Fix bugs of parsing LIST response from linux-ftpd.

[ffftp/ffftp.git] / aeskey.c

/*\r
 ---------------------------------------------------------------------------\r
 Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.\r
\r
 LICENSE TERMS\r
\r
 The redistribution and use of this software (with or without changes)\r
 is allowed without the payment of fees or royalties provided that:\r
\r
  1. source code distributions include the above copyright notice, this\r
     list of conditions and the following disclaimer;\r
\r
  2. binary distributions include the above copyright notice, this list\r
     of conditions and the following disclaimer in their documentation;\r
\r
  3. the name of the copyright holder is not used to endorse products\r
     built using this software without specific written permission.\r
\r
 DISCLAIMER\r
\r
 This software is provided 'as is' with no explicit or implied warranties\r
 in respect of its properties, including, but not limited to, correctness\r
 and/or fitness for purpose.\r
 ---------------------------------------------------------------------------\r
 Issue Date: 20/12/2007\r
*/\r
\r
#include "aesopt.h"\r
#include "aestab.h"\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
#  include "aes_via_ace.h"\r
#endif\r
\r
#if defined(__cplusplus)\r
extern "C"\r
{\r
#endif\r
\r
/* Initialise the key schedule from the user supplied key. The key\r
   length can be specified in bytes, with legal values of 16, 24\r
   and 32, or in bits, with legal values of 128, 192 and 256. These\r
   values correspond with Nk values of 4, 6 and 8 respectively.\r
\r
   The following macros implement a single cycle in the key\r
   schedule generation process. The number of cycles needed\r
   for each cx->n_col and nk value is:\r
\r
    nk =             4  5  6  7  8\r
    ------------------------------\r
    cx->n_col = 4   10  9  8  7  7\r
    cx->n_col = 5   14 11 10  9  9\r
    cx->n_col = 6   19 15 12 11 11\r
    cx->n_col = 7   21 19 16 13 14\r
    cx->n_col = 8   29 23 19 17 14\r
*/\r
\r
#if defined( REDUCE_CODE_SIZE )\r
#  define ls_box ls_sub\r
   uint_32t ls_sub(const uint_32t t, const uint_32t n);\r
#  define inv_mcol im_sub\r
   uint_32t im_sub(const uint_32t x);\r
#  ifdef ENC_KS_UNROLL\r
#    undef ENC_KS_UNROLL\r
#  endif\r
#  ifdef DEC_KS_UNROLL\r
#    undef DEC_KS_UNROLL\r
#  endif\r
#endif\r
\r
#if (FUNCS_IN_C & ENC_KEYING_IN_C)\r
\r
#if defined(AES_128) || defined( AES_VAR )\r
\r
#define ke4(k,i) \\r
{   k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \\r
    k[4*(i)+5] = ss[1] ^= ss[0]; \\r
    k[4*(i)+6] = ss[2] ^= ss[1]; \\r
    k[4*(i)+7] = ss[3] ^= ss[2]; \\r
}\r
\r
AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])\r
{   uint_32t    ss[4];\r
\r
    cx->ks[0] = ss[0] = word_in(key, 0);\r
    cx->ks[1] = ss[1] = word_in(key, 1);\r
    cx->ks[2] = ss[2] = word_in(key, 2);\r
    cx->ks[3] = ss[3] = word_in(key, 3);\r
\r
#ifdef ENC_KS_UNROLL\r
    ke4(cx->ks, 0);  ke4(cx->ks, 1);\r
    ke4(cx->ks, 2);  ke4(cx->ks, 3);\r
    ke4(cx->ks, 4);  ke4(cx->ks, 5);\r
    ke4(cx->ks, 6);  ke4(cx->ks, 7);\r
    ke4(cx->ks, 8);\r
#else\r
    {   uint_32t i;\r
        for(i = 0; i < 9; ++i)\r
            ke4(cx->ks, i);\r
    }\r
#endif\r
    ke4(cx->ks, 9);\r
    cx->inf.l = 0;\r
    cx->inf.b[0] = 10 * 16;\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
    if(VIA_ACE_AVAILABLE)\r
        cx->inf.b[1] = 0xff;\r
#endif\r
    return EXIT_SUCCESS;\r
}\r
\r
#endif\r
\r
#if defined(AES_192) || defined( AES_VAR )\r
\r
#define kef6(k,i) \\r
{   k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \\r
    k[6*(i)+ 7] = ss[1] ^= ss[0]; \\r
    k[6*(i)+ 8] = ss[2] ^= ss[1]; \\r
    k[6*(i)+ 9] = ss[3] ^= ss[2]; \\r
}\r
\r
#define ke6(k,i) \\r
{   kef6(k,i); \\r
    k[6*(i)+10] = ss[4] ^= ss[3]; \\r
    k[6*(i)+11] = ss[5] ^= ss[4]; \\r
}\r
\r
AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])\r
{   uint_32t    ss[6];\r
\r
    cx->ks[0] = ss[0] = word_in(key, 0);\r
    cx->ks[1] = ss[1] = word_in(key, 1);\r
    cx->ks[2] = ss[2] = word_in(key, 2);\r
    cx->ks[3] = ss[3] = word_in(key, 3);\r
    cx->ks[4] = ss[4] = word_in(key, 4);\r
    cx->ks[5] = ss[5] = word_in(key, 5);\r
\r
#ifdef ENC_KS_UNROLL\r
    ke6(cx->ks, 0);  ke6(cx->ks, 1);\r
    ke6(cx->ks, 2);  ke6(cx->ks, 3);\r
    ke6(cx->ks, 4);  ke6(cx->ks, 5);\r
    ke6(cx->ks, 6);\r
#else\r
    {   uint_32t i;\r
        for(i = 0; i < 7; ++i)\r
            ke6(cx->ks, i);\r
    }\r
#endif\r
    kef6(cx->ks, 7);\r
    cx->inf.l = 0;\r
    cx->inf.b[0] = 12 * 16;\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
    if(VIA_ACE_AVAILABLE)\r
        cx->inf.b[1] = 0xff;\r
#endif\r
    return EXIT_SUCCESS;\r
}\r
\r
#endif\r
\r
#if defined(AES_256) || defined( AES_VAR )\r
\r
#define kef8(k,i) \\r
{   k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \\r
    k[8*(i)+ 9] = ss[1] ^= ss[0]; \\r
    k[8*(i)+10] = ss[2] ^= ss[1]; \\r
    k[8*(i)+11] = ss[3] ^= ss[2]; \\r
}\r
\r
#define ke8(k,i) \\r
{   kef8(k,i); \\r
    k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \\r
    k[8*(i)+13] = ss[5] ^= ss[4]; \\r
    k[8*(i)+14] = ss[6] ^= ss[5]; \\r
    k[8*(i)+15] = ss[7] ^= ss[6]; \\r
}\r
\r
AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])\r
{   uint_32t    ss[8];\r
\r
    cx->ks[0] = ss[0] = word_in(key, 0);\r
    cx->ks[1] = ss[1] = word_in(key, 1);\r
    cx->ks[2] = ss[2] = word_in(key, 2);\r
    cx->ks[3] = ss[3] = word_in(key, 3);\r
    cx->ks[4] = ss[4] = word_in(key, 4);\r
    cx->ks[5] = ss[5] = word_in(key, 5);\r
    cx->ks[6] = ss[6] = word_in(key, 6);\r
    cx->ks[7] = ss[7] = word_in(key, 7);\r
\r
#ifdef ENC_KS_UNROLL\r
    ke8(cx->ks, 0); ke8(cx->ks, 1);\r
    ke8(cx->ks, 2); ke8(cx->ks, 3);\r
    ke8(cx->ks, 4); ke8(cx->ks, 5);\r
#else\r
    {   uint_32t i;\r
        for(i = 0; i < 6; ++i)\r
            ke8(cx->ks,  i);\r
    }\r
#endif\r
    kef8(cx->ks, 6);\r
    cx->inf.l = 0;\r
    cx->inf.b[0] = 14 * 16;\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
    if(VIA_ACE_AVAILABLE)\r
        cx->inf.b[1] = 0xff;\r
#endif\r
    return EXIT_SUCCESS;\r
}\r
\r
#endif\r
\r
#if defined( AES_VAR )\r
\r
AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])\r
{   \r
    switch(key_len)\r
    {\r
    case 16: case 128: return aes_encrypt_key128(key, cx);\r
    case 24: case 192: return aes_encrypt_key192(key, cx);\r
    case 32: case 256: return aes_encrypt_key256(key, cx);\r
    default: return EXIT_FAILURE;\r
    }\r
}\r
\r
#endif\r
\r
#endif\r
\r
#if (FUNCS_IN_C & DEC_KEYING_IN_C)\r
\r
/* this is used to store the decryption round keys  */\r
/* in forward or reverse order                      */\r
\r
#ifdef AES_REV_DKS\r
#define v(n,i)  ((n) - (i) + 2 * ((i) & 3))\r
#else\r
#define v(n,i)  (i)\r
#endif\r
\r
#if DEC_ROUND == NO_TABLES\r
#define ff(x)   (x)\r
#else\r
#define ff(x)   inv_mcol(x)\r
#if defined( dec_imvars )\r
#define d_vars  dec_imvars\r
#endif\r
#endif\r
\r
#if defined(AES_128) || defined( AES_VAR )\r
\r
#define k4e(k,i) \\r
{   k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \\r
    k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \\r
    k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \\r
    k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \\r
}\r
\r
#if 1\r
\r
#define kdf4(k,i) \\r
{   ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \\r
    ss[1] = ss[1] ^ ss[3]; \\r
    ss[2] = ss[2] ^ ss[3]; \\r
    ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \\r
    ss[i % 4] ^= ss[4]; \\r
    ss[4] ^= k[v(40,(4*(i)))];   k[v(40,(4*(i))+4)] = ff(ss[4]); \\r
    ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \\r
    ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \\r
    ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \\r
}\r
\r
#define kd4(k,i) \\r
{   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \\r
    ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \\r
    k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \\r
    k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \\r
    k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \\r
    k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \\r
}\r
\r
#define kdl4(k,i) \\r
{   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \\r
    k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \\r
    k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \\r
    k[v(40,(4*(i))+6)] = ss[0]; \\r
    k[v(40,(4*(i))+7)] = ss[1]; \\r
}\r
\r
#else\r
\r
#define kdf4(k,i) \\r
{   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \\r
    ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \\r
    ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \\r
    ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \\r
}\r
\r
#define kd4(k,i) \\r
{   ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \\r
    ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \\r
    ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \\r
    ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \\r
    ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \\r
}\r
\r
#define kdl4(k,i) \\r
{   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \\r
    ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \\r
    ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \\r
    ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \\r
}\r
\r
#endif\r
\r
AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])\r
{   uint_32t    ss[5];\r
#if defined( d_vars )\r
        d_vars;\r
#endif\r
    cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);\r
    cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);\r
    cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);\r
    cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);\r
\r
#ifdef DEC_KS_UNROLL\r
     kdf4(cx->ks, 0); kd4(cx->ks, 1);\r
     kd4(cx->ks, 2);  kd4(cx->ks, 3);\r
     kd4(cx->ks, 4);  kd4(cx->ks, 5);\r
     kd4(cx->ks, 6);  kd4(cx->ks, 7);\r
     kd4(cx->ks, 8);  kdl4(cx->ks, 9);\r
#else\r
    {   uint_32t i;\r
        for(i = 0; i < 10; ++i)\r
            k4e(cx->ks, i);\r
#if !(DEC_ROUND == NO_TABLES)\r
        for(i = N_COLS; i < 10 * N_COLS; ++i)\r
            cx->ks[i] = inv_mcol(cx->ks[i]);\r
#endif\r
    }\r
#endif\r
    cx->inf.l = 0;\r
    cx->inf.b[0] = 10 * 16;\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
    if(VIA_ACE_AVAILABLE)\r
        cx->inf.b[1] = 0xff;\r
#endif\r
    return EXIT_SUCCESS;\r
}\r
\r
#endif\r
\r
#if defined(AES_192) || defined( AES_VAR )\r
\r
#define k6ef(k,i) \\r
{   k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \\r
    k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \\r
    k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \\r
    k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \\r
}\r
\r
#define k6e(k,i) \\r
{   k6ef(k,i); \\r
    k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \\r
    k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \\r
}\r
\r
#define kdf6(k,i) \\r
{   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \\r
    ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \\r
    ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \\r
    ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \\r
    ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \\r
    ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \\r
}\r
\r
#define kd6(k,i) \\r
{   ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \\r
    ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \\r
    ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \\r
    ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \\r
    ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \\r
    ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \\r
    ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \\r
}\r
\r
#define kdl6(k,i) \\r
{   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \\r
    ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \\r
    ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \\r
    ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \\r
}\r
\r
AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])\r
{   uint_32t    ss[7];\r
#if defined( d_vars )\r
        d_vars;\r
#endif\r
    cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);\r
    cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);\r
    cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);\r
    cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);\r
\r
#ifdef DEC_KS_UNROLL\r
    cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));\r
    cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));\r
    kdf6(cx->ks, 0); kd6(cx->ks, 1);\r
    kd6(cx->ks, 2);  kd6(cx->ks, 3);\r
    kd6(cx->ks, 4);  kd6(cx->ks, 5);\r
    kd6(cx->ks, 6);  kdl6(cx->ks, 7);\r
#else\r
    cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);\r
    cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);\r
    {   uint_32t i;\r
\r
        for(i = 0; i < 7; ++i)\r
            k6e(cx->ks, i);\r
        k6ef(cx->ks, 7);\r
#if !(DEC_ROUND == NO_TABLES)\r
        for(i = N_COLS; i < 12 * N_COLS; ++i)\r
            cx->ks[i] = inv_mcol(cx->ks[i]);\r
#endif\r
    }\r
#endif\r
    cx->inf.l = 0;\r
    cx->inf.b[0] = 12 * 16;\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
    if(VIA_ACE_AVAILABLE)\r
        cx->inf.b[1] = 0xff;\r
#endif\r
    return EXIT_SUCCESS;\r
}\r
\r
#endif\r
\r
#if defined(AES_256) || defined( AES_VAR )\r
\r
#define k8ef(k,i) \\r
{   k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \\r
    k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \\r
    k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \\r
    k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \\r
}\r
\r
#define k8e(k,i) \\r
{   k8ef(k,i); \\r
    k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \\r
    k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \\r
    k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \\r
    k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \\r
}\r
\r
#define kdf8(k,i) \\r
{   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \\r
    ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \\r
    ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \\r
    ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \\r
    ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \\r
    ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \\r
    ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \\r
    ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \\r
}\r
\r
#define kd8(k,i) \\r
{   ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \\r
    ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \\r
    ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \\r
    ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \\r
    ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \\r
    ss[8] = ls_box(ss[3],0); \\r
    ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \\r
    ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \\r
    ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \\r
    ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \\r
}\r
\r
#define kdl8(k,i) \\r
{   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \\r
    ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \\r
    ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \\r
    ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \\r
}\r
\r
AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])\r
{   uint_32t    ss[9];\r
#if defined( d_vars )\r
        d_vars;\r
#endif\r
    cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);\r
    cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);\r
    cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);\r
    cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);\r
\r
#ifdef DEC_KS_UNROLL\r
    cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));\r
    cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));\r
    cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));\r
    cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));\r
    kdf8(cx->ks, 0); kd8(cx->ks, 1);\r
    kd8(cx->ks, 2);  kd8(cx->ks, 3);\r
    kd8(cx->ks, 4);  kd8(cx->ks, 5);\r
    kdl8(cx->ks, 6);\r
#else\r
    cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);\r
    cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);\r
    cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);\r
    cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);\r
    {   uint_32t i;\r
\r
        for(i = 0; i < 6; ++i)\r
            k8e(cx->ks,  i);\r
        k8ef(cx->ks,  6);\r
#if !(DEC_ROUND == NO_TABLES)\r
        for(i = N_COLS; i < 14 * N_COLS; ++i)\r
            cx->ks[i] = inv_mcol(cx->ks[i]);\r
#endif\r
    }\r
#endif\r
    cx->inf.l = 0;\r
    cx->inf.b[0] = 14 * 16;\r
\r
#ifdef USE_VIA_ACE_IF_PRESENT\r
    if(VIA_ACE_AVAILABLE)\r
        cx->inf.b[1] = 0xff;\r
#endif\r
    return EXIT_SUCCESS;\r
}\r
\r
#endif\r
\r
#if defined( AES_VAR )\r
\r
AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])\r
{\r
    switch(key_len)\r
    {\r
    case 16: case 128: return aes_decrypt_key128(key, cx);\r
    case 24: case 192: return aes_decrypt_key192(key, cx);\r
    case 32: case 256: return aes_decrypt_key256(key, cx);\r
    default: return EXIT_FAILURE;\r
    }\r
}\r
\r
#endif\r
\r
#endif\r
\r
#if defined(__cplusplus)\r
}\r
#endif\r