AES.docx

1、AES/* Rijndael Block Cipher - rijndael.c Edited by Jianqin Zhou 28st April 2004 Written by Mike Scott 21st April 1999 mikecompapp.dcu.ie An alternative faster version is implemented in MIRACL ftp:/puting.dcu.ie/pub/crypto/miracl.zip Copyright (c) 1999 Mike Scott Simply compile and run, e.g. cl /O2 r

2、ijndael.c (Microsoft C) bcc32 /O2 rijndael.c (Borland C) gcc -O2 rijndael.c -o rijndael (Gnu C) Compiles and runs fine as a C+ program also. See rijndael documentation. The code follows the documentation as closely as possible, and where possible uses the same function and variable names. Permission

3、 for free direct or derivative use is granted subject to compliance with any conditions that the originators of the algorithm place on its exploitation. Inspiration from Brian Gladmans implementation is acknowledged. Written for clarity, rather than speed. Assumes long is 32 bit quantity. Full imple

4、mentation. Endian indifferent.*/#include #define BYTE unsigned char /* 8 bits */#define WORD unsigned long /* 32 bits */* rotates x one bit to the left */#define ROTL(x) (x)7)|(x)1)/* Rotates 32-bit word left by 1, 2 or 3 byte */#define ROTL8(x) (x)24)#define ROTL16(x) (x)16)#define ROTL24(x) (x)8)/

5、* Fixed Data */static BYTE InCo4=0xB,0xD,0x9,0xE; /* Inverse Coefficients */static BYTE fbsub256;static BYTE rbsub256;static BYTE ptab256,ltab256;static WORD ftable256;static WORD rtable256;static WORD rco30;/* Parameter-dependent data */int Nk,Nb,Nr;BYTE fi24,ri24;WORD fkey120;WORD rkey120;static W

6、ORD pack(BYTE *b) /* pack bytes into a 32-bit Word */ return (WORD)b324)|(WORD)b216)|(WORD)b18); b2=(BYTE)(a16); b3=(BYTE)(a24);/关于模多项式0x011b的乘10b运算static BYTE xtime(BYTE a) BYTE b; if (a&0x80) b=0x1B; else b=0; a=1; a=b; return a;static BYTE bmul(BYTE x,BYTE y) /* x.y= AntiLog(Log(x) + Log(y) */ if

7、 (x & y) return ptab(ltabx+ltaby)%255; else return 0;static WORD SubByte(WORD a) BYTE b4; unpack(a,b); b0=fbsubb0; b1=fbsubb1; b2=fbsubb2; b3=fbsubb3; return pack(b); static BYTE product(WORD x,WORD y) /* dot product of two 4-byte arrays */ BYTE xb4,yb4; unpack(x,xb); unpack(y,yb); return bmul(xb0,y

8、b0)bmul(xb1,yb1)bmul(xb2,yb2)bmul(xb3,yb3);static WORD InvMixCol(WORD x) /* matrix Multiplication */ WORD y,m; BYTE b4; m=pack(InCo); b3=product(m,x); m=ROTL24(m); b2=product(m,x); m=ROTL24(m); b1=product(m,x); m=ROTL24(m); b0=product(m,x); y=pack(b); return y;BYTE ByteSub(BYTE x) BYTE y=ptab255-lta

9、bx; /* multiplicative inverse */ x=y; x=ROTL(x); y=x; x=ROTL(x); y=x; x=ROTL(x); y=x; x=ROTL(x); y=x; y=0x63; return y;void gentables(void) /* generate tables */ int i; BYTE y,b4; /* use 3 as primitive root to generate power and log tables */ ltab0=0; ptab0=1; ltab1=0; ptab1=3; ltab3=1; for (i=2;i25

10、6;i+) ptabi=ptabi-1xtime(ptabi-1); ltabptabi=i; /* affine transformation:- each bit is xored with itself shifted one bit 仿射变换 */ fbsub0=0x63; rbsub0x63=0; for (i=1;i256;i+) y=ByteSub(BYTE)i); fbsubi=y; rbsuby=i; for (i=0,y=1;i30;i+) rcoi=y; y=xtime(y); /* calculate forward and reverse tables */ for

11、(i=0;i256;i+) y=fbsubi; b3=yxtime(y); b2=y; b1=y; b0=xtime(y); ftablei=pack(b); y=rbsubi; b3=bmul(InCo0,y); b2=bmul(InCo1,y); b1=bmul(InCo2,y); b0=bmul(InCo3,y); rtablei=pack(b); void strtoHex(char *str,char *hex) char ch; int i=0, by = 0; while(i = 0 & ch = 9) by = (by = A & ch = F) by = (by 4) + c

12、h - A + 10; else / error if not hexadecimal printf(key must be in hexadecimal notationn); exit(0); / store a key byte for each pair of hexadecimal digits if(i+ & 1) hexi / 2 - 1 = by & 0xff; void hextoStr(char *hex,char *str) int i=0, by = 0; while(i 4 &0x0f; if(by = 0 & by = 0x0A & by = 0 & by = 0x

