Skip to content

Commit c85ec10

Browse files
waderwader
committed
Initial commit
0 parents  commit c85ec10

11 files changed

+3288
-0
lines changed

README.markdown

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
### AES and CBC ArrayBuffer
2+
3+
This is a JavaScript AES and CBC implementation using ArrayBuffer. Why would you want that you might ask and the reason is that I wanted to do AES CBC crypto in a Chrome extension. I also wanted to make it resonable fast so the code might look a bit weird and it is also only optimized for Chrome v8.
4+
5+
Note that if you read this in a future when the [WebCrypto standard](http://www.w3.org/2012/webcrypto/WebCryptoAPI/) is available in all browser you need to support I suggest that you use that instead.
6+
7+
### Performance
8+
9+
2008 MacBook, Chrome 24, 2 GHz Core 2 Duo, 1067Mhz DDR3:
10+
Encrypt ~12.2 MB/s, Decrypt ~8.4 MB/s
11+
12+
2011 MacBook Air, Chrome 24, 1.5 GHz Core i5, 1333Mhz DDR3:
13+
Encrypt ~17.5 MB/s, Decrypt ~12.0 MB/s
14+
15+
### Usage
16+
17+
```JavaScript
18+
// make sure both aes.js and crypto.js is included
19+
var iv = new Uint8Array([
20+
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
21+
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
22+
]);
23+
var key = new Uint8Array([
24+
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
25+
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
26+
]);
27+
var input = new Uint8Array(123456);
28+
29+
// pad input to be AES block size aligned and then encrypt
30+
var encrypted = Crypto.encrypt_aes_cbc(Crypto.pkcs_pad(input.buffer), key.buffer, iv.buffer);
31+
32+
// decrypt and then remove pad bytes
33+
var decrypted = Crypto.pkcs_unpad(Crypto.decrypt_aes_cbc(encrypted, key.buffer, iv.buffer));
34+
35+
// decrypted is now a ArrayBuffer with same bytes as in input
36+
```
37+
38+
### Possible improvements
39+
40+
Test if inverse equivalent cipher is faster. [crypto-js AES](http://crypto-js.googlecode.com/svn/tags/3.1/src/aes.js) seems to use that but haven't benchmarked their code yet.
41+

