Print this page
5007142 Add ntohll and htonll to sys/byteorder.h
6717509 Need to use bswap/bswapq for byte swap of 64-bit integer on x32/x64
PSARC 2008/474
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/common/crypto/aes/aes_impl.c
+++ new/usr/src/common/crypto/aes/aes_impl.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 -#pragma ident "%Z%%M% %I% %E% SMI"
27 -
28 26 #include <sys/types.h>
29 27 #include <sys/systm.h>
30 28 #include <sys/ddi.h>
31 29 #include <sys/sysmacros.h>
32 30 #include <sys/strsun.h>
33 31 #include <netinet/in.h>
34 32 #include <sys/crypto/spi.h>
35 33 #include <modes/modes.h>
36 34 #include "aes_impl.h"
37 35 #ifndef _KERNEL
38 36 #include <strings.h>
39 37 #include <stdlib.h>
40 38 #endif /* !_KERNEL */
41 39
42 40
43 41 /*
44 42 * This file is derived from the file rijndael-alg-fst.c taken from the
45 43 * "optimized C code v3.0" on the "rijndael home page"
46 44 * http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/
47 45 * pointed by the NIST web-site http://csrc.nist.gov/archive/aes/
48 46 *
49 47 * The following note is from the original file:
50 48 */
51 49
52 50 /*
53 51 * rijndael-alg-fst.c
54 52 *
55 53 * @version 3.0 (December 2000)
56 54 *
57 55 * Optimised ANSI C code for the Rijndael cipher (now AES)
58 56 *
59 57 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
60 58 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
61 59 * @author Paulo Barreto <paulo.barreto@terra.com.br>
62 60 *
63 61 * This code is hereby placed in the public domain.
64 62 *
65 63 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
66 64 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
67 65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
68 66 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
69 67 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
70 68 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
71 69 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
72 70 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
73 71 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
74 72 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
75 73 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
76 74 */
77 75
78 76 /* EXPORT DELETE START */
79 77
80 78 #if defined(sun4u) || defined(__amd64)
81 79 /* External assembly functions: */
82 80 extern void aes_encrypt_impl(const uint32_t rk[], int Nr, const uint32_t pt[4],
83 81 uint32_t ct[4]);
84 82 extern void aes_decrypt_impl(const uint32_t rk[], int Nr, const uint32_t ct[4],
85 83 uint32_t pt[4]);
86 84 #define AES_ENCRYPT_IMPL aes_encrypt_impl
87 85 #define AES_DECRYPT_IMPL aes_decrypt_impl
88 86
89 87 #ifdef __amd64
90 88 extern int rijndael_key_setup_enc(uint32_t rk[], const uint32_t cipherKey[],
91 89 int keyBits);
92 90 extern int rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[],
93 91 int keyBits);
94 92 #endif
95 93
96 94 #else
97 95 #define AES_ENCRYPT_IMPL rijndael_encrypt
98 96 #define AES_DECRYPT_IMPL rijndael_decrypt
99 97 #define rijndael_key_setup_enc_raw rijndael_key_setup_enc
100 98 #endif /* sun4u || __amd64 */
101 99
102 100 #if defined(_LITTLE_ENDIAN) && !defined(__amd64)
103 101 #define AES_BYTE_SWAP
104 102 #endif
105 103
106 104 #ifndef __amd64
107 105 /*
108 106 * Constant tables
109 107 */
110 108
111 109 /*
112 110 * Te0[x] = S [x].[02, 01, 01, 03];
113 111 * Te1[x] = S [x].[03, 02, 01, 01];
114 112 * Te2[x] = S [x].[01, 03, 02, 01];
115 113 * Te3[x] = S [x].[01, 01, 03, 02];
116 114 * Te4[x] = S [x].[01, 01, 01, 01];
117 115 *
118 116 * Td0[x] = Si[x].[0e, 09, 0d, 0b];
119 117 * Td1[x] = Si[x].[0b, 0e, 09, 0d];
120 118 * Td2[x] = Si[x].[0d, 0b, 0e, 09];
121 119 * Td3[x] = Si[x].[09, 0d, 0b, 0e];
122 120 * Td4[x] = Si[x].[01, 01, 01, 01];
123 121 */
124 122
125 123 /* Encrypt Sbox constants (for the substitute bytes operation) */
126 124
127 125 static const uint32_t Te0[256] =
128 126 {
129 127 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
130 128 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
131 129 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
132 130 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
133 131 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
134 132 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
135 133 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
136 134 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
137 135 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
138 136 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
139 137 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
140 138 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
141 139 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
142 140 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
143 141 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
144 142 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
145 143 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
146 144 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
147 145 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
148 146 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
149 147 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
150 148 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
151 149 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
152 150 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
153 151 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
154 152 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
155 153 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
156 154 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
157 155 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
158 156 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
159 157 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
160 158 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
161 159 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
162 160 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
163 161 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
164 162 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
165 163 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
166 164 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
167 165 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
168 166 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
169 167 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
170 168 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
171 169 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
172 170 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
173 171 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
174 172 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
175 173 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
176 174 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
177 175 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
178 176 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
179 177 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
180 178 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
181 179 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
182 180 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
183 181 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
184 182 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
185 183 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
186 184 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
187 185 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
188 186 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
189 187 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
190 188 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
191 189 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
192 190 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU
193 191 };
194 192
195 193
196 194 static const uint32_t Te1[256] =
197 195 {
198 196 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
199 197 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
200 198 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
201 199 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
202 200 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
203 201 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
204 202 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
205 203 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
206 204 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
207 205 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
208 206 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
209 207 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
210 208 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
211 209 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
212 210 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
213 211 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
214 212 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
215 213 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
216 214 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
217 215 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
218 216 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
219 217 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
220 218 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
221 219 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
222 220 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
223 221 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
224 222 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
225 223 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
226 224 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
227 225 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
228 226 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
229 227 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
230 228 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
231 229 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
232 230 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
233 231 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
234 232 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
235 233 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
236 234 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
237 235 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
238 236 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
239 237 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
240 238 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
241 239 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
242 240 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
243 241 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
244 242 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
245 243 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
246 244 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
247 245 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
248 246 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
249 247 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
250 248 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
251 249 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
252 250 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
253 251 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
254 252 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
255 253 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
256 254 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
257 255 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
258 256 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
259 257 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
260 258 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
261 259 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U
262 260 };
263 261
264 262
265 263 static const uint32_t Te2[256] =
266 264 {
267 265 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
268 266 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
269 267 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
270 268 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
271 269 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
272 270 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
273 271 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
274 272 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
275 273 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
276 274 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
277 275 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
278 276 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
279 277 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
280 278 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
281 279 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
282 280 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
283 281 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
284 282 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
285 283 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
286 284 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
287 285 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
288 286 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
289 287 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
290 288 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
291 289 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
292 290 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
293 291 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
294 292 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
295 293 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
296 294 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
297 295 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
298 296 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
299 297 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
300 298 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
301 299 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
302 300 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
303 301 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
304 302 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
305 303 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
306 304 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
307 305 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
308 306 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
309 307 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
310 308 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
311 309 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
312 310 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
313 311 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
314 312 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
315 313 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
316 314 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
317 315 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
318 316 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
319 317 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
320 318 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
321 319 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
322 320 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
323 321 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
324 322 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
325 323 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
326 324 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
327 325 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
328 326 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
329 327 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
330 328 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U
331 329 };
332 330
333 331
334 332 static const uint32_t Te3[256] =
335 333 {
336 334 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
337 335 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
338 336 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
339 337 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
340 338 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
341 339 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
342 340 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
343 341 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
344 342 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
345 343 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
346 344 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
347 345 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
348 346 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
349 347 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
350 348 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
351 349 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
352 350 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
353 351 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
354 352 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
355 353 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
356 354 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
357 355 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
358 356 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
359 357 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
360 358 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
361 359 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
362 360 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
363 361 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
364 362 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
365 363 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
366 364 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
367 365 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
368 366 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
369 367 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
370 368 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
371 369 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
372 370 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
373 371 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
374 372 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
375 373 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
376 374 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
377 375 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
378 376 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
379 377 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
380 378 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
381 379 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
382 380 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
383 381 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
384 382 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
385 383 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
386 384 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
387 385 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
388 386 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
389 387 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
390 388 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
391 389 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
392 390 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
393 391 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
394 392 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
395 393 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
396 394 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
397 395 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
398 396 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
399 397 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU
400 398 };
401 399
402 400 static const uint32_t Te4[256] =
403 401 {
404 402 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
405 403 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
406 404 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
407 405 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
408 406 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
409 407 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
410 408 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
411 409 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
412 410 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
413 411 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
414 412 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
415 413 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
416 414 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
417 415 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
418 416 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
419 417 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
420 418 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
421 419 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
422 420 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
423 421 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
424 422 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
425 423 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
426 424 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
427 425 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
428 426 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
429 427 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
430 428 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
431 429 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
432 430 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
433 431 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
434 432 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
435 433 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
436 434 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
437 435 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
438 436 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
439 437 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
440 438 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
