From c783baceeaf57ef2c5c27a11b6c8d520b5694b89 Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Fri, 5 Dec 2014 20:15:57 +0100 Subject: [PATCH] Initial commit --- aes_fips197_v0.9.4.py | 496 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 496 insertions(+) create mode 100644 aes_fips197_v0.9.4.py diff --git a/aes_fips197_v0.9.4.py b/aes_fips197_v0.9.4.py new file mode 100644 index 0000000..63d6815 --- /dev/null +++ b/aes_fips197_v0.9.4.py @@ -0,0 +1,496 @@ +#!/usr/bin/env python +# ---------------------------------------------------------------------- +# Program: aes_fips197_v0.9.4.py +# Version: 0.9.4 - 2013 January 12 +# Author: Andrey Arapov +# Released on: www.nixaid.com +# Purpose: Learning +# +# Description: +# Advanced Encryption Standard (AES) +# This program is an implementation of a FIPS 197 standard that specifies the Rijndael algorithm, +# a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. +# http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf +# http://csrc.nist.gov/publications/PubsFIPS.html +# +# Interesting fact: +# NSA has subsequently certified AES for protection of classified information (for at most two levels, e.g. SECRET information +# in an unclassified environment) when used in NSA-approved systems. +# http://en.wikipedia.org/wiki/National_Security_Agency#Advanced_Encryption_Standard +# http://www.nsa.gov/ia/programs/suiteb_cryptography/ +# ---------------------------------------------------------------------- +# TODO: 1. Write Rcon, Sbox & InvSbox generators instead of using tables; (Learning purpose) +# 2. Implement several mode of operations http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation +# 3. Find a better implementation of KeyExpansion(), ShiftRows() and MixColumns() +# 4. Implement file encryption +# 5. Implement block device encryption +# 6. Implement argument handling for the file/block device encryption and test cases from the FIPS-197.pdf file +# +# ---------------------------------------------------------------------- + +import sys, traceback + +############################## SubBytes ############################## +# http://en.wikipedia.org/wiki/Rijndael_S-box +Sbox = [ +0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76, +0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0, +0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15, +0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75, +0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84, +0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf, +0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8, +0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2, +0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73, +0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb, +0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79, +0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08, +0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a, +0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e, +0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf, +0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 ] + +InvSbox = [ +0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb, +0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb, +0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e, +0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25, +0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92, +0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84, +0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06, +0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b, +0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73, +0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e, +0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b, +0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4, +0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f, +0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef, +0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, +0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d ] + +def SubBytes(state): + for i in range(IOBlockSize): state[i] = Sbox[state[i]] + return state + +def InvSubBytes(state): + for i in range(IOBlockSize): state[i] = InvSbox[state[i]] + return state + +def SubWord(word): return Sbox[word] + + +############################## ShiftRows ############################## +# state return state +# 0 4 8 12 0 4 8 12 +# 1 5 9 13 13 1 5 9 +# 2 6 10 14 10 14 2 6 +# 3 7 11 15 7 11 15 3 +# +# state before: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 +# state after: 0 13 10 7 4 1 14 11 8 5 2 15 12 9 6 3 + +def ShiftRows(state): + tmp13 = state[13] + state[13] = state[1] + state[1] = state[5] + state[5] = state[9] + state[9] = tmp13 + + tmp15 = state[15] + state[15] = state[11] + state[11] = state[7] + state[7] = state[3] + state[3] = tmp15 + + tmp2 = state[2] + state[2] = state[10] + state[10] = tmp2 + + tmp6 = state[6] + state[6] = state[14] + state[14] = tmp6 + + return state + +def InvShiftRows(state): + tmp = state[13] + state[13] = state[9] + state[9] = state[5] + state[5] = state[1] + state[1] = tmp + + tmp = state[10] + tmp2 = state[14] + state[10] = state[2] + state[14] = state[6] + state[2] = tmp + state[6] = tmp2 + + tmp = state[11] + state[11] = state[15] + state[15] = state[3] + state[3] = state[7] + state[7] = tmp + return state + + +############################## MixColumns ############################## +def MixColumns(state): + block = [] + while len(block) < IOBlockSize: block.append(0) + k = 0 + while k <= IOBlockSize-4: + block[k] = GF(2,state[k])^GF(3,state[k+1])^GF(1,state[k+2])^GF(1,state[k+3]) + block[k+1] = GF(1,state[k])^GF(2,state[k+1])^GF(3,state[k+2])^GF(1,state[k+3]) + block[k+2] = GF(1,state[k])^GF(1,state[k+1])^GF(2,state[k+2])^GF(3,state[k+3]) + block[k+3] = GF(3,state[k])^GF(1,state[k+1])^GF(1,state[k+2])^GF(2,state[k+3]) + k += 4 + return block + +def InvMixColumns(state): + block = [] + while len(block) < IOBlockSize: block.append(0) + k = 0 + while k <= IOBlockSize-4: + block[k] = GF(14,state[k])^GF(11,state[k+1])^GF(13,state[k+2])^GF(9,state[k+3]) + block[k+1] = GF(9,state[k]) ^GF(14,state[k+1])^GF(11,state[k+2])^GF(13,state[k+3]) + block[k+2] = GF(13,state[k])^GF(9,state[k+1]) ^GF(14,state[k+2])^GF(11,state[k+3]) + block[k+3] = GF(11,state[k])^GF(13,state[k+1])^GF(9,state[k+2]) ^GF(14,state[k+3]) + k += 4 + return block + +# Galois multiplication in GF(2^8) of 8 bit characters a and b +def GF(a, b): + r = 0 + for times in range(8): + if (b & 1) == 1: r = r ^ a + if r > 0x100: r = r ^ 0x100 + # keep r 8 bit + hi_bit_set = (a & 0x80) + a = a << 1 + if a > 0x100: + # keep a 8 bit + a = a ^ 0x100 + if hi_bit_set == 0x80: + a = a ^ 0x1b + if a > 0x100: + # keep a 8 bit + a = a ^ 0x100 + b = b >> 1 + if b > 0x100: + # keep b 8 bit + b = b ^ 0x100 + return r + + +############################## AddRoundKey ############################## +def AddRoundKey(state, RoundKey): + for i in range(IOBlockSize): + if i < len(RoundKey): state[i] = state[i] ^ RoundKey[i] + return state + +def NextRoundKey(RoundKeyArray, NextRoundKeyPointer): + NextRoundKey = [] + k = 0 + + while len(NextRoundKey) < IOBlockSize: NextRoundKey.append(0) + for i in range(4): + NextRoundKey[i*4] = RoundKeyArray[NextRoundKeyPointer + k] + NextRoundKey[i*4+1] = RoundKeyArray[NextRoundKeyPointer + k+1] + NextRoundKey[i*4+2] = RoundKeyArray[NextRoundKeyPointer + k+2] + NextRoundKey[i*4+3] = RoundKeyArray[NextRoundKeyPointer + k+3] + k += 4 # next column + return NextRoundKey + + +############################## KEY SCHEDULE ############################## +Rcon = [ + 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, + 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, + 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, + 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, + 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, + 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, + 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, + 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, + 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, + 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, + 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, + 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, + 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, + 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, + 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, + 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, + 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, + 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, + 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, + 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ] + +def getRconValue(num): return Rcon[num] + +# RotWord(aabbccdd) = bbccddaa +# +# Before: +# aa cc +# bb dd +# +# After: +# bb dd +# cc aa +def RotWord(word): + temp = word[0] + for i in range(3): word[i] = word[i+1] + word[3] = temp + return word + +# Nk = 8 for 256-bit key, 6 for 192-bit key, 4 for 128-bit key +# 32/4 = 8, 24/4 = 6, 16/4 = 4 +# expandedKeySize = IOBlockSize*(nbrRounds+1) +# expandedKeySize = Nb(Nr+1) +# Expands 128,192,256 key into an 176,208,240 bytes key +def KeyExpansion(CipherKeyArray, CipherKeySize, expandedKeySize): + i = 0 + rconIteration = 1 + w = [0,0,0,0] + + expandedKey = [] + while len(expandedKey) < expandedKeySize: expandedKey.append(0) + + for j in range(CipherKeySize): expandedKey[j] = CipherKeyArray[j] + + i += CipherKeySize + while i < expandedKeySize: + for k in range(4): w[k] = expandedKey[(i - 4) + k] + + # Every 16,24,32 bytes + if i % CipherKeySize == 0: + w = RotWord(w) + for r in range(4): w[r] = SubWord(w[r]) + w[0] = w[0] ^ getRconValue(rconIteration) + rconIteration += 1 + + # For 256-bit keys, we add an extra Sbox to the calculation + if CipherKeySize == 256/8 and (i % CipherKeySize) == IOBlockSize: + for e in range(4): w[e] = SubWord(w[e]) + + for m in range(4): + expandedKey[i] = expandedKey[i - CipherKeySize] ^ w[m] + i += 1 + + return expandedKey + + + +############################## Cipher ############################## +def AESCipher(PlaintextArray, CipherKeyArray, CipherKeySize): + if CipherKeySize == 128/8: nbrRounds = 10 + elif CipherKeySize == 192/8: nbrRounds = 12 + elif CipherKeySize == 256/8: nbrRounds = 14 + + state = [] + while len(state) < CipherKeySize: state.append(0) + for i in range(CipherKeySize): + if i < len(PlaintextArray): state[i] = PlaintextArray[i] + + RoundKeyArraySize = IOBlockSize*(nbrRounds+1) + RoundKeyArray = KeyExpansion(CipherKeyArray, CipherKeySize, RoundKeyArraySize) + + state = AddRoundKey(state, CipherKeyArray) + + i=0 + while i < nbrRounds: + i += 1 + state = SubBytes(state) + state = ShiftRows(state) + if i < nbrRounds: state = MixColumns(state) # Do not MixColumns in the last Round. + state = AddRoundKey(state, NextRoundKey(RoundKeyArray, IOBlockSize*i)) + + return state + + +############################## Decipher ############################## +def AESInverseCipher(PlaintextArray, CipherKeyArray, CipherKeySize): + if CipherKeySize == 128/8: nbrRounds = 10 + elif CipherKeySize == 192/8: nbrRounds = 12 + elif CipherKeySize == 256/8: nbrRounds = 14 + + state = [] + while len(state) < CipherKeySize: state.append(0) + for i in range(CipherKeySize): + if i < len(PlaintextArray): state[i] = PlaintextArray[i] + + RoundKeyArraySize = IOBlockSize*(nbrRounds+1) + RoundKeyArray = KeyExpansion(CipherKeyArray, CipherKeySize, RoundKeyArraySize) + + state = AddRoundKey(state, NextRoundKey(RoundKeyArray, IOBlockSize*nbrRounds)) + + i = nbrRounds + while i > 0: + i -= 1 + state = InvShiftRows(state) + state = InvSubBytes(state) + state = AddRoundKey(state, NextRoundKey(RoundKeyArray, IOBlockSize*i)) + if i > 0: state = InvMixColumns(state) # Do not InvMixColumns in the last Round + + return state + + + +# ========================= MAIN ============================= +def PrintBox(arr, len): + n = 0 + m = 0 + while n<4: + while m <= len-4: + print '%0.2X' % arr[n+m], + m += 4 + print "\t" + m = 0 + n += 1 + +def PrintBoxInv(arr, len): + for i in range(len): + if i%4 != 3: + print '%0.2X' % arr[i], + else: + print '%0.2X' % arr[i] + + +isKeyExpansionTEST = 0 # Test Cases from "Appendix A - Key Expansion Examples", page 27-32 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf +isCipherExampleTEST = 1 # Test Cases from "Appendix B - Cipher Example", pages 33-34 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf +isExampleVectorTEST = 0 # Test Cases from "Appendix C - Example Vectors", page 35-46 http://csrc.nist.gov/publications/fips/fips197/fips-197.pd + +isStringMode = 0 # Print Input & Output in String mode + +# Global structure of input block sizes +IOBlockSize = 16 # 128-bit input + + +def main(): +# CipherKeySize = 128/8 +# CipherKeySize = 192/8 + CipherKeySize = 256/8 + + try: + + print "\n=============== START ===================\n" + PlaintextString = "secret message!" + CipherKeyString = "password is here" + + PlaintextArray = [] + CipherKeyArray = [] + while len(PlaintextArray) < IOBlockSize: PlaintextArray.append(0) + while len(CipherKeyArray) < CipherKeySize: CipherKeyArray.append(0) + + for i in range(len(list(PlaintextString))): PlaintextArray[i] = int(list(PlaintextString)[i].encode("hex"), 16) # 16 stands for HEX + for i in range(len(list(CipherKeyString))): CipherKeyArray[i] = int(list(CipherKeyString)[i].encode("hex"), 16) # 16 stands for HEX + + + if isKeyExpansionTEST: + print "Appendix A - Key Expansion Examples" + PlaintextArray = [0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff] + + if CipherKeySize == 128/8: + CipherKeyArray = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c] # 128-bit Cipher Key + print "A.1 Expansion of a 128-bit Cipher Key" + if CipherKeySize == 192/8: + CipherKeyArray = [0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b] # 192-bit Cipher Key + print "A.2 Expansion of a 192-bit Cipher Key" + if CipherKeySize == 256/8: + CipherKeyArray = [0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4] # 256-bit Cipher Key + print "A.3 Expansion of a 256-bit Cipher Key" + print "" + + if isCipherExampleTEST: + # Test Case from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf "Appendix B - Cipher Example", pages 33-34 + # PlaintextArray: 3243f6a8885a308d313198a2e0370734 + # CipherKeyArray: 2b7e151628aed2a6abf7158809cf4f3c + # CiphertextArray: 3925841d02dc09fbdc118597196a0b32 + + print "Appendix B - Cipher Example" + print "Cipher output should be: 3925841d02dc09fbdc118597196a0b32\n" + + print "Note: Cipher Example TEST works only with 128-bit key size\n" + CipherKeySize = 128/8 + + PlaintextArray = [0x32,0x43,0xf6,0xa8,0x88,0x5a,0x30,0x8d,0x31,0x31,0x98,0xa2,0xe0,0x37,0x07,0x34] + CipherKeyArray = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c] + + if isExampleVectorTEST: + # Test Cases from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf "Appendix C - Example Vectors", page 35-46 + # C.1 AES-128 (Nk=4, Nr=10) + # PLAINTEXT: 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff + # KEY: 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + # CIPHER: 69c4e0d86a7b0430d8cdb78070b4c55a + + # C.2 AES-192 (Nk=6, Nr=12) + # PLAINTEXT: 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff + # KEY: 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 + # CIPHER: dda97ca4864cdfe06eaf70a0ec0d7191 + + # C.3 AES-256 (Nk=8, Nr=14) + # PLAINTEXT: 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff + # KEY: 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f + # CIPHER: 8ea2b7ca516745bfeafc49904b496089 + + print "Appendix C - Example Vectors" + PlaintextArray = [0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff] + + if CipherKeySize == 128/8: + CipherKeyArray = [0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f] # 128-bit Cipher Key + print "C.1 AES-128 (Nk=4, Nr=10). Cipher result should be: 69c4e0d86a7b0430d8cdb78070b4c55a" + if CipherKeySize == 192/8: + CipherKeyArray=[0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17] # 192-bit Cipher Key + print "C.2 AES-192 (Nk=6, Nr=12). Cipher result should be: dda97ca4864cdfe06eaf70a0ec0d7191" + if CipherKeySize == 256/8: + CipherKeyArray = [0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f] # 256-bit Cipher Key + print "C.3 AES-256 (Nk=8, Nr=14). Cipher result should be: 8ea2b7ca516745bfeafc49904b496089" + + print "" + + + print "IOBlockSize:", IOBlockSize, "* NEVER CHANGING" + print "CipherKeySize:", CipherKeySize*8, "bits" + print "\n=============== INPUTS ===================\n" + print "PlaintextArray:" + PrintBox(PlaintextArray, IOBlockSize) + if isStringMode: + print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in PlaintextArray),"\n<<<" + + print "\nCipherKeyArray:" + PrintBox(CipherKeyArray, CipherKeySize) + if isStringMode: + print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in CipherKeyArray),"\n<<<" + + print "\n=============== OUTPUTS ==================\n" + CiphertextArray = AESCipher(PlaintextArray, CipherKeyArray, CipherKeySize) + print "AESCipher() CiphertextArray:" + PrintBox(CiphertextArray, IOBlockSize) + + if isStringMode: + print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in CiphertextArray),"\n<<<" + + + + print "\nAESInverseCipher() DecipheredtextArray:" + DecipheredtextArray = AESInverseCipher(CiphertextArray, CipherKeyArray, CipherKeySize) + PrintBox(DecipheredtextArray, IOBlockSize) + + if isStringMode: + print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in DecipheredtextArray),"\n<<<" + + print "\n=============== END ===================\n" + + + except KeyboardInterrupt: + print "Shutdown requested... exiting" + return 1 + except Exception: + traceback.print_exc(file=sys.stdout) + return 2 + + return 0 + + +if __name__ == "__main__": + sys.exit(main())