Merge pull request #4003 from Yawning/feature/crypto-improvements

core:crypto: Various improvements
author: Jeroen van Rijn <Kelimion@users.noreply.github.com> 2024-08-10 17:17:00 +0200
committer: GitHub <noreply@github.com> 2024-08-10 17:17:00 +0200
commit: 9759d56c815b2b2a98b24f0810d343e82ea8f4ac (patch)
tree: 8c7c3d1fcac5527b85984df50f79f08c25caafe5 /tests
parent: d73ad8eb1e0e8f97c59319457e3b2a06a42b2829 (diff)
parent: ba1ad82c2b13aead2ec0c6450dd3b45420b84748 (diff)
4 files changed, 420 insertions, 353 deletions
diff --git a/tests/benchmark/crypto/benchmark_crypto.odin b/tests/benchmark/crypto/benchmark_crypto.odin
index b2ac4bca3..66c9f89d3 100644
--- a/tests/benchmark/crypto/benchmark_crypto.odin
+++ b/tests/benchmark/crypto/benchmark_crypto.odin
@@ -279,13 +279,13 @@ _benchmark_chacha20 :: proc(
 		0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
 		0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
 	}
-	nonce := [chacha20.NONCE_SIZE]byte {
+	iv := [chacha20.IV_SIZE]byte {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00,
 	}
 
 	ctx: chacha20.Context = ---
-	chacha20.init(&ctx, key[:], nonce[:])
+	chacha20.init(&ctx, key[:], iv[:])
 
 	for _ in 0 ..= options.rounds {
 		chacha20.xor_bytes(&ctx, buf, buf)
@@ -334,15 +334,18 @@ _benchmark_chacha20poly1305 :: proc(
 		0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
 		0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
 	}
-	nonce := [chacha20.NONCE_SIZE]byte {
+	iv := [chacha20.IV_SIZE]byte {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00,
 	}
 
+	ctx: chacha20poly1305.Context = ---
+	chacha20poly1305.init(&ctx, key[:]) // Basically 0 overhead.
+
 	tag: [chacha20poly1305.TAG_SIZE]byte = ---
 
 	for _ in 0 ..= options.rounds {
-		chacha20poly1305.encrypt(buf, tag[:], key[:], nonce[:], nil, buf)
+		chacha20poly1305.seal(&ctx, buf, tag[:], iv[:], nil, buf)
 	}
 	options.count = options.rounds
 	options.processed = options.rounds * options.bytes
@@ -363,13 +366,13 @@ _benchmark_aes256_ctr :: proc(
 		0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
 		0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
 	}
-	nonce := [aes.CTR_IV_SIZE]byte {
+	iv := [aes.CTR_IV_SIZE]byte {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	}
 
 	ctx: aes.Context_CTR = ---
-	aes.init_ctr(&ctx, key[:], nonce[:])
+	aes.init_ctr(&ctx, key[:], iv[:])
 
 	for _ in 0 ..= options.rounds {
 		aes.xor_bytes_ctr(&ctx, buf, buf)
@@ -386,13 +389,13 @@ _benchmark_aes256_gcm :: proc(
 	err: time.Benchmark_Error,
 ) {
 	buf := options.input
-	nonce: [aes.GCM_NONCE_SIZE]byte
+	iv: [aes.GCM_IV_SIZE]byte
 	tag: [aes.GCM_TAG_SIZE]byte = ---
 
 	ctx := transmute(^aes.Context_GCM)context.user_ptr
 
 	for _ in 0 ..= options.rounds {
-		aes.seal_gcm(ctx, buf, tag[:], nonce[:], nil, buf)
+		aes.seal_gcm(ctx, buf, tag[:], iv[:], nil, buf)
 	}
 	options.count = options.rounds
 	options.processed = options.rounds * options.bytes
diff --git a/tests/core/crypto/test_core_crypto.odin b/tests/core/crypto/test_core_crypto.odin
index f3f76646b..b3eb6e041 100644
--- a/tests/core/crypto/test_core_crypto.odin
+++ b/tests/core/crypto/test_core_crypto.odin
@@ -19,15 +19,39 @@ import "base:runtime"
 import "core:log"
 
 import "core:crypto"
+import chacha_simd128 "core:crypto/_chacha20/simd128"
+import chacha_simd256 "core:crypto/_chacha20/simd256"
 import "core:crypto/chacha20"
-import "core:crypto/chacha20poly1305"
+import "core:crypto/sha2"
 
+@(private)
 _PLAINTEXT_SUNSCREEN_STR := "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
 
 @(test)
 test_chacha20 :: proc(t: ^testing.T) {
 	runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD()
 
+	impls := supported_chacha_impls()
+
+	for impl in impls {
+		test_chacha20_stream(t, impl)
+	}
+}
+
+supported_chacha_impls :: proc() -> [dynamic]chacha20.Implementation {
+	impls := make([dynamic]chacha20.Implementation, 0, 3, context.temp_allocator)
+	append(&impls, chacha20.Implementation.Portable)
+	if chacha_simd128.is_performant() {
+		append(&impls, chacha20.Implementation.Simd128)
+	}
+	if chacha_simd256.is_performant() {
+		append(&impls, chacha20.Implementation.Simd256)
+	}
+
+	return impls
+}
+
+test_chacha20_stream :: proc(t: ^testing.T, impl: chacha20.Implementation) {
 	// Test cases taken from RFC 8439, and draft-irtf-cfrg-xchacha-03
 	plaintext := transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR)
 
@@ -38,7 +62,7 @@ test_chacha20 :: proc(t: ^testing.T) {
 		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
 	}
 
-	nonce := [chacha20.NONCE_SIZE]byte {
+	iv := [chacha20.IV_SIZE]byte {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a,
 		0x00, 0x00, 0x00, 0x00,
 	}
@@ -64,7 +88,7 @@ test_chacha20 :: proc(t: ^testing.T) {
 
 	derived_ciphertext: [114]byte
 	ctx: chacha20.Context = ---
-	chacha20.init(&ctx, key[:], nonce[:])
+	chacha20.init(&ctx, key[:], iv[:], impl)
 	chacha20.seek(&ctx, 1) // The test vectors start the counter at 1.
 	chacha20.xor_bytes(&ctx, derived_ciphertext[:], plaintext[:])
 
@@ -72,7 +96,8 @@ test_chacha20 :: proc(t: ^testing.T) {
 	testing.expectf(
 		t,
 		derived_ciphertext_str == ciphertext_str,
-		"Expected %s for xor_bytes(plaintext_str), but got %s instead",
+		"chacha20/%v: Expected %s for xor_bytes(plaintext_str), but got %s instead",
+		impl,
 		ciphertext_str,
 		derived_ciphertext_str,
 	)
@@ -84,7 +109,7 @@ test_chacha20 :: proc(t: ^testing.T) {
 		0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
 	}
 
-	xnonce := [chacha20.XNONCE_SIZE]byte {
+	xiv := [chacha20.XIV_SIZE]byte {
 		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
 		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
 		0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
@@ -109,7 +134,7 @@ test_chacha20 :: proc(t: ^testing.T) {
 	}
 	xciphertext_str := string(hex.encode(xciphertext[:], context.temp_allocator))
 
-	chacha20.init(&ctx, xkey[:], xnonce[:])
+	chacha20.init(&ctx, xkey[:], xiv[:], impl)
 	chacha20.seek(&ctx, 1)
 	chacha20.xor_bytes(&ctx, derived_ciphertext[:], plaintext[:])
 
@@ -117,128 +142,44 @@ test_chacha20 :: proc(t: ^testing.T) {
 	testing.expectf(
 		t,
 		derived_ciphertext_str == xciphertext_str,
-		"Expected %s for xor_bytes(plaintext_str), but got %s instead",
+		"chacha20/%v: Expected %s for xor_bytes(plaintext_str), but got %s instead",
+		impl,
 		xciphertext_str,
 		derived_ciphertext_str,
 	)
-}
 
-@(test)
-test_chacha20poly1305 :: proc(t: ^testing.T) {
-	plaintext := transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR)
-
-	aad := [12]byte {
-		0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
-		0xc4, 0xc5, 0xc6, 0xc7,
-	}
+	// Incrementally read 1, 2, 3, ..., 2048 bytes of keystream, and
+	// compare the SHA-512/256 digest with a known value.  Results
+	// and testcase taken from a known good implementation by the
+	// same author as the Odin test case.
 
