2
// Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
3
// All rights reserved.
7
// Redistribution and use in source and binary forms, with or without
8
// modification, are permitted subject to the following conditions:
10
// 1. Redistributions of source code must retain the above copyright
11
// notice, this list of conditions and the following disclaimer.
13
// 2. Redistributions in binary form must reproduce the above copyright
14
// notice, this list of conditions and the following disclaimer in the
15
// documentation and/or other materials provided with the distribution.
17
// 3. The copyright holder's name must not be used to endorse or promote
18
// any products derived from this software without his specific prior
19
// written permission.
21
// This software is provided 'as is' with no express or implied warranties
22
// of correctness or fitness for purpose.
24
// Modified by Jari Ruusu, December 24 2001
25
// - Converted syntax to GNU CPP/assembler syntax
26
// - C programming interface converted back to "old" API
27
// - Minor portability cleanups and speed optimizations
29
// An AES (Rijndael) implementation for the Pentium. This version only
30
// implements the standard AES block length (128 bits, 16 bytes). This code
31
// does not preserve the eax, ecx or edx registers or the artihmetic status
32
// flags. However, the ebx, esi, edi, and ebp registers are preserved across
35
// void aes_set_key(aes_context *cx, const unsigned char key[], const int key_len, const int f)
36
// void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
37
// void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
39
#if defined(USE_UNDERLINE)
40
# define aes_set_key _aes_set_key
41
# define aes_encrypt _aes_encrypt
42
# define aes_decrypt _aes_decrypt
44
#if !defined(ALIGN32BYTES)
45
# define ALIGN32BYTES 32
53
#define tlen 1024 // length of each of 4 'xor' arrays (256 32-bit words)
55
// offsets to parameters with one register pushed onto stack
57
#define ctx 8 // AES context structure
58
#define in_blk 12 // input byte array address parameter
59
#define out_blk 16 // output byte array address parameter
61
// offsets in context structure
63
#define nkey 0 // key length, size 4
64
#define nrnd 4 // number of rounds, size 4
65
#define ekey 8 // encryption key schedule base address, size 256
66
#define dkey 264 // decryption key schedule base address, size 256
68
// This macro performs a forward encryption cycle. It is entered with
69
// the first previous round column values in %eax, %ebx, %esi and %edi and
70
// exits with the final values in the same registers.
72
#define fwd_rnd(p1,p2) \
78
mov p2+12(%ebp),%edi ;\
79
xor p1(,%edx,4),%eax ;\
82
mov p2+4(%ebp),%ebx ;\
83
xor p1+tlen(,%edx,4),%edi ;\
86
xor p1+3*tlen(,%ecx,4),%ebx ;\
88
mov p1+2*tlen(,%edx,4),%esi ;\
90
xor p1(,%edx,4),%esi ;\
93
xor p1+tlen(,%edx,4),%ebx ;\
96
xor p1+2*tlen(,%edx,4),%eax ;\
98
xor p1+3*tlen(,%ecx,4),%edi ;\
100
xor p2+8(%ebp),%esi ;\
101
xor p1(,%ecx,4),%ebx ;\
104
xor p1+tlen(,%ecx,4),%eax ;\
107
xor p1+2*tlen(,%ecx,4),%edi ;\
109
xor p1+3*tlen(,%edx,4),%esi ;\
111
xor p1(,%edx,4),%edi ;\
114
xor p1+tlen(,%edx,4),%esi ;\
117
xor p1+2*tlen(,%edx,4),%ebx ;\
118
xor p1+3*tlen(,%ecx,4),%eax
120
// This macro performs an inverse encryption cycle. It is entered with
121
// the first previous round column values in %eax, %ebx, %esi and %edi and
122
// exits with the final values in the same registers.
124
#define inv_rnd(p1,p2) \
130
mov p2+4(%ebp),%ebx ;\
131
xor p1(,%edx,4),%eax ;\
134
mov p2+12(%ebp),%edi ;\
135
xor p1+tlen(,%edx,4),%ebx ;\
138
xor p1+3*tlen(,%ecx,4),%edi ;\
140
mov p1+2*tlen(,%edx,4),%esi ;\
142
xor p1(,%edx,4),%esi ;\
145
xor p1+tlen(,%edx,4),%edi ;\
148
xor p1+2*tlen(,%edx,4),%eax ;\
150
xor p1+3*tlen(,%ecx,4),%ebx ;\
152
xor p2+8(%ebp),%esi ;\
153
xor p1(,%ecx,4),%ebx ;\
156
xor p1+tlen(,%ecx,4),%esi ;\
159
xor p1+2*tlen(,%ecx,4),%edi ;\
161
xor p1+3*tlen(,%edx,4),%eax ;\
163
xor p1(,%edx,4),%edi ;\
166
xor p1+tlen(,%edx,4),%eax ;\
169
xor p1+2*tlen(,%edx,4),%ebx ;\
170
xor p1+3*tlen(,%ecx,4),%esi
172
// AES (Rijndael) Encryption Subroutine
178
mov ctx(%esp),%ebp // pointer to context
179
mov in_blk(%esp),%ecx
183
mov nrnd(%ebp),%edx // number of rounds
184
lea ekey+16(%ebp),%ebp // key pointer
186
// input four columns and xor in first round key
197
sub $8,%esp // space for register saves on stack
206
fwd_rnd(aes_ft_tab,-64) // 14 rounds for 256-bit key
207
fwd_rnd(aes_ft_tab,-48)
208
aes_13: fwd_rnd(aes_ft_tab,-32) // 12 rounds for 192-bit key
209
fwd_rnd(aes_ft_tab,-16)
210
aes_15: fwd_rnd(aes_ft_tab,0) // 10 rounds for 128-bit key
211
fwd_rnd(aes_ft_tab,16)
212
fwd_rnd(aes_ft_tab,32)
213
fwd_rnd(aes_ft_tab,48)
214
fwd_rnd(aes_ft_tab,64)
215
fwd_rnd(aes_ft_tab,80)
216
fwd_rnd(aes_ft_tab,96)
217
fwd_rnd(aes_ft_tab,112)
218
fwd_rnd(aes_ft_tab,128)
219
fwd_rnd(aes_fl_tab,144) // last round uses a different table
221
// move final values to the output array.
223
mov out_blk+20(%esp),%ebp
236
// AES (Rijndael) Decryption Subroutine
241
mov ctx(%esp),%ebp // pointer to context
242
mov in_blk(%esp),%ecx
246
mov nrnd(%ebp),%edx // number of rounds
247
lea dkey+16(%ebp),%ebp // key pointer
249
// input four columns and xor in first round key
260
sub $8,%esp // space for register saves on stack
269
inv_rnd(aes_it_tab,-64) // 14 rounds for 256-bit key
270
inv_rnd(aes_it_tab,-48)
271
aes_23: inv_rnd(aes_it_tab,-32) // 12 rounds for 192-bit key
272
inv_rnd(aes_it_tab,-16)
273
aes_25: inv_rnd(aes_it_tab,0) // 10 rounds for 128-bit key
274
inv_rnd(aes_it_tab,16)
275
inv_rnd(aes_it_tab,32)
276
inv_rnd(aes_it_tab,48)
277
inv_rnd(aes_it_tab,64)
278
inv_rnd(aes_it_tab,80)
279
inv_rnd(aes_it_tab,96)
280
inv_rnd(aes_it_tab,112)
281
inv_rnd(aes_it_tab,128)
282
inv_rnd(aes_il_tab,144) // last round uses a different table
284
// move final values to the output array.
286
mov out_blk+20(%esp),%ebp
298
// AES (Rijndael) Key Schedule Subroutine
300
// input/output parameters
302
#define aes_cx 12 // AES context
303
#define in_key 16 // key input array address
304
#define key_ln 20 // key length, bytes (16,24,32) or bits (128,192,256)
305
#define ed_flg 24 // 0=create both encr/decr keys, 1=create encr key only
307
// offsets for locals
313
// This macro performs a column mixing operation on an input 32-bit
314
// word to give a 32-bit result. It uses each of the 4 bytes in the
315
// the input column to index 4 different tables of 256 32-bit words
316
// that are xored together to form the output value.
