« back to all changes in this revision
Viewing changes to crypto/camellia/camellia.c
- browse files at revision 1.1.4
- compare with another revision
- compare with revision 57
- download diff
- download tarball
- view history from revision 1.1.4
- Committer: Bazaar Package Importer
- Author(s): Kurt Roeckx
- Date: 2006-10-02 18:05:00 UTC
- mto: (11.1.1 lenny)
- mto: This revision was merged to the branch mainline in revision 10.
- Revision ID: james.westby@ubuntu.com-20061002180500-y5ux36zvt0fjeiax
Tags: upstream-0.9.8c
ImportĀ upstreamĀ versionĀ 0.9.8c
- files added:
- crypto/aes/aes_ige.c
- crypto/camellia
- files modified:
- CHANGES
added
removed
crypto/camellia/camellia.c
1
/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2
/* ====================================================================
3
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
4
* ALL RIGHTS RESERVED.
5
*
6
* Intellectual Property information for Camellia:
7
* http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
8
*
9
* News Release for Announcement of Camellia open source:
10
* http://www.ntt.co.jp/news/news06e/0604/060413a.html
11
*
12
* The Camellia Code included herein is developed by
13
* NTT (Nippon Telegraph and Telephone Corporation), and is contributed
14
* to the OpenSSL project.
15
*
16
* The Camellia Code is licensed pursuant to the OpenSSL open source
17
* license provided below.
18
*/
19
/* ====================================================================
20
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
21
*
22
* Redistribution and use in source and binary forms, with or without
23
* modification, are permitted provided that the following conditions
24
* are met:
25
*
26
* 1. Redistributions of source code must retain the above copyright
27
* notice, this list of conditions and the following disclaimer.
28
*
29
* 2. Redistributions in binary form must reproduce the above copyright
30
* notice, this list of conditions and the following disclaimer in
31
* the documentation and/or other materials provided with the
32
* distribution.
33
*
34
* 3. All advertising materials mentioning features or use of this
35
* software must display the following acknowledgment:
36
* "This product includes software developed by the OpenSSL Project
37
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
38
*
39
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
40
* endorse or promote products derived from this software without
41
* prior written permission. For written permission, please contact
42
* openssl-core@openssl.org.
43
*
44
* 5. Products derived from this software may not be called "OpenSSL"
45
* nor may "OpenSSL" appear in their names without prior written
46
* permission of the OpenSSL Project.
47
*
48
* 6. Redistributions of any form whatsoever must retain the following
49
* acknowledgment:
50
* "This product includes software developed by the OpenSSL Project
51
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
52
*
53
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
57
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64
* OF THE POSSIBILITY OF SUCH DAMAGE.
65
* ====================================================================
66
*/
67
68
/* Algorithm Specification
69
http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
70
*/
71
72
73
#include <string.h>
74
#include <stdlib.h>
75
76
#include "camellia.h"
77
#include "cmll_locl.h"
78
79
/*
80
* must be defined uint32_t
81
*/
82
83
/* key constants */
84
85
#define CAMELLIA_SIGMA1L (0xA09E667FL)
86
#define CAMELLIA_SIGMA1R (0x3BCC908BL)
87
#define CAMELLIA_SIGMA2L (0xB67AE858L)
88
#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
89
#define CAMELLIA_SIGMA3L (0xC6EF372FL)
90
#define CAMELLIA_SIGMA3R (0xE94F82BEL)
91
#define CAMELLIA_SIGMA4L (0x54FF53A5L)
92
#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
93
#define CAMELLIA_SIGMA5L (0x10E527FAL)
94
#define CAMELLIA_SIGMA5R (0xDE682D1DL)
95
#define CAMELLIA_SIGMA6L (0xB05688C2L)
96
#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
97
98
/*
99
* macros
100
*/
101
102
/* e is pointer of subkey */
103
#ifdef L_ENDIAN
104
105
#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2 + 1])
106
#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2])
107
108
#else /* big endian */
109
110
#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
111
#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
112
113
#endif /* IS_LITTLE_ENDIAN */
114
115
/* rotation right shift 1byte */
116
#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117
/* rotation left shift 1bit */
118
#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119
/* rotation left shift 1byte */
120
#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
121
122
#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
123
do \
124
{ \
125
w0 = ll; \
126
ll = (ll << bits) + (lr >> (32 - bits)); \
127
lr = (lr << bits) + (rl >> (32 - bits)); \
128
rl = (rl << bits) + (rr >> (32 - bits)); \
129
rr = (rr << bits) + (w0 >> (32 - bits)); \
130
} while(0)
131
132
#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
133
do \
134
{ \
135
w0 = ll; \
136
w1 = lr; \
137
ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
138
lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
139
rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
140
rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
141
} while(0)
142
143
#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
144
#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
145
#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
146
#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
147
148
#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
149
do \
150
{ \
151
il = xl ^ kl; \
152
ir = xr ^ kr; \
153
t0 = il >> 16; \
154
t1 = ir >> 16; \
155
yl = CAMELLIA_SP1110(ir & 0xff) \
156
^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
157
^ CAMELLIA_SP3033(t1 & 0xff) \
158
^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
159
yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
160
^ CAMELLIA_SP0222(t0 & 0xff) \
161
^ CAMELLIA_SP3033((il >> 8) & 0xff) \
162
^ CAMELLIA_SP4404(il & 0xff); \
163
yl ^= yr; \
164
yr = CAMELLIA_RR8(yr); \
165
yr ^= yl; \
166
} while(0)
167
168
169
/*
170
* for speed up
171
*
172
*/
173
#if !defined(_MSC_VER)
174
175
#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
176
do \
177
{ \
178
t0 = kll; \
179
t2 = krr; \
180
t0 &= ll; \
181
t2 |= rr; \
182
rl ^= t2; \
183
lr ^= CAMELLIA_RL1(t0); \
184
t3 = krl; \
185
t1 = klr; \
186
t3 &= rl; \
187
t1 |= lr; \
188
ll ^= t1; \
189
rr ^= CAMELLIA_RL1(t3); \
190
} while(0)
191
192
#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
193
do \
194
{ \
195
ir = CAMELLIA_SP1110(xr & 0xff); \
196
il = CAMELLIA_SP1110((xl>>24) & 0xff); \
197
ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
198
il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
199
ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
200
il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
201
ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
202
il ^= CAMELLIA_SP4404(xl & 0xff); \
203
il ^= kl; \
204
ir ^= il ^ kr; \
205
yl ^= ir; \
206
yr ^= CAMELLIA_RR8(il) ^ ir; \
207
} while(0)
208
209
#else /* for MS-VC */
210
211
#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
212
do \
213
{ \
214
t0 = kll; \
215
t0 &= ll; \
216
lr ^= CAMELLIA_RL1(t0); \
217
t1 = klr; \
218
t1 |= lr; \
219
ll ^= t1; \
220
\
221
t2 = krr; \
222
t2 |= rr; \
223
rl ^= t2; \
224
t3 = krl; \
225
t3 &= rl; \
226
rr ^= CAMELLIA_RL1(t3); \
227
} while(0)
228
229
#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
230
do \
231
{ \
232
il = xl; \
233
ir = xr; \
234
t0 = il >> 16; \
235
t1 = ir >> 16; \
236
ir = CAMELLIA_SP1110(ir & 0xff) \
237
^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
238
^ CAMELLIA_SP3033(t1 & 0xff) \
239
^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
240
il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
241
^ CAMELLIA_SP0222(t0 & 0xff) \
242
^ CAMELLIA_SP3033((il >> 8) & 0xff) \
243
^ CAMELLIA_SP4404(il & 0xff); \
244
il ^= kl; \
245
ir ^= kr; \
246
ir ^= il; \
247
il = CAMELLIA_RR8(il); \
248
il ^= ir; \
249
yl ^= ir; \
250
yr ^= il; \
251
} while(0)
252
#endif
253
254
static const uint32_t camellia_sp1110[256] =
