Question

我一直在尝试用CBC实现Ciphertext Stealing（CTS）。

以下两个链接

How can I encrypt/decrypt data using AES CBC+CTS (ciphertext stealing) mode in PHP?

和

http://en.wikipedia.org/wiki/Ciphertext_stealing

我感到很困惑并坚持XOR最后也是最简单的一步。我知道这很愚蠢，但尝试了所有的组合，我不知道我错过了什么。代码如下。

// 1. Decrypt the second to last ciphertext block, using zeros as IV.       
$second_to_last_cipher_block = substr($cipher_text, strlen($cipher_text) - 32, 16);     
$second_to_last_plain = @mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $second_to_last_cipher_block, MCRYPT_MODE_CBC);

// 2. Pad the ciphertext to the nearest multiple of the block size using the last B-M 
//    bits of block cipher decryption of the second-to-last ciphertext block.
$n = 16 - (strlen($cipher_text) % 16);
$cipher_text .= substr($second_to_last_plain, -$n);

// 3. Swap the last two ciphertext blocks.
$cipher_block_last = substr($cipher_text, -16);
$cipher_block_second_last = substr($cipher_text, -32, 16);
$cipher_text = substr($cipher_text, 0, -32) . $cipher_block_last . $cipher_block_second_last;

// 4. Decrypt the ciphertext using the standard CBC mode up to the last block.
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($cipher, $key, $iv);
$plain_text = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $cipher_text, MCRYPT_MODE_CBC , $iv);

// 5. Exclusive-OR the last ciphertext (was already decrypted in step 1) with the second last ciphertext.
//    ???
//    echo $??? ^ $???;

Answer 1

我正在为perl寻找类似的答案。 Perl的库仅限于CBC模式。以下是我如何使用AES 256 CBC模式和CTS方法3使CTS工作。我认为这对PHP也有帮助。

这是实际的NIST文档。 Doc ID：NIST800-38A CBC-CS3 标题：Block分组密码操作模式的建议; CBC模式密文窃取的三种变体� 资料来源：http://csrc.nist.gov/publications/nistpubs/800-38a/addendum-to-nist_sp800-38A.pdf

这是代码......

p1

PHP用CBC实现密文窃取（CTS）

1 个答案: