UNPKG

8.65 kBJavaScriptView Raw
1;(function (root, factory, undef) {
2 if (typeof exports === "object") {
3 // CommonJS
4 module.exports = exports = factory(require("./core"), require("./enc-base64"), require("./md5"), require("./evpkdf"), require("./cipher-core"));
5 }
6 else if (typeof define === "function" && define.amd) {
7 // AMD
8 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9 }
10 else {
11 // Global (browser)
12 factory(root.CryptoJS);
13 }
14}(this, function (CryptoJS) {
15
16 (function () {
17 // Shortcuts
18 var C = CryptoJS;
19 var C_lib = C.lib;
20 var BlockCipher = C_lib.BlockCipher;
21 var C_algo = C.algo;
22
23 // Lookup tables
24 var SBOX = [];
25 var INV_SBOX = [];
26 var SUB_MIX_0 = [];
27 var SUB_MIX_1 = [];
28 var SUB_MIX_2 = [];
29 var SUB_MIX_3 = [];
30 var INV_SUB_MIX_0 = [];
31 var INV_SUB_MIX_1 = [];
32 var INV_SUB_MIX_2 = [];
33 var INV_SUB_MIX_3 = [];
34
35 // Compute lookup tables
36 (function () {
37 // Compute double table
38 var d = [];
39 for (var i = 0; i < 256; i++) {
40 if (i < 128) {
41 d[i] = i << 1;
42 } else {
43 d[i] = (i << 1) ^ 0x11b;
44 }
45 }
46
47 // Walk GF(2^8)
48 var x = 0;
49 var xi = 0;
50 for (var i = 0; i < 256; i++) {
51 // Compute sbox
52 var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
53 sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
54 SBOX[x] = sx;
55 INV_SBOX[sx] = x;
56
57 // Compute multiplication
58 var x2 = d[x];
59 var x4 = d[x2];
60 var x8 = d[x4];
61
62 // Compute sub bytes, mix columns tables
63 var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
64 SUB_MIX_0[x] = (t << 24) | (t >>> 8);
65 SUB_MIX_1[x] = (t << 16) | (t >>> 16);
66 SUB_MIX_2[x] = (t << 8) | (t >>> 24);
67 SUB_MIX_3[x] = t;
68
69 // Compute inv sub bytes, inv mix columns tables
70 var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
71 INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
72 INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
73 INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
74 INV_SUB_MIX_3[sx] = t;
75
76 // Compute next counter
77 if (!x) {
78 x = xi = 1;
79 } else {
80 x = x2 ^ d[d[d[x8 ^ x2]]];
81 xi ^= d[d[xi]];
82 }
83 }
84 }());
85
86 // Precomputed Rcon lookup
87 var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
88
89 /**
90 * AES block cipher algorithm.
91 */
92 var AES = C_algo.AES = BlockCipher.extend({
93 _doReset: function () {
94 var t;
95
96 // Skip reset of nRounds has been set before and key did not change
97 if (this._nRounds && this._keyPriorReset === this._key) {
98 return;
99 }
100
101 // Shortcuts
102 var key = this._keyPriorReset = this._key;
103 var keyWords = key.words;
104 var keySize = key.sigBytes / 4;
105
106 // Compute number of rounds
107 var nRounds = this._nRounds = keySize + 6;
108
109 // Compute number of key schedule rows
110 var ksRows = (nRounds + 1) * 4;
111
112 // Compute key schedule
113 var keySchedule = this._keySchedule = [];
114 for (var ksRow = 0; ksRow < ksRows; ksRow++) {
115 if (ksRow < keySize) {
116 keySchedule[ksRow] = keyWords[ksRow];
117 } else {
118 t = keySchedule[ksRow - 1];
119
120 if (!(ksRow % keySize)) {
121 // Rot word
122 t = (t << 8) | (t >>> 24);
123
124 // Sub word
125 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
126
127 // Mix Rcon
128 t ^= RCON[(ksRow / keySize) | 0] << 24;
129 } else if (keySize > 6 && ksRow % keySize == 4) {
130 // Sub word
131 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
132 }
133
134 keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
135 }
136 }
137
138 // Compute inv key schedule
139 var invKeySchedule = this._invKeySchedule = [];
140 for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
141 var ksRow = ksRows - invKsRow;
142
143 if (invKsRow % 4) {
144 var t = keySchedule[ksRow];
145 } else {
146 var t = keySchedule[ksRow - 4];
147 }
148
149 if (invKsRow < 4 || ksRow <= 4) {
150 invKeySchedule[invKsRow] = t;
151 } else {
152 invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
153 INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
154 }
155 }
156 },
157
158 encryptBlock: function (M, offset) {
159 this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
160 },
161
162 decryptBlock: function (M, offset) {
163 // Swap 2nd and 4th rows
164 var t = M[offset + 1];
165 M[offset + 1] = M[offset + 3];
166 M[offset + 3] = t;
167
168 this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
169
170 // Inv swap 2nd and 4th rows
171 var t = M[offset + 1];
172 M[offset + 1] = M[offset + 3];
173 M[offset + 3] = t;
174 },
175
176 _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
177 // Shortcut
178 var nRounds = this._nRounds;
179
180 // Get input, add round key
181 var s0 = M[offset] ^ keySchedule[0];
182 var s1 = M[offset + 1] ^ keySchedule[1];
183 var s2 = M[offset + 2] ^ keySchedule[2];
184 var s3 = M[offset + 3] ^ keySchedule[3];
185
186 // Key schedule row counter
187 var ksRow = 4;
188
189 // Rounds
190 for (var round = 1; round < nRounds; round++) {
191 // Shift rows, sub bytes, mix columns, add round key
192 var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
193 var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
194 var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
195 var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
196
197 // Update state
198 s0 = t0;
199 s1 = t1;
200 s2 = t2;
201 s3 = t3;
202 }
203
204 // Shift rows, sub bytes, add round key
205 var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
206 var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
207 var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
208 var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
209
210 // Set output
211 M[offset] = t0;
212 M[offset + 1] = t1;
213 M[offset + 2] = t2;
214 M[offset + 3] = t3;
215 },
216
217 keySize: 256/32
218 });
219
220 /**
221 * Shortcut functions to the cipher's object interface.
222 *
223 * @example
224 *
225 * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
226 * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
227 */
228 C.AES = BlockCipher._createHelper(AES);
229 }());
230
231
232 return CryptoJS.AES;
233
234}));
\No newline at end of file