Skip to content

Commit b50cdcf

Browse files
jedisct1jedisct1
committed
128X and 256X: sync with the current draft (editor's copy)
1 parent 5b6fd28 commit b50cdcf

File tree

5 files changed

+50
-22
lines changed

5 files changed

+50
-22
lines changed

src/aegis128x2/aegis128x2_common.h

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,11 @@ aegis128x2_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const sta
3232
n = AES_BLOCK_LOAD(tmp);
3333

3434
memset(context_bytes, 0, sizeof context_bytes);
35-
context_bytes[1 * 16] = 0x01;
36-
context = AES_BLOCK_LOAD(context_bytes);
35+
context_bytes[0 * 16] = 0x00;
36+
context_bytes[0 * 16 + 1] = 0x01;
37+
context_bytes[1 * 16] = 0x01;
38+
context_bytes[1 * 16 + 1] = 0x01;
39+
context = AES_BLOCK_LOAD(context_bytes);
3740

3841
state[0] = AES_BLOCK_XOR(k, n);
3942
state[1] = c1;

src/aegis128x4/aegis128x4_common.h

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,15 @@ aegis128x4_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const sta
4040
n = AES_BLOCK_LOAD(tmp);
4141

4242
memset(context_bytes, 0, sizeof context_bytes);
43-
context_bytes[1 * 16] = 0x01;
44-
context_bytes[2 * 16] = 0x02;
45-
context_bytes[3 * 16] = 0x03;
46-
context = AES_BLOCK_LOAD(context_bytes);
43+
context_bytes[0 * 16] = 0x00;
44+
context_bytes[0 * 16 + 1] = 0x03;
45+
context_bytes[1 * 16] = 0x01;
46+
context_bytes[1 * 16 + 1] = 0x03;
47+
context_bytes[2 * 16] = 0x02;
48+
context_bytes[2 * 16 + 1] = 0x03;
49+
context_bytes[3 * 16] = 0x03;
50+
context_bytes[3 * 16 + 1] = 0x03;
51+
context = AES_BLOCK_LOAD(context_bytes);
4752

4853
state[0] = AES_BLOCK_XOR(k, n);
4954
state[1] = c1;

src/aegis256x2/aegis256x2_common.h

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,11 @@ aegis256x2_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const sta
4242
k1_n1 = AES_BLOCK_XOR(k1, n1);
4343

4444
memset(context_bytes, 0, sizeof context_bytes);
45-
context_bytes[1 * 16] = 0x01;
46-
context = AES_BLOCK_LOAD(context_bytes);
45+
context_bytes[0 * 16] = 0x00;
46+
context_bytes[0 * 16 + 1] = 0x01;
47+
context_bytes[1 * 16] = 0x01;
48+
context_bytes[1 * 16 + 1] = 0x01;
49+
context = AES_BLOCK_LOAD(context_bytes);
4750

4851
state[0] = k0_n0;
4952
state[1] = k1_n1;

src/aegis256x4/aegis256x4_common.h

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,15 @@ aegis256x4_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const sta
5454
k1_n1 = AES_BLOCK_XOR(k1, n1);
5555

5656
memset(context_bytes, 0, sizeof context_bytes);
57-
context_bytes[1 * 16] = 0x01;
58-
context_bytes[2 * 16] = 0x02;
59-
context_bytes[3 * 16] = 0x03;
60-
context = AES_BLOCK_LOAD(context_bytes);
57+
context_bytes[0 * 16] = 0x00;
58+
context_bytes[0 * 16 + 1] = 0x03;
59+
context_bytes[1 * 16] = 0x01;
60+
context_bytes[1 * 16 + 1] = 0x03;
61+
context_bytes[2 * 16] = 0x02;
62+
context_bytes[2 * 16 + 1] = 0x03;
63+
context_bytes[3 * 16] = 0x03;
64+
context_bytes[3 * 16 + 1] = 0x03;
65+
context = AES_BLOCK_LOAD(context_bytes);
6166

