"Fossies" - the Fresh Open Source Software Archive

Member "src/Crypto/AesSmall.c" (10 Oct 2018, 31533 Bytes) of package /windows/misc/VeraCrypt_1.23-Hotfix-2_Source.zip:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "AesSmall.c" see the Fossies "Dox" file reference documentation.

    1 /*
    2  ---------------------------------------------------------------------------
    3  Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
    4 
    5  LICENSE TERMS
    6 
    7  The free distribution and use of this software is allowed (with or without
    8  changes) provided that:
    9 
   10   1. source code distributions include the above copyright notice, this
   11      list of conditions and the following disclaimer;
   12 
   13   2. binary distributions include the above copyright notice, this list
   14      of conditions and the following disclaimer in their documentation;
   15 
   16   3. the name of the copyright holder is not used to endorse products
   17      built using this software without specific written permission.
   18 
   19  DISCLAIMER
   20 
   21  This software is provided 'as is' with no explicit or implied warranties
   22  in respect of its properties, including, but not limited to, correctness
   23  and/or fitness for purpose.
   24  ---------------------------------------------------------------------------
   25  Issue 09/09/2006
   26 
   27  This is an AES implementation that uses only 8-bit byte operations on the
   28  cipher state (there are options to use 32-bit types if available).
   29 
   30  The combination of mix columns and byte substitution used here is based on
   31  that developed by Karl Malbrain. His contribution is acknowledged.
   32  */
   33 
   34 /* Adapted for TrueCrypt:
   35   - Macro-generated tables were replaced with static data to enable compiling
   36     with MSVC++ 1.5 which runs out of resources when expanding large macros.
   37 */
   38 
   39 #pragma optimize ("t", on)
   40 
   41 /* define if you have a fast memcpy function on your system */
   42 #if 1
   43 #  define HAVE_MEMCPY
   44 #  include <string.h>
   45 #  if defined( _MSC_VER )
   46 #    ifndef DEBUG
   47 #      pragma intrinsic( memcpy )
   48 #    endif
   49 #  endif
   50 #endif
   51 
   52 /* define if you have fast 32-bit types on your system */
   53 #if 1
   54 #  define HAVE_UINT_32T
   55 #endif
   56 
   57 /* alternative versions (test for performance on your system) */
   58 #if 0
   59 #  define VERSION_1
   60 #endif
   61 
   62 #include "AesSmall.h"
   63 
   64 #define WPOLY   0x011b
   65 #define DPOLY   0x008d
   66 #define f1(x)   (x)
   67 #define f2(x)   ((x<<1) ^ (((x>>7) & 1) * WPOLY))
   68 #define f4(x)   ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
   69 #define f8(x)   ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
   70                         ^ (((x>>5) & 4) * WPOLY))
   71 #define d2(x)   (((x) >> 1) ^ ((x) & 1 ? DPOLY : 0))
   72 
   73 #define f3(x)   (f2(x) ^ x)
   74 #define f9(x)   (f8(x) ^ x)
   75 #define fb(x)   (f8(x) ^ f2(x) ^ x)
   76 #define fd(x)   (f8(x) ^ f4(x) ^ x)
   77 #define fe(x)   (f8(x) ^ f4(x) ^ f2(x))
   78 
   79 static const uint_8t s_box[256] = {
   80     0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,
   81     0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
   82     0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,
   83     0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
   84     0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,
   85     0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
   86     0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,
   87     0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
   88     0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,
   89     0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
   90     0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,
   91     0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
   92     0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,
   93     0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
   94     0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,
   95     0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
   96     0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,
   97     0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
   98     0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,
   99     0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
  100     0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,
  101     0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
  102     0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,
  103     0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
  104     0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,
