// backOneRound takes round key i and returns round key i-1.
func backOneRound(roundKey [16]byte, round int) (out [16]byte) {
constr := saes.Construction{}
// Recover everything except the first word by XORing consecutive blocks.
for pos := 4; pos < 16; pos++ {
out[pos] = roundKey[pos] ^ roundKey[pos-4]
}
// Recover the first word by XORing the first block of the roundKey with f(last block of roundKey), where f is a
// subroutine of AES' key scheduling algorithm.
for pos := 0; pos < 4; pos++ {
out[pos] = roundKey[pos] ^ constr.SubByte(out[12+(pos+1)%4])
}
out[0] ^= powx[round-1]
return
}
func (sbox sbox) Encode(in byte) byte {
constr := saes.Construction{}
return constr.SubByte(in)
}