In-kernel crypto framework derived from openbsd. This facility provides

a consistent interface to h/w and s/w crypto algorithms for use by the kernel and (for h/w at least) by user-mode apps. Access for user-level code is through a /dev/crypto device that'll eventually be used by openssl to (potentially) accelerate many applications. Coming soon is an IPsec that makes use of this service to accelerate ESP, AH, and IPCOMP protocols. Included here is the "core" crypto support, /dev/crypto driver, various crypto algorithms that are not already present in the KAME crypto area, and support routines used by crypto device drivers. Obtained from: openbsd
author: sam <sam@FreeBSD.org> 2002-10-04 20:31:23 +0000
committer: sam <sam@FreeBSD.org> 2002-10-04 20:31:23 +0000
commit: 91416784e40204fddb837d3327a21b7fe803599b (patch)
tree: 031839b89be777f8989910a091b189457858c99d /sys/opencrypto
parent: 16827939fabe12f22c5b06ee3fdf29f6c10b1de2 (diff)
download: FreeBSD-src-91416784e40204fddb837d3327a21b7fe803599b.zip
FreeBSD-src-91416784e40204fddb837d3327a21b7fe803599b.tar.gz
21 files changed, 7317 insertions, 0 deletions
diff --git a/sys/opencrypto/cast.c b/sys/opencrypto/cast.c
new file mode 100644
index 0000000..6e0af0e
--- /dev/null
+++ b/sys/opencrypto/cast.c
@@ -0,0 +1,243 @@
+/*	$FreeBSD$	*/
+/*      $OpenBSD: cast.c,v 1.2 2000/06/06 06:49:47 deraadt Exp $       */
+
+/*
+ *	CAST-128 in C
+ *	Written by Steve Reid <sreid@sea-to-sky.net>
+ *	100% Public Domain - no warranty
+ *	Released 1997.10.11
+ */
+
+#include <sys/types.h>
+#include <opencrypto/cast.h>
+#include <opencrypto/castsb.h>
+
+/* Macros to access 8-bit bytes out of a 32-bit word */
+#define U_INT8_Ta(x) ( (u_int8_t) (x>>24) )
+#define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) )
+#define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) )
+#define U_INT8_Td(x) ( (u_int8_t) ((x)&255) )
+
+/* Circular left shift */
+#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
+
+/* CAST-128 uses three different round functions */
+#define F1(l, r, i) \
+	t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
+	l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \
+	 cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)];
+#define F2(l, r, i) \
+	t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
+	l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \
+	 cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)];
+#define F3(l, r, i) \
+	t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
+	l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \
+	 cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)];
+
+
+/***** Encryption Function *****/
+
+void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
+{
+u_int32_t t, l, r;
+
+	/* Get inblock into l,r */
+	l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
+	 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
+	r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
+	 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
+	/* Do the work */
+	F1(l, r,  0);
+	F2(r, l,  1);
+	F3(l, r,  2);
+	F1(r, l,  3);
+	F2(l, r,  4);
+	F3(r, l,  5);
+	F1(l, r,  6);
+	F2(r, l,  7);
+	F3(l, r,  8);
+	F1(r, l,  9);
+	F2(l, r, 10);
+	F3(r, l, 11);
+	/* Only do full 16 rounds if key length > 80 bits */
+	if (key->rounds > 12) {
+		F1(l, r, 12);
+		F2(r, l, 13);
+		F3(l, r, 14);
+		F1(r, l, 15);
+	}
+	/* Put l,r into outblock */
+	outblock[0] = U_INT8_Ta(r);
+	outblock[1] = U_INT8_Tb(r);
+	outblock[2] = U_INT8_Tc(r);
+	outblock[3] = U_INT8_Td(r);
+	outblock[4] = U_INT8_Ta(l);
+	outblock[5] = U_INT8_Tb(l);
+	outblock[6] = U_INT8_Tc(l);
+	outblock[7] = U_INT8_Td(l);
+	/* Wipe clean */
+	t = l = r = 0;
+}
+
+
+/***** Decryption Function *****/
+
+void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
+{
+u_int32_t t, l, r;
+
+	/* Get inblock into l,r */
+	r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
+	 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
+	l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
+	 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
+	/* Do the work */
+	/* Only do full 16 rounds if key length > 80 bits */
+	if (key->rounds > 12) {
+		F1(r, l, 15);
+		F3(l, r, 14);
+		F2(r, l, 13);
+		F1(l, r, 12);
+	}
+	F3(r, l, 11);
+	F2(l, r, 10);
+	F1(r, l,  9);
+	F3(l, r,  8);
+	F2(r, l,  7);
+	F1(l, r,  6);
+	F3(r, l,  5);
+	F2(l, r,  4);
+	F1(r, l,  3);
+	F3(l, r,  2);
+	F2(r, l,  1);
+	F1(l, r,  0);
+	/* Put l,r into outblock */
+	outblock[0] = U_INT8_Ta(l);
+	outblock[1] = U_INT8_Tb(l);
+	outblock[2] = U_INT8_Tc(l);
+	outblock[3] = U_INT8_Td(l);
+	outblock[4] = U_INT8_Ta(r);
+	outblock[5] = U_INT8_Tb(r);
+	outblock[6] = U_INT8_Tc(r);
+	outblock[7] = U_INT8_Td(r);
+	/* Wipe clean */
+	t = l = r = 0;
+}
+
+
+/***** Key Schedual *****/
+
+void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes)
+{
+u_int32_t t[4], z[4], x[4];
+int i;
+
+	/* Set number of rounds to 12 or 16, depending on key length */
+	key->rounds = (keybytes <= 10 ? 12 : 16);
+
+	/* Copy key to workspace x */
+	for (i = 0; i < 4; i++) {
+		x[i] = 0;
+		if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
+		if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
+		if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
+		if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
+	}
+	/* Generate 32 subkeys, four at a time */
+	for (i = 0; i < 32; i+=4) {
+		switch (i & 4) {
+		 case 0:
+			t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^
+			 cast_sbox6[U_INT8_Td(x[3])] ^ cast_sbox7[U_INT8_Ta(x[3])] ^
+			 cast_sbox8[U_INT8_Tc(x[3])] ^ cast_sbox7[U_INT8_Ta(x[2])];
+			t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^
+			 cast_sbox6[U_INT8_Tc(z[0])] ^ cast_sbox7[U_INT8_Tb(z[0])] ^
+			 cast_sbox8[U_INT8_Td(z[0])] ^ cast_sbox8[U_INT8_Tc(x[2])];
+			t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^
+			 cast_sbox6[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Tb(z[1])] ^
+			 cast_sbox8[U_INT8_Ta(z[1])] ^ cast_sbox5[U_INT8_Tb(x[2])];
+			t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^
+			 cast_sbox6[U_INT8_Tb(z[2])] ^ cast_sbox7[U_INT8_Td(z[2])] ^
+			 cast_sbox8[U_INT8_Ta(z[2])] ^ cast_sbox6[U_INT8_Td(x[2])];
+			break;
+		 case 4:
+			t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^
+			 cast_sbox6[U_INT8_Td(z[1])] ^ cast_sbox7[U_INT8_Ta(z[1])] ^
+			 cast_sbox8[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Ta(z[0])];
+			t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^
+			 cast_sbox6[U_INT8_Tc(x[0])] ^ cast_sbox7[U_INT8_Tb(x[0])] ^
+			 cast_sbox8[U_INT8_Td(x[0])] ^ cast_sbox8[U_INT8_Tc(z[0])];
+			t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^
+			 cast_sbox6[U_INT8_Tc(x[1])] ^ cast_sbox7[U_INT8_Tb(x[1])] ^
+			 cast_sbox8[U_INT8_Ta(x[1])] ^ cast_sbox5[U_INT8_Tb(z[0])];
+			t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^
+			 cast_sbox6[U_INT8_Tb(x[2])] ^ cast_sbox7[U_INT8_Td(x[2])] ^
+			 cast_sbox8[U_INT8_Ta(x[2])] ^ cast_sbox6[U_INT8_Td(z[0])];
+			break;
+		}
+		switch (i & 12) {
+		 case 0:
+		 case 12:
+			key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^ cast_sbox6[U_INT8_Tb(t[2])] ^
+			 cast_sbox7[U_INT8_Td(t[1])] ^ cast_sbox8[U_INT8_Tc(t[1])];
+			key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^ cast_sbox6[U_INT8_Td(t[2])] ^
+			 cast_sbox7[U_INT8_Tb(t[1])] ^ cast_sbox8[U_INT8_Ta(t[1])];
+			key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^ cast_sbox6[U_INT8_Tb(t[3])] ^
+			 cast_sbox7[U_INT8_Td(t[0])] ^ cast_sbox8[U_INT8_Tc(t[0])];
+			key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^ cast_sbox6[U_INT8_Td(t[3])] ^
+			 cast_sbox7[U_INT8_Tb(t[0])] ^ cast_sbox8[U_INT8_Ta(t[0])];
+			break;
+		 case 4:
+		 case 8:
+			key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^ cast_sbox6[U_INT8_Tc(t[0])] ^
+			 cast_sbox7[U_INT8_Ta(t[3])] ^ cast_sbox8[U_INT8_Tb(t[3])];
+			key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^ cast_sbox6[U_INT8_Ta(t[0])] ^
+			 cast_sbox7[U_INT8_Tc(t[3])] ^ cast_sbox8[U_INT8_Td(t[3])];
+			key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^ cast_sbox6[U_INT8_Tc(t[1])] ^
+			 cast_sbox7[U_INT8_Ta(t[2])] ^ cast_sbox8[U_INT8_Tb(t[2])];
+			key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^ cast_sbox6[U_INT8_Ta(t[1])] ^
+			 cast_sbox7[U_INT8_Tc(t[2])] ^ cast_sbox8[U_INT8_Td(t[2])];
+			break;
+		}
+		switch (i & 12) {
+		 case 0:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])];
+			break;
+		 case 4:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])];
+			break;
+		 case 8:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])];
+			break;
+		 case 12:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])];
+			break;
+		}
+		if (i >= 16) {
+			key->xkey[i+0] &= 31;
+			key->xkey[i+1] &= 31;
+			key->xkey[i+2] &= 31;
+			key->xkey[i+3] &= 31;
+		}
+	}
+	/* Wipe clean */
+	for (i = 0; i < 4; i++) {
+		t[i] = x[i] = z[i] = 0;
+	}
+}
+
+/* Made in Canada */
+
diff --git a/sys/opencrypto/cast.h b/sys/opencrypto/cast.h
new file mode 100644
index 0000000..06aaf9d
--- /dev/null
+++ b/sys/opencrypto/cast.h
@@ -0,0 +1,23 @@
+/*	$FreeBSD$	*/
+/*      $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $       */
+
+/*
+ *	CAST-128 in C
+ *	Written by Steve Reid <sreid@sea-to-sky.net>
+ *	100% Public Domain - no warranty
+ *	Released 1997.10.11
+ */
+
+#ifndef _CAST_H_
+#define _CAST_H_
+
+typedef struct {
+	u_int32_t	xkey[32];	/* Key, after expansion */
+	int		rounds;		/* Number of rounds to use, 12 or 16 */
+} cast_key;
+
+void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes);
+void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+
+#endif /* ifndef _CAST_H_ */
diff --git a/sys/opencrypto/castsb.h b/sys/opencrypto/castsb.h
new file mode 100644
index 0000000..739d06e
--- /dev/null
+++ b/sys/opencrypto/castsb.h
@@ -0,0 +1,545 @@
+/*	$FreeBSD$	*/
+/*      $OpenBSD: castsb.h,v 1.1 2000/02/28 23:13:04 deraadt Exp $       */
+/*
+ *	CAST-128 in C
+ *	Written by Steve Reid <sreid@sea-to-sky.net>
+ *	100% Public Domain - no warranty
+ *	Released 1997.10.11
+ */
+
+static const u_int32_t cast_sbox1[256] = {
+	0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
+	0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
+	0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
+	0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
+	0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
+	0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
+	0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
+	0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
+	0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
+	0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
+	0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
+	0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
+	0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
+	0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
+	0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
+	0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
+	0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
+	0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
+	0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
+	0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
+	0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
+	0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
+	0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
+	0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
+	0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
+	0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
+	0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
+	0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
+	0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
+	0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
+	0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
+	0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
+	0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
+	0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
+	0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
+	0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
+	0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
+	0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
+	0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
+	0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
+	0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
+	0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
+	0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
+	0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
+	0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
+	0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
+	0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
+	0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
+	0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
+	0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
+	0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
+	0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
+	0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
+	0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
+	0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
+	0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
+	0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
+	0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
+	0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
+	0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
+	0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
+	0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
+	0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
+	0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
+};
+
+static const u_int32_t cast_sbox2[256] = {
+	0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
+	0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
+	0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
+	0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
+	0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
+	0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
+	0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
+	0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
+	0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
+	0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
+	0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
+	0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
+	0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
+	0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
+	0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
+	0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
+	0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
+	0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
+	0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
+	0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
+	0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
+	0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
+	0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
+	0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
+	0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
+	0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
+	0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
+	0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
+	0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
+	0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
+	0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
+	0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
+	0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
+	0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
+	0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
+	0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
+	0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
+	0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
+	0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
+	0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
+	0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
+	0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
+	0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
+	0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
+	0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
+	0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
+	0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
+	0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
+	0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
+	0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
+	0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
+	0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
+	0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
+	0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
+	0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
+	0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
+	0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
+	0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
+	0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
+	0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
+	0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
+	0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
+	0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
+	0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
+};
+
+static const u_int32_t cast_sbox3[256] = {
+	0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
+	0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
+	0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
+	0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
+	0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
+	0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
+	0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
+	0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
+	0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
+	0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
+	0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
+	0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
+	0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
+	0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
+	0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
+	0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
+	0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
+	0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
+	0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
+	0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
+	0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
+	0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
+	0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
+	0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
+	0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
+	0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
+	0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
+	0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
+	0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
+	0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
+	0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
+	0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
+	0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
+	0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
+	0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
+	0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
+	0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
+	0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
+	0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
+	0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
+	0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
+	0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
+	0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
+	0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
+	0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
+	0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
+	0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
+	0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
+	0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
+	0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
+	0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
+	0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
+	0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
+	0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
+	0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
+	0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
+	0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
+	0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
+	0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
+	0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
+	0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
+	0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
+	0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
+	0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
+};
+
+static const u_int32_t cast_sbox4[256] = {
+	0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
+	0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
+	0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
+	0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
+	0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
+	0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
+	0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
+	0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
+	0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
+	0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
+	0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
+	0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
+	0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
+	0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
+	0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
+	0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
+	0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
+	0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
+	0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
+	0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
+	0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
+	0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
+	0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
+	0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
+	0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
+	0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
+	0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
+	0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
+	0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
+	0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
+	0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
+	0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
+	0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
+	0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
+	0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
+	0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
+	0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
+	0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
+	0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
+	0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
+	0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
+	0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
+	0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
+	0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
+	0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
+	0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
+	0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
+	0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
+	0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
+	0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
+	0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
+	0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
+	0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
+	0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
+	0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
+	0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
+	0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
+	0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
+	0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
+	0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
+	0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
+	0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
+	0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
+	0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
+};
+
+static const u_int32_t cast_sbox5[256] = {
+	0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
+	0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
+	0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
+	0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
+	0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
+	0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
+	0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
+	0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
+	0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
+	0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
+	0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
+	0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
+	0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
+	0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
+	0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
+	0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
+	0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
+	0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
+	0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
+	0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
+	0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
+	0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
+	0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
+	0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
+	0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
+	0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
+	0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
+	0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
+	0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
+	0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
+	0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
+	0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
+	0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
+	0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
+	0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
+	0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
+	0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
+	0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
+	0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
+	0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
+	0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
+	0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
+	0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
+	0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
+	0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
+	0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
+	0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
+	0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
+	0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
+	0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
+	0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
+	0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
+	0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
+	0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
+	0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
+	0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
+	0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
+	0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
+	0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
+	0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
+	0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
+	0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
+	0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
+	0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
+};
+
+static const u_int32_t cast_sbox6[256] = {
+	0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
+	0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
+	0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
+	0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
+	0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
+	0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
+	0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
+	0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
+	0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
+	0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
+	0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
+	0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
+	0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
+	0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
+	0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
+	0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
+	0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
+	0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
+	0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
+	0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
+	0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
+	0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
+	0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
+	0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
+	0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
+	0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
+	0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
+	0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
+	0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
+	0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
+	0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
+	0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
+	0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
+	0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
+	0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
+	0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
+	0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
+	0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
+	0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
+	0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
+	0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
+	0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
+	0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
+	0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
+	0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
+	0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
+	0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
+	0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
+	0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
+	0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
+	0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
+	0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
+	0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
+	0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
+	0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
+	0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
+	0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
+	0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
+	0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
+	0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
+	0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
+	0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
+	0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
+	0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
+};
+
+static const u_int32_t cast_sbox7[256] = {
+	0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
+	0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
+	0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
+	0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
+	0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
+	0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
+	0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
+	0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
+	0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
+	0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
+	0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
+	0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
+	0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
+	0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
+	0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
+	0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
+	0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
+	0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
+	0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
+	0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
+	0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
+	0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
+	0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
+	0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
+	0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
+	0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
+	0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
+	0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
+	0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
+	0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
+	0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
+	0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
+	0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
+	0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
+	0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
+	0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
+	0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
+	0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
+	0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
+	0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
+	0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
+	0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
+	0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
+	0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
+	0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
+	0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
+	0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
+	0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
+	0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
+	0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
+	0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
+	0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
+	0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
+	0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
+	0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
+	0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
+	0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
+	0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
+	0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
+	0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
+	0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
+	0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
+	0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
+	0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
+};
+
+static const u_int32_t cast_sbox8[256] = {
+	0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
+	0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
+	0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
+	0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
+	0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
+	0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
+	0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
+	0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
+	0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
+	0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
+	0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
+	0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
+	0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
+	0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
+	0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
+	0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
+	0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
+	0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
+	0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
+	0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
+	0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
+	0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
+	0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
+	0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
+	0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
+	0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
+	0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
+	0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
+	0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
+	0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
+	0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
+	0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
+	0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
+	0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
+	0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
+	0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
+	0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
+	0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
+	0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
+	0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
+	0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
+	0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
+	0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
+	0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
+	0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
+	0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
+	0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
+	0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
+	0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
+	0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
+	0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
+	0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
+	0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
+	0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
+	0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
+	0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
+	0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
+	0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
+	0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
+	0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
+	0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
+	0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
+	0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
+	0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
+};
+
diff --git a/sys/opencrypto/criov.c b/sys/opencrypto/criov.c
new file mode 100644
index 0000000..f8799f9
--- /dev/null
+++ b/sys/opencrypto/criov.c
@@ -0,0 +1,137 @@
+/*	$FreeBSD$	*/
+/*      $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $	*/
+
+/*
+ * Copyright (c) 1999 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/proc.h>
+#include <sys/errno.h>
+#include <sys/malloc.h>
+#include <sys/kernel.h>
+#include <sys/uio.h>
+
+#include <opencrypto/cryptodev.h>
+
+void
+cuio_copydata(struct uio* uio, int off, int len, caddr_t cp)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+
+	if (off < 0)
+		panic("cuio_copydata: off %d < 0", off);
+	if (len < 0)
+		panic("cuio_copydata: len %d < 0", len);
+	while (off > 0) {
+		if (iol == 0)
+			panic("iov_copydata: empty in skip");
+		if (off < iov->iov_len)
+			break;
+		off -= iov->iov_len;
+		iol--;
+		iov++;
+	}
+	while (len > 0) {
+		if (iol == 0)
+			panic("cuio_copydata: empty");
+		count = min(iov->iov_len - off, len);
+		bcopy(((caddr_t)iov->iov_base) + off, cp, count);
+		len -= count;
+		cp += count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+}
+
+void
+cuio_copyback(struct uio* uio, int off, int len, caddr_t cp)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+
+	if (off < 0)
+		panic("cuio_copyback: off %d < 0", off);
+	if (len < 0)
+		panic("cuio_copyback: len %d < 0", len);
+	while (off > 0) {
+		if (iol == 0)
+			panic("cuio_copyback: empty in skip");
+		if (off < iov->iov_len)
+			break;
+		off -= iov->iov_len;
+		iol--;
+		iov++;
+	}
+	while (len > 0) {
+		if (iol == 0)
+			panic("uio_copyback: empty");
+		count = min(iov->iov_len - off, len);
+		bcopy(cp, ((caddr_t)iov->iov_base) + off, count);
+		len -= count;
+		cp += count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+}
+
+/*
+ * Return a pointer to iov/offset of location in iovec list.
+ */
+struct iovec *
+cuio_getptr(struct uio *uio, int loc, int *off)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+
+	while (loc >= 0) {
+		/* Normal end of search */
+		if (loc < iov->iov_len) {
+	    		*off = loc;
+	    		return (iov);
+		}
+
+		loc -= iov->iov_len;
+		if (iol == 0) {
+			if (loc == 0) {
+				/* Point at the end of valid data */
+				*off = iov->iov_len;
+				return (iov);
+			} else
+				return (NULL);
+		} else {
+			iov++, iol--;
+		}
+    	}
+
+	return (NULL);
+}
diff --git a/sys/opencrypto/crmbuf.c b/sys/opencrypto/crmbuf.c
new file mode 100644
index 0000000..a57322b
--- /dev/null
+++ b/sys/opencrypto/crmbuf.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2002 Somebody. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include "opt_param.h"
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/mbuf.h>
+#include <sys/kernel.h>
+
+/*
+ * Miscellaneous mbuf routines that belong in uipc_mbuf.c but
+ * are kept private to the crypto support for now.
+ */
+extern	int m_apply(struct mbuf *m, int off, int len,
+		    int (*f)(caddr_t, caddr_t, unsigned int), caddr_t fstate);
+extern	struct mbuf * m_getptr(struct mbuf *m, int loc, int *off);
+
+/*
+ * Apply function f to the data in an mbuf chain starting "off" bytes from the
+ * beginning, continuing for "len" bytes.
+ */
+int
+m_apply(struct mbuf *m, int off, int len, int (*f)(caddr_t, caddr_t, unsigned int), caddr_t fstate)
+{
+	int rval;
+	unsigned int count;
+
+	if (len < 0)
+		panic("m_apply: len %d < 0", len);
+	if (off < 0)
+		panic("m_apply: off %d < 0", off);
+	while (off > 0) {
+		if (m == NULL)
+			panic("m_apply: null mbuf in skip");
+		if (off < m->m_len)
+			break;
+		off -= m->m_len;
+		m = m->m_next;
+	}
+	while (len > 0) {
+		if (m == NULL)
+			panic("m_apply: null mbuf");
+		count = min(m->m_len - off, len);
+
+		rval = f(fstate, mtod(m, caddr_t) + off, count);
+		if (rval)
+			return (rval);
+
+		len -= count;
+		off = 0;
+		m = m->m_next;
+	}
+
+	return (0);
+}
+
+/*
+ * Return a pointer to mbuf/offset of location in mbuf chain.