441 439 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
442 440 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
443 441 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
444 442 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
445 443 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
446 444 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
447 445 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
448 446 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
449 447 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
450 448 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
451 449 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
452 450 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
453 451 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
454 452 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
455 453 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
456 454 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
457 455 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
458 456 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
459 457 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
460 458 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
461 459 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
462 460 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
463 461 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
464 462 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
465 463 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
466 464 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
467 465 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U
468 466 };
469 467
470 468 /* Decrypt Sbox constants (for the substitute bytes operation) */
471 469
472 470 static const uint32_t Td0[256] =
473 471 {
474 472 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
475 473 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
476 474 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
477 475 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
478 476 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
479 477 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
480 478 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
481 479 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
482 480 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
483 481 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
484 482 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
485 483 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
486 484 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
487 485 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
488 486 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
489 487 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
490 488 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
491 489 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
492 490 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
493 491 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
494 492 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
495 493 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
496 494 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
497 495 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
498 496 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
499 497 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
500 498 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
501 499 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
502 500 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
503 501 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
504 502 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
505 503 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
506 504 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
507 505 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
508 506 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
509 507 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
510 508 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
511 509 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
512 510 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
513 511 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
514 512 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
515 513 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
516 514 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
517 515 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
518 516 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
519 517 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
520 518 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
521 519 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
522 520 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
523 521 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
524 522 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
525 523 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
526 524 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
527 525 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
528 526 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
529 527 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
530 528 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
531 529 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
532 530 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
533 531 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
534 532 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
535 533 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
536 534 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
537 535 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U
538 536 };
539 537
540 538 static const uint32_t Td1[256] =
541 539 {
542 540 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
543 541 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
544 542 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
545 543 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
546 544 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
547 545 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
548 546 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
549 547 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
550 548 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
551 549 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
552 550 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
553 551 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
554 552 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
555 553 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
556 554 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
557 555 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
558 556 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
559 557 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
560 558 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
561 559 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
562 560 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
563 561 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
564 562 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
565 563 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
566 564 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
567 565 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
568 566 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
569 567 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
570 568 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
571 569 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
572 570 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
573 571 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
574 572 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
575 573 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
576 574 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
577 575 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
578 576 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
579 577 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
580 578 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
581 579 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
582 580 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
583 581 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
584 582 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
585 583 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
586 584 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
587 585 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
588 586 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
589 587 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
590 588 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
591 589 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
592 590 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
593 591 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
594 592 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
595 593 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
596 594 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
597 595 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
598 596 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
599 597 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
600 598 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
601 599 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
602 600 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
603 601 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
604 602 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
605 603 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U
606 604 };
607 605
608 606 static const uint32_t Td2[256] =
609 607 {
610 608 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
611 609 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
612 610 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
613 611 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
614 612 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
615 613 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
616 614 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
617 615 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
618 616 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
619 617 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
620 618 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
621 619 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
622 620 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
623 621 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
624 622 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
625 623 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
626 624 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
627 625 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
628 626 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
629 627 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
630 628 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
631 629 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
632 630 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
633 631 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
634 632 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
635 633 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
636 634 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
637 635 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
638 636 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
639 637 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
640 638 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
641 639 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
642 640 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
643 641 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
644 642 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
645 643 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
646 644 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
647 645 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
648 646 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
649 647 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
650 648 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
651 649 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
652 650 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
653 651 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
654 652 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
655 653 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
656 654 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
657 655 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
658 656 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
659 657 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
660 658 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
661 659 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
662 660 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
663 661 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
664 662 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
665 663 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
666 664 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
667 665 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
668 666 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
669 667 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
670 668 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
671 669 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
672 670 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
673 671 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U
674 672 };
675 673
676 674 static const uint32_t Td3[256] =
677 675 {
678 676 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
679 677 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
680 678 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
681 679 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
682 680 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
683 681 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
684 682 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
685 683 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
686 684 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
687 685 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
688 686 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
689 687 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
690 688 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
691 689 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
692 690 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
693 691 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
694 692 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
695 693 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
696 694 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
697 695 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
698 696 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
699 697 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
700 698 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
701 699 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
702 700 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
703 701 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
704 702 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
705 703 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
706 704 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
707 705 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
708 706 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
709 707 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
710 708 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
711 709 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
712 710 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
713 711 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
714 712 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
715 713 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
716 714 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
717 715 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
718 716 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
719 717 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
720 718 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
721 719 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
722 720 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
723 721 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
724 722 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
725 723 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
726 724 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
727 725 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
728 726 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
729 727 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
730 728 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
731 729 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
732 730 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
733 731 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
734 732 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
735 733 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
736 734 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
737 735 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
738 736 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
739 737 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
740 738 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
741 739 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U
742 740 };
743 741
744 742
745 743 static const uint32_t Td4[256] =
746 744 {
747 745 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
748 746 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
749 747 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
750 748 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
751 749 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
752 750 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
753 751 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
754 752 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
755 753 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
756 754 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
757 755 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
758 756 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
759 757 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
760 758 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
761 759 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
762 760 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
763 761 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
764 762 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
765 763 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
766 764 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
767 765 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
768 766 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
769 767 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
770 768 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
771 769 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
772 770 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
773 771 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
774 772 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
775 773 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
776 774 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
777 775 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
778 776 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
779 777 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
780 778 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
781 779 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
782 780 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
783 781 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
784 782 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
785 783 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
786 784 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
787 785 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
788 786 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
789 787 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
790 788 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
791 789 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
792 790 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
793 791 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
794 792 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
795 793 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
796 794 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
797 795 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
798 796 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
799 797 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
800 798 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
801 799 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
802 800 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
803 801 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
804 802 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
805 803 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
806 804 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
807 805 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
808 806 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
809 807 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
810 808 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU
811 809 };
812 810
813 811 /* Rcon is Round Constant; used for encryption key expansion */
814 812 static const uint32_t rcon[RC_LENGTH] =
815 813 {
816 814 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
817 815 0x01000000, 0x02000000, 0x04000000, 0x08000000,
818 816 0x10000000, 0x20000000, 0x40000000, 0x80000000,
819 817 0x1B000000, 0x36000000
820 818 };
821 819
822 820
823 821 /*
824 822 * Expand the cipher key into the encryption key schedule.
825 823 *
826 824 * Return the number of rounds for the given cipher key size.
827 825 * The size of the key schedule depends on the number of rounds
828 826 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
829 827 *
830 828 * Parameters:
831 829 * rk AES key schedule 32-bit array to be initialized
832 830 * cipherKey User key
833 831 * keyBits AES key size (128, 192, or 256 bits)
834 832 */
835 833 static int
836 834 rijndael_key_setup_enc_raw(uint32_t rk[], const uint32_t cipherKey[],
837 835 int keyBits)
838 836 {
839 837 int i = 0;
840 838 uint32_t temp;
841 839
842 840 rk[0] = cipherKey[0];
843 841 rk[1] = cipherKey[1];
844 842 rk[2] = cipherKey[2];
845 843 rk[3] = cipherKey[3];
846 844
847 845 if (keyBits == 128) {
848 846 for (;;) {
849 847 temp = rk[3];
850 848 rk[4] = rk[0] ^
851 849 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
852 850 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
853 851 (Te4[temp & 0xff] & 0x0000ff00) ^
854 852 (Te4[temp >> 24] & 0x000000ff) ^
855 853 rcon[i];
856 854 rk[5] = rk[1] ^ rk[4];
857 855 rk[6] = rk[2] ^ rk[5];
858 856 rk[7] = rk[3] ^ rk[6];
859 857
860 858 if (++i == 10) {
861 859 return (10);
862 860 }
863 861 rk += 4;
864 862 }
865 863 }
866 864
867 865 rk[4] = cipherKey[4];
868 866 rk[5] = cipherKey[5];
869 867
870 868 if (keyBits == 192) {
871 869 for (;;) {
872 870 temp = rk[5];
873 871 rk[6] = rk[0] ^
874 872 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
875 873 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
876 874 (Te4[temp & 0xff] & 0x0000ff00) ^
877 875 (Te4[temp >> 24] & 0x000000ff) ^
878 876 rcon[i];
879 877 rk[7] = rk[1] ^ rk[6];
880 878 rk[8] = rk[2] ^ rk[7];
881 879 rk[9] = rk[3] ^ rk[8];
882 880
883 881 if (++i == 8) {
884 882 return (12);
885 883 }
886 884
887 885 rk[10] = rk[4] ^ rk[9];
888 886 rk[11] = rk[5] ^ rk[10];
889 887 rk += 6;
890 888 }
891 889 }
892 890
893 891 rk[6] = cipherKey[6];
894 892 rk[7] = cipherKey[7];
895 893
896 894 if (keyBits == 256) {
897 895 for (;;) {
898 896 temp = rk[7];
899 897 rk[8] = rk[0] ^
900 898 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
901 899 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
902 900 (Te4[temp & 0xff] & 0x0000ff00) ^
903 901 (Te4[temp >> 24] & 0x000000ff) ^
904 902 rcon[i];
905 903 rk[9] = rk[1] ^ rk[8];
906 904 rk[10] = rk[2] ^ rk[9];
907 905 rk[11] = rk[3] ^ rk[10];
908 906
909 907 if (++i == 7) {
910 908 return (14);
911 909 }
912 910 temp = rk[11];
913 911 rk[12] = rk[4] ^
914 912 (Te4[temp >> 24] & 0xff000000) ^
915 913 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
916 914 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
917 915 (Te4[temp & 0xff] & 0x000000ff);
918 916 rk[13] = rk[5] ^ rk[12];
919 917 rk[14] = rk[6] ^ rk[13];
920 918 rk[15] = rk[7] ^ rk[14];
921 919
922 920 rk += 8;
923 921 }
924 922 }
925 923
926 924 return (0);
927 925 }
928 926 #endif /* !__amd64 */
929 927
930 928
931 929 #ifdef sun4u
932 930
933 931 /*
934 932 * Expand the cipher key into the encryption key schedule.
935 933 * by the sun4u optimized assembly implementation.
936 934 *
937 935 * Return the number of rounds for the given cipher key size.
938 936 * The size of the key schedule depends on the number of rounds
939 937 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
940 938 *
941 939 * Parameters:
942 940 * rk AES key schedule 64-bit array to be initialized
943 941 * cipherKey User key
944 942 * keyBits AES key size (128, 192, or 256 bits)
945 943 */
946 944 static int
947 945 rijndael_key_setup_enc(uint64_t rk[], const uint32_t cipherKey[], int keyBits)
948 946 {
949 947 uint32_t rk1[4 * (MAX_AES_NR + 1)];
950 948 uint64_t *rk64 = (uint64_t *)rk;
951 949 uint32_t *rkt;
952 950 uint64_t t;
953 951 int i, Nr;
954 952
955 953 Nr = rijndael_key_setup_enc_raw(rk1, cipherKey, keyBits);
956 954
957 955 for (i = 0; i < 4 * Nr; i++) {
958 956 t = (uint64_t)(rk1[i]);
959 957 rk64[i] = ((t & 0xff000000) << 11) |
960 958 ((t & 0xff0000) << 8) |
961 959 ((t & 0xffff) << 3);
962 960 }
963 961
964 962 rkt = (uint32_t *)(&(rk64[4 * Nr]));
965 963
966 964 for (i = 0; i < 4; i++) {
967 965 rkt[i] = rk1[4 * Nr+i];
968 966 }
969 967
970 968 return (Nr);
971 969 }
972 970
973 971
974 972 /*
975 973 * Expand the cipher key into the decryption key schedule as used
976 974 * by the sun4u optimized assembly implementation.
977 975 *
978 976 * Return the number of rounds for the given cipher key size.
979 977 * The size of the key schedule depends on the number of rounds
980 978 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
981 979 *
982 980 * Parameters:
983 981 * rk AES key schedule 32-bit array to be initialized
984 982 * cipherKey User key
985 983 * keyBits AES key size (128, 192, or 256 bits)
986 984 */
987 985 static int
988 986 rijndael_key_setup_dec_raw(uint32_t rk[], const uint32_t cipherKey[],
989 987 int keyBits)
990 988 {
991 989 int Nr, i;
992 990 uint32_t temp;
993 991
994 992 /* expand the cipher key: */
995 993 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits);
996 994
997 995 /* invert the order of the round keys: */
998 996
999 997 for (i = 0; i < 2 * Nr + 2; i++) {
1000 998 temp = rk[i];
1001 999 rk[i] = rk[4 * Nr - i + 3];
1002 1000 rk[4 * Nr - i + 3] = temp;
1003 1001 }
1004 1002
1005 1003 /*
1006 1004 * apply the inverse MixColumn transform to all
1007 1005 * round keys but the first and the last:
1008 1006 */
1009 1007 for (i = 1; i < Nr; i++) {
1010 1008 rk += 4;
1011 1009 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^
1012 1010 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1013 1011 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1014 1012 Td3[Te4[rk[0] & 0xff] & 0xff];
1015 1013 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^
1016 1014 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1017 1015 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1018 1016 Td3[Te4[rk[1] & 0xff] & 0xff];
1019 1017 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^
1020 1018 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1021 1019 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1022 1020 Td3[Te4[rk[2] & 0xff] & 0xff];
1023 1021 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^
1024 1022 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1025 1023 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1026 1024 Td3[Te4[rk[3] & 0xff] & 0xff];
1027 1025 }
1028 1026
1029 1027 return (Nr);
1030 1028 }
1031 1029
1032 1030
1033 1031 /*
1034 1032 * The size of the key schedule depends on the number of rounds
1035 1033 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1036 1034 *
1037 1035 * Parameters:
1038 1036 * rk AES key schedule 64-bit array to be initialized
1039 1037 * cipherKey User key
1040 1038 * keyBits AES key size (128, 192, or 256 bits)
1041 1039 */
1042 1040 static int
1043 1041 rijndael_key_setup_dec(uint64_t rk[], const uint32_t cipherKey[], int keyBits)
1044 1042 {
1045 1043 uint32_t rk1[4 * (MAX_AES_NR + 1)];
1046 1044 uint64_t *rk64 = (uint64_t *)rk;
1047 1045 uint32_t *rkt;
1048 1046 uint64_t t;
1049 1047 int i, Nr;
1050 1048
1051 1049 Nr = rijndael_key_setup_dec_raw(rk1, cipherKey, keyBits);
1052 1050 for (i = 0; i < 4 * Nr; i++) {
1053 1051 t = (uint64_t)(rk1[i]);
1054 1052 rk64[i] = ((t & 0xff000000) << 11) |
1055 1053 ((t & 0xff0000) << 8) |
1056 1054 ((t & 0xffff) << 3);
1057 1055 }
1058 1056
1059 1057 rkt = (uint32_t *)(&(rk64[4 * Nr]));
1060 1058
1061 1059 for (i = 0; i < 4; i++) {
1062 1060 rkt[i] = rk1[4 * Nr + i];
1063 1061 }
1064 1062
1065 1063 return (Nr);
1066 1064 }
1067 1065
1068 1066
1069 1067 /*
1070 1068 * Expand the 64-bit AES cipher key array into the encryption and decryption
1071 1069 * key schedules.
1072 1070 *
1073 1071 * Parameters:
1074 1072 * key AES key schedule to be initialized
1075 1073 * keyarr32 User key
1076 1074 * keyBits AES key size (128, 192, or 256 bits)
1077 1075 */
1078 1076 static void
1079 1077 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits)
1080 1078 {
1081 1079 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks64[0]), keyarr32,
1082 1080 keybits);
1083 1081 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks64[0]), keyarr32,
1084 1082 keybits);
1085 1083 key->type = AES_64BIT_KS;
1086 1084 }
1087 1085
1088 1086
1089 1087 #elif !defined(__amd64)
1090 1088
1091 1089 /*
1092 1090 * Expand the cipher key into the decryption key schedule.
1093 1091 * Return the number of rounds for the given cipher key size.
1094 1092 * The size of the key schedule depends on the number of rounds
1095 1093 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1096 1094 *
1097 1095 * Parameters:
1098 1096 * rk AES key schedule 32-bit array to be initialized
1099 1097 * cipherKey User key
1100 1098 * keyBits AES key size (128, 192, or 256 bits)
1101 1099 */
1102 1100 static int
1103 1101 rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[], int keyBits)
1104 1102 {
1105 1103 int Nr, i, j;
1106 1104 uint32_t temp;
1107 1105
1108 1106 /* expand the cipher key: */
1109 1107 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits);
1110 1108
1111 1109 /* invert the order of the round keys: */
1112 1110 for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4) {
1113 1111 temp = rk[i];
1114 1112 rk[i] = rk[j];
1115 1113 rk[j] = temp;
1116 1114 temp = rk[i + 1];
1117 1115 rk[i + 1] = rk[j + 1];
1118 1116 rk[j + 1] = temp;
1119 1117 temp = rk[i + 2];
1120 1118 rk[i + 2] = rk[j + 2];
1121 1119 rk[j + 2] = temp;
1122 1120 temp = rk[i + 3];
1123 1121 rk[i + 3] = rk[j + 3];
1124 1122 rk[j + 3] = temp;
1125 1123 }
1126 1124
1127 1125 /*
1128 1126 * apply the inverse MixColumn transform to all
1129 1127 * round keys but the first and the last:
1130 1128 */
1131 1129 for (i = 1; i < Nr; i++) {
1132 1130 rk += 4;
1133 1131 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^
1134 1132 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1135 1133 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1136 1134 Td3[Te4[rk[0] & 0xff] & 0xff];
1137 1135 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^
1138 1136 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1139 1137 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1140 1138 Td3[Te4[rk[1] & 0xff] & 0xff];
1141 1139 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^
1142 1140 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1143 1141 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1144 1142 Td3[Te4[rk[2] & 0xff] & 0xff];
1145 1143 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^
1146 1144 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1147 1145 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1148 1146 Td3[Te4[rk[3] & 0xff] & 0xff];
1149 1147 }
1150 1148
1151 1149 return (Nr);
1152 1150 }
1153 1151
1154 1152
1155 1153 /*
1156 1154 * Encrypt one block of data. The block is assumed to be an array
1157 1155 * of four uint32_t values, so copy for alignment (and byte-order
1158 1156 * reversal for little endian systems might be necessary on the
1159 1157 * input and output byte streams.