318
#define mix_col(p1) \
320
mov p1(,%ecx,4),%eax ;\
323
xor p1+tlen(,%ecx,4),%eax ;\
325
xor p1+2*tlen(,%ecx,4),%eax ;\
327
xor p1+3*tlen(,%ecx,4),%eax
329
// Key Schedule Macros
333
mix_col(aes_fl_tab) ;\
335
xor 4*p1+aes_rcon_tab,%eax ;\
338
mov %esi,16*p1(%edi) ;\
339
mov %ebp,16*p1+4(%edi) ;\
342
mov %edx,16*p1+8(%edi) ;\
343
mov %ebx,16*p1+12(%edi)
347
mix_col(aes_fl_tab) ;\
349
xor 4*p1+aes_rcon_tab,%eax ;\
350
xor 24*p1-24(%edi),%eax ;\
351
mov %eax,24*p1(%edi) ;\
352
xor 24*p1-20(%edi),%eax ;\
353
mov %eax,24*p1+4(%edi) ;\
356
mov %esi,24*p1+8(%edi) ;\
357
mov %ebp,24*p1+12(%edi) ;\
360
mov %edx,24*p1+16(%edi) ;\
361
mov %ebx,24*p1+20(%edi)
365
mix_col(aes_fl_tab) ;\
367
xor 4*p1+aes_rcon_tab,%eax ;\
368
xor 32*p1-32(%edi),%eax ;\
369
mov %eax,32*p1(%edi) ;\
370
xor 32*p1-28(%edi),%eax ;\
371
mov %eax,32*p1+4(%edi) ;\
372
xor 32*p1-24(%edi),%eax ;\
373
mov %eax,32*p1+8(%edi) ;\
374
xor 32*p1-20(%edi),%eax ;\
375
mov %eax,32*p1+12(%edi) ;\
378
mix_col(aes_fl_tab) ;\
382
mov %esi,32*p1+16(%edi) ;\
383
mov %ebp,32*p1+20(%edi) ;\
386
mov %edx,32*p1+24(%edi) ;\
387
mov %ebx,32*p1+28(%edi)
399
mov aes_cx(%ebp),%edx // edx -> AES context
401
mov key_ln(%ebp),%ecx // key length
405
aes_30: cmpl $32,%ecx
413
lea 6(%ecx),%eax // 10/12/14 for 4/6/8 32-bit key length
416
mov in_key(%ebp),%esi // key input array
417
lea ekey(%edx),%edi // key position in AES context
420
mov %ecx,%eax // save key length in eax
421
rep ; movsl // words in the key schedule
422
mov -4(%esi),%ebx // put some values in registers
423
mov -8(%esi),%edx // to allow faster code
427
cmpl $4,%eax // jump on key size
460
mov aes_cx(%ebp),%edx // edx -> AES context
464
// compile decryption key schedule from encryption schedule - reverse
465
// order and do mix_column operation on round keys except first and last
467
mov nrnd(%edx),%eax // kt = cx->d_key + nc * cx->Nrnd
469
lea dkey(%edx,%eax,4),%edi
470
lea ekey(%edx),%esi // kf = cx->e_key
472
movsl // copy first round key (unmodified)
478
aes_38: // do mix column on each column of
479
lodsl // each round key
502
movsl // copy last round key (unmodified)
515
// finite field multiplies by {02}, {04} and {08}
517
#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b))
518
#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b))
519
#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b))
521
// finite field multiplies required in table generation
523
#define f3(x) (f2(x) ^ x)
524
#define f9(x) (f8(x) ^ x)
525
#define fb(x) (f8(x) ^ f2(x) ^ x)
526
#define fd(x) (f8(x) ^ f4(x) ^ x)
527
