AES LSL+ Implementation

From Second Life Wiki
Jump to: navigation, search

Description

The following is an LSL+ version of the LSL AES Engine by Haravikk Mistral. It allows a developer to generate an optimised AES Engine using the Eclipse IDE.

This version has a number of advantages including over 8kb of memory right-away, and up to a further 12kb of memory through the use of the SUPPORTED_MODES(), SUPPORTED_PADS(), and SUPPORTS_SETUP() constants, which can be adjusted to enabled/disable modes of operation, padding schemes, and dynamic set-up.

With this amount of free-memory it is possible to integrate AES directly into a script, without the use of a broker which you would communicate with to perform encryption/decryption.

Project structure

While not a requirement, here is the structure of the LSL+ project from which the following code is derived, if you choose to use a different structure then you'll need to change the $import declarations accordingly.

The code you are mainly interested in is AES_Core.lslm, and AES_Constants.lslm. By importing these you can quickly start using AES in your examples, please refer to the examples to see how.

  • AES
    • Broker
      • AES_Broker_Constants.lslm
      • AES_Broker_Helper.lslm
      • AES_Broker.lslp
    • AES_Constants.lslm
    • AES_Core.lslm

Core Scripts

AES_Constants.lslm

$module ()
 
integer LSLAES_COMMAND_PRIME()		{ return 1; }
integer LSLAES_COMMAND_INIT()		{ return 2; }
integer LSLAES_COMMAND_ENCRYPT()	{ return 3; }
integer LSLAES_COMMAND_DECRYPT()	{ return 4; }
 
integer LSLAES_DATA_HEX()			{ return 1; }
integer LSLAES_DATA_BASE64()		{ return 2; }
 
string  LSLAES_HEX_CHARS()			{ return "0123456789abcdef"; }
string  LSLAES_BASE64_CHARS()		{ return "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; }
 
// The following constants define modes of operation
string	LSLAES_MODE_CBC()	 		{ return "MODE_CBC"; }
string	LSLAES_MODE_CFB()	 		{ return "MODE_CFB"; }
 
// Used to set mode
list    LSLAES_MODES() {
	return [
	    LSLAES_MODE_CBC(),
	    LSLAES_MODE_CFB()
	];
}
 
// pragma inline
integer LSLAES_MODE_LOOKUP(string mode) {
	return llListFindList(LSLAES_MODES(), [mode]);
}
 
integer LSLAES_MODE_CBC_ID() { return LSLAES_MODE_LOOKUP(LSLAES_MODE_CBC()); }
integer LSLAES_MODE_CFB_ID() { return LSLAES_MODE_LOOKUP(LSLAES_MODE_CFB()); }
 
// The following contstants define types of padding
string  LSLAES_PAD_NONE()			{ return "PAD_NONE"; }
string  LSLAES_PAD_RBT()			{ return "PAD_RBT"; }
string  LSLAES_PAD_NULLS()			{ return "PAD_NULLS"; }
string  LSLAES_PAD_NULLS_SAFE()		{ return "PAD_NULLS_SAFE"; }
string  LSLAES_PAD_RANDOM()			{ return "PAD_RANDOM"; }
string  LSLAES_PAD_ZEROES()			{ return "PAD_ZEROES"; }
 
// Used to set padding type
list    LSLAES_PADS() {
	return [
		LSLAES_PAD_NONE(),
		LSLAES_PAD_RBT(),
		LSLAES_PAD_NULLS(),
		LSLAES_PAD_NULLS_SAFE(),
		LSLAES_PAD_RANDOM(),
		LSLAES_PAD_ZEROES()
	];
}
 
// pragma inline
integer LSLAES_PAD_LOOKUP(string pad) {
	return llListFindList(LSLAES_PADS(), [pad]);
}
 
integer LSLAES_PAD_NONE_ID() { 		// Only compatible with CBF and OBF modes
	return LSLAES_PAD_LOOKUP(LSLAES_PAD_NONE());
}
integer LSLAES_PAD_RBT_ID() {		// XOR leftover bytes with re-encrypted 
                                	// first-block. Length remains the same
	return LSLAES_PAD_LOOKUP(LSLAES_PAD_RBT());
}
integer LSLAES_PAD_NULLS_ID() {		// Adds zeroes (null characters) to the 
                                	// end, which are trimmed afterwards.
                                	// Padding creates blocks of lslAESPadSize
	return LSLAES_PAD_LOOKUP(LSLAES_PAD_NULLS());
}
integer LSLAES_PAD_NULLS_SAFE_ID() {// Adds a single '1' bit before padding 
									// with zero-bytes to the block-boundary.
									// This method is safer than normal PAD_NULLS
	return LSLAES_PAD_LOOKUP(LSLAES_PAD_NULLS_SAFE());
}
integer LSLAES_PAD_RANDOM_ID() {	// Adds random bytes to the end of the 
                                	// data until it reaches a multiple of 
                                	// lslAESPadSize in length. Final byte 
                                	// identifies how many were added. This 
                                	// scheme causes padding to ALWAYS be 
                                	// added.
	return LSLAES_PAD_LOOKUP(LSLAES_PAD_RANDOM());
}
integer LSLAES_PAD_ZEROES_ID() {	// Identical to LSLAES_PAD_RANDOM_ID() except 
                                	// that zero-bytes are added.
	return LSLAES_PAD_LOOKUP(LSLAES_PAD_ZEROES());
}
 
string	LSLAES_PAD_SIZE()			{ return "PAD_SIZE"; }
integer LSLAES_PAD_SIZE_DEFAULT()	{ return 512; }

AES_Core.lslm

$module()
 
$import AES.AES_Constants.lslm();
 
list	SUPPORTED_MODES()	{
	return [
		LSLAES_MODE_CBC(), 		LSLAES_MODE_CBC_ID(),
		LSLAES_MODE_CFB(),		LSLAES_MODE_CFB_ID()
	];
}
 
integer LSLAES_MODE_DEFAULT() { return llList2Integer(SUPPORTED_MODES(), 1); }
 
// pragma inline
integer SUPPORTS_MODE(string mode) {
	return (~llListFindList(SUPPORTED_MODES(), [mode]));
}
 
list	SUPPORTED_PADS() {
	return [
		LSLAES_PAD_NONE(),		LSLAES_PAD_NONE_ID(),
		LSLAES_PAD_RBT(),		LSLAES_PAD_RBT_ID(),
		LSLAES_PAD_NULLS(),		LSLAES_PAD_NULLS_ID(),
		LSLAES_PAD_NULLS_SAFE(),LSLAES_PAD_NULLS_SAFE_ID(),
		LSLAES_PAD_RANDOM(),	LSLAES_PAD_RANDOM_ID(),
		LSLAES_PAD_ZEROES(),	LSLAES_PAD_ZEROES_ID()
	];
}
 
integer LSLAES_PAD_DEFAULT() { return llList2Integer(SUPPORTED_PADS(), 1); }
 
// pragma inline
integer SUPPORTS_PAD(string pad) {
	return (~llListFindList(SUPPORTED_PADS(), [pad]));
}
 
// Treats the above list as a byte-array, retrieving the desired byte value.
integer _lslAESGetSBoxInvertedByte(integer n) {{
    return _lslAESMultInverse(_lslAESInverseAffine(n));
}}
 
// Treats the above list as a byte-array, retrieving the desired byte value.
integer _lslAESGetSBoxByte(integer n) {{
    return _lslAESAffine(_lslAESMultInverse(n));
}}
 
// Calculates high-bit of x / 2 in a finite field
integer _lslAESHibit(integer x) {{
    x = (x >> 1) | (x >> 2);
    x = x | (x >> 2);
    x = x | (x >> 4);
    return (++x) >> 1;
}}
 
// Calculates a multipilicative inverse in a finite field
integer _lslAESMultInverse(integer p1) {{
    if(p1 < 2) return p1;
 
    integer p2 = 0x1b;
    integer n1 = _lslAESHibit(p1);
    integer n2 = 0x80;
    integer v1 = 1;
    integer v2 = 0;
 
    do {
        if(n1)
            while(n2 >= n1) {                 // Divide polynomial p2 by p1
                n2 /= n1;                     // shift smaller polynomial left 
                p2 = p2 ^ ((p1 * n2) & 0xFF); // and remove from larger one
                v2 = v2 ^ ((v1 * n2) & 0xFF); // shift accumulated value and
                n2 = _lslAESHibit(p2);               // add into result
            }
        else return v1;
 
        if(n2)                                // repeat with values swapped 
            while(n1 >= n2) {
                n1 /= n2;
                p1 = p1 ^ ((p2 * n1) & 0xFF);
                v1 = v1 ^ ((v2 * n1) & 0xFF);
                n1 = _lslAESHibit(p1);
            }
        else return v2;
    } while (TRUE);
    return 0;
}}
 
// Affine function for sbox
// pragma inline
integer _lslAESAffine(integer x) {{
    x = x ^ (x << 1) ^ (x << 2) ^ (x << 3) ^ (x << 4);
    return 0x63 ^ ((x ^ (x >> 8)) & 0xFF);
}}
 
// Inverse affine function for sbox inversion
// pragma inline
integer _lslAESInverseAffine(integer x) {{
    x = (x << 1) ^ (x << 3) ^ (x << 6);
    return 0x05 ^ ((x ^ (x >> 8)) & 0xFF);
}}
 
integer _lslAESMode;				// Set in default state_entry()
integer _lslAESPad;				// Set in default state_entry()
integer _lslAESPadSize;			// Set in default state_entry()
 
// Used for the actual encryption, generated from Key
list    _lslAESRoundKey          = [];
// The number of rounds to perform (bigger key == more rounds)
integer _lslAESRounds            = 0;
 
// The following are used for the state instead of a list
integer _lslAESStateX0			= 0;
integer _lslAESStateX1			= 0;
integer _lslAESStateX2			= 0;
integer _lslAESStateX3			= 0;
 
// Used to initialise state for CBC and other mode
integer _lslAESInputVector0      = 0;
integer _lslAESInputVector1      = 0;
integer _lslAESInputVector2      = 0;
integer _lslAESInputVector3      = 0;
 
integer _lslAESProcessCommandError = TRUE;
 
//##########################################################################//
//                            HIGH-LEVEL FUNCTIONS                          //
//##########################################################################//
//  The following functions are the ones to call to encrypt/decrypt         //
//##########################################################################//
// Performs a cipher with necessary padding performed before execution
// pragma inline
list _lslAESPadCipher(list data) {{
    integer bits = llList2Integer(data, 0);
    data = llDeleteSubList((data = []) + data, 0, 0);
 
    integer padding = _lslAESPad;
    if (padding == LSLAES_PAD_NONE_ID()) {
        if (_lslAESMode == LSLAES_MODE_CFB_ID()) 
            return [bits] + _lslAESCipher((data = []) + data);
        padding = LSLAES_PAD_RBT_ID();
    }
 
    integer blockSize = _lslAESPadSize;
    if (padding == LSLAES_PAD_RBT_ID()) blockSize = 128;
 
    integer blocks = bits / blockSize;
    integer extra  = bits % blockSize;
 
    if (padding == LSLAES_PAD_RBT_ID()) {
    	if (SUPPORTS_PAD(LSLAES_PAD_RBT())) {
	        // This scheme takes the last encrypted block, encrypts it again and
	        // XORs it with any leftover data, maintaining data-length. If input 
	        // is less than a block in size then the current input-vector is used.
	        list final = [];
	        if (extra > 0) {
	            integer words = extra / 32;
	            if ((words * 32) < extra) ++words;
 
	            // Grab leftover words
	            list t = llList2List(data, -words, -1);
 
	            // Encrypt all other data
	            list lb = [];
	            if (blocks < 1) {
	                // If not enough for a block, we generate lb using 
	                // a double cipher of input vector.
	                lb = _lslAESCipher(
	                    _lslAESCipher((data = []) + [
	                        _lslAESInputVector0, _lslAESInputVector1, 
	                        _lslAESInputVector2, _lslAESInputVector3
	                    ])
	                );
	            } else {
	                // If there are blocks, we encrypt normally, then 
	                // double-encrypt the final block for lb
	                data = _lslAESCipher(
	                    llDeleteSubList((data = []) + data, -words, -1)
	                );
	                lb = _lslAESCipher(llList2List(data, -4, -1));
	            }
 
	            // XOR lb with t
	            integer i = 0; integer l = (t != []);
	            do final += [llList2Integer(t, i) ^ llList2Integer(lb, i)];
	            while ((++i) < l);
 
	            return (data = final = []) + [bits] + data + final;
	        } 
	        return [bits] + _lslAESCipher((data = []) + data);
    	}
    } else if (SUPPORTS_PAD(LSLAES_PAD_NULLS()) || 
    		   SUPPORTS_PAD(LSLAES_PAD_NULLS_SAFE()) || 
    		   SUPPORTS_PAD(LSLAES_PAD_RANDOM()) || 
    		   SUPPORTS_PAD(LSLAES_PAD_ZEROES())) {
        // This scheme works by adding bytes until the data is a 
        // multiple of _lslAESPadSize bits long. In the case of 
        // PAD_NULLS this will only add extra data if needed, 
        // while the other types must always add at least one 
        // byte, as they also leave a note of bytes added in the 
        // final byte.
        extra = blockSize - extra; // Bits to add
 
 		if (SUPPORTS_PAD(LSLAES_PAD_NULLS_SAFE())) {
	 		if (padding == LSLAES_PAD_NULLS_SAFE_ID()) {
	 			// We want to add an extra '1' bit to halt unsafe null-trimming
	 			// Does an extra bit exist?
	 			++bits;
	 			integer words = bits / 32;
	 			integer bit   = bits % 32;
 
	 			if (words < (data != [])) {
	 				integer word = llList2Integer(data, words);
	 				data = llListReplaceList(
	 					(data = []) + data,
	 					[word | (1 << (31 - bit))],
	 					words,
	 					words
	 				);
	 			} else data += [0x80000000];
 
	 			if ((--extra) < 0) extra += blockSize;
	 			// Now just let the function pad nulls as normal
	 			padding = LSLAES_PAD_NULLS_ID();
	 		}
 		}
 
        integer bytes = extra / 8; // Bytes to add
        if (bytes <= 0) {
            if (padding == LSLAES_PAD_NULLS_ID()) 
                jump skip; // Doesn't need to add anything
 
            bytes = blockSize / 8;
            extra += blockSize;
        }
        bits += extra;
 
        integer words = bytes / 4; // Words to add
 
        // First add bytes to end-word
        extra = bytes % 4;
        if (extra > 0) {
            integer i = 0; integer v = llList2Integer(data, -1);
            integer byte = 0;
            if ((extra == bytes) && (padding != LSLAES_PAD_NULLS_ID())) 
                byte = bytes;
 
            while (i < extra) {
                if (padding == LSLAES_PAD_RANDOM_ID()) {
                    byte = (integer)llFrand(256.0) & 0xFF;
	                v = v | (byte << (i << 3));
                }
                ++i;
            }
 
            data = llListReplaceList((data = []) + data, [v], -1, -1);
        }
 
        // Now, if needed, add words to end of data
        if (words > 0) {
            integer final = -1;
            if (padding != LSLAES_PAD_NULLS_ID())
                final = words - 1;
 
            integer word = 0; integer byte = 0;
            integer i = 0;
            integer j = 0; list w = [];
            do {
                word = j = 0; // New word
                do {
                    if ((padding != LSLAES_PAD_NULLS_ID()) && 
                        (i == final) && !j) 
                        byte = bytes;
                    else if (padding == LSLAES_PAD_RANDOM_ID()) 
                        byte = (integer)llFrand(256.0) & 0xFF;
 
                    word = word | (byte << (j << 3));
                } while ((++j) < 4);
 
                w = (w = []) + w + [word];
            } while ((++i) < words);
 
            data = (data = w = []) + data + w;
        }
 
        @skip;
        return [bits] + _lslAESCipher((data = []) + data);
    }
    return [];
}}
 
// Performs an inverse cipher with appropriate padding handling performed
// pragma inline
list _lslAESInvertPadCipher(list data) {{
    integer bits = llList2Integer(data, 0);
    data = llDeleteSubList((data = []) + data, 0, 0);
 
    integer padding = _lslAESPad;
    if (padding == LSLAES_PAD_NONE_ID()) {
        if (_lslAESMode == LSLAES_MODE_CFB_ID()) 
            return [bits] + _lslAESInvertCipher((data = []) + data);
        padding = LSLAES_PAD_RBT_ID();
    }
 
    integer blockSize = _lslAESPadSize;
    if (padding == LSLAES_PAD_RBT_ID()) blockSize = 128;
 
    integer blocks = bits / blockSize;
    integer extra  = bits % blockSize;
 
    if (padding == LSLAES_PAD_RBT_ID()) {
    	if (SUPPORTS_PAD(LSLAES_PAD_RBT())) {
	        // This scheme takes the last encrypted block, encrypts it again and
	        // XORs it with any leftover data, maintaining data-length. If input 
	        // is less than a block in size then the current input-vector is used.
	        list final = [];
	        if (extra > 0) {
	            integer words = extra / 32;
	            if ((words * 32) < extra) ++words;
 
	            // Grab leftover words
	            list t = llList2List(data, -words, -1);
 
	            // Decrypt all other data
	            list lb = [];
	            if (blocks < 1) {
	                // If not enough for a block, we generate lb using 
	                // a double cipher of input vector.
	                lb = _lslAESCipher(
	                    _lslAESCipher((data = []) + [
	                        _lslAESInputVector0, _lslAESInputVector1, 
	                        _lslAESInputVector2, _lslAESInputVector3
	                    ])
	                );
	            } else {
	                // If there are blocks, then we double-encrypt the 
	                // last full block to generate lb, then decrypt normally
	                lb = _lslAESCipher(
	                    llList2List(data, -(4 + words), -(words + 1))
	                );
	                data = _lslAESInvertCipher(
	                    llDeleteSubList((data = []) + data, -words, -1)
	                );
	            }
 
	            // XOR lb with t
	            integer i = 0; integer l = (t != []);
	            do final += [llList2Integer(t, i) ^ llList2Integer(lb, i)];
	            while ((++i) < l);
 
	            return [bits] + (data = final = []) + data + final;
	        }
	        return [bits] + _lslAESInvertCipher((data = []) + data);
    	}
    } else if (SUPPORTS_PAD(LSLAES_PAD_NULLS()) || 
    		   SUPPORTS_PAD(LSLAES_PAD_NULLS_SAFE()) || 
    		   SUPPORTS_PAD(LSLAES_PAD_RANDOM()) || 
    		   SUPPORTS_PAD(LSLAES_PAD_ZEROES())) {
        // This scheme works by adding bytes until the data is a 
        // multiple of _lslAESPadSize bits long. In the case of 
        // PAD_NULLS this will only add extra data if needed, 
        // while the other types must always add at least one 
        // byte, as they also leave a note of bytes added in the 
        // final byte.
 
        // If the data is not on a block boundary, then extra bits 
        // have snuck in (usually due to base64 conversion). We 
        // assume here that padding was done correctly, and ignore 
        // extra bits.
        if (extra > 0) {
            bits -= extra;
 
            integer e = extra / 32;
            if ((e * 32) < extra) ++e;
            extra = e;
 
            if (extra <= 0) extra = 1;
 
            if (extra > (data != [])) return [0];
            data = llDeleteSubList((data = []) + data, -extra, -1);
        }
 
        // Perform the decryption
        data = _lslAESInvertCipher((data = []) + data);
 
        integer bytes = 0; integer words = 0; integer excessBits = 0;
 
        // Remove extra bytes as required
        if ((padding == LSLAES_PAD_NULLS_ID()) || 
        	(padding == LSLAES_PAD_NULLS_SAFE_ID())) {
        	if (SUPPORTS_PAD(LSLAES_PAD_NULLS()) || 
        		SUPPORTS_PAD(LSLAES_PAD_NULLS_SAFE())) {
	            // We remove all zero-bytes at the end of the data
	            integer l = data != [];
	            integer v = 0; integer j = 0;
 
	            while (words < l) {
	                v = llList2Integer(data, -(words + 1));
 
	                if (v == 0) { // Four null-bytes
	                    ++words;
	                    bytes += 4;
	                } else {
	                    integer byte = j = 0;
	                    do {
	                        byte = (v >> (j << 3)) & 0xFF;
 
	                        if (byte == 0) ++bytes;
	                        else jump skip;
	                    } while ((++j) < 4);
	                }
	            }
	            @skip;
 
	            if (SUPPORTS_PAD(LSLAES_PAD_NULLS_SAFE())) {
	            	if (padding == LSLAES_PAD_NULLS_SAFE_ID()) {
			            // Now correct the bit-count of the final byte
			            integer byte = (v >> (j << 3)) & 0xFF;
			            integer i = 1;
			            while (i < 0xFF) {
			            	++excessBits;
			            	if (byte & i) jump skip2;
			            	i = i << 1;
		        		}
			            @skip2;
	            	}
	            }
        	}
        } else {
            // Get the number of bytes to remove from the final byte
            bytes = llList2Integer(data, -1) & 0xFF;
            if ((bytes << 3) >= bits) return [0];
            words = bytes / 4;
        }
 
        // Lop-off words, excess bytes are accounted for later
        if (words > 0) 
            data = llDeleteSubList((data = []) + data, -words, -1);
 
        // Correct bit-header for output
        bits -= (bytes << 3) + excessBits;
 
        return (data = []) + [bits] + data;
    }
    return [];
}}
 
// Decrypts a list of integers into a list of decrypted integers. 
// Padding adjustment must be performed as this function will only except data 
// that is a multiple of 128-bits long.
list _lslAESInvertCipher(list data) {{
    // The following are used to pass blocks forward    
    integer prevBlock0 = _lslAESInputVector0;
    integer prevBlock1 = _lslAESInputVector1;
    integer prevBlock2 = _lslAESInputVector2;
    integer prevBlock3 = _lslAESInputVector3;
 
    integer nextBlock0 = 0;
    integer nextBlock1 = 0;
    integer nextBlock2 = 0;
    integer nextBlock3 = 0;
 
    integer j = 0;
    integer l = (data != []);
    list output = [];
    while (l > 0) {
        // Different modes treat blocks differently
        if (_lslAESMode == LSLAES_MODE_CBC_ID()) {
        	if (SUPPORTS_MODE(LSLAES_MODE_CBC())) {
	            // For CBC we load it, and must keep a copy
	            _lslAESStateX0 = nextBlock0 = llList2Integer(data, 0);
	            _lslAESStateX1 = nextBlock1 = llList2Integer(data, 1);
	            _lslAESStateX2 = nextBlock2 = llList2Integer(data, 2);
	            _lslAESStateX3 = nextBlock3 = llList2Integer(data, 3);
        	}
        } else if (_lslAESMode == LSLAES_MODE_CFB_ID()) {
        	if (SUPPORTS_MODE(LSLAES_MODE_CFB())) {
        		_lslAESStateX0 = prevBlock0;
        		_lslAESStateX1 = prevBlock1;
        		_lslAESStateX2 = prevBlock2;
        		_lslAESStateX3 = prevBlock3;
        	}
        }
 
        if (_lslAESMode == LSLAES_MODE_CFB_ID()) {
        	if (SUPPORTS_MODE(LSLAES_MODE_CFB())) {
	             _lslAESPerformCipher(); // CFB doesn't need inverse cipher
        	}
        } else if (SUPPORTS_MODE(LSLAES_MODE_CBC())) {
            j = _lslAESRounds;
            do {
                if (j < _lslAESRounds) {
                	_lslAESInvertShiftRows();
                	_lslAESInvertSubBytes();
                }
                _lslAESAddRoundKey(j);
                if (j && (j < _lslAESRounds)) 
                	_lslAESInvertMixColumns();
            } while ((--j) >= 0);
        }
 
        // Ciphertext is generated differently by different modes
        if (_lslAESMode == LSLAES_MODE_CBC_ID()) {
        	if (SUPPORTS_MODE(LSLAES_MODE_CBC())) {
	             // For CBC we XOR with previous block before output
	            output += [
	                prevBlock0 ^ _lslAESStateX0,
	                prevBlock1 ^ _lslAESStateX1,
	                prevBlock2 ^ _lslAESStateX2,
	                prevBlock3 ^ _lslAESStateX3
	            ];
 
	            prevBlock0 = nextBlock0;
	            prevBlock1 = nextBlock1;
	            prevBlock2 = nextBlock2;
	            prevBlock3 = nextBlock3;
        	}
        } else if (SUPPORTS_MODE(LSLAES_MODE_CFB())) { // CFB
            // For CFB we XOR the next input block with the current output 
            // block, then encrypt the input block on the next pass.
            prevBlock0 = llList2Integer(data, 0);
            prevBlock1 = llList2Integer(data, 1);
            prevBlock2 = llList2Integer(data, 2);
            prevBlock3 = llList2Integer(data, 3);
 
            output += [
				prevBlock0 ^ _lslAESStateX0,
				prevBlock1 ^ _lslAESStateX1,
				prevBlock2 ^ _lslAESStateX2,
				prevBlock3 ^ _lslAESStateX3
            ];
        }
 
         // Reduce input
        if (l > 4) data = llList2List((data = []) + data, 4, -1);
        else data = [];
        l -= 4;
    }
 
    return (output = []) + output;
}}
 
// Encrypts a list of integers into a list of encrypted integers.
// Padding must be performed before being called so that data is a multiple of 
// 128-bits long.
list _lslAESCipher(list data) {{
    // We must prime the state with the input vector
    {
    	_lslAESLoadInputVector();
    }
 
    integer l = (data != []);
    integer j = 0;
    list output = [];
 
    while (l > 0) {
        // Different modes treat blocks differently
        if (_lslAESMode == LSLAES_MODE_CBC_ID()) {
        	if (SUPPORTS_MODE(LSLAES_MODE_CBC())) {
	            // For CBC we XOR with the previous block to reduce 
	            // chances of patterns occurring
	            _lslAESStateX0 = _lslAESStateX0 ^ llList2Integer(data, 0);
	            _lslAESStateX1 = _lslAESStateX1 ^ llList2Integer(data, 1);
	            _lslAESStateX2 = _lslAESStateX2 ^ llList2Integer(data, 2);
	            _lslAESStateX3 = _lslAESStateX3 ^ llList2Integer(data, 3);
        	}
        }
 
 		{
        	_lslAESPerformCipher();
 		}
 
        if (_lslAESMode == LSLAES_MODE_CFB_ID()) {
        	if (SUPPORTS_MODE(LSLAES_MODE_CFB())) {
	            // For CFB we XOR blocks and carry them to the next 
	            // stage (by keeping the result in state)
	            _lslAESStateX0 = _lslAESStateX0 ^ llList2Integer(data, 0);
	            _lslAESStateX1 = _lslAESStateX1 ^ llList2Integer(data, 1);
	            _lslAESStateX2 = _lslAESStateX2 ^ llList2Integer(data, 2);
	            _lslAESStateX3 = _lslAESStateX3 ^ llList2Integer(data, 3);
        	}
        }
 
        output += [
            _lslAESStateX0,
            _lslAESStateX1,
            _lslAESStateX2,
            _lslAESStateX3
        ];
 
         // Reduce input
        if (l > 4) data = llList2List((data = []) + data, 4, -1);
        else data = [];
        l -= 4;
    }
 
    return (output = []) + output;
}}
 
// Simply performs the cipher operation on current state, separated 
// for convenience with CBF and OBF modes (which perform a cipher in 
// order to decrypt data).
_lslAESPerformCipher() {{
	integer j = 0;
	do {
		if (j) {
        	_lslAESSubBytes();
    		_lslAESShiftRows();
    		if (j < _lslAESRounds) {
        		_lslAESMixColumns();
    		}
		}
    	_lslAESAddRoundKey(j);
	} while ((++j) <= _lslAESRounds);
}}
 
// Expands the input vector for use in block differentiation
// pragma inline
_lslAESLoadInputVector() {{
    _lslAESStateX0 = _lslAESInputVector0;
    _lslAESStateX1 = _lslAESInputVector1;
    _lslAESStateX2 = _lslAESInputVector2;
    _lslAESStateX3 = _lslAESInputVector3;
}}
 
//##########################################################################//
//                            PROCESSING FUNCTIONS                          //
//##########################################################################//
//  The following functions are used to process data that is being          //
//  encrypted or decrypted.                                                 //
//##########################################################################//
// XORs the value with RoundKey values
// pragma inline
_lslAESAddRoundKey(integer round) {{
    round = round << 2;
 
    _lslAESStateX0 = _lslAESStateX0 ^ llList2Integer(_lslAESRoundKey, round);
    _lslAESStateX1 = _lslAESStateX1 ^ llList2Integer(_lslAESRoundKey, ++round);
    _lslAESStateX2 = _lslAESStateX2 ^ llList2Integer(_lslAESRoundKey, ++round);
    _lslAESStateX3 = _lslAESStateX3 ^ llList2Integer(_lslAESRoundKey, ++round);
}}
 
// Performs a substitution using SBox
// pragma inline
_lslAESSubBytes() {{
    _lslAESStateX0 = 
    	(_lslAESGetSBoxByte((_lslAESStateX0 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxByte((_lslAESStateX0 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxByte((_lslAESStateX0 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxByte((_lslAESStateX0      ) & 0xFF)      );
    _lslAESStateX1 = 
    	(_lslAESGetSBoxByte((_lslAESStateX1 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxByte((_lslAESStateX1 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxByte((_lslAESStateX1 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxByte((_lslAESStateX1      ) & 0xFF)      );
    _lslAESStateX2 = 
    	(_lslAESGetSBoxByte((_lslAESStateX2 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxByte((_lslAESStateX2 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxByte((_lslAESStateX2 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxByte((_lslAESStateX2      ) & 0xFF)      );
    _lslAESStateX3 = 
    	(_lslAESGetSBoxByte((_lslAESStateX3 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxByte((_lslAESStateX3 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxByte((_lslAESStateX3 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxByte((_lslAESStateX3      ) & 0xFF)      );
}}
 
// Performs a substition using SBoxInverted
// pragma inline
_lslAESInvertSubBytes() {{
    _lslAESStateX0 = 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX0 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX0 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX0 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX0      ) & 0xFF)      );
    _lslAESStateX1 = 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX1 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX1 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX1 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX1      ) & 0xFF)      );
    _lslAESStateX2 = 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX2 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX2 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX2 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX2      ) & 0xFF)      );
    _lslAESStateX3 = 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX3 >> 24) & 0xFF) << 24) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX3 >> 16) & 0xFF) << 16) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX3 >>  8) & 0xFF) <<  8) | 
    	(_lslAESGetSBoxInvertedByte((_lslAESStateX3      ) & 0xFF)      );
}}
 
 
// Performs row shifts
// pragma inline
_lslAESShiftRows() {{
	integer x3 = _lslAESStateX3;
	integer x2 = _lslAESStateX2;
	integer x1 = _lslAESStateX1;
 
    _lslAESStateX3 = 
    	(x3             & 0xFF000000) |
    	(_lslAESStateX0 & 0x00FF0000) |
    	(x1             & 0x0000FF00) |
    	(x2             & 0x000000FF);
    _lslAESStateX2 = 
    	(x2             & 0xFF000000) |
    	(x3             & 0x00FF0000) |
    	(_lslAESStateX0 & 0x0000FF00) |
    	(x1             & 0x000000FF);
    _lslAESStateX1 = 
    	(x1             & 0xFF000000) |
    	(x2             & 0x00FF0000) |
    	(x3             & 0x0000FF00) |
    	(_lslAESStateX0 & 0x000000FF);
    _lslAESStateX0 = 
    	(_lslAESStateX0 & 0xFF000000) | 
    	(x1             & 0x00FF0000) | 
    	(x2             & 0x0000FF00) | 
    	(x3             & 0x000000FF);
}}
 
// Undoes a set of row shifts
// pragma inline
_lslAESInvertShiftRows() {{
	integer x0 = _lslAESStateX0;
	integer x1 = _lslAESStateX1;
	integer x2 = _lslAESStateX2;
 
	_lslAESStateX0 = 
		(x0             & 0xFF000000) | 
		(_lslAESStateX3 & 0x00FF0000) | 
		(x2             & 0x0000FF00) | 
		(x1             & 0x000000FF);
	_lslAESStateX1 = 
		(x1             & 0xFF000000) | 
		(x0             & 0x00FF0000) | 
		(_lslAESStateX3 & 0x0000FF00) | 
		(x2             & 0x000000FF);
	_lslAESStateX2 = 
		(x2             & 0xFF000000) | 
		(x1             & 0x00FF0000) | 
		(x0             & 0x0000FF00) | 
		(_lslAESStateX3 & 0x000000FF);
	_lslAESStateX3 = 
		(_lslAESStateX3 & 0xFF000000) | 
		(x2             & 0x00FF0000) | 
		(x1             & 0x0000FF00) | 
		(x0             & 0x000000FF);
}}
 
// Mixes columns of the state
// pragma inline
_lslAESMixColumns() {{
	integer y0 = (_lslAESStateX0 >> 24) & 0xFF;
	integer y1 = (_lslAESStateX0 >> 16) & 0xFF;
	integer y2 = (_lslAESStateX0 >>  8) & 0xFF;
	integer y3 = (_lslAESStateX0      ) & 0xFF;
	integer t1 = y0 ^ y1 ^ y2 ^ y3;
	_lslAESStateX0 = _lslAESStateX0 ^ (
		((_lslAESXTimes(y0 ^ y1) ^ t1) << 24) | 
		((_lslAESXTimes(y1 ^ y2) ^ t1) << 16) | 
		((_lslAESXTimes(y2 ^ y3) ^ t1) <<  8) | 
		((_lslAESXTimes(y3 ^ y0) ^ t1)      ));
 
	y0 = (_lslAESStateX1 >> 24) & 0xFF;
	y1 = (_lslAESStateX1 >> 16) & 0xFF;
	y2 = (_lslAESStateX1 >>  8) & 0xFF;
	y3 = (_lslAESStateX1      ) & 0xFF;
	t1 = y0 ^ y1 ^ y2 ^ y3;
	_lslAESStateX1 = _lslAESStateX1 ^ (
		((_lslAESXTimes(y0 ^ y1) ^ t1) << 24) | 
		((_lslAESXTimes(y1 ^ y2) ^ t1) << 16) | 
		((_lslAESXTimes(y2 ^ y3) ^ t1) <<  8) | 
		((_lslAESXTimes(y3 ^ y0) ^ t1)      ));
 
	y0 = (_lslAESStateX2 >> 24) & 0xFF;
	y1 = (_lslAESStateX2 >> 16) & 0xFF;
	y2 = (_lslAESStateX2 >>  8) & 0xFF;
	y3 = (_lslAESStateX2      ) & 0xFF;
	t1 = y0 ^ y1 ^ y2 ^ y3;
	_lslAESStateX2 = _lslAESStateX2 ^ (
		((_lslAESXTimes(y0 ^ y1) ^ t1) << 24) | 
		((_lslAESXTimes(y1 ^ y2) ^ t1) << 16) | 
		((_lslAESXTimes(y2 ^ y3) ^ t1) <<  8) | 
		((_lslAESXTimes(y3 ^ y0) ^ t1)      ));
 
	y0 = (_lslAESStateX3 >> 24) & 0xFF;
	y1 = (_lslAESStateX3 >> 16) & 0xFF;
	y2 = (_lslAESStateX3 >>  8) & 0xFF;
	y3 = (_lslAESStateX3      ) & 0xFF;
	t1 = y0 ^ y1 ^ y2 ^ y3;
	_lslAESStateX3 = _lslAESStateX3 ^ (
		((_lslAESXTimes(y0 ^ y1) ^ t1) << 24) | 
		((_lslAESXTimes(y1 ^ y2) ^ t1) << 16) | 
		((_lslAESXTimes(y2 ^ y3) ^ t1) <<  8) | 
		((_lslAESXTimes(y3 ^ y0) ^ t1)      ));
}}
 
// Used when column mixing
// pragma inline
integer _lslAESXTimes(integer x) {{
    return ((x << 1) ^ (((x >> 7) & 1) * 0x1b)) & 0xFF;
}}
 
// Used when column mixing
integer _lslAESMultiply(integer x, integer y) {{
    integer xT  = _lslAESXTimes(x);
    integer xT2 = _lslAESXTimes(xT);
    integer xT3 = _lslAESXTimes(xT2);
 
    return (((y & 1) * x) ^ (((y >> 1) & 1) * xT) ^ 
            (((y >> 2) & 1) * xT2) ^ (((y >> 3) & 1) * xT3) ^ 
            (((y >> 4) & 1) * _lslAESXTimes(xT3))) & 0xFF;
}}
 
// Try to understand this at your own peril!
// pragma inline
_lslAESInvertMixColumns() {{
	integer y0 = (_lslAESStateX0 >> 24) & 0xFF;
	integer y1 = (_lslAESStateX0 >> 16) & 0xFF;
	integer y2 = (_lslAESStateX0 >>  8) & 0xFF;
	integer y3 = (_lslAESStateX0      ) & 0xFF;
    _lslAESStateX0 = 
    	((_lslAESMultiply(y0, 0x0e) ^ _lslAESMultiply(y1, 0x0b) ^ 
        	_lslAESMultiply(y2, 0x0d) ^ _lslAESMultiply(y3, 0x09)) << 24) | 
    	((_lslAESMultiply(y0, 0x09) ^ _lslAESMultiply(y1, 0x0e) ^ 
        	_lslAESMultiply(y2, 0x0b) ^ _lslAESMultiply(y3, 0x0d)) << 16) | 
    	((_lslAESMultiply(y0, 0x0d) ^ _lslAESMultiply(y1, 0x09) ^ 
        	_lslAESMultiply(y2, 0x0e) ^ _lslAESMultiply(y3, 0x0b)) <<  8) | 
    	((_lslAESMultiply(y0, 0x0b) ^ _lslAESMultiply(y1, 0x0d) ^ 
        	_lslAESMultiply(y2, 0x09) ^ _lslAESMultiply(y3, 0x0e)));
 
	y0 = (_lslAESStateX1 >> 24) & 0xFF;
	y1 = (_lslAESStateX1 >> 16) & 0xFF;
	y2 = (_lslAESStateX1 >>  8) & 0xFF;
	y3 = (_lslAESStateX1      ) & 0xFF;
    _lslAESStateX1 = 
    	((_lslAESMultiply(y0, 0x0e) ^ _lslAESMultiply(y1, 0x0b) ^ 
        	_lslAESMultiply(y2, 0x0d) ^ _lslAESMultiply(y3, 0x09)) << 24) | 
    	((_lslAESMultiply(y0, 0x09) ^ _lslAESMultiply(y1, 0x0e) ^ 
        	_lslAESMultiply(y2, 0x0b) ^ _lslAESMultiply(y3, 0x0d)) << 16) | 
    	((_lslAESMultiply(y0, 0x0d) ^ _lslAESMultiply(y1, 0x09) ^ 
        	_lslAESMultiply(y2, 0x0e) ^ _lslAESMultiply(y3, 0x0b)) <<  8) | 
    	((_lslAESMultiply(y0, 0x0b) ^ _lslAESMultiply(y1, 0x0d) ^ 
        	_lslAESMultiply(y2, 0x09) ^ _lslAESMultiply(y3, 0x0e)));
 
	y0 = (_lslAESStateX2 >> 24) & 0xFF;
	y1 = (_lslAESStateX2 >> 16) & 0xFF;
	y2 = (_lslAESStateX2 >>  8) & 0xFF;
	y3 = (_lslAESStateX2      ) & 0xFF;
    _lslAESStateX2 = 
    	((_lslAESMultiply(y0, 0x0e) ^ _lslAESMultiply(y1, 0x0b) ^ 
        	_lslAESMultiply(y2, 0x0d) ^ _lslAESMultiply(y3, 0x09)) << 24) | 
    	((_lslAESMultiply(y0, 0x09) ^ _lslAESMultiply(y1, 0x0e) ^ 
        	_lslAESMultiply(y2, 0x0b) ^ _lslAESMultiply(y3, 0x0d)) << 16) | 
    	((_lslAESMultiply(y0, 0x0d) ^ _lslAESMultiply(y1, 0x09) ^ 
        	_lslAESMultiply(y2, 0x0e) ^ _lslAESMultiply(y3, 0x0b)) <<  8) | 
    	((_lslAESMultiply(y0, 0x0b) ^ _lslAESMultiply(y1, 0x0d) ^ 
        	_lslAESMultiply(y2, 0x09) ^ _lslAESMultiply(y3, 0x0e)));
 
	y0 = (_lslAESStateX3 >> 24) & 0xFF;
	y1 = (_lslAESStateX3 >> 16) & 0xFF;
	y2 = (_lslAESStateX3 >>  8) & 0xFF;
	y3 = (_lslAESStateX3      ) & 0xFF;
    _lslAESStateX3 = 
    	((_lslAESMultiply(y0, 0x0e) ^ _lslAESMultiply(y1, 0x0b) ^ 
        	_lslAESMultiply(y2, 0x0d) ^ _lslAESMultiply(y3, 0x09)) << 24) | 
    	((_lslAESMultiply(y0, 0x09) ^ _lslAESMultiply(y1, 0x0e) ^ 
        	_lslAESMultiply(y2, 0x0b) ^ _lslAESMultiply(y3, 0x0d)) << 16) | 
    	((_lslAESMultiply(y0, 0x0d) ^ _lslAESMultiply(y1, 0x09) ^ 
        	_lslAESMultiply(y2, 0x0e) ^ _lslAESMultiply(y3, 0x0b)) <<  8) | 
    	((_lslAESMultiply(y0, 0x0b) ^ _lslAESMultiply(y1, 0x0d) ^ 
        	_lslAESMultiply(y2, 0x09) ^ _lslAESMultiply(y3, 0x0e)));
}}
 
//##########################################################################//
//                        ENCRYPTION SET-UP FUNCTIONS                       //
//##########################################################################//
//  The following functions are used to set-up the AES encryption engine.   //
//##########################################################################//
// Takes the key bytes provided and sets up the engine ready to encrypt or
// decrypt using them.
//
// Header indicates whether the data includes bit-count header, i.e - was it 
// created from a string? Set to FALSE if storing values as bytes without the 
// header.
//
// Thanks to Strife Onizuka for providing optimisations to this function.
// pragma inline
list _lslAESKeyExpansion(list keyBytes, integer header) {{
	// First round-key is the key itself
    _lslAESRoundKey = (_lslAESRoundKey = keyBytes = []) + keyBytes;
 
    if (header) // If the bit-count is present, we need to remove it
    	_lslAESRoundKey = llDeleteSubList(
            (_lslAESRoundKey = []) + _lslAESRoundKey, 
            0, 
            0
        );
    integer len = _lslAESRoundKey != [];
 
    // Check that we are within reasonable limits
    if ((len < 4) || (len > 8)) {
        _lslAESRoundKey = [];
        return ["Invalid key size; must be 128, 192, or 256 bits!"];
    }
 
    // Calculate the number of required rounds
    _lslAESRounds = len + 6;
 
    // All others are found from previous keys
    integer i = 0;
    integer x = (len * 3) + 28;
 
    integer t = llList2Integer(_lslAESRoundKey, -1);
 
    do {
        if (!(i % len)) {
            // Rotate by 1, SubWord and Nudge 
            // [0x01020408, 0x01020408, 0x1b366cd8]
            t = ((_lslAESGetSBoxByte((t >> 16) & 0xFF) ^ 
                     (0x000D8080 >> (7 ^ (i / len)))) << 24) | 
                 (_lslAESGetSBoxByte((t >>  8) & 0xFF) << 16) | 
                 (_lslAESGetSBoxByte((t      ) & 0xFF) <<  8) |
                  _lslAESGetSBoxByte((t >> 24) & 0xFF);
        } else if ((len > 6) && (i % len) == 4) {
            // SubWord
            t = (_lslAESGetSBoxByte((t >> 24) & 0xFF) << 24) | 
                (_lslAESGetSBoxByte((t >> 16) & 0xFF) << 16) | 
                (_lslAESGetSBoxByte((t >>  8) & 0xFF) <<  8) |
                (_lslAESGetSBoxByte((t      ) & 0xFF)      );
        }
 
        // XOR k with four previous RoundKey values And add the 
        // new entries, yay!
        _lslAESRoundKey += [(t = (t ^ llList2Integer(_lslAESRoundKey, i)))];
    } while ((i = -~i) < x);
 
    // On success no error message is returned
    return [1];
}}
 
// Takes a list of 32-bit words and uses them to initialise the 
// input vector used by CBC and similar modes. Data must contain 
// at least 128-bits of data (all else is discarded)
//
// Header indicates whether the data includes bit-count header, i.e - was it 
// created from a string? Set to FALSE if storing values as bytes without the 
// header.
// pragma inline
list _lslAESSetInputVector(list data, integer header) {{
	integer offset = 0;
	if (header) offset = 1;
 
    if ((data != []) < 4 + offset) 
        return ["Input vector must be at least 128-bits long"];
 
    // Ignore index 0 (the header)
    _lslAESInputVector0 = llList2Integer(data, offset);
    _lslAESInputVector1 = llList2Integer(data, 1 + offset);
    _lslAESInputVector2 = llList2Integer(data, 2 + offset);
    _lslAESInputVector3 = llList2Integer((data = []) + data, 3 + offset);
 
    return [1];
}}
 
//##########################################################################//
//                         SERIALISATION FUNCTIONS                          //
//##########################################################################//
//  The following functions are used to serialise a string into a list of   //
//  byte data for use as a key, or to encrypt/decrypt.                      //
//##########################################################################//
// Converts a binary-string into a list of 32-bit integers, using the provided 
// alphabet and character width (in bits). See the helper functions 
// _lslAESBase64ToBytes and _lslAESHexToBytes for examples of this function's 
// usage. The list returned will contain as its first-entry an integer count 
// of the number of bits represented by the input string 
// (llStringLength(s) * width).
//
// Thanks to Strife Onizuka for providing optimisations to this function.
// pragma inline
list _lslAESStringToBytes(string s, integer width, string alphabet, integer excess) {{
    integer l = llStringLength(s);
 
    list n = [(l * width) - excess]; // Add bit-length
    integer bitbuf = 0;
    integer adjust = 32;
 
    integer i = 0;
    integer val;
    while (i < l) {
        val = llSubStringIndex(alphabet, llGetSubString(s, i, i));
        if (val < 0) {
            s = "";
            return (n = []) + ["Invalid character at index "+(string)i];
        }
 
        if ((adjust -= width) <= 0) {
            bitbuf = bitbuf | (val >> -adjust);
            n += [bitbuf];
 
            adjust += 32;
            if (adjust < 32) bitbuf = (val << adjust);
            else bitbuf = 0;
        } else bitbuf = bitbuf | (val << adjust);
 
        ++i;
    }
 
    s = "";
    if (adjust < 32) 
        return (n = []) + n + [bitbuf];
    return (n = []) + n;
}}
 
// Takes a list of integers (with a bit-count as the first entry) and outputs 
// it as a string using characters from the given alphabet, where each character 
// represents a number of bits as described by width. Please refer to the helper 
// functions _lslAESBytesToBase64 and _lslAESBytesToHex for examples of this 
// function's usage.
//
// Thanks to Strife Onizuka for providing optimisations to this function.
// pragma inline
list _lslAESBytesToString(list b, integer width, string alphabet) {{
    integer bits = llList2Integer(b, 0);
 
    integer i = 0;
    integer mask = ~(-1 << width);
    integer shift = 32 - width;
 
    integer available = 0;
    integer prev = 0;
    integer buf;
    integer extra;
    integer value;
 
    string s = "";
 
    @_lslAESBytesToStringLoop;
    if((bits -= 32) > -32) {
        available += 32 + (bits * (0 > bits));
        buf = llList2Integer(b, ++i);
        if (available >= width) {
            if (prev) {
                s += llGetSubString(
                    alphabet, 
                    value = (
                        extra | 
                        (
                            (buf >> (shift + prev)) & 
                            ~(-1 << (width - prev))
                        )
                    ), 
                    value
                );
                buf = buf << (width - prev);
                available -= width;
            }
            while(available >= width) {
                s += llGetSubString(
                    alphabet, 
                    value = ((buf >> shift) & mask),
                    value
                );
                buf = buf << width;
                available -= width;
            }
            if (prev = available) // Update prev
                extra = (buf >> shift) & mask;
            jump _lslAESBytesToStringLoop;
        }
    }
 
    if(available) {
        mask = -1 << (width - prev);
        s = (s = "") + s + 
            llGetSubString(
                alphabet, 
                value = ((extra & mask) | 
                        (
                            (buf >> (shift + prev)) & 
                            ((-1 << (width - available)) ^ mask))
                        ), 
                value
            );
    }
 
    integer excess = bits % width;
    if (excess) excess = width - excess;
 
    return [(s = "") + s, excess];
}}
 
/* Sets the operating mode of the AES engine. Returns TRUE on success. */
// pragma inline
integer lslAESSetMode(integer mode) {{
	if (~llListFindList(
		llList2ListStrided(
			llList2List(SUPPORTED_MODES(), 1, -1), 0, -1, 2), [mode])) {
		_lslAESMode = mode;
		return TRUE;
	}
	return FALSE;
}}
 
/* Sets the padding mode of the AES engine. Returns TRUE on success. */
// pragma inline
integer lslAESSetPadding(integer pad) {{
	if (~llListFindList(
		llList2ListStrided(
			llList2List(SUPPORTED_PADS(), 1, -1), 0, -1, 2), [pad])) {
		_lslAESPad = pad;
		return TRUE;
	}
	return FALSE;
}}
 
/*
 * Sets the padding block-size (in bits) for this AES engine.
 * Valid sizes are greater than zero, and a multiple of 128.
 * Returns TRUE on success.
 */
// pragma inline
integer lslAESSetPaddingSize(integer padSize) {{
	if ((padSize > 0) && !(padSize % 128)) {
		_lslAESPadSize = padSize;
		return TRUE;
	}
	return FALSE;
}}
 
/** Returns TRUE if an error occurred during the last lslAESProcessCommand() call */
// pragma inline
integer lslAESProcessCommandError() {
	return _lslAESProcessCommandError;
}
 
/**
 * Executes an LSLAES_COMMAND_* with given input-type, desired output-type, and 
 * provided string-data.
 *
 * Returns string data.
 * To test for an error in the function, call lslAESProcessComamndError(), if 
 * the value of that is TRUE, then the string-data will be an error message.
 */
string lslAESProcessCommand(
		integer command, 
		integer inputType, 
		integer outputType, 
		string  str) {{ // Special case for COMMAND_SETUP
    // What type of data do we have?
    list data = [];
    if ((LSLAES_DATA_HEX() == inputType) || (LSLAES_DATA_BASE64() == inputType)) {
    	string alphabet = LSLAES_BASE64_CHARS();
    	integer width   = 6;
        integer excess	= 0;
 
    	if (LSLAES_DATA_BASE64() == inputType) {
		    integer e = llSubStringIndex(str, "=");
		    if (e > 0) {
		        str = llDeleteSubString(
		            (str = "") + str, 
		            e,
		            -1
		        );
 
		        // Determine excess bits. Remember base64 only fully encodes 
		        // 3 bytes into a block of four base64 characters. Thus if a 
		        // block only has one character it is a garbage character, if 
		        // two characters is one byte and 4 bits of garbage, and three 
		        // characters is two bytes with 2 bits of garbage. 
		        e = llStringLength(str) % 4;
		        if (e) {
		        	if (e == 3) excess = 2;
		        	else if (e == 2) excess = 4;
		        	else excess = 6;
		        }
		    }
    	} else {
		    str = llToLower((str = "") + str);
		    if (llGetSubString(str, 0, 1) == "0x") 
		        str = llDeleteSubString((str = "") + str, 0, 1);
 
		    alphabet = LSLAES_HEX_CHARS();
		    width    = 4;
    	}
 
        data = _lslAESStringToBytes(
        	(str = "") + str, 
        	width, 
        	(alphabet = "") + alphabet,
        	excess
        );
    } else data = [(str = "") + "Unsupported input-type"];
 
    // Was data parsed successfully?
    if (llGetListEntryType(data, 0) != TYPE_INTEGER) {
    	_lslAESProcessCommandError = TRUE;
        return llList2String(data, 0);
    }
 
    // Now determine mode of operation
    if (command == LSLAES_COMMAND_PRIME()) 
        data = _lslAESKeyExpansion((data = []) + data, TRUE);
    else if (command == LSLAES_COMMAND_ENCRYPT()) 
        data = _lslAESPadCipher((data = []) + data);
    else if (command == LSLAES_COMMAND_DECRYPT()) 
        data = _lslAESInvertPadCipher((data = []) + data);
    else if (command == LSLAES_COMMAND_INIT()) 
        data = _lslAESSetInputVector((data = []) + data, TRUE);
    else data = ["Unsupported mode"];
 
    // Was mode executed successfully?
    if (llGetListEntryType(data, 0) != TYPE_INTEGER) {
    	_lslAESProcessCommandError = TRUE;
        return llList2String(data, 0);
    }
 
    // Convert into requested output type
    if ((command != LSLAES_COMMAND_PRIME()) && (command != LSLAES_COMMAND_INIT())) {
        if ((LSLAES_DATA_BASE64() == outputType) || (LSLAES_DATA_HEX() == outputType)) {
        	string alphabet = LSLAES_BASE64_CHARS();
        	integer width   = 6;
 
        	if (LSLAES_DATA_HEX() == outputType) {
        		alphabet = LSLAES_HEX_CHARS();
        		width = 4;
        	}
 
        	data = _lslAESBytesToString(
        		(data = []) + data, 
        		width, 
        		(alphabet = "") + alphabet
        	);
        	integer excess = llList2Integer(data, 1);
        	str = llList2String((data = []) + data, 0);
 
        	if (LSLAES_DATA_BASE64() == outputType) {
		    	integer l = llStringLength(str) % 4;
			    if (l > 1) {
			    	string add = "";
			        if (l == 3) add = "=";
			        else if (l == 2) add = "==";
 
			        str = (str = add = "") + str + add;
			    }
        	} else str = (str = "") + "0x" + str;
        } else {
        	_lslAESProcessCommandError = TRUE;
        	return "Invalid output type";
        }
    }
 
    _lslAESProcessCommandError = FALSE;
    return (str = "") + str;
}}
 
/** Encrypts the provided data using the current settings. */
// pragma inline
string lslAESEncrypt(integer inputType, integer outputType, string str) {{
	return lslAESProcessCommand(
		LSLAES_COMMAND_ENCRYPT(), inputType, outputType, (str = "") + str);
}}
 
/** Decrypts the provided data using the current settings. */
// pragma inline
string lslAESDecrypt(integer inputType, integer outputType, string str) {{
	return lslAESProcessCommand(
		LSLAES_COMMAND_DECRYPT(), inputType, outputType, (str = "") + str);
}}
 
/** Encrypts the provided data using the current settings. */
// pragma inline
string lslAESSetKey(integer inputType, string str) {{
	return lslAESProcessCommand(
		LSLAES_COMMAND_PRIME(), inputType, 0, (str = "") + str);
}}
 
/** Encrypts the provided data using the current settings. */
// pragma inline
string lslAESSetIV(integer inputType, string str) {{
	return lslAESProcessCommand(
		LSLAES_COMMAND_INIT(), inputType, 0, (str = "") + str);
}}
 
/** Sets engine defaults. */
// pragma inline
lslAESSetDefaults() {{
	_lslAESMode 	= LSLAES_MODE_DEFAULT();
	_lslAESPad		= LSLAES_PAD_DEFAULT();
	_lslAESPadSize	= LSLAES_PAD_SIZE_DEFAULT();
}}

Examples

The following are extremely simple examples of the use of this library. Of note is that the lslAESSetDefaults() function is not really necessary in these, because they always make sure to set the mode, padding-type, and padding-size before performing any actual operations. It is worth including if you have adjusted AES_Core.lslm to support only one mode of operation, and one padding-type, as it is much quicker to set the engines values in this way.

Setting the key and input-vector must be done prior to an encryption or decryption, but is not required before every call. That is, if you wish to use the same key and input-vector for all encryptions/decryptions then you can simply set these once and forget them. However it is strongly recommended that you change either the key or the input vector periodically to maintain security, changing both is not required as a change to one will completely alter messages produced. The input-vector is technically not required, however, changing the input-vector periodically is far less intensive than updating the key.

Encrypt (AES_Encrypt.lslp)

$import AES.AES_Core.lslm();
 
string  myKey   = "1234567890ABCDEF0123456789ABCDEF"; // 128-bit key in hex
string  myMsg   = "Hello world! I am a lovely message waiting to be encrypted!";
string  myIV    = "89ABCDEF0123456789ABCDEF01234567";
 
default {
    state_entry() {
    	// Set defaults, not needed if mode, padding, and pad-size are set
    	lslAESSetDefaults();
 
    	// Set-up the AES engine's operating mode
    	lslAESSetMode(LSLAES_MODE_CFB_ID());
    	lslAESSetPadding(LSLAES_PAD_NULLS_SAFE_ID());
    	lslAESSetPaddingSize(512);
 
    	// "Prime" the engine with a key and input-vector
    	lslAESSetKey(LSLAES_DATA_HEX(), myKey);
    	lslAESSetIV(LSLAES_DATA_HEX(), myIV);
 
    	// Encrypt the message
    	string data = lslAESEncrypt(
    		LSLAES_DATA_BASE64(), 
    		LSLAES_DATA_BASE64(), 
    		llStringToBase64(myMsg)
    	);
 
    	// Process the result
    	string msg = "";
    	if (lslAESProcessCommandError()) msg = "ERROR: ";
    	else msg = "Encrypted: ";
    	llOwnerSay(msg + data);
    }
}

Decrypt (AES_Decrypt.lslp)

$import AES.AES_Core.lslm();
 
string  myKey   = "1234567890ABCDEF0123456789ABCDEF"; // 128-bit key in hex
string  myMsg   = "Mdn6jGTwRPMOKTYTTdDKGm9KScz26LIz96KVOGAeMw3hpwByPfa07PDRHxRW4TIh5dmu5LlhKpTQChiFLJJYDw==";
string  myIV    = "89ABCDEF0123456789ABCDEF01234567";
 
default {
    state_entry() {
    	// Set defaults, not needed if mode, padding, and pad-size are set
    	lslAESSetDefaults();
 
    	// Set-up the AES engine's operating mode
    	lslAESSetMode(LSLAES_MODE_CFB_ID());
    	lslAESSetPadding(LSLAES_PAD_NULLS_SAFE_ID());
    	lslAESSetPaddingSize(512);
 
    	// "Prime" the engine with a key and input-vector
    	lslAESSetKey(LSLAES_DATA_HEX(), myKey);
    	lslAESSetIV(LSLAES_DATA_HEX(), myIV);
 
    	// Encrypt the message
    	string data = lslAESDecrypt(
    		LSLAES_DATA_BASE64(), 
    		LSLAES_DATA_BASE64(), 
    		myMsg
    	);
 
    	// Process the result
    	string msg = "";
    	if (lslAESProcessCommandError()) msg = "ERROR: ";
    	else {
    		msg = "Decrypted: ";
    		data = llBase64ToString(data);
    	}
    	llOwnerSay(msg + data);
    }
}

Broker

The broker is a script that implements the AES engine, and which you query in order to encrypt strings. This is intended for use when your program logic is too large to fit within the free-memory of a script importing AES_Core.lslm. AES_Broker_Helper.lslm contains functions that aid you in communicating with the broker.

AES_Broker_Constants.lslm

$module ()
 
// These variables are used to build communications. Commands are sent as 
// combined bits in the integer argument of a link-message, and are 
// recovered using masks, you may wish to read about bit-masks before 
// editing these values. These are used so the string argument is 
// kept free for data only.
//
// Commands take the following form (in hex):
//      0xFFMMIOvv
// Where the letters are:
//      F   Filter, used to quickly determine if a message is for us.
//      C   Command; encrypt/decrypt etc.
//      I   Type of data provided (hex, base64, etc.).
//      O   Desired type of data to be returned (hex, base64, etc.), 
//          this is unused in replies as the reply's value for I will 
//          be the request's value for O.
//      v   Variable, depends on mode.
 
// This mask allows the filter byte to be retrieved quickly
integer LSLAES_BROKER_FILTER_MASK()			{ return 0xFF000000; }
// This mask allows the mask byte to be retrieved quickly
integer LSLAES_BROKER_COMMAND_MASK()		{ return 0x00FF0000; }
// This mask allows the input type to be retrieved quickly
integer LSLAES_BROKER_INPUT_TYPE_MASK()		{ return 0x0000F000; }
// This mask allows the output type to be retireved quickly
integer LSLAES_BROKER_OUTPUT_TYPE_MASK()	{ return 0x00000F00; }
// This mask allows the variable to retrieved quickly
integer LSLAES_BROKER_VARIABLE_MASK()		{ return 0x000000FF; }
// How many bits right variable must be shifted
integer LSLAES_BROKER_VARIABLE_SHIFT()		{ return 0; }
 
// A request
integer LSLAES_BROKER_FILTER_REQUEST()		{ return 0x81000000; }
// A reply
integer LSLAES_BROKER_FILTER_REPLY()		{ return 0x82000000; }
 
// An error occurred
integer LSLAES_BROKER_COMMAND_ERROR()		{ return 0x00000000; }
// Prime engine with key
integer LSLAES_BROKER_COMMAND_PRIME()		{ return 0x00010000; }
// Encrypt message using expanded key
integer LSLAES_BROKER_COMMAND_ENCRYPT()		{ return 0x00020000; }
// Decrypt message using expanded key
integer LSLAES_BROKER_COMMAND_DECRYPT()		{ return 0x00030000; }
// Sets-up the engine by specifying comma-separated flags
integer LSLAES_BROKER_COMMAND_SETUP()		{ return 0x00050000; }
// Initialise the engine with an input-vector
integer LSLAES_BROKER_COMMAND_INIT()		{ return 0x00060000; }
 
// Input type is hex
integer LSLAES_BROKER_INPUT_HEX()			{ return 0x00000000; }
// Input type is base64
integer LSLAES_BROKER_INPUT_BASE64()		{ return 0x00001000; }
 
// Output type is hex
integer LSLAES_BROKER_OUTPUT_HEX()			{ return 0x00000000; }
// Output type is base64
integer LSLAES_BROKER_OUTPUT_BASE64()		{ return 0x00000100; }

AES_Broker_Helper.lslm

$module ()
 
$import AES.Broker.AES_Broker_Constants.lslm();
$import AES.AES_Constants.lslm();
 
// The following extra variables are used to track our messages
key     requestID               = NULL_KEY;
 
// Sets-up the AES engine. Flags is a comma-separated list with the 
// following possible entries:
//  MODE_ECB    - Sets Electronic Code-Book mode, a little faster but 
//                not especially secure
//  MODE_CBC    - Cipher-Block-Chaining mode, most commonly used, good 
//                security.
//  MODE_CFB    - Ciphertext Feed-Back mode. Similar to CBC, but does 
//                not require an inverse-cipher to decrypt.
//  MODE_NOFB   - Output Feed-Back mode. Similar to CFB.
//
//  PAD_RBT     - Residual Block Termination padding is a method of 
//                encrypting data that does not fit correctly within 
//                into blocks.
//  PAD_NULLS   - Mainly added to provide support for PHP's mcrypt 
//                library. Null-characters (zero-bytes) are added to 
//                pad the length. ALL nulls are removed from the end 
//                after decryption, so be careful if null-characters 
//                occur within the text naturally.
//  PAD_ZEROES  - Adds zero-bytes, with the final byte describing the 
//                number of bytes added. If data fits within padSize 
//                then an extra padSize bits is added.
//  PAD_RANDOM  - Identical to PAD_ZEROES except that random bytes are 
//                generated for padding.
//
//  PAD_SIZE    - Defines the length of padding for NULLS, ZEROES, and 
//                random to align on. After this should be an integer 
//                value defining the size. Must be a multiple of 128.
// pragma inline
lslAESSetup(integer targetLink, string flags, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_SETUP(),
        (flags = "") + flags,
        requestID = id
    );
}
 
// Sends a link message to targetLink, requesting that aesKey be used to 
// prime the AES engine. aesKey should be a hexadecimal string representing 
// a value that is 128, 192, or 256-bits in length.
// pragma inline
lslAESPrimeHexKey(integer targetLink, string aesKey, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_PRIME() | LSLAES_BROKER_INPUT_HEX(),
        (aesKey = "") + aesKey,
        requestID = id
    );
}
 
// Initialises a 128-bit input-vector to be used by the AES engine
// pragma inline
lslAESInitHexIV(integer targetLink, string iv, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_INIT() | LSLAES_BROKER_INPUT_HEX(),
        (iv = "") + iv,
        requestID = id
    );
}
 
// Sends hexadecimal data and gets encrypted hexadecimal data back
// pragma inline
lslAESEncryptHexToHex(integer targetLink, string hexData, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_ENCRYPT() | 
            LSLAES_BROKER_INPUT_HEX() | LSLAES_BROKER_OUTPUT_HEX(),
        (hexData = "") + hexData,
        requestID = id
    );
}
 
// Sends hexadecimal data and gets encrypted base64 data back
// pragma inline
lslAESEncryptHexToBase64(integer targetLink, string hexData, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_ENCRYPT() | 
            LSLAES_BROKER_INPUT_HEX() | LSLAES_BROKER_OUTPUT_BASE64(),
        (hexData = "") + hexData,
        requestID = id
    );
}
 
// Send base64 data and gets encrypted hexadecimal data back
// pragma inline
lslAESEncryptBase64ToHex(integer targetLink, string b64Data, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_ENCRYPT() | 
            LSLAES_BROKER_INPUT_BASE64() | LSLAES_BROKER_OUTPUT_HEX(),
        (b64Data = "") + b64Data,
        requestID = id
    );    
}
 
// Send base64 data and gets encrypted hexadecimal data back
// pragma inline
lslAESEncryptBase64ToBase64(integer targetLink, string b64Data, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_ENCRYPT() | 
            LSLAES_BROKER_INPUT_BASE64() | LSLAES_BROKER_OUTPUT_BASE64(),
        (b64Data = "") + b64Data,
        requestID = id
    );    
}
 
// Sends hexadecimal data and gets decrypted hexadecimal data back
// pragma inline
lslAESDecryptHexToHex(integer targetLink, string hexData, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_DECRYPT() | 
            LSLAES_BROKER_INPUT_HEX() | LSLAES_BROKER_OUTPUT_HEX(),
        (hexData = "") + hexData,
        requestID = id
    );
}
 
// Sends hexadecimal data and gets decrypted base64 data back
// pragma inline
lslAESDecryptHexToBase64(integer targetLink, string hexData, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_DECRYPT() | 
            LSLAES_BROKER_INPUT_HEX() | LSLAES_BROKER_OUTPUT_BASE64(),
        (hexData = "") + hexData,
        requestID = id
    );
}
 
// Send base64 data and gets decrypted hexadecimal data back
// pragma inline
lslAESDecryptBase64ToHex(integer targetLink, string b64Data, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_DECRYPT() | 
            LSLAES_BROKER_INPUT_BASE64() | LSLAES_BROKER_OUTPUT_HEX(),
        (b64Data = "") + b64Data,
        requestID = id
    );    
}
 
// Send base64 data and gets decrypted hexadecimal data back
// pragma inline
lslAESDecryptBase64ToBase64(integer targetLink, string b64Data, key id) {
    llMessageLinked(
        targetLink,
        LSLAES_BROKER_FILTER_REQUEST() | LSLAES_BROKER_COMMAND_DECRYPT() | 
            LSLAES_BROKER_INPUT_BASE64() | LSLAES_BROKER_OUTPUT_BASE64(),
        (b64Data = "") + b64Data,
        requestID = id
    );    
}
 
// Tests to see if a message is a reply or not (TRUE/FALSE)
// pragma inline
integer lslAESIsReply(integer int, key id) {
    return (
        ((int & LSLAES_BROKER_FILTER_MASK()) == LSLAES_BROKER_FILTER_REPLY()) && 
        (id == requestID)
    );
}
 
// Grabs the mode of this reply. Should be one of the LSLAES_BROKER_COMMAND_* constants
// pragma inline
integer lslAESGetReplyMode(integer int) {
    return (int & LSLAES_BROKER_COMMAND_MASK());
}
 
// Grabs the data type of this reply. Should be one of the LSLAES_BROKER_INPUT_* 
// constants.
// pragma inline
integer lslAESGetReplyDataType(integer int) {
    return (int & LSLAES_BROKER_INPUT_TYPE_MASK());
}

AES_Broker.lslp

$import AES.AES_Core.lslm();
$import AES.Broker.AES_Broker_Constants.lslm();
 
integer SUPPORTS_SETUP() 	{ return TRUE; }
integer MAX_SIZE()			{ return 1536; }
 
// pragma inline
error(integer link, string str, key id) {{
    llMessageLinked(
        link,
        LSLAES_BROKER_FILTER_REPLY() | LSLAES_BROKER_COMMAND_ERROR(),
        str,
        id
    );
}}
 
default {
	state_entry() {
		lslAESSetDefaults();
	}
 
	link_message(integer link, integer channel, string msg, key id) {        
		// Is the message for us?
		if ((channel & LSLAES_BROKER_FILTER_MASK()) == LSLAES_BROKER_FILTER_REQUEST()) {
			// Refuse overly large messages
			if (llStringLength(msg) > MAX_SIZE()) {
			    error(
			        link, 
			        "Maxmimum message length is " + 
			        	(string)MAX_SIZE() + 
			        	" characters", 
			        id
			    );
			    return;
			}
 
            // Special case for COMMAND_SETUP
            if ((channel & LSLAES_BROKER_COMMAND_MASK()) == LSLAES_BROKER_COMMAND_SETUP()) {
       			if (SUPPORTS_SETUP()) {
	                // Break up flags
	                if (msg != "") {
	                    list flags = llCSV2List((msg = "") + msg);
	                    integer i = 0; integer l = (flags != []);
						integer j = 0; list flag = [];
						do {
							flag = [llToUpper(llList2String(flags, i))];
 
							if (~(j = llListFindList(SUPPORTED_MODES(), flag))) {
								if (!lslAESSetMode(llList2Integer(SUPPORTED_MODES(), ++j))) {
									error(link, "Unsupported mode", id);
									return;
								}
							} else if (~(j = llListFindList(SUPPORTED_PADS(), flag))) {
								if (!lslAESSetPadding(llList2Integer(SUPPORTED_PADS(), ++j))) {
									error(link, "Unsupported padding scheme", id);
									return;
								}
							} else if ((string)flag == LSLAES_PAD_SIZE()) {
								j = llList2Integer(flags, ++i); // Next value should be pad-size
								if (!lslAESSetPaddingSize(j)) {
									error(link, "Invalid padding size", id);
									return;
								}
							} else {
								error(link, "Unsupported flag '"+(string)flag+"'", id);
								return;
							}
						} while ((++i) < l);
	                }
 
	                   // Construct reply
	                llMessageLinked(
	                    link,
	                    LSLAES_BROKER_FILTER_REPLY() | LSLAES_BROKER_COMMAND_SETUP(),
	                    "",
	                    id
	                );
	            } else error(link, "Set-up not supported", id);
	            return;
            }
 
            // What type of data do we have?
            integer inputType = channel & LSLAES_BROKER_INPUT_TYPE_MASK();
            if (inputType == LSLAES_BROKER_INPUT_HEX()) 
            	inputType = LSLAES_DATA_HEX();
            else if (inputType == LSLAES_BROKER_INPUT_BASE64()) 
            	inputType = LSLAES_DATA_BASE64();
            else {
            	error(link, "Unsupported input-type", id);
            	return;
            }
 
            // What type of data do we want?
            integer outputType = channel & LSLAES_BROKER_OUTPUT_TYPE_MASK();
            integer output = 0;
            if (outputType == LSLAES_BROKER_OUTPUT_HEX()) {
            	outputType = LSLAES_DATA_HEX();
            	output = LSLAES_BROKER_INPUT_HEX();
            } else if (outputType == LSLAES_BROKER_OUTPUT_BASE64()) {
            	outputType = LSLAES_DATA_BASE64();
            	output = LSLAES_BROKER_INPUT_BASE64();
            } else outputType = -1;
 
            // Now determine mode of operation
            integer command = channel & LSLAES_BROKER_COMMAND_MASK();
            list data = [];
 
            if (command == LSLAES_BROKER_COMMAND_PRIME()) 
                msg = lslAESSetKey(inputType, (msg = "") + msg);
            else if (command == LSLAES_BROKER_COMMAND_ENCRYPT()) {
            	if (~outputType) 
	                msg = lslAESEncrypt(inputType, outputType, (msg = "") + msg);
	            else {
	            	error(link, (msg = "") + "Unsupported output-type", id);
	            	return;
	            }
            } else if (command == LSLAES_BROKER_COMMAND_DECRYPT()) {
            	if (~outputType) 
                	msg = lslAESDecrypt(inputType, outputType, (msg = "") + msg);
	            else {
	            	error(link, (msg = "") + "Unsupported output-type", id);
	            	return;
	            }
            } else if (command == LSLAES_BROKER_COMMAND_INIT()) 
                msg = lslAESSetIV(inputType, (msg = "") + msg);
            else {
            	error(link, (msg = "") + "Unsupported mode", id);
            	return;
            }
 
            // Was command executed successfully?
            if (lslAESProcessCommandError()) {
                error(link, (msg = "") + msg, id);
                return;
            }
 
            // Construct reply
            llMessageLinked(
                link,
                LSLAES_BROKER_FILTER_REPLY() | command | output,
                (msg = "") + msg,
                id
            );
        }
    }
}

Examples

Encryption (AES_Broker_Encrypt.lslp)

$import AES.Broker.AES_Broker_Helper.lslm();
 
integer aesLink = LINK_THIS;
 
string  myKey   = "1234567890ABCDEF0123456789ABCDEF"; // 128-bit key in hex
string  myMsg   = "Hello world! I am a lovely message waiting to be encrypted!";
string  myIV    = "89ABCDEF0123456789ABCDEF01234567";
 
default {
    state_entry() { // Setup the engine for use
        lslAESSetup(
            aesLink,
            llDumpList2String(
            	[
	            	LSLAES_MODE_CFB(),		// CFB requires a less complex broker
	            	LSLAES_PAD_NULLS_SAFE(),// Safe null-padding (preserves bits)
	            	LSLAES_PAD_SIZE(),		// Pad into blocks of 512-bits
	            		512
	            ],
	            ","
	        ),
            llGetKey()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("SETUP ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_SETUP()) 
            state prime;
    }
}
 
state prime {
    state_entry() { // First prime the engine with a key
        lslAESPrimeHexKey(
            aesLink,
            myKey,
            llGetKey()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("PRIME ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_PRIME()) 
            state init;
    }
}
 
state init {
    state_entry() { // Now init the engine with an input vector
        lslAESInitHexIV(
            aesLink,
            myIV,
            llGetKey()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("INIT ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_INIT()) 
            state encrypt;
    }
}
 
state encrypt {
    state_entry() { // Send our message
        lslAESEncryptBase64ToBase64(
            aesLink,
            llStringToBase64(myMsg),
            llGetOwner()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("ENCRYPT ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_ENCRYPT()) 
            llOwnerSay("Encrypted: "+msg);
    }
}

Decryption (AES_Broker_Decrypt.lslp)

$import AES.Broker.AES_Broker_Helper.lslm();
 
integer aesLink = LINK_THIS;
 
string  myKey   = "1234567890ABCDEF0123456789ABCDEF"; // 128-bit key in hex
string  myMsg   = "Mdn6jGTwRPMOKTYTTdDKGm9KScz26LIz96KVOGAeMw3hpwByPfa07PDRHxRW4TIh5dmu5LlhKpTQChilKJZcCw==";
string  myIV    = "89ABCDEF0123456789ABCDEF01234567";
 
default {
    state_entry() { // Setup the engine for use
        lslAESSetup(
            aesLink,
            llDumpList2String(
            	[
	            	LSLAES_MODE_CFB(),		// CFB requires a less complex broker
	            	LSLAES_PAD_NULLS_SAFE(),// Safe null-padding (preserves bits)
	            	LSLAES_PAD_SIZE(),		// Pad into blocks of 512-bits
	            		512
	            ],
	            ","
	        ),
            llGetKey()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("SETUP ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_SETUP()) 
            state prime;
    }
}
 
state prime {
    state_entry() { // First prime the engine with a key
        lslAESPrimeHexKey(
            aesLink,
            myKey,
            llGetKey()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("PRIME ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_PRIME()) 
            state init;
    }
}
 
state init {
    state_entry() { // Now init the engine with an input vector
        lslAESInitHexIV(
            aesLink,
            myIV,
            llGetKey()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("INIT ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_INIT()) 
            state decrypt;
    }
}
 
state decrypt {
    state_entry() { // Send our message
        lslAESDecryptBase64ToBase64(
            aesLink,
            myMsg,
            llGetOwner()
        );
    }
 
    link_message(integer x, integer y, string msg, key id) {
        if (!lslAESIsReply(y, id)) return;
 
        y = lslAESGetReplyMode(y);
        if (y == LSLAES_BROKER_COMMAND_ERROR()) 
            llOwnerSay("DECRYPT ERROR: "+msg);
        else if (y == LSLAES_BROKER_COMMAND_DECRYPT()) 
            llOwnerSay("Decrypted: "+llBase64ToString(msg));
    }
}