Add accumulated randomized tests to xaes-256-gcm

.github/workflows/xaes-256-gcm.yml

@@ -71,5 +71,5 @@ jobs:
       - run: cargo test --target ${{ matrix.target }} --lib
       #- run: cargo test --target ${{ matrix.target }} --lib --features zeroize
       - run: cargo test --target ${{ matrix.target }} --all-features --lib
-      - run: cargo test --target ${{ matrix.target }} --all-features --release
+      - run: cargo test --target ${{ matrix.target }} --all-features --release -- --include-ignored
       - run: cargo test --target ${{ matrix.target }} --all-features --doc

xaes-256-gcm/Cargo.toml

@@ -25,6 +25,7 @@ aead-stream = { version = "0.6.0-rc.2", optional = true, default-features = fals
 [dev-dependencies]
 aead = { version = "0.6", features = ["dev"], default-features = false }
 hex-literal = "1"
+shake = { version = "0.1.0", default-features = false }
 
 [features]
 default = ["alloc", "getrandom"]

xaes-256-gcm/tests/xaes256gcm.rs

@@ -7,11 +7,12 @@ mod common;
 use aes_gcm::aead::{Aead, AeadInOut, KeyInit, Payload, array::Array};
 use common::TestVector;
 use hex_literal::hex;
-use xaes_256_gcm::Xaes256Gcm;
+use shake::{ExtendableOutput, Shake128, Update, XofReader};
+use xaes_256_gcm::{Key, Nonce, Xaes256Gcm};
 
 /// C2SP XAES-256-GCM test vectors
 ///
-/// <https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md>
+/// <https://c2sp.org/XAES-256-GCM#test-vectors>
 const TEST_VECTORS: &[TestVector<[u8; 32], [u8; 24]>] = &[
     TestVector {
         key: &hex!("0101010101010101010101010101010101010101010101010101010101010101"),
@@ -32,3 +33,72 @@ const TEST_VECTORS: &[TestVector<[u8; 32], [u8; 24]>] = &[
 ];
 
 tests!(Xaes256Gcm, TEST_VECTORS);
+
+/// C2SP XAES-256-GCM accumulated randomized tests.
+///
+/// <https://c2sp.org/XAES-256-GCM#accumulated-randomized-tests>
+fn run_accumulated_test(iterations: usize, expected: [u8; 32]) {
+    let mut seed = Shake128::default().finalize_xof();
+    let mut digest = Shake128::default();
+
+    for _ in 0..iterations {
+        let mut key = Key::<Xaes256Gcm>::default();
+        seed.read(&mut key);
+        let mut nonce = Nonce::default();
+        seed.read(&mut nonce);
+        let mut length = [0u8; 1];
+        seed.read(&mut length);
+        let mut plaintext = vec![0u8; length[0] as usize];
+        seed.read(&mut plaintext);
+        seed.read(&mut length);
+        let mut aad = vec![0u8; length[0] as usize];
+        seed.read(&mut aad);
+
+        let cipher = Xaes256Gcm::new(&key);
+        let ciphertext = cipher
+            .encrypt(
+                &nonce,
+                Payload {
+                    msg: &plaintext,
+                    aad: &aad,
+                },
+            )
+            .unwrap();
+
+        let decrypted = cipher
+            .decrypt(
+                &nonce,
+                Payload {
+                    msg: &ciphertext,
+                    aad: &aad,
+                },
+            )
+            .unwrap();
+
+        assert_eq!(plaintext, decrypted);
+
+        digest.update(&ciphertext);
+    }
+
+    let mut reader = digest.finalize_xof();
+    let mut buf = [0u8; 32];
+    reader.read(&mut buf);
+    assert_eq!(expected, buf);
+}
+
+#[test]
+fn accumulated_randomized_10_000_iterations() {
+    run_accumulated_test(
+        10_000,
+        hex!("e6b9edf2df6cec60c8cbd864e2211b597fb69a529160cd040d56c0c210081939"),
+    );
+}
+
+#[test]
+#[ignore = "slow in debug; run with `cargo test --release -- --include-ignored`"]
+fn accumulated_randomized_1_000_000_iterations() {
+    run_accumulated_test(
+        1_000_000,
+        hex!("2163ae1445985a30b60585ee67daa55674df06901b890593e824b8a7c885ab15"),
+    );
+}