in src/aes.c [369:441]
void AES_ecb_encrypt(const amcl_aes *a,uchar *buff)
{
int i;
int j;
int k;
unsign32 p[4];
unsign32 q[4];
unsign32 *x;
unsign32 *y;
unsign32 *t;
for (i=j=0; i<NB; i++,j+=4)
{
p[i]=pack(&buff[j]);
p[i]^=a->fkey[i];
}
k=NB;
x=p;
y=q;
/* State alternates between x and y */
for (i=1; i<a->Nr; i++)
{
y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
ROTL24(ftable[x[3]>>24]);
y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
ROTL24(ftable[x[0]>>24]);
y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
ROTL24(ftable[x[1]>>24]);
y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
ROTL24(ftable[x[2]>>24]);
k+=4;
t=x;
x=y;
y=t; /* swap pointers */
}
/* Last Round */
y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
ROTL24((unsign32)fbsub[x[3]>>24]);
y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
ROTL24((unsign32)fbsub[x[0]>>24]);
y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
ROTL24((unsign32)fbsub[x[1]>>24]);
y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
ROTL24((unsign32)fbsub[x[2]>>24]);
for (i=j=0; i<NB; i++,j+=4)
{
unpack(y[i],&buff[j]);
x[i]=y[i]=0; /* clean up stack */
}
}