Hello folks and Happy New 2013 !
Few weeks ago, I watched A Beautiful Mind movie and inspired by it, decided to learn & write something that would be useful as well as challenging me. So my sight fell on the AES (Rijndael) cryptographic algorithm which is specified in the AES – FIPS-197
Below you can find example output of my program and the source code in Python.
$ python aes_fips197_v0.9.4.py
=============== START ===================
Appendix B - Cipher Example
Cipher output should be: 3925841d02dc09fbdc118597196a0b32
Note: Cipher Example TEST works only with 128-bit key size
IOBlockSize: 16 * NEVER CHANGING
CipherKeySize: 128 bits
=============== INPUTS ===================
PlaintextArray:
32 88 31 E0
43 5A 31 37
F6 30 98 07
A8 8D A2 34
CipherKeyArray:
2B 28 AB 09
7E AE F7 CF
15 D2 15 4F
16 A6 88 3C
=============== OUTPUTS ==================
AESCipher() CiphertextArray:
39 02 DC 19
25 DC 11 6A
84 09 85 0B
1D FB 97 32
AESInverseCipher() DecipheredtextArray:
32 88 31 E0
43 5A 31 37
F6 30 98 07
A8 8D A2 34
=============== END ===================
#!/usr/bin/env python
# ----------------------------------------------------------------------
# Program: aes_fips197_v0.9.4.py
# Version: 0.9.4 - 2013 January 12
# Author: Andrey Arapov <arno at="None" nixaid="None" dot="None" com="None">
# Released on: www.nixaid.com
# Purpose: Learning
#
# Description:
# Advanced Encryption Standard (AES)
# This program is an implementation of a FIPS 197 standard that specifies the Rijndael algorithm,
# a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.
# http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
# http://csrc.nist.gov/publications/PubsFIPS.html
#
# Interesting fact:
# NSA has subsequently certified AES for protection of classified information (for at most two levels, e.g. SECRET information
# in an unclassified environment) when used in NSA-approved systems.
# http://en.wikipedia.org/wiki/National_Security_Agency#Advanced_Encryption_Standard
# http://www.nsa.gov/ia/programs/suiteb_cryptography/
# ----------------------------------------------------------------------
# TODO: 1. Write Rcon, Sbox & InvSbox generators instead of using tables; (Learning purpose)
# 2. Implement several mode of operations http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
# 3. Find a better implementation of KeyExpansion(), ShiftRows() and MixColumns()
# 4. Implement file encryption
# 5. Implement block device encryption
# 6. Implement argument handling for the file/block device encryption and test cases from the FIPS-197.pdf file
#
# ----------------------------------------------------------------------
import sys, traceback
############################## SubBytes ##############################
# http://en.wikipedia.org/wiki/Rijndael_S-box
Sbox = [
0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 ]
InvSbox = [
0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d ]
def SubBytes(state):
for i in range(IOBlockSize): state[i] = Sbox[state[i]]
return state
def InvSubBytes(state):
for i in range(IOBlockSize): state[i] = InvSbox[state[i]]
return state
def SubWord(word): return Sbox[word]
############################## ShiftRows ##############################
# state return state
# 0 4 8 12 0 4 8 12
# 1 5 9 13 13 1 5 9
# 2 6 10 14 10 14 2 6
# 3 7 11 15 7 11 15 3
#
# state before: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
# state after: 0 13 10 7 4 1 14 11 8 5 2 15 12 9 6 3
def ShiftRows(state):
