avutil/twofish: Fixed decryption

The previous implementation swapped the two halves of the plaintext. The existing tests only decrypted data with a plaintext of all zeroes, which is not affected by swapping the halves. Tests which detect the old buggy behavior have been added. Signed-off-by: Sebastian Kirmayer <[email protected]> Signed-off-by: Andreas Rheinhardt <[email protected]>
SaschaVasarrhelyi · Dec 19, 2021 · dfd06ee · dfd06ee
1 parent bb69b73
commit dfd06ee
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/libavutil/tests/twofish.c b/libavutil/tests/twofish.c
@@ -39,7 +39,7 @@ int main(int argc, char *argv[])
     };
     uint8_t temp[32], iv[16], rpt[32] = {0};
     const int kbits[3] = {128, 192, 256};
-    int i, j, err = 0;
+    int i, j, k, err = 0;
     struct AVTWOFISH *cs;
     cs = av_twofish_alloc();
     if (!cs)
@@ -70,10 +70,19 @@ int main(int argc, char *argv[])
             memcpy(Key+16,Key,(kbits[j]-128) >> 3);
             memcpy(Key,rpt,16);
             memcpy(rpt,temp,16);
+            av_twofish_crypt(cs, temp, temp, 1, NULL, 1);
+            for (k = 0; k < 16; k++) {
+                // Need to compare to Key here, because the plaintext comes
+                // from rpt but was moved over to Key.
+                if (Key[k] != temp[k]) {
+                    av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", k, Key[k], temp[k]);
+                    err = 1;
+                }
+            }
         }
         for (i = 0; i < 16; i++) {
-            if (rct[3 + j][i] != temp[i]) {
-                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[3 + j][i], temp[i]);
+            if (rct[3 + j][i] != rpt[i]) {
+                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[3 + j][i], rpt[i]);
                 err = 1;
             }
         }

diff --git a/libavutil/twofish.c b/libavutil/twofish.c
@@ -260,10 +260,10 @@ static void twofish_decrypt(AVTWOFISH *cs, uint8_t *dst, const uint8_t *src, uin
         P[3] ^= AV_RL32(iv + 12);
         memcpy(iv, src, 16);
     }
-    AV_WL32(dst, P[2]);
-    AV_WL32(dst + 4, P[3]);
-    AV_WL32(dst + 8, P[0]);
-    AV_WL32(dst + 12, P[1]);
+    AV_WL32(dst, P[0]);
+    AV_WL32(dst + 4, P[1]);
+    AV_WL32(dst + 8, P[2]);
+    AV_WL32(dst + 12, P[3]);
 }
 
 av_cold int av_twofish_init(AVTWOFISH *cs, const uint8_t *key, int key_bits)