+ */
+struct mbuf *
+m_getptr(struct mbuf *m, int loc, int *off)
+{
+	while (loc >= 0) {
+		/* Normal end of search */
+		if (m->m_len > loc) {
+	    		*off = loc;
+	    		return (m);
+		}
+		else {
+	    		loc -= m->m_len;
+
+	    		if (m->m_next == NULL) {
+				if (loc == 0) {
+ 					/* Point at the end of valid data */
+		    			*off = m->m_len;
+		    			return (m);
+				}
+				else
+		  			return (NULL);
+	    		}
+	    		else
+	      			m = m->m_next;
+		}
+    	}
+
+	return (NULL);
+}
diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
new file mode 100644
index 0000000..23869b3
--- /dev/null
+++ b/sys/opencrypto/crypto.c
@@ -0,0 +1,936 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: crypto.c,v 1.38 2002/06/11 11:14:29 beck Exp $	*/
+/*
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000, 2001 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/eventhandler.h>
+#include <sys/kernel.h>
+#include <sys/kthread.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
+#include <sys/malloc.h>
+#include <sys/proc.h>
+#include <sys/sysctl.h>
+
+#include <vm/uma.h>
+#include <opencrypto/cryptodev.h>
+
+#define	SESID2HID(sid)	(((sid) >> 32) & 0xffffffff)
+
+/*
+ * Crypto drivers register themselves by allocating a slot in the
+ * crypto_drivers table with crypto_get_driverid() and then registering
+ * each algorithm they support with crypto_register() and crypto_kregister().
+ */
+static	struct mtx crypto_drivers_mtx;		/* lock on driver table */
+#define	CRYPTO_DRIVER_LOCK()	mtx_lock(&crypto_drivers_mtx)
+#define	CRYPTO_DRIVER_UNLOCK()	mtx_unlock(&crypto_drivers_mtx)
+static	struct cryptocap *crypto_drivers = NULL;
+static	int crypto_drivers_num = 0;
+
+/*
+ * There are two queues for crypto requests; one for symmetric (e.g.
+ * cipher) operations and one for asymmetric (e.g. MOD)operations.
+ * A single mutex is used to lock access to both queues.  We could
+ * have one per-queue but having one simplifies handling of block/unblock
+ * operations.
+ */
+static	TAILQ_HEAD(,cryptop) crp_q;		/* request queues */
+static	TAILQ_HEAD(,cryptkop) crp_kq;
+static	struct mtx crypto_q_mtx;
+#define	CRYPTO_Q_LOCK()		mtx_lock(&crypto_q_mtx)
+#define	CRYPTO_Q_UNLOCK()	mtx_unlock(&crypto_q_mtx)
+
+/*
+ * There are two queues for processing completed crypto requests; one
+ * for the symmetric and one for the asymmetric ops.  We only need one
+ * but have two to avoid type futzing (cryptop vs. cryptkop).  A single
+ * mutex is used to lock access to both queues.  Note that this lock
+ * must be separate from the lock on request queues to insure driver
+ * callbacks don't generate lock order reversals.
+ */
+static	TAILQ_HEAD(,cryptop) crp_ret_q;		/* callback queues */
+static	TAILQ_HEAD(,cryptkop) crp_ret_kq;
+static	struct mtx crypto_ret_q_mtx;
+#define	CRYPTO_RETQ_LOCK()	mtx_lock(&crypto_ret_q_mtx)
+#define	CRYPTO_RETQ_UNLOCK()	mtx_unlock(&crypto_ret_q_mtx)
+
+static	uma_zone_t cryptop_zone;
+static	uma_zone_t cryptodesc_zone;
+
+int	crypto_usercrypto = 1;		/* userland may open /dev/crypto */
+SYSCTL_INT(_kern, OID_AUTO, usercrypto, CTLFLAG_RW,
+	   &crypto_usercrypto, 0,
+	   "Enable/disable user-mode access to crypto support");
+int	crypto_userasymcrypto = 1;	/* userland may do asym crypto reqs */
+SYSCTL_INT(_kern, OID_AUTO, userasymcrypto, CTLFLAG_RW,
+	   &crypto_userasymcrypto, 0,
+	   "Enable/disable user-mode access to asymmetric crypto support");
+int	crypto_devallowsoft = 0;	/* only use hardware crypto for asym */
+SYSCTL_INT(_kern, OID_AUTO, cryptodevallowsoft, CTLFLAG_RW,
+	   &crypto_devallowsoft, 0,
+	   "Enable/disable use of software asym crypto support");
+
+MALLOC_DEFINE(M_CRYPTO_DATA, "crypto", "crypto session records");
+
+static void
+crypto_init(void)
+{
+	cryptop_zone = uma_zcreate("cryptop", sizeof (struct cryptop),
+				    0, 0, 0, 0,
+				    UMA_ALIGN_PTR, UMA_ZONE_ZINIT);
+	cryptodesc_zone = uma_zcreate("cryptodesc", sizeof (struct cryptodesc),
+				    0, 0, 0, 0,
+				    UMA_ALIGN_PTR, UMA_ZONE_ZINIT);
+	if (cryptodesc_zone == NULL || cryptop_zone == NULL)
+		panic("cannot setup crypto zones");
+
+	mtx_init(&crypto_drivers_mtx, "crypto driver table",
+		NULL, MTX_DEF|MTX_QUIET);
+
+	crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
+	crypto_drivers = malloc(crypto_drivers_num *
+	    sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT | M_ZERO);
+	if (crypto_drivers == NULL)
+		panic("cannot setup crypto drivers");
+
+	TAILQ_INIT(&crp_q);
+	TAILQ_INIT(&crp_kq);
+	mtx_init(&crypto_q_mtx, "crypto op queues", NULL, MTX_DEF);
+
+	TAILQ_INIT(&crp_ret_q);
+	TAILQ_INIT(&crp_ret_kq);
+	mtx_init(&crypto_ret_q_mtx, "crypto return queues", NULL, MTX_DEF);
+}
+SYSINIT(crypto_init, SI_SUB_DRIVERS, SI_ORDER_FIRST, crypto_init, NULL)
+
+/*
+ * Create a new session.
+ */
+int
+crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
+{
+	struct cryptoini *cr;
+	u_int32_t hid, lid;
+	int err = EINVAL;
+
+	CRYPTO_DRIVER_LOCK();
+
+	if (crypto_drivers == NULL)
+		goto done;
+
+	/*
+	 * The algorithm we use here is pretty stupid; just use the
+	 * first driver that supports all the algorithms we need.
+	 *
+	 * XXX We need more smarts here (in real life too, but that's
+	 * XXX another story altogether).
+	 */
+
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		/*
+		 * If it's not initialized or has remaining sessions
+		 * referencing it, skip.
+		 */
+		if (crypto_drivers[hid].cc_newsession == NULL ||
+		    (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP))
+			continue;
+
+		/* Hardware required -- ignore software drivers. */
+		if (hard > 0 &&
+		    (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE))
+			continue;
+		/* Software required -- ignore hardware drivers. */
+		if (hard < 0 &&
+		    (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) == 0)
+			continue;
+
+		/* See if all the algorithms are supported. */
+		for (cr = cri; cr; cr = cr->cri_next)
+			if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0)
+				break;
+
+		if (cr == NULL) {
+			/* Ok, all algorithms are supported. */
+
+			/*
+			 * Can't do everything in one session.
+			 *
+			 * XXX Fix this. We need to inject a "virtual" session layer right
+			 * XXX about here.
+			 */
+
+			/* Call the driver initialization routine. */
+			lid = hid;		/* Pass the driver ID. */
+			err = crypto_drivers[hid].cc_newsession(
+					crypto_drivers[hid].cc_arg, &lid, cri);
+			if (err == 0) {
+				(*sid) = hid;
+				(*sid) <<= 32;
+				(*sid) |= (lid & 0xffffffff);
+				crypto_drivers[hid].cc_sessions++;
+			}
+			break;
+		}
+	}
+done:
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Delete an existing session (or a reserved session on an unregistered
+ * driver).
+ */
+int
+crypto_freesession(u_int64_t sid)
+{
+	u_int32_t hid;
+	int err;
+
+	CRYPTO_DRIVER_LOCK();
+
+	if (crypto_drivers == NULL) {
+		err = EINVAL;
+		goto done;
+	}
+
+	/* Determine two IDs. */
+	hid = SESID2HID(sid);
+
+	if (hid >= crypto_drivers_num) {
+		err = ENOENT;
+		goto done;
+	}
+
+	if (crypto_drivers[hid].cc_sessions)
+		crypto_drivers[hid].cc_sessions--;
+
+	/* Call the driver cleanup routine, if available. */
+	if (crypto_drivers[hid].cc_freesession)
+		err = crypto_drivers[hid].cc_freesession(
+				crypto_drivers[hid].cc_arg, sid);
+	else
+		err = 0;
+
+	/*
+	 * If this was the last session of a driver marked as invalid,
+	 * make the entry available for reuse.
+	 */
+	if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&
+	    crypto_drivers[hid].cc_sessions == 0)
+		bzero(&crypto_drivers[hid], sizeof(struct cryptocap));
+
+done:
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Return an unused driver id.  Used by drivers prior to registering
+ * support for the algorithms they handle.
+ */
+int32_t
+crypto_get_driverid(u_int32_t flags)
+{
+	struct cryptocap *newdrv;
+	int i;
+
+	CRYPTO_DRIVER_LOCK();
+
+	for (i = 0; i < crypto_drivers_num; i++)
+		if (crypto_drivers[i].cc_process == NULL &&
+		    (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0 &&
+		    crypto_drivers[i].cc_sessions == 0)
+			break;
+
+	/* Out of entries, allocate some more. */
+	if (i == crypto_drivers_num) {
+		/* Be careful about wrap-around. */
+		if (2 * crypto_drivers_num <= crypto_drivers_num) {
+			CRYPTO_DRIVER_UNLOCK();
+			printf("crypto: driver count wraparound!\n");
+			return -1;
+		}
+
+		newdrv = malloc(2 * crypto_drivers_num *
+		    sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+		if (newdrv == NULL) {
+			CRYPTO_DRIVER_UNLOCK();
+			printf("crypto: no space to expand driver table!\n");
+			return -1;
+		}
+
+		bcopy(crypto_drivers, newdrv,
+		    crypto_drivers_num * sizeof(struct cryptocap));
+
+		crypto_drivers_num *= 2;
+
+		free(crypto_drivers, M_CRYPTO_DATA);
+		crypto_drivers = newdrv;
+	}
+
+	/* NB: state is zero'd on free */
+	crypto_drivers[i].cc_sessions = 1;	/* Mark */
+	crypto_drivers[i].cc_flags = flags;
+	if (bootverbose)
+		printf("crypto: assign driver %u, flags %u\n", i, flags);
+
+	CRYPTO_DRIVER_UNLOCK();
+
+	return i;
+}
+
+static struct cryptocap *
+crypto_checkdriver(u_int32_t hid)
+{
+	if (crypto_drivers == NULL)
+		return NULL;
+	return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]);
+}
+
+/*
+ * Register support for a key-related algorithm.  This routine
+ * is called once for each algorithm supported a driver.
+ */
+int
+crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags,
+    int (*kprocess)(void*, struct cryptkop *, int),
+    void *karg)
+{
+	struct cryptocap *cap;
+	int err;
+
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL &&
+	    (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) {
+		/*
+		 * XXX Do some performance testing to determine placing.
+		 * XXX We probably need an auxiliary data structure that
+		 * XXX describes relative performances.
+		 */
+
+		cap->cc_kalg[kalg] = flags | CRYPTO_ALG_FLAG_SUPPORTED;
+		if (bootverbose)
+			printf("crypto: driver %u registers key alg %u flags %u\n"
+				, driverid
+				, kalg
+				, flags
+			);
+
+		if (cap->cc_kprocess == NULL) {
+			cap->cc_karg = karg;
+			cap->cc_kprocess = kprocess;
+		}
+		err = 0;
+	} else
+		err = EINVAL;
+
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Register support for a non-key-related algorithm.  This routine
+ * is called once for each such algorithm supported by a driver.
+ */
+int
+crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
+    u_int32_t flags,
+    int (*newses)(void*, u_int32_t*, struct cryptoini*),
+    int (*freeses)(void*, u_int64_t),
+    int (*process)(void*, struct cryptop *, int),
+    void *arg)
+{
+	struct cryptocap *cap;
+	int err;
+
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	/* NB: algorithms are in the range [1..max] */
+	if (cap != NULL &&
+	    (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX)) {
+		/*
+		 * XXX Do some performance testing to determine placing.
+		 * XXX We probably need an auxiliary data structure that
+		 * XXX describes relative performances.
+		 */
+
+		cap->cc_alg[alg] = flags | CRYPTO_ALG_FLAG_SUPPORTED;
+		cap->cc_max_op_len[alg] = maxoplen;
+		if (bootverbose)
+			printf("crypto: driver %u registers alg %u flags %u maxoplen %u\n"
+				, driverid
+				, alg
+				, flags
+				, maxoplen
+			);
+
+		if (cap->cc_process == NULL) {
+			cap->cc_arg = arg;
+			cap->cc_newsession = newses;
+			cap->cc_process = process;
+			cap->cc_freesession = freeses;
+			cap->cc_sessions = 0;		/* Unmark */
+		}
+		err = 0;
+	} else
+		err = EINVAL;
+
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Unregister a crypto driver. If there are pending sessions using it,
+ * leave enough information around so that subsequent calls using those
+ * sessions will correctly detect the driver has been unregistered and
+ * reroute requests.
+ */
+int
+crypto_unregister(u_int32_t driverid, int alg)
+{
+	int i, err;
+	u_int32_t ses;
+	struct cryptocap *cap;
+
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL &&
+	    (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX) &&
+	    cap->cc_alg[alg] != 0) {
+		cap->cc_alg[alg] = 0;
+		cap->cc_max_op_len[alg] = 0;
+
+		/* Was this the last algorithm ? */
+		for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
+			if (cap->cc_alg[i] != 0)
+				break;
+
+		if (i == CRYPTO_ALGORITHM_MAX + 1) {
+			ses = cap->cc_sessions;
+			bzero(cap, sizeof(struct cryptocap));
+			if (ses != 0) {
+				/*
+				 * If there are pending sessions, just mark as invalid.
+				 */
+				cap->cc_flags |= CRYPTOCAP_F_CLEANUP;
+				cap->cc_sessions = ses;
+			}
+		}
+		err = 0;
+	} else
+		err = EINVAL;
+
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Unregister all algorithms associated with a crypto driver.
+ * If there are pending sessions using it, leave enough information
+ * around so that subsequent calls using those sessions will
+ * correctly detect the driver has been unregistered and reroute
+ * requests.
+ */
+int
+crypto_unregister_all(u_int32_t driverid)
+{
+	int i, err;
+	u_int32_t ses;
+	struct cryptocap *cap;
+
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL) {
+		for (i = CRYPTO_ALGORITHM_MIN; i <= CRYPTO_ALGORITHM_MAX; i++) {
+			cap->cc_alg[i] = 0;
+			cap->cc_max_op_len[i] = 0;
+		}
+		ses = cap->cc_sessions;
+		bzero(cap, sizeof(struct cryptocap));
+		if (ses != 0) {
+			/*
+			 * If there are pending sessions, just mark as invalid.
+			 */
+			cap->cc_flags |= CRYPTOCAP_F_CLEANUP;
+			cap->cc_sessions = ses;
+		}
+		err = 0;
+	} else
+		err = EINVAL;
+
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Clear blockage on a driver.  The what parameter indicates whether
+ * the driver is now ready for cryptop's and/or cryptokop's.
+ */
+int
+crypto_unblock(u_int32_t driverid, int what)
+{
+	struct cryptocap *cap;
+	int needwakeup, err;
+
+	needwakeup = 0;
+
+	CRYPTO_Q_LOCK();
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL) {
+		if (what & CRYPTO_SYMQ) {
+			needwakeup |= cap->cc_qblocked;
+			cap->cc_qblocked = 0;
+		}
+		if (what & CRYPTO_ASYMQ) {
+			needwakeup |= cap->cc_kqblocked;
+			cap->cc_kqblocked = 0;
+		}
+		err = 0;
+	} else
+		err = EINVAL;
+	CRYPTO_Q_UNLOCK();
+
+	if (needwakeup)
+		wakeup_one(&crp_q);
+
+	return err;
+}
+
+/*
+ * Add a crypto request to a queue, to be processed by the kernel thread.
+ */
+int
+crypto_dispatch(struct cryptop *crp)
+{
+	struct cryptocap *cap;
+	int wasempty;
+
+	CRYPTO_Q_LOCK();
+	wasempty = TAILQ_EMPTY(&crp_q);
+	TAILQ_INSERT_TAIL(&crp_q, crp, crp_next);
+
+	/*
+	 * Wakeup processing thread if driver is not blocked.
+	 */
+	cap = crypto_checkdriver(SESID2HID(crp->crp_sid));
+	if (cap && !cap->cc_qblocked && wasempty)
+		wakeup_one(&crp_q);
+	CRYPTO_Q_UNLOCK();
+
+	return 0;
+}
+
+/*
+ * Add an asymetric crypto request to a queue,
+ * to be processed by the kernel thread.
+ */
+int
+crypto_kdispatch(struct cryptkop *krp)
+{
+	struct cryptocap *cap;
+	int wasempty;
+
+	CRYPTO_Q_LOCK();
+	wasempty = TAILQ_EMPTY(&crp_kq);
+	TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next);
+
+	/*
+	 * Wakeup processing thread if driver is not blocked.
+	 */
+	cap = crypto_checkdriver(krp->krp_hid);
+	if (cap && !cap->cc_kqblocked && wasempty)
+		wakeup_one(&crp_q);	/* NB: shared wait channel */
+	CRYPTO_Q_UNLOCK();
+
+	return 0;
+}
+
+/*
+ * Dispatch an assymetric crypto request to the appropriate crypto devices.
+ */
+static int
+crypto_kinvoke(struct cryptkop *krp, int hint)
+{
+	u_int32_t hid;
+	int error;
+
+	mtx_assert(&crypto_q_mtx, MA_OWNED);
+
+	/* Sanity checks. */
+	if (krp == NULL || krp->krp_callback == NULL)
+		return EINVAL;
+
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
+		    !crypto_devallowsoft)
+			continue;
+		if (crypto_drivers[hid].cc_kprocess == NULL)
+			continue;
+		if ((crypto_drivers[hid].cc_kalg[krp->krp_op] &
+		    CRYPTO_ALG_FLAG_SUPPORTED) == 0)
+			continue;
+		break;
+	}
+	if (hid < crypto_drivers_num) {
+		krp->krp_hid = hid;
+		error = crypto_drivers[hid].cc_kprocess(
+				crypto_drivers[hid].cc_karg, krp, hint);
+	} else
+		error = ENODEV;
+
+	if (error) {
+		krp->krp_status = error;
+		CRYPTO_RETQ_LOCK();
+		TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next);
+		CRYPTO_RETQ_UNLOCK();
+	}
+	return 0;
+}
+
+/*
+ * Dispatch a crypto request to the appropriate crypto devices.
+ */
+static int
+crypto_invoke(struct cryptop *crp, int hint)
+{
+	u_int32_t hid;
+	int (*process)(void*, struct cryptop *, int);
+
+	mtx_assert(&crypto_q_mtx, MA_OWNED);
+
+	/* Sanity checks. */
+	if (crp == NULL || crp->crp_callback == NULL)
+		return EINVAL;
+
+	if (crp->crp_desc == NULL) {
+		crp->crp_etype = EINVAL;
+		CRYPTO_RETQ_LOCK();
+		TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
+		CRYPTO_RETQ_UNLOCK();
+		return 0;
+	}
+
+	hid = SESID2HID(crp->crp_sid);
+	if (hid < crypto_drivers_num) {
+		if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)
+			crypto_freesession(crp->crp_sid);
+		process = crypto_drivers[hid].cc_process;
+	} else {
+		process = NULL;
+	}
+
+	if (process == NULL) {
+		struct cryptodesc *crd;
+		u_int64_t nid;
+
+		/*
+		 * Driver has unregistered; migrate the session and return
+		 * an error to the caller so they'll resubmit the op.
+		 */
+		for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
+			crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+
+		if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
+			crp->crp_sid = nid;
+
+		crp->crp_etype = EAGAIN;
+		CRYPTO_RETQ_LOCK();
+		TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
+		CRYPTO_RETQ_UNLOCK();
+		return 0;
+	} else {
+		/*
+		 * Invoke the driver to process the request.
+		 */
+		return (*process)(crypto_drivers[hid].cc_arg, crp, hint);
+	}
+}
+
+/*
+ * Release a set of crypto descriptors.
+ */
+void
+crypto_freereq(struct cryptop *crp)
+{
+	struct cryptodesc *crd;
+
+	if (crp == NULL)
+		return;
+
+	while ((crd = crp->crp_desc) != NULL) {
+		crp->crp_desc = crd->crd_next;
+		uma_zfree(cryptodesc_zone, crd);
+	}
+
+	uma_zfree(cryptop_zone, crp);
+}
+
+/*
+ * Acquire a set of crypto descriptors.
+ */
+struct cryptop *
+crypto_getreq(int num)
+{
+	struct cryptodesc *crd;
+	struct cryptop *crp;
+
+	crp = uma_zalloc(cryptop_zone, 0);
+	if (crp != NULL) {
+		while (num--) {
+			crd = uma_zalloc(cryptodesc_zone, 0);
+			if (crd == NULL) {
+				crypto_freereq(crp);
+				return NULL;
+			}
+
+			crd->crd_next = crp->crp_desc;
+			crp->crp_desc = crd;
+		}
+	}
+	return crp;
+}
+
+/*
+ * Invoke the callback on behalf of the driver.
+ */
+void
+crypto_done(struct cryptop *crp)
+{
+	int wasempty;
+
+	CRYPTO_RETQ_LOCK();
+	wasempty = TAILQ_EMPTY(&crp_ret_q);
+	TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
+	CRYPTO_RETQ_UNLOCK();
+
+	if (wasempty)
+		wakeup_one(&crp_q);	/* shared wait channel */
+}
+
+/*
+ * Invoke the callback on behalf of the driver.
+ */
+void
+crypto_kdone(struct cryptkop *krp)
+{
+	int wasempty;
+
+	CRYPTO_RETQ_LOCK();
+	wasempty = TAILQ_EMPTY(&crp_ret_kq);
+	TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next);
+	CRYPTO_RETQ_UNLOCK();
+
+	if (wasempty)
+		wakeup_one(&crp_q);	/* shared wait channel */
+}
+
+int
+crypto_getfeat(int *featp)
+{
+	int hid, kalg, feat = 0;
+
+	if (!crypto_userasymcrypto)
+		goto out;	  
+
+	CRYPTO_DRIVER_LOCK();
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
+		    !crypto_devallowsoft) {
+			continue;
+		}
+		if (crypto_drivers[hid].cc_kprocess == NULL)
+			continue;
+		for (kalg = 0; kalg < CRK_ALGORITHM_MAX; kalg++)
+			if ((crypto_drivers[hid].cc_kalg[kalg] &
+			    CRYPTO_ALG_FLAG_SUPPORTED) != 0)
+				feat |=  1 << kalg;
+	}
+	CRYPTO_DRIVER_UNLOCK();
+out:
+	*featp = feat;
+	return (0);
+}
+
+static struct proc *cryptoproc;
+
+static void
+crypto_shutdown(void *arg, int howto)
+{
+	/* XXX flush queues */
+}
+
+/*
+ * Crypto thread, runs as a kernel thread to process crypto requests.
+ */
+static void
+crypto_proc(void)
+{
+	struct cryptop *crp, *crpt, *submit;
+	struct cryptkop *krp, *krpt;
+	struct cryptocap *cap;
+	int result, hint;
+
+	mtx_lock(&Giant);		/* XXX for msleep */
+
+	EVENTHANDLER_REGISTER(shutdown_pre_sync, crypto_shutdown, NULL,
+			      SHUTDOWN_PRI_FIRST);
+
+	for (;;) {
+		/*
+		 * Find the first element in the queue that can be
+		 * processed and look-ahead to see if multiple ops
+		 * are ready for the same driver.
+		 */
+		submit = NULL;
+		hint = 0;
+		CRYPTO_Q_LOCK();
+		TAILQ_FOREACH(crp, &crp_q, crp_next) {
+			u_int32_t hid = SESID2HID(crp->crp_sid);
+			cap = crypto_checkdriver(hid);
+			if (cap == NULL || cap->cc_process == NULL) {
+				/* Op needs to be migrated, process it. */
+				if (submit == NULL)
+					submit = crp;
+				break;
+			}
+			if (!cap->cc_qblocked) {
+				if (submit != NULL) {
+					/*
+					 * We stop on finding another op,
+					 * regardless whether its for the same
+					 * driver or not.  We could keep
+					 * searching the queue but it might be
+					 * better to just use a per-driver
+					 * queue instead.
+					 */
+					if (SESID2HID(submit->crp_sid) == hid)
+						hint = CRYPTO_HINT_MORE;
+					break;
+				} else {
+					submit = crp;
+					if (submit->crp_flags & CRYPTO_F_NODELAY)
+						break;
+					/* keep scanning for more are q'd */
+				}
+			}
+		}
+		if (submit != NULL) {
+			TAILQ_REMOVE(&crp_q, submit, crp_next);
+			result = crypto_invoke(submit, hint);
+			if (result == ERESTART) {
+				/*
+				 * The driver ran out of resources, mark the
+				 * driver ``blocked'' for cryptop's and put
+				 * the request back in the queue.  It would
+				 * best to put the request back where we got
+				 * it but that's hard so for now we put it
+				 * at the front.  This should be ok; putting
+				 * it at the end does not work.
+				 */
+				/* XXX validate sid again? */
+				crypto_drivers[SESID2HID(submit->crp_sid)].cc_qblocked = 1;
+				TAILQ_INSERT_HEAD(&crp_q, submit, crp_next);
+			}
+		}
+
+		/* As above, but for key ops */
+		TAILQ_FOREACH(krp, &crp_kq, krp_next) {
+			cap = crypto_checkdriver(krp->krp_hid);
+			if (cap == NULL || cap->cc_kprocess == NULL) {
+				/* Op needs to be migrated, process it. */
+				break;
+			}
+			if (!cap->cc_kqblocked)
+				break;
+		}
+		if (krp != NULL) {
+			TAILQ_REMOVE(&crp_kq, krp, krp_next);
+			result = crypto_kinvoke(krp, 0);
+			if (result == ERESTART) {
+				/*
+				 * The driver ran out of resources, mark the
+				 * driver ``blocked'' for cryptkop's and put
+				 * the request back in the queue.  It would
+				 * best to put the request back where we got
+				 * it but that's hard so for now we put it
+				 * at the front.  This should be ok; putting
+				 * it at the end does not work.
+				 */
+				/* XXX validate sid again? */
+				crypto_drivers[krp->krp_hid].cc_kqblocked = 1;
+				TAILQ_INSERT_HEAD(&crp_kq, krp, krp_next);
+			}
+		}
+		CRYPTO_Q_UNLOCK();
+
+		/* Harvest return q for completed ops */
+		CRYPTO_RETQ_LOCK();
+		crpt = TAILQ_FIRST(&crp_ret_q);
+		if (crpt != NULL)
+			TAILQ_REMOVE(&crp_ret_q, crpt, crp_next);
+		CRYPTO_RETQ_UNLOCK();
+
+		if (crpt != NULL)
+			crpt->crp_callback(crpt);
+
+		/* Harvest return q for completed kops */
+		CRYPTO_RETQ_LOCK();
+		krpt = TAILQ_FIRST(&crp_ret_kq);
+		if (krpt != NULL)
+			TAILQ_REMOVE(&crp_ret_kq, krpt, krp_next);
+		CRYPTO_RETQ_UNLOCK();
+
+		if (krpt != NULL)
+			krp->krp_callback(krp);
+
+		if (crp == NULL && krp == NULL && crpt == NULL && krpt == NULL) {
+			/*
+			 * Nothing more to be processed.  Sleep until we're
+			 * woken because there are more ops to process.
+			 * This happens either by submission or by a driver
+			 * becoming unblocked and notifying us through
+			 * crypto_unblock.  Note that when we wakeup we
+			 * start processing each queue again from the
+			 * front. It's not clear that it's important to
+			 * preserve this ordering since ops may finish
+			 * out of order if dispatched to different devices
+			 * and some become blocked while others do not.
+			 */
+			tsleep(&crp_q, PWAIT, "crypto_wait", 0);
+		}
+	}
+}
+
+static struct kproc_desc crypto_kp = {
+	"crypto",
+	crypto_proc,
+	&cryptoproc
+};
+SYSINIT(crypto_proc, SI_SUB_KTHREAD_IDLE, SI_ORDER_ANY, kproc_start, &crypto_kp)
diff --git a/sys/opencrypto/crypto_if.m b/sys/opencrypto/crypto_if.m
new file mode 100644
index 0000000..0ef17e6
--- /dev/null
+++ b/sys/opencrypto/crypto_if.m
@@ -0,0 +1,128 @@
+#
+# Copyright (c) 2002, Sam Leffler
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+#    must display the following acknowledgement:
+#    This product includes software developed by Boris Popov.
+# 4. Neither the name of the author nor the names of any co-contributors
+#    may be used to endorse or promote products derived from this software
+#    without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+#include <crypto/cryptodev.h>
+
+INTERFACE crypto;
+
+METHOD int32_t get_driverid {
+	u_int32_t	flags;
+};
+
+# XXX define typedefs to work around inadequate parser
+HEADER {
+	typedef int crypto_newsession_cb(void*, u_int32_t*, struct cryptoini*);
+	typedef int crypto_freesession_cb(void*, u_int64_t*);
+	typedef int crypto_process_cb(void*, struct cryptop*);
+	typedef int crypto_kprocess_cb(void*, struct cryptkop*);
+};
+
+METHOD int register {
+	u_int32_t	driverid;
+	int		alg;
+	u_int16_t	maxoplen;
+	u_int32_t	flags;
+	crypto_newsession_cb* newses;
+	crypto_freesession_cb* freeses;
+	crypto_process_cb* process;
+	void		*arg;
+};
+
+METHOD int kregister {
+	u_int32_t	driverid;
+	int		kalg;
+	u_int32_t	flags;
+	crypto_kprocess_cb* kprocess;
+	void		*arg;
+};
+
+METHOD int unregister {
+	u_int32_t	driverid;
+	int		alg;
+};
+
+METHOD int unregister_all {
+	u_int32_t	driverid;
+};
+
+METHOD int newsession {
+	u_int64_t	*sid;
+	struct cryptoini *cri;
+	int		hard;
+};
+
+METHOD int freesession {
+	u_int64_t	sid;
+};
+
+METHOD int dispatch {
+	struct cryptop	*crp;
+};
+
+METHOD int kdispatch {
+	struct cryptkop	*krp;
+};
+
+METHOD int crypto_unblock {
+	u_int32_t	driverid;
+	int		what;
+};
+
+METHOD int invoke {
+	struct cryptop	*crp;
+};
+
+METHOD int kinvoke {
+	struct cryptkop	*krp;
+};
+
+METHOD struct cryptop * getreq {
+	int	num;
+};
+
+METHOD void freereq {
+	struct cryptop	*crp;
+};
+
+METHOD void done {
+	struct cryptop	*crp;
+};
+
+METHOD void kdone {
+	struct cryptkop	*krp;
+};
+
+METHOD int getfeat {
+	int		*featp;
+};
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
new file mode 100644
index 0000000..0e88fda
--- /dev/null
+++ b/sys/opencrypto/cryptodev.c
@@ -0,0 +1,798 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2001 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/malloc.h>
+#include <sys/mbuf.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
+#include <sys/sysctl.h>
+#include <sys/file.h>
+#include <sys/filedesc.h>
+#include <sys/errno.h>
+#include <sys/uio.h>
+#include <sys/random.h>
+#include <sys/conf.h>
+#include <sys/kernel.h>
+#include <sys/fcntl.h>
+
+#include <opencrypto/cryptodev.h>
+#include <opencrypto/xform.h>
+
+struct csession {
+	TAILQ_ENTRY(csession) next;
+	u_int64_t	sid;
+	u_int32_t	ses;
+
+	u_int32_t	cipher;
+	struct enc_xform *txform;
+	u_int32_t	mac;
+	struct auth_hash *thash;
+
+	caddr_t		key;
+	int		keylen;
+	u_char		tmp_iv[EALG_MAX_BLOCK_LEN];
+
+	caddr_t		mackey;
+	int		mackeylen;
+	u_char		tmp_mac[CRYPTO_MAX_MAC_LEN];
+
+	struct iovec	iovec[UIO_MAXIOV];
+	struct uio	uio;
+	int		error;
+};
+
+struct fcrypt {
+	TAILQ_HEAD(csessionlist, csession) csessions;
+	int		sesn;
+};
+
+static	int cryptof_rw(struct file *fp, struct uio *uio,
+		    struct ucred *cred, int flags, struct thread *);
+static	int cryptof_ioctl(struct file *, u_long, void *,
+		    struct ucred *, struct thread *);
+static	int cryptof_poll(struct file *, int, struct ucred *, struct thread *);
+static	int cryptof_kqfilter(struct file *, struct knote *);
+static	int cryptof_stat(struct file *, struct stat *,
+		    struct ucred *, struct thread *);
+static	int cryptof_close(struct file *, struct thread *);
+
+static struct fileops cryptofops = {
+    cryptof_rw,
+    cryptof_rw,
+    cryptof_ioctl,
+    cryptof_poll,
+    cryptof_kqfilter,
+    cryptof_stat,
+    cryptof_close
+};
+
+static struct csession *csefind(struct fcrypt *, u_int);
+static int csedelete(struct fcrypt *, struct csession *);
+static struct csession *cseadd(struct fcrypt *, struct csession *);
+static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t,
+    u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
+    struct auth_hash *);
+static int csefree(struct csession *);
+
+static	int cryptodev_op(struct csession *, struct crypt_op *,
+			struct ucred *, struct thread *td);
+static	int cryptodev_key(struct crypt_kop *);
+
+static int
+cryptof_rw(
+	struct file *fp,
+	struct uio *uio,
+	struct ucred *active_cred,
+	int flags,
+	struct thread *td)
+{
+
+	return (EIO);
+}
+
+/* ARGSUSED */
+static int
+cryptof_ioctl(
+	struct file *fp,
+	u_long cmd,
+	void *data,
+	struct ucred *active_cred,
+	struct thread *td)
+{
+	struct cryptoini cria, crie;
+	struct fcrypt *fcr = (struct fcrypt *)fp->f_data;
+	struct csession *cse;
+	struct session_op *sop;
+	struct crypt_op *cop;
+	struct enc_xform *txform = NULL;
+	struct auth_hash *thash = NULL;
+	u_int64_t sid;
+	u_int32_t ses;
+	int error = 0;
+
+	switch (cmd) {
+	case CIOCGSESSION:
+	case CIOCGSSESSION:
+		sop = (struct session_op *)data;
+		switch (sop->cipher) {
+		case 0:
+			break;
+		case CRYPTO_DES_CBC:
+			txform = &enc_xform_des;
+			break;
+		case CRYPTO_3DES_CBC:
+			txform = &enc_xform_3des;
+			break;
+		case CRYPTO_BLF_CBC:
+			txform = &enc_xform_blf;
+			break;
+		case CRYPTO_CAST_CBC:
+			txform = &enc_xform_cast5;
+			break;
+		case CRYPTO_SKIPJACK_CBC:
+			txform = &enc_xform_skipjack;
+			break;
+		case CRYPTO_AES_CBC:
+			txform = &enc_xform_rijndael128;
+			break;
+		case CRYPTO_NULL_CBC:
+			txform = &enc_xform_null;
+			break;
+		case CRYPTO_ARC4:
+			txform = &enc_xform_arc4;
+			break;
+		default:
+			return (EINVAL);
+		}
+
+		switch (sop->mac) {
+		case 0:
+			break;
+		case CRYPTO_MD5_HMAC:
+			thash = &auth_hash_hmac_md5_96;
+			break;
+		case CRYPTO_SHA1_HMAC:
+			thash = &auth_hash_hmac_sha1_96;
+			break;
+		case CRYPTO_SHA2_HMAC:
+			if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize)
+				thash = &auth_hash_hmac_sha2_256;
+			else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize)
+				thash = &auth_hash_hmac_sha2_384;
+			else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize)
+				thash = &auth_hash_hmac_sha2_512;
+			else
+				return (EINVAL);
+			break;
+		case CRYPTO_RIPEMD160_HMAC:
+			thash = &auth_hash_hmac_ripemd_160_96;
+			break;
+#ifdef notdef
+		case CRYPTO_MD5:
+			thash = &auth_hash_md5;
+			break;
+		case CRYPTO_SHA1:
+			thash = &auth_hash_sha1;
+			break;
+#endif
+		case CRYPTO_NULL_HMAC:
+			thash = &auth_hash_null;
+			break;
+		default:
+			return (EINVAL);
+		}
+
+		bzero(&crie, sizeof(crie));
+		bzero(&cria, sizeof(cria));
+
+		if (txform) {
+			crie.cri_alg = txform->type;
+			crie.cri_klen = sop->keylen * 8;
+			if (sop->keylen > txform->maxkey ||
+			    sop->keylen < txform->minkey) {
+				error = EINVAL;
+				goto bail;
+			}
+
+			MALLOC(crie.cri_key, u_int8_t *,
+			    crie.cri_klen / 8, M_XDATA, M_WAITOK);
+			if ((error = copyin(sop->key, crie.cri_key,
+			    crie.cri_klen / 8)))
+				goto bail;
+			if (thash)
+				crie.cri_next = &cria;
+		}
+
+		if (thash) {
+			cria.cri_alg = thash->type;
+			cria.cri_klen = sop->mackeylen * 8;
+			if (sop->mackeylen != thash->keysize) {
+				error = EINVAL;
+				goto bail;
+			}
+
+			if (cria.cri_klen) {
+				MALLOC(cria.cri_key, u_int8_t *,
+				    cria.cri_klen / 8, M_XDATA, M_WAITOK);
+				if ((error = copyin(sop->mackey, cria.cri_key,
+				    cria.cri_klen / 8)))
+					goto bail;
+			}
+		}
+
+		error = crypto_newsession(&sid, (txform ? &crie : &cria),
+					  (cmd == CIOCGSESSION ? 1 : -1));
+		if (error)
+			goto bail;
+
+		cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
+		    cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
+		    thash);
+
+		if (cse == NULL) {
+			crypto_freesession(sid);
+			error = EINVAL;
+			goto bail;
+		}
+		sop->ses = cse->ses;
+
+bail:
+		if (error) {
+			if (crie.cri_key)
+				FREE(crie.cri_key, M_XDATA);
+			if (cria.cri_key)
+				FREE(cria.cri_key, M_XDATA);
+		}
+		break;
+	case CIOCFSESSION:
+		ses = *(u_int32_t *)data;
+		cse = csefind(fcr, ses);
+		if (cse == NULL)
+			return (EINVAL);
+		csedelete(fcr, cse);
+		error = csefree(cse);
+		break;
+	case CIOCCRYPT:
+		cop = (struct crypt_op *)data;
+		cse = csefind(fcr, cop->ses);
+		if (cse == NULL)
+			return (EINVAL);
+		error = cryptodev_op(cse, cop, active_cred, td);
+		break;
+	case CIOCKEY:
+		error = cryptodev_key((struct crypt_kop *)data);
+		break;
+	case CIOCASYMFEAT:
+		error = crypto_getfeat((int *)data);
+		break;
+	default:
+		error = EINVAL;
+	}
+	return (error);
+}
+
+static int cryptodev_cb(void *);
+
+
+static int
+cryptodev_op(
+	struct csession *cse,
+	struct crypt_op *cop,
+	struct ucred *active_cred,
+	struct thread *td)
+{
+	struct cryptop *crp = NULL;
+	struct cryptodesc *crde = NULL, *crda = NULL;
+	int i, error;
+
+	if (cop->len > 256*1024-4)
+		return (E2BIG);
+
+	if (cse->txform && (cop->len % cse->txform->blocksize) != 0)
+		return (EINVAL);
+
+	bzero(&cse->uio, sizeof(cse->uio));
+	cse->uio.uio_iovcnt = 1;
+	cse->uio.uio_resid = 0;
+	cse->uio.uio_segflg = UIO_SYSSPACE;
+	cse->uio.uio_rw = UIO_WRITE;
+	cse->uio.uio_td = td;
+	cse->uio.uio_iov = cse->iovec;
+	bzero(&cse->iovec, sizeof(cse->iovec));
+	cse->uio.uio_iov[0].iov_len = cop->len;
+	cse->uio.uio_iov[0].iov_base = malloc(cop->len, M_XDATA, M_WAITOK);
+	for (i = 0; i < cse->uio.uio_iovcnt; i++)
+		cse->uio.uio_resid += cse->uio.uio_iov[0].iov_len;
+
+	crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
+	if (crp == NULL) {
+		error = ENOMEM;
+		goto bail;
+	}
+
+	if (cse->thash) {
+		crda = crp->crp_desc;
+		if (cse->txform)
+			crde = crda->crd_next;
+	} else {
+		if (cse->txform)
+			crde = crp->crp_desc;
+		else {
+			error = EINVAL;
+			goto bail;
+		}
+	}
+
+	if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len)))
+		goto bail;
+
+	if (crda) {
+		crda->crd_skip = 0;
+		crda->crd_len = cop->len;
+		crda->crd_inject = 0;	/* ??? */
+
+		crda->crd_alg = cse->mac;
+		crda->crd_key = cse->mackey;
+		crda->crd_klen = cse->mackeylen * 8;
+	}
+
+	if (crde) {
+		if (cop->op == COP_ENCRYPT)
+			crde->crd_flags |= CRD_F_ENCRYPT;
+		else
+			crde->crd_flags &= ~CRD_F_ENCRYPT;
+		crde->crd_len = cop->len;
+		crde->crd_inject = 0;
+
+		crde->crd_alg = cse->cipher;
+		crde->crd_key = cse->key;
+		crde->crd_klen = cse->keylen * 8;
+	}
+
+	crp->crp_ilen = cop->len;
+	crp->crp_flags = CRYPTO_F_IOV;
+	crp->crp_buf = (caddr_t)&cse->uio;
+	crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb;
+	crp->crp_sid = cse->sid;
+	crp->crp_opaque = (void *)cse;
+
+	if (cop->iv) {
+		if (crde == NULL) {
+			error = EINVAL;
+			goto bail;
+		}
+		if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
+			error = EINVAL;
+			goto bail;
+		}
+		if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize)))
+			goto bail;
+		bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize);
+		crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
+		crde->crd_skip = 0;
+	} else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
+		crde->crd_skip = 0;
+	} else if (crde) {
+		crde->crd_flags |= CRD_F_IV_PRESENT;
+		crde->crd_skip = cse->txform->blocksize;
+		crde->crd_len -= cse->txform->blocksize;
+	}
+
+	if (cop->mac) {
+		if (crda == NULL) {
+			error = EINVAL;
+			goto bail;
+		}
+		crp->crp_mac=cse->tmp_mac;
+	}
+
+	crypto_dispatch(crp);
+	error = tsleep(cse, PSOCK, "crydev", 0);
+	if (error) {
+		/* XXX can this happen?  if so, how do we recover? */
+		goto bail;
+	}
+
+	if (crp->crp_etype != 0) {
+		error = crp->crp_etype;
+		goto bail;
+	}
+
+	if (cse->error) {
+		error = cse->error;
+		goto bail;
+	}
+
+	if (cop->dst &&
+	    (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len)))
+		goto bail;
+
+	if (cop->mac &&
+	    (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize)))
+		goto bail;
+
+bail:
+	if (crp)
+		crypto_freereq(crp);
+	if (cse->uio.uio_iov[0].iov_base)
+		free(cse->uio.uio_iov[0].iov_base, M_XDATA);
+
+	return (error);
+}
+
+static int
+cryptodev_cb(void *op)
+{
+	struct cryptop *crp = (struct cryptop *) op;
+	struct csession *cse = (struct csession *)crp->crp_opaque;
+
+	cse->error = crp->crp_etype;
+	if (crp->crp_etype == EAGAIN)
+		return crypto_dispatch(crp);
+	wakeup(cse);
+	return (0);
+}
+
+static int
+cryptodevkey_cb(void *op)
+{
+	struct cryptkop *krp = (struct cryptkop *) op;
+
+	wakeup(krp);
+	return (0);
+}
+
+static int
+cryptodev_key(struct crypt_kop *kop)
+{
+	struct cryptkop *krp = NULL;
+	int error = EINVAL;
+	int in, out, size, i;
+
+	if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
+		return (EFBIG);
+	}
+
+	in = kop->crk_iparams;
+	out = kop->crk_oparams;
+	switch (kop->crk_op) {
+	case CRK_MOD_EXP:
+		if (in == 3 && out == 1)
+			break;
+		return (EINVAL);
+	case CRK_MOD_EXP_CRT:
+		if (in == 6 && out == 1)
+			break;
+		return (EINVAL);
+	case CRK_DSA_SIGN:
+		if (in == 5 && out == 2)
+			break;
+		return (EINVAL);
+	case CRK_DSA_VERIFY:
+		if (in == 7 && out == 0)
+			break;
+		return (EINVAL);
+	case CRK_DH_COMPUTE_KEY:
+		if (in == 3 && out == 1)
+			break;
+		return (EINVAL);
+	default:
+		return (EINVAL);
+	}
+
+	krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK);
+	if (!krp)
+		return (ENOMEM);
+	bzero(krp, sizeof *krp);
+	krp->krp_op = kop->crk_op;
+	krp->krp_status = kop->crk_status;
+	krp->krp_iparams = kop->crk_iparams;
+	krp->krp_oparams = kop->crk_oparams;
+	krp->krp_status = 0;
+	krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
+
+	for (i = 0; i < CRK_MAXPARAM; i++)
+		krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
+	for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
+		size = (krp->krp_param[i].crp_nbits + 7) / 8;
+		if (size == 0)
+			continue;
+		MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK);
+		if (i >= krp->krp_iparams)
+			continue;
+		error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
+		if (error)
+			goto fail;
+	}
+
+	error = crypto_kdispatch(krp);
+	if (error)
+		goto fail;
+	error = tsleep(krp, PSOCK, "crydev", 0);
+	if (error) {
+		/* XXX can this happen?  if so, how do we recover? */
+		goto fail;
+	}
+	
+	if (krp->krp_status != 0) {
+		error = krp->krp_status;
+		goto fail;
+	}
+
+	for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
+		size = (krp->krp_param[i].crp_nbits + 7) / 8;
+		if (size == 0)
+			continue;
+		error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
+		if (error)
+			goto fail;
+	}
+
+fail:
+	if (krp) {
+		kop->crk_status = krp->krp_status;
+		for (i = 0; i < CRK_MAXPARAM; i++) {
+			if (krp->krp_param[i].crp_p)
+				FREE(krp->krp_param[i].crp_p, M_XDATA);
+		}
+		free(krp, M_XDATA);
+	}
+	return (error);
+}
+
+/* ARGSUSED */
+static int
+cryptof_poll(
+	struct file *fp,
+	int events,
+	struct ucred *active_cred,
+	struct thread *td)
+{
+
+	return (0);
+}
+
+/* ARGSUSED */
+static int
+cryptof_kqfilter(struct file *fp, struct knote *kn)
+{
+
+	return (0);
+}
+
+/* ARGSUSED */
+static int
+cryptof_stat(
+	struct file *fp,
+	struct stat *sb,
+	struct ucred *active_cred,
+	struct thread *td)
+{
+
+	return (EOPNOTSUPP);
+}
+
+/* ARGSUSED */
+static int
+cryptof_close(struct file *fp, struct thread *td)
+{
+	struct fcrypt *fcr = (struct fcrypt *)fp->f_data;
+	struct csession *cse;
+
+	while ((cse = TAILQ_FIRST(&fcr->csessions))) {
+		TAILQ_REMOVE(&fcr->csessions, cse, next);
+		(void)csefree(cse);
+	}
+	FREE(fcr, M_XDATA);
+	fp->f_data = NULL;
+	return 0;
+}
+
+static struct csession *
+csefind(struct fcrypt *fcr, u_int ses)
+{
+	struct csession *cse;
+
+	TAILQ_FOREACH(cse, &fcr->csessions, next)
+		if (cse->ses == ses)
+			return (cse);
+	return (NULL);
+}
+
+static int
+csedelete(struct fcrypt *fcr, struct csession *cse_del)
+{
+	struct csession *cse;
+
+	TAILQ_FOREACH(cse, &fcr->csessions, next) {
+		if (cse == cse_del) {
+			TAILQ_REMOVE(&fcr->csessions, cse, next);
+			return (1);
+		}
+	}
+	return (0);
+}
+	
+static struct csession *
+cseadd(struct fcrypt *fcr, struct csession *cse)
+{
+	TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
+	cse->ses = fcr->sesn++;
+	return (cse);
+}
+
+struct csession *
+csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
+    caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
+    struct enc_xform *txform, struct auth_hash *thash)
+{
+	struct csession *cse;
+
+	MALLOC(cse, struct csession *, sizeof(struct csession),
+	    M_XDATA, M_NOWAIT);
+	if (cse == NULL)
+		return NULL;
+	cse->key = key;
+	cse->keylen = keylen/8;
+	cse->mackey = mackey;
+	cse->mackeylen = mackeylen/8;
+	cse->sid = sid;
+	cse->cipher = cipher;
+	cse->mac = mac;
+	cse->txform = txform;
+	cse->thash = thash;
+	cseadd(fcr, cse);
+	return (cse);
+}
+
+static int
+csefree(struct csession *cse)
+{
+	int error;
+
+	error = crypto_freesession(cse->sid);
+	if (cse->key)
+		FREE(cse->key, M_XDATA);
+	if (cse->mackey)
+		FREE(cse->mackey, M_XDATA);
+	FREE(cse, M_XDATA);
+	return (error);
+}
+
+static int
+cryptoopen(dev_t dev, int oflags, int devtype, struct thread *td)
+{
+	if (crypto_usercrypto == 0)
+		return (ENXIO);
+	return (0);
+}
+
+static int
+cryptoread(dev_t dev, struct uio *uio, int ioflag)
+{
+	return (EIO);
+}
+
+static int
+cryptowrite(dev_t dev, struct uio *uio, int ioflag)
+{
+	return (EIO);
+}
+
+static int
+cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td)
+{
+	struct file *f;
+	struct fcrypt *fcr;
+	int fd, error;
+
+	switch (cmd) {
+	case CRIOGET:
+		MALLOC(fcr, struct fcrypt *,
+		    sizeof(struct fcrypt), M_XDATA, M_WAITOK);
+		TAILQ_INIT(&fcr->csessions);
+		fcr->sesn = 0;
+
+		error = falloc(td, &f, &fd);
+
+		if (error) {
+			FREE(fcr, M_XDATA);
+			return (error);
+		}
+		fhold(f);
+		f->f_flag = FREAD | FWRITE;
+		f->f_type = DTYPE_CRYPTO;
+		f->f_ops = &cryptofops;
+		f->f_data = (caddr_t) fcr;
+		*(u_int32_t *)data = fd;
+		fdrop(f, td);
+		break;
+	default:
+		error = EINVAL;
+		break;
+	}
+	return (error);
+}
+
+#define	CRYPTO_MAJOR	70		/* from openbsd */
+static struct cdevsw crypto_cdevsw = {
+	/* open */	cryptoopen,
+	/* close */	nullclose,
+	/* read */	cryptoread,
+	/* write */	cryptowrite,
+	/* ioctl */	cryptoioctl,
+	/* poll */	nopoll,
+	/* mmap */	nommap,
+	/* strategy */	nostrategy,
+	/* dev name */	"crypto",
+	/* dev major */	CRYPTO_MAJOR,
+	/* dump */	nodump,
+	/* psize */	nopsize,
+	/* flags */	0,
+	/* kqfilter */	NULL
+};
+static dev_t crypto_dev;
+
+/*
+ * Initialization code, both for static and dynamic loading.
+ */
+static int
+cryptodev_modevent(module_t mod, int type, void *unused)
+{
+	switch (type) {
+	case MOD_LOAD:
+		if (bootverbose)
+			printf("crypto: <crypto device>\n");
+		crypto_dev = make_dev(&crypto_cdevsw, CRYPTO_MAJOR, 
+				      UID_ROOT, GID_WHEEL, 0666,
+				      "crypto");
+		return 0;
+	case MOD_UNLOAD:
+		/*XXX disallow if active sessions */
+		destroy_dev(crypto_dev);
+		return 0;
+	}
+	return EINVAL;
+}
+
+static moduledata_t cryptodev_mod = {
+	"cryptodev",
+	cryptodev_modevent,
+	0
+};
+MODULE_VERSION(cryptodev, 1);
+DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
new file mode 100644
index 0000000..30962b9
--- /dev/null
+++ b/sys/opencrypto/cryptodev.h
@@ -0,0 +1,347 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $	*/
+
+/*
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ * Copyright (c) 2001 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+#ifndef _CRYPTO_CRYPTO_H_
+#define _CRYPTO_CRYPTO_H_
+
+#include <sys/ioccom.h>
+
+/* Some initial values */
+#define CRYPTO_DRIVERS_INITIAL	4
+#define CRYPTO_SW_SESSIONS	32
+
+/* HMAC values */
+#define HMAC_BLOCK_LEN		64
+#define HMAC_IPAD_VAL		0x36
+#define HMAC_OPAD_VAL		0x5C
+
+/* Encryption algorithm block sizes */
+#define DES_BLOCK_LEN		8
+#define DES3_BLOCK_LEN		8
+#define BLOWFISH_BLOCK_LEN	8
+#define SKIPJACK_BLOCK_LEN	8
+#define CAST128_BLOCK_LEN	8
+#define RIJNDAEL128_BLOCK_LEN	16
+#define EALG_MAX_BLOCK_LEN	16 /* Keep this updated */
+
+/* Maximum hash algorithm result length */
+#define AALG_MAX_RESULT_LEN	64 /* Keep this updated */
+
+#define	CRYPTO_ALGORITHM_MIN	1
+#define CRYPTO_DES_CBC		1
+#define CRYPTO_3DES_CBC		2
+#define CRYPTO_BLF_CBC		3
+#define CRYPTO_CAST_CBC		4
+#define CRYPTO_SKIPJACK_CBC	5
+#define CRYPTO_MD5_HMAC		6
+#define CRYPTO_SHA1_HMAC	7
+#define CRYPTO_RIPEMD160_HMAC	8
+#define CRYPTO_MD5_KPDK		9
+#define CRYPTO_SHA1_KPDK	10
+#define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC		11 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_ARC4		12
+#define	CRYPTO_MD5		13
+#define	CRYPTO_SHA1		14
+#define	CRYPTO_SHA2_HMAC	15
+#define CRYPTO_NULL_HMAC	16
+#define CRYPTO_NULL_CBC		17
+#define CRYPTO_DEFLATE_COMP	18 /* Deflate compression algorithm */
+#define CRYPTO_ALGORITHM_MAX	18 /* Keep updated - see below */
+
+/* Algorithm flags */
+#define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
+#define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
+#define	CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
+
+struct session_op {
+	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
+	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+
+	u_int32_t	keylen;		/* cipher key */
+	caddr_t		key;
+	int		mackeylen;	/* mac key */
+	caddr_t		mackey;
+
+  	u_int32_t	ses;		/* returns: session # */ 
+};
+
+struct crypt_op {
+	u_int32_t	ses;
+	u_int16_t	op;		/* i.e. COP_ENCRYPT */
+#define COP_ENCRYPT	1
+#define COP_DECRYPT	2
+	u_int16_t	flags;		/* always 0 */
+	u_int		len;
+	caddr_t		src, dst;	/* become iov[] inside kernel */
+	caddr_t		mac;		/* must be big enough for chosen MAC */
+	caddr_t		iv;
+};
+
+#define CRYPTO_MAX_MAC_LEN	20
+
+/* bignum parameter, in packed bytes, ... */
+struct crparam {
+	caddr_t		crp_p;
+	u_int		crp_nbits;
+};
+
+#define CRK_MAXPARAM	8
+
+struct crypt_kop {
+	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
+	u_int		crk_status;	/* return status */
+	u_short		crk_iparams;	/* # of input parameters */
+	u_short		crk_oparams;	/* # of output parameters */
+	u_int		crk_pad1;
+	struct crparam	crk_param[CRK_MAXPARAM];
+};
+#define	CRK_ALGORITM_MIN	0
+#define CRK_MOD_EXP		0
+#define CRK_MOD_EXP_CRT		1
+#define CRK_DSA_SIGN		2
+#define CRK_DSA_VERIFY		3
+#define CRK_DH_COMPUTE_KEY	4
+#define CRK_ALGORITHM_MAX	4 /* Keep updated - see below */
+
+#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
+#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
+#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
+#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
+#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
+
+/*
+ * done against open of /dev/crypto, to get a cloned descriptor.
+ * Please use F_SETFD against the cloned descriptor.
+ */
+#define	CRIOGET		_IOWR('c', 100, u_int32_t)
+
+/* the following are done against the cloned descriptor */
+#define	CIOCGSESSION	_IOWR('c', 101, struct session_op)
+#define	CIOCFSESSION	_IOW('c', 102, u_int32_t)
+#define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
+#define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
+#define	CIOCGSSESSION	_IOWR('c', 105, struct session_op)
+
+#define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
+
+#ifdef _KERNEL
+/* Standard initialization structure beginning */
+struct cryptoini {
+	int		cri_alg;	/* Algorithm to use */
+	int		cri_klen;	/* Key length, in bits */
+	int		cri_rnd;	/* Algorithm rounds, where relevant */
+	caddr_t		cri_key;	/* key to use */
+	u_int8_t	cri_iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
+	struct cryptoini *cri_next;
+};
+
+/* Describe boundaries of a single crypto operation */
+struct cryptodesc {
+	int		crd_skip;	/* How many bytes to ignore from start */
+	int		crd_len;	/* How many bytes to process */
+	int		crd_inject;	/* Where to inject results, if applicable */
+	int		crd_flags;
+
+#define	CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
+#define	CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
+					   place, so don't copy. */
+#define	CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
+#define	CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
+#define CRD_F_COMP		0x0f    /* Set when doing compression */
+
+	struct cryptoini	CRD_INI; /* Initialization/context data */
+#define crd_iv		CRD_INI.cri_iv
+#define crd_key		CRD_INI.cri_key
+#define crd_rnd		CRD_INI.cri_rnd
+#define crd_alg		CRD_INI.cri_alg
+#define crd_klen	CRD_INI.cri_klen
+
+	struct cryptodesc *crd_next;
+};
+
+/* Structure describing complete operation */
+struct cryptop {
+	TAILQ_ENTRY(cryptop) crp_next;
+
+	u_int64_t	crp_sid;	/* Session ID */
+	int		crp_ilen;	/* Input data total length */
+	int		crp_olen;	/* Result total length */
+	int		crp_alloctype;	/* Type of buf to allocate if needed */
+
+	int		crp_etype;	/*
+					 * Error type (zero means no error).
+					 * All error codes except EAGAIN
+					 * indicate possible data corruption (as in,
+					 * the data have been touched). On all
+					 * errors, the crp_sid may have changed
+					 * (reset to a new one), so the caller
+					 * should always check and use the new
+					 * value on future requests.
+					 */
+	int		crp_flags;
+
+#define CRYPTO_F_IMBUF	0x0001	/* Input/output are mbuf chains, otherwise contig */
+#define CRYPTO_F_IOV	0x0002	/* Input/output are uio */
+#define CRYPTO_F_REL	0x0004	/* Must return data in same place */
+#define	CRYPTO_F_NODELAY 0x0008	/* Dispatch as quickly as possible */
+
+	caddr_t		crp_buf;	/* Data to be processed */
+	caddr_t		crp_opaque;	/* Opaque pointer, passed along */
+	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
+
+	int (*crp_callback)(struct cryptop *); /* Callback function */
+
+	caddr_t		crp_mac;
+};
+
+#define CRYPTO_BUF_CONTIG	0x0
+#define CRYPTO_BUF_IOV		0x1
+#define CRYPTO_BUF_MBUF		0x2
+
+#define CRYPTO_OP_DECRYPT	0x0
+#define CRYPTO_OP_ENCRYPT	0x1
+
+/*
+ * Hints passed to process methods.
+ */
+#define	CRYPTO_HINT_MORE	0x1	/* more ops coming shortly */
+
+struct cryptkop {
+	TAILQ_ENTRY(cryptkop) krp_next;
+
+	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
+	u_int		krp_status;	/* return status */
+	u_short		krp_iparams;	/* # of input parameters */
+	u_short		krp_oparams;	/* # of output parameters */
+	u_int32_t	krp_hid;
+	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
+	int		(*krp_callback)(struct cryptkop *);
+};
+
+/* Crypto capabilities structure */
+struct cryptocap {
+	u_int32_t	cc_sessions;
+
+	/*
+	 * Largest possible operator length (in bits) for each type of
+	 * encryption algorithm.
+	 */
+	u_int16_t	cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
+
+	u_int8_t	cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+
+	u_int8_t	cc_kalg[CRK_ALGORITHM_MAX + 1];
+
+	u_int8_t	cc_flags;
+	u_int8_t	cc_qblocked;		/* symmetric q blocked */
+	u_int8_t	cc_kqblocked;		/* asymmetric q blocked */
+#define CRYPTOCAP_F_CLEANUP   0x1
+#define CRYPTOCAP_F_SOFTWARE  0x02
+
+	void		*cc_arg;		/* callback argument */
+	int		(*cc_newsession)(void*, u_int32_t*, struct cryptoini*);
+	int		(*cc_process)(void*, struct cryptop *, int);
+	int		(*cc_freesession)(void*, u_int64_t);
+	void		*cc_karg;		/* callback argument */
+	int		(*cc_kprocess) (void*, struct cryptkop *, int);
+};
+
+MALLOC_DECLARE(M_CRYPTO_DATA);
+
+extern	int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
+extern	int crypto_freesession(u_int64_t sid);
+extern	int32_t crypto_get_driverid(u_int32_t flags);
+extern	int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
+	    u_int32_t flags,
+	    int (*newses)(void*, u_int32_t*, struct cryptoini*),
+	    int (*freeses)(void*, u_int64_t),
+	    int (*process)(void*, struct cryptop *, int),
+	    void *arg);
+extern	int crypto_kregister(u_int32_t, int, u_int32_t,
+	    int (*)(void*, struct cryptkop *, int),
+	    void *arg);
+extern	int crypto_unregister(u_int32_t driverid, int alg);
+extern	int crypto_unregister_all(u_int32_t driverid);
+extern	int crypto_dispatch(struct cryptop *crp);
+extern	int crypto_kdispatch(struct cryptkop *);
+#define	CRYPTO_SYMQ	0x1
+#define	CRYPTO_ASYMQ	0x2
+extern	int crypto_unblock(u_int32_t, int);
+extern	void crypto_done(struct cryptop *crp);
+extern	void crypto_kdone(struct cryptkop *);
+extern	int crypto_getfeat(int *);
+
+extern	void crypto_freereq(struct cryptop *crp);
+extern	struct cryptop *crypto_getreq(int num);
+
+extern	int crypto_usercrypto;		/* userland may do crypto requests */
+extern	int crypto_userasymcrypto;	/* userland may do asym crypto reqs */
+extern	int crypto_devallowsoft;	/* only use hardware crypto */
+
+/*
+ * Crypto-related utility routines used mainly by drivers.
+ *
+ * XXX these don't really belong here; but for now they're
+ *     kept apart from the rest of the system.
+ */
+struct mbuf;
+struct	mbuf	*m_getptr(struct mbuf *, int, int *);
+
+struct uio;
+extern	void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
+extern	void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
+extern	struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
+#endif /* _KERNEL */
+#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
new file mode 100644
index 0000000..b6ead2a
--- /dev/null
+++ b/sys/opencrypto/cryptosoft.c
@@ -0,0 +1,1025 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $	*/
+
+/*
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000, 2001 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/malloc.h>
+#include <sys/mbuf.h>
+#include <sys/sysctl.h>
+#include <sys/errno.h>
+#include <sys/random.h>
+#include <sys/kernel.h>
+#include <sys/uio.h>
+
+#include <crypto/blowfish/blowfish.h>
+#include <crypto/cast128/cast128.h>
+#include <crypto/sha1.h>
+#include <opencrypto/rmd160.h>
+#include <opencrypto/skipjack.h>
+#include <sys/md5.h>
+
+#include <opencrypto/cryptodev.h>
+#include <opencrypto/cryptosoft.h>
+#include <opencrypto/xform.h>
+
+u_int8_t hmac_ipad_buffer[64] = {
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+u_int8_t hmac_opad_buffer[64] = {
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
+	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
+};
+
+
+struct swcr_data **swcr_sessions = NULL;
+u_int32_t swcr_sesnum = 0;
+int32_t swcr_id = -1;
+
+#define COPYBACK(x, a, b, c, d) \
+	(x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \
+	: cuio_copyback((struct uio *)a,b,c,d)
+#define COPYDATA(x, a, b, c, d) \
+	(x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \
+	: cuio_copydata((struct uio *)a,b,c,d)
+
+static	int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
+static	int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
+			     struct swcr_data *sw, caddr_t buf, int outtype);
+static	int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
+static	int swcr_process(void *, struct cryptop *, int);
+static	int swcr_newsession(void *, u_int32_t *, struct cryptoini *);
+static	int swcr_freesession(void *, u_int64_t);
+
+/*
+ * NB: These came over from openbsd and are kept private
+ *     to the crypto code for now.
+ */
+extern	int m_apply(struct mbuf *m, int off, int len,
+		    int (*f)(caddr_t, caddr_t, unsigned int), caddr_t fstate);
+
+/*
+ * Apply a symmetric encryption/decryption algorithm.
+ */
+static int
+swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
+    int outtype)
+{
+	unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
+	unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN];
+	struct enc_xform *exf;
+	int i, k, j, blks;
+
+	exf = sw->sw_exf;
+	blks = exf->blocksize;
+
+	/* Check for non-padded data */
+	if (crd->crd_len % blks)
+		return EINVAL;
+
+	/* Initialize the IV */
+	if (crd->crd_flags & CRD_F_ENCRYPT) {
+		/* IV explicitly provided ? */
+		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+			bcopy(crd->crd_iv, iv, blks);
+		else {
+			/* Get random IV */
+			for (i = 0;
+			    i + sizeof (u_int32_t) < EALG_MAX_BLOCK_LEN;
+			    i += sizeof (u_int32_t)) {
+				u_int32_t temp = arc4random();
+
+				bcopy(&temp, iv + i, sizeof(u_int32_t));
+			}
+			/*
+			 * What if the block size is not a multiple
+			 * of sizeof (u_int32_t), which is the size of
+			 * what arc4random() returns ?
+			 */
+			if (EALG_MAX_BLOCK_LEN % sizeof (u_int32_t) != 0) {
+				u_int32_t temp = arc4random();
+
+				bcopy (&temp, iv + i,
+				    EALG_MAX_BLOCK_LEN - i);
+			}
+		}
+
+		/* Do we need to write the IV */
+		if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {
+			COPYBACK(outtype, buf, crd->crd_inject, blks, iv);
+		}
+
+	} else {	/* Decryption */
+			/* IV explicitly provided ? */
+		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+			bcopy(crd->crd_iv, iv, blks);
+		else {
+			/* Get IV off buf */
+			COPYDATA(outtype, buf, crd->crd_inject, blks, iv);
+		}
+	}
+
+	ivp = iv;
+
+	if (outtype == CRYPTO_BUF_CONTIG) {
+		if (crd->crd_flags & CRD_F_ENCRYPT) {
+			for (i = crd->crd_skip;
+			    i < crd->crd_skip + crd->crd_len; i += blks) {
+				/* XOR with the IV/previous block, as appropriate. */
+				if (i == crd->crd_skip)
+					for (k = 0; k < blks; k++)
+						buf[i + k] ^= ivp[k];
+				else
+					for (k = 0; k < blks; k++)
+						buf[i + k] ^= buf[i + k - blks];
+				exf->encrypt(sw->sw_kschedule, buf + i);
+			}
+		} else {		/* Decrypt */
+			/*
+			 * Start at the end, so we don't need to keep the encrypted
+			 * block as the IV for the next block.
+			 */
+			for (i = crd->crd_skip + crd->crd_len - blks;
+			    i >= crd->crd_skip; i -= blks) {
+				exf->decrypt(sw->sw_kschedule, buf + i);
+
+				/* XOR with the IV/previous block, as appropriate */
+				if (i == crd->crd_skip)
+					for (k = 0; k < blks; k++)
+						buf[i + k] ^= ivp[k];
+				else
+					for (k = 0; k < blks; k++)
+						buf[i + k] ^= buf[i + k - blks];
+			}
+		}
+
+		return 0;
+	} else if (outtype == CRYPTO_BUF_MBUF) {
+		struct mbuf *m = (struct mbuf *) buf;
+
+		/* Find beginning of data */
+		m = m_getptr(m, crd->crd_skip, &k);
+		if (m == NULL)
+			return EINVAL;
+
+		i = crd->crd_len;
+
+		while (i > 0) {
+			/*
+			 * If there's insufficient data at the end of
+			 * an mbuf, we have to do some copying.
+			 */
+			if (m->m_len < k + blks && m->m_len != k) {
+				m_copydata(m, k, blks, blk);
+
+				/* Actual encryption/decryption */
+				if (crd->crd_flags & CRD_F_ENCRYPT) {
+					/* XOR with previous block */
+					for (j = 0; j < blks; j++)
+						blk[j] ^= ivp[j];
+
+					exf->encrypt(sw->sw_kschedule, blk);
+
+					/*
+					 * Keep encrypted block for XOR'ing
+					 * with next block
+					 */
+					bcopy(blk, iv, blks);
+					ivp = iv;
+				} else {	/* decrypt */
+					/*	
+					 * Keep encrypted block for XOR'ing
+					 * with next block
+					 */
+					if (ivp == iv)
+						bcopy(blk, piv, blks);
+					else
+						bcopy(blk, iv, blks);
+
+					exf->decrypt(sw->sw_kschedule, blk);
+
+					/* XOR with previous block */
+					for (j = 0; j < blks; j++)
+						blk[j] ^= ivp[j];
+
+					if (ivp == iv)
+						bcopy(piv, iv, blks);
+					else
+						ivp = iv;
+				}
+
+				/* Copy back decrypted block */
+				m_copyback(m, k, blks, blk);
+
+				/* Advance pointer */
+				m = m_getptr(m, k + blks, &k);
+				if (m == NULL)
+					return EINVAL;
+
+				i -= blks;
+
+				/* Could be done... */
+				if (i == 0)
+					break;
+			}
+
+			/* Skip possibly empty mbufs */
+			if (k == m->m_len) {
+				for (m = m->m_next; m && m->m_len == 0;
+				    m = m->m_next)
+					;
+				k = 0;
+			}
+
+			/* Sanity check */
+			if (m == NULL)
+				return EINVAL;
+
+			/*
+			 * Warning: idat may point to garbage here, but
+			 * we only use it in the while() loop, only if
+			 * there are indeed enough data.
+			 */
+			idat = mtod(m, unsigned char *) + k;
+
+	   		while (m->m_len >= k + blks && i > 0) {
+				if (crd->crd_flags & CRD_F_ENCRYPT) {
+					/* XOR with previous block/IV */
+					for (j = 0; j < blks; j++)
+						idat[j] ^= ivp[j];
+
+					exf->encrypt(sw->sw_kschedule, idat);
+					ivp = idat;
+				} else {	/* decrypt */
+					/*
+					 * Keep encrypted block to be used
+					 * in next block's processing.
+					 */
+					if (ivp == iv)
+						bcopy(idat, piv, blks);
+					else
+						bcopy(idat, iv, blks);
+
+					exf->decrypt(sw->sw_kschedule, idat);
+
+					/* XOR with previous block/IV */
+					for (j = 0; j < blks; j++)
+						idat[j] ^= ivp[j];
+
+					if (ivp == iv)
+						bcopy(piv, iv, blks);
+					else
+						ivp = iv;
+				}
+
+				idat += blks;
+				k += blks;
+				i -= blks;
+			}
+		}
+
+		return 0; /* Done with mbuf encryption/decryption */
+	} else if (outtype == CRYPTO_BUF_IOV) {
+		struct uio *uio = (struct uio *) buf;
+		struct iovec *iov;
+
+		/* Find beginning of data */
+		iov = cuio_getptr(uio, crd->crd_skip, &k);
+		if (iov == NULL)
+			return EINVAL;
+
+		i = crd->crd_len;
+
+		while (i > 0) {
+			/*
+			 * If there's insufficient data at the end of
+			 * an iovec, we have to do some copying.
+			 */
+			if (iov->iov_len < k + blks && iov->iov_len != k) {
+				cuio_copydata(uio, k, blks, blk);
+
+				/* Actual encryption/decryption */
+				if (crd->crd_flags & CRD_F_ENCRYPT) {
+					/* XOR with previous block */
+					for (j = 0; j < blks; j++)
+						blk[j] ^= ivp[j];
+
+					exf->encrypt(sw->sw_kschedule, blk);
+
+					/*
+					 * Keep encrypted block for XOR'ing
+					 * with next block
+					 */
+					bcopy(blk, iv, blks);
+					ivp = iv;
+				} else {	/* decrypt */
+					/*	
+					 * Keep encrypted block for XOR'ing
+					 * with next block
+					 */
+					if (ivp == iv)
+						bcopy(blk, piv, blks);
+					else
+						bcopy(blk, iv, blks);
+
+					exf->decrypt(sw->sw_kschedule, blk);
+
+					/* XOR with previous block */
+					for (j = 0; j < blks; j++)
+						blk[j] ^= ivp[j];
+
+					if (ivp == iv)
+						bcopy(piv, iv, blks);
+					else
+						ivp = iv;
+				}
+
+				/* Copy back decrypted block */
+				cuio_copyback(uio, k, blks, blk);
+
+				/* Advance pointer */
+				iov = cuio_getptr(uio, k + blks, &k);
+				if (iov == NULL)
+					return EINVAL;
+
+				i -= blks;
+
+				/* Could be done... */
+				if (i == 0)
+					break;
+			}
+
+			/*
+			 * Warning: idat may point to garbage here, but
+			 * we only use it in the while() loop, only if
+			 * there are indeed enough data.
+			 */
+			idat = iov->iov_base + k;
+
+	   		while (iov->iov_len >= k + blks && i > 0) {
+				if (crd->crd_flags & CRD_F_ENCRYPT) {
+					/* XOR with previous block/IV */
+					for (j = 0; j < blks; j++)
+						idat[j] ^= ivp[j];
+
+					exf->encrypt(sw->sw_kschedule, idat);
+					ivp = idat;
+				} else {	/* decrypt */
+					/*
+					 * Keep encrypted block to be used
+					 * in next block's processing.
+					 */
+					if (ivp == iv)
+						bcopy(idat, piv, blks);
+					else
+						bcopy(idat, iv, blks);
+
+					exf->decrypt(sw->sw_kschedule, idat);
+
+					/* XOR with previous block/IV */
+					for (j = 0; j < blks; j++)
+						idat[j] ^= ivp[j];
+
+					if (ivp == iv)
+						bcopy(piv, iv, blks);
+					else
+						ivp = iv;
+				}
+
+				idat += blks;
+				k += blks;
+				i -= blks;
+			}
+		}
+
+		return 0; /* Done with mbuf encryption/decryption */
+	}
+
+	/* Unreachable */
+	return EINVAL;
+}
+
+/*
+ * Compute keyed-hash authenticator.
+ */
+static int
+swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
+    struct swcr_data *sw, caddr_t buf, int outtype)
+{
+	unsigned char aalg[AALG_MAX_RESULT_LEN];
+	struct auth_hash *axf;
+	union authctx ctx;
+	int err;
+
+	if (sw->sw_ictx == 0)
+		return EINVAL;
+
+	axf = sw->sw_axf;
+
+	bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
+
+	switch (outtype) {
+	case CRYPTO_BUF_CONTIG:
+		axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
+		break;
+	case CRYPTO_BUF_MBUF:
+		err = m_apply((struct mbuf *) buf, crd->crd_skip, crd->crd_len,
+		    (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update,
+		    (caddr_t) &ctx);
+		if (err)
+			return err;
+		break;
+	case CRYPTO_BUF_IOV:
+	default:
+		return EINVAL;
+	}
+
+	switch (sw->sw_alg) {
+	case CRYPTO_MD5_HMAC:
+	case CRYPTO_SHA1_HMAC:
+	case CRYPTO_SHA2_HMAC:
+	case CRYPTO_RIPEMD160_HMAC:
+		if (sw->sw_octx == NULL)
+			return EINVAL;
+
+		axf->Final(aalg, &ctx);
+		bcopy(sw->sw_octx, &ctx, axf->ctxsize);
+		axf->Update(&ctx, aalg, axf->hashsize);
+		axf->Final(aalg, &ctx);
+		break;
+
+	case CRYPTO_MD5_KPDK:
+	case CRYPTO_SHA1_KPDK:
+		if (sw->sw_octx == NULL)
+			return EINVAL;
+
+		axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
+		axf->Final(aalg, &ctx);
+		break;
+
+	case CRYPTO_NULL_HMAC:
+		axf->Final(aalg, &ctx);
+		break;
+	}
+
+	/* Inject the authentication data */
+	if (outtype == CRYPTO_BUF_CONTIG)
+		bcopy(aalg, buf + crd->crd_inject, axf->authsize);
+	else
+		m_copyback((struct mbuf *) buf, crd->crd_inject,
+		    axf->authsize, aalg);
+	return 0;
+}
+
+/*
+ * Apply a compression/decompression algorithm
+ */
+static int
+swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw,
+    caddr_t buf, int outtype)
+{
+	u_int8_t *data, *out;
+	struct comp_algo *cxf;
+	int adj;
+	u_int32_t result;
+
+	cxf = sw->sw_cxf;
+
+	/* We must handle the whole buffer of data in one time
+	 * then if there is not all the data in the mbuf, we must
+	 * copy in a buffer.
+	 */
+
+	MALLOC(data, u_int8_t *, crd->crd_len, M_CRYPTO_DATA,  M_NOWAIT);
+	if (data == NULL)
+		return (EINVAL);
+	COPYDATA(outtype, buf, crd->crd_skip, crd->crd_len, data);
+
+	if (crd->crd_flags & CRD_F_COMP)
+		result = cxf->compress(data, crd->crd_len, &out);
+	else
+		result = cxf->decompress(data, crd->crd_len, &out);
+
+	FREE(data, M_CRYPTO_DATA);
+	if (result == 0)
+		return EINVAL;
+
+	/* Copy back the (de)compressed data. m_copyback is
+	 * extending the mbuf as necessary.
+	 */
+	sw->sw_size = result;
+	/* Check the compressed size when doing compression */
+	if (crd->crd_flags & CRD_F_COMP) {
+		if (result > crd->crd_len) {
+			/* Compression was useless, we lost time */
+			FREE(out, M_CRYPTO_DATA);
+			return 0;
+		}
+	}
+
+	COPYBACK(outtype, buf, crd->crd_skip, result, out);
+	if (result < crd->crd_len) {
+		adj = result - crd->crd_len;
+		if (outtype == CRYPTO_BUF_MBUF) {
+			adj = result - crd->crd_len;
+			m_adj((struct mbuf *)buf, adj);
+		} else {
+			struct uio *uio = (struct uio *)buf;
+			int ind;
+
+			adj = crd->crd_len - result;
+			ind = uio->uio_iovcnt - 1;
+
+			while (adj > 0 && ind >= 0) {
+				if (adj < uio->uio_iov[ind].iov_len) {
+					uio->uio_iov[ind].iov_len -= adj;
+					break;
+				}
+
+				adj -= uio->uio_iov[ind].iov_len;
+				uio->uio_iov[ind].iov_len = 0;
+				ind--;
+				uio->uio_iovcnt--;
+			}
+		}
+	}
+	FREE(out, M_CRYPTO_DATA);
+	return 0;
+}
+
+/*
+ * Generate a new software session.
+ */
+static int
+swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
+{
+	struct swcr_data **swd;
+	struct auth_hash *axf;
+	struct enc_xform *txf;
+	struct comp_algo *cxf;
+	u_int32_t i;
+	int k, error;
+
+	if (sid == NULL || cri == NULL)
+		return EINVAL;
+
+	if (swcr_sessions) {
+		for (i = 1; i < swcr_sesnum; i++)
+			if (swcr_sessions[i] == NULL)
+				break;
+	} else
+		i = 1;		/* NB: to silence compiler warning */
+
+	if (swcr_sessions == NULL || i == swcr_sesnum) {
+		if (swcr_sessions == NULL) {
+			i = 1; /* We leave swcr_sessions[0] empty */
+			swcr_sesnum = CRYPTO_SW_SESSIONS;
+		} else
+			swcr_sesnum *= 2;
+
+		swd = malloc(swcr_sesnum * sizeof(struct swcr_data *),
+		    M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+		if (swd == NULL) {
+			/* Reset session number */
+			if (swcr_sesnum == CRYPTO_SW_SESSIONS)
+				swcr_sesnum = 0;
+			else
+				swcr_sesnum /= 2;
+			return ENOBUFS;
+		}
+
+		/* Copy existing sessions */
+		if (swcr_sessions) {
+			bcopy(swcr_sessions, swd,
+			    (swcr_sesnum / 2) * sizeof(struct swcr_data *));
+			free(swcr_sessions, M_CRYPTO_DATA);
+		}
+
+		swcr_sessions = swd;
+	}
+
+	swd = &swcr_sessions[i];
+	*sid = i;
+
+	while (cri) {
+		MALLOC(*swd, struct swcr_data *, sizeof(struct swcr_data),
+		    M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+		if (*swd == NULL) {
+			swcr_freesession(NULL, i);
+			return ENOBUFS;
+		}
+
+		switch (cri->cri_alg) {
+		case CRYPTO_DES_CBC:
+			txf = &enc_xform_des;
+			goto enccommon;
+		case CRYPTO_3DES_CBC:
+			txf = &enc_xform_3des;
+			goto enccommon;
+		case CRYPTO_BLF_CBC:
+			txf = &enc_xform_blf;
+			goto enccommon;
+		case CRYPTO_CAST_CBC:
+			txf = &enc_xform_cast5;
+			goto enccommon;
+		case CRYPTO_SKIPJACK_CBC:
+			txf = &enc_xform_skipjack;
+			goto enccommon;
+		case CRYPTO_RIJNDAEL128_CBC:
+			txf = &enc_xform_rijndael128;
+			goto enccommon;
+		case CRYPTO_NULL_CBC:
+			txf = &enc_xform_null;
+			goto enccommon;
+		enccommon:
+			error = txf->setkey(&((*swd)->sw_kschedule),
+					cri->cri_key, cri->cri_klen / 8);
+			if (error) {
+				swcr_freesession(NULL, i);
+				return error;
+			}
+			(*swd)->sw_exf = txf;
+			break;
+	
+		case CRYPTO_MD5_HMAC:
+			axf = &auth_hash_hmac_md5_96;
+			goto authcommon;
+		case CRYPTO_SHA1_HMAC:
+			axf = &auth_hash_hmac_sha1_96;
+			goto authcommon;
+		case CRYPTO_SHA2_HMAC:
+			if (cri->cri_klen == 256)
+				axf = &auth_hash_hmac_sha2_256;
+			else if (cri->cri_klen == 384)
+				axf = &auth_hash_hmac_sha2_384;
+			else if (cri->cri_klen == 512)
+				axf = &auth_hash_hmac_sha2_512;
+			else {
+				swcr_freesession(NULL, i);
+				return EINVAL;
+			}
+			goto authcommon;
+		case CRYPTO_NULL_HMAC:
+			axf = &auth_hash_null;
+			goto authcommon;
+		case CRYPTO_RIPEMD160_HMAC:
+			axf = &auth_hash_hmac_ripemd_160_96;
+		authcommon:
+			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+			    M_NOWAIT);
+			if ((*swd)->sw_ictx == NULL) {
+				swcr_freesession(NULL, i);
+				return ENOBUFS;
+			}
+	
+			(*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+			    M_NOWAIT);
+			if ((*swd)->sw_octx == NULL) {
+				swcr_freesession(NULL, i);
+				return ENOBUFS;
+			}
+	
+			for (k = 0; k < cri->cri_klen / 8; k++)
+				cri->cri_key[k] ^= HMAC_IPAD_VAL;
+	
+			axf->Init((*swd)->sw_ictx);
+			axf->Update((*swd)->sw_ictx, cri->cri_key,
+			    cri->cri_klen / 8);
+			axf->Update((*swd)->sw_ictx, hmac_ipad_buffer,
+			    HMAC_BLOCK_LEN - (cri->cri_klen / 8));
+	
+			for (k = 0; k < cri->cri_klen / 8; k++)
+				cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
+	
+			axf->Init((*swd)->sw_octx);
+			axf->Update((*swd)->sw_octx, cri->cri_key,
+			    cri->cri_klen / 8);
+			axf->Update((*swd)->sw_octx, hmac_opad_buffer,
+			    HMAC_BLOCK_LEN - (cri->cri_klen / 8));
+	
+			for (k = 0; k < cri->cri_klen / 8; k++)
+				cri->cri_key[k] ^= HMAC_OPAD_VAL;
+			(*swd)->sw_axf = axf;
+			break;
+	
+		case CRYPTO_MD5_KPDK:
+			axf = &auth_hash_key_md5;
+			goto auth2common;
+	
+		case CRYPTO_SHA1_KPDK:
+			axf = &auth_hash_key_sha1;
+		auth2common:
+			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+			    M_NOWAIT);
+			if ((*swd)->sw_ictx == NULL) {
+				swcr_freesession(NULL, i);
+				return ENOBUFS;
+			}
+	
+			/* Store the key so we can "append" it to the payload */
+			(*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
+			    M_NOWAIT);
+			if ((*swd)->sw_octx == NULL) {
+				swcr_freesession(NULL, i);
+				return ENOBUFS;
+			}
+	
+			(*swd)->sw_klen = cri->cri_klen / 8;
+			bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
+			axf->Init((*swd)->sw_ictx);
+			axf->Update((*swd)->sw_ictx, cri->cri_key,
+			    cri->cri_klen / 8);
+			axf->Final(NULL, (*swd)->sw_ictx);
+			(*swd)->sw_axf = axf;
+			break;
+#ifdef notdef
+		case CRYPTO_MD5:
+			axf = &auth_hash_md5;
+			goto auth3common;
+
+		case CRYPTO_SHA1:
+			axf = &auth_hash_sha1;
+		auth3common:
+			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
+			    M_NOWAIT);
+			if ((*swd)->sw_ictx == NULL) {
+				swcr_freesession(NULL, i);
+				return ENOBUFS;
+			}
+
+			axf->Init((*swd)->sw_ictx);
+			(*swd)->sw_axf = axf;
+			break;
+#endif
+		case CRYPTO_DEFLATE_COMP:
+			cxf = &comp_algo_deflate;
+			(*swd)->sw_cxf = cxf;
+			break;
+		default:
+			swcr_freesession(NULL, i);
+			return EINVAL;
+		}
+	
+		(*swd)->sw_alg = cri->cri_alg;
+		cri = cri->cri_next;
+		swd = &((*swd)->sw_next);
+	}
+	return 0;
+}
+
+/*
+ * Free a session.
+ */
+static int
+swcr_freesession(void *arg, u_int64_t tid)
+{
+	struct swcr_data *swd;
+	struct enc_xform *txf;
+	struct auth_hash *axf;
+	struct comp_algo *cxf;
+	u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
+
+	if (sid > swcr_sesnum || swcr_sessions == NULL ||
+	    swcr_sessions[sid] == NULL)
+		return EINVAL;
+
+	/* Silently accept and return */
+	if (sid == 0)
+		return 0;
+
+	while ((swd = swcr_sessions[sid]) != NULL) {
+		swcr_sessions[sid] = swd->sw_next;
+
+		switch (swd->sw_alg) {
+		case CRYPTO_DES_CBC:
+		case CRYPTO_3DES_CBC:
+		case CRYPTO_BLF_CBC:
+		case CRYPTO_CAST_CBC:
+		case CRYPTO_SKIPJACK_CBC:
+		case CRYPTO_RIJNDAEL128_CBC:
+		case CRYPTO_NULL_CBC:
+			txf = swd->sw_exf;
+
+			if (swd->sw_kschedule)
+				txf->zerokey(&(swd->sw_kschedule));
+			break;
+
+		case CRYPTO_MD5_HMAC:
+		case CRYPTO_SHA1_HMAC:
+		case CRYPTO_SHA2_HMAC:
+		case CRYPTO_RIPEMD160_HMAC:
+		case CRYPTO_NULL_HMAC:
+			axf = swd->sw_axf;
+
+			if (swd->sw_ictx) {
+				bzero(swd->sw_ictx, axf->ctxsize);
+				free(swd->sw_ictx, M_CRYPTO_DATA);
+			}
+			if (swd->sw_octx) {
+				bzero(swd->sw_octx, axf->ctxsize);
+				free(swd->sw_octx, M_CRYPTO_DATA);
+			}
+			break;
+
+		case CRYPTO_MD5_KPDK:
+		case CRYPTO_SHA1_KPDK:
+			axf = swd->sw_axf;
+
+			if (swd->sw_ictx) {
+				bzero(swd->sw_ictx, axf->ctxsize);
+				free(swd->sw_ictx, M_CRYPTO_DATA);
+			}
+			if (swd->sw_octx) {
+				bzero(swd->sw_octx, swd->sw_klen);
+				free(swd->sw_octx, M_CRYPTO_DATA);
+			}
+			break;
+
+		case CRYPTO_MD5:
+		case CRYPTO_SHA1:
+			axf = swd->sw_axf;
+
+			if (swd->sw_ictx)
+				free(swd->sw_ictx, M_CRYPTO_DATA);
+			break;
+
+		case CRYPTO_DEFLATE_COMP:
+			cxf = swd->sw_cxf;
+			break;
+		}
+
+		FREE(swd, M_CRYPTO_DATA);
+	}
+	return 0;
+}
+
+/*
+ * Process a software request.
+ */
+static int
+swcr_process(void *arg, struct cryptop *crp, int hint)
+{
+	struct cryptodesc *crd;
+	struct swcr_data *sw;
+	u_int32_t lid;
+	int type;
+
+	/* Sanity check */
+	if (crp == NULL)
+		return EINVAL;
+
+	if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
+		crp->crp_etype = EINVAL;
+		goto done;
+	}
+
+	lid = crp->crp_sid & 0xffffffff;
+	if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) {
+		crp->crp_etype = ENOENT;
+		goto done;
+	}
+
+	if (crp->crp_flags & CRYPTO_F_IMBUF) {
+		type = CRYPTO_BUF_MBUF;
+	} else if (crp->crp_flags & CRYPTO_F_IOV) {
+		type = CRYPTO_BUF_IOV;
+	} else {
+		type = CRYPTO_BUF_CONTIG;
+	}
+
+	/* Go through crypto descriptors, processing as we go */
+	for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
+		/*
+		 * Find the crypto context.
+		 *
+		 * XXX Note that the logic here prevents us from having
+		 * XXX the same algorithm multiple times in a session
+		 * XXX (or rather, we can but it won't give us the right
+		 * XXX results). To do that, we'd need some way of differentiating
+		 * XXX between the various instances of an algorithm (so we can
+		 * XXX locate the correct crypto context).
+		 */
+		for (sw = swcr_sessions[lid];
+		    sw && sw->sw_alg != crd->crd_alg;
+		    sw = sw->sw_next)
+			;
+
+		/* No such context ? */
+		if (sw == NULL) {
+			crp->crp_etype = EINVAL;
+			goto done;
+		}
+		switch (sw->sw_alg) {
+		case CRYPTO_DES_CBC:
+		case CRYPTO_3DES_CBC:
+		case CRYPTO_BLF_CBC:
+		case CRYPTO_CAST_CBC:
+		case CRYPTO_SKIPJACK_CBC:
+		case CRYPTO_RIJNDAEL128_CBC:
+			if ((crp->crp_etype = swcr_encdec(crd, sw,
+			    crp->crp_buf, type)) != 0)
+				goto done;
+			break;
+		case CRYPTO_NULL_CBC:
+			crp->crp_etype = 0;
+			break;
+		case CRYPTO_MD5_HMAC:
+		case CRYPTO_SHA1_HMAC:
+		case CRYPTO_SHA2_HMAC:
+		case CRYPTO_RIPEMD160_HMAC:
+		case CRYPTO_NULL_HMAC:
+		case CRYPTO_MD5_KPDK:
+		case CRYPTO_SHA1_KPDK:
+		case CRYPTO_MD5:
+		case CRYPTO_SHA1:
+			if ((crp->crp_etype = swcr_authcompute(crp, crd, sw,
+			    crp->crp_buf, type)) != 0)
+				goto done;
+			break;
+
+		case CRYPTO_DEFLATE_COMP:
+			if ((crp->crp_etype = swcr_compdec(crd, sw, 
+			    crp->crp_buf, type)) != 0)
+				goto done;
+			else
+				crp->crp_olen = (int)sw->sw_size;
+			break;
+
+		default:
+			/* Unknown/unsupported algorithm */
+			crp->crp_etype = EINVAL;
+			goto done;
+		}
+	}
+
+done:
+	crypto_done(crp);
+	return 0;
+}
+
+/*
+ * Initialize the driver, called from the kernel main().
+ */
+static void
+swcr_init(void)
+{
+	swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE);
+	if (swcr_id < 0)
+		panic("Software crypto device cannot initialize!");
+	crypto_register(swcr_id, CRYPTO_DES_CBC,
+	    0, 0, swcr_newsession, swcr_freesession, swcr_process, NULL);
+#define	REGISTER(alg) \
+	crypto_register(swcr_id, alg, 0,0,NULL,NULL,NULL,NULL)
+	REGISTER(CRYPTO_3DES_CBC);
+	REGISTER(CRYPTO_BLF_CBC);
+	REGISTER(CRYPTO_CAST_CBC);
+	REGISTER(CRYPTO_SKIPJACK_CBC);
+	REGISTER(CRYPTO_NULL_CBC);
+	REGISTER(CRYPTO_MD5_HMAC);
+	REGISTER(CRYPTO_SHA1_HMAC);
+	REGISTER(CRYPTO_SHA2_HMAC);
+	REGISTER(CRYPTO_RIPEMD160_HMAC);
+	REGISTER(CRYPTO_NULL_HMAC);
+	REGISTER(CRYPTO_MD5_KPDK);
+	REGISTER(CRYPTO_SHA1_KPDK);
+	REGISTER(CRYPTO_MD5);
+	REGISTER(CRYPTO_SHA1);
+	REGISTER(CRYPTO_RIJNDAEL128_CBC);
+	REGISTER(CRYPTO_DEFLATE_COMP);
+#undef REGISTER
+}
+SYSINIT(cryptosoft_init, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_init, NULL)
diff --git a/sys/opencrypto/cryptosoft.h b/sys/opencrypto/cryptosoft.h
new file mode 100644
index 0000000..dea997e
--- /dev/null
+++ b/sys/opencrypto/cryptosoft.h
@@ -0,0 +1,65 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: cryptosoft.h,v 1.10 2002/04/22 23:10:09 deraadt Exp $	*/
+
+/*
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#ifndef _CRYPTO_CRYPTOSOFT_H_
+#define _CRYPTO_CRYPTOSOFT_H_
+
+/* Software session entry */
+struct swcr_data {
+	int		sw_alg;		/* Algorithm */
+	union {
+		struct {
+			u_int8_t	 *SW_ictx;
+			u_int8_t	 *SW_octx;
+			u_int32_t	 SW_klen;
+			struct auth_hash *SW_axf;
+		} SWCR_AUTH;
+		struct {
+			u_int8_t	 *SW_kschedule;
+			struct enc_xform *SW_exf;
+		} SWCR_ENC;
+		struct {
+			u_int32_t	 SW_size;
+			struct comp_algo *SW_cxf;
+		} SWCR_COMP;
+	} SWCR_UN;
+
+#define sw_ictx		SWCR_UN.SWCR_AUTH.SW_ictx
+#define sw_octx		SWCR_UN.SWCR_AUTH.SW_octx
+#define sw_klen		SWCR_UN.SWCR_AUTH.SW_klen
+#define sw_axf		SWCR_UN.SWCR_AUTH.SW_axf
+#define sw_kschedule	SWCR_UN.SWCR_ENC.SW_kschedule
+#define sw_exf		SWCR_UN.SWCR_ENC.SW_exf
+#define sw_size		SWCR_UN.SWCR_COMP.SW_size
+#define sw_cxf		SWCR_UN.SWCR_COMP.SW_cxf
+
+	struct swcr_data *sw_next;
+};
+
+#ifdef _KERNEL
+extern u_int8_t hmac_ipad_buffer[64];
+extern u_int8_t hmac_opad_buffer[64];
+#endif /* _KERNEL */
+
+#endif /* _CRYPTO_CRYPTO_H_ */
diff --git a/sys/opencrypto/deflate.c b/sys/opencrypto/deflate.c
new file mode 100644
index 0000000..af13ee6
--- /dev/null
+++ b/sys/opencrypto/deflate.c
@@ -0,0 +1,189 @@
+/*	$FreeBSD$	*/
+/* $OpenBSD: deflate.c,v 1.3 2001/08/20 02:45:22 hugh Exp $ */
+
+/*
+ * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file contains a wrapper around the deflate algo compression
+ * functions using the zlib library (see net/zlib.{c,h})
+ */
+
+#include <sys/types.h>
+#include <sys/malloc.h>
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <net/zlib.h>
+
+#include <opencrypto/cryptodev.h>
+#include <opencrypto/deflate.h>
+
+int window_inflate = -1 * MAX_WBITS;
+int window_deflate = -12;
+
+/*
+ * This function takes a block of data and (de)compress it using the deflate
+ * algorithm
+ */
+
+u_int32_t
+deflate_global(data, size, decomp, out)
+	u_int8_t *data;
+	u_int32_t size;
+	int decomp;
+	u_int8_t **out;
+{
+	/* decomp indicates whether we compress (0) or decompress (1) */
+
+	z_stream zbuf;
+	u_int8_t *output;
+	u_int32_t count, result;
+	int error, i = 0, j;
+	struct deflate_buf buf[ZBUF];
+
+	bzero(&zbuf, sizeof(z_stream));
+	for (j = 0; j < ZBUF; j++)
+		buf[j].flag = 0;
+
+	zbuf.next_in = data;	/* data that is going to be processed */
+	zbuf.zalloc = z_alloc;
+	zbuf.zfree = z_free;
+	zbuf.opaque = Z_NULL;
+	zbuf.avail_in = size;	/* Total length of data to be processed */
+
+	if (!decomp) {
+		MALLOC(buf[i].out, u_int8_t *, (u_long) size, M_CRYPTO_DATA, 
+		    M_NOWAIT);
+		if (buf[i].out == NULL)
+			goto bad;
+		buf[i].size = size;
+		buf[i].flag = 1;
+		i++;
+	} else {
+		/*
+	 	 * Choose a buffer with 4x the size of the input buffer
+	 	 * for the size of the output buffer in the case of
+	 	 * decompression. If it's not sufficient, it will need to be
+	 	 * updated while the decompression is going on
+	 	 */
+
+		MALLOC(buf[i].out, u_int8_t *, (u_long) (size * 4), 
+		    M_CRYPTO_DATA, M_NOWAIT);
+		if (buf[i].out == NULL)
+			goto bad;
+		buf[i].size = size * 4;
+		buf[i].flag = 1;
+		i++;
+	}
+
+	zbuf.next_out = buf[0].out;
+	zbuf.avail_out = buf[0].size;
+
+	error = decomp ? inflateInit2(&zbuf, window_inflate) :
+	    deflateInit2(&zbuf, Z_DEFAULT_COMPRESSION, Z_METHOD,
+		    window_deflate, Z_MEMLEVEL, Z_DEFAULT_STRATEGY);
+
+	if (error != Z_OK)
+		goto bad;
+	for (;;) {
+		error = decomp ? inflate(&zbuf, Z_PARTIAL_FLUSH) :
+				 deflate(&zbuf, Z_PARTIAL_FLUSH);
+		if (error != Z_OK && error != Z_STREAM_END)
+			goto bad;
+		else if (zbuf.avail_in == 0 && zbuf.avail_out != 0)
+			goto end;
+		else if (zbuf.avail_out == 0 && i < (ZBUF - 1)) {
+			/* we need more output space, allocate size */
+			MALLOC(buf[i].out, u_int8_t *, (u_long) size,
+			    M_CRYPTO_DATA, M_NOWAIT);
+			if (buf[i].out == NULL)
+				goto bad;
+			zbuf.next_out = buf[i].out;
+			buf[i].size = size;
+			buf[i].flag = 1;
+			zbuf.avail_out = buf[i].size;
+			i++;
+		} else
+			goto bad;
+	}
+
+end:
+	result = count = zbuf.total_out;
+
+	MALLOC(*out, u_int8_t *, (u_long) result, M_CRYPTO_DATA, M_NOWAIT);
+	if (*out == NULL)
+		goto bad;
+	if (decomp)
+		inflateEnd(&zbuf);
+	else
+		deflateEnd(&zbuf);
+	output = *out;
+	for (j = 0; buf[j].flag != 0; j++) {
+		if (count > buf[j].size) {
+			bcopy(buf[j].out, *out, buf[j].size);
+			*out += buf[j].size;
+			FREE(buf[j].out, M_CRYPTO_DATA);
+			count -= buf[j].size;
+		} else {
+			/* it should be the last buffer */
+			bcopy(buf[j].out, *out, count);
+			*out += count;
+			FREE(buf[j].out, M_CRYPTO_DATA);
+			count = 0;
+		}
+	}
+	*out = output;
+	return result;
+
+bad:
+	*out = NULL;
+	for (j = 0; buf[j].flag != 0; j++)
+		FREE(buf[j].out, M_CRYPTO_DATA);
+	if (decomp)
+		inflateEnd(&zbuf);
+	else
+		deflateEnd(&zbuf);
+	return 0;
+}
+
+void *
+z_alloc(nil, type, size)
+	void *nil;
+	u_int type, size;
+{
+	void *ptr;
+
+	ptr = malloc(type *size, M_CRYPTO_DATA, M_NOWAIT);
+	return ptr;
+}
+
+void
+z_free(nil, ptr)
+	void *nil, *ptr;
+{
+	free(ptr, M_CRYPTO_DATA);
+}
diff --git a/sys/opencrypto/deflate.h b/sys/opencrypto/deflate.h
new file mode 100644
index 0000000..81a8be7
--- /dev/null
+++ b/sys/opencrypto/deflate.h
@@ -0,0 +1,56 @@
+/*	$FreeBSD$	*/
+/* $OpenBSD: deflate.h,v 1.3 2002/03/14 01:26:51 millert Exp $ */
+
+/*
+ * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Definition for the wrapper around the deflate compression 
+ * algorithm used in /sys/crypto
+ */
+
+#ifndef _CRYPTO_DEFLATE_H_
+#define _CRYPTO_DEFLATE_H_
+
+#include <net/zlib.h>
+
+#define Z_METHOD	8
+#define Z_MEMLEVEL	8
+#define MINCOMP		2	/* won't be used, but must be defined */
+#define ZBUF		10
+
+u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **);
+void *z_alloc(void *, u_int, u_int);
+void z_free(void *, void *);
+
+struct deflate_buf {
+	u_int8_t *out;
+	u_int32_t size;
+	int flag;
+};
+
+#endif /* _CRYPTO_DEFLATE_H_ */
diff --git a/sys/opencrypto/rijndael.c b/sys/opencrypto/rijndael.c
new file mode 100644
index 0000000..5d346d5
--- /dev/null
+++ b/sys/opencrypto/rijndael.c
@@ -0,0 +1,1244 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: rijndael.c,v 1.12 2002/07/10 17:53:54 deraadt Exp $ */
+
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+
+#include <opencrypto/rijndael.h>
+
+#define FULL_UNROLL
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+	0x01000000, 0x02000000, 0x04000000, 0x08000000,
+	0x10000000, 0x20000000, 0x40000000, 0x80000000,
+	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ *
+ * @return	the number of rounds for the given cipher key size.
+ */
+static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
+   	int i = 0;
+	u32 temp;
+
+	rk[0] = GETU32(cipherKey     );
+	rk[1] = GETU32(cipherKey +  4);
+	rk[2] = GETU32(cipherKey +  8);
+	rk[3] = GETU32(cipherKey + 12);
+	if (keyBits == 128) {
+		for (;;) {
+			temp  = rk[3];
+			rk[4] = rk[0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[5] = rk[1] ^ rk[4];
+			rk[6] = rk[2] ^ rk[5];
+			rk[7] = rk[3] ^ rk[6];
+			if (++i == 10) {
+				return 10;
+			}
+			rk += 4;
+		}
+	}
+	rk[4] = GETU32(cipherKey + 16);
+	rk[5] = GETU32(cipherKey + 20);
+	if (keyBits == 192) {
+		for (;;) {
+			temp = rk[ 5];
+			rk[ 6] = rk[ 0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[ 7] = rk[ 1] ^ rk[ 6];
+			rk[ 8] = rk[ 2] ^ rk[ 7];
+			rk[ 9] = rk[ 3] ^ rk[ 8];
+			if (++i == 8) {
+				return 12;
+			}
+			rk[10] = rk[ 4] ^ rk[ 9];
+			rk[11] = rk[ 5] ^ rk[10];
+			rk += 6;
+		}
+	}
+	rk[6] = GETU32(cipherKey + 24);
+	rk[7] = GETU32(cipherKey + 28);
+	if (keyBits == 256) {
+		for (;;) {
+			temp = rk[ 7];
+			rk[ 8] = rk[ 0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[ 9] = rk[ 1] ^ rk[ 8];
+			rk[10] = rk[ 2] ^ rk[ 9];
+			rk[11] = rk[ 3] ^ rk[10];
+				if (++i == 7) {
+					return 14;
+				}
+			temp = rk[11];
+			rk[12] = rk[ 4] ^
+				(Te4[(temp >> 24)       ] & 0xff000000) ^
+				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp      ) & 0xff] & 0x000000ff);
+			rk[13] = rk[ 5] ^ rk[12];
+			rk[14] = rk[ 6] ^ rk[13];
+		     	rk[15] = rk[ 7] ^ rk[14];
+			rk += 8;
+		}
+	}
+	return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ *
+ * @return	the number of rounds for the given cipher key size.
+ */
+static int
+rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits,
+    int have_encrypt) {
+	int Nr, i, j;
+	u32 temp;
+
+	if (have_encrypt) {
+		Nr = have_encrypt;
+	} else {
+		/* expand the cipher key: */
+		Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits);
+	}
+	/* invert the order of the round keys: */
+	for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) {
+		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+	}
+	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
+	for (i = 1; i < Nr; i++) {
+		rk += 4;
+		rk[0] =
+			Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+		rk[1] =
+			Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+		rk[2] =
+			Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+		rk[3] =
+			Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
+	}
+	return Nr;
+}
+
+static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) {
+	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    /*
+	 * map byte array block to cipher state
+	 * and add initial round key:
+	 */
+	s0 = GETU32(pt     ) ^ rk[0];
+	s1 = GETU32(pt +  4) ^ rk[1];
+	s2 = GETU32(pt +  8) ^ rk[2];
+	s3 = GETU32(pt + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+   	/* round 2: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+   	/* round 4: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+   	/* round 6: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+   	/* round 8: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (Nr > 10) {
+	/* round 10: */
+	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+	/* round 11: */
+	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+	if (Nr > 12) {
+	    /* round 12: */
+	    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+	    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+	    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+	    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+	    /* round 13: */
+	    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+	    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+	    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+	    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+	}
+    }
+    rk += Nr << 2;
+#else  /* !FULL_UNROLL */
+    /*
+	 * Nr - 1 full rounds:
+	 */
+    r = Nr >> 1;
+    for (;;) {
+	t0 =
+	    Te0[(s0 >> 24)       ] ^
+	    Te1[(s1 >> 16) & 0xff] ^
+	    Te2[(s2 >>  8) & 0xff] ^
+	    Te3[(s3      ) & 0xff] ^
+	    rk[4];
+	t1 =
+	    Te0[(s1 >> 24)       ] ^
+	    Te1[(s2 >> 16) & 0xff] ^
+	    Te2[(s3 >>  8) & 0xff] ^
+	    Te3[(s0      ) & 0xff] ^
+	    rk[5];
+	t2 =
+	    Te0[(s2 >> 24)       ] ^
+	    Te1[(s3 >> 16) & 0xff] ^
+	    Te2[(s0 >>  8) & 0xff] ^
+	    Te3[(s1      ) & 0xff] ^
+	    rk[6];
+	t3 =
+	    Te0[(s3 >> 24)       ] ^
+	    Te1[(s0 >> 16) & 0xff] ^
+	    Te2[(s1 >>  8) & 0xff] ^
+	    Te3[(s2      ) & 0xff] ^
+	    rk[7];
+
+	rk += 8;
+	if (--r == 0) {
+	    break;
+	}
+
+	s0 =
+	    Te0[(t0 >> 24)       ] ^
+	    Te1[(t1 >> 16) & 0xff] ^
+	    Te2[(t2 >>  8) & 0xff] ^
+	    Te3[(t3      ) & 0xff] ^
+	    rk[0];
+	s1 =
+	    Te0[(t1 >> 24)       ] ^
+	    Te1[(t2 >> 16) & 0xff] ^
+	    Te2[(t3 >>  8) & 0xff] ^
+	    Te3[(t0      ) & 0xff] ^
+	    rk[1];
+	s2 =
+	    Te0[(t2 >> 24)       ] ^
+	    Te1[(t3 >> 16) & 0xff] ^
+	    Te2[(t0 >>  8) & 0xff] ^
+	    Te3[(t1      ) & 0xff] ^
+	    rk[2];
+	s3 =
+	    Te0[(t3 >> 24)       ] ^
+	    Te1[(t0 >> 16) & 0xff] ^
+	    Te2[(t1 >>  8) & 0xff] ^
+	    Te3[(t2      ) & 0xff] ^
+	    rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+	 * apply last round and
+	 * map cipher state to byte array block:
+	 */
+	s0 =
+		(Te4[(t0 >> 24)       ] & 0xff000000) ^
+		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t3      ) & 0xff] & 0x000000ff) ^
+		rk[0];
+	PUTU32(ct     , s0);
+	s1 =
+		(Te4[(t1 >> 24)       ] & 0xff000000) ^
+		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t0      ) & 0xff] & 0x000000ff) ^
+		rk[1];
+	PUTU32(ct +  4, s1);
+	s2 =
+		(Te4[(t2 >> 24)       ] & 0xff000000) ^
+		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t1      ) & 0xff] & 0x000000ff) ^
+		rk[2];
+	PUTU32(ct +  8, s2);
+	s3 =
+		(Te4[(t3 >> 24)       ] & 0xff000000) ^
+		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t2      ) & 0xff] & 0x000000ff) ^
+		rk[3];
+	PUTU32(ct + 12, s3);
+}
+
+static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) {
+	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    /*
+	 * map byte array block to cipher state
+	 * and add initial round key:
+	 */
+    s0 = GETU32(ct     ) ^ rk[0];
+    s1 = GETU32(ct +  4) ^ rk[1];
+    s2 = GETU32(ct +  8) ^ rk[2];
+    s3 = GETU32(ct + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (Nr > 10) {
+	/* round 10: */
+	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+	/* round 11: */
+	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+	if (Nr > 12) {
+	    /* round 12: */
+	    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+	    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+	    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+	    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+	    /* round 13: */
+	    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+	    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+	    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+	    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+	}
+    }
+	rk += Nr << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = Nr >> 1;
+    for (;;) {
+	t0 =
+	    Td0[(s0 >> 24)       ] ^
+	    Td1[(s3 >> 16) & 0xff] ^
+	    Td2[(s2 >>  8) & 0xff] ^
+	    Td3[(s1      ) & 0xff] ^
+	    rk[4];
+	t1 =
+	    Td0[(s1 >> 24)       ] ^
+	    Td1[(s0 >> 16) & 0xff] ^
+	    Td2[(s3 >>  8) & 0xff] ^
+	    Td3[(s2      ) & 0xff] ^
+	    rk[5];
+	t2 =
+	    Td0[(s2 >> 24)       ] ^
+	    Td1[(s1 >> 16) & 0xff] ^
+	    Td2[(s0 >>  8) & 0xff] ^
+	    Td3[(s3      ) & 0xff] ^
+	    rk[6];
+	t3 =
+	    Td0[(s3 >> 24)       ] ^
+	    Td1[(s2 >> 16) & 0xff] ^
+	    Td2[(s1 >>  8) & 0xff] ^
+	    Td3[(s0      ) & 0xff] ^
+	    rk[7];
+
+	rk += 8;
+	if (--r == 0) {
+	    break;
+	}
+
+	s0 =
+	    Td0[(t0 >> 24)       ] ^
+	    Td1[(t3 >> 16) & 0xff] ^
+	    Td2[(t2 >>  8) & 0xff] ^
+	    Td3[(t1      ) & 0xff] ^
+	    rk[0];
+	s1 =
+	    Td0[(t1 >> 24)       ] ^
+	    Td1[(t0 >> 16) & 0xff] ^
+	    Td2[(t3 >>  8) & 0xff] ^
+	    Td3[(t2      ) & 0xff] ^
+	    rk[1];
+	s2 =
+	    Td0[(t2 >> 24)       ] ^
+	    Td1[(t1 >> 16) & 0xff] ^
+	    Td2[(t0 >>  8) & 0xff] ^
+	    Td3[(t3      ) & 0xff] ^
+	    rk[2];
+	s3 =
+	    Td0[(t3 >> 24)       ] ^
+	    Td1[(t2 >> 16) & 0xff] ^
+	    Td2[(t1 >>  8) & 0xff] ^
+	    Td3[(t0      ) & 0xff] ^
+	    rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+	 * apply last round and
+	 * map cipher state to byte array block:
+	 */
+   	s0 =
+   		(Td4[(t0 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
+   		rk[0];
+	PUTU32(pt     , s0);
+   	s1 =
+   		(Td4[(t1 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
+   		rk[1];
+	PUTU32(pt +  4, s1);
+   	s2 =
+   		(Td4[(t2 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
+   		rk[2];
+	PUTU32(pt +  8, s2);
+   	s3 =
+   		(Td4[(t3 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
+   		rk[3];
+	PUTU32(pt + 12, s3);
+}
+
+void
+rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
+{
+	ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
