diff --git a/src/hashes/sha3.c b/src/hashes/sha3.c index 4758e3420..de7c857df 100644 --- a/src/hashes/sha3.c +++ b/src/hashes/sha3.c @@ -130,6 +130,8 @@ const struct ltc_hash_descriptor keccak_512_desc = #define SHA3_KECCAK_SPONGE_WORDS 25 /* 1600 bits > 200 bytes > 25 x ulong64 */ #define SHA3_KECCAK_ROUNDS 24 +#define SHA3_KECCAK_TURBO_ROUNDS 12 +#define SHA3_KECCAK_TURBO_RC_OFFSET 12 static const ulong64 s_keccakf_rndc[24] = { CONST64(0x0000000000000001), CONST64(0x0000000000008082), @@ -192,6 +194,44 @@ static void s_keccakf(ulong64 s[25]) } } +static void s_keccak_turbo_f(ulong64 s[25]) +{ + int i, j, round; + ulong64 t, bc[5]; + + for(round = 0; round < SHA3_KECCAK_TURBO_ROUNDS; round++) { + /* Theta */ + for(i = 0; i < 5; i++) { + bc[i] = s[i] ^ s[i + 5] ^ s[i + 10] ^ s[i + 15] ^ s[i + 20]; + } + for(i = 0; i < 5; i++) { + t = bc[(i + 4) % 5] ^ ROL64(bc[(i + 1) % 5], 1); + for(j = 0; j < 25; j += 5) { + s[j + i] ^= t; + } + } + /* Rho Pi */ + t = s[1]; + for(i = 0; i < 24; i++) { + j = s_keccakf_piln[i]; + bc[0] = s[j]; + s[j] = ROL64(t, s_keccakf_rotc[i]); + t = bc[0]; + } + /* Chi */ + for(j = 0; j < 25; j += 5) { + for(i = 0; i < 5; i++) { + bc[i] = s[j + i]; + } + for(i = 0; i < 5; i++) { + s[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5]; + } + } + /* Iota */ + s[0] ^= s_keccakf_rndc[SHA3_KECCAK_TURBO_RC_OFFSET + round]; + } +} + static LTC_INLINE int ss_done(hash_state *md, unsigned char *hash, ulong64 pad) { unsigned i; @@ -309,6 +349,58 @@ int sha3_process(hash_state *md, const unsigned char *in, unsigned long inlen) return CRYPT_OK; } +int sha3_turbo_process(hash_state *md, const unsigned char *in, unsigned long inlen) +{ + /* 0...7 -- how much is needed to have a word */ + unsigned old_tail = (8 - md->sha3.byte_index) & 7; + + unsigned long words; + unsigned tail; + unsigned long i; + + if (inlen == 0) return CRYPT_OK; /* nothing to do */ + LTC_ARGCHK(md != NULL); + LTC_ARGCHK(in != NULL); + + if(inlen < old_tail) { /* have no complete word or haven't started the word yet */ + while (inlen--) md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8); + return CRYPT_OK; + } + + if(old_tail) { /* will have one word to process */ + inlen -= old_tail; + while (old_tail--) md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8); + /* now ready to add saved to the sponge */ + md->sha3.s[md->sha3.word_index] ^= md->sha3.saved; + md->sha3.byte_index = 0; + md->sha3.saved = 0; + if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) { + s_keccak_turbo_f(md->sha3.s); + md->sha3.word_index = 0; + } + } + + /* now work in full words directly from input */ + words = inlen / sizeof(ulong64); + tail = inlen - words * sizeof(ulong64); + + for(i = 0; i < words; i++, in += sizeof(ulong64)) { + ulong64 