RubyGems - ruby-aes-table2 - Versions diffs - 1.0 - Mend

ruby-aes-table2 1.0

Files changed (34) hide show

data/CHANGELOG +6 -0
data/COPYING +20 -0
data/README +77 -0
data/Rakefile +154 -0
data/doc/rdoc/classes/Aes.html +494 -0
data/doc/rdoc/classes/AesAlg.html +740 -0
data/doc/rdoc/classes/AesCons.html +198 -0
data/doc/rdoc/created.rid +1 -0
data/doc/rdoc/files/CHANGELOG.html +117 -0
data/doc/rdoc/files/COPYING.html +129 -0
data/doc/rdoc/files/README.html +235 -0
data/doc/rdoc/files/lib/ruby-aes/aes_alg_rb.html +108 -0
data/doc/rdoc/files/lib/ruby-aes/aes_cons_rb.html +101 -0
data/doc/rdoc/files/lib/ruby-aes_rb.html +108 -0
data/doc/rdoc/fr_class_index.html +29 -0
data/doc/rdoc/fr_file_index.html +32 -0
data/doc/rdoc/fr_method_index.html +52 -0
data/doc/rdoc/index.html +24 -0
data/doc/rdoc/rdoc-style.css +208 -0
data/examples/encrypt_block.rb +22 -0
data/examples/encrypt_buffer.rb +24 -0
data/examples/encrypt_stream.rb +39 -0
data/examples/example_helper.rb +27 -0
data/lib/ruby-aes.rb +162 -0
data/lib/ruby-aes/aes_alg.rb +372 -0
data/lib/ruby-aes/aes_cons.rb +751 -0
data/test/KAT_MCT/aes_kat_mct.rb +386 -0
data/test/KAT_MCT/rijndael-vals.zip +0 -0
data/test/KAT_MCT/table.128 +128 -0
data/test/KAT_MCT/table.192 +128 -0
data/test/KAT_MCT/table.256 +128 -0
data/test/test_helper.rb +14 -0
data/test/test_ruby-aes.rb +113 -0
metadata +98 -0

data/lib/ruby-aes.rb ADDED Viewed

@@ -0,0 +1,162 @@
+=begin
+    This file is a part of ruby-aes <http://rubyforge.org/projects/ruby-aes>
+    Written by Alex Boussinet <alex.boussinet@gmail.com>
+==Valid modes are:
+    * ECB (Electronic Code Book)
+    * CBC (Cipher Block Chaining)
+    * OFB (Output Feedback)
+    * CFB (Cipher Feedback)
+==Valid key length:
+    * 128 bits
+    * 192 bits
+    * 256 bits
+==API calls:
+    Default key_length: 128
+    Default mode: 'ECB'
+    Default IV: 16 null chars ("00" * 16 in hex format)
+    Default key: 16 null chars ("00" * 16 in hex format)
+    Default input text: "PLAINTEXT"
+    Aes.check_key(key_string, key_length)
+    Aes.check_iv(iv_string)
+    Aes.check_kl(key_length)
+    Aes.check_mode(mode)
+    Aes.init(key_length, mode, key, iv)
+    Aes.encrypt_block(key_length, mode, key, iv, block) # no padding
+    Aes.decrypt_block(key_length, mode, key, iv, block) # no padding
+    Aes.encrypt_buffer(key_length, mode, key, iv, block) # padding
+    Aes.decrypt_buffer(key_length, mode, key, iv, block) # padding
+    Aes.encrypt_stream(key_length, mode, key, iv, sin, sout)
+    Aes.decrypt_stream(key_length, mode, key, iv, sin, sout)
+    Aes.bs() # block size for read operations (stream)
+    Aes.bs=(bs)
+=end
+module Aes
+    require 'ruby-aes/aes_alg'
+    @@aes = nil
+    @@bs = 4096
+    def Aes.bs(); return @@bs end
+    def Aes.bs=(bs); @@bs = bs.to_i; @@bs==0 ? 4096 : @@bs = @@bs - @@bs%16 end
+    def Aes.check_key(key_string, kl = 128)
+        kl = Aes.check_kl(kl)
+        k = key_string.length
+        raise "Bad key string or bad key length" if (k != kl/8) && (k != kl/4)
+        hex = (key_string =~ /[a-f0-9A-F]{#{k}}/) == 0 && (k == kl/4)
+        bin = ! hex
+        if ! (([32, 48, 64].include?(k) && hex) ||
+           ([16, 24, 32].include?(k) && bin))
+            raise "Bad key string"
+        end
+        hex ? [key_string].pack("H*") : key_string
+    end
+    def Aes.check_iv(iv_string)
+        k = iv_string.length
+        hex = (iv_string =~ /[a-f0-9A-F]{#{k}}/) == 0
+        bin = ! hex
+        if k == 32 && hex
+            return [iv_string].pack("H*")
+        elsif k == 16 && bin
+            return iv_string
+        else
+            raise "Bad IV string"
+        end
+    end
+    def Aes.check_mode (mode)
+        case mode
+        when 'ECB', 'CBC', 'OFB', 'CFB'
+        else raise "Bad cipher mode"
+        end
+        mode
+    end
+    def Aes.check_kl(key_length)
+        case key_length
+        when 128, 192, 256
+        else raise "Bad key length"
+        end
+        key_length
+    end
+    def Aes.init(keyl, mode, key, iv)
+        unless @@aes
+            @@aes = AesAlg.new(Aes.check_kl(keyl), Aes.check_mode(mode),
+                               Aes.check_key(key, keyl), iv ? Aes.check_iv(iv) : nil)
+        else
+            @@aes.init(Aes.check_kl(keyl), Aes.check_mode(mode),
+                       Aes.check_key(key, keyl), iv ? Aes.check_iv(iv) : nil)
+        end
+    end
+    def Aes.encrypt_block(keyl, mode, key, iv, block = "DEFAULT PLAINTXT")
+        raise "Bad Block size" if block.length < 16 || block.length > 16
+        Aes.init(keyl, mode, key, iv)
+        @@aes.encrypt_block(block)
+    end
+    def Aes.decrypt_block(keyl, mode, key, iv, block = "DEFAULT PLAINTXT")
+        Aes.init(keyl, mode, key, iv)
+        @@aes.decrypt_block(block)
+    end
+    def Aes.encrypt_buffer(keyl, mode, key, iv, buffer = "PLAINTEXT")
+        Aes.init(keyl, mode, key, iv)
+        @@aes.encrypt_buffer(buffer)
+    end
+    def Aes.decrypt_buffer(keyl, mode, key, iv, buffer = "DEFAULT PLAINTXT")
+        raise "Bad Block size" if buffer.length < 16
+        Aes.init(keyl, mode, key, iv)
+        @@aes.decrypt_buffer(buffer)
+    end
+    def Aes.encrypt_stream(keyl, mode, key, iv, sin = STDIN, sout = STDOUT)
+        Aes.init(keyl, mode, key, iv)
+        case sout
+        when String, Array, IO
+        else
+            raise "Bad output stream (String, Array, IO)"
+        end
+        case sin
+        when String
+            sout << @@aes.encrypt_buffer(sin)
+        when IO
+            while buf = sin.read(@@bs)
+                sout << ((buf.length % 16).zero? ? @@aes.encrypt_blocks(buf) :
+                         @@aes.encrypt_buffer(buf))
+            end
+        else
+            raise "Bad input stream (String, IO)"
+        end
+    end
+    def Aes.decrypt_stream(keyl, mode, key, iv, sin = STDIN, sout = STDOUT)
+        Aes.init(keyl, mode, key, iv)
+        case sout
+        when String, Array, IO
+        else
+            raise "Bad output stream (String, Array, IO)"
+        end
+        case sin
+        when String
+            sout << @@aes.decrypt_buffer(sin)
+        when IO
+            while buf = sin.read(@@bs)
+                sout << (sin.eof? ? @@aes.decrypt_buffer(buf) :
+                         @@aes.decrypt_blocks(buf))
+            end
+        else
+            raise "Bad input stream (String, IO)"
+        end
+    end
+end # end Aes

data/lib/ruby-aes/aes_alg.rb ADDED Viewed

@@ -0,0 +1,372 @@
+=begin
+    This file is a part of ruby-aes <http://rubyforge.org/projects/ruby-aes>
+    Written by Alex Boussinet <alex.boussinet@gmail.com>
+    This version is derived from the Optimised ANSI C code
+    Authors of C version:
+        Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+        Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+        Paulo Barreto <paulo.barreto@terra.com.br>
+Added:
+    Table look up improvements
+=end
+require 'ruby-aes/aes_cons'
+class AesAlg
+    include AesCons
+    def encryption_key_schedule(key)
+        i = 0
+        @ek = []
+        @ek[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3]
+        @ek[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7]
+        @ek[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11]
+        @ek[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]
+        if @kl == 128
+            j = 0
+            loop do
+                temp  = @ek[3+j]
+                @ek[4+j] = @ek[0+j] ^
+                (S3[(temp >> 16) & 0xff]) ^
+                (S2[(temp >>  8) & 0xff]) ^
+                (S1[(temp) & 0xff]) ^
+                (S0[(temp >> 24)]) ^ RCON[i]
+                @ek[5+j] = @ek[1+j] ^ @ek[4+j]
+                @ek[6+j] = @ek[2+j] ^ @ek[5+j]
+                @ek[7+j] = @ek[3+j] ^ @ek[6+j]
+                i += 1
+                return if (i == 10)
+                j += 4
+            end
+        end
+        @ek[4] = key[16] << 24 | key[17] << 16 | key[18] << 8 | key[19]
+        @ek[5] = key[20] << 24 | key[21] << 16 | key[22] << 8 | key[23]
+        if (@kl == 192)
+            j = 0
+            loop do
+                temp = @ek[ 5+j]
+                @ek[ 6+j] = @ek[ 0+j] ^
+                (S3[(temp >> 16) & 0xff]) ^
+                (S2[(temp >>  8) & 0xff]) ^
+                (S1[(temp) & 0xff]) ^
+                (S0[(temp >> 24)]) ^ RCON[i]
+                @ek[ 7+j] = @ek[ 1+j] ^ @ek[ 6+j]
+                @ek[ 8+j] = @ek[ 2+j] ^ @ek[ 7+j]
+                @ek[ 9+j] = @ek[ 3+j] ^ @ek[ 8+j]
+                i += 1
+                return if (i == 8)
+                @ek[10+j] = @ek[ 4+j] ^ @ek[ 9+j]
+                @ek[11+j] = @ek[ 5+j] ^ @ek[10+j]
+                j += 6
+            end
+        end
+        @ek[6] = key[24] << 24 | key[25] << 16 | key[26] << 8 | key[27]
+        @ek[7] = key[28] << 24 | key[29] << 16 | key[30] << 8 | key[31]
+        if (@kl == 256)
+            j = 0
+            loop do
+                temp = @ek[ 7+j]
+                @ek[ 8+j] = @ek[ 0+j] ^
+                (S3[(temp >> 16) & 0xff]) ^
+                (S2[(temp >>  8) & 0xff]) ^
+                (S1[(temp) & 0xff]) ^
+                (S0[(temp >> 24)]) ^ RCON[i]
+                @ek[ 9+j] = @ek[ 1+j] ^ @ek[ 8+j]
+                @ek[10+j] = @ek[ 2+j] ^ @ek[ 9+j]
+                @ek[11+j] = @ek[ 3+j] ^ @ek[10+j]
+                i += 1
+                return if (i == 7)
+                temp = @ek[11+j]
+                @ek[12+j] = @ek[ 4+j] ^
+                (S3[(temp >> 24)]) ^
+                (S2[(temp >> 16) & 0xff]) ^
