RubyGems - ruby-aes-unroll1 - Versions diffs - 1.0 - Mend

ruby-aes-unroll1 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

data/CHANGELOG +6 -0
data/COPYING +20 -0
data/README +77 -0
data/Rakefile +154 -0
data/doc/rdoc/classes/Aes.html +494 -0
data/doc/rdoc/classes/AesAlg.html +972 -0
data/doc/rdoc/classes/AesCons.html +168 -0
data/doc/rdoc/created.rid +1 -0
data/doc/rdoc/files/CHANGELOG.html +117 -0
data/doc/rdoc/files/COPYING.html +129 -0
data/doc/rdoc/files/README.html +235 -0
data/doc/rdoc/files/lib/ruby-aes/aes_alg_rb.html +108 -0
data/doc/rdoc/files/lib/ruby-aes/aes_cons_rb.html +101 -0
data/doc/rdoc/files/lib/ruby-aes_rb.html +108 -0
data/doc/rdoc/fr_class_index.html +29 -0
data/doc/rdoc/fr_file_index.html +32 -0
data/doc/rdoc/fr_method_index.html +52 -0
data/doc/rdoc/index.html +24 -0
data/doc/rdoc/rdoc-style.css +208 -0
data/examples/encrypt_block.rb +22 -0
data/examples/encrypt_buffer.rb +24 -0
data/examples/encrypt_stream.rb +39 -0
data/examples/example_helper.rb +27 -0
data/lib/ruby-aes/aes_alg.rb +602 -0
data/lib/ruby-aes/aes_cons.rb +478 -0
data/lib/ruby-aes.rb +162 -0
data/test/KAT_MCT/aes_kat_mct.rb +386 -0
data/test/KAT_MCT/rijndael-vals.zip +0 -0
data/test/KAT_MCT/table.128 +128 -0
data/test/KAT_MCT/table.192 +128 -0
data/test/KAT_MCT/table.256 +128 -0
data/test/test_helper.rb +14 -0
data/test/test_ruby-aes.rb +113 -0
metadata +98 -0

data/lib/ruby-aes/aes_alg.rb ADDED Viewed

@@ -0,0 +1,602 @@
+=begin
+    This file is a part of ruby-aes <http://rubyforge.org/projects/ruby-aes>
+    Written by Alex Boussinet <alex.boussinet@gmail.com>
+    This version is derived from the Optimised ANSI C code
+    Authors of C version:
+        Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+        Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+        Paulo Barreto <paulo.barreto@terra.com.br>
+    Loop unroll optimization
+=end
+require 'ruby-aes/aes_cons'
+class AesAlg
+    include AesCons
+    def encryption_key_schedule(key)
+        i = 0
+        @rk = []
+        @rk[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3]
+        @rk[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7]
+        @rk[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11]
+        @rk[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]
+        if @kl == 128
+            j = 0
+            loop do
+                temp  = @rk[3+j]
+                @rk[4+j] = @rk[0+j] ^
+                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te4[(temp >> 24)       ] & 0x000000ff) ^ RCON[i]
+                @rk[5+j] = @rk[1+j] ^ @rk[4+j]
+                @rk[6+j] = @rk[2+j] ^ @rk[5+j]
+                @rk[7+j] = @rk[3+j] ^ @rk[6+j]
+                i += 1
+                return if (i == 10)
+                j += 4
+            end
+        end
+        @rk[4] = key[16] << 24 | key[17] << 16 | key[18] << 8 | key[19]
+        @rk[5] = key[20] << 24 | key[21] << 16 | key[22] << 8 | key[23]
+        if (@kl == 192)
+            j = 0
+            loop do
+                temp = @rk[ 5+j]
+                @rk[ 6+j] = @rk[ 0+j] ^
+                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te4[(temp >> 24)       ] & 0x000000ff) ^ RCON[i]
+                @rk[ 7+j] = @rk[ 1+j] ^ @rk[ 6+j]
+                @rk[ 8+j] = @rk[ 2+j] ^ @rk[ 7+j]
+                @rk[ 9+j] = @rk[ 3+j] ^ @rk[ 8+j]
+                i += 1
+                return if (i == 8)
+                @rk[10+j] = @rk[ 4+j] ^ @rk[ 9+j]
+                @rk[11+j] = @rk[ 5+j] ^ @rk[10+j]
+                j += 6
+            end
+        end
+        @rk[6] = key[24] << 24 | key[25] << 16 | key[26] << 8 | key[27]
+        @rk[7] = key[28] << 24 | key[29] << 16 | key[30] << 8 | key[31]
+        if (@kl == 256)
+            j = 0
+            loop do
+                temp = @rk[ 7+j]
+                @rk[ 8+j] = @rk[ 0+j] ^
+                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te4[(temp >> 24)       ] & 0x000000ff) ^ RCON[i]
+                @rk[ 9+j] = @rk[ 1+j] ^ @rk[ 8+j]
+                @rk[10+j] = @rk[ 2+j] ^ @rk[ 9+j]
+                @rk[11+j] = @rk[ 3+j] ^ @rk[10+j]
+                i += 1
+                return if (i == 7)
+                temp = @rk[11+j]
+                @rk[12+j] = @rk[ 4+j] ^
+                (Te4[(temp >> 24)       ] & 0xff000000) ^
+                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(temp      ) & 0xff] & 0x000000ff)
+                @rk[13+j] = @rk[ 5+j] ^ @rk[12+j]
+                @rk[14+j] = @rk[ 6+j] ^ @rk[13+j]
+                @rk[15+j] = @rk[ 7+j] ^ @rk[14+j]
+                j += 8
+            end
+        end
+    end
+    protected :encryption_key_schedule
+    def decryption_key_schedule(key)
+        # expand the cipher key:
+        encryption_key_schedule(key)
+        @ek = @rk.dup
+        # invert the order of the round keys:
+        j = 4 * @nr
+        i = 0
+        loop do
+            break if i >= j
+            temp = @rk[i]
+            @rk[i] = @rk[j]
+            @rk[j] = temp
+            temp = @rk[i + 1]
+            @rk[i + 1] = @rk[j + 1]
+            @rk[j + 1] = temp
+            temp = @rk[i + 2]
+            @rk[i + 2] = @rk[j + 2]
+            @rk[j + 2] = temp
+            temp = @rk[i + 3]
+            @rk[i + 3] = @rk[j + 3]
+            @rk[j + 3] = temp
+            i += 4
+            j -= 4
+        end
+        # apply the inverse MixColumn transform
+        # to all round keys but the first and the last:
+        j = 0
+        1.upto(@nr-1) do |i|
+            j += 4
+            @rk[0+j] =
+                Td0[Te4[(@rk[0+j] >> 24)       ] & 0xff] ^
+            Td1[Te4[(@rk[0+j] >> 16) & 0xff] & 0xff] ^
+            Td2[Te4[(@rk[0+j] >>  8) & 0xff] & 0xff] ^
+            Td3[Te4[(@rk[0+j]      ) & 0xff] & 0xff]
+            @rk[1+j] =
+                Td0[Te4[(@rk[1+j] >> 24)       ] & 0xff] ^
+            Td1[Te4[(@rk[1+j] >> 16) & 0xff] & 0xff] ^
+            Td2[Te4[(@rk[1+j] >>  8) & 0xff] & 0xff] ^
+            Td3[Te4[(@rk[1+j]      ) & 0xff] & 0xff]
+            @rk[2+j] =
+                Td0[Te4[(@rk[2+j] >> 24)       ] & 0xff] ^
+            Td1[Te4[(@rk[2+j] >> 16) & 0xff] & 0xff] ^
+            Td2[Te4[(@rk[2+j] >>  8) & 0xff] & 0xff] ^
+            Td3[Te4[(@rk[2+j]      ) & 0xff] & 0xff]
+            @rk[3+j] =
+                Td0[Te4[(@rk[3+j] >> 24)       ] & 0xff] ^
+            Td1[Te4[(@rk[3+j] >> 16) & 0xff] & 0xff] ^
+            Td2[Te4[(@rk[3+j] >>  8) & 0xff] & 0xff] ^
+            Td3[Te4[(@rk[3+j]      ) & 0xff] & 0xff]
+        end
+    end
+    protected :decryption_key_schedule
+    def _encrypt_block(pt)
+        #
+        # map byte array block to cipher state and add initial round key:
+        #
+        s0 = (pt[ 0] << 24 | pt[ 1] << 16 | pt[ 2] << 8 | pt[ 3]) ^ @ek[0]
+        s1 = (pt[ 4] << 24 | pt[ 5] << 16 | pt[ 6] << 8 | pt[ 7]) ^ @ek[1]
+        s2 = (pt[ 8] << 24 | pt[ 9] << 16 | pt[10] << 8 | pt[11]) ^ @ek[2]
+        s3 = (pt[12] << 24 | pt[13] << 16 | pt[14] << 8 | pt[15]) ^ @ek[3]
+        # round 1:
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+        Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[ 4]
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+        Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[ 5]
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+        Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[ 6]
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+        Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[ 7]
+        # round 2:
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^
+        Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ @ek[ 8]
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^
+        Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ @ek[ 9]
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^
+        Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ @ek[10]
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^
+        Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ @ek[11]
+        # round 3:
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+        Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[12]
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+        Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[13]
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+        Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[14]
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+        Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[15]
+        # round 4:
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^
+        Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ @ek[16]
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^
+        Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ @ek[17]
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^
+        Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ @ek[18]
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^
+        Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ @ek[19]
+        # round 5:
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+        Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[20]
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+        Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[21]
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+        Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[22]
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+        Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[23]
+        # round 6:
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^
+        Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ @ek[24]
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^
+        Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ @ek[25]
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^
+        Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ @ek[26]
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^
+        Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ @ek[27]
+        # round 7:
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+        Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[28]
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+        Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[29]
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+        Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[30]
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+        Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[31]
+        # round 8:
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^
+        Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ @ek[32]
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^
+        Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ @ek[33]
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^
+        Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ @ek[34]
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^
+        Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ @ek[35]
+        # round 9:
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+        Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[36]
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+        Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[37]
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+        Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[38]
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+        Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[39]
+        if (@nr > 10)
+            # round 10:
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ @ek[40]
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ @ek[41]
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ @ek[42]
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ @ek[43]
+            # round 11:
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[44]
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[45]
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[46]
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[47]
+            if (@nr > 12)
+                # round 12:
+                s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^
+                Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ @ek[48]
+                s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^
+                Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ @ek[49]
+                s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^
+                Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ @ek[50]
+                s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^
+                Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ @ek[51]
+                # round 13:
+                t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^
+                Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ @ek[52]
+                t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^
+                Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ @ek[53]
+                t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^
+                Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ @ek[54]
+                t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^
+                Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ @ek[55]
+            end
+        end
+        j = @nr << 2
+        #
+        # apply last round and map cipher state to byte array block:
+        #
+        s0 =
+            (Te4[(t0 >> 24)       ] & 0xff000000) ^
+        (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te4[(t3      ) & 0xff] & 0x000000ff) ^
+        @ek[0+j]
+        s1 =
+            (Te4[(t1 >> 24)       ] & 0xff000000) ^
+        (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te4[(t0      ) & 0xff] & 0x000000ff) ^
+        @ek[1+j]
+        s2 =
+            (Te4[(t2 >> 24)       ] & 0xff000000) ^
+        (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te4[(t1      ) & 0xff] & 0x000000ff) ^
+        @ek[2+j]
+        s3 =
+            (Te4[(t3 >> 24)       ] & 0xff000000) ^
+        (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te4[(t2      ) & 0xff] & 0x000000ff) ^
+        @ek[3+j]
+        [("%08x%08x%08x%08x" % [s0, s1, s2, s3])].pack("H*")
+    end
+    protected :_encrypt_block
+    def _decrypt_block(ct)
+        #
+        # map byte array block to cipher state and add initial round key:
+        #
+        s0 = (ct[ 0] << 24 | ct[ 1] << 16 | ct[ 2] << 8 | ct[ 3]) ^ @rk[0]
+        s1 = (ct[ 4] << 24 | ct[ 5] << 16 | ct[ 6] << 8 | ct[ 7]) ^ @rk[1]
+        s2 = (ct[ 8] << 24 | ct[ 9] << 16 | ct[10] << 8 | ct[11]) ^ @rk[2]
+        s3 = (ct[12] << 24 | ct[13] << 16 | ct[14] << 8 | ct[15]) ^ @rk[3]
+        # round 1:
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+        Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[ 4]
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+        Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[ 5]
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+        Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[ 6]
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+        Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[ 7]
+        # round 2:
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^
+        Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ @rk[ 8]
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^
+        Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ @rk[ 9]
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^
+        Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ @rk[10]
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^
+        Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ @rk[11]
+        # round 3:
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+        Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[12]
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+        Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[13]
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+        Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[14]
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+        Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[15]
+        # round 4:
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^
+        Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ @rk[16]
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^
+        Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ @rk[17]
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^
+        Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ @rk[18]
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^
+        Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ @rk[19]
+        # round 5:
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+        Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[20]
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+        Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[21]
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+        Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[22]
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+        Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[23]
+        # round 6:
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^
+        Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ @rk[24]
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^
+        Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ @rk[25]
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^
+        Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ @rk[26]
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^
+        Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ @rk[27]
+        # round 7:
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+        Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[28]
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+        Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[29]
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+        Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[30]
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+        Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[31]
+        # round 8:
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^
+        Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ @rk[32]
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^
+        Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ @rk[33]
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^
+        Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ @rk[34]
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^
+        Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ @rk[35]
+        # round 9:
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+        Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[36]
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+        Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[37]
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+        Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[38]
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+        Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[39]
+        if (@nr > 10)
+            # round 10:
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ @rk[40]
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ @rk[41]
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ @rk[42]
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ @rk[43]
+            # round 11:
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[44]
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[45]
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[46]
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[47]
+            if (@nr > 12)
+                # round 12:
+                s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^
+                Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ @rk[48]
+                s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^
+                Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ @rk[49]
+                s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^
+                Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ @rk[50]
+                s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^
+                Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ @rk[51]
+                # round 13:
+                t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^
+                Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ @rk[52]
+                t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^
+                Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ @rk[53]
+                t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^
+                Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ @rk[54]
+                t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^
+                Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ @rk[55]
+            end
+        end
+        j = @nr << 2
+        #
+        # apply last round and map cipher state to byte array block:
+        #
+        s0 =
+            (Td4[(t0 >> 24)       ] & 0xff000000) ^
+        (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Td4[(t1      ) & 0xff] & 0x000000ff) ^
+        @rk[0+j]
+        s1 =
+            (Td4[(t1 >> 24)       ] & 0xff000000) ^
+        (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Td4[(t2      ) & 0xff] & 0x000000ff) ^
+        @rk[1+j]
+        s2 =
+            (Td4[(t2 >> 24)       ] & 0xff000000) ^
+        (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Td4[(t3      ) & 0xff] & 0x000000ff) ^
+        @rk[2+j]
+        s3 =
+            (Td4[(t3 >> 24)       ] & 0xff000000) ^
+        (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Td4[(t0      ) & 0xff] & 0x000000ff) ^
+        @rk[3+j]
+        [("%08x%08x%08x%08x" % [s0, s1, s2, s3])].pack("H*")
+    end
+    protected :_decrypt_block
+    def xor(a,b)
+        c = ""
+        16.times do |i|
+            c << (a[i] ^ b[i]).chr
+        end
+        c
+    end
+    protected :xor
+    def encrypt_block(block)
+        case @mode
+        when 'ECB'
+            _encrypt_block(block)
+        when 'CBC'
+            @iv = _encrypt_block(xor(block, @iv))
+        when 'OFB'
+            @iv = _encrypt_block(@iv)
+            xor(@iv, block)
+        when 'CFB'
+            @iv = xor(_encrypt_block(@iv), block)
+        end
+    end
+    def decrypt_block(block)
+        case @mode
+        when 'ECB'
+            _decrypt_block(block)
+        when 'CBC'
+            o = xor(_decrypt_block(block), @iv)
+            @iv = block
+            o
+        when 'OFB'
+            @iv = _encrypt_block(@iv)
+            xor(@iv, block)
+        when 'CFB'
+            o = xor(_encrypt_block(@iv), block)
+            @iv = block
+            o
+        end
+    end
+    def encrypt_blocks(buffer)
+        raise "Bad block length" unless (buffer.length % 16).zero?
+        ct = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                ct << encrypt_block(block)
+                block = ""
+            end
+        end
+    end
+    def decrypt_blocks(buffer)
+        raise "Bad block length" unless (buffer.length % 16).zero?
+        pt = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                pt << decrypt_block(block)
+                block = ""
+            end
+        end
+    end
+    def encrypt_buffer(buffer)
+        ct = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                ct << encrypt_block(block)
+                block = ""
+            end
+        end
+        m = 16 - block.length % 16
+        ct << (m == 16 ? 0 : encrypt_block(block << m.chr * m))
+    end
+    def decrypt_buffer(buffer)
+        pt = ""
+        block = ""
+        buffer.each_byte do |char|
+            block << char
+            if block.length == 16
+                pt << decrypt_block(block)
+                block = ""
+            end
+        end
+        if block.length == 0
+            c = pt[-1]
+            c.chr * c == pt[-c..-1] ? pt[0..-(c+1)] : (raise "Bad Block Padding")
+        else
+            pt
+        end
+    end
+    def init(key_length, mode, key, iv = nil)
+        @nb = 4
+        @ek = []
+        @rk = []
+        @state = nil
+        @iv = "\000" * 16
+        @iv = iv if iv
+        case key_length
+        when 128
+            @nk = 4
+            @nr = 10
+        when 192
+            @nk = 6
+            @nr = 12
+        when 256
+            @nk = 8
+            @nr = 14
+        else
+            raise 'Bad Key length'
+        end
+        @kl = key_length
+        case mode
+        when 'ECB', 'CBC', 'OFB', 'CFB'
+            @mode = mode
+        else
+            raise 'Bad AES mode'
+        end
+        decryption_key_schedule(key)
+    end
+    def initialize(key_length, mode, key, iv = nil)
+        init(key_length, mode, key, iv)
+    end
+end # AesAlg