sha3: fix padding for long cSHAKE parameters · golang/crypto@80ea76e (original) (raw)

`@@ -17,6 +17,7 @@ import (

`

17

17

`"encoding/json"

`

18

18

`"fmt"

`

19

19

`"hash"

`

``

20

`+

"io"

`

20

21

`"math/rand"

`

21

22

`"os"

`

22

23

`"strings"

`

`@@ -375,6 +376,116 @@ func TestClone(t *testing.T) {

`

375

376

` }

`

376

377

`}

`

377

378

``

``

379

`+

func TestCSHAKEAccumulated(t *testing.T) {

`

``

380

`+

// Generated with pycryptodome@3.20.0

`

``

381

`+

//

`

``

382

`+

// from Crypto.Hash import cSHAKE128

`

``

383

`+

// rng = cSHAKE128.new()

`

``

384

`+

// acc = cSHAKE128.new()

`

``

385

`+

// for n in range(200):

`

``

386

`+

// N = rng.read(n)

`

``

387

`+

// for s in range(200):

`

``

388

`+

// S = rng.read(s)

`

``

389

`+

// c = cSHAKE128.cSHAKE_XOF(data=None, custom=S, capacity=256, function=N)

`

``

390

`+

// c.update(rng.read(100))

`

``

391

`+

// acc.update(c.read(200))

`

``

392

`+

// c = cSHAKE128.cSHAKE_XOF(data=None, custom=S, capacity=256, function=N)

`

``

393

`+

// c.update(rng.read(168))

`

``

394

`+

// acc.update(c.read(200))

`

``

395

`+

// c = cSHAKE128.cSHAKE_XOF(data=None, custom=S, capacity=256, function=N)

`

``

396

`+

// c.update(rng.read(200))

`

``

397

`+

// acc.update(c.read(200))

`

``

398

`+

// print(acc.read(32).hex())

`

``

399

`+

//

`

``

400

`+

// and with @noble/hashes@v1.5.0

`

``

401

`+

//

`

``

402

`+

// import { bytesToHex } from "@noble/hashes/utils";

`

``

403

`+

// import { cshake128 } from "@noble/hashes/sha3-addons";

`

``

404

`+

// const rng = cshake128.create();

`

``

405

`+

// const acc = cshake128.create();

`

``

406

`+

// for (let n = 0; n < 200; n++) {

`

``

407

`+

// const N = rng.xof(n);

`

``

408

`+

// for (let s = 0; s < 200; s++) {

`

``

409

`+

// const S = rng.xof(s);

`

``

410

`+

// let c = cshake128.create({ NISTfn: N, personalization: S });

`

``

411

`+

// c.update(rng.xof(100));

`

``

412

`+

// acc.update(c.xof(200));

`

``

413

`+

// c = cshake128.create({ NISTfn: N, personalization: S });

`

``

414

`+

// c.update(rng.xof(168));

`

``

415

`+

// acc.update(c.xof(200));

`

``

416

`+

// c = cshake128.create({ NISTfn: N, personalization: S });

`

``

417

`+

// c.update(rng.xof(200));

`

``

418

`+

// acc.update(c.xof(200));

`

``

419

`+

// }

`

``

420

`+

// }

`

``

421

`+

// console.log(bytesToHex(acc.xof(32)));

`

``

422

`+

//

`

``

423

`+

t.Run("cSHAKE128", func(t *testing.T) {

`

``

424

`+

testCSHAKEAccumulated(t, NewCShake128, rate128,

`

``

425

`+

"bb14f8657c6ec5403d0b0e2ef3d3393497e9d3b1a9a9e8e6c81dbaa5fd809252")

`

``

426

`+

})

`

``

427

`+

t.Run("cSHAKE256", func(t *testing.T) {

`

``

428

`+

testCSHAKEAccumulated(t, NewCShake256, rate256,

`

``

429

`+

"0baaf9250c6e25f0c14ea5c7f9bfde54c8a922c8276437db28f3895bdf6eeeef")

`

``

430

`+

})

`

``

431

`+

}

`

``

432

+

``

433

`+

func testCSHAKEAccumulated(t *testing.T, newCShake func(N, S []byte) ShakeHash, rate int64, exp string) {

`

``

434

`+

rnd := newCShake(nil, nil)

`

``

435

`+

acc := newCShake(nil, nil)

`

``

436

`+

for n := 0; n < 200; n++ {

`

``

437

`+

N := make([]byte, n)

`

``

438

`+

rnd.Read(N)

`

``

439

`+

for s := 0; s < 200; s++ {

`

``

440

`+

S := make([]byte, s)

`

``

441

`+

rnd.Read(S)

`

``

442

+

``

443

`+

c := newCShake(N, S)

`

``

444

`+

io.CopyN(c, rnd, 100 /* < rate */)

`

``

445

`+

io.CopyN(acc, c, 200)

`

``

446

+

``

447

`+

c.Reset()

`

``

448

`+

io.CopyN(c, rnd, rate)

`

``

449

`+

io.CopyN(acc, c, 200)

`

``

450

+

``

451

`+

c.Reset()

`

``

452

`+

io.CopyN(c, rnd, 200 /* > rate */)

`

``

453

`+

io.CopyN(acc, c, 200)

`

``

454

`+

}

`

``

455

`+

}

`

``

456

`+

if got := hex.EncodeToString(acc.Sum(nil)[:32]); got != exp {

`

``

457

`+

t.Errorf("got %s, want %s", got, exp)

`

``

458

`+

}

`

``

459

`+

}

`

``

460

+

``

461

`+

func TestCSHAKELargeS(t *testing.T) {

`

``

462

`+

if testing.Short() {

`

``

463

`+

t.Skip("skipping test in short mode.")

`

``

464

`+

}

`

``

465

+

``

466

`+

// See https://go.dev/issue/66232.

`

``

467

`+

const s = (1<<32)/8 + 1000 // s * 8 > 2^32

`

``

468

`+

S := make([]byte, s)

`

``

469

`+

rnd := NewShake128()

`

``

470

`+

rnd.Read(S)

`

``

471

`+

c := NewCShake128(nil, S)

`

``

472

`+

io.CopyN(c, rnd, 1000)

`

``

473

+

``

474

`+

// Generated with pycryptodome@3.20.0

`

``

475

`+

//

`

``

476

`+

// from Crypto.Hash import cSHAKE128

`

``

477

`+

// rng = cSHAKE128.new()

`

``

478

`+

// S = rng.read(536871912)

`

``

479

`+

// c = cSHAKE128.new(custom=S)

`

``

480

`+

// c.update(rng.read(1000))

`

``

481

`+

// print(c.read(32).hex())

`

``

482

`+

//

`

``

483

`+

exp := "2cb9f237767e98f2614b8779cf096a52da9b3a849280bbddec820771ae529cf0"

`

``

484

`+

if got := hex.EncodeToString(c.Sum(nil)); got != exp {

`

``

485

`+

t.Errorf("got %s, want %s", got, exp)

`

``

486

`+

}

`

``

487

`+

}

`

``

488

+

378

489

`// BenchmarkPermutationFunction measures the speed of the permutation function

`

379

490

`// with no input data.

`

380

491

`func BenchmarkPermutationFunction(b *testing.B) {

`