Skip to content

Commit

Permalink
Make 128X2 AEGIS-MAC consistent with the proposed spec
Browse files Browse the repository at this point in the history
  • Loading branch information
@jedisct1
jedisct1 committed Dec 7, 2024
1 parent 0ed830d commit 1774bf9
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/aegis128x2/aegis128x2_common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,11 +200,11 @@ aegis128x2_mac_nr(uint8_t *mac, size_t maclen, uint64_t adlen, aes_block_t *stat
tmp = AES_BLOCK_XOR(tmp, AES_BLOCK_XOR(state[3], state[2]));
tmp = AES_BLOCK_XOR(tmp, AES_BLOCK_XOR(state[1], state[0]));
AES_BLOCK_STORE(t, tmp);
for (i = 1; i < d; i++) {
memcpy(r, t + i * 16, 16);
for (i = 0; i < d / 2; i++) {
memcpy(r, t + i * 32, 32);
aegis128x2_absorb(r, state);
}
tmp = AES_BLOCK_LOAD_64x2(maclen, d);
tmp = AES_BLOCK_LOAD_64x2(d, maclen);
for (i = 0; i < 7; i++) {
aegis128x2_update(state, tmp, tmp);
}
Expand All @@ -227,7 +227,7 @@ aegis128x2_mac_nr(uint8_t *mac, size_t maclen, uint64_t adlen, aes_block_t *stat
memcpy(r + 16, t + AES_BLOCK_LENGTH + i * 16, 16);
aegis128x2_absorb(r, state);
}
tmp = AES_BLOCK_LOAD_64x2(maclen, d);
tmp = AES_BLOCK_LOAD_64x2(d, maclen);
for (i = 0; i < 7; i++) {
aegis128x2_update(state, tmp, tmp);
}
Expand Down Expand Up @@ -765,7 +765,7 @@ state_mac_final(aegis128x2_mac_state *st_, uint8_t *mac, size_t maclen)
memset(st->buf + left, 0, RATE - left);
aegis128x2_absorb(st->buf, blocks);
}
aegis128x2_mac_nr(mac, maclen, st->adlen, st->blocks);
aegis128x2_mac_nr(mac, maclen, st->adlen, blocks);

memcpy(st->blocks, blocks, sizeof blocks);

Expand Down
58 changes: 58 additions & 0 deletions src/test/main.zig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -742,6 +742,64 @@ test "aegis128x4 - MAC" {
try testing.expectEqualSlices(u8, &mac, &mac2);
}

test "aegis128l - MAC test vector" {
const key = [_]u8{ 0x10, 0x01 } ++ [_]u8{0x00} ** (16 - 2);
const nonce = [_]u8{ 0x10, 0x00, 0x02 } ++ [_]u8{0x00} ** (16 - 3);
var msg: [35]u8 = undefined;
for (&msg, 0..) |*byte, i| byte.* = @truncate(i);
var mac128: [16]u8 = undefined;
var mac256: [32]u8 = undefined;
var st: aegis.aegis128l_mac_state = undefined;
var ret: c_int = undefined;
aegis.aegis128l_mac_init(&st, &key, &nonce);
ret = aegis.aegis128l_mac_update(&st, &msg, msg.len);
try testing.expectEqual(ret, 0);
ret = aegis.aegis128l_mac_final(&st, &mac128, mac128.len);
try testing.expectEqual(ret, 0);
aegis.aegis128l_mac_reset(&st);
ret = aegis.aegis128l_mac_update(&st, &msg, msg.len);
try testing.expectEqual(ret, 0);
ret = aegis.aegis128l_mac_final(&st, &mac256, mac256.len);
try testing.expectEqual(ret, 0);
const expected128_hex = "3982e98c66fa9232e9190ec57b120725";
const expected256_hex = "a7d01b4636e8d312af8b65b3bb680feb8ffd62aa234584001b1e419b4b40c317";
var expected128: [16]u8 = undefined;
var expected256: [32]u8 = undefined;
_ = try std.fmt.hexToBytes(&expected128, expected128_hex);
_ = try std.fmt.hexToBytes(&expected256, expected256_hex);
try std.testing.expectEqualSlices(u8, &expected128, &mac128);
try std.testing.expectEqualSlices(u8, &expected256, &mac256);
}

test "aegis128x2 - MAC test vector" {
const key = [_]u8{ 0x10, 0x01 } ++ [_]u8{0x00} ** (16 - 2);
const nonce = [_]u8{ 0x10, 0x00, 0x02 } ++ [_]u8{0x00} ** (16 - 3);
var msg: [35]u8 = undefined;
for (&msg, 0..) |*byte, i| byte.* = @truncate(i);
var mac128: [16]u8 = undefined;
var mac256: [32]u8 = undefined;
var st: aegis.aegis128x2_mac_state = undefined;
var ret: c_int = undefined;
aegis.aegis128x2_mac_init(&st, &key, &nonce);
ret = aegis.aegis128x2_mac_update(&st, &msg, msg.len);
try testing.expectEqual(ret, 0);
ret = aegis.aegis128x2_mac_final(&st, &mac128, mac128.len);
try testing.expectEqual(ret, 0);
aegis.aegis128x2_mac_reset(&st);
ret = aegis.aegis128x2_mac_update(&st, &msg, msg.len);
try testing.expectEqual(ret, 0);
ret = aegis.aegis128x2_mac_final(&st, &mac256, mac256.len);
try testing.expectEqual(ret, 0);
const expected128_hex = "30ff53a9e8fe94705b753598b4899ded";
const expected256_hex = "cfcd370c2f182244b512ec5c7e71f54e2b56ae9e8462e845ec02d4f65bc346c0";
var expected128: [16]u8 = undefined;
var expected256: [32]u8 = undefined;
_ = try std.fmt.hexToBytes(&expected128, expected128_hex);
_ = try std.fmt.hexToBytes(&expected256, expected256_hex);
try std.testing.expectEqualSlices(u8, &expected128, &mac128);
try std.testing.expectEqualSlices(u8, &expected256, &mac256);
}

// Wycheproof tests

const JsonTest = struct {
Expand Down

0 comments on commit 1774bf9

Please sign in to comment.