search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move the typedef u<num> to camellia-ntt.h header file.
[heimdal.git] / lib / hcrypto / camellia-ntt.c
blob9a82c09abb93269ff812521accc14f0bfb2df378
1 /* camellia.c ver 1.2.0
2 *
3 * Copyright (c) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer as
11 * the first lines of this file unmodified.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 /*
29 * Algorithm Specification
30 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
31 */
32
33
34 #include <string.h>
35 #include <stdlib.h>
36
37 #include <krb5-types.h>
38 #include "camellia-ntt.h"
39
40 /* key constants */
41
42 #define CAMELLIA_SIGMA1L (0xA09E667FL)
43 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
44 #define CAMELLIA_SIGMA2L (0xB67AE858L)
45 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
46 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
47 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
48 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
49 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
50 #define CAMELLIA_SIGMA5L (0x10E527FAL)
51 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
52 #define CAMELLIA_SIGMA6L (0xB05688C2L)
53 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
54
55 /*
56 * macros
57 */
58
59
60 #if defined(_MSC_VER)
61
62 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
63 # define GETU32(p) SWAP(*((u32 *)(p)))
64 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
65
66 #else /* not MS-VC */
67
68 # define GETU32(pt) \
69 (((u32)(pt)[0] << 24) \
70 ^ ((u32)(pt)[1] << 16) \
71 ^ ((u32)(pt)[2] << 8) \
72 ^ ((u32)(pt)[3]))
73
74 # define PUTU32(ct, st) { \
75 (ct)[0] = (u8)((st) >> 24); \
76 (ct)[1] = (u8)((st) >> 16); \
77 (ct)[2] = (u8)((st) >> 8); \
78 (ct)[3] = (u8)(st); }
79
80 #endif
81
82 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
83 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
84
85 /* rotation right shift 1byte */
86 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
87 /* rotation left shift 1bit */
88 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
89 /* rotation left shift 1byte */
90 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
91
92 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
93 do { \
94 w0 = ll; \
95 ll = (ll << bits) + (lr >> (32 - bits)); \
96 lr = (lr << bits) + (rl >> (32 - bits)); \
97 rl = (rl << bits) + (rr >> (32 - bits)); \
98 rr = (rr << bits) + (w0 >> (32 - bits)); \
99 } while(0)
100
101 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
102 do { \
103 w0 = ll; \
104 w1 = lr; \
105 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
106 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
107 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
108 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
109 } while(0)
110
111 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
112 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
113 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
114 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
115
116 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
117 do { \
118 il = xl ^ kl; \
119 ir = xr ^ kr; \
120 t0 = il >> 16; \
121 t1 = ir >> 16; \
122 yl = CAMELLIA_SP1110(ir & 0xff) \
123 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
124 ^ CAMELLIA_SP3033(t1 & 0xff) \
125 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
126 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
127 ^ CAMELLIA_SP0222(t0 & 0xff) \
128 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
129 ^ CAMELLIA_SP4404(il & 0xff); \
130 yl ^= yr; \
131 yr = CAMELLIA_RR8(yr); \
132 yr ^= yl; \
133 } while(0)
134
135
136 /*
137 * for speed up
138 *
139 */
140 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
141 do { \
142 t0 = kll; \
143 t0 &= ll; \
144 lr ^= CAMELLIA_RL1(t0); \
145 t1 = klr; \
146 t1 |= lr; \
147 ll ^= t1; \
148 \
149 t2 = krr; \
150 t2 |= rr; \
151 rl ^= t2; \
152 t3 = krl; \
153 t3 &= rl; \
154 rr ^= CAMELLIA_RL1(t3); \
155 } while(0)
156
157 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
158 do { \
159 ir = CAMELLIA_SP1110(xr & 0xff) \
160 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
161 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
162 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
163 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
164 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
165 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
166 ^ CAMELLIA_SP4404(xl & 0xff); \
167 il ^= kl; \
168 ir ^= kr; \
169 ir ^= il; \
170 il = CAMELLIA_RR8(il); \
171 il ^= ir; \
172 yl ^= ir; \
173 yr ^= il; \
174 } while(0)
175
176
177 static const u32 camellia_sp1110[256] = {
178 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
179 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
180 0xe4e4e400,0x85858500,0x57575700,0x35353500,
181 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
182 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
183 0x45454500,0x19191900,0xa5a5a500,0x21212100,
184 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
185 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
186 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
187 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
188 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
189 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
190 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
191 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
192 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
193 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
194 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
195 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
196 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
197 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
198 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
199 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
200 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
201 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
202 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
203 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
204 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
205 0x53535300,0x18181800,0xf2f2f200,0x22222200,
206 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
207 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
208 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
209 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
210 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
211 0xa1a1a100,0x89898900,0x62626200,0x97979700,
212 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
213 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
214 0x10101000,0xc4c4c400,0x00000000,0x48484800,
215 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
216 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
217 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
218 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
219 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
220 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
221 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
222 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
223 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
224 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
225 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
226 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
227 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
228 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
229 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
230 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
231 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
232 0xd4d4d400,0x25252500,0xababab00,0x42424200,
233 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
234 0x72727200,0x07070700,0xb9b9b900,0x55555500,
235 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
236 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
237 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
238 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
239 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
240 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
241 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
242 };
243
244 static const u32 camellia_sp0222[256] = {
245 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
246 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
247 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
248 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
249 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
250 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
251 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
252 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
253 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
254 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
255 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
256 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
257 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
258 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
259 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
260 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
261 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
262 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
263 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
264 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
265 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
266 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
267 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
268 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
269 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
270 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
271 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
272 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
273 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
274 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
275 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
276 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
277 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
278 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
279 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
280 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
281 0x00202020,0x00898989,0x00000000,0x00909090,
282 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
283 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
284 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
285 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
286 0x009b9b9b,0x00949494,0x00212121,0x00666666,
287 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
288 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
289 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
290 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
291 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
292 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
293 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
294 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
295 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
296 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
297 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
298 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
299 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
300 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
301 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
302 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
303 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
304 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
305 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
306 0x00777777,0x00939393,0x00868686,0x00838383,
307 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
308 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
309 };
310
311 static const u32 camellia_sp3033[256] = {
312 0x38003838,0x41004141,0x16001616,0x76007676,
313 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
314 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
315 0x75007575,0x06000606,0x57005757,0xa000a0a0,
316 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
317 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
318 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
319 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
320 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
321 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
322 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
323 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
324 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
325 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
326 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
327 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
328 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
329 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
330 0x3a003a3a,0x09000909,0x95009595,0x10001010,
331 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
332 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
333 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
334 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
335 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
336 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
337 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
338 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
339 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
340 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
341 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
342 0x12001212,0x04000404,0x74007474,0x54005454,
343 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
344 0x55005555,0x68006868,0x50005050,0xbe00bebe,
345 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
346 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
347 0x70007070,0xff00ffff,0x32003232,0x69006969,
348 0x08000808,0x62006262,0x00000000,0x24002424,
349 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
350 0x45004545,0x81008181,0x73007373,0x6d006d6d,
351 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
352 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
353 0xe600e6e6,0x25002525,0x48004848,0x99009999,
354 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
355 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
356 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
357 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
358 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
359 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
360 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
361 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
362 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
363 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
364 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
365 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
366 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
367 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
368 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
369 0x7c007c7c,0x77007777,0x56005656,0x05000505,
370 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
371 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
372 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
373 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
374 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
375 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
376 };
377
378 static const u32 camellia_sp4404[256] = {
379 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
380 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
381 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
382 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
383 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
384 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
385 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
386 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
387 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
388 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
389 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
390 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
391 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
392 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
393 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
394 0x24240024,0xe8e800e8,0x60600060,0x69690069,
395 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
396 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
397 0x10100010,0x00000000,0xa3a300a3,0x75750075,
398 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
399 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
400 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
401 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
402 0x81810081,0x6f6f006f,0x13130013,0x63630063,
403 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
404 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
405 0x78780078,0x06060006,0xe7e700e7,0x71710071,
406 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
407 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
408 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
409 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
410 0x15150015,0xadad00ad,0x77770077,0x80800080,
411 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
412 0x85850085,0x35350035,0x0c0c000c,0x41410041,
413 0xefef00ef,0x93930093,0x19190019,0x21210021,
414 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
415 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
416 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
417 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
418 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
419 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
420 0x12120012,0x20200020,0xb1b100b1,0x99990099,
421 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
422 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
423 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
424 0x0f0f000f,0x16160016,0x18180018,0x22220022,
425 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
426 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
427 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
428 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
429 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
430 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
431 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
432 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
433 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
434 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
435 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
436 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
437 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
438 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
439 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
440 0x49490049,0x68680068,0x38380038,0xa4a400a4,
441 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
442 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
443 };
444
445
446 /**
447 * Stuff related to the Camellia key schedule
448 */
449 #define subl(x) subL[(x)]
450 #define subr(x) subR[(x)]
451
452 static void camellia_setup128(const unsigned char *key, u32 *subkey)
453 {
454 u32 kll, klr, krl, krr;
455 u32 il, ir, t0, t1, w0, w1;
456 u32 kw4l, kw4r, dw, tl, tr;
457 u32 subL[26];
458 u32 subR[26];
459
460 /**
461 * k == kll || klr || krl || krr (|| is concatination)
462 */
463 kll = GETU32(key );
464 klr = GETU32(key + 4);
465 krl = GETU32(key + 8);
466 krr = GETU32(key + 12);
467 /**
468 * generate KL dependent subkeys
469 */
470 subl(0) = kll; subr(0) = klr;
471 subl(1) = krl; subr(1) = krr;
472 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
473 subl(4) = kll; subr(4) = klr;
474 subl(5) = krl; subr(5) = krr;
475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
476 subl(10) = kll; subr(10) = klr;
477 subl(11) = krl; subr(11) = krr;
478 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
479 subl(13) = krl; subr(13) = krr;
480 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
481 subl(16) = kll; subr(16) = klr;
482 subl(17) = krl; subr(17) = krr;
483 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
484 subl(18) = kll; subr(18) = klr;
485 subl(19) = krl; subr(19) = krr;
486 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
487 subl(22) = kll; subr(22) = klr;
488 subl(23) = krl; subr(23) = krr;
489
490 /* generate KA */
491 kll = subl(0); klr = subr(0);
492 krl = subl(1); krr = subr(1);
493 CAMELLIA_F(kll, klr,
494 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
495 w0, w1, il, ir, t0, t1);
496 krl ^= w0; krr ^= w1;
497 CAMELLIA_F(krl, krr,
498 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
499 kll, klr, il, ir, t0, t1);
500 CAMELLIA_F(kll, klr,
501 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
502 krl, krr, il, ir, t0, t1);
503 krl ^= w0; krr ^= w1;
504 CAMELLIA_F(krl, krr,
505 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
506 w0, w1, il, ir, t0, t1);
507 kll ^= w0; klr ^= w1;
508
509 /* generate KA dependent subkeys */
510 subl(2) = kll; subr(2) = klr;
511 subl(3) = krl; subr(3) = krr;
512 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
513 subl(6) = kll; subr(6) = klr;
514 subl(7) = krl; subr(7) = krr;
515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
516 subl(8) = kll; subr(8) = klr;
517 subl(9) = krl; subr(9) = krr;
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
519 subl(12) = kll; subr(12) = klr;
520 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
521 subl(14) = kll; subr(14) = klr;
522 subl(15) = krl; subr(15) = krr;
523 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
524 subl(20) = kll; subr(20) = klr;
525 subl(21) = krl; subr(21) = krr;
526 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
527 subl(24) = kll; subr(24) = klr;
528 subl(25) = krl; subr(25) = krr;
529
530
531 /* absorb kw2 to other subkeys */
532 subl(3) ^= subl(1); subr(3) ^= subr(1);
533 subl(5) ^= subl(1); subr(5) ^= subr(1);
534 subl(7) ^= subl(1); subr(7) ^= subr(1);
535 subl(1) ^= subr(1) & ~subr(9);
536 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
537 subl(11) ^= subl(1); subr(11) ^= subr(1);
538 subl(13) ^= subl(1); subr(13) ^= subr(1);
539 subl(15) ^= subl(1); subr(15) ^= subr(1);
540 subl(1) ^= subr(1) & ~subr(17);
541 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
542 subl(19) ^= subl(1); subr(19) ^= subr(1);
543 subl(21) ^= subl(1); subr(21) ^= subr(1);
544 subl(23) ^= subl(1); subr(23) ^= subr(1);
545 subl(24) ^= subl(1); subr(24) ^= subr(1);
546
547 /* absorb kw4 to other subkeys */
548 kw4l = subl(25); kw4r = subr(25);
549 subl(22) ^= kw4l; subr(22) ^= kw4r;
550 subl(20) ^= kw4l; subr(20) ^= kw4r;
551 subl(18) ^= kw4l; subr(18) ^= kw4r;
552 kw4l ^= kw4r & ~subr(16);
553 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
554 subl(14) ^= kw4l; subr(14) ^= kw4r;
555 subl(12) ^= kw4l; subr(12) ^= kw4r;
556 subl(10) ^= kw4l; subr(10) ^= kw4r;
557 kw4l ^= kw4r & ~subr(8);
558 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
559 subl(6) ^= kw4l; subr(6) ^= kw4r;
560 subl(4) ^= kw4l; subr(4) ^= kw4r;
561 subl(2) ^= kw4l; subr(2) ^= kw4r;
562 subl(0) ^= kw4l; subr(0) ^= kw4r;
563
564 /* key XOR is end of F-function */
565 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
566 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
567 CamelliaSubkeyL(2) = subl(3);
568 CamelliaSubkeyR(2) = subr(3);
569 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
570 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
571 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
572 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
573 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
574 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
575 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
576 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
577 tl = subl(10) ^ (subr(10) & ~subr(8));
578 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
579 CamelliaSubkeyL(7) = subl(6) ^ tl;
580 CamelliaSubkeyR(7) = subr(6) ^ tr;
581 CamelliaSubkeyL(8) = subl(8);
582 CamelliaSubkeyR(8) = subr(8);
583 CamelliaSubkeyL(9) = subl(9);
584 CamelliaSubkeyR(9) = subr(9);
585 tl = subl(7) ^ (subr(7) & ~subr(9));
586 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
587 CamelliaSubkeyL(10) = tl ^ subl(11);
588 CamelliaSubkeyR(10) = tr ^ subr(11);
589 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
590 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
591 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
592 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
593 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
594 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
595 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
596 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
597 tl = subl(18) ^ (subr(18) & ~subr(16));
598 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
599 CamelliaSubkeyL(15) = subl(14) ^ tl;
600 CamelliaSubkeyR(15) = subr(14) ^ tr;
601 CamelliaSubkeyL(16) = subl(16);
602 CamelliaSubkeyR(16) = subr(16);
603 CamelliaSubkeyL(17) = subl(17);
604 CamelliaSubkeyR(17) = subr(17);
605 tl = subl(15) ^ (subr(15) & ~subr(17));
606 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
607 CamelliaSubkeyL(18) = tl ^ subl(19);
608 CamelliaSubkeyR(18) = tr ^ subr(19);
609 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
610 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
611 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
612 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
613 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
614 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
615 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
616 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
617 CamelliaSubkeyL(23) = subl(22);
618 CamelliaSubkeyR(23) = subr(22);
619 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
620 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
621
622 /* apply the inverse of the last half of P-function */
623 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
624 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
625 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
626 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
627 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
628 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
629 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
630 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
631 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
632 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
633 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
634 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
635 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
636 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
637 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
638 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
639 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
640 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
641 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
642 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
643 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
644 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
645 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
646 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
647 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
648 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
649 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
650 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
651 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
652 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
653 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
654 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
655 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
656 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
657 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
658 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
659
660 return;
661 }
662
663 static void camellia_setup256(const unsigned char *key, u32 *subkey)
664 {
665 u32 kll,klr,krl,krr; /* left half of key */
666 u32 krll,krlr,krrl,krrr; /* right half of key */
667 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
668 u32 kw4l, kw4r, dw, tl, tr;
669 u32 subL[34];
670 u32 subR[34];
671
672 /**
673 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
674 * (|| is concatination)
675 */
676
677 kll = GETU32(key );
678 klr = GETU32(key + 4);
679 krl = GETU32(key + 8);
680 krr = GETU32(key + 12);
681 krll = GETU32(key + 16);
682 krlr = GETU32(key + 20);
683 krrl = GETU32(key + 24);
684 krrr = GETU32(key + 28);
685
686 /* generate KL dependent subkeys */
687 subl(0) = kll; subr(0) = klr;
688 subl(1) = krl; subr(1) = krr;
689 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
690 subl(12) = kll; subr(12) = klr;
691 subl(13) = krl; subr(13) = krr;
692 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
693 subl(16) = kll; subr(16) = klr;
694 subl(17) = krl; subr(17) = krr;
695 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
696 subl(22) = kll; subr(22) = klr;
697 subl(23) = krl; subr(23) = krr;
698 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
699 subl(30) = kll; subr(30) = klr;
700 subl(31) = krl; subr(31) = krr;
701
702 /* generate KR dependent subkeys */
703 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
704 subl(4) = krll; subr(4) = krlr;
705 subl(5) = krrl; subr(5) = krrr;
706 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
707 subl(8) = krll; subr(8) = krlr;
708 subl(9) = krrl; subr(9) = krrr;
709 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
710 subl(18) = krll; subr(18) = krlr;
711 subl(19) = krrl; subr(19) = krrr;
712 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
713 subl(26) = krll; subr(26) = krlr;
714 subl(27) = krrl; subr(27) = krrr;
715 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
716
717 /* generate KA */
718 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
719 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
720 CAMELLIA_F(kll, klr,
721 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
722 w0, w1, il, ir, t0, t1);
723 krl ^= w0; krr ^= w1;
724 CAMELLIA_F(krl, krr,
725 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
726 kll, klr, il, ir, t0, t1);
727 kll ^= krll; klr ^= krlr;
728 CAMELLIA_F(kll, klr,
729 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
730 krl, krr, il, ir, t0, t1);
731 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
732 CAMELLIA_F(krl, krr,
733 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
734 w0, w1, il, ir, t0, t1);
735 kll ^= w0; klr ^= w1;
736
737 /* generate KB */
738 krll ^= kll; krlr ^= klr;
739 krrl ^= krl; krrr ^= krr;
740 CAMELLIA_F(krll, krlr,
741 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
742 w0, w1, il, ir, t0, t1);
743 krrl ^= w0; krrr ^= w1;
744 CAMELLIA_F(krrl, krrr,
745 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
746 w0, w1, il, ir, t0, t1);
747 krll ^= w0; krlr ^= w1;
748
749 /* generate KA dependent subkeys */
750 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
751 subl(6) = kll; subr(6) = klr;
752 subl(7) = krl; subr(7) = krr;
753 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
754 subl(14) = kll; subr(14) = klr;
755 subl(15) = krl; subr(15) = krr;
756 subl(24) = klr; subr(24) = krl;
757 subl(25) = krr; subr(25) = kll;
758 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
759 subl(28) = kll; subr(28) = klr;
760 subl(29) = krl; subr(29) = krr;
761
762 /* generate KB dependent subkeys */
763 subl(2) = krll; subr(2) = krlr;
764 subl(3) = krrl; subr(3) = krrr;
765 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
766 subl(10) = krll; subr(10) = krlr;
767 subl(11) = krrl; subr(11) = krrr;
768 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
769 subl(20) = krll; subr(20) = krlr;
770 subl(21) = krrl; subr(21) = krrr;
771 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
772 subl(32) = krll; subr(32) = krlr;
773 subl(33) = krrl; subr(33) = krrr;
774
775 /* absorb kw2 to other subkeys */
776 subl(3) ^= subl(1); subr(3) ^= subr(1);
777 subl(5) ^= subl(1); subr(5) ^= subr(1);
778 subl(7) ^= subl(1); subr(7) ^= subr(1);
779 subl(1) ^= subr(1) & ~subr(9);
780 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
781 subl(11) ^= subl(1); subr(11) ^= subr(1);
782 subl(13) ^= subl(1); subr(13) ^= subr(1);
783 subl(15) ^= subl(1); subr(15) ^= subr(1);
784 subl(1) ^= subr(1) & ~subr(17);
785 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
786 subl(19) ^= subl(1); subr(19) ^= subr(1);
787 subl(21) ^= subl(1); subr(21) ^= subr(1);
788 subl(23) ^= subl(1); subr(23) ^= subr(1);
789 subl(1) ^= subr(1) & ~subr(25);
790 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
791 subl(27) ^= subl(1); subr(27) ^= subr(1);
792 subl(29) ^= subl(1); subr(29) ^= subr(1);
793 subl(31) ^= subl(1); subr(31) ^= subr(1);
794 subl(32) ^= subl(1); subr(32) ^= subr(1);
795
796 /* absorb kw4 to other subkeys */
797 kw4l = subl(33); kw4r = subr(33);
798 subl(30) ^= kw4l; subr(30) ^= kw4r;
799 subl(28) ^= kw4l; subr(28) ^= kw4r;
800 subl(26) ^= kw4l; subr(26) ^= kw4r;
801 kw4l ^= kw4r & ~subr(24);
802 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
803 subl(22) ^= kw4l; subr(22) ^= kw4r;
804 subl(20) ^= kw4l; subr(20) ^= kw4r;
805 subl(18) ^= kw4l; subr(18) ^= kw4r;
806 kw4l ^= kw4r & ~subr(16);
807 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
808 subl(14) ^= kw4l; subr(14) ^= kw4r;
809 subl(12) ^= kw4l; subr(12) ^= kw4r;
810 subl(10) ^= kw4l; subr(10) ^= kw4r;
811 kw4l ^= kw4r & ~subr(8);
812 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
813 subl(6) ^= kw4l; subr(6) ^= kw4r;
814 subl(4) ^= kw4l; subr(4) ^= kw4r;
815 subl(2) ^= kw4l; subr(2) ^= kw4r;
816 subl(0) ^= kw4l; subr(0) ^= kw4r;
817
818 /* key XOR is end of F-function */
819 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
820 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
821 CamelliaSubkeyL(2) = subl(3);
822 CamelliaSubkeyR(2) = subr(3);
823 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
824 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
825 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
826 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
827 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
828 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
829 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
830 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
831 tl = subl(10) ^ (subr(10) & ~subr(8));
832 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
833 CamelliaSubkeyL(7) = subl(6) ^ tl;
834 CamelliaSubkeyR(7) = subr(6) ^ tr;
835 CamelliaSubkeyL(8) = subl(8);
836 CamelliaSubkeyR(8) = subr(8);
837 CamelliaSubkeyL(9) = subl(9);
838 CamelliaSubkeyR(9) = subr(9);
839 tl = subl(7) ^ (subr(7) & ~subr(9));
840 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
841 CamelliaSubkeyL(10) = tl ^ subl(11);
842 CamelliaSubkeyR(10) = tr ^ subr(11);
843 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
844 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
845 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
846 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
847 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
848 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
849 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
850 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
851 tl = subl(18) ^ (subr(18) & ~subr(16));
852 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
853 CamelliaSubkeyL(15) = subl(14) ^ tl;
854 CamelliaSubkeyR(15) = subr(14) ^ tr;
855 CamelliaSubkeyL(16) = subl(16);
856 CamelliaSubkeyR(16) = subr(16);
857 CamelliaSubkeyL(17) = subl(17);
858 CamelliaSubkeyR(17) = subr(17);
859 tl = subl(15) ^ (subr(15) & ~subr(17));
860 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
861 CamelliaSubkeyL(18) = tl ^ subl(19);
862 CamelliaSubkeyR(18) = tr ^ subr(19);
863 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
864 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
865 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
866 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
867 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
868 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
869 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
870 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
871 tl = subl(26) ^ (subr(26) & ~subr(24));
872 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
873 CamelliaSubkeyL(23) = subl(22) ^ tl;
874 CamelliaSubkeyR(23) = subr(22) ^ tr;
875 CamelliaSubkeyL(24) = subl(24);
876 CamelliaSubkeyR(24) = subr(24);
877 CamelliaSubkeyL(25) = subl(25);
878 CamelliaSubkeyR(25) = subr(25);
879 tl = subl(23) ^ (subr(23) & ~subr(25));
880 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
881 CamelliaSubkeyL(26) = tl ^ subl(27);
882 CamelliaSubkeyR(26) = tr ^ subr(27);
883 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
884 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
885 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
886 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
887 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
888 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
889 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
890 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
891 CamelliaSubkeyL(31) = subl(30);
892 CamelliaSubkeyR(31) = subr(30);
893 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
894 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
895
896 /* apply the inverse of the last half of P-function */
897 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
898 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
899 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
900 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
901 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
902 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
903 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
904 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
905 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
906 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
907 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
908 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
909 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
910 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
911 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
912 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
913 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
914 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
915 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
916 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
917 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
918 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
919 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
920 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
921 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
922 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
923 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
924 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
925 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
926 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
927 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
928 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
929 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
930 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
931 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
932 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
933 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
934 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
935 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
936 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
937 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
938 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
939 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
940 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
941 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
942 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
943 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
944 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
945
946 return;
947 }
948
949 static void camellia_setup192(const unsigned char *key, u32 *subkey)
950 {
951 unsigned char kk[32];
952 u32 krll, krlr, krrl,krrr;
953
954 memcpy(kk, key, 24);
955 memcpy((unsigned char *)&krll, key+16,4);
956 memcpy((unsigned char *)&krlr, key+20,4);
957 krrl = ~krll;
958 krrr = ~krlr;
959 memcpy(kk+24, (unsigned char *)&krrl, 4);
960 memcpy(kk+28, (unsigned char *)&krrr, 4);
961 camellia_setup256(kk, subkey);
962 return;
963 }
964
965
966 /**
967 * Stuff related to camellia encryption/decryption
968 *
969 * "io" must be 4byte aligned and big-endian data.
970 */
971 static void camellia_encrypt128(const u32 *subkey, u32 *io)
972 {
973 u32 il, ir, t0, t1;
974
975 /* pre whitening but absorb kw2*/
976 io[0] ^= CamelliaSubkeyL(0);
977 io[1] ^= CamelliaSubkeyR(0);
978 /* main iteration */
979
980 CAMELLIA_ROUNDSM(io[0],io[1],
981 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
982 io[2],io[3],il,ir,t0,t1);
983 CAMELLIA_ROUNDSM(io[2],io[3],
984 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
985 io[0],io[1],il,ir,t0,t1);
986 CAMELLIA_ROUNDSM(io[0],io[1],
987 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
988 io[2],io[3],il,ir,t0,t1);
989 CAMELLIA_ROUNDSM(io[2],io[3],
990 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
991 io[0],io[1],il,ir,t0,t1);
992 CAMELLIA_ROUNDSM(io[0],io[1],
993 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
994 io[2],io[3],il,ir,t0,t1);
995 CAMELLIA_ROUNDSM(io[2],io[3],
996 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
997 io[0],io[1],il,ir,t0,t1);
998
999 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1000 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1001 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1002 t0,t1,il,ir);
1003
1004 CAMELLIA_ROUNDSM(io[0],io[1],
1005 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1006 io[2],io[3],il,ir,t0,t1);
1007 CAMELLIA_ROUNDSM(io[2],io[3],
1008 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1009 io[0],io[1],il,ir,t0,t1);
1010 CAMELLIA_ROUNDSM(io[0],io[1],
1011 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1012 io[2],io[3],il,ir,t0,t1);
1013 CAMELLIA_ROUNDSM(io[2],io[3],
1014 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1015 io[0],io[1],il,ir,t0,t1);
1016 CAMELLIA_ROUNDSM(io[0],io[1],
1017 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1018 io[2],io[3],il,ir,t0,t1);
1019 CAMELLIA_ROUNDSM(io[2],io[3],
1020 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1021 io[0],io[1],il,ir,t0,t1);
1022
1023 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1024 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1025 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1026 t0,t1,il,ir);
1027
1028 CAMELLIA_ROUNDSM(io[0],io[1],
1029 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1030 io[2],io[3],il,ir,t0,t1);
1031 CAMELLIA_ROUNDSM(io[2],io[3],
1032 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1033 io[0],io[1],il,ir,t0,t1);
1034 CAMELLIA_ROUNDSM(io[0],io[1],
1035 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1036 io[2],io[3],il,ir,t0,t1);
1037 CAMELLIA_ROUNDSM(io[2],io[3],
1038 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1039 io[0],io[1],il,ir,t0,t1);
1040 CAMELLIA_ROUNDSM(io[0],io[1],
1041 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1042 io[2],io[3],il,ir,t0,t1);
1043 CAMELLIA_ROUNDSM(io[2],io[3],
1044 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1045 io[0],io[1],il,ir,t0,t1);
1046
1047 /* post whitening but kw4 */
1048 io[2] ^= CamelliaSubkeyL(24);
1049 io[3] ^= CamelliaSubkeyR(24);
1050
1051 t0 = io[0];
1052 t1 = io[1];
1053 io[0] = io[2];
1054 io[1] = io[3];
1055 io[2] = t0;
1056 io[3] = t1;
1057
1058 return;
1059 }
1060
1061 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1062 {
1063 u32 il,ir,t0,t1; /* temporary valiables */
1064
1065 /* pre whitening but absorb kw2*/
1066 io[0] ^= CamelliaSubkeyL(24);
1067 io[1] ^= CamelliaSubkeyR(24);
1068
1069 /* main iteration */
1070 CAMELLIA_ROUNDSM(io[0],io[1],
1071 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1072 io[2],io[3],il,ir,t0,t1);
1073 CAMELLIA_ROUNDSM(io[2],io[3],
1074 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1075 io[0],io[1],il,ir,t0,t1);
1076 CAMELLIA_ROUNDSM(io[0],io[1],
1077 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1078 io[2],io[3],il,ir,t0,t1);
1079 CAMELLIA_ROUNDSM(io[2],io[3],
1080 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1081 io[0],io[1],il,ir,t0,t1);
1082 CAMELLIA_ROUNDSM(io[0],io[1],
1083 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1084 io[2],io[3],il,ir,t0,t1);
1085 CAMELLIA_ROUNDSM(io[2],io[3],
1086 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1087 io[0],io[1],il,ir,t0,t1);
1088
1089 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1090 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1091 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1092 t0,t1,il,ir);
1093
1094 CAMELLIA_ROUNDSM(io[0],io[1],
1095 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1096 io[2],io[3],il,ir,t0,t1);
1097 CAMELLIA_ROUNDSM(io[2],io[3],
1098 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1099 io[0],io[1],il,ir,t0,t1);
1100 CAMELLIA_ROUNDSM(io[0],io[1],
1101 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1102 io[2],io[3],il,ir,t0,t1);
1103 CAMELLIA_ROUNDSM(io[2],io[3],
1104 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1105 io[0],io[1],il,ir,t0,t1);
1106 CAMELLIA_ROUNDSM(io[0],io[1],
1107 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1108 io[2],io[3],il,ir,t0,t1);
1109 CAMELLIA_ROUNDSM(io[2],io[3],
1110 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1111 io[0],io[1],il,ir,t0,t1);
1112
1113 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1114 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1115 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1116 t0,t1,il,ir);
1117
1118 CAMELLIA_ROUNDSM(io[0],io[1],
1119 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1120 io[2],io[3],il,ir,t0,t1);
1121 CAMELLIA_ROUNDSM(io[2],io[3],
1122 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1123 io[0],io[1],il,ir,t0,t1);
1124 CAMELLIA_ROUNDSM(io[0],io[1],
1125 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1126 io[2],io[3],il,ir,t0,t1);
1127 CAMELLIA_ROUNDSM(io[2],io[3],
1128 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1129 io[0],io[1],il,ir,t0,t1);
1130 CAMELLIA_ROUNDSM(io[0],io[1],
1131 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1132 io[2],io[3],il,ir,t0,t1);
1133 CAMELLIA_ROUNDSM(io[2],io[3],
1134 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1135 io[0],io[1],il,ir,t0,t1);
1136
1137 /* post whitening but kw4 */
1138 io[2] ^= CamelliaSubkeyL(0);
1139 io[3] ^= CamelliaSubkeyR(0);
1140
1141 t0 = io[0];
1142 t1 = io[1];
1143 io[0] = io[2];
1144 io[1] = io[3];
1145 io[2] = t0;
1146 io[3] = t1;
1147
1148 return;
1149 }
1150
1151 /**
1152 * stuff for 192 and 256bit encryption/decryption
1153 */
1154 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1155 {
1156 u32 il,ir,t0,t1; /* temporary valiables */
1157
1158 /* pre whitening but absorb kw2*/
1159 io[0] ^= CamelliaSubkeyL(0);
1160 io[1] ^= CamelliaSubkeyR(0);
1161
1162 /* main iteration */
1163 CAMELLIA_ROUNDSM(io[0],io[1],
1164 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1165 io[2],io[3],il,ir,t0,t1);
1166 CAMELLIA_ROUNDSM(io[2],io[3],
1167 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1168 io[0],io[1],il,ir,t0,t1);
1169 CAMELLIA_ROUNDSM(io[0],io[1],
1170 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1171 io[2],io[3],il,ir,t0,t1);
1172 CAMELLIA_ROUNDSM(io[2],io[3],
1173 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1174 io[0],io[1],il,ir,t0,t1);
1175 CAMELLIA_ROUNDSM(io[0],io[1],
1176 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1177 io[2],io[3],il,ir,t0,t1);
1178 CAMELLIA_ROUNDSM(io[2],io[3],
1179 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1180 io[0],io[1],il,ir,t0,t1);
1181
1182 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1183 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1184 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1185 t0,t1,il,ir);
1186
1187 CAMELLIA_ROUNDSM(io[0],io[1],
1188 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1189 io[2],io[3],il,ir,t0,t1);
1190 CAMELLIA_ROUNDSM(io[2],io[3],
1191 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1192 io[0],io[1],il,ir,t0,t1);
1193 CAMELLIA_ROUNDSM(io[0],io[1],
1194 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1195 io[2],io[3],il,ir,t0,t1);
1196 CAMELLIA_ROUNDSM(io[2],io[3],
1197 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1198 io[0],io[1],il,ir,t0,t1);
1199 CAMELLIA_ROUNDSM(io[0],io[1],
1200 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1201 io[2],io[3],il,ir,t0,t1);
1202 CAMELLIA_ROUNDSM(io[2],io[3],
1203 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1204 io[0],io[1],il,ir,t0,t1);
1205
1206 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1207 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1208 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1209 t0,t1,il,ir);
1210
1211 CAMELLIA_ROUNDSM(io[0],io[1],
1212 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1213 io[2],io[3],il,ir,t0,t1);
1214 CAMELLIA_ROUNDSM(io[2],io[3],
1215 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1216 io[0],io[1],il,ir,t0,t1);
1217 CAMELLIA_ROUNDSM(io[0],io[1],
1218 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1219 io[2],io[3],il,ir,t0,t1);
1220 CAMELLIA_ROUNDSM(io[2],io[3],
1221 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1222 io[0],io[1],il,ir,t0,t1);
1223 CAMELLIA_ROUNDSM(io[0],io[1],
1224 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1225 io[2],io[3],il,ir,t0,t1);
1226 CAMELLIA_ROUNDSM(io[2],io[3],
1227 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1228 io[0],io[1],il,ir,t0,t1);
1229
1230 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1231 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1232 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1233 t0,t1,il,ir);
1234
1235 CAMELLIA_ROUNDSM(io[0],io[1],
1236 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1237 io[2],io[3],il,ir,t0,t1);
1238 CAMELLIA_ROUNDSM(io[2],io[3],
1239 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1240 io[0],io[1],il,ir,t0,t1);
1241 CAMELLIA_ROUNDSM(io[0],io[1],
1242 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1243 io[2],io[3],il,ir,t0,t1);
1244 CAMELLIA_ROUNDSM(io[2],io[3],
1245 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1246 io[0],io[1],il,ir,t0,t1);
1247 CAMELLIA_ROUNDSM(io[0],io[1],
1248 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1249 io[2],io[3],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[2],io[3],
1251 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1252 io[0],io[1],il,ir,t0,t1);
1253
1254 /* post whitening but kw4 */
1255 io[2] ^= CamelliaSubkeyL(32);
1256 io[3] ^= CamelliaSubkeyR(32);
1257
1258 t0 = io[0];
1259 t1 = io[1];
1260 io[0] = io[2];
1261 io[1] = io[3];
1262 io[2] = t0;
1263 io[3] = t1;
1264
1265 return;
1266 }
1267
1268 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1269 {
1270 u32 il,ir,t0,t1; /* temporary valiables */
1271
1272 /* pre whitening but absorb kw2*/
1273 io[0] ^= CamelliaSubkeyL(32);
1274 io[1] ^= CamelliaSubkeyR(32);
1275
1276 /* main iteration */
1277 CAMELLIA_ROUNDSM(io[0],io[1],
1278 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1279 io[2],io[3],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[2],io[3],
1281 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1282 io[0],io[1],il,ir,t0,t1);
1283 CAMELLIA_ROUNDSM(io[0],io[1],
1284 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1285 io[2],io[3],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[2],io[3],
1287 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1288 io[0],io[1],il,ir,t0,t1);
1289 CAMELLIA_ROUNDSM(io[0],io[1],
1290 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1291 io[2],io[3],il,ir,t0,t1);
1292 CAMELLIA_ROUNDSM(io[2],io[3],
1293 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1294 io[0],io[1],il,ir,t0,t1);
1295
1296 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1297 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1298 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1299 t0,t1,il,ir);
1300
1301 CAMELLIA_ROUNDSM(io[0],io[1],
1302 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1303 io[2],io[3],il,ir,t0,t1);
1304 CAMELLIA_ROUNDSM(io[2],io[3],
1305 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1306 io[0],io[1],il,ir,t0,t1);
1307 CAMELLIA_ROUNDSM(io[0],io[1],
1308 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1309 io[2],io[3],il,ir,t0,t1);
1310 CAMELLIA_ROUNDSM(io[2],io[3],
1311 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1312 io[0],io[1],il,ir,t0,t1);
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1318 io[0],io[1],il,ir,t0,t1);
1319
1320 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1321 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1322 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1323 t0,t1,il,ir);
1324
1325 CAMELLIA_ROUNDSM(io[0],io[1],
1326 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
1329 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1330 io[0],io[1],il,ir,t0,t1);
1331 CAMELLIA_ROUNDSM(io[0],io[1],
1332 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1333 io[2],io[3],il,ir,t0,t1);
1334 CAMELLIA_ROUNDSM(io[2],io[3],
1335 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1336 io[0],io[1],il,ir,t0,t1);
1337 CAMELLIA_ROUNDSM(io[0],io[1],
1338 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1339 io[2],io[3],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[2],io[3],
1341 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1342 io[0],io[1],il,ir,t0,t1);
1343
1344 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1345 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1346 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1347 t0,t1,il,ir);
1348
1349 CAMELLIA_ROUNDSM(io[0],io[1],
1350 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1351 io[2],io[3],il,ir,t0,t1);
1352 CAMELLIA_ROUNDSM(io[2],io[3],
1353 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1354 io[0],io[1],il,ir,t0,t1);
1355 CAMELLIA_ROUNDSM(io[0],io[1],
1356 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1357 io[2],io[3],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[2],io[3],
1359 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1360 io[0],io[1],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1366 io[0],io[1],il,ir,t0,t1);
1367
1368 /* post whitening but kw4 */
1369 io[2] ^= CamelliaSubkeyL(0);
1370 io[3] ^= CamelliaSubkeyR(0);
1371
1372 t0 = io[0];
1373 t1 = io[1];
1374 io[0] = io[2];
1375 io[1] = io[3];
1376 io[2] = t0;
1377 io[3] = t1;
1378
1379 return;
1380 }
1381
1382 /***
1383 *
1384 * API for compatibility
1385 */
1386
1387 void Camellia_Ekeygen(const int keyBitLength,
1388 const unsigned char *rawKey,
1389 KEY_TABLE_TYPE keyTable)
1390 {
1391 switch(keyBitLength) {
1392 case 128:
1393 camellia_setup128(rawKey, keyTable);
1394 break;
1395 case 192:
1396 camellia_setup192(rawKey, keyTable);
1397 break;
1398 case 256:
1399 camellia_setup256(rawKey, keyTable);
1400 break;
1401 default:
1402 break;
1403 }
1404 }
1405
1406
1407 void Camellia_EncryptBlock(const int keyBitLength,
1408 const unsigned char *plaintext,
1409 const KEY_TABLE_TYPE keyTable,
1410 unsigned char *ciphertext)
1411 {
1412 u32 tmp[4];
1413
1414 tmp[0] = GETU32(plaintext);
1415 tmp[1] = GETU32(plaintext + 4);
1416 tmp[2] = GETU32(plaintext + 8);
1417 tmp[3] = GETU32(plaintext + 12);
1418
1419 switch (keyBitLength) {
1420 case 128:
1421 camellia_encrypt128(keyTable, tmp);
1422 break;
1423 case 192:
1424 /* fall through */
1425 case 256:
1426 camellia_encrypt256(keyTable, tmp);
1427 break;
1428 default:
1429 break;
1430 }
1431
1432 PUTU32(ciphertext, tmp[0]);
1433 PUTU32(ciphertext + 4, tmp[1]);
1434 PUTU32(ciphertext + 8, tmp[2]);
1435 PUTU32(ciphertext + 12, tmp[3]);
1436 }
1437
1438 void Camellia_DecryptBlock(const int keyBitLength,
1439 const unsigned char *ciphertext,
1440 const KEY_TABLE_TYPE keyTable,
1441 unsigned char *plaintext)
1442 {
1443 u32 tmp[4];
1444
1445 tmp[0] = GETU32(ciphertext);
1446 tmp[1] = GETU32(ciphertext + 4);
1447 tmp[2] = GETU32(ciphertext + 8);
1448 tmp[3] = GETU32(ciphertext + 12);
1449
1450 switch (keyBitLength) {
1451 case 128:
1452 camellia_decrypt128(keyTable, tmp);
1453 break;
1454 case 192:
1455 /* fall through */
1456 case 256:
1457 camellia_decrypt256(keyTable, tmp);
1458 break;
1459 default:
1460 break;
1461 }
1462 PUTU32(plaintext, tmp[0]);
1463 PUTU32(plaintext + 4, tmp[1]);
1464 PUTU32(plaintext + 8, tmp[2]);
1465 PUTU32(plaintext + 12, tmp[3]);
1466 }
Heimdal