001: /*
002: * Copyright 2004-2008 H2 Group. Licensed under the H2 License, Version 1.0
003: * (http://h2database.com/html/license.html).
004: * Initial Developer: H2 Group
005: */
006: package org.h2.security;
007:
008: import org.h2.constant.SysProperties;
009: import org.h2.message.Message;
010:
011: /**
012: * An implementation of the AES block cipher algorithm,
013: * also known as Rijndael. Only AES-128 is supported by this class.
014: */
015: public class AES implements BlockCipher {
016:
017: private static final int[] RCON = new int[10];
018: private static final int[] FS = new int[256];
019: private static final int[] FT0 = new int[256];
020: private static final int[] FT1 = new int[256];
021: private static final int[] FT2 = new int[256];
022: private static final int[] FT3 = new int[256];
023: private static final int[] RS = new int[256];
024: private static final int[] RT0 = new int[256];
025: private static final int[] RT1 = new int[256];
026: private static final int[] RT2 = new int[256];
027: private static final int[] RT3 = new int[256];
028: private int[] encKey = new int[44];
029: private int[] decKey = new int[44];
030:
031: private static int rot8(int x) {
032: return (x >>> 8) | (x << 24);
033: }
034:
035: private static int xtime(int x) {
036: return ((x << 1) ^ (((x & 0x80) != 0) ? 0x1b : 0)) & 255;
037: }
038:
039: private static int mul(int[] pow, int[] log, int x, int y) {
040: return ((x != 0 && y != 0) ? pow[(log[x] + log[y]) % 255] : 0);
041: }
042:
043: static {
044: int[] pow = new int[256];
045: int[] log = new int[256];
046: for (int i = 0, x = 1; i < 256; i++, x ^= xtime(x)) {
047: pow[i] = x;
048: log[x] = i;
049: }
050: for (int i = 0, x = 1; i < 10; i++, x = xtime(x)) {
051: RCON[i] = x << 24;
052: }
053: FS[0x00] = 0x63;
054: RS[0x63] = 0x00;
055: for (int i = 1; i < 256; i++) {
056: int x = pow[255 - log[i]], y = x;
057: y = ((y << 1) | (y >> 7)) & 255;
058: x ^= y;
059: y = ((y << 1) | (y >> 7)) & 255;
060: x ^= y;
061: y = ((y << 1) | (y >> 7)) & 255;
062: x ^= y;
063: y = ((y << 1) | (y >> 7)) & 255;
064: x ^= y ^ 0x63;
065: FS[i] = x & 255;
066: RS[x] = i & 255;
067: }
068: for (int i = 0; i < 256; i++) {
069: int x = FS[i], y = xtime(x);
070: FT0[i] = (x ^ y) ^ (x << 8) ^ (x << 16) ^ (y << 24);
071: FT1[i] = rot8(FT0[i]);
072: FT2[i] = rot8(FT1[i]);
073: FT3[i] = rot8(FT2[i]);
074: y = RS[i];
075: RT0[i] = mul(pow, log, 0x0b, y)
076: ^ (mul(pow, log, 0x0d, y) << 8)
077: ^ (mul(pow, log, 0x09, y) << 16)
078: ^ (mul(pow, log, 0x0e, y) << 24);
079: RT1[i] = rot8(RT0[i]);
080: RT2[i] = rot8(RT1[i]);
081: RT3[i] = rot8(RT2[i]);
082: }
083: }
084:
085: private int getDec(int t) {
086: return RT0[FS[(t >> 24) & 255]] ^ RT1[FS[(t >> 16) & 255]]
087: ^ RT2[FS[(t >> 8) & 255]] ^ RT3[FS[t & 255]];
088: }
089:
090: public void setKey(byte[] key) {
091: for (int i = 0, j = 0; i < 4; i++) {
092: encKey[i] = decKey[i] = ((key[j++] & 255) << 24)
093: | ((key[j++] & 255) << 16)
094: | ((key[j++] & 255) << 8) | (key[j++] & 255);
095: }
096: int e = 0;
097: for (int i = 0; i < 10; i++, e += 4) {
098: encKey[e + 4] = encKey[e] ^ RCON[i]
099: ^ (FS[(encKey[e + 3] >> 16) & 255] << 24)
100: ^ (FS[(encKey[e + 3] >> 8) & 255] << 16)
101: ^ (FS[(encKey[e + 3]) & 255] << 8)
102: ^ FS[(encKey[e + 3] >> 24) & 255];
103: encKey[e + 5] = encKey[e + 1] ^ encKey[e + 4];
104: encKey[e + 6] = encKey[e + 2] ^ encKey[e + 5];
105: encKey[e + 7] = encKey[e + 3] ^ encKey[e + 6];
106: }
107: int d = 0;
108: decKey[d++] = encKey[e++];
109: decKey[d++] = encKey[e++];
110: decKey[d++] = encKey[e++];
111: decKey[d++] = encKey[e++];
112: for (int i = 1; i < 10; i++) {
113: e -= 8;
114: decKey[d++] = getDec(encKey[e++]);
115: decKey[d++] = getDec(encKey[e++]);
116: decKey[d++] = getDec(encKey[e++]);
117: decKey[d++] = getDec(encKey[e++]);
118: }
119: e -= 8;
120: decKey[d++] = encKey[e++];
121: decKey[d++] = encKey[e++];
122: decKey[d++] = encKey[e++];
123: decKey[d++] = encKey[e++];
124: }
125:
126: public void encrypt(byte[] buff, int off, int len) {
127: if (SysProperties.CHECK && (len % ALIGN != 0)) {
128: throw Message.getInternalError("unaligned len " + len);
129: }
130: for (int i = off; i < off + len; i += 16) {
131: encryptBlock(buff, buff, i);
132: }
133: }
134:
135: public void decrypt(byte[] bytes, int off, int len) {
136: if (SysProperties.CHECK && (len % ALIGN != 0)) {
137: throw Message.getInternalError("unaligned len " + len);
138: }
139: for (int i = off; i < off + len; i += 16) {
140: decryptBlock(bytes, bytes, i);
141: }
142: }
143:
144: private void encryptBlock(byte[] in, byte[] out, int off) {