aes.js

+348
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,348 @@
1+
// JavaScript AES implementation using ArrayBuffer
2+
// Copyright (c) 2013 <[email protected]>
3+
//
4+
// MIT License:
5+
// Permission is hereby granted, free of charge, to any person obtaining a copy
6+
// of this software and associated documentation files (the "Software"), to deal
7+
// in the Software without restriction, including without limitation the rights
8+
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
// copies of the Software, and to permit persons to whom the Software is
10+
// furnished to do so, subject to the following conditions:
11+
//
12+
// The above copyright notice and this permission notice shall be included in
13+
// all copies or substantial portions of the Software.
14+
//
15+
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21+
// THE SOFTWARE.
22+
//
23+
24+
AES = (function() {
25+
// spec from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
26+
27+
// for performance cipher and inv_cipher do not create new objects
28+
// instead they take a input buffer and pass it around to keep state
29+
// and it is also used as output.
30+
31+
var block_size_bytes = 16;
32+
var block_size_words = 4;
33+
var nb = 4;
34+
var sbox = [
35+
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
36+
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
37+
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
38+
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
39+
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
40+
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
41+
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
42+
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
43+
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
44+
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
45+
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
46+
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
47+
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
48+
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
49+
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
50+
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
51+
];
52+
53+
var inv_sbox = [
54+
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
55+
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
56+
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
57+
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
58+
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
59+
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
60+
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
61+
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
62+
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
63+
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
64+
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
65+
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
66+
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
67+
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
68+
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
69+
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
