我需要为我的论文实现 CMAC 算法,但是我得到了错误的结果,并且根本无法识别错误在哪里。
子密钥 K1 的生成和 AES 加密算法,以及异或和 m_i 的组成都是正确的,我已经仔细检查过。
有人可以帮我吗?
只有一个大小为 128 位(16 个八位字节)的块,因此 'flag' 为真且 'n' = 1
我试图复制的步骤是:
+ +
+ Step 4. if flag is true +
+ then M_last := M_n XOR K1; +
+ else M_last := padding(M_n) XOR K2; +
+ Step 5. X := const_Zero; +
+ Step 6. for i := 1 to n-1 do +
+ begin +
+ Y := X XOR M_i; +
+ X := AES-128(K,Y); +
+ end +
+ Y := M_last XOR X; +
+ T := AES-128(K,Y); +
+ Step 7. return T; +
我的实现是这样的:
def generate_cmac(master_key, message_counter, meter_id, key1):
padding = [0, 7, 0, 7, 0, 7, 0, 7, 0, 7, 0, 7, 0, 7]
m_i = AES_Decryption.hexadecimal_to_binary([0, 0])
m_i.extend(message_counter)
m_i.extend(meter_id)
m_i.extend(AES_Decryption.hexadecimal_to_binary(padding))
print(AES_Decryption.binary_to_hexadecimal(m_i))
m_last = AES_Decryption.xor(m_i, key1, 'bytewise')
init_vector = AES_Decryption.hexadecimal_to_binary(
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
variable_x = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
variable_y = AES_Decryption.xor(m_last, variable_x, 'bytewise')
k_enc = AES_Decryption.aes_encryption(variable_y, master_key, init_vector)
print(AES_Decryption.binary_to_hexadecimal(k_enc))