1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * AES implementation taken from public domain. The S-boxes 31 * used by this implmentation are defined by NIST. 32 * 33 * For more information on AES refer to 34 * http://csrc.nist.gov/CryptoToolkit/aes 35 */ 36 37 #include <stdlib.h> 38 #include <sys/sysmacros.h> 39 40 #include "aes.h" 41 42 /* Yay for Big-Endian Algorithms! */ 43 #ifdef _LITTLE_ENDIAN 44 #define BSWAP_L(l) (((l & 0xff) << 24) | ((l & 0xff00) <<8) \ 45 | ((l & 0xff0000) >> 8) | ((l & 0xff000000) >>24)) 46 #else 47 #define BSWAP_L(l) (l) 48 #endif 49 50 #define GETU32(p) BSWAP_L(*(uint32_t *)(p)) 51 #define PUTU32(ct, st) *((uint32_t *)(ct)) = BSWAP_L(st) 52 53 54 /* 55 * Te0[x] = S [x].[02, 01, 01, 03]; 56 * Te1[x] = S [x].[03, 02, 01, 01]; 57 * Te2[x] = S [x].[01, 03, 02, 01]; 58 * Te3[x] = S [x].[01, 01, 03, 02]; 59 * Te4[x] = S [x].[01, 01, 01, 01]; 60 * 61 * Td0[x] = Si[x].[0e, 09, 0d, 0b]; 62 * Td1[x] = Si[x].[0b, 0e, 09, 0d]; 63 * Td2[x] = Si[x].[0d, 0b, 0e, 09]; 64 * Td3[x] = Si[x].[09, 0d, 0b, 0e]; 65 * Td4[x] = Si[x].[01, 01, 01, 01]; 66 */ 67 68 69 /* S-boxes */ 70 static const uint32_t Te0[256] = { 71 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 72 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 73 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 74 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 75 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 76 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 77 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 78 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 79 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 80 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 81 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 82 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 83 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 84 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 85 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 86 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 87 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 88 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 89 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 90 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 91 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 92 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 93 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 94 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 95 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 96 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 97 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 98 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 99 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 100 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 101 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 102 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 103 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 104 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 105 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 106 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 107 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 108 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 109 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 110 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 111 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 112 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 113 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 114 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 115 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 116 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 117 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 118 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 119 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 120 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 121 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 122 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 123 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 124 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 125 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 126 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 127 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 128 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 129 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 130 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 131 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 132 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 133 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 134 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, 135 }; 136 static const uint32_t Te1[256] = { 137 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, 138 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, 139 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, 140 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, 141 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, 142 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, 143 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, 144 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, 145 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, 146 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, 147 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, 148 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, 149 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, 150 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, 151 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, 152 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, 153 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, 154 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, 155 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, 156 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, 157 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, 158 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, 159 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, 160 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, 161 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, 162 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, 163 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, 164 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, 165 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, 166 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, 167 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, 168 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, 169 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, 170 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, 171 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, 172 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, 173 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, 174 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, 175 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, 176 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, 177 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, 178 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, 179 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, 180 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, 181 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, 182 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, 183 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, 184 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, 185 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, 186 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, 187 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, 188 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, 189 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, 190 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, 191 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, 192 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, 193 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, 194 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, 195 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, 196 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, 197 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, 198 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, 199 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, 200 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, 201 }; 202 static const uint32_t Te2[256] = { 203 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, 204 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, 205 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, 206 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, 207 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, 208 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, 209 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, 210 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, 211 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, 212 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, 213 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, 214 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, 215 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, 216 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, 217 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, 218 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, 219 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, 220 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, 221 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, 222 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, 223 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, 224 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, 225 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, 226 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, 227 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, 228 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, 229 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, 230 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, 231 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, 232 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, 233 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, 234 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, 235 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, 236 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, 237 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, 238 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, 239 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, 240 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, 241 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, 242 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, 243 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, 244 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, 245 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, 246 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, 247 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, 248 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, 249 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, 250 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, 251 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, 252 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, 253 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, 254 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, 255 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, 256 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, 257 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, 258 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, 259 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, 260 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, 261 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, 262 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, 263 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, 264 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, 265 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, 266 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, 267 }; 268 static const uint32_t Te3[256] = { 269 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 270 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 271 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, 272 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, 273 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, 274 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, 275 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, 276 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, 277 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, 278 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, 279 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, 280 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, 281 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, 282 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, 283 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, 284 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, 285 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, 286 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, 287 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, 288 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, 289 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, 290 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, 291 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, 292 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, 293 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, 294 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, 295 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, 296 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, 297 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, 298 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, 299 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, 300 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, 301 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, 302 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, 303 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, 304 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, 305 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, 306 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, 307 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, 308 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, 309 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, 310 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, 311 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, 312 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, 313 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, 314 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, 315 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, 316 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, 317 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, 318 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, 319 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, 320 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, 321 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, 322 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, 323 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, 324 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, 325 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, 326 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, 327 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, 328 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, 329 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, 330 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, 331 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 332 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, 333 }; 334 static const uint32_t Te4[256] = { 335 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, 336 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, 337 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, 338 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, 339 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, 340 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, 341 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, 342 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, 343 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, 344 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, 345 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, 346 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, 347 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, 348 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, 349 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, 350 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, 351 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, 352 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, 353 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, 354 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, 355 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, 356 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, 357 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, 358 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, 359 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, 360 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, 361 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, 362 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, 363 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, 364 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, 365 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, 366 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, 367 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, 368 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, 369 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, 370 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, 371 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, 372 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, 373 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, 374 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, 375 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, 376 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, 377 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, 378 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, 379 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, 380 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, 381 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, 382 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, 383 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, 384 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, 385 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, 386 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, 387 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, 388 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, 389 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, 390 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, 391 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, 392 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, 393 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, 394 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, 395 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, 396 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, 397 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, 398 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, 399 }; 400 static const uint32_t Td0[256] = { 401 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 402 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 403 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 404 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 405 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 406 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 407 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 408 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 409 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 410 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 411 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 412 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 413 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 414 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 415 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 416 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 417 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 418 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 419 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 420 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 421 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 422 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 423 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 424 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 425 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 426 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 427 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 428 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 429 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 430 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 431 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 432 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 433 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 434 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 435 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 436 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 437 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 438 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 439 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 440 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 441 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 442 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 443 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 444 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 445 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 446 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 447 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 448 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 449 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 450 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 451 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 452 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 453 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 454 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 455 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 456 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 457 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 458 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 459 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 460 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 461 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 462 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 463 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 464 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, 465 }; 466 static const uint32_t Td1[256] = { 467 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, 468 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, 469 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, 470 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, 471 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, 472 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, 473 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, 474 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, 475 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, 476 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, 477 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, 478 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, 479 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, 480 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, 481 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, 482 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, 483 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, 484 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, 485 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, 486 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, 487 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, 488 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, 489 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, 490 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, 491 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, 492 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, 493 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, 494 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, 495 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, 496 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, 497 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, 498 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, 499 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, 500 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, 501 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, 502 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, 503 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, 504 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, 505 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, 506 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, 507 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, 508 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, 509 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, 510 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, 511 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, 512 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, 513 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, 514 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, 515 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, 516 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, 517 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, 518 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, 519 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, 520 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, 521 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, 522 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, 523 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, 524 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, 525 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, 526 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, 527 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, 528 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, 529 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, 530 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, 531 }; 532 static const uint32_t Td2[256] = { 533 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, 534 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, 535 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, 536 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, 537 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, 538 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, 539 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, 540 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, 541 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, 542 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, 543 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, 544 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, 545 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, 546 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, 547 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, 548 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, 549 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, 550 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, 551 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, 552 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, 553 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, 554 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, 555 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, 556 