← Back to branch summary

~hamo/ubuntu/precise/grub2/grub2.hi_res

« back to all changes in this revision

Viewing changes to grub-core/lib/libgcrypt-grub/cipher/camellia.c

  • Committer: Bazaar Package Importer
  • Author(s): Colin Watson, Colin Watson, Evan Broder, Mario Limonciello
  • Date: 2010-11-24 13:59:55 UTC
  • mfrom: (1.17.6 upstream) (17.6.15 experimental)
  • Revision ID: james.westby@ubuntu.com-20101124135955-r6ii5sepayr7jt53
Tags: 1.99~20101124-1ubuntu1
https://launchpad.net/bugs/677758
[ Colin Watson ]
* Resynchronise with Debian experimental.  Remaining changes:
  - Adjust for default Ubuntu boot options ("quiet splash").
  - Default to hiding the menu; holding down Shift at boot will show it.
  - Set a monochromatic theme for Ubuntu.
  - Apply Ubuntu GRUB Legacy changes to legacy update-grub script: title,
    recovery mode, quiet option, tweak how memtest86+ is displayed, and
    use UUIDs where appropriate.
  - Fix backslash-escaping in merge_debconf_into_conf.
  - Remove "GNU/Linux" from default distributor string.
  - Add crashkernel= options if kdump and makedumpfile are available.
  - If other operating systems are installed, then automatically unhide
    the menu.  Otherwise, if GRUB_HIDDEN_TIMEOUT is 0, then use keystatus
    if available to check whether Shift is pressed.  If it is, show the
    menu, otherwise boot immediately.  If keystatus is not available, then
    fall back to a short delay interruptible with Escape.
  - Allow Shift to interrupt 'sleep --interruptible'.
  - Don't display introductory message about line editing unless we're
    actually offering a shell prompt.  Don't clear the screen just before
    booting if we never drew the menu in the first place.
  - Remove some verbose messages printed before reading the configuration
    file.
  - Suppress progress messages as the kernel and initrd load for
    non-recovery kernel menu entries.
  - Change prepare_grub_to_access_device to handle filesystems
    loop-mounted on file images.
  - Ignore devices loop-mounted from files in 10_linux.
  - Show the boot menu if the previous boot failed, that is if it failed
    to get to the end of one of the normal runlevels.
  - Don't generate /boot/grub/device.map during grub-install or
    grub-mkconfig by default.
  - Adjust upgrade version checks for Ubuntu.
  - Don't display "GRUB loading" unless Shift is held down.
  - Adjust versions of grub-doc and grub-legacy-doc conflicts to tolerate
    our backport of the grub-doc split.
  - Fix LVM/RAID probing in the absence of /boot/grub/device.map.
  - Look for .mo files in /usr/share/locale-langpack as well, in
    preference.
  - Make sure GRUB_TIMEOUT isn't quoted unnecessarily.
  - Probe all devices in 'grub-probe --target=drive' if
    /boot/grub/device.map is missing.
  - Build-depend on qemu-kvm rather than qemu-system for grub-pc tests.
  - Use qemu rather than qemu-system-i386.
  - Program vesafb on BIOS systems rather than efifb.
  - Add a grub-rescue-efi-amd64 package containing a rescue CD-ROM image
    for EFI-AMD64.
  - On Wubi, don't ask for an install device, but just update wubildr
    using the diverted grub-install.
  - When embedding the core image in a post-MBR gap, check for and avoid
    sectors matching any of a list of known signatures.
  - Disable video_bochs and video_cirrus on PC BIOS systems, as probing
    PCI space seems to break on some systems.
* Downgrade "ACPI shutdown failed" error to a debug message, since it can
  cause spurious test failures.

[ Evan Broder ]
* Enable lua from grub-extras.
* Incorporate the bitop library into lua.
* Add enum_pci function to grub module in lua.
* Switch back to gfxpayload=keep by default, unless the video hardware
  is known to not support it.

[ Mario Limonciello ]
* Built part_msdos and vfat into bootx64.efi (LP: #677758)

Show diffs side-by-side

added added

removed removed

Lines of Context:
grub-core/lib/libgcrypt-grub/cipher/camellia.c
 
1
/* This file was automatically imported with 
 
2
   import_gcry.py. Please don't modify it */
 
3
/* camellia.h   ver 1.2.0
 
4
 *
 
5
 * Copyright (C) 2006,2007
 
6
 * NTT (Nippon Telegraph and Telephone Corporation).
 
7
 *
 
8
 * This library is free software; you can redistribute it and/or
 
9
 * modify it under the terms of the GNU Lesser General Public
 
10
 * License as published by the Free Software Foundation; either
 
11
 * version 2.1 of the License, or (at your option) any later version.
 
12
 *
 
13
 * This library is distributed in the hope that it will be useful,
 
14
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 
15
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 
16
 * Lesser General Public License for more details.
 
17
 *
 
18
 * You should have received a copy of the GNU Lesser General Public
 
19
 * License along with this library; if not, write to the Free Software
 
20
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
21
 */
 
22
 
 
23
/*
 
24
 * Algorithm Specification 
 
25
 *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
 
26
 */
 
27
 
 
28
 
 
29
#include "camellia.h"
 
30
 
 
31
/* u32 must be 32bit word */
 
32
typedef unsigned int u32;
 
33
typedef unsigned char u8;
 
34
 
 
35
/* key constants */
 
36
 
 
37
#define CAMELLIA_SIGMA1L (0xA09E667FL)
 
38
#define CAMELLIA_SIGMA1R (0x3BCC908BL)
 
39
#define CAMELLIA_SIGMA2L (0xB67AE858L)
 
40
#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
 
41
#define CAMELLIA_SIGMA3L (0xC6EF372FL)
 
42
#define CAMELLIA_SIGMA3R (0xE94F82BEL)
 
43
#define CAMELLIA_SIGMA4L (0x54FF53A5L)
 
44
#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
 
45
#define CAMELLIA_SIGMA5L (0x10E527FAL)
 
46
#define CAMELLIA_SIGMA5R (0xDE682D1DL)
 
47
#define CAMELLIA_SIGMA6L (0xB05688C2L)
 
48
#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
 
49
 
 
50
/*
 
51
 *  macros
 
52
 */
 
53
 
 
54
 
 
55
#if defined(_MSC_VER)
 
56
 
 
57
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 
58
# define GETU32(p) SWAP(*((u32 *)(p)))
 
59
# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
 
60
 
 
61
#else /* not MS-VC */
 
62
 
 
63
# define GETU32(pt)                             \
 
64
    (((u32)(pt)[0] << 24)                       \
 
65
     ^ ((u32)(pt)[1] << 16)                     \
 
66
     ^ ((u32)(pt)[2] <<  8)                     \
 
67
     ^ ((u32)(pt)[3]))
 
68
 
 
69
# define PUTU32(ct, st)  {                      \
 
70
        (ct)[0] = (u8)((st) >> 24);             \
 
71
        (ct)[1] = (u8)((st) >> 16);             \
 
72
        (ct)[2] = (u8)((st) >>  8);             \
 
73
        (ct)[3] = (u8)(st); }
 
74
 
 
75
#endif
 
76
 
 
77
#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
 
78
#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
 
79
 
 
80
/* rotation right shift 1byte */
 
81
#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
 
82
/* rotation left shift 1bit */
 
83
#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
 
84
/* rotation left shift 1byte */
 
85
#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
 
86
 
 
87
#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
 
88
    do {                                                \
 
89
        w0 = ll;                                        \
 
90
        ll = (ll << bits) + (lr >> (32 - bits));        \
 
91
        lr = (lr << bits) + (rl >> (32 - bits));        \
 
92
        rl = (rl << bits) + (rr >> (32 - bits));        \
 
93
        rr = (rr << bits) + (w0 >> (32 - bits));        \
 
94
    } while(0)
 
95
 
 
96
#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
 
97
    do {                                                \
 
98
        w0 = ll;                                        \
 
99
        w1 = lr;                                        \
 
100
        ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
 
101
        lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
 
102
        rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
 
103
        rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
 
104
    } while(0)
 
105
 
 
106
#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
 
107
#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
 
108
#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
 
109
#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
 
110
 
 
111
#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)      \
 
112
    do {                                                        \
 
113
        il = xl ^ kl;                                           \
 
114
        ir = xr ^ kr;                                           \
 
115
        t0 = il >> 16;                                          \
 
116
        t1 = ir >> 16;                                          \
 
117
        yl = CAMELLIA_SP1110(ir & 0xff)                         \
 
118
            ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                 \
 
119
            ^ CAMELLIA_SP3033(t1 & 0xff)                        \
 
120
            ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                \
 
121
        yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                  \
 
122
            ^ CAMELLIA_SP0222(t0 & 0xff)                        \
 
123
            ^ CAMELLIA_SP3033((il >> 8) & 0xff)                 \
 
124
            ^ CAMELLIA_SP4404(il & 0xff);                       \
 
125
        yl ^= yr;                                               \
 
126
        yr = CAMELLIA_RR8(yr);                                  \
 
127
        yr ^= yl;                                               \
 
128
    } while(0)
 
129
 
 
130
 
 
131
/*
 
132
 * for speed up
 
133
 *
 
134
 */
 
135
#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
 
136
    do {                                                                \
 
137
        t0 = kll;                                                       \
 
138
        t0 &= ll;                                                       \
 
139
        lr ^= CAMELLIA_RL1(t0);                                         \
 
140
        t1 = klr;                                                       \
 
141
        t1 |= lr;                                                       \
 
142
        ll ^= t1;                                                       \
 
143
                                                                        \
 
144
        t2 = krr;                                                       \
 
145
        t2 |= rr;                                                       \
 
146
        rl ^= t2;                                                       \
 
147
        t3 = krl;                                                       \
 
148
        t3 &= rl;                                                       \
 
149
        rr ^= CAMELLIA_RL1(t3);                                         \
 
150
    } while(0)
 
151
 
 
152
#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
 
153
    do {                                                                \
 
154
        ir = CAMELLIA_SP1110(xr & 0xff)                                 \
 
155
            ^ CAMELLIA_SP0222((xr >> 24) & 0xff)                        \
 
156
            ^ CAMELLIA_SP3033((xr >> 16) & 0xff)                        \
 
157
            ^ CAMELLIA_SP4404((xr >> 8) & 0xff);                        \
 
158
        il = CAMELLIA_SP1110((xl >> 24) & 0xff)                         \
 
159
            ^ CAMELLIA_SP0222((xl >> 16) & 0xff)                        \
 
160
            ^ CAMELLIA_SP3033((xl >> 8) & 0xff)                         \
 
161
            ^ CAMELLIA_SP4404(xl & 0xff);                               \
 
162
        il ^= kl;                                                       \
 
163
        ir ^= kr;                                                       \
 
164
        ir ^= il;                                                       \
 
165
        il = CAMELLIA_RR8(il);                                          \
 
166
        il ^= ir;                                                       \
 
167
        yl ^= ir;                                                       \
 
168
        yr ^= il;                                                       \
 
169
    } while(0)
 
170
 
 
171
 
 
172
static const u32 camellia_sp1110[256] = {
 
173
    0x70707000,0x82828200,0x2c2c2c00,0xececec00,
 
174
    0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
 
175
    0xe4e4e400,0x85858500,0x57575700,0x35353500,
 
176
    0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
 
177
    0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
 
178
    0x45454500,0x19191900,0xa5a5a500,0x21212100,
 
179
    0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
 
180
    0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
 
181
    0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
 
182
    0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
 
183
    0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
 
184
    0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
 
185
    0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
 
186
    0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
 
187
    0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
 
188
    0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
 
189
    0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
 
190
    0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
 
191
    0x74747400,0x12121200,0x2b2b2b00,0x20202000,
 
192
    0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
 
193
    0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
 
194
    0x34343400,0x7e7e7e00,0x76767600,0x05050500,
 
195
    0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
 
196
    0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
 
197
    0x14141400,0x58585800,0x3a3a3a00,0x61616100,
 
198
    0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
 
199
    0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
 
200
    0x53535300,0x18181800,0xf2f2f200,0x22222200,
 
201
    0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
 
202
    0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
 
203
    0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
 
204
    0x60606000,0xfcfcfc00,0x69696900,0x50505000,
 
205
    0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
 
206
    0xa1a1a100,0x89898900,0x62626200,0x97979700,
 
207
    0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
 
208
    0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
 
209
    0x10101000,0xc4c4c400,0x00000000,0x48484800,
 
210
    0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
 
211
    0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
 
212
    0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
 
213
    0x87878700,0x5c5c5c00,0x83838300,0x02020200,
 
214
    0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
 
215
    0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
 
216
    0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
 
217
    0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
 
218
    0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
 
219
    0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
 
220
    0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
 
221
    0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
 
222
    0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
 
223
    0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
 
224
    0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
 
225
    0x78787800,0x98989800,0x06060600,0x6a6a6a00,
 
226
    0xe7e7e700,0x46464600,0x71717100,0xbababa00,
 
227
    0xd4d4d400,0x25252500,0xababab00,0x42424200,
 
228
    0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
 
229
    0x72727200,0x07070700,0xb9b9b900,0x55555500,
 
230
    0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
 
231
    0x36363600,0x49494900,0x2a2a2a00,0x68686800,
 
232
    0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
 
233
    0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
 
234
    0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
 
235
    0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
 
236
    0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
 
237
};
 
238
 
 
239
static const u32 camellia_sp0222[256] = {
 
240
    0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
 
241
    0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
 
242
    0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
 
243
    0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
 
244
    0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
 
245
    0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
 
246
    0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
 
247
    0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
 
248
    0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
 
249
    0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
 
250
    0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
 
251
    0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
 
252
    0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
 
253
    0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
 
254
    0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
 
255
    0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
 
256
    0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
 
257
    0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
 
258
    0x00e8e8e8,0x00242424,0x00565656,0x00404040,
 
259
    0x00e1e1e1,0x00636363,0x00090909,0x00333333,
 
260
    0x00bfbfbf,0x00989898,0x00979797,0x00858585,
 
261
    0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
 
262
    0x00dadada,0x006f6f6f,0x00535353,0x00626262,
 
263
    0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
 
264
    0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
 
265
    0x00bdbdbd,0x00363636,0x00222222,0x00383838,
 
266
    0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
 
267
    0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
 
268
    0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
 
269
    0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
 
270
    0x00484848,0x00101010,0x00d1d1d1,0x00515151,
 
271
    0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
 
272
    0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
 
273
    0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
 
274
    0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
 
275
    0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
 
276
    0x00202020,0x00898989,0x00000000,0x00909090,
 
277
    0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
 
278
    0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
 
279
    0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
 
280
    0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
 
281
    0x009b9b9b,0x00949494,0x00212121,0x00666666,
 
282
    0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
 
283
    0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
 
284
    0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
 
285
    0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
 
286
    0x00030303,0x002d2d2d,0x00dedede,0x00969696,
 
287
    0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
 
288
    0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
 
289
    0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
 
290
    0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
 
291
    0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
 
292
    0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
 
293
    0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
 
294
    0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
 
295
    0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
 
296
    0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
 
297
    0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
 
298
    0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
 
299
    0x00787878,0x00707070,0x00e3e3e3,0x00494949,
 
300
    0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
 
301
    0x00777777,0x00939393,0x00868686,0x00838383,
 
302
    0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
 
303
    0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
 
304
};
 
305
 
 
306
static const u32 camellia_sp3033[256] = {
 
307
    0x38003838,0x41004141,0x16001616,0x76007676,
 
308
    0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
 
309
    0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
 
310
    0x75007575,0x06000606,0x57005757,0xa000a0a0,
 
311
    0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
 
312
    0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
 
313
    0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
 
314
    0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
 
315
    0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
 
316
    0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
 
317
    0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
 
318
    0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
 
319
    0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
 
320
    0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
 
321
    0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
 
322
    0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
 
323
    0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
 
324
    0xfd00fdfd,0x66006666,0x58005858,0x96009696,
 
325
    0x3a003a3a,0x09000909,0x95009595,0x10001010,
 
326
    0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
 
327
    0xef00efef,0x26002626,0xe500e5e5,0x61006161,
 
328
    0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
 
329
    0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
 
330
    0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
 
331
    0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
 
332
    0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
 
333
    0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
 
334
    0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
 
335
    0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
 
336
    0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
 
337
    0x12001212,0x04000404,0x74007474,0x54005454,
 
338
    0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
 
339
    0x55005555,0x68006868,0x50005050,0xbe00bebe,
 
340
    0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
 
341
    0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
 
342
    0x70007070,0xff00ffff,0x32003232,0x69006969,
 
343
    0x08000808,0x62006262,0x00000000,0x24002424,
 
344
    0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
 
345
    0x45004545,0x81008181,0x73007373,0x6d006d6d,
 
346
    0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
 
347
    0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
 
348
    0xe600e6e6,0x25002525,0x48004848,0x99009999,
 
349
    0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
 
350
    0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
 
351
    0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
 
352
    0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
 
353
    0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
 
354
    0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
 
355
    0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
 
356
    0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
 
357
    0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
 
358
    0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
 
359
    0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
 
360
    0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
 
361
    0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
 
362
    0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
 
363
    0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
 
364
    0x7c007c7c,0x77007777,0x56005656,0x05000505,
 
365
    0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
 
366
    0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
 
367
    0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
 
368
    0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
 
369
    0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
 
370
    0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
 
371
};
 
372
 
 
373
static const u32 camellia_sp4404[256] = {
 
374
    0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
 
375
    0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
 
376
    0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
 
377
    0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
 
378
    0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
 
379
    0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
 
380
    0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
 
381
    0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
 
382
    0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
 
383
    0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
 
384
    0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
 
385
    0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
 
386
    0x14140014,0x3a3a003a,0xdede00de,0x11110011,
 
387
    0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
 
388
    0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
 
389
    0x24240024,0xe8e800e8,0x60600060,0x69690069,
 
390
    0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
 
391
    0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
 
392
    0x10100010,0x00000000,0xa3a300a3,0x75750075,
 
393
    0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
 
394
    0x87870087,0x83830083,0xcdcd00cd,0x90900090,
 
395
    0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
 
396
    0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
 
397
    0x81810081,0x6f6f006f,0x13130013,0x63630063,
 
398
    0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
 
399
    0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
 
400
    0x78780078,0x06060006,0xe7e700e7,0x71710071,
 
401
    0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
 
402
    0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
 
403
    0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
 
404
    0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
 
405
    0x15150015,0xadad00ad,0x77770077,0x80800080,
 
406
    0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
 
407
    0x85850085,0x35350035,0x0c0c000c,0x41410041,
 
408
    0xefef00ef,0x93930093,0x19190019,0x21210021,
 
409
    0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
 
410
    0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
 
411
    0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
 
412
    0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
 
413
    0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
 
414
    0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
 
415
    0x12120012,0x20200020,0xb1b100b1,0x99990099,
 
416
    0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
 
417
    0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
 
418
    0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
 
419
    0x0f0f000f,0x16160016,0x18180018,0x22220022,
 
420
    0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
 
421
    0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
 
422
    0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
 
423
    0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
 
424
    0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
 
425
    0x03030003,0xdada00da,0x3f3f003f,0x94940094,
 
426
    0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
 
427
    0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
 
428
    0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
 
429
    0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
 
430
    0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
 
431
    0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
 
432
    0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
 
433
    0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
 
434
    0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
 
435
    0x49490049,0x68680068,0x38380038,0xa4a400a4,
 
436
    0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
 
437
    0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
 
438
};
 
439
 
 
440
 
 
441
/**
 
442
 * Stuff related to the Camellia key schedule
 
443
 */
 
444
#define subl(x) subL[(x)]
 
445
#define subr(x) subR[(x)]
 
446
 
 
447
void camellia_setup128(const unsigned char *key, u32 *subkey)
 
448
{
 
449
    u32 kll, klr, krl, krr;
 
450
    u32 il, ir, t0, t1, w0, w1;
 
451
    u32 kw4l, kw4r, dw, tl, tr;
 
452
    u32 subL[26];
 
453
    u32 subR[26];
 
454
 
 
455
    /**
 
456
     *  k == kll || klr || krl || krr (|| is concatination)
 
457
     */
 
458
    kll = GETU32(key     );
 
459
    klr = GETU32(key +  4);
 
460
    krl = GETU32(key +  8);
 
461
    krr = GETU32(key + 12);
 
462
    /**
 
463
     * generate KL dependent subkeys
 
464
     */
 
465
    subl(0) = kll; subr(0) = klr;
 
466
    subl(1) = krl; subr(1) = krr;
 
467
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
468
    subl(4) = kll; subr(4) = klr;
 
469
    subl(5) = krl; subr(5) = krr;
 
470
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
 
471
    subl(10) = kll; subr(10) = klr;
 
472
    subl(11) = krl; subr(11) = krr;
 
473
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
474
    subl(13) = krl; subr(13) = krr;
 
475
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 
476
    subl(16) = kll; subr(16) = klr;
 
477
    subl(17) = krl; subr(17) = krr;
 
478
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 
479
    subl(18) = kll; subr(18) = klr;
 
480
    subl(19) = krl; subr(19) = krr;
 
481
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 
482
    subl(22) = kll; subr(22) = klr;
 
483
    subl(23) = krl; subr(23) = krr;
 
484
 
 
485
    /* generate KA */
 
486
    kll = subl(0); klr = subr(0);
 
487
    krl = subl(1); krr = subr(1);
 
488
    CAMELLIA_F(kll, klr,
 
489
               CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
 
490
               w0, w1, il, ir, t0, t1);
 
491
    krl ^= w0; krr ^= w1;
 
492
    CAMELLIA_F(krl, krr,
 
493
               CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
 
494
               kll, klr, il, ir, t0, t1);
 
495
    CAMELLIA_F(kll, klr,
 
496
               CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
 
497
               krl, krr, il, ir, t0, t1);
 
498
    krl ^= w0; krr ^= w1;
 
499
    CAMELLIA_F(krl, krr,
 
500
               CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
 
501
               w0, w1, il, ir, t0, t1);
 
502
    kll ^= w0; klr ^= w1;
 
503
 
 
504
    /* generate KA dependent subkeys */
 
505
    subl(2) = kll; subr(2) = klr;
 
506
    subl(3) = krl; subr(3) = krr;
 
