334 int a2 = (b[2] != 0) ? alog[(a + log[b[2] & 0xFF]) % 255] & 0xFF : 0;
335 int a3 = (b[3] != 0) ? alog[(a + log[b[3] & 0xFF]) % 255] & 0xFF : 0;
336 return a0 << 24 | a1 << 16 | a2 << 8 | a3;
337 }
338
339 // check if the specified length (in bytes) is a valid keysize for AES
340 static final boolean isKeySizeValid(int len) {
341 for (int i = 0; i < AES_KEYSIZES.length; i++) {
342 if (len == AES_KEYSIZES[i]) {
343 return true;
344 }
345 }
346 return false;
347 }
348
349 /**
350 * Encrypt exactly one block of plaintext.
351 */
352 void encryptBlock(byte[] in, int inOffset,
353 byte[] out, int outOffset) {
354 cryptBlockCheck(in, inOffset);
355 cryptBlockCheck(out, outOffset);
356 implEncryptBlock(in, inOffset, out, outOffset);
357 }
358
359 // Encryption operation. Possibly replaced with a compiler intrinsic.
360 @HotSpotIntrinsicCandidate
361 private void implEncryptBlock(byte[] in, int inOffset,
362 byte[] out, int outOffset)
363 {
364 int keyOffset = 0;
365 int t0 = ((in[inOffset++] ) << 24 |
366 (in[inOffset++] & 0xFF) << 16 |
367 (in[inOffset++] & 0xFF) << 8 |
368 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
369 int t1 = ((in[inOffset++] ) << 24 |
370 (in[inOffset++] & 0xFF) << 16 |
371 (in[inOffset++] & 0xFF) << 8 |
372 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
373 int t2 = ((in[inOffset++] ) << 24 |
374 (in[inOffset++] & 0xFF) << 16 |
375 (in[inOffset++] & 0xFF) << 8 |
413 out[outOffset++] = (byte)(S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
414 out[outOffset++] = (byte)(S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
415 out[outOffset++] = (byte)(S[(t0 ) & 0xFF] ^ (tt ));
416 tt = K[keyOffset++];
417 out[outOffset++] = (byte)(S[(t2 >>> 24) ] ^ (tt >>> 24));
418 out[outOffset++] = (byte)(S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
419 out[outOffset++] = (byte)(S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
420 out[outOffset++] = (byte)(S[(t1 ) & 0xFF] ^ (tt ));
421 tt = K[keyOffset++];
422 out[outOffset++] = (byte)(S[(t3 >>> 24) ] ^ (tt >>> 24));
423 out[outOffset++] = (byte)(S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
424 out[outOffset++] = (byte)(S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
425 out[outOffset ] = (byte)(S[(t2 ) & 0xFF] ^ (tt ));
426 }
427
428 /**
429 * Decrypt exactly one block of plaintext.
430 */
431 void decryptBlock(byte[] in, int inOffset,
432 byte[] out, int outOffset) {
433 cryptBlockCheck(in, inOffset);
434 cryptBlockCheck(out, outOffset);
435 implDecryptBlock(in, inOffset, out, outOffset);
436 }
437
438 // Decrypt operation. Possibly replaced with a compiler intrinsic.
439 @HotSpotIntrinsicCandidate
440 private void implDecryptBlock(byte[] in, int inOffset,
441 byte[] out, int outOffset)
442 {
443 int keyOffset = 4;
444 int t0 = ((in[inOffset++] ) << 24 |
445 (in[inOffset++] & 0xFF) << 16 |
446 (in[inOffset++] & 0xFF) << 8 |
447 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
448 int t1 = ((in[inOffset++] ) << 24 |
449 (in[inOffset++] & 0xFF) << 16 |
450 (in[inOffset++] & 0xFF) << 8 |
451 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
452 int t2 = ((in[inOffset++] ) << 24 |
453 (in[inOffset++] & 0xFF) << 16 |
454 (in[inOffset++] & 0xFF) << 8 |
574 t1 = K[0];
575 out[outOffset++] = (byte)(Si[(a0 >>> 24) ] ^ (t1 >>> 24));
576 out[outOffset++] = (byte)(Si[(t3 >>> 16) & 0xFF] ^ (t1 >>> 16));
577 out[outOffset++] = (byte)(Si[(a2 >>> 8) & 0xFF] ^ (t1 >>> 8));
578 out[outOffset++] = (byte)(Si[(a1 ) & 0xFF] ^ (t1 ));
579 t1 = K[1];
580 out[outOffset++] = (byte)(Si[(a1 >>> 24) ] ^ (t1 >>> 24));
581 out[outOffset++] = (byte)(Si[(a0 >>> 16) & 0xFF] ^ (t1 >>> 16));
582 out[outOffset++] = (byte)(Si[(t3 >>> 8) & 0xFF] ^ (t1 >>> 8));
583 out[outOffset++] = (byte)(Si[(a2 ) & 0xFF] ^ (t1 ));
584 t1 = K[2];
585 out[outOffset++] = (byte)(Si[(a2 >>> 24) ] ^ (t1 >>> 24));
586 out[outOffset++] = (byte)(Si[(a1 >>> 16) & 0xFF] ^ (t1 >>> 16));
587 out[outOffset++] = (byte)(Si[(a0 >>> 8) & 0xFF] ^ (t1 >>> 8));
588 out[outOffset++] = (byte)(Si[(t3 ) & 0xFF] ^ (t1 ));
589 t1 = K[3];
590 out[outOffset++] = (byte)(Si[(t3 >>> 24) ] ^ (t1 >>> 24));
591 out[outOffset++] = (byte)(Si[(a2 >>> 16) & 0xFF] ^ (t1 >>> 16));
592 out[outOffset++] = (byte)(Si[(a1 >>> 8) & 0xFF] ^ (t1 >>> 8));
593 out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 ));
594 }
595
596 // Used to perform all checks required by the Java semantics
597 // (i.e., null checks and bounds checks) on the input parameters
598 // to encryptBlock and to decryptBlock.
