1/* $NetBSD$ */ 2 3/* camellia.c ver 1.2.0 4 * 5 * Copyright (c) 2006,2007 6 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer as 13 * the first lines of this file unmodified. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30/* 31 * Algorithm Specification 32 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 33 */ 34 35#include "config.h" 36 37#include <string.h> 38#include <stdlib.h> 39 40#include <krb5/krb5-types.h> 41#include "camellia-ntt.h" 42 43#include <krb5/roken.h> 44 45/* key constants */ 46 47#define CAMELLIA_SIGMA1L (0xA09E667FL) 48#define CAMELLIA_SIGMA1R (0x3BCC908BL) 49#define CAMELLIA_SIGMA2L (0xB67AE858L) 50#define CAMELLIA_SIGMA2R (0x4CAA73B2L) 51#define CAMELLIA_SIGMA3L (0xC6EF372FL) 52#define CAMELLIA_SIGMA3R (0xE94F82BEL) 53#define CAMELLIA_SIGMA4L (0x54FF53A5L) 54#define CAMELLIA_SIGMA4R (0xF1D36F1CL) 55#define CAMELLIA_SIGMA5L (0x10E527FAL) 56#define CAMELLIA_SIGMA5R (0xDE682D1DL) 57#define CAMELLIA_SIGMA6L (0xB05688C2L) 58#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 59 60/* 61 * macros 62 */ 63 64 65#if defined(_MSC_VER) 66 67# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) 68# define GETU32(p) SWAP(*((u32 *)(p))) 69# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));} 70 71#else /* not MS-VC */ 72 73# define GETU32(pt) \ 74 (((u32)(pt)[0] << 24) \ 75 ^ ((u32)(pt)[1] << 16) \ 76 ^ ((u32)(pt)[2] << 8) \ 77 ^ ((u32)(pt)[3])) 78 79# define PUTU32(ct, st) { \ 80 (ct)[0] = (u8)((st) >> 24); \ 81 (ct)[1] = (u8)((st) >> 16); \ 82 (ct)[2] = (u8)((st) >> 8); \ 83 (ct)[3] = (u8)(st); } 84 85#endif 86 87#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) 88#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) 89 90/* rotation right shift 1byte */ 91#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 92/* rotation left shift 1bit */ 93#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 94/* rotation left shift 1byte */ 95#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 96 97#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 98 do { \ 99 w0 = ll; \ 100 ll = (ll << bits) + (lr >> (32 - bits)); \ 101 lr = (lr << bits) + (rl >> (32 - bits)); \ 102 rl = (rl << bits) + (rr >> (32 - bits)); \ 103 rr = (rr << bits) + (w0 >> (32 - bits)); \ 104 } while(0) 105 106#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 107 do { \ 108 w0 = ll; \ 109 w1 = lr; \ 110 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 111 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 112 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 113 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 114 } while(0) 115 116#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 117#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 118#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 119#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 120 121#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 122 do { \ 123 il = xl ^ kl; \ 124 ir = xr ^ kr; \ 125 t0 = il >> 16; \ 126 t1 = ir >> 16; \ 127 yl = CAMELLIA_SP1110(ir & 0xff) \ 128 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 129 ^ CAMELLIA_SP3033(t1 & 0xff) \ 130 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 131 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 132 ^ CAMELLIA_SP0222(t0 & 0xff) \ 133 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 134 ^ CAMELLIA_SP4404(il & 0xff); \ 135 yl ^= yr; \ 136 yr = CAMELLIA_RR8(yr); \ 137 yr ^= yl; \ 138 } while(0) 139 140 141/* 142 * for speed up 143 * 144 */ 145#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 146 do { \ 147 t0 = kll; \ 148 t0 &= ll; \ 149 lr ^= CAMELLIA_RL1(t0); \ 150 t1 = klr; \ 151 t1 |= lr; \ 152 ll ^= t1; \ 153 \ 154 t2 = krr; \ 155 t2 |= rr; \ 156 rl ^= t2; \ 157 t3 = krl; \ 158 t3 &= rl; \ 159 rr ^= CAMELLIA_RL1(t3); \ 160 } while(0) 161 162#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 163 do { \ 164 ir = CAMELLIA_SP1110(xr & 0xff) \ 165 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \ 166 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \ 167 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \ 168 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \ 169 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \ 170 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \ 171 ^ CAMELLIA_SP4404(xl & 0xff); \ 172 il ^= kl; \ 173 ir ^= kr; \ 174 ir ^= il; \ 175 il = CAMELLIA_RR8(il); \ 176 il ^= ir; \ 177 yl ^= ir; \ 178 yr ^= il; \ 179 } while(0) 180 181 182static const u32 camellia_sp1110[256] = { 183 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 184 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 185 0xe4e4e400,0x85858500,0x57575700,0x35353500, 186 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 187 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 188 0x45454500,0x19191900,0xa5a5a500,0x21212100, 189 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 190 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 191 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 192 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 193 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 194 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 195 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 196 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 197 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 198 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 199 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 200 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 201 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 202 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 203 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 204 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 205 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 206 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 207 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 208 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 209 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 210 0x53535300,0x18181800,0xf2f2f200,0x22222200, 211 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 212 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 213 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 214 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 215 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 216 0xa1a1a100,0x89898900,0x62626200,0x97979700, 217 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 218 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 219 0x10101000,0xc4c4c400,0x00000000,0x48484800, 220 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 221 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 222 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 223 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 224 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 225 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 226 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 227 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 228 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 229 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 230 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 231 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 232 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 233 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 234 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 235 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 236 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 237 0xd4d4d400,0x25252500,0xababab00,0x42424200, 238 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 239 0x72727200,0x07070700,0xb9b9b900,0x55555500, 240 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 241 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 242 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 243 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 244 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 245 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 246 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 247}; 248 249static const u32 camellia_sp0222[256] = { 250 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 251 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 252 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 253 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 254 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 255 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 256 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 257 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 258 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 259 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 260 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 261 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 262 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 263 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 264 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 265 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 266 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 267 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 268 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 269 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 270 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 271 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 272 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 273 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 274 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 275 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 276 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 277 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 278 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 279 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 280 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 281 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 282 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 283 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 284 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 285 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 286 0x00202020,0x00898989,0x00000000,0x00909090, 287 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 288 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 289 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 290 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 291 0x009b9b9b,0x00949494,0x00212121,0x00666666, 292 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 293 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 294 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 295 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 296 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 297 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 298 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 299 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 300 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 301 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 302 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 303 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 304 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 305 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 306 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 307 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 308 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 309 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 310 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 311 0x00777777,0x00939393,0x00868686,0x00838383, 312 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 313 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 314}; 315 316static const u32 camellia_sp3033[256] = { 317 0x38003838,0x41004141,0x16001616,0x76007676, 318 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 319 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 320 0x75007575,0x06000606,0x57005757,0xa000a0a0, 321 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 322 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 323 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 324 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 325 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 326 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 327 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 328 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 329 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 330 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 331 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 332 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 333 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 334 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 335 0x3a003a3a,0x09000909,0x95009595,0x10001010, 336 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 337 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 338 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 339 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 340 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 341 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 342 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 343 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 344 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 345 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 346 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 347 0x12001212,0x04000404,0x74007474,0x54005454, 348 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 349 0x55005555,0x68006868,0x50005050,0xbe00bebe, 350 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 351 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 352 0x70007070,0xff00ffff,0x32003232,0x69006969, 353 0x08000808,0x62006262,0x00000000,0x24002424, 354 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 355 0x45004545,0x81008181,0x73007373,0x6d006d6d, 356 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 357 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 358 0xe600e6e6,0x25002525,0x48004848,0x99009999, 359 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 