1 /* lib/crypto/builtin/camellia/camellia.c - Camellia version 1.2.0 */
3 * Copyright (c) 2006,2007,2009
4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer as
11 * the first lines of this file unmodified.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * Algorithm Specification
30 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
41 #define CAMELLIA_SIGMA1L (0xA09E667FL)
42 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
43 #define CAMELLIA_SIGMA2L (0xB67AE858L)
44 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
45 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
46 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
47 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
48 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
49 #define CAMELLIA_SIGMA5L (0x10E527FAL)
50 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
51 #define CAMELLIA_SIGMA6L (0xB05688C2L)
52 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
61 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
62 # define GETU32(p) SWAP(*((u32 *)(p)))
63 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
68 (((u32)(pt)[0] << 24) \
69 ^ ((u32)(pt)[1] << 16) \
70 ^ ((u32)(pt)[2] << 8) \
73 # define PUTU32(ct, st) { \
74 (ct)[0] = (u8)((st) >> 24); \
75 (ct)[1] = (u8)((st) >> 16); \
76 (ct)[2] = (u8)((st) >> 8); \
81 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
82 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
84 /* rotation right shift 1byte */
85 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
86 /* rotation left shift 1bit */
87 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
88 /* rotation left shift 1byte */
89 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
91 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
94 ll = (ll << bits) + (lr >> (32 - bits)); \
95 lr = (lr << bits) + (rl >> (32 - bits)); \
96 rl = (rl << bits) + (rr >> (32 - bits)); \
97 rr = (rr << bits) + (w0 >> (32 - bits)); \
100 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
104 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
105 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
106 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
107 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
110 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
111 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
112 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
113 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
115 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
121 yl = CAMELLIA_SP1110(ir & 0xff) \
122 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
123 ^ CAMELLIA_SP3033(t1 & 0xff) \
124 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
125 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
126 ^ CAMELLIA_SP0222(t0 & 0xff) \
127 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
128 ^ CAMELLIA_SP4404(il & 0xff); \
130 yr = CAMELLIA_RR8(yr); \
139 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
143 lr ^= CAMELLIA_RL1(t0); \
153 rr ^= CAMELLIA_RL1(t3); \
156 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
158 ir = CAMELLIA_SP1110(xr & 0xff) \
159 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
160 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
161 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
162 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
163 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
164 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
165 ^ CAMELLIA_SP4404(xl & 0xff); \
169 il = CAMELLIA_RR8(il); \
176 static const u32 camellia_sp1110[256] = {
177 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
178 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
179 0xe4e4e400,0x85858500,0x57575700,0x35353500,
180 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
181 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
182 0x45454500,0x19191900,0xa5a5a500,0x21212100,
183 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
184 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
185 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
186 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
187 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
188 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
189 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
190 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
191 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
192 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
193 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
194 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
195 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
196 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
197 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
198 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
199 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
200 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
201 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
202 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
203 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
204 0x53535300,0x18181800,0xf2f2f200,0x22222200,
205 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
206 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
207 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
208 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
209 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
210 0xa1a1a100,0x89898900,0x62626200,0x97979700,
211 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
212 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
213 0x10101000,0xc4c4c400,0x00000000,0x48484800,
214 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
215 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
216 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
217 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
218 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
219 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
220 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
221 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
222 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
223 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
224 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
225 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
226 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
227 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
228 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
229 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
230 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
231 0xd4d4d400,0x25252500,0xababab00,0x42424200,
232 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
233 0x72727200,0x07070700,0xb9b9b900,0x55555500,
234 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
235 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
236 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
237 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
238 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
239 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
240 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
243 static const u32 camellia_sp0222[256] = {
244 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
245 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
246 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
247 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
248 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
249 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
250 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
251 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
252 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
253 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
254 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
255 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
256 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
257 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
258 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
259 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
260 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
261 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
262 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
263 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
264 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
265 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
266 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
267 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
268 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
269 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
270 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
271 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
272 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
273 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
274 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
275 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
276 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
277 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
278 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
279 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
280 0x00202020,0x00898989,0x00000000,0x00909090,
281 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
282 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
283 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
284 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
285 0x009b9b9b,0x00949494,0x00212121,0x00666666,
286 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
287 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
288 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
289 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
290 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
291 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
292 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
293 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
294 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
295 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
296 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
297 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
298 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
299 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
300 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
301 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
302 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
303 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
304 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
305 0x00777777,0x00939393,0x00868686,0x00838383,
306 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
307 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
310 static const u32 camellia_sp3033[256] = {
311 0x38003838,0x41004141,0x16001616,0x76007676,
312 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
313 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
314 0x75007575,0x06000606,0x57005757,0xa000a0a0,
315 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
316 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
317 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
318 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
319 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
320 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
321 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
322 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
323 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
324 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
325 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
326 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
327 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
328 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
329 0x3a003a3a,0x09000909,0x95009595,0x10001010,
330 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
331 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
332 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
333 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
334 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
335 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
336 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
337 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
338 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
339 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
340 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
341 0x12001212,0x04000404,0x74007474,0x54005454,
342 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
343 0x55005555,0x68006868,0x50005050,0xbe00bebe,
344 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
345 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
346 0x70007070,0xff00ffff,0x32003232,0x69006969,
347 0x08000808,0x62006262,0x00000000,0x24002424,
348 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
349 0x45004545,0x81008181,0x73007373,0x6d006d6d,
350 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
351 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
352 0xe600e6e6,0x25002525,0x48004848,0x99009999,
353 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
354 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
355 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
356 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
357 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
358 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
359 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
360 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
361 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
362 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
363 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
364 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
365 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
366 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
367 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
368 0x7c007c7c,0x77007777,0x56005656,0x05000505,
369 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
370 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
371 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
372 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
373 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
374 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
377 static const u32 camellia_sp4404[256] = {
378 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
379 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
380 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
381 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
382 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
383 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
384 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
385 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
386 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
387 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
388 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
389 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
390 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
391 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
392 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
393 0x24240024,0xe8e800e8,0x60600060,0x69690069,
394 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
395 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
396 0x10100010,0x00000000,0xa3a300a3,0x75750075,
397 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
398 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
399 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
400 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
401 0x81810081,0x6f6f006f,0x13130013,0x63630063,
402 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
403 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
404 0x78780078,0x06060006,0xe7e700e7,0x71710071,
405 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
406 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
407 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
408 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
409 0x15150015,0xadad00ad,0x77770077,0x80800080,
410 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
411 0x85850085,0x35350035,0x0c0c000c,0x41410041,
412 0xefef00ef,0x93930093,0x19190019,0x21210021,
413 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
414 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
415 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
416 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
417 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
418 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
419 0x12120012,0x20200020,0xb1b100b1,0x99990099,
420 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
421 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
422 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
423 0x0f0f000f,0x16160016,0x18180018,0x22220022,
424 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
425 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
426 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
427 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
428 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
429 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
430 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
431 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
432 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
433 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
434 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
435 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
436 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
437 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
438 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
439 0x49490049,0x68680068,0x38380038,0xa4a400a4,
440 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
441 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
446 * Stuff related to the Camellia key schedule
448 #define subl(x) subL[(x)]
449 #define subr(x) subR[(x)]
452 camellia_setup128(const unsigned char *key, u32 *subkey)
454 u32 kll, klr, krl, krr;
455 u32 il, ir, t0, t1, w0, w1;
456 u32 kw4l, kw4r, dw, tl, tr;
461 * k == kll || klr || krl || krr (|| is concatination)
464 klr = GETU32(key + 4);
465 krl = GETU32(key + 8);
466 krr = GETU32(key + 12);
468 * generate KL dependent subkeys
470 subl(0) = kll; subr(0) = klr;
471 subl(1) = krl; subr(1) = krr;
472 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
473 subl(4) = kll; subr(4) = klr;
474 subl(5) = krl; subr(5) = krr;
475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
476 subl(10) = kll; subr(10) = klr;
477 subl(11) = krl; subr(11) = krr;
478 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
479 subl(13) = krl; subr(13) = krr;
480 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
481 subl(16) = kll; subr(16) = klr;
482 subl(17) = krl; subr(17) = krr;
483 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
484 subl(18) = kll; subr(18) = klr;
485 subl(19) = krl; subr(19) = krr;
486 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
487 subl(22) = kll; subr(22) = klr;
488 subl(23) = krl; subr(23) = krr;
491 kll = subl(0); klr = subr(0);
492 krl = subl(1); krr = subr(1);
494 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
495 w0, w1, il, ir, t0, t1);
496 krl ^= w0; krr ^= w1;
498 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
499 kll, klr, il, ir, t0, t1);
501 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
502 krl, krr, il, ir, t0, t1);
503 krl ^= w0; krr ^= w1;
505 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
506 w0, w1, il, ir, t0, t1);
507 kll ^= w0; klr ^= w1;
509 /* generate KA dependent subkeys */
510 subl(2) = kll; subr(2) = klr;
511 subl(3) = krl; subr(3) = krr;
512 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
513 subl(6) = kll; subr(6) = klr;
514 subl(7) = krl; subr(7) = krr;
515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
516 subl(8) = kll; subr(8) = klr;
517 subl(9) = krl; subr(9) = krr;
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
519 subl(12) = kll; subr(12) = klr;
520 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
521 subl(14) = kll; subr(14) = klr;
522 subl(15) = krl; subr(15) = krr;
523 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
524 subl(20) = kll; subr(20) = klr;
525 subl(21) = krl; subr(21) = krr;
526 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
527 subl(24) = kll; subr(24) = klr;
528 subl(25) = krl; subr(25) = krr;
531 /* absorb kw2 to other subkeys */
532 subl(3) ^= subl(1); subr(3) ^= subr(1);
533 subl(5) ^= subl(1); subr(5) ^= subr(1);
534 subl(7) ^= subl(1); subr(7) ^= subr(1);
535 subl(1) ^= subr(1) & ~subr(9);
536 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
537 subl(11) ^= subl(1); subr(11) ^= subr(1);
538 subl(13) ^= subl(1); subr(13) ^= subr(1);
539 subl(15) ^= subl(1); subr(15) ^= subr(1);
540 subl(1) ^= subr(1) & ~subr(17);
541 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
542 subl(19) ^= subl(1); subr(19) ^= subr(1);
543 subl(21) ^= subl(1); subr(21) ^= subr(1);
544 subl(23) ^= subl(1); subr(23) ^= subr(1);
545 subl(24) ^= subl(1); subr(24) ^= subr(1);
547 /* absorb kw4 to other subkeys */
548 kw4l = subl(25); kw4r = subr(25);
549 subl(22) ^= kw4l; subr(22) ^= kw4r;
550 subl(20) ^= kw4l; subr(20) ^= kw4r;
551 subl(18) ^= kw4l; subr(18) ^= kw4r;
552 kw4l ^= kw4r & ~subr(16);
553 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
554 subl(14) ^= kw4l; subr(14) ^= kw4r;
555 subl(12) ^= kw4l; subr(12) ^= kw4r;
556 subl(10) ^= kw4l; subr(10) ^= kw4r;
557 kw4l ^= kw4r & ~subr(8);
558 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
559 subl(6) ^= kw4l; subr(6) ^= kw4r;
560 subl(4) ^= kw4l; subr(4) ^= kw4r;
561 subl(2) ^= kw4l; subr(2) ^= kw4r;
562 subl(0) ^= kw4l; subr(0) ^= kw4r;
564 /* key XOR is end of F-function */
565 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
566 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
567 CamelliaSubkeyL(2) = subl(3);
568 CamelliaSubkeyR(2) = subr(3);
569 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
570 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
571 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
572 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
573 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
574 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
575 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
576 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
577 tl = subl(10) ^ (subr(10) & ~subr(8));
578 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
579 CamelliaSubkeyL(7) = subl(6) ^ tl;
580 CamelliaSubkeyR(7) = subr(6) ^ tr;
581 CamelliaSubkeyL(8) = subl(8);
582 CamelliaSubkeyR(8) = subr(8);
583 CamelliaSubkeyL(9) = subl(9);
584 CamelliaSubkeyR(9) = subr(9);
585 tl = subl(7) ^ (subr(7) & ~subr(9));
586 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
587 CamelliaSubkeyL(10) = tl ^ subl(11);
588 CamelliaSubkeyR(10) = tr ^ subr(11);
589 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
590 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
591 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
592 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
593 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
594 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
595 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
596 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
597 tl = subl(18) ^ (subr(18) & ~subr(16));
598 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
599 CamelliaSubkeyL(15) = subl(14) ^ tl;
600 CamelliaSubkeyR(15) = subr(14) ^ tr;
601 CamelliaSubkeyL(16) = subl(16);
602 CamelliaSubkeyR(16) = subr(16);
603 CamelliaSubkeyL(17) = subl(17);
604 CamelliaSubkeyR(17) = subr(17);
605 tl = subl(15) ^ (subr(15) & ~subr(17));
606 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
607 CamelliaSubkeyL(18) = tl ^ subl(19);
608 CamelliaSubkeyR(18) = tr ^ subr(19);
609 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
610 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
611 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
612 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
613 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
614 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
615 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
616 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
617 CamelliaSubkeyL(23) = subl(22);
618 CamelliaSubkeyR(23) = subr(22);
619 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
620 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
622 /* apply the inverse of the last half of P-function */
623 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
624 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
625 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
626 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
627 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
628 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
629 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
630 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
631 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
632 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
633 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
634 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
635 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
636 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
637 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
638 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
639 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
640 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
641 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
642 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
643 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
644 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
645 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
646 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
647 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
648 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
649 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
650 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
651 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
652 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
653 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
654 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
655 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
656 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
657 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
658 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
664 camellia_setup256(const unsigned char *key, u32 *subkey)
666 u32 kll,klr,krl,krr; /* left half of key */
667 u32 krll,krlr,krrl,krrr; /* right half of key */
668 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
669 u32 kw4l, kw4r, dw, tl, tr;
674 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
675 * (|| is concatination)
679 klr = GETU32(key + 4);
680 krl = GETU32(key + 8);
681 krr = GETU32(key + 12);
682 krll = GETU32(key + 16);
683 krlr = GETU32(key + 20);
684 krrl = GETU32(key + 24);
685 krrr = GETU32(key + 28);
687 /* generate KL dependent subkeys */
688 subl(0) = kll; subr(0) = klr;
689 subl(1) = krl; subr(1) = krr;
690 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
691 subl(12) = kll; subr(12) = klr;
692 subl(13) = krl; subr(13) = krr;
693 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
694 subl(16) = kll; subr(16) = klr;
695 subl(17) = krl; subr(17) = krr;
696 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
697 subl(22) = kll; subr(22) = klr;
698 subl(23) = krl; subr(23) = krr;
699 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
700 subl(30) = kll; subr(30) = klr;
701 subl(31) = krl; subr(31) = krr;
703 /* generate KR dependent subkeys */
704 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
705 subl(4) = krll; subr(4) = krlr;
706 subl(5) = krrl; subr(5) = krrr;
707 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
708 subl(8) = krll; subr(8) = krlr;
709 subl(9) = krrl; subr(9) = krrr;
710 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
711 subl(18) = krll; subr(18) = krlr;
712 subl(19) = krrl; subr(19) = krrr;
713 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
714 subl(26) = krll; subr(26) = krlr;
715 subl(27) = krrl; subr(27) = krrr;
716 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
719 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
720 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
722 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
723 w0, w1, il, ir, t0, t1);
724 krl ^= w0; krr ^= w1;
726 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
727 kll, klr, il, ir, t0, t1);
728 kll ^= krll; klr ^= krlr;
730 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
731 krl, krr, il, ir, t0, t1);
732 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
734 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
735 w0, w1, il, ir, t0, t1);
736 kll ^= w0; klr ^= w1;
739 krll ^= kll; krlr ^= klr;
740 krrl ^= krl; krrr ^= krr;
741 CAMELLIA_F(krll, krlr,
742 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
743 w0, w1, il, ir, t0, t1);
744 krrl ^= w0; krrr ^= w1;
745 CAMELLIA_F(krrl, krrr,
746 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
747 w0, w1, il, ir, t0, t1);
748 krll ^= w0; krlr ^= w1;
750 /* generate KA dependent subkeys */
751 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
752 subl(6) = kll; subr(6) = klr;
753 subl(7) = krl; subr(7) = krr;
754 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
755 subl(14) = kll; subr(14) = klr;
756 subl(15) = krl; subr(15) = krr;
757 subl(24) = klr; subr(24) = krl;
758 subl(25) = krr; subr(25) = kll;
759 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
760 subl(28) = kll; subr(28) = klr;
761 subl(29) = krl; subr(29) = krr;
763 /* generate KB dependent subkeys */
764 subl(2) = krll; subr(2) = krlr;
765 subl(3) = krrl; subr(3) = krrr;
766 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
767 subl(10) = krll; subr(10) = krlr;
768 subl(11) = krrl; subr(11) = krrr;
769 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
770 subl(20) = krll; subr(20) = krlr;
771 subl(21) = krrl; subr(21) = krrr;
772 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
773 subl(32) = krll; subr(32) = krlr;
774 subl(33) = krrl; subr(33) = krrr;
776 /* absorb kw2 to other subkeys */
777 subl(3) ^= subl(1); subr(3) ^= subr(1);
778 subl(5) ^= subl(1); subr(5) ^= subr(1);
779 subl(7) ^= subl(1); subr(7) ^= subr(1);
780 subl(1) ^= subr(1) & ~subr(9);
781 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
782 subl(11) ^= subl(1); subr(11) ^= subr(1);
783 subl(13) ^= subl(1); subr(13) ^= subr(1);
784 subl(15) ^= subl(1); subr(15) ^= subr(1);
785 subl(1) ^= subr(1) & ~subr(17);
786 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
787 subl(19) ^= subl(1); subr(19) ^= subr(1);
788 subl(21) ^= subl(1); subr(21) ^= subr(1);
789 subl(23) ^= subl(1); subr(23) ^= subr(1);
790 subl(1) ^= subr(1) & ~subr(25);
791 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
792 subl(27) ^= subl(1); subr(27) ^= subr(1);
793 subl(29) ^= subl(1); subr(29) ^= subr(1);
794 subl(31) ^= subl(1); subr(31) ^= subr(1);
795 subl(32) ^= subl(1); subr(32) ^= subr(1);
797 /* absorb kw4 to other subkeys */
798 kw4l = subl(33); kw4r = subr(33);
799 subl(30) ^= kw4l; subr(30) ^= kw4r;
800 subl(28) ^= kw4l; subr(28) ^= kw4r;
801 subl(26) ^= kw4l; subr(26) ^= kw4r;
802 kw4l ^= kw4r & ~subr(24);
803 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
804 subl(22) ^= kw4l; subr(22) ^= kw4r;
805 subl(20) ^= kw4l; subr(20) ^= kw4r;
806 subl(18) ^= kw4l; subr(18) ^= kw4r;
807 kw4l ^= kw4r & ~subr(16);
808 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
809 subl(14) ^= kw4l; subr(14) ^= kw4r;
810 subl(12) ^= kw4l; subr(12) ^= kw4r;
811 subl(10) ^= kw4l; subr(10) ^= kw4r;
812 kw4l ^= kw4r & ~subr(8);
813 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
814 subl(6) ^= kw4l; subr(6) ^= kw4r;
815 subl(4) ^= kw4l; subr(4) ^= kw4r;
816 subl(2) ^= kw4l; subr(2) ^= kw4r;
817 subl(0) ^= kw4l; subr(0) ^= kw4r;
819 /* key XOR is end of F-function */
820 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
821 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
822 CamelliaSubkeyL(2) = subl(3);
823 CamelliaSubkeyR(2) = subr(3);
824 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
825 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
826 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
827 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
828 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
829 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
830 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
831 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
832 tl = subl(10) ^ (subr(10) & ~subr(8));
833 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
834 CamelliaSubkeyL(7) = subl(6) ^ tl;
835 CamelliaSubkeyR(7) = subr(6) ^ tr;
836 CamelliaSubkeyL(8) = subl(8);
837 CamelliaSubkeyR(8) = subr(8);
838 CamelliaSubkeyL(9) = subl(9);
839 CamelliaSubkeyR(9) = subr(9);
840 tl = subl(7) ^ (subr(7) & ~subr(9));
841 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
842 CamelliaSubkeyL(10) = tl ^ subl(11);
843 CamelliaSubkeyR(10) = tr ^ subr(11);
844 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
845 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
846 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
847 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
848 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
849 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
850 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
851 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
852 tl = subl(18) ^ (subr(18) & ~subr(16));
853 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
854 CamelliaSubkeyL(15) = subl(14) ^ tl;
855 CamelliaSubkeyR(15) = subr(14) ^ tr;
856 CamelliaSubkeyL(16) = subl(16);
857 CamelliaSubkeyR(16) = subr(16);
858 CamelliaSubkeyL(17) = subl(17);
859 CamelliaSubkeyR(17) = subr(17);
860 tl = subl(15) ^ (subr(15) & ~subr(17));
861 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
862 CamelliaSubkeyL(18) = tl ^ subl(19);
863 CamelliaSubkeyR(18) = tr ^ subr(19);
864 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
865 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
866 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
867 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
868 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
869 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
870 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
871 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
872 tl = subl(26) ^ (subr(26) & ~subr(24));
873 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
874 CamelliaSubkeyL(23) = subl(22) ^ tl;
875 CamelliaSubkeyR(23) = subr(22) ^ tr;
876 CamelliaSubkeyL(24) = subl(24);
877 CamelliaSubkeyR(24) = subr(24);
878 CamelliaSubkeyL(25) = subl(25);
879 CamelliaSubkeyR(25) = subr(25);
880 tl = subl(23) ^ (subr(23) & ~subr(25));
881 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
882 CamelliaSubkeyL(26) = tl ^ subl(27);
883 CamelliaSubkeyR(26) = tr ^ subr(27);
884 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
885 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
886 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
887 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
888 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
889 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
890 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
891 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
892 CamelliaSubkeyL(31) = subl(30);
893 CamelliaSubkeyR(31) = subr(30);
894 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
895 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
897 /* apply the inverse of the last half of P-function */
898 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
899 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
900 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
901 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
902 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
903 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
904 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
905 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
906 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
907 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
908 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
909 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
910 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
911 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
912 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
913 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
914 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
915 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
916 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
917 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
918 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
919 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
920 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
921 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
922 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
923 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
924 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
925 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
926 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
927 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
928 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
929 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
930 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
931 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
932 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
933 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
934 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
935 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
936 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
937 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
938 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
939 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
940 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
941 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
942 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
943 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
944 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
945 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
951 camellia_setup192(const unsigned char *key, u32 *subkey)
953 unsigned char kk[32];
954 u32 krll, krlr, krrl,krrr;
957 memcpy((unsigned char *)&krll, key+16,4);
958 memcpy((unsigned char *)&krlr, key+20,4);
961 memcpy(kk+24, (unsigned char *)&krrl, 4);
962 memcpy(kk+28, (unsigned char *)&krrr, 4);
963 camellia_setup256(kk, subkey);
969 * Stuff related to camellia encryption/decryption
971 * "io" must be 4byte aligned and big-endian data.
974 camellia_encrypt128(const u32 *subkey, u32 *io)
978 /* pre whitening but absorb kw2*/
979 io[0] ^= CamelliaSubkeyL(0);
980 io[1] ^= CamelliaSubkeyR(0);
983 CAMELLIA_ROUNDSM(io[0],io[1],
984 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
985 io[2],io[3],il,ir,t0,t1);
986 CAMELLIA_ROUNDSM(io[2],io[3],
987 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
988 io[0],io[1],il,ir,t0,t1);
989 CAMELLIA_ROUNDSM(io[0],io[1],
990 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
991 io[2],io[3],il,ir,t0,t1);
992 CAMELLIA_ROUNDSM(io[2],io[3],
993 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
994 io[0],io[1],il,ir,t0,t1);
995 CAMELLIA_ROUNDSM(io[0],io[1],
996 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
997 io[2],io[3],il,ir,t0,t1);
998 CAMELLIA_ROUNDSM(io[2],io[3],
999 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1000 io[0],io[1],il,ir,t0,t1);
1002 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1003 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1004 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1007 CAMELLIA_ROUNDSM(io[0],io[1],
1008 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1009 io[2],io[3],il,ir,t0,t1);
1010 CAMELLIA_ROUNDSM(io[2],io[3],
1011 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1012 io[0],io[1],il,ir,t0,t1);
1013 CAMELLIA_ROUNDSM(io[0],io[1],
1014 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1015 io[2],io[3],il,ir,t0,t1);
1016 CAMELLIA_ROUNDSM(io[2],io[3],
1017 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1018 io[0],io[1],il,ir,t0,t1);
1019 CAMELLIA_ROUNDSM(io[0],io[1],
1020 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1021 io[2],io[3],il,ir,t0,t1);
1022 CAMELLIA_ROUNDSM(io[2],io[3],
1023 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1024 io[0],io[1],il,ir,t0,t1);
1026 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1027 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1028 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1031 CAMELLIA_ROUNDSM(io[0],io[1],
1032 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1033 io[2],io[3],il,ir,t0,t1);
1034 CAMELLIA_ROUNDSM(io[2],io[3],
1035 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1036 io[0],io[1],il,ir,t0,t1);
1037 CAMELLIA_ROUNDSM(io[0],io[1],
1038 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1039 io[2],io[3],il,ir,t0,t1);
1040 CAMELLIA_ROUNDSM(io[2],io[3],
1041 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1042 io[0],io[1],il,ir,t0,t1);
1043 CAMELLIA_ROUNDSM(io[0],io[1],
1044 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1045 io[2],io[3],il,ir,t0,t1);
1046 CAMELLIA_ROUNDSM(io[2],io[3],
1047 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1048 io[0],io[1],il,ir,t0,t1);
1050 /* post whitening but kw4 */
1051 io[2] ^= CamelliaSubkeyL(24);
1052 io[3] ^= CamelliaSubkeyR(24);
1065 camellia_decrypt128(const u32 *subkey, u32 *io)
1067 u32 il,ir,t0,t1; /* temporary valiables */
1069 /* pre whitening but absorb kw2*/
1070 io[0] ^= CamelliaSubkeyL(24);
1071 io[1] ^= CamelliaSubkeyR(24);
1073 /* main iteration */
1074 CAMELLIA_ROUNDSM(io[0],io[1],
1075 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1076 io[2],io[3],il,ir,t0,t1);
1077 CAMELLIA_ROUNDSM(io[2],io[3],
1078 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1079 io[0],io[1],il,ir,t0,t1);
1080 CAMELLIA_ROUNDSM(io[0],io[1],
1081 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1082 io[2],io[3],il,ir,t0,t1);
1083 CAMELLIA_ROUNDSM(io[2],io[3],
1084 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1085 io[0],io[1],il,ir,t0,t1);
1086 CAMELLIA_ROUNDSM(io[0],io[1],
1087 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1088 io[2],io[3],il,ir,t0,t1);
1089 CAMELLIA_ROUNDSM(io[2],io[3],
1090 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1091 io[0],io[1],il,ir,t0,t1);
1093 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1094 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1095 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1098 CAMELLIA_ROUNDSM(io[0],io[1],
1099 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1100 io[2],io[3],il,ir,t0,t1);
1101 CAMELLIA_ROUNDSM(io[2],io[3],
1102 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1103 io[0],io[1],il,ir,t0,t1);
1104 CAMELLIA_ROUNDSM(io[0],io[1],
1105 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1106 io[2],io[3],il,ir,t0,t1);
1107 CAMELLIA_ROUNDSM(io[2],io[3],
1108 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1109 io[0],io[1],il,ir,t0,t1);
1110 CAMELLIA_ROUNDSM(io[0],io[1],
1111 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1112 io[2],io[3],il,ir,t0,t1);
1113 CAMELLIA_ROUNDSM(io[2],io[3],
1114 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1115 io[0],io[1],il,ir,t0,t1);
1117 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1118 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1119 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1122 CAMELLIA_ROUNDSM(io[0],io[1],
1123 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1124 io[2],io[3],il,ir,t0,t1);
1125 CAMELLIA_ROUNDSM(io[2],io[3],
1126 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1127 io[0],io[1],il,ir,t0,t1);
1128 CAMELLIA_ROUNDSM(io[0],io[1],
1129 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1130 io[2],io[3],il,ir,t0,t1);
1131 CAMELLIA_ROUNDSM(io[2],io[3],
1132 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1133 io[0],io[1],il,ir,t0,t1);
1134 CAMELLIA_ROUNDSM(io[0],io[1],
1135 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1136 io[2],io[3],il,ir,t0,t1);
1137 CAMELLIA_ROUNDSM(io[2],io[3],
1138 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1139 io[0],io[1],il,ir,t0,t1);
1141 /* post whitening but kw4 */
1142 io[2] ^= CamelliaSubkeyL(0);
1143 io[3] ^= CamelliaSubkeyR(0);
1156 * stuff for 192 and 256bit encryption/decryption
1159 camellia_encrypt256(const u32 *subkey, u32 *io)
1161 u32 il,ir,t0,t1; /* temporary valiables */
1163 /* pre whitening but absorb kw2*/
1164 io[0] ^= CamelliaSubkeyL(0);
1165 io[1] ^= CamelliaSubkeyR(0);
1167 /* main iteration */
1168 CAMELLIA_ROUNDSM(io[0],io[1],
1169 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1170 io[2],io[3],il,ir,t0,t1);
1171 CAMELLIA_ROUNDSM(io[2],io[3],
1172 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1173 io[0],io[1],il,ir,t0,t1);
1174 CAMELLIA_ROUNDSM(io[0],io[1],
1175 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1176 io[2],io[3],il,ir,t0,t1);
1177 CAMELLIA_ROUNDSM(io[2],io[3],
1178 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1179 io[0],io[1],il,ir,t0,t1);
1180 CAMELLIA_ROUNDSM(io[0],io[1],
1181 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1182 io[2],io[3],il,ir,t0,t1);
1183 CAMELLIA_ROUNDSM(io[2],io[3],
1184 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1185 io[0],io[1],il,ir,t0,t1);
1187 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1188 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1189 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1192 CAMELLIA_ROUNDSM(io[0],io[1],
1193 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1194 io[2],io[3],il,ir,t0,t1);
1195 CAMELLIA_ROUNDSM(io[2],io[3],
1196 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1197 io[0],io[1],il,ir,t0,t1);
1198 CAMELLIA_ROUNDSM(io[0],io[1],
1199 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1200 io[2],io[3],il,ir,t0,t1);
1201 CAMELLIA_ROUNDSM(io[2],io[3],
1202 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1203 io[0],io[1],il,ir,t0,t1);
1204 CAMELLIA_ROUNDSM(io[0],io[1],
1205 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1206 io[2],io[3],il,ir,t0,t1);
1207 CAMELLIA_ROUNDSM(io[2],io[3],
1208 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1209 io[0],io[1],il,ir,t0,t1);
1211 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1212 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1213 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1216 CAMELLIA_ROUNDSM(io[0],io[1],
1217 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1218 io[2],io[3],il,ir,t0,t1);
1219 CAMELLIA_ROUNDSM(io[2],io[3],
1220 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1221 io[0],io[1],il,ir,t0,t1);
1222 CAMELLIA_ROUNDSM(io[0],io[1],
1223 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1224 io[2],io[3],il,ir,t0,t1);
1225 CAMELLIA_ROUNDSM(io[2],io[3],
1226 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1227 io[0],io[1],il,ir,t0,t1);
1228 CAMELLIA_ROUNDSM(io[0],io[1],
1229 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1230 io[2],io[3],il,ir,t0,t1);
1231 CAMELLIA_ROUNDSM(io[2],io[3],
1232 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1233 io[0],io[1],il,ir,t0,t1);
1235 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1236 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1237 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1240 CAMELLIA_ROUNDSM(io[0],io[1],
1241 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1242 io[2],io[3],il,ir,t0,t1);
1243 CAMELLIA_ROUNDSM(io[2],io[3],
1244 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1245 io[0],io[1],il,ir,t0,t1);
1246 CAMELLIA_ROUNDSM(io[0],io[1],
1247 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1248 io[2],io[3],il,ir,t0,t1);
1249 CAMELLIA_ROUNDSM(io[2],io[3],
1250 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1251 io[0],io[1],il,ir,t0,t1);
1252 CAMELLIA_ROUNDSM(io[0],io[1],
1253 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1254 io[2],io[3],il,ir,t0,t1);
1255 CAMELLIA_ROUNDSM(io[2],io[3],
1256 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1257 io[0],io[1],il,ir,t0,t1);
1259 /* post whitening but kw4 */
1260 io[2] ^= CamelliaSubkeyL(32);
1261 io[3] ^= CamelliaSubkeyR(32);
1274 camellia_decrypt256(const u32 *subkey, u32 *io)
1276 u32 il,ir,t0,t1; /* temporary valiables */
1278 /* pre whitening but absorb kw2*/
1279 io[0] ^= CamelliaSubkeyL(32);
1280 io[1] ^= CamelliaSubkeyR(32);
1282 /* main iteration */
1283 CAMELLIA_ROUNDSM(io[0],io[1],
1284 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1285 io[2],io[3],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[2],io[3],
1287 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1288 io[0],io[1],il,ir,t0,t1);
1289 CAMELLIA_ROUNDSM(io[0],io[1],
1290 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1291 io[2],io[3],il,ir,t0,t1);
1292 CAMELLIA_ROUNDSM(io[2],io[3],
1293 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1294 io[0],io[1],il,ir,t0,t1);
1295 CAMELLIA_ROUNDSM(io[0],io[1],
1296 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1297 io[2],io[3],il,ir,t0,t1);
1298 CAMELLIA_ROUNDSM(io[2],io[3],
1299 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1300 io[0],io[1],il,ir,t0,t1);
1302 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1303 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1304 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1307 CAMELLIA_ROUNDSM(io[0],io[1],
1308 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1309 io[2],io[3],il,ir,t0,t1);
1310 CAMELLIA_ROUNDSM(io[2],io[3],
1311 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1312 io[0],io[1],il,ir,t0,t1);
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1318 io[0],io[1],il,ir,t0,t1);
1319 CAMELLIA_ROUNDSM(io[0],io[1],
1320 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1321 io[2],io[3],il,ir,t0,t1);
1322 CAMELLIA_ROUNDSM(io[2],io[3],
1323 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1324 io[0],io[1],il,ir,t0,t1);
1326 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1327 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1328 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1331 CAMELLIA_ROUNDSM(io[0],io[1],
1332 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1333 io[2],io[3],il,ir,t0,t1);
1334 CAMELLIA_ROUNDSM(io[2],io[3],
1335 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1336 io[0],io[1],il,ir,t0,t1);
1337 CAMELLIA_ROUNDSM(io[0],io[1],
1338 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1339 io[2],io[3],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[2],io[3],
1341 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1342 io[0],io[1],il,ir,t0,t1);
1343 CAMELLIA_ROUNDSM(io[0],io[1],
1344 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1345 io[2],io[3],il,ir,t0,t1);
1346 CAMELLIA_ROUNDSM(io[2],io[3],
1347 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1348 io[0],io[1],il,ir,t0,t1);
1350 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1351 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1352 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1355 CAMELLIA_ROUNDSM(io[0],io[1],
1356 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1357 io[2],io[3],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[2],io[3],
1359 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1360 io[0],io[1],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1366 io[0],io[1],il,ir,t0,t1);
1367 CAMELLIA_ROUNDSM(io[0],io[1],
1368 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1369 io[2],io[3],il,ir,t0,t1);
1370 CAMELLIA_ROUNDSM(io[2],io[3],
1371 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1372 io[0],io[1],il,ir,t0,t1);
1374 /* post whitening but kw4 */
1375 io[2] ^= CamelliaSubkeyL(0);
1376 io[3] ^= CamelliaSubkeyR(0);
1390 * API for compatibility
1394 Camellia_Ekeygen(const int keyBitLength,
1395 const unsigned char *rawKey,
1396 KEY_TABLE_TYPE keyTable)
1398 switch(keyBitLength) {
1400 camellia_setup128(rawKey, keyTable);
1403 camellia_setup192(rawKey, keyTable);
1406 camellia_setup256(rawKey, keyTable);
1415 Camellia_EncryptBlock(const int keyBitLength,
1416 const unsigned char *plaintext,
1417 const KEY_TABLE_TYPE keyTable,
1418 unsigned char *ciphertext)
1422 tmp[0] = GETU32(plaintext);
1423 tmp[1] = GETU32(plaintext + 4);
1424 tmp[2] = GETU32(plaintext + 8);
1425 tmp[3] = GETU32(plaintext + 12);
1427 switch (keyBitLength) {
1429 camellia_encrypt128(keyTable, tmp);
1434 camellia_encrypt256(keyTable, tmp);
1440 PUTU32(ciphertext, tmp[0]);
1441 PUTU32(ciphertext + 4, tmp[1]);
1442 PUTU32(ciphertext + 8, tmp[2]);
1443 PUTU32(ciphertext + 12, tmp[3]);
1447 Camellia_DecryptBlock(const int keyBitLength,
1448 const unsigned char *ciphertext,
1449 const KEY_TABLE_TYPE keyTable,
1450 unsigned char *plaintext)
1454 tmp[0] = GETU32(ciphertext);
1455 tmp[1] = GETU32(ciphertext + 4);
1456 tmp[2] = GETU32(ciphertext + 8);
1457 tmp[3] = GETU32(ciphertext + 12);
1459 switch (keyBitLength) {
1461 camellia_decrypt128(keyTable, tmp);
1466 camellia_decrypt256(keyTable, tmp);
1471 PUTU32(plaintext, tmp[0]);
1472 PUTU32(plaintext + 4, tmp[1]);
1473 PUTU32(plaintext + 8, tmp[2]);
1474 PUTU32(plaintext + 12, tmp[3]);
1478 camellia_blk_len(unsigned int blen, camellia_ctx cx[1]){
1479 if(blen != 16) return camellia_bad;
1480 return camellia_good;
1484 camellia_enc_key(const unsigned char in_key[], unsigned int klen,
1485 camellia_ctx cx[1]){
1488 camellia_setup128(in_key, cx->k_sch);
1489 cx->keybitlen = 128;
1492 camellia_setup192(in_key, cx->k_sch);
1493 cx->keybitlen = 192;
1496 camellia_setup256(in_key, cx->k_sch);
1497 cx->keybitlen = 256;
1500 return camellia_bad;
1502 return camellia_good;
1506 camellia_enc_blk(const unsigned char in_blk[], unsigned char out_blk[],
1507 const camellia_ctx cx[1]){
1508 Camellia_EncryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk);
1509 return camellia_good;
1513 camellia_dec_key(const unsigned char in_key[], unsigned int klen,
1514 camellia_ctx cx[1]){
1517 camellia_setup128(in_key, cx->k_sch);
1518 cx->keybitlen = 128;
1521 camellia_setup192(in_key, cx->k_sch);
1522 cx->keybitlen = 192;
1525 camellia_setup256(in_key, cx->k_sch);
1526 cx->keybitlen = 256;
1529 return camellia_bad;
1531 return camellia_good;
1535 camellia_dec_blk(const unsigned char in_blk[], unsigned char out_blk[],
1536 const camellia_ctx cx[1]){
1537 Camellia_DecryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk);
1538 return camellia_good;
projects / platform / upstream / krb5.git / blob