Add polynomial for 512-bit block ciphers

I believe this is correct, but it may be wrong. According to the Kalyna team, the polynomial for GCM mode is x^512 + x^8 + x^5 + x^2 + 1. It appears the polinomial applies to other block cipher modes of operations, like CMAC.Dropping the first term and evaluating the remaining terms at X=2 results in 293 (0x125)
2017-05-13 17:36:29 -04:00 · 2017-05-13 17:36:29 -04:00 · 7697857481
parent e226523b05
commit 7697857481
1 changed files with 6 additions and 0 deletions
--- a/cmac.cpp
+++ b/cmac.cpp
@ -31,9 +31,15 @@ static void MulU(byte *k, unsigned int length)
 			k[15] ^= 0x87;
 			break;
 		case 32:
+			// Should this be 0x425?
 			k[30] ^= 4;
 			k[31] ^= 0x23;
 			break;
+		case 64:
+			// https://crypto.stackexchange.com/q/9815/10496
+			k[62] ^= 1;
+			k[63] ^= 0x25;
+			break;
 		default:
 			throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
 		}