  105     0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
  106     0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,
  107     0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
  108     0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,
  109     0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
  110     0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,
  111     0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
  112 };
  113 
  114 static const uint_8t inv_s_box[256] = {
  115     0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
  116     0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
  117     0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
  118     0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
  119     0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
  120     0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
  121     0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
  122     0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
  123     0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
  124     0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
  125     0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
  126     0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
  127     0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
  128     0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
  129     0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
  130     0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
  131     0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
  132     0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
  133     0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
  134     0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
  135     0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
  136     0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
  137     0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
  138     0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
  139     0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
  140     0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
  141     0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
  142     0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
  143     0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
  144     0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
  145     0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
  146     0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
  147 };
  148 
  149 static const uint_8t gfm2_s_box[256] = {
  150     0xc6,0xf8,0xee,0xf6,0xff,0xd6,0xde,0x91,
  151     0x60,0x02,0xce,0x56,0xe7,0xb5,0x4d,0xec,
  152     0x8f,0x1f,0x89,0xfa,0xef,0xb2,0x8e,0xfb,
  153     0x41,0xb3,0x5f,0x45,0x23,0x53,0xe4,0x9b,
  154     0x75,0xe1,0x3d,0x4c,0x6c,0x7e,0xf5,0x83,
  155     0x68,0x51,0xd1,0xf9,0xe2,0xab,0x62,0x2a,
  156     0x08,0x95,0x46,0x9d,0x30,0x37,0x0a,0x2f,
  157     0x0e,0x24,0x1b,0xdf,0xcd,0x4e,0x7f,0xea,
  158     0x12,0x1d,0x58,0x34,0x36,0xdc,0xb4,0x5b,
  159     0xa4,0x76,0xb7,0x7d,0x52,0xdd,0x5e,0x13,
  160     0xa6,0xb9,0x00,0xc1,0x40,0xe3,0x79,0xb6,
  161     0xd4,0x8d,0x67,0x72,0x94,0x98,0xb0,0x85,
  162     0xbb,0xc5,0x4f,0xed,0x86,0x9a,0x66,0x11,
  163     0x8a,0xe9,0x04,0xfe,0xa0,0x78,0x25,0x4b,
  164     0xa2,0x5d,0x80,0x05,0x3f,0x21,0x70,0xf1,
  165     0x63,0x77,0xaf,0x42,0x20,0xe5,0xfd,0xbf,
  166     0x81,0x18,0x26,0xc3,0xbe,0x35,0x88,0x2e,
  167     0x93,0x55,0xfc,0x7a,0xc8,0xba,0x32,0xe6,
  168     0xc0,0x19,0x9e,0xa3,0x44,0x54,0x3b,0x0b,
  169     0x8c,0xc7,0x6b,0x28,0xa7,0xbc,0x16,0xad,
  170     0xdb,0x64,0x74,0x14,0x92,0x0c,0x48,0xb8,
  171     0x9f,0xbd,0x43,0xc4,0x39,0x31,0xd3,0xf2,
  172     0xd5,0x8b,0x6e,0xda,0x01,0xb1,0x9c,0x49,
  173     0xd8,0xac,0xf3,0xcf,0xca,0xf4,0x47,0x10,
  174     0x6f,0xf0,0x4a,0x5c,0x38,0x57,0x73,0x97,
  175     0xcb,0xa1,0xe8,0x3e,0x96,0x61,0x0d,0x0f,
  176     0xe0,0x7c,0x71,0xcc,0x90,0x06,0xf7,0x1c,
  177     0xc2,0x6a,0xae,0x69,0x17,0x99,0x3a,0x27,
  178     0xd9,0xeb,0x2b,0x22,0xd2,0xa9,0x07,0x33,
  179     0x2d,0x3c,0x15,0xc9,0x87,0xaa,0x50,0xa5,
  180     0x03,0x59,0x09,0x1a,0x65,0xd7,0x84,0xd0,
  181     0x82,0x29,0x5a,0x1e,0x7b,0xa8,0x6d,0x2c
  182 };
  183 
  184 static const uint_8t gfm3_s_box[256] = {
  185     0xa5,0x84,0x99,0x8d,0x0d,0xbd,0xb1,0x54,
  186     0x50,0x03,0xa9,0x7d,0x19,0x62,0xe6,0x9a,
  187     0x45,0x9d,0x40,0x87,0x15,0xeb,0xc9,0x0b,
  188     0xec,0x67,0xfd,0xea,0xbf,0xf7,0x96,0x5b,
  189     0xc2,0x1c,0xae,0x6a,0x5a,0x41,0x02,0x4f,
  190     0x5c,0xf4,0x34,0x08,0x93,0x73,0x53,0x3f,
  191     0x0c,0x52,0x65,0x5e,0x28,0xa1,0x0f,0xb5,
  192     0x09,0x36,0x9b,0x3d,0x26,0x69,0xcd,0x9f,
  193     0x1b,0x9e,0x74,0x2e,0x2d,0xb2,0xee,0xfb,
  194     0xf6,0x4d,0x61,0xce,0x7b,0x3e,0x71,0x97,
  195     0xf5,0x68,0x00,0x2c,0x60,0x1f,0xc8,0xed,
  196     0xbe,0x46,0xd9,0x4b,0xde,0xd4,0xe8,0x4a,
  197     0x6b,0x2a,0xe5,0x16,0xc5,0xd7,0x55,0x94,
  198     0xcf,0x10,0x06,0x81,0xf0,0x44,0xba,0xe3,
  199     0xf3,0xfe,0xc0,0x8a,0xad,0xbc,0x48,0x04,
  200     0xdf,0xc1,0x75,0x63,0x30,0x1a,0x0e,0x6d,
  201     0x4c,0x14,0x35,0x2f,0xe1,0xa2,0xcc,0x39,
  202     0x57,0xf2,0x82,0x47,0xac,0xe7,0x2b,0x95,
  203     0xa0,0x98,0xd1,0x7f,0x66,0x7e,0xab,0x83,
  204     0xca,0x29,0xd3,0x3c,0x79,0xe2,0x1d,0x76,
  205     0x3b,0x56,0x4e,0x1e,0xdb,0x0a,0x6c,0xe4,
  206     0x5d,0x6e,0xef,0xa6,0xa8,0xa4,0x37,0x8b,
  207     0x32,0x43,0x59,0xb7,0x8c,0x64,0xd2,0xe0,
  208     0xb4,0xfa,0x07,0x25,0xaf,0x8e,0xe9,0x18,
  209     0xd5,0x88,0x6f,0x72,0x24,0xf1,0xc7,0x51,
  210     0x23,0x7c,0x9c,0x21,0xdd,0xdc,0x86,0x85,
  211     0x90,0x42,0xc4,0xaa,0xd8,0x05,0x01,0x12,
  212     0xa3,0x5f,0xf9,0xd0,0x91,0x58,0x27,0xb9,
  213     0x38,0x13,0xb3,0x33,0xbb,0x70,0x89,0xa7,
  214     0xb6,0x22,0x92,0x20,0x49,0xff,0x78,0x7a,
  215     0x8f,0xf8,0x80,0x17,0xda,0x31,0xc6,0xb8,
  216     0xc3,0xb0,0x77,0x11,0xcb,0xfc,0xd6,0x3a
  217 };
  218 
  219 static const uint_8t gfmul_9[256] = {
  220     0x00,0x09,0x12,0x1b,0x24,0x2d,0x36,0x3f,
  221     0x48,0x41,0x5a,0x53,0x6c,0x65,0x7e,0x77,
  222     0x90,0x99,0x82,0x8b,0xb4,0xbd,0xa6,0xaf,
  223     0xd8,0xd1,0xca,0xc3,0xfc,0xf5,0xee,0xe7,
  224     0x3b,0x32,0x29,0x20,0x1f,0x16,0x0d,0x04,
  225     0x73,0x7a,0x61,0x68,0x57,0x5e,0x45,0x4c,
  226     0xab,0xa2,0xb9,0xb0,0x8f,0x86,0x9d,0x94,
  227     0xe3,0xea,0xf1,0xf8,0xc7,0xce,0xd5,0xdc,
  228     0x76,0x7f,0x64,0x6d,0x52,0x5b,0x40,0x49,
  229     0x3e,0x37,0x2c,0x25,0x1a,0x13,0x08,0x01,
  230     0xe6,0xef,0xf4,0xfd,0xc2,0xcb,0xd0,0xd9,
  231     0xae,0xa7,0xbc,0xb5,0x8a,0x83,0x98,0x91,
  232     0x4d,0x44,0x5f,0x56,0x69,0x60,0x7b,0x72,
  233     0x05,0x0c,0x17,0x1e,0x21,0x28,0x33,0x3a,
  234     0xdd,0xd4,0xcf,0xc6,0xf9,0xf0,0xeb,0xe2,
  235     0x95,0x9c,0x87,0x8e,0xb1,0xb8,0xa3,0xaa,
  236     0xec,0xe5,0xfe,0xf7,0xc8,0xc1,0xda,0xd3,
  237     0xa4,0xad,0xb6,0xbf,0x80,0x89,0x92,0x9b,
  238     0x7c,0x75,0x6e,0x67,0x58,0x51,0x4a,0x43,
  239     0x34,0x3d,0x26,0x2f,0x10,0x19,0x02,0x0b,
  240     0xd7,0xde,0xc5,0xcc,0xf3,0xfa,0xe1,0xe8,
  241     0x9f,0x96,0x8d,0x84,0xbb,0xb2,0xa9,0xa0,
  242     0x47,0x4e,0x55,0x5c,0x63,0x6a,0x71,0x78,
  243     0x0f,0x06,0x1d,0x14,0x2b,0x22,0x39,0x30,
  244     0x9a,0x93,0x88,0x81,0xbe,0xb7,0xac,0xa5,
  245     0xd2,0xdb,0xc0,0xc9,0xf6,0xff,0xe4,0xed,
  246     0x0a,0x03,0x18,0x11,0x2e,0x27,0x3c,0x35,
  247     0x42,0x4b,0x50,0x59,0x66,0x6f,0x74,0x7d,
  248     0xa1,0xa8,0xb3,0xba,0x85,0x8c,0x97,0x9e,
  249     0xe9,0xe0,0xfb,0xf2,0xcd,0xc4,0xdf,0xd6,
  250     0x31,0x38,0x23,0x2a,0x15,0x1c,0x07,0x0e,
  251     0x79,0x70,0x6b,0x62,0x5d,0x54,0x4f,0x46
  252 };
  253 
  254 static const uint_8t gfmul_b[256] = {
  255     0x00,0x0b,0x16,0x1d,0x2c,0x27,0x3a,0x31,
  256     0x58,0x53,0x4e,0x45,0x74,0x7f,0x62,0x69,
  257     0xb0,0xbb,0xa6,0xad,0x9c,0x97,0x8a,0x81,
  258     0xe8,0xe3,0xfe,0xf5,0xc4,0xcf,0xd2,0xd9,
  259     0x7b,0x70,0x6d,0x66,0x57,0x5c,0x41,0x4a,
  260     0x23,0x28,0x35,0x3e,0x0f,0x04,0x19,0x12,
  261     0xcb,0xc0,0xdd,0xd6,0xe7,0xec,0xf1,0xfa,
  262     0x93,0x98,0x85,0x8e,0xbf,0xb4,0xa9,0xa2,
  263     0xf6,0xfd,0xe0,0xeb,0xda,0xd1,0xcc,0xc7,
  264     0xae,0xa5,0xb8,0xb3,0x82,0x89,0x94,0x9f,
  265     0x46,0x4d,0x50,0x5b,0x6a,0x61,0x7c,0x77,
  266     0x1e,0x15,0x08,0x03,0x32,0x39,0x24,0x2f,
  267     0x8d,0x86,0x9b,0x90,0xa1,0xaa,0xb7,0xbc,
  268     0xd5,0xde,0xc3,0xc8,0xf9,0xf2,0xef,0xe4,
  269     0x3d,0x36,0x2b,0x20,0x11,0x1a,0x07,0x0c,
  270     0x65,0x6e,0x73,0x78,0x49,0x42,0x5f,0x54,
  271     0xf7,0xfc,0xe1,0xea,0xdb,0xd0,0xcd,0xc6,
  272     0xaf,0xa4,0xb9,0xb2,0x83,0x88,0x95,0x9e,
  273     0x47,0x4c,0x51,0x5a,0x6b,0x60,0x7d,0x76,
  274     0x1f,0x14,0x09,0x02,0x33,0x38,0x25,0x2e,
  275     0x8c,0x87,0x9a,0x91,0xa0,0xab,0xb6,0xbd,
  276     0xd4,0xdf,0xc2,0xc9,0xf8,0xf3,0xee,0xe5,
  277     0x3c,0x37,0x2a,0x21,0x10,0x1b,0x06,0x0d,
  278     0x64,0x6f,0x72,0x79,0x48,0x43,0x5e,0x55,
  279     0x01,0x0a,0x17,0x1c,0x2d,0x26,0x3b,0x30,
  280     0x59,0x52,0x4f,0x44,0x75,0x7e,0x63,0x68,
  281     0xb1,0xba,0xa7,0xac,0x9d,0x96,0x8b,0x80,
  282     0xe9,0xe2,0xff,0xf4,0xc5,0xce,0xd3,0xd8,
  283     0x7a,0x71,0x6c,0x67,0x56,0x5d,0x40,0x4b,
  284     0x22,0x29,0x34,0x3f,0x0e,0x05,0x18,0x13,
  285     0xca,0xc1,0xdc,0xd7,0xe6,0xed,0xf0,0xfb,
  286     0x92,0x99,0x84,0x8f,0xbe,0xb5,0xa8,0xa3
  287 };
  288 
  289 static const uint_8t gfmul_d[256] = {
  290     0x00,0x0d,0x1a,0x17,0x34,0x39,0x2e,0x23,
  291     0x68,0x65,0x72,0x7f,0x5c,0x51,0x46,0x4b,
  292     0xd0,0xdd,0xca,0xc7,0xe4,0xe9,0xfe,0xf3,
  293     0xb8,0xb5,0xa2,0xaf,0x8c,0x81,0x96,0x9b,
  294     0xbb,0xb6,0xa1,0xac,0x8f,0x82,0x95,0x98,
  295     0xd3,0xde,0xc9,0xc4,0xe7,0xea,0xfd,0xf0,
  296     0x6b,0x66,0x71,0x7c,0x5f,0x52,0x45,0x48,
  297     0x03,0x0e,0x19,0x14,0x37,0x3a,0x2d,0x20,
  298     0x6d,0x60,0x77,0x7a,0x59,0x54,0x43,0x4e,
  299     0x05,0x08,0x1f,0x12,0x31,0x3c,0x2b,0x26,
  300     0xbd,0xb0,0xa7,0xaa,0x89,0x84,0x93,0x9e,
  301     0xd5,0xd8,0xcf,0xc2,0xe1,0xec,0xfb,0xf6,
  302     0xd6,0xdb,0xcc,0xc1,0xe2,0xef,0xf8,0xf5,
  303     0xbe,0xb3,0xa4,0xa9,0x8a,0x87,0x90,0x9d,
  304     0x06,0x0b,0x1c,0x11,0x32,0x3f,0x28,0x25,
  305     0x6e,0x63,0x74,0x79,0x5a,0x57,0x40,0x4d,
  306     0xda,0xd7,0xc0,0xcd,0xee,0xe3,0xf4,0xf9,
  307     0xb2,0xbf,0xa8,0xa5,0x86,0x8b,0x9c,0x91,
  308     0x0a,0x07,0x10,0x1d,0x3e,0x33,0x24,0x29,
  309     0x62,0x6f,0x78,0x75,0x56,0x5b,0x4c,0x41,
  310     0x61,0x6c,0x7b,0x76,0x55,0x58,0x4f,0x42,
  311     0x09,0x04,0x13,0x1e,0x3d,0x30,0x27,0x2a,
  312     0xb1,0xbc,0xab,0xa6,0x85,0x88,0x9f,0x92,
  313     0xd9,0xd4,0xc3,0xce,0xed,0xe0,0xf7,0xfa,
  314     0xb7,0xba,0xad,0xa0,0x83,0x8e,0x99,0x94,
  315     0xdf,0xd2,0xc5,0xc8,0xeb,0xe6,0xf1,0xfc,
  316     0x67,0x6a,0x7d,0x70,0x53,0x5e,0x49,0x44,
  317     0x0f,0x02,0x15,0x18,0x3b,0x36,0x21,0x2c,
  318     0x0c,0x01,0x16,0x1b,0x38,0x35,0x22,0x2f,
  319     0x64,0x69,0x7e,0x73,0x50,0x5d,0x4a,0x47,
  320     0xdc,0xd1,0xc6,0xcb,0xe8,0xe5,0xf2,0xff,
  321     0xb4,0xb9,0xae,0xa3,0x80,0x8d,0x9a,0x97
  322 };
  323 
  324 static const uint_8t gfmul_e[256] = {
  325     0x00,0x0e,0x1c,0x12,0x38,0x36,0x24,0x2a,
  326     0x70,0x7e,0x6c,0x62,0x48,0x46,0x54,0x5a,
  327     0xe0,0xee,0xfc,0xf2,0xd8,0xd6,0xc4,0xca,
  328     0x90,0x9e,0x8c,0x82,0xa8,0xa6,0xb4,0xba,
  329     0xdb,0xd5,0xc7,0xc9,0xe3,0xed,0xff,0xf1,
  330     0xab,0xa5,0xb7,0xb9,0x93,0x9d,0x8f,0x81,
  331     0x3b,0x35,0x27,0x29,0x03,0x0d,0x1f,0x11,
  332     0x4b,0x45,0x57,0x59,0x73,0x7d,0x6f,0x61,
  333     0xad,0xa3,0xb1,0xbf,0x95,0x9b,0x89,0x87,
  334     0xdd,0xd3,0xc1,0xcf,0xe5,0xeb,0xf9,0xf7,
  335     0x4d,0x43,0x51,0x5f,0x75,0x7b,0x69,0x67,
  336     0x3d,0x33,0x21,0x2f,0x05,0x0b,0x19,0x17,
  337     0x76,0x78,0x6a,0x64,0x4e,0x40,0x52,0x5c,
  338     0x06,0x08,0x1a,0x14,0x3e,0x30,0x22,0x2c,
  339     0x96,0x98,0x8a,0x84,0xae,0xa0,0xb2,0xbc,
  340     0xe6,0xe8,0xfa,0xf4,0xde,0xd0,0xc2,0xcc,
  341     0x41,0x4f,0x5d,0x53,0x79,0x77,0x65,0x6b,
  342     0x31,0x3f,0x2d,0x23,0x09,0x07,0x15,0x1b,
  343     0xa1,0xaf,0xbd,0xb3,0x99,0x97,0x85,0x8b,
  344     0xd1,0xdf,0xcd,0xc3,0xe9,0xe7,0xf5,0xfb,
  345     0x9a,0x94,0x86,0x88,0xa2,0xac,0xbe,0xb0,
  346     0xea,0xe4,0xf6,0xf8,0xd2,0xdc,0xce,0xc0,
  347     0x7a,0x74,0x66,0x68,0x42,0x4c,0x5e,0x50,
  348     0x0a,0x04,0x16,0x18,0x32,0x3c,0x2e,0x20,
  349     0xec,0xe2,0xf0,0xfe,0xd4,0xda,0xc8,0xc6,
  350     0x9c,0x92,0x80,0x8e,0xa4,0xaa,0xb8,0xb6,
  351     0x0c,0x02,0x10,0x1e,0x34,0x3a,0x28,0x26,
  352     0x7c,0x72,0x60,0x6e,0x44,0x4a,0x58,0x56,
  353     0x37,0x39,0x2b,0x25,0x0f,0x01,0x13,0x1d,
  354     0x47,0x49,0x5b,0x55,0x7f,0x71,0x63,0x6d,
  355     0xd7,0xd9,0xcb,0xc5,0xef,0xe1,0xf3,0xfd,
  356     0xa7,0xa9,0xbb,0xb5,0x9f,0x91,0x83,0x8d
  357 };
  358 
  359 #if defined( HAVE_UINT_32T )
  360   typedef unsigned long uint_32t;
  361 #endif
  362 
  363 #if defined( HAVE_MEMCPY )
  364 #  define block_copy(d, s, l) memcpy(d, s, l)
  365 #  define block16_copy(d, s)  memcpy(d, s, N_BLOCK)
  366 #else
  367 #  define block_copy(d, s, l) copy_block(d, s, l)
  368 #  define block16_copy(d, s)  copy_block16(d, s)
  369 #endif
  370 
  371 /* block size 'nn' must be a multiple of four */
  372 
  373 static void copy_block16( void *d, const void *s )
  374 {
  375 #if defined( HAVE_UINT_32T )
  376     ((uint_32t*)d)[ 0] = ((uint_32t*)s)[ 0];
  377     ((uint_32t*)d)[ 1] = ((uint_32t*)s)[ 1];
  378     ((uint_32t*)d)[ 2] = ((uint_32t*)s)[ 2];
  379     ((uint_32t*)d)[ 3] = ((uint_32t*)s)[ 3];
  380 #else
  381     ((uint_8t*)d)[ 0] = ((uint_8t*)s)[ 0];
  382     ((uint_8t*)d)[ 1] = ((uint_8t*)s)[ 1];
  383     ((uint_8t*)d)[ 2] = ((uint_8t*)s)[ 2];
  384     ((uint_8t*)d)[ 3] = ((uint_8t*)s)[ 3];
  385     ((uint_8t*)d)[ 4] = ((uint_8t*)s)[ 4];
  386     ((uint_8t*)d)[ 5] = ((uint_8t*)s)[ 5];
  387     ((uint_8t*)d)[ 6] = ((uint_8t*)s)[ 6];
  388     ((uint_8t*)d)[ 7] = ((uint_8t*)s)[ 7];
  389     ((uint_8t*)d)[ 8] = ((uint_8t*)s)[ 8];
  390     ((uint_8t*)d)[ 9] = ((uint_8t*)s)[ 9];
  391     ((uint_8t*)d)[10] = ((uint_8t*)s)[10];
  392     ((uint_8t*)d)[11] = ((uint_8t*)s)[11];
  393     ((uint_8t*)d)[12] = ((uint_8t*)s)[12];
  394     ((uint_8t*)d)[13] = ((uint_8t*)s)[13];
  395     ((uint_8t*)d)[14] = ((uint_8t*)s)[14];
  396     ((uint_8t*)d)[15] = ((uint_8t*)s)[15];
  397 #endif
  398 }
  399 
  400 static void copy_block( void * d, void *s, uint_8t nn )
  401 {
  402     while( nn-- )
  403         *((uint_8t*)d)++ = *((uint_8t*)s)++;
  404 }
  405 
  406 static void xor_block( void *d, const void *s )
  407 {
  408 #if defined( HAVE_UINT_32T )
  409     ((uint_32t*)d)[ 0] ^= ((uint_32t*)s)[ 0];
  410     ((uint_32t*)d)[ 1] ^= ((uint_32t*)s)[ 1];
  411     ((uint_32t*)d)[ 2] ^= ((uint_32t*)s)[ 2];
  412     ((uint_32t*)d)[ 3] ^= ((uint_32t*)s)[ 3];
  413 #else
  414     ((uint_8t*)d)[ 0] ^= ((uint_8t*)s)[ 0];
  415     ((uint_8t*)d)[ 1] ^= ((uint_8t*)s)[ 1];
  416     ((uint_8t*)d)[ 2] ^= ((uint_8t*)s)[ 2];
  417     ((uint_8t*)d)[ 3] ^= ((uint_8t*)s)[ 3];
  418     ((uint_8t*)d)[ 4] ^= ((uint_8t*)s)[ 4];
  419     ((uint_8t*)d)[ 5] ^= ((uint_8t*)s)[ 5];
  420     ((uint_8t*)d)[ 6] ^= ((uint_8t*)s)[ 6];
  421     ((uint_8t*)d)[ 7] ^= ((uint_8t*)s)[ 7];
  422     ((uint_8t*)d)[ 8] ^= ((uint_8t*)s)[ 8];
  423     ((uint_8t*)d)[ 9] ^= ((uint_8t*)s)[ 9];
  424     ((uint_8t*)d)[10] ^= ((uint_8t*)s)[10];
  425     ((uint_8t*)d)[11] ^= ((uint_8t*)s)[11];
  426     ((uint_8t*)d)[12] ^= ((uint_8t*)s)[12];
  427     ((uint_8t*)d)[13] ^= ((uint_8t*)s)[13];
  428     ((uint_8t*)d)[14] ^= ((uint_8t*)s)[14];
  429     ((uint_8t*)d)[15] ^= ((uint_8t*)s)[15];
  430 #endif
  431 }
  432 
  433 static void copy_and_key( void *d, const void *s, const void *k )
  434 {
  435 #if defined( HAVE_UINT_32T )
  436     ((uint_32t*)d)[ 0] = ((uint_32t*)s)[ 0] ^ ((uint_32t*)k)[ 0];
  437     ((uint_32t*)d)[ 1] = ((uint_32t*)s)[ 1] ^ ((uint_32t*)k)[ 1];
  438     ((uint_32t*)d)[ 2] = ((uint_32t*)s)[ 2] ^ ((uint_32t*)k)[ 2];
  439     ((uint_32t*)d)[ 3] = ((uint_32t*)s)[ 3] ^ ((uint_32t*)k)[ 3];
  440 #elif 1
  441     ((uint_8t*)d)[ 0] = ((uint_8t*)s)[ 0] ^ ((uint_8t*)k)[ 0];
  442     ((uint_8t*)d)[ 1] = ((uint_8t*)s)[ 1] ^ ((uint_8t*)k)[ 1];
  443     ((uint_8t*)d)[ 2] = ((uint_8t*)s)[ 2] ^ ((uint_8t*)k)[ 2];
  444     ((uint_8t*)d)[ 3] = ((uint_8t*)s)[ 3] ^ ((uint_8t*)k)[ 3];
  445     ((uint_8t*)d)[ 4] = ((uint_8t*)s)[ 4] ^ ((uint_8t*)k)[ 4];
  446     ((uint_8t*)d)[ 5] = ((uint_8t*)s)[ 5] ^ ((uint_8t*)k)[ 5];
  447     ((uint_8t*)d)[ 6] = ((uint_8t*)s)[ 6] ^ ((uint_8t*)k)[ 6];
  448     ((uint_8t*)d)[ 7] = ((uint_8t*)s)[ 7] ^ ((uint_8t*)k)[ 7];
  449     ((uint_8t*)d)[ 8] = ((uint_8t*)s)[ 8] ^ ((uint_8t*)k)[ 8];
  450     ((uint_8t*)d)[ 9] = ((uint_8t*)s)[ 9] ^ ((uint_8t*)k)[ 9];
  451     ((uint_8t*)d)[10] = ((uint_8t*)s)[10] ^ ((uint_8t*)k)[10];
  452     ((uint_8t*)d)[11] = ((uint_8t*)s)[11] ^ ((uint_8t*)k)[11];
  453     ((uint_8t*)d)[12] = ((uint_8t*)s)[12] ^ ((uint_8t*)k)[12];
  454     ((uint_8t*)d)[13] = ((uint_8t*)s)[13] ^ ((uint_8t*)k)[13];
  455     ((uint_8t*)d)[14] = ((uint_8t*)s)[14] ^ ((uint_8t*)k)[14];
  456     ((uint_8t*)d)[15] = ((uint_8t*)s)[15] ^ ((uint_8t*)k)[15];
  457 #else
  458     block16_copy(d, s);
  459     xor_block(d, k);
  460 #endif
  461 }
  462 
  463 static void add_round_key( uint_8t d[N_BLOCK], const uint_8t k[N_BLOCK] )
  464 {
  465     xor_block(d, k);
  466 }
  467 
  468 static void shift_sub_rows( uint_8t st[N_BLOCK] )
  469 {   uint_8t tt;
  470 
  471     st[ 0] = s_box[st[ 0]]; st[ 4] = s_box[st[ 4]];
  472     st[ 8] = s_box[st[ 8]]; st[12] = s_box[st[12]];
  473 
  474     tt = st[1]; st[ 1] = s_box[st[ 5]]; st[ 5] = s_box[st[ 9]];
  475     st[ 9] = s_box[st[13]]; st[13] = s_box[ tt ];
  476 
  477     tt = st[2]; st[ 2] = s_box[st[10]]; st[10] = s_box[ tt ];
  478     tt = st[6]; st[ 6] = s_box[st[14]]; st[14] = s_box[ tt ];
  479 
  480     tt = st[15]; st[15] = s_box[st[11]]; st[11] = s_box[st[ 7]];
  481     st[ 7] = s_box[st[ 3]]; st[ 3] = s_box[ tt ];
  482 }
  483 
  484 static void inv_shift_sub_rows( uint_8t st[N_BLOCK] )
  485 {   uint_8t tt;
  486 
  487     st[ 0] = inv_s_box[st[ 0]]; st[ 4] = inv_s_box[st[ 4]];
  488     st[ 8] = inv_s_box[st[ 8]]; st[12] = inv_s_box[st[12]];
  489 
  490     tt = st[13]; st[13] = inv_s_box[st[9]]; st[ 9] = inv_s_box[st[5]];
  491     st[ 5] = inv_s_box[st[1]]; st[ 1] = inv_s_box[ tt ];
  492 
  493     tt = st[2]; st[ 2] = inv_s_box[st[10]]; st[10] = inv_s_box[ tt ];
  494     tt = st[6]; st[ 6] = inv_s_box[st[14]]; st[14] = inv_s_box[ tt ];
  495 
  496     tt = st[3]; st[ 3] = inv_s_box[st[ 7]]; st[ 7] = inv_s_box[st[11]];
  497     st[11] = inv_s_box[st[15]]; st[15] = inv_s_box[ tt ];
  498 }
  499 
  500 #if defined( VERSION_1 )
  501   static void mix_sub_columns( uint_8t dt[N_BLOCK] )
  502   { uint_8t st[N_BLOCK];
  503     block16_copy(st, dt);
  504 #else
  505   static void mix_sub_columns( uint_8t dt[N_BLOCK], uint_8t st[N_BLOCK] )
  506   {
  507 #endif
  508     dt[ 0] = gfm2_s_box[st[0]] ^ gfm3_s_box[st[5]] ^ s_box[st[10]] ^ s_box[st[15]];
  509     dt[ 1] = s_box[st[0]] ^ gfm2_s_box[st[5]] ^ gfm3_s_box[st[10]] ^ s_box[st[15]];
  510     dt[ 2] = s_box[st[0]] ^ s_box[st[5]] ^ gfm2_s_box[st[10]] ^ gfm3_s_box[st[15]];
  511     dt[ 3] = gfm3_s_box[st[0]] ^ s_box[st[5]] ^ s_box[st[10]] ^ gfm2_s_box[st[15]];
  512 
  513     dt[ 4] = gfm2_s_box[st[4]] ^ gfm3_s_box[st[9]] ^ s_box[st[14]] ^ s_box[st[3]];
  514     dt[ 5] = s_box[st[4]] ^ gfm2_s_box[st[9]] ^ gfm3_s_box[st[14]] ^ s_box[st[3]];
  515     dt[ 6] = s_box[st[4]] ^ s_box[st[9]] ^ gfm2_s_box[st[14]] ^ gfm3_s_box[st[3]];
  516     dt[ 7] = gfm3_s_box[st[4]] ^ s_box[st[9]] ^ s_box[st[14]] ^ gfm2_s_box[st[3]];
  517 
  518     dt[ 8] = gfm2_s_box[st[8]] ^ gfm3_s_box[st[13]] ^ s_box[st[2]] ^ s_box[st[7]];
  519     dt[ 9] = s_box[st[8]] ^ gfm2_s_box[st[13]] ^ gfm3_s_box[st[2]] ^ s_box[st[7]];
  520     dt[10] = s_box[st[8]] ^ s_box[st[13]] ^ gfm2_s_box[st[2]] ^ gfm3_s_box[st[7]];
  521     dt[11] = gfm3_s_box[st[8]] ^ s_box[st[13]] ^ s_box[st[2]] ^ gfm2_s_box[st[7]];
  522 
  523     dt[12] = gfm2_s_box[st[12]] ^ gfm3_s_box[st[1]] ^ s_box[st[6]] ^ s_box[st[11]];
  524     dt[13] = s_box[st[12]] ^ gfm2_s_box[st[1]] ^ gfm3_s_box[st[6]] ^ s_box[st[11]];
  525     dt[14] = s_box[st[12]] ^ s_box[st[1]] ^ gfm2_s_box[st[6]] ^ gfm3_s_box[st[11]];
  526     dt[15] = gfm3_s_box[st[12]] ^ s_box[st[1]] ^ s_box[st[6]] ^ gfm2_s_box[st[11]];
  527   }
  528 
  529 #if defined( VERSION_1 )
  530   static void inv_mix_sub_columns( uint_8t dt[N_BLOCK] )
  531   { uint_8t st[N_BLOCK];
  532     block16_copy(st, dt);
  533 #else
  534   static void inv_mix_sub_columns( uint_8t dt[N_BLOCK], uint_8t st[N_BLOCK] )
  535   {
  536 #endif
  537     dt[ 0] = inv_s_box[gfmul_e[st[ 0]] ^ gfmul_b[st[ 1]] ^ gfmul_d[st[ 2]] ^ gfmul_9[st[ 3]]];
  538     dt[ 5] = inv_s_box[gfmul_9[st[ 0]] ^ gfmul_e[st[ 1]] ^ gfmul_b[st[ 2]] ^ gfmul_d[st[ 3]]];
  539     dt[10] = inv_s_box[gfmul_d[st[ 0]] ^ gfmul_9[st[ 1]] ^ gfmul_e[st[ 2]] ^ gfmul_b[st[ 3]]];
  540     dt[15] = inv_s_box[gfmul_b[st[ 0]] ^ gfmul_d[st[ 1]] ^ gfmul_9[st[ 2]] ^ gfmul_e[st[ 3]]];
  541 
  542     dt[ 4] = inv_s_box[gfmul_e[st[ 4]] ^ gfmul_b[st[ 5]] ^ gfmul_d[st[ 6]] ^ gfmul_9[st[ 7]]];
  543     dt[ 9] = inv_s_box[gfmul_9[st[ 4]] ^ gfmul_e[st[ 5]] ^ gfmul_b[st[ 6]] ^ gfmul_d[st[ 7]]];
  544     dt[14] = inv_s_box[gfmul_d[st[ 4]] ^ gfmul_9[st[ 5]] ^ gfmul_e[st[ 6]] ^ gfmul_b[st[ 7]]];
  545     dt[ 3] = inv_s_box[gfmul_b[st[ 4]] ^ gfmul_d[st[ 5]] ^ gfmul_9[st[ 6]] ^ gfmul_e[st[ 7]]];
  546 
  547     dt[ 8] = inv_s_box[gfmul_e[st[ 8]] ^ gfmul_b[st[ 9]] ^ gfmul_d[st[10]] ^ gfmul_9[st[11]]];
  548     dt[13] = inv_s_box[gfmul_9[st[ 8]] ^ gfmul_e[st[ 9]] ^ gfmul_b[st[10]] ^ gfmul_d[st[11]]];
  549     dt[ 2] = inv_s_box[gfmul_d[st[ 8]] ^ gfmul_9[st[ 9]] ^ gfmul_e[st[10]] ^ gfmul_b[st[11]]];
  550     dt[ 7] = inv_s_box[gfmul_b[st[ 8]] ^ gfmul_d[st[ 9]] ^ gfmul_9[st[10]] ^ gfmul_e[st[11]]];
  551 
  552     dt[12] = inv_s_box[gfmul_e[st[12]] ^ gfmul_b[st[13]] ^ gfmul_d[st[14]] ^ gfmul_9[st[15]]];
  553     dt[ 1] = inv_s_box[gfmul_9[st[12]] ^ gfmul_e[st[13]] ^ gfmul_b[st[14]] ^ gfmul_d[st[15]]];
  554     dt[ 6] = inv_s_box[gfmul_d[st[12]] ^ gfmul_9[st[13]] ^ gfmul_e[st[14]] ^ gfmul_b[st[15]]];
  555     dt[11] = inv_s_box[gfmul_b[st[12]] ^ gfmul_d[st[13]] ^ gfmul_9[st[14]] ^ gfmul_e[st[15]]];
  556   }
  557 
  558 #if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
  559 
  560 /*  Set the cipher key for the pre-keyed version */
  561 
  562 return_type aes_set_key( const unsigned char key[], length_type keylen, aes_context ctx[1] )
  563 {
  564     uint_8t cc, rc, hi;
  565 
  566     switch( keylen )
  567     {
  568     case 16:
  569     case 128:
  570         keylen = 16;
  571         break;
  572     case 24:
  573     case 192:
  574         keylen = 24;
  575         break;
  576     case 32:
  577     case 256:
  578         keylen = 32;
  579         break;
  580     default:
  581         ctx->rnd = 0;
  582         return (return_type) -1;
  583     }
  584     block_copy(ctx->ksch, key, keylen);
  585     hi = (keylen + 28) << 2;
  586     ctx->rnd = (hi >> 4) - 1;
  587     for( cc = keylen, rc = 1; cc < hi; cc += 4 )
  588     {   uint_8t tt, t0, t1, t2, t3;
  589 
  590         t0 = ctx->ksch[cc - 4];
  591         t1 = ctx->ksch[cc - 3];
  592         t2 = ctx->ksch[cc - 2];
  593         t3 = ctx->ksch[cc - 1];
  594         if( cc % keylen == 0 )
  595         {
  596             tt = t0;
  597             t0 = s_box[t1] ^ rc;
  598             t1 = s_box[t2];
  599             t2 = s_box[t3];
  600             t3 = s_box[tt];
  601             rc = f2(rc);
  602         }
  603         else if( keylen > 24 && cc % keylen == 16 )
  604         {
  605             t0 = s_box[t0];
  606             t1 = s_box[t1];
  607             t2 = s_box[t2];
  608             t3 = s_box[t3];
  609         }
  610         tt = cc - keylen;
  611         ctx->ksch[cc + 0] = ctx->ksch[tt + 0] ^ t0;
  612         ctx->ksch[cc + 1] = ctx->ksch[tt + 1] ^ t1;
  613         ctx->ksch[cc + 2] = ctx->ksch[tt + 2] ^ t2;
  614         ctx->ksch[cc + 3] = ctx->ksch[tt + 3] ^ t3;
  615     }
  616     return 0;
  617 }
  618 
  619 #endif
  620 
  621 #if defined( AES_ENC_PREKEYED )
  622 
  623 /*  Encrypt a single block of 16 bytes */
  624 
  625 return_type aes_encrypt( const unsigned char in[N_BLOCK], unsigned char  out[N_BLOCK], const aes_context ctx[1] )
  626 {
  627     if( ctx->rnd )
  628     {
  629         uint_8t s1[N_BLOCK], r;
  630         copy_and_key( s1, in, ctx->ksch );
  631 
  632         for( r = 1 ; r < ctx->rnd ; ++r )
  633 #if defined( VERSION_1 )
  634         {
  635             mix_sub_columns( s1 );
  636             add_round_key( s1, ctx->ksch + r * N_BLOCK);
  637         }
  638 #else
  639         {   uint_8t s2[N_BLOCK];
  640             mix_sub_columns( s2, s1 );
  641             copy_and_key( s1, s2, ctx->ksch + r * N_BLOCK);
  642         }
  643 #endif
  644         shift_sub_rows( s1 );
  645         copy_and_key( out, s1, ctx->ksch + r * N_BLOCK );
  646     }
  647     else
  648         return (return_type) -1;
  649     return 0;
  650 }
  651 
  652 #endif
  653 
  654 #if defined( AES_DEC_PREKEYED )
  655 
  656 /*  Decrypt a single block of 16 bytes */
  657 
  658 return_type aes_decrypt( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK], const aes_context ctx[1] )
  659 {
  660     if( ctx->rnd )
  661     {
  662         uint_8t s1[N_BLOCK], r;
  663         copy_and_key( s1, in, ctx->ksch + ctx->rnd * N_BLOCK );
  664         inv_shift_sub_rows( s1 );
  665 
  666         for( r = ctx->rnd ; --r ; )
  667 #if defined( VERSION_1 )
  668         {
  669             add_round_key( s1, ctx->ksch + r * N_BLOCK );
  670             inv_mix_sub_columns( s1 );
  671         }
  672 #else
  673         {   uint_8t s2[N_BLOCK];
  674             copy_and_key( s2, s1, ctx->ksch + r * N_BLOCK );
  675             inv_mix_sub_columns( s1, s2 );
  676         }
  677 #endif
  678         copy_and_key( out, s1, ctx->ksch );
  679     }
  680     else
  681         return (return_type) -1;
  682     return 0;
  683 }
  684 
  685 #endif
  686 
  687 #if defined( AES_ENC_128_OTFK )
  688 
  689 /*  The 'on the fly' encryption key update for for 128 bit keys */
  690 
  691 static void update_encrypt_key_128( uint_8t k[N_BLOCK], uint_8t *rc )
  692 {   uint_8t cc;
  693 
  694     k[0] ^= s_box[k[13]] ^ *rc;
  695     k[1] ^= s_box[k[14]];
  696     k[2] ^= s_box[k[15]];
  697     k[3] ^= s_box[k[12]];
  698     *rc = f2( *rc );
  699 
  700     for(cc = 4; cc < 16; cc += 4 )
  701     {
  702         k[cc + 0] ^= k[cc - 4];
  703         k[cc + 1] ^= k[cc - 3];
  704         k[cc + 2] ^= k[cc - 2];
  705         k[cc + 3] ^= k[cc - 1];
  706     }
  707 }
  708 
  709 /*  Encrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
  710 
  711 void aes_encrypt_128( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
  712                      const unsigned char key[N_BLOCK], unsigned char o_key[N_BLOCK] )
  713 {   uint_8t s1[N_BLOCK], r, rc = 1;
  714 
  715     if(o_key != key)
  716         block16_copy( o_key, key );
  717     copy_and_key( s1, in, o_key );
  718 
  719     for( r = 1 ; r < 10 ; ++r )
  720 #if defined( VERSION_1 )
  721     {
  722         mix_sub_columns( s1 );
  723         update_encrypt_key_128( o_key, &rc );
  724         add_round_key( s1, o_key );
  725     }
  726 #else
  727     {   uint_8t s2[N_BLOCK];
  728         mix_sub_columns( s2, s1 );
  729         update_encrypt_key_128( o_key, &rc );
  730         copy_and_key( s1, s2, o_key );
  731     }
  732 #endif
  733 
  734     shift_sub_rows( s1 );
  735     update_encrypt_key_128( o_key, &rc );
  736     copy_and_key( out, s1, o_key );
  737 }
  738 
  739 #endif
  740 
  741 #if defined( AES_DEC_128_OTFK )
  742 
  743 /*  The 'on the fly' decryption key update for for 128 bit keys */
  744 
  745 static void update_decrypt_key_128( uint_8t k[N_BLOCK], uint_8t *rc )
  746 {   uint_8t cc;
  747 
  748     for( cc = 12; cc > 0; cc -= 4 )
  749     {
  750         k[cc + 0] ^= k[cc - 4];
  751         k[cc + 1] ^= k[cc - 3];
  752         k[cc + 2] ^= k[cc - 2];
  753         k[cc + 3] ^= k[cc - 1];
  754     }
  755     *rc = d2(*rc);
  756     k[0] ^= s_box[k[13]] ^ *rc;
  757     k[1] ^= s_box[k[14]];
  758     k[2] ^= s_box[k[15]];
  759     k[3] ^= s_box[k[12]];
  760 }
  761 
  762 /*  Decrypt a single block of 16 bytes with 'on the fly' 128 bit keying */
  763 
  764 void aes_decrypt_128( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
  765                       const unsigned char key[N_BLOCK], unsigned char o_key[N_BLOCK] )
  766 {
  767     uint_8t s1[N_BLOCK], r, rc = 0x6c;
  768     if(o_key != key)
  769         block16_copy( o_key, key );
  770 
  771     copy_and_key( s1, in, o_key );
  772     inv_shift_sub_rows( s1 );
  773 
  774     for( r = 10 ; --r ; )
  775 #if defined( VERSION_1 )
  776     {
  777         update_decrypt_key_128( o_key, &rc );
  778         add_round_key( s1, o_key );
  779         inv_mix_sub_columns( s1 );
  780     }
  781 #else
  782     {   uint_8t s2[N_BLOCK];
  783         update_decrypt_key_128( o_key, &rc );
  784         copy_and_key( s2, s1, o_key );
  785         inv_mix_sub_columns( s1, s2 );