+	if (encrypt) {
+		ctx->decrypt = 0;
+		memset(ctx->dk, 0, sizeof(ctx->dk));
+	} else {
+		ctx->decrypt = 1;
+		memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk));
+		rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
+	}
+}
+
+void
+rijndael_decrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
+{
+	rijndaelDecrypt(ctx->dk, ctx->Nr, src, dst);
+}
+
+void
+rijndael_encrypt(rijndael_ctx *ctx, u_char *src, u_char *dst)
+{
+	rijndaelEncrypt(ctx->ek, ctx->Nr, src, dst);
+}
diff --git a/sys/opencrypto/rijndael.h b/sys/opencrypto/rijndael.h
new file mode 100644
index 0000000..5c530e1
--- /dev/null
+++ b/sys/opencrypto/rijndael.h
@@ -0,0 +1,52 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: rijndael.h,v 1.7 2001/12/19 17:42:24 markus Exp $ */
+
+/**
+ * rijndael-alg-fst.h
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef __RIJNDAEL_H
+#define __RIJNDAEL_H
+
+#define MAXKC	(256/32)
+#define MAXKB	(256/8)
+#define MAXNR	14
+
+typedef unsigned char	u8;
+typedef unsigned short	u16;
+typedef unsigned int	u32;
+
+/*  The structure for key information */
+typedef struct {
+	int	decrypt;
+	int	Nr;			/* key-length-dependent number of rounds */
+	u32	ek[4*(MAXNR + 1)];	/* encrypt key schedule */
+	u32	dk[4*(MAXNR + 1)];	/* decrypt key schedule */
+} rijndael_ctx;
+
+void	 rijndael_set_key(rijndael_ctx *, u_char *, int, int);
+void	 rijndael_decrypt(rijndael_ctx *, u_char *, u_char *);
+void	 rijndael_encrypt(rijndael_ctx *, u_char *, u_char *);
+
+#endif /* __RIJNDAEL_H */
diff --git a/sys/opencrypto/rmd160.c b/sys/opencrypto/rmd160.c
new file mode 100644
index 0000000..39268e2
--- /dev/null
+++ b/sys/opencrypto/rmd160.c
@@ -0,0 +1,363 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: rmd160.c,v 1.3 2001/09/26 21:40:13 markus Exp $	*/
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ */
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/endian.h>
+#include <opencrypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+	(cp)[7] = (value) >> 56; \
+	(cp)[6] = (value) >> 48; \
+	(cp)[5] = (value) >> 40; \
+	(cp)[4] = (value) >> 32; \
+	(cp)[3] = (value) >> 24; \
+	(cp)[2] = (value) >> 16; \
+	(cp)[1] = (value) >> 8; \
+	(cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+	(cp)[3] = (value) >> 24; \
+	(cp)[2] = (value) >> 16; \
+	(cp)[1] = (value) >> 8; \
+	(cp)[0] = (value); } while (0)
+
+#define	H0	0x67452301U
+#define	H1	0xEFCDAB89U
+#define	H2	0x98BADCFEU
+#define	H3	0x10325476U
+#define	H4	0xC3D2E1F0U
+
+#define	K0	0x00000000U
+#define	K1	0x5A827999U
+#define	K2	0x6ED9EBA1U
+#define	K3	0x8F1BBCDCU
+#define	K4	0xA953FD4EU
+
+#define	KK0	0x50A28BE6U
+#define	KK1	0x5C4DD124U
+#define	KK2	0x6D703EF3U
+#define	KK3	0x7A6D76E9U
+#define	KK4	0x00000000U
+
+/* rotate x left n bits.  */
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define F2(x, y, z) (((x) | (~y)) ^ (z))
+#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define F4(x, y, z) ((x) ^ ((y) | (~z)))
+
+#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
+	do { \
+		a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
+		c = ROL(10, c); \
+	} while(0)
+
+#define X(i)	x[i]
+
+static u_char PADDING[64] = {
+	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+void
+RMD160Init(RMD160_CTX *ctx)
+{
+	ctx->count = 0;
+	ctx->state[0] = H0;
+	ctx->state[1] = H1;
+	ctx->state[2] = H2;
+	ctx->state[3] = H3;
+	ctx->state[4] = H4;
+}
+
+void
+RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
+{
+	u_int32_t have, off, need;
+
+	have = (ctx->count/8) % 64;
+	need = 64 - have;
+	ctx->count += 8 * len;
+	off = 0;
+
+	if (len >= need) {
+		if (have) {
+			memcpy(ctx->buffer + have, input, need);
+			RMD160Transform(ctx->state, ctx->buffer);
+			off = need;
+			have = 0;
+		}
+		/* now the buffer is empty */
+		while (off + 64 <= len) {
+			RMD160Transform(ctx->state, input+off);
+			off += 64;
+		}
+	}
+	if (off < len)
+		memcpy(ctx->buffer + have, input+off, len-off);
+}
+
+void
+RMD160Final(u_char digest[20], RMD160_CTX *ctx)
+{
+	int i;
+	u_char size[8];
+	u_int32_t padlen;
+
+	PUT_64BIT_LE(size, ctx->count);
+
+	/*
+	 * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
+	 * for the size
+	 */
+	padlen = 64 - ((ctx->count/8) % 64);
+	if (padlen < 1 + 8)
+		padlen += 64;
+	RMD160Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
+	RMD160Update(ctx, size, 8);
+
+	if (digest != NULL)
+		for (i = 0; i < 5; i++)
+			PUT_32BIT_LE(digest + i*4, ctx->state[i]);
+
+	memset(ctx, 0, sizeof (*ctx));
+}
+
+void
+RMD160Transform(u_int32_t state[5], const u_char block[64])
+{
+	u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+	memcpy(x, block, 64);
+#else
+	int i;
+
+	for (i = 0; i < 16; i++)
+		x[i] = bswap32(*(const u_int32_t*)(block+i*4));
+#endif
+
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+	e = state[4];
+
+	/* Round 1 */
+	R(a, b, c, d, e, F0, K0, 11,  0);
+	R(e, a, b, c, d, F0, K0, 14,  1);
+	R(d, e, a, b, c, F0, K0, 15,  2);
+	R(c, d, e, a, b, F0, K0, 12,  3);
+	R(b, c, d, e, a, F0, K0,  5,  4);
+	R(a, b, c, d, e, F0, K0,  8,  5);
+	R(e, a, b, c, d, F0, K0,  7,  6);
+	R(d, e, a, b, c, F0, K0,  9,  7);
+	R(c, d, e, a, b, F0, K0, 11,  8);
+	R(b, c, d, e, a, F0, K0, 13,  9);
+	R(a, b, c, d, e, F0, K0, 14, 10);
+	R(e, a, b, c, d, F0, K0, 15, 11);
+	R(d, e, a, b, c, F0, K0,  6, 12);
+	R(c, d, e, a, b, F0, K0,  7, 13);
+	R(b, c, d, e, a, F0, K0,  9, 14);
+	R(a, b, c, d, e, F0, K0,  8, 15); /* #15 */
+	/* Round 2 */
+	R(e, a, b, c, d, F1, K1,  7,  7);
+	R(d, e, a, b, c, F1, K1,  6,  4);
+	R(c, d, e, a, b, F1, K1,  8, 13);
+	R(b, c, d, e, a, F1, K1, 13,  1);
+	R(a, b, c, d, e, F1, K1, 11, 10);
+	R(e, a, b, c, d, F1, K1,  9,  6);
+	R(d, e, a, b, c, F1, K1,  7, 15);
+	R(c, d, e, a, b, F1, K1, 15,  3);
+	R(b, c, d, e, a, F1, K1,  7, 12);
+	R(a, b, c, d, e, F1, K1, 12,  0);
+	R(e, a, b, c, d, F1, K1, 15,  9);
+	R(d, e, a, b, c, F1, K1,  9,  5);
+	R(c, d, e, a, b, F1, K1, 11,  2);
+	R(b, c, d, e, a, F1, K1,  7, 14);
+	R(a, b, c, d, e, F1, K1, 13, 11);
+	R(e, a, b, c, d, F1, K1, 12,  8); /* #31 */
+	/* Round 3 */
+	R(d, e, a, b, c, F2, K2, 11,  3);
+	R(c, d, e, a, b, F2, K2, 13, 10);
+	R(b, c, d, e, a, F2, K2,  6, 14);
+	R(a, b, c, d, e, F2, K2,  7,  4);
+	R(e, a, b, c, d, F2, K2, 14,  9);
+	R(d, e, a, b, c, F2, K2,  9, 15);
+	R(c, d, e, a, b, F2, K2, 13,  8);
+	R(b, c, d, e, a, F2, K2, 15,  1);
+	R(a, b, c, d, e, F2, K2, 14,  2);
+	R(e, a, b, c, d, F2, K2,  8,  7);
+	R(d, e, a, b, c, F2, K2, 13,  0);
+	R(c, d, e, a, b, F2, K2,  6,  6);
+	R(b, c, d, e, a, F2, K2,  5, 13);
+	R(a, b, c, d, e, F2, K2, 12, 11);
+	R(e, a, b, c, d, F2, K2,  7,  5);
+	R(d, e, a, b, c, F2, K2,  5, 12); /* #47 */
+	/* Round 4 */
+	R(c, d, e, a, b, F3, K3, 11,  1);
+	R(b, c, d, e, a, F3, K3, 12,  9);
+	R(a, b, c, d, e, F3, K3, 14, 11);
+	R(e, a, b, c, d, F3, K3, 15, 10);
+	R(d, e, a, b, c, F3, K3, 14,  0);
+	R(c, d, e, a, b, F3, K3, 15,  8);
+	R(b, c, d, e, a, F3, K3,  9, 12);
+	R(a, b, c, d, e, F3, K3,  8,  4);
+	R(e, a, b, c, d, F3, K3,  9, 13);
+	R(d, e, a, b, c, F3, K3, 14,  3);
+	R(c, d, e, a, b, F3, K3,  5,  7);
+	R(b, c, d, e, a, F3, K3,  6, 15);
+	R(a, b, c, d, e, F3, K3,  8, 14);
+	R(e, a, b, c, d, F3, K3,  6,  5);
+	R(d, e, a, b, c, F3, K3,  5,  6);
+	R(c, d, e, a, b, F3, K3, 12,  2); /* #63 */
+	/* Round 5 */
+	R(b, c, d, e, a, F4, K4,  9,  4);
+	R(a, b, c, d, e, F4, K4, 15,  0);
+	R(e, a, b, c, d, F4, K4,  5,  5);
+	R(d, e, a, b, c, F4, K4, 11,  9);
+	R(c, d, e, a, b, F4, K4,  6,  7);
+	R(b, c, d, e, a, F4, K4,  8, 12);
+	R(a, b, c, d, e, F4, K4, 13,  2);
+	R(e, a, b, c, d, F4, K4, 12, 10);
+	R(d, e, a, b, c, F4, K4,  5, 14);
+	R(c, d, e, a, b, F4, K4, 12,  1);
+	R(b, c, d, e, a, F4, K4, 13,  3);
+	R(a, b, c, d, e, F4, K4, 14,  8);
+	R(e, a, b, c, d, F4, K4, 11, 11);
+	R(d, e, a, b, c, F4, K4,  8,  6);
+	R(c, d, e, a, b, F4, K4,  5, 15);
+	R(b, c, d, e, a, F4, K4,  6, 13); /* #79 */
+
+	aa = a ; bb = b; cc = c; dd = d; ee = e;
+
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+	e = state[4];
+
+	/* Parallel round 1 */
+	R(a, b, c, d, e, F4, KK0,  8,  5);
+	R(e, a, b, c, d, F4, KK0,  9, 14);
+	R(d, e, a, b, c, F4, KK0,  9,  7);
+	R(c, d, e, a, b, F4, KK0, 11,  0);
+	R(b, c, d, e, a, F4, KK0, 13,  9);
+	R(a, b, c, d, e, F4, KK0, 15,  2);
+	R(e, a, b, c, d, F4, KK0, 15, 11);
+	R(d, e, a, b, c, F4, KK0,  5,  4);
+	R(c, d, e, a, b, F4, KK0,  7, 13);
+	R(b, c, d, e, a, F4, KK0,  7,  6);
+	R(a, b, c, d, e, F4, KK0,  8, 15);
+	R(e, a, b, c, d, F4, KK0, 11,  8);
+	R(d, e, a, b, c, F4, KK0, 14,  1);
+	R(c, d, e, a, b, F4, KK0, 14, 10);
+	R(b, c, d, e, a, F4, KK0, 12,  3);
+	R(a, b, c, d, e, F4, KK0,  6, 12); /* #15 */
+	/* Parallel round 2 */
+	R(e, a, b, c, d, F3, KK1,  9,  6);
+	R(d, e, a, b, c, F3, KK1, 13, 11);
+	R(c, d, e, a, b, F3, KK1, 15,  3);
+	R(b, c, d, e, a, F3, KK1,  7,  7);
+	R(a, b, c, d, e, F3, KK1, 12,  0);
+	R(e, a, b, c, d, F3, KK1,  8, 13);
+	R(d, e, a, b, c, F3, KK1,  9,  5);
+	R(c, d, e, a, b, F3, KK1, 11, 10);
+	R(b, c, d, e, a, F3, KK1,  7, 14);
+	R(a, b, c, d, e, F3, KK1,  7, 15);
+	R(e, a, b, c, d, F3, KK1, 12,  8);
+	R(d, e, a, b, c, F3, KK1,  7, 12);
+	R(c, d, e, a, b, F3, KK1,  6,  4);
+	R(b, c, d, e, a, F3, KK1, 15,  9);
+	R(a, b, c, d, e, F3, KK1, 13,  1);
+	R(e, a, b, c, d, F3, KK1, 11,  2); /* #31 */
+	/* Parallel round 3 */
+	R(d, e, a, b, c, F2, KK2,  9, 15);
+	R(c, d, e, a, b, F2, KK2,  7,  5);
+	R(b, c, d, e, a, F2, KK2, 15,  1);
+	R(a, b, c, d, e, F2, KK2, 11,  3);
+	R(e, a, b, c, d, F2, KK2,  8,  7);
+	R(d, e, a, b, c, F2, KK2,  6, 14);
+	R(c, d, e, a, b, F2, KK2,  6,  6);
+	R(b, c, d, e, a, F2, KK2, 14,  9);
+	R(a, b, c, d, e, F2, KK2, 12, 11);
+	R(e, a, b, c, d, F2, KK2, 13,  8);
+	R(d, e, a, b, c, F2, KK2,  5, 12);
+	R(c, d, e, a, b, F2, KK2, 14,  2);
+	R(b, c, d, e, a, F2, KK2, 13, 10);
+	R(a, b, c, d, e, F2, KK2, 13,  0);
+	R(e, a, b, c, d, F2, KK2,  7,  4);
+	R(d, e, a, b, c, F2, KK2,  5, 13); /* #47 */
+	/* Parallel round 4 */
+	R(c, d, e, a, b, F1, KK3, 15,  8);
+	R(b, c, d, e, a, F1, KK3,  5,  6);
+	R(a, b, c, d, e, F1, KK3,  8,  4);
+	R(e, a, b, c, d, F1, KK3, 11,  1);
+	R(d, e, a, b, c, F1, KK3, 14,  3);
+	R(c, d, e, a, b, F1, KK3, 14, 11);
+	R(b, c, d, e, a, F1, KK3,  6, 15);
+	R(a, b, c, d, e, F1, KK3, 14,  0);
+	R(e, a, b, c, d, F1, KK3,  6,  5);
+	R(d, e, a, b, c, F1, KK3,  9, 12);
+	R(c, d, e, a, b, F1, KK3, 12,  2);
+	R(b, c, d, e, a, F1, KK3,  9, 13);
+	R(a, b, c, d, e, F1, KK3, 12,  9);
+	R(e, a, b, c, d, F1, KK3,  5,  7);
+	R(d, e, a, b, c, F1, KK3, 15, 10);
+	R(c, d, e, a, b, F1, KK3,  8, 14); /* #63 */
+	/* Parallel round 5 */
+	R(b, c, d, e, a, F0, KK4,  8, 12);
+	R(a, b, c, d, e, F0, KK4,  5, 15);
+	R(e, a, b, c, d, F0, KK4, 12, 10);
+	R(d, e, a, b, c, F0, KK4,  9,  4);
+	R(c, d, e, a, b, F0, KK4, 12,  1);
+	R(b, c, d, e, a, F0, KK4,  5,  5);
+	R(a, b, c, d, e, F0, KK4, 14,  8);
+	R(e, a, b, c, d, F0, KK4,  6,  7);
+	R(d, e, a, b, c, F0, KK4,  8,  6);
+	R(c, d, e, a, b, F0, KK4, 13,  2);
+	R(b, c, d, e, a, F0, KK4,  6, 13);
+	R(a, b, c, d, e, F0, KK4,  5, 14);
+	R(e, a, b, c, d, F0, KK4, 15,  0);
+	R(d, e, a, b, c, F0, KK4, 13,  3);
+	R(c, d, e, a, b, F0, KK4, 11,  9);
+	R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
+
+	t =        state[1] + cc + d;
+	state[1] = state[2] + dd + e;
+	state[2] = state[3] + ee + a;
+	state[3] = state[4] + aa + b;
+	state[4] = state[0] + bb + c;
+	state[0] = t;
+}
diff --git a/sys/opencrypto/rmd160.h b/sys/opencrypto/rmd160.h
new file mode 100644
index 0000000..604b0c9
--- /dev/null
+++ b/sys/opencrypto/rmd160.h
@@ -0,0 +1,41 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: rmd160.h,v 1.3 2002/03/14 01:26:51 millert Exp $	*/
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef  _RMD160_H
+#define  _RMD160_H
+
+/* RMD160 context. */
+typedef struct RMD160Context {
+	u_int32_t state[5];	/* state */
+	u_int64_t count;	/* number of bits, modulo 2^64 */
+	u_char buffer[64];	/* input buffer */
+} RMD160_CTX;
+
+void	 RMD160Init(RMD160_CTX *);
+void	 RMD160Transform(u_int32_t [5], const u_char [64]);
+void	 RMD160Update(RMD160_CTX *, const u_char *, u_int32_t);
+void	 RMD160Final(u_char [20], RMD160_CTX *);
+
+#endif  /* _RMD160_H */
diff --git a/sys/opencrypto/skipjack.c b/sys/opencrypto/skipjack.c
new file mode 100644
index 0000000..8ba0a42
--- /dev/null
+++ b/sys/opencrypto/skipjack.c
@@ -0,0 +1,258 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: skipjack.c,v 1.3 2001/05/05 00:31:34 angelos Exp $	*/
+
+/* 
+ * Further optimized test implementation of SKIPJACK algorithm 
+ * Mark Tillotson <markt@chaos.org.uk>, 25 June 98
+ * Optimizations suit RISC (lots of registers) machine best.
+ *
+ * based on unoptimized implementation of
+ * Panu Rissanen <bande@lut.fi> 960624
+ *
+ * SKIPJACK and KEA Algorithm Specifications 
+ * Version 2.0 
+ * 29 May 1998
+*/
+
+#include <sys/param.h>
+
+#include <opencrypto/skipjack.h>
+
+static const u_int8_t ftable[0x100] =
+{ 
+	0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4, 
+	0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9, 
+	0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e, 
+	0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28, 
+	0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68, 
+	0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53, 
+	0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19, 
+	0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2, 
+	0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b, 
+	0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8, 
+	0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0, 
+	0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90, 
+	0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69, 
+	0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76, 
+	0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20, 
+	0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d, 
+	0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43, 
+	0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18, 
+	0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa, 
+	0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4, 
+	0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87, 
+	0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40, 
+	0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b, 
+	0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5, 
+	0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0, 
+	0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2, 
+	0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1, 
+	0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8, 
+	0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5, 
+	0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac, 
+	0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3, 
+	0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
+};
+
+/*
+ * For each key byte generate a table to represent the function 
+ *    ftable [in ^ keybyte]
+ *
+ * These tables used to save an XOR in each stage of the G-function
+ * the tables are hopefully pointed to by register allocated variables
+ * k0, k1..k9
+ */
+void
+subkey_table_gen (u_int8_t *key, u_int8_t **key_tables)
+{
+	int i, k;
+
+	for (k = 0; k < 10; k++) {
+		u_int8_t   key_byte = key [k];
+		u_int8_t * table = key_tables[k];
+		for (i = 0; i < 0x100; i++)
+			table [i] = ftable [i ^ key_byte];
+	}
+}
+
+
+#define g(k0, k1, k2, k3, ih, il, oh, ol) \
+{ \
+	oh = k##k0 [il] ^ ih; \
+	ol = k##k1 [oh] ^ il; \
+	oh = k##k2 [ol] ^ oh; \
+	ol = k##k3 [oh] ^ ol; \
+}
+
+#define g0(ih, il, oh, ol) g(0, 1, 2, 3, ih, il, oh, ol)
+#define g4(ih, il, oh, ol) g(4, 5, 6, 7, ih, il, oh, ol)
+#define g8(ih, il, oh, ol) g(8, 9, 0, 1, ih, il, oh, ol)
+#define g2(ih, il, oh, ol) g(2, 3, 4, 5, ih, il, oh, ol)
+#define g6(ih, il, oh, ol) g(6, 7, 8, 9, ih, il, oh, ol)
+
+ 
+#define g_inv(k0, k1, k2, k3, ih, il, oh, ol) \
+{ \
+	ol = k##k3 [ih] ^ il; \
+	oh = k##k2 [ol] ^ ih; \
+	ol = k##k1 [oh] ^ ol; \
+	oh = k##k0 [ol] ^ oh; \
+}
+
+
+#define g0_inv(ih, il, oh, ol) g_inv(0, 1, 2, 3, ih, il, oh, ol)
+#define g4_inv(ih, il, oh, ol) g_inv(4, 5, 6, 7, ih, il, oh, ol)
+#define g8_inv(ih, il, oh, ol) g_inv(8, 9, 0, 1, ih, il, oh, ol)
+#define g2_inv(ih, il, oh, ol) g_inv(2, 3, 4, 5, ih, il, oh, ol)
+#define g6_inv(ih, il, oh, ol) g_inv(6, 7, 8, 9, ih, il, oh, ol)
+
+/* optimized version of Skipjack algorithm
+ *
+ * the appropriate g-function is inlined for each round
+ *
+ * the data movement is minimized by rotating the names of the 
+ * variables w1..w4, not their contents (saves 3 moves per round)
+ *
+ * the loops are completely unrolled (needed to staticize choice of g)
+ *
+ * compiles to about 470 instructions on a Sparc (gcc -O)
+ * which is about 58 instructions per byte, 14 per round.
+ * gcc seems to leave in some unnecessary and with 0xFF operations
+ * but only in the latter part of the functions.  Perhaps it
+ * runs out of resources to properly optimize long inlined function?