-	key := [chacha20poly1305.KEY_SIZE]byte {
-		0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-		0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-		0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-		0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
-	}
+	tmp := make([]byte, 2048, context.temp_allocator)
 
-	nonce := [chacha20poly1305.NONCE_SIZE]byte {
-		0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
-		0x44, 0x45, 0x46, 0x47,
-	}
+	mem.zero(&key, size_of(key))
+	mem.zero(&iv, size_of(iv))
+	chacha20.init(&ctx, key[:], iv[:], impl)
 
-	ciphertext := [114]byte {
-		0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
-		0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
-		0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
-		0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
-		0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
-		0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
-		0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
-		0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
-		0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
-		0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
-		0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
-		0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
-		0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
-		0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
-		0x61, 0x16,
-	}
-	ciphertext_str := string(hex.encode(ciphertext[:], context.temp_allocator))
+	h_ctx: sha2.Context_512
+	sha2.init_512_256(&h_ctx)
 
-	tag := [chacha20poly1305.TAG_SIZE]byte {
-		0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
-		0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91,
+	for i := 1; i <= 2048; i = i + 1 {
+		chacha20.keystream_bytes(&ctx, tmp[:i])
+		sha2.update(&h_ctx, tmp[:i])
 	}
-	tag_str := string(hex.encode(tag[:], context.temp_allocator))
-
-	derived_tag: [chacha20poly1305.TAG_SIZE]byte
-	derived_ciphertext: [114]byte
 
-	chacha20poly1305.encrypt(
-		derived_ciphertext[:],
-		derived_tag[:],
-		key[:],
-		nonce[:],
-		aad[:],
-		plaintext,
-	)
+	digest: [32]byte
+	sha2.final(&h_ctx, digest[:])
+	digest_str := string(hex.encode(digest[:], context.temp_allocator))
 
-	derived_ciphertext_str := string(hex.encode(derived_ciphertext[:], context.temp_allocator))
+	expected_digest_str := "cfd6e949225b854fe04946491e6935ff05ff983d1554bc885bca0ec8082dd5b8"
 	testing.expectf(
 		t,
-		derived_ciphertext_str == ciphertext_str,
-		"Expected ciphertext %s for encrypt(aad, plaintext), but got %s instead",
-		ciphertext_str,
-		derived_ciphertext_str,
-	)
-
-	derived_tag_str := string(hex.encode(derived_tag[:], context.temp_allocator))
-	testing.expectf(
-		t,
-		derived_tag_str == tag_str,
-		"Expected tag %s for encrypt(aad, plaintext), but got %s instead",
-		tag_str,
-		derived_tag_str,
-	)
-
-	derived_plaintext: [114]byte
-	ok := chacha20poly1305.decrypt(
-		derived_plaintext[:],
-		tag[:],
-		key[:],
-		nonce[:],
-		aad[:],
-		ciphertext[:],
-	)
-	derived_plaintext_str := string(derived_plaintext[:])
-	testing.expect(t, ok, "Expected true for decrypt(tag, aad, ciphertext)")
-	testing.expectf(
-		t,
-		derived_plaintext_str == _PLAINTEXT_SUNSCREEN_STR,
-		"Expected plaintext %s for decrypt(tag, aad, ciphertext), but got %s instead",
-		_PLAINTEXT_SUNSCREEN_STR,
-		derived_plaintext_str,
-	)
-
-	derived_ciphertext[0] ~= 0xa5
-	ok = chacha20poly1305.decrypt(
-		derived_plaintext[:],
-		tag[:],
-		key[:],
-		nonce[:],
-		aad[:],
-		derived_ciphertext[:],
-	)
-	testing.expect(t, !ok, "Expected false for decrypt(tag, aad, corrupted_ciphertext)")
-
-	aad[0] ~= 0xa5
-	ok = chacha20poly1305.decrypt(
-		derived_plaintext[:],
-		tag[:],
-		key[:],
-		nonce[:],
-		aad[:],
-		ciphertext[:],
+		expected_digest_str == digest_str,
+		"chacha20/%v: Expected %s for keystream digest, but got %s instead",
+		impl,
+		expected_digest_str,
+		digest_str,
 	)
-	testing.expect(t, !ok, "Expected false for decrypt(tag, corrupted_aad, ciphertext)")
 }
 
