1 /* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
5 * @version 3.0 (December 2000)
7 * Optimised ANSI C code for the Rijndael cipher (now AES)
9 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
10 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
11 * @author Paulo Barreto <paulo.barreto@terra.com.br>
13 * This code is hereby placed in the public domain.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
22 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
25 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 /* Note: rewritten a little bit to provide error control and an OpenSSL-
39 #include <openssl/aes.h>
43 Te0[x] = S [x].[02, 01, 01, 03];
44 Te1[x] = S [x].[03, 02, 01, 01];
45 Te2[x] = S [x].[01, 03, 02, 01];
46 Te3[x] = S [x].[01, 01, 03, 02];
48 Td0[x] = Si[x].[0e, 09, 0d, 0b];
49 Td1[x] = Si[x].[0b, 0e, 09, 0d];
50 Td2[x] = Si[x].[0d, 0b, 0e, 09];
51 Td3[x] = Si[x].[09, 0d, 0b, 0e];
55 static const u32 Te0[256] = {
56 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
57 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
58 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
59 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
60 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
61 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
62 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
63 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
64 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
65 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
66 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
67 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
68 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
69 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
70 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
71 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
72 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
73 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
74 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
75 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
76 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
77 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
78 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
79 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
80 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
81 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
82 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
83 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
84 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
85 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
86 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
87 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
88 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
89 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
90 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
91 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
92 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
93 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
94 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
95 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
96 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
97 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
98 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
99 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
100 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
101 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
102 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
103 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
104 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
105 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
106 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
107 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
108 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
109 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
110 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
111 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
112 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
113 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
114 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
115 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
116 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
117 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
118 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
119 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
121 static const u32 Te1[256] = {
122 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
123 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
124 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
125 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
126 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
127 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
128 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
129 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
130 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
131 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
132 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
133 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
134 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
135 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
136 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
137 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
138 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
139 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
140 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
141 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
142 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
143 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
144 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
145 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
146 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
147 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
148 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
149 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
150 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
151 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
152 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
153 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
154 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
155 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
156 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
157 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
158 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
159 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
160 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
161 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
162 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
163 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
164 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
165 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
166 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
167 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
168 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
169 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
170 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
171 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
172 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
173 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
174 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
175 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
176 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
177 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
178 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
179 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
180 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
181 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
182 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
183 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
184 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
185 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
187 static const u32 Te2[256] = {
188 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
189 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
190 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
191 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
192 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
193 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
194 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
195 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
196 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
197 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
198 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
199 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
200 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
201 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
202 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
203 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
204 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
205 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
206 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
207 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
208 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
209 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
210 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
211 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
212 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
213 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
214 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
215 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
216 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
217 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
218 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
219 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
220 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
221 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
222 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
223 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
224 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
225 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
226 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
227 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
228 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
229 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
230 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
231 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
232 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
233 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
234 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
235 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
236 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
237 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
238 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
239 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
240 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
241 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
242 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
243 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
244 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
245 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
246 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
247 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
248 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
249 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
250 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
251 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
253 static const u32 Te3[256] = {
254 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
255 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
256 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
257 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
258 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
259 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
260 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
261 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
262 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
263 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
264 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
265 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
266 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
267 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
268 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
269 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
270 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
271 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
272 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
273 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
274 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
275 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
276 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
277 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
278 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
279 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
280 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
281 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
282 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
283 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
284 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
285 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
286 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
287 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
288 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
289 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
290 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
291 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
292 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
293 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
294 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
295 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
296 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
297 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
298 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
299 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
300 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
301 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
302 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
303 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
304 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
305 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
306 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
307 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
308 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
309 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
310 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
311 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
312 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
313 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
314 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
315 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
316 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
317 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
320 static const u32 Td0[256] = {
321 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
322 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
323 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
324 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
325 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
326 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
327 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
328 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
329 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
330 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
331 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
332 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
333 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
334 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
335 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
336 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
337 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
338 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
339 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
340 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
341 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
342 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
343 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
344 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
345 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
346 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
347 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
348 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
349 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
350 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
351 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
352 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
353 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
354 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
355 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
356 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
357 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
358 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
359 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
360 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
361 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
362 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
363 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
364 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
365 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
366 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
367 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
368 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
369 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
370 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
371 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
372 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
373 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
374 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
375 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
376 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
377 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
378 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
379 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
380 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
381 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
382 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
383 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
384 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
386 static const u32 Td1[256] = {
387 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
388 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
389 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
390 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
391 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
392 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
393 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
394 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
395 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
396 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
397 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
398 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
399 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
400 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
401 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
402 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
403 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
404 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
405 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
406 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
407 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
408 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
409 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
410 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
411 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
412 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
413 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
414 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
415 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
416 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
417 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
418 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
419 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
420 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
421 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
422 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
423 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
424 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
425 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
426 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
427 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
428 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
429 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
430 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
431 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
432 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
433 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
434 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
435 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
436 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
437 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
438 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
439 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
440 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
441 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
442 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
443 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
444 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
445 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
446 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
447 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
448 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
449 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
450 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
452 static const u32 Td2[256] = {
453 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
454 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
455 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
456 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
457 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
458 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
459 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
460 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
461 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
462 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
463 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
464 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
465 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
466 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
467 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
468 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
469 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
470 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
471 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
472 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
473 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
474 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
475 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
476 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
477 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
478 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
479 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
480 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
481 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
482 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
483 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
484 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
485 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
486 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
487 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
488 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
489 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
490 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
491 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
492 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
493 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
494 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
495 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
496 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
497 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
498 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
499 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
500 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
501 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
502 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
503 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
504 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
505 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
506 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
507 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
508 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
509 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
510 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
511 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
512 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
513 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
514 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
515 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
516 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
518 static const u32 Td3[256] = {
519 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
520 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
521 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
522 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
523 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
524 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
525 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
526 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
527 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
528 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
529 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
530 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
531 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
532 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
533 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
534 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
535 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
536 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
537 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
538 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
539 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
540 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
541 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
542 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
543 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
544 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
545 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
546 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
547 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
548 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
549 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
550 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
551 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
552 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
553 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
554 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
555 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
556 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
557 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
558 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
559 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
560 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
561 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
562 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
563 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
564 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
565 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
566 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
567 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
568 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
569 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
570 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
571 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
572 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
573 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
574 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
575 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
576 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
577 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
578 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
579 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
580 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
581 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
582 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
584 static const u8 Td4[256] = {
585 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
586 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
587 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
588 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
589 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
590 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
591 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
592 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
593 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
594 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
595 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
596 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
597 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
598 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
599 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
600 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
601 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
602 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
603 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
604 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
605 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
606 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
607 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
608 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
609 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
610 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
611 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
612 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
613 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
614 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
615 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
616 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
618 static const u32 rcon[] = {
619 0x01000000, 0x02000000, 0x04000000, 0x08000000,
620 0x10000000, 0x20000000, 0x40000000, 0x80000000,
621 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
625 * Expand the cipher key into the encryption key schedule.
627 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
634 if (!userKey || !key)
636 if (bits != 128 && bits != 192 && bits != 256)
648 rk[0] = GETU32(userKey );
649 rk[1] = GETU32(userKey + 4);
650 rk[2] = GETU32(userKey + 8);
651 rk[3] = GETU32(userKey + 12);
656 (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
657 (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
658 (Te0[(temp ) & 0xff] & 0x0000ff00) ^
659 (Te1[(temp >> 24) ] & 0x000000ff) ^
661 rk[5] = rk[1] ^ rk[4];
662 rk[6] = rk[2] ^ rk[5];
663 rk[7] = rk[3] ^ rk[6];
670 rk[4] = GETU32(userKey + 16);
671 rk[5] = GETU32(userKey + 20);
676 (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
677 (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
678 (Te0[(temp ) & 0xff] & 0x0000ff00) ^
679 (Te1[(temp >> 24) ] & 0x000000ff) ^
681 rk[ 7] = rk[ 1] ^ rk[ 6];
682 rk[ 8] = rk[ 2] ^ rk[ 7];
683 rk[ 9] = rk[ 3] ^ rk[ 8];
687 rk[10] = rk[ 4] ^ rk[ 9];
688 rk[11] = rk[ 5] ^ rk[10];
692 rk[6] = GETU32(userKey + 24);
693 rk[7] = GETU32(userKey + 28);
698 (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
699 (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
700 (Te0[(temp ) & 0xff] & 0x0000ff00) ^
701 (Te1[(temp >> 24) ] & 0x000000ff) ^
703 rk[ 9] = rk[ 1] ^ rk[ 8];
704 rk[10] = rk[ 2] ^ rk[ 9];
705 rk[11] = rk[ 3] ^ rk[10];
711 (Te2[(temp >> 24) ] & 0xff000000) ^
712 (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
713 (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
714 (Te1[(temp ) & 0xff] & 0x000000ff);
715 rk[13] = rk[ 5] ^ rk[12];
716 rk[14] = rk[ 6] ^ rk[13];
717 rk[15] = rk[ 7] ^ rk[14];
726 * Expand the cipher key into the decryption key schedule.
728 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
735 /* first, start with an encryption schedule */
736 status = AES_set_encrypt_key(userKey, bits, key);
742 /* invert the order of the round keys: */
743 for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
744 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
745 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
746 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
747 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
749 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
750 for (i = 1; i < (key->rounds); i++) {
753 Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
754 Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
755 Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
756 Td3[Te1[(rk[0] ) & 0xff] & 0xff];
758 Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
759 Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
760 Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
761 Td3[Te1[(rk[1] ) & 0xff] & 0xff];
763 Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
764 Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
765 Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
766 Td3[Te1[(rk[2] ) & 0xff] & 0xff];
768 Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
769 Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
770 Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
771 Td3[Te1[(rk[3] ) & 0xff] & 0xff];
778 * Encrypt a single block
779 * in and out can overlap
781 void AES_encrypt(const unsigned char *in, unsigned char *out,
782 const AES_KEY *key) {
785 u32 s0, s1, s2, s3, t0, t1, t2, t3;
788 #endif /* ?FULL_UNROLL */
790 assert(in && out && key);
794 * map byte array block to cipher state
795 * and add initial round key:
797 s0 = GETU32(in ) ^ rk[0];
798 s1 = GETU32(in + 4) ^ rk[1];
799 s2 = GETU32(in + 8) ^ rk[2];
800 s3 = GETU32(in + 12) ^ rk[3];
803 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
804 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
805 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
806 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
808 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
809 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
810 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
811 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
813 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
814 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
815 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
816 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
818 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
819 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
820 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
821 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
823 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
824 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
825 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
826 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
828 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
829 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
830 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
831 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
833 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
834 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
835 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
836 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
838 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
839 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
840 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
841 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
843 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
844 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
845 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
846 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
847 if (key->rounds > 10) {
849 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
850 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
851 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
852 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
854 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
855 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
856 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
857 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
858 if (key->rounds > 12) {
860 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
861 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
862 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
863 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
865 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
866 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
867 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
868 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
871 rk += key->rounds << 2;
872 #else /* !FULL_UNROLL */
874 * Nr - 1 full rounds:
876 r = key->rounds >> 1;
880 Te1[(s1 >> 16) & 0xff] ^
881 Te2[(s2 >> 8) & 0xff] ^
886 Te1[(s2 >> 16) & 0xff] ^
887 Te2[(s3 >> 8) & 0xff] ^
892 Te1[(s3 >> 16) & 0xff] ^
893 Te2[(s0 >> 8) & 0xff] ^
898 Te1[(s0 >> 16) & 0xff] ^
899 Te2[(s1 >> 8) & 0xff] ^
910 Te1[(t1 >> 16) & 0xff] ^
911 Te2[(t2 >> 8) & 0xff] ^
916 Te1[(t2 >> 16) & 0xff] ^
917 Te2[(t3 >> 8) & 0xff] ^
922 Te1[(t3 >> 16) & 0xff] ^
923 Te2[(t0 >> 8) & 0xff] ^
928 Te1[(t0 >> 16) & 0xff] ^
929 Te2[(t1 >> 8) & 0xff] ^
933 #endif /* ?FULL_UNROLL */
935 * apply last round and
936 * map cipher state to byte array block:
939 (Te2[(t0 >> 24) ] & 0xff000000) ^
940 (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
941 (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
942 (Te1[(t3 ) & 0xff] & 0x000000ff) ^
946 (Te2[(t1 >> 24) ] & 0xff000000) ^
947 (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
948 (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
949 (Te1[(t0 ) & 0xff] & 0x000000ff) ^
953 (Te2[(t2 >> 24) ] & 0xff000000) ^
954 (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
955 (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
956 (Te1[(t1 ) & 0xff] & 0x000000ff) ^
960 (Te2[(t3 >> 24) ] & 0xff000000) ^
961 (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
962 (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
963 (Te1[(t2 ) & 0xff] & 0x000000ff) ^
965 PUTU32(out + 12, s3);
969 * Decrypt a single block
970 * in and out can overlap
972 void AES_decrypt(const unsigned char *in, unsigned char *out,
973 const AES_KEY *key) {
976 u32 s0, s1, s2, s3, t0, t1, t2, t3;
979 #endif /* ?FULL_UNROLL */
981 assert(in && out && key);
985 * map byte array block to cipher state
986 * and add initial round key:
988 s0 = GETU32(in ) ^ rk[0];
989 s1 = GETU32(in + 4) ^ rk[1];
990 s2 = GETU32(in + 8) ^ rk[2];
991 s3 = GETU32(in + 12) ^ rk[3];
994 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
995 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
996 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
997 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
999 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1000 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1001 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1002 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1004 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1005 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1006 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1007 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1009 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1010 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1011 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1012 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1014 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1015 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1016 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1017 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1019 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1020 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1021 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1022 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1024 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1025 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1026 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1027 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1029 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1030 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1031 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1032 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1034 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1035 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1036 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1037 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1038 if (key->rounds > 10) {
1040 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1041 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1042 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1043 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1045 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1046 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1047 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1048 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1049 if (key->rounds > 12) {
1051 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1052 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1053 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1054 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1056 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1057 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1058 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1059 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1062 rk += key->rounds << 2;
1063 #else /* !FULL_UNROLL */
1065 * Nr - 1 full rounds:
1067 r = key->rounds >> 1;
1071 Td1[(s3 >> 16) & 0xff] ^
1072 Td2[(s2 >> 8) & 0xff] ^
1077 Td1[(s0 >> 16) & 0xff] ^
1078 Td2[(s3 >> 8) & 0xff] ^
1083 Td1[(s1 >> 16) & 0xff] ^
1084 Td2[(s0 >> 8) & 0xff] ^
1089 Td1[(s2 >> 16) & 0xff] ^
1090 Td2[(s1 >> 8) & 0xff] ^
1101 Td1[(t3 >> 16) & 0xff] ^
1102 Td2[(t2 >> 8) & 0xff] ^
1107 Td1[(t0 >> 16) & 0xff] ^
1108 Td2[(t3 >> 8) & 0xff] ^
1113 Td1[(t1 >> 16) & 0xff] ^
1114 Td2[(t0 >> 8) & 0xff] ^
1119 Td1[(t2 >> 16) & 0xff] ^
1120 Td2[(t1 >> 8) & 0xff] ^
1124 #endif /* ?FULL_UNROLL */
1126 * apply last round and
1127 * map cipher state to byte array block:
1130 (Td4[(t0 >> 24) ] << 24) ^
1131 (Td4[(t3 >> 16) & 0xff] << 16) ^
1132 (Td4[(t2 >> 8) & 0xff] << 8) ^
1133 (Td4[(t1 ) & 0xff]) ^
1137 (Td4[(t1 >> 24) ] << 24) ^
1138 (Td4[(t0 >> 16) & 0xff] << 16) ^
1139 (Td4[(t3 >> 8) & 0xff] << 8) ^
1140 (Td4[(t2 ) & 0xff]) ^
1142 PUTU32(out + 4, s1);
1144 (Td4[(t2 >> 24) ] << 24) ^
1145 (Td4[(t1 >> 16) & 0xff] << 16) ^
1146 (Td4[(t0 >> 8) & 0xff] << 8) ^
1147 (Td4[(t3 ) & 0xff]) ^
1149 PUTU32(out + 8, s2);
1151 (Td4[(t3 >> 24) ] << 24) ^
1152 (Td4[(t2 >> 16) & 0xff] << 16) ^
1153 (Td4[(t1 >> 8) & 0xff] << 8) ^
1154 (Td4[(t0 ) & 0xff]) ^
1156 PUTU32(out + 12, s3);
1159 #endif /* AES_ASM */
nant's projects / dragonfly.git / blob