Gitly


1 module blake2s
2 
3 // from RFC-7693 Appendix B
4 const expected_m_results = [u32(0x00636261), 0x00000000, 0x00000000, 0x00000000, 0x00000000,
5     0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
6     0x00000000, 0x00000000, 0x00000000]
7 
8 // from RFC-7693 Appendix B
9 const expected_v_initial_results = [u32(0x6b08e647), 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f,
10     0x9b05688c, 0x1f83d9ab, 0x5be0cd19, 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527c,
11     0x9b05688c, 0xe07c2654, 0x5be0cd19]
12 
13 // from RFC-7693 Appendix B
14 const expected_v_results = [
15     [u32(0x16a3242e), 0xd7b5e238, 0xce8ce24b, 0x927aede1, 0xa7b430d9, 0x93a4a14e, 0xa44e7c31,
16         0x41d4759b, 0x95bf33d3, 0x9a99c181, 0x608a3a6b, 0xb666383e, 0x7a8dd50f, 0xbe378ed7,
17         0x353d1ee6, 0x3bb44c6b],
18     [u32(0x3ae30fe3), 0x0982a96b, 0xe88185b4, 0x3e339b16, 0xf24338cd, 0x0e66d326, 0xe005ed0c,
19         0xd591a277, 0x180b1f3a, 0xfcf43914, 0x30db62d6, 0x4847831c, 0x7f00c58e, 0xfb847886,
20         0xc544e836, 0x524ab0e2],
21     [u32(0x7a3be783), 0x997546c1, 0xd45246df, 0xedb5f821, 0x7f98a742, 0x10e864e2, 0xd4ab70d0,
22         0xc63cb1ab, 0x6038da9e, 0x414594b0, 0xf2c218b5, 0x8da0dcb7, 0xd7cd7af5, 0xab4909df,
23         0x85031a52, 0xc4edfc98],
24     [u32(0x2a8b8cb7), 0x1aca82b2, 0x14045d7f, 0xcc7258ed, 0x383cf67c, 0xe090e7f9, 0x3025d276,
25         0x57d04de4, 0x994bacf0, 0xf0982759, 0xf17ee300, 0xd48fc2d5, 0xdc854c10, 0x523898a9,
26         0xc03a0f89, 0x47d6cd88],
27     [u32(0xc4aa2ddb), 0x111343a3, 0xd54a700a, 0x574a00a9, 0x857d5a48, 0xb1e11989, 0x6f5c52df,
28         0xdd2c53a3, 0x678e5f8e, 0x9718d4e9, 0x622cb684, 0x92976076, 0x0e41a517, 0x359dc2be,
29         0x87a87ddd, 0x643f9cec],
30     [u32(0x3453921c), 0xd7595ee1, 0x592e776d, 0x3ed6a974, 0x4d997cb3, 0xde9212c3, 0x35adf5c9,
31         0x9916fd65, 0x96562e89, 0x4ead0792, 0xebfc2712, 0x2385f5b2, 0xf34600fb, 0xd7bc20fb,
32         0xeb452a7b, 0xece1aa40],
33     [u32(0xbe851b2d), 0xa85f6358, 0x81e6fc3b, 0x0bb28000, 0xfa55a33a, 0x87be1fad, 0x4119370f,
34         0x1e2261aa, 0xa1318fd3, 0xf4329816, 0x071783c2, 0x6e536a8d, 0x9a81a601, 0xe7ec80f1,
35         0xacc09948, 0xf849a584],
36     [u32(0x07e5b85a), 0x069cc164, 0xf9de3141, 0xa56f4680, 0x9e440ad2, 0x9ab659ea, 0x3c84b971,
37         0x21dbd9cf, 0x46699f8c, 0x765257ec, 0xaf1d998c, 0x75e4c3b6, 0x523878dc, 0x30715015,
38         0x397fee81, 0x4f1fa799],
39     [u32(0x435148c4), 0xa5aa2d11, 0x4b354173, 0xd543bc9e, 0xbda2591c, 0xbf1d2569, 0x4fcb3120,
40         0x707ada48, 0x565b3fde, 0x32c9c916, 0xeaf4a1ab, 0xb1018f28, 0x8078d978, 0x68ade4b5,
41         0x9778fda3, 0x2863b92e],
42     [u32(0xd9c994aa), 0xcfec3aa6, 0x700d0ab2, 0x2c38670e, 0xaf6a1f66, 0x1d023ef3, 0x1d9ec27d,
43         0x945357a5, 0x3e9ffebd, 0x969fe811, 0xef485e21, 0xa632797a, 0xdeef082e, 0xaf3d80e1,
44         0x4e86829b, 0x4deafd3a],
45 ]
46 
47 // from RFC-7693 Appendix B
48 const expected_h_results = [u32(0x8c5e8c50), 0xe2147c32, 0xa32ba7e1, 0x2f45eb4e, 0x208b4537,
49     0x293ad69e, 0x4c9b994d, 0x82596786]
50 
51 fn test_mixing_function_g() {
52     mut d := new256() or {
53         assert false, 'unable to create new 256 bit hash digest: ${err}'
54         return
55     }
56 
57     // set up the message blocks with the value 'abc'
58     // the firet block will have the 3 bytes of the text to hash
59     // and the rest of the first block and the other 15 blocks
60     // will be all zeros.  d.m[1..16] should already be zero.
61     d.m[0] = 0x00636261
62 
63     // indicate that we have 3 bytes in the message block
64     d.t += 3
65 
66     // indicate that the message block contains the end of the
67     // text being hashed.
68     f := true
69 
70     // initialize the working vector from the digest and IV values
71     mut v := [16]u32{}
72     for i in 0 .. 8 {
73         v[i] = d.h[i]
74         v[i + 8] = iv[i]
75     }
76 
77     // fold in the 64-bit message length
78     v[12] ^= u32(d.t & 0x00000000ffffffff)
79     v[13] ^= u32(d.t >> 32)
80 
81     // and flip the bits in v[14] because this is the end of the
82     // text being hashed.
83     if f {
84         v[14] = ~v[14]
85     }
86 
87     for i in 0 .. 16 {
88         assert v[i] == expected_v_initial_results[i], 'expeccted expected_v_initial_results[${i}] ${expected_v_initial_results[i]:08x} actual v[${i}] ${v[i]:08x}'
89     }
90 
91     for i in 0 .. 16 {
92         assert d.m[i] == expected_m_results[i], 'expeccted expected_m_results[${i}] ${expected_m_results[i]:08x} actual d.m[${i}] ${d.m[i]:08x}'
93     }
94 
95     for r in 0 .. expected_v_results.len {
96         d.mixing_round(mut v, sigma[r])
97 
98         for i in 0 .. 16 {
99             assert v[i] == expected_v_results[r][i], 'expeccted expected_v_results[${r}][${i}] ${expected_v_results[r][i]:08x} actual v[${i}] ${v[i]:08x}'
100         }
101     }
102 
103     d.h[0] = d.h[0] ^ v[0] ^ v[8]
104     d.h[1] = d.h[1] ^ v[1] ^ v[9]
105     d.h[2] = d.h[2] ^ v[2] ^ v[10]
106     d.h[3] = d.h[3] ^ v[3] ^ v[11]
107     d.h[4] = d.h[4] ^ v[4] ^ v[12]
108     d.h[5] = d.h[5] ^ v[5] ^ v[13]
109     d.h[6] = d.h[6] ^ v[6] ^ v[14]
110     d.h[7] = d.h[7] ^ v[7] ^ v[15]
111 
112     for i in 0 .. 8 {
113         assert d.h[i] == expected_h_results[i], 'expeccted expected_h_results[${i}] ${expected_h_results[i]:08x} actual d.h[${i}] ${d.h[i]:08x}'
114     }
115 }
116

1	module blake2s
2
3	// from RFC-7693 Appendix B
4	const expected_m_results = [u32(0x00636261), 0x00000000, 0x00000000, 0x00000000, 0x00000000,
5	0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
6	0x00000000, 0x00000000, 0x00000000]
7
8	// from RFC-7693 Appendix B
9	const expected_v_initial_results = [u32(0x6b08e647), 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f,
10	0x9b05688c, 0x1f83d9ab, 0x5be0cd19, 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527c,
11	0x9b05688c, 0xe07c2654, 0x5be0cd19]
12
13	// from RFC-7693 Appendix B
14	const expected_v_results = [
15	[u32(0x16a3242e), 0xd7b5e238, 0xce8ce24b, 0x927aede1, 0xa7b430d9, 0x93a4a14e, 0xa44e7c31,
16	0x41d4759b, 0x95bf33d3, 0x9a99c181, 0x608a3a6b, 0xb666383e, 0x7a8dd50f, 0xbe378ed7,
17	0x353d1ee6, 0x3bb44c6b],
18	[u32(0x3ae30fe3), 0x0982a96b, 0xe88185b4, 0x3e339b16, 0xf24338cd, 0x0e66d326, 0xe005ed0c,
19	0xd591a277, 0x180b1f3a, 0xfcf43914, 0x30db62d6, 0x4847831c, 0x7f00c58e, 0xfb847886,
20	0xc544e836, 0x524ab0e2],
21	[u32(0x7a3be783), 0x997546c1, 0xd45246df, 0xedb5f821, 0x7f98a742, 0x10e864e2, 0xd4ab70d0,
22	0xc63cb1ab, 0x6038da9e, 0x414594b0, 0xf2c218b5, 0x8da0dcb7, 0xd7cd7af5, 0xab4909df,
23	0x85031a52, 0xc4edfc98],
24	[u32(0x2a8b8cb7), 0x1aca82b2, 0x14045d7f, 0xcc7258ed, 0x383cf67c, 0xe090e7f9, 0x3025d276,
25	0x57d04de4, 0x994bacf0, 0xf0982759, 0xf17ee300, 0xd48fc2d5, 0xdc854c10, 0x523898a9,
26	0xc03a0f89, 0x47d6cd88],
27	[u32(0xc4aa2ddb), 0x111343a3, 0xd54a700a, 0x574a00a9, 0x857d5a48, 0xb1e11989, 0x6f5c52df,
28	0xdd2c53a3, 0x678e5f8e, 0x9718d4e9, 0x622cb684, 0x92976076, 0x0e41a517, 0x359dc2be,
29	0x87a87ddd, 0x643f9cec],
30	[u32(0x3453921c), 0xd7595ee1, 0x592e776d, 0x3ed6a974, 0x4d997cb3, 0xde9212c3, 0x35adf5c9,
31	0x9916fd65, 0x96562e89, 0x4ead0792, 0xebfc2712, 0x2385f5b2, 0xf34600fb, 0xd7bc20fb,
32	0xeb452a7b, 0xece1aa40],
33	[u32(0xbe851b2d), 0xa85f6358, 0x81e6fc3b, 0x0bb28000, 0xfa55a33a, 0x87be1fad, 0x4119370f,
34	0x1e2261aa, 0xa1318fd3, 0xf4329816, 0x071783c2, 0x6e536a8d, 0x9a81a601, 0xe7ec80f1,
35	0xacc09948, 0xf849a584],
36	[u32(0x07e5b85a), 0x069cc164, 0xf9de3141, 0xa56f4680, 0x9e440ad2, 0x9ab659ea, 0x3c84b971,
37	0x21dbd9cf, 0x46699f8c, 0x765257ec, 0xaf1d998c, 0x75e4c3b6, 0x523878dc, 0x30715015,
38	0x397fee81, 0x4f1fa799],
39	[u32(0x435148c4), 0xa5aa2d11, 0x4b354173, 0xd543bc9e, 0xbda2591c, 0xbf1d2569, 0x4fcb3120,
40	0x707ada48, 0x565b3fde, 0x32c9c916, 0xeaf4a1ab, 0xb1018f28, 0x8078d978, 0x68ade4b5,
41	0x9778fda3, 0x2863b92e],
42	[u32(0xd9c994aa), 0xcfec3aa6, 0x700d0ab2, 0x2c38670e, 0xaf6a1f66, 0x1d023ef3, 0x1d9ec27d,
43	0x945357a5, 0x3e9ffebd, 0x969fe811, 0xef485e21, 0xa632797a, 0xdeef082e, 0xaf3d80e1,
44	0x4e86829b, 0x4deafd3a],
45	]
46
47	// from RFC-7693 Appendix B
48	const expected_h_results = [u32(0x8c5e8c50), 0xe2147c32, 0xa32ba7e1, 0x2f45eb4e, 0x208b4537,
49	0x293ad69e, 0x4c9b994d, 0x82596786]
50
51	fn test_mixing_function_g() {
52	mut d := new256() or {
53	assert false, 'unable to create new 256 bit hash digest: ${err}'
54	return
55	}
56
57	// set up the message blocks with the value 'abc'
58	// the firet block will have the 3 bytes of the text to hash
59	// and the rest of the first block and the other 15 blocks
60	// will be all zeros. d.m[1..16] should already be zero.
61	d.m[0] = 0x00636261
62
63	// indicate that we have 3 bytes in the message block
64	d.t += 3
65
66	// indicate that the message block contains the end of the
67	// text being hashed.
68	f := true
69
70	// initialize the working vector from the digest and IV values
71	mut v := [16]u32{}
72	for i in 0 .. 8 {
73	v[i] = d.h[i]
74	v[i + 8] = iv[i]
75	}
76
77	// fold in the 64-bit message length
78	v[12] ^= u32(d.t & 0x00000000ffffffff)
79	v[13] ^= u32(d.t >> 32)
80
81	// and flip the bits in v[14] because this is the end of the
82	// text being hashed.
83	if f {
84	v[14] = ~v[14]
85	}
86
87	for i in 0 .. 16 {
88	assert v[i] == expected_v_initial_results[i], 'expeccted expected_v_initial_results[${i}] ${expected_v_initial_results[i]:08x} actual v[${i}] ${v[i]:08x}'
89	}
90
91	for i in 0 .. 16 {
92	assert d.m[i] == expected_m_results[i], 'expeccted expected_m_results[${i}] ${expected_m_results[i]:08x} actual d.m[${i}] ${d.m[i]:08x}'
93	}
94
95	for r in 0 .. expected_v_results.len {
96	d.mixing_round(mut v, sigma[r])
97
98	for i in 0 .. 16 {
99	assert v[i] == expected_v_results[r][i], 'expeccted expected_v_results[${r}][${i}] ${expected_v_results[r][i]:08x} actual v[${i}] ${v[i]:08x}'
100	}
101	}
102
103	d.h[0] = d.h[0] ^ v[0] ^ v[8]
104	d.h[1] = d.h[1] ^ v[1] ^ v[9]
105	d.h[2] = d.h[2] ^ v[2] ^ v[10]
106	d.h[3] = d.h[3] ^ v[3] ^ v[11]
107	d.h[4] = d.h[4] ^ v[4] ^ v[12]
108	d.h[5] = d.h[5] ^ v[5] ^ v[13]
109	d.h[6] = d.h[6] ^ v[6] ^ v[14]
110	d.h[7] = d.h[7] ^ v[7] ^ v[15]
111
112	for i in 0 .. 8 {
113	assert d.h[i] == expected_h_results[i], 'expeccted expected_h_results[${i}] ${expected_h_results[i]:08x} actual d.h[${i}] ${d.h[i]:08x}'
114	}
115	}
116