Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 319fc7353c647aa2703bb6c7f5288fb42f29e705 / . / rijndael.c
blob: b7077a7135e0d72ab602a1ce8a86b7714be284ce [file] [log] [blame]
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]1/**
2 * rijndael-alg-fst.c
3 *
4 * @version 3.0 (December 2000)
5 *
6 * Optimised ANSI C code for the Rijndael cipher (now AES)
7 *
8 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
9 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
10 * @author Paulo Barreto <paulo.barreto@terra.com.br>
11 *
12 * This code is hereby placed in the public domain.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
15 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
18 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
21 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
22 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
23 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
24 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26#include <stdlib.h>
27#include <string.h>
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]28
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]29#include "rijndael.h"
30
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]31#define FULL_UNROLL
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]32
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]33/*
34Te0[x] = S [x].[02, 01, 01, 03];
35Te1[x] = S [x].[03, 02, 01, 01];
36Te2[x] = S [x].[01, 03, 02, 01];
37Te3[x] = S [x].[01, 01, 03, 02];
38Te4[x] = S [x].[01, 01, 01, 01];
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]39
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]40Td0[x] = Si[x].[0e, 09, 0d, 0b];
41Td1[x] = Si[x].[0b, 0e, 09, 0d];
42Td2[x] = Si[x].[0d, 0b, 0e, 09];
43Td3[x] = Si[x].[09, 0d, 0b, 0e];
44Td4[x] = Si[x].[01, 01, 01, 01];
45*/
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]46
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]47static const u32 Te0[256] = {
48 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
49 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
50 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
51 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
52 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
53 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
54 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
55 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
56 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
57 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
58 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
59 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
60 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
61 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
62 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
63 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
64 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
65 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
66 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
67 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
68 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
69 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
70 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
71 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
72 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
73 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
74 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
75 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
76 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
77 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
78 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
79 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
80 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
81 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
82 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
83 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
84 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
85 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
86 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
87 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
88 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
89 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
90 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
91 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
92 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
93 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
94 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
95 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
96 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
97 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
98 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
99 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
100 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
101 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
102 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
103 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
104 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
105 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
106 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
107 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
108 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
109 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
110 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
111 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
112};
113static const u32 Te1[256] = {
114 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
115 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
116 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
117 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
118 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
119 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
120 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
121 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
122 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
123 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
124 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
125 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
126 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
127 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
128 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
129 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
130 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
131 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
132 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
133 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
134 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
135 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
136 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
137 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
138 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
139 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
140 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
141 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
142 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
143 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
144 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
145 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
146 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
147 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
148 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
149 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
150 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
151 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
152 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
153 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
154 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
155 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
156 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
157 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
158 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
159 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
160 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
161 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
162 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
163 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
164 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
165 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
166 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
167 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
168 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
169 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
170 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
171 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
172 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
173 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
174 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
175 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
176 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
177 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
178};
179static const u32 Te2[256] = {
180 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
181 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
182 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
183 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
184 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
185 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
186 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
187 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
188 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
189 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
190 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
191 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
192 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
193 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
194 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
195 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
196 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
197 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
198 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
199 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
200 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
201 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
202 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
203 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
204 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
205 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
206 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
207 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
208 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
209 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
210 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
211 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
212 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
213 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
214 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
215 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
216 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
217 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
218 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
219 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
220 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
221 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
222 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
223 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
224 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
225 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
226 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
227 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
228 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
229 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
230 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
231 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
232 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
233 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
234 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
235 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
236 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
237 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
238 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
239 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
240 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
241 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
242 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
243 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
244};
245static const u32 Te3[256] = {
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]246
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]247 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
248 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
249 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
250 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
251 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
252 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
253 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
254 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
255 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
256 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
257 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
258 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
259 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
260 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
261 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
262 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
263 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
264 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
265 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
266 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
267 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
268 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
269 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
270 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
271 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
272 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
273 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
274 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
275 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
276 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
277 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
278 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
279 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
280 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
281 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
282 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
283 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
284 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
285 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
286 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
287 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
288 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
289 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
290 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
291 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
292 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
293 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
294 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
295 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
296 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
297 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
298 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
299 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
300 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
301 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
302 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
303 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
304 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
305 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
306 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
307 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
308 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
309 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
310 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
311};
312static const u32 Te4[256] = {
313 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
314 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
315 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
316 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
317 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
318 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
319 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
320 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
321 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
322 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
323 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
324 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
325 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
326 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
327 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
328 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
329 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
330 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
331 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
332 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
333 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
334 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
335 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
336 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
337 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
338 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
339 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
340 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
341 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
342 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
343 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
344 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
345 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
346 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
347 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
348 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
349 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
350 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
351 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
352 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
353 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
354 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
355 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
356 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
357 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
358 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
359 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
360 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
361 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
362 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
363 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
364 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
365 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
366 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
367 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
368 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
369 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
370 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
371 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
372 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
373 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
374 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
375 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
376 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
377};
378static const u32 Td0[256] = {
379 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
380 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
381 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
382 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
383 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
384 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
385 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
386 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
387 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
388 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
389 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
390 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
391 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
392 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
393 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
394 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
395 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
396 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
397 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
398 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
399 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
400 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
401 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
402 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
403 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
404 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
405 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
406 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
407 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
408 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
409 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
410 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
411 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
412 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
413 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
414 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
415 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
416 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
417 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
418 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
419 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
420 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
421 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
422 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
423 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
424 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
425 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
426 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
427 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
428 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
429 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
430 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
431 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
432 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
433 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
434 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
435 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
436 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
437 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
438 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
439 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
440 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
441 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
442 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
443};
444static const u32 Td1[256] = {
445 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
446 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
447 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
448 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
449 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
450 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
451 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
452 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
453 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
454 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
455 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
456 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
457 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
458 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
459 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
460 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
461 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
462 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
463 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
464 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
465 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
466 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
467 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
468 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
469 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
470 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
471 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
472 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
473 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
474 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
475 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
476 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
477 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
478 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
479 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
480 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
481 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
482 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
483 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
484 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
485 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
486 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
487 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
488 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
489 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
490 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
491 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
492 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
493 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
494 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
495 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
496 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
497 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
498 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
499 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
500 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
501 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
502 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
503 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
504 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
505 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
506 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
507 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
508 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
509};
510static const u32 Td2[256] = {
511 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
512 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
513 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
514 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
515 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
516 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
517 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
518 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
519 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
520 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
521 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
522 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
523 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
524 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
525 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
526 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
527 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
528 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
529 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
530 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]531
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]532 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
533 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
534 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
535 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
536 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
537 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
538 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
539 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
540 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
541 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
542 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
543 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
544 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
545 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
546 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
547 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
548 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
549 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
550 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
551 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
552 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
553 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
554 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
555 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
556 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
557 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
558 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
559 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
560 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
561 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
562 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
563 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
564 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
565 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
566 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
567 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
568 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
569 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
570 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
571 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
572 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
573 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
574 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
575 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
576};
577static const u32 Td3[256] = {
578 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
579 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
580 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
581 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
582 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
583 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
584 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
585 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
586 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
587 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
588 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
589 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
590 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
591 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
592 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
593 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
594 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
595 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
596 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
597 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
598 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
599 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
600 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
601 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
602 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
603 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
604 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
605 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
606 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
607 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
608 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
609 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
610 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
611 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
612 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
613 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
614 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
615 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
616 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
617 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
618 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
619 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
620 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
621 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
622 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
623 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
624 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
625 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
626 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
627 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
628 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
629 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
630 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
631 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
632 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
633 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
634 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
635 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
636 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
637 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
638 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
639 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
640 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
641 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
642};
643static const u32 Td4[256] = {
644 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
645 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
646 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
647 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
648 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
649 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
650 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
651 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
652 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
653 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
654 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
655 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
656 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
657 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
658 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
659 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
660 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
661 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
662 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
663 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
664 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
665 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
666 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
667 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
668 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
669 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
670 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
671 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
672 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
673 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
674 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
675 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
676 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
677 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
678 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
679 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
680 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
681 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
682 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
683 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
684 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
685 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
686 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
687 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
688 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
689 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
690 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
691 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
692 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
693 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
694 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
695 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
696 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
697 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
698 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
699 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
700 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
701 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
702 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
703 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
704 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
705 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
706 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
707 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
708};
709static const u32 rcon[] = {
710 0x01000000, 0x02000000, 0x04000000, 0x08000000,
711 0x10000000, 0x20000000, 0x40000000, 0x80000000,
712 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
713};
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]714
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]715#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
716#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]717
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]718/**
719 * Expand the cipher key into the encryption key schedule.
