Print this page
6717509 Need to use bswap/bswapq for byte swap of 64-bit integer on x32/x64 (fix lint)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/common/crypto/aes/aes_impl.c
+++ new/usr/src/common/crypto/aes/aes_impl.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 #include <sys/types.h>
27 27 #include <sys/systm.h>
28 28 #include <sys/ddi.h>
29 29 #include <sys/sysmacros.h>
30 30 #include <sys/strsun.h>
31 31 #include <netinet/in.h>
32 32 #include <sys/crypto/spi.h>
33 33 #include <modes/modes.h>
34 34 #include "aes_impl.h"
35 35 #ifndef _KERNEL
36 36 #include <strings.h>
37 37 #include <stdlib.h>
38 38 #endif /* !_KERNEL */
39 39
40 40
41 41 /*
42 42 * This file is derived from the file rijndael-alg-fst.c taken from the
43 43 * "optimized C code v3.0" on the "rijndael home page"
44 44 * http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/
45 45 * pointed by the NIST web-site http://csrc.nist.gov/archive/aes/
46 46 *
47 47 * The following note is from the original file:
48 48 */
49 49
50 50 /*
51 51 * rijndael-alg-fst.c
52 52 *
53 53 * @version 3.0 (December 2000)
54 54 *
55 55 * Optimised ANSI C code for the Rijndael cipher (now AES)
56 56 *
57 57 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
58 58 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
59 59 * @author Paulo Barreto <paulo.barreto@terra.com.br>
60 60 *
61 61 * This code is hereby placed in the public domain.
62 62 *
63 63 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
64 64 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
65 65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
66 66 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
67 67 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
68 68 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
69 69 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
70 70 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
71 71 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
72 72 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
73 73 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
74 74 */
75 75
76 76 /* EXPORT DELETE START */
77 77
78 78 #if defined(sun4u) || defined(__amd64)
79 79 /* External assembly functions: */
80 80 extern void aes_encrypt_impl(const uint32_t rk[], int Nr, const uint32_t pt[4],
81 81 uint32_t ct[4]);
82 82 extern void aes_decrypt_impl(const uint32_t rk[], int Nr, const uint32_t ct[4],
83 83 uint32_t pt[4]);
84 84 #define AES_ENCRYPT_IMPL aes_encrypt_impl
85 85 #define AES_DECRYPT_IMPL aes_decrypt_impl
86 86
87 87 #ifdef __amd64
88 88 extern int rijndael_key_setup_enc(uint32_t rk[], const uint32_t cipherKey[],
89 89 int keyBits);
90 90 extern int rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[],
91 91 int keyBits);
92 92 #endif
93 93
94 94 #else
95 95 #define AES_ENCRYPT_IMPL rijndael_encrypt
96 96 #define AES_DECRYPT_IMPL rijndael_decrypt
97 97 #define rijndael_key_setup_enc_raw rijndael_key_setup_enc
98 98 #endif /* sun4u || __amd64 */
99 99
100 100 #if defined(_LITTLE_ENDIAN) && !defined(__amd64)
101 101 #define AES_BYTE_SWAP
102 102 #endif
103 103
104 104 #ifndef __amd64
105 105 /*
106 106 * Constant tables
107 107 */
108 108
109 109 /*
110 110 * Te0[x] = S [x].[02, 01, 01, 03];
111 111 * Te1[x] = S [x].[03, 02, 01, 01];
112 112 * Te2[x] = S [x].[01, 03, 02, 01];
113 113 * Te3[x] = S [x].[01, 01, 03, 02];
114 114 * Te4[x] = S [x].[01, 01, 01, 01];
115 115 *
116 116 * Td0[x] = Si[x].[0e, 09, 0d, 0b];
117 117 * Td1[x] = Si[x].[0b, 0e, 09, 0d];
118 118 * Td2[x] = Si[x].[0d, 0b, 0e, 09];
119 119 * Td3[x] = Si[x].[09, 0d, 0b, 0e];
120 120 * Td4[x] = Si[x].[01, 01, 01, 01];
121 121 */
122 122
123 123 /* Encrypt Sbox constants (for the substitute bytes operation) */
124 124
125 125 static const uint32_t Te0[256] =
126 126 {
127 127 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
128 128 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
129 129 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
130 130 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
131 131 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
132 132 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
133 133 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
134 134 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
135 135 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
136 136 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
137 137 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
138 138 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
139 139 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
140 140 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
141 141 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
142 142 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
143 143 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
144 144 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
145 145 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
146 146 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
147 147 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
148 148 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
149 149 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
150 150 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
151 151 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
152 152 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
153 153 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
154 154 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
155 155 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
156 156 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
157 157 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
158 158 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
159 159 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
160 160 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
161 161 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
162 162 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
163 163 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
164 164 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
165 165 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
166 166 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
167 167 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
168 168 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
169 169 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
170 170 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
171 171 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
172 172 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
173 173 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
174 174 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
175 175 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
176 176 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
177 177 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
178 178 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
179 179 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
180 180 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
181 181 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
182 182 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
183 183 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
184 184 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
185 185 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
186 186 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
187 187 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
188 188 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
189 189 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
190 190 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU
191 191 };
192 192
193 193
194 194 static const uint32_t Te1[256] =
195 195 {
196 196 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
197 197 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
198 198 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
199 199 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
200 200 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
201 201 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
202 202 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
203 203 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
204 204 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
205 205 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
206 206 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
207 207 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
208 208 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
209 209 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
210 210 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
211 211 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
212 212 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
213 213 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
214 214 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
215 215 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
216 216 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
217 217 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
218 218 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
219 219 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
220 220 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
221 221 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
222 222 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
223 223 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
224 224 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
225 225 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
226 226 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
227 227 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
228 228 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
229 229 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
230 230 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
231 231 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
232 232 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
233 233 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
234 234 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
235 235 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
236 236 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
237 237 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
238 238 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
239 239 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
240 240 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
241 241 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
242 242 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
243 243 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
244 244 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
245 245 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
246 246 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
247 247 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
248 248 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
249 249 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
250 250 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
251 251 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
252 252 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
253 253 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
254 254 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
255 255 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
256 256 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
257 257 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
258 258 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
259 259 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U
260 260 };
261 261
262 262
263 263 static const uint32_t Te2[256] =
264 264 {
265 265 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
266 266 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
267 267 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
268 268 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
269 269 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
270 270 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
271 271 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
272 272 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
273 273 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
274 274 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
275 275 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
276 276 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
277 277 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
278 278 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
279 279 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
280 280 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
281 281 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
282 282 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
283 283 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
284 284 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
285 285 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
286 286 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
287 287 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
288 288 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
289 289 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
290 290 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
291 291 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
292 292 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
293 293 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
294 294 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
295 295 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
296 296 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
297 297 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
298 298 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
299 299 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
300 300 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
301 301 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
302 302 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
303 303 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
304 304 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
305 305 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
306 306 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
307 307 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
308 308 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
309 309 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
310 310 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
311 311 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
312 312 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
313 313 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
314 314 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
315 315 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
316 316 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
317 317 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
318 318 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
319 319 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
320 320 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
321 321 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
322 322 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
323 323 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
324 324 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
325 325 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
326 326 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
327 327 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
328 328 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U
329 329 };
330 330
331 331
332 332 static const uint32_t Te3[256] =
333 333 {
334 334 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
335 335 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
336 336 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
337 337 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
338 338 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
339 339 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
340 340 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
341 341 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
342 342 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
343 343 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
344 344 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
345 345 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
346 346 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
347 347 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
348 348 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
349 349 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
350 350 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
351 351 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
352 352 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
353 353 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
354 354 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
355 355 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
356 356 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
357 357 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
358 358 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
359 359 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
360 360 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
361 361 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
362 362 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
363 363 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
364 364 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
365 365 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
366 366 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
367 367 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
368 368 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
369 369 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
370 370 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
371 371 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
372 372 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
373 373 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
374 374 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
375 375 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
376 376 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
377 377 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
378 378 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
379 379 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
380 380 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
381 381 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
382 382 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
383 383 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
384 384 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
385 385 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
386 386 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
387 387 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
388 388 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
389 389 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
390 390 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
391 391 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
392 392 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
393 393 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
394 394 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
395 395 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
396 396 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
397 397 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU
398 398 };
399 399
400 400 static const uint32_t Te4[256] =
401 401 {
402 402 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
403 403 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
404 404 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
405 405 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
406 406 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
407 407 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
408 408 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
409 409 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
410 410 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
411 411 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
412 412 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
413 413 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
414 414 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
415 415 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
416 416 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
417 417 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
418 418 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
419 419 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
420 420 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
421 421 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
422 422 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
423 423 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
424 424 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
425 425 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
426 426 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
427 427 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
428 428 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
429 429 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
430 430 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
431 431 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
432 432 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
433 433 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
434 434 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
435 435 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
436 436 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
437 437 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
438 438 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
439 439 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
