Skip to content

Commit 1774bf9

Browse files
jedisct1jedisct1
committed
Make 128X2 AEGIS-MAC consistent with the proposed spec
1 parent 0ed830d commit 1774bf9

File tree

2 files changed

+63
-5
lines changed

2 files changed

+63
-5
lines changed

src/aegis128x2/aegis128x2_common.h

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -200,11 +200,11 @@ aegis128x2_mac_nr(uint8_t *mac, size_t maclen, uint64_t adlen, aes_block_t *stat
200200
tmp = AES_BLOCK_XOR(tmp, AES_BLOCK_XOR(state[3], state[2]));
201201
tmp = AES_BLOCK_XOR(tmp, AES_BLOCK_XOR(state[1], state[0]));
202202
AES_BLOCK_STORE(t, tmp);
203-
for (i = 1; i < d; i++) {
204-
memcpy(r, t + i * 16, 16);
203+
for (i = 0; i < d / 2; i++) {
204+
memcpy(r, t + i * 32, 32);
205205
aegis128x2_absorb(r, state);
206206
}
207-
tmp = AES_BLOCK_LOAD_64x2(maclen, d);
207+
tmp = AES_BLOCK_LOAD_64x2(d, maclen);
208208
for (i = 0; i < 7; i++) {
209209
aegis128x2_update(state, tmp, tmp);
210210
}
@@ -227,7 +227,7 @@ aegis128x2_mac_nr(uint8_t *mac, size_t maclen, uint64_t adlen, aes_block_t *stat
227227
memcpy(r + 16, t + AES_BLOCK_LENGTH + i * 16, 16);
228228
aegis128x2_absorb(r, state);
229229
}
230-
tmp = AES_BLOCK_LOAD_64x2(maclen, d);
230+
tmp = AES_BLOCK_LOAD_64x2(d, maclen);
231231
for (i = 0; i < 7; i++) {
232232
aegis128x2_update(state, tmp, tmp);
233233
}
@@ -765,7 +765,7 @@ state_mac_final(aegis128x2_mac_state *st_, uint8_t *mac, size_t maclen)
765765
memset(st->buf + left, 0, RATE - left);
766766
aegis128x2_absorb(st->buf, blocks);
767767
}
768-
aegis128x2_mac_nr(mac, maclen, st->adlen, st->blocks);
768+
aegis128x2_mac_nr(mac, maclen, st->adlen, blocks);
769769

770770
memcpy(st->blocks, blocks, sizeof blocks);
771771

src/test/main.zig

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -742,6 +742,64 @@ test "aegis128x4 - MAC" {
742742
try testing.expectEqualSlices(u8, &mac, &mac2);
743743
}
744744

745+
test "aegis128l - MAC test vector" {
746+
const key = [_]u8{ 0x10, 0x01 } ++ [_]u8{0x00} ** (16 - 2);
747+
const nonce = [_]u8{ 0x10, 0x00, 0x02 } ++ [_]u8{0x00} ** (16 - 3);
748+
var msg: [35]u8 = undefined;
749+
for (&msg, 0..) |*byte, i| byte.* = @truncate(i);
750+
var mac128: [16]u8 = undefined;
751+
var mac256: [32]u8 = undefined;
752+
var st: aegis.aegis128l_mac_state = undefined;
753+
var ret: c_int = undefined;
754+
aegis.aegis128l_mac_init(&st, &key, &nonce);
755+
ret = aegis.aegis128l_mac_update(&st, &msg, msg.len);
756+
try testing.expectEqual(ret, 0);
757+
ret = aegis.aegis128l_mac_final(&st, &mac128, mac128.len);
758+
try testing.expectEqual(ret, 0);
759+
aegis.aegis128l_mac_reset(&st);
760+
ret = aegis.aegis128l_mac_update(&st, &msg, msg.len);
761+
try testing.expectEqual(ret, 0);
762+
ret = aegis.aegis128l_mac_final(&st, &mac256, mac256.len);
763+
try testing.expectEqual(ret, 0);
764+
const expected128_hex = "3982e98c66fa9232e9190ec57b120725";
765+
const expected256_hex = "a7d01b4636e8d312af8b65b3bb680feb8ffd62aa234584001b1e419b4b40c317";
766+
var expected128: [16]u8 = undefined;
767+
var expected256: [32]u8 = undefined;
768+
_ = try std.fmt.hexToBytes(&expected128, expected128_hex);
769+
_ = try std.fmt.hexToBytes(&expected256, expected256_hex);
770+
try std.testing.expectEqualSlices(u8, &expected128, &mac128);
771+
try std.testing.expectEqualSlices(u8, &expected256, &mac256);
772+
}
773+
774+
test "aegis128x2 - MAC test vector" {
775+
const key = [_]u8{ 0x10, 0x01 } ++ [_]u8{0x00} ** (16 - 2);
776+
const nonce = [_]u8{ 0x10, 0x00, 0x02 } ++ [_]u8{0x00} ** (16 - 3);
777+
var msg: [35]u8 = undefined;
778+
for (&msg, 0..) |*byte, i| byte.* = @truncate(i);
779+
var mac128: [16]u8 = undefined;
780+
var mac256: [32]u8 = undefined;
781+
var st: aegis.aegis128x2_mac_state = undefined;
782+
var ret: c_int = undefined;
783+
aegis.aegis128x2_mac_init(&st, &key, &nonce);
784+
ret = aegis.aegis128x2_mac_update(&st, &msg, msg.len);
785+
try testing.expectEqual(ret, 0);
786+
ret = aegis.aegis128x2_mac_final(&st, &mac128, mac128.len);
787+
try testing.expectEqual(ret, 0);
788+
aegis.aegis128x2_mac_reset(&st);
789+
ret = aegis.aegis128x2_mac_update(&st, &msg, msg.len);
790+
try testing.expectEqual(ret, 0);
791+
ret = aegis.aegis128x2_mac_final(&st, &mac256, mac256.len);
792+
try testing.expectEqual(ret, 0);
793+
const expected128_hex = "30ff53a9e8fe94705b753598b4899ded";
794+
const expected256_hex = "cfcd370c2f182244b512ec5c7e71f54e2b56ae9e8462e845ec02d4f65bc346c0";
795+
var expected128: [16]u8 = undefined;
796+
var expected256: [32]u8 = undefined;
797+
_ = try std.fmt.hexToBytes(&expected128, expected128_hex);
798+
_ = try std.fmt.hexToBytes(&expected256, expected256_hex);
799+
try std.testing.expectEqualSlices(u8, &expected128, &mac128);
800+
try std.testing.expectEqualSlices(u8, &expected256, &mac256);
801+
}
802+
745803
// Wycheproof tests
746804

747805
const JsonTest = struct {

0 commit comments

Comments
 (0)