- unsigned nk, nr, nw;
- unsigned i, j, jj;
- const octet *p;
- uint32 ww;
-
- /* --- Sort out the key size --- */
-
- KSZ_ASSERT(rijndael, sz);
- nk = sz / 4;
-
- /* --- Select the number of rounds --- */
-
- nr = nk + 6;
- if (nr < 10)
- nr = 10;
- k->nr = nr;
-
- /* --- Fetch the first key words out --- */
-
- p = buf;
- for (i = 0; i < nk; i++) {
- k->w[i] = LOAD32_L(p);
- p += 4;
- }
-
- /* --- Expand this material to fill the rest of the table --- */
-
- nw = (nr + 1) * (RIJNDAEL_BLKSZ / 4);
- ww = k->w[i - 1];
- p = rcon;
- for (; i < nw; i++) {
- uint32 w = k->w[i - nk];
- if (i % nk == 0) {
- ww = ROR32(ww, 8);
- w ^= SUB(S, ww, ww, ww, ww) ^ *p++;
- } else if (nk > 6 && i % nk == 4)
- w ^= SUB(S, ww, ww, ww, ww);
- else
- w ^= ww;
- k->w[i] = ww = w;
- }
-
- /* --- Make the decryption keys --- */
-
- j = nw;
-
- j -= RIJNDAEL_BLKSZ / 4; jj = 0;
- for (i = 0; i < RIJNDAEL_BLKSZ / 4; i++)
- k->wi[i] = k->w[j + jj++];
-
- for (; i < nw - RIJNDAEL_BLKSZ / 4; i += RIJNDAEL_BLKSZ / 4) {
- j -= RIJNDAEL_BLKSZ / 4;
- for (jj = 0; jj < RIJNDAEL_BLKSZ / 4; jj++) {
- uint32 w = k->w[j + jj];
- k->wi[i + jj] = MIX(U, w, w, w, w);
- }
- }
-
- j -= RIJNDAEL_BLKSZ / 4; jj = 0;
- for (; i < nw; i++)
- k->wi[i] = k->w[j + jj++];