DES-MAC 与 DES-MAC 签名有区别吗?
Is DES-MAC different from DES-MAC Signature?
我编写了一个简单的 Javacard 小程序来使用 ALG_DES_MAC8_NOPAD 签名计算输入数据的签名,如下所示:
package testPrj ;
import javacard.framework.*;
import javacard.security.*;
public class testPrj extends Applet
{
private Signature sig8;
private DESKey key8;
public static void install(byte[] bArray, short bOffset, byte bLength)
{
new testPrj();
}
public testPrj(){
sig8 = Signature.getInstance(Signature.ALG_DES_MAC8_NOPAD, false);
key8 = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_DES, false);
register();
}
public void process(APDU apdu)
{
if (selectingApplet())
return;
byte[] buf = apdu.getBuffer();
switch (buf[ISO7816.OFFSET_INS])
{
case (byte)0x00:
apdu.setIncomingAndReceive();
key8.setKey(buf, ISO7816.OFFSET_CDATA);
sig8.init(key8, Signature.MODE_SIGN, buf, (short)(ISO7816.OFFSET_CDATA + 8), (short)8);
sig8.sign(buf, (short)(ISO7816.OFFSET_CDATA + 16), (short)8, buf, (short)0);
apdu.setOutgoingAndSend((short)0, (short)8);
break;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}
}
}
正如你在上面看到的,这个小程序只支持一个APDU命令。此命令的前 8 个字节是 DES 密钥,后 8 个字节是 IV,最后 8 个字节是我们要计算其签名的输入数据。
现在,我们可以使用 Key = 11 11 11 11 11 11 11 11
和 IV = 22 22 22 22 22 22 22 22
计算 33 33 33 33 33 33 33 33
的签名,如下所示:
// Select Applet
Send: 00 A4 04 00 06 <Applet AID> 00
Recv: 90 00
// Request DES Signature
Send: 00 00 00 00 18 11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 33 33 33 33 33 33 33 33
Recv: F4 03 79 AB 9E 0E C5 33 90 00 <== DES Signature + Status Words
好的,现在看看这张图(来自an online tool):
您可能会注意到,输出与小程序的响应相同。
所以,我得出结论DES_MAC8签名等同于CBC模式下的DES加密。
好吧,现在看一下从 RFC 中引用的关于 DES-MAC 的定义:
6.4.6. DES cipher-block chained checksum (des-mac)
The DES-MAC checksum is computed by prepending an 8 octet confounder
to the plaintext, performing a DES CBC-mode encryption on the result
using the key and an initialization vector of zero, taking the last
block of the ciphertext, prepending the same confounder and encrypting
the pair using DES in cipher-block-chaining (CBC) mode using a a
variant of the key, where the variant is computed by eXclusive-ORing
the key with the constant F0F0F0F0F0F0F0F0. The initialization vector
should be zero. The resulting checksum is 128 bits (16 octets) long,
64 bits of which are redundant. This checksum is tamper-proof and
collision-proof.
显然,这个定义与 applet/online-tool 中的定义不同。所以:
问题:DES-MAC和DES-MAC签名有区别吗?它们有不同的用途吗?换句话说,DES-MAC 是否证明了 DES-MAC 签名无法证明的东西(反之亦然)?
原因很简单,您引用的 DES-MAC 是 specific to Kerberos 5。它不是 CBC-MAC,尽管它似乎使用相同的 CBC 模式。
我编写了一个简单的 Javacard 小程序来使用 ALG_DES_MAC8_NOPAD 签名计算输入数据的签名,如下所示:
package testPrj ;
import javacard.framework.*;
import javacard.security.*;
public class testPrj extends Applet
{
private Signature sig8;
private DESKey key8;
public static void install(byte[] bArray, short bOffset, byte bLength)
{
new testPrj();
}
public testPrj(){
sig8 = Signature.getInstance(Signature.ALG_DES_MAC8_NOPAD, false);
key8 = (DESKey)KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_DES, false);
register();
}
public void process(APDU apdu)
{
if (selectingApplet())
return;
byte[] buf = apdu.getBuffer();
switch (buf[ISO7816.OFFSET_INS])
{
case (byte)0x00:
apdu.setIncomingAndReceive();
key8.setKey(buf, ISO7816.OFFSET_CDATA);
sig8.init(key8, Signature.MODE_SIGN, buf, (short)(ISO7816.OFFSET_CDATA + 8), (short)8);
sig8.sign(buf, (short)(ISO7816.OFFSET_CDATA + 16), (short)8, buf, (short)0);
apdu.setOutgoingAndSend((short)0, (short)8);
break;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}
}
}
正如你在上面看到的,这个小程序只支持一个APDU命令。此命令的前 8 个字节是 DES 密钥,后 8 个字节是 IV,最后 8 个字节是我们要计算其签名的输入数据。
现在,我们可以使用 Key = 11 11 11 11 11 11 11 11
和 IV = 22 22 22 22 22 22 22 22
计算 33 33 33 33 33 33 33 33
的签名,如下所示:
// Select Applet
Send: 00 A4 04 00 06 <Applet AID> 00
Recv: 90 00
// Request DES Signature
Send: 00 00 00 00 18 11 11 11 11 11 11 11 11 22 22 22 22 22 22 22 22 33 33 33 33 33 33 33 33
Recv: F4 03 79 AB 9E 0E C5 33 90 00 <== DES Signature + Status Words
好的,现在看看这张图(来自an online tool):
您可能会注意到,输出与小程序的响应相同。
所以,我得出结论DES_MAC8签名等同于CBC模式下的DES加密。
好吧,现在看一下从 RFC 中引用的关于 DES-MAC 的定义:
6.4.6. DES cipher-block chained checksum (des-mac)
The DES-MAC checksum is computed by prepending an 8 octet confounder to the plaintext, performing a DES CBC-mode encryption on the result using the key and an initialization vector of zero, taking the last block of the ciphertext, prepending the same confounder and encrypting the pair using DES in cipher-block-chaining (CBC) mode using a a variant of the key, where the variant is computed by eXclusive-ORing the key with the constant F0F0F0F0F0F0F0F0. The initialization vector should be zero. The resulting checksum is 128 bits (16 octets) long, 64 bits of which are redundant. This checksum is tamper-proof and collision-proof.
显然,这个定义与 applet/online-tool 中的定义不同。所以:
问题:DES-MAC和DES-MAC签名有区别吗?它们有不同的用途吗?换句话说,DES-MAC 是否证明了 DES-MAC 签名无法证明的东西(反之亦然)?
原因很简单,您引用的 DES-MAC 是 specific to Kerberos 5。它不是 CBC-MAC,尽管它似乎使用相同的 CBC 模式。