BLAKE2s: add Known Answer Tests

6 files changed, 102 insertions, 21 deletions

diff --git a/com/BLAKE2/README.md b/com/BLAKE2/README.md
index 3cee1c3..223324e 100644
--- a/com/BLAKE2/README.md
+++ b/com/BLAKE2/README.md
@@ -1,5 +1,7 @@
-## b2s: BLAKE2s implementation
+## BLAKE2
 BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2, and SHA-3, yet is at least as secure as the
-latest standard SHA-3. BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size between 1 and
-32 bytes.
+latest standard SHA-3.
+
+## BLAKE2s
+BLAKE2s is optimized for 8 to 32-bit platforms and produces digests of any size between 1 and 32 bytes.
 
diff --git a/com/BLAKE2/blake2s.c b/com/BLAKE2/blake2s.c
index d829780..5b03b88 100644
--- a/com/BLAKE2/blake2s.c
+++ b/com/BLAKE2/blake2s.c
@@ -124,13 +124,3 @@ BLAKE2s_final(struct BLAKE2s_ctx *ctx, void *out)
   for (unsigned i = 0; i < ctx->outlen; ++i) ((uint8_t *)out)[i] = (ctx->h[i >> 2] >> (8 * (i & 3))) & 0xff;
 }
 
-int
-BLAKE2s(void *out, size_t outlen, const void *key, size_t keylen, const void *in, size_t inlen)
-{
-  struct BLAKE2s_ctx ctx;
-  if (BLAKE2s_init(&ctx, outlen, key, keylen)) return -1;
-  BLAKE2s_update(&ctx, in, inlen);
-  BLAKE2s_final(&ctx, out);
-
-  return 0;
-}
diff --git a/com/BLAKE2/blake2s.h b/com/BLAKE2/blake2s.h
index d60d6d3..fd68168 100644
--- a/com/BLAKE2/blake2s.h
+++ b/com/BLAKE2/blake2s.h
@@ -45,6 +45,15 @@ void BLAKE2s_update(struct BLAKE2s_ctx *ctx, const void *d, size_t dd);
 void BLAKE2s_final(struct BLAKE2s_ctx *ctx, void *out);
 
 // All-in-one convenience function.
-int BLAKE2s(void *out, size_t outlen,       // return buffer for digest
-            const void *key, size_t keylen, // optional secret key
-            const void *in, size_t inlen);  // data to be hashed
+[[maybe_unused]] static int
+BLAKE2s(void *out, size_t outlen,       // return buffer for digest
+        const void *key, size_t keylen, // optional secret key
+        const void *in, size_t inlen)   // data to be hashed
+{
+  struct BLAKE2s_ctx ctx;
+  if (BLAKE2s_init(&ctx, outlen, key, keylen)) return -1;
+  BLAKE2s_update(&ctx, in, inlen);
+  BLAKE2s_final(&ctx, out);
+
+  return 0;
+}
diff --git a/com/BLAKE2/meson.build b/com/BLAKE2/meson.build
index 005a157..1592dd7 100644
--- a/com/BLAKE2/meson.build
+++ b/com/BLAKE2/meson.build
@@ -1,7 +1,16 @@
-BLAKE2s = declare_dependency(
-  sources: 'blake2s.c',
-  compile_args: '-fanalyzer'
+#BLAKE2s = static_library('BLAKE2s', 'blake2s.c')
+BLAKE2s_native = shared_library('BLAKE2s_native', 'blake2s.c', native: true)
+
+test('BLAKE2s functions', executable('b2s_fns', 'test_fns.c', link_with: BLAKE2s_native, native: true), suite: 'BLAKE2')
+test('BLAKE2s selftest', executable('b2s_selftest', 'test_main.c', link_with: BLAKE2s_native, native: true), suite: 'BLAKE2')
+
+kat = generator(python3,
+  arguments: '@INPUT@',
+  capture: true, output: '@BASENAME@.h'
 )
 
-test('BLAKE2s functions', executable('b2s_fns', 'test_fns.c', dependencies: BLAKE2s, native: true), suite: 'BLAKE2')
-test('BLAKE2s selftest', executable('b2s_selftest', 'test_main.c', dependencies: BLAKE2s, native: true), suite: 'BLAKE2')
+test('BLAKE2s KAT',
+  executable('b2s_kat', ['test/blake2s_kat.c', kat.process('test/blake2s_kat.py')],
+    link_with: BLAKE2s_native, native: true),
+  suite: 'BLAKE2'
+)
diff --git a/com/BLAKE2/test/blake2s_kat.c b/com/BLAKE2/test/blake2s_kat.c
new file mode 100644
index 0000000..0581c18
--- /dev/null
+++ b/com/BLAKE2/test/blake2s_kat.c
@@ -0,0 +1,31 @@
+#include <assert.h>
+#include <blake2s.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "blake2s_kat.h"
+
+int
+main(void)
+{
+  uint8_t in[256];
+  for (int i = 0; i < 256; ++i) in[i] = i;
+  uint8_t out[32];
+
+  for (unsigned i = 0; i < KATs_len; ++i) {
+    assert(BLAKE2s(out, 32, NULL, 0, in, i) == 0);
+    assert(memcmp(out, KATs[i], 32) == 0);
+  }
+
+  for (unsigned i = 0; i < 1; ++i) {
+    _Static_assert(sizeof(KAT_secret) == 32, "sizeof KAT_secret");
+    assert(BLAKE2s(out, 32, KAT_secret, 32, in, i) == 0);
+
+    for (unsigned j = 0; j < 32; ++j) printf("%02x ", out[j]);
+    printf("\n");
+    for (unsigned j = 0; j < 32; ++j) printf("%02x ", secret_KATs[i][j]);
+    printf("\n");
+
+    assert(memcmp(out, secret_KATs[i], 32) == 0);
+  }
+}
diff --git a/com/BLAKE2/test/blake2s_kat.py b/com/BLAKE2/test/blake2s_kat.py
new file mode 100755
index 0000000..2dd5370
--- /dev/null
+++ b/com/BLAKE2/test/blake2s_kat.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+# Known Answer Test generator
+
+import json
+import hashlib
+import secrets
+
+def blake2s(w, key):
+  ctx = hashlib.blake2s(key=key)
+  ctx.update(w)
+  return ctx.digest().hex()
+
+def out(s):
+  o = [s[i:i+2] for i in range(0, len(s), 2)]     # split into pairs
+  o = [f'0x{i}' for i in o]                       # prepend 0x and join
+  return ', '.join(o)
+
+if __name__ == '__main__':
+  w = b''
+  for i in range(0, 256):
+    w += i.to_bytes(1, 'little')
+  k = secrets.token_bytes(32)
+
+  print('#pragma once\n')
+  print(f'static const unsigned KATs_len = 256;')
+  print(f'static const uint8_t KAT_secret[32] = {{ {", ".join([hex(i) for i in k])} }};')
+
+  print(f'static const uint8_t KATs[256][32] = {{')
+  for i in range(0, 256):
+    o = blake2s(w[0:i], b'')
+    print(f'  // {i}')
+    print(f'  {{ {out(o)} }},')
+  print(f'}};')
+
+  print(f'static const uint8_t secret_KATs[256][32] = {{')
+  for i in range(0, 256):
+    o = blake2s(w[0:i], k)
+    print(f'  // {i}')
+    print(f'  {{ {out(o)} }},')
+  print(f'}};')