. , , ,

,,,

Crypton — ,

, XX , XXI . . , .

. , . , , , [1] . , , , . .

[2]. , . , , , .. , , , .

.

, , .

rypton, .

:

- Crypton.

- Crypton.

- Crypton.

rypton .

" " Crypton, - (). , , , .


1.

1.1

. () .

, , , . ,

Z=EnCrypt(X,Key) X=DeCrypt(Z,Key)[3]

Key . (X) (Z) , , .

, [4]. . , , , . .

[5], [6]. , , , . 1/2 , N 2N-1 . , . , , 1 1 , 128 1021 . , , , , .

, . , , . , . , , . , .

, Z=EnCrypt(X,Key) :

- EnCrypt .

- X Z, Key.

- Key X Z, .

, . , , , , . , , 32- 0..4'294'967'295. , , " ", ( 32- 2 0..65535 4 0..255). 1.1 ( ):

V :

- (, X'=X+125)

- , (, X'=X+F(Key))

- , (, X2'=X2+F(X1))


1.1 .

, (. Feistel).

, V F "-" . (1999 ) . - , , ( ) .

. . , , () . , . X Key.

( ), , , Vi(Key) , . , . , , . (. caching) . (. key scheduling)


1.2

1.2.1 Rijndael

, [7],[8]. : 8- 64-, , , , , 32 ( ). / , , .

[9],[10], Rijndael .

Rijndael , . 128, 192 256 .

, (State).

. 4 , Nb , 32.

. Nk , 32. 1.4.

1.4. (Nb=6) (Nk=4).

4- . 4 , ( ) 1.4 [11].

(" ", ECB) a0,0, a1,0, a3,0, a0,1, a1,1, a3,1 ,a4,1 ... .

Nr Nb Nk. 1.2

1.2 (Nr) .


. - :

Round (State, RoundKey)

{

ByteSub(State); //

ShiftRow(State); //

MixColumn(State); //

AddRoundKey(State, RoundKey); //

}

. :

FinalRound(State, RoundKey)

{

ByteSub(State); //

ShiftRow(State); //

AddRoundKey(State, RoundKey); //

}

, "" - Round, ByteSub .. , (.. State, RoundKey) .

, . .

ByteSub , . ( S-) :

1. - GF(28), '00' .

2. ( GF(2)), :

. 1.3.

S- ByteSub(State). 1.5 ByteSub .

1.5 ByteSub .

3 . 1 1 , 2 - 2 3 - 3 . 1, 2 3 Nb. 1.4.


1.4. .

3 ShiftRow(State). 1.5 .

1.5 ShiftRow .

(MixColumn) GF(28) x4+1 c(x), :

c(x)='03' x3 + '01' x2 + '01' x + '02'(1.8)

. b(x)=c(x)a(x),

. 1.6


MixColumn(State). 1.7 MixColumn .

1.7 MixColumn .

EXOR. (key schedule). Nb.

, EXOR , AddRoundKey(State, RoundKey). 1.8.

1.8.

EXOR .

. : (Key Expansion) (Round Key Selection).

:

- , 1 (, 128 10 1408 ).

- (Expanded Key).

- : Nb , - Nb ..

4- W[Nb*(Nr+1)]. Nk .

. Nk: Nk 6 Nk 6.

Nk<6 Nk=6 :

KeyExpansion(CipherKey,W)

{

for (i = 0; i < Nk; i++) W[i] = CipherKey[i];

for (j = Nk; j < Nb*(Nk+1); j+=Nk)

{

W[j] = W[j-Nk] ^ SubByte( Rotl( W[j-1] ) ) ^ Rcon[j/Nk];

for (i = 1; i < Nk && i+j < Nb*(Nr+1); i++)

W[i+j] = W[i+j-Nk] ^ W[i+j-1];

}

}


, Nk . W[i] EXOR W[i-1] Nk W[i-Nk]. , Nk, EXOR W[i-1], . , Rotl, SubByte - .

Nk>6 :

KeyExpansion(CipherKey,W)

{

for (i=0; i<Nk; i++) W[i]=CipherKey[i];

for (j=Nk; j<Nb*(Nk+1); j+=Nk)

{

W[j] = W[j-Nk] ^ SubByte(Rotl(W[j-1])) ^ Rcon[j/Nk];

for (i=1; i<4; i++) W[i+j] = W[i+j-Nk] ^ W[i+j-1];

W[j+4] = W[j+4-Nk] ^ SubByte(W[j+3]);

for (i=5; i<Nk; i++) W[i+j] = W[i+j-Nk] ^ W[i+j-1];

}

}

Nk>6 SubByte 4- Nk.

Nk :

Rcon[i] = ( RC[i], '00' , '00' , '00' ),


RC[0]='01', RC[i]=xtime(Rcon[i-1])

i- W[Nb*i] W[Nb(i+1)]. 1.9

1.9 Nb=6 Nk=4.

W[Nb*(Nr+1)]. , , Nk . Rijndael :

- ;

- Nr-1 ;

- .

- :

Rijndael (State, CipherKey)

{

KeyExpansion(CipherKey, ExpandedKey); //

AddRoundKey(State, ExpandedKey); //

For ( i=1 ; i<Nr ; i++) Round(State,ExpandedKey+Nb*i); //

FinalRound(State, ExpandedKey+Nb*Nr); //

}


, Rijndael :

Rijndael (State, CipherKey)

{

AddRoundKey(State, ExpandedKey);

For ( i=1 ; i<Nr ; i++) Round(State,ExpandedKey+Nb*i);

FinalRound(State, ExpandedKey+Nb*Nr);

}

. .

1.2.2 DEAL

DEAL (Data Encryption Algorithm with Larger blocks - ) 128- 128, 192 256 , DEAL-128, DEAL-192 DEAL-256 [12]. DES'a. DEAL ECB. = () DES 64- , Y = EAZ(X) DEAL 128- X Z. Pi 128 , P = P1, P2, , n. r DES RKi, i = 1, , r, . XL XR X . - . X0L = PiL, X0R = iR j= 1, ,r


XjL=ERKj(XLj-1) XRj-1 (1.9)

XRj = XLj-1(1.10)

1.10: DEAL.

Ci =XrL ||XrR. . 1.10 DEAL. DEAL-128 DEAL-192 6 , . . r = 6. , , DEAL-256, 8 , r = 8. , 256 .

, DEAL [13]. : - i i-oro , i + 1- ( Ci  Pi+l) . . . Ci . , , 6- 8- . , DES CBC. , , DES 16 . , ECB [14].

, 128 P1, P2, , Pn Ci, 2, , , - -. :

i = EAK(Ci-l Pi),(1.11)

0 - .

DES IP , - IP-1. DEAL, DES . , DEAL, IP , a IP-1 - -.

s DES, Ki, , , Ks, s = 2, 3, 4, 64 ( 8 , ), r DES, RKj. , . - s r , . DES'om CBC . - RKi. , = 0x1234 5678 90ab cdefx ( ) - DES. DEAL-128 :

RK1 = EK (1),

RK2 = EK (2  RK1),

RK3=EK(Kl (1) RK2),

RK4 = EK(2  (2) RK3),

RK5 =Ek(ki (4) RK4),

RK6 =Ek(k2 (8) RK5),(1.12)

(i) - 64- , i - 1- ( 0) , . , (1) "0x8000 0000 0000 0000".

DEAL-192 :

RK1 = EK (1),

RK2 = EK (2 RK1),

RK3=EK(K3 RK2),

RK4 =Ek(ki (1) RK3),

RK5 =Ek(k2 (2) RK4),

RK6 =(3  (4) RK5).(1.13)

6 DES 6 DES . , .

DEAL-256 :

RK1 = EK (1),

RK2=EK(2RK1),

RK3=EK(K3RK2),

RK4=Ek(K4 RK3),

RK5 =Ek(K2 (1) RK4),

RK6=EK(2  (2) RK5),

RK7 =(3  (4) RK6), RK8 =Ek(K4 (8) RK7).(1.14)


8 DES 8 DES . , .

, 64- RKi DES, RKi i- . , 64 RKi, , .

, -, , , , -, s 64 , s s 56 , , , . , DES, - - DES. , 64 , , . , , , , DEAL'y, .

(i) . , , . , DEAL-128 K1 = K2 = Dk(0) 6 0. .

, , 112, 168 224 .

DEAL ? , [15], DEAL meet-in-the-middle ( ), DES, 2168 , 2224 DEAL , . , DEAL-256 8 . DEAL-128 2112 .

DEAL ( ) - 6- , DEAL, 2121 DES, 270 , . , XOR.

DEAL.

-DEAL 128 128, 192 256 ( , , - 112, 168 224 ).

- - 264 -.

- , .

- DEAL , DES.

- DEAL .

- DEAL DES.

- .

, , , DEAL .

DEAL:

- DEAL-192 DEAL-256.

DES, 256 DEAL-192, DES, 256 DEAL-256.

- DEAL-128 , 264 .

- - (related-key attack) DEAL-192 DEAL-256, , 233 , 3*245 2137 DEAL, DEAL-192 DEAL-256. ( ).

- . DEAL-192 , (Biham's) DES; DEAL-256 , DEAL-192 [15].

, . , DEAL . DEAL AES, , . AES, " DES" DEAL .

DEAL - .

, "" DEAL 2137 DEAL, 3*245 , 233 . -.

, 3*269 , 2113 , . , (Bi ham's) DES, 233 , , 288 . , 2113 , 3*269 , , 233 , 232 , , . , 2119 , 264 270 .

: , " " (key shedule), . , , . DEAL - , . , , .

1.3 Crypton

Crypton Future Systems, 1980- . [15],[16] , SQUARE ( ). " ", (, DES CAST). - SP-, .. -, . , , , .

Crypton, Square, , , .

1.3.1 CRYPTON

CRYPTON [16] CRYPTON, 128 4´4 . CRYPTON : byte-wise substitutions( ), column-wise bit permutation( ), column-to-row transposition ( ), key addition( ). 4 . . 1.1 CRYPTON.


.1.1 CRYPTON.

CRYPTON :

- 12- ( ) 128 256 .

- .

- : ANDS/XORS, CRYPTON .

- : , , (, -).


1.3.2

1.3.2.1 g

CRYPTON , 8´8 S-, Si(0 ≤i ≤3). S- 8´8 S- S ( , S = S-1) S2=S0-1 S3=S1-1. S- S , .

 S- 4´4 . :  e . 1.2. , S- , 4´4 A:

go (ge (A)) = ge (go (A)) = A. (1.1)

, .

A[0]

a03

a02

a01

a00

B[0]

S3(a03)

S2(a02)

S1(a01)

S0(a00)

A[1]

a13

a12

a11

a10

o

B[1]

S0(a13)

S3(a12)

S2(a11)

S1(a10)

A[2]

a23

a22

a21

a20

Þ B[2]

S1(a23)

S0(a22)

S3(a21)

S2(a20)

A[3]

a33

a32

a31

a30

B[3]

S2(a33)

S1(a32)

S0(a31)

S3(a30)

A[0]

a03

a02

a01

a00

B[0]

S1(a03)

S0(a02)

S3(a01)

S2(a00)

A[1]

a13

a12

a11

a10

e

B[1]

S2(a13)

S1(a12)

S0(a11)

S3(a10)

A[2]

a23

a22

a21

a20

Þ B[2]

S3(a23)

S2(a22)

S1(a21)

S0(a20)

A[3]

a33

a32

a31

a30

B[3]

S0(a33)

S3(a32)

S2(a31)

S1(a30)

.1.2 g


1.3.2.2 p t

, CRYPTON . - 4×4 - .

