vector test from C implementation

2026-04-09 09:57:25 +02:00
parent 8b79c359ec
commit 8b9add7d51
1 changed files with 109 additions and 0 deletions
@@ -414,4 +414,113 @@ mod tests {

        assert_ne!(predicted, cipher.next_byte());
    }
+
+
+    //###################
+    // C vector test
+    //###################
+
+    const LUT_A: [u16; 8] = [
+        0x92A7, 0xA761, 0x974C, 0x6B8C,
+        0x29CE, 0x176C, 0x39D4, 0x7463,
+    ];
+
+    const LUT_B: [u16; 8] = [
+        0x9D58, 0xA46D, 0x176C, 0x79C4,
+        0xC62B, 0xB2C9, 0x4D93, 0x2E93,
+    ];
+
+    fn compute_iv(dw_frame_numbers: u32) -> u64 {
+        let mut dw_xorred = dw_frame_numbers ^ 0xC43A7D51;
+        dw_xorred = dw_xorred.rotate_left(8);
+        let qw_iv = ((dw_frame_numbers as u64) << 32) | (dw_xorred as u64);
+        qw_iv.rotate_right(8)
+    }
+
+    fn tea3_reorder_state_byte(b_st_byte: u8) -> u8 {
+        let mut b_out = 0u8;
+        b_out |= (b_st_byte << 6) & 0x40;
+        b_out |= (b_st_byte << 1) & 0x20;
+        b_out |= (b_st_byte << 2) & 0x98;
+        b_out |= (b_st_byte >> 4) & 0x04;
+        b_out |= (b_st_byte >> 3) & 0x01;
+        b_out |= (b_st_byte >> 6) & 0x02;
+        b_out
+    }
+
+    fn tea3_state_word_to_newbyte(w_st: u16, aw_lut: &[u16; 8]) -> u8 {
+        let mut b_st0 = (w_st & 0x00FF) as u8;
+        let mut b_st1 = (w_st >> 8) as u8;
+
+        let mut b_out = 0u8;
+
+        for i in 0..8 {
+            let b_dist = ((b_st0 >> 5) & 0x03) | ((b_st1 >> 3) & 0x0C);
+            if (aw_lut[i] & (1 << b_dist)) != 0 {
+                b_out |= 1 << i;
+            }
+
+            b_st0 = b_st0.rotate_right(1);
+            b_st1 = b_st1.rotate_right(1);
+        }
+
+        b_out
+    }
+
+    fn tea3_reference(dw_frame_numbers: u32, key: &[u8; 10], out_len: usize) -> Vec<u8> {
+        let mut key_reg = *key;
+        let mut iv = compute_iv(dw_frame_numbers);
+        let mut out = Vec::with_capacity(out_len);
+
+        let mut num_skip_rounds = 51usize;
+
+        for _ in 0..out_len {
+            for _ in 0..num_skip_rounds {
+                // Step 1: key register
+                let sbox_out = TEA3_P[(key_reg[7] ^ key_reg[2]) as usize] ^ key_reg[0];
+                key_reg.copy_within(1..10, 0);
+                key_reg[9] = sbox_out;
+
+                // Step 2: state derived bytes
+                let deriv_byte12 =
+                    tea3_state_word_to_newbyte(((iv >> 8) & 0xFFFF) as u16, &LUT_A);
+                let deriv_byte56 =
+                    tea3_state_word_to_newbyte(((iv >> 40) & 0xFFFF) as u16, &LUT_B);
+                let reord_byte4 = tea3_reorder_state_byte(((iv >> 32) & 0xFF) as u8);
+
+                // Step 3: combine
+                let new_byte = (((iv >> 56) as u8) ^ reord_byte4 ^ deriv_byte12 ^ sbox_out) & 0xFF;
+                let mix_byte = deriv_byte56 as u64;
+
+                // Step 4: update IV, state
+                iv = ((iv << 8) ^ (mix_byte << 40)) | (new_byte as u64);
+            }
+
+            out.push((iv >> 56) as u8);
+            num_skip_rounds = 19;
+        }
+
+        out
+    }
+
+    #[test]
+    fn test_tea3_c_vectors() {
+        let cases: [([u8; 10], u32, [u8; 10]); 2] = [
+            (
+                [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00],
+                0x11111111,
+                [0x06, 0xA6, 0x58, 0x8C, 0x5D, 0x9A, 0x99, 0x6D, 0xD2, 0x5E],
+            ),
+            (
+                [0xA7, 0x98, 0x39, 0xE4, 0xBA, 0x88, 0xEE, 0x54, 0xA0, 0x29],
+                0x01234567,
+                [0x02, 0x49, 0x1E, 0xF5, 0x57, 0xC5, 0x1C, 0x17, 0x73, 0x0C],
+            ),
+        ];
+
+        for (key, frame, expected) in cases {
+            let got = tea3_reference(frame, &key, 10);
+            assert_eq!(got.as_slice(), &expected, "frame = {frame:#010X}");
+        }
+    }
 }