1/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */ 2/* ==================================================================== 3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 4 * ALL RIGHTS RESERVED. 5 * 6 * Intellectual Property information for Camellia: 7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html 8 * 9 * News Release for Announcement of Camellia open source: 10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html 11 * 12 * The Camellia Code included herein is developed by 13 * NTT (Nippon Telegraph and Telephone Corporation), and is contributed 14 * to the OpenSSL project. 15 * 16 * The Camellia Code is licensed pursuant to the OpenSSL open source 17 * license provided below. 18 */ 19/* ==================================================================== 20 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 26 * 1. Redistributions of source code must retain the above copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 29 * 2. Redistributions in binary form must reproduce the above copyright 30 * notice, this list of conditions and the following disclaimer in 31 * the documentation and/or other materials provided with the 32 * distribution. 33 * 34 * 3. All advertising materials mentioning features or use of this 35 * software must display the following acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 38 * 39 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 40 * endorse or promote products derived from this software without 41 * prior written permission. For written permission, please contact 42 * openssl-core@openssl.org. 43 * 44 * 5. Products derived from this software may not be called "OpenSSL" 45 * nor may "OpenSSL" appear in their names without prior written 46 * permission of the OpenSSL Project. 47 * 48 * 6. Redistributions of any form whatsoever must retain the following 49 * acknowledgment: 50 * "This product includes software developed by the OpenSSL Project 51 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 54 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 57 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 60 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 64 * OF THE POSSIBILITY OF SUCH DAMAGE. 65 * ==================================================================== 66 */ 67 68/* Algorithm Specification 69 http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 70*/ 71 72 73#include <string.h> 74#include <stdlib.h> 75 76#include "camellia.h" 77#include "cmll_locl.h" 78 79/* key constants */ 80#define CAMELLIA_SIGMA1L (0xA09E667FL) 81#define CAMELLIA_SIGMA1R (0x3BCC908BL) 82#define CAMELLIA_SIGMA2L (0xB67AE858L) 83#define CAMELLIA_SIGMA2R (0x4CAA73B2L) 84#define CAMELLIA_SIGMA3L (0xC6EF372FL) 85#define CAMELLIA_SIGMA3R (0xE94F82BEL) 86#define CAMELLIA_SIGMA4L (0x54FF53A5L) 87#define CAMELLIA_SIGMA4R (0xF1D36F1CL) 88#define CAMELLIA_SIGMA5L (0x10E527FAL) 89#define CAMELLIA_SIGMA5R (0xDE682D1DL) 90#define CAMELLIA_SIGMA6L (0xB05688C2L) 91#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 92 93/* 94 * macros 95 */ 96 97/* e is pointer of subkey */ 98#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) 99#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) 100 101/* rotation right shift 1byte */ 102#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 103/* rotation left shift 1bit */ 104#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 105/* rotation left shift 1byte */ 106#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 107 108#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 109do \ 110 { \ 111 w0 = ll; \ 112 ll = (ll << bits) + (lr >> (32 - bits)); \ 113 lr = (lr << bits) + (rl >> (32 - bits)); \ 114 rl = (rl << bits) + (rr >> (32 - bits)); \ 115 rr = (rr << bits) + (w0 >> (32 - bits)); \ 116 } while(0) 117 118#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 119do \ 120 { \ 121 w0 = ll; \ 122 w1 = lr; \ 123 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 124 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 125 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 126 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 127 } while(0) 128 129#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 130#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 131#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 132#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 133 134#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 135do \ 136 { \ 137 il = xl ^ kl; \ 138 ir = xr ^ kr; \ 139 t0 = il >> 16; \ 140 t1 = ir >> 16; \ 141 yl = CAMELLIA_SP1110(ir & 0xff) \ 142 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 143 ^ CAMELLIA_SP3033(t1 & 0xff) \ 144 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 145 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 146 ^ CAMELLIA_SP0222(t0 & 0xff) \ 147 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 148 ^ CAMELLIA_SP4404(il & 0xff); \ 149 yl ^= yr; \ 150 yr = CAMELLIA_RR8(yr); \ 151 yr ^= yl; \ 152 } while(0) 153 154 155/* 156 * for speed up 157 * 158 */ 159#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 160do \ 161 { \ 162 t0 = kll; \ 163 t0 &= ll; \ 164 lr ^= CAMELLIA_RL1(t0); \ 165 t1 = klr; \ 166 t1 |= lr; \ 167 ll ^= t1; \ 168 \ 169 t2 = krr; \ 170 t2 |= rr; \ 171 rl ^= t2; \ 172 t3 = krl; \ 173 t3 &= rl; \ 174 rr ^= CAMELLIA_RL1(t3); \ 175 } while(0) 176 177#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 178do \ 179 { \ 180 il = xl; \ 181 ir = xr; \ 182 t0 = il >> 16; \ 183 t1 = ir >> 16; \ 184 ir = CAMELLIA_SP1110(ir & 0xff) \ 185 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 186 ^ CAMELLIA_SP3033(t1 & 0xff) \ 187 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 188 il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 189 ^ CAMELLIA_SP0222(t0 & 0xff) \ 190 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 191 ^ CAMELLIA_SP4404(il & 0xff); \ 192 il ^= kl; \ 193 ir ^= kr; \ 194 ir ^= il; \ 195 il = CAMELLIA_RR8(il); \ 196 il ^= ir; \ 197 yl ^= ir; \ 198 yr ^= il; \ 199 } while(0) 200 201static const u32 camellia_sp1110[256] = 202 { 203 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 204 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 205 0xe4e4e400,0x85858500,0x57575700,0x35353500, 206 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 207 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 208 0x45454500,0x19191900,0xa5a5a500,0x21212100, 209 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 210 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 211 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 212 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 213 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 214 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 215 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 216 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 217 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 218 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 219 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 220 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 221 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 222 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 223 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 224 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 225 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 226 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 227 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 228 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 229 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 230 0x53535300,0x18181800,0xf2f2f200,0x22222200, 231 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 232 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 233 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 234 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 235 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 236 0xa1a1a100,0x89898900,0x62626200,0x97979700, 237 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 238 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 239 0x10101000,0xc4c4c400,0x00000000,0x48484800, 240 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 241 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 242 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 243 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 244 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 245 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 246 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 247 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 248 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 249 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 250 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 251 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 252 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 253 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 254 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 255 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 256 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 257 0xd4d4d400,0x25252500,0xababab00,0x42424200, 258 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 259 0x72727200,0x07070700,0xb9b9b900,0x55555500, 260 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 261 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 262 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 263 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 264 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 265 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 266 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 267 }; 268 269static const u32 camellia_sp0222[256] = 270 { 271 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 272 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 273 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 274 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 275 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 276 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 277 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 278 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 279 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 280 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 281 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 282 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 283 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 284 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 285 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 286 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 287 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 288 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 289 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 290 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 291 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 292 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 293 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 294 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 295 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 296 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 297 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 298 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 299 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 300 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 301 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 302 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 303 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 304 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 305 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 306 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 307 0x00202020,0x00898989,0x00000000,0x00909090, 308 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 309 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 310 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 311 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 312 0x009b9b9b,0x00949494,0x00212121,0x00666666, 313 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 314 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 315 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 316 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 317 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 318 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 319 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 320 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 321 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 322 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 323 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 324 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 325 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 326 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 327 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 328 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 329 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 330 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 331 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 332 0x00777777,0x00939393,0x00868686,0x00838383, 333 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 334 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 335 }; 336 337static const u32 camellia_sp3033[256] = 338 { 339 0x38003838,0x41004141,0x16001616,0x76007676, 340 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 341 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 342 0x75007575,0x06000606,0x57005757,0xa000a0a0, 343 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 344 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 345 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 346 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 347 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 348 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 349 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 350 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 351 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 352 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 353 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 354 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 355 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 356 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 357 0x3a003a3a,0x09000909,0x95009595,0x10001010, 358 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 359 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 360 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 361 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 362 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 363 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 364 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 365 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 366 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 367 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 368 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 369 0x12001212,0x04000404,0x74007474,0x54005454, 370 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 371 0x55005555,0x68006868,0x50005050,0xbe00bebe, 372 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 373 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 374 0x70007070,0xff00ffff,0x32003232,0x69006969, 375 0x08000808,0x62006262,0x00000000,0x24002424, 376 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 377 0x45004545,0x81008181,0x73007373,0x6d006d6d, 378 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 379 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 380 0xe600e6e6,0x25002525,0x48004848,0x99009999, 381 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 382 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 383 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 384 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 385 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 386 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 387 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 388 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 389 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 390 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 391 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 392 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 393 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 394 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 395 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 396 0x7c007c7c,0x77007777,0x56005656,0x05000505, 397 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 398 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 399 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 400 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 401 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 402 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 403 }; 404 405static const u32 camellia_sp4404[256] = 406 { 407 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 408 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 409 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 410 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 411 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 412 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 413 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 414 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 415 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 416 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 417 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 418 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 419 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 420 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 421 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 422 0x24240024,0xe8e800e8,0x60600060,0x69690069, 423 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 424 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 425 0x10100010,0x00000000,0xa3a300a3,0x75750075, 426 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 427 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 428 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 429 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 430 0x81810081,0x6f6f006f,0x13130013,0x63630063, 431 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 432 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 433 0x78780078,0x06060006,0xe7e700e7,0x71710071, 434 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 435 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 436 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 437 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 438 0x15150015,0xadad00ad,0x77770077,0x80800080, 439 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 440 0x85850085,0x35350035,0x0c0c000c,0x41410041, 441 0xefef00ef,0x93930093,0x19190019,0x21210021, 442 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 443 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 444 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 445 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 446 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 447 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 448 0x12120012,0x20200020,0xb1b100b1,0x99990099, 449 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 450 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 451 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 452 0x0f0f000f,0x16160016,0x18180018,0x22220022, 453 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 454 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 455 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 456 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 457 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 458 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 459 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 460 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 461 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 462 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 463 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 464 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 465 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 466 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 467 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 468 0x49490049,0x68680068,0x38380038,0xa4a400a4, 469 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 470 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 471 }; 472 473/** 474 * Stuff related to the Camellia key schedule 475 */ 476#define subl(x) subL[(x)] 477#define subr(x) subR[(x)] 478 479void camellia_setup128(const u8 *key, u32 *subkey) 480 { 481 u32 kll, klr, krl, krr; 482 u32 il, ir, t0, t1, w0, w1; 483 u32 kw4l, kw4r, dw, tl, tr; 484 u32 subL[26]; 485 u32 subR[26]; 486 487 /** 488 * k == kll || klr || krl || krr (|| is concatination) 489 */ 490 kll = GETU32(key ); 491 klr = GETU32(key + 4); 492 krl = GETU32(key + 8); 493 krr = GETU32(key + 12); 494 /** 495 * generate KL dependent subkeys 496 */ 497 /* kw1 */ 498 subl(0) = kll; subr(0) = klr; 499 /* kw2 */ 500 subl(1) = krl; subr(1) = krr; 501 /* rotation left shift 15bit */ 502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 503 /* k3 */ 504 subl(4) = kll; subr(4) = klr; 505 /* k4 */ 506 subl(5) = krl; subr(5) = krr; 507 /* rotation left shift 15+30bit */ 508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 509 /* k7 */ 510 subl(10) = kll; subr(10) = klr; 511 /* k8 */ 512 subl(11) = krl; subr(11) = krr; 513 /* rotation left shift 15+30+15bit */ 514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 515 /* k10 */ 516 subl(13) = krl; subr(13) = krr; 517 /* rotation left shift 15+30+15+17 bit */ 518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 519 /* kl3 */ 520 subl(16) = kll; subr(16) = klr; 521 /* kl4 */ 522 subl(17) = krl; subr(17) = krr; 523 /* rotation left shift 15+30+15+17+17 bit */ 524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 525 /* k13 */ 526 subl(18) = kll; subr(18) = klr; 527 /* k14 */ 528 subl(19) = krl; subr(19) = krr; 529 /* rotation left shift 15+30+15+17+17+17 bit */ 530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 531 /* k17 */ 532 subl(22) = kll; subr(22) = klr; 533 /* k18 */ 534 subl(23) = krl; subr(23) = krr; 535 536 /* generate KA */ 537 kll = subl(0); klr = subr(0); 538 krl = subl(1); krr = subr(1); 539 CAMELLIA_F(kll, klr, 540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 541 w0, w1, il, ir, t0, t1); 542 krl ^= w0; krr ^= w1; 543 CAMELLIA_F(krl, krr, 544 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 545 kll, klr, il, ir, t0, t1); 546 /* current status == (kll, klr, w0, w1) */ 547 CAMELLIA_F(kll, klr, 548 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 549 krl, krr, il, ir, t0, t1); 550 krl ^= w0; krr ^= w1; 551 CAMELLIA_F(krl, krr, 552 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 553 w0, w1, il, ir, t0, t1); 554 kll ^= w0; klr ^= w1; 555 556 /* generate KA dependent subkeys */ 557 /* k1, k2 */ 558 subl(2) = kll; subr(2) = klr; 559 subl(3) = krl; subr(3) = krr; 560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 561 /* k5,k6 */ 562 subl(6) = kll; subr(6) = klr; 563 subl(7) = krl; subr(7) = krr; 564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 565 /* kl1, kl2 */ 566 subl(8) = kll; subr(8) = klr; 567 subl(9) = krl; subr(9) = krr; 568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 569 /* k9 */ 570 subl(12) = kll; subr(12) = klr; 571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 572 /* k11, k12 */ 573 subl(14) = kll; subr(14) = klr; 574 subl(15) = krl; subr(15) = krr; 575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 576 /* k15, k16 */ 577 subl(20) = kll; subr(20) = klr; 578 subl(21) = krl; subr(21) = krr; 579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 580 /* kw3, kw4 */ 581 subl(24) = kll; subr(24) = klr; 582 subl(25) = krl; subr(25) = krr; 583 584 585 /* absorb kw2 to other subkeys */ 586/* round 2 */ 587 subl(3) ^= subl(1); subr(3) ^= subr(1); 588/* round 4 */ 589 subl(5) ^= subl(1); subr(5) ^= subr(1); 590/* round 6 */ 591 subl(7) ^= subl(1); subr(7) ^= subr(1); 592 subl(1) ^= subr(1) & ~subr(9); 593 dw = subl(1) & subl(9), 594 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ 595/* round 8 */ 596 subl(11) ^= subl(1); subr(11) ^= subr(1); 597/* round 10 */ 598 subl(13) ^= subl(1); subr(13) ^= subr(1); 599/* round 12 */ 600 subl(15) ^= subl(1); subr(15) ^= subr(1); 601 subl(1) ^= subr(1) & ~subr(17); 602 dw = subl(1) & subl(17), 603 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ 604/* round 14 */ 605 subl(19) ^= subl(1); subr(19) ^= subr(1); 606/* round 16 */ 607 subl(21) ^= subl(1); subr(21) ^= subr(1); 608/* round 18 */ 609 subl(23) ^= subl(1); subr(23) ^= subr(1); 610/* kw3 */ 611 subl(24) ^= subl(1); subr(24) ^= subr(1); 612 613 /* absorb kw4 to other subkeys */ 614 kw4l = subl(25); kw4r = subr(25); 615/* round 17 */ 616 subl(22) ^= kw4l; subr(22) ^= kw4r; 617/* round 15 */ 618 subl(20) ^= kw4l; subr(20) ^= kw4r; 619/* round 13 */ 620 subl(18) ^= kw4l; subr(18) ^= kw4r; 621 kw4l ^= kw4r & ~subr(16); 622 dw = kw4l & subl(16), 623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ 624/* round 11 */ 625 subl(14) ^= kw4l; subr(14) ^= kw4r; 626/* round 9 */ 627 subl(12) ^= kw4l; subr(12) ^= kw4r; 628/* round 7 */ 629 subl(10) ^= kw4l; subr(10) ^= kw4r; 630 kw4l ^= kw4r & ~subr(8); 631 dw = kw4l & subl(8), 632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ 633/* round 5 */ 634 subl(6) ^= kw4l; subr(6) ^= kw4r; 635/* round 3 */ 636 subl(4) ^= kw4l; subr(4) ^= kw4r; 637/* round 1 */ 638 subl(2) ^= kw4l; subr(2) ^= kw4r; 639/* kw1 */ 640 subl(0) ^= kw4l; subr(0) ^= kw4r; 641 642 643 /* key XOR is end of F-function */ 644 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ 645 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 646 CamelliaSubkeyL(2) = subl(3); /* round 1 */ 647 CamelliaSubkeyR(2) = subr(3); 648 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ 649 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 650 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ 651 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 652 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ 653 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 654 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ 655 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 656 tl = subl(10) ^ (subr(10) & ~subr(8)); 657 dw = tl & subl(8), /* FL(kl1) */ 658 tr = subr(10) ^ CAMELLIA_RL1(dw); 659 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ 660 CamelliaSubkeyR(7) = subr(6) ^ tr; 661 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ 662 CamelliaSubkeyR(8) = subr(8); 663 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ 664 CamelliaSubkeyR(9) = subr(9); 665 tl = subl(7) ^ (subr(7) & ~subr(9)); 666 dw = tl & subl(9), /* FLinv(kl2) */ 667 tr = subr(7) ^ CAMELLIA_RL1(dw); 668 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ 669 CamelliaSubkeyR(10) = tr ^ subr(11); 670 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ 671 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 672 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ 673 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 674 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ 675 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 676 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ 677 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 678 tl = subl(18) ^ (subr(18) & ~subr(16)); 679 dw = tl & subl(16), /* FL(kl3) */ 680 tr = subr(18) ^ CAMELLIA_RL1(dw); 681 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ 682 CamelliaSubkeyR(15) = subr(14) ^ tr; 683 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ 684 CamelliaSubkeyR(16) = subr(16); 685 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ 686 CamelliaSubkeyR(17) = subr(17); 687 tl = subl(15) ^ (subr(15) & ~subr(17)); 688 dw = tl & subl(17), /* FLinv(kl4) */ 689 tr = subr(15) ^ CAMELLIA_RL1(dw); 690 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ 691 CamelliaSubkeyR(18) = tr ^ subr(19); 692 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ 693 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 694 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ 695 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 696 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ 697 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 698 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ 699 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 700 CamelliaSubkeyL(23) = subl(22); /* round 18 */ 701 CamelliaSubkeyR(23) = subr(22); 702 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */ 703 CamelliaSubkeyR(24) = subr(24) ^ subr(23); 704 705 /* apply the inverse of the last half of P-function */ 706 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), 707 dw = CAMELLIA_RL8(dw);/* round 1 */ 708 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, 709 CamelliaSubkeyL(2) = dw; 710 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), 711 dw = CAMELLIA_RL8(dw);/* round 2 */ 712 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, 713 CamelliaSubkeyL(3) = dw; 714 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), 715 dw = CAMELLIA_RL8(dw);/* round 3 */ 716 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, 717 CamelliaSubkeyL(4) = dw; 718 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), 719 dw = CAMELLIA_RL8(dw);/* round 4 */ 720 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, 721 CamelliaSubkeyL(5) = dw; 722 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), 723 dw = CAMELLIA_RL8(dw);/* round 5 */ 724 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, 725 CamelliaSubkeyL(6) = dw; 726 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), 727 dw = CAMELLIA_RL8(dw);/* round 6 */ 728 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, 729 CamelliaSubkeyL(7) = dw; 730 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), 731 dw = CAMELLIA_RL8(dw);/* round 7 */ 732 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, 733 CamelliaSubkeyL(10) = dw; 734 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), 735 dw = CAMELLIA_RL8(dw);/* round 8 */ 736 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, 737 CamelliaSubkeyL(11) = dw; 738 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), 739 dw = CAMELLIA_RL8(dw);/* round 9 */ 740 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, 741 CamelliaSubkeyL(12) = dw; 742 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), 743 dw = CAMELLIA_RL8(dw);/* round 10 */ 744 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, 745 CamelliaSubkeyL(13) = dw; 746 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), 747 dw = CAMELLIA_RL8(dw);/* round 11 */ 748 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, 749 CamelliaSubkeyL(14) = dw; 750 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), 751 dw = CAMELLIA_RL8(dw);/* round 12 */ 752 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, 753 CamelliaSubkeyL(15) = dw; 754 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), 755 dw = CAMELLIA_RL8(dw);/* round 13 */ 756 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, 757 CamelliaSubkeyL(18) = dw; 758 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), 759 dw = CAMELLIA_RL8(dw);/* round 14 */ 760 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, 761 CamelliaSubkeyL(19) = dw; 762 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), 763 dw = CAMELLIA_RL8(dw);/* round 15 */ 764 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, 765 CamelliaSubkeyL(20) = dw; 766 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), 767 dw = CAMELLIA_RL8(dw);/* round 16 */ 768 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, 769 CamelliaSubkeyL(21) = dw; 770 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), 771 dw = CAMELLIA_RL8(dw);/* round 17 */ 772 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, 773 CamelliaSubkeyL(22) = dw; 774 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), 775 dw = CAMELLIA_RL8(dw);/* round 18 */ 776 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, 777 CamelliaSubkeyL(23) = dw; 778 779 return; 780 } 781 782void camellia_setup256(const u8 *key, u32 *subkey) 783 { 784 u32 kll,klr,krl,krr; /* left half of key */ 785 u32 krll,krlr,krrl,krrr; /* right half of key */ 786 u32 il, ir, t0, t1, w0, w1; /* temporary variables */ 787 u32 kw4l, kw4r, dw, tl, tr; 788 u32 subL[34]; 789 u32 subR[34]; 790 791 /** 792 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 793 * (|| is concatination) 794 */ 795 796 kll = GETU32(key ); 797 klr = GETU32(key + 4); 798 krl = GETU32(key + 8); 799 krr = GETU32(key + 12); 800 krll = GETU32(key + 16); 801 krlr = GETU32(key + 20); 802 krrl = GETU32(key + 24); 803 krrr = GETU32(key + 28); 804 805 /* generate KL dependent subkeys */ 806 /* kw1 */ 807 subl(0) = kll; subr(0) = klr; 808 /* kw2 */ 809 subl(1) = krl; subr(1) = krr; 810 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 811 /* k9 */ 812 subl(12) = kll; subr(12) = klr; 813 /* k10 */ 814 subl(13) = krl; subr(13) = krr; 815 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 816 /* kl3 */ 817 subl(16) = kll; subr(16) = klr; 818 /* kl4 */ 819 subl(17) = krl; subr(17) = krr; 820 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 821 /* k17 */ 822 subl(22) = kll; subr(22) = klr; 823 /* k18 */ 824 subl(23) = krl; subr(23) = krr; 825 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 826 /* k23 */ 827 subl(30) = kll; subr(30) = klr; 828 /* k24 */ 829 subl(31) = krl; subr(31) = krr; 830 831 /* generate KR dependent subkeys */ 832 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 833 /* k3 */ 834 subl(4) = krll; subr(4) = krlr; 835 /* k4 */ 836 subl(5) = krrl; subr(5) = krrr; 837 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 838 /* kl1 */ 839 subl(8) = krll; subr(8) = krlr; 840 /* kl2 */ 841 subl(9) = krrl; subr(9) = krrr; 842 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 843 /* k13 */ 844 subl(18) = krll; subr(18) = krlr; 845 /* k14 */ 846 subl(19) = krrl; subr(19) = krrr; 847 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 848 /* k19 */ 849 subl(26) = krll; subr(26) = krlr; 850 /* k20 */ 851 subl(27) = krrl; subr(27) = krrr; 852 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 853 854 /* generate KA */ 855 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 856 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 857 CAMELLIA_F(kll, klr, 858 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 859 w0, w1, il, ir, t0, t1); 860 krl ^= w0; krr ^= w1; 861 CAMELLIA_F(krl, krr, 862 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 863 kll, klr, il, ir, t0, t1); 864 kll ^= krll; klr ^= krlr; 865 CAMELLIA_F(kll, klr, 866 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 867 krl, krr, il, ir, t0, t1); 868 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 869 CAMELLIA_F(krl, krr, 870 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 871 w0, w1, il, ir, t0, t1); 872 kll ^= w0; klr ^= w1; 873 874 /* generate KB */ 875 krll ^= kll; krlr ^= klr; 876 krrl ^= krl; krrr ^= krr; 877 CAMELLIA_F(krll, krlr, 878 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 879 w0, w1, il, ir, t0, t1); 880 krrl ^= w0; krrr ^= w1; 881 CAMELLIA_F(krrl, krrr, 882 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 883 w0, w1, il, ir, t0, t1); 884 krll ^= w0; krlr ^= w1; 885 886 /* generate KA dependent subkeys */ 887 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 888 /* k5 */ 889 subl(6) = kll; subr(6) = klr; 890 /* k6 */ 891 subl(7) = krl; subr(7) = krr; 892 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 893 /* k11 */ 894 subl(14) = kll; subr(14) = klr; 895 /* k12 */ 896 subl(15) = krl; subr(15) = krr; 897 /* rotation left shift 32bit */ 898 /* kl5 */ 899 subl(24) = klr; subr(24) = krl; 900 /* kl6 */ 901 subl(25) = krr; subr(25) = kll; 902 /* rotation left shift 49 from k11,k12 -> k21,k22 */ 903 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 904 /* k21 */ 905 subl(28) = kll; subr(28) = klr; 906 /* k22 */ 907 subl(29) = krl; subr(29) = krr; 908 909 /* generate KB dependent subkeys */ 910 /* k1 */ 911 subl(2) = krll; subr(2) = krlr; 912 /* k2 */ 913 subl(3) = krrl; subr(3) = krrr; 914 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 915 /* k7 */ 916 subl(10) = krll; subr(10) = krlr; 917 /* k8 */ 918 subl(11) = krrl; subr(11) = krrr; 919 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 920 /* k15 */ 921 subl(20) = krll; subr(20) = krlr; 922 /* k16 */ 923 subl(21) = krrl; subr(21) = krrr; 924 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 925 /* kw3 */ 926 subl(32) = krll; subr(32) = krlr; 927 /* kw4 */ 928 subl(33) = krrl; subr(33) = krrr; 929 930 /* absorb kw2 to other subkeys */ 931/* round 2 */ 932 subl(3) ^= subl(1); subr(3) ^= subr(1); 933/* round 4 */ 934 subl(5) ^= subl(1); subr(5) ^= subr(1); 935/* round 6 */ 936 subl(7) ^= subl(1); subr(7) ^= subr(1); 937 subl(1) ^= subr(1) & ~subr(9); 938 dw = subl(1) & subl(9), 939 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ 940/* round 8 */ 941 subl(11) ^= subl(1); subr(11) ^= subr(1); 942/* round 10 */ 943 subl(13) ^= subl(1); subr(13) ^= subr(1); 944/* round 12 */ 945 subl(15) ^= subl(1); subr(15) ^= subr(1); 946 subl(1) ^= subr(1) & ~subr(17); 947 dw = subl(1) & subl(17), 948 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ 949/* round 14 */ 950 subl(19) ^= subl(1); subr(19) ^= subr(1); 951/* round 16 */ 952 subl(21) ^= subl(1); subr(21) ^= subr(1); 953/* round 18 */ 954 subl(23) ^= subl(1); subr(23) ^= subr(1); 955 subl(1) ^= subr(1) & ~subr(25); 956 dw = subl(1) & subl(25), 957 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ 958/* round 20 */ 959 subl(27) ^= subl(1); subr(27) ^= subr(1); 960/* round 22 */ 961 subl(29) ^= subl(1); subr(29) ^= subr(1); 962/* round 24 */ 963 subl(31) ^= subl(1); subr(31) ^= subr(1); 964/* kw3 */ 965 subl(32) ^= subl(1); subr(32) ^= subr(1); 966 967 968 /* absorb kw4 to other subkeys */ 969 kw4l = subl(33); kw4r = subr(33); 970/* round 23 */ 971 subl(30) ^= kw4l; subr(30) ^= kw4r; 972/* round 21 */ 973 subl(28) ^= kw4l; subr(28) ^= kw4r; 974/* round 19 */ 975 subl(26) ^= kw4l; subr(26) ^= kw4r; 976 kw4l ^= kw4r & ~subr(24); 977 dw = kw4l & subl(24), 978 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ 979/* round 17 */ 980 subl(22) ^= kw4l; subr(22) ^= kw4r; 981/* round 15 */ 982 subl(20) ^= kw4l; subr(20) ^= kw4r; 983/* round 13 */ 984 subl(18) ^= kw4l; subr(18) ^= kw4r; 985 kw4l ^= kw4r & ~subr(16); 986 dw = kw4l & subl(16), 987 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ 988/* round 11 */ 989 subl(14) ^= kw4l; subr(14) ^= kw4r; 990/* round 9 */ 991 subl(12) ^= kw4l; subr(12) ^= kw4r; 992/* round 7 */ 993 subl(10) ^= kw4l; subr(10) ^= kw4r; 994 kw4l ^= kw4r & ~subr(8); 995 dw = kw4l & subl(8), 996 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ 997/* round 5 */ 998 subl(6) ^= kw4l; subr(6) ^= kw4r; 999/* round 3 */ 1000 subl(4) ^= kw4l; subr(4) ^= kw4r; 1001/* round 1 */ 1002 subl(2) ^= kw4l; subr(2) ^= kw4r; 1003/* kw1 */ 1004 subl(0) ^= kw4l; subr(0) ^= kw4r; 1005 1006 /* key XOR is end of F-function */ 1007 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ 1008 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 1009 CamelliaSubkeyL(2) = subl(3); /* round 1 */ 1010 CamelliaSubkeyR(2) = subr(3); 1011 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ 1012 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 1013 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ 1014 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 1015 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ 1016 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 1017 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ 1018 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 1019 tl = subl(10) ^ (subr(10) & ~subr(8)); 1020 dw = tl & subl(8), /* FL(kl1) */ 1021 tr = subr(10) ^ CAMELLIA_RL1(dw); 1022 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ 1023 CamelliaSubkeyR(7) = subr(6) ^ tr; 1024 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ 1025 CamelliaSubkeyR(8) = subr(8); 1026 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ 1027 CamelliaSubkeyR(9) = subr(9); 1028 tl = subl(7) ^ (subr(7) & ~subr(9)); 1029 dw = tl & subl(9), /* FLinv(kl2) */ 1030 tr = subr(7) ^ CAMELLIA_RL1(dw); 1031 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ 1032 CamelliaSubkeyR(10) = tr ^ subr(11); 1033 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ 1034 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 1035 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ 1036 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 1037 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ 1038 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 1039 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ 1040 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 1041 tl = subl(18) ^ (subr(18) & ~subr(16)); 1042 dw = tl & subl(16), /* FL(kl3) */ 1043 tr = subr(18) ^ CAMELLIA_RL1(dw); 1044 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ 1045 CamelliaSubkeyR(15) = subr(14) ^ tr; 1046 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ 1047 CamelliaSubkeyR(16) = subr(16); 1048 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ 1049 CamelliaSubkeyR(17) = subr(17); 1050 tl = subl(15) ^ (subr(15) & ~subr(17)); 1051 dw = tl & subl(17), /* FLinv(kl4) */ 1052 tr = subr(15) ^ CAMELLIA_RL1(dw); 1053 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ 1054 CamelliaSubkeyR(18) = tr ^ subr(19); 1055 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ 1056 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 1057 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ 1058 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 1059 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ 1060 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 1061 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ 1062 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 1063 tl = subl(26) ^ (subr(26) 1064 & ~subr(24)); 1065 dw = tl & subl(24), /* FL(kl5) */ 1066 tr = subr(26) ^ CAMELLIA_RL1(dw); 1067 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */ 1068 CamelliaSubkeyR(23) = subr(22) ^ tr; 1069 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */ 1070 CamelliaSubkeyR(24) = subr(24); 1071 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */ 1072 CamelliaSubkeyR(25) = subr(25); 1073 tl = subl(23) ^ (subr(23) & 1074 ~subr(25)); 1075 dw = tl & subl(25), /* FLinv(kl6) */ 1076 tr = subr(23) ^ CAMELLIA_RL1(dw); 1077 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */ 1078 CamelliaSubkeyR(26) = tr ^ subr(27); 1079 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */ 1080 CamelliaSubkeyR(27) = subr(26) ^ subr(28); 1081 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */ 1082 CamelliaSubkeyR(28) = subr(27) ^ subr(29); 1083 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */ 1084 CamelliaSubkeyR(29) = subr(28) ^ subr(30); 1085 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */ 1086 CamelliaSubkeyR(30) = subr(29) ^ subr(31); 1087 CamelliaSubkeyL(31) = subl(30); /* round 24 */ 1088 CamelliaSubkeyR(31) = subr(30); 1089 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */ 1090 CamelliaSubkeyR(32) = subr(32) ^ subr(31); 1091 1092 /* apply the inverse of the last half of P-function */ 1093 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), 1094 dw = CAMELLIA_RL8(dw);/* round 1 */ 1095 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, 1096 CamelliaSubkeyL(2) = dw; 1097 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), 1098 dw = CAMELLIA_RL8(dw);/* round 2 */ 1099 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, 1100 CamelliaSubkeyL(3) = dw; 1101 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), 1102 dw = CAMELLIA_RL8(dw);/* round 3 */ 1103 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, 1104 CamelliaSubkeyL(4) = dw; 1105 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), 1106 dw = CAMELLIA_RL8(dw);/* round 4 */ 1107 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, 1108 CamelliaSubkeyL(5) = dw; 1109 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), 1110 dw = CAMELLIA_RL8(dw);/* round 5 */ 1111 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, 1112 CamelliaSubkeyL(6) = dw; 1113 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), 1114 dw = CAMELLIA_RL8(dw);/* round 6 */ 1115 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, 1116 CamelliaSubkeyL(7) = dw; 1117 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), 1118 dw = CAMELLIA_RL8(dw);/* round 7 */ 1119 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, 1120 CamelliaSubkeyL(10) = dw; 1121 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), 1122 dw = CAMELLIA_RL8(dw);/* round 8 */ 1123 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, 1124 CamelliaSubkeyL(11) = dw; 1125 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), 1126 dw = CAMELLIA_RL8(dw);/* round 9 */ 1127 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, 1128 CamelliaSubkeyL(12) = dw; 1129 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), 1130 dw = CAMELLIA_RL8(dw);/* round 10 */ 1131 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, 1132 CamelliaSubkeyL(13) = dw; 1133 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), 1134 dw = CAMELLIA_RL8(dw);/* round 11 */ 1135 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, 1136 CamelliaSubkeyL(14) = dw; 1137 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), 1138 dw = CAMELLIA_RL8(dw);/* round 12 */ 1139 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, 1140 CamelliaSubkeyL(15) = dw; 1141 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), 1142 dw = CAMELLIA_RL8(dw);/* round 13 */ 1143 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, 1144 CamelliaSubkeyL(18) = dw; 1145 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), 1146 dw = CAMELLIA_RL8(dw);/* round 14 */ 1147 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, 1148 CamelliaSubkeyL(19) = dw; 1149 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), 1150 dw = CAMELLIA_RL8(dw);/* round 15 */ 1151 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, 1152 CamelliaSubkeyL(20) = dw; 1153 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), 1154 dw = CAMELLIA_RL8(dw);/* round 16 */ 1155 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, 1156 CamelliaSubkeyL(21) = dw; 1157 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), 1158 dw = CAMELLIA_RL8(dw);/* round 17 */ 1159 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, 1160 CamelliaSubkeyL(22) = dw; 1161 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), 1162 dw = CAMELLIA_RL8(dw);/* round 18 */ 1163 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, 1164 CamelliaSubkeyL(23) = dw; 1165 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), 1166 dw = CAMELLIA_RL8(dw);/* round 19 */ 1167 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, 1168 CamelliaSubkeyL(26) = dw; 1169 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), 1170 dw = CAMELLIA_RL8(dw);/* round 20 */ 1171 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, 1172 CamelliaSubkeyL(27) = dw; 1173 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), 1174 dw = CAMELLIA_RL8(dw);/* round 21 */ 1175 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, 1176 CamelliaSubkeyL(28) = dw; 1177 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), 1178 dw = CAMELLIA_RL8(dw);/* round 22 */ 1179 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, 1180 CamelliaSubkeyL(29) = dw; 1181 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), 1182 dw = CAMELLIA_RL8(dw);/* round 23 */ 1183 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, 1184 CamelliaSubkeyL(30) = dw; 1185 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), 1186 dw = CAMELLIA_RL8(dw);/* round 24 */ 1187 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, 1188 CamelliaSubkeyL(31) = dw; 1189 1190 1191 return; 1192 } 1193 1194void camellia_setup192(const u8 *key, u32 *subkey) 1195 { 1196 u8 kk[32]; 1197 u32 krll, krlr, krrl,krrr; 1198 1199 memcpy(kk, key, 24); 1200 memcpy((u8 *)&krll, key+16,4); 1201 memcpy((u8 *)&krlr, key+20,4); 1202 krrl = ~krll; 1203 krrr = ~krlr; 1204 memcpy(kk+24, (u8 *)&krrl, 4); 1205 memcpy(kk+28, (u8 *)&krrr, 4); 1206 camellia_setup256(kk, subkey); 1207 return; 1208 } 1209 1210 1211/** 1212 * Stuff related to camellia encryption/decryption 1213 */ 1214void camellia_encrypt128(const u32 *subkey, u32 *io) 1215 { 1216 u32 il, ir, t0, t1; 1217 1218 /* pre whitening but absorb kw2*/ 1219 io[0] ^= CamelliaSubkeyL(0); 1220 io[1] ^= CamelliaSubkeyR(0); 1221 /* main iteration */ 1222 1223 CAMELLIA_ROUNDSM(io[0],io[1], 1224 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1225 io[2],io[3],il,ir,t0,t1); 1226 CAMELLIA_ROUNDSM(io[2],io[3], 1227 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1228 io[0],io[1],il,ir,t0,t1); 1229 CAMELLIA_ROUNDSM(io[0],io[1], 1230 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1231 io[2],io[3],il,ir,t0,t1); 1232 CAMELLIA_ROUNDSM(io[2],io[3], 1233 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1234 io[0],io[1],il,ir,t0,t1); 1235 CAMELLIA_ROUNDSM(io[0],io[1], 1236 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1237 io[2],io[3],il,ir,t0,t1); 1238 CAMELLIA_ROUNDSM(io[2],io[3], 1239 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1240 io[0],io[1],il,ir,t0,t1); 1241 1242 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1243 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1244 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1245 t0,t1,il,ir); 1246 1247 CAMELLIA_ROUNDSM(io[0],io[1], 1248 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1249 io[2],io[3],il,ir,t0,t1); 1250 CAMELLIA_ROUNDSM(io[2],io[3], 1251 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1252 io[0],io[1],il,ir,t0,t1); 1253 CAMELLIA_ROUNDSM(io[0],io[1], 1254 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1255 io[2],io[3],il,ir,t0,t1); 1256 CAMELLIA_ROUNDSM(io[2],io[3], 1257 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1258 io[0],io[1],il,ir,t0,t1); 1259 CAMELLIA_ROUNDSM(io[0],io[1], 1260 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1261 io[2],io[3],il,ir,t0,t1); 1262 CAMELLIA_ROUNDSM(io[2],io[3], 1263 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1264 io[0],io[1],il,ir,t0,t1); 1265 1266 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1267 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1268 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1269 t0,t1,il,ir); 1270 1271 CAMELLIA_ROUNDSM(io[0],io[1], 1272 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1273 io[2],io[3],il,ir,t0,t1); 1274 CAMELLIA_ROUNDSM(io[2],io[3], 1275 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1276 io[0],io[1],il,ir,t0,t1); 1277 CAMELLIA_ROUNDSM(io[0],io[1], 1278 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1279 io[2],io[3],il,ir,t0,t1); 1280 CAMELLIA_ROUNDSM(io[2],io[3], 1281 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1282 io[0],io[1],il,ir,t0,t1); 1283 CAMELLIA_ROUNDSM(io[0],io[1], 1284 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1285 io[2],io[3],il,ir,t0,t1); 1286 CAMELLIA_ROUNDSM(io[2],io[3], 1287 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1288 io[0],io[1],il,ir,t0,t1); 1289 1290 /* post whitening but kw4 */ 1291 io[2] ^= CamelliaSubkeyL(24); 1292 io[3] ^= CamelliaSubkeyR(24); 1293 1294 t0 = io[0]; 1295 t1 = io[1]; 1296 io[0] = io[2]; 1297 io[1] = io[3]; 1298 io[2] = t0; 1299 io[3] = t1; 1300 1301 return; 1302 } 1303 1304void camellia_decrypt128(const u32 *subkey, u32 *io) 1305 { 1306 u32 il,ir,t0,t1; /* temporary valiables */ 1307 1308 /* pre whitening but absorb kw2*/ 1309 io[0] ^= CamelliaSubkeyL(24); 1310 io[1] ^= CamelliaSubkeyR(24); 1311 1312 /* main iteration */ 1313 CAMELLIA_ROUNDSM(io[0],io[1], 1314 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1315 io[2],io[3],il,ir,t0,t1); 1316 CAMELLIA_ROUNDSM(io[2],io[3], 1317 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1318 io[0],io[1],il,ir,t0,t1); 1319 CAMELLIA_ROUNDSM(io[0],io[1], 1320 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1321 io[2],io[3],il,ir,t0,t1); 1322 CAMELLIA_ROUNDSM(io[2],io[3], 1323 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1324 io[0],io[1],il,ir,t0,t1); 1325 CAMELLIA_ROUNDSM(io[0],io[1], 1326 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1327 io[2],io[3],il,ir,t0,t1); 1328 CAMELLIA_ROUNDSM(io[2],io[3], 1329 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1330 io[0],io[1],il,ir,t0,t1); 1331 1332 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1333 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1334 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1335 t0,t1,il,ir); 1336 1337 CAMELLIA_ROUNDSM(io[0],io[1], 1338 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1339 io[2],io[3],il,ir,t0,t1); 1340 CAMELLIA_ROUNDSM(io[2],io[3], 1341 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1342 io[0],io[1],il,ir,t0,t1); 1343 CAMELLIA_ROUNDSM(io[0],io[1], 1344 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1345 io[2],io[3],il,ir,t0,t1); 1346 CAMELLIA_ROUNDSM(io[2],io[3], 1347 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1348 io[0],io[1],il,ir,t0,t1); 1349 CAMELLIA_ROUNDSM(io[0],io[1], 1350 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1351 io[2],io[3],il,ir,t0,t1); 1352 CAMELLIA_ROUNDSM(io[2],io[3], 1353 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1354 io[0],io[1],il,ir,t0,t1); 1355 1356 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1357 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1358 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1359 t0,t1,il,ir); 1360 1361 CAMELLIA_ROUNDSM(io[0],io[1], 1362 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1363 io[2],io[3],il,ir,t0,t1); 1364 CAMELLIA_ROUNDSM(io[2],io[3], 1365 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1366 io[0],io[1],il,ir,t0,t1); 1367 CAMELLIA_ROUNDSM(io[0],io[1], 1368 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1369 io[2],io[3],il,ir,t0,t1); 1370 CAMELLIA_ROUNDSM(io[2],io[3], 1371 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1372 io[0],io[1],il,ir,t0,t1); 1373 CAMELLIA_ROUNDSM(io[0],io[1], 1374 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1375 io[2],io[3],il,ir,t0,t1); 1376 CAMELLIA_ROUNDSM(io[2],io[3], 1377 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1378 io[0],io[1],il,ir,t0,t1); 1379 1380 /* post whitening but kw4 */ 1381 io[2] ^= CamelliaSubkeyL(0); 1382 io[3] ^= CamelliaSubkeyR(0); 1383 1384 t0 = io[0]; 1385 t1 = io[1]; 1386 io[0] = io[2]; 1387 io[1] = io[3]; 1388 io[2] = t0; 1389 io[3] = t1; 1390 1391 return; 1392 } 1393 1394/** 1395 * stuff for 192 and 256bit encryption/decryption 1396 */ 1397void camellia_encrypt256(const u32 *subkey, u32 *io) 1398 { 1399 u32 il,ir,t0,t1; /* temporary valiables */ 1400 1401 /* pre whitening but absorb kw2*/ 1402 io[0] ^= CamelliaSubkeyL(0); 1403 io[1] ^= CamelliaSubkeyR(0); 1404 1405 /* main iteration */ 1406 CAMELLIA_ROUNDSM(io[0],io[1], 1407 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1408 io[2],io[3],il,ir,t0,t1); 1409 CAMELLIA_ROUNDSM(io[2],io[3], 1410 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1411 io[0],io[1],il,ir,t0,t1); 1412 CAMELLIA_ROUNDSM(io[0],io[1], 1413 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1414 io[2],io[3],il,ir,t0,t1); 1415 CAMELLIA_ROUNDSM(io[2],io[3], 1416 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1417 io[0],io[1],il,ir,t0,t1); 1418 CAMELLIA_ROUNDSM(io[0],io[1], 1419 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1420 io[2],io[3],il,ir,t0,t1); 1421 CAMELLIA_ROUNDSM(io[2],io[3], 1422 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1423 io[0],io[1],il,ir,t0,t1); 1424 1425 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1426 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1427 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1428 t0,t1,il,ir); 1429 1430 CAMELLIA_ROUNDSM(io[0],io[1], 1431 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1432 io[2],io[3],il,ir,t0,t1); 1433 CAMELLIA_ROUNDSM(io[2],io[3], 1434 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1435 io[0],io[1],il,ir,t0,t1); 1436 CAMELLIA_ROUNDSM(io[0],io[1], 1437 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1438 io[2],io[3],il,ir,t0,t1); 1439 CAMELLIA_ROUNDSM(io[2],io[3], 1440 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1441 io[0],io[1],il,ir,t0,t1); 1442 CAMELLIA_ROUNDSM(io[0],io[1], 1443 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1444 io[2],io[3],il,ir,t0,t1); 1445 CAMELLIA_ROUNDSM(io[2],io[3], 1446 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1447 io[0],io[1],il,ir,t0,t1); 1448 1449 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1450 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1451 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1452 t0,t1,il,ir); 1453 1454 CAMELLIA_ROUNDSM(io[0],io[1], 1455 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1456 io[2],io[3],il,ir,t0,t1); 1457 CAMELLIA_ROUNDSM(io[2],io[3], 1458 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1459 io[0],io[1],il,ir,t0,t1); 1460 CAMELLIA_ROUNDSM(io[0],io[1], 1461 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1462 io[2],io[3],il,ir,t0,t1); 1463 CAMELLIA_ROUNDSM(io[2],io[3], 1464 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1465 io[0],io[1],il,ir,t0,t1); 1466 CAMELLIA_ROUNDSM(io[0],io[1], 1467 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1468 io[2],io[3],il,ir,t0,t1); 1469 CAMELLIA_ROUNDSM(io[2],io[3], 1470 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1471 io[0],io[1],il,ir,t0,t1); 1472 1473 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1474 CamelliaSubkeyL(24),CamelliaSubkeyR(24), 1475 CamelliaSubkeyL(25),CamelliaSubkeyR(25), 1476 t0,t1,il,ir); 1477 1478 CAMELLIA_ROUNDSM(io[0],io[1], 1479 CamelliaSubkeyL(26),CamelliaSubkeyR(26), 1480 io[2],io[3],il,ir,t0,t1); 1481 CAMELLIA_ROUNDSM(io[2],io[3], 1482 CamelliaSubkeyL(27),CamelliaSubkeyR(27), 1483 io[0],io[1],il,ir,t0,t1); 1484 CAMELLIA_ROUNDSM(io[0],io[1], 1485 CamelliaSubkeyL(28),CamelliaSubkeyR(28), 1486 io[2],io[3],il,ir,t0,t1); 1487 CAMELLIA_ROUNDSM(io[2],io[3], 1488 CamelliaSubkeyL(29),CamelliaSubkeyR(29), 1489 io[0],io[1],il,ir,t0,t1); 1490 CAMELLIA_ROUNDSM(io[0],io[1], 1491 CamelliaSubkeyL(30),CamelliaSubkeyR(30), 1492 io[2],io[3],il,ir,t0,t1); 1493 CAMELLIA_ROUNDSM(io[2],io[3], 1494 CamelliaSubkeyL(31),CamelliaSubkeyR(31), 1495 io[0],io[1],il,ir,t0,t1); 1496 1497 /* post whitening but kw4 */ 1498 io[2] ^= CamelliaSubkeyL(32); 1499 io[3] ^= CamelliaSubkeyR(32); 1500 1501 t0 = io[0]; 1502 t1 = io[1]; 1503 io[0] = io[2]; 1504 io[1] = io[3]; 1505 io[2] = t0; 1506 io[3] = t1; 1507 1508 return; 1509 } 1510 1511void camellia_decrypt256(const u32 *subkey, u32 *io) 1512 { 1513 u32 il,ir,t0,t1; /* temporary valiables */ 1514 1515 /* pre whitening but absorb kw2*/ 1516 io[0] ^= CamelliaSubkeyL(32); 1517 io[1] ^= CamelliaSubkeyR(32); 1518 1519 /* main iteration */ 1520 CAMELLIA_ROUNDSM(io[0],io[1], 1521 CamelliaSubkeyL(31),CamelliaSubkeyR(31), 1522 io[2],io[3],il,ir,t0,t1); 1523 CAMELLIA_ROUNDSM(io[2],io[3], 1524 CamelliaSubkeyL(30),CamelliaSubkeyR(30), 1525 io[0],io[1],il,ir,t0,t1); 1526 CAMELLIA_ROUNDSM(io[0],io[1], 1527 CamelliaSubkeyL(29),CamelliaSubkeyR(29), 1528 io[2],io[3],il,ir,t0,t1); 1529 CAMELLIA_ROUNDSM(io[2],io[3], 1530 CamelliaSubkeyL(28),CamelliaSubkeyR(28), 1531 io[0],io[1],il,ir,t0,t1); 1532 CAMELLIA_ROUNDSM(io[0],io[1], 1533 CamelliaSubkeyL(27),CamelliaSubkeyR(27), 1534 io[2],io[3],il,ir,t0,t1); 1535 CAMELLIA_ROUNDSM(io[2],io[3], 1536 CamelliaSubkeyL(26),CamelliaSubkeyR(26), 1537 io[0],io[1],il,ir,t0,t1); 1538 1539 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1540 CamelliaSubkeyL(25),CamelliaSubkeyR(25), 1541 CamelliaSubkeyL(24),CamelliaSubkeyR(24), 1542 t0,t1,il,ir); 1543 1544 CAMELLIA_ROUNDSM(io[0],io[1], 1545 CamelliaSubkeyL(23),CamelliaSubkeyR(23), 1546 io[2],io[3],il,ir,t0,t1); 1547 CAMELLIA_ROUNDSM(io[2],io[3], 1548 CamelliaSubkeyL(22),CamelliaSubkeyR(22), 1549 io[0],io[1],il,ir,t0,t1); 1550 CAMELLIA_ROUNDSM(io[0],io[1], 1551 CamelliaSubkeyL(21),CamelliaSubkeyR(21), 1552 io[2],io[3],il,ir,t0,t1); 1553 CAMELLIA_ROUNDSM(io[2],io[3], 1554 CamelliaSubkeyL(20),CamelliaSubkeyR(20), 1555 io[0],io[1],il,ir,t0,t1); 1556 CAMELLIA_ROUNDSM(io[0],io[1], 1557 CamelliaSubkeyL(19),CamelliaSubkeyR(19), 1558 io[2],io[3],il,ir,t0,t1); 1559 CAMELLIA_ROUNDSM(io[2],io[3], 1560 CamelliaSubkeyL(18),CamelliaSubkeyR(18), 1561 io[0],io[1],il,ir,t0,t1); 1562 1563 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1564 CamelliaSubkeyL(17),CamelliaSubkeyR(17), 1565 CamelliaSubkeyL(16),CamelliaSubkeyR(16), 1566 t0,t1,il,ir); 1567 1568 CAMELLIA_ROUNDSM(io[0],io[1], 1569 CamelliaSubkeyL(15),CamelliaSubkeyR(15), 1570 io[2],io[3],il,ir,t0,t1); 1571 CAMELLIA_ROUNDSM(io[2],io[3], 1572 CamelliaSubkeyL(14),CamelliaSubkeyR(14), 1573 io[0],io[1],il,ir,t0,t1); 1574 CAMELLIA_ROUNDSM(io[0],io[1], 1575 CamelliaSubkeyL(13),CamelliaSubkeyR(13), 1576 io[2],io[3],il,ir,t0,t1); 1577 CAMELLIA_ROUNDSM(io[2],io[3], 1578 CamelliaSubkeyL(12),CamelliaSubkeyR(12), 1579 io[0],io[1],il,ir,t0,t1); 1580 CAMELLIA_ROUNDSM(io[0],io[1], 1581 CamelliaSubkeyL(11),CamelliaSubkeyR(11), 1582 io[2],io[3],il,ir,t0,t1); 1583 CAMELLIA_ROUNDSM(io[2],io[3], 1584 CamelliaSubkeyL(10),CamelliaSubkeyR(10), 1585 io[0],io[1],il,ir,t0,t1); 1586 1587 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1588 CamelliaSubkeyL(9),CamelliaSubkeyR(9), 1589 CamelliaSubkeyL(8),CamelliaSubkeyR(8), 1590 t0,t1,il,ir); 1591 1592 CAMELLIA_ROUNDSM(io[0],io[1], 1593 CamelliaSubkeyL(7),CamelliaSubkeyR(7), 1594 io[2],io[3],il,ir,t0,t1); 1595 CAMELLIA_ROUNDSM(io[2],io[3], 1596 CamelliaSubkeyL(6),CamelliaSubkeyR(6), 1597 io[0],io[1],il,ir,t0,t1); 1598 CAMELLIA_ROUNDSM(io[0],io[1], 1599 CamelliaSubkeyL(5),CamelliaSubkeyR(5), 1600 io[2],io[3],il,ir,t0,t1); 1601 CAMELLIA_ROUNDSM(io[2],io[3], 1602 CamelliaSubkeyL(4),CamelliaSubkeyR(4), 1603 io[0],io[1],il,ir,t0,t1); 1604 CAMELLIA_ROUNDSM(io[0],io[1], 1605 CamelliaSubkeyL(3),CamelliaSubkeyR(3), 1606 io[2],io[3],il,ir,t0,t1); 1607 CAMELLIA_ROUNDSM(io[2],io[3], 1608 CamelliaSubkeyL(2),CamelliaSubkeyR(2), 1609 io[0],io[1],il,ir,t0,t1); 1610 1611 /* post whitening but kw4 */ 1612 io[2] ^= CamelliaSubkeyL(0); 1613 io[3] ^= CamelliaSubkeyR(0); 1614 1615 t0 = io[0]; 1616 t1 = io[1]; 1617 io[0] = io[2]; 1618 io[1] = io[3]; 1619 io[2] = t0; 1620 io[3] = t1; 1621 1622 return; 1623 } 1624 1625