A decryption method and system based on an Aes algorithm

Abstract

The invention provides a decryption method and system based on an Aes algorithm, and the method comprises the steps: receiving a ciphertext, and obtaining a corresponding original authentication labeland a key index; adding a standby initial vector memory, calling an initial vector corresponding to the key index of the current ciphertext, updating the initial vector according to an Aes protocol rule, and storing the updated initial vector in the standby initial vector memory to form a corresponding standby initial vector; according to the same Aes protocol operation logic, obtaining a first plaintext and a second plaintext corresponding to the current ciphertext respectively according to the obtained parameters, and obtaining a first authentication label and a second authentication labelcorresponding to the first plaintext and the second plaintext respectively; and confirming an output decryption result according to a corresponding relationship among the first authentication tag, thesecond authentication tag and the original authentication tag. According to the method and the device, the two back-to-back messages to be decrypted with the same key index can be correctly decrypted, so that the dropping probability in the message decryption process is reduced, and the chip bandwidth is not influenced while the network message security is ensured.

Description

technical field [0001] The invention relates to the field of network communication, in particular to a decryption method and system based on the Aes algorithm. Background technique [0002] AES (Advanced Encryption Standard) is a symmetric block cipher algorithm released by the National Institute of Standards and Technology in FIPS PUB 197 in 2001. The Ethernet switch chip needs to encrypt and decrypt the input message according to the Aes algorithm in the 802.1AE protocol to ensure information security. This algorithm groups information into 128 bits (16 bytes). text) to decrypt the Aes algorithm, it is necessary to get the corresponding data from ivInfo (initial vector memory) and calculate iv (Initial Vector, initial vector) at the moment of sop (Start of packet, packet start), that is, when the message starts to be sent, Calculate the correct icv (Integrity Check Value, authentication label) at eop (End of packet, end of packet), and compare it with the authentication l...

AI Technical Summary

Problems solved by technology

Usually, in order to ensure high bandwidth, a pipeline method is used to implement; when using pipeline operations, there will be some special situations. When two back-to-back messages with the same key index need to be decrypted, the first message will be decrypted according to the key index. Get the corresponding initial vector and calculate the corresponding authentication label at eop. If the eop of the first packet has not arrived yet, the second packet has already entered the pipeline for decryption. At this time, the second packet needs to Get your own initial vector, but the authentication label calculation of the first package is not yet completed, so the initial vector obtained by the second package is the old value, at this time the decryption of the second package will be wrong, resulting in back-to-back The second packet is dropped

Images