Re: [PATCH] crypto: add test vectors for skein256/512/1024

2008-11-05 Thread Sebastian Andrzej Siewior 
* Jeff Garzik | 2008-11-02 20:44:40 [-0500]:

 Sebastian Andrzej Siewior wrote:
 I grabed them from http://www.schneier.com/skein.html. The last test 
 vector
 (3) in every category is currently deactivated because it failed always.
 It is unlikely that I made a type because I copy+pasted the tables + vim
 magiced them. So maybe code may missbehave on requests lengths which are
 not a multiple of 4 or the vectors can not be used due to some other
 limitations that I've overseen.

Okay, that was a false positive :)
The untouched reference implementation outputs the same hash. The
additional information (tree, ...) is part of the third argument in
Skein_XXX_InitExt() which isn't used. So we can safely drop the third
test vector.


   Jeff

Sebastian
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: add test vectors for skein256/512/1024

2008-11-03 Thread Sebastian Andrzej Siewior 
* Jeff Garzik | 2008-11-02 20:44:40 [-0500]:

 Sebastian Andrzej Siewior wrote:
 I grabed them from http://www.schneier.com/skein.html. The last test 
 vector
 (3) in every category is currently deactivated because it failed always.
 It is unlikely that I made a type because I copy+pasted the tables + vim
 magiced them. So maybe code may missbehave on requests lengths which are
 not a multiple of 4 or the vectors can not be used due to some other
 limitations that I've overseen.

 Another thought:  did you verify that the test vectors' output sizes 
 matched the Linux kernel's?
It should. All have something like:
| :Skein-512:   512-bit hash, msgLen = 8 bits
512 algo, 512 output. 

The third one has:
| :Skein-512:   512-bit hash, msgLen =  2040 bits. Tree: leaf=02, node=02, 
maxLevels=02
So it looks like the same except that it has the Tree: leaf node
attribes as well. So maybe this is something special maybe not. As I
browsed the .txt files for other vectors I did not find any where msglen
wasn't a multiple of 4 bytes (except some odd ones where msgles was 7
bits). Maybe I did not look close enough.

   Jeff

Sebastian
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto: add test vectors for skein256/512/1024

2008-11-02 Thread Sebastian Andrzej Siewior 
I grabed them from http://www.schneier.com/skein.html. The last test vector
(3) in every category is currently deactivated because it failed always.
It is unlikely that I made a type because I copy+pasted the tables + vim
magiced them. So maybe code may missbehave on requests lengths which are
not a multiple of 4 or the vectors can not be used due to some other
limitations that I've overseen.

Signed-off-by: Sebastian Andrzej Siewior [EMAIL PROTECTED]
---
 crypto/tcrypt.c  |   24 
 crypto/testmgr.c |   27 +
 crypto/testmgr.h |  166 +-
 3 files changed, 216 insertions(+), 1 deletions(-)

diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 28a45a1..c7717e8 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -661,6 +661,18 @@ static void do_test(int m)
tcrypt_test(ecb(seed));
break;
 
+   case 44:
+   tcrypt_test(skein256);
+   break;
+
+   case 45:
+   tcrypt_test(skein512);
+   break;
+
+   case 46:
+   tcrypt_test(skein1024);
+   break;
+
case 100:
tcrypt_test(hmac(md5));
break;
@@ -851,6 +863,18 @@ static void do_test(int m)
test_hash_speed(rmd320, sec, generic_hash_speed_template);
if (mode  300  mode  400) break;
 
+   case 318:
+   test_hash_speed(skein256, sec, generic_hash_speed_template);
+   if (mode  300  mode  400) break;
+
+   case 319:
+   test_hash_speed(skein512, sec, generic_hash_speed_template);
+   if (mode  300  mode  400) break;
+
+   case 320:
+   test_hash_speed(skein1024, sec, generic_hash_speed_template);
+   if (mode  300  mode  400) break;
+
case 399:
break;
 
