added SavableDigest support to TupleHash.

dghgit · dghgit · commit 48b71dec44ad · 2025-07-26T17:05:22.000+10:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/TupleHash.java b/core/src/main/java/org/bouncycastle/crypto/digests/TupleHash.java
@@ -1,8 +1,11 @@
 package org.bouncycastle.crypto.digests;
 
 import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.SavableDigest;
 import org.bouncycastle.crypto.Xof;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Memoable;
+import org.bouncycastle.util.Pack;
 import org.bouncycastle.util.Strings;
 
 /**
@@ -13,14 +16,14 @@
  * </p>
  */
 public class TupleHash
-    implements Xof, Digest
+    implements Xof, SavableDigest
 {
     private static final byte[] N_TUPLE_HASH = Strings.toByteArray("TupleHash");
 
     private final CSHAKEDigest cshake;
-    private final int bitLength;
-    private final int outputLength;
 
+    private int bitLength;
+    private int outputLength;
     private boolean firstOutput;
 
     /**
@@ -46,11 +49,27 @@ public TupleHash(int bitLength, byte[] S, int outputSize)
     public TupleHash(TupleHash original)
     {
         this.cshake = new CSHAKEDigest(original.cshake);
+        this.bitLength = original.bitLength;
+        this.outputLength = original.outputLength;
+        this.firstOutput = original.firstOutput;
+    }
+
+    public TupleHash(byte[] state)
+    {
+        this.cshake = new CSHAKEDigest(Arrays.copyOfRange(state, 0, state.length - 9));
+        this.bitLength = Pack.bigEndianToInt(state, state.length - 9);
+        this.outputLength = Pack.bigEndianToInt(state, state.length - 5);
+        this.firstOutput = state[state.length - 1] != 0;
+    }
+
+    private void copyIn(TupleHash original)
+    {
+        this.cshake.reset(original.cshake);
         this.bitLength = cshake.fixedOutputLength;
         this.outputLength = bitLength * 2 / 8;
         this.firstOutput = original.firstOutput;
     }
-
+    
     public String getAlgorithmName()
     {
         return "TupleHash" + cshake.getAlgorithmName().substring(6);
@@ -133,4 +152,26 @@ public void reset()
         cshake.reset();
         firstOutput = true;
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] cshakeState = this.cshake.getEncodedState();
+        byte[] extraState = new byte[4 + 4 + 1];
+
+        Pack.intToBigEndian(this.bitLength, extraState, 0);
+        Pack.intToBigEndian(this.outputLength, extraState, 4);
+        extraState[8] = this.firstOutput ? (byte)1 : (byte)0;
+
+        return Arrays.concatenate(cshakeState, extraState);
+    }
+
+    public Memoable copy()
+    {
+        return new TupleHash(this);
+    }
+
+    public void reset(Memoable other)
+    {
+        copyIn((TupleHash)other);
+    }
 }
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/DigestTest.java b/core/src/test/java/org/bouncycastle/crypto/test/DigestTest.java
@@ -13,6 +13,7 @@
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.Xof;
 import org.bouncycastle.crypto.digests.EncodableDigest;
+import org.bouncycastle.crypto.digests.TupleHash;
 import org.bouncycastle.test.TestResourceFinder;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Memoable;
@@ -71,71 +72,115 @@ public void performTest()
 
     private void testEncodedState(byte[] resBuf, byte[] input, byte[] expected)
     {
-        // test state encoding;
-        digest.update(input, 0, input.length / 2);
+        if (digest instanceof TupleHash)
+        {
+            digest.update(input, 0, input.length);
+            Digest copy1 = cloneDigest(((EncodableDigest)digest).getEncodedState());
+            Digest copy2 = cloneDigest(((EncodableDigest)copy1).getEncodedState());
 
-        // copy the Digest
-        Digest copy1 = cloneDigest(((EncodableDigest)digest).getEncodedState());
-        Digest copy2 = cloneDigest(((EncodableDigest)copy1).getEncodedState());
+            digest.doFinal(resBuf, 0);
 
-        digest.update(input, input.length / 2, input.length - input.length / 2);
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing TupleHash state vector test", expected, new String(Hex.encode(resBuf)));
+            }
 
-        digest.doFinal(resBuf, 0);
+            copy2.doFinal(resBuf, 0);
 
-        if (!areEqual(expected, resBuf))
-        {
-            fail("failing state vector test", expected, new String(Hex.encode(resBuf)));
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing TupleHash state copy2 vector test", expected, new String(Hex.encode(resBuf)));
+            }
         }
+        else
+        {
+            // test state encoding;
+            digest.update(input, 0, input.length / 2);
 
-        copy1.update(input, input.length / 2, input.length - input.length / 2);
-        copy1.doFinal(resBuf, 0);
+            // copy the Digest
+            Digest copy1 = cloneDigest(((EncodableDigest)digest).getEncodedState());
+            Digest copy2 = cloneDigest(((EncodableDigest)copy1).getEncodedState());
 
-        if (!areEqual(expected, resBuf))
-        {
-            fail("failing state copy1 vector test", expected, new String(Hex.encode(resBuf)));
-        }
+            digest.update(input, input.length / 2, input.length - input.length / 2);
 
-        copy2.update(input, input.length / 2, input.length - input.length / 2);
-        copy2.doFinal(resBuf, 0);
+            digest.doFinal(resBuf, 0);
 
