Add polynomial for 512-bit block ciphers

I believe this is correct, but it may be wrong. According to the Kalyna team, the polynomial for GCM mode is x^512 + x^8 + x^5 + x^2 + 1. It appears the polinomial applies to other block cipher modes of operations, like CMAC.Dropping the first term and evaluating the remaining terms at X=2 results in 293 (0x125)
author: Jeffrey Walton <noloader@gmail.com> 2017-05-13 17:36:29 -0400
committer: Jeffrey Walton <noloader@gmail.com> 2017-05-13 17:36:29 -0400
commit: 7697857481f51c51766943d0487b08045efefd87 (patch)
tree: 7505b4841beed798e0d8e0de2230b8b8c93b3542 /cmac.cpp
parent: e226523b05b5d6ab99f68961246091fbc28195e9 (diff)
download: cryptopp-git-7697857481f51c51766943d0487b08045efefd87.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/cmac.cpp b/cmac.cpp
index f8570a7f..ca04d0bd 100644
--- a/cmac.cpp
+++ b/cmac.cpp
@@ -31,9 +31,15 @@ static void MulU(byte *k, unsigned int length)
 			k[15] ^= 0x87;
 			break;
 		case 32:
+			// Should this be 0x425?
 			k[30] ^= 4;
 			k[31] ^= 0x23;
 			break;
+		case 64:
+			// https://crypto.stackexchange.com/q/9815/10496
+			k[62] ^= 1;
+			k[63] ^= 0x25;
+			break;
 		default:
 			throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
 		}
author	Jeffrey Walton <noloader@gmail.com>	2017-05-13 17:36:29 -0400
committer	Jeffrey Walton <noloader@gmail.com>	2017-05-13 17:36:29 -0400
commit	7697857481f51c51766943d0487b08045efefd87 (patch)
tree	7505b4841beed798e0d8e0de2230b8b8c93b3542 /cmac.cpp
parent	e226523b05b5d6ab99f68961246091fbc28195e9 (diff)
download	cryptopp-git-7697857481f51c51766943d0487b08045efefd87.tar.gz