區塊鏈教程區塊鏈背後的信息安全2DES、3DES加密算法原理二
阿新 • • 發佈:2018-11-09
sci lang 實現 單獨 enc row ret ini 一次 Feistel輪函數
每次Feistel輪函數內部,均經過4種運算,即:
- 1、擴展置換:右側32位做擴展置換,擴展置換將32位輸入擴展成為48位輸出,使得擴展後輸出數據長度與48位子密鑰等長。
- 2、異或運算:右側32位擴展置換為48位後,與48位子密鑰做異或運算。
- 3、S盒置換:將異或運算後的48位結果,分成8個6位的塊,每塊通過S盒置換產生4位的輸出,8個塊S盒置換後組成32位的輸出。
S盒置換的過程為:6位中取第1位和第6位組成行號,剩余第2、3、4、5位組成列號,從S盒置換表中取出相應行、列的十進制數,並轉化為4位二進制數,即為S盒輸出。 - 4、P盒置換:S盒置換後的32位輸出數據,進行P盒置換,仍然輸出為32位數據。
go標準庫中DES Feistel輪函數代碼如下:
func feistel(right uint32, key uint64) (result uint32) { ????//右側32位擴展置換為48位,並與48位子密鑰做異或運算 ????sBoxLocations := key ^ expandBlock(right) ????var sBoxResult uint32 ????for i := uint8(0); i < 8; i++ { ????????//sBoxLocations>>42、sBoxLocations <<= 6,按每6位分塊 ????????sBoxLocation := uint8(sBoxLocations>>42) & 0x3f ????????sBoxLocations <<= 6 ????????//6位中取第1位和第6位組成行號 ????????row := (sBoxLocation & 0x1) | ((sBoxLocation & 0x20) >> 4) ????????//剩余第2、3、4、5位組成列號 ????????column := (sBoxLocation >> 1) & 0xf ????????//feistelBox包括了S盒置換和P盒置換的實現 ????????sBoxResult ^= feistelBox[i][16*row+column] ????} ????return sBoxResult } var feistelBox [8][64]uint32 //P盒置換 func permuteBlock(src uint64, permutation []uint8) (block uint64) { ????for position, n := range permutation { ????????bit := (src >> n) & 1 ????????block |= bit << uint((len(permutation)-1)-position) ????} ????return } //初始化feistelBox func init() { ????for s := range sBoxes { ????????for i := 0; i < 4; i++ { ????????????for j := 0; j < 16; j++ { ????????????????f := uint64(sBoxes[s][i][j]) << (4 * (7 - uint(s))) ????????????????f = permuteBlock(f, permutationFunction[:]) ????????????????feistelBox[s][16*i+j] = uint32(f) ????????????} ????????} ????} } //代碼位置src/crypto/des/block.go
附go標準庫中使用的擴展置換表和P盒置換表:
//擴展置換表 var expansionFunction = [48]byte{ ????0, 31, 30, 29, 28, 27, 28, 27, ????26, 25, 24, 23, 24, 23, 22, 21, ????20, 19, 20, 19, 18, 17, 16, 15, ????16, 15, 14, 13, 12, 11, 12, 11, ????10, 9, 8, 7, 8, 7, 6, 5, ????4, 3, 4, 3, 2, 1, 0, 31, } //P盒置換表 var permutationFunction = [32]byte{ ????16, 25, 12, 11, 3, 20, 4, 15, ????31, 17, 9, 6, 27, 14, 1, 22, ????30, 24, 8, 18, 0, 5, 29, 23, ????13, 19, 2, 26, 10, 21, 28, 7, } //代碼位置src/crypto/des/const.go
附go標準庫中使用的S盒置換表:
var sBoxes = [8][4][16]uint8{
????// S-box 1
????{
????????{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
????????{0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
????????{4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
????????{15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13},
????},
????// S-box 2
????{
????????{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
????????{3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
????????{0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
????????{13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9},
????},
????// S-box 3
????{
????????{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
????????{13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
????????{13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
????????{1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12},
????},
????// S-box 4
????{
????????{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
????????{13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
????????{10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
????????{3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14},
????},
????// S-box 5
????{
????????{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
????????{14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
????????{4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
????????{11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3},
????},
????// S-box 6
????{
????????{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
????????{10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
????????{9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
????????{4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13},
????},
????// S-box 7
????{
????????{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
????????{13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
????????{1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
????????{6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12},
????},
????// S-box 8
????{
????????{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
????????{1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
????????{7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
????????{2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11},
????},
}
//代碼位置src/crypto/des/const.go
3DES
DES是一個經典的對稱加密算法,但也缺陷明顯,即56位的密鑰安全性不足,已被證實可以在短時間內破解。
為解決此問題,出現了3DES,也稱Triple DES,3DES為DES向AES過渡的加密算法,它使用3條56位的密鑰對數據進行三次加密。
為了兼容普通的DES,3DES並沒有直接使用加密->加密->加密的方式,而是采用了加密->解密->加密的方式。
當三重密鑰均相同時,前兩步相互抵消,相當於僅實現了一次加密,因此可實現對普通DES加密算法的兼容。
3DES解密過程,與加密過程相反,即逆序使用密鑰。
go標準中3DES加密算法的實現如下:
type tripleDESCipher struct {
????cipher1, cipher2, cipher3 desCipher
}
func NewTripleDESCipher(key []byte) (cipher.Block, error) {
????if len(key) != 24 {
????????return nil, KeySizeError(len(key))
????}
????c := new(tripleDESCipher)
????c.cipher1.generateSubkeys(key[:8])
????c.cipher2.generateSubkeys(key[8:16])
????c.cipher3.generateSubkeys(key[16:])
????return c, nil
}
//3DES加密
func (c *tripleDESCipher) Encrypt(dst, src []byte) {
????c.cipher1.Encrypt(dst, src)
????c.cipher2.Decrypt(dst, dst)
????c.cipher3.Encrypt(dst, dst)
}
//3DES解密
func (c *tripleDESCipher) Decrypt(dst, src []byte) {
????c.cipher3.Decrypt(dst, src)
????c.cipher2.Encrypt(dst, dst)
????c.cipher1.Decrypt(dst, dst)
}
//代碼位置src/crypto/des/cipher.go
後記
相比DES,3DES因密鑰長度變長,安全性有所提高,但其處理速度不高。
因此又出現了AES加密算法,AES較於3DES速度更快、安全性更高,後續單獨總結。
感謝關註兄弟連區塊鏈教程分享!
區塊鏈教程區塊鏈背後的信息安全2DES、3DES加密算法原理二