 @(test)
diff --git a/tests/core/crypto/test_core_crypto_aead.odin b/tests/core/crypto/test_core_crypto_aead.odin
new file mode 100644
index 000000000..90eedc0b2
--- /dev/null
+++ b/tests/core/crypto/test_core_crypto_aead.odin
@@ -0,0 +1,339 @@
+package test_core_crypto
+
+import "base:runtime"
+import "core:crypto/aead"
+import "core:encoding/hex"
+import "core:testing"
+
+@(test)
+test_aead :: proc(t: ^testing.T) {
+	runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD()
+
+	aes_impls := make([dynamic]aead.Implementation, context.temp_allocator)
+	for impl in supported_aes_impls() {
+		append(&aes_impls, impl)
+	}
+	chacha_impls := make([dynamic]aead.Implementation, context.temp_allocator)
+	for impl in supported_chacha_impls() {
+		append(&chacha_impls, impl)
+	}
+	impls := [aead.Algorithm][dynamic]aead.Implementation{
+		.Invalid           = nil,
+		.AES_GCM_128       = aes_impls,
+		.AES_GCM_192       = aes_impls,
+		.AES_GCM_256       = aes_impls,
+		.CHACHA20POLY1305  = chacha_impls,
+		.XCHACHA20POLY1305 = chacha_impls,
+	}
+
+	test_vectors := []struct{
+		algo: aead.Algorithm,
+		key: string,
+		iv: string,
+		aad: string,
+		plaintext: string,
+		ciphertext: string,
+		tag: string,
+	} {
+		// AES-GCM
+		// - https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+		//
+		// Note: NIST did a reorg of their site, so the source of the test vectors
+		// is only available from an archive.
+		{
+			.AES_GCM_128,
+			"00000000000000000000000000000000",
+			"000000000000000000000000",
+			"",
+			"",
+			"",
+			"58e2fccefa7e3061367f1d57a4e7455a",
+		},
+		{
+			.AES_GCM_128,
+			"00000000000000000000000000000000",
+			"000000000000000000000000",
+			"",
+			"00000000000000000000000000000000",
+			"0388dace60b6a392f328c2b971b2fe78",
+			"ab6e47d42cec13bdf53a67b21257bddf",
+		},
+		{
+			.AES_GCM_128,
+			"feffe9928665731c6d6a8f9467308308",
+			"cafebabefacedbaddecaf888",
+			"",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+			"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
+			"4d5c2af327cd64a62cf35abd2ba6fab4",
+		},
+		{
+			.AES_GCM_128,
+			"feffe9928665731c6d6a8f9467308308",
+			"cafebabefacedbaddecaf888",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
+			"5bc94fbc3221a5db94fae95ae7121a47",
+		},
+		{
+			.AES_GCM_128,
+			"feffe9928665731c6d6a8f9467308308",
+			"cafebabefacedbad",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
+			"3612d2e79e3b0785561be14aaca2fccb",
+		},
+		{
+			.AES_GCM_128,
+			"feffe9928665731c6d6a8f9467308308",
+			"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
+			"619cc5aefffe0bfa462af43c1699d050",
+		},
+		{
+			.AES_GCM_192,
+			"000000000000000000000000000000000000000000000000",
+			"000000000000000000000000",
+			"",
+			"",
+			"",
+			"cd33b28ac773f74ba00ed1f312572435",
+		},
+		{
+			.AES_GCM_192,
+			"000000000000000000000000000000000000000000000000",
+			"000000000000000000000000",
+			"",
+			"00000000000000000000000000000000",
+			"98e7247c07f0fe411c267e4384b0f600",
+			"2ff58d80033927ab8ef4d4587514f0fb",
+		},
+		{
+			.AES_GCM_192,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+			"cafebabefacedbaddecaf888",
+			"",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+			"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
+			"9924a7c8587336bfb118024db8674a14",
+		},
+		{
+			.AES_GCM_192,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+			"cafebabefacedbaddecaf888",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
+			"2519498e80f1478f37ba55bd6d27618c",
+		},
+		{
+			.AES_GCM_192,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+			"cafebabefacedbad",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
+			"65dcc57fcf623a24094fcca40d3533f8",
+		},
+		{
+			.AES_GCM_192,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+			"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
+			"dcf566ff291c25bbb8568fc3d376a6d9",
+		},
+		{
+			.AES_GCM_256,
+			"0000000000000000000000000000000000000000000000000000000000000000",
+			"000000000000000000000000",
+			"",
+			"",
+			"",
+			"530f8afbc74536b9a963b4f1c4cb738b",
+		},
+		{
+			.AES_GCM_256,
+			"0000000000000000000000000000000000000000000000000000000000000000",
+			"000000000000000000000000",
+			"",
+			"00000000000000000000000000000000",
+			"cea7403d4d606b6e074ec5d3baf39d18",
+			"d0d1c8a799996bf0265b98b5d48ab919",
+		},
+		{
+			.AES_GCM_256,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+			"cafebabefacedbaddecaf888",
+			"",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+			"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
+			"b094dac5d93471bdec1a502270e3cc6c",
+		},
+		{
+			.AES_GCM_256,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+			"cafebabefacedbaddecaf888",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
+			"76fc6ece0f4e1768cddf8853bb2d551b",
+		},
+		{
+			.AES_GCM_256,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+			"cafebabefacedbad",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
+			"3a337dbf46a792c45e454913fe2ea8f2",
+		},
+		{
+			.AES_GCM_256,
+			"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+			"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+			"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
+			"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
+		},
+		// Chacha20-Poly1305
+		// https://www.rfc-editor.org/rfc/rfc8439
+		{
+			.CHACHA20POLY1305,
+			"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+			"070000004041424344454647",
+			"50515253c0c1c2c3c4c5c6c7",
+			string(hex.encode(transmute([]byte)(_PLAINTEXT_SUNSCREEN_STR), context.temp_allocator)),
+			"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
+			"1ae10b594f09e26a7e902ecbd0600691",
+		},
+		// XChaCha20-Poly1305-IETF
+		// - https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha-03
+		{
+			.XCHACHA20POLY1305,
+			"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+			"404142434445464748494a4b4c4d4e4f5051525354555657",
+			"50515253c0c1c2c3c4c5c6c7",
+			"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
+			"bd6d179d3e83d43b9576579493c0e939572a1700252bfaccbed2902c21396cbb731c7f1b0b4aa6440bf3a82f4eda7e39ae64c6708c54c216cb96b72e1213b4522f8c9ba40db5d945b11b69b982c1bb9e3f3fac2bc369488f76b2383565d3fff921f9664c97637da9768812f615c68b13b52e",
+			"c0875924c1c7987947deafd8780acf49",
+		},
+	}
+	for v, _ in test_vectors {
+		algo_name := aead.ALGORITHM_NAMES[v.algo]
+
+		key, _ := hex.decode(transmute([]byte)(v.key), context.temp_allocator)
+		iv, _ := hex.decode(transmute([]byte)(v.iv), context.temp_allocator)
+		aad, _ := hex.decode(transmute([]byte)(v.aad), context.temp_allocator)
+		plaintext, _ := hex.decode(transmute([]byte)(v.plaintext), context.temp_allocator)
+		ciphertext, _ := hex.decode(transmute([]byte)(v.ciphertext), context.temp_allocator)
+		tag, _ := hex.decode(transmute([]byte)(v.tag), context.temp_allocator)
+
+		tag_ := make([]byte, len(tag), context.temp_allocator)
+		dst := make([]byte, len(ciphertext), context.temp_allocator)
+
+		ctx: aead.Context
+		for impl in impls[v.algo] {
+			aead.init(&ctx, v.algo, key, impl)
+
+			aead.seal(&ctx, dst, tag_, iv, aad, plaintext)
+			dst_str := string(hex.encode(dst, context.temp_allocator))
+			tag_str := string(hex.encode(tag_, context.temp_allocator))
+			testing.expectf(
+				t,
+				dst_str == v.ciphertext && tag_str == v.tag,
+				"%s/%v: Expected: (%s, %s) for seal_ctx(%s, %s, %s, %s), but got (%s, %s) instead",
+				algo_name,
+				impl,
+				v.ciphertext,
+				v.tag,
+				v.key,
+				v.iv,
+				v.aad,
+				v.plaintext,
+				dst_str,
+				tag_str,
+			)
+
+			aead.seal(v.algo, dst, tag_, key, iv, aad, plaintext, impl)
+			dst_str = string(hex.encode(dst, context.temp_allocator))
+			tag_str = string(hex.encode(tag_, context.temp_allocator))
+			testing.expectf(
+				t,
+				dst_str == v.ciphertext && tag_str == v.tag,
+				"%s/%v: Expected: (%s, %s) for seal_oneshot(%s, %s, %s, %s), but got (%s, %s) instead",
+				algo_name,
+				impl,
+				v.ciphertext,
+				v.tag,
+				v.key,
+				v.iv,
+				v.aad,
+				v.plaintext,
+				dst_str,
+				tag_str,
+			)
+
+			ok := aead.open(&ctx, dst, iv, aad, ciphertext, tag)
+			dst_str = string(hex.encode(dst, context.temp_allocator))
+			testing.expectf(
+				t,
+				ok && dst_str == v.plaintext,
+				"%s/%v: Expected: (%s, true) for open_ctx(%s, %s, %s, %s, %s), but got (%s, %v) instead",
+				algo_name,
+				impl,
+				v.plaintext,
+				v.key,
+				v.iv,
+				v.aad,
+				v.ciphertext,
+				v.tag,
+				dst_str,
+				ok,
+			)
+
+			ok = aead.open(v.algo, dst, key, iv, aad, ciphertext, tag, impl)
+			dst_str = string(hex.encode(dst, context.temp_allocator))
+			testing.expectf(
+				t,
+				ok && dst_str == v.plaintext,
+				"%s/%v: Expected: (%s, true) for open_oneshot(%s, %s, %s, %s, %s), but got (%s, %v) instead",
+				algo_name,
+				impl,
+				v.plaintext,
+				v.key,
+				v.iv,
+				v.aad,
+				v.ciphertext,
+				v.tag,
+				dst_str,
+				ok,
+			)
+
+			tag_[0] ~= 0xa5
+			ok = aead.open(&ctx, dst, iv, aad, ciphertext, tag_)
+			testing.expectf(t, !ok, "%s/%v: Expected false for open(bad_tag, aad, ciphertext)", algo_name, impl)
+
+			if len(dst) > 0 {
+				copy(dst, ciphertext[:])
+				dst[0] ~= 0xa5
+				ok = aead.open(&ctx, dst, iv, aad, dst, tag)
+				testing.expectf(t, !ok, "%s/%v: Expected false for open(tag, aad, bad_ciphertext)", algo_name, impl)
+			}
+
+			if len(aad) > 0 {
+				aad_ := make([]byte, len(aad), context.temp_allocator)
+				copy(aad_, aad)
+				aad_[0] ~= 0xa5
+				ok = aead.open(&ctx, dst, iv, aad_, ciphertext, tag)
+				testing.expectf(t, !ok, "%s/%v: Expected false for open(tag, bad_aad, ciphertext)", algo_name, impl)
+			}
+		}
+	}
+}
diff --git a/tests/core/crypto/test_core_crypto_aes.odin b/tests/core/crypto/test_core_crypto_aes.odin
index c2fa2835c..b68b30976 100644
--- a/tests/core/crypto/test_core_crypto_aes.odin
+++ b/tests/core/crypto/test_core_crypto_aes.odin
@@ -12,20 +12,24 @@ import "core:crypto/sha2"
 test_aes :: proc(t: ^testing.T) {
 	runtime.DEFAULT_TEMP_ALLOCATOR_TEMP_GUARD()
 