720 *
721 * @return the number of rounds for the given cipher key size.
722 */
723static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
724 int i = 0;
725 u32 temp;
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]726
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]727 rk[0] = GETU32(cipherKey );
728 rk[1] = GETU32(cipherKey + 4);
729 rk[2] = GETU32(cipherKey + 8);
730 rk[3] = GETU32(cipherKey + 12);
731 if (keyBits == 128) {
732 for (;;) {
733 temp = rk[3];
734 rk[4] = rk[0] ^
735 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
736 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
737 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
738 (Te4[(temp >> 24) ] & 0x000000ff) ^
739 rcon[i];
740 rk[5] = rk[1] ^ rk[4];
741 rk[6] = rk[2] ^ rk[5];
742 rk[7] = rk[3] ^ rk[6];
743 if (++i == 10) {
744 return 10;
745 }
746 rk += 4;
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]747 }
748 }
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]749 rk[4] = GETU32(cipherKey + 16);
750 rk[5] = GETU32(cipherKey + 20);
751 if (keyBits == 192) {
752 for (;;) {
753 temp = rk[ 5];
754 rk[ 6] = rk[ 0] ^
755 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
756 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
757 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
758 (Te4[(temp >> 24) ] & 0x000000ff) ^
759 rcon[i];
760 rk[ 7] = rk[ 1] ^ rk[ 6];
761 rk[ 8] = rk[ 2] ^ rk[ 7];
762 rk[ 9] = rk[ 3] ^ rk[ 8];
763 if (++i == 8) {
764 return 12;
765 }
766 rk[10] = rk[ 4] ^ rk[ 9];
767 rk[11] = rk[ 5] ^ rk[10];
768 rk += 6;
769 }
770 }
771 rk[6] = GETU32(cipherKey + 24);
772 rk[7] = GETU32(cipherKey + 28);
773 if (keyBits == 256) {
774 for (;;) {
775 temp = rk[ 7];
776 rk[ 8] = rk[ 0] ^
777 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
778 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
779 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
780 (Te4[(temp >> 24) ] & 0x000000ff) ^
781 rcon[i];
782 rk[ 9] = rk[ 1] ^ rk[ 8];
783 rk[10] = rk[ 2] ^ rk[ 9];
784 rk[11] = rk[ 3] ^ rk[10];
785 if (++i == 7) {
786 return 14;
787 }
788 temp = rk[11];
789 rk[12] = rk[ 4] ^
790 (Te4[(temp >> 24) ] & 0xff000000) ^
791 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
792 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
793 (Te4[(temp ) & 0xff] & 0x000000ff);
794 rk[13] = rk[ 5] ^ rk[12];
795 rk[14] = rk[ 6] ^ rk[13];
796 rk[15] = rk[ 7] ^ rk[14];
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]797
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]798 rk += 8;
799 }
800 }
801 return 0;
Ben Lindstrom01f84632000-12-07 05:57:27 +0000[diff] [blame]802}
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]803
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]804/**
805 * Expand the cipher key into the decryption key schedule.
806 *
807 * @return the number of rounds for the given cipher key size.
808 */
809static int
810rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
811 int have_encrypt) {
812 int Nr, i, j;
813 u32 temp;
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]814
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]815 if (have_encrypt) {
816 Nr = have_encrypt;
817 } else {
818 /* expand the cipher key: */
819 Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]820 }
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]821 /* invert the order of the round keys: */
822 for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
823 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
824 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
825 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
826 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]827 }
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]828 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
829 for (i = 1; i < Nr; i++) {
830 rk += 4;
831 rk[0] =
832 Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
833 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
834 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
835 Td3[Te4[(rk[0] ) & 0xff] & 0xff];
836 rk[1] =
837 Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
838 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
839 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
840 Td3[Te4[(rk[1] ) & 0xff] & 0xff];
841 rk[2] =
842 Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
843 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
844 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
845 Td3[Te4[(rk[2] ) & 0xff] & 0xff];
846 rk[3] =
847 Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
848 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
849 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
850 Td3[Te4[(rk[3] ) & 0xff] & 0xff];
851 }
852 return Nr;
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]853}
854
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]855static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) {
856 u32 s0, s1, s2, s3, t0, t1, t2, t3;
857#ifndef FULL_UNROLL
858 int r;
859#endif /* ?FULL_UNROLL */
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]860
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]861 /*
862 * map byte array block to cipher state
863 * and add initial round key:
864 */
865 s0 = GETU32(pt ) ^ rk[0];
866 s1 = GETU32(pt + 4) ^ rk[1];
867 s2 = GETU32(pt + 8) ^ rk[2];
868 s3 = GETU32(pt + 12) ^ rk[3];
869#ifdef FULL_UNROLL
870 /* round 1: */
871 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
872 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
873 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
874 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
875 /* round 2: */
876 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
877 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
878 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
879 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
880 /* round 3: */
881 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
882 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
883 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
884 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
885 /* round 4: */
886 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
887 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
888 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
889 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
890 /* round 5: */
891 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
892 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
893 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
894 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
895 /* round 6: */
896 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
897 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
898 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
899 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
900 /* round 7: */
901 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
902 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
903 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
904 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
905 /* round 8: */
906 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
907 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
908 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
909 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
910 /* round 9: */
911 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
912 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
913 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
914 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
915 if (Nr > 10) {
916 /* round 10: */
917 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
918 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
919 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
920 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
921 /* round 11: */
922 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
923 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
924 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
925 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
926 if (Nr > 12) {
927 /* round 12: */
928 s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
929 s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
930 s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
931 s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
932 /* round 13: */
933 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
934 t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
935 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
936 t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
937 }
938 }
939 rk += Nr << 2;
940#else /* !FULL_UNROLL */
941 /*
942 * Nr - 1 full rounds:
943 */
944 r = Nr >> 1;
945 for (;;) {
946 t0 =
947 Te0[(s0 >> 24) ] ^
948 Te1[(s1 >> 16) & 0xff] ^
949 Te2[(s2 >> 8) & 0xff] ^
950 Te3[(s3 ) & 0xff] ^
951 rk[4];
952 t1 =
953 Te0[(s1 >> 24) ] ^
954 Te1[(s2 >> 16) & 0xff] ^
955 Te2[(s3 >> 8) & 0xff] ^
956 Te3[(s0 ) & 0xff] ^
957 rk[5];
958 t2 =
959 Te0[(s2 >> 24) ] ^
960 Te1[(s3 >> 16) & 0xff] ^
961 Te2[(s0 >> 8) & 0xff] ^
962 Te3[(s1 ) & 0xff] ^
963 rk[6];
964 t3 =
965 Te0[(s3 >> 24) ] ^
966 Te1[(s0 >> 16) & 0xff] ^
967 Te2[(s1 >> 8) & 0xff] ^
968 Te3[(s2 ) & 0xff] ^
969 rk[7];
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]970
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]971 rk += 8;
972 if (--r == 0) {
973 break;
974 }
975
976 s0 =
977 Te0[(t0 >> 24) ] ^
978 Te1[(t1 >> 16) & 0xff] ^
979 Te2[(t2 >> 8) & 0xff] ^
980 Te3[(t3 ) & 0xff] ^
981 rk[0];
982 s1 =
983 Te0[(t1 >> 24) ] ^
984 Te1[(t2 >> 16) & 0xff] ^
985 Te2[(t3 >> 8) & 0xff] ^
986 Te3[(t0 ) & 0xff] ^
987 rk[1];
988 s2 =
989 Te0[(t2 >> 24) ] ^
990 Te1[(t3 >> 16) & 0xff] ^
991 Te2[(t0 >> 8) & 0xff] ^
992 Te3[(t1 ) & 0xff] ^
993 rk[2];
994 s3 =
995 Te0[(t3 >> 24) ] ^
996 Te1[(t0 >> 16) & 0xff] ^
997 Te2[(t1 >> 8) & 0xff] ^
998 Te3[(t2 ) & 0xff] ^
999 rk[3];
1000 }
1001#endif /* ?FULL_UNROLL */
1002 /*
1003 * apply last round and
1004 * map cipher state to byte array block:
1005 */
1006 s0 =
1007 (Te4[(t0 >> 24) ] & 0xff000000) ^
1008 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1009 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1010 (Te4[(t3 ) & 0xff] & 0x000000ff) ^
1011 rk[0];
1012 PUTU32(ct , s0);
1013 s1 =
1014 (Te4[(t1 >> 24) ] & 0xff000000) ^
1015 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1016 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1017 (Te4[(t0 ) & 0xff] & 0x000000ff) ^
1018 rk[1];
1019 PUTU32(ct + 4, s1);
1020 s2 =
1021 (Te4[(t2 >> 24) ] & 0xff000000) ^
1022 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1023 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1024 (Te4[(t1 ) & 0xff] & 0x000000ff) ^
1025 rk[2];
1026 PUTU32(ct + 8, s2);
1027 s3 =
1028 (Te4[(t3 >> 24) ] & 0xff000000) ^
1029 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1030 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1031 (Te4[(t2 ) & 0xff] & 0x000000ff) ^
1032 rk[3];
1033 PUTU32(ct + 12, s3);
1034}
1035
1036static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) {
1037 u32 s0, s1, s2, s3, t0, t1, t2, t3;
1038#ifndef FULL_UNROLL
1039 int r;
1040#endif /* ?FULL_UNROLL */
1041
1042 /*
1043 * map byte array block to cipher state
1044 * and add initial round key:
1045 */
1046 s0 = GETU32(ct ) ^ rk[0];
1047 s1 = GETU32(ct + 4) ^ rk[1];
1048 s2 = GETU32(ct + 8) ^ rk[2];
1049 s3 = GETU32(ct + 12) ^ rk[3];
1050#ifdef FULL_UNROLL
1051 /* round 1: */
1052 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1053 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1054 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1055 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1056 /* round 2: */
1057 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1058 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1059 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1060 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1061 /* round 3: */
1062 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1063 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1064 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1065 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1066 /* round 4: */
1067 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1068 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1069 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1070 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1071 /* round 5: */
1072 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1073 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1074 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1075 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1076 /* round 6: */
1077 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1078 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1079 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1080 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1081 /* round 7: */
1082 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1083 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1084 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1085 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1086 /* round 8: */
1087 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1088 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1089 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1090 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1091 /* round 9: */
1092 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1093 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1094 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1095 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1096 if (Nr > 10) {
1097 /* round 10: */
1098 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1099 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1100 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1101 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1102 /* round 11: */
1103 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1104 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1105 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1106 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1107 if (Nr > 12) {
1108 /* round 12: */
1109 s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1110 s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1111 s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1112 s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1113 /* round 13: */
1114 t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1115 t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1116 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1117 t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1118 }
1119 }
1120 rk += Nr << 2;
1121#else /* !FULL_UNROLL */
1122 /*
1123 * Nr - 1 full rounds:
1124 */
1125 r = Nr >> 1;
1126 for (;;) {
1127 t0 =
1128 Td0[(s0 >> 24) ] ^
1129 Td1[(s3 >> 16) & 0xff] ^
1130 Td2[(s2 >> 8) & 0xff] ^
1131 Td3[(s1 ) & 0xff] ^
1132 rk[4];
1133 t1 =
1134 Td0[(s1 >> 24) ] ^
1135 Td1[(s0 >> 16) & 0xff] ^
1136 Td2[(s3 >> 8) & 0xff] ^
1137 Td3[(s2 ) & 0xff] ^
1138 rk[5];
1139 t2 =
1140 Td0[(s2 >> 24) ] ^
1141 Td1[(s1 >> 16) & 0xff] ^
1142 Td2[(s0 >> 8) & 0xff] ^
1143 Td3[(s3 ) & 0xff] ^
1144 rk[6];
1145 t3 =
1146 Td0[(s3 >> 24) ] ^
1147 Td1[(s2 >> 16) & 0xff] ^
1148 Td2[(s1 >> 8) & 0xff] ^
1149 Td3[(s0 ) & 0xff] ^
1150 rk[7];
1151
1152 rk += 8;
1153 if (--r == 0) {
1154 break;
1155 }
1156
1157 s0 =
1158 Td0[(t0 >> 24) ] ^
1159 Td1[(t3 >> 16) & 0xff] ^
1160 Td2[(t2 >> 8) & 0xff] ^
1161 Td3[(t1 ) & 0xff] ^
1162 rk[0];
1163 s1 =
1164 Td0[(t1 >> 24) ] ^
1165 Td1[(t0 >> 16) & 0xff] ^
1166 Td2[(t3 >> 8) & 0xff] ^
1167 Td3[(t2 ) & 0xff] ^
1168 rk[1];
1169 s2 =
1170 Td0[(t2 >> 24) ] ^
1171 Td1[(t1 >> 16) & 0xff] ^
1172 Td2[(t0 >> 8) & 0xff] ^
1173 Td3[(t3 ) & 0xff] ^
1174 rk[2];
1175 s3 =
1176 Td0[(t3 >> 24) ] ^
1177 Td1[(t2 >> 16) & 0xff] ^
1178 Td2[(t1 >> 8) & 0xff] ^
1179 Td3[(t0 ) & 0xff] ^
1180 rk[3];
1181 }
1182#endif /* ?FULL_UNROLL */
1183 /*
1184 * apply last round and
1185 * map cipher state to byte array block:
1186 */
1187 s0 =
1188 (Td4[(t0 >> 24) ] & 0xff000000) ^
1189 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1190 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1191 (Td4[(t1 ) & 0xff] & 0x000000ff) ^
1192 rk[0];
1193 PUTU32(pt , s0);
1194 s1 =
1195 (Td4[(t1 >> 24) ] & 0xff000000) ^
1196 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1197 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1198 (Td4[(t2 ) & 0xff] & 0x000000ff) ^
1199 rk[1];
1200 PUTU32(pt + 4, s1);
1201 s2 =
1202 (Td4[(t2 >> 24) ] & 0xff000000) ^
1203 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1204 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1205 (Td4[(t3 ) & 0xff] & 0x000000ff) ^
1206 rk[2];
1207 PUTU32(pt + 8, s2);
1208 s3 =
1209 (Td4[(t3 >> 24) ] & 0xff000000) ^
1210 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1211 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1212 (Td4[(t0 ) & 0xff] & 0x000000ff) ^
1213 rk[3];
1214 PUTU32(pt + 12, s3);
1215}
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]1216
1217void
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]1218rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
Kevin Stevesef4eea92001-02-05 12:42:17 +0000[diff] [blame]1219{
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]1220 ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
1221 if (encrypt) {
1222 ctx->decrypt = 0;
1223 memset(ctx->dk, 0, sizeof(ctx->dk));
1224 } else {
1225 ctx->decrypt = 1;
1226 memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
1227 rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]1228 }
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]1229}
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]1230
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]1231void
1232rijndael_decrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
1233{
1234 rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
1235}
Ben Lindstromfa1b3d02000-12-10 01:55:37 +0000[diff] [blame]1236
Ben Lindstrom319fc732001-09-14 02:47:33 +0000[diff] [blame^]1237void
1238rijndael_encrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
1239{
1240 rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
Kevin Stevesf16b9d22000-10-14 10:57:04 +0000[diff] [blame]1241}