AES 256 CTR Mode Hash Function

来源:转载

Proof of concept, do not use – I tried turning AES 256 in CTR mode into a 256 bit hash function by XORing the encrypted outputs together. For example, splitting your message into 32 byte chunks and using it as the keys (m0, m1, …, mN):

hash(m) = [AES256(nonce || counter0, m0) || AES256(nonce || counter1, m0)]XOR [AES256(nonce || counter0, m1) || AES256(nonce || counter1, m1)]...XOR [AES256(nonce || counter0, mN) || AES256(nonce || counter1, mN)] ('test', '8ea2b7ca516745bfeafc49904b496089')('', 'cf1d690ca7241a60953d73b70601f471bd8f577edc4875849b262177a74fa4f7')('a', '148d26fb28f3b946dff94bfb0d7e367ed1d87880a3e59ec89c245b3211e9d04d')('abc', '589229861119deb516ac7d8cef4e61a2f98ee9365193c5ee1d9dfc88eb00cbc7')('cba', '4aaee83d52cf8203e542231817098edc30c0532950795a176d040d9c321921eb')('the quick brown fox jumps over the lazy dog', 'a8ab9c4ba3cd91f73d0c76ce5ed1c9509f92f6402524469f668a583db5db0f14')('the quick brown fox jumps over the lazy eog', '7b1b678dc7a71f0fb872c1c5d5f6ec40099e6692de2326e385a3b856255f02b3') import sysdef subbytes(matrix):sbox = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]for i in range(0, len(matrix)):matrix[i] = sbox[matrix[i]]return matrixdef transform(matrix):t = []y = 0for x in range(0, 16):z = (x % 4)if ((x > 0) and (z == 0)):y += 1t.append(matrix[(z * 4) + y])return tdef shiftrows(matrix):val = matrix.pop(4)matrix.insert(7, val)# end row 1val = matrix.pop(8)matrix.insert(11, val)val = matrix.pop(8)matrix.insert(11, val)# end row 2val = matrix.pop(15)matrix.insert(12, val)# end row 3return matrixdef gmul(a, b):p = 0for c in range(0, 8):if ((b & 1) != 0):p = (p ^ a)hi_bit_set = (a & 0x80)a = ((a << 1) & 0xff)if (hi_bit_set != 0):a = (a ^ 0x1b)b = (b >> 1)return pdef mixcols(s):t = []for c in range(0, 16):t.append(0)for c in range(0, 4):t[c + 0] = (gmul(0x02, s[c + 0]) ^ gmul(0x03, s[c + 4]) ^ s[c + 8] ^ s[c + 12]);t[c + 4] = (s[c + 0] ^ gmul(0x02, s[c + 4]) ^ gmul(0x03, s[c + 8]) ^ s[c + 12]);t[c + 8] = (s[c + 0] ^ s[c + 4] ^ gmul(0x02, s[c + 8]) ^ gmul(0x03, s[c + 12]));t[c + 12] = (gmul(0x03, s[c + 0]) ^ s[c + 4] ^ s[c + 8] ^ gmul(0x02, s[c + 12]));return tdef addkey(matrix, keyval):for i in range(0, 16):matrix[i] = (matrix[i] ^ keyval[i])return matrixdef rcon(ind):c = 1if (ind == 0):return 0while (ind != 1):c = gmul(c, 2)ind -= 1return cdef keycore(subkey, i):val = subkey.pop(0)subkey.append(val)subkey = subbytes(subkey)subkey[0] = (subkey[0] ^ rcon(i))return subkeydef keyexp(matrix):c = 32i = 1t = [0, 0, 0, 0]while (c < 240):for a in range(0, 4):t[a] = matrix[a + c - 4]if ((c % 32) == 0):t = keycore(t, i)i += 1if ((c % 32) == 16):t = subbytes(t)for a in range(0, 4):if (c >= len(matrix)):matrix.append(0)matrix[c] = (matrix[c - 32] ^ t[a])c += 1return matrixdef hexout(matrix):o = ""for d in matrix:h = hex(d)h = str(h)h = h[2:]if (len(h) < 2):h = ("0" + h)o += hreturn odef aescoree(msg, key):out = []t = []i = 0l = len(key)for x in range(0, 32):t.append(0)if (i < l):t[x] = ord(key[i])i += 1keyval = keyexp(t)i = 0l = len(msg)while (i < l):input = []for x in range(0, 16):input.append(0)for x in range(0, 16):if (i < l):input[x] = ord(msg[i])i += 1for r in range(0, 15):if (r == 0):input = addkey(input, keyval[r*16:])if (r > 0):input = subbytes(input)input = transform(input)input = shiftrows(input)if (r < 14):input = mixcols(input)input = transform(input)if ((r > 0) and (r < 15)):input = addkey(input, keyval[r*16:])for o in input:out.append(o)return outdef aesctr_hash(message):x = 0l = len(message)h = []while ((x == 0) or (x < l)):m = message[x:x+32]a = aescoree("aesctrhash313370", m)b = aescoree("aesctrhash313371", m)t = (a + b)if (x == 0):h = telse:for i in range(0, 32):h[i] = (h[i] ^ t[i])x += 32print(message, hexout(h))return hprint("test", hexout(aescoree("/x00/x11/x22/x33/x44/x55/x66/x77/x88/x99/xaa/xbb/xcc/xdd/xee/xff", "/x00/x01/x02/x03/x04/x05/x06/x07/x08/x09/x0a/x0b/x0c/x0d/x0e/x0f/x10/x11/x12/x13/x14/x15/x16/x17/x18/x19/x1a/x1b/x1c/x1d/x1e/x1f")))aesctr_hash("")aesctr_hash("a")aesctr_hash("abc")aesctr_hash("cba")aesctr_hash("the quick brown fox jumps over the lazy dog")aesctr_hash("the quick brown fox jumps over the lazy eog")

分享给朋友:
您可能感兴趣的文章:
随机阅读: