| ||||
| ||||
| draft-popov-cryptopro-cpalgs-04.txt 6.5 CryptoPro KEK Diversification Algorithm Given a random 64-bit UKM, and a GOST 28147-89 key K, this algorithm creates a new GOST 28147-89 key K(UKM). 1) Let K[0] = K; 2) UKM is split into components a[i,j]: UKM = a[0]|..|a[7] (a[i] - byte, a[i,0]..a[i,7] - it’s bits) 3) Let i be 0. 4) K[1]..K[8] are calculated by repeating the following algorithm eight times: A) K[i] is split into components k[i,j]: K[i] = k[i,0]|k[i,1]|..|k[i,7] (k[i,j] - 32-bit integer) B) Vector S[i] is calculated: S[i] = ((a[i,0]*k[i,0] + ... + a[i,7]*k[i,7]) mod 2^32) OR (((~a[i,0])*k[i,0] + ... + (~a[i,7])*k[i,7]) mod 2^32); C) K[i+1] = encryptCFB (S[i], K[i], K[i]) D) i = i + 1 До этого было (draft-popov-cryptopro-cpalgs-03.txt) B) Vector S[i] is calculated: S[i] = ((a[i,0]*k[i,0] + ... + a[i,7]*k[i,7]) mod 2^32) | ((~a[i,0]*k[i,0] + ... + ~a[i,7]*k[i,7]) mod 2^32); Почему изменился знак конкетенации "|" на логическое OR? Ведь в этом случае S[i] будет почти всегда равна 0x0000 0000 FFFF FFFF. | ||||
| Ответы: | ||||
| ||||
| Спасибо. Безусловно, там должна была быть конкатенация. Опечатка будет исправлена перед публикацией RFC. | ||||
DimaP