]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/camellia/camellia.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
More comment changes required for indent
[thirdparty/openssl.git] / crypto / camellia / camellia.c
1 /* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2 /* ====================================================================
3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
4 * ALL RIGHTS RESERVED.
5 *
6 * Intellectual Property information for Camellia:
7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
8 *
9 * News Release for Announcement of Camellia open source:
10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html
11 *
12 * The Camellia Code included herein is developed by
13 * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
14 * to the OpenSSL project.
15 *
16 * The Camellia Code is licensed pursuant to the OpenSSL open source
17 * license provided below.
18 */
19 /* ====================================================================
20 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 *
26 * 1. Redistributions of source code must retain the above copyright
27 * notice, this list of conditions and the following disclaimer.
28 *
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in
31 * the documentation and/or other materials provided with the
32 * distribution.
33 *
34 * 3. All advertising materials mentioning features or use of this
35 * software must display the following acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
38 *
39 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
40 * endorse or promote products derived from this software without
41 * prior written permission. For written permission, please contact
42 * openssl-core@openssl.org.
43 *
44 * 5. Products derived from this software may not be called "OpenSSL"
45 * nor may "OpenSSL" appear in their names without prior written
46 * permission of the OpenSSL Project.
47 *
48 * 6. Redistributions of any form whatsoever must retain the following
49 * acknowledgment:
50 * "This product includes software developed by the OpenSSL Project
51 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
57 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64 * OF THE POSSIBILITY OF SUCH DAMAGE.
65 * ====================================================================
66 */
67
68 /* Algorithm Specification
69 http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
70 */
71
72
73 #include <string.h>
74 #include <stdlib.h>
75
76 #include "camellia.h"
77 #include "cmll_locl.h"
78
79 /* key constants */
80 #define CAMELLIA_SIGMA1L (0xA09E667FL)
81 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
82 #define CAMELLIA_SIGMA2L (0xB67AE858L)
83 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
84 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
85 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
86 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
87 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
88 #define CAMELLIA_SIGMA5L (0x10E527FAL)
89 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
90 #define CAMELLIA_SIGMA6L (0xB05688C2L)
91 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
92
93 /*
94 * macros
95 */
96
97 /* e is pointer of subkey */
98 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
99 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
100
101 /* rotation right shift 1byte */
102 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
103 /* rotation left shift 1bit */
104 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
105 /* rotation left shift 1byte */
106 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
107
108 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
109 do \
110 { \
111 w0 = ll; \
112 ll = (ll << bits) + (lr >> (32 - bits)); \
113 lr = (lr << bits) + (rl >> (32 - bits)); \
114 rl = (rl << bits) + (rr >> (32 - bits)); \
115 rr = (rr << bits) + (w0 >> (32 - bits)); \
116 } while(0)
117
118 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
119 do \
120 { \
121 w0 = ll; \
122 w1 = lr; \
123 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
124 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
125 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
126 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
127 } while(0)
128
129 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
130 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
131 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
132 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
133
134 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
135 do \
136 { \
137 il = xl ^ kl; \
138 ir = xr ^ kr; \
139 t0 = il >> 16; \
140 t1 = ir >> 16; \
141 yl = CAMELLIA_SP1110(ir & 0xff) \
142 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
143 ^ CAMELLIA_SP3033(t1 & 0xff) \
144 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
145 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
146 ^ CAMELLIA_SP0222(t0 & 0xff) \
147 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
148 ^ CAMELLIA_SP4404(il & 0xff); \
149 yl ^= yr; \
150 yr = CAMELLIA_RR8(yr); \
151 yr ^= yl; \
152 } while(0)
153
154
155 /*
156 * for speed up
157 *
158 */
159 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
160 do \
161 { \
162 t0 = kll; \
163 t0 &= ll; \
164 lr ^= CAMELLIA_RL1(t0); \
165 t1 = klr; \
166 t1 |= lr; \
167 ll ^= t1; \
168 \
169 t2 = krr; \
170 t2 |= rr; \
171 rl ^= t2; \
172 t3 = krl; \
173 t3 &= rl; \
174 rr ^= CAMELLIA_RL1(t3); \
175 } while(0)
176
177 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
178 do \
179 { \
180 il = xl; \
181 ir = xr; \
182 t0 = il >> 16; \
183 t1 = ir >> 16; \
184 ir = CAMELLIA_SP1110(ir & 0xff) \
185 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
186 ^ CAMELLIA_SP3033(t1 & 0xff) \
187 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
188 il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
189 ^ CAMELLIA_SP0222(t0 & 0xff) \
190 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
191 ^ CAMELLIA_SP4404(il & 0xff); \
192 il ^= kl; \
193 ir ^= kr; \
194 ir ^= il; \
195 il = CAMELLIA_RR8(il); \
196 il ^= ir; \
197 yl ^= ir; \
198 yr ^= il; \
199 } while(0)
200
201 static const u32 camellia_sp1110[256] =
202 {
203 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
204 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
205 0xe4e4e400,0x85858500,0x57575700,0x35353500,
206 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
207 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
208 0x45454500,0x19191900,0xa5a5a500,0x21212100,
209 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
210 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
211 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
212 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
213 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
214 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
215 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
216 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
217 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
218 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
219 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
220 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
221 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
222 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
223 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
224 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
225 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
226 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
227 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
228 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
229 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
230 0x53535300,0x18181800,0xf2f2f200,0x22222200,
231 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
232 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
233 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
234 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
235 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
236 0xa1a1a100,0x89898900,0x62626200,0x97979700,
237 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
238 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
239 0x10101000,0xc4c4c400,0x00000000,0x48484800,
240 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
241 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
242 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
243 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
244 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
245 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
246 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
247 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
248 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
249 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
250 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
251 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
252 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
253 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
254 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
255 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
256 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
257 0xd4d4d400,0x25252500,0xababab00,0x42424200,
258 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
259 0x72727200,0x07070700,0xb9b9b900,0x55555500,
260 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
261 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
262 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
263 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
264 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
265 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
266 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
267 };
268
269 static const u32 camellia_sp0222[256] =
270 {
271 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
272 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
273 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
274 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
275 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
276 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
277 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
278 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
279 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
280 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
281 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
282 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
283 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
284 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
285 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
286 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
287 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
288 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
289 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
290 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
291 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
292 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
293 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
294 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
295 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
296 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
297 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
298 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
299 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
300 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
301 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
302 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
303 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
304 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
305 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
306 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
307 0x00202020,0x00898989,0x00000000,0x00909090,
308 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
309 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
310 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
311 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
312 0x009b9b9b,0x00949494,0x00212121,0x00666666,
313 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
314 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
315 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
316 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
317 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
318 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
319 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
320 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
321 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
322 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
323 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
324 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
325 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
326 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
327 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
328 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
329 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
330 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
331 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
332 0x00777777,0x00939393,0x00868686,0x00838383,
333 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
334 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
335 };
336
337 static const u32 camellia_sp3033[256] =
338 {
339 0x38003838,0x41004141,0x16001616,0x76007676,
340 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
341 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
342 0x75007575,0x06000606,0x57005757,0xa000a0a0,
343 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
344 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
345 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
346 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
347 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
348 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
349 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
350 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
351 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
352 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
353 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
354 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
355 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
356 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
357 0x3a003a3a,0x09000909,0x95009595,0x10001010,
358 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
359 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
360 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
361 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
362 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
363 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
364 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
365 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
366 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
367 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
368 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
369 0x12001212,0x04000404,0x74007474,0x54005454,
370 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
371 0x55005555,0x68006868,0x50005050,0xbe00bebe,
372 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
373 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
374 0x70007070,0xff00ffff,0x32003232,0x69006969,
375 0x08000808,0x62006262,0x00000000,0x24002424,
