Skip to content

Commit

Permalink
Update blockmode
Browse files Browse the repository at this point in the history
  • Loading branch information
@RyuaNerin
RyuaNerin committed Jun 13, 2024
1 parent d8eb5d7 commit 3214161
Show file tree
Hide file tree
Showing 24 changed files with 755 additions and 423 deletions.
80 changes: 40 additions & 40 deletions drbg/drbg_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,52 +18,52 @@ var rnd = bufio.NewReaderSize(rand.Reader, 1<<10)
const benchDstLength = 256

func BenchmarkCTRDRBG(b *testing.B) {
b.Run("LEA-128/DF=0/PR=0/PS=0/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 0, 0))
b.Run("LEA-128/DF=0/PR=0/PS=0/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 0, 1))
b.Run("LEA-128/DF=0/PR=0/PS=1/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 1, 0))
b.Run("LEA-128/DF=0/PR=0/PS=1/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 1, 1))
b.Run("LEA-128/DF=0/PR=1/PS=0/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 0, 0))
b.Run("LEA-128/DF=0/PR=1/PS=0/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 0, 1))
b.Run("LEA-128/DF=0/PR=1/PS=1/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 1, 0))
b.Run("LEA-128/DF=0/PR=1/PS=1/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 1, 1))
b.Run("LEA-128/DF=1/PR=0/PS=0/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 0, 0))
b.Run("LEA-128/DF=1/PR=0/PS=0/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 0, 1))
b.Run("LEA-128/DF=1/PR=0/PS=1/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 1, 0))
b.Run("LEA-128/DF=1/PR=0/PS=1/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 1, 1))
b.Run("LEA-128/DF=1/PR=1/PS=0/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 0, 0))
b.Run("LEA-128/DF=1/PR=1/PS=0/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 0, 1))
b.Run("LEA-128/DF=1/PR=1/PS=1/AI=0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 1, 0))
b.Run("LEA-128/DF=1/PR=1/PS=1/AI=1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 1, 1))
b.Run("LEA-128_DF0_PR0_PS0_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 0, 0))
b.Run("LEA-128_DF0_PR0_PS0_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 0, 1))
b.Run("LEA-128_DF0_PR0_PS1_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 1, 0))
b.Run("LEA-128_DF0_PR0_PS1_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 0, 1, 1))
b.Run("LEA-128_DF0_PR1_PS0_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 0, 0))
b.Run("LEA-128_DF0_PR1_PS0_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 0, 1))
b.Run("LEA-128_DF0_PR1_PS1_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 1, 0))
b.Run("LEA-128_DF0_PR1_PS1_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 0, 1, 1, 1))
b.Run("LEA-128_DF1_PR0_PS0_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 0, 0))
b.Run("LEA-128_DF1_PR0_PS0_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 0, 1))
b.Run("LEA-128_DF1_PR0_PS1_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 1, 0))
b.Run("LEA-128_DF1_PR0_PS1_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 0, 1, 1))
b.Run("LEA-128_DF1_PR1_PS0_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 0, 0))
b.Run("LEA-128_DF1_PR1_PS0_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 0, 1))
b.Run("LEA-128_DF1_PR1_PS1_AI0", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 1, 0))
b.Run("LEA-128_DF1_PR1_PS1_AI1", benchCTRDRBG(lea.NewCipher, 128/8, 1, 1, 1, 1))
}

func BenchmarkHashDRBG(b *testing.B) {
b.Run("SHA-256/PR=0/RI=1/PS=1/AI=1", benchHashDRBG(sha256.New, 0, 1, 1, 1))
b.Run("SHA-256/PR=0/RI=1/PS=0/AI=1", benchHashDRBG(sha256.New, 0, 1, 0, 1))
b.Run("SHA-256/PR=0/RI=1/PS=1/AI=0", benchHashDRBG(sha256.New, 0, 1, 1, 0))
b.Run("SHA-256/PR=0/RI=1/PS=0/AI=0", benchHashDRBG(sha256.New, 0, 1, 0, 0))
b.Run("SHA-256/PR=0/RI=2/PS=1/AI=1", benchHashDRBG(sha256.New, 0, 2, 1, 1))
b.Run("SHA-256/PR=0/RI=2/PS=0/AI=1", benchHashDRBG(sha256.New, 0, 2, 0, 1))
b.Run("SHA-256/PR=0/RI=2/PS=1/AI=0", benchHashDRBG(sha256.New, 0, 2, 1, 0))
b.Run("SHA-256/PR=0/RI=2/PS=0/AI=0", benchHashDRBG(sha256.New, 0, 2, 0, 0))
b.Run("SHA-256/PR=1/RI=0/PS=1/AI=1", benchHashDRBG(sha256.New, 1, 0, 1, 1))
b.Run("SHA-256/PR=1/RI=0/PS=0/AI=1", benchHashDRBG(sha256.New, 1, 0, 0, 1))
b.Run("SHA-256/PR=1/RI=0/PS=1/AI=0", benchHashDRBG(sha256.New, 1, 0, 1, 0))
b.Run("SHA-256/PR=1/RI=0/PS=0/AI=0", benchHashDRBG(sha256.New, 1, 0, 0, 0))
b.Run("SHA-256_PR0_RI1_PS1_AI1", benchHashDRBG(sha256.New, 0, 1, 1, 1))
b.Run("SHA-256_PR0_RI1_PS0_AI1", benchHashDRBG(sha256.New, 0, 1, 0, 1))
b.Run("SHA-256_PR0_RI1_PS1_AI0", benchHashDRBG(sha256.New, 0, 1, 1, 0))
b.Run("SHA-256_PR0_RI1_PS0_AI0", benchHashDRBG(sha256.New, 0, 1, 0, 0))
b.Run("SHA-256_PR0_RI2_PS1_AI1", benchHashDRBG(sha256.New, 0, 2, 1, 1))
b.Run("SHA-256_PR0_RI2_PS0_AI1", benchHashDRBG(sha256.New, 0, 2, 0, 1))
b.Run("SHA-256_PR0_RI2_PS1_AI0", benchHashDRBG(sha256.New, 0, 2, 1, 0))
b.Run("SHA-256_PR0_RI2_PS0_AI0", benchHashDRBG(sha256.New, 0, 2, 0, 0))
b.Run("SHA-256_PR1_RI0_PS1_AI1", benchHashDRBG(sha256.New, 1, 0, 1, 1))
b.Run("SHA-256_PR1_RI0_PS0_AI1", benchHashDRBG(sha256.New, 1, 0, 0, 1))
b.Run("SHA-256_PR1_RI0_PS1_AI0", benchHashDRBG(sha256.New, 1, 0, 1, 0))
b.Run("SHA-256_PR1_RI0_PS0_AI0", benchHashDRBG(sha256.New, 1, 0, 0, 0))
}

