hare

[hare] The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE

ni_test+x86_64.ha (9797B)

      1 // SPDX-License-Identifier: MPL-2.0
      2 // (c) Hare authors <https://harelang.org>
      3 
      4 use bytes;
      5 use crypto::cipher;
      6 use test;
      7 
      8 const zero_rk: [EXPKEYLEN256]u8 = [0...];
      9 
     10 @test fn ni_enabled() void = {
     11 	assert((hwsup && rtvtable == &x86ni_vtable && initfuncptr == &x86ni_init)
     12 		|| !x86ni_available());
     13 };
     14 
     15 // taken from fips-197.pdf Section A.1
     16 @test fn ni_enc_key_expand_128() void = {
     17 	if (!x86ni_available()) {
     18 		test::skip("Native x86 AES interface isn't available");
     19 	};
     20 
     21 	const key: [16]u8 = [
     22 		0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
     23 		0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
     24 	];
     25 
     26 	const expected_rounds: [_]u8 = [
     27 		0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
     28 		0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
     29 		0xa0, 0xfa, 0xfe, 0x17, 0x88, 0x54, 0x2c, 0xb1,
     30 		0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05,
     31 		0xf2, 0xc2, 0x95, 0xf2, 0x7a, 0x96, 0xb9, 0x43,
     32 		0x59, 0x35, 0x80, 0x7a, 0x73, 0x59, 0xf6, 0x7f,
     33 		0x3d, 0x80, 0x47, 0x7d, 0x47, 0x16, 0xfe, 0x3e,
     34 		0x1e, 0x23, 0x7e, 0x44, 0x6d, 0x7a, 0x88, 0x3b,
     35 		0xef, 0x44, 0xa5, 0x41, 0xa8, 0x52, 0x5b, 0x7f,
     36 		0xb6, 0x71, 0x25, 0x3b, 0xdb, 0x0b, 0xad, 0x00,
     37 		0xd4, 0xd1, 0xc6, 0xf8, 0x7c, 0x83, 0x9d, 0x87,
     38 		0xca, 0xf2, 0xb8, 0xbc, 0x11, 0xf9, 0x15, 0xbc,
     39 		0x6d, 0x88, 0xa3, 0x7a, 0x11, 0x0b, 0x3e, 0xfd,
     40 		0xdb, 0xf9, 0x86, 0x41, 0xca, 0x00, 0x93, 0xfd,
     41 		0x4e, 0x54, 0xf7, 0x0e, 0x5f, 0x5f, 0xc9, 0xf3,
     42 		0x84, 0xa6, 0x4f, 0xb2, 0x4e, 0xa6, 0xdc, 0x4f,
     43 		0xea, 0xd2, 0x73, 0x21, 0xb5, 0x8d, 0xba, 0xd2,
     44 		0x31, 0x2b, 0xf5, 0x60, 0x7f, 0x8d, 0x29, 0x2f,
     45 		0xac, 0x77, 0x66, 0xf3, 0x19, 0xfa, 0xdc, 0x21,
     46 		0x28, 0xd1, 0x29, 0x41, 0x57, 0x5c, 0x00, 0x6e,
     47 		0xd0, 0x14, 0xf9, 0xa8, 0xc9, 0xee, 0x25, 0x89,
     48 		0xe1, 0x3f, 0x0c, 0xc8, 0xb6, 0x63, 0x0c, 0xa6,
     49 	];
     50 
     51 	let block = x86ni();
     52 	x86ni_init(&block, key[..]);
     53 
     54 	assert(block.rounds == 10);
     55 	assert(bytes::equal(expected_rounds[..], block.expkey[..EXPKEYLEN128]));
     56 
     57 	cipher::finish(&block);
     58 	assert(bytes::equal(zero_rk[..], block.expkey[..EXPKEYLEN256]));
     59 };
     60 
     61 // taken from fips-197.pdf Section A.2
     62 @test fn ni_enc_key_expand_192() void = {
     63 	if (!x86ni_available()) {
     64 		test::skip("Native x86 AES interface isn't available");
     65 	};
     66 
     67 	const key: [24]u8 = [
     68 		0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
     69 		0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
     70 		0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
     71 	];
     72 
     73 	const expected_rounds: [_]u8 = [
     74 		0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
     75 		0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
     76 		0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
     77 		0xfe, 0x0c, 0x91, 0xf7, 0x24, 0x02, 0xf5, 0xa5,
     78 		0xec, 0x12, 0x06, 0x8e, 0x6c, 0x82, 0x7f, 0x6b,
     79 		0x0e, 0x7a, 0x95, 0xb9, 0x5c, 0x56, 0xfe, 0xc2,
     80 		0x4d, 0xb7, 0xb4, 0xbd, 0x69, 0xb5, 0x41, 0x18,
     81 		0x85, 0xa7, 0x47, 0x96, 0xe9, 0x25, 0x38, 0xfd,
     82 		0xe7, 0x5f, 0xad, 0x44, 0xbb, 0x09, 0x53, 0x86,
     83 		0x48, 0x5a, 0xf0, 0x57, 0x21, 0xef, 0xb1, 0x4f,
     84 		0xa4, 0x48, 0xf6, 0xd9, 0x4d, 0x6d, 0xce, 0x24,
     85 		0xaa, 0x32, 0x63, 0x60, 0x11, 0x3b, 0x30, 0xe6,
     86 		0xa2, 0x5e, 0x7e, 0xd5, 0x83, 0xb1, 0xcf, 0x9a,
     87 		0x27, 0xf9, 0x39, 0x43, 0x6a, 0x94, 0xf7, 0x67,
     88 		0xc0, 0xa6, 0x94, 0x07, 0xd1, 0x9d, 0xa4, 0xe1,
     89 		0xec, 0x17, 0x86, 0xeb, 0x6f, 0xa6, 0x49, 0x71,
     90 		0x48, 0x5f, 0x70, 0x32, 0x22, 0xcb, 0x87, 0x55,
     91 		0xe2, 0x6d, 0x13, 0x52, 0x33, 0xf0, 0xb7, 0xb3,
     92 		0x40, 0xbe, 0xeb, 0x28, 0x2f, 0x18, 0xa2, 0x59,
     93 		0x67, 0x47, 0xd2, 0x6b, 0x45, 0x8c, 0x55, 0x3e,
     94 		0xa7, 0xe1, 0x46, 0x6c, 0x94, 0x11, 0xf1, 0xdf,
     95 		0x82, 0x1f, 0x75, 0x0a, 0xad, 0x07, 0xd7, 0x53,
     96 		0xca, 0x40, 0x05, 0x38, 0x8f, 0xcc, 0x50, 0x06,
     97 		0x28, 0x2d, 0x16, 0x6a, 0xbc, 0x3c, 0xe7, 0xb5,
     98 		0xe9, 0x8b, 0xa0, 0x6f, 0x44, 0x8c, 0x77, 0x3c,
     99 		0x8e, 0xcc, 0x72, 0x04, 0x01, 0x00, 0x22, 0x02,
    100 	];
    101 
    102 	let block = x86ni();
    103 	x86ni_init(&block, key[..]);
    104 
    105 	assert(block.rounds == 12);
    106 	assert(bytes::equal(expected_rounds[..], block.expkey[..EXPKEYLEN192]));
    107 };
    108 
    109 
    110 // taken from fips-197.pdf Section A.3
    111 @test fn ni_enc_key_expand_256() void = {
    112 	if (!x86ni_available()) {
    113 		test::skip("Native x86 AES interface isn't available");
    114 	};
    115 
    116 	const key: [32]u8 = [
    117 		0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
    118 		0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
    119 		0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
    120 		0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
    121 	];
    122 
    123 	const expected_rounds: [_]u8 = [
    124 		0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
    125 		0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
    126 		0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
    127 		0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
    128 		0x9b, 0xa3, 0x54, 0x11, 0x8e, 0x69, 0x25, 0xaf,
    129 		0xa5, 0x1a, 0x8b, 0x5f, 0x20, 0x67, 0xfc, 0xde,
    130 		0xa8, 0xb0, 0x9c, 0x1a, 0x93, 0xd1, 0x94, 0xcd,
    131 		0xbe, 0x49, 0x84, 0x6e, 0xb7, 0x5d, 0x5b, 0x9a,
    132 		0xd5, 0x9a, 0xec, 0xb8, 0x5b, 0xf3, 0xc9, 0x17,
    133 		0xfe, 0xe9, 0x42, 0x48, 0xde, 0x8e, 0xbe, 0x96,
    134 		0xb5, 0xa9, 0x32, 0x8a, 0x26, 0x78, 0xa6, 0x47,
    135 		0x98, 0x31, 0x22, 0x29, 0x2f, 0x6c, 0x79, 0xb3,
    136 		0x81, 0x2c, 0x81, 0xad, 0xda, 0xdf, 0x48, 0xba,
    137 		0x24, 0x36, 0x0a, 0xf2, 0xfa, 0xb8, 0xb4, 0x64,
    138 		0x98, 0xc5, 0xbf, 0xc9, 0xbe, 0xbd, 0x19, 0x8e,
    139 		0x26, 0x8c, 0x3b, 0xa7, 0x09, 0xe0, 0x42, 0x14,
    140 		0x68, 0x00, 0x7b, 0xac, 0xb2, 0xdf, 0x33, 0x16,
    141 		0x96, 0xe9, 0x39, 0xe4, 0x6c, 0x51, 0x8d, 0x80,
    142 		0xc8, 0x14, 0xe2, 0x04, 0x76, 0xa9, 0xfb, 0x8a,
    143 		0x50, 0x25, 0xc0, 0x2d, 0x59, 0xc5, 0x82, 0x39,
    144 		0xde, 0x13, 0x69, 0x67, 0x6c, 0xcc, 0x5a, 0x71,
    145 		0xfa, 0x25, 0x63, 0x95, 0x96, 0x74, 0xee, 0x15,
    146 		0x58, 0x86, 0xca, 0x5d, 0x2e, 0x2f, 0x31, 0xd7,
    147 		0x7e, 0x0a, 0xf1, 0xfa, 0x27, 0xcf, 0x73, 0xc3,
    148 		0x74, 0x9c, 0x47, 0xab, 0x18, 0x50, 0x1d, 0xda,
    149 		0xe2, 0x75, 0x7e, 0x4f, 0x74, 0x01, 0x90, 0x5a,
    150 		0xca, 0xfa, 0xaa, 0xe3, 0xe4, 0xd5, 0x9b, 0x34,
    151 		0x9a, 0xdf, 0x6a, 0xce, 0xbd, 0x10, 0x19, 0x0d,
    152 		0xfe, 0x48, 0x90, 0xd1, 0xe6, 0x18, 0x8d, 0x0b,
    153 		0x04, 0x6d, 0xf3, 0x44, 0x70, 0x6c, 0x63, 0x1e,
    154 	];
    155 
    156 	let block = x86ni();
    157 	x86ni_init(&block, key[..]);
    158 
    159 	assert(block.rounds == 14);
    160 	assert(bytes::equal(expected_rounds[..], block.expkey[..EXPKEYLEN256]));
    161 };
    162 
    163 @test fn ni_test_encrypt_128() void = {
    164 	if (!x86ni_available()) {
    165 		test::skip("Native x86 AES interface isn't available");
    166 	};
    167 
    168 	let key: [_]u8 = [
    169 		0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
    170 		0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
    171 	];
    172 
    173 	let plain: [16]u8 = [
    174 		0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d,
    175 		0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34,
    176 	];
    177 
    178 	const cipher: [16]u8 = [
    179 		0x39, 0x25, 0x84, 0x1d, 0x02, 0xdc, 0x09, 0xfb,
    180 		0xdc, 0x11, 0x85, 0x97, 0x19, 0x6a, 0x0b, 0x32,
    181 	];
    182 
    183 	let result: [16]u8 = [0...];
    184 	let b = x86ni();
    185 
    186 	x86ni_init(&b, key[..]);
    187 	cipher::encrypt(&b, result[..], plain);
    188 
    189 	assert(bytes::equal(cipher, result));
    190 };
    191 
    192 @test fn ni_test_decrypt_128() void = {
    193 	if (!x86ni_available()) {
    194 		test::skip("Native x86 AES interface isn't available");
    195 	};
    196 
    197 	const key: [_]u8 = [
    198 		0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
    199 		0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
    200 	];
    201 
    202 	const plain: [16]u8 = [
    203 		0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d,
    204 		0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34,
    205 	];
    206 
    207 	const cipher: [16]u8 = [
    208 		0x39, 0x25, 0x84, 0x1d, 0x02, 0xdc, 0x09, 0xfb,
    209 		0xdc, 0x11, 0x85, 0x97, 0x19, 0x6a, 0x0b, 0x32,
    210 	];
    211 
    212 	let result: [16]u8 = [0...];
    213 	let b = x86ni();
    214 
    215 	x86ni_init(&b, key[..]);
    216 	cipher::decrypt(&b, result[..], cipher);
    217 	assert(bytes::equal(plain, result));
    218 };
    219 
    220 // fips-197.pdf Appendix C.1
    221 @test fn ni_test_example_vector1() void = {
    222 	if (!x86ni_available()) {
    223 		test::skip("Native x86 AES interface isn't available");
    224 	};
    225 
    226 	const key: []u8 = [
    227 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    228 		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    229 	];
    230 
    231 	const plain: []u8 = [
    232 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
    233 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
    234 	];
    235 
    236 	const cipher: []u8 = [
    237 		0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
    238 		0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
    239 	];
    240 
    241 	let result: [16]u8 = [0...];
    242 	let b = x86ni();
    243 
    244 	x86ni_init(&b, key[..]);
    245 
    246 	cipher::encrypt(&b, result[..], plain);
    247 	assert(bytes::equal(cipher, result));
    248 
    249 	cipher::decrypt(&b, result[..], cipher);
    250 	assert(bytes::equal(plain, result));
    251 };
    252 
    253 // fips-197.pdf Appendix C.2
    254 @test fn ni_test_example_vector2() void = {
    255 	if (!x86ni_available()) {
    256 		test::skip("Native x86 AES interface isn't available");
    257 	};
    258 
    259 	const key: []u8 = [
    260 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    261 		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    262 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
    263 	];
    264 
    265 	const plain: []u8 = [
    266 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
    267 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
    268 	];
    269 
    270 	const cipher: []u8 = [
    271 		0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
    272 		0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91,
    273 	];
    274 
    275 	let result: [16]u8 = [0...];
    276 	let b = x86ni();
    277 
    278 	x86ni_init(&b, key[..]);
    279 
    280 	cipher::encrypt(&b, result[..], plain);
    281 	assert(bytes::equal(cipher, result));
    282 
    283 	cipher::decrypt(&b, result[..], cipher);
    284 	assert(bytes::equal(plain, result));
    285 };
    286 
    287 // fips-197.pdf Appendix C.3
    288 @test fn ni_test_example_vector3() void = {
    289 	if (!x86ni_available()) {
    290 		test::skip("Native x86 AES interface isn't available");
    291 	};
    292 
    293 	const key: []u8 = [
    294 		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    295 		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    296 		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
    297 		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
    298 	];
    299 
    300 	const plain: []u8 = [
    301 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
    302 		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
    303 	];
    304 
    305 	const cipher: []u8 = [
    306 		0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
    307 		0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
    308 	];
    309 
    310 	let result: [16]u8 = [0...];
    311 	let b = x86ni();
    312 
    313 	x86ni_init(&b, key[..]);
    314 
    315 	cipher::encrypt(&b, result[..], plain);
    316 	assert(bytes::equal(cipher, result));
    317 
    318 	cipher::decrypt(&b, result[..], cipher);
    319 	assert(bytes::equal(plain, result));
    320 };