时间:2026-03-24 21:42
人气:
作者:admin
编程实AES的加密和解密算法,对明文“0x3243f6a8885a308d313198a2e0370734”进行加密,采用密钥“0x2b7e151628aed2a6abf7158809cf4f3c”, 输出每一轮的加密结果和轮密钥,并对密文进行解密,输出解密后的结果。
AES通常细分为AES-128、AES-192、AES-256。这里编程的目的主要是为了实现AES-128。
关于AES算法,我就不详细介绍了。因为本人懒,写博客相当花费时间。而且,国外的网站已经有比较好的博客介绍该算法[1],国内知乎也有比较优质且详细的博客介绍该算法。
#include <stdio.h>
// 定义S盒
const unsigned char SBox[16][16] = {
{0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76},
{0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0},
{0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15},
{0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75},
{0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84},
{0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf},
{0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8},
{0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2},
{0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73},
{0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb},
{0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79},
{0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08},
{0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a},
{0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e},
{0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf},
{0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16}
};
// 定义轮常量Rcon
const unsigned int Rcon[10] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000
};
// 字替代操作
unsigned int SubWord(unsigned int X) {
unsigned char a3 = X & 0x000000ff;
unsigned char a2 = (X & 0x0000ff00) >> 8;
unsigned char a1 = (X & 0x00ff0000) >> 16;
unsigned char a0 = (X & 0xff000000) >> 24;
unsigned char b3 = SBox[(a3 & 0xf0) >> 4][a3 & 0x0f];
unsigned char b2 = SBox[(a2 & 0xf0) >> 4][a2 & 0x0f];
unsigned char b1 = SBox[(a1 & 0xf0) >> 4][a1 & 0x0f];
unsigned char b0 = SBox[(a0 & 0xf0) >> 4][a0 & 0x0f];
return ((b0 << 24) | (b1 << 16) | (b2 << 8) | b3);
}
// 定义轮密钥加操作
void ADDROUNDKEY(unsigned int *state, unsigned int *w, int num_round) {
state[0] = state[0] ^ w[4 * num_round + 0];
state[1] = state[1] ^ w[4 * num_round + 1];
state[2] = state[2] ^ w[4 * num_round + 2];
state[3] = state[3] ^ w[4 * num_round + 3];
}
// 定义字节代替操作
void SUBBYTES(unsigned int *state) {
state[0] = SubWord(state[0]);
state[1] = SubWord(state[1]);
state[2] = SubWord(state[2]);
state[3] = SubWord(state[3]);
}
// 行移位操作
unsigned int RotRows(unsigned int A, int ROW) {
return (A >> (sizeof(unsigned int) * 8 - 8 * ROW) | (A << 8 * ROW));
}
// 移位操作(8bit)
unsigned int RotWord(unsigned int A) {
return (A >> (sizeof(unsigned int) * 8 - 8) | (A << 8));
}
void SHIFTROWS(unsigned int *state) {
unsigned int b0 = (state[0] & 0xff000000) |
((state[1] & 0xff000000) >> 8) |
((state[2] & 0xff000000) >> 16) |
((state[3] & 0xff000000) >> 24);
unsigned int b1 = ((state[0] & 0x00ff0000) << 8) |
(state[1] & 0x00ff0000) |
((state[2] & 0x00ff0000) >> 8) |
((state[3] & 0x00ff0000) >> 16);
unsigned int b2 = ((state[0] & 0x0000ff00) << 16) |
((state[1] & 0x0000ff00) << 8) |
(state[2] & 0x0000ff00) |
((state[3] & 0x0000ff00) >> 8);
unsigned int b3 = ((state[0] & 0x000000ff) << 24) |
((state[1] & 0x000000ff) << 16) |
((state[2] & 0x000000ff) << 8) |
(state[3] & 0x000000ff);
b0 = RotRows(b0, 0);
b1 = RotRows(b1, 1);
b2 = RotRows(b2, 2);
b3 = RotRows(b3, 3);
state[0] = (b0 & 0xff000000) |
((b1 & 0xff000000) >> 8) |
((b2 & 0xff000000) >> 16) |
((b3 & 0xff000000) >> 24);
state[1] = ((b0 & 0x00ff0000) << 8) |
(b1 & 0x00ff0000) |
