Browse Source

adding Keccak

master
bg 12 years ago
parent
commit
1b51cba0fd
  1. 4
      Doxyfile
  2. 99
      hfal_keccak.c
  3. 39
      hfal_keccak.h
  4. 266
      keccak/keccak.c
  5. 58
      keccak/keccak.h
  6. 66
      keccak/memxor.S
  7. 7
      keccak/memxor.h
  8. 12
      mkfiles/keccak_c.mk
  9. 270
      test_src/main-aes-test.c
  10. 120
      test_src/main-keccak-test.c
  11. 6
      test_src/shavs.c
  12. 22
      testconf/Keccak.conf
  13. 7
      testvectors/shavs/Keccak/ExtremelyLongMsgKAT_224.txt
  14. 7
      testvectors/shavs/Keccak/ExtremelyLongMsgKAT_256.txt
  15. 7
      testvectors/shavs/Keccak/ExtremelyLongMsgKAT_384.txt
  16. 7
      testvectors/shavs/Keccak/ExtremelyLongMsgKAT_512.txt
  17. 1543
      testvectors/shavs/Keccak/LongMsgKAT_224.txt
  18. 1543
      testvectors/shavs/Keccak/LongMsgKAT_256.txt
  19. 1543
      testvectors/shavs/Keccak/LongMsgKAT_384.txt
  20. 1543
      testvectors/shavs/Keccak/LongMsgKAT_512.txt
  21. 305
      testvectors/shavs/Keccak/MonteCarlo_224.txt
  22. 305
      testvectors/shavs/Keccak/MonteCarlo_256.txt
  23. 305
      testvectors/shavs/Keccak/MonteCarlo_384.txt
  24. 305
      testvectors/shavs/Keccak/MonteCarlo_512.txt
  25. 8195
      testvectors/shavs/Keccak/ShortMsgKAT_224.txt
  26. 8195
      testvectors/shavs/Keccak/ShortMsgKAT_256.txt
  27. 8195
      testvectors/shavs/Keccak/ShortMsgKAT_384.txt
  28. 8195
      testvectors/shavs/Keccak/ShortMsgKAT_512.txt

4
Doxyfile

@ -91,8 +91,8 @@ FILE_PATTERNS = *.h \
*.H++ \
RECURSIVE \
= \
NO
RECURSIVE = NO
YES
RECURSIVE = YES
EXCLUDE =
EXCLUDE_SYMLINKS = NO
EXCLUDE_PATTERNS = main-*

99
hfal_keccak.c

@ -0,0 +1,99 @@
/* hfal_keccak.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_keccak.c
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-09
* \license GPLv3 or later
*
*/
#include <avr/pgmspace.h>
#include <stdlib.h>
#include "hashfunction_descriptor.h"
#include "keccak.h"
static const char keccak224_str[] PROGMEM = "Keccak-224";
static const char keccak256_str[] PROGMEM = "keccak-256";
static const char keccak384_str[] PROGMEM = "Keccak-384";
static const char keccak512_str[] PROGMEM = "keccak-512";
const hfdesc_t keccak224_desc PROGMEM = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak224_str,
sizeof(keccak_ctx_t),
KECCAK224_BLOCKSIZE,
224,
(hf_init_fpt)keccak224_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak224_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t keccak256_desc PROGMEM = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak256_str,
sizeof(keccak_ctx_t),
KECCAK256_BLOCKSIZE,
256,
(hf_init_fpt)keccak256_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak256_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t keccak384_desc PROGMEM = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak384_str,
sizeof(keccak_ctx_t),
KECCAK384_BLOCKSIZE,
384,
(hf_init_fpt)keccak384_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak384_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};
const hfdesc_t keccak512_desc PROGMEM = {
HFDESC_TYPE_HASHFUNCTION,
0,
keccak512_str,
sizeof(keccak_ctx_t),
KECCAK512_BLOCKSIZE,
512,
(hf_init_fpt)keccak512_init,
(hf_nextBlock_fpt)keccak_nextBlock,
(hf_lastBlock_fpt)keccak_lastBlock,
(hf_ctx2hash_fpt)keccak512_ctx2hash,
(hf_free_fpt)NULL,
(hf_mem_fpt)NULL
};

39
hfal_keccak.h

@ -0,0 +1,39 @@
/* hfal_keccak.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file hfal_keccak.h
* \email daniel.otte@rub.de
* \author Daniel Otte
* \date 2010-02-09
* \license GPLv3 or later
*
*/
#ifndef HFAL_KECCAK_H_
#define HFAL_KECCAK_H_
#include <avr/pgmspace.h>
#include "hashfunction_descriptor.h"
extern const hfdesc_t keccak224_desc;
extern const hfdesc_t keccak256_desc;
extern const hfdesc_t keccak384_desc;
extern const hfdesc_t keccak512_desc;
#endif /* HFAL_KECCAK_H_ */

266
keccak/keccak.c

@ -0,0 +1,266 @@
/* keecak.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <avr/pgmspace.h>
#include "memxor.h"
#include "keccak.h"
#define W 64
#ifdef DEBUG
# undef DEBUG
#endif
#define DEBUG 1
#if DEBUG
#include "cli.h"
void keccak_dump_state(uint64_t a[5][5]){
uint8_t i,j;
for(i=0; i<5; ++i){
cli_putstr_P(PSTR("\r\n"));
cli_putc('0'+i);
cli_putstr_P(PSTR(": "));
for(j=0; j<5; ++j){
cli_hexdump_rev(&(a[i][j]), 8);
cli_putc(' ');
}
}
}
void keccak_dump_ctx(keccak_ctx_t* ctx){
keccak_dump_state(ctx->a);
cli_putstr_P(PSTR("\r\nDBG: r: "));
cli_hexdump_rev(&(ctx->r), 2);
cli_putstr_P(PSTR("\t c: "));
cli_hexdump_rev(&(ctx->c), 2);
cli_putstr_P(PSTR("\t d: "));
cli_hexdump(&(ctx->d), 1);
cli_putstr_P(PSTR("\t bs: "));
cli_hexdump(&(ctx->bs), 1);
}
#endif
#undef DEBUG
static uint64_t rc[] PROGMEM = {
0x0000000000000001LL, 0x0000000000008082LL,
0x800000000000808ALL, 0x8000000080008000LL,
0x000000000000808BLL, 0x0000000080000001LL,
0x8000000080008081LL, 0x8000000000008009LL,
0x000000000000008ALL, 0x0000000000000088LL,
0x0000000080008009LL, 0x000000008000000ALL,
0x000000008000808BLL, 0x800000000000008BLL,
0x8000000000008089LL, 0x8000000000008003LL,
0x8000000000008002LL, 0x8000000000000080LL,
0x000000000000800ALL, 0x800000008000000ALL,
0x8000000080008081LL, 0x8000000000008080LL,
0x0000000080000001LL, 0x8000000080008008LL
};
uint64_t rotl64(uint64_t a, uint8_t r){
return (a<<r)|(a>>(64-r));
}
static uint8_t r[5][5] PROGMEM = {
{ 0, 36, 3, 41, 18 },
{ 1, 44, 10, 45, 2 },
{ 62, 6, 43, 15, 61 },
{ 28, 55, 25, 21, 56 },
{ 27, 20, 39, 8, 14 }
};
void keccak_round(uint64_t a[5][5], uint8_t rci){
uint64_t c[5], d[5], b[5][5];
uint8_t i,j;
/* theta */
for(i=0; i<5; ++i){
c[i] = a[0][i] ^ a[1][i] ^ a[2][i] ^ a[3][i] ^ a[4][i];
}
for(i=0; i<5; ++i){
d[i] = c[(4+i)%5] ^ rotl64(c[(i+1)%5], 1);
}
for(i=0; i<5; ++i){
for(j=0; j<5; ++j){
a[j][i] ^= d[i];
}
}
#if DEBUG
cli_putstr_P(PSTR("\r\nAfter theta:"));
keccak_dump_state(a);
#endif
/* rho & pi */
for(i=0; i<5; ++i){
for(j=0; j<5; ++j){
b[(2*i+3*j)%5][j] = rotl64(a[j][i], pgm_read_byte(&(r[i][j])));
}
}
#if DEBUG
cli_putstr_P(PSTR("\r\n--- after rho & pi ---"));
keccak_dump_state(a);
#endif
/* chi */
for(i=0; i<5; ++i){
for(j=0; j<5; ++j){
a[j][i] = b[j][i] ^ ((~(b[j][(i+1)%5]))&(b[j][(i+2)%5]));
}
}
#if DEBUG
cli_putstr_P(PSTR("\r\nAfter chi:"));
keccak_dump_state(a);
#endif
/* iota */
uint64_t t;
memcpy_P(&t, &(rc[rci]), 8);
a[0][0] ^= t;
#if DEBUG
cli_putstr_P(PSTR("\r\nAfter iota:"));
keccak_dump_state(a);
#endif
}
void keccak_f1600(uint64_t a[5][5]){
uint8_t i=0;
do{
#if DEBUG
cli_putstr_P(PSTR("\r\n\r\n--- Round "));
cli_hexdump(&i, 1);
cli_putstr_P(PSTR(" ---"));
#endif
keccak_round(a, i);
}while(++i<24);
}
void keccak_nextBlock(keccak_ctx_t* ctx, const void* block){
memxor(ctx->a, block, ctx->bs);
keccak_f1600(ctx->a);
}
void keccak_lastBlock(keccak_ctx_t* ctx, const void* block, uint16_t length_b){
while(length_b>=ctx->r){
keccak_nextBlock(ctx, block);
block = (uint8_t*)block + ctx->bs;
length_b -= ctx->r;
}
uint8_t tmp[ctx->bs];
uint8_t pad[3];
memset(tmp, 0x00, ctx->bs);
memcpy(tmp, block, (length_b+7)/8);
/* appand 1 */
if(length_b&7){
/* we have some single bits */
uint8_t t;
t = tmp[length_b/8]>>(8-(length_b&7));
t |= 0x01<<(length_b&7);
tmp[length_b/8] = t;
}else{
tmp[length_b/8] = 0x01;
}
pad[0] = ctx->d;
pad[1] = ctx->bs;
pad[2] = 0x01;
if(length_b/8+1+3<ctx->bs){
memcpy(tmp+length_b/8+1, pad, 3);
}else{
if(length_b/8+1+2<ctx->bs){
memcpy(tmp+length_b/8+1, pad, 2);
keccak_nextBlock(ctx, tmp);
memset(tmp, 0x00, ctx->bs);
tmp[0]=0x01;
}else{
if(length_b/8+1+1<ctx->bs){
memcpy(tmp+length_b/8+1, pad, 1);
keccak_nextBlock(ctx, tmp);
memset(tmp, 0x00, ctx->bs);
tmp[0] = ctx->bs;
tmp[1] = 0x01;
}else{
keccak_nextBlock(ctx, tmp);
memset(tmp, 0x00, ctx->bs);
tmp[0] = ctx->d;
tmp[1] = ctx->bs;
tmp[2] = 0x01;
}
}
}
keccak_nextBlock(ctx, tmp);
keccak_dump_ctx(ctx);
}
void keccak_ctx2hash(void* dest, uint16_t length_b, keccak_ctx_t* ctx){
while(length_b>=ctx->r){
memcpy(dest, ctx->a, ctx->bs);
dest = (uint8_t*)dest + ctx->bs;
length_b -= ctx->r;
keccak_f1600(ctx->a);
}
memcpy(dest, ctx->a, (length_b+7)/8);
}
void keccak224_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 224, ctx);
}
void keccak256_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 256, ctx);
}
void keccak384_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 384, ctx);
}
void keccak512_ctx2hash(void* dest, keccak_ctx_t* ctx){
keccak_ctx2hash(dest, 512, ctx);
}
/*
1. SHA3-224: Keccak[r = 1152, c = 448, d = 28]224
2. SHA3-256: Keccak[r = 1088, c = 512, d = 32]256
3. SHA3-384: Keccak[r = 832, c = 768, d = 48]384
4. SHA3-512: Keccak[r = 576, c = 1024, d = 64]512
*/
void keccak_init(uint16_t r, uint16_t c, uint8_t d, keccak_ctx_t* ctx){
memset(ctx->a, 0x00, 5*5*8);
ctx->r = r;
ctx->c = c;
ctx->d = d;
ctx->bs = (uint8_t)(r/8);
}
void keccak224_init(keccak_ctx_t* ctx){
keccak_init(1152, 448, 28, ctx);
}
void keccak256_init(keccak_ctx_t* ctx){
keccak_init(1088, 512, 32, ctx);
}
void keccak384_init(keccak_ctx_t* ctx){
keccak_init( 832, 768, 48, ctx);
}
void keccak512_init(keccak_ctx_t* ctx){
keccak_init( 576, 1024, 64, ctx);
}

58
keccak/keccak.h

@ -0,0 +1,58 @@
/* keccak.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef KECCAK_H_
#define KECCAK_H_
#include <stdint.h>
#define KECCAK224_BLOCKSIZE 1152
#define KECCAK224_BLOCKSIZE_B (KECCAK224_BLOCKSIZE/8)
#define KECCAK256_BLOCKSIZE 1088
#define KECCAK256_BLOCKSIZE_B (KECCAK256_BLOCKSIZE/8)
#define KECCAK384_BLOCKSIZE 832
#define KECCAK384_BLOCKSIZE_B (KECCAK384_BLOCKSIZE/8)
#define KECCAK512_BLOCKSIZE 576
#define KECCAK512_BLOCKSIZE_B (KECCAK512_BLOCKSIZE/8)
typedef struct{
uint64_t a[5][5];
uint16_t r, c;
uint8_t d, bs;
} keccak_ctx_t;
void keccak_dump_ctx(keccak_ctx_t* ctx);
void keccak_init(uint16_t r, uint16_t c, uint8_t d, keccak_ctx_t* ctx);
void keccak224_init(keccak_ctx_t* ctx);
void keccak256_init(keccak_ctx_t* ctx);
void keccak384_init(keccak_ctx_t* ctx);
void keccak512_init(keccak_ctx_t* ctx);
void keccak_nextBlock(keccak_ctx_t* ctx, const void* block);
void keccak_lastBlock(keccak_ctx_t* ctx, const void* block, uint16_t length_b);
void keccak_ctx2hash(void* dest, uint16_t length_b, keccak_ctx_t* ctx);
void keccak224_ctx2hash(void* dest, keccak_ctx_t* ctx);
void keccak256_ctx2hash(void* dest, keccak_ctx_t* ctx);
void keccak384_ctx2hash(void* dest, keccak_ctx_t* ctx);
void keccak512_ctx2hash(void* dest, keccak_ctx_t* ctx);
#endif /* KECCAK_H_ */

66
keccak/memxor.S

@ -0,0 +1,66 @@
/* memxor.S */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* File: memxor.S
* Author: Daniel Otte
* Date: 2008-08-07
* License: GPLv3 or later
* Description: memxor, XORing one block into another
*
*/
/*
* void memxor(void* dest, const void* src, uint16_t n);
*/
/*
* param dest is passed in r24:r25
* param src is passed in r22:r23
* param n is passed in r20:r21
*/
.global memxor
memxor:
movw r30, r24
movw r26, r22
movw r24, r20
adiw r24, 0
breq 2f
1:
ld r20, X+
ld r21, Z
eor r20, r21
st Z+, r20
sbiw r24, 1
brne 1b
2:
ret

7
keccak/memxor.h

@ -0,0 +1,7 @@
#ifndef MEMXOR_H_
#define MEMXOR_H_
#include <stdint.h>
void memxor(void* dest, const void* src, uint16_t n);
#endif

12
mkfiles/keccak_c.mk

@ -0,0 +1,12 @@
# Makefile for BlueMidnightWish
ALGO_NAME := KECCAK_C
# comment out the following line for removement of BlueMidnightWish from the build process
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := keccak/
$(ALGO_NAME)_OBJ := keccak.o memxor.o
$(ALGO_NAME)_TEST_BIN := main-keccak-test.o hfal_keccak.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
$(ALGO_NAME)_PERFORMANCE_TEST := performance

