Ejemplo n.º 1
0
 private static void rijndaelDecrypt(
     byte[] in, int inOffset, byte[] out, int outOffset, Object sessionKey, int bs) {
   Object[] sKey = (Object[]) sessionKey; // extract decryption round keys
   int[][] Kd = (int[][]) sKey[1];
   int BC = bs / 4;
   int ROUNDS = Kd.length - 1;
   int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2);
   int s1 = shifts[SC][1][1];
   int s2 = shifts[SC][2][1];
   int s3 = shifts[SC][3][1];
   int[] a = new int[BC];
   int[] t = new int[BC]; // temporary work array
   int i, tt;
   for (i = 0; i < BC; i++) // ciphertext to ints + key
   t[i] =
         (in[inOffset++] << 24
                 | (in[inOffset++] & 0xFF) << 16
                 | (in[inOffset++] & 0xFF) << 8
                 | (in[inOffset++] & 0xFF))
             ^ Kd[0][i];
   for (int r = 1; r < ROUNDS; r++) // apply round transforms
   {
     for (i = 0; i < BC; i++)
       a[i] =
           (T5[(t[i] >>> 24)]
                   ^ T6[(t[(i + s1) % BC] >>> 16) & 0xFF]
                   ^ T7[(t[(i + s2) % BC] >>> 8) & 0xFF]
                   ^ T8[t[(i + s3) % BC] & 0xFF])
               ^ Kd[r][i];
     System.arraycopy(a, 0, t, 0, BC);
     if (Configuration.DEBUG) log.fine("PT" + r + "=" + Util.toString(t));
   }
   for (i = 0; i < BC; i++) // last round is special
   {
     tt = Kd[ROUNDS][i];
     out[outOffset++] = (byte) (Si[(t[i] >>> 24)] ^ (tt >>> 24));
     out[outOffset++] = (byte) (Si[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16));
     out[outOffset++] = (byte) (Si[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8));
     out[outOffset++] = (byte) (Si[t[(i + s3) % BC] & 0xFF] ^ tt);
   }
   if (Configuration.DEBUG) log.fine("PT=" + Util.toString(out, outOffset - bs, bs));
 }
Ejemplo n.º 2
0
  /**
   * Parse an encoded PKCS#7 SignedData object. The ASN.1 format of this object is:
   *
   * <pre>
   * SignedData ::= SEQUENCE {
   *   version           Version, -- always 1 for PKCS7 v1.5
   *   digestAlgorithms  DigestAlgorithmIdentifiers,
   *   contentInfo       ContentInfo,
   *   certificates  [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
   *   crls          [1] IMPLICIT CertificateRevocationLists OPTIONAL,
   *   signerInfos       SignerInfos }
   *
   * Version ::= INTEGER
   *
   * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
   *
   * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
   *
   * ContentInfo ::= SEQUENCE {
   *   contentType   ContentType,
   *   content   [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
   *
   * ContentType ::= OBJECT IDENTIFIER
   *
   * ExtendedCertificatesAndCertificates ::=
   *   SET OF ExtendedCertificatesAndCertificate
   *
   * ExtendedCertificatesAndCertificate ::= CHOICE {
   *   certificate             Certificate, -- from X.509
   *   extendedCertificate [0] IMPLICIT ExtendedCertificate }
   *
   * CertificateRevocationLists ::= SET OF CertificateRevocationList
   *   -- from X.509
   *
   * SignerInfos ::= SET OF SignerInfo
   *
   * SignerInfo ::= SEQUENCE {
   *   version                       Version, -- always 1 for PKCS7 v1.5
   *   issuerAndSerialNumber         IssuerAndSerialNumber,
   *   digestAlgorithm               DigestAlgorithmIdentifier,
   *   authenticatedAttributes   [0] IMPLICIT Attributes OPTIONAL,
   *   digestEncryptionAlgorithm     DigestEncryptionAlgorithmIdentifier,
   *   encryptedDigest               EncryptedDigest,
   *   unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL }
   *
   * EncryptedDigest ::= OCTET STRING
   * </pre>
   *
   * <p>(Readers who are confused as to why it takes 40 levels of indirection to specify "data with
   * a signature", rest assured that the present author is as confused as you are).
   */
  public PKCS7SignedData(BERReader ber) throws CRLException, CertificateException, IOException {
    CertificateFactory x509 = CertificateFactory.getInstance("X509");
    DERValue val = ber.read();
    if (!val.isConstructed()) throw new BEREncodingException("malformed ContentInfo");

    val = ber.read();
    if (val.getTag() != BER.OBJECT_IDENTIFIER)
      throw new BEREncodingException("malformed ContentType");

    if (!PKCS7_SIGNED_DATA.equals(val.getValue()))
      throw new BEREncodingException("content is not SignedData");

    val = ber.read();
    if (val.getTag() != 0) throw new BEREncodingException("malformed Content");

    val = ber.read();
    if (!val.isConstructed()) throw new BEREncodingException("malformed SignedData");

    if (Configuration.DEBUG) log.fine("SignedData: " + val);

    val = ber.read();
    if (val.getTag() != BER.INTEGER) throw new BEREncodingException("expecting Version");
    version = (BigInteger) val.getValue();
    if (Configuration.DEBUG) log.fine("  Version: " + version);

    digestAlgorithms = new HashSet();
    val = ber.read();
    if (!val.isConstructed())
      throw new BEREncodingException("malformed DigestAlgorithmIdentifiers");
    if (Configuration.DEBUG) log.fine("  DigestAlgorithmIdentifiers: " + val);
    int count = 0;
    DERValue val2 = ber.read();
    while (val2 != BER.END_OF_SEQUENCE && (val.getLength() > 0 && val.getLength() > count)) {
      if (!val2.isConstructed()) throw new BEREncodingException("malformed AlgorithmIdentifier");
      if (Configuration.DEBUG) log.fine("    AlgorithmIdentifier: " + val2);
      count += val2.getEncodedLength();
      val2 = ber.read();
      if (val2.getTag() != BER.OBJECT_IDENTIFIER)
        throw new BEREncodingException("malformed AlgorithmIdentifier");
      if (Configuration.DEBUG) log.fine("      digestAlgorithmIdentifiers OID: " + val2.getValue());
      List algId = new ArrayList(2);
      algId.add(val2.getValue());
      val2 = ber.read();
      if (val2 != BER.END_OF_SEQUENCE) {
        count += val2.getEncodedLength();
        if (val2.getTag() == BER.NULL) algId.add(null);
        else algId.add(val2.getEncoded());

        if (val2.isConstructed()) ber.skip(val2.getLength());

        if (BERValue.isIndefinite(val)) val2 = ber.read();
      } else algId.add(null);

      if (Configuration.DEBUG) {
        log.fine("      digestAlgorithmIdentifiers params: ");
        log.fine(
            Util.dumpString((byte[]) algId.get(1), "      digestAlgorithmIdentifiers params: "));
      }
      digestAlgorithms.add(algId);
    }

    val = ber.read();
    if (!val.isConstructed()) throw new BEREncodingException("malformed ContentInfo");
    if (Configuration.DEBUG) log.fine("  ContentInfo: " + val);
    val2 = ber.read();
    if (val2.getTag() != BER.OBJECT_IDENTIFIER)
      throw new BEREncodingException("malformed ContentType");

    contentType = (OID) val2.getValue();
    if (Configuration.DEBUG) log.fine("    ContentType OID: " + contentType);
    if (BERValue.isIndefinite(val)
        || (val.getLength() > 0 && val.getLength() > val2.getEncodedLength())) {
      val2 = ber.read();
      if (val2 != BER.END_OF_SEQUENCE) {
        content = val2.getEncoded();
        if (BERValue.isIndefinite(val)) val2 = ber.read();
      }
    }
    if (Configuration.DEBUG) {
      log.fine("    Content: ");
      log.fine(Util.dumpString(content, "    Content: "));
    }
    val = ber.read();
    if (val.getTag() == 0) {
      if (!val.isConstructed())
        throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates");
      if (Configuration.DEBUG) log.fine("  ExtendedCertificatesAndCertificates: " + val);
      count = 0;
      val2 = ber.read();
      List certs = new LinkedList();
      while (val2 != BER.END_OF_SEQUENCE && (val.getLength() > 0 && val.getLength() > count)) {
        Certificate cert = x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded()));
        if (Configuration.DEBUG) log.fine("    Certificate: " + cert);
        certs.add(cert);
        count += val2.getEncodedLength();
        ber.skip(val2.getLength());
        if (BERValue.isIndefinite(val) || val.getLength() > count) val2 = ber.read();
      }
      certificates = (Certificate[]) certs.toArray(new Certificate[certs.size()]);
      val = ber.read();
    }

    if (val.getTag() == 1) {
      if (!val.isConstructed())
        throw new BEREncodingException("malformed CertificateRevocationLists");
      if (Configuration.DEBUG) log.fine("  CertificateRevocationLists: " + val);
      count = 0;
      val2 = ber.read();
      List crls = new LinkedList();
      while (val2 != BER.END_OF_SEQUENCE && (val.getLength() > 0 && val.getLength() > count)) {
        CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
        if (Configuration.DEBUG) log.fine("    CRL: " + crl);
        crls.add(crl);
        count += val2.getEncodedLength();
        ber.skip(val2.getLength());
        if (BERValue.isIndefinite(val) || val.getLength() > count) val2 = ber.read();
      }
      this.crls = (CRL[]) crls.toArray(new CRL[crls.size()]);
      val = ber.read();
    }

    signerInfos = new HashSet();
    if (!val.isConstructed()) throw new BEREncodingException("malformed SignerInfos");
    if (Configuration.DEBUG) log.fine("  SignerInfos: " + val);

    // FIXME read this more carefully.
    // Since we are just reading a file (probably) we just read until we
    // reach the end.
    while (true) {
      int i = ber.peek();
      if (i == 0 || i == -1) break;
      signerInfos.add(new SignerInfo(ber));
    }
  }
Ejemplo n.º 3
0
/**
 * Rijndael --pronounced Reindaal-- is the AES. It is a variable block-size (128-, 192- and
 * 256-bit), variable key-size (128-, 192- and 256-bit) symmetric key block cipher.
 *
 * <p>References:
 *
 * <ol>
 *   <li><a href="http://www.esat.kuleuven.ac.be/~rijmen/rijndael/">The Rijndael Block Cipher - AES
 *       Proposal</a>.<br>
 *       <a href="mailto:[email protected]">Vincent Rijmen</a> and <a
 *       href="mailto:[email protected]">Joan Daemen</a>.
 * </ol>
 */
public final class Rijndael extends BaseCipher {
  private static final Logger log = Logger.getLogger(Rijndael.class.getName());
  private static final int DEFAULT_BLOCK_SIZE = 16; // in bytes
  private static final int DEFAULT_KEY_SIZE = 16; // in bytes
  private static final String SS =
      "\u637C\u777B\uF26B\u6FC5\u3001\u672B\uFED7\uAB76"
          + "\uCA82\uC97D\uFA59\u47F0\uADD4\uA2AF\u9CA4\u72C0"
          + "\uB7FD\u9326\u363F\uF7CC\u34A5\uE5F1\u71D8\u3115"
          + "\u04C7\u23C3\u1896\u059A\u0712\u80E2\uEB27\uB275"
          + "\u0983\u2C1A\u1B6E\u5AA0\u523B\uD6B3\u29E3\u2F84"
          + "\u53D1\u00ED\u20FC\uB15B\u6ACB\uBE39\u4A4C\u58CF"
          + "\uD0EF\uAAFB\u434D\u3385\u45F9\u027F\u503C\u9FA8"
          + "\u51A3\u408F\u929D\u38F5\uBCB6\uDA21\u10FF\uF3D2"
          + "\uCD0C\u13EC\u5F97\u4417\uC4A7\u7E3D\u645D\u1973"
          + "\u6081\u4FDC\u222A\u9088\u46EE\uB814\uDE5E\u0BDB"
          + "\uE032\u3A0A\u4906\u245C\uC2D3\uAC62\u9195\uE479"
          + "\uE7C8\u376D\u8DD5\u4EA9\u6C56\uF4EA\u657A\uAE08"
          + "\uBA78\u252E\u1CA6\uB4C6\uE8DD\u741F\u4BBD\u8B8A"
          + "\u703E\uB566\u4803\uF60E\u6135\u57B9\u86C1\u1D9E"
          + "\uE1F8\u9811\u69D9\u8E94\u9B1E\u87E9\uCE55\u28DF"
          + "\u8CA1\u890D\uBFE6\u4268\u4199\u2D0F\uB054\uBB16";
  private static final byte[] S = new byte[256];
  private static final byte[] Si = new byte[256];
  private static final int[] T1 = new int[256];
  private static final int[] T2 = new int[256];
  private static final int[] T3 = new int[256];
  private static final int[] T4 = new int[256];
  private static final int[] T5 = new int[256];
  private static final int[] T6 = new int[256];
  private static final int[] T7 = new int[256];
  private static final int[] T8 = new int[256];
  private static final int[] U1 = new int[256];
  private static final int[] U2 = new int[256];
  private static final int[] U3 = new int[256];
  private static final int[] U4 = new int[256];
  private static final byte[] rcon = new byte[30];
  private static final int[][][] shifts =
      new int[][][] {
        {{0, 0}, {1, 3}, {2, 2}, {3, 1}},
        {{0, 0}, {1, 5}, {2, 4}, {3, 3}},
        {{0, 0}, {1, 7}, {3, 5}, {4, 4}}
      };
  /**
   * KAT vector (from ecb_vk): I=96
   * KEY=0000000000000000000000010000000000000000000000000000000000000000
   * CT=E44429474D6FC3084EB2A6B8B46AF754
   */
  private static final byte[] KAT_KEY =
      Util.toBytesFromString("0000000000000000000000010000000000000000000000000000000000000000");

  private static final byte[] KAT_CT = Util.toBytesFromString("E44429474D6FC3084EB2A6B8B46AF754");
  /** caches the result of the correctness test, once executed. */
  private static Boolean valid;

  static {
    long time = System.currentTimeMillis();
    int ROOT = 0x11B;
    int i, j = 0;
    // S-box, inverse S-box, T-boxes, U-boxes
    int s, s2, s3, i2, i4, i8, i9, ib, id, ie, t;
    char c;
    for (i = 0; i < 256; i++) {
      c = SS.charAt(i >>> 1);
      S[i] = (byte) (((i & 1) == 0) ? c >>> 8 : c & 0xFF);
      s = S[i] & 0xFF;
      Si[s] = (byte) i;
      s2 = s << 1;
      if (s2 >= 0x100) s2 ^= ROOT;
      s3 = s2 ^ s;
      i2 = i << 1;
      if (i2 >= 0x100) i2 ^= ROOT;
      i4 = i2 << 1;
      if (i4 >= 0x100) i4 ^= ROOT;
      i8 = i4 << 1;
      if (i8 >= 0x100) i8 ^= ROOT;
      i9 = i8 ^ i;
      ib = i9 ^ i2;
      id = i9 ^ i4;
      ie = i8 ^ i4 ^ i2;
      T1[i] = t = (s2 << 24) | (s << 16) | (s << 8) | s3;
      T2[i] = (t >>> 8) | (t << 24);
      T3[i] = (t >>> 16) | (t << 16);
      T4[i] = (t >>> 24) | (t << 8);
      T5[s] = U1[i] = t = (ie << 24) | (i9 << 16) | (id << 8) | ib;
      T6[s] = U2[i] = (t >>> 8) | (t << 24);
      T7[s] = U3[i] = (t >>> 16) | (t << 16);
      T8[s] = U4[i] = (t >>> 24) | (t << 8);
    }
    // round constants
    int r = 1;
    rcon[0] = 1;
    for (i = 1; i < 30; i++) {
      r <<= 1;
      if (r >= 0x100) r ^= ROOT;
      rcon[i] = (byte) r;
    }
    time = System.currentTimeMillis() - time;
    if (Configuration.DEBUG) {
      log.fine("Static Data");
      log.fine("S[]:");
      StringBuilder sb;
      for (i = 0; i < 16; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 16; j++) sb.append("0x").append(Util.toString(S[i * 16 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("Si[]:");
      for (i = 0; i < 16; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 16; j++) sb.append("0x").append(Util.toString(Si[i * 16 + j])).append(", ");
        log.fine(sb.toString());
      }

      log.fine("T1[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T1[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T2[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T2[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T3[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T3[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T4[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T4[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T5[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T5[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T6[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T6[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T7[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T7[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T8[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T8[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }

      log.fine("U1[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U1[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("U2[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U2[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("U3[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U3[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("U4[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U4[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }

      log.fine("rcon[]:");
      for (i = 0; i < 5; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 6; j++) sb.append("0x").append(Util.toString(rcon[i * 6 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("Total initialization time: " + time + " ms.");
    }
  }

  /** Trivial 0-arguments constructor. */
  public Rijndael() {
    super(Registry.RIJNDAEL_CIPHER, DEFAULT_BLOCK_SIZE, DEFAULT_KEY_SIZE);
  }

  /**
   * Returns the number of rounds for a given Rijndael's key and block sizes.
   *
   * @param ks the size of the user key material in bytes.
   * @param bs the desired block size in bytes.
   * @return the number of rounds for a given Rijndael's key and block sizes.
   */
  public static int getRounds(int ks, int bs) {
    switch (ks) {
      case 16:
        return bs == 16 ? 10 : (bs == 24 ? 12 : 14);
      case 24:
        return bs != 32 ? 12 : 14;
      default: // 32 bytes = 256 bits
        return 14;
    }
  }

  private static void rijndaelEncrypt(
      byte[] in, int inOffset, byte[] out, int outOffset, Object sessionKey, int bs) {
    Object[] sKey = (Object[]) sessionKey; // extract encryption round keys
    int[][] Ke = (int[][]) sKey[0];
    int BC = bs / 4;
    int ROUNDS = Ke.length - 1;
    int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2);
    int s1 = shifts[SC][1][0];
    int s2 = shifts[SC][2][0];
    int s3 = shifts[SC][3][0];
    int[] a = new int[BC];
    int[] t = new int[BC]; // temporary work array
    int i, tt;
    for (i = 0; i < BC; i++) // plaintext to ints + key
    t[i] =
          (in[inOffset++] << 24
                  | (in[inOffset++] & 0xFF) << 16
                  | (in[inOffset++] & 0xFF) << 8
                  | (in[inOffset++] & 0xFF))
              ^ Ke[0][i];
    for (int r = 1; r < ROUNDS; r++) // apply round transforms
    {
      for (i = 0; i < BC; i++)
        a[i] =
            (T1[(t[i] >>> 24)]
                    ^ T2[(t[(i + s1) % BC] >>> 16) & 0xFF]
                    ^ T3[(t[(i + s2) % BC] >>> 8) & 0xFF]
                    ^ T4[t[(i + s3) % BC] & 0xFF])
                ^ Ke[r][i];
      System.arraycopy(a, 0, t, 0, BC);
      if (Configuration.DEBUG) log.fine("CT" + r + "=" + Util.toString(t));
    }
    for (i = 0; i < BC; i++) // last round is special
    {
      tt = Ke[ROUNDS][i];
      out[outOffset++] = (byte) (S[(t[i] >>> 24)] ^ (tt >>> 24));
      out[outOffset++] = (byte) (S[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16));
      out[outOffset++] = (byte) (S[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8));
      out[outOffset++] = (byte) (S[t[(i + s3) % BC] & 0xFF] ^ tt);
    }
    if (Configuration.DEBUG) log.fine("CT=" + Util.toString(out, outOffset - bs, bs));
  }

  private static void rijndaelDecrypt(
      byte[] in, int inOffset, byte[] out, int outOffset, Object sessionKey, int bs) {
    Object[] sKey = (Object[]) sessionKey; // extract decryption round keys
    int[][] Kd = (int[][]) sKey[1];
    int BC = bs / 4;
    int ROUNDS = Kd.length - 1;
    int SC = BC == 4 ? 0 : (BC == 6 ? 1 : 2);
    int s1 = shifts[SC][1][1];
    int s2 = shifts[SC][2][1];
    int s3 = shifts[SC][3][1];
    int[] a = new int[BC];
    int[] t = new int[BC]; // temporary work array
    int i, tt;
    for (i = 0; i < BC; i++) // ciphertext to ints + key
    t[i] =
          (in[inOffset++] << 24
                  | (in[inOffset++] & 0xFF) << 16
                  | (in[inOffset++] & 0xFF) << 8
                  | (in[inOffset++] & 0xFF))
              ^ Kd[0][i];
    for (int r = 1; r < ROUNDS; r++) // apply round transforms
    {
      for (i = 0; i < BC; i++)
        a[i] =
            (T5[(t[i] >>> 24)]
                    ^ T6[(t[(i + s1) % BC] >>> 16) & 0xFF]
                    ^ T7[(t[(i + s2) % BC] >>> 8) & 0xFF]
                    ^ T8[t[(i + s3) % BC] & 0xFF])
                ^ Kd[r][i];
      System.arraycopy(a, 0, t, 0, BC);
      if (Configuration.DEBUG) log.fine("PT" + r + "=" + Util.toString(t));
    }
    for (i = 0; i < BC; i++) // last round is special
    {
      tt = Kd[ROUNDS][i];
      out[outOffset++] = (byte) (Si[(t[i] >>> 24)] ^ (tt >>> 24));
      out[outOffset++] = (byte) (Si[(t[(i + s1) % BC] >>> 16) & 0xFF] ^ (tt >>> 16));
      out[outOffset++] = (byte) (Si[(t[(i + s2) % BC] >>> 8) & 0xFF] ^ (tt >>> 8));
      out[outOffset++] = (byte) (Si[t[(i + s3) % BC] & 0xFF] ^ tt);
    }
    if (Configuration.DEBUG) log.fine("PT=" + Util.toString(out, outOffset - bs, bs));
  }

  private static void aesEncrypt(byte[] in, int i, byte[] out, int j, Object key) {
    int[][] Ke = (int[][]) ((Object[]) key)[0]; // extract encryption round keys
    int ROUNDS = Ke.length - 1;
    int[] Ker = Ke[0];
    // plaintext to ints + key
    int t0 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Ker[0];
    int t1 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Ker[1];
    int t2 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Ker[2];
    int t3 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Ker[3];
    int a0, a1, a2, a3;
    for (int r = 1; r < ROUNDS; r++) // apply round transforms
    {
      Ker = Ke[r];
      a0 =
          (T1[(t0 >>> 24)] ^ T2[(t1 >>> 16) & 0xFF] ^ T3[(t2 >>> 8) & 0xFF] ^ T4[t3 & 0xFF])
              ^ Ker[0];
      a1 =
          (T1[(t1 >>> 24)] ^ T2[(t2 >>> 16) & 0xFF] ^ T3[(t3 >>> 8) & 0xFF] ^ T4[t0 & 0xFF])
              ^ Ker[1];
      a2 =
          (T1[(t2 >>> 24)] ^ T2[(t3 >>> 16) & 0xFF] ^ T3[(t0 >>> 8) & 0xFF] ^ T4[t1 & 0xFF])
              ^ Ker[2];
      a3 =
          (T1[(t3 >>> 24)] ^ T2[(t0 >>> 16) & 0xFF] ^ T3[(t1 >>> 8) & 0xFF] ^ T4[t2 & 0xFF])
              ^ Ker[3];
      t0 = a0;
      t1 = a1;
      t2 = a2;
      t3 = a3;
      if (Configuration.DEBUG)
        log.fine(
            "CT"
                + r
                + "="
                + Util.toString(t0)
                + Util.toString(t1)
                + Util.toString(t2)
                + Util.toString(t3));
    }
    // last round is special
    Ker = Ke[ROUNDS];
    int tt = Ker[0];
    out[j++] = (byte) (S[(t0 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (S[(t1 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (S[(t2 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (S[t3 & 0xFF] ^ tt);
    tt = Ker[1];
    out[j++] = (byte) (S[(t1 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (S[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (S[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (S[t0 & 0xFF] ^ tt);
    tt = Ker[2];
    out[j++] = (byte) (S[(t2 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (S[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (S[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (S[t1 & 0xFF] ^ tt);
    tt = Ker[3];
    out[j++] = (byte) (S[(t3 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (S[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (S[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (S[t2 & 0xFF] ^ tt);
    if (Configuration.DEBUG) log.fine("CT=" + Util.toString(out, j - 16, 16));
  }

  private static void aesDecrypt(byte[] in, int i, byte[] out, int j, Object key) {
    int[][] Kd = (int[][]) ((Object[]) key)[1]; // extract decryption round keys
    int ROUNDS = Kd.length - 1;
    int[] Kdr = Kd[0];
    // ciphertext to ints + key
    int t0 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[0];
    int t1 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[1];
    int t2 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[2];
    int t3 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[3];

    int a0, a1, a2, a3;
    for (int r = 1; r < ROUNDS; r++) // apply round transforms
    {
      Kdr = Kd[r];
      a0 =
          (T5[(t0 >>> 24)] ^ T6[(t3 >>> 16) & 0xFF] ^ T7[(t2 >>> 8) & 0xFF] ^ T8[t1 & 0xFF])
              ^ Kdr[0];
      a1 =
          (T5[(t1 >>> 24)] ^ T6[(t0 >>> 16) & 0xFF] ^ T7[(t3 >>> 8) & 0xFF] ^ T8[t2 & 0xFF])
              ^ Kdr[1];
      a2 =
          (T5[(t2 >>> 24)] ^ T6[(t1 >>> 16) & 0xFF] ^ T7[(t0 >>> 8) & 0xFF] ^ T8[t3 & 0xFF])
              ^ Kdr[2];
      a3 =
          (T5[(t3 >>> 24)] ^ T6[(t2 >>> 16) & 0xFF] ^ T7[(t1 >>> 8) & 0xFF] ^ T8[t0 & 0xFF])
              ^ Kdr[3];
      t0 = a0;
      t1 = a1;
      t2 = a2;
      t3 = a3;
      if (Configuration.DEBUG)
        log.fine(
            "PT"
                + r
                + "="
                + Util.toString(t0)
                + Util.toString(t1)
                + Util.toString(t2)
                + Util.toString(t3));
    }
    // last round is special
    Kdr = Kd[ROUNDS];
    int tt = Kdr[0];
    out[j++] = (byte) (Si[(t0 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t2 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t1 & 0xFF] ^ tt);
    tt = Kdr[1];
    out[j++] = (byte) (Si[(t1 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t2 & 0xFF] ^ tt);
    tt = Kdr[2];
    out[j++] = (byte) (Si[(t2 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t1 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t3 & 0xFF] ^ tt);
    tt = Kdr[3];
    out[j++] = (byte) (Si[(t3 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t0 & 0xFF] ^ tt);
    if (Configuration.DEBUG) log.fine("PT=" + Util.toString(out, j - 16, 16));
  }

  public Object clone() {
    Rijndael result = new Rijndael();
    result.currentBlockSize = this.currentBlockSize;

    return result;
  }

  public Iterator blockSizes() {
    ArrayList al = new ArrayList();
    al.add(Integer.valueOf(128 / 8));
    al.add(Integer.valueOf(192 / 8));
    al.add(Integer.valueOf(256 / 8));

    return Collections.unmodifiableList(al).iterator();
  }

  public Iterator keySizes() {
    ArrayList al = new ArrayList();
    al.add(Integer.valueOf(128 / 8));
    al.add(Integer.valueOf(192 / 8));
    al.add(Integer.valueOf(256 / 8));