70+
];
71+
72+
var rcon = [
73+
0x00000000,
74+
0x01000000,
75+
0x02000000,
76+
0x04000000,
77+
0x08000000,
78+
0x10000000,
79+
0x20000000,
80+
0x40000000,
81+
0x80000000,
82+
0x1b000000,
83+
0x36000000
84+
];
85+
86+
// from http://www.cs.utsa.edu/~wagner/laws/FFM.html
87+
function ffmul(a, b) {
88+
var r = 0;
89+
var t;
90+
91+
while (a) {
92+
if ((a & 1)) {
93+
r = r ^ b;
94+
}
95+
96+
t = b & 0x80;
97+
b <<= 1;
98+
if (t) {
99+
b ^= 0x1b;
100+
}
101+
102+
a >>= 1;
103+
}
104+
105+
return r;
106+
}
107+
108+
function ffmul_table(n) {
109+
var table = new Array(256);
110+
111+
for (var i = 0; i < 256; i++) {
112+
table[i] = ffmul(n, i) & 0xff;
113+
}
114+
115+
return table;
116+
}
117+
118+
// precompute for factors used in (inv)mix_columns
119+
var ffmul_t_2 = ffmul_table(2);
120+
var ffmul_t_3 = ffmul_table(3);
121+
var ffmul_t_9 = ffmul_table(9);
122+
var ffmul_t_b = ffmul_table(0xb);
123+
var ffmul_t_d = ffmul_table(0xd);
124+
var ffmul_t_e = ffmul_table(0xe);
125+
126+
function sub_word(w) {
127+
return (
128+
sbox[w >>> 24] << 24 |
129+
sbox[(w >>> 16) & 0xff] << 16 |
130+
sbox[(w >>> 8) & 0xff] << 8 |
131+
sbox[w & 0xff]
132+
);
133+
}
134+
135+
function rot_word(w) {
136+
return w >>> 24 | w << 8;
137+
}
138+
139+
function endian_swap32(n) {
140+
return n >>> 24 | (n & 0xff0000) >>> 8 | (n & 0xff00) << 8 | (n & 0xff) << 24;
141+
}
142+
143+
// little endian if first byte in 32 bit uint 1 is 1
144+
var is_little_endian = ((new Uint8Array((new Uint32Array([1])).buffer))[0] == 1);
145+
146+
// key is 16, 24 or 32 byte ArrayBuffer
147+
function key_expansion(key) {
148+
var key_u8 = new Uint8Array(key);
149+
var nk = key_u8.length / 4;
150+
var nr = nk + 6;
151+
152+
var w = new Uint32Array(nb * (nr+1));
153+
for (var i = 0; i < nk; i++) {
154+
w[i] = (
155+
key_u8[i*4] << 24 |
156+
key_u8[i*4+1] << 16 |
157+
key_u8[i*4+2] << 8 |
158+
key_u8[i*4+3]
159+
);
160+
}
161+
162+
for (var i = nk; i < nb*(nr+1); i++) {
163+
var temp = w[i - 1];
164+
if (i % nk == 0) {
165+
temp = sub_word(rot_word(temp)) ^ rcon[i/nk];
166+
} else if (nk > 6 && i % nk == 4) {
167+
temp = sub_word(temp);
168+
}
169+
170+
w[i] = w[i - nk] ^ temp;
171+
}
172+
173+
// make sure key schedule byte order matches state byte order
174+
// this is so that correct bytes are xored for add_round_key
175+
if (is_little_endian) {
176+
for (var i = 0; i < w.length; i++) {
177+
w[i] = endian_swap32(w[i]);
178+
}
179+
}
180+
181+
return w;
182+
}
183+
184+
// state_u8 is 16 byte Uint8Array (also used as output)
185+
// w is value from key_expansion
186+
function cipher(state_u32, w) {
187+
var nr = (w.length / nb - 1)*4;
188+
var s0, s1, s2, s3;
189+
var t0, t1, t2, t3;
190+
var m0, m1, m2, m3;
191+
192+
// add_round_key
193+
s0 = (state_u32[0] ^ w[0]) >>> 0;
194+
s1 = (state_u32[1] ^ w[1]) >>> 0;
195+
s2 = (state_u32[2] ^ w[2]) >>> 0;
196+
s3 = (state_u32[3] ^ w[3]) >>> 0;
197+
198+
for (var round = 4; round < nr; round += 4) {
199+
// sub_byte, shift_rows, mix_columns, add_round_key
200+
201+
t0 = s0;
202+
t1 = s1;
203+
t2 = s2;
204+
t3 = s3;
205+
206+
m0 = sbox[t0 & 0xff] >>> 0;
