While differential fuzzing does this, the standard test suite of Orion does not in all cases. For example, StreamingContextConsistencyTester does use this approach, for default input and quickcheck property tests. But the test runners in /tests don't seem to. At least not NIST CAVP. Let's extend these to enable processing KATs input in random chunks, if streaming state is available for the primitive, and compare with a one-shot call. Not just calling update() once, but at least two times.
Example of extended new test:
fn sha256_test_runner(data: &[u8], output: &[u8]) {
let mut state = sha2::sha256::Sha256::new();
let bytes = data;
let mut data_len = data.len();
let mut rng = rand::task_rng();
while (data.len() != 0) {
let n: usize = rng.gen_range(0, data.len());
state.update(bytes[..n]).unwrap();
bytes = &bytes[n..];
data_len -= n;
}
let digest = state.finalize().unwrap();
let digest_one_shot = sha2::sha256::Sha256::digest(data).unwrap();
assert_eq!(digest.as_ref(), digest_one_shot.as_ref());
assert_eq!(digest.as_ref(), output);
}
While differential fuzzing does this, the standard test suite of Orion does not in all cases. For example,
StreamingContextConsistencyTesterdoes use this approach, for default input andquickcheckproperty tests. But the test runners in/testsdon't seem to. At least not NIST CAVP. Let's extend these to enable processing KATs input in random chunks, if streaming state is available for the primitive, and compare with a one-shot call. Not just callingupdate()once, but at least two times.Example of extended new test: