WIP crypto/opencrypto update
authorSascha Wildner <saw@online.de>
Sun, 27 Sep 2009 12:49:00 +0000 (14:49 +0200)
committerAlex Hornung <ahornung@gmail.com>
Fri, 2 Oct 2009 15:17:37 +0000 (16:17 +0100)
82 files changed:
sys/conf/files
sys/conf/kmod.mk
sys/crypto/Makefile
sys/crypto/blowfish/arch/i386/bf_enc.S
sys/crypto/blowfish/arch/i386/bf_enc_586.S
sys/crypto/blowfish/arch/i386/bf_enc_686.S
sys/crypto/blowfish/bf_ecb.c [copied from sys/crypto/blowfish/blowfish.h with 73% similarity]
sys/crypto/blowfish/bf_enc.c
sys/crypto/blowfish/bf_locl.h
sys/crypto/blowfish/bf_pi.h
sys/crypto/blowfish/bf_skey.c
sys/crypto/blowfish/blowfish.h
sys/crypto/camellia/camellia-api.c [new file with mode: 0644]
sys/crypto/camellia/camellia.c [new file with mode: 0644]
sys/crypto/camellia/camellia.h [new file with mode: 0644]
sys/crypto/cast128/cast128.c [deleted file]
sys/crypto/cast128/cast128.h [deleted file]
sys/crypto/cast128/cast128_subkey.h [deleted file]
sys/crypto/des/arch/i386/des_enc.S
sys/crypto/des/des.h
sys/crypto/des/des_ecb.c
sys/crypto/des/des_enc.c
sys/crypto/des/des_locl.h
sys/crypto/des/des_setkey.c
sys/crypto/des/podd.h
sys/crypto/des/sk.h
sys/crypto/des/spr.h
sys/crypto/md5.c [deleted file]
sys/crypto/rc4/Makefile [new file with mode: 0644]
sys/crypto/rc4/rc4.c
sys/crypto/rc4/rc4.h
sys/crypto/rijndael/Makefile [new file with mode: 0644]
sys/crypto/rijndael/boxes-fst.dat [deleted file]
sys/crypto/rijndael/rijndael-alg-fst.c
sys/crypto/rijndael/rijndael-alg-fst.h [deleted file]
sys/crypto/rijndael/rijndael-api-fst.c
sys/crypto/rijndael/rijndael-api-fst.h
sys/crypto/rijndael/rijndael-api.c [moved from sys/opencrypto/rijndael.h with 55% similarity]
sys/crypto/rijndael/rijndael.h
sys/crypto/rijndael/rijndael_local.h
sys/crypto/rijndael/test00.c [new file with mode: 0644]
sys/crypto/sha1.c
sys/crypto/sha1.h
sys/crypto/sha2/sha2.c
sys/crypto/sha2/sha2.h
sys/crypto/via/Makefile [new file with mode: 0644]
sys/crypto/via/padlock.c [new file with mode: 0644]
sys/crypto/via/padlock.h [new file with mode: 0644]
sys/crypto/via/padlock_cipher.c [new file with mode: 0644]
sys/crypto/via/padlock_hash.c [new file with mode: 0644]
sys/dev/crypto/hifn/Makefile
sys/dev/crypto/ubsec/Makefile
sys/net/pfkeyv2.h
sys/netinet6/esp.h
sys/netinet6/esp_aesctr.h [moved from sys/crypto/md5.h with 54% similarity]
sys/netinet6/esp_camellia.h [new file with mode: 0644]
sys/netinet6/esp_core.c
sys/netinet6/esp_rijndael.c
sys/netinet6/esp_rijndael.h
sys/netproto/802_11/wlan_ccmp/ieee80211_crypto_ccmp.c
sys/opencrypto/cast.c
sys/opencrypto/cast.h
sys/opencrypto/castsb.h
sys/opencrypto/criov.c
sys/opencrypto/crmbuf.c [deleted file]
sys/opencrypto/crypto.c
sys/opencrypto/crypto_if.m [deleted file]
sys/opencrypto/cryptodev.c
sys/opencrypto/cryptodev.h
sys/opencrypto/cryptodev_if.m [new file with mode: 0644]
sys/opencrypto/cryptosoft.c
sys/opencrypto/cryptosoft.h
sys/opencrypto/deflate.c
sys/opencrypto/deflate.h
sys/opencrypto/rijndael.c [deleted file]
sys/opencrypto/rmd160.c
sys/opencrypto/rmd160.h
sys/opencrypto/skipjack.c
sys/opencrypto/skipjack.h
sys/opencrypto/xform.c
sys/opencrypto/xform.h
sys/platform/pc32/include/md_var.h

index b3e8e75..7b68495 100644 (file)
@@ -79,7 +79,6 @@ contrib/ipfilter/netinet/ip_proxy.c   optional ipfilter inet
 contrib/ipfilter/netinet/ip_state.c    optional ipfilter inet
 contrib/ipfilter/netinet/mlfk_ipl.c    optional ipfilter inet
 crypto/blowfish/bf_skey.c              optional ipsec ipsec_esp
-crypto/cast128/cast128.c               optional ipsec ipsec_esp
 crypto/des/des_ecb.c                   optional ipsec ipsec_esp
 crypto/des/des_setkey.c                        optional ipsec ipsec_esp
 crypto/rijndael/rijndael-alg-fst.c     optional ipsec ipsec_esp
@@ -87,6 +86,7 @@ crypto/rijndael/rijndael-api-fst.c    optional ipsec ipsec_esp
 crypto/sha1.c                          optional ipsec
 crypto/sha1.c                          optional carp
 crypto/sha2/sha2.c                     optional ipsec
+opencrypto/cast.c                      optional ipsec ipsec_esp
 ddb/db_access.c                                optional ddb
 ddb/db_kld.c                           optional ddb
 ddb/db_break.c                         optional ddb
@@ -1591,25 +1591,26 @@ libkern/strtoq.c                        standard
 libkern/strtoul.c                      standard
 libkern/strtouq.c                      standard
 #libkern/stack_protector.c             standard
+crypto/blowfish/bf_ecb.c               optional ipsec
 crypto/blowfish/bf_skey.c              optional crypto
-crypto/cast128/cast128.c               optional crypto
+crypto/camellia/camellia.c             optional crypto
+crypto/camellia/camellia-api.c         optional crypto
 crypto/des/des_ecb.c                   optional crypto
 crypto/des/des_setkey.c                        optional crypto
+crypto/rc4/rc4.c                       optional crypto
 crypto/rijndael/rijndael-alg-fst.c     optional crypto
 crypto/rijndael/rijndael-api-fst.c     optional crypto
-crypto/rc4/rc4.c                       optional crypto
-crypto/sha1.c                          optional crypto
+crypto/rijndael/rijndael-api.c         optional crypto
 crypto/sha1.c                          optional crypto
 crypto/sha2/sha2.c                             optional crypto
 net/zlib.c                             optional crypto
 opencrypto/cast.c                      optional crypto
 opencrypto/criov.c                     optional crypto
-opencrypto/crmbuf.c                    optional crypto
 opencrypto/crypto.c                    optional crypto
 opencrypto/cryptodev.c                 optional cryptodev
+opencrypto/cryptodev_if.m              optional crypto
 opencrypto/cryptosoft.c                        optional crypto
 opencrypto/deflate.c                   optional crypto
-opencrypto/rijndael.c                  optional crypto
 opencrypto/rmd160.c                    optional crypto
 opencrypto/skipjack.c                  optional crypto
 opencrypto/xform.c                     optional crypto
index 91bdde8..bd2b964 100644 (file)
@@ -269,7 +269,7 @@ MFILES?= kern/bus_if.m kern/device_if.m bus/iicbus/iicbb_if.m \
     dev/acpica5/acpi_if.m dev/disk/nata/ata_if.m \
     dev/sound/pcm/ac97_if.m dev/sound/pcm/channel_if.m \
     dev/sound/pcm/feeder_if.m dev/sound/pcm/mixer_if.m \
-    libiconv/iconv_converter_if.m dev/agp/agp_if.m opencrypto/crypto_if.m
+    libiconv/iconv_converter_if.m dev/agp/agp_if.m opencrypto/cryptodev_if.m
 
 .for _srcsrc in ${MFILES}
 .for _ext in c h
index 74b1291..c133150 100644 (file)
@@ -1,23 +1,24 @@
-# $FreeBSD: src/sys/modules/crypto/Makefile,v 1.1.2.1 2002/11/21 23:38:46 sam Exp $
-# $DragonFly: src/sys/crypto/Makefile,v 1.4 2004/07/23 11:54:14 joerg Exp $
+# $FreeBSD: src/sys/modules/crypto/Makefile,v 1.6 2007/05/09 19:37:01 gnn Exp $
 
 .PATH: ${.CURDIR}/../opencrypto
 .PATH: ${.CURDIR}/../crypto
 .PATH: ${.CURDIR}/../crypto/blowfish
 .PATH: ${.CURDIR}/../crypto/des
-.PATH: ${.CURDIR}/../crypto/rc4
+.PATH: ${.CURDIR}/../crypto/rijndael
 .PATH: ${.CURDIR}/../crypto/sha2
-.PATH: ${.CURDIR}/../net
+.PATH: ${.CURDIR}/../crypto/camellia
 
 KMOD   = crypto
-SRCS   = crypto.c
-SRCS   += criov.c crmbuf.c cryptosoft.c xform.c
-SRCS   += cast.c deflate.c rmd160.c rijndael.c skipjack.c
-SRCS   += bf_enc.c bf_skey.c
+SRCS   = crypto.c cryptodev_if.c
+SRCS   += criov.c cryptosoft.c xform.c
+SRCS   += cast.c deflate.c rmd160.c rijndael-alg-fst.c rijndael-api.c
+SRCS   += skipjack.c bf_enc.c bf_skey.c
 SRCS   += des_ecb.c des_enc.c des_setkey.c
-SRCS   += rc4.c
 SRCS   += sha1.c sha2.c
-SRCS   += zlib.c
-SRCS   += opt_param.h
+SRCS   += opt_param.h cryptodev_if.h bus_if.h device_if.h
+SRCS   += opt_ddb.h
+SRCS   += camellia.c camellia-api.c
+
+SUBDIR = rc4 via
 
 .include <bsd.kmod.mk>
index 396517e..8cc2b34 100644 (file)
@@ -1,6 +1,5 @@
 /*     $NetBSD: bf_enc.S,v 1.1 2001/09/09 11:01:01 tls Exp $   */
-/*     $FreeBSD: src/sys/crypto/blowfish/arch/i386/bf_enc.S,v 1.1.2.1 2002/03/26 10:12:24 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/blowfish/arch/i386/bf_enc.S,v 1.3 2007/11/07 17:42:51 dillon Exp $   */
+/*     $FreeBSD: src/sys/crypto/blowfish/arch/i386/bf_enc.S,v 1.2 2004/11/16 20:42:30 jhb Exp $        */
 
 /*
  * Written by Jason R. Thorpe <thorpej@zembu.com> and Thor Lancelot Simon
index e6993d9..bad4525 100644 (file)
@@ -1,6 +1,5 @@
 /*     $NetBSD: bf_enc_586.S,v 1.1 2001/09/09 11:01:01 tls Exp $       */
-/*     $FreeBSD: src/sys/crypto/blowfish/arch/i386/bf_enc_586.S,v 1.1.2.1 2002/03/26 10:12:24 ume Exp $        */
-/*     $DragonFly: src/sys/crypto/blowfish/arch/i386/bf_enc_586.S,v 1.4 2006/10/23 21:50:31 dillon Exp $       */
+/*     $FreeBSD: src/sys/crypto/blowfish/arch/i386/bf_enc_586.S,v 1.2 2003/04/21 16:30:12 obrien Exp $ */
 
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
index c0da10f..b8207e9 100644 (file)
@@ -1,6 +1,5 @@
 /*     $NetBSD: bf_enc_686.S,v 1.1 2001/09/09 11:01:02 tls Exp $       */
-/*     $FreeBSD: src/sys/crypto/blowfish/arch/i386/bf_enc_686.S,v 1.1.2.1 2002/03/26 10:12:24 ume Exp $        */
-/*     $DragonFly: src/sys/crypto/blowfish/arch/i386/bf_enc_686.S,v 1.3 2006/10/23 21:50:31 dillon Exp $       */
+/*     $FreeBSD: src/sys/crypto/blowfish/arch/i386/bf_enc_686.S,v 1.1 2002/03/05 09:19:02 ume Exp $    */
 
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
similarity index 73%
copy from sys/crypto/blowfish/blowfish.h
copy to sys/crypto/blowfish/bf_ecb.c
index 3b23260..adf4dbd 100644 (file)
@@ -1,13 +1,12 @@
-/*     $FreeBSD: src/sys/crypto/blowfish/blowfish.h,v 1.1.2.3 2002/03/26 10:12:23 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/blowfish/blowfish.h,v 1.3 2003/08/27 10:59:04 rob Exp $      */
-/*     $KAME: blowfish.h,v 1.12 2002/02/27 01:33:59 itojun Exp $       */
+/*     $FreeBSD: src/sys/crypto/blowfish/bf_ecb.c,v 1.1 2003/10/13 19:26:08 ume Exp $  */
 
-/* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
+/* crypto/bf/bf_ecb.c */
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
+ * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
@@ -15,7 +14,7 @@
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@mincom.oz.au).
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * 3. All advertising materials mentioning features or use of this software
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
- *     Eric Young (eay@mincom.oz.au)"
+ *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_BLOWFISH_H
-#define HEADER_BLOWFISH_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define BF_ENCRYPT     1
-#define BF_DECRYPT     0
-
-/* must be 32bit quantity */
-#define BF_LONG u_int32_t
+#include <sys/types.h>
+#include <crypto/blowfish/blowfish.h>
+#include <crypto/blowfish/bf_locl.h>
 
-#define BF_ROUNDS      16
-#define BF_BLOCK       8
-
-typedef struct bf_key_st {
-       BF_LONG P[BF_ROUNDS+2];
-       BF_LONG S[4*256];
-} BF_KEY;
-
-void BF_set_key (BF_KEY *, int, unsigned char *);
-void BF_encrypt (BF_LONG *, BF_KEY *);
-void BF_decrypt (BF_LONG *, BF_KEY *);
-void BF_cbc_encrypt(const unsigned char *, unsigned char *, long,
-                   const BF_KEY *, unsigned char *, int);
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
 
-#ifdef  __cplusplus
-}
-#endif
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+            BF_KEY *key, int encrypt)
+       {
+       BF_LONG l,d[2];
 
-#endif
+       n2l(in,l); d[0]=l;
+       n2l(in,l); d[1]=l;
+       if (encrypt)
+               BF_encrypt(d,key);
+       else
+               BF_decrypt(d,key);
+       l=d[0]; l2n(l,out);
+       l=d[1]; l2n(l,out);
+       l=d[0]=d[1]=0;
+       }
index 3707264..decd884 100644 (file)
@@ -1,8 +1,8 @@
-/*     $FreeBSD: src/sys/crypto/blowfish/bf_enc.c,v 1.1.2.3 2002/03/26 10:12:23 ume Exp $      */
-/*     $DragonFly: src/sys/crypto/blowfish/bf_enc.c,v 1.3 2003/07/26 14:12:24 rob Exp $        */
+/*     $FreeBSD: src/sys/crypto/blowfish/bf_enc.c,v 1.6 2003/06/10 21:38:38 obrien Exp $       */
 /*     $KAME: bf_enc.c,v 1.7 2002/02/27 01:33:59 itojun Exp $  */
 
 /* crypto/bf/bf_enc.c */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
index 3f44cf1..f65e314 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/blowfish/bf_locl.h,v 1.1.2.3 2002/03/26 10:12:23 ume Exp $     */
-/*     $DragonFly: src/sys/crypto/blowfish/bf_locl.h,v 1.2 2003/06/17 04:28:20 dillon Exp $    */
+/*     $FreeBSD: src/sys/crypto/blowfish/bf_locl.h,v 1.5 2002/03/05 09:19:01 ume Exp $ */
 /*     $KAME: bf_locl.h,v 1.6 2001/09/10 04:03:56 itojun Exp $ */
 
 /* crypto/bf/bf_local.h */
index 42c9a11..a2be603 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/blowfish/bf_pi.h,v 1.1.2.2 2002/03/26 10:12:23 ume Exp $       */
-/*     $DragonFly: src/sys/crypto/blowfish/bf_pi.h,v 1.2 2003/06/17 04:28:20 dillon Exp $      */
+/*     $FreeBSD: src/sys/crypto/blowfish/bf_pi.h,v 1.4 2002/03/05 09:19:01 ume Exp $   */
 /*     $KAME: bf_pi.h,v 1.4 2001/09/10 04:03:56 itojun Exp $   */
 
 /* crypto/bf/bf_pi.h */
index d2a3d3b..28b0e5a 100644 (file)
@@ -1,8 +1,8 @@
-/*     $FreeBSD: src/sys/crypto/blowfish/bf_skey.c,v 1.1.2.3 2002/03/26 10:12:23 ume Exp $     */
-/*     $DragonFly: src/sys/crypto/blowfish/bf_skey.c,v 1.3 2008/03/01 22:03:12 swildner Exp $  */
+/*     $FreeBSD: src/sys/crypto/blowfish/bf_skey.c,v 1.6 2003/06/10 21:38:38 obrien Exp $      */
 /*     $KAME: bf_skey.c,v 1.7 2002/02/27 01:33:59 itojun Exp $ */
 
 /* crypto/bf/bf_skey.c */
+
 /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
  * All rights reserved.
  *
index 3b23260..7964c39 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/blowfish/blowfish.h,v 1.1.2.3 2002/03/26 10:12:23 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/blowfish/blowfish.h,v 1.3 2003/08/27 10:59:04 rob Exp $      */
+/*     $FreeBSD: src/sys/crypto/blowfish/blowfish.h,v 1.7 2003/10/13 19:26:08 ume Exp $        */
 /*     $KAME: blowfish.h,v 1.12 2002/02/27 01:33:59 itojun Exp $       */
 
 /* crypto/bf/blowfish.h */
@@ -81,11 +80,11 @@ typedef struct bf_key_st {
        BF_LONG S[4*256];
 } BF_KEY;
 
-void BF_set_key (BF_KEY *, int, unsigned char *);
-void BF_encrypt (BF_LONG *, BF_KEY *);
-void BF_decrypt (BF_LONG *, BF_KEY *);
-void BF_cbc_encrypt(const unsigned char *, unsigned char *, long,
-                   const BF_KEY *, unsigned char *, int);
+void BF_set_key(BF_KEY *, int, unsigned char *);
+void BF_encrypt(BF_LONG *, BF_KEY *);
+void BF_decrypt(BF_LONG *, BF_KEY *);
+void BF_ecb_encrypt(const unsigned char *, unsigned char *,
+                   BF_KEY *, int);
 
