325     uint8_t i, j;  in aria_rot128()  local
333     for (i = 0; i < 4; i++) {  in aria_rot128()
339         r[i] = a[i] ^ t;                    // store  in aria_rot128()
358     int i;  in mbedtls_aria_setkey_enc()  local
381     i = (keybits - 128) >> 6;               // index: 0, 1, 2  in mbedtls_aria_setkey_enc()
382     ctx->nr = 12 + 2 * i;                   // no. rounds: 12, 14, 16  in mbedtls_aria_setkey_enc()
384     aria_fo_xor(w[1], w[0], rc[i], w[1]);   // W1 = FO(W0, CK1) ^ KR  in mbedtls_aria_setkey_enc()
385     i = i < 2 ? i + 1 : 0;  in mbedtls_aria_setkey_enc()
386     aria_fe_xor(w[2], w[1], rc[i], w[0]);   // W2 = FE(W1, CK2) ^ W0  in mbedtls_aria_setkey_enc()
387     i = i < 2 ? i + 1 : 0;  in mbedtls_aria_setkey_enc()
388     aria_fo_xor(w[3], w[2], rc[i], w[1]);   // W3 = FO(W2, CK3) ^ W1  in mbedtls_aria_setkey_enc()
390     for (i = 0; i < 4; i++) {               // create round keys  in mbedtls_aria_setkey_enc()
391         w2 = w[(i + 1) & 3];  in mbedtls_aria_setkey_enc()
392         aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);  in mbedtls_aria_setkey_enc()
393         aria_rot128(ctx->rk[i +  4], w[i], w2, 128 - 31);  in mbedtls_aria_setkey_enc()
394         aria_rot128(ctx->rk[i +  8], w[i], w2,       61);  in mbedtls_aria_setkey_enc()
395         aria_rot128(ctx->rk[i + 12], w[i], w2,       31);  in mbedtls_aria_setkey_enc()
412     int i, j, k, ret;  in mbedtls_aria_setkey_dec()  local
420     for (i = 0, j = ctx->nr; i < j; i++, j--) {  in mbedtls_aria_setkey_dec()
422             uint32_t t = ctx->rk[i][k];  in mbedtls_aria_setkey_dec()
423             ctx->rk[i][k] = ctx->rk[j][k];  in mbedtls_aria_setkey_dec()
429     for (i = 1; i < ctx->nr; i++) {  in mbedtls_aria_setkey_dec()
430         aria_a(&ctx->rk[i][0], &ctx->rk[i][1],  in mbedtls_aria_setkey_dec()
431                &ctx->rk[i][2], &ctx->rk[i][3]);  in mbedtls_aria_setkey_dec()
445     int i;  in mbedtls_aria_crypt_ecb()  local
454     i = 0;  in mbedtls_aria_crypt_ecb()
456         a ^= ctx->rk[i][0];  in mbedtls_aria_crypt_ecb()
457         b ^= ctx->rk[i][1];  in mbedtls_aria_crypt_ecb()
458         c ^= ctx->rk[i][2];  in mbedtls_aria_crypt_ecb()
459         d ^= ctx->rk[i][3];  in mbedtls_aria_crypt_ecb()
460         i++;  in mbedtls_aria_crypt_ecb()
465         a ^= ctx->rk[i][0];  in mbedtls_aria_crypt_ecb()
466         b ^= ctx->rk[i][1];  in mbedtls_aria_crypt_ecb()
467         c ^= ctx->rk[i][2];  in mbedtls_aria_crypt_ecb()
468         d ^= ctx->rk[i][3];  in mbedtls_aria_crypt_ecb()
469         i++;  in mbedtls_aria_crypt_ecb()
472         if (i >= ctx->nr) {  in mbedtls_aria_crypt_ecb()
479     a ^= ctx->rk[i][0];  in mbedtls_aria_crypt_ecb()
480     b ^= ctx->rk[i][1];  in mbedtls_aria_crypt_ecb()
481     c ^= ctx->rk[i][2];  in mbedtls_aria_crypt_ecb()
482     d ^= ctx->rk[i][3];  in mbedtls_aria_crypt_ecb()
628     int c, i;  in mbedtls_aria_crypt_ctr()  local
643             for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {  in mbedtls_aria_crypt_ctr()
644                 if (++nonce_counter[i - 1] != 0) {  in mbedtls_aria_crypt_ctr()
813     int i;  in mbedtls_aria_self_test()  local
833     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
836             mbedtls_printf("  ARIA-ECB-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
838         mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);  in mbedtls_aria_self_test()
841             memcmp(blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE)  in mbedtls_aria_self_test()
846             mbedtls_printf("  ARIA-ECB-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
853         mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);  in mbedtls_aria_self_test()
854         mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);  in mbedtls_aria_self_test()
868     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
871             mbedtls_printf("  ARIA-CBC-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
873         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
878         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cbc_ct[i], 48)  in mbedtls_aria_self_test()
883             mbedtls_printf("  ARIA-CBC-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
885         mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
889                                aria_test2_cbc_ct[i], buf);  in mbedtls_aria_self_test()
899     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
902             mbedtls_printf("  ARIA-CFB-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
904         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
910         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);  in mbedtls_aria_self_test()
914             mbedtls_printf("  ARIA-CFB-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
916         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
921                                   iv, aria_test2_cfb_ct[i], buf);  in mbedtls_aria_self_test()
930     for (i = 0; i < 3; i++) {  in mbedtls_aria_self_test()
933             mbedtls_printf("  ARIA-CTR-%d (enc): ", 128 + 64 * i);  in mbedtls_aria_self_test()
935         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
941         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);  in mbedtls_aria_self_test()
945             mbedtls_printf("  ARIA-CTR-%d (dec): ", 128 + 64 * i);  in mbedtls_aria_self_test()
947         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);  in mbedtls_aria_self_test()
952                                aria_test2_ctr_ct[i], buf);  in mbedtls_aria_self_test()