Add cSHAKE unit tests

Signed-off-by: Michael Schaffner <msf@google.com>

lib/Crypto/SelfTest/Hash/__init__.py

@@ -42,6 +42,7 @@ def get_tests(config={}):
     from Crypto.SelfTest.Hash import test_SHA3_512;   tests += test_SHA3_512.get_tests(config=config)
     from Crypto.SelfTest.Hash import test_keccak;     tests += test_keccak.get_tests(config=config)
     from Crypto.SelfTest.Hash import test_SHAKE;      tests += test_SHAKE.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_cSHAKE;     tests += test_cSHAKE.get_tests(config=config)
     try:
         from Crypto.SelfTest.Hash import test_SHA224; tests += test_SHA224.get_tests(config=config)
         from Crypto.SelfTest.Hash import test_SHA384; tests += test_SHA384.get_tests(config=config)

lib/Crypto/SelfTest/Hash/test_cSHAKE.py

@@ -28,24 +28,67 @@
 # POSSIBILITY OF SUCH DAMAGE.
 # ===================================================================
 
-"""Self-test suite for Crypto.Hash.SHAKE128 and SHAKE256"""
+"""Self-test suite for Crypto.Hash.cSHAKE128 and cSHAKE256"""
 
 import unittest
-from binascii import hexlify, unhexlify
 
 from Crypto.SelfTest.loader import load_test_vectors
 from Crypto.SelfTest.st_common import list_test_cases
 
-from Crypto.Hash import SHAKE128, SHAKE256
+from Crypto.Hash import cSHAKE128, cSHAKE256
-from Crypto.Util.py3compat import b, bchr, bord, tobytes
+from Crypto.Util.py3compat import b, bchr, tobytes
 
-class SHAKETest(unittest.TestCase):
+
+class cSHAKETest(unittest.TestCase):
 
     def test_new_positive(self):
 
-        xof1 = self.shake.new()
+        xof1 = self.cshake.new()
-        xof2 = self.shake.new(data=b("90"))
+        xof2 = self.cshake.new(data=b("90"))
-        xof3 = self.shake.new().update(b("90"))
+        xof3 = self.cshake.new().update(b("90"))
+
+        self.assertNotEqual(xof1.read(10), xof2.read(10))
+        xof3.read(10)
+        self.assertEqual(xof2.read(10), xof3.read(10))
+
+        xof1 = self.cshake.new()
+        ref = xof1.read(10)
+        xof2 = self.cshake.new(function=b(""))
+        xof3 = self.cshake.new(custom=b(""))
+        xof4 = self.cshake.new(custom=b(""), function=b(""))
+        xof5 = self.cshake.new(custom=b("foo"))
+        xof6 = self.cshake.new(function=b("foo"))
+
+        self.assertEqual(ref, xof2.read(10))
+        self.assertEqual(ref, xof3.read(10))
+        self.assertEqual(ref, xof4.read(10))
+        self.assertNotEqual(ref, xof5.read(10))
+        self.assertNotEqual(ref, xof6.read(10))
+
+        xof1 = self.cshake.new(custom=b("foo"))
+        xof2 = self.cshake.new(function=b("foo"))
+
+        self.assertNotEqual(xof1.read(10), xof2.read(10))
+
+        xof1 = self.cshake.new(function=b("foo"))
+        xof2 = self.cshake.new(function=b("foo"), data=b("90"))
+        xof3 = self.cshake.new(function=b("foo")).update(b("90"))
+
+        self.assertNotEqual(xof1.read(10), xof2.read(10))
+        xof3.read(10)
+        self.assertEqual(xof2.read(10), xof3.read(10))
+
+        xof1 = self.cshake.new(custom=b("foo"))
+        xof2 = self.cshake.new(custom=b("foo"), data=b("90"))
+        xof3 = self.cshake.new(custom=b("foo")).update(b("90"))
+
+        self.assertNotEqual(xof1.read(10), xof2.read(10))
+        xof3.read(10)
+        self.assertEqual(xof2.read(10), xof3.read(10))
+
+        xof1 = self.cshake.new(function=b("foo"), custom=b("bar"))
+        xof2 = self.cshake.new(function=b("foo"), custom=b("bar"), data=b("90"))
+        xof3 = self.cshake.new(function=b("foo"), custom=b("bar")).update(b("90"))
 
         self.assertNotEqual(xof1.read(10), xof2.read(10))
         xof3.read(10)
@@ -53,19 +96,19 @@ class SHAKETest(unittest.TestCase):
 
     def test_update(self):
         pieces = [bchr(10) * 200, bchr(20) * 300]
-        h = self.shake.new()
+        h = self.cshake.new()
         h.update(pieces[0]).update(pieces[1])
         digest = h.read(10)
-        h = self.shake.new()
+        h = self.cshake.new()
         h.update(pieces[0] + pieces[1])
         self.assertEqual(h.read(10), digest)
 
     def test_update_negative(self):
-        h = self.shake.new()
+        h = self.cshake.new()
         self.assertRaises(TypeError, h.update, u"string")
 
     def test_digest(self):
-        h = self.shake.new()
+        h = self.cshake.new()
         digest = h.read(90)
 
         # read returns a byte string of the right length
@@ -73,67 +116,68 @@ class SHAKETest(unittest.TestCase):
         self.assertEqual(len(digest), 90)
 
     def test_update_after_read(self):
-        mac = self.shake.new()
+        mac = self.cshake.new()
         mac.update(b("rrrr"))
         mac.read(90)
         self.assertRaises(TypeError, mac.update, b("ttt"))
 
 
-class SHAKE128Test(SHAKETest):
+class cSHAKE128Test(cSHAKETest):
-        shake = SHAKE128
+    cshake = cSHAKE128
 
 
-class SHAKE256Test(SHAKETest):
+class cSHAKE256Test(cSHAKETest):
-        shake = SHAKE256
+    cshake = cSHAKE256
 
 
-class SHAKEVectors(unittest.TestCase):
+class cSHAKEVectors(unittest.TestCase):
     pass
 
 
-test_vectors_128 = load_test_vectors(("Hash", "SHA3"),
+# cSHAKE defaults to SHAKE if customization strings are empty,
-                               "ShortMsgKAT_SHAKE128.txt",
+# hence we reuse the SHAKE testvectors here as well.
-                               "Short Messages KAT SHAKE128",
+vector_files = [("ShortMsgKAT_SHAKE128.txt", "Short Messages KAT SHAKE128", "128_shake", cSHAKE128),
-                               { "len" : lambda x: int(x) } ) or []
+                ("ShortMsgKAT_SHAKE256.txt", "Short Messages KAT SHAKE256", "256_shake", cSHAKE256),
+                ("ShortMsgSamples_cSHAKE128.txt", "Short Message Samples cSHAKE128", "128_cshake", cSHAKE128),
+                ("ShortMsgSamples_cSHAKE256.txt", "Short Message Samples cSHAKE256", "256_cshake", cSHAKE256)]
 
-for idx, tv in enumerate(test_vectors_128):
+for file, descr, tag, test_class in vector_files:
-    if tv.len == 0:
-        data = b("")
-    else:
-        data = tobytes(tv.msg)
 
-    def new_test(self, data=data, result=tv.md):
+    test_vectors = load_test_vectors(("Hash", "SHA3"), file, descr,
-        hobj = SHAKE128.new(data=data)
+                                     {"len": lambda x: int(x),
-        digest = hobj.read(len(result))
+                                      "nlen": lambda x: int(x),
-        self.assertEqual(digest, result)
+                                      "slen": lambda x: int(x)}) or []
 