t; + LOAD64L(t, in); + md->sha3.s[md->sha3.word_index] ^= t; + if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) { + s_keccak_turbo_f(md->sha3.s); + md->sha3.word_index = 0; + } + } + + /* finally, save the partial word */ + while (tail--) { + md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8); + } + return CRYPT_OK; +} + #ifdef LTC_SHA3 int sha3_done(hash_state *md, unsigned char *out) { @@ -361,6 +453,43 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) return CRYPT_OK; } +int sha3_shake_turbo_done(hash_state *md, unsigned char *out, unsigned long outlen) +{ + /* IMPORTANT NOTE: sha3_shake_turbo_done can be called many times */ + unsigned long idx; + unsigned i; + + if (outlen == 0) return CRYPT_OK; /* nothing to do */ + LTC_ARGCHK(md != NULL); + LTC_ARGCHK(out != NULL); + + if (!md->sha3.xof_flag) { + /* shake_xof operation must be done only once */ + md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8))); + md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); + s_keccak_turbo_f(md->sha3.s); + /* store sha3.s[] as little-endian bytes into sha3.sb */ + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + } + md->sha3.byte_index = 0; + md->sha3.xof_flag = 1; + } + + for (idx = 0; idx < outlen; idx++) { + if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { + s_keccak_turbo_f(md->sha3.s); + /* store sha3.s[] as little-endian bytes into sha3.sb */ + for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { + STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); + } + md->sha3.byte_index = 0; + } + out[idx] = md->sha3.sb[md->sha3.byte_index++]; + } + return CRYPT_OK; +} + int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, const unsigned long *outlen) { hash_state md; diff --git a/src/hashes/sha3_test.c b/src/hashes/sha3_test.c index 95fcfcbba..0ff23ce07 100644 --- a/src/hashes/sha3_test.c +++ b/src/hashes/sha3_test.c @@ -388,6 +388,180 @@ int sha3_shake_test(void) #endif } +int sha3_turbo_shake_test(void) +{ +#ifndef LTC_TEST + return CRYPT_NOP; +#else + unsigned char hash[64]; + hash_state c; + int i; + + // https://www.ietf.org/archive/id/draft-irtf-cfrg-kangarootwelve-17.txt page 12 + const unsigned char turbo_shake_input_single_zero[] = { + 0x00, + }; + const unsigned char turbo_shake_input_ptn_17_pow_1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, + }; + const unsigned char turbo_shake_input_ptn_17_pow_2[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, + }; + + const unsigned char turbo_shake_128_empty[64] = { + 0x1e, 0x41, 0x5f, 0x1c, 0x59, 0x83, 0xaf, 0xf2, 0x16, 0x92, 0x17, 0x27, 0x7d, 0x17, 0xbb, 0x53, + 0x8c, 0xd9, 0x45, 0xa3, 0x97, 0xdd, 0xec, 0x54, 0x1f, 0x1c, 0xe4, 0x1a, 0xf2, 0xc1, 0xb7, 0x4c, + 0x3e, 0x8c, 0xca, 0xe2, 0xa4, 0xda, 0xe5, 0x6c, 