import unittest
from binascii import unhexlify, hexlify
from Crypto.Util.py3compat import tobytes
from Crypto.Util.strxor import strxor_c
from Crypto.SelfTest.st_common import list_test_cases
from Crypto.Hash import KMAC128, KMAC256
class KMACTest(unittest.TestCase):
def new(self, *args, **kwargs):
return self.KMAC.new(key=b'X' * (self.minimum_key_bits // 8), *args, **kwargs)
def test_new_positive(self):
key = b'X' * 32
h = self.new()
for new_func in self.KMAC.new, h.new:
for dbytes in range(self.minimum_bytes, 128 + 1):
hobj = new_func(key=key, mac_len=dbytes)
self.assertEqual(hobj.digest_size, dbytes)
digest1 = new_func(key=key, data=b"\x90").digest()
digest2 = new_func(key=key).update(b"\x90").digest()
self.assertEqual(digest1, digest2)
new_func(data=b"A", key=key, custom=b"g")
hobj = h.new(key=key)
self.assertEqual(hobj.digest_size, self.default_bytes)
def test_new_negative(self):
h = self.new()
for new_func in self.KMAC.new, h.new:
self.assertRaises(ValueError, new_func, key=b'X'*32,
mac_len=0)
self.assertRaises(ValueError, new_func, key=b'X'*32,
mac_len=self.minimum_bytes - 1)
self.assertRaises(TypeError, new_func,
key=u"string")
self.assertRaises(TypeError, new_func,
data=u"string")
def test_default_digest_size(self):
digest = self.new(data=b'abc').digest()
self.assertEqual(len(digest), self.default_bytes)
def test_update(self):
pieces = [b"\x0A" * 200, b"\x14" * 300]
h = self.new()
h.update(pieces[0]).update(pieces[1])
digest = h.digest()
h = self.new()
h.update(pieces[0] + pieces[1])
self.assertEqual(h.digest(), digest)
def test_update_negative(self):
h = self.new()
self.assertRaises(TypeError, h.update, u"string")
def test_digest(self):
h = self.new()
digest = h.digest()
# hexdigest does not change the state
self.assertEqual(h.digest(), digest)
# digest returns a byte string
self.assertTrue(isinstance(digest, type(b"digest")))
def test_update_after_digest(self):
msg = b"rrrrttt"
# Normally, update() cannot be done after digest()
h = self.new(mac_len=32, data=msg[:4])
dig1 = h.digest()
self.assertRaises(TypeError, h.update, dig1)
def test_hex_digest(self):
mac = self.new()
digest = mac.digest()
hexdigest = mac.hexdigest()
# hexdigest is equivalent to digest
self.assertEqual(hexlify(digest), tobytes(hexdigest))
# hexdigest does not change the state
self.assertEqual(mac.hexdigest(), hexdigest)
# hexdigest returns a string
self.assertTrue(isinstance(hexdigest, type("digest")))
def test_verify(self):
h = self.new()
mac = h.digest()
h.verify(mac)
wrong_mac = strxor_c(mac, 255)
self.assertRaises(ValueError, h.verify, wrong_mac)
def test_hexverify(self):
h = self.new()
mac = h.hexdigest()
h.hexverify(mac)
self.assertRaises(ValueError, h.hexverify, "4556")
def test_oid(self):
oid = "2.16.840.1.101.3.4.2." + self.oid_variant
h = self.new()
self.assertEqual(h.oid, oid)
def test_bytearray(self):
key = b'0' * 32
data = b"\x00\x01\x02"
# Data and key can be a bytearray (during initialization)
key_ba = bytearray(key)
data_ba = bytearray(data)
h1 = self.KMAC.new(data=data, key=key)
h2 = self.KMAC.new(data=data_ba, key=key_ba)
key_ba[:1] = b'\xFF'
data_ba[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
# Data can be a bytearray (during operation)
data_ba = bytearray(data)
h1 = self.new()
h2 = self.new()
h1.update(data)
h2.update(data_ba)
data_ba[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
def test_memoryview(self):
key = b'0' * 32
data = b"\x00\x01\x02"
def get_mv_ro(data):
return memoryview(data)
def get_mv_rw(data):
return memoryview(bytearray(data))
for get_mv in (get_mv_ro, get_mv_rw):
# Data and key can be a memoryview (during initialization)
key_mv = get_mv(key)
data_mv = get_mv(data)
h1 = self.KMAC.new(data=data, key=key)
h2 = self.KMAC.new(data=data_mv, key=key_mv)
if not data_mv.readonly:
data_mv[:1] = b'\xFF'
key_mv[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
# Data can be a memoryview (during operation)
data_mv = get_mv(data)
h1 = self.new()
h2 = self.new()
h1.update(data)
h2.update(data_mv)
if not data_mv.readonly:
data_mv[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
class KMAC128Test(KMACTest):
KMAC = KMAC128
minimum_key_bits = 128
minimum_bytes = 8
default_bytes = 64
oid_variant = "19"
class KMAC256Test(KMACTest):
KMAC = KMAC256
minimum_key_bits = 256
minimum_bytes = 8
default_bytes = 64
oid_variant = "20"
class NISTExampleTestVectors(unittest.TestCase):
# https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/KMAC_samples.pdf
test_data = [
