Mismatch the test vector of stream cipher
Neo-ZK opened this issue · comments
Hi Duke:
I'm doing the implementation of stream cipher sid, unfortunately, I can't get the same result of the test vector.
the test vector I'm trying is shown below :
key 4d9d0fd25a25e7f321ef464e13f9fa3d
cid 1020607efbe82049ddbf3a7c3d9d32604d sid 3c su 32604d
and every step of my implementation is shown below:
step1: server_id_intermediate = encrypted_server_id ^ AES-ECB(key, padded-encrypted-nonce)
encrypted_server_id: 20
padded-encrypted-nonce: 607efbe82049ddbf3a7c3d9d00000000
AES-ECB(key, padded-encrypted-nonce): 25dbfabb48e6b97ad6d90bd0429c8f51
server_id_intermediate: 05
step2: nonce = encrypted_nonce ^ AES-ECB(key, padded-server_id_intermediate)
encrypted_nonce: 607efbe82049ddbf3a7c3d9d
padded-server_id_intermediate: 05000000000000000000000000000000
AES-ECB(key, padded-server_id_intermediate): 5be0397463a73760a01733b18a046c2e
nonce: 3b9ec29c43eeeadf9a6b0e2c
step3: server_id = server_id_intermediate ^ AES-ECB(key, padded-nonce)
server_id_intermediate: 05
padded-nonce: 3b9ec29c43eeeadf9a6b0e2c00000000
AES-ECB(key, padded-nonce): e916401560d59bbdc4bd5d6e0d2e0098
server_id: ec
To avoid encryption library problem, I have tried c implementation with OpenSSL and python implementation with inner crypto library, all get the same result
Actually, I strongly suggest that we should not use zero-padding, but use #PKCS7(see RFC2315) instead, for reasons below:
- Zero-padding has never been a standard way in crypto, only some test case will use this way.
- For some common crypto libraries(such as OpenSSL), #PKCS7 is the default padding mode of AES encryption, implementers have to explicitly disable the internal padding mechanism, and do zero-padding by themselves, which may bring puzzles to implementers
Hi William,
Please note that the latest version of the draft has removed the test vectors. I haven't yet coded the latest version of the algorithm, as I'm waiting for the crypto review to complete. Sorry to waste your time!
Regarding PKCS#7, can you file a PR? I'm open to moving away from zero-padding, especially if it makes it easier to implement.
Ah, I got it, pr is coming, moreover, I'd like to also give another pr about the test vector of stream cipher
Don't bother with test vectors; the Stream Cipher design is not locked right now
Don't bother with test vectors; the Stream Cipher design is not locked right now
OK
I have just make a pr, which almost renew the introduction of stream cipher, please have a look ;-)
Thanks. The stream cipher design is undergoing crypto review, so I'm not taking any action on it until that is complete.