Fix the implementation of MDC-2. The state is chained as the key, not as the plaintext, through the block cipher
This commit is contained in:
parent
d4b2d07c6e
commit
21ed995281
1 changed files with 24 additions and 24 deletions
48
puer.c
48
puer.c
|
@ -130,36 +130,36 @@ void compress_hash(struct hashstate *state) {
|
||||||
message[2] = bytes2word(&state->buffer[8]);
|
message[2] = bytes2word(&state->buffer[8]);
|
||||||
message[3] = bytes2word(&state->buffer[12]);
|
message[3] = bytes2word(&state->buffer[12]);
|
||||||
|
|
||||||
// A_i, B_i
|
|
||||||
uint32_t a[4], b[4];
|
|
||||||
memcpy(a, state->a, sizeof(a));
|
|
||||||
memcpy(b, state->b, sizeof(b));
|
|
||||||
|
|
||||||
// V_i = M_i ^ E(M_i, A_i)
|
// V_i = M_i ^ E(M_i, A_i)
|
||||||
xxtea128(message, a);
|
// Note: In this description A_i is the *key*, not the plaintext
|
||||||
a[0] ^= message[0];
|
uint32_t v[4];
|
||||||
a[1] ^= message[1];
|
memcpy(v, message, sizeof(v));
|
||||||
a[2] ^= message[2];
|
xxtea128(state->a, v);
|
||||||
a[3] ^= message[3];
|
v[0] ^= message[0];
|
||||||
|
v[1] ^= message[1];
|
||||||
|
v[2] ^= message[2];
|
||||||
|
v[3] ^= message[3];
|
||||||
|
|
||||||
// W_i = M_i ^ E(M_i, B_i);
|
// W_i = M_i ^ E(M_i, B_i);
|
||||||
xxtea128(message, b);
|
uint32_t w[4];
|
||||||
b[0] ^= message[0];
|
memcpy(w, message, sizeof(w));
|
||||||
b[1] ^= message[1];
|
xxtea128(state->b, w);
|
||||||
b[2] ^= message[2];
|
w[0] ^= message[0];
|
||||||
b[3] ^= message[3];
|
w[1] ^= message[1];
|
||||||
|
w[2] ^= message[2];
|
||||||
|
w[3] ^= message[3];
|
||||||
|
|
||||||
// A_{i+1} = V_i^L || W_i^R
|
// A_{i+1} = Vwi^L || W_i^R
|
||||||
state->a[0] = a[0];
|
state->a[0] = v[0];
|
||||||
state->a[1] = a[1];
|
state->a[1] = v[1];
|
||||||
state->a[2] = b[2];
|
state->a[2] = w[2];
|
||||||
state->a[3] = b[3];
|
state->a[3] = w[3];
|
||||||
|
|
||||||
// B_{i+1} = W_i^L || V_i^R
|
// B_{i+1} = W_i^L || V_i^R
|
||||||
state->b[0] = b[0];
|
state->b[0] = v[0];
|
||||||
state->b[1] = b[1];
|
state->b[1] = v[1];
|
||||||
state->b[2] = a[2];
|
state->b[2] = w[2];
|
||||||
state->b[3] = a[3];
|
state->b[3] = w[3];
|
||||||
|
|
||||||
// Mark that we have consumed the buffer
|
// Mark that we have consumed the buffer
|
||||||
state->length = 0;
|
state->length = 0;
|
||||||
|
|
Loading…
Reference in a new issue