207+
m1 = sbox[(t1 >>> 8) & 0xff] >>> 0;
208+
m2 = sbox[(t2 >>> 16) & 0xff] >>> 0;
209+
m3 = sbox[t3 >>> 24] >>> 0;
210+
s0 = ((
211+
(ffmul_t_2[m0] ^ ffmul_t_3[m1] ^ m2 ^ m3) |
212+
(m0 ^ ffmul_t_2[m1] ^ ffmul_t_3[m2] ^ m3) << 8 |
213+
(m0 ^ m1 ^ ffmul_t_2[m2] ^ ffmul_t_3[m3]) << 16 |
214+
(ffmul_t_3[m0] ^ m1 ^ m2 ^ ffmul_t_2[m3]) << 24
215+
) ^ w[round]) >>> 0;
216+
m0 = sbox[t1 & 0xff] >>> 0;
217+
m1 = sbox[(t2 >>> 8) & 0xff] >>> 0;
218+
m2 = sbox[(t3 >>> 16) & 0xff] >>> 0;
219+
m3 = sbox[t0 >>> 24] >>> 0;
220+
s1 = ((
221+
(ffmul_t_2[m0] ^ ffmul_t_3[m1] ^ m2 ^ m3) |
222+
(m0 ^ ffmul_t_2[m1] ^ ffmul_t_3[m2] ^ m3) << 8 |
223+
(m0 ^ m1 ^ ffmul_t_2[m2] ^ ffmul_t_3[m3]) << 16 |
224+
(ffmul_t_3[m0] ^ m1 ^ m2 ^ ffmul_t_2[m3]) << 24
225+
) ^ w[round+1]) >>> 0;
226+
m0 = sbox[t2 & 0xff] >>> 0;
227+
m1 = sbox[(t3 >>> 8) & 0xff] >>> 0;
228+
m2 = sbox[(t0 >>> 16) & 0xff] >>> 0;
229+
m3 = sbox[t1 >>> 24] >>> 0;
230+
s2 = ((
231+
(ffmul_t_2[m0] ^ ffmul_t_3[m1] ^ m2 ^ m3) |
232+
(m0 ^ ffmul_t_2[m1] ^ ffmul_t_3[m2] ^ m3) << 8 |
233+
(m0 ^ m1 ^ ffmul_t_2[m2] ^ ffmul_t_3[m3]) << 16 |
234+
(ffmul_t_3[m0] ^ m1 ^ m2 ^ ffmul_t_2[m3]) << 24
235+
) ^ w[round+2]) >>> 0;
236+
m0 = sbox[t3 & 0xff] >>> 0;
237+
m1 = sbox[(t0 >>> 8) & 0xff] >>> 0;
238+
m2 = sbox[(t1 >>> 16) & 0xff] >>> 0;
239+
m3 = sbox[t2 >>> 24] >>> 0;
240+
s3 = ((
241+
(ffmul_t_2[m0] ^ ffmul_t_3[m1] ^ m2 ^ m3) |
242+
(m0 ^ ffmul_t_2[m1] ^ ffmul_t_3[m2] ^ m3) << 8 |
243+
(m0 ^ m1 ^ ffmul_t_2[m2] ^ ffmul_t_3[m3]) << 16 |
244+
(ffmul_t_3[m0] ^ m1 ^ m2 ^ ffmul_t_2[m3]) << 24
245+
) ^ w[round+3]) >>> 0;
246+
}
247+
248+
// sub_byte, shift_rows, add_round_key
249+
state_u32[0] = w[nr] ^ (sbox[s0 & 0xff] | sbox[(s1 >>> 8) & 0xff] << 8 | sbox[(s2 >>> 16) & 0xff] << 16 | sbox[s3 >>> 24] << 24);
250+
state_u32[1] = w[nr+1] ^ (sbox[s1 & 0xff] | sbox[(s2 >>> 8) & 0xff] << 8 | sbox[(s3 >>> 16) & 0xff] << 16 | sbox[s0 >>> 24] << 24);
251+
state_u32[2] = w[nr+2] ^ (sbox[s2 & 0xff] | sbox[(s3 >>> 8) & 0xff] << 8 | sbox[(s0 >>> 16) & 0xff] << 16 | sbox[s1 >>> 24] << 24);
252+
state_u32[3] = w[nr+3] ^ (sbox[s3 & 0xff] | sbox[(s0 >>> 8) & 0xff] << 8 | sbox[(s1 >>> 16) & 0xff] << 16 | sbox[s2 >>> 24] << 24);
253+
}
254+
255+
// state_u8 is 16 byte Uint8Array (also used as output)
256+
// w is value from key_expansion
257+
function inv_cipher(state_u32, w) {
258+
var nr = (w.length / nb - 1) * 4;
259+
var s0, s1, s2, s3;
260+
var t0, t1, t2, t3;
261+
262+
// add_round_key
263+
s0 = (state_u32[0] ^ w[nr]) >>> 0;
264+
s1 = (state_u32[1] ^ w[nr+1]) >>> 0;
265+
s2 = (state_u32[2] ^ w[nr+2]) >>> 0;
266+
s3 = (state_u32[3] ^ w[nr+3]) >>> 0;
267+
268+
for (var round = nr-4; round > 0; round -= 4) {
269+
// inv_shift_rows, inv_sub_byte, add_round_key
270+
271+
t0 = s0;
272+
t1 = s1;
273+
t2 = s2;
274+
t3 = s3;
275+
s0 = ((
276+
inv_sbox[t0 & 0xff] | inv_sbox[(t3 >>> 8) & 0xff] << 8 | inv_sbox[(t2 >>> 16) & 0xff] << 16 | inv_sbox[t1 >>> 24] << 24
277+
) ^ w[round]) >>> 0;
278+
s1 = ((
279+
inv_sbox[t1 & 0xff] | inv_sbox[(t0 >>> 8) & 0xff] << 8 | inv_sbox[(t3 >>> 16) & 0xff] << 16 | inv_sbox[t2 >>> 24] << 24
280+
) ^ w[round+1]) >>> 0;
281+
s2 = ((
282+