-	impls := make([dynamic]aes.Implementation, 0, 2)
-	defer delete(impls)
-	append(&impls, aes.Implementation.Portable)
-	if aes.is_hardware_accelerated() {
-		append(&impls, aes.Implementation.Hardware)
-	}
+	impls := supported_aes_impls()
 
 	for impl in impls {
 		test_aes_ecb(t, impl)
 		test_aes_ctr(t, impl)
-		test_aes_gcm(t, impl)
 	}
 }
 
+supported_aes_impls :: proc() -> [dynamic]aes.Implementation {
+	impls := make([dynamic]aes.Implementation, 0, 2, context.temp_allocator)
+	append(&impls, aes.Implementation.Portable)
+	if aes.is_hardware_accelerated() {
+		append(&impls, aes.Implementation.Hardware)
+	}
+
+	return impls
+}
+
 test_aes_ecb :: proc(t: ^testing.T, impl: aes.Implementation) {
 	log.debugf("Testing AES-ECB/%v", impl)
 
@@ -197,13 +201,13 @@ test_aes_ctr :: proc(t: ^testing.T, impl: aes.Implementation) {
 
 	ctx: aes.Context_CTR
 	key: [aes.KEY_SIZE_256]byte
-	nonce: [aes.CTR_IV_SIZE]byte
-	aes.init_ctr(&ctx, key[:], nonce[:], impl)
+	iv: [aes.CTR_IV_SIZE]byte
+	aes.init_ctr(&ctx, key[:], iv[:], impl)
 
 	h_ctx: sha2.Context_512
 	sha2.init_512_256(&h_ctx)
 
-	for i := 1; i < 2048; i = i + 1 {
+	for i := 1; i <= 2048; i = i + 1 {
 		aes.keystream_bytes_ctr(&ctx, tmp[:i])
 		sha2.update(&h_ctx, tmp[:i])
 	}
@@ -212,7 +216,7 @@ test_aes_ctr :: proc(t: ^testing.T, impl: aes.Implementation) {
 	sha2.final(&h_ctx, digest[:])
 	digest_str := string(hex.encode(digest[:], context.temp_allocator))
 
