[FFmpeg-devel] [PATCH] aes: When generating the expanded key, an XOR with the previous key was missing

Michael Niedermayer michaelni
Wed Jul 18 16:47:30 CEST 2007


On Wed, Jul 18, 2007 at 09:02:49AM +0100, Andy Parkins wrote:
> The line generating the primary word of the expanded key was done like
> this:
>   for(i = 0; i < 4; i++)
>       tk[0][i] ^= sbox[tk[KC-1][(i+1)&3]];
> This was incorrect.  Every output byte should be XORed with the
> equivalent byte in the previous key.  This is being correctly done for
> the non-primary words, but not for the primary word.
> This patch changes the above to
>   for(i = 0; i < 4; i++) {
>       tk[0][i] = sbox[tk[KC-1][(i+1)&3]];
>       tk[0][i] ^= (a->round_key[0][0]+t)[i];
>   }
> This uses the fact that the previous key has just been written to the
> round_key array to look it up again and XOR it with the current value.
> This change makes the expanded key from aes.c match the sample expansion
> for a NUL key match shown on
> http://en.wikipedia.org/wiki/Rijndael_key_schedule.

i dont remember without checking what exactly should be done but your
change _totally_ breaks the code

there are official test vectors, aes.c contains some and selftesting code
please use this
(and avoid wakipuding\H\H\H\H\H\H\H\H\H\Hwikipedia as authorative source of
information if there are official and public test vectors, source and
description available)

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070718/777133bc/attachment.pgp>

More information about the ffmpeg-devel mailing list