Home Explore Help
Register Sign In
oberon
/
A2OS
mirror of https://github.com/yarrom/A2OS.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: eb0c59eee4
Branches Tags
A2OS
/
source
/
CryptoAES.Mod

CryptoAES.Mod 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366 
  1. MODULE CryptoAES;   (** AES (Rijndael) de/encryption *)
    2. 

  2. 

  3. (*	2002.07.22	g.f.  *)
    4. 

  4. 

  5. IMPORT  S := SYSTEM, Ciphers := CryptoCiphers, U := CryptoUtils;
    6. 

  6. 

  7. CONST
    8. 

  8. 	MaxR = 14;  
    9. 

  9. 	ECB = Ciphers.ECB;  CBC = Ciphers.CBC;  CTR = Ciphers.CTR;
    10. 

  10. 	
    11. 

  11. 	b0 = S.VAL( SET, 0FFH );  b1 = S.VAL( SET, 0FF00H );  
    12. 

  12. 	b2 = S.VAL( SET, 0FF0000H );  b3 = S.VAL( SET, 0FF000000H );
    13. 

  13. 

  14. TYPE
    15. 

  15. 	RTable = ARRAY 256 OF SET;
    16. 

  16. 

  17. VAR
    18. 

  18. 	e0, e1, e2, e3, e4: RTable;
    19. 

  19. 	d0, d1, d2, d3, d4: RTable;
    20. 

  20. 	rcon: ARRAY 10 OF SET;   (* for 128-bit blocks, Rijndael never uses more than 10 rcon values *)
    21. 

  21. 

  22. TYPE
    23. 

  23. 	Cipher* = OBJECT (Ciphers.Cipher)
    24. 

  24. 			TYPE
    25. 

  25. 				RKeys = ARRAY 4*(MaxR + 1) OF SET;
    26. 

  26. 				Block = ARRAY 4 OF SET;
    27. 

  27. 				Ind4 = RECORD a, b, c, d: LONGINT END;
    28. 

  28. 			VAR
    29. 

  29. 				rounds: SHORTINT;
    30. 

  30. 				ekeys, dkeys: RKeys;
    31. 

  31. 				iv: Block;
    32. 

  32. 

  33. 				PROCEDURE InitKey*( CONST src: ARRAY OF CHAR; keybits: LONGINT );
    34. 

  34. 				BEGIN
    35. 

  35. 					InitKey^( src, keybits );
    36. 

  36. 					IF keybits = 128 THEN  rounds := Init128( ekeys, src )
    37. 

  37. 					ELSIF keybits = 192 THEN  rounds := Init192( ekeys, src )
    38. 

  38. 					ELSE  rounds := Init256( ekeys, src )
    39. 

  39. 					END;
    40. 

  40. 					dkeys := ekeys;  Invert( dkeys, rounds )
    41. 

  41. 				END InitKey;
    42. 

  42. 

  43. 				PROCEDURE SetIV*( CONST src: ARRAY OF CHAR; mode: SHORTINT );
    44. 

  44. 				BEGIN
    45. 

  45. 					SetIV^( src, mode );   (* set mode *)
    46. 

  46. 					U.BufferToBlockBE( src, 0, iv );
    47. 

  47. 				END SetIV;
    48. 

  48. 				
    49. 

  49. 				PROCEDURE IncIV;
    50. 

  50. 				VAR i, x: LONGINT;
    51. 

  51. 				BEGIN
    52. 

  52. 					i := 4;
    53. 

  53. 					REPEAT
    54. 

  54. 						DEC( i );
    55. 

  55. 						x := S.VAL( LONGINT, iv[i] ) + 1;  iv[i] := S.VAL( SET, x )
    56. 

  56. 					UNTIL (x # 0) OR (i = 0)
    57. 

  57. 				END IncIV;
    58. 

  58. 

  59. 				PROCEDURE Encrypt*( VAR buf: ARRAY OF CHAR;  ofs, len: LONGINT );
    60. 

  60. 				VAR i, j: LONGINT;  x, y: Block;
    61. 

  61. 				BEGIN
    62. 

  62. 					ASSERT( isKeyInitialized );
    63. 

  63. 					ASSERT( len MOD blockSize = 0 );   (* padding must have been added *)
    64. 

  64. 					i := 0;
    65. 

  65. 					WHILE i < len DO
    66. 

  66. 						U.BufferToBlockBE( buf, ofs + i, x );
    67. 

  67. 						CASE mode OF
    68. 

  68. 						| ECB:
    69. 

  69. 							FOR j := 0 TO 3 DO  x[j] := x[j] / ekeys[j]  END;
    70. 

  70. 							RoundE( ekeys, x, rounds );
    71. 

  71. 						| CBC:
    72. 

  72. 							FOR j := 0 TO 3 DO  x[j] := x[j] / ekeys[j] / iv[j]  END;
    73. 

  73. 							RoundE( ekeys, x, rounds );
    74. 

  74. 							iv := x;
    75. 

  75. 						| CTR:
    76. 

  76. 							FOR j := 0 TO 3 DO  y[j] := iv[j] / ekeys[j]  END;
    77. 

  77. 							RoundE( ekeys, y, rounds );
    78. 

  78. 							FOR j := 0 TO 3 DO  x[j] := x[j] / y[j]  END;
    79. 

  79. 							IncIV
    80. 

  80. 						END;
    81. 

  81. 						U.BlockToBufferBE( x, buf, ofs + i );
    82. 

  82. 						INC( i, blockSize )
    83. 

  83. 					END
    84. 

  84. 				END Encrypt;
    85. 

  85. 

  86. 				PROCEDURE Decrypt*( VAR buf: ARRAY OF CHAR;  ofs, len: LONGINT );
    87. 

  87. 				VAR x0, x, y: Block;  i, j: LONGINT;
    88. 

  88. 				BEGIN
    89. 

  89. 					ASSERT( isKeyInitialized );
    90. 

  90. 					ASSERT( len MOD blockSize = 0 );   (* padding must have been added *)
    91. 

  91. 					i := 0;
    92. 

  92. 					WHILE i < len DO
    93. 

  93. 						U.BufferToBlockBE( buf, ofs + i, x0 );
    94. 

  94. 						CASE mode OF
    95. 

  95. 						| ECB:
    96. 

  96. 							FOR j := 0 TO 3 DO  x[j] := x0[j] / dkeys[j]  END;
    97. 

  97. 							RoundD( dkeys, x, rounds );
    98. 

  98. 						| CBC:
    99. 

  99. 							FOR j := 0 TO 3 DO  x[j] := x0[j] / dkeys[j]  END;
    100. 

  100. 							RoundD( dkeys, x, rounds );
    101. 

  101. 							FOR j := 0 TO 3 DO  x[j] := x[j] / iv[j]  END;
    102. 

  102. 							iv := x0;
    103. 

  103. 						| CTR:
    104. 

  104. 							FOR j := 0 TO 3 DO  y[j] := iv[j] / ekeys[j]  END;
    105. 

  105. 							RoundE( ekeys, y, rounds );
    106. 

  106. 							FOR j := 0 TO 3 DO  x[j] := x0[j] / y[j]  END;
    107. 

  107. 							IncIV
    108. 

  108. 						END;
    109. 

  109. 						U.BlockToBufferBE( x, buf, ofs + i );
    110. 

  110. 						INC( i, blockSize )
    111. 

  111. 					END
    112. 

  112. 				END Decrypt;
    113. 

  113. 

  114. 

  115. 				PROCEDURE RoundE( CONST rk: RKeys;  VAR b: Block;  rounds: SHORTINT );
    116. 

  116. 				VAR p, r: LONGINT;  t0, t1, t2, t3, s0, s1, s2, s3: Ind4;
    117. 

  117. 				BEGIN
    118. 

  118. 					split( b[0], s0 );  split( b[1], s1 );  split( b[2], s2 );  split( b[3], s3 );
    119. 

  119. 					r := rounds DIV 2;  p := 0;
    120. 

  120. 					LOOP
    121. 

  121. 						split( e0[s0.d]/e1[s1.c]/e2[s2.b]/e3[s3.a]/rk[p + 4], t0 );
    122. 

  122. 						split( e0[s1.d]/e1[s2.c]/e2[s3.b]/e3[s0.a]/rk[p + 5], t1 );
    123. 

  123. 						split( e0[s2.d]/e1[s3.c]/e2[s0.b]/e3[s1.a]/rk[p + 6], t2 );
    124. 

  124. 						split( e0[s3.d]/e1[s0.c]/e2[s1.b]/e3[s2.a]/rk[p + 7], t3 );
    125. 

  125. 						INC( p, 8 );  DEC( r );
    126. 

  126. 						IF r = 0 THEN  EXIT  END;
    127. 

  127. 						split( e0[t0.d]/e1[t1.c]/e2[t2.b]/e3[t3.a]/rk[p + 0], s0 );
    128. 

  128. 						split( e0[t1.d]/e1[t2.c]/e2[t3.b]/e3[t0.a]/rk[p + 1], s1 );
    129. 

  129. 						split( e0[t2.d]/e1[t3.c]/e2[t0.b]/e3[t1.a]/rk[p + 2], s2 );
    130. 

  130. 						split( e0[t3.d]/e1[t0.c]/e2[t1.b]/e3[t2.a]/rk[p + 3], s3 );
    131. 

  131. 					END;
    132. 

  132. 					b[0] := (e4[t0.d]*b3)/(e4[t1.c]*b2)/(e4[t2.b]*b1)/(e4[t3.a]*b0)/rk[p + 0];
    133. 

  133. 					b[1] := (e4[t1.d]*b3)/(e4[t2.c]*b2)/(e4[t3.b]*b1)/(e4[t0.a]*b0)/rk[p + 1];
    134. 

  134. 					b[2] := (e4[t2.d]*b3)/(e4[t3.c]*b2)/(e4[t0.b]*b1)/(e4[t1.a]*b0)/rk[p + 2];
    135. 

  135. 					b[3] := (e4[t3.d]*b3)/(e4[t0.c]*b2)/(e4[t1.b]*b1)/(e4[t2.a]*b0)/rk[p + 3];
    136. 

  136. 				END RoundE;
    137. 

  137. 

  138. 				PROCEDURE RoundD( CONST rk: RKeys;  VAR b: Block;  rounds: SHORTINT );
    139. 

  139. 				VAR p, r: LONGINT;  t0, t1, t2, t3, s0, s1, s2, s3: Ind4;
    140. 

  140. 				BEGIN
    141. 

  141. 					split( b[0], s0 );  split( b[1], s1 );  split( b[2], s2 );  split( b[3], s3 );
    142. 

  142. 					r := rounds DIV 2;  p := 0;
    143. 

  143. 					LOOP
    144. 

  144. 						split( d0[s0.d]/d1[s3.c]/d2[s2.b]/d3[s1.a]/rk[p + 4], t0 );
    145. 

  145. 						split( d0[s1.d]/d1[s0.c]/d2[s3.b]/d3[s2.a]/rk[p + 5], t1 );
    146. 

  146. 						split( d0[s2.d]/d1[s1.c]/d2[s0.b]/d3[s3.a]/rk[p + 6], t2 );
    147. 

  147. 						split( d0[s3.d]/d1[s2.c]/d2[s1.b]/d3[s0.a]/rk[p + 7], t3 );
    148. 

  148. 						INC( p, 8 );  DEC( r );
    149. 

  149. 						IF r = 0 THEN  EXIT  END;
    150. 

  150. 						split( d0[t0.d]/d1[t3.c]/d2[t2.b]/d3[t1.a]/rk[p + 0], s0 );
    151. 

  151. 						split( d0[t1.d]/d1[t0.c]/d2[t3.b]/d3[t2.a]/rk[p + 1], s1 );
    152. 

  152. 						split( d0[t2.d]/d1[t1.c]/d2[t0.b]/d3[t3.a]/rk[p + 2], s2 );
    153. 

  153. 						split( d0[t3.d]/d1[t2.c]/d2[t1.b]/d3[t0.a]/rk[p + 3], s3 );
    154. 

  154. 					END;
    155. 

  155. 					b[0] := (d4[t0.d]*b3)/(d4[t3.c]*b2)/(d4[t2.b]*b1)/(d4[t1.a]*b0)/rk[p + 0];
    156. 

  156. 					b[1] := (d4[t1.d]*b3)/(d4[t0.c]*b2)/(d4[t3.b]*b1)/(d4[t2.a]*b0)/rk[p + 1];
    157. 

  157. 					b[2] := (d4[t2.d]*b3)/(d4[t1.c]*b2)/(d4[t0.b]*b1)/(d4[t3.a]*b0)/rk[p + 2];
    158. 

  158. 					b[3] := (d4[t3.d]*b3)/(d4[t2.c]*b2)/(d4[t1.b]*b1)/(d4[t0.a]*b0)/rk[p + 3];
    159. 

  159. 				END RoundD;
    160. 

  160. 				
    161. 

  161. 				PROCEDURE -split( s: SET;  VAR b: Ind4 );   (* split set into 4 indexes *)
    162. 

  162. 				BEGIN
    163. 

  163. 					b.a := S.VAL( LONGINT, s ) MOD 100H;
    164. 

  164. 					b.b := S.VAL( LONGINT, s ) DIV 100H MOD 100H;
    165. 

  165. 					b.c := S.VAL( LONGINT, s ) DIV 10000H MOD 100H;
    166. 

  166. 					b.d := S.VAL( LONGINT, s ) DIV 1000000H MOD 100H;
    167. 

  167. 				END split;
    168. 

  168. 

  169. 

  170. 				PROCEDURE Init128( VAR rk: RKeys;  CONST src: ARRAY OF CHAR ): SHORTINT;
    171. 

  171. 				VAR i, p: LONGINT;  ib: Ind4;
    172. 

  172. 				BEGIN
    173. 

  173. 					FOR i := 0 TO 3 DO  rk[i] := U.SetFromBufferBE( src, 4*i )  END;
    174. 

  174. 					p := 0;  i := 0;
    175. 

  175. 					LOOP
    176. 

  176. 						split( rk[p + 3], ib );
    177. 

  177. 						rk[p + 4] := rk[p] / (e4[ib.c]*b3) / (e4[ib.b]*b2) / (e4[ib.a]*b1) / (e4[ib.d]*b0) / rcon[i];
    178. 

  178. 						rk[p + 5] := rk[p + 1] / rk[p + 4];
    179. 

  179. 						rk[p + 6] := rk[p + 2] / rk[p + 5];
    180. 

  180. 						rk[p + 7] := rk[p + 3] / rk[p + 6];
    181. 

  181. 						INC( i );
    182. 

  182. 						IF i = 10 THEN  EXIT   END;
    183. 

  183. 						INC( p, 4 );
    184. 

  184. 					END;
    185. 

  185. 					RETURN 10
    186. 

  186. 				END Init128;
    187. 

  187. 				
    188. 

  188. 				PROCEDURE Init192( VAR rk: RKeys;  CONST src: ARRAY OF CHAR ): SHORTINT;
    189. 

  189. 				VAR i, p: LONGINT;  ib: Ind4;
    190. 

  190. 				BEGIN
    191. 

  191. 					FOR i := 0 TO 5 DO  rk[i] := U.SetFromBufferBE( src, 4*i )  END;
    192. 

  192. 					p := 0;  i := 0;
    193. 

  193. 					LOOP
    194. 

  194. 						split( rk[p + 5], ib );
    195. 

  195. 						rk[p + 6] := rk[p] / (e4[ib.c]*b3) / (e4[ib.b]*b2) / (e4[ib.a]*b1) / (e4[ib.d]*b0) / rcon[i];
    196. 

  196. 						rk[p + 7] := rk[p + 1] / rk[p + 6];
    197. 

  197. 						rk[p + 8] := rk[p + 2] / rk[p + 7];
    198. 

  198. 						rk[p + 9] := rk[p + 3] / rk[p + 8];
    199. 

  199. 						INC( i );
    200. 

  200. 						IF i = 8 THEN  EXIT   END;
    201. 

  201. 						rk[p + 10] := rk[p + 4] / rk[p + 9];
    202. 

  202. 						rk[p + 11] := rk[p + 5] / rk[p + 10];
    203. 

