Linux/crypto/twofish

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 // SPDX-License-Identifier: GPL-2.0-or-later << 2 /* 1 /* 3 * Common Twofish algorithm parts shared betwe 2 * Common Twofish algorithm parts shared between the c and assembler 4 * implementations 3 * implementations 5 * 4 * 6 * Originally Twofish for GPG 5 * Originally Twofish for GPG 7 * By Matthew Skala <mskala@ansuz.sooke.bc.ca> 6 * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998 8 * 256-bit key length added March 20, 1999 7 * 256-bit key length added March 20, 1999 9 * Some modifications to reduce the text size 8 * Some modifications to reduce the text size by Werner Koch, April, 1998 10 * Ported to the kerneli patch by Marc Mutz <M 9 * Ported to the kerneli patch by Marc Mutz <Marc@Mutz.com> 11 * Ported to CryptoAPI by Colin Slater <hoho@t 10 * Ported to CryptoAPI by Colin Slater <hoho@tacomeat.net> 12 * 11 * 13 * The original author has disclaimed all copy 12 * The original author has disclaimed all copyright interest in this 14 * code and thus put it in the public domain. 13 * code and thus put it in the public domain. The subsequent authors 15 * have put this under the GNU General Public 14 * have put this under the GNU General Public License. 16 * 15 * >> 16 * This program is free software; you can redistribute it and/or modify >> 17 * it under the terms of the GNU General Public License as published by >> 18 * the Free Software Foundation; either version 2 of the License, or >> 19 * (at your option) any later version. >> 20 * >> 21 * This program is distributed in the hope that it will be useful, >> 22 * but WITHOUT ANY WARRANTY; without even the implied warranty of >> 23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> 24 * GNU General Public License for more details. >> 25 * >> 26 * You should have received a copy of the GNU General Public License >> 27 * along with this program; if not, write to the Free Software >> 28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >> 29 * USA >> 30 * 17 * This code is a "clean room" implementation, 31 * This code is a "clean room" implementation, written from the paper 18 * _Twofish: A 128-Bit Block Cipher_ by Bruce 32 * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, 19 * Doug Whiting, David Wagner, Chris Hall, and 33 * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available 20 * through http://www.counterpane.com/twofish. 34 * through http://www.counterpane.com/twofish.html 21 * 35 * 22 * For background information on multiplicatio 36 * For background information on multiplication in finite fields, used for 23 * the matrix operations in the key schedule, 37 * the matrix operations in the key schedule, see the book _Contemporary 24 * Abstract Algebra_ by Joseph A. Gallian, esp 38 * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the 25 * Third Edition. 39 * Third Edition. 26 */ 40 */ 27 41 28 #include <crypto/algapi.h> << 29 #include <crypto/twofish.h> 42 #include <crypto/twofish.h> 30 #include <linux/bitops.h> 43 #include <linux/bitops.h> >> 44 #include <linux/crypto.h> 31 #include <linux/errno.h> 45 #include <linux/errno.h> 32 #include <linux/init.h> 46 #include <linux/init.h> 33 #include <linux/kernel.h> 47 #include <linux/kernel.h> 34 #include <linux/module.h> 48 #include <linux/module.h> 35 #include <linux/types.h> 49 #include <linux/types.h> 36 50 37 51 38 /* The large precomputed tables for the Twofis 52 /* The large precomputed tables for the Twofish cipher (twofish.c) 39 * Taken from the same source as twofish.c 53 * Taken from the same source as twofish.c 40 * Marc Mutz <Marc@Mutz.com> 54 * Marc Mutz <Marc@Mutz.com> 41 */ 55 */ 42 56 43 /* These two tables are the q0 and q1 permutat 57 /* These two tables are the q0 and q1 permutations, exactly as described in 44 * the Twofish paper. */ 58 * the Twofish paper. */ 45 59 46 static const u8 q0[256] = { 60 static const u8 q0[256] = { 47 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0x 61 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, 48 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x 62 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, 49 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x 63 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, 50 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x 64 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, 51 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x 65 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, 52 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x 66 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, 53 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0x 67 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, 54 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x 68 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, 55 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0x 69 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, 56 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x 70 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, 57 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x 71 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, 58 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0x 72 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, 59 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0x 73 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, 60 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x 74 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, 61 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x 75 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, 62 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0x 76 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, 63 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x 77 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, 64 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x 78 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, 65 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x 79 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, 66 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x 80 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, 67 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x 81 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, 68 0x4A, 0x5E, 0xC1, 0xE0 82 0x4A, 0x5E, 0xC1, 0xE0 69 }; 83 }; 70 84 71 static const u8 q1[256] = { 85 static const u8 q1[256] = { 72 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0x 86 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, 73 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0x 87 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, 74 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x 88 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, 75 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0x 89 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, 76 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x 90 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, 77 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0x 91 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, 78 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x 92 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, 79 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x 93 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, 80 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0x 94 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, 81 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0x 95 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, 82 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x 96 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, 83 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0x 97 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, 84 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x 98 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, 85 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x 99 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, 86 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0x 100 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, 87 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x 101 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, 88 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x 102 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, 