8 éve · 976dfd0a58
--- a/xts/xts.go
+++ b/xts/xts.go
@@ -23,6 +23,7 @@ package xts // import "golang.org/x/crypto/xts"
 
				 
			
 
				 import (
			
 
				 	"crypto/cipher"
			
 
				+	"encoding/binary"
			
 
				 	"errors"
			
 
				 )
			
 
				 
			
@@ -65,21 +66,20 @@ func (c *Cipher) Encrypt(ciphertext, plaintext []byte, sectorNum uint64) {
 
				 	}
			
 
				 
			
 
				 	var tweak [blockSize]byte
			
 
				-	for i := 0; i < 8; i++ {
			
 
				-		tweak[i] = byte(sectorNum)
			
 
				-		sectorNum >>= 8
			
 
				-	}
			
 
				+	binary.LittleEndian.PutUint64(tweak[:8], sectorNum)
			
 
				 
			
 
				 	c.k2.Encrypt(tweak[:], tweak[:])
			
 
				 
			
 
				-	for i := 0; i < len(plaintext); i += blockSize {
			
 
				-		for j := 0; j < blockSize; j++ {
			
 
				-			ciphertext[i+j] = plaintext[i+j] ^ tweak[j]
			
 
				+	for len(plaintext) > 0 {
			
 
				+		for j := range tweak {
			
 
				+			ciphertext[j] = plaintext[j] ^ tweak[j]
			
 
				 		}
			
 
				-		c.k1.Encrypt(ciphertext[i:], ciphertext[i:])
			
 
				-		for j := 0; j < blockSize; j++ {
			
 
				-			ciphertext[i+j] ^= tweak[j]
			
 
				+		c.k1.Encrypt(ciphertext, ciphertext)
			
 
				+		for j := range tweak {
			
 
				+			ciphertext[j] ^= tweak[j]
			
 
				 		}
			
 
				+		plaintext = plaintext[blockSize:]
			
 
				+		ciphertext = ciphertext[blockSize:]
			
 
				 
			
 
				 		mul2(&tweak)
			
 
				 	}
			
@@ -97,21 +97,20 @@ func (c *Cipher) Decrypt(plaintext, ciphertext []byte, sectorNum uint64) {
 
				 	}
			
 
				 
			
 
				 	var tweak [blockSize]byte
			
 
				-	for i := 0; i < 8; i++ {
			
 
				-		tweak[i] = byte(sectorNum)
			
 
				-		sectorNum >>= 8
			
 
				-	}
			
 
				+	binary.LittleEndian.PutUint64(tweak[:8], sectorNum)
			
 
				 
			
 
				 	c.k2.Encrypt(tweak[:], tweak[:])
			
 
				 
			
 
				-	for i := 0; i < len(plaintext); i += blockSize {
			
 
				-		for j := 0; j < blockSize; j++ {
			
 
				-			plaintext[i+j] = ciphertext[i+j] ^ tweak[j]
			
 
				+	for len(ciphertext) > 0 {
			
 
				+		for j := range tweak {
			
 
				+			plaintext[j] = ciphertext[j] ^ tweak[j]
			
 
				 		}
			
 
				-		c.k1.Decrypt(plaintext[i:], plaintext[i:])
			
 
				-		for j := 0; j < blockSize; j++ {
			
 
				-			plaintext[i+j] ^= tweak[j]
			
 
				+		c.k1.Decrypt(plaintext, plaintext)
			
 
				+		for j := range tweak {
			
 
				+			plaintext[j] ^= tweak[j]
			
 
				 		}
			
 
				+		plaintext = plaintext[blockSize:]
			
 
				+		ciphertext = ciphertext[blockSize:]
			
 
				 
			
 
				 		mul2(&tweak)
			
 
				 	}
			
--- a/xts/xts_test.go
+++ b/xts/xts_test.go
@@ -83,3 +83,23 @@ func TestXTS(t *testing.T) {
 
				 		}
			
 
				 	}
			
 
				 }
			
 
				+
			
 
				+func TestShorterCiphertext(t *testing.T) {
			
 
				+	// Decrypt used to panic if the input was shorter than the output. See
			
 
				+	// https://go-review.googlesource.com/c/39954/
			
 
				+	c, err := NewCipher(aes.NewCipher, make([]byte, 32))
			
 
				+	if err != nil {
			
 
				+		t.Fatalf("NewCipher failed: %s", err)
			
 
				+	}
			
 
				+
			
 
				+	plaintext := make([]byte, 32)
			
 
				+	encrypted := make([]byte, 48)
			
 
				+	decrypted := make([]byte, 48)
			
 
				+
			
 
				+	c.Encrypt(encrypted, plaintext, 0)
			
 
				+	c.Decrypt(decrypted, encrypted[:len(plaintext)], 0)
			
 
				+
			
 
				+	if !bytes.Equal(plaintext, decrypted[:len(plaintext)]) {
			
 
				+		t.Errorf("En/Decryption is not inverse")
			
 
				+	}
			
 
				+}