  203. 						INC( p, 6 );
    204. 

  204. 					END;
    205. 

  205. 					RETURN 12
    206. 

  206. 				END Init192;
    207. 

  207. 	
    208. 

  208. 				PROCEDURE Init256( VAR rk: RKeys;  CONST src: ARRAY OF CHAR ): SHORTINT;
    209. 

  209. 				VAR i, p: LONGINT;  ib: Ind4;
    210. 

  210. 				BEGIN
    211. 

  211. 					FOR i := 0 TO 7 DO  rk[i] := U.SetFromBufferBE( src, 4*i )  END;
    212. 

  212. 					p := 0;  i := 0;
    213. 

  213. 					LOOP
    214. 

  214. 						split( rk[p + 7], ib );
    215. 

  215. 						rk[p +   8] := rk[p] / (e4[ib.c]*b3) / (e4[ib.b]*b2) / (e4[ib.a]*b1) / (e4[ib.d]*b0) / rcon[i];
    216. 

  216. 						rk[p +   9] := rk[p + 1] / rk[p + 8];
    217. 

  217. 						rk[p + 10] := rk[p + 2] / rk[p + 9];
    218. 

  218. 						rk[p + 11] := rk[p + 3] / rk[p + 10];
    219. 

  219. 						INC( i );
    220. 

  220. 						IF i = 7 THEN  EXIT   END;
    221. 

  221. 						split( rk[p + 11], ib );
    222. 

  222. 						rk[p + 12] := rk[p + 4] / (e4[ib.d]*b3) / (e4[ib.c]*b2) / (e4[ib.b]*b1) / (e4[ib.a]*b0);
    223. 

  223. 						rk[p + 13] := rk[p + 5] / rk[p + 12];
    224. 

  224. 						rk[p + 14] := rk[p + 6] / rk[p + 13];
    225. 

  225. 						rk[p + 15] := rk[p + 7] / rk[p + 14];
    226. 

  226. 						INC( p, 8 );
    227. 

  227. 					END;
    228. 

  228. 					RETURN 14
    229. 

  229. 				END Init256;
    230. 

  230. 	
    231. 

  231. 				PROCEDURE Invert( VAR rk: RKeys;  rounds: SHORTINT );
    232. 

  232. 				VAR i, j, k, p: LONGINT;  t: SET;  ib: Ind4;
    233. 

  233. 				
    234. 

  234. 					PROCEDURE ind( s: SET ): LONGINT;   (* extract index byte 0 *)
    235. 

  235. 					BEGIN
    236. 

  236. 						RETURN S.VAL( LONGINT, s ) MOD 100H
    237. 

  237. 					END ind;
    238. 

  238. 					
    239. 

  239. 				BEGIN
    240. 

  240. 					(* invert the order of the round keys: *)
    241. 

  241. 					i := 0;  j := 4*rounds;
    242. 

  242. 					WHILE i < j DO
    243. 

  243. 						FOR k := 0 TO 3 DO  t := rk[i + k];  rk[i + k] := rk[j + k];  rk[j + k] := t  END;
    244. 

  244. 						INC( i, 4 );  DEC( j, 4 );
    245. 

  245. 					END;
    246. 

  246. 					(* apply the inverse MixColumn transform to all round keys but the first and the last: *)
    247. 

  247. 					FOR i := 1 TO rounds - 1 DO
    248. 

  248. 						FOR j := 0 TO 3 DO
    249. 

  249. 							p := 4*i + j;  
    250. 

  250. 							split( rk[p], ib );
    251. 

  251. 							rk[p] := d0[ind( e4[ib.d] )] / d1[ind( e4[ib.c] )] / d2[ind( e4[ib.b] )] / d3[ind( e4[ib.a] )];
    252. 

  252. 						END
    253. 

  253. 					END;
    254. 

  254. 				END Invert;
    255. 

  255. 	
    256. 

  256. 	
    257. 

  257. 				PROCEDURE & Init*;
    258. 

  258. 				BEGIN
    259. 

  259. 					SetNameAndBlocksize( "aes", 16 )
    260. 

  260. 				END Init;
    261. 

  261. 