270
test_src/main-aes-test.c

@ -527,157 +527,145 @@ void testrun_aes192_cmac0(void){
cli_hexdump_block(tag, 2, 4, 16);
bcal_cmac_free(&ctx);
}
/*
MSG:
KEY: 233952DEE4D5ED5F9B9C6D6FF80FF478
NONCE: 62EC67F9C3A4A407FCB2A8C49031A8B3
HEADER: 6BFB914FD07EAE6B
CIPHER: E037830E8389F27B025A2D6527E79D01
*/
void testrun_aes128_eax(void){
uint8_t key[16]= {
0x23, 0x39, 0x52, 0xDE, 0xE4, 0xD5, 0xED, 0x5F,
0x9B, 0x9C, 0x6D, 0x6F, 0xF8, 0x0F, 0xF4, 0x78
};
uint8_t nonce[16] = {
0x62, 0xEC, 0x67, 0xF9, 0xC3, 0xA4, 0xA4, 0x07,
0xFC, 0xB2, 0xA8, 0xC4, 0x90, 0x31, 0xA8, 0xB3
};
uint8_t header[8] = {
0x6B, 0xFB, 0x91, 0x4F, 0xD0, 0x7E, 0xAE, 0x6B
};
uint8_t tag[16];
bcal_eax_ctx_t ctx;
uint8_t r;
uint8_t eax_msg[] PROGMEM = {
0xF7, 0xFB,
0x1A, 0x47, 0xCB, 0x49, 0x33,
0x48, 0x1C, 0x9E, 0x39, 0xB1,
0x40, 0xD0, 0xC0, 0x7D, 0xA5, 0xE4,
0x4D, 0xE3, 0xB3, 0x5C, 0x3F, 0xC0, 0x39, 0x24, 0x5B, 0xD1, 0xFB, 0x7D,
0x8B, 0x0A, 0x79, 0x30, 0x6C, 0x9C, 0xE7, 0xED, 0x99, 0xDA, 0xE4, 0xF8, 0x7F, 0x8D, 0xD6, 0x16, 0x36,
0x1B, 0xDA, 0x12, 0x2B, 0xCE, 0x8A, 0x8D, 0xBA, 0xF1, 0x87, 0x7D, 0x96, 0x2B, 0x85, 0x92, 0xDD, 0x2D, 0x56,
0x6C, 0xF3, 0x67, 0x20, 0x87, 0x2B, 0x85, 0x13, 0xF6, 0xEA, 0xB1, 0xA8, 0xA4, 0x44, 0x38, 0xD5, 0xEF, 0x11,
0xCA, 0x40, 0xD7, 0x44, 0x6E, 0x54, 0x5F, 0xFA, 0xED, 0x3B, 0xD1, 0x2A, 0x74, 0x0A, 0x65, 0x9F, 0xFB, 0xBB, 0x3C, 0xEA, 0xB7
};
cli_putstr_P(PSTR("\r\n** AES128-EAX-TEST **"));
cli_putstr_P(PSTR("\r\n key: "));
cli_hexdump(key, 16);
cli_putstr_P(PSTR("\r\n nonce: "));
cli_hexdump(nonce, 16);
cli_putstr_P(PSTR("\r\n header: "));
cli_hexdump(header, 8);
r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
cli_putstr_P(PSTR("\r\n init = 0x"));
cli_hexdump(&r, 1);
if(r)
return;
bcal_eax_loadNonce(nonce, 16*8, &ctx);
bcal_eax_addLastHeader(header, 8*8, &ctx);
bcal_eax_encLastBlock(NULL, 0, &ctx);
bcal_eax_ctx2tag(tag, 128, &ctx);
cli_putstr_P(PSTR("\r\n tag: "));
cli_hexdump_block(tag, 16, 4, 16);
bcal_eax_free(&ctx);
}
/*
MSG: F7FB
KEY: 91945D3F4DCBEE0BF45EF52255F095A4
NONCE: BECAF043B0A23D843194BA972C66DEBD
HEADER: FA3BFD4806EB53FA
CIPHER:
*/
void testrun_aes128_eax2(void){
uint8_t key[16]= {
0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4,
};
uint8_t msg[2] = { 0xF7, 0xFB };
uint8_t nonce[16] = {
0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD,
};
uint8_t header[8] = {
0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA
};
uint8_t tag[16];
uint8_t eax_msg_len[] PROGMEM = {0, 2, 5, 5, 6, 12, 17, 18, 18, 21};
uint8_t eax_key[] PROGMEM = {
0x23, 0x39, 0x52, 0xDE, 0xE4, 0xD5, 0xED, 0x5F, 0x9B, 0x9C, 0x6D, 0x6F, 0xF8, 0x0F, 0xF4, 0x78,
0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4,
0x01, 0xF7, 0x4A, 0xD6, 0x40, 0x77, 0xF2, 0xE7, 0x04, 0xC0, 0xF6, 0x0A, 0xDA, 0x3D, 0xD5, 0x23,
0xD0, 0x7C, 0xF6, 0xCB, 0xB7, 0xF3, 0x13, 0xBD, 0xDE, 0x66, 0xB7, 0x27, 0xAF, 0xD3, 0xC5, 0xE8,
0x35, 0xB6, 0xD0, 0x58, 0x00, 0x05, 0xBB, 0xC1, 0x2B, 0x05, 0x87, 0x12, 0x45, 0x57, 0xD2, 0xC2,
0xBD, 0x8E, 0x6E, 0x11, 0x47, 0x5E, 0x60, 0xB2, 0x68, 0x78, 0x4C, 0x38, 0xC6, 0x2F, 0xEB, 0x22,
0x7C, 0x77, 0xD6, 0xE8, 0x13, 0xBE, 0xD5, 0xAC, 0x98, 0xBA, 0xA4, 0x17, 0x47, 0x7A, 0x2E, 0x7D,
0x5F, 0xFF, 0x20, 0xCA, 0xFA, 0xB1, 0x19, 0xCA, 0x2F, 0xC7, 0x35, 0x49, 0xE2, 0x0F, 0x5B, 0x0D,
0xA4, 0xA4, 0x78, 0x2B, 0xCF, 0xFD, 0x3E, 0xC5, 0xE7, 0xEF, 0x6D, 0x8C, 0x34, 0xA5, 0x61, 0x23,
0x83, 0x95, 0xFC, 0xF1, 0xE9, 0x5B, 0xEB, 0xD6, 0x97, 0xBD, 0x01, 0x0B, 0xC7, 0x66, 0xAA, 0xC3
};
bcal_eax_ctx_t ctx;
uint8_t r;
uint8_t eax_nonce[] PROGMEM = {
0x62, 0xEC, 0x67, 0xF9, 0xC3, 0xA4, 0xA4, 0x07, 0xFC, 0xB2, 0xA8, 0xC4, 0x90, 0x31, 0xA8, 0xB3,
0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD,
0x70, 0xC3, 0xDB, 0x4F, 0x0D, 0x26, 0x36, 0x84, 0x00, 0xA1, 0x0E, 0xD0, 0x5D, 0x2B, 0xFF, 0x5E,
0x84, 0x08, 0xDF, 0xFF, 0x3C, 0x1A, 0x2B, 0x12, 0x92, 0xDC, 0x19, 0x9E, 0x46, 0xB7, 0xD6, 0x17,
0xFD, 0xB6, 0xB0, 0x66, 0x76, 0xEE, 0xDC, 0x5C, 0x61, 0xD7, 0x42, 0x76, 0xE1, 0xF8, 0xE8, 0x16,
0x6E, 0xAC, 0x5C, 0x93, 0x07, 0x2D, 0x8E, 0x85, 0x13, 0xF7, 0x50, 0x93, 0x5E, 0x46, 0xDA, 0x1B,
0x1A, 0x8C, 0x98, 0xDC, 0xD7, 0x3D, 0x38, 0x39, 0x3B, 0x2B, 0xF1, 0x56, 0x9D, 0xEE, 0xFC, 0x19,
0xDD, 0xE5, 0x9B, 0x97, 0xD7, 0x22, 0x15, 0x6D, 0x4D, 0x9A, 0xFF, 0x2B, 0xC7, 0x55, 0x98, 0x26,
0xB7, 0x81, 0xFC, 0xF2, 0xF7, 0x5F, 0xA5, 0xA8, 0xDE, 0x97, 0xA9, 0xCA, 0x48, 0xE5, 0x22, 0xEC,
0x22, 0xE7, 0xAD, 0xD9, 0x3C, 0xFC, 0x63, 0x93, 0xC5, 0x7E, 0xC0, 0xB3, 0xC1, 0x7D, 0x6B, 0x44
};
uint8_t eax_header[] PROGMEM = {
0x6B, 0xFB, 0x91, 0x4F, 0xD0, 0x7E, 0xAE, 0x6B,
0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA,
0x23, 0x4A, 0x34, 0x63, 0xC1, 0x26, 0x4A, 0xC6,
0x33, 0xCC, 0xE2, 0xEA, 0xBF, 0xF5, 0xA7, 0x9D,
0xAE, 0xB9, 0x6E, 0xAE, 0xBE, 0x29, 0x70, 0xE9,
0xD4, 0x48, 0x2D, 0x1C, 0xA7, 0x8D, 0xCE, 0x0F,
0x65, 0xD2, 0x01, 0x79, 0x90, 0xD6, 0x25, 0x28,
0x54, 0xB9, 0xF0, 0x4E, 0x6A, 0x09, 0x18, 0x9A,
0x89, 0x9A, 0x17, 0x58, 0x97, 0x56, 0x1D, 0x7E,
0x12, 0x67, 0x35, 0xFC, 0xC3, 0x20, 0xD2, 0x5A
};
cli_putstr_P(PSTR("\r\n** AES128-EAX2-TEST **"));
uint8_t eax_cipher[] PROGMEM = {
0xE0, 0x37, 0x83, 0x0E, 0x83, 0x89, 0xF2, 0x7B, 0x02, 0x5A, 0x2D, 0x65, 0x27, 0xE7, 0x9D, 0x01,
0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 0x67, 0xE5,
0xD8, 0x51, 0xD5, 0xBA, 0xE0, 0x3A, 0x59, 0xF2, 0x38, 0xA2, 0x3E, 0x39, 0x19, 0x9D, 0xC9, 0x26, 0x66, 0x26, 0xC4, 0x0F, 0x80,
0x63, 0x2A, 0x9D, 0x13, 0x1A, 0xD4, 0xC1, 0x68, 0xA4, 0x22, 0x5D, 0x8E, 0x1F, 0xF7, 0x55, 0x93, 0x99, 0x74, 0xA7, 0xBE, 0xDE,
0x07, 0x1D, 0xFE, 0x16, 0xC6, 0x75, 0xCB, 0x06, 0x77, 0xE5, 0x36, 0xF7, 0x3A, 0xFE, 0x6A, 0x14, 0xB7, 0x4E, 0xE4, 0x98, 0x44, 0xDD,
