From ba1ad82c2b13aead2ec0c6450dd3b45420b84748 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Sat, 3 Aug 2024 03:05:45 +0900 Subject: [PATCH] core/crypto/aead: Initial import --- core/crypto/aead/aead.odin | 36 ++ core/crypto/aead/doc.odin | 58 +++ core/crypto/aead/low_level.odin | 187 ++++++++++ core/crypto/aes/aes_ctr.odin | 2 +- core/crypto/aes/aes_ecb.odin | 2 +- core/crypto/aes/aes_gcm.odin | 2 +- core/crypto/aes/aes_impl.odin | 4 + core/crypto/chacha20/chacha20.odin | 2 +- core/crypto/chacha20/chacha20_impl.odin | 4 + .../chacha20poly1305/chacha20poly1305.odin | 4 +- examples/all/all_main.odin | 2 + tests/core/crypto/test_core_crypto.odin | 185 +--------- tests/core/crypto/test_core_crypto_aead.odin | 339 ++++++++++++++++++ tests/core/crypto/test_core_crypto_aes.odin | 231 +----------- 14 files changed, 658 insertions(+), 400 deletions(-) create mode 100644 core/crypto/aead/aead.odin create mode 100644 core/crypto/aead/doc.odin create mode 100644 core/crypto/aead/low_level.odin create mode 100644 tests/core/crypto/test_core_crypto_aead.odin diff --git a/core/crypto/aead/aead.odin b/core/crypto/aead/aead.odin new file mode 100644 index 000000000..9b7d810e4 --- /dev/null +++ b/core/crypto/aead/aead.odin @@ -0,0 +1,36 @@ +package aead + +// seal_oneshot encrypts the plaintext and authenticates the aad and ciphertext, +// with the provided algorithm, key, and iv, stores the output in dst and tag. +// +// dst and plaintext MUST alias exactly or not at all. +seal_oneshot :: proc(algo: Algorithm, dst, tag, key, iv, aad, plaintext: []byte, impl: Implementation = nil) { + ctx: Context + init(&ctx, algo, key, impl) + defer reset(&ctx) + seal_ctx(&ctx, dst, tag, iv, aad, plaintext) +} + +// open authenticates the aad and ciphertext, and decrypts the ciphertext, +// with the provided algorithm, key, iv, and tag, and stores the output in dst, +// returning true iff the authentication was successful. If authentication +// fails, the destination buffer will be zeroed. +// +// dst and plaintext MUST alias exactly or not at all. +@(require_results) +open_oneshot :: proc(algo: Algorithm, dst, key, iv, aad, ciphertext, tag: []byte, impl: Implementation = nil) -> bool { + ctx: Context + init(&ctx, algo, key, impl) + defer reset(&ctx) + return open_ctx(&ctx, dst, iv, aad, ciphertext, tag) +} + +seal :: proc { + seal_ctx, + seal_oneshot, +} + +open :: proc { + open_ctx, + open_oneshot, +} diff --git a/core/crypto/aead/doc.odin b/core/crypto/aead/doc.odin new file mode 100644 index 000000000..388d31453 --- /dev/null +++ b/core/crypto/aead/doc.odin @@ -0,0 +1,58 @@ +/* +package aead provides a generic interface to the supported Authenticated +Encryption with Associated Data algorithms. + +Both a one-shot and context based interface are provided, with similar +usage. If multiple messages are to be sealed/opened via the same key, +the context based interface may be more efficient, depending on the +algorithm. + +WARNING: Reusing the same key + iv to seal (encrypt) multiple messages +results in catastrophic loss of security for most algorithms. + +```odin +package aead_example + +import "core:bytes" +import "core:crypto" +import "core:crypto/aead" + +main :: proc() { + algo := aead.Algorithm.XCHACHA20POLY1305 + + // The example added associated data, and plaintext. + aad_str := "Get your ass in gear boys." + pt_str := "They're immanetizing the Eschaton." + + aad := transmute([]byte)aad_str + plaintext := transmute([]byte)pt_str + pt_len := len(plaintext) + + // Generate a random key for the purposes of illustration. + key := make([]byte, aead.KEY_SIZES[algo]) + defer delete(key) + crypto.rand_bytes(key) + + // `ciphertext || tag`, is a common way data is transmitted, so + // demonstrate that. + buf := make([]byte, pt_len + aead.TAG_SIZES[algo]) + defer delete(buf) + ciphertext, tag := buf[:pt_len], buf[pt_len:] + + // Seal the AAD + Plaintext. + iv := make([]byte, aead.IV_SIZES[algo]) + defer delete(iv) + crypto.rand_bytes(iv) // Random IVs are safe with XChaCha20-Poly1305. + aead.seal(algo, ciphertext, tag, key, iv, aad, plaintext) + + // Open the AAD + Ciphertext. + opened_pt := buf[:pt_len] + if ok := aead.open(algo, opened_pt, key, iv, aad, ciphertext, tag); !ok { + panic("aead example: failed to open") + } + + assert(bytes.equal(opened_pt, plaintext)) +} +``` +*/ +package aead \ No newline at end of file diff --git a/core/crypto/aead/low_level.odin b/core/crypto/aead/low_level.odin new file mode 100644 index 000000000..38a0c84ba --- /dev/null +++ b/core/crypto/aead/low_level.odin @@ -0,0 +1,187 @@ +package aead + +import "core:crypto/aes" +import "core:crypto/chacha20" +import "core:crypto/chacha20poly1305" +import "core:reflect" + +// Implementation is an AEAD implementation. Most callers will not need +// to use this as the package will automatically select the most performant +// implementation available. +Implementation :: union { + aes.Implementation, + chacha20.Implementation, +} + +// MAX_TAG_SIZE is the maximum size tag that can be returned by any of the +// Algorithms supported via this package. +MAX_TAG_SIZE :: 16 + +// Algorithm is the algorithm identifier associated with a given Context. +Algorithm :: enum { + Invalid, + AES_GCM_128, + AES_GCM_192, + AES_GCM_256, + CHACHA20POLY1305, + XCHACHA20POLY1305, +} + +// ALGORITM_NAMES is the Agorithm to algorithm name string. +ALGORITHM_NAMES := [Algorithm]string { + .Invalid = "Invalid", + .AES_GCM_128 = "AES-GCM-128", + .AES_GCM_192 = "AES-GCM-192", + .AES_GCM_256 = "AES-GCM-256", + .CHACHA20POLY1305 = "chacha20poly1305", + .XCHACHA20POLY1305 = "xchacha20poly1305", +} + +// TAG_SIZES is the Algorithm to tag size in bytes. +TAG_SIZES := [Algorithm]int { + .Invalid = 0, + .AES_GCM_128 = aes.GCM_TAG_SIZE, + .AES_GCM_192 = aes.GCM_TAG_SIZE, + .AES_GCM_256 = aes.GCM_TAG_SIZE, + .CHACHA20POLY1305 = chacha20poly1305.TAG_SIZE, + .XCHACHA20POLY1305 = chacha20poly1305.TAG_SIZE, +} + +// KEY_SIZES is the Algorithm to key size in bytes. +KEY_SIZES := [Algorithm]int { + .Invalid = 0, + .AES_GCM_128 = aes.KEY_SIZE_128, + .AES_GCM_192 = aes.KEY_SIZE_192, + .AES_GCM_256 = aes.KEY_SIZE_256, + .CHACHA20POLY1305 = chacha20poly1305.KEY_SIZE, + .XCHACHA20POLY1305 = chacha20poly1305.KEY_SIZE, +} + +// IV_SIZES is the Algorithm to initialization vector size in bytes. +// +// Note: Some algorithms (such as AES-GCM) support variable IV sizes. +IV_SIZES := [Algorithm]int { + .Invalid = 0, + .AES_GCM_128 = aes.GCM_IV_SIZE, + .AES_GCM_192 = aes.GCM_IV_SIZE, + .AES_GCM_256 = aes.GCM_IV_SIZE, + .CHACHA20POLY1305 = chacha20poly1305.IV_SIZE, + .XCHACHA20POLY1305 = chacha20poly1305.XIV_SIZE, +} + +// Context is a concrete instantiation of a specific AEAD algorithm. +Context :: struct { + _algo: Algorithm, + _impl: union { + aes.Context_GCM, + chacha20poly1305.Context, + }, +} + +@(private) +_IMPL_IDS := [Algorithm]typeid { + .Invalid = nil, + .AES_GCM_128 = typeid_of(aes.Context_GCM), + .AES_GCM_192 = typeid_of(aes.Context_GCM), + .AES_GCM_256 = typeid_of(aes.Context_GCM), + .CHACHA20POLY1305 = typeid_of(chacha20poly1305.Context), + .XCHACHA20POLY1305 = typeid_of(chacha20poly1305.Context), +} + +// init initializes a Context with a specific AEAD Algorithm. +init :: proc(ctx: ^Context, algorithm: Algorithm, key: []byte, impl: Implementation = nil) { + if ctx._impl != nil { + reset(ctx) + } + + if len(key) != KEY_SIZES[algorithm] { + panic("crypto/aead: invalid key size") + } + + // Directly specialize the union by setting the type ID (save a copy). + reflect.set_union_variant_typeid( + ctx._impl, + _IMPL_IDS[algorithm], + ) + switch algorithm { + case .AES_GCM_128, .AES_GCM_192, .AES_GCM_256: + impl_ := impl != nil ? impl.(aes.Implementation) : aes.DEFAULT_IMPLEMENTATION + aes.init_gcm(&ctx._impl.(aes.Context_GCM), key, impl_) + case .CHACHA20POLY1305: + impl_ := impl != nil ? impl.(chacha20.Implementation) : chacha20.DEFAULT_IMPLEMENTATION + chacha20poly1305.init(&ctx._impl.(chacha20poly1305.Context), key, impl_) + case .XCHACHA20POLY1305: + impl_ := impl != nil ? impl.(chacha20.Implementation) : chacha20.DEFAULT_IMPLEMENTATION + chacha20poly1305.init_xchacha(&ctx._impl.(chacha20poly1305.Context), key, impl_) + case .Invalid: + panic("crypto/aead: uninitialized algorithm") + case: + panic("crypto/aead: invalid algorithm") + } + + ctx._algo = algorithm +} + +// seal_ctx encrypts the plaintext and authenticates the aad and ciphertext, +// with the provided Context and iv, stores the output in dst and tag. +// +// dst and plaintext MUST alias exactly or not at all. +seal_ctx :: proc(ctx: ^Context, dst, tag, iv, aad, plaintext: []byte) { + switch &impl in ctx._impl { + case aes.Context_GCM: + aes.seal_gcm(&impl, dst, tag, iv, aad, plaintext) + case chacha20poly1305.Context: + chacha20poly1305.seal(&impl, dst, tag, iv, aad, plaintext) + case: + panic("crypto/aead: uninitialized algorithm") + } +} + +// open_ctx authenticates the aad and ciphertext, and decrypts the ciphertext, +// with the provided Context, iv, and tag, and stores the output in dst, +// returning true iff the authentication was successful. If authentication +// fails, the destination buffer will be zeroed. +// +// dst and plaintext MUST alias exactly or not at all. +@(require_results) +open_ctx :: proc(ctx: ^Context, dst, iv, aad, ciphertext, tag: []byte) -> bool { + switch &impl in ctx._impl { + case aes.Context_GCM: + return aes.open_gcm(&impl, dst, iv, aad, ciphertext, tag) + case chacha20poly1305.Context: + return chacha20poly1305.open(&impl, dst, iv, aad, ciphertext, tag) + case: + panic("crypto/aead: uninitialized algorithm") + } +} + +// reset sanitizes the Context. The Context must be re-initialized to +// be used again. +reset :: proc(ctx: ^Context) { + switch &impl in ctx._impl { + case aes.Context_GCM: + aes.reset_gcm(&impl) + case chacha20poly1305.Context: + chacha20poly1305.reset(&impl) + case: + // Calling reset repeatedly is fine. + } + + ctx._algo = .Invalid + ctx._impl = nil +} + +// algorithm returns the Algorithm used by a Context instance. +algorithm :: proc(ctx: ^Context) -> Algorithm { + return ctx._algo +} + +// iv_size returns the IV size of a Context instance in bytes. +iv_size :: proc(ctx: ^Context) -> int { + return IV_SIZES[ctx._algo] +} + +// tag_size returns the tag size of a Context instance in bytes. +tag_size :: proc(ctx: ^Context) -> int { + return TAG_SIZES[ctx._algo] +} diff --git a/core/crypto/aes/aes_ctr.odin b/core/crypto/aes/aes_ctr.odin index 154ec0ada..20b75e57f 100644 --- a/core/crypto/aes/aes_ctr.odin +++ b/core/crypto/aes/aes_ctr.odin @@ -20,7 +20,7 @@ Context_CTR :: struct { } // init_ctr initializes a Context_CTR with the provided key and IV. -init_ctr :: proc(ctx: ^Context_CTR, key, iv: []byte, impl := Implementation.Hardware) { +init_ctr :: proc(ctx: ^Context_CTR, key, iv: []byte, impl := DEFAULT_IMPLEMENTATION) { if len(iv) != CTR_IV_SIZE { panic("crypto/aes: invalid CTR IV size") } diff --git a/core/crypto/aes/aes_ecb.odin b/core/crypto/aes/aes_ecb.odin index 498429e29..32476006c 100644 --- a/core/crypto/aes/aes_ecb.odin +++ b/core/crypto/aes/aes_ecb.odin @@ -12,7 +12,7 @@ Context_ECB :: struct { } // init_ecb initializes a Context_ECB with the provided key. -init_ecb :: proc(ctx: ^Context_ECB, key: []byte, impl := Implementation.Hardware) { +init_ecb :: proc(ctx: ^Context_ECB, key: []byte, impl := DEFAULT_IMPLEMENTATION) { init_impl(&ctx._impl, key, impl) ctx._is_initialized = true } diff --git a/core/crypto/aes/aes_gcm.odin b/core/crypto/aes/aes_gcm.odin index ed3bb4313..8616821ce 100644 --- a/core/crypto/aes/aes_gcm.odin +++ b/core/crypto/aes/aes_gcm.odin @@ -26,7 +26,7 @@ Context_GCM :: struct { } // init_gcm initializes a Context_GCM with the provided key. -init_gcm :: proc(ctx: ^Context_GCM, key: []byte, impl := Implementation.Hardware) { +init_gcm :: proc(ctx: ^Context_GCM, key: []byte, impl := DEFAULT_IMPLEMENTATION) { init_impl(&ctx._impl, key, impl) ctx._is_initialized = true } diff --git a/core/crypto/aes/aes_impl.odin b/core/crypto/aes/aes_impl.odin index 03747f1fb..f26874809 100644 --- a/core/crypto/aes/aes_impl.odin +++ b/core/crypto/aes/aes_impl.odin @@ -10,6 +10,10 @@ Context_Impl :: union { Context_Impl_Hardware, } +// DEFAULT_IMPLEMENTATION is the implementation that will be used by +// default if possible. +DEFAULT_IMPLEMENTATION :: Implementation.Hardware + // Implementation is an AES implementation. Most callers will not need // to use this as the package will automatically select the most performant // implementation available (See `is_hardware_accelerated()`). diff --git a/core/crypto/chacha20/chacha20.odin b/core/crypto/chacha20/chacha20.odin index e0dc1d1eb..6d1a6bfc5 100644 --- a/core/crypto/chacha20/chacha20.odin +++ b/core/crypto/chacha20/chacha20.odin @@ -26,7 +26,7 @@ Context :: struct { // init inititializes a Context for ChaCha20 or XChaCha20 with the provided // key and iv. -init :: proc(ctx: ^Context, key, iv: []byte, impl := Implementation.Simd256) { +init :: proc(ctx: ^Context, key, iv: []byte, impl := DEFAULT_IMPLEMENTATION) { if len(key) != KEY_SIZE { panic("crypto/chacha20: invalid (X)ChaCha20 key size") } diff --git a/core/crypto/chacha20/chacha20_impl.odin b/core/crypto/chacha20/chacha20_impl.odin index 79c9785f9..be2ee06b4 100644 --- a/core/crypto/chacha20/chacha20_impl.odin +++ b/core/crypto/chacha20/chacha20_impl.odin @@ -5,6 +5,10 @@ import "core:crypto/_chacha20/ref" import "core:crypto/_chacha20/simd128" import "core:crypto/_chacha20/simd256" +// DEFAULT_IMPLEMENTATION is the implementation that will be used by +// default if possible. +DEFAULT_IMPLEMENTATION :: Implementation.Simd256 + // Implementation is a ChaCha20 implementation. Most callers will not need // to use this as the package will automatically select the most performant // implementation available. diff --git a/core/crypto/chacha20poly1305/chacha20poly1305.odin b/core/crypto/chacha20poly1305/chacha20poly1305.odin index ad7a510a9..e2cd35a7e 100644 --- a/core/crypto/chacha20poly1305/chacha20poly1305.odin +++ b/core/crypto/chacha20poly1305/chacha20poly1305.odin @@ -70,7 +70,7 @@ Context :: struct { } // init initializes a Context with the provided key, for AEAD_CHACHA20_POLY1305. -init :: proc(ctx: ^Context, key: []byte, impl := chacha20.Implementation.Simd256) { +init :: proc(ctx: ^Context, key: []byte, impl := chacha20.DEFAULT_IMPLEMENTATION) { if len(key) != KEY_SIZE { panic("crypto/chacha20poly1305: invalid key size") } @@ -86,7 +86,7 @@ init :: proc(ctx: ^Context, key: []byte, impl := chacha20.Implementation.Simd256 // // Note: While there are multiple definitions of XChaCha20-Poly1305 // this sticks to the IETF draft and uses a 32-bit counter. -init_xchacha :: proc(ctx: ^Context, key: []byte, impl := chacha20.Implementation.Simd256) { +init_xchacha :: proc(ctx: ^Context, key: []byte, impl := chacha20.DEFAULT_IMPLEMENTATION) { init(ctx, key, impl) ctx._is_xchacha = true } diff --git a/examples/all/all_main.odin b/examples/all/all_main.odin index d92a6b8c4..62b891352 100644 --- a/examples/all/all_main.odin +++ b/examples/all/all_main.odin @@ -25,6 +25,7 @@ import rbtree "core:container/rbtree" import topological_sort "core:container/topological_sort" import crypto "core:crypto" +import aead "core:crypto/aead" import aes "core:crypto/aes" import blake2b "core:crypto/blake2b" import blake2s "core:crypto/blake2s" @@ -164,6 +165,7 @@ _ :: rbtree _ :: topological_sort _ :: crypto _ :: crypto_hash +_ :: aead _ :: aes _ :: blake2b _ :: blake2s diff --git a/tests/core/crypto/test_core_crypto.odin b/tests/core/crypto/test_core_crypto.odin index d0a324986..b3eb6e041 100644 --- a/tests/core/crypto/test_core_crypto.odin +++ b/tests/core/crypto/test_core_crypto.odin @@ -22,18 +22,24 @@ import "core:crypto" import chacha_simd128 "core:crypto/_chacha20/simd128" import chacha_simd256 "core:crypto/_chacha20/simd256" import "core:crypto/chacha20" -import "core:crypto/chacha20poly1305" import "core:crypto/sha2" -@(private = "file") +@(private) _PLAINTEXT_SUNSCREEN_STR := "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it." @(test) test_chacha20 :: proc(t: ^testing.T) { runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD() - impls := make([dynamic]chacha20.Implementation, 0, 3) - defer delete(impls) + impls := supported_chacha_impls() + + for impl in impls { + test_chacha20_stream(t, impl) + } +} + +supported_chacha_impls :: proc() -> [dynamic]chacha20.Implementation { + impls := make([dynamic]chacha20.Implementation, 0, 3, context.temp_allocator) append(&impls, chacha20.Implementation.Portable) if chacha_simd128.is_performant() { append(&impls, chacha20.Implementation.Simd128) @@ -42,11 +48,7 @@ test_chacha20 :: proc(t: ^testing.T) { append(&impls, chacha20.Implementation.Simd256) } - for impl in impls { - test_chacha20_stream(t, impl) - test_chacha20poly1305(t, impl) - test_xchacha20poly1305(t, impl) - } + return impls } test_chacha20_stream :: proc(t: ^testing.T, impl: chacha20.Implementation) { @@ -180,171 +182,6 @@ test_chacha20_stream :: proc(t: ^testing.T, impl: chacha20.Implementation) { ) } -test_chacha20poly1305 :: proc(t: ^testing.T, impl: chacha20.Implementation) { - plaintext := transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR) - plaintext_str := string(hex.encode(plaintext, context.temp_allocator)) - - aad := [12]byte { - 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, - 0xc4, 0xc5, 0xc6, 0xc7, - } - - key := [chacha20poly1305.KEY_SIZE]byte { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - } - - nonce := [chacha20poly1305.IV_SIZE]byte { - 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, - } - - ciphertext := [114]byte { - 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, - 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, - 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, - 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, - 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, - 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, - 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, - 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, - 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, - 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, - 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, - 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, - 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, - 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, - 0x61, 0x16, - } - ciphertext_str := string(hex.encode(ciphertext[:], context.temp_allocator)) - - tag := [chacha20poly1305.TAG_SIZE]byte { - 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, - 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91, - } - tag_str := string(hex.encode(tag[:], context.temp_allocator)) - - tag_ := make([]byte, chacha20poly1305.TAG_SIZE, context.temp_allocator) - dst := make([]byte, len(ciphertext), context.temp_allocator) - - ctx: chacha20poly1305.Context - chacha20poly1305.init(&ctx, key[:]) - - chacha20poly1305.seal(&ctx, dst, tag_, nonce[:], aad[:], plaintext) - dst_str := string(hex.encode(dst, context.temp_allocator)) - tag_str_ := string(hex.encode(tag_, context.temp_allocator)) - - testing.expectf( - t, - dst_str == ciphertext_str && tag_str_ == tag_str, - "chacha20poly1305/%v: Expected: (%s, %s) for seal(%x, %x, %x, %x), but got (%s, %s) instead", - impl, - ciphertext_str, - tag_str, - key, - nonce, - aad, - plaintext, - dst_str, - tag_str_, - ) - - ok := chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], ciphertext[:], tag[:]) - dst_str = string(hex.encode(dst, context.temp_allocator)) - - testing.expectf( - t, - ok && dst_str == plaintext_str, - "chacha20poly1305/%v: Expected: (%s, true) for open(%x, %x, %x, %x, %s), but got (%s, %v) instead", - impl, - plaintext_str, - key, - nonce, - aad, - ciphertext, - tag_str, - dst_str, - ok, - ) - - copy(dst, ciphertext[:]) - tag_[0] ~= 0xa5 - ok = chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], dst[:], tag_) - testing.expectf(t, !ok, "chacha20poly1305/%v: Expected false for open(bad_tag, aad, ciphertext)", impl) - - dst[0] ~= 0xa5 - ok = chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], dst[:], tag[:]) - testing.expectf(t, !ok, "chacha20poly1305/%v: Expected false for open(tag, aad, bad_ciphertext)", impl) - - copy(dst, ciphertext[:]) - aad[0] ~= 0xa5 - ok = chacha20poly1305.open(&ctx, dst, nonce[:], aad[:], dst[:], tag[:]) - testing.expectf(t, !ok, "chacha20poly1305/%v: Expected false for open(tag, bad_aad, ciphertext)", impl) -} - -test_xchacha20poly1305 :: proc(t: ^testing.T, impl: chacha20.Implementation) { - // Test case taken from: - // - https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha-03 - key_str := "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" - iv_str := "404142434445464748494a4b4c4d4e4f5051525354555657" - aad_str := "50515253c0c1c2c3c4c5c6c7" - plaintext_str := "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" - ciphertext_str := "bd6d179d3e83d43b9576579493c0e939572a1700252bfaccbed2902c21396cbb731c7f1b0b4aa6440bf3a82f4eda7e39ae64c6708c54c216cb96b72e1213b4522f8c9ba40db5d945b11b69b982c1bb9e3f3fac2bc369488f76b2383565d3fff921f9664c97637da9768812f615c68b13b52e" - tag_str := "c0875924c1c7987947deafd8780acf49" - - key, _ := hex.decode(transmute([]byte)(key_str), context.temp_allocator) - iv, _ := hex.decode(transmute([]byte)(iv_str), context.temp_allocator) - aad, _ := hex.decode(transmute([]byte)(aad_str), context.temp_allocator) - plaintext, _ := hex.decode(transmute([]byte)(plaintext_str), context.temp_allocator) - ciphertext, _ := hex.decode(transmute([]byte)(ciphertext_str), context.temp_allocator) - tag, _ := hex.decode(transmute([]byte)(tag_str), context.temp_allocator) - - tag_ := make([]byte, len(tag), context.temp_allocator) - dst := make([]byte, len(ciphertext), context.temp_allocator) - - ctx: chacha20poly1305.Context - chacha20poly1305.init_xchacha(&ctx, key, impl) - - chacha20poly1305.seal(&ctx, dst, tag_, iv, aad, plaintext) - dst_str := string(hex.encode(dst, context.temp_allocator)) - tag_str_ := string(hex.encode(tag_, context.temp_allocator)) - - testing.expectf( - t, - dst_str == ciphertext_str && tag_str_ == tag_str, - "xchacha20poly1305/%v: Expected: (%s, %s) for seal(%s, %s, %s, %s), but got (%s, %s) instead", - impl, - ciphertext_str, - tag_str, - key_str, - iv_str, - aad_str, - plaintext_str, - dst_str, - tag_str_, - ) - - ok := chacha20poly1305.open(&ctx, dst, iv, aad, ciphertext, tag) - dst_str = string(hex.encode(dst, context.temp_allocator)) - - testing.expectf( - t, - ok && dst_str == plaintext_str, - "xchacha20poly1305/%v: Expected: (%s, true) for open(%s, %s, %s, %s, %s), but got (%s, %v) instead", - impl, - plaintext_str, - key_str, - iv_str, - aad_str, - ciphertext_str, - tag_str, - dst_str, - ok, - ) -} - @(test) test_rand_bytes :: proc(t: ^testing.T) { if !crypto.HAS_RAND_BYTES { diff --git a/tests/core/crypto/test_core_crypto_aead.odin b/tests/core/crypto/test_core_crypto_aead.odin new file mode 100644 index 000000000..90eedc0b2 --- /dev/null +++ b/tests/core/crypto/test_core_crypto_aead.odin @@ -0,0 +1,339 @@ +package test_core_crypto + +import "base:runtime" +import "core:crypto/aead" +import "core:encoding/hex" +import "core:testing" + +@(test) +test_aead :: proc(t: ^testing.T) { + runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD() + + aes_impls := make([dynamic]aead.Implementation, context.temp_allocator) + for impl in supported_aes_impls() { + append(&aes_impls, impl) + } + chacha_impls := make([dynamic]aead.Implementation, context.temp_allocator) + for impl in supported_chacha_impls() { + append(&chacha_impls, impl) + } + impls := [aead.Algorithm][dynamic]aead.Implementation{ + .Invalid = nil, + .AES_GCM_128 = aes_impls, + .AES_GCM_192 = aes_impls, + .AES_GCM_256 = aes_impls, + .CHACHA20POLY1305 = chacha_impls, + .XCHACHA20POLY1305 = chacha_impls, + } + + test_vectors := []struct{ + algo: aead.Algorithm, + key: string, + iv: string, + aad: string, + plaintext: string, + ciphertext: string, + tag: string, + } { + // AES-GCM + // - https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf + // + // Note: NIST did a reorg of their site, so the source of the test vectors + // is only available from an archive. + { + .AES_GCM_128, + "00000000000000000000000000000000", + "000000000000000000000000", + "", + "", + "", + "58e2fccefa7e3061367f1d57a4e7455a", + }, + { + .AES_GCM_128, + "00000000000000000000000000000000", + "000000000000000000000000", + "", + "00000000000000000000000000000000", + "0388dace60b6a392f328c2b971b2fe78", + "ab6e47d42cec13bdf53a67b21257bddf", + }, + { + .AES_GCM_128, + "feffe9928665731c6d6a8f9467308308", + "cafebabefacedbaddecaf888", + "", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985", + "4d5c2af327cd64a62cf35abd2ba6fab4", + }, + { + .AES_GCM_128, + "feffe9928665731c6d6a8f9467308308", + "cafebabefacedbaddecaf888", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091", + "5bc94fbc3221a5db94fae95ae7121a47", + }, + { + .AES_GCM_128, + "feffe9928665731c6d6a8f9467308308", + "cafebabefacedbad", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598", + "3612d2e79e3b0785561be14aaca2fccb", + }, + { + .AES_GCM_128, + "feffe9928665731c6d6a8f9467308308", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5", + "619cc5aefffe0bfa462af43c1699d050", + }, + { + .AES_GCM_192, + "000000000000000000000000000000000000000000000000", + "000000000000000000000000", + "", + "", + "", + "cd33b28ac773f74ba00ed1f312572435", + }, + { + .AES_GCM_192, + "000000000000000000000000000000000000000000000000", + "000000000000000000000000", + "", + "00000000000000000000000000000000", + "98e7247c07f0fe411c267e4384b0f600", + "2ff58d80033927ab8ef4d4587514f0fb", + }, + { + .AES_GCM_192, + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "cafebabefacedbaddecaf888", + "", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256", + "9924a7c8587336bfb118024db8674a14", + }, + { + .AES_GCM_192, + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "cafebabefacedbaddecaf888", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710", + "2519498e80f1478f37ba55bd6d27618c", + }, + { + .AES_GCM_192, + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "cafebabefacedbad", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7", + "65dcc57fcf623a24094fcca40d3533f8", + }, + { + .AES_GCM_192, + "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b", + "dcf566ff291c25bbb8568fc3d376a6d9", + }, + { + .AES_GCM_256, + "0000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000", + "", + "", + "", + "530f8afbc74536b9a963b4f1c4cb738b", + }, + { + .AES_GCM_256, + "0000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000", + "", + "00000000000000000000000000000000", + "cea7403d4d606b6e074ec5d3baf39d18", + "d0d1c8a799996bf0265b98b5d48ab919", + }, + { + .AES_GCM_256, + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "cafebabefacedbaddecaf888", + "", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad", + "b094dac5d93471bdec1a502270e3cc6c", + }, + { + .AES_GCM_256, + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "cafebabefacedbaddecaf888", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662", + "76fc6ece0f4e1768cddf8853bb2d551b", + }, + { + .AES_GCM_256, + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "cafebabefacedbad", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f", + "3a337dbf46a792c45e454913fe2ea8f2", + }, + { + .AES_GCM_256, + "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f", + "a44a8266ee1c8eb0c8b5d4cf5ae9f19a", + }, + // Chacha20-Poly1305 + // https://www.rfc-editor.org/rfc/rfc8439 + { + .CHACHA20POLY1305, + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "070000004041424344454647", + "50515253c0c1c2c3c4c5c6c7", + string(hex.encode(transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR), context.temp_allocator)), + "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116", + "1ae10b594f09e26a7e902ecbd0600691", + }, + // XChaCha20-Poly1305-IETF + // - https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha-03 + { + .XCHACHA20POLY1305, + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "404142434445464748494a4b4c4d4e4f5051525354555657", + "50515253c0c1c2c3c4c5c6c7", + "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e", + "bd6d179d3e83d43b9576579493c0e939572a1700252bfaccbed2902c21396cbb731c7f1b0b4aa6440bf3a82f4eda7e39ae64c6708c54c216cb96b72e1213b4522f8c9ba40db5d945b11b69b982c1bb9e3f3fac2bc369488f76b2383565d3fff921f9664c97637da9768812f615c68b13b52e", + "c0875924c1c7987947deafd8780acf49", + }, + } + for v, _ in test_vectors { + algo_name := aead.ALGORITHM_NAMES[v.algo] + + key, _ := hex.decode(transmute([]byte)(v.key), context.temp_allocator) + iv, _ := hex.decode(transmute([]byte)(v.iv), context.temp_allocator) + aad, _ := hex.decode(transmute([]byte)(v.aad), context.temp_allocator) + plaintext, _ := hex.decode(transmute([]byte)(v.plaintext), context.temp_allocator) + ciphertext, _ := hex.decode(transmute([]byte)(v.ciphertext), context.temp_allocator) + tag, _ := hex.decode(transmute([]byte)(v.tag), context.temp_allocator) + + tag_ := make([]byte, len(tag), context.temp_allocator) + dst := make([]byte, len(ciphertext), context.temp_allocator) + + ctx: aead.Context + for impl in impls[v.algo] { + aead.init(&ctx, v.algo, key, impl) + + aead.seal(&ctx, dst, tag_, iv, aad, plaintext) + dst_str := string(hex.encode(dst, context.temp_allocator)) + tag_str := string(hex.encode(tag_, context.temp_allocator)) + testing.expectf( + t, + dst_str == v.ciphertext && tag_str == v.tag, + "%s/%v: Expected: (%s, %s) for seal_ctx(%s, %s, %s, %s), but got (%s, %s) instead", + algo_name, + impl, + v.ciphertext, + v.tag, + v.key, + v.iv, + v.aad, + v.plaintext, + dst_str, + tag_str, + ) + + aead.seal(v.algo, dst, tag_, key, iv, aad, plaintext, impl) + dst_str = string(hex.encode(dst, context.temp_allocator)) + tag_str = string(hex.encode(tag_, context.temp_allocator)) + testing.expectf( + t, + dst_str == v.ciphertext && tag_str == v.tag, + "%s/%v: Expected: (%s, %s) for seal_oneshot(%s, %s, %s, %s), but got (%s, %s) instead", + algo_name, + impl, + v.ciphertext, + v.tag, + v.key, + v.iv, + v.aad, + v.plaintext, + dst_str, + tag_str, + ) + + ok := aead.open(&ctx, dst, iv, aad, ciphertext, tag) + dst_str = string(hex.encode(dst, context.temp_allocator)) + testing.expectf( + t, + ok && dst_str == v.plaintext, + "%s/%v: Expected: (%s, true) for open_ctx(%s, %s, %s, %s, %s), but got (%s, %v) instead", + algo_name, + impl, + v.plaintext, + v.key, + v.iv, + v.aad, + v.ciphertext, + v.tag, + dst_str, + ok, + ) + + ok = aead.open(v.algo, dst, key, iv, aad, ciphertext, tag, impl) + dst_str = string(hex.encode(dst, context.temp_allocator)) + testing.expectf( + t, + ok && dst_str == v.plaintext, + "%s/%v: Expected: (%s, true) for open_oneshot(%s, %s, %s, %s, %s), but got (%s, %v) instead", + algo_name, + impl, + v.plaintext, + v.key, + v.iv, + v.aad, + v.ciphertext, + v.tag, + dst_str, + ok, + ) + + tag_[0] ~= 0xa5 + ok = aead.open(&ctx, dst, iv, aad, ciphertext, tag_) + testing.expectf(t, !ok, "%s/%v: Expected false for open(bad_tag, aad, ciphertext)", algo_name, impl) + + if len(dst) > 0 { + copy(dst, ciphertext[:]) + dst[0] ~= 0xa5 + ok = aead.open(&ctx, dst, iv, aad, dst, tag) + testing.expectf(t, !ok, "%s/%v: Expected false for open(tag, aad, bad_ciphertext)", algo_name, impl) + } + + if len(aad) > 0 { + aad_ := make([]byte, len(aad), context.temp_allocator) + copy(aad_, aad) + aad_[0] ~= 0xa5 + ok = aead.open(&ctx, dst, iv, aad_, ciphertext, tag) + testing.expectf(t, !ok, "%s/%v: Expected false for open(tag, bad_aad, ciphertext)", algo_name, impl) + } + } + } +} diff --git a/tests/core/crypto/test_core_crypto_aes.odin b/tests/core/crypto/test_core_crypto_aes.odin index d1766badc..b68b30976 100644 --- a/tests/core/crypto/test_core_crypto_aes.odin +++ b/tests/core/crypto/test_core_crypto_aes.odin @@ -12,18 +12,22 @@ import "core:crypto/sha2" test_aes :: proc(t: ^testing.T) { runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD() - impls := make([dynamic]aes.Implementation, 0, 2) - defer delete(impls) + impls := supported_aes_impls() + + for impl in impls { + test_aes_ecb(t, impl) + test_aes_ctr(t, impl) + } +} + +supported_aes_impls :: proc() -> [dynamic]aes.Implementation { + impls := make([dynamic]aes.Implementation, 0, 2, context.temp_allocator) append(&impls, aes.Implementation.Portable) if aes.is_hardware_accelerated() { append(&impls, aes.Implementation.Hardware) } - for impl in impls { - test_aes_ecb(t, impl) - test_aes_ctr(t, impl) - test_aes_gcm(t, impl) - } + return impls } test_aes_ecb :: proc(t: ^testing.T, impl: aes.Implementation) { @@ -222,216 +226,3 @@ test_aes_ctr :: proc(t: ^testing.T, impl: aes.Implementation) { digest_str, ) } - -test_aes_gcm :: proc(t: ^testing.T, impl: aes.Implementation) { - log.debugf("Testing AES-GCM/%v", impl) - - // NIST did a reorg of their site, so the source of the test vectors - // is only available from an archive. - // - // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf - test_vectors := []struct { - key: string, - iv: string, - aad: string, - plaintext: string, - ciphertext: string, - tag: string, - } { - { - "00000000000000000000000000000000", - "000000000000000000000000", - "", - "", - "", - "58e2fccefa7e3061367f1d57a4e7455a", - }, - { - "00000000000000000000000000000000", - "000000000000000000000000", - "", - "00000000000000000000000000000000", - "0388dace60b6a392f328c2b971b2fe78", - "ab6e47d42cec13bdf53a67b21257bddf", - }, - { - "feffe9928665731c6d6a8f9467308308", - "cafebabefacedbaddecaf888", - "", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", - "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985", - "4d5c2af327cd64a62cf35abd2ba6fab4", - }, - { - "feffe9928665731c6d6a8f9467308308", - "cafebabefacedbaddecaf888", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091", - "5bc94fbc3221a5db94fae95ae7121a47", - }, - { - "feffe9928665731c6d6a8f9467308308", - "cafebabefacedbad", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598", - "3612d2e79e3b0785561be14aaca2fccb", - }, - { - "feffe9928665731c6d6a8f9467308308", - "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5", - "619cc5aefffe0bfa462af43c1699d050", - }, - { - "000000000000000000000000000000000000000000000000", - "000000000000000000000000", - "", - "", - "", - "cd33b28ac773f74ba00ed1f312572435", - }, - { - "000000000000000000000000000000000000000000000000", - "000000000000000000000000", - "", - "00000000000000000000000000000000", - "98e7247c07f0fe411c267e4384b0f600", - "2ff58d80033927ab8ef4d4587514f0fb", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c", - "cafebabefacedbaddecaf888", - "", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", - "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256", - "9924a7c8587336bfb118024db8674a14", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c", - "cafebabefacedbaddecaf888", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710", - "2519498e80f1478f37ba55bd6d27618c", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c", - "cafebabefacedbad", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7", - "65dcc57fcf623a24094fcca40d3533f8", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c", - "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b", - "dcf566ff291c25bbb8568fc3d376a6d9", - }, - { - "0000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000", - "", - "", - "", - "530f8afbc74536b9a963b4f1c4cb738b", - }, - { - "0000000000000000000000000000000000000000000000000000000000000000", - "000000000000000000000000", - "", - "00000000000000000000000000000000", - "cea7403d4d606b6e074ec5d3baf39d18", - "d0d1c8a799996bf0265b98b5d48ab919", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", - "cafebabefacedbaddecaf888", - "", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", - "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad", - "b094dac5d93471bdec1a502270e3cc6c", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", - "cafebabefacedbaddecaf888", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662", - "76fc6ece0f4e1768cddf8853bb2d551b", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", - "cafebabefacedbad", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f", - "3a337dbf46a792c45e454913fe2ea8f2", - }, - { - "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", - "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", - "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f", - "a44a8266ee1c8eb0c8b5d4cf5ae9f19a", - }, - } - for v, _ in test_vectors { - key, _ := hex.decode(transmute([]byte)(v.key), context.temp_allocator) - iv, _ := hex.decode(transmute([]byte)(v.iv), context.temp_allocator) - aad, _ := hex.decode(transmute([]byte)(v.aad), context.temp_allocator) - plaintext, _ := hex.decode(transmute([]byte)(v.plaintext), context.temp_allocator) - ciphertext, _ := hex.decode(transmute([]byte)(v.ciphertext), context.temp_allocator) - tag, _ := hex.decode(transmute([]byte)(v.tag), context.temp_allocator) - - tag_ := make([]byte, len(tag), context.temp_allocator) - dst := make([]byte, len(ciphertext), context.temp_allocator) - - ctx: aes.Context_GCM - aes.init_gcm(&ctx, key, impl) - - aes.seal_gcm(&ctx, dst, tag_, iv, aad, plaintext) - dst_str := string(hex.encode(dst, context.temp_allocator)) - tag_str := string(hex.encode(tag_, context.temp_allocator)) - - testing.expectf( - t, - dst_str == v.ciphertext && tag_str == v.tag, - "AES-GCM/%v: Expected: (%s, %s) for seal(%s, %s, %s, %s), but got (%s, %s) instead", - impl, - v.ciphertext, - v.tag, - v.key, - v.iv, - v.aad, - v.plaintext, - dst_str, - tag_str, - ) - - ok := aes.open_gcm(&ctx, dst, iv, aad, ciphertext, tag) - dst_str = string(hex.encode(dst, context.temp_allocator)) - - testing.expectf( - t, - ok && dst_str == v.plaintext, - "AES-GCM/%v: Expected: (%s, true) for open(%s, %s, %s, %s, %s), but got (%s, %v) instead", - impl, - v.plaintext, - v.key, - v.iv, - v.aad, - v.ciphertext, - v.tag, - dst_str, - ok, - ) - } -}