((b2 & 0x00ff0000) >> 8) |
((b3 & 0x00ff0000) >> 16);
state[2] = ((b0 & 0x0000ff00) << 16) |
((b1 & 0x0000ff00) << 8) |
(b2 & 0x0000ff00) |
((b3 & 0x0000ff00) >> 8);
state[3] = ((b0 & 0x000000ff) << 24) |
((b1 & 0x000000ff) << 16) |
((b2 & 0x000000ff) << 8) |
(b3 & 0x000000ff);
}
// 定义扩域上的b•{02}操作
unsigned char GFMul2(unsigned char x) {
if ((x & 0x80) == 0x00)
return x << 1;
else
return ((x << 1) ^ 0x1b);
}
// 定义扩域上的b•{03}操作
unsigned char GFMul3(unsigned char x) {
return (x ^ GFMul2(x));
}
// 定义列混淆操作
void MIXCOLUMNS(unsigned int *state) {
for (int i = 0; i < 4; i++) {
unsigned char a0 = (state[i] & 0xff000000) >> 24;
unsigned char a1 = (state[i] & 0x00ff0000) >> 16;
unsigned char a2 = (state[i] & 0x0000ff00) >> 8;
unsigned char a3 = (state[i] & 0x000000ff);
unsigned char b0 = GFMul2(a0) ^ GFMul3(a1) ^ a2 ^ a3;
unsigned char b1 = a0 ^ GFMul2(a1) ^ GFMul3(a2) ^ a3;
unsigned char b2 = a0 ^ a1 ^ GFMul2(a2) ^ GFMul3(a3);
unsigned char b3 = GFMul3(a0) ^ a1 ^ a2 ^ GFMul2(a3);
state[i] = (b0 << 24) | (b1 << 16) | (b2 << 8) | b3;
}
}
// 定义密钥扩展函数
void KeyExpansion(unsigned int *key, unsigned int *w, unsigned int Nk, unsigned int Nr) {
unsigned int i = 0;
while (i <= Nk - 1) {
w[i] = key[i];
i = i + 1;
}
while (i <= 4 * Nr + 3) {
unsigned int temp = w[i - 1];
if (i % Nk == 0)
temp = SubWord(RotWord(temp)) ^ Rcon[i / Nk - 1];
else if (Nk > 6 && i % Nk == 4)
temp = SubWord(temp);
w[i] = w[i - Nk] ^ temp;
i = i + 1;
}
}
int main() {
unsigned int input[4] = {0x3243f6a8, 0x885a308d, 0x313198a2, 0xe0370734};
unsigned int KEY[4] = {0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c};
int Nk = 4;
int Nr = 10;
unsigned int w[4 * (10 + 1)] = {0};
KeyExpansion(KEY, w, Nk, Nr); // 获取轮密钥
printf("Round 0:\n");
ADDROUNDKEY(input, w, 0);
printf("Round 0 Encrypted Output: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
for (int i = 1; i <= (Nr - 1); i++) {
printf("Round %d:\n", i);
SUBBYTES(input);
printf("After SubBytes: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
SHIFTROWS(input);
printf("After ShiftRows: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
MIXCOLUMNS(input);
printf("After MixColumns: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
ADDROUNDKEY(input, w, i);
printf("After AddRoundKey: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
}
printf("Round %d:\n", Nr);
SUBBYTES(input);
printf("After SubBytes: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
SHIFTROWS(input);
printf("After ShiftRows: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
ADDROUNDKEY(input, w, Nr);
printf("After AddRoundKey: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
printf("The encrypted output is: %08x %08x %08x %08x\n",
input[0], input[1], input[2], input[3]);
return 0;
}
关于C语言编译器的选择通常是Dev c++,Clion,VS Studio,Vs Code,我只用的习惯Vs Code。但是如果缺乏相关经验,可以采用在线编译器或者虚拟机自带的环境进行编译运行。
基于C语言版本得到的Python版本。
#!/usr/bin/env python3
"""
AES-128加密算法的Python实现
基于C代码转换,包含完整的S盒、行移位、列混淆、密钥扩展和加密流程
"""
# S盒
SBox = [
[0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76],
[0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0],
[0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15],
[0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75],
[0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84],
[0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf],
[0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8],
[0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2],
[0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73],