(
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F",
"00 01 02 03",
"",
"E5 78 0B 0D 3E A6 F7 D3 A4 29 C5 70 6A A4 3A 00"
"FA DB D7 D4 96 28 83 9E 31 87 24 3F 45 6E E1 4E",
"Sample #1 NIST",
KMAC128
),
(
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F",
"00 01 02 03",
"My Tagged Application",
"3B 1F BA 96 3C D8 B0 B5 9E 8C 1A 6D 71 88 8B 71"
"43 65 1A F8 BA 0A 70 70 C0 97 9E 28 11 32 4A A5",
"Sample #2 NIST",
KMAC128
),
(
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F",
"00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F"
"10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F"
"20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F"
"30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F"
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F"
"60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F"
"70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F"
"80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F"
"90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F"
"A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF"
"B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF"
"C0 C1 C2 C3 C4 C5 C6 C7",
"My Tagged Application",
"1F 5B 4E 6C CA 02 20 9E 0D CB 5C A6 35 B8 9A 15"
"E2 71 EC C7 60 07 1D FD 80 5F AA 38 F9 72 92 30",
"Sample #3 NIST",
KMAC128
),
(
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F",
"00 01 02 03",
"My Tagged Application",
"20 C5 70 C3 13 46 F7 03 C9 AC 36 C6 1C 03 CB 64"
"C3 97 0D 0C FC 78 7E 9B 79 59 9D 27 3A 68 D2 F7"
"F6 9D 4C C3 DE 9D 10 4A 35 16 89 F2 7C F6 F5 95"
"1F 01 03 F3 3F 4F 24 87 10 24 D9 C2 77 73 A8 DD",
"Sample #4 NIST",
KMAC256
),
(
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F",
"00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F"
"10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F"
"20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F"
"30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F"
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F"
"60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F"
"70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F"
"80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F"
"90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F"
"A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF"
"B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF"
"C0 C1 C2 C3 C4 C5 C6 C7",
"",
"75 35 8C F3 9E 41 49 4E 94 97 07 92 7C EE 0A F2"
"0A 3F F5 53 90 4C 86 B0 8F 21 CC 41 4B CF D6 91"
"58 9D 27 CF 5E 15 36 9C BB FF 8B 9A 4C 2E B1 78"
"00 85 5D 02 35 FF 63 5D A8 25 33 EC 6B 75 9B 69",
"Sample #5 NIST",
KMAC256
),
(
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F",
"00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F"
"10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F"
"20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F"
"30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F"
"40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F"
"50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F"
"60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F"
"70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F"
"80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F"
"90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F"
"A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF"
"B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF"
"C0 C1 C2 C3 C4 C5 C6 C7",
"My Tagged Application",
"B5 86 18 F7 1F 92 E1 D5 6C 1B 8C 55 DD D7 CD 18"
"8B 97 B4 CA 4D 99 83 1E B2 69 9A 83 7D A2 E4 D9"
"70 FB AC FD E5 00 33 AE A5 85 F1 A2 70 85 10 C3"
"2D 07 88 08 01 BD 18 28 98 FE 47 68 76 FC 89 65",
"Sample #6 NIST",
KMAC256
),
]
def setUp(self):
td = []
for key, data, custom, mac, text, module in self.test_data:
ni = (
unhexlify(key.replace(" ", "")),
unhexlify(data.replace(" ", "")),
custom.encode(),
unhexlify(mac.replace(" ", "")),
text,
module
)
td.append(ni)
self.test_data = td
def runTest(self):
for key, data, custom, mac, text, module in self.test_data:
h = module.new(data=data, key=key, custom=custom, mac_len=len(mac))
mac_tag = h.digest()
self.assertEqual(mac_tag, mac, msg=text)
def get_tests(config={}):
tests = []
tests += list_test_cases(KMAC128Test)
tests += list_test_cases(KMAC256Test)
tests.append(NISTExampleTestVectors())
return tests
if __name__ == '__main__':
def suite():
return unittest.TestSuite(get_tests())
unittest.main(defaultTest='suite')