Re-enable the Tweak on Threefish

We also add a helper to PutDecodedDatumInto which reverses the little-endian values from the Threefish test vectors. Test vectors will follow at next check-in.
2024-11-23 09:59:42 +00:00 · 2017-05-15 18:42:20 -04:00 · 2017-05-15 18:42:20 -04:00 · a61c97f7ee
commit a61c97f7ee
parent f60f212687
2 changed files with 35 additions and 9 deletions
--- a/datatest.cpp
+++ b/datatest.cpp
@ -18,6 +18,7 @@
 #include "hkdf.h"
 #include "stdcpp.h"
 #include <iostream>
+#include <sstream>

 // Aggressive stack checking with VS2005 SP1 and above.
 #if (_MSC_FULL_VER >= 140050727)
@ -115,6 +116,19 @@ void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransfo
 			s1 = s1.substr(s1.find(' ')+1);
 		}

+		// Use like this (from Threefish test vectors, which supplies byte-reversed values):
+		//   Key: ce BC2560EFC6BBA2B1 E3361F162238EB40 FB8631EE0ABBD175 7B9479D4C5479ED1
+		// The 'ce' means BC2560EFC6BBA2B1 will be processed into B1A2BBC6EF6025BC.
+		if (s1.length() >= 2 && s1.substr(0,2) == "ce")
+		{
+			word64 value;
+			std::istringstream iss(s1.substr(3));
+			while (iss >> std::hex >> value)
+				q.Put((const byte *)&value, 8);
+
+			goto end;
+		}
+
 		s2.clear();
 		if (s1[0] == '\"')
 		{
@ -405,6 +419,16 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
 			decryptor->Seek(seek);
 		}

+		// If a per-test vector parameter was set for a test, like BlockPadding, BlockSize or Tweak,
+		// then it becomes latched in testDataPairs. The old value is used in subsequent tests, and
+		// it could cause a self test failure in the next test. The behavior surfaced under Kalyna
+		// and Threefish. The Kalyna test vectors use NO_PADDING for all tests excpet one. For
+		// Threefish, using (and not using) a Tweak caused problems as we marched through test
+		// vectors. For BlockPadding, BlockSize or Tweak, unlatch them now, after the key has been
+		// set and NameValuePairs have been processed. Also note we only unlatch from testDataPairs.
+		// If overrideParameters are specified, the caller is responsible for managing the parameter.
+		v.erase("Tweak"); v.erase("BlockSize"); v.erase("BlockPaddingScheme");
+
 		std::string encrypted, xorDigest, ciphertext, ciphertextXorDigest;
 		if (test == "EncryptionMCT" || test == "DecryptionMCT")
 		{
@ -488,14 +512,6 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters)
 			std::cout << "\n";
 			SignalTestFailure();
 		}
-
-		// If BlockSize or BlockPaddingScheme was set for a test, then it becomes latched
-		// in testDataPairs. The old value is used in subsequent tests, and it could cause a
-		// self test failure in the next test. The behavior surfaced under Kalyna, where the
-		// official test vectors use NO_PADDING for all tests excpet one. For BlockSize or
-		// BlockPaddingScheme, unlatch them now. Also note we only unlatch from testDataPairs.
-		// If overrideParameters are specified, then the caller is responsible.
-		v.erase("BlockSize"); v.erase("BlockPaddingScheme");
 	}
 	else
 	{
--- a/threefish.cpp
+++ b/threefish.cpp
@ -272,7 +272,17 @@ void Threefish::Base::UncheckedSetKey(const byte *key, unsigned int keylen, cons
    }

    m_tweak.New(3);
-    ::memset(m_tweak.begin(), 0x00, 24);
+    ConstByteArrayParameter t;
+    if (params.GetValue(Name::Tweak(), t))
+    {
+        CRYPTOPP_ASSERT(t.size() == 16);
+        GetUserKey(LITTLE_ENDIAN_ORDER, m_tweak.begin(), 2, t.begin(), 16);
+        m_tweak[2] = m_tweak[0] ^ m_tweak[1];
+    }
+    else
+    {
+        ::memset(m_tweak.begin(), 0x00, 24);
+    }
 }

 void Threefish::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const