From dd88eea1ba682f2745d537f896f6ebf4086578f3 Mon Sep 17 00:00:00 2001
From: Hacker-Code-J <hacker3740@gmail.com>
Date: Thu, 29 May 2025 02:25:40 +0900
Subject: [PATCH] Desktop250529v1

---
 .vscode/settings.json                         |   8 +-
 CryptoModule                                  | Bin 0 -> 38240 bytes
 Makefile                                      | 131 +--
 doc/cryptomodule_doc.pdf                      | Bin 569742 -> 569742 bytes
 include/aes.h                                 |  66 ++
 include/config.h                              | 101 ++
 include/mem.h                                 |  35 +
 include/mode.h                                | 159 +++
 src/block/aes.c                               | 970 ++++++++++++++++++
 src/common/mem.c                              |  14 +
 src/main.c                                    | 521 ++++++----
 src/mode/cbc128.c                             | 167 +++
 src/mode/ctr128.c                             | 200 ++++
 src/mode/gcm128.c                             | 850 +++++++++++++++
 z_old/Makefile                                | 108 ++
 {include => z_old/include}/ansi_code.h        |   0
 {include => z_old/include}/api_cryptomodule.h |   0
 .../include}/block_cipher/api_block_cipher.h  |   0
 .../include}/block_cipher/block_cipher_aes.h  |   0
 .../include}/block_cipher/block_cipher_aria.h |   0
 .../include}/block_cipher/block_cipher_lea.h  |   0
 .../include}/cryptomodule_test.h              |   0
 .../include}/cryptomodule_utils.h             |   0
 {include => z_old/include}/mode/api_mode.h    |   0
 {include => z_old/include}/mode/mode_cbc.h    |   0
 {include => z_old/include}/mode/mode_ctr.h    |   0
 {include => z_old/include}/mode/mode_ecb.h    |   0
 {include => z_old/include}/mode/mode_gcm.h    |   0
 {include => z_old/include}/sha/sha2.h         |   0
 {sage => z_old/sage}/aes.sage                 |   0
 {sage => z_old/sage}/aes.sage.py              |   0
 .../src}/block_cipher/block_cipher_aes.c      |   0
 .../src}/block_cipher/block_cipher_aria.c     |   0
 .../src}/block_cipher/block_cipher_factory.c  |   0
 .../src}/block_cipher/block_cipher_lea.c      |   0
 {src => z_old/src}/cryptomodule_core.c        |   0
 {src => z_old/src}/cryptomodule_test.c        |   0
 {src => z_old/src}/cryptomodule_utils.c       |   0
 z_old/src/main.c                              | 236 +++++
 {src => z_old/src}/mode/mode_cbc.c            |   0
 {src => z_old/src}/mode/mode_ctr.c            |   0
 {src => z_old/src}/mode/mode_ecb.c            |   0
 {src => z_old/src}/mode/mode_factory.c        |   0
 {src => z_old/src}/mode/mode_gcm.c            |   0
 {src => z_old/src}/mode/padding.c             |   0
 {src => z_old/src}/sha/sha2.c                 |   0
 {src => z_old/src}/sha/sha2_core.c            |   0
 47 files changed, 3241 insertions(+), 325 deletions(-)
 create mode 100755 CryptoModule
 create mode 100644 include/aes.h
 create mode 100644 include/config.h
 create mode 100644 include/mem.h
 create mode 100644 include/mode.h
 create mode 100644 src/block/aes.c
 create mode 100644 src/common/mem.c
 create mode 100644 src/mode/cbc128.c
 create mode 100644 src/mode/ctr128.c
 create mode 100644 src/mode/gcm128.c
 create mode 100644 z_old/Makefile
 rename {include => z_old/include}/ansi_code.h (100%)
 rename {include => z_old/include}/api_cryptomodule.h (100%)
 rename {include => z_old/include}/block_cipher/api_block_cipher.h (100%)
 rename {include => z_old/include}/block_cipher/block_cipher_aes.h (100%)
 rename {include => z_old/include}/block_cipher/block_cipher_aria.h (100%)
 rename {include => z_old/include}/block_cipher/block_cipher_lea.h (100%)
 rename {include => z_old/include}/cryptomodule_test.h (100%)
 rename {include => z_old/include}/cryptomodule_utils.h (100%)
 rename {include => z_old/include}/mode/api_mode.h (100%)
 rename {include => z_old/include}/mode/mode_cbc.h (100%)
 rename {include => z_old/include}/mode/mode_ctr.h (100%)
 rename {include => z_old/include}/mode/mode_ecb.h (100%)
 rename {include => z_old/include}/mode/mode_gcm.h (100%)
 rename {include => z_old/include}/sha/sha2.h (100%)
 rename {sage => z_old/sage}/aes.sage (100%)
 rename {sage => z_old/sage}/aes.sage.py (100%)
 rename {src => z_old/src}/block_cipher/block_cipher_aes.c (100%)
 rename {src => z_old/src}/block_cipher/block_cipher_aria.c (100%)
 rename {src => z_old/src}/block_cipher/block_cipher_factory.c (100%)
 rename {src => z_old/src}/block_cipher/block_cipher_lea.c (100%)
 rename {src => z_old/src}/cryptomodule_core.c (100%)
 rename {src => z_old/src}/cryptomodule_test.c (100%)
 rename {src => z_old/src}/cryptomodule_utils.c (100%)
 create mode 100644 z_old/src/main.c
 rename {src => z_old/src}/mode/mode_cbc.c (100%)
 rename {src => z_old/src}/mode/mode_ctr.c (100%)
 rename {src => z_old/src}/mode/mode_ecb.c (100%)
 rename {src => z_old/src}/mode/mode_factory.c (100%)
 rename {src => z_old/src}/mode/mode_gcm.c (100%)
 rename {src => z_old/src}/mode/padding.c (100%)
 rename {src => z_old/src}/sha/sha2.c (100%)
 rename {src => z_old/src}/sha/sha2_core.c (100%)

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 5c3a115..30ad2a3 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -98,7 +98,13 @@
     "api_cryptomodule.h": "c",
     "mode_gcm.h": "c",
     "mode_ecb.h": "c",
-    "random": "c"
+    "random": "c",
+    "mode.h": "c",
+    "vector": "c",
+    "memory": "c",
+    "system_error": "c",
+    "string.h": "c",
+    "bit": "c"
   },
   "files.exclude": {
     "**/*.vo": true,
diff --git a/CryptoModule b/CryptoModule
new file mode 100755
index 0000000000000000000000000000000000000000..51f607f21d97a21b39401a14d8a3e4fb193cd526
GIT binary patch
literal 38240
zcmeIbd0dp$|NlJ$sHn(bVUl5@VPUB;4yNSB-~iX?prp8!1_-DmF0rJRDT)hMBT8ne
zZECCST1K`hxbOR}nR_5ExbM#WJlDdOetv!K@AtkRzdyPj4(B@OI_F&HywCeQ&+A-s
zA>$()k#0t#K|kCL9StHDQ&&w1(=N=<)lLY)3~dc{_}R$tsG&M>4<${#9;OCdRgZmc
zl|xT0-JMXB^Ajic2>sP$gC6QF6rm`0zoTyr^@<)EeAKuoS52I1@v333c4|I7)UTJ_
zFGjs?s1iy~s_A-Iv7E5Y{MXg%y8ZNUq-K{qE!4}2s3^BcE4N6qyB?NmhR{RZp28;L
z(^j)*)i9WA;?TpY<%VeGs)jbTm_ZN4J;c%TWJc2eoBPFR<-*d`da8z()ntPn>i2t&
za>6eE^zhL#_R#Kkzj27y?5~HKc@0merVM;0<muF;7O5%2Ge@@=-S(Ll&xEv0AJMXv
zQnP4R03YE~QQdkOsHQ-qX=XIIWvOw!K5@-gyDswE*Y}GIuaWY@f)+EMoce+F_Vi^Z
z7KuEf-J*=hBMwoY?jj;C&TH}!c@%pXCvawP6KS>hY){@YEcBvNpElxJrK2ga2P&ng
zky!)*_egh;cCY;P?~}fW^Z-6p57DoC)zjua>B~tE;8XQ5lF+1TBJl`5bqx&+0eR|0
z-M<ZSafzc7;s&J*Pe@I9HQ6vMAvJYGBB=@K>B(ssaf1?4Qi(CziE-%}38V~5NEuGb
zppj`Q!!riOB@P*CNY6-0PD>+^9En3kl3Grb5-#zKA<AJ7?;O{vrKM#^*?Fs$t;^2K
zQ!OEeID2e#95p5nPD#&5PK%B1oH}B7a%{rD)MV~4c-V;HT2tcGtoO`FH{I|8cV@kj
zPc`MIdOm<_!rtP@csK>usAd?<xk$@wAmSc|bS>_il2S)_*?29!<jr?*D>s8oTpT*D
zbbAJCgSb%RlAd0wtrwnE?61f7%~0zTJ}bshKaNyLujuDR719-MYXwRxr0e$<m#$Yx
z7jr>Bbbk<ai20!(OSSxBxzOjVxK>ahUCc-QSXUuknRnWSZ57hBrAIIFZ}_hT{<Xlr
z7Wmf!|61T*3;b(=|0^wU$@J(=Df^74<gB(I4Jb`6$Z&IQld@NNu2kCVYCVzUi>{{G
z1g1s?k$;G|a<TZR%jL>b;zH0}EZ$xg7eel0aba0p2&{|6i}g6Qy{^<|Gbr^DZ&4-Q
zv`V~Tm3Y01acRPtAeu19G@@E`Cxc;G7Pm{1oE}YsIFaN@fqq;y7fA9kDfhQPAwNyc
zCMjW22O?Ivz+4b9xnT4ol5>`lH%WTRS1FwNgfwB5sC%X4>~LWmwdK~^(ve$`WGEU*
zhn9-7k~KvkoSPbjDg7~@waeRI6t~MhQ5q8)VJ<MQmvTEiM;2GTL~6M_sHLgVBnpZO
zJIG4C)h3D{^m;};h9Xj&GZZylM@)^fM81_;NdA6G{?<K2(Cn@xmr8}_I!T4s-6i81
zY5Uy_Un;1lRp9A5GRV{jJL~1ecx82H!DU0{Q@y0@4j09P21!1d;YAm(5-I9;*X1fo
zqOEJHRU@Bq0A(wcFCL|IHj9Evf2GMT)1)W{S(3L&lXsXVwc}jAXzi1IY`L|!wU;%v
zSI-GIMRwDqRO~h3t}+Ib8z@Cq{OrvYIj5ALPLpZ9?CI?8K_GcJyL*a|xR(gMoZWpy
z=;Q3}D?;B1cMFs{J@GeZcRwk&_4geNhF?iDI&$kBd){Dh<i6<V$gQ)tH@BvQpR>Ea
zBe&YR9yB$#Lt!^H)xRXQd_3fpru;Kf_KE;0dyPk7iI05Nlz-6bZ2qOwf8K<X1{bYA
zZXl>xBCj^(7g(MzEj;UIHRXFuAk#u}aIt2Qd7m8aV+p@3hx=N>ugl?n=5=zozw^c0
z&My9@{6cxN)#))&E!g~vrlQuGMe=5gTj5!sFjM~7@~X^5MCG&2=HH2`T?VsKb$}(@
zLk<tLgnP>2L6&eYIlQ?&^pa_EC&tBG@WKFVf9nA2i`KZ6gYqPK#e}<A!c3Fj#Pn;k
zgqg)g$k|BBZ85PumdGyfapVpQwEjk_Fx(gY$h}eSTWWL0d0@S{Jc+<+GoNFsm^Rwv
zzL%Y&JWX5Vk=Gd*>^LS`wd3s)??HJsXR=bGl)c)+l)v37Z?QUkXIcx-`9+!XLl#ds
zCOT`Yc~M*_Jm(W(%D)=r3|VBIaEiOTY-TR(HRbQN%6n|`%}8g+Ps$aSfh*<%@=lxi
zxYc}6_OqD}(-05y1$m?=o?#C?n>o4INcVAqZ+MiaJHa1)6(?ZS>+FbCy0I}v8T?f|
z*eH2qP@W~+htc*Eqs@?sVe(am$@hO@nEaGs@>hn5A!C>V8K%r>#eJD!+I%*z*Sz@c
z!dyp9uj0$MVG8|ltz1ebSMk&Q98~U}3U7P$l;oX76UjNbz?8F&VRbsiuuAd)TdtR~
zF^`zMeq540u~3rto3Bc_9@#o?oS`<SfzC?Vg><~g$0l1D=P+M+w2yPlWn!0!`N^Yw
zonx*OyH3ns9_{BGbDP+0d9=Sx-rDS1=-sjT>OHN$2moT<^eAE1YN<UHD<?AsxW<c}
zMbNqrRL;I(G)-?nW|c?IF2e3U*6bBVtGv;aUu-Qb@iXN&Ul?i1_n#Bx^q(7H@n0x!
zHsx<-QpoGYv@qp+<%ldci~o0graQZM*yINPgW{ex`FW53L3uCAdzP11nl2jn&zetR
zFI(taV&qIS&M?km>aMIX*!p^6?E_dfkV^8Ep2~VX`KoEw3f71))2uaNo)=A%>w95q
zL1J%CY|i>NXOsuFKgjHra_j7}<0WxkHs=UWM{b8TOj)aGgU#Y&HLbH*!m#5G(?&~Q
zFRN*D;c3R<md!H6lgW9^=JbEZCa=KUKNBr2Jnh4<P6Y)vOJ5&T{thn8w#lbW`FpJL
zc2oY|D2xA$2)WQ&SnL<+^qL-N@mdfepRpF6@v&JXU#d7k(&tur7k9K$TNE)eP@ZdN
z$>&G7Bhnf8S)?U!u~j~dTL@6tEb)F${|~u%HQeI=g{7}Q*MCwlv4VuzR1if1*DqM*
zZ8rH>XN&*T2zj4qSYeT$&6Hmf>GYivA+L+H_<ljQ5|XJkCV=w-(xy^OX}>SU)`>Ea
zPLC;(7LP9?<dar>5Hkgm_bf@@S>@d}`2a3U`#ruRgWCQR<P+^b80l>OZKS1nrS=aA
zDsTS+OW)>PSKGgV_Rmw=-(0l66hmTB+K(YIDeW&7?LQvr^q-DtBQ5?5$aaim+SE6g
z^Yx_7_y_h6A#Vly|K0XtL@L;x><p4({I-k((W~^K-0(`H1Ah_&!Zl%dOW*clH2w?w
zhf(sM+TTXr3ikiI?eA%Kse;|hjUI*hX}_hfLkuIvqwa&)ouE_<$Un7z3<dtF{bR{n
z!T$fH|MxBL2mar`d>DkqwV~h!m+s^LJ28&x|IOc2eSb(i*|B}|GT(1r?)ze{9ARE8
zCeH<Jt|Y1XmAO*p|6;xz;r3j^|BE#LSEf!S{|_5d-hTW)m3dUv|2>5NqX6*#6{`J<
zsaW%WCRHH*zny;1CEFjW|HqHy9Qy~B`G268HlmEipScn8N-@OnCxg5P;m<rPN<u!3
z|Ig#1atlG3v-rMnZ-3ElvVtSw`+Y}izRwl4#XA&h`zy26=Jfc`D(|2-iy_2V%pw4R
zYtD|4k11837A7g;b0Hj<M#y5mi}?Z-Py1NrWWj%8JH#kbk=k_%Z_o;Zt#=e=$#hv@
zC{OGhD8WqdRY`O#in9p$52eIeI<C?uLS7>VMD4}G9JSQd%2R-PF45~LR(YT3xXm(W
z8u<jTsf>%tkg7!D`sa)RegP<<Eyw|(<hjUaBOhETP_|j-=TQT|+DKG*7A67Bc!?+`
z8l-_$j*waP1;nz%w@*~SIC^N~sG^mj6j}74TpS@E7CJ%gQO=yQ9(ifw!ib7Nxq<~g
zqy+~txF9QCW=L797QQc<W-h_GX4{;3V(GPJ->hYtp2k)rLOyPjH&E=7xQ8f4E%=8h
zO{JGrCt5gPy(@myT=<c)W;7RmBueQH6rsvn%=w9$9kXlB1GvwyY~Vfe7OK6j80DPs
zk@b8|pn3BnEg?T!<v*34p2t3m7E*~idtA7QY?<>l3FKOiT4qanEy7?R{c}=&!GBob
zPm&@k7S_K=Z?Qf*34JNts173|9w>9q&0-uGw?%4G#W0o;L5$nJ%7b=+0b4>=F?OQW
z+MqF^gn#1sjM@b*+){2>tSlQu&ua6rQqOXhR_fVe%N(%_VTx)!YpC|@J5uP`0eV(j
z@7YeeHILErGEHBCto(<gS3vbN=AVw<DmDB6Z1mPqNu|--L_+!Kg|a=bJbF)%@?VeM
zHnpk$Wb}5C^?zmb_EqW`qjyN@nLc`P$bWiPVf3O&QF^9~9@EWQc+3s`<j8H^O1%`F
zh~!{PE${4>>zilFUl}E6hWXfIPi3-MEpAqIn{8z$E;f_qeH!7Fab@QqE^sBHW=Vv+
zn#<HBszj71^{f*$$`J_Q{8fsJ3f6f{)vB|yX``YOO0^sHTY;l{)xMd;^%d{1qT(Gq
zxI;nZsy(#|l`;nfQS@rVon8yd8_sppIyu5KoZ>S~`FE}IbsFXs?hKj2PMKbtOD7x^
zofM34`hLj1npn*Z=53;wmw0|x;V}UEe^PUU;g|h9C}B&`mUC3Rm7r+anZNHZ|Ji=y
zNNsJuv6mB@^J#V$)ScQw?Eg9>n?+h54;~?Sa;x5<IGky-%@U;SG6X8b?jr^ZZDhZJ
zorv}I6zsJ*181|3wXoK+ged!sI`vyqn<buMg5iO00s?h*;12X(TU<cB#;K_g38kPd
zE@5KVAs{8I%NVh<Dx~%+qmTGwg%QJmt9~ms7EZ4j@FqV(hL=JBNPb)qnqwayP~gR4
z!s7{51&F1GMSFu-Qp#6+(G!*r7IfqQtB5IozgX?rRRwU4T0nz|3e@&Dr{oHy{ij($
zd}p(;v+x{O7n~Te>ws6ja~0KcjMxd*dsZB_%|aZ}enp$Fr<I?HjRiHa+R%QMe?`Cq
zaYcZB10R7hwf!q7F4iG+iT>LnLHorrAQlN_DAYwFKA1WLV<u2cS^Jcg{oa-r`;Gr#
z`C=CG5;Rwtxs?S^v3Ofb9;6>?gR2-^j1$&V_ZoA{ZBJ%(zjs>fm+oW#FmnBO_7}U3
z``TaFT-g8bMwisK>&6zA#^B0+gCUc*ad|zSEQUt2Jt^?8NJtO0{r9qe47n=Uzuf=t
zJp^LQ@gIhu-1#xKuxo|U(44<7dkrcP+iqnJ{15#<p1S@!`-@%2eeM5u|4*$j6qH16
zDRW?mFtq5$f8qaLs{ea^Mmc7q5J}QV&auB&ng4qUWn01cpOroD2ow7a_In-+l;<5{
zYbnU{d4zmOnYm{){|`jC1q$4h`G5Rq^6LIChQ-o%EO|8Uh>=j{uJXKt<qiIb=N%O`
z4S)ClLn?n3X0cFE`8|h#EEV{(QRR=m-6$V|4Jv+)E1kH9>(43QYE<-o?s~!I^g@sy
z7I+0MxIgFz_BqpNmC(iHxx`0ok{2N6g=|$#D=5R0sz77_TL49_D%%WMFpWiakBX#y
z+F~FIA^t^qtd%crElOGDh@FPU`vT$XToog!Zv4-x6H!2f27D_jQEcE`D0T`oQ*0mD
zy@&-yj2G3ih70$~5_=KKh#7*1c~o2>#5Q*aotbUTzQa~yyt@#q$HYT5rMP(9##SRl
zj2@y;tQ81uu~saaPo+c|s}QkVK)NVPh*(n;%U2vLZLP@Db{pkmRbjbUNmVz56$G!8
z8kA)ZGbroDGIkuM{6DRQV#hH@>^Ovd<b#xQ(X-F!{?|$;{eLEk(e_60)l+W0SDOio
z@`%mi^)7Sk7cruCd9PSK#E>a#`G?}RjGVT~pd-}!_faG9mZ(Y{Iq?`~nP{_Rj=J4Y
zHk$=v^t4gq?ze*!i8+y73OgM!TA~7aN5QLncxs>w*RlwCuiCXNvE>k5<ErRbJ{?mx
z9Ug2=#CB>Sb&9cM9NBd2K+e2Fim+JOII`*ZN!fJ#qj4<Yj@<3P7)Nd2@jo0#(M!g1
z9k;JEj+=x9c%oZr9KV0!zZyre-T1G^QQdglYaBzkJEJPbQJHdLER|<T${=F<zmKEX
zd{h}nb^GBVI)*OTu6&nthY{WLIDO;$BnFgAGsAOzzo9VgKV_2(rNkY4JtgI~&*S@x
zuN#YzW>+5)Y|8ibvD7a-<!8QVleaL<!*D5aq41QC`65plZ1Q?pOYk&b<WcoGKhp-e
zm)KY!jkF5-cxW}8x@QeX@rx4`YOyKLY<#q;#14W-z-m=Gwk&--l`7@KOjjzE4_0j$
zy9O^$t<s}@g{NqpXqebd_y$<|c$qhd9Q4z}ukff(;So>s{WlKn0@yh8fmw)qS0iQP
z;7L+Z&m-bHEbaT>9T`uEFS&`sG!K)lm4`Q9Fd1z%3#8BunI+71{rhKg!OHS)v$XQo
zKKi%Be6!J3k~0E*9I`DiNck@LF5_gEZ`<YFc6qCmebZ!`!uE$fMp~&PUvkK69r8(g
z;W-a`Zluvc(Ez)ARVqB<AyI>$WL#O|seJz}Qk|Iw$<oFldj&e=n|Apb5<K~y(nqq4
z@^r}8?D8uFSFNt?_S{!|98Qt#niP6CbEU&cy^=GPcDW}7`q>Llc{q$$tl1|`884d)
zl=>McFOOD^YK9yycfL_I+Cx{5Dv6$aR(U_bZi-l~ecxxwFV7=oU-!v8M_VNMuq6M<
zjU}h(cIe8C+Luft+)d3q0!?-KI(1dsikmsPq-3w;>>ubOS`<|L8ebEZn^b(iui6uf
zi7(zUX<tbm8|YWzjR;$y#On~^n|e<mW|uEZ@&<>zQVP9hn)I+p$-aY`=WrIC`+BKE
zUTrTtkAb5w@Yuirhm+cL69+kRL#mf}@ul7*MnzP1%^{zX<XAC=E{E(0^i=wlX|S6^
z0`0k@Xmzxw-AuYYdlh-^M2DVoIEhM5%49AVwPR}rPuSPtObQIL7yjj8H?DFRuS=o(
zGHPHNgQ>1N#?5d@xv7D{4*4%hKF4j$1$oLinDS$*8Cv<eTXTG?R~V1u6~}{&z8*Qg
z%3!GjA#N)1>WBK?h-va7x`XZeR<ONl7$H{dxe=xGRk^>EeT0S3R^3POIlH_Dzt$~4
z!|d5>>8I9V;a$$|rQ%+}lEq!=xgA$kQrb$E&Z-?Gxi;CZi!0Y1?eIBC?&_KOr7%gc
zI|DB4;)hQc-{N~iyL^`!Qe4Vu(btD6dc&Z+u&ZlpWHykTeb|PF8zni)Q@XZIYP?M<
zEb1f~Ypj%V`<N6TE%VP-lDu8YK5aCX=7bvyi#(;!t(nD4Uv+#{|FX*$S>mm|qoGwV
zJFhduM$4PT*V4Cew;<8EcxTY$vzbqo@S;l=<}%2|Qua!tov(YdR~yA3d9~{5vS*(+
zT64O%#6+qVJ=vAH-=6Kl^A0Ko?q2GUcT3qvv8`1#tz_IMOzeYwaWV%^#)Li1EOo^O
z4iS@8Oy=yBK1J0rk>pG-wOc|0B{>u0reC*PGRTgTd6I%BF@Z9Fwr2lja=6C^`kBuv
z)zOHIE=rwLuUA|26P8s<+H=Rd<kR7~whp`trSwagi1K#&1*U6TTZMR8b3$r`Zp%EC
zo7%ysSV9iMi-Ib6ktB2Pk{Jp&^!ZwDNv2~jNxmb#<1aI&a34RLvuy;;Ys19NXyxGh
z0r6gsO}<XAG3+X%HG3_M@NjDt;gYgTFsv=mCHj|9O`3c#b5De`8(;6Pm$GkRVIg>I
zOlIE*d8<QC4fKqLqVge0F46n7)I=5tV6ca-GELph380k<&w9v3HY1L?RthaLWxq|j
z)NHjRCUCUOfSr@%)38hoh;?nG7nhkT-D+zt7RH)m1~yW5vG6ae@GpDlp3LG1vr8&G
z>0xhn#%??-8B6Thw@s$0;yt4X`GzF_VS@_34*7Vre8vIwJVlRU73<pMwpGll*hOy<
z%~2Yqv<PFF)>-99FYK5(qd1Z3g&6etUHm9+N;FRra2sSgU!e4+*e2$!@`{70ZVgGk
zEBa*<owbVPjWO6@m3w<-2C!n(R<q@Mi#M{e&l!yya(WvJPt(6OnZ*(-2omEp7jL!L
zjJL{pEpJm?hee^4S9NQSmq+M<%#w)Qv7L;?4Mlr|e@Hz1D_<gi6*lEKDy>z1;Xqm&
z<tgHlv!mpE#nUeA#lNLlB8_=kc(juwFUk?I?Wd*f#rB%pNzOiIjFz`X%bOjtBuUo}
zNR1CjW)^|<c6o=$ByY3Jd+deBI@z}u+2vi591~`*DXwQ9HAb8FI^>uj>Dqp=9+XOr
z2}chB2o7^$v?#cdLXy1MZr)@sJkH&vfasblx#E!H<E`08sNfHW+}F>3ZJ$FP(%0UY
zS-nx(USc;B-{~-~c9;)Fo7XtxFdw`5yd)0^7WcW%O-9mYyZKMM`MPAjBbjg7&6gze
z4ZHcGB=>FWkVnQy=1X?-UAy@TnMd2rx9#Q&4mnHg6dm#$u}72SocT&DZ=n)fs8HTQ
z^^%-dAd(;i%3_Xij29&HMThzB0EfIt$X$oLP-sqvJpTxRwZB8o5z^W^fTBg>gm?ay
zmWq=&EPkDnmCE?_H04K`?97hbdeLpg5_v<)9gmx=Xeu&iA2Uft-r+muAsH`9PFURo
zLNP{%rNYx5QsMFT*+)&h;^!e*f~A@}LD~k1XQgGlHu2hz@)F>w_EKSqhp4Ww$U_W*
z#bXB}J>jU*r0nA+spbKPv5+D0h&HaYTiorIp4@4T9ncgWq3~%BtH`C?$}H8~CRwbW
zT`eKhz7iLdfVDleFf&&&ZInz~>~cTP7wodR@(U}99<;{NMfyv{z36j4e#fh)l<Qwh
zyw3vqttM-$&Zgz!t-lI3a2N}O4IIW54rde120}?FHaO=YY+wnt7oKP@3}COh%VCM9
z@mIuB5^8Pb)y~1|mU5Bkx+HJG2=>A=9@(c%su51BMvxG0+@w8La2VG(Y95m;y*(vM
zb%}LGUZdXXNPAYJavN~B)4~qi$}X=GHb|dlXNeIOFm0m$(Q*P){Ge%a6Q-+xd_{u{
zQs37y7cifc)iHNGHSL#jhsMBmPo}Q$5>&=t*QI7RCKToY+`?k_OVU@8{8knbNyh*2
z?jLfL2qI^j<m?;+N#ao!l4+eJ6LWU%tDg2{2eaW8YoDAQFAC&V8+%8IjZ|YVvXF6Y
zh=?g)5fr~q?h3CQDecwu;}u0eDr>rEYOvDOwNbb*#n(<9O)bi)_zrGT4N>RXs4$TN
zFdVt#;~lx9!bp;|Oe{OMIYoz*ns=z0DYZIld6u|tE-0xf`~&Ic9%gNYe#_xRC}~BU
z71>$Z9r9hVD8D5-;|M*QQQef^GpuB_Lq00JWAgfp0K~YEe!+Ut&~-vzmzTnS+|@XP
z=P)NqYGoKO%sJE{$?lv<rp+v<rp;KEUUv=?t&^N@DFcw39>C&8s?sNyGDPywzkS`}
ztS(j*H%YGHjPzU^C00Qr%By6NGOw=`$KWbjzxDNBeM=Un@N+l^x0Rex!O@dXm?pQO
ztAG`yhsl<Srf>wHgiSM7NTH>ssSSnMQSy_0#fcmh?3_AQIlIN{!;;Wc4;2eJrRz6R
zOp{iSz`W01V-!0Td>X4+uzGJ-4q^5YQ|3M?H$5IN3)8HP_oK{S=_BQK4s+xV#rbRq
z_}nN~x+A6b+=}C<zTd~Z^sQbt4q~HomizgL<rU3#P9MZ8nOlTJG4Bw<t3Hb(8&g|T
zLwK<5u`r=&qC;<Io{`@YU1G<Qy~?kGjN;|TNxiV7oUQbji<RDeRo<U0*{HlsS+Yv+
zzph^quNYNY#xB++l#Z}JA{ynjS=}-@rz-Q$y*q<3TMT}fY35p`+fwKS)6@}sl@`VW
zB=N@G<bg!2&Pjn{M%YmdZLv;}NDvL9nUhZuq8do+ALxa%W+Y3fW8dQH6jbd++%)Mt
z*?4illwX}agAs*cZDkAb5#uCfpGD9`xvasqkT5F9+^TFa?710%@%G%YfniqHtUxg@
z)^caMqby@Syv5r;u(_n{=9X|#%8h2Q5a(i}92PBKkqV31*NLqpE%p<a!X(-sEH>}#
zW2C~P(6oPG0L^Z0&u!0AL+8Y9k^-rL5{fWdY|ZzU>lsA8&^iG^n=#O6m-AwuC#J7!
z8w-`tK}=%tIKs>B>{TjRdimH9@}-iwR~QM`Nnm3W%X)0?CAr>K=Xw%a{ZndeF64Hw
z9T7;)=s-#A%)@eReny9ThGO>Sg5K;5pA)9R-IP}R<=V!oPGJX0xtT5@xe#u#fnMev
z+C0SQ9uHw|U!NS0x>(s4_N*{Up{FxX@?b%XCshSmWp$7hU#z$>EZhIyXIPZYt#z&H
z5n_Cb&jM!lF_YJuCYhnKRi37}4?f<vk{b)@<5S!WH&s1(N(EY%JwFjU(Q;SDv-fD*
zGU3wyfB5qdw$_#WnYiZ9>o9E_g*EuIDSxa7&af8hoHd%SS#!qW(it9#OK-Z5?e5{y
z>OOoiE^XIc8gFPWY!!ANpJta(Xe@JR#mnuv{-`j#-yz>(LnHP<5|aY!Rq*H4mHhc4
z&l-d;i(MxEeA<rxQQW1uljQ7)Bk!@Z<rG)^?B-Y+<m`zvi^S`S`-?<LpRbNko+@R|
z)qNWgdr@p~aBRAwI`-JWVEnJS*!yGEjPCdIZ2R9loBg5i>-vg6>&`9w+8(<5pZRs(
zea7TJ`g6#C_Gc_sY$@~S>G$$y^?4vW;c~B5$&6GLyGQYiVXCqsyZ32pn#pVK;7ba<
zXqvhMpWqu$)PQO78qS@HOp)Y1ZSArvT3$^?A9aajeQY4*j$)M?4?SlK&{)?hi>H{M
zR%eu#cp$~=6t+NL^khaaf$X}){lpD;z9alQf^()C5;Rae-N3NcR*p9K_bLV0IbCsX
zN1HH8XKv-u7o;w`6;ACV?qe6vhfbB6CQTuNfECZOz?5G!f?LtDhog;`9nG$wl$FIN
znrf`B-3r)@v@AMzL>TS#Ri4Kg_X$7j<E7+O*A?>)HKdIX(wO=x*0OK19`mfzfxN_%
zweCyp`UiSuZWj3LAqE&wyTlVaE{nAgAN7@TUw4^zpc=$JI?8KM9*Mj|p6}&L&+Gf-
zcs-aK!sNgZqT>>7b~xA8R`AnD$tf$tq2ROP6A|$!@}S~1v&9-JHuRMssG^T29_s!=
z*$nf16JHRk_9lGeO1Y;9-boewLwT00IZ1%xB*(=VYEH6O^h_Cc=RD=!s;m5;y@PMz
zgm3r@-{_54%dA(NF6veFtWa;0ULY=B;pX8dl2TX&{+Y0kcwloz;os|me<sC6Ht8;6
zKBx_dLq4MDWNs5|nzR59Aw_tA>KeAdwn#8mY^<wiH5TcEuRgCUAAd(ZLuCgzBg7a5
zuZqWJWiG(OmCOxdSq*0C7LQJF1SF6{UDAW_OGmS7(Z(y$%`UU5vgjH!0{zM3ueu)n
z&gd@61pLi;{Dn}d=siO3=Y~AUBXOl^ZBU^2kTr*>3aMS0M{@hOGg@V3WE8KFDhfcn
zW?dz(;jwmw>zdb80F1gHv-WX_iKs7=R|Eyhw>o}8d`sEOmF<lqH*mF>rlhr%a+@pX
z84rrDC=fR;efOZo*ix`}U{?_)nTM9|ECM8RXV!quL4*kMvl-3p*>`<LJucL&puNlv
zMcFv2zq3{R<*ABKa78Yq9~Jslp+o9^O;fH{%vZ%zL-UTJhXh^)U-&LTGDWg|U!jP*
z?3<qH4X>{7$Q;5mL~p#&5g3*eZMeF^EpxcI!OA>4BaKHz<F_nUo;(%FsB<07#1|!}
z*rQ%Co|c*wWgjEGkjm0FaB41)*Jc;+Xw@UsA$xQT-IjJ<sY`hdXBG9yJE+iU^SLeC
z>fJ7RM~pi!KmBC$xjTrIyCsv#*IPxO^GI3jJ$VYcJdY_<bZxbG$h}JZMx-|nXT{D}
zUR$)Fl&7-t5#_htDm|Z;5Ql6hUJ{S-*nh?=1DHF02rn$vjhe$}A)lpu_VFp=vyR=Y
zcu1mTWG~+AdTx%`Kbs4*&G_1hiZ^gwT02p&P|3M=qF92&u~PjWOl;}1_1~OTul)P-
zUkm(efqyOVf2#$I{9jMjh@Nrj$r*9U!xPiSjLe7|nmi^z{J&VqNwo}5jjQ)i(6>82
z`|4V~oSIv^w@*(?e0m`NgVxZe6Oz+gCK^(P2R#0Gz=+HY5m2ydKSkY1$x6M-B@x%|
zqh}Qi<v9rdDV4$C$w#bP0er&vWbt`~&og}PdGx6H((d4AK5e@^?Bfq7T-tkU?D5cv
z?>+6B8Zy1JZPnr8jj^xIYW3NQ$2y#Iyj?r|=E`oKEf)+5+8_A+D=&OxALiWNH0}D;
zq$xw@JhbbR{+k9Q=g&+XDaG75`}2Vp>qYkYJokf1dHcRHO#5wTt!pRxR$KZ*MD=aW
zADywGlgX{{yWic7556(<**EK2yAM8ediKSwTS}LlN`L3;j3$45(|Yo;8*PgGGyfbO
zb)mt_4V$f&NBlI<`%AxNkKFFvvFn;0V*=hiSa5gr=I1Xr`eUIbr^Z_I;s<>CJ&|=L
zF8;akUp)L{mpUy@zB=!%_3xjbf23XXw@+SKw65gW_Srq>Ce(k*W85#J_B?(x#W%56
zW3Shri~0QWxSq+@1}i_Q|Li+2KGAOD(61U@i1^^^ulnBX`j-3gfL=F)zqvZ>m7F(U
z*>t6;!>#-6y(d@i-T36=S+>?c&iHuXVf*uon+|^Dmxwvurw1G@xVzFV^XUl>@Kwdf
zvm=MDxv|szuecfY-hO}P@{(7Fy?vlxk6kUYm-XG*IK$p7<;Zl~y7iea$ty089y5LJ
z(2jkd_~YfDm*saqT3Y{`ob`jg4tRaZvs)7Vy8L-^qPfBBc*}DGBgXe!d}LJ8uamwV
zde?vcgd4M-@*LTBh&1EjI}x*{rXKF`)AiTBdTeKU+A+7T$NS7^H0a5%dVOCbsN`w)
z6+cdS_qEkKKlN-Ad~s^fW8Z(e-0hc_+|Tx(_|O|q`EUJv=8`d&N-x&vw%}Mw^5)A2
zs_$M_ZF{4EA*<fF`&q~bJzIV>zt^Q|t&YC&NoL8_+M#E%!@fKp|6=udFaQ3W&+v{n
z-e~+zhw6X)@olw^(UHHOdh^HJ*q5sfSmiNdSM_*Ty_kmsZ_U{=yZCo`Q|GY3qdwff
z==boV8aYn+ueL8dJm%oJbqk_ujU8KT3ctSoQAKdq%$}0fN;>=0qhF7#o7yey`8&5<
z-lpDdCwF*s_qWeH5!#|w(tgvB#-H_nZ+q+ufzP&l#%uB5T5p;D>a%3WJLewx@XhzK
zy00!s_$c7e^C?|N`9IX)fn&9Pd8^>$lk?kmKGNiYhV>uuu3e|*#c$R+Tl~B*-*?>?
zkM^1T@P+RjH8Rir`p4Xl@5GP4Ht%s`|KF~p*;cn3^g_tETh3RSb>4Vr&13mPZl7J6
zc;Up}4TsF(K9dt43~MrbQb64`lV1<)vg3M(U%#!}>c-k(3z{|T`t*l~E(L#I=S+_&
zqqZF{d@A*!AHJCT^T@h4rCCu;l8P6uns$4BgHENr_cedL$@x6X)V1C0`wO?Xop$%5
z4RfBUz3a2B6Rvz3bokW+k5B)p(<jTnX@25^XJhKj9R1RJo8n>zMvl9>;=$a!qNV#<
zzIZKk;+5}K&Rdo>AZ6@Z+eUoRV)xb`9%#C*-Q2HzK7ZY>Xn5lL2VeWO-R7F3A0K|%
zuiqKtPw!?ge7F0l<l%3BIqsCJvFFy`&Yvo(_sjnG{_3*jnGvUV)tuLC&)7xg@4o-!
zN%Lc!)&$S`v~|Itk22c)*6sFZ8zvrEv@Oq4Z{Oz^y3FygUORARym!pz`cGed^Of8^
z(Ve3go!=B2{pE>2J>L27_>bEikL0{mxU^C8$nno5f8cTYMdN_h({83`Oug08TKk9R
z8xEe?W5>Z_OK+cH4@T{IcUr>UHm`au=r`T>dWqcr!7b;W_~NJ5>l2QiJ?Z~y`^8c3
z_xp24uTJR~{l;wZO<&$-ZO_x2uf@Ia<()r$M|2oH<)CfDgiGK3+;P>Aw#`EVSHy*V
z{7~A;hQE0=Jr?A&w|80Jt`qvQaiQnoAH4Rxe_}~eUSaRo5+-fjJu<(Ql+izRTX>(P
zmjQqk0MrKnPXK_g0Kf+T;3fb#4gi7yz$*Y?698}n04D*!lK`MK02l}W76X7^0KjPg
za2EhP4FDVfAQAxV1OPJtz)S!z3;^^10LuVC1^_q$0M-M56#!s50O$(<eg*(X0YDA_
z2mk<E0KlIBpaB4Q4gmB707(E~C;*rM06YPJ1OOrcz+nLJ8URQK09^q<BLL6~0F(fL
z9|6E>0MG^i1Ob5M0KgppJOlu?0)R09pauX)0RRU8Ks5jm0suY(04)K)B>?aS0JsVO
zvH?Im0C*Vy3<m&>0l*&spd$b{1ps0Jz$ySx9RS1tfH?r*cK{Fu0QLibA^;!*fQJFV
zIsh;h0E7d8NdQ1BP+0)rDF9Fx06Y%>yaB*u0PrmUXaN9B0H8krcmV)B0|06PfIa}=
z8~}I^02Ba#LjYhD0C)fZyafQ}1Ary~;1K{&696~?Kt2F?6aZWR0GR+_E&v!00E_@2
z4FC)R0Ji`@X8`aR05}T(P5=Ni07wJ?vjM;w0MG>h{0abW0Dxuy;6niLJph;j015%X
z4**~!0GI^;iUGiF08k15UIzdc0AL3IZ2`ar0I&-HTmb;D0)U?Yz&8NkSpYB^0K@@+
zaR49}0PF(*p#Wed02lxOwgG_M0H7%V_!<EC0f6@bKsx~NH~{De0Nw=v-2uSc0Kf$R
zeggpY0Ki`WU<3e|2LKiUfKLEGCjjs%0Qd+1bOQhr0YDxA_#6Ou0Dv<9U^4)C697a5
zfb#(0O91c=0N4%yUIGBk0YEYUco6_h0{~M2Ky3gp7yuju06fC%y$1m71po^Gz;yud
zAOQFR03-kae*h2#0CoU?ivYkE0IUT7*8spB0MG#d*Z{zH0AL6J2m}Bh1AvAA;1~dC
z4*==_fQ10S3jizu0KEagMgY(X0Hgwdr2yb_0FVp-J^=tP0)U|aAOZmN1pw{<;3fbV
z1^`|G01g1K7XWMo05$;dF#vcT06YQ!ya7M~0LTOYr2t?y0Js4F;sC(=0N_;s&<_A)
z1AxW=AO!%d0{}7r7y|%00)UqRKz9J}4FLEW06Yr-x&Qz(0I&dn@c>{H0QeRF%m)BZ
z0e~R@;0^#t1pwCpz)k?*1^{LNfUf{R5CB*K0A2$Co&aDf0QeLDyaWIy0swyiumk{H
z1OUeXz-0ii3;+xS0CxdEPXN#h02~DXB>><I05}f-<^cd70PqF?s15+C0f65DKrR3n
z004FYfO-Jn762#)0G$EAhX5cP05}1_3jp980H_53OaS0f03hc76aa7*0E`3xX#l_l
z0NMh8-2fmI0PF_<p8<ea0MHTu3<dyy0f2V^z?%SIH2??z09^q<0|4*~0C*Ar9036J
z0YDu9uoeI;1OQ(EfQJD<4FK>50Eh<wj{|@!0H7TJ7zY5F0f03C;5Gob000gFfXM)$
z2>_@I00IF(2LR9t04x9iPXmBp0MG*f90vdo0f3(YfCK=N0KhZ=&<OxE2LO2hpc??#
z4gfv^0JQ<Y1ORXt089q}%K^X#0AMBn*aQF~0l<R*U?~8&1^~VT09gRwEdbC006YKy
z<^q7%0YD-E_!R(*1^|8l;3oj^E&vz~08RmbtpK110K5kPo&f+g0l-)Q@I3%{3;@gm
z0D}O)ZvbEe0N4fq_5px70N?-shyegs0l*#rum}J|0{{;I@FM`o0RW8vz;giLGyrG~
z05Sl86#z5@06PFcZvYSl01^Oz7Xa`D0PO+5698a605}N%76X7k0YEwc*a86B0D#Q^
z;7b570stHY0G9y3DgY1y0Kx#kN&wIl0N4S*+W^1_0Db@fCjdYp0GI>-@&Q190MG{j
zApf63{*OccH$eVBi~Mhg{BMN({~Gz<75N{4{Qm~|pM(6rg8c7}{9ldye;oP$Bl7<+
z^1mtaKLYtb0QtWX`9A^qpNsq-iu`v+{?|kPFGv2rjr`w*{O^nWw<G_jBmXmz|Cf>f
zbCLf~Ape&k|4Who>yiJjBmWbT|0j|EvyuM;k^hU4|Gy&t?;`(iApb`q|7RfoXCeQ4
zApgHY{-+`Tk0bvFA^*Qe{y&ZUpMw0~iTn>n{y&ENcSHW4MgG5m{Qn&Je+l{D4f&sp
z{I8Du-;VrWh5Qde{(pr0uZH~p1o>YZ`5%V-e-ZirJMzCH^8X#={~yTzXypH!$p4p-
z{~pNyc;x@X$p1aae;N5d82P^l`CkM1{}=Lq4Dx>g@_#JyUwM@W`Ck+H-wOHvDDpoQ
z`F{ubZ$kceK>k02{I7-lAA<aU5BVR6{P#lszlHo?g8Y93`JaXSPeA@ZkNo#X{vSjB
z7a;%JBmW;j{(B?;FCzb2Apd=l|9z1E-y#3cA^$%{{$E4>_ecKQkpC|r|DDMHjmZCe
z<o{CS|6b&OIP(8N<o_h(|77I<4&?v0$p5v-|Axr_L&*O+$p2Bu|EG}uUm*YMBLAb1
z{|k}-^O66(k^fDQ|5K6w`;q_CkpFX#|DPfMKSll@K>l|^{x?Vd#~}Y-LjK1h|F0td
z^N{~7k^d8s|MQUlDaij3$p5X#|8>ZJALM@#^8X<6e>3ubIP(7t@;@8-e+v2kCGx*9
z^8Y;Y{}<$c7v%qG<bN~dzZv=eB=Ua^^1n6mKLh!H8~J|(`ENn~UqJp_k^ke7|Mijo
zuOR<BBmXxc|4$(QKScgJkpG3q|48Kj2grXT^8Y6C{}%H92ju@u<bN^pe;D%rUF3fo
z<bOZpe+lw`3-bRb<o{9R|EtLV_mTg-kpF(j|8(SkPvn0b^8Zid|7hg@2IT+G$p5y;
z{}ssphmiljA^(Gr|1RWzDDvME`M(eOpM?B>4f($t`7a^=x2^d!G4cAOv18B89X0A|
