密码学|DES
DES的数据来源
https://csrc.nist.gov/files/pubs/fips/46-3/final/docs/fips46-3.pdf
"""
置换表
此处下标从0开始,故为标准表每值减一
"""
IP = [
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7,
56, 48, 40, 32, 24, 16, 8, 0, 58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6
]
#IP^{-1}
IP_INV = [
39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25, 32, 0, 40, 8, 48, 16, 56, 24
]
E = [
31, 0, 1, 2, 3, 4,
3, 4, 5, 6, 7, 8,
7, 8, 9, 10, 11, 12,
11, 12, 13, 14, 15, 16,
15, 16, 17, 18, 19, 20,
19, 20, 21, 22, 23, 24,
23, 24, 25, 26, 27, 28,
27, 28, 29, 30, 31, 0
]
"""
将64位原始密钥通过PC-1置换表转换为56位
去除了每个字节的奇偶校验位
"""
PC1 = [
56, 48, 40, 32, 24, 16, 8,
0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26,
18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14,
6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28,
20, 12, 4, 27, 19, 11, 3
]
"""
将循环左移得到的56位数据通过PC-2表转换为48位密钥K1
"""
PC2 = [
13, 16, 10, 23, 0, 4,
2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7,
15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54,
29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52,
45, 41, 49, 35, 28, 31
]
"""
循环左移
将56位的密钥分为左右两部分(都为28位)
通过移位次数表得到C1和D1
再将C1和D1拼接到一起
"""
SHIFT_SCHEDULE = [
1, 1, 2, 2, 2, 2, 2, 2,
1, 2, 2, 2, 2, 2, 2, 1
]
P = [
15, 6, 19, 20,
28, 11, 27, 16,
0, 14, 22, 25,
4, 17, 30, 9,
1, 7, 23, 13,
31, 26, 2, 8,
18, 12, 29, 5,
21, 10, 3, 24
]
"""
S盒
"""
S_BOXES = [
# S1
[
[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7],
[0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8],
[4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0],
[15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]
],
# S2
[
[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10],
[3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5],
[0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15],
[13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]
],
# S3
[
[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8],
[13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1],
[13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7],
[1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]
],
# S4
[
[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15],
[13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9],
[10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4],
[3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]
],
# S5
[
[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9],
[14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6],
[4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14],
[11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]
],
# S6
[
[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11],
[10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8],
[9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6],
[4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]
],
# S7
[
[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1],
[13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6],
[1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2],
[6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]
],
# S8
[
[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7],
[1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2],
[7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8],
[2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]
]
]
def hex_to_bits(hex_str: str) -> list:
"""
8字节转64bit
密钥
"""
if len(hex_str) != 16:
raise ValueError
key_bytes = bytes.fromhex(hex_str)
return [int(bit) for byte in key_bytes for bit in f"{byte:08b}"]
def str_to_gb2312_bits(text: str) -> list:
"""GB2312编码"""
try:
gb_bytes = text.encode('gb2312')
except UnicodeEncodeError as e:
raise ValueError(f"GB2312编码失败: {e}")
return [int(bit) for byte in gb_bytes for bit in f"{byte:08b}"]
def bits_to_gb2312_str(bits: list) -> str:
"""二进制GB2312解码(填充)"""
byte_list = []
for i in range(0, len(bits), 8):
byte_bits = bits[i:i+8]
if len(byte_bits) < 8:
byte_bits += [0] * (8 - len(byte_bits)) # 补足8位
byte = int(''.join(map(str, byte_bits)), 2)
byte_list.append(byte)
try:
return bytes(byte_list).decode('gb2312', errors='replace')
except UnicodeDecodeError:
return bytes(byte_list).decode('gb2312', errors='ignore')
def pad_ecb(bits: list) -> list:
"""ECB模式填充:PKCS#7风格(填充长度值,如缺3位则填3个1)"""
pad_len = 64 - (len(bits) % 64)
if pad_len == 0:
pad_len = 64 # 全填充块
padding = [1 if i == pad_len -1 else 0 for i in range(pad_len)]
return bits + padding
def unpad_ecb(bits: list) -> list:
"""去除ECB填充(PKCS#7填充)"""
# 查找最后一个1的位置,确定填充长度
pad_bit = 1
pad_index = len(bits) - 1
while pad_index >= 0 and bits[pad_index] != pad_bit:
pad_index -= 1
if pad_index == -1:
return bits
pad_len = len(bits) - pad_index
return bits[:pad_index - pad_len +1]
def apply_permutation(bits, table):
return [bits[i] for i in table]
def generate_subkeys(master_key):
key_bits = apply_permutation(master_key, PC1)
c = key_bits[:28]
d = key_bits[28:]
subkeys = []
for shift in SHIFT_SCHEDULE:
# 循环左移
c = c[shift:] + c[:shift]
d = d[shift:] + d[:shift]
subkey = apply_permutation(c + d, PC2)
subkeys.append(subkey)
return subkeys
def feistel_function(r_block, subkey):
expanded = apply_permutation(r_block, E)
xored = [a ^ b for a, b in zip(expanded, subkey)]
# S盒替换
s_output = []
for i in range(8):
chunk = xored[i*6:(i+1)*6]
row = (chunk[0] << 1) + chunk[5]
col = (chunk[1] << 3) + (chunk[2] << 2) + (chunk[3] << 1) + chunk[4]
s_val = S_BOXES[i][row][col]
s_output += [int(bit) for bit in f"{s_val:04b}"]
# P置换
return apply_permutation(s_output, P)
def des_encrypt(plaintext_bits, key_bits):
permuted = apply_permutation(plaintext_bits, IP)
l, r = permuted[:32], permuted[32:]
# 16个子密钥
subkeys = generate_subkeys(key_bits)
# 16轮Feistel
for i in range(16):
new_r = [x ^ y for x, y in zip(l, feistel_function(r, subkeys[i]))]
l, r = r, new_r
combined = r + l
ciphertext = apply_permutation(combined, IP_INV)
return ciphertext
def des_decrypt(ciphertext_bits, key_bits):
"""DES解密逆序使用子密钥"""
permuted = apply_permutation(ciphertext_bits, IP)
l, r = permuted[:32], permuted[32:]
subkeys = generate_subkeys(key_bits)[::-1] # 子密钥逆序
for i in range(16):
new_r = [x ^ y for x, y in zip(l, feistel_function(r, subkeys[i]))]
l, r = r, new_r
combined = r + l
plaintext_bits = apply_permutation(combined, IP_INV)
return plaintext_bits
浙公网安备 33010602011771号