blob: af72ff7779928941bf2345bf0685ab388394cc00 [file] [log] [blame]
bellarde4d4fe32004-08-01 21:54:53 +00001/**
ths5fafdf22007-09-16 21:08:06 +00002 *
bellarde4d4fe32004-08-01 21:54:53 +00003 * aes.c - integrated in QEMU by Fabrice Bellard from the OpenSSL project.
4 */
5/*
6 * rijndael-alg-fst.c
7 *
8 * @version 3.0 (December 2000)
9 *
10 * Optimised ANSI C code for the Rijndael cipher (now AES)
11 *
12 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
13 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
14 * @author Paulo Barreto <paulo.barreto@terra.com.br>
15 *
16 * This code is hereby placed in the public domain.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
19 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
25 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
26 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
27 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
Peter Maydell42f7a442016-01-26 18:16:55 +000030#include "qemu/osdep.h"
Daniel P. Berrange6f2945c2015-07-01 18:10:30 +010031#include "crypto/aes.h"
bellarde4d4fe32004-08-01 21:54:53 +000032
bellarde4d4fe32004-08-01 21:54:53 +000033typedef uint32_t u32;
bellarde4d4fe32004-08-01 21:54:53 +000034typedef uint8_t u8;
35
bellarde4d4fe32004-08-01 21:54:53 +000036/* This controls loop-unrolling in aes_core.c */
37#undef FULL_UNROLL
38# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
39# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
40
Tom Musta40c84b52014-03-13 09:13:25 -050041const uint8_t AES_sbox[256] = {
42 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
43 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
44 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
45 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
46 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
47 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
48 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
49 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
50 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
51 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
52 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
53 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
54 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
55 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
56 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
57 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
58 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
59 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
60 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
61 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
62 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
63 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
64 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
65 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
66 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
67 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
68 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
69 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
70 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
71 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
72 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
73 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
74};
75
76const uint8_t AES_isbox[256] = {
77 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
78 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
79 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
80 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
81 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
82 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
83 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
84 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
85 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
86 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
87 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
88 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
89 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
90 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
91 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
92 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
93 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
94 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
95 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
96 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
97 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
98 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
99 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
100 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
101 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
102 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
103 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
104 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
105 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
106 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
107 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
108 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,
109};
110
Tom Musta1c1a6d22014-03-13 09:13:26 -0500111const uint8_t AES_shifts[16] = {
112 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 1, 6, 11
113};
114
115const uint8_t AES_ishifts[16] = {
116 0, 13, 10, 7, 4, 1, 14, 11, 8, 5, 2, 15, 12, 9, 6, 3
117};
118
Tom Mustabfd8f5b2014-03-13 09:13:27 -0500119/* AES_imc[x][0] = [x].[0e, 09, 0d, 0b]; */
120/* AES_imc[x][1] = [x].[0b, 0e, 09, 0d]; */
121/* AES_imc[x][2] = [x].[0d, 0b, 0e, 09]; */
122/* AES_imc[x][3] = [x].[09, 0d, 0b, 0e]; */
123const uint32_t AES_imc[256][4] = {
124 { 0x00000000, 0x00000000, 0x00000000, 0x00000000, }, /* x=00 */
125 { 0x0E090D0B, 0x0B0E090D, 0x0D0B0E09, 0x090D0B0E, }, /* x=01 */
126 { 0x1C121A16, 0x161C121A, 0x1A161C12, 0x121A161C, }, /* x=02 */
127 { 0x121B171D, 0x1D121B17, 0x171D121B, 0x1B171D12, }, /* x=03 */
128 { 0x3824342C, 0x2C382434, 0x342C3824, 0x24342C38, }, /* x=04 */
129 { 0x362D3927, 0x27362D39, 0x3927362D, 0x2D392736, }, /* x=05 */
130 { 0x24362E3A, 0x3A24362E, 0x2E3A2436, 0x362E3A24, }, /* x=06 */
131 { 0x2A3F2331, 0x312A3F23, 0x23312A3F, 0x3F23312A, }, /* x=07 */
132 { 0x70486858, 0x58704868, 0x68587048, 0x48685870, }, /* x=08 */
133 { 0x7E416553, 0x537E4165, 0x65537E41, 0x4165537E, }, /* x=09 */
134 { 0x6C5A724E, 0x4E6C5A72, 0x724E6C5A, 0x5A724E6C, }, /* x=0A */
135 { 0x62537F45, 0x4562537F, 0x7F456253, 0x537F4562, }, /* x=0B */
136 { 0x486C5C74, 0x74486C5C, 0x5C74486C, 0x6C5C7448, }, /* x=0C */
137 { 0x4665517F, 0x7F466551, 0x517F4665, 0x65517F46, }, /* x=0D */
138 { 0x547E4662, 0x62547E46, 0x4662547E, 0x7E466254, }, /* x=0E */
139 { 0x5A774B69, 0x695A774B, 0x4B695A77, 0x774B695A, }, /* x=0F */
140 { 0xE090D0B0, 0xB0E090D0, 0xD0B0E090, 0x90D0B0E0, }, /* x=10 */
141 { 0xEE99DDBB, 0xBBEE99DD, 0xDDBBEE99, 0x99DDBBEE, }, /* x=11 */
142 { 0xFC82CAA6, 0xA6FC82CA, 0xCAA6FC82, 0x82CAA6FC, }, /* x=12 */
143 { 0xF28BC7AD, 0xADF28BC7, 0xC7ADF28B, 0x8BC7ADF2, }, /* x=13 */
144 { 0xD8B4E49C, 0x9CD8B4E4, 0xE49CD8B4, 0xB4E49CD8, }, /* x=14 */
145 { 0xD6BDE997, 0x97D6BDE9, 0xE997D6BD, 0xBDE997D6, }, /* x=15 */
146 { 0xC4A6FE8A, 0x8AC4A6FE, 0xFE8AC4A6, 0xA6FE8AC4, }, /* x=16 */
147 { 0xCAAFF381, 0x81CAAFF3, 0xF381CAAF, 0xAFF381CA, }, /* x=17 */
148 { 0x90D8B8E8, 0xE890D8B8, 0xB8E890D8, 0xD8B8E890, }, /* x=18 */
149 { 0x9ED1B5E3, 0xE39ED1B5, 0xB5E39ED1, 0xD1B5E39E, }, /* x=19 */
150 { 0x8CCAA2FE, 0xFE8CCAA2, 0xA2FE8CCA, 0xCAA2FE8C, }, /* x=1A */
151 { 0x82C3AFF5, 0xF582C3AF, 0xAFF582C3, 0xC3AFF582, }, /* x=1B */
152 { 0xA8FC8CC4, 0xC4A8FC8C, 0x8CC4A8FC, 0xFC8CC4A8, }, /* x=1C */
153 { 0xA6F581CF, 0xCFA6F581, 0x81CFA6F5, 0xF581CFA6, }, /* x=1D */
154 { 0xB4EE96D2, 0xD2B4EE96, 0x96D2B4EE, 0xEE96D2B4, }, /* x=1E */
155 { 0xBAE79BD9, 0xD9BAE79B, 0x9BD9BAE7, 0xE79BD9BA, }, /* x=1F */
156 { 0xDB3BBB7B, 0x7BDB3BBB, 0xBB7BDB3B, 0x3BBB7BDB, }, /* x=20 */
157 { 0xD532B670, 0x70D532B6, 0xB670D532, 0x32B670D5, }, /* x=21 */
158 { 0xC729A16D, 0x6DC729A1, 0xA16DC729, 0x29A16DC7, }, /* x=22 */
159 { 0xC920AC66, 0x66C920AC, 0xAC66C920, 0x20AC66C9, }, /* x=23 */
160 { 0xE31F8F57, 0x57E31F8F, 0x8F57E31F, 0x1F8F57E3, }, /* x=24 */
161 { 0xED16825C, 0x5CED1682, 0x825CED16, 0x16825CED, }, /* x=25 */
162 { 0xFF0D9541, 0x41FF0D95, 0x9541FF0D, 0x0D9541FF, }, /* x=26 */
163 { 0xF104984A, 0x4AF10498, 0x984AF104, 0x04984AF1, }, /* x=27 */
164 { 0xAB73D323, 0x23AB73D3, 0xD323AB73, 0x73D323AB, }, /* x=28 */
165 { 0xA57ADE28, 0x28A57ADE, 0xDE28A57A, 0x7ADE28A5, }, /* x=29 */
166 { 0xB761C935, 0x35B761C9, 0xC935B761, 0x61C935B7, }, /* x=2A */
167 { 0xB968C43E, 0x3EB968C4, 0xC43EB968, 0x68C43EB9, }, /* x=2B */
168 { 0x9357E70F, 0x0F9357E7, 0xE70F9357, 0x57E70F93, }, /* x=2C */
169 { 0x9D5EEA04, 0x049D5EEA, 0xEA049D5E, 0x5EEA049D, }, /* x=2D */
170 { 0x8F45FD19, 0x198F45FD, 0xFD198F45, 0x45FD198F, }, /* x=2E */
171 { 0x814CF012, 0x12814CF0, 0xF012814C, 0x4CF01281, }, /* x=2F */
172 { 0x3BAB6BCB, 0xCB3BAB6B, 0x6BCB3BAB, 0xAB6BCB3B, }, /* x=30 */
173 { 0x35A266C0, 0xC035A266, 0x66C035A2, 0xA266C035, }, /* x=31 */
174 { 0x27B971DD, 0xDD27B971, 0x71DD27B9, 0xB971DD27, }, /* x=32 */
175 { 0x29B07CD6, 0xD629B07C, 0x7CD629B0, 0xB07CD629, }, /* x=33 */
176 { 0x038F5FE7, 0xE7038F5F, 0x5FE7038F, 0x8F5FE703, }, /* x=34 */
177 { 0x0D8652EC, 0xEC0D8652, 0x52EC0D86, 0x8652EC0D, }, /* x=35 */
178 { 0x1F9D45F1, 0xF11F9D45, 0x45F11F9D, 0x9D45F11F, }, /* x=36 */
179 { 0x119448FA, 0xFA119448, 0x48FA1194, 0x9448FA11, }, /* x=37 */
180 { 0x4BE30393, 0x934BE303, 0x03934BE3, 0xE303934B, }, /* x=38 */
181 { 0x45EA0E98, 0x9845EA0E, 0x0E9845EA, 0xEA0E9845, }, /* x=39 */
182 { 0x57F11985, 0x8557F119, 0x198557F1, 0xF1198557, }, /* x=3A */
183 { 0x59F8148E, 0x8E59F814, 0x148E59F8, 0xF8148E59, }, /* x=3B */
184 { 0x73C737BF, 0xBF73C737, 0x37BF73C7, 0xC737BF73, }, /* x=3C */
185 { 0x7DCE3AB4, 0xB47DCE3A, 0x3AB47DCE, 0xCE3AB47D, }, /* x=3D */
186 { 0x6FD52DA9, 0xA96FD52D, 0x2DA96FD5, 0xD52DA96F, }, /* x=3E */
187 { 0x61DC20A2, 0xA261DC20, 0x20A261DC, 0xDC20A261, }, /* x=3F */
188 { 0xAD766DF6, 0xF6AD766D, 0x6DF6AD76, 0x766DF6AD, }, /* x=40 */
189 { 0xA37F60FD, 0xFDA37F60, 0x60FDA37F, 0x7F60FDA3, }, /* x=41 */
190 { 0xB16477E0, 0xE0B16477, 0x77E0B164, 0x6477E0B1, }, /* x=42 */
191 { 0xBF6D7AEB, 0xEBBF6D7A, 0x7AEBBF6D, 0x6D7AEBBF, }, /* x=43 */
192 { 0x955259DA, 0xDA955259, 0x59DA9552, 0x5259DA95, }, /* x=44 */
193 { 0x9B5B54D1, 0xD19B5B54, 0x54D19B5B, 0x5B54D19B, }, /* x=45 */
194 { 0x894043CC, 0xCC894043, 0x43CC8940, 0x4043CC89, }, /* x=46 */
195 { 0x87494EC7, 0xC787494E, 0x4EC78749, 0x494EC787, }, /* x=47 */
196 { 0xDD3E05AE, 0xAEDD3E05, 0x05AEDD3E, 0x3E05AEDD, }, /* x=48 */
197 { 0xD33708A5, 0xA5D33708, 0x08A5D337, 0x3708A5D3, }, /* x=49 */
198 { 0xC12C1FB8, 0xB8C12C1F, 0x1FB8C12C, 0x2C1FB8C1, }, /* x=4A */
199 { 0xCF2512B3, 0xB3CF2512, 0x12B3CF25, 0x2512B3CF, }, /* x=4B */
200 { 0xE51A3182, 0x82E51A31, 0x3182E51A, 0x1A3182E5, }, /* x=4C */
201 { 0xEB133C89, 0x89EB133C, 0x3C89EB13, 0x133C89EB, }, /* x=4D */
202 { 0xF9082B94, 0x94F9082B, 0x2B94F908, 0x082B94F9, }, /* x=4E */
203 { 0xF701269F, 0x9FF70126, 0x269FF701, 0x01269FF7, }, /* x=4F */
204 { 0x4DE6BD46, 0x464DE6BD, 0xBD464DE6, 0xE6BD464D, }, /* x=50 */
205 { 0x43EFB04D, 0x4D43EFB0, 0xB04D43EF, 0xEFB04D43, }, /* x=51 */
206 { 0x51F4A750, 0x5051F4A7, 0xA75051F4, 0xF4A75051, }, /* x=52 */
207 { 0x5FFDAA5B, 0x5B5FFDAA, 0xAA5B5FFD, 0xFDAA5B5F, }, /* x=53 */
208 { 0x75C2896A, 0x6A75C289, 0x896A75C2, 0xC2896A75, }, /* x=54 */
209 { 0x7BCB8461, 0x617BCB84, 0x84617BCB, 0xCB84617B, }, /* x=55 */
210 { 0x69D0937C, 0x7C69D093, 0x937C69D0, 0xD0937C69, }, /* x=56 */
211 { 0x67D99E77, 0x7767D99E, 0x9E7767D9, 0xD99E7767, }, /* x=57 */
212 { 0x3DAED51E, 0x1E3DAED5, 0xD51E3DAE, 0xAED51E3D, }, /* x=58 */
213 { 0x33A7D815, 0x1533A7D8, 0xD81533A7, 0xA7D81533, }, /* x=59 */
214 { 0x21BCCF08, 0x0821BCCF, 0xCF0821BC, 0xBCCF0821, }, /* x=5A */
215 { 0x2FB5C203, 0x032FB5C2, 0xC2032FB5, 0xB5C2032F, }, /* x=5B */
216 { 0x058AE132, 0x32058AE1, 0xE132058A, 0x8AE13205, }, /* x=5C */
217 { 0x0B83EC39, 0x390B83EC, 0xEC390B83, 0x83EC390B, }, /* x=5D */
218 { 0x1998FB24, 0x241998FB, 0xFB241998, 0x98FB2419, }, /* x=5E */
219 { 0x1791F62F, 0x2F1791F6, 0xF62F1791, 0x91F62F17, }, /* x=5F */
220 { 0x764DD68D, 0x8D764DD6, 0xD68D764D, 0x4DD68D76, }, /* x=60 */
221 { 0x7844DB86, 0x867844DB, 0xDB867844, 0x44DB8678, }, /* x=61 */
222 { 0x6A5FCC9B, 0x9B6A5FCC, 0xCC9B6A5F, 0x5FCC9B6A, }, /* x=62 */
223 { 0x6456C190, 0x906456C1, 0xC1906456, 0x56C19064, }, /* x=63 */
224 { 0x4E69E2A1, 0xA14E69E2, 0xE2A14E69, 0x69E2A14E, }, /* x=64 */
225 { 0x4060EFAA, 0xAA4060EF, 0xEFAA4060, 0x60EFAA40, }, /* x=65 */
226 { 0x527BF8B7, 0xB7527BF8, 0xF8B7527B, 0x7BF8B752, }, /* x=66 */
227 { 0x5C72F5BC, 0xBC5C72F5, 0xF5BC5C72, 0x72F5BC5C, }, /* x=67 */
228 { 0x0605BED5, 0xD50605BE, 0xBED50605, 0x05BED506, }, /* x=68 */
229 { 0x080CB3DE, 0xDE080CB3, 0xB3DE080C, 0x0CB3DE08, }, /* x=69 */
230 { 0x1A17A4C3, 0xC31A17A4, 0xA4C31A17, 0x17A4C31A, }, /* x=6A */
231 { 0x141EA9C8, 0xC8141EA9, 0xA9C8141E, 0x1EA9C814, }, /* x=6B */
232 { 0x3E218AF9, 0xF93E218A, 0x8AF93E21, 0x218AF93E, }, /* x=6C */
233 { 0x302887F2, 0xF2302887, 0x87F23028, 0x2887F230, }, /* x=6D */
234 { 0x223390EF, 0xEF223390, 0x90EF2233, 0x3390EF22, }, /* x=6E */
235 { 0x2C3A9DE4, 0xE42C3A9D, 0x9DE42C3A, 0x3A9DE42C, }, /* x=6F */
236 { 0x96DD063D, 0x3D96DD06, 0x063D96DD, 0xDD063D96, }, /* x=70 */
237 { 0x98D40B36, 0x3698D40B, 0x0B3698D4, 0xD40B3698, }, /* x=71 */
238 { 0x8ACF1C2B, 0x2B8ACF1C, 0x1C2B8ACF, 0xCF1C2B8A, }, /* x=72 */
239 { 0x84C61120, 0x2084C611, 0x112084C6, 0xC6112084, }, /* x=73 */
240 { 0xAEF93211, 0x11AEF932, 0x3211AEF9, 0xF93211AE, }, /* x=74 */
241 { 0xA0F03F1A, 0x1AA0F03F, 0x3F1AA0F0, 0xF03F1AA0, }, /* x=75 */
242 { 0xB2EB2807, 0x07B2EB28, 0x2807B2EB, 0xEB2807B2, }, /* x=76 */
243 { 0xBCE2250C, 0x0CBCE225, 0x250CBCE2, 0xE2250CBC, }, /* x=77 */
244 { 0xE6956E65, 0x65E6956E, 0x6E65E695, 0x956E65E6, }, /* x=78 */
245 { 0xE89C636E, 0x6EE89C63, 0x636EE89C, 0x9C636EE8, }, /* x=79 */
246 { 0xFA877473, 0x73FA8774, 0x7473FA87, 0x877473FA, }, /* x=7A */
247 { 0xF48E7978, 0x78F48E79, 0x7978F48E, 0x8E7978F4, }, /* x=7B */
248 { 0xDEB15A49, 0x49DEB15A, 0x5A49DEB1, 0xB15A49DE, }, /* x=7C */
249 { 0xD0B85742, 0x42D0B857, 0x5742D0B8, 0xB85742D0, }, /* x=7D */
250 { 0xC2A3405F, 0x5FC2A340, 0x405FC2A3, 0xA3405FC2, }, /* x=7E */
251 { 0xCCAA4D54, 0x54CCAA4D, 0x4D54CCAA, 0xAA4D54CC, }, /* x=7F */
252 { 0x41ECDAF7, 0xF741ECDA, 0xDAF741EC, 0xECDAF741, }, /* x=80 */
253 { 0x4FE5D7FC, 0xFC4FE5D7, 0xD7FC4FE5, 0xE5D7FC4F, }, /* x=81 */
254 { 0x5DFEC0E1, 0xE15DFEC0, 0xC0E15DFE, 0xFEC0E15D, }, /* x=82 */
255 { 0x53F7CDEA, 0xEA53F7CD, 0xCDEA53F7, 0xF7CDEA53, }, /* x=83 */
256 { 0x79C8EEDB, 0xDB79C8EE, 0xEEDB79C8, 0xC8EEDB79, }, /* x=84 */
257 { 0x77C1E3D0, 0xD077C1E3, 0xE3D077C1, 0xC1E3D077, }, /* x=85 */
258 { 0x65DAF4CD, 0xCD65DAF4, 0xF4CD65DA, 0xDAF4CD65, }, /* x=86 */
259 { 0x6BD3F9C6, 0xC66BD3F9, 0xF9C66BD3, 0xD3F9C66B, }, /* x=87 */
260 { 0x31A4B2AF, 0xAF31A4B2, 0xB2AF31A4, 0xA4B2AF31, }, /* x=88 */
261 { 0x3FADBFA4, 0xA43FADBF, 0xBFA43FAD, 0xADBFA43F, }, /* x=89 */
262 { 0x2DB6A8B9, 0xB92DB6A8, 0xA8B92DB6, 0xB6A8B92D, }, /* x=8A */
263 { 0x23BFA5B2, 0xB223BFA5, 0xA5B223BF, 0xBFA5B223, }, /* x=8B */
264 { 0x09808683, 0x83098086, 0x86830980, 0x80868309, }, /* x=8C */
265 { 0x07898B88, 0x8807898B, 0x8B880789, 0x898B8807, }, /* x=8D */
266 { 0x15929C95, 0x9515929C, 0x9C951592, 0x929C9515, }, /* x=8E */
267 { 0x1B9B919E, 0x9E1B9B91, 0x919E1B9B, 0x9B919E1B, }, /* x=8F */
268 { 0xA17C0A47, 0x47A17C0A, 0x0A47A17C, 0x7C0A47A1, }, /* x=90 */
269 { 0xAF75074C, 0x4CAF7507, 0x074CAF75, 0x75074CAF, }, /* x=91 */
270 { 0xBD6E1051, 0x51BD6E10, 0x1051BD6E, 0x6E1051BD, }, /* x=92 */
271 { 0xB3671D5A, 0x5AB3671D, 0x1D5AB367, 0x671D5AB3, }, /* x=93 */
272 { 0x99583E6B, 0x6B99583E, 0x3E6B9958, 0x583E6B99, }, /* x=94 */
273 { 0x97513360, 0x60975133, 0x33609751, 0x51336097, }, /* x=95 */
274 { 0x854A247D, 0x7D854A24, 0x247D854A, 0x4A247D85, }, /* x=96 */
275 { 0x8B432976, 0x768B4329, 0x29768B43, 0x4329768B, }, /* x=97 */
276 { 0xD134621F, 0x1FD13462, 0x621FD134, 0x34621FD1, }, /* x=98 */
277 { 0xDF3D6F14, 0x14DF3D6F, 0x6F14DF3D, 0x3D6F14DF, }, /* x=99 */
278 { 0xCD267809, 0x09CD2678, 0x7809CD26, 0x267809CD, }, /* x=9A */
279 { 0xC32F7502, 0x02C32F75, 0x7502C32F, 0x2F7502C3, }, /* x=9B */
280 { 0xE9105633, 0x33E91056, 0x5633E910, 0x105633E9, }, /* x=9C */
281 { 0xE7195B38, 0x38E7195B, 0x5B38E719, 0x195B38E7, }, /* x=9D */
282 { 0xF5024C25, 0x25F5024C, 0x4C25F502, 0x024C25F5, }, /* x=9E */
283 { 0xFB0B412E, 0x2EFB0B41, 0x412EFB0B, 0x0B412EFB, }, /* x=9F */
284 { 0x9AD7618C, 0x8C9AD761, 0x618C9AD7, 0xD7618C9A, }, /* x=A0 */
285 { 0x94DE6C87, 0x8794DE6C, 0x6C8794DE, 0xDE6C8794, }, /* x=A1 */
286 { 0x86C57B9A, 0x9A86C57B, 0x7B9A86C5, 0xC57B9A86, }, /* x=A2 */
287 { 0x88CC7691, 0x9188CC76, 0x769188CC, 0xCC769188, }, /* x=A3 */
288 { 0xA2F355A0, 0xA0A2F355, 0x55A0A2F3, 0xF355A0A2, }, /* x=A4 */
289 { 0xACFA58AB, 0xABACFA58, 0x58ABACFA, 0xFA58ABAC, }, /* x=A5 */
290 { 0xBEE14FB6, 0xB6BEE14F, 0x4FB6BEE1, 0xE14FB6BE, }, /* x=A6 */
291 { 0xB0E842BD, 0xBDB0E842, 0x42BDB0E8, 0xE842BDB0, }, /* x=A7 */
292 { 0xEA9F09D4, 0xD4EA9F09, 0x09D4EA9F, 0x9F09D4EA, }, /* x=A8 */
293 { 0xE49604DF, 0xDFE49604, 0x04DFE496, 0x9604DFE4, }, /* x=A9 */
294 { 0xF68D13C2, 0xC2F68D13, 0x13C2F68D, 0x8D13C2F6, }, /* x=AA */
295 { 0xF8841EC9, 0xC9F8841E, 0x1EC9F884, 0x841EC9F8, }, /* x=AB */
296 { 0xD2BB3DF8, 0xF8D2BB3D, 0x3DF8D2BB, 0xBB3DF8D2, }, /* x=AC */
297 { 0xDCB230F3, 0xF3DCB230, 0x30F3DCB2, 0xB230F3DC, }, /* x=AD */
298 { 0xCEA927EE, 0xEECEA927, 0x27EECEA9, 0xA927EECE, }, /* x=AE */
299 { 0xC0A02AE5, 0xE5C0A02A, 0x2AE5C0A0, 0xA02AE5C0, }, /* x=AF */
300 { 0x7A47B13C, 0x3C7A47B1, 0xB13C7A47, 0x47B13C7A, }, /* x=B0 */
301 { 0x744EBC37, 0x37744EBC, 0xBC37744E, 0x4EBC3774, }, /* x=B1 */
302 { 0x6655AB2A, 0x2A6655AB, 0xAB2A6655, 0x55AB2A66, }, /* x=B2 */
303 { 0x685CA621, 0x21685CA6, 0xA621685C, 0x5CA62168, }, /* x=B3 */
304 { 0x42638510, 0x10426385, 0x85104263, 0x63851042, }, /* x=B4 */
305 { 0x4C6A881B, 0x1B4C6A88, 0x881B4C6A, 0x6A881B4C, }, /* x=B5 */
306 { 0x5E719F06, 0x065E719F, 0x9F065E71, 0x719F065E, }, /* x=B6 */
307 { 0x5078920D, 0x0D507892, 0x920D5078, 0x78920D50, }, /* x=B7 */
308 { 0x0A0FD964, 0x640A0FD9, 0xD9640A0F, 0x0FD9640A, }, /* x=B8 */
309 { 0x0406D46F, 0x6F0406D4, 0xD46F0406, 0x06D46F04, }, /* x=B9 */
310 { 0x161DC372, 0x72161DC3, 0xC372161D, 0x1DC37216, }, /* x=BA */
311 { 0x1814CE79, 0x791814CE, 0xCE791814, 0x14CE7918, }, /* x=BB */
312 { 0x322BED48, 0x48322BED, 0xED48322B, 0x2BED4832, }, /* x=BC */
313 { 0x3C22E043, 0x433C22E0, 0xE0433C22, 0x22E0433C, }, /* x=BD */
314 { 0x2E39F75E, 0x5E2E39F7, 0xF75E2E39, 0x39F75E2E, }, /* x=BE */
315 { 0x2030FA55, 0x552030FA, 0xFA552030, 0x30FA5520, }, /* x=BF */
316 { 0xEC9AB701, 0x01EC9AB7, 0xB701EC9A, 0x9AB701EC, }, /* x=C0 */
317 { 0xE293BA0A, 0x0AE293BA, 0xBA0AE293, 0x93BA0AE2, }, /* x=C1 */
318 { 0xF088AD17, 0x17F088AD, 0xAD17F088, 0x88AD17F0, }, /* x=C2 */
319 { 0xFE81A01C, 0x1CFE81A0, 0xA01CFE81, 0x81A01CFE, }, /* x=C3 */
320 { 0xD4BE832D, 0x2DD4BE83, 0x832DD4BE, 0xBE832DD4, }, /* x=C4 */
321 { 0xDAB78E26, 0x26DAB78E, 0x8E26DAB7, 0xB78E26DA, }, /* x=C5 */
322 { 0xC8AC993B, 0x3BC8AC99, 0x993BC8AC, 0xAC993BC8, }, /* x=C6 */
323 { 0xC6A59430, 0x30C6A594, 0x9430C6A5, 0xA59430C6, }, /* x=C7 */
324 { 0x9CD2DF59, 0x599CD2DF, 0xDF599CD2, 0xD2DF599C, }, /* x=C8 */
325 { 0x92DBD252, 0x5292DBD2, 0xD25292DB, 0xDBD25292, }, /* x=C9 */
326 { 0x80C0C54F, 0x4F80C0C5, 0xC54F80C0, 0xC0C54F80, }, /* x=CA */
327 { 0x8EC9C844, 0x448EC9C8, 0xC8448EC9, 0xC9C8448E, }, /* x=CB */
328 { 0xA4F6EB75, 0x75A4F6EB, 0xEB75A4F6, 0xF6EB75A4, }, /* x=CC */
329 { 0xAAFFE67E, 0x7EAAFFE6, 0xE67EAAFF, 0xFFE67EAA, }, /* x=CD */
330 { 0xB8E4F163, 0x63B8E4F1, 0xF163B8E4, 0xE4F163B8, }, /* x=CE */
331 { 0xB6EDFC68, 0x68B6EDFC, 0xFC68B6ED, 0xEDFC68B6, }, /* x=CF */
332 { 0x0C0A67B1, 0xB10C0A67, 0x67B10C0A, 0x0A67B10C, }, /* x=D0 */
333 { 0x02036ABA, 0xBA02036A, 0x6ABA0203, 0x036ABA02, }, /* x=D1 */
334 { 0x10187DA7, 0xA710187D, 0x7DA71018, 0x187DA710, }, /* x=D2 */
335 { 0x1E1170AC, 0xAC1E1170, 0x70AC1E11, 0x1170AC1E, }, /* x=D3 */
336 { 0x342E539D, 0x9D342E53, 0x539D342E, 0x2E539D34, }, /* x=D4 */
337 { 0x3A275E96, 0x963A275E, 0x5E963A27, 0x275E963A, }, /* x=D5 */
338 { 0x283C498B, 0x8B283C49, 0x498B283C, 0x3C498B28, }, /* x=D6 */
339 { 0x26354480, 0x80263544, 0x44802635, 0x35448026, }, /* x=D7 */
340 { 0x7C420FE9, 0xE97C420F, 0x0FE97C42, 0x420FE97C, }, /* x=D8 */
341 { 0x724B02E2, 0xE2724B02, 0x02E2724B, 0x4B02E272, }, /* x=D9 */
342 { 0x605015FF, 0xFF605015, 0x15FF6050, 0x5015FF60, }, /* x=DA */
343 { 0x6E5918F4, 0xF46E5918, 0x18F46E59, 0x5918F46E, }, /* x=DB */
344 { 0x44663BC5, 0xC544663B, 0x3BC54466, 0x663BC544, }, /* x=DC */
345 { 0x4A6F36CE, 0xCE4A6F36, 0x36CE4A6F, 0x6F36CE4A, }, /* x=DD */
346 { 0x587421D3, 0xD3587421, 0x21D35874, 0x7421D358, }, /* x=DE */
347 { 0x567D2CD8, 0xD8567D2C, 0x2CD8567D, 0x7D2CD856, }, /* x=DF */
348 { 0x37A10C7A, 0x7A37A10C, 0x0C7A37A1, 0xA10C7A37, }, /* x=E0 */
349 { 0x39A80171, 0x7139A801, 0x017139A8, 0xA8017139, }, /* x=E1 */
350 { 0x2BB3166C, 0x6C2BB316, 0x166C2BB3, 0xB3166C2B, }, /* x=E2 */
351 { 0x25BA1B67, 0x6725BA1B, 0x1B6725BA, 0xBA1B6725, }, /* x=E3 */
352 { 0x0F853856, 0x560F8538, 0x38560F85, 0x8538560F, }, /* x=E4 */
353 { 0x018C355D, 0x5D018C35, 0x355D018C, 0x8C355D01, }, /* x=E5 */
354 { 0x13972240, 0x40139722, 0x22401397, 0x97224013, }, /* x=E6 */
355 { 0x1D9E2F4B, 0x4B1D9E2F, 0x2F4B1D9E, 0x9E2F4B1D, }, /* x=E7 */
356 { 0x47E96422, 0x2247E964, 0x642247E9, 0xE9642247, }, /* x=E8 */
357 { 0x49E06929, 0x2949E069, 0x692949E0, 0xE0692949, }, /* x=E9 */
358 { 0x5BFB7E34, 0x345BFB7E, 0x7E345BFB, 0xFB7E345B, }, /* x=EA */
359 { 0x55F2733F, 0x3F55F273, 0x733F55F2, 0xF2733F55, }, /* x=EB */
360 { 0x7FCD500E, 0x0E7FCD50, 0x500E7FCD, 0xCD500E7F, }, /* x=EC */
361 { 0x71C45D05, 0x0571C45D, 0x5D0571C4, 0xC45D0571, }, /* x=ED */
362 { 0x63DF4A18, 0x1863DF4A, 0x4A1863DF, 0xDF4A1863, }, /* x=EE */
363 { 0x6DD64713, 0x136DD647, 0x47136DD6, 0xD647136D, }, /* x=EF */
364 { 0xD731DCCA, 0xCAD731DC, 0xDCCAD731, 0x31DCCAD7, }, /* x=F0 */
365 { 0xD938D1C1, 0xC1D938D1, 0xD1C1D938, 0x38D1C1D9, }, /* x=F1 */
366 { 0xCB23C6DC, 0xDCCB23C6, 0xC6DCCB23, 0x23C6DCCB, }, /* x=F2 */
367 { 0xC52ACBD7, 0xD7C52ACB, 0xCBD7C52A, 0x2ACBD7C5, }, /* x=F3 */
368 { 0xEF15E8E6, 0xE6EF15E8, 0xE8E6EF15, 0x15E8E6EF, }, /* x=F4 */
369 { 0xE11CE5ED, 0xEDE11CE5, 0xE5EDE11C, 0x1CE5EDE1, }, /* x=F5 */
370 { 0xF307F2F0, 0xF0F307F2, 0xF2F0F307, 0x07F2F0F3, }, /* x=F6 */
371 { 0xFD0EFFFB, 0xFBFD0EFF, 0xFFFBFD0E, 0x0EFFFBFD, }, /* x=F7 */
372 { 0xA779B492, 0x92A779B4, 0xB492A779, 0x79B492A7, }, /* x=F8 */
373 { 0xA970B999, 0x99A970B9, 0xB999A970, 0x70B999A9, }, /* x=F9 */
374 { 0xBB6BAE84, 0x84BB6BAE, 0xAE84BB6B, 0x6BAE84BB, }, /* x=FA */
375 { 0xB562A38F, 0x8FB562A3, 0xA38FB562, 0x62A38FB5, }, /* x=FB */
376 { 0x9F5D80BE, 0xBE9F5D80, 0x80BE9F5D, 0x5D80BE9F, }, /* x=FC */
377 { 0x91548DB5, 0xB591548D, 0x8DB59154, 0x548DB591, }, /* x=FD */
378 { 0x834F9AA8, 0xA8834F9A, 0x9AA8834F, 0x4F9AA883, }, /* x=FE */
379 { 0x8D4697A3, 0xA38D4697, 0x97A38D46, 0x4697A38D, }, /* x=FF */
380};
381
382
383
bellarde4d4fe32004-08-01 21:54:53 +0000384/*
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200385AES_Te0[x] = S [x].[02, 01, 01, 03];
386AES_Te1[x] = S [x].[03, 02, 01, 01];
387AES_Te2[x] = S [x].[01, 03, 02, 01];
388AES_Te3[x] = S [x].[01, 01, 03, 02];
389AES_Te4[x] = S [x].[01, 01, 01, 01];
bellarde4d4fe32004-08-01 21:54:53 +0000390
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200391AES_Td0[x] = Si[x].[0e, 09, 0d, 0b];
392AES_Td1[x] = Si[x].[0b, 0e, 09, 0d];
393AES_Td2[x] = Si[x].[0d, 0b, 0e, 09];
394AES_Td3[x] = Si[x].[09, 0d, 0b, 0e];
395AES_Td4[x] = Si[x].[01, 01, 01, 01];
bellarde4d4fe32004-08-01 21:54:53 +0000396*/
397
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200398const uint32_t AES_Te0[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000399 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
400 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
401 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
402 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
403 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
404 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
405 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
406 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
407 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
408 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
409 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
410 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
411 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
412 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
413 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
414 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
415 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
416 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
417 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
418 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
419 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
420 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
421 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
422 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
423 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
424 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
425 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
426 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
427 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
428 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
429 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
430 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
431 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
432 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
433 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
434 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
435 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
436 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
437 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
438 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
439 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
440 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
441 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
442 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
443 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
444 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
445 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
446 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
447 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
448 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
449 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
450 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
451 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
452 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
453 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
454 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
455 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
456 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
457 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
458 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
459 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
460 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
461 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
462 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
463};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200464const uint32_t AES_Te1[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000465 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
466 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
467 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
468 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
469 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
470 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
471 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
472 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
473 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
474 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
475 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
476 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
477 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
478 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
479 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
480 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
481 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
482 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
483 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
484 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
485 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
486 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
487 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
488 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
489 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
490 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
491 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
492 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
493 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
494 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
495 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
496 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
497 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
498 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
499 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
500 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
501 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
502 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
503 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
504 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
505 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
506 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
507 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
508 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
509 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
510 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
511 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
512 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
513 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
514 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
515 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
516 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
517 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
518 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
519 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
520 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
521 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
522 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
523 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
524 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
525 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
526 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
527 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
528 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
529};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200530const uint32_t AES_Te2[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000531 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
532 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
533 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
534 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
535 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
536 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
537 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
538 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
539 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
540 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
541 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
542 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
543 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
544 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
545 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
546 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
547 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
548 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
549 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
550 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
551 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
552 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
553 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
554 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
555 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
556 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
557 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
558 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
559 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
560 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
561 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
562 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
563 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
564 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
565 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
566 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
567 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
568 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
569 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
570 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
571 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
572 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
573 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
574 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
575 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
576 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
577 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
578 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
579 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
580 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
581 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
582 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
583 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
584 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
585 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
586 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
587 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
588 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
589 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
590 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
591 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
592 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
593 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
594 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
595};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200596const uint32_t AES_Te3[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000597
598 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
599 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
600 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
601 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
602 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
603 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
604 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
605 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
606 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
607 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
608 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
609 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
610 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
611 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
612 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
613 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
614 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
615 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
616 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
617 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
618 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
619 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
620 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
621 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
622 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
623 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
624 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
625 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
626 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
627 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
628 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
629 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
630 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
631 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
632 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
633 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
634 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
635 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
636 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
637 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
638 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
639 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
640 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
641 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
642 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
643 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
644 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
645 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
646 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
647 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
648 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
649 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
650 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
651 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
652 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
653 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
654 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
655 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
656 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
657 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
658 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
659 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
660 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
661 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
662};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200663const uint32_t AES_Te4[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000664 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
665 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
666 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
667 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
668 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
669 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
670 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
671 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
672 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
673 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
674 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
675 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
676 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
677 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
678 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
679 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
680 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
681 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
682 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
683 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
684 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
685 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
686 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
687 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
688 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
689 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
690 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
691 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
692 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
693 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
694 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
695 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
696 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
697 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
698 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
699 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
700 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
701 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
702 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
703 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
704 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
705 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
706 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
707 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
708 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
709 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
710 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
711 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
712 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
713 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
714 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
715 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
716 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
717 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
718 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
719 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
720 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
721 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
722 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
723 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
724 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
725 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
726 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
727 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
728};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200729const uint32_t AES_Td0[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000730 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
731 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
732 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
733 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
734 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
735 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
736 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
737 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
738 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
739 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
740 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
741 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
742 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
743 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
744 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
745 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
746 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
747 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
748 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
749 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
750 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
751 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
752 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
753 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
754 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
755 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
756 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
757 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
758 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
759 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
760 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
761 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
762 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
763 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
764 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
765 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
766 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
767 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
768 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
769 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
770 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
771 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
772 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
773 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
774 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
775 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
776 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
777 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
778 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
779 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
780 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
781 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
782 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
783 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
784 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
785 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
786 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
787 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
788 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
789 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
790 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
791 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
792 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
793 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
794};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200795const uint32_t AES_Td1[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000796 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
797 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
798 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
799 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
800 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
801 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
802 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
803 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
804 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
805 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
806 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
807 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
808 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
809 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
810 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
811 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
812 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
813 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
814 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
815 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
816 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
817 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
818 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
819 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
820 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
821 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
822 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
823 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
824 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
825 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
826 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
827 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
828 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
829 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
830 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
831 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
832 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
833 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
834 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
835 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
836 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
837 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
838 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
839 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
840 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
841 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
842 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
843 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
844 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
845 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
846 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
847 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
848 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
849 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
850 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
851 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
852 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
853 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
854 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
855 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
856 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
857 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
858 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
859 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
860};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200861const uint32_t AES_Td2[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000862 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
863 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
864 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
865 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
866 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
867 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
868 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
869 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
870 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
871 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
872 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
873 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
874 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
875 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
876 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
877 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
878 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
879 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
880 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
881 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
882
883 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
884 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
885 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
886 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
887 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
888 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
889 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
890 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
891 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
892 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
893 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
894 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
895 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
896 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
897 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
898 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
899 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
900 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
901 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
902 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
903 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
904 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
905 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
906 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
907 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
908 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
909 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
910 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
911 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
912 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
913 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
914 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
915 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
916 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
917 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
918 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
919 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
920 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
921 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
922 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
923 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
924 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
925 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
926 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
927};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200928const uint32_t AES_Td3[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000929 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
930 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
931 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
932 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
933 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
934 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
935 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
936 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
937 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
938 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
939 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
940 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
941 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
942 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
943 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
944 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
945 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
946 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
947 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
948 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
949 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
950 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
951 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
952 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
953 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
954 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
955 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
956 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
957 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
958 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
959 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
960 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
961 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
962 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
963 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
964 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
965 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
966 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
967 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
968 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
969 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
970 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
971 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
972 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
973 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
974 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
975 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
976 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
977 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
978 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
979 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
980 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
981 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
982 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
983 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
984 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
985 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
986 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
987 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
988 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
989 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
990 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
991 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
992 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
993};
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +0200994const uint32_t AES_Td4[256] = {
bellarde4d4fe32004-08-01 21:54:53 +0000995 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
996 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
997 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
998 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
999 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
1000 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
1001 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
1002 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
1003 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
1004 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
1005 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
1006 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
1007 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
1008 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
1009 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
1010 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
1011 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
1012 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
1013 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
1014 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
1015 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
1016 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
1017 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
1018 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
1019 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
1020 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
1021 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
1022 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
1023 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
1024 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
1025 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
1026 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
1027 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
1028 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
1029 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
1030 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
1031 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
1032 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
1033 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
1034 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
1035 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
1036 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
1037 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
1038 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
1039 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
1040 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
1041 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
1042 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
1043 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
1044 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
1045 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
1046 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
1047 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
1048 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
1049 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
1050 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
1051 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
1052 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
1053 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
1054 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
1055 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
1056 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
1057 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
1058 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
1059};
1060static const u32 rcon[] = {
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001061 0x01000000, 0x02000000, 0x04000000, 0x08000000,
1062 0x10000000, 0x20000000, 0x40000000, 0x80000000,
1063 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
bellarde4d4fe32004-08-01 21:54:53 +00001064};
1065
1066/**
1067 * Expand the cipher key into the encryption key schedule.