89 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0x 103 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, 90 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0x 104 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, 91 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x 105 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, 92 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0x 106 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, 93 0x55, 0x09, 0xBE, 0x91 107 0x55, 0x09, 0xBE, 0x91 94 }; 108 }; 95 109 96 /* These MDS tables are actually tables of MDS 110 /* These MDS tables are actually tables of MDS composed with q0 and q1, 97 * because it is only ever used that way and w 111 * because it is only ever used that way and we can save some time by 98 * precomputing. Of course the main saving co 112 * precomputing. Of course the main saving comes from precomputing the 99 * GF(2^8) multiplication involved in the MDS 113 * GF(2^8) multiplication involved in the MDS matrix multiply; by looking 100 * things up in these tables we reduce the mat 114 * things up in these tables we reduce the matrix multiply to four lookups 101 * and three XORs. Semi-formally, the definit 115 * and three XORs. Semi-formally, the definition of these tables is: 102 * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] 116 * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T 103 * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] 117 * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T 104 * where ^T means "transpose", the matrix mult 118 * where ^T means "transpose", the matrix multiply is performed in GF(2^8) 105 * represented as GF(2)[x]/v(x) where v(x)=x^8 119 * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described 106 * by Schneier et al, and I'm casually glossin 120 * by Schneier et al, and I'm casually glossing over the byte/word 107 * conversion issues. */ 121 * conversion issues. */ 108 122 109 static const u32 mds[4][256] = { 123 static const u32 mds[4][256] = { 110 { 124 { 111 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0x 125 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, 112 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0x 126 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, 113 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x 127 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, 114 0x8282EED8, 0x525298FD, 0x7B7BD437, 0x 128 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, 115 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x 129 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, 116 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x 130 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, 117 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x 131 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, 118 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x 132 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, 119 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x 133 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, 120 0x3131272C, 0x808065A3, 0x73732AB2, 0x 134 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, 121 0x4B4B0292, 0x53536974, 0x94948F36, 0x 135 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, 122 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x 136 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, 123 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x 137 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, 124 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x 138 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, 125 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x 139 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, 126 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x 140 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, 127 0x68683BA6, 0xB8B84D83, 0x38382820, 0x 141 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, 128 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x 142 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, 129 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x 143 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, 130 0x616134AA, 0x57571682, 0x9F9F0B41, 0x 144 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, 131 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0x 145 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, 132 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0x 146 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, 133 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x 147 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, 134 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x 148 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, 135 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x 149 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, 136 0x8181942A, 0x91910149, 0x0F0FFB81, 0x 150 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, 137 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x 151 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, 138 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0x 152 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, 139 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x 153 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, 140 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x 154 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, 141 0x5A5A6678, 0x65654B5C, 0x62624E58, 0x 155 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, 142 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x 156 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, 143 0x89896AAF, 0x10109563, 0x74742FB6, 0x 157 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, 144 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x 158 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, 145 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0x 159 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, 146 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0x 160 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, 147 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x 161 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, 148 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x 162 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, 149 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x 163 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, 150 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0x 164 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, 151 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0x 165 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, 152 0x04047FF6, 0x272746C2, 0xACACA716, 0x 166 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, 153 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x 167 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91}, 154 168 155 { 169 { 156 0xA9D93939, 0x67901717, 0xB3719C9C, 0x 170 0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, 157 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x 171 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, 158 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x 172 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, 159 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0x 173 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, 160 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x 174 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, 161 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0x 175 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, 162 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x 176 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, 163 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0x 177 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, 164 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x 178 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, 165 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0x 179 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, 166 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x 180 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, 167 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x 181 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, 168 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x 182 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, 169 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0x 183 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, 170 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x 184 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, 171 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x 185 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, 172 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0x 186 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, 173 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x 187 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, 174 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x 188 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, 175 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0x 189 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, 176 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x 190 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, 177 0x86135050, 0xE730F7F7, 0xA1D33737, 0x 191 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, 178 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0x 192 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, 179 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0x 193 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, 180 0x20283838, 0xF67F0404, 0x60784848, 0x 194 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, 181 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x 195 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, 182 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0x 196 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, 183 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x 197 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, 184 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x 198 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, 185 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0x 199 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, 186 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x 200 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, 187 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x 201 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, 188 0x28223636, 0x14111B1B, 0x3FDE7575, 0x 202 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, 189 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0x 203 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, 190 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x 204 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, 191 0x8DF40606, 0x74695353, 0xB7749B9B, 0x 205 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, 192 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x 206 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, 193 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x 207 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, 194 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0x 208 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, 195 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0x 209 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, 196 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0x 210 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, 197 0x0FE25151, 0x00000000, 0x6F9A1919, 0x 211 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, 198 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0x 212 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8}, 199 213 200 { 214 { 201 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0x 215 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, 202 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0x 216 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, 203 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x 217 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, 204 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0x 218 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, 205 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x 219 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, 206 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x 220 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, 207 0x598A591C, 0x00000000, 0xCDBCCD93, 0x 221 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, 208 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x 222 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, 209 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x 223 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, 210 0x312C3127, 0x80A38065, 0x73B2732A, 0x 224 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, 211 0x4B924B02, 0x53745369, 0x9436948F, 0x 225 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, 212 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x 226 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, 213 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x 227 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, 214 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x 228 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, 215 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x 229 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, 216 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x 230 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, 217 0x68A6683B, 0xB883B84D, 0x38203828, 0x 231 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, 218 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x 232 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, 219 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x 233 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, 220 0x61AA6134, 0x57825716, 0x9F419F0B, 0x 234 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, 221 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0x 235 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, 222 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0x 236 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, 223 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x 237 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, 224 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x 238 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, 225 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x 239 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, 226 0x812A8194, 0x91499101, 0x0F810FFB, 0x 240 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, 227 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x 241 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, 228 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0x 242 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, 229 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x 243 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, 230 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x 244 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, 231 0x5A785A66, 0x655C654B, 0x6258624E, 0x 245 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, 232 0xF298F2BE, 0x335733AC, 0x17671790, 0x 246 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, 233 0x89AF896A, 0x10631095, 0x74B6742F, 0x 247 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, 234 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x 248 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, 235 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0x 249 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, 236 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0x 250 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, 237 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x 251 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, 238 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x 252 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, 239 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x 253 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, 240 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0x 254 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, 241 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0x 255 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, 242 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0x 256 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, 243 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x 257 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF}, 244 258 245 { 259 { 246 0xD939A9D9, 0x90176790, 0x719CB371, 0x 260 0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, 247 0x6580A365, 0xDFE476DF, 0x08459A08, 0x 261 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, 248 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x 262 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, 249 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x 263 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, 250 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x 264 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, 251 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0x 265 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, 252 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0x 266 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, 253 0x68C23D68, 0x158D5915, 0x21ECF321, 0x 267 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, 254 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x 268 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, 255 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x 269 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, 256 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x 270 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, 257 0x809D3A80, 0x925CF592, 0x810C7381, 0x 271 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, 258 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x 272 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, 259 0x99C3B499, 0x975BF197, 0x8347E183, 0x 273 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, 260 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0x 274 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, 261 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x 275 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, 262 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0x 276 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, 263 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x 277 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, 264 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x 278 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, 265 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0x 279 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, 266 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x 280 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, 267 0x13508613, 0x30F7E730, 0xD337A1D3, 0x 281 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, 268 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x 282 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, 269 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x 283 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, 270 0x28382028, 0x7F04F67F, 0x78486078, 0x 284 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, 271 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0x 285 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, 272 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x 286 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, 273 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0x 287 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, 274 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0x 288 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, 275 0x29A96929, 0x7D4F647D, 0x94812A94, 0x 289 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, 276 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0x 290 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, 277 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0x 291 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, 278 0x22362822, 0x111B1411, 0xDE753FDE, 0x 292 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, 279 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x 293 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, 280 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x 294 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, 281 0xF4068DF4, 0x69537469, 0x749BB774, 0x 295 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, 282 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0x 296 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, 283 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x 297 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, 284 0x26A06526, 0x93CDBC93, 0x03DADB03, 0x 298 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, 285 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x 299 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, 286 0x4C29CA4C, 0x141C1014, 0x73D72173, 0x 300 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, 287 0xE2510FE2, 0x00000000, 0x9A196F9A, 0x 301 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, 288 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0x 302 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8} 289 }; 303 }; 290 304 291 /* The exp_to_poly and poly_to_exp tables are 305 /* The exp_to_poly and poly_to_exp tables are used to perform efficient 292 * operations in GF(2^8) represented as GF(2)[ 306 * operations in GF(2^8) represented as GF(2)[x]/w(x) where 293 * w(x)=x^8+x^6+x^3+x^2+1. We care about doin 307 * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the 294 * definition of the RS matrix in the key sche 308 * definition of the RS matrix in the key schedule. Elements of that field 295 * are polynomials of degree not greater than 309 * are polynomials of degree not greater than 7 and all coefficients 0 or 1, 296 * which can be represented naturally by bytes 310 * which can be represented naturally by bytes (just substitute x=2). In that 297 * form, GF(2^8) addition is the same as bitwi 311 * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8) 298 * multiplication is inefficient without hardw 312 * multiplication is inefficient without hardware support. To multiply 299 * faster, I make use of the fact x is a gener 313 * faster, I make use of the fact x is a generator for the nonzero elements, 300 * so that every element p of GF(2)[x]/w(x) is 314 * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for 301 * some n in 0..254. Note that caret is expon !! 315 * some n in 0..254. Note that that caret is exponentiation in GF(2^8), 302 * *not* polynomial notation. So if I want to 316 * *not* polynomial notation. So if I want to compute pq where p and q are 303 * in GF(2^8), I can just say: 317 * in GF(2^8), I can just say: 304 * 1. if p=0 or q=0 then pq=0 318 * 1. if p=0 or q=0 then pq=0 305 * 2. otherwise, find m and n such that p=x 319 * 2. otherwise, find m and n such that p=x^m and q=x^n 306 * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n 320 * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq 307 * The translations in steps 2 and 3 are looke 321 * The translations in steps 2 and 3 are looked up in the tables 308 * poly_to_exp (for step 2) and exp_to_poly (f 322 * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this 309 * in action, look at the CALC_S macro. As ad 323 * in action, look at the CALC_S macro. As additional wrinkles, note that 310 * one of my operands is always a constant, so 324 * one of my operands is always a constant, so the poly_to_exp lookup on it 311 * is done in advance; I included the original 325 * is done in advance; I included the original values in the comments so 312 * readers can have some chance of recognizing 326 * readers can have some chance of recognizing that this *is* the RS matrix 313 * from the Twofish paper. I've only included 327 * from the Twofish paper. I've only included the table entries I actually 314 * need; I never do a lookup on a variable inp 328 * need; I never do a lookup on a variable input of zero and the biggest 315 * exponents I'll ever see are 254 (variable) 329 * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll 316 * never sum to more than 491. I'm repeating 330 * never sum to more than 491. I'm repeating part of the exp_to_poly table 317 * so that I don't have to do mod-255 reductio 331 * so that I don't have to do mod-255 reduction in the exponent arithmetic. 318 * Since I know my constant operands are never 332 * Since I know my constant operands are never zero, I only have to worry 319 * about zero values in the variable operand, 333 * about zero values in the variable operand, and I do it with a simple 320 * conditional branch. I know conditionals ar 334 * conditional branch. I know conditionals are expensive, but I couldn't 321 * see a non-horrible way of avoiding them, an 335 * see a non-horrible way of avoiding them, and I did manage to group the 322 * statements so that each if covers four grou 336 * statements so that each if covers four group multiplications. */ 323 337 324 static const u8 poly_to_exp[255] = { 338 static const u8 poly_to_exp[255] = { 325 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x 339 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19, 326 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0x 340 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A, 327 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x 341 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C, 328 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0x 342 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B, 329 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x 343 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47, 330 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0x 344 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D, 331 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0x 345 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8, 332 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x 346 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C, 333 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0x 347 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83, 334 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0x 348 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48, 335 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0x 349 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26, 336 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x 350 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E, 337 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x 351 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3, 338 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x 352 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9, 339 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0x 353 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A, 340 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0x 354 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D, 341 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0x 355 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75, 342 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x 356 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84, 343 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x 357 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64, 344 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x 358 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49, 345 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x 359 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF, 346 0x85, 0xC8, 0xA1 360 0x85, 0xC8, 0xA1 347 }; 361 }; 348 362 349 static const u8 exp_to_poly[492] = { 363 static const u8 exp_to_poly[492] = { 350 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x 364 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2, 351 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x 365 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03, 352 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0x 366 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6, 353 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0x 367 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A, 354 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x 368 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63, 355 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x 369 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C, 356 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0x 370 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07, 357 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x 371 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88, 358 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x 372 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12, 359 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0x 373 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7, 360 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0x 374 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C, 361 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x 375 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8, 362 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x 376 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25, 363 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0x 377 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A, 364 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x 378 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE, 365 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x 379 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC, 366 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x 380 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E, 367 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x 381 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92, 368 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x 382 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89, 369 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0x 383 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB, 370 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0x 384 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1, 371 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x 385 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 372 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x 386 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 373 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x 387 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 374 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x 388 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 375 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0x 389 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 376 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0x 390 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 377 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x 391 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 378 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x 392 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 379 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x 393 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 380 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x 394 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 381 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x 395 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 382 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x 396 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 383 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x 397 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 384 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0x 398 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 385 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x 399 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 386 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x 400 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 387 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x 401 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 388 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0x 402 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 389 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x 403 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 390 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x 404 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB 391 }; 405 }; 392 406 393 407 394 /* The table constants are indices of 408 /* The table constants are indices of 395 * S-box entries, preprocessed through q0 and 409 * S-box entries, preprocessed through q0 and q1. */ 396 static const u8 calc_sb_tbl[512] = { 410 static const u8 calc_sb_tbl[512] = { 397 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0x 411 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4, 398 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x 412 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8, 399 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x 413 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B, 400 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x 414 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B, 401 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x 415 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD, 402 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x 416 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1, 403 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x 417 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B, 404 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x 418 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F, 405 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x 419 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B, 406 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x 420 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D, 407 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x 421 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E, 408 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x 422 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5, 409 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x 423 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14, 410 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x 424 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3, 411 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0x 425 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54, 412 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x 426 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51, 413 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0x 427 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A, 414 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x 428 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96, 415 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x 429 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10, 416 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0x 430 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C, 417 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x 431 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7, 418 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x 432 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70, 419 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x 433 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB, 420 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0x 434 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8, 421 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0x 435 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF, 422 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0x 436 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC, 423 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0x 437 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF, 424 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x 438 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2, 425 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0x 439 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82, 426 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0x 440 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9, 427 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x 441 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97, 428 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0x 442 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17, 429 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0x 443 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D, 430 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0x 444 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3, 431 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x 445 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C, 432 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x 446 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E, 433 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0x 447 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F, 434 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0x 448 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49, 435 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x 449 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21, 436 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0x 450 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9, 437 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0x 451 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD, 438 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x 452 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01, 439 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x 453 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F, 440 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x 454 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48, 441 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x 455 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E, 442 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x 456 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19, 443 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x 457 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57, 444 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x 458 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64, 445 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x 459 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE, 446 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x 460 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5, 447 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x 461 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44, 448 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x 462 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69, 449 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x 463 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15, 450 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x 464 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E, 451 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x 465 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34, 452 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x 466 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC, 453 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x 467 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B, 454 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0x 468 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB, 455 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x 469 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52, 456 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0x 470 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9, 457 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0x 471 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4, 458 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x 472 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2, 459 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x 473 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56, 460 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0x 474 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91 461 }; 475 }; 462 476 463 /* Macro to perform one column of the RS matri 477 /* Macro to perform one column of the RS matrix multiplication. The 464 * parameters a, b, c, and d are the four byte 478 * parameters a, b, c, and d are the four bytes of output; i is the index 465 * of the key bytes, and w, x, y, and z, are t 479 * of the key bytes, and w, x, y, and z, are the column of constants from 466 * the RS matrix, preprocessed through the pol 480 * the RS matrix, preprocessed through the poly_to_exp table. */ 467 481 468 #define CALC_S(a, b, c, d, i, w, x, y, z) \ 482 #define CALC_S(a, b, c, d, i, w, x, y, z) \ 469 if (key[i]) { \ 483 if (key[i]) { \ 470 tmp = poly_to_exp[key[i] - 1]; \ 484 tmp = poly_to_exp[key[i] - 1]; \ 471 (a) ^= exp_to_poly[tmp + (w)]; \ 485 (a) ^= exp_to_poly[tmp + (w)]; \ 472 (b) ^= exp_to_poly[tmp + (x)]; \ 486 (b) ^= exp_to_poly[tmp + (x)]; \ 473 (c) ^= exp_to_poly[tmp + (y)]; \ 487 (c) ^= exp_to_poly[tmp + (y)]; \ 474 (d) ^= exp_to_poly[tmp + (z)]; \ 488 (d) ^= exp_to_poly[tmp + (z)]; \ 475 } 489 } 476 490 477 /* Macros to calculate the key-dependent S-box 491 /* Macros to calculate the key-dependent S-boxes for a 128-bit key using 478 * the S vector from CALC_S. CALC_SB_2 comput 492 * the S vector from CALC_S. CALC_SB_2 computes a single entry in all 479 * four S-boxes, where i is the index of the e 493 * four S-boxes, where i is the index of the entry to compute, and a and b 480 * are the index numbers preprocessed through 494 * are the index numbers preprocessed through the q0 and q1 tables 481 * respectively. */ 495 * respectively. */ 482 496 483 #define CALC_SB_2(i, a, b) \ 497 #define CALC_SB_2(i, a, b) \ 484 ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \ 498 ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \ 485 ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \ 499 ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \ 486 ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \ 500 ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \ 487 ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh] 501 ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh] 488 502 489 /* Macro exactly like CALC_SB_2, but for 192-b 503 /* Macro exactly like CALC_SB_2, but for 192-bit keys. */ 490 504 491 #define CALC_SB192_2(i, a, b) \ 505 #define CALC_SB192_2(i, a, b) \ 492 ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] 506 ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] ^ si]; \ 493 ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] 507 ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] ^ sj]; \ 494 ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] 508 ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] ^ sk]; \ 495 ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] 509 ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] ^ sl]; 496 510 497 /* Macro exactly like CALC_SB_2, but for 256-b 511 /* Macro exactly like CALC_SB_2, but for 256-bit keys. */ 498 512 499 #define CALC_SB256_2(i, a, b) \ 513 #define CALC_SB256_2(i, a, b) \ 500 ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ 514 ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \ 501 ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ 515 ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \ 502 ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ 516 ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \ 503 ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ 517 ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp]; 504 518 505 /* Macros to calculate the whitening and round 519 /* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the 506 * last two stages of the h() function for a g 520 * last two stages of the h() function for a given index (either 2i or 2i+1). 507 * a, b, c, and d are the four bytes going int 521 * a, b, c, and d are the four bytes going into the last two stages. For 508 * 128-bit keys, this is the entire h() functi 522 * 128-bit keys, this is the entire h() function and a and c are the index 509 * preprocessed through q0 and q1 respectively 523 * preprocessed through q0 and q1 respectively; for longer keys they are the 510 * output of previous stages. j is the index 524 * output of previous stages. j is the index of the first key byte to use. 511 * CALC_K computes a pair of subkeys for 128-b 525 * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2 512 * twice, doing the Pseudo-Hadamard Transform, 526 * twice, doing the Pseudo-Hadamard Transform, and doing the necessary 513 * rotations. Its parameters are: a, the arra 527 * rotations. Its parameters are: a, the array to write the results into, 514 * j, the index of the first output entry, k a 528 * j, the index of the first output entry, k and l, the preprocessed indices 515 * for index 2i, and m and n, the preprocessed 529 * for index 2i, and m and n, the preprocessed indices for index 2i+1. 516 * CALC_K192_2 expands CALC_K_2 to handle 192- 530 * CALC_K192_2 expands CALC_K_2 to handle 192-bit keys, by doing an 517 * additional lookup-and-XOR stage. The param 531 * additional lookup-and-XOR stage. The parameters a, b, c and d are the 518 * four bytes going into the last three stages 532 * four bytes going into the last three stages. For 192-bit keys, c = d 519 * are the index preprocessed through q0, and 533 * are the index preprocessed through q0, and a = b are the index 520 * preprocessed through q1; j is the index of 534 * preprocessed through q1; j is the index of the first key byte to use. 521 * CALC_K192 is identical to CALC_K but for us 535 * CALC_K192 is identical to CALC_K but for using the CALC_K192_2 macro 522 * instead of CALC_K_2. 536 * instead of CALC_K_2. 523 * CALC_K256_2 expands CALC_K192_2 to handle 2 537 * CALC_K256_2 expands CALC_K192_2 to handle 256-bit keys, by doing an 524 * additional lookup-and-XOR stage. The param 538 * additional lookup-and-XOR stage. The parameters a and b are the index 525 * preprocessed through q0 and q1 respectively 539 * preprocessed through q0 and q1 respectively; j is the index of the first 526 * key byte to use. CALC_K256 is identical to 540 * key byte to use. CALC_K256 is identical to CALC_K but for using the 527 * CALC_K256_2 macro instead of CALC_K_2. */ 541 * CALC_K256_2 macro instead of CALC_K_2. */ 528 542 529 #define CALC_K_2(a, b, c, d, j) \ 543 #define CALC_K_2(a, b, c, d, j) \ 530 mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \ 544 mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \ 531 ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1 545 ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \ 532 ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 546 ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \ 533 ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 547 ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]] 534 548 535 #define CALC_K(a, j, k, l, m, n) \ 549 #define CALC_K(a, j, k, l, m, n) \ 536 x = CALC_K_2 (k, l, k, l, 0); \ 550 x = CALC_K_2 (k, l, k, l, 0); \ 537 y = CALC_K_2 (m, n, m, n, 4); \ 551 y = CALC_K_2 (m, n, m, n, 4); \ 538 y = rol32(y, 8); \ 552 y = rol32(y, 8); \ 539 x += y; y += x; ctx->a[j] = x; \ 553 x += y; y += x; ctx->a[j] = x; \ 540 ctx->a[(j) + 1] = rol32(y, 9) 554 ctx->a[(j) + 1] = rol32(y, 9) 541 555 542 #define CALC_K192_2(a, b, c, d, j) \ 556 #define CALC_K192_2(a, b, c, d, j) \ 543 CALC_K_2 (q0[a ^ key[(j) + 16]], \ 557 CALC_K_2 (q0[a ^ key[(j) + 16]], \ 544 q1[b ^ key[(j) + 17]], \ 558 q1[b ^ key[(j) + 17]], \ 545 q0[c ^ key[(j) + 18]], \ 559 q0[c ^ key[(j) + 18]], \ 546 q1[d ^ key[(j) + 19]], j) 560 q1[d ^ key[(j) + 19]], j) 547 561 548 #define CALC_K192(a, j, k, l, m, n) \ 562 #define CALC_K192(a, j, k, l, m, n) \ 549 x = CALC_K192_2 (l, l, k, k, 0); \ 563 x = CALC_K192_2 (l, l, k, k, 0); \ 550 y = CALC_K192_2 (n, n, m, m, 4); \ 564 y = CALC_K192_2 (n, n, m, m, 4); \ 551 y = rol32(y, 8); \ 565 y = rol32(y, 8); \ 552 x += y; y += x; ctx->a[j] = x; \ 566 x += y; y += x; ctx->a[j] = x; \ 553 ctx->a[(j) + 1] = rol32(y, 9) 567 ctx->a[(j) + 1] = rol32(y, 9) 554 568 555 #define CALC_K256_2(a, b, j) \ 569 #define CALC_K256_2(a, b, j) \ 556 CALC_K192_2 (q1[b ^ key[(j) + 24]], \ 570 CALC_K192_2 (q1[b ^ key[(j) + 24]], \ 557 q1[a ^ key[(j) + 25]], \ 571 q1[a ^ key[(j) + 25]], \ 558 q0[a ^ key[(j) + 26]], \ 572 q0[a ^ key[(j) + 26]], \ 559 q0[b ^ key[(j) + 27]], j) 573 q0[b ^ key[(j) + 27]], j) 560 574 561 #define CALC_K256(a, j, k, l, m, n) \ 575 #define CALC_K256(a, j, k, l, m, n) \ 562 x = CALC_K256_2 (k, l, 0); \ 576 x = CALC_K256_2 (k, l, 0); \ 563 y = CALC_K256_2 (m, n, 4); \ 577 y = CALC_K256_2 (m, n, 4); \ 564 y = rol32(y, 8); \ 578 y = rol32(y, 8); \ 565 x += y; y += x; ctx->a[j] = x; \ 579 x += y; y += x; ctx->a[j] = x; \ 566 ctx->a[(j) + 1] = rol32(y, 9) 580 ctx->a[(j) + 1] = rol32(y, 9) 567 581 568 /* Perform the key setup. */ 582 /* Perform the key setup. */ 569 int __twofish_setkey(struct twofish_ctx *ctx, !! 583 int twofish_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int key_len) 570 unsigned int key_len) << 571 { 584 { >> 585 >> 586 struct twofish_ctx *ctx = crypto_tfm_ctx(tfm); >> 587 u32 *flags = &tfm->crt_flags; >> 588 572 int i, j, k; 589 int i, j, k; 573 590 574 /* Temporaries for CALC_K. */ 591 /* Temporaries for CALC_K. */ 575 u32 x, y; 592 u32 x, y; 576 593 577 /* The S vector used to key the S-boxe 594 /* The S vector used to key the S-boxes, split up into individual bytes. 578 * 128-bit keys use only sa through sh 595 * 128-bit keys use only sa through sh; 256-bit use all of them. */ 579 u8 sa = 0, sb = 0, sc = 0, sd = 0, se 596 u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0; 580 u8 si = 0, sj = 0, sk = 0, sl = 0, sm 597 u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0; 581 598 582 /* Temporary for CALC_S. */ 599 /* Temporary for CALC_S. */ 583 u8 tmp; 600 u8 tmp; 584 601 585 /* Check key length. */ 602 /* Check key length. */ 586 if (key_len % 8) 603 if (key_len % 8) >> 604 { >> 605 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 587 return -EINVAL; /* unsupported 606 return -EINVAL; /* unsupported key length */ >> 607 } 588 608 589 /* Compute the first two words of the 609 /* Compute the first two words of the S vector. The magic numbers are 590 * the entries of the RS matrix, prepr 610 * the entries of the RS matrix, preprocessed through poly_to_exp. The 591 * numbers in the comments are the ori 611 * numbers in the comments are the original (polynomial form) matrix 592 * entries. */ 612 * entries. */ 593 CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 613 CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ 594 CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 614 CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ 595 CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 615 CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ 596 CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 616 CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ 597 CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 617 CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ 598 CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 618 CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ 599 CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 619 CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ 600 CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 620 CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ 601 CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 621 CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ 602 CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 622 CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ 603 CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5 623 CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ 604 CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F 624 CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ 605 CALC_S (se, sf, sg, sh, 12, 0x99, 0x46 625 CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ 606 CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C 626 CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ 607 CALC_S (se, sf, sg, sh, 14, 0xED, 0x37 627 CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ 608 CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0 628 CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ 609 629 610 if (key_len == 24 || key_len == 32) { 630 if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */ 611 /* Calculate the third word of 631 /* Calculate the third word of the S vector */ 612 CALC_S (si, sj, sk, sl, 16, 0x 632 CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ 613 CALC_S (si, sj, sk, sl, 17, 0x 633 CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ 614 CALC_S (si, sj, sk, sl, 18, 0x 634 CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ 615 CALC_S (si, sj, sk, sl, 19, 0x 635 CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ 616 CALC_S (si, sj, sk, sl, 20, 0x 636 CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ 617 CALC_S (si, sj, sk, sl, 21, 0x 637 CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ 618 CALC_S (si, sj, sk, sl, 22, 0x 638 CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ 619 CALC_S (si, sj, sk, sl, 23, 0x 639 CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ 620 } 640 } 621 641 622 if (key_len == 32) { /* 256-bit key */ 642 if (key_len == 32) { /* 256-bit key */ 623 /* Calculate the fourth word o 643 /* Calculate the fourth word of the S vector */ 624 CALC_S (sm, sn, so, sp, 24, 0x 644 CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ 625 CALC_S (sm, sn, so, sp, 25, 0x 645 CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ 626 CALC_S (sm, sn, so, sp, 26, 0x 646 CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ 627 CALC_S (sm, sn, so, sp, 27, 0x 647 CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ 628 CALC_S (sm, sn, so, sp, 28, 0x 648 CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ 629 CALC_S (sm, sn, so, sp, 29, 0x 649 CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ 630 CALC_S (sm, sn, so, sp, 30, 0x 650 CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ 631 CALC_S (sm, sn, so, sp, 31, 0x 651 CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ 632 652 633 /* Compute the S-boxes. */ 653 /* Compute the S-boxes. */ 634 for ( i = j = 0, k = 1; i < 25 654 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { 635 CALC_SB256_2( i, calc_ 655 CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); 636 } 656 } 637 657 638 /* CALC_K256/CALC_K192/CALC_K 658 /* CALC_K256/CALC_K192/CALC_K loops were unrolled. 639 * Unrolling produced x2.5 mor 659 * Unrolling produced x2.5 more code (+18k on i386), 640 * and speeded up key setup by 660 * and speeded up key setup by 7%: 641 * unrolled: twofish_setkey/se 661 * unrolled: twofish_setkey/sec: 41128 642 * loop: twofish_setkey/se 662 * loop: twofish_setkey/sec: 38148 643 * CALC_K256: ~100 insns each 663 * CALC_K256: ~100 insns each 644 * CALC_K192: ~90 insns 664 * CALC_K192: ~90 insns 645 * CALC_K: ~70 insns 665 * CALC_K: ~70 insns 646 */ 666 */ 647 /* Calculate whitening and rou 667 /* Calculate whitening and round subkeys */ 648 for ( i = 0; i < 8; i += 2 ) { 668 for ( i = 0; i < 8; i += 2 ) { 649 CALC_K256 (w, i, q0[i] 669 CALC_K256 (w, i, q0[i], q1[i], q0[i+1], q1[i+1]); 650 } 670 } 651 for ( i = 0; i < 32; i += 2 ) 671 for ( i = 0; i < 32; i += 2 ) { 652 CALC_K256 (k, i, q0[i+ 672 CALC_K256 (k, i, q0[i+8], q1[i+8], q0[i+9], q1[i+9]); 653 } 673 } 654 } else if (key_len == 24) { /* 192-bit 674 } else if (key_len == 24) { /* 192-bit key */ 655 /* Compute the S-boxes. */ 675 /* Compute the S-boxes. */ 656 for ( i = j = 0, k = 1; i < 25 676 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { 657 CALC_SB192_2( i, calc_ 677 CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); 658 } 678 } 659 679 660 /* Calculate whitening and rou 680 /* Calculate whitening and round subkeys */ 661 for ( i = 0; i < 8; i += 2 ) { 681 for ( i = 0; i < 8; i += 2 ) { 662 CALC_K192 (w, i, q0[i] 682 CALC_K192 (w, i, q0[i], q1[i], q0[i+1], q1[i+1]); 663 } 683 } 664 for ( i = 0; i < 32; i += 2 ) 684 for ( i = 0; i < 32; i += 2 ) { 665 CALC_K192 (k, i, q0[i+ 685 CALC_K192 (k, i, q0[i+8], q1[i+8], q0[i+9], q1[i+9]); 666 } 686 } 667 } else { /* 128-bit key */ 687 } else { /* 128-bit key */ 668 /* Compute the S-boxes. */ 688 /* Compute the S-boxes. */ 669 for ( i = j = 0, k = 1; i < 25 689 for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { 670 CALC_SB_2( i, calc_sb_ 690 CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); 671 } 691 } 672 692 673 /* Calculate whitening and rou 693 /* Calculate whitening and round subkeys */ 674 for ( i = 0; i < 8; i += 2 ) { 694 for ( i = 0; i < 8; i += 2 ) { 675 CALC_K (w, i, q0[i], q 695 CALC_K (w, i, q0[i], q1[i], q0[i+1], q1[i+1]); 676 } 696 } 677 for ( i = 0; i < 32; i += 2 ) 697 for ( i = 0; i < 32; i += 2 ) { 678 CALC_K (k, i, q0[i+8], 698 CALC_K (k, i, q0[i+8], q1[i+8], q0[i+9], q1[i+9]); 679 } 699 } 680 } 700 } 681 701 682 return 0; 702 return 0; 683 } 703 } 684 EXPORT_SYMBOL_GPL(__twofish_setkey); << 685 704 686 int twofish_setkey(struct crypto_tfm *tfm, con << 687 { << 688 return __twofish_setkey(crypto_tfm_ctx << 689 } << 690 EXPORT_SYMBOL_GPL(twofish_setkey); 705 EXPORT_SYMBOL_GPL(twofish_setkey); 691 706 692 MODULE_LICENSE("GPL"); 707 MODULE_LICENSE("GPL"); 693 MODULE_DESCRIPTION("Twofish cipher common func 708 MODULE_DESCRIPTION("Twofish cipher common functions"); 694 709

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/crypto/twofish_common.c

Diff markup

Differences between /crypto/twofish_common.c (Version linux-6.11.5) and /crypto/twofish_common.c (Version linux-2.6.32.71)

TOMOYO Linux Cross Reference Linux/crypto/twofish_common.c

Diff markup

Differences between /crypto/twofish_common.c (Version linux-6.11.5) and /crypto/twofish_common.c (Version linux-2.6.32.71)

TOMOYO Linux Cross Reference
Linux/crypto/twofish_common.c