[0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb],
[0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79],
[0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08],
[0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a],
[0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e],
[0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf],
[0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
]
# 轮常量Rcon
Rcon = [
0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000
]
# 字替代操作
def SubWord(X):
a3 = X & 0x000000ff
a2 = (X & 0x0000ff00) >> 8
a1 = (X & 0x00ff0000) >> 16
a0 = (X & 0xff000000) >> 24
b3 = SBox[(a3 & 0xf0) >> 4][a3 & 0x0f]
b2 = SBox[(a2 & 0xf0) >> 4][a2 & 0x0f]
b1 = SBox[(a1 & 0xf0) >> 4][a1 & 0x0f]
b0 = SBox[(a0 & 0xf0) >> 4][a0 & 0x0f]
return ((b0 << 24) | (b1 << 16) | (b2 << 8) | b3) & 0xFFFFFFFF
# 轮密钥加操作
def ADDROUNDKEY(state, w, num_round):
state[0] ^= w[4 * num_round + 0]
state[1] ^= w[4 * num_round + 1]
state[2] ^= w[4 * num_round + 2]
state[3] ^= w[4 * num_round + 3]
# 字节代替操作
def SUBBYTES(state):
state[0] = SubWord(state[0])
state[1] = SubWord(state[1])
state[2] = SubWord(state[2])
state[3] = SubWord(state[3])
# 行移位操作(针对32位字)
def RotRows(A, ROW):
# 循环左移 ROW 个字节(8*ROW 位)
return ((A >> (32 - 8 * ROW)) | (A << (8 * ROW))) & 0xFFFFFFFF
def RotWord(A):
# 循环左移一个字节(8位)
return ((A >> 24) | (A << 8)) & 0xFFFFFFFF
def SHIFTROWS(state):
# 从4个32位字中提取列字节
b0 = (state[0] & 0xff000000) | ((state[1] & 0xff000000) >> 8) | ((state[2] & 0xff000000) >> 16) | ((state[3] & 0xff000000) >> 24)
b1 = ((state[0] & 0x00ff0000) << 8) | (state[1] & 0x00ff0000) | ((state[2] & 0x00ff0000) >> 8) | ((state[3] & 0x00ff0000) >> 16)
b2 = ((state[0] & 0x0000ff00) << 16) | ((state[1] & 0x0000ff00) << 8) | (state[2] & 0x0000ff00) | ((state[3] & 0x0000ff00) >> 8)
b3 = ((state[0] & 0x000000ff) << 24) | ((state[1] & 0x000000ff) << 16) | ((state[2] & 0x000000ff) << 8) | (state[3] & 0x000000ff)
b0 = RotRows(b0, 0)
b1 = RotRows(b1, 1)
b2 = RotRows(b2, 2)
b3 = RotRows(b3, 3)
# 重新组合成列
state[0] = (b0 & 0xff000000) | ((b1 & 0xff000000) >> 8) | ((b2 & 0xff000000) >> 16) | ((b3 & 0xff000000) >> 24)
state[1] = ((b0 & 0x00ff0000) << 8) | (b1 & 0x00ff0000) | ((b2 & 0x00ff0000) >> 8) | ((b3 & 0x00ff0000) >> 16)
state[2] = ((b0 & 0x0000ff00) << 16) | ((b1 & 0x0000ff00) << 8) | (b2 & 0x0000ff00) | ((b3 & 0x0000ff00) >> 8)
state[3] = ((b0 & 0x000000ff) << 24) | ((b1 & 0x000000ff) << 16) | ((b2 & 0x000000ff) << 8) | (b3 & 0x000000ff)
# 确保所有值在32位范围内
for i in range(4):
state[i] &= 0xFFFFFFFF
# 扩域乘法 {02}
def GFMul2(x):
if (x & 0x80) == 0:
return (x << 1) & 0xFF
else:
return ((x << 1) ^ 0x1b) & 0xFF
def GFMul3(x):
return (x ^ GFMul2(x)) & 0xFF
# 列混淆操作
def MIXCOLUMNS(state):
for i in range(4):
a0 = (state[i] & 0xff000000) >> 24
a1 = (state[i] & 0x00ff0000) >> 16
a2 = (state[i] & 0x0000ff00) >> 8
a3 = (state[i] & 0x000000ff)
b0 = GFMul2(a0) ^ GFMul3(a1) ^ a2 ^ a3
b1 = a0 ^ GFMul2(a1) ^ GFMul3(a2) ^ a3
b2 = a0 ^ a1 ^ GFMul2(a2) ^ GFMul3(a3)
b3 = GFMul3(a0) ^ a1 ^ a2 ^ GFMul2(a3)
state[i] = (b0 << 24) | (b1 << 16) | (b2 << 8) | b3
state[i] &= 0xFFFFFFFF
# 密钥扩展
def KeyExpansion(key, w, Nk, Nr):
i = 0
while i <= Nk - 1:
w[i] = key[i]
i += 1
while i <= 4 * Nr + 3:
temp = w[i - 1]
if i % Nk == 0:
temp = SubWord(RotWord(temp)) ^ Rcon[i // Nk - 1]
elif Nk > 6 and i % Nk == 4:
temp = SubWord(temp)
w[i] = w[i - Nk] ^ temp
w[i] &= 0xFFFFFFFF
i += 1
def main():
# 测试向量
input_data = [0x3243f6a8, 0x885a308d, 0x313198a2, 0xe0370734]
