我正在用Java构建一个Blowfish密码算法。我使用these测试向量来查看它是否有效并且我发现最差可能的东西 - 它适用于某些输入而不适用于其他输入。
我使用Blowfish paper作为创建实现的指南。波纹管是它的相关部分。
public class Blowfish {
// Binary Digits of Pi
// ...
private static final int N = 16;
private final long S[][] = new long[4][256];
private final long P[] = new long[N + 2];
布鲁斯说:
(1)首先使用固定字符串依次初始化P阵列,然后按顺序初始化四个S盒。该字符串由pi的十六进制数字(少于初始3)
组成 public void keyExpansion(String key) {
System.arraycopy(p, 0, P, 0, N + 2);
for (int i = 0; i < 4; i++) {
System.arraycopy(s[i], 0, S[i], 0, 256);
}
我意识到这不是真的可读,但小写p[]
和s[][]
包含固定值(pi的十六进制数字),大写P[]
和S[][]
是a的属性Blowfish对象,将会发生变化。
布鲁斯说:
(2)XOR P1与密钥的前32位,XOR P2与密钥的第二个32位,依此类推,用于密钥的所有位(可能高达P14)。重复循环通过密钥位,直到整个P阵列与密钥位进行异或。
for (int i = 0; i < N + 2; i++) {
int begin = (i * 8) % key.length();
int end = ((i + 1) * 8) % key.length();
String keySubstring;
if (begin < end) {
keySubstring = key.substring(begin, end);
} else {
keySubstring = key.substring(begin) + key.substring(0, end);
}
long keyChunk = Long.parseLong(keySubstring, 16);
P[i] ^= keyChunk;
}
由于密钥长度不变(最多56个字节),因此我认为最简单的方法是传递它 是一个字符串。也许我应该使用BigInteger?
布鲁斯说:
(3)使用Blowfish算法加密全零字符串 步骤(1)和(2)中描述的子键。
(4)用步骤(3)的输出替换P1和P2。
(5)使用Blowfish算法加密步骤(3)的输出 修改过的子项。
(6)用步骤(5)的输出替换P3和P4。
(7)继续该过程,替换P阵列的所有条目,和 然后按顺序排列所有四个S盒,输出 不断变化的Blowfish算法。
long e = 0;
for (int i = 0; i < N + 2; i += 2) {
e = encrypt(e);
long eL = trim(e >>> 32);
long eR = trim(e);
P[i] = eL;
P[i + 1] = eR;
}
for (int i = 0; i < 4; i++) {
for (int j = 0; j < 256; j += 2) {
e = encrypt(e);
long eL = trim(e >>> 32);
long eR = trim(e);
S[i][j] = eL;
S[i][j + 1] = eR;
}
}
这是一个很好的时间,任何提及我的帮助函数trim
删除更高的32位。
private static long trim(long value) {
return value & 0xFFFFFFFFL;
}
布鲁斯说:
Blowfish是一个由16轮组成的Feistel网络。输入是64位数据元素x。
将x分为两个32位:xL,xR
对于i = 1到16:
xL = xL XOR Pi
xR = F(xL)XOR xR
交换xL和xR
下一个
交换xL和xR(撤消最后一次交换。)
xR = xR XOR P17
xL = xL XOR P18
重组xL和xR
public long encrypt(long plaintext) {
long xL = trim(plaintext >>> 32);
long xR = trim(plaintext);
for (int i = 0; i < N; i++) {
xL = xL ^ P[i];
xR = F(xL) ^ xR;
//swap
xL = xL + xR;
xR = xL - xR;
xL = xL - xR;
}
//swap
xL = xL + xR;
xR = xL - xR;
xL = xL - xR;
//final step
xR = xR ^ P[N];
xL = xL ^ P[N + 1];
return (xL << 32) | xR;
}
}
我只是针对上述测试向量运行此代码,如下所示:
public void testBlowfish() {
long key[] = {
...
};
long clear[] = {
...
};
long cipher[] = {
...
};
Blowfish b = new Blowfish();
for (int i = 0; i < 34; i++) {
b.keyExpansion(Long.toHexString(key[i]));
long result = b.encrypt(clear[i]);
if (result == cipher[i]) {
System.out.println("Test " + i + " passed!");
} else {
System.out.println("Test " + i + " failed: ");
System.out.println("\tKey:\t" + Long.toHexString(key[i]));
System.out.println("\tClear:\t" + Long.toHexString(clear[i]));
System.out.println("\tCipher:\t" + Long.toHexString(cipher[i]));
System.out.println("\tResult:\t" + Long.toHexString(result));
}
}
}
以下是测试结果:
Test 0 passed!
Test 1 passed!
Test 2 passed!
Test 3 passed!
Test 4 failed:
Key: 123456789abcdef
Clear: 1111111111111111
Cipher: 61f9c3802281b096
Result: 65a2dfe88702a6bf
Test 5 passed!
Test 6 passed!
Test 7 passed!
Test 8 passed!
Test 9 failed:
Key: 131d9619dc1376e
Clear: 5cd54ca83def57da
Cipher: b1b8cc0b250f09a0
Result: fbd7e706e563d21a
Test 10 failed:
Key: 7a1133e4a0b2686
Clear: 248d43806f67172
Cipher: 1730e5778bea1da4
Result: 7d11a2563bbf76f1
Test 11 passed!
Test 12 failed:
Key: 4b915ba43feb5b6
Clear: 42fd443059577fa2
Cipher: 353882b109ce8f1a
Result: d747d42ef2bc89c0
Test 13 failed:
Key: 113b970fd34f2ce
Clear: 59b5e0851cf143a
Cipher: 48f4d0884c379918
Result: c559acf605825008
Test 14 failed:
Key: 170f175468fb5e6
Clear: 756d8e0774761d2
Cipher: 432193b78951fc98
Result: 8761d08e81a796d
Test 15 passed!
Test 16 failed:
Key: 7a7137045da2a16
Clear: 3bdd119049372802
Cipher: 2eedda93ffd39c79
Result: db47a054a5a0d496
Test 17 failed:
Key: 4689104c2fd3b2f
Clear: 26955f6835af609a
Cipher: d887e0393c2da6e3
Result: 40f96e5f9f3affe1
Test 18 passed!
Test 19 passed!
Test 20 passed!
Test 21 failed:
Key: 25816164629b007
Clear: 480d39006ee762f2
Cipher: 7555ae39f59b87bd
Result: a6cb030922383650
Test 22 passed!
Test 23 passed!
Test 24 passed!
Test 25 failed:
Key: 18310dc409b26d6
Clear: 1d9d5c5018f728c2
Cipher: d1abb290658bc778
Result: d45634df2f8eb002
Test 26 passed!
Test 27 failed:
Key: 101010101010101
Clear: 123456789abcdef
Cipher: fa34ec4847b268b2
Result: 30ce63f436ff5475
Test 28 passed!
Test 29 passed!
Test 30 passed!
Test 31 passed!
Test 32 failed:
Key: 123456789abcdef
Clear: 0
Cipher: 245946885754369a
Result: 291c4bd096af70e5
Test 33 passed!
正如我所说,一些投入有效,有些则没有。我无法弄清楚为什么,这对我来说似乎是随意的,我拒绝生活在计算机可以做出任意决定的世界里。换句话说,错误在哪里?
答案 0 :(得分:2)
As suggested, I was losing leading zeros in conversions. Implementation was fine, but in test the line
b.keyExpansion(Long.toHexString(key[i]));
was causing errors. Replacing it with
b.keyExpansion(String.format("%016x", key[i]));
worked.
Seems obvious now, since each failed test at least one had leading zero.
I assumed that every key will be longer than 8 bytes, for some reason. To get keyExpansion
to work for short keys, I changed reading from key like so:
for (int i = 0; i < N + 2; i++) {
StringBuilder keySubstring = new StringBuilder();
for (int j = 0; j < 8; j++) {
int index = (i * 8 + j) % key.length();
keySubstring.append(key.charAt(index));
}
long keyChunk = Long.parseLong(keySubstring.toString(), 16);
P[i] ^= keyChunk;
}