1160 1158 * The size of the key schedule depends on the number of rounds
1161 1159 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1162 1160 *
1163 1161 * Parameters:
1164 1162 * rk Key schedule, of aes_ks_t (60 32-bit integers)
1165 1163 * Nr Number of rounds
1166 1164 * pt Input block (plain text)
1167 1165 * ct Output block (crypto text). Can overlap with pt
1168 1166 */
1169 1167 static void
1170 1168 rijndael_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4],
1171 1169 uint32_t ct[4])
1172 1170 {
1173 1171 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1174 1172 int r;
1175 1173
1176 1174 /*
1177 1175 * map byte array block to cipher state
1178 1176 * and add initial round key:
1179 1177 */
1180 1178
1181 1179 s0 = pt[0] ^ rk[0];
1182 1180 s1 = pt[1] ^ rk[1];
1183 1181 s2 = pt[2] ^ rk[2];
1184 1182 s3 = pt[3] ^ rk[3];
1185 1183
1186 1184 /*
1187 1185 * Nr - 1 full rounds:
1188 1186 */
1189 1187
1190 1188 r = Nr >> 1;
1191 1189
1192 1190 for (;;) {
1193 1191 t0 = Te0[s0 >> 24] ^
1194 1192 Te1[(s1 >> 16) & 0xff] ^
1195 1193 Te2[(s2 >> 8) & 0xff] ^
1196 1194 Te3[s3 & 0xff] ^
1197 1195 rk[4];
1198 1196
1199 1197 t1 = Te0[s1 >> 24] ^
1200 1198 Te1[(s2 >> 16) & 0xff] ^
1201 1199 Te2[(s3 >> 8) & 0xff] ^
1202 1200 Te3[s0 & 0xff] ^
1203 1201 rk[5];
1204 1202
1205 1203 t2 = Te0[s2 >> 24] ^
1206 1204 Te1[(s3 >> 16) & 0xff] ^
1207 1205 Te2[(s0 >> 8) & 0xff] ^
1208 1206 Te3[s1 & 0xff] ^
1209 1207 rk[6];
1210 1208
1211 1209 t3 = Te0[s3 >> 24] ^
1212 1210 Te1[(s0 >> 16) & 0xff] ^
1213 1211 Te2[(s1 >> 8) & 0xff] ^
1214 1212 Te3[s2 & 0xff] ^
1215 1213 rk[7];
1216 1214
1217 1215 rk += 8;
1218 1216
1219 1217 if (--r == 0) {
1220 1218 break;
1221 1219 }
1222 1220
1223 1221 s0 = Te0[t0 >> 24] ^
1224 1222 Te1[(t1 >> 16) & 0xff] ^
1225 1223 Te2[(t2 >> 8) & 0xff] ^
1226 1224 Te3[t3 & 0xff] ^
1227 1225 rk[0];
1228 1226
1229 1227 s1 = Te0[t1 >> 24] ^
1230 1228 Te1[(t2 >> 16) & 0xff] ^
1231 1229 Te2[(t3 >> 8) & 0xff] ^
1232 1230 Te3[t0 & 0xff] ^
1233 1231 rk[1];
1234 1232
1235 1233 s2 = Te0[t2 >> 24] ^
1236 1234 Te1[(t3 >> 16) & 0xff] ^
1237 1235 Te2[(t0 >> 8) & 0xff] ^
1238 1236 Te3[t1 & 0xff] ^
1239 1237 rk[2];
1240 1238
1241 1239 s3 = Te0[t3 >> 24] ^
1242 1240 Te1[(t0 >> 16) & 0xff] ^
1243 1241 Te2[(t1 >> 8) & 0xff] ^
1244 1242 Te3[t2 & 0xff] ^
1245 1243 rk[3];
1246 1244 }
1247 1245
1248 1246 /*
1249 1247 * apply last round and
1250 1248 * map cipher state to byte array block:
1251 1249 */
1252 1250
1253 1251 s0 = (Te4[(t0 >> 24)] & 0xff000000) ^
1254 1252 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1255 1253 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1256 1254 (Te4[t3 & 0xff] & 0x000000ff) ^
1257 1255 rk[0];
1258 1256 ct[0] = s0;
1259 1257
1260 1258 s1 = (Te4[(t1 >> 24)] & 0xff000000) ^
1261 1259 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1262 1260 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1263 1261 (Te4[t0 & 0xff] & 0x000000ff) ^
1264 1262 rk[1];
1265 1263 ct[1] = s1;
1266 1264
1267 1265 s2 = (Te4[(t2 >> 24)] & 0xff000000) ^
1268 1266 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1269 1267 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1270 1268 (Te4[t1 & 0xff] & 0x000000ff) ^
1271 1269 rk[2];
1272 1270 ct[2] = s2;
1273 1271
1274 1272 s3 = (Te4[(t3 >> 24)] & 0xff000000) ^
1275 1273 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1276 1274 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1277 1275 (Te4[t2 & 0xff] & 0x000000ff) ^
1278 1276 rk[3];
1279 1277 ct[3] = s3;
1280 1278 }
1281 1279
1282 1280
1283 1281 /*
1284 1282 * Decrypt one block of data. The block is assumed to be an array
1285 1283 * of four uint32_t values, so copy for alignment (and byte-order
1286 1284 * reversal for little endian systems might be necessary on the
1287 1285 * input and output byte streams.
1288 1286 * The size of the key schedule depends on the number of rounds
1289 1287 * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1290 1288 *
1291 1289 * Parameters:
1292 1290 * rk Key schedule, of aes_ks_t (60 32-bit integers)
1293 1291 * Nr Number of rounds
1294 1292 * ct Input block (crypto text)
1295 1293 * pt Output block (plain text). Can overlap with pt
1296 1294 */
1297 1295 static void
1298 1296 rijndael_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4],
1299 1297 uint32_t pt[4])
1300 1298 {
1301 1299 uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1302 1300 int r;
1303 1301
1304 1302 /*
1305 1303 * map byte array block to cipher state
1306 1304 * and add initial round key:
1307 1305 */
1308 1306 s0 = ct[0] ^ rk[0];
1309 1307 s1 = ct[1] ^ rk[1];
1310 1308 s2 = ct[2] ^ rk[2];
1311 1309 s3 = ct[3] ^ rk[3];
1312 1310
1313 1311 /*
1314 1312 * Nr - 1 full rounds:
1315 1313 */
1316 1314
1317 1315 r = Nr >> 1;
1318 1316
1319 1317 for (;;) {
1320 1318 t0 = Td0[s0 >> 24] ^
1321 1319 Td1[(s3 >> 16) & 0xff] ^
1322 1320 Td2[(s2 >> 8) & 0xff] ^
1323 1321 Td3[s1 & 0xff] ^
1324 1322 rk[4];
1325 1323
1326 1324 t1 = Td0[s1 >> 24] ^
1327 1325 Td1[(s0 >> 16) & 0xff] ^
1328 1326 Td2[(s3 >> 8) & 0xff] ^
1329 1327 Td3[s2 & 0xff] ^
1330 1328 rk[5];
1331 1329
1332 1330 t2 = Td0[s2 >> 24] ^
1333 1331 Td1[(s1 >> 16) & 0xff] ^
1334 1332 Td2[(s0 >> 8) & 0xff] ^
1335 1333 Td3[s3 & 0xff] ^
1336 1334 rk[6];
1337 1335
1338 1336 t3 = Td0[s3 >> 24] ^
1339 1337 Td1[(s2 >> 16) & 0xff] ^
1340 1338 Td2[(s1 >> 8) & 0xff] ^
1341 1339 Td3[s0 & 0xff] ^
1342 1340 rk[7];
1343 1341
1344 1342 rk += 8;
1345 1343
1346 1344 if (--r == 0) {
1347 1345 break;
1348 1346 }
1349 1347
1350 1348 s0 = Td0[t0 >> 24] ^
1351 1349 Td1[(t3 >> 16) & 0xff] ^
1352 1350 Td2[(t2 >> 8) & 0xff] ^
1353 1351 Td3[t1 & 0xff] ^
1354 1352 rk[0];
1355 1353
1356 1354 s1 = Td0[t1 >> 24] ^
1357 1355 Td1[(t0 >> 16) & 0xff] ^
1358 1356 Td2[(t3 >> 8) & 0xff] ^
1359 1357 Td3[t2 & 0xff] ^
1360 1358 rk[1];
1361 1359
1362 1360 s2 = Td0[t2 >> 24] ^
1363 1361 Td1[(t1 >> 16) & 0xff] ^
1364 1362 Td2[(t0 >> 8) & 0xff] ^
1365 1363 Td3[t3 & 0xff] ^
1366 1364 rk[2];
1367 1365
1368 1366 s3 = Td0[t3 >> 24] ^
1369 1367 Td1[(t2 >> 16) & 0xff] ^
1370 1368 Td2[(t1 >> 8) & 0xff] ^
1371 1369 Td3[t0 & 0xff] ^
1372 1370 rk[3];
1373 1371 }
1374 1372
1375 1373 /*
1376 1374 * apply last round and
1377 1375 * map cipher state to byte array block:
1378 1376 */
1379 1377
1380 1378 s0 = (Td4[t0 >> 24] & 0xff000000) ^
1381 1379 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1382 1380 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1383 1381 (Td4[t1 & 0xff] & 0x000000ff) ^
1384 1382 rk[0];
1385 1383 pt[0] = s0;
1386 1384
1387 1385 s1 = (Td4[t1 >> 24] & 0xff000000) ^
1388 1386 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1389 1387 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1390 1388 (Td4[t2 & 0xff] & 0x000000ff) ^
1391 1389 rk[1];
1392 1390 pt[1] = s1;
1393 1391
1394 1392 s2 = (Td4[t2 >> 24] & 0xff000000) ^
1395 1393 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1396 1394 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1397 1395 (Td4[t3 & 0xff] & 0x000000ff) ^
1398 1396 rk[2];
1399 1397 pt[2] = s2;
1400 1398
1401 1399 s3 = (Td4[t3 >> 24] & 0xff000000) ^
1402 1400 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1403 1401 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1404 1402 (Td4[t0 & 0xff] & 0x000000ff) ^
1405 1403 rk[3];
1406 1404 pt[3] = s3;
1407 1405 }
1408 1406 #endif /* sun4u, !__amd64 */
1409 1407
1410 1408 #ifndef sun4u
1411 1409 /*
1412 1410 * Expand the 32-bit AES cipher key array into the encryption and decryption
1413 1411 * key schedules.
1414 1412 *
1415 1413 * Parameters:
1416 1414 * key AES key schedule to be initialized
1417 1415 * keyarr32 User key
1418 1416 * keyBits AES key size (128, 192, or 256 bits)
1419 1417 */
1420 1418 static void
1421 1419 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits)
1422 1420 {
1423 1421 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks32[0]), keyarr32,
1424 1422 keybits);
1425 1423 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks32[0]), keyarr32,
1426 1424 keybits);
1427 1425 key->type = AES_32BIT_KS;
1428 1426 }
1429 1427 #endif /* sun4u */
1430 1428 /* EXPORT DELETE END */
1431 1429
1432 1430
1433 1431 /*
1434 1432 * Initialize key schedules for AES
1435 1433 *
1436 1434 * Parameters:
1437 1435 * cipherKey User key
1438 1436 * keyBits AES key size (128, 192, or 256 bits)
1439 1437 * keysched AES key schedule to be initialized, of type aes_key_t.
1440 1438 * Allocated by aes_alloc_keysched().
1441 1439 */
1442 1440 void
1443 1441 aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, void *keysched)
1444 1442 {
1445 1443 /* EXPORT DELETE START */
1446 1444 aes_key_t *newbie = keysched;
1447 1445 uint_t keysize, i, j;
1448 1446 union {
1449 1447 uint64_t ka64[4];
1450 1448 uint32_t ka32[8];
1451 1449 } keyarr;
1452 1450
1453 1451 switch (keyBits) {
1454 1452 case 128:
1455 1453 newbie->nr = 10;
1456 1454 break;
1457 1455
1458 1456 case 192:
1459 1457 newbie->nr = 12;
1460 1458 break;
1461 1459
1462 1460 case 256:
1463 1461 newbie->nr = 14;
1464 1462 break;
1465 1463
1466 1464 default:
1467 1465 /* should never get here */
1468 1466 return;
1469 1467 }
1470 1468 keysize = keyBits >> 3;
1471 1469
1472 1470 /*
1473 1471 * For _LITTLE_ENDIAN machines (except AMD64), reverse every
1474 1472 * 4 bytes in the key. On _BIG_ENDIAN and AMD64, copy the key
1475 1473 * without reversing bytes.
1476 1474 * For AMD64, do not byte swap for aes_setupkeys().
1477 1475 *
1478 1476 * SPARCv8/v9 uses a key schedule array with 64-bit elements.
1479 1477 * X86/AMD64 uses a key schedule array with 32-bit elements.
1480 1478 */
1481 1479 #ifndef AES_BYTE_SWAP
1482 1480 if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) {
|
↓ open down ↓ |
1445 lines elided |
↑ open up ↑ |
1483 1481 for (i = 0, j = 0; j < keysize; i++, j += 8) {
1484 1482 /* LINTED: pointer alignment */
1485 1483 keyarr.ka64[i] = *((uint64_t *)&cipherKey[j]);
1486 1484 }
1487 1485 } else {
1488 1486 bcopy(cipherKey, keyarr.ka32, keysize);
1489 1487 }
1490 1488
1491 1489 #else /* byte swap */
1492 1490 for (i = 0, j = 0; j < keysize; i++, j += 4) {
1493 - keyarr.ka32[i] = (((uint32_t)cipherKey[j] << 24) |
1494 - ((uint32_t)cipherKey[j + 1] << 16) |
1495 - ((uint32_t)cipherKey[j + 2] << 8) |
1496 - (uint32_t)cipherKey[j + 3]);
1491 + keyarr.ka32[i] = htonl(*(uint32_t *)&cipherKey[j]);
1497 1492 }
1498 1493 #endif
1499 1494
1500 1495 aes_setupkeys(newbie, keyarr.ka32, keyBits);
1501 1496 /* EXPORT DELETE END */
1502 1497 }
1503 1498
1504 1499 /*
1505 1500 * Encrypt one block using AES.
