+#define imix_col(y,x) do { \
+ u = star_x(x); \
+ v = star_x(u); \
+ w = star_x(v); \
+ t = w ^ (x); \
+ (y) = u ^ v ^ w; \
+ (y) ^= ror32(u ^ t, 8) ^ \
+ ror32(v ^ t, 16) ^ \
+ ror32(t, 24); \
+} while (0)
+
+#define ls_box(x) \
+ crypto_fl_tab[0][byte(x, 0)] ^ \
+ crypto_fl_tab[1][byte(x, 1)] ^ \
+ crypto_fl_tab[2][byte(x, 2)] ^ \
+ crypto_fl_tab[3][byte(x, 3)]
+
+#define loop4(i) do { \
+ t = ror32(t, 8); \
+ t = ls_box(t) ^ rco_tab[i]; \
+ t ^= ctx->key_enc[4 * i]; \
+ ctx->key_enc[4 * i + 4] = t; \
+ t ^= ctx->key_enc[4 * i + 1]; \
+ ctx->key_enc[4 * i + 5] = t; \
+ t ^= ctx->key_enc[4 * i + 2]; \
+ ctx->key_enc[4 * i + 6] = t; \
+ t ^= ctx->key_enc[4 * i + 3]; \
+ ctx->key_enc[4 * i + 7] = t; \
+} while (0)
+
+#define loop6(i) do { \
+ t = ror32(t, 8); \
+ t = ls_box(t) ^ rco_tab[i]; \
+ t ^= ctx->key_enc[6 * i]; \
+ ctx->key_enc[6 * i + 6] = t; \
+ t ^= ctx->key_enc[6 * i + 1]; \
+ ctx->key_enc[6 * i + 7] = t; \
+ t ^= ctx->key_enc[6 * i + 2]; \
+ ctx->key_enc[6 * i + 8] = t; \
+ t ^= ctx->key_enc[6 * i + 3]; \
+ ctx->key_enc[6 * i + 9] = t; \
+ t ^= ctx->key_enc[6 * i + 4]; \
+ ctx->key_enc[6 * i + 10] = t; \
+ t ^= ctx->key_enc[6 * i + 5]; \
+ ctx->key_enc[6 * i + 11] = t; \
+} while (0)
+
+#define loop8(i) do { \
+ t = ror32(t, 8); \
+ t = ls_box(t) ^ rco_tab[i]; \
+ t ^= ctx->key_enc[8 * i]; \
+ ctx->key_enc[8 * i + 8] = t; \
+ t ^= ctx->key_enc[8 * i + 1]; \
+ ctx->key_enc[8 * i + 9] = t; \
+ t ^= ctx->key_enc[8 * i + 2]; \
+ ctx->key_enc[8 * i + 10] = t; \
+ t ^= ctx->key_enc[8 * i + 3]; \
+ ctx->key_enc[8 * i + 11] = t; \
+ t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \
+ ctx->key_enc[8 * i + 12] = t; \
+ t ^= ctx->key_enc[8 * i + 5]; \
+ ctx->key_enc[8 * i + 13] = t; \
+ t ^= ctx->key_enc[8 * i + 6]; \
+ ctx->key_enc[8 * i + 14] = t; \
+ t ^= ctx->key_enc[8 * i + 7]; \
+ ctx->key_enc[8 * i + 15] = t; \
+} while (0)
+
+/**
+ * crypto_aes_expand_key - Expands the AES key as described in FIPS-197
+ * @ctx: The location where the computed key will be stored.
+ * @in_key: The supplied key.
+ * @key_len: The length of the supplied key.
+ *
+ * Returns 0 on success. The function fails only if an invalid key size (or
+ * pointer) is supplied.
+ * The expanded key size is 240 bytes (max of 14 rounds with a unique 16 bytes
+ * key schedule plus a 16 bytes key which is used before the first round).
+ * The decryption key is prepared for the "Equivalent Inverse Cipher" as
+ * described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
+ * for the initial combination, the second slot for the first round and so on.
+ */
+int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
+ unsigned int key_len)