6267
state[0] = k0_n0;
6368
state[1] = k1_n1;

src/test/main.zig

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -416,13 +416,16 @@ test "aegis-128x2 - test vector" {
416416
const msg = [_]u8{ 4, 5, 6, 7 } ** 30;
417417
var c = [_]u8{0} ** msg.len;
418418
var mac = [_]u8{0} ** 16;
419+
var mac256 = [_]u8{0} ** 32;
419420
var ret = aegis.aegis128x2_encrypt_detached(&c, &mac, mac.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
420421
try testing.expectEqual(ret, 0);
422+
ret = aegis.aegis128x2_encrypt_detached(&c, &mac256, mac256.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
423+
try testing.expectEqual(ret, 0);
421424

422-
const expected_ciphertext_hex = "9958ad79ff1feea50a27d5dd88728d157a4ce0cd996b9fffb4fde113ef646de4aa67278fb1ebcb6571526b309d708447c818ffc3d84c9c73b0cca3040bb85b81d366311956f4cb1a66b02b25b58a7f759797169b0e398c4db16c9a577d4de1805d646b823fa095ec34feefb58768efc06d9516c55b653f91";
425+
const expected_ciphertext_hex = "5795544301997f93621b278809d6331b3bfa6f18e90db12c4aa35965b5e98c5fc6fb4e54bcb6111842c20637252eff747cb3a8f85b37de80919a589fe0f24872bc926360696739e05520647e390989e1eb5fd42f99678a0276a498f8c454761c9d6aacb647ad56be62b29c22cd4b5761b38f43d5a5ee062f";
423426
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(c, .lower), expected_ciphertext_hex);
424427

425-
const expected_tag_hex = "179247ab85ea2c4f9f712cac8bb7c9d3";
428+
const expected_tag_hex = "1aebc200804f405cab637f2adebb6d77";
426429
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(mac, .lower), expected_tag_hex);
427430

428431
var msg2 = [_]u8{0} ** msg.len;
@@ -512,13 +515,16 @@ test "aegis-128x4 - test vector" {
512515
const msg = [_]u8{ 4, 5, 6, 7 } ** 30;
513516
var c = [_]u8{0} ** msg.len;
514517
var mac = [_]u8{0} ** 16;
518+
var mac256 = [_]u8{0} ** 32;
515519
var ret = aegis.aegis128x4_encrypt_detached(&c, &mac, mac.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
516520
try testing.expectEqual(ret, 0);
521+
ret = aegis.aegis128x4_encrypt_detached(&c, &mac256, mac256.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
522+
try testing.expectEqual(ret, 0);
517523

518-
const expected_ciphertext_hex = "9958ad79ff1feea50a27d5dd88728d157a4ce0cd996b9fffb4fde113ef646de46e4c5230174a6268f89f01d557879360a9068d7cb825bb0e8a97ea2e82059f69aa67278fb1ebcb6571526b309d708447c818ffc3d84c9c73b0cca3040bb85b8193fc9a4499e384ae87bfeaa46f514b6330c147c3ddbb6e94";
524+
const expected_ciphertext_hex = "e836118562f4479c9d35c17356a833114c21f9aa39e4dda5e5c87f4152a00fce9a7c38f832eafe8b1c12f8a7cf12a81a1ad8a9c24ba9dedfbdaa586ffea67ddc801ea97d9ab4a872f42d0e352e2713dacd609f9442c17517c5a29daf3e2a3fac4ff6b1380c4e46df7b086af6ce6bc1ed594b8dd64aed2a7e";
519525
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(c, .lower), expected_ciphertext_hex);
520526

521-
const expected_tag_hex = "58038e00f6b7e861e2badb160beb71d4";
527+
const expected_tag_hex = "0e56ab94e2e85db80f9d54010caabfb4";
522528
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(mac, .lower), expected_tag_hex);
523529

