hatter/chacha20-poly1305-stream
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: fix tests

Browse Source
This commit is contained in:
Hatter Jiang
2023-10-20 00:09:27 +08:00
parent 93d778bdcb
commit 2e48e5d18d
7 changed files with 180 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/aead.rs
View File

@@ -22,7 +22,7 @@ const CHACHA20_COUNTER_OVERFLOW: u64 = ((1 << 32) - 1) * 64;
/// # Example /// # Example
/// ///
/// ``` /// ```
/// use chacha20_poly1305_aead::encrypt; /// use chacha20_poly1305_stream::encrypt;
/// ///
/// let key = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, /// let key = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
/// 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]; /// 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31];
@@ -99,9 +99,9 @@ pub fn encrypt_read<R: Read, W: Write>(key: &[u8], nonce: &[u8],
/// # Example /// # Example
/// ///
/// ``` /// ```
/// # use chacha20_poly1305_aead::DecryptError; /// # use chacha20_poly1305_stream::DecryptError;
/// # fn example() -> Result<(), DecryptError> { /// # fn example() -> Result<(), DecryptError> {
/// use chacha20_poly1305_aead::decrypt; /// use chacha20_poly1305_stream::decrypt;
/// ///
/// let key = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, /// let key = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
/// 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]; /// 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31];
@@ -116,7 +116,7 @@ pub fn encrypt_read<R: Read, W: Write>(key: &[u8], nonce: &[u8],
/// // Vec implements the Write trait /// // Vec implements the Write trait
/// let mut plaintext = Vec::with_capacity(ciphertext.len()); /// let mut plaintext = Vec::with_capacity(ciphertext.len());
/// ///
/// try!(decrypt(&key, &nonce, &aad, &ciphertext, &tag, &mut plaintext)); /// decrypt(&key, &nonce, &aad, &ciphertext, &tag, &mut plaintext)?;
/// ///
/// assert_eq!(plaintext, b"hello, world"); /// assert_eq!(plaintext, b"hello, world");
/// # Ok(()) /// # Ok(())

7
src/as_bytes.rs
View File

@@ -34,10 +34,17 @@ impl<T: Safe> AsBytes for [T] {
} }
unsafe impl Safe for u8 {} unsafe impl Safe for u8 {}
unsafe impl Safe for u16 {} unsafe impl Safe for u16 {}
unsafe impl Safe for u32 {} unsafe impl Safe for u32 {}
unsafe impl Safe for u64 {} unsafe impl Safe for u64 {}
unsafe impl Safe for i8 {} unsafe impl Safe for i8 {}
unsafe impl Safe for i16 {} unsafe impl Safe for i16 {}
unsafe impl Safe for i32 {} unsafe impl Safe for i32 {}
unsafe impl Safe for i64 {} unsafe impl Safe for i64 {}

114
src/chacha20.rs
View File

@@ -10,7 +10,7 @@ use crate::simd::{Vector4, u32x4};
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct ChaCha20 { pub struct ChaCha20 {
state: [u32x4; 3] state: [u32x4; 3],
} }
#[cfg_attr(feature = "clippy", allow(should_implement_trait))] #[cfg_attr(feature = "clippy", allow(should_implement_trait))]
@@ -105,20 +105,20 @@ impl ChaCha20 {
#[cold] #[cold]
pub fn selftest() { pub fn selftest() {
let key = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, let key = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f]; 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f];
let nonce = [0x00, 0x00, 0x00, 0x09, let nonce = [0x00, 0x00, 0x00, 0x09,
0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x4a,
0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00];
let expected = [0x10, 0xf1, 0xe7, 0xe4, 0xd1, 0x3b, 0x59, 0x15, let expected = [0x10, 0xf1, 0xe7, 0xe4, 0xd1, 0x3b, 0x59, 0x15,
0x50, 0x0f, 0xdd, 0x1f, 0xa3, 0x20, 0x71, 0xc4, 0x50, 0x0f, 0xdd, 0x1f, 0xa3, 0x20, 0x71, 0xc4,
0xc7, 0xd1, 0xf4, 0xc7, 0x33, 0xc0, 0x68, 0x03, 0xc7, 0xd1, 0xf4, 0xc7, 0x33, 0xc0, 0x68, 0x03,
0x04, 0x22, 0xaa, 0x9a, 0xc3, 0xd4, 0x6c, 0x4e, 0x04, 0x22, 0xaa, 0x9a, 0xc3, 0xd4, 0x6c, 0x4e,
0xd2, 0x82, 0x64, 0x46, 0x07, 0x9f, 0xaa, 0x09, 0xd2, 0x82, 0x64, 0x46, 0x07, 0x9f, 0xaa, 0x09,
0x14, 0xc2, 0xd7, 0x05, 0xd9, 0x8b, 0x02, 0xa2, 0x14, 0xc2, 0xd7, 0x05, 0xd9, 0x8b, 0x02, 0xa2,
0xb5, 0x12, 0x9c, 0xd1, 0xde, 0x16, 0x4e, 0xb9, 0xb5, 0x12, 0x9c, 0xd1, 0xde, 0x16, 0x4e, 0xb9,
0xcb, 0xd0, 0x83, 0xe8, 0xa2, 0x50, 0x3c, 0x4e]; 0xcb, 0xd0, 0x83, 0xe8, 0xa2, 0x50, 0x3c, 0x4e];
let mut state = ChaCha20::with_counter(&key, &nonce, 1); let mut state = ChaCha20::with_counter(&key, &nonce, 1);
let block = state.next(); let block = state.next();
@@ -127,7 +127,7 @@ pub fn selftest() {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use as_bytes::AsBytes; use crate::as_bytes::AsBytes;
use super::ChaCha20; use super::ChaCha20;
#[test] #[test]
@@ -141,82 +141,82 @@ mod tests {
assert_eq!(state.next().as_bytes(), assert_eq!(state.next().as_bytes(),
&[0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90, &[0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28, 0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a, 0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a,
0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7, 0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7,
0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d, 0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d,
0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37, 0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37,
0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c, 0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c,
0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86][..]); 0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86][..]);
assert_eq!(state.next().as_bytes(), assert_eq!(state.next().as_bytes(),
&[0x9f, 0x07, 0xe7, 0xbe, 0x55, 0x51, 0x38, 0x7a, &[0x9f, 0x07, 0xe7, 0xbe, 0x55, 0x51, 0x38, 0x7a,
0x98, 0xba, 0x97, 0x7c, 0x73, 0x2d, 0x08, 0x0d, 0x98, 0xba, 0x97, 0x7c, 0x73, 0x2d, 0x08, 0x0d,
0xcb, 0x0f, 0x29, 0xa0, 0x48, 0xe3, 0x65, 0x69, 0xcb, 0x0f, 0x29, 0xa0, 0x48, 0xe3, 0x65, 0x69,
0x12, 0xc6, 0x53, 0x3e, 0x32, 0xee, 0x7a, 0xed, 0x12, 0xc6, 0x53, 0x3e, 0x32, 0xee, 0x7a, 0xed,
0x29, 0xb7, 0x21, 0x76, 0x9c, 0xe6, 0x4e, 0x43, 0x29, 0xb7, 0x21, 0x76, 0x9c, 0xe6, 0x4e, 0x43,
0xd5, 0x71, 0x33, 0xb0, 0x74, 0xd8, 0x39, 0xd5, 0xd5, 0x71, 0x33, 0xb0, 0x74, 0xd8, 0x39, 0xd5,
0x31, 0xed, 0x1f, 0x28, 0x51, 0x0a, 0xfb, 0x45, 0x31, 0xed, 0x1f, 0x28, 0x51, 0x0a, 0xfb, 0x45,
0xac, 0xe1, 0x0a, 0x1f, 0x4b, 0x79, 0x4d, 0x6f][..]); 0xac, 0xe1, 0x0a, 0x1f, 0x4b, 0x79, 0x4d, 0x6f][..]);
} }
#[test] #[test]
fn test_vector_3() { fn test_vector_3() {
let key = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01];
let mut state = ChaCha20::with_counter(&key, &[0; 12], 1); let mut state = ChaCha20::with_counter(&key, &[0; 12], 1);
assert_eq!(state.next().as_bytes(), assert_eq!(state.next().as_bytes(),
&[0x3a, 0xeb, 0x52, 0x24, 0xec, 0xf8, 0x49, 0x92, &[0x3a, 0xeb, 0x52, 0x24, 0xec, 0xf8, 0x49, 0x92,
0x9b, 0x9d, 0x82, 0x8d, 0xb1, 0xce, 0xd4, 0xdd, 0x9b, 0x9d, 0x82, 0x8d, 0xb1, 0xce, 0xd4, 0xdd,
0x83, 0x20, 0x25, 0xe8, 0x01, 0x8b, 0x81, 0x60, 0x83, 0x20, 0x25, 0xe8, 0x01, 0x8b, 0x81, 0x60,
0xb8, 0x22, 0x84, 0xf3, 0xc9, 0x49, 0xaa, 0x5a, 0xb8, 0x22, 0x84, 0xf3, 0xc9, 0x49, 0xaa, 0x5a,
0x8e, 0xca, 0x00, 0xbb, 0xb4, 0xa7, 0x3b, 0xda, 0x8e, 0xca, 0x00, 0xbb, 0xb4, 0xa7, 0x3b, 0xda,
0xd1, 0x92, 0xb5, 0xc4, 0x2f, 0x73, 0xf2, 0xfd, 0xd1, 0x92, 0xb5, 0xc4, 0x2f, 0x73, 0xf2, 0xfd,
0x4e, 0x27, 0x36, 0x44, 0xc8, 0xb3, 0x61, 0x25, 0x4e, 0x27, 0x36, 0x44, 0xc8, 0xb3, 0x61, 0x25,
0xa6, 0x4a, 0xdd, 0xeb, 0x00, 0x6c, 0x13, 0xa0][..]); 0xa6, 0x4a, 0xdd, 0xeb, 0x00, 0x6c, 0x13, 0xa0][..]);
} }
#[test] #[test]
fn test_vector_4() { fn test_vector_4() {
let key = [0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = ChaCha20::with_counter(&key, &[0; 12], 2); let mut state = ChaCha20::with_counter(&key, &[0; 12], 2);
assert_eq!(state.next().as_bytes(), assert_eq!(state.next().as_bytes(),
&[0x72, 0xd5, 0x4d, 0xfb, 0xf1, 0x2e, 0xc4, 0x4b, &[0x72, 0xd5, 0x4d, 0xfb, 0xf1, 0x2e, 0xc4, 0x4b,
0x36, 0x26, 0x92, 0xdf, 0x94, 0x13, 0x7f, 0x32, 0x36, 0x26, 0x92, 0xdf, 0x94, 0x13, 0x7f, 0x32,
0x8f, 0xea, 0x8d, 0xa7, 0x39, 0x90, 0x26, 0x5e, 0x8f, 0xea, 0x8d, 0xa7, 0x39, 0x90, 0x26, 0x5e,
0xc1, 0xbb, 0xbe, 0xa1, 0xae, 0x9a, 0xf0, 0xca, 0xc1, 0xbb, 0xbe, 0xa1, 0xae, 0x9a, 0xf0, 0xca,
0x13, 0xb2, 0x5a, 0xa2, 0x6c, 0xb4, 0xa6, 0x48, 0x13, 0xb2, 0x5a, 0xa2, 0x6c, 0xb4, 0xa6, 0x48,
0xcb, 0x9b, 0x9d, 0x1b, 0xe6, 0x5b, 0x2c, 0x09, 0xcb, 0x9b, 0x9d, 0x1b, 0xe6, 0x5b, 0x2c, 0x09,
0x24, 0xa6, 0x6c, 0x54, 0xd5, 0x45, 0xec, 0x1b, 0x24, 0xa6, 0x6c, 0x54, 0xd5, 0x45, 0xec, 0x1b,
0x73, 0x74, 0xf4, 0x87, 0x2e, 0x99, 0xf0, 0x96][..]); 0x73, 0x74, 0xf4, 0x87, 0x2e, 0x99, 0xf0, 0x96][..]);
} }
#[test] #[test]
fn test_vector_5() { fn test_vector_5() {
let nonce = [0x00, 0x00, 0x00, 0x00, let nonce = [0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x02]; 0x00, 0x00, 0x00, 0x02];
let mut state = ChaCha20::with_counter(&[0; 32], &nonce, 0); let mut state = ChaCha20::with_counter(&[0; 32], &nonce, 0);
assert_eq!(state.next().as_bytes(), assert_eq!(state.next().as_bytes(),
&[0xc2, 0xc6, 0x4d, 0x37, 0x8c, 0xd5, 0x36, 0x37, &[0xc2, 0xc6, 0x4d, 0x37, 0x8c, 0xd5, 0x36, 0x37,
0x4a, 0xe2, 0x04, 0xb9, 0xef, 0x93, 0x3f, 0xcd, 0x4a, 0xe2, 0x04, 0xb9, 0xef, 0x93, 0x3f, 0xcd,
0x1a, 0x8b, 0x22, 0x88, 0xb3, 0xdf, 0xa4, 0x96, 0x1a, 0x8b, 0x22, 0x88, 0xb3, 0xdf, 0xa4, 0x96,
0x72, 0xab, 0x76, 0x5b, 0x54, 0xee, 0x27, 0xc7, 0x72, 0xab, 0x76, 0x5b, 0x54, 0xee, 0x27, 0xc7,
0x8a, 0x97, 0x0e, 0x0e, 0x95, 0x5c, 0x14, 0xf3, 0x8a, 0x97, 0x0e, 0x0e, 0x95, 0x5c, 0x14, 0xf3,
0xa8, 0x8e, 0x74, 0x1b, 0x97, 0xc2, 0x86, 0xf7, 0xa8, 0x8e, 0x74, 0x1b, 0x97, 0xc2, 0x86, 0xf7,
0x5f, 0x8f, 0xc2, 0x99, 0xe8, 0x14, 0x83, 0x62, 0x5f, 0x8f, 0xc2, 0x99, 0xe8, 0x14, 0x83, 0x62,
0xfa, 0x19, 0x8a, 0x39, 0x53, 0x1b, 0xed, 0x6d][..]); 0xfa, 0x19, 0x8a, 0x39, 0x53, 0x1b, 0xed, 0x6d][..]);
} }
} }

204
src/poly1305.rs
View File

@@ -39,10 +39,10 @@ impl Poly1305 {
a: [0; 5], a: [0; 5],
// r &= 0x0ffffffc_0ffffffc_0ffffffc_0fffffff; // r &= 0x0ffffffc_0ffffffc_0ffffffc_0fffffff;
r: [u32_from_le(&key[ 0.. 4]) & 0x03ffffff, r: [u32_from_le(&key[0..4]) & 0x03ffffff,
u32_from_le(&key[ 3.. 7]) >> 2 & 0x03ffff03, u32_from_le(&key[3..7]) >> 2 & 0x03ffff03,
u32_from_le(&key[ 6..10]) >> 4 & 0x03ffc0ff, u32_from_le(&key[6..10]) >> 4 & 0x03ffc0ff,
u32_from_le(&key[ 9..13]) >> 6 & 0x03f03fff, u32_from_le(&key[9..13]) >> 6 & 0x03f03fff,
u32_from_le(&key[12..16]) >> 8 & 0x000fffff], u32_from_le(&key[12..16]) >> 8 & 0x000fffff],
s: [u32_from_le(&key[16..20]), s: [u32_from_le(&key[16..20]),
@@ -54,11 +54,11 @@ impl Poly1305 {
pub fn block(&mut self, msg: &[u8]) { pub fn block(&mut self, msg: &[u8]) {
assert!(msg.len() == 16); assert!(msg.len() == 16);
self.accumulate(u32_from_le(&msg[ 0.. 4]) & 0x03ffffff, self.accumulate(u32_from_le(&msg[0..4]) & 0x03ffffff,
u32_from_le(&msg[ 3.. 7]) >> 2 & 0x03ffffff, u32_from_le(&msg[3..7]) >> 2 & 0x03ffffff,
u32_from_le(&msg[ 6..10]) >> 4 & 0x03ffffff, u32_from_le(&msg[6..10]) >> 4 & 0x03ffffff,
u32_from_le(&msg[ 9..13]) >> 6 & 0x03ffffff, u32_from_le(&msg[9..13]) >> 6 & 0x03ffffff,
u32_from_le(&msg[12..16]) >> 8 | (1 << 24)); u32_from_le(&msg[12..16]) >> 8 | (1 << 24));
} }
pub fn last_block(mut self, msg: &[u8]) -> [u32; 4] { pub fn last_block(mut self, msg: &[u8]) -> [u32; 4] {
@@ -69,10 +69,10 @@ impl Poly1305 {
buf[..msg.len()].clone_from_slice(msg); buf[..msg.len()].clone_from_slice(msg);
buf[msg.len()] = 1; buf[msg.len()] = 1;
self.accumulate(u32_from_le(&buf[ 0.. 4]) & 0x03ffffff, self.accumulate(u32_from_le(&buf[0..4]) & 0x03ffffff,
u32_from_le(&buf[ 3.. 7]) >> 2 & 0x03ffffff, u32_from_le(&buf[3..7]) >> 2 & 0x03ffffff,
u32_from_le(&buf[ 6..10]) >> 4 & 0x03ffffff, u32_from_le(&buf[6..10]) >> 4 & 0x03ffffff,
u32_from_le(&buf[ 9..13]) >> 6 & 0x03ffffff, u32_from_le(&buf[9..13]) >> 6 & 0x03ffffff,
u32_from_le(&buf[13..17])); u32_from_le(&buf[13..17]));
} }
@@ -110,35 +110,35 @@ impl Poly1305 {
// t = r * a; high limbs multiplied by 5 and added to low limbs // t = r * a; high limbs multiplied by 5 and added to low limbs
let mut t = [0; 5]; let mut t = [0; 5];
t[0] += self.r[0] as u64 * self.a[0] as u64; t[0] += self.r[0] as u64 * self.a[0] as u64;
t[1] += self.r[0] as u64 * self.a[1] as u64; t[1] += self.r[0] as u64 * self.a[1] as u64;
t[2] += self.r[0] as u64 * self.a[2] as u64; t[2] += self.r[0] as u64 * self.a[2] as u64;
t[3] += self.r[0] as u64 * self.a[3] as u64; t[3] += self.r[0] as u64 * self.a[3] as u64;
t[4] += self.r[0] as u64 * self.a[4] as u64; t[4] += self.r[0] as u64 * self.a[4] as u64;
t[0] += (5 * self.r[1]) as u64 * self.a[4] as u64; t[0] += (5 * self.r[1]) as u64 * self.a[4] as u64;
t[1] += self.r[1] as u64 * self.a[0] as u64; t[1] += self.r[1] as u64 * self.a[0] as u64;
t[2] += self.r[1] as u64 * self.a[1] as u64; t[2] += self.r[1] as u64 * self.a[1] as u64;
t[3] += self.r[1] as u64 * self.a[2] as u64; t[3] += self.r[1] as u64 * self.a[2] as u64;
t[4] += self.r[1] as u64 * self.a[3] as u64; t[4] += self.r[1] as u64 * self.a[3] as u64;
t[0] += (5 * self.r[2]) as u64 * self.a[3] as u64; t[0] += (5 * self.r[2]) as u64 * self.a[3] as u64;
t[1] += (5 * self.r[2]) as u64 * self.a[4] as u64; t[1] += (5 * self.r[2]) as u64 * self.a[4] as u64;
t[2] += self.r[2] as u64 * self.a[0] as u64; t[2] += self.r[2] as u64 * self.a[0] as u64;
t[3] += self.r[2] as u64 * self.a[1] as u64; t[3] += self.r[2] as u64 * self.a[1] as u64;
t[4] += self.r[2] as u64 * self.a[2] as u64; t[4] += self.r[2] as u64 * self.a[2] as u64;
t[0] += (5 * self.r[3]) as u64 * self.a[2] as u64; t[0] += (5 * self.r[3]) as u64 * self.a[2] as u64;
t[1] += (5 * self.r[3]) as u64 * self.a[3] as u64; t[1] += (5 * self.r[3]) as u64 * self.a[3] as u64;
t[2] += (5 * self.r[3]) as u64 * self.a[4] as u64; t[2] += (5 * self.r[3]) as u64 * self.a[4] as u64;
t[3] += self.r[3] as u64 * self.a[0] as u64; t[3] += self.r[3] as u64 * self.a[0] as u64;
t[4] += self.r[3] as u64 * self.a[1] as u64; t[4] += self.r[3] as u64 * self.a[1] as u64;
t[0] += (5 * self.r[4]) as u64 * self.a[1] as u64; t[0] += (5 * self.r[4]) as u64 * self.a[1] as u64;
t[1] += (5 * self.r[4]) as u64 * self.a[2] as u64; t[1] += (5 * self.r[4]) as u64 * self.a[2] as u64;
t[2] += (5 * self.r[4]) as u64 * self.a[3] as u64; t[2] += (5 * self.r[4]) as u64 * self.a[3] as u64;
t[3] += (5 * self.r[4]) as u64 * self.a[4] as u64; t[3] += (5 * self.r[4]) as u64 * self.a[4] as u64;
t[4] += self.r[4] as u64 * self.a[0] as u64; t[4] += self.r[4] as u64 * self.a[0] as u64;
// propagate carries // propagate carries
t[1] += t[0] >> 26; t[1] += t[0] >> 26;
@@ -165,11 +165,11 @@ impl Poly1305 {
fn propagate_carries(&mut self) { fn propagate_carries(&mut self) {
// propagate carries // propagate carries
self.a[2] += self.a[1] >> 26; self.a[2] += self.a[1] >> 26;
self.a[3] += self.a[2] >> 26; self.a[3] += self.a[2] >> 26;
self.a[4] += self.a[3] >> 26; self.a[4] += self.a[3] >> 26;
self.a[0] += (self.a[4] >> 26) * 5; self.a[0] += (self.a[4] >> 26) * 5;
self.a[1] += self.a[0] >> 26; self.a[1] += self.a[0] >> 26;
// mask out carries // mask out carries
self.a[0] &= 0x03ffffff; self.a[0] &= 0x03ffffff;
@@ -186,13 +186,13 @@ impl Poly1305 {
// t = a - p // t = a - p
t[0] += 5; t[0] += 5;
t[4] = t[4].wrapping_sub(1 << 26); t[4] = t[4].wrapping_sub(1 << 26);
// propagate carries // propagate carries
t[1] += t[0] >> 26; t[1] += t[0] >> 26;
t[2] += t[1] >> 26; t[2] += t[1] >> 26;
t[3] += t[2] >> 26; t[3] += t[2] >> 26;
t[4] = t[4].wrapping_add(t[3] >> 26); t[4] = t[4].wrapping_add(t[3] >> 26);
// mask out carries // mask out carries
t[0] &= 0x03ffffff; t[0] &= 0x03ffffff;
@@ -214,16 +214,16 @@ impl Poly1305 {
self.reduce_mod_p(); self.reduce_mod_p();
// convert from 5x26-bit to 4x32-bit // convert from 5x26-bit to 4x32-bit
let a = [self.a[0] | self.a[1] << 26, let a = [self.a[0] | self.a[1] << 26,
self.a[1] >> 6 | self.a[2] << 20, self.a[1] >> 6 | self.a[2] << 20,
self.a[2] >> 12 | self.a[3] << 14, self.a[2] >> 12 | self.a[3] << 14,
self.a[3] >> 18 | self.a[4] << 8]; self.a[3] >> 18 | self.a[4] << 8];
// t = a + s // t = a + s
let mut t = [a[0] as u64 + self.s[0] as u64, let mut t = [a[0] as u64 + self.s[0] as u64,
a[1] as u64 + self.s[1] as u64, a[1] as u64 + self.s[1] as u64,
a[2] as u64 + self.s[2] as u64, a[2] as u64 + self.s[2] as u64,
a[3] as u64 + self.s[3] as u64]; a[3] as u64 + self.s[3] as u64];
// propagate carries // propagate carries
t[1] += t[0] >> 32; t[1] += t[0] >> 32;
@@ -232,9 +232,9 @@ impl Poly1305 {
// mask out carries // mask out carries
[(t[0] as u32).to_le(), [(t[0] as u32).to_le(),
(t[1] as u32).to_le(), (t[1] as u32).to_le(),
(t[2] as u32).to_le(), (t[2] as u32).to_le(),
(t[3] as u32).to_le()] (t[3] as u32).to_le()]
} }
} }
@@ -259,15 +259,15 @@ pub fn selftest() {
use crate::as_bytes::AsBytes; use crate::as_bytes::AsBytes;
let key = [0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, let key = [0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b]; 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b];
let msg = b"Cryptographic Forum Research Group"; let msg = b"Cryptographic Forum Research Group";
let expected = [0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, let expected = [0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9]; 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&msg[ 0..16]); state.block(&msg[0..16]);
state.block(&msg[16..32]); state.block(&msg[16..32]);
let tag = state.last_block(&msg[32..]); let tag = state.last_block(&msg[32..]);
@@ -276,7 +276,7 @@ pub fn selftest() {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use as_bytes::AsBytes; use crate::as_bytes::AsBytes;
use super::Poly1305; use super::Poly1305;
#[test] #[test]
@@ -305,9 +305,9 @@ mod tests {
#[test] #[test]
fn test_vector_2() { fn test_vector_2() {
let key = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x36, 0xe5, 0xf6, 0xb5, 0xc5, 0xe0, 0x60, 0x70, 0x36, 0xe5, 0xf6, 0xb5, 0xc5, 0xe0, 0x60, 0x70,
0xf0, 0xef, 0xca, 0x96, 0x22, 0x7a, 0x86, 0x3e]; 0xf0, 0xef, 0xca, 0x96, 0x22, 0x7a, 0x86, 0x3e];
let mut msg = TEXT; let mut msg = TEXT;
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
@@ -319,15 +319,15 @@ mod tests {
assert_eq!(tag.as_bytes(), assert_eq!(tag.as_bytes(),
&[0x36, 0xe5, 0xf6, 0xb5, 0xc5, 0xe0, 0x60, 0x70, &[0x36, 0xe5, 0xf6, 0xb5, 0xc5, 0xe0, 0x60, 0x70,
0xf0, 0xef, 0xca, 0x96, 0x22, 0x7a, 0x86, 0x3e]); 0xf0, 0xef, 0xca, 0x96, 0x22, 0x7a, 0x86, 0x3e]);
} }
#[test] #[test]
fn test_vector_3() { fn test_vector_3() {
let key = [0x36, 0xe5, 0xf6, 0xb5, 0xc5, 0xe0, 0x60, 0x70, let key = [0x36, 0xe5, 0xf6, 0xb5, 0xc5, 0xe0, 0x60, 0x70,
0xf0, 0xef, 0xca, 0x96, 0x22, 0x7a, 0x86, 0x3e, 0xf0, 0xef, 0xca, 0x96, 0x22, 0x7a, 0x86, 0x3e,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut msg = TEXT; let mut msg = TEXT;
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
@@ -339,15 +339,15 @@ mod tests {
assert_eq!(tag.as_bytes(), assert_eq!(tag.as_bytes(),
&[0xf3, 0x47, 0x7e, 0x7c, 0xd9, 0x54, 0x17, 0xaf, &[0xf3, 0x47, 0x7e, 0x7c, 0xd9, 0x54, 0x17, 0xaf,
0x89, 0xa6, 0xb8, 0x79, 0x4c, 0x31, 0x0c, 0xf0]); 0x89, 0xa6, 0xb8, 0x79, 0x4c, 0x31, 0x0c, 0xf0]);
} }
#[test] #[test]
fn test_vector_4() { fn test_vector_4() {
let key = [0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, let key = [0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0]; 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0];
let mut msg: &[u8] = b"\ let mut msg: &[u8] = b"\
'Twas brillig, and the slithy toves\nDid gyre and gimble in the w\ 'Twas brillig, and the slithy toves\nDid gyre and gimble in the w\
abe:\nAll mimsy were the borogoves,\nAnd the mome raths outgrabe."; abe:\nAll mimsy were the borogoves,\nAnd the mome raths outgrabe.";
@@ -361,70 +361,70 @@ mod tests {
assert_eq!(tag.as_bytes(), assert_eq!(tag.as_bytes(),
&[0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61, &[0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61,
0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62]); 0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62]);
} }
#[test] #[test]
fn test_vector_5() { fn test_vector_5() {
let key = [0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0xff; 16]); state.block(&[0xff; 16]);
assert_eq!(state.tag().as_bytes(), assert_eq!(state.tag().as_bytes(),
&[0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, &[0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
} }
#[test] #[test]
fn test_vector_6() { fn test_vector_6() {
let key = [0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]; 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, state.block(&[0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
assert_eq!(state.tag().as_bytes(), assert_eq!(state.tag().as_bytes(),
&[0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, &[0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
} }
#[test] #[test]
fn test_vector_7() { fn test_vector_7() {
let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0xff; 16]); state.block(&[0xff; 16]);
state.block(&[0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, state.block(&[0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]); 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
state.block(&[0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, state.block(&[0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
assert_eq!(state.tag().as_bytes(), assert_eq!(state.tag().as_bytes(),
&[0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, &[0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
} }
#[test] #[test]
fn test_vector_8() { fn test_vector_8() {
let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0xff; 16]); state.block(&[0xff; 16]);
state.block(&[0xfb, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, state.block(&[0xfb, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe]); 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe]);
state.block(&[0x01; 16]); state.block(&[0x01; 16]);
assert_eq!(state.tag().as_bytes(), &[0; 16]); assert_eq!(state.tag().as_bytes(), &[0; 16]);
@@ -433,57 +433,57 @@ mod tests {
#[test] #[test]
fn test_vector_9() { fn test_vector_9() {
let key = [0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, state.block(&[0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]); 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
