From 25d407e0eaf5c09fea5d490b5a7aebd36dfcfce3 Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Wed, 11 Oct 2023 08:07:16 +0800
Subject: [PATCH] Updated SM4 with AESENCLAST (markdown)

---
 SM4-with-AESENCLAST.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/SM4-with-AESENCLAST.md b/SM4-with-AESENCLAST.md
index d77bb1a..2c96c82 100644
--- a/SM4-with-AESENCLAST.md
+++ b/SM4-with-AESENCLAST.md
@@ -28,6 +28,8 @@ C1= 0x69
 M2= 0xfa ,0x64 ,0xb4 ,0x0a ,0x41 ,0xdd ,0x01 ,0xc1
 C2= 0x61
 
+//https://github.com/intel/ipp-crypto/blob/develop/sources/ippcp/pcpsms4_l9cn.h
+//Intel也用了这组
 M1= 0x52 ,0xbc ,0x2d ,0x02 ,0x9e ,0x25 ,0xac ,0x34
 C1= 0x65
 M2= 0xcb ,0x9a ,0x0a ,0xb4 ,0xc7 ,0xac ,0x87 ,0x4e
@@ -179,7 +181,7 @@ func sm4_box_aesenclast_intel(rk uint32, t0, t1, t2, t3, a1l, a1h, a2l, a2h __m1
 
 类似于：  
 ```
-{(M1, C1, M2, C2) | SM4-S(x) = A2(AES-S(A1(x)), A1(x) = M1*x + C1, A2(x) = M2*(x+0x63) + C2}
+{(M1, C1, M2, C2) | SM4-S(x) = A2(AES-S(A1(x)), A1(x) = M1*x + C1, A2(x) = M2*(x+0x63) + C2 = M2*x + (M2*0x63 + C2)}
 ```
 
 ## How to calculate lookup table from M, C?