KEY = [0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c]
Nk = 4
Nr = 10
w = [0] * (4 * (Nr + 1))
KeyExpansion(KEY, w, Nk, Nr)
# 初始轮密钥加
print("Round 0:")
ADDROUNDKEY(input_data, w, 0)
print(f"Round 0 Encrypted Output: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
# 第1轮到Nr-1轮
for i in range(1, Nr):
print(f"Round {i}:")
SUBBYTES(input_data)
print(f"After SubBytes: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
SHIFTROWS(input_data)
print(f"After ShiftRows: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
MIXCOLUMNS(input_data)
print(f"After MixColumns: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
ADDROUNDKEY(input_data, w, i)
print(f"After AddRoundKey: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
# 最后一轮(无MixColumns)
print(f"Round {Nr}:")
SUBBYTES(input_data)
print(f"After SubBytes: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
SHIFTROWS(input_data)
print(f"After ShiftRows: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
ADDROUNDKEY(input_data, w, Nr)
print(f"After AddRoundKey: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
print(f"The encrypted output is: {input_data[0]:08x} {input_data[1]:08x} {input_data[2]:08x} {input_data[3]:08x}")
if __name__ == "__main__":
main()
此外我感觉直接转换为Python代码的这个版本不够简洁,而且不太符合函数式编程。所以用比较先进的ai进行了简单优化。
#!/usr/bin/env python3
"""
AES-128加密算法的Python实现
基于C代码转换,包含完整轮函数、密钥扩展及中间结果输出
"""
# ==================== 常量定义 ====================
# S盒 (16x16)
SBOX = [
[0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76],
[0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0],
[0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15],
[0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75],
[0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84],
[0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf],
[0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8],
[0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2],
[0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73],
[0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb],
[0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79],
[0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08],
[0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a],
[0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e],
[0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf],
[0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
]
# 轮常量
RCON = [
0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000
]
# ==================== 辅助函数 ====================
def sub_word(x: int) -> int:
"""字替换:将32位字的每个字节通过S盒替换"""
# 提取每个字节 (从高到低)
a0 = (x >> 24) & 0xFF
a1 = (x >> 16) & 0xFF
a2 = (x >> 8) & 0xFF
a3 = x & 0xFF
# S盒替换
b0 = SBOX[a0 >> 4][a0 & 0x0F]
b1 = SBOX[a1 >> 4][a1 & 0x0F]
b2 = SBOX[a2 >> 4][a2 & 0x0F]
b3 = SBOX[a3 >> 4][a3 & 0x0F]
# 组合回32位
return (b0 << 24) | (b1 << 16) | (b2 << 8) | b3
def rot_word(x: int) -> int:
"""循环左移8位(字节级)"""
return ((x << 8) | (x >> 24)) & 0xFFFFFFFF
def rot_rows(x: int, row: int) -> int:
"""行移位:对32位字内的字节进行循环移位(字节级)"""
# row=0: 不移位, row=1: 左移1字节, row=2: 左移2字节, row=3: 左移3字节
shift = row * 8
return ((x << shift) | (x >> (32 - shift))) & 0xFFFFFFFF
# ==================== 核心操作 ====================
def add_round_key(state, w, round_num):
"""轮密钥加"""
for i in range(4):
state[i] ^= w[4 * round_num + i]
def sub_bytes(state):
"""字节替换"""
for i in range(4):
state[i] = sub_word(state[i])
def shift_rows(state):
"""行移位(列主序存储)"""
