1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/systm.h> 28 #include <sys/sysmacros.h> 29 #include <netinet/in.h> 30 #include "aes_impl.h" 31 #ifndef _KERNEL 32 #include <strings.h> 33 #include <stdlib.h> 34 #endif /* !_KERNEL */ 35 36 #ifdef __amd64 37 38 #ifdef _KERNEL 39 #include <sys/cpuvar.h> /* cpu_t, CPU */ 40 #include <sys/x86_archext.h> /* x86_feature, X86_AES */ 41 #include <sys/disp.h> /* kpreempt_disable(), kpreempt_enable */ 42 43 /* Workaround for no XMM kernel thread save/restore */ 44 #define KPREEMPT_DISABLE kpreempt_disable() 45 #define KPREEMPT_ENABLE kpreempt_enable() 46 47 #else 48 #include <sys/auxv.h> /* getisax() */ 49 #include <sys/auxv_386.h> /* AV_386_AES bit */ 50 #define KPREEMPT_DISABLE 51 #define KPREEMPT_ENABLE 52 #endif /* _KERNEL */ 53 #endif /* __amd64 */ 54 55 56 /* 57 * This file is derived from the file rijndael-alg-fst.c taken from the 58 * "optimized C code v3.0" on the "rijndael home page" 59 * http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/ 60 * pointed by the NIST web-site http://csrc.nist.gov/archive/aes/ 61 * 62 * The following note is from the original file: 63 */ 64 65 /* 66 * rijndael-alg-fst.c 67 * 68 * @version 3.0 (December 2000) 69 * 70 * Optimised ANSI C code for the Rijndael cipher (now AES) 71 * 72 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> 73 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> 74 * @author Paulo Barreto <paulo.barreto@terra.com.br> 75 * 76 * This code is hereby placed in the public domain. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 79 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 80 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 82 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 83 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 84 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 85 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 86 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 87 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 88 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 89 */ 90 91 /* EXPORT DELETE START */ 92 93 #if defined(sun4u) 94 /* External assembly functions: */ 95 extern void aes_encrypt_impl(const uint32_t rk[], int Nr, const uint32_t pt[4], 96 uint32_t ct[4]); 97 extern void aes_decrypt_impl(const uint32_t rk[], int Nr, const uint32_t ct[4], 98 uint32_t pt[4]); 99 100 #define AES_ENCRYPT_IMPL(a, b, c, d, e) aes_encrypt_impl(a, b, c, d) 101 #define AES_DECRYPT_IMPL(a, b, c, d, e) aes_decrypt_impl(a, b, c, d) 102 103 #elif defined(__amd64) 104 105 /* These functions are used to execute amd64 instructions for AMD or Intel: */ 106 extern int rijndael_key_setup_enc_amd64(uint32_t rk[], 107 const uint32_t cipherKey[], int keyBits); 108 extern int rijndael_key_setup_dec_amd64(uint32_t rk[], 109 const uint32_t cipherKey[], int keyBits); 110 extern void aes_encrypt_amd64(const uint32_t rk[], int Nr, 111 const uint32_t pt[4], uint32_t ct[4]); 112 extern void aes_decrypt_amd64(const uint32_t rk[], int Nr, 113 const uint32_t ct[4], uint32_t pt[4]); 114 115 /* These functions are used to execute Intel-specific AES-NI instructions: */ 116 extern int rijndael_key_setup_enc_intel(uint32_t rk[], 117 const uint32_t cipherKey[], uint64_t keyBits); 118 extern int rijndael_key_setup_dec_intel(uint32_t rk[], 119 const uint32_t cipherKey[], uint64_t keyBits); 120 extern void aes_encrypt_intel(const uint32_t rk[], int Nr, 121 const uint32_t pt[4], uint32_t ct[4]); 122 extern void aes_decrypt_intel(const uint32_t rk[], int Nr, 123 const uint32_t ct[4], uint32_t pt[4]); 124 125 static int intel_aes_instructions_present(void); 126 127 #define AES_ENCRYPT_IMPL(a, b, c, d, e) rijndael_encrypt(a, b, c, d, e) 128 #define AES_DECRYPT_IMPL(a, b, c, d, e) rijndael_decrypt(a, b, c, d, e) 129 130 #else /* Generic C implementation */ 131 132 #define AES_ENCRYPT_IMPL(a, b, c, d, e) rijndael_encrypt(a, b, c, d) 133 #define AES_DECRYPT_IMPL(a, b, c, d, e) rijndael_decrypt(a, b, c, d) 134 #define rijndael_key_setup_enc_raw rijndael_key_setup_enc 135 #endif /* sun4u || __amd64 */ 136 137 #if defined(_LITTLE_ENDIAN) && !defined(__amd64) 138 #define AES_BYTE_SWAP 139 #endif 140 141 142 #if !defined(__amd64) 143 /* 144 * Constant tables 145 */ 146 147 /* 148 * Te0[x] = S [x].[02, 01, 01, 03]; 149 * Te1[x] = S [x].[03, 02, 01, 01]; 150 * Te2[x] = S [x].[01, 03, 02, 01]; 151 * Te3[x] = S [x].[01, 01, 03, 02]; 152 * Te4[x] = S [x].[01, 01, 01, 01]; 153 * 154 * Td0[x] = Si[x].[0e, 09, 0d, 0b]; 155 * Td1[x] = Si[x].[0b, 0e, 09, 0d]; 156 * Td2[x] = Si[x].[0d, 0b, 0e, 09]; 157 * Td3[x] = Si[x].[09, 0d, 0b, 0e]; 158 * Td4[x] = Si[x].[01, 01, 01, 01]; 159 */ 160 161 /* Encrypt Sbox constants (for the substitute bytes operation) */ 162 163 #ifndef sun4u 164 165 static const uint32_t Te0[256] = 166 { 167 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 168 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 169 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 170 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 171 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 172 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 173 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 174 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 175 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 176 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 177 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 178 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 179 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 180 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 181 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 182 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 183 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 184 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 185 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 186 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 187 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 188 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 189 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 190 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 191 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 192 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 193 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 194 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 195 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 196 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 197 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 198 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 199 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 200 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 201 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 202 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 203 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 204 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 205 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 206 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 207 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 208 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 209 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 210 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 211 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 212 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 213 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 214 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 215 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 216 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 217 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 218 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 219 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 220 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 221 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 222 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 223 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 224 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 225 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 226 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 227 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 228 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 229 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 230 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU 231 }; 232 233 234 static const uint32_t Te1[256] = 235 { 236 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, 237 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, 238 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, 239 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, 240 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, 241 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, 242 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, 243 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, 244 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, 245 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, 246 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, 247 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, 248 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, 249 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, 250 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, 251 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, 252 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, 253 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, 254 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, 255 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, 256 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, 257 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, 258 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, 259 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, 260 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, 261 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, 262 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, 263 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, 264 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, 265 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, 266 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, 267 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, 268 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, 269 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, 270 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, 271 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, 272 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, 273 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, 274 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, 275 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, 276 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, 277 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, 278 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, 279 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, 280 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, 281 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, 282 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, 283 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, 284 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, 285 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, 286 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, 287 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, 288 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, 289 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, 290 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, 291 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, 292 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, 293 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, 294 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, 295 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, 296 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, 297 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, 298 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, 299 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U 300 }; 301 302 303 static const uint32_t Te2[256] = 304 { 305 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, 306 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, 307 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, 308 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, 309 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, 310 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, 311 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, 312 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, 313 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, 314 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, 315 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, 316 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, 317 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, 318 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, 319 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, 320 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, 321 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, 322 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, 323 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, 324 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, 325 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, 326 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, 327 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, 328 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, 329 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, 330 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, 331 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, 332 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, 333 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, 334 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, 335 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, 336 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, 337 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, 338 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, 339 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, 340 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, 341 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, 342 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, 343 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, 344 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, 345 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, 346 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, 347 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, 348 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, 349 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, 350 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, 351 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, 352 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, 353 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, 354 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, 355 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, 356 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, 357 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, 358 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, 359 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, 360 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, 361 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, 362 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, 363 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, 364 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, 365 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, 366 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, 367 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, 368 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U 369 }; 370 371 372 static const uint32_t Te3[256] = 373 { 374 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 375 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 376 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, 377 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, 378 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, 379 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, 380 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, 381 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, 382 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, 383 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, 384 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, 385 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, 386 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, 387 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, 388 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, 389 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, 390 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, 391 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, 392 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, 393 