加密演算法學習總結---DES-CBC加密演算法
DES-CBC機密演算法
DES全稱為Data Encryption Standard,即資料加密標準,是一種使用金鑰加密的塊演算法,1977年被美國聯邦政府的國家標準局確定為聯邦資料處理標準(FIPS),並授權在非密級政府通訊中使用,隨後該演算法在國際上廣泛流傳開來。
一.核心原理原理XOR
DES的核心原理是基於XOR數學運算。我們知道異或運算的一個基本性質 A XOR B = C ;C XOR B =A。這個特性和加解密過程非常相似 A用祕鑰B加密加密得到C ,C用祕鑰B解密得到A。
二.DES的兩重迭代
DES是基於資料塊的加密。它將待加密資料以64bit為單位拆分為若干資料塊。然後再進行兩重迭代:
外層迭代是資料塊之間的迭代,迭代的方式有ECB、CBC等,本文重點介紹CBC。
內層迭代是通過Feistel網路來實現。
2.1CBC迭代
基於CBC的資料塊的加密和解密迭代過程如上圖所示,每一個數據塊的加密和解密過程都依賴上一個資料塊。一旦有一個數據塊出現錯誤將會出現“雪崩效應”。
2.2Feistel網路
如上圖所示Feistel網路實現對於單個數據塊的加密。Feistel迭代開始前將64bit資料塊拆分為左右32比bit,然後進行如上圖所示的迭代過程,總共迭代16次。每一次迭代的子金鑰是不同的。每次迭代過程都是對右半部分資料塊採用輪函式處理(加密)。所以這裡涉及到兩個問題:1.子金鑰如何產生,2.輪函式如何實現
2.2.1子金鑰的生成
子金鑰的生成如上圖所示,使用者輸入的是64bit的金鑰(8個字元)首先做一次ip置換將64bit的金鑰置換為56bit的金鑰。56bit的金鑰再進行一次PC-1置換後拆分為左右28bit的金鑰。進行16輪迭代,產生16個子金鑰。每次迭代將左右28bit金鑰做左移1位的運算,然後再進行 PC-2的置換,組合再一起後得到ki。
2.2.1子輪函式的實現
輪函式的實現主要是進行了 ebox的置換處理和sbox的置換處理:
1. ebox 將32bit 的R block 通過擴充套件置換為48bit的R block,然後與當前迭代的子金鑰Ki做XOR 運算,最後拆分為6*8的矩陣。
2. sbox 取 R block每一行的6個bit做運算,得到 sbox的座標,取到sbox的值後做位移運算得到加密後的新的R block的行,迭代8此後得到最後的加密結果。
總體來說子金鑰的生成的實現邏輯和輪函式的實現邏輯較為複雜具體可以參考我的程式碼實現。
三.程式碼實現:
Demo版的實現參考了pyDES庫,把裡面的實現做了一下邏輯抽離等重構操作。只實現了DES-CBC
from re import findall
"""
DES-CBC演算法 的DEMO
coding by liuwei 2018.3.23
"""
class DES:
# Permutation and translation tables for DES
__pc1 = [
56, 48, 40, 32, 24, 16, 8,
0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26,
18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14,
6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28,
20, 12, 4, 27, 19, 11, 3
]
# number left rotations of pc1
__left_rotations = [
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
]
# permuted choice key (table 2)
__pc2 = [
13, 16, 10, 23, 0, 4,
2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7,
15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54,
29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52,
45, 41, 49, 35, 28, 31
]
# initial permutation IP
__ip = [57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
56, 48, 40, 32, 24, 16, 8, 0,
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6
]
# Expansion table for turning 32 bit blocks into 48 bits
__expansion_table = [
31, 0, 1, 2, 3, 4,
3, 4, 5, 6, 7, 8,
7, 8, 9, 10, 11, 12,
11, 12, 13, 14, 15, 16,
15, 16, 17, 18, 19, 20,
19, 20, 21, 22, 23, 24,
23, 24, 25, 26, 27, 28,
27, 28, 29, 30, 31, 0
]
# The (in)famous S-boxes
__sbox = [
# S1
[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13],
# S2
[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9],
# S3
[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12],
# S4
[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14],
# S5
[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3],
# S6
[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13],
# S7
[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12],
# S8
[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11],
]
# 32-bit permutation function P used on the output of the S-boxes
__p = [
15, 6, 19, 20, 28, 11,
27, 16, 0, 14, 22, 25,
4, 17, 30, 9, 1, 7,
23, 13, 31, 26, 2, 8,
18, 12, 29, 5, 21, 10,
3, 24
]
# final permutation IP^-1
__fp = [
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25,
32, 0, 40, 8, 48, 16, 56, 24
]
__inter_round = range(16)
def __init__(self, key, iter_mod, IV, pad='\0', ):
# 64bit字串key,轉換為56bit key
self.__key = self.__permutate(self.__pc1, string_to_bit_lst(key))
self.__pad = pad
self.__iter_mod = iter_mod
self.__IV = IV
# 每個block做16輪迭代,為沒輪迭代建立SubKey
self.Kn = self.__create_sub_keys()
def __create_sub_keys(self):
"""56bit key 轉 16個48bit sub key"""
# 初始化subkey,16輪迭代16個48bit的subkey
Kn = [[0] * 48] * len(self.__inter_round)
# 56bit key分割作為左右兩半
L = self.__key[:28]
R = self.__key[28:]
# 迴圈左移,每次迭代迴圈左移的次數不一樣,由 __left_rotations決定
for round in self.__inter_round:
# 執行迴圈左移,移動的次數為 __left_rotations[round]
# 迴圈左移即不斷把佇列頭的元素往對了尾上放
for _ in range(self.__left_rotations[round]):
L.append(L.pop(0))
R.append(R.pop(0))
# 56 Bit key to 48 Bit Subkey
Kn[round] = self.__permutate(self.__pc2, L + R)
return Kn
def encrpyt(self, data):
iv = string_to_bit_lst(self.__IV)
if self.__iter_mod == 'CBC':
return CBC.encrypt_iter(self._encrypt_a_block, self.__data_add_pading(data), iv)
def decrypt(self, data):
iv = string_to_bit_lst(self.__IV)
if self.__iter_mod == 'CBC':
return self.__data_rm_pading(CBC.decrypt_iter(self._decrypt_a_block, data, iv))
def _encrypt_a_block(self, block):
"""加密一個block"""
return self.__crypt_a_block(self.__inter_round, block)
def _decrypt_a_block(self, block):
"""解密一個block即加密一個block的反向過程"""
return self.__crypt_a_block(reversed(self.__inter_round), block)
def __crypt_a_block(self, iter_round, block):
"""
Feistel 網路的迭代過程
"""
# 初始置換
block = self.__permutate(self.__ip, block)
self.L = block[:32]
self.R = block[32:]
# 標準的DES演算法迭代16輪
for round in iter_round:
# 右半block 做一個Copy直接作為下次迭代左半block
R_copy = self.R[:]
# Feistel 網路的輪函式處理
self.__round_function(round, self.Kn)
# 輪函式處理過的右半Block與左半Block做xor運算得到下次迭代的右半Block
self.R = self.__xor_left_right_block(self.R, self.L)
self.L = R_copy
return self.__permutate(self.__fp, self.R + self.L)
def __round_function(self, round, Kn):
# eBox置換
R_arry = self.__e_box_handle(round, Kn, self.R)
# sBox置換
self.R = self.__s_box_handle(R_arry)
def __xor_left_right_block(self, R, L):
return list(map(lambda x, y: x ^ y, R, L))
def __e_box_handle(self, round, Kn, R):
# 32bit R Block 擴充套件為轉換為48Bit Block
self.R = self.__permutate(self.__expansion_table, R)
# 取當且迭代的sub key 與48Bit R Block做異或運算
self.R = list(map(lambda x, y: x ^ y, self.R, Kn[round]))
# 將48Bit R block轉換為 6*8矩陣
return [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42],
self.R[42:]]
def __s_box_handle(self, arry):
block = [0] * 32
pos = 0
for j in range(8):
# 取6*8 R block 矩陣的每一行做如下操作 得到sbox 列座標,
m = (arry[j][0] << 1) + arry[j][5]
n = (arry[j][1] << 3) + (arry[j][2] << 2) + (arry[j][3] << 1) + arry[j][4]
# 得到當前迭代sbox的value
v = self.__sbox[j][(m << 4) + n]
# 通過sbox當前迭代的value得到新的32bit R block
block[pos] = (v & 8) >> 3
block[pos + 1] = (v & 4) >> 2
block[pos + 2] = (v & 2) >> 1
block[pos + 3] = v & 1
pos += 4
# Permutate the concatination of B[1] to B[8] (Bn)
R = self.__permutate(self.__p, block)
return R
def __permutate(self, table, block):
"""Permutate this block with the specified table"""
return list(map(lambda x: block[x], table))
def __data_add_pading(self, data):
# 填滿8的整數倍
pad_len = 8 - (len(data) % 8) if (len(data) % 8) != 0 else 0
data += self.__pad * pad_len
return data
def __data_rm_pading(self, data):
return data[:-8].decode() + data[-8:].decode().rstrip(self.__pad)
class CBC:
@staticmethod
def encrypt_iter(block_encrypt_method, data, iv):
result = []
# 加密迭代過程是先xor,後加密
for block in findall(r'.{8}', data):
block = string_to_bit_lst(block)
block = list(map(lambda x, y: x ^ y, block, iv))
encrypted_block = block_encrypt_method(block)
iv = encrypted_block
result.append(bit_lst_to_string(encrypted_block))
return bytes.fromhex('').join(result)
@staticmethod
def decrypt_iter(block_decrypt_method, data, iv):
result = []
# 解密迭代過程是先解密,後xor
for i in range(0, len(data), 8):
block = string_to_bit_lst(data[i:i + 8])
decrypted_block = block_decrypt_method(block)
decrypted_block = list(map(lambda x, y: x ^ y, decrypted_block, iv))
iv = block
result.append(bit_lst_to_string(decrypted_block))
return bytes.fromhex('').join(result)
# 這兩個工具函式,直接copy pyDes庫的,先不考慮cleanCode
def string_to_bit_lst(data):
"""Turn the string data, into a list of bits (1, 0)'s"""
if isinstance(data, str):
data = [ord(c) for c in data]
l = len(data) * 8
result = [0] * l
pos = 0
for ch in data:
i = 7
while i >= 0:
if ch & (1 << i) != 0:
result[pos] = 1
else:
result[pos] = 0
pos += 1
i -= 1
return result
def bit_lst_to_string(data):
"""Turn the list of bits -> data, into a string"""
result = []
pos = 0
c = 0
while pos < len(data):
c += data[pos] << (7 - (pos % 8))
if (pos % 8) == 7:
result.append(c)
c = 0
pos += 1
return bytes(result)