我正在尝试实现一个使用 AES T-Tables 实现的加密函数。
我非常确定我的 roundKeys 是正确的。 我也知道下面代码中的初始轮密钥添加是正确的。
所以主回合肯定有错误,但我不确定出了什么问题。我已将其范围缩小到以下问题:
temp[i] = T0[(state[i] >>> 24) & 0xFF] ^
T1[(state[(i + 3) % 4] >>> 16) & 0xFF] ^
T2[(state[(i + 2) % 4] >>> 8) & 0xFF] ^
T3[state[(i + 1) % 4] & 0xFF] ^ roundKeys[round][i];
这似乎是正确的?我按照第 18 页Rijnadel Proposel 中的描述进行操作。
public byte[] blockEncryption(byte[] plaintext, int[][] roundKeys) {
// Convert plaintext bytes to state matrix
int[] state = new int[4];
for (int i = 0; i < 4; i++) {
state[i] = ((plaintext[4 * i] & 0xFF) << 24) |
((plaintext[4 * i + 1] & 0xFF) << 16) |
((plaintext[4 * i + 2] & 0xFF) << 8) |
(plaintext[4 * i + 3] & 0xFF);
}
// Initial round key addition
for (int i = 0; i < 4; i++) {
state[i] ^= roundKeys[0][i];
}
// Main rounds
for (int round = 1; round < 10; round++) {
int[] temp = new int[4];
for (int i = 0; i < 4; i++) {
temp[i] = T0[(state[i] >>> 24) & 0xFF] ^
T1[(state[(i + 3) % 4] >>> 16) & 0xFF] ^
T2[(state[(i + 2) % 4] >>> 8) & 0xFF] ^
T3[state[(i + 1) % 4] & 0xFF] ^ roundKeys[round][i];
};System.arraycopy(temp, 0, state, 0, 4);
}
// Final round (without MixColumns)
byte[] ciphertext = new byte[16];
for (int i = 0; i < 4; i++) {
int word = roundKeys[roundKeys.length - 1][i];
ciphertext[4 * i] = (byte) (S[(state[i] >>> 24) & 0xFF] ^ (word >>> 24));
ciphertext[4 * i + 1] = (byte) (S[(state[(i + 3) % 4] >>> 16) & 0xFF] ^ (word >>> 16));
ciphertext[4 * i + 2] = (byte) (S[(state[(i + 2) % 4] >>> 8) & 0xFF] ^ (word >>> 8));
ciphertext[4 * i + 3] = (byte) (S[state[(i + 1) % 4] & 0xFF] ^ word);
}
System.out.println("Endzustand: " + intArrayToHex(state));
return ciphertext;
}