hcapReverse/src/sbox.rs

//! Custom polynomial S-Box: S(x) = 192x^6 + 224x^5 + 120x^4 + 200x^3 + 150x^2 + 65x + 147 (mod 256)
//! Corresponds to pow_main_dispatch State 0x0E/0x0F
//! Evidence: constants 0xE0, 0x78, -0x40, 0x86838DC8, 0x96, 0x41, 0x93

/// Apply polynomial S-Box to each byte of a 32-byte buffer.
/// Decompiled:
///   iVar4 = iVar1 * iVar1;           // x^2
///   iVar10 = iVar4 * iVar4;          // x^4
///   result = iVar1 * iVar10 * 0xe0   // 224*x^5
///          + iVar10 * 0x78            // 120*x^4
///          + iVar10 * iVar4 * -0x40   // -64*x^6 = 192*x^6 (mod 256)
///          + ((iVar1 * 0x86838DC8 + 0x96) * iVar1 + 0x41) * iVar1
///          + 0x93;
pub fn apply_polynomial_sbox(buf: &mut [u8; 32]) {
    for b in buf.iter_mut() {
        let x = *b as u32;
        let x2 = x.wrapping_mul(x);
        let x4 = x2.wrapping_mul(x2);
        let result = x.wrapping_mul(x4).wrapping_mul(0xE0)                        // 224*x^5
            .wrapping_add(x4.wrapping_mul(0x78))                                   // 120*x^4
            .wrapping_add(x4.wrapping_mul(x2).wrapping_mul(0xFFFF_FFC0))           // 192*x^6 (-64 mod 2^32)
            .wrapping_add(
                x.wrapping_mul(0x86838DC8_u32).wrapping_add(0x96)                  // 200*x + 150
                    .wrapping_mul(x).wrapping_add(0x41)                            // *x + 65
                    .wrapping_mul(x)                                               // -> 200x^3+150x^2+65x
            )
            .wrapping_add(0x93);                                                   // + 147
        *b = result as u8;
    }
}