# 从列主序中提取每一行的四个字节
# 第0行: 各列的最高字节 (state[0]>>24, state[1]>>24, state[2]>>24, state[3]>>24)
# 第1行: 各列的第二字节 (state[0]>>16 & 0xFF, ...)
# 第2行: 各列的第三字节
# 第3行: 各列的最低字节
rows = [
[(state[i] >> 24) & 0xFF for i in range(4)],
[(state[i] >> 16) & 0xFF for i in range(4)],
[(state[i] >> 8) & 0xFF for i in range(4)],
[state[i] & 0xFF for i in range(4)]
]
# 对每一行进行循环左移(行号即偏移量)
for r in range(4):
rows[r] = rows[r][r:] + rows[r][:r]
# 重新组装为列主序
for i in range(4):
state[i] = (rows[0][i] << 24) | (rows[1][i] << 16) | (rows[2][i] << 8) | rows[3][i]
def gf_mul2(x: int) -> int:
"""GF(2^8)中乘以2"""
if (x & 0x80) == 0:
return (x << 1) & 0xFF
else:
return ((x << 1) ^ 0x1B) & 0xFF
def gf_mul3(x: int) -> int:
"""GF(2^8)中乘以3"""
return (x ^ gf_mul2(x)) & 0xFF
def mix_columns(state):
"""列混淆"""
for i in range(4):
# 取该列四个字节
a0 = (state[i] >> 24) & 0xFF
a1 = (state[i] >> 16) & 0xFF
a2 = (state[i] >> 8) & 0xFF
a3 = state[i] & 0xFF
# 混淆矩阵乘法
b0 = gf_mul2(a0) ^ gf_mul3(a1) ^ a2 ^ a3
b1 = a0 ^ gf_mul2(a1) ^ gf_mul3(a2) ^ a3
b2 = a0 ^ a1 ^ gf_mul2(a2) ^ gf_mul3(a3)
b3 = gf_mul3(a0) ^ a1 ^ a2 ^ gf_mul2(a3)
# 写回
state[i] = (b0 << 24) | (b1 << 16) | (b2 << 8) | b3
def key_expansion(key, Nk, Nr):
"""密钥扩展"""
w = [0] * (4 * (Nr + 1))
# 复制初始密钥
for i in range(Nk):
w[i] = key[i]
# 生成后续密钥
for i in range(Nk, 4 * (Nr + 1)):
temp = w[i - 1]
if i % Nk == 0:
temp = sub_word(rot_word(temp)) ^ RCON[i // Nk - 1]
elif Nk > 6 and i % Nk == 4:
temp = sub_word(temp)
w[i] = w[i - Nk] ^ temp
return w
# ==================== 加密主流程 ====================
def aes_encrypt(plain, key, Nr=10, Nk=4):
"""
执行AES-128加密
plain: 4个32位整数的列表,表示明文(列主序)
key: 4个32位整数的列表,表示密钥
"""
# 密钥扩展
w = key_expansion(key, Nk, Nr)
# 初始轮密钥加
state = plain[:]
add_round_key(state, w, 0)
# 前Nr-1轮
for rnd in range(1, Nr):
sub_bytes(state)
shift_rows(state)
mix_columns(state)
add_round_key(state, w, rnd)
# 最后一轮(无列混淆)
sub_bytes(state)
shift_rows(state)
add_round_key(state, w, Nr)
return state
# ==================== 主程序(与C代码输出完全一致) ====================
def main():
# 测试向量(与C代码相同)
plain = [0x3243f6a8, 0x885a308d, 0x313198a2, 0xe0370734]
key = [0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c]
Nk = 4
Nr = 10
# 密钥扩展
w = key_expansion(key, Nk, Nr)
# 初始轮
state = plain[:]
print("Round 0:")
add_round_key(state, w, 0)
print(f"Round 0 Encrypted Output: {state[0]:08x} {state[1]:08x} {state[2]:08x} {state[3]:08x}")
# 第1轮到第Nr轮(最后一轮)
for rnd in range(1, Nr + 1):
print(f"Round {rnd}:")
sub_bytes(state)
print(f"After SubBytes: {state[0]:08x} {state[1]:08x} {state[2]:08x} {state[3]:08x}")
shift_rows(state)
print(f"After ShiftRows: {state[0]:08x} {state[1]:08x} {state[2]:08x} {state[3]:08x}")
# 最后一轮没有 MixColumns
if rnd != Nr:
mix_columns(state)
print(f"After MixColumns: {state[0]:08x} {state[1]:08x} {state[2]:08x} {state[3]:08x}")
