From d654c893ef4658da83ed5753cb4c360e60e5afa3 Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Sat, 13 May 2017 19:15:46 -0400
Subject: [PATCH] Add polynomial for 1024-bit block cipher. This will support
 Threefish and its 1024-bit block size. I believe this is correct, but it may
 be wrong. According to "Table of Low-Weight Binary Irreducible Polynomials"
 (http://www.hpl.hp.com/techreports/98/HPL-98-135.pdf), the polynomial is
 x^1024 + x^19 + x^6 + x + 1.

---
 cmac.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/cmac.cpp b/cmac.cpp
index ca04d0bd..81047827 100644
--- a/cmac.cpp
+++ b/cmac.cpp
@@ -31,15 +31,24 @@ static void MulU(byte *k, unsigned int length)
 			k[15] ^= 0x87;
 			break;
 		case 32:
-			// Should this be 0x425?
+			// https://crypto.stackexchange.com/q/9815/10496
+			// Polynomial x^256 + x^10 + x^5 + x + 1
 			k[30] ^= 4;
 			k[31] ^= 0x23;
 			break;
 		case 64:
 			// https://crypto.stackexchange.com/q/9815/10496
+			// Polynomial x^512 + x^8 + x^5 + x^2 + 1
 			k[62] ^= 1;
 			k[63] ^= 0x25;
 			break;
+		case 128:
+			// https://crypto.stackexchange.com/q/9815/10496
+			// Polynomial x^1024 + x^19 + x^6 + x + 1
+			k[126] ^= 8;
+			k[126] ^= 0x00;
+			k[127] ^= 0x43;
+			break;
 		default:
 			throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
 		}