Add unit tests for x4 keccak

Author: bremoran

mldsa/fips202/fips202x4.h

@@ -16,11 +16,13 @@
 #include "keccakf1600.h"
 
 /* Context for non-incremental API */
+#define mld_shake128x4ctx FIPS202_NAMESPACE(shake128x4ctx)
 typedef struct
 {
   uint64_t ctx[MLD_KECCAK_LANES * MLD_KECCAK_WAY];
 } mld_shake128x4ctx;
 
+#define mld_shake256x4ctx FIPS202_NAMESPACE(shake256x4ctx)
 typedef struct
 {
   uint64_t ctx[MLD_KECCAK_LANES * MLD_KECCAK_WAY];

test/test_unit.c

@@ -21,6 +21,7 @@
 
 #include "../mldsa/fips202/keccakf1600.c"
 #include "../mldsa/fips202/fips202.c"
+#include "../mldsa/fips202/fips202x4.c"
 
 #undef FIPS202_NAMESPACE
 #undef mld_keccakf1600_xor_bytes
@@ -40,24 +41,30 @@
 #undef mld_shake128_finalize
 #undef mld_shake128_absorb
 #undef mld_shake128_init
-#undef mld_keccakf1600x4_permute
-#undef mld_keccakf1600_permute
-#undef mld_keccakf1600x4_xor_bytes
-#undef mld_keccakf1600x4_extract_bytes
-#undef mld_keccakf1600_xor_bytes
-#undef mld_keccakf1600_extract_bytes
+#undef mld_shake256x4_release
+#undef mld_shake256x4_init
+#undef mld_shake256x4_squeezeblocks
+#undef mld_shake256x4_absorb_once
+#undef mld_shake128x4_release
+#undef mld_shake128x4_init
+#undef mld_shake128x4_squeezeblocks
+#undef mld_shake128x4_absorb_once
+#undef mld_shake256ctx
+#undef mld_shake128ctx
 
 #undef mld_memset
 #undef mld_memcpy
 #undef mld_zeroize
 
 #undef MLD_FIPS202_KECCAKF1600_H
 #undef MLD_FIPS202_FIPS202_H
+#undef MLD_FIPS202_FIPS202X4_H
 #undef MLD_COMMON_H
 
 /* Under test */
 #include "../mldsa/fips202/keccakf1600.h"
 #include "../mldsa/fips202/fips202.h"
+#include "../mldsa/fips202/fips202x4.h"
 
 #define CHECK(x)                                              \
   do                                                          \
@@ -206,6 +213,42 @@ static int shake256_ctx_equals(const test_priv_shake256ctx *ref,
 #endif
 }
 
+static int shake_x4_ctx_equals(const uint64_t *ref_ctx,
+                               const uint64_t *dut_ctx)
+{
+#if defined(MLD_USE_FIPS202_X4_XOR_NATIVE)
+  uint64_t dut_inter[MLD_KECCAK_WAY][MLD_KECCAK_LANES];
+  unpack_x4_native(dut_inter, dut_ctx);
+#endif
+
+  for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+    const uint64_t *ref_lane = ref_ctx + (size_t)ch * MLD_KECCAK_LANES;
+#if defined(MLD_USE_FIPS202_X4_XOR_NATIVE)
+    uint64_t dut_norm[MLD_KECCAK_LANES];
+    deinterleave_state(dut_norm, dut_inter[ch]);
+    if (memcmp(ref_lane, dut_norm, sizeof dut_norm) != 0) return 0;
+#else
+    const uint64_t *dut_lane = dut_ctx + (size_t)ch * MLD_KECCAK_LANES;
+    if (memcmp(ref_lane, dut_lane, sizeof(uint64_t) * MLD_KECCAK_LANES) != 0)
+      return 0;
+#endif
+  }
+
+  return 1;
+}
+
+static int shake128x4_ctx_equals(const test_priv_shake128x4ctx *ref,
+                                 const mld_shake128x4ctx *dut)
+{
+  return shake_x4_ctx_equals(ref->ctx, dut->ctx);
+}
+
+static int shake256x4_ctx_equals(const test_priv_shake256x4ctx *ref,
+                                 const mld_shake256x4ctx *dut)
+{
+  return shake_x4_ctx_equals(ref->ctx, dut->ctx);
+}
+
 static int test_shake128_api(void)
 {
   int fails = 0;
@@ -315,6 +358,99 @@ static int test_shake256_function(void)
   return fails;
 }
 
+static int test_shake128x4_api(void)
+{
+  int fails = 0;
+  static const size_t absorb_lens[] = {0, 1, SHAKE128_RATE - 1, SHAKE128_RATE,
+                                       SHAKE128_RATE + 7, SHAKE128_RATE * 2 + 5};
+  static const size_t block_counts[] = {0, 1, 2, 3};
+  uint8_t in[MLD_KECCAK_WAY][SHAKE128_RATE * 3];
+  uint8_t out_ref[MLD_KECCAK_WAY][SHAKE128_RATE * 3];
+  uint8_t out_dut[MLD_KECCAK_WAY][SHAKE128_RATE * 3];
+
+  for (size_t ai = 0; ai < sizeof(absorb_lens) / sizeof(absorb_lens[0]); ai++) {
+    size_t inlen = absorb_lens[ai];
+    for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+      if (inlen > 0) randombytes(in[ch], inlen);
+    }
+
+    test_priv_shake128x4ctx ref_ctx;
+    mld_shake128x4ctx dut_ctx;
+    test_priv_shake128x4_absorb_once(&ref_ctx, in[0], in[1], in[2], in[3], inlen);
+    mld_shake128x4_absorb_once(&dut_ctx, in[0], in[1], in[2], in[3], inlen);
+    CHECK(shake128x4_ctx_equals(&ref_ctx, &dut_ctx));
+
+    for (size_t bi = 0; bi < sizeof(block_counts) / sizeof(block_counts[0]); bi++) {
+      size_t nblocks = block_counts[bi];
+      test_priv_shake128x4ctx ref_copy;
+      mld_shake128x4ctx dut_copy;
+      memcpy(&ref_copy, &ref_ctx, sizeof(ref_ctx));
+      memcpy(&dut_copy, &dut_ctx, sizeof(dut_ctx));
+      for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+        memset(out_ref[ch], 0, nblocks * SHAKE128_RATE);
+        memset(out_dut[ch], 0, nblocks * SHAKE128_RATE);
+      }
+      test_priv_shake128x4_squeezeblocks(out_ref[0], out_ref[1], out_ref[2],
+                                         out_ref[3], nblocks, &ref_copy);
+      mld_shake128x4_squeezeblocks(out_dut[0], out_dut[1], out_dut[2],
+                                   out_dut[3], nblocks, &dut_copy);
+      for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+        CHECK(memcmp(out_ref[ch], out_dut[ch], nblocks * SHAKE128_RATE) == 0);
+      }
+      CHECK(shake128x4_ctx_equals(&ref_copy, &dut_copy));
+    }
+  }
+
+  return fails;
+}
+
+static int test_shake256x4_api(void)
+{
+  int fails = 0;
+  static const size_t absorb_lens[] = {0, 1, SHAKE256_RATE - 1, SHAKE256_RATE,
+                                       SHAKE256_RATE + 9, SHAKE256_RATE * 2 + 3};
+  static const size_t block_counts[] = {0, 1, 2, 3};
+  uint8_t in[MLD_KECCAK_WAY][SHAKE256_RATE * 3];
+  uint8_t out_ref[MLD_KECCAK_WAY][SHAKE256_RATE * 3];
+  uint8_t out_dut[MLD_KECCAK_WAY][SHAKE256_RATE * 3];
+
+  for (size_t ai = 0; ai < sizeof(absorb_lens) / sizeof(absorb_lens[0]); ai++) {
+    size_t inlen = absorb_lens[ai];
+    for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+      if (inlen > 0) randombytes(in[ch], inlen);
+    }
+
+    test_priv_shake256x4ctx ref_ctx;
+    mld_shake256x4ctx dut_ctx;
+    test_priv_shake256x4_absorb_once(&ref_ctx, in[0], in[1], in[2], in[3], inlen);
+    mld_shake256x4_absorb_once(&dut_ctx, in[0], in[1], in[2], in[3], inlen);
+    CHECK(shake256x4_ctx_equals(&ref_ctx, &dut_ctx));
+
+    for (size_t bi = 0; bi < sizeof(block_counts) / sizeof(block_counts[0]); bi++) {
+      size_t nblocks = block_counts[bi];
+      test_priv_shake256x4ctx ref_copy;
+      mld_shake256x4ctx dut_copy;
+      memcpy(&ref_copy, &ref_ctx, sizeof(ref_ctx));
+      memcpy(&dut_copy, &dut_ctx, sizeof(dut_ctx));
+
+      for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+        memset(out_ref[ch], 0, nblocks * SHAKE256_RATE);
+        memset(out_dut[ch], 0, nblocks * SHAKE256_RATE);
+      }
+      test_priv_shake256x4_squeezeblocks(out_ref[0], out_ref[1], out_ref[2],
+                                         out_ref[3], nblocks, &ref_copy);
+      mld_shake256x4_squeezeblocks(out_dut[0], out_dut[1], out_dut[2],
+                                   out_dut[3], nblocks, &dut_copy);
+      for (int ch = 0; ch < MLD_KECCAK_WAY; ch++) {
+        CHECK(memcmp(out_ref[ch], out_dut[ch], nblocks * SHAKE256_RATE) == 0);
+      }
+      CHECK(shake256x4_ctx_equals(&ref_copy, &dut_copy));
+    }
+  }
+
+  return fails;
+}
+
 #if defined(MLD_USE_FIPS202_X4_NATIVE)
 static int test_x4_xor_bytes(void)
 {
@@ -581,10 +717,6 @@ int main(void)
 
   randombytes_reset();
 
-  fails += test_shake128_api();
-  fails += test_shake256_api();
-  fails += test_shake256_function();
-
 #if defined(MLD_USE_FIPS202_X1_NATIVE)
   fails += test_xor_bytes();
   fails += test_extract_bytes();
@@ -595,6 +727,16 @@ int main(void)
   fails += test_x4_extract_bytes();
   fails += test_x4_permute();
 #endif
+#if defined(MLD_USE_FIPS202_X1_NATIVE)
+  fails += test_shake128_api();
+  fails += test_shake256_api();
+  fails += test_shake256_function();
+#endif
+#if defined(MLD_USE_FIPS202_X4_NATIVE)
+  fails += test_shake128x4_api();
+  fails += test_shake256x4_api();
+#endif
+
 
   if (fails) {
     fprintf(stderr, "unit tests: FAILED (%d failure%s)\n", fails, fails==1?"":"s");