aes.js

slowAES algorithm implementation

このスクリプトは単体で利用できません。右のようなメタデータを含むスクリプトから、ライブラリとして読み込まれます: // @require https://update.greatest.deepsurf.us/scripts/13883/86931/aesjs.js

このスクリプトの質問や評価の投稿はこちら通報はこちらへお寄せください。 
  1. /*
  2.  * aes.js: implements AES - Advanced Encryption Standard
  3.  * from the SlowAES project, http://code.google.com/p/slowaes/
  4.  * 
  5.  * Copyright (c) 2008 	Josh Davis ( http://www.josh-davis.org ),
  6.  *						Mark Percival ( http://mpercival.com ),
  7.  *
  8.  * Ported from C code written by Laurent Haan ( http://www.progressive-coding.com )
  9.  * 
  10.  * Licensed under the Apache License, Version 2.0
  11.  * http://www.apache.org/licenses/
  12.  */
  13.  
  14. var slowAES = {
  15. 	/*
  16. 	 * START AES SECTION
  17. 	 */
  18. 	aes:{
  19. 		// structure of valid key sizes
  20. 		keySize:{
  21. 			SIZE_128:16,
  22. 			SIZE_192:24,
  23. 			SIZE_256:32
  24. 		},
  25. 		
  26. 		// Rijndael S-box
  27. 		sbox:[
  28. 		0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
  29. 		0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
  30. 		0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
  31. 		0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
  32. 		0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
  33. 		0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
  34. 		0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
  35. 		0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
  36. 		0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
  37. 		0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
  38. 		0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
  39. 		0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
  40. 		0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
  41. 		0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
  42. 		0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
  43. 		0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ],
  44. 		
  45. 		// Rijndael Inverted S-box
  46. 		rsbox:
  47. 		[ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
  48. 		, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
  49. 		, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
  50. 		, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
  51. 		, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
  52. 		, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
  53. 		, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
  54. 		, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
  55. 		, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
  56. 		, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
  57. 		, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
  58. 		, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
  59. 		, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
  60. 		, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
  61. 		, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
  62. 		, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ],
  63. 		
  64. 		/* rotate the word eight bits to the left */
  65. 		rotate:function(word)
  66. 		{
  67. 			var c = word[0];
  68. 			for (var i = 0; i < 3; i++)
  69. 				word[i] = word[i+1];
  70. 			word[3] = c;
  71. 			
  72. 			return word;
  73. 		},
  74. 		
  75. 		// Rijndael Rcon
  76. 		Rcon:[
  77. 		0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
  78. 		0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
  79. 		0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
  80. 		0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
  81. 		0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
  82. 		0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
  83. 		0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
  84. 		0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
  85. 		0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
  86. 		0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
  87. 		0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
  88. 		0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
  89. 		0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
  90. 		0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
  91. 		0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
  92. 		0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
  93. 		0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
  94. 		0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
  95. 		0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
  96. 		0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ],
  97.  
  98. 		G2X: [
  99. 		0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16,
  100. 		0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
  101. 		0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46,
  102. 		0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
  103. 		0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76,
  104. 		0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
  105. 		0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6,
  106. 		0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
  107. 		0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6,
  108. 		0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
  109. 		0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d,
  110. 		0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
  111. 		0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d,
  112. 		0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
  113. 		0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d,
  114. 		0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
  115. 		0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d,
  116. 		0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
  117. 		0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd,
  118. 		0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
  119. 		0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed,
  120. 		0xe3, 0xe1, 0xe7, 0xe5
  121. 		],
  122.  
  123. 		G3X: [
  124. 		0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d,
  125. 		0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39,
  126. 		0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65,
  127. 		0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
  128. 		0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d,
  129. 		0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9,
  130. 		0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5,
  131. 		0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
  132. 		0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd,
  133. 		0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99,
  134. 		0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e,
  135. 		0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
  136. 		0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6,
  137. 		0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2,
  138. 		0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce,
  139. 		0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
  140. 		0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46,
  141. 		0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62,
  142. 		0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e,
  143. 		0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
  144. 		0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16,
  145. 		0x1f, 0x1c, 0x19, 0x1a
  146. 		],
  147.  
  148. 		G9X: [
  149. 		0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53,
  150. 		0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf,
  151. 		0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20,
  152. 		0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
  153. 		0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8,
  154. 		0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49,
  155. 		0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd,
  156. 		0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
  157. 		0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e,
  158. 		0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2,
  159. 		0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7,
  160. 		0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
  161. 		0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f,
  162. 		0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8,
  163. 		0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c,
  164. 		0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
  165. 		0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9,
  166. 		0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35,
  167. 		0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba,
  168. 		0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
  169. 		0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62,
  170. 		0x5d, 0x54, 0x4f, 0x46
  171. 		],
  172.  
  173. 		GBX: [
  174. 		0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45,
  175. 		0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81,
  176. 		0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66,
  177. 		0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
  178. 		0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e,
  179. 		0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7,
  180. 		0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b,
  181. 		0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
  182. 		0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8,
  183. 		0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c,
  184. 		0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea,
  185. 		0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
  186. 		0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02,
  187. 		0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd,
  188. 		0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21,
  189. 		0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
  190. 		0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44,
  191. 		0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80,
  192. 		0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67,
  193. 		0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
  194. 		0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f,
  195. 		0xbe, 0xb5, 0xa8, 0xa3
  196. 		],
  197.  
  198. 		GDX: [
  199. 		0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f,
  200. 		0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3,
  201. 		0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac,
  202. 		0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
  203. 		0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14,
  204. 		0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e,
  205. 		0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa,
  206. 		0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
  207. 		0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9,
  208. 		0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25,
  209. 		0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd,
  210. 		0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
  211. 		0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75,
  212. 		0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42,
  213. 		0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6,
  214. 		0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
  215. 		0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8,
  216. 		0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44,
  217. 		0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b,
  218. 		0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
  219. 		0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3,
  220. 		0x80, 0x8d, 0x9a, 0x97
  221. 		],
  222.  
  223. 		GEX: [
  224. 		0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62,
  225. 		0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca,
  226. 		0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9,
  227. 		0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
  228. 		0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59,
  229. 		0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87,
  230. 		0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f,
  231. 		0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
  232. 		0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14,
  233. 		0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc,
  234. 		0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53,
  235. 		0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
  236. 		0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3,
  237. 		0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0,
  238. 		0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68,
  239. 		0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
  240. 		0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e,
  241. 		0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26,
  242. 		0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25,
  243. 		0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
  244. 		0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5,
  245. 		0x9f, 0x91, 0x83, 0x8d
  246. 		],
  247. 		
  248. 		// Key Schedule Core
  249. 		core:function(word,iteration)
  250. 		{
  251. 			/* rotate the 32-bit word 8 bits to the left */
  252. 			word = this.rotate(word);
  253. 			/* apply S-Box substitution on all 4 parts of the 32-bit word */
  254. 			for (var i = 0; i < 4; ++i)
  255. 				word[i] = this.sbox[word[i]];
  256. 			/* XOR the output of the rcon operation with i to the first part (leftmost) only */
  257. 			word[0] = word[0]^this.Rcon[iteration];
  258. 			return word;
  259. 		},
  260. 		
  261. 		/* Rijndael's key expansion
  262. 		 * expands an 128,192,256 key into an 176,208,240 bytes key
  263. 		 *
  264. 		 * expandedKey is a pointer to an char array of large enough size
  265. 		 * key is a pointer to a non-expanded key
  266. 		 */
  267. 		expandKey:function(key,size)
  268. 		{
  269. 			var expandedKeySize = (16*(this.numberOfRounds(size)+1));
  270. 			
  271. 			/* current expanded keySize, in bytes */
  272. 			var currentSize = 0;
  273. 			var rconIteration = 1;
  274. 			var t = [];   // temporary 4-byte variable
  275. 			
  276. 			var expandedKey = [];
  277. 			for(var i = 0;i < expandedKeySize;i++)
  278. 				expandedKey[i] = 0;
  279. 		
  280. 			/* set the 16,24,32 bytes of the expanded key to the input key */
  281. 			for (var j = 0; j < size; j++)
  282. 				expandedKey[j] = key[j];
  283. 			currentSize += size;
  284. 		
  285. 			while (currentSize < expandedKeySize)
  286. 			{
  287. 				/* assign the previous 4 bytes to the temporary value t */
  288. 				for (var k = 0; k < 4; k++)
  289. 					t[k] = expandedKey[(currentSize - 4) + k];
  290. 		
  291. 				/* every 16,24,32 bytes we apply the core schedule to t
  292. 				 * and increment rconIteration afterwards
  293. 				 */
  294. 				if(currentSize % size == 0)
  295. 					t = this.core(t, rconIteration++);
  296. 		
  297. 				/* For 256-bit keys, we add an extra sbox to the calculation */
  298. 				if(size == this.keySize.SIZE_256 && ((currentSize % size) == 16))
  299. 					for(var l = 0; l < 4; l++)
  300. 						t[l] = this.sbox[t[l]];
  301. 		
  302. 				/* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key.
  303. 				 * This becomes the next four bytes in the expanded key.
  304. 				 */
  305. 				for(var m = 0; m < 4; m++) {
  306. 					expandedKey[currentSize] = expandedKey[currentSize - size] ^ t[m];
  307. 					currentSize++;
  308. 				}
  309. 			}
  310. 			return expandedKey;
  311. 		},
  312. 		
  313. 		// Adds (XORs) the round key to the state
  314. 		addRoundKey:function(state,roundKey)
  315. 		{
  316. 			for (var i = 0; i < 16; i++)
  317. 				state[i] ^= roundKey[i];
  318. 			return state;
  319. 		},
  320. 		
  321. 		// Creates a round key from the given expanded key and the
  322. 		// position within the expanded key.
  323. 		createRoundKey:function(expandedKey,roundKeyPointer)
  324. 		{
  325. 			var roundKey = [];
  326. 			for (var i = 0; i < 4; i++)
  327. 				for (var j = 0; j < 4; j++)
  328. 					roundKey[j*4+i] = expandedKey[roundKeyPointer + i*4 + j];
  329. 			return roundKey;
  330. 		},
  331. 		
  332. 		/* substitute all the values from the state with the value in the SBox
  333. 		 * using the state value as index for the SBox
  334. 		 */
  335. 		subBytes:function(state,isInv)
  336. 		{
  337. 			for (var i = 0; i < 16; i++)
  338. 				state[i] = isInv?this.rsbox[state[i]]:this.sbox[state[i]];
  339. 			return state;
  340. 		},
  341. 		
  342. 		/* iterate over the 4 rows and call shiftRow() with that row */
  343. 		shiftRows:function(state,isInv)
  344. 		{
  345. 			for (var i = 0; i < 4; i++)
  346. 				state = this.shiftRow(state,i*4, i,isInv);
  347. 			return state;
  348. 		},
  349. 		
  350. 		/* each iteration shifts the row to the left by 1 */
  351. 		shiftRow:function(state,statePointer,nbr,isInv)
  352. 		{
  353. 			for (var i = 0; i < nbr; i++)
  354. 			{
  355. 				if(isInv)
  356. 				{
  357. 					var tmp = state[statePointer + 3];
  358. 					for (var j = 3; j > 0; j--)
  359. 						state[statePointer + j] = state[statePointer + j-1];
  360. 					state[statePointer] = tmp;
  361. 				}
  362. 				else
  363. 				{
  364. 					var tmp = state[statePointer];
  365. 					for (var j = 0; j < 3; j++)
  366. 						state[statePointer + j] = state[statePointer + j+1];
  367. 					state[statePointer + 3] = tmp;
  368. 				}
  369. 			}
  370. 			return state;
  371. 		},
  372.  
  373. 		// galois multiplication of 8 bit characters a and b
  374. 		galois_multiplication:function(a,b)
  375. 		{
  376. 			var p = 0;
  377. 			for(var counter = 0; counter < 8; counter++)
  378. 			{
  379. 				if((b & 1) == 1)
  380. 					p ^= a;
  381. 				if(p > 0x100) p ^= 0x100;
  382. 				var hi_bit_set = (a & 0x80); //keep p 8 bit
  383. 				a <<= 1;
  384. 				if(a > 0x100) a ^= 0x100; //keep a 8 bit
  385. 				if(hi_bit_set == 0x80)
  386. 					a ^= 0x1b;
  387. 				if(a > 0x100) a ^= 0x100; //keep a 8 bit
  388. 				b >>= 1;
  389. 				if(b > 0x100) b ^= 0x100; //keep b 8 bit
  390. 			}
  391. 			return p;
  392. 		},
  393. 		
  394. 		// galois multipication of the 4x4 matrix
  395. 		mixColumns:function(state,isInv)
  396. 		{
  397. 			var column = [];
  398. 			/* iterate over the 4 columns */
  399. 			for (var i = 0; i < 4; i++)
  400. 			{
  401. 				/* construct one column by iterating over the 4 rows */
  402. 				for (var j = 0; j < 4; j++)
  403. 					column[j] = state[(j*4)+i];
  404. 				/* apply the mixColumn on one column */
  405. 				column = this.mixColumn(column,isInv);
  406. 				/* put the values back into the state */
  407. 				for (var k = 0; k < 4; k++)
  408. 					state[(k*4)+i] = column[k];
  409. 			}
  410. 			return state;
  411. 		},
  412.  
  413. 		// galois multipication of 1 column of the 4x4 matrix
  414. 		mixColumn:function(column,isInv)
  415. 		{
  416. 			var mult = [];	
  417. 			if(isInv)
  418. 				mult = [14,9,13,11];
  419. 			else
  420. 				mult = [2,1,1,3];
  421. 			var cpy = [];
  422. 			for(var i = 0; i < 4; i++)
  423. 				cpy[i] = column[i];
  424. 			
  425. 			column[0] = 	this.galois_multiplication(cpy[0],mult[0]) ^
  426. 					this.galois_multiplication(cpy[3],mult[1]) ^
  427. 					this.galois_multiplication(cpy[2],mult[2]) ^
  428. 					this.galois_multiplication(cpy[1],mult[3]);
  429. 			column[1] = 	this.galois_multiplication(cpy[1],mult[0]) ^
  430. 					this.galois_multiplication(cpy[0],mult[1]) ^
  431. 					this.galois_multiplication(cpy[3],mult[2]) ^
  432. 					this.galois_multiplication(cpy[2],mult[3]);
  433. 			column[2] = 	this.galois_multiplication(cpy[2],mult[0]) ^
  434. 					this.galois_multiplication(cpy[1],mult[1]) ^
  435. 					this.galois_multiplication(cpy[0],mult[2]) ^
  436. 					this.galois_multiplication(cpy[3],mult[3]);
  437. 			column[3] = 	this.galois_multiplication(cpy[3],mult[0]) ^
  438. 					this.galois_multiplication(cpy[2],mult[1]) ^
  439. 					this.galois_multiplication(cpy[1],mult[2]) ^
  440. 					this.galois_multiplication(cpy[0],mult[3]);
  441. 			return column;
  442. 		},
  443. 		
  444. 		// applies the 4 operations of the forward round in sequence
  445. 		round:function(state, roundKey)
  446. 		{
  447. 			state = this.subBytes(state,false);
  448. 			state = this.shiftRows(state,false);
  449. 			state = this.mixColumns(state,false);
  450. 			state = this.addRoundKey(state, roundKey);
  451. 			return state;
  452. 		},
  453. 		
  454. 		// applies the 4 operations of the inverse round in sequence
  455. 		invRound:function(state,roundKey)
  456. 		{
  457. 			state = this.shiftRows(state,true);
  458. 			state = this.subBytes(state,true);
  459. 			state = this.addRoundKey(state, roundKey);
  460. 			state = this.mixColumns(state,true);
  461. 			return state;
  462. 		},
  463. 		
  464. 		/*
  465. 		 * Perform the initial operations, the standard round, and the final operations
  466. 		 * of the forward aes, creating a round key for each round
  467. 		 */
  468. 		main:function(state,expandedKey,nbrRounds)
  469. 		{
  470. 			state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
  471. 			for (var i = 1; i < nbrRounds; i++)
  472. 				state = this.round(state, this.createRoundKey(expandedKey,16*i));
  473. 			state = this.subBytes(state,false);
  474. 			state = this.shiftRows(state,false);
  475. 			state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
  476. 			return state;
  477. 		},
  478. 		
  479. 		/*
  480. 		 * Perform the initial operations, the standard round, and the final operations
  481. 		 * of the inverse aes, creating a round key for each round
  482. 		 */
  483. 		invMain:function(state, expandedKey, nbrRounds)
  484. 		{
  485. 			state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
  486. 			for (var i = nbrRounds-1; i > 0; i--)
  487. 				state = this.invRound(state, this.createRoundKey(expandedKey,16*i));
  488. 			state = this.shiftRows(state,true);
  489. 			state = this.subBytes(state,true);
  490. 			state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
  491. 			return state;
  492. 		},
  493.  
  494. 		numberOfRounds:function(size)
  495. 		{
  496. 			var nbrRounds;
  497. 			switch (size) /* set the number of rounds */
  498. 			{
  499. 				case this.keySize.SIZE_128:
  500. 					nbrRounds = 10;
  501. 					break;
  502. 				case this.keySize.SIZE_192:
  503. 					nbrRounds = 12;
  504. 					break;
  505. 				case this.keySize.SIZE_256:
  506. 					nbrRounds = 14;
  507. 					break;
  508. 				default:
  509. 					return null;
  510. 					break;
  511. 			}
  512. 			return nbrRounds;
  513. 		},
  514. 		
  515. 		// encrypts a 128 bit input block against the given key of size specified
  516. 		encrypt:function(input,key,size)
  517. 		{
  518. 			var output = [];
  519. 			var block = []; /* the 128 bit block to encode */
  520. 			var nbrRounds = this.numberOfRounds(size);
  521. 			/* Set the block values, for the block:
  522. 			 * a0,0 a0,1 a0,2 a0,3
  523. 			 * a1,0 a1,1 a1,2 a1,3
  524. 			 * a2,0 a2,1 a2,2 a2,3
  525. 			 * a3,0 a3,1 a3,2 a3,3
  526. 			 * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
  527. 			 */
  528. 			for (var i = 0; i < 4; i++) /* iterate over the columns */
  529. 				for (var j = 0; j < 4; j++) /* iterate over the rows */
  530. 					block[(i+(j*4))] = input[(i*4)+j];
  531. 		
  532. 			/* expand the key into an 176, 208, 240 bytes key */
  533. 			var expandedKey = this.expandKey(key, size); /* the expanded key */
  534. 			/* encrypt the block using the expandedKey */
  535. 			block = this.main(block, expandedKey, nbrRounds);
  536. 			for (var k = 0; k < 4; k++) /* unmap the block again into the output */
  537. 				for (var l = 0; l < 4; l++) /* iterate over the rows */
  538. 					output[(k*4)+l] = block[(k+(l*4))];
  539. 			return output;
  540. 		},
  541. 		
  542. 		// decrypts a 128 bit input block against the given key of size specified
  543. 		decrypt:function(input, key, size)
  544. 		{
  545. 			var output = [];
  546. 			var block = []; /* the 128 bit block to decode */
  547. 			var nbrRounds = this.numberOfRounds(size);
  548. 			/* Set the block values, for the block:
  549. 			 * a0,0 a0,1 a0,2 a0,3
  550. 			 * a1,0 a1,1 a1,2 a1,3
  551. 			 * a2,0 a2,1 a2,2 a2,3
  552. 			 * a3,0 a3,1 a3,2 a3,3
  553. 			 * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
  554. 			 */
  555. 			for (var i = 0; i < 4; i++) /* iterate over the columns */
  556. 				for (var j = 0; j < 4; j++) /* iterate over the rows */
  557. 					block[(i+(j*4))] = input[(i*4)+j];
  558. 			/* expand the key into an 176, 208, 240 bytes key */
  559. 			var expandedKey = this.expandKey(key, size);
  560. 			/* decrypt the block using the expandedKey */
  561. 			block = this.invMain(block, expandedKey, nbrRounds);
  562. 			for (var k = 0; k < 4; k++)/* unmap the block again into the output */
  563. 				for (var l = 0; l < 4; l++)/* iterate over the rows */
  564. 					output[(k*4)+l] = block[(k+(l*4))];
  565. 			return output;
  566. 		}
  567. 	},
  568. 	/*
  569. 	 * END AES SECTION
  570. 	 */
  571. 	 
  572. 	/*
  573. 	 * START MODE OF OPERATION SECTION
  574. 	 */
  575. 	//structure of supported modes of operation
  576. 	modeOfOperation:{
  577. 		OFB:0,
  578. 		CFB:1,
  579. 		CBC:2
  580. 	},
  581. 	
  582. 	// get a 16 byte block (aes operates on 128bits)
  583. 	getBlock: function(bytesIn,start,end,mode)
  584. 	{
  585. 		if(end - start > 16)
  586. 			end = start + 16;
  587. 		
  588. 		return bytesIn.slice(start, end);
  589. 	},
  590. 	
  591. 	/*
  592. 	 * Mode of Operation Encryption
  593. 	 * bytesIn - Input String as array of bytes
  594. 	 * mode - mode of type modeOfOperation
  595. 	 * key - a number array of length 'size'
  596. 	 * size - the bit length of the key
  597. 	 * iv - the 128 bit number array Initialization Vector
  598. 	 */
  599. 	encrypt: function (bytesIn, mode, key, iv)
  600. 	{
  601. 		var size = key.length;
  602. 		if(iv.length%16)
  603. 		{
  604. 			throw 'iv length must be 128 bits.';
  605. 		}
  606. 		// the AES input/output
  607. 		var byteArray = [];
  608. 		var input = [];
  609. 		var output = [];
  610. 		var ciphertext = [];
  611. 		var cipherOut = [];
  612. 		// char firstRound
  613. 		var firstRound = true;
  614. 		if (mode == this.modeOfOperation.CBC)
  615. 			this.padBytesIn(bytesIn);
  616. 		if (bytesIn !== null)
  617. 		{
  618. 			for (var j = 0;j < Math.ceil(bytesIn.length/16); j++)
  619. 			{
  620. 				var start = j*16;
  621. 				var end = j*16+16;
  622. 				if(j*16+16 > bytesIn.length)
  623. 					end = bytesIn.length;
  624. 				byteArray = this.getBlock(bytesIn,start,end,mode);
  625. 				if (mode == this.modeOfOperation.CFB)
  626. 				{
  627. 					if (firstRound)
  628. 					{
  629. 						output = this.aes.encrypt(iv, key, size);
  630. 						firstRound = false;
  631. 					}
  632. 					else
  633. 						output = this.aes.encrypt(input, key, size);
  634. 					for (var i = 0; i < 16; i++)
  635. 						ciphertext[i] = byteArray[i] ^ output[i];
  636. 					for(var k = 0;k < end-start;k++)
  637. 						cipherOut.push(ciphertext[k]);
  638. 					input = ciphertext;
  639. 				}
  640. 				else if (mode == this.modeOfOperation.OFB)
  641. 				{
  642. 					if (firstRound)
  643. 					{
  644. 						output = this.aes.encrypt(iv, key, size);
  645. 						firstRound = false;
  646. 					}
  647. 					else
  648. 						output = this.aes.encrypt(input, key, size);
  649. 					for (var i = 0; i < 16; i++)
  650. 						ciphertext[i] = byteArray[i] ^ output[i];
  651. 					for(var k = 0;k < end-start;k++)
  652. 						cipherOut.push(ciphertext[k]);
  653. 					input = output;
  654. 				}
  655. 				else if (mode == this.modeOfOperation.CBC)
  656. 				{
  657. 					for (var i = 0; i < 16; i++)
  658. 						input[i] = byteArray[i] ^ ((firstRound) ? iv[i] : ciphertext[i]);
  659. 					firstRound = false;
  660. 					ciphertext = this.aes.encrypt(input, key, size);
  661. 					// always 16 bytes because of the padding for CBC
  662. 					for(var k = 0;k < 16;k++)
  663. 						cipherOut.push(ciphertext[k]);
  664. 				}
  665. 			}
  666. 		}
  667. 		return cipherOut;
  668. 	},
  669. 	
  670. 	/*
  671. 	 * Mode of Operation Decryption
  672. 	 * cipherIn - Encrypted String as array of bytes
  673. 	 * originalsize - The unencrypted string length - required for CBC
  674. 	 * mode - mode of type modeOfOperation
  675. 	 * key - a number array of length 'size'
  676. 	 * size - the bit length of the key
  677. 	 * iv - the 128 bit number array Initialization Vector
  678. 	 */
  679. 	decrypt:function(cipherIn,mode,key,iv)
  680. 	{
  681. 		var size = key.length;
  682. 		if(iv.length%16)
  683. 		{
  684. 			throw 'iv length must be 128 bits.';
  685. 		}
  686. 		// the AES input/output
  687. 		var ciphertext = [];
  688. 		var input = [];
  689. 		var output = [];
  690. 		var byteArray = [];
  691. 		var bytesOut = [];
  692. 		// char firstRound
  693. 		var firstRound = true;
  694. 		if (cipherIn !== null)
  695. 		{
  696. 			for (var j = 0;j < Math.ceil(cipherIn.length/16); j++)
  697. 			{
  698. 				var start = j*16;
  699. 				var end = j*16+16;
  700. 				if(j*16+16 > cipherIn.length)
  701. 					end = cipherIn.length;
  702. 				ciphertext = this.getBlock(cipherIn,start,end,mode);
  703. 				if (mode == this.modeOfOperation.CFB)
  704. 				{
  705. 					if (firstRound)
  706. 					{
  707. 						output = this.aes.encrypt(iv, key, size);
  708. 						firstRound = false;
  709. 					}
  710. 					else
  711. 						output = this.aes.encrypt(input, key, size);
  712. 					for (i = 0; i < 16; i++)
  713. 						byteArray[i] = output[i] ^ ciphertext[i];
  714. 					for(var k = 0;k < end-start;k++)
  715. 						bytesOut.push(byteArray[k]);
  716. 					input = ciphertext;
  717. 				}
  718. 				else if (mode == this.modeOfOperation.OFB)
  719. 				{
  720. 					if (firstRound)
  721. 					{
  722. 						output = this.aes.encrypt(iv, key, size);
  723. 						firstRound = false;
  724. 					}
  725. 					else
  726. 						output = this.aes.encrypt(input, key, size);
  727. 					for (i = 0; i < 16; i++)
  728. 						byteArray[i] = output[i] ^ ciphertext[i];
  729. 					for(var k = 0;k < end-start;k++)
  730. 						bytesOut.push(byteArray[k]);
  731. 					input = output;
  732. 				}
  733. 				else if(mode == this.modeOfOperation.CBC)
  734. 				{
  735. 					output = this.aes.decrypt(ciphertext, key, size);
  736. 					for (i = 0; i < 16; i++)
  737. 						byteArray[i] = ((firstRound) ? iv[i] : input[i]) ^ output[i];
  738. 					firstRound = false;
  739. 					for(var k = 0;k < end-start;k++)
  740. 						bytesOut.push(byteArray[k]);
  741. 					input = ciphertext;
  742. 				}
  743. 			}
  744. 			if(mode == this.modeOfOperation.CBC)
  745. 			    this.unpadBytesOut(bytesOut);
  746. 		}
  747. 		return bytesOut;
  748. 	},
  749. 	padBytesIn: function(data) {
  750. 		var len = data.length;
  751. 		var padByte = 16 - (len % 16);
  752. 		for (var i = 0; i < padByte; i++) {
  753. 			data.push(padByte);
  754. 		}
  755. 	},
  756. 	unpadBytesOut: function(data) {
  757. 		var padCount = 0;
  758. 		var padByte = -1;
  759. 		var blockSize = 16;
  760. 		for (var i = data.length - 1; i >= data.length-1 - blockSize; i--) {
  761. 			if (data[i] <= blockSize) {
  762. 				if (padByte == -1)
  763. 					padByte = data[i];
  764. 				if (data[i] != padByte) {
  765. 					padCount = 0;
  766. 					break;
  767. 				}
  768. 				padCount++;
  769. 			} else
  770. 				break;
  771. 			if (padCount == padByte)
  772. 				break;
  773. 		}
  774. 		if (padCount > 0)
  775. 			data.splice(data.length - padCount, padCount);
  776. 	}
  777. 	/*
  778. 	 * END MODE OF OPERATION SECTION
  779. 	 */
  780. };