qemu/util/aes.c
<<
>>
Prefs
   1/**
   2 *
   3 * aes.c - integrated in QEMU by Fabrice Bellard from the OpenSSL project.
   4 */
   5/*
   6 * rijndael-alg-fst.c
   7 *
   8 * @version 3.0 (December 2000)
   9 *
  10 * Optimised ANSI C code for the Rijndael cipher (now AES)
  11 *
  12 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
  13 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
  14 * @author Paulo Barreto <paulo.barreto@terra.com.br>
  15 *
  16 * This code is hereby placed in the public domain.
  17 *
  18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
  19 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  21 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
  22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  25 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  26 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
  27 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  28 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 */
  30#include "qemu-common.h"
  31#include "block/aes.h"
  32
  33#ifndef NDEBUG
  34#define NDEBUG
  35#endif
  36
  37typedef uint32_t u32;
  38typedef uint16_t u16;
  39typedef uint8_t u8;
  40
  41/* This controls loop-unrolling in aes_core.c */
  42#undef FULL_UNROLL
  43# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
  44# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
  45
  46/*
  47Te0[x] = S [x].[02, 01, 01, 03];
  48Te1[x] = S [x].[03, 02, 01, 01];
  49Te2[x] = S [x].[01, 03, 02, 01];
  50Te3[x] = S [x].[01, 01, 03, 02];
  51Te4[x] = S [x].[01, 01, 01, 01];
  52
  53Td0[x] = Si[x].[0e, 09, 0d, 0b];
  54Td1[x] = Si[x].[0b, 0e, 09, 0d];
  55Td2[x] = Si[x].[0d, 0b, 0e, 09];
  56Td3[x] = Si[x].[09, 0d, 0b, 0e];
  57Td4[x] = Si[x].[01, 01, 01, 01];
  58*/
  59
  60static const u32 Te0[256] = {
  61    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
  62    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
  63    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
  64    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
  65    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
  66    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
  67    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
  68    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
  69    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
  70    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
  71    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
  72    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
  73    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
  74    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
  75    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
  76    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
  77    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
  78    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
  79    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
  80    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
  81    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
  82    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
  83    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
  84    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
  85    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
  86    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
  87    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
  88    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
  89    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
  90    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
  91    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
  92    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
  93    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
  94    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
  95    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
  96    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
  97    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
  98    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
  99    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
 100    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
 101    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
 102    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
 103    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
 104    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
 105    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
 106    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
 107    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
 108    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
 109    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
 110    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
 111    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
 112    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
 113    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
 114    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
 115    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
 116    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
 117    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
 118    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
 119    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
 120    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
 121    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
 122    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
 123    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
 124    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
 125};
 126static const u32 Te1[256] = {
 127    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
 128    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
 129    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
 130    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
 131    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
 132    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
 133    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
 134    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
 135    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
 136    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
 137    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
 138    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
 139    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
 140    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
 141    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
 142    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
 143    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
 144    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
 145    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
 146    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
 147    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
 148    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
 149    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
 150    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
 151    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
 152    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
 153    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
 154    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
 155    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
 156    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
 157    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
 158    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
 159    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
 160    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
 161    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
 162    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
 163    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
 164    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
 165    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
 166    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
 167    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
 168    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
 169    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
 170    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
 171    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
 172    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
 173    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
 174    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
 175    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
 176    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
 177    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
 178    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
 179    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
 180    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
 181    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
 182    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
 183    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
 184    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
 185    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
 186    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
 187    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
 188    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
 189    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
 190    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
 191};
 192static const u32 Te2[256] = {
 193    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
 194    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
 195    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
 196    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
 197    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
 198    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
 199    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
 200    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
 201    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
 202    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
 203    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
 204    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
 205    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
 206    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
 207    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
 208    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
 209    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
 210    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
 211    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
 212    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
 213    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
 214    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
 215    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
 216    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
 217    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
 218    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
 219    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
 220    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
 221    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
 222    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
 223    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
 224    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
 225    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
 226    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
 227    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
 228    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
 229    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
 230    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
 231    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
 232    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
 233    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
 234    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
 235    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
 236    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
 237    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
 238    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
 239    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
 240    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
 241    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
 242    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
 243    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
 244    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
 245    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
 246    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
 247    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
 248    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
 249    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
 250    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
 251    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
 252    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
 253    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
 254    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
 255    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
 256    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
 257};
 258static const u32 Te3[256] = {
 259
 260    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
 261    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
 262    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
 263    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
 264    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
 265    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
 266    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
 267    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
 268    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
 269    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
 270    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
 271    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
 272    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
 273    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
 274    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
 275    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
 276    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
 277    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
 278    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
 279    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
 280    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
 281    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
 282    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
 283    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
 284    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
 285    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
 286    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
 287    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
 288    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
 289    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
 290    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
 291    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
 292    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
 293    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
 294    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
 295    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
 296    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
 297    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
 298    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
 299    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
 300    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
 301    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
 302    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
 303    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
 304    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
 305    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
 306    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
 307    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
 308    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
 309    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
 310    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
 311    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
 312    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
 313    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
 314    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
 315    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
 316    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
 317    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
 318    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
 319    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
 320    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
 321    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
 322    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
 323    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
 324};
 325static const u32 Te4[256] = {
 326    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
 327    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
 328    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
 329    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
 330    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
 331    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
 332    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
 333    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
 334    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
 335    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
 336    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
 337    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
 338    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
 339    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
 340    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
 341    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
 342    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
 343    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
 344    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
 345    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
 346    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
 347    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
 348    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
 349    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
 350    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
 351    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
 352    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
 353    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
 354    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
 355    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
 356    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
 357    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
 358    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
 359    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
 360    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
 361    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
 362    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
 363    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
 364    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
 365    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
 366    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
 367    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
 368    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
 369    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
 370    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
 371    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
 372    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
 373    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
 374    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
 375    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
 376    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
 377    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
 378    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
 379    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
 380    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
 381    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
 382    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
 383    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
 384    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
 385    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
 386    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
 387    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
 388    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
 389    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
 390};
 391static const u32 Td0[256] = {
 392    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
 393    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
 394    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
 395    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
 396    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
 397    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
 398    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
 399    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
 400    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
 401    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
 402    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
 403    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
 404    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
 405    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
 406    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
 407    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
 408    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
 409    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
 410    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
 411    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
 412    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
 413    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
 414    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
 415    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
 416    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
 417    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
 418    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
 419    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
 420    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
 421    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
 422    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
 423    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
 424    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
 425    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
 426    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
 427    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
 428    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
 429    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
 430    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
 431    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
 432    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
 433    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
 434    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
 435    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
 436    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
 437    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
 438    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
 439    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
 440    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
 441    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
 442    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
 443    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
 444    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
 445    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
 446    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
 447    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
 448    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
 449    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
 450    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
 451    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
 452    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
 453    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
 454    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
 455    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
 456};
 457static const u32 Td1[256] = {
 458    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
 459    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
 460    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
 461    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
 462    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
 463    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
 464    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
 465    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
 466    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
 467    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
 468    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
 469    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
 470    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
 471    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
 472    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
 473    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
 474    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
 475    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
 476    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
 477    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
 478    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
 479    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
 480    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
 481    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
 482    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
 483    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
 484    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
 485    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
 486    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
 487    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
 488    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
 489    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
 490    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
 491    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
 492    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
 493    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
 494    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
 495    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
 496    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
 497    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
 498    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
 499    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
 500    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
 501    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
 502    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
 503    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
 504    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
 505    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
 506    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
 507    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
 508    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
 509    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
 510    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
 511    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
 512    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
 513    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
 514    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
 515    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
 516    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
 517    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
 518    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
 519    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
 520    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
 521    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
 522};
 523static const u32 Td2[256] = {
 524    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
 525    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
 526    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
 527    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
 528    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
 529    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
 530    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
 531    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
 532    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
 533    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
 534    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
 535    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
 536    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
 537    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
 538    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
 539    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
 540    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
 541    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
 542    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
 543    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
 544
 545    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
 546    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
 547    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
 548    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
 549    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
 550    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
 551    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
 552    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
 553    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
 554    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
 555    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
 556    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
 557    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
 558    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
 559    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
 560    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
 561    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
 562    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
 563    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
 564    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
 565    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
 566    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
 567    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
 568    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
 569    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
 570    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
 571    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
 572    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
 573    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
 574    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
 575    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
 576    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
 577    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
 578    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
 579    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
 580    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
 581    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
 582    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
 583    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
 584    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
 585    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
 586    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
 587    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
 588    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
 589};
 590static const u32 Td3[256] = {
 591    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
 592    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
 593    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
 594    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
 595    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
 596    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
 597    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
 598    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
 599    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
 600    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
 601    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
 602    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
 603    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
 604    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
 605    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
 606    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
 607    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
 608    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
 609    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
 610    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
 611    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
 612    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
 613    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
 614    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
 615    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
 616    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
 617    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
 618    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
 619    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
 620    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
 621    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
 622    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
 623    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
 624    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
 625    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
 626    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
 627    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
 628    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
 629    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
 630    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
 631    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
 632    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
 633    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
 634    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
 635    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
 636    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
 637    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
 638    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
 639    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
 640    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
 641    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
 642    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
 643    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
 644    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
 645    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
 646    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
 647    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
 648    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
 649    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
 650    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
 651    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
 652    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
 653    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
 654    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
 655};
 656static const u32 Td4[256] = {
 657    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
 658    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
 659    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
 660    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
 661    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
 662    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
 663    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
 664    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
 665    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
 666    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
 667    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
 668    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
 669    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
 670    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
 671    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
 672    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
 673    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
 674    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
 675    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
 676    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
 677    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
 678    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
 679    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
 680    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
 681    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
 682    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
 683    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
 684    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
 685    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
 686    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
 687    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
 688    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
 689    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
 690    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
 691    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
 692    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
 693    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
 694    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
 695    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
 696    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
 697    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
 698    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
 699    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
 700    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
 701    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
 702    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
 703    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
 704    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
 705    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
 706    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
 707    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
 708    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
 709    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
 710    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
 711    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
 712    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
 713    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
 714    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
 715    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
 716    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
 717    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
 718    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
 719    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
 720    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
 721};
 722static const u32 rcon[] = {
 723        0x01000000, 0x02000000, 0x04000000, 0x08000000,
 724        0x10000000, 0x20000000, 0x40000000, 0x80000000,
 725        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 726};
 727
 728/**
 729 * Expand the cipher key into the encryption key schedule.
 730 */
 731int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 732                        AES_KEY *key) {
 733
 734        u32 *rk;
 735        int i = 0;
 736        u32 temp;
 737
 738        if (!userKey || !key)
 739                return -1;
 740        if (bits != 128 && bits != 192 && bits != 256)
 741                return -2;
 742
 743        rk = key->rd_key;
 744
 745        if (bits==128)
 746                key->rounds = 10;
 747        else if (bits==192)
 748                key->rounds = 12;
 749        else
 750                key->rounds = 14;
 751
 752        rk[0] = GETU32(userKey     );
 753        rk[1] = GETU32(userKey +  4);
 754        rk[2] = GETU32(userKey +  8);
 755        rk[3] = GETU32(userKey + 12);
 756        if (bits == 128) {
 757                while (1) {
 758                        temp  = rk[3];
 759                        rk[4] = rk[0] ^
 760                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
 761                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
 762                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
 763                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
 764                                rcon[i];
 765                        rk[5] = rk[1] ^ rk[4];
 766                        rk[6] = rk[2] ^ rk[5];
 767                        rk[7] = rk[3] ^ rk[6];
 768                        if (++i == 10) {
 769                                return 0;
 770                        }
 771                        rk += 4;
 772                }
 773        }
 774        rk[4] = GETU32(userKey + 16);
 775        rk[5] = GETU32(userKey + 20);
 776        if (bits == 192) {
 777                while (1) {
 778                        temp = rk[ 5];
 779                        rk[ 6] = rk[ 0] ^
 780                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
 781                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
 782                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
 783                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
 784                                rcon[i];
 785                        rk[ 7] = rk[ 1] ^ rk[ 6];
 786                        rk[ 8] = rk[ 2] ^ rk[ 7];
 787                        rk[ 9] = rk[ 3] ^ rk[ 8];
 788                        if (++i == 8) {
 789                                return 0;
 790                        }
 791                        rk[10] = rk[ 4] ^ rk[ 9];
 792                        rk[11] = rk[ 5] ^ rk[10];
 793                        rk += 6;
 794                }
 795        }
 796        rk[6] = GETU32(userKey + 24);
 797        rk[7] = GETU32(userKey + 28);
 798        if (bits == 256) {
 799                while (1) {
 800                        temp = rk[ 7];
 801                        rk[ 8] = rk[ 0] ^
 802                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
 803                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
 804                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
 805                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
 806                                rcon[i];
 807                        rk[ 9] = rk[ 1] ^ rk[ 8];
 808                        rk[10] = rk[ 2] ^ rk[ 9];
 809                        rk[11] = rk[ 3] ^ rk[10];
 810                        if (++i == 7) {
 811                                return 0;
 812                        }
 813                        temp = rk[11];
 814                        rk[12] = rk[ 4] ^
 815                                (Te4[(temp >> 24)       ] & 0xff000000) ^
 816                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
 817                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
 818                                (Te4[(temp      ) & 0xff] & 0x000000ff);
 819                        rk[13] = rk[ 5] ^ rk[12];
 820                        rk[14] = rk[ 6] ^ rk[13];
 821                        rk[15] = rk[ 7] ^ rk[14];
 822
 823                        rk += 8;
 824                }
 825        }
 826        return 0;
 827}
 828
 829/**
 830 * Expand the cipher key into the decryption key schedule.
 831 */
 832int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 833                         AES_KEY *key) {
 834
 835        u32 *rk;
 836        int i, j, status;
 837        u32 temp;
 838
 839        /* first, start with an encryption schedule */
 840        status = AES_set_encrypt_key(userKey, bits, key);
 841        if (status < 0)
 842                return status;
 843
 844        rk = key->rd_key;
 845
 846        /* invert the order of the round keys: */
 847        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
 848                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
 849                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
 850                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
 851                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
 852        }
 853        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
 854        for (i = 1; i < (key->rounds); i++) {
 855                rk += 4;
 856                rk[0] =
 857                        Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
 858                        Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
 859                        Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
 860                        Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
 861                rk[1] =
 862                        Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
 863                        Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
 864                        Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
 865                        Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
 866                rk[2] =
 867                        Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
 868                        Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
 869                        Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
 870                        Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
 871                rk[3] =
 872                        Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
 873                        Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
 874                        Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
 875                        Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
 876        }
 877        return 0;
 878}
 879
 880#ifndef AES_ASM
 881/*
 882 * Encrypt a single block
 883 * in and out can overlap
 884 */
 885void AES_encrypt(const unsigned char *in, unsigned char *out,
 886                 const AES_KEY *key) {
 887
 888        const u32 *rk;
 889        u32 s0, s1, s2, s3, t0, t1, t2, t3;
 890#ifndef FULL_UNROLL
 891        int r;
 892#endif /* ?FULL_UNROLL */
 893
 894        assert(in && out && key);
 895        rk = key->rd_key;
 896
 897        /*
 898         * map byte array block to cipher state
 899         * and add initial round key:
 900         */
 901        s0 = GETU32(in     ) ^ rk[0];
 902        s1 = GETU32(in +  4) ^ rk[1];
 903        s2 = GETU32(in +  8) ^ rk[2];
 904        s3 = GETU32(in + 12) ^ rk[3];
 905#ifdef FULL_UNROLL
 906        /* round 1: */
 907        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
 908        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
 909        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
 910        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
 911        /* round 2: */
 912        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
 913        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
 914        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
 915        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
 916        /* round 3: */
 917        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
 918        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
 919        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
 920        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
 921        /* round 4: */
 922        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
 923        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
 924        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
 925        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
 926        /* round 5: */
 927        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
 928        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
 929        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
 930        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
 931        /* round 6: */
 932        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
 933        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
 934        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
 935        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
 936        /* round 7: */
 937        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
 938        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
 939        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
 940        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
 941        /* round 8: */
 942        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
 943        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
 944        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
 945        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
 946        /* round 9: */
 947        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
 948        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
 949        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
 950        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
 951    if (key->rounds > 10) {
 952        /* round 10: */
 953        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
 954        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
 955        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
 956        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
 957        /* round 11: */
 958        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
 959        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
 960        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
 961        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
 962        if (key->rounds > 12) {
 963            /* round 12: */
 964            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
 965            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
 966            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
 967            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
 968            /* round 13: */
 969            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
 970            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
 971            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
 972            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
 973        }
 974    }
 975    rk += key->rounds << 2;
 976#else  /* !FULL_UNROLL */
 977    /*
 978     * Nr - 1 full rounds:
 979     */
 980    r = key->rounds >> 1;
 981    for (;;) {
 982        t0 =
 983            Te0[(s0 >> 24)       ] ^
 984            Te1[(s1 >> 16) & 0xff] ^
 985            Te2[(s2 >>  8) & 0xff] ^
 986            Te3[(s3      ) & 0xff] ^
 987            rk[4];
 988        t1 =
 989            Te0[(s1 >> 24)       ] ^
 990            Te1[(s2 >> 16) & 0xff] ^
 991            Te2[(s3 >>  8) & 0xff] ^
 992            Te3[(s0      ) & 0xff] ^
 993            rk[5];
 994        t2 =
 995            Te0[(s2 >> 24)       ] ^
 996            Te1[(s3 >> 16) & 0xff] ^
 997            Te2[(s0 >>  8) & 0xff] ^
 998            Te3[(s1      ) & 0xff] ^
 999            rk[6];
1000        t3 =
1001            Te0[(s3 >> 24)       ] ^
1002            Te1[(s0 >> 16) & 0xff] ^
1003            Te2[(s1 >>  8) & 0xff] ^
1004            Te3[(s2      ) & 0xff] ^
1005            rk[7];
1006
1007        rk += 8;
1008        if (--r == 0) {
1009            break;
1010        }
1011
1012        s0 =
1013            Te0[(t0 >> 24)       ] ^
1014            Te1[(t1 >> 16) & 0xff] ^
1015            Te2[(t2 >>  8) & 0xff] ^
1016            Te3[(t3      ) & 0xff] ^
1017            rk[0];
1018        s1 =
1019            Te0[(t1 >> 24)       ] ^
1020            Te1[(t2 >> 16) & 0xff] ^
1021            Te2[(t3 >>  8) & 0xff] ^
1022            Te3[(t0      ) & 0xff] ^
1023            rk[1];
1024        s2 =
1025            Te0[(t2 >> 24)       ] ^
1026            Te1[(t3 >> 16) & 0xff] ^
1027            Te2[(t0 >>  8) & 0xff] ^
1028            Te3[(t1      ) & 0xff] ^
1029            rk[2];
1030        s3 =
1031            Te0[(t3 >> 24)       ] ^
1032            Te1[(t0 >> 16) & 0xff] ^
1033            Te2[(t1 >>  8) & 0xff] ^
1034            Te3[(t2      ) & 0xff] ^
1035            rk[3];
1036    }
1037#endif /* ?FULL_UNROLL */
1038    /*
1039         * apply last round and
1040         * map cipher state to byte array block:
1041         */
1042        s0 =
1043                (Te4[(t0 >> 24)       ] & 0xff000000) ^
1044                (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1045                (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1046                (Te4[(t3      ) & 0xff] & 0x000000ff) ^
1047                rk[0];
1048        PUTU32(out     , s0);
1049        s1 =
1050                (Te4[(t1 >> 24)       ] & 0xff000000) ^
1051                (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1052                (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1053                (Te4[(t0      ) & 0xff] & 0x000000ff) ^
1054                rk[1];
1055        PUTU32(out +  4, s1);
1056        s2 =
1057                (Te4[(t2 >> 24)       ] & 0xff000000) ^
1058                (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1059                (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1060                (Te4[(t1      ) & 0xff] & 0x000000ff) ^
1061                rk[2];
1062        PUTU32(out +  8, s2);
1063        s3 =
1064                (Te4[(t3 >> 24)       ] & 0xff000000) ^
1065                (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1066                (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1067                (Te4[(t2      ) & 0xff] & 0x000000ff) ^
1068                rk[3];
1069        PUTU32(out + 12, s3);
1070}
1071
1072/*
1073 * Decrypt a single block
1074 * in and out can overlap
1075 */
1076void AES_decrypt(const unsigned char *in, unsigned char *out,
1077                 const AES_KEY *key) {
1078
1079        const u32 *rk;
1080        u32 s0, s1, s2, s3, t0, t1, t2, t3;
1081#ifndef FULL_UNROLL
1082        int r;
1083#endif /* ?FULL_UNROLL */
1084
1085        assert(in && out && key);
1086        rk = key->rd_key;
1087
1088        /*
1089         * map byte array block to cipher state
1090         * and add initial round key:
1091         */
1092    s0 = GETU32(in     ) ^ rk[0];
1093    s1 = GETU32(in +  4) ^ rk[1];
1094    s2 = GETU32(in +  8) ^ rk[2];
1095    s3 = GETU32(in + 12) ^ rk[3];
1096#ifdef FULL_UNROLL
1097    /* round 1: */
1098    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1099    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1100    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1101    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1102    /* round 2: */
1103    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1104    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1105    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1106    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1107    /* round 3: */
1108    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1109    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1110    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1111    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1112    /* round 4: */
1113    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1114    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1115    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1116    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1117    /* round 5: */
1118    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1119    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1120    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1121    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1122    /* round 6: */
1123    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1124    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1125    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1126    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1127    /* round 7: */
1128    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1129    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1130    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1131    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1132    /* round 8: */
1133    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1134    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1135    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1136    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1137    /* round 9: */
1138    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1139    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1140    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1141    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1142    if (key->rounds > 10) {
1143        /* round 10: */
1144        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1145        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1146        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1147        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1148        /* round 11: */
1149        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1150        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1151        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1152        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1153        if (key->rounds > 12) {
1154            /* round 12: */
1155            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1156            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1157            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1158            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1159            /* round 13: */
1160            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1161            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1162            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1163            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1164        }
1165    }
1166        rk += key->rounds << 2;
1167#else  /* !FULL_UNROLL */
1168    /*
1169     * Nr - 1 full rounds:
1170     */
1171    r = key->rounds >> 1;
1172    for (;;) {
1173        t0 =
1174            Td0[(s0 >> 24)       ] ^
1175            Td1[(s3 >> 16) & 0xff] ^
1176            Td2[(s2 >>  8) & 0xff] ^
1177            Td3[(s1      ) & 0xff] ^
1178            rk[4];
1179        t1 =
1180            Td0[(s1 >> 24)       ] ^
1181            Td1[(s0 >> 16) & 0xff] ^
1182            Td2[(s3 >>  8) & 0xff] ^
1183            Td3[(s2      ) & 0xff] ^
1184            rk[5];
1185        t2 =
1186            Td0[(s2 >> 24)       ] ^
1187            Td1[(s1 >> 16) & 0xff] ^
1188            Td2[(s0 >>  8) & 0xff] ^
1189            Td3[(s3      ) & 0xff] ^
1190            rk[6];
1191        t3 =
1192            Td0[(s3 >> 24)       ] ^
1193            Td1[(s2 >> 16) & 0xff] ^
1194            Td2[(s1 >>  8) & 0xff] ^
1195            Td3[(s0      ) & 0xff] ^
1196            rk[7];
1197
1198        rk += 8;
1199        if (--r == 0) {
1200            break;
1201        }
1202
1203        s0 =
1204            Td0[(t0 >> 24)       ] ^
1205            Td1[(t3 >> 16) & 0xff] ^
1206            Td2[(t2 >>  8) & 0xff] ^
1207            Td3[(t1      ) & 0xff] ^
1208            rk[0];
1209        s1 =
1210            Td0[(t1 >> 24)       ] ^
1211            Td1[(t0 >> 16) & 0xff] ^
1212            Td2[(t3 >>  8) & 0xff] ^
1213            Td3[(t2      ) & 0xff] ^
1214            rk[1];
1215        s2 =
1216            Td0[(t2 >> 24)       ] ^
1217            Td1[(t1 >> 16) & 0xff] ^
1218            Td2[(t0 >>  8) & 0xff] ^
1219            Td3[(t3      ) & 0xff] ^
1220            rk[2];
1221        s3 =
1222            Td0[(t3 >> 24)       ] ^
1223            Td1[(t2 >> 16) & 0xff] ^
1224            Td2[(t1 >>  8) & 0xff] ^
1225            Td3[(t0      ) & 0xff] ^
1226            rk[3];
1227    }
1228#endif /* ?FULL_UNROLL */
1229    /*
1230         * apply last round and
1231         * map cipher state to byte array block:
1232         */
1233        s0 =
1234                (Td4[(t0 >> 24)       ] & 0xff000000) ^
1235                (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1236                (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1237                (Td4[(t1      ) & 0xff] & 0x000000ff) ^
1238                rk[0];
1239        PUTU32(out     , s0);
1240        s1 =
1241                (Td4[(t1 >> 24)       ] & 0xff000000) ^
1242                (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1243                (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1244                (Td4[(t2      ) & 0xff] & 0x000000ff) ^
1245                rk[1];
1246        PUTU32(out +  4, s1);
1247        s2 =
1248                (Td4[(t2 >> 24)       ] & 0xff000000) ^
1249                (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1250                (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1251                (Td4[(t3      ) & 0xff] & 0x000000ff) ^
1252                rk[2];
1253        PUTU32(out +  8, s2);
1254        s3 =
1255                (Td4[(t3 >> 24)       ] & 0xff000000) ^
1256                (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1257                (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1258                (Td4[(t0      ) & 0xff] & 0x000000ff) ^
1259                rk[3];
1260        PUTU32(out + 12, s3);
1261}
1262
1263#endif /* AES_ASM */
1264
1265void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
1266                     const unsigned long length, const AES_KEY *key,
1267                     unsigned char *ivec, const int enc)
1268{
1269
1270        unsigned long n;
1271        unsigned long len = length;
1272        unsigned char tmp[AES_BLOCK_SIZE];
1273
1274        assert(in && out && key && ivec);
1275
1276        if (enc) {
1277                while (len >= AES_BLOCK_SIZE) {
1278                        for(n=0; n < AES_BLOCK_SIZE; ++n)
1279                                tmp[n] = in[n] ^ ivec[n];
1280                        AES_encrypt(tmp, out, key);
1281                        memcpy(ivec, out, AES_BLOCK_SIZE);
1282                        len -= AES_BLOCK_SIZE;
1283                        in += AES_BLOCK_SIZE;
1284                        out += AES_BLOCK_SIZE;
1285                }
1286                if (len) {
1287                        for(n=0; n < len; ++n)
1288                                tmp[n] = in[n] ^ ivec[n];
1289                        for(n=len; n < AES_BLOCK_SIZE; ++n)
1290                                tmp[n] = ivec[n];
1291                        AES_encrypt(tmp, tmp, key);
1292                        memcpy(out, tmp, AES_BLOCK_SIZE);
1293                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
1294                }
1295        } else {
1296                while (len >= AES_BLOCK_SIZE) {
1297                        memcpy(tmp, in, AES_BLOCK_SIZE);
1298                        AES_decrypt(in, out, key);
1299                        for(n=0; n < AES_BLOCK_SIZE; ++n)
1300                                out[n] ^= ivec[n];
1301                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
1302                        len -= AES_BLOCK_SIZE;
1303                        in += AES_BLOCK_SIZE;
1304                        out += AES_BLOCK_SIZE;
1305                }
1306                if (len) {
1307                        memcpy(tmp, in, AES_BLOCK_SIZE);
1308                        AES_decrypt(tmp, tmp, key);
1309                        for(n=0; n < len; ++n)
1310                                out[n] = tmp[n] ^ ivec[n];
1311                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
1312                }
1313        }
1314}
1315