rijndael函数

Question

我在 解密工作，编写反函数，并在InvMixColumns()上得到堆栈；

因此，参考wiki = http://en.wikipedia.org/wiki/Rijndael_mix_columns -- MixColumns的算法(还有关于逆MixColumns的信息)；

在这里，我的MixColumns()：

protected static function MixColumns($s, $Nb) {
    $Nb = 4;
    for ($c=0; $c<4; $c++) {
        $a = array(4);  // 'a' is a copy of the current column from 's'
        $b = array(4);  // 'b' is a•{02} in GF(2^8)
        for ($i=0; $i<4; $i++) {
            $a[$i] = $s[$i][$c];
            $b[$i] = $s[$i][$c]&0x80 ? $s[$i][$c]<<1 ^ 0x011b : $s[$i][$c]<<1;
            //However, this multiplication is done over GF(2^8). This means that the bytes being 
            //multiplied are treated as polynomials rather than numbers. Thus, a byte "muliplied" 
            //by 3 is that byte XORed with that byte shifted one bit left.

            //If the result has more than 8 bits (128 = 0x80), the extra bits are not simply discarded: instead, 
            //they're cancelled out by XORing the binary 9-bit string 100011011 (0x11b) with the result 
            //(shifted right if necessary). This string stands for the generating polynomial of the 
            //particular version of GF(2^8) used; a similar technique is used in cyclic redundancy checks.
        }
        // b[n] = a•{02} in GF(2^8);
        // a[n] ^ b[n] = a•{03} in GF(2^8);
        $s[0][$c] = $b[0] ^ $b[1] ^ $a[1] ^ $a[2] ^ $a[3]; // 2 * a0 + 3 * a1 + a2 + a3
        $s[1][$c] = $a[0] ^ $b[1] ^ $b[2] ^ $a[2] ^ $a[3]; // a0 * 2 * a1 + 3 * a2 + a3
        $s[2][$c] = $a[0] ^ $a[1] ^ $b[2] ^ $b[3] ^ $a[3]; // a0 + a1 + 2 * a2 + 3 * a3
        $s[3][$c] = $b[0] ^ $a[0] ^ $a[1] ^ $a[2] ^ $b[3]; // 3 * a0 + a1 + a2 + 2 * a3
    }
    return $s;
}

我需要找到inverseMixColumns()；

protected static function InvMixColumns($s) {
            //a test...
    /*
        r0 = 14a0 + 9a3 + 13a2 + 11a1
        r1 = 14a1 + 9a0 + 13a3 + 11a2
        r2 = 14a2 + 9a1 + 13a0 + 11a3
        r3 = 14a3 + 9a2 + 13a1 + 11a0
    */
            //$multiplyOf_ -- defined precalculated arrays from wikipedia;
    $t = array();
        $a = array(219, 19, 83, 69); 
        $t[0] = self::$multiplyOf14[$a[0]] ^ self::$multiplyOf9[$a[3]] ^ self::$multiplyOf13[$a[2]] ^ self::$multiplyOf11[$a[1]];
        $t[1] = self::$multiplyOf14[$a[1]] ^ self::$multiplyOf9[$a[0]] ^ self::$multiplyOf13[$a[3]] ^ self::$multiplyOf11[$a[2]];
        $t[2] = self::$multiplyOf14[$a[2]] ^ self::$multiplyOf9[$a[1]] ^ self::$multiplyOf13[$a[0]] ^ self::$multiplyOf11[$a[3]];
        $t[3] = self::$multiplyOf14[$a[3]] ^ self::$multiplyOf9[$a[2]] ^ self::$multiplyOf13[$a[1]] ^ self::$multiplyOf11[$a[0]];
    echo "<br /> t = ";self::array_show($t); 
    //works!
    return $t;
}
//one of $multiplyOf__
 protected static $multiplyOf14 = array(
    0x00,0x0e,0x1c,0x12,0x38,0x36,0x24,0x2a,0x70,0x7e,0x6c,0x62,0x48,0x46,0x54,0x5a,
0xe0,0xee,0xfc,0xf2,0xd8,0xd6,0xc4,0xca,0x90,0x9e,0x8c,0x82,0xa8,0xa6,0xb4,0xba,
0xdb,0xd5,0xc7,0xc9,0xe3,0xed,0xff,0xf1,0xab,0xa5,0xb7,0xb9,0x93,0x9d,0x8f,0x81,
0x3b,0x35,0x27,0x29,0x03,0x0d,0x1f,0x11,0x4b,0x45,0x57,0x59,0x73,0x7d,0x6f,0x61,
0xad,0xa3,0xb1,0xbf,0x95,0x9b,0x89,0x87,0xdd,0xd3,0xc1,0xcf,0xe5,0xeb,0xf9,0xf7,
0x4d,0x43,0x51,0x5f,0x75,0x7b,0x69,0x67,0x3d,0x33,0x21,0x2f,0x05,0x0b,0x19,0x17,
0x76,0x78,0x6a,0x64,0x4e,0x40,0x52,0x5c,0x06,0x08,0x1a,0x14,0x3e,0x30,0x22,0x2c,
0x96,0x98,0x8a,0x84,0xae,0xa0,0xb2,0xbc,0xe6,0xe8,0xfa,0xf4,0xde,0xd0,0xc2,0xcc,
0x41,0x4f,0x5d,0x53,0x79,0x77,0x65,0x6b,0x31,0x3f,0x2d,0x23,0x09,0x07,0x15,0x1b,
0xa1,0xaf,0xbd,0xb3,0x99,0x97,0x85,0x8b,0xd1,0xdf,0xcd,0xc3,0xe9,0xe7,0xf5,0xfb,
0x9a,0x94,0x86,0x88,0xa2,0xac,0xbe,0xb0,0xea,0xe4,0xf6,0xf8,0xd2,0xdc,0xce,0xc0,
0x7a,0x74,0x66,0x68,0x42,0x4c,0x5e,0x50,0x0a,0x04,0x16,0x18,0x32,0x3c,0x2e,0x20,
0xec,0xe2,0xf0,0xfe,0xd4,0xda,0xc8,0xc6,0x9c,0x92,0x80,0x8e,0xa4,0xaa,0xb8,0xb6,
0x0c,0x02,0x10,0x1e,0x34,0x3a,0x28,0x26,0x7c,0x72,0x60,0x6e,0x44,0x4a,0x58,0x56,
0x37,0x39,0x2b,0x25,0x0f,0x01,0x13,0x1d,0x47,0x49,0x5b,0x55,0x7f,0x71,0x63,0x6d,
0xd7,0xd9,0xcb,0xc5,0xef,0xe1,0xf3,0xfd,0xa7,0xa9,0xbb,0xb5,0x9f,0x91,0x83,0x8d
    );

Answer 1

对于InverseMixColumns()，如维基百科页面所示，您有：

r0 = 14a0 + 9a3 + 13a2 + 11a1
r1 = 14a1 + 9a0 + 13a3 + 11a2
r2 = 14a2 + 9a1 + 13a0 + 11a3
r3 = 14a3 + 9a2 + 13a1 + 11a0

加法只是异或运算符^.

对于9、11、13和14的乘法，您可以定义一个乘法函数，也可以定义不同的查找表，以便通过这些数字进行乘法。你可以在维基百科页面上找到这些表格。

至于函数，只需使用x * y = log( exp(x) + exp(y) )表和查找表来表示相同基的对数和指数。