ASE 加密和解密流程
假设我们已经有明文text和密钥m,均为128位(4*4bytes),我们可以m看着一个4*4的byte数组。
加密方和解密方拥有着共同的密钥(m),通过相同的方法将m1扩展成相同的11*4*4byte的扩展密钥(我们叫它M吧,M为11个m大小,可用44*4的byte数组去装),当然加密方的扩展密钥也是一样的。
一、获取扩展密钥M的扩展方法:
(M在结构上由m0,m1,m2....,m11组成;mi大小等于m,均为4*4的byte数组;一个mi用于一轮加密;M为44*4的byte数组)
i为第i个m结构,j为M的行号(0<=j<44)
for m[4]->m[43]
当 i=0, m0=m;
当 i>0 && j%4!=0,M[j]=M[j-4]^M[j-1];
当 i>0 && j%4==0,M[j]=M[j-4]^(SubWord(RotWord(M[j-1])) ^Rcon[j/4] );
其中SubWord函数RotWord函数是2个操作,Rcon是一个固定常数数组。
SubWord: 将Mi里面的每个字节的,左4位值为x,右4位为y,用sbox[x][y]的值来更新代替该字节。(sbox是16*16的byte类型的固定数组)
RotWord : 将Mi里面4个字节实现循环左移1个字节
二、加密(i从0到10)
第0轮:text与mi异或
第1-9轮: 置换》行移位》列混淆》text与mi异或
第10轮: 置换》行移位》text与mi异或
列混淆:GF(2^8)下,常数矩阵p1*text
三、解密(i从10到0)
第0轮:text与mi异或》行移位》置换
第1-9轮: text与mi异或》列混淆》行移位》置换
第10轮: text与mi异或
列混淆:GF(2^8)下,常数矩阵p2*text
Rcon:
private static byte[] Rcon={
0x00,0x01,0x02,0x04,0x08,0x10,0x20,0x40,(byte) 0x80,0x1B,0x36
};sbox:
private static byte[][] sbox={
{99,124,119,123,-14,107,111,-59,48,1,103,43,-2,-41,-85,118},
{-54,-126,-55,125,-6,89,71,-16,-83,-44,-94,-81,-100,-92,114,-64},
{-73,-3,-109,38,54,63,-9,-52,52,-91,-27,-15,113,-40,49,21},
{4,-57,35,-61,24,-106,5,-102,7,18,-128,-30,-21,39,-78,117},
{9,-125,44,26,27,110,90,-96,82,59,-42,-77,41,-29,47,-124},
{83,-47,0,-19,32,-4,-79,91,106,-53,-66,57,74,76,88,-49},
{-48,-17,-86,-5,67,77,51,-123,69,-7,2,127,80,60,-97,-88},
{81,-93,64,-113,-110,-99,56,-11,-68,-74,-38,33,16,-1,-13,-46},
{-51,12,19,-20,95,-105,68,23,-60,-89,126,61,100,93,25,115},
{96,-127,79,-36,34,42,-112,-120,70,-18,-72,20,-34,94,11,-37},
{-32,50,58,10,73,6,36,92,-62,-45,-84,98,-111,-107,-28,121},
{-25,-56,55,109,-115,-43,78,-87,108,86,-12,-22,101,122,-82,8},
{-70,120,37,46,28,-90,-76,-58,-24,-35,116,31,75,-67,-117,-118},
{112,62,-75,102,72,3,-10,14,97,53,87,-71,-122,-63,29,-98},
{-31,-8,-104,17,105,-39,-114,-108,-101,30,-121,-23,-50,85,40,-33},
{-116,-95,-119,13,-65,-26,66,104,65,-103,45,15,-80,84,-69,22},
};逆sbox:
private static byte[][] nsbox={
{82,9,106,-43,48,54,-91,56,-65,64,-93,-98,-127,-13,-41,-5},
{124,-29,57,-126,-101,47,-1,-121,52,-114,67,68,-60,-34,-23,-53},
{84,123,-108,50,-90,-62,35,61,-18,76,-107,11,66,-6,-61,78},
{8,46,-95,102,40,-39,36,-78,118,91,-94,73,109,-117,-47,37},
{114,-8,-10,100,-122,104,-104,22,-44,-92,92,-52,93,101,-74,-110},
{108,112,72,80,-3,-19,-71,-38,94,21,70,87,-89,-115,-99,-124},
{-112,-40,-85,0,-116,-68,-45,10,-9,-28,88,5,-72,-77,69,6},
{-48,44,30,-113,-54,63,15,2,-63,-81,-67,3,1,19,-118,107},
{58,-111,17,65,79,103,-36,-22,-105,-14,-49,-50,-16,-76,-26,115},
{-106,-84,116,34,-25,-83,53,-123,-30,-7,55,-24,28,117,-33,110},
{71,-15,26,113,29,41,-59,-119,111,-73,98,14,-86,24,-66,27},
{-4,86,62,75,-58,-46,121,32,-102,-37,-64,-2,120,-51,90,-12},
{31,-35,-88,51,-120,7,-57,49,-79,18,16,89,39,-128,-20,95},
{96,81,127,-87,25,-75,74,13,45,-27,122,-97,-109,-55,-100,-17},
{-96,-32,59,77,-82,42,-11,-80,-56,-21,-69,60,-125,83,-103,97},
{23,43,4,126,-70,119,-42,38,-31,105,20,99,85,33,12,125}
};矩阵p1:
private static byte[][] p1={
{2,3,1,1},
{1,2,3,1},
{1,1,2,3},
{3,1,1,2}
};矩阵p2:
private static byte[][] p2={
{14,11,13,9},
{9,14,11,13},
{13,9,14,11},
{11,13,9,14}
};------------ 由于是自学,能力有限且查到的资料还存在自相矛盾,所以以上内容可能有错误,谢谢大家指出------------------------------------------------------------------------------