-    setattr(SHAKEVectors, "test_128_%d" % idx, new_test)
+    for idx, tv in enumerate(test_vectors):
+        if getattr(tv, "len", 0) == 0:
+            data = b("")
+        else:
+            data = tobytes(tv.msg)
+            assert(tv.len == len(tv.msg)*8)
+        if getattr(tv, "nlen", 0) == 0:
+            function = b("")
+        else:
+            function = tobytes(tv.n)
+            assert(tv.nlen == len(tv.n)*8)
+        if getattr(tv, "slen", 0) == 0:
+            custom = b("")
+        else:
+            custom = tobytes(tv.s)
+            assert(tv.slen == len(tv.s)*8)
 
+        def new_test(self, data=data, result=tv.md, function=function, custom=custom, test_class=test_class):
+            hobj = test_class.new(data=data, function=function, custom=custom)
+            digest = hobj.read(len(result))
+            self.assertEqual(digest, result)
 
-test_vectors_256 = load_test_vectors(("Hash", "SHA3"),
+        setattr(cSHAKEVectors, "test_%s_%d" % (tag, idx), new_test)
-                               "ShortMsgKAT_SHAKE256.txt",
-                               "Short Messages KAT SHAKE256",
-                               { "len" : lambda x: int(x) } ) or []
-
-for idx, tv in enumerate(test_vectors_256):
-    if tv.len == 0:
-        data = b("")
-    else:
-        data = tobytes(tv.msg)
-
-    def new_test(self, data=data, result=tv.md):
-        hobj = SHAKE256.new(data=data)
-        digest = hobj.read(len(result))
-        self.assertEqual(digest, result)
-
-    setattr(SHAKEVectors, "test_256_%d" % idx, new_test)
 
 
 def get_tests(config={}):
     tests = []
-    tests += list_test_cases(SHAKE128Test)
+    tests += list_test_cases(cSHAKE128Test)
-    tests += list_test_cases(SHAKE256Test)
+    tests += list_test_cases(cSHAKE256Test)
-    tests += list_test_cases(SHAKEVectors)
+    tests += list_test_cases(cSHAKEVectors)
     return tests
 
 

test_vectors/pycryptodome_test_vectors/Hash/SHA3/ShortMsgSamples_cSHAKE128.txt

@@ -0,0 +1,19 @@
+# Testvectors converted from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/cSHAKE_samples.pdf
+
+# Sample 1
+NLen = 0
+SLen = 120
+Len = 32
+N = 00
+S = 456D61696C205369676E6174757265
+Msg = 00010203
+MD = C1C36925B6409A04F1B504FCBCA9D82B4017277CB5ED2B2065FC1D3814D5AAF5
+
+# Sample 2
+NLen = 0
+SLen = 120
+Len = 1600
+N = 00
+S = 456D61696C205369676E6174757265
+Msg = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+MD = C5221D50E4F822D96A2E8881A961420F294B7B24FE3D2094BAED2C6524CC166B

test_vectors/pycryptodome_test_vectors/Hash/SHA3/ShortMsgSamples_cSHAKE256.txt

@@ -0,0 +1,19 @@
+# Testvectors converted from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/cSHAKE_samples.pdf
+
+# Sample 3
+NLen = 0
+SLen = 120
+Len = 32
+N = 00
+S = 456D61696C205369676E6174757265
+Msg = 00010203
+MD = D008828E2B80AC9D2218FFEE1D070C48B8E4C87BFF32C9699D5B6896EEE0EDD164020E2BE0560858D9C00C037E34A96937C561A74C412BB4C746469527281C8C
+
+# Sample 4
+NLen = 0
+SLen = 120
+Len = 1600
+N = 00
+S = 456D61696C205369676E6174757265
+Msg = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+MD = 07DC27B11E51FBAC75BC7B3C1D983E8B4B85FB1DEFAF218912AC86430273091727F42B17ED1DF63E8EC118F04B23633C1DFB1574C8FB55CB45DA8E25AFB092BB