"Fossies" - the Fresh Open Source Software Archive

Member "src/Crypto/Aeskey.c" (10 Oct 2018, 16363 Bytes) of package /windows/misc/VeraCrypt_1.23-Hotfix-2_Source.zip:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "Aeskey.c" see the Fossies "Dox" file reference documentation.

    1 /*
    2  ---------------------------------------------------------------------------
    3  Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
    4 
    5  LICENSE TERMS
    6 
    7  The free distribution and use of this software is allowed (with or without
    8  changes) provided that:
    9 
   10   1. source code distributions include the above copyright notice, this
   11      list of conditions and the following disclaimer;
   12 
   13   2. binary distributions include the above copyright notice, this list
   14      of conditions and the following disclaimer in their documentation;
   15 
   16   3. the name of the copyright holder is not used to endorse products
   17      built using this software without specific written permission.
   18 
   19  DISCLAIMER
   20 
   21  This software is provided 'as is' with no explicit or implied warranties
   22  in respect of its properties, including, but not limited to, correctness
   23  and/or fitness for purpose.
   24  ---------------------------------------------------------------------------
   25  Issue Date: 20/12/2007
   26 */
   27 
   28 #include "Aesopt.h"
   29 #include "Aestab.h"
   30 
   31 #ifdef USE_VIA_ACE_IF_PRESENT
   32 #  include "aes_via_ace.h"
   33 #endif
   34 
   35 #if defined(__cplusplus)
   36 extern "C"
   37 {
   38 #endif
   39 
   40 /* Initialise the key schedule from the user supplied key. The key
   41    length can be specified in bytes, with legal values of 16, 24
   42    and 32, or in bits, with legal values of 128, 192 and 256. These
   43    values correspond with Nk values of 4, 6 and 8 respectively.
   44 
   45    The following macros implement a single cycle in the key
   46    schedule generation process. The number of cycles needed
   47    for each cx->n_col and nk value is:
   48 
   49     nk =             4  5  6  7  8
   50     ------------------------------
   51     cx->n_col = 4   10  9  8  7  7
   52     cx->n_col = 5   14 11 10  9  9
   53     cx->n_col = 6   19 15 12 11 11
   54     cx->n_col = 7   21 19 16 13 14
   55     cx->n_col = 8   29 23 19 17 14
   56 */
   57 
   58 #if (FUNCS_IN_C & ENC_KEYING_IN_C)
   59 
   60 #if defined(AES_128) || defined(AES_VAR)
   61 
   62 #define ke4(k,i) \
   63 {   k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
   64     k[4*(i)+5] = ss[1] ^= ss[0]; \
   65     k[4*(i)+6] = ss[2] ^= ss[1]; \
   66     k[4*(i)+7] = ss[3] ^= ss[2]; \
   67 }
   68 
   69 AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
   70 {   uint_32t    ss[4];
   71 
   72     cx->ks[0] = ss[0] = word_in(key, 0);
   73     cx->ks[1] = ss[1] = word_in(key, 1);
   74     cx->ks[2] = ss[2] = word_in(key, 2);
   75     cx->ks[3] = ss[3] = word_in(key, 3);
   76 
   77 #if ENC_UNROLL == NONE
   78     {   uint_32t i;
   79         for(i = 0; i < 9; ++i)
   80             ke4(cx->ks, i);
   81     }
   82 #else
   83     ke4(cx->ks, 0);  ke4(cx->ks, 1);
   84     ke4(cx->ks, 2);  ke4(cx->ks, 3);
   85     ke4(cx->ks, 4);  ke4(cx->ks, 5);
   86     ke4(cx->ks, 6);  ke4(cx->ks, 7);
   87     ke4(cx->ks, 8);
   88 #endif
   89     ke4(cx->ks, 9);
   90     cx->inf.l = 0;
   91     cx->inf.b[0] = 10 * 16;
   92 
   93 #ifdef USE_VIA_ACE_IF_PRESENT
   94     if(VIA_ACE_AVAILABLE)
   95         cx->inf.b[1] = 0xff;
   96 #endif
   97 
   98 #if defined( AES_ERR_CHK )
   99     return EXIT_SUCCESS;
  100 #endif
  101 }
  102 
  103 #endif
  104 
  105 #if defined(AES_192) || defined(AES_VAR)
  106 
  107 #define kef6(k,i) \
  108 {   k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
  109     k[6*(i)+ 7] = ss[1] ^= ss[0]; \
  110     k[6*(i)+ 8] = ss[2] ^= ss[1]; \
  111     k[6*(i)+ 9] = ss[3] ^= ss[2]; \
  112 }
  113 
  114 #define ke6(k,i) \
  115 {   kef6(k,i); \
  116     k[6*(i)+10] = ss[4] ^= ss[3]; \
  117     k[6*(i)+11] = ss[5] ^= ss[4]; \
  118 }
  119 
  120 AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
  121 {   uint_32t    ss[6];
  122 
  123     cx->ks[0] = ss[0] = word_in(key, 0);
  124     cx->ks[1] = ss[1] = word_in(key, 1);
  125     cx->ks[2] = ss[2] = word_in(key, 2);
  126     cx->ks[3] = ss[3] = word_in(key, 3);
  127     cx->ks[4] = ss[4] = word_in(key, 4);
  128     cx->ks[5] = ss[5] = word_in(key, 5);
  129 
  130 #if ENC_UNROLL == NONE
  131     {   uint_32t i;
  132         for(i = 0; i < 7; ++i)
  133             ke6(cx->ks, i);
  134     }
  135 #else
  136     ke6(cx->ks, 0);  ke6(cx->ks, 1);
  137     ke6(cx->ks, 2);  ke6(cx->ks, 3);
  138     ke6(cx->ks, 4);  ke6(cx->ks, 5);
  139     ke6(cx->ks, 6);
  140 #endif
  141     kef6(cx->ks, 7);
  142     cx->inf.l = 0;
  143     cx->inf.b[0] = 12 * 16;
  144 
  145 #ifdef USE_VIA_ACE_IF_PRESENT
