From 2759b8051464e0ab09f20a6608555ff76c6e02a1 Mon Sep 17 00:00:00 2001 From: Delyan Angelov Date: Wed, 11 Nov 2020 18:16:45 +0200 Subject: [PATCH] vfmt: remove aes.v and block_generic.v from known_failing_exceptions in `v test-fmt` --- cmd/tools/vtest-fmt.v | 2 - vlib/crypto/aes/aes.v | 19 ++-- vlib/crypto/aes/block_generic.v | 153 +++++++++++++++----------------- 3 files changed, 84 insertions(+), 90 deletions(-) diff --git a/cmd/tools/vtest-fmt.v b/cmd/tools/vtest-fmt.v index 55e3ec39ba..86b44587f8 100644 --- a/cmd/tools/vtest-fmt.v +++ b/cmd/tools/vtest-fmt.v @@ -7,8 +7,6 @@ import v.util // os.v - // embeded comments, mib := [1/* CTL_KERN */, 14/* KERN_PROC */, 12/* KERN_PROC_PATHNAME */, -1] => comment the rest of the line const ( known_failing_exceptions = [ - 'vlib/crypto/aes/aes.v', // pub fn (c &AesCipher) encrypt(mut dst, mut src []byte) { - 'vlib/crypto/aes/block_generic.v', // fn expand_key_generic(key []byte, mut enc, mut dec []u32) { 'vlib/crypto/aes/const.v', // multiple narrow columns of []string turned to 1 long single column, otherwise works 'vlib/crypto/rc4/rc4.v', // pub fn (mut c Cipher) xor_key_stream(mut dst, mut src []byte) { 'vlib/vweb/vweb.v', // $for method in T.methods { => $for method in T(methods) { , `return // xx` => parse expr error diff --git a/vlib/crypto/aes/aes.v b/vlib/crypto/aes/aes.v index 8f21a96541..53f32ddee9 100644 --- a/vlib/crypto/aes/aes.v +++ b/vlib/crypto/aes/aes.v @@ -1,10 +1,8 @@ // Copyright (c) 2019-2020 Alexander Medvednikov. All rights reserved. // Use of this source code is governed by an MIT license // that can be found in the LICENSE file. - // Based off: https://github.com/golang/go/blob/master/src/crypto/aes // Last commit: https://github.com/golang/go/commit/691a2d457ab1bf03bd46d4b69e0f93b8993c0055 - module aes import crypto.internal.subtle @@ -28,18 +26,21 @@ mut: pub fn new_cipher(key []byte) AesCipher { k := key.len match k { - 16, 24, 32 { - // break - } else { - panic('crypto.aes: invalid key size ' + k.str()) - // return error('crypto.aes: invalid key size ' + k.str()) - } + 16, 24, 32 { + // break + } + else { + panic('crypto.aes: invalid key size ' + k.str()) + // return error('crypto.aes: invalid key size ' + k.str()) + } } // for now use generic version return new_cipher_generic(key) } -pub fn (c &AesCipher) block_size() int { return block_size } +pub fn (c &AesCipher) block_size() int { + return block_size +} pub fn (c &AesCipher) encrypt(mut dst []byte, mut src []byte) { if src.len < block_size { diff --git a/vlib/crypto/aes/block_generic.v b/vlib/crypto/aes/block_generic.v index 46a3b74544..e07f782df5 100644 --- a/vlib/crypto/aes/block_generic.v +++ b/vlib/crypto/aes/block_generic.v @@ -1,40 +1,38 @@ // Copyright (c) 2019-2020 Alexander Medvednikov. All rights reserved. // Use of this source code is governed by an MIT license // that can be found in the LICENSE file. - // This implementation is derived from the golang implementation // which itself is derived in part from the reference // ANSI C implementation, which carries the following notice: // -// rijndael-alg-fst.c +// rijndael-alg-fst.c // -// @version 3.0 (December 2000) +// @version 3.0 (December 2000) // -// Optimised ANSI C code for the Rijndael cipher (now AES) +// Optimised ANSI C code for the Rijndael cipher (now AES) // -// @author Vincent Rijmen -// @author Antoon Bosselaers -// @author Paulo Barreto +// @author Vincent Rijmen +// @author Antoon Bosselaers +// @author Paulo Barreto // -// This code is hereby placed in the public domain. +// This code is hereby placed in the public domain. // -// THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS -// OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE -// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -// BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -// OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS +// OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +// BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +// OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // // See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission // for implementation details. -// https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf -// https://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf - +// https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf +// https://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf module aes import encoding.binary @@ -46,44 +44,43 @@ fn encrypt_block_generic(xk []u32, mut dst []byte, src []byte) { mut s1 := binary.big_endian_u32(src.slice(4, 8)) mut s2 := binary.big_endian_u32(src.slice(8, 12)) mut s3 := binary.big_endian_u32(src.slice(12, 16)) - // First round just XORs input with key. s0 ^= xk[0] s1 ^= xk[1] s2 ^= xk[2] s3 ^= xk[3] - // Middle rounds shuffle using tables. // Number of rounds is set by length of expanded key. - nr := xk.len/4 - 2 // - 2: one above, one more below + nr := xk.len / 4 - 2 // - 2: one above, one more below mut k := 4 mut t0 := u32(0) mut t1 := u32(0) mut t2 := u32(0) mut t3 := u32(0) - for _ in 0..nr { - t0 = xk[k+0] ^ te0[byte(s0>>24)] ^ te1[byte(s1>>16)] ^ te2[byte(s2>>8)] ^ u32(te3[byte(s3)]) - t1 = xk[k+1] ^ te0[byte(s1>>24)] ^ te1[byte(s2>>16)] ^ te2[byte(s3>>8)] ^ u32(te3[byte(s0)]) - t2 = xk[k+2] ^ te0[byte(s2>>24)] ^ te1[byte(s3>>16)] ^ te2[byte(s0>>8)] ^ u32(te3[byte(s1)]) - t3 = xk[k+3] ^ te0[byte(s3>>24)] ^ te1[byte(s0>>16)] ^ te2[byte(s1>>8)] ^ u32(te3[byte(s2)]) + for _ in 0 .. nr { + t0 = xk[k + 0] ^ te0[byte(s0 >> 24)] ^ te1[byte(s1 >> 16)] ^ te2[byte(s2 >> 8)] ^ u32(te3[byte(s3)]) + t1 = xk[k + 1] ^ te0[byte(s1 >> 24)] ^ te1[byte(s2 >> 16)] ^ te2[byte(s3 >> 8)] ^ u32(te3[byte(s0)]) + t2 = xk[k + 2] ^ te0[byte(s2 >> 24)] ^ te1[byte(s3 >> 16)] ^ te2[byte(s0 >> 8)] ^ u32(te3[byte(s1)]) + t3 = xk[k + 3] ^ te0[byte(s3 >> 24)] ^ te1[byte(s0 >> 16)] ^ te2[byte(s1 >> 8)] ^ u32(te3[byte(s2)]) k += 4 s0 = t0 s1 = t1 s2 = t2 s3 = t3 } - // Last round uses s-box directly and XORs to produce output. - s0 = s_box0[t0>>24]<<24 | s_box0[t1>>16&0xff]<<16 | u32(s_box0[t2>>8&0xff]<<8) | s_box0[t3&u32(0xff)] - s1 = s_box0[t1>>24]<<24 | s_box0[t2>>16&0xff]<<16 | u32(s_box0[t3>>8&0xff]<<8) | s_box0[t0&u32(0xff)] - s2 = s_box0[t2>>24]<<24 | s_box0[t3>>16&0xff]<<16 | u32(s_box0[t0>>8&0xff]<<8) | s_box0[t1&u32(0xff)] - s3 = s_box0[t3>>24]<<24 | s_box0[t0>>16&0xff]<<16 | u32(s_box0[t1>>8&0xff]<<8) | s_box0[t2&u32(0xff)] - - s0 ^= xk[k+0] - s1 ^= xk[k+1] - s2 ^= xk[k+2] - s3 ^= xk[k+3] - + s0 = s_box0[t0 >> 24] << 24 | + s_box0[t1 >> 16 & 0xff] << 16 | u32(s_box0[t2 >> 8 & 0xff] << 8) | s_box0[t3 & u32(0xff)] + s1 = s_box0[t1 >> 24] << 24 | + s_box0[t2 >> 16 & 0xff] << 16 | u32(s_box0[t3 >> 8 & 0xff] << 8) | s_box0[t0 & u32(0xff)] + s2 = s_box0[t2 >> 24] << 24 | + s_box0[t3 >> 16 & 0xff] << 16 | u32(s_box0[t0 >> 8 & 0xff] << 8) | s_box0[t1 & u32(0xff)] + s3 = s_box0[t3 >> 24] << 24 | + s_box0[t0 >> 16 & 0xff] << 16 | u32(s_box0[t1 >> 8 & 0xff] << 8) | s_box0[t2 & u32(0xff)] + s0 ^= xk[k + 0] + s1 ^= xk[k + 1] + s2 ^= xk[k + 2] + s3 ^= xk[k + 3] _ := dst[15] // early bounds check binary.big_endian_put_u32(mut (*dst)[0..4], s0) binary.big_endian_put_u32(mut (*dst).slice(4, 8), s1) @@ -98,44 +95,43 @@ fn decrypt_block_generic(xk []u32, mut dst []byte, src []byte) { mut s1 := binary.big_endian_u32(src.slice(4, 8)) mut s2 := binary.big_endian_u32(src.slice(8, 12)) mut s3 := binary.big_endian_u32(src.slice(12, 16)) - // First round just XORs input with key. s0 ^= xk[0] s1 ^= xk[1] s2 ^= xk[2] s3 ^= xk[3] - // Middle rounds shuffle using tables. // Number of rounds is set by length of expanded key. - nr := xk.len/4 - 2 // - 2: one above, one more below + nr := xk.len / 4 - 2 // - 2: one above, one more below mut k := 4 mut t0 := u32(0) mut t1 := u32(0) mut t2 := u32(0) mut t3 := u32(0) - for _ in 0..nr { - t0 = xk[k+0] ^ td0[byte(s0>>24)] ^ td1[byte(s3>>16)] ^ td2[byte(s2>>8)] ^ u32(td3[byte(s1)]) - t1 = xk[k+1] ^ td0[byte(s1>>24)] ^ td1[byte(s0>>16)] ^ td2[byte(s3>>8)] ^ u32(td3[byte(s2)]) - t2 = xk[k+2] ^ td0[byte(s2>>24)] ^ td1[byte(s1>>16)] ^ td2[byte(s0>>8)] ^ u32(td3[byte(s3)]) - t3 = xk[k+3] ^ td0[byte(s3>>24)] ^ td1[byte(s2>>16)] ^ td2[byte(s1>>8)] ^ u32(td3[byte(s0)]) + for _ in 0 .. nr { + t0 = xk[k + 0] ^ td0[byte(s0 >> 24)] ^ td1[byte(s3 >> 16)] ^ td2[byte(s2 >> 8)] ^ u32(td3[byte(s1)]) + t1 = xk[k + 1] ^ td0[byte(s1 >> 24)] ^ td1[byte(s0 >> 16)] ^ td2[byte(s3 >> 8)] ^ u32(td3[byte(s2)]) + t2 = xk[k + 2] ^ td0[byte(s2 >> 24)] ^ td1[byte(s1 >> 16)] ^ td2[byte(s0 >> 8)] ^ u32(td3[byte(s3)]) + t3 = xk[k + 3] ^ td0[byte(s3 >> 24)] ^ td1[byte(s2 >> 16)] ^ td2[byte(s1 >> 8)] ^ u32(td3[byte(s0)]) k += 4 s0 = t0 s1 = t1 s2 = t2 s3 = t3 } - // Last round uses s-box directly and XORs to produce output. - s0 = u32(s_box1[t0>>24])<<24 | u32(s_box1[t3>>16&0xff])<<16 | u32(s_box1[t2>>8&0xff]<<8) | u32(s_box1[t1&u32(0xff)]) - s1 = u32(s_box1[t1>>24])<<24 | u32(s_box1[t0>>16&0xff])<<16 | u32(s_box1[t3>>8&0xff]<<8) | u32(s_box1[t2&u32(0xff)]) - s2 = u32(s_box1[t2>>24])<<24 | u32(s_box1[t1>>16&0xff])<<16 | u32(s_box1[t0>>8&0xff]<<8) | u32(s_box1[t3&u32(0xff)]) - s3 = u32(s_box1[t3>>24])<<24 | u32(s_box1[t2>>16&0xff])<<16 | u32(s_box1[t1>>8&0xff]<<8) | u32(s_box1[t0&u32(0xff)]) - - s0 ^= xk[k+0] - s1 ^= xk[k+1] - s2 ^= xk[k+2] - s3 ^= xk[k+3] - + s0 = u32(s_box1[t0 >> 24]) << 24 | + u32(s_box1[t3 >> 16 & 0xff]) << 16 | u32(s_box1[t2 >> 8 & 0xff] << 8) | u32(s_box1[t1 & u32(0xff)]) + s1 = u32(s_box1[t1 >> 24]) << 24 | + u32(s_box1[t0 >> 16 & 0xff]) << 16 | u32(s_box1[t3 >> 8 & 0xff] << 8) | u32(s_box1[t2 & u32(0xff)]) + s2 = u32(s_box1[t2 >> 24]) << 24 | + u32(s_box1[t1 >> 16 & 0xff]) << 16 | u32(s_box1[t0 >> 8 & 0xff] << 8) | u32(s_box1[t3 & u32(0xff)]) + s3 = u32(s_box1[t3 >> 24]) << 24 | + u32(s_box1[t2 >> 16 & 0xff]) << 16 | u32(s_box1[t1 >> 8 & 0xff] << 8) | u32(s_box1[t0 & u32(0xff)]) + s0 ^= xk[k + 0] + s1 ^= xk[k + 1] + s2 ^= xk[k + 2] + s3 ^= xk[k + 3] _ = dst[15] // early bounds check binary.big_endian_put_u32(mut (*dst)[..4], s0) binary.big_endian_put_u32(mut (*dst).slice(4, 8), s1) @@ -145,14 +141,14 @@ fn decrypt_block_generic(xk []u32, mut dst []byte, src []byte) { // Apply s_box0 to each byte in w. fn subw(w u32) u32 { - return u32(s_box0[w>>24])<<24 | - u32(s_box0[w>>16&0xff]<<16) | - u32(s_box0[w>>8&0xff]<<8) | - u32(s_box0[w&u32(0xff)]) + return u32(s_box0[w >> 24]) << 24 | u32(s_box0[w >> 16 & 0xff] << 16) | u32(s_box0[w >> 8 & + 0xff] << 8) | u32(s_box0[w & u32(0xff)]) } // Rotate -fn rotw(w u32) u32 { return (w<<8) | (w>>24) } +fn rotw(w u32) u32 { + return (w << 8) | (w >> 24) +} // Key expansion algorithm. See FIPS-197, Figure 11. // Their rcon[i] is our powx[i-1] << 24. @@ -161,23 +157,21 @@ fn expand_key_generic(key []byte, mut enc []u32, mut dec []u32) { mut i := 0 nk := key.len / 4 for i = 0; i < nk; i++ { - if 4*i >= key.len { + if 4 * i >= key.len { break } - enc[i] = binary.big_endian_u32(key[4*i..]) + enc[i] = binary.big_endian_u32(key[4 * i..]) } - for i < enc.len { - mut t := enc[i-1] - if i%nk == 0 { - t = subw(rotw(t)) ^ u32(pow_x[i/nk-1]) << 24 - } else if nk > 6 && i%nk == 4 { + mut t := enc[i - 1] + if i % nk == 0 { + t = subw(rotw(t)) ^ u32(pow_x[i / nk - 1]) << 24 + } else if nk > 6 && i % nk == 4 { t = subw(t) } - enc[i] = enc[i-nk] ^ t + enc[i] = enc[i - nk] ^ t i++ } - // Derive decryption key from encryption key. // Reverse the 4-word round key sets from enc to produce dec. // All sets but the first and last get the MixColumn transform applied. @@ -187,12 +181,13 @@ fn expand_key_generic(key []byte, mut enc []u32, mut dec []u32) { n := enc.len for i = 0; i < n; i += 4 { ei := n - i - 4 - for j in 0..4 { - mut x := enc[ei+j] - if i > 0 && i+4 < n { - x = td0[s_box0[x>>24]] ^ td1[s_box0[x>>16&0xff]] ^ td2[s_box0[x>>8&0xff]] ^ td3[s_box0[x&u32(0xff)]] + for j in 0 .. 4 { + mut x := enc[ei + j] + if i > 0 && i + 4 < n { + x = td0[s_box0[x >> 24]] ^ td1[s_box0[x >> 16 & 0xff]] ^ td2[s_box0[x >> 8 & 0xff]] ^ + td3[s_box0[x & u32(0xff)]] } - dec[i+j] = x + dec[i + j] = x } } }