[FFmpeg-cvslog] avutil/twofish: Fixed decryption

[Sebastian Kirmayer]

ffmpeg | branch: master | Sebastian Kirmayer <ffmpeg at kirmayer.eu> | Mon Aug  9 03:26:20 2021 +0200| [dfd06ee710b547e0027a38f63cabe868e9ef1a3c] | committer: Andreas Rheinhardt

avutil/twofish: Fixed decryption

The previous implementation swapped the two halves of the plaintext. The
existing tests only decrypted data with a plaintext of all zeroes, which is
not affected by swapping the halves. Tests which detect the old buggy behavior
have been added.

Signed-off-by: Sebastian Kirmayer <ffmpeg at kirmayer.eu>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dfd06ee710b547e0027a38f63cabe868e9ef1a3c
---

 libavutil/tests/twofish.c | 15 ++++++++++++---
 libavutil/twofish.c       |  8 ++++----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/libavutil/tests/twofish.c b/libavutil/tests/twofish.c
index 74e0926eaf..7e8b129230 100644
--- a/libavutil/tests/twofish.c
+++ b/libavutil/tests/twofish.c
@@ -39,7 +39,7 @@ int main(int argc, char *argv[])
     };
     uint8_t temp[32], iv[16], rpt[32] = {0};
     const int kbits[3] = {128, 192, 256};
-    int i, j, err = 0;
+    int i, j, k, err = 0;
     struct AVTWOFISH *cs;
     cs = av_twofish_alloc();
     if (!cs)
@@ -70,10 +70,19 @@ int main(int argc, char *argv[])
             memcpy(Key+16,Key,(kbits[j]-128) >> 3);
             memcpy(Key,rpt,16);
             memcpy(rpt,temp,16);
+            av_twofish_crypt(cs, temp, temp, 1, NULL, 1);
+            for (k = 0; k < 16; k++) {
+                // Need to compare to Key here, because the plaintext comes
+                // from rpt but was moved over to Key.
+                if (Key[k] != temp[k]) {
+                    av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", k, Key[k], temp[k]);
+                    err = 1;
+                }
+            }
         }
         for (i = 0; i < 16; i++) {
-            if (rct[3 + j][i] != temp[i]) {
-                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[3 + j][i], temp[i]);
+            if (rct[3 + j][i] != rpt[i]) {
+                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[3 + j][i], rpt[i]);
                 err = 1;
             }
         }
diff --git a/libavutil/twofish.c b/libavutil/twofish.c
index d84fa4f363..649b4bc41b 100644
--- a/libavutil/twofish.c
+++ b/libavutil/twofish.c
@@ -260,10 +260,10 @@ static void twofish_decrypt(AVTWOFISH *cs, uint8_t *dst, const uint8_t *src, uin
         P[3] ^= AV_RL32(iv + 12);
         memcpy(iv, src, 16);
     }
-    AV_WL32(dst, P[2]);
-    AV_WL32(dst + 4, P[3]);
-    AV_WL32(dst + 8, P[0]);
-    AV_WL32(dst + 12, P[1]);
+    AV_WL32(dst, P[0]);
+    AV_WL32(dst + 4, P[1]);
+    AV_WL32(dst + 8, P[2]);
+    AV_WL32(dst + 12, P[3]);
 }
 
 av_cold int av_twofish_init(AVTWOFISH *cs, const uint8_t *key, int key_bits)