xref: /titanic_44/usr/src/common/net/wanboot/crypt/aes.c (revision 694c35faa87b858ecdadfe4fc592615f4eefbb07)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2002-2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * AES implementation taken from public domain. The S-boxes
29  * used by this implmentation are defined by NIST.
30  *
31  * For more information on AES refer to
32  * http://csrc.nist.gov/CryptoToolkit/aes
33  */
34 
35 #include <stdlib.h>
36 #include <sys/sysmacros.h>
37 
38 #include "aes.h"
39 
40 /* Yay for Big-Endian Algorithms! */
41 #ifdef _LITTLE_ENDIAN
42 #define	BSWAP_L(l) (((l & 0xff) << 24) | ((l & 0xff00) <<8) \
43 	| ((l & 0xff0000) >> 8) | ((l & 0xff000000) >>24))
44 #else
45 #define	BSWAP_L(l) (l)
46 #endif
47 
48 #define	GETU32(p) BSWAP_L(*(uint32_t *)(p))
49 #define	PUTU32(ct, st)  *((uint32_t *)(ct)) = BSWAP_L(st)
50 
51 
52 /*
53  * Te0[x] = S [x].[02, 01, 01, 03];
54  * Te1[x] = S [x].[03, 02, 01, 01];
55  * Te2[x] = S [x].[01, 03, 02, 01];
56  * Te3[x] = S [x].[01, 01, 03, 02];
57  * Te4[x] = S [x].[01, 01, 01, 01];
58  *
59  * Td0[x] = Si[x].[0e, 09, 0d, 0b];
60  * Td1[x] = Si[x].[0b, 0e, 09, 0d];
61  * Td2[x] = Si[x].[0d, 0b, 0e, 09];
62  * Td3[x] = Si[x].[09, 0d, 0b, 0e];
63  * Td4[x] = Si[x].[01, 01, 01, 01];
64  */
65 
66 
67 /* S-boxes */
68 static const uint32_t Te0[256] = {
69     0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
70     0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
71     0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
72     0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
73     0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
74     0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
75     0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
76     0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
77     0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
78     0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
79     0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
80     0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
81     0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
82     0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
83     0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
84     0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
85     0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
86     0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
87     0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
88     0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
89     0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
90     0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
91     0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
92     0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
93     0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
94     0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
95     0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
96     0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
97     0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
98     0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
99     0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
100     0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
101     0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
102     0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
103     0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
104     0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
105     0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
106     0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
107     0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
108     0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
109     0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
110     0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
111     0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
112     0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
113     0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
114     0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
115     0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
116     0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
117     0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
118     0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
119     0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
120     0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
121     0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
122     0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
123     0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
124     0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
125     0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
126     0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
127     0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
128     0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
129     0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
130     0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
131     0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
132     0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
133 };
134 static const uint32_t Te1[256] = {
135     0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
136     0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
137     0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
138     0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
139     0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
140     0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
141     0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
142     0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
143     0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
144     0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
145     0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
146     0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
147     0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
148     0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
149     0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
150     0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
151     0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
152     0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
153     0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
154     0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
155     0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
156     0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
157     0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
158     0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
159     0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
160     0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
161     0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
162     0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
163     0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
164     0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
165     0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
166     0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
167     0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
168     0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
169     0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
170     0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
171     0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
172     0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
173     0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
174     0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
175     0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
176     0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
177     0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
178     0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
179     0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
180     0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
181     0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
182     0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
183     0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
184     0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
185     0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
186     0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
187     0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
188     0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
189     0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
190     0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
191     0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
192     0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
193     0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
194     0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
195     0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
196     0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
197     0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
198     0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
199 };
200 static const uint32_t Te2[256] = {
201     0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
202     0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
203     0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
204     0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
205     0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
206     0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
207     0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
208     0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
209     0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
210     0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
211     0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
212     0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
213     0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
214     0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
215     0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
216     0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
217     0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
218     0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
219     0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
220     0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
221     0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
222     0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
223     0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
224     0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
225     0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
226     0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
227     0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
228     0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
229     0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
230     0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
231     0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
232     0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
233     0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
234     0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
235     0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
236     0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
237     0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
238     0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
239     0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
240     0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
241     0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
242     0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
243     0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
244     0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
245     0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
246     0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
247     0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
248     0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
249     0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
250     0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
251     0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
252     0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
253     0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
254     0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
255     0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
256     0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
257     0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
258     0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
259     0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
260     0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
261     0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
262     0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
263     0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
264     0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
265 };
266 static const uint32_t Te3[256] = {
267     0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
268     0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
269     0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
270     0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
271     0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
272     0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
273     0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
274     0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
275     0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
276     0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
277     0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
278     0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
279     0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
280     0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
281     0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
282     0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
283     0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
284     0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
285     0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
286     0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
287     0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
288     0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
289     0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
290     0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
291     0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
292     0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
293     0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
294     0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
295     0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
296     0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
297     0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
298     0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
299     0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
300     0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
301     0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
302     0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
303     0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
304     0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
305     0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
306     0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
307     0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
308     0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
309     0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
310     0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
311     0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
312     0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
313     0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
314     0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
315     0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
316     0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
317     0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
318     0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
319     0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
320     0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
321     0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
322     0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
323     0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
324     0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
325     0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
326     0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
327     0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
328     0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
329     0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
330     0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
331 };
332 static const uint32_t Te4[256] = {
333     0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
334     0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
335     0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
336     0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
337     0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
338     0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
339     0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
340     0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
341     0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
342     0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
343     0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
344     0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
345     0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
346     0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
347     0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
348     0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
349     0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
350     0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
351     0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
352     0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
353     0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
354     0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
355     0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
356     0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
357     0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
358     0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
359     0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
360     0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
361     0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
362     0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
363     0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
364     0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
365     0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
366     0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
367     0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
368     0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
369     0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
370     0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
371     0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
372     0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
373     0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
374     0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
375     0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
376     0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
377     0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
378     0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
379     0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
380     0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
381     0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
382     0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
383     0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
384     0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
385     0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
386     0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
387     0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
388     0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
389     0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
390     0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
391     0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
392     0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
393     0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
394     0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
395     0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
396     0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
397 };
398 static const uint32_t Td0[256] = {
399     0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
400     0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
401     0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
402     0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
403     0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
404     0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
405     0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
406     0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
407     0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
408     0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
409     0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
410     0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
411     0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
412     0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
413     0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
414     0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
415     0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
416     0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
417     0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
418     0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
419     0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
420     0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
421     0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
422     0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
423     0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
424     0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
425     0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
426     0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
427     0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
428     0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
429     0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
430     0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
431     0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
432     0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
433     0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
434     0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
435     0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
436     0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
437     0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
438     0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
439     0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
440     0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
441     0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
442     0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
443     0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
444     0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
445     0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
446     0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
447     0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
448     0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
449     0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
450     0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
451     0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
452     0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
453     0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
454     0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
455     0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
456     0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
457     0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
458     0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
459     0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
460     0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
461     0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
462     0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
463 };
464 static const uint32_t Td1[256] = {
465     0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
466     0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
467     0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
468     0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
469     0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
470     0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
471     0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
472     0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
473     0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
474     0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
475     0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
476     0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
477     0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
478     0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
479     0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
480     0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
481     0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
482     0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
483     0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
484     0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
485     0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
486     0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
487     0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
488     0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
489     0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
490     0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
491     0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
492     0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
493     0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
494     0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
495     0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
496     0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
497     0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
498     0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
499     0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
500     0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
501     0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
502     0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
503     0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
504     0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
505     0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
506     0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
507     0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
508     0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
509     0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
510     0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
511     0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
512     0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
513     0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
514     0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
515     0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
516     0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
517     0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
518     0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
519     0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
520     0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
521     0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
522     0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
523     0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
524     0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
525     0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
526     0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
527     0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
528     0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
529 };
530 static const uint32_t Td2[256] = {
531     0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
532     0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
533     0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
534     0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
535     0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
536     0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
537     0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
538     0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
539     0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
540     0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
541     0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
542     0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
543     0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
544     0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
545     0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
546     0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
547     0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
548     0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
549     0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
550     0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
551     0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
552     0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
553     0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
554     0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
555     0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
556     0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
557     0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
558     0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
559     0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
560     0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
561     0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
562     0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
563     0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
564     0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
565     0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
566     0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
567     0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
568     0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
569     0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
570     0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
571     0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
572     0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
573     0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
574     0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
575     0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
576     0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
577     0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
578     0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
579     0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
580     0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
581     0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
582     0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
583     0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
584     0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
585     0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
586     0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
587     0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
588     0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
589     0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
590     0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
591     0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
592     0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
593     0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
594     0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
595 };
596 static const uint32_t Td3[256] = {
597     0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
598     0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
599     0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
600     0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
601     0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
602     0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
603     0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
604     0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
605     0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
606     0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
607     0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
608     0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
609     0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
610     0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
611     0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
612     0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
613     0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
614     0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
615     0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
616     0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
617     0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
618     0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
619     0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
620     0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
621     0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
622     0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
623     0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
624     0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
625     0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
626     0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
627     0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
628     0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
629     0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
630     0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
631     0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
632     0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
633     0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
634     0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
635     0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
636     0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
637     0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
638     0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
639     0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
640     0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
641     0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
642     0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
643     0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
644     0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
645     0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
646     0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
647     0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
648     0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
649     0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
650     0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
651     0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
652     0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
653     0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
654     0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
655     0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
656     0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
657     0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
658     0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
659     0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
660     0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
661 };
662 static const uint32_t Td4[256] = {
663     0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
664     0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
665     0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
666     0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
667     0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
668     0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
669     0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
670     0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
671     0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
672     0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
673     0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
674     0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
675     0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
676     0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
677     0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
678     0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
679     0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
680     0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
681     0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
682     0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
683     0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
684     0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
685     0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
686     0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
687     0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
688     0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
689     0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
690     0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
691     0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
692     0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
693     0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
694     0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
695     0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
696     0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
697     0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
698     0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
699     0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
700     0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
701     0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
702     0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
703     0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
704     0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
705     0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
706     0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
707     0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
708     0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
709     0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
710     0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
711     0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
712     0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
713     0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
714     0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
715     0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
716     0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
717     0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
718     0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
719     0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
720     0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
721     0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
722     0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
723     0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
724     0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
725     0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
726     0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
727 };
728 static const uint32_t rcon[] = {
729 	0x01000000, 0x02000000, 0x04000000, 0x08000000,
730 	0x10000000, 0x20000000, 0x40000000, 0x80000000,
731 	0x1B000000, 0x36000000,
732 	/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
733 };
734 typedef struct keysched_s {
735 	uint32_t Nr;
736 	uint32_t rk_e[60]; /* max round key size */
737 	uint32_t rk_d[60]; /* max round key size */
738 } keysched_t;
739 
740 int
aes_init(void ** cookie)741 aes_init(void **cookie)
742 {
743 	if ((*cookie = malloc(sizeof (keysched_t))) == NULL) {
744 		return (-1);
745 	}
746 	return (0);
747 }
748 
749 void
aes_fini(void * cookie)750 aes_fini(void *cookie)
751 {
752 	free(cookie);
753 }
754 
755 void
aes_encrypt(void * cookie,uint8_t * block)756 aes_encrypt(void *cookie, uint8_t *block)
757 {
758 	keysched_t *ksch = (keysched_t *)cookie;
759 	uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
760 	uint32_t *rk = ksch->rk_e;
761 	uint32_t  Nr = ksch->Nr;
762 
763 #if _ALIGNMENT_REQUIRED
764 
765 	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
766 #endif /* _ALIGNMENT_REQUIRED */
767 		/*
768 		 * map byte array block to cipher state
769 		 * and add initial round key:
770 		 */
771 		/*LINTED*/
772 		s0 = GETU32(block) ^ rk[0];
773 		/*LINTED*/
774 		s1 = GETU32(block + 4) ^ rk[1];
775 		/*LINTED*/
776 		s2 = GETU32(block + 8) ^ rk[2];
777 		/*LINTED*/
778 		s3 = GETU32(block + 12) ^ rk[3];
779 
780 #if _ALIGNMENT_REQUIRED
781 	} else {
782 		s0 = (((uint32_t)block[0] << 24) | ((uint32_t)block[1] << 16) |
783 		    ((uint32_t)block[2] << 8) | (uint32_t)block[3]) ^ rk[0];
784 
785 		s1 = (((uint32_t)block[4] << 24) | ((uint32_t)block[5] << 16) |
786 		    ((uint32_t)block[6] << 8) | (uint32_t)block[7]) ^ rk[1];
787 
788 		s2 = (((uint32_t)block[8] << 24) | ((uint32_t)block[9] << 16) |
789 		    ((uint32_t)block[10] << 8) | (uint32_t)block[11]) ^ rk[2];
790 
791 		s3 = (((uint32_t)block[12] << 24) |
792 		    ((uint32_t)block[13] << 16) | ((uint32_t)block[14] << 8) |
793 		    (uint32_t)block[15]) ^ rk[3];
794 	}
795 #endif /* _ALIGNMENT_REQUIRED */
796 
797 	/*
798 	 * Danger Will Robinson, DANGER
799 	 * DATA DEPENDANT TRANSFORMS
800 	 *
801 	 * because s0-s3 t0-t3 are changing every round, tsr* and
802 	 * ssr* are changing in value.
803 	 */
804 
805 #define	tsr0	(Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] \
806 	^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff])
807 #define	tsr1	(Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] \
808 	^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff])
809 #define	tsr2	(Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] \
810 	^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff])
811 #define	tsr3	(Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] \
812 	^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff])
813 #define	ssr0	(Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] \
814 	^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff])
815 #define	ssr1	(Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] \
816 	^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff])
817 #define	ssr2	(Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] \
818 	^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff])
819 #define	ssr3	(Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] \
820 	^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff])
821 
822 	/* round 1: */
823 	t0 = tsr0 ^ rk[4];
824 	t1 = tsr1 ^ rk[5];
825 	t2 = tsr2 ^ rk[6];
826 	t3 = tsr3 ^ rk[7];
827 	/* round 2: */
828 	s0 = ssr0 ^ rk[8];
829 	s1 = ssr1 ^ rk[9];
830 	s2 = ssr2 ^ rk[10];
831 	s3 = ssr3 ^ rk[11];
832 	/* round 3: */
833 	t0 = tsr0 ^ rk[12];
834 	t1 = tsr1 ^ rk[13];
835 	t2 = tsr2 ^ rk[14];
836 	t3 = tsr3 ^ rk[15];
837 	/* round 4: */
838 	s0 = ssr0 ^ rk[16];
839 	s1 = ssr1 ^ rk[17];
840 	s2 = ssr2 ^ rk[18];
841 	s3 = ssr3 ^ rk[19];
842 	/* round 5: */
843 	t0 = tsr0 ^ rk[20];
844 	t1 = tsr1 ^ rk[21];
845 	t2 = tsr2 ^ rk[22];
846 	t3 = tsr3 ^ rk[23];
847 	/* round 6: */
848 	s0 = ssr0 ^ rk[24];
849 	s1 = ssr1 ^ rk[25];
850 	s2 = ssr2 ^ rk[26];
851 	s3 = ssr3 ^ rk[27];
852 	/* round 7: */
853 	t0 = tsr0 ^ rk[28];
854 	t1 = tsr1 ^ rk[29];
855 	t2 = tsr2 ^ rk[30];
856 	t3 = tsr3 ^ rk[31];
857 	/* round 8: */
858 	s0 = ssr0 ^ rk[32];
859 	s1 = ssr1 ^ rk[33];
860 	s2 = ssr2 ^ rk[34];
861 	s3 = ssr3 ^ rk[35];
862 	/* round 9: */
863 	t0 = tsr0 ^ rk[36];
864 	t1 = tsr1 ^ rk[37];
865 	t2 = tsr2 ^ rk[38];
866 	t3 = tsr3 ^ rk[39];
867 	if (Nr > 10) {
868 		/* round 10: */
869 		s0 = ssr0 ^ rk[40];
870 		s1 = ssr1 ^ rk[41];
871 		s2 = ssr2 ^ rk[42];
872 		s3 = ssr3 ^ rk[43];
873 		/* round 11: */
874 		t0 = tsr0 ^ rk[44];
875 		t1 = tsr1 ^ rk[45];
876 		t2 = tsr2 ^ rk[46];
877 		t3 = tsr3 ^ rk[47];
878 		if (Nr > 12) {
879 			/* round 12: */
880 			s0 = ssr0 ^ rk[48];
881 			s1 = ssr1 ^ rk[49];
882 			s2 = ssr2 ^ rk[50];
883 			s3 = ssr3 ^ rk[51];
884 			/* round 13: */
885 			t0 = tsr0 ^ rk[52];
886 			t1 = tsr1 ^ rk[53];
887 			t2 = tsr2 ^ rk[54];
888 			t3 = tsr3 ^ rk[55];
889 		}
890 	}
891 	rk += Nr << 2;
892 
893 	/*
894 	 * apply last round and
895 	 * map cipher state to byte array block:
896 	 */
897 	s0 = (Te4[(t0 >> 24)] & 0xff000000) ^
898 		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
899 		(Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
900 		(Te4[(t3) & 0xff] & 0x000000ff) ^
901 		rk[0];
902 
903 	s1 = (Te4[(t1 >> 24)] & 0xff000000) ^
904 		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
905 		(Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
906 		(Te4[(t0) & 0xff] & 0x000000ff) ^
907 		rk[1];
908 
909 	s2 = (Te4[(t2 >> 24)] & 0xff000000) ^
910 		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
911 		(Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
912 		(Te4[(t1) & 0xff] & 0x000000ff) ^
913 		rk[2];
914 
915 	s3 = (Te4[(t3 >> 24)] & 0xff000000) ^
916 		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
917 		(Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
918 		(Te4[(t2) & 0xff] & 0x000000ff) ^
919 		rk[3];
920 
921 #if _ALIGNMENT_REQUIRED
922 	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
923 #endif /* _ALIGNMENT_REQUIRED */
924 		/*LINTED*/
925 		PUTU32(block, s0);
926 		/*LINTED*/
927 		PUTU32(block + 4, s1);
928 		/*LINTED*/
929 		PUTU32(block + 8, s2);
930 		/*LINTED*/
931 		PUTU32(block + 12, s3);
932 #if _ALIGNMENT_REQUIRED
933 	} else {
934 		block[0] = s0 >> 24;
935 		block[1] = s0 >> 16;
936 		block[2] = s0 >> 8;
937 		block[3] = s0;
938 		block[4] = s1 >> 24;
939 		block[5] = s1 >> 16;
940 		block[6] = s1 >> 8;
941 		block[7] = s1;
942 		block[8] = s2 >> 24;
943 		block[9] = s2 >> 16;
944 		block[10] = s2 >> 8;
945 		block[11] = s2;
946 		block[12] = s3 >> 24;
947 		block[13] = s3 >> 16;
948 		block[14] = s3 >> 8;
949 		block[15] = s3;
950 	}
951 #endif /* _ALIGNMENT_REQUIRED */
952 }
953 
954 
955 /*
956  * Decrypt a block of data.
