| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2400141.9o76ZdvQCi@graviton.chronox.de> Date: Fri, 19 Sep 2025 17:40:53 +0200 From: Stephan Müller <smueller@...onox.de> To: Simo Sorce <simo@...hat.com>, David Howells <dhowells@...hat.com> Cc: dhowells@...hat.com, Eric Biggers <ebiggers@...nel.org>, "Jason A. Donenfeld" <Jason@...c4.com>, Ard Biesheuvel <ardb@...nel.org>, Herbert Xu <herbert@...dor.apana.org.au>, linux-crypto@...r.kernel.org, keyrings@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] lib/crypto: Add SHA3-224, SHA3-256, SHA3-384, SHA-512, SHAKE128, SHAKE256 Am Freitag, 19. September 2025, 17:34:36 Mitteleuropäische Sommerzeit schrieb David Howells: Hi David, > Simo Sorce <simo@...hat.com> wrote: > > I strongly suggest creating a test vector where multiple absorb and > > squeeze operations are done in intermixed order, and then use that test > > vector in your Kunit tests to ensure changes to the code do not break > > this fundamental property of the keccak sponge algorithm. > > I'm putting such a beast in the module init function at least. > > Annoyingly, Eric's hash-test-template.h makes some unwarranted assumptions > about the hashes it is testing - such as the final function zeroing out the > hash struct. If it is of help, here is such test that I use: https://github.com/smuellerDD/leancrypto/blob/master/hash/tests/ shake_squeeze_more_tester.c#L92 Ciao Stephan
Powered by blists - more mailing lists