+ * in theory should get about 11 instructions per round, not 14
+ */
+
+void
+skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key_tables)
+{
+	u_int8_t wh1 = plain[0];  u_int8_t wl1 = plain[1];
+	u_int8_t wh2 = plain[2];  u_int8_t wl2 = plain[3];
+	u_int8_t wh3 = plain[4];  u_int8_t wl3 = plain[5];
+	u_int8_t wh4 = plain[6];  u_int8_t wl4 = plain[7];
+
+	u_int8_t * k0 = key_tables [0];
+	u_int8_t * k1 = key_tables [1];
+	u_int8_t * k2 = key_tables [2];
+	u_int8_t * k3 = key_tables [3];
+	u_int8_t * k4 = key_tables [4];
+	u_int8_t * k5 = key_tables [5];
+	u_int8_t * k6 = key_tables [6];
+	u_int8_t * k7 = key_tables [7];
+	u_int8_t * k8 = key_tables [8];
+	u_int8_t * k9 = key_tables [9];
+
+	/* first 8 rounds */
+	g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 1; wh4 ^= wh1;
+	g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 2; wh3 ^= wh4;
+	g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 3; wh2 ^= wh3;
+	g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 4; wh1 ^= wh2;
+	g6 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 5; wh4 ^= wh1;
+	g0 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 6; wh3 ^= wh4;
+	g4 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 7; wh2 ^= wh3;
+	g8 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 8; wh1 ^= wh2;
+
+	/* second 8 rounds */
+	wh2 ^= wh1; wl2 ^= wl1 ^ 9 ; g2 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 10; g6 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 11; g0 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 12; g4 (wh2,wl2, wh2,wl2);
+	wh2 ^= wh1; wl2 ^= wl1 ^ 13; g8 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 14; g2 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 15; g6 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 16; g0 (wh2,wl2, wh2,wl2);
+
+	/* third 8 rounds */
+	g4 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 17; wh4 ^= wh1;
+	g8 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 18; wh3 ^= wh4;
+	g2 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 19; wh2 ^= wh3;
+	g6 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 20; wh1 ^= wh2;
+	g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 21; wh4 ^= wh1;
+	g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 22; wh3 ^= wh4;
+	g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 23; wh2 ^= wh3;
+	g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 24; wh1 ^= wh2;
+
+	/* last 8 rounds */
+	wh2 ^= wh1; wl2 ^= wl1 ^ 25; g6 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 26; g0 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 27; g4 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 28; g8 (wh2,wl2, wh2,wl2);
+	wh2 ^= wh1; wl2 ^= wl1 ^ 29; g2 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 30; g6 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 31; g0 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 32; g4 (wh2,wl2, wh2,wl2);
+
+	/* pack into byte vector */
+	cipher [0] = wh1;  cipher [1] = wl1;
+	cipher [2] = wh2;  cipher [3] = wl2;
+	cipher [4] = wh3;  cipher [5] = wl3;
+	cipher [6] = wh4;  cipher [7] = wl4;
+}
+
+
+void
+skipjack_backwards (u_int8_t *cipher, u_int8_t *plain, u_int8_t **key_tables)
+{
+	/* setup 4 16-bit portions */
+	u_int8_t wh1 = cipher[0];  u_int8_t wl1 = cipher[1];
+	u_int8_t wh2 = cipher[2];  u_int8_t wl2 = cipher[3];
+	u_int8_t wh3 = cipher[4];  u_int8_t wl3 = cipher[5];
+	u_int8_t wh4 = cipher[6];  u_int8_t wl4 = cipher[7];
+
+	u_int8_t * k0 = key_tables [0];
+	u_int8_t * k1 = key_tables [1];
+	u_int8_t * k2 = key_tables [2];
+	u_int8_t * k3 = key_tables [3];
+	u_int8_t * k4 = key_tables [4];
+	u_int8_t * k5 = key_tables [5];
+	u_int8_t * k6 = key_tables [6];
+	u_int8_t * k7 = key_tables [7];
+	u_int8_t * k8 = key_tables [8];
+	u_int8_t * k9 = key_tables [9];
+
+	/* first 8 rounds */
+	g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 32; wh3 ^= wh2;
+	g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 31; wh4 ^= wh3;
+	g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 30; wh1 ^= wh4;
+	g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 29; wh2 ^= wh1;
+	g8_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 28; wh3 ^= wh2;
+	g4_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 27; wh4 ^= wh3;
+	g0_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 26; wh1 ^= wh4;
+	g6_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 25; wh2 ^= wh1;
+
+	/* second 8 rounds */
+	wh1 ^= wh2; wl1 ^= wl2 ^ 24; g2_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 23; g8_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 22; g4_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 21; g0_inv (wh1,wl1, wh1,wl1);
+	wh1 ^= wh2; wl1 ^= wl2 ^ 20; g6_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 19; g2_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 18; g8_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 17; g4_inv (wh1,wl1, wh1,wl1);
+
+	/* third 8 rounds */
+	g0_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 16; wh3 ^= wh2;
+	g6_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 15; wh4 ^= wh3;
+	g2_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 14; wh1 ^= wh4;
+	g8_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 13; wh2 ^= wh1;
+	g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 12; wh3 ^= wh2;
+	g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 11; wh4 ^= wh3;
+	g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 10; wh1 ^= wh4;
+	g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 9;  wh2 ^= wh1;
+
+	/* last 8 rounds */
+	wh1 ^= wh2; wl1 ^= wl2 ^ 8; g8_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 7; g4_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 6; g0_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 5; g6_inv (wh1,wl1, wh1,wl1);
+	wh1 ^= wh2; wl1 ^= wl2 ^ 4; g2_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 3; g8_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 2; g4_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 1; g0_inv (wh1,wl1, wh1,wl1);
+
+	/* pack into byte vector */
+	plain [0] = wh1;  plain [1] = wl1;
+	plain [2] = wh2;  plain [3] = wl2;
+	plain [4] = wh3;  plain [5] = wl3;
+	plain [6] = wh4;  plain [7] = wl4;
+}
diff --git a/sys/opencrypto/skipjack.h b/sys/opencrypto/skipjack.h
new file mode 100644
index 0000000..70df788
--- /dev/null
+++ b/sys/opencrypto/skipjack.h
@@ -0,0 +1,19 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: skipjack.h,v 1.3 2002/03/14 01:26:51 millert Exp $	*/
+
+/* 
+ * Further optimized test implementation of SKIPJACK algorithm 
+ * Mark Tillotson <markt@chaos.org.uk>, 25 June 98
+ * Optimizations suit RISC (lots of registers) machine best.
+ *
+ * based on unoptimized implementation of
+ * Panu Rissanen <bande@lut.fi> 960624
+ *
+ * SKIPJACK and KEA Algorithm Specifications 
+ * Version 2.0 
+ * 29 May 1998
+*/
+
+extern void skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key);
+extern void skipjack_backwards(u_int8_t *cipher, u_int8_t *plain, u_int8_t **key);
+extern void subkey_table_gen(u_int8_t *key, u_int8_t **key_tables);
diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c
new file mode 100644
index 0000000..f3bac85
--- /dev/null
+++ b/sys/opencrypto/xform.c
@@ -0,0 +1,629 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $	*/
+/*
+ * The authors of this code are John Ioannidis (ji@tla.org),
+ * Angelos D. Keromytis (kermit@csd.uch.gr) and
+ * Niels Provos (provos@physnet.uni-hamburg.de).
+ *
+ * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
+ * in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis.
+ *
+ * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
+ * and Niels Provos.
+ *
+ * Additional features in 1999 by Angelos D. Keromytis.
+ *
+ * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
+ * Angelos D. Keromytis and Niels Provos.
+ *
+ * Copyright (C) 2001, Angelos D. Keromytis.
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ * You may use this code under the GNU public license if you so wish. Please
+ * contribute changes back to the authors under this freer than GPL license
+ * so that we may further the use of strong encryption without limitations to
+ * all.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/malloc.h>
+#include <sys/sysctl.h>
+#include <sys/errno.h>
+#include <sys/time.h>
+#include <sys/kernel.h>
+#include <machine/cpu.h>
+
+#include <crypto/blowfish/blowfish.h>
+#include <crypto/des/des.h>
+#include <crypto/sha1.h>
+
+#include <opencrypto/cast.h>
+#include <opencrypto/deflate.h>
+#include <opencrypto/rijndael.h>
+#include <opencrypto/rmd160.h>
+#include <opencrypto/skipjack.h>
+
+#include <sys/md5.h>
+
+#include <opencrypto/cryptodev.h>
+#include <opencrypto/xform.h>
+
+static void null_encrypt(caddr_t, u_int8_t *);
+static void null_decrypt(caddr_t, u_int8_t *);
+static int null_setkey(u_int8_t **, u_int8_t *, int);
+static void null_zerokey(u_int8_t **);
+
+static	int des1_setkey(u_int8_t **, u_int8_t *, int);
+static	int des3_setkey(u_int8_t **, u_int8_t *, int);
+static	int blf_setkey(u_int8_t **, u_int8_t *, int);
+static	int cast5_setkey(u_int8_t **, u_int8_t *, int);
+static	int skipjack_setkey(u_int8_t **, u_int8_t *, int);
+static	int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
+static	void des1_encrypt(caddr_t, u_int8_t *);
+static	void des3_encrypt(caddr_t, u_int8_t *);
+static	void blf_encrypt(caddr_t, u_int8_t *);
+static	void cast5_encrypt(caddr_t, u_int8_t *);
+static	void skipjack_encrypt(caddr_t, u_int8_t *);
+static	void rijndael128_encrypt(caddr_t, u_int8_t *);
+static	void des1_decrypt(caddr_t, u_int8_t *);
+static	void des3_decrypt(caddr_t, u_int8_t *);
+static	void blf_decrypt(caddr_t, u_int8_t *);
+static	void cast5_decrypt(caddr_t, u_int8_t *);
+static	void skipjack_decrypt(caddr_t, u_int8_t *);
+static	void rijndael128_decrypt(caddr_t, u_int8_t *);
+static	void des1_zerokey(u_int8_t **);
+static	void des3_zerokey(u_int8_t **);
+static	void blf_zerokey(u_int8_t **);
+static	void cast5_zerokey(u_int8_t **);
+static	void skipjack_zerokey(u_int8_t **);
+static	void rijndael128_zerokey(u_int8_t **);
+
+static	void null_init(void *);
+static	int null_update(void *, u_int8_t *, u_int16_t);
+static	void null_final(u_int8_t *, void *);
+static	int MD5Update_int(void *, u_int8_t *, u_int16_t);
+static	void SHA1Init_int(void *);
+static	int SHA1Update_int(void *, u_int8_t *, u_int16_t);
+static	void SHA1Final_int(u_int8_t *, void *);
+static	int RMD160Update_int(void *, u_int8_t *, u_int16_t);
+static	int SHA256Update_int(void *, u_int8_t *, u_int16_t);
+static	int SHA384Update_int(void *, u_int8_t *, u_int16_t);
+static	int SHA512Update_int(void *, u_int8_t *, u_int16_t);
+
+static	u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
+static	u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
+
+MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
+
+/* Encryption instances */
+struct enc_xform enc_xform_null = {
+	CRYPTO_NULL_CBC, "NULL",
+	/* NB: blocksize of 4 is to generate a properly aligned ESP header */
+	4, 0, 256, /* 2048 bits, max key */
+	null_encrypt,
+	null_decrypt,
+	null_setkey,
+	null_zerokey,
+};
+
+struct enc_xform enc_xform_des = {
+	CRYPTO_DES_CBC, "DES",
+	8, 8, 8,
+	des1_encrypt,
+	des1_decrypt,
+	des1_setkey,
+	des1_zerokey,
+};
+
+struct enc_xform enc_xform_3des = {
+	CRYPTO_3DES_CBC, "3DES",
+	8, 24, 24,
+	des3_encrypt,
+	des3_decrypt,
+	des3_setkey,
+	des3_zerokey
+};
+
+struct enc_xform enc_xform_blf = {
+	CRYPTO_BLF_CBC, "Blowfish",
+	8, 5, 56 /* 448 bits, max key */,
+	blf_encrypt,
+	blf_decrypt,
+	blf_setkey,
+	blf_zerokey
+};
+
+struct enc_xform enc_xform_cast5 = {
+	CRYPTO_CAST_CBC, "CAST-128",
+	8, 5, 16,
+	cast5_encrypt,
+	cast5_decrypt,
+	cast5_setkey,
+	cast5_zerokey
+};
+
+struct enc_xform enc_xform_skipjack = {
+	CRYPTO_SKIPJACK_CBC, "Skipjack",
+	8, 10, 10,
+	skipjack_encrypt,
+	skipjack_decrypt,
+	skipjack_setkey,
+	skipjack_zerokey
+};
+
+struct enc_xform enc_xform_rijndael128 = {
+	CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
+	16, 8, 32,
+	rijndael128_encrypt,
+	rijndael128_decrypt,
+	rijndael128_setkey,
+	rijndael128_zerokey,
+};
+
+struct enc_xform enc_xform_arc4 = {
+	CRYPTO_ARC4, "ARC4",
+	1, 1, 32,
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+};
+
+/* Authentication instances */
+struct auth_hash auth_hash_null = {
+	CRYPTO_NULL_HMAC, "NULL-HMAC",
+	0, 0, 12, sizeof(int),			/* NB: context isn't used */
+	null_init, null_update, null_final
+};
+
+struct auth_hash auth_hash_hmac_md5_96 = {
+	CRYPTO_MD5_HMAC, "HMAC-MD5",
+	16, 16, 12, sizeof(MD5_CTX),
+	(void (*) (void *)) MD5Init, MD5Update_int,
+	(void (*) (u_int8_t *, void *)) MD5Final
+};
+
+struct auth_hash auth_hash_hmac_sha1_96 = {
+	CRYPTO_SHA1_HMAC, "HMAC-SHA1",
+	20, 20, 12, sizeof(SHA1_CTX),
+	SHA1Init_int, SHA1Update_int, SHA1Final_int
+};
+
+struct auth_hash auth_hash_hmac_ripemd_160_96 = {
+	CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
+	20, 20, 12, sizeof(RMD160_CTX),
+	(void (*)(void *)) RMD160Init, RMD160Update_int,
+	(void (*)(u_int8_t *, void *)) RMD160Final
+};
+
+struct auth_hash auth_hash_key_md5 = {
+	CRYPTO_MD5_KPDK, "Keyed MD5", 
+	0, 16, 12, sizeof(MD5_CTX),
+	(void (*)(void *)) MD5Init, MD5Update_int,
+	(void (*)(u_int8_t *, void *)) MD5Final
+};
+
+struct auth_hash auth_hash_key_sha1 = {
+	CRYPTO_SHA1_KPDK, "Keyed SHA1",
+	0, 20, 12, sizeof(SHA1_CTX),
+	SHA1Init_int, SHA1Update_int, SHA1Final_int
+};
+
+struct auth_hash auth_hash_hmac_sha2_256 = {
+	CRYPTO_SHA2_HMAC, "HMAC-SHA2",
+	32, 32, 12, sizeof(SHA256_CTX),
+	(void (*)(void *)) SHA256_Init, SHA256Update_int,
+	(void (*)(u_int8_t *, void *)) SHA256_Final
+};
+
+struct auth_hash auth_hash_hmac_sha2_384 = {
+	CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
+	48, 48, 12, sizeof(SHA384_CTX),
+	(void (*)(void *)) SHA384_Init, SHA384Update_int,
+	(void (*)(u_int8_t *, void *)) SHA384_Final
+};
+
+struct auth_hash auth_hash_hmac_sha2_512 = {
+	CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
+	64, 64, 12, sizeof(SHA512_CTX),
+	(void (*)(void *)) SHA512_Init, SHA512Update_int,
+	(void (*)(u_int8_t *, void *)) SHA512_Final
+};
+
+/* Compression instance */
+struct comp_algo comp_algo_deflate = {
+	CRYPTO_DEFLATE_COMP, "Deflate",
+	90, deflate_compress,
+	deflate_decompress
+};
+
+/*
+ * Encryption wrapper routines.
+ */
+static void
+null_encrypt(caddr_t key, u_int8_t *blk)
+{
+}
+static void
+null_decrypt(caddr_t key, u_int8_t *blk)
+{
+}
+static int
+null_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	*sched = NULL;
+	return 0;
+}
+static void
+null_zerokey(u_int8_t **sched)
+{
+	*sched = NULL;
+}
+
+static void
+des1_encrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
+}
+
+static void
+des1_decrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
+}
+
+static int
+des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	des_key_schedule *p;
+	int err;
+
+	MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (p != NULL) {
+		des_set_key((des_cblock *) key, p[0]);
+		err = 0;
+	} else
+		err = ENOMEM;
+	*sched = (u_int8_t *) p;
+	return err;
+}
+
+static void
+des1_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof (des_key_schedule));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+des3_encrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
+}
+
+static void
+des3_decrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
+}
+
+static int
+des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	des_key_schedule *p;
+	int err;
+
+	MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (p != NULL) {
+		des_set_key((des_cblock *)(key +  0), p[0]);
+		des_set_key((des_cblock *)(key +  8), p[1]);
+		des_set_key((des_cblock *)(key + 16), p[2]);
+		err = 0;
+	} else
+		err = ENOMEM;
+	*sched = (u_int8_t *) p;
+	return err;
+}
+
+static void
+des3_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, 3*sizeof (des_key_schedule));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+blf_encrypt(caddr_t key, u_int8_t *blk)
+{
+	BF_LONG t[2];
+
+	memcpy(t, blk, sizeof (t));
+	t[0] = ntohl(t[0]);
+	t[1] = ntohl(t[1]);
+	/* NB: BF_encrypt expects the block in host order! */
+	BF_encrypt(t, (BF_KEY *) key);
+	t[0] = htonl(t[0]);
+	t[1] = htonl(t[1]);
+	memcpy(blk, t, sizeof (t));
+}
+
+static void
+blf_decrypt(caddr_t key, u_int8_t *blk)
+{
+	BF_LONG t[2];
+
+	memcpy(t, blk, sizeof (t));
+	t[0] = ntohl(t[0]);
+	t[1] = ntohl(t[1]);
+	/* NB: BF_decrypt expects the block in host order! */
+	BF_decrypt(t, (BF_KEY *) key);
+	t[0] = htonl(t[0]);
+	t[1] = htonl(t[1]);
+	memcpy(blk, t, sizeof (t));
+}
+
+static int
+blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	MALLOC(*sched, u_int8_t *, sizeof(BF_KEY),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		BF_set_key((BF_KEY *) *sched, len, key);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+blf_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(BF_KEY));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+cast5_encrypt(caddr_t key, u_int8_t *blk)
+{
+	cast_encrypt((cast_key *) key, blk, blk);
+}
+
+static void
+cast5_decrypt(caddr_t key, u_int8_t *blk)
+{
+	cast_decrypt((cast_key *) key, blk, blk);
+}
+
+static int
+cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	MALLOC(*sched, u_int8_t *, sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		cast_setkey((cast_key *)*sched, key, len);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+cast5_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(cast_key));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+skipjack_encrypt(caddr_t key, u_int8_t *blk)
+{
+	skipjack_forwards(blk, blk, (u_int8_t **) key);
+}
+
+static void
+skipjack_decrypt(caddr_t key, u_int8_t *blk)
+{
+	skipjack_backwards(blk, blk, (u_int8_t **) key);
+}
+
+static int
+skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	/* NB: allocate all the memory that's needed at once */
+	MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		u_int8_t** key_tables = (u_int8_t**) *sched;
+		u_int8_t* table = (u_int8_t*) &key_tables[10];
+		int k;
+
+		for (k = 0; k < 10; k++) {
+			key_tables[k] = table;
+			table += 0x100;
+		}
+		subkey_table_gen(key, (u_int8_t **) *sched);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+skipjack_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+rijndael128_encrypt(caddr_t key, u_int8_t *blk)
+{
+	rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+}
+
+static void
+rijndael128_decrypt(caddr_t key, u_int8_t *blk)
+{
+	rijndael_decrypt(((rijndael_ctx *) key) + 1, (u_char *) blk,
+	    (u_char *) blk);
+}
+
+static int
+rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA,
+	    M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, len * 8, 1);
+		rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u_char *) key,
+		    len * 8, 0);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+rijndael128_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, 2 * sizeof(rijndael_ctx));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+/*
+ * And now for auth.
+ */
+
+static void
+null_init(void *ctx)
+{
+}
+
+static int
+null_update(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	return 0;
+}
+
+static void
+null_final(u_int8_t *buf, void *ctx)
+{
+	if (buf != (u_int8_t *) 0)
+		bzero(buf, 12);
+}
+
+static int
+RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	RMD160Update(ctx, buf, len);
+	return 0;
+}
+
+static int
+MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	MD5Update(ctx, buf, len);
+	return 0;
+}
+
+static void
+SHA1Init_int(void *ctx)
+{
+	SHA1Init(ctx);
+}
+
+static int
+SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA1Update(ctx, buf, len);
+	return 0;
+}
+
+static void
+SHA1Final_int(u_int8_t *blk, void *ctx)
+{
+	SHA1Final(blk, ctx);
+}
+
+static int
+SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA256_Update(ctx, buf, len);
+	return 0;
+}
+
+static int
+SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA384_Update(ctx, buf, len);
+	return 0;
+}
+
+static int
+SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA512_Update(ctx, buf, len);
+	return 0;
+}
+
+/*
+ * And compression
+ */
+
+static u_int32_t
+deflate_compress(data, size, out)
+	u_int8_t *data;
+	u_int32_t size;
+	u_int8_t **out;
+{
+	return deflate_global(data, size, 0, out);
+}
+
+static u_int32_t
+deflate_decompress(data, size, out)
+	u_int8_t *data;
+	u_int32_t size;
+	u_int8_t **out;
+{
+	return deflate_global(data, size, 1, out);
+}
diff --git a/sys/opencrypto/xform.h b/sys/opencrypto/xform.h
new file mode 100644
index 0000000..a4960b9
--- /dev/null
+++ b/sys/opencrypto/xform.h
@@ -0,0 +1,101 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: xform.h,v 1.8 2001/08/28 12:20:43 ben Exp $	*/
+
+/*
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software. 
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#ifndef _CRYPTO_XFORM_H_
+#define _CRYPTO_XFORM_H_
+
+#include <sys/md5.h>
+#include <crypto/sha1.h>
+#include <crypto/sha2/sha2.h>
+#include <opencrypto/rmd160.h>
+
+/* Declarations */
+struct auth_hash {
+	int type;
+	char *name;
+	u_int16_t keysize;
+	u_int16_t hashsize; 
+	u_int16_t authsize;
+	u_int16_t ctxsize;
+	void (*Init) (void *);
+	int  (*Update) (void *, u_int8_t *, u_int16_t);
+	void (*Final) (u_int8_t *, void *);
+};
+
+#define	AH_ALEN_MAX	20	/* max authenticator hash length */
+
+struct enc_xform {
+	int type;
+	char *name;
+	u_int16_t blocksize;
+	u_int16_t minkey, maxkey;
+	void (*encrypt) (caddr_t, u_int8_t *);
+	void (*decrypt) (caddr_t, u_int8_t *);
+	int (*setkey) (u_int8_t **, u_int8_t *, int len);
+	void (*zerokey) (u_int8_t **);
+};
+
+struct comp_algo {
+	int type;
+	char *name;
+	size_t minlen;
+	u_int32_t (*compress) (u_int8_t *, u_int32_t, u_int8_t **);
+	u_int32_t (*decompress) (u_int8_t *, u_int32_t, u_int8_t **);
+};
+
+union authctx {
+	MD5_CTX md5ctx;
+	SHA1_CTX sha1ctx;
+	RMD160_CTX rmd160ctx;
+	SHA256_CTX sha256ctx;
+	SHA384_CTX sha384ctx;
+	SHA512_CTX sha512ctx;
+};
+
+extern struct enc_xform enc_xform_null;
+extern struct enc_xform enc_xform_des;
+extern struct enc_xform enc_xform_3des;
+extern struct enc_xform enc_xform_blf;
+extern struct enc_xform enc_xform_cast5;
+extern struct enc_xform enc_xform_skipjack;
+extern struct enc_xform enc_xform_rijndael128;
+extern struct enc_xform enc_xform_arc4;
+
+extern struct auth_hash auth_hash_null;
+extern struct auth_hash auth_hash_key_md5;
+extern struct auth_hash auth_hash_key_sha1;
+extern struct auth_hash auth_hash_hmac_md5_96;
+extern struct auth_hash auth_hash_hmac_sha1_96;
+extern struct auth_hash auth_hash_hmac_ripemd_160_96;
+extern struct auth_hash auth_hash_hmac_sha2_256;
+extern struct auth_hash auth_hash_hmac_sha2_384;
+extern struct auth_hash auth_hash_hmac_sha2_512;
+
+extern struct comp_algo comp_algo_deflate;
+
+#ifdef _KERNEL
+#include <sys/malloc.h>
+MALLOC_DECLARE(M_XDATA);
+#endif
+#endif /* _CRYPTO_XFORM_H_ */
author	sam <sam@FreeBSD.org>	2002-10-04 20:31:23 +0000
committer	sam <sam@FreeBSD.org>	2002-10-04 20:31:23 +0000
commit	91416784e40204fddb837d3327a21b7fe803599b (patch)
tree	031839b89be777f8989910a091b189457858c99d /sys/opencrypto
parent	16827939fabe12f22c5b06ee3fdf29f6c10b1de2 (diff)
download	FreeBSD-src-91416784e40204fddb837d3327a21b7fe803599b.zip FreeBSD-src-91416784e40204fddb837d3327a21b7fe803599b.tar.gz