About the test data used in your sample run: do you have any URLs for the srouce
of those? I'm asking because I had already learned years ago that some of the
test data in
DEC (a project which I inherited btw.) was not 100% correct and thus
masked 1 or 2 bugs in
DEC. I tried to find the original/official test data for the
hash algorithms then at least and was only partially successfull. But I "implemented"
what I found as original test data.
Alas, there is no test vector for these simple padding !, i made the tests above to check data integrity for different case, and to use BlockSize and MinLength in useful way.
As for the implementation, it is in the scattered few links in the sources above, well.. along with this too
https://en.wikipedia.org/wiki/Padding_(cryptography)
ISO(s) standards are strictly to paid
access, but the description for padding is easy enough to implement.
As for test vectors, i have similar when i implement Gimli cipher block
https://gimli.cr.yp.to/spec.html
and ended up with 3 versions, one published by the author, and another submitted to NIST competition LightWeight Cryptography
https://csrc.nist.gov/Projects/Lightweight-Cryptography
but in second round there was different version of these vectors
Here an answer from one of the authors
https://crypto.stackexchange.com/que...for-gimli-hash
And the reason was the permutation is the same as it should not be changed, but the difference and the confliction in the last step after perform the rounds and on padding and bit locking, the original was locking different bit, while NIST prefer their own bit locking
and here how it look like
Delphi-Quellcode:
procedure Gimli_PadThenSqueeze(GimliContext: PlcGimliState; Last: Integer); //inline;
begin
// enable one of these padding schemes
// 1) padding with xor'ing $1F at last byte and $80 at the end of block
{GimliContext^.Bytes[Last] := GimliContext^.Bytes[Last] xor $1F;
GimliContext^.Bytes[GIMLI_RATE - 1] := GimliContext^.Bytes[GIMLI_RATE - 1] xor $80;}
// 2) padding with xor'ing 1 at the last of text with 1 at the last byte of the state
GimliContext^.Bytes[Last] := GimliContext^.Bytes[Last] xor $1;
GimliContext^.Bytes[GIMLI_STATE_LAST_BYTE] := GimliContext^.Bytes[GIMLI_STATE_LAST_BYTE] xor $1;
// 3) //// removed and should not be used
GimliPermute(GimliContext^);
end;
So i think your problem is something similar to this bit locking, SHA1 and SHA256 doesn't have these and this is great weakness for them.