376 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
377 0x45004545,0x81008181,0x73007373,0x6d006d6d,
378 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
379 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
380 0xe600e6e6,0x25002525,0x48004848,0x99009999,
381 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
382 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
383 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
384 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
385 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
386 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
387 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
388 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
389 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
390 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
391 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
392 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
393 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
394 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
395 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
396 0x7c007c7c,0x77007777,0x56005656,0x05000505,
397 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
398 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
399 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
400 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
401 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
402 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
403 };
404
405 static const u32 camellia_sp4404[256] =
406 {
407 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
408 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
409 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
410 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
411 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
412 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
413 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
414 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
415 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
416 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
417 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
418 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
419 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
420 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
421 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
422 0x24240024,0xe8e800e8,0x60600060,0x69690069,
423 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
424 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
425 0x10100010,0x00000000,0xa3a300a3,0x75750075,
426 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
427 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
428 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
429 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
430 0x81810081,0x6f6f006f,0x13130013,0x63630063,
431 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
432 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
433 0x78780078,0x06060006,0xe7e700e7,0x71710071,
434 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
435 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
436 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
437 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
438 0x15150015,0xadad00ad,0x77770077,0x80800080,
439 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
440 0x85850085,0x35350035,0x0c0c000c,0x41410041,
441 0xefef00ef,0x93930093,0x19190019,0x21210021,
442 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
443 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
444 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
445 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
446 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
447 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
448 0x12120012,0x20200020,0xb1b100b1,0x99990099,
449 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
450 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
451 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
452 0x0f0f000f,0x16160016,0x18180018,0x22220022,
453 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
454 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
455 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
456 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
457 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
458 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
459 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
460 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
461 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
462 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
463 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
464 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
465 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
466 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
467 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
468 0x49490049,0x68680068,0x38380038,0xa4a400a4,
469 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
470 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
471 };
472
473 /**
474 * Stuff related to the Camellia key schedule
475 */
476 #define subl(x) subL[(x)]
477 #define subr(x) subR[(x)]
478
479 void camellia_setup128(const u8 *key, u32 *subkey)
480 {
481 u32 kll, klr, krl, krr;
482 u32 il, ir, t0, t1, w0, w1;
483 u32 kw4l, kw4r, dw, tl, tr;
484 u32 subL[26];
485 u32 subR[26];
486
487 /**
488 * k == kll || klr || krl || krr (|| is concatination)
489 */
490 kll = GETU32(key );
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
494 /**
495 * generate KL dependent subkeys
496 */
497 /* kw1 */
498 subl(0) = kll; subr(0) = klr;
499 /* kw2 */
500 subl(1) = krl; subr(1) = krr;
501 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 /* k3 */
504 subl(4) = kll; subr(4) = klr;
505 /* k4 */
506 subl(5) = krl; subr(5) = krr;
507 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509 /* k7 */
510 subl(10) = kll; subr(10) = klr;
511 /* k8 */
512 subl(11) = krl; subr(11) = krr;
513 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k10 */
516 subl(13) = krl; subr(13) = krr;
517 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 /* kl3 */
520 subl(16) = kll; subr(16) = klr;
521 /* kl4 */
522 subl(17) = krl; subr(17) = krr;
523 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525 /* k13 */
526 subl(18) = kll; subr(18) = klr;
527 /* k14 */
528 subl(19) = krl; subr(19) = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 /* k17 */
532 subl(22) = kll; subr(22) = klr;
533 /* k18 */
534 subl(23) = krl; subr(23) = krr;
535
536 /* generate KA */
537 kll = subl(0); klr = subr(0);
538 krl = subl(1); krr = subr(1);
539 CAMELLIA_F(kll, klr,
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1);
542 krl ^= w0; krr ^= w1;
543 CAMELLIA_F(krl, krr,
544 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545 kll, klr, il, ir, t0, t1);
546 /* current status == (kll, klr, w0, w1) */
547 CAMELLIA_F(kll, klr,
548 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549 krl, krr, il, ir, t0, t1);
550 krl ^= w0; krr ^= w1;
551 CAMELLIA_F(krl, krr,
552 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553 w0, w1, il, ir, t0, t1);
554 kll ^= w0; klr ^= w1;
555
556 /* generate KA dependent subkeys */
557 /* k1, k2 */
558 subl(2) = kll; subr(2) = klr;
559 subl(3) = krl; subr(3) = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561 /* k5,k6 */
562 subl(6) = kll; subr(6) = klr;
563 subl(7) = krl; subr(7) = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 /* kl1, kl2 */
566 subl(8) = kll; subr(8) = klr;
567 subl(9) = krl; subr(9) = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 /* k9 */
570 subl(12) = kll; subr(12) = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 /* k11, k12 */
573 subl(14) = kll; subr(14) = klr;
574 subl(15) = krl; subr(15) = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 /* k15, k16 */
577 subl(20) = kll; subr(20) = klr;
578 subl(21) = krl; subr(21) = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 /* kw3, kw4 */
581 subl(24) = kll; subr(24) = klr;
582 subl(25) = krl; subr(25) = krr;
583
584
585 /* absorb kw2 to other subkeys */
586 /* round 2 */
587 subl(3) ^= subl(1); subr(3) ^= subr(1);
588 /* round 4 */
589 subl(5) ^= subl(1); subr(5) ^= subr(1);
590 /* round 6 */
591 subl(7) ^= subl(1); subr(7) ^= subr(1);
592 subl(1) ^= subr(1) & ~subr(9);
593 dw = subl(1) & subl(9),
594 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595 /* round 8 */
596 subl(11) ^= subl(1); subr(11) ^= subr(1);
597 /* round 10 */
598 subl(13) ^= subl(1); subr(13) ^= subr(1);
599 /* round 12 */
600 subl(15) ^= subl(1); subr(15) ^= subr(1);
601 subl(1) ^= subr(1) & ~subr(17);
602 dw = subl(1) & subl(17),
603 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604 /* round 14 */
605 subl(19) ^= subl(1); subr(19) ^= subr(1);
606 /* round 16 */
607 subl(21) ^= subl(1); subr(21) ^= subr(1);
608 /* round 18 */
609 subl(23) ^= subl(1); subr(23) ^= subr(1);
610 /* kw3 */
611 subl(24) ^= subl(1); subr(24) ^= subr(1);
612
613 /* absorb kw4 to other subkeys */
614 kw4l = subl(25); kw4r = subr(25);
615 /* round 17 */
616 subl(22) ^= kw4l; subr(22) ^= kw4r;
617 /* round 15 */
618 subl(20) ^= kw4l; subr(20) ^= kw4r;
619 /* round 13 */
620 subl(18) ^= kw4l; subr(18) ^= kw4r;
621 kw4l ^= kw4r & ~subr(16);
622 dw = kw4l & subl(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624 /* round 11 */
625 subl(14) ^= kw4l; subr(14) ^= kw4r;
626 /* round 9 */
627 subl(12) ^= kw4l; subr(12) ^= kw4r;
628 /* round 7 */
629 subl(10) ^= kw4l; subr(10) ^= kw4r;
630 kw4l ^= kw4r & ~subr(8);
631 dw = kw4l & subl(8),
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633 /* round 5 */
634 subl(6) ^= kw4l; subr(6) ^= kw4r;
635 /* round 3 */
636 subl(4) ^= kw4l; subr(4) ^= kw4r;
637 /* round 1 */
638 subl(2) ^= kw4l; subr(2) ^= kw4r;
639 /* kw1 */
640 subl(0) ^= kw4l; subr(0) ^= kw4r;
641
642
643 /* key XOR is end of F-function */
644 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
645 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
646 CamelliaSubkeyL(2) = subl(3); /* round 1 */
647 CamelliaSubkeyR(2) = subr(3);
648 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
649 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
650 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
651 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
652 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
653 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
654 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
655 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
656 tl = subl(10) ^ (subr(10) & ~subr(8));
657 dw = tl & subl(8), /* FL(kl1) */
658 tr = subr(10) ^ CAMELLIA_RL1(dw);
659 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
660 CamelliaSubkeyR(7) = subr(6) ^ tr;
661 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
662 CamelliaSubkeyR(8) = subr(8);
663 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
664 CamelliaSubkeyR(9) = subr(9);
665 tl = subl(7) ^ (subr(7) & ~subr(9));
666 dw = tl & subl(9), /* FLinv(kl2) */
667 tr = subr(7) ^ CAMELLIA_RL1(dw);
668 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
669 CamelliaSubkeyR(10) = tr ^ subr(11);
670 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
671 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
672 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
673 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
674 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
675 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
676 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
677 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
678 tl = subl(18) ^ (subr(18) & ~subr(16));
679 dw = tl & subl(16), /* FL(kl3) */
680 tr = subr(18) ^ CAMELLIA_RL1(dw);
681 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
682 CamelliaSubkeyR(15) = subr(14) ^ tr;
683 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
684 CamelliaSubkeyR(16) = subr(16);
685 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
686 CamelliaSubkeyR(17) = subr(17);
687 tl = subl(15) ^ (subr(15) & ~subr(17));
688 dw = tl & subl(17), /* FLinv(kl4) */
689 tr = subr(15) ^ CAMELLIA_RL1(dw);
690 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
691 CamelliaSubkeyR(18) = tr ^ subr(19);
692 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
693 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
694 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
695 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
696 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
697 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
698 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
699 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
700 CamelliaSubkeyL(23) = subl(22); /* round 18 */
701 CamelliaSubkeyR(23) = subr(22);
702 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
703 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
704
705 /* apply the inverse of the last half of P-function */
706 /* round 1 */
707 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
708 dw = CAMELLIA_RL8(dw);
709 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
710 CamelliaSubkeyL(2) = dw;
711 /* round 2 */
712 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
713 dw = CAMELLIA_RL8(dw);
714 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
715 CamelliaSubkeyL(3) = dw;
716 /* round 3 */
717 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
718 dw = CAMELLIA_RL8(dw);
719 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
720 CamelliaSubkeyL(4) = dw;
721 /* round 4 */
722 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
723 dw = CAMELLIA_RL8(dw);
724 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
725 CamelliaSubkeyL(5) = dw;
726 /* round 5 */
727 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
728 dw = CAMELLIA_RL8(dw);
729 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
730 CamelliaSubkeyL(6) = dw;
731 /* round 6 */
732 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
733 dw = CAMELLIA_RL8(dw);
734 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
735 CamelliaSubkeyL(7) = dw;
736 /* round 7 */
737 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
738 dw = CAMELLIA_RL8(dw);
739 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
740 CamelliaSubkeyL(10) = dw;
741 /* round 8 */
742 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
743 dw = CAMELLIA_RL8(dw);
744 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
745 CamelliaSubkeyL(11) = dw;
746 /* round 9 */
747 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
748 dw = CAMELLIA_RL8(dw);
749 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
750 CamelliaSubkeyL(12) = dw;
751 /* round 10 */
752 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
753 dw = CAMELLIA_RL8(dw);
754 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
755 CamelliaSubkeyL(13) = dw;
756 /* round 11 */
757 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
758 dw = CAMELLIA_RL8(dw);
759 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
760 CamelliaSubkeyL(14) = dw;
761 /* round 12 */
762 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
763 dw = CAMELLIA_RL8(dw);
764 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
765 CamelliaSubkeyL(15) = dw;
766 /* round 13 */
767 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
768 dw = CAMELLIA_RL8(dw);
769 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
770 CamelliaSubkeyL(18) = dw;
771 /* round 14 */
772 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
773 dw = CAMELLIA_RL8(dw);
774 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
775 CamelliaSubkeyL(19) = dw;
776 /* round 15 */
777 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
778 dw = CAMELLIA_RL8(dw);
779 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
780 CamelliaSubkeyL(20) = dw;
781 /* round 16 */
782 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
783 dw = CAMELLIA_RL8(dw);
784 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
785 CamelliaSubkeyL(21) = dw;
786 /* round 17 */
787 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
788 dw = CAMELLIA_RL8(dw);
789 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
790 CamelliaSubkeyL(22) = dw;
791 /* round 18 */
792 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
793 dw = CAMELLIA_RL8(dw);
794 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
795 CamelliaSubkeyL(23) = dw;
796
797 return;
798 }
799
800 void camellia_setup256(const u8 *key, u32 *subkey)
801 {
802 u32 kll,klr,krl,krr; /* left half of key */
803 u32 krll,krlr,krrl,krrr; /* right half of key */
804 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
805 u32 kw4l, kw4r, dw, tl, tr;
806 u32 subL[34];
807 u32 subR[34];
808
809 /**
810 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
811 * (|| is concatination)
812 */
813
814 kll = GETU32(key );
815 klr = GETU32(key + 4);
816 krl = GETU32(key + 8);
817 krr = GETU32(key + 12);
818 krll = GETU32(key + 16);
819 krlr = GETU32(key + 20);
820 krrl = GETU32(key + 24);
821 krrr = GETU32(key + 28);
822
823 /* generate KL dependent subkeys */
824 /* kw1 */
825 subl(0) = kll; subr(0) = klr;
826 /* kw2 */
827 subl(1) = krl; subr(1) = krr;
828 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
829 /* k9 */
830 subl(12) = kll; subr(12) = klr;
831 /* k10 */
832 subl(13) = krl; subr(13) = krr;
833 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
834 /* kl3 */
835 subl(16) = kll; subr(16) = klr;
836 /* kl4 */
837 subl(17) = krl; subr(17) = krr;
838 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
839 /* k17 */
840 subl(22) = kll; subr(22) = klr;
841 /* k18 */
842 subl(23) = krl; subr(23) = krr;
843 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
844 /* k23 */
845 subl(30) = kll; subr(30) = klr;
846 /* k24 */
847 subl(31) = krl; subr(31) = krr;
848
849 /* generate KR dependent subkeys */
850 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
851 /* k3 */
852 subl(4) = krll; subr(4) = krlr;
853 /* k4 */
854 subl(5) = krrl; subr(5) = krrr;
855 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
856 /* kl1 */
857 subl(8) = krll; subr(8) = krlr;
858 /* kl2 */
859 subl(9) = krrl; subr(9) = krrr;
860 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
861 /* k13 */
862 subl(18) = krll; subr(18) = krlr;
863 /* k14 */
864 subl(19) = krrl; subr(19) = krrr;
865 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
866 /* k19 */
867 subl(26) = krll; subr(26) = krlr;
868 /* k20 */
869 subl(27) = krrl; subr(27) = krrr;
870 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
871
872 /* generate KA */
873 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
874 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
875 CAMELLIA_F(kll, klr,
876 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
877 w0, w1, il, ir, t0, t1);
878 krl ^= w0; krr ^= w1;
879 CAMELLIA_F(krl, krr,
880 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
881 kll, klr, il, ir, t0, t1);
882 kll ^= krll; klr ^= krlr;
883 CAMELLIA_F(kll, klr,
884 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
885 krl, krr, il, ir, t0, t1);
886 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
887 CAMELLIA_F(krl, krr,
888 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
889 w0, w1, il, ir, t0, t1);
890 kll ^= w0; klr ^= w1;
891
892 /* generate KB */
893 krll ^= kll; krlr ^= klr;
894 krrl ^= krl; krrr ^= krr;
895 CAMELLIA_F(krll, krlr,
896 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
897 w0, w1, il, ir, t0, t1);
898 krrl ^= w0; krrr ^= w1;
899 CAMELLIA_F(krrl, krrr,
900 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
901 w0, w1, il, ir, t0, t1);
902 krll ^= w0; krlr ^= w1;
903
904 /* generate KA dependent subkeys */
905 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
906 /* k5 */
907 subl(6) = kll; subr(6) = klr;
908 /* k6 */
909 subl(7) = krl; subr(7) = krr;
910 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
911 /* k11 */
912 subl(14) = kll; subr(14) = klr;
913 /* k12 */
914 subl(15) = krl; subr(15) = krr;
915 /* rotation left shift 32bit */
916 /* kl5 */
917 subl(24) = klr; subr(24) = krl;
918 /* kl6 */
919 subl(25) = krr; subr(25) = kll;
920 /* rotation left shift 49 from k11,k12 -> k21,k22 */
921 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
922 /* k21 */
923 subl(28) = kll; subr(28) = klr;
924 /* k22 */
925 subl(29) = krl; subr(29) = krr;
926
927 /* generate KB dependent subkeys */
928 /* k1 */
929 subl(2) = krll; subr(2) = krlr;
930 /* k2 */
931 subl(3) = krrl; subr(3) = krrr;
932 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
933 /* k7 */
934 subl(10) = krll; subr(10) = krlr;
935 /* k8 */
936 subl(11) = krrl; subr(11) = krrr;
937 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
938 /* k15 */
939 subl(20) = krll; subr(20) = krlr;
940 /* k16 */
941 subl(21) = krrl; subr(21) = krrr;
942 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
943 /* kw3 */
944 subl(32) = krll; subr(32) = krlr;
945 /* kw4 */
946 subl(33) = krrl; subr(33) = krrr;
947
948 /* absorb kw2 to other subkeys */
949 /* round 2 */
950 subl(3) ^= subl(1); subr(3) ^= subr(1);
951 /* round 4 */
952 subl(5) ^= subl(1); subr(5) ^= subr(1);
953 /* round 6 */
954 subl(7) ^= subl(1); subr(7) ^= subr(1);
955 subl(1) ^= subr(1) & ~subr(9);
956 dw = subl(1) & subl(9),
957 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
958 /* round 8 */
959 subl(11) ^= subl(1); subr(11) ^= subr(1);
960 /* round 10 */
961 subl(13) ^= subl(1); subr(13) ^= subr(1);
962 /* round 12 */
963 subl(15) ^= subl(1); subr(15) ^= subr(1);
964 subl(1) ^= subr(1) & ~subr(17);
965 dw = subl(1) & subl(17),
966 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
967 /* round 14 */
968 subl(19) ^= subl(1); subr(19) ^= subr(1);
969 /* round 16 */
970 subl(21) ^= subl(1); subr(21) ^= subr(1);
971 /* round 18 */
972 subl(23) ^= subl(1); subr(23) ^= subr(1);
973 subl(1) ^= subr(1) & ~subr(25);
974 dw = subl(1) & subl(25),
975 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
976 /* round 20 */
977 subl(27) ^= subl(1); subr(27) ^= subr(1);
978 /* round 22 */
979 subl(29) ^= subl(1); subr(29) ^= subr(1);
980 /* round 24 */
981 subl(31) ^= subl(1); subr(31) ^= subr(1);
982 /* kw3 */
983 subl(32) ^= subl(1); subr(32) ^= subr(1);
984
985
986 /* absorb kw4 to other subkeys */
987 kw4l = subl(33); kw4r = subr(33);
988 /* round 23 */
989 subl(30) ^= kw4l; subr(30) ^= kw4r;
990 /* round 21 */
991 subl(28) ^= kw4l; subr(28) ^= kw4r;
992 /* round 19 */
993 subl(26) ^= kw4l; subr(26) ^= kw4r;
994 kw4l ^= kw4r & ~subr(24);
995 dw = kw4l & subl(24),
996 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
997 /* round 17 */
998 subl(22) ^= kw4l; subr(22) ^= kw4r;
999 /* round 15 */
1000 subl(20) ^= kw4l; subr(20) ^= kw4r;
1001 /* round 13 */
1002 subl(18) ^= kw4l; subr(18) ^= kw4r;
1003 kw4l ^= kw4r & ~subr(16);
1004 dw = kw4l & subl(16),
1005 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
1006 /* round 11 */
1007 subl(14) ^= kw4l; subr(14) ^= kw4r;
1008 /* round 9 */
1009 subl(12) ^= kw4l; subr(12) ^= kw4r;
1010 /* round 7 */
1011 subl(10) ^= kw4l; subr(10) ^= kw4r;
1012 kw4l ^= kw4r & ~subr(8);
1013 dw = kw4l & subl(8),
1014 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
1015 /* round 5 */
1016 subl(6) ^= kw4l; subr(6) ^= kw4r;
1017 /* round 3 */
1018 subl(4) ^= kw4l; subr(4) ^= kw4r;
1019 /* round 1 */
1020 subl(2) ^= kw4l; subr(2) ^= kw4r;
1021 /* kw1 */
1022 subl(0) ^= kw4l; subr(0) ^= kw4r;
1023
1024 /* key XOR is end of F-function */
1025 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
1026 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1027 CamelliaSubkeyL(2) = subl(3); /* round 1 */
1028 CamelliaSubkeyR(2) = subr(3);
1029 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1030 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1031 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1032 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1033 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1034 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1035 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1036 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1037 tl = subl(10) ^ (subr(10) & ~subr(8));
1038 dw = tl & subl(8), /* FL(kl1) */
1039 tr = subr(10) ^ CAMELLIA_RL1(dw);
1040 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1041 CamelliaSubkeyR(7) = subr(6) ^ tr;
1042 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1043 CamelliaSubkeyR(8) = subr(8);
1044 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1045 CamelliaSubkeyR(9) = subr(9);
1046 tl = subl(7) ^ (subr(7) & ~subr(9));
1047 dw = tl & subl(9), /* FLinv(kl2) */
1048 tr = subr(7) ^ CAMELLIA_RL1(dw);
1049 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1050 CamelliaSubkeyR(10) = tr ^ subr(11);
1051 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1052 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1053 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1054 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1055 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1056 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1057 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1058 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1059 tl = subl(18) ^ (subr(18) & ~subr(16));
1060 dw = tl & subl(16), /* FL(kl3) */
1061 tr = subr(18) ^ CAMELLIA_RL1(dw);
1062 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1063 CamelliaSubkeyR(15) = subr(14) ^ tr;
1064 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1065 CamelliaSubkeyR(16) = subr(16);
1066 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1067 CamelliaSubkeyR(17) = subr(17);
1068 tl = subl(15) ^ (subr(15) & ~subr(17));
1069 dw = tl & subl(17), /* FLinv(kl4) */
1070 tr = subr(15) ^ CAMELLIA_RL1(dw);
1071 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1072 CamelliaSubkeyR(18) = tr ^ subr(19);
1073 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1074 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1075 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1076 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1077 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1078 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1079 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1080 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1081 tl = subl(26) ^ (subr(26)
1082 & ~subr(24));
1083 dw = tl & subl(24), /* FL(kl5) */
1084 tr = subr(26) ^ CAMELLIA_RL1(dw);
1085 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1086 CamelliaSubkeyR(23) = subr(22) ^ tr;
1087 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1088 CamelliaSubkeyR(24) = subr(24);
1089 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1090 CamelliaSubkeyR(25) = subr(25);
1091 tl = subl(23) ^ (subr(23) &
1092 ~subr(25));
1093 dw = tl & subl(25), /* FLinv(kl6) */
1094 tr = subr(23) ^ CAMELLIA_RL1(dw);
1095 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1096 CamelliaSubkeyR(26) = tr ^ subr(27);
1097 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1098 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1099 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1100 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1101 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1102 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1103 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1104 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1105 CamelliaSubkeyL(31) = subl(30); /* round 24 */
1106 CamelliaSubkeyR(31) = subr(30);
1107 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1108 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1109
1110 /* apply the inverse of the last half of P-function */
1111 /* round 1 */
1112 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
1113 dw = CAMELLIA_RL8(dw);
1114 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
1115 CamelliaSubkeyL(2) = dw;
1116 /* round 2 */
1117 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
1118 dw = CAMELLIA_RL8(dw);
1119 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
1120 CamelliaSubkeyL(3) = dw;
1121 /* round 3 */
1122 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
1123 dw = CAMELLIA_RL8(dw);
1124 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
1125 CamelliaSubkeyL(4) = dw;
1126 /* round 4 */
1127 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
1128 dw = CAMELLIA_RL8(dw);
1129 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
1130 CamelliaSubkeyL(5) = dw;
1131 /* round 5 */
1132 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
1133 dw = CAMELLIA_RL8(dw);
1134 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
1135 CamelliaSubkeyL(6) = dw;
1136 /* round 6 */
1137 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
1138 dw = CAMELLIA_RL8(dw);
1139 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
1140 CamelliaSubkeyL(7) = dw;
1141 /* round 7 */
1142 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
1143 dw = CAMELLIA_RL8(dw);
1144 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
1145 CamelliaSubkeyL(10) = dw;
1146 /* round 8 */
1147 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
1148 dw = CAMELLIA_RL8(dw);
1149 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
1150 CamelliaSubkeyL(11) = dw;
1151 /* round 9 */
1152 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
1153 dw = CAMELLIA_RL8(dw);
1154 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
1155 CamelliaSubkeyL(12) = dw;
1156 /* round 10 */
1157 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
1158 dw = CAMELLIA_RL8(dw);
1159 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
1160 CamelliaSubkeyL(13) = dw;
1161 /* round 11 */
1162 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
1163 dw = CAMELLIA_RL8(dw);
1164 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
1165 CamelliaSubkeyL(14) = dw;
1166 /* round 12 */
1167 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
1168 dw = CAMELLIA_RL8(dw);
1169 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
1170 CamelliaSubkeyL(15) = dw;
1171 /* round 13 */
1172 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
1173 dw = CAMELLIA_RL8(dw);
1174 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
1175 CamelliaSubkeyL(18) = dw;
1176 /* round 14 */
1177 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
1178 dw = CAMELLIA_RL8(dw);
1179 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
1180 CamelliaSubkeyL(19) = dw;
1181 /* round 15 */
1182 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
1183 dw = CAMELLIA_RL8(dw);
1184 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
1185 CamelliaSubkeyL(20) = dw;
1186 /* round 16 */
1187 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
1188 dw = CAMELLIA_RL8(dw);
1189 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
1190 CamelliaSubkeyL(21) = dw;
1191 /* round 17 */
1192 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
1193 dw = CAMELLIA_RL8(dw);
1194 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
1195 CamelliaSubkeyL(22) = dw;
1196 /* round 18 */
1197 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
1198 dw = CAMELLIA_RL8(dw);
1199 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
1200 CamelliaSubkeyL(23) = dw;
1201 /* round 19 */
1202 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
1203 dw = CAMELLIA_RL8(dw);
1204 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
1205 CamelliaSubkeyL(26) = dw;
1206 /* round 20 */
1207 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
1208 dw = CAMELLIA_RL8(dw);
1209 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
1210 CamelliaSubkeyL(27) = dw;
1211 /* round 21 */
1212 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
1213 dw = CAMELLIA_RL8(dw);
1214 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
1215 CamelliaSubkeyL(28) = dw;
1216 /* round 22 */
1217 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
1218 dw = CAMELLIA_RL8(dw);
1219 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
1220 CamelliaSubkeyL(29) = dw;
1221 /* round 23 */
1222 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
1223 dw = CAMELLIA_RL8(dw);
1224 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
1225 CamelliaSubkeyL(30) = dw;
1226 /* round 24 */
1227 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
1228 dw = CAMELLIA_RL8(dw);
1229 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
1230 CamelliaSubkeyL(31) = dw;
1231
1232
1233 return;
1234 }
1235
1236 void camellia_setup192(const u8 *key, u32 *subkey)
1237 {
1238 u8 kk[32];
1239 u32 krll, krlr, krrl,krrr;
1240
1241 memcpy(kk, key, 24);
1242 memcpy((u8 *)&krll, key+16,4);
1243 memcpy((u8 *)&krlr, key+20,4);
1244 krrl = ~krll;
1245 krrr = ~krlr;
1246 memcpy(kk+24, (u8 *)&krrl, 4);
1247 memcpy(kk+28, (u8 *)&krrr, 4);
1248 camellia_setup256(kk, subkey);
1249 return;
1250 }
1251
1252
1253 /**
1254 * Stuff related to camellia encryption/decryption
1255 */
1256 void camellia_encrypt128(const u32 *subkey, u32 *io)
1257 {
1258 u32 il, ir, t0, t1;
1259
1260 /* pre whitening but absorb kw2*/
1261 io[0] ^= CamelliaSubkeyL(0);
1262 io[1] ^= CamelliaSubkeyR(0);
1263 /* main iteration */
1264
1265 CAMELLIA_ROUNDSM(io[0],io[1],
1266 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1267 io[2],io[3],il,ir,t0,t1);
1268 CAMELLIA_ROUNDSM(io[2],io[3],
1269 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1270 io[0],io[1],il,ir,t0,t1);
1271 CAMELLIA_ROUNDSM(io[0],io[1],
1272 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1273 io[2],io[3],il,ir,t0,t1);
1274 CAMELLIA_ROUNDSM(io[2],io[3],
1275 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1276 io[0],io[1],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[0],io[1],
1278 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1279 io[2],io[3],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[2],io[3],
1281 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1282 io[0],io[1],il,ir,t0,t1);
1283
1284 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1285 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1286 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1287 t0,t1,il,ir);
1288
1289 CAMELLIA_ROUNDSM(io[0],io[1],
1290 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1291 io[2],io[3],il,ir,t0,t1);
1292 CAMELLIA_ROUNDSM(io[2],io[3],
1293 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1294 io[0],io[1],il,ir,t0,t1);
1295 CAMELLIA_ROUNDSM(io[0],io[1],
1296 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1297 io[2],io[3],il,ir,t0,t1);
1298 CAMELLIA_ROUNDSM(io[2],io[3],
1299 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1300 io[0],io[1],il,ir,t0,t1);
1301 CAMELLIA_ROUNDSM(io[0],io[1],
1302 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1303 io[2],io[3],il,ir,t0,t1);
1304 CAMELLIA_ROUNDSM(io[2],io[3],
1305 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1306 io[0],io[1],il,ir,t0,t1);
1307
1308 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1309 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1310 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1311 t0,t1,il,ir);
1312
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1318 io[0],io[1],il,ir,t0,t1);
1319 CAMELLIA_ROUNDSM(io[0],io[1],
1320 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1321 io[2],io[3],il,ir,t0,t1);
1322 CAMELLIA_ROUNDSM(io[2],io[3],
1323 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1324 io[0],io[1],il,ir,t0,t1);
1325 CAMELLIA_ROUNDSM(io[0],io[1],
1326 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
1329 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1330 io[0],io[1],il,ir,t0,t1);
1331
1332 /* post whitening but kw4 */
1333 io[2] ^= CamelliaSubkeyL(24);
1334 io[3] ^= CamelliaSubkeyR(24);
1335
1336 t0 = io[0];
1337 t1 = io[1];
1338 io[0] = io[2];
1339 io[1] = io[3];
1340 io[2] = t0;
1341 io[3] = t1;
1342
1343 return;
1344 }
1345
1346 void camellia_decrypt128(const u32 *subkey, u32 *io)
1347 {
1348 u32 il,ir,t0,t1; /* temporary valiables */
1349
1350 /* pre whitening but absorb kw2*/
1351 io[0] ^= CamelliaSubkeyL(24);
1352 io[1] ^= CamelliaSubkeyR(24);
1353
1354 /* main iteration */
1355 CAMELLIA_ROUNDSM(io[0],io[1],
1356 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1357 io[2],io[3],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[2],io[3],
1359 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1360 io[0],io[1],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1366 io[0],io[1],il,ir,t0,t1);
1367 CAMELLIA_ROUNDSM(io[0],io[1],
1368 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1369 io[2],io[3],il,ir,t0,t1);
1370 CAMELLIA_ROUNDSM(io[2],io[3],
1371 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1372 io[0],io[1],il,ir,t0,t1);
1373
1374 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1375 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1376 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1377 t0,t1,il,ir);
1378
1379 CAMELLIA_ROUNDSM(io[0],io[1],
1380 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1381 io[2],io[3],il,ir,t0,t1);
1382 CAMELLIA_ROUNDSM(io[2],io[3],
1383 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1384 io[0],io[1],il,ir,t0,t1);
1385 CAMELLIA_ROUNDSM(io[0],io[1],
1386 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1387 io[2],io[3],il,ir,t0,t1);
1388 CAMELLIA_ROUNDSM(io[2],io[3],
1389 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1390 io[0],io[1],il,ir,t0,t1);
1391 CAMELLIA_ROUNDSM(io[0],io[1],
1392 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1393 io[2],io[3],il,ir,t0,t1);
1394 CAMELLIA_ROUNDSM(io[2],io[3],
1395 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1396 io[0],io[1],il,ir,t0,t1);
1397
1398 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1399 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1400 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1401 t0,t1,il,ir);
1402
1403 CAMELLIA_ROUNDSM(io[0],io[1],
1404 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1405 io[2],io[3],il,ir,t0,t1);
1406 CAMELLIA_ROUNDSM(io[2],io[3],
1407 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1408 io[0],io[1],il,ir,t0,t1);
1409 CAMELLIA_ROUNDSM(io[0],io[1],
1410 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1411 io[2],io[3],il,ir,t0,t1);
1412 CAMELLIA_ROUNDSM(io[2],io[3],
1413 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1414 io[0],io[1],il,ir,t0,t1);
1415 CAMELLIA_ROUNDSM(io[0],io[1],
1416 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1417 io[2],io[3],il,ir,t0,t1);
1418 CAMELLIA_ROUNDSM(io[2],io[3],
1419 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1420 io[0],io[1],il,ir,t0,t1);
1421
1422 /* post whitening but kw4 */
1423 io[2] ^= CamelliaSubkeyL(0);
1424 io[3] ^= CamelliaSubkeyR(0);
1425
1426 t0 = io[0];
1427 t1 = io[1];
1428 io[0] = io[2];
1429 io[1] = io[3];
1430 io[2] = t0;
1431 io[3] = t1;
1432
1433 return;
1434 }
1435
1436 /**
1437 * stuff for 192 and 256bit encryption/decryption
1438 */
1439 void camellia_encrypt256(const u32 *subkey, u32 *io)
1440 {
1441 u32 il,ir,t0,t1; /* temporary valiables */
1442
1443 /* pre whitening but absorb kw2*/
1444 io[0] ^= CamelliaSubkeyL(0);
1445 io[1] ^= CamelliaSubkeyR(0);
1446
1447 /* main iteration */
1448 CAMELLIA_ROUNDSM(io[0],io[1],
1449 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1450 io[2],io[3],il,ir,t0,t1);
1451 CAMELLIA_ROUNDSM(io[2],io[3],
1452 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1453 io[0],io[1],il,ir,t0,t1);
1454 CAMELLIA_ROUNDSM(io[0],io[1],
1455 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1456 io[2],io[3],il,ir,t0,t1);
1457 CAMELLIA_ROUNDSM(io[2],io[3],
1458 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1459 io[0],io[1],il,ir,t0,t1);
1460 CAMELLIA_ROUNDSM(io[0],io[1],
1461 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1462 io[2],io[3],il,ir,t0,t1);
1463 CAMELLIA_ROUNDSM(io[2],io[3],
1464 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1465 io[0],io[1],il,ir,t0,t1);
1466
1467 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1468 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1469 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1470 t0,t1,il,ir);
1471
1472 CAMELLIA_ROUNDSM(io[0],io[1],
1473 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1474 io[2],io[3],il,ir,t0,t1);
1475 CAMELLIA_ROUNDSM(io[2],io[3],
1476 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1477 io[0],io[1],il,ir,t0,t1);
1478 CAMELLIA_ROUNDSM(io[0],io[1],
1479 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1480 io[2],io[3],il,ir,t0,t1);
1481 CAMELLIA_ROUNDSM(io[2],io[3],
1482 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1483 io[0],io[1],il,ir,t0,t1);
1484 CAMELLIA_ROUNDSM(io[0],io[1],
1485 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1486 io[2],io[3],il,ir,t0,t1);
1487 CAMELLIA_ROUNDSM(io[2],io[3],
1488 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1489 io[0],io[1],il,ir,t0,t1);
1490
1491 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1492 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1493 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1494 t0,t1,il,ir);
1495
1496 CAMELLIA_ROUNDSM(io[0],io[1],
1497 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1498 io[2],io[3],il,ir,t0,t1);
1499 CAMELLIA_ROUNDSM(io[2],io[3],
1500 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1501 io[0],io[1],il,ir,t0,t1);
1502 CAMELLIA_ROUNDSM(io[0],io[1],
1503 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1504 io[2],io[3],il,ir,t0,t1);
1505 CAMELLIA_ROUNDSM(io[2],io[3],
1506 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1507 io[0],io[1],il,ir,t0,t1);
1508 CAMELLIA_ROUNDSM(io[0],io[1],
1509 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1510 io[2],io[3],il,ir,t0,t1);
1511 CAMELLIA_ROUNDSM(io[2],io[3],
1512 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1513 io[0],io[1],il,ir,t0,t1);
1514
1515 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1516 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1517 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1518 t0,t1,il,ir);
1519
1520 CAMELLIA_ROUNDSM(io[0],io[1],
1521 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1522 io[2],io[3],il,ir,t0,t1);
1523 CAMELLIA_ROUNDSM(io[2],io[3],
1524 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1525 io[0],io[1],il,ir,t0,t1);
1526 CAMELLIA_ROUNDSM(io[0],io[1],
1527 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1528 io[2],io[3],il,ir,t0,t1);
1529 CAMELLIA_ROUNDSM(io[2],io[3],
1530 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1531 io[0],io[1],il,ir,t0,t1);
1532 CAMELLIA_ROUNDSM(io[0],io[1],
1533 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1534 io[2],io[3],il,ir,t0,t1);
1535 CAMELLIA_ROUNDSM(io[2],io[3],
1536 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1537 io[0],io[1],il,ir,t0,t1);
1538
1539 /* post whitening but kw4 */
1540 io[2] ^= CamelliaSubkeyL(32);
1541 io[3] ^= CamelliaSubkeyR(32);
1542
1543 t0 = io[0];
1544 t1 = io[1];
1545 io[0] = io[2];
1546 io[1] = io[3];
1547 io[2] = t0;
1548 io[3] = t1;
1549
1550 return;
1551 }
1552
1553 void camellia_decrypt256(const u32 *subkey, u32 *io)
1554 {
1555 u32 il,ir,t0,t1; /* temporary valiables */
1556
1557 /* pre whitening but absorb kw2*/
1558 io[0] ^= CamelliaSubkeyL(32);
1559 io[1] ^= CamelliaSubkeyR(32);
1560
1561 /* main iteration */
1562 CAMELLIA_ROUNDSM(io[0],io[1],
1563 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1564 io[2],io[3],il,ir,t0,t1);
1565 CAMELLIA_ROUNDSM(io[2],io[3],
1566 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1567 io[0],io[1],il,ir,t0,t1);
1568 CAMELLIA_ROUNDSM(io[0],io[1],
1569 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1570 io[2],io[3],il,ir,t0,t1);
1571 CAMELLIA_ROUNDSM(io[2],io[3],
1572 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1573 io[0],io[1],il,ir,t0,t1);
1574 CAMELLIA_ROUNDSM(io[0],io[1],
1575 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1576 io[2],io[3],il,ir,t0,t1);
1577 CAMELLIA_ROUNDSM(io[2],io[3],
1578 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1579 io[0],io[1],il,ir,t0,t1);
1580
1581 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1582 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1583 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1584 t0,t1,il,ir);
1585
1586 CAMELLIA_ROUNDSM(io[0],io[1],
1587 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1588 io[2],io[3],il,ir,t0,t1);
1589 CAMELLIA_ROUNDSM(io[2],io[3],
1590 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1591 io[0],io[1],il,ir,t0,t1);
1592 CAMELLIA_ROUNDSM(io[0],io[1],
1593 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1594 io[2],io[3],il,ir,t0,t1);
1595 CAMELLIA_ROUNDSM(io[2],io[3],
1596 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1597 io[0],io[1],il,ir,t0,t1);
1598 CAMELLIA_ROUNDSM(io[0],io[1],
1599 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1600 io[2],io[3],il,ir,t0,t1);
1601 CAMELLIA_ROUNDSM(io[2],io[3],
1602 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1603 io[0],io[1],il,ir,t0,t1);
1604
1605 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1606 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1607 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1608 t0,t1,il,ir);
1609
1610 CAMELLIA_ROUNDSM(io[0],io[1],
1611 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1612 io[2],io[3],il,ir,t0,t1);
1613 CAMELLIA_ROUNDSM(io[2],io[3],
1614 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1615 io[0],io[1],il,ir,t0,t1);
1616 CAMELLIA_ROUNDSM(io[0],io[1],
1617 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1618 io[2],io[3],il,ir,t0,t1);
1619 CAMELLIA_ROUNDSM(io[2],io[3],
1620 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1621 io[0],io[1],il,ir,t0,t1);
1622 CAMELLIA_ROUNDSM(io[0],io[1],
1623 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1624 io[2],io[3],il,ir,t0,t1);
1625 CAMELLIA_ROUNDSM(io[2],io[3],
1626 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1627 io[0],io[1],il,ir,t0,t1);
1628
1629 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1630 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1631 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1632 t0,t1,il,ir);
1633
1634 CAMELLIA_ROUNDSM(io[0],io[1],
1635 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1636 io[2],io[3],il,ir,t0,t1);
1637 CAMELLIA_ROUNDSM(io[2],io[3],
1638 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1639 io[0],io[1],il,ir,t0,t1);
1640 CAMELLIA_ROUNDSM(io[0],io[1],
1641 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1642 io[2],io[3],il,ir,t0,t1);
1643 CAMELLIA_ROUNDSM(io[2],io[3],
1644 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1645 io[0],io[1],il,ir,t0,t1);
1646 CAMELLIA_ROUNDSM(io[0],io[1],
1647 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1648 io[2],io[3],il,ir,t0,t1);
1649 CAMELLIA_ROUNDSM(io[2],io[3],
1650 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1651 io[0],io[1],il,ir,t0,t1);
1652
1653 /* post whitening but kw4 */
1654 io[2] ^= CamelliaSubkeyL(0);
1655 io[3] ^= CamelliaSubkeyR(0);
1656
1657 t0 = io[0];
1658 t1 = io[1];
1659 io[0] = io[2];
1660 io[1] = io[3];
1661 io[2] = t0;
1662 io[3] = t1;
1663
1664 return;
1665 }
1666
A mirror of the official openssl repository