z?rX2P>Ri0I=l7vQ4=)}u;?3CAtK(yWgWcSX#w}kA9^Cu&r=I%j;k$Q#9JqIH^r^4D
zI`i%;ugr+pu%Xch6DP`H>(}3$`ugkV>)pKheM!H5)7M8u-Kt$$YCZGKH$M#CwJYw<
zM;}F;{_eZSmcRdg&ugE2a^jt|wD(>pD9Bv#(@#hJ@7(F|?OSg-UV8lT)aRdhW}LNC
zrz>vPu4Q-Mv}s8HkdWstfBNb6kdr5GcwV@0?5&qy{wjUnzJWc><|jMVtLN$E;qi8l
zwQD1jAA9VB7gw$f4)XJBv*4X~YMH84d-}(B-}SCpqekE}4?OV5ds$h3b~tuy^W!BY
z-BO--V*KXszdt=MGxLE*YSwJ{VRm-kjONWlS~h6#Op8YzIrRPT;Y-dv|NINL=Fk7+
zYL6bTM7L}AQ^KA-uW$L`haRsrYxYOS<Huio`RS)0oIPpMXIFam{CUXs?PBdNY<~7^
zSbRXh@kY0Ak6E{PasJsCUf8wlrI&IeH*Orff7!CMuA!l`4tMD?XP3jVsHkt>$z8T?
z{dMTJZL6O=f4=+4FTXtd(5+ijR(J0F?%wF=LA@-Ny0a!veq(DyM6u6}8y?l&-0n^o
zKYo5`Ow4Fo`}R$LnK!TN@r4UNy7b(01MYtOaaKWCShY81%;@yZ%$bdU`{09-Qror{
zJg!_x{PVZpMiu7gf0udSKzL%~#sR@TJ|`QvTz9-LU0ObD$Bqe(&71vvy}TZ8{osQu
zpFVSD+0nST)*sEDowLbiYZ+R<{#$)kt?G60^UrTj95?ROs16<0eVvr_%U=Tqw0i2{
zhflqoo?b9NKK|i36DEAPy?ghM#~(Um8`Pvp?6@bNZ1+`OUhV9hoM{^(BiA-NcW&s;
zrAvd_`}%%9=J4U)j=lKeLk(-!{^pf~2M@M8awMsDt5zA^o_*H$(OR`;9<<xNYE`c;
zr3MBrJ<-4aya6j#{62i=&d%q*{(9AC0|$mKeDh87CvU&Kv(1SU7oB6q>~8hfU(U|!
z)(!91rp<w$h7B`L%gtS!w0rmaJGynVANk^oeM?ePzrNYK_oW(_FK=yn`t*kHl9Mk_
zfA!U<;%~q8@$>W?vHO=_N^?e!?lPij)Bb5KTec1K_wRGzv(M7kE?F}BxixDxK2}t;
zVC)}%6uqC3(Xnx(M(_O5wQItm-+!+&#pyIne&dZJc_T-T4e!|T<yAlaxarG5gYx!C
zQuS)??$?Z0ulhgW?Y-jTgoKykTDSi8MxQ<@+kXDJ{+m;#%<WrP`0Nu68$R*#hac{5
zd-Q0@gV(P=^~0PwO)Pcm?)Wt&<%^N~_t%i8Pq%zNYgUW=_ugyY<k3g#&73-QeL!*X
zRQr}KU%GnriWwag^y#aA{^>qr+O&Sx7c8imCCd%!*Qt|yVEOXB=2NF8tqBj`wsgpl
zi7TzvW{c*|eSTDn7LV37nO@ttXwkykv9ZJU{Q7J2XCHbf5de$@0HXlFYXIOP02m4Y
zMgV}-03a9u7y-aw0Pqw5xC;RG0)Vdoz$*Y?0|1x^0M-M5*8#vy0MHKrL;-+O0Pqa}
z*aZMS0s!9ufcF8wCjcM~02Ba#p8&ue0Pq$7cpLyc0{}V!fNKC?695PS0G|SYlK|iX
z0C*Vy>;nL108kGAcmRO40N^nIuo3|H0f2V^Ks5mHE&!+j03HAUSpeV|04M<fPXK`L
z0YD}Is0jeF0YGyA&;S5D0sw{sfad|gd;rh`0JH-DdjP->0H7HFI1T`w1^|-)Ku-X$
z9RP^=e-;1)0D#*7U@-uA0RX%N05$@EWdI-)0CWKW4gk;>0Bi*S+W^3M0PrOMxCH<@
z1Au4%U;zM=0YC%*xB&p%0Kj+v5CZ_(1Aut|U?Bi_4gh=%0Kx#k3;-|_0DJ%d+5&(p
z0N^(OkPiS30D#5-zy|=h0Kg>xumb>W1^`|F;6VUz1^~nXfY|`R1_0^<fK>qCa{w?7
z0CWHVNdRB~0C*SxqyvC>05AanbO!*306-G}@FW1p0{}SyAQAwa0{}|_fG+?z3;<pP
z0JQ<YK>%<B0JH)C&jNs20Kg6assn&P0MH)*tN;Kz0l?P)U?2c^69Bvo08RjaF#zB%
z0I&`Kv;hFa06;DP*bM->0e~+6Kq>&}4FE0!fYSgV834Qr0KNqPo&ew%05BQ=Gz9=H
z0f0XM_zVCn0RU?NKoJ1=0{~<IfJOkID**T%05}1_8vtM=0O$w+egpu60DuGl+yTH<
z0N@P(5&%GJ0MG{j{0so50DwXO&=3H82mp=(fa?HY4gjbN08#+JegH5X0L%ga?*V{E
z0l-uMPz(UJ0DxWqAP4~b2>_-6fCT_R1^{&cz;Xa^3IK!yfFS_D3IOH;fEED21OOHR
zfLH+VD*$*103-r{u>fEc0C)`mTm%3^0l)|Vuo?ga0{|lc7z_ZO0swabz+M3G6##ez
z0BisN69K?_0Ps2hxCsFI0e~m~PznIP0RX!Iz()Y!I{@%L0Qdv|qyc~e0Pqt4xB~#*
z0sxN#fM)<eCjf8_0BiyPApqc00B{ljTmS$s1Au)1zzhKD0RRsGuoeJ31^`w906zfm
z4gjbI0Nw=vH2}Z^03Zth90LF)0N@D#@I3&?1OPPwKsEqq4geYefJXqpZ~*W;0GJN|
zdH{fS0ALRQ_yGVk0|3VXz|#O=5&-B40JZ}FW&Q(z003|s04xRoF93j-0Ki57unYi%
z0)Q?6zySdI0)VXmU>g894*<Rd0Ji`@X8;fl04xAtG60AG05<@D8vqy&0Ac_@djK#G
z04xLm&jEms0YDf4m;nH00)P(yKwAKC1pxd80P+FA0RYe#0Qdj^7XY{f0CoU?%>cj)
z06Yi)&H#Wo05BT>*Z@F%0I&)Gd=3D{0e}twAPE2r000jIfOG&54*(_rfbIa`5CCWb
z0G<Q@c>o{>07L?Sa{yo|0PqC>hXKHg0H8JiI0yia0Dx8i;8_4r3jo*wKy?5R2mty6
zfE55>Cjj^w01N~GZvud~0l*0WFa`kp1pw9ofHnYN7y!rx0J{M|HvsSj07wM@y#c^w
z0B{-rBm;m~0l>Eaz!L!c0suw>fTjSTB>?aT0G|PXB>-Rz04M?ge*l0C0MG~kbOivv
z0{|xgcmn{81OOcYz>ff65CD(>fI9%V3IMzTKmq`04FLK8fS&=t6aY{N02%^-4*|eY
z0B{`u%mDy(0YC}>*be}v1Atio;5`8FC;*rW0Ez*?768x-00aSmKLNlr0I&c6$N-=Y
z09XzHP62>$05AjqSOLIX0MG&em;k^c01yiRegyyz0RZIx8sz_V<o`M3|5fC_3;DkX
z`F|Ms|0eQ39{KNv{NIB7?~VNb3;F*e@;@5+e+KzK1Nq+w`7a~?ZzBKCBmcig{!d5#
z-$MRdk^es+|KpJV5y=0?kpDfA|0j_D?;-y)k^e`L{~eJ34&;9-@_!ui{|fRy8~Hy3
z`Trd9e>?L32J-(H^8YL3|3KvblgNKh<p0~q|48Kj2gv_m<bNCFe=X$y)5w2s<bNRY
z{}JT>pUD5s$p3E0|MAHG)5!k^kpB&l|9z4FA;|w{kpG8}|4WenFChOvLH@sj{Qn90
z|2p!&2lD?9<o}Dv{|Ax(pCSK$7V{tZUx@q<L;fE}{*OWa=Oh1jA^&rc|AUeLX~_Rs
z$p1OW|3%3E$;kg-k^ifa|J{-QXOaI?kpJ%@{|6!e>mvW(K>qWlzncg0|1R=>KJtGw
z^1mtazbo?pBjo=8<bM|OzZ&wt6Y{??@_!`q{{r$q5&1s~`TrgAKOFfVfc!s+{J(?z
zUyl5rfc*DE{y&cVUy1x*hWu}h{LexDw?zKGh5YY@{J)L-e--(^4*CBJ^1l`G{}l4S
z0Qvtg^8Z8R|HsIG8}dIE`QHxtUmN*94f($o`9Bo-AB6n>9Qpqn^8X>^|2N40gUJ6R
z<bMY8-xv8m6Z!9j{FjjbOOgNckpI6U|2rf9S0VpHk^g4o|4!upMdbf(<i8X7KOFgg
z0Qql3{x3%UzmNR4Bmegy|G!55Uqb$GMgDI<{$ED^M<M@xkpCl)|E0+PF3A7>$p5y;
z|31k7bmaeR<o`zG{{rNH5%Rwy^8X#=e**Hq4)WiG{6B*HAB+5d8Tr2n`JadUua5k`
zhWz(O{;xp(zl8k%7Wtoo{I8GvpNsr|7Ww}K@_#?_zXbXJ6!O0b@_z^N{|n@Q4dlNC
z`QHNh-yZp25Ba|y`9Br;|0VK22KoOf^4}f#-w*j;6Zzi&`JasZ-;4a8g#6!z{GW*Y
zZ-)GT9{K+$^8YpD|3c*dFyw!8;kV^SfWLYkru>eU!4My)#<NDM;rvuJEKq)b$zV7V
ztHupS)iB_W8iwsx!+7O|N50j1Q;q9?4Xoe`HGbqr<0J0vE)!|U=g0>xR}gP=1b^sq
z#Sn%O4k64U6fe#B%yYSX2o3XHuK9!`KX$pqn;-F?x?F*T+xQC+%HKs?=5iGf4<i(R
zKQeDQ*ZChP=JOXNMiZ72P9qFk$#uebUJnf7?U8`BE>|j{&pMYYN5t2=TuTVI5gsB8
z+ep4@{B6ZelqbyE>T+EsjM?FG_2-Xzjoih32^Z}lAHQ3hwU>GbWA?dRs|fQ5O9{o{
zs|E(+t33?H(LTmUylQxgcNImt7=-KCg8y`c-?FYD-e)lc@(JOy=zVM>61;sPz5TkF
zYLD{FGIVP2?30$jCL&ps@6Tr+`ILepkwc_s@YzOs7@>ZMdrjkWopcczx_U2ibL(Hr
z+tbQ_%cs`$HDO=IAPHL;26+3-aEtKvo9-U&9gyo0?j1C(n$<gaN_DGu+w2<dsm5B~
z!B+1eE{1#ig?syidwX`S?Y_k5?YVNzrp;TnMv81xs!ywy>oMJZhFbttdeQG83tX<F
zVr(P4eWtisz5TM?-S->4eXQP|2H|YMTnk~mle~yT-meWdQMt`K%)N<ME$_B8t4d3(
zwH*`}zg5-uJD01)KdY;x_I>K2D#fmwsITp>E|*0lXoqO?3DV<9k0eyvj7jcoH=FlJ
z_j;J_o^2N69gH6*{pNCc5LT@#qVgEnyz`9i9q(5e#l<0fV-j@*Fh{h>tk`)DY5hs-
zTGnPsv^heIwQ?U@*;q$;$KSur!p<kCE1tR6sB)XD)TNA>sOyP)H#t)A!!YU#!T*Ap
zyURt}?7|1`YftxKM(^M#@1Q>30d{Xc^4jquKZ=R@|Md!&>lo+4*RtK*_H)S)M06I{
zvS5O{*7s>{UA+CKxJ%vv*&c3xdHY!vZ&v4G0eO>Fxm=%U^-OVNI%d1~@D6axQgY(B
z!mdT+J43#dGJBS{xyraj;kS+NZ3AoVc<Ks)K|X6#CRX)<D)Z3h9pnD!{p#w0pLM>+
z+(_acbGU~;99&U0X3AXeUN+a2@z>@VeirC<Pp9ot+s$^LyI?o&!=IEiOoFTB_vwB=
zKU4g<`MvKG{-5p>&uxZqpEGc~VOf95?XTFZoA76)KV9&_mG`q*&-?U7^kozGSh$(_
ze~)`eVs0un>!z|P%Lv!*X)|l>``v_l2&RXywum)n73b>s<8#{Fv{z<8ly{8VQ0~&@
zZ^PWZHl2<9Te4X2XHkDC^{>(DpXO#0{vRp)|Fv4W|6}r~vWPM{#oXCO*-6`6E=4%N
z=UlNyOmnw-2Tbu8tS<!Q6WqB?-Z|tQCGPX@@vjB`wZQ*p7SR9RuKxFR#WEz00cv0n
z5=c2Tu~<ioN?p~Hhqbt_+{Me(;_y@h{$jFv=zq^w=t*(t*RR}ljS%rgtb^hJmCA91
zbw(VZKskgC7l-~gcC`(JL0SAs7i+gT>Zw85Ppz0?zV>%?1%ky9ul!W?nK;#Cw?X{f
zX>nZFZmg#VXmP#W`_yd8-^v!J`u&xc^oZ;E`0p>2{$W=o>8=*vrgfBGq|&b|HS#-0
zO8gh?`VB3v_e06_zxYG{yYE%24A#awObcVQFkTC*=Knv%^}o{`)w%Pt0YSY6W)9ED
z3^1EphO`WBVa`;d=5eiBwG0kvrX~O98ik*F7%qtas;|;flbHB>)nfl9jsWGS!SEpA
zz48nHyjOZt(%o2%vg&FTXu%U&`l2f7&uZ!VJkm?WaAIT@1m&qI`uq~>wbAg9L7x|T
z{%lUfef4>%rwjKr;@$c@)6>7@<X-JxqU3+TkR=+x5u^qN@gT~`UrH|+rX^_e>~}pq
zrE+?qo}OGeeYKvRP&r+^q^8ub14OHTv!4E3<^0?A^nR7o#eWE<)YGeSx|sJOeWcbe
zolocW{8~Dhl;e_?9$zJYO|IX|Zl?RB``stKG3jEwj%b@ZNxiKh<UaYuAB0r;^|G2V
zOUr*hKNNdIBfCi3t6Ihi!M)latK_e5s5-9)kS=CHSXzY&I320v_bcP0esv1z+Mi<A
zla%md(gP}`sF90+HNfyN4>2lV6nn7;uuq;%O;>a_rw6t4MUiT{qK!GdrlrTXQ`0|D
z14Aw97xiSdRuhyxBd3p(?!$e3s@%7QmOo7Egz{{H{8o|f#(#RLtzTO8hA1uneEu^j
zaVUF8!d^<cl2qx3c#fpBCs<8Z_VAoe(bBhdQPXt|`@WW5syWCit+vJYsehxEKR#5=
zcudQGKuZq}Q4^GXIH#qg3p-S`{~gi;w6YZgFZd|h@6%pQRra5p29RFY?O}t?YrRYh
zEq|WYFGa_5v6IM8O$Kd#Y17@%P0L@}QLRDQ$8jpg;a+|<O3PnhSM#q?1A|Pu5Bv<S
zGQL+eJH%)leq75xU8`r2CIpmcMqK+yOOFwt=1}(Vgp0NG`P#y-JU=4+cP%|k8(;m|
z%|_Bid#d`|UM+utkEmUJW+uWzTDni5h#3sZGbKW??-%ypW>%67%5xh|?~*R;U$y>P
z81`Ov3nV>2t)kM;j!J&!O9wSsJSP=L4CzhO(@H<Z{U30Hrds>;i$lp@m;MH5_E$s<
z7sqM!7g*Jt`uG}pCZ=VWTaGZq#U%_(iOWbBY#5f1GMwM!BRxGMliw{*G$bXbB@a$X
z&qz*-%NQ1ym^xy3aykW)M#K$H9WgK=H7+S*L|S@WLgr{g;)r1*Q<F22lUfGfJ4f80
zl;J6H32A8wWBA3tjI=R^L1_uYlH-yxhYcG;kqWUma%NP@s{W2)TH=V|hS=m_K4w0x
z_*e|FNyL*xNLo@WYKrL*5gXetF0xm*&aw9H-Qwa}iYp=ayb^2}mOM;!dSIftRa<eA
zkyi19rX<ECq^1lWo}6SDoH$IqmX<s$E@WUz231D(utrD3MRc>p#Tnvk{kmDB?VU-E
z>eeeRLej2EwjPGKC`b2jt0S&^WMt2X*tl40xFdoRaj7W-6XVh|64El_g#E*!9QN?e
zajjZfXs<msn%|k!hafh(vlxKbgn_BahR!|u#l&`xQ(L6}B4r$nx3sEqP5Y(GdtMWE
z*0ZY}uToW9a#BJ@!o7Ym)S!%~Fo`-^nmOo6;?TInAw%QDFOHV=CZy~xik<bl=&4#a
z(vnk?6Vj`8PWVmw5KNVjo}P@EDplO7WoxAkgNJ3NW~gJLnWl1oC@y-UTAIk<VIziX
zW{<1V3Vs7N<rR@XeMH=lgyBhlv-a@hQH)J@iYKKEkIPKQGwwMYOsG_TL$=HaqOFxP
zidly(lFAIM50>}^T4CD3LlV-5sNJgg3$t1+xNhRGku-H+db-v#;X_Jo`tRE6)==%P
zr^dzMO}f{{4H}u2GCX6D7`C#;T3Tuj_z&DKAt8xIB#urHKEY&pHMy)B(P!+GoR(H8
zsj?aLRvB8Rj~SMcFpw}KO$~?WXEZQ5ZKR>)@DUlwEe8+JY&kM*#7Nv>OogO@nJKAB
zEmD%SBx|_6g|M)aT^Q2PGHJ|kZlQ)5Y3h|%lGD;t0E?1Mi^OpaZ%hycw6l?^8HSe1
zglWlX%fTavij(x@L_^Dr<k3Whr;>YwGG|&Q57C%5B#GMem|BMlH?@R*&aD!LrBIn#
zoG~@DgsQ`Ur4IT3K`8e7VrgOdP!2!VFLCIhzTa0<)x7$-2p{7k_Sky)wpw{T)Rte7
zRXOzaM~{nN+^$%Dh*n+?1NDqr$g)-G5OSkpd41oghXIvxi#<c-qYu%m?9ui1>(4Rt
zFi6X;Jw7OVE}++vz=?Q<p_kvMwO<cCwRKyxQJm`i*Pl0t?V2c}mp`I4P!Gj^sp6qk
zSC%BUA>tW?US5Chpob4>IraAI`Sfrc*TpjpJ+433(8Cz5eAV`A$%b4`M3eRM`g0aN
z)St8H_pjRj*;@H<twQ~|jUL8p>7u-_S=I6jNE0^E>o3zknhw&RXOTrYs*eBrq*g2+
zpq0}@z5iPAs?{4luTp-bR$dRas9yYU<rh^cpQRPh!?3cF>WN;T9{yaVe1UdB52tE+
zS+7Pfr^lC9DX;IV^iY3ZsOPV0KlM36`S|Pm2t5pIqL);|fXY#W`dp#ByuQEH!^>6j
zSH1s1u8Z;0{jY7hT0jqdgyU8?bpO$lPI4mtr(tc{mOY=D|GJu^YJNSghZo3Zs!(2k
z9<=ZumcK(;;k)|%^?m;$t$eBI9EaWw{l5A*e#JGBMK7;EC!IfDlrk9Nm7nE5^zwRG
zox&B%m+e2Z)H3>g^cwVXdR%<BFVgh;>-!9!EHy{f@&Rgc+0VM#{e#O=)Dyk@Q&rMM
zTg6c^)W=@EqW%oaQo}`>;TjTc%13X%&fl7(>1|g_s6R`ms^P3E4yWH&&nvdC_bNYW
QnwmrWMf-|Jm8jwW0o_hi5dZ)H

literal 0
HcmV?d00001

diff --git a/Makefile b/Makefile
index dbb45de..5005635 100644
--- a/Makefile
+++ b/Makefile
@@ -1,108 +1,33 @@
-###############################################################################
-# Makefile for a CryptoModule
-#
-# Targets:
-#   build   : Compile + link everything into an executable
-#   run     : Run the resulting binary
-#   clean   : Remove all build artifacts
-#   rebuild : Clean first, then build
-# 	valgrind: Run the binary under Valgrind for memory checking
-#   asan    : Build with AddressSanitizer enabled and run
-#   gdb     : Build with debugging symbols and launch GDB for in-depth inspection
-#   inspect : Inspect the binary with nm and objdump
-# 	TBA
-###############################################################################
-
-# --- Project-wide settings ---
-CC          := gcc
-CFLAGS 		:= -std=c99 -g -O2 -Wall -Wextra -I. -Iinclude -Isrc
-
-# Name of the final executable
-TARGET      := cryptomodule-demo
-
-# Directory for object files and for final binary
-OBJ_DIR     := build
-BIN_DIR     := bin
-
-# Automatically find all .c files in src (including subdirectories)
-SRCS := $(shell find src -name '*.c')
-
-# Generate a list of object files by converting:
-# src/xxx.c  --->  build/xxx.o (preserving the subdirectory structure relative to src)
-OBJS := $(patsubst src/%.c, $(OBJ_DIR)/%.o, $(SRCS))
-
-# --- Phony targets (not actual files) ---
-.PHONY: build run clean rebuild all
-
-# 'all' can default to 'build'
-all: build
-
-###############################################################################
-# 1) build : compile + link
-###############################################################################
-build: $(BIN_DIR)/$(TARGET)
-
-# Link step: gather all objects into a single executable
-$(BIN_DIR)/$(TARGET): $(OBJS)
-	@echo "[LINK] Linking objects to create $@"
-	@mkdir -p $(BIN_DIR)
-	$(CC) $(CFLAGS) $^ -o $@
-
-# Compile step: For each .c -> .o
-$(OBJ_DIR)/%.o: src/%.c
-	@echo "[CC] Compiling $< into $@"
+# Compact Makefile for CryptoModule
+CC       := gcc
+CFLAGS   := -std=c99 -O2 -Wall -Wextra -Iinclude
+SRCDIR   := src
+OBJDIR   := obj
+TARGET   := CryptoModule
+
+SOURCES  := $(SRCDIR)/main.c \
+	$(SRCDIR)/block/aes.c \
+	$(SRCDIR)/common/mem.c \
+	$(SRCDIR)/mode/cbc128.c $(SRCDIR)/mode/ctr128.c $(SRCDIR)/mode/gcm128.c
+OBJECTS  := $(patsubst $(SRCDIR)/%.c,$(OBJDIR)/%.o,$(SOURCES))
+DEPS     := $(OBJECTS:.o=.d)
+
+.PHONY: all run clean rebuild
+all: $(TARGET)
+
+$(TARGET): $(OBJECTS)
+	$(CC) $(CFLAGS) -o $@ $^
+
+$(OBJDIR)/%.o: $(SRCDIR)/%.c
 	@mkdir -p $(dir $@)
-	$(CC) $(CFLAGS) -c $< -o $@
+	$(CC) $(CFLAGS) -MMD -MP -c $< -o $@
 
-###############################################################################
-# 2) run : run the resulting binary
-###############################################################################
-run: build
-	@echo "[RUN] Running $(BIN_DIR)/$(TARGET)"
-	@./$(BIN_DIR)/$(TARGET)
-
-###############################################################################
-# 3) clean : remove build artifacts
-###############################################################################
-clean:
-	@echo "[CLEAN] Removing build artifacts..."
-	rm -rf $(OBJ_DIR) $(BIN_DIR)
-	@echo "[CLEAN] Removing *.req and *.rsp files in testvectors folder..."
-	find testvectors -type f \( -name '*.req' -o -name '*.rsp' \) -delete
+-include $(DEPS)
 
-###############################################################################
-# 4) rebuild : clean + build
-###############################################################################
-rebuild: clean build
+run: all
+	./$(TARGET)
 
-###############################################################################
-# 5) valgrind : run the binary under Valgrind for memory checking
-###############################################################################
-valgrind: build
-	@echo "[VALGRIND] Running Valgrind..."
-	valgrind --leak-check=full ./$(BIN_DIR)/$(TARGET)
-
-###############################################################################
-# 6) asan : build with AddressSanitizer enabled and run
-###############################################################################
-asan: CFLAGS += -fsanitize=address
-asan: clean build
-	@echo "[ASAN] Running with AddressSanitizer..."
-	./$(BIN_DIR)/$(TARGET)
-
-###############################################################################
-# 7) gdb : Build with debugging symbols and launch GDB for in-depth inspection
-###############################################################################
-gdb: CFLAGS += -g
-gdb: clean build
-	@echo "[GDB] Launching GDB..."
-	gdb $(BIN_DIR)/$(TARGET)
+clean:
+	rm -rf $(OBJDIR) $(TARGET)
 
-###############################################################################
-# 8) inspect : Inspect the binary with nm and objdump
-###############################################################################
-inspect: build
-	@echo "[INSPECT] Listing symbols with nm..."
-	nm $(BIN_DIR)/$(TARGET)
-	@echo "[INSPECT] Listing symbols with objdump..."
-	objdump -t $(BIN_DIR)/$(TARGET)
\ No newline at end of file
+rebuild: clean all
diff --git a/doc/cryptomodule_doc.pdf b/doc/cryptomodule_doc.pdf
index 6786c26cc363587e249c31a6326a776fb268b752..332669e65a2d5266ea83e610732ff3df3063a2ce 100644
GIT binary patch
delta 163
zcmeBstkm~dX~PQ+e(yyEr>@#BZT(o!7NBfpI$42Dq?wzuotu*ph?#(x8Hibcm=%cG
zfS7$dHz&ujIjoij28Nc?uPx<}gD|)MT*`5Q$=S`)$i>Cb)ZEO%$k4#Z($T=&(AC`4
Z$<o-s*wM(`%)m~;hLDo&JS#bxH~?J^E71S|

delta 163
zcmeBstkm~dX~PQ+e&0m}r>@#BZT(o!=KtTyWU>OANHaHQJ2xjI5HkTWGZ3=?F)I+W
z0Wte_ZcdJ4b6715EewpOUt7u{2Vrjixs>Aqle4p>fu*6Fv6-uxtAVqVp@FlTxrM2z
askxbnnWKS|tDBvI4Iw4lc~){XaR3175-mdj

diff --git a/include/aes.h b/include/aes.h
new file mode 100644
index 0000000..c9b2d46
--- /dev/null
+++ b/include/aes.h
@@ -0,0 +1,66 @@
+/* File: include/aes.h */
+/*
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "config.h"
+#include "mode.h"
+
+#ifndef AES_H
+#define AES_H
+
+/**
+ * @file aes.h
+ * @brief Header file for AES block cipher API.
+ * 
+ * This file defines the AES block cipher API, including initialization,
+ * encryption/decryption, and disposal functions.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define AES_BLOCK_SIZE 16
+
+#define AES_ENCRYPT     1
+#define AES_DECRYPT     0
+
+#define AES_MAXNR 14
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+    u32 rd_key[4 * (AES_MAXNR + 1)];
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+int AES_set_encrypt_key(const u8 *userKey, const int bits, AES_KEY *key);
+int AES_set_decrypt_key(const u8 *userKey, const int bits, AES_KEY *key);
+
+void AES_encrypt(const u8 *in, u8 *out, const AES_KEY *key);
+void AES_decrypt(const u8 *in, u8 *out, const AES_KEY *key); 
+
+// void aes_block(const u8 *in, u8 *out, const void *key) {
+//     const AES_KEY *key = (const AES_KEY*)key;
+//     AES_encrypt(in, out, key);
+// }
+
+// void aes_ctr(const u8 *in, u8 *out, size_t len, 
+//             const void *key, u8 ivec[16], 
+//             u8 ecount_buf[16], u32 *num) {
+//     AES_ctr128_encrypt(in, out, len,
+//                        (const AES_KEY*)key,
+//                        ivec, ecount_buf, num);
+// }
+
+#ifdef __cplusplus
+}
+#endif
+
+ #endif // AES_H 
\ No newline at end of file
diff --git a/include/config.h b/include/config.h
new file mode 100644
index 0000000..cd8648d
--- /dev/null
+++ b/include/config.h
@@ -0,0 +1,101 @@
+/* File: include/api.h */
+
+#ifndef CRYPTOMODULE_API_H
+#define CRYPTOMODULE_API_H
+
+/* -----------------------------------------------------------------------------
+ * Master API header for CryptoModule.
+ * This file aggregates all relevant algorithm headers into a single include.
+ * ---------------------------------------------------------------------------*/
+
+#include <stdio.h>      // For FILE
+#include <stdlib.h>     // For malloc, free
+#include <stdbool.h>    // For bool
+#include <assert.h>     // For assert
+#include <string.h>     // For memcpy, memset
+#include <stdint.h>     // For uint8_t, uint32_t, etc.
+#include <stddef.h>     // For size_t
+
+typedef int8_t     i8;
+typedef int32_t    i32;
+typedef int64_t    i64;
+
+typedef uint8_t    u8;
+typedef uint32_t   u32;
+typedef uint64_t   u64;
+
+/* Optionally define convenience ��enums��, ��error codes��, or ��global�� functions*/
+// typedef enum {
+//     CRYPTOMODULE_OK = 0,
+//     CRYPTOMODULE_ERR_INVALID_INPUT,
+//     CRYPTOMODULE_ERR_CRYPTO_FAILURE,
+//     /* ... */
+// } cryptomodule_status_t;
+
+/* Example of a top-level initialization function. */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// cryptomodule_status_t cryptomodule_init(void);
+// cryptomodule_status_t cryptomodule_cleanup(void);
+
+/* Crypto Module */
+// typedef struct {
+//     const char *name;
+//     cryptomodule_status_t (*init)(void);
+//     cryptomodule_status_t (*cleanup)(void);
+// } CryptoModuleApi;
+// typedef struct {
+//     const CryptoModuleApi *api;
+// } CryptoModuleContext;
+// typedef struct {
+//     const CryptoModuleApi *api;
+//     CryptoModuleContext *ctx;
+// } CryptoModuleInternal;
+
+/* Core Header */
+// #include "cryptomodule_utils.h"
+// #include "cryptomodule_test.h"
+
+/* Block ciphers */
+// #include "block_cipher/api_block_cipher.h"
+// #include "block_cipher/block_cipher_aes.h"
+// #include "block_cipher/block_cipher_aria.h"
+// #include "block_cipher/block_cipher_lea.h"
+
+/* Modes of operation */
+// #include "mode/api_mode.h"
+// #include "mode/mode_ecb.h"
+// #include "mode/mode_cbc.h"
+// #include "mode/mode_ctr.h"
+// #include "mode/mode_gcm.h"
+
+/* RNG */
+// #include "ctr_drbg.h"
+
+/* Hash functions */
+// #include "sha2.h"
+// #include "sha3.h"
+// #include "lsh.h"
+
+/* MAC */
+// #include "hmac.h"
+
+/* KDF */
+// #include "pbkdf.h"
+
+/* Key Setup */
+// #include "ecdh.h"
+
+/* Signature */
+// #include "rsapss.h"
+// #include "ecdsa.h"
+// #include "eckcdsa.h"
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CRYPTOMODULE_API_H */
diff --git a/include/mem.h b/include/mem.h
new file mode 100644
index 0000000..c8628ca
--- /dev/null
+++ b/include/mem.h
@@ -0,0 +1,35 @@
+/* include/mem.h */
+
+#include "config.h"
+
+#ifndef MEM_H
+#define MEM_H
+
+/**
+ * @file mem.h
+ * @brief Header file for memory-related functions.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Compare two memory blocks for equality.
+ * 
+ * This function compares two memory blocks of specified length and returns
+ * 0 if they are equal, or a non-zero value if they differ.
+ * 
+ * @param in_a Pointer to the first memory block.
+ * @param in_b Pointer to the second memory block.
+ * @param len Length of the memory blocks to compare.
+ * @return 0 if equal, non-zero if different.
+ */
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // MEM_H
\ No newline at end of file
diff --git a/include/mode.h b/include/mode.h
new file mode 100644
index 0000000..5f299c5
--- /dev/null
+++ b/include/mode.h
@@ -0,0 +1,159 @@
+/* File: include/mode.h */
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "config.h"
+#include "mem.h"
+
+#ifndef MODE_H
+#define MODE_H
+
+/**
+ * @file mode.h
+ * @brief Header file for mode of operation APIs.
+ */
+
+
+# define U64(C) C##ULL
+
+#define STRICT_ALIGNMENT 1
+#ifndef PEDANTIC
+# if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
+     defined(__aarch64__)                       || \
+     defined(__s390__)  || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+# endif
+#endif
+
+#if defined(_MSC_VER)
+  #include <stdlib.h>
+  #define BSWAP8(x)  _byteswap_uint64(x)
+  #define BSWAP4(x)  _byteswap_ulong  (x)
+#elif defined(__GNUC__) || defined(__clang__)
+  /* these are in GCC/Clang even on non-x86 */
+  #define BSWAP8(x)  __builtin_bswap64(x)
+  #define BSWAP4(x)  __builtin_bswap32(x)
+#else
+  /* Portable fallback */
+  static inline uint64_t BSWAP8(uint64_t x) {
+      return ((x & 0x00000000000000FFULL) << 56) |
+             ((x & 0x000000000000FF00ULL) << 40) |
+             ((x & 0x0000000000FF0000ULL) << 24) |
+             ((x & 0x00000000FF000000ULL) << 8)  |
+             ((x & 0x000000FF00000000ULL) >> 8)  |
+             ((x & 0x0000FF0000000000ULL) >> 24) |
+             ((x & 0x00FF000000000000ULL) >> 40) |
+             ((x & 0xFF00000000000000ULL) >> 56);
+  }
+  static inline uint32_t BSWAP4(uint32_t x) {
+      return ((x & 0x000000FFU) << 24) |
+             ((x & 0x0000FF00U) << 8)  |
+             ((x & 0x00FF0000U) >> 8)  |
+             ((x & 0xFF000000U) >> 24);
+  }
+#endif
+
+#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#else
+# define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
+# define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
+#endif
+
+/*- GCM definitions */ typedef struct {
+    u64 hi, lo;
+} u128;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void (*block128_f) (const u8 in[16],
+                            u8 out[16], const void *key);
+
+typedef void (*cbc128_f) (const u8 *in, u8 *out,
+                          size_t len, const void *key,
+                          u8 ivec[16], int enc);
+
+typedef void (*ctr128_f) (const u8 *in, u8 *out,
+                          size_t blocks, const void *key,
+                          const u8 ivec[16]);
+
+void CRYPTO_cbc128_encrypt(const u8 *in, u8 *out,
+                           size_t len, const void *key,
+                           u8 ivec[16], block128_f block);
+void CRYPTO_cbc128_decrypt(const u8 *in, u8 *out,
+                           size_t len, const void *key,
+                           u8 ivec[16], block128_f block);
+
+void CRYPTO_ctr128_encrypt(const u8 *in, u8 *out,
+                           size_t len, const void *key,
+                           u8 ivec[16],
+                           u8 ecount_buf[16], unsigned int *num,
+                           block128_f block);
+void CRYPTO_ctr128_encrypt_ctr32(const u8 *in, u8 *out,
+                                 size_t len, const void *key,
+                                 u8 ivec[16],
+                                 u8 ecount_buf[16],
+                                 unsigned int *num, ctr128_f func);
+
+void gcm_init_4bit(u128 Htable[16], const u64 H[2]);
+void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);                  
+void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len);
+
+typedef void (*gcm_init_fn)(u128 Htable[16], const u64 H[2]);
+typedef void (*gcm_ghash_fn)(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len);
+typedef void (*gcm_gmult_fn)(u64 Xi[2], const u128 Htable[16]);
+struct gcm_funcs_st {
+    gcm_init_fn ginit;
+    gcm_ghash_fn ghash;
+    gcm_gmult_fn gmult;
+};
+
+struct gcm128_context {
+    /* Following 6 names follow names in GCM specification */
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+        size_t t[16 / sizeof(size_t)];
+    } Yi, EKi, EK0, len, Xi, H;
+    /*
+     * Relative position of Yi, EKi, EK0, len, Xi, H and pre-computed Htable is
+     * used in some assembler modules, i.e. don't change the order!
+     */
+    u128 Htable[16];
+    struct gcm_funcs_st funcs;
+    u32 mres, ares;
+    block128_f block;
+    void *key;
+};
+
+typedef struct gcm128_context GCM128_CONTEXT;
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block);
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const u8 *iv, size_t len);
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const u8 *aad, size_t len);
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len);
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len);
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len, ctr128_f stream);
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len, ctr128_f stream);
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const u8 *tag, size_t len);
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, u8 *tag, size_t len);
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // MODE_H
\ No newline at end of file
diff --git a/src/block/aes.c b/src/block/aes.c
new file mode 100644
index 0000000..c780313
--- /dev/null
+++ b/src/block/aes.c
@@ -0,0 +1,970 @@
+#include "aes.h"
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const u8 *userKey, const int bits, AES_KEY *key) {
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const u8 *userKey, const int bits, AES_KEY *key) {
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const u8 *in, u8 *out, const AES_KEY *key) {
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+    int r;
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+    
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const u8 *in, u8 *out, const AES_KEY *key) {
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+    
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+    
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
\ No newline at end of file
diff --git a/src/common/mem.c b/src/common/mem.c
new file mode 100644
index 0000000..86ea468
--- /dev/null
+++ b/src/common/mem.c
@@ -0,0 +1,14 @@
+#include "config.h"
+#include "mem.h"
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) {
+    size_t i;
+    const u8 *a = in_a;
+    const u8 *b = in_b;
+    u8 x = 0;
+
+    for (i = 0; i < len; i++)
+        x |= a[i] ^ b[i];
+
+    return x;
+}
\ No newline at end of file
diff --git a/src/main.c b/src/main.c
index 6669bad..bd61bb8 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1,236 +1,315 @@
-/* File: src/main.c */
-#include "../include/api_cryptomodule.h"
-
-/* Enable core dumps and set signal handlers for debugging */
-#include <signal.h>
+#include <stdio.h>
+#include <string.h>
 #include <stdlib.h>
-#include <execinfo.h>
-#include <unistd.h>
-
-// #define BLOCK_CIPHER_TEST_FLAG 1
-#define MODE_OF_OPERATION_TEST_FLAG 1
-// #define PADDING_TEST_FLAG 1
+#include "config.h"
+#include "mode.h"
+#include "aes.h"
+
+/* ------------------------------------------------------------------
+ * hex2bin(): convert hex string (even length) to binary bytes.
+ * Returns 0 on success, -1 on failure (invalid hex or overflow).
+ * ------------------------------------------------------------------ */
+static int hex2bin(const char *hex, unsigned char *out, size_t outlen) {
+    size_t i;
+    unsigned int byte;
+    if (strlen(hex) != outlen*2) return -1;
+    for (i = 0; i < outlen; i++) {
+        if (sscanf(hex + 2*i, "%2x", &byte) != 1) return -1;
+        out[i] = (unsigned char)byte;
+    }
+    return 0;
+}
 
 int main(void) {
-
-    // KAT_TEST_BLOCKCIPHER(BLOCK_CIPHER_AES128);
-    // KAT_TEST_BLOCKCIPHER(BLOCK_CIPHER_AES192);
-    // KAT_TEST_BLOCKCIPHER(BLOCK_CIPHER_AES256);
-
-#ifdef MODE_OF_OPERATION_TEST_FLAG
-   // 1) Prepare key and IV
-   uint8_t key[16] = {
-        0x00,0x01,0x02,0x03, 0x04,0x05,0x06,0x07,
-        0x08,0x09,0x0A,0x0B, 0x0C,0x0D,0x0E,0x0F
+    /* Example 128-bit key, IV and plaintext from NIST SP800-38A §6.5 */
+    const u8 key_bytes[16] = {
+       0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
+       0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c
     };
-    uint8_t iv[16] = { 0 };     // for CBC/CTR/GCM
-
-    printf("                    Key (%u): ", 16);
-    for (size_t i = 0; i < sizeof(key)/sizeof(u8); i++) {
-        printf("(%ld)%02X:", i, key[i]);
-    } puts("");
-
-    // 2) Example plaintext > 1 block (48 bytes = 3 AES blocks)
-    // const char *plaintext = 
-    //     "The quick brown fox jumps over the lazy dog!!!";
-    // size_t pt_len = strlen(plaintext);  // 43 bytes
-
-    size_t pt_len = 16;
-    size_t pt_max_len = 32;
-
-    u8 *mode_pt = (u8*)malloc(pt_max_len);
-    if (!mode_pt) {
-        fprintf(stderr, "Memory allocation failed\n");
-        return -1;
-    }
-    for (size_t i = 0; i < pt_len; i++) {
-        mode_pt[i] = (uint8_t)i*i;
+    const u8 iv_bytes[16] = {
+       0xf0,0xf1,0xf2,0xf3, 0xf4,0xf5,0xf6,0xf7,
+       0xf8,0xf9,0xfa,0xfb, 0xfc,0xfd,0xfe,0xff
+    };
+    const u8 pt[64] = {
+       /* 4×16-byte blocks of known plaintext… */
+    };
+    /* expected CT from the spec… */
+    const u8 ct_expected[64] = { /* … */ };
+
+    AES_KEY aes_key;
+    u8 ct1[64], ct2[64], ct3[64], ct4[64];
+    u8 ivec[16], ecount[16];
+    unsigned int num;
+
+    /* 1) set AES key schedule */
+    if (AES_set_encrypt_key(key_bytes, 128, &aes_key) < 0) {
+        fprintf(stderr, "AES_set_encrypt_key failed\n");
+        return 1;
     }
 
-    printf("[Fit-] Original message (%2zu): ", pt_len);
-    for (size_t i = 0; i < pt_len; i++) {
-        printf("(%ld)%02X:", i, mode_pt[i]);
-    } puts("");
-
-    printf("[Real] Original message (%2zu): ", pt_max_len);
-    for (size_t i = 0; i < pt_max_len; i++) {
-        printf("(%ld)%02X:", i, mode_pt[i]);
-    } puts("");
-
-    // For ECB/CBC with padding, ciphertext_len may grow by +block_size
-    uint8_t mode_ct[64] = {0};
-    size_t mode_ct_len = pt_max_len;
+    /* ------------------------------------------------------------ */
+    /* A) Test CRYPTO_ctr128_encrypt (uses aes_block)               */
+    /* ------------------------------------------------------------ */
+    memcpy(ivec, iv_bytes, 16);
+    memset(ecount, 0, 16);
+    num = 0;
 
-    // 3) Set up BlockCipherContext for AES
+    // CRYPTO_ctr128_encrypt(pt, ct1, sizeof(pt),
+    //                       &aes_key, ivec, ecount, &num,
+    //                       aes_block);
 
-
-    // 4) Choose a mode: ECB or CBC (both defined in mode_api.h)
-    ModeOfOperationContext mode_ctx;
-    // BlockCipherContext cipher_ctx;
-    mode_ctx.mode_api = mode_factory("ECB");
-
-    mode_ctx.mode_api->mode_init(
-        &mode_ctx, BLOCK_CIPHER_AES128, key, sizeof(key)/sizeof(u8), NULL, 0, mode_pt, pt_len, BLOCK_CIPHER_ENCRYPTION);
-    // printf("Total length: %zu\n", mode_ctx.total_len);
-
-    // size_t total_block_size = pkcs7_pad(pt, msg_len, BLOCK_SIZE);
-
-    // printf("            Key: ");
-    // for (size_t i = 0; i < sizeof(key)/sizeof(u8); i++) {
-    //     printf("%02X ", key[i]);
+    // if (memcmp(ct1, ct_expected, sizeof(pt)) != 0) {
+    //     fprintf(stderr, "CTR128_encrypt: ciphertext mismatch\n");
+    //     return 1;
     // }
-    // puts("");
-    // printf("            IV: ");
-    // for (size_t i = 0; i < sizeof(iv)/sizeof(u8); i++) {
-    //     printf("%02X ", iv[i]);
-    // }
-    // puts("");
-    printf("      Padded Plaintext: (%2zu): ", mode_ctx.total_len);
-    for (size_t i = 0; i < mode_ctx.total_len; i++) {
-        printf("(%ld)%02X:", i, mode_pt[i]);
-    } puts("");
-
-    mode_ctx.mode_api->mode_update(
-        &mode_ctx, mode_pt, mode_ct, mode_ctx.total_len, BLOCK_CIPHER_ENCRYPTION);
-    
-    printf("   (Update) Ciphertext: (%2zu): ", mode_ctx.total_len);
-    for (size_t i = 0; i < mode_ctx.total_len; i++) {
-        printf("(%ld)%02X:", i, mode_ct[i]);
-    } puts("");
-
-
-    // mode_ctx.api->mode_update(&mode_ctx, pt, ciphertext, pt_max_len, ciphertext_len, BLOCK_CIPHER_ENCRYPTION);
-    // mode_ctx.api->mode_dispose(&mode_ctx);
-    // cipher_ctx.cipher_api->cipher_dispose(&cipher_ctx);
-    // printf("            Ciphertext: (%2zu): ", ciphertext_len);
-    // for (size_t i = 0; i < ciphertext_len; i++) {
-    //     printf("%02X ", ciphertext[i]);
-    // }
-    // puts("");
-
-    free(mode_pt);
-
-#endif
 
-#ifdef PADDING_TEST_FLAG
-    uint8_t buf[128];
-    const char *msg = "HELLO WORLD";
-    size_t msg_len = strlen(msg);
-    memcpy(buf, msg, msg_len);
+    // /* round-trip (CTR is its own inverse) */
+    // memcpy(ivec, iv_bytes, 16);
+    // memset(ecount, 0, 16);
+    // num = 0;
+    // CRYPTO_ctr128_encrypt(ct1, ct3, sizeof(pt),
+    //                       &aes_key, ivec, ecount, &num,
+    //                       aes_block);
+
+    // if (memcmp(ct3, pt, sizeof(pt)) != 0) {
+    //     fprintf(stderr, "CTR128_encrypt roundtrip failed\n");
+    //     return 1;
+    // }
 
-    // size_t msg_len = 16;
-    // for (size_t i = 0; i < msg_len; i++) {
-    //     buf[i] = (uint8_t)i;
+    // /* ------------------------------------------------------------ */
+    // /* B) Test CRYPTO_ctr128_encrypt_ctr32 (uses aes_ctr32)         */
+    // /* ------------------------------------------------------------ */
+    // memcpy(ivec, iv_bytes, 16);
+    // memset(ecount, 0, 16);
+    // num = 0;
+
+    // CRYPTO_ctr128_encrypt_ctr32(pt, ct2, sizeof(pt),
+    //                             &aes_key, ivec, ecount, &num,
+    //                             aes_ctr32);
+
+    // /* it should match exactly the same output as (A) */
+    // if (memcmp(ct2, ct1, sizeof(pt)) != 0) {
+    //     fprintf(stderr, "CTR32_encrypt: ciphertext mismatch\n");
+    //     return 1;
     // }
 
-    printf("Original message (%zu): ", msg_len);
-    for (size_t i = 0; i < msg_len; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-
-    // PKCS#7
-    printf("\n----------------------------------- PKCS#7 -----------------------------------\n");
-    size_t tot = pkcs7_pad(buf, msg_len, BLOCK_SIZE);
-    printf("Padded message   (%zu): ", tot);
-    for (size_t i = 0; i < tot; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-    size_t unp = pkcs7_unpad(buf, tot, BLOCK_SIZE);
-    printf("Unpadded message (%zu): ", unp);
-    for (size_t i = 0; i < unp; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-
-    // ANSI 9.23
-    printf("\n----------------------------------- ANSI 9.23 -----------------------------------\n");
-    // memcpy(buf, msg, msg_len);
-    tot = ansi923_pad(buf, msg_len, BLOCK_SIZE);
-    printf("Padded message   (%zu): ", tot);
-    for (size_t i = 0; i < tot; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-    unp = ansi923_unpad(buf, tot, BLOCK_SIZE);
-    printf("Unpadded message (%zu): ", unp);
-    for (size_t i = 0; i < unp; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-
-    // ISO/IEC 7816-4
-    printf("\n----------------------------------- ISO/IEC 7816-4 -----------------------------------\n");
-    // memcpy(buf, msg, msg_len);
-    tot = iso7816_4_pad(buf, msg_len, BLOCK_SIZE);
-    printf("Padded message   (%zu): ", tot);
-    for (size_t i = 0; i < tot; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-    unp = iso7816_4_unpad(buf, tot, BLOCK_SIZE);
-    printf("Unpadded message (%zu): ", unp);
-    for (size_t i = 0; i < unp; i++) {
-        printf("(%ld)%02X:", i, buf[i]);
-    } puts("");
-#endif
-
-#ifdef BLOCK_CIPHER_TEST_FLAG
-    /* 1) Create a context and call init */
-    BlockCipherContext cipher_ctx;
-    memset(&cipher_ctx, 0, sizeof(cipher_ctx));
-
-    #define key_len AES128_KEY_SIZE
-
-    /* 2) Get the AES vtable. */
-    // u8 key[key_len] = {0}; /* example all zero */
-    // stringToByteArray("f8000000000000000000000000000000", key);
-    printf("Key       : ");
-    for (int i = 0; i < key_len; i++) {
-        printf("%02X ", key[i]);
-    }
-    printf("\n");
+    // /* round-trip via ctr32 */
+    // memcpy(ivec, iv_bytes, 16);
+    // memset(ecount, 0, 16);
+    // num = 0;
+    // CRYPTO_ctr128_encrypt_ctr32(ct2, ct4, sizeof(pt),
+    //                             &aes_key, ivec, ecount, &num,
+    //                             aes_ctr32);
+
+    // if (memcmp(ct4, pt, sizeof(pt)) != 0) {
+    //     fprintf(stderr, "CTR32_encrypt roundtrip failed\n");
+    //     return 1;
+    // }
 
-    /* 3) Encrypt or Decrypt a single 16-byte block. */
-    u8 pt[16] = { 0x00, };
-    // stringToByteArray("00000000000000000000000000000000", pt);
-    for (size_t i = 0; i < sizeof(pt)/sizeof(u8); i++) {
-        pt[i] = (u8)i*i;
-    }
-    u8 ct[16] = { 0x00, };
-    u8 dt[16]  = { 0x00, };
-
-    memset(&cipher_ctx, 0, sizeof(cipher_ctx));
-    cipher_ctx.cipher_api = block_cipher_factory("AES");
-    cipher_ctx.cipher_api->cipher_init(&cipher_ctx, key, key_len, AES_BLOCK_SIZE, BLOCK_CIPHER_ENCRYPTION);
-    cipher_ctx.cipher_api->cipher_process(&cipher_ctx, pt, ct, BLOCK_CIPHER_ENCRYPTION);
-    // ctx.api->dispose(&ctx);
-    cipher_ctx.cipher_api->cipher_init(&cipher_ctx, key, key_len, AES_BLOCK_SIZE, BLOCK_CIPHER_DECRYPTION);
-    cipher_ctx.cipher_api->cipher_process(&cipher_ctx, ct, dt, BLOCK_CIPHER_DECRYPTION);
-    cipher_ctx.cipher_api->cipher_dispose(&cipher_ctx);
-   
-    // -- ENCRYPTION -- 
-    // memset(&enc_ctx, 0, sizeof(enc_ctx));
-    // enc_ctx.api = block_cipher_factory("AES");
-    // enc_ctx.api->init(&enc_ctx, key, AES128_KEY_SIZE, AES_BLOCK_SIZE, BLOCK_CIPHER_ENCRYPTION);
-    // enc_ctx.api->process_block(&enc_ctx, plaintext, ciphertext, BLOCK_CIPHER_ENCRYPTION);
-    // enc_ctx.api->dispose(&enc_ctx);
-
-    // -- DECRYPTION --
-    // memset(&dec_ctx, 0, sizeof(dec_ctx));
-    // dec_ctx.api = block_cipher_factory("AES");
-    // dec_ctx.api->init(&dec_ctx, key, 16, 16, BLOCK_CIPHER_DECRYPTION);
-    // dec_ctx.api->process_block(&dec_ctx, ciphertext, decrypted, BLOCK_CIPHER_DECRYPTION);
-    // dec_ctx.api->dispose(&dec_ctx);
-    
-    printf("Original  : ");
-    for (int i = 0; i < 16; i++) {
-        printf("%02X ", pt[i]);
-    }
-    printf("\nEncrypted : ");
-    for (int i = 0; i < 16; i++) {
-        printf("%02X ", ct[i]);
-    }
-    printf("\nDecrypted : ");
-    for (int i = 0; i < 16; i++) {
-        printf("%02X ", dt[i]);
-    }
-    puts("");
-#endif
+    // puts("Both CTR128 and CTR32 tests PASS");
     return 0;
-}
\ No newline at end of file
+}
+
+// int main(void) {
+//     // struct {
+//     //     const char *hexKey, *hexIV, *hexTag;
+//     // } tests[] = {
+//     //     { "11754cd72aec309bf52f7687212e8957",
+//     //       "3c819d9a9bed087615030b65",
+//     //       "250327c674aaf477aef2675748cf6971" },
+//     //     { "ca47248ac0b6f8372a97ac43508308ed",
+//     //       "ffd2b598feabc9019262d2be",
+//     //       "60d20404af527d248d893ae495707d1a" },
+//     //     { "db1ad0bd1cf6db0b5d86efdd8914b218",
+//     //       "36fad6acb3c98e0138aeb9b1",
+//     //       "5ee2ba737d3f2a944b335a81f6653cce" },
+//     //     { "1c7135af627c04c32957f33f9ac08590",
+//     //       "355c094fa09c8e9281178d34",
+//     //       "b6ab2c7d906c9d9ec4c1498d2cbb5029" },
+//     //     { "6ca2c11205a6e55ab504dbf3491f8bdc",
+//     //       "b1008b650a2fee642175c60d",
+//     //       "7a9a225d5f9a0ebfe0e69f371871a672" },
+//     //     { "69f2ca78bb5690acc6587302628828d5",
+//     //       "701da282cb6b6018dabd00d3",
+//     //       "ab1d40dda1798d56687892e2159decfd" },
+//     //     { "dcf4e339c487b6797aaca931725f7bbd",
+//     //       "2c1d955e35366760ead8817c",
+//     //       "32b542c5f344cceceb460a02938d6b0c" },
+//     //     { "7658cdbb81572a23a78ee4596f844ee9",
+//     //       "1c3baae9b9065961842cbe52",
+//     //       "70c7123fc819aa060ed2d3c159b6ea41" },
+//     //     { "281a570b1e8f265ee09303ecae0cc46d",
+//     //       "8c2941f73cf8713ad5bc13df",
+//     //       "a42e5e5f6fb00a9f1206b302edbfd87c" }
+//     // };
+
+//     // const size_t TAGLEN = 16, IVLEN = 12, KEYLEN = 16;
+//     // unsigned char key[KEYLEN], iv[IVLEN], tag[TAGLEN];
+//     // int i, ret;
+
+//     // for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
+//     //     GCM128_CONTEXT *ctx;
+//     //     AES_KEY aes_key;
+
+//     //     /* hex → binary */
+//     //     if (hex2bin(tests[i].hexKey, key, KEYLEN) ||
+//     //         hex2bin(tests[i].hexIV,  iv,  IVLEN)  ||
+//     //         hex2bin(tests[i].hexTag, tag, TAGLEN)) {
+//     //         fprintf(stderr, "Bad hex in test %d\n", i);
+//     //         continue;
+//     //     }
+
+//     //     /* prepare AES key schedule */
+//     //     if (AES_set_encrypt_key(key, 128, &aes_key) < 0) {
+//     //         fprintf(stderr, "AES_set_encrypt_key failed\n");
+//     //         return 1;
+//     //     }
+
+//     //     /* 1) alloc + init */
+//     //     ctx = CRYPTO_gcm128_new(&aes_key, aes_block);
+//     //     if (!ctx) {
+//     //         fprintf(stderr, "GCM new failed\n");
+//     //         return 1;
+//     //     }
+//     //     CRYPTO_gcm128_init(ctx,       &aes_key, aes_block);
+
+//     //     /* 2) set IV */
+//     //     CRYPTO_gcm128_setiv(ctx, iv, IVLEN);
+
+//     //     /* 3) no AAD, so skip CRYPTO_gcm128_aad */
+
+//     //     /* 4) no plaintext: still call encrypt with len=0 */
+//     //     ret = CRYPTO_gcm128_encrypt(ctx, NULL, NULL, 0);
+//     //     if (ret != 0) {
+//     //         fprintf(stderr, "encrypt() error in test %d\n", i);
+//     //     }
+
+//     //     /* 5) verify tag: returns 0 on match */
+//     //     ret = CRYPTO_gcm128_finish(ctx, tag, TAGLEN);
+//     //     printf("Test %d: %s\n", i,
+//     //            ret == 0 ? "PASS" : "FAIL");
+
+//     //     /* 6) clean up */
+//     //     CRYPTO_gcm128_release(ctx);
+//     // }
+
+//         /* your eight “Count=0…7” test vectors */
+//     struct {
+//         const char *hexKey, *hexIV, *hexPT, *hexAAD, *hexCT, *hexTag;
+//     } tests[] = {
+//       {
+//         "2633d1781ce54f74ac609a5b5209a01f",
+//         "7d0e90b7e9f36f760d2dcbd66f352df45f3917afdbe1d0a89cc44be0bd85cf8bf75edbdd33f1d16dad02824d81389210b0f146f3df63f9232d7035eb9e8297a09474985b3e038a5fa6840155d8848fc7c53061ba0f442b84408660a997176ca5bf3473103fd3c9a1de2580b9e539af872259ecae925a8ef50f5a176a069b1fb8",
+//         "ae695828625b264e0b13d3c9a539f2cf306a7501cdd35b817b699b2d7c25cf20d2dceec3fa883019db807272fddfdca8e7f672",
+//         "584c3cad3035d1427d6f5f1b261e97a5ea7d97c0b88cedf3b1aa5e21e5916805a63964eab4449d8806e7af60618465cf39f82769b7528bba9bb9c04992cd7b9e26efe9be38e1bfeeb41678c52d5ba3508fd7a2b1e8478505bfde",
+//         "fbc32a56885100a36c276ff368db9236906021a8cc7500f2b3e78a6ca01546827073ff1103145f139f4d116eb47b84e33c7160",
+//         "49589b3a"
+//       },
+//       /* … Counts 1…7 go here in the same format … */
+//     };
+
+//     const int NTESTS = sizeof(tests)/sizeof(tests[0]);
+//     const size_t KEYLEN = 16,
+//                  IVLEN  = 128,
+//                  PTLEN  = 51,
+//                  AADLEN = 90,
+//                  CTLEN  = PTLEN,
+//                  TAGLEN = 4;
+
+//     unsigned char key[KEYLEN],
+//                   iv[IVLEN],
+//                   pt[PTLEN],
+//                   aad[AADLEN],
+//                   ct[CTLEN],
+//                   tag[TAGLEN],
+//                   pt2[PTLEN],
+//                   ct2[CTLEN],
+//                   tag2[TAGLEN];
+
+//     for (int i = 0; i < NTESTS; i++) {
+//         AES_KEY aes_key;
+//         GCM128_CONTEXT *ctx;
+//         int pass_encrypt = 1, pass_decrypt = 1;
+
+//         /* hex → bin all inputs & expected outputs */
+//         if (hex2bin(tests[i].hexKey, key, KEYLEN)        ||
+//             hex2bin(tests[i].hexIV,  iv,  IVLEN)         ||
+//             hex2bin(tests[i].hexPT,  pt,  PTLEN)         ||
+//             hex2bin(tests[i].hexAAD, aad, AADLEN)       ||
+//             hex2bin(tests[i].hexCT,  ct,  CTLEN)        ||
+//             hex2bin(tests[i].hexTag, tag, TAGLEN))
+//         {
+//             fprintf(stderr, "Bad hex in test %d\n", i);
+//             continue;
+//         }
+
+//         /* AES key schedule */
+//         if (AES_set_encrypt_key(key, 128, &aes_key) < 0) {
+//             fprintf(stderr, "AES_set_encrypt_key failed\n");
+//             return 1;
+//         }
+
+//         /****************************************************************
+//          * 1) “Plain” GCM encrypt → CT + tag
+//          ****************************************************************/
+//         ctx = CRYPTO_gcm128_new(&aes_key, aes_block);
+//         CRYPTO_gcm128_init(ctx,        &aes_key, aes_block);
+//         CRYPTO_gcm128_setiv(ctx,       iv,  IVLEN);
+//         CRYPTO_gcm128_aad(ctx,         aad, AADLEN);
+//         if (CRYPTO_gcm128_encrypt(ctx, pt, ct2, PTLEN) != PTLEN)
+//             pass_encrypt = 0;
+//         CRYPTO_gcm128_tag(ctx, tag2,   TAGLEN);
+
+//         if (memcmp(ct2, ct, CTLEN)!=0 || memcmp(tag2, tag, TAGLEN)!=0)
+//             pass_encrypt = 0;
+
+//         CRYPTO_gcm128_release(ctx);
+
+//         /****************************************************************
+//          * 2) “Plain” GCM decrypt → verify tag + PT round-trip
+//          ****************************************************************/
+//         ctx = CRYPTO_gcm128_new(&aes_key, aes_block);
+//         CRYPTO_gcm128_init(ctx,        &aes_key, aes_block);
+//         CRYPTO_gcm128_setiv(ctx,       iv,  IVLEN);
+//         CRYPTO_gcm128_aad(ctx,         aad, AADLEN);
+//         if (CRYPTO_gcm128_decrypt(ctx, ct, pt2, PTLEN) != PTLEN)
+//             pass_decrypt = 0;
+//         if (CRYPTO_gcm128_finish(ctx, tag, TAGLEN) != 0)
+//             pass_decrypt = 0;
+//         CRYPTO_gcm128_release(ctx);
+
+//         /****************************************************************
+//          * 3) “CTR32” GCM encrypt → CT + tag
+//          ****************************************************************/
+//         ctx = CRYPTO_gcm128_new(&aes_key, aes_block);
+//         CRYPTO_gcm128_init(ctx,        &aes_key, aes_block);
+//         CRYPTO_gcm128_setiv(ctx,       iv,  IVLEN);
+//         CRYPTO_gcm128_aad(ctx,         aad, AADLEN);
+//         if (CRYPTO_gcm128_encrypt_ctr32(ctx, pt, ct2, PTLEN, aes_ctr) != PTLEN)
+//             pass_encrypt = 0;
+//         CRYPTO_gcm128_tag(ctx, tag2,   TAGLEN);
+//         if (memcmp(ct2, ct, CTLEN)!=0 || memcmp(tag2, tag, TAGLEN)!=0)
+//             pass_encrypt = 0;
+//         CRYPTO_gcm128_release(ctx);
+
+//         /****************************************************************
+//          * 4) “CTR32” GCM decrypt → verify tag + PT round-trip
+//          ****************************************************************/
+//         ctx = CRYPTO_gcm128_new(&aes_key, aes_block);
+//         CRYPTO_gcm128_init(ctx,        &aes_key, aes_block);
+//         CRYPTO_gcm128_setiv(ctx,       iv,  IVLEN);
+//         CRYPTO_gcm128_aad(ctx,         aad, AADLEN);
+//         if (CRYPTO_gcm128_decrypt_ctr32(ctx, ct, pt2, PTLEN, aes_ctr) != PTLEN)
+//             pass_decrypt = 0;
+//         if (CRYPTO_gcm128_finish(ctx, tag, TAGLEN) != 0)
+//             pass_decrypt = 0;
+//         CRYPTO_gcm128_release(ctx);
+
+//         printf("Test %d: encrypt %s, decrypt %s\n",
+//                i,
+//                pass_encrypt ? "PASS" : "FAIL",
+//                pass_decrypt ? "PASS" : "FAIL");
+//     }
+
+//     return 0;
+// }
\ No newline at end of file
diff --git a/src/mode/cbc128.c b/src/mode/cbc128.c
new file mode 100644
index 0000000..cd21000
--- /dev/null
+++ b/src/mode/cbc128.c
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "mode.h"
+
+#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
+# define STRICT_ALIGNMENT 0
+#endif
+
+#if defined(__GNUC__) && !STRICT_ALIGNMENT
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+void CRYPTO_cbc128_encrypt(const u8 *in, u8 *out,
+                           size_t len, const void *key,
+                           u8 ivec[16], block128_f block) {
+    size_t n;
+    const u8 *iv = ivec;
+
+    if (len == 0)
+        return;
+
+    if (STRICT_ALIGNMENT &&
+        ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+        while (len >= 16) {
+            for (n = 0; n < 16; ++n)
+                out[n] = in[n] ^ iv[n];
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    } else {
+        while (len >= 16) {
+            for (n = 0; n < 16; n += sizeof(size_t))
+                *(size_t_aX *)(out + n) =
+                    *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n);
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    }
+
+    while (len) {
+        for (n = 0; n < 16 && n < len; ++n)
+            out[n] = in[n] ^ iv[n];
+        for (; n < 16; ++n)
+            out[n] = iv[n];
+        (*block) (out, out, key);
+        iv = out;
+        if (len <= 16)
+            break;
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+    if (ivec != iv)
+        memcpy(ivec, iv, 16);
+}
+
+void CRYPTO_cbc128_decrypt(const u8 *in, u8 *out,
+                           size_t len, const void *key,
+                           u8 ivec[16], block128_f block)
+{
+    size_t n;
+    union {
+        size_t t[16 / sizeof(size_t)];
+        u8 c[16];
+    } tmp;
+
+    if (len == 0)
+        return;
+
+    if (in != out) {
+        const u8 *iv = ivec;
+
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            while (len >= 16) {
+                (*block) (in, out, key);
+                for (n = 0; n < 16; ++n)
+                    out[n] ^= iv[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t_aX *out_t = (size_t_aX *)out;
+                size_t_aX *iv_t = (size_t_aX *)iv;
+
+                (*block) (in, out, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++)
+                    out_t[n] ^= iv_t[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+        if (ivec != iv)
+            memcpy(ivec, iv, 16);
+    } else {
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            u8 c;
+            while (len >= 16) {
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16; ++n) {
+                    c = in[n];
+                    out[n] = tmp.c[n] ^ ivec[n];
+                    ivec[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t c;
+                size_t_aX *out_t = (size_t_aX *)out;
+                size_t_aX *ivec_t = (size_t_aX *)ivec;
+                const size_t_aX *in_t = (const size_t_aX *)in;
+
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++) {
+                    c = in_t[n];
+                    out_t[n] = tmp.t[n] ^ ivec_t[n];
+                    ivec_t[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+    }
+
+    while (len) {
+        u8 c;
+        (*block) (in, tmp.c, key);
+        for (n = 0; n < 16 && n < len; ++n) {
+            c = in[n];
+            out[n] = tmp.c[n] ^ ivec[n];
+            ivec[n] = c;
+        }
+        if (len <= 16) {
+            for (; n < 16; ++n)
+                ivec[n] = in[n];
+            break;
+        }
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+}
diff --git a/src/mode/ctr128.c b/src/mode/ctr128.c
new file mode 100644
index 0000000..8db7b7c
--- /dev/null
+++ b/src/mode/ctr128.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ #include "mode.h"
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
+ * endian-neutral.
+ */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(u8 *counter) {
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+static void ctr128_inc_aligned(unsigned char *counter) {
+    size_t *data, c, d, n;
+
+    if (((size_t)counter % sizeof(size_t)) != 0) {
+        ctr128_inc(counter);
+        return;
+    }
+
+    data = (size_t *)counter;
+    c = 1;
+    n = 16 / sizeof(size_t);
+    do {
+        --n;
+        d = data[n] += c;
+        /* did addition carry? */
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
+    } while (n);
+}
+
+/*
+ * The input encrypted as though 128bit counter mode is being used.  The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
+ * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV.  This
+ * implementation takes NO responsibility for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const u8 *in, u8 *out,
+                           size_t len, const void *key,
+                           u8 ivec[16],
+                           u8 ecount_buf[16], unsigned int *num,
+                           block128_f block) {
+    u32 n;
+    size_t l = 0;
+
+    n = *num;
+
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ecount_buf[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+                % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                for (n = 0; n < 16; n += sizeof(size_t))
+                    *(size_t_aX *)(out + n) =
+                        *(size_t_aX *)(in + n)
+                        ^ *(size_t_aX *)(ecount_buf + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                while (len--) {
+                    out[n] = in[n] ^ ecount_buf[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+    
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ecount_buf, key);
+            ctr128_inc(ivec);
+        }
+        out[l] = in[l] ^ ecount_buf[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
+
+/* increment upper 96 bits of 128-bit counter by 1 */
+static void ctr96_inc(u8 *counter)
+{
+    u32 n = 12, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+void CRYPTO_ctr128_encrypt_ctr32(const u8 *in, u8 *out,
+                                 size_t len, const void *key,
+                                 u8 ivec[16],
+                                 u8 ecount_buf[16],
+                                 unsigned int *num, ctr128_f func) {
+    u32 n, ctr32;
+
+    n = *num;
+
+    while (n && len) {
+        *(out++) = *(in++) ^ ecount_buf[n];
+        --len;
+        n = (n + 1) % 16;
+    }
+
+    ctr32 = GETU32(ivec + 12);
+    while (len >= 16) {
+        size_t blocks = len / 16;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
+            blocks = (1U << 28);
+        /*
+         * As (*func) operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (u32)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        (*func) (in, out, blocks, key, ivec);
+        /* (*ctr) does not update ivec, caller does: */
+        PUTU32(ivec + 12, ctr32);
+        /* ... overflow was detected, propagate carry. */
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        blocks *= 16;
+        len -= blocks;
+        out += blocks;
+        in += blocks;
+    }
+    if (len) {
+        memset(ecount_buf, 0, 16);
+        (*func) (ecount_buf, ecount_buf, 1, key, ivec);
+        ++ctr32;
+        PUTU32(ivec + 12, ctr32);
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        while (len--) {
+            out[n] = in[n] ^ ecount_buf[n];
+            ++n;
+        }
+    }
+
+    *num = n;
+}
diff --git a/src/mode/gcm128.c b/src/mode/gcm128.c
new file mode 100644
index 0000000..7300e2d
--- /dev/null
+++ b/src/mode/gcm128.c
@@ -0,0 +1,850 @@
+/*
+ * Copyright 2010-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "mode.h"
+
+#define GCM_MUL(ctx)      ctx->funcs.gmult(ctx->Xi.u,ctx->Htable)
+/*
+ * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing
+ * effect. In other words idea is to hash data while it's still in L1 cache
+ * after encryption pass...
+ */
+#  define GHASH_CHUNK       (3*1024)
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+static void gcm_get_funcs(struct gcm_funcs_st *ctx)
+{
+    /* set defaults -- overridden below as needed */
+    ctx->ginit = gcm_init_4bit;
+    ctx->gmult = gcm_gmult_4bit;
+    ctx->ghash = gcm_ghash_4bit;
+}
+
+/*-
+ *
+ * NOTE: TABLE_BITS and all non-4bit implementations have been removed in 3.1.
+ *
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8. 8 is effectively reserved for testing purposes.
+ * TABLE_BITS>1 are lookup-table-driven implementations referred to as
+ * "Shoup's" in GCM specification. In other words OpenSSL does not cover
+ * whole spectrum of possible table driven implementations. Why? In
+ * non-"Shoup's" case memory access pattern is segmented in such manner,
+ * that it's trivial to see that cache timing information can reveal
+ * fair portion of intermediate hash value. Given that ciphertext is
+ * always available to attacker, it's possible for him to attempt to
+ * deduce secret parameter H and if successful, tamper with messages
+ * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's
+ * not as trivial, but there is no reason to believe that it's resistant
+ * to cache-timing attack. And the thing about "8-bit" implementation is
+ * that it consumes 16 (sixteen) times more memory, 4KB per individual
+ * key + 1KB shared. Well, on pros side it should be twice as fast as
+ * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version
+ * was observed to run ~75% faster, closer to 100% for commercial
+ * compilers... Yet "4-bit" procedure is preferred, because it's
+ * believed to provide better security-performance balance and adequate
+ * all-round performance. "All-round" refers to things like:
+ *
+ * - shorter setup time effectively improves overall timing for
+ *   handling short messages;
+ * - larger table allocation can become unbearable because of VM
+ *   subsystem penalties (for example on Windows large enough free
+ *   results in VM working set trimming, meaning that consequent
+ *   malloc would immediately incur working set expansion);
+ * - larger table has larger cache footprint, which can affect
+ *   performance of other code paths (not necessarily even from same
+ *   thread in Hyper-Threading world);
+ *
+ * Value of 1 is not appropriate for performance reasons.
+ */
+#define REDUCE1BIT(V)   do { \
+        if (sizeof(size_t)==8) { \
+                u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^T; \
+        } \
+        else { \
+                u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^((u64)T<<32); \
+        } \
+} while(0)
+void gcm_init_4bit(u128 Htable[16], const u64 H[2]) {
+    u128 V;
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+    Htable[8] = V;
+    REDUCE1BIT(V);
+    Htable[4] = V;
+    REDUCE1BIT(V);
+    Htable[2] = V;
+    REDUCE1BIT(V);
+    Htable[1] = V;
+    Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo;
+    V = Htable[4];
+    Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo;
+    Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo;
+    Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo;
+    V = Htable[8];
+    Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo;
+    Htable[10].hi = V.hi ^ Htable[2].hi, Htable[10].lo = V.lo ^ Htable[2].lo;
+    Htable[11].hi = V.hi ^ Htable[3].hi, Htable[11].lo = V.lo ^ Htable[3].lo;
+    Htable[12].hi = V.hi ^ Htable[4].hi, Htable[12].lo = V.lo ^ Htable[4].lo;
+    Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo;
+    Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo;
+    Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo;
+}
+
+#define PACK(s)         ((size_t)(s)<<(sizeof(size_t)*8-16))
+static const size_t rem_4bit[16] = {
+    PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460),
+    PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0),
+    PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560),
+    PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0)
+};
+void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) {
+    u128 Z;
+    int cnt = 15;
+    size_t rem, nlo, nhi;
+
+    nlo = ((const u8 *)Xi)[15];
+    nhi = nlo >> 4;
+    nlo &= 0xf;
+
+    Z.hi = Htable[nlo].hi;
+    Z.lo = Htable[nlo].lo;
+
+    while (1) {
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+
+        if (--cnt < 0)
+            break;
+
+        nlo = ((const u8 *)Xi)[cnt];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+    }
+
+#  ifdef BSWAP8
+    Xi[0] = BSWAP8(Z.hi);
+    Xi[1] = BSWAP8(Z.lo);
+#  else
+    u8 *p = (u8 *)Xi;
+    u32 v;
+    v = (u32)(Z.hi >> 32);
+    PUTU32(p, v);
+    v = (u32)(Z.hi);
+    PUTU32(p + 4, v);
+    v = (u32)(Z.lo >> 32);
+    PUTU32(p + 8, v);
+    v = (u32)(Z.lo);
+    PUTU32(p + 12, v);
+#  endif
+}
+/*
+ * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
+ * details... Compiler-generated code doesn't seem to give any
+ * performance improvement, at least not on x86[_64]. It's here
+ * mostly as reference and a placeholder for possible future
+ * non-trivial optimization[s]...
+ */
+void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
+                           const u8 *inp, size_t len) {
+    u128 Z;
+    int cnt;
+    size_t rem, nlo, nhi;
+    do {
+        cnt = 15;
+        nlo = ((const u8 *)Xi)[15];
+        nlo ^= inp[15];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi = Htable[nlo].hi;
+        Z.lo = Htable[nlo].lo;
+
+        while (1) {
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nhi].hi;
+            Z.lo ^= Htable[nhi].lo;
+
+            if (--cnt < 0)
+                break;
+
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+        }
+
+
+#   ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+#   else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+#   endif
+
+        inp += 16;
+        /* Block size is 128 bits so len is a multiple of 16 */
+        len -= 16;
+    } while (len > 0);
+}
+
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) {
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->block = block;
+    ctx->key = key;
+
+    (*block) (ctx->H.c, ctx->H.c, key);
+
+    /* H is stored in host byte order */
+#ifdef BSWAP8
+    ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
+    ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
+#else
+    u8 *p = ctx->H.c;
+    u64 hi, lo;
+    hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+    lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+    ctx->H.u[0] = hi;
+    ctx->H.u[1] = lo;
+#endif
+
+    gcm_get_funcs(&ctx->funcs);
+    ctx->funcs.ginit(ctx->Htable, ctx->H.u);
+}
+
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const u8 *iv, size_t len) {
+    u32 ctr;
+
+    ctx->len.u[0] = 0;          /* AAD length */
+    ctx->len.u[1] = 0;          /* message length */
+    ctx->ares = 0;
+    ctx->mres = 0;
+
+    if (len == 12) {
+        memcpy(ctx->Yi.c, iv, 12);
+        ctx->Yi.c[12] = 0;
+        ctx->Yi.c[13] = 0;
+        ctx->Yi.c[14] = 0;
+        ctx->Yi.c[15] = 1;
+        ctr = 1;
+    } else {
+        size_t i;
+        u64 len0 = len;
+
+        /* Borrow ctx->Xi to calculate initial Yi */
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+
+        while (len >= 16) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
+            iv += 16;
+            len -= 16;
+        }
+        if (len) {
+            for (i = 0; i < len; ++i)
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
+        }
+        len0 <<= 3;
+#ifdef BSWAP8
+        ctx->Xi.u[1] ^= BSWAP8(len0);
+#else
+        ctx->Xi.c[8] ^= (u8)(len0 >> 56);
+        ctx->Xi.c[9] ^= (u8)(len0 >> 48);
+        ctx->Xi.c[10] ^= (u8)(len0 >> 40);
+        ctx->Xi.c[11] ^= (u8)(len0 >> 32);
+        ctx->Xi.c[12] ^= (u8)(len0 >> 24);
+        ctx->Xi.c[13] ^= (u8)(len0 >> 16);
+        ctx->Xi.c[14] ^= (u8)(len0 >> 8);
+        ctx->Xi.c[15] ^= (u8)(len0);
+#endif
+        GCM_MUL(ctx);
+
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Xi.d[3]);
+#else
+        ctr = GETU32(ctx->Xi.c + 12);
+#endif
+
+        /* Copy borrowed Xi to Yi */
+        ctx->Yi.u[0] = ctx->Xi.u[0];
+        ctx->Yi.u[1] = ctx->Xi.u[1];
+    }
+
+    ctx->Xi.u[0] = 0;
+    ctx->Xi.u[1] = 0;
+
+    (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
+    ++ctr;
+#ifdef BSWAP4
+    ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+    PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+}
+
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const u8 *aad, size_t len) {
+    size_t i;
+    unsigned int n;
+    u64 alen = ctx->len.u[0];
+
+    if (ctx->len.u[1])
+        return -2;
+
+    alen += len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->len.u[0] = alen;
+
+    n = ctx->ares;
+    if (n) {
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(aad++);
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0)
+            GCM_MUL(ctx);
+        else {
+            ctx->ares = n;
+            return 0;
+        }
+    }
+    while (len >= 16) {
+        for (i = 0; i < 16; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+        GCM_MUL(ctx);
+        aad += 16;
+        len -= 16;
+    }
+    if (len) {
+        n = (unsigned int)len;
+        for (i = 0; i < len; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+    }
+
+    ctx->ares = n;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len) {
+    u32 n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        GCM_MUL(ctx);
+        ctx->ares = 0;
+    }
+
+#ifdef BSWAP4
+    ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+    ctr = GETU32(ctx->Yi.c + 12);
+#endif
+
+    n = mres % 16;
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+                while (n && len) {
+                    ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
+                    ctx->mres = n;
+                    return 0;
+                }
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+#  ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                for (i = 0; i < 16 / sizeof(size_t); ++i)
+                    ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                GCM_MUL(ctx);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+# ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                while (len--) {
+                    ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+                mres = n;
+            }
+
+            ctx->mres = mres;
+            return 0;
+        } while (0);
+    }
+
+    for (i = 0; i < len; ++i) {
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+#ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+        }
+
+        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+        mres = n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx);
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len) {
+    u32 n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx);
+        ctx->ares = 0;
+    }
+
+#ifdef BSWAP4
+    ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+    ctr = GETU32(ctx->Yi.c + 12);
+#endif
+
+    n = mres % 16;
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+                while (n && len) {
+                    u8 c = *(in++);
+                    *(out++) = c ^ ctx->EKi.c[n];
+                    ctx->Xi.c[n] ^= c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
+                    ctx->mres = n;
+                    return 0;
+                }
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+#  ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                for (i = 0; i < 16 / sizeof(size_t); ++i) {
+                    size_t c = in_t[i];
+                    out_t[i] = c ^ ctx->EKi.t[i];
+                    ctx->Xi.t[i] ^= c;
+                }
+                GCM_MUL(ctx);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+# ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                while (len--) {
+                    u8 c = in[n];
+                    ctx->Xi.c[n] ^= c;
+                    out[n] = c ^ ctx->EKi.c[n];
+                    ++n;
+                }
+                mres = n;
+            }
+
+            ctx->mres = mres;
+            return 0;
+        } while (0);
+    }
+
+    for (i = 0; i < len; ++i) {
+        u8 c;
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+#ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+        }
+
+        c = in[i];
+        out[i] = c ^ ctx->EKi.c[n];
+        ctx->Xi.c[n] ^= c;
+        mres = n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx);
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len, ctr128_f stream) {
+    u32 n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx);
+        ctx->ares = 0;
+    }
+
+# ifdef BSWAP4
+    ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+    ctr = GETU32(ctx->Yi.c + 12);
+# endif
+
+    n = mres % 16;
+    if (n) {
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
+            ctx->mres = n;
+            return 0;
+        }
+    }
+
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+# ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+        PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        in += i;
+        len -= i;
+# if defined(GHASH)
+        GHASH(ctx, out, i);
+        out += i;
+# else
+        while (j--) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= out[i];
+            GCM_MUL(ctx);
+            out += 16;
+        }
+# endif
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+# ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+        PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        while (len--) {
+            ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+            ++n;
+        }
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const u8 *in, u8 *out, size_t len, ctr128_f stream) {
+    u32 n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+        GCM_MUL(ctx);
+        ctx->ares = 0;
+    }
+
+# ifdef BSWAP4
+    ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+    ctr = GETU32(ctx->Yi.c + 12);
+# endif
+
+    n = mres % 16;
+    if (n) {
+        while (n && len) {
+            u8 c = *(in++);
+            *(out++) = c ^ ctx->EKi.c[n];
+            ctx->Xi.c[n] ^= c;
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
+            ctx->mres = n;
+            return 0;
+        }
+    }
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+        while (j--) {
+            size_t k;
+            for (k = 0; k < 16; ++k)
+                ctx->Xi.c[k] ^= in[k];
+            GCM_MUL(ctx);
+            in += 16;
+        }
+        j = i / 16;
+        in -= i;
+        
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+
+# ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+        PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+
+        out += i;
+        in += i;
+        len -= i;
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+# ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+        PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        while (len--) {
+            u8 c = in[n];
+            ctx->Xi.c[mres++] ^= c;
+            out[n] = c ^ ctx->EKi.c[n];
+            ++n;
+        }
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const u8 *tag, size_t len) {
+    u64 alen = ctx->len.u[0] << 3;
+    u64 clen = ctx->len.u[1] << 3;
+
+    if (ctx->mres || ctx->ares)
+        GCM_MUL(ctx);
+#ifdef BSWAP8
+    alen = BSWAP8(alen);
+    clen = BSWAP8(clen);
+#else
+    u8 *p = ctx->len.c;
+
+    ctx->len.u[0] = alen;
+    ctx->len.u[1] = clen;
+
+    alen = (u64)GETU32(p) << 32 | GETU32(p + 4);
+    clen = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+
+    ctx->Xi.u[0] ^= alen;
+    ctx->Xi.u[1] ^= clen;
+    GCM_MUL(ctx);
+
+    ctx->Xi.u[0] ^= ctx->EK0.u[0];
+    ctx->Xi.u[1] ^= ctx->EK0.u[1];
+
+    if (tag && len <= sizeof(ctx->Xi))
+        return CRYPTO_memcmp(ctx->Xi.c, tag, len);
+    else
+        return -1;
+}
+
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    CRYPTO_gcm128_finish(ctx, NULL, 0);
+    memcpy(tag, ctx->Xi.c,
+           len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
+}
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) {
+    GCM128_CONTEXT *ret;
+
+    if ((ret = malloc(sizeof(*ret))) != NULL)
+        CRYPTO_gcm128_init(ret, key, block);
+
+    return ret;
+}
+
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) {
+    if (ctx == NULL)
+        return;
+    /* Clear sensitive data */
+    memset(ctx->Yi.c, 0, sizeof(ctx->Yi));
+    memset(ctx->EKi.c, 0, sizeof(ctx->EKi));
+    memset(ctx->EK0.c, 0, sizeof(ctx->EK0));
+    memset(ctx->Xi.c, 0, sizeof(ctx->Xi));
+    memset(ctx->H.c, 0, sizeof(ctx->H));
+    memset(ctx->len.c, 0, sizeof(ctx->len));
+    memset(ctx->Htable, 0, sizeof(ctx->Htable));
+    ctx->ares = 0;
+    ctx->mres = 0;
+    ctx->block = NULL;
+    ctx->key = NULL;
+}
\ No newline at end of file
diff --git a/z_old/Makefile b/z_old/Makefile
new file mode 100644
index 0000000..dbb45de
--- /dev/null
+++ b/z_old/Makefile
@@ -0,0 +1,108 @@
+###############################################################################
+# Makefile for a CryptoModule
+#
+# Targets:
+#   build   : Compile + link everything into an executable
+#   run     : Run the resulting binary
+#   clean   : Remove all build artifacts
+#   rebuild : Clean first, then build
+# 	valgrind: Run the binary under Valgrind for memory checking
+#   asan    : Build with AddressSanitizer enabled and run
+#   gdb     : Build with debugging symbols and launch GDB for in-depth inspection
+#   inspect : Inspect the binary with nm and objdump
+# 	TBA
+###############################################################################
+
+# --- Project-wide settings ---
+CC          := gcc
+CFLAGS 		:= -std=c99 -g -O2 -Wall -Wextra -I. -Iinclude -Isrc
+
+# Name of the final executable
+TARGET      := cryptomodule-demo
+
+# Directory for object files and for final binary
+OBJ_DIR     := build
+BIN_DIR     := bin
+
+# Automatically find all .c files in src (including subdirectories)
+SRCS := $(shell find src -name '*.c')
+
+# Generate a list of object files by converting:
+# src/xxx.c  --->  build/xxx.o (preserving the subdirectory structure relative to src)
+OBJS := $(patsubst src/%.c, $(OBJ_DIR)/%.o, $(SRCS))
+
+# --- Phony targets (not actual files) ---
+.PHONY: build run clean rebuild all
+
+# 'all' can default to 'build'
+all: build
+
+###############################################################################
+# 1) build : compile + link
+###############################################################################
+build: $(BIN_DIR)/$(TARGET)
+
+# Link step: gather all objects into a single executable
+$(BIN_DIR)/$(TARGET): $(OBJS)
+	@echo "[LINK] Linking objects to create $@"
+	@mkdir -p $(BIN_DIR)
+	$(CC) $(CFLAGS) $^ -o $@
+
+# Compile step: For each .c -> .o
+$(OBJ_DIR)/%.o: src/%.c
+	@echo "[CC] Compiling $< into $@"
+	@mkdir -p $(dir $@)
+	$(CC) $(CFLAGS) -c $< -o $@
+
+###############################################################################
+# 2) run : run the resulting binary
+###############################################################################
+run: build
+	@echo "[RUN] Running $(BIN_DIR)/$(TARGET)"
+	@./$(BIN_DIR)/$(TARGET)
+
+###############################################################################
+# 3) clean : remove build artifacts
+###############################################################################
+clean:
+	@echo "[CLEAN] Removing build artifacts..."
+	rm -rf $(OBJ_DIR) $(BIN_DIR)
+	@echo "[CLEAN] Removing *.req and *.rsp files in testvectors folder..."
+	find testvectors -type f \( -name '*.req' -o -name '*.rsp' \) -delete
+
+###############################################################################
+# 4) rebuild : clean + build
+###############################################################################
+rebuild: clean build
+
+###############################################################################
+# 5) valgrind : run the binary under Valgrind for memory checking
+###############################################################################
+valgrind: build
+	@echo "[VALGRIND] Running Valgrind..."
+	valgrind --leak-check=full ./$(BIN_DIR)/$(TARGET)
+
+###############################################################################
+# 6) asan : build with AddressSanitizer enabled and run
+###############################################################################
+asan: CFLAGS += -fsanitize=address
+asan: clean build
+	@echo "[ASAN] Running with AddressSanitizer..."
+	./$(BIN_DIR)/$(TARGET)
+
+###############################################################################
+# 7) gdb : Build with debugging symbols and launch GDB for in-depth inspection
+###############################################################################
+gdb: CFLAGS += -g
+gdb: clean build
+	@echo "[GDB] Launching GDB..."
+	gdb $(BIN_DIR)/$(TARGET)
+
+###############################################################################
+# 8) inspect : Inspect the binary with nm and objdump
+###############################################################################
+inspect: build
+	@echo "[INSPECT] Listing symbols with nm..."
+	nm $(BIN_DIR)/$(TARGET)
+	@echo "[INSPECT] Listing symbols with objdump..."
+	objdump -t $(BIN_DIR)/$(TARGET)
\ No newline at end of file
diff --git a/include/ansi_code.h b/z_old/include/ansi_code.h
similarity index 100%
rename from include/ansi_code.h
rename to z_old/include/ansi_code.h
diff --git a/include/api_cryptomodule.h b/z_old/include/api_cryptomodule.h
similarity index 100%
rename from include/api_cryptomodule.h
rename to z_old/include/api_cryptomodule.h
diff --git a/include/block_cipher/api_block_cipher.h b/z_old/include/block_cipher/api_block_cipher.h
similarity index 100%
rename from include/block_cipher/api_block_cipher.h
rename to z_old/include/block_cipher/api_block_cipher.h
diff --git a/include/block_cipher/block_cipher_aes.h b/z_old/include/block_cipher/block_cipher_aes.h
similarity index 100%
rename from include/block_cipher/block_cipher_aes.h
rename to z_old/include/block_cipher/block_cipher_aes.h
diff --git a/include/block_cipher/block_cipher_aria.h b/z_old/include/block_cipher/block_cipher_aria.h
similarity index 100%
rename from include/block_cipher/block_cipher_aria.h
rename to z_old/include/block_cipher/block_cipher_aria.h
diff --git a/include/block_cipher/block_cipher_lea.h b/z_old/include/block_cipher/block_cipher_lea.h
similarity index 100%
rename from include/block_cipher/block_cipher_lea.h
rename to z_old/include/block_cipher/block_cipher_lea.h
diff --git a/include/cryptomodule_test.h b/z_old/include/cryptomodule_test.h
similarity index 100%
rename from include/cryptomodule_test.h
rename to z_old/include/cryptomodule_test.h
diff --git a/include/cryptomodule_utils.h b/z_old/include/cryptomodule_utils.h
similarity index 100%
rename from include/cryptomodule_utils.h
rename to z_old/include/cryptomodule_utils.h
diff --git a/include/mode/api_mode.h b/z_old/include/mode/api_mode.h
similarity index 100%
rename from include/mode/api_mode.h
rename to z_old/include/mode/api_mode.h
diff --git a/include/mode/mode_cbc.h b/z_old/include/mode/mode_cbc.h
similarity index 100%
rename from include/mode/mode_cbc.h
rename to z_old/include/mode/mode_cbc.h
diff --git a/include/mode/mode_ctr.h b/z_old/include/mode/mode_ctr.h
similarity index 100%
rename from include/mode/mode_ctr.h
rename to z_old/include/mode/mode_ctr.h
diff --git a/include/mode/mode_ecb.h b/z_old/include/mode/mode_ecb.h
similarity index 100%
rename from include/mode/mode_ecb.h
rename to z_old/include/mode/mode_ecb.h
diff --git a/include/mode/mode_gcm.h b/z_old/include/mode/mode_gcm.h
similarity index 100%
rename from include/mode/mode_gcm.h
rename to z_old/include/mode/mode_gcm.h
diff --git a/include/sha/sha2.h b/z_old/include/sha/sha2.h
similarity index 100%
rename from include/sha/sha2.h
rename to z_old/include/sha/sha2.h
diff --git a/sage/aes.sage b/z_old/sage/aes.sage
similarity index 100%
rename from sage/aes.sage
rename to z_old/sage/aes.sage
diff --git a/sage/aes.sage.py b/z_old/sage/aes.sage.py
similarity index 100%
rename from sage/aes.sage.py
rename to z_old/sage/aes.sage.py
diff --git a/src/block_cipher/block_cipher_aes.c b/z_old/src/block_cipher/block_cipher_aes.c
similarity index 100%
rename from src/block_cipher/block_cipher_aes.c
rename to z_old/src/block_cipher/block_cipher_aes.c
diff --git a/src/block_cipher/block_cipher_aria.c b/z_old/src/block_cipher/block_cipher_aria.c
similarity index 100%
rename from src/block_cipher/block_cipher_aria.c
rename to z_old/src/block_cipher/block_cipher_aria.c
diff --git a/src/block_cipher/block_cipher_factory.c b/z_old/src/block_cipher/block_cipher_factory.c
similarity index 100%
rename from src/block_cipher/block_cipher_factory.c
rename to z_old/src/block_cipher/block_cipher_factory.c
diff --git a/src/block_cipher/block_cipher_lea.c b/z_old/src/block_cipher/block_cipher_lea.c
similarity index 100%
rename from src/block_cipher/block_cipher_lea.c
rename to z_old/src/block_cipher/block_cipher_lea.c
diff --git a/src/cryptomodule_core.c b/z_old/src/cryptomodule_core.c
similarity index 100%
rename from src/cryptomodule_core.c
rename to z_old/src/cryptomodule_core.c
diff --git a/src/cryptomodule_test.c b/z_old/src/cryptomodule_test.c
similarity index 100%
rename from src/cryptomodule_test.c
rename to z_old/src/cryptomodule_test.c
diff --git a/src/cryptomodule_utils.c b/z_old/src/cryptomodule_utils.c
similarity index 100%
rename from src/cryptomodule_utils.c
rename to z_old/src/cryptomodule_utils.c
diff --git a/z_old/src/main.c b/z_old/src/main.c
new file mode 100644
index 0000000..6669bad
--- /dev/null
+++ b/z_old/src/main.c
@@ -0,0 +1,236 @@
+/* File: src/main.c */
+#include "../include/api_cryptomodule.h"
+
+/* Enable core dumps and set signal handlers for debugging */
+#include <signal.h>
+#include <stdlib.h>
+#include <execinfo.h>
+#include <unistd.h>
+
+// #define BLOCK_CIPHER_TEST_FLAG 1
+#define MODE_OF_OPERATION_TEST_FLAG 1
+// #define PADDING_TEST_FLAG 1
+
+int main(void) {
+
+    // KAT_TEST_BLOCKCIPHER(BLOCK_CIPHER_AES128);
+    // KAT_TEST_BLOCKCIPHER(BLOCK_CIPHER_AES192);
+    // KAT_TEST_BLOCKCIPHER(BLOCK_CIPHER_AES256);
+
+#ifdef MODE_OF_OPERATION_TEST_FLAG
+   // 1) Prepare key and IV
+   uint8_t key[16] = {
+        0x00,0x01,0x02,0x03, 0x04,0x05,0x06,0x07,
+        0x08,0x09,0x0A,0x0B, 0x0C,0x0D,0x0E,0x0F
+    };
+    uint8_t iv[16] = { 0 };     // for CBC/CTR/GCM
+
+    printf("                    Key (%u): ", 16);
+    for (size_t i = 0; i < sizeof(key)/sizeof(u8); i++) {
+        printf("(%ld)%02X:", i, key[i]);
+    } puts("");
+
+    // 2) Example plaintext > 1 block (48 bytes = 3 AES blocks)
+    // const char *plaintext = 
+    //     "The quick brown fox jumps over the lazy dog!!!";
+    // size_t pt_len = strlen(plaintext);  // 43 bytes
+
+    size_t pt_len = 16;
+    size_t pt_max_len = 32;
+
+    u8 *mode_pt = (u8*)malloc(pt_max_len);
+    if (!mode_pt) {
+        fprintf(stderr, "Memory allocation failed\n");
+        return -1;
+    }
+    for (size_t i = 0; i < pt_len; i++) {
+        mode_pt[i] = (uint8_t)i*i;
+    }
+
+    printf("[Fit-] Original message (%2zu): ", pt_len);
+    for (size_t i = 0; i < pt_len; i++) {
+        printf("(%ld)%02X:", i, mode_pt[i]);
+    } puts("");
+
+    printf("[Real] Original message (%2zu): ", pt_max_len);
+    for (size_t i = 0; i < pt_max_len; i++) {
+        printf("(%ld)%02X:", i, mode_pt[i]);
+    } puts("");
+
+    // For ECB/CBC with padding, ciphertext_len may grow by +block_size
+    uint8_t mode_ct[64] = {0};
+    size_t mode_ct_len = pt_max_len;
+
+    // 3) Set up BlockCipherContext for AES
+
+
+    // 4) Choose a mode: ECB or CBC (both defined in mode_api.h)
+    ModeOfOperationContext mode_ctx;
+    // BlockCipherContext cipher_ctx;
+    mode_ctx.mode_api = mode_factory("ECB");
+
+    mode_ctx.mode_api->mode_init(
+        &mode_ctx, BLOCK_CIPHER_AES128, key, sizeof(key)/sizeof(u8), NULL, 0, mode_pt, pt_len, BLOCK_CIPHER_ENCRYPTION);
+    // printf("Total length: %zu\n", mode_ctx.total_len);
+
+    // size_t total_block_size = pkcs7_pad(pt, msg_len, BLOCK_SIZE);
+
+    // printf("            Key: ");
+    // for (size_t i = 0; i < sizeof(key)/sizeof(u8); i++) {
+    //     printf("%02X ", key[i]);
+    // }
+    // puts("");
+    // printf("            IV: ");
+    // for (size_t i = 0; i < sizeof(iv)/sizeof(u8); i++) {
+    //     printf("%02X ", iv[i]);
+    // }
+    // puts("");
+    printf("      Padded Plaintext: (%2zu): ", mode_ctx.total_len);
+    for (size_t i = 0; i < mode_ctx.total_len; i++) {
+        printf("(%ld)%02X:", i, mode_pt[i]);
+    } puts("");
+
+    mode_ctx.mode_api->mode_update(
+        &mode_ctx, mode_pt, mode_ct, mode_ctx.total_len, BLOCK_CIPHER_ENCRYPTION);
+    
+    printf("   (Update) Ciphertext: (%2zu): ", mode_ctx.total_len);
+    for (size_t i = 0; i < mode_ctx.total_len; i++) {
+        printf("(%ld)%02X:", i, mode_ct[i]);
+    } puts("");
+
+
+    // mode_ctx.api->mode_update(&mode_ctx, pt, ciphertext, pt_max_len, ciphertext_len, BLOCK_CIPHER_ENCRYPTION);
+    // mode_ctx.api->mode_dispose(&mode_ctx);
+    // cipher_ctx.cipher_api->cipher_dispose(&cipher_ctx);
+    // printf("            Ciphertext: (%2zu): ", ciphertext_len);
+    // for (size_t i = 0; i < ciphertext_len; i++) {
+    //     printf("%02X ", ciphertext[i]);
+    // }
+    // puts("");
+
+    free(mode_pt);
+
+#endif
+
+#ifdef PADDING_TEST_FLAG
+    uint8_t buf[128];
+    const char *msg = "HELLO WORLD";
+    size_t msg_len = strlen(msg);
+    memcpy(buf, msg, msg_len);
+
+    // size_t msg_len = 16;
+    // for (size_t i = 0; i < msg_len; i++) {
+    //     buf[i] = (uint8_t)i;
+    // }
+
+    printf("Original message (%zu): ", msg_len);
+    for (size_t i = 0; i < msg_len; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+
+    // PKCS#7
+    printf("\n----------------------------------- PKCS#7 -----------------------------------\n");
+    size_t tot = pkcs7_pad(buf, msg_len, BLOCK_SIZE);
+    printf("Padded message   (%zu): ", tot);
+    for (size_t i = 0; i < tot; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+    size_t unp = pkcs7_unpad(buf, tot, BLOCK_SIZE);
+    printf("Unpadded message (%zu): ", unp);
+    for (size_t i = 0; i < unp; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+
+    // ANSI 9.23
+    printf("\n----------------------------------- ANSI 9.23 -----------------------------------\n");
+    // memcpy(buf, msg, msg_len);
+    tot = ansi923_pad(buf, msg_len, BLOCK_SIZE);
+    printf("Padded message   (%zu): ", tot);
+    for (size_t i = 0; i < tot; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+    unp = ansi923_unpad(buf, tot, BLOCK_SIZE);
+    printf("Unpadded message (%zu): ", unp);
+    for (size_t i = 0; i < unp; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+
+    // ISO/IEC 7816-4
+    printf("\n----------------------------------- ISO/IEC 7816-4 -----------------------------------\n");
+    // memcpy(buf, msg, msg_len);
+    tot = iso7816_4_pad(buf, msg_len, BLOCK_SIZE);
+    printf("Padded message   (%zu): ", tot);
+    for (size_t i = 0; i < tot; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+    unp = iso7816_4_unpad(buf, tot, BLOCK_SIZE);
+    printf("Unpadded message (%zu): ", unp);
+    for (size_t i = 0; i < unp; i++) {
+        printf("(%ld)%02X:", i, buf[i]);
+    } puts("");
+#endif
+
+#ifdef BLOCK_CIPHER_TEST_FLAG
+    /* 1) Create a context and call init */
+    BlockCipherContext cipher_ctx;
+    memset(&cipher_ctx, 0, sizeof(cipher_ctx));
+
+    #define key_len AES128_KEY_SIZE
+
+    /* 2) Get the AES vtable. */
+    // u8 key[key_len] = {0}; /* example all zero */
+    // stringToByteArray("f8000000000000000000000000000000", key);
+    printf("Key       : ");
+    for (int i = 0; i < key_len; i++) {
+        printf("%02X ", key[i]);
+    }
+    printf("\n");
+
+    /* 3) Encrypt or Decrypt a single 16-byte block. */
+    u8 pt[16] = { 0x00, };
+    // stringToByteArray("00000000000000000000000000000000", pt);
+    for (size_t i = 0; i < sizeof(pt)/sizeof(u8); i++) {
+        pt[i] = (u8)i*i;
+    }
+    u8 ct[16] = { 0x00, };
+    u8 dt[16]  = { 0x00, };
+
+    memset(&cipher_ctx, 0, sizeof(cipher_ctx));
+    cipher_ctx.cipher_api = block_cipher_factory("AES");
+    cipher_ctx.cipher_api->cipher_init(&cipher_ctx, key, key_len, AES_BLOCK_SIZE, BLOCK_CIPHER_ENCRYPTION);
+    cipher_ctx.cipher_api->cipher_process(&cipher_ctx, pt, ct, BLOCK_CIPHER_ENCRYPTION);
+    // ctx.api->dispose(&ctx);
+    cipher_ctx.cipher_api->cipher_init(&cipher_ctx, key, key_len, AES_BLOCK_SIZE, BLOCK_CIPHER_DECRYPTION);
+    cipher_ctx.cipher_api->cipher_process(&cipher_ctx, ct, dt, BLOCK_CIPHER_DECRYPTION);
+    cipher_ctx.cipher_api->cipher_dispose(&cipher_ctx);
+   
+    // -- ENCRYPTION -- 
+    // memset(&enc_ctx, 0, sizeof(enc_ctx));
+    // enc_ctx.api = block_cipher_factory("AES");
+    // enc_ctx.api->init(&enc_ctx, key, AES128_KEY_SIZE, AES_BLOCK_SIZE, BLOCK_CIPHER_ENCRYPTION);
+    // enc_ctx.api->process_block(&enc_ctx, plaintext, ciphertext, BLOCK_CIPHER_ENCRYPTION);
+    // enc_ctx.api->dispose(&enc_ctx);
+
+    // -- DECRYPTION --
+    // memset(&dec_ctx, 0, sizeof(dec_ctx));
+    // dec_ctx.api = block_cipher_factory("AES");
+    // dec_ctx.api->init(&dec_ctx, key, 16, 16, BLOCK_CIPHER_DECRYPTION);
+    // dec_ctx.api->process_block(&dec_ctx, ciphertext, decrypted, BLOCK_CIPHER_DECRYPTION);
+    // dec_ctx.api->dispose(&dec_ctx);
+    
+    printf("Original  : ");
+    for (int i = 0; i < 16; i++) {
+        printf("%02X ", pt[i]);
+    }
+    printf("\nEncrypted : ");
+    for (int i = 0; i < 16; i++) {
+        printf("%02X ", ct[i]);
+    }
+    printf("\nDecrypted : ");
+    for (int i = 0; i < 16; i++) {
+        printf("%02X ", dt[i]);
+    }
+    puts("");
+#endif
+    return 0;
+}
\ No newline at end of file
diff --git a/src/mode/mode_cbc.c b/z_old/src/mode/mode_cbc.c
similarity index 100%
rename from src/mode/mode_cbc.c
rename to z_old/src/mode/mode_cbc.c
diff --git a/src/mode/mode_ctr.c b/z_old/src/mode/mode_ctr.c
similarity index 100%
rename from src/mode/mode_ctr.c
rename to z_old/src/mode/mode_ctr.c
diff --git a/src/mode/mode_ecb.c b/z_old/src/mode/mode_ecb.c
similarity index 100%
rename from src/mode/mode_ecb.c
rename to z_old/src/mode/mode_ecb.c
diff --git a/src/mode/mode_factory.c b/z_old/src/mode/mode_factory.c
similarity index 100%
rename from src/mode/mode_factory.c
rename to z_old/src/mode/mode_factory.c
diff --git a/src/mode/mode_gcm.c b/z_old/src/mode/mode_gcm.c
similarity index 100%
rename from src/mode/mode_gcm.c
rename to z_old/src/mode/mode_gcm.c
diff --git a/src/mode/padding.c b/z_old/src/mode/padding.c
similarity index 100%
rename from src/mode/padding.c
rename to z_old/src/mode/padding.c
diff --git a/src/sha/sha2.c b/z_old/src/sha/sha2.c
similarity index 100%
rename from src/sha/sha2.c
rename to z_old/src/sha/sha2.c
diff --git a/src/sha/sha2_core.c b/z_old/src/sha/sha2_core.c
similarity index 100%
rename from src/sha/sha2_core.c
rename to z_old/src/sha/sha2_core.c