tmp13 = state[13]
state[13] = state[1]
state[1] = state[5]
state[5] = state[9]
state[9] = tmp13
tmp15 = state[15]
state[15] = state[11]
state[11] = state[7]
state[7] = state[3]
state[3] = tmp15
tmp2 = state[2]
state[2] = state[10]
state[10] = tmp2
tmp6 = state[6]
state[6] = state[14]
state[14] = tmp6
return state
def InvShiftRows(state):
tmp = state[13]
state[13] = state[9]
state[9] = state[5]
state[5] = state[1]
state[1] = tmp
tmp = state[10]
tmp2 = state[14]
state[10] = state[2]
state[14] = state[6]
state[2] = tmp
state[6] = tmp2
tmp = state[11]
state[11] = state[15]
state[15] = state[3]
state[3] = state[7]
state[7] = tmp
return state
############################## MixColumns ##############################
def MixColumns(state):
block = []
while len(block) < IOBlockSize: block.append(0)
k = 0
while k <= IOBlockSize-4:
block[k] = GF(2,state[k])^GF(3,state[k+1])^GF(1,state[k+2])^GF(1,state[k+3])
block[k+1] = GF(1,state[k])^GF(2,state[k+1])^GF(3,state[k+2])^GF(1,state[k+3])
block[k+2] = GF(1,state[k])^GF(1,state[k+1])^GF(2,state[k+2])^GF(3,state[k+3])
block[k+3] = GF(3,state[k])^GF(1,state[k+1])^GF(1,state[k+2])^GF(2,state[k+3])
k += 4
return block
def InvMixColumns(state):
block = []
while len(block) < IOBlockSize: block.append(0)
k = 0
while k <= IOBlockSize-4:
block[k] = GF(14,state[k])^GF(11,state[k+1])^GF(13,state[k+2])^GF(9,state[k+3])
block[k+1] = GF(9,state[k]) ^GF(14,state[k+1])^GF(11,state[k+2])^GF(13,state[k+3])
block[k+2] = GF(13,state[k])^GF(9,state[k+1]) ^GF(14,state[k+2])^GF(11,state[k+3])
block[k+3] = GF(11,state[k])^GF(13,state[k+1])^GF(9,state[k+2]) ^GF(14,state[k+3])
k += 4
return block
# Galois multiplication in GF(2^8) of 8 bit characters a and b
def GF(a, b):
r = 0
for times in range(8):
if (b & 1) == 1: r = r ^ a
if r > 0x100: r = r ^ 0x100
# keep r 8 bit
hi_bit_set = (a & 0x80)
a = a << 1
if a > 0x100:
# keep a 8 bit
a = a ^ 0x100
if hi_bit_set == 0x80:
a = a ^ 0x1b
if a > 0x100:
# keep a 8 bit
a = a ^ 0x100
b = b >> 1
if b > 0x100:
# keep b 8 bit
b = b ^ 0x100
return r
############################## AddRoundKey ##############################
def AddRoundKey(state, RoundKey):
for i in range(IOBlockSize):
if i < len(RoundKey): state[i] = state[i] ^ RoundKey[i]
return state
def NextRoundKey(RoundKeyArray, NextRoundKeyPointer):
NextRoundKey = []
k = 0
while len(NextRoundKey) < IOBlockSize: NextRoundKey.append(0)
for i in range(4):
NextRoundKey[i*4] = RoundKeyArray[NextRoundKeyPointer + k]
NextRoundKey[i*4+1] = RoundKeyArray[NextRoundKeyPointer + k+1]
NextRoundKey[i*4+2] = RoundKeyArray[NextRoundKeyPointer + k+2]
NextRoundKey[i*4+3] = RoundKeyArray[NextRoundKeyPointer + k+3]
k += 4 # next column
return NextRoundKey
############################## KEY SCHEDULE ##############################
Rcon = [
0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ]
def getRconValue(num): return Rcon[num]
# RotWord(aabbccdd) = bbccddaa
#
# Before:
# aa cc
# bb dd
#
# After:
# bb dd
# cc aa
def RotWord(word):
temp = word[0]
for i in range(3): word[i] = word[i+1]
word[3] = temp
return word
# Nk = 8 for 256-bit key, 6 for 192-bit key, 4 for 128-bit key
# 32/4 = 8, 24/4 = 6, 16/4 = 4
# expandedKeySize = IOBlockSize*(nbrRounds+1)
# expandedKeySize = Nb(Nr+1)
# Expands 128,192,256 key into an 176,208,240 bytes key
def KeyExpansion(CipherKeyArray, CipherKeySize, expandedKeySize):
i = 0
rconIteration = 1
w = [0,0,0,0]
expandedKey = []
while len(expandedKey) < expandedKeySize: expandedKey.append(0)
for j in range(CipherKeySize): expandedKey[j] = CipherKeyArray[j]
i += CipherKeySize
while i < expandedKeySize:
for k in range(4): w[k] = expandedKey[(i - 4) + k]
# Every 16,24,32 bytes
if i % CipherKeySize == 0:
w = RotWord(w)
for r in range(4): w[r] = SubWord(w[r])
w[0] = w[0] ^ getRconValue(rconIteration)
rconIteration += 1
# For 256-bit keys, we add an extra Sbox to the calculation
if CipherKeySize == 256/8 and (i % CipherKeySize) == IOBlockSize:
for e in range(4): w[e] = SubWord(w[e])
for m in range(4):
expandedKey[i] = expandedKey[i - CipherKeySize] ^ w[m]
i += 1
return expandedKey
############################## Cipher ##############################
def AESCipher(PlaintextArray, CipherKeyArray, CipherKeySize):
if CipherKeySize == 128/8: nbrRounds = 10
elif CipherKeySize == 192/8: nbrRounds = 12
elif CipherKeySize == 256/8: nbrRounds = 14
state = []
while len(state) < CipherKeySize: state.append(0)
for i in range(CipherKeySize):
if i < len(PlaintextArray): state[i] = PlaintextArray[i]
RoundKeyArraySize = IOBlockSize*(nbrRounds+1)
RoundKeyArray = KeyExpansion(CipherKeyArray, CipherKeySize, RoundKeyArraySize)
state = AddRoundKey(state, CipherKeyArray)
i=0
while i < nbrRounds:
i += 1
state = SubBytes(state)
state = ShiftRows(state)
if i < nbrRounds: state = MixColumns(state) # Do not MixColumns in the last Round.
state = AddRoundKey(state, NextRoundKey(RoundKeyArray, IOBlockSize*i))
return state
############################## Decipher ##############################
def AESInverseCipher(PlaintextArray, CipherKeyArray, CipherKeySize):
if CipherKeySize == 128/8: nbrRounds = 10
elif CipherKeySize == 192/8: nbrRounds = 12
elif CipherKeySize == 256/8: nbrRounds = 14
state = []
while len(state) < CipherKeySize: state.append(0)
for i in range(CipherKeySize):
if i < len(PlaintextArray): state[i] = PlaintextArray[i]
RoundKeyArraySize = IOBlockSize*(nbrRounds+1)
RoundKeyArray = KeyExpansion(CipherKeyArray, CipherKeySize, RoundKeyArraySize)
state = AddRoundKey(state, NextRoundKey(RoundKeyArray, IOBlockSize*nbrRounds))
i = nbrRounds
while i > 0:
i -= 1
state = InvShiftRows(state)
state = InvSubBytes(state)
state = AddRoundKey(state, NextRoundKey(RoundKeyArray, IOBlockSize*i))
if i > 0: state = InvMixColumns(state) # Do not InvMixColumns in the last Round
return state
# ========================= MAIN =============================
def PrintBox(arr, len):
n = 0
m = 0
while n<4:
while m <= len-4:
print '%0.2X' % arr[n+m],
m += 4
print "\t"
m = 0
n += 1
def PrintBoxInv(arr, len):
for i in range(len):
if i%4 != 3:
print '%0.2X' % arr[i],
else:
print '%0.2X' % arr[i]
isKeyExpansionTEST = 0 # Test Cases from "Appendix A - Key Expansion Examples", page 27-32 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
isCipherExampleTEST = 1 # Test Cases from "Appendix B - Cipher Example", pages 33-34 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
isExampleVectorTEST = 0 # Test Cases from "Appendix C - Example Vectors", page 35-46 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
isStringMode = 0 # Print Input & Output in String mode
# Global structure of input block sizes
IOBlockSize = 16 # 128-bit input
def main():
# CipherKeySize = 128/8
# CipherKeySize = 192/8
CipherKeySize = 256/8
try:
print "\n=============== START ===================\n"
PlaintextString = "secret message!"
CipherKeyString = "password is here"
PlaintextArray = []
CipherKeyArray = []
while len(PlaintextArray) < IOBlockSize: PlaintextArray.append(0)
while len(CipherKeyArray) < CipherKeySize: CipherKeyArray.append(0)
for i in range(len(list(PlaintextString))): PlaintextArray[i] = int(list(PlaintextString)[i].encode("hex"), 16) # 16 stands for HEX
for i in range(len(list(CipherKeyString))): CipherKeyArray[i] = int(list(CipherKeyString)[i].encode("hex"), 16) # 16 stands for HEX
if isKeyExpansionTEST:
print "Appendix A - Key Expansion Examples"
PlaintextArray = [0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff]
if CipherKeySize == 128/8:
CipherKeyArray = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c] # 128-bit Cipher Key
print "A.1 Expansion of a 128-bit Cipher Key"
if CipherKeySize == 192/8:
CipherKeyArray = [0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b] # 192-bit Cipher Key
print "A.2 Expansion of a 192-bit Cipher Key"
if CipherKeySize == 256/8:
CipherKeyArray = [0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4] # 256-bit Cipher Key
print "A.3 Expansion of a 256-bit Cipher Key"
print ""
if isCipherExampleTEST:
# Test Case from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf "Appendix B - Cipher Example", pages 33-34
# PlaintextArray: 3243f6a8885a308d313198a2e0370734
# CipherKeyArray: 2b7e151628aed2a6abf7158809cf4f3c
# CiphertextArray: 3925841d02dc09fbdc118597196a0b32
print "Appendix B - Cipher Example"
print "Cipher output should be: 3925841d02dc09fbdc118597196a0b32\n"
print "Note: Cipher Example TEST works only with 128-bit key size\n"
CipherKeySize = 128/8
PlaintextArray = [0x32,0x43,0xf6,0xa8,0x88,0x5a,0x30,0x8d,0x31,0x31,0x98,0xa2,0xe0,0x37,0x07,0x34]
CipherKeyArray = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c]
if isExampleVectorTEST:
# Test Cases from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf "Appendix C - Example Vectors", page 35-46
# C.1 AES-128 (Nk=4, Nr=10)
# PLAINTEXT: 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
# KEY: 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
# CIPHER: 69c4e0d86a7b0430d8cdb78070b4c55a
# C.2 AES-192 (Nk=6, Nr=12)
# PLAINTEXT: 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
# KEY: 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17
# CIPHER: dda97ca4864cdfe06eaf70a0ec0d7191
# C.3 AES-256 (Nk=8, Nr=14)
# PLAINTEXT: 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
# KEY: 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
# CIPHER: 8ea2b7ca516745bfeafc49904b496089
print "Appendix C - Example Vectors"
PlaintextArray = [0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff]
if CipherKeySize == 128/8:
CipherKeyArray = [0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f] # 128-bit Cipher Key
print "C.1 AES-128 (Nk=4, Nr=10). Cipher result should be: 69c4e0d86a7b0430d8cdb78070b4c55a"
if CipherKeySize == 192/8:
CipherKeyArray=[0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17] # 192-bit Cipher Key
print "C.2 AES-192 (Nk=6, Nr=12). Cipher result should be: dda97ca4864cdfe06eaf70a0ec0d7191"
if CipherKeySize == 256/8:
CipherKeyArray = [0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f] # 256-bit Cipher Key
print "C.3 AES-256 (Nk=8, Nr=14). Cipher result should be: 8ea2b7ca516745bfeafc49904b496089"
print ""
print "IOBlockSize:", IOBlockSize, "* NEVER CHANGING"
print "CipherKeySize:", CipherKeySize*8, "bits"
print "\n=============== INPUTS ===================\n"
print "PlaintextArray:"
PrintBox(PlaintextArray, IOBlockSize)
if isStringMode:
print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in PlaintextArray),"\n<<<"
print "\nCipherKeyArray:"
PrintBox(CipherKeyArray, CipherKeySize)
if isStringMode:
print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in CipherKeyArray),"\n<<<"
print "\n=============== OUTPUTS ==================\n"
CiphertextArray = AESCipher(PlaintextArray, CipherKeyArray, CipherKeySize)
print "AESCipher() CiphertextArray:"
PrintBox(CiphertextArray, IOBlockSize)
if isStringMode:
print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in CiphertextArray),"\n<<<"
print "\nAESInverseCipher() DecipheredtextArray:"
DecipheredtextArray = AESInverseCipher(CiphertextArray, CipherKeyArray, CipherKeySize)
PrintBox(DecipheredtextArray, IOBlockSize)
if isStringMode:
print "De-hex >>>\n", ''.join(str('%0.2X' % n).decode("hex") for n in DecipheredtextArray),"\n<<<"
print "\n=============== END ===================\n"
except KeyboardInterrupt:
print "Shutdown requested... exiting"
return 1
except Exception:
traceback.print_exc(file=sys.stdout)
return 2
return 0
if __name__ == "__main__":
sys.exit(main())