1 /* $NetBSD: camellia-ntt.c,v 1.2 2017/01/28 21:31:47 christos Exp $ */
2
3 /* camellia.c ver 1.2.0
4 *
5 * Copyright (c) 2006,2007
6 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer as
13 * the first lines of this file unmodified.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 /*
31 * Algorithm Specification
32 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
33 */
34
35 #include <config.h>
36 #include <krb5/roken.h>
37
38 #include <krb5/krb5-types.h>
39 #include "camellia-ntt.h"
40
41 /* key constants */
42
43 #define CAMELLIA_SIGMA1L (0xA09E667FL)
44 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
45 #define CAMELLIA_SIGMA2L (0xB67AE858L)
46 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
47 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
48 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
49 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
50 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
51 #define CAMELLIA_SIGMA5L (0x10E527FAL)
52 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
53 #define CAMELLIA_SIGMA6L (0xB05688C2L)
54 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
55
56 /*
57 * macros
58 */
59
60
61 #if defined(_MSC_VER)
62
63 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
64 # define GETU32(p) SWAP(*((u32 *)(p)))
65 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
66
67 #else /* not MS-VC */
68
69 # define GETU32(pt) \
70 (((u32)(pt)[0] << 24) \
71 ^ ((u32)(pt)[1] << 16) \
72 ^ ((u32)(pt)[2] << 8) \
73 ^ ((u32)(pt)[3]))
74
75 # define PUTU32(ct, st) { \
76 (ct)[0] = (u8)((st) >> 24); \
77 (ct)[1] = (u8)((st) >> 16); \
78 (ct)[2] = (u8)((st) >> 8); \
79 (ct)[3] = (u8)(st); }
80
81 #endif
82
83 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
84 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
85
86 /* rotation right shift 1byte */
87 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
88 /* rotation left shift 1bit */
89 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
90 /* rotation left shift 1byte */
91 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
92
93 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
94 do { \
95 w0 = ll; \
96 ll = (ll << bits) + (lr >> (32 - bits)); \
97 lr = (lr << bits) + (rl >> (32 - bits)); \
98 rl = (rl << bits) + (rr >> (32 - bits)); \
99 rr = (rr << bits) + (w0 >> (32 - bits)); \
100 } while(0)
101
102 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
103 do { \
104 w0 = ll; \
105 w1 = lr; \
106 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
107 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
108 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
109 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
110 } while(0)
111
112 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
113 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
114 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
115 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
116
117 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
118 do { \
119 il = xl ^ kl; \
120 ir = xr ^ kr; \
121 t0 = il >> 16; \
122 t1 = ir >> 16; \
123 yl = CAMELLIA_SP1110(ir & 0xff) \
124 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
125 ^ CAMELLIA_SP3033(t1 & 0xff) \
126 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
127 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
128 ^ CAMELLIA_SP0222(t0 & 0xff) \
129 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
130 ^ CAMELLIA_SP4404(il & 0xff); \
131 yl ^= yr; \
132 yr = CAMELLIA_RR8(yr); \
133 yr ^= yl; \
134 } while(0)
135
136
137 /*
138 * for speed up
139 *
140 */
141 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
142 do { \
143 t0 = kll; \
144 t0 &= ll; \
145 lr ^= CAMELLIA_RL1(t0); \
146 t1 = klr; \
147 t1 |= lr; \
148 ll ^= t1; \
149 \
150 t2 = krr; \
151 t2 |= rr; \
152 rl ^= t2; \
153 t3 = krl; \
154 t3 &= rl; \
155 rr ^= CAMELLIA_RL1(t3); \
156 } while(0)
157
158 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
159 do { \
160 ir = CAMELLIA_SP1110(xr & 0xff) \
161 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
162 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
163 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
164 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
165 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
166 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
167 ^ CAMELLIA_SP4404(xl & 0xff); \
168 il ^= kl; \
169 ir ^= kr; \
170 ir ^= il; \
171 il = CAMELLIA_RR8(il); \
172 il ^= ir; \
173 yl ^= ir; \
174 yr ^= il; \
175 } while(0)
176
177
178 static const u32 camellia_sp1110[256] = {
179 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
180 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
181 0xe4e4e400,0x85858500,0x57575700,0x35353500,
182 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
183 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
184 0x45454500,0x19191900,0xa5a5a500,0x21212100,
185 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
186 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
187 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
188 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
189 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
190 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
191 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
192 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
193 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
194 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
195 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
196 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
197 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
198 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
199 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
200 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
201 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
202 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
203 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
204 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
205 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
206 0x53535300,0x18181800,0xf2f2f200,0x22222200,
207 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
208 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
209 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
210 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
211 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
212 0xa1a1a100,0x89898900,0x62626200,0x97979700,
213 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
214 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
215 0x10101000,0xc4c4c400,0x00000000,0x48484800,
216 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
217 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
218 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
219 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
220 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
221 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
222 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
223 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
224 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
225 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
226 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
227 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
228 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
229 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
230 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
231 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
232 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
233 0xd4d4d400,0x25252500,0xababab00,0x42424200,
234 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
235 0x72727200,0x07070700,0xb9b9b900,0x55555500,
236 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
237 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
238 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
239 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
240 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
241 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
242 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
243 };
244
245 static const u32 camellia_sp0222[256] = {
246 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
247 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
248 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
249 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
250 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
251 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
252 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
253 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
254 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
255 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
256 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
257 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
258 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
259 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
260 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
261 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
262 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
263 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
264 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
265 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
266 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
267 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
268 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
269 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
270 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
271 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
272 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
273 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
274 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
275 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
276 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
277 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
278 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
279 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
280 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
281 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
282 0x00202020,0x00898989,0x00000000,0x00909090,
283 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
284 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
285 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
286 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
287 0x009b9b9b,0x00949494,0x00212121,0x00666666,
288 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
289 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
290 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
291 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
292 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
293 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
294 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
295 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
296 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
297 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
298 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
299 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
300 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
301 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
302 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
303 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
304 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
305 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
306 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
307 0x00777777,0x00939393,0x00868686,0x00838383,
308 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
309 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
310 };
311
312 static const u32 camellia_sp3033[256] = {
313 0x38003838,0x41004141,0x16001616,0x76007676,
314 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
315 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
316 0x75007575,0x06000606,0x57005757,0xa000a0a0,
317 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
318 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
319 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
320 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
321 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
322 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
323 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
324 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
325 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
326 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
327 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
328 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
329 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
330 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
331 0x3a003a3a,0x09000909,0x95009595,0x10001010,
332 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
333 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
334 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
335 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
336 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
337 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
338 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
339 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
340 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
341 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
342 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
343 0x12001212,0x04000404,0x74007474,0x54005454,
344 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
345 0x55005555,0x68006868,0x50005050,0xbe00bebe,
346 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
347 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
348 0x70007070,0xff00ffff,0x32003232,0x69006969,
349 0x08000808,0x62006262,0x00000000,0x24002424,
350 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
351 0x45004545,0x81008181,0x73007373,0x6d006d6d,
352 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
353 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
354 0xe600e6e6,0x25002525,0x48004848,0x99009999,
355 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
356 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
357 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
358 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
359 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
360 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
361 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
362 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
363 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
364 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
365 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
366 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
367 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
368 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
369 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
370 0x7c007c7c,0x77007777,0x56005656,0x05000505,
371 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
372 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
373 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
374 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
375 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
376 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
377 };
378
379 static const u32 camellia_sp4404[256] = {
380 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
381 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
382 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
383 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
384 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
385 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
386 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
387 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
388 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
389 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
390 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
391 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
392 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
393 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
394 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
395 0x24240024,0xe8e800e8,0x60600060,0x69690069,
396 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
397 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
398 0x10100010,0x00000000,0xa3a300a3,0x75750075,
399 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
400 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
401 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
402 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
403 0x81810081,0x6f6f006f,0x13130013,0x63630063,
404 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
405 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
406 0x78780078,0x06060006,0xe7e700e7,0x71710071,
407 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
408 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
409 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
410 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
411 0x15150015,0xadad00ad,0x77770077,0x80800080,
412 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
413 0x85850085,0x35350035,0x0c0c000c,0x41410041,
414 0xefef00ef,0x93930093,0x19190019,0x21210021,
415 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
416 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
417 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
418 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
419 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
420 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
421 0x12120012,0x20200020,0xb1b100b1,0x99990099,
422 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
423 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
424 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
425 0x0f0f000f,0x16160016,0x18180018,0x22220022,
426 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
427 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
428 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
429 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
430 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
431 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
432 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
433 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
434 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
435 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
436 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
437 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
438 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
439 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
440 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
441 0x49490049,0x68680068,0x38380038,0xa4a400a4,
442 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
443 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
444 };
445
446
447 /**
448 * Stuff related to the Camellia key schedule
449 */
450 #define subl(x) subL[(x)]
451 #define subr(x) subR[(x)]
452
camellia_setup128(const unsigned char * key,u32 * subkey)453 static void camellia_setup128(const unsigned char *key, u32 *subkey)
454 {
455 u32 kll, klr, krl, krr;
456 u32 il, ir, t0, t1, w0, w1;
457 u32 kw4l, kw4r, dw, tl, tr;
458 u32 subL[26];
459 u32 subR[26];
460
461 /**
462 * k == kll || klr || krl || krr (|| is concatination)
463 */
464 kll = GETU32(key );
465 klr = GETU32(key + 4);
466 krl = GETU32(key + 8);
467 krr = GETU32(key + 12);
468 /**
469 * generate KL dependent subkeys
470 */
471 subl(0) = kll; subr(0) = klr;
472 subl(1) = krl; subr(1) = krr;
473 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
474 subl(4) = kll; subr(4) = klr;
475 subl(5) = krl; subr(5) = krr;
476 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
477 subl(10) = kll; subr(10) = klr;
478 subl(11) = krl; subr(11) = krr;
479 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
480 subl(13) = krl; subr(13) = krr;
481 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
482 subl(16) = kll; subr(16) = klr;
483 subl(17) = krl; subr(17) = krr;
484 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
485 subl(18) = kll; subr(18) = klr;
486 subl(19) = krl; subr(19) = krr;
487 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
488 subl(22) = kll; subr(22) = klr;
489 subl(23) = krl; subr(23) = krr;
490
491 /* generate KA */
492 kll = subl(0); klr = subr(0);
493 krl = subl(1); krr = subr(1);
494 CAMELLIA_F(kll, klr,
495 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
496 w0, w1, il, ir, t0, t1);
497 krl ^= w0; krr ^= w1;
498 CAMELLIA_F(krl, krr,
499 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
500 kll, klr, il, ir, t0, t1);
501 CAMELLIA_F(kll, klr,
502 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
503 krl, krr, il, ir, t0, t1);
504 krl ^= w0; krr ^= w1;
505 CAMELLIA_F(krl, krr,
506 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
507 w0, w1, il, ir, t0, t1);
508 kll ^= w0; klr ^= w1;
509
510 /* generate KA dependent subkeys */
511 subl(2) = kll; subr(2) = klr;
512 subl(3) = krl; subr(3) = krr;
513 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
514 subl(6) = kll; subr(6) = klr;
515 subl(7) = krl; subr(7) = krr;
516 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
517 subl(8) = kll; subr(8) = klr;
518 subl(9) = krl; subr(9) = krr;
519 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
520 subl(12) = kll; subr(12) = klr;
521 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
522 subl(14) = kll; subr(14) = klr;
523 subl(15) = krl; subr(15) = krr;
524 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
525 subl(20) = kll; subr(20) = klr;
526 subl(21) = krl; subr(21) = krr;
527 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
528 subl(24) = kll; subr(24) = klr;
529 subl(25) = krl; subr(25) = krr;
530
531
532 /* absorb kw2 to other subkeys */
533 subl(3) ^= subl(1); subr(3) ^= subr(1);
534 subl(5) ^= subl(1); subr(5) ^= subr(1);
535 subl(7) ^= subl(1); subr(7) ^= subr(1);
536 subl(1) ^= subr(1) & ~subr(9);
537 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
538 subl(11) ^= subl(1); subr(11) ^= subr(1);
539 subl(13) ^= subl(1); subr(13) ^= subr(1);
540 subl(15) ^= subl(1); subr(15) ^= subr(1);
541 subl(1) ^= subr(1) & ~subr(17);
542 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
543 subl(19) ^= subl(1); subr(19) ^= subr(1);
544 subl(21) ^= subl(1); subr(21) ^= subr(1);
545 subl(23) ^= subl(1); subr(23) ^= subr(1);
546 subl(24) ^= subl(1); subr(24) ^= subr(1);
547
548 /* absorb kw4 to other subkeys */
549 kw4l = subl(25); kw4r = subr(25);
550 subl(22) ^= kw4l; subr(22) ^= kw4r;
551 subl(20) ^= kw4l; subr(20) ^= kw4r;
552 subl(18) ^= kw4l; subr(18) ^= kw4r;
553 kw4l ^= kw4r & ~subr(16);
554 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
555 subl(14) ^= kw4l; subr(14) ^= kw4r;
556 subl(12) ^= kw4l; subr(12) ^= kw4r;
557 subl(10) ^= kw4l; subr(10) ^= kw4r;
558 kw4l ^= kw4r & ~subr(8);
559 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
560 subl(6) ^= kw4l; subr(6) ^= kw4r;
561 subl(4) ^= kw4l; subr(4) ^= kw4r;
562 subl(2) ^= kw4l; subr(2) ^= kw4r;
563 subl(0) ^= kw4l; subr(0) ^= kw4r;
564
565 /* key XOR is end of F-function */
566 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
567 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
568 CamelliaSubkeyL(2) = subl(3);
569 CamelliaSubkeyR(2) = subr(3);
570 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
571 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
572 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
573 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
574 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
575 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
576 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
577 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
578 tl = subl(10) ^ (subr(10) & ~subr(8));
579 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
580 CamelliaSubkeyL(7) = subl(6) ^ tl;
581 CamelliaSubkeyR(7) = subr(6) ^ tr;
582 CamelliaSubkeyL(8) = subl(8);
583 CamelliaSubkeyR(8) = subr(8);
584 CamelliaSubkeyL(9) = subl(9);
585 CamelliaSubkeyR(9) = subr(9);
586 tl = subl(7) ^ (subr(7) & ~subr(9));
587 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
588 CamelliaSubkeyL(10) = tl ^ subl(11);
589 CamelliaSubkeyR(10) = tr ^ subr(11);
590 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
591 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
592 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
593 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
594 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
595 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
596 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
597 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
598 tl = subl(18) ^ (subr(18) & ~subr(16));
599 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
600 CamelliaSubkeyL(15) = subl(14) ^ tl;
601 CamelliaSubkeyR(15) = subr(14) ^ tr;
602 CamelliaSubkeyL(16) = subl(16);
603 CamelliaSubkeyR(16) = subr(16);
604 CamelliaSubkeyL(17) = subl(17);
605 CamelliaSubkeyR(17) = subr(17);
606 tl = subl(15) ^ (subr(15) & ~subr(17));
607 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
608 CamelliaSubkeyL(18) = tl ^ subl(19);
609 CamelliaSubkeyR(18) = tr ^ subr(19);
610 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
611 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
612 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
613 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
614 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
615 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
616 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
617 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
618 CamelliaSubkeyL(23) = subl(22);
619 CamelliaSubkeyR(23) = subr(22);
620 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
621 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
622
623 /* apply the inverse of the last half of P-function */
624 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
625 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
626 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
627 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
628 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
629 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
630 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
631 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
632 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
633 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
634 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
635 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
636 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
637 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
638 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
639 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
640 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
641 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
642 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
643 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
644 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
645 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
646 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
647 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
648 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
649 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
650 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
651 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
652 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
653 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
654 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
655 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
656 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
657 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
658 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
659 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
660
661 return;
662 }
663
camellia_setup256(const unsigned char * key,u32 * subkey)664 static void camellia_setup256(const unsigned char *key, u32 *subkey)
665 {
666 u32 kll,klr,krl,krr; /* left half of key */
667 u32 krll,krlr,krrl,krrr; /* right half of key */
668 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
669 u32 kw4l, kw4r, dw, tl, tr;
670 u32 subL[34];
671 u32 subR[34];
672
673 /**
674 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
675 * (|| is concatination)
676 */
677
678 kll = GETU32(key );
679 klr = GETU32(key + 4);
680 krl = GETU32(key + 8);
681 krr = GETU32(key + 12);
682 krll = GETU32(key + 16);
683 krlr = GETU32(key + 20);
684 krrl = GETU32(key + 24);
685 krrr = GETU32(key + 28);
686
687 /* generate KL dependent subkeys */
688 subl(0) = kll; subr(0) = klr;
689 subl(1) = krl; subr(1) = krr;
690 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
691 subl(12) = kll; subr(12) = klr;
692 subl(13) = krl; subr(13) = krr;
693 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
694 subl(16) = kll; subr(16) = klr;
695 subl(17) = krl; subr(17) = krr;
696 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
697 subl(22) = kll; subr(22) = klr;
698 subl(23) = krl; subr(23) = krr;
699 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
700 subl(30) = kll; subr(30) = klr;
701 subl(31) = krl; subr(31) = krr;
702
703 /* generate KR dependent subkeys */
704 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
705 subl(4) = krll; subr(4) = krlr;
706 subl(5) = krrl; subr(5) = krrr;
707 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
708 subl(8) = krll; subr(8) = krlr;
709 subl(9) = krrl; subr(9) = krrr;
710 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
711 subl(18) = krll; subr(18) = krlr;
712 subl(19) = krrl; subr(19) = krrr;
713 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
714 subl(26) = krll; subr(26) = krlr;
715 subl(27) = krrl; subr(27) = krrr;
716 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
717
718 /* generate KA */
719 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
720 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
721 CAMELLIA_F(kll, klr,
722 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
723 w0, w1, il, ir, t0, t1);
724 krl ^= w0; krr ^= w1;
725 CAMELLIA_F(krl, krr,
726 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
727 kll, klr, il, ir, t0, t1);
728 kll ^= krll; klr ^= krlr;
729 CAMELLIA_F(kll, klr,
730 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
731 krl, krr, il, ir, t0, t1);
732 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
733 CAMELLIA_F(krl, krr,
734 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
735 w0, w1, il, ir, t0, t1);
736 kll ^= w0; klr ^= w1;
737
738 /* generate KB */
739 krll ^= kll; krlr ^= klr;
740 krrl ^= krl; krrr ^= krr;
741 CAMELLIA_F(krll, krlr,
742 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
743 w0, w1, il, ir, t0, t1);
744 krrl ^= w0; krrr ^= w1;
745 CAMELLIA_F(krrl, krrr,
746 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
747 w0, w1, il, ir, t0, t1);
748 krll ^= w0; krlr ^= w1;
749
750 /* generate KA dependent subkeys */
751 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
752 subl(6) = kll; subr(6) = klr;
753 subl(7) = krl; subr(7) = krr;
754 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
755 subl(14) = kll; subr(14) = klr;
756 subl(15) = krl; subr(15) = krr;
757 subl(24) = klr; subr(24) = krl;
758 subl(25) = krr; subr(25) = kll;
759 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
760 subl(28) = kll; subr(28) = klr;
761 subl(29) = krl; subr(29) = krr;
762
763 /* generate KB dependent subkeys */
764 subl(2) = krll; subr(2) = krlr;
765 subl(3) = krrl; subr(3) = krrr;
766 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
767 subl(10) = krll; subr(10) = krlr;
768 subl(11) = krrl; subr(11) = krrr;
769 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
770 subl(20) = krll; subr(20) = krlr;
771 subl(21) = krrl; subr(21) = krrr;
772 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
773 subl(32) = krll; subr(32) = krlr;
774 subl(33) = krrl; subr(33) = krrr;
775
776 /* absorb kw2 to other subkeys */
777 subl(3) ^= subl(1); subr(3) ^= subr(1);
778 subl(5) ^= subl(1); subr(5) ^= subr(1);
779 subl(7) ^= subl(1); subr(7) ^= subr(1);
780 subl(1) ^= subr(1) & ~subr(9);
781 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
782 subl(11) ^= subl(1); subr(11) ^= subr(1);
783 subl(13) ^= subl(1); subr(13) ^= subr(1);
784 subl(15) ^= subl(1); subr(15) ^= subr(1);
785 subl(1) ^= subr(1) & ~subr(17);
786 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
787 subl(19) ^= subl(1); subr(19) ^= subr(1);
788 subl(21) ^= subl(1); subr(21) ^= subr(1);
789 subl(23) ^= subl(1); subr(23) ^= subr(1);
790 subl(1) ^= subr(1) & ~subr(25);
791 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
792 subl(27) ^= subl(1); subr(27) ^= subr(1);
793 subl(29) ^= subl(1); subr(29) ^= subr(1);
794 subl(31) ^= subl(1); subr(31) ^= subr(1);
795 subl(32) ^= subl(1); subr(32) ^= subr(1);
796
797 /* absorb kw4 to other subkeys */
798 kw4l = subl(33); kw4r = subr(33);
799 subl(30) ^= kw4l; subr(30) ^= kw4r;
800 subl(28) ^= kw4l; subr(28) ^= kw4r;
801 subl(26) ^= kw4l; subr(26) ^= kw4r;
802 kw4l ^= kw4r & ~subr(24);
803 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
804 subl(22) ^= kw4l; subr(22) ^= kw4r;
805 subl(20) ^= kw4l; subr(20) ^= kw4r;
806 subl(18) ^= kw4l; subr(18) ^= kw4r;
807 kw4l ^= kw4r & ~subr(16);
808 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
809 subl(14) ^= kw4l; subr(14) ^= kw4r;
810 subl(12) ^= kw4l; subr(12) ^= kw4r;
811 subl(10) ^= kw4l; subr(10) ^= kw4r;
812 kw4l ^= kw4r & ~subr(8);
813 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
814 subl(6) ^= kw4l; subr(6) ^= kw4r;
815 subl(4) ^= kw4l; subr(4) ^= kw4r;
816 subl(2) ^= kw4l; subr(2) ^= kw4r;
817 subl(0) ^= kw4l; subr(0) ^= kw4r;
818
819 /* key XOR is end of F-function */
820 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
821 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
822 CamelliaSubkeyL(2) = subl(3);
823 CamelliaSubkeyR(2) = subr(3);
824 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
825 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
826 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
827 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
828 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
829 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
830 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
831 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
832 tl = subl(10) ^ (subr(10) & ~subr(8));
833 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
834 CamelliaSubkeyL(7) = subl(6) ^ tl;
835 CamelliaSubkeyR(7) = subr(6) ^ tr;
836 CamelliaSubkeyL(8) = subl(8);
837 CamelliaSubkeyR(8) = subr(8);
838 CamelliaSubkeyL(9) = subl(9);
839 CamelliaSubkeyR(9) = subr(9);
840 tl = subl(7) ^ (subr(7) & ~subr(9));
841 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
842 CamelliaSubkeyL(10) = tl ^ subl(11);
843 CamelliaSubkeyR(10) = tr ^ subr(11);
844 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
845 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
846 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
847 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
848 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
849 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
850 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
851 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
852 tl = subl(18) ^ (subr(18) & ~subr(16));
853 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
854 CamelliaSubkeyL(15) = subl(14) ^ tl;
855 CamelliaSubkeyR(15) = subr(14) ^ tr;
856 CamelliaSubkeyL(16) = subl(16);
857 CamelliaSubkeyR(16) = subr(16);
858 CamelliaSubkeyL(17) = subl(17);
859 CamelliaSubkeyR(17) = subr(17);
860 tl = subl(15) ^ (subr(15) & ~subr(17));
861 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
862 CamelliaSubkeyL(18) = tl ^ subl(19);
863 CamelliaSubkeyR(18) = tr ^ subr(19);
864 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
865 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
866 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
867 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
868 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
869 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
870 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
871 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
872 tl = subl(26) ^ (subr(26) & ~subr(24));
873 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
874 CamelliaSubkeyL(23) = subl(22) ^ tl;
875 CamelliaSubkeyR(23) = subr(22) ^ tr;
876 CamelliaSubkeyL(24) = subl(24);
877 CamelliaSubkeyR(24) = subr(24);
878 CamelliaSubkeyL(25) = subl(25);
879 CamelliaSubkeyR(25) = subr(25);
880 tl = subl(23) ^ (subr(23) & ~subr(25));
881 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
882 CamelliaSubkeyL(26) = tl ^ subl(27);
883 CamelliaSubkeyR(26) = tr ^ subr(27);
884 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
885 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
886 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
887 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
888 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
889 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
890 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
891 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
892 CamelliaSubkeyL(31) = subl(30);
893 CamelliaSubkeyR(31) = subr(30);
894 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
895 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
896
897 /* apply the inverse of the last half of P-function */
898 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
899 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
900 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
901 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
902 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
903 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
904 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
905 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
906 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
907 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
908 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
909 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
910 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
911 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
912 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
913 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
914 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
915 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
916 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
917 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
918 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
919 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
920 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
921 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
922 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
923 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
924 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
925 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
926 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
927 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
928 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
929 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
930 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
931 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
932 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
933 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
934 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
935 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
936 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
937 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
938 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
939 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
940 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
941 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
942 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
943 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
944 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
945 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
946
947 return;
948 }
949
camellia_setup192(const unsigned char * key,u32 * subkey)950 static void camellia_setup192(const unsigned char *key, u32 *subkey)
951 {
952 unsigned char kk[32];
953 u32 krll, krlr, krrl,krrr;
954
955 memcpy(kk, key, 24);
956 memcpy((unsigned char *)&krll, key+16,4);
957 memcpy((unsigned char *)&krlr, key+20,4);
958 krrl = ~krll;
959 krrr = ~krlr;
960 memcpy(kk+24, (unsigned char *)&krrl, 4);
961 memcpy(kk+28, (unsigned char *)&krrr, 4);
962 camellia_setup256(kk, subkey);
963 return;
964 }
965
966
967 /**
968 * Stuff related to camellia encryption/decryption
969 *
970 * "io" must be 4byte aligned and big-endian data.
971 */
camellia_encrypt128(const u32 * subkey,u32 * io)972 static void camellia_encrypt128(const u32 *subkey, u32 *io)
973 {
974 u32 il, ir, t0, t1;
975
976 /* pre whitening but absorb kw2*/
977 io[0] ^= CamelliaSubkeyL(0);
978 io[1] ^= CamelliaSubkeyR(0);
979 /* main iteration */
980
981 CAMELLIA_ROUNDSM(io[0],io[1],
982 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
983 io[2],io[3],il,ir,t0,t1);
984 CAMELLIA_ROUNDSM(io[2],io[3],
985 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
986 io[0],io[1],il,ir,t0,t1);
987 CAMELLIA_ROUNDSM(io[0],io[1],
988 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
989 io[2],io[3],il,ir,t0,t1);
990 CAMELLIA_ROUNDSM(io[2],io[3],
991 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
992 io[0],io[1],il,ir,t0,t1);
993 CAMELLIA_ROUNDSM(io[0],io[1],
994 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
995 io[2],io[3],il,ir,t0,t1);
996 CAMELLIA_ROUNDSM(io[2],io[3],
997 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
998 io[0],io[1],il,ir,t0,t1);
999
1000 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1001 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1002 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1003 t0,t1,il,ir);
1004
1005 CAMELLIA_ROUNDSM(io[0],io[1],
1006 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1007 io[2],io[3],il,ir,t0,t1);
1008 CAMELLIA_ROUNDSM(io[2],io[3],
1009 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1010 io[0],io[1],il,ir,t0,t1);
1011 CAMELLIA_ROUNDSM(io[0],io[1],
1012 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1013 io[2],io[3],il,ir,t0,t1);
1014 CAMELLIA_ROUNDSM(io[2],io[3],
1015 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1016 io[0],io[1],il,ir,t0,t1);
1017 CAMELLIA_ROUNDSM(io[0],io[1],
1018 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1019 io[2],io[3],il,ir,t0,t1);
1020 CAMELLIA_ROUNDSM(io[2],io[3],
1021 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1022 io[0],io[1],il,ir,t0,t1);
1023
1024 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1025 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1026 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1027 t0,t1,il,ir);
1028
1029 CAMELLIA_ROUNDSM(io[0],io[1],
1030 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1031 io[2],io[3],il,ir,t0,t1);
1032 CAMELLIA_ROUNDSM(io[2],io[3],
1033 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1034 io[0],io[1],il,ir,t0,t1);
1035 CAMELLIA_ROUNDSM(io[0],io[1],
1036 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1037 io[2],io[3],il,ir,t0,t1);
1038 CAMELLIA_ROUNDSM(io[2],io[3],
1039 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1040 io[0],io[1],il,ir,t0,t1);
1041 CAMELLIA_ROUNDSM(io[0],io[1],
1042 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1043 io[2],io[3],il,ir,t0,t1);
1044 CAMELLIA_ROUNDSM(io[2],io[3],
1045 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1046 io[0],io[1],il,ir,t0,t1);
1047
1048 /* post whitening but kw4 */
1049 io[2] ^= CamelliaSubkeyL(24);
1050 io[3] ^= CamelliaSubkeyR(24);
1051
1052 t0 = io[0];
1053 t1 = io[1];
1054 io[0] = io[2];
1055 io[1] = io[3];
1056 io[2] = t0;
1057 io[3] = t1;
1058
1059 return;
1060 }
1061
camellia_decrypt128(const u32 * subkey,u32 * io)1062 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1063 {
1064 u32 il,ir,t0,t1; /* temporary valiables */
1065
1066 /* pre whitening but absorb kw2*/
1067 io[0] ^= CamelliaSubkeyL(24);
1068 io[1] ^= CamelliaSubkeyR(24);
1069
1070 /* main iteration */
1071 CAMELLIA_ROUNDSM(io[0],io[1],
1072 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1073 io[2],io[3],il,ir,t0,t1);
1074 CAMELLIA_ROUNDSM(io[2],io[3],
1075 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1076 io[0],io[1],il,ir,t0,t1);
1077 CAMELLIA_ROUNDSM(io[0],io[1],
1078 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1079 io[2],io[3],il,ir,t0,t1);
1080 CAMELLIA_ROUNDSM(io[2],io[3],
1081 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1082 io[0],io[1],il,ir,t0,t1);
1083 CAMELLIA_ROUNDSM(io[0],io[1],
1084 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1085 io[2],io[3],il,ir,t0,t1);
1086 CAMELLIA_ROUNDSM(io[2],io[3],
1087 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1088 io[0],io[1],il,ir,t0,t1);
1089
1090 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1091 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1092 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1093 t0,t1,il,ir);
1094
1095 CAMELLIA_ROUNDSM(io[0],io[1],
1096 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1097 io[2],io[3],il,ir,t0,t1);
1098 CAMELLIA_ROUNDSM(io[2],io[3],
1099 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1100 io[0],io[1],il,ir,t0,t1);
1101 CAMELLIA_ROUNDSM(io[0],io[1],
1102 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1103 io[2],io[3],il,ir,t0,t1);
1104 CAMELLIA_ROUNDSM(io[2],io[3],
1105 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1106 io[0],io[1],il,ir,t0,t1);
1107 CAMELLIA_ROUNDSM(io[0],io[1],
1108 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1109 io[2],io[3],il,ir,t0,t1);
1110 CAMELLIA_ROUNDSM(io[2],io[3],
1111 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1112 io[0],io[1],il,ir,t0,t1);
1113
1114 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1115 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1116 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1117 t0,t1,il,ir);
1118
1119 CAMELLIA_ROUNDSM(io[0],io[1],
1120 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1121 io[2],io[3],il,ir,t0,t1);
1122 CAMELLIA_ROUNDSM(io[2],io[3],
1123 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1124 io[0],io[1],il,ir,t0,t1);
1125 CAMELLIA_ROUNDSM(io[0],io[1],
1126 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1127 io[2],io[3],il,ir,t0,t1);
1128 CAMELLIA_ROUNDSM(io[2],io[3],
1129 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1130 io[0],io[1],il,ir,t0,t1);
1131 CAMELLIA_ROUNDSM(io[0],io[1],
1132 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1133 io[2],io[3],il,ir,t0,t1);
1134 CAMELLIA_ROUNDSM(io[2],io[3],
1135 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1136 io[0],io[1],il,ir,t0,t1);
1137
1138 /* post whitening but kw4 */
1139 io[2] ^= CamelliaSubkeyL(0);
1140 io[3] ^= CamelliaSubkeyR(0);
1141
1142 t0 = io[0];
1143 t1 = io[1];
1144 io[0] = io[2];
1145 io[1] = io[3];
1146 io[2] = t0;
1147 io[3] = t1;
1148
1149 return;
1150 }
1151
1152 /**
1153 * stuff for 192 and 256bit encryption/decryption
1154 */
camellia_encrypt256(const u32 * subkey,u32 * io)1155 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1156 {
1157 u32 il,ir,t0,t1; /* temporary valiables */
1158
1159 /* pre whitening but absorb kw2*/
1160 io[0] ^= CamelliaSubkeyL(0);
1161 io[1] ^= CamelliaSubkeyR(0);
1162
1163 /* main iteration */
1164 CAMELLIA_ROUNDSM(io[0],io[1],
1165 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1166 io[2],io[3],il,ir,t0,t1);
1167 CAMELLIA_ROUNDSM(io[2],io[3],
1168 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1169 io[0],io[1],il,ir,t0,t1);
1170 CAMELLIA_ROUNDSM(io[0],io[1],
1171 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1172 io[2],io[3],il,ir,t0,t1);
1173 CAMELLIA_ROUNDSM(io[2],io[3],
1174 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1175 io[0],io[1],il,ir,t0,t1);
1176 CAMELLIA_ROUNDSM(io[0],io[1],
1177 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1178 io[2],io[3],il,ir,t0,t1);
1179 CAMELLIA_ROUNDSM(io[2],io[3],
1180 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1181 io[0],io[1],il,ir,t0,t1);
1182
1183 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1184 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1185 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1186 t0,t1,il,ir);
1187
1188 CAMELLIA_ROUNDSM(io[0],io[1],
1189 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1190 io[2],io[3],il,ir,t0,t1);
1191 CAMELLIA_ROUNDSM(io[2],io[3],
1192 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1193 io[0],io[1],il,ir,t0,t1);
1194 CAMELLIA_ROUNDSM(io[0],io[1],
1195 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1196 io[2],io[3],il,ir,t0,t1);
1197 CAMELLIA_ROUNDSM(io[2],io[3],
1198 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1199 io[0],io[1],il,ir,t0,t1);
1200 CAMELLIA_ROUNDSM(io[0],io[1],
1201 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1202 io[2],io[3],il,ir,t0,t1);
1203 CAMELLIA_ROUNDSM(io[2],io[3],
1204 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1205 io[0],io[1],il,ir,t0,t1);
1206
1207 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1208 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1209 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1210 t0,t1,il,ir);
1211
1212 CAMELLIA_ROUNDSM(io[0],io[1],
1213 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1214 io[2],io[3],il,ir,t0,t1);
1215 CAMELLIA_ROUNDSM(io[2],io[3],
1216 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1217 io[0],io[1],il,ir,t0,t1);
1218 CAMELLIA_ROUNDSM(io[0],io[1],
1219 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1220 io[2],io[3],il,ir,t0,t1);
1221 CAMELLIA_ROUNDSM(io[2],io[3],
1222 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1223 io[0],io[1],il,ir,t0,t1);
1224 CAMELLIA_ROUNDSM(io[0],io[1],
1225 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1226 io[2],io[3],il,ir,t0,t1);
1227 CAMELLIA_ROUNDSM(io[2],io[3],
1228 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1229 io[0],io[1],il,ir,t0,t1);
1230
1231 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1232 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1233 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1234 t0,t1,il,ir);
1235
1236 CAMELLIA_ROUNDSM(io[0],io[1],
1237 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1238 io[2],io[3],il,ir,t0,t1);
1239 CAMELLIA_ROUNDSM(io[2],io[3],
1240 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1241 io[0],io[1],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[0],io[1],
1243 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1244 io[2],io[3],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[2],io[3],
1246 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1247 io[0],io[1],il,ir,t0,t1);
1248 CAMELLIA_ROUNDSM(io[0],io[1],
1249 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1250 io[2],io[3],il,ir,t0,t1);
1251 CAMELLIA_ROUNDSM(io[2],io[3],
1252 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1253 io[0],io[1],il,ir,t0,t1);
1254
1255 /* post whitening but kw4 */
1256 io[2] ^= CamelliaSubkeyL(32);
1257 io[3] ^= CamelliaSubkeyR(32);
1258
1259 t0 = io[0];
1260 t1 = io[1];
1261 io[0] = io[2];
1262 io[1] = io[3];
1263 io[2] = t0;
1264 io[3] = t1;
1265
1266 return;
1267 }
1268
camellia_decrypt256(const u32 * subkey,u32 * io)1269 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1270 {
1271 u32 il,ir,t0,t1; /* temporary valiables */
1272
1273 /* pre whitening but absorb kw2*/
1274 io[0] ^= CamelliaSubkeyL(32);
1275 io[1] ^= CamelliaSubkeyR(32);
1276
1277 /* main iteration */
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1283 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[0],io[1],
1285 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1286 io[2],io[3],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[2],io[3],
1288 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1289 io[0],io[1],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1295 io[0],io[1],il,ir,t0,t1);
1296
1297 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1298 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1299 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1300 t0,t1,il,ir);
1301
1302 CAMELLIA_ROUNDSM(io[0],io[1],
1303 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1304 io[2],io[3],il,ir,t0,t1);
1305 CAMELLIA_ROUNDSM(io[2],io[3],
1306 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1307 io[0],io[1],il,ir,t0,t1);
1308 CAMELLIA_ROUNDSM(io[0],io[1],
1309 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1310 io[2],io[3],il,ir,t0,t1);
1311 CAMELLIA_ROUNDSM(io[2],io[3],
1312 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1313 io[0],io[1],il,ir,t0,t1);
1314 CAMELLIA_ROUNDSM(io[0],io[1],
1315 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1316 io[2],io[3],il,ir,t0,t1);
1317 CAMELLIA_ROUNDSM(io[2],io[3],
1318 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1319 io[0],io[1],il,ir,t0,t1);
1320
1321 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1322 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1323 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1324 t0,t1,il,ir);
1325
1326 CAMELLIA_ROUNDSM(io[0],io[1],
1327 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1328 io[2],io[3],il,ir,t0,t1);
1329 CAMELLIA_ROUNDSM(io[2],io[3],
1330 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1331 io[0],io[1],il,ir,t0,t1);
1332 CAMELLIA_ROUNDSM(io[0],io[1],
1333 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1334 io[2],io[3],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[2],io[3],
1336 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1337 io[0],io[1],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[0],io[1],
1339 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1340 io[2],io[3],il,ir,t0,t1);
1341 CAMELLIA_ROUNDSM(io[2],io[3],
1342 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1343 io[0],io[1],il,ir,t0,t1);
1344
1345 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1346 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1347 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1348 t0,t1,il,ir);
1349
1350 CAMELLIA_ROUNDSM(io[0],io[1],
1351 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1352 io[2],io[3],il,ir,t0,t1);
1353 CAMELLIA_ROUNDSM(io[2],io[3],
1354 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1355 io[0],io[1],il,ir,t0,t1);
1356 CAMELLIA_ROUNDSM(io[0],io[1],
1357 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1358 io[2],io[3],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[2],io[3],
1360 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1361 io[0],io[1],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[0],io[1],
1363 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1364 io[2],io[3],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[2],io[3],
1366 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1367 io[0],io[1],il,ir,t0,t1);
1368
1369 /* post whitening but kw4 */
1370 io[2] ^= CamelliaSubkeyL(0);
1371 io[3] ^= CamelliaSubkeyR(0);
1372
1373 t0 = io[0];
1374 t1 = io[1];
1375 io[0] = io[2];
1376 io[1] = io[3];
1377 io[2] = t0;
1378 io[3] = t1;
1379
1380 return;
1381 }
1382
1383 /***
1384 *
1385 * API for compatibility
1386 */
1387
Camellia_Ekeygen(const int keyBitLength,const unsigned char * rawKey,KEY_TABLE_TYPE keyTable)1388 void Camellia_Ekeygen(const int keyBitLength,
1389 const unsigned char *rawKey,
1390 KEY_TABLE_TYPE keyTable)
1391 {
1392 switch(keyBitLength) {
1393 case 128:
1394 camellia_setup128(rawKey, keyTable);
1395 break;
1396 case 192:
1397 camellia_setup192(rawKey, keyTable);
1398 break;
1399 case 256:
1400 camellia_setup256(rawKey, keyTable);
1401 break;
1402 default:
1403 break;
1404 }
1405 }
1406
1407
Camellia_EncryptBlock(const int keyBitLength,const unsigned char * plaintext,const KEY_TABLE_TYPE keyTable,unsigned char * ciphertext)1408 void Camellia_EncryptBlock(const int keyBitLength,
1409 const unsigned char *plaintext,
1410 const KEY_TABLE_TYPE keyTable,
1411 unsigned char *ciphertext)
1412 {
1413 u32 tmp[4];
1414
1415 tmp[0] = GETU32(plaintext);
1416 tmp[1] = GETU32(plaintext + 4);
1417 tmp[2] = GETU32(plaintext + 8);
1418 tmp[3] = GETU32(plaintext + 12);
1419
1420 switch (keyBitLength) {
1421 case 128:
1422 camellia_encrypt128(keyTable, tmp);
1423 break;
1424 case 192:
1425 /* fall through */
1426 case 256:
1427 camellia_encrypt256(keyTable, tmp);
1428 break;
1429 default:
1430 break;
1431 }
1432
1433 PUTU32(ciphertext, tmp[0]);
1434 PUTU32(ciphertext + 4, tmp[1]);
1435 PUTU32(ciphertext + 8, tmp[2]);
1436 PUTU32(ciphertext + 12, tmp[3]);
1437 }
1438
Camellia_DecryptBlock(const int keyBitLength,const unsigned char * ciphertext,const KEY_TABLE_TYPE keyTable,unsigned char * plaintext)1439 void Camellia_DecryptBlock(const int keyBitLength,
1440 const unsigned char *ciphertext,
1441 const KEY_TABLE_TYPE keyTable,
1442 unsigned char *plaintext)
1443 {
1444 u32 tmp[4];
1445
1446 tmp[0] = GETU32(ciphertext);
1447 tmp[1] = GETU32(ciphertext + 4);
1448 tmp[2] = GETU32(ciphertext + 8);
1449 tmp[3] = GETU32(ciphertext + 12);
1450
1451 switch (keyBitLength) {
1452 case 128:
1453 camellia_decrypt128(keyTable, tmp);
1454 break;
1455 case 192:
1456 /* fall through */
1457 case 256:
1458 camellia_decrypt256(keyTable, tmp);
1459 break;
1460 default:
1461 break;
1462 }
1463 PUTU32(plaintext, tmp[0]);
1464 PUTU32(plaintext + 4, tmp[1]);
1465 PUTU32(plaintext + 8, tmp[2]);
1466 PUTU32(plaintext + 12, tmp[3]);
1467 }
1468