Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / hcrypto / camellia-ntt.c
blob0a0015a1f80aaec5dbab9ace31a41231a9aad77a
1 /* camellia.c ver 1.2.0
3 * Copyright (c) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer as
11 * the first lines of this file unmodified.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * Algorithm Specification
30 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
34 #include <string.h>
35 #include <stdlib.h>
37 #include <krb5-types.h>
38 #include "camellia-ntt.h"
40 /* u32 must be 32bit word */
41 typedef uint32_t u32;
42 typedef unsigned char u8;
44 /* key constants */
46 #define CAMELLIA_SIGMA1L (0xA09E667FL)
47 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
48 #define CAMELLIA_SIGMA2L (0xB67AE858L)
49 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
50 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
51 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
52 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
53 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
54 #define CAMELLIA_SIGMA5L (0x10E527FAL)
55 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
56 #define CAMELLIA_SIGMA6L (0xB05688C2L)
57 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
60 * macros
64 #if defined(_MSC_VER)
66 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
67 # define GETU32(p) SWAP(*((u32 *)(p)))
68 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
70 #else /* not MS-VC */
72 # define GETU32(pt) \
73 (((u32)(pt)[0] << 24) \
74 ^ ((u32)(pt)[1] << 16) \
75 ^ ((u32)(pt)[2] << 8) \
76 ^ ((u32)(pt)[3]))
78 # define PUTU32(ct, st) { \
79 (ct)[0] = (u8)((st) >> 24); \
80 (ct)[1] = (u8)((st) >> 16); \
81 (ct)[2] = (u8)((st) >> 8); \
82 (ct)[3] = (u8)(st); }
84 #endif
86 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
87 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
89 /* rotation right shift 1byte */
90 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
91 /* rotation left shift 1bit */
92 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
93 /* rotation left shift 1byte */
94 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
96 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
97 do { \
98 w0 = ll; \
99 ll = (ll << bits) + (lr >> (32 - bits)); \
100 lr = (lr << bits) + (rl >> (32 - bits)); \
101 rl = (rl << bits) + (rr >> (32 - bits)); \
102 rr = (rr << bits) + (w0 >> (32 - bits)); \
103 } while(0)
105 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
106 do { \
107 w0 = ll; \
108 w1 = lr; \
109 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
110 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
111 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
112 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
113 } while(0)
115 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
116 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
117 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
118 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
120 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
121 do { \
122 il = xl ^ kl; \
123 ir = xr ^ kr; \
124 t0 = il >> 16; \
125 t1 = ir >> 16; \
126 yl = CAMELLIA_SP1110(ir & 0xff) \
127 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
128 ^ CAMELLIA_SP3033(t1 & 0xff) \
129 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
130 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
131 ^ CAMELLIA_SP0222(t0 & 0xff) \
132 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
133 ^ CAMELLIA_SP4404(il & 0xff); \
134 yl ^= yr; \
135 yr = CAMELLIA_RR8(yr); \
136 yr ^= yl; \
137 } while(0)
141 * for speed up
144 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
145 do { \
146 t0 = kll; \
147 t0 &= ll; \
148 lr ^= CAMELLIA_RL1(t0); \
149 t1 = klr; \
150 t1 |= lr; \
151 ll ^= t1; \
153 t2 = krr; \
154 t2 |= rr; \
155 rl ^= t2; \
156 t3 = krl; \
157 t3 &= rl; \
158 rr ^= CAMELLIA_RL1(t3); \
159 } while(0)
161 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
162 do { \
163 ir = CAMELLIA_SP1110(xr & 0xff) \
164 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
165 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
166 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
167 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
168 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
169 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
170 ^ CAMELLIA_SP4404(xl & 0xff); \
171 il ^= kl; \
172 ir ^= kr; \
173 ir ^= il; \
174 il = CAMELLIA_RR8(il); \
175 il ^= ir; \
176 yl ^= ir; \
177 yr ^= il; \
178 } while(0)
181 static const u32 camellia_sp1110[256] = {
182 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
183 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
184 0xe4e4e400,0x85858500,0x57575700,0x35353500,
185 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
186 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
187 0x45454500,0x19191900,0xa5a5a500,0x21212100,
188 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
189 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
190 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
191 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
192 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
193 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
194 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
195 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
196 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
197 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
198 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
199 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
200 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
201 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
202 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
203 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
204 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
205 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
206 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
207 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
208 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
209 0x53535300,0x18181800,0xf2f2f200,0x22222200,
210 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
211 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
212 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
213 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
214 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
215 0xa1a1a100,0x89898900,0x62626200,0x97979700,
216 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
217 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
218 0x10101000,0xc4c4c400,0x00000000,0x48484800,
219 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
220 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
221 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
222 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
223 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
224 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
225 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
226 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
227 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
228 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
229 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
230 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
231 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
232 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
233 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
234 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
235 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
236 0xd4d4d400,0x25252500,0xababab00,0x42424200,
237 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
238 0x72727200,0x07070700,0xb9b9b900,0x55555500,
239 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
240 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
241 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
242 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
243 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
244 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
245 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
248 static const u32 camellia_sp0222[256] = {
249 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
250 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
251 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
252 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
253 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
254 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
255 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
256 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
257 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
258 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
259 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
260 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
261 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
262 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
263 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
264 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
265 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
266 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
267 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
268 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
269 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
270 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
271 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
272 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
273 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
274 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
275 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
276 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
277 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
278 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
279 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
280 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
281 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
282 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
283 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
284 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
285 0x00202020,0x00898989,0x00000000,0x00909090,
286 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
287 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
288 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
289 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
290 0x009b9b9b,0x00949494,0x00212121,0x00666666,
291 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
292 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
293 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
294 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
295 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
296 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
297 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
298 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
299 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
300 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
301 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
302 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
303 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
304 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
305 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
306 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
307 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
308 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
309 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
310 0x00777777,0x00939393,0x00868686,0x00838383,
311 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
312 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
315 static const u32 camellia_sp3033[256] = {
316 0x38003838,0x41004141,0x16001616,0x76007676,
317 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
318 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
319 0x75007575,0x06000606,0x57005757,0xa000a0a0,
320 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
321 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
322 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
323 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
324 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
325 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
326 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
327 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
328 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
329 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
330 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
331 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
332 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
333 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
334 0x3a003a3a,0x09000909,0x95009595,0x10001010,
335 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
336 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
337 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
338 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
339 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
340 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
341 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
342 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
343 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
344 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
345 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
346 0x12001212,0x04000404,0x74007474,0x54005454,
347 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
348 0x55005555,0x68006868,0x50005050,0xbe00bebe,
349 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
350 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
351 0x70007070,0xff00ffff,0x32003232,0x69006969,
352 0x08000808,0x62006262,0x00000000,0x24002424,
353 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
354 0x45004545,0x81008181,0x73007373,0x6d006d6d,
355 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
356 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
357 0xe600e6e6,0x25002525,0x48004848,0x99009999,
358 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
359 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
360 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
361 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
362 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
363 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
364 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
365 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
366 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
367 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
368 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
369 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
370 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
371 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
372 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
373 0x7c007c7c,0x77007777,0x56005656,0x05000505,
374 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
375 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
376 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
377 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
378 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
379 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
382 static const u32 camellia_sp4404[256] = {
383 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
384 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
385 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
386 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
387 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
388 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
389 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
390 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
391 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
392 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
393 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
394 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
395 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
396 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