524530
var msg2 = [_]u8{0} ** msg.len;
@@ -531,16 +537,19 @@ test "aegis-256x2 - test vector" {
531537
const key = [32]u8{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 };
532538
const nonce = [32]u8{ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47 };
533539
const ad = [_]u8{ 1, 2, 3, 4 } ** 2;
534-
const msg = [_]u8{ 5, 6, 7, 8 } ** 3;
540+
const msg = [_]u8{ 5, 6, 7, 8 } ** 30;
535541
var c = [_]u8{0} ** msg.len;
536542
var mac = [_]u8{0} ** 16;
543+
var mac256 = [_]u8{0} ** 32;
537544
var ret = aegis.aegis256x2_encrypt_detached(&c, &mac, mac.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
538545
try testing.expectEqual(ret, 0);
546+
ret = aegis.aegis256x2_encrypt_detached(&c, &mac256, mac256.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
547+
try testing.expectEqual(ret, 0);
539548

540-
const expected_ciphertext_hex = "a0b3f5b6b93db779c9d1b9de";
549+
const expected_ciphertext_hex = "73110d21a920608fd77b580f1e4428087a7365cb153b4eeca6b62e1a70f7f9a8d1f31f17da4c3acfacb2517f2f5e15758c35532e33751a964d18d29a599d2dc07f9378339b9d8c9fa03d30a4d7837cc8eb8b99bcbba2d11cd1a0f994af2b8f947ef18473bd519e5283736758480abc990e79d4ccab93dde9";
541550
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(c, .lower), expected_ciphertext_hex);
542551

543-
const expected_tag_hex = "fd2e93a6eb0b74dc30eb984fbec1d657";
552+
const expected_tag_hex = "94a3bd44ad3381e36335014620ee638e";
544553
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(mac, .lower), expected_tag_hex);
545554

546555
var msg2 = [_]u8{0} ** msg.len;
@@ -553,16 +562,19 @@ test "aegis-256x4 - test vector" {
553562
const key = [32]u8{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 };
554563
const nonce = [32]u8{ 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47 };
555564
const ad = [_]u8{ 1, 2, 3, 4 } ** 2;
556-
const msg = [_]u8{ 5, 6, 7, 8 } ** 3;
565+
const msg = [_]u8{ 5, 6, 7, 8 } ** 30;
557566
var c = [_]u8{0} ** msg.len;
558567
var mac = [_]u8{0} ** 16;
568+
var mac256 = [_]u8{0} ** 32;
559569
var ret = aegis.aegis256x4_encrypt_detached(&c, &mac, mac.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
560570
try testing.expectEqual(ret, 0);
571+
ret = aegis.aegis256x4_encrypt_detached(&c, &mac256, mac256.len, &msg, msg.len, &ad, ad.len, &nonce, &key);
572+
try testing.expectEqual(ret, 0);
561573

562-
const expected_ciphertext_hex = "a0b3f5b6b93db779c9d1b9de";
574+
const expected_ciphertext_hex = "bec109547f8316d598b3b7d947ad4c0ef5b98e217cffa0d858ad49ae34109a95abc5b5fada820c4d6ae2fca0f5e2444e52a04a1edb7bec71408de3e19950052194506be3ba6a4de51a15a577ea0e4c14f7539a13e751a555f48d0f49fecffb220525e60d381e2efa803b09b7164ba59fdc66656affd51e06";
563575
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(c, .lower), expected_ciphertext_hex);
564576

565-
const expected_tag_hex = "2b05e91bb786a64b41064351a375a54f";
577+
const expected_tag_hex = "ec44b512d713f745547be345bcc66b6c";
566578
try testing.expectEqualSlices(u8, &std.fmt.bytesToHex(mac, .lower), expected_tag_hex);
567579

568580
var msg2 = [_]u8{0} ** msg.len;

0 commit comments

Comments
 (0)