requested. Signed-off-by: Stefan Berger --- crypto/shash.c | 9 +++++++++ include/crypto/hash.h | 19 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/crypto/shash.c b/crypto/shash.c index 4721f5f134f4..12b3882e9a26 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -86,6 +86,15 @@ int crypto_shash_init(struct shash_desc *desc) } EXPORT_SYMBOL_GPL(crypto_shash_init); =20 +int crypto_shash_squeeze(struct shash_desc *desc, u8 *out, size_t outlen, + bool final) +{ + if (!crypto_shash_alg(desc->tfm)->squeeze) + return -EINVAL; + return crypto_shash_alg(desc->tfm)->squeeze(desc, out, outlen, final); +} +EXPORT_SYMBOL_GPL(crypto_shash_squeeze); + static int shash_default_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out) { diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 6f6b9de12cd3..36b88d34c0dd 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -209,6 +209,7 @@ struct shash_desc { * @final: see struct ahash_alg * @finup: see struct ahash_alg * @digest: see struct ahash_alg + * @squeeze: Get data from an XOF type of hash * @export: see struct ahash_alg * @import: see struct ahash_alg * @export_core: see struct ahash_alg @@ -241,6 +242,8 @@ struct shash_alg { unsigned int len, u8 *out); int (*digest)(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out); + int (*squeeze)(struct shash_desc *desc, u8 *out, size_t outlen, + bool final); int (*export)(struct shash_desc *desc, void *out); int (*import)(struct shash_desc *desc, const void *in); int (*export_core)(struct shash_desc *desc, void *out); @@ -1011,6 +1014,22 @@ static inline int crypto_shash_final(struct shash_de= sc *desc, u8 *out) return crypto_shash_finup(desc, NULL, 0, out); } =20 +/** + * crypto_shash_squeeze() - get xof message digest data + * @desc: operational state handle that is already filled with data + * @out: output buffer filled with the XOF message digest + * @outlen: number of bytes to get from the XOF + * @final: whether this is the final squeeze call + * + * Get message digest data from an extend output function (XOF) + * + * Context: Any context. + * Return: 0 if the data could be created successfully; < 0 if an error + * occurred + */ +int crypto_shash_squeeze(struct shash_desc *desc, u8 *out, size_t outlen, + bool final); + static inline void shash_desc_zero(struct shash_desc *desc) { memzero_explicit(desc, --=20 2.49.0 From nobody Wed Oct 8 09:06:00 2025 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DAD83257AF0; Mon, 30 Jun 2025 14:38:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294334; cv=none; b=cKTJOdG5w7vHgRl2jS6DKJhATnlu1hljzV3RLqhNaZbEwvbw3ciLkHM0ABwcO3UEeIHrs5IVhLtPBk7duteEW1Un8nbSx4LTi5ToZQCiLWrjYVuagHgpRS3KAg4Lply1zK7SlEy50iz2U3wVm4f8oBA45FPXBh748QQhSXmxNpM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294334; c=relaxed/simple; bh=H1eGsfDh2XvEyiDLmFiwfZKwF4b7/9liBP37HpQIPCs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=o58X5v+QcYIFnI8YDAYUTd4+UQV6go8OrbCRbsiHpNiDCJX3ysMKHGrrVmDNfyZq5rt+61S9vkpjp6RaXB+iD4QSEXQN2OXbkw4+vh7ZaC6bfA3wySmJ/QU6eMn62kqaMCqLIiQPQYKiH7rW9+yXIqTC+3BymJesCPFL3J95k40= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=im3lzhqG; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="im3lzhqG" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55UBTLdx012368; Mon, 30 Jun 2025 14:38:46 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=c1SmB9aoBUHSFNebQ ceGRLZxih19kgNxmRy29E7i8/Q=; b=im3lzhqGMxLzmiBzGlTPn6dywk4PpZ98A ycFd5eMsSeU/iWkn171VydXEfa1qark1aSA30xXbG2BVy+sTX+1pktP93du/4Zyt 41gNoz11ZvH7C5KCpDtMzrcRXo2zWrOn68TYPbapI8t0lPsbjA4p8QwMZqGiIyTH g9KrJCcY9cj9yUezNKGdmZrXSZmkQIf8Vh9+eovHOoPJwEI852PQCX348638OizA 4VlrCrx214fdPUTsK0PYEFwTdQuIzl8V3nxCEYcChELckWKcehyqKMK+8O53F18j XcZiS27+nM54/qxNCu4cx1FyiFUYBNEvdEpChGGBN9GIHDyxwfWuw== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47j82fhr65-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:46 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55UB733X021371; Mon, 30 Jun 2025 14:38:45 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 47jwe35yb0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:45 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55UEcisd43909396 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 30 Jun 2025 14:38:44 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7CB0258059; Mon, 30 Jun 2025 14:38:44 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B9A6158058; Mon, 30 Jun 2025 14:38:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 30 Jun 2025 14:38:43 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [PATCH v2 2/4] crypto: Add shake128/256 to generic sha3 module Date: Mon, 30 Jun 2025 10:38:32 -0400 Message-ID: <20250630143834.2748285-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250630143834.2748285-1-stefanb@linux.ibm.com> References: <20250630143834.2748285-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: eo-JcFUep7AhLykOG3knCDNuwIIDxXy7 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjMwMDExNyBTYWx0ZWRfXzze742ORF/hP gEq4q+elVWBhC9GAu9buFclzaY5miEG9dKhD/T3WmVWLwR8JV4DBL8wGAJ4JnjM4VHyT147m0qT SV4AQuvG9+WGKie+m4IZ1FizFudrtxRbhLddnoSH5kWgPVddCGNtJBK2B++pCIkjVAuSvDD4UON qCRNmsKUL5XDYnhRGvZO5iCHB2anAvlPrLvsL1p7y4cbzuJ0zau5dg+VeFSxOaIU1zZHNKjPmkH kRTo+DLq5QfMxzvXjo3c9jIFqRBEDfJOmvEqGchhSVCfTt3CB+DjGcIapibNX9S+yncHiFxFv+P QP23XzYbjLODiQhgumDpUO4Qoaj/pTX5/5mcfyYkw2zn5Rzi9+VlKHjIA2+GZzr6uTYCJVUEdqK vd615lAzTSvE8V78IQ7V8zuN5tEOyRdUlgea10Ed46eVNix55qmyBjI+s1uGVXs/hKBvlsdH X-Authority-Analysis: v=2.4 cv=LpeSymdc c=1 sm=1 tr=0 ts=6862a176 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=7PqV0hYhwxvHinq54jsA:9 X-Proofpoint-GUID: eo-JcFUep7AhLykOG3knCDNuwIIDxXy7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-06-30_03,2025-06-27_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 clxscore=1015 impostorscore=0 mlxscore=0 mlxlogscore=999 phishscore=0 suspectscore=0 malwarescore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506300117 Content-Type: text/plain; charset="utf-8" Extend the sha3 module with shake128 & shake256. For this, implement functions to get (squeeze) a number of bytes or blocks from the keccak sponge. A block here corresponds to the number of bytes available in the state buffer following a keccak permutation. On top of this functionality implement the general squeeze function that returns a requested number of bytes