mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2025-12-06 14:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypto/aes_ocb.zig: actually check against test vectors (#24835)

Browse Source 
And use the correct bit endianness for padding
This commit is contained in:
Frank Denis 2025-08-15 15:09:06 +02:00 committed by GitHub
parent e9eee8dace
commit c1eff72c4a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/std/crypto/aes_ocb.zig
View File

@ -76,7 +76,7 @@ fn AesOcb(comptime Aes: anytype) type {
xorWith(&offset, lx.star); xorWith(&offset, lx.star);
var padded = [_]u8{0} ** 16; var padded = [_]u8{0} ** 16;
@memcpy(padded[0..leftover], a[i * 16 ..][0..leftover]); @memcpy(padded[0..leftover], a[i * 16 ..][0..leftover]);
padded[leftover] = 1; padded[leftover] = 0x80;
var e = xorBlocks(offset, padded); var e = xorBlocks(offset, padded);
aes_enc_ctx.encrypt(&e, &e); aes_enc_ctx.encrypt(&e, &e);
xorWith(&sum, e); xorWith(&sum, e);
@ -259,6 +259,7 @@ fn xorWith(x: *Block, y: Block) void {
} }
const hexToBytes = std.fmt.hexToBytes; const hexToBytes = std.fmt.hexToBytes;
const testing = std.testing;
test "AesOcb test vector 1" { test "AesOcb test vector 1" {
if (builtin.zig_backend == .stage2_c) return error.SkipZigTest; if (builtin.zig_backend == .stage2_c) return error.SkipZigTest;
@ -296,6 +297,7 @@ test "AesOcb test vector 2" {
var expected_tag: [tag.len]u8 = undefined; var expected_tag: [tag.len]u8 = undefined;
_ = try hexToBytes(&expected_tag, "C5CD9D1850C141E358649994EE701B68"); _ = try hexToBytes(&expected_tag, "C5CD9D1850C141E358649994EE701B68");
try testing.expectEqualSlices(u8, &expected_tag, &tag);
var m: [0]u8 = undefined; var m: [0]u8 = undefined;
try Aes128Ocb.decrypt(&m, &c, tag, &ad, nonce, k); try Aes128Ocb.decrypt(&m, &c, tag, &ad, nonce, k);
} }
@ -319,6 +321,8 @@ test "AesOcb test vector 3" {
_ = try hexToBytes(&expected_tag, "479AD363AC366B95A98CA5F3000B1479"); _ = try hexToBytes(&expected_tag, "479AD363AC366B95A98CA5F3000B1479");
_ = try hexToBytes(&expected_c, "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E"); _ = try hexToBytes(&expected_c, "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E");
try testing.expectEqualSlices(u8, &expected_tag, &tag);
try testing.expectEqualSlices(u8, &expected_c, &c);
var m2: [m.len]u8 = undefined; var m2: [m.len]u8 = undefined;
try Aes128Ocb.decrypt(&m2, &c, tag, "", nonce, k); try Aes128Ocb.decrypt(&m2, &c, tag, "", nonce, k);
assert(mem.eql(u8, &m, &m2)); assert(mem.eql(u8, &m, &m2));
@ -331,19 +335,21 @@ test "AesOcb test vector 4" {
var nonce: [Aes128Ocb.nonce_length]u8 = undefined; var nonce: [Aes128Ocb.nonce_length]u8 = undefined;
var tag: [Aes128Ocb.tag_length]u8 = undefined; var tag: [Aes128Ocb.tag_length]u8 = undefined;
var m: [40]u8 = undefined; var m: [40]u8 = undefined;
var ad = m;
var c: [m.len]u8 = undefined; var c: [m.len]u8 = undefined;
_ = try hexToBytes(&k, "000102030405060708090A0B0C0D0E0F"); _ = try hexToBytes(&k, "000102030405060708090A0B0C0D0E0F");
_ = try hexToBytes(&m, "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627"); _ = try hexToBytes(&m, "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627");
_ = try hexToBytes(&nonce, "BBAA99887766554433221104"); _ = try hexToBytes(&nonce, "BBAA9988776655443322110D");
const ad = m;
Aes128Ocb.encrypt(&c, &tag, &m, &ad, nonce, k); Aes128Ocb.encrypt(&c, &tag, &m, &ad, nonce, k);
var expected_c: [c.len]u8 = undefined; var expected_c: [c.len]u8 = undefined;
var expected_tag: [tag.len]u8 = undefined; var expected_tag: [tag.len]u8 = undefined;
_ = try hexToBytes(&expected_tag, "3AD7A4FF3835B8C5701C1CCEC8FC3358"); _ = try hexToBytes(&expected_tag, "ED07BA06A4A69483A7035490C5769E60");
_ = try hexToBytes(&expected_c, "571D535B60B277188BE5147170A9A22C"); _ = try hexToBytes(&expected_c, "D5CA91748410C1751FF8A2F618255B68A0A12E093FF454606E59F9C1D0DDC54B65E8628E568BAD7A");
try testing.expectEqualSlices(u8, &expected_tag, &tag);
try testing.expectEqualSlices(u8, &expected_c, &c);
var m2: [m.len]u8 = undefined; var m2: [m.len]u8 = undefined;
try Aes128Ocb.decrypt(&m2, &c, tag, &ad, nonce, k); try Aes128Ocb.decrypt(&m2, &c, tag, &ad, nonce, k);
assert(mem.eql(u8, &m, &m2)); assert(mem.eql(u8, &m, &m2));