无法从 AES-128-GCM 获得正确的输出
Unable to get correct output from AES-128-GCM
理论上,以下测试代码应该给我 NIST 测试套件 58e2fccefa7e3061367f1d57a4e7455a 的结果,但是输出的十六进制转储会产生 9eeaed13b5f591104e2cda197fb99eeaed13b5f591104e2cda197fb9=]?[=13
#include <iostream>
#include <cstdio>
#include <polarssl/md.h>
#include <polarssl/entropy.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/cipher.h>
#include <cstdlib>
#include <fstream>
int main(int argc, char** argv) {
const cipher_info_t *cipher_info;
cipher_info = cipher_info_from_string( "AES-128-GCM" );
cipher_context_t cipher_ctx;
cipher_init_ctx (&cipher_ctx,cipher_info);
std::cout<<"KEYLEN"<<std::endl;
std::cout<<cipher_info->key_length<<std::endl;
std::cout<<"IVLEN"<<std::endl;
std::cout<<cipher_info->iv_size<<std::endl;
unsigned char key[cipher_info->key_length/8];
unsigned char iv[cipher_info->iv_size];
memset(key,0x00,cipher_info->key_length/8);
memset(iv,0x00,cipher_info->iv_size);
unsigned char iBuffer[10];
unsigned char oBuffer[1024];
size_t ilen, olen;
std::ofstream oFile2;
oFile2.open("testOut",std::ofstream::out | std::ofstream::trunc | std::ofstream::binary);
cipher_setkey( &cipher_ctx,key,cipher_info->key_length,POLARSSL_ENCRYPT);
cipher_set_iv( &cipher_ctx, iv, 16 );
cipher_reset( &cipher_ctx );
cipher_update( &cipher_ctx, iBuffer, sizeof(iBuffer), oBuffer, &olen );
oFile2 << oBuffer;
cipher_finish( &cipher_ctx, oBuffer, &olen );
oFile2 << oBuffer;
oFile2.close();
}
这是 nIST 测试:
Variable
Value
K 00000000000000000000000000000000
P
IV 000000000000000000000000
H 66e94bd4ef8a2c3b884cfa59ca342b2e
Yo 00000000000000000000000000000001
E ( K,Yo) 58e2fccefa7e3061367f1d57a4e7455a
len(A)||len(C) 00000000000000000000000000000000
GHASH (H,A,C) 00000000000000000000000000000000
C
T 58e2fccefa7e3061367f1d57a4e7455a
(测试用例一http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf)
我可以立即看到两个错误:
- 明文大小设置为 10 个字节,而不是完全没有字节 - 这会导致密文过大且身份验证标记不正确;
- IV 是 12 个字节设置为 0 而不是 16 个字节设置为 0 - 12 是 GCM 模式的默认值 - 这使得密文(如果有)和身份验证标签不正确。
这些问题在以下行中:
unsigned char iBuffer[10];
...
cipher_update( &cipher_ctx, iBuffer, sizeof(iBuffer), oBuffer, &olen );
和
cipher_set_iv( &cipher_ctx, iv, 16 );
此外,API 似乎需要您使用 ...write_tag...
method 单独检索标签。目前您只能看到点击率密文,看不到身份验证标签。
理论上,以下测试代码应该给我 NIST 测试套件 58e2fccefa7e3061367f1d57a4e7455a 的结果,但是输出的十六进制转储会产生 9eeaed13b5f591104e2cda197fb99eeaed13b5f591104e2cda197fb9=]?[=13
#include <iostream>
#include <cstdio>
#include <polarssl/md.h>
#include <polarssl/entropy.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/cipher.h>
#include <cstdlib>
#include <fstream>
int main(int argc, char** argv) {
const cipher_info_t *cipher_info;
cipher_info = cipher_info_from_string( "AES-128-GCM" );
cipher_context_t cipher_ctx;
cipher_init_ctx (&cipher_ctx,cipher_info);
std::cout<<"KEYLEN"<<std::endl;
std::cout<<cipher_info->key_length<<std::endl;
std::cout<<"IVLEN"<<std::endl;
std::cout<<cipher_info->iv_size<<std::endl;
unsigned char key[cipher_info->key_length/8];
unsigned char iv[cipher_info->iv_size];
memset(key,0x00,cipher_info->key_length/8);
memset(iv,0x00,cipher_info->iv_size);
unsigned char iBuffer[10];
unsigned char oBuffer[1024];
size_t ilen, olen;
std::ofstream oFile2;
oFile2.open("testOut",std::ofstream::out | std::ofstream::trunc | std::ofstream::binary);
cipher_setkey( &cipher_ctx,key,cipher_info->key_length,POLARSSL_ENCRYPT);
cipher_set_iv( &cipher_ctx, iv, 16 );
cipher_reset( &cipher_ctx );
cipher_update( &cipher_ctx, iBuffer, sizeof(iBuffer), oBuffer, &olen );
oFile2 << oBuffer;
cipher_finish( &cipher_ctx, oBuffer, &olen );
oFile2 << oBuffer;
oFile2.close();
}
这是 nIST 测试:
Variable
Value
K 00000000000000000000000000000000
P
IV 000000000000000000000000
H 66e94bd4ef8a2c3b884cfa59ca342b2e
Yo 00000000000000000000000000000001
E ( K,Yo) 58e2fccefa7e3061367f1d57a4e7455a
len(A)||len(C) 00000000000000000000000000000000
GHASH (H,A,C) 00000000000000000000000000000000
C
T 58e2fccefa7e3061367f1d57a4e7455a
(测试用例一http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf)
我可以立即看到两个错误:
- 明文大小设置为 10 个字节,而不是完全没有字节 - 这会导致密文过大且身份验证标记不正确;
- IV 是 12 个字节设置为 0 而不是 16 个字节设置为 0 - 12 是 GCM 模式的默认值 - 这使得密文(如果有)和身份验证标签不正确。
这些问题在以下行中:
unsigned char iBuffer[10];
...
cipher_update( &cipher_ctx, iBuffer, sizeof(iBuffer), oBuffer, &olen );
和
cipher_set_iv( &cipher_ctx, iv, 16 );
此外,API 似乎需要您使用 ...write_tag...
method 单独检索标签。目前您只能看到点击率密文,看不到身份验证标签。