  262. 			END Cipher;
    263. 

  263. 

  264. 	PROCEDURE NewCipher*(): Ciphers.Cipher;
    265. 

  265. 	VAR cipher: Cipher;
    266. 

  266. 	BEGIN
    267. 

  267. 		NEW( cipher );  RETURN cipher
    268. 

  268. 	END NewCipher;
    269. 

  269. 

  270. (*-------------------------------------------------------------------------------*)
    271. 

  271. 	
    272. 

  272. 	
    273. 

  273. TYPE
    274. 

  274. 	ConstBuffer = OBJECT
    275. 

  275. 		VAR 
    276. 

  276. 			buf: ARRAY 2048 OF CHAR;  ib: LONGINT;
    277. 

  277. 		
    278. 

  278. 			PROCEDURE & Initialize;
    279. 

  279. 			BEGIN
    280. 

  280. 				ib := 0;
    281. 

  281. 			END Initialize;
    282. 

  282. 			
    283. 

  283. 			PROCEDURE Append( CONST str: ARRAY OF CHAR );
    284. 

  284. 			VAR i: LONGINT;  c: CHAR;
    285. 

  285. 			BEGIN
    286. 

  286. 				i := 0;
    287. 

  287. 				REPEAT  c := str[i];  buf[ib] := c;  INC( i );  INC( ib )  UNTIL c = 0X;
    288. 

  288. 				buf[ib - 1] := ' '
    289. 

  289. 			END Append;
    290. 

  290. 		
    291. 

  291. 			PROCEDURE GetInt( ): LONGINT;
    292. 

  292. 			VAR x: LONGINT;  c: CHAR;
    293. 

  293. 			BEGIN
    294. 

  294. 				WHILE buf[ib] <= ' ' DO  INC( ib )  END;
    295. 

  295. 				x := 0;  c := buf[ib];  INC( ib );
    296. 

  296. 				WHILE c > ' ' DO  x := 10*x + (ORD( c ) - 48);  c := buf[ib];  INC( ib )  END;
    297. 

  297. 				RETURN x
    298. 

  298. 			END GetInt;
    299. 

  299. 			
    300. 

  300. 		END ConstBuffer;
    301. 

  301. 

  302. 

  303. 	PROCEDURE Initialize;
    304. 

  304. 	VAR i, v1, i2, i4, i8, i9, ib, id, ie, v2, v3, t: LONGINT;
    305. 

  305. 		buffer: ConstBuffer;
    306. 

  306. 

  307. 		PROCEDURE xor( a, b: LONGINT ): LONGINT;
    308. 

  308. 		BEGIN
    309. 

  309. 			RETURN S.VAL( LONGINT, S.VAL( SET, a ) / S.VAL( SET, b ) )
    310. 

  310. 		END xor;
    311. 

  311. 		
    312. 

  312. 		PROCEDURE f1( x: LONGINT ): LONGINT;
    313. 

  313. 		VAR y: LONGINT;
    314. 

  314. 		BEGIN
    315. 

  315. 			y := 2*x;
    316. 

  316. 			IF y < 256 THEN  RETURN y  ELSE  RETURN xor( y, 11BH )  END
    317. 

  317. 		END f1;
    318. 

  318. 

  319. 	BEGIN
    320. 

  320. 		NEW( buffer );
    321. 

  321. 		buffer.Append( " 99 124 119 123 242 107 111 197  48   1 103  43 254 215 171 118 " );
    322. 

  322. 		buffer.Append( "202 130 201 125 250  89  71 240 173 212 162 175 156 164 114 192 " );
    323. 

  323. 		buffer.Append( "183 253 147  38  54  63 247 204  52 165 229 241 113 216  49  21 " );
    324. 

  324. 		buffer.Append( "  4 199  35 195  24 150   5 154   7  18 128 226 235  39 178 117 " );
    325. 

  325. 		buffer.Append( "  9 131  44  26  27 110  90 160  82  59 214 179  41 227  47 132 " );
    326. 

  326. 		buffer.Append( " 83 209   0 237  32 252 177  91 106 203 190  57  74  76  88 207 " );
    327. 

  327. 		buffer.Append( "208 239 170 251  67  77  51 133  69 249   2 127  80  60 159 168 " );
    328. 

  328. 		buffer.Append( " 81 163  64 143 146 157  56 245 188 182 218  33  16 255 243 210 " );
    329. 

  329. 		buffer.Append( "205  12  19 236  95 151  68  23 196 167 126  61 100  93  25 115 " );
    330. 

  330. 		buffer.Append( " 96 129  79 220  34  42 144 136  70 238 184  20 222  94  11 219 " );
    331. 

  331. 		buffer.Append( "224  50  58  10  73   6  36  92 194 211 172  98 145 149 228 121 " );
    332. 

  332. 		buffer.Append( "231 200  55 109 141 213  78 169 108  86 244 234 101 122 174   8 " );
    333. 

  333. 		buffer.Append( "186 120  37  46  28 166 180 198 232 221 116  31  75 189 139 138 " );
    334. 

  334. 		buffer.Append( "112  62 181 102  72   3 246  14  97  53  87 185 134 193  29 158 " );
    335. 

  335. 		buffer.Append( "225 248 152  17 105 217 142 148 155  30 135 233 206  85  40 223 " );
    336. 

  336. 		buffer.Append( "140 161 137  13 191 230  66 104  65 153  45  15 176  84 187  22 " );
    337. 

  337. 		
    338. 

  338. 		buffer.Initialize;
    339. 

  339. 		FOR i := 0 TO 255 DO
    340. 

  340. 			v1 := buffer.GetInt();  v2 := f1( v1 );  v3 := xor( v2, v1);
    341. 

  341. 			i2 := f1( i );  i4 := f1( i2 );  i8 := f1( i4 );  i9 := xor( i8, i);  
    342. 

  342. 			ib := xor( i9, i2 );  id := xor( i9, i4 );  ie := xor( i8, xor( i4, i2 ) );
    343. 

  343. 

  344. 			e0[i] := S.VAL( SET, ASH( v2, 24 ) + ASH( v1, 16 ) + ASH( v1, 8 ) + v3 );
    345. 

  345. 			e1[i] := S.VAL( SET, ASH( v3, 24 ) + ASH( v2, 16 ) + ASH( v1, 8 ) + v1 );
    346. 

  346. 			e2[i] := S.VAL( SET, ASH( v1, 24 ) + ASH( v3, 16 ) + ASH( v2, 8 ) + v1 );
    347. 

  347. 			e3[i] := S.VAL( SET, ASH( v1, 24 ) + ASH( v1, 16 ) + ASH( v3, 8 ) + v2 );
    348. 

  348. 			e4[i] := S.VAL( SET, ASH( v1, 24 ) + ASH( v1, 16 ) + ASH( v1, 8 ) + v1 );
    349. 

  349. 

  350. 			d0[v1] := S.VAL( SET, ASH( ie, 24 ) + ASH( i9, 16 ) + ASH( id, 8 ) + ib );
    351. 

  351. 			d1[v1] := S.VAL( SET, ASH( ib, 24 ) + ASH( ie, 16 ) + ASH( i9, 8 ) + id );
    352. 

  352. 			d2[v1] := S.VAL( SET, ASH( id, 24 ) + ASH( ib, 16 ) + ASH( ie, 8 ) + i9 );
    353. 

  353. 			d3[v1] := S.VAL( SET, ASH( i9, 24 ) + ASH( id, 16 ) + ASH( ib, 8 ) + ie );
    354. 

  354. 			d4[v1] := S.VAL( SET, ASH(  i,  24 ) + ASH(  i, 16 ) + ASH(  i, 8 ) + i );
    355. 

  355. 		END;
    356. 

  356. 		t := 1;
    357. 

  357. 		FOR i := 0 TO 9 DO
    358. 

  358. 			rcon[i] := S.VAL( SET, ASH( t, 24 ) );
    359. 

  359. 			t := f1( t );
    360. 

  360. 		END;
    361. 

  361. 	END Initialize;
    362. 

  362. 

  363. 

  364. BEGIN
    365. 

  365. 	Initialize;
    366. 

  366. END CryptoAES.
    367.