crypto: Add support for AES-CTR

2026-02-13 04:48:20 +00:00 · 2019-11-04 17:07:14 -05:00 · 2019-11-04 17:07:14 -05:00 · 3d907b2943
commit 3d907b2943
parent 1657bead46
1 changed files with 47 additions and 0 deletions
--- a/lib/std/crypto/aes.zig
+++ b/lib/std/crypto/aes.zig
@ -115,6 +115,14 @@ pub fn decryptBlock(xk: []const u32, dst: []u8, src: []const u8) void {
    mem.writeIntSliceBig(u32, dst[12..16], s3);
 }

+fn xorBytes(dst: []u8, a: []const u8, b: []const u8) usize {
+    var n = std.math.min(dst.len, std.math.min(a.len, b.len));
+    for (dst[0..n]) |_, i| {
+        dst[i] = a[i] ^ b[i];
+    }
+    return n;
+}
+
 pub const AES128 = AES(128);
 pub const AES256 = AES(256);

@ -138,9 +146,48 @@ fn AES(comptime keysize: usize) type {
        pub fn decrypt(ctx: Self, dst: []u8, src: []const u8) void {
            decryptBlock(ctx.dec[0..], dst, src);
        }
+        pub fn ctr(ctx: Self, dst: []u8, src: []const u8, iv: [16]u8) void {
+            std.debug.assert(dst.len >= src.len);
+
+            var keystream: [16]u8 = undefined;
+            var ctrbuf = iv;
+            var n: usize = 0;
+            while (n < src.len) {
+                ctx.encrypt(keystream[0..], ctrbuf[0..]);
+                var ctr_i = std.mem.readIntSliceBig(u128, ctrbuf[0..]);
+                std.mem.writeIntSliceBig(u128, ctrbuf[0..], ctr_i +% 1);
+
+                n += xorBytes(dst[n..], src[n..], keystream);
+            }
+        }
    };
 }

+test "ctr" {
+    // NIST SP 800-38A pp 55-58
+    {
+        const key = [_]u8{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
+        const iv = [_]u8{ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff };
+        const in = [_]u8{
+            0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+            0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+            0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+            0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+        };
+        const exp_out = [_]u8{
+            0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
+            0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
+            0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
+            0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee,
+        };
+
+        var out: [exp_out.len]u8 = undefined;
+        var aes = AES128.init(key);
+        aes.ctr(out[0..], in[0..], iv);
+        testing.expectEqualSlices(u8, exp_out[0..], out[0..]);
+    }
+}
+
 test "encrypt" {
    // Appendix B
    {