334 int a2 = (b[2] != 0) ? alog[(a + log[b[2] & 0xFF]) % 255] & 0xFF : 0; 335 int a3 = (b[3] != 0) ? alog[(a + log[b[3] & 0xFF]) % 255] & 0xFF : 0; 336 return a0 << 24 | a1 << 16 | a2 << 8 | a3; 337 } 338 339 // check if the specified length (in bytes) is a valid keysize for AES 340 static final boolean isKeySizeValid(int len) { 341 for (int i = 0; i < AES_KEYSIZES.length; i++) { 342 if (len == AES_KEYSIZES[i]) { 343 return true; 344 } 345 } 346 return false; 347 } 348 349 /** 350 * Encrypt exactly one block of plaintext. 351 */ 352 void encryptBlock(byte[] in, int inOffset, 353 byte[] out, int outOffset) { 354 cryptBlockCheck(in, inOffset); 355 cryptBlockCheck(out, outOffset); 356 implEncryptBlock(in, inOffset, out, outOffset); 357 } 358 359 // Encryption operation. Possibly replaced with a compiler intrinsic. 360 @HotSpotIntrinsicCandidate 361 private void implEncryptBlock(byte[] in, int inOffset, 362 byte[] out, int outOffset) 363 { 364 int keyOffset = 0; 365 int t0 = ((in[inOffset++] ) << 24 | 366 (in[inOffset++] & 0xFF) << 16 | 367 (in[inOffset++] & 0xFF) << 8 | 368 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 369 int t1 = ((in[inOffset++] ) << 24 | 370 (in[inOffset++] & 0xFF) << 16 | 371 (in[inOffset++] & 0xFF) << 8 | 372 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 373 int t2 = ((in[inOffset++] ) << 24 | 374 (in[inOffset++] & 0xFF) << 16 | 375 (in[inOffset++] & 0xFF) << 8 | 413 out[outOffset++] = (byte)(S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16)); 414 out[outOffset++] = (byte)(S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8)); 415 out[outOffset++] = (byte)(S[(t0 ) & 0xFF] ^ (tt )); 416 tt = K[keyOffset++]; 417 out[outOffset++] = (byte)(S[(t2 >>> 24) ] ^ (tt >>> 24)); 418 out[outOffset++] = (byte)(S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16)); 419 out[outOffset++] = (byte)(S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8)); 420 out[outOffset++] = (byte)(S[(t1 ) & 0xFF] ^ (tt )); 421 tt = K[keyOffset++]; 422 out[outOffset++] = (byte)(S[(t3 >>> 24) ] ^ (tt >>> 24)); 423 out[outOffset++] = (byte)(S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16)); 424 out[outOffset++] = (byte)(S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8)); 425 out[outOffset ] = (byte)(S[(t2 ) & 0xFF] ^ (tt )); 426 } 427 428 /** 429 * Decrypt exactly one block of plaintext. 430 */ 431 void decryptBlock(byte[] in, int inOffset, 432 byte[] out, int outOffset) { 433 cryptBlockCheck(in, inOffset); 434 cryptBlockCheck(out, outOffset); 435 implDecryptBlock(in, inOffset, out, outOffset); 436 } 437 438 // Decrypt operation. Possibly replaced with a compiler intrinsic. 439 @HotSpotIntrinsicCandidate 440 private void implDecryptBlock(byte[] in, int inOffset, 441 byte[] out, int outOffset) 442 { 443 int keyOffset = 4; 444 int t0 = ((in[inOffset++] ) << 24 | 445 (in[inOffset++] & 0xFF) << 16 | 446 (in[inOffset++] & 0xFF) << 8 | 447 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 448 int t1 = ((in[inOffset++] ) << 24 | 449 (in[inOffset++] & 0xFF) << 16 | 450 (in[inOffset++] & 0xFF) << 8 | 451 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 452 int t2 = ((in[inOffset++] ) << 24 | 453 (in[inOffset++] & 0xFF) << 16 | 454 (in[inOffset++] & 0xFF) << 8 | 574 t1 = K[0]; 575 out[outOffset++] = (byte)(Si[(a0 >>> 24) ] ^ (t1 >>> 24)); 576 out[outOffset++] = (byte)(Si[(t3 >>> 16) & 0xFF] ^ (t1 >>> 16)); 577 out[outOffset++] = (byte)(Si[(a2 >>> 8) & 0xFF] ^ (t1 >>> 8)); 578 out[outOffset++] = (byte)(Si[(a1 ) & 0xFF] ^ (t1 )); 579 t1 = K[1]; 580 out[outOffset++] = (byte)(Si[(a1 >>> 24) ] ^ (t1 >>> 24)); 581 out[outOffset++] = (byte)(Si[(a0 >>> 16) & 0xFF] ^ (t1 >>> 16)); 582 out[outOffset++] = (byte)(Si[(t3 >>> 8) & 0xFF] ^ (t1 >>> 8)); 583 out[outOffset++] = (byte)(Si[(a2 ) & 0xFF] ^ (t1 )); 584 t1 = K[2]; 585 out[outOffset++] = (byte)(Si[(a2 >>> 24) ] ^ (t1 >>> 24)); 586 out[outOffset++] = (byte)(Si[(a1 >>> 16) & 0xFF] ^ (t1 >>> 16)); 587 out[outOffset++] = (byte)(Si[(a0 >>> 8) & 0xFF] ^ (t1 >>> 8)); 588 out[outOffset++] = (byte)(Si[(t3 ) & 0xFF] ^ (t1 )); 589 t1 = K[3]; 590 out[outOffset++] = (byte)(Si[(t3 >>> 24) ] ^ (t1 >>> 24)); 591 out[outOffset++] = (byte)(Si[(a2 >>> 16) & 0xFF] ^ (t1 >>> 16)); 592 out[outOffset++] = (byte)(Si[(a1 >>> 8) & 0xFF] ^ (t1 >>> 8)); 593 out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 )); 594 } 595 596 // Used to perform all checks required by the Java semantics 597 // (i.e., null checks and bounds checks) on the input parameters 598 // to encryptBlock and to decryptBlock. 599 // Normally, the Java Runtime performs these checks, however, as 600 // encryptBlock and decryptBlock are possibly replaced with 601 // compiler intrinsics, the JDK performs the required checks instead. 602 // Does not check accesses to class-internal (private) arrays. 603 private static void cryptBlockCheck(byte[] array, int offset) { 604 Objects.requireNonNull(array); 605 606 if (offset < 0 || offset >= array.length) { 607 throw new ArrayIndexOutOfBoundsException(offset); 608 } 609 610 int largestIndex = offset + AES_BLOCK_SIZE - 1; 611 if (largestIndex < 0 || largestIndex >= array.length) { 612 throw new ArrayIndexOutOfBoundsException(largestIndex); 613 } 614 } 615 616 /** 617 * Expand a user-supplied key material into a session key. 618 * 619 * @param k The 128/192/256-bit cipher key to use. 620 * @exception InvalidKeyException If the key is invalid. 621 */ 622 private void makeSessionKey(byte[] k) throws InvalidKeyException { 623 if (k == null) { 624 throw new InvalidKeyException("Empty key"); 625 } 626 if (!isKeySizeValid(k.length)) { 627 throw new InvalidKeyException("Invalid AES key length: " + 628 k.length + " bytes"); 629 } 630 int ROUNDS = getRounds(k.length); 631 int ROUND_KEY_COUNT = (ROUNDS + 1) * 4; 632 633 int BC = 4; | 334 int a2 = (b[2] != 0) ? alog[(a + log[b[2] & 0xFF]) % 255] & 0xFF : 0; 335 int a3 = (b[3] != 0) ? alog[(a + log[b[3] & 0xFF]) % 255] & 0xFF : 0; 336 return a0 << 24 | a1 << 16 | a2 << 8 | a3; 337 } 338 339 // check if the specified length (in bytes) is a valid keysize for AES 340 static final boolean isKeySizeValid(int len) { 341 for (int i = 0; i < AES_KEYSIZES.length; i++) { 342 if (len == AES_KEYSIZES[i]) { 343 return true; 344 } 345 } 346 return false; 347 } 348 349 /** 350 * Encrypt exactly one block of plaintext. 351 */ 352 void encryptBlock(byte[] in, int inOffset, 353 byte[] out, int outOffset) { 354 Objects.checkFromIndexSize(inOffset, AES_BLOCK_SIZE, in.length); 355 Objects.checkFromIndexSize(outOffset, AES_BLOCK_SIZE, out.length); 356 implEncryptBlock(in, inOffset, out, outOffset); 357 } 358 359 // Encryption operation. Possibly replaced with a compiler intrinsic. 360 @HotSpotIntrinsicCandidate 361 private void implEncryptBlock(byte[] in, int inOffset, 362 byte[] out, int outOffset) 363 { 364 int keyOffset = 0; 365 int t0 = ((in[inOffset++] ) << 24 | 366 (in[inOffset++] & 0xFF) << 16 | 367 (in[inOffset++] & 0xFF) << 8 | 368 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 369 int t1 = ((in[inOffset++] ) << 24 | 370 (in[inOffset++] & 0xFF) << 16 | 371 (in[inOffset++] & 0xFF) << 8 | 372 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 373 int t2 = ((in[inOffset++] ) << 24 | 374 (in[inOffset++] & 0xFF) << 16 | 375 (in[inOffset++] & 0xFF) << 8 | 413 out[outOffset++] = (byte)(S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16)); 414 out[outOffset++] = (byte)(S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8)); 415 out[outOffset++] = (byte)(S[(t0 ) & 0xFF] ^ (tt )); 416 tt = K[keyOffset++]; 417 out[outOffset++] = (byte)(S[(t2 >>> 24) ] ^ (tt >>> 24)); 418 out[outOffset++] = (byte)(S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16)); 419 out[outOffset++] = (byte)(S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8)); 420 out[outOffset++] = (byte)(S[(t1 ) & 0xFF] ^ (tt )); 421 tt = K[keyOffset++]; 422 out[outOffset++] = (byte)(S[(t3 >>> 24) ] ^ (tt >>> 24)); 423 out[outOffset++] = (byte)(S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16)); 424 out[outOffset++] = (byte)(S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8)); 425 out[outOffset ] = (byte)(S[(t2 ) & 0xFF] ^ (tt )); 426 } 427 428 /** 429 * Decrypt exactly one block of plaintext. 430 */ 431 void decryptBlock(byte[] in, int inOffset, 432 byte[] out, int outOffset) { 433 Objects.checkFromIndexSize(inOffset, AES_BLOCK_SIZE, in.length); 434 Objects.checkFromIndexSize(outOffset, AES_BLOCK_SIZE, out.length); 435 implDecryptBlock(in, inOffset, out, outOffset); 436 } 437 438 // Decrypt operation. Possibly replaced with a compiler intrinsic. 439 @HotSpotIntrinsicCandidate 440 private void implDecryptBlock(byte[] in, int inOffset, 441 byte[] out, int outOffset) 442 { 443 int keyOffset = 4; 444 int t0 = ((in[inOffset++] ) << 24 | 445 (in[inOffset++] & 0xFF) << 16 | 446 (in[inOffset++] & 0xFF) << 8 | 447 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 448 int t1 = ((in[inOffset++] ) << 24 | 449 (in[inOffset++] & 0xFF) << 16 | 450 (in[inOffset++] & 0xFF) << 8 | 451 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++]; 452 int t2 = ((in[inOffset++] ) << 24 | 453 (in[inOffset++] & 0xFF) << 16 | 454 (in[inOffset++] & 0xFF) << 8 | 574 t1 = K[0]; 575 out[outOffset++] = (byte)(Si[(a0 >>> 24) ] ^ (t1 >>> 24)); 576 out[outOffset++] = (byte)(Si[(t3 >>> 16) & 0xFF] ^ (t1 >>> 16)); 577 out[outOffset++] = (byte)(Si[(a2 >>> 8) & 0xFF] ^ (t1 >>> 8)); 578 out[outOffset++] = (byte)(Si[(a1 ) & 0xFF] ^ (t1 )); 579 t1 = K[1]; 580 out[outOffset++] = (byte)(Si[(a1 >>> 24) ] ^ (t1 >>> 24)); 581 out[outOffset++] = (byte)(Si[(a0 >>> 16) & 0xFF] ^ (t1 >>> 16)); 582 out[outOffset++] = (byte)(Si[(t3 >>> 8) & 0xFF] ^ (t1 >>> 8)); 583 out[outOffset++] = (byte)(Si[(a2 ) & 0xFF] ^ (t1 )); 584 t1 = K[2]; 585 out[outOffset++] = (byte)(Si[(a2 >>> 24) ] ^ (t1 >>> 24)); 586 out[outOffset++] = (byte)(Si[(a1 >>> 16) & 0xFF] ^ (t1 >>> 16)); 587 out[outOffset++] = (byte)(Si[(a0 >>> 8) & 0xFF] ^ (t1 >>> 8)); 588 out[outOffset++] = (byte)(Si[(t3 ) & 0xFF] ^ (t1 )); 589 t1 = K[3]; 590 out[outOffset++] = (byte)(Si[(t3 >>> 24) ] ^ (t1 >>> 24)); 591 out[outOffset++] = (byte)(Si[(a2 >>> 16) & 0xFF] ^ (t1 >>> 16)); 592 out[outOffset++] = (byte)(Si[(a1 >>> 8) & 0xFF] ^ (t1 >>> 8)); 593 out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 )); 594 } 595 596 /** 597 * Expand a user-supplied key material into a session key. 598 * 599 * @param k The 128/192/256-bit cipher key to use. 600 * @exception InvalidKeyException If the key is invalid. 601 */ 602 private void makeSessionKey(byte[] k) throws InvalidKeyException { 603 if (k == null) { 604 throw new InvalidKeyException("Empty key"); 605 } 606 if (!isKeySizeValid(k.length)) { 607 throw new InvalidKeyException("Invalid AES key length: " + 608 k.length + " bytes"); 609 } 610 int ROUNDS = getRounds(k.length); 611 int ROUND_KEY_COUNT = (ROUNDS + 1) * 4; 612 613 int BC = 4; |