0x83, 0x5B, 0xB4, 0xF1, 0x5D, 0x74, 0x3E, 0x35, 0x0E, 0x72, 0x84, 0x14, 0xAB, 0xB8, 0x64, 0x4F, 0xD6, 0xCC, 0xB8, 0x69, 0x47, 0xC5, 0xE1, 0x05, 0x90, 0x21, 0x0A, 0x4F,
0x02, 0x08, 0x3E, 0x39, 0x79, 0xDA, 0x01, 0x48, 0x12, 0xF5, 0x9F, 0x11, 0xD5, 0x26, 0x30, 0xDA, 0x30, 0x13, 0x73, 0x27, 0xD1, 0x06, 0x49, 0xB0, 0xAA, 0x6E, 0x1C, 0x18, 0x1D, 0xB6, 0x17, 0xD7, 0xF2,
0x2E, 0xC4, 0x7B, 0x2C, 0x49, 0x54, 0xA4, 0x89, 0xAF, 0xC7, 0xBA, 0x48, 0x97, 0xED, 0xCD, 0xAE, 0x8C, 0xC3, 0x3B, 0x60, 0x45, 0x05, 0x99, 0xBD, 0x02, 0xC9, 0x63, 0x82, 0x90, 0x2A, 0xEF, 0x7F, 0x83, 0x2A,
0x0D, 0xE1, 0x8F, 0xD0, 0xFD, 0xD9, 0x1E, 0x7A, 0xF1, 0x9F, 0x1D, 0x8E, 0xE8, 0x73, 0x39, 0x38, 0xB1, 0xE8, 0xE7, 0xF6, 0xD2, 0x23, 0x16, 0x18, 0x10, 0x2F, 0xDB, 0x7F, 0xE5, 0x5F, 0xF1, 0x99, 0x17, 0x00,
0xCB, 0x89, 0x20, 0xF8, 0x7A, 0x6C, 0x75, 0xCF, 0xF3, 0x96, 0x27, 0xB5, 0x6E, 0x3E, 0xD1, 0x97, 0xC5, 0x52, 0xD2, 0x95, 0xA7, 0xCF, 0xC4, 0x6A, 0xFC, 0x25, 0x3B, 0x46, 0x52, 0xB1, 0xAF, 0x37, 0x95, 0xB1, 0x24, 0xAB, 0x6E
};
cli_putstr_P(PSTR("\r\n key: "));
cli_hexdump(key, 16);
cli_putstr_P(PSTR("\r\n msg: "));
cli_hexdump(msg, 2);
cli_putstr_P(PSTR("\r\n nonce: "));
cli_hexdump(nonce, 16);
cli_putstr_P(PSTR("\r\n header: "));
cli_hexdump(header, 8);
r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
cli_putstr_P(PSTR("\r\n init = 0x"));
cli_hexdump(&r, 1);
if(r)
return;
bcal_eax_loadNonce(nonce, 16*8, &ctx);
bcal_eax_addLastHeader(header, 8*8, &ctx);
bcal_eax_encLastBlock(msg, 2*8, &ctx);
bcal_eax_ctx2tag(tag, 128, &ctx);
cli_putstr_P(PSTR("\r\n cipher: "));
cli_hexdump_block(msg, 2, 4, 16);
cli_putstr_P(PSTR("\r\n tag: "));
cli_hexdump_block(tag, 16, 4, 16);
bcal_eax_free(&ctx);
}
/*
MSG: 1A47CB4933
KEY: 01F74AD64077F2E704C0F60ADA3DD523
NONCE: 70C3DB4F0D26368400A10ED05D2BFF5E
HEADER: 234A3463C1264AC6
CIPHER:
*/
void testrun_aes128_eax3(void){
uint8_t key[16]= {
0x01, 0xF7, 0x4A, 0xD6, 0x40, 0x77, 0xF2, 0xE7,
0x04, 0xC0, 0xF6, 0x0A, 0xDA, 0x3D, 0xD5, 0x23
};
uint8_t msg[5] = {
0x1A, 0x47, 0xCB, 0x49, 0x33
};
uint8_t nonce[16] = {
0x70, 0xC3, 0xDB, 0x4F, 0x0D, 0x26, 0x36, 0x84,
0x00, 0xA1, 0x0E, 0xD0, 0x5D, 0x2B, 0xFF, 0x5E
};
uint8_t header[8] = {
0x23, 0x4A, 0x34, 0x63, 0xC1, 0x26, 0x4A, 0xC6
};
void testrun_aes128_eax(void){
uint8_t key[16];
uint8_t nonce[16];
uint8_t header[8];
uint8_t tag[16];
uint8_t msg[21];
uint8_t msg_len;
PGM_VOID_P msg_p;
PGM_VOID_P cipher_p;
uint8_t i, r;
bcal_eax_ctx_t ctx;
uint8_t r;
msg_p = eax_msg;
cipher_p = eax_cipher;
for(i=0; i<10; ++i){
cli_putstr_P(PSTR("\r\n\r\n** AES128-EAX-TEST #"));
cli_putc('0'+i);
cli_putstr_P(PSTR(" **"));
msg_len = pgm_read_byte(eax_msg_len+i);
memcpy_P(key, eax_key+16*i, 16);
memcpy_P(nonce, eax_nonce+16*i, 16);
memcpy_P(header, eax_header+8*i, 8);
memcpy_P(msg, msg_p, msg_len);
msg_p = (uint8_t*)msg_p+msg_len;
cli_putstr_P(PSTR("\r\n key: "));
cli_hexdump(key, 16);
cli_putstr_P(PSTR("\r\n msg: "));
if(msg_len){
cli_hexdump(msg, msg_len);
}
cli_putstr_P(PSTR("\r\n nonce: "));
cli_hexdump(nonce, 16);
cli_putstr_P(PSTR("\r\n header: "));
cli_hexdump(header, 8);
r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
cli_putstr_P(PSTR("\r\n init = 0x"));
cli_hexdump(&r, 1);
if(r)
return;
bcal_eax_loadNonce(nonce, 16*8, &ctx);
bcal_eax_addLastHeader(header, 8*8, &ctx);
bcal_eax_encLastBlock(msg, msg_len*8, &ctx);
bcal_eax_ctx2tag(tag, 128, &ctx);
cli_putstr_P(PSTR("\r\n** AES128-EAX3-TEST **"));
cli_putstr_P(PSTR("\r\n cipher: "));
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr_P(PSTR("\r\n key: "));
cli_hexdump(key, 16);
cli_putstr_P(PSTR("\r\n msg: "));
cli_hexdump(msg, 5);
cli_putstr_P(PSTR("\r\n nonce: "));
cli_hexdump(nonce, 16);
cli_putstr_P(PSTR("\r\n header: "));
cli_hexdump(header, 8);
r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
cli_putstr_P(PSTR("\r\n init = 0x"));
cli_hexdump(&r, 1);
if(r)
return;
bcal_eax_loadNonce(nonce, 16*8, &ctx);
bcal_eax_addLastHeader(header, 8*8, &ctx);
bcal_eax_encLastBlock(msg, 5*8, &ctx);
bcal_eax_ctx2tag(tag, 128, &ctx);
cli_putstr_P(PSTR("\r\n cipher: "));
cli_hexdump_block(msg, 5, 4, 16);
cli_putstr_P(PSTR("\r\n tag: "));
cli_hexdump_block(tag, 16, 4, 16);
bcal_eax_free(&ctx);
cli_putstr_P(PSTR("\r\n tag: "));
cli_hexdump_block(tag, 16, 4, 16);
if(memcmp_P(msg, cipher_p, msg_len)){
cli_putstr_P(PSTR("\r\n cipher: [fail]\r\n should: "));
memcpy_P(msg, cipher_p, msg_len);
cli_hexdump_block(msg, msg_len, 4, 16);
}else{
cli_putstr_P(PSTR("\r\n cipher: [pass]"));
}
cipher_p = ((uint8_t*)cipher_p)+msg_len;
// *
if(memcmp_P(tag, cipher_p, 16)){
cli_putstr_P(PSTR("\r\n tag: [fail]"));
}else{
cli_putstr_P(PSTR("\r\n tag: [pass]"));
}
cipher_p = ((uint8_t*)cipher_p)+16;
bcal_eax_free(&ctx);
}
}
/*****************************************************************************/
@ -823,8 +811,6 @@ const char testcmac_str[] PROGMEM = "testcmac";
const char testcmac72_str[] PROGMEM = "testcmac72";
const char testcmac0_str[] PROGMEM = "testcmac0";
const char testeax_str[] PROGMEM = "testeax";
const char testeax2_str[] PROGMEM = "testeax2";
const char testeax3_str[] PROGMEM = "testeax3";
const char cmacvs_list_str[] PROGMEM = "cmacvs_list";
const char cmacvs_set_str[] PROGMEM = "cmacvs_set";
const char cmacvs_test1_str[] PROGMEM = "cmacvs_test1";
@ -846,8 +832,6 @@ cmdlist_entry_t cmdlist[] PROGMEM = {
{ testcmac72_str, NULL, testrun_aes128_cmac72 },
{ testcmac0_str, NULL, testrun_aes192_cmac0 },
{ testeax_str, NULL, testrun_aes128_eax },
{ testeax2_str, NULL, testrun_aes128_eax2 },
{ testeax3_str, NULL, testrun_aes128_eax3 },
{ cmacvs_list_str, NULL, cmacvs_listalgos },
{ cmacvs_set_str, (void*)1, (void_fpt)cmacvs_setalgo },
{ cmacvs_test1_str, NULL, cmacvs_test1 },

