《2022年Javascript实现Aes加密 .pdf》由会员分享,可在线阅读,更多相关《2022年Javascript实现Aes加密 .pdf(19页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、JAVAScript实现 AES 加密1、aes.js文件源码var password=L0ck it up saf3;var plaintext=pssst.?ont tell any?ne!;var ciphertext=Aes.Ctr.encrypt(plaintext,password,256);var origtext=Aes.Ctr.decrypt(ciphertext,password,256);/*-*/*AES implementation in JavaScript(c)Chris Veness 2005-2011 */*-see http:/csrc.nist.gov/p
2、ublications/PubsFIPS.html#197 */*-*/varAes=;/Aes namespace/*AES Cipher function:encrypt input state with Rijndael algorithm *applies Nr rounds(10/12/14)using key schedule w for add round key stage *param Number input 16-byte(128-bit)input state array *param Number w Key schedule as 2D byte-array(Nr+
3、1 x Nb bytes)*returns Number Encrypted output state array 名师资料总结-精品资料欢迎下载-名师精心整理-第 1 页,共 19 页 -*/Aes.cipher=function(input,w)/main Cipher function 5.1varNb=4;/block size(in words):no of columns in state(fixed at 4 for AES)varNr=w.length/Nb-1;/no of rounds:10/12/14 for 128/192/256-bit keysvar state=,
4、;/initialise 4xNb byte-array state with input 3.4for(var i=0;i4*Nb;i+)state i%4 Math.floor(i/4)=input i;state=Aes.addRoundKey(state,w,0,Nb);for(var round=1;roundNr;round+)state=Aes.subBytes(state,Nb);state=Aes.shiftRows(state,Nb);state=Aes.mixColumns(state,Nb);state=Aes.addRoundKey(state,w,round,Nb)
5、;state=Aes.subBytes(state,Nb);state=Aes.shiftRows(state,Nb);state=Aes.addRoundKey(state,w,Nr,Nb);var output=newArray(4*Nb);/convert state to 1-d array before returning 3.4for(var i=0;i4*Nb;i+)output i=state i%4Math.floor(i/4);return output;名师资料总结-精品资料欢迎下载-名师精心整理-第 2 页,共 19 页 -/*Perform Key Expansion
6、 to generate a Key Schedule *param Number key Key as 16/24/32-byte array *returns Number Expanded key schedule as 2D byte-array(Nr+1 x Nb bytes)*/Aes.keyExpansion=function(key)/generate Key Schedule(byte-array Nr+1 x Nb)from Key 5.2varNb=4;/block size(in words):no of columns in state(fixed at 4 for
7、AES)varNk=key.length/4/key length(in words):4/6/8 for 128/192/256-bit keysvarNr=Nk+6;/no of rounds:10/12/14 for 128/192/256-bit keysvar w=newArray(Nb*(Nr+1);var temp=newArray(4);for(var i=0;iNk;i+)var r=key 4*i,key 4*i+1,key 4*i+2,key 4*i+3;w i=r;for(var i=Nk;i(Nb*(Nr+1);i+)w i=newArray(4);for(var t
8、=0;t4;t+)temp t=w i-1t;if(i%Nk=0)temp=Aes.subWord(Aes.rotWord(temp);for(var t=0;t 6&i%Nk=4)名师资料总结-精品资料欢迎下载-名师精心整理-第 3 页,共 19 页 -temp=Aes.subWord(temp);for(var t=0;t4;t+)w i t=w i-Nk t temp t;return w;/*-remaining routines are private,not called externally-*/Aes.subBytes=function(s,Nb)/apply SBox to
9、state S 5.1.1for(var r=0;r 4;r+)for(var c=0;c Nb;c+)s r c=Aes.sBox s r c;return s;Aes.shiftRows=function(s,Nb)/shift row r of state S left by r bytes 5.1.2var t=newArray(4);for(var r=1;r 4;r+)for(var c=0;c 4;c+)t c=s r(c+r)%Nb;/shift into temp copyfor(var c=0;c 4;c+)s r c=t c;/and copy back/note tha
10、t this will work for Nb=4,5,6,but not 7,8(always 4 for AES):return s;/see 4 页,共 19 页 -Aes.mixColumns=function(s,Nb)/combine bytes of each col of state S 5.1.3for(var c=0;c 4;c+)var a=newArray(4);/a is a copy of the current column from svar b=newArray(4);/b is a?02 in GF(28)for(var i=0;i4;i+)a i=s i
11、c;b i=s i c&0 x80?s i c 1 0 x011b:s i c 1;/an bn is a?03 in GF(28)s 0c=b 0 a 1 b 1 a 2 a 3;/2*a0+3*a1+a2+a3 s 1c=a 0 b 1 a 2 b 2 a 3;/a0*2*a1+3*a2+a3 s 2c=a 0 a 1 b 2 a 3 b 3;/a0+a1+2*a2+3*a3 s 3c=a 0 b 0 a 1 a 2 b 3;/3*a0+a1+a2+2*a3return s;Aes.addRoundKey=function(state,w,rnd,Nb)/xor Round Key int
12、o state S 5.1.4for(var r=0;r 4;r+)for(var c=0;c Nb;c+)state r c=w rnd*4+cr;return state;名师资料总结-精品资料欢迎下载-名师精心整理-第 5 页,共 19 页 -Aes.subWord=function(w)/apply SBox to 4-byte word wfor(var i=0;i4;i+)w i=Aes.sBox w i;return w;Aes.rotWord=function(w)/rotate 4-byte word w left by one bytevar tmp=w 0;for(var
13、 i=0;i3;i+)w i=w i+1;w 3=tmp;return w;/sBox is pre-computed multiplicative inverse in GF(28)used in subBytes and keyExpansion 5.1.1Aes.sBox=0 x63,0 x7c,0 x77,0 x7b,0 xf2,0 x6b,0 x6f,0 xc5,0 x30,0 x01,0 x67,0 x2b,0 xfe,0 xd7,0 xab,0 x76,0 xca,0 x82,0 xc9,0 x7d,0 xfa,0 x59,0 x47,0 xf0,0 xad,0 xd4,0 xa
14、2,0 xaf,0 x9c,0 xa4,0 x72,0 xc0,0 xb7,0 xfd,0 x93,0 x26,0 x36,0 x3f,0 xf7,0 xcc,0 x34,0 xa5,0 xe5,0 xf1,0 x71,0 xd8,0 x31,0 x15,0 x04,0 xc7,0 x23,0 xc3,0 x18,0 x96,0 x05,0 x9a,0 x07,0 x12,0 x80,0 xe2,0 xeb,0 x27,0 xb2,0 x75,0 x09,0 x83,0 x2c,0 x1a,0 x1b,0 x6e,0 x5a,0 xa0,0 x52,0 x3b,0 xd6,0 xb3,0 x2
15、9,0 xe3,0 x2f,0 x84,0 x53,0 xd1,0 x00,0 xed,0 x20,0 xfc,0 xb1,0 x5b,0 x6a,0 xcb,0 xbe,0 x39,0 x4a,0 x4c,0 x58,0 xcf,0 xd0,0 xef,0 xaa,0 xfb,0 x43,0 x4d,0 x33,0 x85,0 x45,0 xf9,0 x02,0 x7f,0 x50,0 x3c,0 x9f,0 xa8,0 x51,0 xa3,0 x40,0 x8f,0 x92,0 x9d,0 x38,0 xf5,0 xbc,0 xb6,0 xda,0 x21,0 x10,0 xff,0 xf
16、3,0 xd2,0 xcd,0 x0c,0 x13,0 xec,0 x5f,0 x97,0 x44,0 x17,0 xc4,0 xa7,0 x7e,0 x3d,0 x64,0 x5d,0 x19,0 x73,0 x60,0 x81,0 x4f,0 xdc,0 x22,0 x2a,0 x90,0 x88,0 x46,0 xee,0 xb8,0 x14,0 xde,0 x5e,0 x0b,0 xdb,0 xe0,0 x32,0 x3a,0 x0a,0 x49,0 x06,0 x24,0 x5c,0 xc2,0 xd3,0 xac,0 x62,0 x91,0 x95,0 xe4,0 x79,0 xe
17、7,0 xc8,0 x37,0 x6d,0 x8d,0 xd5,0 x4e,0 xa9,0 x6c,0 x56,0 xf4,0 xea,0 x65,0 x7a,0 xae,0 x08,名师资料总结-精品资料欢迎下载-名师精心整理-第 6 页,共 19 页 -0 xba,0 x78,0 x25,0 x2e,0 x1c,0 xa6,0 xb4,0 xc6,0 xe8,0 xdd,0 x74,0 x1f,0 x4b,0 xbd,0 x8b,0 x8a,0 x70,0 x3e,0 xb5,0 x66,0 x48,0 x03,0 xf6,0 x0e,0 x61,0 x35,0 x57,0 xb9,0 x
18、86,0 xc1,0 x1d,0 x9e,0 xe1,0 xf8,0 x98,0 x11,0 x69,0 xd9,0 x8e,0 x94,0 x9b,0 x1e,0 x87,0 xe9,0 xce,0 x55,0 x28,0 xdf,0 x8c,0 xa1,0 x89,0 x0d,0 xbf,0 xe6,0 x42,0 x68,0 x41,0 x99,0 x2d,0 x0f,0 xb0,0 x54,0 xbb,0 x16;/rCon is Round Constant used for the Key Expansion 1st col is 2(r-1)in GF(28)5.2Aes.rCo
19、n=0 x00,0 x00,0 x00,0 x00,0 x01,0 x00,0 x00,0 x00,0 x02,0 x00,0 x00,0 x00,0 x04,0 x00,0 x00,0 x00,0 x08,0 x00,0 x00,0 x00,0 x10,0 x00,0 x00,0 x00,0 x20,0 x00,0 x00,0 x00,0 x40,0 x00,0 x00,0 x00,0 x80,0 x00,0 x00,0 x00,0 x1b,0 x00,0 x00,0 x00,0 x36,0 x00,0 x00,0 x00;/*-*/*AES Counter-mode implementat
20、ion in JavaScript(c)Chris Veness 2005-2011 */*-see http:/csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */*-*/Aes.Ctr=;/Aes.Ctr namespace:a subclass or extension of Aes名师资料总结-精品资料欢迎下载-名师精心整理-第 7 页,共 19 页 -/*Encrypt a text using AES encryption in Counter mode of operation *Unicode multi-by
21、te character safe *param String plaintext Source text to be encrypted *param String password The password to use to generate a key *param Number nBits Number of bits to be used in the key(128,192,or 256)*returns string Encrypted text */Aes.Ctr.encrypt=function(plaintext,password,nBits)var blockSize=
22、16;/block size fixed at 16 bytes/128 bits(Nb=4)for AESif(!(nBits=128|nBits=192|nBits=256)return;/standard allows 128/192/256 bit keys plaintext=Utf8.encode(plaintext);password=Utf8.encode(password);/var t=new Date();/timer/use AES itself to encrypt password to get cipher key(using plain password as
23、source for key/expansion)-gives us well encrypted keyvar nBytes=nBits/8;/no bytes in keyvar pwBytes=newArray(nBytes);for(var i=0;inBytes;i+)pwBytes i=isNaN(password.charCodeAt(i)?0:password.charCodeAt(i);var key=Aes.cipher(pwBytes,Aes.keyExpansion(pwBytes);/gives us 16-byte key key=key.concat(key.sl
24、ice(0,nBytes-16);/expand key to 16/24/32 bytes long名师资料总结-精品资料欢迎下载-名师精心整理-第 8 页,共 19 页 -/initialise 1st 8 bytes of counter block with nonce(NIST SP800-38A B.2):0-1=millisec,/2-3=random,4-7=seconds,together giving full sub-millisec uniqueness up to Feb 2106var counterBlock=newArray(blockSize);var non
25、ce=(newDate().getTime();/timestamp:milliseconds since 1-Jan-1970var nonceMs=nonce%1000;var nonceSec=Math.floor(nonce/1000);var nonceRnd=Math.floor(Math.random()*0 xffff);for(var i=0;i i*8)&0 xff;for(var i=0;i i*8)&0 xff;for(var i=0;i i*8)&0 xff;/and convert it to a string to go on the front of the c
26、iphertextvar ctrTxt=;for(var i=0;i8;i+)ctrTxt+=String.fromCharCode(counterBlock i);/generate key schedule-an expansion of the key into distinct Key Rounds for each roundvar keySchedule=Aes.keyExpansion(key);var blockCount=Math.ceil(plaintext.length/blockSize);var ciphertxt=newArray(blockCount);/ciph
27、ertext as array of stringsfor(var b=0;b blockCount;b+)/set counter(block#)in last 8 bytes of counter block(leaving nonce in 1st 8 bytes)名师资料总结-精品资料欢迎下载-名师精心整理-第 9 页,共 19 页 -/done in two stages for 32-bit ops:using two words allows us to go past 232 blocks(68GB)for(var c=0;c c*8)&0 xff;for(var c=0;c
28、c*8)var cipherCntr=Aes.cipher(counterBlock,keySchedule);/-encrypt counter block-/block size is reduced on final blockvar blockLength=b blockCount-1?blockSize:(plaintext.length-1)%blockSize+1;var cipherChar=newArray(blockLength);for(var i=0;iblockLength;i+)/-xor plaintext with ciphered counter char-b
