core/crypto: Use `panic_contextless` instead of `intrinsics.trap`

author: Yawning Angel <yawning@schwanenlied.me> 2024-08-27 20:54:50 +0900
committer: Yawning Angel <yawning@schwanenlied.me> 2025-03-23 19:14:33 +0900
commit: e4e76f27f6549560017c89bdf129fdcca6d9afa0 (patch)
tree: 17e3fa7736a7a8c2fe9bb42a132d5d685fd3d003 /core/crypto
parent: 4c28f6d170da9f7fe29ace5e40933fba9c2f946e (diff)
13 files changed, 21 insertions, 33 deletions
diff --git a/core/crypto/_aes/ct64/ct64.odin b/core/crypto/_aes/ct64/ct64.odin
index f198cab81..b2d5b72bc 100644
--- a/core/crypto/_aes/ct64/ct64.odin
+++ b/core/crypto/_aes/ct64/ct64.odin
@@ -22,8 +22,6 @@
 
 package aes_ct64
 
-import "base:intrinsics"
-
 // Bitsliced AES for 64-bit general purpose (integer) registers.  Each
 // invocation will process up to 4 blocks at a time.  This implementation
 // is derived from the BearSSL ct64 code, and distributed under a 1-clause
@@ -214,7 +212,7 @@ orthogonalize :: proc "contextless" (q: ^[8]u64) {
 @(require_results)
 interleave_in :: proc "contextless" (w: []u32) -> (q0, q1: u64) #no_bounds_check {
 	if len(w) < 4 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid input size")
 	}
 	x0, x1, x2, x3 := u64(w[0]), u64(w[1]), u64(w[2]), u64(w[3])
 	x0 |= (x0 << 16)
diff --git a/core/crypto/_aes/ct64/ct64_enc.odin b/core/crypto/_aes/ct64/ct64_enc.odin
index 36d4aebc8..e099b3eaf 100644
--- a/core/crypto/_aes/ct64/ct64_enc.odin
+++ b/core/crypto/_aes/ct64/ct64_enc.odin
@@ -22,11 +22,9 @@
 
 package aes_ct64
 
-import "base:intrinsics"
-
 add_round_key :: proc "contextless" (q: ^[8]u64, sk: []u64) #no_bounds_check {
 	if len(sk) < 8 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid round key size")
 	}
 
 	q[0] ~= sk[0]
diff --git a/core/crypto/_aes/ct64/ct64_keysched.odin b/core/crypto/_aes/ct64/ct64_keysched.odin
index 060a2c03e..0cb01aa08 100644
--- a/core/crypto/_aes/ct64/ct64_keysched.odin
+++ b/core/crypto/_aes/ct64/ct64_keysched.odin
@@ -22,7 +22,6 @@
 
 package aes_ct64
 
-import "base:intrinsics"
 import "core:crypto/_aes"
 import "core:encoding/endian"
 import "core:mem"
@@ -126,7 +125,7 @@ skey_expand :: proc "contextless" (skey, comp_skey: []u64, num_rounds: int) {
 
 orthogonalize_roundkey :: proc "contextless" (qq: []u64, key: []byte) {
 	if len(qq) < 8 || len(key) != 16 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid round key size")
 	}
 
 	skey: [4]u32 = ---
diff --git a/core/crypto/_aes/ct64/ghash.odin b/core/crypto/_aes/ct64/ghash.odin
index a522a481a..fe6e364fc 100644
--- a/core/crypto/_aes/ct64/ghash.odin
+++ b/core/crypto/_aes/ct64/ghash.odin
@@ -22,7 +22,6 @@
 
 package aes_ct64
 
-import "base:intrinsics"
 import "core:crypto/_aes"
 import "core:encoding/endian"
 
@@ -65,7 +64,7 @@ rev64 :: proc "contextless" (x: u64) -> u64 {
 // of GCM.
 ghash :: proc "contextless" (dst, key, data: []byte) {
 	if len(dst) != _aes.GHASH_BLOCK_SIZE || len(key) != _aes.GHASH_BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ghash: invalid dst or key size")
 	}
 
 	buf := data
diff --git a/core/crypto/_aes/ct64/helpers.odin b/core/crypto/_aes/ct64/helpers.odin
index 169271f6d..0ca9c3f4e 100644
--- a/core/crypto/_aes/ct64/helpers.odin
+++ b/core/crypto/_aes/ct64/helpers.odin
@@ -1,12 +1,11 @@
 package aes_ct64
 
-import "base:intrinsics"
 import "core:crypto/_aes"
 import "core:encoding/endian"
 
 load_blockx1 :: proc "contextless" (q: ^[8]u64, src: []byte) {
 	if len(src) != _aes.BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block size")
 	}
 
 	w: [4]u32 = ---
@@ -20,7 +19,7 @@ load_blockx1 :: proc "contextless" (q: ^[8]u64, src: []byte) {
 
 store_blockx1 :: proc "contextless" (dst: []byte, q: ^[8]u64) {
 	if len(dst) != _aes.BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block size")
 	}
 
 	orthogonalize(q)
@@ -33,13 +32,13 @@ store_blockx1 :: proc "contextless" (dst: []byte, q: ^[8]u64) {
 
 load_blocks :: proc "contextless" (q: ^[8]u64, src: [][]byte) {
 	if n := len(src); n > STRIDE || n == 0 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block(s) size")
 	}
 
 	w: [4]u32 = ---
 	for s, i in src {
 		if len(s) != _aes.BLOCK_SIZE {
-			intrinsics.trap()
+			panic_contextless("aes/ct64: invalid block size")
 		}
 
 		w[0] = endian.unchecked_get_u32le(s[0:])
@@ -53,7 +52,7 @@ load_blocks :: proc "contextless" (q: ^[8]u64, src: [][]byte) {
 
 store_blocks :: proc "contextless" (dst: [][]byte, q: ^[8]u64) {
 	if n := len(dst); n > STRIDE || n == 0 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block(s) size")
 	}
 
 	orthogonalize(q)
@@ -63,7 +62,7 @@ store_blocks :: proc "contextless" (dst: [][]byte, q: ^[8]u64) {
 			break
 		}
 		if len(d) != _aes.BLOCK_SIZE {
-			intrinsics.trap()
+			panic_contextless("aes/ct64: invalid block size")
 		}
 
 		w0, w1, w2, w3 := interleave_out(q[i], q[i + 4])
diff --git a/core/crypto/_aes/hw_intel/ghash.odin b/core/crypto/_aes/hw_intel/ghash.odin
index ed89d2956..5f51b614b 100644
--- a/core/crypto/_aes/hw_intel/ghash.odin
+++ b/core/crypto/_aes/hw_intel/ghash.odin
@@ -155,7 +155,7 @@ square_f128 :: #force_inline proc "contextless" (kw: x86.__m128i) -> (x86.__m128
 @(enable_target_feature = "sse2,ssse3,pclmul")
 ghash :: proc "contextless" (dst, key, data: []byte) #no_bounds_check {
 	if len(dst) != _aes.GHASH_BLOCK_SIZE || len(key) != _aes.GHASH_BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ghash: invalid dst or key size")
 	}
 
 	// Note: BearSSL opts to copy the remainder into a zero-filled
diff --git a/core/crypto/_chacha20/chacha20.odin b/core/crypto/_chacha20/chacha20.odin
index a907209de..c7812f7ab 100644
--- a/core/crypto/_chacha20/chacha20.odin
+++ b/core/crypto/_chacha20/chacha20.odin
@@ -1,6 +1,5 @@
 package _chacha20
 
-import "base:intrinsics"
 import "core:encoding/endian"
 import "core:math/bits"
 import "core:mem"
@@ -47,7 +46,7 @@ Context :: struct {
 // HChaCha call can be suitably accelerated.
 init :: proc "contextless" (ctx: ^Context, key, iv: []byte, is_xchacha: bool) {
 	if len(key) != KEY_SIZE || len(iv) != IV_SIZE {
-		intrinsics.trap()
+		panic_contextless("chacha20: invalid key or IV size")
 	}
 
 	k, n := key, iv
diff --git a/core/crypto/_chacha20/simd256/chacha20_simd256_stub.odin b/core/crypto/_chacha20/simd256/chacha20_simd256_stub.odin
index ce673b42b..287ddd885 100644
--- a/core/crypto/_chacha20/simd256/chacha20_simd256_stub.odin
+++ b/core/crypto/_chacha20/simd256/chacha20_simd256_stub.odin
@@ -13,5 +13,5 @@ stream_blocks :: proc(ctx: ^_chacha20.Context, dst, src: []byte, nr_blocks: int)
 }
 
 hchacha20 :: proc "contextless" (dst, key, iv: []byte) {
-	intrinsics.trap()
+	panic_contextless("crypto/chacha20: simd256 implementation unsupported")
 }
 \ No newline at end of file
diff --git a/core/crypto/_edwards25519/edwards25519.odin b/core/crypto/_edwards25519/edwards25519.odin
index 6495f7a3a..a091afad9 100644
--- a/core/crypto/_edwards25519/edwards25519.odin
+++ b/core/crypto/_edwards25519/edwards25519.odin
@@ -11,7 +11,6 @@ See:
 - https://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
 */
 
-import "base:intrinsics"
 import "core:crypto"
 import field "core:crypto/_fiat/field_curve25519"
 import "core:mem"
@@ -108,7 +107,7 @@ ge_set :: proc "contextless" (ge, a: ^Group_Element) {
 @(require_results)
 ge_set_bytes :: proc "contextless" (ge: ^Group_Element, b: []byte) -> bool {
 	if len(b) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid group element size")
 	}
 	b_ := (^[32]byte)(raw_data(b))
 
@@ -167,7 +166,7 @@ ge_set_bytes :: proc "contextless" (ge: ^Group_Element, b: []byte) -> bool {
 
 ge_bytes :: proc "contextless" (ge: ^Group_Element, dst: []byte) {
 	if len(dst) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid group element size")
 	}
 	dst_ := (^[32]byte)(raw_data(dst))
 
diff --git a/core/crypto/_edwards25519/edwards25519_scalar.odin b/core/crypto/_edwards25519/edwards25519_scalar.odin
index e21fa3755..a820ef948 100644
--- a/core/crypto/_edwards25519/edwards25519_scalar.odin
+++ b/core/crypto/_edwards25519/edwards25519_scalar.odin
@@ -1,6 +1,5 @@
 package _edwards25519
 
-import "base:intrinsics"
 import field "core:crypto/_fiat/field_scalar25519"
 import "core:mem"
 
@@ -26,7 +25,7 @@ sc_set_u64 :: proc "contextless" (sc: ^Scalar, i: u64) {
 @(require_results)
 sc_set_bytes :: proc "contextless" (sc: ^Scalar, b: []byte) -> bool {
 	if len(b) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid scalar size")
 	}
 	b_ := (^[32]byte)(raw_data(b))
 	return field.fe_from_bytes(sc, b_)
@@ -34,7 +33,7 @@ sc_set_bytes :: proc "contextless" (sc: ^Scalar, b: []byte) -> bool {
 
 sc_set_bytes_rfc8032 :: proc "contextless" (sc: ^Scalar, b: []byte) {
 	if len(b) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid scalar size")
 	}
 	b_ := (^[32]byte)(raw_data(b))
 	field.fe_from_bytes_rfc8032(sc, b_)
diff --git a/core/crypto/_fiat/field_poly1305/field.odin b/core/crypto/_fiat/field_poly1305/field.odin
index b12046858..c888f1e8b 100644
--- a/core/crypto/_fiat/field_poly1305/field.odin
+++ b/core/crypto/_fiat/field_poly1305/field.odin
@@ -1,6 +1,5 @@
 package field_poly1305
 
-import "base:intrinsics"
 import "core:encoding/endian"
 import "core:mem"
 
@@ -30,7 +29,7 @@ fe_from_bytes :: #force_inline proc "contextless" (
 	// neater.
 
 	if len(arg1) != 16 {
-		intrinsics.trap()
+		panic_contextless("poly1305: invalid field element size")
 	}
 
 	// While it may be unwise to do deserialization here on our
diff --git a/core/crypto/_fiat/field_scalar25519/field.odin b/core/crypto/_fiat/field_scalar25519/field.odin
index 9b40661b7..ddaf5d0c7 100644
--- a/core/crypto/_fiat/field_scalar25519/field.odin
+++ b/core/crypto/_fiat/field_scalar25519/field.odin
@@ -1,6 +1,5 @@
 package field_scalar25519
 
-import "base:intrinsics"
 import "core:encoding/endian"
 import "core:math/bits"
 import "core:mem"
@@ -96,7 +95,7 @@ fe_from_bytes_wide :: proc "contextless" (
 _fe_from_bytes_short :: proc "contextless" (out1: ^Montgomery_Domain_Field_Element, arg1: []byte) {
 	// INVARIANT: len(arg1) < 32.
 	if len(arg1) >= 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: oversized short scalar")
 	}
 	tmp: [32]byte
 	copy(tmp[:], arg1)
@@ -107,7 +106,7 @@ _fe_from_bytes_short :: proc "contextless" (out1: ^Montgomery_Domain_Field_Eleme
 
 fe_to_bytes :: proc "contextless" (out1: []byte, arg1: ^Montgomery_Domain_Field_Element) {
 	if len(out1) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: oversized scalar output buffer")
 	}
 
 	tmp: Non_Montgomery_Domain_Field_Element
diff --git a/core/crypto/aead/aead.odin b/core/crypto/aead/aead.odin
index 9b7d810e4..c8f324929 100644
--- a/core/crypto/aead/aead.odin
+++ b/core/crypto/aead/aead.odin
@@ -16,7 +16,7 @@ seal_oneshot :: proc(algo: Algorithm, dst, tag, key, iv, aad, plaintext: []byte,
 // returning true iff the authentication was successful.  If authentication
 // fails, the destination buffer will be zeroed.
 //
-// dst and plaintext MUST alias exactly or not at all.
+// dst and ciphertext MUST alias exactly or not at all.
 @(require_results)
 open_oneshot :: proc(algo: Algorithm, dst, key, iv, aad, ciphertext, tag: []byte, impl: Implementation = nil) -> bool {
 	ctx: Context
author	Yawning Angel <yawning@schwanenlied.me>	2024-08-27 20:54:50 +0900
committer	Yawning Angel <yawning@schwanenlied.me>	2025-03-23 19:14:33 +0900
commit	e4e76f27f6549560017c89bdf129fdcca6d9afa0 (patch)
tree	17e3fa7736a7a8c2fe9bb42a132d5d685fd3d003 /core/crypto
parent	4c28f6d170da9f7fe29ace5e40933fba9c2f946e (diff)