120
test_src/main-keccak-test.c

@ -0,0 +1,120 @@
/* main-keccak-test.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* Keccak test-suit
*
*/
#include "config.h"
#include "uart_i.h"
#include "debug.h"
#include "keccak.h"
#include "cli.h"
#include "hfal_keccak.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
#include "hfal-nessie.h"
#include "hfal-performance.h"
#include "hfal-test.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
char* algo_name = "Keccak";
const hfdesc_t* algolist[] PROGMEM = {
(hfdesc_t*)&keccak224_desc,
(hfdesc_t*)&keccak256_desc,
(hfdesc_t*)&keccak384_desc,
(hfdesc_t*)&keccak512_desc,
NULL
};
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void test_256(void){
uint8_t data[] = {0x53, 0x58, 0x7B, 0xC8 };
uint8_t hash[32];
uint8_t null[KECCAK256_BLOCKSIZE_B];
memset(null, 0, KECCAK256_BLOCKSIZE_B);
keccak_ctx_t ctx;
keccak256_init(&ctx);
keccak_lastBlock(&ctx, data, 29);
keccak256_ctx2hash(hash, &ctx);
cli_putstr_P(PSTR("\r\n testhash: "));
cli_hexdump(hash, 32);
}
void performance_keccak(void){
hfal_performance_multiple(algolist);
}
void testrun_nessie_keccak(void){
hfal_nessie_multiple(algolist);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] PROGMEM = "nessie";
const char test256_str[] PROGMEM = "test256";
const char performance_str[] PROGMEM = "performance";
const char echo_str[] PROGMEM = "echo";
const char shavs_list_str[] PROGMEM = "shavs_list";
const char shavs_set_str[] PROGMEM = "shavs_set";
const char shavs_test1_str[] PROGMEM = "shavs_test1";
const char shavs_test3_str[] PROGMEM = "shavs_test3";
cmdlist_entry_t cmdlist[] PROGMEM = {
{ nessie_str, NULL, testrun_nessie_keccak },
{ performance_str, NULL, performance_keccak },
{ test256_str, NULL, test_256 },
{ shavs_list_str, NULL, shavs_listalgos },
{ shavs_set_str, (void*)1, (void_fpt)shavs_setalgo },
{ shavs_test1_str, NULL, shavs_test1 },
{ shavs_test3_str, NULL, shavs_test3 },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
int main (void){
DEBUG_INIT();
cli_rx = (cli_rx_fpt)uart0_getc;
cli_tx = (cli_tx_fpt)uart0_putc;
shavs_algolist=(hfdesc_t**)algolist;
shavs_algo=(hfdesc_t*)&keccak256_desc;
for(;;){
cli_putstr_P(PSTR("\r\n\r\nCrypto-VS ("));
cli_putstr(algo_name);
cli_putstr_P(PSTR("; "));
cli_putstr(__DATE__);
cli_putstr_P(PSTR(" "));
cli_putstr(__TIME__);
cli_putstr_P(PSTR(")\r\nloaded and running\r\n"));
cmd_interface(cmdlist);
}
}

6
test_src/shavs.c

@ -303,9 +303,11 @@ void shavs_test1(void){ /* KAT tests */
cli_putstr_P(PSTR("\r\n\t (temp) == "));
cli_hexdump_rev(&temp,2);
_delay_ms(500);
#endif
temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
#else
uint16_t temp=length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8);
/* cli_putstr_P(PSTR("\r\n\t (temp) == "));
#endif
/* cli_putstr_P(PSTR("\r\n\t (temp) == "));
cli_hexdump_rev(&temp,2); */
hfal_hash_lastBlock( &(shavs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
// length-(shavs_ctx.blocks)*((shavs_ctx.buffersize_B)*8));