add_round_key(state, w, rnd)
print(f"After AddRoundKey: {state[0]:08x} {state[1]:08x} {state[2]:08x} {state[3]:08x}")
print(f"The encrypted output is: {state[0]:08x} {state[1]:08x} {state[2]:08x} {state[3]:08x}")
if __name__ == "__main__":
main()
最后的运行结果:
Round 0:
Round 0 Encrypted Output: 193de3be a0f4e22b 9ac68d2a e9f84808
Round 1:
After SubBytes: d42711ae e0bf98f1 b8b45de5 1e415230
After ShiftRows: d4bf5d30 e0b452ae b84111f1 1e2798e5
After MixColumns: 046681e5 e0cb199a 48f8d37a 2806264c
After AddRoundKey: a49c7ff2 689f352b 6b5bea43 026a5049
Round 2:
After SubBytes: 49ded289 45db96f1 7f39871a 7702533b
After ShiftRows: 49db873b 45395389 7f02d2f1 77de961a
After MixColumns: 584dcaf1 1b4b5aac dbe7caa8 1b6bb0e5
After AddRoundKey: aa8f5f03 61dde3ef 82d24ad2 6832469a
Round 3:
After SubBytes: ac73cf7b efc111df 13b5d6b5 45235ab8
After ShiftRows: acc1d6b8 efb55a7b 1323cfdf 457311b5
After MixColumns: 75ec0993 200b6333 53c0cf7c bb25d0dc
After AddRoundKey: 486c4eee 671d9d0d 4de3b138 d65f58e7
Round 4:
After SubBytes: 52502f28 85a45ed7 e311c807 f6cf6a94
After ShiftRows: 52a4c894 85116a28 e3cf2fd7 f6505e07
After MixColumns: 0fd6daa9 603138bf 6fc0106b 5eb31301
After AddRoundKey: e0927fe8 c86363c0 d9b13550 85b8be01
Round 5:
After SubBytes: e14fd29b e8fbfbba 35c89653 976cae7c
After ShiftRows: e1fb967c e8c8ae9b 356cd2ba 974ffb53
After MixColumns: 25d1a9ad bd11d168 b63a338e 4c4cc0b0
After AddRoundKey: f1006f55 c1924cef 7cc88b32 5db5d50c
Round 6:
After SubBytes: a163a8fc 784f29df 10e83d23 4cd503fe
After ShiftRows: a14f3dfe 78e803fc 10d5a8df 4c632923
After MixColumns: 4b868d6d 2c4a8980 339df4e8 37d218d8
After AddRoundKey: 260e2e17 3d41b77d e86472a9 fdd28b25
Round 7:
After SubBytes: f7ab31f0 2783a9ff 9b4340d3 54b53d3f
After ShiftRows: f783403f 27433df0 9bb531ff 54aba9d3
After MixColumns: 1415b5bf 461615ec 274656d7 342ad843
After AddRoundKey: 5a4142b1 1949dc1f a3e01965 7a8c040c
Round 8:
After SubBytes: be832cc8 d43b86c0 0ae1d44d da64f2fe
After ShiftRows: be3bd4fe d4e1f2c8 0a642cc0 da83864d
After MixColumns: 00512fd1 b1c889ff 54766dcd fa1b99ea
After AddRoundKey: ea835cf0 0445332d 655d98ad 8596b0c5
Round 9:
After SubBytes: 87ec4a8c f26ec3d8 4d4c4695 9790e7a6
After ShiftRows: 876e46a6 f24ce78c 4d904ad8 97ecc395
After MixColumns: 473794ed 40d4e4a5 a3703aa6 4c9f42bc
After AddRoundKey: eb40f21e 592e3884 8ba113e7 1bc342d2
Round 10:
After SubBytes: e9098972 cb31075f 3d327d94 af2e2cb5
After ShiftRows: e9317db5 cb322c72 3d2e895f af090794
After AddRoundKey: 3925841d 02dc09fb dc118597 196a0b32
The encrypted output is: 3925841d 02dc09fb dc118597 196a0b32
最后提醒各位读者如果想了解AES算法的实现细节,可以参考以下链接。或者自行到知乎了解相关原理。
参考文献:Advanced Encryption Standard (AES) - GeeksforGeeks
代码生成图片推荐,浏览器搜索Carbon。
上一篇:Qt表格入门(优化篇)
下一篇:没有了
关注微信