Commit 45478d86 by Rhys Weatherley Committed by Enrico Pozzobon

Fixed bugs in comet, estate, hyena, orange

Explanation of the bugs here: https://rweather.github.io/lightweight-crypto/bugs.html
parent 857d3ac8
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -287,7 +287,7 @@ const unsigned char *k
parse(MSG, m, mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......@@ -417,7 +417,7 @@ const unsigned char *k
parse(C, c, *mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -287,7 +287,7 @@ const unsigned char *k
parse(MSG, m, mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......@@ -417,7 +417,7 @@ const unsigned char *k
parse(C, c, *mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -287,7 +287,7 @@ const unsigned char *k
parse(MSG, m, mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......@@ -417,7 +417,7 @@ const unsigned char *k
parse(C, c, *mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -287,7 +287,7 @@ const unsigned char *k
parse(MSG, m, mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......@@ -417,7 +417,7 @@ const unsigned char *k
parse(C, c, *mlen);
//Za <- Za XOR 00100 0^(K-5)
Z[adlen_blocks*KSZ] ^= 0x20; /*00100000*/
Z[(adlen_blocks+1)*KSZ-1] ^= 0x20; /*00100000*/
//for i=0 to m-2 do
for(ull j=0; j<mlen_blocks-1; j++){
......
......@@ -87,9 +87,13 @@ void blockcipher_encrypt (u8 *ct, const u8 *pt, const u8 *K)
ct_temp[WSZ+j] += carry;
//set next carry
if (carry)
carry = (ct_temp[WSZ+j] <= ct[WSZ+((j+1)%WSZ)]) || (ct_temp[WSZ+j] <= ct[j]);
else
carry = (ct_temp[WSZ+j] < ct[WSZ+((j+1)%WSZ)]) || (ct_temp[WSZ+j] < ct[j]);
ct_temp[WSZ+j] ^= RK[i*WSZ+j];
}
......
......@@ -3,7 +3,7 @@ Key = 000102030405060708090A0B0C0D0E0F
Nonce = 000102030405060708090A0B0C0D0E0F
PT =
AD =
CT = 36ED76BBD25E0151517E683364727211
CT = AAB13EC6C00EA011AF831A0098A79883
Count = 2
Key = 000102030405060708090A0B0C0D0E0F
......
......@@ -108,6 +108,7 @@ static void mac(u8 *tag, const u8 (*round_keys)[32], const u8 *nonce, const u8 *
// generate tag when both ad and pt are empty
twks[0] = 0x08;
twegift_enc(&tag[0], &round_keys[0], &twks[0], &temp[0]);
return;
}
// generate tag when ad and/or pt are non-empty
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -114,7 +114,7 @@ void Feedback_TXT_Enc(u8 *State, u8 *output, const u8 *Delta, const u8 *input, c
feedback[i+8] = pad2[i+8];
}
for(i=8; i<15 ;i++)
for(i=8; i<16 ;i++)
{
feedback[i] ^= Delta[i-8];
}
......@@ -156,7 +156,7 @@ void Feedback_TXT_Dec(u8 *State, u8 *output, const u8 *Delta, const u8 *input, c
feedback[i] = pad1[i];
feedback[i+8] = pad2[i+8];
}
for(i=8; i<15 ;i++)
for(i=8; i<16 ;i++)
{
feedback[i] ^= Delta[i-8];
}
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -92,7 +92,7 @@ u32 load32(u8* Bytes)
{int i; u32 Block;
Block=0;
Block = (u32)(Bytes[3]);
for(i = 0; i < 3; i++) {Block <<= 8; Block = (Block)^(u32)(Bytes[i]);}
for(i = 0; i < 3; i++) {Block <<= 8; Block = (Block)^(u32)(Bytes[2-i]);}
return Block;}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment