search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upgraded GRUB2 to 2.00 release.
[AROS.git] / arch / all-pc / boot / grub2-aros / grub-core / lib / libgcrypt-grub / cipher / camellia.c
blob6ef6e745f108259dc76ffb9a0bab927a59c0cecc
1 /* This file was automatically imported with
2 import_gcry.py. Please don't modify it */
3 #include <grub/dl.h>
4 GRUB_MOD_LICENSE ("GPLv3+");
5 /* camellia.h ver 1.2.0
6 *
7 * Copyright (C) 2006,2007
8 * NTT (Nippon Telegraph and Telephone Corporation).
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 */
24
25 /*
26 * Algorithm Specification
27 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
28 */
29
30
31 #include "camellia.h"
32
33 /* u32 must be 32bit word */
34 typedef unsigned int u32;
35 typedef unsigned char u8;
36
37 /* key constants */
38
39 #define CAMELLIA_SIGMA1L (0xA09E667FL)
40 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
41 #define CAMELLIA_SIGMA2L (0xB67AE858L)
42 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
43 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
44 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
45 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
46 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
47 #define CAMELLIA_SIGMA5L (0x10E527FAL)
48 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
49 #define CAMELLIA_SIGMA6L (0xB05688C2L)
50 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
51
52 /*
53 * macros
54 */
55
56
57 #if defined(_MSC_VER)
58
59 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
60 # define GETU32(p) SWAP(*((u32 *)(p)))
61 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
62
63 #else /* not MS-VC */
64
65 # define GETU32(pt) \
66 (((u32)(pt)[0] << 24) \
67 ^ ((u32)(pt)[1] << 16) \
68 ^ ((u32)(pt)[2] << 8) \
69 ^ ((u32)(pt)[3]))
70
71 # define PUTU32(ct, st) { \
72 (ct)[0] = (u8)((st) >> 24); \
73 (ct)[1] = (u8)((st) >> 16); \
74 (ct)[2] = (u8)((st) >> 8); \
75 (ct)[3] = (u8)(st); }
76
77 #endif
78
79 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
80 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
81
82 /* rotation right shift 1byte */
83 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
84 /* rotation left shift 1bit */
85 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
86 /* rotation left shift 1byte */
87 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
88
89 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
90 do { \
91 w0 = ll; \
92 ll = (ll << bits) + (lr >> (32 - bits)); \
93 lr = (lr << bits) + (rl >> (32 - bits)); \
94 rl = (rl << bits) + (rr >> (32 - bits)); \
95 rr = (rr << bits) + (w0 >> (32 - bits)); \
96 } while(0)
97
98 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
99 do { \
100 w0 = ll; \
101 w1 = lr; \
102 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
103 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
104 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
105 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
106 } while(0)
107
108 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
109 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
110 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
111 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
112
113 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
114 do { \
115 il = xl ^ kl; \
116 ir = xr ^ kr; \
117 t0 = il >> 16; \
118 t1 = ir >> 16; \
119 yl = CAMELLIA_SP1110(ir & 0xff) \
120 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
121 ^ CAMELLIA_SP3033(t1 & 0xff) \
122 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
123 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
124 ^ CAMELLIA_SP0222(t0 & 0xff) \
125 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
126 ^ CAMELLIA_SP4404(il & 0xff); \
127 yl ^= yr; \
128 yr = CAMELLIA_RR8(yr); \
129 yr ^= yl; \
130 } while(0)
131
132
133 /*
134 * for speed up
135 *
136 */
137 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
138 do { \
139 t0 = kll; \
140 t0 &= ll; \
141 lr ^= CAMELLIA_RL1(t0); \
142 t1 = klr; \
143 t1 |= lr; \
144 ll ^= t1; \
145 \
146 t2 = krr; \
147 t2 |= rr; \
148 rl ^= t2; \
149 t3 = krl; \
150 t3 &= rl; \
151 rr ^= CAMELLIA_RL1(t3); \
152 } while(0)
153
154 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
155 do { \
156 ir = CAMELLIA_SP1110(xr & 0xff) \
157 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
158 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
159 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
160 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
161 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
162 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
163 ^ CAMELLIA_SP4404(xl & 0xff); \
164 il ^= kl; \
165 ir ^= kr; \
166 ir ^= il; \
167 il = CAMELLIA_RR8(il); \
168 il ^= ir; \
169 yl ^= ir; \
170 yr ^= il; \
171 } while(0)
172
173
174 static const u32 camellia_sp1110[256] = {
175 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
176 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
177 0xe4e4e400,0x85858500,0x57575700,0x35353500,
178 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
179 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
180 0x45454500,0x19191900,0xa5a5a500,0x21212100,
181 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
182 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
183 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
184 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
185 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
186 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
187 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
188 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
189 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
190 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
191 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
192 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
193 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
194 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
195 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
196 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
197 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
198 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
199 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
200 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
201 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
202 0x53535300,0x18181800,0xf2f2f200,0x22222200,
203 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
204 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
205 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
206 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
207 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
208 0xa1a1a100,0x89898900,0x62626200,0x97979700,
209 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
210 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
211 0x10101000,0xc4c4c400,0x00000000,0x48484800,
212 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
213 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
214 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
215 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
216 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
217 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
218 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
219 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
220 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
221 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
222 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
223 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
224 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
225 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
226 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
227 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
228 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
229 0xd4d4d400,0x25252500,0xababab00,0x42424200,
230 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
231 0x72727200,0x07070700,0xb9b9b900,0x55555500,
232 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
233 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
234 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
235 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
236 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
237 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
238 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
239 };
240
241 static const u32 camellia_sp0222[256] = {
242 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
243 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
244 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
245 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
246 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
247 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
248 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
249 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
250 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
251 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
252 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
253 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
254 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
255 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
256 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
257 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
258 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
259 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
260 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
261 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
262 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
263 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
264 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
265 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
266 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
267 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
268 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
269 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
270 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
271 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
272 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
273 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
274 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
275 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
276 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
277 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
278 0x00202020,0x00898989,0x00000000,0x00909090,
279 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
280 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
281 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
282 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
283 0x009b9b9b,0x00949494,0x00212121,0x00666666,
284 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
285 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
286 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
287 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
288 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
289 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
290 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
291 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
292 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
293 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
294 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
295 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
296 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
297 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
298 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
299 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
300 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
301 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
302 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
303 0x00777777,0x00939393,0x00868686,0x00838383,
304 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
305 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
306 };
307
308 static const u32 camellia_sp3033[256] = {
309 0x38003838,0x41004141,0x16001616,0x76007676,
310 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
311 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
312 0x75007575,0x06000606,0x57005757,0xa000a0a0,
313 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
314 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
315 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
316 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
317 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
318 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
319 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
320 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
321 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
322 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
323 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
324 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
325 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
326 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
327 0x3a003a3a,0x09000909,0x95009595,0x10001010,
328 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
329 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
330 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
331 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
332 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
333 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
334 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
335 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
336 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
337 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
338 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
339 0x12001212,0x04000404,0x74007474,0x54005454,
340 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
341 0x55005555,0x68006868,0x50005050,0xbe00bebe,
342 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
343 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
344 0x70007070,0xff00ffff,0x32003232,0x69006969,
345 0x08000808,0x62006262,0x00000000,0x24002424,
346 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
347 0x45004545,0x81008181,0x73007373,0x6d006d6d,
348 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
349 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
350 0xe600e6e6,0x25002525,0x48004848,0x99009999,
351 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
352 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
353 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
354 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
355 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
356 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
357 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
358 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
359 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
360 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
361 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
362 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
363 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
364 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
365 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
366 0x7c007c7c,0x77007777,0x56005656,0x05000505,
367 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
368 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
369 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
370 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
371 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
372 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
373 };
374
375 static const u32 camellia_sp4404[256] = {
376 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
377 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
378 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
379 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
380 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
381 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
382 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
383 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
384 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
385 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
386 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
387 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
388 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
389 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
390 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
391 0x24240024,0xe8e800e8,0x60600060,0x69690069,
392 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
393 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
394 0x10100010,0x00000000,0xa3a300a3,0x75750075,
395 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
396 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
397 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
398 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
399 0x81810081,0x6f6f006f,0x13130013,0x63630063,
400 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
401 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
402 0x78780078,0x06060006,0xe7e700e7,0x71710071,
403 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
404 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
405 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
406 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
407 0x15150015,0xadad00ad,0x77770077,0x80800080,
408 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
409 0x85850085,0x35350035,0x0c0c000c,0x41410041,
410 0xefef00ef,0x93930093,0x19190019,0x21210021,
411 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
412 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
413 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
414 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
415 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
416 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
417 0x12120012,0x20200020,0xb1b100b1,0x99990099,
418 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
419 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
420 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
421 0x0f0f000f,0x16160016,0x18180018,0x22220022,
422 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
423 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
424 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
425 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
426 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
427 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
428 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
429 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
430 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
431 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
432 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
433 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
434 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
435 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
436 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
437 0x49490049,0x68680068,0x38380038,0xa4a400a4,
438 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
439 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
440 };
441
442
443 /**
444 * Stuff related to the Camellia key schedule
445 */
446 #define subl(x) subL[(x)]
447 #define subr(x) subR[(x)]
448
449 void camellia_setup128(const unsigned char *key, u32 *subkey)
450 {
451 u32 kll, klr, krl, krr;
452 u32 il, ir, t0, t1, w0, w1;
453 u32 kw4l, kw4r, dw, tl, tr;
454 u32 subL[26];
455 u32 subR[26];
456
457 /**
458 * k == kll || klr || krl || krr (|| is concatination)
459 */
460 kll = GETU32(key );
461 klr = GETU32(key + 4);
462 krl = GETU32(key + 8);
463 krr = GETU32(key + 12);
464 /**
465 * generate KL dependent subkeys
466 */
467 subl(0) = kll; subr(0) = klr;
468 subl(1) = krl; subr(1) = krr;
469 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
470 subl(4) = kll; subr(4) = klr;
471 subl(5) = krl; subr(5) = krr;
472 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
473 subl(10) = kll; subr(10) = klr;
474 subl(11) = krl; subr(11) = krr;
475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
476 subl(13) = krl; subr(13) = krr;
477 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
478 subl(16) = kll; subr(16) = klr;
479 subl(17) = krl; subr(17) = krr;
480 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
481 subl(18) = kll; subr(18) = klr;
482 subl(19) = krl; subr(19) = krr;
483 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
484 subl(22) = kll; subr(22) = klr;
485 subl(23) = krl; subr(23) = krr;
486
487 /* generate KA */
488 kll = subl(0); klr = subr(0);
489 krl = subl(1); krr = subr(1);
490 CAMELLIA_F(kll, klr,
491 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
492 w0, w1, il, ir, t0, t1);
493 krl ^= w0; krr ^= w1;
494 CAMELLIA_F(krl, krr,
495 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
496 kll, klr, il, ir, t0, t1);
497 CAMELLIA_F(kll, klr,
498 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
499 krl, krr, il, ir, t0, t1);
500 krl ^= w0; krr ^= w1;
501 CAMELLIA_F(krl, krr,
502 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
503 w0, w1, il, ir, t0, t1);
504 kll ^= w0; klr ^= w1;
505
506 /* generate KA dependent subkeys */
507 subl(2) = kll; subr(2) = klr;
508 subl(3) = krl; subr(3) = krr;
509 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
510 subl(6) = kll; subr(6) = klr;
511 subl(7) = krl; subr(7) = krr;
512 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
513 subl(8) = kll; subr(8) = klr;
514 subl(9) = krl; subr(9) = krr;
515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
516 subl(12) = kll; subr(12) = klr;
517 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
518 subl(14) = kll; subr(14) = klr;
519 subl(15) = krl; subr(15) = krr;
520 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
521 subl(20) = kll; subr(20) = klr;
522 subl(21) = krl; subr(21) = krr;
523 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
524 subl(24) = kll; subr(24) = klr;
525 subl(25) = krl; subr(25) = krr;
526
527
528 /* absorb kw2 to other subkeys */
529 subl(3) ^= subl(1); subr(3) ^= subr(1);
530 subl(5) ^= subl(1); subr(5) ^= subr(1);
531 subl(7) ^= subl(1); subr(7) ^= subr(1);
532 subl(1) ^= subr(1) & ~subr(9);
533 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
534 subl(11) ^= subl(1); subr(11) ^= subr(1);
535 subl(13) ^= subl(1); subr(13) ^= subr(1);
536 subl(15) ^= subl(1); subr(15) ^= subr(1);
537 subl(1) ^= subr(1) & ~subr(17);
538 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
539 subl(19) ^= subl(1); subr(19) ^= subr(1);
540 subl(21) ^= subl(1); subr(21) ^= subr(1);
541 subl(23) ^= subl(1); subr(23) ^= subr(1);
542 subl(24) ^= subl(1); subr(24) ^= subr(1);
543
544 /* absorb kw4 to other subkeys */
545 kw4l = subl(25); kw4r = subr(25);
546 subl(22) ^= kw4l; subr(22) ^= kw4r;
547 subl(20) ^= kw4l; subr(20) ^= kw4r;
548 subl(18) ^= kw4l; subr(18) ^= kw4r;
549 kw4l ^= kw4r & ~subr(16);
550 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
551 subl(14) ^= kw4l; subr(14) ^= kw4r;
552 subl(12) ^= kw4l; subr(12) ^= kw4r;
553 subl(10) ^= kw4l; subr(10) ^= kw4r;
554 kw4l ^= kw4r & ~subr(8);
555 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
556 subl(6) ^= kw4l; subr(6) ^= kw4r;
557 subl(4) ^= kw4l; subr(4) ^= kw4r;
558 subl(2) ^= kw4l; subr(2) ^= kw4r;
559 subl(0) ^= kw4l; subr(0) ^= kw4r;
560
561 /* key XOR is end of F-function */
562 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
563 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
564 CamelliaSubkeyL(2) = subl(3);
565 CamelliaSubkeyR(2) = subr(3);
566 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
567 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
568 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
569 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
570 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
571 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
572 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
573 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
574 tl = subl(10) ^ (subr(10) & ~subr(8));
575 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
576 CamelliaSubkeyL(7) = subl(6) ^ tl;
577 CamelliaSubkeyR(7) = subr(6) ^ tr;
578 CamelliaSubkeyL(8) = subl(8);
579 CamelliaSubkeyR(8) = subr(8);
580 CamelliaSubkeyL(9) = subl(9);
581 CamelliaSubkeyR(9) = subr(9);
582 tl = subl(7) ^ (subr(7) & ~subr(9));
583 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
584 CamelliaSubkeyL(10) = tl ^ subl(11);
585 CamelliaSubkeyR(10) = tr ^ subr(11);
586 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
587 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
588 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
589 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
590 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
591 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
592 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
593 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
594 tl = subl(18) ^ (subr(18) & ~subr(16));
595 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
596 CamelliaSubkeyL(15) = subl(14) ^ tl;
597 CamelliaSubkeyR(15) = subr(14) ^ tr;
598 CamelliaSubkeyL(16) = subl(16);
599 CamelliaSubkeyR(16) = subr(16);
600 CamelliaSubkeyL(17) = subl(17);
601 CamelliaSubkeyR(17) = subr(17);
602 tl = subl(15) ^ (subr(15) & ~subr(17));
603 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
604 CamelliaSubkeyL(18) = tl ^ subl(19);
605 CamelliaSubkeyR(18) = tr ^ subr(19);
606 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
607 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
608 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
609 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
610 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
611 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
612 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
613 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
614 CamelliaSubkeyL(23) = subl(22);
615 CamelliaSubkeyR(23) = subr(22);
616 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
617 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
618
619 /* apply the inverse of the last half of P-function */
620 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
621 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
622 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
623 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
624 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
625 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
626 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
627 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
628 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
629 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
630 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
631 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
632 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
633 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
634 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
635 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
636 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
637 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
638 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
639 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
640 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
641 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
642 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
643 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
644 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
645 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
646 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
647 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
648 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
649 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
650 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
651 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
652 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
653 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
654 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
655 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
656
657 return;
658 }
659
660 void camellia_setup256(const unsigned char *key, u32 *subkey)
661 {
662 u32 kll,klr,krl,krr; /* left half of key */
663 u32 krll,krlr,krrl,krrr; /* right half of key */
664 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
665 u32 kw4l, kw4r, dw, tl, tr;
666 u32 subL[34];
667 u32 subR[34];
668
669 /**
670 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
671 * (|| is concatination)
672 */
673
674 kll = GETU32(key );
675 klr = GETU32(key + 4);
676 krl = GETU32(key + 8);
677 krr = GETU32(key + 12);
678 krll = GETU32(key + 16);
679 krlr = GETU32(key + 20);
680 krrl = GETU32(key + 24);
681 krrr = GETU32(key + 28);
682
683 /* generate KL dependent subkeys */
684 subl(0) = kll; subr(0) = klr;
685 subl(1) = krl; subr(1) = krr;
686 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
687 subl(12) = kll; subr(12) = klr;
688 subl(13) = krl; subr(13) = krr;
689 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
690 subl(16) = kll; subr(16) = klr;
691 subl(17) = krl; subr(17) = krr;
692 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
693 subl(22) = kll; subr(22) = klr;
694 subl(23) = krl; subr(23) = krr;
695 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
696 subl(30) = kll; subr(30) = klr;
697 subl(31) = krl; subr(31) = krr;
698
699 /* generate KR dependent subkeys */
700 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
701 subl(4) = krll; subr(4) = krlr;
702 subl(5) = krrl; subr(5) = krrr;
703 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
704 subl(8) = krll; subr(8) = krlr;
705 subl(9) = krrl; subr(9) = krrr;
706 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
707 subl(18) = krll; subr(18) = krlr;
708 subl(19) = krrl; subr(19) = krrr;
709 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
710 subl(26) = krll; subr(26) = krlr;
711 subl(27) = krrl; subr(27) = krrr;
712 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
713
714 /* generate KA */
715 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
716 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
717 CAMELLIA_F(kll, klr,
718 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
719 w0, w1, il, ir, t0, t1);
720 krl ^= w0; krr ^= w1;
721 CAMELLIA_F(krl, krr,
722 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
723 kll, klr, il, ir, t0, t1);
724 kll ^= krll; klr ^= krlr;
725 CAMELLIA_F(kll, klr,
726 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
727 krl, krr, il, ir, t0, t1);
728 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
729 CAMELLIA_F(krl, krr,
730 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
731 w0, w1, il, ir, t0, t1);
732 kll ^= w0; klr ^= w1;
733
734 /* generate KB */
735 krll ^= kll; krlr ^= klr;
736 krrl ^= krl; krrr ^= krr;
737 CAMELLIA_F(krll, krlr,
738 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
739 w0, w1, il, ir, t0, t1);
740 krrl ^= w0; krrr ^= w1;
741 CAMELLIA_F(krrl, krrr,
742 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
743 w0, w1, il, ir, t0, t1);
744 krll ^= w0; krlr ^= w1;
745
746 /* generate KA dependent subkeys */
747 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
748 subl(6) = kll; subr(6) = klr;
749 subl(7) = krl; subr(7) = krr;
750 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
751 subl(14) = kll; subr(14) = klr;
752 subl(15) = krl; subr(15) = krr;
753 subl(24) = klr; subr(24) = krl;
754 subl(25) = krr; subr(25) = kll;
755 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
756 subl(28) = kll; subr(28) = klr;
757 subl(29) = krl; subr(29) = krr;
758
759 /* generate KB dependent subkeys */
760 subl(2) = krll; subr(2) = krlr;
761 subl(3) = krrl; subr(3) = krrr;
762 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
763 subl(10) = krll; subr(10) = krlr;
764 subl(11) = krrl; subr(11) = krrr;
765 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
766 subl(20) = krll; subr(20) = krlr;
767 subl(21) = krrl; subr(21) = krrr;
768 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
769 subl(32) = krll; subr(32) = krlr;
770 subl(33) = krrl; subr(33) = krrr;
771
772 /* absorb kw2 to other subkeys */
773 subl(3) ^= subl(1); subr(3) ^= subr(1);
774 subl(5) ^= subl(1); subr(5) ^= subr(1);
775 subl(7) ^= subl(1); subr(7) ^= subr(1);
776 subl(1) ^= subr(1) & ~subr(9);
777 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
778 subl(11) ^= subl(1); subr(11) ^= subr(1);
779 subl(13) ^= subl(1); subr(13) ^= subr(1);
780 subl(15) ^= subl(1); subr(15) ^= subr(1);
781 subl(1) ^= subr(1) & ~subr(17);
782 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
783 subl(19) ^= subl(1); subr(19) ^= subr(1);
784 subl(21) ^= subl(1); subr(21) ^= subr(1);
785 subl(23) ^= subl(1); subr(23) ^= subr(1);
786 subl(1) ^= subr(1) & ~subr(25);
787 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
788 subl(27) ^= subl(1); subr(27) ^= subr(1);
789 subl(29) ^= subl(1); subr(29) ^= subr(1);
790 subl(31) ^= subl(1); subr(31) ^= subr(1);
791 subl(32) ^= subl(1); subr(32) ^= subr(1);
792
793 /* absorb kw4 to other subkeys */
794 kw4l = subl(33); kw4r = subr(33);
795 subl(30) ^= kw4l; subr(30) ^= kw4r;
796 subl(28) ^= kw4l; subr(28) ^= kw4r;
797 subl(26) ^= kw4l; subr(26) ^= kw4r;
798 kw4l ^= kw4r & ~subr(24);
799 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
800 subl(22) ^= kw4l; subr(22) ^= kw4r;
801 subl(20) ^= kw4l; subr(20) ^= kw4r;
802 subl(18) ^= kw4l; subr(18) ^= kw4r;
803 kw4l ^= kw4r & ~subr(16);
804 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
805 subl(14) ^= kw4l; subr(14) ^= kw4r;
806 subl(12) ^= kw4l; subr(12) ^= kw4r;
807 subl(10) ^= kw4l; subr(10) ^= kw4r;
808 kw4l ^= kw4r & ~subr(8);
809 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
810 subl(6) ^= kw4l; subr(6) ^= kw4r;
811 subl(4) ^= kw4l; subr(4) ^= kw4r;
812 subl(2) ^= kw4l; subr(2) ^= kw4r;
813 subl(0) ^= kw4l; subr(0) ^= kw4r;
814
815 /* key XOR is end of F-function */
816 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
817 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
818 CamelliaSubkeyL(2) = subl(3);
819 CamelliaSubkeyR(2) = subr(3);
820 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
821 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
822 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
823 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
824 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
825 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
826 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
827 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
828 tl = subl(10) ^ (subr(10) & ~subr(8));
829 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
830 CamelliaSubkeyL(7) = subl(6) ^ tl;
831 CamelliaSubkeyR(7) = subr(6) ^ tr;
832 CamelliaSubkeyL(8) = subl(8);
833 CamelliaSubkeyR(8) = subr(8);
834 CamelliaSubkeyL(9) = subl(9);
835 CamelliaSubkeyR(9) = subr(9);
836 tl = subl(7) ^ (subr(7) & ~subr(9));
837 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
838 CamelliaSubkeyL(10) = tl ^ subl(11);
839 CamelliaSubkeyR(10) = tr ^ subr(11);
840 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
841 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
842 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
843 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
844 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
845 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
846 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
847 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
848 tl = subl(18) ^ (subr(18) & ~subr(16));
849 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
850 CamelliaSubkeyL(15) = subl(14) ^ tl;
851 CamelliaSubkeyR(15) = subr(14) ^ tr;
852 CamelliaSubkeyL(16) = subl(16);
853 CamelliaSubkeyR(16) = subr(16);
854 CamelliaSubkeyL(17) = subl(17);
855 CamelliaSubkeyR(17) = subr(17);
856 tl = subl(15) ^ (subr(15) & ~subr(17));
857 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
858 CamelliaSubkeyL(18) = tl ^ subl(19);
859 CamelliaSubkeyR(18) = tr ^ subr(19);
860 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
861 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
862 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
863 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
864 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
865 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
866 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
867 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
868 tl = subl(26) ^ (subr(26) & ~subr(24));
869 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
870 CamelliaSubkeyL(23) = subl(22) ^ tl;
871 CamelliaSubkeyR(23) = subr(22) ^ tr;
872 CamelliaSubkeyL(24) = subl(24);
873 CamelliaSubkeyR(24) = subr(24);
874 CamelliaSubkeyL(25) = subl(25);
875 CamelliaSubkeyR(25) = subr(25);
876 tl = subl(23) ^ (subr(23) & ~subr(25));
877 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
878 CamelliaSubkeyL(26) = tl ^ subl(27);
879 CamelliaSubkeyR(26) = tr ^ subr(27);
880 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
881 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
882 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
883 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
884 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
885 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
886 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
887 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
888 CamelliaSubkeyL(31) = subl(30);
889 CamelliaSubkeyR(31) = subr(30);
890 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
891 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
892
893 /* apply the inverse of the last half of P-function */
894 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
895 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
896 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
897 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
898 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
899 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
900 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
901 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
902 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
903 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
904 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
905 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
906 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
907 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
908 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
909 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
910 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
911 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
912 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
913 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
914 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
915 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
916 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
917 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
918 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
919 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
920 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
921 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
922 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
923 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
924 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
925 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
926 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
927 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
928 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
929 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
930 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
931 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
932 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
933 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
934 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
935 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
936 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
937 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
938 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
939 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
940 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
941 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
942
943 return;
944 }
945
946 void camellia_setup192(const unsigned char *key, u32 *subkey)
947 {
948 unsigned char kk[32];
949 u32 krll, krlr, krrl,krrr;
950
951 memcpy(kk, key, 24);
952 memcpy((unsigned char *)&krll, key+16,4);
953 memcpy((unsigned char *)&krlr, key+20,4);
954 krrl = ~krll;
955 krrr = ~krlr;
956 memcpy(kk+24, (unsigned char *)&krrl, 4);
957 memcpy(kk+28, (unsigned char *)&krrr, 4);
958 camellia_setup256(kk, subkey);
959 return;
960 }
961
962
963 /**
964 * Stuff related to camellia encryption/decryption
965 *
966 * "io" must be 4byte aligned and big-endian data.
967 */
968 void camellia_encrypt128(const u32 *subkey, u32 *io)
969 {
970 u32 il, ir, t0, t1;
971
972 /* pre whitening but absorb kw2*/
973 io[0] ^= CamelliaSubkeyL(0);
974 io[1] ^= CamelliaSubkeyR(0);
975 /* main iteration */
976
977 CAMELLIA_ROUNDSM(io[0],io[1],
978 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
979 io[2],io[3],il,ir,t0,t1);
980 CAMELLIA_ROUNDSM(io[2],io[3],
981 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
982 io[0],io[1],il,ir,t0,t1);
983 CAMELLIA_ROUNDSM(io[0],io[1],
984 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
985 io[2],io[3],il,ir,t0,t1);
986 CAMELLIA_ROUNDSM(io[2],io[3],
987 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
988 io[0],io[1],il,ir,t0,t1);
989 CAMELLIA_ROUNDSM(io[0],io[1],
990 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
991 io[2],io[3],il,ir,t0,t1);
992 CAMELLIA_ROUNDSM(io[2],io[3],
993 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
994 io[0],io[1],il,ir,t0,t1);
995
996 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
997 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
998 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
999 t0,t1,il,ir);
1000
1001 CAMELLIA_ROUNDSM(io[0],io[1],
1002 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1003 io[2],io[3],il,ir,t0,t1);
1004 CAMELLIA_ROUNDSM(io[2],io[3],
1005 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1006 io[0],io[1],il,ir,t0,t1);
1007 CAMELLIA_ROUNDSM(io[0],io[1],
1008 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1009 io[2],io[3],il,ir,t0,t1);
1010 CAMELLIA_ROUNDSM(io[2],io[3],
1011 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1012 io[0],io[1],il,ir,t0,t1);
1013 CAMELLIA_ROUNDSM(io[0],io[1],
1014 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1015 io[2],io[3],il,ir,t0,t1);
1016 CAMELLIA_ROUNDSM(io[2],io[3],
1017 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1018 io[0],io[1],il,ir,t0,t1);
1019
1020 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1021 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1022 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1023 t0,t1,il,ir);
1024
1025 CAMELLIA_ROUNDSM(io[0],io[1],
1026 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1027 io[2],io[3],il,ir,t0,t1);
1028 CAMELLIA_ROUNDSM(io[2],io[3],
1029 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1030 io[0],io[1],il,ir,t0,t1);
1031 CAMELLIA_ROUNDSM(io[0],io[1],
1032 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1033 io[2],io[3],il,ir,t0,t1);
1034 CAMELLIA_ROUNDSM(io[2],io[3],
1035 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1036 io[0],io[1],il,ir,t0,t1);
1037 CAMELLIA_ROUNDSM(io[0],io[1],
1038 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1039 io[2],io[3],il,ir,t0,t1);
1040 CAMELLIA_ROUNDSM(io[2],io[3],
1041 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1042 io[0],io[1],il,ir,t0,t1);
1043
1044 /* post whitening but kw4 */
1045 io[2] ^= CamelliaSubkeyL(24);
1046 io[3] ^= CamelliaSubkeyR(24);
1047
1048 t0 = io[0];
1049 t1 = io[1];
1050 io[0] = io[2];
1051 io[1] = io[3];
1052 io[2] = t0;
1053 io[3] = t1;
1054
1055 return;
1056 }
1057
1058 void camellia_decrypt128(const u32 *subkey, u32 *io)
1059 {
1060 u32 il,ir,t0,t1; /* temporary valiables */
1061
1062 /* pre whitening but absorb kw2*/
1063 io[0] ^= CamelliaSubkeyL(24);
1064 io[1] ^= CamelliaSubkeyR(24);
1065
1066 /* main iteration */
1067 CAMELLIA_ROUNDSM(io[0],io[1],
1068 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1069 io[2],io[3],il,ir,t0,t1);
1070 CAMELLIA_ROUNDSM(io[2],io[3],
1071 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1072 io[0],io[1],il,ir,t0,t1);
1073 CAMELLIA_ROUNDSM(io[0],io[1],
1074 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1075 io[2],io[3],il,ir,t0,t1);
1076 CAMELLIA_ROUNDSM(io[2],io[3],
1077 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1078 io[0],io[1],il,ir,t0,t1);
1079 CAMELLIA_ROUNDSM(io[0],io[1],
1080 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1081 io[2],io[3],il,ir,t0,t1);
1082 CAMELLIA_ROUNDSM(io[2],io[3],
1083 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1084 io[0],io[1],il,ir,t0,t1);
1085
1086 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1087 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1088 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1089 t0,t1,il,ir);
1090
1091 CAMELLIA_ROUNDSM(io[0],io[1],
1092 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1093 io[2],io[3],il,ir,t0,t1);
1094 CAMELLIA_ROUNDSM(io[2],io[3],
1095 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1096 io[0],io[1],il,ir,t0,t1);
1097 CAMELLIA_ROUNDSM(io[0],io[1],
1098 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1099 io[2],io[3],il,ir,t0,t1);
1100 CAMELLIA_ROUNDSM(io[2],io[3],
1101 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1102 io[0],io[1],il,ir,t0,t1);
1103 CAMELLIA_ROUNDSM(io[0],io[1],
1104 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1105 io[2],io[3],il,ir,t0,t1);
1106 CAMELLIA_ROUNDSM(io[2],io[3],
1107 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1108 io[0],io[1],il,ir,t0,t1);
1109
1110 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1111 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1112 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1113 t0,t1,il,ir);
1114
1115 CAMELLIA_ROUNDSM(io[0],io[1],
1116 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1117 io[2],io[3],il,ir,t0,t1);
1118 CAMELLIA_ROUNDSM(io[2],io[3],
1119 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1120 io[0],io[1],il,ir,t0,t1);
1121 CAMELLIA_ROUNDSM(io[0],io[1],
1122 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1123 io[2],io[3],il,ir,t0,t1);
1124 CAMELLIA_ROUNDSM(io[2],io[3],
1125 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1126 io[0],io[1],il,ir,t0,t1);
1127 CAMELLIA_ROUNDSM(io[0],io[1],
1128 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1129 io[2],io[3],il,ir,t0,t1);
1130 CAMELLIA_ROUNDSM(io[2],io[3],
1131 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1132 io[0],io[1],il,ir,t0,t1);
1133
1134 /* post whitening but kw4 */
1135 io[2] ^= CamelliaSubkeyL(0);
1136 io[3] ^= CamelliaSubkeyR(0);
1137
1138 t0 = io[0];
1139 t1 = io[1];
1140 io[0] = io[2];
1141 io[1] = io[3];
1142 io[2] = t0;
1143 io[3] = t1;
1144
1145 return;
1146 }
1147
1148 /**
1149 * stuff for 192 and 256bit encryption/decryption
1150 */
1151 void camellia_encrypt256(const u32 *subkey, u32 *io)
1152 {
1153 u32 il,ir,t0,t1; /* temporary valiables */
1154
1155 /* pre whitening but absorb kw2*/
1156 io[0] ^= CamelliaSubkeyL(0);
1157 io[1] ^= CamelliaSubkeyR(0);
1158
1159 /* main iteration */
1160 CAMELLIA_ROUNDSM(io[0],io[1],
1161 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1162 io[2],io[3],il,ir,t0,t1);
1163 CAMELLIA_ROUNDSM(io[2],io[3],
1164 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1165 io[0],io[1],il,ir,t0,t1);
1166 CAMELLIA_ROUNDSM(io[0],io[1],
1167 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1168 io[2],io[3],il,ir,t0,t1);
1169 CAMELLIA_ROUNDSM(io[2],io[3],
1170 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1171 io[0],io[1],il,ir,t0,t1);
1172 CAMELLIA_ROUNDSM(io[0],io[1],
1173 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1174 io[2],io[3],il,ir,t0,t1);
1175 CAMELLIA_ROUNDSM(io[2],io[3],
1176 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1177 io[0],io[1],il,ir,t0,t1);
1178
1179 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1180 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1181 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1182 t0,t1,il,ir);
1183
1184 CAMELLIA_ROUNDSM(io[0],io[1],
1185 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1186 io[2],io[3],il,ir,t0,t1);
1187 CAMELLIA_ROUNDSM(io[2],io[3],
1188 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1189 io[0],io[1],il,ir,t0,t1);
1190 CAMELLIA_ROUNDSM(io[0],io[1],
1191 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1192 io[2],io[3],il,ir,t0,t1);
1193 CAMELLIA_ROUNDSM(io[2],io[3],
1194 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1195 io[0],io[1],il,ir,t0,t1);
1196 CAMELLIA_ROUNDSM(io[0],io[1],
1197 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1198 io[2],io[3],il,ir,t0,t1);
1199 CAMELLIA_ROUNDSM(io[2],io[3],
1200 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1201 io[0],io[1],il,ir,t0,t1);
1202
1203 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1204 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1205 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1206 t0,t1,il,ir);
1207
1208 CAMELLIA_ROUNDSM(io[0],io[1],
1209 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1210 io[2],io[3],il,ir,t0,t1);
1211 CAMELLIA_ROUNDSM(io[2],io[3],
1212 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1213 io[0],io[1],il,ir,t0,t1);
1214 CAMELLIA_ROUNDSM(io[0],io[1],
1215 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1216 io[2],io[3],il,ir,t0,t1);
1217 CAMELLIA_ROUNDSM(io[2],io[3],
1218 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1219 io[0],io[1],il,ir,t0,t1);
1220 CAMELLIA_ROUNDSM(io[0],io[1],
1221 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1222 io[2],io[3],il,ir,t0,t1);
1223 CAMELLIA_ROUNDSM(io[2],io[3],
1224 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1225 io[0],io[1],il,ir,t0,t1);
1226
1227 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1228 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1229 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1230 t0,t1,il,ir);
1231
1232 CAMELLIA_ROUNDSM(io[0],io[1],
1233 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1234 io[2],io[3],il,ir,t0,t1);
1235 CAMELLIA_ROUNDSM(io[2],io[3],
1236 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1237 io[0],io[1],il,ir,t0,t1);
1238 CAMELLIA_ROUNDSM(io[0],io[1],
1239 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1240 io[2],io[3],il,ir,t0,t1);
1241 CAMELLIA_ROUNDSM(io[2],io[3],
1242 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1243 io[0],io[1],il,ir,t0,t1);
1244 CAMELLIA_ROUNDSM(io[0],io[1],
1245 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1246 io[2],io[3],il,ir,t0,t1);
1247 CAMELLIA_ROUNDSM(io[2],io[3],
1248 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1249 io[0],io[1],il,ir,t0,t1);
1250
1251 /* post whitening but kw4 */
1252 io[2] ^= CamelliaSubkeyL(32);
1253 io[3] ^= CamelliaSubkeyR(32);
1254
1255 t0 = io[0];
1256 t1 = io[1];
1257 io[0] = io[2];
1258 io[1] = io[3];
1259 io[2] = t0;
1260 io[3] = t1;
1261
1262 return;
1263 }
1264
1265 void camellia_decrypt256(const u32 *subkey, u32 *io)
1266 {
1267 u32 il,ir,t0,t1; /* temporary valiables */
1268
1269 /* pre whitening but absorb kw2*/
1270 io[0] ^= CamelliaSubkeyL(32);
1271 io[1] ^= CamelliaSubkeyR(32);
1272
1273 /* main iteration */
1274 CAMELLIA_ROUNDSM(io[0],io[1],
1275 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1276 io[2],io[3],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[2],io[3],
1278 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1279 io[0],io[1],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[0],io[1],
1281 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1282 io[2],io[3],il,ir,t0,t1);
1283 CAMELLIA_ROUNDSM(io[2],io[3],
1284 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1285 io[0],io[1],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[0],io[1],
1287 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1288 io[2],io[3],il,ir,t0,t1);
1289 CAMELLIA_ROUNDSM(io[2],io[3],
1290 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1291 io[0],io[1],il,ir,t0,t1);
1292
1293 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1294 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1295 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1296 t0,t1,il,ir);
1297
1298 CAMELLIA_ROUNDSM(io[0],io[1],
1299 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1300 io[2],io[3],il,ir,t0,t1);
1301 CAMELLIA_ROUNDSM(io[2],io[3],
1302 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1303 io[0],io[1],il,ir,t0,t1);
1304 CAMELLIA_ROUNDSM(io[0],io[1],
1305 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1306 io[2],io[3],il,ir,t0,t1);
1307 CAMELLIA_ROUNDSM(io[2],io[3],
1308 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1309 io[0],io[1],il,ir,t0,t1);
1310 CAMELLIA_ROUNDSM(io[0],io[1],
1311 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1312 io[2],io[3],il,ir,t0,t1);
1313 CAMELLIA_ROUNDSM(io[2],io[3],
1314 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1315 io[0],io[1],il,ir,t0,t1);
1316
1317 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1318 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1319 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1320 t0,t1,il,ir);
1321
1322 CAMELLIA_ROUNDSM(io[0],io[1],
1323 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1324 io[2],io[3],il,ir,t0,t1);
1325 CAMELLIA_ROUNDSM(io[2],io[3],
1326 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1327 io[0],io[1],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[0],io[1],
1329 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1330 io[2],io[3],il,ir,t0,t1);
1331 CAMELLIA_ROUNDSM(io[2],io[3],
1332 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1333 io[0],io[1],il,ir,t0,t1);
1334 CAMELLIA_ROUNDSM(io[0],io[1],
1335 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1336 io[2],io[3],il,ir,t0,t1);
1337 CAMELLIA_ROUNDSM(io[2],io[3],
1338 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1339 io[0],io[1],il,ir,t0,t1);
1340
1341 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1342 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1343 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1344 t0,t1,il,ir);
1345
1346 CAMELLIA_ROUNDSM(io[0],io[1],
1347 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1348 io[2],io[3],il,ir,t0,t1);
1349 CAMELLIA_ROUNDSM(io[2],io[3],
1350 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1351 io[0],io[1],il,ir,t0,t1);
1352 CAMELLIA_ROUNDSM(io[0],io[1],
1353 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1354 io[2],io[3],il,ir,t0,t1);
1355 CAMELLIA_ROUNDSM(io[2],io[3],
1356 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1357 io[0],io[1],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[0],io[1],
1359 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1360 io[2],io[3],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[2],io[3],
1362 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1363 io[0],io[1],il,ir,t0,t1);
1364
1365 /* post whitening but kw4 */
1366 io[2] ^= CamelliaSubkeyL(0);
1367 io[3] ^= CamelliaSubkeyR(0);
1368
1369 t0 = io[0];
1370 t1 = io[1];
1371 io[0] = io[2];
1372 io[1] = io[3];
1373 io[2] = t0;
1374 io[3] = t1;
1375
1376 return;
1377 }
1378
1379 /***
1380 *
1381 * API for compatibility
1382 */
1383
1384 void Camellia_Ekeygen(const int keyBitLength,
1385 const unsigned char *rawKey,
1386 KEY_TABLE_TYPE keyTable)
1387 {
1388 switch(keyBitLength) {
1389 case 128:
1390 camellia_setup128(rawKey, keyTable);
1391 break;
1392 case 192:
1393 camellia_setup192(rawKey, keyTable);
1394 break;
1395 case 256:
1396 camellia_setup256(rawKey, keyTable);
1397 break;
1398 default:
1399 break;
1400 }
1401 }
1402
1403
1404 void Camellia_EncryptBlock(const int keyBitLength,
1405 const unsigned char *plaintext,
1406 const KEY_TABLE_TYPE keyTable,
1407 unsigned char *ciphertext)
1408 {
1409 u32 tmp[4];
1410
1411 tmp[0] = GETU32(plaintext);
1412 tmp[1] = GETU32(plaintext + 4);
1413 tmp[2] = GETU32(plaintext + 8);
1414 tmp[3] = GETU32(plaintext + 12);
1415
1416 switch (keyBitLength) {
1417 case 128:
1418 camellia_encrypt128(keyTable, tmp);
1419 break;
1420 case 192:
1421 /* fall through */
1422 case 256:
1423 camellia_encrypt256(keyTable, tmp);
1424 break;
1425 default:
1426 break;
1427 }
1428
1429 PUTU32(ciphertext, tmp[0]);
1430 PUTU32(ciphertext + 4, tmp[1]);
1431 PUTU32(ciphertext + 8, tmp[2]);
1432 PUTU32(ciphertext + 12, tmp[3]);
1433 }
1434
1435 void Camellia_DecryptBlock(const int keyBitLength,
1436 const unsigned char *ciphertext,
1437 const KEY_TABLE_TYPE keyTable,
1438 unsigned char *plaintext)
1439 {
1440 u32 tmp[4];
1441
1442 tmp[0] = GETU32(ciphertext);
1443 tmp[1] = GETU32(ciphertext + 4);
1444 tmp[2] = GETU32(ciphertext + 8);
1445 tmp[3] = GETU32(ciphertext + 12);
1446
1447 switch (keyBitLength) {
1448 case 128:
1449 camellia_decrypt128(keyTable, tmp);
1450 break;
1451 case 192:
1452 /* fall through */
1453 case 256:
1454 camellia_decrypt256(keyTable, tmp);
1455 break;
1456 default:
1457 break;
1458 }
1459 PUTU32(plaintext, tmp[0]);
1460 PUTU32(plaintext + 4, tmp[1]);
1461 PUTU32(plaintext + 8, tmp[2]);
1462 PUTU32(plaintext + 12, tmp[3]);
1463 }
Mirror of AROS' svn.