rijndael.c revision 106130 
1/*	$OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */
2/*	$FreeBSD: head/crypto/openssh/rijndael.c 106130 2002-10-29 10:16:02Z des $ */
3
4/**
5 * rijndael-alg-fst.c
6 *
7 * @version 3.0 (December 2000)
8 *
9 * Optimised ANSI C code for the Rijndael cipher (now AES)
10 *
11 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
12 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
13 * @author Paulo Barreto <paulo.barreto@terra.com.br>
14 *
15 * This code is hereby placed in the public domain.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
18 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
21 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
24 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
26 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29#include "includes.h"
30
31#include <stdlib.h>
32#include <string.h>
33
34#include "rijndael.h"
35
36#define FULL_UNROLL
37
38/*
39Te0[x] = S [x].[02, 01, 01, 03];
40Te1[x] = S [x].[03, 02, 01, 01];
41Te2[x] = S [x].[01, 03, 02, 01];
42Te3[x] = S [x].[01, 01, 03, 02];
43Te4[x] = S [x].[01, 01, 01, 01];
44
45Td0[x] = Si[x].[0e, 09, 0d, 0b];
46Td1[x] = Si[x].[0b, 0e, 09, 0d];
47Td2[x] = Si[x].[0d, 0b, 0e, 09];
48Td3[x] = Si[x].[09, 0d, 0b, 0e];
49Td4[x] = Si[x].[01, 01, 01, 01];
50*/
51
52static const u32 Te0[256] = {
53    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
54    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
55    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
56    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
57    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
58    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
59    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
60    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
61    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
62    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
63    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
64    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
65    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
66    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
67    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
68    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
69    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
70    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
71    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
72    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
73    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
74    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
75    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
76    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
77    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
78    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
79    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
80    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
81    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
82    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
83    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
84    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
85    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
86    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
87    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
88    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
89    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
90    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
91    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
92    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
93    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
94    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
95    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
96    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
97    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
98    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
99    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
100    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
101    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
102    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
103    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
104    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
105    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
106    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
107    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
108    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
109    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
110    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
111    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
112    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
113    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
114    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
115    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
116    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
117};
118static const u32 Te1[256] = {
119    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
120    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
121    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
122    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
123    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
124    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
125    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
126    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
127    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
128    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
129    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
130    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
131    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
132    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
133    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
134    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
135    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
136    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
137    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
138    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
139    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
140    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
141    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
142    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
143    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
144    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
145    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
146    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
147    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
148    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
149    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
150    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
151    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
152    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
153    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
154    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
155    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
156    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
157    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
158    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
159    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
160    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
161    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
162    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
163    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
164    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
165    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
166    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
167    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
168    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
169    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
170    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
171    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
172    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
173    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
174    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
175    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
176    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
177    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
178    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
179    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
180    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
181    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
182    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
183};
184static const u32 Te2[256] = {
185    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
186    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
187    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
188    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
189    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
190    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
191    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
192    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
193    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
194    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
195    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
196    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
197    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
198    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
199    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
200    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
201    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
202    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
203    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
204    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
205    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
206    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
207    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
208    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
209    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
210    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
211    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
212    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
213    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
214    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
215    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
216    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
217    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
218    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
219    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
220    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
221    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
222    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
223    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
224    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
225    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
226    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
227    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
228    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
229    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
230    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
231    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
232    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
233    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
234    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
235    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
236    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
237    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
238    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
239    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
240    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
241    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
242    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
243    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
244    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
245    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
246    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
247    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
248    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
249};
250static const u32 Te3[256] = {
251
252    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
253    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
254    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
255    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
256    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
257    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
258    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
259    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
260    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
261    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
262    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
263    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
264    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
265    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
266    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
267    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
268    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
269    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
270    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
271    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
272    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
273    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
274    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
275    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
276    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
277    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
278    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
279    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
280    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
281    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
282    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
283    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
284    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
285    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
286    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
287    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
288    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
289    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
290    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
291    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
292    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
293    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
294    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
295    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
296    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
297    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
298    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
299    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
300    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
301    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
302    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
303    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
304    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
305    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
306    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
307    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
308    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
309    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
310    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
311    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
312    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
313    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
314    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
315    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
316};
317static const u32 Te4[256] = {
318    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
319    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
320    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
321    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
322    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
323    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
324    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
325    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
326    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
327    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
328    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
329    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
330    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
331    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
332    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
333    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
334    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
335    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
336    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
337    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
338    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
339    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
340    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
341    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
342    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
343    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
344    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
345    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
346    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
347    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
348    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
349    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
350    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
351    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
352    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
353    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
354    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
355    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
356    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
357    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
358    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
359    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
360    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
361    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
362    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
363    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
364    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
365    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
366    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
367    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
368    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
369    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
370    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
371    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
372    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
373    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
374    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
375    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
376    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
377    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
378    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
379    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
380    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
381    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
382};
383static const u32 Td0[256] = {
384    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
385    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
386    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
387    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
388    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
389    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
390    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
391    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
392    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
393    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
394    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
395    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
396    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
397    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
398    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
399    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
400    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
401    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
402    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
403    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
404    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
405    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
406    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
407    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
408    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
409    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
410    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
411    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
412    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
413    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
414    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
415    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
416    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
417    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
418    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
419    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
420    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
421    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
422    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
423    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
424    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
425    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
426    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
427    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
428    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
429    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
430    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
431    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
432    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
433    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
434    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
435    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
436    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
437    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
438    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
439    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
440    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
441    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
442    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
443    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
444    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
445    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
446    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
447    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
448};
449static const u32 Td1[256] = {
450    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
451    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
452    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
453    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
454    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
455    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
456    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
457    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
458    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
459    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
460    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
461    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
462    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
463    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
464    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
465    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
466    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
467    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
468    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
469    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
470    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
471    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
472    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
473    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
474    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
475    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
476    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
477    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
478    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
479    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
480    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
481    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
482    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
483    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
484    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
485    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
486    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
487    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
488    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
489    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
490    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
491    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
492    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
493    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
494    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
495    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
496    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
497    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
498    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
499    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
500    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
501    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
502    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
503    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
504    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
505    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
506    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
507    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
508    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
509    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
510    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
511    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
512    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
513    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
514};
515static const u32 Td2[256] = {
516    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
517    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
518    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
519    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
520    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
521    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
522    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
523    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
524    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
525    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
526    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
527    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
528    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
529    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
530    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
531    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
532    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
533    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
534    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
535    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
536
537    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
538    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
539    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
540    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
541    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
542    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
543    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
544    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
545    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
546    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
547    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
548    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
549    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
550    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
551    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
552    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
553    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
554    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
555    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
556    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
557    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
558    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
559    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
560    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
561    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
562    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
563    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
564    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
565    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
566    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
567    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
568    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
569    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
570    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
571    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
572    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
573    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
574    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
575    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
576    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
577    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
578    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
579    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
580    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
581};
582static const u32 Td3[256] = {
583    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
584    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
585    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
586    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
587    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
588    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
589    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
590    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
591    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
592    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
593    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
594    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
595    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
596    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
597    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
598    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
599    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
600    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
601    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
602    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
603    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
604    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
605    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
606    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
607    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
608    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
609    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
610    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
611    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
612    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
613    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
614    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
615    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
616    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
617    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
618    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
619    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
620    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
621    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
622    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
623    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
624    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
625    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
626    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
627    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
628    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
629    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
630    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
631    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
632    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
633    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
634    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
635    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
636    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
637    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
638    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
639    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
640    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
641    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
642    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
643    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
644    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
645    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
646    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
647};
648static const u32 Td4[256] = {
649    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
650    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
651    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
652    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
653    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
654    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
655    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
656    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
657    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
658    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
659    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
660    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
661    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
662    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
663    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
664    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
665    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
666    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
667    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
668    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
669    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
670    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
671    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
672    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
673    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
674    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
675    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
676    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
677    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
678    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
679    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
680    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
681    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
682    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
683    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
684    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
685    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
686    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
687    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
688    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
689    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
690    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
691    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
692    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
693    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
694    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
695    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
696    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
697    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
698    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
699    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
700    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
701    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
702    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
703    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
704    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
705    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
706    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
707    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
708    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
709    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
710    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
711    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
712    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
713};
714static const u32 rcon[] = {
715	0x01000000, 0x02000000, 0x04000000, 0x08000000,
716	0x10000000, 0x20000000, 0x40000000, 0x80000000,
717	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
718};
719
720#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
721#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
722
723/**
724 * Expand the cipher key into the encryption key schedule.
725 *
726 * @return	the number of rounds for the given cipher key size.
727 */
728static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
729   	int i = 0;
730	u32 temp;
731
732	rk[0] = GETU32(cipherKey     );
733	rk[1] = GETU32(cipherKey +  4);
734	rk[2] = GETU32(cipherKey +  8);
735	rk[3] = GETU32(cipherKey + 12);
736	if (keyBits == 128) {
737		for (;;) {
738			temp  = rk[3];
739			rk[4] = rk[0] ^
740				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
741				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
742				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
743				(Te4[(temp >> 24)       ] & 0x000000ff) ^
744				rcon[i];
745			rk[5] = rk[1] ^ rk[4];
746			rk[6] = rk[2] ^ rk[5];
747			rk[7] = rk[3] ^ rk[6];
748			if (++i == 10) {
749				return 10;
750			}
751			rk += 4;
752		}
753	}
754	rk[4] = GETU32(cipherKey + 16);
755	rk[5] = GETU32(cipherKey + 20);
756	if (keyBits == 192) {
757		for (;;) {
758			temp = rk[ 5];
759			rk[ 6] = rk[ 0] ^
760				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
761				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
762				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
763				(Te4[(temp >> 24)       ] & 0x000000ff) ^
764				rcon[i];
765			rk[ 7] = rk[ 1] ^ rk[ 6];
766			rk[ 8] = rk[ 2] ^ rk[ 7];
767			rk[ 9] = rk[ 3] ^ rk[ 8];
768			if (++i == 8) {
769				return 12;
770			}
771			rk[10] = rk[ 4] ^ rk[ 9];
772			rk[11] = rk[ 5] ^ rk[10];
773			rk += 6;
774		}
775	}
776	rk[6] = GETU32(cipherKey + 24);
777	rk[7] = GETU32(cipherKey + 28);
778	if (keyBits == 256) {
779		for (;;) {
780			temp = rk[ 7];
781			rk[ 8] = rk[ 0] ^
782				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
783				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
784				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
785				(Te4[(temp >> 24)       ] & 0x000000ff) ^
786				rcon[i];
787			rk[ 9] = rk[ 1] ^ rk[ 8];
788			rk[10] = rk[ 2] ^ rk[ 9];
789			rk[11] = rk[ 3] ^ rk[10];
790				if (++i == 7) {
791					return 14;
792				}
793			temp = rk[11];
794			rk[12] = rk[ 4] ^
795				(Te4[(temp >> 24)       ] & 0xff000000) ^
796				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
797				(Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
798				(Te4[(temp      ) & 0xff] & 0x000000ff);
799			rk[13] = rk[ 5] ^ rk[12];
800			rk[14] = rk[ 6] ^ rk[13];
801		     	rk[15] = rk[ 7] ^ rk[14];
802			rk += 8;
803		}
804	}
805	return 0;
806}
807
808/**
809 * Expand the cipher key into the decryption key schedule.
810 *
811 * @return	the number of rounds for the given cipher key size.
812 */
813static int
814rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
815    int have_encrypt) {
816	int Nr, i, j;
817	u32 temp;
818
819	if (have_encrypt) {
820		Nr = have_encrypt;
821	} else {
822		/* expand the cipher key: */
823		Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
824	}
825	/* invert the order of the round keys: */
826	for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
827		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
828		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
829		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
830		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
831	}
832	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
833	for (i = 1; i < Nr; i++) {
834		rk += 4;
835		rk[0] =
836			Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
837			Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
838			Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
839			Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
840		rk[1] =
841			Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
842			Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
843			Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
844			Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
845		rk[2] =
846			Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
847			Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
848			Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
849			Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
850		rk[3] =
851			Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
852			Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
853			Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
854			Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
855	}
856	return Nr;
857}
858
859static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) {
860	u32 s0, s1, s2, s3, t0, t1, t2, t3;
861#ifndef FULL_UNROLL
862    int r;
863#endif /* ?FULL_UNROLL */
864
865    /*
866	 * map byte array block to cipher state
867	 * and add initial round key:
868	 */
869	s0 = GETU32(pt     ) ^ rk[0];
870	s1 = GETU32(pt +  4) ^ rk[1];
871	s2 = GETU32(pt +  8) ^ rk[2];
872	s3 = GETU32(pt + 12) ^ rk[3];
873#ifdef FULL_UNROLL
874    /* round 1: */
875   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
876   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
877   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
878   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
879   	/* round 2: */
880   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
881   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
882   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
883   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
884    /* round 3: */
885   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
886   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
887   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
888   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
889   	/* round 4: */
890   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
891   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
892   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
893   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
894    /* round 5: */
895   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
896   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
897   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
898   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
899   	/* round 6: */
900   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
901   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
902   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
903   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
904    /* round 7: */
905   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
906   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
907   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
908   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
909   	/* round 8: */
910   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
911   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
912   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
913   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
914    /* round 9: */
915   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
916   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
917   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
918   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
919    if (Nr > 10) {
920	/* round 10: */
921	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
922	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
923	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
924	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
925	/* round 11: */
926	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
927	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
928	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
929	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
930	if (Nr > 12) {
931	    /* round 12: */
932	    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
933	    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
934	    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
935	    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
936	    /* round 13: */
937	    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
938	    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
939	    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
940	    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
941	}
942    }
943    rk += Nr << 2;
944#else  /* !FULL_UNROLL */
945    /*
946	 * Nr - 1 full rounds:
947	 */
948    r = Nr >> 1;
949    for (;;) {
950	t0 =
951	    Te0[(s0 >> 24)       ] ^
952	    Te1[(s1 >> 16) & 0xff] ^
953	    Te2[(s2 >>  8) & 0xff] ^
954	    Te3[(s3      ) & 0xff] ^
955	    rk[4];
956	t1 =
957	    Te0[(s1 >> 24)       ] ^
958	    Te1[(s2 >> 16) & 0xff] ^
959	    Te2[(s3 >>  8) & 0xff] ^
960	    Te3[(s0      ) & 0xff] ^
961	    rk[5];
962	t2 =
963	    Te0[(s2 >> 24)       ] ^
964	    Te1[(s3 >> 16) & 0xff] ^
965	    Te2[(s0 >>  8) & 0xff] ^
966	    Te3[(s1      ) & 0xff] ^
967	    rk[6];
968	t3 =
969	    Te0[(s3 >> 24)       ] ^
970	    Te1[(s0 >> 16) & 0xff] ^
971	    Te2[(s1 >>  8) & 0xff] ^
972	    Te3[(s2      ) & 0xff] ^
973	    rk[7];
974
975	rk += 8;
976	if (--r == 0) {
977	    break;
978	}
979
980	s0 =
981	    Te0[(t0 >> 24)       ] ^
982	    Te1[(t1 >> 16) & 0xff] ^
983	    Te2[(t2 >>  8) & 0xff] ^
984	    Te3[(t3      ) & 0xff] ^
985	    rk[0];
986	s1 =
987	    Te0[(t1 >> 24)       ] ^
988	    Te1[(t2 >> 16) & 0xff] ^
989	    Te2[(t3 >>  8) & 0xff] ^
990	    Te3[(t0      ) & 0xff] ^
991	    rk[1];
992	s2 =
993	    Te0[(t2 >> 24)       ] ^
994	    Te1[(t3 >> 16) & 0xff] ^
995	    Te2[(t0 >>  8) & 0xff] ^
996	    Te3[(t1      ) & 0xff] ^
997	    rk[2];
998	s3 =
999	    Te0[(t3 >> 24)       ] ^
1000	    Te1[(t0 >> 16) & 0xff] ^
1001	    Te2[(t1 >>  8) & 0xff] ^
1002	    Te3[(t2      ) & 0xff] ^
1003	    rk[3];
1004    }
1005#endif /* ?FULL_UNROLL */
1006    /*
1007	 * apply last round and
1008	 * map cipher state to byte array block:
1009	 */
1010	s0 =
1011		(Te4[(t0 >> 24)       ] & 0xff000000) ^
1012		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1013		(Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1014		(Te4[(t3      ) & 0xff] & 0x000000ff) ^
1015		rk[0];
1016	PUTU32(ct     , s0);
1017	s1 =
1018		(Te4[(t1 >> 24)       ] & 0xff000000) ^
1019		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1020		(Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1021		(Te4[(t0      ) & 0xff] & 0x000000ff) ^
1022		rk[1];
1023	PUTU32(ct +  4, s1);
1024	s2 =
1025		(Te4[(t2 >> 24)       ] & 0xff000000) ^
1026		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1027		(Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1028		(Te4[(t1      ) & 0xff] & 0x000000ff) ^
1029		rk[2];
1030	PUTU32(ct +  8, s2);
1031	s3 =
1032		(Te4[(t3 >> 24)       ] & 0xff000000) ^
1033		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1034		(Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1035		(Te4[(t2      ) & 0xff] & 0x000000ff) ^
1036		rk[3];
1037	PUTU32(ct + 12, s3);
1038}
1039
1040static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) {
1041	u32 s0, s1, s2, s3, t0, t1, t2, t3;
1042#ifndef FULL_UNROLL
1043    int r;
1044#endif /* ?FULL_UNROLL */
1045
1046    /*
1047	 * map byte array block to cipher state
1048	 * and add initial round key:
1049	 */
1050    s0 = GETU32(ct     ) ^ rk[0];
1051    s1 = GETU32(ct +  4) ^ rk[1];
1052    s2 = GETU32(ct +  8) ^ rk[2];
1053    s3 = GETU32(ct + 12) ^ rk[3];
1054#ifdef FULL_UNROLL
1055    /* round 1: */
1056    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1057    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1058    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1059    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1060    /* round 2: */
1061    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1062    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1063    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1064    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1065    /* round 3: */
1066    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1067    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1068    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1069    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1070    /* round 4: */
1071    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1072    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1073    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1074    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1075    /* round 5: */
1076    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1077    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1078    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1079    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1080    /* round 6: */
1081    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1082    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1083    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1084    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1085    /* round 7: */
1086    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1087    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1088    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1089    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1090    /* round 8: */
