Add polynomial for 512-bit block ciphers

I believe this is correct, but it may be wrong. According to the Kalyna team, the polynomial for GCM mode is x^512 + x^8 + x^5 + x^2 + 1. It appears the polinomial applies to other block cipher modes of operations, like CMAC.Dropping the first term and evaluating the remaining terms at X=2 results in 293 (0x125)
weidai11 · May 13, 2017 · 7697857 · 7697857 · noloader · May 13, 2017
1 parent e226523
commit 7697857
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/cmac.cpp b/cmac.cpp
@@ -31,9 +31,15 @@ static void MulU(byte *k, unsigned int length)
 			k[15] ^= 0x87;
 			break;
 		case 32:
+			// Should this be 0x425?
 			k[30] ^= 4;
 			k[31] ^= 0x23;
 			break;
+		case 64:
+			// https://crypto.stackexchange.com/q/9815/10496
+			k[62] ^= 1;
+			k[63] ^= 0x25;
+			break;
 		default:
 			throw InvalidArgument("CMAC: " + IntToString(length) + " is not a supported cipher block size");
 		}