1 /* $NetBSD: camellia.c,v 1.2 2014/01/01 15:18:57 pgoyette Exp $ */ 2 3 /* camellia.h ver 1.1.0 4 * 5 * Copyright (c) 2006 6 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer as 13 * the first lines of this file unmodified. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* 31 * Algorithm Specification 32 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 33 */ 34 35 #include <sys/cdefs.h> 36 #include <sys/types.h> 37 #include <sys/systm.h> 38 #include <sys/errno.h> 39 #include <sys/module.h> 40 41 #include <crypto/camellia/camellia.h> 42 43 44 /* key constants */ 45 46 #define CAMELLIA_SIGMA1L (0xA09E667FL) 47 #define CAMELLIA_SIGMA1R (0x3BCC908BL) 48 #define CAMELLIA_SIGMA2L (0xB67AE858L) 49 #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 50 #define CAMELLIA_SIGMA3L (0xC6EF372FL) 51 #define CAMELLIA_SIGMA3R (0xE94F82BEL) 52 #define CAMELLIA_SIGMA4L (0x54FF53A5L) 53 #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 54 #define CAMELLIA_SIGMA5L (0x10E527FAL) 55 #define CAMELLIA_SIGMA5R (0xDE682D1DL) 56 #define CAMELLIA_SIGMA6L (0xB05688C2L) 57 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 58 59 /* 60 * macros 61 */ 62 #define GETU32(pt) (((uint32_t)(pt)[0] << 24) \ 63 ^ ((uint32_t)(pt)[1] << 16) \ 64 ^ ((uint32_t)(pt)[2] << 8) \ 65 ^ ((uint32_t)(pt)[3])) 66 67 #define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24); \ 68 (ct)[1] = (uint8_t)((st) >> 16); \ 69 (ct)[2] = (uint8_t)((st) >> 8); \ 70 (ct)[3] = (uint8_t)(st);} 71 72 #define SUBL(INDEX) (subkey[(INDEX)*2+1]) 73 #define SUBR(INDEX) (subkey[(INDEX)*2]) 74 75 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 76 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 77 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 78 79 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 80 do { \ 81 w0 = ll; \ 82 ll = (ll << bits) + (lr >> (32 - bits)); \ 83 lr = (lr << bits) + (rl >> (32 - bits)); \ 84 rl = (rl << bits) + (rr >> (32 - bits)); \ 85 rr = (rr << bits) + (w0 >> (32 - bits)); \ 86 } while(0) 87 88 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 89 do { \ 90 w0 = ll; \ 91 w1 = lr; \ 92 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 93 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 94 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 95 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 96 } while(0) 97 98 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 99 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 100 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 101 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 102 103 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 104 do { \ 105 il = xl ^ kl; \ 106 ir = xr ^ kr; \ 107 t0 = il >> 16; \ 108 t1 = ir >> 16; \ 109 yl = CAMELLIA_SP1110(ir & 0xff) \ 110 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 111 ^ CAMELLIA_SP3033(t1 & 0xff) \ 112 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 113 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 114 ^ CAMELLIA_SP0222(t0 & 0xff) \ 115 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 116 ^ CAMELLIA_SP4404(il & 0xff); \ 117 yl ^= yr; \ 118 yr = CAMELLIA_RR8(yr); \ 119 yr ^= yl; \ 120 } while(0) 121 122 123 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 124 do { \ 125 t0 = kll; \ 126 t2 = krr; \ 127 t0 &= ll; \ 128 t2 |= rr; \ 129 rl ^= t2; \ 130 lr ^= CAMELLIA_RL1(t0); \ 131 t3 = krl; \ 132 t1 = klr; \ 133 t3 &= rl; \ 134 t1 |= lr; \ 135 ll ^= t1; \ 136 rr ^= CAMELLIA_RL1(t3); \ 137 } while(0) 138 139 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 140 do { \ 141 ir = CAMELLIA_SP1110(xr & 0xff); \ 142 il = CAMELLIA_SP1110((xl>>24) & 0xff); \ 143 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ 144 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ 145 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ 146 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ 147 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ 148 il ^= CAMELLIA_SP4404(xl & 0xff); \ 149 il ^= kl; \ 150 ir ^= kr; \ 151 ir ^= il; \ 152 il = CAMELLIA_RR8(il); \ 153 il ^= ir; \ 154 yl ^= ir; \ 155 yr ^= il; \ 156 } while(0) 157 158 159 static const uint32_t camellia_sp1110[256] = { 160 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 161 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 162 0xe4e4e400,0x85858500,0x57575700,0x35353500, 163 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 164 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 165 0x45454500,0x19191900,0xa5a5a500,0x21212100, 166 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 167 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 168 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 169 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 170 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 171 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 172 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 173 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 174 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 175 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 176 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 177 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 178 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 179 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 180 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 181 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 182 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 183 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 184 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 185 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 186 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 187 0x53535300,0x18181800,0xf2f2f200,0x22222200, 188 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 189 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 190 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 191 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 192 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 193 0xa1a1a100,0x89898900,0x62626200,0x97979700, 194 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 195 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 196 0x10101000,0xc4c4c400,0x00000000,0x48484800, 197 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 198 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 199 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 200 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 201 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 202 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 203 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 204 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 205 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 206 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 207 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 208 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 209 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 210 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 211 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 212 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 213 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 214 0xd4d4d400,0x25252500,0xababab00,0x42424200, 215 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 216 0x72727200,0x07070700,0xb9b9b900,0x55555500, 217 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 218 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 219 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 220 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 221 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 222 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 223 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 224 }; 225 226 static const uint32_t camellia_sp0222[256] = { 227 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 228 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 229 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 230 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 231 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 232 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 233 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 234 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 235 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 236 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 237 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 238 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 239 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 240 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 241 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 242 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 243 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 244 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 245 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 246 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 247 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 248 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 249 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 250 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 251 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 252 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 253 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 254 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 255 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 256 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 257 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 258 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 259 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 260 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 261 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 262 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 263 0x00202020,0x00898989,0x00000000,0x00909090, 264 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 265 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 266 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 267 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 268 0x009b9b9b,0x00949494,0x00212121,0x00666666, 269 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 270 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 271 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 272 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 273 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 274 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 275 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 276 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 277 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 278 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 279 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 280 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 281 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 282 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 283 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 284 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 285 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 286 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 287 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 288 0x00777777,0x00939393,0x00868686,0x00838383, 289 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 290 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 291 }; 292 293 static const uint32_t camellia_sp3033[256] = { 294 0x38003838,0x41004141,0x16001616,0x76007676, 295 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 296 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 297 0x75007575,0x06000606,0x57005757,0xa000a0a0, 298 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 299 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 300 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 301 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 302 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 303 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 304 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 305 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 306 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 307 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 308 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 309 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 310 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 311 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 312 0x3a003a3a,0x09000909,0x95009595,0x10001010, 313 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 314 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 315 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 316 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 317 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 318 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 319 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 320 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 321 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 322 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 323 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 324 0x12001212,0x04000404,0x74007474,0x54005454, 325 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 326 0x55005555,0x68006868,0x50005050,0xbe00bebe, 327 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 328 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 329 0x70007070,0xff00ffff,0x32003232,0x69006969, 330 0x08000808,0x62006262,0x00000000,0x24002424, 331 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 332 0x45004545,0x81008181,0x73007373,0x6d006d6d, 333 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 334 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 335 0xe600e6e6,0x25002525,0x48004848,0x99009999, 336 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 337 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 338 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 339 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 340 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 341 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 342 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 343 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 344 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 345 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 346 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 347 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 348 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 349 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 350 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 351 0x7c007c7c,0x77007777,0x56005656,0x05000505, 352 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 353 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 354 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 355 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 356 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 357 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 358 }; 359 360 static const uint32_t camellia_sp4404[256] = { 361 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 362 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 363 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 364 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 365 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 366 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 367 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 368 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 369 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 370 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 371 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 372 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 373 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 374 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 375 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 376 0x24240024,0xe8e800e8,0x60600060,0x69690069, 377 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 378 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 379 0x10100010,0x00000000,0xa3a300a3,0x75750075, 380 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 381 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 382 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 383 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 384 0x81810081,0x6f6f006f,0x13130013,0x63630063, 385 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 386 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 387 0x78780078,0x06060006,0xe7e700e7,0x71710071, 388 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 389 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 390 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 391 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 392 0x15150015,0xadad00ad,0x77770077,0x80800080, 393 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 394 0x85850085,0x35350035,0x0c0c000c,0x41410041, 395 0xefef00ef,0x93930093,0x19190019,0x21210021, 396 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 397 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 398 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 399 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 400 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 401 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 402 0x12120012,0x20200020,0xb1b100b1,0x99990099, 403 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 404 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 405 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 406 0x0f0f000f,0x16160016,0x18180018,0x22220022, 407 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 408 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 409 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 410 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 411 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 412 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 413 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 414 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 415 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 416 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 417 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 418 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 419 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 420 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 421 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 422 0x49490049,0x68680068,0x38380038,0xa4a400a4, 423 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 424 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 425 }; 426 427 428 /* 429 * Stuff related to the Camellia key schedule 430 */ 431 #define subl(x) subL[(x)] 432 #define subr(x) subR[(x)] 433 434 void 435 camellia_setup128(const unsigned char *key, uint32_t *subkey) 436 { 437 uint32_t kll, klr, krl, krr; 438 uint32_t il, ir, t0, t1, w0, w1; 439 uint32_t kw4l, kw4r, dw, tl, tr; 440 uint32_t subL[26]; 441 uint32_t subR[26]; 442 443 /* 444 * k == kll || klr || krl || krr (|| is concatination) 445 */ 446 kll = GETU32(key ); 447 klr = GETU32(key + 4); 448 krl = GETU32(key + 8); 449 krr = GETU32(key + 12); 450 /* 451 * generate KL dependent subkeys 452 */ 453 subl(0) = kll; subr(0) = klr; 454 subl(1) = krl; subr(1) = krr; 455 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 456 subl(4) = kll; subr(4) = klr; 457 subl(5) = krl; subr(5) = krr; 458 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 459 subl(10) = kll; subr(10) = klr; 460 subl(11) = krl; subr(11) = krr; 461 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 462 subl(13) = krl; subr(13) = krr; 463 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 464 subl(16) = kll; subr(16) = klr; 465 subl(17) = krl; subr(17) = krr; 466 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 467 subl(18) = kll; subr(18) = klr; 468 subl(19) = krl; subr(19) = krr; 469 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 470 subl(22) = kll; subr(22) = klr; 471 subl(23) = krl; subr(23) = krr; 472 473 /* generate KA */ 474 kll = subl(0); klr = subr(0); 475 krl = subl(1); krr = subr(1); 476 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 477 w0, w1, il, ir, t0, t1); 478 krl ^= w0; krr ^= w1; 479 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 480 kll, klr, il, ir, t0, t1); 481 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 482 krl, krr, il, ir, t0, t1); 483 krl ^= w0; krr ^= w1; 484 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 485 w0, w1, il, ir, t0, t1); 486 kll ^= w0; klr ^= w1; 487 488 /* generate KA dependent subkeys */ 489 subl(2) = kll; subr(2) = klr; 490 subl(3) = krl; subr(3) = krr; 491 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 492 subl(6) = kll; subr(6) = klr; 493 subl(7) = krl; subr(7) = krr; 494 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 495 subl(8) = kll; subr(8) = klr; 496 subl(9) = krl; subr(9) = krr; 497 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 498 subl(12) = kll; subr(12) = klr; 499 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 500 subl(14) = kll; subr(14) = klr; 501 subl(15) = krl; subr(15) = krr; 502 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 503 subl(20) = kll; subr(20) = klr; 504 subl(21) = krl; subr(21) = krr; 505 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 506 subl(24) = kll; subr(24) = klr; 507 subl(25) = krl; subr(25) = krr; 508 509 510 /* absorb kw2 to other subkeys */ 511 subl(3) ^= subl(1); subr(3) ^= subr(1); 512 subl(5) ^= subl(1); subr(5) ^= subr(1); 513 subl(7) ^= subl(1); subr(7) ^= subr(1); 514 subl(1) ^= subr(1) & ~subr(9); 515 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 516 subl(11) ^= subl(1); subr(11) ^= subr(1); 517 subl(13) ^= subl(1); subr(13) ^= subr(1); 518 subl(15) ^= subl(1); subr(15) ^= subr(1); 519 subl(1) ^= subr(1) & ~subr(17); 520 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 521 subl(19) ^= subl(1); subr(19) ^= subr(1); 522 subl(21) ^= subl(1); subr(21) ^= subr(1); 523 subl(23) ^= subl(1); subr(23) ^= subr(1); 524 subl(24) ^= subl(1); subr(24) ^= subr(1); 525 526 /* absorb kw4 to other subkeys */ 527 kw4l = subl(25); kw4r = subr(25); 528 subl(22) ^= kw4l; subr(22) ^= kw4r; 529 subl(20) ^= kw4l; subr(20) ^= kw4r; 530 subl(18) ^= kw4l; subr(18) ^= kw4r; 531 kw4l ^= kw4r & ~subr(16); 532 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 533 subl(14) ^= kw4l; subr(14) ^= kw4r; 534 subl(12) ^= kw4l; subr(12) ^= kw4r; 535 subl(10) ^= kw4l; subr(10) ^= kw4r; 536 kw4l ^= kw4r & ~subr(8); 537 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 538 subl(6) ^= kw4l; subr(6) ^= kw4r; 539 subl(4) ^= kw4l; subr(4) ^= kw4r; 540 subl(2) ^= kw4l; subr(2) ^= kw4r; 541 subl(0) ^= kw4l; subr(0) ^= kw4r; 542 543 /* key XOR is end of F-function */ 544 SUBL(0) = subl(0) ^ subl(2); 545 SUBR(0) = subr(0) ^ subr(2); 546 SUBL(2) = subl(3); 547 SUBR(2) = subr(3); 548 SUBL(3) = subl(2) ^ subl(4); 549 SUBR(3) = subr(2) ^ subr(4); 550 SUBL(4) = subl(3) ^ subl(5); 551 SUBR(4) = subr(3) ^ subr(5); 552 SUBL(5) = subl(4) ^ subl(6); 553 SUBR(5) = subr(4) ^ subr(6); 554 SUBL(6) = subl(5) ^ subl(7); 555 SUBR(6) = subr(5) ^ subr(7); 556 tl = subl(10) ^ (subr(10) & ~subr(8)); 557 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 558 SUBL(7) = subl(6) ^ tl; 559 SUBR(7) = subr(6) ^ tr; 560 SUBL(8) = subl(8); 561 SUBR(8) = subr(8); 562 SUBL(9) = subl(9); 563 SUBR(9) = subr(9); 564 tl = subl(7) ^ (subr(7) & ~subr(9)); 565 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 566 SUBL(10) = tl ^ subl(11); 567 SUBR(10) = tr ^ subr(11); 568 SUBL(11) = subl(10) ^ subl(12); 569 SUBR(11) = subr(10) ^ subr(12); 570 SUBL(12) = subl(11) ^ subl(13); 571 SUBR(12) = subr(11) ^ subr(13); 572 SUBL(13) = subl(12) ^ subl(14); 573 SUBR(13) = subr(12) ^ subr(14); 574 SUBL(14) = subl(13) ^ subl(15); 575 SUBR(14) = subr(13) ^ subr(15); 576 tl = subl(18) ^ (subr(18) & ~subr(16)); 577 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 578 SUBL(15) = subl(14) ^ tl; 579 SUBR(15) = subr(14) ^ tr; 580 SUBL(16) = subl(16); 581 SUBR(16) = subr(16); 582 SUBL(17) = subl(17); 583 SUBR(17) = subr(17); 584 tl = subl(15) ^ (subr(15) & ~subr(17)); 585 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 586 SUBL(18) = tl ^ subl(19); 587 SUBR(18) = tr ^ subr(19); 588 SUBL(19) = subl(18) ^ subl(20); 589 SUBR(19) = subr(18) ^ subr(20); 590 SUBL(20) = subl(19) ^ subl(21); 591 SUBR(20) = subr(19) ^ subr(21); 592 SUBL(21) = subl(20) ^ subl(22); 593 SUBR(21) = subr(20) ^ subr(22); 594 SUBL(22) = subl(21) ^ subl(23); 595 SUBR(22) = subr(21) ^ subr(23); 596 SUBL(23) = subl(22); 597 SUBR(23) = subr(22); 598 SUBL(24) = subl(24) ^ subl(23); 599 SUBR(24) = subr(24) ^ subr(23); 600 601 /* apply the inverse of the last half of P-function */ 602 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 603 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 604 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 605 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 606 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 607 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 608 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 609 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 610 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 611 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 612 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 613 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 614 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 615 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 616 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 617 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 618 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 619 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 620 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 621 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 622 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 623 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 624 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 625 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 626 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 627 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 628 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 629 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 630 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 631 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 632 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 633 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 634 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 635 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 636 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 637 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 638 } 639 640 void 641 camellia_setup256(const unsigned char *key, uint32_t *subkey) 642 { 643 uint32_t kll,klr,krl,krr; /* left half of key */ 644 uint32_t krll,krlr,krrl,krrr; /* right half of key */ 645 uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */ 646 uint32_t kw4l, kw4r, dw, tl, tr; 647 uint32_t subL[34]; 648 uint32_t subR[34]; 649 650 /* 651 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 652 * (|| is concatination) 653 */ 654 655 kll = GETU32(key ); 656 klr = GETU32(key + 4); 657 krl = GETU32(key + 8); 658 krr = GETU32(key + 12); 659 krll = GETU32(key + 16); 660 krlr = GETU32(key + 20); 661 krrl = GETU32(key + 24); 662 krrr = GETU32(key + 28); 663 664 /* generate KL dependent subkeys */ 665 subl(0) = kll; subr(0) = klr; 666 subl(1) = krl; subr(1) = krr; 667 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 668 subl(12) = kll; subr(12) = klr; 669 subl(13) = krl; subr(13) = krr; 670 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 671 subl(16) = kll; subr(16) = klr; 672 subl(17) = krl; subr(17) = krr; 673 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 674 subl(22) = kll; subr(22) = klr; 675 subl(23) = krl; subr(23) = krr; 676 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 677 subl(30) = kll; subr(30) = klr; 678 subl(31) = krl; subr(31) = krr; 679 680 /* generate KR dependent subkeys */ 681 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 682 subl(4) = krll; subr(4) = krlr; 683 subl(5) = krrl; subr(5) = krrr; 684 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 685 subl(8) = krll; subr(8) = krlr; 686 subl(9) = krrl; subr(9) = krrr; 687 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 688 subl(18) = krll; subr(18) = krlr; 689 subl(19) = krrl; subr(19) = krrr; 690 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 691 subl(26) = krll; subr(26) = krlr; 692 subl(27) = krrl; subr(27) = krrr; 693 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 694 695 /* generate KA */ 696 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 697 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 698 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 699 w0, w1, il, ir, t0, t1); 700 krl ^= w0; krr ^= w1; 701 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 702 kll, klr, il, ir, t0, t1); 703 kll ^= krll; klr ^= krlr; 704 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 705 krl, krr, il, ir, t0, t1); 706 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 707 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 708 w0, w1, il, ir, t0, t1); 709 kll ^= w0; klr ^= w1; 710 711 /* generate KB */ 712 krll ^= kll; krlr ^= klr; 713 krrl ^= krl; krrr ^= krr; 714 CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 715 w0, w1, il, ir, t0, t1); 716 krrl ^= w0; krrr ^= w1; 717 CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 718 w0, w1, il, ir, t0, t1); 719 krll ^= w0; krlr ^= w1; 720 721 /* generate KA dependent subkeys */ 722 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 723 subl(6) = kll; subr(6) = klr; 724 subl(7) = krl; subr(7) = krr; 725 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 726 subl(14) = kll; subr(14) = klr; 727 subl(15) = krl; subr(15) = krr; 728 subl(24) = klr; subr(24) = krl; 729 subl(25) = krr; subr(25) = kll; 730 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 731 subl(28) = kll; subr(28) = klr; 732 subl(29) = krl; subr(29) = krr; 733 734 /* generate KB dependent subkeys */ 735 subl(2) = krll; subr(2) = krlr; 736 subl(3) = krrl; subr(3) = krrr; 737 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 738 subl(10) = krll; subr(10) = krlr; 739 subl(11) = krrl; subr(11) = krrr; 740 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 741 subl(20) = krll; subr(20) = krlr; 742 subl(21) = krrl; subr(21) = krrr; 743 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 744 subl(32) = krll; subr(32) = krlr; 745 subl(33) = krrl; subr(33) = krrr; 746 747 /* absorb kw2 to other subkeys */ 748 subl(3) ^= subl(1); subr(3) ^= subr(1); 749 subl(5) ^= subl(1); subr(5) ^= subr(1); 750 subl(7) ^= subl(1); subr(7) ^= subr(1); 751 subl(1) ^= subr(1) & ~subr(9); 752 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 753 subl(11) ^= subl(1); subr(11) ^= subr(1); 754 subl(13) ^= subl(1); subr(13) ^= subr(1); 755 subl(15) ^= subl(1); subr(15) ^= subr(1); 756 subl(1) ^= subr(1) & ~subr(17); 757 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 758 subl(19) ^= subl(1); subr(19) ^= subr(1); 759 subl(21) ^= subl(1); subr(21) ^= subr(1); 760 subl(23) ^= subl(1); subr(23) ^= subr(1); 761 subl(1) ^= subr(1) & ~subr(25); 762 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 763 subl(27) ^= subl(1); subr(27) ^= subr(1); 764 subl(29) ^= subl(1); subr(29) ^= subr(1); 765 subl(31) ^= subl(1); subr(31) ^= subr(1); 766 subl(32) ^= subl(1); subr(32) ^= subr(1); 767 768 769 /* absorb kw4 to other subkeys */ 770 kw4l = subl(33); kw4r = subr(33); 771 subl(30) ^= kw4l; subr(30) ^= kw4r; 772 subl(28) ^= kw4l; subr(28) ^= kw4r; 773 subl(26) ^= kw4l; subr(26) ^= kw4r; 774 kw4l ^= kw4r & ~subr(24); 775 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 776 subl(22) ^= kw4l; subr(22) ^= kw4r; 777 subl(20) ^= kw4l; subr(20) ^= kw4r; 778 subl(18) ^= kw4l; subr(18) ^= kw4r; 779 kw4l ^= kw4r & ~subr(16); 780 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 781 subl(14) ^= kw4l; subr(14) ^= kw4r; 782 subl(12) ^= kw4l; subr(12) ^= kw4r; 783 subl(10) ^= kw4l; subr(10) ^= kw4r; 784 kw4l ^= kw4r & ~subr(8); 785 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 786 subl(6) ^= kw4l; subr(6) ^= kw4r; 787 subl(4) ^= kw4l; subr(4) ^= kw4r; 788 subl(2) ^= kw4l; subr(2) ^= kw4r; 789 subl(0) ^= kw4l; subr(0) ^= kw4r; 790 791 /* key XOR is end of F-function */ 792 SUBL(0) = subl(0) ^ subl(2); 793 SUBR(0) = subr(0) ^ subr(2); 794 SUBL(2) = subl(3); 795 SUBR(2) = subr(3); 796 SUBL(3) = subl(2) ^ subl(4); 797 SUBR(3) = subr(2) ^ subr(4); 798 SUBL(4) = subl(3) ^ subl(5); 799 SUBR(4) = subr(3) ^ subr(5); 800 SUBL(5) = subl(4) ^ subl(6); 801 SUBR(5) = subr(4) ^ subr(6); 802 SUBL(6) = subl(5) ^ subl(7); 803 SUBR(6) = subr(5) ^ subr(7); 804 tl = subl(10) ^ (subr(10) & ~subr(8)); 805 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 806 SUBL(7) = subl(6) ^ tl; 807 SUBR(7) = subr(6) ^ tr; 808 SUBL(8) = subl(8); 809 SUBR(8) = subr(8); 810 SUBL(9) = subl(9); 811 SUBR(9) = subr(9); 812 tl = subl(7) ^ (subr(7) & ~subr(9)); 813 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 814 SUBL(10) = tl ^ subl(11); 815 SUBR(10) = tr ^ subr(11); 816 SUBL(11) = subl(10) ^ subl(12); 817 SUBR(11) = subr(10) ^ subr(12); 818 SUBL(12) = subl(11) ^ subl(13); 819 SUBR(12) = subr(11) ^ subr(13); 820 SUBL(13) = subl(12) ^ subl(14); 821 SUBR(13) = subr(12) ^ subr(14); 822 SUBL(14) = subl(13) ^ subl(15); 823 SUBR(14) = subr(13) ^ subr(15); 824 tl = subl(18) ^ (subr(18) & ~subr(16)); 825 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 826 SUBL(15) = subl(14) ^ tl; 827 SUBR(15) = subr(14) ^ tr; 828 SUBL(16) = subl(16); 829 SUBR(16) = subr(16); 830 SUBL(17) = subl(17); 831 SUBR(17) = subr(17); 832 tl = subl(15) ^ (subr(15) & ~subr(17)); 833 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 834 SUBL(18) = tl ^ subl(19); 835 SUBR(18) = tr ^ subr(19); 836 SUBL(19) = subl(18) ^ subl(20); 837 SUBR(19) = subr(18) ^ subr(20); 838 SUBL(20) = subl(19) ^ subl(21); 839 SUBR(20) = subr(19) ^ subr(21); 840 SUBL(21) = subl(20) ^ subl(22); 841 SUBR(21) = subr(20) ^ subr(22); 842 SUBL(22) = subl(21) ^ subl(23); 843 SUBR(22) = subr(21) ^ subr(23); 844 tl = subl(26) ^ (subr(26) & ~subr(24)); 845 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 846 SUBL(23) = subl(22) ^ tl; 847 SUBR(23) = subr(22) ^ tr; 848 SUBL(24) = subl(24); 849 SUBR(24) = subr(24); 850 SUBL(25) = subl(25); 851 SUBR(25) = subr(25); 852 tl = subl(23) ^ (subr(23) & ~subr(25)); 853 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 854 SUBL(26) = tl ^ subl(27); 855 SUBR(26) = tr ^ subr(27); 856 SUBL(27) = subl(26) ^ subl(28); 857 SUBR(27) = subr(26) ^ subr(28); 858 SUBL(28) = subl(27) ^ subl(29); 859 SUBR(28) = subr(27) ^ subr(29); 860 SUBL(29) = subl(28) ^ subl(30); 861 SUBR(29) = subr(28) ^ subr(30); 862 SUBL(30) = subl(29) ^ subl(31); 863 SUBR(30) = subr(29) ^ subr(31); 864 SUBL(31) = subl(30); 865 SUBR(31) = subr(30); 866 SUBL(32) = subl(32) ^ subl(31); 867 SUBR(32) = subr(32) ^ subr(31); 868 869 /* apply the inverse of the last half of P-function */ 870 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 871 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 872 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 873 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 874 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 875 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 876 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 877 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 878 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 879 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 880 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 881 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 882 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 883 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 884 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 885 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 886 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 887 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 888 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 889 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 890 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 891 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 892 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 893 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 894 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 895 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 896 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 897 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 898 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 899 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 900 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 901 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 902 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 903 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 904 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 905 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 906 dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw); 907 SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw; 908 dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw); 909 SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw; 910 dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw); 911 SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw; 912 dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw); 913 SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw; 914 dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw); 915 SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw; 916 dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw); 917 SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw; 918 } 919 920 void 921 camellia_setup192(const unsigned char *key, uint32_t *subkey) 922 { 923 unsigned char kk[32]; 924 uint32_t krll, krlr, krrl,krrr; 925 926 memcpy(kk, key, 24); 927 memcpy((unsigned char *)&krll, key+16,4); 928 memcpy((unsigned char *)&krlr, key+20,4); 929 krrl = ~krll; 930 krrr = ~krlr; 931 memcpy(kk+24, (unsigned char *)&krrl, 4); 932 memcpy(kk+28, (unsigned char *)&krrr, 4); 933 camellia_setup256(kk, subkey); 934 } 935 936 937 /** 938 * Stuff related to camellia encryption/decryption 939 */ 940 void 941 camellia_encrypt128(const uint32_t *subkey, uint32_t *io) 942 { 943 uint32_t il, ir, t0, t1; 944 945 /* pre whitening but absorb kw2*/ 946 io[0] ^= SUBL(0); 947 io[1] ^= SUBR(0); 948 /* main iteration */ 949 950 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 951 io[2],io[3],il,ir,t0,t1); 952 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 953 io[0],io[1],il,ir,t0,t1); 954 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 955 io[2],io[3],il,ir,t0,t1); 956 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 957 io[0],io[1],il,ir,t0,t1); 958 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 959 io[2],io[3],il,ir,t0,t1); 960 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 961 io[0],io[1],il,ir,t0,t1); 962 963 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 964 t0,t1,il,ir); 965 966 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 967 io[2],io[3],il,ir,t0,t1); 968 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 969 io[0],io[1],il,ir,t0,t1); 970 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 971 io[2],io[3],il,ir,t0,t1); 972 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 973 io[0],io[1],il,ir,t0,t1); 974 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 975 io[2],io[3],il,ir,t0,t1); 976 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 977 io[0],io[1],il,ir,t0,t1); 978 979 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17), 980 t0,t1,il,ir); 981 982 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 983 io[2],io[3],il,ir,t0,t1); 984 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 985 io[0],io[1],il,ir,t0,t1); 986 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 987 io[2],io[3],il,ir,t0,t1); 988 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 989 io[0],io[1],il,ir,t0,t1); 990 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 991 io[2],io[3],il,ir,t0,t1); 992 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 993 io[0],io[1],il,ir,t0,t1); 994 995 /* post whitening but kw4 */ 996 io[2] ^= SUBL(24); 997 io[3] ^= SUBR(24); 998 999 t0 = io[0]; 1000 t1 = io[1]; 1001 io[0] = io[2]; 1002 io[1] = io[3]; 1003 io[2] = t0; 1004 io[3] = t1; 1005 } 1006 1007 void 1008 camellia_decrypt128(const uint32_t *subkey, uint32_t *io) 1009 { 1010 uint32_t il,ir,t0,t1; /* temporary valiables */ 1011 1012 /* pre whitening but absorb kw2*/ 1013 io[0] ^= SUBL(24); 1014 io[1] ^= SUBR(24); 1015 1016 /* main iteration */ 1017 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1018 io[2],io[3],il,ir,t0,t1); 1019 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1020 io[0],io[1],il,ir,t0,t1); 1021 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1022 io[2],io[3],il,ir,t0,t1); 1023 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1024 io[0],io[1],il,ir,t0,t1); 1025 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1026 io[2],io[3],il,ir,t0,t1); 1027 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1028 io[0],io[1],il,ir,t0,t1); 1029 1030 CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16), 1031 t0,t1,il,ir); 1032 1033 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1034 io[2],io[3],il,ir,t0,t1); 1035 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1036 io[0],io[1],il,ir,t0,t1); 1037 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1038 io[2],io[3],il,ir,t0,t1); 1039 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1040 io[0],io[1],il,ir,t0,t1); 1041 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1042 io[2],io[3],il,ir,t0,t1); 1043 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1044 io[0],io[1],il,ir,t0,t1); 1045 1046 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1047 t0,t1,il,ir); 1048 1049 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1050 io[2],io[3],il,ir,t0,t1); 1051 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1052 io[0],io[1],il,ir,t0,t1); 1053 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1054 io[2],io[3],il,ir,t0,t1); 1055 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1056 io[0],io[1],il,ir,t0,t1); 1057 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1058 io[2],io[3],il,ir,t0,t1); 1059 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1060 io[0],io[1],il,ir,t0,t1); 1061 1062 /* post whitening but kw4 */ 1063 io[2] ^= SUBL(0); 1064 io[3] ^= SUBR(0); 1065 1066 t0 = io[0]; 1067 t1 = io[1]; 1068 io[0] = io[2]; 1069 io[1] = io[3]; 1070 io[2] = t0; 1071 io[3] = t1; 1072 } 1073 1074 /** 1075 * stuff for 192 and 256bit encryption/decryption 1076 */ 1077 void 1078 camellia_encrypt256(const uint32_t *subkey, uint32_t *io) 1079 { 1080 uint32_t il,ir,t0,t1; /* temporary valiables */ 1081 1082 /* pre whitening but absorb kw2*/ 1083 io[0] ^= SUBL(0); 1084 io[1] ^= SUBR(0); 1085 1086 /* main iteration */ 1087 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 1088 io[2],io[3],il,ir,t0,t1); 1089 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 1090 io[0],io[1],il,ir,t0,t1); 1091 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 1092 io[2],io[3],il,ir,t0,t1); 1093 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 1094 io[0],io[1],il,ir,t0,t1); 1095 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 1096 io[2],io[3],il,ir,t0,t1); 1097 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 1098 io[0],io[1],il,ir,t0,t1); 1099 1100 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 1101 t0,t1,il,ir); 1102 1103 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 1104 io[2],io[3],il,ir,t0,t1); 1105 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 1106 io[0],io[1],il,ir,t0,t1); 1107 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 1108 io[2],io[3],il,ir,t0,t1); 1109 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 1110 io[0],io[1],il,ir,t0,t1); 1111 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 1112 io[2],io[3],il,ir,t0,t1); 1113 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 1114 io[0],io[1],il,ir,t0,t1); 1115 1116 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17), 1117 t0,t1,il,ir); 1118 1119 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 1120 io[2],io[3],il,ir,t0,t1); 1121 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 1122 io[0],io[1],il,ir,t0,t1); 1123 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 1124 io[2],io[3],il,ir,t0,t1); 1125 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 1126 io[0],io[1],il,ir,t0,t1); 1127 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 1128 io[2],io[3],il,ir,t0,t1); 1129 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 1130 io[0],io[1],il,ir,t0,t1); 1131 1132 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25), 1133 t0,t1,il,ir); 1134 1135 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26), 1136 io[2],io[3],il,ir,t0,t1); 1137 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27), 1138 io[0],io[1],il,ir,t0,t1); 1139 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28), 1140 io[2],io[3],il,ir,t0,t1); 1141 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29), 1142 io[0],io[1],il,ir,t0,t1); 1143 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30), 1144 io[2],io[3],il,ir,t0,t1); 1145 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31), 1146 io[0],io[1],il,ir,t0,t1); 1147 1148 /* post whitening but kw4 */ 1149 io[2] ^= SUBL(32); 1150 io[3] ^= SUBR(32); 1151 1152 t0 = io[0]; 1153 t1 = io[1]; 1154 io[0] = io[2]; 1155 io[1] = io[3]; 1156 io[2] = t0; 1157 io[3] = t1; 1158 } 1159 1160 void 1161 camellia_decrypt256(const uint32_t *subkey, uint32_t *io) 1162 { 1163 uint32_t il,ir,t0,t1; /* temporary valiables */ 1164 1165 /* pre whitening but absorb kw2*/ 1166 io[0] ^= SUBL(32); 1167 io[1] ^= SUBR(32); 1168 1169 /* main iteration */ 1170 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31), 1171 io[2],io[3],il,ir,t0,t1); 1172 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30), 1173 io[0],io[1],il,ir,t0,t1); 1174 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29), 1175 io[2],io[3],il,ir,t0,t1); 1176 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28), 1177 io[0],io[1],il,ir,t0,t1); 1178 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27), 1179 io[2],io[3],il,ir,t0,t1); 1180 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26), 1181 io[0],io[1],il,ir,t0,t1); 1182 1183 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24), 1184 t0,t1,il,ir); 1185 1186 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1187 io[2],io[3],il,ir,t0,t1); 1188 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1189 io[0],io[1],il,ir,t0,t1); 1190 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1191 io[2],io[3],il,ir,t0,t1); 1192 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1193 io[0],io[1],il,ir,t0,t1); 1194 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1195 io[2],io[3],il,ir,t0,t1); 1196 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1197 io[0],io[1],il,ir,t0,t1); 1198 1199 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16), 1200 t0,t1,il,ir); 1201 1202 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1203 io[2],io[3],il,ir,t0,t1); 1204 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1205 io[0],io[1],il,ir,t0,t1); 1206 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1207 io[2],io[3],il,ir,t0,t1); 1208 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1209 io[0],io[1],il,ir,t0,t1); 1210 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1211 io[2],io[3],il,ir,t0,t1); 1212 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1213 io[0],io[1],il,ir,t0,t1); 1214 1215 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1216 t0,t1,il,ir); 1217 1218 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1219 io[2],io[3],il,ir,t0,t1); 1220 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1221 io[0],io[1],il,ir,t0,t1); 1222 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1223 io[2],io[3],il,ir,t0,t1); 1224 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1225 io[0],io[1],il,ir,t0,t1); 1226 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1227 io[2],io[3],il,ir,t0,t1); 1228 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1229 io[0],io[1],il,ir,t0,t1); 1230 1231 /* post whitening but kw4 */ 1232 io[2] ^= SUBL(0); 1233 io[3] ^= SUBR(0); 1234 1235 t0 = io[0]; 1236 t1 = io[1]; 1237 io[0] = io[2]; 1238 io[1] = io[3]; 1239 io[2] = t0; 1240 io[3] = t1; 1241 } 1242 1243 void 1244 Camellia_Ekeygen(const int keyBitLength, 1245 const unsigned char *rawKey, 1246 uint32_t *subkey) 1247 { 1248 KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256); 1249 1250 switch(keyBitLength) { 1251 case 128: 1252 camellia_setup128(rawKey, subkey); 1253 break; 1254 case 192: 1255 camellia_setup192(rawKey, subkey); 1256 break; 1257 case 256: 1258 camellia_setup256(rawKey, subkey); 1259 break; 1260 default: 1261 break; 1262 } 1263 } 1264 void 1265 Camellia_EncryptBlock(const int keyBitLength, 1266 const unsigned char *plaintext, 1267 const uint32_t *subkey, 1268 unsigned char *ciphertext) 1269 { 1270 uint32_t tmp[4]; 1271 1272 tmp[0] = GETU32(plaintext); 1273 tmp[1] = GETU32(plaintext + 4); 1274 tmp[2] = GETU32(plaintext + 8); 1275 tmp[3] = GETU32(plaintext + 12); 1276 1277 switch (keyBitLength) { 1278 case 128: 1279 camellia_encrypt128(subkey, tmp); 1280 break; 1281 case 192: 1282 /* fall through */ 1283 case 256: 1284 camellia_encrypt256(subkey, tmp); 1285 break; 1286 default: 1287 break; 1288 } 1289 1290 PUTU32(ciphertext, tmp[0]); 1291 PUTU32(ciphertext+4, tmp[1]); 1292 PUTU32(ciphertext+8, tmp[2]); 1293 PUTU32(ciphertext+12, tmp[3]); 1294 } 1295 1296 void 1297 Camellia_DecryptBlock(const int keyBitLength, 1298 const unsigned char *ciphertext, 1299 const uint32_t *subkey, 1300 unsigned char *plaintext) 1301 { 1302 uint32_t tmp[4]; 1303 1304 tmp[0] = GETU32(ciphertext); 1305 tmp[1] = GETU32(ciphertext + 4); 1306 tmp[2] = GETU32(ciphertext + 8); 1307 tmp[3] = GETU32(ciphertext + 12); 1308 1309 switch (keyBitLength) { 1310 case 128: 1311 camellia_decrypt128(subkey, tmp); 1312 break; 1313 case 192: 1314 /* fall through */ 1315 case 256: 1316 camellia_decrypt256(subkey, tmp); 1317 break; 1318 default: 1319 break; 1320 } 1321 1322 PUTU32(plaintext, tmp[0]); 1323 PUTU32(plaintext+4, tmp[1]); 1324 PUTU32(plaintext+8, tmp[2]); 1325 PUTU32(plaintext+12, tmp[3]); 1326 } 1327 1328 MODULE(MODULE_CLASS_MISC, camellia, NULL); 1329 1330 static int 1331 camellia_modcmd(modcmd_t cmd, void *opaque) 1332 { 1333 1334 switch (cmd) { 1335 case MODULE_CMD_INIT: 1336 return 0; 1337 case MODULE_CMD_FINI: 1338 return 0; 1339 default: 1340 return ENOTTY; 1341 } 1342 } 1343