diff options
Diffstat (limited to 'v_windows/v/old/vlib/crypto/internal')
3 files changed, 147 insertions, 0 deletions
diff --git a/v_windows/v/old/vlib/crypto/internal/subtle/aliasing.v b/v_windows/v/old/vlib/crypto/internal/subtle/aliasing.v new file mode 100644 index 0000000..e09748e --- /dev/null +++ b/v_windows/v/old/vlib/crypto/internal/subtle/aliasing.v @@ -0,0 +1,29 @@ +// Copyright (c) 2019-2021 Alexander Medvednikov. All rights reserved. +// Use of this source code is governed by an MIT license +// that can be found in the LICENSE file. +// Package subtle implements functions that are often useful in cryptographic +// code but require careful thought to use correctly. +module subtle + +// NOTE: require unsafe in future +// any_overlap reports whether x and y share memory at any (not necessarily +// corresponding) index. The memory beyond the slice length is ignored. +pub fn any_overlap(x []byte, y []byte) bool { + // NOTE: Remember to come back to this (joe-c) + return x.len > 0 && y.len > 0 && // &x.data[0] <= &y.data[y.len-1] && + // &y.data[0] <= &x.data[x.len-1] + unsafe { &x[0] <= &y[y.len - 1] && &y[0] <= &x[x.len - 1] } +} + +// inexact_overlap reports whether x and y share memory at any non-corresponding +// index. The memory beyond the slice length is ignored. Note that x and y can +// have different lengths and still not have any inexact overlap. +// +// inexact_overlap can be used to implement the requirements of the crypto/cipher +// AEAD, Block, BlockMode and Stream interfaces. +pub fn inexact_overlap(x []byte, y []byte) bool { + if x.len == 0 || y.len == 0 || unsafe { &x[0] == &y[0] } { + return false + } + return any_overlap(x, y) +} diff --git a/v_windows/v/old/vlib/crypto/internal/subtle/comparison.v b/v_windows/v/old/vlib/crypto/internal/subtle/comparison.v new file mode 100644 index 0000000..e7dd162 --- /dev/null +++ b/v_windows/v/old/vlib/crypto/internal/subtle/comparison.v @@ -0,0 +1,53 @@ +module subtle + +// constant_time_byte_eq returns 1 when x == y. +pub fn constant_time_byte_eq(x byte, y byte) int { + return int((u32(x ^ y) - 1) >> 31) +} + +// constant_time_eq returns 1 when x == y. +pub fn constant_time_eq(x int, y int) int { + return int((u64(u32(x ^ y)) - 1) >> 63) +} + +// constant_time_select returns x when v == 1, and y when v == 0. +// it is undefined when v is any other value +pub fn constant_time_select(v int, x int, y int) int { + return (~(v - 1) & x) | ((v - 1) & y) +} + +// constant_time_compare returns 1 when x and y have equal contents. +// The runtime of this function is proportional of the length of x and y. +// It is *NOT* dependent on their content. +pub fn constant_time_compare(x []byte, y []byte) int { + if x.len != y.len { + return 0 + } + mut v := byte(0) + for i in 0 .. x.len { + v |= x[i] ^ y[i] + } + return constant_time_byte_eq(v, 0) +} + +// constant_time_copy copies the contents of y into x, when v == 1. +// When v == 0, x is left unchanged. this function is undefined, when +// v takes any other value +pub fn constant_time_copy(v int, mut x []byte, y []byte) { + if x.len != y.len { + panic('subtle: arrays have different lengths') + } + xmask := byte(v - 1) + ymask := byte(~(v - 1)) + for i := 0; i < x.len; i++ { + x[i] = x[i] & xmask | y[i] & ymask + } +} + +// constant_time_less_or_eq returns 1 if x <= y, and 0 otherwise. +// it is undefined when x or y are negative, or > (2^32 - 1) +pub fn constant_time_less_or_eq(x int, y int) int { + x32 := int(x) + y32 := int(y) + return int(((x32 - y32 - 1) >> 31) & 1) +} diff --git a/v_windows/v/old/vlib/crypto/internal/subtle/comparison_test.v b/v_windows/v/old/vlib/crypto/internal/subtle/comparison_test.v new file mode 100644 index 0000000..b339746 --- /dev/null +++ b/v_windows/v/old/vlib/crypto/internal/subtle/comparison_test.v @@ -0,0 +1,65 @@ +module subtle + +fn test_constant_time_byte_eq() { + assert constant_time_byte_eq(0, 0) == 1 + assert constant_time_byte_eq(1, 1) == 1 + assert constant_time_byte_eq(255, 255) == 1 + assert constant_time_byte_eq(255, 1) == 0 + assert constant_time_byte_eq(1, 255) == 0 + assert constant_time_byte_eq(2, 1) == 0 +} + +fn test_constant_time_eq() { + assert constant_time_eq(0, 0) == 1 + assert constant_time_eq(255, 255) == 1 + assert constant_time_eq(65536, 65536) == 1 + assert constant_time_eq(-1, -1) == 1 + assert constant_time_eq(-256, -256) == 1 + assert constant_time_eq(0, 1) == 0 +} + +fn test_constant_time_select() { + assert constant_time_select(1, 1, 0) == 1 + assert constant_time_select(1, 1, 255) == 1 + assert constant_time_select(1, 1, 255 * 255) == 1 + assert constant_time_select(1, 2, 0) == 2 + assert constant_time_select(1, 2, 255) == 2 + assert constant_time_select(1, 2, 255 * 255) == 2 + // + assert constant_time_select(0, 1, 0) == 0 + assert constant_time_select(0, 1, 255) == 255 + assert constant_time_select(0, 1, 255 * 255) == 255 * 255 + assert constant_time_select(0, 2, 0) == 0 + assert constant_time_select(0, 2, 255) == 255 + assert constant_time_select(0, 2, 255 * 255) == 255 * 255 +} + +fn test_constant_time_compare() { + assert constant_time_compare([byte(1), 2, 3], [byte(1), 2, 3]) == 1 + assert constant_time_compare([byte(1), 2, 3], [byte(1), 2, 9]) == 0 + assert constant_time_compare([byte(1), 2, 3], [byte(1), 2, 3, 4]) == 0 + assert constant_time_compare([byte(1), 2, 3], [byte(1), 2]) == 0 +} + +fn test_constant_time_copy() { + y := [byte(3), 4, 5] + mut x := [byte(0), 0, 0] + constant_time_copy(0, mut x, y) + assert x == [byte(0), 0, 0] + constant_time_copy(1, mut x, y) + assert x == y + assert x == [byte(3), 4, 5] +} + +fn test_constant_time_less_or_eq() { + assert constant_time_less_or_eq(1, 1) == 1 + assert constant_time_less_or_eq(1, 2) == 1 + assert constant_time_less_or_eq(1, 3) == 1 + assert constant_time_less_or_eq(255, 255) == 1 + assert constant_time_less_or_eq(255, 256) == 1 + assert constant_time_less_or_eq(255, 257) == 1 + assert constant_time_less_or_eq(1, 0) == 0 + assert constant_time_less_or_eq(2, 1) == 0 + assert constant_time_less_or_eq(3, 2) == 0 + assert constant_time_less_or_eq(255, 3) == 0 +} |