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, 394 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, 395 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, 396 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, 397 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, 398 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, 399 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, 400 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, 401 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, 402 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, 403 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, 404 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, 405 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, 406 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, 407 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, 408 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, 409 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, 410 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, 411 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, 412 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, 413 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, 414 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, 415 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, 416 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, 417 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, 418 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, 419 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, 420 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, 421 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, 422 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, 423 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, 424 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, 425 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, 426 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, 427 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, 428 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, 429 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, 430 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, 431 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, 432 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, 433 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, 434 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, 435 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, 436 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 437 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU 438 }; 439 440 #endif /* !sun4u */ 441 442 static const uint32_t Te4[256] = 443 { 444 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, 445 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, 446 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, 447 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, 448 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, 449 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, 450 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, 451 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, 452 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, 453 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, 454 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, 455 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, 456 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, 457 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, 458 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, 459 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, 460 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, 461 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, 462 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, 463 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, 464 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, 465 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, 466 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, 467 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, 468 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, 469 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, 470 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, 471 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, 472 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, 473 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, 474 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, 475 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, 476 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, 477 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, 478 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, 479 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, 480 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, 481 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, 482 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, 483 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, 484 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, 485 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, 486 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, 487 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, 488 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, 489 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, 490 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, 491 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, 492 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, 493 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, 494 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, 495 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, 496 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, 497 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, 498 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, 499 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, 500 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, 501 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, 502 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, 503 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, 504 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, 505 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, 506 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, 507 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U 508 }; 509 510 /* Decrypt Sbox constants (for the substitute bytes operation) */ 511 512 static const uint32_t Td0[256] = 513 { 514 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 515 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 516 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 517 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 518 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 519 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 520 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 521 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 522 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 523 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 524 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 525 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 526 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 527 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 528 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 529 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 530 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 531 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 532 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 533 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 534 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 535 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 536 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 537 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 538 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 539 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 540 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 541 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 542 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 543 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 544 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 545 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 546 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 547 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 548 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 549 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 550 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 551 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 552 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 553 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 554 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 555 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 556 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 557 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 558 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 559 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 560 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 561 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 562 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 563 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 564 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 565 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 566 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 567 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 568 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 569 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 570 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 571 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 572 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 573 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 574 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 575 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 576 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 577 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U 578 }; 579 580 static const uint32_t Td1[256] = 581 { 582 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, 583 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, 584 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, 585 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, 586 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, 587 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, 588 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, 589 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, 590 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, 591 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, 592 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, 593 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, 594 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, 595 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, 596 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, 597 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, 598 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, 599 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, 600 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, 601 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, 602 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, 603 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, 604 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, 605 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, 606 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, 607 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, 608 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, 609 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, 610 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, 611 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, 612 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, 613 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, 614 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, 615 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, 616 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, 617 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, 618 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, 619 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, 620 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, 621 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, 622 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, 623 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, 624 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, 625 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, 626 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, 627 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, 628 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, 629 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, 630 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, 631 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, 632 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, 633 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, 634 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, 635 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, 636 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, 637 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, 638 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, 639 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, 640 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, 641 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, 642 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, 643 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, 644 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, 645 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U 646 }; 647 648 static const uint32_t Td2[256] = 649 { 650 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, 651 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, 652 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, 653 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, 654 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, 655 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, 656 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, 657 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, 658 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, 659 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, 660 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, 661 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, 662 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, 663 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, 664 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, 665 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, 666 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, 667 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, 668 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, 669 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, 670 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, 671 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, 672 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, 673 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, 674 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, 675 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, 676 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, 677 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, 678 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, 679 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, 680 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, 681 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, 682 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, 683 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, 684 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, 685 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, 686 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, 687 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, 688 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, 689 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, 690 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, 691 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, 692 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, 693 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, 694 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, 695 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, 696 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, 697 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, 698 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, 699 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, 700 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, 701 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, 702 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, 703 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, 