总体结构
各种表
pc_1 = (57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4)
left_shift = (1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1)
pc_2 = (14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32)
E = (32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 )
S1 = ((14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7),
(0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8),
(4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0),
(15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13))
S2 = ((15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10),
(3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5),
(0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15),
(13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9))
S3 = ((10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8),
(13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1),
(13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7),
(1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12))
S4 = ((7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15),
(13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9),
(10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4),
(3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14))
S5 = ((2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9),
(14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6),
(4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14),
(11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3))
S6 = ((12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11),
(10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8),
(9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6),
(4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13))
S7 = ((4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1),
(13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6),
(1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2),
(6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12))
S8 = ((13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7),
(1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2),
(7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8),
(2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11))
S = (S1, S2, S3, S4, S5, S6, S7, S8)
P = (16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25)
IP = (58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7)
inverse_IP = (40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25)
子密钥生成器
先把所有子密钥搞出来:
def key_generation(key):
keys = []
cd = permutation(key, pc_1, 64) # 置换1
c = (cd & 0xfffffff0000000) >> 28 # 左半边
d = cd & 0x0000000fffffff # 右半边
for i in range(16): # 16轮
c = cir_left_shift(c, left_shift[i]) # 左半边循环左移
d = cir_left_shift(d, left_shift[i]) # 右半边循环左移
cd = (c << 28) | d # 再合起来
subkey = permutation(cd, pc_2, 56) # 置换2
keys.append(subkey) # 加入子密钥列表
return keys
其中用到了循环左移:
def cir_left_shift(num, sche):
if sche == 1:
high = (num & 0b1000000000000000000000000000) >> 27
low = (num & 0b0111111111111111111111111111) << 1
elif sche == 2:
high = (num & 0b1100000000000000000000000000) >> 26
low = (num & 0b0011111111111111111111111111) << 2
else:
raise ValueError('can only shift 1 or 2 bit')
return high | low
还有置换,参数:待置换的数p, 置换表perlist, p的比特长度psize比特. 返回置换后结果。这个置换函数之后会多次用到。
def permutation(p, perlist, psize):
li_size = len(perlist)
s = 0
for i in range(li_size):
s |= (((p >> (psize - perlist[i])) & 0b1) << (li_size - 1 - i))
return s
测试一下:
输入:0b0001001100110100010101110111100110011011101111001101111111110001
输出:
K1 = 000110 110000 001011 101111 111111 000111 000001 110010K2 = 011110 011010 111011 011001 110110 111100 100111 100101
K3 = 010101 011111 110010 001010 010000 101100 111110 011001
K4 = 011100 101010 110111 010110 110110 110011 010100 011101
K5 = 011111 001110 110000 000111 111010 110101 001110 101000
K6 = 011000 111010 010100 111110 010100 000111 101100 101111
K7 = 111011 001000 010010 110111 111101 100001 100010 111100
K8 = 111101 111000 101000 111010 110000 010011 101111 111011
K9 = 111000 001101 101111 101011 111011 011110 011110 000001
K10 = 101100 011111 001101 000111 101110 100100 011001 001111
K11 = 001000 010101 111111 010011 110111 101101 001110 000110
K12 = 011101 010111 000111 110101 100101 000110 011111 101001
K13 = 100101 111100 010111 010001 111110 101011 101001 000001
K14 = 010111 110100 001110 110111 111100 101110 011100 111010
K15 = 101111 111001 000110 001101 001111 010011 111100 001010
K16 = 110010 110011 110110 001011 000011 100001 011111 110101
DES
自顶向下,先搭架子:
DES就是IP+Feistel+逆IP,下图左边那部分:
def DES(p, keys, mode): # keys是子密钥的列表,上面子密钥生成器返回的
if mode == 1: # 加密
p1 = permutation(p, IP, 64) # IP置换
p1 = feistel_struct(p1, Func, keys) # Feistel
return permutation(p1, inverse_IP, 64) # IP^-1置换
elif mode == 0:
p1 = permutation(p, IP, 64)
p1 = feistel_struct(p1, Func, tuple(reversed(keys))) # 密钥倒着用
return permutation(p1, inverse_IP, 64)
else:
raise ValueError('illegal mode value')
可以看到,IP置换调用了之前实现过的IP函数。feistel结构还没实现。
Feistel结构
依然是搭架子。Feistel要输入的64比特p,要轮函数F, 要子密钥keys
def feistel_struct(p, F, keys):
lpart = (p & 0xffffffff00000000) >> 32 #左半
rpart = p & 0x00000000ffffffff # 右半
for i in range(16):
tmp = rpart
rpart = F(rpart, keys[i]) ^ lpart # 轮函数作用于右半,并与左半异或
lpart = tmp # 左半
return (rpart << 32) | lpart
最后还剩轮函数F没有实现,下面是实现:
轮函数F
def Func(R, subkey):
R2 = permutation(R, E, 32) ^ subkey # E置换+异或子密钥
r_list = []
out = 0
tool = 0b111111
for i in range(8):
r_list.append((tool & R2) >> (6 * i)) # 分成8块
tool <<= 6
r_list.reverse()
for i in range(8): # S盒
rtop = (r_list[i] & 0b100000) >> 5
col_index = (r_list[i] & 0b011110) >> 1
rtal = (r_list[i] & 0b000001)
line_index = (rtop << 1) | rtal
out = (out << 4) | S[i][line_index][col_index]
return permutation(out, P, 32) #P置换
参考
这里的测试数据更详细,可一步一步走,有一个错误:
明文M是:8787878787878787
密钥K是:0E329232EA6D0D73
上面的信息都是16进制的,转换为2进制
明文M是:0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100
1101 1110 1111密钥K是:00010011 00110100 01010111 01111001 10011011 10111100 11011111
11110001
有问题,16进制和二进制之间不对应,后面实际上是以二进制的M,K为准的。