  146     if(VIA_ACE_AVAILABLE)
  147         cx->inf.b[1] = 0xff;
  148 #endif
  149 
  150 #if defined( AES_ERR_CHK )
  151     return EXIT_SUCCESS;
  152 #endif
  153 }
  154 
  155 #endif
  156 
  157 #if defined(AES_256) || defined(AES_VAR)
  158 
  159 #define kef8(k,i) \
  160 {   k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
  161     k[8*(i)+ 9] = ss[1] ^= ss[0]; \
  162     k[8*(i)+10] = ss[2] ^= ss[1]; \
  163     k[8*(i)+11] = ss[3] ^= ss[2]; \
  164 }
  165 
  166 #define ke8(k,i) \
  167 {   kef8(k,i); \
  168     k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
  169     k[8*(i)+13] = ss[5] ^= ss[4]; \
  170     k[8*(i)+14] = ss[6] ^= ss[5]; \
  171     k[8*(i)+15] = ss[7] ^= ss[6]; \
  172 }
  173 
  174 AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
  175 {   uint_32t    ss[8];
  176 
  177     cx->ks[0] = ss[0] = word_in(key, 0);
  178     cx->ks[1] = ss[1] = word_in(key, 1);
  179     cx->ks[2] = ss[2] = word_in(key, 2);
  180     cx->ks[3] = ss[3] = word_in(key, 3);
  181     cx->ks[4] = ss[4] = word_in(key, 4);
  182     cx->ks[5] = ss[5] = word_in(key, 5);
  183     cx->ks[6] = ss[6] = word_in(key, 6);
  184     cx->ks[7] = ss[7] = word_in(key, 7);
  185 
  186 #if ENC_UNROLL == NONE
  187     {   uint_32t i;
  188         for(i = 0; i < 6; ++i)
  189             ke8(cx->ks,  i);
  190     }
  191 #else
  192     ke8(cx->ks, 0); ke8(cx->ks, 1);
  193     ke8(cx->ks, 2); ke8(cx->ks, 3);
  194     ke8(cx->ks, 4); ke8(cx->ks, 5);
  195 #endif
  196     kef8(cx->ks, 6);
  197     cx->inf.l = 0;
  198     cx->inf.b[0] = 14 * 16;
  199 
  200 #ifdef USE_VIA_ACE_IF_PRESENT
  201     if(VIA_ACE_AVAILABLE)
  202         cx->inf.b[1] = 0xff;
  203 #endif
  204 
  205 #if defined( AES_ERR_CHK )
  206     return EXIT_SUCCESS;
  207 #endif
  208 }
  209 
  210 #endif
  211 
  212 #if defined(AES_VAR)
  213 
  214 AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
  215 {
  216     switch(key_len)
  217     {
  218 #if defined( AES_ERR_CHK )
  219     case 16: case 128: return aes_encrypt_key128(key, cx);
  220     case 24: case 192: return aes_encrypt_key192(key, cx);
  221     case 32: case 256: return aes_encrypt_key256(key, cx);
  222     default: return EXIT_FAILURE;
  223 #else
  224     case 16: case 128: aes_encrypt_key128(key, cx); return;
  225     case 24: case 192: aes_encrypt_key192(key, cx); return;
  226     case 32: case 256: aes_encrypt_key256(key, cx); return;
  227 #endif
  228     }
  229 }
  230 
  231 #endif
  232 
  233 #endif
  234 
  235 #if (FUNCS_IN_C & DEC_KEYING_IN_C)
  236 
  237 /* this is used to store the decryption round keys  */
  238 /* in forward or reverse order                      */
  239 
  240 #ifdef AES_REV_DKS
  241 #define v(n,i)  ((n) - (i) + 2 * ((i) & 3))
  242 #else
  243 #define v(n,i)  (i)
  244 #endif
  245 
  246 #if DEC_ROUND == NO_TABLES
  247 #define ff(x)   (x)
  248 #else
  249 #define ff(x)   inv_mcol(x)
  250 #if defined( dec_imvars )
  251 #define d_vars  dec_imvars
  252 #endif
  253 #endif
  254 
  255 #if defined(AES_128) || defined(AES_VAR)
  256 
  257 #define k4e(k,i) \
  258 {   k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
  259     k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
  260     k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
  261     k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
  262 }
  263 
  264 #if 1
  265 
  266 #define kdf4(k,i) \
  267 {   ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
  268     ss[1] = ss[1] ^ ss[3]; \
  269     ss[2] = ss[2] ^ ss[3]; \
  270     ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
  271     ss[i % 4] ^= ss[4]; \
  272     ss[4] ^= k[v(40,(4*(i)))];   k[v(40,(4*(i))+4)] = ff(ss[4]); \
  273     ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
  274     ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
  275     ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
  276 }
  277 
  278 #define kd4(k,i) \
  279 {   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
  280     ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
  281     k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
  282     k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
  283     k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
  284     k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
  285 }
  286 
  287 #define kdl4(k,i) \
  288 {   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
  289     k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
  290     k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
  291     k[v(40,(4*(i))+6)] = ss[0]; \
  292     k[v(40,(4*(i))+7)] = ss[1]; \
  293 }
  294 
  295 #else
  296 
  297 #define kdf4(k,i) \
  298 {   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
  299     ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
  300     ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
  301     ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
  302 }
  303 
  304 #define kd4(k,i) \
  305 {   ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
  306     ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
  307     ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
  308     ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
  309     ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
  310 }
  311 
  312 #define kdl4(k,i) \
  313 {   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
  314     ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
  315     ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
  316     ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
  317 }
  318 
  319 #endif
  320 
  321 AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
  322 {   uint_32t    ss[5];
  323 #if defined( d_vars )
  324         d_vars;
  325 #endif
  326     cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
  327     cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
  328     cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
  329     cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
  330 
  331 #if DEC_UNROLL == NONE
  332     {   uint_32t i;
  333         for(i = 0; i < 10; ++i)
  334             k4e(cx->ks, i);
  335 #if !(DEC_ROUND == NO_TABLES)
  336         for(i = N_COLS; i < 10 * N_COLS; ++i)
  337             cx->ks[i] = inv_mcol(cx->ks[i]);
  338 #endif
  339     }
  340 #else
  341     kdf4(cx->ks, 0);  kd4(cx->ks, 1);
  342      kd4(cx->ks, 2);  kd4(cx->ks, 3);
  343      kd4(cx->ks, 4);  kd4(cx->ks, 5);
  344      kd4(cx->ks, 6);  kd4(cx->ks, 7);
  345      kd4(cx->ks, 8); kdl4(cx->ks, 9);
  346 #endif
  347     cx->inf.l = 0;
  348     cx->inf.b[0] = 10 * 16;
  349 
  350 #ifdef USE_VIA_ACE_IF_PRESENT
  351     if(VIA_ACE_AVAILABLE)
  352         cx->inf.b[1] = 0xff;
  353 #endif
  354 
  355 #if defined( AES_ERR_CHK )
  356     return EXIT_SUCCESS;
  357 #endif
  358 }
  359 
  360 #endif
  361 
  362 #if defined(AES_192) || defined(AES_VAR)
  363 
  364 #define k6ef(k,i) \
  365 {   k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
  366     k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
  367     k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
  368     k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
  369 }
  370 
  371 #define k6e(k,i) \
  372 {   k6ef(k,i); \
  373     k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
  374     k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
  375 }
  376 
  377 #define kdf6(k,i) \
  378 {   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
  379     ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
  380     ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
  381     ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
  382     ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
  383     ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
  384 }
  385 
  386 #define kd6(k,i) \
  387 {   ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
  388     ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
  389     ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
  390     ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
  391     ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
  392     ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
  393     ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
  394 }
  395 
  396 #define kdl6(k,i) \
  397 {   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
  398     ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
  399     ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
  400     ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
  401 }
  402 
  403 AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
  404 {   uint_32t    ss[7];
  405 #if defined( d_vars )
  406         d_vars;
  407 #endif
  408     cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
  409     cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
  410     cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
  411     cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
  412 
  413 #if DEC_UNROLL == NONE
  414     cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
  415     cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
  416     {   uint_32t i;
  417 
  418         for(i = 0; i < 7; ++i)
  419             k6e(cx->ks, i);
  420         k6ef(cx->ks, 7);
  421 #if !(DEC_ROUND == NO_TABLES)
  422         for(i = N_COLS; i < 12 * N_COLS; ++i)
  423             cx->ks[i] = inv_mcol(cx->ks[i]);
  424 #endif
  425     }
  426 #else
  427     cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
  428     cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
  429     kdf6(cx->ks, 0); kd6(cx->ks, 1);
  430     kd6(cx->ks, 2);  kd6(cx->ks, 3);
  431     kd6(cx->ks, 4);  kd6(cx->ks, 5);
  432     kd6(cx->ks, 6); kdl6(cx->ks, 7);
  433 #endif
  434     cx->inf.l = 0;