0x84, 0xa0, 0x4c, 0x23, 0x85, 0xc0, 0x3c, 0x15, + 0xe8, 0x19, 0x3b, 0xdf, 0x58, 0x73, 0x73, 0x63, 0x32, 0x16, 0x91, 0xc0, 0x54, 0x62, 0xc8, 0xdf, + }; + const unsigned char turbo_shake_128_empty_10032[32] = { + 0xa3, 0xb9, 0xb0, 0x38, 0x59, 0x00, 0xce, 0x76, 0x1f, 0x22, 0xae, 0xd5, 0x48, 0xe7, 0x54, 0xda, + 0x10, 0xa5, 0x24, 0x2d, 0x62, 0xe8, 0xc6, 0x58, 0xe3, 0xf3, 0xa9, 0x23, 0xa7, 0x55, 0x56, 0x07, + }; + const unsigned char turbo_shake_128_single_zero_byte[32] = { + 0x55, 0xce, 0xdd, 0x6f, 0x60, 0xaf, 0x7b, 0xb2, 0x9a, 0x40, 0x42, 0xae, 0x83, 0x2e, 0xf3, 0xf5, + 0x8d, 0xb7, 0x29, 0x9f, 0x89, 0x3e, 0xbb, 0x92, 0x47, 0x24, 0x7d, 0x85, 0x69, 0x58, 0xda, 0xa9, + }; + const unsigned char turbo_shake_128_ptn_pow_1[32] = { + 0x9c, 0x97, 0xd0, 0x36, 0xa3, 0xba, 0xc8, 0x19, 0xdb, 0x70, 0xed, 0xe0, 0xca, 0x55, 0x4e, 0xc6, + 0xe4, 0xc2, 0xa1, 0xa4, 0xff, 0xbf, 0xd9, 0xec, 0x26, 0x9c, 0xa6, 0xa1, 0x11, 0x16, 0x12, 0x33, + }; + const unsigned char turbo_shake_128_ptn_pow_2[32] = { + 0x96, 0xc7, 0x7c, 0x27, 0x9e, 0x01, 0x26, 0xf7, 0xfc, 0x07, 0xc9, 0xb0, 0x7f, 0x5c, 0xda, 0xe1, + 0xe0, 0xbe, 0x60, 0xbd, 0xbe, 0x10, 0x62, 0x00, 0x40, 0xe7, 0x5d, 0x72, 0x23, 0xa6, 0x24, 0xd2, + }; + + const unsigned char turbo_shake_256_empty[64] = { + 0x36, 0x7a, 0x32, 0x9d, 0xaf, 0xea, 0x87, 0x1c, 0x78, 0x02, 0xec, 0x67, 0xf9, 0x05, 0xae, 0x13, + 0xc5, 0x76, 0x95, 0xdc, 0x2c, 0x66, 0x63, 0xc6, 0x10, 0x35, 0xf5, 0x9a, 0x18, 0xf8, 0xe7, 0xdb, + 0x11, 0xed, 0xc0, 0xe1, 0x2e, 0x91, 0xea, 0x60, 0xeb, 0x6b, 0x32, 0xdf, 0x06, 0xdd, 0x7f, 0x00, + 0x2f, 0xba, 0xfa, 0xbb, 0x6e, 0x13, 0xec, 0x1c, 0xc2, 0x0d, 0x99, 0x55, 0x47, 0x60, 0x0d, 0xb0, + }; + const unsigned char turbo_shake_256_empty_10032[32] = { + 0xab, 0xef, 0xa1, 0x16, 0x30, 0xc6, 0x61, 0x26, 0x92, 0x49, 0x74, 0x26, 0x85, 0xec, 0x08, 0x2f, + 0x20, 0x72, 0x65, 0xdc, 0xcf, 0x2f, 0x43, 0x53, 0x4e, 0x9c, 0x61, 0xba, 0x0c, 0x9d, 0x1d, 0x75, + }; + const unsigned char turbo_shake_256_single_zero_byte[64] = { + 0x3e, 0x17, 0x12, 0xf9, 0x28, 0xf8, 0xea, 0xf1, 0x05, 0x46, 0x32, 0xb2, 0xaa, 0x0a, 0x24, 0x6e, + 0xd8, 0xb0, 0xc3, 0x78, 0x72, 0x8f, 0x60, 0xbc, 0x97, 0x04, 0x10, 0x15, 0x5c, 0x28, 0x82, 0x0e, + 0x90, 0xcc, 0x90, 0xd8, 0xa3, 0x00, 0x6a, 0xa2, 0x37, 0x2c, 0x5c, 0x5e, 0xa1, 0x76, 0xb0, 0x68, + 0x2b, 0xf2, 0x2b, 0xae, 0x74, 0x67, 0xac, 0x94, 0xf7, 0x4d, 0x43, 0xd3, 0x9b, 0x04, 0x82, 0xe2, + }; + const unsigned char turbo_shake_256_ptn_pow_1[64] = { + 0xb3, 0xba, 0xb0, 0x30, 0x0e, 0x6a, 0x19, 0x1f, 0xbe, 0x61, 0x37, 0x93, 0x98, 0x35, 0x92, 0x35, + 0x78, 0x79, 0x4e, 0xa5, 0x48, 0x43, 0xf5, 0x01, 0x10, 0x90, 0xfa, 0x2f, 0x37, 0x80, 0xa9, 0xe5, + 0xcb, 0x22, 0xc5, 0x9d, 0x78, 0xb4, 0x0a, 0x0f, 0xbf, 0xf9, 0xe6, 0x72, 0xc0, 0xfb, 0xe0, 0x97, + 0x0b, 0xd2, 0xc8, 0x45, 0x09, 0x1c, 0x60, 0x44, 0xd6, 0x87, 0x05, 0x4d, 0xa5, 0xd8, 0xe9, 0xc7, + }; + const unsigned char turbo_shake_256_ptn_pow_2[64] = { + 0x66, 0xb8, 0x10, 0xdb, 0x8e, 0x90, 0x78, 0x04, 0x24, 0xc0, 0x84, 0x73, 0x72, 0xfd, 0xc9, 0x57, + 0x10, 0x88, 0x2f, 0xde, 0x31, 0xc6, 0xdf, 0x75, 0xbe, 0xb9, 0xd4, 0xcd, 0x93, 0x05, 0xcf, 0xca, + 0xe3, 0x5e, 0x7b, 0x83, 0xe8, 0xb7, 0xe6, 0xeb, 0x4b, 0x78, 0x60, 0x58, 0x80, 0x11, 0x63, 0x16, + 0xfe, 0x2c, 0x07, 0x8a, 0x09, 0xb9, 0x4a, 0xd7, 0xb8, 0x21, 0x3c, 0x0a, 0x73, 0x8b, 0x65, 0xc0, + }; + + /* TurboSHAKE128 on an empty buffer */ + sha3_shake_init(&c, 128); + sha3_shake_turbo_done(&c, hash, 64); + if (compare_testvector(hash, 64, turbo_shake_128_empty, sizeof(turbo_shake_128_empty), "TurboSHAKE128", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE128 on an empty buffer, digest length 10032 bytes, test last 32 bytes */ + sha3_shake_init(&c, 128); + for(i = 0; i != 10000 / 10; ++i){ sha3_shake_turbo_done(&c, hash, 10); } + sha3_shake_turbo_done(&c, hash, 32); + if (compare_testvector(hash, 32, turbo_shake_128_empty_10032, sizeof(turbo_shake_128_empty_10032), "TurboSHAKE128", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE128 on single zero byte */ + sha3_shake_init(&c, 128); + sha3_shake_turbo_process(&c, turbo_shake_input_single_zero, sizeof(turbo_shake_input_single_zero)); + sha3_shake_turbo_done(&c, hash, 32); + if (compare_testvector(hash, 32, turbo_shake_128_single_zero_byte, sizeof(turbo_shake_128_single_zero_byte), "TurboSHAKE128", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE128 on ptn(17**1) */ + sha3_shake_init(&c, 128); + sha3_shake_turbo_process(&c, turbo_shake_input_ptn_17_pow_1, sizeof(turbo_shake_input_ptn_17_pow_1)); + sha3_shake_turbo_done(&c, hash, 32); + if (compare_testvector(hash, 32, turbo_shake_128_ptn_pow_1, sizeof(turbo_shake_128_ptn_pow_1), "TurboSHAKE128", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE128 on ptn(17**2) */ + sha3_shake_init(&c, 128); + sha3_shake_turbo_process(&c, turbo_shake_input_ptn_17_pow_2, sizeof(turbo_shake_input_ptn_17_pow_2)); + sha3_shake_turbo_done(&c, hash, 32); + if (compare_testvector(hash, 32, turbo_shake_128_ptn_pow_2, sizeof(turbo_shake_128_ptn_pow_2), "TurboSHAKE128", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + + /* TurboSHAKE256 on an empty buffer */ + sha3_shake_init(&c, 256); + sha3_shake_turbo_done(&c, hash, 64); + if (compare_testvector(hash, 64, turbo_shake_256_empty, sizeof(turbo_shake_256_empty), "TurboSHAKE256", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE256 on an empty buffer, digest length 10032 bytes, test last 32 bytes */ + sha3_shake_init(&c, 256); + for(i = 0; i != 10000 / 10; ++i){ sha3_shake_turbo_done(&c, hash, 10); } + sha3_shake_turbo_done(&c, hash, 32); + if (compare_testvector(hash, 