1 /* $OpenBSD: rijndael.c,v 1.19 2008/06/09 07:49:45 djm Exp $ */
2
3 /**
4 * rijndael-alg-fst.c
5 *
6 * @version 3.0 (December 2000)
7 *
8 * Optimised ANSI C code for the Rijndael cipher (now AES)
9 *
10 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
11 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
12 * @author Paulo Barreto <paulo.barreto@terra.com.br>
13 *
14 * This code is hereby placed in the public domain.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
17 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
23 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
24 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
25 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
26 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /* #include <sys/param.h> */
30 /* #include <sys/systm.h> */
31
32 #include "rijndael.h"
33
34 #undef FULL_UNROLL
35
36 /*
37 Te0[x] = S [x].[02, 01, 01, 03];
38 Te1[x] = S [x].[03, 02, 01, 01];
39 Te2[x] = S [x].[01, 03, 02, 01];
40 Te3[x] = S [x].[01, 01, 03, 02];
41 Te4[x] = S [x].[01, 01, 01, 01];
42
43 Td0[x] = Si[x].[0e, 09, 0d, 0b];
44 Td1[x] = Si[x].[0b, 0e, 09, 0d];
45 Td2[x] = Si[x].[0d, 0b, 0e, 09];
46 Td3[x] = Si[x].[09, 0d, 0b, 0e];
47 Td4[x] = Si[x].[01, 01, 01, 01];
48 */
49
50 static const aes_u32 Te0[256] = {
51 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
52 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
53 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
54 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
55 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
56 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
57 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
58 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
59 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
60 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
61 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
62 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
63 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
64 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
65 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
66 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
67 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
68 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
69 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
70 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
71 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
72 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
73 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
74 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
75 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
76 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
77 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
78 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
79 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
80 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
81 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
82 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
83 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
84 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
85 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
86 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
87 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
88 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
89 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
90 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
91 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
92 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
93 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
94 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
95 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
96 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
97 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
98 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
99 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
100 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
101 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
102 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
103 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
104 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
105 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
106 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
107 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
108 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
109 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
110 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
111 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
112 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
113 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
114 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
115 };
116 static const aes_u32 Te1[256] = {
117 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
118 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
119 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
120 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
121 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
122 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
123 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
124 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
125 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
126 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
127 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
128 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
129 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
130 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
131 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
132 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
133 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
134 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
135 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
136 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
137 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
138 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
139 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
140 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
141 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
142 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
143 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
144 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
145 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
146 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
147 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
148 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
149 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
150 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
151 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
152 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
153 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
154 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
155 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
156 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
157 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
158 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
159 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
160 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
161 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
162 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
163 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
164 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
165 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
166 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
167 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
168 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
169 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
170 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
171 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
172 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
173 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
174 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
175 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
176 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
177 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
178 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
179 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
180 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
181 };
182 static const aes_u32 Te2[256] = {
183 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
184 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
185 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
186 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
187 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
188 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
189 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
190 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
191 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
192 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
193 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
194 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
195 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
196 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
197 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
198 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
199 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
200 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
201 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
202 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
203 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
204 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
205 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
206 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
207 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
208 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
209 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
210 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
211 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
212 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
213 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
214 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
215 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
216 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
217 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
218 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
219 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
220 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
221 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
222 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
223 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
224 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
225 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
226 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
227 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
228 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
229 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
230 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
231 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
232 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
233 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
234 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
235 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
236 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
237 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
238 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
239 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
240 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
241 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
242 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
243 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
244 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
245 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
246 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
247 };
248 static const aes_u32 Te3[256] = {
249 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
250 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
251 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
252 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
253 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
254 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
255 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
256 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
257 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
258 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
259 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
260 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
261 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
262 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
263 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
264 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
265 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
266 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
267 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
268 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
269 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
270 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
271 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
272 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
273 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
274 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
275 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
276 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
277 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
278 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
279 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
280 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
281 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
282 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
283 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
284 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
285 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
286 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
287 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
288 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
289 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
290 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
291 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
292 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
293 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
294 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
295 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
296 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
297 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
298 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
299 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
300 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
301 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
302 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
303 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
304 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
305 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
306 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
307 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
308 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
309 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
310 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
311 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
312 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
313 };
314 static const aes_u32 Te4[256] = {
315 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
316 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
317 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
318 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
319 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
320 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
321 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
322 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
323 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
324 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
325 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
326 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
327 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
328 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
329 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
330 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
331 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
332 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
333 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
334 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
335 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
336 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
337 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
338 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
339 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
340 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
341 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
342 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
343 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
344 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
345 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
346 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
347 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
348 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
349 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
350 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
351 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
352 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
353 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
354 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
355 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
356 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
357 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
358 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
359 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
360 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
361 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
362 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
363 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
364 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
365 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
366 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
367 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
368 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
369 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
370 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
371 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
372 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
373 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
374 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
375 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
376 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
377 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
378 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
379 };
380
381 #ifdef WITH_AES_DECRYPT
382
383 static const aes_u32 Td0[256] = {
384 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
385 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
386 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
387 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
388 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
389 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
390 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
391 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
392 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
393 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
394 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
395 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
396 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
397 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
398 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
399 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
400 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
401 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
402 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
403 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
404 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
405 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
406 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
407 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
408 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
409 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
410 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
411 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
412 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
413 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
414 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
415 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
416 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
417 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
418 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
419 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
420 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
421 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
422 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
423 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
424 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
425 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
426 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
427 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
428 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
429 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
430 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
431 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
432 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
433 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
434 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
435 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
436 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
437 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
438 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
439 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
440 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
441 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
442 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
443 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
444 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
445 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
446 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
447 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
448 };
449 static const aes_u32 Td1[256] = {
450 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
451 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
452 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
453 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
454 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
455 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
456 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
457 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
458 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
459 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
460 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
461 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
462 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
463 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
464 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
465 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
466 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
467 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
468 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
469 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
470 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
471 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
472 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
473 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
474 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
475 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
476 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
477 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
478 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
479 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
480 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
481 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
482 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
483 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
484 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
485 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
486 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
487 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
488 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
489 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
490 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
491 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
492 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
493 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
494 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
495 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
496 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
497 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
498 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
499 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
500 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
501 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
502 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
503 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
504 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
505 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
506 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
507 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
508 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
509 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
510 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
511 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
512 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
513 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
514 };
515 static const aes_u32 Td2[256] = {
516 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
517 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
518 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
519 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
520 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
521 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
522 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
523 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
524 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
525 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
526 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
527 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
528 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
529 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
530 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
531 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
532 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
533 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
534 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
535 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
536 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
537 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
538 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
539 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
540 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
541 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
542 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
543 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
544 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
545 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
546 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
547 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
548 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
549 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
550 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
551 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
552 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
553 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
554 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
555 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
556 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
557 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
558 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
559 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
560 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
561 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
562 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
563 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
564 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
565 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
566 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
567 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
568 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
569 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
570 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
571 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
572 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
573 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
574 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
575 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
576 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
577 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
578 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
579 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
580 };
581 static const aes_u32 Td3[256] = {
582 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
583 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
584 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
585 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
586 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
587 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
588 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
589 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
590 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
591 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
592 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
593 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
594 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
595 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
596 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
597 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
598 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
599 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
600 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
601 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
602 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
603 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
604 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
605 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
606 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
607 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
608 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
609 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
610 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
611 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
612 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
613 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
614 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
615 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
616 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
617 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
618 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
619 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
620 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
621 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
622 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
623 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
624 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
625 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
626 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
627 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
628 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
629 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
630 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
631 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
632 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
633 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
634 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
635 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
636 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
637 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
638 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
639 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
640 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
641 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
642 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
643 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
644 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
645 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
646 };
647 static const aes_u32 Td4[256] = {
648 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
649 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
650 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
651 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
652 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
653 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
654 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
655 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
656 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
657 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
658 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
659 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
660 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
661 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
662 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
663 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
664 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
665 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
666 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
667 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
668 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
669 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
670 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
671 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
672 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
673 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
674 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
675 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
676 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
677 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
678 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
679 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
680 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
681 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
682 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
683 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
684 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
685 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
686 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
687 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
688 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
689 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
690 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
691 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
692 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
693 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
694 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
695 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
696 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
697 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
698 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
699 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
700 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
701 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
702 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
703 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
704 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
705 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
706 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
707 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
708 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
709 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
710 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
711 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
712 };
713
714 #endif /* WITH_AES_DECRYPT */
715
716 static const aes_u32 rcon[] = {
717 0x01000000, 0x02000000, 0x04000000, 0x08000000,
718 0x10000000, 0x20000000, 0x40000000, 0x80000000,
719 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
720 };
721
722 #define GETU32(pt) (((aes_u32)(pt)[0] << 24) ^ ((aes_u32)(pt)[1] << 16) ^ ((aes_u32)(pt)[2] << 8) ^ ((aes_u32)(pt)[3]))
723 #define PUTU32(ct, st) { (ct)[0] = (aes_u8)((st) >> 24); (ct)[1] = (aes_u8)((st) >> 16); (ct)[2] = (aes_u8)((st) >> 8); (ct)[3] = (aes_u8)(st); }
724
725 /**
726 * Expand the cipher key into the encryption key schedule.
727 *
728 * @return the number of rounds for the given cipher key size.
729 */
730 int
rijndaelKeySetupEnc(aes_u32 rk[],const aes_u8 cipherKey[],int keyBits)731 rijndaelKeySetupEnc(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], int keyBits)
732 {
733 int i = 0;
734 aes_u32 temp;
735
736 rk[0] = GETU32(cipherKey );
737 rk[1] = GETU32(cipherKey + 4);
738 rk[2] = GETU32(cipherKey + 8);
739 rk[3] = GETU32(cipherKey + 12);
740 if (keyBits == 128) {
741 for (;;) {
742 temp = rk[3];
743 rk[4] = rk[0] ^
744 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
745 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
746 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
747 (Te4[(temp >> 24) ] & 0x000000ff) ^
748 rcon[i];
749 rk[5] = rk[1] ^ rk[4];
750 rk[6] = rk[2] ^ rk[5];
751 rk[7] = rk[3] ^ rk[6];
752 if (++i == 10) {
753 return 10;
754 }
755 rk += 4;
756 }
757 }
758 rk[4] = GETU32(cipherKey + 16);
759 rk[5] = GETU32(cipherKey + 20);
760 if (keyBits == 192) {
761 for (;;) {
762 temp = rk[ 5];
763 rk[ 6] = rk[ 0] ^
764 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
765 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
766 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
767 (Te4[(temp >> 24) ] & 0x000000ff) ^
768 rcon[i];
769 rk[ 7] = rk[ 1] ^ rk[ 6];
770 rk[ 8] = rk[ 2] ^ rk[ 7];
771 rk[ 9] = rk[ 3] ^ rk[ 8];
772 if (++i == 8) {
773 return 12;
774 }
775 rk[10] = rk[ 4] ^ rk[ 9];
776 rk[11] = rk[ 5] ^ rk[10];
777 rk += 6;
778 }
779 }
780 rk[6] = GETU32(cipherKey + 24);
781 rk[7] = GETU32(cipherKey + 28);
782 if (keyBits == 256) {
783 for (;;) {
784 temp = rk[ 7];
785 rk[ 8] = rk[ 0] ^
786 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
787 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
788 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
789 (Te4[(temp >> 24) ] & 0x000000ff) ^
790 rcon[i];
791 rk[ 9] = rk[ 1] ^ rk[ 8];
792 rk[10] = rk[ 2] ^ rk[ 9];
793 rk[11] = rk[ 3] ^ rk[10];
794 if (++i == 7) {
795 return 14;
796 }
797 temp = rk[11];
798 rk[12] = rk[ 4] ^
799 (Te4[(temp >> 24) ] & 0xff000000) ^
800 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
801 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
802 (Te4[(temp ) & 0xff] & 0x000000ff);
803 rk[13] = rk[ 5] ^ rk[12];
804 rk[14] = rk[ 6] ^ rk[13];
805 rk[15] = rk[ 7] ^ rk[14];
806 rk += 8;
807 }
808 }
809 return 0;
810 }
811
812 #ifdef WITH_AES_DECRYPT
813 /**
814 * Expand the cipher key into the decryption key schedule.
815 *
816 * @return the number of rounds for the given cipher key size.
817 */
818 int
rijndaelKeySetupDec(aes_u32 rk[],const aes_u8 cipherKey[],int keyBits)819 rijndaelKeySetupDec(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], int keyBits)
820 {
821 int Nr, i, j;
822 aes_u32 temp;
823
824 /* expand the cipher key: */
825 Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
826
827 /* invert the order of the round keys: */
828 for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
829 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
830 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
831 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
832 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
833 }
834 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
835 for (i = 1; i < Nr; i++) {
836 rk += 4;
837 rk[0] =
838 Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
839 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
840 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
841 Td3[Te4[(rk[0] ) & 0xff] & 0xff];
842 rk[1] =
843 Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
844 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
845 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
846 Td3[Te4[(rk[1] ) & 0xff] & 0xff];
847 rk[2] =
848 Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
849 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
850 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
851 Td3[Te4[(rk[2] ) & 0xff] & 0xff];
852 rk[3] =
853 Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
854 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
855 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
856 Td3[Te4[(rk[3] ) & 0xff] & 0xff];
857 }
858 return Nr;
859 }
860 #endif
861
862 void
rijndaelEncrypt(const aes_u32 rk[],int Nr,const aes_u8 pt[16],aes_u8 ct[16])863 rijndaelEncrypt(const aes_u32 rk[/*4*(Nr + 1)*/], int Nr, const aes_u8 pt[16],
864 aes_u8 ct[16])
865 {
866 aes_u32 s0, s1, s2, s3, t0, t1, t2, t3;
867 #ifndef FULL_UNROLL
868 int r;
869 #endif /* ?FULL_UNROLL */
870
871 /*
872 * map byte array block to cipher state
873 * and add initial round key:
874 */
875 s0 = GETU32(pt ) ^ rk[0];
876 s1 = GETU32(pt + 4) ^ rk[1];
877 s2 = GETU32(pt + 8) ^ rk[2];
878 s3 = GETU32(pt + 12) ^ rk[3];
879 #ifdef FULL_UNROLL
880 /* round 1: */
881 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
882 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
883 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
884 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
885 /* round 2: */
886 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
887 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
888 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
889 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
890 /* round 3: */
891 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
892 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
893 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
894 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
895 /* round 4: */
896 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
897 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
898 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
899 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
900 /* round 5: */
901 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
902 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
903 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
904 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
905 /* round 6: */
906 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
907 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
908 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
909 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
910 /* round 7: */
911 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
912 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
913 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
914 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
915 /* round 8: */
916 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
917 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
918 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
919 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
920 /* round 9: */
921 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
922 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
923 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
924 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
925 if (Nr > 10) {
926 /* round 10: */
927 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
928 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
929 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
930 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
931 /* round 11: */
932 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
933 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
934 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
935 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
936 if (Nr > 12) {
937 /* round 12: */
938 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
939 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
940 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
941 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
942 /* round 13: */
943 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
944 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
945 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
946 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
947 }
948 }
949 rk += Nr << 2;
950 #else /* !FULL_UNROLL */
951 /*
952 * Nr - 1 full rounds:
953 */
954 r = Nr >> 1;
955 for (;;) {
956 t0 =
957 Te0[(s0 >> 24) ] ^
958 Te1[(s1 >> 16) & 0xff] ^
959 Te2[(s2 >> 8) & 0xff] ^
960 Te3[(s3 ) & 0xff] ^
961 rk[4];
962 t1 =
963 Te0[(s1 >> 24) ] ^
964 Te1[(s2 >> 16) & 0xff] ^
965 Te2[(s3 >> 8) & 0xff] ^
966 Te3[(s0 ) & 0xff] ^
967 rk[5];
968 t2 =
969 Te0[(s2 >> 24) ] ^
970 Te1[(s3 >> 16) & 0xff] ^
971 Te2[(s0 >> 8) & 0xff] ^
972 Te3[(s1 ) & 0xff] ^
973 rk[6];
974 t3 =
975 Te0[(s3 >> 24) ] ^
976 Te1[(s0 >> 16) & 0xff] ^
977 Te2[(s1 >> 8) & 0xff] ^
978 Te3[(s2 ) & 0xff] ^
979 rk[7];
980
981 rk += 8;
982 if (--r == 0) {
983 break;
984 }
985
986 s0 =
987 Te0[(t0 >> 24) ] ^
988 Te1[(t1 >> 16) & 0xff] ^
989 Te2[(t2 >> 8) & 0xff] ^
990 Te3[(t3 ) & 0xff] ^
991 rk[0];
992 s1 =
993 Te0[(t1 >> 24) ] ^
994 Te1[(t2 >> 16) & 0xff] ^
995 Te2[(t3 >> 8) & 0xff] ^
996 Te3[(t0 ) & 0xff] ^
997 rk[1];
998 s2 =
999 Te0[(t2 >> 24) ] ^
1000 Te1[(t3 >> 16) & 0xff] ^
1001 Te2[(t0 >> 8) & 0xff] ^
1002 Te3[(t1 ) & 0xff] ^
1003 rk[2];
1004 s3 =
1005 Te0[(t3 >> 24) ] ^
1006 Te1[(t0 >> 16) & 0xff] ^
1007 Te2[(t1 >> 8) & 0xff] ^
1008 Te3[(t2 ) & 0xff] ^
1009 rk[3];
1010 }
1011 #endif /* ?FULL_UNROLL */
1012 /*
1013 * apply last round and
1014 * map cipher state to byte array block:
1015 */
1016 s0 =
1017 (Te4[(t0 >> 24) ] & 0xff000000) ^
1018 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1019 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1020 (Te4[(t3 ) & 0xff] & 0x000000ff) ^
1021 rk[0];
1022 PUTU32(ct , s0);
1023 s1 =
1024 (Te4[(t1 >> 24) ] & 0xff000000) ^
1025 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1026 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1027 (Te4[(t0 ) & 0xff] & 0x000000ff) ^
1028 rk[1];
1029 PUTU32(ct + 4, s1);
1030 s2 =
1031 (Te4[(t2 >> 24) ] & 0xff000000) ^
1032 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1033 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1034 (Te4[(t1 ) & 0xff] & 0x000000ff) ^
1035 rk[2];
1036 PUTU32(ct + 8, s2);
1037 s3 =
1038 (Te4[(t3 >> 24) ] & 0xff000000) ^
1039 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1040 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1041 (Te4[(t2 ) & 0xff] & 0x000000ff) ^
1042 rk[3];
1043 PUTU32(ct + 12, s3);
1044 }
1045
1046 #ifdef WITH_AES_DECRYPT
1047 static void
rijndaelDecrypt(const aes_u32 rk[],int Nr,const aes_u8 ct[16],aes_u8 pt[16])1048 rijndaelDecrypt(const aes_u32 rk[/*4*(Nr + 1)*/], int Nr, const aes_u8 ct[16],
1049 aes_u8 pt[16])
1050 {
1051 aes_u32 s0, s1, s2, s3, t0, t1, t2, t3;
1052 #ifndef FULL_UNROLL
1053 int r;
1054 #endif /* ?FULL_UNROLL */
1055
1056 /*
1057 * map byte array block to cipher state
1058 * and add initial round key:
1059 */
1060 s0 = GETU32(ct ) ^ rk[0];
1061 s1 = GETU32(ct + 4) ^ rk[1];
1062 s2 = GETU32(ct + 8) ^ rk[2];
1063 s3 = GETU32(ct + 12) ^ rk[3];
1064 #ifdef FULL_UNROLL
1065 /* round 1: */
1066 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1067 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1068 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1069 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1070 /* round 2: */
1071 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1072 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1073 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1074 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1075 /* round 3: */
1076 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1077 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1078 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1079 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1080 /* round 4: */
1081 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1082 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1083 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1084 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1085 /* round 5: */
1086 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1087 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1088 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1089 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1090 /* round 6: */
1091 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1092 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1093 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1094 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1095 /* round 7: */
1096 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1097 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1098 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1099 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1100 /* round 8: */
1101 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1102 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1103 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1104 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1105 /* round 9: */
1106 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1107 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1108 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1109 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1110 if (Nr > 10) {
1111 /* round 10: */
1112 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1113 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1114 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1115 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1116 /* round 11: */
1117 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1118 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1119 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1120 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1121 if (Nr > 12) {
1122 /* round 12: */
1123 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1124 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1125 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1126 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1127 /* round 13: */
1128 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1129 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1130 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1131 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1132 }
1133 }
1134 rk += Nr << 2;
1135 #else /* !FULL_UNROLL */
1136 /*
1137 * Nr - 1 full rounds:
1138 */
1139 r = Nr >> 1;
1140 for (;;) {
1141 t0 =
1142 Td0[(s0 >> 24) ] ^
1143 Td1[(s3 >> 16) & 0xff] ^
1144 Td2[(s2 >> 8) & 0xff] ^
1145 Td3[(s1 ) & 0xff] ^
1146 rk[4];
1147 t1 =
1148 Td0[(s1 >> 24) ] ^
1149 Td1[(s0 >> 16) & 0xff] ^
1150 Td2[(s3 >> 8) & 0xff] ^
1151 Td3[(s2 ) & 0xff] ^
1152 rk[5];
1153 t2 =
1154 Td0[(s2 >> 24) ] ^
1155 Td1[(s1 >> 16) & 0xff] ^
1156 Td2[(s0 >> 8) & 0xff] ^
1157 Td3[(s3 ) & 0xff] ^
1158 rk[6];
1159 t3 =
1160 Td0[(s3 >> 24) ] ^
1161 Td1[(s2 >> 16) & 0xff] ^
1162 Td2[(s1 >> 8) & 0xff] ^
1163 Td3[(s0 ) & 0xff] ^
1164 rk[7];
1165
1166 rk += 8;
1167 if (--r == 0) {
1168 break;
1169 }
1170
1171 s0 =
1172 Td0[(t0 >> 24) ] ^
1173 Td1[(t3 >> 16) & 0xff] ^
1174 Td2[(t2 >> 8) & 0xff] ^
1175 Td3[(t1 ) & 0xff] ^
1176 rk[0];
1177 s1 =
1178 Td0[(t1 >> 24) ] ^
1179 Td1[(t0 >> 16) & 0xff] ^
1180 Td2[(t3 >> 8) & 0xff] ^
1181 Td3[(t2 ) & 0xff] ^
1182 rk[1];
1183 s2 =
1184 Td0[(t2 >> 24) ] ^
1185 Td1[(t1 >> 16) & 0xff] ^
1186 Td2[(t0 >> 8) & 0xff] ^
1187 Td3[(t3 ) & 0xff] ^
1188 rk[2];
1189 s3 =
1190 Td0[(t3 >> 24) ] ^
1191 Td1[(t2 >> 16) & 0xff] ^
1192 Td2[(t1 >> 8) & 0xff] ^
1193 Td3[(t0 ) & 0xff] ^
1194 rk[3];
1195 }
1196 #endif /* ?FULL_UNROLL */
1197 /*
1198 * apply last round and
1199 * map cipher state to byte array block:
1200 */
1201 s0 =
1202 (Td4[(t0 >> 24) ] & 0xff000000) ^
1203 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1204 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1205 (Td4[(t1 ) & 0xff] & 0x000000ff) ^
1206 rk[0];
1207 PUTU32(pt , s0);
1208 s1 =
1209 (Td4[(t1 >> 24) ] & 0xff000000) ^
1210 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1211 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1212 (Td4[(t2 ) & 0xff] & 0x000000ff) ^
1213 rk[1];
1214 PUTU32(pt + 4, s1);
1215 s2 =
1216 (Td4[(t2 >> 24) ] & 0xff000000) ^
1217 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1218 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1219 (Td4[(t3 ) & 0xff] & 0x000000ff) ^
1220 rk[2];
1221 PUTU32(pt + 8, s2);
1222 s3 =
1223 (Td4[(t3 >> 24) ] & 0xff000000) ^
1224 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1225 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1226 (Td4[(t0 ) & 0xff] & 0x000000ff) ^
1227 rk[3];
1228 PUTU32(pt + 12, s3);
1229 }
1230 #endif
1231
1232 /* setup key context for encryption only */
1233 int
rijndael_set_key_enc_only(rijndael_ctx * ctx,const u_char * key,int bits)1234 rijndael_set_key_enc_only(rijndael_ctx *ctx, const u_char *key, int bits)
1235 {
1236 int rounds;
1237
1238 rounds = rijndaelKeySetupEnc(ctx->ek, key, bits);
1239 if (rounds == 0)
1240 return -1;
1241
1242 ctx->Nr = rounds;
1243 #ifdef WITH_AES_DECRYPT
1244 ctx->enc_only = 1;
1245 #endif
1246
1247 return 0;
1248 }
1249
1250 #ifdef WITH_AES_DECRYPT
1251 /* setup key context for both encryption and decryption */
1252 int
rijndael_set_key(rijndael_ctx * ctx,const u_char * key,int bits)1253 rijndael_set_key(rijndael_ctx *ctx, const u_char *key, int bits)
1254 {
1255 int rounds;
1256
1257 rounds = rijndaelKeySetupEnc(ctx->ek, key, bits);
1258 if (rounds == 0)
1259 return -1;
1260 if (rijndaelKeySetupDec(ctx->dk, key, bits) != rounds)
1261 return -1;
1262
1263 ctx->Nr = rounds;
1264 ctx->enc_only = 0;
1265
1266 return 0;
1267 }
1268
1269 void
rijndael_decrypt(rijndael_ctx * ctx,const u_char * src,u_char * dst)1270 rijndael_decrypt(rijndael_ctx *ctx, const u_char *src, u_char *dst)
1271 {
1272 rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
1273 }
1274 #endif
1275
1276 void
rijndael_encrypt(rijndael_ctx * ctx,const u_char * src,u_char * dst)1277 rijndael_encrypt(rijndael_ctx *ctx, const u_char *src, u_char *dst)
1278 {
1279 rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
1280 }
1281