22
testconf/Keccak.conf

@ -0,0 +1,22 @@
[Keccak-224]
algo=a
file_0=testvectors/shavs/Keccak/ShortMsgKAT_224.txt
file_1=testvectors/shavs/Keccak/LongMsgKAT_224.txt
[Keccak-256]
algo=b
file_0=testvectors/shavs/Keccak/ShortMsgKAT_256.txt
file_1=testvectors/shavs/Keccak/LongMsgKAT_256.txt
[Keccak-384]
algo=c
file_0=testvectors/shavs/Keccak/ShortMsgKAT_384.txt
file_1=testvectors/shavs/Keccak/LongMsgKAT_384.txt
[Keccak-512]
algo=d
file_0=testvectors/shavs/Keccak/ShortMsgKAT_512.txt
file_1=testvectors/shavs/Keccak/LongMsgKAT_512.txt

7
testvectors/shavs/Keccak/ExtremelyLongMsgKAT_224.txt

@ -0,0 +1,7 @@
# ExtremelyLongMsgKAT_224.txt
# Algorithm Name: Keccak
# Principal Submitter: The Keccak Team (Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche)
Repeat = 16777216
Text = abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno
MD = AB17D18D23C633D3E597D3377E3C129DB8C856D735C95A3C31EAA660

7
testvectors/shavs/Keccak/ExtremelyLongMsgKAT_256.txt

@ -0,0 +1,7 @@
# ExtremelyLongMsgKAT_256.txt
# Algorithm Name: Keccak
# Principal Submitter: The Keccak Team (Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche)
Repeat = 16777216
Text = abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno
MD = 869C73CA3D81ECFD5EF69DBCC94DC9B76B6E3FBF6388B589D98D6809747DE0E6

7
testvectors/shavs/Keccak/ExtremelyLongMsgKAT_384.txt

@ -0,0 +1,7 @@
# ExtremelyLongMsgKAT_384.txt
# Algorithm Name: Keccak
# Principal Submitter: The Keccak Team (Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche)
Repeat = 16777216
Text = abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno
MD = CEF802CC242D16607E5777A476AAC9E9F5EF2EC2FA031FA93DF07F6DCD9D9C2A00C93F673EEE78B8257D1DC46D275474

7
testvectors/shavs/Keccak/ExtremelyLongMsgKAT_512.txt

@ -0,0 +1,7 @@
# ExtremelyLongMsgKAT_512.txt
# Algorithm Name: Keccak
# Principal Submitter: The Keccak Team (Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche)
Repeat = 16777216
Text = abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno
MD = 0F22A97E694C2032BD698E63FAB13E741CE68BE656C00AA44EA27DCC98AEA05EAE18C903BB3A0FAA4745AA596FF6EEDBF7A94F22FB350911DC809CE8BD0F5F2E

