shadps4-emu/ext-cryptopp
1
0
Fork 0
mirror of https://github.com/shadps4-emu/ext-cryptopp.git synced 2024-11-26 19:30:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix ARIA when XOR'ing final block (GH #1235)

Browse Source 
This is another mystery to me. I do not know why unrolling the XOR into building of outBlock fixes this problem.
This commit is contained in:
Jeffrey Walton 2023-09-30 03:26:24 -04:00
parent 5250ab2bf2
commit dde8e9fa23
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 72 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
aria.cpp
View File

@ -268,48 +268,84 @@ void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, b
rk = ARIA_KXL(rk, t); ARIA_FO(t); rk = ARIA_KXL(rk, t);
#if (CRYPTOPP_LITTLE_ENDIAN)
if (xorBlock)
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[11];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[15];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[13];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[12];
outBlock[ 0] = static_cast<byte>(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3] ^ xorBlock[ 0];
outBlock[ 1] = static_cast<byte>(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2] ^ xorBlock[ 1];
outBlock[ 2] = static_cast<byte>(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1] ^ xorBlock[ 2];
outBlock[ 3] = static_cast<byte>(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0] ^ xorBlock[ 3];
outBlock[ 4] = static_cast<byte>(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7] ^ xorBlock[ 4];
outBlock[ 5] = static_cast<byte>(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6] ^ xorBlock[ 5];
outBlock[ 6] = static_cast<byte>(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5] ^ xorBlock[ 6];
outBlock[ 7] = static_cast<byte>(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4] ^ xorBlock[ 7];
outBlock[ 8] = static_cast<byte>(X1[ARIA_BRF(t[2],3)] ) ^ rk[11] ^ xorBlock[ 8];
outBlock[ 9] = static_cast<byte>(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10] ^ xorBlock[ 9];
outBlock[10] = static_cast<byte>(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9] ^ xorBlock[10];
outBlock[11] = static_cast<byte>(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8] ^ xorBlock[11];
outBlock[12] = static_cast<byte>(X1[ARIA_BRF(t[3],3)] ) ^ rk[15] ^ xorBlock[12];
outBlock[13] = static_cast<byte>(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14] ^ xorBlock[13];
outBlock[14] = static_cast<byte>(S1[ARIA_BRF(t[3],1)] ) ^ rk[13] ^ xorBlock[14];
outBlock[15] = static_cast<byte>(S2[ARIA_BRF(t[3],0)] ) ^ rk[12] ^ xorBlock[15];
}
else
{
outBlock[ 0] = static_cast<byte>(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3];
outBlock[ 1] = static_cast<byte>(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
outBlock[ 2] = static_cast<byte>(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1];
outBlock[ 3] = static_cast<byte>(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0];
outBlock[ 4] = static_cast<byte>(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7];
outBlock[ 5] = static_cast<byte>(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6];
outBlock[ 6] = static_cast<byte>(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5];
outBlock[ 7] = static_cast<byte>(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4];
outBlock[ 8] = static_cast<byte>(X1[ARIA_BRF(t[2],3)] ) ^ rk[11];
outBlock[ 9] = static_cast<byte>(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10];
outBlock[10] = static_cast<byte>(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9];
outBlock[11] = static_cast<byte>(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8];
outBlock[12] = static_cast<byte>(X1[ARIA_BRF(t[3],3)] ) ^ rk[15];
outBlock[13] = static_cast<byte>(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14];
outBlock[14] = static_cast<byte>(S1[ARIA_BRF(t[3],1)] ) ^ rk[13];
outBlock[15] = static_cast<byte>(S2[ARIA_BRF(t[3],0)] ) ^ rk[12];
}
#else
if (xorBlock)
{
outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 0];
outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 1];
outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 2];
outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 3];
outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 4];
outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 5];
outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 6];
outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 7];
outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[ 8];
outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[ 9];
outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[10];
outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[11];
outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[12];
outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[13];
outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[14];
outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[15];
outBlock[ 0] = static_cast<byte>(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 0] ^ xorBlock[ 0];
outBlock[ 1] = static_cast<byte>(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 1] ^ xorBlock[ 1];
outBlock[ 2] = static_cast<byte>(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 2] ^ xorBlock[ 2];
outBlock[ 3] = static_cast<byte>(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 3] ^ xorBlock[ 3];
outBlock[ 4] = static_cast<byte>(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 4] ^ xorBlock[ 4];
outBlock[ 5] = static_cast<byte>(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 5] ^ xorBlock[ 5];
outBlock[ 6] = static_cast<byte>(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 6] ^ xorBlock[ 6];
outBlock[ 7] = static_cast<byte>(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 7] ^ xorBlock[ 7];
outBlock[ 8] = static_cast<byte>(X1[ARIA_BRF(t[2],3)] ) ^ rk[ 8] ^ xorBlock[ 8];
outBlock[ 9] = static_cast<byte>(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[ 9] ^ xorBlock[ 9];
outBlock[10] = static_cast<byte>(S1[ARIA_BRF(t[2],1)] ) ^ rk[10] ^ xorBlock[10];
outBlock[11] = static_cast<byte>(S2[ARIA_BRF(t[2],0)] ) ^ rk[11] ^ xorBlock[11];
outBlock[12] = static_cast<byte>(X1[ARIA_BRF(t[3],3)] ) ^ rk[12] ^ xorBlock[12];
outBlock[13] = static_cast<byte>(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[13] ^ xorBlock[13];
outBlock[14] = static_cast<byte>(S1[ARIA_BRF(t[3],1)] ) ^ rk[14] ^ xorBlock[14];
outBlock[15] = static_cast<byte>(S2[ARIA_BRF(t[3],0)] ) ^ rk[15] ^ xorBlock[15];
}
else
{
outBlock[ 0] = static_cast<byte>(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 0];
outBlock[ 1] = static_cast<byte>(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 1];
outBlock[ 2] = static_cast<byte>(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 2];
outBlock[ 3] = static_cast<byte>(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 3];
outBlock[ 4] = static_cast<byte>(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 4];
outBlock[ 5] = static_cast<byte>(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 5];
outBlock[ 6] = static_cast<byte>(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 6];
outBlock[ 7] = static_cast<byte>(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 7];
outBlock[ 8] = static_cast<byte>(X1[ARIA_BRF(t[2],3)] ) ^ rk[ 8];
outBlock[ 9] = static_cast<byte>(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[ 9];
outBlock[10] = static_cast<byte>(S1[ARIA_BRF(t[2],1)] ) ^ rk[10];
outBlock[11] = static_cast<byte>(S2[ARIA_BRF(t[2],0)] ) ^ rk[11];
outBlock[12] = static_cast<byte>(X1[ARIA_BRF(t[3],3)] ) ^ rk[12];
outBlock[13] = static_cast<byte>(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[13];
outBlock[14] = static_cast<byte>(S1[ARIA_BRF(t[3],1)] ) ^ rk[14];
outBlock[15] = static_cast<byte>(S2[ARIA_BRF(t[3],0)] ) ^ rk[15];
}
#endif // CRYPTOPP_LITTLE_ENDIAN
if (xorBlock != NULLPTR)
for (unsigned int n=0; n<ARIA::BLOCKSIZE; ++n)
outBlock[n] ^= xorBlock[n];
}
NAMESPACE_END