(M3, M2, M1, M0) ,  :

M0 = m3 || m2 || m1 || m0 = 0x3fcff3fc,

M1 = m0 || m3 || m2 || m1 = 0xfc3fcff3,

M2 = m1 || m0 || m3 || m2 = 0xf3fc3fcf,

M3 = m2 || m1 || m0 || m3 = 0xcff3fc3f, (1.3)

m0 = 0xfc, m1 = 0xf3, m2 = 0xcf, m3 = 0x3f. , ;e . :

- o : B = o(A) :

B[0] ß (A[3] Ù M3) Å (A[2] Ù M2) Å (A[1] Ù M1) Å (A[0] Ù M0),

B[1] ß (A[3] Ù M0) Å (A[2] Ù M3) Å (A[1] Ù M2) Å (A[0] Ù M1),

B[2] ß (A[3] Ù M1) Å (A[2] Ù M0) Å (A[1] Ù M3) Å (A[0] Ù M2),

B[3] ß (A[3] Ù M2) Å (A[2] Ù M1) Å (A[1] Ù M0) Å (A[0] Ù M3). (1.4)

- e : B=e(A) :

B[0] ß (A[3] Ù M1) Å (A[2] Ù M0) Å (A[1] Ù M3) Å (A[0] Ù M2),

B[1] ß (A[3] Ù M2) Å (A[2] Ù M1) Å (A[1] Ù M0) Å (A[0] Ù M3),

B[2] ß (A[3] Ù M3) Å (A[2] Ù M2) Å (A[1] Ù M1) Å (A[0] Ù M0),

B[3] ß (A[3] Ù M0) Å (A[2] Ù M3) Å (A[1] Ù M2) Å (A[0] Ù M1). (1.5)

 4×4 , (i, j)- (j, i)- (. 1.3 B=

A[0]

a03

a02

a01

a00

B[0]

a30

a20

a10

a00

A[1]

a13

a12

a11

a10

B[1]

a31

a22

a11

a01

A[2]

a23

a22

a21

a20

Þ
B[2]

a32

a22

a12

a02

A[3]

a33

a32

a31

a30

B[3]

a33

a23

a13

a03

. 1.3 t

1.3.2.3 s

EXOR. (key schedule).

K = (K[3], K[2], K[1], K[0])t, B = (A) B[i] = A[i] Å K[i], i = 0, 1, 2, 3.

1.3.2.4 r

CRYPTON S-, -, - . , , ( K)

roK = sK t ◦ po ◦ g o

r = 1, 3, ... etc.,(1.6)


reK = sK t ◦ pe ◦ ge for r = 2, 4, ... etc. (1.7)

1.3.3

EK r- CRYPTON K r/2 e . , .

1.3.4

R- CRYPTON 4 (r + 1) 32- . 8k (k = 0,1, ..., 32) : 8 , .

1.4

: () . () () [18]. , , . , , , , . . ( ) - (, "", ) ( ), , .

, . , , : . , , , , . , , . , , , , . , , ( ), , , ( ), ( ). , , .

() "" , , , [19]. , . . , . , .

(, ), , , , , , . , .

, , . ( , ) . , . , , . , . , .

.

[20]. , . . ( ) , . , . - -- , . , . 28147-89, DES, FEAL.

( , - , , ).

, . , . , , , , .

, , , , .

. , () , , , .

1.11 [21].

, , . , .

( ) - . ( ) Z (, ).

. 1.11


. .

1.11. . , . . , , .

:

Y = E(X), X = D(Y)(1.16)

, DE . Z. ( , , , . , . , , , ). , .

, ( ). , . , ( ), , , , , , . , . , . ( ). , , , . .

. . . . , . , . ( , , , ). , , , . , , , , .

. , , , , , . , , . "" , . . , , , , . , , "".

, .

" " ( - ). -, , . . , , , .

, . . .

, " " : , . . , , , . "" .

, . , , , . , .

, . , , . , .

1970- . , . . -, , -, . -, , , , . , , , - "", .

1970- . . -, . -, , , . , , , . , , , .

, , , . , , , , . , , .

, , , . , . , , , , , , . ( .) , , , , , .

, , , . , .

, : , , ..

, , . , , , , . , .

( RSA), , . , .

[21] () . . 1990 . - , r . , . , .

, (, , , ..), .

. , .

2 . - ( )

DES 247 .

1.5

, Crypton : ANDS/XORS, CRYPTON , , . Crypton , 12- ( ) 128 128 . 4- Crypton , .

Crypton .


2. CRYPTON

2.1 Crypton

Crypton . 128 . [22].

, (State). 16 , . . , . .

GF(28), . Z2:

,

i- (0 1).

"". Z2 (1+1=0).

. Z2

.

(Key Schedule, Key Expansion). 4 ( 4 ) (). r- 4 r- , . , :

1.  BS (Byte Substitution): S ( S-, Sbox) . .

2.  SR (Shift Rows): .

3.  MC (Mix Columns): . , :

: .

4.  KA (Key Addition): .

MC. 2 , Ar-1 Ar:

(1)

(2)

 

2.2 Crypton

Crypton [22]. 4 .

. 4- Crypton ( Crypton 12 ) , .

.

Λ- 256 ( State), ( ), 256 . () 256 Λ-. .. : , .

Λk Λ- c k .

Pr r.

Λ- . BS KA Λ- Λ- , . SR . MC Λ- Λ- (. . Λ-). MC ( ) , .

Λ1-, . .. 256 , . . MC 4 , .. P1 Λ4. 4 4 SR, P2 Λ16. MC , 4 , . Λ- , MC .

Λ- 2 () , , , .. . , ( ) "" (.. ), , 256 , .

MC A B. , , :

, P3 Λ16, .. ( ). BS. Kr L-, :

Lr Kr, . Q4 256 : . Q4 P4 2 SR-1 MC-1 .

4- Crypton.

,

4- , P3. .

, . . , () , . , [22].


2.3

Crypton . - Intel Pentium , - Windows 95 + IE 4.0 .

:

- ;

- ;

- 128 .

:

1. ENCRDECR.EXE .2.1

2. "0" ;

3. . 2.2

2.1


2.2

4. .

:

1.  ENCRDECR.EXE .2.1

2.  "1" ;

3.  . 2.3

2.3


5. .

:

1. ENCRDECR.EXE .2.1

2. "2" ;

3. . 2.4

2.4 .

.2.5


3.

3.1

- (). . , [23, 12, 16].

, 463 ( 242). 1 , 6 2. 2 (2 ). .

0.00-1.31-99 - 12 2 , 36 3 6 2 20 3 .

"--" ("--"), 2 " ", "" (), "" (). "" ( ) " ".

"" :

1 , ;

2 , "" -, .;

3 , ;

( ).

"" :

1 ( );

2 (, );

3 (, , ) ( 1).

1. "--"

. 1. :

1 - (1-1) ();

2 - (-1) , ( );

3 - (1-) ( );

4 - (2-) "" "" (, ) ;

5 - (-3) "" "" (, );

6 - (-1) "" "" ( );

7 - (1-) "" "" (.. , );

8 - (-1, -2, -3) "" "" ( );

9 - (1-3) (, );

10 - (1-2) ;

11 - (3-3) ;

12 - (1-1) , ( , );

13 - (1-2) ;

14 - (3-1) .

( ) (). 1. , [24] 12.0.003-74 . , , . .

:

- ;

- ;

- ;

- ;

- ;

- ;

- ;

-

- ;

- , ;

- ()

1.

1.


1 , . . .

3.2

, , 50 , 220/380 . 12.1.030-81 , , .

. , 50% . , . , . 0,1-0,2 .

, , . . 30 -85.

1 , , . 500 .

.

: , ; ; , , , .

0.00-4.12-99 [25] , , , .

. , .

. . 1 6 .

, , .

, .

0.00-4.12-99.

3.3

0.00-1.31-99 " 1" - , . 12.0.005-88, 2.

() . .

2.

, . , %

, /

22-24 40-60 0.1
23-25 40-60 0.1

ˠ . () , . ( ). ˠ[26].

, ,

Q = 860∙N1∙K2 ∙K2 = 860∙0,8∙0,95∙1 = 654 (/),

(3.1)

;

, 0.95;

, 1.

, ,


Q = 0,5∙n∙g = 0,5∙2∙120 = 120 (/),

(3.2)

, 2 .;

, , 1 100-125 /, 120 /.

, ,

Q = k∙ E∙ S = 0,05∙300∙24 = 360 (/),

(3.3)

, 300 ;

S - , 24 ..;

k ,0,05 / 2.

, , :

Q = nc∙kc∙S = 86∙6∙1,15 = 593,4 (/),

(3.4)

, , 86 /;

, , 1.15;

, 6 2.

Q = 654+120+360+593,4 = 1727,4 (/) 2 . (3.5)

L= Q∙(1/(c∙r(t t))) = 1727,4∙(1/(0,24∙ 1,29(27-18)) = 619 (3/)(3.6)

, 0.24 /;

, 1.29 / 3;

, 270;

, 180.

L. = Lrc(t- t)

L. =6191,290,24 (32-18)=2683 (3/)

SamsungAW 05EO.

( , .) [27]. 4 III . 20 2 , 1,5 2, 5 5-15 . 60 .

0.00-1.31-99. , , :

- 1 ;

- 2,5 .

2.


2. , .

2. :

1, 2 , 1,2

3.4

- , , [28]. , , :

-  ;

-  ;

-  ;

-  ;

-  ;

-  .

24-86, . - 2.01.02-85, -II, -87. 12.1.004-91* 2272-93 , . - . :

-  ;

-  ;

- ;

- .

10 , . 34.21.122-87.

, -II- IP44 IP2X . -87[29].

:

-  ;

-  , -2, 1 . 20 2 , ;

-  ;

-  1 10 2;

-  ;

- .

:

-  1,5 ;

-  2,0 ;

-  1,8 ;

-  ;

- 100. :

-  ;

-  , .

3.5

.. , , .

3.6

.. , .


( , , , ..) . .

, - .

, , .

, , , :

- Crypton,

- Crypton,

- , Crypton .

.

C++, Borland C++ v 3.1.

:

- Crypton;

- Crypton.

:

- ;

;

- Crypton .

" " . . .


crypton

<encrdecr.cpp>

#include <stdio.h>

#include <string.h>

#include <conio.h>

#include <io.h>

#include <fcntl.h>

#include <iostream.h>

#include <sys/stat.h>

#include <stdlib.h>

#include "std_defs.h"

#include "crypton.h"

#include "atack.h"

void atack(int);

int main()

{

clrscr();

int i,q,f1,f2;

char f_nam1[111];

char f_nam2[111];

char f_nam3[111];

char w;

union

{

u1byte a1[4][4];

u4byte a4[4];

}

st,st1,st2,k;

for(i=0;i<4;i++)

k.a4[i]=0;

set_key(k.a4,128);

printf("encript/decrypt/atack(0/1/2)?");

cout<<'\n';

w=getch();

if((w!='0')&&(w!='1')&&(w!='2'))

exit(3);

if(w=='2')

{

cout<<"Enter name of atacking file"<<'\n';

gets(f_nam3);

f2=open(f_nam3,O_RDONLY|O_BINARY);

if(f2==-1)

{

close(f2);

exit(1);

}

atack(f2);

}

if(w=='0')

{

cout<<"Enter name of opening file"<<'\n';

gets(f_nam1);

cout<<"Enter name of encription file"<<'\n';

gets(f_nam2);

f1=open(f_nam1,O_RDONLY|O_BINARY);

if(f1==-1)

{ // perror(f_nam1);

puts(f_nam1);

cout<<'\n';

puts(f_nam2);

close(f1);

exit(1);

}

f2=open(f_nam2,O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,S_IWRITE);

if(f2==-1)

{

close(f2);

exit(2);

}

do

{

q=read(f1,&st.a1[0][0],16);

if(q==16)

{

encrypt(st.a4, st1.a4);

write(f2,&st1.a1[0][0],16);

}

else

{

if(q>0)

{

for(i=0;i<4;i++)

st2.a4[i]=0;

for(i=0;i<q;i++)

{

st2.a1[i/4][i%4]=st.a1[i/4][i%4];

}

encrypt(st2.a4,st1.a4);

write(f2,&st1.a1[0][0],16);

}

}

}

while(q==16);

close(f1);

close(f2);

}

if(w=='1')

{

cout<<"Enter name of encription file"<<'\n';

gets(f_nam2);

cout<<"Enter name of decription file"<<'\n';

gets(f_nam3);

f1=open(f_nam2,O_RDONLY|O_BINARY);

if(f1==-1)

{

close(f1);

exit(1);

}

f2=open(f_nam3,O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,S_IWRITE);

if(f2==-1)

{

close(f2);

exit(2);

}

do

{

q=read(f1,&st.a1[0][0],16);

if(q==16)

{

decrypt(st.a4, st1.a4);

write(f2,&st1.a1[0][0],16);

}

else

{

if(q>0)

{

for(i=0;i<4;i++)

st2.a4[i]=0;

for(i=0;i<q;i++)

{

st2.a1[i/4][i%4]=st.a1[i/4][i%4];

}

decrypt(st2.a4,st1.a4);

write(f2,&st1.a1[0][0],16);

}

}

}

while(q==16);

close(f1);

close(f2);

}

return 0;

}

<crypton.h>

#include "std_defs.h"

static char *alg_name[] = { "crypton", "crypton.c" };

char **cipher_name()

{

return alg_name;

}

#define gamma_tau(x,b,m,p,q) \

(x) = (((u4byte)s_box[p][byte(b[0],m)] ) | \

((u4byte)s_box[q][byte(b[1],m)] << 8) | \

((u4byte)s_box[p][byte(b[2],m)] << 16) | \

((u4byte)s_box[q][byte(b[3],m)] << 24))

#define ma_0 0x3fcff3fc

#define ma_1 0xfc3fcff3

#define ma_2 0xf3fc3fcf

#define ma_3 0xcff3fc3f

#define mb_0 0xcffccffc

#define mb_1 0xf33ff33f

#define mb_2 0xfccffccf

#define mb_3 0x3ff33ff3

#define pi(b,n0,n1,n2,n3) \

(((b)[0] & ma_##n0) ^ \

((b)[1] & ma_##n1) ^ \

((b)[2] & ma_##n2) ^ \

((b)[3] & ma_##n3))

#define phi_n(x,n0,n1,n2,n3) \

( (x) & mb_##n0) ^ \

(rotl((x), 8) & mb_##n1) ^ \

(rotl((x), 16) & mb_##n2) ^ \

(rotl((x), 24) & mb_##n3)

#define phi_00(x) phi_n(x,0,1,2,3)

#define phi_01(x) phi_n(x,3,0,1,2)

#define phi_02(x) phi_n(x,2,3,0,1)

#define phi_03(x) phi_n(x,1,2,3,0)

#define phi_10(x) phi_n(x,3,0,1,2)

#define phi_11(x) phi_n(x,2,3,0,1)

#define phi_12(x) phi_n(x,1,2,3,0)

#define phi_13(x) phi_n(x,0,1,2,3)

#define phi0(x,y) \

(y)[0] = phi_00((x)[0]); \

(y)[1] = phi_01((x)[1]); \

(y)[2] = phi_02((x)[2]); \

(y)[3] = phi_03((x)[3])

#define phi1(x,y) \

(y)[0] = phi_10((x)[0]); \

(y)[1] = phi_11((x)[1]); \

(y)[2] = phi_12((x)[2]); \

(y)[3] = phi_13((x)[3])

u1byte p_box[3][16] =

{ { 15, 9, 6, 8, 9, 9, 4, 12, 6, 2, 6, 10, 1, 3, 5, 15 },

{ 10, 15, 4, 7, 5, 2, 14, 6, 9, 3, 12, 8, 13, 1, 11, 0 },

{ 0, 4, 8, 4, 2, 15, 8, 13, 1, 1, 15, 7, 2, 11, 14, 15 }

};

u4byte tab_gen = 0;

u1byte s_box[2][256];

u4byte s_tab[4][256];

u4byte l_key[104];

u4byte *e_key = l_key + 52;

u4byte *d_key = l_key;

void gen_tab(void)

{ u4byte i, xl, xr, yl, yr;

for(i = 0; i < 256; ++i)

{

xl = (i & 0xf0) >> 4; xr = i & 15;

yr = xr ^ p_box[1][xl ^ p_box[0][xr]];

yl = xl ^ p_box[0][xr] ^ p_box[2][yr];

yr |= (yl << 4); s_box[0][i] = (u1byte)yr; s_box[1][yr] = (u1byte)i;

xr = yr * 0x01010101; xl = i * 0x01010101;

s_tab[0][ i] = xr & 0x3fcff3fc;

s_tab[1][yr] = xl & 0xfc3fcff3;

s_tab[2][ i] = xr & 0xf3fc3fcf;

s_tab[3][yr] = xl & 0xcff3fc3f;

}

};

/* initialise the key schedule from the user supplied key */

u4byte kp[4] = { 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f };

u4byte kq[4] = { 0x9b05688c, 0x1f83d9ab, 0x5be0cd19, 0xcbbb9d5d };

#define h0_block(n,r0,r1) \

e_key[4 * n + 8] = rotl(e_key[4 * n + 0], r0); \

e_key[4 * n + 9] = rc ^ e_key[4 * n + 1]; \

e_key[4 * n + 10] = rotl(e_key[4 * n + 2], r1); \

e_key[4 * n + 11] = rc ^ e_key[4 * n + 3]

#define h1_block(n,r0,r1) \

e_key[4 * n + 8] = rc ^ e_key[4 * n + 0]; \

e_key[4 * n + 9] = rotl(e_key[4 * n + 1], r0); \

e_key[4 * n + 10] = rc ^ e_key[4 * n + 2]; \

e_key[4 * n + 11] = rotl(e_key[4 * n + 3], r1)

u4byte *set_key(const u4byte in_key[], const u4byte key_len)

{ u4byte i, rc, t0, t1, tmp[4];

if(!tab_gen)

{

gen_tab(); tab_gen = 1;

}

e_key[2] = e_key[3] = e_key[6] = e_key[7] = 0;

switch((key_len + 63) / 64)

{

case 4: e_key[3] = in_key[6]; e_key[7] = in_key[7];

case 3: e_key[2] = in_key[4]; e_key[6] = in_key[5];

case 2: e_key[0] = in_key[0]; e_key[4] = in_key[1];

e_key[1] = in_key[2]; e_key[5] = in_key[3];

}

tmp[0] = pi(e_key, 0, 1, 2, 3) ^ kp[0];

tmp[1] = pi(e_key, 1, 2, 3, 0) ^ kp[1];

tmp[2] = pi(e_key, 2, 3, 0, 1) ^ kp[2];

tmp[3] = pi(e_key, 3, 0, 1, 2) ^ kp[3];

gamma_tau(e_key[0], tmp, 0, 0, 1);

gamma_tau(e_key[1], tmp, 1, 1, 0);

gamma_tau(e_key[2], tmp, 2, 0, 1);

gamma_tau(e_key[3], tmp, 3, 1, 0);

tmp[0] = pi(e_key + 4, 1, 2, 3, 0) ^ kq[0];

tmp[1] = pi(e_key + 4, 2, 3, 0, 1) ^ kq[1];

tmp[2] = pi(e_key + 4, 3, 0, 1, 2) ^ kq[2];

tmp[3] = pi(e_key + 4, 0, 1, 2, 3) ^ kq[3];

gamma_tau(e_key[4], tmp, 0, 1, 0);

gamma_tau(e_key[5], tmp, 1, 0, 1);

gamma_tau(e_key[6], tmp, 2, 1, 0);

gamma_tau(e_key[7], tmp, 3, 0, 1);

t0 = e_key[0] ^ e_key[1] ^ e_key[2] ^ e_key[3];

t1 = e_key[4] ^ e_key[5] ^ e_key[6] ^ e_key[7];

e_key[0] ^= t1; e_key[1] ^= t1;

e_key[2] ^= t1; e_key[3] ^= t1;

e_key[4] ^= t0; e_key[5] ^= t0;

e_key[6] ^= t0; e_key[7] ^= t0;

rc = 0x01010101;

h0_block( 0, 8, 16); h1_block(1, 16, 24); rc <<= 1;

h1_block( 2, 24, 8); h0_block(3, 8, 16); rc <<= 1;

h0_block( 4, 16, 24); h1_block(5, 24, 8); rc <<= 1;

h1_block( 6, 8, 16); h0_block(7, 16, 24); rc <<= 1;

h0_block( 8, 24, 8); h1_block(9, 8, 16); rc <<= 1;

h1_block(10, 16, 24);

for(i = 0; i < 13; ++i)

{

if(i & 1)

{

phi0(e_key + 4 * i, d_key + 48 - 4 * i);

}

else

{

phi1(e_key + 4 * i, d_key + 48 - 4 * i);

}

}

phi1(e_key + 48, e_key + 48);

phi1(d_key + 48, d_key + 48);

return l_key;

};

/* encrypt a block of text */

#define fr0(i,k) \

b1[i] = s_tab[ (i) ][byte(b0[0],i)] ^ \

s_tab[((i) + 1) & 3][byte(b0[1],i)] ^ \

s_tab[((i) + 2) & 3][byte(b0[2],i)] ^ \

s_tab[((i) + 3) & 3][byte(b0[3],i)] ^ (k)

#define fr1(i,k) \

b0[i] = s_tab[((i) + 1) & 3][byte(b1[0],i)] ^ \

s_tab[((i) + 2) & 3][byte(b1[1],i)] ^ \

s_tab[((i) + 3) & 3][byte(b1[2],i)] ^ \

s_tab[(i) ][byte(b1[3],i)] ^ (k)

#define f0_rnd(kp) \

fr0(0,(kp)[0]); fr0(1,(kp)[1]); \

fr0(2,(kp)[2]); fr0(3,(kp)[3])

#define f1_rnd(kp) \

fr1(0,(kp)[0]); fr1(1,(kp)[1]); \

fr1(2,(kp)[2]); fr1(3,(kp)[3])

void encrypt(const u4byte in_blk[4], u4byte out_blk[4])

{ u4byte b0[4], b1[4];

b0[0] = in_blk[0] ^ e_key[0];

b0[1] = in_blk[1] ^ e_key[1];

b0[2] = in_blk[2] ^ e_key[2];

b0[3] = in_blk[3] ^ e_key[3];

f0_rnd(e_key + 4); f1_rnd(e_key + 8);

f0_rnd(e_key + 12); f1_rnd(e_key + 16);

f0_rnd(e_key + 20); f1_rnd(e_key + 24);

f0_rnd(e_key + 28); f1_rnd(e_key + 32);

f0_rnd(e_key + 36); f1_rnd(e_key + 40);

f0_rnd(e_key + 44);

gamma_tau(b0[0], b1, 0, 1, 0);

gamma_tau(b0[1], b1, 1, 0, 1);

gamma_tau(b0[2], b1, 2, 1, 0);

gamma_tau(b0[3], b1, 3, 0, 1);

out_blk[0] = b0[0] ^ e_key[48];

out_blk[1] = b0[1] ^ e_key[49];

out_blk[2] = b0[2] ^ e_key[50];

out_blk[3] = b0[3] ^ e_key[51];

};

/* decrypt a block of text */

void decrypt(const u4byte in_blk[4], u4byte out_blk[4])

{ u4byte b0[4], b1[4];

b0[0] = in_blk[0] ^ d_key[0];

b0[1] = in_blk[1] ^ d_key[1];

b0[2] = in_blk[2] ^ d_key[2];

b0[3] = in_blk[3] ^ d_key[3];

f0_rnd(d_key + 4); f1_rnd(d_key + 8);

f0_rnd(d_key + 12); f1_rnd(d_key + 16);

f0_rnd(d_key + 20); f1_rnd(d_key + 24);

f0_rnd(d_key + 28); f1_rnd(d_key + 32);

f0_rnd(d_key + 36); f1_rnd(d_key + 40);

f0_rnd(d_key + 44);

gamma_tau(b0[0], b1, 0, 1, 0);

gamma_tau(b0[1], b1, 1, 0, 1);

gamma_tau(b0[2], b1, 2, 1, 0);

gamma_tau(b0[3], b1, 3, 0, 1);

out_blk[0] = b0[0] ^ d_key[48];

out_blk[1] = b0[1] ^ d_key[49];

out_blk[2] = b0[2] ^ d_key[50];

out_blk[3] = b0[3] ^ d_key[51];

}

<STD_DEFS.H>

/* 1. Standard types for AES cryptography source code */

typedef unsigned char u1byte; /* an 8 bit unsigned character type */

typedef unsigned short u2byte; /* a 16 bit unsigned integer type */

typedef unsigned long u4byte; /* a 32 bit unsigned integer type */

typedef signed char s1byte; /* an 8 bit signed character type */

typedef signed short s2byte; /* a 16 bit signed integer type */

typedef signed long s4byte; /* a 32 bit signed integer type */

/* 2. Standard interface for AES cryptographic routines */

/* These are all based on 32 bit unsigned values and will therefore */

/* require endian conversions for big-endian architectures */

#ifdef __cplusplus

extern "C"

{

#endif

char **cipher_name(void);

u4byte *set_key(const u4byte in_key[], const u4byte key_len);

void encrypt(const u4byte in_blk[4], u4byte out_blk[4]);

void decrypt(const u4byte in_blk[4], u4byte out_blk[4]);

#ifdef __cplusplus

};

#endif

/* 3. Basic macros for speeding up generic operations */

/* Circular rotate of 32 bit values */

#ifdef _MSC_VER

# include <stdlib.h>

# pragma intrinsic(_lrotr,_lrotl)

# define rotr(x,n) _lrotr(x,n)

# define rotl(x,n) _lrotl(x,n)

#else

#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n))))

#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n))))

#endif

/* Invert byte order in a 32 bit variable */

#define bswap(x) (rotl(x, 8) & 0x00ff00ff | rotr(x, 8) & 0xff00ff00)

/* Extract byte from a 32 bit quantity (little endian notation) */

#define byte(x,n) ((u1byte)((x) >> (8 * n)))

/* For inverting byte order in input/output 32 bit words if needed */

#ifdef BLOCK_SWAP

#define BYTE_SWAP

#define WORD_SWAP

#endif

#ifdef BYTE_SWAP

#define io_swap(x) bswap(x)

#else

#define io_swap(x) (x)

#endif

/* For inverting the byte order of input/output blocks if needed */

#ifdef WORD_SWAP

#define get_block(x) \

((u4byte*)(x))[0] = io_swap(in_blk[3]); \

((u4byte*)(x))[1] = io_swap(in_blk[2]); \

((u4byte*)(x))[2] = io_swap(in_blk[1]); \

((u4byte*)(x))[3] = io_swap(in_blk[0])

#define put_block(x) \

out_blk[3] = io_swap(((u4byte*)(x))[0]); \

out_blk[2] = io_swap(((u4byte*)(x))[1]); \

out_blk[1] = io_swap(((u4byte*)(x))[2]); \

out_blk[0] = io_swap(((u4byte*)(x))[3])

#define get_key(x,len) \

((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \

((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \

switch((((len) + 63) / 64)) { \

case 2: \

((u4byte*)(x))[0] = io_swap(in_key[3]); \

((u4byte*)(x))[1] = io_swap(in_key[2]); \

((u4byte*)(x))[2] = io_swap(in_key[1]); \

((u4byte*)(x))[3] = io_swap(in_key[0]); \

break; \

case 3: \

((u4byte*)(x))[0] = io_swap(in_key[5]); \

((u4byte*)(x))[1] = io_swap(in_key[4]); \

((u4byte*)(x))[2] = io_swap(in_key[3]); \

((u4byte*)(x))[3] = io_swap(in_key[2]); \

((u4byte*)(x))[4] = io_swap(in_key[1]); \

((u4byte*)(x))[5] = io_swap(in_key[0]); \

break; \

case 4: \

((u4byte*)(x))[0] = io_swap(in_key[7]); \

((u4byte*)(x))[1] = io_swap(in_key[6]); \

((u4byte*)(x))[2] = io_swap(in_key[5]); \

((u4byte*)(x))[3] = io_swap(in_key[4]); \

((u4byte*)(x))[4] = io_swap(in_key[3]); \

((u4byte*)(x))[5] = io_swap(in_key[2]); \

((u4byte*)(x))[6] = io_swap(in_key[1]); \

((u4byte*)(x))[7] = io_swap(in_key[0]); \

}

#else

#define get_block(x) \

((u4byte*)(x))[0] = io_swap(in_blk[0]); \

((u4byte*)(x))[1] = io_swap(in_blk[1]); \

((u4byte*)(x))[2] = io_swap(in_blk[2]); \

((u4byte*)(x))[3] = io_swap(in_blk[3])

#define put_block(x) \

out_blk[0] = io_swap(((u4byte*)(x))[0]); \

out_blk[1] = io_swap(((u4byte*)(x))[1]); \

out_blk[2] = io_swap(((u4byte*)(x))[2]); \

out_blk[3] = io_swap(((u4byte*)(x))[3])

#define get_key(x,len) \

((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \

((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \

switch((((len) + 63) / 64)) { \

case 4: \

((u4byte*)(x))[6] = io_swap(in_key[6]); \

((u4byte*)(x))[7] = io_swap(in_key[7]); \

case 3: \

((u4byte*)(x))[4] = io_swap(in_key[4]); \

((u4byte*)(x))[5] = io_swap(in_key[5]); \

case 2: \

((u4byte*)(x))[0] = io_swap(in_key[0]); \

((u4byte*)(x))[1] = io_swap(in_key[1]); \

((u4byte*)(x))[2] = io_swap(in_key[2]); \

((u4byte*)(x))[3] = io_swap(in_key[3]); \

}

#endif

#define beg /*

#define en */

<TACK.H>

#ifndef ATACH.H_H #define ATACH.H_H

#define ENCRYPT 0 #define DECRYPT 1

include "StdAfx.h" #include "Resource.h" include "winaesDlg.h"

define ROTL(x) ( ( (x) "7) | ( (x) "1) )

define R0TL8 (x) ( ( (x) "8) | ( (x) "24) ) define R0TL16(x) ( ( (x) "16) I ( (x) "16) ) define ROTL24 (x) ( ( (x) "24) | ( (x) "8) )

int KeyExpansion(CWinaesDlg* dig, int nb,int nk, BYTE* key); void Encrypt(CWinaesDlg* dig, BYTE* buff, BYTE* result); void InvDecrypt(CWinaesDlg* dig, BYTE* buff, BYTE* result); void EquDecrypt(CWinaesDlg* dig, BYTE* buff, BYTE* result);

int blockEncrypt(CWinaesDlg* dig, BYTE *input, int inputLen, BYTE* result, int cipher_mode); int blockDecrypt(CWinaesDlg* dig, BYTE *input, int inputLen, BYTE* result, int decrypt_mode, int cipher_mode);

endif

ATACH.H.CPP

include <stdio.h> include <stdlib.h> include "Rijndael.h" include "service.h"

define BPOLY (BYTE) Oxllb define MPOLY (BYTE) 0x101

BYTE Co[4]={0x3,0xl,0xl,0x2};

BYTE InvCo[4]={0xB,0xD,0x9,0xE};

int N, Nk, Nb, Nr;

DWORD fkey[120];

DWORD ikey[120]; // inverse key

DWORD ekey[120]; // equivalent key

BYTE subbytes[256] ; BYTE invsubbytes[256] ;

BYTE shfts[3][4];

static char strTmp[260], Tmp[260]; static DWORD s[8];

void ResetShifts() {

for (int i=0; i<3; i++)

for (int j=0; j<4; j++)

if (i==2 && j==3) shfts[i][j]=4; else shfts[i][j]=j;

void shiftrow(BYTE* row, int n, int direct)

BYTE t; int j ;

if (n)

for (int i=0; i<n; i++) switch (direct)

case ENCRYPT:

t=row[0];

for (j=l; j<Nb; j++) row[j-l]=row[j] ; row [Nb-1 Inbreak;

case DECRYPT:

t=row[Nb-l];

for (j = Nb-1; j>0; j--) row[j]=row[j-1] ,

row[0]=t;

break;

void ShifRows(BYTE* s, int direct)

BYTE temp[8]; int i, j;

for (i=0;i<4;i++)

for (j=0;j<Nb;j++) temp[j]=s[j*4+i];

shiftrow( temp, shfts[Nb/2-2][i], direct),

for (j=0;j<Nb;j++) s[j*4+i]=temp[j]; }

static DWORD pack(BYTE *b)

{

return ( (DWORD)b[3]"24) | ( (DWORD)b [2] "16) | ( (DWORD) b [1 ] "8) | (DWORD)b[0],

static void unpack(DWORD a,BYTE *b) {

b[0] = (BYTE)a;

b[l] = (BYTE) (a"8) ;

b[2] = (BYTE) (a"16) ;

b[3] = (BYTE) (a"24) ; }

static BYTE xtime(BYTE a, BYTE mod) {

return ( ( a & 0x80) ? a"lAmod

static BYTE add (BYTE a, BYTE b) {return ;}

static BYTE bmul(BYTE a,BYTE b, BYTE mod) {

BYTE t,s, u;

u=b; t=a; s=0;

while (u) {

if(u & 1) =;

u"=l ;

t=xtime(t, mod);

return (s); }

static BYTE square(BYTE a, BYTE mod) {

return (bmul(a,a, mod)); }

static BYTE product(DWORD x,DWORD y, BYTE mod) {

BYTE xb [ 4 ] , yb [ 4 ] ;

unpack(x,xb);

unpack(y,yb);

return bmul(xb[0],yb[0], mod)1(xb[1],yb[1], mod)1(xb[2],yb[2], mod)1(xb[3],yb[3], mod) ; }

static BYTE finv(const BYTE x, BYTE mod) {

BYTE result = x;

for (int i=l; i<7; i++) result = bmul(square(result , mod), x, mod);

return square(result, mod); }

BYTE SBinvModulo; BYTE SBmulModulo; BYTE SBmulConstl; BYTE SBmulConst2; BYTE SBaddConstl; BYTE SBaddConst2;

static BYTE ByteSubOLD(BYTE x) BYTE result=x;

result = finv( result , SBinvModulo);

result = bmul( SBmulConstl, result, SBmulModulo);

result = add( result, SBaddConstl);

return result; }

static BYTE InvByteSubOLD(BYTE x) BYTE result=x;

result = bmul( SBmulConst2, result, SBmulModulo); result = add(result, SBaddConst2); result = finv( result, SBinvModulo); return result;

void FillTables(int mode)

for (int i=0; i<256;

if (mode & 1) subbytes[i]= ByteSubOLD(i);

if (mode & 2) invsubbytes[i]= InvByteSubOLD(i)

void ResetTables()

Encrypt(dig, iv, block);

for (1 = k; (1 < (k + OFB_bits)) && (1 < (Nb"5) ) ; 1++) {

result[1 " 3] = (block[0] & 0x80U) " (1 & 7);

for (j = 0; j < (Nb"2)-1; j++) {

iv[j] = <iv[j] " 1) | (iv[j + 1] " 7);

block[j] = (block[j] " 1) | (block[j + 17);

1] " 1) | ((block[0] & 0x80U) " 7 );

} }

if (OFB_Debug) {

CharStr2HexStr((BYTE*)input, Tmp, Nb*4); sprintf(strTmp," in[%04u]=%s", i, Tmp); dlg->m_eDebug.AddString(strTmp);

CharStr2HexStr((BYTE*)result, Tmp, Nb*4); sprintf(strTmp,"out[%04u]=%s", i, Tmp); dlg->m_eDebug.AddString(strTmp); }

result += Nb"2;

input += Nb"2; }

free(iv); break;

case MODE_CTR:

iv = (BYTE*) malloc(Nb"2) ; memcpy(iv, cipher_IV, Nb"2);

for (i = 1; i <= numBlocks; i++) {

if (CTR_Debug) {

//CharStr2HexStr((BYTE*)s, Tmp, Nb*4);

sprintf(strTmp,"= CTR AES Nb=%u Nk=%u, block %04u encrypt ======================", Nb, Nk, i);

dlg->m_eDebug.AddString(strTmp);

CharStr2HexStr((BYTE*)iv, Tmp, Nb*4); sprintf(strTmp," IV[%04u]=%s", i, Tmp); dlg->m_eDebug.AddString(strTmp); }

Encrypt(dig, iv, result);

for (j=0; j < Nb; j++) ((DWORD*)result)[j] = ((DWORD*)input)[j];

increase_counter ( iv, Nb"2);

if (CTR_Debug) {

CharStr2HexStr((BYTE*)input, Tmp, Nb*4);

sprintf(strTmp," in[%04u]=%s", i, Tmp);

dlg->m_eDebug.AddString(strTmp);

CharStr2HexStr((BYTE*)result, Tmp, Nb*4); sprintf(strTmp,"out[%04u]=%s", i, Tmp); dlg->m_eDebug.AddString(strTmp); }

input += Nb"2; result += Nb"2; }

free(iv); break; default:

return BAD_CIPHER_STATE; }

return 128*numBlocks;

, XX , XXI .

 

 

 

! , , , .
. , :