1 /**	$MirOS: src/sys/crypto/rijndael.c,v 1.2 2008/03/21 20:57:31 tg Exp $ */
2 /*	$OpenBSD: rijndael.c,v 1.18 2005/05/25 05:47:53 markus Exp $ */
3 
4 /**
5  * rijndael-alg-fst.c
6  *
7  * @version 3.0 (December 2000)
8  *
9  * Optimised ANSI C code for the Rijndael cipher (now AES)
10  *
11  * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
12  * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
13  * @author Paulo Barreto <paulo.barreto@terra.com.br>
14  *
15  * This code is hereby placed in the public domain.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
18  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
21  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
24  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
26  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 /*-
31  * CBC mode and hardware cryptography integration is
32  * Copyright (c) 2008
33  *	Thorsten Glaser <tg@mirbsd.de>
34  *
35  * Provided that these terms and disclaimer and all copyright notices
36  * are retained or reproduced in an accompanying document, permission
37  * is granted to deal in this work without restriction, including un-
38  * limited rights to use, publicly perform, distribute, sell, modify,
39  * merge, give away, or sublicence.
40  *
41  * This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
42  * the utmost extent permitted by applicable law, neither express nor
43  * implied; without malicious intent or gross negligence. In no event
44  * may a licensor, author or contributor be held liable for indirect,
45  * direct, other damage, loss, or other issues arising in any way out
46  * of dealing in the work, even if advised of the possibility of such
47  * damage or existence of a defect, except proven that it results out
48  * of said person's immediate fault when using the work as intended.
49  */
50 
51 #include <sys/param.h>
52 #include <sys/systm.h>
53 
54 #include <crypto/rijndael.h>
55 
56 #undef FULL_UNROLL
57 
58 /*
59 Te0[x] = S [x].[02, 01, 01, 03];
60 Te1[x] = S [x].[03, 02, 01, 01];
61 Te2[x] = S [x].[01, 03, 02, 01];
62 Te3[x] = S [x].[01, 01, 03, 02];
63 Te4[x] = S [x].[01, 01, 01, 01];
64 
65 Td0[x] = Si[x].[0e, 09, 0d, 0b];
66 Td1[x] = Si[x].[0b, 0e, 09, 0d];
67 Td2[x] = Si[x].[0d, 0b, 0e, 09];
68 Td3[x] = Si[x].[09, 0d, 0b, 0e];
69 Td4[x] = Si[x].[01, 01, 01, 01];
70 */
71 
72 static const u32 Te0[256] = {
73     0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
74     0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
75     0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
76     0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
77     0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
78     0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
79     0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
80     0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
81     0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
82     0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
83     0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
84     0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
85     0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
86     0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
87     0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
88     0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
89     0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
90     0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
91     0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
92     0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
93     0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
94     0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
95     0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
96     0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
97     0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
98     0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
99     0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
100     0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
101     0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
102     0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
103     0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
104     0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
105     0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
106     0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
107     0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
108     0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
109     0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
110     0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
111     0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
112     0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
113     0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
114     0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
115     0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
116     0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
117     0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
118     0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
119     0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
120     0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
121     0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
122     0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
123     0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
124     0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
125     0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
126     0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
127     0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
128     0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
129     0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
130     0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
131     0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
132     0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
133     0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
134     0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
135     0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
136     0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
137 };
138 static const u32 Te1[256] = {
139     0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
140     0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
141     0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
142     0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
143     0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
144     0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
145     0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
146     0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
147     0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
148     0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
149     0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
150     0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
151     0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
152     0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
153     0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
154     0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
155     0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
156     0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
157     0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
158     0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
159     0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
160     0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
161     0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
162     0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
163     0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
164     0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
165     0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
166     0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
167     0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
168     0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
169     0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
170     0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
171     0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
172     0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
173     0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
174     0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
175     0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
176     0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
177     0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
178     0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
179     0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
180     0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
181     0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
182     0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
183     0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
184     0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
185     0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
186     0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
187     0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
188     0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
189     0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
190     0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
191     0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
192     0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
193     0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
194     0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
195     0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
196     0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
197     0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
198     0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
199     0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
200     0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
201     0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
202     0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
203 };
204 static const u32 Te2[256] = {
205     0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
206     0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
207     0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
208     0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
209     0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
210     0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
211     0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
212     0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
213     0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
214     0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
215     0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
216     0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
217     0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
218     0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
219     0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
220     0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
221     0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
222     0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
223     0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
224     0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
225     0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
226     0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
227     0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
228     0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
229     0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
230     0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
231     0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
232     0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
233     0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
234     0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
235     0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
236     0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
237     0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
238     0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
239     0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
240     0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
241     0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
242     0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
243     0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
244     0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
245     0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
246     0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
247     0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
248     0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
249     0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
250     0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
251     0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
252     0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
253     0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
254     0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
255     0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
256     0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
257     0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
258     0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
259     0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
260     0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
261     0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
262     0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
263     0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
264     0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
265     0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
266     0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
267     0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
268     0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
269 };
270 static const u32 Te3[256] = {
271     0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
272     0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
273     0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
274     0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
275     0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
276     0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
277     0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
278     0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
279     0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
280     0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
281     0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
282     0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
283     0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
284     0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
285     0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
286     0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
287     0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
288     0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
289     0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
290     0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
291     0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
292     0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
293     0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
294     0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
295     0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
296     0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
297     0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
298     0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
299     0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
300     0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
301     0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
302     0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
303     0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
304     0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
305     0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
306     0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
307     0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
308     0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
309     0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
310     0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
311     0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
312     0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
313     0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
314     0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
315     0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
316     0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
317     0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
318     0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
319     0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
320     0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
321     0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
322     0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
323     0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
324     0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
325     0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
326     0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
327     0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
328     0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
329     0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
330     0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
331     0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
332     0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
333     0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
334     0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
335 };
336 static const u32 Te4[256] = {
337     0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
338     0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
339     0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
340     0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
341     0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
342     0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
343     0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
344     0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
345     0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
346     0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
347     0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
348     0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
349     0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
350     0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
351     0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
352     0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
353     0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
354     0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
355     0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
356     0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
357     0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
358     0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
359     0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
360     0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
361     0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
362     0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
363     0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
364     0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
365     0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
366     0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
367     0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
368     0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
369     0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
370     0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
371     0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
372     0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
373     0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
374     0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
375     0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
376     0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
377     0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
378     0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
379     0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
380     0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
381     0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
382     0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
383     0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
384     0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
385     0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
386     0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
387     0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
388     0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
389     0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
390     0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
391     0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
392     0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
393     0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
394     0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
395     0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
396     0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
397     0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
398     0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
399     0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
400     0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
401 };
402 static const u32 Td0[256] = {
403     0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
404     0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
405     0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
406     0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
407     0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
408     0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
409     0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
410     0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
411     0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
412     0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
413     0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
414     0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
415     0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
416     0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
417     0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
418     0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
419     0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
420     0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
421     0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
422     0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
423     0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
424     0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
425     0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
426     0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
427     0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
428     0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
429     0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
430     0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
431     0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
432     0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
433     0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
434     0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
435     0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
436     0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
437     0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
438     0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
439     0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
440     0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
441     0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
442     0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
443     0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
444     0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
445     0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
446     0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
447     0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
448     0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
449     0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
450     0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
451     0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
452     0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
453     0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
454     0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
455     0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
456     0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
457     0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
458     0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
459     0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
460     0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
461     0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
462     0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
463     0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
464     0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
465     0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
466     0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
467 };
468 static const u32 Td1[256] = {
469     0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
470     0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
471     0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
472     0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
473     0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
474     0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
475     0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
476     0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
477     0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
478     0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
479     0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
480     0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
481     0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
482     0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
483     0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
484     0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
485     0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
486     0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
487     0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
488     0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
489     0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
490     0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
491     0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
492     0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
493     0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
494     0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
495     0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
496     0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
497     0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
498     0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
499     0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
500     0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
501     0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
502     0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
503     0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
504     0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
505     0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
506     0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
507     0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
508     0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
509     0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
510     0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
511     0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
512     0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
513     0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
514     0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
515     0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
516     0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
517     0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
518     0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
519     0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
520     0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
521     0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
522     0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
523     0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
524     0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
525     0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
526     0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
527     0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
528     0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
529     0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
530     0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
531     0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
532     0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
533 };
534 static const u32 Td2[256] = {
535     0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
536     0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
537     0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
538     0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
539     0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
540     0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
541     0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
542     0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
543     0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
544     0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
545     0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
546     0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
547     0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
548     0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
549     0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
550     0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
551     0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
552     0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
553     0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
554     0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
555     0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
556     0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
557     0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
558     0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
559     0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
560     0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
561     0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
562     0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
563     0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
564     0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
565     0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
566     0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
567     0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
568     0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
569     0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
570     0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
571     0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
572     0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
573     0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
574     0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
575     0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
576     0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
577     0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
578     0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
579     0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
580     0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
581     0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
582     0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
583     0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
584     0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
585     0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
586     0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
587     0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
588     0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
589     0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
590     0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
591     0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
592     0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
593     0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
594     0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
595     0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
596     0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
597     0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
598     0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
599 };
600 static const u32 Td3[256] = {
601     0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
602     0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
603     0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
604     0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
605     0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
606     0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
607     0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
608     0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
609     0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
610     0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
611     0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
612     0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
613     0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
614     0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
615     0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
616     0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
617     0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
618     0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
619     0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
620     0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
621     0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
622     0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
623     0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
624     0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
625     0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
626     0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
627     0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
628     0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
629     0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
630     0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
631     0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
632     0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
633     0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
634     0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
635     0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
636     0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
637     0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
638     0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
639     0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
640     0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
641     0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
642     0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
643     0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
644     0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
645     0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
646     0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
647     0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
648     0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
649     0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
650     0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
651     0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
652     0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
653     0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
654     0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
655     0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
656     0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
657     0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
658     0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
659     0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
660     0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
661     0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
662     0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
663     0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
664     0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
665 };
666 static const u32 Td4[256] = {
667     0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
668     0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
669     0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
670     0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
671     0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
672     0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
673     0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
674     0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
675     0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
676     0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
677     0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
678     0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
679     0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
680     0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
681     0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
682     0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
683     0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
684     0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
685     0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
686     0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
687     0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
688     0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
689     0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
690     0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
691     0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
692     0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
693     0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
694     0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
695     0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
696     0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
697     0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
698     0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
699     0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
700     0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
701     0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
702     0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
703     0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
704     0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
705     0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
706     0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
707     0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
708     0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
709     0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
710     0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
711     0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
712     0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
713     0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
714     0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
715     0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
716     0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
717     0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
718     0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
719     0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
720     0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
721     0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
722     0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
723     0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
724     0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
725     0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
726     0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
727     0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
728     0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
729     0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
730     0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
731 };
732 static const u32 rcon[] = {
733 	0x01000000, 0x02000000, 0x04000000, 0x08000000,
734 	0x10000000, 0x20000000, 0x40000000, 0x80000000,
735 	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
736 };
737 
738 #define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
739 #define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
740 
741 /**
742  * Expand the cipher key into the encryption key schedule.
743  *
744  * @return	the number of rounds for the given cipher key size.
745  */
746 int
rijndaelKeySetupEnc(u32 rk[],const u8 cipherKey[],int keyBits)747 rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
748 {
749    	int i = 0;
750 	u32 temp;
751 
752 	rk[0] = GETU32(cipherKey     );
753 	rk[1] = GETU32(cipherKey +  4);
754 	rk[2] = GETU32(cipherKey +  8);
755 	rk[3] = GETU32(cipherKey + 12);
756 	if (keyBits == 128) {
757 		for (;;) {
758 			temp  = rk[3];
759 			rk[4] = rk[0] ^
760 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
761 				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
762 				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
763 				(Te4[(temp >> 24)       ] & 0x000000ff) ^
764 				rcon[i];
765 			rk[5] = rk[1] ^ rk[4];
766 			rk[6] = rk[2] ^ rk[5];
767 			rk[7] = rk[3] ^ rk[6];
768 			if (++i == 10) {
769 				return 10;
770 			}
771 			rk += 4;
772 		}
773 	}
774 	rk[4] = GETU32(cipherKey + 16);
775 	rk[5] = GETU32(cipherKey + 20);
776 	if (keyBits == 192) {
777 		for (;;) {
778 			temp = rk[ 5];
779 			rk[ 6] = rk[ 0] ^
780 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
781 				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
782 				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
783 				(Te4[(temp >> 24)       ] & 0x000000ff) ^
784 				rcon[i];
785 			rk[ 7] = rk[ 1] ^ rk[ 6];
786 			rk[ 8] = rk[ 2] ^ rk[ 7];
787 			rk[ 9] = rk[ 3] ^ rk[ 8];
788 			if (++i == 8) {
789 				return 12;
790 			}
791 			rk[10] = rk[ 4] ^ rk[ 9];
792 			rk[11] = rk[ 5] ^ rk[10];
793 			rk += 6;
794 		}
795 	}
796 	rk[6] = GETU32(cipherKey + 24);
797 	rk[7] = GETU32(cipherKey + 28);
798 	if (keyBits == 256) {
799 		for (;;) {
800 			temp = rk[ 7];
801 			rk[ 8] = rk[ 0] ^
802 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
803 				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
804 				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
805 				(Te4[(temp >> 24)       ] & 0x000000ff) ^
806 				rcon[i];
807 			rk[ 9] = rk[ 1] ^ rk[ 8];
808 			rk[10] = rk[ 2] ^ rk[ 9];
809 			rk[11] = rk[ 3] ^ rk[10];
810 			if (++i == 7) {
811 				return 14;
812 			}
813 			temp = rk[11];
814 			rk[12] = rk[ 4] ^
815 				(Te4[(temp >> 24)       ] & 0xff000000) ^
816 				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
817 				(Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
818 				(Te4[(temp      ) & 0xff] & 0x000000ff);
819 			rk[13] = rk[ 5] ^ rk[12];
820 			rk[14] = rk[ 6] ^ rk[13];
821 		     	rk[15] = rk[ 7] ^ rk[14];
822 			rk += 8;
823 		}
824 	}
825 	return 0;
826 }
827 
828 /**
829  * Expand the cipher key into the decryption key schedule.
830  *
831  * @return	the number of rounds for the given cipher key size.
832  */
833 int
rijndaelKeySetupDec(u32 rk[],const u8 cipherKey[],int keyBits)834 rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits)
835 {
836 	int Nr, i, j;
837 	u32 temp;
838 
839 	/* expand the cipher key: */
840 	Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
841 
842 	/* invert the order of the round keys: */
843 	for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
844 		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
845 		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
846 		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
847 		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
848 	}
849 	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
850 	for (i = 1; i < Nr; i++) {
851 		rk += 4;
852 		rk[0] =
853 			Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
854 			Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
855 			Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
856 			Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
857 		rk[1] =
858 			Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
859 			Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
860 			Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
861 			Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
862 		rk[2] =
863 			Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
864 			Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
865 			Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
866 			Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
867 		rk[3] =
868 			Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
869 			Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
870 			Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
871 			Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
872 	}
873 	return Nr;
874 }
875 
876 void
rijndaelEncrypt(const u32 rk[],int Nr,const u8 pt[16],u8 ct[16])877 rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16],
878     u8 ct[16])
879 {
880 	u32 s0, s1, s2, s3, t0, t1, t2, t3;
881 #ifndef FULL_UNROLL
882     int r;
883 #endif /* ?FULL_UNROLL */
884 
885     /*
886 	 * map byte array block to cipher state
887 	 * and add initial round key:
888 	 */
889 	s0 = GETU32(pt     ) ^ rk[0];
890 	s1 = GETU32(pt +  4) ^ rk[1];
891 	s2 = GETU32(pt +  8) ^ rk[2];
892 	s3 = GETU32(pt + 12) ^ rk[3];
893 #ifdef FULL_UNROLL
894     /* round 1: */
895    	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
896    	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
897    	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
898    	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
899    	/* round 2: */
900    	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
901    	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
902    	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
903    	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
904     /* round 3: */
905    	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
906    	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
907    	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
908    	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
909    	/* round 4: */
910    	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
911    	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
912    	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
913    	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
914     /* round 5: */
915    	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
916    	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
917    	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
918    	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
919    	/* round 6: */
920    	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
921    	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
922    	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
923    	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
924     /* round 7: */
925    	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
926    	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
927    	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
928    	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
929    	/* round 8: */
930    	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
931    	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
932    	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
933    	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
934     /* round 9: */
935    	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
936    	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
937    	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
938    	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
939     if (Nr > 10) {
940 	/* round 10: */
941 	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
942 	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
943 	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
944 	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
945 	/* round 11: */
946 	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
947 	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
948 	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
949 	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
950 	if (Nr > 12) {
951 	    /* round 12: */
952 	    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
953 	    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
954 	    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
955 	    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
956 	    /* round 13: */
957 	    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
958 	    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
959 	    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
960 	    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
961 	}
962     }
963     rk += Nr << 2;
964 #else  /* !FULL_UNROLL */
965     /*
966 	 * Nr - 1 full rounds:
967 	 */
968     r = Nr >> 1;
969     for (;;) {
970 	t0 =
971 	    Te0[(s0 >> 24)       ] ^
972 	    Te1[(s1 >> 16) & 0xff] ^
973 	    Te2[(s2 >>  8) & 0xff] ^
974 	    Te3[(s3      ) & 0xff] ^
975 	    rk[4];
976 	t1 =
977 	    Te0[(s1 >> 24)       ] ^
978 	    Te1[(s2 >> 16) & 0xff] ^
979 	    Te2[(s3 >>  8) & 0xff] ^
980 	    Te3[(s0      ) & 0xff] ^
981 	    rk[5];
982 	t2 =
983 	    Te0[(s2 >> 24)       ] ^
984 	    Te1[(s3 >> 16) & 0xff] ^
985 	    Te2[(s0 >>  8) & 0xff] ^
986 	    Te3[(s1      ) & 0xff] ^
987 	    rk[6];
988 	t3 =
989 	    Te0[(s3 >> 24)       ] ^
990 	    Te1[(s0 >> 16) & 0xff] ^
991 	    Te2[(s1 >>  8) & 0xff] ^
992 	    Te3[(s2      ) & 0xff] ^
993 	    rk[7];
994 
995 	rk += 8;
996 	if (--r == 0) {
997 	    break;
998 	}
999 
1000 	s0 =
1001 	    Te0[(t0 >> 24)       ] ^
1002 	    Te1[(t1 >> 16) & 0xff] ^
1003 	    Te2[(t2 >>  8) & 0xff] ^
1004 	    Te3[(t3      ) & 0xff] ^
1005 	    rk[0];
1006 	s1 =
1007 	    Te0[(t1 >> 24)       ] ^
1008 	    Te1[(t2 >> 16) & 0xff] ^
1009 	    Te2[(t3 >>  8) & 0xff] ^
1010 	    Te3[(t0      ) & 0xff] ^
1011 	    rk[1];
1012 	s2 =
1013 	    Te0[(t2 >> 24)       ] ^
1014 	    Te1[(t3 >> 16) & 0xff] ^
1015 	    Te2[(t0 >>  8) & 0xff] ^
1016 	    Te3[(t1      ) & 0xff] ^
1017 	    rk[2];
1018 	s3 =
1019 	    Te0[(t3 >> 24)       ] ^
1020 	    Te1[(t0 >> 16) & 0xff] ^
1021 	    Te2[(t1 >>  8) & 0xff] ^
1022 	    Te3[(t2      ) & 0xff] ^
1023 	    rk[3];
1024     }
1025 #endif /* ?FULL_UNROLL */
1026     /*
1027 	 * apply last round and
1028 	 * map cipher state to byte array block:
1029 	 */
1030 	s0 =
1031 		(Te4[(t0 >> 24)       ] & 0xff000000) ^
1032 		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1033 		(Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1034 		(Te4[(t3      ) & 0xff] & 0x000000ff) ^
1035 		rk[0];
1036 	PUTU32(ct     , s0);
1037 	s1 =
1038 		(Te4[(t1 >> 24)       ] & 0xff000000) ^
1039 		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1040 		(Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1041 		(Te4[(t0      ) & 0xff] & 0x000000ff) ^
1042 		rk[1];
1043 	PUTU32(ct +  4, s1);
1044 	s2 =
1045 		(Te4[(t2 >> 24)       ] & 0xff000000) ^
1046 		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1047 		(Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1048 		(Te4[(t1      ) & 0xff] & 0x000000ff) ^
1049 		rk[2];
1050 	PUTU32(ct +  8, s2);
1051 	s3 =
1052 		(Te4[(t3 >> 24)       ] & 0xff000000) ^
1053 		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1054 		(Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1055 		(Te4[(t2      ) & 0xff] & 0x000000ff) ^
1056 		rk[3];
1057 	PUTU32(ct + 12, s3);
1058 }
1059 
1060 static void
rijndaelDecrypt(const u32 rk[],int Nr,const u8 ct[16],u8 pt[16])1061 rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16],
1062     u8 pt[16])
1063 {
1064 	u32 s0, s1, s2, s3, t0, t1, t2, t3;
1065 #ifndef FULL_UNROLL
1066     int r;
1067 #endif /* ?FULL_UNROLL */
1068 
1069     /*
1070 	 * map byte array block to cipher state
1071 	 * and add initial round key:
1072 	 */
1073     s0 = GETU32(ct     ) ^ rk[0];
1074     s1 = GETU32(ct +  4) ^ rk[1];
1075     s2 = GETU32(ct +  8) ^ rk[2];
1076     s3 = GETU32(ct + 12) ^ rk[3];
1077 #ifdef FULL_UNROLL
1078     /* round 1: */
1079     t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1080     t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1081     t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1082     t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1083     /* round 2: */
1084     s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1085     s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1086     s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1087     s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1088     /* round 3: */
1089     t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1090     t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1091     t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1092     t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1093     /* round 4: */
1094     s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1095     s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1096     s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1097     s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1098     /* round 5: */
1099     t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1100     t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1101     t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1102     t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1103     /* round 6: */
1104     s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1105     s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1106     s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1107     s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1108     /* round 7: */
1109     t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1110     t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1111     t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1112     t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1113     /* round 8: */
1114     s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1115     s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1116     s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1117     s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1118     /* round 9: */
1119     t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1120     t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1121     t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1122     t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1123     if (Nr > 10) {
1124 	/* round 10: */
1125 	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1126 	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1127 	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1128 	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1129 	/* round 11: */
1130 	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1131 	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1132 	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1133 	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1134 	if (Nr > 12) {
1135 	    /* round 12: */
1136 	    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1137 	    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1138 	    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1139 	    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1140 	    /* round 13: */
1141 	    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1142 	    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1143 	    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1144 	    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1145 	}
1146     }
1147 	rk += Nr << 2;
1148 #else  /* !FULL_UNROLL */
1149     /*
1150      * Nr - 1 full rounds:
1151      */
1152     r = Nr >> 1;
1153     for (;;) {
1154 	t0 =
1155 	    Td0[(s0 >> 24)       ] ^
1156 	    Td1[(s3 >> 16) & 0xff] ^
1157 	    Td2[(s2 >>  8) & 0xff] ^
1158 	    Td3[(s1      ) & 0xff] ^
1159 	    rk[4];
1160 	t1 =
1161 	    Td0[(s1 >> 24)       ] ^
1162 	    Td1[(s0 >> 16) & 0xff] ^
1163 	    Td2[(s3 >>  8) & 0xff] ^
1164 	    Td3[(s2      ) & 0xff] ^
1165 	    rk[5];
1166 	t2 =
1167 	    Td0[(s2 >> 24)       ] ^
1168 	    Td1[(s1 >> 16) & 0xff] ^
1169 	    Td2[(s0 >>  8) & 0xff] ^
1170 	    Td3[(s3      ) & 0xff] ^
1171 	    rk[6];
1172 	t3 =
1173 	    Td0[(s3 >> 24)       ] ^
1174 	    Td1[(s2 >> 16) & 0xff] ^
1175 	    Td2[(s1 >>  8) & 0xff] ^
1176 	    Td3[(s0      ) & 0xff] ^
1177 	    rk[7];
1178 
1179 	rk += 8;
1180 	if (--r == 0) {
1181 	    break;
1182 	}
1183 
1184 	s0 =
1185 	    Td0[(t0 >> 24)       ] ^
1186 	    Td1[(t3 >> 16) & 0xff] ^
1187 	    Td2[(t2 >>  8) & 0xff] ^
1188 	    Td3[(t1      ) & 0xff] ^
1189 	    rk[0];
1190 	s1 =
1191 	    Td0[(t1 >> 24)       ] ^
1192 	    Td1[(t0 >> 16) & 0xff] ^
1193 	    Td2[(t3 >>  8) & 0xff] ^
1194 	    Td3[(t2      ) & 0xff] ^
1195 	    rk[1];
1196 	s2 =
1197 	    Td0[(t2 >> 24)       ] ^
1198 	    Td1[(t1 >> 16) & 0xff] ^
1199 	    Td2[(t0 >>  8) & 0xff] ^
1200 	    Td3[(t3      ) & 0xff] ^
1201 	    rk[2];
1202 	s3 =
1203 	    Td0[(t3 >> 24)       ] ^
1204 	    Td1[(t2 >> 16) & 0xff] ^
1205 	    Td2[(t1 >>  8) & 0xff] ^
1206 	    Td3[(t0      ) & 0xff] ^
1207 	    rk[3];
1208     }
1209 #endif /* ?FULL_UNROLL */
1210     /*
1211 	 * apply last round and
1212 	 * map cipher state to byte array block:
1213 	 */
1214    	s0 =
1215    		(Td4[(t0 >> 24)       ] & 0xff000000) ^
1216    		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1217    		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1218    		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
1219    		rk[0];
1220 	PUTU32(pt     , s0);
1221    	s1 =
1222    		(Td4[(t1 >> 24)       ] & 0xff000000) ^
1223    		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1224    		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1225    		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
1226    		rk[1];
1227 	PUTU32(pt +  4, s1);
1228    	s2 =
1229    		(Td4[(t2 >> 24)       ] & 0xff000000) ^
1230    		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1231    		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1232    		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
1233    		rk[2];
1234 	PUTU32(pt +  8, s2);
1235    	s3 =
1236    		(Td4[(t3 >> 24)       ] & 0xff000000) ^
1237    		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1238    		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1239    		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
1240    		rk[3];
1241 	PUTU32(pt + 12, s3);
1242 }
1243 
1244 /* setup key context for encryption only */
1245 int
rijndael_set_key_enc_only(rijndael_ctx * ctx,u_char * key,int bits)1246 rijndael_set_key_enc_only(rijndael_ctx *ctx, u_char *key, int bits)
1247 {
1248 	int rounds;
1249 
1250 	rounds = rijndaelKeySetupEnc(ctx->ek, key, bits);
1251 	if (rounds == 0)
1252 		return -1;
1253 
1254 	ctx->Nr = rounds;
1255 	ctx->enc_only = 1;
1256 	ctx->hwcr_id = RIJNDAEL_HWCR_SOFTWARE;
1257 
1258 	return 0;
1259 }
1260 
1261 /* setup key context for both encryption and decryption */
1262 int
rijndael_set_key(rijndael_ctx * ctx,u_char * key,int bits)1263 rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits)
1264 {
1265 	int rounds;
1266 
1267 	rounds = rijndaelKeySetupEnc(ctx->ek, key, bits);
1268 	if (rounds == 0)
1269 		return -1;
1270 	if (rijndaelKeySetupDec(ctx->dk, key, bits) != rounds)
1271 		return -1;
1272 
1273 	ctx->Nr = rounds;
1274 	ctx->enc_only = 0;
1275 	ctx->hwcr_id = RIJNDAEL_HWCR_SOFTWARE;
1276 
1277 	return 0;
1278 }
1279 
1280 #define rijndael_hwcr_issoft(ctx) do {			\
1281 	u8 x_id = (ctx)->hwcr_id;			\
1282 	if (x_id != RIJNDAEL_HWCR_SOFTWARE)		\
1283 		printf("rijndael: corrupt data: %s:"	\
1284 		    " hwcr ID %u\n", __func__, x_id);	\
1285 } while (0)
1286 
1287 void
rijndael_decrypt(rijndael_ctx * ctx,u_char * src,u_char * dst)1288 rijndael_decrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
1289 {
1290 	rijndael_hwcr_issoft(ctx);
1291 	rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
1292 }
1293 
1294 void
rijndael_encrypt(rijndael_ctx * ctx,u_char * src,u_char * dst)1295 rijndael_encrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
1296 {
1297 	rijndael_hwcr_issoft(ctx);
1298 	rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
1299 }
1300 
1301 void
rijndael_cbc_encrypt(rijndael_ctx * ctx,u_char * iv,u_char * src,u_char * dst,int nblocks)1302 rijndael_cbc_encrypt(rijndael_ctx *ctx, u_char *iv,
1303     u_char *src, u_char *dst, int nblocks)
1304 {
1305 	u32 d_iv[4], data[4];
1306 
1307 	rijndael_hwcr_issoft(ctx);
1308 	if (iv == NULL)
1309 		bzero(d_iv, sizeof (d_iv));
1310 	else
1311 		memcpy(d_iv, iv, sizeof (d_iv));
1312 	while (nblocks--) {
1313 		memcpy(data, src, sizeof (data));
1314 		data[0] ^= d_iv[0];
1315 		data[1] ^= d_iv[1];
1316 		data[2] ^= d_iv[2];
1317 		data[3] ^= d_iv[3];
1318 		rijndaelEncrypt(ctx->ek, ctx->Nr,
1319 		    (u_char *)data, (u_char *)data);
1320 		memcpy(d_iv, data, sizeof (data));
1321 		memcpy(dst, data, sizeof (data));
1322 		src += sizeof (data);
1323 		dst += sizeof (data);
1324 	}
1325 	if (iv != NULL)
1326 		memcpy(iv, d_iv, sizeof (d_iv));
1327 }
1328 
1329 void
rijndael_cbc_decrypt(rijndael_ctx * ctx,u_char * iv,u_char * src,u_char * dst,int nblocks)1330 rijndael_cbc_decrypt(rijndael_ctx *ctx, u_char *iv,
1331     u_char *src, u_char *dst, int nblocks)
1332 {
1333 	u32 d_iv[4], data[4];
1334 
1335 	rijndael_hwcr_issoft(ctx);
1336 	if (iv == NULL)
1337 		bzero(d_iv, sizeof (d_iv));
1338 	else
1339 		memcpy(d_iv, iv, sizeof (d_iv));
1340 	while (nblocks--) {
1341 		memcpy(data, src, sizeof (data));
1342 		rijndaelDecrypt(ctx->dk, ctx->Nr,
1343 		    (u_char *)data, (u_char *)data);
1344 		data[0] ^= d_iv[0];
1345 		data[1] ^= d_iv[1];
1346 		data[2] ^= d_iv[2];
1347 		data[3] ^= d_iv[3];
1348 		memcpy(d_iv, src, sizeof (data));
1349 		memcpy(dst, data, sizeof (data));
1350 		src += sizeof (data);
1351 		dst += sizeof (data);
1352 	}
1353 	if (iv != NULL)
1354 		memcpy(iv, d_iv, sizeof (d_iv));
1355 }
1356 
1357 rijndael_setkey_t rijndael_set_key_fast = rijndael_set_key;
1358 rijndael_setkey_t rijndael_set_key_enc_only_fast = rijndael_set_key_enc_only;
1359 rijndael_do_cbc_t rijndael_cbc_decrypt_fast = rijndael_cbc_decrypt;
1360 rijndael_do_cbc_t rijndael_cbc_encrypt_fast = rijndael_cbc_encrypt;
1361