1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/systm.h> 28 #include <sys/ddi.h> 29 #include <sys/sysmacros.h> 30 #include <sys/strsun.h> 31 #include <netinet/in.h> 32 #include <sys/crypto/spi.h> 33 #include <modes/modes.h> 34 #include "aes_impl.h" 35 #ifndef _KERNEL 36 #include <strings.h> 37 #include <stdlib.h> 38 #endif /* !_KERNEL */ 39 40 41 /* 42 * This file is derived from the file rijndael-alg-fst.c taken from the 43 * "optimized C code v3.0" on the "rijndael home page" 44 * http://www.iaik.tu-graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/ 45 * pointed by the NIST web-site http://csrc.nist.gov/archive/aes/ 46 * 47 * The following note is from the original file: 48 */ 49 50 /* 51 * rijndael-alg-fst.c 52 * 53 * @version 3.0 (December 2000) 54 * 55 * Optimised ANSI C code for the Rijndael cipher (now AES) 56 * 57 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> 58 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> 59 * @author Paulo Barreto <paulo.barreto@terra.com.br> 60 * 61 * This code is hereby placed in the public domain. 62 * 63 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 64 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 66 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 67 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 68 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 69 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 70 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 71 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 72 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 73 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 74 */ 75 76 /* EXPORT DELETE START */ 77 78 #if defined(sun4u) || defined(__amd64) 79 /* External assembly functions: */ 80 extern void aes_encrypt_impl(const uint32_t rk[], int Nr, const uint32_t pt[4], 81 uint32_t ct[4]); 82 extern void aes_decrypt_impl(const uint32_t rk[], int Nr, const uint32_t ct[4], 83 uint32_t pt[4]); 84 #define AES_ENCRYPT_IMPL aes_encrypt_impl 85 #define AES_DECRYPT_IMPL aes_decrypt_impl 86 87 #ifdef __amd64 88 extern int rijndael_key_setup_enc(uint32_t rk[], const uint32_t cipherKey[], 89 int keyBits); 90 extern int rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[], 91 int keyBits); 92 #endif 93 94 #else 95 #define AES_ENCRYPT_IMPL rijndael_encrypt 96 #define AES_DECRYPT_IMPL rijndael_decrypt 97 #define rijndael_key_setup_enc_raw rijndael_key_setup_enc 98 #endif /* sun4u || __amd64 */ 99 100 #if defined(_LITTLE_ENDIAN) && !defined(__amd64) 101 #define AES_BYTE_SWAP 102 #endif 103 104 #ifndef __amd64 105 /* 106 * Constant tables 107 */ 108 109 /* 110 * Te0[x] = S [x].[02, 01, 01, 03]; 111 * Te1[x] = S [x].[03, 02, 01, 01]; 112 * Te2[x] = S [x].[01, 03, 02, 01]; 113 * Te3[x] = S [x].[01, 01, 03, 02]; 114 * Te4[x] = S [x].[01, 01, 01, 01]; 115 * 116 * Td0[x] = Si[x].[0e, 09, 0d, 0b]; 117 * Td1[x] = Si[x].[0b, 0e, 09, 0d]; 118 * Td2[x] = Si[x].[0d, 0b, 0e, 09]; 119 * Td3[x] = Si[x].[09, 0d, 0b, 0e]; 120 * Td4[x] = Si[x].[01, 01, 01, 01]; 121 */ 122 123 /* Encrypt Sbox constants (for the substitute bytes operation) */ 124 125 static const uint32_t Te0[256] = 126 { 127 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 128 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 129 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 130 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 131 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 132 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 133 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 134 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 135 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 136 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 137 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 138 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 139 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 140 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 141 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 142 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 143 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 144 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 145 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 146 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 147 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 148 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 149 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 150 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 151 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 152 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 153 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 154 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 155 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 156 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 157 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 158 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 159 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 160 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 161 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 162 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 163 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 164 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 165 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 166 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 167 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 168 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 169 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 170 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 171 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 172 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 173 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 174 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 175 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 176 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 177 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 178 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 179 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 180 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 181 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 182 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 183 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 184 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 185 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 186 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 187 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 188 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 189 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 190 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU 191 }; 192 193 194 static const uint32_t Te1[256] = 195 { 196 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, 197 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, 198 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, 199 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, 200 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, 201 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, 202 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, 203 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, 204 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, 205 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, 206 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, 207 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, 208 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, 209 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, 210 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, 211 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, 212 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, 213 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, 214 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, 215 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, 216 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, 217 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, 218 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, 219 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, 220 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, 221 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, 222 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, 223 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, 224 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, 225 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, 226 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, 227 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, 228 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, 229 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, 230 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, 231 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, 232 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, 233 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, 234 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, 235 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, 236 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, 237 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, 238 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, 239 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, 240 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, 241 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, 242 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, 243 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, 244 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, 245 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, 246 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, 247 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, 248 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, 249 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, 250 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, 251 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, 252 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, 253 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, 254 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, 255 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, 256 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, 257 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, 258 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, 259 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U 260 }; 261 262 263 static const uint32_t Te2[256] = 264 { 265 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, 266 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, 267 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, 268 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, 269 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, 270 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, 271 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, 272 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, 273 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, 274 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, 275 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, 276 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, 277 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, 278 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, 279 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, 280 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, 281 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, 282 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, 283 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, 284 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, 285 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, 286 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, 287 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, 288 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, 289 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, 290 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, 291 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, 292 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, 293 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, 294 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, 295 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, 296 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, 297 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, 298 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, 299 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, 300 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, 301 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, 302 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, 303 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, 304 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, 305 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, 306 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, 307 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, 308 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, 309 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, 310 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, 311 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, 312 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, 313 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, 314 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, 315 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, 316 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, 317 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, 318 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, 319 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, 320 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, 321 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, 322 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, 323 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, 324 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, 325 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, 326 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, 327 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, 328 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U 329 }; 330 331 332 static const uint32_t Te3[256] = 333 { 334 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 335 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 336 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, 337 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, 338 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, 339 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, 340 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, 341 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, 342 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, 343 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, 344 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, 345 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, 346 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, 347 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, 348 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, 349 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, 350 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, 351 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, 352 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, 353 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, 354 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, 355 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, 356 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, 357 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, 358 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, 359 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, 360 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, 361 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, 362 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, 363 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, 364 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, 365 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, 366 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, 367 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, 368 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, 369 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, 370 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, 371 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, 372 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, 373 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, 374 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, 375 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, 376 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, 377 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, 378 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, 379 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, 380 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, 381 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, 382 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, 383 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, 384 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, 385 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, 386 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, 387 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, 388 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, 389 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, 390 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, 391 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, 392 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, 393 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, 394 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, 395 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, 396 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 397 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU 398 }; 399 400 static const uint32_t Te4[256] = 401 { 402 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, 403 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, 404 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, 405 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, 406 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, 407 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, 408 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, 409 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, 410 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, 411 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, 412 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, 413 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, 414 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, 415 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, 416 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, 417 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, 418 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, 419 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, 420 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, 421 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, 422 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, 423 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, 424 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, 425 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, 426 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, 427 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, 428 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, 429 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, 430 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, 431 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, 432 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, 433 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, 434 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, 435 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, 436 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, 437 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, 438 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, 439 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, 440 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, 441 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, 442 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, 443 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, 444 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, 445 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, 446 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, 447 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, 448 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, 449 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, 450 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, 451 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, 452 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, 453 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, 454 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, 455 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, 456 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, 457 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, 458 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, 459 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, 460 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, 461 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, 462 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, 463 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, 464 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, 465 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U 466 }; 467 468 /* Decrypt Sbox constants (for the substitute bytes operation) */ 469 470 static const uint32_t Td0[256] = 471 { 472 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 473 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 474 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 475 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 476 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 477 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 478 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 479 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 480 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 481 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 482 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 483 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 484 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 485 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 486 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 487 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 488 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 489 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 490 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 491 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 492 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 493 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 494 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 495 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 496 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 497 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 498 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 499 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 500 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 501 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 502 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 503 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 504 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 505 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 506 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 507 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 508 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 509 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 510 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 511 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 512 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 513 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 514 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 515 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 516 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 517 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 518 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 519 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 520 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 521 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 522 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 523 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 524 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 525 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 526 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 527 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 528 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 529 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 530 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 531 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 532 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 533 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 534 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 535 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U 536 }; 537 538 static const uint32_t Td1[256] = 539 { 540 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, 541 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, 542 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, 543 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, 544 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, 545 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, 546 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, 547 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, 548 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, 549 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, 550 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, 551 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, 552 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, 553 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, 554 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, 555 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, 556 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, 557 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, 558 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, 559 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, 560 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, 561 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, 562 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, 563 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, 564 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, 565 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, 566 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, 567 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, 568 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, 569 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, 570 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, 571 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, 572 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, 573 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, 574 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, 575 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, 576 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, 577 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, 578 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, 579 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, 580 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, 581 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, 582 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, 583 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, 584 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, 585 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, 586 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, 587 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, 588 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, 589 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, 590 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, 591 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, 592 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, 593 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, 594 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, 595 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, 596 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, 597 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, 598 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, 599 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, 600 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, 601 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, 602 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, 603 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U 604 }; 605 606 static const uint32_t Td2[256] = 607 { 608 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, 609 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, 610 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, 611 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, 612 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, 613 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, 614 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, 615 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, 616 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, 617 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, 618 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, 619 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, 620 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, 621 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, 622 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, 623 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, 624 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, 625 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, 626 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, 627 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, 628 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, 629 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, 630 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, 631 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, 632 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, 633 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, 634 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, 635 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, 636 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, 637 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, 638 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, 639 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, 640 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, 641 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, 642 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, 643 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, 644 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, 645 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, 646 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, 647 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, 648 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, 649 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, 650 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, 651 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, 652 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, 653 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, 654 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, 655 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, 656 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, 657 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, 658 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, 659 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, 660 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, 661 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, 662 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, 663 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, 664 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, 665 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, 666 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, 667 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, 668 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, 669 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, 670 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, 671 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U 672 }; 673 674 static const uint32_t Td3[256] = 675 { 676 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, 677 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, 678 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, 679 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, 680 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, 681 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, 682 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, 683 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, 684 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, 685 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, 686 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, 687 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, 688 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, 689 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, 690 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, 691 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, 692 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, 693 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, 694 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, 695 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, 696 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, 697 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, 698 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, 699 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, 700 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, 701 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, 702 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, 703 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, 704 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, 705 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, 706 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, 707 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, 708 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, 709 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, 710 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, 711 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, 712 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, 713 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, 714 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, 715 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, 716 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, 717 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, 718 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, 719 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, 720 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, 721 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, 722 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, 723 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, 724 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, 725 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, 726 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, 727 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, 728 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, 729 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, 730 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, 731 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, 732 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, 733 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, 734 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, 735 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, 736 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, 737 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, 738 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, 739 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U 740 }; 741 742 743 static const uint32_t Td4[256] = 744 { 745 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, 746 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, 747 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, 748 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, 749 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, 750 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, 751 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, 752 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, 753 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, 754 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, 755 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, 756 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, 757 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, 758 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, 759 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, 760 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, 761 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, 762 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, 763 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, 764 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, 765 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, 766 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, 767 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, 768 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, 769 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, 770 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, 771 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, 772 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, 773 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, 774 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, 775 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, 776 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, 777 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, 778 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, 779 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, 780 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, 781 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, 782 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, 783 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, 784 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, 785 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, 786 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, 787 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, 788 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, 789 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, 790 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, 791 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, 792 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, 793 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, 794 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, 795 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, 796 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, 797 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, 798 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, 799 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, 800 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, 801 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, 802 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, 803 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, 804 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, 805 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, 806 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, 807 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, 808 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU 809 }; 810 811 /* Rcon is Round Constant; used for encryption key expansion */ 812 static const uint32_t rcon[RC_LENGTH] = 813 { 814 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 815 0x01000000, 0x02000000, 0x04000000, 0x08000000, 816 0x10000000, 0x20000000, 0x40000000, 0x80000000, 817 0x1B000000, 0x36000000 818 }; 819 820 821 /* 822 * Expand the cipher key into the encryption key schedule. 823 * 824 * Return the number of rounds for the given cipher key size. 825 * The size of the key schedule depends on the number of rounds 826 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 827 * 828 * Parameters: 829 * rk AES key schedule 32-bit array to be initialized 830 * cipherKey User key 831 * keyBits AES key size (128, 192, or 256 bits) 832 */ 833 static int 834 rijndael_key_setup_enc_raw(uint32_t rk[], const uint32_t cipherKey[], 835 int keyBits) 836 { 837 int i = 0; 838 uint32_t temp; 839 840 rk[0] = cipherKey[0]; 841 rk[1] = cipherKey[1]; 842 rk[2] = cipherKey[2]; 843 rk[3] = cipherKey[3]; 844 845 if (keyBits == 128) { 846 for (;;) { 847 temp = rk[3]; 848 rk[4] = rk[0] ^ 849 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 850 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 851 (Te4[temp & 0xff] & 0x0000ff00) ^ 852 (Te4[temp >> 24] & 0x000000ff) ^ 853 rcon[i]; 854 rk[5] = rk[1] ^ rk[4]; 855 rk[6] = rk[2] ^ rk[5]; 856 rk[7] = rk[3] ^ rk[6]; 857 858 if (++i == 10) { 859 return (10); 860 } 861 rk += 4; 862 } 863 } 864 865 rk[4] = cipherKey[4]; 866 rk[5] = cipherKey[5]; 867 868 if (keyBits == 192) { 869 for (;;) { 870 temp = rk[5]; 871 rk[6] = rk[0] ^ 872 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 873 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 874 (Te4[temp & 0xff] & 0x0000ff00) ^ 875 (Te4[temp >> 24] & 0x000000ff) ^ 876 rcon[i]; 877 rk[7] = rk[1] ^ rk[6]; 878 rk[8] = rk[2] ^ rk[7]; 879 rk[9] = rk[3] ^ rk[8]; 880 881 if (++i == 8) { 882 return (12); 883 } 884 885 rk[10] = rk[4] ^ rk[9]; 886 rk[11] = rk[5] ^ rk[10]; 887 rk += 6; 888 } 889 } 890 891 rk[6] = cipherKey[6]; 892 rk[7] = cipherKey[7]; 893 894 if (keyBits == 256) { 895 for (;;) { 896 temp = rk[7]; 897 rk[8] = rk[0] ^ 898 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ 899 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ 900 (Te4[temp & 0xff] & 0x0000ff00) ^ 901 (Te4[temp >> 24] & 0x000000ff) ^ 902 rcon[i]; 903 rk[9] = rk[1] ^ rk[8]; 904 rk[10] = rk[2] ^ rk[9]; 905 rk[11] = rk[3] ^ rk[10]; 906 907 if (++i == 7) { 908 return (14); 909 } 910 temp = rk[11]; 911 rk[12] = rk[4] ^ 912 (Te4[temp >> 24] & 0xff000000) ^ 913 (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ 914 (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ 915 (Te4[temp & 0xff] & 0x000000ff); 916 rk[13] = rk[5] ^ rk[12]; 917 rk[14] = rk[6] ^ rk[13]; 918 rk[15] = rk[7] ^ rk[14]; 919 920 rk += 8; 921 } 922 } 923 924 return (0); 925 } 926 #endif /* !__amd64 */ 927 928 929 #ifdef sun4u 930 931 /* 932 * Expand the cipher key into the encryption key schedule. 933 * by the sun4u optimized assembly implementation. 934 * 935 * Return the number of rounds for the given cipher key size. 936 * The size of the key schedule depends on the number of rounds 937 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 938 * 939 * Parameters: 940 * rk AES key schedule 64-bit array to be initialized 941 * cipherKey User key 942 * keyBits AES key size (128, 192, or 256 bits) 943 */ 944 static int 945 rijndael_key_setup_enc(uint64_t rk[], const uint32_t cipherKey[], int keyBits) 946 { 947 uint32_t rk1[4 * (MAX_AES_NR + 1)]; 948 uint64_t *rk64 = (uint64_t *)rk; 949 uint32_t *rkt; 950 uint64_t t; 951 int i, Nr; 952 953 Nr = rijndael_key_setup_enc_raw(rk1, cipherKey, keyBits); 954 955 for (i = 0; i < 4 * Nr; i++) { 956 t = (uint64_t)(rk1[i]); 957 rk64[i] = ((t & 0xff000000) << 11) | 958 ((t & 0xff0000) << 8) | 959 ((t & 0xffff) << 3); 960 } 961 962 rkt = (uint32_t *)(&(rk64[4 * Nr])); 963 964 for (i = 0; i < 4; i++) { 965 rkt[i] = rk1[4 * Nr+i]; 966 } 967 968 return (Nr); 969 } 970 971 972 /* 973 * Expand the cipher key into the decryption key schedule as used 974 * by the sun4u optimized assembly implementation. 975 * 976 * Return the number of rounds for the given cipher key size. 977 * The size of the key schedule depends on the number of rounds 978 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 979 * 980 * Parameters: 981 * rk AES key schedule 32-bit array to be initialized 982 * cipherKey User key 983 * keyBits AES key size (128, 192, or 256 bits) 984 */ 985 static int 986 rijndael_key_setup_dec_raw(uint32_t rk[], const uint32_t cipherKey[], 987 int keyBits) 988 { 989 int Nr, i; 990 uint32_t temp; 991 992 /* expand the cipher key: */ 993 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits); 994 995 /* invert the order of the round keys: */ 996 997 for (i = 0; i < 2 * Nr + 2; i++) { 998 temp = rk[i]; 999 rk[i] = rk[4 * Nr - i + 3]; 1000 rk[4 * Nr - i + 3] = temp; 1001 } 1002 1003 /* 1004 * apply the inverse MixColumn transform to all 1005 * round keys but the first and the last: 1006 */ 1007 for (i = 1; i < Nr; i++) { 1008 rk += 4; 1009 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^ 1010 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ 1011 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ 1012 Td3[Te4[rk[0] & 0xff] & 0xff]; 1013 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^ 1014 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ 1015 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ 1016 Td3[Te4[rk[1] & 0xff] & 0xff]; 1017 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^ 1018 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ 1019 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ 1020 Td3[Te4[rk[2] & 0xff] & 0xff]; 1021 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^ 1022 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ 1023 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ 1024 Td3[Te4[rk[3] & 0xff] & 0xff]; 1025 } 1026 1027 return (Nr); 1028 } 1029 1030 1031 /* 1032 * The size of the key schedule depends on the number of rounds 1033 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1034 * 1035 * Parameters: 1036 * rk AES key schedule 64-bit array to be initialized 1037 * cipherKey User key 1038 * keyBits AES key size (128, 192, or 256 bits) 1039 */ 1040 static int 1041 rijndael_key_setup_dec(uint64_t rk[], const uint32_t cipherKey[], int keyBits) 1042 { 1043 uint32_t rk1[4 * (MAX_AES_NR + 1)]; 1044 uint64_t *rk64 = (uint64_t *)rk; 1045 uint32_t *rkt; 1046 uint64_t t; 1047 int i, Nr; 1048 1049 Nr = rijndael_key_setup_dec_raw(rk1, cipherKey, keyBits); 1050 for (i = 0; i < 4 * Nr; i++) { 1051 t = (uint64_t)(rk1[i]); 1052 rk64[i] = ((t & 0xff000000) << 11) | 1053 ((t & 0xff0000) << 8) | 1054 ((t & 0xffff) << 3); 1055 } 1056 1057 rkt = (uint32_t *)(&(rk64[4 * Nr])); 1058 1059 for (i = 0; i < 4; i++) { 1060 rkt[i] = rk1[4 * Nr + i]; 1061 } 1062 1063 return (Nr); 1064 } 1065 1066 1067 /* 1068 * Expand the 64-bit AES cipher key array into the encryption and decryption 1069 * key schedules. 1070 * 1071 * Parameters: 1072 * key AES key schedule to be initialized 1073 * keyarr32 User key 1074 * keyBits AES key size (128, 192, or 256 bits) 1075 */ 1076 static void 1077 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits) 1078 { 1079 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks64[0]), keyarr32, 1080 keybits); 1081 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks64[0]), keyarr32, 1082 keybits); 1083 key->type = AES_64BIT_KS; 1084 } 1085 1086 1087 #elif !defined(__amd64) 1088 1089 /* 1090 * Expand the cipher key into the decryption key schedule. 1091 * Return the number of rounds for the given cipher key size. 1092 * The size of the key schedule depends on the number of rounds 1093 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1094 * 1095 * Parameters: 1096 * rk AES key schedule 32-bit array to be initialized 1097 * cipherKey User key 1098 * keyBits AES key size (128, 192, or 256 bits) 1099 */ 1100 static int 1101 rijndael_key_setup_dec(uint32_t rk[], const uint32_t cipherKey[], int keyBits) 1102 { 1103 int Nr, i, j; 1104 uint32_t temp; 1105 1106 /* expand the cipher key: */ 1107 Nr = rijndael_key_setup_enc_raw(rk, cipherKey, keyBits); 1108 1109 /* invert the order of the round keys: */ 1110 for (i = 0, j = 4 * Nr; i < j; i += 4, j -= 4) { 1111 temp = rk[i]; 1112 rk[i] = rk[j]; 1113 rk[j] = temp; 1114 temp = rk[i + 1]; 1115 rk[i + 1] = rk[j + 1]; 1116 rk[j + 1] = temp; 1117 temp = rk[i + 2]; 1118 rk[i + 2] = rk[j + 2]; 1119 rk[j + 2] = temp; 1120 temp = rk[i + 3]; 1121 rk[i + 3] = rk[j + 3]; 1122 rk[j + 3] = temp; 1123 } 1124 1125 /* 1126 * apply the inverse MixColumn transform to all 1127 * round keys but the first and the last: 1128 */ 1129 for (i = 1; i < Nr; i++) { 1130 rk += 4; 1131 rk[0] = Td0[Te4[rk[0] >> 24] & 0xff] ^ 1132 Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ 1133 Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ 1134 Td3[Te4[rk[0] & 0xff] & 0xff]; 1135 rk[1] = Td0[Te4[rk[1] >> 24] & 0xff] ^ 1136 Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ 1137 Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ 1138 Td3[Te4[rk[1] & 0xff] & 0xff]; 1139 rk[2] = Td0[Te4[rk[2] >> 24] & 0xff] ^ 1140 Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ 1141 Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ 1142 Td3[Te4[rk[2] & 0xff] & 0xff]; 1143 rk[3] = Td0[Te4[rk[3] >> 24] & 0xff] ^ 1144 Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ 1145 Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ 1146 Td3[Te4[rk[3] & 0xff] & 0xff]; 1147 } 1148 1149 return (Nr); 1150 } 1151 1152 1153 /* 1154 * Encrypt one block of data. The block is assumed to be an array 1155 * of four uint32_t values, so copy for alignment (and byte-order 1156 * reversal for little endian systems might be necessary on the 1157 * input and output byte streams. 1158 * The size of the key schedule depends on the number of rounds 1159 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1160 * 1161 * Parameters: 1162 * rk Key schedule, of aes_ks_t (60 32-bit integers) 1163 * Nr Number of rounds 1164 * pt Input block (plain text) 1165 * ct Output block (crypto text). Can overlap with pt 1166 */ 1167 static void 1168 rijndael_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4], 1169 uint32_t ct[4]) 1170 { 1171 uint32_t s0, s1, s2, s3, t0, t1, t2, t3; 1172 int r; 1173 1174 /* 1175 * map byte array block to cipher state 1176 * and add initial round key: 1177 */ 1178 1179 s0 = pt[0] ^ rk[0]; 1180 s1 = pt[1] ^ rk[1]; 1181 s2 = pt[2] ^ rk[2]; 1182 s3 = pt[3] ^ rk[3]; 1183 1184 /* 1185 * Nr - 1 full rounds: 1186 */ 1187 1188 r = Nr >> 1; 1189 1190 for (;;) { 1191 t0 = Te0[s0 >> 24] ^ 1192 Te1[(s1 >> 16) & 0xff] ^ 1193 Te2[(s2 >> 8) & 0xff] ^ 1194 Te3[s3 & 0xff] ^ 1195 rk[4]; 1196 1197 t1 = Te0[s1 >> 24] ^ 1198 Te1[(s2 >> 16) & 0xff] ^ 1199 Te2[(s3 >> 8) & 0xff] ^ 1200 Te3[s0 & 0xff] ^ 1201 rk[5]; 1202 1203 t2 = Te0[s2 >> 24] ^ 1204 Te1[(s3 >> 16) & 0xff] ^ 1205 Te2[(s0 >> 8) & 0xff] ^ 1206 Te3[s1 & 0xff] ^ 1207 rk[6]; 1208 1209 t3 = Te0[s3 >> 24] ^ 1210 Te1[(s0 >> 16) & 0xff] ^ 1211 Te2[(s1 >> 8) & 0xff] ^ 1212 Te3[s2 & 0xff] ^ 1213 rk[7]; 1214 1215 rk += 8; 1216 1217 if (--r == 0) { 1218 break; 1219 } 1220 1221 s0 = Te0[t0 >> 24] ^ 1222 Te1[(t1 >> 16) & 0xff] ^ 1223 Te2[(t2 >> 8) & 0xff] ^ 1224 Te3[t3 & 0xff] ^ 1225 rk[0]; 1226 1227 s1 = Te0[t1 >> 24] ^ 1228 Te1[(t2 >> 16) & 0xff] ^ 1229 Te2[(t3 >> 8) & 0xff] ^ 1230 Te3[t0 & 0xff] ^ 1231 rk[1]; 1232 1233 s2 = Te0[t2 >> 24] ^ 1234 Te1[(t3 >> 16) & 0xff] ^ 1235 Te2[(t0 >> 8) & 0xff] ^ 1236 Te3[t1 & 0xff] ^ 1237 rk[2]; 1238 1239 s3 = Te0[t3 >> 24] ^ 1240 Te1[(t0 >> 16) & 0xff] ^ 1241 Te2[(t1 >> 8) & 0xff] ^ 1242 Te3[t2 & 0xff] ^ 1243 rk[3]; 1244 } 1245 1246 /* 1247 * apply last round and 1248 * map cipher state to byte array block: 1249 */ 1250 1251 s0 = (Te4[(t0 >> 24)] & 0xff000000) ^ 1252 (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1253 (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1254 (Te4[t3 & 0xff] & 0x000000ff) ^ 1255 rk[0]; 1256 ct[0] = s0; 1257 1258 s1 = (Te4[(t1 >> 24)] & 0xff000000) ^ 1259 (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1260 (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1261 (Te4[t0 & 0xff] & 0x000000ff) ^ 1262 rk[1]; 1263 ct[1] = s1; 1264 1265 s2 = (Te4[(t2 >> 24)] & 0xff000000) ^ 1266 (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1267 (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1268 (Te4[t1 & 0xff] & 0x000000ff) ^ 1269 rk[2]; 1270 ct[2] = s2; 1271 1272 s3 = (Te4[(t3 >> 24)] & 0xff000000) ^ 1273 (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1274 (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1275 (Te4[t2 & 0xff] & 0x000000ff) ^ 1276 rk[3]; 1277 ct[3] = s3; 1278 } 1279 1280 1281 /* 1282 * Decrypt one block of data. The block is assumed to be an array 1283 * of four uint32_t values, so copy for alignment (and byte-order 1284 * reversal for little endian systems might be necessary on the 1285 * input and output byte streams. 1286 * The size of the key schedule depends on the number of rounds 1287 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 1288 * 1289 * Parameters: 1290 * rk Key schedule, of aes_ks_t (60 32-bit integers) 1291 * Nr Number of rounds 1292 * ct Input block (crypto text) 1293 * pt Output block (plain text). Can overlap with pt 1294 */ 1295 static void 1296 rijndael_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4], 1297 uint32_t pt[4]) 1298 { 1299 uint32_t s0, s1, s2, s3, t0, t1, t2, t3; 1300 int r; 1301 1302 /* 1303 * map byte array block to cipher state 1304 * and add initial round key: 1305 */ 1306 s0 = ct[0] ^ rk[0]; 1307 s1 = ct[1] ^ rk[1]; 1308 s2 = ct[2] ^ rk[2]; 1309 s3 = ct[3] ^ rk[3]; 1310 1311 /* 1312 * Nr - 1 full rounds: 1313 */ 1314 1315 r = Nr >> 1; 1316 1317 for (;;) { 1318 t0 = Td0[s0 >> 24] ^ 1319 Td1[(s3 >> 16) & 0xff] ^ 1320 Td2[(s2 >> 8) & 0xff] ^ 1321 Td3[s1 & 0xff] ^ 1322 rk[4]; 1323 1324 t1 = Td0[s1 >> 24] ^ 1325 Td1[(s0 >> 16) & 0xff] ^ 1326 Td2[(s3 >> 8) & 0xff] ^ 1327 Td3[s2 & 0xff] ^ 1328 rk[5]; 1329 1330 t2 = Td0[s2 >> 24] ^ 1331 Td1[(s1 >> 16) & 0xff] ^ 1332 Td2[(s0 >> 8) & 0xff] ^ 1333 Td3[s3 & 0xff] ^ 1334 rk[6]; 1335 1336 t3 = Td0[s3 >> 24] ^ 1337 Td1[(s2 >> 16) & 0xff] ^ 1338 Td2[(s1 >> 8) & 0xff] ^ 1339 Td3[s0 & 0xff] ^ 1340 rk[7]; 1341 1342 rk += 8; 1343 1344 if (--r == 0) { 1345 break; 1346 } 1347 1348 s0 = Td0[t0 >> 24] ^ 1349 Td1[(t3 >> 16) & 0xff] ^ 1350 Td2[(t2 >> 8) & 0xff] ^ 1351 Td3[t1 & 0xff] ^ 1352 rk[0]; 1353 1354 s1 = Td0[t1 >> 24] ^ 1355 Td1[(t0 >> 16) & 0xff] ^ 1356 Td2[(t3 >> 8) & 0xff] ^ 1357 Td3[t2 & 0xff] ^ 1358 rk[1]; 1359 1360 s2 = Td0[t2 >> 24] ^ 1361 Td1[(t1 >> 16) & 0xff] ^ 1362 Td2[(t0 >> 8) & 0xff] ^ 1363 Td3[t3 & 0xff] ^ 1364 rk[2]; 1365 1366 s3 = Td0[t3 >> 24] ^ 1367 Td1[(t2 >> 16) & 0xff] ^ 1368 Td2[(t1 >> 8) & 0xff] ^ 1369 Td3[t0 & 0xff] ^ 1370 rk[3]; 1371 } 1372 1373 /* 1374 * apply last round and 1375 * map cipher state to byte array block: 1376 */ 1377 1378 s0 = (Td4[t0 >> 24] & 0xff000000) ^ 1379 (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ 1380 (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ 1381 (Td4[t1 & 0xff] & 0x000000ff) ^ 1382 rk[0]; 1383 pt[0] = s0; 1384 1385 s1 = (Td4[t1 >> 24] & 0xff000000) ^ 1386 (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ 1387 (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ 1388 (Td4[t2 & 0xff] & 0x000000ff) ^ 1389 rk[1]; 1390 pt[1] = s1; 1391 1392 s2 = (Td4[t2 >> 24] & 0xff000000) ^ 1393 (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ 1394 (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ 1395 (Td4[t3 & 0xff] & 0x000000ff) ^ 1396 rk[2]; 1397 pt[2] = s2; 1398 1399 s3 = (Td4[t3 >> 24] & 0xff000000) ^ 1400 (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ 1401 (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ 1402 (Td4[t0 & 0xff] & 0x000000ff) ^ 1403 rk[3]; 1404 pt[3] = s3; 1405 } 1406 #endif /* sun4u, !__amd64 */ 1407 1408 #ifndef sun4u 1409 /* 1410 * Expand the 32-bit AES cipher key array into the encryption and decryption 1411 * key schedules. 1412 * 1413 * Parameters: 1414 * key AES key schedule to be initialized 1415 * keyarr32 User key 1416 * keyBits AES key size (128, 192, or 256 bits) 1417 */ 1418 static void 1419 aes_setupkeys(aes_key_t *key, const uint32_t *keyarr32, int keybits) 1420 { 1421 key->nr = rijndael_key_setup_enc(&(key->encr_ks.ks32[0]), keyarr32, 1422 keybits); 1423 key->nr = rijndael_key_setup_dec(&(key->decr_ks.ks32[0]), keyarr32, 1424 keybits); 1425 key->type = AES_32BIT_KS; 1426 } 1427 #endif /* sun4u */ 1428 /* EXPORT DELETE END */ 1429 1430 1431 /* 1432 * Initialize key schedules for AES 1433 * 1434 * Parameters: 1435 * cipherKey User key 1436 * keyBits AES key size (128, 192, or 256 bits) 1437 * keysched AES key schedule to be initialized, of type aes_key_t. 1438 * Allocated by aes_alloc_keysched(). 1439 */ 1440 void 1441 aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, void *keysched) 1442 { 1443 /* EXPORT DELETE START */ 1444 aes_key_t *newbie = keysched; 1445 uint_t keysize, i, j; 1446 union { 1447 uint64_t ka64[4]; 1448 uint32_t ka32[8]; 1449 } keyarr; 1450 1451 switch (keyBits) { 1452 case 128: 1453 newbie->nr = 10; 1454 break; 1455 1456 case 192: 1457 newbie->nr = 12; 1458 break; 1459 1460 case 256: 1461 newbie->nr = 14; 1462 break; 1463 1464 default: 1465 /* should never get here */ 1466 return; 1467 } 1468 keysize = keyBits >> 3; 1469 1470 /* 1471 * For _LITTLE_ENDIAN machines (except AMD64), reverse every 1472 * 4 bytes in the key. On _BIG_ENDIAN and AMD64, copy the key 1473 * without reversing bytes. 1474 * For AMD64, do not byte swap for aes_setupkeys(). 1475 * 1476 * SPARCv8/v9 uses a key schedule array with 64-bit elements. 1477 * X86/AMD64 uses a key schedule array with 32-bit elements. 1478 */ 1479 #ifndef AES_BYTE_SWAP 1480 if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) { 1481 for (i = 0, j = 0; j < keysize; i++, j += 8) { 1482 /* LINTED: pointer alignment */ 1483 keyarr.ka64[i] = *((uint64_t *)&cipherKey[j]); 1484 } 1485 } else { 1486 bcopy(cipherKey, keyarr.ka32, keysize); 1487 } 1488 1489 #else /* byte swap */ 1490 for (i = 0, j = 0; j < keysize; i++, j += 4) { 1491 keyarr.ka32[i] = htonl(*(uint32_t *)&cipherKey[j]); 1492 } 1493 #endif 1494 1495 aes_setupkeys(newbie, keyarr.ka32, keyBits); 1496 /* EXPORT DELETE END */ 1497 } 1498 1499 /* 1500 * Encrypt one block using AES. 1501 * Align if needed and (for x86 32-bit only) byte-swap. 1502 * 1503 * Parameters: 1504 * ks Key schedule, of type aes_key_t 1505 * pt Input block (plain text) 1506 * ct Output block (crypto text). Can overlap with pt 1507 */ 1508 int 1509 aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct) 1510 { 1511 /* EXPORT DELETE START */ 1512 aes_key_t *ksch = (aes_key_t *)ks; 1513 1514 #ifndef AES_BYTE_SWAP 1515 if (IS_P2ALIGNED2(pt, ct, sizeof (uint32_t))) { 1516 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr, 1517 /* LINTED: pointer alignment */ 1518 (uint32_t *)pt, (uint32_t *)ct); 1519 } else { 1520 #endif 1521 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)]; 1522 1523 /* Copy input block into buffer */ 1524 #ifndef AES_BYTE_SWAP 1525 bcopy(pt, &buffer, AES_BLOCK_LEN); 1526 1527 #else /* byte swap */ 1528 buffer[0] = htonl(*(uint32_t *)&pt[0]); 1529 buffer[1] = htonl(*(uint32_t *)&pt[4]); 1530 buffer[2] = htonl(*(uint32_t *)&pt[8]); 1531 buffer[3] = htonl(*(uint32_t *)&pt[12]); 1532 #endif 1533 1534 AES_ENCRYPT_IMPL(&ksch->encr_ks.ks32[0], ksch->nr, 1535 buffer, buffer); 1536 1537 /* Copy result from buffer to output block */ 1538 #ifndef AES_BYTE_SWAP 1539 bcopy(&buffer, ct, AES_BLOCK_LEN); 1540 } 1541 1542 #else /* byte swap */ 1543 *(uint32_t *)&ct[0] = htonl(buffer[0]); 1544 *(uint32_t *)&ct[4] = htonl(buffer[1]); 1545 *(uint32_t *)&ct[8] = htonl(buffer[2]); 1546 *(uint32_t *)&ct[12] = htonl(buffer[3]); 1547 #endif 1548 /* EXPORT DELETE END */ 1549 return (CRYPTO_SUCCESS); 1550 } 1551 1552 /* 1553 * Decrypt one block using AES. 1554 * Align and byte-swap if needed. 1555 * 1556 * Parameters: 1557 * ks Key schedule, of type aes_key_t 1558 * ct Input block (crypto text) 1559 * pt Output block (plain text). Can overlap with pt 1560 */ 1561 int 1562 aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt) 1563 { 1564 /* EXPORT DELETE START */ 1565 aes_key_t *ksch = (aes_key_t *)ks; 1566 1567 #ifndef AES_BYTE_SWAP 1568 if (IS_P2ALIGNED2(ct, pt, sizeof (uint32_t))) { 1569 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr, 1570 /* LINTED: pointer alignment */ 1571 (uint32_t *)ct, (uint32_t *)pt); 1572 } else { 1573 #endif 1574 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)]; 1575 1576 /* Copy input block into buffer */ 1577 #ifndef AES_BYTE_SWAP 1578 bcopy(ct, &buffer, AES_BLOCK_LEN); 1579 1580 #else /* byte swap */ 1581 buffer[0] = htonl(*(uint32_t *)&ct[0]); 1582 buffer[1] = htonl(*(uint32_t *)&ct[4]); 1583 buffer[2] = htonl(*(uint32_t *)&ct[8]); 1584 buffer[3] = htonl(*(uint32_t *)&ct[12]); 1585 #endif 1586 1587 AES_DECRYPT_IMPL(&ksch->decr_ks.ks32[0], ksch->nr, 1588 buffer, buffer); 1589 1590 /* Copy result from buffer to output block */ 1591 #ifndef AES_BYTE_SWAP 1592 bcopy(&buffer, pt, AES_BLOCK_LEN); 1593 } 1594 1595 #else /* byte swap */ 1596 *(uint32_t *)&pt[0] = htonl(buffer[0]); 1597 *(uint32_t *)&pt[4] = htonl(buffer[1]); 1598 *(uint32_t *)&pt[8] = htonl(buffer[2]); 1599 *(uint32_t *)&pt[12] = htonl(buffer[3]); 1600 #endif 1601 1602 /* EXPORT DELETE END */ 1603 return (CRYPTO_SUCCESS); 1604 } 1605 1606 1607 /* 1608 * Allocate key schedule for AES. 1609 * 1610 * Return the pointer and set size to the number of bytes allocated. 1611 * Memory allocated must be freed by the caller when done. 1612 * 1613 * Parameters: 1614 * size Size of key schedule allocated, in bytes 1615 * kmflag Flag passed to kmem_alloc(9F); ignored in userland. 1616 */ 1617 /* ARGSUSED */ 1618 void * 1619 aes_alloc_keysched(size_t *size, int kmflag) 1620 { 1621 /* EXPORT DELETE START */ 1622 aes_key_t *keysched; 1623 1624 #ifdef _KERNEL 1625 keysched = (aes_key_t *)kmem_alloc(sizeof (aes_key_t), kmflag); 1626 #else /* !_KERNEL */ 1627 keysched = (aes_key_t *)malloc(sizeof (aes_key_t)); 1628 #endif /* _KERNEL */ 1629 1630 if (keysched != NULL) { 1631 *size = sizeof (aes_key_t); 1632 return (keysched); 1633 } 1634 /* EXPORT DELETE END */ 1635 return (NULL); 1636 } 1637 1638 void 1639 aes_copy_block(uint8_t *in, uint8_t *out) 1640 { 1641 if (IS_P2ALIGNED(in, sizeof (uint32_t)) && 1642 IS_P2ALIGNED(out, sizeof (uint32_t))) { 1643 /* LINTED: pointer alignment */ 1644 *(uint32_t *)&out[0] = *(uint32_t *)&in[0]; 1645 /* LINTED: pointer alignment */ 1646 *(uint32_t *)&out[4] = *(uint32_t *)&in[4]; 1647 /* LINTED: pointer alignment */ 1648 *(uint32_t *)&out[8] = *(uint32_t *)&in[8]; 1649 /* LINTED: pointer alignment */ 1650 *(uint32_t *)&out[12] = *(uint32_t *)&in[12]; 1651 } else { 1652 AES_COPY_BLOCK(in, out); 1653 } 1654 } 1655 1656 /* XOR block of data into dest */ 1657 void 1658 aes_xor_block(uint8_t *data, uint8_t *dst) 1659 { 1660 if (IS_P2ALIGNED(dst, sizeof (uint32_t)) && 1661 IS_P2ALIGNED(data, sizeof (uint32_t))) { 1662 /* LINTED: pointer alignment */ 1663 *(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0]; 1664 /* LINTED: pointer alignment */ 1665 *(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4]; 1666 /* LINTED: pointer alignment */ 1667 *(uint32_t *)&dst[8] ^= *(uint32_t *)&data[8]; 1668 /* LINTED: pointer alignment */ 1669 *(uint32_t *)&dst[12] ^= *(uint32_t *)&data[12]; 1670 } else { 1671 AES_XOR_BLOCK(data, dst); 1672 } 1673 } 1674 1675 /* 1676 * Encrypt multiple blocks of data according to mode. 1677 */ 1678 /* ARGSUSED */ 1679 int 1680 aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length, 1681 crypto_data_t *out) 1682 { 1683 aes_ctx_t *aes_ctx = ctx; 1684 int rv; 1685 1686 if (aes_ctx->ac_flags & CTR_MODE) { 1687 rv = ctr_mode_contiguous_blocks(ctx, data, length, out, 1688 AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block); 1689 #ifdef _KERNEL 1690 } else if (aes_ctx->ac_flags & CCM_MODE) { 1691 rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length, 1692 out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, 1693 aes_xor_block); 1694 #endif 1695 } else if (aes_ctx->ac_flags & CBC_MODE) { 1696 rv = cbc_encrypt_contiguous_blocks(ctx, 1697 data, length, out, AES_BLOCK_LEN, aes_encrypt_block, 1698 aes_copy_block, aes_xor_block); 1699 } else { 1700 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out, 1701 AES_BLOCK_LEN, aes_encrypt_block); 1702 } 1703 return (rv); 1704 } 1705 1706 /* 1707 * Decrypt multiple blocks of data according to mode. 1708 */ 1709 int 1710 aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length, 1711 crypto_data_t *out) 1712 { 1713 aes_ctx_t *aes_ctx = ctx; 1714 int rv; 1715 1716 if (aes_ctx->ac_flags & CTR_MODE) { 1717 rv = ctr_mode_contiguous_blocks(ctx, data, length, out, 1718 AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block); 1719 if (rv == CRYPTO_DATA_LEN_RANGE) 1720 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE; 1721 #ifdef _KERNEL 1722 } else if (aes_ctx->ac_flags & CCM_MODE) { 1723 rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length, 1724 out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block, 1725 aes_xor_block); 1726 #endif 1727 } else if (aes_ctx->ac_flags & CBC_MODE) { 1728 rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out, 1729 AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block, 1730 aes_xor_block); 1731 } else { 1732 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out, 1733 AES_BLOCK_LEN, aes_decrypt_block); 1734 if (rv == CRYPTO_DATA_LEN_RANGE) 1735 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE; 1736 } 1737 return (rv); 1738 } 1739