-	expected_digest_str := "d4445343afeb9d1237f95b10d00358aed4c1d7d57c9fe480cd0afb5e2ffd448c"
+	expected_digest_str := "b5ba4e7d6e3d1ff2bb54387fc1528573a6b351610ce7bcc80b00da089f4b1bf0"
 	testing.expectf(
 		t,
 		expected_digest_str == digest_str,
@@ -222,223 +226,3 @@ test_aes_ctr :: proc(t: ^testing.T, impl: aes.Implementation) {
 		digest_str,
 	)
 }
-
-test_aes_gcm :: proc(t: ^testing.T, impl: aes.Implementation) {
-	log.debugf("Testing AES-GCM/%v", impl)
-
-	// NIST did a reorg of their site, so the source of the test vectors
-	// is only available from an archive.  The commented out tests are
-	// for non-96-bit IVs which our implementation does not support.
-	//
-	// https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
-	test_vectors := []struct {
-		key: string,
-		iv: string,
-		aad: string,
-		plaintext: string,
-		ciphertext: string,
-		tag: string,
-	} {
-		{
-			"00000000000000000000000000000000",
-			"000000000000000000000000",
-			"",
-			"",
-			"",
-			"58e2fccefa7e3061367f1d57a4e7455a",
-		},
-		{
-			"00000000000000000000000000000000",
-			"000000000000000000000000",
-			"",
-			"00000000000000000000000000000000",
-			"0388dace60b6a392f328c2b971b2fe78",
-			"ab6e47d42cec13bdf53a67b21257bddf",
-		},
-		{
-			"feffe9928665731c6d6a8f9467308308",
-			"cafebabefacedbaddecaf888",
-			"",
-			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
-			"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
-			"4d5c2af327cd64a62cf35abd2ba6fab4",
-		},
-		{
-			"feffe9928665731c6d6a8f9467308308",
-			"cafebabefacedbaddecaf888",
-			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-			"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
-			"5bc94fbc3221a5db94fae95ae7121a47",
-		},
-		/*
-			{
-				"feffe9928665731c6d6a8f9467308308",
-				"cafebabefacedbad",
-				"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-				"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-				"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
-				"3612d2e79e3b0785561be14aaca2fccb",
-			},
-			{
-				"feffe9928665731c6d6a8f9467308308",
-				"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
-				"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-				"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-				"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
-				"619cc5aefffe0bfa462af43c1699d050",
-			},
-		*/
-		{
-			"000000000000000000000000000000000000000000000000",
-			"000000000000000000000000",
-			"",
-			"",
-			"",
-			"cd33b28ac773f74ba00ed1f312572435",
-		},
-		{
-			"000000000000000000000000000000000000000000000000",
-			"000000000000000000000000",
-			"",
-			"00000000000000000000000000000000",
-			"98e7247c07f0fe411c267e4384b0f600",
-			"2ff58d80033927ab8ef4d4587514f0fb",
-		},
-		{
-			"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-			"cafebabefacedbaddecaf888",
-			"",
-			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
-			"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
-			"9924a7c8587336bfb118024db8674a14",
-		},
-		{
-			"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-			"cafebabefacedbaddecaf888",
-			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-			"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
-			"2519498e80f1478f37ba55bd6d27618c",
-		},
-		/*
-			{
-				"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-				"cafebabefacedbad",
-				"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-				"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-				"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
-				"65dcc57fcf623a24094fcca40d3533f8",
-			},
-			{
-				"feffe9928665731c6d6a8f9467308308feffe9928665731c",
-				"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