  786     }
  787 #endif
  788     update_decrypt_key_128( o_key, &rc );
  789     copy_and_key( out, s1, o_key );
  790 }
  791 
  792 #endif
  793 
  794 #if defined( AES_ENC_256_OTFK )
  795 
  796 /*  The 'on the fly' encryption key update for for 256 bit keys */
  797 
  798 static void update_encrypt_key_256( uint_8t k[2 * N_BLOCK], uint_8t *rc )
  799 {   uint_8t cc;
  800 
  801     k[0] ^= s_box[k[29]] ^ *rc;
  802     k[1] ^= s_box[k[30]];
  803     k[2] ^= s_box[k[31]];
  804     k[3] ^= s_box[k[28]];
  805     *rc = f2( *rc );
  806 
  807     for(cc = 4; cc < 16; cc += 4)
  808     {
  809         k[cc + 0] ^= k[cc - 4];
  810         k[cc + 1] ^= k[cc - 3];
  811         k[cc + 2] ^= k[cc - 2];
  812         k[cc + 3] ^= k[cc - 1];
  813     }
  814 
  815     k[16] ^= s_box[k[12]];
  816     k[17] ^= s_box[k[13]];
  817     k[18] ^= s_box[k[14]];
  818     k[19] ^= s_box[k[15]];
  819 
  820     for( cc = 20; cc < 32; cc += 4 )
  821     {
  822         k[cc + 0] ^= k[cc - 4];
  823         k[cc + 1] ^= k[cc - 3];
  824         k[cc + 2] ^= k[cc - 2];
  825         k[cc + 3] ^= k[cc - 1];
  826     }
  827 }
  828 
  829 /*  Encrypt a single block of 16 bytes with 'on the fly' 256 bit keying */
  830 
  831 void aes_encrypt_256( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
  832                       const unsigned char key[2 * N_BLOCK], unsigned char o_key[2 * N_BLOCK] )
  833 {
  834     uint_8t s1[N_BLOCK], r, rc = 1;
  835     if(o_key != key)
  836     {
  837         block16_copy( o_key, key );
  838         block16_copy( o_key + 16, key + 16 );
  839     }
  840     copy_and_key( s1, in, o_key );
  841 
  842     for( r = 1 ; r < 14 ; ++r )
  843 #if defined( VERSION_1 )
  844     {
  845         mix_sub_columns(s1);
  846         if( r & 1 )
  847             add_round_key( s1, o_key + 16 );
  848         else
  849         {
  850             update_encrypt_key_256( o_key, &rc );
  851             add_round_key( s1, o_key );
  852         }
  853     }
  854 #else
  855     {   uint_8t s2[N_BLOCK];
  856         mix_sub_columns( s2, s1 );
  857         if( r & 1 )
  858             copy_and_key( s1, s2, o_key + 16 );
  859         else
  860         {
  861             update_encrypt_key_256( o_key, &rc );
  862             copy_and_key( s1, s2, o_key );
  863         }
  864     }
  865 #endif
  866 
  867     shift_sub_rows( s1 );
  868     update_encrypt_key_256( o_key, &rc );
  869     copy_and_key( out, s1, o_key );
  870 }
  871 
  872 #endif
  873 
  874 #if defined( AES_DEC_256_OTFK )
  875 
  876 /*  The 'on the fly' encryption key update for for 256 bit keys */
  877 
  878 static void update_decrypt_key_256( uint_8t k[2 * N_BLOCK], uint_8t *rc )
  879 {   uint_8t cc;
  880 
  881     for(cc = 28; cc > 16; cc -= 4)
  882     {
  883         k[cc + 0] ^= k[cc - 4];
  884         k[cc + 1] ^= k[cc - 3];
  885         k[cc + 2] ^= k[cc - 2];
  886         k[cc + 3] ^= k[cc - 1];
  887     }
  888 
  889     k[16] ^= s_box[k[12]];
  890     k[17] ^= s_box[k[13]];
  891     k[18] ^= s_box[k[14]];
  892     k[19] ^= s_box[k[15]];
  893 
  894     for(cc = 12; cc > 0; cc -= 4)
  895     {
  896         k[cc + 0] ^= k[cc - 4];
  897         k[cc + 1] ^= k[cc - 3];
  898         k[cc + 2] ^= k[cc - 2];
  899         k[cc + 3] ^= k[cc - 1];
  900     }
  901 
  902     *rc = d2(*rc);
  903     k[0] ^= s_box[k[29]] ^ *rc;
  904     k[1] ^= s_box[k[30]];
  905     k[2] ^= s_box[k[31]];
  906     k[3] ^= s_box[k[28]];
  907 }
  908 
  909 /*  Decrypt a single block of 16 bytes with 'on the fly'
  910     256 bit keying
  911 */
  912 void aes_decrypt_256( const unsigned char in[N_BLOCK], unsigned char out[N_BLOCK],
  913                       const unsigned char key[2 * N_BLOCK], unsigned char o_key[2 * N_BLOCK] )
  914 {
  915     uint_8t s1[N_BLOCK], r, rc = 0x80;
  916 
  917     if(o_key != key)
  918     {
  919         block16_copy( o_key, key );
  920         block16_copy( o_key + 16, key + 16 );
  921     }
  922 
  923     copy_and_key( s1, in, o_key );
  924     inv_shift_sub_rows( s1 );
  925 
  926     for( r = 14 ; --r ; )
  927 #if defined( VERSION_1 )
  928     {
  929         if( ( r & 1 ) )
  930         {
  931             update_decrypt_key_256( o_key, &rc );
  932             add_round_key( s1, o_key + 16 );
  933         }
  934         else
  935             add_round_key( s1, o_key );
  936         inv_mix_sub_columns( s1 );
  937     }
  938 #else
  939     {   uint_8t s2[N_BLOCK];
  940         if( ( r & 1 ) )
  941         {
  942             update_decrypt_key_256( o_key, &rc );
  943             copy_and_key( s2, s1, o_key + 16 );
  944         }
  945         else
  946             copy_and_key( s2, s1, o_key );
  947         inv_mix_sub_columns( s1, s2 );
  948     }
  949 #endif
  950     copy_and_key( out, s1, o_key );
  951 }
  952 
  953 #endif