13、0A & by =Nk) Nr=6+Nb; else Nr=6+Nk; C1=1; if (Nb8) C2=2; C3=3; else C2=3; C3=4; /* pre-calculate forward and reverse increments */ for (m=j=0;jnb;j+,m+=3) fim=(j+C1)%nb; fim+1=(j+C2)%nb; fim+2=(j+C3)%nb; rim=(nb+j-C1)%nb; rim+1=(nb+j-C2)%nb; rim+2=(nb+j-C3)%nb; N=Nb*(Nr+1); for (i=j=0;iNk;i+,j+=4) C

14、ipherKeyi=pack(BYTE *)&keyj); for (i=0;iNk;i+) fkeyi=CipherKeyi; for (j=Nk,k=0;jN;j+=Nk,k+) fkeyj=fkeyj-NkSubByte(ROTL24(fkeyj-1)rcok; if (Nk=6) for (i=1;iNk & (i+j)N;i+) fkeyi+j=fkeyi+j-Nkfkeyi+j-1; else for (i=1;i4 &(i+j)N;i+) fkeyi+j=fkeyi+j-Nkfkeyi+j-1; if (j+4)N) fkeyj+4=fkeyj+4-NkSubByte(fkeyj

15、+3); for (i=5;iNk & (i+j)N;i+) fkeyi+j=fkeyi+j-Nkfkeyi+j-1; /* now for the expanded decrypt key in reverse order */ for (j=0;jNb;j+) rkeyj+N-Nb=fkeyj; for (i=Nb;iN-Nb;i+=Nb) k=N-Nb-i; for (j=0;jNb;j+) rkeyk+j=InvMixCol(fkeyi+j); for (j=N-Nb;jN;j+) rkeyj-N+Nb=fkeyj;/* There is an obvious time/space t

16、rade-off possible here. * * Instead of just one ftable, I could have 4, the other * * 3 pre-rotated to save the ROTL8, ROTL16 and ROTL24 overhead */ void encrypt(char *buff) int i,j,k,m; WORD a8,b8,*x,*y,*t; for (i=j=0;iNb;i+,j+=4) ai=pack(BYTE *)&buffj); ai=fkeyi; k=Nb; x=a; y=b;/* State alternates

17、 between a and b */ for (i=1;iNr;i+) /* Nr is number of rounds. May be odd. */* if Nb is fixed - unroll this next loop and hard-code in the values of fi */ for (m=j=0;j8) ROTL16(ftable(BYTE)(xfim+116) ROTL24(ftablexfim+224); t=x; x=y; y=t; /* swap pointers */ /* Last Round - unroll if possible */ fo

18、r (m=j=0;j8) ROTL16(WORD)fbsub(BYTE)(xfim+116) ROTL24(WORD)fbsubxfim+224); for (i=j=0;iNb;i+,j+=4) unpack(yi,(BYTE *)&buffj); xi=yi=0; /* clean up stack */ return;void decrypt(char *buff) int i,j,k,m; WORD a8,b8,*x,*y,*t; for (i=j=0;iNb;i+,j+=4) ai=pack(BYTE *)&buffj); ai=rkeyi; k=Nb; x=a; y=b;/* St

19、ate alternates between a and b */ for (i=1;iNr;i+) /* Nr is number of rounds. May be odd. */* if Nb is fixed - unroll this next loop and hard-code in the values of ri */ for (m=j=0;j8) ROTL16(rtable(BYTE)(xrim+116) ROTL24(rtablexrim+224); t=x; x=y; y=t; /* swap pointers */ /* Last Round - unroll if

20、possible */ for (m=j=0;j8) ROTL16(WORD)rbsub(BYTE)(xrim+116) ROTL24(WORD)rbsubxrim+224); for (i=j=0;iNb;i+,j+=4) unpack(yi,(BYTE *)&buffj); xi=yi=0; /* clean up stack */ return;int main() /* test driver */ int i,nb,nk; char str=abcd1234567890123456789012345678901212345678901234567890123456789012; ch

21、ar key32; char block32; gentables(); strtoHex(str,key); hextoStr(key,str); /just to test these two functions printf(Key= ); for (i=0;i64;i+) printf(%c,stri); printf(n); for (i=0;i32;i+) blocki=i; for (nb=4;nb=8;nb+=2) for (nk=4;nk=8;nk+=2) printf(nBlock Size= %d bits, Key Size= %d bitsn,nb*32,nk*32); gkey(nb,nk,key); printf(Plain= ); for (i=0;inb*4;i+) printf(%02x,blocki); printf(n); encrypt(block); printf(Encrypt= ); for (i=0;inb*4;i+) printf(%02x,(unsigned char)blocki); printf(n); decrypt(block); printf(Decrypt= ); for (i=0;inb*4;i+) printf(%02x,blocki); printf(n); return 0;