Cryptography Reference
In-Depth Information
states := [inv, LengthSplit(bytelist, 16)]
else
states := [LengthSplit(bytelist, 16)]
end if;
len := nops(states)-1;
states := Array(0 .. len, states);
if mode = OFB then
kst := Array(0 .. 3, 0 .. 3, (i, j) -> states[0][i+4*j+1]);
for i to len do
kst := AESEncrypt(ek, kst);
states[i] := BitXorAL(kst, states[i])
end do
elif mode = CTR then
count := Array(0 .. 3, 0 .. 3, (i, j) -> states[0][i+4*j+1]);
for i to len do
states[i] := BitXorAL(AESEncrypt(ek, count), states[i]);
inc32(count)
end do
else
error "Unrecognized mode; either OFB or CTR should be used"
end if;
if nargs = 4 then
[seq(op(states[i]), i=0..len)]
else
[seq(op(states[i]), i=1..len)]
end if;
end proc:
Example 4.5
Let us do an encryption and decryption in CTR mode, using the pre-
ceding function. We take the 0 vector as plaintext block and also as key and as IV,
i.e., these three inputs equal to the list consisting of 16 zeros. Then we obtain:
> AESModes([0$16], [0$16], CTR, [0$16]);
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 102, 233, 75, 212, 239, 138,
44, 59, 136, 76, 250, 89, 202, 52, 43, 46]
The plaintext is a unique 128-bit block but the ciphertext consists of two blocks:
the first one is just the IV (or the initial counter in this case) and the second is the
ciphertext proper, i.e., the block that results from encrypting the plaintext block.
Now, we decrypt:
> AESModes([0$16], %, CTR);
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
The next function,
ModesTest
, serves to test the preceding implementation of
OFB and CTR modes. In accordance with the usage in [68], where some test vectors
are given, all inputs will be hex strings, except the one corresponding to the parameter
mode
which will be a name (OFB or CTR). As in the previous function, the presence
or absence of the last argument (the IV) determines whether the function encrypts
or decrypts.
> ModesTest := proc(key::string, message::string, mode::name, iv::string)
local messagelist, t, i;
messagelist := hexstringtobytes(StringTools:-LowerCase(message));
t := AESModes(key, messagelist, args[3 .. nargs]);
if nargs = 4 then
t := map(bytestohexstring, [ListTools:-LengthSplit(t[17 .. -1], 16)]);
printf("%s\n", "Ciphertext blocks:")
else
