Commit ed558bfbaa
Changed files (7)
lib/std/crypto/25519/curve25519.zig
@@ -21,7 +21,7 @@ pub const Curve25519 = struct {
/// Return the Curve25519 base point.
pub inline fn basePoint() Curve25519 {
- return .{ .x = Fe.curve25519BasePoint() };
+ return .{ .x = Fe.curve25519BasePoint };
}
/// Check that the encoding of a Curve25519 point is canonical.
@@ -38,10 +38,10 @@ pub const Curve25519 = struct {
fn ladder(p: Curve25519, s: [32]u8, comptime bits: usize) !Curve25519 {
var x1 = p.x;
- var x2 = Fe.one();
- var z2 = Fe.zero();
+ var x2 = Fe.one;
+ var z2 = Fe.zero;
var x3 = x1;
- var z3 = Fe.one();
+ var z3 = Fe.one;
var swap: u8 = 0;
var pos: usize = bits - 1;
while (true) {
@@ -76,7 +76,7 @@ pub const Curve25519 = struct {
if (x2.isZero()) {
return error.IdentityElement;
}
- return Curve25519 { .x = x2 };
+ return Curve25519{ .x = x2 };
}
/// Multiply a Curve25519 point by a scalar after "clamping" it.
@@ -88,7 +88,7 @@ pub const Curve25519 = struct {
pub fn clampedMul(p: Curve25519, s: [32]u8) !Curve25519 {
var t: [32]u8 = s;
scalar.clamp(&t);
- return ladder(p, t, 255);
+ return try ladder(p, t, 255);
}
/// Multiply a Curve25519 point by a scalar without clamping it.
@@ -98,7 +98,7 @@ pub const Curve25519 = struct {
pub fn mul(p: Curve25519, s: [32]u8) !Curve25519 {
const cofactor = [_]u8{8} ++ [_]u8{0} ** 31;
_ = ladder(p, cofactor, 4) catch |_| return error.WeakPublicKey;
- return ladder(p, s, 256);
+ return try ladder(p, s, 256);
}
};
@@ -107,10 +107,9 @@ test "curve25519" {
const p = try Curve25519.basePoint().clampedMul(s);
try p.rejectIdentity();
var buf: [128]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{p.toBytes()}), "E6F2A4D1C28EE5C7AD0329268255A468AD407D2672824C0C0EB30EA6EF450145");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{p.toBytes()}), "E6F2A4D1C28EE5C7AD0329268255A468AD407D2672824C0C0EB30EA6EF450145");
const q = try p.clampedMul(s);
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{q.toBytes()}), "3614E119FFE55EC55B87D6B19971A9F4CBC78EFE80BEC55B96392BABCC712537");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{q.toBytes()}), "3614E119FFE55EC55B87D6B19971A9F4CBC78EFE80BEC55B96392BABCC712537");
try Curve25519.rejectNonCanonical(s);
s[31] |= 0x80;
lib/std/crypto/25519/ed25519.zig
@@ -107,11 +107,10 @@ test "ed25519 key pair creation" {
try fmt.hexToBytes(seed[0..], "8052030376d47112be7f73ed7a019293dd12ad910b654455798b4667d73de166");
const key_pair = try Ed25519.createKeyPair(seed);
var buf: [256]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{key_pair}), "8052030376D47112BE7F73ED7A019293DD12AD910B654455798B4667D73DE1662D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{key_pair}), "8052030376D47112BE7F73ED7A019293DD12AD910B654455798B4667D73DE1662D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083");
const public_key = Ed25519.publicKey(key_pair);
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{public_key}), "2D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{public_key}), "2D6F7455D97B4A3A10D7293909D1A4F2058CB9A370E43FA8154BB280DB839083");
}
test "ed25519 signature" {
@@ -121,8 +120,7 @@ test "ed25519 signature" {
const sig = try Ed25519.sign("test", key_pair, null);
var buf: [128]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{sig}), "10A442B4A80CC4225B154F43BEF28D2472CA80221951262EB8E0DF9091575E2687CC486E77263C3418C757522D54F84B0359236ABBBD4ACD20DC297FDCA66808");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{sig}), "10A442B4A80CC4225B154F43BEF28D2472CA80221951262EB8E0DF9091575E2687CC486E77263C3418C757522D54F84B0359236ABBBD4ACD20DC297FDCA66808");
const public_key = Ed25519.publicKey(key_pair);
try Ed25519.verify(sig, "test", public_key);
std.testing.expectError(error.InvalidSignature, Ed25519.verify(sig, "TEST", public_key));
lib/std/crypto/25519/edwards25519.zig
@@ -17,10 +17,10 @@ pub const Edwards25519 = struct {
/// Decode an Edwards25519 point from its compressed (Y+sign) coordinates.
pub fn fromBytes(s: [32]u8) !Edwards25519 {
- const z = Fe.one();
+ const z = Fe.one;
const y = Fe.fromBytes(s);
var u = y.sq();
- var v = u.mul(Fe.edwards25519d());
+ var v = u.mul(Fe.edwards25519d);
u = u.sub(z);
v = v.add(z);
const v3 = v.sq().mul(v);
@@ -31,10 +31,10 @@ pub const Edwards25519 = struct {
if ((@boolToInt(has_m_root) | @boolToInt(has_p_root)) == 0) {
return error.InvalidEncoding;
}
- x.cMov(x.mul(Fe.sqrtm1()), 1 - @boolToInt(has_m_root));
+ x.cMov(x.mul(Fe.sqrtm1), 1 - @boolToInt(has_m_root));
x.cMov(x.neg(), @boolToInt(x.isNegative()) ^ (s[31] >> 7));
const t = x.mul(y);
- return Edwards25519 { .x = x, .y = y, .z = z, .t = t };
+ return Edwards25519{ .x = x, .y = y, .z = z, .t = t };
}
/// Encode an Edwards25519 point.
@@ -55,14 +55,14 @@ pub const Edwards25519 = struct {
return .{
.x = Fe{ .limbs = .{ 3990542415680775, 3398198340507945, 4322667446711068, 2814063955482877, 2839572215813860 } },
.y = Fe{ .limbs = .{ 1801439850948184, 1351079888211148, 450359962737049, 900719925474099, 1801439850948198 } },
- .z = Fe.one(),
+ .z = Fe.one,
.t = Fe{ .limbs = .{ 1841354044333475, 16398895984059, 755974180946558, 900171276175154, 1821297809914039 } },
.is_base = true,
};
}
inline fn identityElement() Edwards25519 {
- return .{ .x = Fe.zero(), .y = Fe.one(), .z = Fe.one(), .t = Fe.zero() };
+ return .{ .x = Fe.zero, .y = Fe.one, .z = Fe.one, .t = Fe.zero };
}
/// Reject the neutral element.
@@ -98,7 +98,7 @@ pub const Edwards25519 = struct {
pub inline fn add(p: Edwards25519, q: Edwards25519) Edwards25519 {
const a = p.y.sub(p.x).mul(q.y.sub(q.x));
const b = p.x.add(p.y).mul(q.x.add(q.y));
- const c = p.t.mul(q.t).mul(Fe.edwards25519d2());
+ const c = p.t.mul(q.t).mul(Fe.edwards25519d2);
var d = p.z.mul(q.z);
d = d.add(d);
const x = b.sub(a);
@@ -124,7 +124,7 @@ pub const Edwards25519 = struct {
var t = Edwards25519.identityElement();
comptime var i: u8 = 0;
inline while (i < 16) : (i += 1) {
- t.cMov(pc[i], ((@intCast(usize, (b ^ i)) -% 1) >> 8) & 1);
+ t.cMov(pc[i], ((@as(usize, (b ^ i)) -% 1) >> 8) & 1);
}
return t;
}
@@ -191,8 +191,7 @@ test "edwards25519 packing/unpacking" {
var b = Edwards25519.basePoint();
const pk = try b.mul(s);
var buf: [128]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{pk.toBytes()}), "074BC7E0FCBD587FDBC0969444245FADC562809C8F6E97E949AF62484B5B81A6");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{pk.toBytes()}), "074BC7E0FCBD587FDBC0969444245FADC562809C8F6E97E949AF62484B5B81A6");
const small_order_ss: [7][32]u8 = .{
.{
lib/std/crypto/25519/field.zig
@@ -7,34 +7,19 @@ pub const Fe = struct {
const MASK51: u64 = 0x7ffffffffffff;
- pub inline fn zero() Fe {
- return .{ .limbs = .{ 0, 0, 0, 0, 0 } };
- }
+ pub const zero = Fe{ .limbs = .{ 0, 0, 0, 0, 0 } };
- pub inline fn one() Fe {
- return .{ .limbs = .{ 1, 0, 0, 0, 0 } };
- }
+ pub const one = Fe{ .limbs = .{ 1, 0, 0, 0, 0 } };
- pub inline fn sqrtm1() Fe {
- return .{ .limbs = .{ 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 } }; // sqrt(-1)
- }
+ pub const sqrtm1 = Fe{ .limbs = .{ 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 } }; // sqrt(-1)
- pub inline fn curve25519BasePoint() Fe {
- return .{ .limbs = .{ 9, 0, 0, 0, 0 } };
- }
+ pub const curve25519BasePoint = Fe{ .limbs = .{ 9, 0, 0, 0, 0 } };
- pub inline fn edwards25519d() Fe {
- return .{ .limbs = .{ 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 } }; // 37095705934669439343138083508754565189542113879843219016388785533085940283555
- }
+ pub const edwards25519d = Fe{ .limbs = .{ 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 } }; // 37095705934669439343138083508754565189542113879843219016388785533085940283555
- pub inline fn edwards25519d2() Fe {
- return .{ .limbs = .{ 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 } }; // 2d
- }
+ pub const edwards25519d2 = Fe{ .limbs = .{ 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 } }; // 2d
- // 1/sqrt(a-d)
- pub inline fn edwards25519sqrtamd() Fe {
- return .{ .limbs = .{ 278908739862762, 821645201101625, 8113234426968, 1777959178193151, 2118520810568447 } };
- }
+ pub const edwards25519sqrtamd = Fe{ .limbs = .{ 278908739862762, 821645201101625, 8113234426968, 1777959178193151, 2118520810568447 } }; // 1/sqrt(a-d)
pub inline fn isZero(fe: Fe) bool {
var reduced = fe;
@@ -77,7 +62,7 @@ pub const Fe = struct {
c |= s[i] ^ 0xff;
}
c = (c -% 1) >> 8;
- const d = (@intCast(u16, 0xed - 1) -% @intCast(u16, s[0])) >> 8;
+ const d = (@as(u16, 0xed - 1) -% @as(u16, s[0])) >> 8;
const x = if (ignore_extra_bit) 0 else s[31] >> 7;
if ((((c & d) | x) & 1) != 0) {
return error.NonCanonical;
@@ -148,7 +133,7 @@ pub const Fe = struct {
}
pub inline fn neg(a: Fe) Fe {
- return zero().sub(a);
+ return zero.sub(a);
}
pub inline fn isNegative(a: Fe) bool {
lib/std/crypto/25519/ristretto255.zig
@@ -18,11 +18,11 @@ pub const Ristretto255 = struct {
const vxx = x.sq().mul(v); // vx^2
const m_root_check = vxx.sub(u); // vx^2-u
const p_root_check = vxx.add(u); // vx^2+u
- const f_root_check = u.mul(Fe.sqrtm1()).add(vxx); // vx^2+u*sqrt(-1)
+ const f_root_check = u.mul(Fe.sqrtm1).add(vxx); // vx^2+u*sqrt(-1)
const has_m_root = m_root_check.isZero();
const has_p_root = p_root_check.isZero();
const has_f_root = f_root_check.isZero();
- const x_sqrtm1 = x.mul(Fe.sqrtm1()); // x*sqrt(-1)
+ const x_sqrtm1 = x.mul(Fe.sqrtm1); // x*sqrt(-1)
x.cMov(x_sqrtm1, @boolToInt(has_p_root) | @boolToInt(has_f_root));
x = x.abs();
if ((@boolToInt(has_m_root) | @boolToInt(has_p_root)) == 0) {
@@ -53,13 +53,13 @@ pub const Ristretto255 = struct {
try rejectNonCanonical(s);
const s_ = Fe.fromBytes(s);
const ss = s_.sq(); // s^2
- const u1_ = Fe.one().sub(ss); // (1-s^2)
+ const u1_ = Fe.one.sub(ss); // (1-s^2)
const u1u1 = u1_.sq(); // (1-s^2)^2
- const u2_ = Fe.one().add(ss); // (1+s^2)
+ const u2_ = Fe.one.add(ss); // (1+s^2)
const u2u2 = u2_.sq(); // (1+s^2)^2
- const v = Fe.edwards25519d().mul(u1u1).neg().sub(u2u2); // -(d*u1^2)-u2^2
+ const v = Fe.edwards25519d.mul(u1u1).neg().sub(u2u2); // -(d*u1^2)-u2^2
const v_u2u2 = v.mul(u2u2); // v*u2^2
- const inv_sqrt = sqrtRatioM1(Fe.one(), v_u2u2) catch |e| {
+ const inv_sqrt = sqrtRatioM1(Fe.one, v_u2u2) catch |e| {
return error.InvalidEncoding;
};
var x = inv_sqrt.mul(u2_);
@@ -73,10 +73,10 @@ pub const Ristretto255 = struct {
const p: Curve = .{
.x = x,
.y = y,
- .z = Fe.one(),
+ .z = Fe.one,
.t = t,
};
- return Ristretto255 { .p = p };
+ return Ristretto255{ .p = p };
}
/// Encode to a Ristretto255 representative.
@@ -87,13 +87,13 @@ pub const Ristretto255 = struct {
u1_ = u1_.mul(zmy); // (Z+Y)*(Z-Y)
const u2_ = p.x.mul(p.y); // X*Y
const u1_u2u2 = u2_.sq().mul(u1_); // u1*u2^2
- const inv_sqrt = sqrtRatioM1(Fe.one(), u1_u2u2) catch unreachable;
+ const inv_sqrt = sqrtRatioM1(Fe.one, u1_u2u2) catch unreachable;
const den1 = inv_sqrt.mul(u1_);
const den2 = inv_sqrt.mul(u2_);
const z_inv = den1.mul(den2).mul(p.t); // den1*den2*T
- const ix = p.x.mul(Fe.sqrtm1()); // X*sqrt(-1)
- const iy = p.y.mul(Fe.sqrtm1()); // Y*sqrt(-1)
- const eden = den1.mul(Fe.edwards25519sqrtamd()); // den1/sqrt(a-d)
+ const ix = p.x.mul(Fe.sqrtm1); // X*sqrt(-1)
+ const iy = p.y.mul(Fe.sqrtm1); // Y*sqrt(-1)
+ const eden = den1.mul(Fe.edwards25519sqrtamd); // den1/sqrt(a-d)
const t_z_inv = p.t.mul(z_inv); // T*z_inv
const rotate = @boolToInt(t_z_inv.isNegative());
@@ -125,23 +125,22 @@ pub const Ristretto255 = struct {
/// Return error.WeakPublicKey if the resulting element is
/// the identity element.
pub inline fn mul(p: Ristretto255, s: [32]u8) !Ristretto255 {
- return Ristretto255 { .p = try p.p.mul(s) };
+ return Ristretto255{ .p = try p.p.mul(s) };
}
};
test "ristretto255" {
const p = Ristretto255.basePoint();
var buf: [256]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{p.toBytes()}), "E2F2AE0A6ABC4E71A884A961C500515F58E30B6AA582DD8DB6A65945E08D2D76");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{p.toBytes()}), "E2F2AE0A6ABC4E71A884A961C500515F58E30B6AA582DD8DB6A65945E08D2D76");
var r: [32]u8 = undefined;
try fmt.hexToBytes(r[0..], "6a493210f7499cd17fecb510ae0cea23a110e8d5b901f8acadd3095c73a3b919");
var q = try Ristretto255.fromBytes(r);
q = q.dbl().add(p);
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{q.toBytes()}), "E882B131016B52C1D3337080187CF768423EFCCBB517BB495AB812C4160FF44E");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{q.toBytes()}), "E882B131016B52C1D3337080187CF768423EFCCBB517BB495AB812C4160FF44E");
const s = [_]u8{15} ++ [_]u8{0} ** 31;
const w = try p.mul(s);
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{w.toBytes()}), "E0C418F7C8D9C4CDD7395B93EA124F3AD99021BB681DFC3302A9D99A2E53E64E");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{w.toBytes()}), "E0C418F7C8D9C4CDD7395B93EA124F3AD99021BB681DFC3302A9D99A2E53E64E");
}
lib/std/crypto/25519/scalar.zig
@@ -1,20 +1,17 @@
const std = @import("std");
const mem = std.mem;
-inline fn fieldSize() [32]u8 {
- return .{
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, // 2^252+27742317777372353535851937790883648493
- };
-}
+const field_size = [32]u8{
+ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, // 2^252+27742317777372353535851937790883648493
+};
const ScalarExpanded = struct {
- const L = fieldSize();
limbs: [64]i64 = [_]i64{0} ** 64,
fn fromBytes(s: [32]u8) ScalarExpanded {
var limbs: [64]i64 = undefined;
for (s) |x, idx| {
- limbs[idx] = @intCast(i64, x);
+ limbs[idx] = @as(i64, x);
}
mem.set(i64, limbs[32..], 0);
return .{ .limbs = limbs };
@@ -23,7 +20,7 @@ const ScalarExpanded = struct {
fn fromBytes64(s: [64]u8) ScalarExpanded {
var limbs: [64]i64 = undefined;
for (s) |x, idx| {
- limbs[idx] = @intCast(i64, x);
+ limbs[idx] = @as(i64, x);
}
return .{ .limbs = limbs };
}
@@ -38,7 +35,7 @@ const ScalarExpanded = struct {
const xi = limbs[i];
var j = i - 32;
while (j < k) : (j += 1) {
- const xj = limbs[j] + carry - 16 * xi * @intCast(i64, L[j - (i - 32)]);
+ const xj = limbs[j] + carry - 16 * xi * @as(i64, field_size[j - (i - 32)]);
carry = (xj + 128) >> 8;
limbs[j] = xj - carry * 256;
}
@@ -48,13 +45,13 @@ const ScalarExpanded = struct {
carry = 0;
comptime var j: usize = 0;
inline while (j < 32) : (j += 1) {
- const xi = limbs[j] + carry - (limbs[31] >> 4) * @intCast(i64, L[j]);
+ const xi = limbs[j] + carry - (limbs[31] >> 4) * @as(i64, field_size[j]);
carry = xi >> 8;
limbs[j] = xi & 255;
}
j = 0;
inline while (j < 32) : (j += 1) {
- limbs[j] -= carry * @intCast(i64, L[j]);
+ limbs[j] -= carry * @as(i64, field_size[j]);
}
j = 0;
inline while (j < 32) : (j += 1) {
@@ -116,15 +113,14 @@ const ScalarExpanded = struct {
/// Reject a scalar whose encoding is not canonical.
pub fn rejectNonCanonical(s: [32]u8) !void {
- const L = fieldSize();
var c: u8 = 0;
var n: u8 = 1;
var i: usize = 31;
while (true) {
- const xs = @intCast(u16, s[i]);
- const xL = @intCast(u16, L[i]);
- c |= @intCast(u8, ((xs -% xL) >> 8) & n);
- n &= @intCast(u8, ((xs ^ xL) -% 1) >> 8);
+ const xs = @as(u16, s[i]);
+ const xfield_size = @as(u16, field_size[i]);
+ c |= @intCast(u8, ((xs -% xfield_size) >> 8) & n);
+ n &= @intCast(u8, ((xs ^ xfield_size) -% 1) >> 8);
if (i == 0) break;
i -= 1;
}
@@ -161,12 +157,10 @@ test "scalar25519" {
var y = x.toBytes();
try rejectNonCanonical(y);
var buf: [128]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{y}), "1E979B917937F3DE71D18077F961F6CEFF01030405060708010203040506070F");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{y}), "1E979B917937F3DE71D18077F961F6CEFF01030405060708010203040506070F");
- const field_size = fieldSize();
const reduced = reduce(field_size);
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{reduced}), "0000000000000000000000000000000000000000000000000000000000000000");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{reduced}), "0000000000000000000000000000000000000000000000000000000000000000");
}
test "non-canonical scalar25519" {
@@ -174,12 +168,11 @@ test "non-canonical scalar25519" {
std.testing.expectError(error.NonCanonical, rejectNonCanonical(too_targe));
}
-test "scalar25519 mulAdd overflow check" {
+test "mulAdd overflow check" {
const a: [32]u8 = [_]u8{0xff} ** 32;
const b: [32]u8 = [_]u8{0xff} ** 32;
const c: [32]u8 = [_]u8{0xff} ** 32;
const x = mulAdd(a, b, c);
var buf: [128]u8 = undefined;
- const alloc = &std.heap.FixedBufferAllocator.init(&buf).allocator;
- std.testing.expectEqualStrings(try std.fmt.allocPrint(alloc, "{X}", .{x}), "D14DF91389432C25AD60FF9791B9FD1D67BEF517D273ECCE3D9A307C1B419903");
+ std.testing.expectEqualStrings(try std.fmt.bufPrint(&buf, "{X}", .{x}), "D14DF91389432C25AD60FF9791B9FD1D67BEF517D273ECCE3D9A307C1B419903");
}
lib/std/crypto/25519/x25519.zig
@@ -56,32 +56,32 @@ test "x25519 public key calculation from secret key" {
}
test "x25519 rfc7748 vector1" {
- const secret_key = "\xa5\x46\xe3\x6b\xf0\x52\x7c\x9d\x3b\x16\x15\x4b\x82\x46\x5e\xdd\x62\x14\x4c\x0a\xc1\xfc\x5a\x18\x50\x6a\x22\x44\xba\x44\x9a\xc4";
- const public_key = "\xe6\xdb\x68\x67\x58\x30\x30\xdb\x35\x94\xc1\xa4\x24\xb1\x5f\x7c\x72\x66\x24\xec\x26\xb3\x35\x3b\x10\xa9\x03\xa6\xd0\xab\x1c\x4c";
+ const secret_key = [32]u8{ 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd, 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18, 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4 };
+ const public_key = [32]u8{ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb, 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c, 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b, 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c };
- const expected_output = "\xc3\xda\x55\x37\x9d\xe9\xc6\x90\x8e\x94\xea\x4d\xf2\x8d\x08\x4f\x32\xec\xcf\x03\x49\x1c\x71\xf7\x54\xb4\x07\x55\x77\xa2\x85\x52";
+ const expected_output = [32]u8{ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90, 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 };
var output: [32]u8 = undefined;
- std.testing.expect(X25519.create(output[0..], secret_key, public_key));
- std.testing.expect(std.mem.eql(u8, &output, expected_output));
+ std.testing.expect(X25519.create(output[0..], secret_key[0..], public_key[0..]));
+ std.testing.expect(std.mem.eql(u8, &output, expected_output[0..]));
}
test "x25519 rfc7748 vector2" {
- const secret_key = "\x4b\x66\xe9\xd4\xd1\xb4\x67\x3c\x5a\xd2\x26\x91\x95\x7d\x6a\xf5\xc1\x1b\x64\x21\xe0\xea\x01\xd4\x2c\xa4\x16\x9e\x79\x18\xba\x0d";
- const public_key = "\xe5\x21\x0f\x12\x78\x68\x11\xd3\xf4\xb7\x95\x9d\x05\x38\xae\x2c\x31\xdb\xe7\x10\x6f\xc0\x3c\x3e\xfc\x4c\xd5\x49\xc7\x15\xa4\x93";
+ const secret_key = [32]u8{ 0x4b, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c, 0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5, 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4, 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x0d };
+ const public_key = [32]u8{ 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3, 0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c, 0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e, 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x93 };
- const expected_output = "\x95\xcb\xde\x94\x76\xe8\x90\x7d\x7a\xad\xe4\x5c\xb4\xb8\x73\xf8\x8b\x59\x5a\x68\x79\x9f\xa1\x52\xe6\xf8\xf7\x64\x7a\xac\x79\x57";
+ const expected_output = [32]u8{ 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d, 0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57 };
var output: [32]u8 = undefined;
- std.testing.expect(X25519.create(output[0..], secret_key, public_key));
- std.testing.expect(std.mem.eql(u8, &output, expected_output));
+ std.testing.expect(X25519.create(output[0..], secret_key[0..], public_key[0..]));
+ std.testing.expect(std.mem.eql(u8, &output, expected_output[0..]));
}
test "x25519 rfc7748 one iteration" {
- const initial_value = "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".*;
- const expected_output = "\x42\x2c\x8e\x7a\x62\x27\xd7\xbc\xa1\x35\x0b\x3e\x2b\xb7\x27\x9f\x78\x97\xb8\x7b\xb6\x85\x4b\x78\x3c\x60\xe8\x03\x11\xae\x30\x79";
+ const initial_value = [32]u8{ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ const expected_output = [32]u8{ 0x42, 0x2c, 0x8e, 0x7a, 0x62, 0x27, 0xd7, 0xbc, 0xa1, 0x35, 0x0b, 0x3e, 0x2b, 0xb7, 0x27, 0x9f, 0x78, 0x97, 0xb8, 0x7b, 0xb6, 0x85, 0x4b, 0x78, 0x3c, 0x60, 0xe8, 0x03, 0x11, 0xae, 0x30, 0x79 };
var k: [32]u8 = initial_value;
var u: [32]u8 = initial_value;
@@ -95,7 +95,7 @@ test "x25519 rfc7748 one iteration" {
std.mem.copy(u8, k[0..], output[0..]);
}
- std.testing.expect(std.mem.eql(u8, k[0..], expected_output));
+ std.testing.expect(std.mem.eql(u8, k[0..], expected_output[0..]));
}
test "x25519 rfc7748 1,000 iterations" {
@@ -104,8 +104,8 @@ test "x25519 rfc7748 1,000 iterations" {
return error.SkipZigTest;
}
- const initial_value = "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- const expected_output = "\x68\x4c\xf5\x9b\xa8\x33\x09\x55\x28\x00\xef\x56\x6f\x2f\x4d\x3c\x1c\x38\x87\xc4\x93\x60\xe3\x87\x5f\x2e\xb9\x4d\x99\x53\x2c\x51";
+ const initial_value = [32]u8{ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ const expected_output = [32]u8{ 0x68, 0x4c, 0xf5, 0x9b, 0xa8, 0x33, 0x09, 0x55, 0x28, 0x00, 0xef, 0x56, 0x6f, 0x2f, 0x4d, 0x3c, 0x1c, 0x38, 0x87, 0xc4, 0x93, 0x60, 0xe3, 0x87, 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51 };
var k: [32]u8 = initial_value.*;
var u: [32]u8 = initial_value.*;
@@ -127,8 +127,8 @@ test "x25519 rfc7748 1,000,000 iterations" {
return error.SkipZigTest;
}
- const initial_value = "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- const expected_output = "\x7c\x39\x11\xe0\xab\x25\x86\xfd\x86\x44\x97\x29\x7e\x57\x5e\x6f\x3b\xc6\x01\xc0\x88\x3c\x30\xdf\x5f\x4d\xd2\xd2\x4f\x66\x54\x24";
+ const initial_value = [32]u8{ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ const expected_output = [32]u8{ 0x7c, 0x39, 0x11, 0xe0, 0xab, 0x25, 0x86, 0xfd, 0x86, 0x44, 0x97, 0x29, 0x7e, 0x57, 0x5e, 0x6f, 0x3b, 0xc6, 0x01, 0xc0, 0x88, 0x3c, 0x30, 0xdf, 0x5f, 0x4d, 0xd2, 0xd2, 0x4f, 0x66, 0x54, 0x24 };
var k: [32]u8 = initial_value.*;
var u: [32]u8 = initial_value.*;