to the caller. Implement the 'final' function on top of the squeeze function. The 'final' function will always request a fixed number of bytes from the squeeze function and set the 'final' parameter to true, clearing the state of the hash as usual. Adjust the maximum hash description and block sizes due to shake128. Extend the arrays for supported hashes with entries for shake128 and shake256. Signed-off-by: Stefan Berger --- crypto/hash_info.c | 4 + crypto/sha3_generic.c | 238 +++++++++++++++++++++++++++++++++ include/crypto/algapi.h | 2 +- include/crypto/hash.h | 9 +- include/crypto/sha3.h | 19 +++ include/uapi/linux/hash_info.h | 2 + 6 files changed, 268 insertions(+), 6 deletions(-) diff --git a/crypto/hash_info.c b/crypto/hash_info.c index 9a467638c971..2e426be89463 100644 --- a/crypto/hash_info.c +++ b/crypto/hash_info.c @@ -32,6 +32,8 @@ const char *const hash_algo_name[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D "sha3-256", [HASH_ALGO_SHA3_384] =3D "sha3-384", [HASH_ALGO_SHA3_512] =3D "sha3-512", + [HASH_ALGO_SHAKE128] =3D "shake128", + [HASH_ALGO_SHAKE256] =3D "shake256", }; EXPORT_SYMBOL_GPL(hash_algo_name); =20 @@ -59,5 +61,7 @@ const int hash_digest_size[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D SHA3_256_DIGEST_SIZE, [HASH_ALGO_SHA3_384] =3D SHA3_384_DIGEST_SIZE, [HASH_ALGO_SHA3_512] =3D SHA3_512_DIGEST_SIZE, + [HASH_ALGO_SHAKE128] =3D SHAKE128_DIGEST_SIZE, + [HASH_ALGO_SHAKE256] =3D SHAKE256_DIGEST_SIZE, }; EXPORT_SYMBOL_GPL(hash_digest_size); diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c index 41d1e506e6de..f90484464afd 100644 --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c @@ -29,6 +29,8 @@ #define SHA3_INLINE noinline #endif =20 +#define DOMAIN_SEPARATOR_SHAKE 0x1F + #define KECCAK_ROUNDS 24 =20 static const u64 keccakf_rndc[24] =3D { @@ -218,6 +220,216 @@ static int crypto_sha3_finup(struct shash_desc *desc,= const u8 *src, return 0; } =20 +static int crypto_shake_init(struct shash_desc *desc) +{ + struct shake_state *sctx =3D shash_desc_ctx(desc); + unsigned int digest_size =3D crypto_shash_digestsize(desc->tfm); + + sctx->rsiz =3D 200 - 2 * digest_size; + sctx->rsizw =3D sctx->rsiz / 8; + sctx->partial =3D 0; + sctx->ridx =3D 0; + sctx->finalized =3D false; + sctx->permute =3D false; + memset(sctx->st, 0, sizeof(sctx->st)); + + return 0; +} + +static int crypto_shake_update(struct shash_desc *desc, const u8 *data, + unsigned int len) +{ + struct shake_state *sctx =3D shash_desc_ctx(desc); + unsigned int done; + const u8 *src; + + done =3D 0; + src =3D data; + + if ((sctx->partial + len) > (sctx->rsiz - 1)) { + if (sctx->partial) { + done =3D -sctx->partial; + memcpy(sctx->buf + sctx->partial, data, + done + sctx->rsiz); + src =3D sctx->buf; + } + + do { + unsigned int i; + + for (i =3D 0; i < sctx->rsizw; i++) + sctx->st[i] ^=3D get_unaligned_le64(src + 8 * i); + keccakf(sctx->st); + + done +=3D sctx->rsiz; + src =3D data + done; + } while (done + (sctx->rsiz - 1) < len); + + sctx->partial =3D 0; + } + memcpy(sctx->buf + sctx->partial, src, len - done); + sctx->partial +=3D (len - done); + + return 0; +} + +/* + * crypto_shake_squeeze_blocks - squeeze whole blocks + * + * @sctx: shake context + * @out: pointer to output buffer pointer + * @nblocks: number of whole blocks to return in @out + */ +static void crypto_shake_squeeze_blocks(struct shake_state *sctx, + u8 **out, size_t nblocks) +{ + __le64 *digest =3D (__le64 *)*out; + size_t i, j; + + for (i =3D 0; i < nblocks; i++) { + if (sctx->permute) + keccakf(sctx->st); + sctx->permute =3D true; + + for (j =3D 0; j < sctx->rsiz / 8; j++) + put_unaligned_le64(sctx->st[j], digest++); + } + *out =3D (u8 *)digest; +} + +/* + * crypto_shake_squeeze_bytes - squeeze arbitrary number of bytes + * + * @sctx: shake context + * @out: output buffer + * @n: number of bytes to return in @out + */ +static void crypto_shake_squeeze_bytes(struct shake_state *sctx, + u8 *out, size_t n) +{ + size_t i, j, to_copy, loops, nblocks; + __le64 *digest; + + if (sctx->permute) { + keccakf(sctx->st); + sctx->permute =3D false; + } + + while (n) { + to_copy =3D min(8 - (sctx->ridx & 7), n); + while (to_copy < 8) { + for (i =3D sctx->ridx; i < sctx->ridx + to_copy; i++) + *out++ =3D sctx->st[i / 8] >> 8 * (i & 7); + + sctx->ridx +=3D to_copy; + n -=3D to_copy; + if (sctx->ridx =3D=3D sctx->rsiz) { + sctx->ridx =3D 0; + if (n =3D=3D 0) { + sctx->permute =3D true; + return; + } + keccakf(sctx->st); + } + if (n =3D=3D 0) + return; + if (n >=3D 8) + break; + to_copy =3D n; + } + /* sctx->ridx is 8-byte aligned now */ + + if (sctx->ridx =3D=3D 0 && n >=3D sctx->rsiz) { + /* whole blocks */ + nblocks =3D n / sctx->rsiz; + crypto_shake_squeeze_blocks(sctx, &out, nblocks); + n -=3D nblocks * sctx->rsiz; + if (n =3D=3D 0) + return; + keccakf(sctx->st); + sctx->permute =3D false; + } + + to_copy =3D min(n, sctx->rsiz - sctx->ridx); + while (to_copy >=3D 8) { + loops =3D to_copy / 8; + + digest =3D (__le64 *)out; + + j =3D sctx->ridx / 8; + for (i =3D j; i < j + loops; i++) + put_unaligned_le64(sctx->st[i], digest++); + + sctx->ridx +=3D loops * 8; + n -=3D loops * 8; + if (sctx->ridx =3D=3D sctx->rsiz) { + sctx->ridx =3D 0; + if (n =3D=3D 0) { + sctx->permute =3D true; + return; + } + keccakf(sctx->st); + } + if (n =3D=3D 0) + return; + + out =3D (u8 *)digest; + if (n >=3D sctx->rsiz || n < 8) + break; + + to_copy =3D n; + } + } +} + +static void crypto_shake_finalize(struct shake_state *sctx, + u8 domsep) +{ + unsigned int inlen, i; + + if (sctx->finalized) + return; + + inlen =3D sctx->partial; + sctx->buf[inlen++] =3D domsep; + memset(sctx->buf + inlen, 0, sctx->rsiz - inlen); + sctx->buf[sctx->rsiz - 1] |=3D 0x80; + + for (i =3D 0; i < sctx->rsizw; i++) + sctx->st[i] ^=3D get_unaligned_le64(sctx->buf + 8 * i); + + sctx->finalized =3D true; + sctx->permute =3D true; +} + +static int crypto_shake_squeeze(struct shash_desc *desc, + u8 *out, size_t outlen, + bool final) +{ + struct shake_state *sctx =3D shash_desc_ctx(desc); + + if (!outlen) + goto done; + + if (!sctx->finalized) + crypto_shake_finalize(sctx, DOMAIN_SEPARATOR_SHAKE); + + crypto_shake_squeeze_bytes(sctx, out, outlen); +done: + if (final) + memset(sctx, 0, sizeof(*sctx)); + + return 0; +} + +static int crypto_shake_final(struct shash_desc *desc, u8 *out) +{ + unsigned int digest_size =3D crypto_shash_digestsize(desc->tfm); + + return crypto_shake_squeeze(desc, out, digest_size, true); +} + + static struct shash_alg algs[] =3D { { .digestsize =3D SHA3_224_DIGEST_SIZE, .init =3D crypto_sha3_init, @@ -262,6 +474,28 @@ static struct shash_alg algs[] =3D { { .base.cra_flags =3D CRYPTO_AHASH_ALG_BLOCK_ONLY, .base.cra_blocksize =3D SHA3_512_BLOCK_SIZE, .base.cra_module =3D THIS_MODULE, +}, { + .digestsize =3D SHAKE128_DIGEST_SIZE, + .init =3D crypto_shake_init, + .update =3D crypto_shake_update, + .final =3D crypto_shake_final, + .squeeze =3D crypto_shake_squeeze, + .descsize =3D sizeof(struct shake_state), + .base.cra_name =3D "shake128", + .base.cra_driver_name =3D "shake128-generic", + .base.cra_blocksize =3D SHAKE128_BLOCK_SIZE, + .base.cra_module =3D THIS_MODULE, +}, { + .digestsize =3D SHAKE256_DIGEST_SIZE, + .init =3D crypto_shake_init, + .update =3D crypto_shake_update, + .final =3D crypto_shake_final, + .squeeze =3D crypto_shake_squeeze, + .descsize =3D sizeof(struct shake_state), + .base.cra_name =3D "shake256", + .base.cra_driver_name =3D "shake256-generic", + .base.cra_blocksize =3D SHAKE256_BLOCK_SIZE, + .base.cra_module =3D THIS_MODULE, } }; =20 static int __init sha3_generic_mod_init(void) @@ -288,3 +522,7 @@ MODULE_ALIAS_CRYPTO("sha3-384"); MODULE_ALIAS_CRYPTO("sha3-384-generic"); MODULE_ALIAS_CRYPTO("sha3-512"); MODULE_ALIAS_CRYPTO("sha3-512-generic"); +MODULE_ALIAS_CRYPTO("shake128"); +MODULE_ALIAS_CRYPTO("shake128-generic"); +MODULE_ALIAS_CRYPTO("shake256"); +MODULE_ALIAS_CRYPTO("shake256-generic"); diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 188eface0a11..72c29dd1de9a 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -20,7 +20,7 @@ * static buffers that are big enough for any combination of * algs and architectures. Ciphers have a lower maximum size. */ -#define MAX_ALGAPI_BLOCKSIZE 160 +#define MAX_ALGAPI_BLOCKSIZE 168 /* shake128 */ #define MAX_ALGAPI_ALIGNMASK 127 #define MAX_CIPHER_BLOCKSIZE 16 #define MAX_CIPHER_ALIGNMASK 15 diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 36b88d34c0dd..a94763913acf 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -177,14 +177,13 @@ struct shash_desc { =20 #define HASH_MAX_DIGESTSIZE 64 =20 -/* Worst case is sha3-224. */ -#define HASH_MAX_STATESIZE 200 + 144 + 1 +/* Worst case is shake128 */ +#define HASH_MAX_STATESIZE 200 + 168 + 5 * 4 + 4 =20 /* - * Worst case is hmac(sha3-224-s390). Its context is a nested 'shash_desc' - * containing a 'struct s390_sha_ctx'. + * Worst case is shake128 */ -#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 360) +#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 384) #define MAX_SYNC_HASH_REQSIZE (sizeof(struct ahash_request) + \ HASH_MAX_DESCSIZE) =20 diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h index 41e1b83a6d91..cc393d06a8da 100644 --- a/include/crypto/sha3.h +++ b/include/crypto/sha3.h @@ -33,4 +33,23 @@ struct sha3_state { =20 int crypto_sha3_init(struct shash_desc *desc); =20 + +#define SHAKE128_DIGEST_SIZE (128 / 8) +#define SHAKE128_BLOCK_SIZE (200 - 2 * SHAKE128_DIGEST_SIZE) + +#define SHAKE256_DIGEST_SIZE (256 / 8) +#define SHAKE256_BLOCK_SIZE (200 - 2 * SHAKE256_DIGEST_SIZE) + +struct shake_state { + u64 st[25]; + unsigned int rsiz; + unsigned int rsizw; + + unsigned int partial; + u8 buf[SHAKE128_BLOCK_SIZE]; + bool finalized; + bool permute; + unsigned int ridx; +}; + #endif diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h index 0af23ec196d8..97af74326d31 100644 --- a/include/uapi/linux/hash_info.h +++ b/include/uapi/linux/hash_info.h @@ -38,6 +38,8 @@ enum hash_algo { HASH_ALGO_SHA3_256, HASH_ALGO_SHA3_384, HASH_ALGO_SHA3_512, + HASH_ALGO_SHAKE128, + HASH_ALGO_SHAKE256, HASH_ALGO__LAST }; =20 --=20 2.49.0 From nobody Wed Oct 8 09:06:00 2025 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC3C928D8DD; Mon, 30 Jun 2025 14:38:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294338; cv=none; b=dwmJDiKtsC7M74c9dlWdNjU/PHYrAhF+ekhy8c4AFGWocEY0p6RvvzbP9sPvslOV3V5ESDv4K0C1psWezS8/6+hJJCHIrfPVgb8BLtam9jlfMbKcQjdCEA49X+OrCHtlhDOSVFopyBv+l2dscieTwKMBsLUFFOcqN4sq6d7+d0M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294338; c=relaxed/simple; bh=3Dm2EvQRIR0T4Sf86i6v57leLVzU/HsxdjhmcBIpZdk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lU7txGhlo3gyoJfkyAoc02XIk7ufYT8+iNwdkQdnICzlNBLqjvUjcZKiOD2UNooS5I1RZ/5g78/aBzFW8o/fiHbOEfeK5XEf9PpHu+kzBNTJuRCfiPrvV1KXFZS7ox93ZNq9yPMwhiq8UNYSrJKy9JrGIr0BcCHCD9Wk/KQwouM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=LCvqCzMK; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="LCvqCzMK" Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55U7n3YK020638; Mon, 30 Jun 2025 14:38:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=VoTC4pOceLA2aFQDf FQXuB1pZ4YrvQB3uRkqqzXmIpk=; b=LCvqCzMKQjwIozdhoPHGKwa3A9QqYQhcJ BstAgCKe0Y2I5z/+zKIkHjjDP8dglch6Brk/fCJh10x6csh8CBEJimHtfjYGs9Ky cmbhfN4p+/XVL3WDpZKY9zr991eWq2NvGAtDpeMSB5XZi/CkzRtVnewQME1OufPM MKQw6pHXpgrdpiF8SKNjxixnX7uxobu05zfK2vCWJvkobwvKkMlcci9heHTRX+ky TrgtHfCMCda12pKlx0z9aL+gbXCDP8nFqNCBHSPUq5+PSihLFvdpmfhqhn2ixSWa wEPSnNF1EYS1I9TJZHKkVWkIeW5qd+1sCLXqI7jeN1pOiu7jyk06g== Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47j82fhr67-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:46 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55UB7KeH021398; Mon, 30 Jun 2025 14:38:46 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 47jwe35yb2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:46 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55UEcjni8258232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 30 Jun 2025 14:38:45 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6449D5805E; Mon, 30 Jun 2025 14:38:45 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A157158058; Mon, 30 Jun 2025 14:38:44 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 30 Jun 2025 14:38:44 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [PATCH v2 3/4] crypto: Add tests cases for shake128 & shake256 to testmgr Date: Mon, 30 Jun 2025 10:38:33 -0400 Message-ID: <20250630143834.2748285-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250630143834.2748285-1-stefanb@linux.ibm.com> References: <20250630143834.2748285-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: rQRTN4I-h6-35ng5qOCC9LUW1TaTMDPH X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjMwMDExNyBTYWx0ZWRfX4kvF1UuSVcul K48F2YmxK6qG/qfhsLV7r+vxgsiBHVt6melcTP09qsFQnAJtQirX4EuAywKE5Aw/j2PTJCcpbOM EnC0MjUiIao7PzlBAAjk3JVa53xnfY1sdQeJUFYmZGpYnVTg+aUPFrJzxzb5npF1EdIIZIR5Sde vEa+oDdLv6TA7n1oYN8ql4DVQPT50/Cb4bsCFlCF76T42XS914ayeXUuaeJjpNsRf8WguBunuNK 3KqPHVszIV5X5xLyCItGwyebVODgNMTX4NfpmSNBSpQr1yNoAy4oPo/DDQj7J03xXGKM1EUy+q1 FDYiwQon2A1kTV7Q1oCdPqelfC7RhelBqBaRMguZ035SOgsHckk3IWsLUGUoMe2blrwo+D4XVEw iRIogbpiyW6fQEU5Te1ir3ndHmTogIiev+zFn+qy8jMS8Vuch46i8DMpsVPmlLhbIvH8pWzH X-Authority-Analysis: v=2.4 cv=LpeSymdc c=1 sm=1 tr=0 ts=6862a177 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=xF6bd4FRdrIRRYsjWBcA:9 X-Proofpoint-GUID: rQRTN4I-h6-35ng5qOCC9LUW1TaTMDPH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-06-30_03,2025-06-27_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 clxscore=1015 impostorscore=0 mlxscore=0 mlxlogscore=723 phishscore=0 suspectscore=0 malwarescore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506300117 Content-Type: text/plain; charset="utf-8" Add test cases for shake128 & shake256 to the testmgr to test their hash creation. Signed-off-by: Stefan Berger --- crypto/testmgr.c | 14 +++ crypto/testmgr.h | 310 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 324 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 97190d9dcc0e..6bd67ca23bb1 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5525,6 +5525,20 @@ static const struct alg_test_desc alg_test_descs[] = =3D { .suite =3D { .hash =3D __VECS(sha512_tv_template) } + }, { + .alg =3D "shake128", + .test =3D alg_test_hash, + .fips_allowed =3D 1, + .suite =3D { + .hash =3D __VECS(shake128_tv_template) + } + }, { + .alg =3D "shake256", + .test =3D alg_test_hash, + .fips_allowed =3D 1, + .suite =3D { + .hash =3D __VECS(shake256_tv_template) + } }, { .alg =3D "sm3", .test =3D alg_test_hash, diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 32d099ac9e73..31e5918b761c 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -5914,6 +5914,316 @@ static const struct hash_testvec sha3_512_tv_templa= te[] =3D { }, }; =20 +static const struct hash_testvec shake128_tv_template[] =3D { + { + .plaintext =3D "", + .digest =3D "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" + "\x61\x60\x45\x50\x76\x05\x85\x3e", + }, { + .plaintext =3D "a", + .psize =3D 1, + .digest =3D "\x85\xc8\xde\x88\xd2\x88\x66\xbf" + "\x08\x68\x09\x0b\x39\x61\x16\x2b", + }, { + .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" + "jklmklmnlmnomnopnopq", + .psize =3D 56, + .digest =3D "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e" + "\x74\xe0\xa7\x07\x78\x8f\x55\xe9", + }, { + .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" + "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" + "\xec\x60\xf7\x8e\x02\x99\x30\xc7" + "\x3b\xd2\x69\x00\x74\x0b\xa2\x16" + "\xad\x44\xdb\x4f\xe6\x7d\x14\x88" + "\x1f\xb6\x2a\xc1\x58\xef\x63\xfa" + "\x91\x05\x9c\x33\xca\x3e\xd5\x6c" + "\x03\x77\x0e\xa5\x19\xb0\x47\xde" + "\x52\xe9\x80\x17\x8b\x22\xb9\x2d" + "\xc4\x5b\xf2\x66\xfd\x94\x08\x9f" + "\x36\xcd\x41\xd8\x6f\x06\x7a\x11" + "\xa8\x1c\xb3\x4a\xe1\x55\xec\x83" + "\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5" + "\x69\x00\x97\x0b\xa2\x39\xd0\x44" + "\xdb\x72\x09\x7d\x14\xab\x1f\xb6" + "\x4d\xe4\x58\xef\x86\x1d\x91\x28" + "\xbf\x33\xca\x61\xf8\x6c\x03\x9a" + "\x0e\xa5\x3c\xd3\x47\xde\x75\x0c" + "\x80\x17\xae\x22\xb9\x50\xe7\x5b" + "\xf2\x89\x20\x94\x2b\xc2\x36\xcd" + "\x64\xfb\x6f\x06\x9d\x11\xa8\x3f" + "\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1" + "\x25\xbc\x53\xea\x5e\xf5\x8c\x00" + "\x97\x2e\xc5\x39\xd0\x67\xfe\x72" + "\x09\xa0\x14\xab\x42\xd9\x4d\xe4" + "\x7b\x12\x86\x1d\xb4\x28\xbf\x56" + "\xed\x61\xf8\x8f\x03\x9a\x31\xc8" + "\x3c\xd3\x6a\x01\x75\x0c\xa3\x17" + "\xae\x45\xdc\x50\xe7\x7e\x15\x89" + "\x20\xb7\x2b\xc2\x59\xf0\x64\xfb" + "\x92\x06\x9d\x34\xcb\x3f\xd6\x6d" + "\x04\x78\x0f\xa6\x1a\xb1\x48\xdf" + "\x53\xea\x81\x18\x8c\x23\xba\x2e" + "\xc5\x5c\xf3\x67\xfe\x95\x09\xa0" + "\x37\xce\x42\xd9\x70\x07\x7b\x12" + "\xa9\x1d\xb4\x4b\xe2\x56\xed\x84" + "\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6" + "\x6a\x01\x98\x0c\xa3\x3a\xd1\x45" + "\xdc\x73\x0a\x7e\x15\xac\x20\xb7" + "\x4e\xe5\x59\xf0\x87\x1e\x92\x29" + "\xc0\x34\xcb\x62\xf9\x6d\x04\x9b" + "\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d" + "\x81\x18\xaf\x23\xba\x51\xe8\x5c" + "\xf3\x8a\x21\x95\x2c\xc3\x37\xce" + "\x65\xfc\x70\x07\x9e\x12\xa9\x40" + "\xd7\x4b\xe2\x79\x10\x84\x1b\xb2" + "\x26\xbd\x54\xeb\x5f\xf6\x8d\x01" + "\x98\x2f\xc6\x3a\xd1\x68\xff\x73" + "\x0a\xa1\x15\xac\x43\xda\x4e\xe5" + "\x7c\x13\x87\x1e\xb5\x29\xc0\x57" + "\xee\x62\xf9\x90\x04\x9b\x32\xc9" + "\x3d\xd4\x6b\x02\x76\x0d\xa4\x18" + "\xaf\x46\xdd\x51\xe8\x7f\x16\x8a" + "\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc" + "\x93\x07\x9e\x35\xcc\x40\xd7\x6e" + "\x05\x79\x10\xa7\x1b\xb2\x49\xe0" + "\x54\xeb\x82\x19\x8d\x24\xbb\x2f" + "\xc6\x5d\xf4\x68\xff\x96\x0a\xa1" + "\x38\xcf\x43\xda\x71\x08\x7c\x13" + "\xaa\x1e\xb5\x4c\xe3\x57\xee\x85" + "\x1c\x90\x27\xbe\x32\xc9\x60\xf7" + "\x6b\x02\x99\x0d\xa4\x3b\xd2\x46" + "\xdd\x74\x0b\x7f\x16\xad\x21\xb8" + "\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a" + "\xc1\x35\xcc\x63\xfa\x6e\x05\x9c" + "\x10\xa7\x3e\xd5\x49\xe0\x77\x0e" + "\x82\x19\xb0\x24\xbb\x52\xe9\x5d" + "\xf4\x8b\x22\x96\x2d\xc4\x38\xcf" + "\x66\xfd\x71\x08\x9f\x13\xaa\x41" + "\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3" + "\x27\xbe\x55\xec\x60\xf7\x8e\x02" + "\x99\x30\xc7\x3b\xd2\x69\x00\x74" + "\x0b\xa2\x16\xad\x44\xdb\x4f\xe6" + "\x7d\x14\x88\x1f\xb6\x2a\xc1\x58" + "\xef\x63\xfa\x91\x05\x9c\x33\xca" + "\x3e\xd5\x6c\x03\x77\x0e\xa5\x19" + "\xb0\x47\xde\x52\xe9\x80\x17\x8b" + "\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd" + "\x94\x08\x9f\x36\xcd\x41\xd8\x6f" + "\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1" + "\x55\xec\x83\x1a\x8e\x25\xbc\x30" + "\xc7\x5e\xf5\x69\x00\x97\x0b\xa2" + "\x39\xd0\x44\xdb\x72\x09\x7d\x14" + "\xab\x1f\xb6\x4d\xe4\x58\xef\x86" + "\x1d\x91\x28\xbf\x33\xca\x61\xf8" + "\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47" + "\xde\x75\x0c\x80\x17\xae\x22\xb9" + "\x50\xe7\x5b\xf2\x89\x20\x94\x2b" + "\xc2\x36\xcd\x64\xfb\x6f\x06\x9d" + "\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f" + "\x83\x1a\xb1\x25\xbc\x53\xea\x5e" + "\xf5\x8c\x00\x97\x2e\xc5\x39\xd0" + "\x67\xfe\x72\x09\xa0\x14\xab\x42" + "\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4" + "\x28\xbf\x56\xed\x61\xf8\x8f\x03" + "\x9a\x31\xc8\x3c\xd3\x6a\x01\x75" + "\x0c\xa3\x17\xae\x45\xdc\x50\xe7" + "\x7e\x15\x89\x20\xb7\x2b\xc2\x59" + "\xf0\x64\xfb\x92\x06\x9d\x34\xcb" + "\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a" + "\xb1\x48\xdf\x53\xea\x81\x18\x8c" + "\x23\xba\x2e\xc5\x5c\xf3\x67\xfe" + "\x95\x09\xa0\x37\xce\x42\xd9\x70" + "\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2" + "\x56\xed\x84\x1b\x8f\x26\xbd\x31" + "\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3" + "\x3a\xd1\x45\xdc\x73\x0a\x7e\x15" + "\xac\x20\xb7\x4e\xe5\x59\xf0\x87" + "\x1e\x92\x29\xc0\x34\xcb\x62\xf9" + "\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48" + "\xdf\x76\x0d\x81\x18\xaf\x23\xba" + "\x51\xe8\x5c\xf3\x8a\x21\x95\x2c" + "\xc3\x37\xce\x65\xfc\x70\x07\x9e" + "\x12\xa9\x40\xd7\x4b\xe2\x79\x10" + "\x84\x1b\xb2\x26\xbd\x54\xeb\x5f" + "\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1" + "\x68\xff\x73\x0a\xa1\x15\xac\x43" + "\xda\x4e\xe5\x7c\x13\x87\x1e\xb5" + "\x29\xc0\x57\xee\x62\xf9\x90\x04" + "\x9b\x32\xc9\x3d\xd4\x6b\x02\x76" + "\x0d\xa4\x18\xaf\x46\xdd\x51\xe8" + "\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a" + "\xf1\x65\xfc\x93\x07\x9e\x35\xcc" + "\x40\xd7\x6e\x05\x79\x10\xa7\x1b" + "\xb2\x49\xe0\x54\xeb\x82\x19\x8d" + "\x24\xbb\x2f\xc6\x5d\xf4\x68\xff" + "\x96\x0a\xa1\x38\xcf\x43\xda\x71" + "\x08\x7c\x13\xaa\x1e\xb5\x4c", + .psize =3D 1023, + .digest =3D "\x13\x0a\x5b\xcb\x83\x9f\x10\x89" + "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8", + }, +}; + +static const struct hash_testvec shake256_tv_template[] =3D { + { + .plaintext =3D "", + .digest =3D "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13" + "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" + "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" + "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f", + }, { + .plaintext =3D "a", + .psize =3D 1, + .digest =3D "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc" + "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" + "\xea\xaf\xca\x50\x25\x56\x26\xca" + "\x73\x6c\x13\x80\x42\x53\x0b\xa4", + }, { + .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" + "jklmklmnlmnomnopnopq", + .psize =3D 56, + .digest =3D "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28" + "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13" + "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1" + "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29", + }, { + .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" + "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" + "\xec\x60\xf7\x8e\x02\x99\x30\xc7" + "\x3b\xd2\x69\x00\x74\x0b\xa2\x16" + "\xad\x44\xdb\x4f\xe6\x7d\x14\x88" + "\x1f\xb6\x2a\xc1\x58\xef\x63\xfa" + "\x91\x05\x9c\x33\xca\x3e\xd5\x6c" + "\x03\x77\x0e\xa5\x19\xb0\x47\xde" + "\x52\xe9\x80\x17\x8b\x22\xb9\x2d" + "\xc4\x5b\xf2\x66\xfd\x94\x08\x9f" + "\x36\xcd\x41\xd8\x6f\x06\x7a\x11" + "\xa8\x1c\xb3\x4a\xe1\x55\xec\x83" + "\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5" + "\x69\x00\x97\x0b\xa2\x39\xd0\x44" + "\xdb\x72\x09\x7d\x14\xab\x1f\xb6" + "\x4d\xe4\x58\xef\x86\x1d\x91\x28" + "\xbf\x33\xca\x61\xf8\x6c\x03\x9a" + "\x0e\xa5\x3c\xd3\x47\xde\x75\x0c" + "\x80\x17\xae\x22\xb9\x50\xe7\x5b" + "\xf2\x89\x20\x94\x2b\xc2\x36\xcd" + "\x64\xfb\x6f\x06\x9d\x11\xa8\x3f" + "\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1" + "\x25\xbc\x53\xea\x5e\xf5\x8c\x00" + "\x97\x2e\xc5\x39\xd0\x67\xfe\x72" + "\x09\xa0\x14\xab\x42\xd9\x4d\xe4" + "\x7b\x12\x86\x1d\xb4\x28\xbf\x56" + "\xed\x61\xf8\x8f\x03\x9a\x31\xc8" + "\x3c\xd3\x6a\x01\x75\x0c\xa3\x17" + "\xae\x45\xdc\x50\xe7\x7e\x15\x89" + "\x20\xb7\x2b\xc2\x59\xf0\x64\xfb" + "\x92\x06\x9d\x34\xcb\x3f\xd6\x6d" + "\x04\x78\x0f\xa6\x1a\xb1\x48\xdf" + "\x53\xea\x81\x18\x8c\x23\xba\x2e" + "\xc5\x5c\xf3\x67\xfe\x95\x09\xa0" + "\x37\xce\x42\xd9\x70\x07\x7b\x12" + "\xa9\x1d\xb4\x4b\xe2\x56\xed\x84" + "\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6" + "\x6a\x01\x98\x0c\xa3\x3a\xd1\x45" + "\xdc\x73\x0a\x7e\x15\xac\x20\xb7" + "\x4e\xe5\x59\xf0\x87\x1e\x92\x29" + "\xc0\x34\xcb\x62\xf9\x6d\x04\x9b" + "\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d" + "\x81\x18\xaf\x23\xba\x51\xe8\x5c" + "\xf3\x8a\x21\x95\x2c\xc3\x37\xce" + "\x65\xfc\x70\x07\x9e\x12\xa9\x40" + "\xd7\x4b\xe2\x79\x10\x84\x1b\xb2" + "\x26\xbd\x54\xeb\x5f\xf6\x8d\x01" + "\x98\x2f\xc6\x3a\xd1\x68\xff\x73" + "\x0a\xa1\x15\xac\x43\xda\x4e\xe5" + "\x7c\x13\x87\x1e\xb5\x29\xc0\x57" + "\xee\x62\xf9\x90\x04\x9b\x32\xc9" + "\x3d\xd4\x6b\x02\x76\x0d\xa4\x18" + "\xaf\x46\xdd\x51\xe8\x7f\x16\x8a" + "\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc" + "\x93\x07\x9e\x35\xcc\x40\xd7\x6e" + "\x05\x79\x10\xa7\x1b\xb2\x49\xe0" + "\x54\xeb\x82\x19\x8d\x24\xbb\x2f" + "\xc6\x5d\xf4\x68\xff\x96\x0a\xa1" + "\x38\xcf\x43\xda\x71\x08\x7c\x13" + "\xaa\x1e\xb5\x4c\xe3\x57\xee\x85" + "\x1c\x90\x27\xbe\x32\xc9\x60\xf7" + "\x6b\x02\x99\x0d\xa4\x3b\xd2\x46" + "\xdd\x74\x0b\x7f\x16\xad\x21\xb8" + "\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a" + "\xc1\x35\xcc\x63\xfa\x6e\x05\x9c" + "\x10\xa7\x3e\xd5\x49\xe0\x77\x0e" + "\x82\x19\xb0\x24\xbb\x52\xe9\x5d" + "\xf4\x8b\x22\x96\x2d\xc4\x38\xcf" + "\x66\xfd\x71\x08\x9f\x13\xaa\x41" + "\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3" + "\x27\xbe\x55\xec\x60\xf7\x8e\x02" + "\x99\x30\xc7\x3b\xd2\x69\x00\x74" + "\x0b\xa2\x16\xad\x44\xdb\x4f\xe6" + "\x7d\x14\x88\x1f\xb6\x2a\xc1\x58" + "\xef\x63\xfa\x91\x05\x9c\x33\xca" + "\x3e\xd5\x6c\x03\x77\x0e\xa5\x19" + "\xb0\x47\xde\x52\xe9\x80\x17\x8b" + "\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd" + "\x94\x08\x9f\x36\xcd\x41\xd8\x6f" + "\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1" + "\x55\xec\x83\x1a\x8e\x25\xbc\x30" + "\xc7\x5e\xf5\x69\x00\x97\x0b\xa2" + "\x39\xd0\x44\xdb\x72\x09\x7d\x14" + "\xab\x1f\xb6\x4d\xe4\x58\xef\x86" + "\x1d\x91\x28\xbf\x33\xca\x61\xf8" + "\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47" + "\xde\x75\x0c\x80\x17\xae\x22\xb9" + "\x50\xe7\x5b\xf2\x89\x20\x94\x2b" + "\xc2\x36\xcd\x64\xfb\x6f\x06\x9d" + "\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f" + "\x83\x1a\xb1\x25\xbc\x53\xea\x5e" + "\xf5\x8c\x00\x97\x2e\xc5\x39\xd0" + "\x67\xfe\x72\x09\xa0\x14\xab\x42" + "\