avutil/twofish: Fixed decryption

The previous implementation swapped the two halves of the plaintext. The
existing tests only decrypted data with a plaintext of all zeroes, which is
not affected by swapping the halves. Tests which detect the old buggy behavior
have been added.

Signed-off-by: Sebastian Kirmayer <ffmpeg@kirmayer.eu>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This commit is contained in:
Sebastian Kirmayer 2021-08-09 03:26:20 +02:00 committed by Andreas Rheinhardt
parent bb69b734c7
commit dfd06ee710
2 changed files with 16 additions and 7 deletions

View File

@ -39,7 +39,7 @@ int main(int argc, char *argv[])
};
uint8_t temp[32], iv[16], rpt[32] = {0};
const int kbits[3] = {128, 192, 256};
int i, j, err = 0;
int i, j, k, err = 0;
struct AVTWOFISH *cs;
cs = av_twofish_alloc();
if (!cs)
@ -70,10 +70,19 @@ int main(int argc, char *argv[])
memcpy(Key+16,Key,(kbits[j]-128) >> 3);
memcpy(Key,rpt,16);
memcpy(rpt,temp,16);
av_twofish_crypt(cs, temp, temp, 1, NULL, 1);
for (k = 0; k < 16; k++) {
// Need to compare to Key here, because the plaintext comes
// from rpt but was moved over to Key.
if (Key[k] != temp[k]) {
av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", k, Key[k], temp[k]);
err = 1;
}
}
}
for (i = 0; i < 16; i++) {
if (rct[3 + j][i] != temp[i]) {
av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[3 + j][i], temp[i]);
if (rct[3 + j][i] != rpt[i]) {
av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[3 + j][i], rpt[i]);
err = 1;
}
}

View File

@ -260,10 +260,10 @@ static void twofish_decrypt(AVTWOFISH *cs, uint8_t *dst, const uint8_t *src, uin
P[3] ^= AV_RL32(iv + 12);
memcpy(iv, src, 16);
}
AV_WL32(dst, P[2]);
AV_WL32(dst + 4, P[3]);
AV_WL32(dst + 8, P[0]);
AV_WL32(dst + 12, P[1]);
AV_WL32(dst, P[0]);
AV_WL32(dst + 4, P[1]);
AV_WL32(dst + 8, P[2]);
AV_WL32(dst + 12, P[3]);
}
av_cold int av_twofish_init(AVTWOFISH *cs, const uint8_t *key, int key_bits)