    return Collections.unmodifiableList(al).iterator();
  }

  /**
   * Expands a user-supplied key material into a session key for a designated <i>block size</i>.
   *
   * @param k the 128/192/256-bit user-key to use.
   * @param bs the block size in bytes of this Rijndael.
   * @return an Object encapsulating the session key.
   * @exception IllegalArgumentException if the block size is not 16, 24 or 32.
   * @exception InvalidKeyException if the key data is invalid.
   */
  public Object makeKey(byte[] k, int bs) throws InvalidKeyException {
    if (k == null) throw new InvalidKeyException("Empty key");
    if (!(k.length == 16 || k.length == 24 || k.length == 32))
      throw new InvalidKeyException("Incorrect key length");
    if (!(bs == 16 || bs == 24 || bs == 32)) throw new IllegalArgumentException();
    int ROUNDS = getRounds(k.length, bs);
    int BC = bs / 4;
    int[][] Ke = new int[ROUNDS + 1][BC]; // encryption round keys
    int[][] Kd = new int[ROUNDS + 1][BC]; // decryption round keys
    int ROUND_KEY_COUNT = (ROUNDS + 1) * BC;
    int KC = k.length / 4;
    int[] tk = new int[KC];
    int i, j;
    // copy user material bytes into temporary ints
    for (i = 0, j = 0; i < KC; )
      tk[i++] = k[j++] << 24 | (k[j++] & 0xFF) << 16 | (k[j++] & 0xFF) << 8 | (k[j++] & 0xFF);
    // copy values into round key arrays
    int t = 0;
    for (j = 0; (j < KC) && (t < ROUND_KEY_COUNT); j++, t++) {
      Ke[t / BC][t % BC] = tk[j];
      Kd[ROUNDS - (t / BC)][t % BC] = tk[j];
    }
    int tt, rconpointer = 0;
    while (t < ROUND_KEY_COUNT) {
      // extrapolate using phi (the round key evolution function)
      tt = tk[KC - 1];
      tk[0] ^=
          (S[(tt >>> 16) & 0xFF] & 0xFF) << 24
              ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 16
              ^ (S[tt & 0xFF] & 0xFF) << 8
              ^ (S[(tt >>> 24)] & 0xFF)
              ^ rcon[rconpointer++] << 24;
      if (KC != 8) for (i = 1, j = 0; i < KC; ) tk[i++] ^= tk[j++];
      else {
        for (i = 1, j = 0; i < KC / 2; ) tk[i++] ^= tk[j++];
        tt = tk[KC / 2 - 1];
        tk[KC / 2] ^=
            (S[tt & 0xFF] & 0xFF)
                ^ (S[(tt >>> 8) & 0xFF] & 0xFF) << 8
                ^ (S[(tt >>> 16) & 0xFF] & 0xFF) << 16
                ^ S[(tt >>> 24) & 0xFF] << 24;
        for (j = KC / 2, i = j + 1; i < KC; ) tk[i++] ^= tk[j++];
      }
      // copy values into round key arrays
      for (j = 0; (j < KC) && (t < ROUND_KEY_COUNT); j++, t++) {
        Ke[t / BC][t % BC] = tk[j];
        Kd[ROUNDS - (t / BC)][t % BC] = tk[j];
      }
    }
    for (int r = 1; r < ROUNDS; r++) // inverse MixColumn where needed
    for (j = 0; j < BC; j++) {
        tt = Kd[r][j];
        Kd[r][j] = U1[(tt >>> 24)] ^ U2[(tt >>> 16) & 0xFF] ^ U3[(tt >>> 8) & 0xFF] ^ U4[tt & 0xFF];
      }
    return new Object[] {Ke, Kd};
  }

  public void encrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) {
    if (!(bs == 16 || bs == 24 || bs == 32)) throw new IllegalArgumentException();
    if (bs == DEFAULT_BLOCK_SIZE) aesEncrypt(in, i, out, j, k);
    else rijndaelEncrypt(in, i, out, j, k, bs);
  }

  public void decrypt(byte[] in, int i, byte[] out, int j, Object k, int bs) {
    if (!(bs == 16 || bs == 24 || bs == 32)) throw new IllegalArgumentException();
    if (bs == DEFAULT_BLOCK_SIZE) aesDecrypt(in, i, out, j, k);
    else rijndaelDecrypt(in, i, out, j, k, bs);
  }

  public boolean selfTest() {
    if (valid == null) {
      boolean result = super.selfTest(); // do symmetry tests
      if (result) result = testKat(KAT_KEY, KAT_CT);
      valid = Boolean.valueOf(result);
    }
    return valid.booleanValue();
  }
}
Ejemplo n.º 4
0
  private static void aesDecrypt(byte[] in, int i, byte[] out, int j, Object key) {
    int[][] Kd = (int[][]) ((Object[]) key)[1]; // extract decryption round keys
    int ROUNDS = Kd.length - 1;
    int[] Kdr = Kd[0];
    // ciphertext to ints + key
    int t0 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[0];
    int t1 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[1];
    int t2 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[2];
    int t3 =
        (in[i++] << 24 | (in[i++] & 0xFF) << 16 | (in[i++] & 0xFF) << 8 | (in[i++] & 0xFF))
            ^ Kdr[3];

    int a0, a1, a2, a3;
    for (int r = 1; r < ROUNDS; r++) // apply round transforms
    {
      Kdr = Kd[r];
      a0 =
          (T5[(t0 >>> 24)] ^ T6[(t3 >>> 16) & 0xFF] ^ T7[(t2 >>> 8) & 0xFF] ^ T8[t1 & 0xFF])
              ^ Kdr[0];
      a1 =
          (T5[(t1 >>> 24)] ^ T6[(t0 >>> 16) & 0xFF] ^ T7[(t3 >>> 8) & 0xFF] ^ T8[t2 & 0xFF])
              ^ Kdr[1];
      a2 =
          (T5[(t2 >>> 24)] ^ T6[(t1 >>> 16) & 0xFF] ^ T7[(t0 >>> 8) & 0xFF] ^ T8[t3 & 0xFF])
              ^ Kdr[2];
      a3 =
          (T5[(t3 >>> 24)] ^ T6[(t2 >>> 16) & 0xFF] ^ T7[(t1 >>> 8) & 0xFF] ^ T8[t0 & 0xFF])
              ^ Kdr[3];
      t0 = a0;
      t1 = a1;
      t2 = a2;
      t3 = a3;
      if (Configuration.DEBUG)
        log.fine(
            "PT"
                + r
                + "="
                + Util.toString(t0)
                + Util.toString(t1)
                + Util.toString(t2)
                + Util.toString(t3));
    }
    // last round is special
    Kdr = Kd[ROUNDS];
    int tt = Kdr[0];
    out[j++] = (byte) (Si[(t0 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t3 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t2 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t1 & 0xFF] ^ tt);
    tt = Kdr[1];
    out[j++] = (byte) (Si[(t1 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t0 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t3 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t2 & 0xFF] ^ tt);
    tt = Kdr[2];
    out[j++] = (byte) (Si[(t2 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t1 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t0 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t3 & 0xFF] ^ tt);
    tt = Kdr[3];
    out[j++] = (byte) (Si[(t3 >>> 24)] ^ (tt >>> 24));
    out[j++] = (byte) (Si[(t2 >>> 16) & 0xFF] ^ (tt >>> 16));
    out[j++] = (byte) (Si[(t1 >>> 8) & 0xFF] ^ (tt >>> 8));
    out[j++] = (byte) (Si[t0 & 0xFF] ^ tt);
    if (Configuration.DEBUG) log.fine("PT=" + Util.toString(out, j - 16, 16));
  }
Ejemplo n.º 5
0
  static {
    long time = System.currentTimeMillis();
    int ROOT = 0x11B;
    int i, j = 0;
    // S-box, inverse S-box, T-boxes, U-boxes
    int s, s2, s3, i2, i4, i8, i9, ib, id, ie, t;
    char c;
    for (i = 0; i < 256; i++) {
      c = SS.charAt(i >>> 1);
      S[i] = (byte) (((i & 1) == 0) ? c >>> 8 : c & 0xFF);
      s = S[i] & 0xFF;
      Si[s] = (byte) i;
      s2 = s << 1;
      if (s2 >= 0x100) s2 ^= ROOT;
      s3 = s2 ^ s;
      i2 = i << 1;
      if (i2 >= 0x100) i2 ^= ROOT;
      i4 = i2 << 1;
      if (i4 >= 0x100) i4 ^= ROOT;
      i8 = i4 << 1;
      if (i8 >= 0x100) i8 ^= ROOT;
      i9 = i8 ^ i;
      ib = i9 ^ i2;
      id = i9 ^ i4;
      ie = i8 ^ i4 ^ i2;
      T1[i] = t = (s2 << 24) | (s << 16) | (s << 8) | s3;
      T2[i] = (t >>> 8) | (t << 24);
      T3[i] = (t >>> 16) | (t << 16);
      T4[i] = (t >>> 24) | (t << 8);
      T5[s] = U1[i] = t = (ie << 24) | (i9 << 16) | (id << 8) | ib;
      T6[s] = U2[i] = (t >>> 8) | (t << 24);
      T7[s] = U3[i] = (t >>> 16) | (t << 16);
      T8[s] = U4[i] = (t >>> 24) | (t << 8);
    }
    // round constants
    int r = 1;
    rcon[0] = 1;
    for (i = 1; i < 30; i++) {
      r <<= 1;
      if (r >= 0x100) r ^= ROOT;
      rcon[i] = (byte) r;
    }
    time = System.currentTimeMillis() - time;
    if (Configuration.DEBUG) {
      log.fine("Static Data");
      log.fine("S[]:");
      StringBuilder sb;
      for (i = 0; i < 16; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 16; j++) sb.append("0x").append(Util.toString(S[i * 16 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("Si[]:");
      for (i = 0; i < 16; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 16; j++) sb.append("0x").append(Util.toString(Si[i * 16 + j])).append(", ");
        log.fine(sb.toString());
      }

      log.fine("T1[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T1[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T2[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T2[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T3[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T3[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T4[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T4[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T5[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T5[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T6[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T6[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T7[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T7[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("T8[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(T8[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }

      log.fine("U1[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U1[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("U2[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U2[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("U3[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U3[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("U4[]:");
      for (i = 0; i < 64; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 4; j++) sb.append("0x").append(Util.toString(U4[i * 4 + j])).append(", ");
        log.fine(sb.toString());
      }

      log.fine("rcon[]:");
      for (i = 0; i < 5; i++) {
        sb = new StringBuilder();
        for (j = 0; j < 6; j++) sb.append("0x").append(Util.toString(rcon[i * 6 + j])).append(", ");
        log.fine(sb.toString());
      }
      log.fine("Total initialization time: " + time + " ms.");
    }
  }