957  */
958 void
aes_decrypt(void * cookie,uint8_t * block)959 aes_decrypt(void *cookie, uint8_t *block)
960 {
961 	keysched_t *ksch = (keysched_t *)cookie;
962 	uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
963 	uint32_t *rk = ksch->rk_d;
964 	uint32_t Nr = ksch->Nr;
965 
966 #if _ALIGNMENT_REQUIRED
967 	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
968 #endif /* _ALIGNMENT_REQUIRED */
969 		/*
970 		 * map byte array block to cipher state
971 		 * and add initial round key:
972 		 */
973 		/*LINTED*/
974 		s0 = GETU32(block) ^ rk[0];
975 		/*LINTED*/
976 		s1 = GETU32(block + 4) ^ rk[1];
977 		/*LINTED*/
978 		s2 = GETU32(block + 8) ^ rk[2];
979 		/*LINTED*/
980 		s3 = GETU32(block + 12) ^ rk[3];
981 #if _ALIGNMENT_REQUIRED
982 	} else {
983 		s0 = (((uint32_t)block[0] << 24) | ((uint32_t)block[1] << 16) |
984 		    ((uint32_t)block[2] << 8) | (uint32_t)block[3]) ^ rk[0];
985 
986 		s1 = (((uint32_t)block[4] << 24) | ((uint32_t)block[5] << 16) |
987 		    ((uint32_t)block[6] << 8) | (uint32_t)block[7]) ^ rk[1];
988 
989 		s2 = (((uint32_t)block[8] << 24) | ((uint32_t)block[9] << 16) |
990 		    ((uint32_t)block[10] << 8) | (uint32_t)block[11]) ^ rk[2];
991 
992 		s3 = (((uint32_t)block[12] << 24) |
993 		    ((uint32_t)block[13] << 16) | ((uint32_t)block[14] << 8) |
994 		    (uint32_t)block[15]) ^ rk[3];
995 	}
996 #endif /* _ALIGNMENT_REQUIRED */
997 
998 	/*
999 	 * Danger Will Robinson, DANGER
1000 	 * DATA DEPENDANT TRANSFORMS
1001 	 *
1002 	 * because s0-s3 t0-t3 are changing every round, tdsr* and
1003 	 * sdsr* are changing in value.
1004 	 */
1005 
1006 #define	tdsr0	Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] \
1007 	^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff]
1008 #define	tdsr1	Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] \
1009 	^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff]
1010 #define	tdsr2	Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] \
1011 	^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff]
1012 #define	tdsr3	Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] \
1013 	^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff]
1014 #define	sdsr0	Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] \
1015 	^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff]
1016 #define	sdsr1	Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] \
1017 	^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff]
1018 #define	sdsr2	Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] \
1019 	^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff]
1020 #define	sdsr3	Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] \
1021 	^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff]
1022 
1023 	/* round 1: */
1024 	t0 = tdsr0 ^ rk[4];
1025 	t1 = tdsr1 ^ rk[5];
1026 	t2 = tdsr2 ^ rk[6];
1027 	t3 = tdsr3 ^ rk[7];
1028 	/* round 2: */
1029 	s0 = sdsr0 ^ rk[8];
1030 	s1 = sdsr1 ^ rk[9];
1031 	s2 = sdsr2 ^ rk[10];
1032 	s3 = sdsr3 ^ rk[11];
1033 	/* round 3: */
1034 	t0 = tdsr0 ^ rk[12];
1035 	t1 = tdsr1 ^ rk[13];
1036 	t2 = tdsr2 ^ rk[14];
1037 	t3 = tdsr3 ^ rk[15];
1038 	/* round 4: */
1039 	s0 = sdsr0 ^ rk[16];
1040 	s1 = sdsr1 ^ rk[17];
1041 	s2 = sdsr2 ^ rk[18];
1042 	s3 = sdsr3 ^ rk[19];
1043 	/* round 5: */
1044 	t0 = tdsr0 ^ rk[20];
1045 	t1 = tdsr1 ^ rk[21];
1046 	t2 = tdsr2 ^ rk[22];
1047 	t3 = tdsr3 ^ rk[23];
1048 	/* round 6: */
1049 	s0 = sdsr0 ^ rk[24];
1050 	s1 = sdsr1 ^ rk[25];
1051 	s2 = sdsr2 ^ rk[26];
1052 	s3 = sdsr3 ^ rk[27];
1053 	/* round 7: */
1054 	t0 = tdsr0 ^ rk[28];
1055 	t1 = tdsr1 ^ rk[29];
1056 	t2 = tdsr2 ^ rk[30];
1057 	t3 = tdsr3 ^ rk[31];
1058 	/* round 8: */
1059 	s0 = sdsr0 ^ rk[32];
1060 	s1 = sdsr1 ^ rk[33];
1061 	s2 = sdsr2 ^ rk[34];
1062 	s3 = sdsr3 ^ rk[35];
1063 	/* round 9: */
1064 	t0 = tdsr0 ^ rk[36];
1065 	t1 = tdsr1 ^ rk[37];
1066 	t2 = tdsr2 ^ rk[38];
1067 	t3 = tdsr3 ^ rk[39];
1068 	if (Nr > 10) {
1069 		/* round 10: */
1070 		s0 = sdsr0 ^ rk[40];
1071 		s1 = sdsr1 ^ rk[41];
1072 		s2 = sdsr2 ^ rk[42];
1073 		s3 = sdsr3 ^ rk[43];
1074 		/* round 11: */
1075 		t0 = tdsr0 ^ rk[44];
1076 		t1 = tdsr1 ^ rk[45];
1077 		t2 = tdsr2 ^ rk[46];
1078 		t3 = tdsr3 ^ rk[47];
1079 		if (Nr > 12) {
1080 			/* round 12: */
1081 			s0 = sdsr0 ^ rk[48];
1082 			s1 = sdsr1 ^ rk[49];
1083 			s2 = sdsr2 ^ rk[50];
1084 			s3 = sdsr3 ^ rk[51];
1085 			/* round 13: */
1086 			t0 = tdsr0 ^ rk[52];
1087 			t1 = tdsr1 ^ rk[53];
1088 			t2 = tdsr2 ^ rk[54];
1089 			t3 = tdsr3 ^ rk[55];
1090 		}
1091 	}
1092 	rk += Nr << 2;
1093 
1094 	/*
1095 	 * apply last round and
1096 	 * map cipher state to byte array block:
1097 	 */
1098 	s0 =
1099 		(Td4[(t0 >> 24)] & 0xff000000) ^
1100 		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1101 		(Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1102 		(Td4[(t1) & 0xff] & 0x000000ff) ^
1103 		rk[0];
1104 
1105 	s1 =
1106 		(Td4[(t1 >> 24)] & 0xff000000) ^
1107 		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1108 		(Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1109 		(Td4[(t2) & 0xff] & 0x000000ff) ^
1110 		rk[1];
1111 
1112 	s2 =
1113 		(Td4[(t2 >> 24)] & 0xff000000) ^
1114 		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1115 		(Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1116 		(Td4[(t3) & 0xff] & 0x000000ff) ^
1117 		rk[2];
1118 
1119 	s3 =
1120 		(Td4[(t3 >> 24)] & 0xff000000) ^
1121 		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1122 		(Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1123 		(Td4[(t0) & 0xff] & 0x000000ff) ^
1124 		rk[3];
1125 
1126 #if _ALIGNMENT_REQUIRED
1127 	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
1128 #endif /* _ALIGNMENT_REQUIRED */
1129 	/*LINTED*/
1130 	PUTU32(block, s0);
1131 	/*LINTED*/
1132 	PUTU32(block + 4, s1);
1133 	/*LINTED*/
1134 	PUTU32(block + 8, s2);
1135 	/*LINTED*/
1136 	PUTU32(block + 12, s3);
1137 #if _ALIGNMENT_REQUIRED
1138 	} else {
1139 		block[0] = s0 >> 24;
1140 		block[1] = s0 >> 16;
1141 		block[2] = s0 >> 8;
1142 		block[3] = s0;
1143 		block[4] = s1 >> 24;
1144 		block[5] = s1 >> 16;
1145 		block[6] = s1 >> 8;
1146 		block[7] = s1;
1147 		block[8] = s2 >> 24;
1148 		block[9] = s2 >> 16;
1149 		block[10] = s2 >> 8;
1150 		block[11] = s2;
1151 		block[12] = s3 >> 24;
1152 		block[13] = s3 >> 16;
1153 		block[14] = s3 >> 8;
1154 		block[15] = s3;
1155 	}
1156 #endif /* _ALIGNMENT_REQUIRED */
1157 }
1158 
1159 
1160 /*
1161  * For now, just reality-check the key size.
1162  * Just remember to keep an eye open for
1163  * anyone finding weak keys in rijndael/aes.
