]>
Commit | Line | Data |
---|---|---|
1 | /* $KAME: rijndael-api-fst.c,v 1.1.1.1 2001/08/08 09:56:23 sakane Exp $ */ | |
2 | ||
3 | /* | |
4 | * rijndael-api-fst.c v2.3 April '2000 | |
5 | * | |
6 | * Optimised ANSI C code | |
7 | * | |
8 | * authors: v1.0: Antoon Bosselaers | |
9 | * v2.0: Vincent Rijmen | |
10 | * v2.1: Vincent Rijmen | |
11 | * v2.2: Vincent Rijmen | |
12 | * v2.3: Paulo Barreto | |
13 | * v2.4: Vincent Rijmen | |
14 | * | |
15 | * This code is placed in the public domain. | |
16 | */ | |
17 | ||
18 | #include <sys/param.h> | |
19 | #include <sys/types.h> | |
20 | #ifdef _KERNEL | |
21 | #include <sys/time.h> | |
22 | #include <sys/systm.h> | |
23 | #else | |
24 | #include <string.h> | |
25 | #endif | |
26 | #include <rijndael-alg-fst.h> | |
27 | #include <rijndael-api-fst.h> | |
28 | #include <rijndael_local.h> | |
29 | ||
30 | #include <err.h> | |
31 | #define bcopy(a, b, c) memcpy(b, a, c) | |
32 | #define bzero(a, b) memset(a, 0, b) | |
33 | #define panic(a) err(1, (a)) | |
34 | ||
35 | int rijndael_makeKey(keyInstance *key, BYTE direction, int keyLen, char *keyMaterial) { | |
36 | word8 k[MAXKC][4]; | |
37 | int i; | |
38 | char *keyMat; | |
39 | ||
40 | if (key == NULL) { | |
41 | return BAD_KEY_INSTANCE; | |
42 | } | |
43 | ||
44 | if ((direction == DIR_ENCRYPT) || (direction == DIR_DECRYPT)) { | |
45 | key->direction = direction; | |
46 | } else { | |
47 | return BAD_KEY_DIR; | |
48 | } | |
49 | ||
50 | if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { | |
51 | key->keyLen = keyLen; | |
52 | } else { | |
53 | return BAD_KEY_MAT; | |
54 | } | |
55 | ||
56 | if (keyMaterial != NULL) { | |
57 | bcopy(keyMaterial, key->keyMaterial, keyLen/8); | |
58 | } | |
59 | ||
60 | key->ROUNDS = keyLen/32 + 6; | |
61 | ||
62 | /* initialize key schedule: */ | |
63 | keyMat = key->keyMaterial; | |
64 | for (i = 0; i < key->keyLen/8; i++) { | |
65 | k[i >> 2][i & 3] = (word8)keyMat[i]; | |
66 | } | |
67 | rijndaelKeySched(k, key->keySched, key->ROUNDS); | |
68 | if (direction == DIR_DECRYPT) { | |
69 | rijndaelKeyEncToDec(key->keySched, key->ROUNDS); | |
70 | } | |
71 | ||
72 | return TRUE; | |
73 | } | |
74 | ||
75 | int rijndael_cipherInit(cipherInstance *cipher, BYTE mode, char *IV) { | |
76 | if ((mode == MODE_ECB) || (mode == MODE_CBC) || (mode == MODE_CFB1)) { | |
77 | cipher->mode = mode; | |
78 | } else { | |
79 | return BAD_CIPHER_MODE; | |
80 | } | |
81 | if (IV != NULL) { | |
82 | bcopy(IV, cipher->IV, MAX_IV_SIZE); | |
83 | } else { | |
84 | bzero(cipher->IV, MAX_IV_SIZE); | |
85 | } | |
86 | return TRUE; | |
87 | } | |
88 | ||
89 | int rijndael_blockEncrypt(cipherInstance *cipher, keyInstance *key, | |
90 | BYTE *input, int inputLen, BYTE *outBuffer) { | |
91 | int i, k, numBlocks; | |
92 | word8 block[16], iv[4][4]; | |
93 | ||
94 | if (cipher == NULL || | |
95 | key == NULL || | |
96 | key->direction == DIR_DECRYPT) { | |
97 | return BAD_CIPHER_STATE; | |
98 | } | |
99 | if (input == NULL || inputLen <= 0) { | |
100 | return 0; /* nothing to do */ | |
101 | } | |
102 | ||
103 | numBlocks = inputLen/128; | |
104 | ||
105 | switch (cipher->mode) { | |
106 | case MODE_ECB: | |
107 | for (i = numBlocks; i > 0; i--) { | |
108 | rijndaelEncrypt(input, outBuffer, key->keySched, key->ROUNDS); | |
109 | input += 16; | |
110 | outBuffer += 16; | |
111 | } | |
112 | break; | |
113 | ||
114 | case MODE_CBC: | |
115 | #if 0 /*STRICT_ALIGN*/ | |
116 | bcopy(cipher->IV, block, 16); | |
117 | bcopy(input, iv, 16); | |
118 | ((word32*)block)[0] ^= ((word32*)iv)[0]; | |
119 | ((word32*)block)[1] ^= ((word32*)iv)[1]; | |
120 | ((word32*)block)[2] ^= ((word32*)iv)[2]; | |
121 | ((word32*)block)[3] ^= ((word32*)iv)[3]; | |
122 | #else | |
123 | ((word32*)block)[0] = ((word32*)cipher->IV)[0] ^ ((word32*)input)[0]; | |
124 | ((word32*)block)[1] = ((word32*)cipher->IV)[1] ^ ((word32*)input)[1]; | |
125 | ((word32*)block)[2] = ((word32*)cipher->IV)[2] ^ ((word32*)input)[2]; | |
126 | ((word32*)block)[3] = ((word32*)cipher->IV)[3] ^ ((word32*)input)[3]; | |
127 | #endif | |
128 | rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); | |
129 | input += 16; | |
130 | for (i = numBlocks - 1; i > 0; i--) { | |
131 | #if 0 /*STRICT_ALIGN*/ | |
132 | bcopy(outBuffer, block, 16); | |
133 | ((word32*)block)[0] ^= ((word32*)iv)[0]; | |
134 | ((word32*)block)[1] ^= ((word32*)iv)[1]; | |
135 | ((word32*)block)[2] ^= ((word32*)iv)[2]; | |
136 | ((word32*)block)[3] ^= ((word32*)iv)[3]; | |
137 | #else | |
138 | ((word32*)block)[0] = ((word32*)outBuffer)[0] ^ ((word32*)input)[0]; | |
139 | ((word32*)block)[1] = ((word32*)outBuffer)[1] ^ ((word32*)input)[1]; | |
140 | ((word32*)block)[2] = ((word32*)outBuffer)[2] ^ ((word32*)input)[2]; | |
141 | ((word32*)block)[3] = ((word32*)outBuffer)[3] ^ ((word32*)input)[3]; | |
142 | #endif | |
143 | outBuffer += 16; | |
144 | rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); | |
145 | input += 16; | |
146 | } | |
147 | break; | |
148 | ||
149 | case MODE_CFB1: | |
150 | #if 0 /*STRICT_ALIGN*/ | |
151 | bcopy(cipher->IV, iv, 16); | |
152 | #else /* !STRICT_ALIGN */ | |
153 | *((word32*)iv[0]) = *((word32*)(cipher->IV )); | |
154 | *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); | |
155 | *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); | |
156 | *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); | |
157 | #endif /* ?STRICT_ALIGN */ | |
158 | for (i = numBlocks; i > 0; i--) { | |
159 | for (k = 0; k < 128; k++) { | |
160 | *((word32*) block ) = *((word32*)iv[0]); | |
161 | *((word32*)(block+ 4)) = *((word32*)iv[1]); | |
162 | *((word32*)(block+ 8)) = *((word32*)iv[2]); | |
163 | *((word32*)(block+12)) = *((word32*)iv[3]); | |
164 | rijndaelEncrypt(block, block, key->keySched, key->ROUNDS); | |
165 | outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7); | |
166 | iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7); | |
167 | iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7); | |
168 | iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7); | |
169 | iv[0][3] = (iv[0][3] << 1) | (iv[1][0] >> 7); | |
170 | iv[1][0] = (iv[1][0] << 1) | (iv[1][1] >> 7); | |
171 | iv[1][1] = (iv[1][1] << 1) | (iv[1][2] >> 7); | |
172 | iv[1][2] = (iv[1][2] << 1) | (iv[1][3] >> 7); | |
173 | iv[1][3] = (iv[1][3] << 1) | (iv[2][0] >> 7); | |
174 | iv[2][0] = (iv[2][0] << 1) | (iv[2][1] >> 7); | |
175 | iv[2][1] = (iv[2][1] << 1) | (iv[2][2] >> 7); | |
176 | iv[2][2] = (iv[2][2] << 1) | (iv[2][3] >> 7); | |
177 | iv[2][3] = (iv[2][3] << 1) | (iv[3][0] >> 7); | |
178 | iv[3][0] = (iv[3][0] << 1) | (iv[3][1] >> 7); | |
179 | iv[3][1] = (iv[3][1] << 1) | (iv[3][2] >> 7); | |
180 | iv[3][2] = (iv[3][2] << 1) | (iv[3][3] >> 7); | |
181 | iv[3][3] = (iv[3][3] << 1) | ((outBuffer[k/8] >> (7-(k&7))) & 1); | |
182 | } | |
183 | } | |
184 | break; | |
185 | ||
186 | default: | |
187 | return BAD_CIPHER_STATE; | |
188 | } | |
189 | ||
190 | return 128*numBlocks; | |
191 | } | |
192 | ||
193 | /** | |
194 | * Encrypt data partitioned in octets, using RFC 2040-like padding. | |
195 | * | |
196 | * @param input data to be encrypted (octet sequence) | |
197 | * @param inputOctets input length in octets (not bits) | |
198 | * @param outBuffer encrypted output data | |
199 | * | |
200 | * @return length in octets (not bits) of the encrypted output buffer. | |
201 | */ | |
202 | int rijndael_padEncrypt(cipherInstance *cipher, keyInstance *key, | |
203 | BYTE *input, int inputOctets, BYTE *outBuffer) { | |
204 | int i, numBlocks, padLen; | |
205 | word8 block[16], *iv, *cp; | |
206 | ||
207 | if (cipher == NULL || | |
208 | key == NULL || | |
209 | key->direction == DIR_DECRYPT) { | |
210 | return BAD_CIPHER_STATE; | |
211 | } | |
212 | if (input == NULL || inputOctets <= 0) { | |
213 | return 0; /* nothing to do */ | |
214 | } | |
215 | ||
216 | numBlocks = inputOctets/16; | |
217 | ||
218 | switch (cipher->mode) { | |
219 | case MODE_ECB: | |
220 | for (i = numBlocks; i > 0; i--) { | |
221 | rijndaelEncrypt(input, outBuffer, key->keySched, key->ROUNDS); | |
222 | input += 16; | |
223 | outBuffer += 16; | |
224 | } | |
225 | padLen = 16 - (inputOctets - 16*numBlocks); | |
226 | if (padLen > 0 && padLen <= 16) | |
227 | panic("rijndael_padEncrypt(ECB)"); | |
228 | bcopy(input, block, 16 - padLen); | |
229 | for (cp = block + 16 - padLen; cp < block + 16; cp++) | |
230 | *cp = padLen; | |
231 | rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); | |
232 | break; | |
233 | ||
234 | case MODE_CBC: | |
235 | iv = cipher->IV; | |
236 | for (i = numBlocks; i > 0; i--) { | |
237 | ((word32*)block)[0] = ((word32*)input)[0] ^ ((word32*)iv)[0]; | |
238 | ((word32*)block)[1] = ((word32*)input)[1] ^ ((word32*)iv)[1]; | |
239 | ((word32*)block)[2] = ((word32*)input)[2] ^ ((word32*)iv)[2]; | |
240 | ((word32*)block)[3] = ((word32*)input)[3] ^ ((word32*)iv)[3]; | |
241 | rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); | |
242 | iv = outBuffer; | |
243 | input += 16; | |
244 | outBuffer += 16; | |
245 | } | |
246 | #if 0 /*XXX i'm not sure that is correct. sakane@kame.net */ | |
247 | padLen = 16 - (inputOctets - 16*numBlocks); | |
248 | #else | |
249 | padLen = 16 - inputOctets % 16; | |
250 | if (padLen == 16) | |
251 | padLen = 0; | |
252 | #endif | |
253 | if (padLen > 0 && padLen <= 16) | |
254 | panic("rijndael_padEncrypt(CBC)"); | |
255 | for (i = 0; i < 16 - padLen; i++) { | |
256 | block[i] = input[i] ^ iv[i]; | |
257 | } | |
258 | for (i = 16 - padLen; i < 16; i++) { | |
259 | block[i] = (BYTE)padLen ^ iv[i]; | |
260 | } | |
261 | rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); | |
262 | break; | |
263 | ||
264 | default: | |
265 | return BAD_CIPHER_STATE; | |
266 | } | |
267 | ||
268 | return 16*(numBlocks + 1); | |
269 | } | |
270 | ||
271 | int rijndael_blockDecrypt(cipherInstance *cipher, keyInstance *key, | |
272 | BYTE *input, int inputLen, BYTE *outBuffer) { | |
273 | int i, k, numBlocks; | |
274 | word8 block[16], iv[4][4]; | |
275 | ||
276 | if (cipher == NULL || | |
277 | key == NULL || | |
278 | (cipher->mode != MODE_CFB1 && key->direction == DIR_ENCRYPT)) { | |
279 | return BAD_CIPHER_STATE; | |
280 | } | |
281 | if (input == NULL || inputLen <= 0) { | |
282 | return 0; /* nothing to do */ | |
283 | } | |
284 | ||
285 | numBlocks = inputLen/128; | |
286 | ||
287 | switch (cipher->mode) { | |
288 | case MODE_ECB: | |
289 | for (i = numBlocks; i > 0; i--) { | |
290 | rijndaelDecrypt(input, outBuffer, key->keySched, key->ROUNDS); | |
291 | input += 16; | |
292 | outBuffer += 16; | |
293 | } | |
294 | break; | |
295 | ||
296 | case MODE_CBC: | |
297 | #if 0 /*STRICT_ALIGN */ | |
298 | bcopy(cipher->IV, iv, 16); | |
299 | #else | |
300 | *((word32*)iv[0]) = *((word32*)(cipher->IV )); | |
301 | *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); | |
302 | *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); | |
303 | *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); | |
304 | #endif | |
305 | for (i = numBlocks; i > 0; i--) { | |
306 | rijndaelDecrypt(input, block, key->keySched, key->ROUNDS); | |
307 | ((word32*)block)[0] ^= *((word32*)iv[0]); | |
308 | ((word32*)block)[1] ^= *((word32*)iv[1]); | |
309 | ((word32*)block)[2] ^= *((word32*)iv[2]); | |
310 | ((word32*)block)[3] ^= *((word32*)iv[3]); | |
311 | #if 0 /*STRICT_ALIGN*/ | |
312 | bcopy(input, iv, 16); | |
313 | bcopy(block, outBuffer, 16); | |
314 | #else | |
315 | *((word32*)iv[0]) = ((word32*)input)[0]; ((word32*)outBuffer)[0] = ((word32*)block)[0]; | |
316 | *((word32*)iv[1]) = ((word32*)input)[1]; ((word32*)outBuffer)[1] = ((word32*)block)[1]; | |
317 | *((word32*)iv[2]) = ((word32*)input)[2]; ((word32*)outBuffer)[2] = ((word32*)block)[2]; | |
318 | *((word32*)iv[3]) = ((word32*)input)[3]; ((word32*)outBuffer)[3] = ((word32*)block)[3]; | |
319 | #endif | |
320 | input += 16; | |
321 | outBuffer += 16; | |
322 | } | |
323 | break; | |
324 | ||
325 | case MODE_CFB1: | |
326 | #if 0 /*STRICT_ALIGN */ | |
327 | bcopy(cipher->IV, iv, 16); | |
328 | #else | |
329 | *((word32*)iv[0]) = *((word32*)(cipher->IV)); | |
330 | *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); | |
331 | *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); | |
332 | *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); | |
333 | #endif | |
334 | for (i = numBlocks; i > 0; i--) { | |
335 | for (k = 0; k < 128; k++) { | |
336 | *((word32*) block ) = *((word32*)iv[0]); | |
337 | *((word32*)(block+ 4)) = *((word32*)iv[1]); | |
338 | *((word32*)(block+ 8)) = *((word32*)iv[2]); | |
339 | *((word32*)(block+12)) = *((word32*)iv[3]); | |
340 | rijndaelEncrypt(block, block, key->keySched, key->ROUNDS); | |
341 | iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7); | |
342 | iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7); | |
343 | iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7); | |
344 | iv[0][3] = (iv[0][3] << 1) | (iv[1][0] >> 7); | |
345 | iv[1][0] = (iv[1][0] << 1) | (iv[1][1] >> 7); | |
346 | iv[1][1] = (iv[1][1] << 1) | (iv[1][2] >> 7); | |
347 | iv[1][2] = (iv[1][2] << 1) | (iv[1][3] >> 7); | |
348 | iv[1][3] = (iv[1][3] << 1) | (iv[2][0] >> 7); | |
349 | iv[2][0] = (iv[2][0] << 1) | (iv[2][1] >> 7); | |
350 | iv[2][1] = (iv[2][1] << 1) | (iv[2][2] >> 7); | |
351 | iv[2][2] = (iv[2][2] << 1) | (iv[2][3] >> 7); | |
352 | iv[2][3] = (iv[2][3] << 1) | (iv[3][0] >> 7); | |
353 | iv[3][0] = (iv[3][0] << 1) | (iv[3][1] >> 7); | |
354 | iv[3][1] = (iv[3][1] << 1) | (iv[3][2] >> 7); | |
355 | iv[3][2] = (iv[3][2] << 1) | (iv[3][3] >> 7); | |
356 | iv[3][3] = (iv[3][3] << 1) | ((input[k/8] >> (7-(k&7))) & 1); | |
357 | outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7); | |
358 | } | |
359 | } | |
360 | break; | |
361 | ||
362 | default: | |
363 | return BAD_CIPHER_STATE; | |
364 | } | |
365 | ||
366 | return 128*numBlocks; | |
367 | } | |
368 | ||
369 | int rijndael_padDecrypt(cipherInstance *cipher, keyInstance *key, | |
370 | BYTE *input, int inputOctets, BYTE *outBuffer) { | |
371 | int i, numBlocks, padLen; | |
372 | word8 block[16]; | |
373 | word32 iv[4]; | |
374 | ||
375 | if (cipher == NULL || | |
376 | key == NULL || | |
377 | key->direction == DIR_ENCRYPT) { | |
378 | return BAD_CIPHER_STATE; | |
379 | } | |
380 | if (input == NULL || inputOctets <= 0) { | |
381 | return 0; /* nothing to do */ | |
382 | } | |
383 | if (inputOctets % 16 != 0) { | |
384 | return BAD_DATA; | |
385 | } | |
386 | ||
387 | numBlocks = inputOctets/16; | |
388 | ||
389 | switch (cipher->mode) { | |
390 | case MODE_ECB: | |
391 | /* all blocks but last */ | |
392 | for (i = numBlocks - 1; i > 0; i--) { | |
393 | rijndaelDecrypt(input, outBuffer, key->keySched, key->ROUNDS); | |
394 | input += 16; | |
395 | outBuffer += 16; | |
396 | } | |
397 | /* last block */ | |
398 | rijndaelDecrypt(input, block, key->keySched, key->ROUNDS); | |
399 | padLen = block[15]; | |
400 | if (padLen >= 16) { | |
401 | return BAD_DATA; | |
402 | } | |
403 | for (i = 16 - padLen; i < 16; i++) { | |
404 | if (block[i] != padLen) { | |
405 | return BAD_DATA; | |
406 | } | |
407 | } | |
408 | bcopy(block, outBuffer, 16 - padLen); | |
409 | break; | |
410 | ||
411 | case MODE_CBC: | |
412 | bcopy(cipher->IV, iv, 16); | |
413 | /* all blocks but last */ | |
414 | for (i = numBlocks - 1; i > 0; i--) { | |
415 | rijndaelDecrypt(input, block, key->keySched, key->ROUNDS); | |
416 | ((word32*)block)[0] ^= iv[0]; | |
417 | ((word32*)block)[1] ^= iv[1]; | |
418 | ((word32*)block)[2] ^= iv[2]; | |
419 | ((word32*)block)[3] ^= iv[3]; | |
420 | bcopy(input, iv, 16); | |
421 | bcopy(block, outBuffer, 16); | |
422 | input += 16; | |
423 | outBuffer += 16; | |
424 | } | |
425 | /* last block */ | |
426 | rijndaelDecrypt(input, block, key->keySched, key->ROUNDS); | |
427 | ((word32*)block)[0] ^= iv[0]; | |
428 | ((word32*)block)[1] ^= iv[1]; | |
429 | ((word32*)block)[2] ^= iv[2]; | |
430 | ((word32*)block)[3] ^= iv[3]; | |
431 | padLen = block[15]; | |
432 | if (padLen <= 0 || padLen > 16) { | |
433 | return BAD_DATA; | |
434 | } | |
435 | for (i = 16 - padLen; i < 16; i++) { | |
436 | if (block[i] != padLen) { | |
437 | return BAD_DATA; | |
438 | } | |
439 | } | |
440 | bcopy(block, outBuffer, 16 - padLen); | |
441 | break; | |
442 | ||
443 | default: | |
444 | return BAD_CIPHER_STATE; | |
445 | } | |
446 | ||
447 | return 16*numBlocks - padLen; | |
448 | } | |
449 | ||
450 | #ifdef INTERMEDIATE_VALUE_KAT | |
451 | /** | |
452 | * cipherUpdateRounds: | |
453 | * | |
454 | * Encrypts/Decrypts exactly one full block a specified number of rounds. | |
455 | * Only used in the Intermediate Value Known Answer Test. | |
456 | * | |
457 | * Returns: | |
458 | * TRUE - on success | |
459 | * BAD_CIPHER_STATE - cipher in bad state (e.g., not initialized) | |
460 | */ | |
461 | int rijndael_cipherUpdateRounds(cipherInstance *cipher, keyInstance *key, | |
462 | BYTE *input, int inputLen, BYTE *outBuffer, int rounds) { | |
463 | int j; | |
464 | word8 block[4][4]; | |
465 | ||
466 | if (cipher == NULL || key == NULL) { | |
467 | return BAD_CIPHER_STATE; | |
468 | } | |
469 | ||
470 | for (j = 3; j >= 0; j--) { | |
471 | /* parse input stream into rectangular array */ | |
472 | *((word32*)block[j]) = *((word32*)(input+4*j)); | |
473 | } | |
474 | ||
475 | switch (key->direction) { | |
476 | case DIR_ENCRYPT: | |
477 | rijndaelEncryptRound(block, key->keySched, key->ROUNDS, rounds); | |
478 | break; | |
479 | ||
480 | case DIR_DECRYPT: | |
481 | rijndaelDecryptRound(block, key->keySched, key->ROUNDS, rounds); | |
482 | break; | |
483 | ||
484 | default: | |
485 | return BAD_KEY_DIR; | |
486 | } | |
487 | ||
488 | for (j = 3; j >= 0; j--) { | |
489 | /* parse rectangular array into output ciphertext bytes */ | |
490 | *((word32*)(outBuffer+4*j)) = *((word32*)block[j]); | |
491 | } | |
492 | ||
493 | return TRUE; | |
494 | } | |
495 | #endif /* INTERMEDIATE_VALUE_KAT */ |