1506 1501 * Align if needed and (for x86 32-bit only) byte-swap.
1507 1502 *
1508 1503 * Parameters:
1509 1504 * ks Key schedule, of type aes_key_t
1510 1505 * pt Input block (plain text)
1511 1506 * ct Output block (crypto text). Can overlap with pt
1512 1507 */
1513 1508 int
1514 1509 aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct)
1515 1510 {
1516 1511 /* EXPORT DELETE START */
1517 1512 aes_key_t *ksch = (aes_key_t *)ks;
1518 1513
1519 1514 #ifndef AES_BYTE_SWAP
1520 1515 if (IS_P2ALIGNED2(pt, ct, sizeof (uint32_t))) {
1521 1516 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr,
1522 1517 /* LINTED: pointer alignment */
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
1523 1518 (uint32_t *)pt, (uint32_t *)ct);
1524 1519 } else {
1525 1520 #endif
1526 1521 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
1527 1522
1528 1523 /* Copy input block into buffer */
1529 1524 #ifndef AES_BYTE_SWAP
1530 1525 bcopy(pt, &buffer, AES_BLOCK_LEN);
1531 1526
1532 1527 #else /* byte swap */
1533 - buffer[0] = (((uint32_t)pt[0] << 24) | ((uint32_t)pt[1] << 16) |
1534 - ((uint32_t)pt[2] << 8) | (uint32_t)pt[3]);
1535 - buffer[1] = (((uint32_t)pt[4] << 24) | ((uint32_t)pt[5] << 16) |
1536 - ((uint32_t)pt[6] << 8) | (uint32_t)pt[7]);
1537 - buffer[2] = (((uint32_t)pt[8] << 24) | ((uint32_t)pt[9] << 16) |
1538 - ((uint32_t)pt[10] << 8) | (uint32_t)pt[11]);
1539 - buffer[3] = (((uint32_t)pt[12] << 24) |
1540 - ((uint32_t)pt[13] << 16) | ((uint32_t)pt[14] << 8) |
1541 - (uint32_t)pt[15]);
1528 + buffer[0] = htonl(*(uint32_t *)&pt[0]);
1529 + buffer[1] = htonl(*(uint32_t *)&pt[4]);
1530 + buffer[2] = htonl(*(uint32_t *)&pt[8]);
1531 + buffer[3] = htonl(*(uint32_t *)&pt[12]);
1542 1532 #endif
1543 1533
1544 1534 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr,
1545 1535 buffer, buffer);
1546 1536
1547 1537 /* Copy result from buffer to output block */
1548 1538 #ifndef AES_BYTE_SWAP
1549 1539 bcopy(&buffer, ct, AES_BLOCK_LEN);
1550 1540 }
1551 1541
1552 1542 #else /* byte swap */
1553 - ct[0] = buffer[0] >> 24;
1554 - ct[1] = buffer[0] >> 16;
1555 - ct[2] = buffer[0] >> 8;
1556 - ct[3] = (uint8_t)buffer[0];
1557 - ct[4] = buffer[1] >> 24;
1558 - ct[5] = buffer[1] >> 16;
1559 - ct[6] = buffer[1] >> 8;
1560 - ct[7] = (uint8_t)buffer[1];
1561 - ct[8] = buffer[2] >> 24;
1562 - ct[9] = buffer[2] >> 16;
1563 - ct[10] = buffer[2] >> 8;
1564 - ct[11] = (uint8_t)buffer[2];
1565 - ct[12] = buffer[3] >> 24;
1566 - ct[13] = buffer[3] >> 16;
1567 - ct[14] = buffer[3] >> 8;
1568 - ct[15] = (uint8_t)buffer[3];
1543 + *(uint32_t *)&ct[0] = htonl(buffer[0]);
1544 + *(uint32_t *)&ct[4] = htonl(buffer[1]);
1545 + *(uint32_t *)&ct[8] = htonl(buffer[2]);
1546 + *(uint32_t *)&ct[12] = htonl(buffer[3]);
1569 1547 #endif
1570 1548 /* EXPORT DELETE END */
1571 1549 return (CRYPTO_SUCCESS);
1572 1550 }
1573 1551
1574 1552 /*
1575 1553 * Decrypt one block using AES.
1576 1554 * Align and byte-swap if needed.
1577 1555 *
1578 1556 * Parameters:
1579 1557 * ks Key schedule, of type aes_key_t
1580 1558 * ct Input block (crypto text)
1581 1559 * pt Output block (plain text). Can overlap with pt
1582 1560 */
1583 1561 int
1584 1562 aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt)
1585 1563 {
1586 1564 /* EXPORT DELETE START */
1587 1565 aes_key_t *ksch = (aes_key_t *)ks;
1588 1566
1589 1567 #ifndef AES_BYTE_SWAP
1590 1568 if (IS_P2ALIGNED2(ct, pt, sizeof (uint32_t))) {
1591 1569 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr,
1592 1570 /* LINTED: pointer alignment */
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
1593 1571 (uint32_t *)ct, (uint32_t *)pt);
1594 1572 } else {
1595 1573 #endif
1596 1574 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
1597 1575
1598 1576 /* Copy input block into buffer */
1599 1577 #ifndef AES_BYTE_SWAP
1600 1578 bcopy(ct, &buffer, AES_BLOCK_LEN);
1601 1579
1602 1580 #else /* byte swap */
1603 - buffer[0] = (((uint32_t)ct[0] << 24) | ((uint32_t)ct[1] << 16) |
1604 - ((uint32_t)ct[2] << 8) | (uint32_t)ct[3]);
1605 -
1606 - buffer[1] = (((uint32_t)ct[4] << 24) | ((uint32_t)ct[5] << 16) |
1607 - ((uint32_t)ct[6] << 8) | (uint32_t)ct[7]);
1608 -
1609 - buffer[2] = (((uint32_t)ct[8] << 24) | ((uint32_t)ct[9] << 16) |
1610 - ((uint32_t)ct[10] << 8) | (uint32_t)ct[11]);
1611 -
1612 - buffer[3] = (((uint32_t)ct[12] << 24) |
1613 - ((uint32_t)ct[13] << 16) | ((uint32_t)ct[14] << 8) |
1614 - (uint32_t)ct[15]);
1581 + buffer[0] = htonl(*(uint32_t *)&ct[0]);
1582 + buffer[1] = htonl(*(uint32_t *)&ct[4]);
1583 + buffer[2] = htonl(*(uint32_t *)&ct[8]);
1584 + buffer[3] = htonl(*(uint32_t *)&ct[12]);
1615 1585 #endif
1616 1586
1617 1587 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr,
1618 1588 buffer, buffer);
1619 1589
1620 1590 /* Copy result from buffer to output block */
1621 1591 #ifndef AES_BYTE_SWAP
1622 1592 bcopy(&buffer, pt, AES_BLOCK_LEN);
1623 1593 }
1624 1594
1625 1595 #else /* byte swap */
1626 - pt[0] = buffer[0] >> 24;
1627 - pt[1] = buffer[0] >> 16;
1628 - pt[2] = buffer[0] >> 8;
1629 - pt[3] = (uint8_t)buffer[0];
1630 - pt[4] = buffer[1] >> 24;
1631 - pt[5] = buffer[1] >> 16;
1632 - pt[6] = buffer[1] >> 8;
1633 - pt[7] = (uint8_t)buffer[1];
1634 - pt[8] = buffer[2] >> 24;
1635 - pt[9] = buffer[2] >> 16;
1636 - pt[10] = buffer[2] >> 8;
1637 - pt[11] = (uint8_t)buffer[2];
1638 - pt[12] = buffer[3] >> 24;
1639 - pt[13] = buffer[3] >> 16;
1640 - pt[14] = buffer[3] >> 8;
1641 - pt[15] = (uint8_t)buffer[3];
1596 + *(uint32_t *)&pt[0] = htonl(buffer[0]);
1597 + *(uint32_t *)&pt[4] = htonl(buffer[1]);
1598 + *(uint32_t *)&pt[8] = htonl(buffer[2]);
1599 + *(uint32_t *)&pt[12] = htonl(buffer[3]);
1642 1600 #endif
1643 1601
1644 1602 /* EXPORT DELETE END */
1645 1603 return (CRYPTO_SUCCESS);
1646 1604 }
1647 1605
1648 1606
1649 1607 /*
1650 1608 * Allocate key schedule for AES.
1651 1609 *
1652 1610 * Return the pointer and set size to the number of bytes allocated.
1653 1611 * Memory allocated must be freed by the caller when done.
1654 1612 *
1655 1613 * Parameters:
1656 1614 * size Size of key schedule allocated, in bytes
1657 1615 * kmflag Flag passed to kmem_alloc(9F); ignored in userland.
1658 1616 */
1659 1617 /* ARGSUSED */
1660 1618 void *
1661 1619 aes_alloc_keysched(size_t *size, int kmflag)
1662 1620 {
1663 1621 /* EXPORT DELETE START */
1664 1622 aes_key_t *keysched;
1665 1623
1666 1624 #ifdef _KERNEL
1667 1625 keysched = (aes_key_t *)kmem_alloc(sizeof (aes_key_t), kmflag);
1668 1626 #else /* !_KERNEL */
1669 1627 keysched = (aes_key_t *)malloc(sizeof (aes_key_t));
1670 1628 #endif /* _KERNEL */
1671 1629
1672 1630 if (keysched != NULL) {
1673 1631 *size = sizeof (aes_key_t);
1674 1632 return (keysched);
1675 1633 }
1676 1634 /* EXPORT DELETE END */
1677 1635 return (NULL);
1678 1636 }
1679 1637
1680 1638 void
1681 1639 aes_copy_block(uint8_t *in, uint8_t *out)
1682 1640 {
1683 1641 if (IS_P2ALIGNED(in, sizeof (uint32_t)) &&
1684 1642 IS_P2ALIGNED(out, sizeof (uint32_t))) {
1685 1643 /* LINTED: pointer alignment */
1686 1644 *(uint32_t *)&out[0] = *(uint32_t *)&in[0];
1687 1645 /* LINTED: pointer alignment */
1688 1646 *(uint32_t *)&out[4] = *(uint32_t *)&in[4];
1689 1647 /* LINTED: pointer alignment */
1690 1648 *(uint32_t *)&out[8] = *(uint32_t *)&in[8];
1691 1649 /* LINTED: pointer alignment */
1692 1650 *(uint32_t *)&out[12] = *(uint32_t *)&in[12];
1693 1651 } else {
1694 1652 AES_COPY_BLOCK(in, out);
1695 1653 }
1696 1654 }
1697 1655
1698 1656 /* XOR block of data into dest */
1699 1657 void
1700 1658 aes_xor_block(uint8_t *data, uint8_t *dst)
1701 1659 {
1702 1660 if (IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
1703 1661 IS_P2ALIGNED(data, sizeof (uint32_t))) {
1704 1662 /* LINTED: pointer alignment */
1705 1663 *(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
1706 1664 /* LINTED: pointer alignment */
1707 1665 *(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
1708 1666 /* LINTED: pointer alignment */
1709 1667 *(uint32_t *)&dst[8] ^= *(uint32_t *)&data[8];
1710 1668 /* LINTED: pointer alignment */
1711 1669 *(uint32_t *)&dst[12] ^= *(uint32_t *)&data[12];
1712 1670 } else {
1713 1671 AES_XOR_BLOCK(data, dst);
1714 1672 }
1715 1673 }
1716 1674
1717 1675 /*
1718 1676 * Encrypt multiple blocks of data according to mode.
1719 1677 */
1720 1678 /* ARGSUSED */
1721 1679 int
1722 1680 aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
1723 1681 crypto_data_t *out)
1724 1682 {
1725 1683 aes_ctx_t *aes_ctx = ctx;
1726 1684 int rv;
1727 1685
1728 1686 if (aes_ctx->ac_flags & CTR_MODE) {
1729 1687 rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
1730 1688 AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
1731 1689 #ifdef _KERNEL
1732 1690 } else if (aes_ctx->ac_flags & CCM_MODE) {
1733 1691 rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length,
1734 1692 out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
1735 1693 aes_xor_block);
1736 1694 #endif
1737 1695 } else if (aes_ctx->ac_flags & CBC_MODE) {
1738 1696 rv = cbc_encrypt_contiguous_blocks(ctx,
1739 1697 data, length, out, AES_BLOCK_LEN, aes_encrypt_block,
1740 1698 aes_copy_block, aes_xor_block);
1741 1699 } else {
1742 1700 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
1743 1701 AES_BLOCK_LEN, aes_encrypt_block);
1744 1702 }
1745 1703 return (rv);
1746 1704 }
1747 1705
1748 1706 /*
1749 1707 * Decrypt multiple blocks of data according to mode.
1750 1708 */
1751 1709 int
1752 1710 aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
1753 1711 crypto_data_t *out)
1754 1712 {
1755 1713 aes_ctx_t *aes_ctx = ctx;
1756 1714 int rv;
1757 1715
1758 1716 if (aes_ctx->ac_flags & CTR_MODE) {
1759 1717 rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
1760 1718 AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
1761 1719 if (rv == CRYPTO_DATA_LEN_RANGE)
1762 1720 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
1763 1721 #ifdef _KERNEL
1764 1722 } else if (aes_ctx->ac_flags & CCM_MODE) {
1765 1723 rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length,
1766 1724 out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
1767 1725 aes_xor_block);
1768 1726 #endif
1769 1727 } else if (aes_ctx->ac_flags & CBC_MODE) {
1770 1728 rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
1771 1729 AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block,
1772 1730 aes_xor_block);
1773 1731 } else {
1774 1732 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
1775 1733 AES_BLOCK_LEN, aes_decrypt_block);
1776 1734 if (rv == CRYPTO_DATA_LEN_RANGE)
1777 1735 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
1778 1736 }
1779 1737 return (rv);
1780 1738 }
|
↓ open down ↓ |
129 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX