Deprecated in favor of std.crypto. To be removed after Zig 0.14.0 is released.
As a reminder, never use "utils" in a namespace (in any programming language). https://ziglang.org/documentation/0.13.0/#Avoid-Redundancy-in-Names
pub inline fn secureZero(comptime T: type, s: []volatile T) voidSets a slice to zeroes. Prevents the store from being optimized out.
T: types: []volatile Ttest secureZero {
var a = [_]u8{0xfe} ** 8;
var b = [_]u8{0xfe} ** 8;
@memset(&a, 0);
secureZero(u8, &b);
try std.testing.expectEqualSlices(u8, &a, &b);
}pub inline fn secureZero(comptime T: type, s: []volatile T) void {
@memset(s, 0);
}pub fn eql(comptime T: type, a: T, b: T) boolCompares two arrays in constant time (for a given length) and returns whether they are equal. This function was designed to compare short cryptographic secrets (MACs, signatures). For all other applications, use mem.eql() instead.
T: typea: Tb: Ttest eql {
const random = std.crypto.random;
const expect = std.testing.expect;
var a: [100]u8 = undefined;
var b: [100]u8 = undefined;
random.bytes(a[0..]);
random.bytes(b[0..]);
try expect(!eql([100]u8, a, b));
a = b;
try expect(eql([100]u8, a, b));
}pub fn eql(comptime T: type, a: T, b: T) bool {
switch (@typeInfo(T)) {
.array => |info| {
const C = info.child;
if (@typeInfo(C) != .int) {
@compileError("Elements to be compared must be integers");
}
var acc = @as(C, 0);
for (a, 0..) |x, i| {
acc |= x ^ b[i];
}
const s = @typeInfo(C).int.bits;
const Cu = std.meta.Int(.unsigned, s);
const Cext = std.meta.Int(.unsigned, s + 1);
return @as(bool, @bitCast(@as(u1, @truncate((@as(Cext, @as(Cu, @bitCast(acc))) -% 1) >> s))));
},
.vector => |info| {
const C = info.child;
if (@typeInfo(C) != .int) {
@compileError("Elements to be compared must be integers");
}
const acc = @reduce(.Or, a ^ b);
const s = @typeInfo(C).int.bits;
const Cu = std.meta.Int(.unsigned, s);
const Cext = std.meta.Int(.unsigned, s + 1);
return @as(bool, @bitCast(@as(u1, @truncate((@as(Cext, @as(Cu, @bitCast(acc))) -% 1) >> s))));
},
else => {
@compileError("Only arrays and vectors can be compared");
},
}
}Compare two integers serialized as arrays of the same size, in constant time. Returns .lt if a<b, .gt if a>b and .eq if a=b
test compare {
const expectEqual = std.testing.expectEqual;
var a = [_]u8{10} ** 32;
var b = [_]u8{10} ** 32;
try expectEqual(compare(u8, &a, &b, .big), .eq);
try expectEqual(compare(u8, &a, &b, .little), .eq);
a[31] = 1;
try expectEqual(compare(u8, &a, &b, .big), .lt);
try expectEqual(compare(u8, &a, &b, .little), .lt);
a[0] = 20;
try expectEqual(compare(u8, &a, &b, .big), .gt);
try expectEqual(compare(u8, &a, &b, .little), .lt);
}pub fn compare(comptime T: type, a: []const T, b: []const T, endian: Endian) Order {
assert(a.len == b.len);
const bits = switch (@typeInfo(T)) {
.int => |cinfo| if (cinfo.signedness != .unsigned) @compileError("Elements to be compared must be unsigned") else cinfo.bits,
else => @compileError("Elements to be compared must be integers"),
};
const Cext = std.meta.Int(.unsigned, bits + 1);
var gt: T = 0;
var eq: T = 1;
if (endian == .little) {
var i = a.len;
while (i != 0) {
i -= 1;
const x1 = a[i];
const x2 = b[i];
gt |= @as(T, @truncate((@as(Cext, x2) -% @as(Cext, x1)) >> bits)) & eq;
eq &= @as(T, @truncate((@as(Cext, (x2 ^ x1)) -% 1) >> bits));
}
} else {
for (a, 0..) |x1, i| {
const x2 = b[i];
gt |= @as(T, @truncate((@as(Cext, x2) -% @as(Cext, x1)) >> bits)) & eq;
eq &= @as(T, @truncate((@as(Cext, (x2 ^ x1)) -% 1) >> bits));
}
}
if (gt != 0) {
return Order.gt;
} else if (eq != 0) {
return Order.eq;
}
return Order.lt;
}pub fn add(comptime T: type, a: []const T, b: []const T, result: []T, endian: Endian) boolAdd two integers serialized as arrays of the same size, in constant time.
The result is stored into result, and true is returned if an overflow occurred.
pub fn add(comptime T: type, a: []const T, b: []const T, result: []T, endian: Endian) bool {
const len = a.len;
assert(len == b.len and len == result.len);
var carry: u1 = 0;
if (endian == .little) {
var i: usize = 0;
while (i < len) : (i += 1) {
const ov1 = @addWithOverflow(a[i], b[i]);
const ov2 = @addWithOverflow(ov1[0], carry);
result[i] = ov2[0];
carry = ov1[1] | ov2[1];
}
} else {
var i: usize = len;
while (i != 0) {
i -= 1;
const ov1 = @addWithOverflow(a[i], b[i]);
const ov2 = @addWithOverflow(ov1[0], carry);
result[i] = ov2[0];
carry = ov1[1] | ov2[1];
}
}
return @as(bool, @bitCast(carry));
}pub fn sub(comptime T: type, a: []const T, b: []const T, result: []T, endian: Endian) boolSubtract two integers serialized as arrays of the same size, in constant time.
The result is stored into result, and true is returned if an underflow occurred.
pub fn sub(comptime T: type, a: []const T, b: []const T, result: []T, endian: Endian) bool {
const len = a.len;
assert(len == b.len and len == result.len);
var borrow: u1 = 0;
if (endian == .little) {
var i: usize = 0;
while (i < len) : (i += 1) {
const ov1 = @subWithOverflow(a[i], b[i]);
const ov2 = @subWithOverflow(ov1[0], borrow);
result[i] = ov2[0];
borrow = ov1[1] | ov2[1];
}
} else {
var i: usize = len;
while (i != 0) {
i -= 1;
const ov1 = @subWithOverflow(a[i], b[i]);
const ov2 = @subWithOverflow(ov1[0], borrow);
result[i] = ov2[0];
borrow = ov1[1] | ov2[1];
}
}
return @as(bool, @bitCast(borrow));
}pub const utils = struct {
/// Deprecated in favor of `std.crypto.secureZero`.
pub const secureZero = std.crypto.secureZero;
/// Deprecated in favor of `std.crypto.timing_safe.eql`.
pub const timingSafeEql = timing_safe.eql;
/// Deprecated in favor of `std.crypto.timing_safe.compare`.
pub const timingSafeCompare = timing_safe.compare;
/// Deprecated in favor of `std.crypto.timing_safe.add`.
pub const timingSafeAdd = timing_safe.add;
/// Deprecated in favor of `std.crypto.timing_safe.sub`.
pub const timingSafeSub = timing_safe.sub;
}