343     uint8_t i, j;  in aria_rot128()  local
351     for (i = 0; i < 4; i++) {  in aria_rot128()
357         r[i] = a[i] ^ t;                    // store  in aria_rot128()
376     int i;  in mbedtls_aria_setkey_enc()  local
401     i = (keybits - 128) >> 6;               // index: 0, 1, 2  in mbedtls_aria_setkey_enc()
402     ctx->nr = 12 + 2 * i;                   // no. rounds: 12, 14, 16  in mbedtls_aria_setkey_enc()
404     aria_fo_xor(w[1], w[0], rc[i], w[1]);   // W1 = FO(W0, CK1) ^ KR  in mbedtls_aria_setkey_enc()
405     i = i < 2 ? i + 1 : 0;  in mbedtls_aria_setkey_enc()
406     aria_fe_xor(w[2], w[1], rc[i], w[0]);   // W2 = FE(W1, CK2) ^ W0  in mbedtls_aria_setkey_enc()
407     i = i < 2 ? i + 1 : 0;  in mbedtls_aria_setkey_enc()
408     aria_fo_xor(w[3], w[2], rc[i], w[1]);   // W3 = FO(W2, CK3) ^ W1  in mbedtls_aria_setkey_enc()
410     for (i = 0; i < 4; i++) {               // create round keys  in mbedtls_aria_setkey_enc()
411         w2 = w[(i + 1) & 3];  in mbedtls_aria_setkey_enc()
412         aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);  in mbedtls_aria_setkey_enc()
413         aria_rot128(ctx->rk[i +  4], w[i], w2, 128 - 31);  in mbedtls_aria_setkey_enc()
414         aria_rot128(ctx->rk[i +  8], w[i], w2,       61);  in mbedtls_aria_setkey_enc()
415         aria_rot128(ctx->rk[i + 12], w[i], w2,       31);  in mbedtls_aria_setkey_enc()
431     int i, j, k, ret;  in mbedtls_aria_setkey_dec()  local
441     for (i = 0, j = ctx->nr; i < j; i++, j--) {  in mbedtls_aria_setkey_dec()
443             uint32_t t = ctx->rk[i][k];  in mbedtls_aria_setkey_dec()
444             ctx->rk[i][k] = ctx->rk[j][k];  in mbedtls_aria_setkey_dec()
450     for (i = 1; i < ctx->nr; i++) {  in mbedtls_aria_setkey_dec()
451         aria_a(&ctx->rk[i][0], &ctx->rk[i][1],  in mbedtls_aria_setkey_dec()
452                &ctx->rk[i][2], &ctx->rk[i][3]);  in mbedtls_aria_setkey_dec()
465     int i;  in mbedtls_aria_crypt_ecb()  local
477     i = 0;  in mbedtls_aria_crypt_ecb()
479         a ^= ctx->rk[i][0];  in mbedtls_aria_crypt_ecb()
480         b ^= ctx->rk[i][1];  in mbedtls_aria_crypt_ecb()
481         c ^= ctx->rk[i][2];  in mbedtls_aria_crypt_ecb()
482         d ^= ctx->rk[i][3];  in mbedtls_aria_crypt_ecb()
483         i++;  in mbedtls_aria_crypt_ecb()
488         a ^= ctx->rk[i][0];  in mbedtls_aria_crypt_ecb()
489         b ^= ctx->rk[i][1];  in mbedtls_aria_crypt_ecb()
490         c ^= ctx->rk[i][2];  in mbedtls_aria_crypt_ecb()
491         d ^= ctx->rk[i][3];  in mbedtls_aria_crypt_ecb()
492         i++;  in mbedtls_aria_crypt_ecb()
495         if (i >= ctx->nr) {  in mbedtls_aria_crypt_ecb()
502     a ^= ctx->rk[i][0];  in mbedtls_aria_crypt_ecb()
503     b ^= ctx->rk[i][1];  in mbedtls_aria_crypt_ecb()
504     c ^= ctx->rk[i][2];  in mbedtls_aria_crypt_ecb()
505     d ^= ctx->rk[i][3];  in mbedtls_aria_crypt_ecb()
660     int c, i;  in mbedtls_aria_crypt_ctr()  local
683             for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {  in mbedtls_aria_crypt_ctr()
684                 if (++nonce_counter[i - 1] != 0) {  in mbedtls_aria_crypt_ctr()
853     int i;  in mbedtls_aria_self_test()  local
873     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
876             mbedtls_printf("  ARIA-ECB-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
878         mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);  in mbedtls_aria_self_test()
881             memcmp(blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE)  in mbedtls_aria_self_test()
886             mbedtls_printf("  ARIA-ECB-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
888         mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);  in mbedtls_aria_self_test()
889         mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);  in mbedtls_aria_self_test()
902     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
905             mbedtls_printf("  ARIA-CBC-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
907         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
912         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cbc_ct[i], 48)  in mbedtls_aria_self_test()
917             mbedtls_printf("  ARIA-CBC-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
919         mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
923                                aria_test2_cbc_ct[i], buf);  in mbedtls_aria_self_test()
933     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
936             mbedtls_printf("  ARIA-CFB-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
938         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
944         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);  in mbedtls_aria_self_test()
948             mbedtls_printf("  ARIA-CFB-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
950         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
955                                   iv, aria_test2_cfb_ct[i], buf);  in mbedtls_aria_self_test()
964     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
967             mbedtls_printf("  ARIA-CTR-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
969         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
975         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);  in mbedtls_aria_self_test()
979             mbedtls_printf("  ARIA-CTR-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
981         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
986                                aria_test2_ctr_ct[i], buf);  in mbedtls_aria_self_test()