2 ---------------------------------------------------------------------------
\r
3 Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
\r
7 The redistribution and use of this software (with or without changes)
\r
8 is allowed without the payment of fees or royalties provided that:
\r
10 1. source code distributions include the above copyright notice, this
\r
11 list of conditions and the following disclaimer;
\r
13 2. binary distributions include the above copyright notice, this list
\r
14 of conditions and the following disclaimer in their documentation;
\r
16 3. the name of the copyright holder is not used to endorse products
\r
17 built using this software without specific written permission.
\r
21 This software is provided 'as is' with no explicit or implied warranties
\r
22 in respect of its properties, including, but not limited to, correctness
\r
23 and/or fitness for purpose.
\r
24 ---------------------------------------------------------------------------
\r
25 Issue Date: 20/12/2007
\r
31 #ifdef USE_VIA_ACE_IF_PRESENT
\r
32 # include "aes_via_ace.h"
\r
35 #if defined(__cplusplus)
\r
40 /* Initialise the key schedule from the user supplied key. The key
\r
41 length can be specified in bytes, with legal values of 16, 24
\r
42 and 32, or in bits, with legal values of 128, 192 and 256. These
\r
43 values correspond with Nk values of 4, 6 and 8 respectively.
\r
45 The following macros implement a single cycle in the key
\r
46 schedule generation process. The number of cycles needed
\r
47 for each cx->n_col and nk value is:
\r
50 ------------------------------
\r
51 cx->n_col = 4 10 9 8 7 7
\r
52 cx->n_col = 5 14 11 10 9 9
\r
53 cx->n_col = 6 19 15 12 11 11
\r
54 cx->n_col = 7 21 19 16 13 14
\r
55 cx->n_col = 8 29 23 19 17 14
\r
58 #if defined( REDUCE_CODE_SIZE )
\r
59 # define ls_box ls_sub
\r
60 uint_32t ls_sub(const uint_32t t, const uint_32t n);
\r
61 # define inv_mcol im_sub
\r
62 uint_32t im_sub(const uint_32t x);
\r
63 # ifdef ENC_KS_UNROLL
\r
64 # undef ENC_KS_UNROLL
\r
66 # ifdef DEC_KS_UNROLL
\r
67 # undef DEC_KS_UNROLL
\r
71 #if (FUNCS_IN_C & ENC_KEYING_IN_C)
\r
73 #if defined(AES_128) || defined( AES_VAR )
\r
76 { k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
\r
77 k[4*(i)+5] = ss[1] ^= ss[0]; \
\r
78 k[4*(i)+6] = ss[2] ^= ss[1]; \
\r
79 k[4*(i)+7] = ss[3] ^= ss[2]; \
\r
82 AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
\r
85 cx->ks[0] = ss[0] = word_in(key, 0);
\r
86 cx->ks[1] = ss[1] = word_in(key, 1);
\r
87 cx->ks[2] = ss[2] = word_in(key, 2);
\r
88 cx->ks[3] = ss[3] = word_in(key, 3);
\r
90 #ifdef ENC_KS_UNROLL
\r
91 ke4(cx->ks, 0); ke4(cx->ks, 1);
\r
92 ke4(cx->ks, 2); ke4(cx->ks, 3);
\r
93 ke4(cx->ks, 4); ke4(cx->ks, 5);
\r
94 ke4(cx->ks, 6); ke4(cx->ks, 7);
\r
98 for(i = 0; i < 9; ++i)
\r
104 cx->inf.b[0] = 10 * 16;
\r
106 #ifdef USE_VIA_ACE_IF_PRESENT
\r
107 if(VIA_ACE_AVAILABLE)
\r
108 cx->inf.b[1] = 0xff;
\r
110 return EXIT_SUCCESS;
\r
115 #if defined(AES_192) || defined( AES_VAR )
\r
117 #define kef6(k,i) \
\r
118 { k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
\r
119 k[6*(i)+ 7] = ss[1] ^= ss[0]; \
\r
120 k[6*(i)+ 8] = ss[2] ^= ss[1]; \
\r
121 k[6*(i)+ 9] = ss[3] ^= ss[2]; \
\r
126 k[6*(i)+10] = ss[4] ^= ss[3]; \
\r
127 k[6*(i)+11] = ss[5] ^= ss[4]; \
\r
130 AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
\r
133 cx->ks[0] = ss[0] = word_in(key, 0);
\r
134 cx->ks[1] = ss[1] = word_in(key, 1);
\r
135 cx->ks[2] = ss[2] = word_in(key, 2);
\r
136 cx->ks[3] = ss[3] = word_in(key, 3);
\r
137 cx->ks[4] = ss[4] = word_in(key, 4);
\r
138 cx->ks[5] = ss[5] = word_in(key, 5);
\r
140 #ifdef ENC_KS_UNROLL
\r
141 ke6(cx->ks, 0); ke6(cx->ks, 1);
\r
142 ke6(cx->ks, 2); ke6(cx->ks, 3);
\r
143 ke6(cx->ks, 4); ke6(cx->ks, 5);
\r
147 for(i = 0; i < 7; ++i)
\r
153 cx->inf.b[0] = 12 * 16;
\r
155 #ifdef USE_VIA_ACE_IF_PRESENT
\r
156 if(VIA_ACE_AVAILABLE)
\r
157 cx->inf.b[1] = 0xff;
\r
159 return EXIT_SUCCESS;
\r
164 #if defined(AES_256) || defined( AES_VAR )
\r
166 #define kef8(k,i) \
\r
167 { k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
\r
168 k[8*(i)+ 9] = ss[1] ^= ss[0]; \
\r
169 k[8*(i)+10] = ss[2] ^= ss[1]; \
\r
170 k[8*(i)+11] = ss[3] ^= ss[2]; \
\r
175 k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
\r
176 k[8*(i)+13] = ss[5] ^= ss[4]; \
\r
177 k[8*(i)+14] = ss[6] ^= ss[5]; \
\r
178 k[8*(i)+15] = ss[7] ^= ss[6]; \
\r
181 AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
\r
184 cx->ks[0] = ss[0] = word_in(key, 0);
\r
185 cx->ks[1] = ss[1] = word_in(key, 1);
\r
186 cx->ks[2] = ss[2] = word_in(key, 2);
\r
187 cx->ks[3] = ss[3] = word_in(key, 3);
\r
188 cx->ks[4] = ss[4] = word_in(key, 4);
\r
189 cx->ks[5] = ss[5] = word_in(key, 5);
\r
190 cx->ks[6] = ss[6] = word_in(key, 6);
\r
191 cx->ks[7] = ss[7] = word_in(key, 7);
\r
193 #ifdef ENC_KS_UNROLL
\r
194 ke8(cx->ks, 0); ke8(cx->ks, 1);
\r
195 ke8(cx->ks, 2); ke8(cx->ks, 3);
\r
196 ke8(cx->ks, 4); ke8(cx->ks, 5);
\r
199 for(i = 0; i < 6; ++i)
\r
205 cx->inf.b[0] = 14 * 16;
\r
207 #ifdef USE_VIA_ACE_IF_PRESENT
\r
208 if(VIA_ACE_AVAILABLE)
\r
209 cx->inf.b[1] = 0xff;
\r
211 return EXIT_SUCCESS;
\r
216 #if defined( AES_VAR )
\r
218 AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
\r
222 case 16: case 128: return aes_encrypt_key128(key, cx);
\r
223 case 24: case 192: return aes_encrypt_key192(key, cx);
\r
224 case 32: case 256: return aes_encrypt_key256(key, cx);
\r
225 default: return EXIT_FAILURE;
\r
233 #if (FUNCS_IN_C & DEC_KEYING_IN_C)
\r
235 /* this is used to store the decryption round keys */
\r
236 /* in forward or reverse order */
\r
239 #define v(n,i) ((n) - (i) + 2 * ((i) & 3))
\r
244 #if DEC_ROUND == NO_TABLES
\r
247 #define ff(x) inv_mcol(x)
\r
248 #if defined( dec_imvars )
\r
249 #define d_vars dec_imvars
\r
253 #if defined(AES_128) || defined( AES_VAR )
\r
256 { k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
\r
257 k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
\r
258 k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
\r
259 k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
\r
264 #define kdf4(k,i) \
\r
265 { ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
\r
266 ss[1] = ss[1] ^ ss[3]; \
\r
267 ss[2] = ss[2] ^ ss[3]; \
\r
268 ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
\r
269 ss[i % 4] ^= ss[4]; \
\r
270 ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \
\r
271 ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
\r
272 ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
\r
273 ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
\r
277 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
\r
278 ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
\r
279 k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
\r
280 k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
\r
281 k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
\r
282 k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
\r
285 #define kdl4(k,i) \
\r
286 { ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
\r
287 k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
\r
288 k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
\r
289 k[v(40,(4*(i))+6)] = ss[0]; \
\r
290 k[v(40,(4*(i))+7)] = ss[1]; \
\r
295 #define kdf4(k,i) \
\r
296 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
\r
297 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
\r
298 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
\r
299 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
\r
303 { ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
\r
304 ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
\r
305 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
\r
306 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
\r
307 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
\r
310 #define kdl4(k,i) \
\r
311 { ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
\r
312 ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
\r
313 ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
\r
314 ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
\r
319 AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
\r
321 #if defined( d_vars )
\r
324 cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
\r
325 cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
\r
326 cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
\r
327 cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
\r
329 #ifdef DEC_KS_UNROLL
\r
330 kdf4(cx->ks, 0); kd4(cx->ks, 1);
\r
331 kd4(cx->ks, 2); kd4(cx->ks, 3);
\r
332 kd4(cx->ks, 4); kd4(cx->ks, 5);
\r
333 kd4(cx->ks, 6); kd4(cx->ks, 7);
\r
334 kd4(cx->ks, 8); kdl4(cx->ks, 9);
\r
337 for(i = 0; i < 10; ++i)
\r
339 #if !(DEC_ROUND == NO_TABLES)
\r
340 for(i = N_COLS; i < 10 * N_COLS; ++i)
\r
341 cx->ks[i] = inv_mcol(cx->ks[i]);
\r
346 cx->inf.b[0] = 10 * 16;
\r
348 #ifdef USE_VIA_ACE_IF_PRESENT
\r
349 if(VIA_ACE_AVAILABLE)
\r
350 cx->inf.b[1] = 0xff;
\r
352 return EXIT_SUCCESS;
\r
357 #if defined(AES_192) || defined( AES_VAR )
\r
359 #define k6ef(k,i) \
\r
360 { k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
\r
361 k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
\r
362 k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
\r
363 k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
\r
368 k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
\r
369 k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
\r
372 #define kdf6(k,i) \
\r
373 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
\r
374 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
\r
375 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
\r
376 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
\r
377 ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
\r
378 ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
\r
382 { ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
\r
383 ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
\r
384 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
\r
385 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
\r
386 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
\r
387 ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
\r
388 ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
\r
391 #define kdl6(k,i) \
\r
392 { ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
\r
393 ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
\r
394 ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
\r
395 ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
\r
398 AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
\r
400 #if defined( d_vars )
\r
403 cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
\r
404 cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
\r
405 cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
\r
406 cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
\r
408 #ifdef DEC_KS_UNROLL
\r
409 cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
\r
410 cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
\r
411 kdf6(cx->ks, 0); kd6(cx->ks, 1);
\r
412 kd6(cx->ks, 2); kd6(cx->ks, 3);
\r
413 kd6(cx->ks, 4); kd6(cx->ks, 5);
\r
414 kd6(cx->ks, 6); kdl6(cx->ks, 7);
\r
416 cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
\r
417 cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
\r
420 for(i = 0; i < 7; ++i)
\r
423 #if !(DEC_ROUND == NO_TABLES)
\r
424 for(i = N_COLS; i < 12 * N_COLS; ++i)
\r
425 cx->ks[i] = inv_mcol(cx->ks[i]);
\r
430 cx->inf.b[0] = 12 * 16;
\r
432 #ifdef USE_VIA_ACE_IF_PRESENT
\r
433 if(VIA_ACE_AVAILABLE)
\r
434 cx->inf.b[1] = 0xff;
\r
436 return EXIT_SUCCESS;
\r
441 #if defined(AES_256) || defined( AES_VAR )
\r
443 #define k8ef(k,i) \
\r
444 { k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
\r
445 k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
\r
446 k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
\r
447 k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
\r
452 k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
\r
453 k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
\r
454 k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
\r
455 k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
\r
458 #define kdf8(k,i) \
\r
459 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
\r
460 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
\r
461 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
\r
462 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
\r
463 ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
\r
464 ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
\r
465 ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
\r
466 ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
\r
470 { ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
\r
471 ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
\r
472 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
\r
473 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
\r
474 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
\r
475 ss[8] = ls_box(ss[3],0); \
\r
476 ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
\r
477 ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
\r
478 ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
\r
479 ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
\r
482 #define kdl8(k,i) \
\r
483 { ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
\r
484 ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
\r
485 ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
\r
486 ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
\r
489 AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
\r
491 #if defined( d_vars )
\r
494 cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
\r
495 cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
\r
496 cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
\r
497 cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
\r
499 #ifdef DEC_KS_UNROLL
\r
500 cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));
\r
501 cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));
\r
502 cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));
\r
503 cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));
\r
504 kdf8(cx->ks, 0); kd8(cx->ks, 1);
\r
505 kd8(cx->ks, 2); kd8(cx->ks, 3);
\r
506 kd8(cx->ks, 4); kd8(cx->ks, 5);
\r
509 cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
\r
510 cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
\r
511 cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
\r
512 cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
\r
515 for(i = 0; i < 6; ++i)
\r
518 #if !(DEC_ROUND == NO_TABLES)
\r
519 for(i = N_COLS; i < 14 * N_COLS; ++i)
\r
520 cx->ks[i] = inv_mcol(cx->ks[i]);
\r
525 cx->inf.b[0] = 14 * 16;
\r
527 #ifdef USE_VIA_ACE_IF_PRESENT
\r
528 if(VIA_ACE_AVAILABLE)
\r
529 cx->inf.b[1] = 0xff;
\r
531 return EXIT_SUCCESS;
\r
536 #if defined( AES_VAR )
\r
538 AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
\r
542 case 16: case 128: return aes_decrypt_key128(key, cx);
\r
543 case 24: case 192: return aes_decrypt_key192(key, cx);
\r
544 case 32: case 256: return aes_decrypt_key256(key, cx);
\r
545 default: return EXIT_FAILURE;
\r
553 #if defined(__cplusplus)
\r