Fix a bug in CAST-128 affecting 11, 13, 14, or 15 byte keys

With keys not a multiple of 4 bytes, the zero bytes ended up in the wrong place. In the unlikely event anyone was affected by this they could just use the equivalent 16 byte key. Closes #2081
author: Jack Lloyd <[email protected]> 2019-08-26 11:24:04 -0400
committer: Jack Lloyd <[email protected]> 2019-08-26 11:24:04 -0400
commit: 14ba8584069e927210bc5a1707f865746f6f93c6 (patch)
tree: c191d8e8c97c45f1a3506e11e0552b8eb6bccd99 /src/lib/block
parent: 8a77591b2dccef8e5849fcefd214f3ae2f48ba6a (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/block/cast128/cast128.cpp b/src/lib/block/cast128/cast128.cpp
index 7ed7aa5e7..c5b66992b 100644
--- a/src/lib/block/cast128/cast128.cpp
+++ b/src/lib/block/cast128/cast128.cpp
@@ -210,9 +210,12 @@ void CAST_128::key_schedule(const uint8_t key[], size_t length)
    m_MK.resize(48);
    m_RK.resize(48);
 
+   secure_vector<uint8_t> key16(16);
+   copy_mem(key16.data(), key, length);
+
    secure_vector<uint32_t> X(4);
-   for(size_t i = 0; i != length; ++i)
-      X[i/4] = (X[i/4] << 8) + key[i];
+   for(size_t i = 0; i != 4; ++i)
+      X[i] = load_be<uint32_t>(key16.data(), i);
 
    cast_ks(m_MK, X);
author	Jack Lloyd <[email protected]>	2019-08-26 11:24:04 -0400
committer	Jack Lloyd <[email protected]>	2019-08-26 11:24:04 -0400
commit	14ba8584069e927210bc5a1707f865746f6f93c6 (patch)
tree	c191d8e8c97c45f1a3506e11e0552b8eb6bccd99 /src/lib/block
parent	8a77591b2dccef8e5849fcefd214f3ae2f48ba6a (diff)