Wrong GCM Tag on 32-bit build

[Sainan]

Steps to reproduce:

#include <iostream>
#include <string>

#include <plusaes.hpp>

[[nodiscard]] static std::string bin2hexImpl(const std::string& str, const char* map)
{
	std::string res{};
	res.reserve(str.size() * 2);
	for (const auto& c : str)
	{
		res.push_back(map[(unsigned char)c >> 4]);
		res.push_back(map[c & 0b1111]);
	}
	return res;
}

[[nodiscard]] static std::string bin2hex(const std::string& str)
{
	return bin2hexImpl(str, "0123456789ABCDEF");
}

int main()
{
	std::string data = "Hello, world!";
	std::string ad = "ABCDEFGHIJKLM";
	std::string key = "ABCDEFGHIJKLMNOP";
	std::string iv = "ABCDEFGHIJKLMNOP";
	uint8_t tag[16];
	if (plusaes::encrypt_gcm(
		(uint8_t*)data.data(), data.size(),
		(uint8_t*)ad.data(), ad.size(),
		(uint8_t*)key.data(), key.size(),
		(const uint8_t(*)[12])iv.data(),
		&tag
	) == plusaes::kErrorOk)
	{
		std::cout << bin2hex(std::string(&tag[0], &tag[16]));
	}
	else
	{
		std::cout << "encrypt failed\r\n";
	}
}

Notice that the printed tag will differ between 32-bit and 64-bit build. Tested with clang on Windows.

[Sainan]

Did some classic print debugging and it seems this expression is the culprit:

But this expression works fine; it seems the (implicit) conversion to a Block is breaking on the least-significant byte:

J0_bitset = 01000001010000100100001101000100010001010100011001000111010010000100100101001010010010110100110000000000000000000000000000000001
J0        = 01000001010000100100001101000100010001010100011001000111000000000100100101001010010010110100110000000000000000000000000001001000

I've added a print statement to the bitset-to-Block conversion and it seems now it works... I think this is a compiler bug, so I'm moving this issue to LLVM: https://github.com/llvm/llvm-project/issues/64109

[kkAyataka]

Merged.