ed/Odin
1
0
Fork 0
mirror of https://github.com/Ed94/Odin.git synced 2026-06-13 01:21:38 -07:00
Code Issues Packages Projects Releases Wiki Activity

core/crypto/aead: Initial import

Browse Source
This commit is contained in:
Yawning Angel
2024-08-03 03:05:45 +09:00
parent 38aea1f907
commit ba1ad82c2b
14 changed files with 658 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/crypto/aead/aead.odin
+36
View File
@@ -0,0 +1,36 @@
package aead
// seal_oneshot encrypts the plaintext and authenticates the aad and ciphertext,
// with the provided algorithm, key, and iv, stores the output in dst and tag.
//
// dst and plaintext MUST alias exactly or not at all.
seal_oneshot :: proc(algo: Algorithm, dst, tag, key, iv, aad, plaintext: []byte, impl: Implementation = nil) {
ctx: Context
init(&ctx, algo, key, impl)
defer reset(&ctx)
seal_ctx(&ctx, dst, tag, iv, aad, plaintext)
}
// open authenticates the aad and ciphertext, and decrypts the ciphertext,
// with the provided algorithm, key, iv, and tag, and stores the output in dst,
// returning true iff the authentication was successful. If authentication
// fails, the destination buffer will be zeroed.
//
// dst and plaintext MUST alias exactly or not at all.
@(require_results)
open_oneshot :: proc(algo: Algorithm, dst, key, iv, aad, ciphertext, tag: []byte, impl: Implementation = nil) -> bool {
ctx: Context
init(&ctx, algo, key, impl)
defer reset(&ctx)
return open_ctx(&ctx, dst, iv, aad, ciphertext, tag)
}
seal :: proc {
seal_ctx,
seal_oneshot,
}
open :: proc {
open_ctx,
open_oneshot,
}
core/crypto/aead/doc.odin
+58
View File
@@ -0,0 +1,58 @@
/*
package aead provides a generic interface to the supported Authenticated
Encryption with Associated Data algorithms.
Both a one-shot and context based interface are provided, with similar
usage. If multiple messages are to be sealed/opened via the same key,
the context based interface may be more efficient, depending on the
algorithm.
WARNING: Reusing the same key + iv to seal (encrypt) multiple messages
results in catastrophic loss of security for most algorithms.
```odin
package aead_example
import "core:bytes"
import "core:crypto"
import "core:crypto/aead"
main :: proc() {
algo := aead.Algorithm.XCHACHA20POLY1305
// The example added associated data, and plaintext.
aad_str := "Get your ass in gear boys."
pt_str := "They're immanetizing the Eschaton."
aad := transmute([]byte)aad_str
plaintext := transmute([]byte)pt_str
pt_len := len(plaintext)
// Generate a random key for the purposes of illustration.
key := make([]byte, aead.KEY_SIZES[algo])
defer delete(key)
crypto.rand_bytes(key)
// `ciphertext || tag`, is a common way data is transmitted, so
// demonstrate that.
buf := make([]byte, pt_len + aead.TAG_SIZES[algo])
defer delete(buf)
ciphertext, tag := buf[:pt_len], buf[pt_len:]
// Seal the AAD + Plaintext.
iv := make([]byte, aead.IV_SIZES[algo])
defer delete(iv)
crypto.rand_bytes(iv) // Random IVs are safe with XChaCha20-Poly1305.
aead.seal(algo, ciphertext, tag, key, iv, aad, plaintext)
// Open the AAD + Ciphertext.
opened_pt := buf[:pt_len]
if ok := aead.open(algo, opened_pt, key, iv, aad, ciphertext, tag); !ok {
panic("aead example: failed to open")
}
assert(bytes.equal(opened_pt, plaintext))
}
```
*/
package aead
core/crypto/aead/low_level.odin
+187
View File
@@ -0,0 +1,187 @@
package aead
import "core:crypto/aes"
import "core:crypto/chacha20"
import "core:crypto/chacha20poly1305"
import "core:reflect"
// Implementation is an AEAD implementation. Most callers will not need
// to use this as the package will automatically select the most performant
// implementation available.
Implementation :: union {
aes.Implementation,
chacha20.Implementation,
}
// MAX_TAG_SIZE is the maximum size tag that can be returned by any of the
// Algorithms supported via this package.
MAX_TAG_SIZE :: 16
// Algorithm is the algorithm identifier associated with a given Context.
Algorithm :: enum {
Invalid,
AES_GCM_128,
AES_GCM_192,
AES_GCM_256,
CHACHA20POLY1305,
XCHACHA20POLY1305,
}
// ALGORITM_NAMES is the Agorithm to algorithm name string.
ALGORITHM_NAMES := [Algorithm]string {
.Invalid = "Invalid",
.AES_GCM_128 = "AES-GCM-128",
.AES_GCM_192 = "AES-GCM-192",
.AES_GCM_256 = "AES-GCM-256",
.CHACHA20POLY1305 = "chacha20poly1305",
.XCHACHA20POLY1305 = "xchacha20poly1305",
}
// TAG_SIZES is the Algorithm to tag size in bytes.
TAG_SIZES := [Algorithm]int {
.Invalid = 0,
.AES_GCM_128 = aes.GCM_TAG_SIZE,
.AES_GCM_192 = aes.GCM_TAG_SIZE,
.AES_GCM_256 = aes.GCM_TAG_SIZE,
.CHACHA20POLY1305 = chacha20poly1305.TAG_SIZE,
.XCHACHA20POLY1305 = chacha20poly1305.TAG_SIZE,
}
// KEY_SIZES is the Algorithm to key size in bytes.
KEY_SIZES := [Algorithm]int {
.Invalid = 0,
.AES_GCM_128 = aes.KEY_SIZE_128,
.AES_GCM_192 = aes.KEY_SIZE_192,
.AES_GCM_256 = aes.KEY_SIZE_256,
.CHACHA20POLY1305 = chacha20poly1305.KEY_SIZE,
.XCHACHA20POLY1305 = chacha20poly1305.KEY_SIZE,
}
// IV_SIZES is the Algorithm to initialization vector size in bytes.
//
// Note: Some algorithms (such as AES-GCM) support variable IV sizes.
IV_SIZES := [Algorithm]int {
.Invalid = 0,
.AES_GCM_128 = aes.GCM_IV_SIZE,
.AES_GCM_192 = aes.GCM_IV_SIZE,
.AES_GCM_256 = aes.GCM_IV_SIZE,
.CHACHA20POLY1305 = chacha20poly1305.IV_SIZE,
.XCHACHA20POLY1305 = chacha20poly1305.XIV_SIZE,
}
// Context is a concrete instantiation of a specific AEAD algorithm.
Context :: struct {
_algo: Algorithm,
_impl: union {
aes.Context_GCM,
chacha20poly1305.Context,
},
}
@(private)
_IMPL_IDS := [Algorithm]typeid {
.Invalid = nil,
.AES_GCM_128 = typeid_of(aes.Context_GCM),
.AES_GCM_192 = typeid_of(aes.Context_GCM),
.AES_GCM_256 = typeid_of(aes.Context_GCM),
.CHACHA20POLY1305 = typeid_of(chacha20poly1305.Context),
.XCHACHA20POLY1305 = typeid_of(chacha20poly1305.Context),
}
// init initializes a Context with a specific AEAD Algorithm.
init :: proc(ctx: ^Context, algorithm: Algorithm, key: []byte, impl: Implementation = nil) {
if ctx._impl != nil {
reset(ctx)
}
if len(key) != KEY_SIZES[algorithm] {
panic("crypto/aead: invalid key size")
}
// Directly specialize the union by setting the type ID (save a copy).
reflect.set_union_variant_typeid(
ctx._impl,
_IMPL_IDS[algorithm],
)
switch algorithm {
case .AES_GCM_128, .AES_GCM_192, .AES_GCM_256:
impl_ := impl != nil ? impl.(aes.Implementation) : aes.DEFAULT_IMPLEMENTATION
aes.init_gcm(&ctx._impl.(aes.Context_GCM), key, impl_)
case .CHACHA20POLY1305:
impl_ := impl != nil ? impl.(chacha20.Implementation) : chacha20.DEFAULT_IMPLEMENTATION
chacha20poly1305.init(&ctx._impl.(chacha20poly1305.Context), key, impl_)
case .XCHACHA20POLY1305:
impl_ := impl != nil ? impl.(chacha20.Implementation) : chacha20.DEFAULT_IMPLEMENTATION
chacha20poly1305.init_xchacha(&ctx._impl.(chacha20poly1305.Context), key, impl_)
case .Invalid:
panic("crypto/aead: uninitialized algorithm")
case:
panic("crypto/aead: invalid algorithm")
}
ctx._algo = algorithm
}
// seal_ctx encrypts the plaintext and authenticates the aad and ciphertext,
// with the provided Context and iv, stores the output in dst and tag.
//
// dst and plaintext MUST alias exactly or not at all.
seal_ctx :: proc(ctx: ^Context, dst, tag, iv, aad, plaintext: []byte) {
switch &impl in ctx._impl {
case aes.Context_GCM:
aes.seal_gcm(&impl, dst, tag, iv, aad, plaintext)
case chacha20poly1305.Context:
chacha20poly1305.seal(&impl, dst, tag, iv, aad, plaintext)
case:
panic("crypto/aead: uninitialized algorithm")
}
}
// open_ctx authenticates the aad and ciphertext, and decrypts the ciphertext,
// with the provided Context, iv, and tag, and stores the output in dst,
// returning true iff the authentication was successful. If authentication
// fails, the destination buffer will be zeroed.
//
// dst and plaintext MUST alias exactly or not at all.
@(require_results)
open_ctx :: proc(ctx: ^Context, dst, iv, aad, ciphertext, tag: []byte) -> bool {
switch &impl in ctx._impl {
case aes.Context_GCM:
return aes.open_gcm(&impl, dst, iv, aad, ciphertext, tag)
case chacha20poly1305.Context:
return chacha20poly1305.open(&impl, dst, iv, aad, ciphertext, tag)
case:
panic("crypto/aead: uninitialized algorithm")
}
}
// reset sanitizes the Context. The Context must be re-initialized to
// be used again.
reset :: proc(ctx: ^Context) {
switch &impl in ctx._impl {
case aes.Context_GCM:
aes.reset_gcm(&impl)
case chacha20poly1305.Context:
chacha20poly1305.reset(&impl)
case:
// Calling reset repeatedly is fine.
}
ctx._algo = .Invalid
ctx._impl = nil
}
// algorithm returns the Algorithm used by a Context instance.
algorithm :: proc(ctx: ^Context) -> Algorithm {
return ctx._algo
}
// iv_size returns the IV size of a Context instance in bytes.
iv_size :: proc(ctx: ^Context) -> int {
return IV_SIZES[ctx._algo]
}
// tag_size returns the tag size of a Context instance in bytes.
tag_size :: proc(ctx: ^Context) -> int {
return TAG_SIZES[ctx._algo]
}
core/crypto/aes/aes_ctr.odin
+1 -1
View File
@@ -20,7 +20,7 @@ Context_CTR :: struct {
}
// init_ctr initializes a Context_CTR with the provided key and IV.
init_ctr :: proc(ctx: ^Context_CTR, key, iv: []byte, impl := Implementation.Hardware) {
init_ctr :: proc(ctx: ^Context_CTR, key, iv: []byte, impl := DEFAULT_IMPLEMENTATION) {
if len(iv) != CTR_IV_SIZE {
panic("crypto/aes: invalid CTR IV size")
}
core/crypto/aes/aes_ecb.odin
+1 -1
View File
@@ -12,7 +12,7 @@ Context_ECB :: struct {
}
// init_ecb initializes a Context_ECB with the provided key.
init_ecb :: proc(ctx: ^Context_ECB, key: []byte, impl := Implementation.Hardware) {
init_ecb :: proc(ctx: ^Context_ECB, key: []byte, impl := DEFAULT_IMPLEMENTATION) {
init_impl(&ctx._impl, key, impl)
ctx._is_initialized = true
}
core/crypto/aes/aes_gcm.odin
+1 -1
View File
@@ -26,7 +26,7 @@ Context_GCM :: struct {
}
// init_gcm initializes a Context_GCM with the provided key.
init_gcm :: proc(ctx: ^Context_GCM, key: []byte, impl := Implementation.Hardware) {
init_gcm :: proc(ctx: ^Context_GCM, key: []byte, impl := DEFAULT_IMPLEMENTATION) {
init_impl(&ctx._impl, key, impl)
ctx._is_initialized = true
}
core/crypto/aes/aes_impl.odin
+4
View File
@@ -10,6 +10,10 @@ Context_Impl :: union {
Context_Impl_Hardware,
}
// DEFAULT_IMPLEMENTATION is the implementation that will be used by
// default if possible.
DEFAULT_IMPLEMENTATION :: Implementation.Hardware
// Implementation is an AES implementation. Most callers will not need
// to use this as the package will automatically select the most performant
// implementation available (See `is_hardware_accelerated()`).
core/crypto/chacha20/chacha20.odin
+1 -1
View File
@@ -26,7 +26,7 @@ Context :: struct {
// init inititializes a Context for ChaCha20 or XChaCha20 with the provided
// key and iv.
init :: proc(ctx: ^Context, key, iv: []byte, impl := Implementation.Simd256) {
init :: proc(ctx: ^Context, key, iv: []byte, impl := DEFAULT_IMPLEMENTATION) {
if len(key) != KEY_SIZE {
panic("crypto/chacha20: invalid (X)ChaCha20 key size")
}
core/crypto/chacha20/chacha20_impl.odin
+4
View File
@@ -5,6 +5,10 @@ import "core:crypto/_chacha20/ref"
import "core:crypto/_chacha20/simd128"
import "core:crypto/_chacha20/simd256"
// DEFAULT_IMPLEMENTATION is the implementation that will be used by
// default if possible.
