github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric-amcl/amcl/AES.go (about) 1 /* 2 Licensed to the Apache Software Foundation (ASF) under one 3 or more contributor license agreements. See the NOTICE file 4 distributed with this work for additional information 5 regarding copyright ownership. The ASF licenses this file 6 to you under the Apache License, Version 2.0 (the 7 "License"); you may not use this file except in compliance 8 with the License. You may obtain a copy of the License at 9 10 http://www.apache.org/licenses/LICENSE-2.0 11 12 Unless required by applicable law or agreed to in writing, 13 software distributed under the License is distributed on an 14 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 KIND, either express or implied. See the License for the 16 specific language governing permissions and limitations 17 under the License. 18 */ 19 20 /* AES Encryption */ 21 22 package amcl 23 24 25 26 const AES_ECB int=0 27 const AES_CBC int=1 28 const AES_CFB1 int=2 29 const AES_CFB2 int=3 30 const AES_CFB4 int=5 31 const AES_OFB1 int=14 32 const AES_OFB2 int=15 33 const AES_OFB4 int=17 34 const AES_OFB8 int=21 35 const AES_OFB16 int=29 36 const AES_CTR1 int=30 37 const AES_CTR2 int=31 38 const AES_CTR4 int=33 39 const AES_CTR8 int=37 40 const AES_CTR16 int=45 41 42 var aes_InCo = [...]byte {0xB,0xD,0x9,0xE} /* Inverse Coefficients */ 43 44 var aes_ptab = [...]byte { 45 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53, 46 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170, 47 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49, 48 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205, 49 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136, 50 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154, 51 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163, 52 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160, 53 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65, 54 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117, 55 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, 56 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, 57 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, 58 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, 59 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23, 60 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1} 61 62 var aes_ltab = [...]byte { 63 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3, 64 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193, 65 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120, 66 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142, 67 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56, 68 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16, 69 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186, 70 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87, 71 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232, 72 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160, 73 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183, 74 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, 75 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, 76 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, 77 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, 78 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7} 79 80 81 var aes_fbsub = [...]byte { 82 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 83 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 84 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 85 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 86 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 87 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 88 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 89 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 90 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 91 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 92 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 93 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 94 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 95 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 96 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 97 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22} 98 99 var aes_rbsub = [...]byte { 100 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, 101 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, 102 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, 