diff options
| author | Frank Denis <github@pureftpd.org> | 2020-08-15 08:38:44 +0200 |
|---|---|---|
| committer | Andrew Kelley <andrew@ziglang.org> | 2020-08-16 22:35:27 -0700 |
| commit | ed558bfbaa737b187d894eddb8573cde15a3fb33 (patch) | |
| tree | ea741ebad482cb9bfb1d5a13413d62bbc82fd428 | |
| parent | dd8f7b396c24d78168d9582364ab5b3b4606ccc5 (diff) | |
| download | zig-ed558bfbaa737b187d894eddb8573cde15a3fb33.tar.gz zig-ed558bfbaa737b187d894eddb8573cde15a3fb33.zip | |
Address @daurnimator feedback
| -rw-r--r-- | lib/std/crypto/25519/curve25519.zig | 19 | ||||
| -rw-r--r-- | lib/std/crypto/25519/ed25519.zig | 8 | ||||
| -rw-r--r-- | lib/std/crypto/25519/edwards25519.zig | 19 | ||||
| -rw-r--r-- | lib/std/crypto/25519/field.zig | 33 | ||||
| -rw-r--r-- | lib/std/crypto/25519/ristretto255.zig | 33 | ||||
| -rw-r--r-- | lib/std/crypto/25519/scalar.zig | 39 | ||||
| -rw-r--r-- | lib/std/crypto/25519/x25519.zig | 34 |
7 files changed, 79 insertions, 106 deletions
diff --git a/lib/std/crypto/25519/curve25519.zig b/lib/std/crypto/25519/curve25519.zig index 4fb569ccfb..8b8f8a5586 100644 --- a/lib/std/crypto/25519/curve25519.zig +++ b/lib/std/crypto/25519/curve25519.zig @@ -21,7 +21,7 @@ pub const Curve25519 = struct { /// Return the Curve25519 base point. pub inline fn basePoint() Curve25519 { - return .{ .x = Fe.curve25519BasePoint() }; + return .{ .x = Fe.curve25519BasePoint }; } /// Check that the encoding of a Curve25519 point is canonical. @@ -38,10 +38,10 @@ pub const Curve25519 = struct { fn ladder(p: Curve25519, s: [32]u8, comptime bits: usize) !Curve25519 { var x1 = p.x; - var x2 = Fe.one(); - var z2 = Fe.zero(); + var x2 = Fe.one; + var z2 = Fe.zero; var x3 = x1; - var z3 = Fe.one(); + var z3 = Fe.one; var swap: u8 = 0; var pos: usize = bits - 1; while (true) { @@ -76,7 +76,7 @@ pub const Curve25519 = struct { if (x2.isZero()) { return error.IdentityElement; } - return Curve25519 { .x = x2 }; + return Curve25519{ .x = x2 }; } /// Multiply a Curve25519 point by a scalar after "clamping" it. @@ -88,7 +88,7 @@ pub const Curve25519 = struct { pub fn clampedMul(p: Curve25519, s: [32]u8) !Curve25519 { var t: [32]u8 = s; scalar.clamp(&t); - return ladder(p, t, 255); + return try ladder(p, t, 255); } /// Multiply a Curve25519 point by a scalar without clamping it. @@ -98,7 +98,7 @@ pub const Curve25519 = struct { pub fn mul(p: Curve25519, s: [32]u8) !Curve25519 { const cofactor = [_]u8{8} ++ [_]u8{0} ** 31; _ = ladder(p, cofactor, 4) catch |_| return error.WeakPublicKey; - return ladder(p, s, 256); + return try ladder(p, s, 256); } }; @@ -107,10 +107,9 @@ test "curve25519" { const p = try Curve25519.basePoint().clampedMul(s); try p.rejectIdentity(); var buf: [128]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{p.toBytes()}), "E6F2A4D1C28EE5C7AD0329268255A468AD407D2672824C0C0EB30EA6EF450145"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{p.toBytes()}), "E6F2A4D1C28EE5C7AD0329268255A468AD407D2672824C0C0EB30EA6EF450145"); const q = try p.clampedMul(s); - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{q.toBytes()}), "3614E119FFE55EC55B87D6B19971A9F4CBC78EFE80BEC55B96392BABCC712537"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{q.toBytes()}), "3614E119FFE55EC55B87D6B19971A9F4CBC78EFE80BEC55B96392BABCC712537"); try Curve25519.rejectNonCanonical(s); s[31] |= 0x80; diff --git a/lib/std/crypto/25519/ed25519.zig b/lib/std/crypto/25519/ed25519.zig index f174fd8581..669bb94480 100644 --- a/lib/std/crypto/25519/ed25519.zig +++ b/lib/std/crypto/25519/ed25519.zig @@ -107,11 +107,10 @@ test "ed25519 key pair creation" { try fmt.hexToBytes(seed[0..], "8052030376d47112be7f73ed7a019293dd12ad910b654455798b4667d73de166"); const key_pair = try Ed25519.createKeyPair(seed); var buf: [256]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{key_pair}), "8052030376D47112BE7F73ED7A019293DD12AD910B654455798B4667D73DE1662D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{key_pair}), "8052030376D47112BE7F73ED7A019293DD12AD910B654455798B4667D73DE1662D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083"); const public_key = Ed25519.publicKey(key_pair); - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{public_key}), "2D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{public_key}), "2D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083"); } test "ed25519 signature" { @@ -121,8 +120,7 @@ test "ed25519 signature" { const sig = try Ed25519.sign("test", key_pair, null); var buf: [128]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{sig}), "10A442B4A80CC4225B154F43BEF28D2472CA80221951262EB8E0DF9091575E2687CC486E77263C3418C757522D54F84B0359236ABBBD4ACD20DC297FDCA66808"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{sig}), "10A442B4A80CC4225B154F43BEF28D2472CA80221951262EB8E0DF9091575E2687CC486E77263C3418C757522D54F84B0359236ABBBD4ACD20DC297FDCA66808"); const public_key = Ed25519.publicKey(key_pair); try Ed25519.verify(sig, "test", public_key); std.testing.expectError(error.InvalidSignature, Ed25519.verify(sig, "TEST", public_key)); diff --git a/lib/std/crypto/25519/edwards25519.zig b/lib/std/crypto/25519/edwards25519.zig index 3d21af40e5..3f2ede511a 100644 --- a/lib/std/crypto/25519/edwards25519.zig +++ b/lib/std/crypto/25519/edwards25519.zig @@ -17,10 +17,10 @@ pub const Edwards25519 = struct { /// Decode an Edwards25519 point from its compressed (Y+sign) coordinates. pub fn fromBytes(s: [32]u8) !Edwards25519 { - const z = Fe.one(); + const z = Fe.one; const y = Fe.fromBytes(s); var u = y.sq(); - var v = u.mul(Fe.edwards25519d()); + var v = u.mul(Fe.edwards25519d); u = u.sub(z); v = v.add(z); const v3 = v.sq().mul(v); @@ -31,10 +31,10 @@ pub const Edwards25519 = struct { if ((@boolToInt(has_m_root) | @boolToInt(has_p_root)) == 0) { return error.InvalidEncoding; } - x.cMov(x.mul(Fe.sqrtm1()), 1 - @boolToInt(has_m_root)); + x.cMov(x.mul(Fe.sqrtm1), 1 - @boolToInt(has_m_root)); x.cMov(x.neg(), @boolToInt(x.isNegative()) ^ (s[31] >> 7)); const t = x.mul(y); - return Edwards25519 { .x = x, .y = y, .z = z, .t = t }; + return Edwards25519{ .x = x, .y = y, .z = z, .t = t }; } /// Encode an Edwards25519 point. @@ -55,14 +55,14 @@ pub const Edwards25519 = struct { return .{ .x = Fe{ .limbs = .{ 3990542415680775, 3398198340507945, 4322667446711068, 2814063955482877, 2839572215813860 } }, .y = Fe{ .limbs = .{ 1801439850948184, 1351079888211148, 450359962737049, 900719925474099, 1801439850948198 } }, - .z = Fe.one(), + .z = Fe.one, .t = Fe{ .limbs = .{ 1841354044333475, 16398895984059, 755974180946558, 900171276175154, 1821297809914039 } }, .is_base = true, }; } inline fn identityElement() Edwards25519 { - return .{ .x = Fe.zero(), .y = Fe.one(), .z = Fe.one(), .t = Fe.zero() }; + return .{ .x = Fe.zero, .y = Fe.one, .z = Fe.one, .t = Fe.zero }; } /// Reject the neutral element. @@ -98,7 +98,7 @@ pub const Edwards25519 = struct { pub inline fn add(p: Edwards25519, q: Edwards25519) Edwards25519 { const a = p.y.sub(p.x).mul(q.y.sub(q.x)); const b = p.x.add(p.y).mul(q.x.add(q.y)); - const c = p.t.mul(q.t).mul(Fe.edwards25519d2()); + const c = p.t.mul(q.t).mul(Fe.edwards25519d2); var d = p.z.mul(q.z); d = d.add(d); const x = b.sub(a); @@ -124,7 +124,7 @@ pub const Edwards25519 = struct { var t = Edwards25519.identityElement(); comptime var i: u8 = 0; inline while (i < 16) : (i += 1) { - t.cMov(pc[i], ((@intCast(usize, (b ^ i)) -% 1) >> 8) & 1); + t.cMov(pc[i], ((@as(usize, (b ^ i)) -% 1) >> 8) & 1); } return t; } @@ -191,8 +191,7 @@ test "edwards25519 packing/unpacking" { var b = Edwards25519.basePoint(); const pk = try b.mul(s); var buf: [128]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{pk.toBytes()}), "074BC7E0FCBD587FDBC0969444245FADC562809C8F6E97E949AF62484B5B81A6"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{pk.toBytes()}), "074BC7E0FCBD587FDBC0969444245FADC562809C8F6E97E949AF62484B5B81A6"); const small_order_ss: [7][32]u8 = .{ .{ diff --git a/lib/std/crypto/25519/field.zig b/lib/std/crypto/25519/field.zig index fe5c28056a..59aa1e3ba9 100644 --- a/lib/std/crypto/25519/field.zig +++ b/lib/std/crypto/25519/field.zig @@ -7,34 +7,19 @@ pub const Fe = struct { const MASK51: u64 = 0x7ffffffffffff; - pub inline fn zero() Fe { - return .{ .limbs = .{ 0, 0, 0, 0, 0 } }; - } + pub const zero = Fe{ .limbs = .{ 0, 0, 0, 0, 0 } }; - pub inline fn one() Fe { - return .{ .limbs = .{ 1, 0, 0, 0, 0 } }; - } + pub const one = Fe{ .limbs = .{ 1, 0, 0, 0, 0 } }; - pub inline fn sqrtm1() Fe { - return .{ .limbs = .{ 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 } }; // sqrt(-1) - } + pub const sqrtm1 = Fe{ .limbs = .{ 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 } }; // sqrt(-1) - pub inline fn curve25519BasePoint() Fe { - return .{ .limbs = .{ 9, 0, 0, 0, 0 } }; - } + pub const curve25519BasePoint = Fe{ .limbs = .{ 9, 0, 0, 0, 0 } }; - pub inline fn edwards25519d() Fe { - return .{ .limbs = .{ 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 } }; // 37095705934669439343138083508754565189542113879843219016388785533085940283555 - } + pub const edwards25519d = Fe{ .limbs = .{ 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 } }; // 37095705934669439343138083508754565189542113879843219016388785533085940283555 - pub inline fn edwards25519d2() Fe { - return .{ .limbs = .{ 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 } }; // 2d - } + pub const edwards25519d2 = Fe{ .limbs = .{ 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 } }; // 2d - // 1/sqrt(a-d) - pub inline fn edwards25519sqrtamd() Fe { - return .{ .limbs = .{ 278908739862762, 821645201101625, 8113234426968, 1777959178193151, 2118520810568447 } }; - } + pub const edwards25519sqrtamd = Fe{ .limbs = .{ 278908739862762, 821645201101625, 8113234426968, 1777959178193151, 2118520810568447 } }; // 1/sqrt(a-d) pub inline fn isZero(fe: Fe) bool { var reduced = fe; @@ -77,7 +62,7 @@ pub const Fe = struct { c |= s[i] ^ 0xff; } c = (c -% 1) >> 8; - const d = (@intCast(u16, 0xed - 1) -% @intCast(u16, s[0])) >> 8; + const d = (@as(u16, 0xed - 1) -% @as(u16, s[0])) >> 8; const x = if (ignore_extra_bit) 0 else s[31] >> 7; if ((((c & d) | x) & 1) != 0) { return error.NonCanonical; @@ -148,7 +133,7 @@ pub const Fe = struct { } pub inline fn neg(a: Fe) Fe { - return zero().sub(a); + return zero.sub(a); } pub inline fn isNegative(a: Fe) bool { diff --git a/lib/std/crypto/25519/ristretto255.zig b/lib/std/crypto/25519/ristretto255.zig index 997b3085c9..0bb8e1c92a 100644 --- a/lib/std/crypto/25519/ristretto255.zig +++ b/lib/std/crypto/25519/ristretto255.zig @@ -18,11 +18,11 @@ pub const Ristretto255 = struct { const vxx = x.sq().mul(v); // vx^2 const m_root_check = vxx.sub(u); // vx^2-u const p_root_check = vxx.add(u); // vx^2+u - const f_root_check = u.mul(Fe.sqrtm1()).add(vxx); // vx^2+u*sqrt(-1) + const f_root_check = u.mul(Fe.sqrtm1).add(vxx); // vx^2+u*sqrt(-1) const has_m_root = m_root_check.isZero(); const has_p_root = p_root_check.isZero(); const has_f_root = f_root_check.isZero(); - const x_sqrtm1 = x.mul(Fe.sqrtm1()); // x*sqrt(-1) + const x_sqrtm1 = x.mul(Fe.sqrtm1); // x*sqrt(-1) x.cMov(x_sqrtm1, @boolToInt(has_p_root) | @boolToInt(has_f_root)); x = x.abs(); if ((@boolToInt(has_m_root) | @boolToInt(has_p_root)) == 0) { @@ -53,13 +53,13 @@ pub const Ristretto255 = struct { try rejectNonCanonical(s); const s_ = Fe.fromBytes(s); const ss = s_.sq(); // s^2 - const u1_ = Fe.one().sub(ss); // (1-s^2) + const u1_ = Fe.one.sub(ss); // (1-s^2) const u1u1 = u1_.sq(); // (1-s^2)^2 - const u2_ = Fe.one().add(ss); // (1+s^2) + const u2_ = Fe.one.add(ss); // (1+s^2) const u2u2 = u2_.sq(); // (1+s^2)^2 - const v = Fe.edwards25519d().mul(u1u1).neg().sub(u2u2); // -(d*u1^2)-u2^2 + const v = Fe.edwards25519d.mul(u1u1).neg().sub(u2u2); // -(d*u1^2)-u2^2 const v_u2u2 = v.mul(u2u2); // v*u2^2 - const inv_sqrt = sqrtRatioM1(Fe.one(), v_u2u2) catch |e| { + const inv_sqrt = sqrtRatioM1(Fe.one, v_u2u2) catch |e| { return error.InvalidEncoding; }; var x = inv_sqrt.mul(u2_); @@ -73,10 +73,10 @@ pub const Ristretto255 = struct { const p: Curve = .{ .x = x, .y = y, - .z = Fe.one(), + .z = Fe.one, .t = t, }; - return Ristretto255 { .p = p }; + return Ristretto255{ .p = p }; } /// Encode to a Ristretto255 representative. @@ -87,13 +87,13 @@ pub const Ristretto255 = struct { u1_ = u1_.mul(zmy); // (Z+Y)*(Z-Y) const u2_ = p.x.mul(p.y); // X*Y const u1_u2u2 = u2_.sq().mul(u1_); // u1*u2^2 - const inv_sqrt = sqrtRatioM1(Fe.one(), u1_u2u2) catch unreachable; + const inv_sqrt = sqrtRatioM1(Fe.one, u1_u2u2) catch unreachable; const den1 = inv_sqrt.mul(u1_); const den2 = inv_sqrt.mul(u2_); const z_inv = den1.mul(den2).mul(p.t); // den1*den2*T - const ix = p.x.mul(Fe.sqrtm1()); // X*sqrt(-1) - const iy = p.y.mul(Fe.sqrtm1()); // Y*sqrt(-1) - const eden = den1.mul(Fe.edwards25519sqrtamd()); // den1/sqrt(a-d) + const ix = p.x.mul(Fe.sqrtm1); // X*sqrt(-1) + const iy = p.y.mul(Fe.sqrtm1); // Y*sqrt(-1) + const eden = den1.mul(Fe.edwards25519sqrtamd); // den1/sqrt(a-d) const t_z_inv = p.t.mul(z_inv); // T*z_inv const rotate = @boolToInt(t_z_inv.isNegative()); @@ -125,23 +125,22 @@ pub const Ristretto255 = struct { /// Return error.WeakPublicKey if the resulting element is /// the identity element. pub inline fn mul(p: Ristretto255, s: [32]u8) !Ristretto255 { - return Ristretto255 { .p = try p.p.mul(s) }; + return Ristretto255{ .p = try p.p.mul(s) }; } }; test "ristretto255" { const p = Ristretto255.basePoint(); var buf: [256]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{p.toBytes()}), "E2F2AE0A6ABC4E71A884A961C500515F58E30B6AA582DD8DB6A65945E08D2D76"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{p.toBytes()}), "E2F2AE0A6ABC4E71A884A961C500515F58E30B6AA582DD8DB6A65945E08D2D76"); var r: [32]u8 = undefined; try fmt.hexToBytes(r[0..], "6a493210f7499cd17fecb510ae0cea23a110e8d5b901f8acadd3095c73a3b919"); var q = try Ristretto255.fromBytes(r); q = q.dbl().add(p); - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{q.toBytes()}), "E882B131016B52C1D3337080187CF768423EFCCBB517BB495AB812C4160FF44E"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{q.toBytes()}), "E882B131016B52C1D3337080187CF768423EFCCBB517BB495AB812C4160FF44E"); const s = [_]u8{15} ++ [_]u8{0} ** 31; const w = try p.mul(s); - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{w.toBytes()}), "E0C418F7C8D9C4CDD7395B93EA124F3AD99021BB681DFC3302A9D99A2E53E64E"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{w.toBytes()}), "E0C418F7C8D9C4CDD7395B93EA124F3AD99021BB681DFC3302A9D99A2E53E64E"); } diff --git a/lib/std/crypto/25519/scalar.zig b/lib/std/crypto/25519/scalar.zig index 6971b43489..c3340ab61e 100644 --- a/lib/std/crypto/25519/scalar.zig +++ b/lib/std/crypto/25519/scalar.zig @@ -1,20 +1,17 @@ const std = @import("std"); const mem = std.mem; -inline fn fieldSize() [32]u8 { - return .{ - 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, // 2^252+27742317777372353535851937790883648493 - }; -} +const field_size = [32]u8{ + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, // 2^252+27742317777372353535851937790883648493 +}; const ScalarExpanded = struct { - const L = fieldSize(); limbs: [64]i64 = [_]i64{0} ** 64, fn fromBytes(s: [32]u8) ScalarExpanded { var limbs: [64]i64 = undefined; for (s) |x, idx| { - limbs[idx] = @intCast(i64, x); + limbs[idx] = @as(i64, x); } mem.set(i64, limbs[32..], 0); return .{ .limbs = limbs }; @@ -23,7 +20,7 @@ const ScalarExpanded = struct { fn fromBytes64(s: [64]u8) ScalarExpanded { var limbs: [64]i64 = undefined; for (s) |x, idx| { - limbs[idx] = @intCast(i64, x); + limbs[idx] = @as(i64, x); } return .{ .limbs = limbs }; } @@ -38,7 +35,7 @@ const ScalarExpanded = struct { const xi = limbs[i]; var j = i - 32; while (j < k) : (j += 1) { - const xj = limbs[j] + carry - 16 * xi * @intCast(i64, L[j - (i - 32)]); + const xj = limbs[j] + carry - 16 * xi * @as(i64, field_size[j - (i - 32)]); carry = (xj + 128) >> 8; limbs[j] = xj - carry * 256; } @@ -48,13 +45,13 @@ const ScalarExpanded = struct { carry = 0; comptime var j: usize = 0; inline while (j < 32) : (j += 1) { - const xi = limbs[j] + carry - (limbs[31] >> 4) * @intCast(i64, L[j]); + const xi = limbs[j] + carry - (limbs[31] >> 4) * @as(i64, field_size[j]); carry = xi >> 8; limbs[j] = xi & 255; } j = 0; inline while (j < 32) : (j += 1) { - limbs[j] -= carry * @intCast(i64, L[j]); + limbs[j] -= carry * @as(i64, field_size[j]); } j = 0; inline while (j < 32) : (j += 1) { @@ -116,15 +113,14 @@ const ScalarExpanded = struct { /// Reject a scalar whose encoding is not canonical. pub fn rejectNonCanonical(s: [32]u8) !void { - const L = fieldSize(); var c: u8 = 0; var n: u8 = 1; var i: usize = 31; while (true) { - const xs = @intCast(u16, s[i]); - const xL = @intCast(u16, L[i]); - c |= @intCast(u8, ((xs -% xL) >> 8) & n); - n &= @intCast(u8, ((xs ^ xL) -% 1) >> 8); + const xs = @as(u16, s[i]); + const xfield_size = @as(u16, field_size[i]); + c |= @intCast(u8, ((xs -% xfield_size) >> 8) & n); + n &= @intCast(u8, ((xs ^ xfield_size) -% 1) >> 8); if (i == 0) break; i -= 1; } @@ -161,12 +157,10 @@ test "scalar25519" { var y = x.toBytes(); try rejectNonCanonical(y); var buf: [128]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{y}), "1E979B917937F3DE71D18077F961F6CEFF01030405060708010203040506070F"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{y}), "1E979B917937F3DE71D18077F961F6CEFF01030405060708010203040506070F"); - const field_size = fieldSize(); const reduced = reduce(field_size); - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{reduced}), "0000000000000000000000000000000000000000000000000000000000000000"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{reduced}), "0000000000000000000000000000000000000000000000000000000000000000"); } test "non-canonical scalar25519" { @@ -174,12 +168,11 @@ test "non-canonical scalar25519" { std.testing.expectError(error.NonCanonical, rejectNonCanonical(too_targe)); } -test "scalar25519 mulAdd overflow check" { +test "mulAdd overflow check" { const a: [32]u8 = [_]u8{0xff} ** 32; const b: [32]u8 = [_]u8{0xff} ** 32; const c: [32]u8 = [_]u8{0xff} ** 32; const x = mulAdd(a, b, c); var buf: [128]u8 = undefined; - const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator; - std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{x}), "D14DF91389432C25AD60FF9791B9FD1D67BEF517D273ECCE3D9A307C1B419903"); + std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{x}), "D14DF91389432C25AD60FF9791B9FD1D67BEF517D273ECCE3D9A307C1B419903"); } diff --git a/lib/std/crypto/25519/x25519.zig b/lib/std/crypto/25519/x25519.zig index 55c860d13e..ac88d40952 100644 --- a/lib/std/crypto/25519/x25519.zig +++ b/lib/std/crypto/25519/x25519.zig @@ -56,32 +56,32 @@ test "x25519 public key calculation from secret key" { } test "x25519 rfc7748 vector1" { - const secret_key = "\xa5\x46\xe3\x6b\xf0\x52\x7c\x9d\x3b\x16\x15\x4b\x82\x46\x5e\xdd\x62\x14\x4c\x0a\xc1\xfc\x5a\x18\x50\x6a\x22\x44\xba\x44\x9a\xc4"; - const public_key = "\xe6\xdb\x68\x67\x58\x30\x30\xdb\x35\x94\xc1\xa4\x24\xb1\x5f\x7c\x72\x66\x24\xec\x26\xb3\x35\x3b\x10\xa9\x03\xa6\xd0\xab\x1c\x4c"; + const secret_key = [32]u8{ 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd, 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18, 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4 }; + const public_key = [32]u8{ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb, 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c, 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b, 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c }; - const expected_output = "\xc3\xda\x55\x37\x9d\xe9\xc6\x90\x8e\x94\xea\x4d\xf2\x8d\x08\x4f\x32\xec\xcf\x03\x49\x1c\x71\xf7\x54\xb4\x07\x55\x77\xa2\x85\x52"; + const expected_output = [32]u8{ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90, 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 }; var output: [32]u8 = undefined; - std.testing.expect(X25519.create(output[0..], secret_key, public_key)); - std.testing.expect(std.mem.eql(u8, &output, expected_output)); + std.testing.expect(X25519.create(output[0..], secret_key[0..], public_key[0..])); + std.testing.expect(std.mem.eql(u8, &output, expected_output[0..])); } test "x25519 rfc7748 vector2" { - const secret_key = "\x4b\x66\xe9\xd4\xd1\xb4\x67\x3c\x5a\xd2\x26\x91\x95\x7d\x6a\xf5\xc1\x1b\x64\x21\xe0\xea\x01\xd4\x2c\xa4\x16\x9e\x79\x18\xba\x0d"; - const public_key = "\xe5\x21\x0f\x12\x78\x68\x11\xd3\xf4\xb7\x95\x9d\x05\x38\xae\x2c\x31\xdb\xe7\x10\x6f\xc0\x3c\x3e\xfc\x4c\xd5\x49\xc7\x15\xa4\x93"; + const secret_key = [32]u8{ 0x4b, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c, 0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5, 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4, 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x0d }; + const public_key = [32]u8{ 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3, 0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c, 0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e, 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x93 }; - const expected_output = "\x95\xcb\xde\x94\x76\xe8\x90\x7d\x7a\xad\xe4\x5c\xb4\xb8\x73\xf8\x8b\x59\x5a\x68\x79\x9f\xa1\x52\xe6\xf8\xf7\x64\x7a\xac\x79\x57"; + const expected_output = [32]u8{ 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d, 0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57 }; var output: [32]u8 = undefined; - std.testing.expect(X25519.create(output[0..], secret_key, public_key)); - std.testing.expect(std.mem.eql(u8, &output, expected_output)); + std.testing.expect(X25519.create(output[0..], secret_key[0..], public_key[0..])); + std.testing.expect(std.mem.eql(u8, &output, expected_output[0..])); } test "x25519 rfc7748 one iteration" { - const initial_value = "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".*; - const expected_output = "\x42\x2c\x8e\x7a\x62\x27\xd7\xbc\xa1\x35\x0b\x3e\x2b\xb7\x27\x9f\x78\x97\xb8\x7b\xb6\x85\x4b\x78\x3c\x60\xe8\x03\x11\xae\x30\x79"; + const initial_value = [32]u8{ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + const expected_output = [32]u8{ 0x42, 0x2c, 0x8e, 0x7a, 0x62, 0x27, 0xd7, 0xbc, 0xa1, 0x35, 0x0b, 0x3e, 0x2b, 0xb7, 0x27, 0x9f, 0x78, 0x97, 0xb8, 0x7b, 0xb6, 0x85, 0x4b, 0x78, 0x3c, 0x60, 0xe8, 0x03, 0x11, 0xae, 0x30, 0x79 }; var k: [32]u8 = initial_value; var u: [32]u8 = initial_value; @@ -95,7 +95,7 @@ test "x25519 rfc7748 one iteration" { std.mem.copy(u8, k[0..], output[0..]); } - std.testing.expect(std.mem.eql(u8, k[0..], expected_output)); + std.testing.expect(std.mem.eql(u8, k[0..], expected_output[0..])); } test "x25519 rfc7748 1,000 iterations" { @@ -104,8 +104,8 @@ test "x25519 rfc7748 1,000 iterations" { return error.SkipZigTest; } - const initial_value = "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; - const expected_output = "\x68\x4c\xf5\x9b\xa8\x33\x09\x55\x28\x00\xef\x56\x6f\x2f\x4d\x3c\x1c\x38\x87\xc4\x93\x60\xe3\x87\x5f\x2e\xb9\x4d\x99\x53\x2c\x51"; + const initial_value = [32]u8{ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + const expected_output = [32]u8{ 0x68, 0x4c, 0xf5, 0x9b, 0xa8, 0x33, 0x09, 0x55, 0x28, 0x00, 0xef, 0x56, 0x6f, 0x2f, 0x4d, 0x3c, 0x1c, 0x38, 0x87, 0xc4, 0x93, 0x60, 0xe3, 0x87, 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51 }; var k: [32]u8 = initial_value.*; var u: [32]u8 = initial_value.*; @@ -127,8 +127,8 @@ test "x25519 rfc7748 1,000,000 iterations" { return error.SkipZigTest; } - const initial_value = "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; - const expected_output = "\x7c\x39\x11\xe0\xab\x25\x86\xfd\x86\x44\x97\x29\x7e\x57\x5e\x6f\x3b\xc6\x01\xc0\x88\x3c\x30\xdf\x5f\x4d\xd2\xd2\x4f\x66\x54\x24"; + const initial_value = [32]u8{ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + const expected_output = [32]u8{ 0x7c, 0x39, 0x11, 0xe0, 0xab, 0x25, 0x86, 0xfd, 0x86, 0x44, 0x97, 0x29, 0x7e, 0x57, 0x5e, 0x6f, 0x3b, 0xc6, 0x01, 0xc0, 0x88, 0x3c, 0x30, 0xdf, 0x5f, 0x4d, 0xd2, 0xd2, 0x4f, 0x66, 0x54, 0x24 }; var k: [32]u8 = initial_value.*; var u: [32]u8 = initial_value.*; |