440 440 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
441 441 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
442 442 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
443 443 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
444 444 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
445 445 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
446 446 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
447 447 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
448 448 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
449 449 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
450 450 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
451 451 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
452 452 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
453 453 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
454 454 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
455 455 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
456 456 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
457 457 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
458 458 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
459 459 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
460 460 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
461 461 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
462 462 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
463 463 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
464 464 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
465 465 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U
466 466 };
467 467
468 468 /* Decrypt Sbox constants (for the substitute bytes operation) */
469 469
470 470 static const uint32_t Td0[256] =
471 471 {
472 472 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
473 473 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
474 474 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
475 475 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
476 476 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
477 477 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
478 478 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
479 479 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
480 480 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
481 481 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
482 482 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
483 483 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
484 484 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
485 485 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
486 486 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
487 487 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
488 488 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
489 489 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
490 490 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
491 491 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
492 492 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
493 493 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
494 494 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
495 495 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
496 496 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
497 497 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
498 498 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
499 499 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
500 500 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
501 501 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
502 502 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
503 503 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
504 504 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
505 505 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
506 506 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
507 507 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
508 508 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
509 509 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
510 510 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
511 511 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
512 512 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
513 513 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
514 514 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
515 515 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
516 516 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
517 517 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
518 518 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
519 519 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
520 520 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
521 521 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
522 522 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
523 523 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
524 524 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
525 525 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
526 526 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
527 527 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
528 528 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
529 529 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
530 530 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
531 531 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
532 532 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
533 533 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
534 534 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
535 535 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U
536 536 };
537 537
538 538 static const uint32_t Td1[256] =
539 539 {
540 540 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
541 541 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
542 542 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
543 543 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
544 544 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
545 545 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
546 546 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
547 547 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
548 548 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
549 549 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
550 550 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
551 551 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
552 552 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
553 553 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
554 554 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
555 555 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
556 556 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
557 557 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
558 558 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
559 559 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
560 560 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
561 561 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
562 562 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
563 563 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
564 564 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
565 565 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
566 566 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
567 567 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
568 568 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
569 569 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
570 570 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
571 571 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
572 572 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
573 573 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
574 574 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
575 575 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
576 576 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
577 577 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
578 578 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
579 579 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
580 580 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
581 581 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
582 582 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
583 583 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
584 584 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
585 585 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
586 586 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
587 587 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
588 588 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
589 589 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
590 590 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
591 591 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
592 592 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
593 593 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
594 594 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
595 595 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
596 596 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
597 597 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
598 598 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
599 599 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
600 600 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
601 601 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
602 602 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
603 603 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U
604 604 };
605 605
606 606 static const uint32_t Td2[256] =
607 607 {
608 608 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
609 609 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
610 610 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
611 611 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
612 612 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
613 613 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
614 614 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
615 615 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
616 616 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
617 617 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
618 618 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
619 619 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
620 620 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
621 621 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
622 622 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
623 623 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
624 624 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
625 625 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
626 626 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
627 627 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
628 628 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
629 629 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
630 630 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
631 631 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
632 632 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
633 633 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
634 634 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
635 635 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
636 636 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
637 637 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
638 638 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
639 639 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
640 640 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
641 641 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
642 642 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
643 643 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
644 644 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
645 645 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
646 646 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
647 647 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
648 648 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
649 649 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
650 650 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
651 651 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
652 652 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
653 653 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
654 654 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
655 655 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
656 656 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
657 657 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
658 658 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
659 659 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
660 660 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
661 661 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
662 662 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
663 663 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
664 664 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
665 665 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
666 666 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
667 667 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
668 668 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
669 669 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
670 670 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
671 671 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U
672 672 };
673 673
674 674 static const uint32_t Td3[256] =
675 675 {
676 676 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
677 677 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
678 678 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
679 679 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
680 680 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
681 681 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
682 682 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
683 683 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
684 684 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
685 685 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
686 686 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
687 687 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
688 688 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
689 689 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
690 690 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
691 691 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
692 692 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
693 693 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
694 694 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
695 695 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
696 696 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
697 697 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
698 698 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
699 699 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
700 700 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
701 701 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
702 702 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
703 703 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
704 704 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
705 705 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
706 706 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
707 707 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
708 708 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
709 709 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
710 710 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
711 711 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
712 712 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
713 713 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
714 714 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
715 715 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
716 716 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
717 717 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
718 718 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
719 719 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
720 720 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
721 721 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
722 722 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
723 723 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
724 724 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
725 725 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
726 726 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
727 727 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
728 728 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
729 729 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
730 730 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
731 731 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
732 732 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
733 733 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
734 734 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
735 735 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
736 736 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
737 737 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
738 738 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
739 739 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U
740 740 };
741 741
742 742
743 743 static const uint32_t Td4[256] =
744 744 {
745 745 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
746 746 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
747 747 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
748 748 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
749 749 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
750 750 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
751 751 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
752 752 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
753 753 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
754 754 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
755 755 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
756 756 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
757 757 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
758 758 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
759 759 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
760 760 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
761 761 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
762 762 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
763 763 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
764 764 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
765 765 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
766 766 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
767 767 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
768 768 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
769 769 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
770 770 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
771 771 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
772 772 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
773 773 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
774 774 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
775 775 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
776 776 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
777 777 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
778 778 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
779 779 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
780 780 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
781 781 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
782 782 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
783 783 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
784 784 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
785 785 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
786 786 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
787 787 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
788 788 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
789 789 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
790 790 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
791 791 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
792 792 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
793 793 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
794 794 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
795 795 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
796 796 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
797 797 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
798 798 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
799 799 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
800 800 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
801 801 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
802 802 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
803 803 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
804 804 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
805 805 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
806 806 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
807 807 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
808 808 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU
809 809 };
810 810
811 811 /* Rcon is Round Constant; used for encryption key expansion */
812 812 static const uint32_t rcon[RC_LENGTH] =
813 813 {
814 814 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
815 815 0x01000000, 0x02000000, 0x04000000, 0x08000000,
816 816 0x10000000, 0x20000000, 0x40000000, 0x80000000,
817 817 0x1B000000, 0x36000000
818 818 };
819 819
820 820
821 821 /*
822 822 * Expand the cipher key into the encryption key schedule.
823 823 *
824 824 * Return the number of rounds for the given cipher key size.
825 825 * The size of the key schedule depends on the number of rounds
826 826 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
827 827 *
828 828 * Parameters:
829 829 * rk AES key schedule 32-bit array to be initialized
830 830 * cipherKey User key
831 831 * keyBits AES key size (128, 192, or 256 bits)
832 832 */
833 833 static int
834 834 rijndael_key_setup_enc_raw(uint32_t rk[], const uint32_t cipherKey[],
835 835 int keyBits)
836 836 {
837 837 int i = 0;
838 838 uint32_t temp;
839 839
840 840 rk[0] = cipherKey[0];
841 841 rk[1] = cipherKey[1];
842 842 rk[2] = cipherKey[2];
843 843 rk[3] = cipherKey[3];
844 844
845 845 if (keyBits == 128) {
846 846 for (;;) {
847 847 temp = rk[3];
848 848 rk[4] = rk[0] ^
849 849 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
850 850 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
851 851 (Te4[temp & 0xff] & 0x0000ff00) ^
852 852 (Te4[temp >> 24] & 0x000000ff) ^
853 853 rcon[i];
854 854 rk[5] = rk[1] ^ rk[4];
855 855 rk[6] = rk[2] ^ rk[5];
856 856 rk[7] = rk[3] ^ rk[6];
857 857
858 858 if (++i == 10) {
859 859 return (10);
860 860 }
861 861 rk += 4;
862 862 }
863 863 }
864 864
865 865 rk[4] = cipherKey[4];
866 866 rk[5] = cipherKey[5];
867 867
868 868 if (keyBits == 192) {
869 869 for (;;) {
870 870 temp = rk[5];
871 871 rk[6] = rk[0] ^
872 872 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
873 873 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
874 874 (Te4[temp & 0xff] & 0x0000ff00) ^
875 875 (Te4[temp >> 24] & 0x000000ff) ^
876 876 rcon[i];
877 877 rk[7] = rk[1] ^ rk[6];
878 878 rk[8] = rk[2] ^ rk[7];
879 879 rk[9] = rk[3] ^ rk[8];
880 880
881 881 if (++i == 8) {
882 882 return (12);
883 883 }
884 884
885 885 rk[10] = rk[4] ^ rk[9];
886 886 rk[11] = rk[5] ^ rk[10];
887 887 rk += 6;
888 888 }
889 889 }
890 890
891 891 rk[6] = cipherKey[6];
892 892 rk[7] = cipherKey[7];
893 893
894 894 if (keyBits == 256) {
895 895 for (;;) {
896 896 temp = rk[7];
897 897 rk[8] = rk[0] ^
898 898 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
899 899 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
900 900 (Te4[temp & 0xff] & 0x0000ff00) ^
901 901 (Te4[temp >> 24] & 0x000000ff) ^
902 902 rcon[i];
903 903 rk[9] = rk[1] ^ rk[8];
904 904 rk[10] = rk[2] ^ rk[9];
905 905 rk[11] = rk[3] ^ rk[10];
906 906
907 907 if (++i == 7) {
908 908 return (14);
909 909 }
910 910 temp = rk[11];
911 911 rk[12] = rk[4] ^
912 912 (Te4[temp >> 24] & 0xff000000) ^
913 913 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
914 914 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
915 915 (Te4[temp & 0xff] & 0x000000ff);
916 916 rk[13] = rk[5] ^ rk[12];
917 917 rk[14] = rk[6] ^ rk[13];
918 918 rk[15] = rk[7] ^ rk[14];
919 919
920 920 rk += 8;
921 921 }
922 922 }
923 923
924 924 return (0);
925 925 }
926 926 #endif /* !__amd64 */
927 927
928 928
929 929 #ifdef sun4u
930 930
931 931 /*
932 932 * Expand the cipher key into the encryption key schedule.
933 933 * by the sun4u optimized assembly implementation.
934 934 *
935 935 * Return the number of rounds for the given cipher key size.
936 936 * The size of the key schedule depends on the number of rounds
937 937 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
938 938 *
939 939 * Parameters:
940 940 * rk AES key schedule 64-bit array to be initialized
941 941 * cipherKey User key
942 942 * keyBits AES key size (128, 192, or 256 bits)
943 943 */
944 944 static int
945 945 rijndael_key_setup_enc(uint64_t rk[], const uint32_t cipherKey[], int keyBits)
946 946 {
947 947 uint32_t rk1[4 * (MAX_AES_NR + 1)];
948 948 uint64_t *rk64 = (uint64_t *)rk;
949 949 uint32_t *rkt;
950 950 uint64_t t;
951 951 int i, Nr;
952 952
953 953 Nr = rijndael_key_setup_enc_raw(rk1, cipherKey, keyBits);
954 954
955 955 for (i = 0; i < 4 * Nr; i++) {
956 956 t = (uint64_t)(rk1[i]);
957 957 rk64[i] = ((t & 0xff000000) << 11) |
958 958 ((t & 0xff0000) << 8) |
959 959 ((t & 0xffff) << 3);
960 960 }
961 961
962 962 rkt = (uint32_t *)(&(rk64[4 * Nr]));
963 963
964 964 for (i = 0; i < 4; i++) {
965 965 rkt[i] = rk1[4 * Nr+i];
966 966 }
967 967
968 968 return (Nr);
969 969 }
970 970
971 971
972 972 /*
973 973 * Expand the cipher key into the decryption key schedule as used
974 974 * by the sun4u optimized assembly implementation.
975 975 *
976 976 * Return the number of rounds for the given cipher key size.
977 977 * The size of the key schedule depends on the number of rounds
978 978 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
979 979 *
980 980 * Parameters:
981 981 * rk AES key schedule 32-bit array to be initialized
982 982 * cipherKey User key
983 983 * keyBits AES key size (128, 192, or 256 bits)
984 984 */
985 985 static int
986 986 rijndael_key_setup_dec_raw(uint32_t rk[], const uint32_t cipherKey[],
987 987 int keyBits)
988 988 {
989 989 int Nr, i;
990 990 uint32_t temp;
991 991
992 992 /* expand the cipher key: */
993 993 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits);
994 994
995 995 /* invert the order of the round keys: */
996 996
997 997 for (i = 0; i < 2 * Nr + 2; i++) {
998 998 temp = rk[i];
999 999 rk[i] = rk[4 * Nr - i + 3];
1000 1000 rk[4 * Nr - i + 3] = temp;
1001 1001 }
1002 1002
1003 1003 /*
1004 1004 * apply the inverse MixColumn transform to all
1005 1005 * round keys but the first and the last:
1006 1006 */
1007 1007 for (i = 1; i < Nr; i++) {
1008 1008 rk += 4;
1009 1009 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^
1010 1010 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1011 1011 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1012 1012 Td3[Te4[rk[0] & 0xff] & 0xff];
1013 1013 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^
1014 1014 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1015 1015 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1016 1016 Td3[Te4[rk[1] & 0xff] & 0xff];
1017 1017 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^
1018 1018 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1019 1019 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1020 1020 Td3[Te4[rk[2] & 0xff] & 0xff];
1021 1021 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^
1022 1022 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1023 1023 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1024 1024 Td3[Te4[rk[3] & 0xff] & 0xff];
1025 1025 }
1026 1026
1027 1027 return (Nr);
1028 1028 }
1029 1029
1030 1030
1031 1031 /*
1032 1032 * The size of the key schedule depends on the number of rounds
1033 1033 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1034 1034 *
1035 1035 * Parameters:
1036 1036 * rk AES key schedule 64-bit array to be initialized
1037 1037 * cipherKey User key
1038 1038 * keyBits AES key size (128, 192, or 256 bits)
1039 1039 */
1040 1040 static int
1041 1041 rijndael_key_setup_dec(uint64_t rk[], const uint32_t cipherKey[], int keyBits)
1042 1042 {
1043 1043 uint32_t rk1[4 * (MAX_AES_NR + 1)];
1044 1044 uint64_t *rk64 = (uint64_t *)rk;
1045 1045 uint32_t *rkt;
1046 1046 uint64_t t;
1047 1047 int i, Nr;
1048 1048
1049 1049 Nr = rijndael_key_setup_dec_raw(rk1, cipherKey, keyBits);
1050 1050 for (i = 0; i < 4 * Nr; i++) {
1051 1051 t = (uint64_t)(rk1[i]);
1052 1052 rk64[i] = ((t & 0xff000000) << 11) |
1053 1053 ((t & 0xff0000) << 8) |
1054 1054 ((t & 0xffff) << 3);
1055 1055 }
1056 1056
1057 1057 rkt = (uint32_t *)(&(rk64[4 * Nr]));
1058 1058
1059 1059 for (i = 0; i < 4; i++) {
1060 1060 rkt[i] = rk1[4 * Nr + i];
1061 1061 }
1062 1062
1063 1063 return (Nr);
1064 1064 }
1065 1065
1066 1066
1067 1067 /*
1068 1068 * Expand the 64-bit AES cipher key array into the encryption and decryption
1069 1069 * key schedules.
1070 1070 *
1071 1071 * Parameters:
1072 1072 * key AES key schedule to be initialized
1073 1073 * keyarr32 User key
1074 1074 * keyBits AES key size (128, 192, or 256 bits)
1075 1075 */
1076 1076 static void
1077 1077 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits)
1078 1078 {
1079 1079 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks64[0]), keyarr32,
1080 1080 keybits);
1081 1081 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks64[0]), keyarr32,
1082 1082 keybits);
1083 1083 key->type = AES_64BIT_KS;
1084 1084 }
1085 1085
1086 1086
1087 1087 #elif !defined(__amd64)
1088 1088
1089 1089 /*
1090 1090 * Expand the cipher key into the decryption key schedule.
1091 1091 * Return the number of rounds for the given cipher key size.
1092 1092 * The size of the key schedule depends on the number of rounds
1093 1093 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1094 1094 *
1095 1095 * Parameters:
1096 1096 * rk AES key schedule 32-bit array to be initialized
1097 1097 * cipherKey User key
1098 1098 * keyBits AES key size (128, 192, or 256 bits)
1099 1099 */
1100 1100 static int
1101 1101 rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[], int keyBits)
1102 1102 {
1103 1103 int Nr, i, j;
1104 1104 uint32_t temp;
1105 1105
1106 1106 /* expand the cipher key: */
1107 1107 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits);
1108 1108
1109 1109 /* invert the order of the round keys: */
1110 1110 for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4) {
1111 1111 temp = rk[i];
1112 1112 rk[i] = rk[j];
1113 1113 rk[j] = temp;
1114 1114 temp = rk[i + 1];
1115 1115 rk[i + 1] = rk[j + 1];
1116 1116 rk[j + 1] = temp;
1117 1117 temp = rk[i + 2];
1118 1118 rk[i + 2] = rk[j + 2];
1119 1119 rk[j + 2] = temp;
1120 1120 temp = rk[i + 3];
1121 1121 rk[i + 3] = rk[j + 3];
1122 1122 rk[j + 3] = temp;
1123 1123 }
1124 1124
1125 1125 /*
1126 1126 * apply the inverse MixColumn transform to all
1127 1127 * round keys but the first and the last:
1128 1128 */
1129 1129 for (i = 1; i < Nr; i++) {
1130 1130 rk += 4;
1131 1131 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^
1132 1132 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1133 1133 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1134 1134 Td3[Te4[rk[0] & 0xff] & 0xff];
1135 1135 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^
1136 1136 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1137 1137 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1138 1138 Td3[Te4[rk[1] & 0xff] & 0xff];
1139 1139 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^
1140 1140 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1141 1141 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1142 1142 Td3[Te4[rk[2] & 0xff] & 0xff];
1143 1143 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^
1144 1144 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1145 1145 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1146 1146 Td3[Te4[rk[3] & 0xff] & 0xff];
1147 1147 }
1148 1148
1149 1149 return (Nr);
1150 1150 }
1151 1151
1152 1152
1153 1153 /*
1154 1154 * Encrypt one block of data. The block is assumed to be an array
1155 1155 * of four uint32_t values, so copy for alignment (and byte-order
1156 1156 * reversal for little endian systems might be necessary on the
1157 1157 * input and output byte streams.
1158 1158 * The size of the key schedule depends on the number of rounds
1159 1159 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1160 1160 *
1161 1161 * Parameters:
1162 1162 * rk Key schedule, of aes_ks_t (60 32-bit integers)
1163 1163 * Nr Number of rounds
1164 1164 * pt Input block (plain text)
1165 1165 * ct Output block (crypto text). Can overlap with pt
1166 1166 */
1167 1167 static void
1168 1168 rijndael_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4],
1169 1169 uint32_t ct[4])
1170 1170 {
1171 1171 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1172 1172 int r;
1173 1173
1174 1174 /*
1175 1175 * map byte array block to cipher state
1176 1176 * and add initial round key:
1177 1177 */
1178 1178
1179 1179 s0 = pt[0] ^ rk[0];
1180 1180 s1 = pt[1] ^ rk[1];
1181 1181 s2 = pt[2] ^ rk[2];
1182 1182 s3 = pt[3] ^ rk[3];
1183 1183
1184 1184 /*
1185 1185 * Nr - 1 full rounds:
1186 1186 */
1187 1187
1188 1188 r = Nr >> 1;
1189 1189
1190 1190 for (;;) {
1191 1191 t0 = Te0[s0 >> 24] ^
1192 1192 Te1[(s1 >> 16) & 0xff] ^
1193 1193 Te2[(s2 >> 8) & 0xff] ^
1194 1194 Te3[s3 & 0xff] ^
1195 1195 rk[4];
1196 1196
1197 1197 t1 = Te0[s1 >> 24] ^
1198 1198 Te1[(s2 >> 16) & 0xff] ^
1199 1199 Te2[(s3 >> 8) & 0xff] ^
1200 1200 Te3[s0 & 0xff] ^
1201 1201 rk[5];
1202 1202
1203 1203 t2 = Te0[s2 >> 24] ^
1204 1204 Te1[(s3 >> 16) & 0xff] ^
1205 1205 Te2[(s0 >> 8) & 0xff] ^
1206 1206 Te3[s1 & 0xff] ^
1207 1207 rk[6];
1208 1208
1209 1209 t3 = Te0[s3 >> 24] ^
1210 1210 Te1[(s0 >> 16) & 0xff] ^
1211 1211 Te2[(s1 >> 8) & 0xff] ^
1212 1212 Te3[s2 & 0xff] ^
1213 1213 rk[7];
1214 1214
1215 1215 rk += 8;
1216 1216
1217 1217 if (--r == 0) {
1218 1218 break;
1219 1219 }
1220 1220
1221 1221 s0 = Te0[t0 >> 24] ^
1222 1222 Te1[(t1 >> 16) & 0xff] ^
1223 1223 Te2[(t2 >> 8) & 0xff] ^
1224 1224 Te3[t3 & 0xff] ^
1225 1225 rk[0];
1226 1226
1227 1227 s1 = Te0[t1 >> 24] ^
1228 1228 Te1[(t2 >> 16) & 0xff] ^
1229 1229 Te2[(t3 >> 8) & 0xff] ^
1230 1230 Te3[t0 & 0xff] ^
1231 1231 rk[1];
1232 1232
1233 1233 s2 = Te0[t2 >> 24] ^
1234 1234 Te1[(t3 >> 16) & 0xff] ^
1235 1235 Te2[(t0 >> 8) & 0xff] ^
1236 1236 Te3[t1 & 0xff] ^
1237 1237 rk[2];
1238 1238
1239 1239 s3 = Te0[t3 >> 24] ^
1240 1240 Te1[(t0 >> 16) & 0xff] ^
1241 1241 Te2[(t1 >> 8) & 0xff] ^
1242 1242 Te3[t2 & 0xff] ^
1243 1243 rk[3];
1244 1244 }
1245 1245
1246 1246 /*
1247 1247 * apply last round and
1248 1248 * map cipher state to byte array block:
1249 1249 */
1250 1250
1251 1251 s0 = (Te4[(t0 >> 24)] & 0xff000000) ^
1252 1252 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1253 1253 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1254 1254 (Te4[t3 & 0xff] & 0x000000ff) ^
1255 1255 rk[0];
1256 1256 ct[0] = s0;
1257 1257
1258 1258 s1 = (Te4[(t1 >> 24)] & 0xff000000) ^
1259 1259 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1260 1260 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1261 1261 (Te4[t0 & 0xff] & 0x000000ff) ^
1262 1262 rk[1];
1263 1263 ct[1] = s1;
1264 1264
1265 1265 s2 = (Te4[(t2 >> 24)] & 0xff000000) ^
1266 1266 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1267 1267 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1268 1268 (Te4[t1 & 0xff] & 0x000000ff) ^
1269 1269 rk[2];
1270 1270 ct[2] = s2;
1271 1271
1272 1272 s3 = (Te4[(t3 >> 24)] & 0xff000000) ^
1273 1273 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1274 1274 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1275 1275 (Te4[t2 & 0xff] & 0x000000ff) ^
1276 1276 rk[3];
1277 1277 ct[3] = s3;
1278 1278 }
1279 1279
1280 1280
1281 1281 /*
1282 1282 * Decrypt one block of data. The block is assumed to be an array
1283 1283 * of four uint32_t values, so copy for alignment (and byte-order
1284 1284 * reversal for little endian systems might be necessary on the
1285 1285 * input and output byte streams.
1286 1286 * The size of the key schedule depends on the number of rounds
1287 1287 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1288 1288 *
1289 1289 * Parameters:
1290 1290 * rk Key schedule, of aes_ks_t (60 32-bit integers)
1291 1291 * Nr Number of rounds
1292 1292 * ct Input block (crypto text)
1293 1293 * pt Output block (plain text). Can overlap with pt
1294 1294 */
1295 1295 static void
1296 1296 rijndael_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4],
1297 1297 uint32_t pt[4])
1298 1298 {
1299 1299 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1300 1300 int r;
1301 1301
1302 1302 /*
1303 1303 * map byte array block to cipher state
1304 1304 * and add initial round key:
1305 1305 */
1306 1306 s0 = ct[0] ^ rk[0];
1307 1307 s1 = ct[1] ^ rk[1];
1308 1308 s2 = ct[2] ^ rk[2];
1309 1309 s3 = ct[3] ^ rk[3];
1310 1310
1311 1311 /*
1312 1312 * Nr - 1 full rounds:
1313 1313 */
1314 1314
1315 1315 r = Nr >> 1;
1316 1316
1317 1317 for (;;) {
1318 1318 t0 = Td0[s0 >> 24] ^
1319 1319 Td1[(s3 >> 16) & 0xff] ^
1320 1320 Td2[(s2 >> 8) & 0xff] ^
1321 1321 Td3[s1 & 0xff] ^
1322 1322 rk[4];
1323 1323
1324 1324 t1 = Td0[s1 >> 24] ^
1325 1325 Td1[(s0 >> 16) & 0xff] ^
1326 1326 Td2[(s3 >> 8) & 0xff] ^
1327 1327 Td3[s2 & 0xff] ^
1328 1328 rk[5];
1329 1329
1330 1330 t2 = Td0[s2 >> 24] ^
1331 1331 Td1[(s1 >> 16) & 0xff] ^
1332 1332 Td2[(s0 >> 8) & 0xff] ^
1333 1333 Td3[s3 & 0xff] ^
1334 1334 rk[6];
1335 1335
1336 1336 t3 = Td0[s3 >> 24] ^
1337 1337 Td1[(s2 >> 16) & 0xff] ^
1338 1338 Td2[(s1 >> 8) & 0xff] ^
1339 1339 Td3[s0 & 0xff] ^
1340 1340 rk[7];
1341 1341
1342 1342 rk += 8;
1343 1343
1344 1344 if (--r == 0) {
1345 1345 break;
1346 1346 }
1347 1347
1348 1348 s0 = Td0[t0 >> 24] ^
1349 1349 Td1[(t3 >> 16) & 0xff] ^
1350 1350 Td2[(t2 >> 8) & 0xff] ^
1351 1351 Td3[t1 & 0xff] ^
1352 1352 rk[0];
1353 1353
1354 1354 s1 = Td0[t1 >> 24] ^
1355 1355 Td1[(t0 >> 16) & 0xff] ^
1356 1356 Td2[(t3 >> 8) & 0xff] ^
1357 1357 Td3[t2 & 0xff] ^
1358 1358 rk[1];
1359 1359
1360 1360 s2 = Td0[t2 >> 24] ^
1361 1361 Td1[(t1 >> 16) & 0xff] ^
1362 1362 Td2[(t0 >> 8) & 0xff] ^
1363 1363 Td3[t3 & 0xff] ^
1364 1364 rk[2];
1365 1365
1366 1366 s3 = Td0[t3 >> 24] ^
1367 1367 Td1[(t2 >> 16) & 0xff] ^
1368 1368 Td2[(t1 >> 8) & 0xff] ^
1369 1369 Td3[t0 & 0xff] ^
1370 1370 rk[3];
1371 1371 }
1372 1372
1373 1373 /*
1374 1374 * apply last round and
1375 1375 * map cipher state to byte array block:
1376 1376 */
1377 1377
1378 1378 s0 = (Td4[t0 >> 24] & 0xff000000) ^
1379 1379 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1380 1380 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1381 1381 (Td4[t1 & 0xff] & 0x000000ff) ^
1382 1382 rk[0];
1383 1383 pt[0] = s0;
1384 1384
1385 1385 s1 = (Td4[t1 >> 24] & 0xff000000) ^
1386 1386 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1387 1387 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1388 1388 (Td4[t2 & 0xff] & 0x000000ff) ^
1389 1389 rk[1];
1390 1390 pt[1] = s1;
1391 1391
1392 1392 s2 = (Td4[t2 >> 24] & 0xff000000) ^
1393 1393 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1394 1394 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1395 1395 (Td4[t3 & 0xff] & 0x000000ff) ^
1396 1396 rk[2];
1397 1397 pt[2] = s2;
1398 1398
1399 1399 s3 = (Td4[t3 >> 24] & 0xff000000) ^
1400 1400 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1401 1401 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1402 1402 (Td4[t0 & 0xff] & 0x000000ff) ^
1403 1403 rk[3];
1404 1404 pt[3] = s3;
1405 1405 }
1406 1406 #endif /* sun4u, !__amd64 */
1407 1407
1408 1408 #ifndef sun4u
1409 1409 /*
1410 1410 * Expand the 32-bit AES cipher key array into the encryption and decryption
1411 1411 * key schedules.
1412 1412 *
1413 1413 * Parameters:
1414 1414 * key AES key schedule to be initialized
1415 1415 * keyarr32 User key
1416 1416 * keyBits AES key size (128, 192, or 256 bits)
1417 1417 */
1418 1418 static void
1419 1419 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits)
1420 1420 {
1421 1421 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks32[0]), keyarr32,
1422 1422 keybits);
1423 1423 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks32[0]), keyarr32,
1424 1424 keybits);
1425 1425 key->type = AES_32BIT_KS;
1426 1426 }
1427 1427 #endif /* sun4u */
1428 1428 /* EXPORT DELETE END */
1429 1429
1430 1430
1431 1431 /*
1432 1432 * Initialize key schedules for AES
1433 1433 *
1434 1434 * Parameters:
1435 1435 * cipherKey User key
1436 1436 * keyBits AES key size (128, 192, or 256 bits)
1437 1437 * keysched AES key schedule to be initialized, of type aes_key_t.
1438 1438 * Allocated by aes_alloc_keysched().
1439 1439 */
1440 1440 void
1441 1441 aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, void *keysched)
1442 1442 {
1443 1443 /* EXPORT DELETE START */
1444 1444 aes_key_t *newbie = keysched;
1445 1445 uint_t keysize, i, j;
1446 1446 union {
1447 1447 uint64_t ka64[4];
1448 1448 uint32_t ka32[8];
1449 1449 } keyarr;
1450 1450
1451 1451 switch (keyBits) {
1452 1452 case 128:
1453 1453 newbie->nr = 10;
1454 1454 break;
1455 1455
1456 1456 case 192:
1457 1457 newbie->nr = 12;
1458 1458 break;
1459 1459
1460 1460 case 256:
1461 1461 newbie->nr = 14;
1462 1462 break;
1463 1463
1464 1464 default:
1465 1465 /* should never get here */
1466 1466 return;
1467 1467 }
1468 1468 keysize = keyBits >> 3;
1469 1469
1470 1470 /*
1471 1471 * For _LITTLE_ENDIAN machines (except AMD64), reverse every
1472 1472 * 4 bytes in the key. On _BIG_ENDIAN and AMD64, copy the key
1473 1473 * without reversing bytes.
1474 1474 * For AMD64, do not byte swap for aes_setupkeys().
1475 1475 *
1476 1476 * SPARCv8/v9 uses a key schedule array with 64-bit elements.
1477 1477 * X86/AMD64 uses a key schedule array with 32-bit elements.
1478 1478 */
1479 1479 #ifndef AES_BYTE_SWAP
1480 1480 if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) {
|
↓ open down ↓ |
1480 lines elided |
↑ open up ↑ |
1481 1481 for (i = 0, j = 0; j < keysize; i++, j += 8) {
1482 1482 /* LINTED: pointer alignment */
1483 1483 keyarr.ka64[i] = *((uint64_t *)&cipherKey[j]);
1484 1484 }
1485 1485 } else {
1486 1486 bcopy(cipherKey, keyarr.ka32, keysize);
1487 1487 }
1488 1488
1489 1489 #else /* byte swap */
1490 1490 for (i = 0, j = 0; j < keysize; i++, j += 4) {
1491 - keyarr.ka32[i] = htonl(*(uint32_t *)&cipherKey[j]);
1491 + keyarr.ka32[i] = htonl(*(uint32_t *)(void *)&cipherKey[j]);
1492 1492 }
1493 1493 #endif
1494 1494
1495 1495 aes_setupkeys(newbie, keyarr.ka32, keyBits);
1496 1496 /* EXPORT DELETE END */
1497 1497 }
1498 1498
1499 1499 /*
1500 1500 * Encrypt one block using AES.
1501 1501 * Align if needed and (for x86 32-bit only) byte-swap.
1502 1502 *
1503 1503 * Parameters:
1504 1504 * ks Key schedule, of type aes_key_t
1505 1505 * pt Input block (plain text)
1506 1506 * ct Output block (crypto text). Can overlap with pt
1507 1507 */
1508 1508 int
1509 1509 aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct)
1510 1510 {
1511 1511 /* EXPORT DELETE START */
1512 1512 aes_key_t *ksch = (aes_key_t *)ks;
1513 1513
1514 1514 #ifndef AES_BYTE_SWAP
1515 1515 if (IS_P2ALIGNED2(pt, ct, sizeof (uint32_t))) {
1516 1516 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr,
1517 1517 /* LINTED: pointer alignment */
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
1518 1518 (uint32_t *)pt, (uint32_t *)ct);
1519 1519 } else {
1520 1520 #endif
1521 1521 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
1522 1522
1523 1523 /* Copy input block into buffer */
1524 1524 #ifndef AES_BYTE_SWAP
1525 1525 bcopy(pt, &buffer, AES_BLOCK_LEN);
1526 1526
1527 1527 #else /* byte swap */
1528 - buffer[0] = htonl(*(uint32_t *)&pt[0]);
1529 - buffer[1] = htonl(*(uint32_t *)&pt[4]);
1530 - buffer[2] = htonl(*(uint32_t *)&pt[8]);
1531 - buffer[3] = htonl(*(uint32_t *)&pt[12]);
1528 + buffer[0] = htonl(*(uint32_t *)(void *)&pt[0]);
1529 + buffer[1] = htonl(*(uint32_t *)(void *)&pt[4]);
1530 + buffer[2] = htonl(*(uint32_t *)(void *)&pt[8]);
1531 + buffer[3] = htonl(*(uint32_t *)(void *)&pt[12]);
1532 1532 #endif
1533 1533
1534 1534 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr,
1535 1535 buffer, buffer);
1536 1536
1537 1537 /* Copy result from buffer to output block */
1538 1538 #ifndef AES_BYTE_SWAP
1539 1539 bcopy(&buffer, ct, AES_BLOCK_LEN);
1540 1540 }
1541 1541
1542 1542 #else /* byte swap */
1543 - *(uint32_t *)&ct[0] = htonl(buffer[0]);
1544 - *(uint32_t *)&ct[4] = htonl(buffer[1]);
1545 - *(uint32_t *)&ct[8] = htonl(buffer[2]);
1546 - *(uint32_t *)&ct[12] = htonl(buffer[3]);
1543 + *(uint32_t *)(void *)&ct[0] = htonl(buffer[0]);
1544 + *(uint32_t *)(void *)&ct[4] = htonl(buffer[1]);
1545 + *(uint32_t *)(void *)&ct[8] = htonl(buffer[2]);
1546 + *(uint32_t *)(void *)&ct[12] = htonl(buffer[3]);
1547 1547 #endif
1548 1548 /* EXPORT DELETE END */
1549 1549 return (CRYPTO_SUCCESS);
1550 1550 }
1551 1551
1552 1552 /*
1553 1553 * Decrypt one block using AES.
1554 1554 * Align and byte-swap if needed.
1555 1555 *
1556 1556 * Parameters:
1557 1557 * ks Key schedule, of type aes_key_t
1558 1558 * ct Input block (crypto text)
1559 1559 * pt Output block (plain text). Can overlap with pt
1560 1560 */
1561 1561 int
1562 1562 aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt)
1563 1563 {
1564 1564 /* EXPORT DELETE START */
1565 1565 aes_key_t *ksch = (aes_key_t *)ks;
1566 1566
1567 1567 #ifndef AES_BYTE_SWAP
1568 1568 if (IS_P2ALIGNED2(ct, pt, sizeof (uint32_t))) {
1569 1569 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr,
1570 1570 /* LINTED: pointer alignment */
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
1571 1571 (uint32_t *)ct, (uint32_t *)pt);
1572 1572 } else {
1573 1573 #endif
1574 1574 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
1575 1575
1576 1576 /* Copy input block into buffer */
1577 1577 #ifndef AES_BYTE_SWAP
1578 1578 bcopy(ct, &buffer, AES_BLOCK_LEN);
1579 1579
1580 1580 #else /* byte swap */
1581 - buffer[0] = htonl(*(uint32_t *)&ct[0]);
1582 - buffer[1] = htonl(*(uint32_t *)&ct[4]);
1583 - buffer[2] = htonl(*(uint32_t *)&ct[8]);
1584 - buffer[3] = htonl(*(uint32_t *)&ct[12]);
1581 + buffer[0] = htonl(*(uint32_t *)(void *)&ct[0]);
1582 + buffer[1] = htonl(*(uint32_t *)(void *)&ct[4]);
1583 + buffer[2] = htonl(*(uint32_t *)(void *)&ct[8]);
1584 + buffer[3] = htonl(*(uint32_t *)(void *)&ct[12]);
1585 1585 #endif
1586 1586
1587 1587 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr,
1588 1588 buffer, buffer);
1589 1589
1590 1590 /* Copy result from buffer to output block */
1591 1591 #ifndef AES_BYTE_SWAP
1592 1592 bcopy(&buffer, pt, AES_BLOCK_LEN);
1593 1593 }
1594 1594
1595 1595 #else /* byte swap */
1596 - *(uint32_t *)&pt[0] = htonl(buffer[0]);
1597 - *(uint32_t *)&pt[4] = htonl(buffer[1]);
1598 - *(uint32_t *)&pt[8] = htonl(buffer[2]);
1599 - *(uint32_t *)&pt[12] = htonl(buffer[3]);
1596 + *(uint32_t *)(void *)&pt[0] = htonl(buffer[0]);
1597 + *(uint32_t *)(void *)&pt[4] = htonl(buffer[1]);
1598 + *(uint32_t *)(void *)&pt[8] = htonl(buffer[2]);
1599 + *(uint32_t *)(void *)&pt[12] = htonl(buffer[3]);
1600 1600 #endif
1601 1601
1602 1602 /* EXPORT DELETE END */
1603 1603 return (CRYPTO_SUCCESS);
1604 1604 }
1605 1605
1606 1606
1607 1607 /*
1608 1608 * Allocate key schedule for AES.
