diff options
author | Jack Lloyd <[email protected]> | 2017-11-16 03:25:00 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-16 03:25:00 -0500 |
commit | f1b54cb3895f1b0007d29bcba90ad693bb7c898d (patch) | |
tree | 0c644e6a06f4fb7786c85b9bdcab443bf400a0b9 | |
parent | 59a8be2a65e74574aa2113636f9c8849afeb219e (diff) |
Correct CAST-128 decryption with more than 1 block
-rw-r--r-- | src/lib/block/cast/cast128.cpp | 64 | ||||
-rw-r--r-- | src/tests/data/block/cast128.vec | 4 |
2 files changed, 36 insertions, 32 deletions
diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index 584cd988a..442c6fc58 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -135,38 +135,38 @@ void CAST_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const uint32_t L0, R0, L1, R1; load_be(in, L0, R0, L1, R1); - R0 ^= F1(L0, m_MK[15], m_RK[15]); - R1 ^= F1(L1, m_MK[15], m_RK[15]); - L0 ^= F3(R0, m_MK[14], m_RK[14]); - L1 ^= F3(R1, m_MK[14], m_RK[14]); - R0 ^= F2(L0, m_MK[13], m_RK[13]); - R1 ^= F2(L1, m_MK[13], m_RK[13]); - L0 ^= F1(R0, m_MK[12], m_RK[12]); - L1 ^= F1(R1, m_MK[12], m_RK[12]); - R0 ^= F3(L0, m_MK[11], m_RK[11]); - R1 ^= F3(L1, m_MK[11], m_RK[11]); - L0 ^= F2(R0, m_MK[10], m_RK[10]); - L1 ^= F2(R1, m_MK[10], m_RK[10]); - R0 ^= F1(L0, m_MK[ 9], m_RK[ 9]); - R1 ^= F1(L1, m_MK[ 9], m_RK[ 9]); - L0 ^= F3(R0, m_MK[ 8], m_RK[ 8]); - L1 ^= F3(R1, m_MK[ 8], m_RK[ 8]); - R0 ^= F2(L0, m_MK[ 7], m_RK[ 7]); - R1 ^= F2(L1, m_MK[ 7], m_RK[ 7]); - L0 ^= F1(R0, m_MK[ 6], m_RK[ 6]); - L1 ^= F1(R1, m_MK[ 6], m_RK[ 6]); - R0 ^= F3(L0, m_MK[ 5], m_RK[ 5]); - R1 ^= F3(L1, m_MK[ 5], m_RK[ 5]); - L0 ^= F2(R0, m_MK[ 4], m_RK[ 4]); - L1 ^= F2(R1, m_MK[ 4], m_RK[ 4]); - R0 ^= F1(L0, m_MK[ 3], m_RK[ 3]); - R1 ^= F1(L1, m_MK[ 3], m_RK[ 3]); - L0 ^= F3(R0, m_MK[ 2], m_RK[ 2]); - L1 ^= F3(R1, m_MK[ 2], m_RK[ 2]); - R0 ^= F2(L0, m_MK[ 1], m_RK[ 1]); - R1 ^= F2(L1, m_MK[ 1], m_RK[ 1]); - L0 ^= F1(R0, m_MK[ 0], m_RK[ 0]); - L1 ^= F1(R1, m_MK[ 0], m_RK[ 0]); + L0 ^= F1(R0, m_MK[15], m_RK[15]); + L1 ^= F1(R1, m_MK[15], m_RK[15]); + R0 ^= F3(L0, m_MK[14], m_RK[14]); + R1 ^= F3(L1, m_MK[14], m_RK[14]); + L0 ^= F2(R0, m_MK[13], m_RK[13]); + L1 ^= F2(R1, m_MK[13], m_RK[13]); + R0 ^= F1(L0, m_MK[12], m_RK[12]); + R1 ^= F1(L1, m_MK[12], m_RK[12]); + L0 ^= F3(R0, m_MK[11], m_RK[11]); + L1 ^= F3(R1, m_MK[11], m_RK[11]); + R0 ^= F2(L0, m_MK[10], m_RK[10]); + R1 ^= F2(L1, m_MK[10], m_RK[10]); + L0 ^= F1(R0, m_MK[ 9], m_RK[ 9]); + L1 ^= F1(R1, m_MK[ 9], m_RK[ 9]); + R0 ^= F3(L0, m_MK[ 8], m_RK[ 8]); + R1 ^= F3(L1, m_MK[ 8], m_RK[ 8]); + L0 ^= F2(R0, m_MK[ 7], m_RK[ 7]); + L1 ^= F2(R1, m_MK[ 7], m_RK[ 7]); + R0 ^= F1(L0, m_MK[ 6], m_RK[ 6]); + R1 ^= F1(L1, m_MK[ 6], m_RK[ 6]); + L0 ^= F3(R0, m_MK[ 5], m_RK[ 5]); + L1 ^= F3(R1, m_MK[ 5], m_RK[ 5]); + R0 ^= F2(L0, m_MK[ 4], m_RK[ 4]); + R1 ^= F2(L1, m_MK[ 4], m_RK[ 4]); + L0 ^= F1(R0, m_MK[ 3], m_RK[ 3]); + L1 ^= F1(R1, m_MK[ 3], m_RK[ 3]); + R0 ^= F3(L0, m_MK[ 2], m_RK[ 2]); + R1 ^= F3(L1, m_MK[ 2], m_RK[ 2]); + L0 ^= F2(R0, m_MK[ 1], m_RK[ 1]); + L1 ^= F2(R1, m_MK[ 1], m_RK[ 1]); + R0 ^= F1(L0, m_MK[ 0], m_RK[ 0]); + R1 ^= F1(L1, m_MK[ 0], m_RK[ 0]); store_be(out, R0, L0, R1, L1); diff --git a/src/tests/data/block/cast128.vec b/src/tests/data/block/cast128.vec index 8412831bd..c10ebacc1 100644 --- a/src/tests/data/block/cast128.vec +++ b/src/tests/data/block/cast128.vec @@ -3,6 +3,10 @@ Key = 0123456712345678234567893456789A In = 0123456789ABCDEF Out = 238B4FE5847E44B2 +Key = 0123456712345678234567893456789A +In = 0123456789ABCDEF0123456789ABCDEF +Out = 238B4FE5847E44B2238B4FE5847E44B2 + Key = 51D35D2CFC978231CC8D404C05F20778 In = 0D5ED4BF2C101A00 Out = 851769123481EEBD |