HCoop / hcoop / debian / openafs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import Upstream version 1.8.5
[hcoop/debian/openafs.git] / src / external / heimdal / hcrypto / camellia-ntt.c
1 /* camellia.c ver 1.2.0
2 *
3 * Copyright (c) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer as
11 * the first lines of this file unmodified.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 /*
29 * Algorithm Specification
30 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
31 */
32
33 #include "config.h"
34
35 #include <string.h>
36 #include <stdlib.h>
37
38 #include <krb5-types.h>
39 #include "camellia-ntt.h"
40
41 #include <roken.h>
42
43 /* key constants */
44
45 #define CAMELLIA_SIGMA1L (0xA09E667FL)
46 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
47 #define CAMELLIA_SIGMA2L (0xB67AE858L)
48 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
49 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
50 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
51 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
52 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
53 #define CAMELLIA_SIGMA5L (0x10E527FAL)
54 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
55 #define CAMELLIA_SIGMA6L (0xB05688C2L)
56 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
57
58 /*
59 * macros
60 */
61
62
63 #if defined(_MSC_VER)
64
65 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
66 # define GETU32(p) SWAP(*((u32 *)(p)))
67 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
68
69 #else /* not MS-VC */
70
71 # define GETU32(pt) \
72 (((u32)(pt)[0] << 24) \
73 ^ ((u32)(pt)[1] << 16) \
74 ^ ((u32)(pt)[2] << 8) \
75 ^ ((u32)(pt)[3]))
76
77 # define PUTU32(ct, st) { \
78 (ct)[0] = (u8)((st) >> 24); \
79 (ct)[1] = (u8)((st) >> 16); \
80 (ct)[2] = (u8)((st) >> 8); \
81 (ct)[3] = (u8)(st); }
82
83 #endif
84
85 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
86 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
87
88 /* rotation right shift 1byte */
89 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
90 /* rotation left shift 1bit */
91 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
92 /* rotation left shift 1byte */
93 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
94
95 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
96 do { \
97 w0 = ll; \
98 ll = (ll << bits) + (lr >> (32 - bits)); \
99 lr = (lr << bits) + (rl >> (32 - bits)); \
100 rl = (rl << bits) + (rr >> (32 - bits)); \
101 rr = (rr << bits) + (w0 >> (32 - bits)); \
102 } while(0)
103
104 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
105 do { \
106 w0 = ll; \
107 w1 = lr; \
108 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
109 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
110 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
111 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
112 } while(0)
113
114 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
115 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
116 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
117 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
118
119 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
120 do { \
121 il = xl ^ kl; \
122 ir = xr ^ kr; \
123 t0 = il >> 16; \
124 t1 = ir >> 16; \
125 yl = CAMELLIA_SP1110(ir & 0xff) \
126 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
127 ^ CAMELLIA_SP3033(t1 & 0xff) \
128 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
129 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
130 ^ CAMELLIA_SP0222(t0 & 0xff) \
131 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
132 ^ CAMELLIA_SP4404(il & 0xff); \
133 yl ^= yr; \
134 yr = CAMELLIA_RR8(yr); \
135 yr ^= yl; \
136 } while(0)
137
138
139 /*
140 * for speed up
141 *
142 */
143 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
144 do { \
145 t0 = kll; \
146 t0 &= ll; \
147 lr ^= CAMELLIA_RL1(t0); \
148 t1 = klr; \
149 t1 |= lr; \
150 ll ^= t1; \
151 \
152 t2 = krr; \
153 t2 |= rr; \
154 rl ^= t2; \
155 t3 = krl; \
156 t3 &= rl; \
157 rr ^= CAMELLIA_RL1(t3); \
158 } while(0)
159
160 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
161 do { \
162 ir = CAMELLIA_SP1110(xr & 0xff) \
163 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
164 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
165 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
166 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
167 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
168 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
169 ^ CAMELLIA_SP4404(xl & 0xff); \
170 il ^= kl; \
171 ir ^= kr; \
172 ir ^= il; \
173 il = CAMELLIA_RR8(il); \
174 il ^= ir; \
175 yl ^= ir; \
176 yr ^= il; \
177 } while(0)
178
179
180 static const u32 camellia_sp1110[256] = {
181 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
182 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
183 0xe4e4e400,0x85858500,0x57575700,0x35353500,
184 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
185 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
186 0x45454500,0x19191900,0xa5a5a500,0x21212100,
187 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
188 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
189 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
190 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
191 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
192 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
193 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
194 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
195 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
196 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
197 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
198 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
199 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
200 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
201 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
202 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
203 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
204 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
205 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
206 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
207 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
208 0x53535300,0x18181800,0xf2f2f200,0x22222200,
209 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
210 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
211 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
212 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
213 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
214 0xa1a1a100,0x89898900,0x62626200,0x97979700,
215 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
216 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
217 0x10101000,0xc4c4c400,0x00000000,0x48484800,
218 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
219 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
220 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
221 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
222 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
223 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
224 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
225 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
226 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
227 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
228 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
229 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
230 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
231 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
232 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
233 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
234 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
235 0xd4d4d400,0x25252500,0xababab00,0x42424200,
236 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
237 0x72727200,0x07070700,0xb9b9b900,0x55555500,
238 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
239 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
240 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
241 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
242 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
243 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
244 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
245 };
246
247 static const u32 camellia_sp0222[256] = {
248 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
249 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
250 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
251 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
252 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
253 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
254 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
255 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
256 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
257 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
258 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
259 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
260 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
261 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
262 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
263 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
264 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
265 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
266 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
267 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
268 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
269 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
270 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
271 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
272 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
273 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
274 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
275 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
276 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
277 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
278 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
279 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
280 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
281 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
282 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
283 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
284 0x00202020,0x00898989,0x00000000,0x00909090,
285 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
286 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
287 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
288 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
289 0x009b9b9b,0x00949494,0x00212121,0x00666666,
290 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
291 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
292 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
293 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
294 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
295 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
296 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
297 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
298 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
299 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
300 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
301 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
302 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
303 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
304 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
305 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
306 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
307 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
308 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
309 0x00777777,0x00939393,0x00868686,0x00838383,
310 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
311 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
312 };
313
314 static const u32 camellia_sp3033[256] = {
315 0x38003838,0x41004141,0x16001616,0x76007676,
316 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
317 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
318 0x75007575,0x06000606,0x57005757,0xa000a0a0,
319 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
320 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
321 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
322 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
323 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
324 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
325 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
326 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
327 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
328 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
329 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
330 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
331 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
332 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
333 0x3a003a3a,0x09000909,0x95009595,0x10001010,
334 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
335 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
336 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
337 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
338 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
339 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
340 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
341 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
342 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
343 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
344 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
345 0x12001212,0x04000404,0x74007474,0x54005454,
346 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
347 0x55005555,0x68006868,0x50005050,0xbe00bebe,
348 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
349 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
350 0x70007070,0xff00ffff,0x32003232,0x69006969,
351 0x08000808,0x62006262,0x00000000,0x24002424,
352 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
353 0x45004545,0x81008181,0x73007373,0x6d006d6d,
354 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
355 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
356 0xe600e6e6,0x25002525,0x48004848,0x99009999,
357 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
358 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
359 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
360 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
361 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
362 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
363 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
364 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
365 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
366 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
367 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
368 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
369 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
370 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
371 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
372 0x7c007c7c,0x77007777,0x56005656,0x05000505,
373 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
374 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
375 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
376 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
377 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
378 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
379 };
380
381 static const u32 camellia_sp4404[256] = {
382 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
383 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
384 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
385 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
386 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
387 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
388 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
389 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
390 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
391 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
392 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
393 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
394 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
395 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