704 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, 705 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, 706 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, 707 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, 708 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, 709 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, 710 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, 711 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, 712 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, 713 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U 714 }; 715 716 static const uint32_t Td3[256] = 717 { 718 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, 719 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, 720 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, 721 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, 722 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, 723 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, 724 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, 725 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, 726 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, 727 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, 728 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, 729 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, 730 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, 731 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, 732 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, 733 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, 734 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, 735 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, 736 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, 737 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, 738 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, 739 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, 740 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, 741 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, 742 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, 743 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, 744 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, 745 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, 746 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, 747 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, 748 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, 749 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, 750 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, 751 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, 752 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, 753 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, 754 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, 755 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, 756 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, 757 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, 758 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, 759 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, 760 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, 761 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, 762 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, 763 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, 764 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, 765 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, 766 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, 767 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, 768 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, 769 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, 770 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, 771 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, 772 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, 773 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, 774 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, 775 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, 776 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, 777 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, 778 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, 779 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, 780 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, 781 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U 782 }; 783 784 #ifndef sun4u 785 786 static const uint32_t Td4[256] = 787 { 788 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, 789 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, 790 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, 791 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, 792 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, 793 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, 794 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, 795 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, 796 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, 797 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, 798 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, 799 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, 800 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, 801 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, 802 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, 803 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, 804 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, 805 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, 806 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, 807 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, 808 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, 809 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, 810 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, 811 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, 812 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, 813 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, 814 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, 815 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, 816 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, 817 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, 818 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, 819 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, 820 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, 821 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, 822 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, 823 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, 824 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, 825 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, 826 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, 827 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, 828 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, 829 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, 830 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, 831 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, 832 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, 833 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, 834 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, 835 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, 836 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, 837 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, 838 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, 839 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, 840 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, 841 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, 842 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, 843 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, 844 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, 845 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, 846 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, 847 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, 848 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, 849 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, 850 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, 851 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU 852 }; 853 854 #endif /* !sun4u */ 855 856 /* Rcon is Round Constant; used for encryption key expansion */ 857 static const uint32_t rcon[RC_LENGTH] = 858 { 859 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 860 0x01000000, 0x02000000, 0x04000000, 0x08000000, 861 0x10000000, 0x20000000, 0x40000000, 0x80000000, 862 0x1B000000, 0x36000000 863 }; 864 865 866 /* 867 * Expand the cipher key into the encryption key schedule. 868 * 869 * Return the number of rounds for the given cipher key size. 870 * The size of the key schedule depends on the number of rounds 871 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 872 * 873 * Parameters: 874 * rk AES key schedule 32-bit array to be initialized 875 * cipherKey User key 876 * keyBits AES key size (128, 192, or 256 bits) 877 */ 878 static int 879 rijndael_key_setup_enc_raw(uint32_t rk[], const uint32_t cipherKey[], 880 int keyBits) 881 { 882 int i = 0; 883 uint32_t temp; 884 885 rk[0] = cipherKey[0]; 886 rk[1] = cipherKey[1]; 887 rk[2] = cipherKey[2]; 888 rk[3] = cipherKey[3]; 889 890 if (keyBits == 128) { 891 for (;;) { 892 temp = rk[3]; 893 rk[4] = rk[0] ^ 894 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 895 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 896 (Te4[temp & 0xff] & 0x0000ff00) ^ 897 (Te4[temp >> 24] & 0x000000ff) ^ 898 rcon[i]; 899 rk[5] = rk[1] ^ rk[4]; 900 rk[6] = rk[2] ^ rk[5]; 901 rk[7] = rk[3] ^ rk[6]; 902 903 if (++i == 10) { 904 return (10); 905 } 906 rk += 4; 907 } 908 } 909 910 rk[4] = cipherKey[4]; 911 rk[5] = cipherKey[5]; 912 913 if (keyBits == 192) { 914 for (;;) { 915 temp = rk[5]; 916 rk[6] = rk[0] ^ 917 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 918 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 919 (Te4[temp & 0xff] & 0x0000ff00) ^ 920 (Te4[temp >> 24] & 0x000000ff) ^ 921 rcon[i]; 922 rk[7] = rk[1] ^ rk[6]; 923 rk[8] = rk[2] ^ rk[7]; 924 rk[9] = rk[3] ^ rk[8]; 925 926 if (++i == 8) { 927 return (12); 928 } 929 930 rk[10] = rk[4] ^ rk[9]; 931 rk[11] = rk[5] ^ rk[10]; 932 rk += 6; 933 } 934 } 935 936 rk[6] = cipherKey[6]; 937 rk[7] = cipherKey[7]; 938 939 if (keyBits == 256) { 940 for (;;) { 941 temp = rk[7]; 942 rk[8] = rk[0] ^ 943 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 944 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 945 (Te4[temp & 0xff] & 0x0000ff00) ^ 946 (Te4[temp >> 24] & 0x000000ff) ^ 947 rcon[i]; 948 rk[9] = rk[1] ^ rk[8]; 949 rk[10] = rk[2] ^ rk[9]; 950 rk[11] = rk[3] ^ rk[10]; 951 952 if (++i == 7) { 953 return (14); 954 } 955 temp = rk[11]; 956 rk[12] = rk[4] ^ 957 (Te4[temp >> 24] & 0xff000000) ^ 958 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ 959 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ 960 (Te4[temp & 0xff] & 0x000000ff); 961 rk[13] = rk[5] ^ rk[12]; 962 rk[14] = rk[6] ^ rk[13]; 963 rk[15] = rk[7] ^ rk[14]; 964 965 rk += 8; 966 } 967 } 968 969 return (0); 970 } 971 #endif /* !__amd64 */ 972 973 974 #ifdef sun4u 975 976 /* 977 * Expand the cipher key into the encryption key schedule. 978 * by the sun4u optimized assembly implementation. 979 * 980 * Return the number of rounds for the given cipher key size. 981 * The size of the key schedule depends on the number of rounds 982 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 983 * 984 * Parameters: 985 * rk AES key schedule 64-bit array to be initialized 986 * cipherKey User key 987 * keyBits AES key size (128, 192, or 256 bits) 988 */ 989 static int 990 rijndael_key_setup_enc(uint64_t rk[], const uint32_t cipherKey[], int keyBits) 991 { 992 uint32_t rk1[4 * (MAX_AES_NR + 1)]; 993 uint64_t *rk64 = (uint64_t *)rk; 994 uint32_t *rkt; 995 uint64_t t; 996 int i, Nr; 997 998 Nr = rijndael_key_setup_enc_raw(rk1, cipherKey, keyBits); 999 1000 for (i = 0; i < 4 * Nr; i++) { 1001 t = (uint64_t)(rk1[i]); 1002 rk64[i] = ((t & 0xff000000) << 11) | 1003 ((t & 0xff0000) << 8) | 1004 ((t & 0xffff) << 3); 1005 } 1006 1007 rkt = (uint32_t *)(&(rk64[4 * Nr])); 1008 1009 for (i = 0; i < 4; i++) { 1010 rkt[i] = rk1[4 * Nr+i]; 1011 } 1012 1013 return (Nr); 1014 } 1015 1016 1017 /* 1018 * Expand the cipher key into the decryption key schedule as used 1019 * by the sun4u optimized assembly implementation. 1020 * 1021 * Return the number of rounds for the given cipher key size. 1022 * The size of the key schedule depends on the number of rounds 1023 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1024 * 1025 * Parameters: 1026 * rk AES key schedule 32-bit array to be initialized 1027 * cipherKey User key 1028 * keyBits AES key size (128, 192, or 256 bits) 1029 */ 1030 static int 1031 rijndael_key_setup_dec_raw(uint32_t rk[], const uint32_t cipherKey[], 1032 int keyBits) 1033 { 1034 int Nr, i; 1035 uint32_t temp; 1036 1037 /* expand the cipher key: */ 1038 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits); 1039 1040 /* invert the order of the round keys: */ 1041 1042 for (i = 0; i < 2 * Nr + 2; i++) { 1043 temp = rk[i]; 1044 rk[i] = rk[4 * Nr - i + 3]; 1045 rk[4 * Nr - i + 3] = temp; 1046 } 1047 1048 /* 1049 * apply the inverse MixColumn transform to all 1050 * round keys but the first and the last: 1051 */ 1052 for (i = 1; i < Nr; i++) { 1053 rk += 4; 1054 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^ 1055 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ 1056 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ 1057 Td3[Te4[rk[0] & 0xff] & 0xff]; 1058 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^ 1059 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ 1060 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ 1061 Td3[Te4[rk[1] & 0xff] & 0xff]; 1062 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^ 1063 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ 1064 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ 1065 Td3[Te4[rk[2] & 0xff] & 0xff]; 1066 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^ 1067 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ 1068 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ 1069 Td3[Te4[rk[3] & 0xff] & 0xff]; 1070 } 1071 1072 return (Nr); 1073 } 1074 1075 1076 /* 1077 * The size of the key schedule depends on the number of rounds 1078 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1079 * 1080 * Parameters: 1081 * rk AES key schedule 64-bit array to be initialized 1082 * cipherKey User key 1083 * keyBits AES key size (128, 192, or 256 bits) 1084 */ 1085 static int 1086 rijndael_key_setup_dec(uint64_t rk[], const uint32_t cipherKey[], int keyBits) 1087 { 1088 uint32_t rk1[4 * (MAX_AES_NR + 1)]; 1089 uint64_t *rk64 = (uint64_t *)rk; 1090 uint32_t *rkt; 1091 uint64_t t; 1092 int i, Nr; 1093 1094 Nr = rijndael_key_setup_dec_raw(rk1, cipherKey, keyBits); 1095 for (i = 0; i < 4 * Nr; i++) { 1096 t = (uint64_t)(rk1[i]); 1097 rk64[i] = ((t & 0xff000000) << 11) | 1098 ((t & 0xff0000) << 8) | 1099 ((t & 0xffff) << 3); 1100 } 1101 1102 rkt = (uint32_t *)(&(rk64[4 * Nr])); 1103 1104 for (i = 0; i < 4; i++) { 1105 rkt[i] = rk1[4 * Nr + i]; 1106 } 1107 1108 return (Nr); 1109 } 1110 1111 1112 /* 1113 * Expand the 64-bit AES cipher key array into the encryption and decryption 1114 * key schedules. 1115 * 1116 * Parameters: 1117 * key AES key schedule to be initialized 1118 * keyarr32 User key 1119 * keyBits AES key size (128, 192, or 256 bits) 1120 */ 1121 static void 1122 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits) 1123 { 1124 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks64[0]), keyarr32, 1125 keybits); 1126 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks64[0]), keyarr32, 1127 keybits); 1128 key->type = AES_64BIT_KS; 1129 } 1130 1131 1132 #elif defined(__amd64) 1133 1134 /* 1135 * Expand the 32-bit AES cipher key array into the encryption and decryption 1136 * key schedules. 1137 * 1138 * Parameters: 1139 * key AES key schedule to be initialized 1140 * keyarr32 User key 1141 * keyBits AES key size (128, 192, or 256 bits) 1142 */ 1143 static void 1144 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits) 1145 { 1146 if (intel_aes_instructions_present()) { 1147 key->flags = INTEL_AES_NI_CAPABLE; 1148 KPREEMPT_DISABLE; 1149 key->nr = rijndael_key_setup_enc_intel(&(key->encr_ks.ks32[0]), 1150 keyarr32, keybits); 1151 key->nr = rijndael_key_setup_dec_intel(&(key->decr_ks.ks32[0]), 1152 keyarr32, keybits); 1153 KPREEMPT_ENABLE; 1154 } else { 1155 key->flags = 0; 1156 key->nr = rijndael_key_setup_enc_amd64(&(key->encr_ks.ks32[0]), 1157 keyarr32, keybits); 1158 key->nr = rijndael_key_setup_dec_amd64(&(key->decr_ks.ks32[0]), 1159 keyarr32, keybits); 1160 } 1161 1162 key->type = AES_32BIT_KS; 1163 } 1164 1165 /* 1166 * Encrypt one block of data. The block is assumed to be an array 1167 * of four uint32_t values, so copy for alignment (and byte-order 1168 * reversal for little endian systems might be necessary on the 1169 * input and output byte streams. 1170 * The size of the key schedule depends on the number of rounds 1171 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1172 * 1173 * Parameters: 1174 * rk Key schedule, of aes_ks_t (60 32-bit integers) 1175 * Nr Number of rounds 1176 * pt Input block (plain text) 1177 * ct Output block (crypto text). Can overlap with pt 1178 * flags Indicates whether we're on Intel AES-NI-capable hardware 1179 */ 1180 static void 1181 rijndael_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4], 1182 uint32_t ct[4], int flags) { 1183 if (flags & INTEL_AES_NI_CAPABLE) { 1184 KPREEMPT_DISABLE; 1185 aes_encrypt_intel(rk, Nr, pt, ct); 1186 KPREEMPT_ENABLE; 1187 } else { 1188 aes_encrypt_amd64(rk, Nr, pt, ct); 1189 } 1190 } 1191 1192 /* 1193 * Decrypt one block of data. The block is assumed to be an array 1194 * of four uint32_t values, so copy for alignment (and byte-order 1195 * reversal for little endian systems might be necessary on the 1196 * input and output byte streams. 1197 * The size of the key schedule depends on the number of rounds 1198 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1199 * 1200 * Parameters: 1201 * rk Key schedule, of aes_ks_t (60 32-bit integers) 1202 * Nr Number of rounds 1203 * ct Input block (crypto text) 1204 * pt Output block (plain text). Can overlap with pt 1205 * flags Indicates whether we're on Intel AES-NI-capable hardware 1206 */ 1207 static void 1208 rijndael_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4], 1209 uint32_t pt[4], int flags) { 1210 if (flags & INTEL_AES_NI_CAPABLE) { 1211 KPREEMPT_DISABLE; 1212 aes_decrypt_intel(rk, Nr, ct, pt); 1213 KPREEMPT_ENABLE; 1214 } else { 1215 aes_decrypt_amd64(rk, Nr, ct, pt); 1216 } 1217 } 1218 1219 1220 #else /* generic C implementation */ 1221 1222 /* 1223 * Expand the cipher key into the decryption key schedule. 1224 * Return the number of rounds for the given cipher key size. 1225 * The size of the key schedule depends on the number of rounds 1226 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1227 * 1228 * Parameters: 1229 * rk AES key schedule 32-bit array to be initialized 1230 * cipherKey User key 1231 * keyBits AES key size (128, 192, or 256 bits) 1232 */ 1233 static int 1234 rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[], int keyBits) 1235 { 1236 int Nr, i, j; 1237 uint32_t temp; 1238 1239 /* expand the cipher key: */ 1240 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits); 1241 1242 /* invert the order of the round keys: */ 1243 for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4) { 1244 temp = rk[i]; 1245 rk[i] = rk[j]; 1246 rk[j] = temp; 1247 temp = rk[i + 1]; 1248 rk[i + 1] = rk[j + 1]; 1249 rk[j + 1] = temp; 1250 temp = rk[i + 2]; 1251 rk[i + 2] = rk[j + 2]; 1252 rk[j + 2] = temp; 1253 temp = rk[i + 3]; 1254 rk[i + 3] = rk[j + 3]; 1255 rk[j + 3] = temp; 1256 } 1257 1258 /* 1259 * apply the inverse MixColumn transform to all 1260 * round keys but the first and the last: 1261 */ 1262 for (i = 1; i < Nr; i++) { 1263 rk += 4; 1264 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^ 1265 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ 1266 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ 1267 Td3[Te4[rk[0] & 0xff] & 0xff]; 1268 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^ 1269 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ 1270 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ 1271 Td3[Te4[rk[1] & 0xff] & 0xff]; 1272 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^ 1273 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ 1274 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ 1275 Td3[Te4[rk[2] & 0xff] & 0xff]; 1276 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^ 1277 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ 1278 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ 1279 Td3[Te4[rk[3] & 0xff] & 0xff]; 1280 } 1281 1282 return (Nr); 1283 } 1284 1285 1286 /* 1287 * Expand the 32-bit AES cipher key array into the encryption and decryption 1288 * key schedules. 1289 * 1290 * Parameters: 1291 * key AES key schedule to be initialized 1292 * keyarr32 User key 1293 * keyBits AES key size (128, 192, or 256 bits) 1294 */ 1295 static void 1296 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits) 1297 { 1298 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks32[0]), keyarr32, 1299 keybits); 1300 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks32[0]), keyarr32, 1301 keybits); 1302 key->type = AES_32BIT_KS; 1303 } 1304 1305 1306 /* 1307 * Encrypt one block of data. The block is assumed to be an array 1308 * of four uint32_t values, so copy for alignment (and byte-order 1309 * reversal for little endian systems might be necessary on the 1310 * input and output byte streams. 1311 * The size of the key schedule depends on the number of rounds 1312 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1313 * 1314 * Parameters: 1315 * rk Key schedule, of aes_ks_t (60 32-bit integers) 1316 * Nr Number of rounds 1317 * pt Input block (plain text) 1318 * ct Output block (crypto text). Can overlap with pt 1319 */ 1320 static void 1321 rijndael_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4], 1322 uint32_t ct[4]) 1323 { 1324 uint32_t s0, s1, s2, s3, t0, t1, t2, t3; 1325 int r; 1326 1327 /* 1328 * map byte array block to cipher state 1329 * and add initial round key: 1330 */ 1331 1332 s0 = pt[0] ^ rk[0]; 1333 s1 = pt[1] ^ rk[1]; 1334 s2 = pt[2] ^ rk[2]; 1335 s3 = pt[3] ^ rk[3]; 1336 1337 /* 1338 * Nr - 1 full rounds: 1339 */ 1340 1341 r = Nr >> 1; 1342 1343 for (;;) { 1344 t0 = Te0[s0 >> 24] ^ 1345 Te1[(s1 >> 16) & 0xff] ^ 1346 Te2[(s2 >> 8) & 0xff] ^ 1347 Te3[s3 & 0xff] ^ 1348 rk[4]; 1349 1350 t1 = Te0[s1 >> 24] ^ 1351 Te1[(s2 >> 16) & 0xff] ^ 1352 Te2[(s3 >> 8) & 0xff] ^ 1353 Te3[s0 & 0xff] ^ 1354 rk[5]; 1355 1356 t2 = Te0[s2 >> 24] ^ 1357 Te1[(s3 >> 16) & 0xff] ^ 1358 Te2[(s0 >> 8) & 0xff] ^ 1359 Te3[s1 & 0xff] ^ 1360 rk[6]; 1361 1362 t3 = Te0[s3 >> 24] ^ 1363 Te1[(s0 >> 16) & 0xff] ^ 1364 Te2[(s1 >> 8) & 0xff] ^ 1365 Te3[s2 & 0xff] ^ 1366 rk[7]; 1367 1368 rk += 8; 1369 1370 if (--r == 0) { 1371 break; 1372 } 1373 1374 s0 = Te0[t0 >> 24] ^ 1375 Te1[(t1 >> 16) & 0xff] ^ 1376 Te2[(t2 >> 8) & 0xff] ^ 1377 Te3[t3 & 0xff] ^ 1378 rk[0]; 1379 1380 s1 = Te0[t1 >> 24] ^ 1381 Te1[(t2 >> 16) & 0xff] ^ 1382 Te2[(t3 >> 8) & 0xff] ^ 1383 Te3[t0 & 0xff] ^ 1384 rk[1]; 1385 1386 s2 = Te0[t2 >> 24] ^ 1387 Te1[(t3 >> 16) & 0xff] ^ 1388 Te2[(t0 >> 8) & 0xff] ^ 1389 Te3[t1 & 0xff] ^ 1390 rk[2]; 1391 1392 s3 = Te0[t3 >> 24] ^ 1393 Te1[(t0 >> 16) & 0xff] ^ 1394 Te2[(t1 >> 8) & 0xff] ^ 1395 Te3[t2 & 0xff] ^ 1396 rk[3]; 1397 } 1398 1399 /* 1400 * apply last round and 1401 * map cipher state to byte array block: 1402 */ 1403 1404 s0 = (Te4[(t0 >> 24)] & 0xff000000) ^ 1405 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1406 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1407 (Te4[t3 & 0xff] & 0x000000ff) ^ 1408 rk[0]; 1409 ct[0] = s0; 1410 1411 s1 = (Te4[(t1 >> 24)] & 0xff000000) ^ 1412 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1413 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1414 (Te4[t0 & 0xff] & 0x000000ff) ^ 1415 rk[1]; 1416 ct[1] = s1; 1417 1418 s2 = (Te4[(t2 >> 24)] & 0xff000000) ^ 1419 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1420 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1421 (Te4[t1 & 0xff] & 0x000000ff) ^ 1422 rk[2]; 1423 ct[2] = s2; 1424 1425 s3 = (Te4[(t3 >> 24)] & 0xff000000) ^ 1426 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1427 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1428 (Te4[t2 & 0xff] & 0x000000ff) ^ 1429 rk[3]; 1430 ct[3] = s3; 1431 } 1432 1433 1434 /* 1435 * Decrypt one block of data. The block is assumed to be an array 1436 * of four uint32_t values, so copy for alignment (and byte-order 1437 * reversal for little endian systems might be necessary on the 1438 * input and output byte streams. 1439 * The size of the key schedule depends on the number of rounds 1440 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1441 * 1442 * Parameters: 1443 * rk Key schedule, of aes_ks_t (60 32-bit integers) 1444 * Nr Number of rounds 1445 * ct Input block (crypto text) 1446 * pt Output block (plain text). Can overlap with pt 1447 */ 1448 static void 1449 rijndael_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4], 1450 uint32_t pt[4]) 1451 { 1452 uint32_t s0, s1, s2, s3, t0, t1, t2, t3; 1453 int r; 1454 1455 /* 1456 * map byte array block to cipher state 1457 * and add initial round key: 1458 */ 1459 s0 = ct[0] ^ rk[0]; 1460 s1 = ct[1] ^ rk[1]; 1461 s2 = ct[2] ^ rk[2]; 1462 s3 = ct[3] ^ rk[3]; 1463 1464 /* 1465 * Nr - 1 full rounds: 1466 */ 1467 1468 r = Nr >> 1; 1469 1470 for (;;) { 1471 t0 = Td0[s0 >> 24] ^ 1472 Td1[(s3 >> 16) & 0xff] ^ 1473 Td2[(s2 >> 8) & 0xff] ^ 1474 Td3[s1 & 0xff] ^ 1475 rk[4]; 1476 1477 t1 = Td0[s1 >> 24] ^ 1478 Td1[(s0 >> 16) & 0xff] ^ 1479 Td2[(s3 >> 8) & 0xff] ^ 1480 Td3[s2 & 0xff] ^ 1481 rk[5]; 1482 1483 t2 = Td0[s2 >> 24] ^ 1484 Td1[(s1 >> 16) & 0xff] ^ 1485 Td2[(s0 >> 8) & 0xff] ^ 1486 Td3[s3 & 0xff] ^ 1487 rk[6]; 1488 1489 t3 = Td0[s3 >> 24] ^ 1490 Td1[(s2 >> 16) & 0xff] ^ 1491 Td2[(s1 >> 8) & 0xff] ^ 1492 Td3[s0 & 0xff] ^ 1493 rk[7]; 1494 1495 rk += 8; 1496 1497 if (--r == 0) { 1498 break; 1499 } 1500 1501 s0 = Td0[t0 >> 24] ^ 1502 Td1[(t3 >> 16) & 0xff] ^ 1503 Td2[(t2 >> 8) & 0xff] ^ 1504 Td3[t1 & 0xff] ^ 1505 rk[0]; 1506 1507 s1 = Td0[t1 >> 24] ^ 1508 Td1[(t0 >> 16) & 0xff] ^ 1509 Td2[(t3 >> 8) & 0xff] ^ 1510 Td3[t2 & 0xff] ^ 1511 rk[1]; 1512 1513 s2 = Td0[t2 >> 24] ^ 1514 Td1[(t1 >> 16) & 0xff] ^ 1515 Td2[(t0 >> 8) & 0xff] ^ 1516 Td3[t3 & 0xff] ^ 1517 rk[2]; 1518 1519 s3 = Td0[t3 >> 24] ^ 1520 Td1[(t2 >> 16) & 0xff] ^ 1521 Td2[(t1 >> 8) & 0xff] ^ 1522 Td3[t0 & 0xff] ^ 1523 rk[3]; 1524 } 1525 1526 /* 1527 * apply last round and 1528 * map cipher state to byte array block: 1529 */ 1530 1531 s0 = (Td4[t0 >> 24] & 0xff000000) ^ 1532 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1533 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1534 (Td4[t1 & 0xff] & 0x000000ff) ^ 1535 rk[0]; 1536 pt[0] = s0; 1537 1538 s1 = (Td4[t1 >> 24] & 0xff000000) ^ 1539 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1540 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1541 (Td4[t2 & 0xff] & 0x000000ff) ^ 1542 rk[1]; 1543 pt[1] = s1; 1544 1545 s2 = (Td4[t2 >> 24] & 0xff000000) ^ 1546 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1547 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1548 (Td4[t3 & 0xff] & 0x000000ff) ^ 1549 rk[2]; 1550 pt[2] = s2; 1551 1552 s3 = (Td4[t3 >> 24] & 0xff000000) ^ 1553 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1554 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1555 (Td4[t0 & 0xff] & 0x000000ff) ^ 1556 rk[3]; 1557 pt[3] = s3; 1558 } 1559 #endif /* sun4u, __amd64 */ 1560 /* EXPORT DELETE END */ 1561 1562 1563 /* 1564 * Initialize AES encryption and decryption key schedules. 1565 * 1566 * Parameters: 1567 * cipherKey User key 1568 * keyBits AES key size (128, 192, or 256 bits) 1569 * keysched AES key schedule to be initialized, of type aes_key_t. 1570 * Allocated by aes_alloc_keysched(). 1571 */ 1572 void 1573 aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, void *keysched) 1574 { 1575 /* EXPORT DELETE START */ 1576 aes_key_t *newbie = keysched; 1577 uint_t keysize, i, j; 1578 union { 1579 uint64_t ka64[4]; 1580 uint32_t ka32[8]; 1581 } keyarr; 1582 1583 switch (keyBits) { 1584 case 128: 1585 newbie->nr = 10; 1586 break; 1587 1588 case 192: 1589 newbie->nr = 12; 1590 break; 1591 1592 case 256: 1593 newbie->nr = 14; 1594 break; 1595 1596 default: 1597 /* should never get here */ 1598 return; 1599 } 1600 keysize = CRYPTO_BITS2BYTES(keyBits); 1601 1602 /* 1603 * For _LITTLE_ENDIAN machines (except AMD64), reverse every 1604 * 4 bytes in the key. On _BIG_ENDIAN and AMD64, copy the key 1605 * without reversing bytes. 1606 * For AMD64, do not byte swap for aes_setupkeys(). 1607 * 1608 * SPARCv8/v9 uses a key schedule array with 64-bit elements. 1609 * X86/AMD64 uses a key schedule array with 32-bit elements. 1610 */ 1611 #ifndef AES_BYTE_SWAP 1612 if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) { 1613 for (i = 0, j = 0; j < keysize; i++, j += 8) { 1614 /* LINTED: pointer alignment */ 1615 keyarr.ka64[i] = *((uint64_t *)&cipherKey[j]); 1616 } 1617 } else { 1618 bcopy(cipherKey, keyarr.ka32, keysize); 1619 } 1620 1621 #else /* byte swap */ 1622 for (i = 0, j = 0; j < keysize; i++, j += 4) { 1623 keyarr.ka32[i] = htonl(*(uint32_t *)(void *)&cipherKey[j]); 1624 } 1625 #endif 1626 1627 aes_setupkeys(newbie, keyarr.ka32, keyBits); 1628 /* EXPORT DELETE END */ 1629 } 1630 1631 1632 /* 1633 * Encrypt one block using AES. 1634 * Align if needed and (for x86 32-bit only) byte-swap. 1635 * 1636 * Parameters: 1637 * ks Key schedule, of type aes_key_t 1638 * pt Input block (plain text) 1639 * ct Output block (crypto text). Can overlap with pt 1640 */ 1641 int 1642 aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct) 1643 { 1644 /* EXPORT DELETE START */ 1645 aes_key_t *ksch = (aes_key_t *)ks; 1646 1647 #ifndef AES_BYTE_SWAP 1648 if (IS_P2ALIGNED2(pt, ct, sizeof (uint32_t))) { 1649 /* LINTED: pointer alignment */ 1650 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr, 1651 /* LINTED: pointer alignment */ 1652 (uint32_t *)pt, (uint32_t *)ct, ksch->flags); 1653 } else { 1654 #endif 1655 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)]; 1656 1657 /* Copy input block into buffer */ 1658 #ifndef AES_BYTE_SWAP 1659 bcopy(pt, &buffer, AES_BLOCK_LEN); 1660 1661 #else /* byte swap */ 1662 buffer[0] = htonl(*(uint32_t *)(void *)&pt[0]); 1663 buffer[1] = htonl(*(uint32_t *)(void *)&pt[4]); 1664 buffer[2] = htonl(*(uint32_t *)(void *)&pt[8]); 1665 buffer[3] = htonl(*(uint32_t *)(void *)&pt[12]); 1666 #endif 1667 1668 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr, 1669 buffer, buffer, ksch->flags); 1670 1671 /* Copy result from buffer to output block */ 1672 #ifndef AES_BYTE_SWAP 1673 bcopy(&buffer, ct, AES_BLOCK_LEN); 1674 } 1675 1676 #else /* byte swap */ 1677 *(uint32_t *)(void *)&ct[0] = htonl(buffer[0]); 1678 *(uint32_t *)(void *)&ct[4] = htonl(buffer[1]); 1679 *(uint32_t *)(void *)&ct[8] = htonl(buffer[2]); 1680 *(uint32_t *)(void *)&ct[12] = htonl(buffer[3]); 1681 #endif 1682 /* EXPORT DELETE END */ 1683 return (CRYPTO_SUCCESS); 1684 } 1685 1686 1687 /* 1688 * Decrypt one block using AES. 1689 * Align and byte-swap if needed. 1690 * 1691 * Parameters: 1692 * ks Key schedule, of type aes_key_t 1693 * ct Input block (crypto text) 1694 * pt Output block (plain text). Can overlap with pt 1695 */ 1696 int 1697 aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt) 1698 { 1699 /* EXPORT DELETE START */ 1700 aes_key_t *ksch = (aes_key_t *)ks; 1701 1702 #ifndef AES_BYTE_SWAP 1703 if (IS_P2ALIGNED2(ct, pt, sizeof (uint32_t))) { 1704 /* LINTED: pointer alignment */ 1705 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr, 1706 /* LINTED: pointer alignment */ 1707 (uint32_t *)ct, (uint32_t *)pt, ksch->flags); 1708 } else { 1709 #endif 1710 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)]; 1711 1712 /* Copy input block into buffer */ 1713 #ifndef AES_BYTE_SWAP 1714 bcopy(ct, &buffer, AES_BLOCK_LEN); 1715 1716 #else /* byte swap */ 1717 buffer[0] = htonl(*(uint32_t *)(void *)&ct[0]); 1718 buffer[1] = htonl(*(uint32_t *)(void *)&ct[4]); 1719 buffer[2] = htonl(*(uint32_t *)(void *)&ct[8]); 1720 buffer[3] = htonl(*(uint32_t *)(void *)&ct[12]); 1721 #endif 1722 1723 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr, 1724 buffer, buffer, ksch->flags); 1725 1726 /* Copy result from buffer to output block */ 1727 #ifndef AES_BYTE_SWAP 1728 bcopy(&buffer, pt, AES_BLOCK_LEN); 1729 } 1730 1731 #else /* byte swap */ 1732 *(uint32_t *)(void *)&pt[0] = htonl(buffer[0]); 1733 *(uint32_t *)(void *)&pt[4] = htonl(buffer[1]); 1734 *(uint32_t *)(void *)&pt[8] = htonl(buffer[2]); 1735 *(uint32_t *)(void *)&pt[12] = htonl(buffer[3]); 1736 #endif 1737 1738 /* EXPORT DELETE END */ 1739 return (CRYPTO_SUCCESS); 1740 } 1741 1742 1743 /* 1744 * Allocate key schedule for AES. 1745 * 1746 * Return the pointer and set size to the number of bytes allocated. 1747 * Memory allocated must be freed by the caller when done. 1748 * 1749 * Parameters: 1750 * size Size of key schedule allocated, in bytes 1751 * kmflag Flag passed to kmem_alloc(9F); ignored in userland. 1752 */ 1753 /* ARGSUSED */ 1754 void * 1755 aes_alloc_keysched(size_t *size, int kmflag) 1756 { 1757 /* EXPORT DELETE START */ 1758 aes_key_t *keysched; 1759 1760 #ifdef _KERNEL 1761 keysched = (aes_key_t *)kmem_alloc(sizeof (aes_key_t), kmflag); 1762 #else /* !_KERNEL */ 1763 keysched = (aes_key_t *)malloc(sizeof (aes_key_t)); 1764 #endif /* _KERNEL */ 1765 1766 if (keysched != NULL) { 1767 *size = sizeof (aes_key_t); 1768 return (keysched); 1769 } 1770 /* EXPORT DELETE END */ 1771 return (NULL); 1772 } 1773 1774 1775 #ifdef __amd64 1776 /* 1777 * Return 1 if executing on Intel with AES-NI instructions, 1778 * otherwise 0 (i.e., Intel without AES-NI or AMD64). 1779 * Cache the result, as the CPU can't change. 1780 * 1781 * Note: the userland version uses getisax(). The kernel version uses 1782 * global variable x86_feature. 1783 */ 1784 static int 1785 intel_aes_instructions_present(void) 1786 { 1787 static int cached_result = -1; 1788 1789 if (cached_result == -1) { /* first time */ 1790 #ifdef _KERNEL 1791 cached_result = (x86_feature & X86_AES) != 0; 1792 #else 1793 uint_t ui = 0; 1794 1795 (void) getisax(&ui, 1); 1796 cached_result = (ui & AV_386_AES) != 0; 1797 #endif /* _KERNEL */ 1798 } 1799 1800 return (cached_result); 1801 } 1802 #endif /* __amd64 */ 1803