1543
testvectors/shavs/Keccak/LongMsgKAT_224.txt

File diff suppressed because one or more lines are too long

1543
testvectors/shavs/Keccak/LongMsgKAT_256.txt

File diff suppressed because one or more lines are too long

1543
testvectors/shavs/Keccak/LongMsgKAT_384.txt

File diff suppressed because one or more lines are too long

1543
testvectors/shavs/Keccak/LongMsgKAT_512.txt

File diff suppressed because one or more lines are too long

305
testvectors/shavs/Keccak/MonteCarlo_224.txt

@ -0,0 +1,305 @@
# MonteCarlo_224.txt
# Algorithm Name: Keccak
# Principal Submitter: The Keccak Team (Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche)
Seed = 6CD4C0C5CB2CA2A0F1D1AECEBAC03B52E64EA03D1A1654372936545B92BBC5484A59DB74BB60F9C40CEB1A5AA35A6FAFE80349E14C253A4E8B1D77612DDD81ACE926AE8B0AF6E53176DBFFCC2A6B88C6BD765F939D3D178A9BDE9EF3AA131C61E31C1E42CDFAF4B4DCDE579A37E150EFBEF5555B4C1CB40439D835A724E2FAE7
j = 0
MD = EF114D0B5E3AC3647945102C60482609B743C740CCE6F8801A4E1AB6
j = 1
MD = 55680F182C7500A1AF83C2BE5E6F54D4541D41086EBC7C485B710AD1
j = 2
MD = 42D93C7C36577C96B942054A28B58688764565C3FE750DD1776CD1F5
j = 3
MD = 2CA4859C90458D68442321696601D41FE98D013D1B194D9BE70C8184
j = 4
MD = 2C5BE0876AEB9C02267D4E90D350812E2C113EE792804703F9D360C0
j = 5
MD = 5014F473F6B47B191D843314AFEDC465B4A857869AB0A85A9A848894
j = 6
MD = 9A7C868F2796C4CE177AA966280B7D56E02BA74A2A69A477A2509F1E
j = 7
MD = 0C603525BAD1FE46CA58568A4C403B6DC22C8C96C19B0DED8F9638B7
j = 8
MD = 32C0D83F1986BB2C605ADCA353AB43EE7D959E8A70B8A698B3B680FB
j = 9
MD = C4AC375B3361F3553FAF9E008AF42CA879F0352560ADC451BE8F8916
j = 10
MD = 5349B1BA3689A5080BA994A1755F51668E43A4F6ACB01528C38278E1
j = 11
MD = 4B49B34ABFA8A77FA0F7A6DE3F8565BF5CA55C857729C1089D70A2E0
j = 12
MD = 6B10618C610C124BA6ED80DBD75814F8FC1E3B1F0396B4F710E8A838
j = 13
MD = B7A97FE26FD68AF0CBADB3659B7DC6B375F6403923ADF382B0DF3D46
j = 14
MD = 8E91D1AE196B5CC3E73191A6063733AE230F2346A5B00A9C8E00C9D6
j = 15
MD = 4FFF5C95A0F8B7B2D3EFCAC8487D229FD7D51985A98D29A329865536
j = 16
MD = 35F512258778BF108356794C9A97C676730D2FC5FA0ED46253DCB76B
j = 17
MD = 290EEBA37BFAC2283875D65C36609A855795DDA376A5B4B1798B1D96
j = 18
MD = 2D9CA70A43C7D27F51E5BBDC8FAAC928E262A572E37A7846E7D61768
j = 19
MD = C5F2EBDB854DDCB78C694745616BBF30ECFD4E63087EBDD1A4914A56
j = 20
MD = 3B77D25CA9169D56578054B8F76D0AD7C788D91D0BCCAA2C2CF407ED
j = 21
MD = 9F266D5284AB662A86AD71A7F22C04C176077497D5FBC7CD35590D3C
j = 22
MD = ECFA12BAB77FDC8F2398F0863BF2B4BDD406B1022E94719578D6B1A4
j = 23
MD = A3D252C96F522CB5C17A02FABD1322B0EC25A78F18174F16B8DB1332
j = 24
MD = 20DB47420D353EEEDB605D67639BA8D69E73D1530C4F06431F197736
j = 25
MD = 556EDEA803D20FCFBB0FD5896B1564A6CE3C293424F2F6E3BAA5ECD4
j = 26
MD = C7230F67B656CCE6F7CD482A0ECF673C35BE26088094714CF3868572
j = 27
MD = 812A152E65A4683B8BED04F56BF21E06A36FC8195651F4A553FA81AA
j = 28
MD = B36557813DF04B296DBB54091E18841A674A067B7DB9F81130D6B041
j = 29
MD = 781EBDEE2A98851F4AF2BA8D73E40934DEF046F4174F105A9988F8B6
j = 30
MD = 11FE19F8037BBC360BC5E681ABB5008D8A3F40BA4EFFEC4E3C32743D
j = 31
MD = E7D8C6C29ED8E1DC952ADBEFB7BB9E8F5DB74C5783289630D467A96D
j = 32
MD = 9F1C982F587517AB40B2B9514A9CD3F5F7BE2FEA34A0F8C7AAE5365E
j = 33
MD = 246FFB8618864676B120F111C78272CAEB0C7E42C64D321638C858D5
j = 34
MD = 0FA3D2821C0169F5F91148D0885E87E7D2DC8472F964ECBADD1F8DAC
j = 35
MD = 1D1F1E192280216E30224A4669F811CD0C8CC4280555CDAD23EB9FAF
j = 36
MD = A485C1D1F88CAEABF37F46F9BD81895AEC1D37234B89F5156C3A2BDE
j = 37
MD = B64BEBE966A50DAB91566410B3E455BE7F3257D724B21FF624142DE9
j = 38
MD = 7CCA9A3B46BC0C7FD00B2429CA77F795DA90F854027A39CD2AADC780
j = 39
MD = 5712A54074E2B3B0E8993CB34D01828878C0310DB436B36B64756A24
j = 40
MD = 5429020509599166384530ED4FC02B70D909CC7069C35AA04F5AB586
j = 41
MD = 198ECCAB56DED0AEBA7F39FF5153DDF83643E6AFC1B7CC9E7D4C4D62
j = 42
MD = 1106FB9CD966BA7FE48B69EF7690175D906B8181169C6D4D2464F9E4
j = 43
MD = CEAF56E1F7B61C71C6A8FD816383D88B3676CA309E36775E38193805
j = 44
MD = C820FF379CDD76FB5CEDA9F970CD68BAF8228DE00C57FDEB143E888B
j = 45
MD = 81AA65F26EB4E49F0F73CFE23C86A277C9A8C8A21F8DB2EC57AE3EF6
j = 46
MD = FDA21077569F91F50A82C1132DC48550BCC7AFC882C639F9329D64BF
j = 47
MD = 0C1F6EB3347B31654191277FC93A1A269BD9C5722AC384768AEE9E88
j = 48
MD = 613EF6BC627734C13A753918FD0CC048F8E430E2EE4AD2C186784D2F
j = 49
MD = A490FA9FA1A78FB0F3C65558196253E047362ACC5D9C009D978B672F
j = 50
MD = 94106054A666B6A531A873B3C4DFC6BDF1BD08D00C3A3AA309E68AB5
j = 51
MD = 60F937C760E743919AEE5A4D42B885595D4A989BDC2CDD6755872CE8
j = 52
MD = EBDB70A35D03D46657F47885095AA2FB1FB8DBAC64343E4F31CEB0F0
j = 53
MD = 6AA424A2AD297DA1FA9FE6B9B23AF9D7431EBA34CB5A42797FB30D20
j = 54
MD = 0455B13802E37589CF563458589D5427B6C81248C6EE73680E20499A
j = 55
MD = C21BF7D364AB5FC61624021C8339501A0DDD4BD57A27E232D8C20A03
j = 56
MD = 833C7514AF3260B38593019F064F71674E6ABDE61E394E2877EF9664
j = 57
MD = 36F9E0849D59A530E56C3D505D5E4A192796C07BC90D9FD92E3590BA
j = 58
MD = B14486770A3C59708B37E4F61EDCC95C9CC54223129B3F458B8E3F30
j = 59
MD = 699B4B69F8FF27DFA783F4FC1E07A6EFAA6BDAC99034E6BA66B03FE9
j = 60
MD = 82D7742EF0302FBC52E7EA7FA5A738BFC394EA83853D47D7506652A6
j = 61
MD = 2253A5EA6DA06C26732F4E913360D18AEC210E405E0D3B50BBF0F494
j = 62
MD = 304A9044950DDE97A5A360516906039C97591BEAC3B66ACDEF96C299
j = 63
MD = E505A037BD612982895A1C694A08CCA023B37785F38DDB5FDE5F4A92
j = 64
MD = C25E57FFDD3D78D1280087AE544C8374CCBC09CD3D76D29A0AAFFE14
j = 65
MD = CFD609316A524D04B660F0693D012C6674E2FFF3BFFBE45AA200B47D
j = 66
MD = C92EF85F4DFEFF51B0485335E10AFD6F23CD45DDEEB089E9D0371DE8
j = 67
MD = 4284F2969542545DB7CF8D14AAE41E38BADC6685A4ADD1A7C0D8A1B3
j = 68
MD = 80490B80159C9AC1B45A6F6ECC1C88FE560FC5B763F28EED08AB245C
j = 69
MD = E7110FE5D0D5CFEB7DCC66CDECE5A0C0C085415634832F1BCE96718B
j = 70
MD = C8DE55663B4909793C76B70F720EA09497629E3A16345BBF180D6F0F
j = 71
MD = B974767980D8FA14B42E5D7A3508CD716EF6375419AC7FC075F0997A
j = 72
MD = 14F89E23C012A587E71F2B0768D8C6BEEEF11DA8F4113A1868E68427
j = 73
MD = FC76FA1B0273094604D6898785A20CEA193CA86C494D5CEE3BE10546
j = 74
MD = 9C2F708D217FF127E1B619AD849DCEAACBC29F8DD73BA40C96FF956C
j = 75
MD = E2A40D11C5A5AF157F5B56A393DAE61295864DA8EFF62FB234D5C5EC
j = 76
MD = 3A1172CA1DC2771B020C4C39D0E98EBF16E8E7A8BF9BA3DF03FA7BDF
j = 77
MD = 103C2FA4ACAB3D283D79F9F990017F9DA8F5E5B9918A5C8323B711AF
j = 78
MD = B6001F6799FFC5E2FA257473717BE68E6F5994D3FB8519E19635FD2A
j = 79
MD = EF09B1D548F1DD7494D4C3CAC44EE036336199343E1E9F301929988B
j = 80
MD = 60359F121D4594BDC18F2294FAF1C9A072A2FE02E3D0CE2041A032F0
j = 81
MD = 49375AE4B8FE8E5909655FBE9875EB5ECA267F62B5D420B433E977B8
j = 82
MD = BA8337E9A121E99849CC04B3EBD8A2A9D0CB23CDB9D9EC15230ED383
j = 83
MD = 7C740E9AC32C2B74A1868865A5BFB858DF8A2EA267D0ADA2091B54D3
j = 84
MD = 57BDB3AD336252152B136402599C4A0CB6DF626E759A45C339439F37
j = 85
MD = C1C732CA7870864D4471E3A6EB5520F747AE6F95ACF8102DBCC6A6E1
j = 86
MD = 9752355D60CF37DE331A8DDB70F78CD919AAF87148CDDF56202B59F2
j = 87
MD = 9B1B5FB24806544EFDDB6BE4B65C2FB6FD17A0F75F3FC0CC0AC3A47E
j = 88
MD = C650C5557863BE6EBD186BD5EB13E8157FC664463DC73DC1B9CE9E5B
j = 89
MD = C5943CA4CBA8A1AF649A1809C464C93A2F94AE75327674345299A3E1
j = 90
MD = C3A9AB65DCFCDCAD4BB3093B74E8D95D154FD6C1C28B1A511685D605
j = 91
MD = DDAAADCB4E62690939DB343DD9CA876B5EF2A220BCA1CB86591A2742
j = 92
MD = C7893D28F4E57AC4EF8ABB2C3A70199A90DE7FDB180634BC2A9A0AD8
j = 93
MD = 8AF573936FB6CBD42924249617C1AB14628162E62CA70694B7A0E5D5
j = 94
MD = 20ED177851CE64E4731A3A8219FC62F2D3C3A645D48F154B7E7C1DD7
j = 95
MD = DA13094C9C231101576D0E3F60545AD4EF46CE754AABF13DDB9E532C
j = 96
MD = 8B35E233D37AE3A728B988295C5DE4A1B148DA9137935AE57F51EB35
j = 97
MD = EAFE0CF967F3A643E68AA08C5821684651C1FC2849D092CD26A8FC97
j = 98
MD = B9D96F14D9FA06B0309284D6C8070363D0D38C139889A461C07E235A
j = 99
MD = 89965DEC224F80C62BA360BF6053B45110124B063A1E38F712EE20D2

305
testvectors/shavs/Keccak/MonteCarlo_256.txt

@ -0,0 +1,305 @@
# MonteCarlo_256.txt
# Algorithm Name: Keccak
# Principal Submitter: The Keccak Team (Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche)
Seed = 6CD4C0C5CB2CA2A0F1D1AECEBAC03B52E64EA03D1A1654372936545B92BBC5484A59DB74BB60F9C40CEB1A5AA35A6FAFE80349E14C253A4E8B1D77612DDD81ACE926AE8B0AF6E53176DBFFCC2A6B88C6BD765F939D3D178A9BDE9EF3AA131C61E31C1E42CDFAF4B4DCDE579A37E150EFBEF5555B4C1CB40439D835A724E2FAE7
j = 0
MD = 96DC718815408516160BB7E5C270EFF1EF7FF455CA4CD604823F18C6040326D5
j = 1
MD = 46EFBD577B845887D8C3BBF8AF33ED6C4D16D7F78A0F1F274646BB239CDE5C63
j = 2
MD = 4F219E44B329E045B5796316FAC3C7D081F83F5109A5D3C04D04C6085ECB99CF
j = 3
MD = 740DE881E12657CBE15FF9BD31C35B1B58F399D3A4C6A95C9732262C9CCAFDFC
j = 4
MD = 53180A5CB86CBDFFD5786C7DF4614D6B5917212AD452B4649C58F52EE85618AF
j = 5
MD = 05B20D0D8D0AFFC4C193020E32E98662BEE09F8509477001C47B31020033A7DD
j = 6
MD = E79A28614C4DAC49A385DBBB94868FEEEA14144DB6B56EBE8706B42831D14373
j = 7
MD = 4B8A44425A1330D72EBBC61C1A729781772AB59C8BB66CE6F3AE10857C63353B
j = 8
MD = B9715C164425BA78D3874EB7772EF46773AC63403E0BC0D7F337BF73D4FA85D8
j = 9
MD = 98C5794C978BD33E7A73E5B36477C52EE9CD94C4A4DA7C7778D31EDC5BF03B50
j = 10
MD = 86AA9F3624817BAC95C5627C517EF1B64C30F320F715860A91C26B068A6E76E9
j = 11
MD = EC0FDBCECA3330A442CB13D734CE913290298C2DD1ED8F751A641D57C53F2A44
j = 12
MD = 0FC37BA7137D76F39A08E6A56808CF12B82B4FF8415C3CD1C5E84BD1E849EC0D
j = 13
MD = 0F82715C0C24C2D866F6EAD89A180ABF672AFC4F2EE6164ECC9D2862D5181B33
j = 14
MD = 523FAABE32B941F88E3909C47926AA521121B4C0D38FE5E784999DE072B477F3
j = 15
MD = 62666A58C27B43CE070AAB888D2C885A6722273659D98DBC07EE9BB3E396279A
j = 16
MD = 0A9430E9A6D90C693A3042A6E58D3B81135D9F15861FF2C170DB08BB2CF7BDCA
j = 17
MD = 1BA3007DA71F7B38C46D3F98F4296BB9F2D5427EEF38344B3E33391117936FA3
j = 18
MD = 201D831B936EDE14727AC880F5626D2CF15ABFEF2606B171716A562A0B8E3A03
j = 19
MD = 5ED9271873F1CBD90E1E8D6D4B8B536A02D002666262F3094587CE1AF20548B7
j = 20
MD = 099332ABE9CCD2E72A03BDC6084B0639960BB553AE997C59A1F8EF0E2898FDFF
j = 21
MD = 09111E83CA62E70A11070D6F33E8A1EAF703BF7EADA400A049BC130781C029D6
j = 22
MD = 52A995B45CD1033FD11BCB38D5F5CB367998C0F1B1EFDD70F691862A2F044135
j = 23
MD = D32A226089AEF43D1B8C3A5A2C3A8A040F633008148DEE58DC0A93A201232C24
j = 24
MD = 37B6AB3A01A3CA3C939AF0CC99CDD19694AB4D98A1D7590101F426339D3319EB
j = 25
MD = 8F1C265D1518605F08EA1A90C49CA21D417E0F3886648FE50F062070DB822EC1
j = 26
MD = B045EF3B0C1A1E1A2554ED62A3210168D41D7B20E2404742EBE8EA45079E983B
j = 27
MD = 431D940F35D9BD52E11A5EC6F8EDF55E5C9A66BF20E3AB7E66960565926F02B4
j = 28
MD = 7176EDDC2315F0F3040F23F2EBA678BA0410209688A7436590157C8EDF5D8DEC
j = 29
MD = 9D8703540F4E88F4F7ABCEDDB5D3A0E5851774DE2B8A9033FEE7E1253A47C988
j = 30
MD = DCEB13B28A003F9C6F5A32C00260B87D3D6EF7FCE971613814367715BE21572A
j = 31
MD = AD820D6726D4E5D75BD2E696892B2ACF7AC8310EC2D27A1EC4835326E628CEB1
j = 32
MD = 6B80B99B21823827F03F4E4EB80F95B809F05B29EBFAABDE4FB31D7FF337BC9A
j = 33
MD = 352E60614BD57D39DC1A412012D56D1045FE91063AF4BEBB150B83C030EAAD9F
j = 34
MD = A1588950C19D7161CBD1BFDB813459DAFB6BCAF18162560B4478CE99EDBEDF5D
j = 35
MD = D797A367C4DEECDCF6E2615586126C1797D9D5EDAB6510504C6DB21F3418EFB0
j = 36
MD = A1ECF7696DB53498EA07195EECA6071B10F45001CC7BCF5C3172029A2BC25FEF
j = 37
MD = EAB7361FB84944715FC9F177840DE90CFC69B7DD74E6A4C3DB1103D5E9EBED98
j = 38
MD = 6D805BB0C1F45EB177D80BB1371549219EC9C5EA68DD226E80410E97A7B97909
j = 39
MD = C6E3F46425D45A348CDEAA5C25241398D62DAF1F45E4BADE4EC98587C291C2AD
j = 40
MD = BB5CCA581203C9F2CA4D35C4083EDA3AE780E71E96AA0537692C920E393768B3
j = 41
MD = 3EDCAB69CD54B9E401C1F61FF76A0E4033F13512254D0C1F29F02D98B3EAFB4E
j = 42
MD = 723590F5D2E89D9B217B07B8FF1B149FF95A7342381C88983BFAE40252FF2137
j = 43
MD = 680326B28B5ADAE72D01EC6C06461077703A3EF7BAE6F595DA8FA041E0DCAD75
j = 44
MD = C6479F09B30F78A214095CAAF676ECB5C2E6A2F15CA26A3FDE4DE29F30BA1519
j = 45
MD = 733D8178CA754EC84ACA7DFCD17907FC23EEFE7F384B35A0D02E53E22820A363
j = 46
MD = 79408D5E18D7834AE762B54D4969C4B14818184EB20E6550E07A471A06E269F7
j = 47
MD = A79C8D5A94214EE3447DD60F248A9E56EBA674421EC706EFEBFC997501FBEBF7
j = 48
MD = 69AE1537B62ABB42CC9F6D4156A61E8C3FDB83655BFBD27D3C16DA71346D76C9
j = 49
MD = C3D5FC08AD31D1B58B66D93318827F1C4BDEE77B9DD670D9DDBDEE72C56D21E9
j = 50
MD = B8657E2C9D8EA1CEC9CB1DAAAA5884A1F8A2328F4446B3BD775BE375B122D426
j = 51
MD = 5FB921BF349D6D002375B98A04989D29A527D8F8278E1BEF097000999F81ED71
j = 52
MD = 5C5371143898E1D4636C2997141C3D2664ED52963F0B7A014658829610E1B699
j = 53
MD = 045B9E962864C84411FAD905BFB83AD6AD47F132E1F71151D715C9A1A81CC42C
j = 54
MD = 4F732E2570711679EF817980BC4D2592D4370E35C7C1F87824B1314D08389564
j = 55
MD = 2FAB0BA32819E3073663E5637D1561F19A1818D6BC88A91C56EA1656CE260533
j = 56
MD = 53BBFBDED8300F4543C9EF54B3A71461F6AE62EBD8D5119FF9E69360F6FB216F
j = 57
MD = 62BEDB61EF90DFC662736E50F415224717F196D5791C2D6CC6F070F17394E93F
j = 58
MD = F65122D16FEFD0FB32B70A2B251D39CE0A90F5DB11410BB8FABEC9ADF3A15042
j = 59