-        if (!areEqual(expected, resBuf))
-        {
-            fail("failing state copy2 vector test", expected, new String(Hex.encode(resBuf)));
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing state vector test", expected, new String(Hex.encode(resBuf)));
+            }
+
+            copy1.update(input, input.length / 2, input.length - input.length / 2);
+            copy1.doFinal(resBuf, 0);
+
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing state copy1 vector test", expected, new String(Hex.encode(resBuf)));
+            }
+
+            copy2.update(input, input.length / 2, input.length - input.length / 2);
+            copy2.doFinal(resBuf, 0);
+
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing state copy2 vector test", expected, new String(Hex.encode(resBuf)));
+            }
         }
     }
 
     private void testMemo(byte[] resBuf, byte[] input, byte[] expected)
     {
-        Memoable m = (Memoable)digest;
+        if (digest instanceof TupleHash)
+        {
+            Memoable m = (Memoable)digest;
 
-        digest.update(input, 0, input.length / 2);
+            digest.update(input, 0, input.length);
 
-        // copy the Digest
-        Memoable copy1 = m.copy();
-        Memoable copy2 = copy1.copy();
+            Memoable copy1 = m.copy();
+            Memoable copy2 = copy1.copy();
 
-        digest.update(input, input.length / 2, input.length - input.length / 2);
-        digest.doFinal(resBuf, 0);
+            digest.doFinal(resBuf, 0);
+            if (!areEqual(expected, resBuf))
+            {
+               fail("failing tuplehash memo vector test 1", results[results.length - 1], new String(Hex.encode(resBuf)));
+            }
 
-        if (!areEqual(expected, resBuf))
-        {
-            fail("failing memo vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+            Digest d = (Digest)copy2;
+            d.doFinal(resBuf, 0);
         }
+        else
+        {
+            Memoable m = (Memoable)digest;
 
-        m.reset(copy1);
+            digest.update(input, 0, input.length / 2);
 
-        digest.update(input, input.length / 2, input.length - input.length / 2);
-        digest.doFinal(resBuf, 0);
+            // copy the Digest
+            Memoable copy1 = m.copy();
+            Memoable copy2 = copy1.copy();
 
-        if (!areEqual(expected, resBuf))
-        {
-            fail("failing memo reset vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
-        }
+            digest.update(input, input.length / 2, input.length - input.length / 2);
+            digest.doFinal(resBuf, 0);
 
-        Digest md = (Digest)copy2;
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing memo vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+            }
+
+            m.reset(copy1);
+
+            digest.update(input, input.length / 2, input.length - input.length / 2);
+            digest.doFinal(resBuf, 0);
+
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing memo reset vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+            }
 
-        md.update(input, input.length / 2, input.length - input.length / 2);
-        md.doFinal(resBuf, 0);
+            Digest md = (Digest)copy2;
+
+            md.update(input, input.length / 2, input.length - input.length / 2);
+            md.doFinal(resBuf, 0);
+        }
 
         if (!areEqual(expected, resBuf))
         {
@@ -145,21 +190,32 @@ private void testMemo(byte[] resBuf, byte[] input, byte[] expected)
 
     private void testClone(byte[] resBuf, byte[] input, byte[] expected)
     {
-        digest.update(input, 0, input.length / 2);
+        if (digest instanceof TupleHash)
+        {
+            // can't support multiple updates like the others - it's the whole point!
+            Digest d = cloneDigest(digest);
 
-        // clone the Digest
-        Digest d = cloneDigest(digest);
+            d.update(input, 0, input.length);
+            d.doFinal(resBuf, 0);
+        }
+        else
+        {
+            digest.update(input, 0, input.length / 2);
 
-        digest.update(input, input.length / 2, input.length - input.length / 2);
-        digest.doFinal(resBuf, 0);
+            // clone the Digest
+            Digest d = cloneDigest(digest);
 
-        if (!areEqual(expected, resBuf))
-        {
-            fail("failing clone vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
-        }
+            digest.update(input, input.length / 2, input.length - input.length / 2);
+            digest.doFinal(resBuf, 0);
+
+            if (!areEqual(expected, resBuf))
+            {
+                fail("failing clone vector test", results[results.length - 1], new String(Hex.encode(resBuf)));
+            }
 
-        d.update(input, input.length / 2, input.length - input.length / 2);
-        d.doFinal(resBuf, 0);
+            d.update(input, input.length / 2, input.length - input.length / 2);
+            d.doFinal(resBuf, 0);
+        }
 
         if (!areEqual(expected, resBuf))
         {
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/TupleHashTest.java b/core/src/test/java/org/bouncycastle/crypto/test/TupleHashTest.java
@@ -5,24 +5,45 @@
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
 
 /**
  * TupleHash test vectors from:
  * <p>
  * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/KMAC_samples.pdf
  */
 public class TupleHashTest
-    extends SimpleTest
+    extends DigestTest
 {
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+
+    private static String[] digests =
+    {
+        "549330469327c593eb95b1d467c48e5781939e135e10632c804ef8a69c73281c",
+        "98e1cb3104a046dcdc77a6acbee4177553ba15cb0235a3db99f506198dc9c8b5",
+        "873195cadfea6bc6a71cdd903da87afb49fd232d71db817c3abcad48ad8a7898",
+        "b9588fbf7302809815ebd989d00752f732a08dc9b1153b6f3a097f518cdc44ea"
+    };
+
+    public TupleHashTest()
+    {
+        super(new TupleHash(128, new byte[0]), messages, digests);
+    }
+
     public String getName()
     {
         return "TupleHash";
     }
 
     public void performTest()
-        throws Exception
     {
+        super.performTest();
+
         TupleHash tHash = new TupleHash(128, new byte[0]);
 
         tHash.update(Hex.decode("000102"), 0, 3);
@@ -105,6 +126,16 @@ public void performTest()
         testClone();
     }
 
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new TupleHash((TupleHash)digest);
+    }
+
+    protected Digest cloneDigest(byte[] state)
+    {
+        return new TupleHash(state);
+    }
+
     private void testClone()
     {
         Digest digest = new TupleHash(256, Strings.toByteArray("My Tuple App"));
