xref: /titanic_41/usr/src/common/crypto/aes/aes_impl.c (revision fa9e4066f08beec538e775443c5be79dd423fcab) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/types.h>
28 #include <sys/systm.h>
29 #include <sys/ddi.h>
30 #include <sys/sysmacros.h>
31 #include <sys/strsun.h>
32 #include <netinet/in.h>
33 #include "aes_impl.h"
34 #ifndef	_KERNEL
35 #include <strings.h>
36 #include <stdlib.h>
37 #endif	/* !_KERNEL */
38 
39 #pragma ident	"%Z%%M%	%I%	%E% SMI"
40 
41 /*
42  * This file is derived from the file  rijndael-alg-fst.c  taken from the
43  * "optimized C code v3.0" on the "rijndael home page"
44  * (http://www.esat.kuleuven.ac.be/~rijmen/rijndael/)
45  * pointed by the NIST web-site (http://nist.gov)
46  *
47  * The following note is from the original file:
48  */
49 
50 /*
51  * rijndael-alg-fst.c
52  *
53  * @version 3.0 (December 2000)
54  *
55  * Optimised ANSI C code for the Rijndael cipher (now AES)
56  *
57  * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
58  * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
59  * @author Paulo Barreto <paulo.barreto@terra.com.br>
60  *
61  * This code is hereby placed in the public domain.
62  *
63  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
64  * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
65  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
66  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
67  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
68  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
69  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
70  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
71  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
72  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
73  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
74  */
75 
76 /* EXPORT DELETE START */
77 
78 #ifndef _RIJNDAEL_TBL_H
79 #define	_RIJNDAEL_TBL_H
80 
81 /*
82  *  Constant tables
83  */
84 
85 /*
86  * Te0[x] = S [x].[02, 01, 01, 03];
87  * Te1[x] = S [x].[03, 02, 01, 01];
88  * Te2[x] = S [x].[01, 03, 02, 01];
89  * Te3[x] = S [x].[01, 01, 03, 02];
90  * Te4[x] = S [x].[01, 01, 01, 01];
91  *
92  * Td0[x] = Si[x].[0e, 09, 0d, 0b];
93  * Td1[x] = Si[x].[0b, 0e, 09, 0d];
94  * Td2[x] = Si[x].[0d, 0b, 0e, 09];
95  * Td3[x] = Si[x].[09, 0d, 0b, 0e];
96  * Td4[x] = Si[x].[01, 01, 01, 01];
97  */
98 
99 
100 static const uint32_t Te0[256] =
101 {
102 	0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
103 	0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
104 	0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
105 	0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
106 	0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
107 	0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
108 	0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
109 	0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
110 	0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
111 	0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
112 	0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
113 	0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
114 	0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
115 	0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
116 	0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
117 	0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
118 	0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
119 	0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
120 	0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
121 	0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
122 	0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
123 	0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
124 	0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
125 	0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
126 	0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
127 	0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
128 	0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
129 	0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
130 	0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
131 	0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
132 	0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
133 	0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
134 	0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
135 	0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
136 	0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
137 	0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
138 	0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
139 	0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
140 	0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
141 	0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
142 	0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
143 	0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
144 	0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
145 	0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
146 	0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
147 	0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
148 	0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
149 	0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
150 	0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
151 	0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
152 	0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
153 	0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
154 	0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
155 	0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
156 	0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
157 	0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
158 	0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
159 	0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
160 	0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
161 	0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
162 	0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
163 	0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
164 	0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
165 	0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU
166 };
167 
168 
169 static const uint32_t Te1[256] =
170 {
171 	0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
172 	0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
173 	0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
174 	0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
175 	0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
176 	0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
177 	0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
178 	0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
179 	0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
180 	0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
181 	0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
182 	0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
183 	0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
184 	0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
185 	0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
186 	0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
187 	0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
188 	0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
189 	0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
190 	0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
191 	0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
192 	0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
193 	0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
194 	0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
195 	0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
196 	0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
197 	0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
198 	0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
199 	0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
200 	0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
201 	0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
202 	0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
203 	0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
204 	0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
205 	0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
206 	0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
207 	0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
208 	0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
209 	0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
210 	0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
211 	0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
212 	0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
213 	0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
214 	0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
215 	0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
216 	0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
217 	0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
218 	0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
219 	0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
220 	0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
221 	0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
222 	0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
223 	0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
224 	0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
225 	0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
226 	0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
227 	0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
228 	0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
229 	0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
230 	0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
231 	0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
232 	0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
233 	0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
234 	0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U
235 };
236 
237 
238 static const uint32_t Te2[256] =
239 {
240 	0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
241 	0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
242 	0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
243 	0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
244 	0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
245 	0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
246 	0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
247 	0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
248 	0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
249 	0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
250 	0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
251 	0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
252 	0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
253 	0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
254 	0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
255 	0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
256 	0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
257 	0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
258 	0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
259 	0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
260 	0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
261 	0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
262 	0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
263 	0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
264 	0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
265 	0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
266 	0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
267 	0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
268 	0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
269 	0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
270 	0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
271 	0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
272 	0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
273 	0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
274 	0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
275 	0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
276 	0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
277 	0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
278 	0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
279 	0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
280 	0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
281 	0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
282 	0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
283 	0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
284 	0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
285 	0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
286 	0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
287 	0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
288 	0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
289 	0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
290 	0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
291 	0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
292 	0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
293 	0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
294 	0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
295 	0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
296 	0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
297 	0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
298 	0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
299 	0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
300 	0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
301 	0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
302 	0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
303 	0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U
304 };
305 
306 
307 static const uint32_t Te3[256] =
308 {
309 	0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
310 	0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
311 	0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
312 	0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
313 	0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
314 	0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
315 	0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
316 	0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
317 	0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
318 	0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
319 	0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
320 	0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
321 	0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
322 	0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
323 	0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
324 	0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
325 	0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
326 	0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
327 	0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
328 	0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
329 	0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
330 	0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
331 	0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
332 	0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
333 	0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
334 	0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
335 	0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
336 	0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
337 	0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
338 	0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
339 	0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
340 	0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
341 	0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
342 	0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
343 	0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
344 	0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
345 	0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
346 	0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
347 	0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
348 	0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
349 	0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
350 	0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
351 	0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
352 	0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
353 	0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
354 	0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
355 	0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
356 	0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
357 	0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
358 	0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
359 	0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
360 	0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
361 	0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
362 	0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
363 	0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
364 	0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
365 	0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
366 	0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
367 	0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
368 	0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
369 	0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
370 	0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
371 	0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
372 	0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU
373 };
374 
375 static const uint32_t Te4[256] =
376 {
377 	0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
378 	0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
379 	0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
380 	0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
381 	0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
382 	0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
383 	0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
384 	0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
385 	0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
386 	0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
387 	0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
388 	0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
389 	0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
390 	0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
391 	0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
392 	0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
393 	0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
394 	0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
395 	0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
396 	0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
397 	0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
398 	0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
399 	0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
400 	0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
401 	0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
402 	0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
403 	0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
404 	0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
405 	0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
406 	0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
407 	0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
408 	0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
409 	0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
410 	0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
411 	0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
412 	0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
413 	0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
414 	0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
415 	0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
416 	0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
417 	0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
418 	0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
419 	0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
420 	0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
421 	0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
422 	0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
423 	0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
424 	0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
425 	0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
426 	0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
427 	0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
428 	0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
429 	0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
430 	0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
431 	0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
432 	0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
433 	0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
434 	0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
435 	0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
436 	0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
437 	0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
438 	0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
439 	0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
440 	0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U
441 };
442 
443 static const uint32_t Td0[256] =
444 {
445 	0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
446 	0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
447 	0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
448 	0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
449 	0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
450 	0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
451 	0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
452 	0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
453 	0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
454 	0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
455 	0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
456 	0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
457 	0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
458 	0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
459 	0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
460 	0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
461 	0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
462 	0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
463 	0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
464 	0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
465 	0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
466 	0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
467 	0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
468 	0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
469 	0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
470 	0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
471 	0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
472 	0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
473 	0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
474 	0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
475 	0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
476 	0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
477 	0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
478 	0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
479 	0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
480 	0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
481 	0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
482 	0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
483 	0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
484 	0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
485 	0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
486 	0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
487 	0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
488 	0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
489 	0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
490 	0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
491 	0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
492 	0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
493 	0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
494 	0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
495 	0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
496 	0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
497 	0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
498 	0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
499 	0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
500 	0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
501 	0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
502 	0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
503 	0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
504 	0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
505 	0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
506 	0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
507 	0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
508 	0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U
509 };
510 
511 static const uint32_t Td1[256] =
512 {
513 	0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
514 	0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
515 	0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
516 	0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
517 	0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
518 	0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
519 	0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
520 	0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
521 	0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
522 	0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
523 	0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
524 	0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
525 	0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
526 	0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
527 	0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
528 	0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
529 	0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
530 	0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
531 	0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
532 	0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
533 	0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
534 	0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
535 	0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
536 	0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
537 	0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
538 	0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
539 	0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
540 	0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
541 	0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
542 	0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
543 	0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
544 	0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
545 	0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
546 	0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
547 	0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
548 	0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
549 	0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
550 	0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
551 	0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
552 	0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
553 	0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
554 	0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
555 	0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
556 	0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
557 	0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
558 	0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
559 	0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
560 	0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
561 	0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
562 	0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
563 	0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
564 	0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
565 	0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
566 	0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
567 	0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
568 	0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
569 	0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
570 	0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
571 	0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
572 	0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
573 	0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
574 	0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
575 	0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
576 	0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U
577 };
578 
579 static const uint32_t Td2[256] =
580 {
581 	0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
582 	0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
583 	0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
584 	0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
585 	0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
586 	0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
587 	0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
588 	0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
589 	0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
590 	0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
591 	0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
592 	0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
593 	0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
594 	0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
595 	0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
596 	0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
597 	0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
598 	0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
599 	0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
600 	0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
601 	0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
602 	0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
603 	0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
604 	0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
605 	0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
606 	0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
607 	0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
608 	0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
609 	0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
610 	0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
611 	0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
612 	0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
613 	0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
614 	0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
615 	0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
616 	0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
617 	0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
618 	0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
619 	0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
620 	0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
621 	0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
622 	0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
623 	0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
624 	0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
625 	0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
626 	0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
627 	0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
628 	0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
629 	0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
630 	0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
631 	0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
632 	0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
633 	0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
634 	0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
635 	0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
636 	0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
637 	0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
638 	0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
639 	0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
640 	0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
641 	0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
642 	0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
643 	0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
644 	0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U
645 };
646 
647 static const uint32_t Td3[256] =
648 {
649 	0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
650 	0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
651 	0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
652 	0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
653 	0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
654 	0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
655 	0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
656 	0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
657 	0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
658 	0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
659 	0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
660 	0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
661 	0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
662 	0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
663 	0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
664 	0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
665 	0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
666 	0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
667 	0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
668 	0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
669 	0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
670 	0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
671 	0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
672 	0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
673 	0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
674 	0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
675 	0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
676 	0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
677 	0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
678 	0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
679 	0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
680 	0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
681 	0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
682 	0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
683 	0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
684 	0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
685 	0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
686 	0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
687 	0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
688 	0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
689 	0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
690 	0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
691 	0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
692 	0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
693 	0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
694 	0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
695 	0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
696 	0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
697 	0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
698 	0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
699 	0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
700 	0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
701 	0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
702 	0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
703 	0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
704 	0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
705 	0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
706 	0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
707 	0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
708 	0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
709 	0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
710 	0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
711 	0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
712 	0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U
713 };
714 
715 
716 static const uint32_t Td4[256] =
717 {
718 	0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
719 	0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
720 	0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
721 	0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
722 	0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
723 	0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
724 	0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
725 	0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
726 	0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
727 	0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
728 	0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
729 	0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
730 	0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
731 	0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
732 	0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
733 	0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
734 	0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
735 	0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
736 	0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
737 	0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
738 	0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
739 	0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
740 	0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
741 	0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
742 	0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
743 	0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
744 	0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
745 	0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
746 	0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
747 	0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
748 	0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
749 	0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
750 	0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
751 	0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
752 	0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
753 	0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
754 	0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
755 	0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
756 	0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
757 	0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
758 	0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
759 	0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
760 	0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
761 	0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
762 	0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
763 	0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
764 	0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
765 	0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
766 	0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
767 	0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
768 	0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
769 	0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
770 	0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
771 	0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
772 	0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
773 	0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
774 	0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
775 	0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
776 	0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
777 	0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
778 	0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
779 	0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
780 	0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
781 	0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU
782 };
783 
784 static const uint32_t rcon[] =
785 {
786 	/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
787 	0x01000000, 0x02000000, 0x04000000, 0x08000000,
788 	0x10000000, 0x20000000, 0x40000000, 0x80000000,
789 	0x1B000000, 0x36000000
790 };
791 #endif
792 
793 /*
794  *  Expand the cipher key into the encryption key schedule.
795  *  return  the number of rounds for the given cipher key size.
796  *  The size of the key schedule depends on the number of rounds
797  *  (which can be computed from the size of the key), i.e. 4*(Nr + 1).
798  */
799 static int
800 rijndael_key_setup_enc_raw(uint32_t rk[], const uint32_t cipherKey[],
801     int keyBits)
802 {
803 	int		i = 0;
804 	uint32_t	temp;
805 
806 	rk[0] = cipherKey[0];
807 	rk[1] = cipherKey[1];
808 	rk[2] = cipherKey[2];
809 	rk[3] = cipherKey[3];
810 
811 	if (keyBits == 128) {
812 		for (;;) {
813 			temp  = rk[3];
814 			rk[4] = rk[0] ^
815 			    (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
816 			    (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
817 			    (Te4[temp & 0xff] & 0x0000ff00) ^
818 			    (Te4[temp >> 24] & 0x000000ff) ^
819 			    rcon[i];
820 			rk[5] = rk[1] ^ rk[4];
821 			rk[6] = rk[2] ^ rk[5];
822 			rk[7] = rk[3] ^ rk[6];
823 
824 			if (++i == 10) {
825 				return (10);
826 			}
827 			rk += 4;
828 		}
829 	}
830 
831 	rk[4] = cipherKey[4];
832 	rk[5] = cipherKey[5];
833 
834 	if (keyBits == 192) {
835 		for (;;) {
836 			temp = rk[5];
837 			rk[6] = rk[0] ^
838 			    (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
839 			    (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
840 			    (Te4[temp & 0xff] & 0x0000ff00) ^
841 			    (Te4[temp >> 24] & 0x000000ff) ^
842 			    rcon[i];
843 			rk[7] = rk[1] ^ rk[6];
844 			rk[8] = rk[2] ^ rk[7];
845 			rk[9] = rk[3] ^ rk[8];
846 
847 			if (++i == 8) {
848 				return (12);
849 			}
850 
851 			rk[10] = rk[4] ^ rk[9];
852 			rk[11] = rk[5] ^ rk[10];
853 			rk += 6;
854 		}
855 	}
856 
857 	rk[6] = cipherKey[6];
858 	rk[7] = cipherKey[7];
859 
860 	if (keyBits == 256) {
861 		for (;;) {
862 			temp = rk[7];
863 			rk[8] = rk[0] ^
864 			    (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
865 			    (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
866 			    (Te4[temp & 0xff] & 0x0000ff00) ^
867 			    (Te4[temp >> 24] & 0x000000ff) ^
868 			    rcon[i];
869 			rk[9] = rk[1] ^ rk[8];
870 			rk[10] = rk[2] ^ rk[9];
871 			rk[11] = rk[3] ^ rk[10];
872 
873 			if (++i == 7) {
874 				return (14);
875 			}
876 			temp = rk[11];
877 			rk[12] = rk[4] ^
878 			    (Te4[temp >> 24] & 0xff000000) ^
879 			    (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
880 			    (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
881 			    (Te4[temp & 0xff] & 0x000000ff);
882 			rk[13] = rk[5] ^ rk[12];
883 			rk[14] = rk[6] ^ rk[13];
884 			rk[15] = rk[7] ^ rk[14];
885 
886 			rk += 8;
887 		}
888 	}
889 
890 	return (0);
891 }
892 
893 
894 #ifdef sun4u
895 
896 /*
897  *  Expand the cipher key into the enryption key schedule as used
898  *  by the sun4u optimized assembly implementation.
899  *  return  the number of rounds for the given cipher key size.
900  *  The size of the key schedule depends on the number of rounds
901  *  (which can be computed from the size of the key), i.e. 4*(Nr + 1).
902  */
903 static int
904 rijndael_key_setup_enc(uint64_t rk[], const uint32_t cipherKey[], int keyBits)
905 {
906 	uint32_t	rk1[4 * (MAX_AES_NR + 1)];
907 	uint64_t	*rk64 = (uint64_t *)rk;
908 	uint32_t	*rkt;
909 	uint64_t	t;
910 	int		i, Nr;
911 
912 	Nr = rijndael_key_setup_enc_raw(rk1, cipherKey, keyBits);
913 
914 	for (i = 0; i < 4 * Nr; i++) {
915 		t = (uint64_t)(rk1[i]);
916 		rk64[i] = ((t & 0xff000000) << 11) |
917 		    ((t & 0xff0000) << 8) |
918 		    ((t & 0xffff) << 3);
919 	}
920 
921 	rkt = (uint32_t *)(&(rk64[4 * Nr]));
922 
923 	for (i = 0; i < 4; i++) {
924 		rkt[i] = rk1[4 * Nr+i];
925 	}
926 
927 	return (Nr);
928 }
929 
930 
931 /*
932  *  Expand the cipher key into the decryption key schedule as used
933  *  by the sun4u optimized assembly implementation.
934  *  return  the number of rounds for the given cipher key size.
935  *  The size of the key schedule depends on the number of rounds
936  *  (which can be computed from the size of the key), i.e. 4*(Nr + 1).
937  */
938 static int
939 rijndael_key_setup_dec_raw(uint32_t rk[], const uint32_t cipherKey[],
940     int keyBits)
941 {
942 	int		Nr, i;
943 	uint32_t	temp;
944 
945 	/* expand the cipher key: */
946 	Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits);
947 
948 	/* invert the order of the round keys: */
949 
950 	for (i = 0; i < 2 * Nr + 2; i++) {
951 		temp = rk[i];
952 		rk[i] = rk[4 * Nr - i + 3];
953 		rk[4 * Nr - i + 3] = temp;
954 	}
955 
956 	/*
957 	 * apply the inverse MixColumn transform to all
958 	 * round keys but the first and the last:
959 	 */
960 	for (i = 1; i < Nr; i++) {
961 		rk += 4;
962 		rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^
963 		    Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
964 		    Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
965 		    Td3[Te4[rk[0] & 0xff] & 0xff];
966 		rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^
967 		    Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
968 		    Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
969 		    Td3[Te4[rk[1] & 0xff] & 0xff];
970 		rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^
971 		    Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
972 		    Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
973 		    Td3[Te4[rk[2] & 0xff] & 0xff];
974 		rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^
975 		    Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
976 		    Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
977 		    Td3[Te4[rk[3] & 0xff] & 0xff];
978 	}
979 
980 	return (Nr);
981 }
982 
983 
984 /*
985  *  The size of the key schedule depends on the number of rounds
986  *  (which can be computed from the size of the key), i.e. 4*(Nr + 1).
987  */
988 int
989 rijndael_key_setup_dec(uint64_t rk[], const uint32_t cipherKey[], int keyBits)
990 {
991 	uint32_t	rk1[4 * (MAX_AES_NR + 1)];
992 	uint64_t	*rk64 = (uint64_t *)rk;
993 	uint32_t	*rkt;
994 	uint64_t	t;
995 	int		i, Nr;
996 
997 	Nr = rijndael_key_setup_dec_raw(rk1, cipherKey, keyBits);
998 	for (i = 0; i < 4 * Nr; i++) {
999 		t = (uint64_t)(rk1[i]);
1000 		rk64[i] = ((t & 0xff000000) << 11) |
1001 		    ((t & 0xff0000) << 8) |
1002 		    ((t & 0xffff) << 3);
1003 	}
1004 
1005 	rkt = (uint32_t *)(&(rk64[4 * Nr]));
1006 
1007 	for (i = 0; i < 4; i++) {
1008 		rkt[i] = rk1[4 * Nr + i];
1009 	}
1010 
1011 	return (Nr);
1012 }
1013 
1014 
1015 static void
1016 aes_setupkeys(aes_key_t *key, uint32_t *keyarr32, int keybits)
1017 {
1018 	key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks64[0]), keyarr32,
1019 	    keybits);
1020 	key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks64[0]), keyarr32,
1021 	    keybits);
1022 	key->type = AES_64BIT_KS;
1023 }
1024 
1025 #else /* !sun4u */
1026 
1027 /*
1028  *  Expand the cipher key into the encryption key schedule.
1029  *  return  the number of rounds for the given cipher key size.
1030  *  The size of the key schedule depends on the number of rounds
1031  *  (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1032  */
1033 static int
1034 rijndael_key_setup_enc(uint32_t rk[], const uint32_t cipherKey[], int keyBits)
1035 {
1036 	return (rijndael_key_setup_enc_raw(rk, cipherKey, keyBits));
1037 }
1038 
1039 
1040 /*
1041  *  Expand the cipher key into the decryption key schedule.
1042  *  @return  the number of rounds for the given cipher key size.
1043  *  The size of the key schedule depends on the number of rounds
1044  *  (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1045  */
1046 static int
1047 rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[], int keyBits)
1048 {
1049 	int	 Nr, i, j;
1050 	uint32_t temp;
1051 
1052 	/* expand the cipher key: */
1053 	Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits);
1054 
1055 	/* invert the order of the round keys: */
1056 	for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4) {
1057 		temp = rk[i];
1058 		rk[i] = rk[j];
1059 		rk[j] = temp;
1060 		temp = rk[i + 1];
1061 		rk[i + 1] = rk[j + 1];
1062 		rk[j + 1] = temp;
1063 		temp = rk[i + 2];
1064 		rk[i + 2] = rk[j + 2];
1065 		rk[j + 2] = temp;
1066 		temp = rk[i + 3];
1067 		rk[i + 3] = rk[j + 3];
1068 		rk[j + 3] = temp;
1069 	}
1070 
1071 	/*
1072 	 * apply the inverse MixColumn transform to all
1073 	 * round keys but the first and the last:
1074 	 */
1075 	for (i = 1; i < Nr; i++) {
1076 		rk += 4;
1077 		rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^
1078 		    Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1079 		    Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1080 		    Td3[Te4[rk[0] & 0xff] & 0xff];
1081 		rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^
1082 		    Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1083 		    Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1084 		    Td3[Te4[rk[1] & 0xff] & 0xff];
1085 		rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^
1086 		    Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1087 		    Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1088 		    Td3[Te4[rk[2] & 0xff] & 0xff];
1089 		rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^
1090 		    Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1091 		    Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1092 		    Td3[Te4[rk[3] & 0xff] & 0xff];
1093 	}
1094 
1095 	return (Nr);
1096 }
1097 
1098 
1099 static void
1100 aes_setupkeys(aes_key_t *key, uint32_t *keyarr32, int keybits)
1101 {
1102 	key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks32[0]), keyarr32,
1103 	    keybits);
1104 	key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks32[0]), keyarr32,
1105 	    keybits);
1106 	key->type = AES_32BIT_KS;
1107 }
1108 
1109 /*
1110  * Encrypt one block of data. The block is assumed to be an array
1111  * of four uint32_t values, so copy for alignment (and byte-order
1112  * reversal for little endian systems might be necessary on the
1113  * input and output byte streams.
1114  * The size of the key schedule depends on the number of rounds
1115  * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1116  */
1117 void
1118 rijndael_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4],
1119     uint32_t ct[4])
1120 {
1121 	uint32_t	s0, s1, s2, s3, t0, t1, t2, t3;
1122 	int		r;
1123 
1124 	/*
1125 	 * map byte array block to cipher state
1126 	 * and add initial round key:
1127 	 */
1128 
1129 	s0 = pt[0] ^ rk[0];
1130 	s1 = pt[1] ^ rk[1];
1131 	s2 = pt[2] ^ rk[2];
1132 	s3 = pt[3] ^ rk[3];
1133 
1134 	/*
1135 	 * Nr - 1 full rounds:
1136 	 */
1137 
1138 	r = Nr >> 1;
1139 
1140 	for (;;) {
1141 		t0 = Te0[s0 >> 24] ^
1142 		    Te1[(s1 >> 16) & 0xff] ^
1143 		    Te2[(s2 >>  8) & 0xff] ^
1144 		    Te3[s3 & 0xff] ^
1145 		    rk[4];
1146 
1147 		t1 = Te0[s1 >> 24] ^
1148 		    Te1[(s2 >> 16) & 0xff] ^
1149 		    Te2[(s3 >>  8) & 0xff] ^
1150 		    Te3[s0 & 0xff] ^
1151 		    rk[5];
1152 
1153 		t2 = Te0[s2 >> 24] ^
1154 		    Te1[(s3 >> 16) & 0xff] ^
1155 		    Te2[(s0 >>  8) & 0xff] ^
1156 		    Te3[s1 & 0xff] ^
1157 		    rk[6];
1158 
1159 		t3 = Te0[s3 >> 24] ^
1160 		    Te1[(s0 >> 16) & 0xff] ^
1161 		    Te2[(s1 >>  8) & 0xff] ^
1162 		    Te3[s2 & 0xff] ^
1163 		    rk[7];
1164 
1165 		rk += 8;
1166 
1167 		if (--r == 0) {
1168 			break;
1169 		}
1170 
1171 		s0 = Te0[t0 >> 24] ^
1172 		    Te1[(t1 >> 16) & 0xff] ^
1173 		    Te2[(t2 >>  8) & 0xff] ^
1174 		    Te3[t3 & 0xff] ^
1175 		    rk[0];
1176 
1177 		s1 = Te0[t1 >> 24] ^
1178 		    Te1[(t2 >> 16) & 0xff] ^
1179 		    Te2[(t3 >>  8) & 0xff] ^
1180 		    Te3[t0 & 0xff] ^
1181 		    rk[1];
1182 
1183 		s2 = Te0[t2 >> 24] ^
1184 		    Te1[(t3 >> 16) & 0xff] ^
1185 		    Te2[(t0 >>  8) & 0xff] ^
1186 		    Te3[t1 & 0xff] ^
1187 		    rk[2];
1188 
1189 		s3 = Te0[t3 >> 24] ^
1190 		    Te1[(t0 >> 16) & 0xff] ^
1191 		    Te2[(t1 >>  8) & 0xff] ^
1192 		    Te3[t2 & 0xff] ^
1193 		    rk[3];
1194 	}
1195 
1196 	/*
1197 	 * apply last round and
1198 	 * map cipher state to byte array block:
1199 	 */
1200 
1201 	s0 = (Te4[(t0 >> 24)] & 0xff000000) ^
1202 	    (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1203 	    (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1204 	    (Te4[t3 & 0xff] & 0x000000ff) ^
1205 	    rk[0];
1206 	ct[0] = s0;
1207 
1208 	s1 = (Te4[(t1 >> 24)] & 0xff000000) ^
1209 	    (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1210 	    (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1211 	    (Te4[t0 & 0xff] & 0x000000ff) ^
1212 	    rk[1];
1213 	ct[1] = s1;
1214 
1215 	s2 = (Te4[(t2 >> 24)] & 0xff000000) ^
1216 	    (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1217 	    (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1218 	    (Te4[t1 & 0xff] & 0x000000ff) ^
1219 	    rk[2];
1220 	ct[2] = s2;
1221 
1222 	s3 = (Te4[(t3 >> 24)] & 0xff000000) ^
1223 	    (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1224 	    (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1225 	    (Te4[t2 & 0xff] & 0x000000ff) ^
1226 	    rk[3];
1227 	ct[3] = s3;
1228 }
1229 
1230 
1231 /*
1232  * Decrypt one block of data. The block is assumed to be an array
1233  * of four uint32_t values, so copy for alignment (and byte-order
1234  * reversal for little endian systems might be necessary on the
1235  * input and output byte streams.
1236  * The size of the key schedule depends on the number of rounds
1237  * (which can be computed from the size of the key), i.e. 4*(Nr + 1).
1238  */
1239 void
1240 rijndael_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4],
1241     uint32_t pt[4])
1242 {
1243 	uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
1244 	int	 r;
1245 
1246 	/*
1247 	 * map byte array block to cipher state
1248 	 * and add initial round key:
1249 	 */
1250 	s0 = ct[0] ^ rk[0];
1251 	s1 = ct[1] ^ rk[1];
1252 	s2 = ct[2] ^ rk[2];
1253 	s3 = ct[3] ^ rk[3];
1254 
1255 	/*
1256 	 * Nr - 1 full rounds:
1257 	 */
1258 
1259 	r = Nr >> 1;
1260 
1261 	for (;;) {
1262 		t0 = Td0[s0 >> 24] ^
1263 		    Td1[(s3 >> 16) & 0xff] ^
1264 		    Td2[(s2 >> 8) & 0xff] ^
1265 		    Td3[s1 & 0xff] ^
1266 		    rk[4];
1267 
1268 		t1 = Td0[s1 >> 24] ^
1269 		    Td1[(s0 >> 16) & 0xff] ^
1270 		    Td2[(s3 >>  8) & 0xff] ^
1271 		    Td3[s2 & 0xff] ^
1272 		    rk[5];
1273 
1274 		t2 = Td0[s2 >> 24] ^
1275 		    Td1[(s1 >> 16) & 0xff] ^
1276 		    Td2[(s0 >>  8) & 0xff] ^
1277 		    Td3[s3 & 0xff] ^
1278 		    rk[6];
1279 
1280 		t3 = Td0[s3 >> 24] ^
1281 		    Td1[(s2 >> 16) & 0xff] ^
1282 		    Td2[(s1 >> 8) & 0xff] ^
1283 		    Td3[s0 & 0xff] ^
1284 		    rk[7];
1285 
1286 		rk += 8;
1287 
1288 		if (--r == 0) {
1289 			break;
1290 		}
1291 
1292 		s0 = Td0[t0 >> 24] ^
1293 		    Td1[(t3 >> 16) & 0xff] ^
1294 		    Td2[(t2 >> 8) & 0xff] ^
1295 		    Td3[t1 & 0xff] ^
1296 		    rk[0];
1297 
1298 		s1 = Td0[t1 >> 24] ^
1299 		    Td1[(t0 >> 16) & 0xff] ^
1300 		    Td2[(t3 >> 8) & 0xff] ^
1301 		    Td3[t2 & 0xff] ^
1302 		    rk[1];
1303 
1304 		s2 = Td0[t2 >> 24] ^
1305 		    Td1[(t1 >> 16) & 0xff] ^
1306 		    Td2[(t0 >> 8) & 0xff] ^
1307 		    Td3[t3 & 0xff] ^
1308 		    rk[2];
1309 
1310 		s3 = Td0[t3 >> 24] ^
1311 		    Td1[(t2 >> 16) & 0xff] ^
1312 		    Td2[(t1 >> 8) & 0xff] ^
1313 		    Td3[t0 & 0xff] ^
1314 		    rk[3];
1315 	}
1316 
1317 	/*
1318 	 * apply last round and
1319 	 * map cipher state to byte array block:
1320 	 */
1321 
1322 	s0 = (Td4[t0 >> 24] & 0xff000000) ^
1323 	    (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1324 	    (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1325 	    (Td4[t1 & 0xff] & 0x000000ff) ^
1326 	    rk[0];
1327 	pt[0] = s0;
1328 
1329 	s1 = (Td4[t1 >> 24] & 0xff000000) ^
1330 	    (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1331 	    (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1332 	    (Td4[t2 & 0xff] & 0x000000ff) ^
1333 	    rk[1];
1334 	pt[1] = s1;
1335 
1336 	s2 = (Td4[t2 >> 24] & 0xff000000) ^
1337 	    (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1338 	    (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1339 	    (Td4[t3 & 0xff] & 0x000000ff) ^
1340 	    rk[2];
1341 	pt[2] = s2;
1342 
1343 	s3 = (Td4[t3 >> 24] & 0xff000000) ^
1344 	    (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1345 	    (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1346 	    (Td4[t0 & 0xff] & 0x000000ff) ^
1347 	    rk[3];
1348 	pt[3] = s3;
1349 }
1350 
1351 void
1352 aes_encrypt_impl(const aes_ks_t *ks, int Nr, const uint32_t pt[4],
1353     uint32_t ct[4])
1354 {
1355 	rijndael_encrypt(&(ks->ks32[0]), Nr, pt, ct);
1356 }
1357 
1358 void
1359 aes_decrypt_impl(const aes_ks_t *ks, int Nr, const uint32_t ct[4],
1360     uint32_t pt[4])
1361 {
1362 	rijndael_decrypt(&(ks->ks32[0]), Nr, ct, pt);
1363 }
1364 
1365 #endif /* sun4u */
1366 /* EXPORT DELETE END */
1367 
1368 
1369 /*
1370  * Initialize key schedules for AES
1371  */
1372 void
1373 aes_init_keysched(uint8_t *cipherKey, uint_t keyBits, void *keysched)
1374 {
1375 /* EXPORT DELETE START */
1376 	aes_key_t *newbie = keysched;
1377 	uint64_t keyarr64[4];
1378 	uint32_t *keyarr32 = (uint32_t *)keyarr64;
1379 	uint_t keysize, i, j;
1380 
1381 	switch (keyBits) {
1382 	case 128:
1383 		newbie->nr = 10;
1384 		break;
1385 
1386 	case 192:
1387 		newbie->nr = 12;
1388 		break;
1389 
1390 	case 256:
1391 		newbie->nr = 14;
1392 		break;
1393 
1394 	default:
1395 		/* should never get here */
1396 		return;
1397 	}
1398 	keysize = keyBits >> 3;
1399 
1400 	/*
1401 	 * The code below, that is always executed on LITTLE_ENDIAN machines,
1402 	 * reverses every 4 bytes in the key.  On BIG_ENDIAN, the same code
1403 	 * copies the key without reversing bytes.
1404 	 */
1405 #ifdef _BIG_ENDIAN
1406 	if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) {
1407 		for (i = 0, j = 0; j < keysize; i++, j += 8) {
1408 			/* LINTED: pointer alignment */
1409 			keyarr64[i] = *((uint64_t *)&cipherKey[j]);
1410 		}
1411 	} else {
1412 #endif
1413 		for (i = 0, j = 0; j < keysize; i++, j += 4) {
1414 			keyarr32[i] = (((uint32_t)cipherKey[j] << 24) |
1415 			    ((uint32_t)cipherKey[j + 1] << 16) |
1416 			    ((uint32_t)cipherKey[j + 2] << 8) |
1417 			    (uint32_t)cipherKey[j + 3]);
1418 		}
1419 #ifdef _BIG_ENDIAN
1420 	}
1421 #endif
1422 	aes_setupkeys(newbie, keyarr32, keyBits);
1423 
1424 /* EXPORT DELETE END */
1425 }
1426 
1427 void
1428 aes_encrypt_block(void *ks, uint8_t *pt, uint8_t *ct)
1429 {
1430 /* EXPORT DELETE START */
1431 
1432 	aes_key_t *ksch = (aes_key_t *)ks;
1433 
1434 #ifdef _BIG_ENDIAN
1435 	if (IS_P2ALIGNED(pt, sizeof (uint32_t)) &&
1436 	    IS_P2ALIGNED(ct, sizeof (uint32_t))) {
1437 		/* LINTED:  pointer alignment */
1438 		aes_encrypt_impl(&ksch->encr_ks, ksch->nr, (uint32_t *)pt,
1439 		    /* LINTED:  pointer alignment */
1440 		    (uint32_t *)ct);
1441 	} else {
1442 #endif
1443 		uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
1444 
1445 		buffer[0] = (((uint32_t)pt[0] << 24) | ((uint32_t)pt[1] << 16) |
1446 		    ((uint32_t)pt[2] << 8) | (uint32_t)pt[3]);
1447 
1448 		buffer[1] = (((uint32_t)pt[4] << 24) | ((uint32_t)pt[5] << 16) |
1449 		    ((uint32_t)pt[6] << 8) | (uint32_t)pt[7]);
1450 
1451 		buffer[2] = (((uint32_t)pt[8] << 24) | ((uint32_t)pt[9] << 16) |
1452 		    ((uint32_t)pt[10] << 8) | (uint32_t)pt[11]);
1453 
1454 		buffer[3] = (((uint32_t)pt[12] << 24) |
1455 		    ((uint32_t)pt[13] << 16) | ((uint32_t)pt[14] << 8) |
1456 		    (uint32_t)pt[15]);
1457 
1458 		aes_encrypt_impl(&ksch->encr_ks, ksch->nr, buffer, buffer);
1459 
1460 		ct[0] = buffer[0] >> 24;
1461 		ct[1] = buffer[0] >> 16;
1462 		ct[2] = buffer[0] >> 8;
1463 		ct[3] = (uint8_t)buffer[0];
1464 		ct[4] = buffer[1] >> 24;
1465 		ct[5] = buffer[1] >> 16;
1466 		ct[6] = buffer[1] >> 8;
1467 		ct[7] = (uint8_t)buffer[1];
1468 		ct[8] = buffer[2] >> 24;
1469 		ct[9] = buffer[2] >> 16;
1470 		ct[10] = buffer[2] >> 8;
1471 		ct[11] = (uint8_t)buffer[2];
1472 		ct[12] = buffer[3] >> 24;
1473 		ct[13] = buffer[3] >> 16;
1474 		ct[14] = buffer[3] >> 8;
1475 		ct[15] = (uint8_t)buffer[3];
1476 #ifdef _BIG_ENDIAN
1477 	}
1478 #endif
1479 
1480 /* EXPORT DELETE END */
1481 }
1482 
1483 void
1484 aes_decrypt_block(void *ks, uint8_t *ct, uint8_t *pt)
1485 {
1486 /* EXPORT DELETE START */
1487 
1488 	aes_key_t *ksch = (aes_key_t *)ks;
1489 
1490 #ifdef _BIG_ENDIAN
1491 	if (IS_P2ALIGNED(ct, sizeof (uint32_t)) &&
1492 	    IS_P2ALIGNED(pt, sizeof (uint32_t))) {
1493 		/* LINTED:  pointer alignment */
1494 		aes_decrypt_impl(&ksch->decr_ks, ksch->nr, (uint32_t *)ct,
1495 		    /* LINTED:  pointer alignment */
1496 		    (uint32_t *)pt);
1497 	} else {
1498 #endif
1499 		uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
1500 
1501 		buffer[0] = (((uint32_t)ct[0] << 24) | ((uint32_t)ct[1] << 16) |
1502 		    ((uint32_t)ct[2] << 8) | (uint32_t)ct[3]);
1503 
1504 		buffer[1] = (((uint32_t)ct[4] << 24) | ((uint32_t)ct[5] << 16) |
1505 		    ((uint32_t)ct[6] << 8) | (uint32_t)ct[7]);
1506 
1507 		buffer[2] = (((uint32_t)ct[8] << 24) | ((uint32_t)ct[9] << 16) |
1508 		    ((uint32_t)ct[10] << 8) | (uint32_t)ct[11]);
1509 
1510 		buffer[3] = (((uint32_t)ct[12] << 24) |
1511 		    ((uint32_t)ct[13] << 16) | ((uint32_t)ct[14] << 8) |
1512 		    (uint32_t)ct[15]);
1513 
1514 		aes_decrypt_impl(&ksch->decr_ks, ksch->nr, buffer, buffer);
1515 
1516 		pt[0] = buffer[0] >> 24;
1517 		pt[1] = buffer[0] >> 16;
1518 		pt[2] = buffer[0] >> 8;
1519 		pt[3] = (uint8_t)buffer[0];
1520 		pt[4] = buffer[1] >> 24;
1521 		pt[5] = buffer[1] >> 16;
1522 		pt[6] = buffer[1] >> 8;
1523 		pt[7] = (uint8_t)buffer[1];
1524 		pt[8] = buffer[2] >> 24;
1525 		pt[9] = buffer[2] >> 16;
1526 		pt[10] = buffer[2] >> 8;
1527 		pt[11] = (uint8_t)buffer[2];
1528 		pt[12] = buffer[3] >> 24;
1529 		pt[13] = buffer[3] >> 16;
1530 		pt[14] = buffer[3] >> 8;
1531 		pt[15] = (uint8_t)buffer[3];
1532 #ifdef _BIG_ENDIAN
1533 	}
1534 #endif
1535 
1536 /* EXPORT DELETE END */
1537 }
1538 
1539 /*
1540  * Allocate key schedule for AES
1541  */
1542 /* ARGSUSED */
1543 void *
1544 aes_alloc_keysched(size_t *size, int kmflag)
1545 {
1546 
1547 /* EXPORT DELETE START */
1548 
1549 	aes_key_t *keysched;
1550 
1551 #ifdef 	_KERNEL
1552 	keysched = (aes_key_t *)kmem_alloc(sizeof (aes_key_t), kmflag);
1553 #else	/* !_KERNEL */
1554 	keysched = (aes_key_t *)malloc(sizeof (aes_key_t));
1555 #endif	/* _KERNEL */
1556 
1557 	if (keysched != NULL) {
1558 		*size = sizeof (aes_key_t);
1559 		return (keysched);
1560 	}
1561 
1562 /* EXPORT DELETE END */
1563 
1564 	return (NULL);
1565 }
1566