255
{
256
0x70707000,0x82828200,0x2c2c2c00,0xececec00,
257
0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
258
0xe4e4e400,0x85858500,0x57575700,0x35353500,
259
0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
260
0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
261
0x45454500,0x19191900,0xa5a5a500,0x21212100,
262
0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
263
0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
264
0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
265
0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
266
0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
267
0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
268
0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
269
0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
270
0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
271
0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
272
0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
273
0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
274
0x74747400,0x12121200,0x2b2b2b00,0x20202000,
275
0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
276
0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
277
0x34343400,0x7e7e7e00,0x76767600,0x05050500,
278
0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
279
0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
280
0x14141400,0x58585800,0x3a3a3a00,0x61616100,
281
0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
282
0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
283
0x53535300,0x18181800,0xf2f2f200,0x22222200,
284
0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
285
0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
286
0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
287
0x60606000,0xfcfcfc00,0x69696900,0x50505000,
288
0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
289
0xa1a1a100,0x89898900,0x62626200,0x97979700,
290
0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
291
0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
292
0x10101000,0xc4c4c400,0x00000000,0x48484800,
293
0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
294
0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
295
0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
296
0x87878700,0x5c5c5c00,0x83838300,0x02020200,
297
0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
298
0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
299
0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
300
0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
301
0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
302
0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
303
0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
304
0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
305
0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
306
0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
307
0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
308
0x78787800,0x98989800,0x06060600,0x6a6a6a00,
309
0xe7e7e700,0x46464600,0x71717100,0xbababa00,
310
0xd4d4d400,0x25252500,0xababab00,0x42424200,
311
0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
312
0x72727200,0x07070700,0xb9b9b900,0x55555500,
313
0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
314
0x36363600,0x49494900,0x2a2a2a00,0x68686800,
315
0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
316
0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
317
0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
318
0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
319
0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
320
};
321
322
static const uint32_t camellia_sp0222[256] =
323
{
324
0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
325
0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
326
0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
327
0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
328
0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
329
0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
330
0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
331
0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
332
0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
333
0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
334
0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
335
0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
336
0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
337
0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
338
0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
339
0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
340
0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
341
0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
342
0x00e8e8e8,0x00242424,0x00565656,0x00404040,
343
0x00e1e1e1,0x00636363,0x00090909,0x00333333,
344
0x00bfbfbf,0x00989898,0x00979797,0x00858585,
345
0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
346
0x00dadada,0x006f6f6f,0x00535353,0x00626262,
347
0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
348
0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
349
0x00bdbdbd,0x00363636,0x00222222,0x00383838,
350
0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
351
0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
352
0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
353
0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
354
0x00484848,0x00101010,0x00d1d1d1,0x00515151,
355
0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
356
0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
357
0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
358
0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
359
0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
360
0x00202020,0x00898989,0x00000000,0x00909090,
361
0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
362
0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
363
0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
364
0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
365
0x009b9b9b,0x00949494,0x00212121,0x00666666,
366
0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
367
0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
368
0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
369
0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
370
0x00030303,0x002d2d2d,0x00dedede,0x00969696,
371
0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
372
0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
373
0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
374
0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
375
0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
376
0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
377
0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
378
0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
379
0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
380
0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
381
0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
382
0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
383
0x00787878,0x00707070,0x00e3e3e3,0x00494949,
384
0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
385
0x00777777,0x00939393,0x00868686,0x00838383,
386
0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
387
0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
388
};
389
390
static const uint32_t camellia_sp3033[256] =
391
{
392
0x38003838,0x41004141,0x16001616,0x76007676,
393
0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
394
0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
395
0x75007575,0x06000606,0x57005757,0xa000a0a0,
396
0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
397
0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
398
0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
399
0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
400
0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
401
0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
402
0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
403
0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
404
0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
405
0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
406
0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
407
0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
408
0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
409
0xfd00fdfd,0x66006666,0x58005858,0x96009696,
410
0x3a003a3a,0x09000909,0x95009595,0x10001010,
411
0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
412
0xef00efef,0x26002626,0xe500e5e5,0x61006161,
413
0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
414
0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
415
0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
416
0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
417
0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
418
0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
419
0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
420
0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
421
0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
422
0x12001212,0x04000404,0x74007474,0x54005454,
423
0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
424
0x55005555,0x68006868,0x50005050,0xbe00bebe,
425
0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
426
0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
427
0x70007070,0xff00ffff,0x32003232,0x69006969,
428
0x08000808,0x62006262,0x00000000,0x24002424,
429
0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
430
0x45004545,0x81008181,0x73007373,0x6d006d6d,
431
0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
432
0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
433
0xe600e6e6,0x25002525,0x48004848,0x99009999,
434
0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
435
0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
436
0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
437
0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
438
0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
439
0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
440
0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
441
0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
442
0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
443
0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
444
0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
445
0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
446
0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
447
0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
448
0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
449
0x7c007c7c,0x77007777,0x56005656,0x05000505,
450
0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
451
0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
452
0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
453
0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
454
0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
455
0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
456
};
457
458
static const uint32_t camellia_sp4404[256] =
459
{
460
0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
461
0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
462
0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
463
0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
464
0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
465
0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
466
0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
467
0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
468
0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
469
0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
470
0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
471
0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
472
0x14140014,0x3a3a003a,0xdede00de,0x11110011,
473
0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
474
0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
475
0x24240024,0xe8e800e8,0x60600060,0x69690069,
476
0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
477
0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
478
0x10100010,0x00000000,0xa3a300a3,0x75750075,
479
0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
480
0x87870087,0x83830083,0xcdcd00cd,0x90900090,
481
0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
482
0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
483
0x81810081,0x6f6f006f,0x13130013,0x63630063,
484
0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
485
0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
486
0x78780078,0x06060006,0xe7e700e7,0x71710071,
487
0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
488
0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
489
0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
490
0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
491
0x15150015,0xadad00ad,0x77770077,0x80800080,
492
0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
493
0x85850085,0x35350035,0x0c0c000c,0x41410041,
494
0xefef00ef,0x93930093,0x19190019,0x21210021,
495
0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
496
0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
497
0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
498
0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
499
0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
500
0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
501
0x12120012,0x20200020,0xb1b100b1,0x99990099,
502
0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
503
0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
504
0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
505
0x0f0f000f,0x16160016,0x18180018,0x22220022,
506
0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
507
0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
508
0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
509
0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
510
0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
511
0x03030003,0xdada00da,0x3f3f003f,0x94940094,
512
0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
513
0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
514
0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
515
0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
516
0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
517
0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
518
0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
519
0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
520
0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
521
0x49490049,0x68680068,0x38380038,0xa4a400a4,
522
0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
523
0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
524
};
525
526
527
/**
528
* Stuff related to the Camellia key schedule
529
*/
530
#define subl(x) subL[(x)]
531
#define subr(x) subR[(x)]
532
533
void camellia_setup128(const unsigned char *key, uint32_t *subkey)
534
{
535
uint32_t kll, klr, krl, krr;
536
uint32_t il, ir, t0, t1, w0, w1;
537
uint32_t kw4l, kw4r, dw, tl, tr;
538
uint32_t subL[26];
539
uint32_t subR[26];
540
541
/**
542
* k == kll || klr || krl || krr (|| is concatination)
543
*/
544
kll = GETU32(key );
545
klr = GETU32(key + 4);
546
krl = GETU32(key + 8);
547
krr = GETU32(key + 12);
548
/**
549
* generate KL dependent subkeys
550
*/
551
/* kw1 */
552
subl(0) = kll; subr(0) = klr;
553
/* kw2 */
554
subl(1) = krl; subr(1) = krr;
555
/* rotation left shift 15bit */
556
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
557
/* k3 */
558
subl(4) = kll; subr(4) = klr;
559
/* k4 */
560
subl(5) = krl; subr(5) = krr;
561
/* rotation left shift 15+30bit */
562
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
563
/* k7 */
564
subl(10) = kll; subr(10) = klr;
565
/* k8 */
566
subl(11) = krl; subr(11) = krr;
567
/* rotation left shift 15+30+15bit */
568
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569
/* k10 */
570
subl(13) = krl; subr(13) = krr;
571
/* rotation left shift 15+30+15+17 bit */
572
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
573
/* kl3 */
574
subl(16) = kll; subr(16) = klr;
575
/* kl4 */
576
subl(17) = krl; subr(17) = krr;
577
/* rotation left shift 15+30+15+17+17 bit */
578
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
579
/* k13 */
580
subl(18) = kll; subr(18) = klr;
581
/* k14 */
582
subl(19) = krl; subr(19) = krr;
583
/* rotation left shift 15+30+15+17+17+17 bit */
584
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
