1*0a6a1f1dSLionel Sambuc /* $NetBSD: camellia-ntt.c,v 1.1.1.2 2014/04/24 12:45:30 pettai Exp $ */
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambuc /* camellia.c ver 1.2.0
4ebfedea0SLionel Sambuc *
5ebfedea0SLionel Sambuc * Copyright (c) 2006,2007
6ebfedea0SLionel Sambuc * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
7ebfedea0SLionel Sambuc *
8ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
9ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
10ebfedea0SLionel Sambuc * are met:
11ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
12ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer as
13ebfedea0SLionel Sambuc * the first lines of this file unmodified.
14ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
15ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
16ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
17ebfedea0SLionel Sambuc *
18ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
19ebfedea0SLionel Sambuc * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20ebfedea0SLionel Sambuc * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21ebfedea0SLionel Sambuc * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
22ebfedea0SLionel Sambuc * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24ebfedea0SLionel Sambuc * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25ebfedea0SLionel Sambuc * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26ebfedea0SLionel Sambuc * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27ebfedea0SLionel Sambuc * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28ebfedea0SLionel Sambuc */
29ebfedea0SLionel Sambuc
30ebfedea0SLionel Sambuc /*
31ebfedea0SLionel Sambuc * Algorithm Specification
32ebfedea0SLionel Sambuc * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
33ebfedea0SLionel Sambuc */
34ebfedea0SLionel Sambuc
35ebfedea0SLionel Sambuc #include "config.h"
36ebfedea0SLionel Sambuc
37ebfedea0SLionel Sambuc #include <string.h>
38ebfedea0SLionel Sambuc #include <stdlib.h>
39ebfedea0SLionel Sambuc
40ebfedea0SLionel Sambuc #include <krb5/krb5-types.h>
41ebfedea0SLionel Sambuc #include "camellia-ntt.h"
42ebfedea0SLionel Sambuc
43ebfedea0SLionel Sambuc #include <krb5/roken.h>
44ebfedea0SLionel Sambuc
45ebfedea0SLionel Sambuc /* key constants */
46ebfedea0SLionel Sambuc
47ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA1L (0xA09E667FL)
48ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA1R (0x3BCC908BL)
49ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA2L (0xB67AE858L)
50ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
51ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA3L (0xC6EF372FL)
52ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA3R (0xE94F82BEL)
53ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA4L (0x54FF53A5L)
54ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
55ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA5L (0x10E527FAL)
56ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA5R (0xDE682D1DL)
57ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA6L (0xB05688C2L)
58ebfedea0SLionel Sambuc #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
59ebfedea0SLionel Sambuc
60ebfedea0SLionel Sambuc /*
61ebfedea0SLionel Sambuc * macros
62ebfedea0SLionel Sambuc */
63ebfedea0SLionel Sambuc
64ebfedea0SLionel Sambuc
65ebfedea0SLionel Sambuc #if defined(_MSC_VER)
66ebfedea0SLionel Sambuc
67ebfedea0SLionel Sambuc # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
68ebfedea0SLionel Sambuc # define GETU32(p) SWAP(*((u32 *)(p)))
69ebfedea0SLionel Sambuc # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
70ebfedea0SLionel Sambuc
71ebfedea0SLionel Sambuc #else /* not MS-VC */
72ebfedea0SLionel Sambuc
73ebfedea0SLionel Sambuc # define GETU32(pt) \
74ebfedea0SLionel Sambuc (((u32)(pt)[0] << 24) \
75ebfedea0SLionel Sambuc ^ ((u32)(pt)[1] << 16) \
76ebfedea0SLionel Sambuc ^ ((u32)(pt)[2] << 8) \
77ebfedea0SLionel Sambuc ^ ((u32)(pt)[3]))
78ebfedea0SLionel Sambuc
79ebfedea0SLionel Sambuc # define PUTU32(ct, st) { \
80ebfedea0SLionel Sambuc (ct)[0] = (u8)((st) >> 24); \
81ebfedea0SLionel Sambuc (ct)[1] = (u8)((st) >> 16); \
82ebfedea0SLionel Sambuc (ct)[2] = (u8)((st) >> 8); \
83ebfedea0SLionel Sambuc (ct)[3] = (u8)(st); }
84ebfedea0SLionel Sambuc
85ebfedea0SLionel Sambuc #endif
86ebfedea0SLionel Sambuc
87ebfedea0SLionel Sambuc #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
88ebfedea0SLionel Sambuc #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
89ebfedea0SLionel Sambuc
90ebfedea0SLionel Sambuc /* rotation right shift 1byte */
91ebfedea0SLionel Sambuc #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
92ebfedea0SLionel Sambuc /* rotation left shift 1bit */
93ebfedea0SLionel Sambuc #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
94ebfedea0SLionel Sambuc /* rotation left shift 1byte */
95ebfedea0SLionel Sambuc #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
96ebfedea0SLionel Sambuc
97ebfedea0SLionel Sambuc #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
98ebfedea0SLionel Sambuc do { \
99ebfedea0SLionel Sambuc w0 = ll; \
100ebfedea0SLionel Sambuc ll = (ll << bits) + (lr >> (32 - bits)); \
101ebfedea0SLionel Sambuc lr = (lr << bits) + (rl >> (32 - bits)); \
102ebfedea0SLionel Sambuc rl = (rl << bits) + (rr >> (32 - bits)); \
103ebfedea0SLionel Sambuc rr = (rr << bits) + (w0 >> (32 - bits)); \
104ebfedea0SLionel Sambuc } while(0)
105ebfedea0SLionel Sambuc
106ebfedea0SLionel Sambuc #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
107ebfedea0SLionel Sambuc do { \
108ebfedea0SLionel Sambuc w0 = ll; \
109ebfedea0SLionel Sambuc w1 = lr; \
110ebfedea0SLionel Sambuc ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
111ebfedea0SLionel Sambuc lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
112ebfedea0SLionel Sambuc rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
113ebfedea0SLionel Sambuc rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
114ebfedea0SLionel Sambuc } while(0)
115ebfedea0SLionel Sambuc
116ebfedea0SLionel Sambuc #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
117ebfedea0SLionel Sambuc #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
118ebfedea0SLionel Sambuc #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
119ebfedea0SLionel Sambuc #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
120ebfedea0SLionel Sambuc
121ebfedea0SLionel Sambuc #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
122ebfedea0SLionel Sambuc do { \
123ebfedea0SLionel Sambuc il = xl ^ kl; \
124ebfedea0SLionel Sambuc ir = xr ^ kr; \
125ebfedea0SLionel Sambuc t0 = il >> 16; \
126ebfedea0SLionel Sambuc t1 = ir >> 16; \
127ebfedea0SLionel Sambuc yl = CAMELLIA_SP1110(ir & 0xff) \
128ebfedea0SLionel Sambuc ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
129ebfedea0SLionel Sambuc ^ CAMELLIA_SP3033(t1 & 0xff) \
130ebfedea0SLionel Sambuc ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
131ebfedea0SLionel Sambuc yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
132ebfedea0SLionel Sambuc ^ CAMELLIA_SP0222(t0 & 0xff) \
133ebfedea0SLionel Sambuc ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
134ebfedea0SLionel Sambuc ^ CAMELLIA_SP4404(il & 0xff); \
135ebfedea0SLionel Sambuc yl ^= yr; \
136ebfedea0SLionel Sambuc yr = CAMELLIA_RR8(yr); \
137ebfedea0SLionel Sambuc yr ^= yl; \
138ebfedea0SLionel Sambuc } while(0)
139ebfedea0SLionel Sambuc
140ebfedea0SLionel Sambuc
141ebfedea0SLionel Sambuc /*
142ebfedea0SLionel Sambuc * for speed up
143ebfedea0SLionel Sambuc *
144ebfedea0SLionel Sambuc */
145ebfedea0SLionel Sambuc #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
146ebfedea0SLionel Sambuc do { \
147ebfedea0SLionel Sambuc t0 = kll; \
148ebfedea0SLionel Sambuc t0 &= ll; \
149ebfedea0SLionel Sambuc lr ^= CAMELLIA_RL1(t0); \
150ebfedea0SLionel Sambuc t1 = klr; \
151ebfedea0SLionel Sambuc t1 |= lr; \
152ebfedea0SLionel Sambuc ll ^= t1; \
153ebfedea0SLionel Sambuc \
154ebfedea0SLionel Sambuc t2 = krr; \
155ebfedea0SLionel Sambuc t2 |= rr; \
156ebfedea0SLionel Sambuc rl ^= t2; \
157ebfedea0SLionel Sambuc t3 = krl; \
158ebfedea0SLionel Sambuc t3 &= rl; \
159ebfedea0SLionel Sambuc rr ^= CAMELLIA_RL1(t3); \
160ebfedea0SLionel Sambuc } while(0)
161ebfedea0SLionel Sambuc
162ebfedea0SLionel Sambuc #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
163ebfedea0SLionel Sambuc do { \
164ebfedea0SLionel Sambuc ir = CAMELLIA_SP1110(xr & 0xff) \
165ebfedea0SLionel Sambuc ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
166ebfedea0SLionel Sambuc ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
167ebfedea0SLionel Sambuc ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
168ebfedea0SLionel Sambuc il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
169ebfedea0SLionel Sambuc ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
170ebfedea0SLionel Sambuc ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
171ebfedea0SLionel Sambuc ^ CAMELLIA_SP4404(xl & 0xff); \
172ebfedea0SLionel Sambuc il ^= kl; \
173ebfedea0SLionel Sambuc ir ^= kr; \
174ebfedea0SLionel Sambuc ir ^= il; \
175ebfedea0SLionel Sambuc il = CAMELLIA_RR8(il); \
176ebfedea0SLionel Sambuc il ^= ir; \
177ebfedea0SLionel Sambuc yl ^= ir; \
178ebfedea0SLionel Sambuc yr ^= il; \
179ebfedea0SLionel Sambuc } while(0)
180ebfedea0SLionel Sambuc
181ebfedea0SLionel Sambuc
182ebfedea0SLionel Sambuc static const u32 camellia_sp1110[256] = {
183ebfedea0SLionel Sambuc 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
184ebfedea0SLionel Sambuc 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
185ebfedea0SLionel Sambuc 0xe4e4e400,0x85858500,0x57575700,0x35353500,
186ebfedea0SLionel Sambuc 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
187ebfedea0SLionel Sambuc 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
188ebfedea0SLionel Sambuc 0x45454500,0x19191900,0xa5a5a500,0x21212100,
189ebfedea0SLionel Sambuc 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
190ebfedea0SLionel Sambuc 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
191ebfedea0SLionel Sambuc 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
192ebfedea0SLionel Sambuc 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
193ebfedea0SLionel Sambuc 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
194ebfedea0SLionel Sambuc 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
195ebfedea0SLionel Sambuc 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
196ebfedea0SLionel Sambuc 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
197ebfedea0SLionel Sambuc 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
198ebfedea0SLionel Sambuc 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
199ebfedea0SLionel Sambuc 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
200ebfedea0SLionel Sambuc 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
201ebfedea0SLionel Sambuc 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
202ebfedea0SLionel Sambuc 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
203ebfedea0SLionel Sambuc 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
204ebfedea0SLionel Sambuc 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
205ebfedea0SLionel Sambuc 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
206ebfedea0SLionel Sambuc 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
207ebfedea0SLionel Sambuc 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
208ebfedea0SLionel Sambuc 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
209ebfedea0SLionel Sambuc 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
210ebfedea0SLionel Sambuc 0x53535300,0x18181800,0xf2f2f200,0x22222200,
211ebfedea0SLionel Sambuc 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
212ebfedea0SLionel Sambuc 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
213ebfedea0SLionel Sambuc 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
214ebfedea0SLionel Sambuc 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
215ebfedea0SLionel Sambuc 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
216ebfedea0SLionel Sambuc 0xa1a1a100,0x89898900,0x62626200,0x97979700,
217ebfedea0SLionel Sambuc 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
218ebfedea0SLionel Sambuc 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
219ebfedea0SLionel Sambuc 0x10101000,0xc4c4c400,0x00000000,0x48484800,
220ebfedea0SLionel Sambuc 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
221ebfedea0SLionel Sambuc 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
222ebfedea0SLionel Sambuc 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
223ebfedea0SLionel Sambuc 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
224ebfedea0SLionel Sambuc 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
225ebfedea0SLionel Sambuc 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
226ebfedea0SLionel Sambuc 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
227ebfedea0SLionel Sambuc 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
228ebfedea0SLionel Sambuc 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
229ebfedea0SLionel Sambuc 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
230ebfedea0SLionel Sambuc 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
231ebfedea0SLionel Sambuc 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
232ebfedea0SLionel Sambuc 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
233ebfedea0SLionel Sambuc 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
234ebfedea0SLionel Sambuc 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
235ebfedea0SLionel Sambuc 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
236ebfedea0SLionel Sambuc 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
237ebfedea0SLionel Sambuc 0xd4d4d400,0x25252500,0xababab00,0x42424200,
238ebfedea0SLionel Sambuc 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
239ebfedea0SLionel Sambuc 0x72727200,0x07070700,0xb9b9b900,0x55555500,
240ebfedea0SLionel Sambuc 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
241ebfedea0SLionel Sambuc 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
242ebfedea0SLionel Sambuc 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
243ebfedea0SLionel Sambuc 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
244ebfedea0SLionel Sambuc 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
245ebfedea0SLionel Sambuc 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
246ebfedea0SLionel Sambuc 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
247ebfedea0SLionel Sambuc };
248ebfedea0SLionel Sambuc
249ebfedea0SLionel Sambuc static const u32 camellia_sp0222[256] = {
250ebfedea0SLionel Sambuc 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
251ebfedea0SLionel Sambuc 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
252ebfedea0SLionel Sambuc 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
253ebfedea0SLionel Sambuc 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
254ebfedea0SLionel Sambuc 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
255ebfedea0SLionel Sambuc 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
256ebfedea0SLionel Sambuc 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
257ebfedea0SLionel Sambuc 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
258ebfedea0SLionel Sambuc 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
259ebfedea0SLionel Sambuc 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
260ebfedea0SLionel Sambuc 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
261ebfedea0SLionel Sambuc 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
262ebfedea0SLionel Sambuc 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
263ebfedea0SLionel Sambuc 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
264ebfedea0SLionel Sambuc 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
265ebfedea0SLionel Sambuc 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
266ebfedea0SLionel Sambuc 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
267ebfedea0SLionel Sambuc 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
268ebfedea0SLionel Sambuc 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
269ebfedea0SLionel Sambuc 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
270ebfedea0SLionel Sambuc 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
271ebfedea0SLionel Sambuc 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
272ebfedea0SLionel Sambuc 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
273ebfedea0SLionel Sambuc 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
274ebfedea0SLionel Sambuc 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
275ebfedea0SLionel Sambuc 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
276ebfedea0SLionel Sambuc 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
277ebfedea0SLionel Sambuc 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
278ebfedea0SLionel Sambuc 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
279ebfedea0SLionel Sambuc 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
280ebfedea0SLionel Sambuc 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
281ebfedea0SLionel Sambuc 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
282ebfedea0SLionel Sambuc 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
283ebfedea0SLionel Sambuc 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
284ebfedea0SLionel Sambuc 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
285ebfedea0SLionel Sambuc 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
286ebfedea0SLionel Sambuc 0x00202020,0x00898989,0x00000000,0x00909090,
287ebfedea0SLionel Sambuc 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
288ebfedea0SLionel Sambuc 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
289ebfedea0SLionel Sambuc 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
290ebfedea0SLionel Sambuc 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
291ebfedea0SLionel Sambuc 0x009b9b9b,0x00949494,0x00212121,0x00666666,
292ebfedea0SLionel Sambuc 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
293ebfedea0SLionel Sambuc 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
294ebfedea0SLionel Sambuc 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
295ebfedea0SLionel Sambuc 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
296ebfedea0SLionel Sambuc 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
297ebfedea0SLionel Sambuc 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
298ebfedea0SLionel Sambuc 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
299ebfedea0SLionel Sambuc 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
300ebfedea0SLionel Sambuc 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
301ebfedea0SLionel Sambuc 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
302ebfedea0SLionel Sambuc 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
303ebfedea0SLionel Sambuc 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
304ebfedea0SLionel Sambuc 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
305ebfedea0SLionel Sambuc 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
306ebfedea0SLionel Sambuc 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
307ebfedea0SLionel Sambuc 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
308ebfedea0SLionel Sambuc 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
309ebfedea0SLionel Sambuc 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
310ebfedea0SLionel Sambuc 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
311ebfedea0SLionel Sambuc 0x00777777,0x00939393,0x00868686,0x00838383,
312ebfedea0SLionel Sambuc 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
313ebfedea0SLionel Sambuc 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
314ebfedea0SLionel Sambuc };
315ebfedea0SLionel Sambuc
316ebfedea0SLionel Sambuc static const u32 camellia_sp3033[256] = {
317ebfedea0SLionel Sambuc 0x38003838,0x41004141,0x16001616,0x76007676,
318ebfedea0SLionel Sambuc 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
319ebfedea0SLionel Sambuc 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
320ebfedea0SLionel Sambuc 0x75007575,0x06000606,0x57005757,0xa000a0a0,
321ebfedea0SLionel Sambuc 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
322ebfedea0SLionel Sambuc 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
323ebfedea0SLionel Sambuc 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
324ebfedea0SLionel Sambuc 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
325ebfedea0SLionel Sambuc 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
326ebfedea0SLionel Sambuc 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
327ebfedea0SLionel Sambuc 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
328ebfedea0SLionel Sambuc 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
329ebfedea0SLionel Sambuc 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
330ebfedea0SLionel Sambuc 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
331ebfedea0SLionel Sambuc 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
332ebfedea0SLionel Sambuc 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
333ebfedea0SLionel Sambuc 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
334ebfedea0SLionel Sambuc 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
335ebfedea0SLionel Sambuc 0x3a003a3a,0x09000909,0x95009595,0x10001010,
336ebfedea0SLionel Sambuc 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
337ebfedea0SLionel Sambuc 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
338ebfedea0SLionel Sambuc 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
339ebfedea0SLionel Sambuc 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
340ebfedea0SLionel Sambuc 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
341ebfedea0SLionel Sambuc 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
342ebfedea0SLionel Sambuc 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
343ebfedea0SLionel Sambuc 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
344ebfedea0SLionel Sambuc 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
345ebfedea0SLionel Sambuc 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
346ebfedea0SLionel Sambuc 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
347ebfedea0SLionel Sambuc 0x12001212,0x04000404,0x74007474,0x54005454,
348ebfedea0SLionel Sambuc 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
349ebfedea0SLionel Sambuc 0x55005555,0x68006868,0x50005050,0xbe00bebe,
350ebfedea0SLionel Sambuc 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
351ebfedea0SLionel Sambuc 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
352ebfedea0SLionel Sambuc 0x70007070,0xff00ffff,0x32003232,0x69006969,
353ebfedea0SLionel Sambuc 0x08000808,0x62006262,0x00000000,0x24002424,
354ebfedea0SLionel Sambuc 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
355ebfedea0SLionel Sambuc 0x45004545,0x81008181,0x73007373,0x6d006d6d,
356ebfedea0SLionel Sambuc 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
357ebfedea0SLionel Sambuc 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
358ebfedea0SLionel Sambuc 0xe600e6e6,0x25002525,0x48004848,0x99009999,
359ebfedea0SLionel Sambuc 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
360ebfedea0SLionel Sambuc 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
361ebfedea0SLionel Sambuc 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
362ebfedea0SLionel Sambuc 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
363ebfedea0SLionel Sambuc 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
364ebfedea0SLionel Sambuc 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
365ebfedea0SLionel Sambuc 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
366ebfedea0SLionel Sambuc 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
367ebfedea0SLionel Sambuc 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
368ebfedea0SLionel Sambuc 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
369ebfedea0SLionel Sambuc 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
370ebfedea0SLionel Sambuc 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
371ebfedea0SLionel Sambuc 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
372ebfedea0SLionel Sambuc 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
373ebfedea0SLionel Sambuc 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
374ebfedea0SLionel Sambuc 0x7c007c7c,0x77007777,0x56005656,0x05000505,
375ebfedea0SLionel Sambuc 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
376ebfedea0SLionel Sambuc 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
377ebfedea0SLionel Sambuc 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
378ebfedea0SLionel Sambuc 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
379ebfedea0SLionel Sambuc 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
380ebfedea0SLionel Sambuc 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
381ebfedea0SLionel Sambuc };
382ebfedea0SLionel Sambuc
383ebfedea0SLionel Sambuc static const u32 camellia_sp4404[256] = {
384ebfedea0SLionel Sambuc 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
385ebfedea0SLionel Sambuc 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
386ebfedea0SLionel Sambuc 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
387ebfedea0SLionel Sambuc 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
388ebfedea0SLionel Sambuc 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
389ebfedea0SLionel Sambuc 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
390ebfedea0SLionel Sambuc 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
391ebfedea0SLionel Sambuc 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
392ebfedea0SLionel Sambuc 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
393ebfedea0SLionel Sambuc 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
394ebfedea0SLionel Sambuc 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
395ebfedea0SLionel Sambuc 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
396ebfedea0SLionel Sambuc 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
397ebfedea0SLionel Sambuc 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
398ebfedea0SLionel Sambuc 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
399ebfedea0SLionel Sambuc 0x24240024,0xe8e800e8,0x60600060,0x69690069,
400ebfedea0SLionel Sambuc 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
401ebfedea0SLionel Sambuc 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
402ebfedea0SLionel Sambuc 0x10100010,0x00000000,0xa3a300a3,0x75750075,
403ebfedea0SLionel Sambuc 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
404ebfedea0SLionel Sambuc 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
405ebfedea0SLionel Sambuc 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
406ebfedea0SLionel Sambuc 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
407ebfedea0SLionel Sambuc 0x81810081,0x6f6f006f,0x13130013,0x63630063,
408ebfedea0SLionel Sambuc 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
409ebfedea0SLionel Sambuc 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
410ebfedea0SLionel Sambuc 0x78780078,0x06060006,0xe7e700e7,0x71710071,
411ebfedea0SLionel Sambuc 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
412ebfedea0SLionel Sambuc 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
413ebfedea0SLionel Sambuc 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
414ebfedea0SLionel Sambuc 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
415ebfedea0SLionel Sambuc 0x15150015,0xadad00ad,0x77770077,0x80800080,
416ebfedea0SLionel Sambuc 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
417ebfedea0SLionel Sambuc 0x85850085,0x35350035,0x0c0c000c,0x41410041,
418ebfedea0SLionel Sambuc 0xefef00ef,0x93930093,0x19190019,0x21210021,
419ebfedea0SLionel Sambuc 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
420ebfedea0SLionel Sambuc 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
421ebfedea0SLionel Sambuc 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
422ebfedea0SLionel Sambuc 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
423ebfedea0SLionel Sambuc 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
424ebfedea0SLionel Sambuc 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
425ebfedea0SLionel Sambuc 0x12120012,0x20200020,0xb1b100b1,0x99990099,
426ebfedea0SLionel Sambuc 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
427ebfedea0SLionel Sambuc 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
428ebfedea0SLionel Sambuc 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
429ebfedea0SLionel Sambuc 0x0f0f000f,0x16160016,0x18180018,0x22220022,
430ebfedea0SLionel Sambuc 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
431ebfedea0SLionel Sambuc 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
432ebfedea0SLionel Sambuc 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
433ebfedea0SLionel Sambuc 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
434ebfedea0SLionel Sambuc 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
435ebfedea0SLionel Sambuc 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
436ebfedea0SLionel Sambuc 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
437ebfedea0SLionel Sambuc 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
438ebfedea0SLionel Sambuc 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
439ebfedea0SLionel Sambuc 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
440ebfedea0SLionel Sambuc 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
441ebfedea0SLionel Sambuc 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
442ebfedea0SLionel Sambuc 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
443ebfedea0SLionel Sambuc 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
444ebfedea0SLionel Sambuc 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
445ebfedea0SLionel Sambuc 0x49490049,0x68680068,0x38380038,0xa4a400a4,
446ebfedea0SLionel Sambuc 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
447ebfedea0SLionel Sambuc 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
448ebfedea0SLionel Sambuc };
449ebfedea0SLionel Sambuc
450ebfedea0SLionel Sambuc
451ebfedea0SLionel Sambuc /**
452ebfedea0SLionel Sambuc * Stuff related to the Camellia key schedule
453ebfedea0SLionel Sambuc */
454ebfedea0SLionel Sambuc #define subl(x) subL[(x)]
455ebfedea0SLionel Sambuc #define subr(x) subR[(x)]
456ebfedea0SLionel Sambuc
camellia_setup128(const unsigned char * key,u32 * subkey)457ebfedea0SLionel Sambuc static void camellia_setup128(const unsigned char *key, u32 *subkey)
458ebfedea0SLionel Sambuc {
459ebfedea0SLionel Sambuc u32 kll, klr, krl, krr;
460ebfedea0SLionel Sambuc u32 il, ir, t0, t1, w0, w1;
461ebfedea0SLionel Sambuc u32 kw4l, kw4r, dw, tl, tr;
462ebfedea0SLionel Sambuc u32 subL[26];
463ebfedea0SLionel Sambuc u32 subR[26];
464ebfedea0SLionel Sambuc
465ebfedea0SLionel Sambuc /**
466ebfedea0SLionel Sambuc * k == kll || klr || krl || krr (|| is concatination)
467ebfedea0SLionel Sambuc */
468ebfedea0SLionel Sambuc kll = GETU32(key );
469ebfedea0SLionel Sambuc klr = GETU32(key + 4);
470ebfedea0SLionel Sambuc krl = GETU32(key + 8);
471ebfedea0SLionel Sambuc krr = GETU32(key + 12);
472ebfedea0SLionel Sambuc /**
473ebfedea0SLionel Sambuc * generate KL dependent subkeys
474ebfedea0SLionel Sambuc */
475ebfedea0SLionel Sambuc subl(0) = kll; subr(0) = klr;
476ebfedea0SLionel Sambuc subl(1) = krl; subr(1) = krr;
477ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
478ebfedea0SLionel Sambuc subl(4) = kll; subr(4) = klr;
479ebfedea0SLionel Sambuc subl(5) = krl; subr(5) = krr;
480ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
481ebfedea0SLionel Sambuc subl(10) = kll; subr(10) = klr;
482ebfedea0SLionel Sambuc subl(11) = krl; subr(11) = krr;
483ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
484ebfedea0SLionel Sambuc subl(13) = krl; subr(13) = krr;
485ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
486ebfedea0SLionel Sambuc subl(16) = kll; subr(16) = klr;
487ebfedea0SLionel Sambuc subl(17) = krl; subr(17) = krr;
488ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
489ebfedea0SLionel Sambuc subl(18) = kll; subr(18) = klr;
490ebfedea0SLionel Sambuc subl(19) = krl; subr(19) = krr;
491ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
492ebfedea0SLionel Sambuc subl(22) = kll; subr(22) = klr;
493ebfedea0SLionel Sambuc subl(23) = krl; subr(23) = krr;
494ebfedea0SLionel Sambuc
495ebfedea0SLionel Sambuc /* generate KA */
496ebfedea0SLionel Sambuc kll = subl(0); klr = subr(0);
497ebfedea0SLionel Sambuc krl = subl(1); krr = subr(1);
498ebfedea0SLionel Sambuc CAMELLIA_F(kll, klr,
499ebfedea0SLionel Sambuc CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
500ebfedea0SLionel Sambuc w0, w1, il, ir, t0, t1);
501ebfedea0SLionel Sambuc krl ^= w0; krr ^= w1;
502ebfedea0SLionel Sambuc CAMELLIA_F(krl, krr,
503ebfedea0SLionel Sambuc CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
504ebfedea0SLionel Sambuc kll, klr, il, ir, t0, t1);
505ebfedea0SLionel Sambuc CAMELLIA_F(kll, klr,
506ebfedea0SLionel Sambuc CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
507ebfedea0SLionel Sambuc krl, krr, il, ir, t0, t1);
508ebfedea0SLionel Sambuc krl ^= w0; krr ^= w1;
509ebfedea0SLionel Sambuc CAMELLIA_F(krl, krr,
510ebfedea0SLionel Sambuc CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
511ebfedea0SLionel Sambuc w0, w1, il, ir, t0, t1);
512ebfedea0SLionel Sambuc kll ^= w0; klr ^= w1;
513ebfedea0SLionel Sambuc
514ebfedea0SLionel Sambuc /* generate KA dependent subkeys */
515ebfedea0SLionel Sambuc subl(2) = kll; subr(2) = klr;
516ebfedea0SLionel Sambuc subl(3) = krl; subr(3) = krr;
517ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
518ebfedea0SLionel Sambuc subl(6) = kll; subr(6) = klr;
519ebfedea0SLionel Sambuc subl(7) = krl; subr(7) = krr;
520ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
521ebfedea0SLionel Sambuc subl(8) = kll; subr(8) = klr;
522ebfedea0SLionel Sambuc subl(9) = krl; subr(9) = krr;
523ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
524ebfedea0SLionel Sambuc subl(12) = kll; subr(12) = klr;
525ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
526ebfedea0SLionel Sambuc subl(14) = kll; subr(14) = klr;
527ebfedea0SLionel Sambuc subl(15) = krl; subr(15) = krr;
528ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
529ebfedea0SLionel Sambuc subl(20) = kll; subr(20) = klr;
530ebfedea0SLionel Sambuc subl(21) = krl; subr(21) = krr;
531ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
532ebfedea0SLionel Sambuc subl(24) = kll; subr(24) = klr;
533ebfedea0SLionel Sambuc subl(25) = krl; subr(25) = krr;
534ebfedea0SLionel Sambuc
535ebfedea0SLionel Sambuc
536ebfedea0SLionel Sambuc /* absorb kw2 to other subkeys */
537ebfedea0SLionel Sambuc subl(3) ^= subl(1); subr(3) ^= subr(1);
538ebfedea0SLionel Sambuc subl(5) ^= subl(1); subr(5) ^= subr(1);
539ebfedea0SLionel Sambuc subl(7) ^= subl(1); subr(7) ^= subr(1);
540ebfedea0SLionel Sambuc subl(1) ^= subr(1) & ~subr(9);
541ebfedea0SLionel Sambuc dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
542ebfedea0SLionel Sambuc subl(11) ^= subl(1); subr(11) ^= subr(1);
543ebfedea0SLionel Sambuc subl(13) ^= subl(1); subr(13) ^= subr(1);
544ebfedea0SLionel Sambuc subl(15) ^= subl(1); subr(15) ^= subr(1);
545ebfedea0SLionel Sambuc subl(1) ^= subr(1) & ~subr(17);
546ebfedea0SLionel Sambuc dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
547ebfedea0SLionel Sambuc subl(19) ^= subl(1); subr(19) ^= subr(1);
548ebfedea0SLionel Sambuc subl(21) ^= subl(1); subr(21) ^= subr(1);
549ebfedea0SLionel Sambuc subl(23) ^= subl(1); subr(23) ^= subr(1);
550ebfedea0SLionel Sambuc subl(24) ^= subl(1); subr(24) ^= subr(1);
551ebfedea0SLionel Sambuc
552ebfedea0SLionel Sambuc /* absorb kw4 to other subkeys */
553ebfedea0SLionel Sambuc kw4l = subl(25); kw4r = subr(25);
554ebfedea0SLionel Sambuc subl(22) ^= kw4l; subr(22) ^= kw4r;
555ebfedea0SLionel Sambuc subl(20) ^= kw4l; subr(20) ^= kw4r;
556ebfedea0SLionel Sambuc subl(18) ^= kw4l; subr(18) ^= kw4r;
557ebfedea0SLionel Sambuc kw4l ^= kw4r & ~subr(16);
558ebfedea0SLionel Sambuc dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
559ebfedea0SLionel Sambuc subl(14) ^= kw4l; subr(14) ^= kw4r;
560ebfedea0SLionel Sambuc subl(12) ^= kw4l; subr(12) ^= kw4r;
561ebfedea0SLionel Sambuc subl(10) ^= kw4l; subr(10) ^= kw4r;
562ebfedea0SLionel Sambuc kw4l ^= kw4r & ~subr(8);
563ebfedea0SLionel Sambuc dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
564ebfedea0SLionel Sambuc subl(6) ^= kw4l; subr(6) ^= kw4r;
565ebfedea0SLionel Sambuc subl(4) ^= kw4l; subr(4) ^= kw4r;
566ebfedea0SLionel Sambuc subl(2) ^= kw4l; subr(2) ^= kw4r;
567ebfedea0SLionel Sambuc subl(0) ^= kw4l; subr(0) ^= kw4r;
568ebfedea0SLionel Sambuc
569ebfedea0SLionel Sambuc /* key XOR is end of F-function */
570ebfedea0SLionel Sambuc CamelliaSubkeyL(0) = subl(0) ^ subl(2);
571ebfedea0SLionel Sambuc CamelliaSubkeyR(0) = subr(0) ^ subr(2);
572ebfedea0SLionel Sambuc CamelliaSubkeyL(2) = subl(3);
573ebfedea0SLionel Sambuc CamelliaSubkeyR(2) = subr(3);
574ebfedea0SLionel Sambuc CamelliaSubkeyL(3) = subl(2) ^ subl(4);
575ebfedea0SLionel Sambuc CamelliaSubkeyR(3) = subr(2) ^ subr(4);
576ebfedea0SLionel Sambuc CamelliaSubkeyL(4) = subl(3) ^ subl(5);
577ebfedea0SLionel Sambuc CamelliaSubkeyR(4) = subr(3) ^ subr(5);
578ebfedea0SLionel Sambuc CamelliaSubkeyL(5) = subl(4) ^ subl(6);
579ebfedea0SLionel Sambuc CamelliaSubkeyR(5) = subr(4) ^ subr(6);
580ebfedea0SLionel Sambuc CamelliaSubkeyL(6) = subl(5) ^ subl(7);
581ebfedea0SLionel Sambuc CamelliaSubkeyR(6) = subr(5) ^ subr(7);
582ebfedea0SLionel Sambuc tl = subl(10) ^ (subr(10) & ~subr(8));
583ebfedea0SLionel Sambuc dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
584ebfedea0SLionel Sambuc CamelliaSubkeyL(7) = subl(6) ^ tl;
585ebfedea0SLionel Sambuc CamelliaSubkeyR(7) = subr(6) ^ tr;
586ebfedea0SLionel Sambuc CamelliaSubkeyL(8) = subl(8);
587ebfedea0SLionel Sambuc CamelliaSubkeyR(8) = subr(8);
588ebfedea0SLionel Sambuc CamelliaSubkeyL(9) = subl(9);
589ebfedea0SLionel Sambuc CamelliaSubkeyR(9) = subr(9);
590ebfedea0SLionel Sambuc tl = subl(7) ^ (subr(7) & ~subr(9));
591ebfedea0SLionel Sambuc dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
592ebfedea0SLionel Sambuc CamelliaSubkeyL(10) = tl ^ subl(11);
593ebfedea0SLionel Sambuc CamelliaSubkeyR(10) = tr ^ subr(11);
594ebfedea0SLionel Sambuc CamelliaSubkeyL(11) = subl(10) ^ subl(12);
595ebfedea0SLionel Sambuc CamelliaSubkeyR(11) = subr(10) ^ subr(12);
596ebfedea0SLionel Sambuc CamelliaSubkeyL(12) = subl(11) ^ subl(13);
597ebfedea0SLionel Sambuc CamelliaSubkeyR(12) = subr(11) ^ subr(13);
598ebfedea0SLionel Sambuc CamelliaSubkeyL(13) = subl(12) ^ subl(14);
599ebfedea0SLionel Sambuc CamelliaSubkeyR(13) = subr(12) ^ subr(14);
600ebfedea0SLionel Sambuc CamelliaSubkeyL(14) = subl(13) ^ subl(15);
601ebfedea0SLionel Sambuc CamelliaSubkeyR(14) = subr(13) ^ subr(15);
602ebfedea0SLionel Sambuc tl = subl(18) ^ (subr(18) & ~subr(16));
603ebfedea0SLionel Sambuc dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
604ebfedea0SLionel Sambuc CamelliaSubkeyL(15) = subl(14) ^ tl;
605ebfedea0SLionel Sambuc CamelliaSubkeyR(15) = subr(14) ^ tr;
606ebfedea0SLionel Sambuc CamelliaSubkeyL(16) = subl(16);
607ebfedea0SLionel Sambuc CamelliaSubkeyR(16) = subr(16);
608ebfedea0SLionel Sambuc CamelliaSubkeyL(17) = subl(17);
609ebfedea0SLionel Sambuc CamelliaSubkeyR(17) = subr(17);
610ebfedea0SLionel Sambuc tl = subl(15) ^ (subr(15) & ~subr(17));
611ebfedea0SLionel Sambuc dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
612ebfedea0SLionel Sambuc CamelliaSubkeyL(18) = tl ^ subl(19);
613ebfedea0SLionel Sambuc CamelliaSubkeyR(18) = tr ^ subr(19);
614ebfedea0SLionel Sambuc CamelliaSubkeyL(19) = subl(18) ^ subl(20);
615ebfedea0SLionel Sambuc CamelliaSubkeyR(19) = subr(18) ^ subr(20);
616ebfedea0SLionel Sambuc CamelliaSubkeyL(20) = subl(19) ^ subl(21);
617ebfedea0SLionel Sambuc CamelliaSubkeyR(20) = subr(19) ^ subr(21);
618ebfedea0SLionel Sambuc CamelliaSubkeyL(21) = subl(20) ^ subl(22);
619ebfedea0SLionel Sambuc CamelliaSubkeyR(21) = subr(20) ^ subr(22);
620ebfedea0SLionel Sambuc CamelliaSubkeyL(22) = subl(21) ^ subl(23);
621ebfedea0SLionel Sambuc CamelliaSubkeyR(22) = subr(21) ^ subr(23);
622ebfedea0SLionel Sambuc CamelliaSubkeyL(23) = subl(22);
623ebfedea0SLionel Sambuc CamelliaSubkeyR(23) = subr(22);
624ebfedea0SLionel Sambuc CamelliaSubkeyL(24) = subl(24) ^ subl(23);
625ebfedea0SLionel Sambuc CamelliaSubkeyR(24) = subr(24) ^ subr(23);
626ebfedea0SLionel Sambuc
627ebfedea0SLionel Sambuc /* apply the inverse of the last half of P-function */
628ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
629ebfedea0SLionel Sambuc CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
630ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
631ebfedea0SLionel Sambuc CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
632ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
633ebfedea0SLionel Sambuc CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
634ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
635ebfedea0SLionel Sambuc CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
636ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
637ebfedea0SLionel Sambuc CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
638ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
639ebfedea0SLionel Sambuc CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
640ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
641ebfedea0SLionel Sambuc CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
642ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
643ebfedea0SLionel Sambuc CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
644ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
645ebfedea0SLionel Sambuc CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
646ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
647ebfedea0SLionel Sambuc CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
648ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
649ebfedea0SLionel Sambuc CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
650ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
651ebfedea0SLionel Sambuc CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
652ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
653ebfedea0SLionel Sambuc CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
654ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
655ebfedea0SLionel Sambuc CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
656ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
657ebfedea0SLionel Sambuc CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
658ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
659ebfedea0SLionel Sambuc CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
660ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
661ebfedea0SLionel Sambuc CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
662ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
663ebfedea0SLionel Sambuc CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
664ebfedea0SLionel Sambuc
665ebfedea0SLionel Sambuc return;
666ebfedea0SLionel Sambuc }
667ebfedea0SLionel Sambuc
camellia_setup256(const unsigned char * key,u32 * subkey)668ebfedea0SLionel Sambuc static void camellia_setup256(const unsigned char *key, u32 *subkey)
669ebfedea0SLionel Sambuc {
670ebfedea0SLionel Sambuc u32 kll,klr,krl,krr; /* left half of key */
671ebfedea0SLionel Sambuc u32 krll,krlr,krrl,krrr; /* right half of key */
672ebfedea0SLionel Sambuc u32 il, ir, t0, t1, w0, w1; /* temporary variables */
673ebfedea0SLionel Sambuc u32 kw4l, kw4r, dw, tl, tr;
674ebfedea0SLionel Sambuc u32 subL[34];
675ebfedea0SLionel Sambuc u32 subR[34];
676ebfedea0SLionel Sambuc
677ebfedea0SLionel Sambuc /**
678ebfedea0SLionel Sambuc * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
679ebfedea0SLionel Sambuc * (|| is concatination)
680ebfedea0SLionel Sambuc */
681ebfedea0SLionel Sambuc
682ebfedea0SLionel Sambuc kll = GETU32(key );
683ebfedea0SLionel Sambuc klr = GETU32(key + 4);
684ebfedea0SLionel Sambuc krl = GETU32(key + 8);
685ebfedea0SLionel Sambuc krr = GETU32(key + 12);
686ebfedea0SLionel Sambuc krll = GETU32(key + 16);
687ebfedea0SLionel Sambuc krlr = GETU32(key + 20);
688ebfedea0SLionel Sambuc krrl = GETU32(key + 24);
689ebfedea0SLionel Sambuc krrr = GETU32(key + 28);
690ebfedea0SLionel Sambuc
691ebfedea0SLionel Sambuc /* generate KL dependent subkeys */
692ebfedea0SLionel Sambuc subl(0) = kll; subr(0) = klr;
693ebfedea0SLionel Sambuc subl(1) = krl; subr(1) = krr;
694ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
695ebfedea0SLionel Sambuc subl(12) = kll; subr(12) = klr;
696ebfedea0SLionel Sambuc subl(13) = krl; subr(13) = krr;
697ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
698ebfedea0SLionel Sambuc subl(16) = kll; subr(16) = klr;
699ebfedea0SLionel Sambuc subl(17) = krl; subr(17) = krr;
700ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
701ebfedea0SLionel Sambuc subl(22) = kll; subr(22) = klr;
702ebfedea0SLionel Sambuc subl(23) = krl; subr(23) = krr;
703ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
704ebfedea0SLionel Sambuc subl(30) = kll; subr(30) = klr;
705ebfedea0SLionel Sambuc subl(31) = krl; subr(31) = krr;
706ebfedea0SLionel Sambuc
707ebfedea0SLionel Sambuc /* generate KR dependent subkeys */
708ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
709ebfedea0SLionel Sambuc subl(4) = krll; subr(4) = krlr;
710ebfedea0SLionel Sambuc subl(5) = krrl; subr(5) = krrr;
711ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
712ebfedea0SLionel Sambuc subl(8) = krll; subr(8) = krlr;
713ebfedea0SLionel Sambuc subl(9) = krrl; subr(9) = krrr;
714ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
715ebfedea0SLionel Sambuc subl(18) = krll; subr(18) = krlr;
716ebfedea0SLionel Sambuc subl(19) = krrl; subr(19) = krrr;
717ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
718ebfedea0SLionel Sambuc subl(26) = krll; subr(26) = krlr;
719ebfedea0SLionel Sambuc subl(27) = krrl; subr(27) = krrr;
720ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
721ebfedea0SLionel Sambuc
722ebfedea0SLionel Sambuc /* generate KA */
723ebfedea0SLionel Sambuc kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
724ebfedea0SLionel Sambuc krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
725ebfedea0SLionel Sambuc CAMELLIA_F(kll, klr,
726ebfedea0SLionel Sambuc CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
727ebfedea0SLionel Sambuc w0, w1, il, ir, t0, t1);
728ebfedea0SLionel Sambuc krl ^= w0; krr ^= w1;
729ebfedea0SLionel Sambuc CAMELLIA_F(krl, krr,
730ebfedea0SLionel Sambuc CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
731ebfedea0SLionel Sambuc kll, klr, il, ir, t0, t1);
732ebfedea0SLionel Sambuc kll ^= krll; klr ^= krlr;
733ebfedea0SLionel Sambuc CAMELLIA_F(kll, klr,
734ebfedea0SLionel Sambuc CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
735ebfedea0SLionel Sambuc krl, krr, il, ir, t0, t1);
736ebfedea0SLionel Sambuc krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
737ebfedea0SLionel Sambuc CAMELLIA_F(krl, krr,
738ebfedea0SLionel Sambuc CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
739ebfedea0SLionel Sambuc w0, w1, il, ir, t0, t1);
740ebfedea0SLionel Sambuc kll ^= w0; klr ^= w1;
741ebfedea0SLionel Sambuc
742ebfedea0SLionel Sambuc /* generate KB */
743ebfedea0SLionel Sambuc krll ^= kll; krlr ^= klr;
744ebfedea0SLionel Sambuc krrl ^= krl; krrr ^= krr;
745ebfedea0SLionel Sambuc CAMELLIA_F(krll, krlr,
746ebfedea0SLionel Sambuc CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
747ebfedea0SLionel Sambuc w0, w1, il, ir, t0, t1);
748ebfedea0SLionel Sambuc krrl ^= w0; krrr ^= w1;
749ebfedea0SLionel Sambuc CAMELLIA_F(krrl, krrr,
750ebfedea0SLionel Sambuc CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
751ebfedea0SLionel Sambuc w0, w1, il, ir, t0, t1);
752ebfedea0SLionel Sambuc krll ^= w0; krlr ^= w1;
753ebfedea0SLionel Sambuc
754ebfedea0SLionel Sambuc /* generate KA dependent subkeys */
755ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
756ebfedea0SLionel Sambuc subl(6) = kll; subr(6) = klr;
757ebfedea0SLionel Sambuc subl(7) = krl; subr(7) = krr;
758ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
759ebfedea0SLionel Sambuc subl(14) = kll; subr(14) = klr;
760ebfedea0SLionel Sambuc subl(15) = krl; subr(15) = krr;
761ebfedea0SLionel Sambuc subl(24) = klr; subr(24) = krl;
762ebfedea0SLionel Sambuc subl(25) = krr; subr(25) = kll;
763ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
764ebfedea0SLionel Sambuc subl(28) = kll; subr(28) = klr;
765ebfedea0SLionel Sambuc subl(29) = krl; subr(29) = krr;
766ebfedea0SLionel Sambuc
767ebfedea0SLionel Sambuc /* generate KB dependent subkeys */
768ebfedea0SLionel Sambuc subl(2) = krll; subr(2) = krlr;
769ebfedea0SLionel Sambuc subl(3) = krrl; subr(3) = krrr;
770ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
771ebfedea0SLionel Sambuc subl(10) = krll; subr(10) = krlr;
772ebfedea0SLionel Sambuc subl(11) = krrl; subr(11) = krrr;
773ebfedea0SLionel Sambuc CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
774ebfedea0SLionel Sambuc subl(20) = krll; subr(20) = krlr;
775ebfedea0SLionel Sambuc subl(21) = krrl; subr(21) = krrr;
776ebfedea0SLionel Sambuc CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
777ebfedea0SLionel Sambuc subl(32) = krll; subr(32) = krlr;
778ebfedea0SLionel Sambuc subl(33) = krrl; subr(33) = krrr;
779ebfedea0SLionel Sambuc
780ebfedea0SLionel Sambuc /* absorb kw2 to other subkeys */
781ebfedea0SLionel Sambuc subl(3) ^= subl(1); subr(3) ^= subr(1);
782ebfedea0SLionel Sambuc subl(5) ^= subl(1); subr(5) ^= subr(1);
783ebfedea0SLionel Sambuc subl(7) ^= subl(1); subr(7) ^= subr(1);
784ebfedea0SLionel Sambuc subl(1) ^= subr(1) & ~subr(9);
785ebfedea0SLionel Sambuc dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
786ebfedea0SLionel Sambuc subl(11) ^= subl(1); subr(11) ^= subr(1);
787ebfedea0SLionel Sambuc subl(13) ^= subl(1); subr(13) ^= subr(1);
788ebfedea0SLionel Sambuc subl(15) ^= subl(1); subr(15) ^= subr(1);
789ebfedea0SLionel Sambuc subl(1) ^= subr(1) & ~subr(17);
790ebfedea0SLionel Sambuc dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
791ebfedea0SLionel Sambuc subl(19) ^= subl(1); subr(19) ^= subr(1);
792ebfedea0SLionel Sambuc subl(21) ^= subl(1); subr(21) ^= subr(1);
793ebfedea0SLionel Sambuc subl(23) ^= subl(1); subr(23) ^= subr(1);
794ebfedea0SLionel Sambuc subl(1) ^= subr(1) & ~subr(25);
795ebfedea0SLionel Sambuc dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
796ebfedea0SLionel Sambuc subl(27) ^= subl(1); subr(27) ^= subr(1);
797ebfedea0SLionel Sambuc subl(29) ^= subl(1); subr(29) ^= subr(1);
798ebfedea0SLionel Sambuc subl(31) ^= subl(1); subr(31) ^= subr(1);
799ebfedea0SLionel Sambuc subl(32) ^= subl(1); subr(32) ^= subr(1);
800ebfedea0SLionel Sambuc
801ebfedea0SLionel Sambuc /* absorb kw4 to other subkeys */
802ebfedea0SLionel Sambuc kw4l = subl(33); kw4r = subr(33);
803ebfedea0SLionel Sambuc subl(30) ^= kw4l; subr(30) ^= kw4r;
804ebfedea0SLionel Sambuc subl(28) ^= kw4l; subr(28) ^= kw4r;
805ebfedea0SLionel Sambuc subl(26) ^= kw4l; subr(26) ^= kw4r;
806ebfedea0SLionel Sambuc kw4l ^= kw4r & ~subr(24);
807ebfedea0SLionel Sambuc dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
808ebfedea0SLionel Sambuc subl(22) ^= kw4l; subr(22) ^= kw4r;
809ebfedea0SLionel Sambuc subl(20) ^= kw4l; subr(20) ^= kw4r;
810ebfedea0SLionel Sambuc subl(18) ^= kw4l; subr(18) ^= kw4r;
811ebfedea0SLionel Sambuc kw4l ^= kw4r & ~subr(16);
812ebfedea0SLionel Sambuc dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
813ebfedea0SLionel Sambuc subl(14) ^= kw4l; subr(14) ^= kw4r;
814ebfedea0SLionel Sambuc subl(12) ^= kw4l; subr(12) ^= kw4r;
815ebfedea0SLionel Sambuc subl(10) ^= kw4l; subr(10) ^= kw4r;
816ebfedea0SLionel Sambuc kw4l ^= kw4r & ~subr(8);
817ebfedea0SLionel Sambuc dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
818ebfedea0SLionel Sambuc subl(6) ^= kw4l; subr(6) ^= kw4r;
819ebfedea0SLionel Sambuc subl(4) ^= kw4l; subr(4) ^= kw4r;
820ebfedea0SLionel Sambuc subl(2) ^= kw4l; subr(2) ^= kw4r;
821ebfedea0SLionel Sambuc subl(0) ^= kw4l; subr(0) ^= kw4r;
822ebfedea0SLionel Sambuc
823ebfedea0SLionel Sambuc /* key XOR is end of F-function */
824ebfedea0SLionel Sambuc CamelliaSubkeyL(0) = subl(0) ^ subl(2);
825ebfedea0SLionel Sambuc CamelliaSubkeyR(0) = subr(0) ^ subr(2);
826ebfedea0SLionel Sambuc CamelliaSubkeyL(2) = subl(3);
827ebfedea0SLionel Sambuc CamelliaSubkeyR(2) = subr(3);
828ebfedea0SLionel Sambuc CamelliaSubkeyL(3) = subl(2) ^ subl(4);
829ebfedea0SLionel Sambuc CamelliaSubkeyR(3) = subr(2) ^ subr(4);
830ebfedea0SLionel Sambuc CamelliaSubkeyL(4) = subl(3) ^ subl(5);
831ebfedea0SLionel Sambuc CamelliaSubkeyR(4) = subr(3) ^ subr(5);
832ebfedea0SLionel Sambuc CamelliaSubkeyL(5) = subl(4) ^ subl(6);
833ebfedea0SLionel Sambuc CamelliaSubkeyR(5) = subr(4) ^ subr(6);
834ebfedea0SLionel Sambuc CamelliaSubkeyL(6) = subl(5) ^ subl(7);
835ebfedea0SLionel Sambuc CamelliaSubkeyR(6) = subr(5) ^ subr(7);
836ebfedea0SLionel Sambuc tl = subl(10) ^ (subr(10) & ~subr(8));
837ebfedea0SLionel Sambuc dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
838ebfedea0SLionel Sambuc CamelliaSubkeyL(7) = subl(6) ^ tl;
839ebfedea0SLionel Sambuc CamelliaSubkeyR(7) = subr(6) ^ tr;
840ebfedea0SLionel Sambuc CamelliaSubkeyL(8) = subl(8);
841ebfedea0SLionel Sambuc CamelliaSubkeyR(8) = subr(8);
842ebfedea0SLionel Sambuc CamelliaSubkeyL(9) = subl(9);
843ebfedea0SLionel Sambuc CamelliaSubkeyR(9) = subr(9);
844ebfedea0SLionel Sambuc tl = subl(7) ^ (subr(7) & ~subr(9));
845ebfedea0SLionel Sambuc dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
846ebfedea0SLionel Sambuc CamelliaSubkeyL(10) = tl ^ subl(11);
847ebfedea0SLionel Sambuc CamelliaSubkeyR(10) = tr ^ subr(11);
848ebfedea0SLionel Sambuc CamelliaSubkeyL(11) = subl(10) ^ subl(12);
849ebfedea0SLionel Sambuc CamelliaSubkeyR(11) = subr(10) ^ subr(12);
850ebfedea0SLionel Sambuc CamelliaSubkeyL(12) = subl(11) ^ subl(13);
851ebfedea0SLionel Sambuc CamelliaSubkeyR(12) = subr(11) ^ subr(13);
852ebfedea0SLionel Sambuc CamelliaSubkeyL(13) = subl(12) ^ subl(14);
853ebfedea0SLionel Sambuc CamelliaSubkeyR(13) = subr(12) ^ subr(14);
854ebfedea0SLionel Sambuc CamelliaSubkeyL(14) = subl(13) ^ subl(15);
855ebfedea0SLionel Sambuc CamelliaSubkeyR(14) = subr(13) ^ subr(15);
856ebfedea0SLionel Sambuc tl = subl(18) ^ (subr(18) & ~subr(16));
857ebfedea0SLionel Sambuc dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
858ebfedea0SLionel Sambuc CamelliaSubkeyL(15) = subl(14) ^ tl;
859ebfedea0SLionel Sambuc CamelliaSubkeyR(15) = subr(14) ^ tr;
860ebfedea0SLionel Sambuc CamelliaSubkeyL(16) = subl(16);
861ebfedea0SLionel Sambuc CamelliaSubkeyR(16) = subr(16);
862ebfedea0SLionel Sambuc CamelliaSubkeyL(17) = subl(17);
863ebfedea0SLionel Sambuc CamelliaSubkeyR(17) = subr(17);
864ebfedea0SLionel Sambuc tl = subl(15) ^ (subr(15) & ~subr(17));
865ebfedea0SLionel Sambuc dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
866ebfedea0SLionel Sambuc CamelliaSubkeyL(18) = tl ^ subl(19);
867ebfedea0SLionel Sambuc CamelliaSubkeyR(18) = tr ^ subr(19);
868ebfedea0SLionel Sambuc CamelliaSubkeyL(19) = subl(18) ^ subl(20);
869ebfedea0SLionel Sambuc CamelliaSubkeyR(19) = subr(18) ^ subr(20);
870ebfedea0SLionel Sambuc CamelliaSubkeyL(20) = subl(19) ^ subl(21);
871ebfedea0SLionel Sambuc CamelliaSubkeyR(20) = subr(19) ^ subr(21);
872ebfedea0SLionel Sambuc CamelliaSubkeyL(21) = subl(20) ^ subl(22);
873ebfedea0SLionel Sambuc CamelliaSubkeyR(21) = subr(20) ^ subr(22);
874ebfedea0SLionel Sambuc CamelliaSubkeyL(22) = subl(21) ^ subl(23);
875ebfedea0SLionel Sambuc CamelliaSubkeyR(22) = subr(21) ^ subr(23);
876ebfedea0SLionel Sambuc tl = subl(26) ^ (subr(26) & ~subr(24));
877ebfedea0SLionel Sambuc dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
878ebfedea0SLionel Sambuc CamelliaSubkeyL(23) = subl(22) ^ tl;
879ebfedea0SLionel Sambuc CamelliaSubkeyR(23) = subr(22) ^ tr;
880ebfedea0SLionel Sambuc CamelliaSubkeyL(24) = subl(24);
881ebfedea0SLionel Sambuc CamelliaSubkeyR(24) = subr(24);
882ebfedea0SLionel Sambuc CamelliaSubkeyL(25) = subl(25);
883ebfedea0SLionel Sambuc CamelliaSubkeyR(25) = subr(25);
884ebfedea0SLionel Sambuc tl = subl(23) ^ (subr(23) & ~subr(25));
885ebfedea0SLionel Sambuc dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
886ebfedea0SLionel Sambuc CamelliaSubkeyL(26) = tl ^ subl(27);
887ebfedea0SLionel Sambuc CamelliaSubkeyR(26) = tr ^ subr(27);
888ebfedea0SLionel Sambuc CamelliaSubkeyL(27) = subl(26) ^ subl(28);
889ebfedea0SLionel Sambuc CamelliaSubkeyR(27) = subr(26) ^ subr(28);
890ebfedea0SLionel Sambuc CamelliaSubkeyL(28) = subl(27) ^ subl(29);
891ebfedea0SLionel Sambuc CamelliaSubkeyR(28) = subr(27) ^ subr(29);
892ebfedea0SLionel Sambuc CamelliaSubkeyL(29) = subl(28) ^ subl(30);
893ebfedea0SLionel Sambuc CamelliaSubkeyR(29) = subr(28) ^ subr(30);
894ebfedea0SLionel Sambuc CamelliaSubkeyL(30) = subl(29) ^ subl(31);
895ebfedea0SLionel Sambuc CamelliaSubkeyR(30) = subr(29) ^ subr(31);
896ebfedea0SLionel Sambuc CamelliaSubkeyL(31) = subl(30);
897ebfedea0SLionel Sambuc CamelliaSubkeyR(31) = subr(30);
898ebfedea0SLionel Sambuc CamelliaSubkeyL(32) = subl(32) ^ subl(31);
899ebfedea0SLionel Sambuc CamelliaSubkeyR(32) = subr(32) ^ subr(31);
900ebfedea0SLionel Sambuc
901ebfedea0SLionel Sambuc /* apply the inverse of the last half of P-function */
902ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
903ebfedea0SLionel Sambuc CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
904ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
905ebfedea0SLionel Sambuc CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
906ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
907ebfedea0SLionel Sambuc CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
908ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
909ebfedea0SLionel Sambuc CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
910ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
911ebfedea0SLionel Sambuc CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
912ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
913ebfedea0SLionel Sambuc CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
914ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
915ebfedea0SLionel Sambuc CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
916ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
917ebfedea0SLionel Sambuc CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
918ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
919ebfedea0SLionel Sambuc CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
920ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
921ebfedea0SLionel Sambuc CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
922ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
923ebfedea0SLionel Sambuc CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
924ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
925ebfedea0SLionel Sambuc CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
926ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
927ebfedea0SLionel Sambuc CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
928ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
929ebfedea0SLionel Sambuc CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
930ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
931ebfedea0SLionel Sambuc CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
932ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
933ebfedea0SLionel Sambuc CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
934ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
935ebfedea0SLionel Sambuc CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
936ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
937ebfedea0SLionel Sambuc CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
938ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
939ebfedea0SLionel Sambuc CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
940ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
941ebfedea0SLionel Sambuc CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
942ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
943ebfedea0SLionel Sambuc CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
944ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
945ebfedea0SLionel Sambuc CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
946ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
947ebfedea0SLionel Sambuc CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
948ebfedea0SLionel Sambuc dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
949ebfedea0SLionel Sambuc CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
950ebfedea0SLionel Sambuc
951ebfedea0SLionel Sambuc return;
952ebfedea0SLionel Sambuc }
953ebfedea0SLionel Sambuc
camellia_setup192(const unsigned char * key,u32 * subkey)954ebfedea0SLionel Sambuc static void camellia_setup192(const unsigned char *key, u32 *subkey)
955ebfedea0SLionel Sambuc {
956ebfedea0SLionel Sambuc unsigned char kk[32];
957ebfedea0SLionel Sambuc u32 krll, krlr, krrl,krrr;
958ebfedea0SLionel Sambuc
959ebfedea0SLionel Sambuc memcpy(kk, key, 24);
960ebfedea0SLionel Sambuc memcpy((unsigned char *)&krll, key+16,4);
961ebfedea0SLionel Sambuc memcpy((unsigned char *)&krlr, key+20,4);
962ebfedea0SLionel Sambuc krrl = ~krll;
963ebfedea0SLionel Sambuc krrr = ~krlr;
964ebfedea0SLionel Sambuc memcpy(kk+24, (unsigned char *)&krrl, 4);
965ebfedea0SLionel Sambuc memcpy(kk+28, (unsigned char *)&krrr, 4);
966ebfedea0SLionel Sambuc camellia_setup256(kk, subkey);
967ebfedea0SLionel Sambuc return;
968ebfedea0SLionel Sambuc }
969ebfedea0SLionel Sambuc
970ebfedea0SLionel Sambuc
971ebfedea0SLionel Sambuc /**
972ebfedea0SLionel Sambuc * Stuff related to camellia encryption/decryption
973ebfedea0SLionel Sambuc *
974ebfedea0SLionel Sambuc * "io" must be 4byte aligned and big-endian data.
975ebfedea0SLionel Sambuc */
camellia_encrypt128(const u32 * subkey,u32 * io)976ebfedea0SLionel Sambuc static void camellia_encrypt128(const u32 *subkey, u32 *io)
977ebfedea0SLionel Sambuc {
978ebfedea0SLionel Sambuc u32 il, ir, t0, t1;
979ebfedea0SLionel Sambuc
980ebfedea0SLionel Sambuc /* pre whitening but absorb kw2*/
981ebfedea0SLionel Sambuc io[0] ^= CamelliaSubkeyL(0);
982ebfedea0SLionel Sambuc io[1] ^= CamelliaSubkeyR(0);
983ebfedea0SLionel Sambuc /* main iteration */
984ebfedea0SLionel Sambuc
985ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
986ebfedea0SLionel Sambuc CamelliaSubkeyL(2),CamelliaSubkeyR(2),
987ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
988ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
989ebfedea0SLionel Sambuc CamelliaSubkeyL(3),CamelliaSubkeyR(3),
990ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
991ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
992ebfedea0SLionel Sambuc CamelliaSubkeyL(4),CamelliaSubkeyR(4),
993ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
994ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
995ebfedea0SLionel Sambuc CamelliaSubkeyL(5),CamelliaSubkeyR(5),
996ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
997ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
998ebfedea0SLionel Sambuc CamelliaSubkeyL(6),CamelliaSubkeyR(6),
999ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1000ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1001ebfedea0SLionel Sambuc CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1002ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1003ebfedea0SLionel Sambuc
1004ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1005ebfedea0SLionel Sambuc CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1006ebfedea0SLionel Sambuc CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1007ebfedea0SLionel Sambuc t0,t1,il,ir);
1008ebfedea0SLionel Sambuc
1009ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1010ebfedea0SLionel Sambuc CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1011ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1012ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1013ebfedea0SLionel Sambuc CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1014ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1015ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1016ebfedea0SLionel Sambuc CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1017ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1018ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1019ebfedea0SLionel Sambuc CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1020ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1021ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1022ebfedea0SLionel Sambuc CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1023ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1024ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1025ebfedea0SLionel Sambuc CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1026ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1027ebfedea0SLionel Sambuc
1028ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1029ebfedea0SLionel Sambuc CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1030ebfedea0SLionel Sambuc CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1031ebfedea0SLionel Sambuc t0,t1,il,ir);
1032ebfedea0SLionel Sambuc
1033ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1034ebfedea0SLionel Sambuc CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1035ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1036ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1037ebfedea0SLionel Sambuc CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1038ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1039ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1040ebfedea0SLionel Sambuc CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1041ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1042ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1043ebfedea0SLionel Sambuc CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1044ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1045ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1046ebfedea0SLionel Sambuc CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1047ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1048ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1049ebfedea0SLionel Sambuc CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1050ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1051ebfedea0SLionel Sambuc
1052ebfedea0SLionel Sambuc /* post whitening but kw4 */
1053ebfedea0SLionel Sambuc io[2] ^= CamelliaSubkeyL(24);
1054ebfedea0SLionel Sambuc io[3] ^= CamelliaSubkeyR(24);
1055ebfedea0SLionel Sambuc
1056ebfedea0SLionel Sambuc t0 = io[0];
1057ebfedea0SLionel Sambuc t1 = io[1];
1058ebfedea0SLionel Sambuc io[0] = io[2];
1059ebfedea0SLionel Sambuc io[1] = io[3];
1060ebfedea0SLionel Sambuc io[2] = t0;
1061ebfedea0SLionel Sambuc io[3] = t1;
1062ebfedea0SLionel Sambuc
1063ebfedea0SLionel Sambuc return;
1064ebfedea0SLionel Sambuc }
1065ebfedea0SLionel Sambuc
camellia_decrypt128(const u32 * subkey,u32 * io)1066ebfedea0SLionel Sambuc static void camellia_decrypt128(const u32 *subkey, u32 *io)
1067ebfedea0SLionel Sambuc {
1068ebfedea0SLionel Sambuc u32 il,ir,t0,t1; /* temporary valiables */
1069ebfedea0SLionel Sambuc
1070ebfedea0SLionel Sambuc /* pre whitening but absorb kw2*/
1071ebfedea0SLionel Sambuc io[0] ^= CamelliaSubkeyL(24);
1072ebfedea0SLionel Sambuc io[1] ^= CamelliaSubkeyR(24);
1073ebfedea0SLionel Sambuc
1074ebfedea0SLionel Sambuc /* main iteration */
1075ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1076ebfedea0SLionel Sambuc CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1077ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1078ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1079ebfedea0SLionel Sambuc CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1080ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1081ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1082ebfedea0SLionel Sambuc CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1083ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1084ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1085ebfedea0SLionel Sambuc CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1086ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1087ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1088ebfedea0SLionel Sambuc CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1089ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1090ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1091ebfedea0SLionel Sambuc CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1092ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1093ebfedea0SLionel Sambuc
1094ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1095ebfedea0SLionel Sambuc CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1096ebfedea0SLionel Sambuc CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1097ebfedea0SLionel Sambuc t0,t1,il,ir);
1098ebfedea0SLionel Sambuc
1099ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1100ebfedea0SLionel Sambuc CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1101ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1102ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1103ebfedea0SLionel Sambuc CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1104ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1105ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1106ebfedea0SLionel Sambuc CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1107ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1108ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1109ebfedea0SLionel Sambuc CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1110ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1111ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1112ebfedea0SLionel Sambuc CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1113ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1114ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1115ebfedea0SLionel Sambuc CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1116ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1117ebfedea0SLionel Sambuc
1118ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1119ebfedea0SLionel Sambuc CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1120ebfedea0SLionel Sambuc CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1121ebfedea0SLionel Sambuc t0,t1,il,ir);
1122ebfedea0SLionel Sambuc
1123ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1124ebfedea0SLionel Sambuc CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1125ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1126ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1127ebfedea0SLionel Sambuc CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1128ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1129ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1130ebfedea0SLionel Sambuc CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1131ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1132ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1133ebfedea0SLionel Sambuc CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1134ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1135ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1136ebfedea0SLionel Sambuc CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1137ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1138ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1139ebfedea0SLionel Sambuc CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1140ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1141ebfedea0SLionel Sambuc
1142ebfedea0SLionel Sambuc /* post whitening but kw4 */
1143ebfedea0SLionel Sambuc io[2] ^= CamelliaSubkeyL(0);
1144ebfedea0SLionel Sambuc io[3] ^= CamelliaSubkeyR(0);
1145ebfedea0SLionel Sambuc
1146ebfedea0SLionel Sambuc t0 = io[0];
1147ebfedea0SLionel Sambuc t1 = io[1];
1148ebfedea0SLionel Sambuc io[0] = io[2];
1149ebfedea0SLionel Sambuc io[1] = io[3];
1150ebfedea0SLionel Sambuc io[2] = t0;
1151ebfedea0SLionel Sambuc io[3] = t1;
1152ebfedea0SLionel Sambuc
1153ebfedea0SLionel Sambuc return;
1154ebfedea0SLionel Sambuc }
1155ebfedea0SLionel Sambuc
1156ebfedea0SLionel Sambuc /**
1157ebfedea0SLionel Sambuc * stuff for 192 and 256bit encryption/decryption
1158ebfedea0SLionel Sambuc */
camellia_encrypt256(const u32 * subkey,u32 * io)1159ebfedea0SLionel Sambuc static void camellia_encrypt256(const u32 *subkey, u32 *io)
1160ebfedea0SLionel Sambuc {
1161ebfedea0SLionel Sambuc u32 il,ir,t0,t1; /* temporary valiables */
1162ebfedea0SLionel Sambuc
1163ebfedea0SLionel Sambuc /* pre whitening but absorb kw2*/
1164ebfedea0SLionel Sambuc io[0] ^= CamelliaSubkeyL(0);
1165ebfedea0SLionel Sambuc io[1] ^= CamelliaSubkeyR(0);
1166ebfedea0SLionel Sambuc
1167ebfedea0SLionel Sambuc /* main iteration */
1168ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1169ebfedea0SLionel Sambuc CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1170ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1171ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1172ebfedea0SLionel Sambuc CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1173ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1174ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1175ebfedea0SLionel Sambuc CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1176ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1177ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1178ebfedea0SLionel Sambuc CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1179ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1180ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1181ebfedea0SLionel Sambuc CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1182ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1183ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1184ebfedea0SLionel Sambuc CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1185ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1186ebfedea0SLionel Sambuc
1187ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1188ebfedea0SLionel Sambuc CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1189ebfedea0SLionel Sambuc CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1190ebfedea0SLionel Sambuc t0,t1,il,ir);
1191ebfedea0SLionel Sambuc
1192ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1193ebfedea0SLionel Sambuc CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1194ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1195ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1196ebfedea0SLionel Sambuc CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1197ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1198ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1199ebfedea0SLionel Sambuc CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1200ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1201ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1202ebfedea0SLionel Sambuc CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1203ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1204ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1205ebfedea0SLionel Sambuc CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1206ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1207ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1208ebfedea0SLionel Sambuc CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1209ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1210ebfedea0SLionel Sambuc
1211ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1212ebfedea0SLionel Sambuc CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1213ebfedea0SLionel Sambuc CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1214ebfedea0SLionel Sambuc t0,t1,il,ir);
1215ebfedea0SLionel Sambuc
1216ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1217ebfedea0SLionel Sambuc CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1218ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1219ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1220ebfedea0SLionel Sambuc CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1221ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1222ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1223ebfedea0SLionel Sambuc CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1224ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1225ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1226ebfedea0SLionel Sambuc CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1227ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1228ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1229ebfedea0SLionel Sambuc CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1230ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1231ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1232ebfedea0SLionel Sambuc CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1233ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1234ebfedea0SLionel Sambuc
1235ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1236ebfedea0SLionel Sambuc CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1237ebfedea0SLionel Sambuc CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1238ebfedea0SLionel Sambuc t0,t1,il,ir);
1239ebfedea0SLionel Sambuc
1240ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1241ebfedea0SLionel Sambuc CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1242ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1243ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1244ebfedea0SLionel Sambuc CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1245ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1246ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1247ebfedea0SLionel Sambuc CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1248ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1249ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1250ebfedea0SLionel Sambuc CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1251ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1252ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1253ebfedea0SLionel Sambuc CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1254ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1255ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1256ebfedea0SLionel Sambuc CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1257ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1258ebfedea0SLionel Sambuc
1259ebfedea0SLionel Sambuc /* post whitening but kw4 */
1260ebfedea0SLionel Sambuc io[2] ^= CamelliaSubkeyL(32);
1261ebfedea0SLionel Sambuc io[3] ^= CamelliaSubkeyR(32);
1262ebfedea0SLionel Sambuc
1263ebfedea0SLionel Sambuc t0 = io[0];
1264ebfedea0SLionel Sambuc t1 = io[1];
1265ebfedea0SLionel Sambuc io[0] = io[2];
1266ebfedea0SLionel Sambuc io[1] = io[3];
1267ebfedea0SLionel Sambuc io[2] = t0;
1268ebfedea0SLionel Sambuc io[3] = t1;
1269ebfedea0SLionel Sambuc
1270ebfedea0SLionel Sambuc return;
1271ebfedea0SLionel Sambuc }
1272ebfedea0SLionel Sambuc
camellia_decrypt256(const u32 * subkey,u32 * io)1273ebfedea0SLionel Sambuc static void camellia_decrypt256(const u32 *subkey, u32 *io)
1274ebfedea0SLionel Sambuc {
1275ebfedea0SLionel Sambuc u32 il,ir,t0,t1; /* temporary valiables */
1276ebfedea0SLionel Sambuc
1277ebfedea0SLionel Sambuc /* pre whitening but absorb kw2*/
1278ebfedea0SLionel Sambuc io[0] ^= CamelliaSubkeyL(32);
1279ebfedea0SLionel Sambuc io[1] ^= CamelliaSubkeyR(32);
1280ebfedea0SLionel Sambuc
1281ebfedea0SLionel Sambuc /* main iteration */
1282ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1283ebfedea0SLionel Sambuc CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1284ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1285ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1286ebfedea0SLionel Sambuc CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1287ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1288ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1289ebfedea0SLionel Sambuc CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1290ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1291ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1292ebfedea0SLionel Sambuc CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1293ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1294ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1295ebfedea0SLionel Sambuc CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1296ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1297ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1298ebfedea0SLionel Sambuc CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1299ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1300ebfedea0SLionel Sambuc
1301ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1302ebfedea0SLionel Sambuc CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1303ebfedea0SLionel Sambuc CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1304ebfedea0SLionel Sambuc t0,t1,il,ir);
1305ebfedea0SLionel Sambuc
1306ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1307ebfedea0SLionel Sambuc CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1308ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1309ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1310ebfedea0SLionel Sambuc CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1311ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1312ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1313ebfedea0SLionel Sambuc CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1314ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1315ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1316ebfedea0SLionel Sambuc CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1317ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1318ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1319ebfedea0SLionel Sambuc CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1320ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1321ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1322ebfedea0SLionel Sambuc CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1323ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1324ebfedea0SLionel Sambuc
1325ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1326ebfedea0SLionel Sambuc CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1327ebfedea0SLionel Sambuc CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1328ebfedea0SLionel Sambuc t0,t1,il,ir);
1329ebfedea0SLionel Sambuc
1330ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1331ebfedea0SLionel Sambuc CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1332ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1333ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1334ebfedea0SLionel Sambuc CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1335ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1336ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1337ebfedea0SLionel Sambuc CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1338ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1339ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1340ebfedea0SLionel Sambuc CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1341ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1342ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1343ebfedea0SLionel Sambuc CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1344ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1345ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1346ebfedea0SLionel Sambuc CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1347ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1348ebfedea0SLionel Sambuc
1349ebfedea0SLionel Sambuc CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1350ebfedea0SLionel Sambuc CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1351ebfedea0SLionel Sambuc CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1352ebfedea0SLionel Sambuc t0,t1,il,ir);
1353ebfedea0SLionel Sambuc
1354ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1355ebfedea0SLionel Sambuc CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1356ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1357ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1358ebfedea0SLionel Sambuc CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1359ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1360ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1361ebfedea0SLionel Sambuc CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1362ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1363ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1364ebfedea0SLionel Sambuc CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1365ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1366ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[0],io[1],
1367ebfedea0SLionel Sambuc CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1368ebfedea0SLionel Sambuc io[2],io[3],il,ir,t0,t1);
1369ebfedea0SLionel Sambuc CAMELLIA_ROUNDSM(io[2],io[3],
1370ebfedea0SLionel Sambuc CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1371ebfedea0SLionel Sambuc io[0],io[1],il,ir,t0,t1);
1372ebfedea0SLionel Sambuc
1373ebfedea0SLionel Sambuc /* post whitening but kw4 */
1374ebfedea0SLionel Sambuc io[2] ^= CamelliaSubkeyL(0);
1375ebfedea0SLionel Sambuc io[3] ^= CamelliaSubkeyR(0);
1376ebfedea0SLionel Sambuc
1377ebfedea0SLionel Sambuc t0 = io[0];
1378ebfedea0SLionel Sambuc t1 = io[1];
1379ebfedea0SLionel Sambuc io[0] = io[2];
1380ebfedea0SLionel Sambuc io[1] = io[3];
1381ebfedea0SLionel Sambuc io[2] = t0;
1382ebfedea0SLionel Sambuc io[3] = t1;
1383ebfedea0SLionel Sambuc
1384ebfedea0SLionel Sambuc return;
1385ebfedea0SLionel Sambuc }
1386ebfedea0SLionel Sambuc
1387ebfedea0SLionel Sambuc /***
1388ebfedea0SLionel Sambuc *
1389ebfedea0SLionel Sambuc * API for compatibility
1390ebfedea0SLionel Sambuc */
1391ebfedea0SLionel Sambuc
Camellia_Ekeygen(const int keyBitLength,const unsigned char * rawKey,KEY_TABLE_TYPE keyTable)1392ebfedea0SLionel Sambuc void Camellia_Ekeygen(const int keyBitLength,
1393ebfedea0SLionel Sambuc const unsigned char *rawKey,
1394ebfedea0SLionel Sambuc KEY_TABLE_TYPE keyTable)
1395ebfedea0SLionel Sambuc {
1396ebfedea0SLionel Sambuc switch(keyBitLength) {
1397ebfedea0SLionel Sambuc case 128:
1398ebfedea0SLionel Sambuc camellia_setup128(rawKey, keyTable);
1399ebfedea0SLionel Sambuc break;
1400ebfedea0SLionel Sambuc case 192:
1401ebfedea0SLionel Sambuc camellia_setup192(rawKey, keyTable);
1402ebfedea0SLionel Sambuc break;
1403ebfedea0SLionel Sambuc case 256:
1404ebfedea0SLionel Sambuc camellia_setup256(rawKey, keyTable);
1405ebfedea0SLionel Sambuc break;
1406ebfedea0SLionel Sambuc default:
1407ebfedea0SLionel Sambuc break;
1408ebfedea0SLionel Sambuc }
1409ebfedea0SLionel Sambuc }
1410ebfedea0SLionel Sambuc
1411ebfedea0SLionel Sambuc
Camellia_EncryptBlock(const int keyBitLength,const unsigned char * plaintext,const KEY_TABLE_TYPE keyTable,unsigned char * ciphertext)1412ebfedea0SLionel Sambuc void Camellia_EncryptBlock(const int keyBitLength,
1413ebfedea0SLionel Sambuc const unsigned char *plaintext,
1414ebfedea0SLionel Sambuc const KEY_TABLE_TYPE keyTable,
1415ebfedea0SLionel Sambuc unsigned char *ciphertext)
1416ebfedea0SLionel Sambuc {
1417ebfedea0SLionel Sambuc u32 tmp[4];
1418ebfedea0SLionel Sambuc
1419ebfedea0SLionel Sambuc tmp[0] = GETU32(plaintext);
1420ebfedea0SLionel Sambuc tmp[1] = GETU32(plaintext + 4);
1421ebfedea0SLionel Sambuc tmp[2] = GETU32(plaintext + 8);
1422ebfedea0SLionel Sambuc tmp[3] = GETU32(plaintext + 12);
1423ebfedea0SLionel Sambuc
1424ebfedea0SLionel Sambuc switch (keyBitLength) {
1425ebfedea0SLionel Sambuc case 128:
1426ebfedea0SLionel Sambuc camellia_encrypt128(keyTable, tmp);
1427ebfedea0SLionel Sambuc break;
1428ebfedea0SLionel Sambuc case 192:
1429ebfedea0SLionel Sambuc /* fall through */
1430ebfedea0SLionel Sambuc case 256:
1431ebfedea0SLionel Sambuc camellia_encrypt256(keyTable, tmp);
1432ebfedea0SLionel Sambuc break;
1433ebfedea0SLionel Sambuc default:
1434ebfedea0SLionel Sambuc break;
1435ebfedea0SLionel Sambuc }
1436ebfedea0SLionel Sambuc
1437ebfedea0SLionel Sambuc PUTU32(ciphertext, tmp[0]);
1438ebfedea0SLionel Sambuc PUTU32(ciphertext + 4, tmp[1]);
1439ebfedea0SLionel Sambuc PUTU32(ciphertext + 8, tmp[2]);
1440ebfedea0SLionel Sambuc PUTU32(ciphertext + 12, tmp[3]);
1441ebfedea0SLionel Sambuc }
1442ebfedea0SLionel Sambuc
Camellia_DecryptBlock(const int keyBitLength,const unsigned char * ciphertext,const KEY_TABLE_TYPE keyTable,unsigned char * plaintext)1443ebfedea0SLionel Sambuc void Camellia_DecryptBlock(const int keyBitLength,
1444ebfedea0SLionel Sambuc const unsigned char *ciphertext,
1445ebfedea0SLionel Sambuc const KEY_TABLE_TYPE keyTable,
1446ebfedea0SLionel Sambuc unsigned char *plaintext)
1447ebfedea0SLionel Sambuc {
1448ebfedea0SLionel Sambuc u32 tmp[4];
1449ebfedea0SLionel Sambuc
1450ebfedea0SLionel Sambuc tmp[0] = GETU32(ciphertext);
1451ebfedea0SLionel Sambuc tmp[1] = GETU32(ciphertext + 4);
1452ebfedea0SLionel Sambuc tmp[2] = GETU32(ciphertext + 8);
1453ebfedea0SLionel Sambuc tmp[3] = GETU32(ciphertext + 12);
1454ebfedea0SLionel Sambuc
1455ebfedea0SLionel Sambuc switch (keyBitLength) {
1456ebfedea0SLionel Sambuc case 128:
1457ebfedea0SLionel Sambuc camellia_decrypt128(keyTable, tmp);
1458ebfedea0SLionel Sambuc break;
1459ebfedea0SLionel Sambuc case 192:
1460ebfedea0SLionel Sambuc /* fall through */
1461ebfedea0SLionel Sambuc case 256:
1462ebfedea0SLionel Sambuc camellia_decrypt256(keyTable, tmp);
1463ebfedea0SLionel Sambuc break;
1464ebfedea0SLionel Sambuc default:
1465ebfedea0SLionel Sambuc break;
1466ebfedea0SLionel Sambuc }
1467ebfedea0SLionel Sambuc PUTU32(plaintext, tmp[0]);
1468ebfedea0SLionel Sambuc PUTU32(plaintext + 4, tmp[1]);
1469ebfedea0SLionel Sambuc PUTU32(plaintext + 8, tmp[2]);
1470ebfedea0SLionel Sambuc PUTU32(plaintext + 12, tmp[3]);
1471ebfedea0SLionel Sambuc }
1472