V4L/DVB (6350): V4L: possible leak in em28xx_init_isoc
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / crypto / camellia.c
blob6877ecfd90bb8b2d34f2dce3bab6e6689830830e
1 /*
2 * Copyright (C) 2006
3 * NTT (Nippon Telegraph and Telephone Corporation).
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 * Algorithm Specification
22 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
27 * NOTE --- NOTE --- NOTE --- NOTE
28 * This implementation assumes that all memory addresses passed
29 * as parameters are four-byte aligned.
33 #include <linux/crypto.h>
34 #include <linux/errno.h>
35 #include <linux/init.h>
36 #include <linux/kernel.h>
37 #include <linux/module.h>
40 #define CAMELLIA_MIN_KEY_SIZE 16
41 #define CAMELLIA_MAX_KEY_SIZE 32
42 #define CAMELLIA_BLOCK_SIZE 16
43 #define CAMELLIA_TABLE_BYTE_LEN 272
44 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
46 typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
49 /* key constants */
51 #define CAMELLIA_SIGMA1L (0xA09E667FL)
52 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
53 #define CAMELLIA_SIGMA2L (0xB67AE858L)
54 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
55 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
56 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
57 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
58 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
59 #define CAMELLIA_SIGMA5L (0x10E527FAL)
60 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
61 #define CAMELLIA_SIGMA6L (0xB05688C2L)
62 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
64 struct camellia_ctx {
65 int key_length;
66 KEY_TABLE_TYPE key_table;
71 * macros
75 # define GETU32(pt) (((u32)(pt)[0] << 24) \
76 ^ ((u32)(pt)[1] << 16) \
77 ^ ((u32)(pt)[2] << 8) \
78 ^ ((u32)(pt)[3]))
80 #define COPY4WORD(dst, src) \
81 do { \
82 (dst)[0]=(src)[0]; \
83 (dst)[1]=(src)[1]; \
84 (dst)[2]=(src)[2]; \
85 (dst)[3]=(src)[3]; \
86 }while(0)
88 #define SWAP4WORD(word) \
89 do { \
90 CAMELLIA_SWAP4((word)[0]); \
91 CAMELLIA_SWAP4((word)[1]); \
92 CAMELLIA_SWAP4((word)[2]); \
93 CAMELLIA_SWAP4((word)[3]); \
94 }while(0)
96 #define XOR4WORD(a, b)/* a = a ^ b */ \
97 do { \
98 (a)[0]^=(b)[0]; \
99 (a)[1]^=(b)[1]; \
100 (a)[2]^=(b)[2]; \
101 (a)[3]^=(b)[3]; \
102 }while(0)
104 #define XOR4WORD2(a, b, c)/* a = b ^ c */ \
105 do { \
106 (a)[0]=(b)[0]^(c)[0]; \
107 (a)[1]=(b)[1]^(c)[1]; \
108 (a)[2]=(b)[2]^(c)[2]; \
109 (a)[3]=(b)[3]^(c)[3]; \
110 }while(0)
112 #define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2])
113 #define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
115 /* rotation right shift 1byte */
116 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117 /* rotation left shift 1bit */
118 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119 /* rotation left shift 1byte */
120 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
122 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
123 do { \
124 w0 = ll; \
125 ll = (ll << bits) + (lr >> (32 - bits)); \
126 lr = (lr << bits) + (rl >> (32 - bits)); \
127 rl = (rl << bits) + (rr >> (32 - bits)); \
128 rr = (rr << bits) + (w0 >> (32 - bits)); \
129 } while(0)
131 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
132 do { \
133 w0 = ll; \
134 w1 = lr; \
135 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
136 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
137 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
138 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
139 } while(0)
141 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
142 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
143 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
144 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
146 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
147 do { \
148 il = xl ^ kl; \
149 ir = xr ^ kr; \
150 t0 = il >> 16; \
151 t1 = ir >> 16; \
152 yl = CAMELLIA_SP1110(ir & 0xff) \
153 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
154 ^ CAMELLIA_SP3033(t1 & 0xff) \
155 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
156 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
157 ^ CAMELLIA_SP0222(t0 & 0xff) \
158 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
159 ^ CAMELLIA_SP4404(il & 0xff); \
160 yl ^= yr; \
161 yr = CAMELLIA_RR8(yr); \
162 yr ^= yl; \
163 } while(0)
167 * for speed up
170 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
171 do { \
172 t0 = kll; \
173 t2 = krr; \
174 t0 &= ll; \
175 t2 |= rr; \
176 rl ^= t2; \
177 lr ^= CAMELLIA_RL1(t0); \
178 t3 = krl; \
179 t1 = klr; \
180 t3 &= rl; \
181 t1 |= lr; \
182 ll ^= t1; \
183 rr ^= CAMELLIA_RL1(t3); \
184 } while(0)
186 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
187 do { \
188 ir = CAMELLIA_SP1110(xr & 0xff); \
189 il = CAMELLIA_SP1110((xl>>24) & 0xff); \
190 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
191 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
192 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
193 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
194 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
195 il ^= CAMELLIA_SP4404(xl & 0xff); \
196 il ^= kl; \
197 ir ^= il ^ kr; \
198 yl ^= ir; \
199 yr ^= CAMELLIA_RR8(il) ^ ir; \
200 } while(0)
203 * Stuff related to the Camellia key schedule
205 #define SUBL(x) subL[(x)]
206 #define SUBR(x) subR[(x)]
209 static const u32 camellia_sp1110[256] = {
210 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
211 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
212 0xe4e4e400,0x85858500,0x57575700,0x35353500,
213 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
214 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
215 0x45454500,0x19191900,0xa5a5a500,0x21212100,
216 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
217 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
218 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
219 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
220 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
221 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
222 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
223 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
224 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
225 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
226 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
227 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
228 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
229 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
230 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
231 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
232 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
233 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
234 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
235 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
236 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
237 0x53535300,0x18181800,0xf2f2f200,0x22222200,
238 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
239 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
240 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
241 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
242 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
243 0xa1a1a100,0x89898900,0x62626200,0x97979700,
244 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
245 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
246 0x10101000,0xc4c4c400,0x00000000,0x48484800,
247 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
248 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
249 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
250 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
251 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
252 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
253 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
254 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
255 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
256 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
257 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
258 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
259 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
260 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
261 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
262 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
263 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
264 0xd4d4d400,0x25252500,0xababab00,0x42424200,
265 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
266 0x72727200,0x07070700,0xb9b9b900,0x55555500,
267 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
268 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
269 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
270 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
271 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
272 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
273 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
276 static const u32 camellia_sp0222[256] = {
277 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
278 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
279 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
280 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
281 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
282 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
283 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
284 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
285 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
286 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
287 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
288 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
289 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
290 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
291 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
292 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
293 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
294 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
295 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
296 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
297 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
298 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
299 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
300 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
301 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
302 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
303 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
304 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
305 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
306 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
307 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
308 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
309 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
310 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
311 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
312 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
313 0x00202020,0x00898989,0x00000000,0x00909090,
314 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
315 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
316 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
317 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
318 0x009b9b9b,0x00949494,0x00212121,0x00666666,
319 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
320 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
321 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
322 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
323 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
324 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
325 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
326 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
327 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
328 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
329 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
330 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
331 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
332 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
333 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
334 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
335 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
336 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
337 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
338 0x00777777,0x00939393,0x00868686,0x00838383,
339 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
340 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
343 static const u32 camellia_sp3033[256] = {
344 0x38003838,0x41004141,0x16001616,0x76007676,
345 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
346 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
347 0x75007575,0x06000606,0x57005757,0xa000a0a0,
348 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
349 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
350 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
351 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
352 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
353 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
354 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
355 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
356 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
357 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
358 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
359 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
360 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
361 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
362 0x3a003a3a,0x09000909,0x95009595,0x10001010,
363 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
364 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
365 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
366 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
367 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
368 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
369 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
370 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
371 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
372 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
373 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
374 0x12001212,0x04000404,0x74007474,0x54005454,
375 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
376 0x55005555,0x68006868,0x50005050,0xbe00bebe,
377 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
378 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
379 0x70007070,0xff00ffff,0x32003232,0x69006969,
380 0x08000808,0x62006262,0x00000000,0x24002424,
381 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
382 0x45004545,0x81008181,0x73007373,0x6d006d6d,
383 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
384 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
385 0xe600e6e6,0x25002525,0x48004848,0x99009999,
386 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
387 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
388 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
389 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
390 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
391 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
392 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
393 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
394 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
395 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
396 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
397 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
398 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
399 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
400 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
401 0x7c007c7c,0x77007777,0x56005656,0x05000505,
402 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
403 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
404 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
405 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
406 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
407 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
410 static const u32 camellia_sp4404[256] = {
411 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
412 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
413 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
414 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
415 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
416 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
417 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
418 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
419 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
420 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
421 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
422 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
423 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
424 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
425 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
426 0x24240024,0xe8e800e8,0x60600060,0x69690069,
427 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
428 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
429 0x10100010,0x00000000,0xa3a300a3,0x75750075,
430 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
431 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
432 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
433 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
434 0x81810081,0x6f6f006f,0x13130013,0x63630063,
435 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
436 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
437 0x78780078,0x06060006,0xe7e700e7,0x71710071,
438 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
439 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
440 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
441 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
442 0x15150015,0xadad00ad,0x77770077,0x80800080,
443 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
444 0x85850085,0x35350035,0x0c0c000c,0x41410041,
445 0xefef00ef,0x93930093,0x19190019,0x21210021,
446 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
447 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
448 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
449 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
450 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
451 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
452 0x12120012,0x20200020,0xb1b100b1,0x99990099,
453 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
454 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
455 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
456 0x0f0f000f,0x16160016,0x18180018,0x22220022,
457 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
458 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
459 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
460 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
461 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
462 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
463 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
464 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
465 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
466 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
467 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
468 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
469 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
470 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
471 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
472 0x49490049,0x68680068,0x38380038,0xa4a400a4,
473 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
474 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
479 static void camellia_setup128(const unsigned char *key, u32 *subkey)
481 u32 kll, klr, krl, krr;
482 u32 il, ir, t0, t1, w0, w1;
483 u32 kw4l, kw4r, dw, tl, tr;
484 u32 subL[26];
485 u32 subR[26];
488 * k == kll || klr || krl || krr (|| is concatination)
490 kll = GETU32(key );
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
495 * generate KL dependent subkeys
497 /* kw1 */
498 SUBL(0) = kll; SUBR(0) = klr;
499 /* kw2 */
500 SUBL(1) = krl; SUBR(1) = krr;
501 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 /* k3 */
504 SUBL(4) = kll; SUBR(4) = klr;
505 /* k4 */
506 SUBL(5) = krl; SUBR(5) = krr;
507 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509 /* k7 */
510 SUBL(10) = kll; SUBR(10) = klr;
511 /* k8 */
512 SUBL(11) = krl; SUBR(11) = krr;
513 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k10 */
516 SUBL(13) = krl; SUBR(13) = krr;
517 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 /* kl3 */
520 SUBL(16) = kll; SUBR(16) = klr;
521 /* kl4 */
522 SUBL(17) = krl; SUBR(17) = krr;
523 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525 /* k13 */
526 SUBL(18) = kll; SUBR(18) = klr;
527 /* k14 */
528 SUBL(19) = krl; SUBR(19) = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 /* k17 */
532 SUBL(22) = kll; SUBR(22) = klr;
533 /* k18 */
534 SUBL(23) = krl; SUBR(23) = krr;
536 /* generate KA */
537 kll = SUBL(0); klr = SUBR(0);
538 krl = SUBL(1); krr = SUBR(1);
539 CAMELLIA_F(kll, klr,
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1);
542 krl ^= w0; krr ^= w1;
543 CAMELLIA_F(krl, krr,
544 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545 kll, klr, il, ir, t0, t1);
546 /* current status == (kll, klr, w0, w1) */
547 CAMELLIA_F(kll, klr,
548 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549 krl, krr, il, ir, t0, t1);
550 krl ^= w0; krr ^= w1;
551 CAMELLIA_F(krl, krr,
552 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553 w0, w1, il, ir, t0, t1);
554 kll ^= w0; klr ^= w1;
556 /* generate KA dependent subkeys */
557 /* k1, k2 */
558 SUBL(2) = kll; SUBR(2) = klr;
559 SUBL(3) = krl; SUBR(3) = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561 /* k5,k6 */
562 SUBL(6) = kll; SUBR(6) = klr;
563 SUBL(7) = krl; SUBR(7) = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 /* kl1, kl2 */
566 SUBL(8) = kll; SUBR(8) = klr;
567 SUBL(9) = krl; SUBR(9) = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 /* k9 */
570 SUBL(12) = kll; SUBR(12) = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 /* k11, k12 */
573 SUBL(14) = kll; SUBR(14) = klr;
574 SUBL(15) = krl; SUBR(15) = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 /* k15, k16 */
577 SUBL(20) = kll; SUBR(20) = klr;
578 SUBL(21) = krl; SUBR(21) = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 /* kw3, kw4 */
581 SUBL(24) = kll; SUBR(24) = klr;
582 SUBL(25) = krl; SUBR(25) = krr;
585 /* absorb kw2 to other subkeys */
586 /* round 2 */
587 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
588 /* round 4 */
589 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
590 /* round 6 */
591 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
592 SUBL(1) ^= SUBR(1) & ~SUBR(9);
593 dw = SUBL(1) & SUBL(9),
594 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595 /* round 8 */
596 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
597 /* round 10 */
598 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
599 /* round 12 */
600 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
601 SUBL(1) ^= SUBR(1) & ~SUBR(17);
602 dw = SUBL(1) & SUBL(17),
603 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604 /* round 14 */
605 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
606 /* round 16 */
607 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
608 /* round 18 */
609 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
610 /* kw3 */
611 SUBL(24) ^= SUBL(1); SUBR(24) ^= SUBR(1);
613 /* absorb kw4 to other subkeys */
614 kw4l = SUBL(25); kw4r = SUBR(25);
615 /* round 17 */
616 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
617 /* round 15 */
618 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
619 /* round 13 */
620 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
621 kw4l ^= kw4r & ~SUBR(16);
622 dw = kw4l & SUBL(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624 /* round 11 */
625 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
626 /* round 9 */
627 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
628 /* round 7 */
629 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
630 kw4l ^= kw4r & ~SUBR(8);
631 dw = kw4l & SUBL(8),
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633 /* round 5 */
634 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
635 /* round 3 */
636 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
637 /* round 1 */
638 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
639 /* kw1 */
640 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
643 /* key XOR is end of F-function */
644 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
645 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
646 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
647 CAMELLIA_SUBKEY_R(2) = SUBR(3);
648 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
649 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
650 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
651 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
652 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
653 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
654 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
655 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
656 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
657 dw = tl & SUBL(8), /* FL(kl1) */
658 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
659 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
660 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
661 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
662 CAMELLIA_SUBKEY_R(8) = SUBR(8);
663 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
664 CAMELLIA_SUBKEY_R(9) = SUBR(9);
665 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
666 dw = tl & SUBL(9), /* FLinv(kl2) */
667 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
668 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
669 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
670 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
671 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
672 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
673 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
674 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
675 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
676 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
677 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
678 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
679 dw = tl & SUBL(16), /* FL(kl3) */
680 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
681 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
682 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
683 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
684 CAMELLIA_SUBKEY_R(16) = SUBR(16);
685 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
686 CAMELLIA_SUBKEY_R(17) = SUBR(17);
687 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
688 dw = tl & SUBL(17), /* FLinv(kl4) */
689 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
690 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
691 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
692 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
693 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
694 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
695 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
696 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
697 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
698 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
699 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
700 CAMELLIA_SUBKEY_L(23) = SUBL(22); /* round 18 */
701 CAMELLIA_SUBKEY_R(23) = SUBR(22);
702 CAMELLIA_SUBKEY_L(24) = SUBL(24) ^ SUBL(23); /* kw3 */
703 CAMELLIA_SUBKEY_R(24) = SUBR(24) ^ SUBR(23);
705 /* apply the inverse of the last half of P-function */
706 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
707 dw = CAMELLIA_RL8(dw);/* round 1 */
708 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
709 CAMELLIA_SUBKEY_L(2) = dw;
710 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
711 dw = CAMELLIA_RL8(dw);/* round 2 */
712 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
713 CAMELLIA_SUBKEY_L(3) = dw;
714 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
715 dw = CAMELLIA_RL8(dw);/* round 3 */
716 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
717 CAMELLIA_SUBKEY_L(4) = dw;
718 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
719 dw = CAMELLIA_RL8(dw);/* round 4 */
720 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
721 CAMELLIA_SUBKEY_L(5) = dw;
722 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
723 dw = CAMELLIA_RL8(dw);/* round 5 */
724 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
725 CAMELLIA_SUBKEY_L(6) = dw;
726 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
727 dw = CAMELLIA_RL8(dw);/* round 6 */
728 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
729 CAMELLIA_SUBKEY_L(7) = dw;
730 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
731 dw = CAMELLIA_RL8(dw);/* round 7 */
732 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
733 CAMELLIA_SUBKEY_L(10) = dw;
734 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
735 dw = CAMELLIA_RL8(dw);/* round 8 */
736 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
737 CAMELLIA_SUBKEY_L(11) = dw;
738 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
739 dw = CAMELLIA_RL8(dw);/* round 9 */
740 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
741 CAMELLIA_SUBKEY_L(12) = dw;
742 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
743 dw = CAMELLIA_RL8(dw);/* round 10 */
744 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
745 CAMELLIA_SUBKEY_L(13) = dw;
746 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
747 dw = CAMELLIA_RL8(dw);/* round 11 */
748 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
749 CAMELLIA_SUBKEY_L(14) = dw;
750 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
751 dw = CAMELLIA_RL8(dw);/* round 12 */
752 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
753 CAMELLIA_SUBKEY_L(15) = dw;
754 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
755 dw = CAMELLIA_RL8(dw);/* round 13 */
756 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
757 CAMELLIA_SUBKEY_L(18) = dw;
758 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
759 dw = CAMELLIA_RL8(dw);/* round 14 */
760 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
761 CAMELLIA_SUBKEY_L(19) = dw;
762 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
763 dw = CAMELLIA_RL8(dw);/* round 15 */
764 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
765 CAMELLIA_SUBKEY_L(20) = dw;
766 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
767 dw = CAMELLIA_RL8(dw);/* round 16 */
768 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
769 CAMELLIA_SUBKEY_L(21) = dw;
770 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
771 dw = CAMELLIA_RL8(dw);/* round 17 */
772 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
773 CAMELLIA_SUBKEY_L(22) = dw;
774 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
775 dw = CAMELLIA_RL8(dw);/* round 18 */
776 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
777 CAMELLIA_SUBKEY_L(23) = dw;
779 return;
783 static void camellia_setup256(const unsigned char *key, u32 *subkey)
785 u32 kll,klr,krl,krr; /* left half of key */
786 u32 krll,krlr,krrl,krrr; /* right half of key */
787 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
788 u32 kw4l, kw4r, dw, tl, tr;
789 u32 subL[34];
790 u32 subR[34];
793 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
794 * (|| is concatination)
797 kll = GETU32(key );
798 klr = GETU32(key + 4);
799 krl = GETU32(key + 8);
800 krr = GETU32(key + 12);
801 krll = GETU32(key + 16);
802 krlr = GETU32(key + 20);
803 krrl = GETU32(key + 24);
804 krrr = GETU32(key + 28);
806 /* generate KL dependent subkeys */
807 /* kw1 */
808 SUBL(0) = kll; SUBR(0) = klr;
809 /* kw2 */
810 SUBL(1) = krl; SUBR(1) = krr;
811 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812 /* k9 */
813 SUBL(12) = kll; SUBR(12) = klr;
814 /* k10 */
815 SUBL(13) = krl; SUBR(13) = krr;
816 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817 /* kl3 */
818 SUBL(16) = kll; SUBR(16) = klr;
819 /* kl4 */
820 SUBL(17) = krl; SUBR(17) = krr;
821 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822 /* k17 */
823 SUBL(22) = kll; SUBR(22) = klr;
824 /* k18 */
825 SUBL(23) = krl; SUBR(23) = krr;
826 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827 /* k23 */
828 SUBL(30) = kll; SUBR(30) = klr;
829 /* k24 */
830 SUBL(31) = krl; SUBR(31) = krr;
832 /* generate KR dependent subkeys */
833 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834 /* k3 */
835 SUBL(4) = krll; SUBR(4) = krlr;
836 /* k4 */
837 SUBL(5) = krrl; SUBR(5) = krrr;
838 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839 /* kl1 */
840 SUBL(8) = krll; SUBR(8) = krlr;
841 /* kl2 */
842 SUBL(9) = krrl; SUBR(9) = krrr;
843 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844 /* k13 */
845 SUBL(18) = krll; SUBR(18) = krlr;
846 /* k14 */
847 SUBL(19) = krrl; SUBR(19) = krrr;
848 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849 /* k19 */
850 SUBL(26) = krll; SUBR(26) = krlr;
851 /* k20 */
852 SUBL(27) = krrl; SUBR(27) = krrr;
853 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
855 /* generate KA */
856 kll = SUBL(0) ^ krll; klr = SUBR(0) ^ krlr;
857 krl = SUBL(1) ^ krrl; krr = SUBR(1) ^ krrr;
858 CAMELLIA_F(kll, klr,
859 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
860 w0, w1, il, ir, t0, t1);
861 krl ^= w0; krr ^= w1;
862 CAMELLIA_F(krl, krr,
863 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
864 kll, klr, il, ir, t0, t1);
865 kll ^= krll; klr ^= krlr;
866 CAMELLIA_F(kll, klr,
867 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
868 krl, krr, il, ir, t0, t1);
869 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
870 CAMELLIA_F(krl, krr,
871 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
872 w0, w1, il, ir, t0, t1);
873 kll ^= w0; klr ^= w1;
875 /* generate KB */
876 krll ^= kll; krlr ^= klr;
877 krrl ^= krl; krrr ^= krr;
878 CAMELLIA_F(krll, krlr,
879 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
880 w0, w1, il, ir, t0, t1);
881 krrl ^= w0; krrr ^= w1;
882 CAMELLIA_F(krrl, krrr,
883 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
884 w0, w1, il, ir, t0, t1);
885 krll ^= w0; krlr ^= w1;
887 /* generate KA dependent subkeys */
888 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889 /* k5 */
890 SUBL(6) = kll; SUBR(6) = klr;
891 /* k6 */
892 SUBL(7) = krl; SUBR(7) = krr;
893 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894 /* k11 */
895 SUBL(14) = kll; SUBR(14) = klr;
896 /* k12 */
897 SUBL(15) = krl; SUBR(15) = krr;
898 /* rotation left shift 32bit */
899 /* kl5 */
900 SUBL(24) = klr; SUBR(24) = krl;
901 /* kl6 */
902 SUBL(25) = krr; SUBR(25) = kll;
903 /* rotation left shift 49 from k11,k12 -> k21,k22 */
904 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905 /* k21 */
906 SUBL(28) = kll; SUBR(28) = klr;
907 /* k22 */
908 SUBL(29) = krl; SUBR(29) = krr;
910 /* generate KB dependent subkeys */
911 /* k1 */
912 SUBL(2) = krll; SUBR(2) = krlr;
913 /* k2 */
914 SUBL(3) = krrl; SUBR(3) = krrr;
915 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916 /* k7 */
917 SUBL(10) = krll; SUBR(10) = krlr;
918 /* k8 */
919 SUBL(11) = krrl; SUBR(11) = krrr;
920 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921 /* k15 */
922 SUBL(20) = krll; SUBR(20) = krlr;
923 /* k16 */
924 SUBL(21) = krrl; SUBR(21) = krrr;
925 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926 /* kw3 */
927 SUBL(32) = krll; SUBR(32) = krlr;
928 /* kw4 */
929 SUBL(33) = krrl; SUBR(33) = krrr;
931 /* absorb kw2 to other subkeys */
932 /* round 2 */
933 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
934 /* round 4 */
935 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
936 /* round 6 */
937 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
938 SUBL(1) ^= SUBR(1) & ~SUBR(9);
939 dw = SUBL(1) & SUBL(9),
940 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941 /* round 8 */
942 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
943 /* round 10 */
944 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
945 /* round 12 */
946 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
947 SUBL(1) ^= SUBR(1) & ~SUBR(17);
948 dw = SUBL(1) & SUBL(17),
949 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950 /* round 14 */
951 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
952 /* round 16 */
953 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
954 /* round 18 */
955 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
956 SUBL(1) ^= SUBR(1) & ~SUBR(25);
957 dw = SUBL(1) & SUBL(25),
958 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959 /* round 20 */
960 SUBL(27) ^= SUBL(1); SUBR(27) ^= SUBR(1);
961 /* round 22 */
962 SUBL(29) ^= SUBL(1); SUBR(29) ^= SUBR(1);
963 /* round 24 */
964 SUBL(31) ^= SUBL(1); SUBR(31) ^= SUBR(1);
965 /* kw3 */
966 SUBL(32) ^= SUBL(1); SUBR(32) ^= SUBR(1);
969 /* absorb kw4 to other subkeys */
970 kw4l = SUBL(33); kw4r = SUBR(33);
971 /* round 23 */
972 SUBL(30) ^= kw4l; SUBR(30) ^= kw4r;
973 /* round 21 */
974 SUBL(28) ^= kw4l; SUBR(28) ^= kw4r;
975 /* round 19 */
976 SUBL(26) ^= kw4l; SUBR(26) ^= kw4r;
977 kw4l ^= kw4r & ~SUBR(24);
978 dw = kw4l & SUBL(24),
979 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980 /* round 17 */
981 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
982 /* round 15 */
983 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
984 /* round 13 */
985 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
986 kw4l ^= kw4r & ~SUBR(16);
987 dw = kw4l & SUBL(16),
988 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989 /* round 11 */
990 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
991 /* round 9 */
992 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
993 /* round 7 */
994 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
995 kw4l ^= kw4r & ~SUBR(8);
996 dw = kw4l & SUBL(8),
997 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998 /* round 5 */
999 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
1000 /* round 3 */
1001 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
1002 /* round 1 */
1003 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
1004 /* kw1 */
1005 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
1007 /* key XOR is end of F-function */
1008 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
1009 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
1010 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
1011 CAMELLIA_SUBKEY_R(2) = SUBR(3);
1012 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
1013 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
1014 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
1015 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
1016 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
1017 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
1018 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
1019 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
1020 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
1021 dw = tl & SUBL(8), /* FL(kl1) */
1022 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
1023 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
1024 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
1025 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
1026 CAMELLIA_SUBKEY_R(8) = SUBR(8);
1027 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
1028 CAMELLIA_SUBKEY_R(9) = SUBR(9);
1029 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
1030 dw = tl & SUBL(9), /* FLinv(kl2) */
1031 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
1032 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
1033 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
1034 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
1035 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
1036 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
1037 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
1038 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
1039 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
1040 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
1041 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
1042 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
1043 dw = tl & SUBL(16), /* FL(kl3) */
1044 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
1045 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
1046 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
1047 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
1048 CAMELLIA_SUBKEY_R(16) = SUBR(16);
1049 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
1050 CAMELLIA_SUBKEY_R(17) = SUBR(17);
1051 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
1052 dw = tl & SUBL(17), /* FLinv(kl4) */
1053 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
1054 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
1055 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
1056 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
1057 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
1058 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
1059 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
1060 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
1061 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
1062 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
1063 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
1064 tl = SUBL(26) ^ (SUBR(26)
1065 & ~SUBR(24));
1066 dw = tl & SUBL(24), /* FL(kl5) */
1067 tr = SUBR(26) ^ CAMELLIA_RL1(dw);
1068 CAMELLIA_SUBKEY_L(23) = SUBL(22) ^ tl; /* round 18 */
1069 CAMELLIA_SUBKEY_R(23) = SUBR(22) ^ tr;
1070 CAMELLIA_SUBKEY_L(24) = SUBL(24); /* FL(kl5) */
1071 CAMELLIA_SUBKEY_R(24) = SUBR(24);
1072 CAMELLIA_SUBKEY_L(25) = SUBL(25); /* FLinv(kl6) */
1073 CAMELLIA_SUBKEY_R(25) = SUBR(25);
1074 tl = SUBL(23) ^ (SUBR(23) &
1075 ~SUBR(25));
1076 dw = tl & SUBL(25), /* FLinv(kl6) */
1077 tr = SUBR(23) ^ CAMELLIA_RL1(dw);
1078 CAMELLIA_SUBKEY_L(26) = tl ^ SUBL(27); /* round 19 */
1079 CAMELLIA_SUBKEY_R(26) = tr ^ SUBR(27);
1080 CAMELLIA_SUBKEY_L(27) = SUBL(26) ^ SUBL(28); /* round 20 */
1081 CAMELLIA_SUBKEY_R(27) = SUBR(26) ^ SUBR(28);
1082 CAMELLIA_SUBKEY_L(28) = SUBL(27) ^ SUBL(29); /* round 21 */
1083 CAMELLIA_SUBKEY_R(28) = SUBR(27) ^ SUBR(29);
1084 CAMELLIA_SUBKEY_L(29) = SUBL(28) ^ SUBL(30); /* round 22 */
1085 CAMELLIA_SUBKEY_R(29) = SUBR(28) ^ SUBR(30);
1086 CAMELLIA_SUBKEY_L(30) = SUBL(29) ^ SUBL(31); /* round 23 */
1087 CAMELLIA_SUBKEY_R(30) = SUBR(29) ^ SUBR(31);
1088 CAMELLIA_SUBKEY_L(31) = SUBL(30); /* round 24 */
1089 CAMELLIA_SUBKEY_R(31) = SUBR(30);
1090 CAMELLIA_SUBKEY_L(32) = SUBL(32) ^ SUBL(31); /* kw3 */
1091 CAMELLIA_SUBKEY_R(32) = SUBR(32) ^ SUBR(31);
1093 /* apply the inverse of the last half of P-function */
1094 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
1095 dw = CAMELLIA_RL8(dw);/* round 1 */
1096 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
1097 CAMELLIA_SUBKEY_L(2) = dw;
1098 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
1099 dw = CAMELLIA_RL8(dw);/* round 2 */
1100 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
1101 CAMELLIA_SUBKEY_L(3) = dw;
1102 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
1103 dw = CAMELLIA_RL8(dw);/* round 3 */
1104 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
1105 CAMELLIA_SUBKEY_L(4) = dw;
1106 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
1107 dw = CAMELLIA_RL8(dw);/* round 4 */
1108 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
1109 CAMELLIA_SUBKEY_L(5) = dw;
1110 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
1111 dw = CAMELLIA_RL8(dw);/* round 5 */
1112 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
1113 CAMELLIA_SUBKEY_L(6) = dw;
1114 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
1115 dw = CAMELLIA_RL8(dw);/* round 6 */
1116 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
1117 CAMELLIA_SUBKEY_L(7) = dw;
1118 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
1119 dw = CAMELLIA_RL8(dw);/* round 7 */
1120 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
1121 CAMELLIA_SUBKEY_L(10) = dw;
1122 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
1123 dw = CAMELLIA_RL8(dw);/* round 8 */
1124 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
1125 CAMELLIA_SUBKEY_L(11) = dw;
1126 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
1127 dw = CAMELLIA_RL8(dw);/* round 9 */
1128 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
1129 CAMELLIA_SUBKEY_L(12) = dw;
1130 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
1131 dw = CAMELLIA_RL8(dw);/* round 10 */
1132 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
1133 CAMELLIA_SUBKEY_L(13) = dw;
1134 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
1135 dw = CAMELLIA_RL8(dw);/* round 11 */
1136 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
1137 CAMELLIA_SUBKEY_L(14) = dw;
1138 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
1139 dw = CAMELLIA_RL8(dw);/* round 12 */
1140 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
1141 CAMELLIA_SUBKEY_L(15) = dw;
1142 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
1143 dw = CAMELLIA_RL8(dw);/* round 13 */
1144 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
1145 CAMELLIA_SUBKEY_L(18) = dw;
1146 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
1147 dw = CAMELLIA_RL8(dw);/* round 14 */
1148 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
1149 CAMELLIA_SUBKEY_L(19) = dw;
1150 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
1151 dw = CAMELLIA_RL8(dw);/* round 15 */
1152 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
1153 CAMELLIA_SUBKEY_L(20) = dw;
1154 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
1155 dw = CAMELLIA_RL8(dw);/* round 16 */
1156 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
1157 CAMELLIA_SUBKEY_L(21) = dw;
1158 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
1159 dw = CAMELLIA_RL8(dw);/* round 17 */
1160 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
1161 CAMELLIA_SUBKEY_L(22) = dw;
1162 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
1163 dw = CAMELLIA_RL8(dw);/* round 18 */
1164 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
1165 CAMELLIA_SUBKEY_L(23) = dw;
1166 dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26),
1167 dw = CAMELLIA_RL8(dw);/* round 19 */
1168 CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw,
1169 CAMELLIA_SUBKEY_L(26) = dw;
1170 dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27),
1171 dw = CAMELLIA_RL8(dw);/* round 20 */
1172 CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw,
1173 CAMELLIA_SUBKEY_L(27) = dw;
1174 dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28),
1175 dw = CAMELLIA_RL8(dw);/* round 21 */
1176 CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw,
1177 CAMELLIA_SUBKEY_L(28) = dw;
1178 dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29),
1179 dw = CAMELLIA_RL8(dw);/* round 22 */
1180 CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw,
1181 CAMELLIA_SUBKEY_L(29) = dw;
1182 dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30),
1183 dw = CAMELLIA_RL8(dw);/* round 23 */
1184 CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw,
1185 CAMELLIA_SUBKEY_L(30) = dw;
1186 dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31),
1187 dw = CAMELLIA_RL8(dw);/* round 24 */
1188 CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw,
1189 CAMELLIA_SUBKEY_L(31) = dw;
1191 return;
1194 static void camellia_setup192(const unsigned char *key, u32 *subkey)
1196 unsigned char kk[32];
1197 u32 krll, krlr, krrl,krrr;
1199 memcpy(kk, key, 24);
1200 memcpy((unsigned char *)&krll, key+16,4);
1201 memcpy((unsigned char *)&krlr, key+20,4);
1202 krrl = ~krll;
1203 krrr = ~krlr;
1204 memcpy(kk+24, (unsigned char *)&krrl, 4);
1205 memcpy(kk+28, (unsigned char *)&krrr, 4);
1206 camellia_setup256(kk, subkey);
1207 return;
1212 * Stuff related to camellia encryption/decryption
1214 static void camellia_encrypt128(const u32 *subkey, __be32 *io_text)
1216 u32 il,ir,t0,t1; /* temporary valiables */
1218 u32 io[4];
1220 io[0] = be32_to_cpu(io_text[0]);
1221 io[1] = be32_to_cpu(io_text[1]);
1222 io[2] = be32_to_cpu(io_text[2]);
1223 io[3] = be32_to_cpu(io_text[3]);
1225 /* pre whitening but absorb kw2*/
1226 io[0] ^= CAMELLIA_SUBKEY_L(0);
1227 io[1] ^= CAMELLIA_SUBKEY_R(0);
1228 /* main iteration */
1230 CAMELLIA_ROUNDSM(io[0],io[1],
1231 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1232 io[2],io[3],il,ir,t0,t1);
1233 CAMELLIA_ROUNDSM(io[2],io[3],
1234 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1235 io[0],io[1],il,ir,t0,t1);
1236 CAMELLIA_ROUNDSM(io[0],io[1],
1237 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1238 io[2],io[3],il,ir,t0,t1);
1239 CAMELLIA_ROUNDSM(io[2],io[3],
1240 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1241 io[0],io[1],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[0],io[1],
1243 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1244 io[2],io[3],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[2],io[3],
1246 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1247 io[0],io[1],il,ir,t0,t1);
1249 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1250 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1251 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1252 t0,t1,il,ir);
1254 CAMELLIA_ROUNDSM(io[0],io[1],
1255 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1256 io[2],io[3],il,ir,t0,t1);
1257 CAMELLIA_ROUNDSM(io[2],io[3],
1258 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1259 io[0],io[1],il,ir,t0,t1);
1260 CAMELLIA_ROUNDSM(io[0],io[1],
1261 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1262 io[2],io[3],il,ir,t0,t1);
1263 CAMELLIA_ROUNDSM(io[2],io[3],
1264 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1265 io[0],io[1],il,ir,t0,t1);
1266 CAMELLIA_ROUNDSM(io[0],io[1],
1267 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1268 io[2],io[3],il,ir,t0,t1);
1269 CAMELLIA_ROUNDSM(io[2],io[3],
1270 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1271 io[0],io[1],il,ir,t0,t1);
1273 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1274 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1275 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1276 t0,t1,il,ir);
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1283 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[0],io[1],
1285 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1286 io[2],io[3],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[2],io[3],
1288 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1289 io[0],io[1],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1295 io[0],io[1],il,ir,t0,t1);
1297 /* post whitening but kw4 */
1298 io[2] ^= CAMELLIA_SUBKEY_L(24);
1299 io[3] ^= CAMELLIA_SUBKEY_R(24);
1301 t0 = io[0];
1302 t1 = io[1];
1303 io[0] = io[2];
1304 io[1] = io[3];
1305 io[2] = t0;
1306 io[3] = t1;
1308 io_text[0] = cpu_to_be32(io[0]);
1309 io_text[1] = cpu_to_be32(io[1]);
1310 io_text[2] = cpu_to_be32(io[2]);
1311 io_text[3] = cpu_to_be32(io[3]);
1313 return;
1316 static void camellia_decrypt128(const u32 *subkey, __be32 *io_text)
1318 u32 il,ir,t0,t1; /* temporary valiables */
1320 u32 io[4];
1322 io[0] = be32_to_cpu(io_text[0]);
1323 io[1] = be32_to_cpu(io_text[1]);
1324 io[2] = be32_to_cpu(io_text[2]);
1325 io[3] = be32_to_cpu(io_text[3]);
1327 /* pre whitening but absorb kw2*/
1328 io[0] ^= CAMELLIA_SUBKEY_L(24);
1329 io[1] ^= CAMELLIA_SUBKEY_R(24);
1331 /* main iteration */
1332 CAMELLIA_ROUNDSM(io[0],io[1],
1333 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1334 io[2],io[3],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[2],io[3],
1336 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1337 io[0],io[1],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[0],io[1],
1339 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1340 io[2],io[3],il,ir,t0,t1);
1341 CAMELLIA_ROUNDSM(io[2],io[3],
1342 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1343 io[0],io[1],il,ir,t0,t1);
1344 CAMELLIA_ROUNDSM(io[0],io[1],
1345 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1346 io[2],io[3],il,ir,t0,t1);
1347 CAMELLIA_ROUNDSM(io[2],io[3],
1348 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1349 io[0],io[1],il,ir,t0,t1);
1351 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1352 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1353 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1354 t0,t1,il,ir);
1356 CAMELLIA_ROUNDSM(io[0],io[1],
1357 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1358 io[2],io[3],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[2],io[3],
1360 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1361 io[0],io[1],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[0],io[1],
1363 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1364 io[2],io[3],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[2],io[3],
1366 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1367 io[0],io[1],il,ir,t0,t1);
1368 CAMELLIA_ROUNDSM(io[0],io[1],
1369 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1370 io[2],io[3],il,ir,t0,t1);
1371 CAMELLIA_ROUNDSM(io[2],io[3],
1372 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1373 io[0],io[1],il,ir,t0,t1);
1375 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1376 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1377 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1378 t0,t1,il,ir);
1380 CAMELLIA_ROUNDSM(io[0],io[1],
1381 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1382 io[2],io[3],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[2],io[3],
1384 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1385 io[0],io[1],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1388 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1391 io[0],io[1],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[0],io[1],
1393 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1394 io[2],io[3],il,ir,t0,t1);
1395 CAMELLIA_ROUNDSM(io[2],io[3],
1396 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1397 io[0],io[1],il,ir,t0,t1);
1399 /* post whitening but kw4 */
1400 io[2] ^= CAMELLIA_SUBKEY_L(0);
1401 io[3] ^= CAMELLIA_SUBKEY_R(0);
1403 t0 = io[0];
1404 t1 = io[1];
1405 io[0] = io[2];
1406 io[1] = io[3];
1407 io[2] = t0;
1408 io[3] = t1;
1410 io_text[0] = cpu_to_be32(io[0]);
1411 io_text[1] = cpu_to_be32(io[1]);
1412 io_text[2] = cpu_to_be32(io[2]);
1413 io_text[3] = cpu_to_be32(io[3]);
1415 return;
1420 * stuff for 192 and 256bit encryption/decryption
1422 static void camellia_encrypt256(const u32 *subkey, __be32 *io_text)
1424 u32 il,ir,t0,t1; /* temporary valiables */
1426 u32 io[4];
1428 io[0] = be32_to_cpu(io_text[0]);
1429 io[1] = be32_to_cpu(io_text[1]);
1430 io[2] = be32_to_cpu(io_text[2]);
1431 io[3] = be32_to_cpu(io_text[3]);
1433 /* pre whitening but absorb kw2*/
1434 io[0] ^= CAMELLIA_SUBKEY_L(0);
1435 io[1] ^= CAMELLIA_SUBKEY_R(0);
1437 /* main iteration */
1438 CAMELLIA_ROUNDSM(io[0],io[1],
1439 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1440 io[2],io[3],il,ir,t0,t1);
1441 CAMELLIA_ROUNDSM(io[2],io[3],
1442 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1443 io[0],io[1],il,ir,t0,t1);
1444 CAMELLIA_ROUNDSM(io[0],io[1],
1445 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1446 io[2],io[3],il,ir,t0,t1);
1447 CAMELLIA_ROUNDSM(io[2],io[3],
1448 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1449 io[0],io[1],il,ir,t0,t1);
1450 CAMELLIA_ROUNDSM(io[0],io[1],
1451 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1452 io[2],io[3],il,ir,t0,t1);
1453 CAMELLIA_ROUNDSM(io[2],io[3],
1454 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1455 io[0],io[1],il,ir,t0,t1);
1457 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1458 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1459 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1460 t0,t1,il,ir);
1462 CAMELLIA_ROUNDSM(io[0],io[1],
1463 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1464 io[2],io[3],il,ir,t0,t1);
1465 CAMELLIA_ROUNDSM(io[2],io[3],
1466 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1467 io[0],io[1],il,ir,t0,t1);
1468 CAMELLIA_ROUNDSM(io[0],io[1],
1469 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1470 io[2],io[3],il,ir,t0,t1);
1471 CAMELLIA_ROUNDSM(io[2],io[3],
1472 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1473 io[0],io[1],il,ir,t0,t1);
1474 CAMELLIA_ROUNDSM(io[0],io[1],
1475 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1476 io[2],io[3],il,ir,t0,t1);
1477 CAMELLIA_ROUNDSM(io[2],io[3],
1478 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1479 io[0],io[1],il,ir,t0,t1);
1481 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1482 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1483 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1484 t0,t1,il,ir);
1486 CAMELLIA_ROUNDSM(io[0],io[1],
1487 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1488 io[2],io[3],il,ir,t0,t1);
1489 CAMELLIA_ROUNDSM(io[2],io[3],
1490 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1491 io[0],io[1],il,ir,t0,t1);
1492 CAMELLIA_ROUNDSM(io[0],io[1],
1493 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1494 io[2],io[3],il,ir,t0,t1);
1495 CAMELLIA_ROUNDSM(io[2],io[3],
1496 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1497 io[0],io[1],il,ir,t0,t1);
1498 CAMELLIA_ROUNDSM(io[0],io[1],
1499 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1500 io[2],io[3],il,ir,t0,t1);
1501 CAMELLIA_ROUNDSM(io[2],io[3],
1502 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1503 io[0],io[1],il,ir,t0,t1);
1505 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1506 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1507 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1508 t0,t1,il,ir);
1510 CAMELLIA_ROUNDSM(io[0],io[1],
1511 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1512 io[2],io[3],il,ir,t0,t1);
1513 CAMELLIA_ROUNDSM(io[2],io[3],
1514 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1515 io[0],io[1],il,ir,t0,t1);
1516 CAMELLIA_ROUNDSM(io[0],io[1],
1517 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1518 io[2],io[3],il,ir,t0,t1);
1519 CAMELLIA_ROUNDSM(io[2],io[3],
1520 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1521 io[0],io[1],il,ir,t0,t1);
1522 CAMELLIA_ROUNDSM(io[0],io[1],
1523 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1524 io[2],io[3],il,ir,t0,t1);
1525 CAMELLIA_ROUNDSM(io[2],io[3],
1526 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1527 io[0],io[1],il,ir,t0,t1);
1529 /* post whitening but kw4 */
1530 io[2] ^= CAMELLIA_SUBKEY_L(32);
1531 io[3] ^= CAMELLIA_SUBKEY_R(32);
1533 t0 = io[0];
1534 t1 = io[1];
1535 io[0] = io[2];
1536 io[1] = io[3];
1537 io[2] = t0;
1538 io[3] = t1;
1540 io_text[0] = cpu_to_be32(io[0]);
1541 io_text[1] = cpu_to_be32(io[1]);
1542 io_text[2] = cpu_to_be32(io[2]);
1543 io_text[3] = cpu_to_be32(io[3]);
1545 return;
1549 static void camellia_decrypt256(const u32 *subkey, __be32 *io_text)
1551 u32 il,ir,t0,t1; /* temporary valiables */
1553 u32 io[4];
1555 io[0] = be32_to_cpu(io_text[0]);
1556 io[1] = be32_to_cpu(io_text[1]);
1557 io[2] = be32_to_cpu(io_text[2]);
1558 io[3] = be32_to_cpu(io_text[3]);
1560 /* pre whitening but absorb kw2*/
1561 io[0] ^= CAMELLIA_SUBKEY_L(32);
1562 io[1] ^= CAMELLIA_SUBKEY_R(32);
1564 /* main iteration */
1565 CAMELLIA_ROUNDSM(io[0],io[1],
1566 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1567 io[2],io[3],il,ir,t0,t1);
1568 CAMELLIA_ROUNDSM(io[2],io[3],
1569 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1570 io[0],io[1],il,ir,t0,t1);
1571 CAMELLIA_ROUNDSM(io[0],io[1],
1572 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1573 io[2],io[3],il,ir,t0,t1);
1574 CAMELLIA_ROUNDSM(io[2],io[3],
1575 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1576 io[0],io[1],il,ir,t0,t1);
1577 CAMELLIA_ROUNDSM(io[0],io[1],
1578 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1579 io[2],io[3],il,ir,t0,t1);
1580 CAMELLIA_ROUNDSM(io[2],io[3],
1581 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1582 io[0],io[1],il,ir,t0,t1);
1584 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1585 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1586 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1587 t0,t1,il,ir);
1589 CAMELLIA_ROUNDSM(io[0],io[1],
1590 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1591 io[2],io[3],il,ir,t0,t1);
1592 CAMELLIA_ROUNDSM(io[2],io[3],
1593 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1594 io[0],io[1],il,ir,t0,t1);
1595 CAMELLIA_ROUNDSM(io[0],io[1],
1596 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1597 io[2],io[3],il,ir,t0,t1);
1598 CAMELLIA_ROUNDSM(io[2],io[3],
1599 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1600 io[0],io[1],il,ir,t0,t1);
1601 CAMELLIA_ROUNDSM(io[0],io[1],
1602 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1603 io[2],io[3],il,ir,t0,t1);
1604 CAMELLIA_ROUNDSM(io[2],io[3],
1605 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1606 io[0],io[1],il,ir,t0,t1);
1608 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1609 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1610 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1611 t0,t1,il,ir);
1613 CAMELLIA_ROUNDSM(io[0],io[1],
1614 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1615 io[2],io[3],il,ir,t0,t1);
1616 CAMELLIA_ROUNDSM(io[2],io[3],
1617 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1618 io[0],io[1],il,ir,t0,t1);
1619 CAMELLIA_ROUNDSM(io[0],io[1],
1620 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1621 io[2],io[3],il,ir,t0,t1);
1622 CAMELLIA_ROUNDSM(io[2],io[3],
1623 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1624 io[0],io[1],il,ir,t0,t1);
1625 CAMELLIA_ROUNDSM(io[0],io[1],
1626 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1627 io[2],io[3],il,ir,t0,t1);
1628 CAMELLIA_ROUNDSM(io[2],io[3],
1629 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1630 io[0],io[1],il,ir,t0,t1);
1632 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1633 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1634 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1635 t0,t1,il,ir);
1637 CAMELLIA_ROUNDSM(io[0],io[1],
1638 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1639 io[2],io[3],il,ir,t0,t1);
1640 CAMELLIA_ROUNDSM(io[2],io[3],
1641 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1642 io[0],io[1],il,ir,t0,t1);
1643 CAMELLIA_ROUNDSM(io[0],io[1],
1644 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1645 io[2],io[3],il,ir,t0,t1);
1646 CAMELLIA_ROUNDSM(io[2],io[3],
1647 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1648 io[0],io[1],il,ir,t0,t1);
1649 CAMELLIA_ROUNDSM(io[0],io[1],
1650 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1651 io[2],io[3],il,ir,t0,t1);
1652 CAMELLIA_ROUNDSM(io[2],io[3],
1653 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1654 io[0],io[1],il,ir,t0,t1);
1656 /* post whitening but kw4 */
1657 io[2] ^= CAMELLIA_SUBKEY_L(0);
1658 io[3] ^= CAMELLIA_SUBKEY_R(0);
1660 t0 = io[0];
1661 t1 = io[1];
1662 io[0] = io[2];
1663 io[1] = io[3];
1664 io[2] = t0;
1665 io[3] = t1;
1667 io_text[0] = cpu_to_be32(io[0]);
1668 io_text[1] = cpu_to_be32(io[1]);
1669 io_text[2] = cpu_to_be32(io[2]);
1670 io_text[3] = cpu_to_be32(io[3]);
1672 return;
1676 static int
1677 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1678 unsigned int key_len)
1680 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1681 const unsigned char *key = (const unsigned char *)in_key;
1682 u32 *flags = &tfm->crt_flags;
1684 if (key_len != 16 && key_len != 24 && key_len != 32) {
1685 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1686 return -EINVAL;
1689 cctx->key_length = key_len;
1691 switch(key_len) {
1692 case 16:
1693 camellia_setup128(key, cctx->key_table);
1694 break;
1695 case 24:
1696 camellia_setup192(key, cctx->key_table);
1697 break;
1698 case 32:
1699 camellia_setup256(key, cctx->key_table);
1700 break;
1701 default:
1702 break;
1705 return 0;
1709 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1711 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1712 const __be32 *src = (const __be32 *)in;
1713 __be32 *dst = (__be32 *)out;
1715 __be32 tmp[4];
1717 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE);
1719 switch (cctx->key_length) {
1720 case 16:
1721 camellia_encrypt128(cctx->key_table, tmp);
1722 break;
1723 case 24:
1724 /* fall through */
1725 case 32:
1726 camellia_encrypt256(cctx->key_table, tmp);
1727 break;
1728 default:
1729 break;
1732 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE);
1736 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1738 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1739 const __be32 *src = (const __be32 *)in;
1740 __be32 *dst = (__be32 *)out;
1742 __be32 tmp[4];
1744 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE);
1746 switch (cctx->key_length) {
1747 case 16:
1748 camellia_decrypt128(cctx->key_table, tmp);
1749 break;
1750 case 24:
1751 /* fall through */
1752 case 32:
1753 camellia_decrypt256(cctx->key_table, tmp);
1754 break;
1755 default:
1756 break;
1759 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE);
1763 static struct crypto_alg camellia_alg = {
1764 .cra_name = "camellia",
1765 .cra_driver_name = "camellia-generic",
1766 .cra_priority = 100,
1767 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1768 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1769 .cra_ctxsize = sizeof(struct camellia_ctx),
1770 .cra_alignmask = 3,
1771 .cra_module = THIS_MODULE,
1772 .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1773 .cra_u = {
1774 .cipher = {
1775 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1776 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1777 .cia_setkey = camellia_set_key,
1778 .cia_encrypt = camellia_encrypt,
1779 .cia_decrypt = camellia_decrypt
1784 static int __init camellia_init(void)
1786 return crypto_register_alg(&camellia_alg);
1790 static void __exit camellia_fini(void)
1792 crypto_unregister_alg(&camellia_alg);
1796 module_init(camellia_init);
1797 module_exit(camellia_fini);
1800 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1801 MODULE_LICENSE("GPL");