本文详细介绍了AES密钥封装算法的工作原理,包括密钥封装(keywrap)和密钥解封(keyunwrap)的过程,并解释了初始向量(IV)的作用及使用方式。
1、概述
AES-WRAP: Advanced Encryption Standard (AES) Key Wrap Algorithm。本文的总结均来自《RFC-3394》。
Any data being wrapped will be referred to as the key data; The key used to do the wrapping will be referred to as the key-encryption key (KEK)。
The term "key data" is used broadly to mean any data being wrapped, but particularly keys, since this is primarily a key wrap algorithm。
A KEK can be a 128-bit key, a 192-bit key, or a 256-bit key。
下面的 key wrap 和 key unwrap 都是 index based 模式的。
2、key wrap
Inputs: Plaintext, n 64-bit values {P1, P2, ..., Pn}, and Key, K (the KEK).
Outputs: Ciphertext, (n+1) 64-bit values {C0, C1, ..., Cn}.
Steps:
1) Initialize variables
Set A = IV, an initial value (see 2.2.3)
For i = 1 to n { R[i] = P[i]; }
2) Calculate intermediate values.
For j = 0 to 5
For i=1 to n
B = AES(K, A | R[i])
A = MSB(64, B) ^ t where t = (n*j)+i
R[i] = LSB(64, B)
3) Output the results.
Set C[0] = A
For i = 1 to n
C[i] = R[i]
3、key unwrap
Inputs: Ciphertext, (n+1) 64-bit values {C0, C1, ..., Cn}, and Key, K (the KEK).
Outputs: Plaintext, n 64-bit values {P0, P1, K, Pn}.
Steps:
1) Initialize variables.
Set A = C[0]
For i = 1 to n
R[i] = C[i]
2) Compute intermediate values.
For j = 5 to 0
For i = n to 1
B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
A = MSB(64, B)
R[i] = LSB(64, B)
3) Output results.
If A is an appropriate initial value (see 2.2.3)
Then
For i = 1 to n
P[i] = R[i]
Else
Return an error
4、IV
分两种:Default 和 Alternative。Default 时, IV = A6A6A6A6A6A6A6A6;Alternative 时,rfc 中tmd看不懂。
5、说明
AES(K, W) Encrypt W using the AES codebook with key K
AES-1(K, W) Decrypt W using the AES codebook with key K
MSB(j, W) Return the most significant j bits of W
LSB(j, W) Return the least significant j bits of W
扫一扫
3160
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