29、y-char-cipherChar i=cipherCntr i plaintext.charCodeAt(b*blockSize+i);cipherChar i=String.fromCharCode(cipherChar i);ciphertxt b=cipherChar.join();/Array.join is more efficient than repeated string concatenation in IEvar ciphertext=ctrTxt+ciphertxt.join();ciphertext=Base64.encode(ciphertext);/encode
30、in base64/alert(new Date()-t);return ciphertext;/*名师资料总结-精品资料欢迎下载-名师精心整理-第 10 页,共 19 页 -*Decrypt a text encrypted by AES in counter mode of operation *param String ciphertext Source text to be encrypted *param String password The password to use to generate a key *param Number nBits Number of bits t
31、o be used in the key(128,192,or 256)*returns String Decrypted text */Aes.Ctr.decrypt=function(ciphertext,password,nBits)var blockSize=16;/block size fixed at 16 bytes/128 bits(Nb=4)for AESif(!(nBits=128|nBits=192|nBits=256)return;/standard allows 128/192/256 bit keys ciphertext=Base64.decode(ciphert
32、ext);password=Utf8.encode(password);/var t=new Date();/timer/use AES to encrypt password(mirroring encrypt routine)var nBytes=nBits/8;/no bytes in keyvar pwBytes=newArray(nBytes);for(var i=0;inBytes;i+)pwBytes i=isNaN(password.charCodeAt(i)?0:password.charCodeAt(i);var key=Aes.cipher(pwBytes,Aes.key
33、Expansion(pwBytes);key=key.concat(key.slice(0,nBytes-16);/expand key to 16/24/32 bytes long/recover nonce from 1st 8 bytes of ciphertextvar counterBlock=newArray(8);ctrTxt=ciphertext.slice(0,8);名师资料总结-精品资料欢迎下载-名师精心整理-第 11 页,共 19 页 -for(var i=0;i8;i+)counterBlock i=ctrTxt.charCodeAt(i);/generate key
34、schedulevar keySchedule=Aes.keyExpansion(key);/separate ciphertext into blocks(skipping past initial 8 bytes)var nBlocks=Math.ceil(ciphertext.length-8)/blockSize);var ct=newArray(nBlocks);for(var b=0;b nBlocks;b+)ct b=ciphertext.slice(8+b*blockSize,8+b*blockSize+blockSize);ciphertext=ct;/ciphertext
35、is now array of block-length strings/plaintext will get generated block-by-block into array of block-length stringsvar plaintxt=newArray(ciphertext.length);for(var b=0;b nBlocks;b+)/set counter(block#)in last 8 bytes of counter block(leaving nonce in 1st 8 bytes)for(var c=0;c c*8)&0 xff;for(var c=0;
36、c c*8)&0 xff;var cipherCntr=Aes.cipher(counterBlock,keySchedule);/encrypt counter blockvar plaintxtByte=newArray(ciphertext b.length);for(var i=0;i 0)while(c+3)pad+=;plain+=0;/note:doing padding here saves us doing special-case packing for trailing 1 or 2 charsfor(c=0;c plain.length;c+=3)/pack three
37、 octets into four hexets o1=plain.charCodeAt(c);o2=plain.charCodeAt(c+1);o3=plain.charCodeAt(c+2);bits=o1 16|o2 18&0 x3f;h2=bits 12&0 x3f;h3=bits 6&0 x3f;名师资料总结-精品资料欢迎下载-名师精心整理-第 14 页,共 19 页 -h4=bits&0 x3f;/use hextets to index into code string e c/3=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.
