21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

divide up the data stream between those MACs. For example, you might run two<br />

MACs in parallel and alternate sending 64 bytes to each MAC.<br />

The problem with doing this is that your two MAC’s authentication values need to<br />

be tied together; otherwise, someone could rearrange the two halves of your stream.<br />

For example, if you were to MAC this message:<br />

ABCDEFGHIJKL<br />

where MAC 1 processed the first six characters, yielding tag A, and MAC 2 processed<br />

the final six, yielding tag B, an attacker could rearrange the message to be:<br />

GHIJKLABCDEF<br />

and report the tags in the reverse order. Authentication would not detect the change.<br />

To solve this problem, once all the MACs are reported, MAC all the resulting tags to<br />

create a composite MAC. Alternatively, you could take the last MAC context and<br />

add in the MAC values for the other contexts before generating the tag, as illustrated<br />

in Figure 6-8.<br />

Original message M 1<br />

MAC<br />

MAC<br />

If your MAC accepts a nonce, you can use the same key for each context, as long as<br />

you never reuse a {key, nonce} pair.<br />

Here’s a simple sequential example that runs two OMAC1 contexts, alternating<br />

every 512 bytes, that produces a single resulting tag of 16 bytes. It uses the OMAC1<br />

implementation from Recipe 6.11.<br />

#include <br />

M 1<br />

Figure 6-8. Properly interleaving MACs<br />

#define INTERLEAVE_SIZE 512<br />

M 2<br />

M 2<br />

unsigned char *spc_double_mac(unsigned char *text, size_t len,<br />

unsigned char key[16]) {<br />

SPC_OMAC_CTX ctx1, ctx2;<br />

unsigned char *out = (unsigned char *)malloc(16);<br />

unsigned char tmp[16];<br />

if (!out) abort(); /* Consider throwing an exception instead. */<br />

spc_omac1_init(&ctx1, key, 16);<br />

spc_omac1_init(&ctx2, key, 16);<br />

while (len > 2 * INTERLEAVE_SIZE) {<br />

M 3<br />

M 3<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.<br />

M 4<br />

M 4<br />

M 5<br />

M 5<br />

T 1<br />

T 1<br />

Output<br />

Parallelizing MACs | 305

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!