396 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
397 0x24240024,0xe8e800e8,0x60600060,0x69690069,
398 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
399 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
400 0x10100010,0x00000000,0xa3a300a3,0x75750075,
401 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
402 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
403 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
404 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
405 0x81810081,0x6f6f006f,0x13130013,0x63630063,
406 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
407 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
408 0x78780078,0x06060006,0xe7e700e7,0x71710071,
409 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
410 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
411 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
412 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
413 0x15150015,0xadad00ad,0x77770077,0x80800080,
414 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
415 0x85850085,0x35350035,0x0c0c000c,0x41410041,
416 0xefef00ef,0x93930093,0x19190019,0x21210021,
417 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
418 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
419 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
420 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
421 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
422 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
423 0x12120012,0x20200020,0xb1b100b1,0x99990099,
424 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
425 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
426 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
427 0x0f0f000f,0x16160016,0x18180018,0x22220022,
428 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
429 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
430 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
431 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
432 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
433 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
434 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
435 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
436 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
437 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
438 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
439 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
440 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
441 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
442 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
443 0x49490049,0x68680068,0x38380038,0xa4a400a4,
444 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
445 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
446 };
447
448
449 /**
450 * Stuff related to the Camellia key schedule
451 */
452 #define subl(x) subL[(x)]
453 #define subr(x) subR[(x)]
454
455 static void camellia_setup128(const unsigned char *key, u32 *subkey)
456 {
457 u32 kll, klr, krl, krr;
458 u32 il, ir, t0, t1, w0, w1;
459 u32 kw4l, kw4r, dw, tl, tr;
460 u32 subL[26];
461 u32 subR[26];
462
463 /**
464 * k == kll || klr || krl || krr (|| is concatination)
465 */
466 kll = GETU32(key );
467 klr = GETU32(key + 4);
468 krl = GETU32(key + 8);
469 krr = GETU32(key + 12);
470 /**
471 * generate KL dependent subkeys
472 */
473 subl(0) = kll; subr(0) = klr;
474 subl(1) = krl; subr(1) = krr;
475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
476 subl(4) = kll; subr(4) = klr;
477 subl(5) = krl; subr(5) = krr;
478 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
479 subl(10) = kll; subr(10) = klr;
480 subl(11) = krl; subr(11) = krr;
481 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
482 subl(13) = krl; subr(13) = krr;
483 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
484 subl(16) = kll; subr(16) = klr;
485 subl(17) = krl; subr(17) = krr;
486 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
487 subl(18) = kll; subr(18) = klr;
488 subl(19) = krl; subr(19) = krr;
489 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
490 subl(22) = kll; subr(22) = klr;
491 subl(23) = krl; subr(23) = krr;
492
493 /* generate KA */
494 kll = subl(0); klr = subr(0);
495 krl = subl(1); krr = subr(1);
496 CAMELLIA_F(kll, klr,
497 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
498 w0, w1, il, ir, t0, t1);
499 krl ^= w0; krr ^= w1;
500 CAMELLIA_F(krl, krr,
501 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
502 kll, klr, il, ir, t0, t1);
503 CAMELLIA_F(kll, klr,
504 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
505 krl, krr, il, ir, t0, t1);
506 krl ^= w0; krr ^= w1;
507 CAMELLIA_F(krl, krr,
508 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
509 w0, w1, il, ir, t0, t1);
510 kll ^= w0; klr ^= w1;
511
512 /* generate KA dependent subkeys */
513 subl(2) = kll; subr(2) = klr;
514 subl(3) = krl; subr(3) = krr;
515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
516 subl(6) = kll; subr(6) = klr;
517 subl(7) = krl; subr(7) = krr;
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
519 subl(8) = kll; subr(8) = klr;
520 subl(9) = krl; subr(9) = krr;
521 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
522 subl(12) = kll; subr(12) = klr;
523 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
524 subl(14) = kll; subr(14) = klr;
525 subl(15) = krl; subr(15) = krr;
526 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
527 subl(20) = kll; subr(20) = klr;
528 subl(21) = krl; subr(21) = krr;
529 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
530 subl(24) = kll; subr(24) = klr;
531 subl(25) = krl; subr(25) = krr;
532
533
534 /* absorb kw2 to other subkeys */
535 subl(3) ^= subl(1); subr(3) ^= subr(1);
536 subl(5) ^= subl(1); subr(5) ^= subr(1);
537 subl(7) ^= subl(1); subr(7) ^= subr(1);
538 subl(1) ^= subr(1) & ~subr(9);
539 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
540 subl(11) ^= subl(1); subr(11) ^= subr(1);
541 subl(13) ^= subl(1); subr(13) ^= subr(1);
542 subl(15) ^= subl(1); subr(15) ^= subr(1);
543 subl(1) ^= subr(1) & ~subr(17);
544 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
545 subl(19) ^= subl(1); subr(19) ^= subr(1);
546 subl(21) ^= subl(1); subr(21) ^= subr(1);
547 subl(23) ^= subl(1); subr(23) ^= subr(1);
548 subl(24) ^= subl(1); subr(24) ^= subr(1);
549
550 /* absorb kw4 to other subkeys */
551 kw4l = subl(25); kw4r = subr(25);
552 subl(22) ^= kw4l; subr(22) ^= kw4r;
553 subl(20) ^= kw4l; subr(20) ^= kw4r;
554 subl(18) ^= kw4l; subr(18) ^= kw4r;
555 kw4l ^= kw4r & ~subr(16);
556 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
557 subl(14) ^= kw4l; subr(14) ^= kw4r;
558 subl(12) ^= kw4l; subr(12) ^= kw4r;
559 subl(10) ^= kw4l; subr(10) ^= kw4r;
560 kw4l ^= kw4r & ~subr(8);
561 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
562 subl(6) ^= kw4l; subr(6) ^= kw4r;
563 subl(4) ^= kw4l; subr(4) ^= kw4r;
564 subl(2) ^= kw4l; subr(2) ^= kw4r;
565 subl(0) ^= kw4l; subr(0) ^= kw4r;
566
567 /* key XOR is end of F-function */
568 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
569 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
570 CamelliaSubkeyL(2) = subl(3);
571 CamelliaSubkeyR(2) = subr(3);
572 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
573 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
574 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
575 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
576 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
577 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
578 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
579 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
580 tl = subl(10) ^ (subr(10) & ~subr(8));
581 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
582 CamelliaSubkeyL(7) = subl(6) ^ tl;
583 CamelliaSubkeyR(7) = subr(6) ^ tr;
584 CamelliaSubkeyL(8) = subl(8);
585 CamelliaSubkeyR(8) = subr(8);
586 CamelliaSubkeyL(9) = subl(9);
587 CamelliaSubkeyR(9) = subr(9);
588 tl = subl(7) ^ (subr(7) & ~subr(9));
589 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
590 CamelliaSubkeyL(10) = tl ^ subl(11);
591 CamelliaSubkeyR(10) = tr ^ subr(11);
592 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
593 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
594 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
595 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
596 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
597 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
598 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
599 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
600 tl = subl(18) ^ (subr(18) & ~subr(16));
601 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
602 CamelliaSubkeyL(15) = subl(14) ^ tl;
603 CamelliaSubkeyR(15) = subr(14) ^ tr;
604 CamelliaSubkeyL(16) = subl(16);
605 CamelliaSubkeyR(16) = subr(16);
606 CamelliaSubkeyL(17) = subl(17);
607 CamelliaSubkeyR(17) = subr(17);
608 tl = subl(15) ^ (subr(15) & ~subr(17));
609 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
610 CamelliaSubkeyL(18) = tl ^ subl(19);
611 CamelliaSubkeyR(18) = tr ^ subr(19);
612 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
613 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
614 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
615 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
616 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
617 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
618 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
619 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
620 CamelliaSubkeyL(23) = subl(22);
621 CamelliaSubkeyR(23) = subr(22);
622 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
623 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
624
625 /* apply the inverse of the last half of P-function */
626 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
627 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
628 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
629 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
630 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
631 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
632 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
633 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
634 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
635 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
636 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
637 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
638 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
639 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
640 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
641 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
642 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
643 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
644 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
645 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
646 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
647 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
648 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
649 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
650 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
651 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
652 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
653 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
654 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
655 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
656 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
657 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
658 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
659 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
660 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
661 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
662
663 return;
664 }
665
666 static void camellia_setup256(const unsigned char *key, u32 *subkey)
667 {
668 u32 kll,klr,krl,krr; /* left half of key */
669 u32 krll,krlr,krrl,krrr; /* right half of key */
670 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
671 u32 kw4l, kw4r, dw, tl, tr;
672 u32 subL[34];
673 u32 subR[34];
674
675 /**
676 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
677 * (|| is concatination)
678 */
679
680 kll = GETU32(key );
681 klr = GETU32(key + 4);
682 krl = GETU32(key + 8);
683 krr = GETU32(key + 12);
684 krll = GETU32(key + 16);
685 krlr = GETU32(key + 20);
686 krrl = GETU32(key + 24);
687 krrr = GETU32(key + 28);
688
689 /* generate KL dependent subkeys */
690 subl(0) = kll; subr(0) = klr;
691 subl(1) = krl; subr(1) = krr;
692 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
693 subl(12) = kll; subr(12) = klr;
694 subl(13) = krl; subr(13) = krr;
695 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
696 subl(16) = kll; subr(16) = klr;
697 subl(17) = krl; subr(17) = krr;
698 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
699 subl(22) = kll; subr(22) = klr;
700 subl(23) = krl; subr(23) = krr;
701 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
702 subl(30) = kll; subr(30) = klr;
703 subl(31) = krl; subr(31) = krr;
704
705 /* generate KR dependent subkeys */
706 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
707 subl(4) = krll; subr(4) = krlr;
708 subl(5) = krrl; subr(5) = krrr;
709 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
710 subl(8) = krll; subr(8) = krlr;
711 subl(9) = krrl; subr(9) = krrr;
712 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
713 subl(18) = krll; subr(18) = krlr;
714 subl(19) = krrl; subr(19) = krrr;
715 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
716 subl(26) = krll; subr(26) = krlr;
717 subl(27) = krrl; subr(27) = krrr;
718 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
719
720 /* generate KA */
721 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
722 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
723 CAMELLIA_F(kll, klr,
724 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
725 w0, w1, il, ir, t0, t1);
726 krl ^= w0; krr ^= w1;
727 CAMELLIA_F(krl, krr,
728 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
729 kll, klr, il, ir, t0, t1);
730 kll ^= krll; klr ^= krlr;
731 CAMELLIA_F(kll, klr,
732 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
733 krl, krr, il, ir, t0, t1);
734 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
735 CAMELLIA_F(krl, krr,
736 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
737 w0, w1, il, ir, t0, t1);
738 kll ^= w0; klr ^= w1;
739
740 /* generate KB */
741 krll ^= kll; krlr ^= klr;
742 krrl ^= krl; krrr ^= krr;
743 CAMELLIA_F(krll, krlr,
744 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
745 w0, w1, il, ir, t0, t1);
746 krrl ^= w0; krrr ^= w1;
747 CAMELLIA_F(krrl, krrr,
748 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
749 w0, w1, il, ir, t0, t1);
750 krll ^= w0; krlr ^= w1;
751
752 /* generate KA dependent subkeys */
753 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
754 subl(6) = kll; subr(6) = klr;
755 subl(7) = krl; subr(7) = krr;
756 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
757 subl(14) = kll; subr(14) = klr;
758 subl(15) = krl; subr(15) = krr;
759 subl(24) = klr; subr(24) = krl;
760 subl(25) = krr; subr(25) = kll;
761 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
762 subl(28) = kll; subr(28) = klr;
763 subl(29) = krl; subr(29) = krr;
764
765 /* generate KB dependent subkeys */
766 subl(2) = krll; subr(2) = krlr;
767 subl(3) = krrl; subr(3) = krrr;
768 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
769 subl(10) = krll; subr(10) = krlr;
770 subl(11) = krrl; subr(11) = krrr;
771 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
772 subl(20) = krll; subr(20) = krlr;
773 subl(21) = krrl; subr(21) = krrr;
774 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
775 subl(32) = krll; subr(32) = krlr;
776 subl(33) = krrl; subr(33) = krrr;
777
778 /* absorb kw2 to other subkeys */
779 subl(3) ^= subl(1); subr(3) ^= subr(1);
780 subl(5) ^= subl(1); subr(5) ^= subr(1);
781 subl(7) ^= subl(1); subr(7) ^= subr(1);
782 subl(1) ^= subr(1) & ~subr(9);
783 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
784 subl(11) ^= subl(1); subr(11) ^= subr(1);
785 subl(13) ^= subl(1); subr(13) ^= subr(1);
786 subl(15) ^= subl(1); subr(15) ^= subr(1);
787 subl(1) ^= subr(1) & ~subr(17);
788 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
789 subl(19) ^= subl(1); subr(19) ^= subr(1);
790 subl(21) ^= subl(1); subr(21) ^= subr(1);
791 subl(23) ^= subl(1); subr(23) ^= subr(1);
792 subl(1) ^= subr(1) & ~subr(25);
793 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
794 subl(27) ^= subl(1); subr(27) ^= subr(1);
795 subl(29) ^= subl(1); subr(29) ^= subr(1);
796 subl(31) ^= subl(1); subr(31) ^= subr(1);
797 subl(32) ^= subl(1); subr(32) ^= subr(1);
798
799 /* absorb kw4 to other subkeys */
800 kw4l = subl(33); kw4r = subr(33);
801 subl(30) ^= kw4l; subr(30) ^= kw4r;
802 subl(28) ^= kw4l; subr(28) ^= kw4r;
803 subl(26) ^= kw4l; subr(26) ^= kw4r;
804 kw4l ^= kw4r & ~subr(24);
805 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
806 subl(22) ^= kw4l; subr(22) ^= kw4r;
807 subl(20) ^= kw4l; subr(20) ^= kw4r;
808 subl(18) ^= kw4l; subr(18) ^= kw4r;
809 kw4l ^= kw4r & ~subr(16);
810 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
811 subl(14) ^= kw4l; subr(14) ^= kw4r;
812 subl(12) ^= kw4l; subr(12) ^= kw4r;
813 subl(10) ^= kw4l; subr(10) ^= kw4r;
814 kw4l ^= kw4r & ~subr(8);
815 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
816 subl(6) ^= kw4l; subr(6) ^= kw4r;
817 subl(4) ^= kw4l; subr(4) ^= kw4r;
818 subl(2) ^= kw4l; subr(2) ^= kw4r;
819 subl(0) ^= kw4l; subr(0) ^= kw4r;
820
821 /* key XOR is end of F-function */
822 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
823 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
824 CamelliaSubkeyL(2) = subl(3);
825 CamelliaSubkeyR(2) = subr(3);
826 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
827 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
828 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
829 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
830 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
831 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
832 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
833 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
834 tl = subl(10) ^ (subr(10) & ~subr(8));
835 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
836 CamelliaSubkeyL(7) = subl(6) ^ tl;
837 CamelliaSubkeyR(7) = subr(6) ^ tr;
838 CamelliaSubkeyL(8) = subl(8);
839 CamelliaSubkeyR(8) = subr(8);
840 CamelliaSubkeyL(9) = subl(9);
841 CamelliaSubkeyR(9) = subr(9);
842 tl = subl(7) ^ (subr(7) & ~subr(9));
843 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
844 CamelliaSubkeyL(10) = tl ^ subl(11);
845 CamelliaSubkeyR(10) = tr ^ subr(11);
846 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
847 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
848 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
849 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
850 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
851 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
852 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
853 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
854 tl = subl(18) ^ (subr(18) & ~subr(16));
855 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
856 CamelliaSubkeyL(15) = subl(14) ^ tl;
857 CamelliaSubkeyR(15) = subr(14) ^ tr;
858 CamelliaSubkeyL(16) = subl(16);
859 CamelliaSubkeyR(16) = subr(16);
860 CamelliaSubkeyL(17) = subl(17);
861 CamelliaSubkeyR(17) = subr(17);
862 tl = subl(15) ^ (subr(15) & ~subr(17));
863 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
864 CamelliaSubkeyL(18) = tl ^ subl(19);
865 CamelliaSubkeyR(18) = tr ^ subr(19);
866 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
867 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
868 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
869 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
870 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
871 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
872 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
873 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
874 tl = subl(26) ^ (subr(26) & ~subr(24));
875 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
876 CamelliaSubkeyL(23) = subl(22) ^ tl;
877 CamelliaSubkeyR(23) = subr(22) ^ tr;
878 CamelliaSubkeyL(24) = subl(24);
879 CamelliaSubkeyR(24) = subr(24);
880 CamelliaSubkeyL(25) = subl(25);
881 CamelliaSubkeyR(25) = subr(25);
882 tl = subl(23) ^ (subr(23) & ~subr(25));
883 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
884 CamelliaSubkeyL(26) = tl ^ subl(27);
885 CamelliaSubkeyR(26) = tr ^ subr(27);
886 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
887 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
888 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
889 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
890 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
891 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
892 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
893 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
894 CamelliaSubkeyL(31) = subl(30);
895 CamelliaSubkeyR(31) = subr(30);
896 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
897 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
898
899 /* apply the inverse of the last half of P-function */
900 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
901 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
902 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
903 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
904 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
905 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
906 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
907 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
908 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
909 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
910 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
911 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
912 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
913 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
914 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
915 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
916 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
917 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
918 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
919 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
920 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
921 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
922 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
923 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
924 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
925 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
926 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
927 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
928 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
929 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
930 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
931 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
932 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
933 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
934 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
935 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
936 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
937 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
938 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
939 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
940 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
941 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
942 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
943 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
944 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
945 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
946 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
947 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
948
949 return;
950 }
951
952 static void camellia_setup192(const unsigned char *key, u32 *subkey)
953 {
954 unsigned char kk[32];
955 u32 krll, krlr, krrl,krrr;
956
957 memcpy(kk, key, 24);
958 memcpy((unsigned char *)&krll, key+16,4);
959 memcpy((unsigned char *)&krlr, key+20,4);
960 krrl = ~krll;
961 krrr = ~krlr;
962 memcpy(kk+24, (unsigned char *)&krrl, 4);
963 memcpy(kk+28, (unsigned char *)&krrr, 4);
964 camellia_setup256(kk, subkey);
965 return;
966 }
967
968
969 /**
970 * Stuff related to camellia encryption/decryption
971 *
972 * "io" must be 4byte aligned and big-endian data.
973 */
974 static void camellia_encrypt128(const u32 *subkey, u32 *io)
975 {
976 u32 il, ir, t0, t1;
977
978 /* pre whitening but absorb kw2*/
979 io[0] ^= CamelliaSubkeyL(0);
980 io[1] ^= CamelliaSubkeyR(0);
981 /* main iteration */
982
983 CAMELLIA_ROUNDSM(io[0],io[1],
984 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
985 io[2],io[3],il,ir,t0,t1);
986 CAMELLIA_ROUNDSM(io[2],io[3],
987 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
988 io[0],io[1],il,ir,t0,t1);
989 CAMELLIA_ROUNDSM(io[0],io[1],
990 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
991 io[2],io[3],il,ir,t0,t1);
992 CAMELLIA_ROUNDSM(io[2],io[3],
993 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
994 io[0],io[1],il,ir,t0,t1);
995 CAMELLIA_ROUNDSM(io[0],io[1],
996 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
997 io[2],io[3],il,ir,t0,t1);
998 CAMELLIA_ROUNDSM(io[2],io[3],
999 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1000 io[0],io[1],il,ir,t0,t1);
1001
1002 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1003 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1004 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1005 t0,t1,il,ir);
1006
1007 CAMELLIA_ROUNDSM(io[0],io[1],
1008 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1009 io[2],io[3],il,ir,t0,t1);
1010 CAMELLIA_ROUNDSM(io[2],io[3],
1011 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1012 io[0],io[1],il,ir,t0,t1);
1013 CAMELLIA_ROUNDSM(io[0],io[1],
1014 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1015 io[2],io[3],il,ir,t0,t1);
1016 CAMELLIA_ROUNDSM(io[2],io[3],
1017 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1018 io[0],io[1],il,ir,t0,t1);
1019 CAMELLIA_ROUNDSM(io[0],io[1],
1020 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1021 io[2],io[3],il,ir,t0,t1);
1022 CAMELLIA_ROUNDSM(io[2],io[3],
1023 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1024 io[0],io[1],il,ir,t0,t1);
1025
1026 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1027 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1028 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1029 t0,t1,il,ir);
1030
1031 CAMELLIA_ROUNDSM(io[0],io[1],
1032 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1033 io[2],io[3],il,ir,t0,t1);
1034 CAMELLIA_ROUNDSM(io[2],io[3],
1035 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1036 io[0],io[1],il,ir,t0,t1);
1037 CAMELLIA_ROUNDSM(io[0],io[1],
1038 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1039 io[2],io[3],il,ir,t0,t1);
1040 CAMELLIA_ROUNDSM(io[2],io[3],
1041 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1042 io[0],io[1],il,ir,t0,t1);
1043 CAMELLIA_ROUNDSM(io[0],io[1],
1044 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1045 io[2],io[3],il,ir,t0,t1);
1046 CAMELLIA_ROUNDSM(io[2],io[3],
1047 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1048 io[0],io[1],il,ir,t0,t1);
1049
1050 /* post whitening but kw4 */
1051 io[2] ^= CamelliaSubkeyL(24);
1052 io[3] ^= CamelliaSubkeyR(24);
1053
1054 t0 = io[0];
1055 t1 = io[1];
1056 io[0] = io[2];
1057 io[1] = io[3];
1058 io[2] = t0;
1059 io[3] = t1;
1060
1061 return;
1062 }
1063
1064 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1065 {
1066 u32 il,ir,t0,t1; /* temporary valiables */
1067
1068 /* pre whitening but absorb kw2*/
1069 io[0] ^= CamelliaSubkeyL(24);
1070 io[1] ^= CamelliaSubkeyR(24);
1071
1072 /* main iteration */
1073 CAMELLIA_ROUNDSM(io[0],io[1],
1074 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1075 io[2],io[3],il,ir,t0,t1);
1076 CAMELLIA_ROUNDSM(io[2],io[3],
1077 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1078 io[0],io[1],il,ir,t0,t1);
1079 CAMELLIA_ROUNDSM(io[0],io[1],
1080 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1081 io[2],io[3],il,ir,t0,t1);
1082 CAMELLIA_ROUNDSM(io[2],io[3],
1083 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1084 io[0],io[1],il,ir,t0,t1);
1085 CAMELLIA_ROUNDSM(io[0],io[1],
1086 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1087 io[2],io[3],il,ir,t0,t1);
1088 CAMELLIA_ROUNDSM(io[2],io[3],
1089 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1090 io[0],io[1],il,ir,t0,t1);
1091
1092 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1093 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1094 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1095 t0,t1,il,ir);
1096
1097 CAMELLIA_ROUNDSM(io[0],io[1],
1098 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1099 io[2],io[3],il,ir,t0,t1);
1100 CAMELLIA_ROUNDSM(io[2],io[3],
1101 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1102 io[0],io[1],il,ir,t0,t1);
1103 CAMELLIA_ROUNDSM(io[0],io[1],
1104 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1105 io[2],io[3],il,ir,t0,t1);
1106 CAMELLIA_ROUNDSM(io[2],io[3],
1107 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1108 io[0],io[1],il,ir,t0,t1);
1109 CAMELLIA_ROUNDSM(io[0],io[1],
1110 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1111 io[2],io[3],il,ir,t0,t1);
1112 CAMELLIA_ROUNDSM(io[2],io[3],
1113 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1114 io[0],io[1],il,ir,t0,t1);
1115
1116 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1117 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1118 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1119 t0,t1,il,ir);
1120
1121 CAMELLIA_ROUNDSM(io[0],io[1],
1122 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1123 io[2],io[3],il,ir,t0,t1);
1124 CAMELLIA_ROUNDSM(io[2],io[3],
1125 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1126 io[0],io[1],il,ir,t0,t1);
1127 CAMELLIA_ROUNDSM(io[0],io[1],
1128 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1129 io[2],io[3],il,ir,t0,t1);
1130 CAMELLIA_ROUNDSM(io[2],io[3],
1131 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1132 io[0],io[1],il,ir,t0,t1);
1133 CAMELLIA_ROUNDSM(io[0],io[1],
1134 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1135 io[2],io[3],il,ir,t0,t1);
1136 CAMELLIA_ROUNDSM(io[2],io[3],
1137 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1138 io[0],io[1],il,ir,t0,t1);
1139
1140 /* post whitening but kw4 */
1141 io[2] ^= CamelliaSubkeyL(0);
1142 io[3] ^= CamelliaSubkeyR(0);
1143
1144 t0 = io[0];
1145 t1 = io[1];
1146 io[0] = io[2];
1147 io[1] = io[3];
1148 io[2] = t0;
1149 io[3] = t1;
1150
1151 return;
1152 }
1153
1154 /**
1155 * stuff for 192 and 256bit encryption/decryption
1156 */
1157 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1158 {
1159 u32 il,ir,t0,t1; /* temporary valiables */
1160
1161 /* pre whitening but absorb kw2*/
1162 io[0] ^= CamelliaSubkeyL(0);
1163 io[1] ^= CamelliaSubkeyR(0);
1164
1165 /* main iteration */
1166 CAMELLIA_ROUNDSM(io[0],io[1],
1167 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1168 io[2],io[3],il,ir,t0,t1);
1169 CAMELLIA_ROUNDSM(io[2],io[3],
1170 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1171 io[0],io[1],il,ir,t0,t1);
1172 CAMELLIA_ROUNDSM(io[0],io[1],
1173 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1174 io[2],io[3],il,ir,t0,t1);
1175 CAMELLIA_ROUNDSM(io[2],io[3],
1176 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1177 io[0],io[1],il,ir,t0,t1);
1178 CAMELLIA_ROUNDSM(io[0],io[1],
1179 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1180 io[2],io[3],il,ir,t0,t1);
1181 CAMELLIA_ROUNDSM(io[2],io[3],
1182 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1183 io[0],io[1],il,ir,t0,t1);
1184
1185 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1186 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1187 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1188 t0,t1,il,ir);
1189
1190 CAMELLIA_ROUNDSM(io[0],io[1],
1191 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1192 io[2],io[3],il,ir,t0,t1);
1193 CAMELLIA_ROUNDSM(io[2],io[3],
1194 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1195 io[0],io[1],il,ir,t0,t1);
1196 CAMELLIA_ROUNDSM(io[0],io[1],
1197 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1198 io[2],io[3],il,ir,t0,t1);
1199 CAMELLIA_ROUNDSM(io[2],io[3],
1200 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1201 io[0],io[1],il,ir,t0,t1);
1202 CAMELLIA_ROUNDSM(io[0],io[1],
1203 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1204 io[2],io[3],il,ir,t0,t1);
1205 CAMELLIA_ROUNDSM(io[2],io[3],
1206 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1207 io[0],io[1],il,ir,t0,t1);
1208
1209 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1210 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1211 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1212 t0,t1,il,ir);
1213
1214 CAMELLIA_ROUNDSM(io[0],io[1],
1215 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1216 io[2],io[3],il,ir,t0,t1);
1217 CAMELLIA_ROUNDSM(io[2],io[3],
1218 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1219 io[0],io[1],il,ir,t0,t1);
1220 CAMELLIA_ROUNDSM(io[0],io[1],
1221 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1222 io[2],io[3],il,ir,t0,t1);
1223 CAMELLIA_ROUNDSM(io[2],io[3],
1224 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1225 io[0],io[1],il,ir,t0,t1);
1226 CAMELLIA_ROUNDSM(io[0],io[1],
1227 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1228 io[2],io[3],il,ir,t0,t1);
1229 CAMELLIA_ROUNDSM(io[2],io[3],
1230 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1231 io[0],io[1],il,ir,t0,t1);
1232
1233 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1234 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1235 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1236 t0,t1,il,ir);
1237
1238 CAMELLIA_ROUNDSM(io[0],io[1],
1239 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1240 io[2],io[3],il,ir,t0,t1);
1241 CAMELLIA_ROUNDSM(io[2],io[3],
1242 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1243 io[0],io[1],il,ir,t0,t1);
1244 CAMELLIA_ROUNDSM(io[0],io[1],
1245 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1246 io[2],io[3],il,ir,t0,t1);
1247 CAMELLIA_ROUNDSM(io[2],io[3],
1248 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1249 io[0],io[1],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[0],io[1],
1251 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1252 io[2],io[3],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[2],io[3],
1254 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1255 io[0],io[1],il,ir,t0,t1);
1256
1257 /* post whitening but kw4 */
1258 io[2] ^= CamelliaSubkeyL(32);
1259 io[3] ^= CamelliaSubkeyR(32);
1260
1261 t0 = io[0];
1262 t1 = io[1];
1263 io[0] = io[2];
1264 io[1] = io[3];
1265 io[2] = t0;
1266 io[3] = t1;
1267
1268 return;
1269 }
1270
1271 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1272 {
1273 u32 il,ir,t0,t1; /* temporary valiables */
1274
1275 /* pre whitening but absorb kw2*/
1276 io[0] ^= CamelliaSubkeyL(32);
1277 io[1] ^= CamelliaSubkeyR(32);
1278
1279 /* main iteration */
1280 CAMELLIA_ROUNDSM(io[0],io[1],
1281 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1282 io[2],io[3],il,ir,t0,t1);
1283 CAMELLIA_ROUNDSM(io[2],io[3],
1284 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1285 io[0],io[1],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[0],io[1],
1287 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1288 io[2],io[3],il,ir,t0,t1);
1289 CAMELLIA_ROUNDSM(io[2],io[3],
1290 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1291 io[0],io[1],il,ir,t0,t1);
1292 CAMELLIA_ROUNDSM(io[0],io[1],
1293 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1294 io[2],io[3],il,ir,t0,t1);
1295 CAMELLIA_ROUNDSM(io[2],io[3],
1296 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1297 io[0],io[1],il,ir,t0,t1);
1298
1299 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1300 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1301 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1302 t0,t1,il,ir);
1303
1304 CAMELLIA_ROUNDSM(io[0],io[1],
1305 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1306 io[2],io[3],il,ir,t0,t1);
1307 CAMELLIA_ROUNDSM(io[2],io[3],
1308 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1309 io[0],io[1],il,ir,t0,t1);
1310 CAMELLIA_ROUNDSM(io[0],io[1],
1311 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1312 io[2],io[3],il,ir,t0,t1);
1313 CAMELLIA_ROUNDSM(io[2],io[3],
1314 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1315 io[0],io[1],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[0],io[1],
1317 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1318 io[2],io[3],il,ir,t0,t1);
1319 CAMELLIA_ROUNDSM(io[2],io[3],
1320 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1321 io[0],io[1],il,ir,t0,t1);
1322
1323 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1324 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1325 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1326 t0,t1,il,ir);
1327
1328 CAMELLIA_ROUNDSM(io[0],io[1],
1329 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1330 io[2],io[3],il,ir,t0,t1);
1331 CAMELLIA_ROUNDSM(io[2],io[3],
1332 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1333 io[0],io[1],il,ir,t0,t1);
1334 CAMELLIA_ROUNDSM(io[0],io[1],
1335 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1336 io[2],io[3],il,ir,t0,t1);
1337 CAMELLIA_ROUNDSM(io[2],io[3],
1338 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1339 io[0],io[1],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[0],io[1],
1341 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1342 io[2],io[3],il,ir,t0,t1);
1343 CAMELLIA_ROUNDSM(io[2],io[3],
1344 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1345 io[0],io[1],il,ir,t0,t1);
1346
1347 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1348 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1349 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1350 t0,t1,il,ir);
1351
1352 CAMELLIA_ROUNDSM(io[0],io[1],
1353 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1354 io[2],io[3],il,ir,t0,t1);
1355 CAMELLIA_ROUNDSM(io[2],io[3],
1356 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1357 io[0],io[1],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[0],io[1],
1359 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1360 io[2],io[3],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[2],io[3],
1362 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1363 io[0],io[1],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[0],io[1],
1365 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1366 io[2],io[3],il,ir,t0,t1);
1367 CAMELLIA_ROUNDSM(io[2],io[3],
1368 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1369 io[0],io[1],il,ir,t0,t1);
1370
1371 /* post whitening but kw4 */
1372 io[2] ^= CamelliaSubkeyL(0);
1373 io[3] ^= CamelliaSubkeyR(0);
1374
1375 t0 = io[0];
1376 t1 = io[1];
1377 io[0] = io[2];
1378 io[1] = io[3];
1379 io[2] = t0;
1380 io[3] = t1;
1381
1382 return;
1383 }
1384
1385 /***
1386 *
1387 * API for compatibility
1388 */
1389
1390 void Camellia_Ekeygen(const int keyBitLength,
1391 const unsigned char *rawKey,
1392 KEY_TABLE_TYPE keyTable)
1393 {
1394 switch(keyBitLength) {
1395 case 128:
1396 camellia_setup128(rawKey, keyTable);
1397 break;
1398 case 192:
1399 camellia_setup192(rawKey, keyTable);
1400 break;
1401 case 256:
1402 camellia_setup256(rawKey, keyTable);
1403 break;
1404 default:
1405 break;
1406 }
1407 }
1408
1409
1410 void Camellia_EncryptBlock(const int keyBitLength,
1411 const unsigned char *plaintext,
1412 const KEY_TABLE_TYPE keyTable,
1413 unsigned char *ciphertext)
1414 {
1415 u32 tmp[4];
1416
1417 tmp[0] = GETU32(plaintext);
1418 tmp[1] = GETU32(plaintext + 4);
1419 tmp[2] = GETU32(plaintext + 8);
1420 tmp[3] = GETU32(plaintext + 12);
1421
1422 switch (keyBitLength) {
1423 case 128:
1424 camellia_encrypt128(keyTable, tmp);
1425 break;
1426 case 192:
1427 /* fall through */
1428 case 256:
1429 camellia_encrypt256(keyTable, tmp);
1430 break;
1431 default:
1432 break;
1433 }
1434
1435 PUTU32(ciphertext, tmp[0]);
1436 PUTU32(ciphertext + 4, tmp[1]);
1437 PUTU32(ciphertext + 8, tmp[2]);
1438 PUTU32(ciphertext + 12, tmp[3]);
1439 }
1440
1441 void Camellia_DecryptBlock(const int keyBitLength,
1442 const unsigned char *ciphertext,
1443 const KEY_TABLE_TYPE keyTable,
1444 unsigned char *plaintext)
1445 {
1446 u32 tmp[4];
1447
1448 tmp[0] = GETU32(ciphertext);
1449 tmp[1] = GETU32(ciphertext + 4);
1450 tmp[2] = GETU32(ciphertext + 8);
1451 tmp[3] = GETU32(ciphertext + 12);
1452
1453 switch (keyBitLength) {
1454 case 128:
1455 camellia_decrypt128(keyTable, tmp);
1456 break;
1457 case 192:
1458 /* fall through */
1459 case 256:
1460 camellia_decrypt256(keyTable, tmp);
1461 break;
1462 default:
1463 break;
1464 }
1465 PUTU32(plaintext, tmp[0]);
1466 PUTU32(plaintext + 4, tmp[1]);
1467 PUTU32(plaintext + 8, tmp[2]);
1468 PUTU32(plaintext + 12, tmp[3]);
1469 }
openafs packaging