38、charAt(h4);coded=e.join();/join()is far faster than repeated string concatenation in IE/replace As from padded nulls with=s coded=coded.slice(0,coded.length-pad.length)+pad;return coded;/*Decode string from Base64,as defined by RFC 4648 http:/tools.ietf.org/html/rfc4648 *(instance method extending S
39、tring object).As per RFC 4648,newlines are not catered for.*param String str The string to be decoded from base-64 *param Boolean utf8decode=false Flag to indicate whether str is Unicode string to be decoded *from UTF8 after conversion from base64 *returns String decoded string */Base64.decode=funct
40、ion(str,utf8decode)utf8decode=(typeof utf8decode=undefined)?false:utf8decode;var o1,o2,o3,h1,h2,h3,h4,bits,d=,plain,coded;var b64=Base64.code;名师资料总结-精品资料欢迎下载-名师精心整理-第 15 页,共 19 页 -coded=utf8decode?str.decodeUTF8():str;for(var c=0;c coded.length;c+=4)/unpack four hexets into three octets h1=b64.index
41、Of(coded.charAt(c);h2=b64.indexOf(coded.charAt(c+1);h3=b64.indexOf(coded.charAt(c+2);h4=b64.indexOf(coded.charAt(c+3);bits=h1 18|h2 12|h3 16&0 xff;o2=bits 8&0 xff;o3=bits&0 xff;d c/4=String.fromCharCode(o1,o2,o3);/check for paddingif(h4=0 x40)d c/4=String.fromCharCode(o1,o2);if(h3=0 x40)d c/4=String
42、.fromCharCode(o1);plain=d.join();/join()is far faster than repeated string concatenation in IEreturn utf8decode?plain.decodeUTF8():plain;名师资料总结-精品资料欢迎下载-名师精心整理-第 16 页,共 19 页 -/*-*/*Utf8 class:encode/decode between multi-byte Unicode characters and UTF-8 multiple */*single-byte character encoding(c)C
43、hris Veness 2002-2011 */*-*/varUtf8=;/Utf8 namespace/*Encode multi-byte Unicode string into utf-8 multiple single-byte characters *(BMP/basic multilingual plane only)*Chars in range U+0080-U+07FF are encoded in 2 chars,U+0800-U+FFFF in 3 chars *param String strUni Unicode string to be encoded as UTF
44、-8 *returns String encoded string */Utf8.encode=function(strUni)/use regular expressions&String.replace callback function for better efficiency/than procedural approachesvar strUtf=strUni.replace(/u0080-u07ff/g,/U+0080-U+07FF=2 bytes 110yyyyy,10zzzzzzfunction(c)var cc=c.charCodeAt(0);returnString.fr
45、omCharCode(0 xc0|cc 6,0 x80|cc&0 x3f););名师资料总结-精品资料欢迎下载-名师精心整理-第 17 页,共 19 页 -strUtf=strUtf.replace(/u0800-uffff/g,/U+0800-U+FFFF=3 bytes 1110 xxxx,10yyyyyy,10zzzzzzfunction(c)var cc=c.charCodeAt(0);returnString.fromCharCode(0 xe0|cc 12,0 x80|cc 6&0 x3F,0 x80|cc&0 x3f););return strUtf;/*Decode utf-8
46、 encoded string back into multi-byte Unicode characters *param String strUtf UTF-8 string to be decoded back to Unicode *returns String decoded string */Utf8.decode=function(strUtf)/note:decode 3-byte chars first as decoded 2-byte strings could appear to be 3-byte char!var strUni=strUtf.replace(/u00
47、e0-u00efu0080-u00bfu0080-u00bf/g,/3-byte charsfunction(c)/(note parentheses for precence)var cc=(c.charCodeAt(0)&0 x0f)12)|(c.charCodeAt(1)&0 x3f)6)|(c.charCodeAt(2)&0 x3f);returnString.fromCharCode(cc););strUni=strUni.replace(/u00c0-u00dfu0080-u00bf/g,/2-byte charsfunction(c)/(note parentheses for precence)名师资料总结-精品资料欢迎下载-名师精心整理-第 18 页,共 19 页 -var cc=(c.charCodeAt(0)&0 x1f)6|c.charCodeAt(1)&0 x3f;returnString.fromCharCode(cc););return strUni;/*-*/名师资料总结-精品资料欢迎下载-名师精心整理-第 19 页,共 19 页 -
黑公网安备:91230400333293403D