## GF(256) Operations

In [78]:
#GF(256) Addition
def gadd(a, b):
    return a ^ b

#GF(256) Multiplication
def gmul(a, b):
    p = 0
    # Loop through this eight times, once for each term in b:
    for c in range(8):
        if b & 1:   # If b's constant term is 1, then add p by a:
            p ^= a
        a <<= 1 # Left shift in order to get rid of the first bit:
        if a & 0x100:
            a ^= 0x11b
        b >>= 1 # Right shift in order to get rid of the last bit:
    return p

#GF(256) Inverse Multiplication
def inv_gmul(x):
    x2 = gmul(x,x)
    x3 = gmul(x,x2)
    x6 = gmul(x3,x3)
    x12 = gmul(x6,x6)
    x15 = gmul(x12,x3)
    x30 = gmul(x15,x15)
    x60 = gmul(x30,x30)
    x120 = gmul(x60,x60)
    x126 = gmul(x120, x6)
    x127 = gmul(x126,x)
    x254 = gmul(x127, x127)
    return x254


In [None]:
#Test cases GF(256)

gadd()

## Utils

In [79]:
def xor(s1, s2):
    return tuple(a^b for a,b in zip(s1, s2))

def rot_word(word):
    return word[1:] + word[:1]

def sub_word(word):
    return (SBox[b] for b in word)

def showMatrix(matrix):
    for i in range(4):
        for j in range(4):
            ind = i + 4*j
            print(hex(matrix[ind]), end='\t ')
        print()
    print()
    
def showMatrixChar(matrix):
    for i in range(4):
        for j in range(4):
            ind = i + 4*j
            print(chr(matrix[ind]), end='\t ')
        print()
    
def text_to_bytes(text):
    return list(ord(i) for i in text)

def bytes_to_text(state):
    return ''.join(chr(i) for i in state)

Mmul = {}
for num in (0x02, 0x03, 0x0e, 0x0b, 0x0d, 0x09):
    Mmul[num] = tuple(gmul(num, x) for x in range(0,0x100))

Rcon = ( 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a )


## S-box

In [90]:
#Affine transformation matrix
AFF = [31, 62, 124, 248, 241, 227, 199, 143]

def sbox(a):
    a = inv_gmul(a)
    u = 0
    #Matrix multiplication
    for i in AFF:
        u = u ^ (i * (a & 1))
        a = a >> 1
        
    #Matrix sum
    u = u ^ 99
    return u


def gen_sbox():
    s = []
    for a in range(0,256):
        s.append(sbox(a))
    return s

def gen_invsbox(sbox):
    s = [0] * 256 
    for a in sbox:
        index = sbox[a]
        s[index] = a
    return s

def gen_sbox_hex():
    s = []
    for a in range(0,256):
        s.append(hex(sbox(a)))
    return s

def gen_invsbox_hex(inv_sbox):
    s = [0] * 256 
    
    for a in inv_sbox:
        s[a]=hex(inv_sbox[a])
    return s

SBox = gen_sbox()
SBoxInv = gen_invsbox(SBox)


#Tester
print("S-Box:")
print(gen_sbox_hex())
print()

print("Inverse S-Box:")
print(gen_invsbox_hex(SBoxInv))


S-Box:
['0x63', '0x7c', '0x77', '0x7b', '0xf2', '0x6b', '0x6f', '0xc5', '0x30', '0x1', '0x67', '0x2b', '0xfe', '0xd7', '0xab', '0x76', '0xca', '0x82', '0xc9', '0x7d', '0xfa', '0x59', '0x47', '0xf0', '0xad', '0xd4', '0xa2', '0xaf', '0x9c', '0xa4', '0x72', '0xc0', '0xb7', '0xfd', '0x93', '0x26', '0x36', '0x3f', '0xf7', '0xcc', '0x34', '0xa5', '0xe5', '0xf1', '0x71', '0xd8', '0x31', '0x15', '0x4', '0xc7', '0x23', '0xc3', '0x18', '0x96', '0x5', '0x9a', '0x7', '0x12', '0x80', '0xe2', '0xeb', '0x27', '0xb2', '0x75', '0x9', '0x83', '0x2c', '0x1a', '0x1b', '0x6e', '0x5a', '0xa0', '0x52', '0x3b', '0xd6', '0xb3', '0x29', '0xe3', '0x2f', '0x84', '0x53', '0xd1', '0x0', '0xed', '0x20', '0xfc', '0xb1', '0x5b', '0x6a', '0xcb', '0xbe', '0x39', '0x4a', '0x4c', '0x58', '0xcf', '0xd0', '0xef', '0xaa', '0xfb', '0x43', '0x4d', '0x33', '0x85', '0x45', '0xf9', '0x2', '0x7f', '0x50', '0x3c', '0x9f', '0xa8', '0x51', '0xa3', '0x40', '0x8f', '0x92', '0x9d', '0x38', '0xf5', '0xbc', '0xb6', '0xda', '0x21', '0x10',

## Key Expansion method

In [81]:
def keyExpansion(key):
    expand = []
    cycles = 10
    expand.extend(map(ord, key))
    
    for i in range(4, 4 * (cycles + 1)):
        t = expand[(i-1) * 4:i * 4]
        if i % 4 == 0:
            t = xor(sub_word(rot_word(t)), (Rcon[i // 4], 0, 0, 0))
        elif 4 > 6 and i % 4 == 4:
            t = sub_word(t)
        expand.extend(xor(t, expand[(i - 4) * 4:(i - 4 + 1) * 4]))
    return expand



## Encryption transformation methods

In [82]:
def addRoundKey(state, roundKey):
    for i, num in enumerate(roundKey):
        state[i] ^= num

    print("\nAddRoundKey process:")
    showMatrix(state)
    return state
    
def subBytes(state):
    for i, num in enumerate(state):
        state[i] = SBox[num]

    print("\nSubByte process:")
    showMatrix(state)
    return state
    
def shiftRows(state):
    tmp = [0] * 16

    tmp[0] = state[0]
    tmp[1] = state[5]
    tmp[2] = state[10]
    tmp[3] = state[15]

    tmp[4] = state[4]
    tmp[5] = state[9]
    tmp[6] = state[14]
    tmp[7] = state[3]

    tmp[8] = state[8]
    tmp[9] = state[13]
    tmp[10] = state[2]
    tmp[11] = state[7]

    tmp[12] = state[12]
    tmp[13] = state[1]
    tmp[14] = state[6]
    tmp[15] = state[11]

    state = tmp

    print("\nShiftRow process:")
    showMatrix(state)
    return state
    
def mixColumns(state):
    ss = []
    for c in range(4):
        col = state[c * 4:(c + 1) * 4]
        ss.extend((
            Mmul[0x02][col[0]] ^ Mmul[0x03][col[1]] ^ col[2] ^ col[3],
            col[0] ^ Mmul[0x02][col[1]] ^ Mmul[0x03][col[2]] ^ col[3],
            col[0] ^ col[1] ^ Mmul[0x02][col[2]] ^ Mmul[0x03][col[3]],
            Mmul[0x03][col[0]] ^ col[1] ^ col[2] ^ Mmul[0x02][col[3]],
        ))
    for i, value in enumerate(ss):
        state[i] = value

    print("\nMixColumns process:")
    showMatrix(state)
    return state
    


## AES Encryption

In [83]:
def AESencryption(text, key):
    # Setting the AES primaries values
    state = text_to_bytes(plaintext) # creating the state which contain all ASCII values

    # First Step (Round 0)
    print("\nFIRST STEP:")
    print("-----------Round 0-----------")
    keys = keyExpansion(key)
    addRoundKey(state, keys[0:16])

    # Second Step (Round 1->9)
    print("\nSECOND STEP:")
    
    for i in range(1,10):
        print("-----------Round " + str(i) + "-----------")
        state = subBytes(state)
        state = shiftRows(state)
        state = mixColumns(state)
        state = addRoundKey(state,keys[i*16:(i+1)*16])
    

    # Final Step (Round 10)
    print("\nFINAL STEP:")
    print("-----------Round 10-----------")
    
    state = subBytes(state)
    state = shiftRows(state)
    state = addRoundKey(state,keys[10*16:])

    # Showing the encryption
    print("\n****** ENCRYPTED STATE ****** IN HEX:")
    showMatrix(state)
    print("\n****** ENCRYPTED STATE ****** IN CHAR:")
    showMatrixChar(state)
    
    cipherText = bytes_to_text(state)
    print("\nThe cipher text is: " + cipherText)
    #print(list(map(chr, state)))

    return cipherText

## Decryption transformation methods

In [84]:
def inv_subBytes(state):
    for i, num in enumerate(state):
        state[i] = SBoxInv[num]

    print("\nInvert SubByte process:")
    showMatrix(state)
    return state
    

def inv_shiftRows(state):
    tmp = [0] * 16

    tmp[0] = state[0]
    tmp[1] = state[13]
    tmp[2] = state[10]
    tmp[3] = state[7]

    tmp[4] = state[4]
    tmp[5] = state[1]
    tmp[6] = state[14]
    tmp[7] = state[11]

    tmp[8] = state[8]
    tmp[9] = state[5]
    tmp[10] = state[2]
    tmp[11] = state[15]

    tmp[12] = state[12]
    tmp[13] = state[9]
    tmp[14] = state[6]
    tmp[15] = state[3]

    state = tmp

    for i, value in enumerate(tmp):
        state[i] = value

    print("\nInvert ShiftRow process:")
    showMatrix(state)
    return state

def inv_mixColumns(state):
    ss = []
    for c in range(4):
        col = state[c * 4:(c + 1) * 4]
        ss.extend((
            Mmul[0x0e][col[0]] ^ Mmul[0x0b][col[1]] ^ Mmul[0x0d][col[2]] ^ Mmul[0x09][col[3]],
            Mmul[0x09][col[0]] ^ Mmul[0x0e][col[1]] ^ Mmul[0x0b][col[2]] ^ Mmul[0x0d][col[3]],
            Mmul[0x0d][col[0]] ^ Mmul[0x09][col[1]] ^ Mmul[0x0e][col[2]] ^ Mmul[0x0b][col[3]],
            Mmul[0x0b][col[0]] ^ Mmul[0x0d][col[1]] ^ Mmul[0x09][col[2]] ^ Mmul[0x0e][col[3]],
        ))
    for i, value in enumerate(ss):
        state[i] = value

    print("\nInvert MixColumns process:")
    showMatrix(state)
    return state


## AES Decryption

In [85]:
def AESdecryption(text, key):
    # Setting the AES primaries values
    state = text_to_bytes(text) # creating the state which contain all ASCII values
    showMatrix(state)
    
    # First Step
    print("\nFIRST STEP:")
    print("-----------Round 10-----------")
    keys = keyExpansion(key)
    state = addRoundKey(state, keys[160:])
    
    
   

    # Second Step
    print("\nSECOND STEP:")
    for i in range(9,0,-1):
        print("-----------Round " + str(i) + "-----------")
        state = inv_shiftRows(state)
        state = inv_subBytes(state)
        state = addRoundKey(state,keys[i*16:(i+1)*16])
        state = inv_mixColumns(state)
        
       
        
        
        

    # Final Step
    print("\nFINAL STEP:")
    print("-----------Round 0-----------")
    state = inv_shiftRows(state)
    state = inv_subBytes(state)
    state = addRoundKey(state, keys[0:16])

    # Showing the encryption
    print("\n****** DECRYPTED STATE ****** IN HEX:")
    showMatrix(state)
    print("\n****** DECRYPTED STATE ****** IN CHAR:")
    showMatrixChar(state)
    
    plainText = bytes_to_text(state)
    print("\nThe plain text is: " + plainText)
    return plainText

## Slide 27 Tester

In [86]:
initial_state = [1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,16]
print("initial_state:")
showMatrix(initial_state)

key = [15,21,113,201,71,217,232,89,12,183,173,214,175,127,103,152]
print("key:")
showMatrix(key)


plaintext = bytes_to_text(initial_state)
print("plaintext:")
print(plaintext)
key = bytes_to_text(key)

ciphertext = AESencryption(plaintext, key)


print("\n\n\nciphertext:")
print(ciphertext)
plaintext = AESdecryption(ciphertext, key)


print(bytes_to_text(initial_state))
print(plaintext)

#Slide 26 key expansion tester
"""
key = keyExpansion(key) 
for i in range(1,11):
    for k in key[i*16:(i+1)*16]:
        print(hex(k))
    print("-------------")
"""




initial_state:
0x1	 0x89	 0xfe	 0x76	 
0x23	 0xab	 0xdc	 0x54	 
0x45	 0xcd	 0xba	 0x32	 
0x67	 0xef	 0x98	 0x10	 

key:
0xf	 0x47	 0xc	 0xaf	 
0x15	 0xd9	 0xb7	 0x7f	 
0x71	 0xe8	 0xad	 0x67	 
0xc9	 0x59	 0xd6	 0x98	 

plaintext:
#Eg«ÍïþÜºvT2

FIRST STEP:
-----------Round 0-----------

AddRoundKey process:
0xe	 0xce	 0xf2	 0xd9	 
0x36	 0x72	 0x6b	 0x2b	 
0x34	 0x25	 0x17	 0x55	 
0xae	 0xb6	 0x4e	 0x88	 


SECOND STEP:
-----------Round 1-----------

SubByte process:
0xab	 0x8b	 0x89	 0x35	 
0x5	 0x40	 0x7f	 0xf1	 
0x18	 0x3f	 0xf0	 0xfc	 
0xe4	 0x4e	 0x2f	 0xc4	 


ShiftRow process:
0xab	 0x8b	 0x89	 0x35	 
0x40	 0x7f	 0xf1	 0x5	 
0xf0	 0xfc	 0x18	 0x3f	 
0xc4	 0xe4	 0x4e	 0x2f	 


MixColumns process:
0xb9	 0x94	 0x57	 0x75	 
0xe4	 0x8e	 0x16	 0x51	 
0x47	 0x20	 0x9a	 0x3f	 
0xc5	 0xd6	 0xf5	 0x3b	 


AddRoundKey process:
0x65	 0xf	 0xc0	 0x4d	 
0x74	 0xc7	 0xe8	 0xd0	 
0x70	 0xff	 0xe8	 0x2a	 
0x75	 0x3f	 0xca	 0x9c	 

-----------Round 2-----------

SubByte process:
0x4d	 0x76	 0xb

0xf0	 0xfc	 0x18	 0x3f	 
0xc4	 0xe4	 0x4e	 0x2f	 


FINAL STEP:
-----------Round 0-----------

Invert ShiftRow process:
0xab	 0x8b	 0x89	 0x35	 
0x5	 0x40	 0x7f	 0xf1	 
0x18	 0x3f	 0xf0	 0xfc	 
0xe4	 0x4e	 0x2f	 0xc4	 


Invert SubByte process:
0xe	 0xce	 0xf2	 0xd9	 
0x36	 0x72	 0x6b	 0x2b	 
0x34	 0x25	 0x17	 0x55	 
0xae	 0xb6	 0x4e	 0x88	 


AddRoundKey process:
0x1	 0x89	 0xfe	 0x76	 
0x23	 0xab	 0xdc	 0x54	 
0x45	 0xcd	 0xba	 0x32	 
0x67	 0xef	 0x98	 0x10	 


****** DECRYPTED STATE ****** IN HEX:
0x1	 0x89	 0xfe	 0x76	 
0x23	 0xab	 0xdc	 0x54	 
0x45	 0xcd	 0xba	 0x32	 
0x67	 0xef	 0x98	 0x10	 


****** DECRYPTED STATE ****** IN CHAR:
	 	 þ	 v	 
#	 «	 Ü	 T	 
E	 Í	 º	 2	 
g	 ï	 	 	 

The plain text is: #Eg«ÍïþÜºvT2
#Eg«ÍïþÜºvT2
#Eg«ÍïþÜºvT2


'\nkey = keyExpansion(key) \nfor i in range(1,11):\n    for k in key[i*16:(i+1)*16]:\n        print(hex(k))\n    print("-------------")\n'

## AES Tester

In [87]:
#Following test case found in https://kavaliro.com/wp-content/uploads/2014/03/AES.pdf

plaintext = "Two One Nine Two"
key = "Thats my Kung Fu"

ciphertext = AESencryption(plaintext, key)
plaintext = AESdecryption(ciphertext, key)

print(plaintext)

"""
plaintext = "Two One Nine Two"
state = text_to_bytes(plaintext)
#print(state)

#state = [1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,16]
print("initial state:")
showMatrix(state)

#key = [1,35,69,103,137,171,205,239,254,220,186,152,118,84,50,16]
key = "Thats my Kung Fu"
#key = text_to_bytes(key)
#print(key)

key = keyExpansion(key)
print("initial key:")
showMatrix(key[0:16])

#Round 0
print("-----------Round 0-----------")
state = addRoundKey(state,key[0:16])

#Round 1->9
for i in range(1,10):
    print("-----------Round " + str(i) + "-----------")
    state = subBytes(state)
    state = shiftRows(state)
    state = mixColumns(state)
    state = addRoundKey(state,key[i*16:(i+1)*16])
    #print("-----------------------------")

#Round 10 (No mix columns)
print("-----------Round 10-----------")
state = subBytes(state)
state = shiftRows(state)
state = addRoundKey(state,key[10*16:])

print("-----------Ciphertext-----------")
ciphertext = ''.join(chr(i) for i in state)
print(ciphertext)

"""

"""
key = keyExpansion(key)
for i in range(1,11):
    for k in key[i*16:(i+1)*16]:
        print(hex(k))
    print("-------------")
"""


FIRST STEP:
-----------Round 0-----------

AddRoundKey process:
0x0	 0x3c	 0x6e	 0x47	 
0x1f	 0x4e	 0x22	 0x74	 
0xe	 0x8	 0x1b	 0x31	 
0x54	 0x59	 0xb	 0x1a	 


SECOND STEP:
-----------Round 1-----------

SubByte process:
0x63	 0xeb	 0x9f	 0xa0	 
0xc0	 0x2f	 0x93	 0x92	 
0xab	 0x30	 0xaf	 0xc7	 
0x20	 0xcb	 0x2b	 0xa2	 


ShiftRow process:
0x63	 0xeb	 0x9f	 0xa0	 
0x2f	 0x93	 0x92	 0xc0	 
0xaf	 0xc7	 0xab	 0x30	 
0xa2	 0x20	 0xcb	 0x2b	 


MixColumns process:
0xba	 0x84	 0xe8	 0x1b	 
0x75	 0xa4	 0x8d	 0x40	 
0xf4	 0x8d	 0x6	 0x7d	 
0x7a	 0x32	 0xe	 0x5d	 


AddRoundKey process:
0x58	 0x15	 0x59	 0xcd	 
0x47	 0xb6	 0xd4	 0x39	 
0x8	 0x1c	 0xe2	 0xdf	 
0x8b	 0xba	 0xe8	 0xce	 

-----------Round 2-----------

SubByte process:
0x6a	 0x59	 0xcb	 0xbd	 
0xa0	 0x4e	 0x48	 0x12	 
0x30	 0x9c	 0x98	 0x9e	 
0x3d	 0xf4	 0x9b	 0x8b	 


ShiftRow process:
0x6a	 0x59	 0xcb	 0xbd	 
0x4e	 0x48	 0x12	 0xa0	 
0x98	 0x9e	 0x30	 0x9c	 
0x8b	 0x3d	 0xf4	 0x9b	 


MixColumns process:
0x15	 0xc9	 0x7f	 0x9d	

0x30	 0x7d	 0x37	 0x34	 
0x54	 0x23	 0x5b	 0xf1	 


AddRoundKey process:
0xaa	 0x65	 0xfa	 0x88	 
0x16	 0xc	 0x5	 0x3a	 
0x3d	 0xc1	 0xde	 0x2a	 
0xb3	 0x4b	 0x5a	 0xa	 


Invert MixColumns process:
0x1a	 0xab	 0x1	 0x27	 
0x5b	 0x30	 0x41	 0xb4	 
0xe9	 0xd2	 0xd3	 0xba	 
0x9a	 0xaa	 0xe8	 0xbb	 

-----------Round 2-----------

Invert ShiftRow process:
0x1a	 0xab	 0x1	 0x27	 
0xb4	 0x5b	 0x30	 0x41	 
0xd3	 0xba	 0xe9	 0xd2	 
0xaa	 0xe8	 0xbb	 0x9a	 


Invert SubByte process:
0x43	 0xe	 0x9	 0x3d	 
0xc6	 0x57	 0x8	 0xf8	 
0xa9	 0xc0	 0xeb	 0x7f	 
0x62	 0xc8	 0xfe	 0x37	 


AddRoundKey process:
0x15	 0xc9	 0x7f	 0x9d	 
0xce	 0x4d	 0x4b	 0xc2	 
0x89	 0x71	 0xbe	 0x88	 
0x65	 0x47	 0x97	 0xcd	 


Invert MixColumns process:
0x6a	 0x59	 0xcb	 0xbd	 
0x4e	 0x48	 0x12	 0xa0	 
0x98	 0x9e	 0x30	 0x9c	 
0x8b	 0x3d	 0xf4	 0x9b	 

-----------Round 1-----------

Invert ShiftRow process:
0x6a	 0x59	 0xcb	 0xbd	 
0xa0	 0x4e	 0x48	 0x12	 
0x30	 0x9c	 0x98	 0x9e	 
0x3d	 0xf4	 0x9b	 0x8b	 


Invert SubBy

'\nkey = keyExpansion(key)\nfor i in range(1,11):\n    for k in key[i*16:(i+1)*16]:\n        print(hex(k))\n    print("-------------")\n'