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4" + "\x28\xbf\x56\xed\x61\xf8\x8f\x03" + "\x9a\x31\xc8\x3c\xd3\x6a\x01\x75" + "\x0c\xa3\x17\xae\x45\xdc\x50\xe7" + "\x7e\x15\x89\x20\xb7\x2b\xc2\x59" + "\xf0\x64\xfb\x92\x06\x9d\x34\xcb" + "\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a" + "\xb1\x48\xdf\x53\xea\x81\x18\x8c" + "\x23\xba\x2e\xc5\x5c\xf3\x67\xfe" + "\x95\x09\xa0\x37\xce\x42\xd9\x70" + "\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2" + "\x56\xed\x84\x1b\x8f\x26\xbd\x31" + "\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3" + "\x3a\xd1\x45\xdc\x73\x0a\x7e\x15" + "\xac\x20\xb7\x4e\xe5\x59\xf0\x87" + "\x1e\x92\x29\xc0\x34\xcb\x62\xf9" + "\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48" + "\xdf\x76\x0d\x81\x18\xaf\x23\xba" + "\x51\xe8\x5c\xf3\x8a\x21\x95\x2c" + "\xc3\x37\xce\x65\xfc\x70\x07\x9e" + "\x12\xa9\x40\xd7\x4b\xe2\x79\x10" + "\x84\x1b\xb2\x26\xbd\x54\xeb\x5f" + "\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1" + "\x68\xff\x73\x0a\xa1\x15\xac\x43" + "\xda\x4e\xe5\x7c\x13\x87\x1e\xb5" + "\x29\xc0\x57\xee\x62\xf9\x90\x04" + "\x9b\x32\xc9\x3d\xd4\x6b\x02\x76" + "\x0d\xa4\x18\xaf\x46\xdd\x51\xe8" + "\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a" + "\xf1\x65\xfc\x93\x07\x9e\x35\xcc" + "\x40\xd7\x6e\x05\x79\x10\xa7\x1b" + "\xb2\x49\xe0\x54\xeb\x82\x19\x8d" + "\x24\xbb\x2f\xc6\x5d\xf4\x68\xff" + "\x96\x0a\xa1\x38\xcf\x43\xda\x71" + "\x08\x7c\x13\xaa\x1e\xb5\x4c", + .psize =3D 1023, + .digest =3D "\x24\xab\xec\xa1\x22\x05\x1c\xf3" + "\xce\xdc\xc1\x02\x31\x6c\x0f\x19" + "\x0a\xb2\x77\x24\xe7\x68\x71\x3b" + "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c", + }, +}; + =20 /* * MD5 test vectors from RFC1321 --=20 2.49.0 From nobody Wed Oct 8 09:06:00 2025 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C197F28C00E; Mon, 30 Jun 2025 14:38:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294335; cv=none; b=FCH8ukenA1YKMzz5KNKq0RMPsBPovwZHPnfIzNlC2HDm2RcWhHMmzSaXTOd2AvYYi+aTJzby+rRBIJyNAXXzaw0BPqJHj+VouKhZi/onv/MT/4rvgWehQi/TQzVCWZmKz6aB371jpvJKYY7YxaV8JlkhQ6iCEAbHA+p0JJAUdh0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294335; c=relaxed/simple; bh=8qKsfxSsoLyh/2BDo4Fd3Hyr17EhMn8oOGFj4k4m3Pg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jsOiH9R5Eoo2pCU76GGHZ3lom//MrdXwxIBRDyfvEiJR2q74pjQR8FMK2IYHIw5RyFQD5z+rxmZWOsac8BbwuAitHiZ0/YYOT8eYxQGXxbks2TZRU9RQrl+Ce6sv11Ax5GjzMfB5RZrTaTjgYXva7l237V3FyaFlYVNhE/xttoE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=KeOwcfDq; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="KeOwcfDq" Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55UEbODR014736; Mon, 30 Jun 2025 14:38:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=xd50X+qUFBeB+hplK /wCeGXtEfYcajqWchv313nvVhA=; b=KeOwcfDqZi15cqX9cuqGYpck4FmZ2oTL1 agdOycwLcITuamHKZ7FG8Fj5iYlw26kwXt9qZWkSCpywJ8TQjjmNjzv0wROQXsl3 1/okbZSCuQctf1At69urmv12zpVRSoEePldhRD4ZtIBDuPNuSEjH9RhxgNfrCXQp cz1E3LbxrzFxbe58UFV1xvzA71cDA0pJHoNyqpMM8LNkvsdVBxrg7SEVkrrlm78y 1oMZSM/LQzxFwTsDsLkGbi0RcaKjTXApBkr6z/yJcBKbxvJ64PTOLgkUTyg5a93X NkbT9FTPAMUfpeCdJeV8BYVgx/PjEV/ZPeCdYzIgrFKyTwpXBqNcA== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 47j84d1yrt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:48 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55UDWPTK021106; Mon, 30 Jun 2025 14:38:47 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 47jtqu6eja-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 30 Jun 2025 14:38:47 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55UEckNR32113168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 30 Jun 2025 14:38:46 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4CB2F58058; Mon, 30 Jun 2025 14:38:46 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8991158061; Mon, 30 Jun 2025 14:38:45 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 30 Jun 2025 14:38:45 +0000 (GMT) From: Stefan Berger To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, simo@redhat.com, Stefan Berger Subject: [PATCH v2 4/4] crypto: Extend testmgr with tests for shake128/256 XOFs Date: Mon, 30 Jun 2025 10:38:34 -0400 Message-ID: <20250630143834.2748285-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250630143834.2748285-1-stefanb@linux.ibm.com> References: <20250630143834.2748285-1-stefanb@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: HnbCaJfh9wcUqto864CG1TaxkKRHZOfp X-Proofpoint-GUID: HnbCaJfh9wcUqto864CG1TaxkKRHZOfp X-Authority-Analysis: v=2.4 cv=Ib6HWXqa c=1 sm=1 tr=0 ts=6862a178 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=RaegE9gVr3S12DfPD4oA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjMwMDExNyBTYWx0ZWRfX2aZ+1eB/yj9X BjN2w1iyfx7KIXzSmxw7S7z1YX5cnz02Jp1Z/vTJw1IoKKFPeZCMXqIeSnrcH6KuQHjPo2TIpXI izJD7RFfcEDF7ue+Ak/0FQzw2rG5y5YHV0RpwKNOPwHgyllc6HBxPaqL7oef0cTEz635Y+a68qv 74CVZP2RM4OrFQdAw5xLQstNpQ1NttBe0NLNpuNAmsZwJ7fKWCvoWQBcU7/T9C22NZyWSqacpZi sHPHZCFO6Tx0XpfnEk2zLCtmSyFZni17CqmQob/E3NhGJkv0PHeXv4Lv4hVnO3zJSO+5cRIV4sr RKIsulYHbjXC+t1QuUZ5ZFv7UWtygpPg149rKBNeBCGtouytsckohTb9YjintFJ66YypWAdneuV vB1GmId8tkwxS8GO2C/LSA0jJSjDBQzMfnv4InUNBnA/9Ve6nz+1WaLx70RwVMW/EXqI59/z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.7,FMLib:17.12.80.40 definitions=2025-06-30_03,2025-06-27_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 suspectscore=0 clxscore=1015 mlxlogscore=669 lowpriorityscore=0 impostorscore=0 mlxscore=0 malwarescore=0 spamscore=0 priorityscore=1501 adultscore=0 bulkscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506300117 Content-Type: text/plain; charset="utf-8" Extend the testmgr to run tests for XOFs where it squeezes a certain number of bytes in a first step and then a different number in subsequent steps to test for issues related to alignments and proper copying of bytes and blocks. The test case parameters have been chosen so that all loops and break statements within loops of the shake squeeze function are exercised. Add test case data for shake128 and shake256 XOFs. Signed-off-by: Stefan Berger --- crypto/testmgr.c | 56 +++++++++++++ crypto/testmgr.h | 212 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 268 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 6bd67ca23bb1..0123be9d8396 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1630,6 +1630,57 @@ static int test_ahash_vec_cfg(const struct hash_test= vec *vec, driver, cfg); } =20 +static int test_shash_xof(const struct hash_testvec *vec, + struct shash_desc *desc) +{ + struct shash_alg *alg =3D crypto_shash_alg(desc->tfm); + struct steps { + unsigned int first; + unsigned int other; + } steps[] =3D { + { .first =3D 0, .other =3D alg->base.cra_blocksize + 1, }, + { .first =3D alg->base.cra_blocksize - 1, .other =3D 10, }, + { .first =3D alg->base.cra_blocksize - 15, .other =3D 33, }, + }; + unsigned char *output =3D NULL, *tmp; + unsigned int offset, req; + int ret =3D 0; + size_t i; + + for (i =3D 0; i < ARRAY_SIZE(steps); i++) { + if (!vec->xof) + continue; + + tmp =3D krealloc(output, vec->xof_size, GFP_KERNEL); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); + output =3D tmp; + + crypto_shash_init(desc); + crypto_shash_update(desc, vec->plaintext, vec->psize); + crypto_shash_squeeze(desc, output, steps[i].first, false); + + offset =3D steps[i].first; + while (offset < vec->xof_size) { + req =3D steps[i].other; + if (offset + req > vec->xof_size) + req =3D vec->xof_size - offset; + crypto_shash_squeeze(desc, &output[offset], req, false); + offset +=3D req; + } + + if (memcmp(output, vec->xof, vec->xof_size) !=3D 0) { + pr_err("XOF output of %s is wrong! (steps: %d, %d)\n", + alg->base.cra_name, steps[i].first, + steps[i].other); + ret =3D -EINVAL; + } + } + kfree(output); + + return ret; +} + static int test_hash_vec_cfg(const struct hash_testvec *vec, const char *vec_name, const struct testvec_config *cfg, @@ -1966,6 +2017,11 @@ static int __alg_test_hash(const struct hash_testvec= *vecs, err =3D test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate); if (err) goto out; + if (desc && crypto_shash_alg(desc->tfm)->squeeze) { + err =3D test_shash_xof(&vecs[i], desc); + if (err) + return err; + } cond_resched(); } err =3D test_hash_vs_generic_impl(generic_driver, maxkeysize, req, diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 31e5918b761c..beee72598019 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -30,8 +30,10 @@ * @key: Pointer to key (NULL if none) * @plaintext: Pointer to source data * @digest: Pointer to expected digest + * @xof: Pointer to extended output * @psize: Length of source data in bytes * @ksize: Length of @key in bytes (0 if no key) + * @xof_size: Length of extended output * @setkey_error: Expected error from setkey() * @digest_error: Expected error from digest() * @fips_skip: Skip the test vector in FIPS mode @@ -40,8 +42,10 @@ struct hash_testvec { const char *key; const char *plaintext; const char *digest; + const char *xof; unsigned int psize; unsigned short ksize; + unsigned short xof_size; int setkey_error; int digest_error; bool fips_skip; @@ -5919,17 +5923,95 @@ static const struct hash_testvec shake128_tv_templa= te[] =3D { .plaintext =3D "", .digest =3D "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" "\x61\x60\x45\x50\x76\x05\x85\x3e", + .xof =3D "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" + "\x61\x60\x45\x50\x76\x05\x85\x3e" + "\xd7\x3b\x80\x93\xf6\xef\xbc\x88" + "\xeb\x1a\x6e\xac\xfa\x66\xef\x26" + "\x3c\xb1\xee\xa9\x88\x00\x4b\x93" + "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68" + "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63" + "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2" + "\x35\xb8\xcc\x87\x3c\x23\xdc\x62" + "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75" + "\xab\x91\x6a\x58\xd9\x74\x91\x88" + "\x35\xd2\x5e\x6a\x43\x50\x85\xb2" + "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5" + "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38" + "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc" + "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea" + "\x17\xcd\xa7\xcf\xad\x76\x5f\x56" + "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf" + "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f" + "\x16\x7a\x58\x0b\x14\xaa\xbd\xef" + "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9" + "\x76\x7b\xe1\xfd\xa6\x94\x19\xdf" + "\xb9\x27\xe9\xdf\x07\x34\x8b\x19" + "\x66\x91\xab\xae\xb5\x80\xb3\x2d" + "\xef\x58\x53\x8b\x8d\x23\xf8\x77", + .xof_size =3D 200, }, { .plaintext =3D "a", .psize =3D 1, .digest =3D "\x85\xc8\xde\x88\xd2\x88\x66\xbf" "\x08\x68\x09\x0b\x39\x61\x16\x2b", + .xof =3D "\x85\xc8\xde\x88\xd2\x88\x66\xbf" + "\x08\x68\x09\x0b\x39\x61\x16\x2b" + "\xf8\x23\x92\xf6\x90\xd9\xe4\x73" + "\x09\x10\xf4\xaf\x7c\x6a\xb3\xee" + "\x43\x54\xb4\x9c\xa7\x29\xeb\x35" + "\x6e\xe3\xf5\xb0\xfb\xd2\x9b\x66" + "\x76\x93\x83\xe5\xe4\x01\xb1\xf8" + "\x5e\x04\x4c\x92\xbb\x52\x31\xaa" + "\x4d\xee\x17\x99\xaf\x7a\x7c\xee" + "\x21\x3a\x23\xad\xcd\x03\xc4\x80" + "\x6c\x9a\x8b\x0d\x8a\x2e\xea\xd8" + "\xea\x7a\x61\x34\xc1\x3e\x52\x3c" + "\xcf\x93\xad\x39\xd2\x27\xd3\xe7" + "\xd0\x22\xd9\x65\x4f\x3b\x49\x41" + "\x37\x88\x75\x8a\x64\x17\xe4\x2d" + "\x41\x95\x7c\xb3\x0c\xf0\x4d\xa3" + "\x7f\x26\x89\x7c\x2c\xf2\xf8\x00" + "\x55\x84\x62\x93\xfd\xe0\x23\x31" + "\xcf\x4a\x26\x9a\xaf\x2d\x47\xeb" + "\x27\xab\xa0\xfa\xba\x4a\x67\x8e" + "\xc0\x02\xbc\x0d\x30\x64\xea\xd0" + "\xa3\xf2\xe0\xd8\xa7\xfa\x40\x4a" + "\xf5\x4e\xbf\x4f\x5b\x18\x35\x62" + "\xa8\xda\xd7\x3b\x9a\x55\xbf\x1c" + "\x06\x6e\x00\x07\xe7\xab\x8a\x89", + .xof_size =3D 200, }, { .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" "jklmklmnlmnomnopnopq", .psize =3D 56, .digest =3D "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e" "\x74\xe0\xa7\x07\x78\x8f\x55\xe9", + .xof =3D "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e" + "\x74\xe0\xa7\x07\x78\x8f\x55\xe9" + "\x82\x09\xb8\xd9\x1f\xad\xe8\xf3" + "\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5" + "\x4e\xe5\xf1\x95\x50\x82\x5a\x6e" + "\x07\x00\x30\x51\x9e\x94\x42\x63" + "\xac\x1c\x67\x65\x28\x70\x65\x62" + "\x1f\x9f\xcb\x32\x01\x72\x3e\x32" + "\x23\xb6\x3a\x46\xc2\x93\x8a\xa9" + "\x53\xba\x84\x01\xd0\xea\x77\xb8" + "\xd2\x64\x90\x77\x55\x66\x40\x7b" + "\x95\x67\x3c\x0f\x4c\xc1\xce\x9f" + "\xd9\x66\x14\x8d\x7e\xfd\xff\x26" + "\xbb\xf9\xf4\x8a\x21\xc6\xda\x35" + "\xbf\xaa\x54\x56\x54\xf7\x0a\xe5" + "\x86\xff\x10\x13\x14\x20\x77\x14" + "\x83\xec\x92\xed\xab\x40\x8c\x76" + "\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c" + "\x8c\xa2\x14\xd8\x4c\x4d\xc7\x00" + "\xd0\xc5\x06\x30\xb2\xff\xc3\x79" + "\x3e\xa4\xd8\x72\x58\xb4\xc9\x54" + "\x8c\x54\x85\xa5\xca\x66\x6e\xf7" + "\x3f\xbd\x81\x6d\x41\x8a\xea\x63" + "\x95\xb5\x03\xad\xdd\x9b\x15\x0f" + "\x9e\x06\x63\x32\x5f\x01\xe5\x51", + .xof_size =3D 200, }, { .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -6062,6 +6144,32 @@ static const struct hash_testvec shake128_tv_templat= e[] =3D { .psize =3D 1023, .digest =3D "\x13\x0a\x5b\xcb\x83\x9f\x10\x89" "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8", + .xof =3D "\x13\x0a\x5b\xcb\x83\x9f\x10\x89" + "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8" + "\xd1\xa1\x20\xeb\x55\x0a\x93\x04" + "\x9b\xe3\x14\x3c\x18\xd1\x7c\xa7" + "\xcd\xf3\x11\xe7\xe1\xcf\xaf\xbf" + "\x2e\x99\x8b\x4f\x5e\x0a\x13\x81" + "\x6e\x12\x36\x9e\x8e\x3a\xf6\x42" + "\xa1\x85\x4b\xda\xcf\x5a\x36\x65" + "\xe4\xea\x18\x3b\x19\x86\xf0\xd4" + "\xeb\x0f\x33\x98\xb5\x2b\xa7\x9b" + "\xba\x17\xd1\xd4\xc5\x5f\x0d\x8e" + "\x6c\xb0\xba\x4f\x94\x25\x29\x54" + "\xf8\x1d\x03\x14\xb7\xe5\x1e\xb2" + "\xf0\xe7\x0f\x32\x86\xfa\x13\x9f" + "\x60\x8d\x15\x03\x2d\x96\x2a\xa4" + "\x76\xf6\x49\x6c\x8a\x75\x7d\x79" + "\xa4\xcc\xcb\xe0\xf9\xbb\x7a\x80" + "\xc1\x20\x79\x32\x42\xe8\x0e\xd9" + "\x0f\x93\x0b\xaf\x56\x6e\x71\xc8" + "\x3f\xc3\x52\xe0\x4b\x4b\xbc\xf5" + "\x1f\xdf\xed\x88\xb8\x9d\x5a\x75" + "\x77\xa1\x59\x9b\x6a\x7c\x43\xe4" + "\x5b\x58\xaa\x84\x0a\x18\xb5\x37" + "\x3b\xda\xa8\xc9\x35\x76\x1b\x62" + "\x4f\x52\xc7\x42\x4e\x00\xb1\x46", + .xof_size =3D 200, }, }; =20 @@ -6072,6 +6180,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f", + .xof =3D "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13" + "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" + "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" + "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f" + "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00" + "\xcb\x05\x01\x9d\x67\xb5\x92\xf6" + "\xfc\x82\x1c\x49\x47\x9a\xb4\x86" + "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe" + "\x14\x1e\x96\x61\x6f\xb1\x39\x57" + "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3" + "\xdc\x07\x22\x3c\x8e\x92\x93\x7b" + "\xef\x84\xbc\x0e\xab\x86\x28\x53" + "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7" + "\xc2\x77\x5c\x38\x46\x2c\x50\x10" + "\xd8\x46\xc1\x85\xc1\x51\x11\xe5" + "\x95\x52\x2a\x6b\xcd\x16\xcf\x86" + "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd" + "\x94\x3b\x6a\xec\x46\x8a\x2d\x62" + "\x1a\x7c\x06\xc6\xa9\x57\xc6\x2b" + "\x54\xda\xfc\x3b\xe8\x75\x67\xd6" + "\x77\x23\x13\x95\xf6\x14\x72\x93" + "\xb6\x8c\xea\xb7\xa9\xe0\xc5\x8d" + "\x86\x4e\x8e\xfd\xe4\xe1\xb9\xa4" + "\x6c\xbe\x85\x47\x13\x67\x2f\x5c" + "\xaa\xae\x31\x4e\xd9\x08\x3d\xab", + .xof_size =3D 200, }, { .plaintext =3D "a", .psize =3D 1, @@ -6079,6 +6213,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" "\xea\xaf\xca\x50\x25\x56\x26\xca" "\x73\x6c\x13\x80\x42\x53\x0b\xa4", + .xof =3D "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc" + "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" + "\xea\xaf\xca\x50\x25\x56\x26\xca" + "\x73\x6c\x13\x80\x42\x53\x0b\xa4" + "\x36\xb7\xb1\xec\x0e\x06\xa2\x79" + "\xbc\x79\x07\x33\xbb\x0a\xee\x6f" + "\xa8\x02\x68\x3c\x7b\x35\x50\x63" + "\xc4\x34\xe9\x11\x89\xb0\xc6\x51" + "\xd0\x92\xb0\x1e\x55\xce\x4d\x61" + "\x0b\x54\xa5\x46\x6d\x02\xf8\x8f" + "\xc3\x78\x09\x6f\xb0\xda\xd0\x25" + "\x48\x57\xfe\x1e\x63\x81\xab\xc0" + "\x4e\x07\xe3\x3d\x91\x69\x35\x93" + "\x56\x36\x00\x48\x96\xc5\xb1\x25" + "\x34\x64\xf1\xcb\x5e\xa7\x3b\x00" + "\x7b\xc5\x02\x8b\xbb\xea\x13\xeb" + "\xc2\x86\x68\xdb\xfc\x26\xb1\x24" + "\x0c\xe4\x23\x9f\x8d\x50\x62\x7d" + "\xda\xa0\x16\x41\xdf\xea\xa9\xd2" + "\xfe\xf0\x3d\xd0\x25\xe0\xb8\x2c" + "\xf0\x71\xfb\x9c\xa3\x23\x2c\x74" + "\x2d\x83\x6b\x3c\xbc\xc8\xc3\xcb" + "\xa5\xb0\x58\xb7\x67\x95\xc1\x77" + "\x01\x23\x14\x19\x6d\xc8\x22\x76" + "\x89\x91\xc0\xf1\x6f\x8a\x65\x5a", + .xof_size =3D 200, }, { .plaintext =3D "abcdbcdecdefdefgefghfghighijhijkijkl" "jklmklmnlmnomnopnopq", @@ -6087,6 +6247,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13" "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1" "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29", + .xof =3D "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28" + "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13" + "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1" + "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29" + "\x40\xd8\x68\x8a\x4e\x6a\x59\xaa" + "\x80\x60\xf1\xf9\xbc\x99\x6c\x05" + "\xac\xa3\xc6\x96\xa8\xb6\x62\x79" + "\xdc\x67\x2c\x74\x0b\xb2\x24\xec" + "\x37\xa9\x2b\x65\xdb\x05\x39\xc0" + "\x20\x34\x55\xf5\x1d\x97\xcc\xe4" + "\xcf\xc4\x91\x27\xd7\x26\x0a\xfc" + "\x67\x3a\xf2\x08\xba\xf1\x9b\xe2" + "\x12\x33\xf3\xde\xbe\x78\xd0\x67" + "\x60\xcf\xa5\x51\xee\x1e\x07\x91" + "\x41\xd4\x9d\xd3\xef\x7e\x18\x2b" + "\x15\x24\xdf\x82\xea\x1c\xef\xe1" + "\xc6\xc3\x96\x61\x75\xf0\x22\x8d" + "\x35\x88\x7c\xd9\xf0\x9b\x05\x45" + "\x7f\x6d\x95\x2f\x9b\x3b\x32\x46" + "\x4e\x0b\x3c\x54\xdc\xc1\x3e\xfd" + "\xb4\xc5\x4e\x29\xcd\xb4\x08\x8f" + "\xaf\x48\x2c\xdd\xd0\xa5\xe6\xb8" + "\x22\xf5\xa8\x0d\x0c\xc7\x8d\x4c" + "\xc9\x01\x31\x90\x6f\xd5\x15\x9e" + "\xb5\x14\x2e\x15\x50\x24\xb6\x24", + .xof_size =3D 200, }, { .plaintext =3D "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -6221,6 +6407,32 @@ static const struct hash_testvec shake256_tv_templat= e[] =3D { "\xce\xdc\xc1\x02\x31\x6c\x0f\x19" "\x0a\xb2\x77\x24\xe7\x68\x71\x3b" "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c", + .xof =3D "\x24\xab\xec\xa1\x22\x05\x1c\xf3" + "\xce\xdc\xc1\x02\x31\x6c\x0f\x19" + "\x0a\xb2\x77\x24\xe7\x68\x71\x3b" + "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c" + "\x97\x76\xdc\x50\xda\xa5\x14\x5e" + "\xe6\xb9\x1e\xbc\x42\x1e\x8d\xd5" + "\xb5\xae\xe2\x77\x48\xde\x80\x1f" + "\x7a\x74\x30\x79\x86\xc8\x6f\x2e" + "\x90\x76\x07\xb3\xed\x74\xdf\x44" + "\xcc\x3b\x00\x64\xb4\xb1\xdc\x11" + "\xa8\xcf\xbf\x01\xfc\x21\x00\xac" + "\x2c\xa1\xea\xbd\x84\x1c\x84\xa2" + "\x6b\x02\x7a\x19\xb9\xbf\xbb\xc0" + "\x21\x71\x4b\xb2\xc0\x50\xa4\xe9" + "\xe1\x48\xd2\xca\x14\xcc\x3f\x65" + "\x87\x38\xc5\xfb\xc0\x03\x23\x64" + "\x65\x5d\xb8\xd1\x9d\xd6\xd4\x3a" + "\xeb\x57\xe7\x3c\x22\x17\xb6\x5a" + "\x8e\x4b\x73\xf4\x36\x4a\x36\x17" + "\x8c\xbe\x7d\x2b\x37\xaf\xde\xbc" + "\xc7\xe8\x52\x00\x90\x90\x0e\x3b" + "\x22\x6f\xa7\xec\x2f\x99\x6d\x32" + "\x36\x20\x12\x4d\x14\xa8\x7f\xc4" + "\x9e\xb5\x7f\x6b\xc6\xe9\xe2\x8e" + "\xd5\xc8\x25\xe6\xf1\x97\xbf\x76", + .xof_size =3D 200, }, }; =20 --=20 2.49.0