Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
The attached two patches update SHA3 to the final published version.
--- a/testsuite/sha3-224-test.c +++ b/testsuite/sha3-224-test.c @@ -1,775 +1,1259 @@ #include "testutils.h"
void -test_main(void) +test_main (void) { /* Extracted from ShortMsgKAT_224.txt using sha3.awk. */
- test_hash(&nettle_sha3_224, /* 0 octets */
SHEX(""),SHEX("F71837502BA8E10837BDD8D365ADB85591895602FC552B48B7390ABD"));
Did you create the testcases in the same way, using sha3.awk? Where are the updated ShortMsgKAT_*.txt files? Or did you use some other method?
diff --git a/sha3.c b/sha3.c index 84bc7ea..24581db 100644 --- a/sha3.c +++ b/sha3.c @@ -94,7 +94,7 @@ _sha3_pad (struct sha3_state *state, unsigned block_size, uint8_t *block, unsigned pos) { assert (pos < block_size);
- block[pos++] = 1;
block[pos++] = 6;
memset (block + pos, 0, block_size - pos); block[block_size - 1] |= 0x80;
Looks simple enough ;-) As I understand it, after a quick look at the final spec, message padding used to be the bit pattern 100...001, and now it's 01100..001, where the initial "01" are spcific to using the Keccac permutation for SHA3, for "domain separation".
Have NIST published a summary of their changes?
Regards, /Niels