Fixed bugs in comet, estate, hyena, orange

Explanation of the bugs here: https://rweather.github.io/lightweight-crypto/bugs.html

comet/Implementations/crypto_aead/comet128aesv1/ref/comet_64-128_and_128-128.c

@@ -287,7 +287,7 @@ const unsigned char *k
 		parse(MSG, m, mlen);
 		parse(MSG, m, mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -417,7 +417,7 @@ const unsigned char *k
 		parse(C, c, *mlen);
 		parse(C, c, *mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -476,4 +476,4 @@ const unsigned char *k
 	} else {
 	} else {
 		return -1;
 		return -1;
 	}
 	}
-}
+}
\ No newline at end of file

comet/Implementations/crypto_aead/comet128chamv1/ref/comet_64-128_and_128-128.c

@@ -287,7 +287,7 @@ const unsigned char *k
 		parse(MSG, m, mlen);
 		parse(MSG, m, mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -417,7 +417,7 @@ const unsigned char *k
 		parse(C, c, *mlen);
 		parse(C, c, *mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -476,4 +476,4 @@ const unsigned char *k
 	} else {
 	} else {
 		return -1;
 		return -1;
 	}
 	}
-}
+}
\ No newline at end of file

comet/Implementations/crypto_aead/comet64chamv1/ref/comet_64-128_and_128-128.c

@@ -287,7 +287,7 @@ const unsigned char *k
 		parse(MSG, m, mlen);
 		parse(MSG, m, mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -417,7 +417,7 @@ const unsigned char *k
 		parse(C, c, *mlen);
 		parse(C, c, *mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -476,4 +476,4 @@ const unsigned char *k
 	} else {
 	} else {
 		return -1;
 		return -1;
 	}
 	}
-}
+}
\ No newline at end of file

comet/Implementations/crypto_aead/comet64speckv1/ref/comet_64-128_and_128-128.c

@@ -287,7 +287,7 @@ const unsigned char *k
 		parse(MSG, m, mlen);
 		parse(MSG, m, mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -417,7 +417,7 @@ const unsigned char *k
 		parse(C, c, *mlen);
 		parse(C, c, *mlen);
 		
 		
 		//Za <- Za XOR 00100 0^(K-5)
 		//Za <- Za XOR 00100 0^(K-5)
-		Z[adlen_blocks*KSZ] ^= 0x20;	/*00100000*/
+		Z[(adlen_blocks+1)*KSZ-1] ^= 0x20;	/*00100000*/
 		
 		
 		//for i=0 to m-2 do
 		//for i=0 to m-2 do
 		for(ull j=0; j<mlen_blocks-1; j++){
 		for(ull j=0; j<mlen_blocks-1; j++){
@@ -476,4 +476,4 @@ const unsigned char *k
 	} else {
 	} else {
 		return -1;
 		return -1;
 	}
 	}
-}
+}
\ No newline at end of file

comet/Implementations/crypto_aead/comet64speckv1/ref/speck_64-128_and_128-128.c

@@ -87,7 +87,11 @@ void blockcipher_encrypt (u8 *ct, const u8 *pt, const u8 *K)
 			ct_temp[WSZ+j] += carry;
 			ct_temp[WSZ+j] += carry;
 			
 			
 			//set next carry
 			//set next carry
-			carry = (ct_temp[WSZ+j] < ct[WSZ+((j+1)%WSZ)]) || (ct_temp[WSZ+j] < ct[j]);
+			if (carry)
+				carry = (ct_temp[WSZ+j] <= ct[WSZ+((j+1)%WSZ)]) || (ct_temp[WSZ+j] <= ct[j]);
+			else
+				carry = (ct_temp[WSZ+j] < ct[WSZ+((j+1)%WSZ)]) || (ct_temp[WSZ+j] < ct[j]);
+
 			
 			
 			
 			
 			ct_temp[WSZ+j] ^= RK[i*WSZ+j];
 			ct_temp[WSZ+j] ^= RK[i*WSZ+j];
@@ -103,4 +107,4 @@ void blockcipher_encrypt (u8 *ct, const u8 *pt, const u8 *K)
 			ct[j] = ct_temp[j];
 			ct[j] = ct_temp[j];
 		}
 		}
     }
     }
-}
+}
\ No newline at end of file

estate/Implementations/crypto_aead/estatetwegift128v1/LWC_AEAD_KAT_128_128.txt

@@ -3,7 +3,7 @@ Key = 000102030405060708090A0B0C0D0E0F
 Nonce = 000102030405060708090A0B0C0D0E0F
 Nonce = 000102030405060708090A0B0C0D0E0F
 PT = 
 PT = 
 AD = 
 AD = 
-CT = 36ED76BBD25E0151517E683364727211
+CT = AAB13EC6C00EA011AF831A0098A79883
 
 
 Count = 2
 Count = 2
 Key = 000102030405060708090A0B0C0D0E0F
 Key = 000102030405060708090A0B0C0D0E0F

estate/Implementations/crypto_aead/estatetwegift128v1/ref/encrypt.c

@@ -108,6 +108,7 @@ static void mac(u8 *tag, const u8 (*round_keys)[32], const u8 *nonce, const u8 *
 		// generate tag when both ad and pt are empty
 		// generate tag when both ad and pt are empty
 		twks[0] = 0x08;
 		twks[0] = 0x08;
 		twegift_enc(&tag[0], &round_keys[0], &twks[0], &temp[0]);
 		twegift_enc(&tag[0], &round_keys[0], &twks[0], &temp[0]);
+		return;
 	}
 	}
 	
 	
 	// generate tag when ad and/or pt are non-empty
 	// generate tag when ad and/or pt are non-empty

hyena/Implementations/crypto_aead/hyenav1/ref/encrypt.c

@@ -114,7 +114,7 @@ void Feedback_TXT_Enc(u8 *State, u8 *output, const u8 *Delta, const u8 *input, c
            feedback[i+8] = pad2[i+8];
            feedback[i+8] = pad2[i+8];
 
 
      }
      }
-     for(i=8; i<15 ;i++)
+     for(i=8; i<16 ;i++)
      { 
      { 
 		feedback[i] ^= Delta[i-8];
 		feedback[i] ^= Delta[i-8];
      }
      }
@@ -156,7 +156,7 @@ void Feedback_TXT_Dec(u8 *State, u8 *output, const u8 *Delta, const u8 *input, c
 		feedback[i] = pad1[i];
 		feedback[i] = pad1[i];
         	feedback[i+8] = pad2[i+8];
         	feedback[i+8] = pad2[i+8];
         }
         }
-    	for(i=8; i<15 ;i++)
+    	for(i=8; i<16 ;i++)
      	{ 
      	{ 
 		feedback[i] ^= Delta[i-8];
 		feedback[i] ^= Delta[i-8];
      	}
      	}

orange/Implementations/crypto_aead/orangezestv1/ref/photon.h

@@ -92,7 +92,7 @@ u32 load32(u8* Bytes)
 {int i; u32 Block;
 {int i; u32 Block;
     Block=0;
     Block=0;
     Block = (u32)(Bytes[3]);
     Block = (u32)(Bytes[3]);
-    for(i = 0; i < 3; i++) {Block <<= 8; Block = (Block)^(u32)(Bytes[i]);}
+    for(i = 0; i < 3; i++) {Block <<= 8; Block = (Block)^(u32)(Bytes[2-i]);}
     return Block;}
     return Block;}