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b828c6c..bc6fc7f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1693,6 +1693,33 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+   .alg = skein1024,
+   .test = alg_test_hash,
+   .suite = {
+   .hash = {
+   .vecs = skein1024_tv_template,
+   .count = SKEIN1024_TEST_VECTORS
+   }
+   }
+   }, {
+   .alg = skein256,
+   .test = alg_test_hash,
+   .suite = {
+   .hash = {
+   .vecs = skein256_tv_template,
+   .count = SKEIN256_TEST_VECTORS
+   }
+   }
+   }, {
+   .alg = skein512,
+   .test = alg_test_hash,
+   .suite = {
+   .hash = {
+   .vecs = skein512_tv_template,
+   .count = SKEIN512_TEST_VECTORS
+   }
+   }
+   }, {
.alg = tgr128,
.test = alg_test_hash,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index dee94d9..ebed56f 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -27,7 +27,7 @@ struct hash_testvec {
char *plaintext;
char *digest;
unsigned char tap[MAX_TAP];
-   unsigned char psize;
+   u16 psize;
unsigned char np;
unsigned char ksize;
 };
@@ -986,6 +986,170 @@ static struct hash_testvec tgr128_tv_template[] = {
 };
 
 /*
+ * SKEIN uses test vectors
+ *  from http://www.schneier.com/code/skein_NIST_CD_101308.zip
+ *  NIST/CD/KAT_MCT/skein_golden_kat_short.txt
+ */
+#define SKEIN256_TEST_VECTORS 2
+static struct hash_testvec skein256_tv_template[] = {
+   {
+   /* :Skein-256:   256-bit hash, msgLen = 8 bits */
+   .plaintext = \xff,
+   .psize  = 1,
+   .digest = 
\xa4\x7b\xe7\x1a\x18\x5b\xa0\xaf\x82\x0b\x3c\xe8\x45\xa3\xd3\x5a
+   
\x80\xec\x64\xf9\x6a\x0d\x6a\x36\xe3\xf5\x36\x36\x24\xd8\xa0\x91,
+   }, {
+   /* :Skein-256:   256-bit hash, msgLen =   512 bits */
+   .plaintext = 
\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0
+   
\xef\xee\xed\xec\xeb\xea\xe9\xe8\xe7\xe6\xe5\xe4\xe3\xe2\xe1\xe0
+   
\xdf\xde\xdd\xdc\xdb\xda\xd9\xd8\xd7\xd6\xd5\xd4\xd3\xd2\xd1\xd0
+   
\xcf\xce\xcd\xcc\xcb\xca\xc9\xc8\xc7\xc6\xc5\xc4\xc3\xc2\xc1\xc0,
+   .psize  = 64,
+   .digest = 
\xfa\x1a\x76\x2b\x6b\x1c\x72\xb7\x0d\x52\x92\x63\x53\xe1\x0e\xb8
+   
\xfb\x0e\xdd\x73\x13\xda\x20\xa2\x41\x31\x80\xb8\xe2\x89\xb8\x72,
+   }, {
+   /* :Skein-256:   256-bit hash, msgLen =  1016 bits. Tree: 
leaf=02, node=02, maxLevels=02 */
+   .plaintext =

Re: [PATCH] crypto: add test vectors for skein256/512/1024

2008-11-02 Thread Jeff Garzik 

Sebastian Andrzej Siewior wrote:

I grabed them from http://www.schneier.com/skein.html. The last test vector
(3) in every category is currently deactivated because it failed always.
It is unlikely that I made a type because I copy+pasted the tables + vim
magiced them. So maybe code may missbehave on requests lengths which are
not a multiple of 4 or the vectors can not be used due to some other
limitations that I've overseen.


Another thought:  did you verify that the test vectors' output sizes 
matched the Linux kernel's?


My implementation assumed a 256-bit output size for Skein-256, for 
example, but it is quite possible that Schneier and co. ran tests where 
the output size differed from the internal state size.


Jeff


--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html