-				"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-				"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-				"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
-				"dcf566ff291c25bbb8568fc3d376a6d9",
-			},
-		*/
-		{
-			"0000000000000000000000000000000000000000000000000000000000000000",
-			"000000000000000000000000",
-			"",
-			"",
-			"",
-			"530f8afbc74536b9a963b4f1c4cb738b",
-		},
-		{
-			"0000000000000000000000000000000000000000000000000000000000000000",
-			"000000000000000000000000",
-			"",
-			"00000000000000000000000000000000",
-			"cea7403d4d606b6e074ec5d3baf39d18",
-			"d0d1c8a799996bf0265b98b5d48ab919",
-		},
-		{
-			"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-			"cafebabefacedbaddecaf888",
-			"",
-			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
-			"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
-			"b094dac5d93471bdec1a502270e3cc6c",
-		},
-		{
-			"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-			"cafebabefacedbaddecaf888",
-			"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-			"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-			"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
-			"76fc6ece0f4e1768cddf8853bb2d551b",
-		},
-		/*
-			{
-				"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-				"cafebabefacedbad",
-				"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-				"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-				"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
-				"3a337dbf46a792c45e454913fe2ea8f2",
-			},
-			{
-				"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
-				"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
-				"feedfacedeadbeeffeedfacedeadbeefabaddad2",
-				"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
-				"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
-				"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
-			},
-		*/
-	}
-	for v, _ in test_vectors {
-		key, _ := hex.decode(transmute([]byte)(v.key), context.temp_allocator)
-		iv, _ := hex.decode(transmute([]byte)(v.iv), context.temp_allocator)
-		aad, _ := hex.decode(transmute([]byte)(v.aad), context.temp_allocator)
-		plaintext, _ := hex.decode(transmute([]byte)(v.plaintext), context.temp_allocator)
-		ciphertext, _ := hex.decode(transmute([]byte)(v.ciphertext), context.temp_allocator)
-		tag, _ := hex.decode(transmute([]byte)(v.tag), context.temp_allocator)
-
-		tag_ := make([]byte, len(tag), context.temp_allocator)
-		dst := make([]byte, len(ciphertext), context.temp_allocator)
-
-		ctx: aes.Context_GCM
-		aes.init_gcm(&ctx, key, impl)
-
-		aes.seal_gcm(&ctx, dst, tag_, iv, aad, plaintext)
-		dst_str := string(hex.encode(dst[:], context.temp_allocator))
-		tag_str := string(hex.encode(tag_[:], context.temp_allocator))
-
-		testing.expectf(
-			t,
-			dst_str == v.ciphertext && tag_str == v.tag,
-			"AES-GCM/%v: Expected: (%s, %s) for seal(%s, %s, %s, %s), but got (%s, %s) instead",
-			impl,
-			v.ciphertext,
-			v.tag,
-			v.key,
-			v.iv,
-			v.aad,
-			v.plaintext,
-			dst_str,
-			tag_str,
-		)
-
-		ok := aes.open_gcm(&ctx, dst, iv, aad, ciphertext, tag)
-		dst_str = string(hex.encode(dst[:], context.temp_allocator))
-
-		testing.expectf(
-			t,
-			ok && dst_str == v.plaintext,
-			"AES-GCM/%v: Expected: (%s, true) for open(%s, %s, %s, %s, %s), but got (%s, %v) instead",
-			impl,
-			v.plaintext,
-			v.key,
-			v.iv,
-			v.aad,
-			v.ciphertext,
-			v.tag,
-			dst_str,
-			ok,
-		)
-	}
-}
author	Jeroen van Rijn <Kelimion@users.noreply.github.com>	2024-08-10 17:17:00 +0200
committer	GitHub <noreply@github.com>	2024-08-10 17:17:00 +0200
commit	9759d56c815b2b2a98b24f0810d343e82ea8f4ac (patch)
tree	8c7c3d1fcac5527b85984df50f79f08c25caafe5 /tests
parent	d73ad8eb1e0e8f97c59319457e3b2a06a42b2829 (diff)
parent	ba1ad82c2b13aead2ec0c6450dd3b45420b84748 (diff)