1 /* $NetBSD: camellia.c,v 1.1 2011/05/05 17:38:36 drochner Exp $ */ 2 3 /* camellia.h ver 1.1.0 4 * 5 * Copyright (c) 2006 6 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer as 13 * the first lines of this file unmodified. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* 31 * Algorithm Specification 32 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 33 */ 34 35 #include <sys/cdefs.h> 36 #include <sys/types.h> 37 #include <sys/systm.h> 38 #include <crypto/camellia/camellia.h> 39 40 41 /* key constants */ 42 43 #define CAMELLIA_SIGMA1L (0xA09E667FL) 44 #define CAMELLIA_SIGMA1R (0x3BCC908BL) 45 #define CAMELLIA_SIGMA2L (0xB67AE858L) 46 #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 47 #define CAMELLIA_SIGMA3L (0xC6EF372FL) 48 #define CAMELLIA_SIGMA3R (0xE94F82BEL) 49 #define CAMELLIA_SIGMA4L (0x54FF53A5L) 50 #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 51 #define CAMELLIA_SIGMA5L (0x10E527FAL) 52 #define CAMELLIA_SIGMA5R (0xDE682D1DL) 53 #define CAMELLIA_SIGMA6L (0xB05688C2L) 54 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 55 56 /* 57 * macros 58 */ 59 #define GETU32(pt) (((uint32_t)(pt)[0] << 24) \ 60 ^ ((uint32_t)(pt)[1] << 16) \ 61 ^ ((uint32_t)(pt)[2] << 8) \ 62 ^ ((uint32_t)(pt)[3])) 63 64 #define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24); \ 65 (ct)[1] = (uint8_t)((st) >> 16); \ 66 (ct)[2] = (uint8_t)((st) >> 8); \ 67 (ct)[3] = (uint8_t)(st);} 68 69 #define SUBL(INDEX) (subkey[(INDEX)*2+1]) 70 #define SUBR(INDEX) (subkey[(INDEX)*2]) 71 72 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 73 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 74 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 75 76 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 77 do { \ 78 w0 = ll; \ 79 ll = (ll << bits) + (lr >> (32 - bits)); \ 80 lr = (lr << bits) + (rl >> (32 - bits)); \ 81 rl = (rl << bits) + (rr >> (32 - bits)); \ 82 rr = (rr << bits) + (w0 >> (32 - bits)); \ 83 } while(0) 84 85 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 86 do { \ 87 w0 = ll; \ 88 w1 = lr; \ 89 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 90 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 91 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 92 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 93 } while(0) 94 95 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 96 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 97 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 98 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 99 100 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 101 do { \ 102 il = xl ^ kl; \ 103 ir = xr ^ kr; \ 104 t0 = il >> 16; \ 105 t1 = ir >> 16; \ 106 yl = CAMELLIA_SP1110(ir & 0xff) \ 107 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 108 ^ CAMELLIA_SP3033(t1 & 0xff) \ 109 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 110 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 111 ^ CAMELLIA_SP0222(t0 & 0xff) \ 112 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 113 ^ CAMELLIA_SP4404(il & 0xff); \ 114 yl ^= yr; \ 115 yr = CAMELLIA_RR8(yr); \ 116 yr ^= yl; \ 117 } while(0) 118 119 120 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 121 do { \ 122 t0 = kll; \ 123 t2 = krr; \ 124 t0 &= ll; \ 125 t2 |= rr; \ 126 rl ^= t2; \ 127 lr ^= CAMELLIA_RL1(t0); \ 128 t3 = krl; \ 129 t1 = klr; \ 130 t3 &= rl; \ 131 t1 |= lr; \ 132 ll ^= t1; \ 133 rr ^= CAMELLIA_RL1(t3); \ 134 } while(0) 135 136 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 137 do { \ 138 ir = CAMELLIA_SP1110(xr & 0xff); \ 139 il = CAMELLIA_SP1110((xl>>24) & 0xff); \ 140 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ 141 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ 142 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ 143 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ 144 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ 145 il ^= CAMELLIA_SP4404(xl & 0xff); \ 146 il ^= kl; \ 147 ir ^= kr; \ 148 ir ^= il; \ 149 il = CAMELLIA_RR8(il); \ 150 il ^= ir; \ 151 yl ^= ir; \ 152 yr ^= il; \ 153 } while(0) 154 155 156 static const uint32_t camellia_sp1110[256] = { 157 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 158 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 159 0xe4e4e400,0x85858500,0x57575700,0x35353500, 160 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 161 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 162 0x45454500,0x19191900,0xa5a5a500,0x21212100, 163 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 164 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 165 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 166 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 167 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 168 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 169 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 170 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 171 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 172 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 173 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 174 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 175 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 176 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 177 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 178 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 179 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 180 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 181 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 182 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 183 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 184 0x53535300,0x18181800,0xf2f2f200,0x22222200, 185 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 186 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 187 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 188 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 189 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 190 0xa1a1a100,0x89898900,0x62626200,0x97979700, 191 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 192 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 193 0x10101000,0xc4c4c400,0x00000000,0x48484800, 194 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 195 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 196 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 197 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 198 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 199 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 200 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 201 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 202 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 203 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 204 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 205 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 206 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 207 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 208 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 209 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 210 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 211 0xd4d4d400,0x25252500,0xababab00,0x42424200, 212 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 213 0x72727200,0x07070700,0xb9b9b900,0x55555500, 214 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 215 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 216 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 217 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 218 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 219 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 220 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 221 }; 222 223 static const uint32_t camellia_sp0222[256] = { 224 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 225 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 226 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 227 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 228 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 229 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 230 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 231 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 232 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 233 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 234 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 235 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 236 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 237 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 238 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 239 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 240 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 241 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 242 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 243 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 244 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 245 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 246 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 247 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 248 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 249 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 250 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 251 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 252 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 253 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 254 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 255 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 256 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 257 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 258 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 259 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 260 0x00202020,0x00898989,0x00000000,0x00909090, 261 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 262 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 263 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 264 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 265 0x009b9b9b,0x00949494,0x00212121,0x00666666, 266 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 267 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 268 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 269 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 270 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 271 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 272 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 273 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 274 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 275 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 276 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 277 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 278 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 279 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 280 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 281 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 282 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 283 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 284 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 285 0x00777777,0x00939393,0x00868686,0x00838383, 286 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 287 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 288 }; 289 290 static const uint32_t camellia_sp3033[256] = { 291 0x38003838,0x41004141,0x16001616,0x76007676, 292 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 293 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 294 0x75007575,0x06000606,0x57005757,0xa000a0a0, 295 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 296 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 297 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 298 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 299 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 300 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 301 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 302 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 303 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 304 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 305 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 306 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 307 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 308 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 309 0x3a003a3a,0x09000909,0x95009595,0x10001010, 310 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 311 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 312 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 313 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 314 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 315 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 316 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 317 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 318 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 319 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 320 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 321 0x12001212,0x04000404,0x74007474,0x54005454, 322 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 323 0x55005555,0x68006868,0x50005050,0xbe00bebe, 324 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 325 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 326 0x70007070,0xff00ffff,0x32003232,0x69006969, 327 0x08000808,0x62006262,0x00000000,0x24002424, 328 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 329 0x45004545,0x81008181,0x73007373,0x6d006d6d, 330 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 331 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 332 0xe600e6e6,0x25002525,0x48004848,0x99009999, 333 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 334 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 335 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 336 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 337 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 338 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 339 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 340 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 341 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 342 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 343 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 344 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 345 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 346 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 347 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 348 0x7c007c7c,0x77007777,0x56005656,0x05000505, 349 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 350 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 351 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 352 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 353 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 354 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 355 }; 356 357 static const uint32_t camellia_sp4404[256] = { 358 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 359 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 360 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 361 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 362 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 363 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 364 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 365 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 366 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 367 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 368 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 369 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 370 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 371 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 372 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 373 0x24240024,0xe8e800e8,0x60600060,0x69690069, 374 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 375 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 376 0x10100010,0x00000000,0xa3a300a3,0x75750075, 377 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 378 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 379 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 380 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 381 0x81810081,0x6f6f006f,0x13130013,0x63630063, 382 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 383 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 384 0x78780078,0x06060006,0xe7e700e7,0x71710071, 385 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 386 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 387 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 388 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 389 0x15150015,0xadad00ad,0x77770077,0x80800080, 390 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 391 0x85850085,0x35350035,0x0c0c000c,0x41410041, 392 0xefef00ef,0x93930093,0x19190019,0x21210021, 393 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 394 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 395 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 396 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 397 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 398 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 399 0x12120012,0x20200020,0xb1b100b1,0x99990099, 400 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 401 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 402 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 403 0x0f0f000f,0x16160016,0x18180018,0x22220022, 404 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 405 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 406 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 407 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 408 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 409 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 410 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 411 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 412 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 413 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 414 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 415 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 416 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 417 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 418 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 419 0x49490049,0x68680068,0x38380038,0xa4a400a4, 420 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 421 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 422 }; 423 424 425 /* 426 * Stuff related to the Camellia key schedule 427 */ 428 #define subl(x) subL[(x)] 429 #define subr(x) subR[(x)] 430 431 void 432 camellia_setup128(const unsigned char *key, uint32_t *subkey) 433 { 434 uint32_t kll, klr, krl, krr; 435 uint32_t il, ir, t0, t1, w0, w1; 436 uint32_t kw4l, kw4r, dw, tl, tr; 437 uint32_t subL[26]; 438 uint32_t subR[26]; 439 440 /* 441 * k == kll || klr || krl || krr (|| is concatination) 442 */ 443 kll = GETU32(key ); 444 klr = GETU32(key + 4); 445 krl = GETU32(key + 8); 446 krr = GETU32(key + 12); 447 /* 448 * generate KL dependent subkeys 449 */ 450 subl(0) = kll; subr(0) = klr; 451 subl(1) = krl; subr(1) = krr; 452 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 453 subl(4) = kll; subr(4) = klr; 454 subl(5) = krl; subr(5) = krr; 455 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 456 subl(10) = kll; subr(10) = klr; 457 subl(11) = krl; subr(11) = krr; 458 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 459 subl(13) = krl; subr(13) = krr; 460 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 461 subl(16) = kll; subr(16) = klr; 462 subl(17) = krl; subr(17) = krr; 463 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 464 subl(18) = kll; subr(18) = klr; 465 subl(19) = krl; subr(19) = krr; 466 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 467 subl(22) = kll; subr(22) = klr; 468 subl(23) = krl; subr(23) = krr; 469 470 /* generate KA */ 471 kll = subl(0); klr = subr(0); 472 krl = subl(1); krr = subr(1); 473 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 474 w0, w1, il, ir, t0, t1); 475 krl ^= w0; krr ^= w1; 476 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 477 kll, klr, il, ir, t0, t1); 478 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 479 krl, krr, il, ir, t0, t1); 480 krl ^= w0; krr ^= w1; 481 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 482 w0, w1, il, ir, t0, t1); 483 kll ^= w0; klr ^= w1; 484 485 /* generate KA dependent subkeys */ 486 subl(2) = kll; subr(2) = klr; 487 subl(3) = krl; subr(3) = krr; 488 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 489 subl(6) = kll; subr(6) = klr; 490 subl(7) = krl; subr(7) = krr; 491 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 492 subl(8) = kll; subr(8) = klr; 493 subl(9) = krl; subr(9) = krr; 494 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 495 subl(12) = kll; subr(12) = klr; 496 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 497 subl(14) = kll; subr(14) = klr; 498 subl(15) = krl; subr(15) = krr; 499 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 500 subl(20) = kll; subr(20) = klr; 501 subl(21) = krl; subr(21) = krr; 502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 503 subl(24) = kll; subr(24) = klr; 504 subl(25) = krl; subr(25) = krr; 505 506 507 /* absorb kw2 to other subkeys */ 508 subl(3) ^= subl(1); subr(3) ^= subr(1); 509 subl(5) ^= subl(1); subr(5) ^= subr(1); 510 subl(7) ^= subl(1); subr(7) ^= subr(1); 511 subl(1) ^= subr(1) & ~subr(9); 512 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 513 subl(11) ^= subl(1); subr(11) ^= subr(1); 514 subl(13) ^= subl(1); subr(13) ^= subr(1); 515 subl(15) ^= subl(1); subr(15) ^= subr(1); 516 subl(1) ^= subr(1) & ~subr(17); 517 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 518 subl(19) ^= subl(1); subr(19) ^= subr(1); 519 subl(21) ^= subl(1); subr(21) ^= subr(1); 520 subl(23) ^= subl(1); subr(23) ^= subr(1); 521 subl(24) ^= subl(1); subr(24) ^= subr(1); 522 523 /* absorb kw4 to other subkeys */ 524 kw4l = subl(25); kw4r = subr(25); 525 subl(22) ^= kw4l; subr(22) ^= kw4r; 526 subl(20) ^= kw4l; subr(20) ^= kw4r; 527 subl(18) ^= kw4l; subr(18) ^= kw4r; 528 kw4l ^= kw4r & ~subr(16); 529 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 530 subl(14) ^= kw4l; subr(14) ^= kw4r; 531 subl(12) ^= kw4l; subr(12) ^= kw4r; 532 subl(10) ^= kw4l; subr(10) ^= kw4r; 533 kw4l ^= kw4r & ~subr(8); 534 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 535 subl(6) ^= kw4l; subr(6) ^= kw4r; 536 subl(4) ^= kw4l; subr(4) ^= kw4r; 537 subl(2) ^= kw4l; subr(2) ^= kw4r; 538 subl(0) ^= kw4l; subr(0) ^= kw4r; 539 540 /* key XOR is end of F-function */ 541 SUBL(0) = subl(0) ^ subl(2); 542 SUBR(0) = subr(0) ^ subr(2); 543 SUBL(2) = subl(3); 544 SUBR(2) = subr(3); 545 SUBL(3) = subl(2) ^ subl(4); 546 SUBR(3) = subr(2) ^ subr(4); 547 SUBL(4) = subl(3) ^ subl(5); 548 SUBR(4) = subr(3) ^ subr(5); 549 SUBL(5) = subl(4) ^ subl(6); 550 SUBR(5) = subr(4) ^ subr(6); 551 SUBL(6) = subl(5) ^ subl(7); 552 SUBR(6) = subr(5) ^ subr(7); 553 tl = subl(10) ^ (subr(10) & ~subr(8)); 554 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 555 SUBL(7) = subl(6) ^ tl; 556 SUBR(7) = subr(6) ^ tr; 557 SUBL(8) = subl(8); 558 SUBR(8) = subr(8); 559 SUBL(9) = subl(9); 560 SUBR(9) = subr(9); 561 tl = subl(7) ^ (subr(7) & ~subr(9)); 562 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 563 SUBL(10) = tl ^ subl(11); 564 SUBR(10) = tr ^ subr(11); 565 SUBL(11) = subl(10) ^ subl(12); 566 SUBR(11) = subr(10) ^ subr(12); 567 SUBL(12) = subl(11) ^ subl(13); 568 SUBR(12) = subr(11) ^ subr(13); 569 SUBL(13) = subl(12) ^ subl(14); 570 SUBR(13) = subr(12) ^ subr(14); 571 SUBL(14) = subl(13) ^ subl(15); 572 SUBR(14) = subr(13) ^ subr(15); 573 tl = subl(18) ^ (subr(18) & ~subr(16)); 574 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 575 SUBL(15) = subl(14) ^ tl; 576 SUBR(15) = subr(14) ^ tr; 577 SUBL(16) = subl(16); 578 SUBR(16) = subr(16); 579 SUBL(17) = subl(17); 580 SUBR(17) = subr(17); 581 tl = subl(15) ^ (subr(15) & ~subr(17)); 582 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 583 SUBL(18) = tl ^ subl(19); 584 SUBR(18) = tr ^ subr(19); 585 SUBL(19) = subl(18) ^ subl(20); 586 SUBR(19) = subr(18) ^ subr(20); 587 SUBL(20) = subl(19) ^ subl(21); 588 SUBR(20) = subr(19) ^ subr(21); 589 SUBL(21) = subl(20) ^ subl(22); 590 SUBR(21) = subr(20) ^ subr(22); 591 SUBL(22) = subl(21) ^ subl(23); 592 SUBR(22) = subr(21) ^ subr(23); 593 SUBL(23) = subl(22); 594 SUBR(23) = subr(22); 595 SUBL(24) = subl(24) ^ subl(23); 596 SUBR(24) = subr(24) ^ subr(23); 597 598 /* apply the inverse of the last half of P-function */ 599 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 600 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 601 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 602 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 603 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 604 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 605 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 606 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 607 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 608 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 609 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 610 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 611 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 612 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 613 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 614 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 615 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 616 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 617 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 618 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 619 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 620 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 621 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 622 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 623 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 624 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 625 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 626 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 627 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 628 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 629 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 630 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 631 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 632 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 633 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 634 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 635 } 636 637 void 638 camellia_setup256(const unsigned char *key, uint32_t *subkey) 639 { 640 uint32_t kll,klr,krl,krr; /* left half of key */ 641 uint32_t krll,krlr,krrl,krrr; /* right half of key */ 642 uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */ 643 uint32_t kw4l, kw4r, dw, tl, tr; 644 uint32_t subL[34]; 645 uint32_t subR[34]; 646 647 /* 648 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 649 * (|| is concatination) 650 */ 651 652 kll = GETU32(key ); 653 klr = GETU32(key + 4); 654 krl = GETU32(key + 8); 655 krr = GETU32(key + 12); 656 krll = GETU32(key + 16); 657 krlr = GETU32(key + 20); 658 krrl = GETU32(key + 24); 659 krrr = GETU32(key + 28); 660 661 /* generate KL dependent subkeys */ 662 subl(0) = kll; subr(0) = klr; 663 subl(1) = krl; subr(1) = krr; 664 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 665 subl(12) = kll; subr(12) = klr; 666 subl(13) = krl; subr(13) = krr; 667 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 668 subl(16) = kll; subr(16) = klr; 669 subl(17) = krl; subr(17) = krr; 670 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 671 subl(22) = kll; subr(22) = klr; 672 subl(23) = krl; subr(23) = krr; 673 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 674 subl(30) = kll; subr(30) = klr; 675 subl(31) = krl; subr(31) = krr; 676 677 /* generate KR dependent subkeys */ 678 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 679 subl(4) = krll; subr(4) = krlr; 680 subl(5) = krrl; subr(5) = krrr; 681 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 682 subl(8) = krll; subr(8) = krlr; 683 subl(9) = krrl; subr(9) = krrr; 684 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 685 subl(18) = krll; subr(18) = krlr; 686 subl(19) = krrl; subr(19) = krrr; 687 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 688 subl(26) = krll; subr(26) = krlr; 689 subl(27) = krrl; subr(27) = krrr; 690 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 691 692 /* generate KA */ 693 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 694 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 695 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 696 w0, w1, il, ir, t0, t1); 697 krl ^= w0; krr ^= w1; 698 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 699 kll, klr, il, ir, t0, t1); 700 kll ^= krll; klr ^= krlr; 701 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 702 krl, krr, il, ir, t0, t1); 703 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 704 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 705 w0, w1, il, ir, t0, t1); 706 kll ^= w0; klr ^= w1; 707 708 /* generate KB */ 709 krll ^= kll; krlr ^= klr; 710 krrl ^= krl; krrr ^= krr; 711 CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 712 w0, w1, il, ir, t0, t1); 713 krrl ^= w0; krrr ^= w1; 714 CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 715 w0, w1, il, ir, t0, t1); 716 krll ^= w0; krlr ^= w1; 717 718 /* generate KA dependent subkeys */ 719 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 720 subl(6) = kll; subr(6) = klr; 721 subl(7) = krl; subr(7) = krr; 722 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 723 subl(14) = kll; subr(14) = klr; 724 subl(15) = krl; subr(15) = krr; 725 subl(24) = klr; subr(24) = krl; 726 subl(25) = krr; subr(25) = kll; 727 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 728 subl(28) = kll; subr(28) = klr; 729 subl(29) = krl; subr(29) = krr; 730 731 /* generate KB dependent subkeys */ 732 subl(2) = krll; subr(2) = krlr; 733 subl(3) = krrl; subr(3) = krrr; 734 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 735 subl(10) = krll; subr(10) = krlr; 736 subl(11) = krrl; subr(11) = krrr; 737 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 738 subl(20) = krll; subr(20) = krlr; 739 subl(21) = krrl; subr(21) = krrr; 740 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 741 subl(32) = krll; subr(32) = krlr; 742 subl(33) = krrl; subr(33) = krrr; 743 744 /* absorb kw2 to other subkeys */ 745 subl(3) ^= subl(1); subr(3) ^= subr(1); 746 subl(5) ^= subl(1); subr(5) ^= subr(1); 747 subl(7) ^= subl(1); subr(7) ^= subr(1); 748 subl(1) ^= subr(1) & ~subr(9); 749 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 750 subl(11) ^= subl(1); subr(11) ^= subr(1); 751 subl(13) ^= subl(1); subr(13) ^= subr(1); 752 subl(15) ^= subl(1); subr(15) ^= subr(1); 753 subl(1) ^= subr(1) & ~subr(17); 754 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 755 subl(19) ^= subl(1); subr(19) ^= subr(1); 756 subl(21) ^= subl(1); subr(21) ^= subr(1); 757 subl(23) ^= subl(1); subr(23) ^= subr(1); 758 subl(1) ^= subr(1) & ~subr(25); 759 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 760 subl(27) ^= subl(1); subr(27) ^= subr(1); 761 subl(29) ^= subl(1); subr(29) ^= subr(1); 762 subl(31) ^= subl(1); subr(31) ^= subr(1); 763 subl(32) ^= subl(1); subr(32) ^= subr(1); 764 765 766 /* absorb kw4 to other subkeys */ 767 kw4l = subl(33); kw4r = subr(33); 768 subl(30) ^= kw4l; subr(30) ^= kw4r; 769 subl(28) ^= kw4l; subr(28) ^= kw4r; 770 subl(26) ^= kw4l; subr(26) ^= kw4r; 771 kw4l ^= kw4r & ~subr(24); 772 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 773 subl(22) ^= kw4l; subr(22) ^= kw4r; 774 subl(20) ^= kw4l; subr(20) ^= kw4r; 775 subl(18) ^= kw4l; subr(18) ^= kw4r; 776 kw4l ^= kw4r & ~subr(16); 777 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 778 subl(14) ^= kw4l; subr(14) ^= kw4r; 779 subl(12) ^= kw4l; subr(12) ^= kw4r; 780 subl(10) ^= kw4l; subr(10) ^= kw4r; 781 kw4l ^= kw4r & ~subr(8); 782 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 783 subl(6) ^= kw4l; subr(6) ^= kw4r; 784 subl(4) ^= kw4l; subr(4) ^= kw4r; 785 subl(2) ^= kw4l; subr(2) ^= kw4r; 786 subl(0) ^= kw4l; subr(0) ^= kw4r; 787 788 /* key XOR is end of F-function */ 789 SUBL(0) = subl(0) ^ subl(2); 790 SUBR(0) = subr(0) ^ subr(2); 791 SUBL(2) = subl(3); 792 SUBR(2) = subr(3); 793 SUBL(3) = subl(2) ^ subl(4); 794 SUBR(3) = subr(2) ^ subr(4); 795 SUBL(4) = subl(3) ^ subl(5); 796 SUBR(4) = subr(3) ^ subr(5); 797 SUBL(5) = subl(4) ^ subl(6); 798 SUBR(5) = subr(4) ^ subr(6); 799 SUBL(6) = subl(5) ^ subl(7); 800 SUBR(6) = subr(5) ^ subr(7); 801 tl = subl(10) ^ (subr(10) & ~subr(8)); 802 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 803 SUBL(7) = subl(6) ^ tl; 804 SUBR(7) = subr(6) ^ tr; 805 SUBL(8) = subl(8); 806 SUBR(8) = subr(8); 807 SUBL(9) = subl(9); 808 SUBR(9) = subr(9); 809 tl = subl(7) ^ (subr(7) & ~subr(9)); 810 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 811 SUBL(10) = tl ^ subl(11); 812 SUBR(10) = tr ^ subr(11); 813 SUBL(11) = subl(10) ^ subl(12); 814 SUBR(11) = subr(10) ^ subr(12); 815 SUBL(12) = subl(11) ^ subl(13); 816 SUBR(12) = subr(11) ^ subr(13); 817 SUBL(13) = subl(12) ^ subl(14); 818 SUBR(13) = subr(12) ^ subr(14); 819 SUBL(14) = subl(13) ^ subl(15); 820 SUBR(14) = subr(13) ^ subr(15); 821 tl = subl(18) ^ (subr(18) & ~subr(16)); 822 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 823 SUBL(15) = subl(14) ^ tl; 824 SUBR(15) = subr(14) ^ tr; 825 SUBL(16) = subl(16); 826 SUBR(16) = subr(16); 827 SUBL(17) = subl(17); 828 SUBR(17) = subr(17); 829 tl = subl(15) ^ (subr(15) & ~subr(17)); 830 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 831 SUBL(18) = tl ^ subl(19); 832 SUBR(18) = tr ^ subr(19); 833 SUBL(19) = subl(18) ^ subl(20); 834 SUBR(19) = subr(18) ^ subr(20); 835 SUBL(20) = subl(19) ^ subl(21); 836 SUBR(20) = subr(19) ^ subr(21); 837 SUBL(21) = subl(20) ^ subl(22); 838 SUBR(21) = subr(20) ^ subr(22); 839 SUBL(22) = subl(21) ^ subl(23); 840 SUBR(22) = subr(21) ^ subr(23); 841 tl = subl(26) ^ (subr(26) & ~subr(24)); 842 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 843 SUBL(23) = subl(22) ^ tl; 844 SUBR(23) = subr(22) ^ tr; 845 SUBL(24) = subl(24); 846 SUBR(24) = subr(24); 847 SUBL(25) = subl(25); 848 SUBR(25) = subr(25); 849 tl = subl(23) ^ (subr(23) & ~subr(25)); 850 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 851 SUBL(26) = tl ^ subl(27); 852 SUBR(26) = tr ^ subr(27); 853 SUBL(27) = subl(26) ^ subl(28); 854 SUBR(27) = subr(26) ^ subr(28); 855 SUBL(28) = subl(27) ^ subl(29); 856 SUBR(28) = subr(27) ^ subr(29); 857 SUBL(29) = subl(28) ^ subl(30); 858 SUBR(29) = subr(28) ^ subr(30); 859 SUBL(30) = subl(29) ^ subl(31); 860 SUBR(30) = subr(29) ^ subr(31); 861 SUBL(31) = subl(30); 862 SUBR(31) = subr(30); 863 SUBL(32) = subl(32) ^ subl(31); 864 SUBR(32) = subr(32) ^ subr(31); 865 866 /* apply the inverse of the last half of P-function */ 867 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 868 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 869 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 870 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 871 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 872 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 873 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 874 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 875 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 876 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 877 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 878 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 879 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 880 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 881 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 882 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 883 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 884 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 885 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 886 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 887 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 888 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 889 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 890 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 891 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 892 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 893 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 894 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 895 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 896 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 897 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 898 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 899 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 900 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 901 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 902 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 903 dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw); 904 SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw; 905 dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw); 906 SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw; 907 dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw); 908 SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw; 909 dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw); 910 SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw; 911 dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw); 912 SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw; 913 dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw); 914 SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw; 915 } 916 917 void 918 camellia_setup192(const unsigned char *key, uint32_t *subkey) 919 { 920 unsigned char kk[32]; 921 uint32_t krll, krlr, krrl,krrr; 922 923 memcpy(kk, key, 24); 924 memcpy((unsigned char *)&krll, key+16,4); 925 memcpy((unsigned char *)&krlr, key+20,4); 926 krrl = ~krll; 927 krrr = ~krlr; 928 memcpy(kk+24, (unsigned char *)&krrl, 4); 929 memcpy(kk+28, (unsigned char *)&krrr, 4); 930 camellia_setup256(kk, subkey); 931 } 932 933 934 /** 935 * Stuff related to camellia encryption/decryption 936 */ 937 void 938 camellia_encrypt128(const uint32_t *subkey, uint32_t *io) 939 { 940 uint32_t il, ir, t0, t1; 941 942 /* pre whitening but absorb kw2*/ 943 io[0] ^= SUBL(0); 944 io[1] ^= SUBR(0); 945 /* main iteration */ 946 947 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 948 io[2],io[3],il,ir,t0,t1); 949 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 950 io[0],io[1],il,ir,t0,t1); 951 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 952 io[2],io[3],il,ir,t0,t1); 953 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 954 io[0],io[1],il,ir,t0,t1); 955 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 956 io[2],io[3],il,ir,t0,t1); 957 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 958 io[0],io[1],il,ir,t0,t1); 959 960 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 961 t0,t1,il,ir); 962 963 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 964 io[2],io[3],il,ir,t0,t1); 965 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 966 io[0],io[1],il,ir,t0,t1); 967 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 968 io[2],io[3],il,ir,t0,t1); 969 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 970 io[0],io[1],il,ir,t0,t1); 971 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 972 io[2],io[3],il,ir,t0,t1); 973 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 974 io[0],io[1],il,ir,t0,t1); 975 976 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17), 977 t0,t1,il,ir); 978 979 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 980 io[2],io[3],il,ir,t0,t1); 981 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 982 io[0],io[1],il,ir,t0,t1); 983 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 984 io[2],io[3],il,ir,t0,t1); 985 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 986 io[0],io[1],il,ir,t0,t1); 987 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 988 io[2],io[3],il,ir,t0,t1); 989 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 990 io[0],io[1],il,ir,t0,t1); 991 992 /* post whitening but kw4 */ 993 io[2] ^= SUBL(24); 994 io[3] ^= SUBR(24); 995 996 t0 = io[0]; 997 t1 = io[1]; 998 io[0] = io[2]; 999 io[1] = io[3]; 1000 io[2] = t0; 1001 io[3] = t1; 1002 } 1003 1004 void 1005 camellia_decrypt128(const uint32_t *subkey, uint32_t *io) 1006 { 1007 uint32_t il,ir,t0,t1; /* temporary valiables */ 1008 1009 /* pre whitening but absorb kw2*/ 1010 io[0] ^= SUBL(24); 1011 io[1] ^= SUBR(24); 1012 1013 /* main iteration */ 1014 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1015 io[2],io[3],il,ir,t0,t1); 1016 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1017 io[0],io[1],il,ir,t0,t1); 1018 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1019 io[2],io[3],il,ir,t0,t1); 1020 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1021 io[0],io[1],il,ir,t0,t1); 1022 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1023 io[2],io[3],il,ir,t0,t1); 1024 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1025 io[0],io[1],il,ir,t0,t1); 1026 1027 CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16), 1028 t0,t1,il,ir); 1029 1030 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1031 io[2],io[3],il,ir,t0,t1); 1032 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1033 io[0],io[1],il,ir,t0,t1); 1034 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1035 io[2],io[3],il,ir,t0,t1); 1036 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1037 io[0],io[1],il,ir,t0,t1); 1038 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1039 io[2],io[3],il,ir,t0,t1); 1040 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1041 io[0],io[1],il,ir,t0,t1); 1042 1043 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1044 t0,t1,il,ir); 1045 1046 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1047 io[2],io[3],il,ir,t0,t1); 1048 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1049 io[0],io[1],il,ir,t0,t1); 1050 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1051 io[2],io[3],il,ir,t0,t1); 1052 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1053 io[0],io[1],il,ir,t0,t1); 1054 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1055 io[2],io[3],il,ir,t0,t1); 1056 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1057 io[0],io[1],il,ir,t0,t1); 1058 1059 /* post whitening but kw4 */ 1060 io[2] ^= SUBL(0); 1061 io[3] ^= SUBR(0); 1062 1063 t0 = io[0]; 1064 t1 = io[1]; 1065 io[0] = io[2]; 1066 io[1] = io[3]; 1067 io[2] = t0; 1068 io[3] = t1; 1069 } 1070 1071 /** 1072 * stuff for 192 and 256bit encryption/decryption 1073 */ 1074 void 1075 camellia_encrypt256(const uint32_t *subkey, uint32_t *io) 1076 { 1077 uint32_t il,ir,t0,t1; /* temporary valiables */ 1078 1079 /* pre whitening but absorb kw2*/ 1080 io[0] ^= SUBL(0); 1081 io[1] ^= SUBR(0); 1082 1083 /* main iteration */ 1084 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 1085 io[2],io[3],il,ir,t0,t1); 1086 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 1087 io[0],io[1],il,ir,t0,t1); 1088 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 1089 io[2],io[3],il,ir,t0,t1); 1090 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 1091 io[0],io[1],il,ir,t0,t1); 1092 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 1093 io[2],io[3],il,ir,t0,t1); 1094 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 1095 io[0],io[1],il,ir,t0,t1); 1096 1097 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 1098 t0,t1,il,ir); 1099 1100 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 1101 io[2],io[3],il,ir,t0,t1); 1102 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 1103 io[0],io[1],il,ir,t0,t1); 1104 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 1105 io[2],io[3],il,ir,t0,t1); 1106 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 1107 io[0],io[1],il,ir,t0,t1); 1108 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 1109 io[2],io[3],il,ir,t0,t1); 1110 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 1111 io[0],io[1],il,ir,t0,t1); 1112 1113 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17), 1114 t0,t1,il,ir); 1115 1116 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 1117 io[2],io[3],il,ir,t0,t1); 1118 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 1119 io[0],io[1],il,ir,t0,t1); 1120 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 1121 io[2],io[3],il,ir,t0,t1); 1122 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 1123 io[0],io[1],il,ir,t0,t1); 1124 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 1125 io[2],io[3],il,ir,t0,t1); 1126 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 1127 io[0],io[1],il,ir,t0,t1); 1128 1129 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25), 1130 t0,t1,il,ir); 1131 1132 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26), 1133 io[2],io[3],il,ir,t0,t1); 1134 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27), 1135 io[0],io[1],il,ir,t0,t1); 1136 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28), 1137 io[2],io[3],il,ir,t0,t1); 1138 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29), 1139 io[0],io[1],il,ir,t0,t1); 1140 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30), 1141 io[2],io[3],il,ir,t0,t1); 1142 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31), 1143 io[0],io[1],il,ir,t0,t1); 1144 1145 /* post whitening but kw4 */ 1146 io[2] ^= SUBL(32); 1147 io[3] ^= SUBR(32); 1148 1149 t0 = io[0]; 1150 t1 = io[1]; 1151 io[0] = io[2]; 1152 io[1] = io[3]; 1153 io[2] = t0; 1154 io[3] = t1; 1155 } 1156 1157 void 1158 camellia_decrypt256(const uint32_t *subkey, uint32_t *io) 1159 { 1160 uint32_t il,ir,t0,t1; /* temporary valiables */ 1161 1162 /* pre whitening but absorb kw2*/ 1163 io[0] ^= SUBL(32); 1164 io[1] ^= SUBR(32); 1165 1166 /* main iteration */ 1167 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31), 1168 io[2],io[3],il,ir,t0,t1); 1169 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30), 1170 io[0],io[1],il,ir,t0,t1); 1171 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29), 1172 io[2],io[3],il,ir,t0,t1); 1173 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28), 1174 io[0],io[1],il,ir,t0,t1); 1175 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27), 1176 io[2],io[3],il,ir,t0,t1); 1177 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26), 1178 io[0],io[1],il,ir,t0,t1); 1179 1180 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24), 1181 t0,t1,il,ir); 1182 1183 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1184 io[2],io[3],il,ir,t0,t1); 1185 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1186 io[0],io[1],il,ir,t0,t1); 1187 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1188 io[2],io[3],il,ir,t0,t1); 1189 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1190 io[0],io[1],il,ir,t0,t1); 1191 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1192 io[2],io[3],il,ir,t0,t1); 1193 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1194 io[0],io[1],il,ir,t0,t1); 1195 1196 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16), 1197 t0,t1,il,ir); 1198 1199 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1200 io[2],io[3],il,ir,t0,t1); 1201 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1202 io[0],io[1],il,ir,t0,t1); 1203 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1204 io[2],io[3],il,ir,t0,t1); 1205 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1206 io[0],io[1],il,ir,t0,t1); 1207 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1208 io[2],io[3],il,ir,t0,t1); 1209 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1210 io[0],io[1],il,ir,t0,t1); 1211 1212 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1213 t0,t1,il,ir); 1214 1215 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1216 io[2],io[3],il,ir,t0,t1); 1217 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1218 io[0],io[1],il,ir,t0,t1); 1219 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1220 io[2],io[3],il,ir,t0,t1); 1221 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1222 io[0],io[1],il,ir,t0,t1); 1223 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1224 io[2],io[3],il,ir,t0,t1); 1225 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1226 io[0],io[1],il,ir,t0,t1); 1227 1228 /* post whitening but kw4 */ 1229 io[2] ^= SUBL(0); 1230 io[3] ^= SUBR(0); 1231 1232 t0 = io[0]; 1233 t1 = io[1]; 1234 io[0] = io[2]; 1235 io[1] = io[3]; 1236 io[2] = t0; 1237 io[3] = t1; 1238 } 1239 1240 void 1241 Camellia_Ekeygen(const int keyBitLength, 1242 const unsigned char *rawKey, 1243 uint32_t *subkey) 1244 { 1245 KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256); 1246 1247 switch(keyBitLength) { 1248 case 128: 1249 camellia_setup128(rawKey, subkey); 1250 break; 1251 case 192: 1252 camellia_setup192(rawKey, subkey); 1253 break; 1254 case 256: 1255 camellia_setup256(rawKey, subkey); 1256 break; 1257 default: 1258 break; 1259 } 1260 } 1261 void 1262 Camellia_EncryptBlock(const int keyBitLength, 1263 const unsigned char *plaintext, 1264 const uint32_t *subkey, 1265 unsigned char *ciphertext) 1266 { 1267 uint32_t tmp[4]; 1268 1269 tmp[0] = GETU32(plaintext); 1270 tmp[1] = GETU32(plaintext + 4); 1271 tmp[2] = GETU32(plaintext + 8); 1272 tmp[3] = GETU32(plaintext + 12); 1273 1274 switch (keyBitLength) { 1275 case 128: 1276 camellia_encrypt128(subkey, tmp); 1277 break; 1278 case 192: 1279 /* fall through */ 1280 case 256: 1281 camellia_encrypt256(subkey, tmp); 1282 break; 1283 default: 1284 break; 1285 } 1286 1287 PUTU32(ciphertext, tmp[0]); 1288 PUTU32(ciphertext+4, tmp[1]); 1289 PUTU32(ciphertext+8, tmp[2]); 1290 PUTU32(ciphertext+12, tmp[3]); 1291 } 1292 1293 void 1294 Camellia_DecryptBlock(const int keyBitLength, 1295 const unsigned char *ciphertext, 1296 const uint32_t *subkey, 1297 unsigned char *plaintext) 1298 { 1299 uint32_t tmp[4]; 1300 1301 tmp[0] = GETU32(ciphertext); 1302 tmp[1] = GETU32(ciphertext + 4); 1303 tmp[2] = GETU32(ciphertext + 8); 1304 tmp[3] = GETU32(ciphertext + 12); 1305 1306 switch (keyBitLength) { 1307 case 128: 1308 camellia_decrypt128(subkey, tmp); 1309 break; 1310 case 192: 1311 /* fall through */ 1312 case 256: 1313 camellia_decrypt256(subkey, tmp); 1314 break; 1315 default: 1316 break; 1317 } 1318 1319 PUTU32(plaintext, tmp[0]); 1320 PUTU32(plaintext+4, tmp[1]); 1321 PUTU32(plaintext+8, tmp[2]); 1322 PUTU32(plaintext+12, tmp[3]); 1323 } 1324