397 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
398 0x24240024,0xe8e800e8,0x60600060,0x69690069,
399 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
400 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
401 0x10100010,0x00000000,0xa3a300a3,0x75750075,
402 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
403 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
404 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
405 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
406 0x81810081,0x6f6f006f,0x13130013,0x63630063,
407 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
408 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
409 0x78780078,0x06060006,0xe7e700e7,0x71710071,
410 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
411 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
412 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
413 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
414 0x15150015,0xadad00ad,0x77770077,0x80800080,
415 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
416 0x85850085,0x35350035,0x0c0c000c,0x41410041,
417 0xefef00ef,0x93930093,0x19190019,0x21210021,
418 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
419 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
420 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
421 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
422 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
423 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
424 0x12120012,0x20200020,0xb1b100b1,0x99990099,
425 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
426 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
427 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
428 0x0f0f000f,0x16160016,0x18180018,0x22220022,
429 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
430 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
431 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
432 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
433 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
434 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
435 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
436 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
437 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
438 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
439 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
440 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
441 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
442 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
443 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
444 0x49490049,0x68680068,0x38380038,0xa4a400a4,
445 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
446 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
451 * Stuff related to the Camellia key schedule
453 #define subl(x) subL[(x)]
454 #define subr(x) subR[(x)]
456 static void camellia_setup128(const unsigned char *key, u32 *subkey)
458 u32 kll, klr, krl, krr;
459 u32 il, ir, t0, t1, w0, w1;
460 u32 kw4l, kw4r, dw, tl, tr;
461 u32 subL[26];
462 u32 subR[26];
465 * k == kll || klr || krl || krr (|| is concatination)
467 kll = GETU32(key );
468 klr = GETU32(key + 4);
469 krl = GETU32(key + 8);
470 krr = GETU32(key + 12);
472 * generate KL dependent subkeys
474 subl(0) = kll; subr(0) = klr;
475 subl(1) = krl; subr(1) = krr;
476 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
477 subl(4) = kll; subr(4) = klr;
478 subl(5) = krl; subr(5) = krr;
479 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
480 subl(10) = kll; subr(10) = klr;
481 subl(11) = krl; subr(11) = krr;
482 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
483 subl(13) = krl; subr(13) = krr;
484 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
485 subl(16) = kll; subr(16) = klr;
486 subl(17) = krl; subr(17) = krr;
487 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
488 subl(18) = kll; subr(18) = klr;
489 subl(19) = krl; subr(19) = krr;
490 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
491 subl(22) = kll; subr(22) = klr;
492 subl(23) = krl; subr(23) = krr;
494 /* generate KA */
495 kll = subl(0); klr = subr(0);
496 krl = subl(1); krr = subr(1);
497 CAMELLIA_F(kll, klr,
498 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
499 w0, w1, il, ir, t0, t1);
500 krl ^= w0; krr ^= w1;
501 CAMELLIA_F(krl, krr,
502 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
503 kll, klr, il, ir, t0, t1);
504 CAMELLIA_F(kll, klr,
505 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
506 krl, krr, il, ir, t0, t1);
507 krl ^= w0; krr ^= w1;
508 CAMELLIA_F(krl, krr,
509 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
510 w0, w1, il, ir, t0, t1);
511 kll ^= w0; klr ^= w1;
513 /* generate KA dependent subkeys */
514 subl(2) = kll; subr(2) = klr;
515 subl(3) = krl; subr(3) = krr;
516 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
517 subl(6) = kll; subr(6) = klr;
518 subl(7) = krl; subr(7) = krr;
519 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
520 subl(8) = kll; subr(8) = klr;
521 subl(9) = krl; subr(9) = krr;
522 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
523 subl(12) = kll; subr(12) = klr;
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
525 subl(14) = kll; subr(14) = klr;
526 subl(15) = krl; subr(15) = krr;
527 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
528 subl(20) = kll; subr(20) = klr;
529 subl(21) = krl; subr(21) = krr;
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 subl(24) = kll; subr(24) = klr;
532 subl(25) = krl; subr(25) = krr;
535 /* absorb kw2 to other subkeys */
536 subl(3) ^= subl(1); subr(3) ^= subr(1);
537 subl(5) ^= subl(1); subr(5) ^= subr(1);
538 subl(7) ^= subl(1); subr(7) ^= subr(1);
539 subl(1) ^= subr(1) & ~subr(9);
540 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
541 subl(11) ^= subl(1); subr(11) ^= subr(1);
542 subl(13) ^= subl(1); subr(13) ^= subr(1);
543 subl(15) ^= subl(1); subr(15) ^= subr(1);
544 subl(1) ^= subr(1) & ~subr(17);
545 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
546 subl(19) ^= subl(1); subr(19) ^= subr(1);
547 subl(21) ^= subl(1); subr(21) ^= subr(1);
548 subl(23) ^= subl(1); subr(23) ^= subr(1);
549 subl(24) ^= subl(1); subr(24) ^= subr(1);
551 /* absorb kw4 to other subkeys */
552 kw4l = subl(25); kw4r = subr(25);
553 subl(22) ^= kw4l; subr(22) ^= kw4r;
554 subl(20) ^= kw4l; subr(20) ^= kw4r;
555 subl(18) ^= kw4l; subr(18) ^= kw4r;
556 kw4l ^= kw4r & ~subr(16);
557 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
558 subl(14) ^= kw4l; subr(14) ^= kw4r;
559 subl(12) ^= kw4l; subr(12) ^= kw4r;
560 subl(10) ^= kw4l; subr(10) ^= kw4r;
561 kw4l ^= kw4r & ~subr(8);
562 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
563 subl(6) ^= kw4l; subr(6) ^= kw4r;
564 subl(4) ^= kw4l; subr(4) ^= kw4r;
565 subl(2) ^= kw4l; subr(2) ^= kw4r;
566 subl(0) ^= kw4l; subr(0) ^= kw4r;
568 /* key XOR is end of F-function */
569 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
570 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
571 CamelliaSubkeyL(2) = subl(3);
572 CamelliaSubkeyR(2) = subr(3);
573 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
574 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
575 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
576 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
577 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
578 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
579 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
580 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
581 tl = subl(10) ^ (subr(10) & ~subr(8));
582 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
583 CamelliaSubkeyL(7) = subl(6) ^ tl;
584 CamelliaSubkeyR(7) = subr(6) ^ tr;
585 CamelliaSubkeyL(8) = subl(8);
586 CamelliaSubkeyR(8) = subr(8);
587 CamelliaSubkeyL(9) = subl(9);
588 CamelliaSubkeyR(9) = subr(9);
589 tl = subl(7) ^ (subr(7) & ~subr(9));
590 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
591 CamelliaSubkeyL(10) = tl ^ subl(11);
592 CamelliaSubkeyR(10) = tr ^ subr(11);
593 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
594 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
595 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
596 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
597 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
598 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
599 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
600 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
601 tl = subl(18) ^ (subr(18) & ~subr(16));
602 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
603 CamelliaSubkeyL(15) = subl(14) ^ tl;
604 CamelliaSubkeyR(15) = subr(14) ^ tr;
605 CamelliaSubkeyL(16) = subl(16);
606 CamelliaSubkeyR(16) = subr(16);
607 CamelliaSubkeyL(17) = subl(17);
608 CamelliaSubkeyR(17) = subr(17);
609 tl = subl(15) ^ (subr(15) & ~subr(17));
610 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
611 CamelliaSubkeyL(18) = tl ^ subl(19);
612 CamelliaSubkeyR(18) = tr ^ subr(19);
613 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
614 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
615 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
616 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
617 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
618 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
619 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
620 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
621 CamelliaSubkeyL(23) = subl(22);
622 CamelliaSubkeyR(23) = subr(22);
623 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
624 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
626 /* apply the inverse of the last half of P-function */
627 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
628 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
629 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
630 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
631 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
632 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
633 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
634 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
635 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
636 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
637 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
638 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
639 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
640 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
641 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
642 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
643 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
644 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
645 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
646 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
647 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
648 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
649 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
650 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
651 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
652 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
653 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
654 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
655 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
656 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
657 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
658 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
659 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
660 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
661 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
662 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
664 return;
667 static void camellia_setup256(const unsigned char *key, u32 *subkey)
669 u32 kll,klr,krl,krr; /* left half of key */
670 u32 krll,krlr,krrl,krrr; /* right half of key */
671 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
672 u32 kw4l, kw4r, dw, tl, tr;
673 u32 subL[34];
674 u32 subR[34];
677 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
678 * (|| is concatination)
681 kll = GETU32(key );
682 klr = GETU32(key + 4);
683 krl = GETU32(key + 8);
684 krr = GETU32(key + 12);
685 krll = GETU32(key + 16);
686 krlr = GETU32(key + 20);
687 krrl = GETU32(key + 24);
688 krrr = GETU32(key + 28);
690 /* generate KL dependent subkeys */
691 subl(0) = kll; subr(0) = klr;
692 subl(1) = krl; subr(1) = krr;
693 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
694 subl(12) = kll; subr(12) = klr;
695 subl(13) = krl; subr(13) = krr;
696 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
697 subl(16) = kll; subr(16) = klr;
698 subl(17) = krl; subr(17) = krr;
699 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
700 subl(22) = kll; subr(22) = klr;
701 subl(23) = krl; subr(23) = krr;
702 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
703 subl(30) = kll; subr(30) = klr;
704 subl(31) = krl; subr(31) = krr;
706 /* generate KR dependent subkeys */
707 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
708 subl(4) = krll; subr(4) = krlr;
709 subl(5) = krrl; subr(5) = krrr;
710 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
711 subl(8) = krll; subr(8) = krlr;
712 subl(9) = krrl; subr(9) = krrr;
713 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
714 subl(18) = krll; subr(18) = krlr;
715 subl(19) = krrl; subr(19) = krrr;
716 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
717 subl(26) = krll; subr(26) = krlr;
718 subl(27) = krrl; subr(27) = krrr;
719 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
721 /* generate KA */
722 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
723 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
724 CAMELLIA_F(kll, klr,
725 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
726 w0, w1, il, ir, t0, t1);
727 krl ^= w0; krr ^= w1;
728 CAMELLIA_F(krl, krr,
729 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
730 kll, klr, il, ir, t0, t1);
731 kll ^= krll; klr ^= krlr;
732 CAMELLIA_F(kll, klr,
733 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
734 krl, krr, il, ir, t0, t1);
735 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
736 CAMELLIA_F(krl, krr,
737 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
738 w0, w1, il, ir, t0, t1);
739 kll ^= w0; klr ^= w1;
741 /* generate KB */
742 krll ^= kll; krlr ^= klr;
743 krrl ^= krl; krrr ^= krr;
744 CAMELLIA_F(krll, krlr,
745 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
746 w0, w1, il, ir, t0, t1);
747 krrl ^= w0; krrr ^= w1;
748 CAMELLIA_F(krrl, krrr,
749 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
750 w0, w1, il, ir, t0, t1);
751 krll ^= w0; krlr ^= w1;
753 /* generate KA dependent subkeys */
754 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
755 subl(6) = kll; subr(6) = klr;
756 subl(7) = krl; subr(7) = krr;
757 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
758 subl(14) = kll; subr(14) = klr;
759 subl(15) = krl; subr(15) = krr;
760 subl(24) = klr; subr(24) = krl;
761 subl(25) = krr; subr(25) = kll;
762 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
763 subl(28) = kll; subr(28) = klr;
764 subl(29) = krl; subr(29) = krr;
766 /* generate KB dependent subkeys */
767 subl(2) = krll; subr(2) = krlr;
768 subl(3) = krrl; subr(3) = krrr;
769 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
770 subl(10) = krll; subr(10) = krlr;
771 subl(11) = krrl; subr(11) = krrr;
772 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
773 subl(20) = krll; subr(20) = krlr;
774 subl(21) = krrl; subr(21) = krrr;
775 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
776 subl(32) = krll; subr(32) = krlr;
777 subl(33) = krrl; subr(33) = krrr;
779 /* absorb kw2 to other subkeys */
780 subl(3) ^= subl(1); subr(3) ^= subr(1);
781 subl(5) ^= subl(1); subr(5) ^= subr(1);
782 subl(7) ^= subl(1); subr(7) ^= subr(1);
783 subl(1) ^= subr(1) & ~subr(9);
784 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
785 subl(11) ^= subl(1); subr(11) ^= subr(1);
786 subl(13) ^= subl(1); subr(13) ^= subr(1);
787 subl(15) ^= subl(1); subr(15) ^= subr(1);
788 subl(1) ^= subr(1) & ~subr(17);
789 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
790 subl(19) ^= subl(1); subr(19) ^= subr(1);
791 subl(21) ^= subl(1); subr(21) ^= subr(1);
792 subl(23) ^= subl(1); subr(23) ^= subr(1);
793 subl(1) ^= subr(1) & ~subr(25);
794 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
795 subl(27) ^= subl(1); subr(27) ^= subr(1);
796 subl(29) ^= subl(1); subr(29) ^= subr(1);
797 subl(31) ^= subl(1); subr(31) ^= subr(1);
798 subl(32) ^= subl(1); subr(32) ^= subr(1);
800 /* absorb kw4 to other subkeys */
801 kw4l = subl(33); kw4r = subr(33);
802 subl(30) ^= kw4l; subr(30) ^= kw4r;
803 subl(28) ^= kw4l; subr(28) ^= kw4r;
804 subl(26) ^= kw4l; subr(26) ^= kw4r;
805 kw4l ^= kw4r & ~subr(24);
806 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
807 subl(22) ^= kw4l; subr(22) ^= kw4r;
808 subl(20) ^= kw4l; subr(20) ^= kw4r;
809 subl(18) ^= kw4l; subr(18) ^= kw4r;
810 kw4l ^= kw4r & ~subr(16);
811 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
812 subl(14) ^= kw4l; subr(14) ^= kw4r;
813 subl(12) ^= kw4l; subr(12) ^= kw4r;
814 subl(10) ^= kw4l; subr(10) ^= kw4r;
815 kw4l ^= kw4r & ~subr(8);
816 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
817 subl(6) ^= kw4l; subr(6) ^= kw4r;
818 subl(4) ^= kw4l; subr(4) ^= kw4r;
819 subl(2) ^= kw4l; subr(2) ^= kw4r;
820 subl(0) ^= kw4l; subr(0) ^= kw4r;
822 /* key XOR is end of F-function */
823 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
824 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
825 CamelliaSubkeyL(2) = subl(3);
826 CamelliaSubkeyR(2) = subr(3);
827 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
828 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
829 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
830 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
831 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
832 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
833 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
834 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
835 tl = subl(10) ^ (subr(10) & ~subr(8));
836 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
837 CamelliaSubkeyL(7) = subl(6) ^ tl;
838 CamelliaSubkeyR(7) = subr(6) ^ tr;
839 CamelliaSubkeyL(8) = subl(8);
840 CamelliaSubkeyR(8) = subr(8);
841 CamelliaSubkeyL(9) = subl(9);
842 CamelliaSubkeyR(9) = subr(9);
843 tl = subl(7) ^ (subr(7) & ~subr(9));
844 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
845 CamelliaSubkeyL(10) = tl ^ subl(11);
846 CamelliaSubkeyR(10) = tr ^ subr(11);
847 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
848 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
849 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
850 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
851 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
852 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
853 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
854 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
855 tl = subl(18) ^ (subr(18) & ~subr(16));
856 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
857 CamelliaSubkeyL(15) = subl(14) ^ tl;
858 CamelliaSubkeyR(15) = subr(14) ^ tr;
859 CamelliaSubkeyL(16) = subl(16);
860 CamelliaSubkeyR(16) = subr(16);
861 CamelliaSubkeyL(17) = subl(17);
862 CamelliaSubkeyR(17) = subr(17);
863 tl = subl(15) ^ (subr(15) & ~subr(17));
864 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
865 CamelliaSubkeyL(18) = tl ^ subl(19);
866 CamelliaSubkeyR(18) = tr ^ subr(19);
867 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
868 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
869 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
870 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
871 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
872 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
873 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
874 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
875 tl = subl(26) ^ (subr(26) & ~subr(24));
876 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
877 CamelliaSubkeyL(23) = subl(22) ^ tl;
878 CamelliaSubkeyR(23) = subr(22) ^ tr;
879 CamelliaSubkeyL(24) = subl(24);
880 CamelliaSubkeyR(24) = subr(24);
881 CamelliaSubkeyL(25) = subl(25);
882 CamelliaSubkeyR(25) = subr(25);
883 tl = subl(23) ^ (subr(23) & ~subr(25));
884 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
885 CamelliaSubkeyL(26) = tl ^ subl(27);
886 CamelliaSubkeyR(26) = tr ^ subr(27);
887 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
888 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
889 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
890 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
891 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
892 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
893 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
894 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
895 CamelliaSubkeyL(31) = subl(30);
896 CamelliaSubkeyR(31) = subr(30);
897 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
898 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
900 /* apply the inverse of the last half of P-function */
901 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
902 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
903 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
904 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
905 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
906 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
907 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
908 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
909 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
910 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
911 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
912 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
913 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
914 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
915 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
916 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
917 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
918 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
919 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
920 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
921 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
922 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
923 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
924 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
925 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
926 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
927 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
928 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
929 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
930 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
931 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
932 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
933 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
934 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
935 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
936 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
937 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
938 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
939 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
940 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
941 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
942 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
943 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
944 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
945 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
946 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
947 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
948 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
950 return;
953 static void camellia_setup192(const unsigned char *key, u32 *subkey)
955 unsigned char kk[32];
956 u32 krll, krlr, krrl,krrr;
958 memcpy(kk, key, 24);
959 memcpy((unsigned char *)&krll, key+16,4);
960 memcpy((unsigned char *)&krlr, key+20,4);
961 krrl = ~krll;
962 krrr = ~krlr;
963 memcpy(kk+24, (unsigned char *)&krrl, 4);
964 memcpy(kk+28, (unsigned char *)&krrr, 4);
965 camellia_setup256(kk, subkey);
966 return;
971 * Stuff related to camellia encryption/decryption
973 * "io" must be 4byte aligned and big-endian data.
975 static void camellia_encrypt128(const u32 *subkey, u32 *io)
977 u32 il, ir, t0, t1;
979 /* pre whitening but absorb kw2*/
980 io[0] ^= CamelliaSubkeyL(0);
981 io[1] ^= CamelliaSubkeyR(0);
982 /* main iteration */
984 CAMELLIA_ROUNDSM(io[0],io[1],
985 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
986 io[2],io[3],il,ir,t0,t1);
987 CAMELLIA_ROUNDSM(io[2],io[3],
988 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
989 io[0],io[1],il,ir,t0,t1);
990 CAMELLIA_ROUNDSM(io[0],io[1],
991 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
992 io[2],io[3],il,ir,t0,t1);
993 CAMELLIA_ROUNDSM(io[2],io[3],
994 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
995 io[0],io[1],il,ir,t0,t1);
996 CAMELLIA_ROUNDSM(io[0],io[1],
997 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
998 io[2],io[3],il,ir,t0,t1);
999 CAMELLIA_ROUNDSM(io[2],io[3],
1000 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1001 io[0],io[1],il,ir,t0,t1);
1003 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1004 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1005 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1006 t0,t1,il,ir);
1008 CAMELLIA_ROUNDSM(io[0],io[1],
1009 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1010 io[2],io[3],il,ir,t0,t1);
1011 CAMELLIA_ROUNDSM(io[2],io[3],
1012 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1013 io[0],io[1],il,ir,t0,t1);
1014 CAMELLIA_ROUNDSM(io[0],io[1],
1015 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1016 io[2],io[3],il,ir,t0,t1);
1017 CAMELLIA_ROUNDSM(io[2],io[3],
1018 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1019 io[0],io[1],il,ir,t0,t1);
1020 CAMELLIA_ROUNDSM(io[0],io[1],
1021 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1022 io[2],io[3],il,ir,t0,t1);
1023 CAMELLIA_ROUNDSM(io[2],io[3],
1024 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1025 io[0],io[1],il,ir,t0,t1);
1027 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1028 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1029 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1030 t0,t1,il,ir);
1032 CAMELLIA_ROUNDSM(io[0],io[1],
1033 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1034 io[2],io[3],il,ir,t0,t1);
1035 CAMELLIA_ROUNDSM(io[2],io[3],
1036 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1037 io[0],io[1],il,ir,t0,t1);
1038 CAMELLIA_ROUNDSM(io[0],io[1],
1039 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1040 io[2],io[3],il,ir,t0,t1);
1041 CAMELLIA_ROUNDSM(io[2],io[3],
1042 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1043 io[0],io[1],il,ir,t0,t1);
1044 CAMELLIA_ROUNDSM(io[0],io[1],
1045 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1046 io[2],io[3],il,ir,t0,t1);
1047 CAMELLIA_ROUNDSM(io[2],io[3],
1048 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1049 io[0],io[1],il,ir,t0,t1);
1051 /* post whitening but kw4 */
1052 io[2] ^= CamelliaSubkeyL(24);
1053 io[3] ^= CamelliaSubkeyR(24);
1055 t0 = io[0];
1056 t1 = io[1];
1057 io[0] = io[2];
1058 io[1] = io[3];
1059 io[2] = t0;
1060 io[3] = t1;
1062 return;
1065 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1067 u32 il,ir,t0,t1; /* temporary valiables */
1069 /* pre whitening but absorb kw2*/
1070 io[0] ^= CamelliaSubkeyL(24);
1071 io[1] ^= CamelliaSubkeyR(24);
1073 /* main iteration */
1074 CAMELLIA_ROUNDSM(io[0],io[1],
1075 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1076 io[2],io[3],il,ir,t0,t1);
1077 CAMELLIA_ROUNDSM(io[2],io[3],
1078 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1079 io[0],io[1],il,ir,t0,t1);
1080 CAMELLIA_ROUNDSM(io[0],io[1],
1081 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1082 io[2],io[3],il,ir,t0,t1);
1083 CAMELLIA_ROUNDSM(io[2],io[3],
1084 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1085 io[0],io[1],il,ir,t0,t1);
1086 CAMELLIA_ROUNDSM(io[0],io[1],
1087 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1088 io[2],io[3],il,ir,t0,t1);
1089 CAMELLIA_ROUNDSM(io[2],io[3],
1090 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1091 io[0],io[1],il,ir,t0,t1);
1093 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1094 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1095 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1096 t0,t1,il,ir);
1098 CAMELLIA_ROUNDSM(io[0],io[1],
1099 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1100 io[2],io[3],il,ir,t0,t1);
1101 CAMELLIA_ROUNDSM(io[2],io[3],
1102 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1103 io[0],io[1],il,ir,t0,t1);
1104 CAMELLIA_ROUNDSM(io[0],io[1],
1105 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1106 io[2],io[3],il,ir,t0,t1);
1107 CAMELLIA_ROUNDSM(io[2],io[3],
1108 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1109 io[0],io[1],il,ir,t0,t1);
1110 CAMELLIA_ROUNDSM(io[0],io[1],
1111 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1112 io[2],io[3],il,ir,t0,t1);
1113 CAMELLIA_ROUNDSM(io[2],io[3],
1114 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1115 io[0],io[1],il,ir,t0,t1);
1117 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1118 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1119 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1120 t0,t1,il,ir);
1122 CAMELLIA_ROUNDSM(io[0],io[1],
1123 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1124 io[2],io[3],il,ir,t0,t1);
1125 CAMELLIA_ROUNDSM(io[2],io[3],
1126 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1127 io[0],io[1],il,ir,t0,t1);
1128 CAMELLIA_ROUNDSM(io[0],io[1],
1129 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1130 io[2],io[3],il,ir,t0,t1);
1131 CAMELLIA_ROUNDSM(io[2],io[3],
1132 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1133 io[0],io[1],il,ir,t0,t1);
1134 CAMELLIA_ROUNDSM(io[0],io[1],
1135 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1136 io[2],io[3],il,ir,t0,t1);
1137 CAMELLIA_ROUNDSM(io[2],io[3],
1138 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1139 io[0],io[1],il,ir,t0,t1);
1141 /* post whitening but kw4 */
1142 io[2] ^= CamelliaSubkeyL(0);
1143 io[3] ^= CamelliaSubkeyR(0);
1145 t0 = io[0];
1146 t1 = io[1];
1147 io[0] = io[2];
1148 io[1] = io[3];
1149 io[2] = t0;
1150 io[3] = t1;
1152 return;
1156 * stuff for 192 and 256bit encryption/decryption
1158 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1160 u32 il,ir,t0,t1; /* temporary valiables */
1162 /* pre whitening but absorb kw2*/
1163 io[0] ^= CamelliaSubkeyL(0);
1164 io[1] ^= CamelliaSubkeyR(0);
1166 /* main iteration */
1167 CAMELLIA_ROUNDSM(io[0],io[1],
1168 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1169 io[2],io[3],il,ir,t0,t1);
1170 CAMELLIA_ROUNDSM(io[2],io[3],
1171 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1172 io[0],io[1],il,ir,t0,t1);
1173 CAMELLIA_ROUNDSM(io[0],io[1],
1174 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1175 io[2],io[3],il,ir,t0,t1);
1176 CAMELLIA_ROUNDSM(io[2],io[3],
1177 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1178 io[0],io[1],il,ir,t0,t1);
1179 CAMELLIA_ROUNDSM(io[0],io[1],
1180 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1181 io[2],io[3],il,ir,t0,t1);
1182 CAMELLIA_ROUNDSM(io[2],io[3],
1183 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1184 io[0],io[1],il,ir,t0,t1);
1186 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1187 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1188 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1189 t0,t1,il,ir);
1191 CAMELLIA_ROUNDSM(io[0],io[1],
1192 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1193 io[2],io[3],il,ir,t0,t1);
1194 CAMELLIA_ROUNDSM(io[2],io[3],
1195 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1196 io[0],io[1],il,ir,t0,t1);
1197 CAMELLIA_ROUNDSM(io[0],io[1],
1198 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1199 io[2],io[3],il,ir,t0,t1);
1200 CAMELLIA_ROUNDSM(io[2],io[3],
1201 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1202 io[0],io[1],il,ir,t0,t1);
1203 CAMELLIA_ROUNDSM(io[0],io[1],
1204 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1205 io[2],io[3],il,ir,t0,t1);
1206 CAMELLIA_ROUNDSM(io[2],io[3],
1207 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1208 io[0],io[1],il,ir,t0,t1);
1210 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1211 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1212 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1213 t0,t1,il,ir);
1215 CAMELLIA_ROUNDSM(io[0],io[1],
1216 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1217 io[2],io[3],il,ir,t0,t1);
1218 CAMELLIA_ROUNDSM(io[2],io[3],
1219 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1220 io[0],io[1],il,ir,t0,t1);
1221 CAMELLIA_ROUNDSM(io[0],io[1],
1222 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1223 io[2],io[3],il,ir,t0,t1);
1224 CAMELLIA_ROUNDSM(io[2],io[3],
1225 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1226 io[0],io[1],il,ir,t0,t1);
1227 CAMELLIA_ROUNDSM(io[0],io[1],
1228 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1229 io[2],io[3],il,ir,t0,t1);
1230 CAMELLIA_ROUNDSM(io[2],io[3],
1231 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1232 io[0],io[1],il,ir,t0,t1);
1234 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1235 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1236 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1237 t0,t1,il,ir);
1239 CAMELLIA_ROUNDSM(io[0],io[1],
1240 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1241 io[2],io[3],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[2],io[3],
1243 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1244 io[0],io[1],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[0],io[1],
1246 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1247 io[2],io[3],il,ir,t0,t1);
1248 CAMELLIA_ROUNDSM(io[2],io[3],
1249 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1250 io[0],io[1],il,ir,t0,t1);
1251 CAMELLIA_ROUNDSM(io[0],io[1],
1252 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1253 io[2],io[3],il,ir,t0,t1);
1254 CAMELLIA_ROUNDSM(io[2],io[3],
1255 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1256 io[0],io[1],il,ir,t0,t1);
1258 /* post whitening but kw4 */
1259 io[2] ^= CamelliaSubkeyL(32);
1260 io[3] ^= CamelliaSubkeyR(32);
1262 t0 = io[0];
1263 t1 = io[1];
1264 io[0] = io[2];
1265 io[1] = io[3];
1266 io[2] = t0;
1267 io[3] = t1;
1269 return;
1272 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1274 u32 il,ir,t0,t1; /* temporary valiables */
1276 /* pre whitening but absorb kw2*/
1277 io[0] ^= CamelliaSubkeyL(32);
1278 io[1] ^= CamelliaSubkeyR(32);
1280 /* main iteration */
1281 CAMELLIA_ROUNDSM(io[0],io[1],
1282 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1283 io[2],io[3],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[2],io[3],
1285 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1286 io[0],io[1],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[0],io[1],
1288 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1289 io[2],io[3],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[2],io[3],
1291 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1292 io[0],io[1],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[0],io[1],
1294 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1295 io[2],io[3],il,ir,t0,t1);
1296 CAMELLIA_ROUNDSM(io[2],io[3],
1297 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1298 io[0],io[1],il,ir,t0,t1);
1300 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1301 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1302 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1303 t0,t1,il,ir);
1305 CAMELLIA_ROUNDSM(io[0],io[1],
1306 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1307 io[2],io[3],il,ir,t0,t1);
1308 CAMELLIA_ROUNDSM(io[2],io[3],
1309 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1310 io[0],io[1],il,ir,t0,t1);
1311 CAMELLIA_ROUNDSM(io[0],io[1],
1312 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1313 io[2],io[3],il,ir,t0,t1);
1314 CAMELLIA_ROUNDSM(io[2],io[3],
1315 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1316 io[0],io[1],il,ir,t0,t1);
1317 CAMELLIA_ROUNDSM(io[0],io[1],
1318 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1319 io[2],io[3],il,ir,t0,t1);
1320 CAMELLIA_ROUNDSM(io[2],io[3],
1321 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1322 io[0],io[1],il,ir,t0,t1);
1324 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1325 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1326 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1327 t0,t1,il,ir);
1329 CAMELLIA_ROUNDSM(io[0],io[1],
1330 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1331 io[2],io[3],il,ir,t0,t1);
1332 CAMELLIA_ROUNDSM(io[2],io[3],
1333 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1334 io[0],io[1],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[0],io[1],
1336 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1337 io[2],io[3],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[2],io[3],
1339 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1340 io[0],io[1],il,ir,t0,t1);
1341 CAMELLIA_ROUNDSM(io[0],io[1],
1342 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1343 io[2],io[3],il,ir,t0,t1);
1344 CAMELLIA_ROUNDSM(io[2],io[3],
1345 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1346 io[0],io[1],il,ir,t0,t1);
1348 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1349 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1350 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1351 t0,t1,il,ir);
1353 CAMELLIA_ROUNDSM(io[0],io[1],
1354 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1355 io[2],io[3],il,ir,t0,t1);
1356 CAMELLIA_ROUNDSM(io[2],io[3],
1357 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1358 io[0],io[1],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[0],io[1],
1360 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1361 io[2],io[3],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[2],io[3],
1363 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1364 io[0],io[1],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[0],io[1],
1366 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1367 io[2],io[3],il,ir,t0,t1);
1368 CAMELLIA_ROUNDSM(io[2],io[3],
1369 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1370 io[0],io[1],il,ir,t0,t1);
1372 /* post whitening but kw4 */
1373 io[2] ^= CamelliaSubkeyL(0);
1374 io[3] ^= CamelliaSubkeyR(0);
1376 t0 = io[0];
1377 t1 = io[1];
1378 io[0] = io[2];
1379 io[1] = io[3];
1380 io[2] = t0;
1381 io[3] = t1;
1383 return;
1386 /***
1388 * API for compatibility
1391 void Camellia_Ekeygen(const int keyBitLength,
1392 const unsigned char *rawKey,
1393 KEY_TABLE_TYPE keyTable)
1395 switch(keyBitLength) {
1396 case 128:
1397 camellia_setup128(rawKey, keyTable);
1398 break;
1399 case 192:
1400 camellia_setup192(rawKey, keyTable);
1401 break;
1402 case 256:
1403 camellia_setup256(rawKey, keyTable);
1404 break;
1405 default:
1406 break;
1411 void Camellia_EncryptBlock(const int keyBitLength,
1412 const unsigned char *plaintext,
1413 const KEY_TABLE_TYPE keyTable,
1414 unsigned char *ciphertext)
1416 u32 tmp[4];
1418 tmp[0] = GETU32(plaintext);
1419 tmp[1] = GETU32(plaintext + 4);
1420 tmp[2] = GETU32(plaintext + 8);
1421 tmp[3] = GETU32(plaintext + 12);
1423 switch (keyBitLength) {
1424 case 128:
1425 camellia_encrypt128(keyTable, tmp);
1426 break;
1427 case 192:
1428 /* fall through */
1429 case 256:
1430 camellia_encrypt256(keyTable, tmp);
1431 break;
1432 default:
1433 break;
1436 PUTU32(ciphertext, tmp[0]);
1437 PUTU32(ciphertext + 4, tmp[1]);
1438 PUTU32(ciphertext + 8, tmp[2]);
1439 PUTU32(ciphertext + 12, tmp[3]);
1442 void Camellia_DecryptBlock(const int keyBitLength,
1443 const unsigned char *ciphertext,
1444 const KEY_TABLE_TYPE keyTable,
1445 unsigned char *plaintext)
1447 u32 tmp[4];
1449 tmp[0] = GETU32(ciphertext);
1450 tmp[1] = GETU32(ciphertext + 4);
1451 tmp[2] = GETU32(ciphertext + 8);
1452 tmp[3] = GETU32(ciphertext + 12);
1454 switch (keyBitLength) {
1455 case 128:
1456 camellia_decrypt128(keyTable, tmp);
1457 break;
1458 case 192:
1459 /* fall through */
1460 case 256:
1461 camellia_decrypt256(keyTable, tmp);
1462 break;
1463 default:
1464 break;
1466 PUTU32(plaintext, tmp[0]);
1467 PUTU32(plaintext + 4, tmp[1]);
1468 PUTU32(plaintext + 8, tmp[2]);
1469 PUTU32(plaintext + 12, tmp[3]);