Message Authentication - Introduction to Cryptography with Maple

Cryptography Reference

In-Depth Information

u := 128*ceil(c/128)-c;

v := 128*ceil(a/128)-a;

S := GHASH(Flatten(map(bytetobits, convert(ArrayTools:-Alias(H, [16]), list))),

[op(Flatten(map(bytetobits, A))), 0$v, op(Flatten(map(bytetobits, C))), 0$u,

op(integer2bits(a,64)), op(integer2bits(c,64))]);

T := GCTR(ek, [op(IV), 0$3, 1], map(bitstobyte, [LengthSplit(S, 8)]))[1 .. t];

[C, T]

end proc:

Example 5.9 Let us now test the preceding function by using some of the examples

in [138].

1. Test Case 7:

> map(bytestohexstring, GCMAE([0$24], [0$12], [], [], 16));

map(bytestohexstring, GCMAE([0$24], [0$12], [0$16], [], 16));

["", "cd33b28ac773f74ba00ed1f312572435"]

["98e7247c07f0fe411c267e4384b0f600", "2ff58d80033927ab8ef4d4587514f0fb"]

2. Test Case 16, with a 256-bit key:

> giv := hexstringtobytes("cafebabefacedbaddecaf888");

gk := hexstringtobytes("feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f94\

67308308");

ga := hexstringtobytes("feedfacedeadbeeffeedfacedeadbeefabaddad2");

gp := hexstringtobytes("d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d\

8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39");

c := map(bytestohexstring, GCMAE(gk, giv, gp, ga, 16));

["522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb\

3da7b08b1056828838c5f61e6393ba7a0abcc9f662", "76fc6ece0f4e1768cddf8853bb2d551b"]

Next we give the authenticated decryption function, which is very similar to

GCMAE . The input parameters are almost the same, with the ciphertext replacing the

plaintext and with an additional list of bytes T which corresponds to the tag. The

output is either the plaintext if authentication was successful or FAIL otherwise.

> GCMAD := proc(k::list, IV::list, C::list, A::list, T::list, t::posint)

local ek, H, P, c, a, u, v, S;

uses ListTools;

if nops(T) < t then

return FAIL

end if;

ek := KeyExpansion(k);

H := AESEncrypt(ek, Array(0 .. 3, 0 .. 3));

P := GCTR(ek, [op(IV), 0$3, 2], C);

c := 8*nops(C);

a := 8*nops(A);

u := 128*ceil(c/128)-c;

v := 128*ceil(a/128)-a;

S := GHASH(Flatten(map(bytetobits, convert(ArrayTools:-Alias(H, [16]), list))),

[op(Flatten(map(bytetobits, A))), 0$v, op(Flatten(map(bytetobits, C))), 0$u,

op(integer2bits(a,64)), op(integer2bits(c,64))]);

if T = GCTR(ek, [op(IV),0$3,1], map(bitstobyte, [LengthSplit(S,8)]))[1 .. t] then

P

else

FAIL

end if

end proc:

Introduction to Cryptography with Maple

Search WWH ::

Custom Search

Home