aes.java

a javacard software AES implementation

    //  ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);

    
   
    // Copy user material bytes into temporary ints.
    for ( i = 0, j = 0; i < KC2; )
    {
      tk[i++] = (short)( ( key[(short)(off+j++)] & 0xFF ) << 8 | ( key[(short)(off+j++)] & 0xFF ) );
    }
    // Copy values into round key arrays.
    t = 0;
    for ( j = 0; ( j < KC ) && ( t < ROUND_KEY_COUNT ); ++j, ++t )
    {
      if (mode==0x01)
        k = (short)(2*(t / BC*BC+t % BC));
      else
        k = (short)(2*((ROUNDS - ( t / BC ))*BC+t % BC));
      K[k] = tk[(short)(j*2)];
      K[(short)(k+1)] = tk[(short)(j*2+1)];
    }
   
    r = 0;
    while ( t < ROUND_KEY_COUNT )
    {
      // Extrapolate using phi (the round key evolution function).
      tth = tk[(short)((KC - 1)*2)]; ttl = tk[(short)((KC-1)*2+1)];
      tk[0] ^= ( S[( tth ) & 0xFF] & 0xFF ) << 8 ^
                 ( S[( ttl >>>  8 ) & 0xFF] & 0xFF ) ^
                 ( rcon[r++]     & 0xFF ) << 8;
      tk[1] ^= ( S[  ttl          & 0xFF] & 0xFF ) <<  8 ^
                   ( S[( tth >>> 8 ) & 0xFF] & 0xFF );
      if ( KC != 8 )
        for ( i = 2, j = 0; i < KC2; )
        {
          tk[i++] ^= tk[j++];
        }
      else
      {
        for ( i = 1, j = 0; i < KC / 2; )
        {
          tk[i*2] ^= tk[j*2]; tk[i*2+1] ^= tk[j*2+1]; i++; j++;
        }
        tth = tk[(KC / 2 - 1)*2]; ttl = tk[(KC / 2 - 1)*2+1];
        tk[(KC / 2)*2] ^= ( S[( tth ) & 0xFF] & 0xFF )          ^
                          ( S[( tth >>> 8 ) & 0xFF] & 0xFF ) << 8;
        tk[(KC/2)*2+1] ^= ( S[  ttl          & 0xFF] & 0xFF )   ^
                          ( S[( ttl >>>  8 ) & 0xFF] & 0xFF ) <<  8;
        for ( j = (short)(KC / 2), i = (short)(j + 1); i < KC; )
        {
          tk[(short)(i*2)] ^= tk[(short)(j*2)]; tk[(short)(i*2+1)] ^= tk[(short)(j*2+1)]; i++; j++;
        }
      }
      // Copy values into round key arrays.
      for ( j = 0; ( j < KC ) && ( t < ROUND_KEY_COUNT ); ++j, ++t )
      {
        if (mode==0x01)
          k = (short)(2*(t / BC*BC+t % BC));
        else
          k = (short)( 2*((ROUNDS - ( t / BC ))*BC+t % BC) );
        K[k] = tk[(short)(j*2)];
        K[(short)(k+1)] = tk[(short)(j*2+1)];
      }
    }
    // Only for Decryption
    if (mode==0x02)
    for ( r = 1; r < ROUNDS; ++r )  // inverse MixColumn where needed
      for ( j = 0; j < BC; ++j )
      {
        tth = K[(short)((r*BC+j)*2)];
        ttl = K[(short)((r*BC+j)*2+1)];

        i = (short)(( tth >>> 8 ) & 0xFF);
        k = (short)(( tth  ) & 0xFF);
        s = (short)(( ttl >>> 8  ) & 0xFF);
        t = (short)(  ttl          & 0xFF);
        K[(short)((r*BC+j)*2)] = (short)(
                         box[(short)(i*2)] ^ box[(short)(512+k*2)] ^ cox[(short)(s*2)] ^ cox[(short)(512+t*2)]);
        K[(short)((r*BC+j)*2+1)] = (short)(
                         box[(short)(i*2+1)] ^ box[(short)(512+k*2+1)] ^ cox[(short)(s*2+1)] ^ cox[(short)(512+t*2+1)]
                         );
      }

  }
 
 
 private void copyShortArray(short[] a, short[] b)
  {short i;
    //if (a.length!=b.length)
    //  ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
    
	 for(i=0;i<a.length;i++)  b[i] = a[i];
  }
 
 
  /// Encrypt a block.
  public void encrypt( byte[] clearText, short clearOff, byte[] cipherText, short cipherOff )
  {   
	short i,j,k,r,s,t ;  
	  
	short s1 = shifts[SC*4+1*2+0];
    short s2 = shifts[SC*4+2*2+0];
    short s3 = shifts[SC*4+3*2+0];
    

	short tth, ttl;

    for ( i = 0; i < BC; ++i )  // plaintext to ints + key
    {
	  tmp[(short)(i*2)] = (short)( ( ( (short)clearText[(short)(clearOff++)] & (short)0xFF ) << 8 |
               ( (short)clearText[(short)(clearOff++)] & (short)0xFF )) ^ K[(short)((0*BC+i)*2)] );
      
	  tmp[(short)(i*2+1)] = (short)( ( ( (short)clearText[(short)(clearOff++)] & (short)0xFF ) << 8 |
                 ((short)clearText[(short)(clearOff++)] & (short)0xFF )) ^ K[(short)((0*BC+i)*2+1)] );
  	}

    // Apply round transforms.
    for ( r = 1; r < ROUNDS; ++r )
    {
      for ( i = 0; i < BC; ++i )
      {
        j = (short)(( tmp[(short)(i*2)] >> 8 )                   & (short)0xFF);
        k = (short)(( tmp[(short)(((short)(( i + s1 )) % BC)*2)] )        & (short)0xFF);
        s = (short)(( tmp[(short)(((short)(( i + s2 )) % BC)*2+(short)1)] >> 8 ) & (short)0xFF);
        t = (short)(  tmp[(short)(((short)(( i + s3 )) % BC)*2+(short)1)]        & (short)0xFF);
		
        a[(short)(i*2)]   = (short)(box[(short)(j*2)]   ^ box[(short)(512+k*2)]   ^ cox[(short)(s*2)]   ^ cox[(short)(512+t*2)]   ^ K[(short)((r*BC+i)*2)]);
        a[(short)(i*2+1)] = (short)(box[(short)(j*2+1)] ^ box[(short)(512+k*2+1)] ^ cox[(short)(s*2+1)] ^ cox[(short)(512+t*2+1)] ^ K[(short)((r*BC+i)*2+1)]);
      }
      copyShortArray( a, tmp);
    }

    // Last round is special.
    for ( i = 0; i < BC; ++i )
    {
      tth = K[(short)((ROUNDS*BC+i)*2)];
      ttl = K[(short)((ROUNDS*BC+i)*2+1)];
	  
      cipherText[(short)(cipherOff++)] =
        (byte) ( S[(short)(( tmp[ (short)(i*2)] >>> 8 ) & (short)0xFF)] ^
        (short)(( (short)0xFF & (tth >>> 8) ) ));
      
	  cipherText[(short)(cipherOff++)] =
        (byte) ( S[(short)(( tmp[(short)((short)(((short)((i + s1 )) % BC))*(short)2)] ) & (short)0xFF)] ^
        (short)(( (short)0xFF & tth  ) ));
     
	  cipherText[(short)(cipherOff++)] =
        (byte) ( S[(short)(( tmp[(short)(((short)(( i + s2 )) % BC)*(short)2+(short)1)] >>>  8 ) & (short)0xFF)] ^
        (short)(((short)0xFF & (ttl >>>  8) ) ));
      
	  cipherText[(short)(cipherOff++)] =
        (byte) ( S[(short)(  tmp[(short)(((short)(( i + s3 )) % BC)*(short)2+(short)1)] & (short)0xFF)] ^
        (short)(((short)0xFF & ttl) ));
    }

  }

 } // aes