mirror of
https://codeberg.org/ziglang/zig.git
synced 2026-04-27 19:09:47 +03:00
David Rubin
8efd539305
The first issue is that when len(Sn) >= 128, we perform Sn xor D instead of the Sn xorend D that is specified in RFC 5297. The second issue is that we truncate the Sn if it is larger than 4096 bytes, which could lead to collisions between inputs. We solve this by absoring the Sn into the CMAC state perform the last 16 bytes, xoring those 16 bytes with D as described in the first issue, and then updating and squeezing the CMAC.