diff options
author | Jeffrey Walton <noloader@gmail.com> | 2017-05-13 17:36:29 -0400 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2017-05-13 17:36:29 -0400 |
commit | 7697857481f51c51766943d0487b08045efefd87 (patch) | |
tree | 7505b4841beed798e0d8e0de2230b8b8c93b3542 /cmac.cpp | |
parent | e226523b05b5d6ab99f68961246091fbc28195e9 (diff) | |
download | cryptopp-git-7697857481f51c51766943d0487b08045efefd87.tar.gz |
Add polynomial for 512-bit block ciphers
I believe this is correct, but it may be wrong. According to the Kalyna team, the polynomial for GCM mode is x^512 + x^8 + x^5 + x^2 + 1. It appears the polinomial applies to other block cipher modes of operations, like CMAC.Dropping the first term and evaluating the remaining terms at X=2 results in 293 (0x125)
Diffstat (limited to 'cmac.cpp')
-rw-r--r-- | cmac.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -31,9 +31,15 @@ static void MulU(byte *k, unsigned int length) k[15] ^= 0x87;
break;
case 32:
+ // Should this be 0x425?
k[30] ^= 4;
k[31] ^= 0x23;
break;
+ case 64:
+ // https://crypto.stackexchange.com/q/9815/10496
+ k[62] ^= 1;
+ k[63] ^= 0x25;
+ break;
default:
throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
}
|