585
/* k17 */
586
subl(22) = kll; subr(22) = klr;
587
/* k18 */
588
subl(23) = krl; subr(23) = krr;
589
590
/* generate KA */
591
kll = subl(0); klr = subr(0);
592
krl = subl(1); krr = subr(1);
593
CAMELLIA_F(kll, klr,
594
CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
595
w0, w1, il, ir, t0, t1);
596
krl ^= w0; krr ^= w1;
597
CAMELLIA_F(krl, krr,
598
CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
599
kll, klr, il, ir, t0, t1);
600
/* current status == (kll, klr, w0, w1) */
601
CAMELLIA_F(kll, klr,
602
CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
603
krl, krr, il, ir, t0, t1);
604
krl ^= w0; krr ^= w1;
605
CAMELLIA_F(krl, krr,
606
CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
607
w0, w1, il, ir, t0, t1);
608
kll ^= w0; klr ^= w1;
609
610
/* generate KA dependent subkeys */
611
/* k1, k2 */
612
subl(2) = kll; subr(2) = klr;
613
subl(3) = krl; subr(3) = krr;
614
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
615
/* k5,k6 */
616
subl(6) = kll; subr(6) = klr;
617
subl(7) = krl; subr(7) = krr;
618
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
619
/* kl1, kl2 */
620
subl(8) = kll; subr(8) = klr;
621
subl(9) = krl; subr(9) = krr;
622
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
623
/* k9 */
624
subl(12) = kll; subr(12) = klr;
625
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
626
/* k11, k12 */
627
subl(14) = kll; subr(14) = klr;
628
subl(15) = krl; subr(15) = krr;
629
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
630
/* k15, k16 */
631
subl(20) = kll; subr(20) = klr;
632
subl(21) = krl; subr(21) = krr;
633
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
634
/* kw3, kw4 */
635
subl(24) = kll; subr(24) = klr;
636
subl(25) = krl; subr(25) = krr;
637
638
639
/* absorb kw2 to other subkeys */
640
/* round 2 */
641
subl(3) ^= subl(1); subr(3) ^= subr(1);
642
/* round 4 */
643
subl(5) ^= subl(1); subr(5) ^= subr(1);
644
/* round 6 */
645
subl(7) ^= subl(1); subr(7) ^= subr(1);
646
subl(1) ^= subr(1) & ~subr(9);
647
dw = subl(1) & subl(9),
648
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
649
/* round 8 */
650
subl(11) ^= subl(1); subr(11) ^= subr(1);
651
/* round 10 */
652
subl(13) ^= subl(1); subr(13) ^= subr(1);
653
/* round 12 */
654
subl(15) ^= subl(1); subr(15) ^= subr(1);
655
subl(1) ^= subr(1) & ~subr(17);
656
dw = subl(1) & subl(17),
657
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
658
/* round 14 */
659
subl(19) ^= subl(1); subr(19) ^= subr(1);
660
/* round 16 */
661
subl(21) ^= subl(1); subr(21) ^= subr(1);
662
/* round 18 */
663
subl(23) ^= subl(1); subr(23) ^= subr(1);
664
/* kw3 */
665
subl(24) ^= subl(1); subr(24) ^= subr(1);
666
667
/* absorb kw4 to other subkeys */
668
kw4l = subl(25); kw4r = subr(25);
669
/* round 17 */
670
subl(22) ^= kw4l; subr(22) ^= kw4r;
671
/* round 15 */
672
subl(20) ^= kw4l; subr(20) ^= kw4r;
673
/* round 13 */
674
subl(18) ^= kw4l; subr(18) ^= kw4r;
675
kw4l ^= kw4r & ~subr(16);
676
dw = kw4l & subl(16),
677
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
678
/* round 11 */
679
subl(14) ^= kw4l; subr(14) ^= kw4r;
680
/* round 9 */
681
subl(12) ^= kw4l; subr(12) ^= kw4r;
682
/* round 7 */
683
subl(10) ^= kw4l; subr(10) ^= kw4r;
684
kw4l ^= kw4r & ~subr(8);
685
dw = kw4l & subl(8),
686
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
687
/* round 5 */
688
subl(6) ^= kw4l; subr(6) ^= kw4r;
689
/* round 3 */
690
subl(4) ^= kw4l; subr(4) ^= kw4r;
691
/* round 1 */
692
subl(2) ^= kw4l; subr(2) ^= kw4r;
693
/* kw1 */
694
subl(0) ^= kw4l; subr(0) ^= kw4r;
695
696
697
/* key XOR is end of F-function */
698
CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
699
CamelliaSubkeyR(0) = subr(0) ^ subr(2);
700
CamelliaSubkeyL(2) = subl(3); /* round 1 */
701
CamelliaSubkeyR(2) = subr(3);
702
CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
703
CamelliaSubkeyR(3) = subr(2) ^ subr(4);
704
CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
705
CamelliaSubkeyR(4) = subr(3) ^ subr(5);
706
CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
707
CamelliaSubkeyR(5) = subr(4) ^ subr(6);
708
CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
709
CamelliaSubkeyR(6) = subr(5) ^ subr(7);
710
tl = subl(10) ^ (subr(10) & ~subr(8));
711
dw = tl & subl(8), /* FL(kl1) */
712
tr = subr(10) ^ CAMELLIA_RL1(dw);
713
CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
714
CamelliaSubkeyR(7) = subr(6) ^ tr;
715
CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
716
CamelliaSubkeyR(8) = subr(8);
717
CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
718
CamelliaSubkeyR(9) = subr(9);
719
tl = subl(7) ^ (subr(7) & ~subr(9));
720
dw = tl & subl(9), /* FLinv(kl2) */
721
tr = subr(7) ^ CAMELLIA_RL1(dw);
722
CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
723
CamelliaSubkeyR(10) = tr ^ subr(11);
724
CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
725
CamelliaSubkeyR(11) = subr(10) ^ subr(12);
726
CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
727
CamelliaSubkeyR(12) = subr(11) ^ subr(13);
728
CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
729
CamelliaSubkeyR(13) = subr(12) ^ subr(14);
730
CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
731
CamelliaSubkeyR(14) = subr(13) ^ subr(15);
732
tl = subl(18) ^ (subr(18) & ~subr(16));
733
dw = tl & subl(16), /* FL(kl3) */
734
tr = subr(18) ^ CAMELLIA_RL1(dw);
735
CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
736
CamelliaSubkeyR(15) = subr(14) ^ tr;
737
CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
738
CamelliaSubkeyR(16) = subr(16);
739
CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
740
CamelliaSubkeyR(17) = subr(17);
741
tl = subl(15) ^ (subr(15) & ~subr(17));
742
dw = tl & subl(17), /* FLinv(kl4) */
743
tr = subr(15) ^ CAMELLIA_RL1(dw);
744
CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
745
CamelliaSubkeyR(18) = tr ^ subr(19);
746
CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
747
CamelliaSubkeyR(19) = subr(18) ^ subr(20);
748
CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
749
CamelliaSubkeyR(20) = subr(19) ^ subr(21);
750
CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
751
CamelliaSubkeyR(21) = subr(20) ^ subr(22);
752
CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
753
CamelliaSubkeyR(22) = subr(21) ^ subr(23);
754
CamelliaSubkeyL(23) = subl(22); /* round 18 */
755
CamelliaSubkeyR(23) = subr(22);
756
CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
757
CamelliaSubkeyR(24) = subr(24) ^ subr(23);
758
759
/* apply the inverse of the last half of P-function */
760
dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
761
dw = CAMELLIA_RL8(dw);/* round 1 */
762
CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
763
CamelliaSubkeyL(2) = dw;
764
dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
765
dw = CAMELLIA_RL8(dw);/* round 2 */
766
CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
767
CamelliaSubkeyL(3) = dw;
768
dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
769
dw = CAMELLIA_RL8(dw);/* round 3 */
770
CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
771
CamelliaSubkeyL(4) = dw;
772
dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
773
dw = CAMELLIA_RL8(dw);/* round 4 */
774
CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
775
CamelliaSubkeyL(5) = dw;
776
dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
777
dw = CAMELLIA_RL8(dw);/* round 5 */
778
CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
779
CamelliaSubkeyL(6) = dw;
780
dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
781
dw = CAMELLIA_RL8(dw);/* round 6 */
782
CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
783
CamelliaSubkeyL(7) = dw;
784
dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
785
dw = CAMELLIA_RL8(dw);/* round 7 */
786
CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
787
CamelliaSubkeyL(10) = dw;
788
dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
789
dw = CAMELLIA_RL8(dw);/* round 8 */
790
CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
791
CamelliaSubkeyL(11) = dw;
792
dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
793
dw = CAMELLIA_RL8(dw);/* round 9 */
794
CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
795
CamelliaSubkeyL(12) = dw;
796
dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
797
dw = CAMELLIA_RL8(dw);/* round 10 */
798
CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
799
CamelliaSubkeyL(13) = dw;
800
dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
801
dw = CAMELLIA_RL8(dw);/* round 11 */
802
CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
803
CamelliaSubkeyL(14) = dw;
804
dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
805
dw = CAMELLIA_RL8(dw);/* round 12 */
806
CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
807
CamelliaSubkeyL(15) = dw;
808
dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
809
dw = CAMELLIA_RL8(dw);/* round 13 */
810
CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
811
CamelliaSubkeyL(18) = dw;
812
dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
813
dw = CAMELLIA_RL8(dw);/* round 14 */
814
CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
815
CamelliaSubkeyL(19) = dw;
816
dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
817
dw = CAMELLIA_RL8(dw);/* round 15 */
818
CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
819
CamelliaSubkeyL(20) = dw;
820
dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
821
dw = CAMELLIA_RL8(dw);/* round 16 */
822
CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
823
CamelliaSubkeyL(21) = dw;
824
dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
825
dw = CAMELLIA_RL8(dw);/* round 17 */
826
CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
827
CamelliaSubkeyL(22) = dw;
828
dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
829
dw = CAMELLIA_RL8(dw);/* round 18 */
830
CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
831
CamelliaSubkeyL(23) = dw;
832
833
return;
834
}
835
836
void camellia_setup256(const unsigned char *key, uint32_t *subkey)
837
{
838
uint32_t kll,klr,krl,krr; /* left half of key */
839
uint32_t krll,krlr,krrl,krrr; /* right half of key */
840
uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */
841
uint32_t kw4l, kw4r, dw, tl, tr;
842
uint32_t subL[34];
843
uint32_t subR[34];
844
845
/**
846
* key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
847
* (|| is concatination)
848
*/
849
850
kll = GETU32(key );
851
klr = GETU32(key + 4);
852
krl = GETU32(key + 8);
853
krr = GETU32(key + 12);
854
krll = GETU32(key + 16);
855
krlr = GETU32(key + 20);
856
krrl = GETU32(key + 24);
857
krrr = GETU32(key + 28);
858
859
/* generate KL dependent subkeys */
860
/* kw1 */
861
subl(0) = kll; subr(0) = klr;
862
/* kw2 */
863
subl(1) = krl; subr(1) = krr;
864
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
865
/* k9 */
866
subl(12) = kll; subr(12) = klr;
867
/* k10 */
868
subl(13) = krl; subr(13) = krr;
869
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
870
/* kl3 */
871
subl(16) = kll; subr(16) = klr;
872
/* kl4 */
873
subl(17) = krl; subr(17) = krr;
874
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
875
/* k17 */
876
subl(22) = kll; subr(22) = klr;
877
/* k18 */
878
subl(23) = krl; subr(23) = krr;
879
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
880
/* k23 */
881
subl(30) = kll; subr(30) = klr;
882
/* k24 */
883
subl(31) = krl; subr(31) = krr;
884
885
/* generate KR dependent subkeys */
886
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
887
/* k3 */
888
subl(4) = krll; subr(4) = krlr;
889
/* k4 */
890
subl(5) = krrl; subr(5) = krrr;
891
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
892
/* kl1 */
893
subl(8) = krll; subr(8) = krlr;
894
/* kl2 */
895
subl(9) = krrl; subr(9) = krrr;
896
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
897
/* k13 */
898
subl(18) = krll; subr(18) = krlr;
899
/* k14 */
900
subl(19) = krrl; subr(19) = krrr;
901
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
902
/* k19 */
903
subl(26) = krll; subr(26) = krlr;
904
/* k20 */
905
subl(27) = krrl; subr(27) = krrr;
906
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
907
908
/* generate KA */
909
kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
910
krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
911
CAMELLIA_F(kll, klr,
912
CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
913
w0, w1, il, ir, t0, t1);
914
krl ^= w0; krr ^= w1;
915
CAMELLIA_F(krl, krr,
916
CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
917
kll, klr, il, ir, t0, t1);
918
kll ^= krll; klr ^= krlr;
919
CAMELLIA_F(kll, klr,
920
CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
921
krl, krr, il, ir, t0, t1);
922
krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
923
CAMELLIA_F(krl, krr,
924
CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
925
w0, w1, il, ir, t0, t1);
926
kll ^= w0; klr ^= w1;
927
928
/* generate KB */
929
krll ^= kll; krlr ^= klr;
930
krrl ^= krl; krrr ^= krr;
931
CAMELLIA_F(krll, krlr,
932
CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
933
w0, w1, il, ir, t0, t1);
934
krrl ^= w0; krrr ^= w1;
935
CAMELLIA_F(krrl, krrr,
936
CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
937
w0, w1, il, ir, t0, t1);
938
krll ^= w0; krlr ^= w1;
939
940
/* generate KA dependent subkeys */
941
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
942
/* k5 */
943
subl(6) = kll; subr(6) = klr;
944
/* k6 */
945
subl(7) = krl; subr(7) = krr;
946
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
947
/* k11 */
948
subl(14) = kll; subr(14) = klr;
949
/* k12 */
950
subl(15) = krl; subr(15) = krr;
951
/* rotation left shift 32bit */
952
/* kl5 */
953
subl(24) = klr; subr(24) = krl;
954
/* kl6 */
955
subl(25) = krr; subr(25) = kll;
956
/* rotation left shift 49 from k11,k12 -> k21,k22 */
957
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
958
/* k21 */
959
subl(28) = kll; subr(28) = klr;
960
/* k22 */
961
subl(29) = krl; subr(29) = krr;
962
963
/* generate KB dependent subkeys */
964
/* k1 */
965
subl(2) = krll; subr(2) = krlr;
966
/* k2 */
967
subl(3) = krrl; subr(3) = krrr;
968
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
969
/* k7 */
970
subl(10) = krll; subr(10) = krlr;
971
/* k8 */
972
subl(11) = krrl; subr(11) = krrr;
973
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
974
/* k15 */
975
subl(20) = krll; subr(20) = krlr;
976
/* k16 */
977
subl(21) = krrl; subr(21) = krrr;
978
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
979
/* kw3 */
980
subl(32) = krll; subr(32) = krlr;
981
/* kw4 */
982
subl(33) = krrl; subr(33) = krrr;
983
984
/* absorb kw2 to other subkeys */
985
/* round 2 */
986
subl(3) ^= subl(1); subr(3) ^= subr(1);
987
/* round 4 */
988
subl(5) ^= subl(1); subr(5) ^= subr(1);
989
/* round 6 */
990
subl(7) ^= subl(1); subr(7) ^= subr(1);
991
subl(1) ^= subr(1) & ~subr(9);
992
dw = subl(1) & subl(9),
993
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
994
/* round 8 */
995
subl(11) ^= subl(1); subr(11) ^= subr(1);
996
/* round 10 */
997
subl(13) ^= subl(1); subr(13) ^= subr(1);
998
/* round 12 */
999
subl(15) ^= subl(1); subr(15) ^= subr(1);
1000
subl(1) ^= subr(1) & ~subr(17);
1001
dw = subl(1) & subl(17),
1002
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
1003
/* round 14 */
1004
subl(19) ^= subl(1); subr(19) ^= subr(1);
1005
/* round 16 */
1006
subl(21) ^= subl(1); subr(21) ^= subr(1);
1007
/* round 18 */
1008
subl(23) ^= subl(1); subr(23) ^= subr(1);
1009
subl(1) ^= subr(1) & ~subr(25);
1010
dw = subl(1) & subl(25),
1011
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
1012
/* round 20 */
1013
subl(27) ^= subl(1); subr(27) ^= subr(1);
1014
/* round 22 */
1015
subl(29) ^= subl(1); subr(29) ^= subr(1);
1016
/* round 24 */
1017
subl(31) ^= subl(1); subr(31) ^= subr(1);
1018
/* kw3 */
1019
subl(32) ^= subl(1); subr(32) ^= subr(1);
1020
1021
1022
/* absorb kw4 to other subkeys */
1023
kw4l = subl(33); kw4r = subr(33);
1024
/* round 23 */
1025
subl(30) ^= kw4l; subr(30) ^= kw4r;
1026
/* round 21 */
1027
subl(28) ^= kw4l; subr(28) ^= kw4r;
1028
/* round 19 */
1029
subl(26) ^= kw4l; subr(26) ^= kw4r;
1030
kw4l ^= kw4r & ~subr(24);
1031
dw = kw4l & subl(24),
1032
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
1033
/* round 17 */
1034
subl(22) ^= kw4l; subr(22) ^= kw4r;
1035
/* round 15 */
1036
subl(20) ^= kw4l; subr(20) ^= kw4r;
1037
/* round 13 */
1038
subl(18) ^= kw4l; subr(18) ^= kw4r;
1039
kw4l ^= kw4r & ~subr(16);
1040
dw = kw4l & subl(16),
1041
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
1042
/* round 11 */
1043
subl(14) ^= kw4l; subr(14) ^= kw4r;
1044
/* round 9 */
1045
subl(12) ^= kw4l; subr(12) ^= kw4r;
1046
/* round 7 */
1047
subl(10) ^= kw4l; subr(10) ^= kw4r;
1048
kw4l ^= kw4r & ~subr(8);
1049
dw = kw4l & subl(8),
1050
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
1051
/* round 5 */
1052
subl(6) ^= kw4l; subr(6) ^= kw4r;
1053
/* round 3 */
1054
subl(4) ^= kw4l; subr(4) ^= kw4r;
1055
/* round 1 */
1056
subl(2) ^= kw4l; subr(2) ^= kw4r;
1057
/* kw1 */
1058
subl(0) ^= kw4l; subr(0) ^= kw4r;
1059
1060
/* key XOR is end of F-function */
1061
CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
1062
CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1063
CamelliaSubkeyL(2) = subl(3); /* round 1 */
1064
CamelliaSubkeyR(2) = subr(3);
1065
CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1066
CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1067
CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1068
CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1069
CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1070
CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1071
CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1072
CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1073
tl = subl(10) ^ (subr(10) & ~subr(8));
1074
dw = tl & subl(8), /* FL(kl1) */
1075
tr = subr(10) ^ CAMELLIA_RL1(dw);
1076
CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1077
CamelliaSubkeyR(7) = subr(6) ^ tr;
1078
CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1079
CamelliaSubkeyR(8) = subr(8);
1080
CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1081
CamelliaSubkeyR(9) = subr(9);
1082
tl = subl(7) ^ (subr(7) & ~subr(9));
1083
dw = tl & subl(9), /* FLinv(kl2) */
1084
tr = subr(7) ^ CAMELLIA_RL1(dw);
1085
CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1086
CamelliaSubkeyR(10) = tr ^ subr(11);
1087
CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1088
CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1089
CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1090
CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1091
CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1092
CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1093
CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1094
CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1095
tl = subl(18) ^ (subr(18) & ~subr(16));
1096
dw = tl & subl(16), /* FL(kl3) */
1097
tr = subr(18) ^ CAMELLIA_RL1(dw);
1098
CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1099
CamelliaSubkeyR(15) = subr(14) ^ tr;
1100
CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1101
CamelliaSubkeyR(16) = subr(16);
1102
CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1103
CamelliaSubkeyR(17) = subr(17);
1104
tl = subl(15) ^ (subr(15) & ~subr(17));
1105
dw = tl & subl(17), /* FLinv(kl4) */
1106
tr = subr(15) ^ CAMELLIA_RL1(dw);
1107
CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1108
CamelliaSubkeyR(18) = tr ^ subr(19);
1109
CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1110
CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1111
CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1112
CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1113
CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1114
CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1115
CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1116
CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1117
tl = subl(26) ^ (subr(26)
1118
& ~subr(24));
1119
dw = tl & subl(24), /* FL(kl5) */
1120
tr = subr(26) ^ CAMELLIA_RL1(dw);
1121
CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1122
CamelliaSubkeyR(23) = subr(22) ^ tr;
1123
CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1124
CamelliaSubkeyR(24) = subr(24);
1125
CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1126
CamelliaSubkeyR(25) = subr(25);
1127
tl = subl(23) ^ (subr(23) &
1128
~subr(25));
1129
dw = tl & subl(25), /* FLinv(kl6) */
1130
tr = subr(23) ^ CAMELLIA_RL1(dw);
1131
CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1132
CamelliaSubkeyR(26) = tr ^ subr(27);
1133
CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1134
CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1135
CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1136
CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1137
CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1138
CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1139
CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1140
CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1141
CamelliaSubkeyL(31) = subl(30); /* round 24 */
1142
CamelliaSubkeyR(31) = subr(30);
1143
CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1144
CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1145
1146
/* apply the inverse of the last half of P-function */
1147
dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
1148
dw = CAMELLIA_RL8(dw);/* round 1 */
1149
CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
1150
CamelliaSubkeyL(2) = dw;
1151
dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
1152
dw = CAMELLIA_RL8(dw);/* round 2 */
1153
CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
1154
CamelliaSubkeyL(3) = dw;
1155
dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
1156
dw = CAMELLIA_RL8(dw);/* round 3 */
1157
CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
1158
CamelliaSubkeyL(4) = dw;
1159
dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
1160
dw = CAMELLIA_RL8(dw);/* round 4 */
1161
CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
1162
CamelliaSubkeyL(5) = dw;
1163
dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
1164
dw = CAMELLIA_RL8(dw);/* round 5 */
1165
CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
1166
CamelliaSubkeyL(6) = dw;
1167
dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
1168
dw = CAMELLIA_RL8(dw);/* round 6 */
1169
CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
1170
CamelliaSubkeyL(7) = dw;
1171
dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
1172
dw = CAMELLIA_RL8(dw);/* round 7 */
1173
CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
1174
CamelliaSubkeyL(10) = dw;
1175
dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
1176
dw = CAMELLIA_RL8(dw);/* round 8 */
1177
CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
1178
CamelliaSubkeyL(11) = dw;
1179
dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
1180
dw = CAMELLIA_RL8(dw);/* round 9 */
1181
CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
1182
CamelliaSubkeyL(12) = dw;
1183
dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
1184
dw = CAMELLIA_RL8(dw);/* round 10 */
1185
CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
1186
CamelliaSubkeyL(13) = dw;
1187
dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
1188
dw = CAMELLIA_RL8(dw);/* round 11 */
1189
CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
1190
CamelliaSubkeyL(14) = dw;
1191
dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
1192
dw = CAMELLIA_RL8(dw);/* round 12 */
1193
CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
1194
CamelliaSubkeyL(15) = dw;
1195
dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
1196
dw = CAMELLIA_RL8(dw);/* round 13 */
1197
CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
1198
CamelliaSubkeyL(18) = dw;
1199
dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
1200
dw = CAMELLIA_RL8(dw);/* round 14 */
1201
CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
1202
CamelliaSubkeyL(19) = dw;
1203
dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
1204
dw = CAMELLIA_RL8(dw);/* round 15 */
1205
CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
1206
CamelliaSubkeyL(20) = dw;
1207
dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
1208
dw = CAMELLIA_RL8(dw);/* round 16 */
1209
CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
1210
CamelliaSubkeyL(21) = dw;
1211
dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
1212
dw = CAMELLIA_RL8(dw);/* round 17 */
1213
CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
1214
CamelliaSubkeyL(22) = dw;
1215
dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
1216
dw = CAMELLIA_RL8(dw);/* round 18 */
1217
CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
1218
CamelliaSubkeyL(23) = dw;
1219
dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
1220
dw = CAMELLIA_RL8(dw);/* round 19 */
1221
CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
1222
CamelliaSubkeyL(26) = dw;
1223
dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
1224
dw = CAMELLIA_RL8(dw);/* round 20 */
1225
CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
1226
CamelliaSubkeyL(27) = dw;
1227
dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
1228
dw = CAMELLIA_RL8(dw);/* round 21 */
1229
CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
1230
CamelliaSubkeyL(28) = dw;
1231
dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
1232
dw = CAMELLIA_RL8(dw);/* round 22 */
1233
CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
1234
CamelliaSubkeyL(29) = dw;
1235
dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
1236
dw = CAMELLIA_RL8(dw);/* round 23 */
1237
CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
1238
CamelliaSubkeyL(30) = dw;
1239
dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
1240
dw = CAMELLIA_RL8(dw);/* round 24 */
1241
CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
1242
CamelliaSubkeyL(31) = dw;
1243
1244
1245
return;
1246
}
1247
1248
void camellia_setup192(const unsigned char *key, uint32_t *subkey)
1249
{
1250
unsigned char kk[32];
1251
uint32_t krll, krlr, krrl,krrr;
1252
1253
memcpy(kk, key, 24);
1254
memcpy((unsigned char *)&krll, key+16,4);
1255
memcpy((unsigned char *)&krlr, key+20,4);
1256
krrl = ~krll;
1257
krrr = ~krlr;
1258
memcpy(kk+24, (unsigned char *)&krrl, 4);
1259
memcpy(kk+28, (unsigned char *)&krrr, 4);
1260
camellia_setup256(kk, subkey);
1261
return;
1262
}
1263
1264
1265
/**
1266
* Stuff related to camellia encryption/decryption
1267
*/
1268
void camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
1269
{
1270
uint32_t il, ir, t0, t1;
1271
1272
SWAP4WORD(io);
1273
/* pre whitening but absorb kw2*/
1274
io[0] ^= CamelliaSubkeyL(0);
1275
io[1] ^= CamelliaSubkeyR(0);
1276
/* main iteration */
1277
1278
CAMELLIA_ROUNDSM(io[0],io[1],
1279
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1280
io[2],io[3],il,ir,t0,t1);
1281
CAMELLIA_ROUNDSM(io[2],io[3],
1282
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1283
io[0],io[1],il,ir,t0,t1);
1284
CAMELLIA_ROUNDSM(io[0],io[1],
1285
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1286
io[2],io[3],il,ir,t0,t1);
1287
CAMELLIA_ROUNDSM(io[2],io[3],
1288
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1289
io[0],io[1],il,ir,t0,t1);
1290
CAMELLIA_ROUNDSM(io[0],io[1],
1291
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1292
io[2],io[3],il,ir,t0,t1);
1293
CAMELLIA_ROUNDSM(io[2],io[3],
1294
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1295
io[0],io[1],il,ir,t0,t1);
1296
1297
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1298
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1299
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1300
t0,t1,il,ir);
1301
1302
CAMELLIA_ROUNDSM(io[0],io[1],
1303
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1304
io[2],io[3],il,ir,t0,t1);
1305
CAMELLIA_ROUNDSM(io[2],io[3],
1306
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1307
io[0],io[1],il,ir,t0,t1);
1308
CAMELLIA_ROUNDSM(io[0],io[1],
1309
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1310
io[2],io[3],il,ir,t0,t1);
1311
CAMELLIA_ROUNDSM(io[2],io[3],
1312
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1313
io[0],io[1],il,ir,t0,t1);
1314
CAMELLIA_ROUNDSM(io[0],io[1],
1315
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1316
io[2],io[3],il,ir,t0,t1);
1317
CAMELLIA_ROUNDSM(io[2],io[3],
1318
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1319
io[0],io[1],il,ir,t0,t1);
1320
1321
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1322
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1323
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1324
t0,t1,il,ir);
1325
1326
CAMELLIA_ROUNDSM(io[0],io[1],
1327
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1328
io[2],io[3],il,ir,t0,t1);
1329
CAMELLIA_ROUNDSM(io[2],io[3],
1330
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1331
io[0],io[1],il,ir,t0,t1);
1332
CAMELLIA_ROUNDSM(io[0],io[1],
1333
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1334
io[2],io[3],il,ir,t0,t1);
1335
CAMELLIA_ROUNDSM(io[2],io[3],
1336
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1337
io[0],io[1],il,ir,t0,t1);
1338
CAMELLIA_ROUNDSM(io[0],io[1],
1339
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1340
io[2],io[3],il,ir,t0,t1);
1341
CAMELLIA_ROUNDSM(io[2],io[3],
1342
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1343
io[0],io[1],il,ir,t0,t1);
1344
1345
/* post whitening but kw4 */
1346
io[2] ^= CamelliaSubkeyL(24);
1347
io[3] ^= CamelliaSubkeyR(24);
1348
1349
t0 = io[0];
1350
t1 = io[1];
1351
io[0] = io[2];
1352
io[1] = io[3];
1353
io[2] = t0;
1354
io[3] = t1;
1355
SWAP4WORD(io);
1356
1357
return;
1358
}
1359
1360
void camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
1361
{
1362
uint32_t il,ir,t0,t1; /* temporary valiables */
1363
1364
SWAP4WORD(io);
1365
1366
/* pre whitening but absorb kw2*/
1367
io[0] ^= CamelliaSubkeyL(24);
1368
io[1] ^= CamelliaSubkeyR(24);
1369
1370
/* main iteration */
1371
CAMELLIA_ROUNDSM(io[0],io[1],
1372
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1373
io[2],io[3],il,ir,t0,t1);
1374
CAMELLIA_ROUNDSM(io[2],io[3],
1375
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1376
io[0],io[1],il,ir,t0,t1);
1377
CAMELLIA_ROUNDSM(io[0],io[1],
1378
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1379
io[2],io[3],il,ir,t0,t1);
1380
CAMELLIA_ROUNDSM(io[2],io[3],
1381
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1382
io[0],io[1],il,ir,t0,t1);
1383
CAMELLIA_ROUNDSM(io[0],io[1],
1384
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1385
io[2],io[3],il,ir,t0,t1);
1386
CAMELLIA_ROUNDSM(io[2],io[3],
1387
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1388
io[0],io[1],il,ir,t0,t1);
1389
1390
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1391
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1392
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1393
t0,t1,il,ir);
1394
1395
CAMELLIA_ROUNDSM(io[0],io[1],
1396
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1397
io[2],io[3],il,ir,t0,t1);
1398
CAMELLIA_ROUNDSM(io[2],io[3],
1399
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1400
io[0],io[1],il,ir,t0,t1);
1401
CAMELLIA_ROUNDSM(io[0],io[1],
1402
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1403
io[2],io[3],il,ir,t0,t1);
1404
CAMELLIA_ROUNDSM(io[2],io[3],
1405
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1406
io[0],io[1],il,ir,t0,t1);
1407
CAMELLIA_ROUNDSM(io[0],io[1],
1408
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1409
io[2],io[3],il,ir,t0,t1);
1410
CAMELLIA_ROUNDSM(io[2],io[3],
1411
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1412
io[0],io[1],il,ir,t0,t1);
1413
1414
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1415
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1416
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1417
t0,t1,il,ir);
1418
1419
CAMELLIA_ROUNDSM(io[0],io[1],
1420
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1421
io[2],io[3],il,ir,t0,t1);
1422
CAMELLIA_ROUNDSM(io[2],io[3],
1423
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1424
io[0],io[1],il,ir,t0,t1);
1425
CAMELLIA_ROUNDSM(io[0],io[1],
1426
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1427
io[2],io[3],il,ir,t0,t1);
1428
CAMELLIA_ROUNDSM(io[2],io[3],
1429
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1430
io[0],io[1],il,ir,t0,t1);
1431
CAMELLIA_ROUNDSM(io[0],io[1],
1432
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1433
io[2],io[3],il,ir,t0,t1);
1434
CAMELLIA_ROUNDSM(io[2],io[3],
1435
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1436
io[0],io[1],il,ir,t0,t1);
1437
1438
/* post whitening but kw4 */
1439
io[2] ^= CamelliaSubkeyL(0);
1440
io[3] ^= CamelliaSubkeyR(0);
1441
1442
t0 = io[0];
1443
t1 = io[1];
1444
io[0] = io[2];
1445
io[1] = io[3];
1446
io[2] = t0;
1447
io[3] = t1;
1448
SWAP4WORD(io);
1449
1450
return;
1451
}
1452
1453
/**
1454
* stuff for 192 and 256bit encryption/decryption
1455
*/
1456
void camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
1457
{
1458
uint32_t il,ir,t0,t1; /* temporary valiables */
1459
1460
SWAP4WORD(io);
1461
1462
/* pre whitening but absorb kw2*/
1463
io[0] ^= CamelliaSubkeyL(0);
1464
io[1] ^= CamelliaSubkeyR(0);
1465
1466
/* main iteration */
1467
CAMELLIA_ROUNDSM(io[0],io[1],
1468
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1469
io[2],io[3],il,ir,t0,t1);
1470
CAMELLIA_ROUNDSM(io[2],io[3],
1471
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1472
io[0],io[1],il,ir,t0,t1);
1473
CAMELLIA_ROUNDSM(io[0],io[1],
1474
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1475
io[2],io[3],il,ir,t0,t1);
1476
CAMELLIA_ROUNDSM(io[2],io[3],
1477
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1478
io[0],io[1],il,ir,t0,t1);
1479
CAMELLIA_ROUNDSM(io[0],io[1],
1480
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1481
io[2],io[3],il,ir,t0,t1);
1482
CAMELLIA_ROUNDSM(io[2],io[3],
1483
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1484
io[0],io[1],il,ir,t0,t1);
1485
1486
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1487
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1488
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1489
t0,t1,il,ir);
1490
1491
CAMELLIA_ROUNDSM(io[0],io[1],
1492
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1493
io[2],io[3],il,ir,t0,t1);
1494
CAMELLIA_ROUNDSM(io[2],io[3],
1495
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1496
io[0],io[1],il,ir,t0,t1);
1497
CAMELLIA_ROUNDSM(io[0],io[1],
1498
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1499
io[2],io[3],il,ir,t0,t1);
1500
CAMELLIA_ROUNDSM(io[2],io[3],
1501
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1502
io[0],io[1],il,ir,t0,t1);
1503
CAMELLIA_ROUNDSM(io[0],io[1],
1504
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1505
io[2],io[3],il,ir,t0,t1);
1506
CAMELLIA_ROUNDSM(io[2],io[3],
1507
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1508
io[0],io[1],il,ir,t0,t1);
1509
1510
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1511
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1512
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1513
t0,t1,il,ir);
1514
1515
CAMELLIA_ROUNDSM(io[0],io[1],
1516
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1517
io[2],io[3],il,ir,t0,t1);
1518
CAMELLIA_ROUNDSM(io[2],io[3],
1519
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1520
io[0],io[1],il,ir,t0,t1);
1521
CAMELLIA_ROUNDSM(io[0],io[1],
1522
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1523
io[2],io[3],il,ir,t0,t1);
1524
CAMELLIA_ROUNDSM(io[2],io[3],
1525
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1526
io[0],io[1],il,ir,t0,t1);
1527
CAMELLIA_ROUNDSM(io[0],io[1],
1528
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1529
io[2],io[3],il,ir,t0,t1);
1530
CAMELLIA_ROUNDSM(io[2],io[3],
1531
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1532
io[0],io[1],il,ir,t0,t1);
1533
1534
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1535
CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1536
CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1537
t0,t1,il,ir);
1538
1539
CAMELLIA_ROUNDSM(io[0],io[1],
1540
CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1541
io[2],io[3],il,ir,t0,t1);
1542
CAMELLIA_ROUNDSM(io[2],io[3],
1543
CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1544
io[0],io[1],il,ir,t0,t1);
1545
CAMELLIA_ROUNDSM(io[0],io[1],
1546
CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1547
io[2],io[3],il,ir,t0,t1);
1548
CAMELLIA_ROUNDSM(io[2],io[3],
1549
CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1550
io[0],io[1],il,ir,t0,t1);
1551
CAMELLIA_ROUNDSM(io[0],io[1],
1552
CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1553
io[2],io[3],il,ir,t0,t1);
1554
CAMELLIA_ROUNDSM(io[2],io[3],
1555
CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1556
io[0],io[1],il,ir,t0,t1);
1557
1558
/* post whitening but kw4 */
1559
io[2] ^= CamelliaSubkeyL(32);
1560
io[3] ^= CamelliaSubkeyR(32);
1561
1562
t0 = io[0];
1563
t1 = io[1];
1564
io[0] = io[2];
1565
io[1] = io[3];
1566
io[2] = t0;
1567
io[3] = t1;
1568
SWAP4WORD(io);
1569
1570
return;
1571
}
1572
1573
void camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
1574
{
1575
uint32_t il,ir,t0,t1; /* temporary valiables */
1576
1577
SWAP4WORD(io);
1578
/* pre whitening but absorb kw2*/
1579
io[0] ^= CamelliaSubkeyL(32);
1580
io[1] ^= CamelliaSubkeyR(32);
1581
1582
/* main iteration */
1583
CAMELLIA_ROUNDSM(io[0],io[1],
1584
CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1585
io[2],io[3],il,ir,t0,t1);
1586
CAMELLIA_ROUNDSM(io[2],io[3],
1587
CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1588
io[0],io[1],il,ir,t0,t1);
1589
CAMELLIA_ROUNDSM(io[0],io[1],
1590
CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1591
io[2],io[3],il,ir,t0,t1);
1592
CAMELLIA_ROUNDSM(io[2],io[3],
1593
CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1594
io[0],io[1],il,ir,t0,t1);
1595
CAMELLIA_ROUNDSM(io[0],io[1],
1596
CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1597
io[2],io[3],il,ir,t0,t1);
1598
CAMELLIA_ROUNDSM(io[2],io[3],
1599
CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1600
io[0],io[1],il,ir,t0,t1);
1601
1602
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1603
CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1604
CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1605
t0,t1,il,ir);
1606
1607
CAMELLIA_ROUNDSM(io[0],io[1],
1608
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1609
io[2],io[3],il,ir,t0,t1);
1610
CAMELLIA_ROUNDSM(io[2],io[3],
1611
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1612
io[0],io[1],il,ir,t0,t1);
1613
CAMELLIA_ROUNDSM(io[0],io[1],
1614
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1615
io[2],io[3],il,ir,t0,t1);
1616
CAMELLIA_ROUNDSM(io[2],io[3],
1617
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1618
io[0],io[1],il,ir,t0,t1);
1619
CAMELLIA_ROUNDSM(io[0],io[1],
1620
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1621
io[2],io[3],il,ir,t0,t1);
1622
CAMELLIA_ROUNDSM(io[2],io[3],
1623
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1624
io[0],io[1],il,ir,t0,t1);
1625
1626
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1627
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1628
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1629
t0,t1,il,ir);
1630
1631
CAMELLIA_ROUNDSM(io[0],io[1],
1632
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1633
io[2],io[3],il,ir,t0,t1);
1634
CAMELLIA_ROUNDSM(io[2],io[3],
1635
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1636
io[0],io[1],il,ir,t0,t1);
1637
CAMELLIA_ROUNDSM(io[0],io[1],
1638
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1639
io[2],io[3],il,ir,t0,t1);
1640
CAMELLIA_ROUNDSM(io[2],io[3],
1641
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1642
io[0],io[1],il,ir,t0,t1);
1643
CAMELLIA_ROUNDSM(io[0],io[1],
1644
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1645
io[2],io[3],il,ir,t0,t1);
1646
CAMELLIA_ROUNDSM(io[2],io[3],
1647
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1648
io[0],io[1],il,ir,t0,t1);
1649
1650
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1651
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1652
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1653
t0,t1,il,ir);
1654
1655
CAMELLIA_ROUNDSM(io[0],io[1],
1656
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1657
io[2],io[3],il,ir,t0,t1);
1658
CAMELLIA_ROUNDSM(io[2],io[3],
1659
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1660
io[0],io[1],il,ir,t0,t1);
1661
CAMELLIA_ROUNDSM(io[0],io[1],
1662
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1663
io[2],io[3],il,ir,t0,t1);
1664
CAMELLIA_ROUNDSM(io[2],io[3],
1665
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1666
io[0],io[1],il,ir,t0,t1);
1667
CAMELLIA_ROUNDSM(io[0],io[1],
1668
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1669
io[2],io[3],il,ir,t0,t1);
1670
CAMELLIA_ROUNDSM(io[2],io[3],
1671
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1672
io[0],io[1],il,ir,t0,t1);
1673
1674
/* post whitening but kw4 */
1675
io[2] ^= CamelliaSubkeyL(0);
1676
io[3] ^= CamelliaSubkeyR(0);
1677
1678
t0 = io[0];
1679
t1 = io[1];
1680
io[0] = io[2];
1681
io[1] = io[3];
1682
io[2] = t0;
1683
io[3] = t1;
1684
SWAP4WORD(io);
1685
1686
return;
1687
}
1688
Loggerhead is a web-based interface for Breezy
Version: 2.0.1