599 // Normally, the Java Runtime performs these checks, however, as
600 // encryptBlock and decryptBlock are possibly replaced with
601 // compiler intrinsics, the JDK performs the required checks instead.
602 // Does not check accesses to class-internal (private) arrays.
603 private static void cryptBlockCheck(byte[] array, int offset) {
604 Objects.requireNonNull(array);
605
606 if (offset < 0 || offset >= array.length) {
607 throw new ArrayIndexOutOfBoundsException(offset);
608 }
609
610 int largestIndex = offset + AES_BLOCK_SIZE - 1;
611 if (largestIndex < 0 || largestIndex >= array.length) {
612 throw new ArrayIndexOutOfBoundsException(largestIndex);
613 }
614 }
615
616 /**
617 * Expand a user-supplied key material into a session key.
618 *
619 * @param k The 128/192/256-bit cipher key to use.
620 * @exception InvalidKeyException If the key is invalid.
621 */
622 private void makeSessionKey(byte[] k) throws InvalidKeyException {
623 if (k == null) {
624 throw new InvalidKeyException("Empty key");
625 }
626 if (!isKeySizeValid(k.length)) {
627 throw new InvalidKeyException("Invalid AES key length: " +
628 k.length + " bytes");
629 }
630 int ROUNDS = getRounds(k.length);
631 int ROUND_KEY_COUNT = (ROUNDS + 1) * 4;
632
633 int BC = 4;
|
334 int a2 = (b[2] != 0) ? alog[(a + log[b[2] & 0xFF]) % 255] & 0xFF : 0;
335 int a3 = (b[3] != 0) ? alog[(a + log[b[3] & 0xFF]) % 255] & 0xFF : 0;
336 return a0 << 24 | a1 << 16 | a2 << 8 | a3;
337 }
338
339 // check if the specified length (in bytes) is a valid keysize for AES
340 static final boolean isKeySizeValid(int len) {
341 for (int i = 0; i < AES_KEYSIZES.length; i++) {
342 if (len == AES_KEYSIZES[i]) {
343 return true;
344 }
345 }
346 return false;
347 }
348
349 /**
350 * Encrypt exactly one block of plaintext.
351 */
352 void encryptBlock(byte[] in, int inOffset,
353 byte[] out, int outOffset) {
354 Objects.checkFromIndexSize(inOffset, AES_BLOCK_SIZE, in.length);
355 Objects.checkFromIndexSize(outOffset, AES_BLOCK_SIZE, out.length);
356 implEncryptBlock(in, inOffset, out, outOffset);
357 }
358
359 // Encryption operation. Possibly replaced with a compiler intrinsic.
360 @HotSpotIntrinsicCandidate
361 private void implEncryptBlock(byte[] in, int inOffset,
362 byte[] out, int outOffset)
363 {
364 int keyOffset = 0;
365 int t0 = ((in[inOffset++] ) << 24 |
366 (in[inOffset++] & 0xFF) << 16 |
367 (in[inOffset++] & 0xFF) << 8 |
368 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
369 int t1 = ((in[inOffset++] ) << 24 |
370 (in[inOffset++] & 0xFF) << 16 |
371 (in[inOffset++] & 0xFF) << 8 |
372 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
373 int t2 = ((in[inOffset++] ) << 24 |
374 (in[inOffset++] & 0xFF) << 16 |
375 (in[inOffset++] & 0xFF) << 8 |
413 out[outOffset++] = (byte)(S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
414 out[outOffset++] = (byte)(S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
415 out[outOffset++] = (byte)(S[(t0 ) & 0xFF] ^ (tt ));
416 tt = K[keyOffset++];
417 out[outOffset++] = (byte)(S[(t2 >>> 24) ] ^ (tt >>> 24));
418 out[outOffset++] = (byte)(S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
419 out[outOffset++] = (byte)(S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
420 out[outOffset++] = (byte)(S[(t1 ) & 0xFF] ^ (tt ));
421 tt = K[keyOffset++];
422 out[outOffset++] = (byte)(S[(t3 >>> 24) ] ^ (tt >>> 24));
423 out[outOffset++] = (byte)(S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
424 out[outOffset++] = (byte)(S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
425 out[outOffset ] = (byte)(S[(t2 ) & 0xFF] ^ (tt ));
426 }
427
428 /**
429 * Decrypt exactly one block of plaintext.
430 */
431 void decryptBlock(byte[] in, int inOffset,
432 byte[] out, int outOffset) {
433 Objects.checkFromIndexSize(inOffset, AES_BLOCK_SIZE, in.length);
434 Objects.checkFromIndexSize(outOffset, AES_BLOCK_SIZE, out.length);
435 implDecryptBlock(in, inOffset, out, outOffset);
436 }
437
438 // Decrypt operation. Possibly replaced with a compiler intrinsic.
439 @HotSpotIntrinsicCandidate
440 private void implDecryptBlock(byte[] in, int inOffset,
441 byte[] out, int outOffset)
442 {
443 int keyOffset = 4;
444 int t0 = ((in[inOffset++] ) << 24 |
445 (in[inOffset++] & 0xFF) << 16 |
446 (in[inOffset++] & 0xFF) << 8 |
447 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
448 int t1 = ((in[inOffset++] ) << 24 |
449 (in[inOffset++] & 0xFF) << 16 |
450 (in[inOffset++] & 0xFF) << 8 |
451 (in[inOffset++] & 0xFF) ) ^ K[keyOffset++];
452 int t2 = ((in[inOffset++] ) << 24 |
453 (in[inOffset++] & 0xFF) << 16 |
454 (in[inOffset++] & 0xFF) << 8 |
574 t1 = K[0];
575 out[outOffset++] = (byte)(Si[(a0 >>> 24) ] ^ (t1 >>> 24));
576 out[outOffset++] = (byte)(Si[(t3 >>> 16) & 0xFF] ^ (t1 >>> 16));
577 out[outOffset++] = (byte)(Si[(a2 >>> 8) & 0xFF] ^ (t1 >>> 8));
578 out[outOffset++] = (byte)(Si[(a1 ) & 0xFF] ^ (t1 ));
579 t1 = K[1];
580 out[outOffset++] = (byte)(Si[(a1 >>> 24) ] ^ (t1 >>> 24));
581 out[outOffset++] = (byte)(Si[(a0 >>> 16) & 0xFF] ^ (t1 >>> 16));
582 out[outOffset++] = (byte)(Si[(t3 >>> 8) & 0xFF] ^ (t1 >>> 8));
583 out[outOffset++] = (byte)(Si[(a2 ) & 0xFF] ^ (t1 ));
584 t1 = K[2];
585 out[outOffset++] = (byte)(Si[(a2 >>> 24) ] ^ (t1 >>> 24));
586 out[outOffset++] = (byte)(Si[(a1 >>> 16) & 0xFF] ^ (t1 >>> 16));
587 out[outOffset++] = (byte)(Si[(a0 >>> 8) & 0xFF] ^ (t1 >>> 8));
588 out[outOffset++] = (byte)(Si[(t3 ) & 0xFF] ^ (t1 ));
589 t1 = K[3];
590 out[outOffset++] = (byte)(Si[(t3 >>> 24) ] ^ (t1 >>> 24));
591 out[outOffset++] = (byte)(Si[(a2 >>> 16) & 0xFF] ^ (t1 >>> 16));
592 out[outOffset++] = (byte)(Si[(a1 >>> 8) & 0xFF] ^ (t1 >>> 8));
593 out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 ));
594 }
595
596 /**
597 * Expand a user-supplied key material into a session key.
598 *
599 * @param k The 128/192/256-bit cipher key to use.
600 * @exception InvalidKeyException If the key is invalid.
601 */
602 private void makeSessionKey(byte[] k) throws InvalidKeyException {
603 if (k == null) {
604 throw new InvalidKeyException("Empty key");
605 }
606 if (!isKeySizeValid(k.length)) {
607 throw new InvalidKeyException("Invalid AES key length: " +
608 k.length + " bytes");
609 }
610 int ROUNDS = getRounds(k.length);
611 int ROUND_KEY_COUNT = (ROUNDS + 1) * 4;
612
613 int BC = 4;
|