1164  */
1165 boolean_t
aes_keycheck(const uint8_t * key,uint32_t keysize)1166 aes_keycheck(const uint8_t *key, uint32_t keysize)
1167 {
1168 	if (key == NULL) {
1169 		return (B_FALSE);
1170 	}
1171 
1172 	/* rijndael can work with 160 or 224 */
1173 	/* but, that's not in the AES spec */
1174 	switch (keysize) {
1175 	case AES_128_KEY_SIZE:
1176 	case AES_192_KEY_SIZE:
1177 	case AES_256_KEY_SIZE:
1178 		break;
1179 	default:
1180 		return (B_FALSE);
1181 	}
1182 
1183 	/*
1184 	 * No known weak keys in AES (yet). But if there were,
1185 	 * check here
1186 	 */
1187 	return (B_TRUE);
1188 }
1189 
1190 void
aes_key(void * cookie,const uint8_t * key,uint32_t keysize)1191 aes_key(void *cookie, const uint8_t *key, uint32_t keysize)
1192 {
1193 	keysched_t *ks = (keysched_t *)cookie;
1194 	uint32_t keybits;
1195 	uint32_t Nr;
1196 	uint32_t temp;
1197 	uint32_t *rk_d = ks->rk_d;
1198 	uint32_t *rk_e = ks->rk_e;
1199 	int i = 0;
1200 	int j;
1201 
1202 	keybits = keysize * 8;
1203 	switch (keybits) {
1204 	case 128:
1205 		Nr = ks->Nr = 10;
1206 		break;
1207 
1208 	case 192:
1209 		Nr = ks->Nr = 12;
1210 		break;
1211 
1212 	case 256:
1213 		Nr = ks->Nr = 14;
1214 		break;
1215 
1216 	default:
1217 		/* should never get here */
1218 		return;
1219 	}
1220 
1221 #if _ALIGNMENT_REQUIRED
1222 
1223 	if (IS_P2ALIGNED(key, sizeof (uint32_t))) {
1224 #endif /* _ALIGNMENT_REQUIRED */
1225 		/*
1226 		 * map byte array block to cipher state
1227 		 * and add initial round key:
1228 		 */
1229 		/*LINTED*/
1230 		rk_e[0] = GETU32(key);
1231 		/*LINTED*/
1232 		rk_e[1] = GETU32(key + 4);
1233 		/*LINTED*/
1234 		rk_e[2] = GETU32(key + 8);
1235 		/*LINTED*/
1236 		rk_e[3] = GETU32(key + 12);
1237 
1238 #if _ALIGNMENT_REQUIRED
1239 	} else {
1240 		rk_e[0] = (((uint32_t)key[0] << 24) |
1241 		    ((uint32_t)key[1] << 16) |
1242 		    ((uint32_t)key[2] << 8) | (uint32_t)key[3]);
1243 
1244 		rk_e[1] = (((uint32_t)key[4] << 24) |
1245 		    ((uint32_t)key[5] << 16) |
1246 		    ((uint32_t)key[6] << 8) | (uint32_t)key[7]);
1247 
1248 		rk_e[2] = (((uint32_t)key[8] << 24) |
1249 		    ((uint32_t)key[9] << 16) |
1250 		    ((uint32_t)key[10] << 8) | (uint32_t)key[11]);
1251 
1252 		rk_e[3] = (((uint32_t)key[12] << 24) |
1253 		    ((uint32_t)key[13] << 16) | ((uint32_t)key[14] << 8) |
1254 		    (uint32_t)key[15]);
1255 	}
1256 #endif /* _ALIGNMENT_REQUIRED */
1257 
1258 	if (keybits == 128) {
1259 		for (;;) {
1260 			temp = rk_e[3];
1261 			rk_e[4] = rk_e[0] ^
1262 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1263 				(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1264 				(Te4[(temp) & 0xff] & 0x0000ff00) ^
1265 				(Te4[(temp >> 24)] & 0x000000ff) ^
1266 				rcon[i];
1267 			rk_e[5] = rk_e[1] ^ rk_e[4];
1268 			rk_e[6] = rk_e[2] ^ rk_e[5];
1269 			rk_e[7] = rk_e[3] ^ rk_e[6];
1270 			if (++i == 10) {
1271 				goto finish_keysched;
1272 			}
1273 			rk_e += 4;
1274 		}
1275 	}
1276 #if _ALIGNMENT_REQUIRED
1277 
1278 	if (IS_P2ALIGNED(key, sizeof (uint32_t))) {
1279 #endif /* _ALIGNMENT_REQUIRED */
1280 		/*LINTED*/
1281 		rk_e[4] = GETU32(key + 16);
1282 		/*LINTED*/
1283 		rk_e[5] = GETU32(key + 20);
1284 #if _ALIGNMENT_REQUIRED
1285 	} else {
1286 		rk_e[4] = (((uint32_t)key[16] << 24) |
1287 		    ((uint32_t)key[17] << 16) |
1288 		    ((uint32_t)key[18] << 8) | (uint32_t)key[19]);
1289 		rk_e[5] = (((uint32_t)key[20] << 24) |
1290 		    ((uint32_t)key[21] << 16) |
1291 		    ((uint32_t)key[22] << 8) | (uint32_t)key[23]);
1292 	}
1293 #endif /* _ALIGNMENT_REQUIRED */
1294 
1295 	if (keybits == 192) {
1296 		for (;;) {
1297 			temp = rk_e[5];
1298 			rk_e[6] = rk_e[0] ^
1299 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1300 				(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1301 				(Te4[(temp) & 0xff] & 0x0000ff00) ^
1302 				(Te4[(temp >> 24)] & 0x000000ff) ^
1303 				rcon[i];
1304 			rk_e[7] = rk_e[1] ^ rk_e[6];
1305 			rk_e[8] = rk_e[2] ^ rk_e[7];
1306 			rk_e[9] = rk_e[3] ^ rk_e[8];
1307 			if (++i == 8) {
1308 				goto finish_keysched;
1309 			}
1310 			rk_e[10] = rk_e[4] ^ rk_e[9];
1311 			rk_e[11] = rk_e[5] ^ rk_e[10];
1312 			rk_e += 6;
1313 		}
1314 	}
1315 #if _ALIGNMENT_REQUIRED
1316 
1317 	if (IS_P2ALIGNED(key, sizeof (uint32_t))) {
1318 #endif /* _ALIGNMENT_REQUIRED */
1319 		/*LINTED*/
1320 		rk_e[6] = GETU32(key + 24);
1321 		/*LINTED*/
1322 		rk_e[7] = GETU32(key + 28);
1323 #if _ALIGNMENT_REQUIRED
1324 	} else {
1325 		rk_e[6] = (((uint32_t)key[24] << 24) |
1326 		    ((uint32_t)key[25] << 16) |
1327 		    ((uint32_t)key[26] << 8) | (uint32_t)key[27]);
1328 		rk_e[7] = (((uint32_t)key[28] << 24) |
1329 		    ((uint32_t)key[29] << 16) |
1330 		    ((uint32_t)key[30] << 8) | (uint32_t)key[31]);
1331 	}
1332 #endif /* _ALIGNMENT_REQUIRED */
1333 	if (keybits == 256) {
1334 		for (;;) {
1335 			temp = rk_e[7];
1336 			rk_e[8] = rk_e[0] ^
1337 				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1338 				(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1339 				(Te4[(temp) & 0xff] & 0x0000ff00) ^
1340 				(Te4[(temp >> 24)] & 0x000000ff) ^
1341 				rcon[i];
1342 			rk_e[9] = rk_e[1] ^ rk_e[8];
1343 			rk_e[10] = rk_e[2] ^ rk_e[9];
1344 			rk_e[11] = rk_e[3] ^ rk_e[10];
1345 			if (++i == 7) {
1346 				goto finish_keysched;
1347 			}
1348 			temp = rk_e[11];
1349 			rk_e[12] = rk_e[4] ^
1350 				(Te4[(temp >> 24)] & 0xff000000) ^
1351 				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
1352 				(Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
1353 				(Te4[(temp) & 0xff] & 0x000000ff);
1354 			rk_e[13] = rk_e[5] ^ rk_e[12];
1355 			rk_e[14] = rk_e[6] ^ rk_e[13];
1356 			rk_e[15] = rk_e[7] ^ rk_e[14];
1357 
1358 			rk_e += 8;
1359 		}
1360 	}
1361 
1362 finish_keysched:
1363 	rk_e =	ks->rk_e;
1364 
1365 	/* invert the order of the round keys: */
1366 	for (i = 0, j = 4*Nr; i <= j; i += 4, j -= 4) {
1367 		rk_d[i] = rk_e[j]; rk_d[j] = rk_e[i];
1368 		rk_d[i + 1] = rk_e[j + 1]; rk_d[j + 1] = rk_e[i + 1];
1369 		rk_d[i + 2] = rk_e[j + 2]; rk_d[j + 2] = rk_e[i + 2];
1370 		rk_d[i + 3] = rk_e[j + 3]; rk_d[j + 3] = rk_e[i + 3];
1371 	}
1372 
1373 	/*
1374 	 * apply the inverse MixColumn transform to all round keys
1375 	 * but the first and the last:
1376 	 */
1377 	for (i = 1; i < Nr; i++) {
1378 		rk_d += 4;
1379 		rk_d[0] =
1380 			Td0[Te4[(rk_d[0] >> 24)] & 0xff] ^
1381 			Td1[Te4[(rk_d[0] >> 16) & 0xff] & 0xff] ^
1382 			Td2[Te4[(rk_d[0] >> 8) & 0xff] & 0xff] ^
1383 			Td3[Te4[(rk_d[0]) & 0xff] & 0xff];
1384 		rk_d[1] =
1385 			Td0[Te4[(rk_d[1] >> 24)] & 0xff] ^
1386 			Td1[Te4[(rk_d[1] >> 16) & 0xff] & 0xff] ^
1387 			Td2[Te4[(rk_d[1] >> 8) & 0xff] & 0xff] ^
1388 			Td3[Te4[(rk_d[1]) & 0xff] & 0xff];
1389 		rk_d[2] =
1390 			Td0[Te4[(rk_d[2] >> 24)] & 0xff] ^
1391 			Td1[Te4[(rk_d[2] >> 16) & 0xff] & 0xff] ^
1392 			Td2[Te4[(rk_d[2] >> 8) & 0xff] & 0xff] ^
1393 			Td3[Te4[(rk_d[2]) & 0xff] & 0xff];
1394 		rk_d[3] =
1395 			Td0[Te4[(rk_d[3] >> 24)] & 0xff] ^
1396 			Td1[Te4[(rk_d[3] >> 16) & 0xff] & 0xff] ^
1397 			Td2[Te4[(rk_d[3] >> 8) & 0xff] & 0xff] ^
1398 			Td3[Te4[(rk_d[3]) & 0xff] & 0xff];
1399 	}
1400 }
1401