507
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
508
    subl(6) = kll; subr(6) = klr;
 
509
    subl(7) = krl; subr(7) = krr;
 
510
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
511
    subl(8) = kll; subr(8) = klr;
 
512
    subl(9) = krl; subr(9) = krr;
 
513
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
514
    subl(12) = kll; subr(12) = klr;
 
515
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
516
    subl(14) = kll; subr(14) = klr;
 
517
    subl(15) = krl; subr(15) = krr;
 
518
    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
 
519
    subl(20) = kll; subr(20) = klr;
 
520
    subl(21) = krl; subr(21) = krr;
 
521
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 
522
    subl(24) = kll; subr(24) = klr;
 
523
    subl(25) = krl; subr(25) = krr;
 
524
 
 
525
 
 
526
    /* absorb kw2 to other subkeys */
 
527
    subl(3) ^= subl(1); subr(3) ^= subr(1);
 
528
    subl(5) ^= subl(1); subr(5) ^= subr(1);
 
529
    subl(7) ^= subl(1); subr(7) ^= subr(1);
 
530
    subl(1) ^= subr(1) & ~subr(9);
 
531
    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
 
532
    subl(11) ^= subl(1); subr(11) ^= subr(1);
 
533
    subl(13) ^= subl(1); subr(13) ^= subr(1);
 
534
    subl(15) ^= subl(1); subr(15) ^= subr(1);
 
535
    subl(1) ^= subr(1) & ~subr(17);
 
536
    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
 
537
    subl(19) ^= subl(1); subr(19) ^= subr(1);
 
538
    subl(21) ^= subl(1); subr(21) ^= subr(1);
 
539
    subl(23) ^= subl(1); subr(23) ^= subr(1);
 
540
    subl(24) ^= subl(1); subr(24) ^= subr(1);
 
541
 
 
542
    /* absorb kw4 to other subkeys */
 
543
    kw4l = subl(25); kw4r = subr(25);
 
544
    subl(22) ^= kw4l; subr(22) ^= kw4r;
 
545
    subl(20) ^= kw4l; subr(20) ^= kw4r;
 
546
    subl(18) ^= kw4l; subr(18) ^= kw4r;
 
547
    kw4l ^= kw4r & ~subr(16);
 
548
    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
 
549
    subl(14) ^= kw4l; subr(14) ^= kw4r;
 
550
    subl(12) ^= kw4l; subr(12) ^= kw4r;
 
551
    subl(10) ^= kw4l; subr(10) ^= kw4r;
 
552
    kw4l ^= kw4r & ~subr(8);
 
553
    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
 
554
    subl(6) ^= kw4l; subr(6) ^= kw4r;
 
555
    subl(4) ^= kw4l; subr(4) ^= kw4r;
 
556
    subl(2) ^= kw4l; subr(2) ^= kw4r;
 
557
    subl(0) ^= kw4l; subr(0) ^= kw4r;
 
558
 
 
559
    /* key XOR is end of F-function */
 
560
    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
 
561
    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
 
562
    CamelliaSubkeyL(2) = subl(3);
 
563
    CamelliaSubkeyR(2) = subr(3);
 
564
    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
 
565
    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
 
566
    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
 
567
    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
 
568
    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
 
569
    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
 
570
    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
 
571
    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
 
572
    tl = subl(10) ^ (subr(10) & ~subr(8));
 
573
    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
 
574
    CamelliaSubkeyL(7) = subl(6) ^ tl;
 
575
    CamelliaSubkeyR(7) = subr(6) ^ tr;
 
576
    CamelliaSubkeyL(8) = subl(8);
 
577
    CamelliaSubkeyR(8) = subr(8);
 
578
    CamelliaSubkeyL(9) = subl(9);
 
579
    CamelliaSubkeyR(9) = subr(9);
 
580
    tl = subl(7) ^ (subr(7) & ~subr(9));
 
581
    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
 
582
    CamelliaSubkeyL(10) = tl ^ subl(11);
 
583
    CamelliaSubkeyR(10) = tr ^ subr(11);
 
584
    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
 
585
    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
 
586
    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
 
587
    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
 
588
    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
 
589
    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
 
590
    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
 
591
    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
 
592
    tl = subl(18) ^ (subr(18) & ~subr(16));
 
593
    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
 
594
    CamelliaSubkeyL(15) = subl(14) ^ tl;
 
595
    CamelliaSubkeyR(15) = subr(14) ^ tr;
 
596
    CamelliaSubkeyL(16) = subl(16);
 
597
    CamelliaSubkeyR(16) = subr(16);
 
598
    CamelliaSubkeyL(17) = subl(17);
 
599
    CamelliaSubkeyR(17) = subr(17);
 
600
    tl = subl(15) ^ (subr(15) & ~subr(17));
 
601
    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
 
602
    CamelliaSubkeyL(18) = tl ^ subl(19);
 
603
    CamelliaSubkeyR(18) = tr ^ subr(19);
 
604
    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
 
605
    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
 
606
    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
 
607
    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
 
608
    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
 
609
    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
 
610
    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
 
611
    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
 
612
    CamelliaSubkeyL(23) = subl(22);
 
613
    CamelliaSubkeyR(23) = subr(22);
 
614
    CamelliaSubkeyL(24) = subl(24) ^ subl(23);
 
615
    CamelliaSubkeyR(24) = subr(24) ^ subr(23);
 
616
 
 
617
    /* apply the inverse of the last half of P-function */
 
618
    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
 
619
    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
 
620
    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
 
621
    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
 
622
    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
 
623
    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
 
624
    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
 
625
    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
 
626
    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
 
627
    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
 
628
    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
 
629
    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
 
630
    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
 
631
    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
 
632
    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
 
633
    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
 
634
    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
 
635
    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
 
636
    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
 
637
    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
 
638
    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
 
639
    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
 
640
    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
 
641
    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
 
642
    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
 
643
    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
 
644
    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
 
645
    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
 
646
    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
 
647
    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
 
648
    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
 
649
    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
 
650
    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
 
651
    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
 
652
    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
 
653
    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
 
654
 
 
655
    return;
 
656
}
 
657
 
 
658
void camellia_setup256(const unsigned char *key, u32 *subkey)
 
659
{
 
660
    u32 kll,klr,krl,krr;           /* left half of key */
 
661
    u32 krll,krlr,krrl,krrr;       /* right half of key */
 
662
    u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
 
663
    u32 kw4l, kw4r, dw, tl, tr;
 
664
    u32 subL[34];
 
665
    u32 subR[34];
 
666
 
 
667
    /**
 
668
     *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
 
669
     *  (|| is concatination)
 
670
     */
 
671
 
 
672
    kll  = GETU32(key     );
 
673
    klr  = GETU32(key +  4);
 
674
    krl  = GETU32(key +  8);
 
675
    krr  = GETU32(key + 12);
 
676
    krll = GETU32(key + 16);
 
677
    krlr = GETU32(key + 20);
 
678
    krrl = GETU32(key + 24);
 
679
    krrr = GETU32(key + 28);
 
680
 
 
681
    /* generate KL dependent subkeys */
 
682
    subl(0) = kll; subr(0) = klr;
 
683
    subl(1) = krl; subr(1) = krr;
 
684
    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
 
685
    subl(12) = kll; subr(12) = klr;
 
686
    subl(13) = krl; subr(13) = krr;
 
687
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
688
    subl(16) = kll; subr(16) = klr;
 
689
    subl(17) = krl; subr(17) = krr;
 
690
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 
691
    subl(22) = kll; subr(22) = klr;
 
692
    subl(23) = krl; subr(23) = krr;
 
693
    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
 
694
    subl(30) = kll; subr(30) = klr;
 
695
    subl(31) = krl; subr(31) = krr;
 
696
 
 
697
    /* generate KR dependent subkeys */
 
698
    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
 
699
    subl(4) = krll; subr(4) = krlr;
 
700
    subl(5) = krrl; subr(5) = krrr;
 
701
    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
 
702
    subl(8) = krll; subr(8) = krlr;
 
703
    subl(9) = krrl; subr(9) = krrr;
 
704
    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
 
705
    subl(18) = krll; subr(18) = krlr;
 
706
    subl(19) = krrl; subr(19) = krrr;
 
707
    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
 
708
    subl(26) = krll; subr(26) = krlr;
 
709
    subl(27) = krrl; subr(27) = krrr;
 
710
    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
 
711
 
 
712
    /* generate KA */
 
713
    kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
 
714
    krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
 
715
    CAMELLIA_F(kll, klr,
 
716
               CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
 
717
               w0, w1, il, ir, t0, t1);
 
718
    krl ^= w0; krr ^= w1;
 
719
    CAMELLIA_F(krl, krr,
 
720
               CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
 
721
               kll, klr, il, ir, t0, t1);
 
722
    kll ^= krll; klr ^= krlr;
 
723
    CAMELLIA_F(kll, klr,
 
724
               CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
 
725
               krl, krr, il, ir, t0, t1);
 
726
    krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
 
727
    CAMELLIA_F(krl, krr,
 
728
               CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
 
729
               w0, w1, il, ir, t0, t1);
 
730
    kll ^= w0; klr ^= w1;
 
731
 
 
732
    /* generate KB */
 
733
    krll ^= kll; krlr ^= klr;
 
734
    krrl ^= krl; krrr ^= krr;
 
735
    CAMELLIA_F(krll, krlr,
 
736
               CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
 
737
               w0, w1, il, ir, t0, t1);
 
738
    krrl ^= w0; krrr ^= w1;
 
739
    CAMELLIA_F(krrl, krrr,
 
740
               CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
 
741
               w0, w1, il, ir, t0, t1);
 
742
    krll ^= w0; krlr ^= w1;
 
743
 
 
744
    /* generate KA dependent subkeys */
 
745
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 
746
    subl(6) = kll; subr(6) = klr;
 
747
    subl(7) = krl; subr(7) = krr;
 
748
    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
 
749
    subl(14) = kll; subr(14) = klr;
 
750
    subl(15) = krl; subr(15) = krr;
 
751
    subl(24) = klr; subr(24) = krl;
 
752
    subl(25) = krr; subr(25) = kll;
 
753
    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
 
754
    subl(28) = kll; subr(28) = klr;
 
755
    subl(29) = krl; subr(29) = krr;
 
756
 
 
757
    /* generate KB dependent subkeys */
 
758
    subl(2) = krll; subr(2) = krlr;
 
759
    subl(3) = krrl; subr(3) = krrr;
 
760
    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
 
761
    subl(10) = krll; subr(10) = krlr;
 
762
    subl(11) = krrl; subr(11) = krrr;
 
763
    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
 
764
    subl(20) = krll; subr(20) = krlr;
 
765
    subl(21) = krrl; subr(21) = krrr;
 
766
    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
 
767
    subl(32) = krll; subr(32) = krlr;
 
768
    subl(33) = krrl; subr(33) = krrr;
 
769
 
 
770
    /* absorb kw2 to other subkeys */
 
771
    subl(3) ^= subl(1); subr(3) ^= subr(1);
 
772
    subl(5) ^= subl(1); subr(5) ^= subr(1);
 
773
    subl(7) ^= subl(1); subr(7) ^= subr(1);
 
774
    subl(1) ^= subr(1) & ~subr(9);
 
775
    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
 
776
    subl(11) ^= subl(1); subr(11) ^= subr(1);
 
777
    subl(13) ^= subl(1); subr(13) ^= subr(1);
 
778
    subl(15) ^= subl(1); subr(15) ^= subr(1);
 
779
    subl(1) ^= subr(1) & ~subr(17);
 
780
    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
 
781
    subl(19) ^= subl(1); subr(19) ^= subr(1);
 
782
    subl(21) ^= subl(1); subr(21) ^= subr(1);
 
783
    subl(23) ^= subl(1); subr(23) ^= subr(1);
 
784
    subl(1) ^= subr(1) & ~subr(25);
 
785
    dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
 
786
    subl(27) ^= subl(1); subr(27) ^= subr(1);
 
787
    subl(29) ^= subl(1); subr(29) ^= subr(1);
 
788
    subl(31) ^= subl(1); subr(31) ^= subr(1);
 
789
    subl(32) ^= subl(1); subr(32) ^= subr(1);
 
790
 
 
791
    /* absorb kw4 to other subkeys */
 
792
    kw4l = subl(33); kw4r = subr(33);
 
793
    subl(30) ^= kw4l; subr(30) ^= kw4r;
 
794
    subl(28) ^= kw4l; subr(28) ^= kw4r;
 
795
    subl(26) ^= kw4l; subr(26) ^= kw4r;
 
796
    kw4l ^= kw4r & ~subr(24);
 
797
    dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
 
798
    subl(22) ^= kw4l; subr(22) ^= kw4r;
 
799
    subl(20) ^= kw4l; subr(20) ^= kw4r;
 
800
    subl(18) ^= kw4l; subr(18) ^= kw4r;
 
801
    kw4l ^= kw4r & ~subr(16);
 
802
    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
 
803
    subl(14) ^= kw4l; subr(14) ^= kw4r;
 
804
    subl(12) ^= kw4l; subr(12) ^= kw4r;
 
805
    subl(10) ^= kw4l; subr(10) ^= kw4r;
 
806
    kw4l ^= kw4r & ~subr(8);
 
807
    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
 
808
    subl(6) ^= kw4l; subr(6) ^= kw4r;
 
809
    subl(4) ^= kw4l; subr(4) ^= kw4r;
 
810
    subl(2) ^= kw4l; subr(2) ^= kw4r;
 
811
    subl(0) ^= kw4l; subr(0) ^= kw4r;
 
812
 
 
813
    /* key XOR is end of F-function */
 
814
    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
 
815
    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
 
816
    CamelliaSubkeyL(2) = subl(3);
 
817
    CamelliaSubkeyR(2) = subr(3);
 
818
    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
 
819
    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
 
820
    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
 
821
    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
 
822
    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
 
823
    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
 
824
    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
 
825
    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
 
826
    tl = subl(10) ^ (subr(10) & ~subr(8));
 
827
    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
 
828
    CamelliaSubkeyL(7) = subl(6) ^ tl;
 
829
    CamelliaSubkeyR(7) = subr(6) ^ tr;
 
830
    CamelliaSubkeyL(8) = subl(8);
 
831
    CamelliaSubkeyR(8) = subr(8);
 
832
    CamelliaSubkeyL(9) = subl(9);
 
833
    CamelliaSubkeyR(9) = subr(9);
 
834
    tl = subl(7) ^ (subr(7) & ~subr(9));
 
835
    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
 
836
    CamelliaSubkeyL(10) = tl ^ subl(11);
 
837
    CamelliaSubkeyR(10) = tr ^ subr(11);
 
838
    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
 
839
    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
 
840
    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
 
841
    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
 
842
    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
 
843
    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
 
844
    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
 
845
    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
 
846
    tl = subl(18) ^ (subr(18) & ~subr(16));
 
847
    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
 
848
    CamelliaSubkeyL(15) = subl(14) ^ tl;
 
849
    CamelliaSubkeyR(15) = subr(14) ^ tr;
 
850
    CamelliaSubkeyL(16) = subl(16);
 
851
    CamelliaSubkeyR(16) = subr(16);
 
852
    CamelliaSubkeyL(17) = subl(17);
 
853
    CamelliaSubkeyR(17) = subr(17);
 
854
    tl = subl(15) ^ (subr(15) & ~subr(17));
 
855
    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
 
856
    CamelliaSubkeyL(18) = tl ^ subl(19);
 
857
    CamelliaSubkeyR(18) = tr ^ subr(19);
 
858
    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
 
859
    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
 
860
    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
 
861
    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
 
862
    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
 
863
    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
 
864
    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
 
865
    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
 
866
    tl = subl(26) ^ (subr(26) & ~subr(24));
 
867
    dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
 
868
    CamelliaSubkeyL(23) = subl(22) ^ tl;
 
869
    CamelliaSubkeyR(23) = subr(22) ^ tr;
 
870
    CamelliaSubkeyL(24) = subl(24);
 
871
    CamelliaSubkeyR(24) = subr(24);
 
872
    CamelliaSubkeyL(25) = subl(25);
 
873
    CamelliaSubkeyR(25) = subr(25);
 
874
    tl = subl(23) ^ (subr(23) &  ~subr(25));
 
875
    dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
 
876
    CamelliaSubkeyL(26) = tl ^ subl(27);
 
877
    CamelliaSubkeyR(26) = tr ^ subr(27);
 
878
    CamelliaSubkeyL(27) = subl(26) ^ subl(28);
 
879
    CamelliaSubkeyR(27) = subr(26) ^ subr(28);
 
880
    CamelliaSubkeyL(28) = subl(27) ^ subl(29);
 
881
    CamelliaSubkeyR(28) = subr(27) ^ subr(29);
 
882
    CamelliaSubkeyL(29) = subl(28) ^ subl(30);
 
883
    CamelliaSubkeyR(29) = subr(28) ^ subr(30);
 
884
    CamelliaSubkeyL(30) = subl(29) ^ subl(31);
 
885
    CamelliaSubkeyR(30) = subr(29) ^ subr(31);
 
886
    CamelliaSubkeyL(31) = subl(30);
 
887
    CamelliaSubkeyR(31) = subr(30);
 
888
    CamelliaSubkeyL(32) = subl(32) ^ subl(31);
 
889
    CamelliaSubkeyR(32) = subr(32) ^ subr(31);
 
890
 
 
891
    /* apply the inverse of the last half of P-function */
 
892
    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
 
893
    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
 
894
    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
 
895
    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
 
896
    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
 
897
    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
 
898
    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
 
899
    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
 
900
    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
 
901
    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
 
902
    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
 
903
    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
 
904
    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
 
905
    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
 
906
    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
 
907
    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
 
908
    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
 
909
    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
 
910
    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
 
911
    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
 
912
    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
 
913
    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
 
914
    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
 
915
    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
 
916
    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
 
917
    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
 
918
    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
 
919
    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
 
920
    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
 
921
    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
 
922
    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
 
923
    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
 
924
    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
 
925
    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
 
926
    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
 
927
    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
 
928
    dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
 
929
    CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
 
930
    dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
 
931
    CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
 
932
    dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
 
933
    CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
 
934
    dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
 
935
    CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
 
936
    dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
 
937
    CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
 
938
    dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
 
939
    CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
 
940
    
 
941
    return;
 
942
}
 
943
 
 
944
void camellia_setup192(const unsigned char *key, u32 *subkey)
 
945
{
 
946
    unsigned char kk[32];
 
947
    u32 krll, krlr, krrl,krrr;
 
948
 
 
949
    memcpy(kk, key, 24);
 
950
    memcpy((unsigned char *)&krll, key+16,4);
 
951
    memcpy((unsigned char *)&krlr, key+20,4);
 
952
    krrl = ~krll;
 
953
    krrr = ~krlr;
 
954
    memcpy(kk+24, (unsigned char *)&krrl, 4);
 
955
    memcpy(kk+28, (unsigned char *)&krrr, 4);
 
956
    camellia_setup256(kk, subkey);
 
957
    return;
 
958
}
 
959
 
 
960
 
 
961
/**
 
962
 * Stuff related to camellia encryption/decryption
 
963
 *
 
964
 * "io" must be 4byte aligned and big-endian data.
 
965
 */
 
966
void camellia_encrypt128(const u32 *subkey, u32 *io)
 
967
{
 
968
    u32 il, ir, t0, t1;
 
969
 
 
970
    /* pre whitening but absorb kw2*/
 
971
    io[0] ^= CamelliaSubkeyL(0);
 
972
    io[1] ^= CamelliaSubkeyR(0);
 
973
    /* main iteration */
 
974
 
 
975
    CAMELLIA_ROUNDSM(io[0],io[1],
 
976
                     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
 
977
                     io[2],io[3],il,ir,t0,t1);
 
978
    CAMELLIA_ROUNDSM(io[2],io[3],
 
979
                     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
 
980
                     io[0],io[1],il,ir,t0,t1);
 
981
    CAMELLIA_ROUNDSM(io[0],io[1],
 
982
                     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
 
983
                     io[2],io[3],il,ir,t0,t1);
 
984
    CAMELLIA_ROUNDSM(io[2],io[3],
 
985
                     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
 
986
                     io[0],io[1],il,ir,t0,t1);
 
987
    CAMELLIA_ROUNDSM(io[0],io[1],
 
988
                     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
 
989
                     io[2],io[3],il,ir,t0,t1);
 
990
    CAMELLIA_ROUNDSM(io[2],io[3],
 
991
                     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
 
992
                     io[0],io[1],il,ir,t0,t1);
 
993
 
 
994
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
995
                 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
 
996
                 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
 
997
                 t0,t1,il,ir);
 
998
 
 
999
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1000
                     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
 
1001
                     io[2],io[3],il,ir,t0,t1);
 
1002
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1003
                     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
 
1004
                     io[0],io[1],il,ir,t0,t1);
 
1005
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1006
                     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
 
1007
                     io[2],io[3],il,ir,t0,t1);
 
1008
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1009
                     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
 
1010
                     io[0],io[1],il,ir,t0,t1);
 
1011
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1012
                     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
 
1013
                     io[2],io[3],il,ir,t0,t1);
 
1014
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1015
                     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
 
1016
                     io[0],io[1],il,ir,t0,t1);
 
1017
 
 
1018
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1019
                 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
 
1020
                 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
 
1021
                 t0,t1,il,ir);
 
1022
 
 
1023
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1024
                     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
 
1025
                     io[2],io[3],il,ir,t0,t1);
 
1026
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1027
                     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
 
1028
                     io[0],io[1],il,ir,t0,t1);
 
1029
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1030
                     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
 
1031
                     io[2],io[3],il,ir,t0,t1);
 
1032
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1033
                     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
 
1034
                     io[0],io[1],il,ir,t0,t1);
 
1035
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1036
                     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
 
1037
                     io[2],io[3],il,ir,t0,t1);
 
1038
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1039
                     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
 
1040
                     io[0],io[1],il,ir,t0,t1);
 
1041
 
 
1042
    /* post whitening but kw4 */
 
1043
    io[2] ^= CamelliaSubkeyL(24);
 
1044
    io[3] ^= CamelliaSubkeyR(24);
 
1045
 
 
1046
    t0 = io[0];
 
1047
    t1 = io[1];
 
1048
    io[0] = io[2];
 
1049
    io[1] = io[3];
 
1050
    io[2] = t0;
 
1051
    io[3] = t1;
 
1052
        
 
1053
    return;
 
1054
}
 
1055
 
 
1056
void camellia_decrypt128(const u32 *subkey, u32 *io)
 
1057
{
 
1058
    u32 il,ir,t0,t1;               /* temporary valiables */
 
1059
    
 
1060
    /* pre whitening but absorb kw2*/
 
1061
    io[0] ^= CamelliaSubkeyL(24);
 
1062
    io[1] ^= CamelliaSubkeyR(24);
 
1063
 
 
1064
    /* main iteration */
 
1065
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1066
                     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
 
1067
                     io[2],io[3],il,ir,t0,t1);
 
1068
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1069
                     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
 
1070
                     io[0],io[1],il,ir,t0,t1);
 
1071
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1072
                     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
 
1073
                     io[2],io[3],il,ir,t0,t1);
 
1074
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1075
                     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
 
1076
                     io[0],io[1],il,ir,t0,t1);
 
1077
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1078
                     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
 
1079
                     io[2],io[3],il,ir,t0,t1);
 
1080
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1081
                     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
 
1082
                     io[0],io[1],il,ir,t0,t1);
 
1083
 
 
1084
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1085
                 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
 
1086
                 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
 
1087
                 t0,t1,il,ir);
 
1088
 
 
1089
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1090
                     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
 
1091
                     io[2],io[3],il,ir,t0,t1);
 
1092
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1093
                     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
 
1094
                     io[0],io[1],il,ir,t0,t1);
 
1095
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1096
                     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
 
1097
                     io[2],io[3],il,ir,t0,t1);
 
1098
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1099
                     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
 
1100
                     io[0],io[1],il,ir,t0,t1);
 
1101
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1102
                     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
 
1103
                     io[2],io[3],il,ir,t0,t1);
 
1104
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1105
                     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
 
1106
                     io[0],io[1],il,ir,t0,t1);
 
1107
 
 
1108
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1109
                 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
 
1110
                 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
 
1111
                 t0,t1,il,ir);
 
1112
 
 
1113
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1114
                     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
 
1115
                     io[2],io[3],il,ir,t0,t1);
 
1116
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1117
                     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
 
1118
                     io[0],io[1],il,ir,t0,t1);
 
1119
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1120
                     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
 
1121
                     io[2],io[3],il,ir,t0,t1);
 
1122
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1123
                     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
 
1124
                     io[0],io[1],il,ir,t0,t1);
 
1125
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1126
                     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
 
1127
                     io[2],io[3],il,ir,t0,t1);
 
1128
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1129
                     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
 
1130
                     io[0],io[1],il,ir,t0,t1);
 
1131
 
 
1132
    /* post whitening but kw4 */
 
1133
    io[2] ^= CamelliaSubkeyL(0);
 
1134
    io[3] ^= CamelliaSubkeyR(0);
 
1135
 
 
1136
    t0 = io[0];
 
1137
    t1 = io[1];
 
1138
    io[0] = io[2];
 
1139
    io[1] = io[3];
 
1140
    io[2] = t0;
 
1141
    io[3] = t1;
 
1142
 
 
1143
    return;
 
1144
}
 
1145
 
 
1146
/**
 
1147
 * stuff for 192 and 256bit encryption/decryption
 
1148
 */
 
1149
void camellia_encrypt256(const u32 *subkey, u32 *io)
 
1150
{
 
1151
    u32 il,ir,t0,t1;           /* temporary valiables */
 
1152
 
 
1153
    /* pre whitening but absorb kw2*/
 
1154
    io[0] ^= CamelliaSubkeyL(0);
 
1155
    io[1] ^= CamelliaSubkeyR(0);
 
1156
 
 
1157
    /* main iteration */
 
1158
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1159
                     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
 
1160
                     io[2],io[3],il,ir,t0,t1);
 
1161
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1162
                     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
 
1163
                     io[0],io[1],il,ir,t0,t1);
 
1164
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1165
                     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
 
1166
                     io[2],io[3],il,ir,t0,t1);
 
1167
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1168
                     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
 
1169
                     io[0],io[1],il,ir,t0,t1);
 
1170
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1171
                     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
 
1172
                     io[2],io[3],il,ir,t0,t1);
 
1173
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1174
                     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
 
1175
                     io[0],io[1],il,ir,t0,t1);
 
1176
 
 
1177
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1178
                 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
 
1179
                 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
 
1180
                 t0,t1,il,ir);
 
1181
 
 
1182
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1183
                     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
 
1184
                     io[2],io[3],il,ir,t0,t1);
 
1185
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1186
                     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
 
1187
                     io[0],io[1],il,ir,t0,t1);
 
1188
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1189
                     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
 
1190
                     io[2],io[3],il,ir,t0,t1);
 
1191
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1192
                     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
 
1193
                     io[0],io[1],il,ir,t0,t1);
 
1194
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1195
                     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
 
1196
                     io[2],io[3],il,ir,t0,t1);
 
1197
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1198
                     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
 
1199
                     io[0],io[1],il,ir,t0,t1);
 
1200
 
 
1201
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1202
                 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
 
1203
                 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
 
1204
                 t0,t1,il,ir);
 
1205
 
 
1206
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1207
                     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
 
1208
                     io[2],io[3],il,ir,t0,t1);
 
1209
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1210
                     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
 
1211
                     io[0],io[1],il,ir,t0,t1);
 
1212
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1213
                     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
 
1214
                     io[2],io[3],il,ir,t0,t1);
 
1215
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1216
                     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
 
1217
                     io[0],io[1],il,ir,t0,t1);
 
1218
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1219
                     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
 
1220
                     io[2],io[3],il,ir,t0,t1);
 
1221
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1222
                     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
 
1223
                     io[0],io[1],il,ir,t0,t1);
 
1224
 
 
1225
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1226
                 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
 
1227
                 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
 
1228
                 t0,t1,il,ir);
 
1229
 
 
1230
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1231
                     CamelliaSubkeyL(26),CamelliaSubkeyR(26),
 
1232
                     io[2],io[3],il,ir,t0,t1);
 
1233
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1234
                     CamelliaSubkeyL(27),CamelliaSubkeyR(27),
 
1235
                     io[0],io[1],il,ir,t0,t1);
 
1236
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1237
                     CamelliaSubkeyL(28),CamelliaSubkeyR(28),
 
1238
                     io[2],io[3],il,ir,t0,t1);
 
1239
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1240
                     CamelliaSubkeyL(29),CamelliaSubkeyR(29),
 
1241
                     io[0],io[1],il,ir,t0,t1);
 
1242
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1243
                     CamelliaSubkeyL(30),CamelliaSubkeyR(30),
 
1244
                     io[2],io[3],il,ir,t0,t1);
 
1245
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1246
                     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
 
1247
                     io[0],io[1],il,ir,t0,t1);
 
1248
 
 
1249
    /* post whitening but kw4 */
 
1250
    io[2] ^= CamelliaSubkeyL(32);
 
1251
    io[3] ^= CamelliaSubkeyR(32);
 
1252
 
 
1253
    t0 = io[0];
 
1254
    t1 = io[1];
 
1255
    io[0] = io[2];
 
1256
    io[1] = io[3];
 
1257
    io[2] = t0;
 
1258
    io[3] = t1;
 
1259
 
 
1260
    return;
 
1261
}
 
1262
 
 
1263
void camellia_decrypt256(const u32 *subkey, u32 *io)
 
1264
{
 
1265
    u32 il,ir,t0,t1;           /* temporary valiables */
 
1266
 
 
1267
    /* pre whitening but absorb kw2*/
 
1268
    io[0] ^= CamelliaSubkeyL(32);
 
1269
    io[1] ^= CamelliaSubkeyR(32);
 
1270
        
 
1271
    /* main iteration */
 
1272
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1273
                     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
 
1274
                     io[2],io[3],il,ir,t0,t1);
 
1275
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1276
                     CamelliaSubkeyL(30),CamelliaSubkeyR(30),
 
1277
                     io[0],io[1],il,ir,t0,t1);
 
1278
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1279
                     CamelliaSubkeyL(29),CamelliaSubkeyR(29),
 
1280
                     io[2],io[3],il,ir,t0,t1);
 
1281
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1282
                     CamelliaSubkeyL(28),CamelliaSubkeyR(28),
 
1283
                     io[0],io[1],il,ir,t0,t1);
 
1284
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1285
                     CamelliaSubkeyL(27),CamelliaSubkeyR(27),
 
1286
                     io[2],io[3],il,ir,t0,t1);
 
1287
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1288
                     CamelliaSubkeyL(26),CamelliaSubkeyR(26),
 
1289
                     io[0],io[1],il,ir,t0,t1);
 
1290
 
 
1291
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1292
                 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
 
1293
                 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
 
1294
                 t0,t1,il,ir);
 
1295
 
 
1296
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1297
                     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
 
1298
                     io[2],io[3],il,ir,t0,t1);
 
1299
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1300
                     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
 
1301
                     io[0],io[1],il,ir,t0,t1);
 
1302
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1303
                     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
 
1304
                     io[2],io[3],il,ir,t0,t1);
 
1305
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1306
                     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
 
1307
                     io[0],io[1],il,ir,t0,t1);
 
1308
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1309
                     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
 
1310
                     io[2],io[3],il,ir,t0,t1);
 
1311
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1312
                     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
 
1313
                     io[0],io[1],il,ir,t0,t1);
 
1314
 
 
1315
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1316
                 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
 
1317
                 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
 
1318
                 t0,t1,il,ir);
 
1319
 
 
1320
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1321
                     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
 
1322
                     io[2],io[3],il,ir,t0,t1);
 
1323
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1324
                     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
 
1325
                     io[0],io[1],il,ir,t0,t1);
 
1326
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1327
                     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
 
1328
                     io[2],io[3],il,ir,t0,t1);
 
1329
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1330
                     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
 
1331
                     io[0],io[1],il,ir,t0,t1);
 
1332
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1333
                     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
 
1334
                     io[2],io[3],il,ir,t0,t1);
 
1335
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1336
                     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
 
1337
                     io[0],io[1],il,ir,t0,t1);
 
1338
 
 
1339
    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
 
1340
                 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
 
1341
                 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
 
1342
                 t0,t1,il,ir);
 
1343
 
 
1344
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1345
                     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
 
1346
                     io[2],io[3],il,ir,t0,t1);
 
1347
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1348
                     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
 
1349
                     io[0],io[1],il,ir,t0,t1);
 
1350
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1351
                     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
 
1352
                     io[2],io[3],il,ir,t0,t1);
 
1353
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1354
                     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
 
1355
                     io[0],io[1],il,ir,t0,t1);
 
1356
    CAMELLIA_ROUNDSM(io[0],io[1],
 
1357
                     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
 
1358
                     io[2],io[3],il,ir,t0,t1);
 
1359
    CAMELLIA_ROUNDSM(io[2],io[3],
 
1360
                     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
 
1361
                     io[0],io[1],il,ir,t0,t1);
 
1362
 
 
1363
    /* post whitening but kw4 */
 
1364
    io[2] ^= CamelliaSubkeyL(0);
 
1365
    io[3] ^= CamelliaSubkeyR(0);
 
1366
 
 
1367
    t0 = io[0];
 
1368
    t1 = io[1];
 
1369
    io[0] = io[2];
 
1370
    io[1] = io[3];
 
1371
    io[2] = t0;
 
1372
    io[3] = t1;
 
1373
 
 
1374
    return;
 
1375
}
 
1376
 
 
1377
/***
 
1378
 *
 
1379
 * API for compatibility
 
1380
 */
 
1381
 
 
1382
void Camellia_Ekeygen(const int keyBitLength, 
 
1383
                      const unsigned char *rawKey, 
 
1384
                      KEY_TABLE_TYPE keyTable)
 
1385
{
 
1386
    switch(keyBitLength) {
 
1387
    case 128:
 
1388
        camellia_setup128(rawKey, keyTable);
 
1389
        break;
 
1390
    case 192:
 
1391
        camellia_setup192(rawKey, keyTable);
 
1392
        break;
 
1393
    case 256:
 
1394
        camellia_setup256(rawKey, keyTable);
 
1395
        break;
 
1396
    default:
 
1397
        break;
 
1398
    }
 
1399
}
 
1400
 
 
1401
 
 
1402
void Camellia_EncryptBlock(const int keyBitLength, 
 
1403
                           const unsigned char *plaintext, 
 
1404
                           const KEY_TABLE_TYPE keyTable, 
 
1405
                           unsigned char *ciphertext)
 
1406
{
 
1407
    u32 tmp[4];
 
1408
 
 
1409
    tmp[0] = GETU32(plaintext);
 
1410
    tmp[1] = GETU32(plaintext + 4);
 
1411
    tmp[2] = GETU32(plaintext + 8);
 
1412
    tmp[3] = GETU32(plaintext + 12);
 
1413
 
 
1414
    switch (keyBitLength) {
 
1415
    case 128:
 
1416
        camellia_encrypt128(keyTable, tmp);
 
1417
        break;
 
1418
    case 192:
 
1419
        /* fall through */
 
1420
    case 256:
 
1421
        camellia_encrypt256(keyTable, tmp);
 
1422
        break;
 
1423
    default:
 
1424
        break;
 
1425
    }
 
1426
 
 
1427
    PUTU32(ciphertext, tmp[0]);
 
1428
    PUTU32(ciphertext + 4, tmp[1]);
 
1429
    PUTU32(ciphertext + 8, tmp[2]);
 
1430
    PUTU32(ciphertext + 12, tmp[3]);
 
1431
}
 
1432
 
 
1433
void Camellia_DecryptBlock(const int keyBitLength, 
 
1434
                           const unsigned char *ciphertext, 
 
1435
                           const KEY_TABLE_TYPE keyTable, 
 
1436
                           unsigned char *plaintext)
 
1437
{
 
1438
    u32 tmp[4];
 
1439
 
 
1440
    tmp[0] = GETU32(ciphertext);
 
1441
    tmp[1] = GETU32(ciphertext + 4);
 
1442
    tmp[2] = GETU32(ciphertext + 8);
 
1443
    tmp[3] = GETU32(ciphertext + 12);
 
1444
 
 
1445
    switch (keyBitLength) {
 
1446
    case 128:
 
1447
        camellia_decrypt128(keyTable, tmp);
 
1448
        break;
 
1449
    case 192:
 
1450
        /* fall through */
 
1451
    case 256:
 
1452
        camellia_decrypt256(keyTable, tmp);
 
1453
        break;
 
1454
    default:
 
1455
        break;
 
1456
    }
 
1457
    PUTU32(plaintext, tmp[0]);
 
1458
    PUTU32(plaintext + 4, tmp[1]);
 
1459
    PUTU32(plaintext + 8, tmp[2]);
 
1460
    PUTU32(plaintext + 12, tmp[3]);
 
1461
}