360 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 361 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 362 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 363 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 364 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 365 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 366 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 367 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 368 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 369 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 370 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 371 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 372 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 373 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 374 0x7c007c7c,0x77007777,0x56005656,0x05000505, 375 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 376 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 377 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 378 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 379 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 380 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 381}; 382 383static const u32 camellia_sp4404[256] = { 384 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 385 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 386 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 387 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 388 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 389 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 390 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 391 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 392 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 393 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 394 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 395 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 396 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 397 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 398 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 399 0x24240024,0xe8e800e8,0x60600060,0x69690069, 400 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 401 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 402 0x10100010,0x00000000,0xa3a300a3,0x75750075, 403 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 404 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 405 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 406 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 407 0x81810081,0x6f6f006f,0x13130013,0x63630063, 408 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 409 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 410 0x78780078,0x06060006,0xe7e700e7,0x71710071, 411 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 412 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 413 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 414 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 415 0x15150015,0xadad00ad,0x77770077,0x80800080, 416 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 417 0x85850085,0x35350035,0x0c0c000c,0x41410041, 418 0xefef00ef,0x93930093,0x19190019,0x21210021, 419 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 420 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 421 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 422 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 423 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 424 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 425 0x12120012,0x20200020,0xb1b100b1,0x99990099, 426 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 427 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 428 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 429 0x0f0f000f,0x16160016,0x18180018,0x22220022, 430 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 431 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 432 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 433 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 434 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 435 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 436 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 437 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 438 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 439 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 440 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 441 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 442 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 443 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 444 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 445 0x49490049,0x68680068,0x38380038,0xa4a400a4, 446 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 447 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 448}; 449 450 451/** 452 * Stuff related to the Camellia key schedule 453 */ 454#define subl(x) subL[(x)] 455#define subr(x) subR[(x)] 456 457static void camellia_setup128(const unsigned char *key, u32 *subkey) 458{ 459 u32 kll, klr, krl, krr; 460 u32 il, ir, t0, t1, w0, w1; 461 u32 kw4l, kw4r, dw, tl, tr; 462 u32 subL[26]; 463 u32 subR[26]; 464 465 /** 466 * k == kll || klr || krl || krr (|| is concatination) 467 */ 468 kll = GETU32(key ); 469 klr = GETU32(key + 4); 470 krl = GETU32(key + 8); 471 krr = GETU32(key + 12); 472 /** 473 * generate KL dependent subkeys 474 */ 475 subl(0) = kll; subr(0) = klr; 476 subl(1) = krl; subr(1) = krr; 477 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 478 subl(4) = kll; subr(4) = klr; 479 subl(5) = krl; subr(5) = krr; 480 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 481 subl(10) = kll; subr(10) = klr; 482 subl(11) = krl; subr(11) = krr; 483 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 484 subl(13) = krl; subr(13) = krr; 485 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 486 subl(16) = kll; subr(16) = klr; 487 subl(17) = krl; subr(17) = krr; 488 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 489 subl(18) = kll; subr(18) = klr; 490 subl(19) = krl; subr(19) = krr; 491 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 492 subl(22) = kll; subr(22) = klr; 493 subl(23) = krl; subr(23) = krr; 494 495 /* generate KA */ 496 kll = subl(0); klr = subr(0); 497 krl = subl(1); krr = subr(1); 498 CAMELLIA_F(kll, klr, 499 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 500 w0, w1, il, ir, t0, t1); 501 krl ^= w0; krr ^= w1; 502 CAMELLIA_F(krl, krr, 503 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 504 kll, klr, il, ir, t0, t1); 505 CAMELLIA_F(kll, klr, 506 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 507 krl, krr, il, ir, t0, t1); 508 krl ^= w0; krr ^= w1; 509 CAMELLIA_F(krl, krr, 510 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 511 w0, w1, il, ir, t0, t1); 512 kll ^= w0; klr ^= w1; 513 514 /* generate KA dependent subkeys */ 515 subl(2) = kll; subr(2) = klr; 516 subl(3) = krl; subr(3) = krr; 517 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 518 subl(6) = kll; subr(6) = klr; 519 subl(7) = krl; subr(7) = krr; 520 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 521 subl(8) = kll; subr(8) = klr; 522 subl(9) = krl; subr(9) = krr; 523 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 524 subl(12) = kll; subr(12) = klr; 525 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 526 subl(14) = kll; subr(14) = klr; 527 subl(15) = krl; subr(15) = krr; 528 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 529 subl(20) = kll; subr(20) = klr; 530 subl(21) = krl; subr(21) = krr; 531 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 532 subl(24) = kll; subr(24) = klr; 533 subl(25) = krl; subr(25) = krr; 534 535 536 /* absorb kw2 to other subkeys */ 537 subl(3) ^= subl(1); subr(3) ^= subr(1); 538 subl(5) ^= subl(1); subr(5) ^= subr(1); 539 subl(7) ^= subl(1); subr(7) ^= subr(1); 540 subl(1) ^= subr(1) & ~subr(9); 541 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 542 subl(11) ^= subl(1); subr(11) ^= subr(1); 543 subl(13) ^= subl(1); subr(13) ^= subr(1); 544 subl(15) ^= subl(1); subr(15) ^= subr(1); 545 subl(1) ^= subr(1) & ~subr(17); 546 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 547 subl(19) ^= subl(1); subr(19) ^= subr(1); 548 subl(21) ^= subl(1); subr(21) ^= subr(1); 549 subl(23) ^= subl(1); subr(23) ^= subr(1); 550 subl(24) ^= subl(1); subr(24) ^= subr(1); 551 552 /* absorb kw4 to other subkeys */ 553 kw4l = subl(25); kw4r = subr(25); 554 subl(22) ^= kw4l; subr(22) ^= kw4r; 555 subl(20) ^= kw4l; subr(20) ^= kw4r; 556 subl(18) ^= kw4l; subr(18) ^= kw4r; 557 kw4l ^= kw4r & ~subr(16); 558 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 559 subl(14) ^= kw4l; subr(14) ^= kw4r; 560 subl(12) ^= kw4l; subr(12) ^= kw4r; 561 subl(10) ^= kw4l; subr(10) ^= kw4r; 562 kw4l ^= kw4r & ~subr(8); 563 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 564 subl(6) ^= kw4l; subr(6) ^= kw4r; 565 subl(4) ^= kw4l; subr(4) ^= kw4r; 566 subl(2) ^= kw4l; subr(2) ^= kw4r; 567 subl(0) ^= kw4l; subr(0) ^= kw4r; 568 569 /* key XOR is end of F-function */ 570 CamelliaSubkeyL(0) = subl(0) ^ subl(2); 571 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 572 CamelliaSubkeyL(2) = subl(3); 573 CamelliaSubkeyR(2) = subr(3); 574 CamelliaSubkeyL(3) = subl(2) ^ subl(4); 575 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 576 CamelliaSubkeyL(4) = subl(3) ^ subl(5); 577 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 578 CamelliaSubkeyL(5) = subl(4) ^ subl(6); 579 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 580 CamelliaSubkeyL(6) = subl(5) ^ subl(7); 581 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 582 tl = subl(10) ^ (subr(10) & ~subr(8)); 583 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 584 CamelliaSubkeyL(7) = subl(6) ^ tl; 585 CamelliaSubkeyR(7) = subr(6) ^ tr; 586 CamelliaSubkeyL(8) = subl(8); 587 CamelliaSubkeyR(8) = subr(8); 588 CamelliaSubkeyL(9) = subl(9); 589 CamelliaSubkeyR(9) = subr(9); 590 tl = subl(7) ^ (subr(7) & ~subr(9)); 591 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 592 CamelliaSubkeyL(10) = tl ^ subl(11); 593 CamelliaSubkeyR(10) = tr ^ subr(11); 594 CamelliaSubkeyL(11) = subl(10) ^ subl(12); 595 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 596 CamelliaSubkeyL(12) = subl(11) ^ subl(13); 597 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 598 CamelliaSubkeyL(13) = subl(12) ^ subl(14); 599 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 600 CamelliaSubkeyL(14) = subl(13) ^ subl(15); 601 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 602 tl = subl(18) ^ (subr(18) & ~subr(16)); 603 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 604 CamelliaSubkeyL(15) = subl(14) ^ tl; 605 CamelliaSubkeyR(15) = subr(14) ^ tr; 606 CamelliaSubkeyL(16) = subl(16); 607 CamelliaSubkeyR(16) = subr(16); 608 CamelliaSubkeyL(17) = subl(17); 609 CamelliaSubkeyR(17) = subr(17); 610 tl = subl(15) ^ (subr(15) & ~subr(17)); 611 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 612 CamelliaSubkeyL(18) = tl ^ subl(19); 613 CamelliaSubkeyR(18) = tr ^ subr(19); 614 CamelliaSubkeyL(19) = subl(18) ^ subl(20); 615 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 616 CamelliaSubkeyL(20) = subl(19) ^ subl(21); 617 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 618 CamelliaSubkeyL(21) = subl(20) ^ subl(22); 619 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 620 CamelliaSubkeyL(22) = subl(21) ^ subl(23); 621 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 622 CamelliaSubkeyL(23) = subl(22); 623 CamelliaSubkeyR(23) = subr(22); 624 CamelliaSubkeyL(24) = subl(24) ^ subl(23); 625 CamelliaSubkeyR(24) = subr(24) ^ subr(23); 626 627 /* apply the inverse of the last half of P-function */ 628 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); 629 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; 630 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); 631 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; 632 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); 633 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; 634 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); 635 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; 636 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); 637 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; 638 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); 639 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; 640 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); 641 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; 642 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); 643 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; 644 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); 645 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; 646 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); 647 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; 648 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); 649 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; 650 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); 651 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; 652 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); 653 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; 654 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); 655 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; 656 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); 657 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; 658 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); 659 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; 660 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); 661 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; 662 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); 663 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; 664 665 return; 666} 667 668static void camellia_setup256(const unsigned char *key, u32 *subkey) 669{ 670 u32 kll,klr,krl,krr; /* left half of key */ 671 u32 krll,krlr,krrl,krrr; /* right half of key */ 672 u32 il, ir, t0, t1, w0, w1; /* temporary variables */ 673 u32 kw4l, kw4r, dw, tl, tr; 674 u32 subL[34]; 675 u32 subR[34]; 676 677 /** 678 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 679 * (|| is concatination) 680 */ 681 682 kll = GETU32(key ); 683 klr = GETU32(key + 4); 684 krl = GETU32(key + 8); 685 krr = GETU32(key + 12); 686 krll = GETU32(key + 16); 687 krlr = GETU32(key + 20); 688 krrl = GETU32(key + 24); 689 krrr = GETU32(key + 28); 690 691 /* generate KL dependent subkeys */ 692 subl(0) = kll; subr(0) = klr; 693 subl(1) = krl; subr(1) = krr; 694 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 695 subl(12) = kll; subr(12) = klr; 696 subl(13) = krl; subr(13) = krr; 697 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 698 subl(16) = kll; subr(16) = klr; 699 subl(17) = krl; subr(17) = krr; 700 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 701 subl(22) = kll; subr(22) = klr; 702 subl(23) = krl; subr(23) = krr; 703 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 704 subl(30) = kll; subr(30) = klr; 705 subl(31) = krl; subr(31) = krr; 706 707 /* generate KR dependent subkeys */ 708 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 709 subl(4) = krll; subr(4) = krlr; 710 subl(5) = krrl; subr(5) = krrr; 711 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 712 subl(8) = krll; subr(8) = krlr; 713 subl(9) = krrl; subr(9) = krrr; 714 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 715 subl(18) = krll; subr(18) = krlr; 716 subl(19) = krrl; subr(19) = krrr; 717 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 718 subl(26) = krll; subr(26) = krlr; 719 subl(27) = krrl; subr(27) = krrr; 720 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 721 722 /* generate KA */ 723 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 724 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 725 CAMELLIA_F(kll, klr, 726 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 727 w0, w1, il, ir, t0, t1); 728 krl ^= w0; krr ^= w1; 729 CAMELLIA_F(krl, krr, 730 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 731 kll, klr, il, ir, t0, t1); 732 kll ^= krll; klr ^= krlr; 733 CAMELLIA_F(kll, klr, 734 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 735 krl, krr, il, ir, t0, t1); 736 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 737 CAMELLIA_F(krl, krr, 738 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 739 w0, w1, il, ir, t0, t1); 740 kll ^= w0; klr ^= w1; 741 742 /* generate KB */ 743 krll ^= kll; krlr ^= klr; 744 krrl ^= krl; krrr ^= krr; 745 CAMELLIA_F(krll, krlr, 746 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 747 w0, w1, il, ir, t0, t1); 748 krrl ^= w0; krrr ^= w1; 749 CAMELLIA_F(krrl, krrr, 750 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 751 w0, w1, il, ir, t0, t1); 752 krll ^= w0; krlr ^= w1; 753 754 /* generate KA dependent subkeys */ 755 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 756 subl(6) = kll; subr(6) = klr; 757 subl(7) = krl; subr(7) = krr; 758 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 759 subl(14) = kll; subr(14) = klr; 760 subl(15) = krl; subr(15) = krr; 761 subl(24) = klr; subr(24) = krl; 762 subl(25) = krr; subr(25) = kll; 763 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 764 subl(28) = kll; subr(28) = klr; 765 subl(29) = krl; subr(29) = krr; 766 767 /* generate KB dependent subkeys */ 768 subl(2) = krll; subr(2) = krlr; 769 subl(3) = krrl; subr(3) = krrr; 770 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 771 subl(10) = krll; subr(10) = krlr; 772 subl(11) = krrl; subr(11) = krrr; 773 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 774 subl(20) = krll; subr(20) = krlr; 775 subl(21) = krrl; subr(21) = krrr; 776 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 777 subl(32) = krll; subr(32) = krlr; 778 subl(33) = krrl; subr(33) = krrr; 779 780 /* absorb kw2 to other subkeys */ 781 subl(3) ^= subl(1); subr(3) ^= subr(1); 782 subl(5) ^= subl(1); subr(5) ^= subr(1); 783 subl(7) ^= subl(1); subr(7) ^= subr(1); 784 subl(1) ^= subr(1) & ~subr(9); 785 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 786 subl(11) ^= subl(1); subr(11) ^= subr(1); 787 subl(13) ^= subl(1); subr(13) ^= subr(1); 788 subl(15) ^= subl(1); subr(15) ^= subr(1); 789 subl(1) ^= subr(1) & ~subr(17); 790 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 791 subl(19) ^= subl(1); subr(19) ^= subr(1); 792 subl(21) ^= subl(1); subr(21) ^= subr(1); 793 subl(23) ^= subl(1); subr(23) ^= subr(1); 794 subl(1) ^= subr(1) & ~subr(25); 795 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 796 subl(27) ^= subl(1); subr(27) ^= subr(1); 797 subl(29) ^= subl(1); subr(29) ^= subr(1); 798 subl(31) ^= subl(1); subr(31) ^= subr(1); 799 subl(32) ^= subl(1); subr(32) ^= subr(1); 800 801 /* absorb kw4 to other subkeys */ 802 kw4l = subl(33); kw4r = subr(33); 803 subl(30) ^= kw4l; subr(30) ^= kw4r; 804 subl(28) ^= kw4l; subr(28) ^= kw4r; 805 subl(26) ^= kw4l; subr(26) ^= kw4r; 806 kw4l ^= kw4r & ~subr(24); 807 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 808 subl(22) ^= kw4l; subr(22) ^= kw4r; 809 subl(20) ^= kw4l; subr(20) ^= kw4r; 810 subl(18) ^= kw4l; subr(18) ^= kw4r; 811 kw4l ^= kw4r & ~subr(16); 812 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 813 subl(14) ^= kw4l; subr(14) ^= kw4r; 814 subl(12) ^= kw4l; subr(12) ^= kw4r; 815 subl(10) ^= kw4l; subr(10) ^= kw4r; 816 kw4l ^= kw4r & ~subr(8); 817 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 818 subl(6) ^= kw4l; subr(6) ^= kw4r; 819 subl(4) ^= kw4l; subr(4) ^= kw4r; 820 subl(2) ^= kw4l; subr(2) ^= kw4r; 821 subl(0) ^= kw4l; subr(0) ^= kw4r; 822 823 /* key XOR is end of F-function */ 824 CamelliaSubkeyL(0) = subl(0) ^ subl(2); 825 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 826 CamelliaSubkeyL(2) = subl(3); 827 CamelliaSubkeyR(2) = subr(3); 828 CamelliaSubkeyL(3) = subl(2) ^ subl(4); 829 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 830 CamelliaSubkeyL(4) = subl(3) ^ subl(5); 831 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 832 CamelliaSubkeyL(5) = subl(4) ^ subl(6); 833 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 834 CamelliaSubkeyL(6) = subl(5) ^ subl(7); 835 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 836 tl = subl(10) ^ (subr(10) & ~subr(8)); 837 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 838 CamelliaSubkeyL(7) = subl(6) ^ tl; 839 CamelliaSubkeyR(7) = subr(6) ^ tr; 840 CamelliaSubkeyL(8) = subl(8); 841 CamelliaSubkeyR(8) = subr(8); 842 CamelliaSubkeyL(9) = subl(9); 843 CamelliaSubkeyR(9) = subr(9); 844 tl = subl(7) ^ (subr(7) & ~subr(9)); 845 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 846 CamelliaSubkeyL(10) = tl ^ subl(11); 847 CamelliaSubkeyR(10) = tr ^ subr(11); 848 CamelliaSubkeyL(11) = subl(10) ^ subl(12); 849 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 850 CamelliaSubkeyL(12) = subl(11) ^ subl(13); 851 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 852 CamelliaSubkeyL(13) = subl(12) ^ subl(14); 853 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 854 CamelliaSubkeyL(14) = subl(13) ^ subl(15); 855 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 856 tl = subl(18) ^ (subr(18) & ~subr(16)); 857 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 858 CamelliaSubkeyL(15) = subl(14) ^ tl; 859 CamelliaSubkeyR(15) = subr(14) ^ tr; 860 CamelliaSubkeyL(16) = subl(16); 861 CamelliaSubkeyR(16) = subr(16); 862 CamelliaSubkeyL(17) = subl(17); 863 CamelliaSubkeyR(17) = subr(17); 864 tl = subl(15) ^ (subr(15) & ~subr(17)); 865 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 866 CamelliaSubkeyL(18) = tl ^ subl(19); 867 CamelliaSubkeyR(18) = tr ^ subr(19); 868 CamelliaSubkeyL(19) = subl(18) ^ subl(20); 869 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 870 CamelliaSubkeyL(20) = subl(19) ^ subl(21); 871 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 872 CamelliaSubkeyL(21) = subl(20) ^ subl(22); 873 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 874 CamelliaSubkeyL(22) = subl(21) ^ subl(23); 875 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 876 tl = subl(26) ^ (subr(26) & ~subr(24)); 877 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 878 CamelliaSubkeyL(23) = subl(22) ^ tl; 879 CamelliaSubkeyR(23) = subr(22) ^ tr; 880 CamelliaSubkeyL(24) = subl(24); 881 CamelliaSubkeyR(24) = subr(24); 882 CamelliaSubkeyL(25) = subl(25); 883 CamelliaSubkeyR(25) = subr(25); 884 tl = subl(23) ^ (subr(23) & ~subr(25)); 885 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 886 CamelliaSubkeyL(26) = tl ^ subl(27); 887 CamelliaSubkeyR(26) = tr ^ subr(27); 888 CamelliaSubkeyL(27) = subl(26) ^ subl(28); 889 CamelliaSubkeyR(27) = subr(26) ^ subr(28); 890 CamelliaSubkeyL(28) = subl(27) ^ subl(29); 891 CamelliaSubkeyR(28) = subr(27) ^ subr(29); 892 CamelliaSubkeyL(29) = subl(28) ^ subl(30); 893 CamelliaSubkeyR(29) = subr(28) ^ subr(30); 894 CamelliaSubkeyL(30) = subl(29) ^ subl(31); 895 CamelliaSubkeyR(30) = subr(29) ^ subr(31); 896 CamelliaSubkeyL(31) = subl(30); 897 CamelliaSubkeyR(31) = subr(30); 898 CamelliaSubkeyL(32) = subl(32) ^ subl(31); 899 CamelliaSubkeyR(32) = subr(32) ^ subr(31); 900 901 /* apply the inverse of the last half of P-function */ 902 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); 903 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; 904 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); 905 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; 906 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); 907 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; 908 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); 909 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; 910 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); 911 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; 912 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); 913 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; 914 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); 915 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; 916 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); 917 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; 918 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); 919 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; 920 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); 921 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; 922 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); 923 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; 924 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); 925 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; 926 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); 927 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; 928 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); 929 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; 930 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); 931 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; 932 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); 933 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; 934 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); 935 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; 936 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); 937 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; 938 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); 939 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; 940 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); 941 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; 942 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); 943 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; 944 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); 945 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; 946 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); 947 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; 948 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); 949 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; 950 951 return; 952} 953 954static void camellia_setup192(const unsigned char *key, u32 *subkey) 955{ 956 unsigned char kk[32]; 957 u32 krll, krlr, krrl,krrr; 958 959 memcpy(kk, key, 24); 960 memcpy((unsigned char *)&krll, key+16,4); 961 memcpy((unsigned char *)&krlr, key+20,4); 962 krrl = ~krll; 963 krrr = ~krlr; 964 memcpy(kk+24, (unsigned char *)&krrl, 4); 965 memcpy(kk+28, (unsigned char *)&krrr, 4); 966 camellia_setup256(kk, subkey); 967 return; 968} 969 970 971/** 972 * Stuff related to camellia encryption/decryption 973 * 974 * "io" must be 4byte aligned and big-endian data. 975 */ 976static void camellia_encrypt128(const u32 *subkey, u32 *io) 977{ 978 u32 il, ir, t0, t1; 979 980 /* pre whitening but absorb kw2*/ 981 io[0] ^= CamelliaSubkeyL(0); 982 io[1] ^= CamelliaSubkeyR(0); 983 /* main iteration */ 984 985 CAMELLIA_ROUNDSM(io[0],io[1], 986 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 987 io[2],io[3],il,ir,t0,t1); 988 CAMELLIA_ROUNDSM(io[2],io[3], 989 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 990 io[0],io[1],il,ir,t0,t1); 991 CAMELLIA_ROUNDSM(io[0],io[1], 992 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 993 io[2],io[3],il,ir,t0,t1); 994 CAMELLIA_ROUNDSM(io[2],io[3], 995 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 996 io[0],io[1],il,ir,t0,t1); 997 CAMELLIA_ROUNDSM(io[0],io[1], 998 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 999 io[2],io[3],il,ir,t0,t1); 1000 CAMELLIA_ROUNDSM(io[2],io[3], 1001 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1002 io[0],io[1],il,ir,t0,t1); 1003 1004 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1005 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1006 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1007 t0,t1,il,ir); 1008 1009 CAMELLIA_ROUNDSM(io[0],io[1], 1010 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1011 io[2],io[3],il,ir,t0,t1); 1012 CAMELLIA_ROUNDSM(io[2],io[3], 1013 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1014 io[0],io[1],il,ir,t0,t1); 1015 CAMELLIA_ROUNDSM(io[0],io[1], 1016 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1017 io[2],io[3],il,ir,t0,t1); 1018 CAMELLIA_ROUNDSM(io[2],io[3], 1019 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1020 io[0],io[1],il,ir,t0,t1); 1021 CAMELLIA_ROUNDSM(io[0],io[1], 1022 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1023 io[2],io[3],il,ir,t0,t1); 1024 CAMELLIA_ROUNDSM(io[2],io[3], 1025 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1026 io[0],io[1],il,ir,t0,t1); 1027 1028 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1029 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1030 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1031 t0,t1,il,ir); 1032 1033 CAMELLIA_ROUNDSM(io[0],io[1], 1034 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1035 io[2],io[3],il,ir,t0,t1); 1036 CAMELLIA_ROUNDSM(io[2],io[3], 1037 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1038 io[0],io[1],il,ir,t0,t1); 1039 CAMELLIA_ROUNDSM(io[0],io[1], 1040 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1041 io[2],io[3],il,ir,t0,t1); 1042 CAMELLIA_ROUNDSM(io[2],io[3], 1043 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1044 io[0],io[1],il,ir,t0,t1); 1045 CAMELLIA_ROUNDSM(io[0],io[1], 1046 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1047 io[2],io[3],il,ir,t0,t1); 1048 CAMELLIA_ROUNDSM(io[2],io[3], 1049 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1050 io[0],io[1],il,ir,t0,t1); 1051 1052 /* post whitening but kw4 */ 1053 io[2] ^= CamelliaSubkeyL(24); 1054 io[3] ^= CamelliaSubkeyR(24); 1055 1056 t0 = io[0]; 1057 t1 = io[1]; 1058 io[0] = io[2]; 1059 io[1] = io[3]; 1060 io[2] = t0; 1061 io[3] = t1; 1062 1063 return; 1064} 1065 1066static void camellia_decrypt128(const u32 *subkey, u32 *io) 1067{ 1068 u32 il,ir,t0,t1; /* temporary valiables */ 1069 1070 /* pre whitening but absorb kw2*/ 1071 io[0] ^= CamelliaSubkeyL(24); 1072 io[1] ^= CamelliaSubkeyR(24); 1073 1074 /* main iteration */ 1075 CAMELLIA_ROUNDSM(io[0],io[1], 1076 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1077 io[2],io[3],il,ir,t0,t1); 1078 CAMELLIA_ROUNDSM(io[2],io[3], 1079 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1080 io[0],io[1],il,ir,t0,t1); 1081 CAMELLIA_ROUNDSM(io[0],io[1], 1082 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1083 io[2],io[3],il,ir,t0,t1); 1084 CAMELLIA_ROUNDSM(io[2],io[3], 1085 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1086 io[0],io[1],il,ir,t0,t1); 1087 CAMELLIA_ROUNDSM(io[0],io[1], 1088 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1089 io[2],io[3],il,ir,t0,t1); 1090 CAMELLIA_ROUNDSM(io[2],io[3], 1091 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1092 io[0],io[1],il,ir,t0,t1); 1093 1094 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1095 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1096 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1097 t0,t1,il,ir); 1098 1099 CAMELLIA_ROUNDSM(io[0],io[1], 1100 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1101 io[2],io[3],il,ir,t0,t1); 1102 CAMELLIA_ROUNDSM(io[2],io[3], 1103 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1104 io[0],io[1],il,ir,t0,t1); 1105 CAMELLIA_ROUNDSM(io[0],io[1], 1106 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1107 io[2],io[3],il,ir,t0,t1); 1108 CAMELLIA_ROUNDSM(io[2],io[3], 1109 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1110 io[0],io[1],il,ir,t0,t1); 1111 CAMELLIA_ROUNDSM(io[0],io[1], 1112 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1113 io[2],io[3],il,ir,t0,t1); 1114 CAMELLIA_ROUNDSM(io[2],io[3], 1115 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1116 io[0],io[1],il,ir,t0,t1); 1117 1118 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1119 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1120 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1121 t0,t1,il,ir); 1122 1123 CAMELLIA_ROUNDSM(io[0],io[1], 1124 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1125 io[2],io[3],il,ir,t0,t1); 1126 CAMELLIA_ROUNDSM(io[2],io[3], 1127 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1128 io[0],io[1],il,ir,t0,t1); 1129 CAMELLIA_ROUNDSM(io[0],io[1], 1130 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1131 io[2],io[3],il,ir,t0,t1); 1132 CAMELLIA_ROUNDSM(io[2],io[3], 1133 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1134 io[0],io[1],il,ir,t0,t1); 1135 CAMELLIA_ROUNDSM(io[0],io[1], 1136 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1137 io[2],io[3],il,ir,t0,t1); 1138 CAMELLIA_ROUNDSM(io[2],io[3], 1139 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1140 io[0],io[1],il,ir,t0,t1); 1141 1142 /* post whitening but kw4 */ 1143 io[2] ^= CamelliaSubkeyL(0); 1144 io[3] ^= CamelliaSubkeyR(0); 1145 1146 t0 = io[0]; 1147 t1 = io[1]; 1148 io[0] = io[2]; 1149 io[1] = io[3]; 1150 io[2] = t0; 1151 io[3] = t1; 1152 1153 return; 1154} 1155 1156/** 1157 * stuff for 192 and 256bit encryption/decryption 1158 */ 1159static void camellia_encrypt256(const u32 *subkey, u32 *io) 1160{ 1161 u32 il,ir,t0,t1; /* temporary valiables */ 1162 1163 /* pre whitening but absorb kw2*/ 1164 io[0] ^= CamelliaSubkeyL(0); 1165 io[1] ^= CamelliaSubkeyR(0); 1166 1167 /* main iteration */ 1168 CAMELLIA_ROUNDSM(io[0],io[1], 1169 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1170 io[2],io[3],il,ir,t0,t1); 1171 CAMELLIA_ROUNDSM(io[2],io[3], 1172 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1173 io[0],io[1],il,ir,t0,t1); 1174 CAMELLIA_ROUNDSM(io[0],io[1], 1175 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1176 io[2],io[3],il,ir,t0,t1); 1177 CAMELLIA_ROUNDSM(io[2],io[3], 1178 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1179 io[0],io[1],il,ir,t0,t1); 1180 CAMELLIA_ROUNDSM(io[0],io[1], 1181 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1182 io[2],io[3],il,ir,t0,t1); 1183 CAMELLIA_ROUNDSM(io[2],io[3], 1184 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1185 io[0],io[1],il,ir,t0,t1); 1186 1187 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1188 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1189 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1190 t0,t1,il,ir); 1191 1192 CAMELLIA_ROUNDSM(io[0],io[1], 1193 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1194 io[2],io[3],il,ir,t0,t1); 1195 CAMELLIA_ROUNDSM(io[2],io[3], 1196 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1197 io[0],io[1],il,ir,t0,t1); 1198 CAMELLIA_ROUNDSM(io[0],io[1], 1199 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1200 io[2],io[3],il,ir,t0,t1); 1201 CAMELLIA_ROUNDSM(io[2],io[3], 1202 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1203 io[0],io[1],il,ir,t0,t1); 1204 CAMELLIA_ROUNDSM(io[0],io[1], 1205 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1206 io[2],io[3],il,ir,t0,t1); 1207 CAMELLIA_ROUNDSM(io[2],io[3], 1208 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1209 io[0],io[1],il,ir,t0,t1); 1210 1211 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1212 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1213 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1214 t0,t1,il,ir); 1215 1216 CAMELLIA_ROUNDSM(io[0],io[1], 1217 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1218 io[2],io[3],il,ir,t0,t1); 1219 CAMELLIA_ROUNDSM(io[2],io[3], 1220 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1221 io[0],io[1],il,ir,t0,t1); 1222 CAMELLIA_ROUNDSM(io[0],io[1], 1223 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1224 io[2],io[3],il,ir,t0,t1); 1225 CAMELLIA_ROUNDSM(io[2],io[3], 1226 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1227 io[0],io[1],il,ir,t0,t1); 1228 CAMELLIA_ROUNDSM(io[0],io[1], 1229 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1230 io[2],io[3],il,ir,t0,t1); 1231 CAMELLIA_ROUNDSM(io[2],io[3], 1232 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1233 io[0],io[1],il,ir,t0,t1); 1234 1235 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1236 CamelliaSubkeyL(24),CamelliaSubkeyR(24), 1237 CamelliaSubkeyL(25),CamelliaSubkeyR(25), 1238 t0,t1,il,ir); 1239 1240 CAMELLIA_ROUNDSM(io[0],io[1], 1241 CamelliaSubkeyL(26),CamelliaSubkeyR(26), 1242 io[2],io[3],il,ir,t0,t1); 1243 CAMELLIA_ROUNDSM(io[2],io[3], 1244 CamelliaSubkeyL(27),CamelliaSubkeyR(27), 1245 io[0],io[1],il,ir,t0,t1); 1246 CAMELLIA_ROUNDSM(io[0],io[1], 1247 CamelliaSubkeyL(28),CamelliaSubkeyR(28), 1248 io[2],io[3],il,ir,t0,t1); 1249 CAMELLIA_ROUNDSM(io[2],io[3], 1250 CamelliaSubkeyL(29),CamelliaSubkeyR(29), 1251 io[0],io[1],il,ir,t0,t1); 1252 CAMELLIA_ROUNDSM(io[0],io[1], 1253 CamelliaSubkeyL(30),CamelliaSubkeyR(30), 1254 io[2],io[3],il,ir,t0,t1); 1255 CAMELLIA_ROUNDSM(io[2],io[3], 1256 CamelliaSubkeyL(31),CamelliaSubkeyR(31), 1257 io[0],io[1],il,ir,t0,t1); 1258 1259 /* post whitening but kw4 */ 1260 io[2] ^= CamelliaSubkeyL(32); 1261 io[3] ^= CamelliaSubkeyR(32); 1262 1263 t0 = io[0]; 1264 t1 = io[1]; 1265 io[0] = io[2]; 1266 io[1] = io[3]; 1267 io[2] = t0; 1268 io[3] = t1; 1269 1270 return; 1271} 1272 1273static void camellia_decrypt256(const u32 *subkey, u32 *io) 1274{ 1275 u32 il,ir,t0,t1; /* temporary valiables */ 1276 1277 /* pre whitening but absorb kw2*/ 1278 io[0] ^= CamelliaSubkeyL(32); 1279 io[1] ^= CamelliaSubkeyR(32); 1280 1281 /* main iteration */ 1282 CAMELLIA_ROUNDSM(io[0],io[1], 1283 CamelliaSubkeyL(31),CamelliaSubkeyR(31), 1284 io[2],io[3],il,ir,t0,t1); 1285 CAMELLIA_ROUNDSM(io[2],io[3], 1286 CamelliaSubkeyL(30),CamelliaSubkeyR(30), 1287 io[0],io[1],il,ir,t0,t1); 1288 CAMELLIA_ROUNDSM(io[0],io[1], 1289 CamelliaSubkeyL(29),CamelliaSubkeyR(29), 1290 io[2],io[3],il,ir,t0,t1); 1291 CAMELLIA_ROUNDSM(io[2],io[3], 1292 CamelliaSubkeyL(28),CamelliaSubkeyR(28), 1293 io[0],io[1],il,ir,t0,t1); 1294 CAMELLIA_ROUNDSM(io[0],io[1], 1295 CamelliaSubkeyL(27),CamelliaSubkeyR(27), 1296 io[2],io[3],il,ir,t0,t1); 1297 CAMELLIA_ROUNDSM(io[2],io[3], 1298 CamelliaSubkeyL(26),CamelliaSubkeyR(26), 1299 io[0],io[1],il,ir,t0,t1); 1300 1301 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1302 CamelliaSubkeyL(25),CamelliaSubkeyR(25), 1303 CamelliaSubkeyL(24),CamelliaSubkeyR(24), 1304 t0,t1,il,ir); 1305 1306 CAMELLIA_ROUNDSM(io[0],io[1], 1307 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1308 io[2],io[3],il,ir,t0,t1); 1309 CAMELLIA_ROUNDSM(io[2],io[3], 1310 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1311 io[0],io[1],il,ir,t0,t1); 1312 CAMELLIA_ROUNDSM(io[0],io[1], 1313 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1314 io[2],io[3],il,ir,t0,t1); 1315 CAMELLIA_ROUNDSM(io[2],io[3], 1316 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1317 io[0],io[1],il,ir,t0,t1); 1318 CAMELLIA_ROUNDSM(io[0],io[1], 1319 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1320 io[2],io[3],il,ir,t0,t1); 1321 CAMELLIA_ROUNDSM(io[2],io[3], 1322 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1323 io[0],io[1],il,ir,t0,t1); 1324 1325 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1326 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1327 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1328 t0,t1,il,ir); 1329 1330 CAMELLIA_ROUNDSM(io[0],io[1], 1331 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1332 io[2],io[3],il,ir,t0,t1); 1333 CAMELLIA_ROUNDSM(io[2],io[3], 1334 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1335 io[0],io[1],il,ir,t0,t1); 1336 CAMELLIA_ROUNDSM(io[0],io[1], 1337 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1338 io[2],io[3],il,ir,t0,t1); 1339 CAMELLIA_ROUNDSM(io[2],io[3], 1340 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1341 io[0],io[1],il,ir,t0,t1); 1342 CAMELLIA_ROUNDSM(io[0],io[1], 1343 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1344 io[2],io[3],il,ir,t0,t1); 1345 CAMELLIA_ROUNDSM(io[2],io[3], 1346 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1347 io[0],io[1],il,ir,t0,t1); 1348 1349 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1350 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1351 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1352 t0,t1,il,ir); 1353 1354 CAMELLIA_ROUNDSM(io[0],io[1], 1355 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1356 io[2],io[3],il,ir,t0,t1); 1357 CAMELLIA_ROUNDSM(io[2],io[3], 1358 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1359 io[0],io[1],il,ir,t0,t1); 1360 CAMELLIA_ROUNDSM(io[0],io[1], 1361 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1362 io[2],io[3],il,ir,t0,t1); 1363 CAMELLIA_ROUNDSM(io[2],io[3], 1364 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1365 io[0],io[1],il,ir,t0,t1); 1366 CAMELLIA_ROUNDSM(io[0],io[1], 1367 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1368 io[2],io[3],il,ir,t0,t1); 1369 CAMELLIA_ROUNDSM(io[2],io[3], 1370 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1371 io[0],io[1],il,ir,t0,t1); 1372 1373 /* post whitening but kw4 */ 1374 io[2] ^= CamelliaSubkeyL(0); 1375 io[3] ^= CamelliaSubkeyR(0); 1376 1377 t0 = io[0]; 1378 t1 = io[1]; 1379 io[0] = io[2]; 1380 io[1] = io[3]; 1381 io[2] = t0; 1382 io[3] = t1; 1383 1384 return; 1385} 1386 1387/*** 1388 * 1389 * API for compatibility 1390 */ 1391 1392void Camellia_Ekeygen(const int keyBitLength, 1393 const unsigned char *rawKey, 1394 KEY_TABLE_TYPE keyTable) 1395{ 1396 switch(keyBitLength) { 1397 case 128: 1398 camellia_setup128(rawKey, keyTable); 1399 break; 1400 case 192: 1401 camellia_setup192(rawKey, keyTable); 1402 break; 1403 case 256: 1404 camellia_setup256(rawKey, keyTable); 1405 break; 1406 default: 1407 break; 1408 } 1409} 1410 1411 1412void Camellia_EncryptBlock(const int keyBitLength, 1413 const unsigned char *plaintext, 1414 const KEY_TABLE_TYPE keyTable, 1415 unsigned char *ciphertext) 1416{ 1417 u32 tmp[4]; 1418 1419 tmp[0] = GETU32(plaintext); 1420 tmp[1] = GETU32(plaintext + 4); 1421 tmp[2] = GETU32(plaintext + 8); 1422 tmp[3] = GETU32(plaintext + 12); 1423 1424 switch (keyBitLength) { 1425 case 128: 1426 camellia_encrypt128(keyTable, tmp); 1427 break; 1428 case 192: 1429 /* fall through */ 1430 case 256: 1431 camellia_encrypt256(keyTable, tmp); 1432 break; 1433 default: 1434 break; 1435 } 1436 1437 PUTU32(ciphertext, tmp[0]); 1438 PUTU32(ciphertext + 4, tmp[1]); 1439 PUTU32(ciphertext + 8, tmp[2]); 1440 PUTU32(ciphertext + 12, tmp[3]); 1441} 1442 1443void Camellia_DecryptBlock(const int keyBitLength, 1444 const unsigned char *ciphertext, 1445 const KEY_TABLE_TYPE keyTable, 1446 unsigned char *plaintext) 1447{ 1448 u32 tmp[4]; 1449 1450 tmp[0] = GETU32(ciphertext); 1451 tmp[1] = GETU32(ciphertext + 4); 1452 tmp[2] = GETU32(ciphertext + 8); 1453 tmp[3] = GETU32(ciphertext + 12); 1454 1455 switch (keyBitLength) { 1456 case 128: 1457 camellia_decrypt128(keyTable, tmp); 1458 break; 1459 case 192: 1460 /* fall through */ 1461 case 256: 1462 camellia_decrypt256(keyTable, tmp); 1463 break; 1464 default: 1465 break; 1466 } 1467 PUTU32(plaintext, tmp[0]); 1468 PUTU32(plaintext + 4, tmp[1]); 1469 PUTU32(plaintext + 8, tmp[2]); 1470 PUTU32(plaintext + 12, tmp[3]); 1471} 1472