AES加密算法基于python实现
AES加密算法
**最近对这个算法进行了重写,文章地址
- 允许加密任意长度的字符串和文件
- 密钥长度可以是小于16字节的任意字符串
前言:
这篇文章的输入只能是16位16进制表示的字符串。密钥也固定只能是16位的16进制字符串
限制比较多
AES是对称加密算法,本文实现的是128bit密钥的Rijndael算法
采用的语言:python
参考了Python实现AES加密算法(无第三方库)一些基本数据直接复制了过来
加密
一、 基本运算
1. 字节代替subBytes----------用一个S盒完成分组中的按字节的代替
2. 行移位shiftRows-----------一个简单的置换
3. 列混淆mixColumns----------一个利用在域GF(2^8)上的算数特性的代替
4. 轮密钥加addRoundKey--------一个利用当前分组和扩展密钥的一部分进行按位异或
二、加密过程
- 128位密钥需要加密10轮
- 在第一轮加密之前之前需要进行一次轮密钥加
- addRoundKey
- 前9轮循环执行以下操作:
- subBytes
- shiftRows
- mixColumns
- addRoundKey
- 最后一轮(即第10轮没有列混淆):
- subBytes
- shiftRows
- addRoundKey
三、基本加密变换
1、1.S盒变换——SubBytes(字节运算)
SubBytes()变换是一个基于S盒的非线性置换,它用于将输人或中间态的每一个字节通
过一个简单的查表操作,将其映射为另一个字节。
映射方法是:把输入字节的高4位作为S盒的行值,低4位作为列值,然后取出S盒中对应和列的元素作为输出。
例如:输入为“95”(十六进制表示)的值所对应的S盒的 行值为“9” 列值为“5”, S盒中相应位置的值为“2a”,就说明“95”被映射为“2a”。
S_BOX = [[0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76],
[0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0],
[0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15],
[0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75],
[0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84],
[0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF],
[0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8],
[0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2],
[0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73],
[0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB],
[0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79],
[0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08],
[0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A],
[0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E],
[0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF],
[0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]]
subBytes函数代码
def subBytes(self,Matrix,state):#根据传入的Matrix确定实现字节代替(或逆字节代替)
#列表推导式
return [Matrix[i][j] for i,j in[(t>>4,t&0xf) for t in state]]
其中Matrix参数是置换需要的S盒,加密的时候传入S_BOX、解密的时候传入I_SOX
state为待置换的中间态
2、shiftRows
def shiftRows(self,s):
return [s[0],s[1],s[2],s[3],
s[5],s[6],s[7],s[4],
s[10],s[11],s[8],s[9],
s[15],s[12],s[13],s[14]]
- 完成基于行的循环移位操作,输入是一个4x4的矩阵,每一个元素都是一个字节,移位操作为:
- 第0行元素位置不变
- 第1行循环左移1个字节——————即5号元素在原来的4号元素的位置上,后面的依次往前移一个下标,而4号元素移到了第1行行尾了,后面以此类推
- 第2行循环左移2个字节
- 第3行循环左移3个字节
三、mixColumns
难点在域GF(2^8)上的乘法
def mixColumns(self,matrix,state):
ls=[]
temp=0x0
for round in range(4):
for row in range(4):#矩阵MIX_C的一行乘以state的每一列
for col in range(4):
temp^=self.mul_all(matrix[round][col],state[col*4+row])
ls.append(temp)
temp=0x0
return ls
def mul_all(self,p1,p2):#有限域(G(2^8))上的乘法
result=0x0
pp=p1
temp=0x1
#将p1拆分成符合mul_2函数的参数形式
for i in range(8):
if p1==0:#当乘数等于0的时候就跳出循环
break
if pp&temp:
result^=self.mul_2(temp,p2)
temp<<=1
p1>>=1
return result
def mul_2(self,p1,p2):#递归处理有限域乘法(处理乘数p1的数据形如:0x1,0x2,0x4,0x8,0x10,0x20,0x40,0x80)
if p1==1: #p1为乘数,p2为被乘数
return p2
else:
return (self.mul_2(p1>>1,(p2<<1&0xff)^(0x1b if p2&0x80 else 0x00)))#result=(p2<<1&0xff)^(0x1b if p2&0x80 else 0x00)中间结果项
后面的直接上代码:
完整代码如下:
class AES_128:
#列混合矩阵
MIX_C = [[0x2, 0x3, 0x1, 0x1], [0x1, 0x2, 0x3, 0x1], [0x1, 0x1, 0x2, 0x3], [0x3, 0x1, 0x1, 0x2]]
I_MIXC = [[0xe, 0xb, 0xd, 0x9], [0x9, 0xe, 0xb, 0xd], [0xd, 0x9, 0xe, 0xb], [0xb, 0xd, 0x9, 0xe]]
RCon = [0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000]
S_BOX = [[0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76],
[0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0],
[0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15],
[0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75],
[0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84],
[0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF],
[0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8],
[0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2],
[0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73],
[0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB],
[0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79],
[0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08],
[0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A],
[0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E],
[0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF],
[0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]]
I_SBOX = [[0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB],
[0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB],
[0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E],
[0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25],
[0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92],
[0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84],
[0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06],
[0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B],
[0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73],
[0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E],
[0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B],
[0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4],
[0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F],
[0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF],
[0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61],
[0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D]]
def subBytes(self,Matrix,state):#根据传入的Matrix确定实现字节代替(或逆字节代替)
return [Matrix[i][j] for i,j in[(t>>4,t&0xf) for t in state]]
def mixColumns(self,matrix,state):
ls=[]
temp=0x0
for round in range(4):
for row in range(4):#矩阵MIX_C的一行乘以state的每一列
for col in range(4):
temp^=self.mul_all(matrix[round][col],state[col*4+row])
ls.append(temp)
temp=0x0
return ls
def shiftRows(self,s):#加密时的行移位
return [s[0],s[1],s[2],s[3],
s[5],s[6],s[7],s[4],
s[10],s[11],s[8],s[9],
s[15],s[12],s[13],s[14]]
def inShiftRows(self,s):#逆行移位,解密时的行移位
return [s[0],s[1],s[2],s[3],
s[7],s[4],s[5],s[6],
s[10],s[11],s[8],s[9],
s[13],s[14],s[15],s[12]]
def addRoundKey(self,state,kw):
ls=[0]*16
for row in range(4):
for col in range(4):
ls[col*4+row]=state[col*4+row]^kw[row*4+col]
return ls
def mul_2(self,p1,p2):#递归处理有限域乘法(处理乘数p1的数据形如:0x1,0x2,0x4,0x8,0x10,0x20,0x40,0x80)
if p1==1: #p1为乘数,p2为被乘数
return p2
else:
return (self.mul_2(p1>>1,(p2<<1&0xff)^(0x1b if p2&0x80 else 0x00)))#result=(p2<<1&0xff)^(0x1b if p2&0x80 else 0x00)中间结果项
def mul_all(self,p1,p2):#有限域(G(2^8))上的乘法
result=0x0
pp=p1
temp=0x1
for i in range(8):
if p1==0:#当乘数等于0的时候就跳出循环
break
if pp&temp:
result^=self.mul_2(temp,p2)
temp<<=1
p1>>=1
return result
def keyExpansion(self,key):
kw=[key>>96,key>>64&0xffffffff,key>>32&0xffffffff,key&0xffffffff]+[0]*40
for i in range(4,44):
temp=kw[i-1]
if i%4==0:
temp=self.subWord(self.rotWord(temp))^self.RCon[i//4-1]
kw[i]=kw[i-4]^temp
return [(kw[4*i]>>24,kw[4*i]>>16&0xff,kw[4*i]>>8&0xff,kw[4*i]&0xff,
kw[4*i+1]>>24,kw[4*i+1]>>16&0xff,kw[4*i+1]>>8&0xff,kw[4*i+1]&0xff,
kw[4*i+2]>>24,kw[4*i+2]>>16&0xff,kw[4*i+2]>>8&0xff,kw[4*i+2]&0xff,
kw[4*i+3]>>24,kw[4*i+3]>>16&0xff,kw[4*i+3]>>8&0xff,kw[4*i+3]&0xff)for i in range(11)]
def rotWord(self,word):
return ((word&0xffffff)<<8) + (word>>24)
def subWord(self,word):
result=0x0
for i in range(4):
temp=word&0xff000000
word<<=8
temp>>=24
result=(result<<8)+self.S_BOX[temp>>4][temp&0xf]
return result
#加密
def encrypt(self,text,key):
kw=self.keyExpansion(key)
state=self.slipt(text)
state=self.addRoundKey(state,kw[0])
for i in range(1,10):
state=self.subBytes(self.S_BOX,state)
state=self.shiftRows(state)
state=self.mixColumns(self.MIX_C,state)
state=self.addRoundKey(state,kw[i])
state=self.subBytes(self.S_BOX,state)
state=self.shiftRows(state)
state=self.addRoundKey(state,kw[10])
return state
def decrypt(self,text,key):
kw=self.keyExpansion(key)
state=self.slipt(text)
state=self.addRoundKey(state,kw[10])
for i in [9,8,7,6,5,4,3,2,1]:
state=self.inShiftRows(state)
state=self.subBytes(self.I_SBOX,state)
state=self.addRoundKey(state,kw[i])
state=self.mixColumns(self.I_MIXC,state)
state=self.inShiftRows(state)
state=self.subBytes(self.I_SBOX,state)
state=self.addRoundKey(state,kw[0])
return state
#将输入的16字节进行划分
def slipt(self,text):
ls=[0]*16
for i in [3,2,1,0]:
for j in [3,2,1,0]:
ls[4*j+i]=text&0xff
text>>=8
return ls
#打印数据
def show(s):
for i in range(4):
for j in range(4):
print(hex(s[4*j+i]),end=' ')
print("加密:1 解密: 2 示例:3 退出:0")
k=int(input("你要进行的操作:"))
my=AES_128()
while k!=0:
if k==1:
text1=int(input("请输入明文:"),16)
key1=int(input("请输入密钥:"),16)
s=my.encrypt(text1,key1)
show(s)
elif k==2:
ciphertext1=int(input("请输入密文:"),16)
key1=int(input("请输入密钥:"),16)
s=my.decrypt(ciphertext1,key1)
show(s)
elif k==3:
text=0x3243f6a8885a308d313198a2e0370734
key= 0x2b7e151628aed2a6abf7158809cf4f3c
s=my.encrypt(text,key)
print("加密后的密文:")
show(s)
ciphertext=0x3925841d02dc09fbdc118597196a0b32
s=my.decrypt(ciphertext,key)
print('解密出的明文:')
show(s)
print()
k=int(input("你要进行的操作:"))
解密:
就是加密的逆变换