145: int[] k = encKey;
146: int x0 = ((in[off] << 24) | ((in[off + 1] & 255) << 16)
147: | ((in[off + 2] & 255) << 8) | (in[off + 3] & 255))
148: ^ k[0];
149: int x1 = ((in[off + 4] << 24) | ((in[off + 5] & 255) << 16)
150: | ((in[off + 6] & 255) << 8) | (in[off + 7] & 255))
151: ^ k[1];
152: int x2 = ((in[off + 8] << 24) | ((in[off + 9] & 255) << 16)
153: | ((in[off + 10] & 255) << 8) | (in[off + 11] & 255))
154: ^ k[2];
155: int x3 = ((in[off + 12] << 24) | ((in[off + 13] & 255) << 16)
156: | ((in[off + 14] & 255) << 8) | (in[off + 15] & 255))
157: ^ k[3];
158: int y0 = FT0[(x0 >> 24) & 255] ^ FT1[(x1 >> 16) & 255]
159: ^ FT2[(x2 >> 8) & 255] ^ FT3[x3 & 255] ^ k[4];
160: int y1 = FT0[(x1 >> 24) & 255] ^ FT1[(x2 >> 16) & 255]
161: ^ FT2[(x3 >> 8) & 255] ^ FT3[x0 & 255] ^ k[5];
162: int y2 = FT0[(x2 >> 24) & 255] ^ FT1[(x3 >> 16) & 255]
163: ^ FT2[(x0 >> 8) & 255] ^ FT3[x1 & 255] ^ k[6];
164: int y3 = FT0[(x3 >> 24) & 255] ^ FT1[(x0 >> 16) & 255]
165: ^ FT2[(x1 >> 8) & 255] ^ FT3[x2 & 255] ^ k[7];
166: x0 = FT0[(y0 >> 24) & 255] ^ FT1[(y1 >> 16) & 255]
167: ^ FT2[(y2 >> 8) & 255] ^ FT3[y3 & 255] ^ k[8];
168: x1 = FT0[(y1 >> 24) & 255] ^ FT1[(y2 >> 16) & 255]
169: ^ FT2[(y3 >> 8) & 255] ^ FT3[y0 & 255] ^ k[9];
170: x2 = FT0[(y2 >> 24) & 255] ^ FT1[(y3 >> 16) & 255]
171: ^ FT2[(y0 >> 8) & 255] ^ FT3[y1 & 255] ^ k[10];
172: x3 = FT0[(y3 >> 24) & 255] ^ FT1[(y0 >> 16) & 255]
173: ^ FT2[(y1 >> 8) & 255] ^ FT3[y2 & 255] ^ k[11];
174: y0 = FT0[(x0 >> 24) & 255] ^ FT1[(x1 >> 16) & 255]
175: ^ FT2[(x2 >> 8) & 255] ^ FT3[x3 & 255] ^ k[12];
176: y1 = FT0[(x1 >> 24) & 255] ^ FT1[(x2 >> 16) & 255]
177: ^ FT2[(x3 >> 8) & 255] ^ FT3[x0 & 255] ^ k[13];
178: y2 = FT0[(x2 >> 24) & 255] ^ FT1[(x3 >> 16) & 255]
179: ^ FT2[(x0 >> 8) & 255] ^ FT3[x1 & 255] ^ k[14];
180: y3 = FT0[(x3 >> 24) & 255] ^ FT1[(x0 >> 16) & 255]
181: ^ FT2[(x1 >> 8) & 255] ^ FT3[x2 & 255] ^ k[15];
182: x0 = FT0[(y0 >> 24) & 255] ^ FT1[(y1 >> 16) & 255]
183: ^ FT2[(y2 >> 8) & 255] ^ FT3[y3 & 255] ^ k[16];
184: x1 = FT0[(y1 >> 24) & 255] ^ FT1[(y2 >> 16) & 255]
185: ^ FT2[(y3 >> 8) & 255] ^ FT3[y0 & 255] ^ k[17];
186: x2 = FT0[(y2 >> 24) & 255] ^ FT1[(y3 >> 16) & 255]
187: ^ FT2[(y0 >> 8) & 255] ^ FT3[y1 & 255] ^ k[18];
188: x3 = FT0[(y3 >> 24) & 255] ^ FT1[(y0 >> 16) & 255]
189: ^ FT2[(y1 >> 8) & 255] ^ FT3[y2 & 255] ^ k[19];
190: y0 = FT0[(x0 >> 24) & 255] ^ FT1[(x1 >> 16) & 255]
191: ^ FT2[(x2 >> 8) & 255] ^ FT3[x3 & 255] ^ k[20];
192: y1 = FT0[(x1 >> 24) & 255] ^ FT1[(x2 >> 16) & 255]
193: ^ FT2[(x3 >> 8) & 255] ^ FT3[x0 & 255] ^ k[21];
194: y2 = FT0[(x2 >> 24) & 255] ^ FT1[(x3 >> 16) & 255]
195: ^ FT2[(x0 >> 8) & 255] ^ FT3[x1 & 255] ^ k[22];
196: y3 = FT0[(x3 >> 24) & 255] ^ FT1[(x0 >> 16) & 255]
197: ^ FT2[(x1 >> 8) & 255] ^ FT3[x2 & 255] ^ k[23];
198: x0 = FT0[(y0 >> 24) & 255] ^ FT1[(y1 >> 16) & 255]
199: ^ FT2[(y2 >> 8) & 255] ^ FT3[y3 & 255] ^ k[24];
200: x1 = FT0[(y1 >> 24) & 255] ^ FT1[(y2 >> 16) & 255]
201: ^ FT2[(y3 >> 8) & 255] ^ FT3[y0 & 255] ^ k[25];
202: x2 = FT0[(y2 >> 24) & 255] ^ FT1[(y3 >> 16) & 255]
203: ^ FT2[(y0 >> 8) & 255] ^ FT3[y1 & 255] ^ k[26];
204: x3 = FT0[(y3 >> 24) & 255] ^ FT1[(y0 >> 16) & 255]
205: ^ FT2[(y1 >> 8) & 255] ^ FT3[y2 & 255] ^ k[27];
206: y0 = FT0[(x0 >> 24) & 255] ^ FT1[(x1 >> 16) & 255]
207: ^ FT2[(x2 >> 8) & 255] ^ FT3[x3 & 255] ^ k[28];
208: y1 = FT0[(x1 >> 24) & 255] ^ FT1[(x2 >> 16) & 255]
209: ^ FT2[(x3 >> 8) & 255] ^ FT3[x0 & 255] ^ k[29];
210: y2 = FT0[(x2 >> 24) & 255] ^ FT1[(x3 >> 16) & 255]
211: ^ FT2[(x0 >> 8) & 255] ^ FT3[x1 & 255] ^ k[30];
212: y3 = FT0[(x3 >> 24) & 255] ^ FT1[(x0 >> 16) & 255]
213: ^ FT2[(x1 >> 8) & 255] ^ FT3[x2 & 255] ^ k[31];
214: x0 = FT0[(y0 >> 24) & 255] ^ FT1[(y1 >> 16) & 255]
215: ^ FT2[(y2 >> 8) & 255] ^ FT3[y3 & 255] ^ k[32];
216: x1 = FT0[(y1 >> 24) & 255] ^ FT1[(y2 >> 16) & 255]
217: ^ FT2[(y3 >> 8) & 255] ^ FT3[y0 & 255] ^ k[33];
218: x2 = FT0[(y2 >> 24) & 255] ^ FT1[(y3 >> 16) & 255]
219: ^ FT2[(y0 >> 8) & 255] ^ FT3[y1 & 255] ^ k[34];
220: x3 = FT0[(y3 >> 24) & 255] ^ FT1[(y0 >> 16) & 255]
221: ^ FT2[(y1 >> 8) & 255] ^ FT3[y2 & 255] ^ k[35];
222: y0 = FT0[(x0 >> 24) & 255] ^ FT1[(x1 >> 16) & 255]
223: ^ FT2[(x2 >> 8) & 255] ^ FT3[x3 & 255] ^ k[36];
224: y1 = FT0[(x1 >> 24) & 255] ^ FT1[(x2 >> 16) & 255]
225: ^ FT2[(x3 >> 8) & 255] ^ FT3[x0 & 255] ^ k[37];
226: y2 = FT0[(x2 >> 24) & 255] ^ FT1[(x3 >> 16) & 255]
227: ^ FT2[(x0 >> 8) & 255] ^ FT3[x1 & 255] ^ k[38];
228: y3 = FT0[(x3 >> 24) & 255] ^ FT1[(x0 >> 16) & 255]
229: ^ FT2[(x1 >> 8) & 255] ^ FT3[x2 & 255] ^ k[39];
230: x0 = ((FS[(y0 >> 24) & 255] << 24)
231: | (FS[(y1 >> 16) & 255] << 16)
232: | (FS[(y2 >> 8) & 255] << 8) | FS[y3 & 255])
233: ^ k[40];
234: x1 = ((FS[(y1 >> 24) & 255] << 24)
235: | (FS[(y2 >> 16) & 255] << 16)
236: | (FS[(y3 >> 8) & 255] << 8) | FS[y0 & 255])
237: ^ k[41];
238: x2 = ((FS[(y2 >> 24) & 255] << 24)
239: | (FS[(y3 >> 16) & 255] << 16)
240: | (FS[(y0 >> 8) & 255] << 8) | FS[y1 & 255])
241: ^ k[42];
242: x3 = ((FS[(y3 >> 24) & 255] << 24)
243: | (FS[(y0 >> 16) & 255] << 16)
244: | (FS[(y1 >> 8) & 255] << 8) | FS[y2 & 255])
245: ^ k[43];
246: out[off] = (byte) (x0 >> 24);
247: out[off + 1] = (byte) (x0 >> 16);
248: out[off + 2] = (byte) (x0 >> 8);
249: out[off + 3] = (byte) x0;
250: out[off + 4] = (byte) (x1 >> 24);
251: out[off + 5] = (byte) (x1 >> 16);
252: out[off + 6] = (byte) (x1 >> 8);
253: out[off + 7] = (byte) x1;
254: out[off + 8] = (byte) (x2 >> 24);
255: out[off + 9] = (byte) (x2 >> 16);
256: out[off + 10] = (byte) (x2 >> 8);
257: out[off + 11] = (byte) x2;
258: out[off + 12] = (byte) (x3 >> 24);
259: out[off + 13] = (byte) (x3 >> 16);
260: out[off + 14] = (byte) (x3 >> 8);
261: out[off + 15] = (byte) x3;
262: }
263:
264: private void decryptBlock(byte[] in, byte[] out, int off) {
265: int[] k = decKey;
266: int x0 = ((in[off] << 24) | ((in[off + 1] & 255) << 16)
267: | ((in[off + 2] & 255) << 8) | (in[off + 3] & 255))
268: ^ k[0];
269: int x1 = ((in[off + 4] << 24) | ((in[off + 5] & 255) << 16)
270: | ((in[off + 6] & 255) << 8) | (in[off + 7] & 255))
271: ^ k[1];
272: int x2 = ((in[off + 8] << 24) | ((in[off + 9] & 255) << 16)
273: | ((in[off + 10] & 255) << 8) | (in[off + 11] & 255))
274: ^ k[2];
275: int x3 = ((in[off + 12] << 24) | ((in[off + 13] & 255) << 16)
276: | ((in[off + 14] & 255) << 8) | (in[off + 15] & 255))
277: ^ k[3];
278: int y0 = RT0[(x0 >> 24) & 255] ^ RT1[(x3 >> 16) & 255]
279: ^ RT2[(x2 >> 8) & 255] ^ RT3[x1 & 255] ^ k[4];
280: int y1 = RT0[(x1 >> 24) & 255] ^ RT1[(x0 >> 16) & 255]
281: ^ RT2[(x3 >> 8) & 255] ^ RT3[x2 & 255] ^ k[5];
282: int y2 = RT0[(x2 >> 24) & 255] ^ RT1[(x1 >> 16) & 255]
283: ^ RT2[(x0 >> 8) & 255] ^ RT3[x3 & 255] ^ k[6];
284: int y3 = RT0[(x3 >> 24) & 255] ^ RT1[(x2 >> 16) & 255]
285: ^ RT2[(x1 >> 8) & 255] ^ RT3[x0 & 255] ^ k[7];
286: x0 = RT0[(y0 >> 24) & 255] ^ RT1[(y3 >> 16) & 255]
287: ^ RT2[(y2 >> 8) & 255] ^ RT3[y1 & 255] ^ k[8];
288: x1 = RT0[(y1 >> 24) & 255] ^ RT1[(y0 >> 16) & 255]
289: ^ RT2[(y3 >> 8) & 255] ^ RT3[y2 & 255] ^ k[9];
290: x2 = RT0[(y2 >> 24) & 255] ^ RT1[(y1 >> 16) & 255]
291: ^ RT2[(y0 >> 8) & 255] ^ RT3[y3 & 255] ^ k[10];
292: x3 = RT0[(y3 >> 24) & 255] ^ RT1[(y2 >> 16) & 255]
293: ^ RT2[(y1 >> 8) & 255] ^ RT3[y0 & 255] ^ k[11];
294: y0 = RT0[(x0 >> 24) & 255] ^ RT1[(x3 >> 16) & 255]
295: ^ RT2[(x2 >> 8) & 255] ^ RT3[x1 & 255] ^ k[12];
296: y1 = RT0[(x1 >> 24) & 255] ^ RT1[(x0 >> 16) & 255]
297: ^ RT2[(x3 >> 8) & 255] ^ RT3[x2 & 255] ^ k[13];
298: y2 = RT0[(x2 >> 24) & 255] ^ RT1[(x1 >> 16) & 255]
299: ^ RT2[(x0 >> 8) & 255] ^ RT3[x3 & 255] ^ k[14];
300: y3 = RT0[(x3 >> 24) & 255] ^ RT1[(x2 >> 16) & 255]
301: ^ RT2[(x1 >> 8) & 255] ^ RT3[x0 & 255] ^ k[15];
302: x0 = RT0[(y0 >> 24) & 255] ^ RT1[(y3 >> 16) & 255]
303: ^ RT2[(y2 >> 8) & 255] ^ RT3[y1 & 255] ^ k[16];
304: x1 = RT0[(y1 >> 24) & 255] ^ RT1[(y0 >> 16) & 255]
305: ^ RT2[(y3 >> 8) & 255] ^ RT3[y2 & 255] ^ k[17];
306: x2 = RT0[(y2 >> 24) & 255] ^ RT1[(y1 >> 16) & 255]
307: ^ RT2[(y0 >> 8) & 255] ^ RT3[y3 & 255] ^ k[18];
308: x3 = RT0[(y3 >> 24) & 255] ^ RT1[(y2 >> 16) & 255]
309: ^ RT2[(y1 >> 8) & 255] ^ RT3[y0 & 255] ^ k[19];
310: y0 = RT0[(x0 >> 24) & 255] ^ RT1[(x3 >> 16) & 255]
311: ^ RT2[(x2 >> 8) & 255] ^ RT3[x1 & 255] ^ k[20];
312: y1 = RT0[(x1 >> 24) & 255] ^ RT1[(x0 >> 16) & 255]
313: ^ RT2[(x3 >> 8) & 255] ^ RT3[x2 & 255] ^ k[21];
314: y2 = RT0[(x2 >> 24) & 255] ^ RT1[(x1 >> 16) & 255]
315: ^ RT2[(x0 >> 8) & 255] ^ RT3[x3 & 255] ^ k[22];
316: y3 = RT0[(x3 >> 24) & 255] ^ RT1[(x2 >> 16) & 255]
317: ^ RT2[(x1 >> 8) & 255] ^ RT3[x0 & 255] ^ k[23];
318: x0 = RT0[(y0 >> 24) & 255] ^ RT1[(y3 >> 16) & 255]
319: ^ RT2[(y2 >> 8) & 255] ^ RT3[y1 & 255] ^ k[24];
320: x1 = RT0[(y1 >> 24) & 255] ^ RT1[(y0 >> 16) & 255]
321: ^ RT2[(y3 >> 8) & 255] ^ RT3[y2 & 255] ^ k[25];
322: x2 = RT0[(y2 >> 24) & 255] ^ RT1[(y1 >> 16) & 255]
323: ^ RT2[(y0 >> 8) & 255] ^ RT3[y3 & 255] ^ k[26];
324: x3 = RT0[(y3 >> 24) & 255] ^ RT1[(y2 >> 16) & 255]
325: ^ RT2[(y1 >> 8) & 255] ^ RT3[y0 & 255] ^ k[27];
326: y0 = RT0[(x0 >> 24) & 255] ^ RT1[(x3 >> 16) & 255]
327: ^ RT2[(x2 >> 8) & 255] ^ RT3[x1 & 255] ^ k[28];
328: y1 = RT0[(x1 >> 24) & 255] ^ RT1[(x0 >> 16) & 255]
329: ^ RT2[(x3 >> 8) & 255] ^ RT3[x2 & 255] ^ k[29];
330: y2 = RT0[(x2 >> 24) & 255] ^ RT1[(x1 >> 16) & 255]