1068 */
1069int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001070 AES_KEY *key) {
bellarde4d4fe32004-08-01 21:54:53 +00001071
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001072 u32 *rk;
1073 int i = 0;
1074 u32 temp;
bellarde4d4fe32004-08-01 21:54:53 +00001075
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001076 if (!userKey || !key)
1077 return -1;
1078 if (bits != 128 && bits != 192 && bits != 256)
1079 return -2;
bellarde4d4fe32004-08-01 21:54:53 +00001080
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001081 rk = key->rd_key;
bellarde4d4fe32004-08-01 21:54:53 +00001082
shiliyangc93c7dc2020-11-03 11:10:32 +08001083 if (bits == 128)
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001084 key->rounds = 10;
shiliyangc93c7dc2020-11-03 11:10:32 +08001085 else if (bits == 192)
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001086 key->rounds = 12;
1087 else
1088 key->rounds = 14;
bellarde4d4fe32004-08-01 21:54:53 +00001089
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001090 rk[0] = GETU32(userKey );
1091 rk[1] = GETU32(userKey + 4);
1092 rk[2] = GETU32(userKey + 8);
1093 rk[3] = GETU32(userKey + 12);
1094 if (bits == 128) {
1095 while (1) {
1096 temp = rk[3];
1097 rk[4] = rk[0] ^
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001098 (AES_Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1099 (AES_Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1100 (AES_Te4[(temp ) & 0xff] & 0x0000ff00) ^
1101 (AES_Te4[(temp >> 24) ] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001102 rcon[i];
1103 rk[5] = rk[1] ^ rk[4];
1104 rk[6] = rk[2] ^ rk[5];
1105 rk[7] = rk[3] ^ rk[6];
1106 if (++i == 10) {
1107 return 0;
1108 }
1109 rk += 4;
1110 }
1111 }
1112 rk[4] = GETU32(userKey + 16);
1113 rk[5] = GETU32(userKey + 20);
1114 if (bits == 192) {
1115 while (1) {
1116 temp = rk[ 5];
1117 rk[ 6] = rk[ 0] ^
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001118 (AES_Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1119 (AES_Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1120 (AES_Te4[(temp ) & 0xff] & 0x0000ff00) ^
1121 (AES_Te4[(temp >> 24) ] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001122 rcon[i];
1123 rk[ 7] = rk[ 1] ^ rk[ 6];
1124 rk[ 8] = rk[ 2] ^ rk[ 7];
1125 rk[ 9] = rk[ 3] ^ rk[ 8];
1126 if (++i == 8) {
1127 return 0;
1128 }
1129 rk[10] = rk[ 4] ^ rk[ 9];
1130 rk[11] = rk[ 5] ^ rk[10];
1131 rk += 6;
1132 }
1133 }
1134 rk[6] = GETU32(userKey + 24);
1135 rk[7] = GETU32(userKey + 28);
1136 if (bits == 256) {
1137 while (1) {
1138 temp = rk[ 7];
1139 rk[ 8] = rk[ 0] ^
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001140 (AES_Te4[(temp >> 16) & 0xff] & 0xff000000) ^
1141 (AES_Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
1142 (AES_Te4[(temp ) & 0xff] & 0x0000ff00) ^
1143 (AES_Te4[(temp >> 24) ] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001144 rcon[i];
1145 rk[ 9] = rk[ 1] ^ rk[ 8];
1146 rk[10] = rk[ 2] ^ rk[ 9];
1147 rk[11] = rk[ 3] ^ rk[10];
1148 if (++i == 7) {
1149 return 0;
1150 }
1151 temp = rk[11];
1152 rk[12] = rk[ 4] ^
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001153 (AES_Te4[(temp >> 24) ] & 0xff000000) ^
1154 (AES_Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
1155 (AES_Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
1156 (AES_Te4[(temp ) & 0xff] & 0x000000ff);
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001157 rk[13] = rk[ 5] ^ rk[12];
1158 rk[14] = rk[ 6] ^ rk[13];
1159 rk[15] = rk[ 7] ^ rk[14];
bellarde4d4fe32004-08-01 21:54:53 +00001160
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001161 rk += 8;
1162 }
1163 }
Paolo Bonzinia50c7c82015-01-26 12:12:26 +01001164 abort();
bellarde4d4fe32004-08-01 21:54:53 +00001165}
1166
1167/**
1168 * Expand the cipher key into the decryption key schedule.
1169 */
1170int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001171 AES_KEY *key) {
bellarde4d4fe32004-08-01 21:54:53 +00001172
1173 u32 *rk;
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001174 int i, j, status;
1175 u32 temp;
bellarde4d4fe32004-08-01 21:54:53 +00001176
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001177 /* first, start with an encryption schedule */
1178 status = AES_set_encrypt_key(userKey, bits, key);
1179 if (status < 0)
1180 return status;
bellarde4d4fe32004-08-01 21:54:53 +00001181
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001182 rk = key->rd_key;
bellarde4d4fe32004-08-01 21:54:53 +00001183
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001184 /* invert the order of the round keys: */
shiliyang85734312020-12-07 16:37:25 +08001185 for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) {
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001186 temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
1187 temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
1188 temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
1189 temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
1190 }
1191 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
1192 for (i = 1; i < (key->rounds); i++) {
1193 rk += 4;
1194 rk[0] =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001195 AES_Td0[AES_Te4[(rk[0] >> 24) ] & 0xff] ^
1196 AES_Td1[AES_Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
1197 AES_Td2[AES_Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
1198 AES_Td3[AES_Te4[(rk[0] ) & 0xff] & 0xff];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001199 rk[1] =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001200 AES_Td0[AES_Te4[(rk[1] >> 24) ] & 0xff] ^
1201 AES_Td1[AES_Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
1202 AES_Td2[AES_Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
1203 AES_Td3[AES_Te4[(rk[1] ) & 0xff] & 0xff];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001204 rk[2] =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001205 AES_Td0[AES_Te4[(rk[2] >> 24) ] & 0xff] ^
1206 AES_Td1[AES_Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
1207 AES_Td2[AES_Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
1208 AES_Td3[AES_Te4[(rk[2] ) & 0xff] & 0xff];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001209 rk[3] =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001210 AES_Td0[AES_Te4[(rk[3] >> 24) ] & 0xff] ^
1211 AES_Td1[AES_Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
1212 AES_Td2[AES_Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
1213 AES_Td3[AES_Te4[(rk[3] ) & 0xff] & 0xff];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001214 }
1215 return 0;
bellarde4d4fe32004-08-01 21:54:53 +00001216}
1217
1218#ifndef AES_ASM
1219/*
1220 * Encrypt a single block
1221 * in and out can overlap
1222 */
1223void AES_encrypt(const unsigned char *in, unsigned char *out,
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001224 const AES_KEY *key) {
bellarde4d4fe32004-08-01 21:54:53 +00001225
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001226 const u32 *rk;
1227 u32 s0, s1, s2, s3, t0, t1, t2, t3;
bellarde4d4fe32004-08-01 21:54:53 +00001228#ifndef FULL_UNROLL
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001229 int r;
bellarde4d4fe32004-08-01 21:54:53 +00001230#endif /* ?FULL_UNROLL */
1231
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001232 assert(in && out && key);
1233 rk = key->rd_key;
bellarde4d4fe32004-08-01 21:54:53 +00001234
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001235 /*
1236 * map byte array block to cipher state
1237 * and add initial round key:
1238 */
1239 s0 = GETU32(in ) ^ rk[0];
1240 s1 = GETU32(in + 4) ^ rk[1];
1241 s2 = GETU32(in + 8) ^ rk[2];
1242 s3 = GETU32(in + 12) ^ rk[3];
bellarde4d4fe32004-08-01 21:54:53 +00001243#ifdef FULL_UNROLL
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001244 /* round 1: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001245 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[ 4];
1246 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[ 5];
1247 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[ 6];
1248 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[ 7];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001249 /* round 2: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001250 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[ 8];
1251 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[ 9];
1252 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[10];
1253 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[11];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001254 /* round 3: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001255 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[12];
1256 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[13];
1257 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[14];
1258 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[15];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001259 /* round 4: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001260 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[16];
1261 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[17];
1262 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[18];
1263 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[19];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001264 /* round 5: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001265 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[20];
1266 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[21];
1267 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[22];
1268 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[23];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001269 /* round 6: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001270 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[24];
1271 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[25];
1272 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[26];
1273 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[27];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001274 /* round 7: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001275 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[28];
1276 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[29];
1277 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[30];
1278 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[31];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001279 /* round 8: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001280 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[32];
1281 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[33];
1282 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[34];
1283 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[35];
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001284 /* round 9: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001285 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[36];
1286 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[37];
1287 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[38];
1288 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[39];
bellarde4d4fe32004-08-01 21:54:53 +00001289 if (key->rounds > 10) {
1290 /* round 10: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001291 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[40];
1292 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[41];
1293 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[42];
1294 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[43];
bellarde4d4fe32004-08-01 21:54:53 +00001295 /* round 11: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001296 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[44];
1297 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[45];
1298 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[46];
1299 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[47];
bellarde4d4fe32004-08-01 21:54:53 +00001300 if (key->rounds > 12) {
1301 /* round 12: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001302 s0 = AES_Te0[t0 >> 24] ^ AES_Te1[(t1 >> 16) & 0xff] ^ AES_Te2[(t2 >> 8) & 0xff] ^ AES_Te3[t3 & 0xff] ^ rk[48];
1303 s1 = AES_Te0[t1 >> 24] ^ AES_Te1[(t2 >> 16) & 0xff] ^ AES_Te2[(t3 >> 8) & 0xff] ^ AES_Te3[t0 & 0xff] ^ rk[49];
1304 s2 = AES_Te0[t2 >> 24] ^ AES_Te1[(t3 >> 16) & 0xff] ^ AES_Te2[(t0 >> 8) & 0xff] ^ AES_Te3[t1 & 0xff] ^ rk[50];
1305 s3 = AES_Te0[t3 >> 24] ^ AES_Te1[(t0 >> 16) & 0xff] ^ AES_Te2[(t1 >> 8) & 0xff] ^ AES_Te3[t2 & 0xff] ^ rk[51];
bellarde4d4fe32004-08-01 21:54:53 +00001306 /* round 13: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001307 t0 = AES_Te0[s0 >> 24] ^ AES_Te1[(s1 >> 16) & 0xff] ^ AES_Te2[(s2 >> 8) & 0xff] ^ AES_Te3[s3 & 0xff] ^ rk[52];
1308 t1 = AES_Te0[s1 >> 24] ^ AES_Te1[(s2 >> 16) & 0xff] ^ AES_Te2[(s3 >> 8) & 0xff] ^ AES_Te3[s0 & 0xff] ^ rk[53];
1309 t2 = AES_Te0[s2 >> 24] ^ AES_Te1[(s3 >> 16) & 0xff] ^ AES_Te2[(s0 >> 8) & 0xff] ^ AES_Te3[s1 & 0xff] ^ rk[54];
1310 t3 = AES_Te0[s3 >> 24] ^ AES_Te1[(s0 >> 16) & 0xff] ^ AES_Te2[(s1 >> 8) & 0xff] ^ AES_Te3[s2 & 0xff] ^ rk[55];
bellarde4d4fe32004-08-01 21:54:53 +00001311 }
1312 }
1313 rk += key->rounds << 2;
1314#else /* !FULL_UNROLL */
1315 /*
1316 * Nr - 1 full rounds:
1317 */
1318 r = key->rounds >> 1;
1319 for (;;) {
1320 t0 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001321 AES_Te0[(s0 >> 24) ] ^
1322 AES_Te1[(s1 >> 16) & 0xff] ^
1323 AES_Te2[(s2 >> 8) & 0xff] ^
1324 AES_Te3[(s3 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001325 rk[4];
1326 t1 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001327 AES_Te0[(s1 >> 24) ] ^
1328 AES_Te1[(s2 >> 16) & 0xff] ^
1329 AES_Te2[(s3 >> 8) & 0xff] ^
1330 AES_Te3[(s0 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001331 rk[5];
1332 t2 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001333 AES_Te0[(s2 >> 24) ] ^
1334 AES_Te1[(s3 >> 16) & 0xff] ^
1335 AES_Te2[(s0 >> 8) & 0xff] ^
1336 AES_Te3[(s1 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001337 rk[6];
1338 t3 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001339 AES_Te0[(s3 >> 24) ] ^
1340 AES_Te1[(s0 >> 16) & 0xff] ^
1341 AES_Te2[(s1 >> 8) & 0xff] ^
1342 AES_Te3[(s2 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001343 rk[7];
1344
1345 rk += 8;
1346 if (--r == 0) {
1347 break;
1348 }
1349
1350 s0 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001351 AES_Te0[(t0 >> 24) ] ^
1352 AES_Te1[(t1 >> 16) & 0xff] ^
1353 AES_Te2[(t2 >> 8) & 0xff] ^
1354 AES_Te3[(t3 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001355 rk[0];
1356 s1 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001357 AES_Te0[(t1 >> 24) ] ^
1358 AES_Te1[(t2 >> 16) & 0xff] ^
1359 AES_Te2[(t3 >> 8) & 0xff] ^
1360 AES_Te3[(t0 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001361 rk[1];
1362 s2 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001363 AES_Te0[(t2 >> 24) ] ^
1364 AES_Te1[(t3 >> 16) & 0xff] ^
1365 AES_Te2[(t0 >> 8) & 0xff] ^
1366 AES_Te3[(t1 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001367 rk[2];
1368 s3 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001369 AES_Te0[(t3 >> 24) ] ^
1370 AES_Te1[(t0 >> 16) & 0xff] ^
1371 AES_Te2[(t1 >> 8) & 0xff] ^
1372 AES_Te3[(t2 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001373 rk[3];
1374 }
1375#endif /* ?FULL_UNROLL */
1376 /*
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001377 * apply last round and
1378 * map cipher state to byte array block:
1379 */
1380 s0 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001381 (AES_Te4[(t0 >> 24) ] & 0xff000000) ^
1382 (AES_Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1383 (AES_Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1384 (AES_Te4[(t3 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001385 rk[0];
1386 PUTU32(out , s0);
1387 s1 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001388 (AES_Te4[(t1 >> 24) ] & 0xff000000) ^
1389 (AES_Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1390 (AES_Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1391 (AES_Te4[(t0 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001392 rk[1];
1393 PUTU32(out + 4, s1);
1394 s2 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001395 (AES_Te4[(t2 >> 24) ] & 0xff000000) ^
1396 (AES_Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1397 (AES_Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1398 (AES_Te4[(t1 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001399 rk[2];
1400 PUTU32(out + 8, s2);
1401 s3 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001402 (AES_Te4[(t3 >> 24) ] & 0xff000000) ^
1403 (AES_Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1404 (AES_Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1405 (AES_Te4[(t2 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001406 rk[3];
1407 PUTU32(out + 12, s3);
bellarde4d4fe32004-08-01 21:54:53 +00001408}
1409
1410/*
1411 * Decrypt a single block
1412 * in and out can overlap
1413 */
1414void AES_decrypt(const unsigned char *in, unsigned char *out,
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001415 const AES_KEY *key) {
bellarde4d4fe32004-08-01 21:54:53 +00001416
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001417 const u32 *rk;
1418 u32 s0, s1, s2, s3, t0, t1, t2, t3;
bellarde4d4fe32004-08-01 21:54:53 +00001419#ifndef FULL_UNROLL
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001420 int r;
bellarde4d4fe32004-08-01 21:54:53 +00001421#endif /* ?FULL_UNROLL */
1422
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001423 assert(in && out && key);
1424 rk = key->rd_key;
bellarde4d4fe32004-08-01 21:54:53 +00001425
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001426 /*
1427 * map byte array block to cipher state
1428 * and add initial round key:
1429 */
bellarde4d4fe32004-08-01 21:54:53 +00001430 s0 = GETU32(in ) ^ rk[0];
1431 s1 = GETU32(in + 4) ^ rk[1];
1432 s2 = GETU32(in + 8) ^ rk[2];
1433 s3 = GETU32(in + 12) ^ rk[3];
1434#ifdef FULL_UNROLL
1435 /* round 1: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001436 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[ 4];
1437 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[ 5];
1438 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[ 6];
1439 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[ 7];
bellarde4d4fe32004-08-01 21:54:53 +00001440 /* round 2: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001441 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[ 8];
1442 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[ 9];
1443 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[10];
1444 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[11];
bellarde4d4fe32004-08-01 21:54:53 +00001445 /* round 3: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001446 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[12];
1447 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[13];
1448 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[14];
1449 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[15];
bellarde4d4fe32004-08-01 21:54:53 +00001450 /* round 4: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001451 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[16];
1452 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[17];
1453 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[18];
1454 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[19];
bellarde4d4fe32004-08-01 21:54:53 +00001455 /* round 5: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001456 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[20];
1457 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[21];
1458 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[22];
1459 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[23];
bellarde4d4fe32004-08-01 21:54:53 +00001460 /* round 6: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001461 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[24];
1462 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[25];
1463 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[26];
1464 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[27];
bellarde4d4fe32004-08-01 21:54:53 +00001465 /* round 7: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001466 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[28];
1467 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[29];
1468 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[30];
1469 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[31];
bellarde4d4fe32004-08-01 21:54:53 +00001470 /* round 8: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001471 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[32];
1472 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[33];
1473 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[34];
1474 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[35];
bellarde4d4fe32004-08-01 21:54:53 +00001475 /* round 9: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001476 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[36];
1477 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[37];
1478 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[38];
1479 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[39];
bellarde4d4fe32004-08-01 21:54:53 +00001480 if (key->rounds > 10) {
1481 /* round 10: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001482 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[40];
1483 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[41];
1484 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[42];
1485 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[43];
bellarde4d4fe32004-08-01 21:54:53 +00001486 /* round 11: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001487 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[44];
1488 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[45];
1489 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[46];
1490 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[47];
bellarde4d4fe32004-08-01 21:54:53 +00001491 if (key->rounds > 12) {
1492 /* round 12: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001493 s0 = AES_Td0[t0 >> 24] ^ AES_Td1[(t3 >> 16) & 0xff] ^ AES_Td2[(t2 >> 8) & 0xff] ^ AES_Td3[t1 & 0xff] ^ rk[48];
1494 s1 = AES_Td0[t1 >> 24] ^ AES_Td1[(t0 >> 16) & 0xff] ^ AES_Td2[(t3 >> 8) & 0xff] ^ AES_Td3[t2 & 0xff] ^ rk[49];
1495 s2 = AES_Td0[t2 >> 24] ^ AES_Td1[(t1 >> 16) & 0xff] ^ AES_Td2[(t0 >> 8) & 0xff] ^ AES_Td3[t3 & 0xff] ^ rk[50];
1496 s3 = AES_Td0[t3 >> 24] ^ AES_Td1[(t2 >> 16) & 0xff] ^ AES_Td2[(t1 >> 8) & 0xff] ^ AES_Td3[t0 & 0xff] ^ rk[51];
bellarde4d4fe32004-08-01 21:54:53 +00001497 /* round 13: */
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001498 t0 = AES_Td0[s0 >> 24] ^ AES_Td1[(s3 >> 16) & 0xff] ^ AES_Td2[(s2 >> 8) & 0xff] ^ AES_Td3[s1 & 0xff] ^ rk[52];
1499 t1 = AES_Td0[s1 >> 24] ^ AES_Td1[(s0 >> 16) & 0xff] ^ AES_Td2[(s3 >> 8) & 0xff] ^ AES_Td3[s2 & 0xff] ^ rk[53];
1500 t2 = AES_Td0[s2 >> 24] ^ AES_Td1[(s1 >> 16) & 0xff] ^ AES_Td2[(s0 >> 8) & 0xff] ^ AES_Td3[s3 & 0xff] ^ rk[54];
1501 t3 = AES_Td0[s3 >> 24] ^ AES_Td1[(s2 >> 16) & 0xff] ^ AES_Td2[(s1 >> 8) & 0xff] ^ AES_Td3[s0 & 0xff] ^ rk[55];
bellarde4d4fe32004-08-01 21:54:53 +00001502 }
1503 }
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001504 rk += key->rounds << 2;
bellarde4d4fe32004-08-01 21:54:53 +00001505#else /* !FULL_UNROLL */
1506 /*
1507 * Nr - 1 full rounds:
1508 */
1509 r = key->rounds >> 1;
1510 for (;;) {
1511 t0 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001512 AES_Td0[(s0 >> 24) ] ^
1513 AES_Td1[(s3 >> 16) & 0xff] ^
1514 AES_Td2[(s2 >> 8) & 0xff] ^
1515 AES_Td3[(s1 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001516 rk[4];
1517 t1 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001518 AES_Td0[(s1 >> 24) ] ^
1519 AES_Td1[(s0 >> 16) & 0xff] ^
1520 AES_Td2[(s3 >> 8) & 0xff] ^
1521 AES_Td3[(s2 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001522 rk[5];
1523 t2 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001524 AES_Td0[(s2 >> 24) ] ^
1525 AES_Td1[(s1 >> 16) & 0xff] ^
1526 AES_Td2[(s0 >> 8) & 0xff] ^
1527 AES_Td3[(s3 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001528 rk[6];
1529 t3 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001530 AES_Td0[(s3 >> 24) ] ^
1531 AES_Td1[(s2 >> 16) & 0xff] ^
1532 AES_Td2[(s1 >> 8) & 0xff] ^
1533 AES_Td3[(s0 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001534 rk[7];
1535
1536 rk += 8;
1537 if (--r == 0) {
1538 break;
1539 }
1540
1541 s0 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001542 AES_Td0[(t0 >> 24) ] ^
1543 AES_Td1[(t3 >> 16) & 0xff] ^
1544 AES_Td2[(t2 >> 8) & 0xff] ^
1545 AES_Td3[(t1 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001546 rk[0];
1547 s1 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001548 AES_Td0[(t1 >> 24) ] ^
1549 AES_Td1[(t0 >> 16) & 0xff] ^
1550 AES_Td2[(t3 >> 8) & 0xff] ^
1551 AES_Td3[(t2 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001552 rk[1];
1553 s2 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001554 AES_Td0[(t2 >> 24) ] ^
1555 AES_Td1[(t1 >> 16) & 0xff] ^
1556 AES_Td2[(t0 >> 8) & 0xff] ^
1557 AES_Td3[(t3 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001558 rk[2];
1559 s3 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001560 AES_Td0[(t3 >> 24) ] ^
1561 AES_Td1[(t2 >> 16) & 0xff] ^
1562 AES_Td2[(t1 >> 8) & 0xff] ^
1563 AES_Td3[(t0 ) & 0xff] ^
bellarde4d4fe32004-08-01 21:54:53 +00001564 rk[3];
1565 }
1566#endif /* ?FULL_UNROLL */
1567 /*
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001568 * apply last round and
1569 * map cipher state to byte array block:
1570 */
1571 s0 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001572 (AES_Td4[(t0 >> 24) ] & 0xff000000) ^
1573 (AES_Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1574 (AES_Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
1575 (AES_Td4[(t1 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001576 rk[0];
1577 PUTU32(out , s0);
1578 s1 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001579 (AES_Td4[(t1 >> 24) ] & 0xff000000) ^
1580 (AES_Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1581 (AES_Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
1582 (AES_Td4[(t2 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001583 rk[1];
1584 PUTU32(out + 4, s1);
1585 s2 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001586 (AES_Td4[(t2 >> 24) ] & 0xff000000) ^
1587 (AES_Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1588 (AES_Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
1589 (AES_Td4[(t3 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001590 rk[2];
1591 PUTU32(out + 8, s2);
1592 s3 =
Aurelien Jarno5d6f5cd2013-03-31 12:58:31 +02001593 (AES_Td4[(t3 >> 24) ] & 0xff000000) ^
1594 (AES_Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1595 (AES_Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
1596 (AES_Td4[(t0 ) & 0xff] & 0x000000ff) ^
Paolo Bonzini2f9f96b2018-12-14 12:38:17 +01001597 rk[3];
1598 PUTU32(out + 12, s3);
bellarde4d4fe32004-08-01 21:54:53 +00001599}
1600
1601#endif /* AES_ASM */