ホーム エクスプローラ ヘルプ
登録 サインイン
PatrolEditor
/
frontend-repo
5
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: c31683a22e
ブランチ タグ
frontend-repo
/
public
/
codebase
/
encryption
/
AES.js

AES.js 16 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621 
  1. (function() {
    2. 

  2. 	var Nr = 10;
    3. 

  3. 	// convert two-dimensional indicies to one-dim array indices
    4. 

  4. 	var I00 = 0;
    5. 

  5. 	var I01 = 1;
    6. 

  6. 	var I02 = 2;
    7. 

  7. 	var I03 = 3;
    8. 

  8. 	var I10 = 4;
    9. 

  9. 	var I11 = 5;
    10. 

  10. 	var I12 = 6;
    11. 

  11. 	var I13 = 7;
    12. 

  12. 	var I20 = 8;
    13. 

  13. 	var I21 = 9;
    14. 

  14. 	var I22 = 10;
    15. 

  15. 	var I23 = 11;
    16. 

  16. 	var I30 = 12;
    17. 

  17. 	var I31 = 13;
    18. 

  18. 	var I32 = 14;
    19. 

  19. 	var I33 = 15;
    20. 

  20. 	
    21. 

  21. 	// S-Box substitution table
    22. 

  22. 	var S_enc = new Array(
    23. 

  23. 	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
    24. 

  24. 	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
    25. 

  25. 	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
    26. 

  26. 	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
    27. 

  27. 	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
    28. 

  28. 	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
    29. 

  29. 	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
    30. 

  30. 	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
    31. 

  31. 	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
    32. 

  32. 	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
    33. 

  33. 	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
    34. 

  34. 	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
    35. 

  35. 	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
    36. 

  36. 	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
    37. 

  37. 	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
    38. 

  38. 	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
    39. 

  39. 	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
    40. 

  40. 	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
    41. 

  41. 	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
    42. 

  42. 	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
    43. 

  43. 	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
    44. 

  44. 	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
    45. 

  45. 	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
    46. 

  46. 	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
    47. 

  47. 	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
    48. 

  48. 	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
    49. 

  49. 	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
    50. 

  50. 	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
    51. 

  51. 	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
    52. 

  52. 	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
    53. 

  53. 	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
    54. 

  54. 	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
    55. 

  55. 	
    56. 

  56. 	// inverse S-Box for decryptions
    57. 

  57. 	var S_dec = new Array(
    58. 

  58. 	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
    59. 

  59. 	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
    60. 

  60. 	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
    61. 

  61. 	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
    62. 

  62. 	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
    63. 

  63. 	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
    64. 

  64. 	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
    65. 

  65. 	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
    66. 

  66. 	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
    67. 

  67. 	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
    68. 

  68. 	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
    69. 

  69. 	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
    70. 

  70. 	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
    71. 

  71. 	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
    72. 

  72. 	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
    73. 

  73. 	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
    74. 

  74. 	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
    75. 

  75. 	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
    76. 

  76. 	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
    77. 

  77. 	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
    78. 

  78. 	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
    79. 

  79. 	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
    80. 

  80. 	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
    81. 

  81. 	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
    82. 

  82. 	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
    83. 

  83. 	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
    84. 

  84. 	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
    85. 

  85. 	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
    86. 

  86. 	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
    87. 

  87. 	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
    88. 

  88. 	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
    89. 

  89. 	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
    90. 

  90. 	
    91. 

  91. 	function cvt_hex8 (val) {
    92. 

  92. 		var vh = (val>>>4)&0x0f;
    93. 

  93. 		return vh.toString(16) + (val&0x0f).toString(16);
    94. 

  94. 	}
    95. 

  95. 	function cvt_byte (str) {
    96. 

  96. 		// get the first hex digit
    97. 

  97. 		var val1 = str.charCodeAt(0);
    98. 

  98. 		// do some error checking
    99. 

  99. 		if (val1 >= 48 && val1 <= 57) {
    100. 

  100. 			// have a valid digit 0-9
    101. 

  101. 			val1 -= 48;
    102. 

  102. 		} else if (val1 >= 65 && val1 <= 70) {
    103. 

  103. 			// have a valid digit A-F
    104. 

  104. 			val1 -= 55;
    105. 

  105. 		} else if (val1 >= 97 && val1 <= 102) {
    106. 

  106. 			// have a valid digit A-F
    107. 

  107. 			val1 -= 87;
    108. 

  108. 		} else {
    109. 

  109. 			// not 0-9 or A-F, complain
    110. 

  110. 			console.log( str.charAt(1)+" is not a valid hex digit" );
    111. 

  111. 			return -1;
    112. 

  112. 		}
    113. 

  113. 		// get the second hex digit
    114. 

  114. 		var val2 = str.charCodeAt(1);
    115. 

  115. 		// do some error checking
    116. 

  116. 		if ( val2 >= 48 && val2 <= 57 ) {
    117. 

  117. 			// have a valid digit 0-9
    118. 

  118. 			val2 -= 48;
    119. 

  119. 		} else if ( val2 >= 65 && val2 <= 70 ) {
    120. 

  120. 			// have a valid digit A-F
    121. 

  121. 			val2 -= 55;
    122. 

  122. 		} else if ( val2 >= 97 && val2 <= 102 ) {
    123. 

  123. 			// have a valid digit A-F
    124. 

  124. 			val2 -= 87;
    125. 

  125. 		} else {
    126. 

  126. 			// not 0-9 or A-F, complain
    127. 

  127. 			console.log( str.charAt(2)+" is not a valid hex digit" );
    128. 

  128. 			return -1;
    129. 

  129. 		}
    130. 

  130. 		// all is ok, return the value
    131. 

  131. 		return val1*16 + val2;
    132. 

  132. 	}
    133. 

  133. 	
    134. 

  134. 	// conversion function for non-constant subscripts
    135. 

  135. 	// assume subscript range 0..3
    136. 

  136. 	function I(x,y) {
    137. 

  137. 		return (x*4) + y;
    138. 

  138. 	}
    139. 

  139. 	
    140. 

  140. 	// remove spaces from input
    141. 

  141. 	function remove_spaces(instr) {
    142. 

  142. 		var i;
    143. 

  143. 		var outstr = "";
    144. 

  144. 		for(i=0; i<instr.length; i++) {
    145. 

  145. 		if ( instr.charAt(i) != " " )
    146. 

  146. 			 // not a space, include it
    147. 

  147. 			 outstr += instr.charAt(i);
    148. 

  148. 		}
    149. 

  149. 		return outstr;
    150. 

  150. 	}
    151. 

  151. 

  152. 	// get the message to encrypt/decrypt or the key
    153. 

  153. 	// return as a 16-byte array
    154. 

  154. 	function get_value(str, isASCII) {
    155. 

  155. 		var dbyte = new Array(16);
    156. 

  156. 		var i;
    157. 

  157. 		var val;	// one hex digit
    158. 

  158. 		if (isASCII) {
    159. 

  159. 			// check length of data
    160. 

  160. 			if (str.length > 16) {
    161. 

  161. 				console.log("is too long, using the first 16 ASCII characters" );
    162. 

  162. 			}
    163. 

  163. 			// have ASCII data
    164. 

  164. 			// 16 characters?
    165. 

  165. 			if (str.length >= 16) {
    166. 

  166. 				// 16 or more characters
    167. 

  167. 				for(i=0; i<16; i++) {
    168. 

  168. 					dbyte[i] = str.charCodeAt(i);
    169. 

  169. 				}
    170. 

  170. 			} else {
    171. 

  171. 				 // less than 16 characters - fill with NULLs
    172. 

  172. 				for(i=0; i<str.length; i++) {
    173. 

  173. 					dbyte[i] = str.charCodeAt(i);
    174. 

  174. 				}
    175. 

  175. 				for( i=str.length; i<16; i++) {
    176. 

  176. 					dbyte[i] = 0;
    177. 

  177. 				}
    178. 

  178. 			}
    179. 

  179. 		} else {
    180. 

  180. 			// have hex data - remove any spaces they used, then convert
    181. 

  181. 			//str = remove_spaces(str);
    182. 

  182. 			// check length of data
    183. 

  183. 			if ( str.length != 32 ) {
    184. 

  184. 				//console.log("\tget_value:\tstr = " + str + "\tisASCII = " + isASCII); //isASCII = false
    185. 

  185. 				console.log("length wrong: Is " + str.length + " hex digits, but must be 128 bits (32 hex digits)");
    186. 

  186. 				dbyte[0] = -1;
    187. 

  187. 				return dbyte;
    188. 

  188. 			}
    189. 

  189. 			for( i=0; i<16; i++ ) {
    190. 

  190. 				// isolate and convert this substring
    191. 

  191. 				dbyte[i] = cvt_byte( str.substr(i*2,2) );
    192. 

  192. 				if( dbyte[i] < 0 ) {
    193. 

  193. 					// have an error
    194. 

  194. 					dbyte[0] = -1;
    195. 

  195. 					return dbyte;
    196. 

  196. 				}
    197. 

  197. 			}
    198. 

  198. 		}
    199. 

  199. 		// return successful conversion
    200. 

  200. 		return dbyte;
    201. 

  201. 	}
    202. 

  202. 	//do the AES GF(2**8) multiplication
    203. 

  203. 	// do this by the shift-and-"add" approach
    204. 

  204. 	function aes_mul(a, b) {
    205. 

  205. 		var res = 0;
    206. 

  206. 		while(a > 0) {
    207. 

  207. 		if((a&1) != 0)
    208. 

  208. 			res = res ^ b;		// "add" to the result
    209. 

  209. 			a >>>= 1;			// shift a to get next higher-order bit
    210. 

  210. 			b <<= 1;			// shift multiplier also
    211. 

  211. 		}
    212. 

  212. 		// now reduce it modulo x**8 + x**4 + x**3 + x + 1
    213. 

  213. 		var hbit = 0x10000;		// bit to test if we need to take action
    214. 

  214. 		var modulus = 0x11b00;	// modulus - XOR by this to change value
    215. 

  215. 		while(hbit >= 0x100) {
    216. 

  216. 			if ((res & hbit) != 0) {
    217. 

  217. 				res ^= modulus;	// XOR with the modulus
    218. 

  218. 			}
    219. 

  219. 			// prepare for the next loop
    220. 

  220. 			hbit >>= 1;
    221. 

  221. 			modulus >>= 1;
    222. 

  222. 		}
    223. 

  223. 		return res;
    224. 

  224. 	}
    225. 

  225. 

  226. 	// apply the S-box substitution to the key expansion
    227. 

  227. 	function SubWord(word_ary) {
    228. 

  228. 		var i;
    229. 

  229. 		for(i=0; i<16; i++) {
    230. 

  230. 			word_ary[i] = S_enc[word_ary[i]];
    231. 

  231. 		}
    232. 

  232. 		return word_ary;
    233. 

  233. 	}
    234. 

  234. 	
    235. 

  235. 	// rotate the bytes in a word
    236. 

  236. 	function RotWord(word_ary) {
    237. 

  237. 		return new Array(word_ary[1], word_ary[2], word_ary[3], word_ary[0]);
    238. 

  238. 	}
    239. 

  239. 

  240. 	// calculate the first item Rcon[i] = { x^(i-1), 0, 0, 0 }
    241. 

  241. 	// note we only return the first item
    242. 

  242. 	function Rcon(exp) {
    243. 

  243. 		var val = 2;
    244. 

  244. 		var result = 1;
    245. 

  245. 	
    246. 

  246. 	   // remember to calculate x^(exp-1)
    247. 

  247. 	   exp--;
    248. 

  248. 	
    249. 

  249. 	   // process the exponent using normal shift and multiply
    250. 

  250. 	   while ( exp > 0 )
    251. 

  251. 	   {
    252. 

  252. 		  if ( (exp & 1) != 0 )
    253. 

  253. 			 result = aes_mul( result, val );
    254. 

  254. 	
    255. 

  255. 		  // square the value
    256. 

  256. 		  val = aes_mul( val, val );
    257. 

  257. 	
    258. 

  258. 		  // move to the next bit
    259. 

  259. 		  exp >>= 1;
    260. 

  260. 	   }
    261. 

  261. 	
    262. 

  262. 	   return result;
    263. 

  263. 	}
    264. 

  264. 	// round key generation
    265. 

  265. 	// return a byte array with the expanded key information
    266. 

  266. 	function key_expand( key )
    267. 

  267. 	{
    268. 

  268. 	   var temp = new Array(4);
    269. 

  269. 	   var i, j;
    270. 

  270. 	   var w = new Array(4*(Nr+1));
    271. 

  271. 

  272. 	   // copy initial key stuff
    273. 

  273. 	   for( i=0; i<16; i++ )
    274. 

  274. 	   {
    275. 

  275. 		  w[i] = key[i];
    276. 

  276. 	   }
    277. 

  277. 

  278. 	   // generate rest of key schedule using 32-bit words
    279. 

  279. 	   i = 4;
    280. 

  280. 	   while ( i < 4*(Nr+1))		// blocksize * ( rounds + 1 )
    281. 

  281. 	   {
    282. 

  282. 		  // copy word W[i-1] to temp
    283. 

  283. 		  for( j=0; j<4; j++ )
    284. 

  284. 			 temp[j] = w[(i-1)*4+j];
    285. 

  285. 

  286. 		  if ( i % 4 == 0)
    287. 

  287. 		  {
    288. 

  288. 			 // temp = SubWord(RotWord(temp)) ^ Rcon[i/4];
    289. 

  289. 			 temp = RotWord( temp );
    290. 

  290. 			 temp = SubWord( temp );
    291. 

  291. 			 temp[0] ^= Rcon( i>>>2 );
    292. 

  292. 		  }
    293. 

  293. 

  294. 		  // word = word ^ temp
    295. 

  295. 		  for( j=0; j<4; j++ )
    296. 

  296. 			 w[i*4+j] = w[(i-4)*4+j] ^ temp[j];
    297. 

  297. 

  298. 		  i++;
    299. 

  299. 	   }
    300. 

  300. 

  301. 	   return w;
    302. 

  302. 	}
    303. 

  303. 

  304. 	// do S-Box substitution
    305. 

  305. 	function SubBytes(state, Sbox)
    306. 

  306. 	{
    307. 

  307. 	   var i;
    308. 

  308. 

  309. 	   for( i=0; i<16; i++ )
    310. 

  310. 		  state[i] = Sbox[ state[i] ];
    311. 

  311. 

  312. 	   return state;
    313. 

  313. 	}
    314. 

  314. 

  315. 	// shift each row as appropriate
    316. 

  316. 	function ShiftRows(state)
    317. 

  317. 	{
    318. 

  318. 	   var t0, t1, t2, t3;
    319. 

  319. 

  320. 	   // top row (row 0) isn't shifted
    321. 

  321. 

  322. 	   // next row (row 1) rotated left 1 place
    323. 

  323. 	   t0 = state[I10];
    324. 

  324. 	   t1 = state[I11];
    325. 

  325. 	   t2 = state[I12];
    326. 

  326. 	   t3 = state[I13];
    327. 

  327. 	   state[I10] = t1;
    328. 

  328. 	   state[I11] = t2;
    329. 

  329. 	   state[I12] = t3;
    330. 

  330. 	   state[I13] = t0;
    331. 

  331. 

  332. 	   // next row (row 2) rotated left 2 places
    333. 

  333. 	   t0 = state[I20];
    334. 

  334. 	   t1 = state[I21];
    335. 

  335. 	   t2 = state[I22];
    336. 

  336. 	   t3 = state[I23];
    337. 

  337. 	   state[I20] = t2;
    338. 

  338. 	   state[I21] = t3;
    339. 

  339. 	   state[I22] = t0;
    340. 

  340. 	   state[I23] = t1;
    341. 

  341. 

  342. 	   // bottom row (row 3) rotated left 3 places
    343. 

  343. 	   t0 = state[I30];
    344. 

  344. 	   t1 = state[I31];
    345. 

  345. 	   t2 = state[I32];
    346. 

  346. 	   t3 = state[I33];
    347. 

  347. 	   state[I30] = t3;
    348. 

  348. 	   state[I31] = t0;
    349. 

  349. 	   state[I32] = t1;
    350. 

  350. 	   state[I33] = t2;
    351. 

  351. 

  352. 	   return state;
    353. 

  353. 	}
    354. 

  354. 

  355. 	// inverset shift each row as appropriate
    356. 

  356. 	function InvShiftRows(state)
    357. 

  357. 	{
    358. 

  358. 	   var t0, t1, t2, t3;
    359. 

  359. 

  360. 	   // top row (row 0) isn't shifted
    361. 

  361. 

  362. 	   // next row (row 1) rotated left 1 place
    363. 

  363. 	   t0 = state[I10];
    364. 

  364. 	   t1 = state[I11];
    365. 

  365. 	   t2 = state[I12];
    366. 

  366. 	   t3 = state[I13];
    367. 

  367. 	   state[I10] = t3;
    368. 

  368. 	   state[I11] = t0;
    369. 

  369. 	   state[I12] = t1;
    370. 

  370. 	   state[I13] = t2;
    371. 

  371. 

  372. 	   // next row (row 2) rotated left 2 places
    373. 

  373. 	   t0 = state[I20];
    374. 

  374. 	   t1 = state[I21];
    375. 

  375. 	   t2 = state[I22];
    376. 

  376. 	   t3 = state[I23];
    377. 

  377. 	   state[I20] = t2;
    378. 

  378. 	   state[I21] = t3;
    379. 

  379. 	   state[I22] = t0;
    380. 

  380. 	   state[I23] = t1;
    381. 

  381. 

  382. 	   // bottom row (row 3) rotated left 3 places
    383. 

  383. 	   t0 = state[I30];
    384. 

  384. 	   t1 = state[I31];
    385. 

  385. 	   t2 = state[I32];
    386. 

  386. 	   t3 = state[I33];
    387. 

  387. 	   state[I30] = t1;
    388. 

  388. 	   state[I31] = t2;
    389. 

  389. 	   state[I32] = t3;
    390. 

  390. 	   state[I33] = t0;
    391. 

  391. 

  392. 	   return state;
    393. 

  393. 	}
    394. 

  394. 

  395. 	// process column info
    396. 

  396. 	function MixColumns(state)
    397. 

  397. 	{
    398. 

  398. 	   var col;
    399. 

  399. 	   var c0, c1, c2, c3;
    400. 

  400. 

  401. 	   for( col=0; col<4; col++ )
    402. 

  402. 	   {
    403. 

  403. 		  c0 = state[I(0,col)];
    404. 

  404. 		  c1 = state[I(1,col)];
    405. 

  405. 		  c2 = state[I(2,col)];
    406. 

  406. 		  c3 = state[I(3,col)];
    407. 

  407. 

  408. 		  // do mixing, and put back into array
    409. 

  409. 		  state[I(0,col)] = aes_mul(2,c0) ^ aes_mul(3,c1) ^ c2 ^ c3;
    410. 

  410. 		  state[I(1,col)] = c0 ^ aes_mul(2,c1) ^ aes_mul(3,c2) ^ c3;
    411. 

  411. 		  state[I(2,col)] = c0 ^ c1 ^ aes_mul(2,c2) ^ aes_mul(3,c3);
    412. 

  412. 		  state[I(3,col)] = aes_mul(3,c0) ^ c1 ^ c2 ^ aes_mul(2,c3);
    413. 

  413. 	   }
    414. 

  414. 

  415. 	   return state;
    416. 

  416. 	}
    417. 

  417. 

  418. 	// inverse process column info
    419. 

  419. 	function InvMixColumns(state)
    420. 

  420. 	{
    421. 

  421. 	   var col;
    422. 

  422. 	   var c0, c1, c2, c3;
    423. 

  423. 

  424. 	   for( col=0; col<4; col++ )
    425. 

  425. 	   {
    426. 

  426. 		  c0 = state[I(0,col)];
    427. 

  427. 		  c1 = state[I(1,col)];
    428. 

  428. 		  c2 = state[I(2,col)];
    429. 

  429. 		  c3 = state[I(3,col)];
    430. 

  430. 

  431. 		  // do inverse mixing, and put back into array
    432. 

  432. 		  state[I(0,col)] = aes_mul(0x0e,c0) ^ aes_mul(0x0b,c1)
    433. 

  433. 				^ aes_mul(0x0d,c2) ^ aes_mul(0x09,c3);
    434. 

  434. 		  state[I(1,col)] = aes_mul(0x09,c0) ^ aes_mul(0x0e,c1)
    435. 

  435. 				^ aes_mul(0x0b,c2) ^ aes_mul(0x0d,c3);
    436. 

  436. 		  state[I(2,col)] = aes_mul(0x0d,c0) ^ aes_mul(0x09,c1)
    437. 

  437. 				^ aes_mul(0x0e,c2) ^ aes_mul(0x0b,c3);
    438. 

  438. 		  state[I(3,col)] = aes_mul(0x0b,c0) ^ aes_mul(0x0d,c1)
    439. 

  439. 				^ aes_mul(0x09,c2) ^ aes_mul(0x0e,c3);
    440. 

  440. 	   }
    441. 

  441. 

  442. 	   return state;
    443. 

  443. 	}
    444. 

  444. 

  445. 	// insert subkey information
    446. 

  446. 	function AddRoundKey( state, w, base )
    447. 

  447. 	{
    448. 

  448. 	   var col;
    449. 

  449. 

  450. 	   for( col=0; col<4; col++ )
    451. 

  451. 	   {
    452. 

  452. 		  state[I(0,col)] ^= w[base+col*4];
    453. 

  453. 		  state[I(1,col)] ^= w[base+col*4+1];
    454. 

  454. 		  state[I(2,col)] ^= w[base+col*4+2];
    455. 

  455. 		  state[I(3,col)] ^= w[base+col*4+3];
    456. 

  456. 	   }
    457. 

  457. 

  458. 	   return state;
    459. 

  459. 	}
    460. 

  460. 

  461. 	// return a transposed array
    462. 

  462. 	function transpose( msg )
    463. 

  463. 	{
    464. 

  464. 	   var row, col;
    465. 

  465. 	   var state = new Array( 16 );
    466. 

  466. 

  467. 	   for( row=0; row<4; row++ )
    468. 

  468. 		  for( col=0; col<4; col++ )
    469. 

  469. 			 state[I(row,col)] = msg[I(col,row)];
    470. 

  470. 

  471. 	   return state;
    472. 

  472. 	}
    473. 

  473. 

  474. 	// final AES state
    475. 

  475. 	var AES_output = new Array(16);
    476. 

  476. 

  477. 	// format AES output
    478. 

  478. 	// -- uses the global array DES_output
    479. 

  479. 	function format_AES_output(bASCII)
    480. 

  480. 	{
    481. 

  481. 	   var i;
    482. 

  482. 	   var bits;
    483. 

  483. 	   var str="";
    484. 

  484. 

  485. 	   // what type of data do we have to work with?
    486. 

  486. 	   if (bASCII)
    487. 

  487. 	   {
    488. 

  488. 		  // convert each set of bits back to ASCII
    489. 

  489. 		  for( i=0; i<16; i++ )
    490. 

  490. 			 str += String.fromCharCode( AES_output[i] );
    491. 

  491. 	   }
    492. 

  492. 	   else 
    493. 

  493. 	   {
    494. 

  494. 		  // output hexdecimal data (insert spaces)
    495. 

  495. 		  str = cvt_hex8( AES_output[0] );
    496. 

  496. 		  for( i=1; i<16; i++ )
    497. 

  497. 		  {
    498. 

  498. 			 str += "" + cvt_hex8( AES_output[i] );
    499. 

  499. 		  }
    500. 

  500. 	   }
    501. 

  501. 	   return str;
    502. 

  502. 	}
    503. 

  503. 

  504. 	// do encrytion
    505. 

  505. 	function aes_encrypt(str, key, bASCII)
    506. 

  506. 	{
    507. 

  507. 	   //console.log("  aes_encrypt:\tstr = " + str + "\tkey = " + key + "\t bASCII = " + bASCII);
    508. 

  508. 	   var w = new Array( 4*(Nr+1) );			// subkey information
    509. 

  509. 	   var state = new Array( 16 );			// working state
    510. 

  510. 	   var round;
    511. 

  511. 

  512. 	   //accumulated_output_info = "";
    513. 

  513. 

  514. 	   // get the message from the user
    515. 

  515. 	   // also check if it is ASCII or hex
    516. 

  516. 	   var msg = get_value(str, bASCII);
    517. 

  517. 

  518. 	   // problems??
    519. 

  519. 	   if ( msg[0] < 0 )
    520. 

  520. 	   {
    521. 

  521. 		  return;
    522. 

  522. 	   }
    523. 

  523. 

  524. 	   // get the key from the user
    525. 

  525. 	   var key = get_value(key, false);
    526. 

  526. 	   // problems??
    527. 

  527. 	   if ( key[0] < 0 )
    528. 

  528. 	   {
    529. 

  529. 		  return;
    530. 

  530. 	   }
    531. 

  531. 

  532. 	   // expand the key
    533. 

  533. 	   w = key_expand( key );
    534. 

  534. 

  535. 	   // initial state = message in columns (transposed from what we input)
    536. 

  536. 	   state = transpose( msg );
    537. 

  537. 

  538. 	   // display the round key - Transpose due to the way it is stored/used
    539. 

  539. 	   state = AddRoundKey(state, w, 0);
    540. 

  540. 

  541. 	   for( round=1; round<Nr; round++ )
    542. 

  542. 	   {
    543. 

  543. 		  state = SubBytes(state, S_enc);
    544. 

  544. 		  state = ShiftRows(state);
    545. 

  545. 		  state = MixColumns(state);
    546. 

  546. 		  // display the round key - Transpose due to the way it is stored/used
    547. 

  547. 		  // note here the spec uses 32-bit words, we are using bytes, so an extra *4
    548. 

  548. 		  state = AddRoundKey(state, w, round*4*4);
    549. 

  549. 	   }
    550. 

  550. 

  551. 	   SubBytes(state, S_enc);
    552. 

  552. 	   ShiftRows(state);
    553. 

  553. 	   AddRoundKey(state, w, Nr*4*4);
    554. 

  554. 

  555. 	   // process output
    556. 

  556. 	   AES_output = transpose( state );
    557. 

  557. 	   var szOutput = format_AES_output(!bASCII);
    558. 

  558. 	   return szOutput;
    559. 

  559. 	}
    560. 

  560. 

  561. 	// do decryption
    562. 

  562. 	function aes_decrypt(str, key, bASCII)
    563. 

  563. 	{
    564. 

  564. 	   //console.log("  aes_decrypt:\tstr = " + str + "\tkey = " + key + "\tbASCII = " + bASCII);
    565. 

  565. 	   var w = new Array( 4*(Nr+1) );			// subkey information
    566. 

  566. 	   var state = new Array( 16 );			// working state
    567. 

  567. 	   var round;
    568. 

  568. 

  569. 	   //accumulated_output_info = "";
    570. 

  570. 

  571. 	   // get the message from the user
    572. 

  572. 	   // also check if it is ASCII or hex
    573. 

  573. 	   var msg = get_value(str, bASCII);
    574. 

  574. 

  575. 	   // problems??
    576. 

  576. 	   if ( msg[0] < 0 )
    577. 

  577. 	   {
    578. 

  578. 		  return;
    579. 

  579. 	   }
    580. 

  580. 	   
    581. 

  581. 	   // get the key from the user
    582. 

  582. 	   var key = get_value(key, false);
    583. 

  583. 	   // problems??
    584. 

  584. 	   if ( key[0] < 0 )
    585. 

  585. 	   {
    586. 

  586. 		  return;
    587. 

  587. 	   }
    588. 

  588. 

  589. 	   // expand the key
    590. 

  590. 	   w = key_expand( key );
    591. 

  591. 

  592. 	   // initial state = message
    593. 

  593. 	   state = transpose( msg );
    594. 

  594. 	   // display the round key - Transpose due to the way it is stored/used
    595. 

  595. 	   state = AddRoundKey(state, w, Nr*4*4);
    596. 

  596. 

  597. 	   for( round=Nr-1; round>=1; round-- )
    598. 

  598. 	   {
    599. 

  599. 		  state = InvShiftRows(state);
    600. 

  600. 		  state = SubBytes(state, S_dec);
    601. 

  601. 		  // display the round key - Transpose due to the way it is stored/used
    602. 

  602. 		  // note here the spec uses 32-bit words, we are using bytes, so an extra *4
    603. 

  603. 		  state = AddRoundKey(state, w, round*4*4);
    604. 

  604. 		  state = InvMixColumns(state);
    605. 

  605. 	   }
    606. 

  606. 

  607. 	   InvShiftRows(state);
    608. 

  608. 	   SubBytes(state, S_dec);
    609. 

  609. 	   AddRoundKey(state, w, 0);
    610. 

  610. 

  611. 	   // process output
    612. 

  612. 	   AES_output = transpose( state );
    613. 

  613. 	   var szOutput = format_AES_output(!bASCII);
    614. 

  614. 	   return szOutput;
    615. 

  615. 	}
    616. 

  616. 	window.aes_encrypt = aes_encrypt;
    617. 

  617. 	window.aes_decrypt = aes_decrypt;
    618. 

  618. 	window.console = window.console || {
    619. 

  619. 		log: function() {}
    620. 

  620. 	};
    621. 

  621. }());
    622.