我的 RC6 实现有什么问题?

【问题标题】:What is wrong in my RC6 implmentation?我的 RC6 实现有什么问题?
【发布时间】:2011-09-08 21:50:51
【问题描述】:

谁能看到我在哪里犯了错误?我知道该算法会正确解密加密数据。但是,根据RC6 paper,大多数加密数据不是正确的输出。 

// hexlify(string) turns a string into its hex representation: hexlify("AB") -> "4142"
// unhexlify(string) turns a string into its ASCII representation: unhexlify("4142") -> "AB"
// uint128_t is my own version of uint128, and Im pretty sure that the math is correct
// little_end(string, base) flips a string by bytes to get the little endian version of the string 
// ROL/ROR(int, rotate x bits, bitsize of input int) does bitwise rotation


class RC6{
    private:
        unsigned int w, r, b, lgw;
        std::vector <uint32_t> S;
        uint128_t mod;
        std::string mode;

        void keygen(std::string KEY){
            uint64_t p, q;
            rc_pq(w, p, q);
            KEY = hexlify(KEY);
            unsigned int u = (unsigned int) ceil(w / 8.);
            unsigned int c = (unsigned int) ceil(float(b) / u);
            while ((KEY.size() >> 1) % u != 0)
                KEY += zero;
            std::vector <uint32_t> L;
            for(unsigned int x = 0; x < c; x++)
                L.push_back(toint(little_end(KEY.substr(2 * u * x, 2 * u), 16), 16));
            S.push_back(p);
            for(unsigned int i = 0; i < 2 * r + 3; i++)
                S.push_back((S[i] + q) % mod);
            uint32_t A = 0, B = 0, i = 0, j = 0;
            uint32_t v = 3 * std::max(c, 2 * r + 4);
            for(unsigned int s = 1; s < v + 1; s++){
                A = S[i] = ROL((S[i] + A + B) % mod, 3, w);
                B = L[j] = ROL((L[j] + A + B) % mod, (A + B) % w, w);
                i = (i + 1) % (2 * r + 4);
                j = (j + 1) % c;
            }
        }

    public:
        RC6(std::string KEY, std::string MODE, unsigned int W = 32, unsigned int R = 20, unsigned int B = 16){
            w = W;
            r = R;
            b = B;
            mod = uint128_t(1) << w;
            lgw = (unsigned int) log2(w);
            mode = MODE;
            keygen(KEY);
        }

        std::string run(std::string DATA){
            DATA = hexlify(DATA);
            uint32_t A = toint(little_end(DATA.substr(0, 8), 16), 16), B = toint(little_end(DATA.substr(8, 8), 16), 16), C = toint(little_end(DATA.substr(16, 8), 16), 16), D = toint(little_end(DATA.substr(24, 8), 16), 16);
            if (mode == "e"){
                B += S[0];
                D += S[1];
                for(unsigned int i = 1; i < r + 1; i++){
                    uint64_t t = ROL((uint64_t) ((B * (2 * B + 1)) % mod), lgw, w);
                    uint64_t u = ROL((uint64_t) ((D * (2 * D + 1)) % mod), lgw, w);
                    A = ROL(A ^ t, u % w, w) + S[2 * i];
                    C = ROL(C ^ u, t % w, w) + S[2 * i + 1];
                    uint64_t temp = A; A = B % mod; B = C % mod; C = D % mod; D = temp % mod;
                }
                A += S[2 * r + 2];
                C += S[2 * r + 3];
            }
            else{
                C -= S[2 * r + 3];
                A -= S[2 * r + 2];
                for(int i = r; i > 0; i--){
                    uint64_t temp = D; D = C % mod; C = B % mod; B = A % mod; A = temp % mod;
                    uint64_t u = ROL((uint64_t) ((D * (2 * D + 1)) % mod), lgw, w);
                    uint64_t t = ROL((uint64_t) ((B * (2 * B + 1)) % mod), lgw, w);
                    C = ROR((C - S[2 * i + 1]) % mod, t % w, w) ^ u;
                    A = ROR((A - S[2 * i]) % mod, u % w, w) ^ t;
                }
                D -= S[1];
                B -= S[0];
            }
            w >>= 2;
            return unhexlify(little_end(makehex(A % mod, w)) + little_end(makehex(B % mod, w)) + little_end(makehex(C % mod, w)) + little_end(makehex(D % mod, w)));
        }
};

在这些测试向量中,只有前两个是正确的。其余的都没有

data = "00000000000000000000000000000000";
key = "00000000000000000000000000000000";
ciphertext = "8fc3a53656b1f778c129df4e9848a41e";

data = "02132435465768798a9bacbdcedfe0f1";
key = "0123456789abcdef0112233445566778";
ciphertext = "524e192f4715c6231f51f6367ea43f18";


data = "00000000000000000000000000000000";
key = "000000000000000000000000000000000000000000000000";
ciphertext = "6cd61bcb190b30384e8a3f168690ae82";


data = "02132435465768798a9bacbdcedfe0f1";
key = "0123456789abcdef0112233445566778899aabbccddeeff0";
ciphertext = "688329d019e505041e52e92af95291d4";


data = "00000000000000000000000000000000";
key = "0000000000000000000000000000000000000000000000000000000000000000";
ciphertext = "8f5fbd0510d15fa893fa3fda6e857ec2";


data = "02132435465768798a9bacbdcedfe0f1";
key = "0123456789abcdef0112233445566778899aabbccddeeff01032547698badcfe";
ciphertext = "c8241816f0d7e48920ad16a1674e5d48";

我在某个地方搞砸了一个 uint 吗?错误的小端变化?

【问题讨论】:

  • 我喜欢代码接近论文的伪代码。要继续,我建议您为 uint128_t 和您编写的其他原始类型/函数编写单元测试,以确保它们像广告宣传的那样工作。
  • 我已经对 uint128_t 进行了相当多的测试。可能有一些东西需要修复,但我不相信它会与这段代码相关。如果您愿意,可以将其更改为 uint64_t。其他的也经过了广泛的测试,发现可以正常工作
  • 如果这些是你得到的密文,在我看来它们与论文的密文相同 - 我认为你的代码没有给你这些值?
  • 正确。这没有任何意义。我在我的 python 版本中也得到了相同的值
  • 我会检查您的代码以对抗其他一些开源 RC6 实现。如果您并排调试它们,您可能会看到问题的根源。我在这里找到了一个:codeproject.com/KB/security/hexenc.aspx

标签: c++ math encryption cryptography encryption-symmetric


【解决方案1】:

我想我明白了。任何人都可以证实吗?我认为因为我默认设置了 b = 16,所以我导致了错误。我的硬盘坏了,否则我早就测试过了

【讨论】:

  • b 应该是密钥长度,以字节为单位。当您使用 16 字节的密钥(如在您的两个第一个测试向量中)时,它应该是 16,24 然后密钥包含在 24 个字节(您的第三个和第四个向量)中,依此类推。
  • 是的。刚刚测试过了。现在可以了!最后!为什么有人不能告诉我??
猜你喜欢
  • 2019-06-07
  • 2021-07-25
  • 2016-05-28
  • 1970-01-01
  • 1970-01-01
  • 2012-06-14
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode