search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v9.0.0-rc3'
[qemu/ar7.git] / crypto / aes.c
blobdf4362ac6022eac2d736940f9a42a62561410ec8
1 /**
2 *
3 * aes.c - integrated in QEMU by Fabrice Bellard from the OpenSSL project.
4 */
5 /*
6 * rijndael-alg-fst.c
7 *
8 * @version 3.0 (December 2000)
9 *
10 * Optimised ANSI C code for the Rijndael cipher (now AES)
11 *
12 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
13 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
14 * @author Paulo Barreto <paulo.barreto@terra.com.br>
15 *
16 * This code is hereby placed in the public domain.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
19 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
25 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
26 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
27 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30 #include "qemu/osdep.h"
31 #include "qemu/bswap.h"
32 #include "qemu/bitops.h"
33 #include "crypto/aes.h"
34 #include "crypto/aes-round.h"
35
36 typedef uint32_t u32;
37 typedef uint8_t u8;
38
39 /* This controls loop-unrolling in aes_core.c */
40 #undef FULL_UNROLL
41 # define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
42 # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
43
44 const uint8_t AES_sbox[256] = {
45 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
46 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
47 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
48 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
49 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
50 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
51 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
52 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
53 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
54 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
55 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
56 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
57 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
58 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
59 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
60 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
61 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
62 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
63 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
64 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
65 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
66 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
67 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
68 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
69 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
70 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
71 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
72 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
73 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
74 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
75 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
76 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
77 };
78
79 const uint8_t AES_isbox[256] = {
80 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
81 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
82 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
83 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
84 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
85 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
86 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
87 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
88 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
89 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
90 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
91 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
92 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
93 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
94 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
95 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
96 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
97 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
98 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
99 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
100 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
101 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
102 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
103 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
104 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
105 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
106 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
107 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
108 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
109 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
110 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
111 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,
112 };
113
114 /* AES ShiftRows, for complete unrolling. */
115 #define AES_SH(X) (((X) * 5) & 15)
116
117 /* AES InvShiftRows, for complete unrolling. */
118 #define AES_ISH(X) (((X) * 13) & 15)
119
120 /*
121 * MixColumns lookup table, for use with rot32.
122 */
123 static const uint32_t AES_mc_rot[256] = {
124 0x00000000, 0x03010102, 0x06020204, 0x05030306,
125 0x0c040408, 0x0f05050a, 0x0a06060c, 0x0907070e,
126 0x18080810, 0x1b090912, 0x1e0a0a14, 0x1d0b0b16,
127 0x140c0c18, 0x170d0d1a, 0x120e0e1c, 0x110f0f1e,
128 0x30101020, 0x33111122, 0x36121224, 0x35131326,
129 0x3c141428, 0x3f15152a, 0x3a16162c, 0x3917172e,
130 0x28181830, 0x2b191932, 0x2e1a1a34, 0x2d1b1b36,
131 0x241c1c38, 0x271d1d3a, 0x221e1e3c, 0x211f1f3e,
132 0x60202040, 0x63212142, 0x66222244, 0x65232346,
133 0x6c242448, 0x6f25254a, 0x6a26264c, 0x6927274e,
134 0x78282850, 0x7b292952, 0x7e2a2a54, 0x7d2b2b56,
135 0x742c2c58, 0x772d2d5a, 0x722e2e5c, 0x712f2f5e,
136 0x50303060, 0x53313162, 0x56323264, 0x55333366,
137 0x5c343468, 0x5f35356a, 0x5a36366c, 0x5937376e,
138 0x48383870, 0x4b393972, 0x4e3a3a74, 0x4d3b3b76,
139 0x443c3c78, 0x473d3d7a, 0x423e3e7c, 0x413f3f7e,
140 0xc0404080, 0xc3414182, 0xc6424284, 0xc5434386,
141 0xcc444488, 0xcf45458a, 0xca46468c, 0xc947478e,
142 0xd8484890, 0xdb494992, 0xde4a4a94, 0xdd4b4b96,
143 0xd44c4c98, 0xd74d4d9a, 0xd24e4e9c, 0xd14f4f9e,
144 0xf05050a0, 0xf35151a2, 0xf65252a4, 0xf55353a6,
145 0xfc5454a8, 0xff5555aa, 0xfa5656ac, 0xf95757ae,
146 0xe85858b0, 0xeb5959b2, 0xee5a5ab4, 0xed5b5bb6,
147 0xe45c5cb8, 0xe75d5dba, 0xe25e5ebc, 0xe15f5fbe,
148 0xa06060c0, 0xa36161c2, 0xa66262c4, 0xa56363c6,
149 0xac6464c8, 0xaf6565ca, 0xaa6666cc, 0xa96767ce,
150 0xb86868d0, 0xbb6969d2, 0xbe6a6ad4, 0xbd6b6bd6,
151 0xb46c6cd8, 0xb76d6dda, 0xb26e6edc, 0xb16f6fde,
152 0x907070e0, 0x937171e2, 0x967272e4, 0x957373e6,
153 0x9c7474e8, 0x9f7575ea, 0x9a7676ec, 0x997777ee,
154 0x887878f0, 0x8b7979f2, 0x8e7a7af4, 0x8d7b7bf6,
155 0x847c7cf8, 0x877d7dfa, 0x827e7efc, 0x817f7ffe,
156 0x9b80801b, 0x98818119, 0x9d82821f, 0x9e83831d,
157 0x97848413, 0x94858511, 0x91868617, 0x92878715,
158 0x8388880b, 0x80898909, 0x858a8a0f, 0x868b8b0d,
159 0x8f8c8c03, 0x8c8d8d01, 0x898e8e07, 0x8a8f8f05,
160 0xab90903b, 0xa8919139, 0xad92923f, 0xae93933d,
161 0xa7949433, 0xa4959531, 0xa1969637, 0xa2979735,
162 0xb398982b, 0xb0999929, 0xb59a9a2f, 0xb69b9b2d,
163 0xbf9c9c23, 0xbc9d9d21, 0xb99e9e27, 0xba9f9f25,
164 0xfba0a05b, 0xf8a1a159, 0xfda2a25f, 0xfea3a35d,
165 0xf7a4a453, 0xf4a5a551, 0xf1a6a657, 0xf2a7a755,
166 0xe3a8a84b, 0xe0a9a949, 0xe5aaaa4f, 0xe6abab4d,
167 0xefacac43, 0xecadad41, 0xe9aeae47, 0xeaafaf45,
168 0xcbb0b07b, 0xc8b1b179, 0xcdb2b27f, 0xceb3b37d,
169 0xc7b4b473, 0xc4b5b571, 0xc1b6b677, 0xc2b7b775,
170 0xd3b8b86b, 0xd0b9b969, 0xd5baba6f, 0xd6bbbb6d,
171 0xdfbcbc63, 0xdcbdbd61, 0xd9bebe67, 0xdabfbf65,
172 0x5bc0c09b, 0x58c1c199, 0x5dc2c29f, 0x5ec3c39d,
173 0x57c4c493, 0x54c5c591, 0x51c6c697, 0x52c7c795,
174 0x43c8c88b, 0x40c9c989, 0x45caca8f, 0x46cbcb8d,
175 0x4fcccc83, 0x4ccdcd81, 0x49cece87, 0x4acfcf85,
176 0x6bd0d0bb, 0x68d1d1b9, 0x6dd2d2bf, 0x6ed3d3bd,
177 0x67d4d4b3, 0x64d5d5b1, 0x61d6d6b7, 0x62d7d7b5,
178 0x73d8d8ab, 0x70d9d9a9, 0x75dadaaf, 0x76dbdbad,
179 0x7fdcdca3, 0x7cdddda1, 0x79dedea7, 0x7adfdfa5,
180 0x3be0e0db, 0x38e1e1d9, 0x3de2e2df, 0x3ee3e3dd,
181 0x37e4e4d3, 0x34e5e5d1, 0x31e6e6d7, 0x32e7e7d5,
182 0x23e8e8cb, 0x20e9e9c9, 0x25eaeacf, 0x26ebebcd,
183 0x2fececc3, 0x2cededc1, 0x29eeeec7, 0x2aefefc5,
184 0x0bf0f0fb, 0x08f1f1f9, 0x0df2f2ff, 0x0ef3f3fd,
185 0x07f4f4f3, 0x04f5f5f1, 0x01f6f6f7, 0x02f7f7f5,
186 0x13f8f8eb, 0x10f9f9e9, 0x15fafaef, 0x16fbfbed,
187 0x1ffcfce3, 0x1cfdfde1, 0x19fefee7, 0x1affffe5,
188 };
189
190 /*
191 * Inverse MixColumns lookup table, for use with rot32.
192 */
193 static const uint32_t AES_imc_rot[256] = {
194 0x00000000, 0x0b0d090e, 0x161a121c, 0x1d171b12,
195 0x2c342438, 0x27392d36, 0x3a2e3624, 0x31233f2a,
196 0x58684870, 0x5365417e, 0x4e725a6c, 0x457f5362,
197 0x745c6c48, 0x7f516546, 0x62467e54, 0x694b775a,
198 0xb0d090e0, 0xbbdd99ee, 0xa6ca82fc, 0xadc78bf2,
199 0x9ce4b4d8, 0x97e9bdd6, 0x8afea6c4, 0x81f3afca,
200 0xe8b8d890, 0xe3b5d19e, 0xfea2ca8c, 0xf5afc382,
201 0xc48cfca8, 0xcf81f5a6, 0xd296eeb4, 0xd99be7ba,
202 0x7bbb3bdb, 0x70b632d5, 0x6da129c7, 0x66ac20c9,
203 0x578f1fe3, 0x5c8216ed, 0x41950dff, 0x4a9804f1,
204 0x23d373ab, 0x28de7aa5, 0x35c961b7, 0x3ec468b9,
205 0x0fe75793, 0x04ea5e9d, 0x19fd458f, 0x12f04c81,
206 0xcb6bab3b, 0xc066a235, 0xdd71b927, 0xd67cb029,
207 0xe75f8f03, 0xec52860d, 0xf1459d1f, 0xfa489411,
208 0x9303e34b, 0x980eea45, 0x8519f157, 0x8e14f859,
209 0xbf37c773, 0xb43ace7d, 0xa92dd56f, 0xa220dc61,
210 0xf66d76ad, 0xfd607fa3, 0xe07764b1, 0xeb7a6dbf,
211 0xda595295, 0xd1545b9b, 0xcc434089, 0xc74e4987,
212 0xae053edd, 0xa50837d3, 0xb81f2cc1, 0xb31225cf,
213 0x82311ae5, 0x893c13eb, 0x942b08f9, 0x9f2601f7,
214 0x46bde64d, 0x4db0ef43, 0x50a7f451, 0x5baafd5f,
215 0x6a89c275, 0x6184cb7b, 0x7c93d069, 0x779ed967,
216 0x1ed5ae3d, 0x15d8a733, 0x08cfbc21, 0x03c2b52f,
217 0x32e18a05, 0x39ec830b, 0x24fb9819, 0x2ff69117,
218 0x8dd64d76, 0x86db4478, 0x9bcc5f6a, 0x90c15664,
219 0xa1e2694e, 0xaaef6040, 0xb7f87b52, 0xbcf5725c,
220 0xd5be0506, 0xdeb30c08, 0xc3a4171a, 0xc8a91e14,
221 0xf98a213e, 0xf2872830, 0xef903322, 0xe49d3a2c,
222 0x3d06dd96, 0x360bd498, 0x2b1ccf8a, 0x2011c684,
223 0x1132f9ae, 0x1a3ff0a0, 0x0728ebb2, 0x0c25e2bc,
224 0x656e95e6, 0x6e639ce8, 0x737487fa, 0x78798ef4,
225 0x495ab1de, 0x4257b8d0, 0x5f40a3c2, 0x544daacc,
226 0xf7daec41, 0xfcd7e54f, 0xe1c0fe5d, 0xeacdf753,
227 0xdbeec879, 0xd0e3c177, 0xcdf4da65, 0xc6f9d36b,
228 0xafb2a431, 0xa4bfad3f, 0xb9a8b62d, 0xb2a5bf23,
229 0x83868009, 0x888b8907, 0x959c9215, 0x9e919b1b,
230 0x470a7ca1, 0x4c0775af, 0x51106ebd, 0x5a1d67b3,
231 0x6b3e5899, 0x60335197, 0x7d244a85, 0x7629438b,
232 0x1f6234d1, 0x146f3ddf, 0x097826cd, 0x02752fc3,
233 0x335610e9, 0x385b19e7, 0x254c02f5, 0x2e410bfb,
234 0x8c61d79a, 0x876cde94, 0x9a7bc586, 0x9176cc88,
235 0xa055f3a2, 0xab58faac, 0xb64fe1be, 0xbd42e8b0,
236 0xd4099fea, 0xdf0496e4, 0xc2138df6, 0xc91e84f8,
237 0xf83dbbd2, 0xf330b2dc, 0xee27a9ce, 0xe52aa0c0,
238 0x3cb1477a, 0x37bc4e74, 0x2aab5566, 0x21a65c68,
239 0x10856342, 0x1b886a4c, 0x069f715e, 0x0d927850,
240 0x64d90f0a, 0x6fd40604, 0x72c31d16, 0x79ce1418,
241 0x48ed2b32, 0x43e0223c, 0x5ef7392e, 0x55fa3020,
242 0x01b79aec, 0x0aba93e2, 0x17ad88f0, 0x1ca081fe,
243 0x2d83bed4, 0x268eb7da, 0x3b99acc8, 0x3094a5c6,
244 0x59dfd29c, 0x52d2db92, 0x4fc5c080, 0x44c8c98e,
245 0x75ebf6a4, 0x7ee6ffaa, 0x63f1e4b8, 0x68fcedb6,
246 0xb1670a0c, 0xba6a0302, 0xa77d1810, 0xac70111e,
247 0x9d532e34, 0x965e273a, 0x8b493c28, 0x80443526,
248 0xe90f427c, 0xe2024b72, 0xff155060, 0xf418596e,
249 0xc53b6644, 0xce366f4a, 0xd3217458, 0xd82c7d56,
250 0x7a0ca137, 0x7101a839, 0x6c16b32b, 0x671bba25,
251 0x5638850f, 0x5d358c01, 0x40229713, 0x4b2f9e1d,
252 0x2264e947, 0x2969e049, 0x347efb5b, 0x3f73f255,
253 0x0e50cd7f, 0x055dc471, 0x184adf63, 0x1347d66d,
254 0xcadc31d7, 0xc1d138d9, 0xdcc623cb, 0xd7cb2ac5,
255 0xe6e815ef, 0xede51ce1, 0xf0f207f3, 0xfbff0efd,
256 0x92b479a7, 0x99b970a9, 0x84ae6bbb, 0x8fa362b5,
257 0xbe805d9f, 0xb58d5491, 0xa89a4f83, 0xa397468d,
258 };
259
260
261 /*
262 AES_Te0[x] = S [x].[02, 01, 01, 03];
263 AES_Te1[x] = S [x].[03, 02, 01, 01];
264 AES_Te2[x] = S [x].[01, 03, 02, 01];
265 AES_Te3[x] = S [x].[01, 01, 03, 02];
266 AES_Te4[x] = S [x].[01, 01, 01, 01];
267
268 AES_Td0[x] = Si[x].[0e, 09, 0d, 0b];
269 AES_Td1[x] = Si[x].[0b, 0e, 09, 0d];
270 AES_Td2[x] = Si[x].[0d, 0b, 0e, 09];
271 AES_Td3[x] = Si[x].[09, 0d, 0b, 0e];
272 AES_Td4[x] = Si[x].[01, 01, 01, 01];
273 */
274
275 const uint32_t AES_Te0[256] = {
276 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
277 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
278 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
279 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
280 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
281 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
282 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
283 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
284 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
285 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
286 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
287 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
288 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
289 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
290 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
291 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
292 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
293 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
294 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
295 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
296 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
297 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
298 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
299 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
300 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
301 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
302 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
303 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
304 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
305 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
306 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
307 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
308 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
309 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
310 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
311 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
312 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
313 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
314 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
315 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
316 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
317 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
318 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
319 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
320 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
321 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
322 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
323 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
324 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
325 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
326 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
327 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
328 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
329 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
330 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
331 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
332 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
333 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
334 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
335 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
336 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
337 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
338 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
339 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
340 };
341
342 static const uint32_t AES_Te1[256] = {
343 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
344 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
345 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
346 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
347 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
348 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
349 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
350 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
351 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
352 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
353 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
354 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
355 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
356 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
357 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
358 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
359 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
360 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
361 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
362 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
363 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
364 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
365 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
366 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
367 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
368 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
369 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
370 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
371 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
372 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
373 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
374 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
375 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
376 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
377 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
378 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
379 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
380 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
381 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
382 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
383 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
384 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
385 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
386 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
387 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
388 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
389 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
390 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
391 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
392 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
393 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
394 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
395 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
396 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
397 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
398 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
399 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
400 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
401 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
402 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
403 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
404 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
405 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
406 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
407 };
408
409 static const uint32_t AES_Te2[256] = {
410 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
411 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
412 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
413 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
414 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
415 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
416 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
417 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
418 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
419 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
420 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
421 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
422 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
423 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
424 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
425 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
426 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
427 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
428 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
429 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
430 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
431 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
432 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
433 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
434 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
435 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
436 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
437 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
438 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
439 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
440 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
441 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
442 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
443 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
444 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
445 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
446 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
447 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
448 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
449 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
450 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
451 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
452 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
453 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
454 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
455 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
456 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
457 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
458 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
459 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
460 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
461 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
462 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
463 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
464 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
465 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
466 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
467 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
468 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
469 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
470 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
471 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
472 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
473 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
474 };
475
476 static const uint32_t AES_Te3[256] = {
477 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
478 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
479 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
480 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
481 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
482 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
483 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
484 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
485 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
486 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
487 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
488 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
489 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
490 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
491 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
492 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
493 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
494 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
495 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
496 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
497 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
498 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
499 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
500 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
501 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
502 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
503 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
504 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
505 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
506 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
507 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
508 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
509 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
510 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
511 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
512 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
513 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
514 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
515 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
516 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
517 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
518 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
519 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
520 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
521 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
522 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
523 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
524 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
525 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
526 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
527 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
528 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
529 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
530 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
531 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
532 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
533 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
534 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
535 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
536 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
537 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
538 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
539 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
540 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
541 };
542
543 static const uint32_t AES_Te4[256] = {
544 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
545 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
546 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
547 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
548 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
549 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
550 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
551 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
552 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
553 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
554 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
555 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
556 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
557 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
558 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
559 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
560 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
561 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
562 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
563 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
564 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
565 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
566 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
567 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
568 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
569 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
570 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
571 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
572 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
573 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
574 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
575 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
576 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
577 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
578 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
579 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
580 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
581 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
582 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
583 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
584 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
585 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
586 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
587 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
588 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
589 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
590 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
591 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
592 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
593 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
594 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
595 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
596 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
597 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
598 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
599 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
600 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
601 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
602 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
603 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
604 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
605 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
606 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
607 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
608 };
609
610 const uint32_t AES_Td0[256] = {
611 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
612 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
613 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
614 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
615 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
616 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
617 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
618 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
619 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
620 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
621 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
622 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
623 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
624 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
625 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
626 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
627 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
628 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
629 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
630 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
631 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
632 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
633 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
634 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
635 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
636 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
637 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
638 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
639 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
640 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
641 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
642 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
643 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
644 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
645 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
646 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
647 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
648 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
649 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
650 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
651 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
652 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
653 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
654 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
655 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
656 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
657 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
658 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
659 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
660 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
661 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
662 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
663 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
664 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
665 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
666 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
667 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
668 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
669 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
670 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
671 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
672 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
673 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
674 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
675 };
676
677 static const uint32_t AES_Td1[256] = {
678 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
679 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
680 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
681 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
682 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
683 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
684 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
685 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
686 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
687 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
688 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
689 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
690 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
691 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
692 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
693 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
694 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
695 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
696 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
697 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
698 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
699 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
700 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
701 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
702 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
703 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
704 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
705 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
706 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
707 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
708 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
709 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
710 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
711 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
712 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
713 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
714 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
715 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
716 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
717 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
718 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
719 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
720 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
721 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
722 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
723 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
724 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
725 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
726 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
727 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
728 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
729 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
730 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
731 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
732 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
733 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
734 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
735 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
736 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
737 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
738 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
739 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
740 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
741 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
742 };
743
744 static const uint32_t AES_Td2[256] = {
745 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
746 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
747 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
748 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
749 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
750 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
751 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
752 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
753 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
754 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
755 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
756 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
757 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
758 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
759 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
760 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
761 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
762 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
763 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
764 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
765
766 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
767 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
768 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
769 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
770 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
771 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
772 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
773 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
774 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
775 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
776 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
777 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
778 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
779 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
780 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
781 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
782 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
783 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
784 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
785 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
786 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
787 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
788 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
789 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
790 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
791 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
792 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
793 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
794 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
795 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
796 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
797 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
798 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
799 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
800 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
801 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
802 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
803 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
804 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
805 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
806 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
807 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
808 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
809 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
810 };
811
812 static const uint32_t AES_Td3[256] = {
813 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
814 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
815 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
816 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
817 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
818 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
819 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
820 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
821 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
822 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
823 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
824 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
825 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
826 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
827 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
828 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
829 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
830 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
831 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
832 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
833 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
834 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
835 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
836 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
837 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
838 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
839 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
840 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
841 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
842 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
843 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
844 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
845 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
846 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
847 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
848 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
849 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
850 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
851 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
852 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
853 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
854 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
855 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
856 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
857 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
858 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
859 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
860 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
861 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
862 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
863 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
864 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
865 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
866 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
867 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
868 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
869 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
870 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
871 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
872 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
873 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
874 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
875 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
876 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
877 };
878
879 static const uint32_t AES_Td4[256] = {
880 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
881 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
882 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
883 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
884 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
885 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
886 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
887 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
888 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
889 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
890 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
891 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
892 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
893 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
894 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
895 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
896 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
897 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
898 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
899 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
900 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
901 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
902 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
903 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
904 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
905 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
906 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
907 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
908 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
909 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
910 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
911 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
912 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
913 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
914 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
915 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
916 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
917 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
918 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
919 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
920 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
921 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
922 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
923 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
924 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
925 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
926 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
927 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
928 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
929 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
930 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
931 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
932 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
933 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
934 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
935 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
936 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
937 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
938 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
939 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
940 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
941 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
942 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
943 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
944 };
945
946 static const u32 rcon[] = {
947 0x01000000, 0x02000000, 0x04000000, 0x08000000,
948 0x10000000, 0x20000000, 0x40000000, 0x80000000,
949 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
950 };
951
952 /*
953 * Perform MixColumns.
954 */
955 static inline void
956 aesenc_MC_swap(AESState *r, const AESState *st, bool swap)
957 {
958 int swap_b = swap * 0xf;
959 int swap_w = swap * 0x3;
960 bool be = HOST_BIG_ENDIAN ^ swap;
961 uint32_t t;
962
963 /* Note that AES_mc_rot is encoded for little-endian. */
964 t = ( AES_mc_rot[st->b[swap_b ^ 0x0]] ^
965 rol32(AES_mc_rot[st->b[swap_b ^ 0x1]], 8) ^
966 rol32(AES_mc_rot[st->b[swap_b ^ 0x2]], 16) ^
967 rol32(AES_mc_rot[st->b[swap_b ^ 0x3]], 24));
968 if (be) {
969 t = bswap32(t);
970 }
971 r->w[swap_w ^ 0] = t;
972
973 t = ( AES_mc_rot[st->b[swap_b ^ 0x4]] ^
974 rol32(AES_mc_rot[st->b[swap_b ^ 0x5]], 8) ^
975 rol32(AES_mc_rot[st->b[swap_b ^ 0x6]], 16) ^
976 rol32(AES_mc_rot[st->b[swap_b ^ 0x7]], 24));
977 if (be) {
978 t = bswap32(t);
979 }
980 r->w[swap_w ^ 1] = t;
981
982 t = ( AES_mc_rot[st->b[swap_b ^ 0x8]] ^
983 rol32(AES_mc_rot[st->b[swap_b ^ 0x9]], 8) ^
984 rol32(AES_mc_rot[st->b[swap_b ^ 0xA]], 16) ^
985 rol32(AES_mc_rot[st->b[swap_b ^ 0xB]], 24));
986 if (be) {
987 t = bswap32(t);
988 }
989 r->w[swap_w ^ 2] = t;
990
991 t = ( AES_mc_rot[st->b[swap_b ^ 0xC]] ^
992 rol32(AES_mc_rot[st->b[swap_b ^ 0xD]], 8) ^
993 rol32(AES_mc_rot[st->b[swap_b ^ 0xE]], 16) ^
994 rol32(AES_mc_rot[st->b[swap_b ^ 0xF]], 24));
995 if (be) {
996 t = bswap32(t);
997 }
998 r->w[swap_w ^ 3] = t;
999 }
1000
1001 void aesenc_MC_gen(AESState *r, const AESState *st)
1002 {
1003 aesenc_MC_swap(r, st, false);
1004 }
1005
1006 void aesenc_MC_genrev(AESState *r, const AESState *st)
1007 {
1008 aesenc_MC_swap(r, st, true);
1009 }
1010
1011 /*
1012 * Perform SubBytes + ShiftRows + AddRoundKey.
1013 */
1014 static inline void
1015 aesenc_SB_SR_AK_swap(AESState *ret, const AESState *st,
1016 const AESState *rk, bool swap)
1017 {
1018 const int swap_b = swap ? 15 : 0;
1019 AESState t;
1020
1021 t.b[swap_b ^ 0x0] = AES_sbox[st->b[swap_b ^ AES_SH(0x0)]];
1022 t.b[swap_b ^ 0x1] = AES_sbox[st->b[swap_b ^ AES_SH(0x1)]];
1023 t.b[swap_b ^ 0x2] = AES_sbox[st->b[swap_b ^ AES_SH(0x2)]];
1024 t.b[swap_b ^ 0x3] = AES_sbox[st->b[swap_b ^ AES_SH(0x3)]];
1025 t.b[swap_b ^ 0x4] = AES_sbox[st->b[swap_b ^ AES_SH(0x4)]];
1026 t.b[swap_b ^ 0x5] = AES_sbox[st->b[swap_b ^ AES_SH(0x5)]];
1027 t.b[swap_b ^ 0x6] = AES_sbox[st->b[swap_b ^ AES_SH(0x6)]];
1028 t.b[swap_b ^ 0x7] = AES_sbox[st->b[swap_b ^ AES_SH(0x7)]];
1029 t.b[swap_b ^ 0x8] = AES_sbox[st->b[swap_b ^ AES_SH(0x8)]];
1030 t.b[swap_b ^ 0x9] = AES_sbox[st->b[swap_b ^ AES_SH(0x9)]];
1031 t.b[swap_b ^ 0xa] = AES_sbox[st->b[swap_b ^ AES_SH(0xA)]];
1032 t.b[swap_b ^ 0xb] = AES_sbox[st->b[swap_b ^ AES_SH(0xB)]];
1033 t.b[swap_b ^ 0xc] = AES_sbox[st->b[swap_b ^ AES_SH(0xC)]];
1034 t.b[swap_b ^ 0xd] = AES_sbox[st->b[swap_b ^ AES_SH(0xD)]];
1035 t.b[swap_b ^ 0xe] = AES_sbox[st->b[swap_b ^ AES_SH(0xE)]];
1036 t.b[swap_b ^ 0xf] = AES_sbox[st->b[swap_b ^ AES_SH(0xF)]];
1037
1038 /*
1039 * Perform the AddRoundKey with generic vectors.
1040 * This may be expanded to either host integer or host vector code.
1041 * The key and output endianness match, so no bswap required.
1042 */
1043 ret->v = t.v ^ rk->v;
1044 }
1045
1046 void aesenc_SB_SR_AK_gen(AESState *r, const AESState *s, const AESState *k)
1047 {
1048 aesenc_SB_SR_AK_swap(r, s, k, false);
1049 }
1050
1051 void aesenc_SB_SR_AK_genrev(AESState *r, const AESState *s, const AESState *k)
1052 {
1053 aesenc_SB_SR_AK_swap(r, s, k, true);
1054 }
1055
1056 /*
1057 * Perform SubBytes + ShiftRows + MixColumns + AddRoundKey.
1058 */
1059 static inline void
1060 aesenc_SB_SR_MC_AK_swap(AESState *r, const AESState *st,
1061 const AESState *rk, bool swap)
1062 {
1063 int swap_b = swap * 0xf;
1064 int swap_w = swap * 0x3;
1065 bool be = HOST_BIG_ENDIAN ^ swap;
1066 uint32_t w0, w1, w2, w3;
1067
1068 w0 = (AES_Te0[st->b[swap_b ^ AES_SH(0x0)]] ^
1069 AES_Te1[st->b[swap_b ^ AES_SH(0x1)]] ^
1070 AES_Te2[st->b[swap_b ^ AES_SH(0x2)]] ^
1071 AES_Te3[st->b[swap_b ^ AES_SH(0x3)]]);
1072
1073 w1 = (AES_Te0[st->b[swap_b ^ AES_SH(0x4)]] ^
1074 AES_Te1[st->b[swap_b ^ AES_SH(0x5)]] ^
1075 AES_Te2[st->b[swap_b ^ AES_SH(0x6)]] ^
1076 AES_Te3[st->b[swap_b ^ AES_SH(0x7)]]);
1077
1078 w2 = (AES_Te0[st->b[swap_b ^ AES_SH(0x8)]] ^
1079 AES_Te1[st->b[swap_b ^ AES_SH(0x9)]] ^
1080 AES_Te2[st->b[swap_b ^ AES_SH(0xA)]] ^
1081 AES_Te3[st->b[swap_b ^ AES_SH(0xB)]]);
1082
1083 w3 = (AES_Te0[st->b[swap_b ^ AES_SH(0xC)]] ^
1084 AES_Te1[st->b[swap_b ^ AES_SH(0xD)]] ^
1085 AES_Te2[st->b[swap_b ^ AES_SH(0xE)]] ^
1086 AES_Te3[st->b[swap_b ^ AES_SH(0xF)]]);
1087
1088 /* Note that AES_TeX is encoded for big-endian. */
1089 if (!be) {
1090 w0 = bswap32(w0);
1091 w1 = bswap32(w1);
1092 w2 = bswap32(w2);
1093 w3 = bswap32(w3);
1094 }
1095
1096 r->w[swap_w ^ 0] = rk->w[swap_w ^ 0] ^ w0;
1097 r->w[swap_w ^ 1] = rk->w[swap_w ^ 1] ^ w1;
1098 r->w[swap_w ^ 2] = rk->w[swap_w ^ 2] ^ w2;
1099 r->w[swap_w ^ 3] = rk->w[swap_w ^ 3] ^ w3;
1100 }
1101
1102 void aesenc_SB_SR_MC_AK_gen(AESState *r, const AESState *st,
1103 const AESState *rk)
1104 {
1105 aesenc_SB_SR_MC_AK_swap(r, st, rk, false);
1106 }
1107
1108 void aesenc_SB_SR_MC_AK_genrev(AESState *r, const AESState *st,
1109 const AESState *rk)
1110 {
1111 aesenc_SB_SR_MC_AK_swap(r, st, rk, true);
1112 }
1113
1114 /*
1115 * Perform InvMixColumns.
1116 */
1117 static inline void
1118 aesdec_IMC_swap(AESState *r, const AESState *st, bool swap)
1119 {
1120 int swap_b = swap * 0xf;
1121 int swap_w = swap * 0x3;
1122 bool be = HOST_BIG_ENDIAN ^ swap;
1123 uint32_t t;
1124
1125 /* Note that AES_imc_rot is encoded for little-endian. */
1126 t = ( AES_imc_rot[st->b[swap_b ^ 0x0]] ^
1127 rol32(AES_imc_rot[st->b[swap_b ^ 0x1]], 8) ^
1128 rol32(AES_imc_rot[st->b[swap_b ^ 0x2]], 16) ^
1129 rol32(AES_imc_rot[st->b[swap_b ^ 0x3]], 24));
1130 if (be) {
1131 t = bswap32(t);
1132 }
1133 r->w[swap_w ^ 0] = t;
1134
1135 t = ( AES_imc_rot[st->b[swap_b ^ 0x4]] ^
1136 rol32(AES_imc_rot[st->b[swap_b ^ 0x5]], 8) ^
1137 rol32(AES_imc_rot[st->b[swap_b ^ 0x6]], 16) ^
1138 rol32(AES_imc_rot[st->b[swap_b ^ 0x7]], 24));
1139 if (be) {
1140 t = bswap32(t);
1141 }
1142 r->w[swap_w ^ 1] = t;
1143
1144 t = ( AES_imc_rot[st->b[swap_b ^ 0x8]] ^
1145 rol32(AES_imc_rot[st->b[swap_b ^ 0x9]], 8) ^
1146 rol32(AES_imc_rot[st->b[swap_b ^ 0xA]], 16) ^
1147 rol32(AES_imc_rot[st->b[swap_b ^ 0xB]], 24));
1148 if (be) {
1149 t = bswap32(t);
1150 }
1151 r->w[swap_w ^ 2] = t;
1152
1153 t = ( AES_imc_rot[st->b[swap_b ^ 0xC]] ^
1154 rol32(AES_imc_rot[st->b[swap_b ^ 0xD]], 8) ^
1155 rol32(AES_imc_rot[st->b[swap_b ^ 0xE]], 16) ^
1156 rol32(AES_imc_rot[st->b[swap_b ^ 0xF]], 24));
1157 if (be) {
1158 t = bswap32(t);
1159 }
1160 r->w[swap_w ^ 3] = t;
1161 }
1162
1163 void aesdec_IMC_gen(AESState *r, const AESState *st)
1164 {
1165 aesdec_IMC_swap(r, st, false);
1166 }
1167
1168 void aesdec_IMC_genrev(AESState *r, const AESState *st)
1169 {
1170 aesdec_IMC_swap(r, st, true);
1171 }
1172
1173 /*
1174 * Perform InvSubBytes + InvShiftRows + AddRoundKey.
1175 */
1176 static inline void
1177 aesdec_ISB_ISR_AK_swap(AESState *ret, const AESState *st,
1178 const AESState *rk, bool swap)
1179 {
1180 const int swap_b = swap ? 15 : 0;
1181 AESState t;
1182
1183 t.b[swap_b ^ 0x0] = AES_isbox[st->b[swap_b ^ AES_ISH(0x0)]];
1184 t.b[swap_b ^ 0x1] = AES_isbox[st->b[swap_b ^ AES_ISH(0x1)]];
1185 t.b[swap_b ^ 0x2] = AES_isbox[st->b[swap_b ^ AES_ISH(0x2)]];
1186 t.b[swap_b ^ 0x3] = AES_isbox[st->b[swap_b ^ AES_ISH(0x3)]];
1187 t.b[swap_b ^ 0x4] = AES_isbox[st->b[swap_b ^ AES_ISH(0x4)]];
1188 t.b[swap_b ^ 0x5] = AES_isbox[st->b[swap_b ^ AES_ISH(0x5)]];
1189 t.b[swap_b ^ 0x6] = AES_isbox[st->b[swap_b ^ AES_ISH(0x6)]];
1190 t.b[swap_b ^ 0x7] = AES_isbox[st->b[swap_b ^ AES_ISH(0x7)]];
1191 t.b[swap_b ^ 0x8] = AES_isbox[st->b[swap_b ^ AES_ISH(0x8)]];
1192 t.b[swap_b ^ 0x9] = AES_isbox[st->b[swap_b ^ AES_ISH(0x9)]];
1193 t.b[swap_b ^ 0xa] = AES_isbox[st->b[swap_b ^ AES_ISH(0xA)]];
1194 t.b[swap_b ^ 0xb] = AES_isbox[st->b[swap_b ^ AES_ISH(0xB)]];
1195 t.b[swap_b ^ 0xc] = AES_isbox[st->b[swap_b ^ AES_ISH(0xC)]];
1196 t.b[swap_b ^ 0xd] = AES_isbox[st->b[swap_b ^ AES_ISH(0xD)]];
1197 t.b[swap_b ^ 0xe] = AES_isbox[st->b[swap_b ^ AES_ISH(0xE)]];
1198 t.b[swap_b ^ 0xf] = AES_isbox[st->b[swap_b ^ AES_ISH(0xF)]];
1199
1200 /*
1201 * Perform the AddRoundKey with generic vectors.
1202 * This may be expanded to either host integer or host vector code.
1203 * The key and output endianness match, so no bswap required.
1204 */
1205 ret->v = t.v ^ rk->v;
1206 }
1207
1208 void aesdec_ISB_ISR_AK_gen(AESState *r, const AESState *s, const AESState *k)
1209 {
1210 aesdec_ISB_ISR_AK_swap(r, s, k, false);
1211 }
1212
1213 void aesdec_ISB_ISR_AK_genrev(AESState *r, const AESState *s, const AESState *k)
1214 {
1215 aesdec_ISB_ISR_AK_swap(r, s, k, true);
1216 }
1217
1218 /*
1219 * Perform InvSubBytes + InvShiftRows + InvMixColumns + AddRoundKey.
1220 */
1221 static inline void
1222 aesdec_ISB_ISR_IMC_AK_swap(AESState *r, const AESState *st,
1223 const AESState *rk, bool swap)
1224 {
1225 int swap_b = swap * 0xf;
1226 int swap_w = swap * 0x3;
1227 bool be = HOST_BIG_ENDIAN ^ swap;
1228 uint32_t w0, w1, w2, w3;
1229
1230 w0 = (AES_Td0[st->b[swap_b ^ AES_ISH(0x0)]] ^
1231 AES_Td1[st->b[swap_b ^ AES_ISH(0x1)]] ^
1232 AES_Td2[st->b[swap_b ^ AES_ISH(0x2)]] ^
1233 AES_Td3[st->b[swap_b ^ AES_ISH(0x3)]]);
1234
1235 w1 = (AES_Td0[st->b[swap_b ^ AES_ISH(0x4)]] ^
1236 AES_Td1[st->b[swap_b ^ AES_ISH(0x5)]] ^
1237 AES_Td2[st->b[swap_b ^ AES_ISH(0x6)]] ^
1238 AES_Td3[st->b[swap_b ^ AES_ISH(0x7)]]);
1239
1240 w2 = (AES_Td0[st->b[swap_b ^ AES_ISH(0x8)]] ^
1241 AES_Td1[st->b[swap_b ^ AES_ISH(0x9)]] ^
1242 AES_Td2[st->b[swap_b ^ AES_ISH(0xA)]] ^
1243 AES_Td3[st->b[swap_b ^ AES_ISH(0xB)]]);
1244
1245 w3 = (AES_Td0[st->b[swap_b ^ AES_ISH(0xC)]] ^
1246 AES_Td1[st->b[swap_b ^ AES_ISH(0xD)]] ^
1247 AES_Td2[st->b[swap_b ^ AES_ISH(0xE)]] ^
1248 AES_Td3[st->b[swap_b ^ AES_ISH(0xF)]]);
1249
1250 /* Note that AES_TdX is encoded for big-endian. */
1251 if (!be) {
1252 w0 = bswap32(w0);
1253 w1 = bswap32(w1);
1254 w2 = bswap32(w2);
1255 w3 = bswap32(w3);
1256 }
1257
1258 r->w[swap_w ^ 0] = rk->w[swap_w ^ 0] ^ w0;
1259 r->w[swap_w ^ 1] = rk->w[swap_w ^ 1] ^ w1;
1260 r->w[swap_w ^ 2] = rk->w[swap_w ^ 2] ^ w2;
1261 r->w[swap_w ^ 3] = rk->w[swap_w ^ 3] ^ w3;
1262 }
1263
1264 void aesdec_ISB_ISR_IMC_AK_gen(AESState *r, const AESState *st,
1265 const AESState *rk)
1266 {
1267 aesdec_ISB_ISR_IMC_AK_swap(r, st, rk, false);
1268 }
1269
1270 void aesdec_ISB_ISR_IMC_AK_genrev(AESState *r, const AESState *st,
1271 const AESState *rk)
1272 {
1273 aesdec_ISB_ISR_IMC_AK_swap(r, st, rk, true);
1274 }
1275
1276 void aesdec_ISB_ISR_AK_IMC_gen(AESState *ret, const AESState *st,
1277 const AESState *rk)
1278 {
1279 aesdec_ISB_ISR_AK_gen(ret, st, rk);
1280 aesdec_IMC_gen(ret, ret);
1281 }
1282
1283 void aesdec_ISB_ISR_AK_IMC_genrev(AESState *ret, const AESState *st,
1284 const AESState *rk)
1285 {
1286 aesdec_ISB_ISR_AK_genrev(ret, st, rk);
1287 aesdec_IMC_genrev(ret, ret);
1288 }
1289
1290 /**
1291 * Expand the cipher key into the encryption key schedule.
1292 */
1293 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
1294 AES_KEY *key) {
1295
1296 u32 *rk;
1297 int i = 0;
1298 u32 temp;
1299
1300 if (!userKey || !key)
1301 return -1;
1302 if (bits != 128 && bits != 192 && bits != 256)
1303 return -2;
1304
1305 rk = key->rd_key;
1306
1307 if (bits == 128)
1308 key->rounds = 10;
1309 else if (bits == 192)
1310 key->rounds = 12;
1311 else
1312 key->rounds = 14;
1313
1314 rk[0] = GETU32(userKey );
1315 rk[1] = GETU32(userKey + 4);
1316 rk[2] = GETU32(userKey + 8);
1317 rk[3] = GETU32(userKey + 12);
1318 if (bits == 128) {
1319 while (1) {
1320 temp = rk[3];
1321 rk[4] = rk[0] ^
1322 (AES_Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1323 (AES_Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1324 (AES_Te4[(temp ) & 0xff] & 0x0000ff00) ^
1325 (AES_Te4[(temp >> 24) ] & 0x000000ff) ^
1326 rcon[i];
1327 rk[5] = rk[1] ^ rk[4];
1328 rk[6] = rk[2] ^ rk[5];
1329 rk[7] = rk[3] ^ rk[6];
1330 if (++i == 10) {
1331 return 0;
1332 }
1333 rk += 4;
1334 }
1335 }
1336 rk[4] = GETU32(userKey + 16);
1337 rk[5] = GETU32(userKey + 20);
1338 if (bits == 192) {
1339 while (1) {
1340 temp = rk[ 5];
1341 rk[ 6] = rk[ 0] ^
1342 (AES_Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1343 (AES_Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1344 (AES_Te4[(temp ) & 0xff] & 0x0000ff00) ^
1345 (AES_Te4[(temp >> 24) ] & 0x000000ff) ^
1346 rcon[i];
1347 rk[ 7] = rk[ 1] ^ rk[ 6];
1348 rk[ 8] = rk[ 2] ^ rk[ 7];
1349 rk[ 9] = rk[ 3] ^ rk[ 8];
1350 if (++i == 8) {
1351 return 0;
1352 }
1353 rk[10] = rk[ 4] ^ rk[ 9];
1354 rk[11] = rk[ 5] ^ rk[10];
1355 rk += 6;
1356 }
1357 }
1358 rk[6] = GETU32(userKey + 24);
1359 rk[7] = GETU32(userKey + 28);
1360 if (bits == 256) {
1361 while (1) {
1362 temp = rk[ 7];
1363 rk[ 8] = rk[ 0] ^
1364 (AES_Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1365 (AES_Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1366 (AES_Te4[(temp ) & 0xff] & 0x0000ff00) ^
1367 (AES_Te4[(temp >> 24) ] & 0x000000ff) ^
1368 rcon[i];
1369 rk[ 9] = rk[ 1] ^ rk[ 8];
1370 rk[10] = rk[ 2] ^ rk[ 9];
1371 rk[11] = rk[ 3] ^ rk[10];
1372 if (++i == 7) {
1373 return 0;
1374 }
1375 temp = rk[11];
1376 rk[12] = rk[ 4] ^
1377 (AES_Te4[(temp >> 24) ] & 0xff000000) ^
1378 (AES_Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
1379 (AES_Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
1380 (AES_Te4[(temp ) & 0xff] & 0x000000ff);
1381 rk[13] = rk[ 5] ^ rk[12];
1382 rk[14] = rk[ 6] ^ rk[13];
1383 rk[15] = rk[ 7] ^ rk[14];
1384
1385 rk += 8;
1386 }
1387 }
1388 abort();
1389 }
1390
1391 /**
1392 * Expand the cipher key into the decryption key schedule.
1393 */
1394 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
1395 AES_KEY *key) {
1396
1397 u32 *rk;
1398 int i, j, status;
1399 u32 temp;
1400
1401 /* first, start with an encryption schedule */
1402 status = AES_set_encrypt_key(userKey, bits, key);
1403 if (status < 0)
1404 return status;
1405
1406 rk = key->rd_key;
1407
1408 /* invert the order of the round keys: */
1409 for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) {
1410 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
1411 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
1412 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
1413 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
1414 }
1415 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
1416 for (i = 1; i < (key->rounds); i++) {
1417 rk += 4;
1418 rk[0] =
1419 AES_Td0[AES_Te4[(rk[0] >> 24) ] & 0xff] ^
1420 AES_Td1[AES_Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1421 AES_Td2[AES_Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1422 AES_Td3[AES_Te4[(rk[0] ) & 0xff] & 0xff];
1423 rk[1] =
1424 AES_Td0[AES_Te4[(rk[1] >> 24) ] & 0xff] ^
1425 AES_Td1[AES_Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1426 AES_Td2[AES_Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1427 AES_Td3[AES_Te4[(rk[1] ) & 0xff] & 0xff];
1428 rk[2] =
1429 AES_Td0[AES_Te4[(rk[2] >> 24) ] & 0xff] ^
1430 AES_Td1[AES_Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1431 AES_Td2[AES_Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1432 AES_Td3[AES_Te4[(rk[2] ) & 0xff] & 0xff];
1433 rk[3] =
1434 AES_Td0[AES_Te4[(rk[3] >> 24) ] & 0xff] ^
1435 AES_Td1[AES_Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1436 AES_Td2[AES_Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1437 AES_Td3[AES_Te4[(rk[3] ) & 0xff] & 0xff];
1438 }
1439 return 0;
1440 }
1441
1442 #ifndef AES_ASM
1443 /*
1444 * Encrypt a single block
1445 * in and out can overlap
1446 */
1447 void AES_encrypt(const unsigned char *in, unsigned char *out,
1448 const AES_KEY *key) {
1449
1450 const u32 *rk;
1451 u32 s0, s1, s2, s3, t0, t1, t2, t3;
1452 #ifndef FULL_UNROLL
1453 int r;
1454 #endif /* ?FULL_UNROLL */
1455
1456 assert(in && out && key);
1457 rk = key->rd_key;
1458
1459 /*
1460 * map byte array block to cipher state
1461 * and add initial round key:
1462 */
1463 s0 = GETU32(in ) ^ rk[0];
1464 s1 = GETU32(in + 4) ^ rk[1];
1465 s2 = GETU32(in + 8) ^ rk[2];
1466 s3 = GETU32(in + 12) ^ rk[3];
1467 #ifdef FULL_UNROLL
1468 /* round 1: */
1469 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[ 4];
1470 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[ 5];
1471 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[ 6];
1472 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[ 7];
1473 /* round 2: */
1474 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[ 8];
1475 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[ 9];
1476 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[10];
1477 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[11];
1478 /* round 3: */
1479 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[12];
1480 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[13];
1481 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[14];
1482 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[15];
1483 /* round 4: */
1484 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[16];
1485 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[17];
1486 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[18];
1487 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[19];
1488 /* round 5: */
1489 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[20];
1490 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[21];
1491 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[22];
1492 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[23];
1493 /* round 6: */
1494 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[24];
1495 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[25];
1496 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[26];
1497 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[27];
1498 /* round 7: */
1499 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[28];
1500 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[29];
1501 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[30];
1502 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[31];
1503 /* round 8: */
1504 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[32];
1505 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[33];
1506 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[34];
1507 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[35];
1508 /* round 9: */
1509 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[36];
1510 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[37];
1511 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[38];
1512 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[39];
1513 if (key->rounds > 10) {
1514 /* round 10: */
1515 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[40];
1516 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[41];
1517 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[42];
1518 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[43];
1519 /* round 11: */
1520 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[44];
1521 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[45];
1522 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[46];
1523 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[47];
1524 if (key->rounds > 12) {
1525 /* round 12: */
1526 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[48];
1527 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[49];
1528 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[50];
1529 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[51];
1530 /* round 13: */
1531 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[52];
1532 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[53];
1533 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[54];
1534 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[55];
1535 }
1536 }
1537 rk += key->rounds << 2;
1538 #else /* !FULL_UNROLL */
1539 /*
1540 * Nr - 1 full rounds:
1541 */
1542 r = key->rounds >> 1;
1543 for (;;) {
1544 t0 =
1545 AES_Te0[(s0 >> 24) ] ^
1546 AES_Te1[(s1 >> 16) & 0xff] ^
1547 AES_Te2[(s2 >> 8) & 0xff] ^
1548 AES_Te3[(s3 ) & 0xff] ^
1549 rk[4];
1550 t1 =
1551 AES_Te0[(s1 >> 24) ] ^
1552 AES_Te1[(s2 >> 16) & 0xff] ^
1553 AES_Te2[(s3 >> 8) & 0xff] ^
1554 AES_Te3[(s0 ) & 0xff] ^
1555 rk[5];
1556 t2 =
1557 AES_Te0[(s2 >> 24) ] ^
1558 AES_Te1[(s3 >> 16) & 0xff] ^
1559 AES_Te2[(s0 >> 8) & 0xff] ^
1560 AES_Te3[(s1 ) & 0xff] ^
1561 rk[6];
1562 t3 =
1563 AES_Te0[(s3 >> 24) ] ^
1564 AES_Te1[(s0 >> 16) & 0xff] ^
1565 AES_Te2[(s1 >> 8) & 0xff] ^
1566 AES_Te3[(s2 ) & 0xff] ^
1567 rk[7];
1568
1569 rk += 8;
1570 if (--r == 0) {
1571 break;
1572 }
1573
1574 s0 =
1575 AES_Te0[(t0 >> 24) ] ^
1576 AES_Te1[(t1 >> 16) & 0xff] ^
1577 AES_Te2[(t2 >> 8) & 0xff] ^
1578 AES_Te3[(t3 ) & 0xff] ^
1579 rk[0];
1580 s1 =
1581 AES_Te0[(t1 >> 24) ] ^
1582 AES_Te1[(t2 >> 16) & 0xff] ^
1583 AES_Te2[(t3 >> 8) & 0xff] ^
1584 AES_Te3[(t0 ) & 0xff] ^
1585 rk[1];
1586 s2 =
1587 AES_Te0[(t2 >> 24) ] ^
1588 AES_Te1[(t3 >> 16) & 0xff] ^
1589 AES_Te2[(t0 >> 8) & 0xff] ^
1590 AES_Te3[(t1 ) & 0xff] ^
1591 rk[2];
1592 s3 =
1593 AES_Te0[(t3 >> 24) ] ^
1594 AES_Te1[(t0 >> 16) & 0xff] ^
1595 AES_Te2[(t1 >> 8) & 0xff] ^
1596 AES_Te3[(t2 ) & 0xff] ^
1597 rk[3];
1598 }
1599 #endif /* ?FULL_UNROLL */
1600 /*
1601 * apply last round and
1602 * map cipher state to byte array block:
1603 */
1604 s0 =
1605 (AES_Te4[(t0 >> 24) ] & 0xff000000) ^
1606 (AES_Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1607 (AES_Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1608 (AES_Te4[(t3 ) & 0xff] & 0x000000ff) ^
1609 rk[0];
1610 PUTU32(out , s0);
1611 s1 =
1612 (AES_Te4[(t1 >> 24) ] & 0xff000000) ^
1613 (AES_Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1614 (AES_Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1615 (AES_Te4[(t0 ) & 0xff] & 0x000000ff) ^
1616 rk[1];
1617 PUTU32(out + 4, s1);
1618 s2 =
1619 (AES_Te4[(t2 >> 24) ] & 0xff000000) ^
1620 (AES_Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1621 (AES_Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1622 (AES_Te4[(t1 ) & 0xff] & 0x000000ff) ^
1623 rk[2];
1624 PUTU32(out + 8, s2);
1625 s3 =
1626 (AES_Te4[(t3 >> 24) ] & 0xff000000) ^
1627 (AES_Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1628 (AES_Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1629 (AES_Te4[(t2 ) & 0xff] & 0x000000ff) ^
1630 rk[3];
1631 PUTU32(out + 12, s3);
1632 }
1633
1634 /*
1635 * Decrypt a single block
1636 * in and out can overlap
1637 */
1638 void AES_decrypt(const unsigned char *in, unsigned char *out,
1639 const AES_KEY *key) {
1640
1641 const u32 *rk;
1642 u32 s0, s1, s2, s3, t0, t1, t2, t3;
1643 #ifndef FULL_UNROLL
1644 int r;
1645 #endif /* ?FULL_UNROLL */
1646
1647 assert(in && out && key);
1648 rk = key->rd_key;
1649
1650 /*
1651 * map byte array block to cipher state
1652 * and add initial round key:
1653 */
1654 s0 = GETU32(in ) ^ rk[0];
1655 s1 = GETU32(in + 4) ^ rk[1];
1656 s2 = GETU32(in + 8) ^ rk[2];
1657 s3 = GETU32(in + 12) ^ rk[3];
1658 #ifdef FULL_UNROLL
1659 /* round 1: */
1660 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[ 4];
1661 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[ 5];
1662 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[ 6];
1663 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[ 7];
1664 /* round 2: */
1665 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[ 8];
1666 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[ 9];
1667 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[10];
1668 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[11];
1669 /* round 3: */
1670 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[12];
1671 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[13];
1672 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[14];
1673 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[15];
1674 /* round 4: */
1675 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[16];
1676 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[17];
1677 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[18];
1678 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[19];
1679 /* round 5: */
1680 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[20];
1681 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[21];
1682 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[22];
1683 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[23];
1684 /* round 6: */
1685 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[24];
1686 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[25];
1687 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[26];
1688 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[27];
1689 /* round 7: */
1690 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[28];
1691 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[29];
1692 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[30];
1693 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[31];
1694 /* round 8: */
1695 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[32];
1696 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[33];
1697 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[34];
1698 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[35];
1699 /* round 9: */
1700 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[36];
1701 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[37];
1702 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[38];
1703 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[39];
1704 if (key->rounds > 10) {
1705 /* round 10: */
1706 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[40];
1707 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[41];
1708 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[42];
1709 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[43];
1710 /* round 11: */
1711 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[44];
1712 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[45];
1713 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[46];
1714 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[47];
1715 if (key->rounds > 12) {
1716 /* round 12: */
1717 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[48];
1718 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[49];
1719 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[50];
1720 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[51];
1721 /* round 13: */
1722 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[52];
1723 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[53];
1724 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[54];
1725 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[55];
1726 }
1727 }
1728 rk += key->rounds << 2;
1729 #else /* !FULL_UNROLL */
1730 /*
1731 * Nr - 1 full rounds:
1732 */
1733 r = key->rounds >> 1;
1734 for (;;) {
1735 t0 =
1736 AES_Td0[(s0 >> 24) ] ^
1737 AES_Td1[(s3 >> 16) & 0xff] ^
1738 AES_Td2[(s2 >> 8) & 0xff] ^
1739 AES_Td3[(s1 ) & 0xff] ^
1740 rk[4];
1741 t1 =
1742 AES_Td0[(s1 >> 24) ] ^
1743 AES_Td1[(s0 >> 16) & 0xff] ^
1744 AES_Td2[(s3 >> 8) & 0xff] ^
1745 AES_Td3[(s2 ) & 0xff] ^
1746 rk[5];
1747 t2 =
1748 AES_Td0[(s2 >> 24) ] ^
1749 AES_Td1[(s1 >> 16) & 0xff] ^
1750 AES_Td2[(s0 >> 8) & 0xff] ^
1751 AES_Td3[(s3 ) & 0xff] ^
1752 rk[6];
1753 t3 =
1754 AES_Td0[(s3 >> 24) ] ^
1755 AES_Td1[(s2 >> 16) & 0xff] ^
1756 AES_Td2[(s1 >> 8) & 0xff] ^
1757 AES_Td3[(s0 ) & 0xff] ^
1758 rk[7];
1759
1760 rk += 8;
1761 if (--r == 0) {
1762 break;
1763 }
1764
1765 s0 =
1766 AES_Td0[(t0 >> 24) ] ^
1767 AES_Td1[(t3 >> 16) & 0xff] ^
1768 AES_Td2[(t2 >> 8) & 0xff] ^
1769 AES_Td3[(t1 ) & 0xff] ^
1770 rk[0];
1771 s1 =
1772 AES_Td0[(t1 >> 24) ] ^
1773 AES_Td1[(t0 >> 16) & 0xff] ^
1774 AES_Td2[(t3 >> 8) & 0xff] ^
1775 AES_Td3[(t2 ) & 0xff] ^
1776 rk[1];
1777 s2 =
1778 AES_Td0[(t2 >> 24) ] ^
1779 AES_Td1[(t1 >> 16) & 0xff] ^
1780 AES_Td2[(t0 >> 8) & 0xff] ^
1781 AES_Td3[(t3 ) & 0xff] ^
1782 rk[2];
1783 s3 =
1784 AES_Td0[(t3 >> 24) ] ^
1785 AES_Td1[(t2 >> 16) & 0xff] ^
1786 AES_Td2[(t1 >> 8) & 0xff] ^
1787 AES_Td3[(t0 ) & 0xff] ^
1788 rk[3];
1789 }
1790 #endif /* ?FULL_UNROLL */
1791 /*
1792 * apply last round and
1793 * map cipher state to byte array block:
1794 */
1795 s0 =
1796 (AES_Td4[(t0 >> 24) ] & 0xff000000) ^
1797 (AES_Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1798 (AES_Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1799 (AES_Td4[(t1 ) & 0xff] & 0x000000ff) ^
1800 rk[0];
1801 PUTU32(out , s0);
1802 s1 =
1803 (AES_Td4[(t1 >> 24) ] & 0xff000000) ^
1804 (AES_Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1805 (AES_Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1806 (AES_Td4[(t2 ) & 0xff] & 0x000000ff) ^
1807 rk[1];
1808 PUTU32(out + 4, s1);
1809 s2 =
1810 (AES_Td4[(t2 >> 24) ] & 0xff000000) ^
1811 (AES_Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1812 (AES_Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1813 (AES_Td4[(t3 ) & 0xff] & 0x000000ff) ^
1814 rk[2];
1815 PUTU32(out + 8, s2);
1816 s3 =
1817 (AES_Td4[(t3 >> 24) ] & 0xff000000) ^
1818 (AES_Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1819 (AES_Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1820 (AES_Td4[(t0 ) & 0xff] & 0x000000ff) ^
1821 rk[3];
1822 PUTU32(out + 12, s3);
1823 }
1824
1825 #endif /* AES_ASM */
AR7 emulation for QEMU