c++ - Tag18 的 OpenPGP CFB 模式

Question

bottom of page 50 in RFC 4880描述了如何加密明文数据以存储在对称加密完整性保护数据包(标签 18)中。它说 CFB mode用来。我已经为 CFB 编写了代码，以便它按照第 13.9 节(针对对称加密数据包(标签 9))中的描述工作。然而，在第 50 页，它还说:

Unlike the Symmetrically Encrypted Data Packet, no special CFBresynchronization is done after encrypting this prefix data.

因此对于标签 18，步骤应如下所示:

Step by step, here is the procedure:

1. The feedback register (FR) is set to the IV, which is all zeros.

2. FR is encrypted to produce FRE (FR Encrypted). This is theencryption of an all-zero value.

3. FRE is xored with the first BS octets of random data prefixed tothe plaintext to produce C1 through C[BS], the first BS octetsof ciphertext.

4. FR is loaded with C[1] through C[BS].

5. FR is encrypted to produce FRE, the encryption of the first BSoctets of ciphertext.

6. The left two octets of FRE get xored with the next two octets ofdata that were prefixed to the plaintext. This produces C[BS+1]and C[BS+2], the next two octets of ciphertext.

7. (̶T̶h̶e̶ ̶r̶e̶s̶y̶n̶c̶h̶r̶o̶n̶i̶z̶a̶t̶i̶o̶n̶ ̶s̶t̶e̶p̶)̶ ̶F̶R̶ ̶i̶s̶ ̶l̶o̶a̶d̶e̶d̶ ̶w̶i̶t̶h̶ ̶C̶[̶3̶]̶ ̶t̶h̶r̶o̶u̶g̶h̶C̶[̶B̶S̶+̶2̶]̶.̶

8. FR is encrypted to produce̶ FRE

9. FRE is xored with the first BS octets of the given plaintext, nowthat we have finished encrypting the BS+2 octets of prefixeddata. This produces C[BS+3] through C[BS+(BS+2)], the next BSoctets of ciphertext.

10. FR is loaded with C[BS+3] to C[BS + (BS+2)] (which is C11-C18 foran 8-octet block).

    11. FR is encrypted to produce FRE.

    12. FRE is xored with the next BS octets of plaintext, to producethe next BS octets of ciphertext. These are loaded into FR, andthe process is repeated until the plaintext is used up.

由于没有做再同步步骤，所以第8步使用了第5步的FRE，所以可以忽略对吧？

从上面的步骤来看，我在下面的代码中误解了什么？我知道它适用于带有重新同步步骤的 Tag 9，但对于 Tag 18 来说有些东西没有加起来。

std::string CFB_encrypt(SymAlg * crypt, uint8_t packet, std::string data, std::string prefix){
    uint8_t BS = crypt -> blocksize() >> 3;
    // 1
    std::string IV(BS, 0);
    // 2
    std::string FR = IV;
    std::string FRE = crypt -> encrypt(FR);
    // 3
    FRE = xor_strings(FRE, prefix);
    std::string C = FRE;
    // 4
    FR = C;
    // 5
    FRE = crypt -> encrypt(FR);
    // 6
    C += xor_strings(FRE.substr(0, 2), prefix.substr(BS - 2, 2));
    // 7
    if (packet == 9){
        FR = C.substr(2, BS);
    }
    // 8
    FRE = crypt -> encrypt(FR);
    // 9
    C += xor_strings(FRE, data.substr(0, BS));
    unsigned int x = BS;
    while (x < data.size()){
        // 10
        FR = C.substr(x + 2, BS);
        // 11
        FRE = crypt -> encrypt(FR);
        // 12
        C += xor_strings(FRE, data.substr(x, BS));
        x += BS;
    }
    return C;
}

我错过了什么？

Answer 1

这里是您的第 3 步:

3. FRE is xored with the first BS octets of random data prefixed to the plaintext

与您的代码不匹配:

// 3
std::string C = FRE;

这里没有异或运算。尝试将其更改为:

std::string C = xor_strings(FRE, prefix.substr(0,8));