Cryptography Reference
In-Depth Information
5f 3132333435363738 00000000000003
00077475767778797a00000000000000
12345678
abc
AES CBC-MAC
AES_Encrypt
("@ABCDEFGHIJKLMNO")
404855 688058bb65f9c511
Figure 9-5: AES-CCM encryption example
Decrypting gives you back the original input:
[jdavies@localhost ssl]$ ./aes -d “@ABCDEFGHIJKLMNO” “123456789012” “tuvwxyz” \
0x404855688058bb65f9c511
616263
If the MAC is wrong, though, you just get back nothing:
[jdavies@localhost ssl]$ ./aes -d “@ABCDEFGHIJKLMNO” “123456789012” “tuvwxyz” \
0x404855688058bb65f9c5112
Error, MAC mismatch.
Technically, though, there's nothing stopping you, if you have the key, from
writing a CTR-mode decryption routine and decrypting the fi rst three bytes
anyway. If you know the MAC is eight bytes, you know the input was three. You
can decrypt, but not authenticate, the ciphertext even if you don't know what
the additional data was; it's just used in the MAC computation.
 
Search WWH ::




Custom Search