我目前正在用C实现数据加密标准(DES)。
DES使用多个置换函数,所有这些都是通过对条目值、置换表和置换表的大小调用permute
来完成的。它根据置换表的条目返回条目的置换位(我理解C数组的方式,无论是静态的还是动态的,都是它们对应于内存中的地址)。
加密/解密过程是直接的,因为两者都是通过调用相同的函数来完成的(这里:des_crypt
),并反转DES的密钥调度表给出的子密钥(这里:des_ksa
)。在des_crypt
中,有一个对f(r, k)
的调用,它对应于上面定义的密码函数。
在调试这段代码时(主要是让它运行),我观察到它会“崩溃”。所谓“crash”,我的意思是在打印调试信息之前代码流会停止:我猜是段故障造成的
奇怪的部分来了(更像是废话)。
代码使用gcc (MinGW.org GCC-6.3.0-1) 6.3.0
编译。执行后,似乎在f
中执行k ^= permute(r, E, 48)
时,permute
表的条目无法访问(执行printf("%lu", t[i]);
会导致程序突然结束,而不会打印数组的第i
个元素),即假设的segfault。
但似乎gcc
成功地编译了许多(@JohnBollinger,@adabsurdum,...)。因此,我找到了一个在线编译器:程序编译并成功执行。
在以前的版本中,我也犯了多个错误:宏缺少括号,我在swap
函数中有一些未定义的行为,由于我对表缺乏理解,permute
函数没有很好地执行。
通过重复编译和执行具有这些更改的程序来纠正这一切,产生了正确的结果。
然而,即使我现在能够在前一台机器上编译和执行程序,它也会产生错误的结果:可能是因为转换问题我确实认为这件事不重要,并认为它已经解决了。
我也会相应地更新标题。
下面是完整的代码:
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <math.h>
#include <string.h>
#define ROTL(x, l, w) ((((x) << (l)) | ((x) >> ((w) - (l)))) & (1 << (w)) - (l))
#define ROTR(x, l, w) ((((x) >> (l)) | ((x) << ((w) - (l)))) & (1 << (w)) - (l))
void swap(void* a, void* b, size_t size)
{
char temp;
if(!a || !b)
return;
while(size)
{
temp = *(char*)a;
*(char*)a = *(char*)b;
*(char*)b = temp;
a = (void*)((char*)a + 1); // As void pointer increment is a non portable extension of GCC.
b = (void*)((char*)b + 1);
size--;
}
return;
}
//----- DES -----
#define DES_ROUNDS 16
const uint8_t S1[64] = {
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
};
const uint8_t S2[64] = {
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
};
const uint8_t S3[64] = {
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
};
const uint8_t S4[64] = {
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
};
const uint8_t S5[64] = {
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
};
const uint8_t S6[64] = {
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
};
const uint8_t S7[64] = {
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
};
const uint8_t S8[64] = {
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
};
uint8_t s(box, block) // 6-bit block, box is S[1-8]
uint8_t *box, block;
{
block &= 0x3F;
return box[((block & 0b11) << 4) + ((block & 0b111100) >> 2)];
}
// All substitution boxes are false.
const uint8_t IP[64] = {
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
56, 48, 40, 32, 24, 16, 8, 0,
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6
};
const uint8_t FP[64] = {
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25,
32, 0, 40, 8, 48, 16, 56, 24
};
const uint8_t E[48] = {
31, 0, 1, 2, 3, 4,
3, 4, 5, 6, 7, 8,
7, 8, 9, 10, 11, 12,
11, 12, 13, 14, 15, 16,
15, 16, 17, 18, 19, 20,
19, 20, 21, 22, 23, 24,
23, 24, 25, 26, 27, 28,
27, 28, 29, 30, 31, 0
};
const uint8_t P[32] = {
15, 6, 19, 20,
28, 11, 27, 16,
0, 14, 22, 25,
4, 17, 30, 9,
1, 7, 23, 13,
31, 26, 2, 8,
18, 12, 29, 5,
21, 10, 3, 24
};
const uint8_t PC1C[28] = {
56, 48, 40, 32, 24, 16, 8,
0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26,
18, 10, 2, 59, 51, 43, 35
};
const uint8_t PC1D[28] = {
62, 54, 46, 38, 30, 22, 14,
6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28,
20, 12, 4, 27, 19, 11, 3
};
const uint8_t PC2[48] = {
13, 16, 10, 23, 0, 4,
2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7,
15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54,
29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52,
45, 41, 49, 35, 28, 31
};
uint8_t getls(i) // gives the number of left shifts needed based on the iterno, quickly done, should find faster alternatives
uint8_t i;
{
uint8_t p;
if(i == 1)
return 1;
p = (i - 2) / 7;
if((int)(7 * p + 2) < (int)i)
return 2;
return 1;
}
uint64_t permute(x, t, s)
uint64_t x;
uint8_t *t, s;
{
uint8_t i;
uint64_t r;
// i-th bit of input is the t[i]-th bit of output
r = 0;
for(i = 0; i < s; i++)
r |= ((x >> i) & 0b1) << t[i]; // 0b1 Kenobi!
return r;
}
uint32_t f(r, k)
uint32_t r;
uint64_t k;
{
uint32_t temp;
uint8_t i;
const uint8_t *S[8] = {
S1, S2, S3, S4,
S5, S6, S7, S8
};
k ^= permute(r, E, 48); // Doesn't get past this point.
temp = 0;
for(i = 0; i < 8; i++)
{
temp |= s(S[i], (k >> ((7 - k) * 6)) & 0b111111) & 0b1111;
temp <<= 4;
}
return (uint32_t)permute(temp, P, 32);
}
uint64_t* des_ksa(key, rounds)
uint64_t key;
uint8_t rounds;
{
uint64_t *subkeys;
uint32_t c, d;
uint8_t i, l;
rounds &= 0x7F; // Make sure there are no overflows.
subkeys = (uint64_t*)malloc(rounds * sizeof(uint64_t));
if(!subkeys)
return NULL;
c = permute(key, PC1C, 28);
d = permute(key, PC1D, 28);
for(i = 0; i < rounds; i++)
{
l = getls(i);
c = ROTL(c, l, 28);
d = ROTL(d, l, 28);
subkeys[i] = permute(((uint64_t)c << 28) | d, PC2, 48);
}
return subkeys;
}
/*
:en: keep the subkeys' order as given by the des_ksa();
:de: reverse the subkeys' order (relative to the one given by the des_ksa());
*/
uint64_t des_crypt(subkeys, block, rounds)
uint64_t *subkeys, block;
uint8_t rounds;
{
uint32_t l, r, copy;
uint8_t i;
rounds &= 0x7F; // Takes care of overflows.
block = permute(block, IP, 64);
l = block >> 32;
r = block;
for(i = 0; i < rounds; i++)
{
copy = r;
r = l ^ f(r, subkeys[i]);
l = copy;
}
block = permute(((uint64_t)r << 32) | l, FP, 64);
return block;
}
int main(argc, argv)
int argc;
char **argv;
{
uint64_t key, block, temp;
uint8_t i;
uint64_t *subkeys;
key = 0x9649f3e19e66266a;
subkeys = NULL;
block = 0x68036386d860cba4;
subkeys = des_ksa(key, DES_ROUNDS);
if(!subkeys)
{
printf("error: failed to generate the appropriate subkeys");
return 1;
}
temp = des_crypt(subkeys, block, DES_ROUNDS);
for(i = 0; i < DES_ROUNDS >> 1; i++)
swap(&subkeys[i], &subkeys[DES_ROUNDS - 1 - i], sizeof(uint64_t));
printf("%lu vs. %lu\n", block, des_crypt(subkeys, temp, DES_ROUNDS));
free(subkeys);
return 0;
}
字符串
1条答案
按热度按时间fkvaft9z1#
你把非常简单的操作复杂化了。你问风格是否重要-是的。
字符串
不是比你的更好读吗?
宏是非常危险的,你忘记了很多括号(例如
x
)。如果其中一个参数是y++
,会发生什么?请改用内联函数。这不是一个答案,但很难在注解中显示代码。