DEFAULT_IMPLEMENTATION :: Implementation.Simd256
// Implementation is a ChaCha20 implementation. Most callers will not need
// to use this as the package will automatically select the most performant
// implementation available.
core/crypto/chacha20poly1305/chacha20poly1305.odin
+2 -2
View File
@@ -70,7 +70,7 @@ Context :: struct {
}
// init initializes a Context with the provided key, for AEAD_CHACHA20_POLY1305.
init :: proc(ctx: ^Context, key: []byte, impl := chacha20.Implementation.Simd256) {
init :: proc(ctx: ^Context, key: []byte, impl := chacha20.DEFAULT_IMPLEMENTATION) {
if len(key) != KEY_SIZE {
panic("crypto/chacha20poly1305: invalid key size")
}
@@ -86,7 +86,7 @@ init :: proc(ctx: ^Context, key: []byte, impl := chacha20.Implementation.Simd256
//
// Note: While there are multiple definitions of XChaCha20-Poly1305
// this sticks to the IETF draft and uses a 32-bit counter.
init_xchacha :: proc(ctx: ^Context, key: []byte, impl := chacha20.Implementation.Simd256) {
init_xchacha :: proc(ctx: ^Context, key: []byte, impl := chacha20.DEFAULT_IMPLEMENTATION) {
init(ctx, key, impl)
ctx._is_xchacha = true
}
examples/all/all_main.odin
+2
View File
@@ -25,6 +25,7 @@ import rbtree "core:container/rbtree"
import topological_sort "core:container/topological_sort"
import crypto "core:crypto"
import aead "core:crypto/aead"
import aes "core:crypto/aes"
import blake2b "core:crypto/blake2b"
import blake2s "core:crypto/blake2s"
@@ -164,6 +165,7 @@ _ :: rbtree
_ :: topological_sort
_ :: crypto
_ :: crypto_hash
_ :: aead
_ :: aes
_ :: blake2b
_ :: blake2s
tests/core/crypto/test_core_crypto.odin
+11 -174
View File
@@ -22,18 +22,24 @@ import "core:crypto"
import chacha_simd128 "core:crypto/_chacha20/simd128"
import chacha_simd256 "core:crypto/_chacha20/simd256"
import "core:crypto/chacha20"
import "core:crypto/chacha20poly1305"
import "core:crypto/sha2"
@(private = "file")
@(private)
_PLAINTEXT_SUNSCREEN_STR := "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
@(test)
test_chacha20 :: proc(t: ^testing.T) {
runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD()
impls := make([dynamic]chacha20.Implementation, 0, 3)
defer delete(impls)
impls := supported_chacha_impls()
for impl in impls {
test_chacha20_stream(t, impl)
}
}
supported_chacha_impls :: proc() -> [dynamic]chacha20.Implementation {
impls := make([dynamic]chacha20.Implementation, 0, 3, context.temp_allocator)
append(&impls, chacha20.Implementation.Portable)
if chacha_simd128.is_performant() {
append(&impls, chacha20.Implementation.Simd128)
@@ -42,11 +48,7 @@ test_chacha20 :: proc(t: ^testing.T) {
append(&impls, chacha20.Implementation.Simd256)
}
for impl in impls {
test_chacha20_stream(t, impl)
test_chacha20poly1305(t, impl)
test_xchacha20poly1305(t, impl)
}
return impls
}
test_chacha20_stream :: proc(t: ^testing.T, impl: chacha20.Implementation) {
@@ -180,171 +182,6 @@ test_chacha20_stream :: proc(t: ^testing.T, impl: chacha20.Implementation) {
)
}
test_chacha20poly1305 :: proc(t: ^testing.T, impl: chacha20.Implementation) {
plaintext := transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR)
plaintext_str := string(hex.encode(plaintext, context.temp_allocator))
aad := [12]byte {
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7,
}
key := [chacha20poly1305.KEY_SIZE]byte {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
}
nonce := [chacha20poly1305.IV_SIZE]byte {
0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
0x44, 0x45, 0x46, 0x47,
}
ciphertext := [114]byte {
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
0x61, 0x16,
}
ciphertext_str := string(hex.encode(ciphertext[:], context.temp_allocator))
tag := [chacha20poly1305.TAG_SIZE]byte {
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91,
}
tag_str := string(hex.encode(tag[:], context.temp_allocator))
tag_ := make([]byte, chacha20poly1305.TAG_SIZE, context.temp_allocator)
dst := make([]byte, len(ciphertext), context.temp_allocator)
ctx: chacha20poly1305.Context
chacha20poly1305.init(&ctx, key[:])
chacha20poly1305.seal(&ctx, dst, tag_, nonce[:], aad[:], plaintext)
dst_str := string(hex.encode(dst, context.temp_allocator))
tag_str_ := string(hex.encode(tag_, context.temp_allocator))
testing.expectf(
t,
dst_str == ciphertext_str && tag_str_ == tag_str,
"chacha20poly1305/%v: Expected: (%s, %s) for seal(%x, %x, %x, %x), but got (%s, %s) instead",
impl,
ciphertext_str,
tag_str,
key,
nonce,
aad,
plaintext,
dst_str,
tag_str_,
)
ok := chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], ciphertext[:], tag[:])
dst_str = string(hex.encode(dst, context.temp_allocator))
testing.expectf(
t,
ok && dst_str == plaintext_str,
"chacha20poly1305/%v: Expected: (%s, true) for open(%x, %x, %x, %x, %s), but got (%s, %v) instead",
impl,
plaintext_str,
key,
nonce,
aad,
ciphertext,
tag_str,
dst_str,
ok,
)
copy(dst, ciphertext[:])
tag_[0] ~= 0xa5
ok = chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], dst[:], tag_)
testing.expectf(t, !ok, "chacha20poly1305/%v: Expected false for open(bad_tag, aad, ciphertext)", impl)
dst[0] ~= 0xa5
ok = chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], dst[:], tag[:])
testing.expectf(t, !ok, "chacha20poly1305/%v: Expected false for open(tag, aad, bad_ciphertext)", impl)
copy(dst, ciphertext[:])
aad[0] ~= 0xa5
ok = chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], dst[:], tag[:])
testing.expectf(t, !ok, "chacha20poly1305/%v: Expected false for open(tag, bad_aad, ciphertext)", impl)
}
test_xchacha20poly1305 :: proc(t: ^testing.T, impl: chacha20.Implementation) {
// Test case taken from:
// - https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha-03
key_str := "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"
iv_str := "404142434445464748494a4b4c4d4e4f5051525354555657"
aad_str := "50515253c0c1c2c3c4c5c6c7"
plaintext_str := "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
ciphertext_str := "bd6d179d3e83d43b9576579493c0e939572a1700252bfaccbed2902c21396cbb731c7f1b0b4aa6440bf3a82f4eda7e39ae64c6708c54c216cb96b72e1213b4522f8c9ba40db5d945b11b69b982c1bb9e3f3fac2bc369488f76b2383565d3fff921f9664c97637da9768812f615c68b13b52e"
tag_str := "c0875924c1c7987947deafd8780acf49"
key, _ := hex.decode(transmute([]byte)(key_str), context.temp_allocator)
iv, _ := hex.decode(transmute([]byte)(iv_str), context.temp_allocator)
aad, _ := hex.decode(transmute([]byte)(aad_str), context.temp_allocator)
plaintext, _ := hex.decode(transmute([]byte)(plaintext_str), context.temp_allocator)
ciphertext, _ := hex.decode(transmute([]byte)(ciphertext_str), context.temp_allocator)
tag, _ := hex.decode(transmute([]byte)(tag_str), context.temp_allocator)
tag_ := make([]byte, len(tag), context.temp_allocator)
dst := make([]byte, len(ciphertext), context.temp_allocator)
ctx: chacha20poly1305.Context
chacha20poly1305.init_xchacha(&ctx, key, impl)
chacha20poly1305.seal(&ctx, dst, tag_, iv, aad, plaintext)
dst_str := string(hex.encode(dst, context.temp_allocator))
tag_str_ := string(hex.encode(tag_, context.temp_allocator))
testing.expectf(
t,
dst_str == ciphertext_str && tag_str_ == tag_str,
"xchacha20poly1305/%v: Expected: (%s, %s) for seal(%s, %s, %s, %s), but got (%s, %s) instead",
impl,
ciphertext_str,
tag_str,
key_str,
iv_str,
aad_str,
plaintext_str,
dst_str,
tag_str_,
)
ok := chacha20poly1305.open(&ctx, dst, iv, aad, ciphertext, tag)
dst_str = string(hex.encode(dst, context.temp_allocator))
testing.expectf(
t,
ok && dst_str == plaintext_str,
"xchacha20poly1305/%v: Expected: (%s, true) for open(%s, %s, %s, %s, %s), but got (%s, %v) instead",
impl,
plaintext_str,
key_str,
iv_str,
aad_str,
ciphertext_str,
tag_str,
dst_str,
ok,
)
}
@(test)
test_rand_bytes :: proc(t: ^testing.T) {
if !crypto.HAS_RAND_BYTES {
tests/core/crypto/test_core_crypto_aead.odin
+339
View File
@@ -0,0 +1,339 @@
package test_core_crypto
import "base:runtime"
import "core:crypto/aead"
import "core:encoding/hex"
import "core:testing"
@(test)
test_aead :: proc(t: ^testing.T) {
runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD()
aes_impls := make([dynamic]aead.Implementation, context.temp_allocator)
for impl in supported_aes_impls() {
append(&aes_impls, impl)
}
chacha_impls := make([dynamic]aead.Implementation, context.temp_allocator)
for impl in supported_chacha_impls() {
append(&chacha_impls, impl)
}
impls := [aead.Algorithm][dynamic]aead.Implementation{
.Invalid = nil,
.AES_GCM_128 = aes_impls,
.AES_GCM_192 = aes_impls,
.AES_GCM_256 = aes_impls,
.CHACHA20POLY1305 = chacha_impls,
.XCHACHA20POLY1305 = chacha_impls,
}
test_vectors := []struct{
algo: aead.Algorithm,
key: string,
iv: string,
aad: string,
plaintext: string,
ciphertext: string,
tag: string,
} {
// AES-GCM
// - https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
//
// Note: NIST did a reorg of their site, so the source of the test vectors
// is only available from an archive.
{
.AES_GCM_128,
"00000000000000000000000000000000",
"000000000000000000000000",
"",
"",
"",
"58e2fccefa7e3061367f1d57a4e7455a",
},
{
.AES_GCM_128,
"00000000000000000000000000000000",
"000000000000000000000000",
"",
"00000000000000000000000000000000",
"0388dace60b6a392f328c2b971b2fe78",
"ab6e47d42cec13bdf53a67b21257bddf",
},
{
.AES_GCM_128,
"feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
"4d5c2af327cd64a62cf35abd2ba6fab4",
},
{
.AES_GCM_128,
"feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
"5bc94fbc3221a5db94fae95ae7121a47",
},
{
.AES_GCM_128,
"feffe9928665731c6d6a8f9467308308",
"cafebabefacedbad",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
"3612d2e79e3b0785561be14aaca2fccb",
},
{
.AES_GCM_128,
"feffe9928665731c6d6a8f9467308308",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
"619cc5aefffe0bfa462af43c1699d050",
},
{
.AES_GCM_192,
"000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"",
"",
"cd33b28ac773f74ba00ed1f312572435",
},
{
.AES_GCM_192,
"000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"00000000000000000000000000000000",
"98e7247c07f0fe411c267e4384b0f600",
"2ff58d80033927ab8ef4d4587514f0fb",
},
{
.AES_GCM_192,
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"cafebabefacedbaddecaf888",
"",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
"9924a7c8587336bfb118024db8674a14",
},
{
.AES_GCM_192,
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"cafebabefacedbaddecaf888",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
"2519498e80f1478f37ba55bd6d27618c",
},
{
.AES_GCM_192,
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"cafebabefacedbad",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
"65dcc57fcf623a24094fcca40d3533f8",
},
{
.AES_GCM_192,
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
"dcf566ff291c25bbb8568fc3d376a6d9",
},
{
.AES_GCM_256,
"0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"",
"",
"530f8afbc74536b9a963b4f1c4cb738b",
},
{
.AES_GCM_256,
"0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"00000000000000000000000000000000",
"cea7403d4d606b6e074ec5d3baf39d18",
"d0d1c8a799996bf0265b98b5d48ab919",
},
{
.AES_GCM_256,
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
"b094dac5d93471bdec1a502270e3cc6c",
},
{
.AES_GCM_256,
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
"76fc6ece0f4e1768cddf8853bb2d551b",
},
{
.AES_GCM_256,
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"cafebabefacedbad",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
"3a337dbf46a792c45e454913fe2ea8f2",
},
{
.AES_GCM_256,
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
},
// Chacha20-Poly1305
// https://www.rfc-editor.org/rfc/rfc8439
{
.CHACHA20POLY1305,
"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
"070000004041424344454647",
"50515253c0c1c2c3c4c5c6c7",
string(hex.encode(transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR), context.temp_allocator)),
"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
"1ae10b594f09e26a7e902ecbd0600691",
},
// XChaCha20-Poly1305-IETF
// - https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha-03
{
.XCHACHA20POLY1305,
"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
"404142434445464748494a4b4c4d4e4f5051525354555657",
"50515253c0c1c2c3c4c5c6c7",
"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
"bd6d179d3e83d43b9576579493c0e939572a1700252bfaccbed2902c21396cbb731c7f1b0b4aa6440bf3a82f4eda7e39ae64c6708c54c216cb96b72e1213b4522f8c9ba40db5d945b11b69b982c1bb9e3f3fac2bc369488f76b2383565d3fff921f9664c97637da9768812f615c68b13b52e",
"c0875924c1c7987947deafd8780acf49",
},
}
for v, _ in test_vectors {
algo_name := aead.ALGORITHM_NAMES[v.algo]
key, _ := hex.decode(transmute([]byte)(v.key), context.temp_allocator)
iv, _ := hex.decode(transmute([]byte)(v.iv), context.temp_allocator)
aad, _ := hex.decode(transmute([]byte)(v.aad), context.temp_allocator)
plaintext, _ := hex.decode(transmute([]byte)(v.plaintext), context.temp_allocator)
ciphertext, _ := hex.decode(transmute([]byte)(v.ciphertext), context.temp_allocator)
tag, _ := hex.decode(transmute([]byte)(v.tag), context.temp_allocator)
tag_ := make([]byte, len(tag), context.temp_allocator)
dst := make([]byte, len(ciphertext), context.temp_allocator)
ctx: aead.Context
for impl in impls[v.algo] {
aead.init(&ctx, v.algo, key, impl)
aead.seal(&ctx, dst, tag_, iv, aad, plaintext)
dst_str := string(hex.encode(dst, context.temp_allocator))
tag_str := string(hex.encode(tag_, context.temp_allocator))
testing.expectf(
t,
dst_str == v.ciphertext && tag_str == v.tag,
"%s/%v: Expected: (%s, %s) for seal_ctx(%s, %s, %s, %s), but got (%s, %s) instead",
algo_name,
impl,
v.ciphertext,
v.tag,
v.key,
v.iv,
v.aad,
v.plaintext,
dst_str,
tag_str,
)
aead.seal(v.algo, dst, tag_, key, iv, aad, plaintext, impl)
dst_str = string(hex.encode(dst, context.temp_allocator))
tag_str = string(hex.encode(tag_, context.temp_allocator))
testing.expectf(
t,
dst_str == v.ciphertext && tag_str == v.tag,
"%s/%v: Expected: (%s, %s) for seal_oneshot(%s, %s, %s, %s), but got (%s, %s) instead",
algo_name,
impl,
v.ciphertext,
v.tag,
v.key,
v.iv,
v.aad,
v.plaintext,
dst_str,
tag_str,
)
ok := aead.open(&ctx, dst, iv, aad, ciphertext, tag)
dst_str = string(hex.encode(dst, context.temp_allocator))
testing.expectf(
t,
ok && dst_str == v.plaintext,
"%s/%v: Expected: (%s, true) for open_ctx(%s, %s, %s, %s, %s), but got (%s, %v) instead",
algo_name,
impl,
v.plaintext,
v.key,
v.iv,
v.aad,
v.ciphertext,
v.tag,
dst_str,
ok,
)
ok = aead.open(v.algo, dst, key, iv, aad, ciphertext, tag, impl)
dst_str = string(hex.encode(dst, context.temp_allocator))
testing.expectf(
t,
ok && dst_str == v.plaintext,
"%s/%v: Expected: (%s, true) for open_oneshot(%s, %s, %s, %s, %s), but got (%s, %v) instead",
algo_name,
impl,
v.plaintext,
v.key,
v.iv,
v.aad,
v.ciphertext,
v.tag,
dst_str,
ok,
)
tag_[0] ~= 0xa5
ok = aead.open(&ctx, dst, iv, aad, ciphertext, tag_)
testing.expectf(t, !ok, "%s/%v: Expected false for open(bad_tag, aad, ciphertext)", algo_name, impl)
if len(dst) > 0 {
copy(dst, ciphertext[:])
dst[0] ~= 0xa5
ok = aead.open(&ctx, dst, iv, aad, dst, tag)
testing.expectf(t, !ok, "%s/%v: Expected false for open(tag, aad, bad_ciphertext)", algo_name, impl)
}
if len(aad) > 0 {
aad_ := make([]byte, len(aad), context.temp_allocator)
copy(aad_, aad)
aad_[0] ~= 0xa5
ok = aead.open(&ctx, dst, iv, aad_, ciphertext, tag)
testing.expectf(t, !ok, "%s/%v: Expected false for open(tag, bad_aad, ciphertext)", algo_name, impl)
}
}
}
}
tests/core/crypto/test_core_crypto_aes.odin
+11 -220
View File
@@ -12,18 +12,22 @@ import "core:crypto/sha2"
test_aes :: proc(t: ^testing.T) {
runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD()
impls := make([dynamic]aes.Implementation, 0, 2)
defer delete(impls)
impls := supported_aes_impls()
for impl in impls {
test_aes_ecb(t, impl)
test_aes_ctr(t, impl)
}
}
supported_aes_impls :: proc() -> [dynamic]aes.Implementation {
impls := make([dynamic]aes.Implementation, 0, 2, context.temp_allocator)
append(&impls, aes.Implementation.Portable)
if aes.is_hardware_accelerated() {
append(&impls, aes.Implementation.Hardware)
}
for impl in impls {
test_aes_ecb(t, impl)
test_aes_ctr(t, impl)
test_aes_gcm(t, impl)
}
return impls
}
test_aes_ecb :: proc(t: ^testing.T, impl: aes.Implementation) {
@@ -222,216 +226,3 @@ test_aes_ctr :: proc(t: ^testing.T, impl: aes.Implementation) {
digest_str,
)
}
test_aes_gcm :: proc(t: ^testing.T, impl: aes.Implementation) {
log.debugf("Testing AES-GCM/%v", impl)
// NIST did a reorg of their site, so the source of the test vectors
// is only available from an archive.
//
// https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
test_vectors := []struct {
key: string,
iv: string,
aad: string,
plaintext: string,
ciphertext: string,
tag: string,
} {
{
"00000000000000000000000000000000",
"000000000000000000000000",
"",
"",
"",
"58e2fccefa7e3061367f1d57a4e7455a",
},
{
"00000000000000000000000000000000",
"000000000000000000000000",
"",
"00000000000000000000000000000000",
"0388dace60b6a392f328c2b971b2fe78",
"ab6e47d42cec13bdf53a67b21257bddf",
},
{
"feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
"4d5c2af327cd64a62cf35abd2ba6fab4",
},
{
"feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
"5bc94fbc3221a5db94fae95ae7121a47",
},
{
"feffe9928665731c6d6a8f9467308308",
"cafebabefacedbad",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
"3612d2e79e3b0785561be14aaca2fccb",
},
{
"feffe9928665731c6d6a8f9467308308",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
"619cc5aefffe0bfa462af43c1699d050",
},
{
"000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"",
"",
"cd33b28ac773f74ba00ed1f312572435",
},
{
"000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"00000000000000000000000000000000",
"98e7247c07f0fe411c267e4384b0f600",
"2ff58d80033927ab8ef4d4587514f0fb",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"cafebabefacedbaddecaf888",
"",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
"9924a7c8587336bfb118024db8674a14",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"cafebabefacedbaddecaf888",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
"2519498e80f1478f37ba55bd6d27618c",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"cafebabefacedbad",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
"65dcc57fcf623a24094fcca40d3533f8",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
"dcf566ff291c25bbb8568fc3d376a6d9",
},
{
"0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"",
"",
"530f8afbc74536b9a963b4f1c4cb738b",
},
{
"0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
"",
"00000000000000000000000000000000",
"cea7403d4d606b6e074ec5d3baf39d18",
"d0d1c8a799996bf0265b98b5d48ab919",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
"b094dac5d93471bdec1a502270e3cc6c",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"cafebabefacedbaddecaf888",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
"76fc6ece0f4e1768cddf8853bb2d551b",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"cafebabefacedbad",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
"3a337dbf46a792c45e454913fe2ea8f2",
},
{
"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
},
}
for v, _ in test_vectors {
key, _ := hex.decode(transmute([]byte)(v.key), context.temp_allocator)
iv, _ := hex.decode(transmute([]byte)(v.iv), context.temp_allocator)
aad, _ := hex.decode(transmute([]byte)(v.aad), context.temp_allocator)
plaintext, _ := hex.decode(transmute([]byte)(v.plaintext), context.temp_allocator)
ciphertext, _ := hex.decode(transmute([]byte)(v.ciphertext), context.temp_allocator)
tag, _ := hex.decode(transmute([]byte)(v.tag), context.temp_allocator)
tag_ := make([]byte, len(tag), context.temp_allocator)
dst := make([]byte, len(ciphertext), context.temp_allocator)
ctx: aes.Context_GCM
aes.init_gcm(&ctx, key, impl)
aes.seal_gcm(&ctx, dst, tag_, iv, aad, plaintext)
dst_str := string(hex.encode(dst, context.temp_allocator))
tag_str := string(hex.encode(tag_, context.temp_allocator))
testing.expectf(
t,
dst_str == v.ciphertext && tag_str == v.tag,
"AES-GCM/%v: Expected: (%s, %s) for seal(%s, %s, %s, %s), but got (%s, %s) instead",
impl,
v.ciphertext,
v.tag,
v.key,
v.iv,
v.aad,
v.plaintext,
dst_str,
tag_str,
)
ok := aes.open_gcm(&ctx, dst, iv, aad, ciphertext, tag)
dst_str = string(hex.encode(dst, context.temp_allocator))
testing.expectf(
t,
ok && dst_str == v.plaintext,
"AES-GCM/%v: Expected: (%s, true) for open(%s, %s, %s, %s, %s), but got (%s, %v) instead",
impl,
v.plaintext,
v.key,
v.iv,
v.aad,
v.ciphertext,
v.tag,
dst_str,
ok,
)
}
}