assert_eq!(state.tag().as_bytes(), assert_eq!(state.tag().as_bytes(),
&[0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, &[0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]); 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff]);
} }
#[test] #[test]
fn test_vector_10() { fn test_vector_10() {
let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, state.block(&[0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
state.block(&[0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd, state.block(&[0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
state.block(&[0; 16]); state.block(&[0; 16]);
state.block(&[0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, state.block(&[0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
assert_eq!(state.tag().as_bytes(), assert_eq!(state.tag().as_bytes(),
&[0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, &[0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
} }
#[test] #[test]
fn test_vector_11() { fn test_vector_11() {
let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, let key = [0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
let mut state = Poly1305::new(&key); let mut state = Poly1305::new(&key);
state.block(&[0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, state.block(&[0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
state.block(&[0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd, state.block(&[0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
state.block(&[0; 16]); state.block(&[0; 16]);
assert_eq!(state.tag().as_bytes(), assert_eq!(state.tag().as_bytes(),
&[0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, &[0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
} }
} }

9
src/simd.rs
View File

@@ -23,9 +23,12 @@ pub trait Vector4<T>: Copy {
fn shuffle_left_2(self) -> Self; fn shuffle_left_2(self) -> Self;
fn shuffle_left_3(self) -> Self; fn shuffle_left_3(self) -> Self;
#[inline(always)] fn shuffle_right_1(self) -> Self { self.shuffle_left_3() } #[inline(always)]
#[inline(always)] fn shuffle_right_2(self) -> Self { self.shuffle_left_2() } fn shuffle_right_1(self) -> Self { self.shuffle_left_3() }
#[inline(always)] fn shuffle_right_3(self) -> Self { self.shuffle_left_1() } #[inline(always)]
fn shuffle_right_2(self) -> Self { self.shuffle_left_2() }
#[inline(always)]
fn shuffle_right_3(self) -> Self { self.shuffle_left_1() }
} }
macro_rules! impl_vector4 { macro_rules! impl_vector4 {

3
src/simdop.rs
View File

@@ -6,7 +6,8 @@
// copied, modified, or distributed except according to those terms. // copied, modified, or distributed except according to those terms.
use crate::simdty::u32x4; use crate::simdty::u32x4;
#[cfg(feature = "simd")] use crate::simdint; #[cfg(feature = "simd")]
use crate::simdint;
use std::ops::{Add, BitXor, Shl, Shr}; use std::ops::{Add, BitXor, Shl, Shr};

2
src/simdty.rs
View File

@@ -55,5 +55,7 @@ impl<T> Simd4<T> {
} }
unsafe impl<T: Safe> Safe for Simd4<T> {} unsafe impl<T: Safe> Safe for Simd4<T> {}
unsafe impl<T: Safe> Safe for Simd8<T> {} unsafe impl<T: Safe> Safe for Simd8<T> {}
unsafe impl<T: Safe> Safe for Simd16<T> {} unsafe impl<T: Safe> Safe for Simd16<T> {}