1609 1609 *
1610 1610 * Return the pointer and set size to the number of bytes allocated.
1611 1611 * Memory allocated must be freed by the caller when done.
1612 1612 *
1613 1613 * Parameters:
1614 1614 * size Size of key schedule allocated, in bytes
1615 1615 * kmflag Flag passed to kmem_alloc(9F); ignored in userland.
1616 1616 */
1617 1617 /* ARGSUSED */
1618 1618 void *
1619 1619 aes_alloc_keysched(size_t *size, int kmflag)
1620 1620 {
1621 1621 /* EXPORT DELETE START */
1622 1622 aes_key_t *keysched;
1623 1623
1624 1624 #ifdef _KERNEL
1625 1625 keysched = (aes_key_t *)kmem_alloc(sizeof (aes_key_t), kmflag);
1626 1626 #else /* !_KERNEL */
1627 1627 keysched = (aes_key_t *)malloc(sizeof (aes_key_t));
1628 1628 #endif /* _KERNEL */
1629 1629
1630 1630 if (keysched != NULL) {
1631 1631 *size = sizeof (aes_key_t);
1632 1632 return (keysched);
1633 1633 }
1634 1634 /* EXPORT DELETE END */
1635 1635 return (NULL);
1636 1636 }
1637 1637
1638 1638 void
1639 1639 aes_copy_block(uint8_t *in, uint8_t *out)
1640 1640 {
1641 1641 if (IS_P2ALIGNED(in, sizeof (uint32_t)) &&
1642 1642 IS_P2ALIGNED(out, sizeof (uint32_t))) {
1643 1643 /* LINTED: pointer alignment */
1644 1644 *(uint32_t *)&out[0] = *(uint32_t *)&in[0];
1645 1645 /* LINTED: pointer alignment */
1646 1646 *(uint32_t *)&out[4] = *(uint32_t *)&in[4];
1647 1647 /* LINTED: pointer alignment */
1648 1648 *(uint32_t *)&out[8] = *(uint32_t *)&in[8];
1649 1649 /* LINTED: pointer alignment */
1650 1650 *(uint32_t *)&out[12] = *(uint32_t *)&in[12];
1651 1651 } else {
1652 1652 AES_COPY_BLOCK(in, out);
1653 1653 }
1654 1654 }
1655 1655
1656 1656 /* XOR block of data into dest */
1657 1657 void
1658 1658 aes_xor_block(uint8_t *data, uint8_t *dst)
1659 1659 {
1660 1660 if (IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
1661 1661 IS_P2ALIGNED(data, sizeof (uint32_t))) {
1662 1662 /* LINTED: pointer alignment */
1663 1663 *(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
1664 1664 /* LINTED: pointer alignment */
1665 1665 *(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
1666 1666 /* LINTED: pointer alignment */
1667 1667 *(uint32_t *)&dst[8] ^= *(uint32_t *)&data[8];
1668 1668 /* LINTED: pointer alignment */
1669 1669 *(uint32_t *)&dst[12] ^= *(uint32_t *)&data[12];
1670 1670 } else {
1671 1671 AES_XOR_BLOCK(data, dst);
1672 1672 }
1673 1673 }
1674 1674
1675 1675 /*
1676 1676 * Encrypt multiple blocks of data according to mode.
1677 1677 */
1678 1678 /* ARGSUSED */
1679 1679 int
1680 1680 aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
1681 1681 crypto_data_t *out)
1682 1682 {
1683 1683 aes_ctx_t *aes_ctx = ctx;
1684 1684 int rv;
1685 1685
1686 1686 if (aes_ctx->ac_flags & CTR_MODE) {
1687 1687 rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
1688 1688 AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
1689 1689 #ifdef _KERNEL
1690 1690 } else if (aes_ctx->ac_flags & CCM_MODE) {
1691 1691 rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length,
1692 1692 out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
1693 1693 aes_xor_block);
1694 1694 #endif
1695 1695 } else if (aes_ctx->ac_flags & CBC_MODE) {
1696 1696 rv = cbc_encrypt_contiguous_blocks(ctx,
1697 1697 data, length, out, AES_BLOCK_LEN, aes_encrypt_block,
1698 1698 aes_copy_block, aes_xor_block);
1699 1699 } else {
1700 1700 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
1701 1701 AES_BLOCK_LEN, aes_encrypt_block);
1702 1702 }
1703 1703 return (rv);
1704 1704 }
1705 1705
1706 1706 /*
1707 1707 * Decrypt multiple blocks of data according to mode.
1708 1708 */
1709 1709 int
1710 1710 aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
1711 1711 crypto_data_t *out)
1712 1712 {
1713 1713 aes_ctx_t *aes_ctx = ctx;
1714 1714 int rv;
1715 1715
1716 1716 if (aes_ctx->ac_flags & CTR_MODE) {
1717 1717 rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
1718 1718 AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
1719 1719 if (rv == CRYPTO_DATA_LEN_RANGE)
1720 1720 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
1721 1721 #ifdef _KERNEL
1722 1722 } else if (aes_ctx->ac_flags & CCM_MODE) {
1723 1723 rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length,
1724 1724 out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
1725 1725 aes_xor_block);
1726 1726 #endif
1727 1727 } else if (aes_ctx->ac_flags & CBC_MODE) {
1728 1728 rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
1729 1729 AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block,
1730 1730 aes_xor_block);
1731 1731 } else {
1732 1732 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
1733 1733 AES_BLOCK_LEN, aes_decrypt_block);
1734 1734 if (rv == CRYPTO_DATA_LEN_RANGE)
1735 1735 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
1736 1736 }
1737 1737 return (rv);
1738 1738 }
|
↓ open down ↓ |
129 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX