1/* camellia.h ver 1.2.0 2 * 3 * Copyright (C) 2006,2007 4 * NTT (Nippon Telegraph and Telephone Corporation). 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21/* 22 * Algorithm Specification 23 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 24 */ 25 26#include <string.h> 27#include <stdlib.h> 28 29#include "camellia.h" 30 31/* u32 must be 32bit word */ 32typedef unsigned int u32; 33typedef unsigned char u8; 34 35/* key constants */ 36 37#define CAMELLIA_SIGMA1L (0xA09E667FL) 38#define CAMELLIA_SIGMA1R (0x3BCC908BL) 39#define CAMELLIA_SIGMA2L (0xB67AE858L) 40#define CAMELLIA_SIGMA2R (0x4CAA73B2L) 41#define CAMELLIA_SIGMA3L (0xC6EF372FL) 42#define CAMELLIA_SIGMA3R (0xE94F82BEL) 43#define CAMELLIA_SIGMA4L (0x54FF53A5L) 44#define CAMELLIA_SIGMA4R (0xF1D36F1CL) 45#define CAMELLIA_SIGMA5L (0x10E527FAL) 46#define CAMELLIA_SIGMA5R (0xDE682D1DL) 47#define CAMELLIA_SIGMA6L (0xB05688C2L) 48#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 49 50/* 51 * macros 52 */ 53 54 55#if defined(_MSC_VER) 56 57# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) 58# define GETU32(p) SWAP(*((u32 *)(p))) 59# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));} 60 61#else /* not MS-VC */ 62 63# define GETU32(pt) \ 64 (((u32)(pt)[0] << 24) \ 65 ^ ((u32)(pt)[1] << 16) \ 66 ^ ((u32)(pt)[2] << 8) \ 67 ^ ((u32)(pt)[3])) 68 69# define PUTU32(ct, st) { \ 70 (ct)[0] = (u8)((st) >> 24); \ 71 (ct)[1] = (u8)((st) >> 16); \ 72 (ct)[2] = (u8)((st) >> 8); \ 73 (ct)[3] = (u8)(st); } 74 75#endif 76 77#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) 78#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) 79 80/* rotation right shift 1byte */ 81#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 82/* rotation left shift 1bit */ 83#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 84/* rotation left shift 1byte */ 85#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 86 87#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 88 do { \ 89 w0 = ll; \ 90 ll = (ll << bits) + (lr >> (32 - bits)); \ 91 lr = (lr << bits) + (rl >> (32 - bits)); \ 92 rl = (rl << bits) + (rr >> (32 - bits)); \ 93 rr = (rr << bits) + (w0 >> (32 - bits)); \ 94 } while(0) 95 96#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 97 do { \ 98 w0 = ll; \ 99 w1 = lr; \ 100 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 101 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 102 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 103 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 104 } while(0) 105 106#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 107#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 108#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 109#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 110 111#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 112 do { \ 113 il = xl ^ kl; \ 114 ir = xr ^ kr; \ 115 t0 = il >> 16; \ 116 t1 = ir >> 16; \ 117 yl = CAMELLIA_SP1110(ir & 0xff) \ 118 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 119 ^ CAMELLIA_SP3033(t1 & 0xff) \ 120 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 121 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 122 ^ CAMELLIA_SP0222(t0 & 0xff) \ 123 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 124 ^ CAMELLIA_SP4404(il & 0xff); \ 125 yl ^= yr; \ 126 yr = CAMELLIA_RR8(yr); \ 127 yr ^= yl; \ 128 } while(0) 129 130 131/* 132 * for speed up 133 * 134 */ 135#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 136 do { \ 137 t0 = kll; \ 138 t0 &= ll; \ 139 lr ^= CAMELLIA_RL1(t0); \ 140 t1 = klr; \ 141 t1 |= lr; \ 142 ll ^= t1; \ 143 \ 144 t2 = krr; \ 145 t2 |= rr; \ 146 rl ^= t2; \ 147 t3 = krl; \ 148 t3 &= rl; \ 149 rr ^= CAMELLIA_RL1(t3); \ 150 } while(0) 151 152#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 153 do { \ 154 ir = CAMELLIA_SP1110(xr & 0xff) \ 155 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \ 156 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \ 157 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \ 158 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \ 159 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \ 160 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \ 161 ^ CAMELLIA_SP4404(xl & 0xff); \ 162 il ^= kl; \ 163 ir ^= kr; \ 164 ir ^= il; \ 165 il = CAMELLIA_RR8(il); \ 166 il ^= ir; \ 167 yl ^= ir; \ 168 yr ^= il; \ 169 } while(0) 170 171 172static const u32 camellia_sp1110[256] = { 173 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 174 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 175 0xe4e4e400,0x85858500,0x57575700,0x35353500, 176 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 177 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 178 0x45454500,0x19191900,0xa5a5a500,0x21212100, 179 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 180 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 181 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 182 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 183 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 184 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 185 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 186 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 187 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 188 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 189 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 190 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 191 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 192 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 193 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 194 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 195 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 196 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 197 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 198 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 199 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 200 0x53535300,0x18181800,0xf2f2f200,0x22222200, 201 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 202 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 203 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 204 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 205 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 206 0xa1a1a100,0x89898900,0x62626200,0x97979700, 207 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 208 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 209 0x10101000,0xc4c4c400,0x00000000,0x48484800, 210 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 211 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 212 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 213 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 214 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 215 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 216 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 217 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 218 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 219 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 220 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 221 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 222 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 223 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 224 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 225 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 226 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 227 0xd4d4d400,0x25252500,0xababab00,0x42424200, 228 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 229 0x72727200,0x07070700,0xb9b9b900,0x55555500, 230 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 231 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 232 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 233 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 234 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 235 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 236 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 237}; 238 239static const u32 camellia_sp0222[256] = { 240 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 241 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 242 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 243 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 244 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 245 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 246 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 247 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 248 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 249 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 250 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 251 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 252 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 253 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 254 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 255 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 256 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 257 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 258 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 259 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 260 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 261 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 262 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 263 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 264 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 265 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 266 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 267 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 268 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 269 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 270 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 271 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 272 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 273 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 274 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 275 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 276 0x00202020,0x00898989,0x00000000,0x00909090, 277 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 278 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 279 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 280 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 281 0x009b9b9b,0x00949494,0x00212121,0x00666666, 282 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 283 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 284 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 285 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 286 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 287 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 288 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 289 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 290 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 291 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 292 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 293 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 294 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 295 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 296 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 297 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 298 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 299 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 300 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 301 0x00777777,0x00939393,0x00868686,0x00838383, 302 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 303 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 304}; 305 306static const u32 camellia_sp3033[256] = { 307 0x38003838,0x41004141,0x16001616,0x76007676, 308 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 309 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 310 0x75007575,0x06000606,0x57005757,0xa000a0a0, 311 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 312 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 313 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 314 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 315 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 316 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 317 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 318 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 319 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 320 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 321 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 322 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 323 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 324 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 325 0x3a003a3a,0x09000909,0x95009595,0x10001010, 326 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 327 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 328 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 329 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 330 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 331 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 332 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 333 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 334 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 335 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 336 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 337 0x12001212,0x04000404,0x74007474,0x54005454, 338 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 339 0x55005555,0x68006868,0x50005050,0xbe00bebe, 340 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 341 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 342 0x70007070,0xff00ffff,0x32003232,0x69006969, 343 0x08000808,0x62006262,0x00000000,0x24002424, 344 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 345 0x45004545,0x81008181,0x73007373,0x6d006d6d, 346 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 347 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 348 0xe600e6e6,0x25002525,0x48004848,0x99009999, 349 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 350 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 351 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 352 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 353 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 354 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 355 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 356 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 357 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 358 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 359 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 360 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 361 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 362 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 363 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 364 0x7c007c7c,0x77007777,0x56005656,0x05000505, 365 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 366 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 367 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 368 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 369 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 370 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 371}; 372 373static const u32 camellia_sp4404[256] = { 374 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 375 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 376 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 377 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 378 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 379 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 380 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 381 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 382 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 383 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 384 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 385 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 386 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 387 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 388 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 389 0x24240024,0xe8e800e8,0x60600060,0x69690069, 390 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 391 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 392 0x10100010,0x00000000,0xa3a300a3,0x75750075, 393 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 394 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 395 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 396 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 397 0x81810081,0x6f6f006f,0x13130013,0x63630063, 398 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 399 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 400 0x78780078,0x06060006,0xe7e700e7,0x71710071, 401 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 402 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 403 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 404 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 405 0x15150015,0xadad00ad,0x77770077,0x80800080, 406 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 407 0x85850085,0x35350035,0x0c0c000c,0x41410041, 408 0xefef00ef,0x93930093,0x19190019,0x21210021, 409 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 410 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 411 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 412 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 413 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 414 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 415 0x12120012,0x20200020,0xb1b100b1,0x99990099, 416 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 417 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 418 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 419 0x0f0f000f,0x16160016,0x18180018,0x22220022, 420 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 421 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 422 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 423 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 424 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 425 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 426 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 427 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 428 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 429 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 430 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 431 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 432 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 433 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 434 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 435 0x49490049,0x68680068,0x38380038,0xa4a400a4, 436 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 437 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 438}; 439 440 441/** 442 * Stuff related to the Camellia key schedule 443 */ 444#define subl(x) subL[(x)] 445#define subr(x) subR[(x)] 446 447void camellia_setup128(const unsigned char *key, u32 *subkey) 448{ 449 u32 kll, klr, krl, krr; 450 u32 il, ir, t0, t1, w0, w1; 451 u32 kw4l, kw4r, dw, tl, tr; 452 u32 subL[26]; 453 u32 subR[26]; 454 455 /** 456 * k == kll || klr || krl || krr (|| is concatination) 457 */ 458 kll = GETU32(key ); 459 klr = GETU32(key + 4); 460 krl = GETU32(key + 8); 461 krr = GETU32(key + 12); 462 /** 463 * generate KL dependent subkeys 464 */ 465 subl(0) = kll; subr(0) = klr; 466 subl(1) = krl; subr(1) = krr; 467 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 468 subl(4) = kll; subr(4) = klr; 469 subl(5) = krl; subr(5) = krr; 470 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 471 subl(10) = kll; subr(10) = klr; 472 subl(11) = krl; subr(11) = krr; 473 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 474 subl(13) = krl; subr(13) = krr; 475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 476 subl(16) = kll; subr(16) = klr; 477 subl(17) = krl; subr(17) = krr; 478 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 479 subl(18) = kll; subr(18) = klr; 480 subl(19) = krl; subr(19) = krr; 481 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 482 subl(22) = kll; subr(22) = klr; 483 subl(23) = krl; subr(23) = krr; 484 485 /* generate KA */ 486 kll = subl(0); klr = subr(0); 487 krl = subl(1); krr = subr(1); 488 CAMELLIA_F(kll, klr, 489 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 490 w0, w1, il, ir, t0, t1); 491 krl ^= w0; krr ^= w1; 492 CAMELLIA_F(krl, krr, 493 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 494 kll, klr, il, ir, t0, t1); 495 CAMELLIA_F(kll, klr, 496 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 497 krl, krr, il, ir, t0, t1); 498 krl ^= w0; krr ^= w1; 499 CAMELLIA_F(krl, krr, 500 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 501 w0, w1, il, ir, t0, t1); 502 kll ^= w0; klr ^= w1; 503 504 /* generate KA dependent subkeys */ 505 subl(2) = kll; subr(2) = klr; 506 subl(3) = krl; subr(3) = krr; 507 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 508 subl(6) = kll; subr(6) = klr; 509 subl(7) = krl; subr(7) = krr; 510 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 511 subl(8) = kll; subr(8) = klr; 512 subl(9) = krl; subr(9) = krr; 513 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 514 subl(12) = kll; subr(12) = klr; 515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 516 subl(14) = kll; subr(14) = klr; 517 subl(15) = krl; subr(15) = krr; 518 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 519 subl(20) = kll; subr(20) = klr; 520 subl(21) = krl; subr(21) = krr; 521 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 522 subl(24) = kll; subr(24) = klr; 523 subl(25) = krl; subr(25) = krr; 524 525 526 /* absorb kw2 to other subkeys */ 527 subl(3) ^= subl(1); subr(3) ^= subr(1); 528 subl(5) ^= subl(1); subr(5) ^= subr(1); 529 subl(7) ^= subl(1); subr(7) ^= subr(1); 530 subl(1) ^= subr(1) & ~subr(9); 531 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 532 subl(11) ^= subl(1); subr(11) ^= subr(1); 533 subl(13) ^= subl(1); subr(13) ^= subr(1); 534 subl(15) ^= subl(1); subr(15) ^= subr(1); 535 subl(1) ^= subr(1) & ~subr(17); 536 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 537 subl(19) ^= subl(1); subr(19) ^= subr(1); 538 subl(21) ^= subl(1); subr(21) ^= subr(1); 539 subl(23) ^= subl(1); subr(23) ^= subr(1); 540 subl(24) ^= subl(1); subr(24) ^= subr(1); 541 542 /* absorb kw4 to other subkeys */ 543 kw4l = subl(25); kw4r = subr(25); 544 subl(22) ^= kw4l; subr(22) ^= kw4r; 545 subl(20) ^= kw4l; subr(20) ^= kw4r; 546 subl(18) ^= kw4l; subr(18) ^= kw4r; 547 kw4l ^= kw4r & ~subr(16); 548 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 549 subl(14) ^= kw4l; subr(14) ^= kw4r; 550 subl(12) ^= kw4l; subr(12) ^= kw4r; 551 subl(10) ^= kw4l; subr(10) ^= kw4r; 552 kw4l ^= kw4r & ~subr(8); 553 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 554 subl(6) ^= kw4l; subr(6) ^= kw4r; 555 subl(4) ^= kw4l; subr(4) ^= kw4r; 556 subl(2) ^= kw4l; subr(2) ^= kw4r; 557 subl(0) ^= kw4l; subr(0) ^= kw4r; 558 559 /* key XOR is end of F-function */ 560 CamelliaSubkeyL(0) = subl(0) ^ subl(2); 561 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 562 CamelliaSubkeyL(2) = subl(3); 563 CamelliaSubkeyR(2) = subr(3); 564 CamelliaSubkeyL(3) = subl(2) ^ subl(4); 565 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 566 CamelliaSubkeyL(4) = subl(3) ^ subl(5); 567 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 568 CamelliaSubkeyL(5) = subl(4) ^ subl(6); 569 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 570 CamelliaSubkeyL(6) = subl(5) ^ subl(7); 571 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 572 tl = subl(10) ^ (subr(10) & ~subr(8)); 573 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 574 CamelliaSubkeyL(7) = subl(6) ^ tl; 575 CamelliaSubkeyR(7) = subr(6) ^ tr; 576 CamelliaSubkeyL(8) = subl(8); 577 CamelliaSubkeyR(8) = subr(8); 578 CamelliaSubkeyL(9) = subl(9); 579 CamelliaSubkeyR(9) = subr(9); 580 tl = subl(7) ^ (subr(7) & ~subr(9)); 581 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 582 CamelliaSubkeyL(10) = tl ^ subl(11); 583 CamelliaSubkeyR(10) = tr ^ subr(11); 584 CamelliaSubkeyL(11) = subl(10) ^ subl(12); 585 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 586 CamelliaSubkeyL(12) = subl(11) ^ subl(13); 587 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 588 CamelliaSubkeyL(13) = subl(12) ^ subl(14); 589 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 590 CamelliaSubkeyL(14) = subl(13) ^ subl(15); 591 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 592 tl = subl(18) ^ (subr(18) & ~subr(16)); 593 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 594 CamelliaSubkeyL(15) = subl(14) ^ tl; 595 CamelliaSubkeyR(15) = subr(14) ^ tr; 596 CamelliaSubkeyL(16) = subl(16); 597 CamelliaSubkeyR(16) = subr(16); 598 CamelliaSubkeyL(17) = subl(17); 599 CamelliaSubkeyR(17) = subr(17); 600 tl = subl(15) ^ (subr(15) & ~subr(17)); 601 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 602 CamelliaSubkeyL(18) = tl ^ subl(19); 603 CamelliaSubkeyR(18) = tr ^ subr(19); 604 CamelliaSubkeyL(19) = subl(18) ^ subl(20); 605 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 606 CamelliaSubkeyL(20) = subl(19) ^ subl(21); 607 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 608 CamelliaSubkeyL(21) = subl(20) ^ subl(22); 609 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 610 CamelliaSubkeyL(22) = subl(21) ^ subl(23); 611 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 612 CamelliaSubkeyL(23) = subl(22); 613 CamelliaSubkeyR(23) = subr(22); 614 CamelliaSubkeyL(24) = subl(24) ^ subl(23); 615 CamelliaSubkeyR(24) = subr(24) ^ subr(23); 616 617 /* apply the inverse of the last half of P-function */ 618 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); 619 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; 620 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); 621 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; 622 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); 623 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; 624 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); 625 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; 626 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); 627 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; 628 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); 629 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; 630 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); 631 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; 632 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); 633 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; 634 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); 635 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; 636 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); 637 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; 638 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); 639 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; 640 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); 641 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; 642 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); 643 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; 644 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); 645 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; 646 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); 647 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; 648 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); 649 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; 650 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); 651 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; 652 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); 653 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; 654 655 return; 656} 657 658void camellia_setup256(const unsigned char *key, u32 *subkey) 659{ 660 u32 kll,klr,krl,krr; /* left half of key */ 661 u32 krll,krlr,krrl,krrr; /* right half of key */ 662 u32 il, ir, t0, t1, w0, w1; /* temporary variables */ 663 u32 kw4l, kw4r, dw, tl, tr; 664 u32 subL[34]; 665 u32 subR[34]; 666 667 /** 668 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 669 * (|| is concatination) 670 */ 671 672 kll = GETU32(key ); 673 klr = GETU32(key + 4); 674 krl = GETU32(key + 8); 675 krr = GETU32(key + 12); 676 krll = GETU32(key + 16); 677 krlr = GETU32(key + 20); 678 krrl = GETU32(key + 24); 679 krrr = GETU32(key + 28); 680 681 /* generate KL dependent subkeys */ 682 subl(0) = kll; subr(0) = klr; 683 subl(1) = krl; subr(1) = krr; 684 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 685 subl(12) = kll; subr(12) = klr; 686 subl(13) = krl; subr(13) = krr; 687 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 688 subl(16) = kll; subr(16) = klr; 689 subl(17) = krl; subr(17) = krr; 690 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 691 subl(22) = kll; subr(22) = klr; 692 subl(23) = krl; subr(23) = krr; 693 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 694 subl(30) = kll; subr(30) = klr; 695 subl(31) = krl; subr(31) = krr; 696 697 /* generate KR dependent subkeys */ 698 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 699 subl(4) = krll; subr(4) = krlr; 700 subl(5) = krrl; subr(5) = krrr; 701 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 702 subl(8) = krll; subr(8) = krlr; 703 subl(9) = krrl; subr(9) = krrr; 704 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 705 subl(18) = krll; subr(18) = krlr; 706 subl(19) = krrl; subr(19) = krrr; 707 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 708 subl(26) = krll; subr(26) = krlr; 709 subl(27) = krrl; subr(27) = krrr; 710 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 711 712 /* generate KA */ 713 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 714 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 715 CAMELLIA_F(kll, klr, 716 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 717 w0, w1, il, ir, t0, t1); 718 krl ^= w0; krr ^= w1; 719 CAMELLIA_F(krl, krr, 720 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 721 kll, klr, il, ir, t0, t1); 722 kll ^= krll; klr ^= krlr; 723 CAMELLIA_F(kll, klr, 724 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 725 krl, krr, il, ir, t0, t1); 726 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 727 CAMELLIA_F(krl, krr, 728 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 729 w0, w1, il, ir, t0, t1); 730 kll ^= w0; klr ^= w1; 731 732 /* generate KB */ 733 krll ^= kll; krlr ^= klr; 734 krrl ^= krl; krrr ^= krr; 735 CAMELLIA_F(krll, krlr, 736 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 737 w0, w1, il, ir, t0, t1); 738 krrl ^= w0; krrr ^= w1; 739 CAMELLIA_F(krrl, krrr, 740 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 741 w0, w1, il, ir, t0, t1); 742 krll ^= w0; krlr ^= w1; 743 744 /* generate KA dependent subkeys */ 745 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 746 subl(6) = kll; subr(6) = klr; 747 subl(7) = krl; subr(7) = krr; 748 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 749 subl(14) = kll; subr(14) = klr; 750 subl(15) = krl; subr(15) = krr; 751 subl(24) = klr; subr(24) = krl; 752 subl(25) = krr; subr(25) = kll; 753 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 754 subl(28) = kll; subr(28) = klr; 755 subl(29) = krl; subr(29) = krr; 756 757 /* generate KB dependent subkeys */ 758 subl(2) = krll; subr(2) = krlr; 759 subl(3) = krrl; subr(3) = krrr; 760 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 761 subl(10) = krll; subr(10) = krlr; 762 subl(11) = krrl; subr(11) = krrr; 763 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 764 subl(20) = krll; subr(20) = krlr; 765 subl(21) = krrl; subr(21) = krrr; 766 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 767 subl(32) = krll; subr(32) = krlr; 768 subl(33) = krrl; subr(33) = krrr; 769 770 /* absorb kw2 to other subkeys */ 771 subl(3) ^= subl(1); subr(3) ^= subr(1); 772 subl(5) ^= subl(1); subr(5) ^= subr(1); 773 subl(7) ^= subl(1); subr(7) ^= subr(1); 774 subl(1) ^= subr(1) & ~subr(9); 775 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 776 subl(11) ^= subl(1); subr(11) ^= subr(1); 777 subl(13) ^= subl(1); subr(13) ^= subr(1); 778 subl(15) ^= subl(1); subr(15) ^= subr(1); 779 subl(1) ^= subr(1) & ~subr(17); 780 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 781 subl(19) ^= subl(1); subr(19) ^= subr(1); 782 subl(21) ^= subl(1); subr(21) ^= subr(1); 783 subl(23) ^= subl(1); subr(23) ^= subr(1); 784 subl(1) ^= subr(1) & ~subr(25); 785 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 786 subl(27) ^= subl(1); subr(27) ^= subr(1); 787 subl(29) ^= subl(1); subr(29) ^= subr(1); 788 subl(31) ^= subl(1); subr(31) ^= subr(1); 789 subl(32) ^= subl(1); subr(32) ^= subr(1); 790 791 /* absorb kw4 to other subkeys */ 792 kw4l = subl(33); kw4r = subr(33); 793 subl(30) ^= kw4l; subr(30) ^= kw4r; 794 subl(28) ^= kw4l; subr(28) ^= kw4r; 795 subl(26) ^= kw4l; subr(26) ^= kw4r; 796 kw4l ^= kw4r & ~subr(24); 797 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 798 subl(22) ^= kw4l; subr(22) ^= kw4r; 799 subl(20) ^= kw4l; subr(20) ^= kw4r; 800 subl(18) ^= kw4l; subr(18) ^= kw4r; 801 kw4l ^= kw4r & ~subr(16); 802 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 803 subl(14) ^= kw4l; subr(14) ^= kw4r; 804 subl(12) ^= kw4l; subr(12) ^= kw4r; 805 subl(10) ^= kw4l; subr(10) ^= kw4r; 806 kw4l ^= kw4r & ~subr(8); 807 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 808 subl(6) ^= kw4l; subr(6) ^= kw4r; 809 subl(4) ^= kw4l; subr(4) ^= kw4r; 810 subl(2) ^= kw4l; subr(2) ^= kw4r; 811 subl(0) ^= kw4l; subr(0) ^= kw4r; 812 813 /* key XOR is end of F-function */ 814 CamelliaSubkeyL(0) = subl(0) ^ subl(2); 815 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 816 CamelliaSubkeyL(2) = subl(3); 817 CamelliaSubkeyR(2) = subr(3); 818 CamelliaSubkeyL(3) = subl(2) ^ subl(4); 819 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 820 CamelliaSubkeyL(4) = subl(3) ^ subl(5); 821 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 822 CamelliaSubkeyL(5) = subl(4) ^ subl(6); 823 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 824 CamelliaSubkeyL(6) = subl(5) ^ subl(7); 825 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 826 tl = subl(10) ^ (subr(10) & ~subr(8)); 827 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 828 CamelliaSubkeyL(7) = subl(6) ^ tl; 829 CamelliaSubkeyR(7) = subr(6) ^ tr; 830 CamelliaSubkeyL(8) = subl(8); 831 CamelliaSubkeyR(8) = subr(8); 832 CamelliaSubkeyL(9) = subl(9); 833 CamelliaSubkeyR(9) = subr(9); 834 tl = subl(7) ^ (subr(7) & ~subr(9)); 835 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 836 CamelliaSubkeyL(10) = tl ^ subl(11); 837 CamelliaSubkeyR(10) = tr ^ subr(11); 838 CamelliaSubkeyL(11) = subl(10) ^ subl(12); 839 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 840 CamelliaSubkeyL(12) = subl(11) ^ subl(13); 841 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 842 CamelliaSubkeyL(13) = subl(12) ^ subl(14); 843 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 844 CamelliaSubkeyL(14) = subl(13) ^ subl(15); 845 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 846 tl = subl(18) ^ (subr(18) & ~subr(16)); 847 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 848 CamelliaSubkeyL(15) = subl(14) ^ tl; 849 CamelliaSubkeyR(15) = subr(14) ^ tr; 850 CamelliaSubkeyL(16) = subl(16); 851 CamelliaSubkeyR(16) = subr(16); 852 CamelliaSubkeyL(17) = subl(17); 853 CamelliaSubkeyR(17) = subr(17); 854 tl = subl(15) ^ (subr(15) & ~subr(17)); 855 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 856 CamelliaSubkeyL(18) = tl ^ subl(19); 857 CamelliaSubkeyR(18) = tr ^ subr(19); 858 CamelliaSubkeyL(19) = subl(18) ^ subl(20); 859 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 860 CamelliaSubkeyL(20) = subl(19) ^ subl(21); 861 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 862 CamelliaSubkeyL(21) = subl(20) ^ subl(22); 863 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 864 CamelliaSubkeyL(22) = subl(21) ^ subl(23); 865 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 866 tl = subl(26) ^ (subr(26) & ~subr(24)); 867 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 868 CamelliaSubkeyL(23) = subl(22) ^ tl; 869 CamelliaSubkeyR(23) = subr(22) ^ tr; 870 CamelliaSubkeyL(24) = subl(24); 871 CamelliaSubkeyR(24) = subr(24); 872 CamelliaSubkeyL(25) = subl(25); 873 CamelliaSubkeyR(25) = subr(25); 874 tl = subl(23) ^ (subr(23) & ~subr(25)); 875 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 876 CamelliaSubkeyL(26) = tl ^ subl(27); 877 CamelliaSubkeyR(26) = tr ^ subr(27); 878 CamelliaSubkeyL(27) = subl(26) ^ subl(28); 879 CamelliaSubkeyR(27) = subr(26) ^ subr(28); 880 CamelliaSubkeyL(28) = subl(27) ^ subl(29); 881 CamelliaSubkeyR(28) = subr(27) ^ subr(29); 882 CamelliaSubkeyL(29) = subl(28) ^ subl(30); 883 CamelliaSubkeyR(29) = subr(28) ^ subr(30); 884 CamelliaSubkeyL(30) = subl(29) ^ subl(31); 885 CamelliaSubkeyR(30) = subr(29) ^ subr(31); 886 CamelliaSubkeyL(31) = subl(30); 887 CamelliaSubkeyR(31) = subr(30); 888 CamelliaSubkeyL(32) = subl(32) ^ subl(31); 889 CamelliaSubkeyR(32) = subr(32) ^ subr(31); 890 891 /* apply the inverse of the last half of P-function */ 892 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); 893 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; 894 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); 895 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; 896 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); 897 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; 898 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); 899 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; 900 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); 901 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; 902 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); 903 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; 904 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); 905 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; 906 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); 907 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; 908 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); 909 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; 910 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); 911 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; 912 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); 913 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; 914 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); 915 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; 916 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); 917 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; 918 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); 919 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; 920 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); 921 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; 922 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); 923 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; 924 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); 925 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; 926 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); 927 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; 928 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); 929 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; 930 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); 931 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; 932 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); 933 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; 934 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); 935 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; 936 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); 937 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; 938 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); 939 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; 940 941 return; 942} 943 944void camellia_setup192(const unsigned char *key, u32 *subkey) 945{ 946 unsigned char kk[32]; 947 u32 krll, krlr, krrl,krrr; 948 949 memcpy(kk, key, 24); 950 memcpy((unsigned char *)&krll, key+16,4); 951 memcpy((unsigned char *)&krlr, key+20,4); 952 krrl = ~krll; 953 krrr = ~krlr; 954 memcpy(kk+24, (unsigned char *)&krrl, 4); 955 memcpy(kk+28, (unsigned char *)&krrr, 4); 956 camellia_setup256(kk, subkey); 957 return; 958} 959 960 961/** 962 * Stuff related to camellia encryption/decryption 963 * 964 * "io" must be 4byte aligned and big-endian data. 965 */ 966void camellia_encrypt128(const u32 *subkey, u32 *io) 967{ 968 u32 il, ir, t0, t1; 969 970 /* pre whitening but absorb kw2*/ 971 io[0] ^= CamelliaSubkeyL(0); 972 io[1] ^= CamelliaSubkeyR(0); 973 /* main iteration */ 974 975 CAMELLIA_ROUNDSM(io[0],io[1], 976 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 977 io[2],io[3],il,ir,t0,t1); 978 CAMELLIA_ROUNDSM(io[2],io[3], 979 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 980 io[0],io[1],il,ir,t0,t1); 981 CAMELLIA_ROUNDSM(io[0],io[1], 982 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 983 io[2],io[3],il,ir,t0,t1); 984 CAMELLIA_ROUNDSM(io[2],io[3], 985 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 986 io[0],io[1],il,ir,t0,t1); 987 CAMELLIA_ROUNDSM(io[0],io[1], 988 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 989 io[2],io[3],il,ir,t0,t1); 990 CAMELLIA_ROUNDSM(io[2],io[3], 991 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 992 io[0],io[1],il,ir,t0,t1); 993 994 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 995 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 996 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 997 t0,t1,il,ir); 998 999 CAMELLIA_ROUNDSM(io[0],io[1], 1000 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1001 io[2],io[3],il,ir,t0,t1); 1002 CAMELLIA_ROUNDSM(io[2],io[3], 1003 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1004 io[0],io[1],il,ir,t0,t1); 1005 CAMELLIA_ROUNDSM(io[0],io[1], 1006 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1007 io[2],io[3],il,ir,t0,t1); 1008 CAMELLIA_ROUNDSM(io[2],io[3], 1009 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1010 io[0],io[1],il,ir,t0,t1); 1011 CAMELLIA_ROUNDSM(io[0],io[1], 1012 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1013 io[2],io[3],il,ir,t0,t1); 1014 CAMELLIA_ROUNDSM(io[2],io[3], 1015 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1016 io[0],io[1],il,ir,t0,t1); 1017 1018 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1019 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1020 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1021 t0,t1,il,ir); 1022 1023 CAMELLIA_ROUNDSM(io[0],io[1], 1024 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1025 io[2],io[3],il,ir,t0,t1); 1026 CAMELLIA_ROUNDSM(io[2],io[3], 1027 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1028 io[0],io[1],il,ir,t0,t1); 1029 CAMELLIA_ROUNDSM(io[0],io[1], 1030 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1031 io[2],io[3],il,ir,t0,t1); 1032 CAMELLIA_ROUNDSM(io[2],io[3], 1033 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1034 io[0],io[1],il,ir,t0,t1); 1035 CAMELLIA_ROUNDSM(io[0],io[1], 1036 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1037 io[2],io[3],il,ir,t0,t1); 1038 CAMELLIA_ROUNDSM(io[2],io[3], 1039 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1040 io[0],io[1],il,ir,t0,t1); 1041 1042 /* post whitening but kw4 */ 1043 io[2] ^= CamelliaSubkeyL(24); 1044 io[3] ^= CamelliaSubkeyR(24); 1045 1046 t0 = io[0]; 1047 t1 = io[1]; 1048 io[0] = io[2]; 1049 io[1] = io[3]; 1050 io[2] = t0; 1051 io[3] = t1; 1052 1053 return; 1054} 1055 1056void camellia_decrypt128(const u32 *subkey, u32 *io) 1057{ 1058 u32 il,ir,t0,t1; /* temporary valiables */ 1059 1060 /* pre whitening but absorb kw2*/ 1061 io[0] ^= CamelliaSubkeyL(24); 1062 io[1] ^= CamelliaSubkeyR(24); 1063 1064 /* main iteration */ 1065 CAMELLIA_ROUNDSM(io[0],io[1], 1066 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1067 io[2],io[3],il,ir,t0,t1); 1068 CAMELLIA_ROUNDSM(io[2],io[3], 1069 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1070 io[0],io[1],il,ir,t0,t1); 1071 CAMELLIA_ROUNDSM(io[0],io[1], 1072 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1073 io[2],io[3],il,ir,t0,t1); 1074 CAMELLIA_ROUNDSM(io[2],io[3], 1075 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1076 io[0],io[1],il,ir,t0,t1); 1077 CAMELLIA_ROUNDSM(io[0],io[1], 1078 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1079 io[2],io[3],il,ir,t0,t1); 1080 CAMELLIA_ROUNDSM(io[2],io[3], 1081 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1082 io[0],io[1],il,ir,t0,t1); 1083 1084 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1085 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1086 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1087 t0,t1,il,ir); 1088 1089 CAMELLIA_ROUNDSM(io[0],io[1], 1090 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1091 io[2],io[3],il,ir,t0,t1); 1092 CAMELLIA_ROUNDSM(io[2],io[3], 1093 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1094 io[0],io[1],il,ir,t0,t1); 1095 CAMELLIA_ROUNDSM(io[0],io[1], 1096 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1097 io[2],io[3],il,ir,t0,t1); 1098 CAMELLIA_ROUNDSM(io[2],io[3], 1099 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1100 io[0],io[1],il,ir,t0,t1); 1101 CAMELLIA_ROUNDSM(io[0],io[1], 1102 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1103 io[2],io[3],il,ir,t0,t1); 1104 CAMELLIA_ROUNDSM(io[2],io[3], 1105 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1106 io[0],io[1],il,ir,t0,t1); 1107 1108 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1109 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1110 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1111 t0,t1,il,ir); 1112 1113 CAMELLIA_ROUNDSM(io[0],io[1], 1114 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1115 io[2],io[3],il,ir,t0,t1); 1116 CAMELLIA_ROUNDSM(io[2],io[3], 1117 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1118 io[0],io[1],il,ir,t0,t1); 1119 CAMELLIA_ROUNDSM(io[0],io[1], 1120 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1121 io[2],io[3],il,ir,t0,t1); 1122 CAMELLIA_ROUNDSM(io[2],io[3], 1123 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1124 io[0],io[1],il,ir,t0,t1); 1125 CAMELLIA_ROUNDSM(io[0],io[1], 1126 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1127 io[2],io[3],il,ir,t0,t1); 1128 CAMELLIA_ROUNDSM(io[2],io[3], 1129 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1130 io[0],io[1],il,ir,t0,t1); 1131 1132 /* post whitening but kw4 */ 1133 io[2] ^= CamelliaSubkeyL(0); 1134 io[3] ^= CamelliaSubkeyR(0); 1135 1136 t0 = io[0]; 1137 t1 = io[1]; 1138 io[0] = io[2]; 1139 io[1] = io[3]; 1140 io[2] = t0; 1141 io[3] = t1; 1142 1143 return; 1144} 1145 1146/** 1147 * stuff for 192 and 256bit encryption/decryption 1148 */ 1149void camellia_encrypt256(const u32 *subkey, u32 *io) 1150{ 1151 u32 il,ir,t0,t1; /* temporary valiables */ 1152 1153 /* pre whitening but absorb kw2*/ 1154 io[0] ^= CamelliaSubkeyL(0); 1155 io[1] ^= CamelliaSubkeyR(0); 1156 1157 /* main iteration */ 1158 CAMELLIA_ROUNDSM(io[0],io[1], 1159 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1160 io[2],io[3],il,ir,t0,t1); 1161 CAMELLIA_ROUNDSM(io[2],io[3], 1162 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1163 io[0],io[1],il,ir,t0,t1); 1164 CAMELLIA_ROUNDSM(io[0],io[1], 1165 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1166 io[2],io[3],il,ir,t0,t1); 1167 CAMELLIA_ROUNDSM(io[2],io[3], 1168 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1169 io[0],io[1],il,ir,t0,t1); 1170 CAMELLIA_ROUNDSM(io[0],io[1], 1171 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1172 io[2],io[3],il,ir,t0,t1); 1173 CAMELLIA_ROUNDSM(io[2],io[3], 1174 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1175 io[0],io[1],il,ir,t0,t1); 1176 1177 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1178 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1179 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1180 t0,t1,il,ir); 1181 1182 CAMELLIA_ROUNDSM(io[0],io[1], 1183 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1184 io[2],io[3],il,ir,t0,t1); 1185 CAMELLIA_ROUNDSM(io[2],io[3], 1186 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1187 io[0],io[1],il,ir,t0,t1); 1188 CAMELLIA_ROUNDSM(io[0],io[1], 1189 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1190 io[2],io[3],il,ir,t0,t1); 1191 CAMELLIA_ROUNDSM(io[2],io[3], 1192 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1193 io[0],io[1],il,ir,t0,t1); 1194 CAMELLIA_ROUNDSM(io[0],io[1], 1195 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1196 io[2],io[3],il,ir,t0,t1); 1197 CAMELLIA_ROUNDSM(io[2],io[3], 1198 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1199 io[0],io[1],il,ir,t0,t1); 1200 1201 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1202 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1203 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1204 t0,t1,il,ir); 1205 1206 CAMELLIA_ROUNDSM(io[0],io[1], 1207 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1208 io[2],io[3],il,ir,t0,t1); 1209 CAMELLIA_ROUNDSM(io[2],io[3], 1210 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1211 io[0],io[1],il,ir,t0,t1); 1212 CAMELLIA_ROUNDSM(io[0],io[1], 1213 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1214 io[2],io[3],il,ir,t0,t1); 1215 CAMELLIA_ROUNDSM(io[2],io[3], 1216 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1217 io[0],io[1],il,ir,t0,t1); 1218 CAMELLIA_ROUNDSM(io[0],io[1], 1219 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1220 io[2],io[3],il,ir,t0,t1); 1221 CAMELLIA_ROUNDSM(io[2],io[3], 1222 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1223 io[0],io[1],il,ir,t0,t1); 1224 1225 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1226 CamelliaSubkeyL(24),CamelliaSubkeyR(24), 1227 CamelliaSubkeyL(25),CamelliaSubkeyR(25), 1228 t0,t1,il,ir); 1229 1230 CAMELLIA_ROUNDSM(io[0],io[1], 1231 CamelliaSubkeyL(26),CamelliaSubkeyR(26), 1232 io[2],io[3],il,ir,t0,t1); 1233 CAMELLIA_ROUNDSM(io[2],io[3], 1234 CamelliaSubkeyL(27),CamelliaSubkeyR(27), 1235 io[0],io[1],il,ir,t0,t1); 1236 CAMELLIA_ROUNDSM(io[0],io[1], 1237 CamelliaSubkeyL(28),CamelliaSubkeyR(28), 1238 io[2],io[3],il,ir,t0,t1); 1239 CAMELLIA_ROUNDSM(io[2],io[3], 1240 CamelliaSubkeyL(29),CamelliaSubkeyR(29), 1241 io[0],io[1],il,ir,t0,t1); 1242 CAMELLIA_ROUNDSM(io[0],io[1], 1243 CamelliaSubkeyL(30),CamelliaSubkeyR(30), 1244 io[2],io[3],il,ir,t0,t1); 1245 CAMELLIA_ROUNDSM(io[2],io[3], 1246 CamelliaSubkeyL(31),CamelliaSubkeyR(31), 1247 io[0],io[1],il,ir,t0,t1); 1248 1249 /* post whitening but kw4 */ 1250 io[2] ^= CamelliaSubkeyL(32); 1251 io[3] ^= CamelliaSubkeyR(32); 1252 1253 t0 = io[0]; 1254 t1 = io[1]; 1255 io[0] = io[2]; 1256 io[1] = io[3]; 1257 io[2] = t0; 1258 io[3] = t1; 1259 1260 return; 1261} 1262 1263void camellia_decrypt256(const u32 *subkey, u32 *io) 1264{ 1265 u32 il,ir,t0,t1; /* temporary valiables */ 1266 1267 /* pre whitening but absorb kw2*/ 1268 io[0] ^= CamelliaSubkeyL(32); 1269 io[1] ^= CamelliaSubkeyR(32); 1270 1271 /* main iteration */ 1272 CAMELLIA_ROUNDSM(io[0],io[1], 1273 CamelliaSubkeyL(31),CamelliaSubkeyR(31), 1274 io[2],io[3],il,ir,t0,t1); 1275 CAMELLIA_ROUNDSM(io[2],io[3], 1276 CamelliaSubkeyL(30),CamelliaSubkeyR(30), 1277 io[0],io[1],il,ir,t0,t1); 1278 CAMELLIA_ROUNDSM(io[0],io[1], 1279 CamelliaSubkeyL(29),CamelliaSubkeyR(29), 1280 io[2],io[3],il,ir,t0,t1); 1281 CAMELLIA_ROUNDSM(io[2],io[3], 1282 CamelliaSubkeyL(28),CamelliaSubkeyR(28), 1283 io[0],io[1],il,ir,t0,t1); 1284 CAMELLIA_ROUNDSM(io[0],io[1], 1285 CamelliaSubkeyL(27),CamelliaSubkeyR(27), 1286 io[2],io[3],il,ir,t0,t1); 1287 CAMELLIA_ROUNDSM(io[2],io[3], 1288 CamelliaSubkeyL(26),CamelliaSubkeyR(26), 1289 io[0],io[1],il,ir,t0,t1); 1290 1291 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1292 CamelliaSubkeyL(25),CamelliaSubkeyR(25), 1293 CamelliaSubkeyL(24),CamelliaSubkeyR(24), 1294 t0,t1,il,ir); 1295 1296 CAMELLIA_ROUNDSM(io[0],io[1], 1297 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1298 io[2],io[3],il,ir,t0,t1); 1299 CAMELLIA_ROUNDSM(io[2],io[3], 1300 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1301 io[0],io[1],il,ir,t0,t1); 1302 CAMELLIA_ROUNDSM(io[0],io[1], 1303 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1304 io[2],io[3],il,ir,t0,t1); 1305 CAMELLIA_ROUNDSM(io[2],io[3], 1306 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1307 io[0],io[1],il,ir,t0,t1); 1308 CAMELLIA_ROUNDSM(io[0],io[1], 1309 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1310 io[2],io[3],il,ir,t0,t1); 1311 CAMELLIA_ROUNDSM(io[2],io[3], 1312 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1313 io[0],io[1],il,ir,t0,t1); 1314 1315 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1316 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1317 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1318 t0,t1,il,ir); 1319 1320 CAMELLIA_ROUNDSM(io[0],io[1], 1321 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1322 io[2],io[3],il,ir,t0,t1); 1323 CAMELLIA_ROUNDSM(io[2],io[3], 1324 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1325 io[0],io[1],il,ir,t0,t1); 1326 CAMELLIA_ROUNDSM(io[0],io[1], 1327 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1328 io[2],io[3],il,ir,t0,t1); 1329 CAMELLIA_ROUNDSM(io[2],io[3], 1330 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1331 io[0],io[1],il,ir,t0,t1); 1332 CAMELLIA_ROUNDSM(io[0],io[1], 1333 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1334 io[2],io[3],il,ir,t0,t1); 1335 CAMELLIA_ROUNDSM(io[2],io[3], 1336 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1337 io[0],io[1],il,ir,t0,t1); 1338 1339 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1340 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1341 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1342 t0,t1,il,ir); 1343 1344 CAMELLIA_ROUNDSM(io[0],io[1], 1345 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1346 io[2],io[3],il,ir,t0,t1); 1347 CAMELLIA_ROUNDSM(io[2],io[3], 1348 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1349 io[0],io[1],il,ir,t0,t1); 1350 CAMELLIA_ROUNDSM(io[0],io[1], 1351 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1352 io[2],io[3],il,ir,t0,t1); 1353 CAMELLIA_ROUNDSM(io[2],io[3], 1354 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1355 io[0],io[1],il,ir,t0,t1); 1356 CAMELLIA_ROUNDSM(io[0],io[1], 1357 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1358 io[2],io[3],il,ir,t0,t1); 1359 CAMELLIA_ROUNDSM(io[2],io[3], 1360 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1361 io[0],io[1],il,ir,t0,t1); 1362 1363 /* post whitening but kw4 */ 1364 io[2] ^= CamelliaSubkeyL(0); 1365 io[3] ^= CamelliaSubkeyR(0); 1366 1367 t0 = io[0]; 1368 t1 = io[1]; 1369 io[0] = io[2]; 1370 io[1] = io[3]; 1371 io[2] = t0; 1372 io[3] = t1; 1373 1374 return; 1375} 1376 1377/*** 1378 * 1379 * API for compatibility 1380 */ 1381 1382void Camellia_Ekeygen(const int keyBitLength, 1383 const unsigned char *rawKey, 1384 KEY_TABLE_TYPE keyTable) 1385{ 1386 switch(keyBitLength) { 1387 case 128: 1388 camellia_setup128(rawKey, keyTable); 1389 break; 1390 case 192: 1391 camellia_setup192(rawKey, keyTable); 1392 break; 1393 case 256: 1394 camellia_setup256(rawKey, keyTable); 1395 break; 1396 default: 1397 break; 1398 } 1399} 1400 1401 1402void Camellia_EncryptBlock(const int keyBitLength, 1403 const unsigned char *plaintext, 1404 const KEY_TABLE_TYPE keyTable, 1405 unsigned char *ciphertext) 1406{ 1407 u32 tmp[4]; 1408 1409 tmp[0] = GETU32(plaintext); 1410 tmp[1] = GETU32(plaintext + 4); 1411 tmp[2] = GETU32(plaintext + 8); 1412 tmp[3] = GETU32(plaintext + 12); 1413 1414 switch (keyBitLength) { 1415 case 128: 1416 camellia_encrypt128(keyTable, tmp); 1417 break; 1418 case 192: 1419 /* fall through */ 1420 case 256: 1421 camellia_encrypt256(keyTable, tmp); 1422 break; 1423 default: 1424 break; 1425 } 1426 1427 PUTU32(ciphertext, tmp[0]); 1428 PUTU32(ciphertext + 4, tmp[1]); 1429 PUTU32(ciphertext + 8, tmp[2]); 1430 PUTU32(ciphertext + 12, tmp[3]); 1431} 1432 1433void Camellia_DecryptBlock(const int keyBitLength, 1434 const unsigned char *ciphertext, 1435 const KEY_TABLE_TYPE keyTable, 1436 unsigned char *plaintext) 1437{ 1438 u32 tmp[4]; 1439 1440 tmp[0] = GETU32(ciphertext); 1441 tmp[1] = GETU32(ciphertext + 4); 1442 tmp[2] = GETU32(ciphertext + 8); 1443 tmp[3] = GETU32(ciphertext + 12); 1444 1445 switch (keyBitLength) { 1446 case 128: 1447 camellia_decrypt128(keyTable, tmp); 1448 break; 1449 case 192: 1450 /* fall through */ 1451 case 256: 1452 camellia_decrypt256(keyTable, tmp); 1453 break; 1454 default: 1455 break; 1456 } 1457 PUTU32(plaintext, tmp[0]); 1458 PUTU32(plaintext + 4, tmp[1]); 1459 PUTU32(plaintext + 8, tmp[2]); 1460 PUTU32(plaintext + 12, tmp[3]); 1461} 1462