Skip to content

Commit d5f91e2

Browse files
lgutschowlgutschow
committed
CRITICAL: Fix FF1 expandS — XOR with R not previous block (NIST SP 800-38G)
Same bug as Java and Rust. Verified against independent fpe crate v0.6.1.
1 parent f875f97 commit d5f91e2

1 file changed

Lines changed: 2 additions & 3 deletions

File tree

src/ff1.js

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,14 +51,13 @@ class FF1 {
5151
const blocks = Math.ceil(d / 16);
5252
const out = Buffer.alloc(blocks * 16);
5353
R.copy(out, 0);
54-
let prev = Buffer.from(R);
5554
for (let j = 1; j < blocks; j++) {
5655
const x = Buffer.alloc(16);
5756
x.writeBigUInt64BE(BigInt(j), 8);
58-
for (let k = 0; k < 16; k++) x[k] ^= prev[k];
57+
// XOR with R (not previous block) per NIST SP 800-38G
58+
for (let k = 0; k < 16; k++) x[k] ^= R[k];
5959
const enc = this._aes(x);
6060
enc.copy(out, j * 16);
61-
prev = enc;
6261
}
6362
return out.subarray(0, d);
6463
}

0 commit comments

Comments
 (0)