331: ^ RT2[(x0 >> 8) & 255] ^ RT3[x3 & 255] ^ k[30];
332: y3 = RT0[(x3 >> 24) & 255] ^ RT1[(x2 >> 16) & 255]
333: ^ RT2[(x1 >> 8) & 255] ^ RT3[x0 & 255] ^ k[31];
334: x0 = RT0[(y0 >> 24) & 255] ^ RT1[(y3 >> 16) & 255]
335: ^ RT2[(y2 >> 8) & 255] ^ RT3[y1 & 255] ^ k[32];
336: x1 = RT0[(y1 >> 24) & 255] ^ RT1[(y0 >> 16) & 255]
337: ^ RT2[(y3 >> 8) & 255] ^ RT3[y2 & 255] ^ k[33];
338: x2 = RT0[(y2 >> 24) & 255] ^ RT1[(y1 >> 16) & 255]
339: ^ RT2[(y0 >> 8) & 255] ^ RT3[y3 & 255] ^ k[34];
340: x3 = RT0[(y3 >> 24) & 255] ^ RT1[(y2 >> 16) & 255]
341: ^ RT2[(y1 >> 8) & 255] ^ RT3[y0 & 255] ^ k[35];
342: y0 = RT0[(x0 >> 24) & 255] ^ RT1[(x3 >> 16) & 255]
343: ^ RT2[(x2 >> 8) & 255] ^ RT3[x1 & 255] ^ k[36];
344: y1 = RT0[(x1 >> 24) & 255] ^ RT1[(x0 >> 16) & 255]
345: ^ RT2[(x3 >> 8) & 255] ^ RT3[x2 & 255] ^ k[37];
346: y2 = RT0[(x2 >> 24) & 255] ^ RT1[(x1 >> 16) & 255]
347: ^ RT2[(x0 >> 8) & 255] ^ RT3[x3 & 255] ^ k[38];
348: y3 = RT0[(x3 >> 24) & 255] ^ RT1[(x2 >> 16) & 255]
349: ^ RT2[(x1 >> 8) & 255] ^ RT3[x0 & 255] ^ k[39];
350: x0 = ((RS[(y0 >> 24) & 255] << 24)
351: | (RS[(y3 >> 16) & 255] << 16)
352: | (RS[(y2 >> 8) & 255] << 8) | RS[y1 & 255])
353: ^ k[40];
354: x1 = ((RS[(y1 >> 24) & 255] << 24)
355: | (RS[(y0 >> 16) & 255] << 16)
356: | (RS[(y3 >> 8) & 255] << 8) | RS[y2 & 255])
357: ^ k[41];
358: x2 = ((RS[(y2 >> 24) & 255] << 24)
359: | (RS[(y1 >> 16) & 255] << 16)
360: | (RS[(y0 >> 8) & 255] << 8) | RS[y3 & 255])
361: ^ k[42];
362: x3 = ((RS[(y3 >> 24) & 255] << 24)
363: | (RS[(y2 >> 16) & 255] << 16)
364: | (RS[(y1 >> 8) & 255] << 8) | RS[y0 & 255])
365: ^ k[43];
366: out[off] = (byte) (x0 >> 24);
367: out[off + 1] = (byte) (x0 >> 16);
368: out[off + 2] = (byte) (x0 >> 8);
369: out[off + 3] = (byte) x0;
370: out[off + 4] = (byte) (x1 >> 24);
371: out[off + 5] = (byte) (x1 >> 16);
372: out[off + 6] = (byte) (x1 >> 8);
373: out[off + 7] = (byte) x1;
374: out[off + 8] = (byte) (x2 >> 24);
375: out[off + 9] = (byte) (x2 >> 16);
376: out[off + 10] = (byte) (x2 >> 8);
377: out[off + 11] = (byte) x2;
378: out[off + 12] = (byte) (x3 >> 24);
379: out[off + 13] = (byte) (x3 >> 16);
380: out[off + 14] = (byte) (x3 >> 8);
381: out[off + 15] = (byte) x3;
382: }
383:
384: public int getKeyLength() {
385: return 4 * 4;
386: }
387:
388: }
|