[Cryptech-Commits] [sw/libhal] 01/02: Fix AESKeywrapWithPadding handling of very long messages.
git at cryptech.is
git at cryptech.is
Sat Jun 3 15:15:54 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.
commit 6a47490407210471afdd80f009123bd72014db3a
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Fri Jun 2 12:26:10 2017 -0400
Fix AESKeywrapWithPadding handling of very long messages.
We were XORing the low 32 bits of R[0] instead of the full 64 bits.
Makes no difference for small values of n, so we never detected it.
---
unit-tests.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/unit-tests.py b/unit-tests.py
index 9ebf91e..8b86d44 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -1035,6 +1035,10 @@ class AESKeyWrapWithPadding(object):
step = -1 if start > stop else 1
return xrange(start, stop + step, step)
+ @staticmethod
+ def _xor(R0, t):
+ return pack(">Q", unpack(">Q", R0)[0] ^ t)
+
def wrap(self, Q):
"RFC 5649 section 4.1."
m = len(Q) # Plaintext length
@@ -1051,9 +1055,7 @@ class AESKeyWrapWithPadding(object):
for j in self._start_stop(0, 5):
for i in self._start_stop(1, n):
R[0], R[i] = self._encrypt(R[0], R[i])
- W0, W1 = unpack(">LL", R[0])
- W1 ^= n * j + i
- R[0] = pack(">LL", W0, W1)
+ R[0] = self._xor(R[0], n * j + i)
assert len(R) == (n + 1) and all(len(r) == 8 for r in R)
return "".join(R)
@@ -1070,9 +1072,7 @@ class AESKeyWrapWithPadding(object):
# RFC 3394 section 2.2.2 steps (1), (2), and part of (3)
for j in self._start_stop(5, 0):
for i in self._start_stop(n, 1):
- W0, W1 = unpack(">LL", R[0])
- W1 ^= n * j + i
- R[0] = pack(">LL", W0, W1)
+ R[0] = self._xor(R[0], n * j + i)
R[0], R[i] = self._decrypt(R[0], R[i])
magic, m = unpack(">LL", R[0])
if magic != 0xa65959a6:
More information about the Commits
mailing list