Cryptography Reference
In-Depth Information
Example 5.10 We use the authenticated decryption function to validate the result of
Test Case 16 in the previous example; we assume that the ciphertext value c is still
in memory.
> GCMAD(gk, giv, hexstringtobytes(c[1]), ga, hexstringtobytes(c[2]), 16);
evalb(% = gp);
true
Below we give functions that implement GMAC, i.e., the MAC part of
GCM/GMAC for both text strings and files but we leave as an exercise to write
the corresponding Maple functions for authenticated encryption and authenticated
decryption of real messages using GCM, in a similar way as we did with earlier
modes.
Exercise 5.10 WriteGCMMaple functions for authenticated decryption and authen-
ticated encryption that take as input either text strings or binary files and produce
as output the concatenation of the IV plus the ciphertext plus the tag (in the case of
authenticated encryption) and either the plaintext or FAIL (in the case of authenti-
cated decryption).
5.5.2 GMAC
As mentioned above, GMAC is the MAC obtained when GCM is used for authenti-
cation only or, in other words, when GCM is specialized to an empty plaintext. Next
we give the GMAC functions in Maple for computing the MAC tag ( GMAC ) and for
verification ( GMACVer ). The inputs for GMAC are the key, the IV, the message (all
of them strings) and, optionally, the message type ( text , hex or file , with the
last being the default) and the tag length given by a keyword parameter t (with 16
as default). The output is the MAC tag given as a hex string. We mention here that
in [138] and also in [70], it is explicitly mentioned that, for security reasons, the tag
length must be fixed for each key.
> GMAC := proc(key::{list, string}, iv::string, message::string,
messagetype::name := file, {t::posint := 16})
local k, IV, m;
uses StringTools;
k := checkkey(key);
if not (IsHexDigit(iv) and Length(iv) = 24) then
error "Incorrectly formatted IV"
end if;
if not member(t, [$12 .. 16]) then
error "Incorrect tag length"
end if;
IV := hexstringtobytes(LowerCase(iv));
m := messagetobytes(message, messagetype);
bytestohexstring(GCMAE(k, IV, [], m, t)[2])
end proc:
The verification function GMACVer is given next. The input parameters are the
same as those of GMAC with the addition of the tag (as a hex string) and without the
 
Search WWH ::




Custom Search