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, 557 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, 558 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, 559 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, 560 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, 561 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, 562 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, 563 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, 564 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, 565 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, 566 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, 567 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, 568 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, 569 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, 570 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, 571 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, 572 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, 573 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, 574 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, 575 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, 576 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, 577 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, 578 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, 579 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, 580 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, 581 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, 582 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, 583 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, 584 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, 585 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, 586 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, 587 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, 588 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, 589 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, 590 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, 591 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, 592 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, 593 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, 594 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, 595 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, 596 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, 597 }; 598 static const uint32_t Td3[256] = { 599 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, 600 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, 601 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, 602 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, 603 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, 604 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, 605 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, 606 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, 607 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, 608 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, 609 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, 610 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, 611 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, 612 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, 613 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, 614 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, 615 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, 616 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, 617 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, 618 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, 619 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, 620 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, 621 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, 622 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, 623 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, 624 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, 625 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, 626 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, 627 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, 628 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, 629 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, 630 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, 631 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, 632 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, 633 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, 634 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, 635 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, 636 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, 637 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, 638 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, 639 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, 640 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, 641 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, 642 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, 643 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, 644 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, 645 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, 646 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, 647 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, 648 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, 649 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, 650 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, 651 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, 652 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, 653 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, 654 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, 655 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, 656 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, 657 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, 658 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, 659 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, 660 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, 661 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, 662 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, 663 }; 664 static const uint32_t Td4[256] = { 665 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, 666 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, 667 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, 668 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, 669 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, 670 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, 671 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, 672 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, 673 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, 674 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, 675 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, 676 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, 677 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, 678 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, 679 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, 680 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, 681 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, 682 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, 683 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, 684 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, 685 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, 686 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, 687 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, 688 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, 689 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, 690 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, 691 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, 692 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, 693 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, 694 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, 695 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, 696 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, 697 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, 698 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, 699 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, 700 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, 701 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, 702 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, 703 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, 704 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, 705 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, 706 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, 707 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, 708 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, 709 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, 710 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, 711 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, 712 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, 713 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, 714 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, 715 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, 716 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, 717 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, 718 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, 719 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, 720 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, 721 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, 722 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, 723 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, 724 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, 725 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, 726 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, 727 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, 728 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, 729 }; 730 static const uint32_t rcon[] = { 731 0x01000000, 0x02000000, 0x04000000, 0x08000000, 732 0x10000000, 0x20000000, 0x40000000, 0x80000000, 733 0x1B000000, 0x36000000, 734 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 735 }; 736 typedef struct keysched_s { 737 uint32_t Nr; 738 uint32_t rk_e[60]; /* max round key size */ 739 uint32_t rk_d[60]; /* max round key size */ 740 } keysched_t; 741 742 int 743 aes_init(void **cookie) 744 { 745 if ((*cookie = malloc(sizeof (keysched_t))) == NULL) { 746 return (-1); 747 } 748 return (0); 749 } 750 751 void 752 aes_fini(void *cookie) 753 { 754 free(cookie); 755 } 756 757 void 758 aes_encrypt(void *cookie, uint8_t *block) 759 { 760 keysched_t *ksch = (keysched_t *)cookie; 761 uint32_t s0, s1, s2, s3, t0, t1, t2, t3; 762 uint32_t *rk = ksch->rk_e; 763 uint32_t Nr = ksch->Nr; 764 765 #if _ALIGNMENT_REQUIRED 766 767 if (IS_P2ALIGNED(block, sizeof (uint32_t))) { 768 #endif /* _ALIGNMENT_REQUIRED */ 769 /* 770 * map byte array block to cipher state 771 * and add initial round key: 772 */ 773 /*LINTED*/ 774 s0 = GETU32(block) ^ rk[0]; 775 /*LINTED*/ 776 s1 = GETU32(block + 4) ^ rk[1]; 777 /*LINTED*/ 778 s2 = GETU32(block + 8) ^ rk[2]; 779 /*LINTED*/ 780 s3 = GETU32(block + 12) ^ rk[3]; 781 782 #if _ALIGNMENT_REQUIRED 783 } else { 784 s0 = (((uint32_t)block[0] << 24) | ((uint32_t)block[1] << 16) | 785 ((uint32_t)block[2] << 8) | (uint32_t)block[3]) ^ rk[0]; 786 787 s1 = (((uint32_t)block[4] << 24) | ((uint32_t)block[5] << 16) | 788 ((uint32_t)block[6] << 8) | (uint32_t)block[7]) ^ rk[1]; 789 790 s2 = (((uint32_t)block[8] << 24) | ((uint32_t)block[9] << 16) | 791 ((uint32_t)block[10] << 8) | (uint32_t)block[11]) ^ rk[2]; 792 793 s3 = (((uint32_t)block[12] << 24) | 794 ((uint32_t)block[13] << 16) | ((uint32_t)block[14] << 8) | 795 (uint32_t)block[15]) ^ rk[3]; 796 } 797 #endif /* _ALIGNMENT_REQUIRED */ 798 799 /* 800 * Danger Will Robinson, DANGER 801 * DATA DEPENDANT TRANSFORMS 802 * 803 * because s0-s3 t0-t3 are changing every round, tsr* and 804 * ssr* are changing in value. 805 */ 806 807 #define tsr0 (Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] \ 808 ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff]) 809 #define tsr1 (Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] \ 810 ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff]) 811 #define tsr2 (Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] \ 812 ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff]) 813 #define tsr3 (Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] \ 814 ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff]) 815 #define ssr0 (Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] \ 816 ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff]) 817 #define ssr1 (Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] \ 818 ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff]) 819 #define ssr2 (Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] \ 820 ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff]) 821 #define ssr3 (Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] \ 822 ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff]) 823 824 /* round 1: */ 825 t0 = tsr0 ^ rk[4]; 826 t1 = tsr1 ^ rk[5]; 827 t2 = tsr2 ^ rk[6]; 828 t3 = tsr3 ^ rk[7]; 829 /* round 2: */ 830 s0 = ssr0 ^ rk[8]; 831 s1 = ssr1 ^ rk[9]; 832 s2 = ssr2 ^ rk[10]; 833 s3 = ssr3 ^ rk[11]; 834 /* round 3: */ 835 t0 = tsr0 ^ rk[12]; 836 t1 = tsr1 ^ rk[13]; 837 t2 = tsr2 ^ rk[14]; 838 t3 = tsr3 ^ rk[15]; 839 /* round 4: */ 840 s0 = ssr0 ^ rk[16]; 841 s1 = ssr1 ^ rk[17]; 842 s2 = ssr2 ^ rk[18]; 843 s3 = ssr3 ^ rk[19]; 844 /* round 5: */ 845 t0 = tsr0 ^ rk[20]; 846 t1 = tsr1 ^ rk[21]; 847 t2 = tsr2 ^ rk[22]; 848 t3 = tsr3 ^ rk[23]; 849 /* round 6: */ 850 s0 = ssr0 ^ rk[24]; 851 s1 = ssr1 ^ rk[25]; 852 s2 = ssr2 ^ rk[26]; 853 s3 = ssr3 ^ rk[27]; 854 /* round 7: */ 855 t0 = tsr0 ^ rk[28]; 856 t1 = tsr1 ^ rk[29]; 857 t2 = tsr2 ^ rk[30]; 858 t3 = tsr3 ^ rk[31]; 859 /* round 8: */ 860 s0 = ssr0 ^ rk[32]; 861 s1 = ssr1 ^ rk[33]; 862 s2 = ssr2 ^ rk[34]; 863 s3 = ssr3 ^ rk[35]; 864 /* round 9: */ 865 t0 = tsr0 ^ rk[36]; 866 t1 = tsr1 ^ rk[37]; 867 t2 = tsr2 ^ rk[38]; 868 t3 = tsr3 ^ rk[39]; 869 if (Nr > 10) { 870 /* round 10: */ 871 s0 = ssr0 ^ rk[40]; 872 s1 = ssr1 ^ rk[41]; 873 s2 = ssr2 ^ rk[42]; 874 s3 = ssr3 ^ rk[43]; 875 /* round 11: */ 876 t0 = tsr0 ^ rk[44]; 877 t1 = tsr1 ^ rk[45]; 878 t2 = tsr2 ^ rk[46]; 879 t3 = tsr3 ^ rk[47]; 880 if (Nr > 12) { 881 /* round 12: */ 882 s0 = ssr0 ^ rk[48]; 883 s1 = ssr1 ^ rk[49]; 884 s2 = ssr2 ^ rk[50]; 885 s3 = ssr3 ^ rk[51]; 886 /* round 13: */ 887 t0 = tsr0 ^ rk[52]; 888 t1 = tsr1 ^ rk[53]; 889 t2 = tsr2 ^ rk[54]; 890 t3 = tsr3 ^ rk[55]; 891 } 892 } 893 rk += Nr << 2; 894 895 /* 896 * apply last round and 897 * map cipher state to byte array block: 898 */ 899 s0 = (Te4[(t0 >> 24)] & 0xff000000) ^ 900 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 901 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 902 (Te4[(t3) & 0xff] & 0x000000ff) ^ 903 rk[0]; 904 905 s1 = (Te4[(t1 >> 24)] & 0xff000000) ^ 906 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 907 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 908 (Te4[(t0) & 0xff] & 0x000000ff) ^ 909 rk[1]; 910 911 s2 = (Te4[(t2 >> 24)] & 0xff000000) ^ 912 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 913 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 914 (Te4[(t1) & 0xff] & 0x000000ff) ^ 915 rk[2]; 916 917 s3 = (Te4[(t3 >> 24)] & 0xff000000) ^ 918 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 919 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 920 (Te4[(t2) & 0xff] & 0x000000ff) ^ 921 rk[3]; 922 923 #if _ALIGNMENT_REQUIRED 924 if (IS_P2ALIGNED(block, sizeof (uint32_t))) { 925 #endif /* _ALIGNMENT_REQUIRED */ 926 /*LINTED*/ 927 PUTU32(block, s0); 928 /*LINTED*/ 929 PUTU32(block + 4, s1); 930 /*LINTED*/ 931 PUTU32(block + 8, s2); 932 /*LINTED*/ 933 PUTU32(block + 12, s3); 934 #if _ALIGNMENT_REQUIRED 935 } else { 936 block[0] = s0 >> 24; 937 block[1] = s0 >> 16; 938 block[2] = s0 >> 8; 939 block[3] = s0; 940 block[4] = s1 >> 24; 941 block[5] = s1 >> 16; 942 block[6] = s1 >> 8; 943 block[7] = s1; 944 block[8] = s2 >> 24; 945 block[9] = s2 >> 16; 946 block[10] = s2 >> 8; 947 block[11] = s2; 948 block[12] = s3 >> 24; 949 block[13] = s3 >> 16; 950 block[14] = s3 >> 8; 951 block[15] = s3; 952 } 953 #endif /* _ALIGNMENT_REQUIRED */ 954 } 955 956 957 /* 958 * Decrypt a block of data. 959 */ 960 void 961 aes_decrypt(void *cookie, uint8_t *block) 962 { 963 keysched_t *ksch = (keysched_t *)cookie; 964 uint32_t s0, s1, s2, s3, t0, t1, t2, t3; 965 uint32_t *rk = ksch->rk_d; 966 uint32_t Nr = ksch->Nr; 967 968 #if _ALIGNMENT_REQUIRED 969 if (IS_P2ALIGNED(block, sizeof (uint32_t))) { 970 #endif /* _ALIGNMENT_REQUIRED */ 971 /* 972 * map byte array block to cipher state 973 * and add initial round key: 974 */ 975 /*LINTED*/ 976 s0 = GETU32(block) ^ rk[0]; 977 /*LINTED*/ 978 s1 = GETU32(block + 4) ^ rk[1]; 979 /*LINTED*/ 980 s2 = GETU32(block + 8) ^ rk[2]; 981 /*LINTED*/ 982 s3 = GETU32(block + 12) ^ rk[3]; 983 #if _ALIGNMENT_REQUIRED 984 } else { 985 s0 = (((uint32_t)block[0] << 24) | ((uint32_t)block[1] << 16) | 986 ((uint32_t)block[2] << 8) | (uint32_t)block[3]) ^ rk[0]; 987 988 s1 = (((uint32_t)block[4] << 24) | ((uint32_t)block[5] << 16) | 989 ((uint32_t)block[6] << 8) | (uint32_t)block[7]) ^ rk[1]; 990 991 s2 = (((uint32_t)block[8] << 24) | ((uint32_t)block[9] << 16) | 992 ((uint32_t)block[10] << 8) | (uint32_t)block[11]) ^ rk[2]; 993 994 s3 = (((uint32_t)block[12] << 24) | 995 ((uint32_t)block[13] << 16) | ((uint32_t)block[14] << 8) | 996 (uint32_t)block[15]) ^ rk[3]; 997 } 998 #endif /* _ALIGNMENT_REQUIRED */ 999 1000 /* 1001 * Danger Will Robinson, DANGER 1002 * DATA DEPENDANT TRANSFORMS 1003 * 1004 * because s0-s3 t0-t3 are changing every round, tdsr* and 1005 * sdsr* are changing in value. 1006 */ 1007 1008 #define tdsr0 Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] \ 1009 ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] 1010 #define tdsr1 Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] \ 1011 ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] 1012 #define tdsr2 Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] \ 1013 ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] 1014 #define tdsr3 Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] \ 1015 ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] 1016 #define sdsr0 Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] \ 1017 ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] 1018 #define sdsr1 Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] \ 1019 ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] 1020 #define sdsr2 Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] \ 1021 ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] 1022 #define sdsr3 Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] \ 1023 ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] 1024 1025 /* round 1: */ 1026 t0 = tdsr0 ^ rk[4]; 1027 t1 = tdsr1 ^ rk[5]; 1028 t2 = tdsr2 ^ rk[6]; 1029 t3 = tdsr3 ^ rk[7]; 1030 /* round 2: */ 1031 s0 = sdsr0 ^ rk[8]; 1032 s1 = sdsr1 ^ rk[9]; 1033 s2 = sdsr2 ^ rk[10]; 1034 s3 = sdsr3 ^ rk[11]; 1035 /* round 3: */ 1036 t0 = tdsr0 ^ rk[12]; 1037 t1 = tdsr1 ^ rk[13]; 1038 t2 = tdsr2 ^ rk[14]; 1039 t3 = tdsr3 ^ rk[15]; 1040 /* round 4: */ 1041 s0 = sdsr0 ^ rk[16]; 1042 s1 = sdsr1 ^ rk[17]; 1043 s2 = sdsr2 ^ rk[18]; 1044 s3 = sdsr3 ^ rk[19]; 1045 /* round 5: */ 1046 t0 = tdsr0 ^ rk[20]; 1047 t1 = tdsr1 ^ rk[21]; 1048 t2 = tdsr2 ^ rk[22]; 1049 t3 = tdsr3 ^ rk[23]; 1050 /* round 6: */ 1051 s0 = sdsr0 ^ rk[24]; 1052 s1 = sdsr1 ^ rk[25]; 1053 s2 = sdsr2 ^ rk[26]; 1054 s3 = sdsr3 ^ rk[27]; 1055 /* round 7: */ 1056 t0 = tdsr0 ^ rk[28]; 1057 t1 = tdsr1 ^ rk[29]; 1058 t2 = tdsr2 ^ rk[30]; 1059 t3 = tdsr3 ^ rk[31]; 1060 /* round 8: */ 1061 s0 = sdsr0 ^ rk[32]; 1062 s1 = sdsr1 ^ rk[33]; 1063 s2 = sdsr2 ^ rk[34]; 1064 s3 = sdsr3 ^ rk[35]; 1065 /* round 9: */ 1066 t0 = tdsr0 ^ rk[36]; 1067 t1 = tdsr1 ^ rk[37]; 1068 t2 = tdsr2 ^ rk[38]; 1069 t3 = tdsr3 ^ rk[39]; 1070 if (Nr > 10) { 1071 /* round 10: */ 1072 s0 = sdsr0 ^ rk[40]; 1073 s1 = sdsr1 ^ rk[41]; 1074 s2 = sdsr2 ^ rk[42]; 1075 s3 = sdsr3 ^ rk[43]; 1076 /* round 11: */ 1077 t0 = tdsr0 ^ rk[44]; 1078 t1 = tdsr1 ^ rk[45]; 1079 t2 = tdsr2 ^ rk[46]; 1080 t3 = tdsr3 ^ rk[47]; 1081 if (Nr > 12) { 1082 /* round 12: */ 1083 s0 = sdsr0 ^ rk[48]; 1084 s1 = sdsr1 ^ rk[49]; 1085 s2 = sdsr2 ^ rk[50]; 1086 s3 = sdsr3 ^ rk[51]; 1087 /* round 13: */ 1088 t0 = tdsr0 ^ rk[52]; 1089 t1 = tdsr1 ^ rk[53]; 1090 t2 = tdsr2 ^ rk[54]; 1091 t3 = tdsr3 ^ rk[55]; 1092 } 1093 } 1094 rk += Nr << 2; 1095 1096 /* 1097 * apply last round and 1098 * map cipher state to byte array block: 1099 */ 1100 s0 = 1101 (Td4[(t0 >> 24)] & 0xff000000) ^ 1102 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1103 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1104 (Td4[(t1) & 0xff] & 0x000000ff) ^ 1105 rk[0]; 1106 1107 s1 = 1108 (Td4[(t1 >> 24)] & 0xff000000) ^ 1109 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1110 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1111 (Td4[(t2) & 0xff] & 0x000000ff) ^ 1112 rk[1]; 1113 1114 s2 = 1115 (Td4[(t2 >> 24)] & 0xff000000) ^ 1116 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1117 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1118 (Td4[(t3) & 0xff] & 0x000000ff) ^ 1119 rk[2]; 1120 1121 s3 = 1122 (Td4[(t3 >> 24)] & 0xff000000) ^ 1123 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1124 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1125 (Td4[(t0) & 0xff] & 0x000000ff) ^ 1126 rk[3]; 1127 1128 #if _ALIGNMENT_REQUIRED 1129 if (IS_P2ALIGNED(block, sizeof (uint32_t))) { 1130 #endif /* _ALIGNMENT_REQUIRED */ 1131 /*LINTED*/ 1132 PUTU32(block, s0); 1133 /*LINTED*/ 1134 PUTU32(block + 4, s1); 1135 /*LINTED*/ 1136 PUTU32(block + 8, s2); 1137 /*LINTED*/ 1138 PUTU32(block + 12, s3); 1139 #if _ALIGNMENT_REQUIRED 1140 } else { 1141 block[0] = s0 >> 24; 1142 block[1] = s0 >> 16; 1143 block[2] = s0 >> 8; 1144 block[3] = s0; 1145 block[4] = s1 >> 24; 1146 block[5] = s1 >> 16; 1147 block[6] = s1 >> 8; 1148 block[7] = s1; 1149 block[8] = s2 >> 24; 1150 block[9] = s2 >> 16; 1151 block[10] = s2 >> 8; 1152 block[11] = s2; 1153 block[12] = s3 >> 24; 1154 block[13] = s3 >> 16; 1155 block[14] = s3 >> 8; 1156 block[15] = s3; 1157 } 1158 #endif /* _ALIGNMENT_REQUIRED */ 1159 } 1160 1161 1162 /* 1163 * For now, just reality-check the key size. 1164 * Just remember to keep an eye open for 1165 * anyone finding weak keys in rijndael/aes. 1166 */ 1167 boolean_t 1168 aes_keycheck(const uint8_t *key, uint32_t keysize) 1169 { 1170 if (key == NULL) { 1171 return (B_FALSE); 1172 } 1173 1174 /* rijndael can work with 160 or 224 */ 1175 /* but, that's not in the AES spec */ 1176 switch (keysize) { 1177 case AES_128_KEY_SIZE: 1178 case AES_192_KEY_SIZE: 1179 case AES_256_KEY_SIZE: 1180 break; 1181 default: 1182 return (B_FALSE); 1183 } 1184 1185 /* 1186 * No known weak keys in AES (yet). But if there were, 1187 * check here 1188 */ 1189 return (B_TRUE); 1190 } 1191 1192 void 1193 aes_key(void *cookie, const uint8_t *key, uint32_t keysize) 1194 { 1195 keysched_t *ks = (keysched_t *)cookie; 1196 uint32_t keybits; 1197 uint32_t Nr; 1198 uint32_t temp; 1199 uint32_t *rk_d = ks->rk_d; 1200 uint32_t *rk_e = ks->rk_e; 1201 int i = 0; 1202 int j; 1203 1204 keybits = keysize * 8; 1205 switch (keybits) { 1206 case 128: 1207 Nr = ks->Nr = 10; 1208 break; 1209 1210 case 192: 1211 Nr = ks->Nr = 12; 1212 break; 1213 1214 case 256: 1215 Nr = ks->Nr = 14; 1216 break; 1217 1218 default: 1219 /* should never get here */ 1220 return; 1221 } 1222 1223 #if _ALIGNMENT_REQUIRED 1224 1225 if (IS_P2ALIGNED(key, sizeof (uint32_t))) { 1226 #endif /* _ALIGNMENT_REQUIRED */ 1227 /* 1228 * map byte array block to cipher state 1229 * and add initial round key: 1230 */ 1231 /*LINTED*/ 1232 rk_e[0] = GETU32(key); 1233 /*LINTED*/ 1234 rk_e[1] = GETU32(key + 4); 1235 /*LINTED*/ 1236 rk_e[2] = GETU32(key + 8); 1237 /*LINTED*/ 1238 rk_e[3] = GETU32(key + 12); 1239 1240 #if _ALIGNMENT_REQUIRED 1241 } else { 1242 rk_e[0] = (((uint32_t)key[0] << 24) | 1243 ((uint32_t)key[1] << 16) | 1244 ((uint32_t)key[2] << 8) | (uint32_t)key[3]); 1245 1246 rk_e[1] = (((uint32_t)key[4] << 24) | 1247 ((uint32_t)key[5] << 16) | 1248 ((uint32_t)key[6] << 8) | (uint32_t)key[7]); 1249 1250 rk_e[2] = (((uint32_t)key[8] << 24) | 1251 ((uint32_t)key[9] << 16) | 1252 ((uint32_t)key[10] << 8) | (uint32_t)key[11]); 1253 1254 rk_e[3] = (((uint32_t)key[12] << 24) | 1255 ((uint32_t)key[13] << 16) | ((uint32_t)key[14] << 8) | 1256 (uint32_t)key[15]); 1257 } 1258 #endif /* _ALIGNMENT_REQUIRED */ 1259 1260 if (keybits == 128) { 1261 for (;;) { 1262 temp = rk_e[3]; 1263 rk_e[4] = rk_e[0] ^ 1264 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 1265 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 1266 (Te4[(temp) & 0xff] & 0x0000ff00) ^ 1267 (Te4[(temp >> 24)] & 0x000000ff) ^ 1268 rcon[i]; 1269 rk_e[5] = rk_e[1] ^ rk_e[4]; 1270 rk_e[6] = rk_e[2] ^ rk_e[5]; 1271 rk_e[7] = rk_e[3] ^ rk_e[6]; 1272 if (++i == 10) { 1273 goto finish_keysched; 1274 } 1275 rk_e += 4; 1276 } 1277 } 1278 #if _ALIGNMENT_REQUIRED 1279 1280 if (IS_P2ALIGNED(key, sizeof (uint32_t))) { 1281 #endif /* _ALIGNMENT_REQUIRED */ 1282 /*LINTED*/ 1283 rk_e[4] = GETU32(key + 16); 1284 /*LINTED*/ 1285 rk_e[5] = GETU32(key + 20); 1286 #if _ALIGNMENT_REQUIRED 1287 } else { 1288 rk_e[4] = (((uint32_t)key[16] << 24) | 1289 ((uint32_t)key[17] << 16) | 1290 ((uint32_t)key[18] << 8) | (uint32_t)key[19]); 1291 rk_e[5] = (((uint32_t)key[20] << 24) | 1292 ((uint32_t)key[21] << 16) | 1293 ((uint32_t)key[22] << 8) | (uint32_t)key[23]); 1294 } 1295 #endif /* _ALIGNMENT_REQUIRED */ 1296 1297 if (keybits == 192) { 1298 for (;;) { 1299 temp = rk_e[5]; 1300 rk_e[6] = rk_e[0] ^ 1301 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 1302 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 1303 (Te4[(temp) & 0xff] & 0x0000ff00) ^ 1304 (Te4[(temp >> 24)] & 0x000000ff) ^ 1305 rcon[i]; 1306 rk_e[7] = rk_e[1] ^ rk_e[6]; 1307 rk_e[8] = rk_e[2] ^ rk_e[7]; 1308 rk_e[9] = rk_e[3] ^ rk_e[8]; 1309 if (++i == 8) { 1310 goto finish_keysched; 1311 } 1312 rk_e[10] = rk_e[4] ^ rk_e[9]; 1313 rk_e[11] = rk_e[5] ^ rk_e[10]; 1314 rk_e += 6; 1315 } 1316 } 1317 #if _ALIGNMENT_REQUIRED 1318 1319 if (IS_P2ALIGNED(key, sizeof (uint32_t))) { 1320 #endif /* _ALIGNMENT_REQUIRED */ 1321 /*LINTED*/ 1322 rk_e[6] = GETU32(key + 24); 1323 /*LINTED*/ 1324 rk_e[7] = GETU32(key + 28); 1325 #if _ALIGNMENT_REQUIRED 1326 } else { 1327 rk_e[6] = (((uint32_t)key[24] << 24) | 1328 ((uint32_t)key[25] << 16) | 1329 ((uint32_t)key[26] << 8) | (uint32_t)key[27]); 1330 rk_e[7] = (((uint32_t)key[28] << 24) | 1331 ((uint32_t)key[29] << 16) | 1332 ((uint32_t)key[30] << 8) | (uint32_t)key[31]); 1333 } 1334 #endif /* _ALIGNMENT_REQUIRED */ 1335 if (keybits == 256) { 1336 for (;;) { 1337 temp = rk_e[7]; 1338 rk_e[8] = rk_e[0] ^ 1339 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 1340 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 1341 (Te4[(temp) & 0xff] & 0x0000ff00) ^ 1342 (Te4[(temp >> 24)] & 0x000000ff) ^ 1343 rcon[i]; 1344 rk_e[9] = rk_e[1] ^ rk_e[8]; 1345 rk_e[10] = rk_e[2] ^ rk_e[9]; 1346 rk_e[11] = rk_e[3] ^ rk_e[10]; 1347 if (++i == 7) { 1348 goto finish_keysched; 1349 } 1350 temp = rk_e[11]; 1351 rk_e[12] = rk_e[4] ^ 1352 (Te4[(temp >> 24)] & 0xff000000) ^ 1353 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ 1354 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ 1355 (Te4[(temp) & 0xff] & 0x000000ff); 1356 rk_e[13] = rk_e[5] ^ rk_e[12]; 1357 rk_e[14] = rk_e[6] ^ rk_e[13]; 1358 rk_e[15] = rk_e[7] ^ rk_e[14]; 1359 1360 rk_e += 8; 1361 } 1362 } 1363 1364 finish_keysched: 1365 rk_e = ks->rk_e; 1366 1367 /* invert the order of the round keys: */ 1368 for (i = 0, j = 4*Nr; i <= j; i += 4, j -= 4) { 1369 rk_d[i] = rk_e[j]; rk_d[j] = rk_e[i]; 1370 rk_d[i + 1] = rk_e[j + 1]; rk_d[j + 1] = rk_e[i + 1]; 1371 rk_d[i + 2] = rk_e[j + 2]; rk_d[j + 2] = rk_e[i + 2]; 1372 rk_d[i + 3] = rk_e[j + 3]; rk_d[j + 3] = rk_e[i + 3]; 1373 } 1374 1375 /* 1376 * apply the inverse MixColumn transform to all round keys 1377 * but the first and the last: 1378 */ 1379 for (i = 1; i < Nr; i++) { 1380 rk_d += 4; 1381 rk_d[0] = 1382 Td0[Te4[(rk_d[0] >> 24)] & 0xff] ^ 1383 Td1[Te4[(rk_d[0] >> 16) & 0xff] & 0xff] ^ 1384 Td2[Te4[(rk_d[0] >> 8) & 0xff] & 0xff] ^ 1385 Td3[Te4[(rk_d[0]) & 0xff] & 0xff]; 1386 rk_d[1] = 1387 Td0[Te4[(rk_d[1] >> 24)] & 0xff] ^ 1388 Td1[Te4[(rk_d[1] >> 16) & 0xff] & 0xff] ^ 1389 Td2[Te4[(rk_d[1] >> 8) & 0xff] & 0xff] ^ 1390 Td3[Te4[(rk_d[1]) & 0xff] & 0xff]; 1391 rk_d[2] = 1392 Td0[Te4[(rk_d[2] >> 24)] & 0xff] ^ 1393 Td1[Te4[(rk_d[2] >> 16) & 0xff] & 0xff] ^ 1394 Td2[Te4[(rk_d[2] >> 8) & 0xff] & 0xff] ^ 1395 Td3[Te4[(rk_d[2]) & 0xff] & 0xff]; 1396 rk_d[3] = 1397 Td0[Te4[(rk_d[3] >> 24)] & 0xff] ^ 1398 Td1[Te4[(rk_d[3] >> 16) & 0xff] & 0xff] ^ 1399 Td2[Te4[(rk_d[3] >> 8) & 0xff] & 0xff] ^ 1400 Td3[Te4[(rk_d[3]) & 0xff] & 0xff]; 1401 } 1402 }