# AES python sample

## 🔐 1. AES S-Box (Forward, SubBytes용)

In [1]:
S_BOX = [
    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
]


## 🔓 2. AES 역 S-Box (Inverse S-Box, InvSubBytes용)

In [2]:
INV_S_BOX = [
    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
]


In [3]:
def sub_bytes(data):
    return ''.join(format(S_BOX[int(data[i:i+8], 2)], '08b') for i in range(0, len(data), 8))

def inv_sub_bytes(data):
    return ''.join(format(INV_S_BOX[int(data[i:i+8], 2)], '08b') for i in range(0, len(data), 8))

# 테스트용 128비트 이진 데이터
test_data = '0110110101101010011100100110110101010001010010110011100001010110001010110110000101001111001010000011110010000011'

subbed = sub_bytes(test_data)
inv_subbed = inv_sub_bytes(subbed)

subbed, inv_subbed, inv_subbed == test_data  # 복호화가 원본과 일치하는지 확인

('0011110000000010010000000011110011010001101100110000011110110001111100011110111110000100001101001110101111101100',
 '0110110101101010011100100110110101010001010010110011100001010110001010110110000101001111001010000011110010000011',
 True)

In [5]:
# AES-128: 전체 암호화 및 복호화 루틴 (SubBytes, ShiftRows, MixColumns 포함)

# GF(2^8) 상수 곱셈 함수
def gmul(a, b):
    p = 0
    for i in range(8):
        if b & 1:
            p ^= a
        hi_bit_set = a & 0x80
        a = (a << 1) & 0xFF
        if hi_bit_set:
            a ^= 0x1B
        b >>= 1
    return p

# MixColumns (각 열에 대해 고정 행렬 곱셈)
def mix_single_column(col):
    return [
        gmul(col[0], 2) ^ gmul(col[1], 3) ^ col[2] ^ col[3],
        col[0] ^ gmul(col[1], 2) ^ gmul(col[2], 3) ^ col[3],
        col[0] ^ col[1] ^ gmul(col[2], 2) ^ gmul(col[3], 3),
        gmul(col[0], 3) ^ col[1] ^ col[2] ^ gmul(col[3], 2)
    ]

def inv_mix_single_column(col):
    return [
        gmul(col[0], 14) ^ gmul(col[1], 11) ^ gmul(col[2], 13) ^ gmul(col[3], 9),
        gmul(col[0], 9) ^ gmul(col[1], 14) ^ gmul(col[2], 11) ^ gmul(col[3], 13),
        gmul(col[0], 13) ^ gmul(col[1], 9) ^ gmul(col[2], 14) ^ gmul(col[3], 11),
        gmul(col[0], 11) ^ gmul(col[1], 13) ^ gmul(col[2], 9) ^ gmul(col[3], 14)
    ]

def mix_columns(state):
    bytes_ = [int(state[i:i+8], 2) for i in range(0, 128, 8)]
    mixed = []
    for i in range(4):
        col = bytes_[i*4:(i+1)*4]
        mixed += mix_single_column(col)
    return ''.join(format(b, '08b') for b in mixed)

def inv_mix_columns(state):
    bytes_ = [int(state[i:i+8], 2) for i in range(0, 128, 8)]
    mixed = []
    for i in range(4):
        col = bytes_[i*4:(i+1)*4]
        mixed += inv_mix_single_column(col)
    return ''.join(format(b, '08b') for b in mixed)

# ShiftRows
def shift_rows(state):
    bytes_ = [state[i:i+8] for i in range(0, 128, 8)]
    matrix = [bytes_[i::4] for i in range(4)]
    for r in range(4):
        matrix[r] = matrix[r][r:] + matrix[r][:r]
    shifted = [matrix[r][c] for c in range(4) for r in range(4)]
    return ''.join(shifted)

def inv_shift_rows(state):
    bytes_ = [state[i:i+8] for i in range(0, 128, 8)]
    matrix = [bytes_[i::4] for i in range(4)]
    for r in range(4):
        matrix[r] = matrix[r][-r:] + matrix[r][:-r]
    shifted = [matrix[r][c] for c in range(4) for r in range(4)]
    return ''.join(shifted)

# SubBytes / InvSubBytes
def sub_bytes(data):
    return ''.join(format(S_BOX[int(data[i:i+8], 2)], '08b') for i in range(0, len(data), 8))

def inv_sub_bytes(data):
    return ''.join(format(INV_S_BOX[int(data[i:i+8], 2)], '08b') for i in range(0, len(data), 8))

# XOR 연산
def xor(a, b):
    return ''.join('1' if x != y else '0' for x, y in zip(a, b))

# AddRoundKey
def add_round_key(state, round_key):
    return xor(state, round_key)

# 전체 AES 암호화 루프
def aes_encrypt(block: str, round_keys: list) -> str:
    nr = len(round_keys) - 1
    state = add_round_key(block, round_keys[0])
    for i in range(1, nr):
        state = sub_bytes(state)
        state = shift_rows(state)
        state = mix_columns(state)
        state = add_round_key(state, round_keys[i])
    state = sub_bytes(state)
    state = shift_rows(state)
    state = add_round_key(state, round_keys[nr])
    return state

# 전체 AES 복호화 루프
def aes_decrypt(block: str, round_keys: list) -> str:
    nr = len(round_keys) - 1
    state = add_round_key(block, round_keys[nr])
    for i in reversed(range(1, nr)):
        state = inv_shift_rows(state)
        state = inv_sub_bytes(state)
        state = add_round_key(state, round_keys[i])
        state = inv_mix_columns(state)
    state = inv_shift_rows(state)
    state = inv_sub_bytes(state)
    state = add_round_key(state, round_keys[0])
    return state


In [6]:
# 입력: 128비트 이진 문자열
plaintext = '0110110101101010011100100110110101010001010010110011100001010110' \
            '0010101101100001010011110010100000111100100000110000000011001100'

# 11개의 128비트 라운드 키 (AES-128용)
round_keys = ['0'*128 for _ in range(11)]

# 암호화
ciphertext = aes_encrypt(plaintext, round_keys)

# 복호화
recovered = aes_decrypt(ciphertext, round_keys)

# 결과 확인
print("암호문:", ciphertext)
print("복호문:", recovered)
print("복호 성공:", recovered == plaintext)


암호문: 10011011010011110001101100001110001010010111110001001001101100000101001101010100010101111101001100100001000001001010011011001101
복호문: 01101101011010100111001001101101010100010100101100111000010101100010101101100001010011110010100000111100100000110000000011001100
복호 성공: True


## 🔒 구성 요약 (AES-128 기준)

| 단계 | 암호화 | 복호화 |
| --- | --- | --- |
| 초기 | AddRoundKey | AddRoundKey |
| 라운드 1~9 | SubBytes → ShiftRows → MixColumns → AddRoundKey | InvShiftRows → InvSubBytes → AddRoundKey → InvMixColumns |
| 라운드 10 | SubBytes → ShiftRows → AddRoundKey | InvShiftRows → InvSubBytes → AddRoundKey |

## 📦 구성 요약

| 함수 | 역할 |
| --- | --- |
| `aes_encrypt` | 전체 AES 암호화 라운드 수행 |
| `aes_decrypt` | 전체 AES 복호화 라운드 수행 |
| `sub_bytes` / `inv_sub_bytes` | 바이트 치환 (S-Box) |
| `shift_rows` / `inv_shift_rows` | 행 이동 |
| `mix_columns` / `inv_mix_columns` | 열 혼합 |
| `add_round_key` | 키 XOR |
| `gmul` | GF(2^8) 상의 곱셈 |

## 🔐 AES 암호화 구조 개요

### 🔁 기본 구성 (AES-128 기준)

| 단계 | 설명 |
| --- | --- |
| 초기 | AddRoundKey (key 0번) |
| 라운드 1~9 | SubBytes → ShiftRows → MixColumns → AddRoundKey |
| 라운드 10 | SubBytes → ShiftRows → AddRoundKey (MixColumns 없음) |

---

## 🔨 주요 함수 설명 및 구현 예시

### ✅ 1. AddRoundKey (XOR)

```python
def add_round_key(state, round_key):
    return ''.join('1' if b1 != b2 else '0' for b1, b2 in zip(state, round_key))

```

- `state`와 `round_key`는 128비트 이진 문자열로 가정
- XOR 연산으로 키를 더함

---

### ✅ 2. SubBytes

- 각 바이트(8비트)에 AES S-Box를 적용
- 실제 구현에서는 16진수 → S-Box 치환 → 16진수 반환

```python
S_BOX = [...]  # 256개 값의 S-Box 테이블 (생략 가능)

def sub_bytes(data):
    return ''.join(format(S_BOX[int(data[i:i+8], 2)], '08b') for i in range(0, len(data), 8))

```

---

### ✅ 3. ShiftRows

- 4x4 바이트 배열(128비트 → 16바이트)을 행 단위로 로테이션
- 실제는 행렬 변환 필요

```python
def shift_rows(state):
    bytes_ = [state[i:i+8] for i in range(0, 128, 8)]
    matrix = [bytes_[i::4] for i in range(4)]  # 열 단위 재구성

    for r in range(4):
        matrix[r] = matrix[r][r:] + matrix[r][:r]  # row r → left shift by r

    # 열 단위로 다시 평탄화
    shifted = [matrix[r][c] for c in range(4) for r in range(4)]
    return ''.join(shifted)

```

---

### ✅ 4. MixColumns (정확한 구현은 정수 행렬 연산이 필요)

- AES에서 가장 수학적으로 복잡한 부분 (GF(2^8)에서의 행렬 곱)
- 여기서는 생략 가능하지만, 원한다면 `gmul()` + 열별 dot product로 구현 가능

```python
def mix_columns(state):
    return state  # 교육용으로 생략 또는 `mix_columns_full()`로 확장 가능

```

---

## 🔁 AES 암호화 루프 구조 (AES-128 기준)

```python
# AES-128: 128비트 블록, 10라운드, 키도 128비트 (RoundKey 11개 필요)
round_key = ['0'*128 for _ in range(11)]  # 예시용

block = '0'*128  # 128비트 평문

# Initial Round
state = add_round_key(block, round_key[0])

# Rounds 1 ~ 9
for i in range(1, 10):
    state = sub_bytes(state)
    state = shift_rows(state)
    state = mix_columns(state)
    state = add_round_key(state, round_key[i])

# Final Round (No MixColumns)
state = sub_bytes(state)
state = shift_rows(state)
cypher_block = add_round_key(state, round_key[10])

print("암호문:", cypher_block)

```

---

## 🔓 복호화 구조

AES 복호화는 암호화의 **역순**으로 다음 단계를 수행합니다:

| 암호화 단계 | 복호화 단계 |
| --- | --- |
| AddRoundKey | AddRoundKey |
| SubBytes | InvSubBytes |
| ShiftRows | InvShiftRows |
| MixColumns | InvMixColumns |

---

### ✅ 복호화용 함수 구조

- `InvSubBytes`: 역 S-Box 사용
- `InvShiftRows`: 오른쪽 시프트
- `InvMixColumns`: 역 행렬 곱

```python
def inv_shift_rows(state): ...
def inv_sub_bytes(state): ...
def inv_mix_columns(state): ...

```

---

## 🔁 복호화 루프 구조

```python
state = add_round_key(ciphertext, round_key[10])  # 마지막 키 먼저

for i in reversed(range(1, 10)):
    state = inv_shift_rows(state)
    state = inv_sub_bytes(state)
    state = add_round_key(state, round_key[i])
    state = inv_mix_columns(state)

# 마지막 라운드
state = inv_shift_rows(state)
state = inv_sub_bytes(state)
plaintext = add_round_key(state, round_key[0])

```

---

## 📌 요약

- AES는 **SubBytes, ShiftRows, MixColumns, AddRoundKey**로 구성된 블록 암호
- 복호화는 위 과정을 **역순 + 역함수**로 수행
- `xor()` 연산은 AddRoundKey에서 사용
- `ShiftRows`, `MixColumns`는 비트 혼합(확산)의 핵심

In [9]:
from binascii import unhexlify, hexlify
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import secrets

# --- 1. IV 생성: 32자리 hex (16바이트) ---
hex_list = ['0', '1']
iv = ''.join(secrets.choice(hex_list) for _ in range(32))
print(f"ivsms CVC 첫 번째 블록과 xor: {iv}")

# --- 2. Key 설정 (16바이트 AES 키를 hex로 입력) ---
password_hex = '0123456789abcdef0123456789abcdef'  # 32자리 hex = 16바이트 키
key = unhexlify(password_hex)
print(f"key: {hexlify(key).decode()}")

# --- 3. 평문 메시지 입력 ---
plaintext_msg = "Hello AES CBC Mode!"
print(f"plaintext: {plaintext_msg}")

# --- 4. 바이트 인코딩 및 패딩 ---
msg = plaintext_msg.encode()
padded = pad(msg, AES.block_size)

# --- 5. 암호화 ---
iv_bytes = unhexlify(iv)
cipher = AES.new(key, AES.MODE_CBC, iv=iv_bytes)
ciphertext = cipher.encrypt(padded)

print(f"ciphertext (hex): {hexlify(ciphertext).decode()}")

# --- 6. 복호화 ---
cipher2 = AES.new(key, AES.MODE_CBC, iv=iv_bytes)
decrypted_padded = cipher2.decrypt(ciphertext)
decrypted = unpad(decrypted_padded, AES.block_size).decode()

print(f"decrypted text: {decrypted}")


ivsms CVC 첫 번째 블록과 xor: 00101011000101110001100101001011
key: 0123456789abcdef0123456789abcdef
plaintext: Hello AES CBC Mode!
ciphertext (hex): b291ccd67db3c25add2c26ac67b558e2cd18733201c092b47259487b125a13a7
decrypted text: Hello AES CBC Mode!