#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
529
// These defines generate the forward table entries
531
#define u0(x) ((f3(x) << 24) | (x << 16) | (x << 8) | f2(x))
532
#define u1(x) ((x << 24) | (x << 16) | (f2(x) << 8) | f3(x))
533
#define u2(x) ((x << 24) | (f2(x) << 16) | (f3(x) << 8) | x)
534
#define u3(x) ((f2(x) << 24) | (f3(x) << 16) | (x << 8) | x)
536
// These defines generate the inverse table entries
538
#define v0(x) ((fb(x) << 24) | (fd(x) << 16) | (f9(x) << 8) | fe(x))
539
#define v1(x) ((fd(x) << 24) | (f9(x) << 16) | (fe(x) << 8) | fb(x))
540
#define v2(x) ((f9(x) << 24) | (fe(x) << 16) | (fb(x) << 8) | fd(x))
541
#define v3(x) ((fe(x) << 24) | (fb(x) << 16) | (fd(x) << 8) | f9(x))
543
// These defines generate entries for the last round tables
546
#define w1(x) (x << 8)
547
#define w2(x) (x << 16)
548
#define w3(x) (x << 24)
550
// macro to generate inverse mix column tables (needed for the key schedule)
552
#define im_data0(p1) \
553
.long p1(0x00),p1(0x01),p1(0x02),p1(0x03),p1(0x04),p1(0x05),p1(0x06),p1(0x07) ;\
554
.long p1(0x08),p1(0x09),p1(0x0a),p1(0x0b),p1(0x0c),p1(0x0d),p1(0x0e),p1(0x0f) ;\
555
.long p1(0x10),p1(0x11),p1(0x12),p1(0x13),p1(0x14),p1(0x15),p1(0x16),p1(0x17) ;\
556
.long p1(0x18),p1(0x19),p1(0x1a),p1(0x1b),p1(0x1c),p1(0x1d),p1(0x1e),p1(0x1f)
557
#define im_data1(p1) \
558
.long p1(0x20),p1(0x21),p1(0x22),p1(0x23),p1(0x24),p1(0x25),p1(0x26),p1(0x27) ;\
559
.long p1(0x28),p1(0x29),p1(0x2a),p1(0x2b),p1(0x2c),p1(0x2d),p1(0x2e),p1(0x2f) ;\
560
.long p1(0x30),p1(0x31),p1(0x32),p1(0x33),p1(0x34),p1(0x35),p1(0x36),p1(0x37) ;\
561
.long p1(0x38),p1(0x39),p1(0x3a),p1(0x3b),p1(0x3c),p1(0x3d),p1(0x3e),p1(0x3f)
562
#define im_data2(p1) \
563
.long p1(0x40),p1(0x41),p1(0x42),p1(0x43),p1(0x44),p1(0x45),p1(0x46),p1(0x47) ;\
564
.long p1(0x48),p1(0x49),p1(0x4a),p1(0x4b),p1(0x4c),p1(0x4d),p1(0x4e),p1(0x4f) ;\
565
.long p1(0x50),p1(0x51),p1(0x52),p1(0x53),p1(0x54),p1(0x55),p1(0x56),p1(0x57) ;\
566
.long p1(0x58),p1(0x59),p1(0x5a),p1(0x5b),p1(0x5c),p1(0x5d),p1(0x5e),p1(0x5f)
567
#define im_data3(p1) \
568
.long p1(0x60),p1(0x61),p1(0x62),p1(0x63),p1(0x64),p1(0x65),p1(0x66),p1(0x67) ;\
569
.long p1(0x68),p1(0x69),p1(0x6a),p1(0x6b),p1(0x6c),p1(0x6d),p1(0x6e),p1(0x6f) ;\
570
.long p1(0x70),p1(0x71),p1(0x72),p1(0x73),p1(0x74),p1(0x75),p1(0x76),p1(0x77) ;\
571
.long p1(0x78),p1(0x79),p1(0x7a),p1(0x7b),p1(0x7c),p1(0x7d),p1(0x7e),p1(0x7f)
572
#define im_data4(p1) \
573
.long p1(0x80),p1(0x81),p1(0x82),p1(0x83),p1(0x84),p1(0x85),p1(0x86),p1(0x87) ;\
574
.long p1(0x88),p1(0x89),p1(0x8a),p1(0x8b),p1(0x8c),p1(0x8d),p1(0x8e),p1(0x8f) ;\
575
.long p1(0x90),p1(0x91),p1(0x92),p1(0x93),p1(0x94),p1(0x95),p1(0x96),p1(0x97) ;\
576
.long p1(0x98),p1(0x99),p1(0x9a),p1(0x9b),p1(0x9c),p1(0x9d),p1(0x9e),p1(0x9f)
577
#define im_data5(p1) \
578
.long p1(0xa0),p1(0xa1),p1(0xa2),p1(0xa3),p1(0xa4),p1(0xa5),p1(0xa6),p1(0xa7) ;\
579
.long p1(0xa8),p1(0xa9),p1(0xaa),p1(0xab),p1(0xac),p1(0xad),p1(0xae),p1(0xaf) ;\
580
.long p1(0xb0),p1(0xb1),p1(0xb2),p1(0xb3),p1(0xb4),p1(0xb5),p1(0xb6),p1(0xb7) ;\
581
.long p1(0xb8),p1(0xb9),p1(0xba),p1(0xbb),p1(0xbc),p1(0xbd),p1(0xbe),p1(0xbf)
582
#define im_data6(p1) \
583
.long p1(0xc0),p1(0xc1),p1(0xc2),p1(0xc3),p1(0xc4),p1(0xc5),p1(0xc6),p1(0xc7) ;\
584
.long p1(0xc8),p1(0xc9),p1(0xca),p1(0xcb),p1(0xcc),p1(0xcd),p1(0xce),p1(0xcf) ;\
585
.long p1(0xd0),p1(0xd1),p1(0xd2),p1(0xd3),p1(0xd4),p1(0xd5),p1(0xd6),p1(0xd7) ;\
586
.long p1(0xd8),p1(0xd9),p1(0xda),p1(0xdb),p1(0xdc),p1(0xdd),p1(0xde),p1(0xdf)
587
#define im_data7(p1) \
588
.long p1(0xe0),p1(0xe1),p1(0xe2),p1(0xe3),p1(0xe4),p1(0xe5),p1(0xe6),p1(0xe7) ;\
589
.long p1(0xe8),p1(0xe9),p1(0xea),p1(0xeb),p1(0xec),p1(0xed),p1(0xee),p1(0xef) ;\
590
.long p1(0xf0),p1(0xf1),p1(0xf2),p1(0xf3),p1(0xf4),p1(0xf5),p1(0xf6),p1(0xf7) ;\
591
.long p1(0xf8),p1(0xf9),p1(0xfa),p1(0xfb),p1(0xfc),p1(0xfd),p1(0xfe),p1(0xff)
593
// S-box data - 256 entries
595
#define sb_data0(p1) \
596
.long p1(0x63),p1(0x7c),p1(0x77),p1(0x7b),p1(0xf2),p1(0x6b),p1(0x6f),p1(0xc5) ;\
597
.long p1(0x30),p1(0x01),p1(0x67),p1(0x2b),p1(0xfe),p1(0xd7),p1(0xab),p1(0x76) ;\
598
.long p1(0xca),p1(0x82),p1(0xc9),p1(0x7d),p1(0xfa),p1(0x59),p1(0x47),p1(0xf0) ;\
599
.long p1(0xad),p1(0xd4),p1(0xa2),p1(0xaf),p1(0x9c),p1(0xa4),p1(0x72),p1(0xc0)
600
#define sb_data1(p1) \
601
.long p1(0xb7),p1(0xfd),p1(0x93),p1(0x26),p1(0x36),p1(0x3f),p1(0xf7),p1(0xcc) ;\
602
.long p1(0x34),p1(0xa5),p1(0xe5),p1(0xf1),p1(0x71),p1(0xd8),p1(0x31),p1(0x15) ;\
603
.long p1(0x04),p1(0xc7),p1(0x23),p1(0xc3),p1(0x18),p1(0x96),p1(0x05),p1(0x9a) ;\
604
.long p1(0x07),p1(0x12),p1(0x80),p1(0xe2),p1(0xeb),p1(0x27),p1(0xb2),p1(0x75)
605
#define sb_data2(p1) \
606
.long p1(0x09),p1(0x83),p1(0x2c),p1(0x1a),p1(0x1b),p1(0x6e),p1(0x5a),p1(0xa0) ;\
607
.long p1(0x52),p1(0x3b),p1(0xd6),p1(0xb3),p1(0x29),p1(0xe3),p1(0x2f),p1(0x84) ;\
608
.long p1(0x53),p1(0xd1),p1(0x00),p1(0xed),p1(0x20),p1(0xfc),p1(0xb1),p1(0x5b) ;\
609
.long p1(0x6a),p1(0xcb),p1(0xbe),p1(0x39),p1(0x4a),p1(0x4c),p1(0x58),p1(0xcf)
610
#define sb_data3(p1) \
611
.long p1(0xd0),p1(0xef),p1(0xaa),p1(0xfb),p1(0x43),p1(0x4d),p1(0x33),p1(0x85) ;\
612
.long p1(0x45),p1(0xf9),p1(0x02),p1(0x7f),p1(0x50),p1(0x3c),p1(0x9f),p1(0xa8) ;\
613
.long p1(0x51),p1(0xa3),p1(0x40),p1(0x8f),p1(0x92),p1(0x9d),p1(0x38),p1(0xf5) ;\
614
.long p1(0xbc),p1(0xb6),p1(0xda),p1(0x21),p1(0x10),p1(0xff),p1(0xf3),p1(0xd2)
615
#define sb_data4(p1) \
616
.long p1(0xcd),p1(0x0c),p1(0x13),p1(0xec),p1(0x5f),p1(0x97),p1(0x44),p1(0x17) ;\
617
.long p1(0xc4),p1(0xa7),p1(0x7e),p1(0x3d),p1(0x64),p1(0x5d),p1(0x19),p1(0x73) ;\
618
.long p1(0x60),p1(0x81),p1(0x4f),p1(0xdc),p1(0x22),p1(0x2a),p1(0x90),p1(0x88) ;\
619
.long p1(0x46),p1(0xee),p1(0xb8),p1(0x14),p1(0xde),p1(0x5e),p1(0x0b),p1(0xdb)
620
#define sb_data5(p1) \
621
.long p1(0xe0),p1(0x32),p1(0x3a),p1(0x0a),p1(0x49),p1(0x06),p1(0x24),p1(0x5c) ;\
622
.long p1(0xc2),p1(0xd3),p1(0xac),p1(0x62),p1(0x91),p1(0x95),p1(0xe4),p1(0x79) ;\
623
.long p1(0xe7),p1(0xc8),p1(0x37),p1(0x6d),p1(0x8d),p1(0xd5),p1(0x4e),p1(0xa9) ;\
624
.long p1(0x6c),p1(0x56),p1(0xf4),p1(0xea),p1(0x65),p1(0x7a),p1(0xae),p1(0x08)
625
#define sb_data6(p1) \
626
.long p1(0xba),p1(0x78),p1(0x25),p1(0x2e),p1(0x1c),p1(0xa6),p1(0xb4),p1(0xc6) ;\
627
.long p1(0xe8),p1(0xdd),p1(0x74),p1(0x1f),p1(0x4b),p1(0xbd),p1(0x8b),p1(0x8a) ;\
628
.long p1(0x70),p1(0x3e),p1(0xb5),p1(0x66),p1(0x48),p1(0x03),p1(0xf6),p1(0x0e) ;\
629
.long p1(0x61),p1(0x35),p1(0x57),p1(0xb9),p1(0x86),p1(0xc1),p1(0x1d),p1(0x9e)
630
#define sb_data7(p1) \
631
.long p1(0xe1),p1(0xf8),p1(0x98),p1(0x11),p1(0x69),p1(0xd9),p1(0x8e),p1(0x94) ;\
632
.long p1(0x9b),p1(0x1e),p1(0x87),p1(0xe9),p1(0xce),p1(0x55),p1(0x28),p1(0xdf) ;\
633
.long p1(0x8c),p1(0xa1),p1(0x89),p1(0x0d),p1(0xbf),p1(0xe6),p1(0x42),p1(0x68) ;\
634
.long p1(0x41),p1(0x99),p1(0x2d),p1(0x0f),p1(0xb0),p1(0x54),p1(0xbb),p1(0x16)
636
// Inverse S-box data - 256 entries
638
#define ib_data0(p1) \
639
.long p1(0x52),p1(0x09),p1(0x6a),p1(0xd5),p1(0x30),p1(0x36),p1(0xa5),p1(0x38) ;\
640
.long p1(0xbf),p1(0x40),p1(0xa3),p1(0x9e),p1(0x81),p1(0xf3),p1(0xd7),p1(0xfb) ;\
641
.long p1(0x7c),p1(0xe3),p1(0x39),p1(0x82),p1(0x9b),p1(0x2f),p1(0xff),p1(0x87) ;\
642
.long p1(0x34),p1(0x8e),p1(0x43),p1(0x44),p1(0xc4),p1(0xde),p1(0xe9),p1(0xcb)
643
#define ib_data1(p1) \
644
.long p1(0x54),p1(0x7b),p1(0x94),p1(0x32),p1(0xa6),p1(0xc2),p1(0x23),p1(0x3d) ;\
645
.long p1(0xee),p1(0x4c),p1(0x95),p1(0x0b),p1(0x42),p1(0xfa),p1(0xc3),p1(0x4e) ;\
646
.long p1(0x08),p1(0x2e),p1(0xa1),p1(0x66),p1(0x28),p1(0xd9),p1(0x24),p1(0xb2) ;\
647
.long p1(0x76),p1(0x5b),p1(0xa2),p1(0x49),p1(0x6d),p1(0x8b),p1(0xd1),p1(0x25)
648
#define ib_data2(p1) \
649
.long p1(0x72),p1(0xf8),p1(0xf6),p1(0x64),p1(0x86),p1(0x68),p1(0x98),p1(0x16) ;\
650
.long p1(0xd4),p1(0xa4),p1(0x5c),p1(0xcc),p1(0x5d),p1(0x65),p1(0xb6),p1(0x92) ;\
651
.long p1(0x6c),p1(0x70),p1(0x48),p1(0x50),p1(0xfd),p1(0xed),p1(0xb9),p1(0xda) ;\
652
.long p1(0x5e),p1(0x15),p1(0x46),p1(0x57),p1(0xa7),p1(0x8d),p1(0x9d),p1(0x84)
653
#define ib_data3(p1) \
654
.long p1(0x90),p1(0xd8),p1(0xab),p1(0x00),p1(0x8c),p1(0xbc),p1(0xd3),p1(0x0a) ;\
655
.long p1(0xf7),p1(0xe4),p1(0x58),p1(0x05),p1(0xb8),p1(0xb3),p1(0x45),p1(0x06) ;\
656
.long p1(0xd0),p1(0x2c),p1(0x1e),p1(0x8f),p1(0xca),p1(0x3f),p1(0x0f),p1(0x02) ;\
657
.long p1(0xc1),p1(0xaf),p1(0xbd),p1(0x03),p1(0x01),p1(0x13),p1(0x8a),p1(0x6b)
658
#define ib_data4(p1) \
659
.long p1(0x3a),p1(0x91),p1(0x11),p1(0x41),p1(0x4f),p1(0x67),p1(0xdc),p1(0xea) ;\
660
.long p1(0x97),p1(0xf2),p1(0xcf),p1(0xce),p1(0xf0),p1(0xb4),p1(0xe6),p1(0x73) ;\
661
.long p1(0x96),p1(0xac),p1(0x74),p1(0x22),p1(0xe7),p1(0xad),p1(0x35),p1(0x85) ;\
662
.long p1(0xe2),p1(0xf9),p1(0x37),p1(0xe8),p1(0x1c),p1(0x75),p1(0xdf),p1(0x6e)
663
#define ib_data5(p1) \
664
.long p1(0x47),p1(0xf1),p1(0x1a),p1(0x71),p1(0x1d),p1(0x29),p1(0xc5),p1(0x89) ;\
665
.long p1(0x6f),p1(0xb7),p1(0x62),p1(0x0e),p1(0xaa),p1(0x18),p1(0xbe),p1(0x1b) ;\
666
.long p1(0xfc),p1(0x56),p1(0x3e),p1(0x4b),p1(0xc6),p1(0xd2),p1(0x79),p1(0x20) ;\
667
.long p1(0x9a),p1(0xdb),p1(0xc0),p1(0xfe),p1(0x78),p1(0xcd),p1(0x5a),p1(0xf4)
668
#define ib_data6(p1) \
669
.long p1(0x1f),p1(0xdd),p1(0xa8),p1(0x33),p1(0x88),p1(0x07),p1(0xc7),p1(0x31) ;\
670
.long p1(0xb1),p1(0x12),p1(0x10),p1(0x59),p1(0x27),p1(0x80),p1(0xec),p1(0x5f) ;\
671
.long p1(0x60),p1(0x51),p1(0x7f),p1(0xa9),p1(0x19),p1(0xb5),p1(0x4a),p1(0x0d) ;\
672
.long p1(0x2d),p1(0xe5),p1(0x7a),p1(0x9f),p1(0x93),p1(0xc9),p1(0x9c),p1(0xef)
673
#define ib_data7(p1) \
674
.long p1(0xa0),p1(0xe0),p1(0x3b),p1(0x4d),p1(0xae),p1(0x2a),p1(0xf5),p1(0xb0) ;\
675
.long p1(0xc8),p1(0xeb),p1(0xbb),p1(0x3c),p1(0x83),p1(0x53),p1(0x99),p1(0x61) ;\
676
.long p1(0x17),p1(0x2b),p1(0x04),p1(0x7e),p1(0xba),p1(0x77),p1(0xd6),p1(0x26) ;\
677
.long p1(0xe1),p1(0x69),p1(0x14),p1(0x63),p1(0x55),p1(0x21),p1(0x0c),p1(0x7d)
679
// The rcon_table (needed for the key schedule)
681
// Here is original Dr Brian Gladman's source code:
689
// Here is precomputed output (it's more portable this way):
693
.long 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
694
.long 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f
695
.long 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4
696
.long 0xb3,0x7d,0xfa,0xef,0xc5
698
// The forward xor tables
776
// The inverse xor tables
854
// The inverse mix column tables