1091    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1092    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1093    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1094    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1095    /* round 9: */
1096    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1097    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1098    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1099    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1100    if (Nr > 10) {
1101	/* round 10: */
1102	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1103	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1104	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1105	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1106	/* round 11: */
1107	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1108	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1109	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1110	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1111	if (Nr > 12) {
1112	    /* round 12: */
1113	    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1114	    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1115	    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1116	    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1117	    /* round 13: */
1118	    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1119	    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1120	    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1121	    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1122	}
1123    }
1124	rk += Nr << 2;
1125#else  /* !FULL_UNROLL */
1126    /*
1127     * Nr - 1 full rounds:
1128     */
1129    r = Nr >> 1;
1130    for (;;) {
1131	t0 =
1132	    Td0[(s0 >> 24)       ] ^
1133	    Td1[(s3 >> 16) & 0xff] ^
1134	    Td2[(s2 >>  8) & 0xff] ^
1135	    Td3[(s1      ) & 0xff] ^
1136	    rk[4];
1137	t1 =
1138	    Td0[(s1 >> 24)       ] ^
1139	    Td1[(s0 >> 16) & 0xff] ^
1140	    Td2[(s3 >>  8) & 0xff] ^
1141	    Td3[(s2      ) & 0xff] ^
1142	    rk[5];
1143	t2 =
1144	    Td0[(s2 >> 24)       ] ^
1145	    Td1[(s1 >> 16) & 0xff] ^
1146	    Td2[(s0 >>  8) & 0xff] ^
1147	    Td3[(s3      ) & 0xff] ^
1148	    rk[6];
1149	t3 =
1150	    Td0[(s3 >> 24)       ] ^
1151	    Td1[(s2 >> 16) & 0xff] ^
1152	    Td2[(s1 >>  8) & 0xff] ^
1153	    Td3[(s0      ) & 0xff] ^
1154	    rk[7];
1155
1156	rk += 8;
1157	if (--r == 0) {
1158	    break;
1159	}
1160
1161	s0 =
1162	    Td0[(t0 >> 24)       ] ^
1163	    Td1[(t3 >> 16) & 0xff] ^
1164	    Td2[(t2 >>  8) & 0xff] ^
1165	    Td3[(t1      ) & 0xff] ^
1166	    rk[0];
1167	s1 =
1168	    Td0[(t1 >> 24)       ] ^
1169	    Td1[(t0 >> 16) & 0xff] ^
1170	    Td2[(t3 >>  8) & 0xff] ^
1171	    Td3[(t2      ) & 0xff] ^
1172	    rk[1];
1173	s2 =
1174	    Td0[(t2 >> 24)       ] ^
1175	    Td1[(t1 >> 16) & 0xff] ^
1176	    Td2[(t0 >>  8) & 0xff] ^
1177	    Td3[(t3      ) & 0xff] ^
1178	    rk[2];
1179	s3 =
1180	    Td0[(t3 >> 24)       ] ^
1181	    Td1[(t2 >> 16) & 0xff] ^
1182	    Td2[(t1 >>  8) & 0xff] ^
1183	    Td3[(t0      ) & 0xff] ^
1184	    rk[3];
1185    }
1186#endif /* ?FULL_UNROLL */
1187    /*
1188	 * apply last round and
1189	 * map cipher state to byte array block:
1190	 */
1191   	s0 =
1192   		(Td4[(t0 >> 24)       ] & 0xff000000) ^
1193   		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1194   		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1195   		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
1196   		rk[0];
1197	PUTU32(pt     , s0);
1198   	s1 =
1199   		(Td4[(t1 >> 24)       ] & 0xff000000) ^
1200   		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1201   		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1202   		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
1203   		rk[1];
1204	PUTU32(pt +  4, s1);
1205   	s2 =
1206   		(Td4[(t2 >> 24)       ] & 0xff000000) ^
1207   		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1208   		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1209   		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
1210   		rk[2];
1211	PUTU32(pt +  8, s2);
1212   	s3 =
1213   		(Td4[(t3 >> 24)       ] & 0xff000000) ^
1214   		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1215   		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1216   		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
1217   		rk[3];
1218	PUTU32(pt + 12, s3);
1219}
1220
1221void
1222rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
1223{
1224	ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
1225	if (encrypt) {
1226		ctx->decrypt = 0;
1227		memset(ctx->dk, 0, sizeof(ctx->dk));
1228	} else {
1229		ctx->decrypt = 1;
1230		memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk));
1231		rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
1232	}
1233}
1234
1235void
1236rijndael_decrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
1237{
1238	rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
1239}
1240
1241void
1242rijndael_encrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
1243{
1244	rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
1245}
1246