 #ifdef  __cplusplus
 }
diff --git a/sys/crypto/camellia/camellia-api.c b/sys/crypto/camellia/camellia-api.c
new file mode 100644 (file)
index 0000000..75f6eef
--- /dev/null
@@ -0,0 +1,58 @@
+/*
+ *
+ * Copyright (c) 2006
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/crypto/camellia/camellia-api.c,v 1.1 2007/05/09 19:37:01 gnn Exp $
+ */
+
+#include <sys/cdefs.h>
+
+#include <sys/types.h>
+#ifdef _KERNEL
+#include <sys/systm.h>
+#endif
+#include <crypto/camellia/camellia.h>
+
+void
+camellia_set_key(camellia_ctx *ctx, const u_char *key, int bits)
+{
+
+    Camellia_Ekeygen(bits, key, ctx->subkey);
+    ctx->bits = bits;
+}
+
+void
+camellia_decrypt(const camellia_ctx *ctx, const u_char *src, u_char *dst)
+{
+
+    Camellia_DecryptBlock(ctx->bits, src, ctx->subkey, dst);
+}
+
+void
+camellia_encrypt(const camellia_ctx *ctx, const u_char *src, u_char *dst)
+{
+
+    Camellia_EncryptBlock(ctx->bits, src, ctx->subkey, dst);
+}
diff --git a/sys/crypto/camellia/camellia.c b/sys/crypto/camellia/camellia.c
new file mode 100644 (file)
index 0000000..91f5997
--- /dev/null
@@ -0,0 +1,1333 @@
+/* camellia.h ver 1.1.0
+ *
+ * Copyright (c) 2006
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/crypto/camellia/camellia.c,v 1.1 2007/05/09 19:37:01 gnn Exp $
+ */
+
+/*
+ * Algorithm Specification
+ *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+#include <sys/endian.h>
+#ifdef _KERNEL
+#include <sys/param.h>
+#include <sys/systm.h>
+#else
+#include <string.h>
+#include <assert.h>
+#define KASSERT(exp, msg) assert(exp)
+#endif
+
+#include <crypto/camellia/camellia.h>
+
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ *  macros
+ */
+#define GETU32(pt) (((uint32_t)(pt)[0] << 24)          \
+                    ^ ((uint32_t)(pt)[1] << 16)        \
+                    ^ ((uint32_t)(pt)[2] <<  8)        \
+                    ^ ((uint32_t)(pt)[3]))
+
+#define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24);       \
+                       (ct)[1] = (uint8_t)((st) >> 16);        \
+                       (ct)[2] = (uint8_t)((st) >>  8);        \
+                       (ct)[3] = (uint8_t)(st);}
+
+#define SUBL(INDEX) (subkey[(INDEX)*2+1])
+#define SUBR(INDEX) (subkey[(INDEX)*2])
+
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)   \
+    do {                                               \
+       w0 = ll;                                        \
+       ll = (ll << bits) + (lr >> (32 - bits));        \
+       lr = (lr << bits) + (rl >> (32 - bits));        \
+       rl = (rl << bits) + (rr >> (32 - bits));        \
+       rr = (rr << bits) + (w0 >> (32 - bits));        \
+    } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits)        \
+    do {                                               \
+       w0 = ll;                                        \
+       w1 = lr;                                        \
+       ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+       lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+       rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+       rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+    } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)     \
+    do {                                                       \
+       il = xl ^ kl;                                           \
+       ir = xr ^ kr;                                           \
+       t0 = il >> 16;                                          \
+       t1 = ir >> 16;                                          \
+       yl = CAMELLIA_SP1110(ir & 0xff)                         \
+           ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                 \
+           ^ CAMELLIA_SP3033(t1 & 0xff)                        \
+           ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                \
+       yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                  \
+           ^ CAMELLIA_SP0222(t0 & 0xff)                        \
+           ^ CAMELLIA_SP3033((il >> 8) & 0xff)                 \
+           ^ CAMELLIA_SP4404(il & 0xff);                       \
+       yl ^= yr;                                               \
+       yr = CAMELLIA_RR8(yr);                                  \
+       yr ^= yl;                                               \
+    } while(0)
+
+
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+    do {                                                               \
+       t0 = kll;                                                       \
+       t2 = krr;                                                       \
+       t0 &= ll;                                                       \
+       t2 |= rr;                                                       \
+       rl ^= t2;                                                       \
+       lr ^= CAMELLIA_RL1(t0);                                         \
+       t3 = krl;                                                       \
+       t1 = klr;                                                       \
+       t3 &= rl;                                                       \
+       t1 |= lr;                                                       \
+       ll ^= t1;                                                       \
+       rr ^= CAMELLIA_RL1(t3);                                         \
+    } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)       \
+    do {                                                               \
+       ir =  CAMELLIA_SP1110(xr & 0xff);                               \
+       il =  CAMELLIA_SP1110((xl>>24) & 0xff);                         \
+       ir ^= CAMELLIA_SP0222((xr>>24) & 0xff);                         \
+       il ^= CAMELLIA_SP0222((xl>>16) & 0xff);                         \
+       ir ^= CAMELLIA_SP3033((xr>>16) & 0xff);                         \
+       il ^= CAMELLIA_SP3033((xl>>8) & 0xff);                          \
+       ir ^= CAMELLIA_SP4404((xr>>8) & 0xff);                          \
+       il ^= CAMELLIA_SP4404(xl & 0xff);                               \
+       il ^= kl;                                                       \
+       ir ^= kr;                                                       \
+       ir ^= il;                                                       \
+       il = CAMELLIA_RR8(il);                                          \
+       il ^= ir;                                                       \
+       yl ^= ir;                                                       \
+       yr ^= il;                                                       \
+    } while(0)
+
+
+static const uint32_t camellia_sp1110[256] = {
+    0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+    0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+    0xe4e4e400,0x85858500,0x57575700,0x35353500,
+    0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+    0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+    0x45454500,0x19191900,0xa5a5a500,0x21212100,
+    0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+    0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+    0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+    0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+    0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+    0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+    0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+    0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+    0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+    0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+    0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+    0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+    0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+    0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+    0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+    0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+    0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+    0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+    0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+    0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+    0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+    0x53535300,0x18181800,0xf2f2f200,0x22222200,
+    0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+    0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+    0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+    0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+    0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+    0xa1a1a100,0x89898900,0x62626200,0x97979700,
+    0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+    0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+    0x10101000,0xc4c4c400,0x00000000,0x48484800,
+    0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+    0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+    0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+    0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+    0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+    0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+    0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+    0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+    0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+    0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+    0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+    0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+    0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+    0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+    0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+    0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+    0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+    0xd4d4d400,0x25252500,0xababab00,0x42424200,
+    0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+    0x72727200,0x07070700,0xb9b9b900,0x55555500,
+    0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+    0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+    0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+    0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+    0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+    0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+    0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+};
+
+static const uint32_t camellia_sp0222[256] = {
+    0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+    0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+    0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+    0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+    0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+    0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+    0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+    0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+    0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+    0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+    0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+    0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+    0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+    0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+    0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+    0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+    0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+    0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+    0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+    0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+    0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+    0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+    0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+    0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+    0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+    0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+    0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+    0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+    0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+    0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+    0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+    0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+    0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+    0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+    0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+    0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+    0x00202020,0x00898989,0x00000000,0x00909090,
+    0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+    0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+    0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+    0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+    0x009b9b9b,0x00949494,0x00212121,0x00666666,
+    0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+    0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+    0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+    0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+    0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+    0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+    0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+    0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+    0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+    0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+    0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+    0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+    0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+    0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+    0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+    0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+    0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+    0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+    0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+    0x00777777,0x00939393,0x00868686,0x00838383,
+    0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+    0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+};
+
+static const uint32_t camellia_sp3033[256] = {
+    0x38003838,0x41004141,0x16001616,0x76007676,
+    0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+    0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+    0x75007575,0x06000606,0x57005757,0xa000a0a0,
+    0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+    0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+    0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+    0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+    0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+    0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+    0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+    0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+    0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+    0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+    0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+    0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+    0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+    0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+    0x3a003a3a,0x09000909,0x95009595,0x10001010,
+    0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+    0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+    0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+    0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+    0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+    0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+    0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+    0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+    0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+    0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+    0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+    0x12001212,0x04000404,0x74007474,0x54005454,
+    0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+    0x55005555,0x68006868,0x50005050,0xbe00bebe,
+    0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+    0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+    0x70007070,0xff00ffff,0x32003232,0x69006969,
+    0x08000808,0x62006262,0x00000000,0x24002424,
+    0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+    0x45004545,0x81008181,0x73007373,0x6d006d6d,
+    0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+    0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+    0xe600e6e6,0x25002525,0x48004848,0x99009999,
+    0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+    0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+    0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+    0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+    0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+    0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+    0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+    0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+    0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+    0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+    0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+    0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+    0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+    0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+    0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+    0x7c007c7c,0x77007777,0x56005656,0x05000505,
+    0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+    0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+    0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+    0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+    0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+    0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+};
+
+static const uint32_t camellia_sp4404[256] = {
+    0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+    0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+    0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+    0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+    0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+    0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+    0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+    0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+    0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+    0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+    0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+    0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+    0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+    0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+    0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+    0x24240024,0xe8e800e8,0x60600060,0x69690069,
+    0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+    0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+    0x10100010,0x00000000,0xa3a300a3,0x75750075,
+    0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+    0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+    0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+    0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+    0x81810081,0x6f6f006f,0x13130013,0x63630063,
+    0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+    0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+    0x78780078,0x06060006,0xe7e700e7,0x71710071,
+    0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+    0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+    0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+    0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+    0x15150015,0xadad00ad,0x77770077,0x80800080,
+    0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+    0x85850085,0x35350035,0x0c0c000c,0x41410041,
+    0xefef00ef,0x93930093,0x19190019,0x21210021,
+    0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+    0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+    0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+    0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+    0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+    0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+    0x12120012,0x20200020,0xb1b100b1,0x99990099,
+    0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+    0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+    0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+    0x0f0f000f,0x16160016,0x18180018,0x22220022,
+    0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+    0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+    0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+    0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+    0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+    0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+    0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+    0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+    0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+    0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+    0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+    0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+    0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+    0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+    0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+    0x49490049,0x68680068,0x38380038,0xa4a400a4,
+    0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+    0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+};
+
+
+/*
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void
+camellia_setup128(const unsigned char *key, uint32_t *subkey)
+{
+    uint32_t kll, klr, krl, krr;
+    uint32_t il, ir, t0, t1, w0, w1;
+    uint32_t kw4l, kw4r, dw, tl, tr;
+    uint32_t subL[26];
+    uint32_t subR[26];
+
+    /*
+     *  k == kll || klr || krl || krr (|| is concatination)
+     */
+    kll = GETU32(key     );
+    klr = GETU32(key +  4);
+    krl = GETU32(key +  8);
+    krr = GETU32(key + 12);
+    /*
+     * generate KL dependent subkeys
+     */
+    subl(0) = kll; subr(0) = klr;
+    subl(1) = krl; subr(1) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(4) = kll; subr(4) = klr;
+    subl(5) = krl; subr(5) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(10) = kll; subr(10) = klr;
+    subl(11) = krl; subr(11) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(13) = krl; subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(16) = kll; subr(16) = klr;
+    subl(17) = krl; subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(18) = kll; subr(18) = klr;
+    subl(19) = krl; subr(19) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll; subr(22) = klr;
+    subl(23) = krl; subr(23) = krr;
+
+    /* generate KA */
+    kll = subl(0); klr = subr(0);
+    krl = subl(1); krr = subr(1);
+    CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+              w0, w1, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+              kll, klr, il, ir, t0, t1);
+    CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+              krl, krr, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+              w0, w1, il, ir, t0, t1);
+    kll ^= w0; klr ^= w1;
+
+    /* generate KA dependent subkeys */
+    subl(2) = kll; subr(2) = klr;
+    subl(3) = krl; subr(3) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll; subr(6) = klr;
+    subl(7) = krl; subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(8) = kll; subr(8) = klr;
+    subl(9) = krl; subr(9) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(12) = kll; subr(12) = klr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(14) = kll; subr(14) = klr;
+    subl(15) = krl; subr(15) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(20) = kll; subr(20) = klr;
+    subl(21) = krl; subr(21) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(24) = kll; subr(24) = klr;
+    subl(25) = krl; subr(25) = krr;
+
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1); subr(3) ^= subr(1);
+    subl(5) ^= subl(1); subr(5) ^= subr(1);
+    subl(7) ^= subl(1); subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1); subr(11) ^= subr(1);
+    subl(13) ^= subl(1); subr(13) ^= subr(1);
+    subl(15) ^= subl(1); subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1); subr(19) ^= subr(1);
+    subl(21) ^= subl(1); subr(21) ^= subr(1);
+    subl(23) ^= subl(1); subr(23) ^= subr(1);
+    subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(25); kw4r = subr(25);
+    subl(22) ^= kw4l; subr(22) ^= kw4r;
+    subl(20) ^= kw4l; subr(20) ^= kw4r;
+    subl(18) ^= kw4l; subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l; subr(14) ^= kw4r;
+    subl(12) ^= kw4l; subr(12) ^= kw4r;
+    subl(10) ^= kw4l; subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l; subr(6) ^= kw4r;
+    subl(4) ^= kw4l; subr(4) ^= kw4r;
+    subl(2) ^= kw4l; subr(2) ^= kw4r;
+    subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    SUBL(0) = subl(0) ^ subl(2);
+    SUBR(0) = subr(0) ^ subr(2);
+    SUBL(2) = subl(3);
+    SUBR(2) = subr(3);
+    SUBL(3) = subl(2) ^ subl(4);
+    SUBR(3) = subr(2) ^ subr(4);
+    SUBL(4) = subl(3) ^ subl(5);
+    SUBR(4) = subr(3) ^ subr(5);
+    SUBL(5) = subl(4) ^ subl(6);
+    SUBR(5) = subr(4) ^ subr(6);
+    SUBL(6) = subl(5) ^ subl(7);
+    SUBR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    SUBL(7) = subl(6) ^ tl;
+    SUBR(7) = subr(6) ^ tr;
+    SUBL(8) = subl(8);
+    SUBR(8) = subr(8);
+    SUBL(9) = subl(9);
+    SUBR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    SUBL(10) = tl ^ subl(11);
+    SUBR(10) = tr ^ subr(11);
+    SUBL(11) = subl(10) ^ subl(12);
+    SUBR(11) = subr(10) ^ subr(12);
+    SUBL(12) = subl(11) ^ subl(13);
+    SUBR(12) = subr(11) ^ subr(13);
+    SUBL(13) = subl(12) ^ subl(14);
+    SUBR(13) = subr(12) ^ subr(14);
+    SUBL(14) = subl(13) ^ subl(15);
+    SUBR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+    SUBL(15) = subl(14) ^ tl;
+    SUBR(15) = subr(14) ^ tr;
+    SUBL(16) = subl(16);
+    SUBR(16) = subr(16);
+    SUBL(17) = subl(17);
+    SUBR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+    SUBL(18) = tl ^ subl(19);
+    SUBR(18) = tr ^ subr(19);
+    SUBL(19) = subl(18) ^ subl(20);
+    SUBR(19) = subr(18) ^ subr(20);
+    SUBL(20) = subl(19) ^ subl(21);
+    SUBR(20) = subr(19) ^ subr(21);
+    SUBL(21) = subl(20) ^ subl(22);
+    SUBR(21) = subr(20) ^ subr(22);
+    SUBL(22) = subl(21) ^ subl(23);
+    SUBR(22) = subr(21) ^ subr(23);
+    SUBL(23) = subl(22);
+    SUBR(23) = subr(22);
+    SUBL(24) = subl(24) ^ subl(23);
+    SUBR(24) = subr(24) ^ subr(23);
+
+    /* apply the inverse of the last half of P-function */
+    dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
+    SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
+    dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
+    SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
+    dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
+    SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
+    dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
+    SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
+    dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
+    SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
+    dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
+    SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
+    dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
+    SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
+    dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
+    SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
+    dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
+    SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
+    dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
+    SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
+    dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
+    SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
+    dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
+    SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
+    dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
+    SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
+    dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
+    SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
+    dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
+    SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
+    dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
+    SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
+    dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
+    SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
+    dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
+    SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
+}
+
+void
+camellia_setup256(const unsigned char *key, uint32_t *subkey)
+{
+    uint32_t kll,klr,krl,krr;           /* left half of key */
+    uint32_t krll,krlr,krrl,krrr;       /* right half of key */
+    uint32_t il, ir, t0, t1, w0, w1;    /* temporary variables */
+    uint32_t kw4l, kw4r, dw, tl, tr;
+    uint32_t subL[34];
+    uint32_t subR[34];
+
+    /*
+     *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+     *  (|| is concatination)
+     */
+
+    kll  = GETU32(key     );
+    klr  = GETU32(key +  4);
+    krl  = GETU32(key +  8);
+    krr  = GETU32(key + 12);
+    krll = GETU32(key + 16);
+    krlr = GETU32(key + 20);
+    krrl = GETU32(key + 24);
+    krrr = GETU32(key + 28);
+
+    /* generate KL dependent subkeys */
+    subl(0) = kll; subr(0) = klr;
+    subl(1) = krl; subr(1) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+    subl(12) = kll; subr(12) = klr;
+    subl(13) = krl; subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(16) = kll; subr(16) = klr;
+    subl(17) = krl; subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll; subr(22) = klr;
+    subl(23) = krl; subr(23) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(30) = kll; subr(30) = klr;
+    subl(31) = krl; subr(31) = krr;
+
+    /* generate KR dependent subkeys */
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(4) = krll; subr(4) = krlr;
+    subl(5) = krrl; subr(5) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(8) = krll; subr(8) = krlr;
+    subl(9) = krrl; subr(9) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(18) = krll; subr(18) = krlr;
+    subl(19) = krrl; subr(19) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+    subl(26) = krll; subr(26) = krlr;
+    subl(27) = krrl; subr(27) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+    /* generate KA */
+    kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+    krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+    CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+              w0, w1, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+              kll, klr, il, ir, t0, t1);
+    kll ^= krll; klr ^= krlr;
+    CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+              krl, krr, il, ir, t0, t1);
+    krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+    CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+              w0, w1, il, ir, t0, t1);
+    kll ^= w0; klr ^= w1;
+
+    /* generate KB */
+    krll ^= kll; krlr ^= klr;
+    krrl ^= krl; krrr ^= krr;
+    CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+              w0, w1, il, ir, t0, t1);
+    krrl ^= w0; krrr ^= w1;
+    CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+              w0, w1, il, ir, t0, t1);
+    krll ^= w0; krlr ^= w1;
+
+    /* generate KA dependent subkeys */
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll; subr(6) = klr;
+    subl(7) = krl; subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(14) = kll; subr(14) = klr;
+    subl(15) = krl; subr(15) = krr;
+    subl(24) = klr; subr(24) = krl;
+    subl(25) = krr; subr(25) = kll;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+    subl(28) = kll; subr(28) = klr;
+    subl(29) = krl; subr(29) = krr;
+
+    /* generate KB dependent subkeys */
+    subl(2) = krll; subr(2) = krlr;
+    subl(3) = krrl; subr(3) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(10) = krll; subr(10) = krlr;
+    subl(11) = krrl; subr(11) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(20) = krll; subr(20) = krlr;
+    subl(21) = krrl; subr(21) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+    subl(32) = krll; subr(32) = krlr;
+    subl(33) = krrl; subr(33) = krrr;
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1); subr(3) ^= subr(1);
+    subl(5) ^= subl(1); subr(5) ^= subr(1);
+    subl(7) ^= subl(1); subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1); subr(11) ^= subr(1);
+    subl(13) ^= subl(1); subr(13) ^= subr(1);
+    subl(15) ^= subl(1); subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1); subr(19) ^= subr(1);
+    subl(21) ^= subl(1); subr(21) ^= subr(1);
+    subl(23) ^= subl(1); subr(23) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(25);
+    dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(27) ^= subl(1); subr(27) ^= subr(1);
+    subl(29) ^= subl(1); subr(29) ^= subr(1);
+    subl(31) ^= subl(1); subr(31) ^= subr(1);
+    subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(33); kw4r = subr(33);
+    subl(30) ^= kw4l; subr(30) ^= kw4r;
+    subl(28) ^= kw4l; subr(28) ^= kw4r;
+    subl(26) ^= kw4l; subr(26) ^= kw4r;
+    kw4l ^= kw4r & ~subr(24);
+    dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
+    subl(22) ^= kw4l; subr(22) ^= kw4r;
+    subl(20) ^= kw4l; subr(20) ^= kw4r;
+    subl(18) ^= kw4l; subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l; subr(14) ^= kw4r;
+    subl(12) ^= kw4l; subr(12) ^= kw4r;
+    subl(10) ^= kw4l; subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l; subr(6) ^= kw4r;
+    subl(4) ^= kw4l; subr(4) ^= kw4r;
+    subl(2) ^= kw4l; subr(2) ^= kw4r;
+    subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    SUBL(0) = subl(0) ^ subl(2);
+    SUBR(0) = subr(0) ^ subr(2);
+    SUBL(2) = subl(3);
+    SUBR(2) = subr(3);
+    SUBL(3) = subl(2) ^ subl(4);
+    SUBR(3) = subr(2) ^ subr(4);
+    SUBL(4) = subl(3) ^ subl(5);
+    SUBR(4) = subr(3) ^ subr(5);
+    SUBL(5) = subl(4) ^ subl(6);
+    SUBR(5) = subr(4) ^ subr(6);
+    SUBL(6) = subl(5) ^ subl(7);
+    SUBR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    SUBL(7) = subl(6) ^ tl;
+    SUBR(7) = subr(6) ^ tr;
+    SUBL(8) = subl(8);
+    SUBR(8) = subr(8);
+    SUBL(9) = subl(9);
+    SUBR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    SUBL(10) = tl ^ subl(11);
+    SUBR(10) = tr ^ subr(11);
+    SUBL(11) = subl(10) ^ subl(12);
+    SUBR(11) = subr(10) ^ subr(12);
+    SUBL(12) = subl(11) ^ subl(13);
+    SUBR(12) = subr(11) ^ subr(13);
+    SUBL(13) = subl(12) ^ subl(14);
+    SUBR(13) = subr(12) ^ subr(14);
+    SUBL(14) = subl(13) ^ subl(15);
+    SUBR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+    SUBL(15) = subl(14) ^ tl;
+    SUBR(15) = subr(14) ^ tr;
+    SUBL(16) = subl(16);
+    SUBR(16) = subr(16);
+    SUBL(17) = subl(17);
+    SUBR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+    SUBL(18) = tl ^ subl(19);
+    SUBR(18) = tr ^ subr(19);
+    SUBL(19) = subl(18) ^ subl(20);
+    SUBR(19) = subr(18) ^ subr(20);
+    SUBL(20) = subl(19) ^ subl(21);
+    SUBR(20) = subr(19) ^ subr(21);
+    SUBL(21) = subl(20) ^ subl(22);
+    SUBR(21) = subr(20) ^ subr(22);
+    SUBL(22) = subl(21) ^ subl(23);
+    SUBR(22) = subr(21) ^ subr(23);
+    tl = subl(26) ^ (subr(26) & ~subr(24));
+    dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
+    SUBL(23) = subl(22) ^ tl;
+    SUBR(23) = subr(22) ^ tr;
+    SUBL(24) = subl(24);
+    SUBR(24) = subr(24);
+    SUBL(25) = subl(25);
+    SUBR(25) = subr(25);
+    tl = subl(23) ^ (subr(23) & ~subr(25));
+    dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
+    SUBL(26) = tl ^ subl(27);
+    SUBR(26) = tr ^ subr(27);
+    SUBL(27) = subl(26) ^ subl(28);
+    SUBR(27) = subr(26) ^ subr(28);
+    SUBL(28) = subl(27) ^ subl(29);
+    SUBR(28) = subr(27) ^ subr(29);
+    SUBL(29) = subl(28) ^ subl(30);
+    SUBR(29) = subr(28) ^ subr(30);
+    SUBL(30) = subl(29) ^ subl(31);
+    SUBR(30) = subr(29) ^ subr(31);
+    SUBL(31) = subl(30);
+    SUBR(31) = subr(30);
+    SUBL(32) = subl(32) ^ subl(31);
+    SUBR(32) = subr(32) ^ subr(31);
+
+    /* apply the inverse of the last half of P-function */
+    dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
+    SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
+    dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
+    SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
+    dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
+    SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
+    dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
+    SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
+    dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
+    SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
+    dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
+    SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
+    dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
+    SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
+    dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
+    SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
+    dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
+    SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
+    dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
+    SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
+    dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
+    SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
+    dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
+    SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
+    dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
+    SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
+    dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
+    SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
+    dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
+    SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
+    dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
+    SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
+    dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
+    SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
+    dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
+    SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
+    dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw);
+    SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw;
+    dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw);
+    SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw;
+    dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw);
+    SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw;
+    dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw);
+    SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw;
+    dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw);
+    SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw;
+    dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw);
+    SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw;
+}
+
+void
+camellia_setup192(const unsigned char *key, uint32_t *subkey)
+{
+    unsigned char kk[32];
+    uint32_t krll, krlr, krrl,krrr;
+
+    memcpy(kk, key, 24);
+    memcpy((unsigned char *)&krll, key+16,4);
+    memcpy((unsigned char *)&krlr, key+20,4);
+    krrl = ~krll;
+    krrr = ~krlr;
+    memcpy(kk+24, (unsigned char *)&krrl, 4);
+    memcpy(kk+28, (unsigned char *)&krrr, 4);
+    camellia_setup256(kk, subkey);
+}
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ */
+void
+camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
+{
+    uint32_t il, ir, t0, t1;
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= SUBL(0);
+    io[1] ^= SUBR(0);
+    /* main iteration */
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
+                    io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= SUBL(24);
+    io[3] ^= SUBR(24);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+}
+
+void
+camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
+{
+    uint32_t il,ir,t0,t1;               /* temporary valiables */
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= SUBL(24);
+    io[1] ^= SUBR(24);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2),
+                    io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= SUBL(0);
+    io[3] ^= SUBR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void
+camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
+{
+    uint32_t il,ir,t0,t1;           /* temporary valiables */
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= SUBL(0);
+    io[1] ^= SUBR(0);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31),
+                    io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= SUBL(32);
+    io[3] ^= SUBR(32);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+}
+
+void
+camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
+{
+    uint32_t il,ir,t0,t1;           /* temporary valiables */
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= SUBL(32);
+    io[1] ^= SUBR(32);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10),
+                    io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8),
+                t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4),
+                    io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3),
+                    io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2),
+                    io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= SUBL(0);
+    io[3] ^= SUBR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+}
+
+void
+Camellia_Ekeygen(const int keyBitLength,
+                const unsigned char *rawKey,
+                uint32_t *subkey)
+{
+    KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256,
+           ("Invalid key size (%d).", keyBitLength));
+
+    switch(keyBitLength) {
+    case 128:
+       camellia_setup128(rawKey, subkey);
+       break;
+    case 192:
+       camellia_setup192(rawKey, subkey);
+       break;
+    case 256:
+       camellia_setup256(rawKey, subkey);
+       break;
+    default:
+       break;
+    }
+}
+void
+Camellia_EncryptBlock(const int keyBitLength,
+                     const unsigned char *plaintext,
+                     const uint32_t *subkey,
+                     unsigned char *ciphertext)
+{
+    uint32_t tmp[4];
+
+    tmp[0] = GETU32(plaintext);
+    tmp[1] = GETU32(plaintext + 4);
+    tmp[2] = GETU32(plaintext + 8);
+    tmp[3] = GETU32(plaintext + 12);
+
+    switch (keyBitLength) {
+    case 128:
+       camellia_encrypt128(subkey, tmp);
+       break;
+    case 192:
+       /* fall through */
+    case 256:
+       camellia_encrypt256(subkey, tmp);
+       break;
+    default:
+       break;
+    }
+
+    PUTU32(ciphertext,    tmp[0]);
+    PUTU32(ciphertext+4,  tmp[1]);
+    PUTU32(ciphertext+8,  tmp[2]);
+    PUTU32(ciphertext+12, tmp[3]);
+}
+
+void
+Camellia_DecryptBlock(const int keyBitLength,
+                     const unsigned char *ciphertext,
+                     const uint32_t *subkey,
+                     unsigned char *plaintext)
+{
+    uint32_t tmp[4];
+
+    tmp[0] = GETU32(ciphertext);
+    tmp[1] = GETU32(ciphertext + 4);
+    tmp[2] = GETU32(ciphertext + 8);
+    tmp[3] = GETU32(ciphertext + 12);
+
+    switch (keyBitLength) {
+    case 128:
+       camellia_decrypt128(subkey, tmp);
+       break;
+    case 192:
+       /* fall through */
+    case 256:
+       camellia_decrypt256(subkey, tmp);
+       break;
+    default:
+       break;
+    }
+
+    PUTU32(plaintext,    tmp[0]);
+    PUTU32(plaintext+4,  tmp[1]);
+    PUTU32(plaintext+8,  tmp[2]);
+    PUTU32(plaintext+12, tmp[3]);
+}
diff --git a/sys/crypto/camellia/camellia.h b/sys/crypto/camellia/camellia.h
new file mode 100644 (file)
index 0000000..58e5686
--- /dev/null
@@ -0,0 +1,69 @@
+/* camellia.h ver 1.1.0
+ *
+ * Copyright (c) 2006
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/crypto/camellia/camellia.h,v 1.1 2007/05/09 19:37:01 gnn Exp $
+ */
+
+#ifndef _CAMELLIA_H
+#define _CAMELLIA_H
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_SUBKEYWORD 68 /* (34*8/4) */
+
+typedef struct {
+    int        bits;                                 /* key-length */
+    uint32_t subkey[CAMELLIA_SUBKEYWORD]; /* encrypt/decrypt key schedule */
+} camellia_ctx;
+
+void camellia_set_key(camellia_ctx *, const u_char *, int);
+void camellia_decrypt(const camellia_ctx *, const u_char *, u_char *);
+void camellia_encrypt(const camellia_ctx *, const u_char *, u_char *);
+
+
+void Camellia_Ekeygen(const int keyBitLength,
+                     const unsigned char *rawKey,
+                     uint32_t *subkey);
+
+void Camellia_EncryptBlock(const int keyBitLength,
+                          const unsigned char *plaintext,
+                          const uint32_t *subkey,
+                          unsigned char *cipherText);
+
+void Camellia_DecryptBlock(const int keyBitLength,
+                          const unsigned char *cipherText,
+                          const uint32_t *subkey,
+                          unsigned char *plaintext);
+
+void camellia_setup128(const unsigned char *key, uint32_t *subkey);
+void camellia_setup192(const unsigned char *key, uint32_t *subkey);
+void camellia_setup256(const unsigned char *key, uint32_t *subkey);
+void camellia_encrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_encrypt256(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt256(const uint32_t *subkey, uint32_t *io);
+
+
+#endif /* _CAMELLIA_H */
diff --git a/sys/crypto/cast128/cast128.c b/sys/crypto/cast128/cast128.c
deleted file mode 100644 (file)
index 2841c62..0000000
+++ /dev/null
@@ -1,888 +0,0 @@
-/*     $FreeBSD: src/sys/crypto/cast128/cast128.c,v 1.1.2.3 2001/12/05 05:54:57 ume Exp $      */
-/*     $DragonFly: src/sys/crypto/cast128/cast128.c,v 1.2 2003/06/17 04:28:20 dillon Exp $     */
-/*     $KAME: cast128.c,v 1.5 2001/11/27 09:47:32 sakane Exp $ */
-
-/*
- * heavily modified by Tomomi Suzuki <suzuki@grelot.elec.ryukoku.ac.jp>
- */
-/*
- * The CAST-128 Encryption Algorithm (RFC 2144)
- *
- * original implementation <Hideo "Sir MaNMOS" Morisita>
- * 1997/08/21
- */
-/*
- * Copyright (C) 1997 Hideo "Sir MANMOS" Morishita
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY Hideo "Sir MaNMOS" Morishita ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL Hideo "Sir MaNMOS" Morishita BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <crypto/cast128/cast128.h>
-#include <crypto/cast128/cast128_subkey.h>
-
-
-static u_int32_t S1[];
-static u_int32_t S2[];
-static u_int32_t S3[];
-static u_int32_t S4[];
-static u_int32_t S5[];
-static u_int32_t S6[];
-static u_int32_t S7[];
-static u_int32_t S8[];
-
-
-/*
- * Step 1
- */
-void set_cast128_subkey(u_int32_t *subkey, u_int8_t *key0, int keylen)
-{
-       u_int32_t buf[8]; /* for x0x1x2x3, x4x5x6x7 ..., z0z1z2z3, ... */
-       u_int32_t key[16];
-       int i;
-
-       /*
-        * the key has to be initilized.  should it be logged when the key
-        * length is more than 16 bytes ?  anyway, ignore it at this moment.
-        */
-       if (keylen > 16)
-               keylen = 16;
-       for (i = 0; i < keylen; i++)
-               key[i] = key0[i];
-       while (i < 16)
-               key[i++] = 0;
-
-       buf[0] = (key[ 0] << 24) | (key[ 1] << 16) | (key[ 2] << 8)
-               | key[ 3];
-       buf[1] = (key[ 4] << 24) | (key[ 5] << 16) | (key[ 6] << 8)
-               | key[ 7];
-       buf[2] = (key[ 8] << 24) | (key[ 9] << 16) | (key[10] << 8)
-               | key[11];
-       buf[3] = (key[12] << 24) | (key[13] << 16) | (key[14] << 8)
-               | key[15];
-
-       /* masking subkey */
-       z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
-       z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
-       z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
-       zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
-       subkey[0]  = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2];
-       subkey[1]  = S5[zA] ^ S6[zB] ^ S7[z5] ^ S8[z4] ^ S6[z6];
-       subkey[2]  = S5[zC] ^ S6[zD] ^ S7[z3] ^ S8[z2] ^ S7[z9];
-       subkey[3]  = S5[zE] ^ S6[zF] ^ S7[z1] ^ S8[z0] ^ S8[zC];
-
-       x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
-       x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
-       x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
-       xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
-       subkey[4]  = S5[x3] ^ S6[x2] ^ S7[xC] ^ S8[xD] ^ S5[x8];
-       subkey[5]  = S5[x1] ^ S6[x0] ^ S7[xE] ^ S8[xF] ^ S6[xD];
-       subkey[6]  = S5[x7] ^ S6[x6] ^ S7[x8] ^ S8[x9] ^ S7[x3];
-       subkey[7]  = S5[x5] ^ S6[x4] ^ S7[xA] ^ S8[xB] ^ S8[x7];
-
-       z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
-       z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
-       z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
-       zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
-       subkey[8]  = S5[z3] ^ S6[z2] ^ S7[zC] ^ S8[zD] ^ S5[z9];
-       subkey[9]  = S5[z1] ^ S6[z0] ^ S7[zE] ^ S8[zF] ^ S6[zC];
-       subkey[10] = S5[z7] ^ S6[z6] ^ S7[z8] ^ S8[z9] ^ S7[z2];
-       subkey[11] = S5[z5] ^ S6[z4] ^ S7[zA] ^ S8[zB] ^ S8[z6];
-
-       x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
-       x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
-       x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
-       xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
-       subkey[12] = S5[x8] ^ S6[x9] ^ S7[x7] ^ S8[x6] ^ S5[x3];
-       subkey[13] = S5[xA] ^ S6[xB] ^ S7[x5] ^ S8[x4] ^ S6[x7];
-       subkey[14] = S5[xC] ^ S6[xD] ^ S7[x3] ^ S8[x2] ^ S7[x8];
-       subkey[15] = S5[xE] ^ S6[xF] ^ S7[x1] ^ S8[x0] ^ S8[xD];
-
-       /* rotate subkey (least significast 5 bits) */
-       z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
-       z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
-       z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
-       zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
-       subkey[16] = (S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]) & 0x1f;
-       subkey[17] = (S5[zA] ^ S6[zB] ^ S7[z5] ^ S8[z4] ^ S6[z6]) & 0x1f;
-       subkey[18] = (S5[zC] ^ S6[zD] ^ S7[z3] ^ S8[z2] ^ S7[z9]) & 0x1f;
-       subkey[19] = (S5[zE] ^ S6[zF] ^ S7[z1] ^ S8[z0] ^ S8[zC]) & 0x1f;
-
-       x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
-       x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
-       x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
-       xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
-       subkey[20] = (S5[x3] ^ S6[x2] ^ S7[xC] ^ S8[xD] ^ S5[x8]) & 0x1f;
-       subkey[21] = (S5[x1] ^ S6[x0] ^ S7[xE] ^ S8[xF] ^ S6[xD]) & 0x1f;
-       subkey[22] = (S5[x7] ^ S6[x6] ^ S7[x8] ^ S8[x9] ^ S7[x3]) & 0x1f;
-       subkey[23] = (S5[x5] ^ S6[x4] ^ S7[xA] ^ S8[xB] ^ S8[x7]) & 0x1f;
-
-       z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8];
-       z4z5z6z7 = x8x9xAxB ^ S5[z0] ^ S6[z2] ^ S7[z1] ^ S8[z3] ^ S8[xA];
-       z8z9zAzB = xCxDxExF ^ S5[z7] ^ S6[z6] ^ S7[z5] ^ S8[z4] ^ S5[x9];
-       zCzDzEzF = x4x5x6x7 ^ S5[zA] ^ S6[z9] ^ S7[zB] ^ S8[z8] ^ S6[xB];
-       subkey[24] = (S5[z3] ^ S6[z2] ^ S7[zC] ^ S8[zD] ^ S5[z9]) & 0x1f;
-       subkey[25] = (S5[z1] ^ S6[z0] ^ S7[zE] ^ S8[zF] ^ S6[zC]) & 0x1f;
-       subkey[26] = (S5[z7] ^ S6[z6] ^ S7[z8] ^ S8[z9] ^ S7[z2]) & 0x1f;
-       subkey[27] = (S5[z5] ^ S6[z4] ^ S7[zA] ^ S8[zB] ^ S8[z6]) & 0x1f;
-
-       x0x1x2x3 = z8z9zAzB ^ S5[z5] ^ S6[z7] ^ S7[z4] ^ S8[z6] ^ S7[z0];
-       x4x5x6x7 = z0z1z2z3 ^ S5[x0] ^ S6[x2] ^ S7[x1] ^ S8[x3] ^ S8[z2];
-       x8x9xAxB = z4z5z6z7 ^ S5[x7] ^ S6[x6] ^ S7[x5] ^ S8[x4] ^ S5[z1];
-       xCxDxExF = zCzDzEzF ^ S5[xA] ^ S6[x9] ^ S7[xB] ^ S8[x8] ^ S6[z3];
-       subkey[28] = (S5[x8] ^ S6[x9] ^ S7[x7] ^ S8[x6] ^ S5[x3]) & 0x1f;
-       subkey[29] = (S5[xA] ^ S6[xB] ^ S7[x5] ^ S8[x4] ^ S6[x7]) & 0x1f;
-       subkey[30] = (S5[xC] ^ S6[xD] ^ S7[x3] ^ S8[x2] ^ S7[x8]) & 0x1f;
-       subkey[31] = (S5[xE] ^ S6[xF] ^ S7[x1] ^ S8[x0] ^ S8[xD]) & 0x1f;
-}
-
-
-#define        CAST128_TYPE1(rc, d, km, kr) { \
-       u_int32_t x = circular_leftshift(((km)+(d)), (kr)); \
-       (rc) = ((S1[byte0(x)] ^ S2[byte1(x)]) - S3[byte2(x)]) + S4[byte3(x)]; \
-}
-
-#define        CAST128_TYPE2(rc, d, km, kr) { \
-       u_int32_t x = circular_leftshift(((km)^(d)), (kr)); \
-       (rc) = ((S1[byte0(x)] - S2[byte1(x)]) + S3[byte2(x)]) ^ S4[byte3(x)]; \
-}
-
-#define        CAST128_TYPE3(rc, d, km, kr) { \
-       u_int32_t x = circular_leftshift(((km)-(d)), (kr)); \
-       (rc) = ((S1[byte0(x)] + S2[byte1(x)]) ^ S3[byte2(x)]) - S4[byte3(x)]; \
-}
-
-
-void cast128_encrypt_round16(u_int8_t *c, const u_int8_t *m,
-                               u_int32_t *subkey)
-{
-       u_int32_t l;    /* left 32bit */
-       u_int32_t r;    /* right 32bit */
-       u_int32_t br;   /* backup right 32bit */
-       u_int32_t rc;   /* result code of CAST128_TYPE?() */
-       u_int32_t *km, *kr;
-
-       /* Step 2 */
-       l = (m[0] << 24) | (m[1] << 16) | (m[2] << 8) | m[3];
-       r = (m[4] << 24) | (m[5] << 16) | (m[6] << 8) | m[7];
-
-       /* Step 3 */
-       km = subkey;
-       kr = subkey + 16;
-
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br;
-
-       /* Step 4 */
-       c[0] = (r >> 24) & 0xff;
-       c[1] = (r >> 16) & 0xff;
-       c[2] = (r >> 8) & 0xff;
-       c[3] = r & 0xff;
-       c[4] = (l >> 24) & 0xff;
-       c[5] = (l >> 16) & 0xff;
-       c[6] = (l >> 8) & 0xff;
-       c[7] = l & 0xff;
-}
-
-
-void cast128_decrypt_round16(u_int8_t *m, const u_int8_t *c,
-                               u_int32_t *subkey)
-{
-       u_int32_t l;    /* left 32bit */
-       u_int32_t r;    /* right 32bit */
-       u_int32_t bl;   /* backup left 32bit */
-       u_int32_t rc;   /* result code of CAST128_TYPE?() */
-       u_int32_t *km, *kr;
-
-       /* Step 2 */
-       r = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
-       l = (c[4] << 24) | (c[5] << 16) | (c[6] << 8) | c[7];
-
-       /* Step 3 */
-       km = subkey + 15;
-       kr = subkey + 31;
-
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl;
-
-       /* Step 4 */
-       m[0] = (l >> 24) & 0xff;
-       m[1] = (l >> 16) & 0xff;
-       m[2] = (l >> 8) & 0xff;
-       m[3] = l & 0xff;
-       m[4] = (r >> 24) & 0xff;
-       m[5] = (r >> 16) & 0xff;
-       m[6] = (r >> 8) & 0xff;
-       m[7] = r & 0xff;
-}
-
-
-void cast128_encrypt_round12(u_int8_t *c, const u_int8_t *m,
-                               u_int32_t *subkey)
-{
-       u_int32_t l;    /* left 32bit */
-       u_int32_t r;    /* right 32bit */
-       u_int32_t br;   /* backup right 32bit */
-       u_int32_t rc;   /* result code of CAST128_TYPE?() */
-       u_int32_t *km, *kr;
-
-       /* Step 2 */
-       l = (m[0] << 24) | (m[1] << 16) | (m[2] << 8) | m[3];
-       r = (m[4] << 24) | (m[5] << 16) | (m[6] << 8) | m[7];
-
-       /* Step 3 */
-       km = subkey;
-       kr = subkey + 16;
-
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE1(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE2(rc, r, *km, *kr); r = l ^ rc; l = br; km++; kr++;
-       br = r; CAST128_TYPE3(rc, r, *km, *kr); r = l ^ rc; l = br;
-
-       /* Step 4 */
-       c[0] = (r >> 24) & 0xff;
-       c[1] = (r >> 16) & 0xff;
-       c[2] = (r >> 8) & 0xff;
-       c[3] = r & 0xff;
-       c[4] = (l >> 24) & 0xff;
-       c[5] = (l >> 16) & 0xff;
-       c[6] = (l >> 8) & 0xff;
-       c[7] = l & 0xff;
-}
-
-
-void cast128_decrypt_round12(u_int8_t *m, const u_int8_t *c,
-                               u_int32_t *subkey)
-{
-       u_int32_t l;    /* left 32bit */
-       u_int32_t r;    /* right 32bit */
-       u_int32_t bl;   /* backup left 32bit */
-       u_int32_t rc;   /* result code of CAST128_TYPE?() */
-       u_int32_t *km, *kr;
-
-       /* Step 2 */
-       r = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
-       l = (c[4] << 24) | (c[5] << 16) | (c[6] << 8) | c[7];
-
-       /* Step 3 */
-       km = subkey + 11;
-       kr = subkey + 27;
-
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE3(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE2(rc, l, *km, *kr); l = r ^ rc; r = bl; km--; kr--;
-       bl = l; CAST128_TYPE1(rc, l, *km, *kr); l = r ^ rc; r = bl;
-
-       /* Step 4 */
-       m[0] = (l >> 24) & 0xff;
-       m[1] = (l >> 16) & 0xff;
-       m[2] = (l >> 8) & 0xff;
-       m[3] = l & 0xff;
-       m[4] = (r >> 24) & 0xff;
-       m[5] = (r >> 16) & 0xff;
-       m[6] = (r >> 8) & 0xff;
-       m[7] = r & 0xff;
-}
-
-
-static u_int32_t S1[] = {
-       0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
-       0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
-       0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
-       0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
-       0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2,
-       0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
-       0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f,
-       0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
-       0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de,
-       0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
-       0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f,
-       0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
-       0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d,
-       0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
-       0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165,
-       0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
-       0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272,
-       0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
-       0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d,
-       0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
-       0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a,
-       0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
-       0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f,
-       0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
-       0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9,
-       0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
-       0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6,
-       0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
-       0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9,
-       0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
-       0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e,
-       0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
-       0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e,
-       0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
-       0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82,
-       0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
-       0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac,
-       0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
-       0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f,
-       0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
-       0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491,
-       0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
-       0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de,
-       0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
-       0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a,
-       0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
-       0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79,
-       0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
-       0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779,
-       0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
-       0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755,
-       0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
-       0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb,
-       0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
-       0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0,
-       0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
-       0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79,
-       0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
-       0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298,
-       0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
-       0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571,
-       0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
-       0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d,
-       0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
-};
-
-static u_int32_t S2[] = {
-       0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
-       0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
-       0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
-       0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
-       0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909,
-       0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
-       0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b,
-       0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
-       0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4,
-       0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
-       0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f,
-       0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
-       0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21,
-       0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
-       0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d,
-       0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
-       0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f,
-       0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
-       0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d,
-       0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
-       0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4,
-       0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
-       0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801,
-       0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
-       0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755,
-       0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
-       0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709,
-       0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
-       0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b,
-       0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
-       0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c,
-       0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
-       0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9,
-       0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
-       0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3,
-       0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
-       0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9,
-       0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
-       0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab,
-       0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
-       0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4,
-       0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
-       0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43,
-       0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
-       0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8,
-       0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
-       0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171,
-       0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
-       0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89,
-       0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
-       0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b,
-       0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
-       0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb,
-       0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
-       0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e,
-       0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
-       0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea,
-       0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
-       0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea,
-       0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
-       0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd,
-       0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
-       0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef,
-       0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
-};
-
-static u_int32_t S3[] = {
-       0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
-       0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
-       0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
-       0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
-       0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e,
-       0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
-       0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc,
-       0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
-       0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e,
-       0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
-       0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f,
-       0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
-       0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99,
-       0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
-       0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f,
-       0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
-       0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380,
-       0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
-       0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8,
-       0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
-       0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504,
-       0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
-       0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6,
-       0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
-       0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e,
-       0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
-       0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d,
-       0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
-       0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1,
-       0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
-       0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c,
-       0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
-       0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15,
-       0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
-       0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4,
-       0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
-       0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b,
-       0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
-       0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392,
-       0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
-       0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231,
-       0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
-       0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889,
-       0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
-       0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67,
-       0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
-       0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49,
-       0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
-       0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d,
-       0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
-       0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d,
-       0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
-       0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e,
-       0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
-       0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767,
-       0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
-       0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce,
-       0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
-       0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24,
-       0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
-       0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0,
-       0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
-       0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5,
-       0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
-};
-
-static u_int32_t S4[] = {
-       0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
-       0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
-       0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
-       0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
-       0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220,
-       0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
-       0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe,
-       0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
-       0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701,
-       0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
-       0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b,
-       0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
-       0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93,
-       0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
-       0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746,
-       0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
-       0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9,
-       0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
-       0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb,
-       0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
-       0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c,
-       0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
-       0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7,
-       0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
-       0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340,
-       0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
-       0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327,
-       0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
-       0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec,
-       0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
-       0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205,
-       0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
-       0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031,
-       0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
-       0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5,
-       0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
-       0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c,
-       0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
-       0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69,
-       0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
-       0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9,
-       0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
-       0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff,
-       0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
-       0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3,
-       0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
-       0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2,
-       0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
-       0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff,
-       0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
-       0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091,
-       0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
-       0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df,
-       0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
-       0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf,
-       0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
-       0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367,
-       0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
-       0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c,
-       0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
-       0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43,
-       0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
-       0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e,
-       0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
-};
-
-static u_int32_t S5[] = {
-       0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
-       0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
-       0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
-       0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
-       0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180,
-       0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
-       0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2,
-       0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
-       0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725,
-       0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
-       0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b,
-       0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
-       0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571,
-       0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
-       0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec,
-       0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
-       0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea,
-       0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
-       0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263,
-       0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
-       0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468,
-       0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
-       0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b,
-       0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
-       0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284,
-       0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
-       0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4,
-       0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
-       0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7,
-       0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
-       0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce,
-       0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
-       0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6,
-       0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
-       0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4,
-       0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
-       0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561,
-       0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
-       0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6,
-       0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
-       0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406,
-       0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
-       0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472,
-       0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
-       0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487,
-       0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
-       0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288,
-       0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
-       0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2,
-       0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
-       0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78,
-       0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
-       0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76,
-       0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
-       0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0,
-       0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
-       0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58,
-       0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
-       0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2,
-       0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
-       0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be,
-       0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
-       0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55,
-       0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
-};
-
-static u_int32_t S6[] = {
-       0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
-       0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
-       0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
-       0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
-       0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e,
-       0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
-       0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866,
-       0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
-       0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c,
-       0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
-       0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd,
-       0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
-       0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53,
-       0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
-       0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d,
-       0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
-       0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf,
-       0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
-       0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807,
-       0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
-       0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a,
-       0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
-       0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563,
-       0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
-       0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0,
-       0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
-       0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be,
-       0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
-       0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0,
-       0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
-       0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2,
-       0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
-       0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853,
-       0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
-       0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa,
-       0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
-       0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9,
-       0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
-       0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751,
-       0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
-       0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358,
-       0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
-       0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397,
-       0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
-       0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459,
-       0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
-       0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4,
-       0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
-       0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f,
-       0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
-       0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb,
-       0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
-       0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2,
-       0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
-       0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab,
-       0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
-       0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b,
-       0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
-       0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b,
-       0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
-       0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855,
-       0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
-       0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454,
-       0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
-};
-
-static u_int32_t S7[] = {
-       0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
-       0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
-       0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
-       0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
-       0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd,
-       0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
-       0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f,
-       0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
-       0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9,
-       0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
-       0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e,
-       0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
-       0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83,
-       0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
-       0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e,
-       0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
-       0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a,
-       0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
-       0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f,
-       0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
-       0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b,
-       0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
-       0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78,
-       0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
-       0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d,
-       0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
-       0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802,
-       0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
-       0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9,
-       0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
-       0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302,
-       0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
-       0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858,
-       0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
-       0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a,
-       0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
-       0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4,
-       0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
-       0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df,
-       0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
-       0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9,
-       0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
-       0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c,
-       0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
-       0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07,
-       0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
-       0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939,
-       0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
-       0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e,
-       0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
-       0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378,
-       0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
-       0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd,
-       0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
-       0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567,
-       0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
-       0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2,
-       0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
-       0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf,
-       0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
-       0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2,
-       0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
-       0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada,
-       0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
-};
-
-static u_int32_t S8[] = {
-       0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
-       0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
-       0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
-       0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
-       0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940,
-       0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
-       0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42,
-       0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
-       0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164,
-       0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
-       0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4,
-       0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
-       0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0,
-       0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
-       0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6,
-       0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
-       0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491,
-       0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
-       0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b,
-       0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
-       0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8,
-       0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
-       0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006,
-       0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
-       0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564,
-       0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
-       0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab,
-       0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
-       0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc,
-       0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
-       0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8,
-       0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
-       0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441,
-       0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
-       0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f,
-       0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
-       0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504,
-       0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
-       0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c,
-       0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
-       0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6,
-       0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
-       0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd,
-       0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
-       0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4,
-       0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
-       0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc,
-       0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
-       0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba,
-       0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
-       0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf,
-       0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
-       0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603,
-       0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
-       0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37,
-       0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
-       0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819,
-       0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
-       0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d,
-       0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
-       0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347,
-       0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
-       0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d,
-       0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
-};
-
diff --git a/sys/crypto/cast128/cast128.h b/sys/crypto/cast128/cast128.h
deleted file mode 100644 (file)
index b43e5d4..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-/*     $FreeBSD: src/sys/crypto/cast128/cast128.h,v 1.1.2.3 2001/12/05 05:54:57 ume Exp $      */
-/*     $DragonFly: src/sys/crypto/cast128/cast128.h,v 1.3 2003/08/27 10:59:04 rob Exp $        */
-/*     $KAME: cast128.h,v 1.7 2001/11/27 09:47:32 sakane Exp $ */
-
-/*
- * heavily modified by Tomomi Suzuki <suzuki@grelot.elec.ryukoku.ac.jp>
- */
-/*
- * The CAST-128 Encryption Algorithm (RFC 2144)
- *
- * original implementation <Hideo "Sir MaNMOS" Morisita>
- * 1997/08/21
- */
-/*
- * Copyright (C) 1997 Hideo "Sir MANMOS" Morishita
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY Hideo "Sir MaNMOS" Morishita ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL Hideo "Sir MaNMOS" Morishita BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef RFC2144_CAST_128_H
-#define RFC2144_CAST_128_H
-
-#include <sys/param.h>
-
-
-#define        CAST128_ENCRYPT 1
-#define        CAST128_DECRYPT 0
-
-
-extern void set_cast128_subkey (u_int32_t *, u_int8_t *, int);
-extern void cast128_encrypt_round16 (u_int8_t *, const u_int8_t *,
-                                       u_int32_t *);
-extern void cast128_decrypt_round16 (u_int8_t *, const u_int8_t *,
-                                       u_int32_t *);
-extern void cast128_encrypt_round12 (u_int8_t *, const u_int8_t *,
-                                       u_int32_t *);
-extern void cast128_decrypt_round12 (u_int8_t *, const u_int8_t *,
-                                       u_int32_t *);
-#endif
-
diff --git a/sys/crypto/cast128/cast128_subkey.h b/sys/crypto/cast128/cast128_subkey.h
deleted file mode 100644 (file)
index 315c65f..0000000
+++ /dev/null
@@ -1,93 +0,0 @@
-/*     $FreeBSD: src/sys/crypto/cast128/cast128_subkey.h,v 1.1.2.1 2000/07/15 07:14:21 kris Exp $      */
-/*     $DragonFly: src/sys/crypto/cast128/cast128_subkey.h,v 1.2 2003/06/17 04:28:20 dillon Exp $      */
-/*     $KAME: cast128_subkey.h,v 1.3 2000/03/27 04:36:30 sumikawa Exp $        */
-
-/*
- * heavily modified by Tomomi Suzuki <suzuki@grelot.elec.ryukoku.ac.jp>
- */
-/*
- * The CAST-128 Encryption Algorithm (RFC 2144)
- *
- * original implementation <Hideo "Sir MaNMOS" Morisita>
- * 1997/08/21
- */
-/*
- * Copyright (C) 1997 Hideo "Sir MANMOS" Morishita
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY Hideo "Sir MaNMOS" Morishita ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL Hideo "Sir MaNMOS" Morishita BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef RFC2144_CAST_128_SUBKEY_H
-#define RFC2144_CAST_128_SUBKEY_H
-
-#define x0x1x2x3 buf[0]
-#define x4x5x6x7 buf[1]
-#define x8x9xAxB buf[2]
-#define xCxDxExF buf[3]
-#define z0z1z2z3 buf[4]
-#define z4z5z6z7 buf[5]
-#define z8z9zAzB buf[6]
-#define zCzDzEzF buf[7]
-
-#define byte0(x) (((x) >> 24))
-#define byte1(x) (((x) >> 16) & 0xff)
-#define byte2(x) (((x) >> 8) & 0xff)
-#define byte3(x) (((x)) & 0xff)
-
-#define x0 byte0(buf[0])
-#define x1 byte1(buf[0])
-#define x2 byte2(buf[0])
-#define x3 byte3(buf[0])
-#define x4 byte0(buf[1])
-#define x5 byte1(buf[1])
-#define x6 byte2(buf[1])
-#define x7 byte3(buf[1])
-#define x8 byte0(buf[2])
-#define x9 byte1(buf[2])
-#define xA byte2(buf[2])
-#define xB byte3(buf[2])
-#define xC byte0(buf[3])
-#define xD byte1(buf[3])
-#define xE byte2(buf[3])
-#define xF byte3(buf[3])
-#define z0 byte0(buf[4])
-#define z1 byte1(buf[4])
-#define z2 byte2(buf[4])
-#define z3 byte3(buf[4])
-#define z4 byte0(buf[5])
-#define z5 byte1(buf[5])
-#define z6 byte2(buf[5])
-#define z7 byte3(buf[5])
-#define z8 byte0(buf[6])
-#define z9 byte1(buf[6])
-#define zA byte2(buf[6])
-#define zB byte3(buf[6])
-#define zC byte0(buf[7])
-#define zD byte1(buf[7])
-#define zE byte2(buf[7])
-#define zF byte3(buf[7])
-
-#define circular_leftshift(x, y) ( ((x) << (y)) | ((x) >> (32-(y))) )
-
-#endif
-
index 26f7a9a..c66ae26 100644 (file)
@@ -1,6 +1,5 @@
 /* $NetBSD: des_enc.S,v 1.1 2001/09/09 11:01:02 tls Exp $ */
-/* $FreeBSD: src/sys/crypto/des/arch/i386/des_enc.S,v 1.1.2.1 2002/03/26 10:12:25 ume Exp $ */
-/* $DragonFly: src/sys/crypto/des/arch/i386/des_enc.S,v 1.4 2006/10/23 21:50:31 dillon Exp $ */
+/* $FreeBSD: src/sys/crypto/des/arch/i386/des_enc.S,v 1.2 2003/04/21 16:30:12 obrien Exp $ */
 
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
index 99a4778..1596f68 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/des/des.h,v 1.1.2.3 2002/03/26 10:12:24 ume Exp $      */
-/*     $DragonFly: src/sys/crypto/des/des.h,v 1.3 2003/08/27 10:59:04 rob Exp $        */
+/*     $FreeBSD: src/sys/crypto/des/des.h,v 1.6 2002/03/20 05:13:51 alfred Exp $       */
 /*     $KAME: des.h,v 1.8 2001/09/10 04:03:57 itojun Exp $     */
 
 /* lib/des/des.h */
@@ -82,35 +81,34 @@ typedef struct des_ks_struct
 
 extern int des_check_key;      /* defaults to false */
 
-char *des_options (void);
-void des_ecb_encrypt (des_cblock *, des_cblock *,
-       des_key_schedule, int);
+char *des_options(void);
+void des_ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, int);
 
-void des_encrypt1 (DES_LONG *, des_key_schedule, int);
-void des_encrypt2 (DES_LONG *, des_key_schedule, int);
-void des_encrypt3 (DES_LONG *, des_key_schedule, des_key_schedule,
+void des_encrypt1(DES_LONG *, des_key_schedule, int);
+void des_encrypt2(DES_LONG *, des_key_schedule, int);
+void des_encrypt3(DES_LONG *, des_key_schedule, des_key_schedule,
                      des_key_schedule);
-void des_decrypt3 (DES_LONG *, des_key_schedule, des_key_schedule,
+void des_decrypt3(DES_LONG *, des_key_schedule, des_key_schedule,
                      des_key_schedule);
 
-void des_ecb3_encrypt (des_cblock *, des_cblock *, des_key_schedule, 
+void des_ecb3_encrypt(des_cblock *, des_cblock *, des_key_schedule,
                          des_key_schedule, des_key_schedule, int);
 
-void des_ncbc_encrypt (const unsigned char *, unsigned char *, long,
+void des_ncbc_encrypt(const unsigned char *, unsigned char *, long,
                          des_key_schedule, des_cblock *, int);
 
 void des_ede3_cbc_encrypt(const unsigned char *, unsigned char *, long,
                          des_key_schedule, des_key_schedule, 
                          des_key_schedule, des_cblock *, int);
 
-void des_set_odd_parity (des_cblock *);
-void des_fixup_key_parity (des_cblock *); 
-int des_is_weak_key (des_cblock *);
-int des_set_key (des_cblock *, des_key_schedule);
-int des_key_sched (des_cblock *, des_key_schedule);
-int des_set_key_checked (des_cblock *, des_key_schedule);
-void des_set_key_unchecked (des_cblock *, des_key_schedule);
-int des_check_key_parity (des_cblock *);
+void des_set_odd_parity(des_cblock *);
+void des_fixup_key_parity(des_cblock *);
+int des_is_weak_key(des_cblock *);
+int des_set_key(des_cblock *, des_key_schedule);
+int des_key_sched(des_cblock *, des_key_schedule);
+int des_set_key_checked(des_cblock *, des_key_schedule);
+void des_set_key_unchecked(des_cblock *, des_key_schedule);
+int des_check_key_parity(des_cblock *);
 
 #ifdef  __cplusplus
 }
index ea84be7..02af650 100644 (file)
@@ -1,8 +1,8 @@
-/*     $FreeBSD: src/sys/crypto/des/des_ecb.c,v 1.1.2.3 2002/03/26 10:12:24 ume Exp $  */
-/*     $DragonFly: src/sys/crypto/des/des_ecb.c,v 1.4 2006/12/20 18:14:37 dillon Exp $ */
+/*     $FreeBSD: src/sys/crypto/des/des_ecb.c,v 1.6 2004/06/14 00:38:54 obrien Exp $   */
 /*     $KAME: des_ecb.c,v 1.6 2001/09/10 04:03:58 itojun Exp $ */
 
 /* crypto/des/ecb_enc.c */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@mincom.oz.au)
  * All rights reserved.
  *
index 49fad89..b7c0022 100644 (file)
@@ -1,8 +1,8 @@
-/*     $KAME: kame/kame/sys/crypto/des/des_enc.c,v 1.1 2001/09/10 04:03:58 itojun Exp $        */
-/*     $FreeBSD: src/sys/crypto/des/des_enc.c,v 1.1.2.1 2002/03/26 10:12:24 ume Exp $  */
-/*     $DragonFly: src/sys/crypto/des/des_enc.c,v 1.3 2003/07/26 14:12:24 rob Exp $    */
+/*     $KAME: des_enc.c,v 1.1 2001/09/10 04:03:58 itojun Exp $ */
+/*     $FreeBSD: src/sys/crypto/des/des_enc.c,v 1.2 2004/06/14 00:38:54 obrien Exp $   */
 
 /* crypto/des/des_enc.c */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
index 46fccd3..b68db3f 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/des/des_locl.h,v 1.2.2.3 2002/03/26 10:12:25 ume Exp $ */
-/*     $DragonFly: src/sys/crypto/des/des_locl.h,v 1.3 2003/07/26 14:12:24 rob Exp $   */
+/*     $FreeBSD: src/sys/crypto/des/des_locl.h,v 1.6 2002/03/05 09:19:02 ume Exp $     */
 /*     $KAME: des_locl.h,v 1.7 2001/09/10 04:03:58 itojun Exp $        */
 
 /* crypto/des/des_locl.h */
index 010af3f..5455e12 100644 (file)
@@ -1,8 +1,8 @@
-/*     $FreeBSD: src/sys/crypto/des/des_setkey.c,v 1.1.2.4 2002/03/26 10:12:25 ume Exp $       */
-/*     $DragonFly: src/sys/crypto/des/des_setkey.c,v 1.3 2003/07/26 14:12:24 rob Exp $ */
+/*     $FreeBSD: src/sys/crypto/des/des_setkey.c,v 1.7 2004/06/14 00:38:16 obrien Exp $        */
 /*     $KAME: des_setkey.c,v 1.7 2001/09/10 04:03:58 itojun Exp $      */
 
 /* crypto/des/set_key.c */
+
 /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au)
  * All rights reserved.
  *
index df515b2..8d77aac 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/des/podd.h,v 1.1.2.2 2002/04/28 05:40:25 suz Exp $     */
-/*     $DragonFly: src/sys/crypto/des/podd.h,v 1.2 2003/06/17 04:28:20 dillon Exp $    */
+/*     $FreeBSD: src/sys/crypto/des/podd.h,v 1.4 2002/04/19 04:46:21 suz Exp $ */
 /*     $KAME: podd.h,v 1.4 2001/09/10 04:03:58 itojun Exp $    */
 
 /* crypto/des/podd.h */
index 6f629db..209dca6 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/des/sk.h,v 1.1.2.2 2002/04/28 05:40:25 suz Exp $       */
-/*     $DragonFly: src/sys/crypto/des/sk.h,v 1.2 2003/06/17 04:28:20 dillon Exp $      */
+/*     $FreeBSD: src/sys/crypto/des/sk.h,v 1.4 2002/04/19 04:46:21 suz Exp $   */
 /*     $KAME: sk.h,v 1.4 2001/09/10 04:03:58 itojun Exp $      */
 
 /* crypto/des/sk.h */
index 1203188..4fd00b6 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/des/spr.h,v 1.1.2.2 2002/03/26 10:12:25 ume Exp $      */
-/*     $DragonFly: src/sys/crypto/des/spr.h,v 1.2 2003/06/17 04:28:20 dillon Exp $     */
+/*     $FreeBSD: src/sys/crypto/des/spr.h,v 1.4 2002/03/05 09:19:02 ume Exp $  */
 /*     $KAME: spr.h,v 1.4 2001/09/10 04:03:58 itojun Exp $     */
 
 /* crypto/des/spr.h */
diff --git a/sys/crypto/md5.c b/sys/crypto/md5.c
deleted file mode 100644 (file)
index 6a28fde..0000000
+++ /dev/null
@@ -1,309 +0,0 @@
-/*     $FreeBSD: src/sys/crypto/md5.c,v 1.1.2.2 2001/07/03 11:01:27 ume Exp $  */
-/*     $DragonFly: src/sys/crypto/md5.c,v 1.3 2003/08/27 10:59:04 rob Exp $    */
-/*     $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $     */
-
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/cdefs.h>
-#include <sys/time.h>
-#include <sys/systm.h>
-#include <crypto/md5.h>
-
-#define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s))))
-
-#define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z)))
-#define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z)))
-#define H(X, Y, Z) ((X) ^ (Y) ^ (Z))
-#define I(X, Y, Z) ((Y) ^ ((X) | (~Z)))
-
-#define ROUND1(a, b, c, d, k, s, i) { \
-       (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \
-       (a) = SHIFT((a), (s)); \
-       (a) = (b) + (a); \
-}
-
-#define ROUND2(a, b, c, d, k, s, i) { \
-       (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \
-       (a) = SHIFT((a), (s)); \
-       (a) = (b) + (a); \
-}
-
-#define ROUND3(a, b, c, d, k, s, i) { \
-       (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \
-       (a) = SHIFT((a), (s)); \
-       (a) = (b) + (a); \
-}
-
-#define ROUND4(a, b, c, d, k, s, i) { \
-       (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \
-       (a) = SHIFT((a), (s)); \
-       (a) = (b) + (a); \
-}
-
-#define Sa      7
-#define Sb     12
-#define Sc     17
-#define Sd     22
-
-#define Se      5
-#define Sf      9
-#define Sg     14
-#define Sh     20
-
-#define Si      4
-#define Sj     11
-#define Sk     16
-#define Sl     23
-
-#define Sm      6
-#define Sn     10
-#define So     15
-#define Sp     21
-
-#define MD5_A0 0x67452301
-#define MD5_B0 0xefcdab89
-#define MD5_C0 0x98badcfe
-#define MD5_D0 0x10325476
-
-/* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */
-static const u_int32_t T[65] = {
-       0,
-       0xd76aa478,     0xe8c7b756,     0x242070db,     0xc1bdceee,
-       0xf57c0faf,     0x4787c62a,     0xa8304613,     0xfd469501,
-       0x698098d8,     0x8b44f7af,     0xffff5bb1,     0x895cd7be,
-       0x6b901122,     0xfd987193,     0xa679438e,     0x49b40821,
-
-       0xf61e2562,     0xc040b340,     0x265e5a51,     0xe9b6c7aa,
-       0xd62f105d,     0x2441453,      0xd8a1e681,     0xe7d3fbc8,
-       0x21e1cde6,     0xc33707d6,     0xf4d50d87,     0x455a14ed,
-       0xa9e3e905,     0xfcefa3f8,     0x676f02d9,     0x8d2a4c8a,
-
-       0xfffa3942,     0x8771f681,     0x6d9d6122,     0xfde5380c,
-       0xa4beea44,     0x4bdecfa9,     0xf6bb4b60,     0xbebfbc70,
-       0x289b7ec6,     0xeaa127fa,     0xd4ef3085,     0x4881d05,
-       0xd9d4d039,     0xe6db99e5,     0x1fa27cf8,     0xc4ac5665,
-
-       0xf4292244,     0x432aff97,     0xab9423a7,     0xfc93a039,
-       0x655b59c3,     0x8f0ccc92,     0xffeff47d,     0x85845dd1,
-       0x6fa87e4f,     0xfe2ce6e0,     0xa3014314,     0x4e0811a1,
-       0xf7537e82,     0xbd3af235,     0x2ad7d2bb,     0xeb86d391,
-};
-
-static const u_int8_t md5_paddat[MD5_BUFLEN] = {
-       0x80,   0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,
-       0,      0,      0,      0,      0,      0,      0,      0,      
-};
-
-static void md5_calc (u_int8_t *, md5_ctxt *);
-
-void md5_init(ctxt)
-       md5_ctxt *ctxt;
-{
-       ctxt->md5_n = 0;
-       ctxt->md5_i = 0;
-       ctxt->md5_sta = MD5_A0;
-       ctxt->md5_stb = MD5_B0;
-       ctxt->md5_stc = MD5_C0;
-       ctxt->md5_std = MD5_D0;
-       bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf));
-}
-
-void md5_loop(ctxt, input, len)
-       md5_ctxt *ctxt;
-       u_int8_t *input;
-       u_int len; /* number of bytes */
-{
-       u_int gap, i;
-
-       ctxt->md5_n += len * 8; /* byte to bit */
-       gap = MD5_BUFLEN - ctxt->md5_i;
-
-       if (len >= gap) {
-               bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
-                       gap);
-               md5_calc(ctxt->md5_buf, ctxt);
-
-               for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) {
-                       md5_calc((u_int8_t *)(input + i), ctxt);
-               }
-               
-               ctxt->md5_i = len - i;
-               bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
-       } else {
-               bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
-                       len);
-               ctxt->md5_i += len;
-       }
-}
-
-void md5_pad(ctxt)
-       md5_ctxt *ctxt;
-{
-       u_int gap;
-
-       /* Don't count up padding. Keep md5_n. */       
-       gap = MD5_BUFLEN - ctxt->md5_i;
-       if (gap > 8) {
-               bcopy((void *)md5_paddat,
-                     (void *)(ctxt->md5_buf + ctxt->md5_i),
-                     gap - sizeof(ctxt->md5_n));
-       } else {
-               /* including gap == 8 */
-               bcopy((void *)md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
-                       gap);
-               md5_calc(ctxt->md5_buf, ctxt);
-               bcopy((void *)(md5_paddat + gap),
-                     (void *)ctxt->md5_buf,
-                     MD5_BUFLEN - sizeof(ctxt->md5_n));
-       }
-
-       /* 8 byte word */       
-#if BYTE_ORDER == LITTLE_ENDIAN
-       bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
-#endif
-#if BYTE_ORDER == BIG_ENDIAN
-       ctxt->md5_buf[56] = ctxt->md5_n8[7];
-       ctxt->md5_buf[57] = ctxt->md5_n8[6];
-       ctxt->md5_buf[58] = ctxt->md5_n8[5];
-       ctxt->md5_buf[59] = ctxt->md5_n8[4];
-       ctxt->md5_buf[60] = ctxt->md5_n8[3];
-       ctxt->md5_buf[61] = ctxt->md5_n8[2];
-       ctxt->md5_buf[62] = ctxt->md5_n8[1];
-       ctxt->md5_buf[63] = ctxt->md5_n8[0];
-#endif
-
-       md5_calc(ctxt->md5_buf, ctxt);
-}
-
-void md5_result(digest, ctxt)
-       u_int8_t *digest;
-       md5_ctxt *ctxt;
-{
-       /* 4 byte words */
-#if BYTE_ORDER == LITTLE_ENDIAN
-       bcopy(&ctxt->md5_st8[0], digest, 16);
-#endif
-#if BYTE_ORDER == BIG_ENDIAN
-       digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2];
-       digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0];
-       digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6];
-       digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4];
-       digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10];
-       digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8];
-       digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14];
-       digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12];
-#endif
-}
-
-#if BYTE_ORDER == BIG_ENDIAN
-u_int32_t X[16];
-#endif
-
-static void md5_calc(b64, ctxt)
-       u_int8_t *b64;
-       md5_ctxt *ctxt;
-{
-       u_int32_t A = ctxt->md5_sta;
-       u_int32_t B = ctxt->md5_stb;
-       u_int32_t C = ctxt->md5_stc;
-       u_int32_t D = ctxt->md5_std;
-#if BYTE_ORDER == LITTLE_ENDIAN
-       u_int32_t *X = (u_int32_t *)b64;
-#endif 
-#if BYTE_ORDER == BIG_ENDIAN
-       /* 4 byte words */
-       /* what a brute force but fast! */
-       u_int8_t *y = (u_int8_t *)X;
-       y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0];
-       y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4];
-       y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8];
-       y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12];
-       y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16];
-       y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20];
-       y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24];
-       y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28];
-       y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32];
-       y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36];
-       y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40];
-       y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44];
-       y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48];
-       y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52];
-       y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56];
-       y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60];
-#endif
-
-       ROUND1(A, B, C, D,  0, Sa,  1); ROUND1(D, A, B, C,  1, Sb,  2);
-       ROUND1(C, D, A, B,  2, Sc,  3); ROUND1(B, C, D, A,  3, Sd,  4);
-       ROUND1(A, B, C, D,  4, Sa,  5); ROUND1(D, A, B, C,  5, Sb,  6);
-       ROUND1(C, D, A, B,  6, Sc,  7); ROUND1(B, C, D, A,  7, Sd,  8);
-       ROUND1(A, B, C, D,  8, Sa,  9); ROUND1(D, A, B, C,  9, Sb, 10);
-       ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12);
-       ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14);
-       ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16);
-       
-       ROUND2(A, B, C, D,  1, Se, 17); ROUND2(D, A, B, C,  6, Sf, 18);
-       ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A,  0, Sh, 20);
-       ROUND2(A, B, C, D,  5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22);
-       ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A,  4, Sh, 24);
-       ROUND2(A, B, C, D,  9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26);
-       ROUND2(C, D, A, B,  3, Sg, 27); ROUND2(B, C, D, A,  8, Sh, 28);
-       ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C,  2, Sf, 30);
-       ROUND2(C, D, A, B,  7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32);
-
-       ROUND3(A, B, C, D,  5, Si, 33); ROUND3(D, A, B, C,  8, Sj, 34);
-       ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36);
-       ROUND3(A, B, C, D,  1, Si, 37); ROUND3(D, A, B, C,  4, Sj, 38);
-       ROUND3(C, D, A, B,  7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40);
-       ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C,  0, Sj, 42);
-       ROUND3(C, D, A, B,  3, Sk, 43); ROUND3(B, C, D, A,  6, Sl, 44);
-       ROUND3(A, B, C, D,  9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46);
-       ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A,  2, Sl, 48);
-       
-       ROUND4(A, B, C, D,  0, Sm, 49); ROUND4(D, A, B, C,  7, Sn, 50); 
-       ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A,  5, Sp, 52); 
-       ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C,  3, Sn, 54); 
-       ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A,  1, Sp, 56); 
-       ROUND4(A, B, C, D,  8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58); 
-       ROUND4(C, D, A, B,  6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60); 
-       ROUND4(A, B, C, D,  4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62); 
-       ROUND4(C, D, A, B,  2, So, 63); ROUND4(B, C, D, A,  9, Sp, 64);
-
-       ctxt->md5_sta += A;
-       ctxt->md5_stb += B;
-       ctxt->md5_stc += C;
-       ctxt->md5_std += D;
-}
diff --git a/sys/crypto/rc4/Makefile b/sys/crypto/rc4/Makefile
new file mode 100644 (file)
index 0000000..b12e260
--- /dev/null
@@ -0,0 +1,6 @@
+# $FreeBSD: src/sys/modules/rc4/Makefile,v 1.1 2003/01/15 19:55:17 sam Exp $
+
+KMOD=  rc4
+SRCS=  rc4.c
+
+.include <bsd.kmod.mk>
index ab4185d..33cb968 100644 (file)
@@ -1,4 +1,3 @@
-
 /*
  * rc4.c
  *
  * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
  * OF SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/crypto/rc4/rc4.c,v 1.2.2.1 2000/04/18 04:48:31 archie Exp $
- * $DragonFly: src/sys/crypto/rc4/rc4.c,v 1.2 2003/06/17 04:28:20 dillon Exp $
+ * $FreeBSD: src/sys/crypto/rc4/rc4.c,v 1.6 2008/12/16 13:58:37 mav Exp $
  */
 
+#include <sys/kernel.h>
+#include <sys/module.h>
 #include <sys/types.h>
 #include <crypto/rc4/rc4.h>
 
@@ -59,7 +59,7 @@ void
 rc4_init(struct rc4_state *const state, const u_char *key, int keylen)
 {
        u_char j;
-       int i;
+       int i, k;
 
        /* Initialize state with identity permutation */
        for (i = 0; i < 256; i++)
@@ -68,9 +68,11 @@ rc4_init(struct rc4_state *const state, const u_char *key, int keylen)
        state->index2 = 0;
   
        /* Randomize the permutation using key data */
-       for (j = i = 0; i < 256; i++) {
-               j += state->perm[i] + key[i % keylen]; 
+       for (j = i = k = 0; i < 256; i++) {
+               j += state->perm[i] + key[k];
                swap_bytes(&state->perm[i], &state->perm[j]);
+               if (++k >= keylen)
+                       k = 0;
        }
 }
 
@@ -103,3 +105,22 @@ rc4_crypt(struct rc4_state *const state,
        }
 }
 
+static int
+rc4_modevent(module_t mod, int type, void *unused)
+{
+       switch (type) {
+       case MOD_LOAD:
+               return 0;
+       case MOD_UNLOAD:
+               return 0;
+       }
+       return EINVAL;
+}
+
+static moduledata_t rc4_mod = {
+       "rc4",
+       rc4_modevent,
+       0
+};
+DECLARE_MODULE(rc4, rc4_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
+MODULE_VERSION(rc4, 1);
index 04a6829..39cdcc8 100644 (file)
@@ -34,8 +34,7 @@
  * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
  * OF SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/crypto/rc4/rc4.h,v 1.2.2.1 2000/04/18 04:48:32 archie Exp $
- * $DragonFly: src/sys/crypto/rc4/rc4.h,v 1.2 2003/06/17 04:28:20 dillon Exp $
+ * $FreeBSD: src/sys/crypto/rc4/rc4.h,v 1.3 2000/07/16 05:53:14 peter Exp $
  */
 
 #ifndef _SYS_CRYPTO_RC4_RC4_H_
diff --git a/sys/crypto/rijndael/Makefile b/sys/crypto/rijndael/Makefile
new file mode 100644 (file)
index 0000000..d42d81b
--- /dev/null
@@ -0,0 +1,12 @@
+# $FreeBSD: src/sys/crypto/rijndael/Makefile,v 1.3 2004/12/21 08:47:18 ru Exp $
+
+PROG=test00
+NOMAN=
+SRCS= ${PROG}.c rijndael-alg-fst.c rijndael-api-fst.c
+
+CFLAGS += -I${.CURDIR}/../.. -g -static
+
+.include <bsd.prog.mk>
+
+test:  ${PROG}
+       ./${PROG}
diff --git a/sys/crypto/rijndael/boxes-fst.dat b/sys/crypto/rijndael/boxes-fst.dat
deleted file mode 100644 (file)
index e2ddb3a..0000000
+++ /dev/null
@@ -1,959 +0,0 @@
-/*     $FreeBSD: src/sys/crypto/rijndael/boxes-fst.dat,v 1.2.2.1 2001/07/03 11:01:35 ume Exp $ */
-/*     $DragonFly: src/sys/crypto/rijndael/boxes-fst.dat,v 1.2 2003/06/17 04:28:20 dillon Exp $        */
-/*     $KAME: boxes-fst.dat,v 1.6 2001/05/27 00:23:22 itojun Exp $     */
-
-const word8 S[256] = {
- 99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215, 171, 118, 
-202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 
-183, 253, 147,  38,  54,  63, 247, 204,  52, 165, 229, 241, 113, 216,  49,  21, 
-  4, 199,  35, 195,  24, 150,   5, 154,   7,  18, 128, 226, 235,  39, 178, 117, 
-  9, 131,  44,  26,  27, 110,  90, 160,  82,  59, 214, 179,  41, 227,  47, 132, 
- 83, 209,   0, 237,  32, 252, 177,  91, 106, 203, 190,  57,  74,  76,  88, 207, 
-208, 239, 170, 251,  67,  77,  51, 133,  69, 249,   2, 127,  80,  60, 159, 168, 
- 81, 163,  64, 143, 146, 157,  56, 245, 188, 182, 218,  33,  16, 255, 243, 210, 
-205,  12,  19, 236,  95, 151,  68,  23, 196, 167, 126,  61, 100,  93,  25, 115, 
- 96, 129,  79, 220,  34,  42, 144, 136,  70, 238, 184,  20, 222,  94,  11, 219, 
-224,  50,  58,  10,  73,   6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121, 
-231, 200,  55, 109, 141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8, 
-186, 120,  37,  46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138, 
-112,  62, 181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158, 
-225, 248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223, 
-140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,  22
-};
-
-#ifdef INTERMEDIATE_VALUE_KAT
-static const word8 Si[256] = {
- 82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243, 215, 251, 
-124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68, 196, 222, 233, 203, 
- 84, 123, 148,  50, 166, 194,  35,  61, 238,  76, 149,  11,  66, 250, 195,  78, 
-  8,  46, 161, 102,  40, 217,  36, 178, 118,  91, 162,  73, 109, 139, 209,  37, 
-114, 248, 246, 100, 134, 104, 152,  22, 212, 164,  92, 204,  93, 101, 182, 146, 
-108, 112,  72,  80, 253, 237, 185, 218,  94,  21,  70,  87, 167, 141, 157, 132, 
-144, 216, 171,   0, 140, 188, 211,  10, 247, 228,  88,   5, 184, 179,  69,   6, 
-208,  44,  30, 143, 202,  63,  15,   2, 193, 175, 189,   3,   1,  19, 138, 107, 
- 58, 145,  17,  65,  79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 
-150, 172, 116,  34, 231, 173,  53, 133, 226, 249,  55, 232,  28, 117, 223, 110, 
- 71, 241,  26, 113,  29,  41, 197, 137, 111, 183,  98,  14, 170,  24, 190,  27, 
-252,  86,  62,  75, 198, 210, 121,  32, 154, 219, 192, 254, 120, 205,  90, 244, 
- 31, 221, 168,  51, 136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95, 
- 96,  81, 127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239, 
-160, 224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83, 153,  97, 
- 23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,  85,  33,  12, 125
-};
-#endif /* INTERMEDIATE_VALUE_KAT */
-
-union xtab {
-       word32  xt32[256];
-       word8   xt8[256][4];
-};
-
-static const union xtab xT1 = {
-       .xt8 = {
-{0xc6,0x63,0x63,0xa5}, {0xf8,0x7c,0x7c,0x84}, {0xee,0x77,0x77,0x99}, {0xf6,0x7b,0x7b,0x8d},
-{0xff,0xf2,0xf2,0x0d}, {0xd6,0x6b,0x6b,0xbd}, {0xde,0x6f,0x6f,0xb1}, {0x91,0xc5,0xc5,0x54},
-{0x60,0x30,0x30,0x50}, {0x02,0x01,0x01,0x03}, {0xce,0x67,0x67,0xa9}, {0x56,0x2b,0x2b,0x7d},
-{0xe7,0xfe,0xfe,0x19}, {0xb5,0xd7,0xd7,0x62}, {0x4d,0xab,0xab,0xe6}, {0xec,0x76,0x76,0x9a},
-{0x8f,0xca,0xca,0x45}, {0x1f,0x82,0x82,0x9d}, {0x89,0xc9,0xc9,0x40}, {0xfa,0x7d,0x7d,0x87},
-{0xef,0xfa,0xfa,0x15}, {0xb2,0x59,0x59,0xeb}, {0x8e,0x47,0x47,0xc9}, {0xfb,0xf0,0xf0,0x0b},
-{0x41,0xad,0xad,0xec}, {0xb3,0xd4,0xd4,0x67}, {0x5f,0xa2,0xa2,0xfd}, {0x45,0xaf,0xaf,0xea},
-{0x23,0x9c,0x9c,0xbf}, {0x53,0xa4,0xa4,0xf7}, {0xe4,0x72,0x72,0x96}, {0x9b,0xc0,0xc0,0x5b},
-{0x75,0xb7,0xb7,0xc2}, {0xe1,0xfd,0xfd,0x1c}, {0x3d,0x93,0x93,0xae}, {0x4c,0x26,0x26,0x6a},
-{0x6c,0x36,0x36,0x5a}, {0x7e,0x3f,0x3f,0x41}, {0xf5,0xf7,0xf7,0x02}, {0x83,0xcc,0xcc,0x4f},
-{0x68,0x34,0x34,0x5c}, {0x51,0xa5,0xa5,0xf4}, {0xd1,0xe5,0xe5,0x34}, {0xf9,0xf1,0xf1,0x08},
-{0xe2,0x71,0x71,0x93}, {0xab,0xd8,0xd8,0x73}, {0x62,0x31,0x31,0x53}, {0x2a,0x15,0x15,0x3f},
-{0x08,0x04,0x04,0x0c}, {0x95,0xc7,0xc7,0x52}, {0x46,0x23,0x23,0x65}, {0x9d,0xc3,0xc3,0x5e},
-{0x30,0x18,0x18,0x28}, {0x37,0x96,0x96,0xa1}, {0x0a,0x05,0x05,0x0f}, {0x2f,0x9a,0x9a,0xb5},
-{0x0e,0x07,0x07,0x09}, {0x24,0x12,0x12,0x36}, {0x1b,0x80,0x80,0x9b}, {0xdf,0xe2,0xe2,0x3d},
-{0xcd,0xeb,0xeb,0x26}, {0x4e,0x27,0x27,0x69}, {0x7f,0xb2,0xb2,0xcd}, {0xea,0x75,0x75,0x9f},
-{0x12,0x09,0x09,0x1b}, {0x1d,0x83,0x83,0x9e}, {0x58,0x2c,0x2c,0x74}, {0x34,0x1a,0x1a,0x2e},
-{0x36,0x1b,0x1b,0x2d}, {0xdc,0x6e,0x6e,0xb2}, {0xb4,0x5a,0x5a,0xee}, {0x5b,0xa0,0xa0,0xfb},
-{0xa4,0x52,0x52,0xf6}, {0x76,0x3b,0x3b,0x4d}, {0xb7,0xd6,0xd6,0x61}, {0x7d,0xb3,0xb3,0xce},
-{0x52,0x29,0x29,0x7b}, {0xdd,0xe3,0xe3,0x3e}, {0x5e,0x2f,0x2f,0x71}, {0x13,0x84,0x84,0x97},
-{0xa6,0x53,0x53,0xf5}, {0xb9,0xd1,0xd1,0x68}, {0x00,0x00,0x00,0x00}, {0xc1,0xed,0xed,0x2c},
-{0x40,0x20,0x20,0x60}, {0xe3,0xfc,0xfc,0x1f}, {0x79,0xb1,0xb1,0xc8}, {0xb6,0x5b,0x5b,0xed},
-{0xd4,0x6a,0x6a,0xbe}, {0x8d,0xcb,0xcb,0x46}, {0x67,0xbe,0xbe,0xd9}, {0x72,0x39,0x39,0x4b},
-{0x94,0x4a,0x4a,0xde}, {0x98,0x4c,0x4c,0xd4}, {0xb0,0x58,0x58,0xe8}, {0x85,0xcf,0xcf,0x4a},
-{0xbb,0xd0,0xd0,0x6b}, {0xc5,0xef,0xef,0x2a}, {0x4f,0xaa,0xaa,0xe5}, {0xed,0xfb,0xfb,0x16},
-{0x86,0x43,0x43,0xc5}, {0x9a,0x4d,0x4d,0xd7}, {0x66,0x33,0x33,0x55}, {0x11,0x85,0x85,0x94},
-{0x8a,0x45,0x45,0xcf}, {0xe9,0xf9,0xf9,0x10}, {0x04,0x02,0x02,0x06}, {0xfe,0x7f,0x7f,0x81},
-{0xa0,0x50,0x50,0xf0}, {0x78,0x3c,0x3c,0x44}, {0x25,0x9f,0x9f,0xba}, {0x4b,0xa8,0xa8,0xe3},
-{0xa2,0x51,0x51,0xf3}, {0x5d,0xa3,0xa3,0xfe}, {0x80,0x40,0x40,0xc0}, {0x05,0x8f,0x8f,0x8a},
-{0x3f,0x92,0x92,0xad}, {0x21,0x9d,0x9d,0xbc}, {0x70,0x38,0x38,0x48}, {0xf1,0xf5,0xf5,0x04},
-{0x63,0xbc,0xbc,0xdf}, {0x77,0xb6,0xb6,0xc1}, {0xaf,0xda,0xda,0x75}, {0x42,0x21,0x21,0x63},
-{0x20,0x10,0x10,0x30}, {0xe5,0xff,0xff,0x1a}, {0xfd,0xf3,0xf3,0x0e}, {0xbf,0xd2,0xd2,0x6d},
-{0x81,0xcd,0xcd,0x4c}, {0x18,0x0c,0x0c,0x14}, {0x26,0x13,0x13,0x35}, {0xc3,0xec,0xec,0x2f},
-{0xbe,0x5f,0x5f,0xe1}, {0x35,0x97,0x97,0xa2}, {0x88,0x44,0x44,0xcc}, {0x2e,0x17,0x17,0x39},
-{0x93,0xc4,0xc4,0x57}, {0x55,0xa7,0xa7,0xf2}, {0xfc,0x7e,0x7e,0x82}, {0x7a,0x3d,0x3d,0x47},
-{0xc8,0x64,0x64,0xac}, {0xba,0x5d,0x5d,0xe7}, {0x32,0x19,0x19,0x2b}, {0xe6,0x73,0x73,0x95},
-{0xc0,0x60,0x60,0xa0}, {0x19,0x81,0x81,0x98}, {0x9e,0x4f,0x4f,0xd1}, {0xa3,0xdc,0xdc,0x7f},
-{0x44,0x22,0x22,0x66}, {0x54,0x2a,0x2a,0x7e}, {0x3b,0x90,0x90,0xab}, {0x0b,0x88,0x88,0x83},
-{0x8c,0x46,0x46,0xca}, {0xc7,0xee,0xee,0x29}, {0x6b,0xb8,0xb8,0xd3}, {0x28,0x14,0x14,0x3c},
-{0xa7,0xde,0xde,0x79}, {0xbc,0x5e,0x5e,0xe2}, {0x16,0x0b,0x0b,0x1d}, {0xad,0xdb,0xdb,0x76},
-{0xdb,0xe0,0xe0,0x3b}, {0x64,0x32,0x32,0x56}, {0x74,0x3a,0x3a,0x4e}, {0x14,0x0a,0x0a,0x1e},
-{0x92,0x49,0x49,0xdb}, {0x0c,0x06,0x06,0x0a}, {0x48,0x24,0x24,0x6c}, {0xb8,0x5c,0x5c,0xe4},
-{0x9f,0xc2,0xc2,0x5d}, {0xbd,0xd3,0xd3,0x6e}, {0x43,0xac,0xac,0xef}, {0xc4,0x62,0x62,0xa6},
-{0x39,0x91,0x91,0xa8}, {0x31,0x95,0x95,0xa4}, {0xd3,0xe4,0xe4,0x37}, {0xf2,0x79,0x79,0x8b},
-{0xd5,0xe7,0xe7,0x32}, {0x8b,0xc8,0xc8,0x43}, {0x6e,0x37,0x37,0x59}, {0xda,0x6d,0x6d,0xb7},
-{0x01,0x8d,0x8d,0x8c}, {0xb1,0xd5,0xd5,0x64}, {0x9c,0x4e,0x4e,0xd2}, {0x49,0xa9,0xa9,0xe0},
-{0xd8,0x6c,0x6c,0xb4}, {0xac,0x56,0x56,0xfa}, {0xf3,0xf4,0xf4,0x07}, {0xcf,0xea,0xea,0x25},
-{0xca,0x65,0x65,0xaf}, {0xf4,0x7a,0x7a,0x8e}, {0x47,0xae,0xae,0xe9}, {0x10,0x08,0x08,0x18},
-{0x6f,0xba,0xba,0xd5}, {0xf0,0x78,0x78,0x88}, {0x4a,0x25,0x25,0x6f}, {0x5c,0x2e,0x2e,0x72},
-{0x38,0x1c,0x1c,0x24}, {0x57,0xa6,0xa6,0xf1}, {0x73,0xb4,0xb4,0xc7}, {0x97,0xc6,0xc6,0x51},
-{0xcb,0xe8,0xe8,0x23}, {0xa1,0xdd,0xdd,0x7c}, {0xe8,0x74,0x74,0x9c}, {0x3e,0x1f,0x1f,0x21},
-{0x96,0x4b,0x4b,0xdd}, {0x61,0xbd,0xbd,0xdc}, {0x0d,0x8b,0x8b,0x86}, {0x0f,0x8a,0x8a,0x85},
-{0xe0,0x70,0x70,0x90}, {0x7c,0x3e,0x3e,0x42}, {0x71,0xb5,0xb5,0xc4}, {0xcc,0x66,0x66,0xaa},
-{0x90,0x48,0x48,0xd8}, {0x06,0x03,0x03,0x05}, {0xf7,0xf6,0xf6,0x01}, {0x1c,0x0e,0x0e,0x12},
-{0xc2,0x61,0x61,0xa3}, {0x6a,0x35,0x35,0x5f}, {0xae,0x57,0x57,0xf9}, {0x69,0xb9,0xb9,0xd0},
-{0x17,0x86,0x86,0x91}, {0x99,0xc1,0xc1,0x58}, {0x3a,0x1d,0x1d,0x27}, {0x27,0x9e,0x9e,0xb9},
-{0xd9,0xe1,0xe1,0x38}, {0xeb,0xf8,0xf8,0x13}, {0x2b,0x98,0x98,0xb3}, {0x22,0x11,0x11,0x33},
-{0xd2,0x69,0x69,0xbb}, {0xa9,0xd9,0xd9,0x70}, {0x07,0x8e,0x8e,0x89}, {0x33,0x94,0x94,0xa7},
-{0x2d,0x9b,0x9b,0xb6}, {0x3c,0x1e,0x1e,0x22}, {0x15,0x87,0x87,0x92}, {0xc9,0xe9,0xe9,0x20},
-{0x87,0xce,0xce,0x49}, {0xaa,0x55,0x55,0xff}, {0x50,0x28,0x28,0x78}, {0xa5,0xdf,0xdf,0x7a},
-{0x03,0x8c,0x8c,0x8f}, {0x59,0xa1,0xa1,0xf8}, {0x09,0x89,0x89,0x80}, {0x1a,0x0d,0x0d,0x17},
-{0x65,0xbf,0xbf,0xda}, {0xd7,0xe6,0xe6,0x31}, {0x84,0x42,0x42,0xc6}, {0xd0,0x68,0x68,0xb8},
-{0x82,0x41,0x41,0xc3}, {0x29,0x99,0x99,0xb0}, {0x5a,0x2d,0x2d,0x77}, {0x1e,0x0f,0x0f,0x11},
-{0x7b,0xb0,0xb0,0xcb}, {0xa8,0x54,0x54,0xfc}, {0x6d,0xbb,0xbb,0xd6}, {0x2c,0x16,0x16,0x3a}
-       }
-};
-#define        T1      xT1.xt8
-
-static const union xtab xT2 = {
-       .xt8 = {
-{0xa5,0xc6,0x63,0x63}, {0x84,0xf8,0x7c,0x7c}, {0x99,0xee,0x77,0x77}, {0x8d,0xf6,0x7b,0x7b},
-{0x0d,0xff,0xf2,0xf2}, {0xbd,0xd6,0x6b,0x6b}, {0xb1,0xde,0x6f,0x6f}, {0x54,0x91,0xc5,0xc5},
-{0x50,0x60,0x30,0x30}, {0x03,0x02,0x01,0x01}, {0xa9,0xce,0x67,0x67}, {0x7d,0x56,0x2b,0x2b},
-{0x19,0xe7,0xfe,0xfe}, {0x62,0xb5,0xd7,0xd7}, {0xe6,0x4d,0xab,0xab}, {0x9a,0xec,0x76,0x76},
-{0x45,0x8f,0xca,0xca}, {0x9d,0x1f,0x82,0x82}, {0x40,0x89,0xc9,0xc9}, {0x87,0xfa,0x7d,0x7d},
-{0x15,0xef,0xfa,0xfa}, {0xeb,0xb2,0x59,0x59}, {0xc9,0x8e,0x47,0x47}, {0x0b,0xfb,0xf0,0xf0},
-{0xec,0x41,0xad,0xad}, {0x67,0xb3,0xd4,0xd4}, {0xfd,0x5f,0xa2,0xa2}, {0xea,0x45,0xaf,0xaf},
-{0xbf,0x23,0x9c,0x9c}, {0xf7,0x53,0xa4,0xa4}, {0x96,0xe4,0x72,0x72}, {0x5b,0x9b,0xc0,0xc0},
-{0xc2,0x75,0xb7,0xb7}, {0x1c,0xe1,0xfd,0xfd}, {0xae,0x3d,0x93,0x93}, {0x6a,0x4c,0x26,0x26},
-{0x5a,0x6c,0x36,0x36}, {0x41,0x7e,0x3f,0x3f}, {0x02,0xf5,0xf7,0xf7}, {0x4f,0x83,0xcc,0xcc},
-{0x5c,0x68,0x34,0x34}, {0xf4,0x51,0xa5,0xa5}, {0x34,0xd1,0xe5,0xe5}, {0x08,0xf9,0xf1,0xf1},
-{0x93,0xe2,0x71,0x71}, {0x73,0xab,0xd8,0xd8}, {0x53,0x62,0x31,0x31}, {0x3f,0x2a,0x15,0x15},
-{0x0c,0x08,0x04,0x04}, {0x52,0x95,0xc7,0xc7}, {0x65,0x46,0x23,0x23}, {0x5e,0x9d,0xc3,0xc3},
-{0x28,0x30,0x18,0x18}, {0xa1,0x37,0x96,0x96}, {0x0f,0x0a,0x05,0x05}, {0xb5,0x2f,0x9a,0x9a},
-{0x09,0x0e,0x07,0x07}, {0x36,0x24,0x12,0x12}, {0x9b,0x1b,0x80,0x80}, {0x3d,0xdf,0xe2,0xe2},
-{0x26,0xcd,0xeb,0xeb}, {0x69,0x4e,0x27,0x27}, {0xcd,0x7f,0xb2,0xb2}, {0x9f,0xea,0x75,0x75},
-{0x1b,0x12,0x09,0x09}, {0x9e,0x1d,0x83,0x83}, {0x74,0x58,0x2c,0x2c}, {0x2e,0x34,0x1a,0x1a},
-{0x2d,0x36,0x1b,0x1b}, {0xb2,0xdc,0x6e,0x6e}, {0xee,0xb4,0x5a,0x5a}, {0xfb,0x5b,0xa0,0xa0},
-{0xf6,0xa4,0x52,0x52}, {0x4d,0x76,0x3b,0x3b}, {0x61,0xb7,0xd6,0xd6}, {0xce,0x7d,0xb3,0xb3},
-{0x7b,0x52,0x29,0x29}, {0x3e,0xdd,0xe3,0xe3}, {0x71,0x5e,0x2f,0x2f}, {0x97,0x13,0x84,0x84},
-{0xf5,0xa6,0x53,0x53}, {0x68,0xb9,0xd1,0xd1}, {0x00,0x00,0x00,0x00}, {0x2c,0xc1,0xed,0xed},
-{0x60,0x40,0x20,0x20}, {0x1f,0xe3,0xfc,0xfc}, {0xc8,0x79,0xb1,0xb1}, {0xed,0xb6,0x5b,0x5b},
-{0xbe,0xd4,0x6a,0x6a}, {0x46,0x8d,0xcb,0xcb}, {0xd9,0x67,0xbe,0xbe}, {0x4b,0x72,0x39,0x39},
-{0xde,0x94,0x4a,0x4a}, {0xd4,0x98,0x4c,0x4c}, {0xe8,0xb0,0x58,0x58}, {0x4a,0x85,0xcf,0xcf},
-{0x6b,0xbb,0xd0,0xd0}, {0x2a,0xc5,0xef,0xef}, {0xe5,0x4f,0xaa,0xaa}, {0x16,0xed,0xfb,0xfb},
-{0xc5,0x86,0x43,0x43}, {0xd7,0x9a,0x4d,0x4d}, {0x55,0x66,0x33,0x33}, {0x94,0x11,0x85,0x85},
-{0xcf,0x8a,0x45,0x45}, {0x10,0xe9,0xf9,0xf9}, {0x06,0x04,0x02,0x02}, {0x81,0xfe,0x7f,0x7f},
-{0xf0,0xa0,0x50,0x50}, {0x44,0x78,0x3c,0x3c}, {0xba,0x25,0x9f,0x9f}, {0xe3,0x4b,0xa8,0xa8},
-{0xf3,0xa2,0x51,0x51}, {0xfe,0x5d,0xa3,0xa3}, {0xc0,0x80,0x40,0x40}, {0x8a,0x05,0x8f,0x8f},
-{0xad,0x3f,0x92,0x92}, {0xbc,0x21,0x9d,0x9d}, {0x48,0x70,0x38,0x38}, {0x04,0xf1,0xf5,0xf5},
-{0xdf,0x63,0xbc,0xbc}, {0xc1,0x77,0xb6,0xb6}, {0x75,0xaf,0xda,0xda}, {0x63,0x42,0x21,0x21},
-{0x30,0x20,0x10,0x10}, {0x1a,0xe5,0xff,0xff}, {0x0e,0xfd,0xf3,0xf3}, {0x6d,0xbf,0xd2,0xd2},
-{0x4c,0x81,0xcd,0xcd}, {0x14,0x18,0x0c,0x0c}, {0x35,0x26,0x13,0x13}, {0x2f,0xc3,0xec,0xec},
-{0xe1,0xbe,0x5f,0x5f}, {0xa2,0x35,0x97,0x97}, {0xcc,0x88,0x44,0x44}, {0x39,0x2e,0x17,0x17},
-{0x57,0x93,0xc4,0xc4}, {0xf2,0x55,0xa7,0xa7}, {0x82,0xfc,0x7e,0x7e}, {0x47,0x7a,0x3d,0x3d},
-{0xac,0xc8,0x64,0x64}, {0xe7,0xba,0x5d,0x5d}, {0x2b,0x32,0x19,0x19}, {0x95,0xe6,0x73,0x73},
-{0xa0,0xc0,0x60,0x60}, {0x98,0x19,0x81,0x81}, {0xd1,0x9e,0x4f,0x4f}, {0x7f,0xa3,0xdc,0xdc},
-{0x66,0x44,0x22,0x22}, {0x7e,0x54,0x2a,0x2a}, {0xab,0x3b,0x90,0x90}, {0x83,0x0b,0x88,0x88},
-{0xca,0x8c,0x46,0x46}, {0x29,0xc7,0xee,0xee}, {0xd3,0x6b,0xb8,0xb8}, {0x3c,0x28,0x14,0x14},
-{0x79,0xa7,0xde,0xde}, {0xe2,0xbc,0x5e,0x5e}, {0x1d,0x16,0x0b,0x0b}, {0x76,0xad,0xdb,0xdb},
-{0x3b,0xdb,0xe0,0xe0}, {0x56,0x64,0x32,0x32}, {0x4e,0x74,0x3a,0x3a}, {0x1e,0x14,0x0a,0x0a},
-{0xdb,0x92,0x49,0x49}, {0x0a,0x0c,0x06,0x06}, {0x6c,0x48,0x24,0x24}, {0xe4,0xb8,0x5c,0x5c},
-{0x5d,0x9f,0xc2,0xc2}, {0x6e,0xbd,0xd3,0xd3}, {0xef,0x43,0xac,0xac}, {0xa6,0xc4,0x62,0x62},
-{0xa8,0x39,0x91,0x91}, {0xa4,0x31,0x95,0x95}, {0x37,0xd3,0xe4,0xe4}, {0x8b,0xf2,0x79,0x79},
-{0x32,0xd5,0xe7,0xe7}, {0x43,0x8b,0xc8,0xc8}, {0x59,0x6e,0x37,0x37}, {0xb7,0xda,0x6d,0x6d},
-{0x8c,0x01,0x8d,0x8d}, {0x64,0xb1,0xd5,0xd5}, {0xd2,0x9c,0x4e,0x4e}, {0xe0,0x49,0xa9,0xa9},
-{0xb4,0xd8,0x6c,0x6c}, {0xfa,0xac,0x56,0x56}, {0x07,0xf3,0xf4,0xf4}, {0x25,0xcf,0xea,0xea},
-{0xaf,0xca,0x65,0x65}, {0x8e,0xf4,0x7a,0x7a}, {0xe9,0x47,0xae,0xae}, {0x18,0x10,0x08,0x08},
-{0xd5,0x6f,0xba,0xba}, {0x88,0xf0,0x78,0x78}, {0x6f,0x4a,0x25,0x25}, {0x72,0x5c,0x2e,0x2e},
-{0x24,0x38,0x1c,0x1c}, {0xf1,0x57,0xa6,0xa6}, {0xc7,0x73,0xb4,0xb4}, {0x51,0x97,0xc6,0xc6},
-{0x23,0xcb,0xe8,0xe8}, {0x7c,0xa1,0xdd,0xdd}, {0x9c,0xe8,0x74,0x74}, {0x21,0x3e,0x1f,0x1f},
-{0xdd,0x96,0x4b,0x4b}, {0xdc,0x61,0xbd,0xbd}, {0x86,0x0d,0x8b,0x8b}, {0x85,0x0f,0x8a,0x8a},
-{0x90,0xe0,0x70,0x70}, {0x42,0x7c,0x3e,0x3e}, {0xc4,0x71,0xb5,0xb5}, {0xaa,0xcc,0x66,0x66},
-{0xd8,0x90,0x48,0x48}, {0x05,0x06,0x03,0x03}, {0x01,0xf7,0xf6,0xf6}, {0x12,0x1c,0x0e,0x0e},
-{0xa3,0xc2,0x61,0x61}, {0x5f,0x6a,0x35,0x35}, {0xf9,0xae,0x57,0x57}, {0xd0,0x69,0xb9,0xb9},
-{0x91,0x17,0x86,0x86}, {0x58,0x99,0xc1,0xc1}, {0x27,0x3a,0x1d,0x1d}, {0xb9,0x27,0x9e,0x9e},
-{0x38,0xd9,0xe1,0xe1}, {0x13,0xeb,0xf8,0xf8}, {0xb3,0x2b,0x98,0x98}, {0x33,0x22,0x11,0x11},
-{0xbb,0xd2,0x69,0x69}, {0x70,0xa9,0xd9,0xd9}, {0x89,0x07,0x8e,0x8e}, {0xa7,0x33,0x94,0x94},
-{0xb6,0x2d,0x9b,0x9b}, {0x22,0x3c,0x1e,0x1e}, {0x92,0x15,0x87,0x87}, {0x20,0xc9,0xe9,0xe9},
-{0x49,0x87,0xce,0xce}, {0xff,0xaa,0x55,0x55}, {0x78,0x50,0x28,0x28}, {0x7a,0xa5,0xdf,0xdf},
-{0x8f,0x03,0x8c,0x8c}, {0xf8,0x59,0xa1,0xa1}, {0x80,0x09,0x89,0x89}, {0x17,0x1a,0x0d,0x0d},
-{0xda,0x65,0xbf,0xbf}, {0x31,0xd7,0xe6,0xe6}, {0xc6,0x84,0x42,0x42}, {0xb8,0xd0,0x68,0x68},
-{0xc3,0x82,0x41,0x41}, {0xb0,0x29,0x99,0x99}, {0x77,0x5a,0x2d,0x2d}, {0x11,0x1e,0x0f,0x0f},
-{0xcb,0x7b,0xb0,0xb0}, {0xfc,0xa8,0x54,0x54}, {0xd6,0x6d,0xbb,0xbb}, {0x3a,0x2c,0x16,0x16}
-       }
-};
-#define        T2      xT2.xt8
-
-static const union xtab xT3 = {
-       .xt8 = {
-{0x63,0xa5,0xc6,0x63}, {0x7c,0x84,0xf8,0x7c}, {0x77,0x99,0xee,0x77}, {0x7b,0x8d,0xf6,0x7b},
-{0xf2,0x0d,0xff,0xf2}, {0x6b,0xbd,0xd6,0x6b}, {0x6f,0xb1,0xde,0x6f}, {0xc5,0x54,0x91,0xc5},
-{0x30,0x50,0x60,0x30}, {0x01,0x03,0x02,0x01}, {0x67,0xa9,0xce,0x67}, {0x2b,0x7d,0x56,0x2b},
-{0xfe,0x19,0xe7,0xfe}, {0xd7,0x62,0xb5,0xd7}, {0xab,0xe6,0x4d,0xab}, {0x76,0x9a,0xec,0x76},
-{0xca,0x45,0x8f,0xca}, {0x82,0x9d,0x1f,0x82}, {0xc9,0x40,0x89,0xc9}, {0x7d,0x87,0xfa,0x7d},
-{0xfa,0x15,0xef,0xfa}, {0x59,0xeb,0xb2,0x59}, {0x47,0xc9,0x8e,0x47}, {0xf0,0x0b,0xfb,0xf0},
-{0xad,0xec,0x41,0xad}, {0xd4,0x67,0xb3,0xd4}, {0xa2,0xfd,0x5f,0xa2}, {0xaf,0xea,0x45,0xaf},
-{0x9c,0xbf,0x23,0x9c}, {0xa4,0xf7,0x53,0xa4}, {0x72,0x96,0xe4,0x72}, {0xc0,0x5b,0x9b,0xc0},
-{0xb7,0xc2,0x75,0xb7}, {0xfd,0x1c,0xe1,0xfd}, {0x93,0xae,0x3d,0x93}, {0x26,0x6a,0x4c,0x26},
-{0x36,0x5a,0x6c,0x36}, {0x3f,0x41,0x7e,0x3f}, {0xf7,0x02,0xf5,0xf7}, {0xcc,0x4f,0x83,0xcc},
-{0x34,0x5c,0x68,0x34}, {0xa5,0xf4,0x51,0xa5}, {0xe5,0x34,0xd1,0xe5}, {0xf1,0x08,0xf9,0xf1},
-{0x71,0x93,0xe2,0x71}, {0xd8,0x73,0xab,0xd8}, {0x31,0x53,0x62,0x31}, {0x15,0x3f,0x2a,0x15},
-{0x04,0x0c,0x08,0x04}, {0xc7,0x52,0x95,0xc7}, {0x23,0x65,0x46,0x23}, {0xc3,0x5e,0x9d,0xc3},
-{0x18,0x28,0x30,0x18}, {0x96,0xa1,0x37,0x96}, {0x05,0x0f,0x0a,0x05}, {0x9a,0xb5,0x2f,0x9a},
-{0x07,0x09,0x0e,0x07}, {0x12,0x36,0x24,0x12}, {0x80,0x9b,0x1b,0x80}, {0xe2,0x3d,0xdf,0xe2},
-{0xeb,0x26,0xcd,0xeb}, {0x27,0x69,0x4e,0x27}, {0xb2,0xcd,0x7f,0xb2}, {0x75,0x9f,0xea,0x75},
-{0x09,0x1b,0x12,0x09}, {0x83,0x9e,0x1d,0x83}, {0x2c,0x74,0x58,0x2c}, {0x1a,0x2e,0x34,0x1a},
-{0x1b,0x2d,0x36,0x1b}, {0x6e,0xb2,0xdc,0x6e}, {0x5a,0xee,0xb4,0x5a}, {0xa0,0xfb,0x5b,0xa0},
-{0x52,0xf6,0xa4,0x52}, {0x3b,0x4d,0x76,0x3b}, {0xd6,0x61,0xb7,0xd6}, {0xb3,0xce,0x7d,0xb3},
-{0x29,0x7b,0x52,0x29}, {0xe3,0x3e,0xdd,0xe3}, {0x2f,0x71,0x5e,0x2f}, {0x84,0x97,0x13,0x84},
-{0x53,0xf5,0xa6,0x53}, {0xd1,0x68,0xb9,0xd1}, {0x00,0x00,0x00,0x00}, {0xed,0x2c,0xc1,0xed},
-{0x20,0x60,0x40,0x20}, {0xfc,0x1f,0xe3,0xfc}, {0xb1,0xc8,0x79,0xb1}, {0x5b,0xed,0xb6,0x5b},
-{0x6a,0xbe,0xd4,0x6a}, {0xcb,0x46,0x8d,0xcb}, {0xbe,0xd9,0x67,0xbe}, {0x39,0x4b,0x72,0x39},
-{0x4a,0xde,0x94,0x4a}, {0x4c,0xd4,0x98,0x4c}, {0x58,0xe8,0xb0,0x58}, {0xcf,0x4a,0x85,0xcf},
-{0xd0,0x6b,0xbb,0xd0}, {0xef,0x2a,0xc5,0xef}, {0xaa,0xe5,0x4f,0xaa}, {0xfb,0x16,0xed,0xfb},
-{0x43,0xc5,0x86,0x43}, {0x4d,0xd7,0x9a,0x4d}, {0x33,0x55,0x66,0x33}, {0x85,0x94,0x11,0x85},
-{0x45,0xcf,0x8a,0x45}, {0xf9,0x10,0xe9,0xf9}, {0x02,0x06,0x04,0x02}, {0x7f,0x81,0xfe,0x7f},
-{0x50,0xf0,0xa0,0x50}, {0x3c,0x44,0x78,0x3c}, {0x9f,0xba,0x25,0x9f}, {0xa8,0xe3,0x4b,0xa8},
-{0x51,0xf3,0xa2,0x51}, {0xa3,0xfe,0x5d,0xa3}, {0x40,0xc0,0x80,0x40}, {0x8f,0x8a,0x05,0x8f},
-{0x92,0xad,0x3f,0x92}, {0x9d,0xbc,0x21,0x9d}, {0x38,0x48,0x70,0x38}, {0xf5,0x04,0xf1,0xf5},
-{0xbc,0xdf,0x63,0xbc}, {0xb6,0xc1,0x77,0xb6}, {0xda,0x75,0xaf,0xda}, {0x21,0x63,0x42,0x21},
-{0x10,0x30,0x20,0x10}, {0xff,0x1a,0xe5,0xff}, {0xf3,0x0e,0xfd,0xf3}, {0xd2,0x6d,0xbf,0xd2},
-{0xcd,0x4c,0x81,0xcd}, {0x0c,0x14,0x18,0x0c}, {0x13,0x35,0x26,0x13}, {0xec,0x2f,0xc3,0xec},
-{0x5f,0xe1,0xbe,0x5f}, {0x97,0xa2,0x35,0x97}, {0x44,0xcc,0x88,0x44}, {0x17,0x39,0x2e,0x17},
-{0xc4,0x57,0x93,0xc4}, {0xa7,0xf2,0x55,0xa7}, {0x7e,0x82,0xfc,0x7e}, {0x3d,0x47,0x7a,0x3d},
-{0x64,0xac,0xc8,0x64}, {0x5d,0xe7,0xba,0x5d}, {0x19,0x2b,0x32,0x19}, {0x73,0x95,0xe6,0x73},
-{0x60,0xa0,0xc0,0x60}, {0x81,0x98,0x19,0x81}, {0x4f,0xd1,0x9e,0x4f}, {0xdc,0x7f,0xa3,0xdc},
-{0x22,0x66,0x44,0x22}, {0x2a,0x7e,0x54,0x2a}, {0x90,0xab,0x3b,0x90}, {0x88,0x83,0x0b,0x88},
-{0x46,0xca,0x8c,0x46}, {0xee,0x29,0xc7,0xee}, {0xb8,0xd3,0x6b,0xb8}, {0x14,0x3c,0x28,0x14},
-{0xde,0x79,0xa7,0xde}, {0x5e,0xe2,0xbc,0x5e}, {0x0b,0x1d,0x16,0x0b}, {0xdb,0x76,0xad,0xdb},
-{0xe0,0x3b,0xdb,0xe0}, {0x32,0x56,0x64,0x32}, {0x3a,0x4e,0x74,0x3a}, {0x0a,0x1e,0x14,0x0a},
-{0x49,0xdb,0x92,0x49}, {0x06,0x0a,0x0c,0x06}, {0x24,0x6c,0x48,0x24}, {0x5c,0xe4,0xb8,0x5c},
-{0xc2,0x5d,0x9f,0xc2}, {0xd3,0x6e,0xbd,0xd3}, {0xac,0xef,0x43,0xac}, {0x62,0xa6,0xc4,0x62},
-{0x91,0xa8,0x39,0x91}, {0x95,0xa4,0x31,0x95}, {0xe4,0x37,0xd3,0xe4}, {0x79,0x8b,0xf2,0x79},
-{0xe7,0x32,0xd5,0xe7}, {0xc8,0x43,0x8b,0xc8}, {0x37,0x59,0x6e,0x37}, {0x6d,0xb7,0xda,0x6d},
-{0x8d,0x8c,0x01,0x8d}, {0xd5,0x64,0xb1,0xd5}, {0x4e,0xd2,0x9c,0x4e}, {0xa9,0xe0,0x49,0xa9},
-{0x6c,0xb4,0xd8,0x6c}, {0x56,0xfa,0xac,0x56}, {0xf4,0x07,0xf3,0xf4}, {0xea,0x25,0xcf,0xea},
-{0x65,0xaf,0xca,0x65}, {0x7a,0x8e,0xf4,0x7a}, {0xae,0xe9,0x47,0xae}, {0x08,0x18,0x10,0x08},
-{0xba,0xd5,0x6f,0xba}, {0x78,0x88,0xf0,0x78}, {0x25,0x6f,0x4a,0x25}, {0x2e,0x72,0x5c,0x2e},
-{0x1c,0x24,0x38,0x1c}, {0xa6,0xf1,0x57,0xa6}, {0xb4,0xc7,0x73,0xb4}, {0xc6,0x51,0x97,0xc6},
-{0xe8,0x23,0xcb,0xe8}, {0xdd,0x7c,0xa1,0xdd}, {0x74,0x9c,0xe8,0x74}, {0x1f,0x21,0x3e,0x1f},
-{0x4b,0xdd,0x96,0x4b}, {0xbd,0xdc,0x61,0xbd}, {0x8b,0x86,0x0d,0x8b}, {0x8a,0x85,0x0f,0x8a},
-{0x70,0x90,0xe0,0x70}, {0x3e,0x42,0x7c,0x3e}, {0xb5,0xc4,0x71,0xb5}, {0x66,0xaa,0xcc,0x66},
-{0x48,0xd8,0x90,0x48}, {0x03,0x05,0x06,0x03}, {0xf6,0x01,0xf7,0xf6}, {0x0e,0x12,0x1c,0x0e},
-{0x61,0xa3,0xc2,0x61}, {0x35,0x5f,0x6a,0x35}, {0x57,0xf9,0xae,0x57}, {0xb9,0xd0,0x69,0xb9},
-{0x86,0x91,0x17,0x86}, {0xc1,0x58,0x99,0xc1}, {0x1d,0x27,0x3a,0x1d}, {0x9e,0xb9,0x27,0x9e},
-{0xe1,0x38,0xd9,0xe1}, {0xf8,0x13,0xeb,0xf8}, {0x98,0xb3,0x2b,0x98}, {0x11,0x33,0x22,0x11},
-{0x69,0xbb,0xd2,0x69}, {0xd9,0x70,0xa9,0xd9}, {0x8e,0x89,0x07,0x8e}, {0x94,0xa7,0x33,0x94},
-{0x9b,0xb6,0x2d,0x9b}, {0x1e,0x22,0x3c,0x1e}, {0x87,0x92,0x15,0x87}, {0xe9,0x20,0xc9,0xe9},
-{0xce,0x49,0x87,0xce}, {0x55,0xff,0xaa,0x55}, {0x28,0x78,0x50,0x28}, {0xdf,0x7a,0xa5,0xdf},
-{0x8c,0x8f,0x03,0x8c}, {0xa1,0xf8,0x59,0xa1}, {0x89,0x80,0x09,0x89}, {0x0d,0x17,0x1a,0x0d},
-{0xbf,0xda,0x65,0xbf}, {0xe6,0x31,0xd7,0xe6}, {0x42,0xc6,0x84,0x42}, {0x68,0xb8,0xd0,0x68},
-{0x41,0xc3,0x82,0x41}, {0x99,0xb0,0x29,0x99}, {0x2d,0x77,0x5a,0x2d}, {0x0f,0x11,0x1e,0x0f},
-{0xb0,0xcb,0x7b,0xb0}, {0x54,0xfc,0xa8,0x54}, {0xbb,0xd6,0x6d,0xbb}, {0x16,0x3a,0x2c,0x16}
-       }
-};
-#define        T3      xT3.xt8
-
-static const union xtab xT4 = {
-       .xt8 = {
-{0x63,0x63,0xa5,0xc6}, {0x7c,0x7c,0x84,0xf8}, {0x77,0x77,0x99,0xee}, {0x7b,0x7b,0x8d,0xf6},
-{0xf2,0xf2,0x0d,0xff}, {0x6b,0x6b,0xbd,0xd6}, {0x6f,0x6f,0xb1,0xde}, {0xc5,0xc5,0x54,0x91},
-{0x30,0x30,0x50,0x60}, {0x01,0x01,0x03,0x02}, {0x67,0x67,0xa9,0xce}, {0x2b,0x2b,0x7d,0x56},
-{0xfe,0xfe,0x19,0xe7}, {0xd7,0xd7,0x62,0xb5}, {0xab,0xab,0xe6,0x4d}, {0x76,0x76,0x9a,0xec},
-{0xca,0xca,0x45,0x8f}, {0x82,0x82,0x9d,0x1f}, {0xc9,0xc9,0x40,0x89}, {0x7d,0x7d,0x87,0xfa},
-{0xfa,0xfa,0x15,0xef}, {0x59,0x59,0xeb,0xb2}, {0x47,0x47,0xc9,0x8e}, {0xf0,0xf0,0x0b,0xfb},
-{0xad,0xad,0xec,0x41}, {0xd4,0xd4,0x67,0xb3}, {0xa2,0xa2,0xfd,0x5f}, {0xaf,0xaf,0xea,0x45},
-{0x9c,0x9c,0xbf,0x23}, {0xa4,0xa4,0xf7,0x53}, {0x72,0x72,0x96,0xe4}, {0xc0,0xc0,0x5b,0x9b},
-{0xb7,0xb7,0xc2,0x75}, {0xfd,0xfd,0x1c,0xe1}, {0x93,0x93,0xae,0x3d}, {0x26,0x26,0x6a,0x4c},
-{0x36,0x36,0x5a,0x6c}, {0x3f,0x3f,0x41,0x7e}, {0xf7,0xf7,0x02,0xf5}, {0xcc,0xcc,0x4f,0x83},
-{0x34,0x34,0x5c,0x68}, {0xa5,0xa5,0xf4,0x51}, {0xe5,0xe5,0x34,0xd1}, {0xf1,0xf1,0x08,0xf9},
-{0x71,0x71,0x93,0xe2}, {0xd8,0xd8,0x73,0xab}, {0x31,0x31,0x53,0x62}, {0x15,0x15,0x3f,0x2a},
-{0x04,0x04,0x0c,0x08}, {0xc7,0xc7,0x52,0x95}, {0x23,0x23,0x65,0x46}, {0xc3,0xc3,0x5e,0x9d},
-{0x18,0x18,0x28,0x30}, {0x96,0x96,0xa1,0x37}, {0x05,0x05,0x0f,0x0a}, {0x9a,0x9a,0xb5,0x2f},
-{0x07,0x07,0x09,0x0e}, {0x12,0x12,0x36,0x24}, {0x80,0x80,0x9b,0x1b}, {0xe2,0xe2,0x3d,0xdf},
-{0xeb,0xeb,0x26,0xcd}, {0x27,0x27,0x69,0x4e}, {0xb2,0xb2,0xcd,0x7f}, {0x75,0x75,0x9f,0xea},
-{0x09,0x09,0x1b,0x12}, {0x83,0x83,0x9e,0x1d}, {0x2c,0x2c,0x74,0x58}, {0x1a,0x1a,0x2e,0x34},
-{0x1b,0x1b,0x2d,0x36}, {0x6e,0x6e,0xb2,0xdc}, {0x5a,0x5a,0xee,0xb4}, {0xa0,0xa0,0xfb,0x5b},
-{0x52,0x52,0xf6,0xa4}, {0x3b,0x3b,0x4d,0x76}, {0xd6,0xd6,0x61,0xb7}, {0xb3,0xb3,0xce,0x7d},
-{0x29,0x29,0x7b,0x52}, {0xe3,0xe3,0x3e,0xdd}, {0x2f,0x2f,0x71,0x5e}, {0x84,0x84,0x97,0x13},
-{0x53,0x53,0xf5,0xa6}, {0xd1,0xd1,0x68,0xb9}, {0x00,0x00,0x00,0x00}, {0xed,0xed,0x2c,0xc1},
-{0x20,0x20,0x60,0x40}, {0xfc,0xfc,0x1f,0xe3}, {0xb1,0xb1,0xc8,0x79}, {0x5b,0x5b,0xed,0xb6},
-{0x6a,0x6a,0xbe,0xd4}, {0xcb,0xcb,0x46,0x8d}, {0xbe,0xbe,0xd9,0x67}, {0x39,0x39,0x4b,0x72},
-{0x4a,0x4a,0xde,0x94}, {0x4c,0x4c,0xd4,0x98}, {0x58,0x58,0xe8,0xb0}, {0xcf,0xcf,0x4a,0x85},
-{0xd0,0xd0,0x6b,0xbb}, {0xef,0xef,0x2a,0xc5}, {0xaa,0xaa,0xe5,0x4f}, {0xfb,0xfb,0x16,0xed},
-{0x43,0x43,0xc5,0x86}, {0x4d,0x4d,0xd7,0x9a}, {0x33,0x33,0x55,0x66}, {0x85,0x85,0x94,0x11},
-{0x45,0x45,0xcf,0x8a}, {0xf9,0xf9,0x10,0xe9}, {0x02,0x02,0x06,0x04}, {0x7f,0x7f,0x81,0xfe},
-{0x50,0x50,0xf0,0xa0}, {0x3c,0x3c,0x44,0x78}, {0x9f,0x9f,0xba,0x25}, {0xa8,0xa8,0xe3,0x4b},
-{0x51,0x51,0xf3,0xa2}, {0xa3,0xa3,0xfe,0x5d}, {0x40,0x40,0xc0,0x80}, {0x8f,0x8f,0x8a,0x05},
-{0x92,0x92,0xad,0x3f}, {0x9d,0x9d,0xbc,0x21}, {0x38,0x38,0x48,0x70}, {0xf5,0xf5,0x04,0xf1},
-{0xbc,0xbc,0xdf,0x63}, {0xb6,0xb6,0xc1,0x77}, {0xda,0xda,0x75,0xaf}, {0x21,0x21,0x63,0x42},
-{0x10,0x10,0x30,0x20}, {0xff,0xff,0x1a,0xe5}, {0xf3,0xf3,0x0e,0xfd}, {0xd2,0xd2,0x6d,0xbf},
-{0xcd,0xcd,0x4c,0x81}, {0x0c,0x0c,0x14,0x18}, {0x13,0x13,0x35,0x26}, {0xec,0xec,0x2f,0xc3},
-{0x5f,0x5f,0xe1,0xbe}, {0x97,0x97,0xa2,0x35}, {0x44,0x44,0xcc,0x88}, {0x17,0x17,0x39,0x2e},
-{0xc4,0xc4,0x57,0x93}, {0xa7,0xa7,0xf2,0x55}, {0x7e,0x7e,0x82,0xfc}, {0x3d,0x3d,0x47,0x7a},
-{0x64,0x64,0xac,0xc8}, {0x5d,0x5d,0xe7,0xba}, {0x19,0x19,0x2b,0x32}, {0x73,0x73,0x95,0xe6},
-{0x60,0x60,0xa0,0xc0}, {0x81,0x81,0x98,0x19}, {0x4f,0x4f,0xd1,0x9e}, {0xdc,0xdc,0x7f,0xa3},
-{0x22,0x22,0x66,0x44}, {0x2a,0x2a,0x7e,0x54}, {0x90,0x90,0xab,0x3b}, {0x88,0x88,0x83,0x0b},
-{0x46,0x46,0xca,0x8c}, {0xee,0xee,0x29,0xc7}, {0xb8,0xb8,0xd3,0x6b}, {0x14,0x14,0x3c,0x28},
-{0xde,0xde,0x79,0xa7}, {0x5e,0x5e,0xe2,0xbc}, {0x0b,0x0b,0x1d,0x16}, {0xdb,0xdb,0x76,0xad},
-{0xe0,0xe0,0x3b,0xdb}, {0x32,0x32,0x56,0x64}, {0x3a,0x3a,0x4e,0x74}, {0x0a,0x0a,0x1e,0x14},
-{0x49,0x49,0xdb,0x92}, {0x06,0x06,0x0a,0x0c}, {0x24,0x24,0x6c,0x48}, {0x5c,0x5c,0xe4,0xb8},
-{0xc2,0xc2,0x5d,0x9f}, {0xd3,0xd3,0x6e,0xbd}, {0xac,0xac,0xef,0x43}, {0x62,0x62,0xa6,0xc4},
-{0x91,0x91,0xa8,0x39}, {0x95,0x95,0xa4,0x31}, {0xe4,0xe4,0x37,0xd3}, {0x79,0x79,0x8b,0xf2},
-{0xe7,0xe7,0x32,0xd5}, {0xc8,0xc8,0x43,0x8b}, {0x37,0x37,0x59,0x6e}, {0x6d,0x6d,0xb7,0xda},
-{0x8d,0x8d,0x8c,0x01}, {0xd5,0xd5,0x64,0xb1}, {0x4e,0x4e,0xd2,0x9c}, {0xa9,0xa9,0xe0,0x49},
-{0x6c,0x6c,0xb4,0xd8}, {0x56,0x56,0xfa,0xac}, {0xf4,0xf4,0x07,0xf3}, {0xea,0xea,0x25,0xcf},
-{0x65,0x65,0xaf,0xca}, {0x7a,0x7a,0x8e,0xf4}, {0xae,0xae,0xe9,0x47}, {0x08,0x08,0x18,0x10},
-{0xba,0xba,0xd5,0x6f}, {0x78,0x78,0x88,0xf0}, {0x25,0x25,0x6f,0x4a}, {0x2e,0x2e,0x72,0x5c},
-{0x1c,0x1c,0x24,0x38}, {0xa6,0xa6,0xf1,0x57}, {0xb4,0xb4,0xc7,0x73}, {0xc6,0xc6,0x51,0x97},
-{0xe8,0xe8,0x23,0xcb}, {0xdd,0xdd,0x7c,0xa1}, {0x74,0x74,0x9c,0xe8}, {0x1f,0x1f,0x21,0x3e},
-{0x4b,0x4b,0xdd,0x96}, {0xbd,0xbd,0xdc,0x61}, {0x8b,0x8b,0x86,0x0d}, {0x8a,0x8a,0x85,0x0f},
-{0x70,0x70,0x90,0xe0}, {0x3e,0x3e,0x42,0x7c}, {0xb5,0xb5,0xc4,0x71}, {0x66,0x66,0xaa,0xcc},
-{0x48,0x48,0xd8,0x90}, {0x03,0x03,0x05,0x06}, {0xf6,0xf6,0x01,0xf7}, {0x0e,0x0e,0x12,0x1c},
-{0x61,0x61,0xa3,0xc2}, {0x35,0x35,0x5f,0x6a}, {0x57,0x57,0xf9,0xae}, {0xb9,0xb9,0xd0,0x69},
-{0x86,0x86,0x91,0x17}, {0xc1,0xc1,0x58,0x99}, {0x1d,0x1d,0x27,0x3a}, {0x9e,0x9e,0xb9,0x27},
-{0xe1,0xe1,0x38,0xd9}, {0xf8,0xf8,0x13,0xeb}, {0x98,0x98,0xb3,0x2b}, {0x11,0x11,0x33,0x22},
-{0x69,0x69,0xbb,0xd2}, {0xd9,0xd9,0x70,0xa9}, {0x8e,0x8e,0x89,0x07}, {0x94,0x94,0xa7,0x33},
-{0x9b,0x9b,0xb6,0x2d}, {0x1e,0x1e,0x22,0x3c}, {0x87,0x87,0x92,0x15}, {0xe9,0xe9,0x20,0xc9},
-{0xce,0xce,0x49,0x87}, {0x55,0x55,0xff,0xaa}, {0x28,0x28,0x78,0x50}, {0xdf,0xdf,0x7a,0xa5},
-{0x8c,0x8c,0x8f,0x03}, {0xa1,0xa1,0xf8,0x59}, {0x89,0x89,0x80,0x09}, {0x0d,0x0d,0x17,0x1a},
-{0xbf,0xbf,0xda,0x65}, {0xe6,0xe6,0x31,0xd7}, {0x42,0x42,0xc6,0x84}, {0x68,0x68,0xb8,0xd0},
-{0x41,0x41,0xc3,0x82}, {0x99,0x99,0xb0,0x29}, {0x2d,0x2d,0x77,0x5a}, {0x0f,0x0f,0x11,0x1e},
-{0xb0,0xb0,0xcb,0x7b}, {0x54,0x54,0xfc,0xa8}, {0xbb,0xbb,0xd6,0x6d}, {0x16,0x16,0x3a,0x2c}
-       }
-};
-#define        T4      xT4.xt8
-
-static const union xtab xT5 = {
-       .xt8 = {
-{0x51,0xf4,0xa7,0x50}, {0x7e,0x41,0x65,0x53}, {0x1a,0x17,0xa4,0xc3}, {0x3a,0x27,0x5e,0x96},
-{0x3b,0xab,0x6b,0xcb}, {0x1f,0x9d,0x45,0xf1}, {0xac,0xfa,0x58,0xab}, {0x4b,0xe3,0x03,0x93},
-{0x20,0x30,0xfa,0x55}, {0xad,0x76,0x6d,0xf6}, {0x88,0xcc,0x76,0x91}, {0xf5,0x02,0x4c,0x25},
-{0x4f,0xe5,0xd7,0xfc}, {0xc5,0x2a,0xcb,0xd7}, {0x26,0x35,0x44,0x80}, {0xb5,0x62,0xa3,0x8f},
-{0xde,0xb1,0x5a,0x49}, {0x25,0xba,0x1b,0x67}, {0x45,0xea,0x0e,0x98}, {0x5d,0xfe,0xc0,0xe1},
-{0xc3,0x2f,0x75,0x02}, {0x81,0x4c,0xf0,0x12}, {0x8d,0x46,0x97,0xa3}, {0x6b,0xd3,0xf9,0xc6},
-{0x03,0x8f,0x5f,0xe7}, {0x15,0x92,0x9c,0x95}, {0xbf,0x6d,0x7a,0xeb}, {0x95,0x52,0x59,0xda},
-{0xd4,0xbe,0x83,0x2d}, {0x58,0x74,0x21,0xd3}, {0x49,0xe0,0x69,0x29}, {0x8e,0xc9,0xc8,0x44},
-{0x75,0xc2,0x89,0x6a}, {0xf4,0x8e,0x79,0x78}, {0x99,0x58,0x3e,0x6b}, {0x27,0xb9,0x71,0xdd},
-{0xbe,0xe1,0x4f,0xb6}, {0xf0,0x88,0xad,0x17}, {0xc9,0x20,0xac,0x66}, {0x7d,0xce,0x3a,0xb4},
-{0x63,0xdf,0x4a,0x18}, {0xe5,0x1a,0x31,0x82}, {0x97,0x51,0x33,0x60}, {0x62,0x53,0x7f,0x45},
-{0xb1,0x64,0x77,0xe0}, {0xbb,0x6b,0xae,0x84}, {0xfe,0x81,0xa0,0x1c}, {0xf9,0x08,0x2b,0x94},
-{0x70,0x48,0x68,0x58}, {0x8f,0x45,0xfd,0x19}, {0x94,0xde,0x6c,0x87}, {0x52,0x7b,0xf8,0xb7},
-{0xab,0x73,0xd3,0x23}, {0x72,0x4b,0x02,0xe2}, {0xe3,0x1f,0x8f,0x57}, {0x66,0x55,0xab,0x2a},
-{0xb2,0xeb,0x28,0x07}, {0x2f,0xb5,0xc2,0x03}, {0x86,0xc5,0x7b,0x9a}, {0xd3,0x37,0x08,0xa5},
-{0x30,0x28,0x87,0xf2}, {0x23,0xbf,0xa5,0xb2}, {0x02,0x03,0x6a,0xba}, {0xed,0x16,0x82,0x5c},
-{0x8a,0xcf,0x1c,0x2b}, {0xa7,0x79,0xb4,0x92}, {0xf3,0x07,0xf2,0xf0}, {0x4e,0x69,0xe2,0xa1},
-{0x65,0xda,0xf4,0xcd}, {0x06,0x05,0xbe,0xd5}, {0xd1,0x34,0x62,0x1f}, {0xc4,0xa6,0xfe,0x8a},
-{0x34,0x2e,0x53,0x9d}, {0xa2,0xf3,0x55,0xa0}, {0x05,0x8a,0xe1,0x32}, {0xa4,0xf6,0xeb,0x75},
-{0x0b,0x83,0xec,0x39}, {0x40,0x60,0xef,0xaa}, {0x5e,0x71,0x9f,0x06}, {0xbd,0x6e,0x10,0x51},
-{0x3e,0x21,0x8a,0xf9}, {0x96,0xdd,0x06,0x3d}, {0xdd,0x3e,0x05,0xae}, {0x4d,0xe6,0xbd,0x46},
-{0x91,0x54,0x8d,0xb5}, {0x71,0xc4,0x5d,0x05}, {0x04,0x06,0xd4,0x6f}, {0x60,0x50,0x15,0xff},
-{0x19,0x98,0xfb,0x24}, {0xd6,0xbd,0xe9,0x97}, {0x89,0x40,0x43,0xcc}, {0x67,0xd9,0x9e,0x77},
-{0xb0,0xe8,0x42,0xbd}, {0x07,0x89,0x8b,0x88}, {0xe7,0x19,0x5b,0x38}, {0x79,0xc8,0xee,0xdb},
-{0xa1,0x7c,0x0a,0x47}, {0x7c,0x42,0x0f,0xe9}, {0xf8,0x84,0x1e,0xc9}, {0x00,0x00,0x00,0x00},
-{0x09,0x80,0x86,0x83}, {0x32,0x2b,0xed,0x48}, {0x1e,0x11,0x70,0xac}, {0x6c,0x5a,0x72,0x4e},
-{0xfd,0x0e,0xff,0xfb}, {0x0f,0x85,0x38,0x56}, {0x3d,0xae,0xd5,0x1e}, {0x36,0x2d,0x39,0x27},
-{0x0a,0x0f,0xd9,0x64}, {0x68,0x5c,0xa6,0x21}, {0x9b,0x5b,0x54,0xd1}, {0x24,0x36,0x2e,0x3a},
-{0x0c,0x0a,0x67,0xb1}, {0x93,0x57,0xe7,0x0f}, {0xb4,0xee,0x96,0xd2}, {0x1b,0x9b,0x91,0x9e},
-{0x80,0xc0,0xc5,0x4f}, {0x61,0xdc,0x20,0xa2}, {0x5a,0x77,0x4b,0x69}, {0x1c,0x12,0x1a,0x16},
-{0xe2,0x93,0xba,0x0a}, {0xc0,0xa0,0x2a,0xe5}, {0x3c,0x22,0xe0,0x43}, {0x12,0x1b,0x17,0x1d},
-{0x0e,0x09,0x0d,0x0b}, {0xf2,0x8b,0xc7,0xad}, {0x2d,0xb6,0xa8,0xb9}, {0x14,0x1e,0xa9,0xc8},
-{0x57,0xf1,0x19,0x85}, {0xaf,0x75,0x07,0x4c}, {0xee,0x99,0xdd,0xbb}, {0xa3,0x7f,0x60,0xfd},
-{0xf7,0x01,0x26,0x9f}, {0x5c,0x72,0xf5,0xbc}, {0x44,0x66,0x3b,0xc5}, {0x5b,0xfb,0x7e,0x34},
-{0x8b,0x43,0x29,0x76}, {0xcb,0x23,0xc6,0xdc}, {0xb6,0xed,0xfc,0x68}, {0xb8,0xe4,0xf1,0x63},
-{0xd7,0x31,0xdc,0xca}, {0x42,0x63,0x85,0x10}, {0x13,0x97,0x22,0x40}, {0x84,0xc6,0x11,0x20},
-{0x85,0x4a,0x24,0x7d}, {0xd2,0xbb,0x3d,0xf8}, {0xae,0xf9,0x32,0x11}, {0xc7,0x29,0xa1,0x6d},
-{0x1d,0x9e,0x2f,0x4b}, {0xdc,0xb2,0x30,0xf3}, {0x0d,0x86,0x52,0xec}, {0x77,0xc1,0xe3,0xd0},
-{0x2b,0xb3,0x16,0x6c}, {0xa9,0x70,0xb9,0x99}, {0x11,0x94,0x48,0xfa}, {0x47,0xe9,0x64,0x22},
-{0xa8,0xfc,0x8c,0xc4}, {0xa0,0xf0,0x3f,0x1a}, {0x56,0x7d,0x2c,0xd8}, {0x22,0x33,0x90,0xef},
-{0x87,0x49,0x4e,0xc7}, {0xd9,0x38,0xd1,0xc1}, {0x8c,0xca,0xa2,0xfe}, {0x98,0xd4,0x0b,0x36},
-{0xa6,0xf5,0x81,0xcf}, {0xa5,0x7a,0xde,0x28}, {0xda,0xb7,0x8e,0x26}, {0x3f,0xad,0xbf,0xa4},
-{0x2c,0x3a,0x9d,0xe4}, {0x50,0x78,0x92,0x0d}, {0x6a,0x5f,0xcc,0x9b}, {0x54,0x7e,0x46,0x62},
-{0xf6,0x8d,0x13,0xc2}, {0x90,0xd8,0xb8,0xe8}, {0x2e,0x39,0xf7,0x5e}, {0x82,0xc3,0xaf,0xf5},
-{0x9f,0x5d,0x80,0xbe}, {0x69,0xd0,0x93,0x7c}, {0x6f,0xd5,0x2d,0xa9}, {0xcf,0x25,0x12,0xb3},
-{0xc8,0xac,0x99,0x3b}, {0x10,0x18,0x7d,0xa7}, {0xe8,0x9c,0x63,0x6e}, {0xdb,0x3b,0xbb,0x7b},
-{0xcd,0x26,0x78,0x09}, {0x6e,0x59,0x18,0xf4}, {0xec,0x9a,0xb7,0x01}, {0x83,0x4f,0x9a,0xa8},
-{0xe6,0x95,0x6e,0x65}, {0xaa,0xff,0xe6,0x7e}, {0x21,0xbc,0xcf,0x08}, {0xef,0x15,0xe8,0xe6},
-{0xba,0xe7,0x9b,0xd9}, {0x4a,0x6f,0x36,0xce}, {0xea,0x9f,0x09,0xd4}, {0x29,0xb0,0x7c,0xd6},
-{0x31,0xa4,0xb2,0xaf}, {0x2a,0x3f,0x23,0x31}, {0xc6,0xa5,0x94,0x30}, {0x35,0xa2,0x66,0xc0},
-{0x74,0x4e,0xbc,0x37}, {0xfc,0x82,0xca,0xa6}, {0xe0,0x90,0xd0,0xb0}, {0x33,0xa7,0xd8,0x15},
-{0xf1,0x04,0x98,0x4a}, {0x41,0xec,0xda,0xf7}, {0x7f,0xcd,0x50,0x0e}, {0x17,0x91,0xf6,0x2f},
-{0x76,0x4d,0xd6,0x8d}, {0x43,0xef,0xb0,0x4d}, {0xcc,0xaa,0x4d,0x54}, {0xe4,0x96,0x04,0xdf},
-{0x9e,0xd1,0xb5,0xe3}, {0x4c,0x6a,0x88,0x1b}, {0xc1,0x2c,0x1f,0xb8}, {0x46,0x65,0x51,0x7f},
-{0x9d,0x5e,0xea,0x04}, {0x01,0x8c,0x35,0x5d}, {0xfa,0x87,0x74,0x73}, {0xfb,0x0b,0x41,0x2e},
-{0xb3,0x67,0x1d,0x5a}, {0x92,0xdb,0xd2,0x52}, {0xe9,0x10,0x56,0x33}, {0x6d,0xd6,0x47,0x13},
-{0x9a,0xd7,0x61,0x8c}, {0x37,0xa1,0x0c,0x7a}, {0x59,0xf8,0x14,0x8e}, {0xeb,0x13,0x3c,0x89},
-{0xce,0xa9,0x27,0xee}, {0xb7,0x61,0xc9,0x35}, {0xe1,0x1c,0xe5,0xed}, {0x7a,0x47,0xb1,0x3c},
-{0x9c,0xd2,0xdf,0x59}, {0x55,0xf2,0x73,0x3f}, {0x18,0x14,0xce,0x79}, {0x73,0xc7,0x37,0xbf},
-{0x53,0xf7,0xcd,0xea}, {0x5f,0xfd,0xaa,0x5b}, {0xdf,0x3d,0x6f,0x14}, {0x78,0x44,0xdb,0x86},
-{0xca,0xaf,0xf3,0x81}, {0xb9,0x68,0xc4,0x3e}, {0x38,0x24,0x34,0x2c}, {0xc2,0xa3,0x40,0x5f},
-{0x16,0x1d,0xc3,0x72}, {0xbc,0xe2,0x25,0x0c}, {0x28,0x3c,0x49,0x8b}, {0xff,0x0d,0x95,0x41},
-{0x39,0xa8,0x01,0x71}, {0x08,0x0c,0xb3,0xde}, {0xd8,0xb4,0xe4,0x9c}, {0x64,0x56,0xc1,0x90},
-{0x7b,0xcb,0x84,0x61}, {0xd5,0x32,0xb6,0x70}, {0x48,0x6c,0x5c,0x74}, {0xd0,0xb8,0x57,0x42}
-       }
-};
-#define        T5      xT5.xt8
-
-static const union xtab xT6 = {
-       .xt8 = {
-{0x50,0x51,0xf4,0xa7}, {0x53,0x7e,0x41,0x65}, {0xc3,0x1a,0x17,0xa4}, {0x96,0x3a,0x27,0x5e},
-{0xcb,0x3b,0xab,0x6b}, {0xf1,0x1f,0x9d,0x45}, {0xab,0xac,0xfa,0x58}, {0x93,0x4b,0xe3,0x03},
-{0x55,0x20,0x30,0xfa}, {0xf6,0xad,0x76,0x6d}, {0x91,0x88,0xcc,0x76}, {0x25,0xf5,0x02,0x4c},
-{0xfc,0x4f,0xe5,0xd7}, {0xd7,0xc5,0x2a,0xcb}, {0x80,0x26,0x35,0x44}, {0x8f,0xb5,0x62,0xa3},
-{0x49,0xde,0xb1,0x5a}, {0x67,0x25,0xba,0x1b}, {0x98,0x45,0xea,0x0e}, {0xe1,0x5d,0xfe,0xc0},
-{0x02,0xc3,0x2f,0x75}, {0x12,0x81,0x4c,0xf0}, {0xa3,0x8d,0x46,0x97}, {0xc6,0x6b,0xd3,0xf9},
-{0xe7,0x03,0x8f,0x5f}, {0x95,0x15,0x92,0x9c}, {0xeb,0xbf,0x6d,0x7a}, {0xda,0x95,0x52,0x59},
-{0x2d,0xd4,0xbe,0x83}, {0xd3,0x58,0x74,0x21}, {0x29,0x49,0xe0,0x69}, {0x44,0x8e,0xc9,0xc8},
-{0x6a,0x75,0xc2,0x89}, {0x78,0xf4,0x8e,0x79}, {0x6b,0x99,0x58,0x3e}, {0xdd,0x27,0xb9,0x71},
-{0xb6,0xbe,0xe1,0x4f}, {0x17,0xf0,0x88,0xad}, {0x66,0xc9,0x20,0xac}, {0xb4,0x7d,0xce,0x3a},
-{0x18,0x63,0xdf,0x4a}, {0x82,0xe5,0x1a,0x31}, {0x60,0x97,0x51,0x33}, {0x45,0x62,0x53,0x7f},
-{0xe0,0xb1,0x64,0x77}, {0x84,0xbb,0x6b,0xae}, {0x1c,0xfe,0x81,0xa0}, {0x94,0xf9,0x08,0x2b},
-{0x58,0x70,0x48,0x68}, {0x19,0x8f,0x45,0xfd}, {0x87,0x94,0xde,0x6c}, {0xb7,0x52,0x7b,0xf8},
-{0x23,0xab,0x73,0xd3}, {0xe2,0x72,0x4b,0x02}, {0x57,0xe3,0x1f,0x8f}, {0x2a,0x66,0x55,0xab},
-{0x07,0xb2,0xeb,0x28}, {0x03,0x2f,0xb5,0xc2}, {0x9a,0x86,0xc5,0x7b}, {0xa5,0xd3,0x37,0x08},
-{0xf2,0x30,0x28,0x87}, {0xb2,0x23,0xbf,0xa5}, {0xba,0x02,0x03,0x6a}, {0x5c,0xed,0x16,0x82},
-{0x2b,0x8a,0xcf,0x1c}, {0x92,0xa7,0x79,0xb4}, {0xf0,0xf3,0x07,0xf2}, {0xa1,0x4e,0x69,0xe2},
-{0xcd,0x65,0xda,0xf4}, {0xd5,0x06,0x05,0xbe}, {0x1f,0xd1,0x34,0x62}, {0x8a,0xc4,0xa6,0xfe},
-{0x9d,0x34,0x2e,0x53}, {0xa0,0xa2,0xf3,0x55}, {0x32,0x05,0x8a,0xe1}, {0x75,0xa4,0xf6,0xeb},
-{0x39,0x0b,0x83,0xec}, {0xaa,0x40,0x60,0xef}, {0x06,0x5e,0x71,0x9f}, {0x51,0xbd,0x6e,0x10},
-{0xf9,0x3e,0x21,0x8a}, {0x3d,0x96,0xdd,0x06}, {0xae,0xdd,0x3e,0x05}, {0x46,0x4d,0xe6,0xbd},
-{0xb5,0x91,0x54,0x8d}, {0x05,0x71,0xc4,0x5d}, {0x6f,0x04,0x06,0xd4}, {0xff,0x60,0x50,0x15},
-{0x24,0x19,0x98,0xfb}, {0x97,0xd6,0xbd,0xe9}, {0xcc,0x89,0x40,0x43}, {0x77,0x67,0xd9,0x9e},
-{0xbd,0xb0,0xe8,0x42}, {0x88,0x07,0x89,0x8b}, {0x38,0xe7,0x19,0x5b}, {0xdb,0x79,0xc8,0xee},
-{0x47,0xa1,0x7c,0x0a}, {0xe9,0x7c,0x42,0x0f}, {0xc9,0xf8,0x84,0x1e}, {0x00,0x00,0x00,0x00},
-{0x83,0x09,0x80,0x86}, {0x48,0x32,0x2b,0xed}, {0xac,0x1e,0x11,0x70}, {0x4e,0x6c,0x5a,0x72},
-{0xfb,0xfd,0x0e,0xff}, {0x56,0x0f,0x85,0x38}, {0x1e,0x3d,0xae,0xd5}, {0x27,0x36,0x2d,0x39},
-{0x64,0x0a,0x0f,0xd9}, {0x21,0x68,0x5c,0xa6}, {0xd1,0x9b,0x5b,0x54}, {0x3a,0x24,0x36,0x2e},
-{0xb1,0x0c,0x0a,0x67}, {0x0f,0x93,0x57,0xe7}, {0xd2,0xb4,0xee,0x96}, {0x9e,0x1b,0x9b,0x91},
-{0x4f,0x80,0xc0,0xc5}, {0xa2,0x61,0xdc,0x20}, {0x69,0x5a,0x77,0x4b}, {0x16,0x1c,0x12,0x1a},
-{0x0a,0xe2,0x93,0xba}, {0xe5,0xc0,0xa0,0x2a}, {0x43,0x3c,0x22,0xe0}, {0x1d,0x12,0x1b,0x17},
-{0x0b,0x0e,0x09,0x0d}, {0xad,0xf2,0x8b,0xc7}, {0xb9,0x2d,0xb6,0xa8}, {0xc8,0x14,0x1e,0xa9},
-{0x85,0x57,0xf1,0x19}, {0x4c,0xaf,0x75,0x07}, {0xbb,0xee,0x99,0xdd}, {0xfd,0xa3,0x7f,0x60},
-{0x9f,0xf7,0x01,0x26}, {0xbc,0x5c,0x72,0xf5}, {0xc5,0x44,0x66,0x3b}, {0x34,0x5b,0xfb,0x7e},
-{0x76,0x8b,0x43,0x29}, {0xdc,0xcb,0x23,0xc6}, {0x68,0xb6,0xed,0xfc}, {0x63,0xb8,0xe4,0xf1},
-{0xca,0xd7,0x31,0xdc}, {0x10,0x42,0x63,0x85}, {0x40,0x13,0x97,0x22}, {0x20,0x84,0xc6,0x11},
-{0x7d,0x85,0x4a,0x24}, {0xf8,0xd2,0xbb,0x3d}, {0x11,0xae,0xf9,0x32}, {0x6d,0xc7,0x29,0xa1},
-{0x4b,0x1d,0x9e,0x2f}, {0xf3,0xdc,0xb2,0x30}, {0xec,0x0d,0x86,0x52}, {0xd0,0x77,0xc1,0xe3},
-{0x6c,0x2b,0xb3,0x16}, {0x99,0xa9,0x70,0xb9}, {0xfa,0x11,0x94,0x48}, {0x22,0x47,0xe9,0x64},
-{0xc4,0xa8,0xfc,0x8c}, {0x1a,0xa0,0xf0,0x3f}, {0xd8,0x56,0x7d,0x2c}, {0xef,0x22,0x33,0x90},
-{0xc7,0x87,0x49,0x4e}, {0xc1,0xd9,0x38,0xd1}, {0xfe,0x8c,0xca,0xa2}, {0x36,0x98,0xd4,0x0b},
-{0xcf,0xa6,0xf5,0x81}, {0x28,0xa5,0x7a,0xde}, {0x26,0xda,0xb7,0x8e}, {0xa4,0x3f,0xad,0xbf},
-{0xe4,0x2c,0x3a,0x9d}, {0x0d,0x50,0x78,0x92}, {0x9b,0x6a,0x5f,0xcc}, {0x62,0x54,0x7e,0x46},
-{0xc2,0xf6,0x8d,0x13}, {0xe8,0x90,0xd8,0xb8}, {0x5e,0x2e,0x39,0xf7}, {0xf5,0x82,0xc3,0xaf},
-{0xbe,0x9f,0x5d,0x80}, {0x7c,0x69,0xd0,0x93}, {0xa9,0x6f,0xd5,0x2d}, {0xb3,0xcf,0x25,0x12},
-{0x3b,0xc8,0xac,0x99}, {0xa7,0x10,0x18,0x7d}, {0x6e,0xe8,0x9c,0x63}, {0x7b,0xdb,0x3b,0xbb},
-{0x09,0xcd,0x26,0x78}, {0xf4,0x6e,0x59,0x18}, {0x01,0xec,0x9a,0xb7}, {0xa8,0x83,0x4f,0x9a},
-{0x65,0xe6,0x95,0x6e}, {0x7e,0xaa,0xff,0xe6}, {0x08,0x21,0xbc,0xcf}, {0xe6,0xef,0x15,0xe8},
-{0xd9,0xba,0xe7,0x9b}, {0xce,0x4a,0x6f,0x36}, {0xd4,0xea,0x9f,0x09}, {0xd6,0x29,0xb0,0x7c},
-{0xaf,0x31,0xa4,0xb2}, {0x31,0x2a,0x3f,0x23}, {0x30,0xc6,0xa5,0x94}, {0xc0,0x35,0xa2,0x66},
-{0x37,0x74,0x4e,0xbc}, {0xa6,0xfc,0x82,0xca}, {0xb0,0xe0,0x90,0xd0}, {0x15,0x33,0xa7,0xd8},
-{0x4a,0xf1,0x04,0x98}, {0xf7,0x41,0xec,0xda}, {0x0e,0x7f,0xcd,0x50}, {0x2f,0x17,0x91,0xf6},
-{0x8d,0x76,0x4d,0xd6}, {0x4d,0x43,0xef,0xb0}, {0x54,0xcc,0xaa,0x4d}, {0xdf,0xe4,0x96,0x04},
-{0xe3,0x9e,0xd1,0xb5}, {0x1b,0x4c,0x6a,0x88}, {0xb8,0xc1,0x2c,0x1f}, {0x7f,0x46,0x65,0x51},
-{0x04,0x9d,0x5e,0xea}, {0x5d,0x01,0x8c,0x35}, {0x73,0xfa,0x87,0x74}, {0x2e,0xfb,0x0b,0x41},
-{0x5a,0xb3,0x67,0x1d}, {0x52,0x92,0xdb,0xd2}, {0x33,0xe9,0x10,0x56}, {0x13,0x6d,0xd6,0x47},
-{0x8c,0x9a,0xd7,0x61}, {0x7a,0x37,0xa1,0x0c}, {0x8e,0x59,0xf8,0x14}, {0x89,0xeb,0x13,0x3c},
-{0xee,0xce,0xa9,0x27}, {0x35,0xb7,0x61,0xc9}, {0xed,0xe1,0x1c,0xe5}, {0x3c,0x7a,0x47,0xb1},
-{0x59,0x9c,0xd2,0xdf}, {0x3f,0x55,0xf2,0x73}, {0x79,0x18,0x14,0xce}, {0xbf,0x73,0xc7,0x37},
-{0xea,0x53,0xf7,0xcd}, {0x5b,0x5f,0xfd,0xaa}, {0x14,0xdf,0x3d,0x6f}, {0x86,0x78,0x44,0xdb},
-{0x81,0xca,0xaf,0xf3}, {0x3e,0xb9,0x68,0xc4}, {0x2c,0x38,0x24,0x34}, {0x5f,0xc2,0xa3,0x40},
-{0x72,0x16,0x1d,0xc3}, {0x0c,0xbc,0xe2,0x25}, {0x8b,0x28,0x3c,0x49}, {0x41,0xff,0x0d,0x95},
-{0x71,0x39,0xa8,0x01}, {0xde,0x08,0x0c,0xb3}, {0x9c,0xd8,0xb4,0xe4}, {0x90,0x64,0x56,0xc1},
-{0x61,0x7b,0xcb,0x84}, {0x70,0xd5,0x32,0xb6}, {0x74,0x48,0x6c,0x5c}, {0x42,0xd0,0xb8,0x57}
-       }
-};
-#define        T6      xT6.xt8
-
-static const union xtab xT7 = {
-       .xt8 = {
-{0xa7,0x50,0x51,0xf4}, {0x65,0x53,0x7e,0x41}, {0xa4,0xc3,0x1a,0x17}, {0x5e,0x96,0x3a,0x27},
-{0x6b,0xcb,0x3b,0xab}, {0x45,0xf1,0x1f,0x9d}, {0x58,0xab,0xac,0xfa}, {0x03,0x93,0x4b,0xe3},
-{0xfa,0x55,0x20,0x30}, {0x6d,0xf6,0xad,0x76}, {0x76,0x91,0x88,0xcc}, {0x4c,0x25,0xf5,0x02},
-{0xd7,0xfc,0x4f,0xe5}, {0xcb,0xd7,0xc5,0x2a}, {0x44,0x80,0x26,0x35}, {0xa3,0x8f,0xb5,0x62},
-{0x5a,0x49,0xde,0xb1}, {0x1b,0x67,0x25,0xba}, {0x0e,0x98,0x45,0xea}, {0xc0,0xe1,0x5d,0xfe},
-{0x75,0x02,0xc3,0x2f}, {0xf0,0x12,0x81,0x4c}, {0x97,0xa3,0x8d,0x46}, {0xf9,0xc6,0x6b,0xd3},
-{0x5f,0xe7,0x03,0x8f}, {0x9c,0x95,0x15,0x92}, {0x7a,0xeb,0xbf,0x6d}, {0x59,0xda,0x95,0x52},
-{0x83,0x2d,0xd4,0xbe}, {0x21,0xd3,0x58,0x74}, {0x69,0x29,0x49,0xe0}, {0xc8,0x44,0x8e,0xc9},
-{0x89,0x6a,0x75,0xc2}, {0x79,0x78,0xf4,0x8e}, {0x3e,0x6b,0x99,0x58}, {0x71,0xdd,0x27,0xb9},
-{0x4f,0xb6,0xbe,0xe1}, {0xad,0x17,0xf0,0x88}, {0xac,0x66,0xc9,0x20}, {0x3a,0xb4,0x7d,0xce},
-{0x4a,0x18,0x63,0xdf}, {0x31,0x82,0xe5,0x1a}, {0x33,0x60,0x97,0x51}, {0x7f,0x45,0x62,0x53},
-{0x77,0xe0,0xb1,0x64}, {0xae,0x84,0xbb,0x6b}, {0xa0,0x1c,0xfe,0x81}, {0x2b,0x94,0xf9,0x08},
-{0x68,0x58,0x70,0x48}, {0xfd,0x19,0x8f,0x45}, {0x6c,0x87,0x94,0xde}, {0xf8,0xb7,0x52,0x7b},
-{0xd3,0x23,0xab,0x73}, {0x02,0xe2,0x72,0x4b}, {0x8f,0x57,0xe3,0x1f}, {0xab,0x2a,0x66,0x55},
-{0x28,0x07,0xb2,0xeb}, {0xc2,0x03,0x2f,0xb5}, {0x7b,0x9a,0x86,0xc5}, {0x08,0xa5,0xd3,0x37},
-{0x87,0xf2,0x30,0x28}, {0xa5,0xb2,0x23,0xbf}, {0x6a,0xba,0x02,0x03}, {0x82,0x5c,0xed,0x16},
-{0x1c,0x2b,0x8a,0xcf}, {0xb4,0x92,0xa7,0x79}, {0xf2,0xf0,0xf3,0x07}, {0xe2,0xa1,0x4e,0x69},
-{0xf4,0xcd,0x65,0xda}, {0xbe,0xd5,0x06,0x05}, {0x62,0x1f,0xd1,0x34}, {0xfe,0x8a,0xc4,0xa6},
-{0x53,0x9d,0x34,0x2e}, {0x55,0xa0,0xa2,0xf3}, {0xe1,0x32,0x05,0x8a}, {0xeb,0x75,0xa4,0xf6},
-{0xec,0x39,0x0b,0x83}, {0xef,0xaa,0x40,0x60}, {0x9f,0x06,0x5e,0x71}, {0x10,0x51,0xbd,0x6e},
-{0x8a,0xf9,0x3e,0x21}, {0x06,0x3d,0x96,0xdd}, {0x05,0xae,0xdd,0x3e}, {0xbd,0x46,0x4d,0xe6},
-{0x8d,0xb5,0x91,0x54}, {0x5d,0x05,0x71,0xc4}, {0xd4,0x6f,0x04,0x06}, {0x15,0xff,0x60,0x50},
-{0xfb,0x24,0x19,0x98}, {0xe9,0x97,0xd6,0xbd}, {0x43,0xcc,0x89,0x40}, {0x9e,0x77,0x67,0xd9},
-{0x42,0xbd,0xb0,0xe8}, {0x8b,0x88,0x07,0x89}, {0x5b,0x38,0xe7,0x19}, {0xee,0xdb,0x79,0xc8},
-{0x0a,0x47,0xa1,0x7c}, {0x0f,0xe9,0x7c,0x42}, {0x1e,0xc9,0xf8,0x84}, {0x00,0x00,0x00,0x00},
-{0x86,0x83,0x09,0x80}, {0xed,0x48,0x32,0x2b}, {0x70,0xac,0x1e,0x11}, {0x72,0x4e,0x6c,0x5a},
-{0xff,0xfb,0xfd,0x0e}, {0x38,0x56,0x0f,0x85}, {0xd5,0x1e,0x3d,0xae}, {0x39,0x27,0x36,0x2d},
-{0xd9,0x64,0x0a,0x0f}, {0xa6,0x21,0x68,0x5c}, {0x54,0xd1,0x9b,0x5b}, {0x2e,0x3a,0x24,0x36},
-{0x67,0xb1,0x0c,0x0a}, {0xe7,0x0f,0x93,0x57}, {0x96,0xd2,0xb4,0xee}, {0x91,0x9e,0x1b,0x9b},
-{0xc5,0x4f,0x80,0xc0}, {0x20,0xa2,0x61,0xdc}, {0x4b,0x69,0x5a,0x77}, {0x1a,0x16,0x1c,0x12},
-{0xba,0x0a,0xe2,0x93}, {0x2a,0xe5,0xc0,0xa0}, {0xe0,0x43,0x3c,0x22}, {0x17,0x1d,0x12,0x1b},
-{0x0d,0x0b,0x0e,0x09}, {0xc7,0xad,0xf2,0x8b}, {0xa8,0xb9,0x2d,0xb6}, {0xa9,0xc8,0x14,0x1e},
-{0x19,0x85,0x57,0xf1}, {0x07,0x4c,0xaf,0x75}, {0xdd,0xbb,0xee,0x99}, {0x60,0xfd,0xa3,0x7f},
-{0x26,0x9f,0xf7,0x01}, {0xf5,0xbc,0x5c,0x72}, {0x3b,0xc5,0x44,0x66}, {0x7e,0x34,0x5b,0xfb},
-{0x29,0x76,0x8b,0x43}, {0xc6,0xdc,0xcb,0x23}, {0xfc,0x68,0xb6,0xed}, {0xf1,0x63,0xb8,0xe4},
-{0xdc,0xca,0xd7,0x31}, {0x85,0x10,0x42,0x63}, {0x22,0x40,0x13,0x97}, {0x11,0x20,0x84,0xc6},
-{0x24,0x7d,0x85,0x4a}, {0x3d,0xf8,0xd2,0xbb}, {0x32,0x11,0xae,0xf9}, {0xa1,0x6d,0xc7,0x29},
-{0x2f,0x4b,0x1d,0x9e}, {0x30,0xf3,0xdc,0xb2}, {0x52,0xec,0x0d,0x86}, {0xe3,0xd0,0x77,0xc1},
-{0x16,0x6c,0x2b,0xb3}, {0xb9,0x99,0xa9,0x70}, {0x48,0xfa,0x11,0x94}, {0x64,0x22,0x47,0xe9},
-{0x8c,0xc4,0xa8,0xfc}, {0x3f,0x1a,0xa0,0xf0}, {0x2c,0xd8,0x56,0x7d}, {0x90,0xef,0x22,0x33},
-{0x4e,0xc7,0x87,0x49}, {0xd1,0xc1,0xd9,0x38}, {0xa2,0xfe,0x8c,0xca}, {0x0b,0x36,0x98,0xd4},
-{0x81,0xcf,0xa6,0xf5}, {0xde,0x28,0xa5,0x7a}, {0x8e,0x26,0xda,0xb7}, {0xbf,0xa4,0x3f,0xad},
-{0x9d,0xe4,0x2c,0x3a}, {0x92,0x0d,0x50,0x78}, {0xcc,0x9b,0x6a,0x5f}, {0x46,0x62,0x54,0x7e},
-{0x13,0xc2,0xf6,0x8d}, {0xb8,0xe8,0x90,0xd8}, {0xf7,0x5e,0x2e,0x39}, {0xaf,0xf5,0x82,0xc3},
-{0x80,0xbe,0x9f,0x5d}, {0x93,0x7c,0x69,0xd0}, {0x2d,0xa9,0x6f,0xd5}, {0x12,0xb3,0xcf,0x25},
-{0x99,0x3b,0xc8,0xac}, {0x7d,0xa7,0x10,0x18}, {0x63,0x6e,0xe8,0x9c}, {0xbb,0x7b,0xdb,0x3b},
-{0x78,0x09,0xcd,0x26}, {0x18,0xf4,0x6e,0x59}, {0xb7,0x01,0xec,0x9a}, {0x9a,0xa8,0x83,0x4f},
-{0x6e,0x65,0xe6,0x95}, {0xe6,0x7e,0xaa,0xff}, {0xcf,0x08,0x21,0xbc}, {0xe8,0xe6,0xef,0x15},
-{0x9b,0xd9,0xba,0xe7}, {0x36,0xce,0x4a,0x6f}, {0x09,0xd4,0xea,0x9f}, {0x7c,0xd6,0x29,0xb0},
-{0xb2,0xaf,0x31,0xa4}, {0x23,0x31,0x2a,0x3f}, {0x94,0x30,0xc6,0xa5}, {0x66,0xc0,0x35,0xa2},
-{0xbc,0x37,0x74,0x4e}, {0xca,0xa6,0xfc,0x82}, {0xd0,0xb0,0xe0,0x90}, {0xd8,0x15,0x33,0xa7},
-{0x98,0x4a,0xf1,0x04}, {0xda,0xf7,0x41,0xec}, {0x50,0x0e,0x7f,0xcd}, {0xf6,0x2f,0x17,0x91},
-{0xd6,0x8d,0x76,0x4d}, {0xb0,0x4d,0x43,0xef}, {0x4d,0x54,0xcc,0xaa}, {0x04,0xdf,0xe4,0x96},
-{0xb5,0xe3,0x9e,0xd1}, {0x88,0x1b,0x4c,0x6a}, {0x1f,0xb8,0xc1,0x2c}, {0x51,0x7f,0x46,0x65},
-{0xea,0x04,0x9d,0x5e}, {0x35,0x5d,0x01,0x8c}, {0x74,0x73,0xfa,0x87}, {0x41,0x2e,0xfb,0x0b},
-{0x1d,0x5a,0xb3,0x67}, {0xd2,0x52,0x92,0xdb}, {0x56,0x33,0xe9,0x10}, {0x47,0x13,0x6d,0xd6},
-{0x61,0x8c,0x9a,0xd7}, {0x0c,0x7a,0x37,0xa1}, {0x14,0x8e,0x59,0xf8}, {0x3c,0x89,0xeb,0x13},
-{0x27,0xee,0xce,0xa9}, {0xc9,0x35,0xb7,0x61}, {0xe5,0xed,0xe1,0x1c}, {0xb1,0x3c,0x7a,0x47},
-{0xdf,0x59,0x9c,0xd2}, {0x73,0x3f,0x55,0xf2}, {0xce,0x79,0x18,0x14}, {0x37,0xbf,0x73,0xc7},
-{0xcd,0xea,0x53,0xf7}, {0xaa,0x5b,0x5f,0xfd}, {0x6f,0x14,0xdf,0x3d}, {0xdb,0x86,0x78,0x44},
-{0xf3,0x81,0xca,0xaf}, {0xc4,0x3e,0xb9,0x68}, {0x34,0x2c,0x38,0x24}, {0x40,0x5f,0xc2,0xa3},
-{0xc3,0x72,0x16,0x1d}, {0x25,0x0c,0xbc,0xe2}, {0x49,0x8b,0x28,0x3c}, {0x95,0x41,0xff,0x0d},
-{0x01,0x71,0x39,0xa8}, {0xb3,0xde,0x08,0x0c}, {0xe4,0x9c,0xd8,0xb4}, {0xc1,0x90,0x64,0x56},
-{0x84,0x61,0x7b,0xcb}, {0xb6,0x70,0xd5,0x32}, {0x5c,0x74,0x48,0x6c}, {0x57,0x42,0xd0,0xb8}
-       }
-};
-#define        T7      xT7.xt8
-
-static const union xtab xT8 = {
-       .xt8 = {
-{0xf4,0xa7,0x50,0x51}, {0x41,0x65,0x53,0x7e}, {0x17,0xa4,0xc3,0x1a}, {0x27,0x5e,0x96,0x3a},
-{0xab,0x6b,0xcb,0x3b}, {0x9d,0x45,0xf1,0x1f}, {0xfa,0x58,0xab,0xac}, {0xe3,0x03,0x93,0x4b},
-{0x30,0xfa,0x55,0x20}, {0x76,0x6d,0xf6,0xad}, {0xcc,0x76,0x91,0x88}, {0x02,0x4c,0x25,0xf5},
-{0xe5,0xd7,0xfc,0x4f}, {0x2a,0xcb,0xd7,0xc5}, {0x35,0x44,0x80,0x26}, {0x62,0xa3,0x8f,0xb5},
-{0xb1,0x5a,0x49,0xde}, {0xba,0x1b,0x67,0x25}, {0xea,0x0e,0x98,0x45}, {0xfe,0xc0,0xe1,0x5d},
-{0x2f,0x75,0x02,0xc3}, {0x4c,0xf0,0x12,0x81}, {0x46,0x97,0xa3,0x8d}, {0xd3,0xf9,0xc6,0x6b},
-{0x8f,0x5f,0xe7,0x03}, {0x92,0x9c,0x95,0x15}, {0x6d,0x7a,0xeb,0xbf}, {0x52,0x59,0xda,0x95},
-{0xbe,0x83,0x2d,0xd4}, {0x74,0x21,0xd3,0x58}, {0xe0,0x69,0x29,0x49}, {0xc9,0xc8,0x44,0x8e},
-{0xc2,0x89,0x6a,0x75}, {0x8e,0x79,0x78,0xf4}, {0x58,0x3e,0x6b,0x99}, {0xb9,0x71,0xdd,0x27},
-{0xe1,0x4f,0xb6,0xbe}, {0x88,0xad,0x17,0xf0}, {0x20,0xac,0x66,0xc9}, {0xce,0x3a,0xb4,0x7d},
-{0xdf,0x4a,0x18,0x63}, {0x1a,0x31,0x82,0xe5}, {0x51,0x33,0x60,0x97}, {0x53,0x7f,0x45,0x62},
-{0x64,0x77,0xe0,0xb1}, {0x6b,0xae,0x84,0xbb}, {0x81,0xa0,0x1c,0xfe}, {0x08,0x2b,0x94,0xf9},
-{0x48,0x68,0x58,0x70}, {0x45,0xfd,0x19,0x8f}, {0xde,0x6c,0x87,0x94}, {0x7b,0xf8,0xb7,0x52},
-{0x73,0xd3,0x23,0xab}, {0x4b,0x02,0xe2,0x72}, {0x1f,0x8f,0x57,0xe3}, {0x55,0xab,0x2a,0x66},
-{0xeb,0x28,0x07,0xb2}, {0xb5,0xc2,0x03,0x2f}, {0xc5,0x7b,0x9a,0x86}, {0x37,0x08,0xa5,0xd3},
-{0x28,0x87,0xf2,0x30}, {0xbf,0xa5,0xb2,0x23}, {0x03,0x6a,0xba,0x02}, {0x16,0x82,0x5c,0xed},
-{0xcf,0x1c,0x2b,0x8a}, {0x79,0xb4,0x92,0xa7}, {0x07,0xf2,0xf0,0xf3}, {0x69,0xe2,0xa1,0x4e},
-{0xda,0xf4,0xcd,0x65}, {0x05,0xbe,0xd5,0x06}, {0x34,0x62,0x1f,0xd1}, {0xa6,0xfe,0x8a,0xc4},
-{0x2e,0x53,0x9d,0x34}, {0xf3,0x55,0xa0,0xa2}, {0x8a,0xe1,0x32,0x05}, {0xf6,0xeb,0x75,0xa4},
-{0x83,0xec,0x39,0x0b}, {0x60,0xef,0xaa,0x40}, {0x71,0x9f,0x06,0x5e}, {0x6e,0x10,0x51,0xbd},
-{0x21,0x8a,0xf9,0x3e}, {0xdd,0x06,0x3d,0x96}, {0x3e,0x05,0xae,0xdd}, {0xe6,0xbd,0x46,0x4d},
-{0x54,0x8d,0xb5,0x91}, {0xc4,0x5d,0x05,0x71}, {0x06,0xd4,0x6f,0x04}, {0x50,0x15,0xff,0x60},
-{0x98,0xfb,0x24,0x19}, {0xbd,0xe9,0x97,0xd6}, {0x40,0x43,0xcc,0x89}, {0xd9,0x9e,0x77,0x67},
-{0xe8,0x42,0xbd,0xb0}, {0x89,0x8b,0x88,0x07}, {0x19,0x5b,0x38,0xe7}, {0xc8,0xee,0xdb,0x79},
-{0x7c,0x0a,0x47,0xa1}, {0x42,0x0f,0xe9,0x7c}, {0x84,0x1e,0xc9,0xf8}, {0x00,0x00,0x00,0x00},
-{0x80,0x86,0x83,0x09}, {0x2b,0xed,0x48,0x32}, {0x11,0x70,0xac,0x1e}, {0x5a,0x72,0x4e,0x6c},
-{0x0e,0xff,0xfb,0xfd}, {0x85,0x38,0x56,0x0f}, {0xae,0xd5,0x1e,0x3d}, {0x2d,0x39,0x27,0x36},
-{0x0f,0xd9,0x64,0x0a}, {0x5c,0xa6,0x21,0x68}, {0x5b,0x54,0xd1,0x9b}, {0x36,0x2e,0x3a,0x24},
-{0x0a,0x67,0xb1,0x0c}, {0x57,0xe7,0x0f,0x93}, {0xee,0x96,0xd2,0xb4}, {0x9b,0x91,0x9e,0x1b},
-{0xc0,0xc5,0x4f,0x80}, {0xdc,0x20,0xa2,0x61}, {0x77,0x4b,0x69,0x5a}, {0x12,0x1a,0x16,0x1c},
-{0x93,0xba,0x0a,0xe2}, {0xa0,0x2a,0xe5,0xc0}, {0x22,0xe0,0x43,0x3c}, {0x1b,0x17,0x1d,0x12},
-{0x09,0x0d,0x0b,0x0e}, {0x8b,0xc7,0xad,0xf2}, {0xb6,0xa8,0xb9,0x2d}, {0x1e,0xa9,0xc8,0x14},
-{0xf1,0x19,0x85,0x57}, {0x75,0x07,0x4c,0xaf}, {0x99,0xdd,0xbb,0xee}, {0x7f,0x60,0xfd,0xa3},
-{0x01,0x26,0x9f,0xf7}, {0x72,0xf5,0xbc,0x5c}, {0x66,0x3b,0xc5,0x44}, {0xfb,0x7e,0x34,0x5b},
-{0x43,0x29,0x76,0x8b}, {0x23,0xc6,0xdc,0xcb}, {0xed,0xfc,0x68,0xb6}, {0xe4,0xf1,0x63,0xb8},
-{0x31,0xdc,0xca,0xd7}, {0x63,0x85,0x10,0x42}, {0x97,0x22,0x40,0x13}, {0xc6,0x11,0x20,0x84},
-{0x4a,0x24,0x7d,0x85}, {0xbb,0x3d,0xf8,0xd2}, {0xf9,0x32,0x11,0xae}, {0x29,0xa1,0x6d,0xc7},
-{0x9e,0x2f,0x4b,0x1d}, {0xb2,0x30,0xf3,0xdc}, {0x86,0x52,0xec,0x0d}, {0xc1,0xe3,0xd0,0x77},
-{0xb3,0x16,0x6c,0x2b}, {0x70,0xb9,0x99,0xa9}, {0x94,0x48,0xfa,0x11}, {0xe9,0x64,0x22,0x47},
-{0xfc,0x8c,0xc4,0xa8}, {0xf0,0x3f,0x1a,0xa0}, {0x7d,0x2c,0xd8,0x56}, {0x33,0x90,0xef,0x22},
-{0x49,0x4e,0xc7,0x87}, {0x38,0xd1,0xc1,0xd9}, {0xca,0xa2,0xfe,0x8c}, {0xd4,0x0b,0x36,0x98},
-{0xf5,0x81,0xcf,0xa6}, {0x7a,0xde,0x28,0xa5}, {0xb7,0x8e,0x26,0xda}, {0xad,0xbf,0xa4,0x3f},
-{0x3a,0x9d,0xe4,0x2c}, {0x78,0x92,0x0d,0x50}, {0x5f,0xcc,0x9b,0x6a}, {0x7e,0x46,0x62,0x54},
-{0x8d,0x13,0xc2,0xf6}, {0xd8,0xb8,0xe8,0x90}, {0x39,0xf7,0x5e,0x2e}, {0xc3,0xaf,0xf5,0x82},
-{0x5d,0x80,0xbe,0x9f}, {0xd0,0x93,0x7c,0x69}, {0xd5,0x2d,0xa9,0x6f}, {0x25,0x12,0xb3,0xcf},
-{0xac,0x99,0x3b,0xc8}, {0x18,0x7d,0xa7,0x10}, {0x9c,0x63,0x6e,0xe8}, {0x3b,0xbb,0x7b,0xdb},
-{0x26,0x78,0x09,0xcd}, {0x59,0x18,0xf4,0x6e}, {0x9a,0xb7,0x01,0xec}, {0x4f,0x9a,0xa8,0x83},
-{0x95,0x6e,0x65,0xe6}, {0xff,0xe6,0x7e,0xaa}, {0xbc,0xcf,0x08,0x21}, {0x15,0xe8,0xe6,0xef},
-{0xe7,0x9b,0xd9,0xba}, {0x6f,0x36,0xce,0x4a}, {0x9f,0x09,0xd4,0xea}, {0xb0,0x7c,0xd6,0x29},
-{0xa4,0xb2,0xaf,0x31}, {0x3f,0x23,0x31,0x2a}, {0xa5,0x94,0x30,0xc6}, {0xa2,0x66,0xc0,0x35},
-{0x4e,0xbc,0x37,0x74}, {0x82,0xca,0xa6,0xfc}, {0x90,0xd0,0xb0,0xe0}, {0xa7,0xd8,0x15,0x33},
-{0x04,0x98,0x4a,0xf1}, {0xec,0xda,0xf7,0x41}, {0xcd,0x50,0x0e,0x7f}, {0x91,0xf6,0x2f,0x17},
-{0x4d,0xd6,0x8d,0x76}, {0xef,0xb0,0x4d,0x43}, {0xaa,0x4d,0x54,0xcc}, {0x96,0x04,0xdf,0xe4},
-{0xd1,0xb5,0xe3,0x9e}, {0x6a,0x88,0x1b,0x4c}, {0x2c,0x1f,0xb8,0xc1}, {0x65,0x51,0x7f,0x46},
-{0x5e,0xea,0x04,0x9d}, {0x8c,0x35,0x5d,0x01}, {0x87,0x74,0x73,0xfa}, {0x0b,0x41,0x2e,0xfb},
-{0x67,0x1d,0x5a,0xb3}, {0xdb,0xd2,0x52,0x92}, {0x10,0x56,0x33,0xe9}, {0xd6,0x47,0x13,0x6d},
-{0xd7,0x61,0x8c,0x9a}, {0xa1,0x0c,0x7a,0x37}, {0xf8,0x14,0x8e,0x59}, {0x13,0x3c,0x89,0xeb},
-{0xa9,0x27,0xee,0xce}, {0x61,0xc9,0x35,0xb7}, {0x1c,0xe5,0xed,0xe1}, {0x47,0xb1,0x3c,0x7a},
-{0xd2,0xdf,0x59,0x9c}, {0xf2,0x73,0x3f,0x55}, {0x14,0xce,0x79,0x18}, {0xc7,0x37,0xbf,0x73},
-{0xf7,0xcd,0xea,0x53}, {0xfd,0xaa,0x5b,0x5f}, {0x3d,0x6f,0x14,0xdf}, {0x44,0xdb,0x86,0x78},
-{0xaf,0xf3,0x81,0xca}, {0x68,0xc4,0x3e,0xb9}, {0x24,0x34,0x2c,0x38}, {0xa3,0x40,0x5f,0xc2},
-{0x1d,0xc3,0x72,0x16}, {0xe2,0x25,0x0c,0xbc}, {0x3c,0x49,0x8b,0x28}, {0x0d,0x95,0x41,0xff},
-{0xa8,0x01,0x71,0x39}, {0x0c,0xb3,0xde,0x08}, {0xb4,0xe4,0x9c,0xd8}, {0x56,0xc1,0x90,0x64},
-{0xcb,0x84,0x61,0x7b}, {0x32,0xb6,0x70,0xd5}, {0x6c,0x5c,0x74,0x48}, {0xb8,0x57,0x42,0xd0}
-       }
-};
-#define        T8      xT8.xt8
-
-static const word8 S5[256] = {
-0x52,0x09,0x6a,0xd5,
-0x30,0x36,0xa5,0x38,
-0xbf,0x40,0xa3,0x9e,
-0x81,0xf3,0xd7,0xfb,
-0x7c,0xe3,0x39,0x82,
-0x9b,0x2f,0xff,0x87,
-0x34,0x8e,0x43,0x44,
-0xc4,0xde,0xe9,0xcb,
-0x54,0x7b,0x94,0x32,
-0xa6,0xc2,0x23,0x3d,
-0xee,0x4c,0x95,0x0b,
-0x42,0xfa,0xc3,0x4e,
-0x08,0x2e,0xa1,0x66,
-0x28,0xd9,0x24,0xb2,
-0x76,0x5b,0xa2,0x49,
-0x6d,0x8b,0xd1,0x25,
-0x72,0xf8,0xf6,0x64,
-0x86,0x68,0x98,0x16,
-0xd4,0xa4,0x5c,0xcc,
-0x5d,0x65,0xb6,0x92,
-0x6c,0x70,0x48,0x50,
-0xfd,0xed,0xb9,0xda,
-0x5e,0x15,0x46,0x57,
-0xa7,0x8d,0x9d,0x84,
-0x90,0xd8,0xab,0x00,
-0x8c,0xbc,0xd3,0x0a,
-0xf7,0xe4,0x58,0x05,
-0xb8,0xb3,0x45,0x06,
-0xd0,0x2c,0x1e,0x8f,
-0xca,0x3f,0x0f,0x02,
-0xc1,0xaf,0xbd,0x03,
-0x01,0x13,0x8a,0x6b,
-0x3a,0x91,0x11,0x41,
-0x4f,0x67,0xdc,0xea,
-0x97,0xf2,0xcf,0xce,
-0xf0,0xb4,0xe6,0x73,
-0x96,0xac,0x74,0x22,
-0xe7,0xad,0x35,0x85,
-0xe2,0xf9,0x37,0xe8,
-0x1c,0x75,0xdf,0x6e,
-0x47,0xf1,0x1a,0x71,
-0x1d,0x29,0xc5,0x89,
-0x6f,0xb7,0x62,0x0e,
-0xaa,0x18,0xbe,0x1b,
-0xfc,0x56,0x3e,0x4b,
-0xc6,0xd2,0x79,0x20,
-0x9a,0xdb,0xc0,0xfe,
-0x78,0xcd,0x5a,0xf4,
-0x1f,0xdd,0xa8,0x33,
-0x88,0x07,0xc7,0x31,
-0xb1,0x12,0x10,0x59,
-0x27,0x80,0xec,0x5f,
-0x60,0x51,0x7f,0xa9,
-0x19,0xb5,0x4a,0x0d,
-0x2d,0xe5,0x7a,0x9f,
-0x93,0xc9,0x9c,0xef,
-0xa0,0xe0,0x3b,0x4d,
-0xae,0x2a,0xf5,0xb0,
-0xc8,0xeb,0xbb,0x3c,
-0x83,0x53,0x99,0x61,
-0x17,0x2b,0x04,0x7e,
-0xba,0x77,0xd6,0x26,
-0xe1,0x69,0x14,0x63,
-0x55,0x21,0x0c,0x7d
-};
-
-static const union xtab xU1 = {
-       .xt8 = {
-{0x00,0x00,0x00,0x00}, {0x0e,0x09,0x0d,0x0b}, {0x1c,0x12,0x1a,0x16}, {0x12,0x1b,0x17,0x1d},
-{0x38,0x24,0x34,0x2c}, {0x36,0x2d,0x39,0x27}, {0x24,0x36,0x2e,0x3a}, {0x2a,0x3f,0x23,0x31},
-{0x70,0x48,0x68,0x58}, {0x7e,0x41,0x65,0x53}, {0x6c,0x5a,0x72,0x4e}, {0x62,0x53,0x7f,0x45},
-{0x48,0x6c,0x5c,0x74}, {0x46,0x65,0x51,0x7f}, {0x54,0x7e,0x46,0x62}, {0x5a,0x77,0x4b,0x69},
-{0xe0,0x90,0xd0,0xb0}, {0xee,0x99,0xdd,0xbb}, {0xfc,0x82,0xca,0xa6}, {0xf2,0x8b,0xc7,0xad},
-{0xd8,0xb4,0xe4,0x9c}, {0xd6,0xbd,0xe9,0x97}, {0xc4,0xa6,0xfe,0x8a}, {0xca,0xaf,0xf3,0x81},
-{0x90,0xd8,0xb8,0xe8}, {0x9e,0xd1,0xb5,0xe3}, {0x8c,0xca,0xa2,0xfe}, {0x82,0xc3,0xaf,0xf5},
-{0xa8,0xfc,0x8c,0xc4}, {0xa6,0xf5,0x81,0xcf}, {0xb4,0xee,0x96,0xd2}, {0xba,0xe7,0x9b,0xd9},
-{0xdb,0x3b,0xbb,0x7b}, {0xd5,0x32,0xb6,0x70}, {0xc7,0x29,0xa1,0x6d}, {0xc9,0x20,0xac,0x66},
-{0xe3,0x1f,0x8f,0x57}, {0xed,0x16,0x82,0x5c}, {0xff,0x0d,0x95,0x41}, {0xf1,0x04,0x98,0x4a},
-{0xab,0x73,0xd3,0x23}, {0xa5,0x7a,0xde,0x28}, {0xb7,0x61,0xc9,0x35}, {0xb9,0x68,0xc4,0x3e},
-{0x93,0x57,0xe7,0x0f}, {0x9d,0x5e,0xea,0x04}, {0x8f,0x45,0xfd,0x19}, {0x81,0x4c,0xf0,0x12},
-{0x3b,0xab,0x6b,0xcb}, {0x35,0xa2,0x66,0xc0}, {0x27,0xb9,0x71,0xdd}, {0x29,0xb0,0x7c,0xd6},
-{0x03,0x8f,0x5f,0xe7}, {0x0d,0x86,0x52,0xec}, {0x1f,0x9d,0x45,0xf1}, {0x11,0x94,0x48,0xfa},
-{0x4b,0xe3,0x03,0x93}, {0x45,0xea,0x0e,0x98}, {0x57,0xf1,0x19,0x85}, {0x59,0xf8,0x14,0x8e},
-{0x73,0xc7,0x37,0xbf}, {0x7d,0xce,0x3a,0xb4}, {0x6f,0xd5,0x2d,0xa9}, {0x61,0xdc,0x20,0xa2},
-{0xad,0x76,0x6d,0xf6}, {0xa3,0x7f,0x60,0xfd}, {0xb1,0x64,0x77,0xe0}, {0xbf,0x6d,0x7a,0xeb},
-{0x95,0x52,0x59,0xda}, {0x9b,0x5b,0x54,0xd1}, {0x89,0x40,0x43,0xcc}, {0x87,0x49,0x4e,0xc7},
-{0xdd,0x3e,0x05,0xae}, {0xd3,0x37,0x08,0xa5}, {0xc1,0x2c,0x1f,0xb8}, {0xcf,0x25,0x12,0xb3},
-{0xe5,0x1a,0x31,0x82}, {0xeb,0x13,0x3c,0x89}, {0xf9,0x08,0x2b,0x94}, {0xf7,0x01,0x26,0x9f},
-{0x4d,0xe6,0xbd,0x46}, {0x43,0xef,0xb0,0x4d}, {0x51,0xf4,0xa7,0x50}, {0x5f,0xfd,0xaa,0x5b},
-{0x75,0xc2,0x89,0x6a}, {0x7b,0xcb,0x84,0x61}, {0x69,0xd0,0x93,0x7c}, {0x67,0xd9,0x9e,0x77},
-{0x3d,0xae,0xd5,0x1e}, {0x33,0xa7,0xd8,0x15}, {0x21,0xbc,0xcf,0x08}, {0x2f,0xb5,0xc2,0x03},
-{0x05,0x8a,0xe1,0x32}, {0x0b,0x83,0xec,0x39}, {0x19,0x98,0xfb,0x24}, {0x17,0x91,0xf6,0x2f},
-{0x76,0x4d,0xd6,0x8d}, {0x78,0x44,0xdb,0x86}, {0x6a,0x5f,0xcc,0x9b}, {0x64,0x56,0xc1,0x90},
-{0x4e,0x69,0xe2,0xa1}, {0x40,0x60,0xef,0xaa}, {0x52,0x7b,0xf8,0xb7}, {0x5c,0x72,0xf5,0xbc},
-{0x06,0x05,0xbe,0xd5}, {0x08,0x0c,0xb3,0xde}, {0x1a,0x17,0xa4,0xc3}, {0x14,0x1e,0xa9,0xc8},
-{0x3e,0x21,0x8a,0xf9}, {0x30,0x28,0x87,0xf2}, {0x22,0x33,0x90,0xef}, {0x2c,0x3a,0x9d,0xe4},
-{0x96,0xdd,0x06,0x3d}, {0x98,0xd4,0x0b,0x36}, {0x8a,0xcf,0x1c,0x2b}, {0x84,0xc6,0x11,0x20},
-{0xae,0xf9,0x32,0x11}, {0xa0,0xf0,0x3f,0x1a}, {0xb2,0xeb,0x28,0x07}, {0xbc,0xe2,0x25,0x0c},
-{0xe6,0x95,0x6e,0x65}, {0xe8,0x9c,0x63,0x6e}, {0xfa,0x87,0x74,0x73}, {0xf4,0x8e,0x79,0x78},
-{0xde,0xb1,0x5a,0x49}, {0xd0,0xb8,0x57,0x42}, {0xc2,0xa3,0x40,0x5f}, {0xcc,0xaa,0x4d,0x54},
-{0x41,0xec,0xda,0xf7}, {0x4f,0xe5,0xd7,0xfc}, {0x5d,0xfe,0xc0,0xe1}, {0x53,0xf7,0xcd,0xea},
-{0x79,0xc8,0xee,0xdb}, {0x77,0xc1,0xe3,0xd0}, {0x65,0xda,0xf4,0xcd}, {0x6b,0xd3,0xf9,0xc6},
-{0x31,0xa4,0xb2,0xaf}, {0x3f,0xad,0xbf,0xa4}, {0x2d,0xb6,0xa8,0xb9}, {0x23,0xbf,0xa5,0xb2},
-{0x09,0x80,0x86,0x83}, {0x07,0x89,0x8b,0x88}, {0x15,0x92,0x9c,0x95}, {0x1b,0x9b,0x91,0x9e},
-{0xa1,0x7c,0x0a,0x47}, {0xaf,0x75,0x07,0x4c}, {0xbd,0x6e,0x10,0x51}, {0xb3,0x67,0x1d,0x5a},
-{0x99,0x58,0x3e,0x6b}, {0x97,0x51,0x33,0x60}, {0x85,0x4a,0x24,0x7d}, {0x8b,0x43,0x29,0x76},
-{0xd1,0x34,0x62,0x1f}, {0xdf,0x3d,0x6f,0x14}, {0xcd,0x26,0x78,0x09}, {0xc3,0x2f,0x75,0x02},
-{0xe9,0x10,0x56,0x33}, {0xe7,0x19,0x5b,0x38}, {0xf5,0x02,0x4c,0x25}, {0xfb,0x0b,0x41,0x2e},
-{0x9a,0xd7,0x61,0x8c}, {0x94,0xde,0x6c,0x87}, {0x86,0xc5,0x7b,0x9a}, {0x88,0xcc,0x76,0x91},
-{0xa2,0xf3,0x55,0xa0}, {0xac,0xfa,0x58,0xab}, {0xbe,0xe1,0x4f,0xb6}, {0xb0,0xe8,0x42,0xbd},
-{0xea,0x9f,0x09,0xd4}, {0xe4,0x96,0x04,0xdf}, {0xf6,0x8d,0x13,0xc2}, {0xf8,0x84,0x1e,0xc9},
-{0xd2,0xbb,0x3d,0xf8}, {0xdc,0xb2,0x30,0xf3}, {0xce,0xa9,0x27,0xee}, {0xc0,0xa0,0x2a,0xe5},
-{0x7a,0x47,0xb1,0x3c}, {0x74,0x4e,0xbc,0x37}, {0x66,0x55,0xab,0x2a}, {0x68,0x5c,0xa6,0x21},
-{0x42,0x63,0x85,0x10}, {0x4c,0x6a,0x88,0x1b}, {0x5e,0x71,0x9f,0x06}, {0x50,0x78,0x92,0x0d},
-{0x0a,0x0f,0xd9,0x64}, {0x04,0x06,0xd4,0x6f}, {0x16,0x1d,0xc3,0x72}, {0x18,0x14,0xce,0x79},
-{0x32,0x2b,0xed,0x48}, {0x3c,0x22,0xe0,0x43}, {0x2e,0x39,0xf7,0x5e}, {0x20,0x30,0xfa,0x55},
-{0xec,0x9a,0xb7,0x01}, {0xe2,0x93,0xba,0x0a}, {0xf0,0x88,0xad,0x17}, {0xfe,0x81,0xa0,0x1c},
-{0xd4,0xbe,0x83,0x2d}, {0xda,0xb7,0x8e,0x26}, {0xc8,0xac,0x99,0x3b}, {0xc6,0xa5,0x94,0x30},
-{0x9c,0xd2,0xdf,0x59}, {0x92,0xdb,0xd2,0x52}, {0x80,0xc0,0xc5,0x4f}, {0x8e,0xc9,0xc8,0x44},
-{0xa4,0xf6,0xeb,0x75}, {0xaa,0xff,0xe6,0x7e}, {0xb8,0xe4,0xf1,0x63}, {0xb6,0xed,0xfc,0x68},
-{0x0c,0x0a,0x67,0xb1}, {0x02,0x03,0x6a,0xba}, {0x10,0x18,0x7d,0xa7}, {0x1e,0x11,0x70,0xac},
-{0x34,0x2e,0x53,0x9d}, {0x3a,0x27,0x5e,0x96}, {0x28,0x3c,0x49,0x8b}, {0x26,0x35,0x44,0x80},
-{0x7c,0x42,0x0f,0xe9}, {0x72,0x4b,0x02,0xe2}, {0x60,0x50,0x15,0xff}, {0x6e,0x59,0x18,0xf4},
-{0x44,0x66,0x3b,0xc5}, {0x4a,0x6f,0x36,0xce}, {0x58,0x74,0x21,0xd3}, {0x56,0x7d,0x2c,0xd8},
-{0x37,0xa1,0x0c,0x7a}, {0x39,0xa8,0x01,0x71}, {0x2b,0xb3,0x16,0x6c}, {0x25,0xba,0x1b,0x67},
-{0x0f,0x85,0x38,0x56}, {0x01,0x8c,0x35,0x5d}, {0x13,0x97,0x22,0x40}, {0x1d,0x9e,0x2f,0x4b},
-{0x47,0xe9,0x64,0x22}, {0x49,0xe0,0x69,0x29}, {0x5b,0xfb,0x7e,0x34}, {0x55,0xf2,0x73,0x3f},
-{0x7f,0xcd,0x50,0x0e}, {0x71,0xc4,0x5d,0x05}, {0x63,0xdf,0x4a,0x18}, {0x6d,0xd6,0x47,0x13},
-{0xd7,0x31,0xdc,0xca}, {0xd9,0x38,0xd1,0xc1}, {0xcb,0x23,0xc6,0xdc}, {0xc5,0x2a,0xcb,0xd7},
-{0xef,0x15,0xe8,0xe6}, {0xe1,0x1c,0xe5,0xed}, {0xf3,0x07,0xf2,0xf0}, {0xfd,0x0e,0xff,0xfb},
-{0xa7,0x79,0xb4,0x92}, {0xa9,0x70,0xb9,0x99}, {0xbb,0x6b,0xae,0x84}, {0xb5,0x62,0xa3,0x8f},
-{0x9f,0x5d,0x80,0xbe}, {0x91,0x54,0x8d,0xb5}, {0x83,0x4f,0x9a,0xa8}, {0x8d,0x46,0x97,0xa3}
-       }
-};
-#define        U1      xU1.xt8
-
-static const union xtab xU2 = {
-       .xt8 = {
-{0x00,0x00,0x00,0x00}, {0x0b,0x0e,0x09,0x0d}, {0x16,0x1c,0x12,0x1a}, {0x1d,0x12,0x1b,0x17},
-{0x2c,0x38,0x24,0x34}, {0x27,0x36,0x2d,0x39}, {0x3a,0x24,0x36,0x2e}, {0x31,0x2a,0x3f,0x23},
-{0x58,0x70,0x48,0x68}, {0x53,0x7e,0x41,0x65}, {0x4e,0x6c,0x5a,0x72}, {0x45,0x62,0x53,0x7f},
-{0x74,0x48,0x6c,0x5c}, {0x7f,0x46,0x65,0x51}, {0x62,0x54,0x7e,0x46}, {0x69,0x5a,0x77,0x4b},
-{0xb0,0xe0,0x90,0xd0}, {0xbb,0xee,0x99,0xdd}, {0xa6,0xfc,0x82,0xca}, {0xad,0xf2,0x8b,0xc7},
-{0x9c,0xd8,0xb4,0xe4}, {0x97,0xd6,0xbd,0xe9}, {0x8a,0xc4,0xa6,0xfe}, {0x81,0xca,0xaf,0xf3},
-{0xe8,0x90,0xd8,0xb8}, {0xe3,0x9e,0xd1,0xb5}, {0xfe,0x8c,0xca,0xa2}, {0xf5,0x82,0xc3,0xaf},
-{0xc4,0xa8,0xfc,0x8c}, {0xcf,0xa6,0xf5,0x81}, {0xd2,0xb4,0xee,0x96}, {0xd9,0xba,0xe7,0x9b},
-{0x7b,0xdb,0x3b,0xbb}, {0x70,0xd5,0x32,0xb6}, {0x6d,0xc7,0x29,0xa1}, {0x66,0xc9,0x20,0xac},
-{0x57,0xe3,0x1f,0x8f}, {0x5c,0xed,0x16,0x82}, {0x41,0xff,0x0d,0x95}, {0x4a,0xf1,0x04,0x98},
-{0x23,0xab,0x73,0xd3}, {0x28,0xa5,0x7a,0xde}, {0x35,0xb7,0x61,0xc9}, {0x3e,0xb9,0x68,0xc4},
-{0x0f,0x93,0x57,0xe7}, {0x04,0x9d,0x5e,0xea}, {0x19,0x8f,0x45,0xfd}, {0x12,0x81,0x4c,0xf0},
-{0xcb,0x3b,0xab,0x6b}, {0xc0,0x35,0xa2,0x66}, {0xdd,0x27,0xb9,0x71}, {0xd6,0x29,0xb0,0x7c},
-{0xe7,0x03,0x8f,0x5f}, {0xec,0x0d,0x86,0x52}, {0xf1,0x1f,0x9d,0x45}, {0xfa,0x11,0x94,0x48},
-{0x93,0x4b,0xe3,0x03}, {0x98,0x45,0xea,0x0e}, {0x85,0x57,0xf1,0x19}, {0x8e,0x59,0xf8,0x14},
-{0xbf,0x73,0xc7,0x37}, {0xb4,0x7d,0xce,0x3a}, {0xa9,0x6f,0xd5,0x2d}, {0xa2,0x61,0xdc,0x20},
-{0xf6,0xad,0x76,0x6d}, {0xfd,0xa3,0x7f,0x60}, {0xe0,0xb1,0x64,0x77}, {0xeb,0xbf,0x6d,0x7a},
-{0xda,0x95,0x52,0x59}, {0xd1,0x9b,0x5b,0x54}, {0xcc,0x89,0x40,0x43}, {0xc7,0x87,0x49,0x4e},
-{0xae,0xdd,0x3e,0x05}, {0xa5,0xd3,0x37,0x08}, {0xb8,0xc1,0x2c,0x1f}, {0xb3,0xcf,0x25,0x12},
-{0x82,0xe5,0x1a,0x31}, {0x89,0xeb,0x13,0x3c}, {0x94,0xf9,0x08,0x2b}, {0x9f,0xf7,0x01,0x26},
-{0x46,0x4d,0xe6,0xbd}, {0x4d,0x43,0xef,0xb0}, {0x50,0x51,0xf4,0xa7}, {0x5b,0x5f,0xfd,0xaa},
-{0x6a,0x75,0xc2,0x89}, {0x61,0x7b,0xcb,0x84}, {0x7c,0x69,0xd0,0x93}, {0x77,0x67,0xd9,0x9e},
-{0x1e,0x3d,0xae,0xd5}, {0x15,0x33,0xa7,0xd8}, {0x08,0x21,0xbc,0xcf}, {0x03,0x2f,0xb5,0xc2},
-{0x32,0x05,0x8a,0xe1}, {0x39,0x0b,0x83,0xec}, {0x24,0x19,0x98,0xfb}, {0x2f,0x17,0x91,0xf6},
-{0x8d,0x76,0x4d,0xd6}, {0x86,0x78,0x44,0xdb}, {0x9b,0x6a,0x5f,0xcc}, {0x90,0x64,0x56,0xc1},
-{0xa1,0x4e,0x69,0xe2}, {0xaa,0x40,0x60,0xef}, {0xb7,0x52,0x7b,0xf8}, {0xbc,0x5c,0x72,0xf5},
-{0xd5,0x06,0x05,0xbe}, {0xde,0x08,0x0c,0xb3}, {0xc3,0x1a,0x17,0xa4}, {0xc8,0x14,0x1e,0xa9},
-{0xf9,0x3e,0x21,0x8a}, {0xf2,0x30,0x28,0x87}, {0xef,0x22,0x33,0x90}, {0xe4,0x2c,0x3a,0x9d},
-{0x3d,0x96,0xdd,0x06}, {0x36,0x98,0xd4,0x0b}, {0x2b,0x8a,0xcf,0x1c}, {0x20,0x84,0xc6,0x11},
-{0x11,0xae,0xf9,0x32}, {0x1a,0xa0,0xf0,0x3f}, {0x07,0xb2,0xeb,0x28}, {0x0c,0xbc,0xe2,0x25},
-{0x65,0xe6,0x95,0x6e}, {0x6e,0xe8,0x9c,0x63}, {0x73,0xfa,0x87,0x74}, {0x78,0xf4,0x8e,0x79},
-{0x49,0xde,0xb1,0x5a}, {0x42,0xd0,0xb8,0x57}, {0x5f,0xc2,0xa3,0x40}, {0x54,0xcc,0xaa,0x4d},
-{0xf7,0x41,0xec,0xda}, {0xfc,0x4f,0xe5,0xd7}, {0xe1,0x5d,0xfe,0xc0}, {0xea,0x53,0xf7,0xcd},
-{0xdb,0x79,0xc8,0xee}, {0xd0,0x77,0xc1,0xe3}, {0xcd,0x65,0xda,0xf4}, {0xc6,0x6b,0xd3,0xf9},
-{0xaf,0x31,0xa4,0xb2}, {0xa4,0x3f,0xad,0xbf}, {0xb9,0x2d,0xb6,0xa8}, {0xb2,0x23,0xbf,0xa5},
-{0x83,0x09,0x80,0x86}, {0x88,0x07,0x89,0x8b}, {0x95,0x15,0x92,0x9c}, {0x9e,0x1b,0x9b,0x91},
-{0x47,0xa1,0x7c,0x0a}, {0x4c,0xaf,0x75,0x07}, {0x51,0xbd,0x6e,0x10}, {0x5a,0xb3,0x67,0x1d},
-{0x6b,0x99,0x58,0x3e}, {0x60,0x97,0x51,0x33}, {0x7d,0x85,0x4a,0x24}, {0x76,0x8b,0x43,0x29},
-{0x1f,0xd1,0x34,0x62}, {0x14,0xdf,0x3d,0x6f}, {0x09,0xcd,0x26,0x78}, {0x02,0xc3,0x2f,0x75},
-{0x33,0xe9,0x10,0x56}, {0x38,0xe7,0x19,0x5b}, {0x25,0xf5,0x02,0x4c}, {0x2e,0xfb,0x0b,0x41},
-{0x8c,0x9a,0xd7,0x61}, {0x87,0x94,0xde,0x6c}, {0x9a,0x86,0xc5,0x7b}, {0x91,0x88,0xcc,0x76},
-{0xa0,0xa2,0xf3,0x55}, {0xab,0xac,0xfa,0x58}, {0xb6,0xbe,0xe1,0x4f}, {0xbd,0xb0,0xe8,0x42},
-{0xd4,0xea,0x9f,0x09}, {0xdf,0xe4,0x96,0x04}, {0xc2,0xf6,0x8d,0x13}, {0xc9,0xf8,0x84,0x1e},
-{0xf8,0xd2,0xbb,0x3d}, {0xf3,0xdc,0xb2,0x30}, {0xee,0xce,0xa9,0x27}, {0xe5,0xc0,0xa0,0x2a},
-{0x3c,0x7a,0x47,0xb1}, {0x37,0x74,0x4e,0xbc}, {0x2a,0x66,0x55,0xab}, {0x21,0x68,0x5c,0xa6},
-{0x10,0x42,0x63,0x85}, {0x1b,0x4c,0x6a,0x88}, {0x06,0x5e,0x71,0x9f}, {0x0d,0x50,0x78,0x92},
-{0x64,0x0a,0x0f,0xd9}, {0x6f,0x04,0x06,0xd4}, {0x72,0x16,0x1d,0xc3}, {0x79,0x18,0x14,0xce},
-{0x48,0x32,0x2b,0xed}, {0x43,0x3c,0x22,0xe0}, {0x5e,0x2e,0x39,0xf7}, {0x55,0x20,0x30,0xfa},
-{0x01,0xec,0x9a,0xb7}, {0x0a,0xe2,0x93,0xba}, {0x17,0xf0,0x88,0xad}, {0x1c,0xfe,0x81,0xa0},
-{0x2d,0xd4,0xbe,0x83}, {0x26,0xda,0xb7,0x8e}, {0x3b,0xc8,0xac,0x99}, {0x30,0xc6,0xa5,0x94},
-{0x59,0x9c,0xd2,0xdf}, {0x52,0x92,0xdb,0xd2}, {0x4f,0x80,0xc0,0xc5}, {0x44,0x8e,0xc9,0xc8},
-{0x75,0xa4,0xf6,0xeb}, {0x7e,0xaa,0xff,0xe6}, {0x63,0xb8,0xe4,0xf1}, {0x68,0xb6,0xed,0xfc},
-{0xb1,0x0c,0x0a,0x67}, {0xba,0x02,0x03,0x6a}, {0xa7,0x10,0x18,0x7d}, {0xac,0x1e,0x11,0x70},
-{0x9d,0x34,0x2e,0x53}, {0x96,0x3a,0x27,0x5e}, {0x8b,0x28,0x3c,0x49}, {0x80,0x26,0x35,0x44},
-{0xe9,0x7c,0x42,0x0f}, {0xe2,0x72,0x4b,0x02}, {0xff,0x60,0x50,0x15}, {0xf4,0x6e,0x59,0x18},
-{0xc5,0x44,0x66,0x3b}, {0xce,0x4a,0x6f,0x36}, {0xd3,0x58,0x74,0x21}, {0xd8,0x56,0x7d,0x2c},
-{0x7a,0x37,0xa1,0x0c}, {0x71,0x39,0xa8,0x01}, {0x6c,0x2b,0xb3,0x16}, {0x67,0x25,0xba,0x1b},
-{0x56,0x0f,0x85,0x38}, {0x5d,0x01,0x8c,0x35}, {0x40,0x13,0x97,0x22}, {0x4b,0x1d,0x9e,0x2f},
-{0x22,0x47,0xe9,0x64}, {0x29,0x49,0xe0,0x69}, {0x34,0x5b,0xfb,0x7e}, {0x3f,0x55,0xf2,0x73},
-{0x0e,0x7f,0xcd,0x50}, {0x05,0x71,0xc4,0x5d}, {0x18,0x63,0xdf,0x4a}, {0x13,0x6d,0xd6,0x47},
-{0xca,0xd7,0x31,0xdc}, {0xc1,0xd9,0x38,0xd1}, {0xdc,0xcb,0x23,0xc6}, {0xd7,0xc5,0x2a,0xcb},
-{0xe6,0xef,0x15,0xe8}, {0xed,0xe1,0x1c,0xe5}, {0xf0,0xf3,0x07,0xf2}, {0xfb,0xfd,0x0e,0xff},
-{0x92,0xa7,0x79,0xb4}, {0x99,0xa9,0x70,0xb9}, {0x84,0xbb,0x6b,0xae}, {0x8f,0xb5,0x62,0xa3},
-{0xbe,0x9f,0x5d,0x80}, {0xb5,0x91,0x54,0x8d}, {0xa8,0x83,0x4f,0x9a}, {0xa3,0x8d,0x46,0x97}
-       }
-};
-#define        U2      xU2.xt8
-
-static const union xtab xU3 = {
-       .xt8 = {
-{0x00,0x00,0x00,0x00}, {0x0d,0x0b,0x0e,0x09}, {0x1a,0x16,0x1c,0x12}, {0x17,0x1d,0x12,0x1b},
-{0x34,0x2c,0x38,0x24}, {0x39,0x27,0x36,0x2d}, {0x2e,0x3a,0x24,0x36}, {0x23,0x31,0x2a,0x3f},
-{0x68,0x58,0x70,0x48}, {0x65,0x53,0x7e,0x41}, {0x72,0x4e,0x6c,0x5a}, {0x7f,0x45,0x62,0x53},
-{0x5c,0x74,0x48,0x6c}, {0x51,0x7f,0x46,0x65}, {0x46,0x62,0x54,0x7e}, {0x4b,0x69,0x5a,0x77},
-{0xd0,0xb0,0xe0,0x90}, {0xdd,0xbb,0xee,0x99}, {0xca,0xa6,0xfc,0x82}, {0xc7,0xad,0xf2,0x8b},
-{0xe4,0x9c,0xd8,0xb4}, {0xe9,0x97,0xd6,0xbd}, {0xfe,0x8a,0xc4,0xa6}, {0xf3,0x81,0xca,0xaf},
-{0xb8,0xe8,0x90,0xd8}, {0xb5,0xe3,0x9e,0xd1}, {0xa2,0xfe,0x8c,0xca}, {0xaf,0xf5,0x82,0xc3},
-{0x8c,0xc4,0xa8,0xfc}, {0x81,0xcf,0xa6,0xf5}, {0x96,0xd2,0xb4,0xee}, {0x9b,0xd9,0xba,0xe7},
-{0xbb,0x7b,0xdb,0x3b}, {0xb6,0x70,0xd5,0x32}, {0xa1,0x6d,0xc7,0x29}, {0xac,0x66,0xc9,0x20},
-{0x8f,0x57,0xe3,0x1f}, {0x82,0x5c,0xed,0x16}, {0x95,0x41,0xff,0x0d}, {0x98,0x4a,0xf1,0x04},
-{0xd3,0x23,0xab,0x73}, {0xde,0x28,0xa5,0x7a}, {0xc9,0x35,0xb7,0x61}, {0xc4,0x3e,0xb9,0x68},
-{0xe7,0x0f,0x93,0x57}, {0xea,0x04,0x9d,0x5e}, {0xfd,0x19,0x8f,0x45}, {0xf0,0x12,0x81,0x4c},
-{0x6b,0xcb,0x3b,0xab}, {0x66,0xc0,0x35,0xa2}, {0x71,0xdd,0x27,0xb9}, {0x7c,0xd6,0x29,0xb0},
-{0x5f,0xe7,0x03,0x8f}, {0x52,0xec,0x0d,0x86}, {0x45,0xf1,0x1f,0x9d}, {0x48,0xfa,0x11,0x94},
-{0x03,0x93,0x4b,0xe3}, {0x0e,0x98,0x45,0xea}, {0x19,0x85,0x57,0xf1}, {0x14,0x8e,0x59,0xf8},
-{0x37,0xbf,0x73,0xc7}, {0x3a,0xb4,0x7d,0xce}, {0x2d,0xa9,0x6f,0xd5}, {0x20,0xa2,0x61,0xdc},
-{0x6d,0xf6,0xad,0x76}, {0x60,0xfd,0xa3,0x7f}, {0x77,0xe0,0xb1,0x64}, {0x7a,0xeb,0xbf,0x6d},
-{0x59,0xda,0x95,0x52}, {0x54,0xd1,0x9b,0x5b}, {0x43,0xcc,0x89,0x40}, {0x4e,0xc7,0x87,0x49},
-{0x05,0xae,0xdd,0x3e}, {0x08,0xa5,0xd3,0x37}, {0x1f,0xb8,0xc1,0x2c}, {0x12,0xb3,0xcf,0x25},
-{0x31,0x82,0xe5,0x1a}, {0x3c,0x89,0xeb,0x13}, {0x2b,0x94,0xf9,0x08}, {0x26,0x9f,0xf7,0x01},
-{0xbd,0x46,0x4d,0xe6}, {0xb0,0x4d,0x43,0xef}, {0xa7,0x50,0x51,0xf4}, {0xaa,0x5b,0x5f,0xfd},
-{0x89,0x6a,0x75,0xc2}, {0x84,0x61,0x7b,0xcb}, {0x93,0x7c,0x69,0xd0}, {0x9e,0x77,0x67,0xd9},
-{0xd5,0x1e,0x3d,0xae}, {0xd8,0x15,0x33,0xa7}, {0xcf,0x08,0x21,0xbc}, {0xc2,0x03,0x2f,0xb5},
-{0xe1,0x32,0x05,0x8a}, {0xec,0x39,0x0b,0x83}, {0xfb,0x24,0x19,0x98}, {0xf6,0x2f,0x17,0x91},
-{0xd6,0x8d,0x76,0x4d}, {0xdb,0x86,0x78,0x44}, {0xcc,0x9b,0x6a,0x5f}, {0xc1,0x90,0x64,0x56},
-{0xe2,0xa1,0x4e,0x69}, {0xef,0xaa,0x40,0x60}, {0xf8,0xb7,0x52,0x7b}, {0xf5,0xbc,0x5c,0x72},
-{0xbe,0xd5,0x06,0x05}, {0xb3,0xde,0x08,0x0c}, {0xa4,0xc3,0x1a,0x17}, {0xa9,0xc8,0x14,0x1e},
-{0x8a,0xf9,0x3e,0x21}, {0x87,0xf2,0x30,0x28}, {0x90,0xef,0x22,0x33}, {0x9d,0xe4,0x2c,0x3a},
-{0x06,0x3d,0x96,0xdd}, {0x0b,0x36,0x98,0xd4}, {0x1c,0x2b,0x8a,0xcf}, {0x11,0x20,0x84,0xc6},
-{0x32,0x11,0xae,0xf9}, {0x3f,0x1a,0xa0,0xf0}, {0x28,0x07,0xb2,0xeb}, {0x25,0x0c,0xbc,0xe2},
-{0x6e,0x65,0xe6,0x95}, {0x63,0x6e,0xe8,0x9c}, {0x74,0x73,0xfa,0x87}, {0x79,0x78,0xf4,0x8e},
-{0x5a,0x49,0xde,0xb1}, {0x57,0x42,0xd0,0xb8}, {0x40,0x5f,0xc2,0xa3}, {0x4d,0x54,0xcc,0xaa},
-{0xda,0xf7,0x41,0xec}, {0xd7,0xfc,0x4f,0xe5}, {0xc0,0xe1,0x5d,0xfe}, {0xcd,0xea,0x53,0xf7},
-{0xee,0xdb,0x79,0xc8}, {0xe3,0xd0,0x77,0xc1}, {0xf4,0xcd,0x65,0xda}, {0xf9,0xc6,0x6b,0xd3},
-{0xb2,0xaf,0x31,0xa4}, {0xbf,0xa4,0x3f,0xad}, {0xa8,0xb9,0x2d,0xb6}, {0xa5,0xb2,0x23,0xbf},
-{0x86,0x83,0x09,0x80}, {0x8b,0x88,0x07,0x89}, {0x9c,0x95,0x15,0x92}, {0x91,0x9e,0x1b,0x9b},
-{0x0a,0x47,0xa1,0x7c}, {0x07,0x4c,0xaf,0x75}, {0x10,0x51,0xbd,0x6e}, {0x1d,0x5a,0xb3,0x67},
-{0x3e,0x6b,0x99,0x58}, {0x33,0x60,0x97,0x51}, {0x24,0x7d,0x85,0x4a}, {0x29,0x76,0x8b,0x43},
-{0x62,0x1f,0xd1,0x34}, {0x6f,0x14,0xdf,0x3d}, {0x78,0x09,0xcd,0x26}, {0x75,0x02,0xc3,0x2f},
-{0x56,0x33,0xe9,0x10}, {0x5b,0x38,0xe7,0x19}, {0x4c,0x25,0xf5,0x02}, {0x41,0x2e,0xfb,0x0b},
-{0x61,0x8c,0x9a,0xd7}, {0x6c,0x87,0x94,0xde}, {0x7b,0x9a,0x86,0xc5}, {0x76,0x91,0x88,0xcc},
-{0x55,0xa0,0xa2,0xf3}, {0x58,0xab,0xac,0xfa}, {0x4f,0xb6,0xbe,0xe1}, {0x42,0xbd,0xb0,0xe8},
-{0x09,0xd4,0xea,0x9f}, {0x04,0xdf,0xe4,0x96}, {0x13,0xc2,0xf6,0x8d}, {0x1e,0xc9,0xf8,0x84},
-{0x3d,0xf8,0xd2,0xbb}, {0x30,0xf3,0xdc,0xb2}, {0x27,0xee,0xce,0xa9}, {0x2a,0xe5,0xc0,0xa0},
-{0xb1,0x3c,0x7a,0x47}, {0xbc,0x37,0x74,0x4e}, {0xab,0x2a,0x66,0x55}, {0xa6,0x21,0x68,0x5c},
-{0x85,0x10,0x42,0x63}, {0x88,0x1b,0x4c,0x6a}, {0x9f,0x06,0x5e,0x71}, {0x92,0x0d,0x50,0x78},
-{0xd9,0x64,0x0a,0x0f}, {0xd4,0x6f,0x04,0x06}, {0xc3,0x72,0x16,0x1d}, {0xce,0x79,0x18,0x14},
-{0xed,0x48,0x32,0x2b}, {0xe0,0x43,0x3c,0x22}, {0xf7,0x5e,0x2e,0x39}, {0xfa,0x55,0x20,0x30},
-{0xb7,0x01,0xec,0x9a}, {0xba,0x0a,0xe2,0x93}, {0xad,0x17,0xf0,0x88}, {0xa0,0x1c,0xfe,0x81},
-{0x83,0x2d,0xd4,0xbe}, {0x8e,0x26,0xda,0xb7}, {0x99,0x3b,0xc8,0xac}, {0x94,0x30,0xc6,0xa5},
-{0xdf,0x59,0x9c,0xd2}, {0xd2,0x52,0x92,0xdb}, {0xc5,0x4f,0x80,0xc0}, {0xc8,0x44,0x8e,0xc9},
-{0xeb,0x75,0xa4,0xf6}, {0xe6,0x7e,0xaa,0xff}, {0xf1,0x63,0xb8,0xe4}, {0xfc,0x68,0xb6,0xed},
-{0x67,0xb1,0x0c,0x0a}, {0x6a,0xba,0x02,0x03}, {0x7d,0xa7,0x10,0x18}, {0x70,0xac,0x1e,0x11},
-{0x53,0x9d,0x34,0x2e}, {0x5e,0x96,0x3a,0x27}, {0x49,0x8b,0x28,0x3c}, {0x44,0x80,0x26,0x35},
-{0x0f,0xe9,0x7c,0x42}, {0x02,0xe2,0x72,0x4b}, {0x15,0xff,0x60,0x50}, {0x18,0xf4,0x6e,0x59},
-{0x3b,0xc5,0x44,0x66}, {0x36,0xce,0x4a,0x6f}, {0x21,0xd3,0x58,0x74}, {0x2c,0xd8,0x56,0x7d},
-{0x0c,0x7a,0x37,0xa1}, {0x01,0x71,0x39,0xa8}, {0x16,0x6c,0x2b,0xb3}, {0x1b,0x67,0x25,0xba},
-{0x38,0x56,0x0f,0x85}, {0x35,0x5d,0x01,0x8c}, {0x22,0x40,0x13,0x97}, {0x2f,0x4b,0x1d,0x9e},
-{0x64,0x22,0x47,0xe9}, {0x69,0x29,0x49,0xe0}, {0x7e,0x34,0x5b,0xfb}, {0x73,0x3f,0x55,0xf2},
-{0x50,0x0e,0x7f,0xcd}, {0x5d,0x05,0x71,0xc4}, {0x4a,0x18,0x63,0xdf}, {0x47,0x13,0x6d,0xd6},
-{0xdc,0xca,0xd7,0x31}, {0xd1,0xc1,0xd9,0x38}, {0xc6,0xdc,0xcb,0x23}, {0xcb,0xd7,0xc5,0x2a},
-{0xe8,0xe6,0xef,0x15}, {0xe5,0xed,0xe1,0x1c}, {0xf2,0xf0,0xf3,0x07}, {0xff,0xfb,0xfd,0x0e},
-{0xb4,0x92,0xa7,0x79}, {0xb9,0x99,0xa9,0x70}, {0xae,0x84,0xbb,0x6b}, {0xa3,0x8f,0xb5,0x62},
-{0x80,0xbe,0x9f,0x5d}, {0x8d,0xb5,0x91,0x54}, {0x9a,0xa8,0x83,0x4f}, {0x97,0xa3,0x8d,0x46}
-       }
-};
-#define        U3      xU3.xt8
-
-static const union xtab xU4 = {
-       .xt8 = {
-{0x00,0x00,0x00,0x00}, {0x09,0x0d,0x0b,0x0e}, {0x12,0x1a,0x16,0x1c}, {0x1b,0x17,0x1d,0x12},
-{0x24,0x34,0x2c,0x38}, {0x2d,0x39,0x27,0x36}, {0x36,0x2e,0x3a,0x24}, {0x3f,0x23,0x31,0x2a},
-{0x48,0x68,0x58,0x70}, {0x41,0x65,0x53,0x7e}, {0x5a,0x72,0x4e,0x6c}, {0x53,0x7f,0x45,0x62},
-{0x6c,0x5c,0x74,0x48}, {0x65,0x51,0x7f,0x46}, {0x7e,0x46,0x62,0x54}, {0x77,0x4b,0x69,0x5a},
-{0x90,0xd0,0xb0,0xe0}, {0x99,0xdd,0xbb,0xee}, {0x82,0xca,0xa6,0xfc}, {0x8b,0xc7,0xad,0xf2},
-{0xb4,0xe4,0x9c,0xd8}, {0xbd,0xe9,0x97,0xd6}, {0xa6,0xfe,0x8a,0xc4}, {0xaf,0xf3,0x81,0xca},
-{0xd8,0xb8,0xe8,0x90}, {0xd1,0xb5,0xe3,0x9e}, {0xca,0xa2,0xfe,0x8c}, {0xc3,0xaf,0xf5,0x82},
-{0xfc,0x8c,0xc4,0xa8}, {0xf5,0x81,0xcf,0xa6}, {0xee,0x96,0xd2,0xb4}, {0xe7,0x9b,0xd9,0xba},
-{0x3b,0xbb,0x7b,0xdb}, {0x32,0xb6,0x70,0xd5}, {0x29,0xa1,0x6d,0xc7}, {0x20,0xac,0x66,0xc9},
-{0x1f,0x8f,0x57,0xe3}, {0x16,0x82,0x5c,0xed}, {0x0d,0x95,0x41,0xff}, {0x04,0x98,0x4a,0xf1},
-{0x73,0xd3,0x23,0xab}, {0x7a,0xde,0x28,0xa5}, {0x61,0xc9,0x35,0xb7}, {0x68,0xc4,0x3e,0xb9},
-{0x57,0xe7,0x0f,0x93}, {0x5e,0xea,0x04,0x9d}, {0x45,0xfd,0x19,0x8f}, {0x4c,0xf0,0x12,0x81},
-{0xab,0x6b,0xcb,0x3b}, {0xa2,0x66,0xc0,0x35}, {0xb9,0x71,0xdd,0x27}, {0xb0,0x7c,0xd6,0x29},
-{0x8f,0x5f,0xe7,0x03}, {0x86,0x52,0xec,0x0d}, {0x9d,0x45,0xf1,0x1f}, {0x94,0x48,0xfa,0x11},
-{0xe3,0x03,0x93,0x4b}, {0xea,0x0e,0x98,0x45}, {0xf1,0x19,0x85,0x57}, {0xf8,0x14,0x8e,0x59},
-{0xc7,0x37,0xbf,0x73}, {0xce,0x3a,0xb4,0x7d}, {0xd5,0x2d,0xa9,0x6f}, {0xdc,0x20,0xa2,0x61},
-{0x76,0x6d,0xf6,0xad}, {0x7f,0x60,0xfd,0xa3}, {0x64,0x77,0xe0,0xb1}, {0x6d,0x7a,0xeb,0xbf},
-{0x52,0x59,0xda,0x95}, {0x5b,0x54,0xd1,0x9b}, {0x40,0x43,0xcc,0x89}, {0x49,0x4e,0xc7,0x87},
-{0x3e,0x05,0xae,0xdd}, {0x37,0x08,0xa5,0xd3}, {0x2c,0x1f,0xb8,0xc1}, {0x25,0x12,0xb3,0xcf},
-{0x1a,0x31,0x82,0xe5}, {0x13,0x3c,0x89,0xeb}, {0x08,0x2b,0x94,0xf9}, {0x01,0x26,0x9f,0xf7},
-{0xe6,0xbd,0x46,0x4d}, {0xef,0xb0,0x4d,0x43}, {0xf4,0xa7,0x50,0x51}, {0xfd,0xaa,0x5b,0x5f},
-{0xc2,0x89,0x6a,0x75}, {0xcb,0x84,0x61,0x7b}, {0xd0,0x93,0x7c,0x69}, {0xd9,0x9e,0x77,0x67},
-{0xae,0xd5,0x1e,0x3d}, {0xa7,0xd8,0x15,0x33}, {0xbc,0xcf,0x08,0x21}, {0xb5,0xc2,0x03,0x2f},
-{0x8a,0xe1,0x32,0x05}, {0x83,0xec,0x39,0x0b}, {0x98,0xfb,0x24,0x19}, {0x91,0xf6,0x2f,0x17},
-{0x4d,0xd6,0x8d,0x76}, {0x44,0xdb,0x86,0x78}, {0x5f,0xcc,0x9b,0x6a}, {0x56,0xc1,0x90,0x64},
-{0x69,0xe2,0xa1,0x4e}, {0x60,0xef,0xaa,0x40}, {0x7b,0xf8,0xb7,0x52}, {0x72,0xf5,0xbc,0x5c},
-{0x05,0xbe,0xd5,0x06}, {0x0c,0xb3,0xde,0x08}, {0x17,0xa4,0xc3,0x1a}, {0x1e,0xa9,0xc8,0x14},
-{0x21,0x8a,0xf9,0x3e}, {0x28,0x87,0xf2,0x30}, {0x33,0x90,0xef,0x22}, {0x3a,0x9d,0xe4,0x2c},
-{0xdd,0x06,0x3d,0x96}, {0xd4,0x0b,0x36,0x98}, {0xcf,0x1c,0x2b,0x8a}, {0xc6,0x11,0x20,0x84},
-{0xf9,0x32,0x11,0xae}, {0xf0,0x3f,0x1a,0xa0}, {0xeb,0x28,0x07,0xb2}, {0xe2,0x25,0x0c,0xbc},
-{0x95,0x6e,0x65,0xe6}, {0x9c,0x63,0x6e,0xe8}, {0x87,0x74,0x73,0xfa}, {0x8e,0x79,0x78,0xf4},
-{0xb1,0x5a,0x49,0xde}, {0xb8,0x57,0x42,0xd0}, {0xa3,0x40,0x5f,0xc2}, {0xaa,0x4d,0x54,0xcc},
-{0xec,0xda,0xf7,0x41}, {0xe5,0xd7,0xfc,0x4f}, {0xfe,0xc0,0xe1,0x5d}, {0xf7,0xcd,0xea,0x53},
-{0xc8,0xee,0xdb,0x79}, {0xc1,0xe3,0xd0,0x77}, {0xda,0xf4,0xcd,0x65}, {0xd3,0xf9,0xc6,0x6b},
-{0xa4,0xb2,0xaf,0x31}, {0xad,0xbf,0xa4,0x3f}, {0xb6,0xa8,0xb9,0x2d}, {0xbf,0xa5,0xb2,0x23},
-{0x80,0x86,0x83,0x09}, {0x89,0x8b,0x88,0x07}, {0x92,0x9c,0x95,0x15}, {0x9b,0x91,0x9e,0x1b},
-{0x7c,0x0a,0x47,0xa1}, {0x75,0x07,0x4c,0xaf}, {0x6e,0x10,0x51,0xbd}, {0x67,0x1d,0x5a,0xb3},
-{0x58,0x3e,0x6b,0x99}, {0x51,0x33,0x60,0x97}, {0x4a,0x24,0x7d,0x85}, {0x43,0x29,0x76,0x8b},
-{0x34,0x62,0x1f,0xd1}, {0x3d,0x6f,0x14,0xdf}, {0x26,0x78,0x09,0xcd}, {0x2f,0x75,0x02,0xc3},
-{0x10,0x56,0x33,0xe9}, {0x19,0x5b,0x38,0xe7}, {0x02,0x4c,0x25,0xf5}, {0x0b,0x41,0x2e,0xfb},
-{0xd7,0x61,0x8c,0x9a}, {0xde,0x6c,0x87,0x94}, {0xc5,0x7b,0x9a,0x86}, {0xcc,0x76,0x91,0x88},
-{0xf3,0x55,0xa0,0xa2}, {0xfa,0x58,0xab,0xac}, {0xe1,0x4f,0xb6,0xbe}, {0xe8,0x42,0xbd,0xb0},
-{0x9f,0x09,0xd4,0xea}, {0x96,0x04,0xdf,0xe4}, {0x8d,0x13,0xc2,0xf6}, {0x84,0x1e,0xc9,0xf8},
-{0xbb,0x3d,0xf8,0xd2}, {0xb2,0x30,0xf3,0xdc}, {0xa9,0x27,0xee,0xce}, {0xa0,0x2a,0xe5,0xc0},
-{0x47,0xb1,0x3c,0x7a}, {0x4e,0xbc,0x37,0x74}, {0x55,0xab,0x2a,0x66}, {0x5c,0xa6,0x21,0x68},
-{0x63,0x85,0x10,0x42}, {0x6a,0x88,0x1b,0x4c}, {0x71,0x9f,0x06,0x5e}, {0x78,0x92,0x0d,0x50},
-{0x0f,0xd9,0x64,0x0a}, {0x06,0xd4,0x6f,0x04}, {0x1d,0xc3,0x72,0x16}, {0x14,0xce,0x79,0x18},
-{0x2b,0xed,0x48,0x32}, {0x22,0xe0,0x43,0x3c}, {0x39,0xf7,0x5e,0x2e}, {0x30,0xfa,0x55,0x20},
-{0x9a,0xb7,0x01,0xec}, {0x93,0xba,0x0a,0xe2}, {0x88,0xad,0x17,0xf0}, {0x81,0xa0,0x1c,0xfe},
-{0xbe,0x83,0x2d,0xd4}, {0xb7,0x8e,0x26,0xda}, {0xac,0x99,0x3b,0xc8}, {0xa5,0x94,0x30,0xc6},
-{0xd2,0xdf,0x59,0x9c}, {0xdb,0xd2,0x52,0x92}, {0xc0,0xc5,0x4f,0x80}, {0xc9,0xc8,0x44,0x8e},
-{0xf6,0xeb,0x75,0xa4}, {0xff,0xe6,0x7e,0xaa}, {0xe4,0xf1,0x63,0xb8}, {0xed,0xfc,0x68,0xb6},
-{0x0a,0x67,0xb1,0x0c}, {0x03,0x6a,0xba,0x02}, {0x18,0x7d,0xa7,0x10}, {0x11,0x70,0xac,0x1e},
-{0x2e,0x53,0x9d,0x34}, {0x27,0x5e,0x96,0x3a}, {0x3c,0x49,0x8b,0x28}, {0x35,0x44,0x80,0x26},
-{0x42,0x0f,0xe9,0x7c}, {0x4b,0x02,0xe2,0x72}, {0x50,0x15,0xff,0x60}, {0x59,0x18,0xf4,0x6e},
-{0x66,0x3b,0xc5,0x44}, {0x6f,0x36,0xce,0x4a}, {0x74,0x21,0xd3,0x58}, {0x7d,0x2c,0xd8,0x56},
-{0xa1,0x0c,0x7a,0x37}, {0xa8,0x01,0x71,0x39}, {0xb3,0x16,0x6c,0x2b}, {0xba,0x1b,0x67,0x25},
-{0x85,0x38,0x56,0x0f}, {0x8c,0x35,0x5d,0x01}, {0x97,0x22,0x40,0x13}, {0x9e,0x2f,0x4b,0x1d},
-{0xe9,0x64,0x22,0x47}, {0xe0,0x69,0x29,0x49}, {0xfb,0x7e,0x34,0x5b}, {0xf2,0x73,0x3f,0x55},
-{0xcd,0x50,0x0e,0x7f}, {0xc4,0x5d,0x05,0x71}, {0xdf,0x4a,0x18,0x63}, {0xd6,0x47,0x13,0x6d},
-{0x31,0xdc,0xca,0xd7}, {0x38,0xd1,0xc1,0xd9}, {0x23,0xc6,0xdc,0xcb}, {0x2a,0xcb,0xd7,0xc5},
-{0x15,0xe8,0xe6,0xef}, {0x1c,0xe5,0xed,0xe1}, {0x07,0xf2,0xf0,0xf3}, {0x0e,0xff,0xfb,0xfd},
-{0x79,0xb4,0x92,0xa7}, {0x70,0xb9,0x99,0xa9}, {0x6b,0xae,0x84,0xbb}, {0x62,0xa3,0x8f,0xb5},
-{0x5d,0x80,0xbe,0x9f}, {0x54,0x8d,0xb5,0x91}, {0x4f,0x9a,0xa8,0x83}, {0x46,0x97,0xa3,0x8d}
-       }
-};
-#define        U4      xU4.xt8
-
-static const word32 rcon[30] = { 
-  0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
-};
index 9426e4a..7ec54cd 100644 (file)
-/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-alg-fst.c,v 1.3.2.1 2001/07/03 11:01:35 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/rijndael/rijndael-alg-fst.c,v 1.2 2003/06/17 04:28:20 dillon Exp $   */
-/*     $KAME: rijndael-alg-fst.c,v 1.7 2001/05/27 00:23:23 itojun Exp $        */
-
-/*
- * rijndael-alg-fst.c   v2.3   April '2000
+/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-alg-fst.c,v 1.11 2005/08/17 07:59:07 pjd Exp $       */
+/*     $KAME: rijndael-alg-fst.c,v 1.10 2003/07/15 10:47:16 itojun Exp $       */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
  *
- * Optimised ANSI C code
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
  *
- * authors: v1.0: Antoon Bosselaers
- *          v2.0: Vincent Rijmen
- *          v2.3: Paulo Barreto
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
  *
- * This code is placed in the public domain.
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <sys/cdefs.h>
 #include <sys/types.h>
 #ifdef _KERNEL
+#include <sys/param.h>
 #include <sys/systm.h>
 #else
 #include <string.h>
+#include <assert.h>
+#define        KASSERT(exp, msg)       assert(exp)
 #endif
-#include <crypto/rijndael/rijndael-alg-fst.h>
-#include <crypto/rijndael/rijndael_local.h>
 
-#include <crypto/rijndael/boxes-fst.dat>
-
-int rijndaelKeySched(word8 k[MAXKC][4], word8 W[MAXROUNDS+1][4][4], int ROUNDS) {
-       /* Calculate the necessary round keys
-        * The number of calculations depends on keyBits and blockBits
-        */ 
-       int j, r, t, rconpointer = 0;
-       union {
-               word8   x8[MAXKC][4];
-               word32  x32[MAXKC];
-       } xtk;
-#define        tk      xtk.x8
-       int KC = ROUNDS - 6;
+#include <crypto/rijndael/rijndael.h>
+#include <crypto/rijndael/rijndael_local.h>
 
-       for (j = KC-1; j >= 0; j--) {
-               *((word32*)tk[j]) = *((word32*)k[j]);
-       }
-       r = 0;
-       t = 0;
-       /* copy values into round key array */
-       for (j = 0; (j < KC) && (r < ROUNDS + 1); ) {
-               for (; (j < KC) && (t < 4); j++, t++) {
-                       *((word32*)W[r][t]) = *((word32*)tk[j]);
-               }
-               if (t == 4) {
-                       r++;
-                       t = 0;
-               }
-       }
-               
-       while (r < ROUNDS + 1) { /* while not enough round key material calculated */
-               /* calculate new values */
-               tk[0][0] ^= S[tk[KC-1][1]];
-               tk[0][1] ^= S[tk[KC-1][2]];
-               tk[0][2] ^= S[tk[KC-1][3]];
-               tk[0][3] ^= S[tk[KC-1][0]];
-               tk[0][0] ^= rcon[rconpointer++];
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
 
-               if (KC != 8) {
-                       for (j = 1; j < KC; j++) {
-                               *((word32*)tk[j]) ^= *((word32*)tk[j-1]);
-                       }
-               } else {
-                       for (j = 1; j < KC/2; j++) {
-                               *((word32*)tk[j]) ^= *((word32*)tk[j-1]);
-                       }
-                       tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
-                       tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
-                       tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
-                       tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
-                       for (j = KC/2 + 1; j < KC; j++) {
-                               *((word32*)tk[j]) ^= *((word32*)tk[j-1]);
-                       }
-               }
-               /* copy values into round key array */
-               for (j = 0; (j < KC) && (r < ROUNDS + 1); ) {
-                       for (; (j < KC) && (t < 4); j++, t++) {
-                               *((word32*)W[r][t]) = *((word32*)tk[j]);
-                       }
-                       if (t == 4) {
-                               r++;
-                               t = 0;
-                       }
-               }
-       }               
-       return 0;
-#undef tk
-}
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
 
-int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS) {
-       int r;
-       word8 *w;
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
 
-       for (r = 1; r < ROUNDS; r++) {
-               w = W[r][0];
-               *((word32*)w) =
-                         *((const word32*)U1[w[0]])
-                       ^ *((const word32*)U2[w[1]])
-                       ^ *((const word32*)U3[w[2]])
-                       ^ *((const word32*)U4[w[3]]);
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
 
-               w = W[r][1];
-               *((word32*)w) =
-                         *((const word32*)U1[w[0]])
-                       ^ *((const word32*)U2[w[1]])
-                       ^ *((const word32*)U3[w[2]])
-                       ^ *((const word32*)U4[w[3]]);
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+       0x01000000, 0x02000000, 0x04000000, 0x08000000,
+       0x10000000, 0x20000000, 0x40000000, 0x80000000,
+       0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
 
-               w = W[r][2];
-               *((word32*)w) =
-                         *((const word32*)U1[w[0]])
-                       ^ *((const word32*)U2[w[1]])
-                       ^ *((const word32*)U3[w[2]])
-                       ^ *((const word32*)U4[w[3]]);
+#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 
-               w = W[r][3];
-               *((word32*)w) =
-                         *((const word32*)U1[w[0]])
-                       ^ *((const word32*)U2[w[1]])
-                       ^ *((const word32*)U3[w[2]])
-                       ^ *((const word32*)U4[w[3]]);
-       }
-       return 0;
-}      
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
 
 /**
- * Encrypt a single block. 
+ * Expand the cipher key into the encryption key schedule.
+ *
+ * @return     the number of rounds for the given cipher key size.
  */
-int rijndaelEncrypt(word8 in[16], word8 out[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) {
-       int r;
-       union {
-               word8   x8[16];
-               word32  x32[4];
-       } xa, xb;
-#define        a       xa.x8
-#define        b       xb.x8
-       union {
-               word8   x8[4][4];
-               word32  x32[4];
-       } xtemp;
-#define        temp    xtemp.x8
-
-    memcpy(a, in, sizeof a);
-
-    *((word32*)temp[0]) = *((word32*)(a   )) ^ *((word32*)rk[0][0]);
-    *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[0][1]);
-    *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[0][2]);
-    *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[0][3]);
-    *((word32*)(b    )) = *((const word32*)T1[temp[0][0]])
-                                       ^ *((const word32*)T2[temp[1][1]])
-                                       ^ *((const word32*)T3[temp[2][2]]) 
-                                       ^ *((const word32*)T4[temp[3][3]]);
-    *((word32*)(b + 4)) = *((const word32*)T1[temp[1][0]])
-                                       ^ *((const word32*)T2[temp[2][1]])
-                                       ^ *((const word32*)T3[temp[3][2]]) 
-                                       ^ *((const word32*)T4[temp[0][3]]);
-    *((word32*)(b + 8)) = *((const word32*)T1[temp[2][0]])
-                                       ^ *((const word32*)T2[temp[3][1]])
-                                       ^ *((const word32*)T3[temp[0][2]]) 
-                                       ^ *((const word32*)T4[temp[1][3]]);
-    *((word32*)(b +12)) = *((const word32*)T1[temp[3][0]])
-                                       ^ *((const word32*)T2[temp[0][1]])
-                                       ^ *((const word32*)T3[temp[1][2]]) 
-                                       ^ *((const word32*)T4[temp[2][3]]);
-       for (r = 1; r < ROUNDS-1; r++) {
-               *((word32*)temp[0]) = *((word32*)(b   )) ^ *((word32*)rk[r][0]);
-               *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]);
-               *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]);
-               *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]);
+int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
+       int i = 0;
+       u32 temp;
 
-               *((word32*)(b    )) = *((const word32*)T1[temp[0][0]])
-                                       ^ *((const word32*)T2[temp[1][1]])
-                                       ^ *((const word32*)T3[temp[2][2]]) 
-                                       ^ *((const word32*)T4[temp[3][3]]);
-               *((word32*)(b + 4)) = *((const word32*)T1[temp[1][0]])
-                                       ^ *((const word32*)T2[temp[2][1]])
-                                       ^ *((const word32*)T3[temp[3][2]]) 
-                                       ^ *((const word32*)T4[temp[0][3]]);
-               *((word32*)(b + 8)) = *((const word32*)T1[temp[2][0]])
-                                       ^ *((const word32*)T2[temp[3][1]])
-                                       ^ *((const word32*)T3[temp[0][2]]) 
-                                       ^ *((const word32*)T4[temp[1][3]]);
-               *((word32*)(b +12)) = *((const word32*)T1[temp[3][0]])
-                                       ^ *((const word32*)T2[temp[0][1]])
-                                       ^ *((const word32*)T3[temp[1][2]]) 
-                                       ^ *((const word32*)T4[temp[2][3]]);
+       KASSERT(keyBits == 128 || keyBits == 192 || keyBits == 256,
+           ("Invalid key size (%d).", keyBits));
+       rk[0] = GETU32(cipherKey     );
+       rk[1] = GETU32(cipherKey +  4);
+       rk[2] = GETU32(cipherKey +  8);
+       rk[3] = GETU32(cipherKey + 12);
+       if (keyBits == 128) {
+               for (;;) {
+                       temp  = rk[3];
+                       rk[4] = rk[0] ^
+                               (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                               (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                               (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                               (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                               rcon[i];
+                       rk[5] = rk[1] ^ rk[4];
+                       rk[6] = rk[2] ^ rk[5];
+                       rk[7] = rk[3] ^ rk[6];
+                       if (++i == 10) {
+                               return 10;
+                       }
+                       rk += 4;
+               }
        }
-       /* last round is special */   
-       *((word32*)temp[0]) = *((word32*)(b   )) ^ *((word32*)rk[ROUNDS-1][0]);
-       *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[ROUNDS-1][1]);
-       *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[ROUNDS-1][2]);
-       *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[ROUNDS-1][3]);
-       b[ 0] = T1[temp[0][0]][1];
-       b[ 1] = T1[temp[1][1]][1];
-       b[ 2] = T1[temp[2][2]][1];
-       b[ 3] = T1[temp[3][3]][1];
-       b[ 4] = T1[temp[1][0]][1];
-       b[ 5] = T1[temp[2][1]][1];
-       b[ 6] = T1[temp[3][2]][1];
-       b[ 7] = T1[temp[0][3]][1];
-       b[ 8] = T1[temp[2][0]][1];
-       b[ 9] = T1[temp[3][1]][1];
-       b[10] = T1[temp[0][2]][1];
-       b[11] = T1[temp[1][3]][1];
-       b[12] = T1[temp[3][0]][1];
-       b[13] = T1[temp[0][1]][1];
-       b[14] = T1[temp[1][2]][1];
-       b[15] = T1[temp[2][3]][1];
-       *((word32*)(b   )) ^= *((word32*)rk[ROUNDS][0]);
-       *((word32*)(b+ 4)) ^= *((word32*)rk[ROUNDS][1]);
-       *((word32*)(b+ 8)) ^= *((word32*)rk[ROUNDS][2]);
-       *((word32*)(b+12)) ^= *((word32*)rk[ROUNDS][3]);
-
-       memcpy(out, b, sizeof b /* XXX out */);
+       rk[4] = GETU32(cipherKey + 16);
+       rk[5] = GETU32(cipherKey + 20);
+       if (keyBits == 192) {
+               for (;;) {
+                       temp = rk[ 5];
+                       rk[ 6] = rk[ 0] ^
+                               (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                               (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                               (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                               (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                               rcon[i];
+                       rk[ 7] = rk[ 1] ^ rk[ 6];
+                       rk[ 8] = rk[ 2] ^ rk[ 7];
+                       rk[ 9] = rk[ 3] ^ rk[ 8];
+                       if (++i == 8) {
+                               return 12;
+                       }
+                       rk[10] = rk[ 4] ^ rk[ 9];
+                       rk[11] = rk[ 5] ^ rk[10];
+                       rk += 6;
+               }
+       }
+       rk[6] = GETU32(cipherKey + 24);
+       rk[7] = GETU32(cipherKey + 28);
+       if (keyBits == 256) {
+        for (;;) {
+               temp = rk[ 7];
+               rk[ 8] = rk[ 0] ^
+                       (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                       (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                       (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                       (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                       rcon[i];
+               rk[ 9] = rk[ 1] ^ rk[ 8];
+               rk[10] = rk[ 2] ^ rk[ 9];
+               rk[11] = rk[ 3] ^ rk[10];
+                       if (++i == 7) {
+                               return 14;
+                       }
+               temp = rk[11];
+               rk[12] = rk[ 4] ^
+                       (Te4[(temp >> 24)       ] & 0xff000000) ^
+                       (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                       (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                       (Te4[(temp      ) & 0xff] & 0x000000ff);
+               rk[13] = rk[ 5] ^ rk[12];
+               rk[14] = rk[ 6] ^ rk[13];
+               rk[15] = rk[ 7] ^ rk[14];
 
+                       rk += 8;
+        }
+       }
        return 0;
-#undef a
-#undef b
-#undef temp
 }
 
-#ifdef INTERMEDIATE_VALUE_KAT
 /**
- * Encrypt only a certain number of rounds.
- * Only used in the Intermediate Value Known Answer Test.
+ * Expand the cipher key into the decryption key schedule.
+ *
+ * @return     the number of rounds for the given cipher key size.
  */
-int rijndaelEncryptRound(word8 a[4][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS, int rounds) {
-       int r;
-       word8 temp[4][4];
+int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
+       int Nr, i, j;
+       u32 temp;
 
-       /* make number of rounds sane */
-       if (rounds > ROUNDS) {
-               rounds = ROUNDS;
+       /* expand the cipher key: */
+       Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
+       /* invert the order of the round keys: */
+       for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
+               temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+               temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+               temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+               temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
        }
-
-       *((word32*)a[0]) = *((word32*)a[0]) ^ *((word32*)rk[0][0]);
-       *((word32*)a[1]) = *((word32*)a[1]) ^ *((word32*)rk[0][1]);
-       *((word32*)a[2]) = *((word32*)a[2]) ^ *((word32*)rk[0][2]);
-       *((word32*)a[3]) = *((word32*)a[3]) ^ *((word32*)rk[0][3]);
-
-       for (r = 1; (r <= rounds) && (r < ROUNDS); r++) {
-               *((word32*)temp[0]) = *((word32*)T1[a[0][0]])
-           ^ *((word32*)T2[a[1][1]])
-           ^ *((word32*)T3[a[2][2]]) 
-           ^ *((word32*)T4[a[3][3]]);
-               *((word32*)temp[1]) = *((word32*)T1[a[1][0]])
-           ^ *((word32*)T2[a[2][1]])
-           ^ *((word32*)T3[a[3][2]]) 
-           ^ *((word32*)T4[a[0][3]]);
-               *((word32*)temp[2]) = *((word32*)T1[a[2][0]])
-           ^ *((word32*)T2[a[3][1]])
-           ^ *((word32*)T3[a[0][2]]) 
-           ^ *((word32*)T4[a[1][3]]);
-               *((word32*)temp[3]) = *((word32*)T1[a[3][0]])
-           ^ *((word32*)T2[a[0][1]])
-           ^ *((word32*)T3[a[1][2]]) 
-           ^ *((word32*)T4[a[2][3]]);
-               *((word32*)a[0]) = *((word32*)temp[0]) ^ *((word32*)rk[r][0]);
-               *((word32*)a[1]) = *((word32*)temp[1]) ^ *((word32*)rk[r][1]);
-               *((word32*)a[2]) = *((word32*)temp[2]) ^ *((word32*)rk[r][2]);
-               *((word32*)a[3]) = *((word32*)temp[3]) ^ *((word32*)rk[r][3]);
-       }
-       if (rounds == ROUNDS) {
-               /* last round is special */   
-               temp[0][0] = T1[a[0][0]][1];
-               temp[0][1] = T1[a[1][1]][1];
-               temp[0][2] = T1[a[2][2]][1]; 
-               temp[0][3] = T1[a[3][3]][1];
-               temp[1][0] = T1[a[1][0]][1];
-               temp[1][1] = T1[a[2][1]][1];
-               temp[1][2] = T1[a[3][2]][1]; 
-               temp[1][3] = T1[a[0][3]][1];
-               temp[2][0] = T1[a[2][0]][1];
-               temp[2][1] = T1[a[3][1]][1];
-               temp[2][2] = T1[a[0][2]][1]; 
-               temp[2][3] = T1[a[1][3]][1];
-               temp[3][0] = T1[a[3][0]][1];
-               temp[3][1] = T1[a[0][1]][1];
-               temp[3][2] = T1[a[1][2]][1]; 
-               temp[3][3] = T1[a[2][3]][1];
-               *((word32*)a[0]) = *((word32*)temp[0]) ^ *((word32*)rk[ROUNDS][0]);
-               *((word32*)a[1]) = *((word32*)temp[1]) ^ *((word32*)rk[ROUNDS][1]);
-               *((word32*)a[2]) = *((word32*)temp[2]) ^ *((word32*)rk[ROUNDS][2]);
-               *((word32*)a[3]) = *((word32*)temp[3]) ^ *((word32*)rk[ROUNDS][3]);
+       /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+       for (i = 1; i < Nr; i++) {
+               rk += 4;
+               rk[0] =
+                       Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
+                       Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+               rk[1] =
+                       Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
+                       Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+               rk[2] =
+                       Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
+                       Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+               rk[3] =
+                       Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
+                       Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
        }
+       return Nr;
+}
 
-       return 0;
-}   
-#endif /* INTERMEDIATE_VALUE_KAT */
+void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) {
+       u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
 
-/**
- * Decrypt a single block.
- */
-int rijndaelDecrypt(word8 in[16], word8 out[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) {
-       int r;
-       union {
-               word8   x8[16];
-               word32  x32[4];
-       } xa, xb;
-#define        a       xa.x8
-#define        b       xb.x8
-       union {
-               word8   x8[4][4];
-               word32  x32[4];
-       } xtemp;
-#define        temp    xtemp.x8
-       
-    memcpy(a, in, sizeof a);
-
-    *((word32*)temp[0]) = *((word32*)(a   )) ^ *((word32*)rk[ROUNDS][0]);
-    *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[ROUNDS][1]);
-    *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[ROUNDS][2]);
-    *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[ROUNDS][3]);
+    /*
+        * map byte array block to cipher state
+        * and add initial round key:
+        */
+       s0 = GETU32(pt     ) ^ rk[0];
+       s1 = GETU32(pt +  4) ^ rk[1];
+       s2 = GETU32(pt +  8) ^ rk[2];
+       s3 = GETU32(pt + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+       t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+       t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+       t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+       t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+       /* round 2: */
+       s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+       s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+       s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+       s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+       t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+       t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+       t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+       t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+       /* round 4: */
+       s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+       s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+       s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+       s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+       t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+       t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+       t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+       t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+       /* round 6: */
+       s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+       s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+       s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+       s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+       t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+       t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+       t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+       t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+       /* round 8: */
+       s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+       s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+       s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+       s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+       t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+       t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+       t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+       t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (Nr > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (Nr > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += Nr << 2;
+#else  /* !FULL_UNROLL */
+    /*
+        * Nr - 1 full rounds:
+        */
+    r = Nr >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
 
-    *((word32*)(b   )) = *((const word32*)T5[temp[0][0]])
-           ^ *((const word32*)T6[temp[3][1]])
-           ^ *((const word32*)T7[temp[2][2]]) 
-           ^ *((const word32*)T8[temp[1][3]]);
-       *((word32*)(b+ 4)) = *((const word32*)T5[temp[1][0]])
-           ^ *((const word32*)T6[temp[0][1]])
-           ^ *((const word32*)T7[temp[3][2]]) 
-           ^ *((const word32*)T8[temp[2][3]]);
-       *((word32*)(b+ 8)) = *((const word32*)T5[temp[2][0]])
-           ^ *((const word32*)T6[temp[1][1]])
-           ^ *((const word32*)T7[temp[0][2]]) 
-           ^ *((const word32*)T8[temp[3][3]]);
-       *((word32*)(b+12)) = *((const word32*)T5[temp[3][0]])
-           ^ *((const word32*)T6[temp[2][1]])
-           ^ *((const word32*)T7[temp[1][2]]) 
-           ^ *((const word32*)T8[temp[0][3]]);
-       for (r = ROUNDS-1; r > 1; r--) {
-               *((word32*)temp[0]) = *((word32*)(b   )) ^ *((word32*)rk[r][0]);
-               *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]);
-               *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]);
-               *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]);
-               *((word32*)(b   )) = *((const word32*)T5[temp[0][0]])
-           ^ *((const word32*)T6[temp[3][1]])
-           ^ *((const word32*)T7[temp[2][2]]) 
-           ^ *((const word32*)T8[temp[1][3]]);
-               *((word32*)(b+ 4)) = *((const word32*)T5[temp[1][0]])
-           ^ *((const word32*)T6[temp[0][1]])
-           ^ *((const word32*)T7[temp[3][2]]) 
-           ^ *((const word32*)T8[temp[2][3]]);
-               *((word32*)(b+ 8)) = *((const word32*)T5[temp[2][0]])
-           ^ *((const word32*)T6[temp[1][1]])
-           ^ *((const word32*)T7[temp[0][2]]) 
-           ^ *((const word32*)T8[temp[3][3]]);
-               *((word32*)(b+12)) = *((const word32*)T5[temp[3][0]])
-           ^ *((const word32*)T6[temp[2][1]])
-           ^ *((const word32*)T7[temp[1][2]]) 
-           ^ *((const word32*)T8[temp[0][3]]);
-       }
-       /* last round is special */   
-       *((word32*)temp[0]) = *((word32*)(b   )) ^ *((word32*)rk[1][0]);
-       *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[1][1]);
-       *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[1][2]);
-       *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[1][3]);
-       b[ 0] = S5[temp[0][0]];
-       b[ 1] = S5[temp[3][1]];
-       b[ 2] = S5[temp[2][2]];
-       b[ 3] = S5[temp[1][3]];
-       b[ 4] = S5[temp[1][0]];
-       b[ 5] = S5[temp[0][1]];
-       b[ 6] = S5[temp[3][2]];
-       b[ 7] = S5[temp[2][3]];
-       b[ 8] = S5[temp[2][0]];
-       b[ 9] = S5[temp[1][1]];
-       b[10] = S5[temp[0][2]];
-       b[11] = S5[temp[3][3]];
-       b[12] = S5[temp[3][0]];
-       b[13] = S5[temp[2][1]];
-       b[14] = S5[temp[1][2]];
-       b[15] = S5[temp[0][3]];
-       *((word32*)(b   )) ^= *((word32*)rk[0][0]);
-       *((word32*)(b+ 4)) ^= *((word32*)rk[0][1]);
-       *((word32*)(b+ 8)) ^= *((word32*)rk[0][2]);
-       *((word32*)(b+12)) ^= *((word32*)rk[0][3]);
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
 
-       memcpy(out, b, sizeof b /* XXX out */);
-
-       return 0;
-#undef a
-#undef b
-#undef temp
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+        * apply last round and
+        * map cipher state to byte array block:
+        */
+       s0 =
+               (Te4[(t0 >> 24)       ] & 0xff000000) ^
+               (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te4[(t3      ) & 0xff] & 0x000000ff) ^
+               rk[0];
+       PUTU32(ct     , s0);
+       s1 =
+               (Te4[(t1 >> 24)       ] & 0xff000000) ^
+               (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te4[(t0      ) & 0xff] & 0x000000ff) ^
+               rk[1];
+       PUTU32(ct +  4, s1);
+       s2 =
+               (Te4[(t2 >> 24)       ] & 0xff000000) ^
+               (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te4[(t1      ) & 0xff] & 0x000000ff) ^
+               rk[2];
+       PUTU32(ct +  8, s2);
+       s3 =
+               (Te4[(t3 >> 24)       ] & 0xff000000) ^
+               (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te4[(t2      ) & 0xff] & 0x000000ff) ^
+               rk[3];
+       PUTU32(ct + 12, s3);
 }
 
+void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) {
+       u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
 
-#ifdef INTERMEDIATE_VALUE_KAT
-/**
- * Decrypt only a certain number of rounds.
- * Only used in the Intermediate Value Known Answer Test.
- * Operations rearranged such that the intermediate values
- * of decryption correspond with the intermediate values
- * of encryption.
- */
-int rijndaelDecryptRound(word8 a[4][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS, int rounds) {
-       int r, i;
-       word8 temp[4], shift;
-
-       /* make number of rounds sane */
-       if (rounds > ROUNDS) {
-               rounds = ROUNDS;
-       }
-    /* first round is special: */
-       *(word32 *)a[0] ^= *(word32 *)rk[ROUNDS][0];
-       *(word32 *)a[1] ^= *(word32 *)rk[ROUNDS][1];
-       *(word32 *)a[2] ^= *(word32 *)rk[ROUNDS][2];
-       *(word32 *)a[3] ^= *(word32 *)rk[ROUNDS][3];
-       for (i = 0; i < 4; i++) {
-               a[i][0] = Si[a[i][0]];
-               a[i][1] = Si[a[i][1]];
-               a[i][2] = Si[a[i][2]];
-               a[i][3] = Si[a[i][3]];
-       }
-       for (i = 1; i < 4; i++) {
-               shift = (4 - i) & 3;
-               temp[0] = a[(0 + shift) & 3][i];
-               temp[1] = a[(1 + shift) & 3][i];
-               temp[2] = a[(2 + shift) & 3][i];
-               temp[3] = a[(3 + shift) & 3][i];
-               a[0][i] = temp[0];
-               a[1][i] = temp[1];
-               a[2][i] = temp[2];
-               a[3][i] = temp[3];
-       }
-       /* ROUNDS-1 ordinary rounds */
-       for (r = ROUNDS-1; r > rounds; r--) {
-               *(word32 *)a[0] ^= *(word32 *)rk[r][0];
-               *(word32 *)a[1] ^= *(word32 *)rk[r][1];
-               *(word32 *)a[2] ^= *(word32 *)rk[r][2];
-               *(word32 *)a[3] ^= *(word32 *)rk[r][3];
-
-               *((word32*)a[0]) =
-                         *((word32*)U1[a[0][0]])
-                       ^ *((word32*)U2[a[0][1]])
-                       ^ *((word32*)U3[a[0][2]])
-                       ^ *((word32*)U4[a[0][3]]);
-
-               *((word32*)a[1]) =
-                         *((word32*)U1[a[1][0]])
-                       ^ *((word32*)U2[a[1][1]])
-                       ^ *((word32*)U3[a[1][2]])
-                       ^ *((word32*)U4[a[1][3]]);
+    /*
+        * map byte array block to cipher state
+        * and add initial round key:
+        */
+    s0 = GETU32(ct     ) ^ rk[0];
+    s1 = GETU32(ct +  4) ^ rk[1];
+    s2 = GETU32(ct +  8) ^ rk[2];
+    s3 = GETU32(ct + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (Nr > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (Nr > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+       rk += Nr << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = Nr >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
 
-               *((word32*)a[2]) =
-                         *((word32*)U1[a[2][0]])
-                       ^ *((word32*)U2[a[2][1]])
-                       ^ *((word32*)U3[a[2][2]])
-                       ^ *((word32*)U4[a[2][3]]);
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
 
-               *((word32*)a[3]) =
-                         *((word32*)U1[a[3][0]])
-                       ^ *((word32*)U2[a[3][1]])
-                       ^ *((word32*)U3[a[3][2]])
-                       ^ *((word32*)U4[a[3][3]]);
-               for (i = 0; i < 4; i++) {
-                       a[i][0] = Si[a[i][0]];
-                       a[i][1] = Si[a[i][1]];
-                       a[i][2] = Si[a[i][2]];
-                       a[i][3] = Si[a[i][3]];
-               }
-               for (i = 1; i < 4; i++) {
-                       shift = (4 - i) & 3;
-                       temp[0] = a[(0 + shift) & 3][i];
-                       temp[1] = a[(1 + shift) & 3][i];
-                       temp[2] = a[(2 + shift) & 3][i];
-                       temp[3] = a[(3 + shift) & 3][i];
-                       a[0][i] = temp[0];
-                       a[1][i] = temp[1];
-                       a[2][i] = temp[2];
-                       a[3][i] = temp[3];
-               }
-       }
-       if (rounds == 0) {
-               /* End with the extra key addition */   
-               *(word32 *)a[0] ^= *(word32 *)rk[0][0];
-               *(word32 *)a[1] ^= *(word32 *)rk[0][1];
-               *(word32 *)a[2] ^= *(word32 *)rk[0][2];
-               *(word32 *)a[3] ^= *(word32 *)rk[0][3];
-       }    
-       return 0;
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+        * apply last round and
+        * map cipher state to byte array block:
+        */
+       s0 =
+               (Td4[(t0 >> 24)       ] & 0xff000000) ^
+               (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+               (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+               (Td4[(t1      ) & 0xff] & 0x000000ff) ^
+               rk[0];
+       PUTU32(pt     , s0);
+       s1 =
+               (Td4[(t1 >> 24)       ] & 0xff000000) ^
+               (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+               (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+               (Td4[(t2      ) & 0xff] & 0x000000ff) ^
+               rk[1];
+       PUTU32(pt +  4, s1);
+       s2 =
+               (Td4[(t2 >> 24)       ] & 0xff000000) ^
+               (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+               (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+               (Td4[(t3      ) & 0xff] & 0x000000ff) ^
+               rk[2];
+       PUTU32(pt +  8, s2);
+       s3 =
+               (Td4[(t3 >> 24)       ] & 0xff000000) ^
+               (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+               (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+               (Td4[(t0      ) & 0xff] & 0x000000ff) ^
+               rk[3];
+       PUTU32(pt + 12, s3);
 }
-#endif /* INTERMEDIATE_VALUE_KAT */
diff --git a/sys/crypto/rijndael/rijndael-alg-fst.h b/sys/crypto/rijndael/rijndael-alg-fst.h
deleted file mode 100644 (file)
index c55cb1b..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-alg-fst.h,v 1.2.2.1 2001/07/03 11:01:35 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/rijndael/rijndael-alg-fst.h,v 1.2 2003/06/17 04:28:20 dillon Exp $   */
-/*     $KAME: rijndael-alg-fst.h,v 1.4 2000/10/02 17:14:26 itojun Exp $        */
-
-/*
- * rijndael-alg-fst.h   v2.3   April '2000
- *
- * Optimised ANSI C code
- *
- * #define INTERMEDIATE_VALUE_KAT to generate the Intermediate Value Known Answer Test.
- */
-
-#ifndef __RIJNDAEL_ALG_FST_H
-#define __RIJNDAEL_ALG_FST_H
-
-#define RIJNDAEL_MAXKC                 (256/32)
-#define RIJNDAEL_MAXROUNDS             14
-
-int rijndaelKeySched(u_int8_t k[RIJNDAEL_MAXKC][4], u_int8_t rk[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS);
-
-int rijndaelKeyEncToDec(u_int8_t W[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS);
-
-int rijndaelEncrypt(u_int8_t a[16], u_int8_t b[16], u_int8_t rk[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS);
-
-#ifdef INTERMEDIATE_VALUE_KAT
-int rijndaelEncryptRound(u_int8_t a[4][4], u_int8_t rk[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS, int rounds);
-#endif /* INTERMEDIATE_VALUE_KAT */
-
-int rijndaelDecrypt(u_int8_t a[16], u_int8_t b[16], u_int8_t rk[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS);
-
-#ifdef INTERMEDIATE_VALUE_KAT
-int rijndaelDecryptRound(u_int8_t a[4][4], u_int8_t rk[RIJNDAEL_MAXROUNDS+1][4][4], int ROUNDS, int rounds);
-#endif /* INTERMEDIATE_VALUE_KAT */
-
-#endif /* __RIJNDAEL_ALG_FST_H */
index cb9b9e5..6244993 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-api-fst.c,v 1.2.2.1 2001/07/03 11:01:35 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/rijndael/rijndael-api-fst.c,v 1.2 2003/06/17 04:28:20 dillon Exp $   */
+/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-api-fst.c,v 1.12 2005/03/11 16:26:10 ume Exp $       */
 /*     $KAME: rijndael-api-fst.c,v 1.10 2001/05/27 09:34:18 itojun Exp $       */
 
 /*
  */
 
 #include <sys/param.h>
-#include <sys/types.h>
 #ifdef _KERNEL
 #include <sys/systm.h>
 #else
 #include <string.h>
 #endif
-#include <crypto/rijndael/rijndael-alg-fst.h>
-#include <crypto/rijndael/rijndael-api-fst.h>
+
 #include <crypto/rijndael/rijndael_local.h>
+#include <crypto/rijndael/rijndael-api-fst.h>
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+typedef u_int8_t       BYTE;
 
 int rijndael_makeKey(keyInstance *key, BYTE direction, int keyLen, char *keyMaterial) {
-       word8 k[MAXKC][4];
-       int i;
-       char *keyMat;
-       
+       u_int8_t cipherKey[RIJNDAEL_MAXKB];
+
        if (key == NULL) {
                return BAD_KEY_INSTANCE;
        }
@@ -43,28 +45,24 @@ int rijndael_makeKey(keyInstance *key, BYTE direction, int keyLen, char *keyMate
                return BAD_KEY_DIR;
        }
 
-       if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { 
+       if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) {
                key->keyLen = keyLen;
        } else {
                return BAD_KEY_MAT;
        }
 
        if (keyMaterial != NULL) {
-               bcopy(keyMaterial, key->keyMaterial, keyLen/8);
+               memcpy(key->keyMaterial, keyMaterial, keyLen/8);
        }
 
-       key->ROUNDS = keyLen/32 + 6;
-
        /* initialize key schedule: */
-       keyMat = key->keyMaterial;
-       for (i = 0; i < key->keyLen/8; i++) {
-               k[i >> 2][i & 3] = (word8)keyMat[i]; 
-       }
-       rijndaelKeySched(k, key->keySched, key->ROUNDS);
-       if (direction == DIR_DECRYPT) {
-               rijndaelKeyEncToDec(key->keySched, key->ROUNDS);
+       memcpy(cipherKey, key->keyMaterial, keyLen/8);
+       if (direction == DIR_ENCRYPT) {
+               key->Nr = rijndaelKeySetupEnc(key->rk, cipherKey, keyLen);
+       } else {
+               key->Nr = rijndaelKeySetupDec(key->rk, cipherKey, keyLen);
        }
-
+       rijndaelKeySetupEnc(key->ek, cipherKey, keyLen);
        return TRUE;
 }
 
@@ -75,9 +73,9 @@ int rijndael_cipherInit(cipherInstance *cipher, BYTE mode, char *IV) {
                return BAD_CIPHER_MODE;
        }
        if (IV != NULL) {
-               bcopy(IV, cipher->IV, MAX_IV_SIZE);
+               memcpy(cipher->IV, IV, RIJNDAEL_MAX_IV_SIZE);
        } else {
-               bzero(cipher->IV, MAX_IV_SIZE);
+               memset(cipher->IV, 0, RIJNDAEL_MAX_IV_SIZE);
        }
        return TRUE;
 }
@@ -85,7 +83,7 @@ int rijndael_cipherInit(cipherInstance *cipher, BYTE mode, char *IV) {
 int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
                BYTE *input, int inputLen, BYTE *outBuffer) {
        int i, k, numBlocks;
-       word8 block[16], iv[4][4];
+       u_int8_t block[16], iv[4][4];
 
        if (cipher == NULL ||
                key == NULL ||
@@ -97,67 +95,69 @@ int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
        }
 
        numBlocks = inputLen/128;
-       
+
        switch (cipher->mode) {
-       case MODE_ECB: 
+       case MODE_ECB:
                for (i = numBlocks; i > 0; i--) {
-                       rijndaelEncrypt(input, outBuffer, key->keySched, key->ROUNDS);
+                       rijndaelEncrypt(key->rk, key->Nr, input, outBuffer);
                        input += 16;
                        outBuffer += 16;
                }
                break;
-               
+
        case MODE_CBC:
 #if 1 /*STRICT_ALIGN*/
-               bcopy(cipher->IV, block, 16);
-               bcopy(input, iv, 16);
-               ((word32*)block)[0] ^= ((word32*)iv)[0];
-               ((word32*)block)[1] ^= ((word32*)iv)[1];
-               ((word32*)block)[2] ^= ((word32*)iv)[2];
-               ((word32*)block)[3] ^= ((word32*)iv)[3];
+               memcpy(block, cipher->IV, 16);
+               memcpy(iv, input, 16);
+               ((u_int32_t*)block)[0] ^= ((u_int32_t*)iv)[0];
+               ((u_int32_t*)block)[1] ^= ((u_int32_t*)iv)[1];
+               ((u_int32_t*)block)[2] ^= ((u_int32_t*)iv)[2];
+               ((u_int32_t*)block)[3] ^= ((u_int32_t*)iv)[3];
 #else
-               ((word32*)block)[0] = ((word32*)cipher->IV)[0] ^ ((word32*)input)[0];
-               ((word32*)block)[1] = ((word32*)cipher->IV)[1] ^ ((word32*)input)[1];
-               ((word32*)block)[2] = ((word32*)cipher->IV)[2] ^ ((word32*)input)[2];
-               ((word32*)block)[3] = ((word32*)cipher->IV)[3] ^ ((word32*)input)[3];
+               ((u_int32_t*)block)[0] = ((u_int32_t*)cipher->IV)[0] ^ ((u_int32_t*)input)[0];
+               ((u_int32_t*)block)[1] = ((u_int32_t*)cipher->IV)[1] ^ ((u_int32_t*)input)[1];
+               ((u_int32_t*)block)[2] = ((u_int32_t*)cipher->IV)[2] ^ ((u_int32_t*)input)[2];
+               ((u_int32_t*)block)[3] = ((u_int32_t*)cipher->IV)[3] ^ ((u_int32_t*)input)[3];
 #endif
-               rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS);
+               rijndaelEncrypt(key->rk, key->Nr, block, outBuffer);
                input += 16;
                for (i = numBlocks - 1; i > 0; i--) {
 #if 1 /*STRICT_ALIGN*/
-                       bcopy(outBuffer, block, 16);
-                       ((word32*)block)[0] ^= ((word32*)iv)[0];
-                       ((word32*)block)[1] ^= ((word32*)iv)[1];
-                       ((word32*)block)[2] ^= ((word32*)iv)[2];
-                       ((word32*)block)[3] ^= ((word32*)iv)[3];
+                       memcpy(block, outBuffer, 16);
+                       memcpy(iv, input, 16);
+                       ((u_int32_t*)block)[0] ^= ((u_int32_t*)iv)[0];
+                       ((u_int32_t*)block)[1] ^= ((u_int32_t*)iv)[1];
+                       ((u_int32_t*)block)[2] ^= ((u_int32_t*)iv)[2];
+                       ((u_int32_t*)block)[3] ^= ((u_int32_t*)iv)[3];
 #else
-                       ((word32*)block)[0] = ((word32*)outBuffer)[0] ^ ((word32*)input)[0];
-                       ((word32*)block)[1] = ((word32*)outBuffer)[1] ^ ((word32*)input)[1];
-                       ((word32*)block)[2] = ((word32*)outBuffer)[2] ^ ((word32*)input)[2];
-                       ((word32*)block)[3] = ((word32*)outBuffer)[3] ^ ((word32*)input)[3];
+                       ((u_int32_t*)block)[0] = ((u_int32_t*)outBuffer)[0] ^ ((u_int32_t*)input)[0];
+                       ((u_int32_t*)block)[1] = ((u_int32_t*)outBuffer)[1] ^ ((u_int32_t*)input)[1];
+                       ((u_int32_t*)block)[2] = ((u_int32_t*)outBuffer)[2] ^ ((u_int32_t*)input)[2];
+                       ((u_int32_t*)block)[3] = ((u_int32_t*)outBuffer)[3] ^ ((u_int32_t*)input)[3];
 #endif
                        outBuffer += 16;
-                       rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS);
+                       rijndaelEncrypt(key->rk, key->Nr, block, outBuffer);
                        input += 16;
                }
                break;
-       
+
        case MODE_CFB1:
 #if 1 /*STRICT_ALIGN*/
-               bcopy(cipher->IV, iv, 16); 
+               memcpy(iv, cipher->IV, 16);
 #else  /* !STRICT_ALIGN */
-               *((word32*)iv[0]) = *((word32*)(cipher->IV   ));
-               *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4));
-               *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8));
-               *((word32*)iv[3]) = *((word32*)(cipher->IV+12));
+               *((u_int32_t*)iv[0]) = *((u_int32_t*)(cipher->IV   ));
+               *((u_int32_t*)iv[1]) = *((u_int32_t*)(cipher->IV+ 4));
+               *((u_int32_t*)iv[2]) = *((u_int32_t*)(cipher->IV+ 8));
+               *((u_int32_t*)iv[3]) = *((u_int32_t*)(cipher->IV+12));
 #endif /* ?STRICT_ALIGN */
                for (i = numBlocks; i > 0; i--) {
                        for (k = 0; k < 128; k++) {
-                               *((word32*) block    ) = *((word32*)iv[0]);
-                               *((word32*)(block+ 4)) = *((word32*)iv[1]);
-                               *((word32*)(block+ 8)) = *((word32*)iv[2]);
-                               *((word32*)(block+12)) = *((word32*)iv[3]);
-                               rijndaelEncrypt(block, block, key->keySched, key->ROUNDS);
+                               *((u_int32_t*) block    ) = *((u_int32_t*)iv[0]);
+                               *((u_int32_t*)(block+ 4)) = *((u_int32_t*)iv[1]);
+                               *((u_int32_t*)(block+ 8)) = *((u_int32_t*)iv[2]);
+                               *((u_int32_t*)(block+12)) = *((u_int32_t*)iv[3]);
+                               rijndaelEncrypt(key->ek, key->Nr, block,
+                                   block);
                                outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7);
                                iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7);
                                iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7);
@@ -178,11 +178,11 @@ int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
                        }
                }
                break;
-       
+
        default:
                return BAD_CIPHER_STATE;
        }
-       
+
        return 128*numBlocks;
 }
 
@@ -198,7 +198,7 @@ int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
 int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key,
                BYTE *input, int inputOctets, BYTE *outBuffer) {
        int i, numBlocks, padLen;
-       word8 block[16], *iv, *cp;
+       u_int8_t block[16], *iv, *cp;
 
        if (cipher == NULL ||
                key == NULL ||
@@ -212,43 +212,43 @@ int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key,
        numBlocks = inputOctets/16;
 
        switch (cipher->mode) {
-       case MODE_ECB: 
+       case MODE_ECB:
                for (i = numBlocks; i > 0; i--) {
-                       rijndaelEncrypt(input, outBuffer, key->keySched, key->ROUNDS);
+                       rijndaelEncrypt(key->rk, key->Nr, input, outBuffer);
                        input += 16;
                        outBuffer += 16;
                }
                padLen = 16 - (inputOctets - 16*numBlocks);
-               if (padLen > 0 && padLen <= 16)
-                       panic("rijndael_padEncrypt(ECB)");
-               bcopy(input, block, 16 - padLen);
+               if (padLen <= 0 || padLen > 16)
+                       return BAD_CIPHER_STATE;
+               memcpy(block, input, 16 - padLen);
                for (cp = block + 16 - padLen; cp < block + 16; cp++)
                        *cp = padLen;
-               rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS);
+               rijndaelEncrypt(key->rk, key->Nr, block, outBuffer);
                break;
 
        case MODE_CBC:
                iv = cipher->IV;
                for (i = numBlocks; i > 0; i--) {
-                       ((word32*)block)[0] = ((word32*)input)[0] ^ ((word32*)iv)[0];
-                       ((word32*)block)[1] = ((word32*)input)[1] ^ ((word32*)iv)[1];
-                       ((word32*)block)[2] = ((word32*)input)[2] ^ ((word32*)iv)[2];
-                       ((word32*)block)[3] = ((word32*)input)[3] ^ ((word32*)iv)[3];
-                       rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS);
+                       ((u_int32_t*)block)[0] = ((u_int32_t*)input)[0] ^ ((u_int32_t*)iv)[0];
+                       ((u_int32_t*)block)[1] = ((u_int32_t*)input)[1] ^ ((u_int32_t*)iv)[1];
+                       ((u_int32_t*)block)[2] = ((u_int32_t*)input)[2] ^ ((u_int32_t*)iv)[2];
+                       ((u_int32_t*)block)[3] = ((u_int32_t*)input)[3] ^ ((u_int32_t*)iv)[3];
+                       rijndaelEncrypt(key->rk, key->Nr, block, outBuffer);
                        iv = outBuffer;
                        input += 16;
                        outBuffer += 16;
                }
                padLen = 16 - (inputOctets - 16*numBlocks);
-               if (padLen > 0 && padLen <= 16)
-                       panic("rijndael_padEncrypt(CBC)");
+               if (padLen <= 0 || padLen > 16)
+                       return BAD_CIPHER_STATE;
                for (i = 0; i < 16 - padLen; i++) {
                        block[i] = input[i] ^ iv[i];
                }
                for (i = 16 - padLen; i < 16; i++) {
                        block[i] = (BYTE)padLen ^ iv[i];
                }
-               rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS);
+               rijndaelEncrypt(key->rk, key->Nr, block, outBuffer);
                break;
 
        default:
@@ -261,7 +261,7 @@ int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key,
 int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key,
                BYTE *input, int inputLen, BYTE *outBuffer) {
        int i, k, numBlocks;
-       word8 block[16], iv[4][4];
+       u_int8_t block[16], iv[4][4];
 
        if (cipher == NULL ||
                key == NULL ||
@@ -275,59 +275,60 @@ int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key,
        numBlocks = inputLen/128;
 
        switch (cipher->mode) {
-       case MODE_ECB: 
-               for (i = numBlocks; i > 0; i--) { 
-                       rijndaelDecrypt(input, outBuffer, key->keySched, key->ROUNDS);
+       case MODE_ECB:
+               for (i = numBlocks; i > 0; i--) {
+                       rijndaelDecrypt(key->rk, key->Nr, input, outBuffer);
                        input += 16;
                        outBuffer += 16;
                }
                break;
-               
+
        case MODE_CBC:
 #if 1 /*STRICT_ALIGN */
-               bcopy(cipher->IV, iv, 16); 
+               memcpy(iv, cipher->IV, 16);
 #else
-               *((word32*)iv[0]) = *((word32*)(cipher->IV   ));
-               *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4));
-               *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8));
-               *((word32*)iv[3]) = *((word32*)(cipher->IV+12));
+               *((u_int32_t*)iv[0]) = *((u_int32_t*)(cipher->IV   ));
+               *((u_int32_t*)iv[1]) = *((u_int32_t*)(cipher->IV+ 4));
+               *((u_int32_t*)iv[2]) = *((u_int32_t*)(cipher->IV+ 8));
+               *((u_int32_t*)iv[3]) = *((u_int32_t*)(cipher->IV+12));
 #endif
                for (i = numBlocks; i > 0; i--) {
-                       rijndaelDecrypt(input, block, key->keySched, key->ROUNDS);
-                       ((word32*)block)[0] ^= *((word32*)iv[0]);
-                       ((word32*)block)[1] ^= *((word32*)iv[1]);
-                       ((word32*)block)[2] ^= *((word32*)iv[2]);
-                       ((word32*)block)[3] ^= *((word32*)iv[3]);
+                       rijndaelDecrypt(key->rk, key->Nr, input, block);
+                       ((u_int32_t*)block)[0] ^= *((u_int32_t*)iv[0]);
+                       ((u_int32_t*)block)[1] ^= *((u_int32_t*)iv[1]);
+                       ((u_int32_t*)block)[2] ^= *((u_int32_t*)iv[2]);
+                       ((u_int32_t*)block)[3] ^= *((u_int32_t*)iv[3]);
 #if 1 /*STRICT_ALIGN*/
-                       bcopy(input, iv, 16);
-                       bcopy(block, outBuffer, 16);
+                       memcpy(iv, input, 16);
+                       memcpy(outBuffer, block, 16);
 #else
-                       *((word32*)iv[0]) = ((word32*)input)[0]; ((word32*)outBuffer)[0] = ((word32*)block)[0];
-                       *((word32*)iv[1]) = ((word32*)input)[1]; ((word32*)outBuffer)[1] = ((word32*)block)[1];
-                       *((word32*)iv[2]) = ((word32*)input)[2]; ((word32*)outBuffer)[2] = ((word32*)block)[2];
-                       *((word32*)iv[3]) = ((word32*)input)[3]; ((word32*)outBuffer)[3] = ((word32*)block)[3];
+                       *((u_int32_t*)iv[0]) = ((u_int32_t*)input)[0]; ((u_int32_t*)outBuffer)[0] = ((u_int32_t*)block)[0];
+                       *((u_int32_t*)iv[1]) = ((u_int32_t*)input)[1]; ((u_int32_t*)outBuffer)[1] = ((u_int32_t*)block)[1];
+                       *((u_int32_t*)iv[2]) = ((u_int32_t*)input)[2]; ((u_int32_t*)outBuffer)[2] = ((u_int32_t*)block)[2];
+                       *((u_int32_t*)iv[3]) = ((u_int32_t*)input)[3]; ((u_int32_t*)outBuffer)[3] = ((u_int32_t*)block)[3];
 #endif
                        input += 16;
                        outBuffer += 16;
                }
                break;
-       
+
        case MODE_CFB1:
 #if 1 /*STRICT_ALIGN */
-               bcopy(cipher->IV, iv, 16); 
+               memcpy(iv, cipher->IV, 16);
 #else
-               *((word32*)iv[0]) = *((word32*)(cipher->IV));
-               *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4));
-               *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8));
-               *((word32*)iv[3]) = *((word32*)(cipher->IV+12));
+               *((u_int32_t*)iv[0]) = *((u_int32_t*)(cipher->IV));
+               *((u_int32_t*)iv[1]) = *((u_int32_t*)(cipher->IV+ 4));
+               *((u_int32_t*)iv[2]) = *((u_int32_t*)(cipher->IV+ 8));
+               *((u_int32_t*)iv[3]) = *((u_int32_t*)(cipher->IV+12));
 #endif
                for (i = numBlocks; i > 0; i--) {
                        for (k = 0; k < 128; k++) {
-                               *((word32*) block    ) = *((word32*)iv[0]);
-                               *((word32*)(block+ 4)) = *((word32*)iv[1]);
-                               *((word32*)(block+ 8)) = *((word32*)iv[2]);
-                               *((word32*)(block+12)) = *((word32*)iv[3]);
-                               rijndaelEncrypt(block, block, key->keySched, key->ROUNDS);
+                               *((u_int32_t*) block    ) = *((u_int32_t*)iv[0]);
+                               *((u_int32_t*)(block+ 4)) = *((u_int32_t*)iv[1]);
+                               *((u_int32_t*)(block+ 8)) = *((u_int32_t*)iv[2]);
+                               *((u_int32_t*)(block+12)) = *((u_int32_t*)iv[3]);
+                               rijndaelEncrypt(key->ek, key->Nr, block,
+                                   block);
                                iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7);
                                iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7);
                                iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7);
@@ -352,15 +353,15 @@ int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key,
        default:
                return BAD_CIPHER_STATE;
        }
-       
+
        return 128*numBlocks;
 }
 
 int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key,
                BYTE *input, int inputOctets, BYTE *outBuffer) {
        int i, numBlocks, padLen;
-       word8 block[16];
-       word32 iv[4];
+       u_int8_t block[16];
+       u_int32_t iv[4];
 
        if (cipher == NULL ||
                key == NULL ||
@@ -379,13 +380,13 @@ int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key,
        switch (cipher->mode) {
        case MODE_ECB:
                /* all blocks but last */
-               for (i = numBlocks - 1; i > 0; i--) { 
-                       rijndaelDecrypt(input, outBuffer, key->keySched, key->ROUNDS);
+               for (i = numBlocks - 1; i > 0; i--) {
+                       rijndaelDecrypt(key->rk, key->Nr, input, outBuffer);
                        input += 16;
                        outBuffer += 16;
                }
                /* last block */
-               rijndaelDecrypt(input, block, key->keySched, key->ROUNDS);
+               rijndaelDecrypt(key->rk, key->Nr, input, block);
                padLen = block[15];
                if (padLen >= 16) {
                        return BAD_DATA;
@@ -395,29 +396,29 @@ int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key,
                                return BAD_DATA;
                        }
                }
-               bcopy(block, outBuffer, 16 - padLen);
+               memcpy(outBuffer, block, 16 - padLen);
                break;
-               
+
        case MODE_CBC:
-               bcopy(cipher->IV, iv, 16);
+               memcpy(iv, cipher->IV, 16);
                /* all blocks but last */
                for (i = numBlocks - 1; i > 0; i--) {
-                       rijndaelDecrypt(input, block, key->keySched, key->ROUNDS);
-                       ((word32*)block)[0] ^= iv[0];
-                       ((word32*)block)[1] ^= iv[1];
-                       ((word32*)block)[2] ^= iv[2];
-                       ((word32*)block)[3] ^= iv[3];
-                       bcopy(input, iv, 16);
-                       bcopy(block, outBuffer, 16);
+                       rijndaelDecrypt(key->rk, key->Nr, input, block);
+                       ((u_int32_t*)block)[0] ^= iv[0];
+                       ((u_int32_t*)block)[1] ^= iv[1];
+                       ((u_int32_t*)block)[2] ^= iv[2];
+                       ((u_int32_t*)block)[3] ^= iv[3];
+                       memcpy(iv, input, 16);
+                       memcpy(outBuffer, block, 16);
                        input += 16;
                        outBuffer += 16;
                }
                /* last block */
-               rijndaelDecrypt(input, block, key->keySched, key->ROUNDS);
-               ((word32*)block)[0] ^= iv[0];
-               ((word32*)block)[1] ^= iv[1];
-               ((word32*)block)[2] ^= iv[2];
-               ((word32*)block)[3] ^= iv[3];
+               rijndaelDecrypt(key->rk, key->Nr, input, block);
+               ((u_int32_t*)block)[0] ^= iv[0];
+               ((u_int32_t*)block)[1] ^= iv[1];
+               ((u_int32_t*)block)[2] ^= iv[2];
+               ((u_int32_t*)block)[3] ^= iv[3];
                padLen = block[15];
                if (padLen <= 0 || padLen > 16) {
                        return BAD_DATA;
@@ -427,59 +428,12 @@ int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key,
                                return BAD_DATA;
                        }
                }
-               bcopy(block, outBuffer, 16 - padLen);
+               memcpy(outBuffer, block, 16 - padLen);
                break;
-       
-       default:
-               return BAD_CIPHER_STATE;
-       }
-       
-       return 16*numBlocks - padLen;
-}
-
-#ifdef INTERMEDIATE_VALUE_KAT
-/**
- *     cipherUpdateRounds:
- *
- *     Encrypts/Decrypts exactly one full block a specified number of rounds.
- *     Only used in the Intermediate Value Known Answer Test.  
- *
- *     Returns:
- *             TRUE - on success
- *             BAD_CIPHER_STATE - cipher in bad state (e.g., not initialized)
- */
-int rijndael_cipherUpdateRounds(cipherInstance *cipher, keyInstance *key,
-               BYTE *input, int inputLen, BYTE *outBuffer, int rounds) {
-       int j;
-       word8 block[4][4];
 
-       if (cipher == NULL || key == NULL) {
+       default:
                return BAD_CIPHER_STATE;
        }
 
-       for (j = 3; j >= 0; j--) {
-               /* parse input stream into rectangular array */
-               *((word32*)block[j]) = *((word32*)(input+4*j));
-       }
-
-       switch (key->direction) {
-       case DIR_ENCRYPT:
-               rijndaelEncryptRound(block, key->keySched, key->ROUNDS, rounds);
-               break;
-               
-       case DIR_DECRYPT:
-               rijndaelDecryptRound(block, key->keySched, key->ROUNDS, rounds);
-               break;
-               
-       default:
-               return BAD_KEY_DIR;
-       } 
-
-       for (j = 3; j >= 0; j--) {
-               /* parse rectangular array into output ciphertext bytes */
-               *((word32*)(outBuffer+4*j)) = *((word32*)block[j]);
-       }
-       
-       return TRUE;
+       return 16*numBlocks - padLen;
 }
-#endif /* INTERMEDIATE_VALUE_KAT */
index 005efd0..b9d2bba 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-api-fst.h,v 1.2.2.1 2001/07/03 11:01:36 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/rijndael/rijndael-api-fst.h,v 1.2 2003/06/17 04:28:20 dillon Exp $   */
+/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-api-fst.h,v 1.7 2005/03/11 16:26:10 ume Exp $        */
 /*     $KAME: rijndael-api-fst.h,v 1.6 2001/05/27 00:23:23 itojun Exp $        */
 
 /*
@@ -7,28 +6,22 @@
  *
  * Optimised ANSI C code
  *
- * #define INTERMEDIATE_VALUE_KAT to generate the Intermediate Value Known Answer Test.
  */
 
 #ifndef __RIJNDAEL_API_FST_H
 #define __RIJNDAEL_API_FST_H
 
-#include <crypto/rijndael/rijndael-alg-fst.h>
-
-/*  Defines:
-       Add any additional defines you need
-*/
+#include <crypto/rijndael/rijndael.h>
 
+/*  Generic Defines  */
 #define     DIR_ENCRYPT           0 /*  Are we encrpyting?  */
 #define     DIR_DECRYPT           1 /*  Are we decrpyting?  */
 #define     MODE_ECB              1 /*  Are we ciphering in ECB mode?   */
 #define     MODE_CBC              2 /*  Are we ciphering in CBC mode?   */
 #define     MODE_CFB1             3 /*  Are we ciphering in 1-bit CFB mode? */
-#define     TRUE                  1
-#define     FALSE                 0
 #define     BITSPERBLOCK        128 /* Default number of bits in a cipher block */
 
-/*  Error Codes - CHANGE POSSIBLE: inclusion of additional error codes  */
+/*  Error Codes  */
 #define     BAD_KEY_DIR          -1 /*  Key direction is invalid, e.g., unknown value */
 #define     BAD_KEY_MAT          -2 /*  Key material not of correct length */
 #define     BAD_KEY_INSTANCE     -3 /*  Key passed is not valid */
 #define     BAD_DATA             -8 /*  Data contents are invalid, e.g., invalid padding */
 #define     BAD_OTHER            -9 /*  Unknown error */
 
-/*  CHANGE POSSIBLE:  inclusion of algorithm specific defines  */
-#define     MAX_KEY_SIZE         64 /* # of ASCII char's needed to represent a key */
-#define     MAX_IV_SIZE          16 /* # bytes needed to represent an IV  */
-
-/*  Typedefs:
+/*  Algorithm-specific Defines  */
+#define     RIJNDAEL_MAX_KEY_SIZE         64 /* # of ASCII char's needed to represent a key */
+#define     RIJNDAEL_MAX_IV_SIZE          16 /* # bytes needed to represent an IV  */
 
-       Typedef'ed data storage elements.  Add any algorithm specific 
-parameters at the bottom of the structs as appropriate.
-*/
+/*  Typedefs  */
 
 /*  The structure for key information */
 typedef struct {
     u_int8_t  direction;            /* Key used for encrypting or decrypting? */
     int   keyLen;                   /* Length of the key  */
-    char  keyMaterial[MAX_KEY_SIZE+1];  /* Raw key data in ASCII, e.g., user input or KAT values */
-        /*  The following parameters are algorithm dependent, replace or add as necessary  */
-       int   ROUNDS;                   /* key-length-dependent number of rounds */
-    int   blockLen;                 /* block length */
-    union {
-       u_int8_t xkS8[RIJNDAEL_MAXROUNDS+1][4][4];      /* key schedule         */
-       u_int32_t xkS32[RIJNDAEL_MAXROUNDS+1][4];       /* key schedule         */
-    } xKeySched;
-#define        keySched        xKeySched.xkS8
+    char  keyMaterial[RIJNDAEL_MAX_KEY_SIZE+1];  /* Raw key data in ASCII, e.g., user input or KAT values */
+       int   Nr;                       /* key-length-dependent number of rounds */
+       u_int32_t   rk[4*(RIJNDAEL_MAXNR + 1)];        /* key schedule */
+       u_int32_t   ek[4*(RIJNDAEL_MAXNR + 1)];        /* CFB1 key schedule (encryption only) */
 } keyInstance;
 
 /*  The structure for cipher information */
 typedef struct {                    /* changed order of the components */
     u_int8_t mode;                  /* MODE_ECB, MODE_CBC, or MODE_CFB1 */
-    u_int8_t IV[MAX_IV_SIZE];       /* A possible Initialization Vector for ciphering */
-        /*  Add any algorithm specific parameters needed here  */
-    int   blockLen;                 /* Sample: Handles non-128 bit block sizes (if available) */
+    u_int8_t IV[RIJNDAEL_MAX_IV_SIZE]; /* A possible Initialization Vector for ciphering */
 } cipherInstance;
 
 /*  Function prototypes  */
-/*  CHANGED: nothing
-       TODO: implement the following extensions to setup 192-bit and 256-bit block lengths:
-        makeKeyEx():    parameter blockLen added
-                        -- this parameter is absolutely necessary if you want to
-                        setup the round keys in a variable block length setting 
-           cipherInitEx(): parameter blockLen added (for obvious reasons)              
- */
-
-int rijndael_makeKey(keyInstance *key, u_int8_t direction, int keyLen, char *keyMaterial);
-
-int rijndael_cipherInit(cipherInstance *cipher, u_int8_t mode, char *IV);
-
-int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key,
-        u_int8_t *input, int inputLen, u_int8_t *outBuffer);
 
-int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key,
-               u_int8_t *input, int inputOctets, u_int8_t *outBuffer);
+int rijndael_makeKey(keyInstance *, u_int8_t, int, char *);
 
-int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key,
-        u_int8_t *input, int inputLen, u_int8_t *outBuffer);
+int rijndael_cipherInit(cipherInstance *, u_int8_t, char *);
 
-int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key,
-               u_int8_t *input, int inputOctets, u_int8_t *outBuffer);
+int rijndael_blockEncrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
+       u_int8_t *);
+int rijndael_padEncrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
+       u_int8_t *);
 
-#ifdef INTERMEDIATE_VALUE_KAT
-int rijndael_cipherUpdateRounds(cipherInstance *cipher, keyInstance *key,
-        u_int8_t *input, int inputLen, u_int8_t *outBuffer, int Rounds);
-#endif /* INTERMEDIATE_VALUE_KAT */
+int rijndael_blockDecrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
+       u_int8_t *);
+int rijndael_padDecrypt(cipherInstance *, keyInstance *, u_int8_t *, int,
+       u_int8_t *);
 
 #endif /*  __RIJNDAEL_API_FST_H */
similarity index 55%
rename from sys/opencrypto/rijndael.h
rename to sys/crypto/rijndael/rijndael-api.c
index 5b16d4c..b998037 100644 (file)
@@ -1,9 +1,8 @@
-/*     $FreeBSD: src/sys/opencrypto/rijndael.h,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
-/*     $DragonFly: src/sys/opencrypto/rijndael.h,v 1.2 2003/06/17 04:28:54 dillon Exp $        */
-/*     $OpenBSD: rijndael.h,v 1.7 2001/12/19 17:42:24 markus Exp $ */
+/*     $FreeBSD: src/sys/crypto/rijndael/rijndael-api.c,v 1.2 2008/01/15 18:34:47 sobomax Exp $        */
+/*     $KAME: rijndael.c,v 1.3 2003/08/28 14:20:22 itojun Exp $        */
 
-/**
- * rijndael-alg-fst.h
+/*
+ * rijndael-alg-fst.c
  *
  * @version 3.0 (December 2000)
  *
  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-#ifndef __RIJNDAEL_H
-#define __RIJNDAEL_H
-
-#define MAXKC  (256/32)
-#define MAXKB  (256/8)
-#define MAXNR  14
-
-typedef unsigned char  u8;
-typedef unsigned short u16;
-typedef unsigned int   u32;
-
-/*  The structure for key information */
-typedef struct {
-       int     decrypt;
-       int     Nr;                     /* key-length-dependent number of rounds */
-       u32     ek[4*(MAXNR + 1)];      /* encrypt key schedule */
-       u32     dk[4*(MAXNR + 1)];      /* decrypt key schedule */
-} rijndael_ctx;
-
-void    rijndael_set_key(rijndael_ctx *, u_char *, int, int);
-void    rijndael_decrypt(rijndael_ctx *, u_char *, u_char *);
-void    rijndael_encrypt(rijndael_ctx *, u_char *, u_char *);
-
-#endif /* __RIJNDAEL_H */
+
+#include <sys/types.h>
+#ifdef _KERNEL
+#include <sys/systm.h>
+#endif
+
+#include <crypto/rijndael/rijndael.h>
+
+void
+rijndael_set_key(rijndael_ctx *ctx, const u_char *key, int bits)
+{
+
+       ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
+       rijndaelKeySetupDec(ctx->dk, key, bits);
+}
+
+void
+rijndael_decrypt(const rijndael_ctx *ctx, const u_char *src, u_char *dst)
+{
+
+       rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
+}
+
+void
+rijndael_encrypt(const rijndael_ctx *ctx, const u_char *src, u_char *dst)
+{
+
+       rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
+}
index f4a009f..c995647 100644 (file)
@@ -1,5 +1,55 @@
-/*     $KAME: rijndael.h,v 1.2 2000/10/02 17:14:27 itojun Exp $        */
-/*     $FreeBSD: src/sys/crypto/rijndael/rijndael.h,v 1.1.1.1.2.1 2001/07/03 11:01:36 ume Exp $        */
-/*     $DragonFly: src/sys/crypto/rijndael/rijndael.h,v 1.2 2003/06/17 04:28:20 dillon Exp $   */
+/*     $KAME: rijndael.h,v 1.6 2003/08/28 08:36:32 itojun Exp $        */
+/*     $FreeBSD: src/sys/crypto/rijndael/rijndael.h,v 1.6 2005/03/11 22:07:04 ume Exp $        */
 
-#include <crypto/rijndael/rijndael-api-fst.h>
+/**
+ * rijndael-alg-fst.h
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __RIJNDAEL_H
+#define        __RIJNDAEL_H
+
+#define RIJNDAEL_MAXKC (256/32)
+#define RIJNDAEL_MAXKB (256/8)
+#define RIJNDAEL_MAXNR 14
+
+typedef struct {
+       int     decrypt;
+       int     Nr;             /* key-length-dependent number of rounds */
+       uint32_t ek[4 * (RIJNDAEL_MAXNR + 1)];  /* encrypt key schedule */
+       uint32_t dk[4 * (RIJNDAEL_MAXNR + 1)];  /* decrypt key schedule */
+} rijndael_ctx;
+
+void   rijndael_set_key(rijndael_ctx *, const u_char *, int);
+void   rijndael_decrypt(const rijndael_ctx *, const u_char *, u_char *);
+void   rijndael_encrypt(const rijndael_ctx *, const u_char *, u_char *);
+
+int    rijndaelKeySetupEnc(u_int32_t [/*4*(Nr+1)*/], const u_int8_t [], int);
+int    rijndaelKeySetupDec(u_int32_t [/*4*(Nr+1)*/], const u_int8_t [], int);
+void   rijndaelEncrypt(const u_int32_t [/*4*(Nr+1)*/], int,
+       const u_int8_t[16], u_int8_t [16]);
+void   rijndaelDecrypt(const u_int32_t [/*4*(Nr+1)*/], int,
+       const u_int8_t [16], u_int8_t [16]);
+
+#endif /* __RIJNDAEL_H */
index 17a6d3d..7cdeece 100644 (file)
@@ -1,12 +1,7 @@
-/*     $KAME: rijndael_local.h,v 1.3 2000/10/02 17:14:27 itojun Exp $  */
-/*     $FreeBSD: src/sys/crypto/rijndael/rijndael_local.h,v 1.3.2.1 2001/07/03 11:01:36 ume Exp $      */
-/*     $DragonFly: src/sys/crypto/rijndael/rijndael_local.h,v 1.2 2003/06/17 04:28:20 dillon Exp $     */
+/*     $KAME: rijndael_local.h,v 1.5 2003/08/28 08:37:24 itojun Exp $  */
+/*     $FreeBSD: src/sys/crypto/rijndael/rijndael_local.h,v 1.4 2003/10/12 21:05:05 ume Exp $  */
 
 /* the file should not be used from outside */
-typedef u_int8_t               BYTE;
-typedef u_int8_t               word8;  
-typedef u_int16_t              word16; 
-typedef u_int32_t              word32;
-
-#define MAXKC          RIJNDAEL_MAXKC
-#define MAXROUNDS      RIJNDAEL_MAXROUNDS
+typedef u_int8_t               u8;
+typedef u_int16_t              u16;
+typedef u_int32_t              u32;
diff --git a/sys/crypto/rijndael/test00.c b/sys/crypto/rijndael/test00.c
new file mode 100644 (file)
index 0000000..142c93d
--- /dev/null
@@ -0,0 +1,75 @@
+/*-
+ * Copyright (c) 2003 Poul-Henning Kamp
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/crypto/rijndael/test00.c,v 1.2 2008/01/15 18:34:47 sobomax Exp $
+ *
+ * This test checks for inplace decryption working.  This is the case
+ * where the same buffer is passed as input and output to
+ * rijndael_blockDecrypt().
+ */
+
+#include <stdio.h>
+#include <sys/param.h>
+#include <sys/types.h>
+
+#include <crypto/rijndael/rijndael-api-fst.h>
+
+#define LL 32
+int
+main(int argc, char **argv)
+{
+       keyInstance ki;
+       cipherInstance ci;
+       uint8_t key[16];
+       uint8_t in[LL];
+       uint8_t out[LL];
+       int i, j;
+
+       rijndael_cipherInit(&ci, MODE_CBC, NULL);
+       for (i = 0; i < 16; i++)
+               key[i] = i;
+       rijndael_makeKey(&ki, DIR_DECRYPT, 128, key);
+       for (i = 0; i < LL; i++)
+               in[i] = i;
+       rijndael_blockDecrypt(&ci, &ki, in, LL * 8, out);
+       for (i = 0; i < LL; i++)
+               printf("%02x", out[i]);
+       putchar('\n');
+       rijndael_blockDecrypt(&ci, &ki, in, LL * 8, in);
+       j = 0;
+       for (i = 0; i < LL; i++) {
+               printf("%02x", in[i]);
+               if (in[i] != out[i])
+                       j++;
+       }
+       putchar('\n');
+       if (j != 0) {
+               fprintf(stderr,
+                   "Error: inplace decryption fails in %d places\n", j);
+               return (1);
+       } else {
+               return (0);
+       }
+}
index 5fcc2bb..396c8ca 100644 (file)
@@ -1,7 +1,5 @@
-/*     $FreeBSD: src/sys/crypto/sha1.c,v 1.2.2.4 2001/07/03 11:01:27 ume Exp $ */
-/*     $DragonFly: src/sys/crypto/sha1.c,v 1.4 2008/03/01 22:03:12 swildner Exp $      */
+/*     $FreeBSD: src/sys/crypto/sha1.c,v 1.9 2003/06/10 21:36:57 obrien Exp $          */
 /*     $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $    */
-
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
@@ -30,6 +28,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
+
 /*
  * FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
  * based on: http://csrc.nist.gov/fips/fip180-1.txt
@@ -85,7 +84,7 @@ static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 };
                sha1_step(ctxt);                \
      }
 
-static void sha1_step (struct sha1_ctxt *);
+static void sha1_step(struct sha1_ctxt *);
 
 static void
 sha1_step(struct sha1_ctxt *ctxt)
index 118f370..0bd6cb1 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/sha1.h,v 1.3.2.3 2000/10/12 18:59:31 archie Exp $      */
-/*     $DragonFly: src/sys/crypto/sha1.h,v 1.3 2003/08/27 10:59:04 rob Exp $   */
+/*     $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $  */
 /*     $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $  */
 
 /*
@@ -56,10 +55,10 @@ struct sha1_ctxt {
 };
 
 #ifdef _KERNEL
-extern void sha1_init (struct sha1_ctxt *);
-extern void sha1_pad (struct sha1_ctxt *);
-extern void sha1_loop (struct sha1_ctxt *, const u_int8_t *, size_t);
-extern void sha1_result (struct sha1_ctxt *, caddr_t);
+extern void sha1_init(struct sha1_ctxt *);
+extern void sha1_pad(struct sha1_ctxt *);
+extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t);
+extern void sha1_result(struct sha1_ctxt *, caddr_t);
 
 /* compatibilty with other SHA1 source codes */
 typedef struct sha1_ctxt SHA1_CTX;
index a6ecc16..939a2ff 100644 (file)
@@ -1,8 +1,8 @@
 /*
  * $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $
- * $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $
- * $DragonFly: src/sys/crypto/sha2/sha2.c,v 1.4 2004/02/12 23:14:05 joerg Exp $
+ * $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.9 2006/10/22 02:19:33 kevlo Exp $
  */
+
 /*
  * sha2.c
  *
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
  */
 
 
-#include <sys/param.h>
 #include <sys/types.h>
 #include <sys/time.h>
+#ifdef _KERNEL
+#include <sys/param.h>
 #include <sys/systm.h>
+#else
+#include <string.h>
+#endif
 #include <machine/endian.h>
 #include <crypto/sha2/sha2.h>
 
@@ -212,7 +215,7 @@ void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
 
 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
 /* Hash constant words K for SHA-256: */
-const static sha2_word32 K256[64] = {
+static const sha2_word32 K256[64] = {
        0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
        0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
        0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
@@ -232,7 +235,7 @@ const static sha2_word32 K256[64] = {
 };
 
 /* Initial hash value H for SHA-256: */
-const static sha2_word32 sha256_initial_hash_value[8] = {
+static const sha2_word32 sha256_initial_hash_value[8] = {
        0x6a09e667UL,
        0xbb67ae85UL,
        0x3c6ef372UL,
@@ -244,7 +247,7 @@ const static sha2_word32 sha256_initial_hash_value[8] = {
 };
 
 /* Hash constant words K for SHA-384 and SHA-512: */
-const static sha2_word64 K512[80] = {
+static const sha2_word64 K512[80] = {
        0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
        0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
        0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
@@ -288,7 +291,7 @@ const static sha2_word64 K512[80] = {
 };
 
 /* Initial hash value H for SHA-384 */
-const static sha2_word64 sha384_initial_hash_value[8] = {
+static const sha2_word64 sha384_initial_hash_value[8] = {
        0xcbbb9d5dc1059ed8ULL,
        0x629a292a367cd507ULL,
        0x9159015a3070dd17ULL,
@@ -300,7 +303,7 @@ const static sha2_word64 sha384_initial_hash_value[8] = {
 };
 
 /* Initial hash value H for SHA-512 */
-const static sha2_word64 sha512_initial_hash_value[8] = {
+static const sha2_word64 sha512_initial_hash_value[8] = {
        0x6a09e667f3bcc908ULL,
        0xbb67ae8584caa73bULL,
        0x3c6ef372fe94f82bULL,
@@ -610,7 +613,7 @@ void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
        }
 
        /* Clean up state data: */
-       bzero(context, sizeof(context));
+       bzero(context, sizeof(*context));
        usedspace = 0;
 }
 
@@ -631,7 +634,7 @@ char *SHA256_End(SHA256_CTX* context, char buffer[]) {
                }
                *buffer = (char)0;
        } else {
-               bzero(context, sizeof(context));
+               bzero(context, sizeof(*context));
        }
        bzero(digest, SHA256_DIGEST_LENGTH);
        return buffer;
@@ -694,7 +697,7 @@ void SHA512_Init(SHA512_CTX* context) {
 
 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
        sha2_word64     a, b, c, d, e, f, g, h, s0, s1;
-       sha2_word64     T1, *W512 = (sha2_word64*)context->buffer;
+       sha2_word64     T1 = 0, T2 = 0, *W512 = (sha2_word64*)context->buffer;
        int             j;
 
        /* Initialize registers with the prev. intermediate value */
@@ -940,7 +943,7 @@ void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
        }
 
        /* Zero out state data */
-       bzero(context, sizeof(context));
+       bzero(context, sizeof(*context));
 }
 
 char *SHA512_End(SHA512_CTX* context, char buffer[]) {
@@ -960,7 +963,7 @@ char *SHA512_End(SHA512_CTX* context, char buffer[]) {
                }
                *buffer = (char)0;
        } else {
-               bzero(context, sizeof(context));
+               bzero(context, sizeof(*context));
        }
        bzero(digest, SHA512_DIGEST_LENGTH);
        return buffer;
@@ -1015,7 +1018,7 @@ void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
        }
 
        /* Zero out state data */
-       bzero(context, sizeof(context));
+       bzero(context, sizeof(*context));
 }
 
 char *SHA384_End(SHA384_CTX* context, char buffer[]) {
@@ -1035,7 +1038,7 @@ char *SHA384_End(SHA384_CTX* context, char buffer[]) {
                }
                *buffer = (char)0;
        } else {
-               bzero(context, sizeof(context));
+               bzero(context, sizeof(*context));
        }
        bzero(digest, SHA384_DIGEST_LENGTH);
        return buffer;
index ef348ce..eb367e3 100644 (file)
@@ -1,5 +1,4 @@
-/*     $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $    */
-/*     $DragonFly: src/sys/crypto/sha2/sha2.h,v 1.3 2003/08/27 10:59:04 rob Exp $      */
+/*     $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.2 2002/03/20 05:13:51 alfred Exp $     */
 /*     $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $    */
 
 /*
@@ -116,23 +115,23 @@ typedef SHA512_CTX SHA384_CTX;
 
 /*** SHA-256/384/512 Function Prototypes ******************************/
 
-void SHA256_Init (SHA256_CTX *);
-void SHA256_Update (SHA256_CTX*, const u_int8_t*, size_t);
-void SHA256_Final (u_int8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
-char* SHA256_End (SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
-char* SHA256_Data (const u_int8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
-
-void SHA384_Init (SHA384_CTX*);
-void SHA384_Update (SHA384_CTX*, const u_int8_t*, size_t);
-void SHA384_Final (u_int8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
-char* SHA384_End (SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
-char* SHA384_Data (const u_int8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
-
-void SHA512_Init (SHA512_CTX*);
-void SHA512_Update (SHA512_CTX*, const u_int8_t*, size_t);
-void SHA512_Final (u_int8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
-char* SHA512_End (SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
-char* SHA512_Data (const u_int8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const u_int8_t*, size_t);
+void SHA256_Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const u_int8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const u_int8_t*, size_t);
+void SHA384_Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const u_int8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*,&