inv_sbox[t2 & 0xff] | inv_sbox[(t1 >>> 8) & 0xff] << 8 | inv_sbox[(t0 >>> 16) & 0xff] << 16 | inv_sbox[t3 >>> 24] << 24
283+
) ^ w[round+2]) >>> 0;
284+
s3 = ((
285+
inv_sbox[t3 & 0xff] | inv_sbox[(t2 >>> 8) & 0xff] << 8 | inv_sbox[(t1 >>> 16) & 0xff] << 16 | inv_sbox[t0 >>> 24] << 24
286+
) ^ w[round+3]) >>> 0;
287+
288+
// inv_mix_columns
289+
t0 = s0 & 0xff >>> 0;
290+
t1 = ((s0 >>> 8) & 0xff) >>>0;
291+
t2 = ((s0 >>> 16) & 0xff) >>> 0;
292+
t3 = s0 >>> 24;
293+
s0 = (
294+
(ffmul_t_e[t0] ^ ffmul_t_b[t1] ^ ffmul_t_d[t2] ^ ffmul_t_9[t3]) |
295+
(ffmul_t_9[t0] ^ ffmul_t_e[t1] ^ ffmul_t_b[t2] ^ ffmul_t_d[t3]) << 8 |
296+
(ffmul_t_d[t0] ^ ffmul_t_9[t1] ^ ffmul_t_e[t2] ^ ffmul_t_b[t3]) << 16 |
297+
(ffmul_t_b[t0] ^ ffmul_t_d[t1] ^ ffmul_t_9[t2] ^ ffmul_t_e[t3]) << 24
298+
) >>> 0;
299+
t0 = (s1 & 0xff) >>> 0;
300+
t1 = ((s1 >>> 8) & 0xff) >>> 0;
301+
t2 = ((s1 >>> 16) & 0xff) >>> 0;
302+
t3 = s1 >>> 24;
303+
s1 = (
304+
(ffmul_t_e[t0] ^ ffmul_t_b[t1] ^ ffmul_t_d[t2] ^ ffmul_t_9[t3]) |
305+
(ffmul_t_9[t0] ^ ffmul_t_e[t1] ^ ffmul_t_b[t2] ^ ffmul_t_d[t3]) << 8 |
306+
(ffmul_t_d[t0] ^ ffmul_t_9[t1] ^ ffmul_t_e[t2] ^ ffmul_t_b[t3]) << 16 |
307+
(ffmul_t_b[t0] ^ ffmul_t_d[t1] ^ ffmul_t_9[t2] ^ ffmul_t_e[t3]) << 24
308+
) >>> 0;
309+
t0 = (s2 & 0xff) >>> 0;
310+
t1 = ((s2 >>> 8) & 0xff) >>> 0;
311+
t2 = ((s2 >>> 16) & 0xff) >>> 0;
312+
t3 = s2 >>> 24;
313+
s2 = (
314+
(ffmul_t_e[t0] ^ ffmul_t_b[t1] ^ ffmul_t_d[t2] ^ ffmul_t_9[t3]) |
315+
(ffmul_t_9[t0] ^ ffmul_t_e[t1] ^ ffmul_t_b[t2] ^ ffmul_t_d[t3]) << 8 |
316+
(ffmul_t_d[t0] ^ ffmul_t_9[t1] ^ ffmul_t_e[t2] ^ ffmul_t_b[t3]) << 16 |
317+
(ffmul_t_b[t0] ^ ffmul_t_d[t1] ^ ffmul_t_9[t2] ^ ffmul_t_e[t3]) << 24
318+
) >>> 0;
319+
t0 = (s3 & 0xff) >>> 0;
320+
t1 = ((s3 >>> 8) & 0xff) >>> 0;
321+
t2 = ((s3 >>> 16) & 0xff) >>> 0;
322+
t3 = s3 >>> 24;
323+
s3 = (
324+
(ffmul_t_e[t0] ^ ffmul_t_b[t1] ^ ffmul_t_d[t2] ^ ffmul_t_9[t3]) |
325+
(ffmul_t_9[t0] ^ ffmul_t_e[t1] ^ ffmul_t_b[t2] ^ ffmul_t_d[t3]) << 8 |
326+
(ffmul_t_d[t0] ^ ffmul_t_9[t1] ^ ffmul_t_e[t2] ^ ffmul_t_b[t3]) << 16 |
327+
(ffmul_t_b[t0] ^ ffmul_t_d[t1] ^ ffmul_t_9[t2] ^ ffmul_t_e[t3]) << 24
328+
) >>> 0;
329+
}
330+
331+
// inv_shift_rows, inv_sub_byte, add_round_key
332+
state_u32[0] = w[0] ^ (inv_sbox[s0 & 0xff] | inv_sbox[(s3 >>> 8) & 0xff] << 8 | inv_sbox[(s2 >>> 16) & 0xff] << 16 | inv_sbox[s1 >>> 24] << 24);
333+
state_u32[1] = w[1] ^ (inv_sbox[s1 & 0xff] | inv_sbox[(s0 >>> 8) & 0xff] << 8 | inv_sbox[(s3 >>> 16) & 0xff] << 16 | inv_sbox[s2 >>> 24] << 24);
334+
state_u32[2] = w[2] ^ (inv_sbox[s2 & 0xff] | inv_sbox[(s1 >>> 8) & 0xff] << 8 | inv_sbox[(s0 >>> 16) & 0xff] << 16 | inv_sbox[s3 >>> 24] << 24);
335+
state_u32[3] = w[3] ^ (inv_sbox[s3 & 0xff] | inv_sbox[(s2 >>> 8) & 0xff] << 8 | inv_sbox[(s1 >>> 16) & 0xff] << 16 | inv_sbox[s0 >>> 24] << 24);
336+
}
337+
338+
return {
339+
block_size_bytes: block_size_bytes,
340+
block_size_words: block_size_words,
341+
endian_swap32: endian_swap32,
342+
is_little_endian: is_little_endian,
343+
key_expansion: key_expansion,
344+
cipher: cipher,
345+
inv_cipher: inv_cipher
346+
};
347+
})();
348+

0 commit comments

Comments
 (0)