func BenchmarkHMACDRBG(b *testing.B) {
b.Run("SHA-256/PR=0/RI=1/PS=1/AI=1", benchHmacDRBG(sha256.New, 0, 1, 1, 1))
b.Run("SHA-256/PR=0/RI=1/PS=0/AI=1", benchHmacDRBG(sha256.New, 0, 1, 0, 1))
b.Run("SHA-256/PR=0/RI=1/PS=1/AI=0", benchHmacDRBG(sha256.New, 0, 1, 1, 0))
b.Run("SHA-256/PR=0/RI=1/PS=0/AI=0", benchHmacDRBG(sha256.New, 0, 1, 0, 0))
b.Run("SHA-256/PR=0/RI=2/PS=1/AI=1", benchHmacDRBG(sha256.New, 0, 2, 1, 1))
b.Run("SHA-256/PR=0/RI=2/PS=0/AI=1", benchHmacDRBG(sha256.New, 0, 2, 0, 1))
b.Run("SHA-256/PR=0/RI=2/PS=1/AI=0", benchHmacDRBG(sha256.New, 0, 2, 1, 0))
b.Run("SHA-256/PR=0/RI=2/PS=0/AI=0", benchHmacDRBG(sha256.New, 0, 2, 0, 0))
b.Run("SHA-256/PR=1/RI=0/PS=1/AI=1", benchHmacDRBG(sha256.New, 1, 0, 1, 1))
b.Run("SHA-256/PR=1/RI=0/PS=0/AI=1", benchHmacDRBG(sha256.New, 1, 0, 0, 1))
b.Run("SHA-256/PR=1/RI=0/PS=1/AI=0", benchHmacDRBG(sha256.New, 1, 0, 1, 0))
b.Run("SHA-256/PR=1/RI=0/PS=0/AI=0", benchHmacDRBG(sha256.New, 1, 0, 0, 0))
b.Run("SHA-256_PR0_RI1_PS1_AI1", benchHmacDRBG(sha256.New, 0, 1, 1, 1))
b.Run("SHA-256_PR0_RI1_PS0_AI1", benchHmacDRBG(sha256.New, 0, 1, 0, 1))
b.Run("SHA-256_PR0_RI1_PS1_AI0", benchHmacDRBG(sha256.New, 0, 1, 1, 0))
b.Run("SHA-256_PR0_RI1_PS0_AI0", benchHmacDRBG(sha256.New, 0, 1, 0, 0))
b.Run("SHA-256_PR0_RI2_PS1_AI1", benchHmacDRBG(sha256.New, 0, 2, 1, 1))
b.Run("SHA-256_PR0_RI2_PS0_AI1", benchHmacDRBG(sha256.New, 0, 2, 0, 1))
b.Run("SHA-256_PR0_RI2_PS1_AI0", benchHmacDRBG(sha256.New, 0, 2, 1, 0))
b.Run("SHA-256_PR0_RI2_PS0_AI0", benchHmacDRBG(sha256.New, 0, 2, 0, 0))
b.Run("SHA-256_PR1_RI0_PS1_AI1", benchHmacDRBG(sha256.New, 1, 0, 1, 1))
b.Run("SHA-256_PR1_RI0_PS0_AI1", benchHmacDRBG(sha256.New, 1, 0, 0, 1))
b.Run("SHA-256_PR1_RI0_PS1_AI0", benchHmacDRBG(sha256.New, 1, 0, 1, 0))
b.Run("SHA-256_PR1_RI0_PS0_AI0", benchHmacDRBG(sha256.New, 1, 0, 0, 0))
}

func benchCTRDRBG(
Expand Down
34 changes: 17 additions & 17 deletions gmac/gmac.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,18 @@ import (
"hash"

"github.com/RyuaNerin/go-krypto/internal"
igcm "github.com/RyuaNerin/go-krypto/internal/gcm"
ikipher "github.com/RyuaNerin/go-krypto/internal/kipher"
"github.com/RyuaNerin/go-krypto/internal/memory"
"github.com/RyuaNerin/go-krypto/internal/subtle"
)

var defaultIV [igcm.GCMStandardNonceSize]byte
var defaultIV [ikipher.GCMStandardNonceSize]byte

// new MAC using GMAC by only passing additional data(aad data).
func NewGMAC(b cipher.Block, iv []byte) (hash.Hash, error) {
kb := internal.WrapBlock(b)
kb := ikipher.WrapKipher(b)

if kb.BlockSize() != igcm.GCMBlockSize {
if kb.BlockSize() != ikipher.GCMBlockSize {
return nil, errors.New(msgRequired128BitBlockCipher)
}

Expand All @@ -30,36 +30,36 @@ func NewGMAC(b cipher.Block, iv []byte) (hash.Hash, error) {
}

g := &ghash{}
igcm.Init(&g.gcm, kb)
ikipher.Init(&g.gcm, kb)

var counter [igcm.GCMBlockSize]byte
var counter [ikipher.GCMBlockSize]byte
g.gcm.DeriveCounter(&counter, iv)
g.gcm.Cipher.Encrypt(g.tagMask[:], counter[:])

return g, nil
}

type ghash struct {
gcm igcm.GCM
gcm ikipher.GCM

tagMask [igcm.GCMBlockSize]byte
tagMask [ikipher.GCMBlockSize]byte

y igcm.GCMFieldElement
remains [igcm.GCMBlockSize]byte
y ikipher.GCMFieldElement
remains [ikipher.GCMBlockSize]byte
remainIdx int
written int
}

func (g ghash) Size() int {
return igcm.GCMBlockSize
return ikipher.GCMBlockSize
}

func (g ghash) BlockSize() int {
return igcm.GCMBlockSize
return ikipher.GCMBlockSize
}

func (g *ghash) Reset() {
g.y = igcm.GCMFieldElement{}
g.y = ikipher.GCMFieldElement{}
g.remainIdx = 0
g.written = 0
}
Expand All @@ -70,7 +70,7 @@ func (g *ghash) Write(b []byte) (n int, err error) {
g.written += n
g.remainIdx += n

if g.remainIdx < igcm.GCMBlockSize {
if g.remainIdx < ikipher.GCMBlockSize {
return n, nil
}
b = b[n:]
Expand All @@ -79,7 +79,7 @@ func (g *ghash) Write(b []byte) (n int, err error) {
g.remainIdx = 0
}

fullBlocks := (len(b) / igcm.GCMBlockSize) * igcm.GCMBlockSize
fullBlocks := (len(b) / ikipher.GCMBlockSize) * ikipher.GCMBlockSize
g.gcm.UpdateBlocks(&g.y, b[:fullBlocks])
n += fullBlocks
g.written += fullBlocks
Expand All @@ -98,7 +98,7 @@ func (g *ghash) Sum(b []byte) []byte {

written := g.written + g.remainIdx

var block [igcm.GCMBlockSize]byte
var block [ikipher.GCMBlockSize]byte

if g.remainIdx > 0 {
n := copy(block[:], g.remains[:g.remainIdx])
Expand All @@ -110,7 +110,7 @@ func (g *ghash) Sum(b []byte) []byte {
yy.Low ^= uint64(written) * 8
g.gcm.Mul(&yy)

ret, out := internal.SliceForAppend(b, len(b)+igcm.GCMBlockSize)
ret, out := internal.SliceForAppend(b, len(b)+ikipher.GCMBlockSize)
binary.BigEndian.PutUint64(out, yy.Low)
binary.BigEndian.PutUint64(out[8:], yy.High)

Expand Down
10 changes: 5 additions & 5 deletions has160/encoding.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,11 @@ func (ctx *has160Context) UnmarshalBinary(b []byte) error {
}

b = b[len(magic):]
b, ctx.H[0] = internal.ConsumeUint32(b)
b, ctx.H[1] = internal.ConsumeUint32(b)
b, ctx.H[2] = internal.ConsumeUint32(b)
b, ctx.H[3] = internal.ConsumeUint32(b)
b, ctx.H[4] = internal.ConsumeUint32(b)
b, ctx.H[0] = internal.ConsumeBigU32(b)
b, ctx.H[1] = internal.ConsumeBigU32(b)
b, ctx.H[2] = internal.ConsumeBigU32(b)
b, ctx.H[3] = internal.ConsumeBigU32(b)
b, ctx.H[4] = internal.ConsumeBigU32(b)
b = b[copy(ctx.block[:], b[:BlockSize]):]
ctx.boff = int(b[0])
ctx.length = int(binary.BigEndian.Uint64(b[1:]))
Expand Down
41 changes: 38 additions & 3 deletions internal/binary.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,49 @@ package internal

import "encoding/binary"

func ConsumeUint16(b []byte) ([]byte, uint16) {
func AppendBigUint8(b []byte, v byte) []byte {
return append(b,
v,
)
}

func AppendBigUint16(b []byte, v uint16) []byte {
return append(b,
byte(v>>8),
byte(v),
)
}

func AppendBigUint32(b []byte, v uint32) []byte {
return append(b,
byte(v>>24),
byte(v>>16),
byte(v>>8),
byte(v),
)
}

func AppendBigUint64(b []byte, v uint64) []byte {
return append(b,
byte(v>>56),
byte(v>>48),
byte(v>>40),
byte(v>>32),
byte(v>>24),
byte(v>>16),
byte(v>>8),
byte(v),
)
}

func ConsumeBigU16(b []byte) ([]byte, uint16) {
return b[2:], binary.BigEndian.Uint16(b)
}

func ConsumeUint32(b []byte) ([]byte, uint32) {
func ConsumeBigU32(b []byte) ([]byte, uint32) {
return b[4:], binary.BigEndian.Uint32(b)
}

func ConsumeUint64(b []byte) ([]byte, uint64) {
func ConsumeBigU64(b []byte) ([]byte, uint64) {
return b[8:], binary.BigEndian.Uint64(b)
}
25 changes: 19 additions & 6 deletions internal/bytes.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package internal

import (
"encoding/binary"
"io"

"github.com/RyuaNerin/go-krypto/internal/memory"
Expand Down Expand Up @@ -104,12 +105,24 @@ func Add(dst []byte, src ...[]byte) {
}

func IncCtr(b []byte) {
for i := len(b) - 1; i >= 0; i-- {
c := b[i]
c++
b[i] = c
if c > 0 {
return
switch len(b) {
case 1:
b[0]++
case 2:
v := binary.BigEndian.Uint16(b)
binary.BigEndian.PutUint16(b, v+1)
case 4:
v := binary.BigEndian.Uint32(b)
binary.BigEndian.PutUint32(b, v+1)
case 8:
v := binary.BigEndian.Uint64(b)
binary.BigEndian.PutUint64(b, v+1)
default:
for i := len(b) - 1; i >= 0; i-- {
b[i]++
if b[i] > 0 {
return
}
}
}
}
Expand Down
57 changes: 57 additions & 0 deletions internal/bytes_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
package internal

import (
"bytes"
crand "crypto/rand"
"encoding/binary"
"math/rand"
"strconv"
"testing"
)

Expand Down Expand Up @@ -31,6 +33,43 @@ func TestAdd(t *testing.T) {
}
}

func TestIncCtr(t *testing.T) {
const maxLen = 16

test := func(l int) func(t *testing.T) {
return func(t *testing.T) {
expect := make([]byte, maxLen)
answer := make([]byte, maxLen)

for i := 0; i < 1000; i++ {
crand.Read(expect)
copy(answer, expect)
high := binary.BigEndian.Uint64(expect[0:])
low := binary.BigEndian.Uint64(expect[8:])

for i := 0; i < 1000; i++ {
low++
if low == 0 {
high++
}
binary.BigEndian.PutUint64(expect[0:], high)
binary.BigEndian.PutUint64(expect[8:], low)

IncCtr(answer[maxLen-l:])
if !bytes.Equal(expect[maxLen-l:], answer[maxLen-l:]) {
t.Errorf("test failed\nvalue: %16x %16x\nexpect: %x\nanswer: %x", high, low, expect[maxLen-l:], answer[maxLen-l:])
return
}
}
}
}
}

for i := 1; i <= maxLen; i++ {
t.Run(strconv.Itoa(i), test(i))
}
}

func BenchmarkAdd(b *testing.B) {
var dst [8]byte
var xb, yb [8]byte
Expand All @@ -44,3 +83,21 @@ func BenchmarkAdd(b *testing.B) {
Add(dst[:], xb[:], yb[:])
}
}

func BenchmarkIncCtr(b *testing.B) {
bench := func(size int) func(b *testing.B) {
return func(b *testing.B) {
ctr := make([]byte, size)
crand.Read(ctr)

b.ResetTimer()
for i := 0; i < b.N; i++ {
IncCtr(ctr)
}
}
}

for i := 1; i <= 10; i++ {
b.Run(strconv.Itoa(i), bench(i))
}
}
3 changes: 2 additions & 1 deletion internal/drbg/hmacdrbg/hmacdrbg.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,9 +280,10 @@ func (state *State) Generate(

// 37: temp ← Null
// 38: While (len(temp) < requested_no_of_bits ) do
h := hmac.New(state.New, state.Key)
for len(dst) > 0 {
// 39: V ← HMAC(Key, V )
h := hmac.New(state.New, state.Key)
h.Reset()
h.Write(state.V)
copy(state.V, h.Sum(state.sum[:0]))

Expand Down
Loading

0 comments on commit 3214161

Please sign in to comment.