@@ -143,3 +143,119 @@ where
143143 b_vals
144144 }
145145}
146+
147+ #[ cfg( test) ]
148+ mod tests {
149+ use super :: * ;
150+ use sha2:: Sha256 ;
151+
152+ // Except introducing new internal variables, expand_message_xmd did not change
153+ // between draft 7 and draft 8 (https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-irtf-cfrg-hash-to-curve-08.txt).
154+ // So we use draft 8 test vectors.
155+
156+ /// From https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-08#appendix-I.1
157+ #[ test]
158+ fn expand_message_xmd_works_for_draft8_testvectors_sha256 ( ) {
159+ let dst = b"QUUX-V01-CS02-with-expander" ;
160+
161+ let msg = b"" ;
162+ let len_in_bytes = 0x20 ;
163+ let uniform_bytes =
164+ hex:: decode ( "f659819a6473c1835b25ea59e3d38914c98b374f0970b7e4c92181df928fca88" )
165+ . unwrap ( ) ;
166+ assert_eq ! (
167+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
168+ uniform_bytes
169+ ) ;
170+
171+ let msg = b"abc" ;
172+ let len_in_bytes = 0x20 ;
173+ let uniform_bytes =
174+ hex:: decode ( "1c38f7c211ef233367b2420d04798fa4698080a8901021a795a1151775fe4da7" )
175+ . unwrap ( ) ;
176+ assert_eq ! (
177+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
178+ uniform_bytes
179+ ) ;
180+
181+ let msg = b"abcdef0123456789" ;
182+ let len_in_bytes = 0x20 ;
183+ let uniform_bytes =
184+ hex:: decode ( "8f7e7b66791f0da0dbb5ec7c22ec637f79758c0a48170bfb7c4611bd304ece89" )
185+ . unwrap ( ) ;
186+ assert_eq ! (
187+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
188+ uniform_bytes
189+ ) ;
190+
191+ let msg = b"q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" ;
192+ let len_in_bytes = 0x20 ;
193+ let uniform_bytes =
194+ hex:: decode ( "72d5aa5ec810370d1f0013c0df2f1d65699494ee2a39f72e1716b1b964e1c642" )
195+ . unwrap ( ) ;
196+ assert_eq ! (
197+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
198+ uniform_bytes
199+ ) ;
200+
201+ let msg = b"a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ;
202+ let len_in_bytes = 0x20 ;
203+ let uniform_bytes =
204+ hex:: decode ( "3b8e704fc48336aca4c2a12195b720882f2162a4b7b13a9c350db46f429b771b" )
205+ . unwrap ( ) ;
206+ assert_eq ! (
207+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
208+ uniform_bytes
209+ ) ;
210+
211+ let msg = b"" ;
212+ let len_in_bytes = 0x80 ;
213+ let uniform_bytes =
214+ hex:: decode ( "8bcffd1a3cae24cf9cd7ab85628fd111bb17e3739d3b53f89580d217aa79526f1708354a76a402d3569d6a9d19ef3de4d0b991e4f54b9f20dcde9b95a66824cbdf6c1a963a1913d43fd7ac443a02fc5d9d8d77e2071b86ab114a9f34150954a7531da568a1ea8c760861c0cde2005afc2c114042ee7b5848f5303f0611cf297f" )
215+ . unwrap ( ) ;
216+ assert_eq ! (
217+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
218+ uniform_bytes
219+ ) ;
220+
221+ let msg = b"abc" ;
222+ let len_in_bytes = 0x80 ;
223+ let uniform_bytes =
224+ hex:: decode ( "fe994ec51bdaa821598047b3121c149b364b178606d5e72bfbb713933acc29c186f316baecf7ea22212f2496ef3f785a27e84a40d8b299cec56032763eceeff4c61bd1fe65ed81decafff4a31d0198619c0aa0c6c51fca15520789925e813dcfd318b542f8799441271f4db9ee3b8092a7a2e8d5b75b73e28fb1ab6b4573c192" )
225+ . unwrap ( ) ;
226+ assert_eq ! (
227+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
228+ uniform_bytes
229+ ) ;
230+
231+ let msg = b"abcdef0123456789" ;
232+ let len_in_bytes = 0x80 ;
233+ let uniform_bytes =
234+ hex:: decode ( "c9ec7941811b1e19ce98e21db28d22259354d4d0643e301175e2f474e030d32694e9dd5520dde93f3600d8edad94e5c364903088a7228cc9eff685d7eaac50d5a5a8229d083b51de4ccc3733917f4b9535a819b445814890b7029b5de805bf62b33a4dc7e24acdf2c924e9fe50d55a6b832c8c84c7f82474b34e48c6d43867be" )
235+ . unwrap ( ) ;
236+ assert_eq ! (
237+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
238+ uniform_bytes
239+ ) ;
240+
241+ let msg = b"q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq" ;
242+ let len_in_bytes = 0x80 ;
243+ let uniform_bytes =
244+ hex:: decode ( "48e256ddba722053ba462b2b93351fc966026e6d6db493189798181c5f3feea377b5a6f1d8368d7453faef715f9aecb078cd402cbd548c0e179c4ed1e4c7e5b048e0a39d31817b5b24f50db58bb3720fe96ba53db947842120a068816ac05c159bb5266c63658b4f000cbf87b1209a225def8ef1dca917bcda79a1e42acd8069" )
245+ . unwrap ( ) ;
246+ assert_eq ! (
247+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
248+ uniform_bytes
249+ ) ;
250+
251+ let msg = b"a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ;
252+ let len_in_bytes = 0x80 ;
253+ let uniform_bytes =
254+ hex:: decode ( "396962db47f749ec3b5042ce2452b619607f27fd3939ece2746a7614fb83a1d097f554df3927b084e55de92c7871430d6b95c2a13896d8a33bc48587b1f66d21b128a1a8240d5b0c26dfe795a1a842a0807bb148b77c2ef82ed4b6c9f7fcb732e7f94466c8b51e52bf378fba044a31f5cb44583a892f5969dcd73b3fa128816e" )
255+ . unwrap ( ) ;
256+ assert_eq ! (
257+ ExpandMsgXmd :: <Sha256 >:: expand_message( msg, dst, len_in_bytes) ,
258+ uniform_bytes
259+ ) ;
260+ }
261+ }
0 commit comments