AES 128 CBC 上的蒙特卡罗测试 [英] Monte Carlo Test on AES 128 CBC

问题描述

我正在 AES 128 CBC 上执行 MCT，如 http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf

I'm performing MCT on AES 128 CBC as described in http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf

第一次迭代的预期向量结果是

The expected vector result for first iteration is

密钥 = 9dc2c84a37850c11699818605f47958c

KEY = 9dc2c84a37850c11699818605f47958c

IV = 256953b2feab2a04ae0180d8335bbed6

IV = 256953b2feab2a04ae0180d8335bbed6

PLAINTEXT = 2e586692e647f5028ec6fa47a55a2aab

PLAINTEXT = 2e586692e647f5028ec6fa47a55a2aab

密文 = 1b1ebd1fc45ec43037fd4844241a437f

CIPHERTEXT = 1b1ebd1fc45ec43037fd4844241a437f

下面的函数用于生成第一次迭代输出，

Below function is used to generate first iteration output,

void
do_mct()
{
    EVP_CIPHER_CTX *ctx = NULL;
    unsigned char key[16] =
    { 0x9d, 0xc2, 0xc8, 0x4a, 0x37, 0x85, 0x0c, 0x11, 0x69, 0x98, 0x18, 0x60, 0x5f, 0x47, 0x95, 0x8c };
    unsigned char iv[16] =
    { 0x25, 0x69, 0x53, 0xb2, 0xfe, 0xab, 0x2a, 0x04, 0xae, 0x01, 0x80, 0xd8, 0x33, 0x5b, 0xbe, 0xd6 };
    unsigned char pt[16] =
    { 0x2e, 0x58, 0x66, 0x92, 0xe6, 0x47, 0xf5, 0x02, 0x8e, 0xc6, 0xfa, 0x47, 0xa5, 0x5a, 0x2a, 0xab };
    unsigned char ct_current[16] = { };
    unsigned char ct_previous[16] = { };
    int ptlen = 16, ctlen = 0;

    ctx = EVP_CIPHER_CTX_new();

    if ( ctx )
    {
        for ( int i = 0; i < 999 ; i++ )
        {
            if ( 0 == i )
            {
                if ( 1 == EVP_EncryptInit(ctx, EVP_aes_128_cbc(), &key[0], &iv[0] ) )
                {
                    EVP_CIPHER_CTX_set_padding(ctx, 0);

                    if ( 1 ==  EVP_EncryptUpdate(ctx, &ct_current[0] , &ctlen, &pt[0], ptlen) )
                    {
                        printf("\nctlen= %d\n", ctlen);
                        memcpy(&pt[0],&iv[0],16);
                    }
                    else
                    {
                        printf( " error");
                    }
                }
                else
                {
                    printf( " error");
                }
            }
            else
            {
                memcpy(&ct_previous[0],&ct_current[0],ctlen);

                if ( 1 ==  EVP_EncryptUpdate(ctx, &ct_current[0] , &ctlen, &pt[0], ptlen) )
                {
                    memcpy(&pt[0],&ct_previous[0],ctlen);
                }
                else
                {
                    printf( " error");
                }
            }
        }

        printf("\nCT :- ");
        for(int i=0;i<ctlen;i++)
        {
            printf("%02x ", ct_current[i]);
        }

        EVP_CIPHER_CTX_free(ctx);
    }
}

它将结果打印为，CT :- c1 b7 7e d5 25 21 52 5f 0a 4b a3 41 bd af 51 d9

It prints result as, CT :- c1 b7 7e d5 25 21 52 5f 0a 4b a3 41 bd af 51 d9

与预期结果不符.我怀疑上面的函数有些不对劲，但是 AESAVS pdf 中给出的伪代码也有点令人困惑..请说明哪里出错了..

which doesn't match the expected result. I'm suspecting something is not right in the above function, but the pseudo code given in AESAVS pdf was a bit confusing as well.. Please shed some lights on where it had gone wrong..

推荐答案

糟糕.. 糟糕，它需要 1000 次迭代才能产生一个输出.. 我只做了 999.. 将 for 循环更改为 for ( int i = 0; i <1000 ; i++ ) 并且有效

Oops.. My bad, it required 1000 iteration for producing one output.. I was doing only 999.. change for loop to for ( int i = 0; i < 1000 ; i++ ) and it worked

这篇关于AES 128 CBC 上的蒙特卡罗测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！