32, turbo_shake_256_empty_10032, sizeof(turbo_shake_256_empty_10032), "TurboSHAKE256", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE256 on single zero byte */ + sha3_shake_init(&c, 256); + sha3_shake_turbo_process(&c, turbo_shake_input_single_zero, sizeof(turbo_shake_input_single_zero)); + sha3_shake_turbo_done(&c, hash, 64); + if (compare_testvector(hash, 64, turbo_shake_256_single_zero_byte, sizeof(turbo_shake_256_single_zero_byte), "TurboSHAKE256", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE256 on ptn(17**1) */ + sha3_shake_init(&c, 256); + sha3_shake_turbo_process(&c, turbo_shake_input_ptn_17_pow_1, sizeof(turbo_shake_input_ptn_17_pow_1)); + sha3_shake_turbo_done(&c, hash, 64); + if (compare_testvector(hash, 64, turbo_shake_256_ptn_pow_1, sizeof(turbo_shake_256_ptn_pow_1), "TurboSHAKE256", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + /* TurboSHAKE256 on ptn(17**2) */ + sha3_shake_init(&c, 256); + sha3_shake_turbo_process(&c, turbo_shake_input_ptn_17_pow_2, sizeof(turbo_shake_input_ptn_17_pow_2)); + sha3_shake_turbo_done(&c, hash, 64); + if (compare_testvector(hash, 64, turbo_shake_256_ptn_pow_2, sizeof(turbo_shake_256_ptn_pow_2), "TurboSHAKE256", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + + return CRYPT_OK; +#endif +} + #endif #ifdef LTC_KECCAK diff --git a/src/headers/tomcrypt_hash.h b/src/headers/tomcrypt_hash.h index 384ee2a6b..4abaa9449 100644 --- a/src/headers/tomcrypt_hash.h +++ b/src/headers/tomcrypt_hash.h @@ -265,6 +265,7 @@ int sha3_256_init(hash_state * md); int sha3_224_init(hash_state * md); /* sha3_process is the same for all variants of SHA3 + KECCAK */ int sha3_process(hash_state * md, const unsigned char *in, unsigned long inlen); +int sha3_turbo_process(hash_state * md, const unsigned char *in, unsigned long inlen); #endif #ifdef LTC_SHA3 @@ -280,8 +281,11 @@ int sha3_done(hash_state *md, unsigned char *out); /* SHAKE128 + SHAKE256 */ int sha3_shake_init(hash_state *md, int num); #define sha3_shake_process(a,b,c) sha3_process(a,b,c) +#define sha3_shake_turbo_process(a,b,c) sha3_turbo_process(a,b,c) int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen); +int sha3_shake_turbo_done(hash_state *md, unsigned char *out, unsigned long outlen); int sha3_shake_test(void); +int sha3_turbo_shake_test(void); int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, const unsigned long *outlen); #endif diff --git a/tests/cipher_hash_test.c b/tests/cipher_hash_test.c index 258780d30..a83cf608a 100644 --- a/tests/cipher_hash_test.c +++ b/tests/cipher_hash_test.c @@ -59,6 +59,7 @@ int cipher_hash_test(void) #ifdef LTC_SHA3 /* SHAKE128 + SHAKE256 tests are a bit special */ DOX(sha3_shake_test(), "sha3_shake"); + DO(sha3_turbo_shake_test()); #endif return 0;