Re: [PATCH v3 5/8] lib/crypto: Add SHA3 kunit tests

[David Howells]

Eric Biggers <ebiggers@xxxxxxxxxx> wrote:

> SHA3-386 => SHA3-384

Hah.  Possibly I'm too practised at writing "386".

> If these expected outputs are from an external source, then that source
> needs to be documented.  If they aren't, then the way in which they were
> generated needs to be easily reproducible and documented, e.g. by adding
> support for generating them to gen-hash-testvecs.py.

I generated them with openssl.  I'll add a note in the code.

> If that's the case, then running "./scripts/crypto/gen-hash-testvecs.py
> sha3-256 > lib/crypto/tests/sha3_testvecs.h" should reproduce this file
> exactly.  But it doesn't, so you must have manually edited this file.
> 
> It should match exactly.  That can be done by tweaking
> gen-hash-testvecs.py to use the correct *_DIGEST_SIZE constant and
> skipping the HMAC test if sha3-256 is requested.

gen-hash-testvecs.py doesn't know how to handle dashes in the algo name and
they end up coming in the output as "SHA3-256_DIGEST_SIZE".

It also generated an HMAC thing despite sha3-256 not having HMAC support, so I
just trimmed that off.

Anyway, I can modify the gen script to deal with both of those.

> >  def hash_final(ctx):
> > +    if ctx.name == "shake_128":
> > +        return ctx.digest(16)
> > +    if ctx.name == "shake_256":
> > +        return ctx.digest(32)
> 
> This addition is unnecessary.

Well, you can't generate SHAKE128 or SHAKE256 without it as the digest()
method has a mandatory parameter for XOF algorithms.  This fixes that.

David