+                (S1[(temp >>  8) & 0xff]) ^
+                (S0[(temp) & 0xff])
+                @ek[13+j] = @ek[ 5+j] ^ @ek[12+j]
+                @ek[14+j] = @ek[ 6+j] ^ @ek[13+j]
+                @ek[15+j] = @ek[ 7+j] ^ @ek[14+j]
+                j += 8
+            end
+        end
+    end
+    protected :encryption_key_schedule
+    def decryption_key_schedule(key)
+        # expand the cipher key:
+        encryption_key_schedule(key)
+        @dk = @ek.dup
+        # invert the order of the round keys:
+        j = 4 * @nr
+        i = 0
+        loop do
+            break if i >= j
+            temp = @dk[i]
+            @dk[i] = @dk[j]
+            @dk[j] = temp
+            temp = @dk[i + 1]
+            @dk[i + 1] = @dk[j + 1]
+            @dk[j + 1] = temp
+            temp = @dk[i + 2]
+            @dk[i + 2] = @dk[j + 2]
+            @dk[j + 2] = temp
+            temp = @dk[i + 3]
+            @dk[i + 3] = @dk[j + 3]
+            @dk[j + 3] = temp
+            i += 4
+            j -= 4
+        end
+        # apply the inverse MixColumn transform
+        # to all round keys but the first and the last:
+        j = 0
+        1.upto(@nr-1) do |i|
+            j += 4
+            w0= @dk[j]
+            w1 = @dk[j+1]
+            w2 = @dk[j+2]
+            w3 = @dk[j+3]
+            @dk[0+j] =
+                Td0[S0[(w0 >> 24)] ]^
+            Td1[S0[(w0 >> 16) & 0xff] ] ^
+            Td2[S0[(w0 >>  8) & 0xff] ] ^
+            Td3[S0[(w0) & 0xff] ]
+            @dk[1+j] =
+                Td0[S0[(w1 >> 24)] ] ^
+            Td1[S0[(w1 >> 16) & 0xff] ] ^
+            Td2[S0[(w1 >>  8) & 0xff] ] ^
+            Td3[S0[(w1) & 0xff] ]
+            @dk[2+j] =
+                Td0[S0[(w2 >> 24)] ] ^
+            Td1[S0[(w2 >> 16) & 0xff] ] ^
+            Td2[S0[(w2 >>  8) & 0xff] ] ^
+            Td3[S0[(w2) & 0xff] ]
+            @dk[3+j] =
+                Td0[S0[(w3 >> 24)] ] ^
+            Td1[S0[(w3 >> 16) & 0xff] ] ^
+            Td2[S0[(w3 >>  8) & 0xff] ] ^
+            Td3[S0[(w3) & 0xff] ]
+        end
+    end
+    protected :decryption_key_schedule
+    def _encrypt_block(pt)
+        t0 = t1 = t2 = t3 = nil
+        # map byte array block to cipher state and add initial round key:
+        s0 = (pt[ 0] << 24 | pt[ 1] << 16 | pt[ 2] << 8 | pt[ 3]) ^ @ek[0]
+        s1 = (pt[ 4] << 24 | pt[ 5] << 16 | pt[ 6] << 8 | pt[ 7]) ^ @ek[1]
+        s2 = (pt[ 8] << 24 | pt[ 9] << 16 | pt[10] << 8 | pt[11]) ^ @ek[2]
+        s3 = (pt[12] << 24 | pt[13] << 16 | pt[14] << 8 | pt[15]) ^ @ek[3]
+        r = @nr >> 1
+        j = 0
+        loop {
+            t0 = Te0[(s0 >> 24)       ] ^ Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^ Te3[(s3      ) & 0xff] ^ @ek[4+j]
+            t1 = Te0[(s1 >> 24)       ] ^ Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^ Te3[(s0      ) & 0xff] ^ @ek[5+j]
+            t2 = Te0[(s2 >> 24)       ] ^ Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^ Te3[(s1      ) & 0xff] ^ @ek[6+j]
+            t3 = Te0[(s3 >> 24)       ] ^ Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^ Te3[(s2      ) & 0xff] ^ @ek[7+j]
+            j += 8
+            r -= 1
+            break if r == 0
+            s0 = Te0[(t0 >> 24)       ] ^ Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^ Te3[(t3      ) & 0xff] ^ @ek[0+j]
+            s1 = Te0[(t1 >> 24)       ] ^ Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^ Te3[(t0      ) & 0xff] ^ @ek[1+j]
+            s2 = Te0[(t2 >> 24)       ] ^ Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^ Te3[(t1      ) & 0xff] ^ @ek[2+j]
+            s3 = Te0[(t3 >> 24)       ] ^ Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^ Te3[(t2      ) & 0xff] ^ @ek[3+j]
+        }
+        # apply last round and map cipher state to byte array block:
+        s0 = (S3[(t0>>24)]) ^ (S2[(t1>>16)&0xff]) ^
+        (S1[(t2>>8)&0xff]) ^ (S0[(t3)&0xff]) ^ @ek[0+j]
+        s1 = (S3[(t1>>24)]) ^ (S2[(t2>>16)&0xff]) ^
+        (S1[(t3>>8)&0xff]) ^ (S0[(t0)&0xff]) ^ @ek[1+j]
+        s2 = (S3[(t2>>24)]) ^ (S2[(t3>>16)&0xff]) ^
+        (S1[(t0>>8)&0xff]) ^ (S0[(t1)&0xff]) ^ @ek[2+j]
+        s3 = (S3[(t3>>24)]) ^ (S2[(t0>>16)&0xff]) ^
+        (S1[(t1>>8)&0xff]) ^ (S0[(t2)&0xff]) ^ @ek[3+j]
+        [("%08x%08x%08x%08x" % [s0, s1, s2, s3])].pack("H*")
+    end
+    protected :_encrypt_block
+    def _decrypt_block(ct)
+        t0 = t1 = t2 = t3 = nil
+        # map byte array block to cipher state and add initial round key:
+        s0 = (ct[ 0] << 24 | ct[ 1] << 16 | ct[ 2] << 8 | ct[ 3]) ^ @dk[0]
+        s1 = (ct[ 4] << 24 | ct[ 5] << 16 | ct[ 6] << 8 | ct[ 7]) ^ @dk[1]
+        s2 = (ct[ 8] << 24 | ct[ 9] << 16 | ct[10] << 8 | ct[11]) ^ @dk[2]
+        s3 = (ct[12] << 24 | ct[13] << 16 | ct[14] << 8 | ct[15]) ^ @dk[3]
+        r = @nr >> 1
+        j = 0
+        loop {
+            t0 = Td0[(s0 >> 24)       ] ^ Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^ Td3[(s1         ) & 0xff] ^ @dk[4+j]
+            t1 = Td0[(s1 >> 24)       ] ^ Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^ Td3[(s2         ) & 0xff] ^ @dk[5+j]
+            t2 = Td0[(s2 >> 24)       ] ^ Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^ Td3[(s3         ) & 0xff] ^ @dk[6+j]
+            t3 = Td0[(s3 >> 24)       ] ^ Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^ Td3[(s0         ) & 0xff] ^ @dk[7+j]
+            j += 8
+            r -= 1
+            break if r == 0
+            s0 = Td0[(t0 >> 24)       ] ^ Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^ Td3[(t1      ) & 0xff] ^ @dk[0+j]
+            s1 = Td0[(t1 >> 24)       ] ^ Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^ Td3[(t2      ) & 0xff] ^ @dk[1+j]
+            s2 = Td0[(t2 >> 24)       ] ^ Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^ Td3[(t3      ) & 0xff] ^ @dk[2+j]
+            s3 = Td0[(t3 >> 24)       ] ^ Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^ Td3[(t0      ) & 0xff] ^ @dk[3+j]
+        }
+        # apply last round and map cipher state to byte array block:
+        s0 = (Si3[(t0>>24)]) ^ (Si2[(t3>>16)&0xff]) ^
+        (Si1[(t2>>8)&0xff]) ^ (Si0[(t1)&0xff]) ^ @dk[0+j]
+        s1 = (Si3[(t1>>24)]) ^ (Si2[(t0>>16)&0xff]) ^
+        (Si1[(t3>>8)&0xff]) ^ (Si0[(t2)&0xff]) ^ @dk[1+j]
+        s2 = (Si3[(t2>>24)]) ^ (Si2[(t1>>16)&0xff]) ^
+        (Si1[(t0>>8)&0xff]) ^ (Si0[(t3)&0xff]) ^ @dk[2+j]
+        s3 = (Si3[(t3>>24)]) ^ (Si2[(t2>>16)&0xff]) ^
+        (Si1[(t1>>8)&0xff]) ^ (Si0[(t0)&0xff]) ^ @dk[3+j]
+        [("%08x%08x%08x%08x" % [s0, s1, s2, s3])].pack("H*")
+    end
+    protected :_decrypt_block
+    def xor(a,b)
+        c = ""
+        16.times do |i|
+            c << (a[i] ^ b[i]).chr
+        end
+        c
+    end
+    protected :xor
+    def encrypt_block(block)
+        case @mode
+        when 'ECB'
+            _encrypt_block(block)
+        when 'CBC'
+            @iv = _encrypt_block(xor(block, @iv))
+        when 'OFB'
+            @iv = _encrypt_block(@iv)
+            xor(@iv, block)
+        when 'CFB'
+            @iv = xor(_encrypt_block(@iv), block)
+        end
+    end
+    def decrypt_block(block)
+        case @mode
+        when 'ECB'
+            _decrypt_block(block)
+        when 'CBC'
+            o = xor(_decrypt_block(block), @iv)
+            @iv = block
+            o
+        when 'OFB'
+            @iv = _encrypt_block(@iv)
+            xor(@iv, block)
+        when 'CFB'
+            o = xor(_encrypt_block(@iv), block)
+            @iv = block
+            o
+        end
+    end
+    def encrypt_blocks(buffer)
+        raise "Bad block length" unless (buffer.length % 16).zero?
+        ct = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                ct << encrypt_block(block)
+                block = ""
+            end
+        end
+    end
+    def decrypt_blocks(buffer)
+        raise "Bad block length" unless (buffer.length % 16).zero?
+        pt = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                pt << decrypt_block(block)
+                block = ""
+            end
+        end
+    end
+    def encrypt_buffer(buffer)
+        ct = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                ct << encrypt_block(block)
+                block = ""
+            end
+        end
+        m = 16 - block.length % 16
+        ct << (m == 16 ? 0 : encrypt_block(block << m.chr * m))
+    end
+    def decrypt_buffer(buffer)
+        pt = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                pt << decrypt_block(block)
+                block = ""
+            end
+        end
+        if block.length == 0
+            c = pt[-1]
+            c.chr * c == pt[-c..-1] ? pt[0..-(c+1)] : (raise "Bad Block Padding")
+        else
+            pt
+        end
+    end
+    def init(key_length, mode, key, iv = nil)
+        @nb = 4
+        @ek = []
+        @dk = []
+        @state = nil
+        @iv = "\000" * 16
+        @iv = iv if iv
+        case key_length
+        when 128
+            @nk = 4
+            @nr = 10
+        when 192
+            @nk = 6
+            @nr = 12
+        when 256
+            @nk = 8
+            @nr = 14
+        else
+            raise 'Bad Key length'
+        end
+        @kl = key_length
+        case mode
+        when 'ECB', 'CBC', 'OFB', 'CFB'
+            @mode = mode
+        else
+            raise 'Bad AES mode'
+        end
+        decryption_key_schedule(key)
+    end
+    def initialize(key_length, mode, key, iv = nil)
+        init(key_length, mode, key, iv)
+    end
+end # AesAlg