ddn.crypto.cipher.aes

AES (Rijndael) Block Cipher - Constant-Time Implementation.

This implementation uses a boolean circuit for the S-box computation instead of table lookups, providing resistance against cache-timing side-channel attacks.

Security

Note

This implementation executes in constant time

regardless of the key or plaintext values. There are no data-dependent branches or memory accesses that could leak information through timing.

Copyright

Copyright © 2025, Dejan Lekić

License

BSD-3-Clause
class AES

Types 1

classAES : BlockCipher

Implementation of the AES block cipher (FIPS 197).

Supports 128, 192, and 256-bit keys.

Constant-Time Implementation: This class uses a boolean circuit

to compute the S-box, eliminating table lookups that are vulnerable to cache-timing attacks. All operations execute in constant time regardless of the data being processed.

Fields
private int _rounds
private uint[] _roundKeys
private ubyte[256] SBOX
private ubyte[256] INV_SBOX
private uint[11] RCON
Methods
size_t blockSize() @property constReturns the block size in bytes (always 16 for AES).
void encrypt(const(ubyte)[] input, ubyte[] output)Encrypts a single 16-byte block.
void decrypt(const(ubyte)[] input, ubyte[] output)Decrypts a single 16-byte block.
private void expandKey(const(ubyte)[] key)
private uint subWord(uint w)
private uint rotWord(uint w)
private void addRoundKey(ref ubyte[16] state, int round)
private void subBytes(ref ubyte[16] state)SubBytes transformation using constant-time S-box computation.
private void invSubBytes(ref ubyte[16] state)Inverse SubBytes using constant-time inverse S-box computation.
private void shiftRows(ref ubyte[16] state)
private void invShiftRows(ref ubyte[16] state)
private void mixColumns(ref ubyte[16] state)
private void invMixColumns(ref ubyte[16] state)
private ubyte gfMul2(ubyte a) pure nothrow @nogc @safeMultiply by 2 in GF(2^8) - constant time.
private ubyte gfMul3(ubyte a) pure nothrow @nogc @safeMultiply by 3 in GF(2^8) - constant time.
private ubyte gfMul(ubyte a, ubyte b) pure nothrow @nogc @safeGeneral GF(2^8) multiplication - constant time.
private ubyte sboxCompute(uint input) pure nothrow @nogc @safeComputes the AES S-box in constant time.
private ubyte invSboxCompute(uint input) pure nothrow @nogc @safeComputes the inverse AES S-box in constant time.
Constructors
this(const(ubyte)[] key)Constructs a new AES cipher with the given key.