  435     cx->inf.b[0] = 12 * 16;
  436 
  437 #ifdef USE_VIA_ACE_IF_PRESENT
  438     if(VIA_ACE_AVAILABLE)
  439         cx->inf.b[1] = 0xff;
  440 #endif
  441 
  442 #if defined( AES_ERR_CHK )
  443     return EXIT_SUCCESS;
  444 #endif
  445 }
  446 
  447 #endif
  448 
  449 #if defined(AES_256) || defined(AES_VAR)
  450 
  451 #define k8ef(k,i) \
  452 {   k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
  453     k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
  454     k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
  455     k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
  456 }
  457 
  458 #define k8e(k,i) \
  459 {   k8ef(k,i); \
  460     k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
  461     k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
  462     k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
  463     k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
  464 }
  465 
  466 #define kdf8(k,i) \
  467 {   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
  468     ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
  469     ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
  470     ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
  471     ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
  472     ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
  473     ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
  474     ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
  475 }
  476 
  477 #define kd8(k,i) \
  478 {   ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
  479     ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
  480     ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
  481     ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
  482     ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
  483     ss[8] = ls_box(ss[3],0); \
  484     ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
  485     ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
  486     ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
  487     ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
  488 }
  489 
  490 #define kdl8(k,i) \
  491 {   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
  492     ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
  493     ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
  494     ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
  495 }
  496 
  497 AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
  498 {   uint_32t    ss[9];
  499 #if defined( d_vars )
  500         d_vars;
  501 #endif
  502     cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
  503     cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
  504     cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
  505     cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
  506 
  507 #if DEC_UNROLL == NONE
  508     cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
  509     cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
  510     cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
  511     cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
  512     {   uint_32t i;
  513 
  514         for(i = 0; i < 6; ++i)
  515             k8e(cx->ks,  i);
  516         k8ef(cx->ks,  6);
  517 #if !(DEC_ROUND == NO_TABLES)
  518         for(i = N_COLS; i < 14 * N_COLS; ++i)
  519             cx->ks[i] = inv_mcol(cx->ks[i]);
  520 
  521 #endif
  522     }
  523 #else
  524     ss[4] = word_in(key, 4); cx->ks[v(56,(4))] = ff(ss[4]);
  525     ss[5] = word_in(key, 5); cx->ks[v(56,(5))] = ff(ss[5]);
  526     ss[6] = word_in(key, 6); cx->ks[v(56,(6))] = ff(ss[6]);
  527     ss[7] = word_in(key, 7); cx->ks[v(56,(7))] = ff(ss[7]);
  528     kdf8(cx->ks, 0); kd8(cx->ks, 1);
  529     kd8(cx->ks, 2);  kd8(cx->ks, 3);
  530     kd8(cx->ks, 4);  kd8(cx->ks, 5);
  531     kdl8(cx->ks, 6);
  532 #endif
  533     cx->inf.l = 0;
  534     cx->inf.b[0] = 14 * 16;
  535 
  536 #ifdef USE_VIA_ACE_IF_PRESENT
  537     if(VIA_ACE_AVAILABLE)
  538         cx->inf.b[1] = 0xff;
  539 #endif
  540 
  541 #if defined( AES_ERR_CHK )
  542     return EXIT_SUCCESS;
  543 #endif
  544 }
  545 
  546 #endif
  547 
  548 #if defined(AES_VAR)
  549 
  550 AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
  551 {
  552     switch(key_len)
  553     {
  554 #if defined( AES_ERR_CHK )
  555     case 16: case 128: return aes_decrypt_key128(key, cx);
  556     case 24: case 192: return aes_decrypt_key192(key, cx);
  557     case 32: case 256: return aes_decrypt_key256(key, cx);
  558     default: return EXIT_FAILURE;
  559 #else
  560     case 16: case 128: aes_decrypt_key128(key, cx); return;
  561     case 24: case 192: aes_decrypt_key192(key, cx); return;
  562     case 32: case 256: aes_decrypt_key256(key, cx); return;
  563 #endif
  564     }
  565 }
  566 
  567 #endif
  568 
  569 #endif
  570 
  571 #if defined(__cplusplus)
  572 }
  573 #endif