103 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, 104 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, 105 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, 106 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, 107 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, 108 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 109 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 110 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 111 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 112 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 113 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 114 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, 115 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125} 116 117 118 var aes_rco = [...]byte {1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47} 119 120 var aes_ftable = [...]uint32 { 121 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6, 122 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56, 123 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f, 124 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb, 125 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453, 126 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c, 127 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551, 128 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a, 129 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637, 130 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df, 131 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d, 132 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b, 133 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd, 134 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1, 135 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d, 136 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85, 137 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a, 138 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe, 139 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d, 140 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1, 141 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5, 142 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3, 143 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755, 144 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6, 145 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54, 146 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428, 147 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264, 148 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8, 149 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531, 150 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda, 151 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac, 152 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810, 153 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657, 154 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e, 155 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c, 156 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c, 157 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199, 158 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122, 159 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c, 160 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5, 161 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7, 162 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e, 163 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c} 164 165 var aes_rtable = [...]uint32 { 166 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f, 167 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5, 168 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25, 169 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b, 170 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458, 171 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927, 172 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5, 173 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9, 174 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72, 175 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3, 176 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7, 177 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4, 178 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040, 179 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d, 180 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6, 181 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879, 182 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32, 183 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36, 184 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793, 185 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c, 186 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2, 187 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3, 188 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb, 189 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684, 190 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc, 191 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947, 192 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9, 193 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f, 194 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890, 195 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf, 196 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e, 197 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef, 198 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a, 199 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733, 200 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43, 201 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546, 202 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92, 203 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb, 204 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255, 205 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478, 206 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc, 207 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664, 208 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0} 209 210 type AES struct { 211 Nk int 212 Nr int 213 mode int 214 fkey [60]uint32 215 rkey [60]uint32 216 f [16]byte 217 } 218 219 /* Rotates 32-bit word left by 1, 2 or 3 byte */ 220 221 func aes_ROTL8(x uint32) uint32 { 222 return (((x)<<8)|((x)>>24)) 223 } 224 225 func aes_ROTL16(x uint32) uint32 { 226 return (((x)<<16)|((x)>>16)) 227 } 228 229 func aes_ROTL24(x uint32) uint32 { 230 return (((x)<<24)|((x)>>8)) 231 } 232 233 func aes_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */ 234 return ((uint32(b[3])&0xff)<<24)|((uint32(b[2])&0xff)<<16)|((uint32(b[1])&0xff)<<8)|(uint32(b[0])&0xff) 235 } 236 237 func aes_unpack(a uint32) [4]byte { /* unpack bytes from a word */ 238 var b=[4]byte{byte(a&0xff),byte((a>>8)&0xff),byte((a>>16)&0xff),byte((a>>24)&0xff)} 239 return b; 240 } 241 242 func aes_bmul(x byte,y byte) byte { /* x.y= AntiLog(Log(x) + Log(y)) */ 243 244 ix:=int(x)&0xff 245 iy:=int(y)&0xff 246 lx:=int(aes_ltab[ix])&0xff 247 ly:=int(aes_ltab[iy])&0xff 248 249 if x != 0 && y != 0 { 250 return aes_ptab[(lx+ly)%255] 251 } else {return byte(0)} 252 } 253 254 func aes_SubByte(a uint32) uint32 { 255 b:=aes_unpack(a) 256 b[0]=aes_fbsub[int(b[0])] 257 b[1]=aes_fbsub[int(b[1])] 258 b[2]=aes_fbsub[int(b[2])] 259 b[3]=aes_fbsub[int(b[3])] 260 return aes_pack(b); 261 } 262 263 func aes_product(x uint32,y uint32) byte { /* dot product of two 4-byte arrays */ 264 xb:=aes_unpack(x) 265 yb:=aes_unpack(y) 266 267 return (aes_bmul(xb[0],yb[0])^aes_bmul(xb[1],yb[1])^aes_bmul(xb[2],yb[2])^aes_bmul(xb[3],yb[3])) 268 } 269 270 func aes_InvMixCol(x uint32) uint32 { /* matrix Multiplication */ 271 var b [4]byte 272 m:=aes_pack(aes_InCo) 273 b[3]=aes_product(m,x) 274 m=aes_ROTL24(m) 275 b[2]=aes_product(m,x) 276 m=aes_ROTL24(m) 277 b[1]=aes_product(m,x) 278 m=aes_ROTL24(m) 279 b[0]=aes_product(m,x) 280 var y=aes_pack(b) 281 return y 282 } 283 284 func aes_increment(f []byte) { 285 for i:=0;i<16;i++ { 286 f[i]++ 287 if f[i]!=0 {break} 288 } 289 } 290 291 /* reset cipher */ 292 func (A *AES) Reset(m int,iv []byte) { /* reset mode, or reset iv */ 293 A.mode=m; 294 for i:=0;i<16;i++ {A.f[i]=0} 295 if (A.mode != AES_ECB) && (iv != nil) { 296 for i:=0;i<16;i++ {A.f[i]=iv[i]} 297 } 298 } 299 300 func (A *AES) Init(m int,nk int,key []byte,iv []byte) bool { 301 /* Key Scheduler. Create expanded encryption key */ 302 var CipherKey [8]uint32 303 var b [4]byte 304 nk/=4 305 if nk!=4 && nk!=6 && nk!=8 {return false} 306 nr:=6+nk 307 A.Nk=nk 308 A.Nr=nr 309 A.Reset(m,iv); 310 N:=4*(nr+1) 311 312 j:=0 313 for i:=0;i<nk;i++ { 314 for k:=0;k<4;k++ {b[k]=key[j+k]} 315 CipherKey[i]=aes_pack(b); 316 j+=4; 317 } 318 for i:=0;i<nk;i++ {A.fkey[i]=CipherKey[i]} 319 j=nk 320 for k:=0;j<N;k++ { 321 A.fkey[j]=A.fkey[j-nk]^aes_SubByte(aes_ROTL24(A.fkey[j-1]))^uint32(aes_rco[k]) 322 for i:=1;i<nk && (i+j)<N;i++ { 323 A.fkey[i+j]=A.fkey[i+j-nk]^A.fkey[i+j-1] 324 } 325 j+=nk 326 } 327 328 /* now for the expanded decrypt key in reverse order */ 329 330 for j:=0;j<4;j++ {A.rkey[j+N-4]=A.fkey[j]} 331 for i:=4;i<N-4;i+=4 { 332 k:=N-4-i; 333 for j:=0;j<4;j++ {A.rkey[k+j]=aes_InvMixCol(A.fkey[i+j])} 334 } 335 for j:=N-4;j<N;j++ {A.rkey[j-N+4]=A.fkey[j]} 336 return true 337 } 338 339 func NewAES() *AES { 340 var A=new(AES) 341 return A 342 } 343 344 func (A *AES) Getreg() [16]byte { 345 var ir [16]byte 346 for i:=0;i<16;i++ {ir[i]=A.f[i]} 347 return ir 348 } 349 350 /* Encrypt a single block */ 351 func (A *AES) ecb_encrypt(buff []byte) { 352 var b [4]byte 353 var p [4]uint32 354 var q [4]uint32 355 356 j:=0 357 for i:=0;i<4;i++ { 358 for k:=0;k<4;k++ {b[k]=buff[j+k]} 359 p[i]=aes_pack(b) 360 p[i]^=A.fkey[i] 361 j+=4 362 } 363 364 k:=4 365 366 /* State alternates between p and q */ 367 for i:=1;i<A.Nr;i++ { 368 q[0]=A.fkey[k]^aes_ftable[int(p[0]&0xff)]^aes_ROTL8(aes_ftable[int((p[1]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[2]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[3]>>24)&0xff)]) 369 370 q[1]=A.fkey[k+1]^aes_ftable[int(p[1]&0xff)]^aes_ROTL8(aes_ftable[int((p[2]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[3]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[0]>>24)&0xff)]) 371 372 q[2]=A.fkey[k+2]^aes_ftable[int(p[2]&0xff)]^aes_ROTL8(aes_ftable[int((p[3]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[0]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[1]>>24)&0xff)]) 373 374 q[3]=A.fkey[k+3]^aes_ftable[int(p[3]&0xff)]^aes_ROTL8(aes_ftable[int((p[0]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[1]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[2]>>24)&0xff)]) 375 376 k+=4; 377 for j=0;j<4;j++ { 378 t:=p[j]; p[j]=q[j]; q[j]=t 379 } 380 } 381 382 /* Last Round */ 383 384 q[0]=A.fkey[k]^uint32(aes_fbsub[int(p[0]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[1]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[2]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[3]>>24)&0xff)])) 385 386 q[1]=A.fkey[k+1]^uint32(aes_fbsub[int(p[1]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[2]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[3]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[0]>>24)&0xff)])) 387 388 q[2]=A.fkey[k+2]^uint32(aes_fbsub[int(p[2]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[3]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[0]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[1]>>24)&0xff)])) 389 390 q[3]=A.fkey[k+3]^uint32(aes_fbsub[int(p[3]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[0]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[1]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[2]>>24)&0xff)])) 391 392 j=0 393 for i:=0;i<4;i++ { 394 b=aes_unpack(q[i]) 395 for k=0;k<4;k++ {buff[j+k]=b[k]} 396 j+=4 397 } 398 } 399 400 /* Decrypt a single block */ 401 func (A *AES) ecb_decrypt(buff []byte) { 402 var b [4]byte 403 var p [4]uint32 404 var q [4]uint32 405 406 j:=0 407 for i:=0;i<4;i++ { 408 for k:=0;k<4;k++ {b[k]=buff[j+k]} 409 p[i]=aes_pack(b) 410 p[i]^=A.rkey[i] 411 j+=4 412 } 413 414 k:=4 415 416 /* State alternates between p and q */ 417 for i:=1;i<A.Nr;i++ { 418 419 q[0]=A.rkey[k]^aes_rtable[int(p[0]&0xff)]^aes_ROTL8(aes_rtable[int((p[3]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[2]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[1]>>24)&0xff)]) 420 421 q[1]=A.rkey[k+1]^aes_rtable[int(p[1]&0xff)]^aes_ROTL8(aes_rtable[int((p[0]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[3]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[2]>>24)&0xff)]) 422 423 424 q[2]=A.rkey[k+2]^aes_rtable[int(p[2]&0xff)]^aes_ROTL8(aes_rtable[int((p[1]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[0]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[3]>>24)&0xff)]) 425 426 q[3]=A.rkey[k+3]^aes_rtable[int(p[3]&0xff)]^aes_ROTL8(aes_rtable[int((p[2]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[1]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[0]>>24)&0xff)]) 427 428 429 k+=4; 430 for j:=0;j<4;j++ { 431 t:=p[j]; p[j]=q[j]; q[j]=t 432 } 433 } 434 435 /* Last Round */ 436 437 q[0]=A.rkey[k]^uint32(aes_rbsub[int(p[0]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[3]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[2]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[1]>>24)&0xff)])) 438 439 q[1]=A.rkey[k+1]^uint32(aes_rbsub[int(p[1]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[0]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[3]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[2]>>24)&0xff)])) 440 441 442 q[2]=A.rkey[k+2]^uint32(aes_rbsub[int(p[2]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[1]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[0]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[3]>>24)&0xff)])) 443 444 q[3]=A.rkey[k+3]^uint32(aes_rbsub[int((p[3])&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[2]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[1]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[0]>>24)&0xff)])) 445 446 j=0 447 for i:=0;i<4;i++ { 448 b=aes_unpack(q[i]); 449 for k:=0;k<4;k++ {buff[j+k]=b[k]} 450 j+=4 451 } 452 } 453 454 /* Encrypt using selected mode of operation */ 455 func (A *AES) Encrypt(buff []byte) uint32 { 456 var st [16]byte 457 458 // Supported Modes of Operation 459 460 var fell_off uint32=0 461 switch A.mode { 462 case AES_ECB: 463 A.ecb_encrypt(buff) 464 return 0 465 case AES_CBC: 466 for j:=0;j<16;j++ {buff[j]^=A.f[j]} 467 A.ecb_encrypt(buff) 468 for j:=0;j<16;j++ {A.f[j]=buff[j]} 469 return 0 470 471 case AES_CFB1: 472 fallthrough 473 case AES_CFB2: 474 fallthrough 475 case AES_CFB4: 476 bytes:=A.mode-AES_CFB1+1 477 for j:=0;j<bytes;j++ {fell_off=(fell_off<<8)|uint32(A.f[j])} 478 for j:=0;j<16;j++ {st[j]=A.f[j]} 479 for j:=bytes;j<16;j++ {A.f[j-bytes]=A.f[j]} 480 A.ecb_encrypt(st[:]) 481 for j:=0;j<bytes;j++ { 482 buff[j]^=st[j] 483 A.f[16-bytes+j]=buff[j] 484 } 485 return fell_off 486 487 case AES_OFB1: 488 fallthrough 489 case AES_OFB2: 490 fallthrough 491 case AES_OFB4: 492 fallthrough 493 case AES_OFB8: 494 fallthrough 495 case AES_OFB16: 496 497 bytes:=A.mode-AES_OFB1+1 498 A.ecb_encrypt(A.f[:]) 499 for j:=0;j<bytes;j++ {buff[j]^=A.f[j]} 500 return 0; 501 502 case AES_CTR1: 503 fallthrough 504 case AES_CTR2: 505 fallthrough 506 case AES_CTR4: 507 fallthrough 508 case AES_CTR8: 509 fallthrough 510 case AES_CTR16: 511 bytes:=A.mode-AES_CTR1+1 512 for j:=0;j<16;j++ {st[j]=A.f[j]} 513 A.ecb_encrypt(st[:]) 514 for j:=0;j<bytes;j++ {buff[j]^=st[j]} 515 aes_increment(A.f[:]) 516 return 0 517 518 default: 519 return 0 520 } 521 } 522 523 /* Decrypt using selected mode of operation */ 524 func (A *AES) Decrypt(buff []byte) uint32 { 525 526 var st [16]byte 527 528 // Supported Modes of Operation 529 530 var fell_off uint32=0 531 switch A.mode { 532 case AES_ECB: 533 A.ecb_decrypt(buff); 534 return 0; 535 case AES_CBC: 536 for j:=0;j<16;j++ { 537 st[j]=A.f[j]; 538 A.f[j]=buff[j]; 539 } 540 A.ecb_decrypt(buff); 541 for j:=0;j<16;j++ { 542 buff[j]^=st[j]; 543 st[j]=0 544 } 545 return 0 546 case AES_CFB1: 547 fallthrough 548 case AES_CFB2: 549 fallthrough 550 case AES_CFB4: 551 bytes:=A.mode-AES_CFB1+1; 552 for j:=0;j<bytes;j++ {fell_off=(fell_off<<8)|uint32(A.f[j])} 553 for j:=0;j<16;j++ {st[j]=A.f[j]} 554 for j:=bytes;j<16;j++ {A.f[j-bytes]=A.f[j]} 555 A.ecb_encrypt(st[:]) 556 for j:=0;j<bytes;j++ { 557 A.f[16-bytes+j]=buff[j] 558 buff[j]^=st[j] 559 } 560 return fell_off 561 case AES_OFB1: 562 fallthrough 563 case AES_OFB2: 564 fallthrough 565 case AES_OFB4: 566 fallthrough 567 case AES_OFB8: 568 fallthrough 569 case AES_OFB16: 570 bytes:=A.mode-AES_OFB1+1 571 A.ecb_encrypt(A.f[:]); 572 for j:=0;j<bytes;j++ {buff[j]^=A.f[j]} 573 return 0 574 575 case AES_CTR1: 576 fallthrough 577 case AES_CTR2: 578 fallthrough 579 case AES_CTR4: 580 fallthrough 581 case AES_CTR8: 582 fallthrough 583 case AES_CTR16: 584 bytes:=A.mode-AES_CTR1+1 585 for j:=0;j<16;j++ {st[j]=A.f[j]} 586 A.ecb_encrypt(st[:]) 587 for j:=0;j<bytes;j++ {buff[j]^=st[j]} 588 aes_increment(A.f[:]) 589 return 0 590 591 default: 592 return 0; 593 } 594 } 595 596 /* Clean up and delete left-overs */ 597 func (A *AES) End() { // clean up 598 for i:=0;i<4*(A.Nr+1);i++ {A.fkey[i]=0; A.rkey[i]=0} 599 for i:=0;i<16;i++ {A.f[i]=0} 600 } 601 /* 602 func main() { 603 var key [32]byte 604 var block [16]byte 605 var iv [16]byte 606 607 for i:=0;i<32;i++ {key[i]=0} 608 key[0]=1 609 for i:=0;i<16;i++ {iv[i]=byte(i)} 610 for i:=0;i<16;i++ {block[i]=byte(i)} 611 612 a:=NewAES() 613 614 a.Init(AES_CTR16,32,key[:],iv[:]) 615 fmt.Printf("Plain= \n") 616 for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)} 617 fmt.Printf("\n") 618 619 a.Encrypt(block[:]) 620 621 fmt.Printf("Encrypt= \n") 622 for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)} 623 fmt.Printf("\n") 624 625 a.Reset(AES_CTR16,iv[:]) 626 a.Decrypt(block[:]) 627 628 fmt.Printf("Decrypt= \n") 629 for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)} 630 fmt.Printf("\n") 631 632 a.End(); 633 } 634 */