frist

2026-02-26 06:14:36 +08:00
commit 06b67f60d6
20 changed files with 1440 additions and 0 deletions
--- a/src/sbox.rs
+++ b/src/sbox.rs
@@ -0,0 +1,30 @@
+//! Custom polynomial S-Box: S(x) = 192x^6 + 224x^5 + 120x^4 + 200x^3 + 150x^2 + 65x + 147 (mod 256)
+//! Corresponds to pow_main_dispatch State 0x0E/0x0F
+//! Evidence: constants 0xE0, 0x78, -0x40, 0x86838DC8, 0x96, 0x41, 0x93
+
+/// Apply polynomial S-Box to each byte of a 32-byte buffer.
+/// Decompiled:
+///   iVar4 = iVar1 * iVar1;           // x^2
+///   iVar10 = iVar4 * iVar4;          // x^4
+///   result = iVar1 * iVar10 * 0xe0   // 224*x^5
+///          + iVar10 * 0x78            // 120*x^4
+///          + iVar10 * iVar4 * -0x40   // -64*x^6 = 192*x^6 (mod 256)
+///          + ((iVar1 * 0x86838DC8 + 0x96) * iVar1 + 0x41) * iVar1
+///          + 0x93;
+pub fn apply_polynomial_sbox(buf: &mut [u8; 32]) {
+    for b in buf.iter_mut() {
+        let x = *b as u32;
+        let x2 = x.wrapping_mul(x);
+        let x4 = x2.wrapping_mul(x2);
+        let result = x.wrapping_mul(x4).wrapping_mul(0xE0)                        // 224*x^5
+            .wrapping_add(x4.wrapping_mul(0x78))                                   // 120*x^4
+            .wrapping_add(x4.wrapping_mul(x2).wrapping_mul(0xFFFF_FFC0))           // 192*x^6 (-64 mod 2^32)
+            .wrapping_add(
+                x.wrapping_mul(0x86838DC8_u32).wrapping_add(0x96)                  // 200*x + 150
+                    .wrapping_mul(x).wrapping_add(0x41)                            // *x + 65
+                    .wrapping_mul(x)                                               // -> 200x^3+150x^2+65x
+            )
+            .wrapping_add(0x93);                                                   // + 147
+        *b = result as u8;
+    }
+}