1
/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2
/* ====================================================================
3
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
6
* Intellectual Property information for Camellia:
7
* http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
9
* News Release for Announcement of Camellia open source:
10
* http://www.ntt.co.jp/news/news06e/0604/060413a.html
12
* The Camellia Code included herein is developed by
13
* NTT (Nippon Telegraph and Telephone Corporation), and is contributed
14
* to the OpenSSL project.
16
* The Camellia Code is licensed pursuant to the OpenSSL open source
17
* license provided below.
19
/* ====================================================================
20
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
22
* Redistribution and use in source and binary forms, with or without
23
* modification, are permitted provided that the following conditions
26
* 1. Redistributions of source code must retain the above copyright
27
* notice, this list of conditions and the following disclaimer.
29
* 2. Redistributions in binary form must reproduce the above copyright
30
* notice, this list of conditions and the following disclaimer in
31
* the documentation and/or other materials provided with the
34
* 3. All advertising materials mentioning features or use of this
35
* software must display the following acknowledgment:
36
* "This product includes software developed by the OpenSSL Project
37
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
39
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
40
* endorse or promote products derived from this software without
41
* prior written permission. For written permission, please contact
42
* openssl-core@openssl.org.
44
* 5. Products derived from this software may not be called "OpenSSL"
45
* nor may "OpenSSL" appear in their names without prior written
46
* permission of the OpenSSL Project.
48
* 6. Redistributions of any form whatsoever must retain the following
50
* "This product includes software developed by the OpenSSL Project
51
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
53
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
57
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64
* OF THE POSSIBILITY OF SUCH DAMAGE.
65
* ====================================================================
68
/* Algorithm Specification
69
http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
77
#include "cmll_locl.h"
80
#define CAMELLIA_SIGMA1L (0xA09E667FL)
81
#define CAMELLIA_SIGMA1R (0x3BCC908BL)
82
#define CAMELLIA_SIGMA2L (0xB67AE858L)
83
#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
84
#define CAMELLIA_SIGMA3L (0xC6EF372FL)
85
#define CAMELLIA_SIGMA3R (0xE94F82BEL)
86
#define CAMELLIA_SIGMA4L (0x54FF53A5L)
87
#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
88
#define CAMELLIA_SIGMA5L (0x10E527FAL)
89
#define CAMELLIA_SIGMA5R (0xDE682D1DL)
90
#define CAMELLIA_SIGMA6L (0xB05688C2L)
91
#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
97
/* e is pointer of subkey */
98
#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
99
#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
101
/* rotation right shift 1byte */
102
#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
103
/* rotation left shift 1bit */
104
#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
105
/* rotation left shift 1byte */
106
#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
108
#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
112
ll = (ll << bits) + (lr >> (32 - bits)); \
113
lr = (lr << bits) + (rl >> (32 - bits)); \
114
rl = (rl << bits) + (rr >> (32 - bits)); \
115
rr = (rr << bits) + (w0 >> (32 - bits)); \
118
#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
123
ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
124
lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
125
rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
126
rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
129
#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
130
#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
131
#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
132
#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
134
#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
141
yl = CAMELLIA_SP1110(ir & 0xff) \
142
^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
143
^ CAMELLIA_SP3033(t1 & 0xff) \
144
^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
145
yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
146
^ CAMELLIA_SP0222(t0 & 0xff) \
147
^ CAMELLIA_SP3033((il >> 8) & 0xff) \
148
^ CAMELLIA_SP4404(il & 0xff); \
150
yr = CAMELLIA_RR8(yr); \
159
#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
164
lr ^= CAMELLIA_RL1(t0); \
174
rr ^= CAMELLIA_RL1(t3); \
177
#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
184
ir = CAMELLIA_SP1110(ir & 0xff) \
185
^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
186
^ CAMELLIA_SP3033(t1 & 0xff) \
187
^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
188
il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
189
^ CAMELLIA_SP0222(t0 & 0xff) \
190
^ CAMELLIA_SP3033((il >> 8) & 0xff) \
191
^ CAMELLIA_SP4404(il & 0xff); \
195
il = CAMELLIA_RR8(il); \
201
static const u32 camellia_sp1110[256] =
203
0x70707000,0x82828200,0x2c2c2c00,0xececec00,
204
0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
205
0xe4e4e400,0x85858500,0x57575700,0x35353500,
206
0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
207
0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
208
0x45454500,0x19191900,0xa5a5a500,0x21212100,
209
0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
210
0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
211
0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
212
0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
213
0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
214
0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
215
0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
216
0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
217
0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
218
0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
219
0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
220
0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
221
0x74747400,0x12121200,0x2b2b2b00,0x20202000,
222
0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
223
0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
224
0x34343400,0x7e7e7e00,0x76767600,0x05050500,
225
0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
226
0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
227
0x14141400,0x58585800,0x3a3a3a00,0x61616100,
228
0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
229
0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
230
0x53535300,0x18181800,0xf2f2f200,0x22222200,
231
0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
232
0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
233
0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
234
0x60606000,0xfcfcfc00,0x69696900,0x50505000,
235
0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
236
0xa1a1a100,0x89898900,0x62626200,0x97979700,
237
0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
238
0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
239
0x10101000,0xc4c4c400,0x00000000,0x48484800,
240
0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
241
0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
242
0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
243
0x87878700,0x5c5c5c00,0x83838300,0x02020200,
244
0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
245
0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
246
0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
247
0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
248
0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
249
0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
250
0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
251
0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
252
0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
253
0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
254
0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
255
0x78787800,0x98989800,0x06060600,0x6a6a6a00,
256
0xe7e7e700,0x46464600,0x71717100,0xbababa00,
257
0xd4d4d400,0x25252500,0xababab00,0x42424200,
258
0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
259
0x72727200,0x07070700,0xb9b9b900,0x55555500,
260
0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
261
0x36363600,0x49494900,0x2a2a2a00,0x68686800,
262
0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
263
0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
264
0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
265
0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
266
0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
269
static const u32 camellia_sp0222[256] =
271
0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
272
0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
273
0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
274
0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
275
0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
276
0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
277
0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
278
0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
279
0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
280
0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
281
0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
282
0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
283
0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
284
0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
285
0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
286
0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
287
0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
288
0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
289
0x00e8e8e8,0x00242424,0x00565656,0x00404040,
290
0x00e1e1e1,0x00636363,0x00090909,0x00333333,
291
0x00bfbfbf,0x00989898,0x00979797,0x00858585,
292
0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
293
0x00dadada,0x006f6f6f,0x00535353,0x00626262,
294
0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
295
0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
296
0x00bdbdbd,0x00363636,0x00222222,0x00383838,
297
0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
298
0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
299
0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
300
0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
301
0x00484848,0x00101010,0x00d1d1d1,0x00515151,
302
0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
303
0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
304
0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
305
0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
306
0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
307
0x00202020,0x00898989,0x00000000,0x00909090,
308
0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
309
0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
310
0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
311
0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
312
0x009b9b9b,0x00949494,0x00212121,0x00666666,
313
0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
314
0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
315
0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
316
0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
317
0x00030303,0x002d2d2d,0x00dedede,0x00969696,
318
0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
319
0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
320
0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
321
0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
322
0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
323
0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
324
0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
325
0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
326
0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
327
0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
328
0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
329
0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
330
0x00787878,0x00707070,0x00e3e3e3,0x00494949,
331
0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
332
0x00777777,0x00939393,0x00868686,0x00838383,
333
0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
334
0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
337
static const u32 camellia_sp3033[256] =
339
0x38003838,0x41004141,0x16001616,0x76007676,
340
0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
341
0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
342
0x75007575,0x06000606,0x57005757,0xa000a0a0,
343
0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
344
0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
345
0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
346
0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
347
0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
348
0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
349
0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
350
0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
351
0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
352
0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
353
0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
354
0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
355
0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
356
0xfd00fdfd,0x66006666,0x58005858,0x96009696,
357
0x3a003a3a,0x09000909,0x95009595,0x10001010,
358
0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
359
0xef00efef,0x26002626,0xe500e5e5,0x61006161,
360
0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
361
0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
362
0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
363
0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
364
0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
365
0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
366
0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
367
0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
368
0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
369
0x12001212,0x04000404,0x74007474,0x54005454,
370
0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
371
0x55005555,0x68006868,0x50005050,0xbe00bebe,
372
0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
373
0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
374
0x70007070,0xff00ffff,0x32003232,0x69006969,
375
0x08000808,0x62006262,0x00000000,0x24002424,
376
0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
377
0x45004545,0x81008181,0x73007373,0x6d006d6d,
378
0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
379
0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
380
0xe600e6e6,0x25002525,0x48004848,0x99009999,
381
0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
382
0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
383
0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
384
0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
385
0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
386
0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
387
0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
388
0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
389
0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
390
0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
391
0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
392
0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
393
0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
394
0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
395
0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
396
0x7c007c7c,0x77007777,0x56005656,0x05000505,
397
0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
398
0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
399
0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
400
0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
401
0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
402
0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
405
static const u32 camellia_sp4404[256] =
407
0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
408
0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
409
0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
410
0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
411
0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
412
0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
413
0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
414
0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
415
0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
416
0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
417
0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
418
0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
419
0x14140014,0x3a3a003a,0xdede00de,0x11110011,
420
0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
421
0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
422
0x24240024,0xe8e800e8,0x60600060,0x69690069,
423
0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
424
0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
425
0x10100010,0x00000000,0xa3a300a3,0x75750075,
426
0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
427
0x87870087,0x83830083,0xcdcd00cd,0x90900090,
428
0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
429
0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
430
0x81810081,0x6f6f006f,0x13130013,0x63630063,
431
0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
432
0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
433
0x78780078,0x06060006,0xe7e700e7,0x71710071,
434
0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
435
0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
436
0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
437
0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
438
0x15150015,0xadad00ad,0x77770077,0x80800080,
439
0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
440
0x85850085,0x35350035,0x0c0c000c,0x41410041,
441
0xefef00ef,0x93930093,0x19190019,0x21210021,
442
0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
443
0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
444
0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
445
0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
446
0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
447
0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
448
0x12120012,0x20200020,0xb1b100b1,0x99990099,
449
0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
450
0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
451
0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
452
0x0f0f000f,0x16160016,0x18180018,0x22220022,
453
0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
454
0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
455
0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
456
0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
457
0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
458
0x03030003,0xdada00da,0x3f3f003f,0x94940094,
459
0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
460
0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
461
0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
462
0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
463
0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
464
0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
465
0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
466
0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
467
0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
468
0x49490049,0x68680068,0x38380038,0xa4a400a4,
469
0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
470
0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
474
* Stuff related to the Camellia key schedule
476
#define subl(x) subL[(x)]
477
#define subr(x) subR[(x)]
479
void camellia_setup128(const u8 *key, u32 *subkey)
481
u32 kll, klr, krl, krr;
482
u32 il, ir, t0, t1, w0, w1;
483
u32 kw4l, kw4r, dw, tl, tr;
488
* k == kll || klr || krl || krr (|| is concatination)
491
klr = GETU32(key + 4);
492
krl = GETU32(key + 8);
493
krr = GETU32(key + 12);
495
* generate KL dependent subkeys
498
subl(0) = kll; subr(0) = klr;
500
subl(1) = krl; subr(1) = krr;
501
/* rotation left shift 15bit */
502
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
504
subl(4) = kll; subr(4) = klr;
506
subl(5) = krl; subr(5) = krr;
507
/* rotation left shift 15+30bit */
508
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
510
subl(10) = kll; subr(10) = klr;
512
subl(11) = krl; subr(11) = krr;
513
/* rotation left shift 15+30+15bit */
514
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
516
subl(13) = krl; subr(13) = krr;
517
/* rotation left shift 15+30+15+17 bit */
518
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
520
subl(16) = kll; subr(16) = klr;
522
subl(17) = krl; subr(17) = krr;
523
/* rotation left shift 15+30+15+17+17 bit */
524
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
526
subl(18) = kll; subr(18) = klr;
528
subl(19) = krl; subr(19) = krr;
529
/* rotation left shift 15+30+15+17+17+17 bit */
530
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
532
subl(22) = kll; subr(22) = klr;
534
subl(23) = krl; subr(23) = krr;
537
kll = subl(0); klr = subr(0);
538
krl = subl(1); krr = subr(1);
540
CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541
w0, w1, il, ir, t0, t1);
542
krl ^= w0; krr ^= w1;
544
CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545
kll, klr, il, ir, t0, t1);
546
/* current status == (kll, klr, w0, w1) */
548
CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549
krl, krr, il, ir, t0, t1);
550
krl ^= w0; krr ^= w1;
552
CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553
w0, w1, il, ir, t0, t1);
554
kll ^= w0; klr ^= w1;
556
/* generate KA dependent subkeys */
558
subl(2) = kll; subr(2) = klr;
559
subl(3) = krl; subr(3) = krr;
560
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
562
subl(6) = kll; subr(6) = klr;
563
subl(7) = krl; subr(7) = krr;
564
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
566
subl(8) = kll; subr(8) = klr;
567
subl(9) = krl; subr(9) = krr;
568
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
570
subl(12) = kll; subr(12) = klr;
571
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
573
subl(14) = kll; subr(14) = klr;
574
subl(15) = krl; subr(15) = krr;
575
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
577
subl(20) = kll; subr(20) = klr;
578
subl(21) = krl; subr(21) = krr;
579
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
581
subl(24) = kll; subr(24) = klr;
582
subl(25) = krl; subr(25) = krr;
585
/* absorb kw2 to other subkeys */
587
subl(3) ^= subl(1); subr(3) ^= subr(1);
589
subl(5) ^= subl(1); subr(5) ^= subr(1);
591
subl(7) ^= subl(1); subr(7) ^= subr(1);
592
subl(1) ^= subr(1) & ~subr(9);
593
dw = subl(1) & subl(9),
594
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
596
subl(11) ^= subl(1); subr(11) ^= subr(1);
598
subl(13) ^= subl(1); subr(13) ^= subr(1);
600
subl(15) ^= subl(1); subr(15) ^= subr(1);
601
subl(1) ^= subr(1) & ~subr(17);
602
dw = subl(1) & subl(17),
603
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
605
subl(19) ^= subl(1); subr(19) ^= subr(1);
607
subl(21) ^= subl(1); subr(21) ^= subr(1);
609
subl(23) ^= subl(1); subr(23) ^= subr(1);
611
subl(24) ^= subl(1); subr(24) ^= subr(1);
613
/* absorb kw4 to other subkeys */
614
kw4l = subl(25); kw4r = subr(25);
616
subl(22) ^= kw4l; subr(22) ^= kw4r;
618
subl(20) ^= kw4l; subr(20) ^= kw4r;
620
subl(18) ^= kw4l; subr(18) ^= kw4r;
621
kw4l ^= kw4r & ~subr(16);
622
dw = kw4l & subl(16),
623
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
625
subl(14) ^= kw4l; subr(14) ^= kw4r;
627
subl(12) ^= kw4l; subr(12) ^= kw4r;
629
subl(10) ^= kw4l; subr(10) ^= kw4r;
630
kw4l ^= kw4r & ~subr(8);
632
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
634
subl(6) ^= kw4l; subr(6) ^= kw4r;
636
subl(4) ^= kw4l; subr(4) ^= kw4r;
638
subl(2) ^= kw4l; subr(2) ^= kw4r;
640
subl(0) ^= kw4l; subr(0) ^= kw4r;
643
/* key XOR is end of F-function */
644
CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
645
CamelliaSubkeyR(0) = subr(0) ^ subr(2);
646
CamelliaSubkeyL(2) = subl(3); /* round 1 */
647
CamelliaSubkeyR(2) = subr(3);
648
CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
649
CamelliaSubkeyR(3) = subr(2) ^ subr(4);
650
CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
651
CamelliaSubkeyR(4) = subr(3) ^ subr(5);
652
CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
653
CamelliaSubkeyR(5) = subr(4) ^ subr(6);
654
CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
655
CamelliaSubkeyR(6) = subr(5) ^ subr(7);
656
tl = subl(10) ^ (subr(10) & ~subr(8));
657
dw = tl & subl(8), /* FL(kl1) */
658
tr = subr(10) ^ CAMELLIA_RL1(dw);
659
CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
660
CamelliaSubkeyR(7) = subr(6) ^ tr;
661
CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
662
CamelliaSubkeyR(8) = subr(8);
663
CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
664
CamelliaSubkeyR(9) = subr(9);
665
tl = subl(7) ^ (subr(7) & ~subr(9));
666
dw = tl & subl(9), /* FLinv(kl2) */
667
tr = subr(7) ^ CAMELLIA_RL1(dw);
668
CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
669
CamelliaSubkeyR(10) = tr ^ subr(11);
670
CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
671
CamelliaSubkeyR(11) = subr(10) ^ subr(12);
672
CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
673
CamelliaSubkeyR(12) = subr(11) ^ subr(13);
674
CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
675
CamelliaSubkeyR(13) = subr(12) ^ subr(14);
676
CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
677
CamelliaSubkeyR(14) = subr(13) ^ subr(15);
678
tl = subl(18) ^ (subr(18) & ~subr(16));
679
dw = tl & subl(16), /* FL(kl3) */
680
tr = subr(18) ^ CAMELLIA_RL1(dw);
681
CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
682
CamelliaSubkeyR(15) = subr(14) ^ tr;
683
CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
684
CamelliaSubkeyR(16) = subr(16);
685
CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
686
CamelliaSubkeyR(17) = subr(17);
687
tl = subl(15) ^ (subr(15) & ~subr(17));
688
dw = tl & subl(17), /* FLinv(kl4) */
689
tr = subr(15) ^ CAMELLIA_RL1(dw);
690
CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
691
CamelliaSubkeyR(18) = tr ^ subr(19);
692
CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
693
CamelliaSubkeyR(19) = subr(18) ^ subr(20);
694
CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
695
CamelliaSubkeyR(20) = subr(19) ^ subr(21);
696
CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
697
CamelliaSubkeyR(21) = subr(20) ^ subr(22);
698
CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
699
CamelliaSubkeyR(22) = subr(21) ^ subr(23);
700
CamelliaSubkeyL(23) = subl(22); /* round 18 */
701
CamelliaSubkeyR(23) = subr(22);
702
CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
703
CamelliaSubkeyR(24) = subr(24) ^ subr(23);
705
/* apply the inverse of the last half of P-function */
706
dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
707
dw = CAMELLIA_RL8(dw);/* round 1 */
708
CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
709
CamelliaSubkeyL(2) = dw;
710
dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
711
dw = CAMELLIA_RL8(dw);/* round 2 */
712
CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
713
CamelliaSubkeyL(3) = dw;
714
dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
715
dw = CAMELLIA_RL8(dw);/* round 3 */
716
CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
717
CamelliaSubkeyL(4) = dw;
718
dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
719
dw = CAMELLIA_RL8(dw);/* round 4 */
720
CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
721
CamelliaSubkeyL(5) = dw;
722
dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
723
dw = CAMELLIA_RL8(dw);/* round 5 */
724
CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
725
CamelliaSubkeyL(6) = dw;
726
dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
727
dw = CAMELLIA_RL8(dw);/* round 6 */
728
CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
729
CamelliaSubkeyL(7) = dw;
730
dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
731
dw = CAMELLIA_RL8(dw);/* round 7 */
732
CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
733
CamelliaSubkeyL(10) = dw;
734
dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
735
dw = CAMELLIA_RL8(dw);/* round 8 */
736
CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
737
CamelliaSubkeyL(11) = dw;
738
dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
739
dw = CAMELLIA_RL8(dw);/* round 9 */
740
CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
741
CamelliaSubkeyL(12) = dw;
742
dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
743
dw = CAMELLIA_RL8(dw);/* round 10 */
744
CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
745
CamelliaSubkeyL(13) = dw;
746
dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
747
dw = CAMELLIA_RL8(dw);/* round 11 */
748
CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
749
CamelliaSubkeyL(14) = dw;
750
dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
751
dw = CAMELLIA_RL8(dw);/* round 12 */
752
CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
753
CamelliaSubkeyL(15) = dw;
754
dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
755
dw = CAMELLIA_RL8(dw);/* round 13 */
756
CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
757
CamelliaSubkeyL(18) = dw;
758
dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
759
dw = CAMELLIA_RL8(dw);/* round 14 */
760
CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
761
CamelliaSubkeyL(19) = dw;
762
dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
763
dw = CAMELLIA_RL8(dw);/* round 15 */
764
CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
765
CamelliaSubkeyL(20) = dw;
766
dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
767
dw = CAMELLIA_RL8(dw);/* round 16 */
768
CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
769
CamelliaSubkeyL(21) = dw;
770
dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
771
dw = CAMELLIA_RL8(dw);/* round 17 */
772
CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
773
CamelliaSubkeyL(22) = dw;
774
dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
775
dw = CAMELLIA_RL8(dw);/* round 18 */
776
CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
777
CamelliaSubkeyL(23) = dw;
782
void camellia_setup256(const u8 *key, u32 *subkey)
784
u32 kll,klr,krl,krr; /* left half of key */
785
u32 krll,krlr,krrl,krrr; /* right half of key */
786
u32 il, ir, t0, t1, w0, w1; /* temporary variables */
787
u32 kw4l, kw4r, dw, tl, tr;
792
* key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
793
* (|| is concatination)
797
klr = GETU32(key + 4);
798
krl = GETU32(key + 8);
799
krr = GETU32(key + 12);
800
krll = GETU32(key + 16);
801
krlr = GETU32(key + 20);
802
krrl = GETU32(key + 24);
803
krrr = GETU32(key + 28);
805
/* generate KL dependent subkeys */
807
subl(0) = kll; subr(0) = klr;
809
subl(1) = krl; subr(1) = krr;
810
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812
subl(12) = kll; subr(12) = klr;
814
subl(13) = krl; subr(13) = krr;
815
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817
subl(16) = kll; subr(16) = klr;
819
subl(17) = krl; subr(17) = krr;
820
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822
subl(22) = kll; subr(22) = klr;
824
subl(23) = krl; subr(23) = krr;
825
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827
subl(30) = kll; subr(30) = klr;
829
subl(31) = krl; subr(31) = krr;
831
/* generate KR dependent subkeys */
832
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834
subl(4) = krll; subr(4) = krlr;
836
subl(5) = krrl; subr(5) = krrr;
837
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839
subl(8) = krll; subr(8) = krlr;
841
subl(9) = krrl; subr(9) = krrr;
842
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844
subl(18) = krll; subr(18) = krlr;
846
subl(19) = krrl; subr(19) = krrr;
847
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849
subl(26) = krll; subr(26) = krlr;
851
subl(27) = krrl; subr(27) = krrr;
852
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
855
kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
856
krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
858
CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
859
w0, w1, il, ir, t0, t1);
860
krl ^= w0; krr ^= w1;
862
CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
863
kll, klr, il, ir, t0, t1);
864
kll ^= krll; klr ^= krlr;
866
CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
867
krl, krr, il, ir, t0, t1);
868
krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
870
CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
871
w0, w1, il, ir, t0, t1);
872
kll ^= w0; klr ^= w1;
875
krll ^= kll; krlr ^= klr;
876
krrl ^= krl; krrr ^= krr;
877
CAMELLIA_F(krll, krlr,
878
CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
879
w0, w1, il, ir, t0, t1);
880
krrl ^= w0; krrr ^= w1;
881
CAMELLIA_F(krrl, krrr,
882
CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
883
w0, w1, il, ir, t0, t1);
884
krll ^= w0; krlr ^= w1;
886
/* generate KA dependent subkeys */
887
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889
subl(6) = kll; subr(6) = klr;
891
subl(7) = krl; subr(7) = krr;
892
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894
subl(14) = kll; subr(14) = klr;
896
subl(15) = krl; subr(15) = krr;
897
/* rotation left shift 32bit */
899
subl(24) = klr; subr(24) = krl;
901
subl(25) = krr; subr(25) = kll;
902
/* rotation left shift 49 from k11,k12 -> k21,k22 */
903
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905
subl(28) = kll; subr(28) = klr;
907
subl(29) = krl; subr(29) = krr;
909
/* generate KB dependent subkeys */
911
subl(2) = krll; subr(2) = krlr;
913
subl(3) = krrl; subr(3) = krrr;
914
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916
subl(10) = krll; subr(10) = krlr;
918
subl(11) = krrl; subr(11) = krrr;
919
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921
subl(20) = krll; subr(20) = krlr;
923
subl(21) = krrl; subr(21) = krrr;
924
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926
subl(32) = krll; subr(32) = krlr;
928
subl(33) = krrl; subr(33) = krrr;
930
/* absorb kw2 to other subkeys */
932
subl(3) ^= subl(1); subr(3) ^= subr(1);
934
subl(5) ^= subl(1); subr(5) ^= subr(1);
936
subl(7) ^= subl(1); subr(7) ^= subr(1);
937
subl(1) ^= subr(1) & ~subr(9);
938
dw = subl(1) & subl(9),
939
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941
subl(11) ^= subl(1); subr(11) ^= subr(1);
943
subl(13) ^= subl(1); subr(13) ^= subr(1);
945
subl(15) ^= subl(1); subr(15) ^= subr(1);
946
subl(1) ^= subr(1) & ~subr(17);
947
dw = subl(1) & subl(17),
948
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950
subl(19) ^= subl(1); subr(19) ^= subr(1);
952
subl(21) ^= subl(1); subr(21) ^= subr(1);
954
subl(23) ^= subl(1); subr(23) ^= subr(1);
955
subl(1) ^= subr(1) & ~subr(25);
956
dw = subl(1) & subl(25),
957
subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959
subl(27) ^= subl(1); subr(27) ^= subr(1);
961
subl(29) ^= subl(1); subr(29) ^= subr(1);
963
subl(31) ^= subl(1); subr(31) ^= subr(1);
965
subl(32) ^= subl(1); subr(32) ^= subr(1);
968
/* absorb kw4 to other subkeys */
969
kw4l = subl(33); kw4r = subr(33);
971
subl(30) ^= kw4l; subr(30) ^= kw4r;
973
subl(28) ^= kw4l; subr(28) ^= kw4r;
975
subl(26) ^= kw4l; subr(26) ^= kw4r;
976
kw4l ^= kw4r & ~subr(24);
977
dw = kw4l & subl(24),
978
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980
subl(22) ^= kw4l; subr(22) ^= kw4r;
982
subl(20) ^= kw4l; subr(20) ^= kw4r;
984
subl(18) ^= kw4l; subr(18) ^= kw4r;
985
kw4l ^= kw4r & ~subr(16);
986
dw = kw4l & subl(16),
987
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989
subl(14) ^= kw4l; subr(14) ^= kw4r;
991
subl(12) ^= kw4l; subr(12) ^= kw4r;
993
subl(10) ^= kw4l; subr(10) ^= kw4r;
994
kw4l ^= kw4r & ~subr(8);
996
kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998
subl(6) ^= kw4l; subr(6) ^= kw4r;
1000
subl(4) ^= kw4l; subr(4) ^= kw4r;
1002
subl(2) ^= kw4l; subr(2) ^= kw4r;
1004
subl(0) ^= kw4l; subr(0) ^= kw4r;
1006
/* key XOR is end of F-function */
1007
CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
1008
CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1009
CamelliaSubkeyL(2) = subl(3); /* round 1 */
1010
CamelliaSubkeyR(2) = subr(3);
1011
CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1012
CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1013
CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1014
CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1015
CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1016
CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1017
CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1018
CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1019
tl = subl(10) ^ (subr(10) & ~subr(8));
1020
dw = tl & subl(8), /* FL(kl1) */
1021
tr = subr(10) ^ CAMELLIA_RL1(dw);
1022
CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1023
CamelliaSubkeyR(7) = subr(6) ^ tr;
1024
CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1025
CamelliaSubkeyR(8) = subr(8);
1026
CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1027
CamelliaSubkeyR(9) = subr(9);
1028
tl = subl(7) ^ (subr(7) & ~subr(9));
1029
dw = tl & subl(9), /* FLinv(kl2) */
1030
tr = subr(7) ^ CAMELLIA_RL1(dw);
1031
CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1032
CamelliaSubkeyR(10) = tr ^ subr(11);
1033
CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1034
CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1035
CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1036
CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1037
CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1038
CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1039
CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1040
CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1041
tl = subl(18) ^ (subr(18) & ~subr(16));
1042
dw = tl & subl(16), /* FL(kl3) */
1043
tr = subr(18) ^ CAMELLIA_RL1(dw);
1044
CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1045
CamelliaSubkeyR(15) = subr(14) ^ tr;
1046
CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1047
CamelliaSubkeyR(16) = subr(16);
1048
CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1049
CamelliaSubkeyR(17) = subr(17);
1050
tl = subl(15) ^ (subr(15) & ~subr(17));
1051
dw = tl & subl(17), /* FLinv(kl4) */
1052
tr = subr(15) ^ CAMELLIA_RL1(dw);
1053
CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1054
CamelliaSubkeyR(18) = tr ^ subr(19);
1055
CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1056
CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1057
CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1058
CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1059
CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1060
CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1061
CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1062
CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1063
tl = subl(26) ^ (subr(26)
1065
dw = tl & subl(24), /* FL(kl5) */
1066
tr = subr(26) ^ CAMELLIA_RL1(dw);
1067
CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1068
CamelliaSubkeyR(23) = subr(22) ^ tr;
1069
CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1070
CamelliaSubkeyR(24) = subr(24);
1071
CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1072
CamelliaSubkeyR(25) = subr(25);
1073
tl = subl(23) ^ (subr(23) &
1075
dw = tl & subl(25), /* FLinv(kl6) */
1076
tr = subr(23) ^ CAMELLIA_RL1(dw);
1077
CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1078
CamelliaSubkeyR(26) = tr ^ subr(27);
1079
CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1080
CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1081
CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1082
CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1083
CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1084
CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1085
CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1086
CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1087
CamelliaSubkeyL(31) = subl(30); /* round 24 */
1088
CamelliaSubkeyR(31) = subr(30);
1089
CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1090
CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1092
/* apply the inverse of the last half of P-function */
1093
dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
1094
dw = CAMELLIA_RL8(dw);/* round 1 */
1095
CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
1096
CamelliaSubkeyL(2) = dw;
1097
dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
1098
dw = CAMELLIA_RL8(dw);/* round 2 */
1099
CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
1100
CamelliaSubkeyL(3) = dw;
1101
dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
1102
dw = CAMELLIA_RL8(dw);/* round 3 */
1103
CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
1104
CamelliaSubkeyL(4) = dw;
1105
dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
1106
dw = CAMELLIA_RL8(dw);/* round 4 */
1107
CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
1108
CamelliaSubkeyL(5) = dw;
1109
dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
1110
dw = CAMELLIA_RL8(dw);/* round 5 */
1111
CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
1112
CamelliaSubkeyL(6) = dw;
1113
dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
1114
dw = CAMELLIA_RL8(dw);/* round 6 */
1115
CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
1116
CamelliaSubkeyL(7) = dw;
1117
dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
1118
dw = CAMELLIA_RL8(dw);/* round 7 */
1119
CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
1120
CamelliaSubkeyL(10) = dw;
1121
dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
1122
dw = CAMELLIA_RL8(dw);/* round 8 */
1123
CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
1124
CamelliaSubkeyL(11) = dw;
1125
dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
1126
dw = CAMELLIA_RL8(dw);/* round 9 */
1127
CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
1128
CamelliaSubkeyL(12) = dw;
1129
dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
1130
dw = CAMELLIA_RL8(dw);/* round 10 */
1131
CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
1132
CamelliaSubkeyL(13) = dw;
1133
dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
1134
dw = CAMELLIA_RL8(dw);/* round 11 */
1135
CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
1136
CamelliaSubkeyL(14) = dw;
1137
dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
1138
dw = CAMELLIA_RL8(dw);/* round 12 */
1139
CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
1140
CamelliaSubkeyL(15) = dw;
1141
dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
1142
dw = CAMELLIA_RL8(dw);/* round 13 */
1143
CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
1144
CamelliaSubkeyL(18) = dw;
1145
dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
1146
dw = CAMELLIA_RL8(dw);/* round 14 */
1147
CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
1148
CamelliaSubkeyL(19) = dw;
1149
dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
1150
dw = CAMELLIA_RL8(dw);/* round 15 */
1151
CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
1152
CamelliaSubkeyL(20) = dw;
1153
dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
1154
dw = CAMELLIA_RL8(dw);/* round 16 */
1155
CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
1156
CamelliaSubkeyL(21) = dw;
1157
dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
1158
dw = CAMELLIA_RL8(dw);/* round 17 */
1159
CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
1160
CamelliaSubkeyL(22) = dw;
1161
dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
1162
dw = CAMELLIA_RL8(dw);/* round 18 */
1163
CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
1164
CamelliaSubkeyL(23) = dw;
1165
dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
1166
dw = CAMELLIA_RL8(dw);/* round 19 */
1167
CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
1168
CamelliaSubkeyL(26) = dw;
1169
dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
1170
dw = CAMELLIA_RL8(dw);/* round 20 */
1171
CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
1172
CamelliaSubkeyL(27) = dw;
1173
dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
1174
dw = CAMELLIA_RL8(dw);/* round 21 */
1175
CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
1176
CamelliaSubkeyL(28) = dw;
1177
dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
1178
dw = CAMELLIA_RL8(dw);/* round 22 */
1179
CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
1180
CamelliaSubkeyL(29) = dw;
1181
dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
1182
dw = CAMELLIA_RL8(dw);/* round 23 */
1183
CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
1184
CamelliaSubkeyL(30) = dw;
1185
dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
1186
dw = CAMELLIA_RL8(dw);/* round 24 */
1187
CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
1188
CamelliaSubkeyL(31) = dw;
1194
void camellia_setup192(const u8 *key, u32 *subkey)
1197
u32 krll, krlr, krrl,krrr;
1199
memcpy(kk, key, 24);
1200
memcpy((u8 *)&krll, key+16,4);
1201
memcpy((u8 *)&krlr, key+20,4);
1204
memcpy(kk+24, (u8 *)&krrl, 4);
1205
memcpy(kk+28, (u8 *)&krrr, 4);
1206
camellia_setup256(kk, subkey);
1212
* Stuff related to camellia encryption/decryption
1214
void camellia_encrypt128(const u32 *subkey, u32 *io)
1218
/* pre whitening but absorb kw2*/
1219
io[0] ^= CamelliaSubkeyL(0);
1220
io[1] ^= CamelliaSubkeyR(0);
1221
/* main iteration */
1223
CAMELLIA_ROUNDSM(io[0],io[1],
1224
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1225
io[2],io[3],il,ir,t0,t1);
1226
CAMELLIA_ROUNDSM(io[2],io[3],
1227
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1228
io[0],io[1],il,ir,t0,t1);
1229
CAMELLIA_ROUNDSM(io[0],io[1],
1230
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1231
io[2],io[3],il,ir,t0,t1);
1232
CAMELLIA_ROUNDSM(io[2],io[3],
1233
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1234
io[0],io[1],il,ir,t0,t1);
1235
CAMELLIA_ROUNDSM(io[0],io[1],
1236
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1237
io[2],io[3],il,ir,t0,t1);
1238
CAMELLIA_ROUNDSM(io[2],io[3],
1239
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1240
io[0],io[1],il,ir,t0,t1);
1242
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1243
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1244
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1247
CAMELLIA_ROUNDSM(io[0],io[1],
1248
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1249
io[2],io[3],il,ir,t0,t1);
1250
CAMELLIA_ROUNDSM(io[2],io[3],
1251
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1252
io[0],io[1],il,ir,t0,t1);
1253
CAMELLIA_ROUNDSM(io[0],io[1],
1254
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1255
io[2],io[3],il,ir,t0,t1);
1256
CAMELLIA_ROUNDSM(io[2],io[3],
1257
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1258
io[0],io[1],il,ir,t0,t1);
1259
CAMELLIA_ROUNDSM(io[0],io[1],
1260
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1261
io[2],io[3],il,ir,t0,t1);
1262
CAMELLIA_ROUNDSM(io[2],io[3],
1263
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1264
io[0],io[1],il,ir,t0,t1);
1266
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1267
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1268
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1271
CAMELLIA_ROUNDSM(io[0],io[1],
1272
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1273
io[2],io[3],il,ir,t0,t1);
1274
CAMELLIA_ROUNDSM(io[2],io[3],
1275
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1276
io[0],io[1],il,ir,t0,t1);
1277
CAMELLIA_ROUNDSM(io[0],io[1],
1278
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1279
io[2],io[3],il,ir,t0,t1);
1280
CAMELLIA_ROUNDSM(io[2],io[3],
1281
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1282
io[0],io[1],il,ir,t0,t1);
1283
CAMELLIA_ROUNDSM(io[0],io[1],
1284
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1285
io[2],io[3],il,ir,t0,t1);
1286
CAMELLIA_ROUNDSM(io[2],io[3],
1287
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1288
io[0],io[1],il,ir,t0,t1);
1290
/* post whitening but kw4 */
1291
io[2] ^= CamelliaSubkeyL(24);
1292
io[3] ^= CamelliaSubkeyR(24);
1304
void camellia_decrypt128(const u32 *subkey, u32 *io)
1306
u32 il,ir,t0,t1; /* temporary valiables */
1308
/* pre whitening but absorb kw2*/
1309
io[0] ^= CamelliaSubkeyL(24);
1310
io[1] ^= CamelliaSubkeyR(24);
1312
/* main iteration */
1313
CAMELLIA_ROUNDSM(io[0],io[1],
1314
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1315
io[2],io[3],il,ir,t0,t1);
1316
CAMELLIA_ROUNDSM(io[2],io[3],
1317
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1318
io[0],io[1],il,ir,t0,t1);
1319
CAMELLIA_ROUNDSM(io[0],io[1],
1320
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1321
io[2],io[3],il,ir,t0,t1);
1322
CAMELLIA_ROUNDSM(io[2],io[3],
1323
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1324
io[0],io[1],il,ir,t0,t1);
1325
CAMELLIA_ROUNDSM(io[0],io[1],
1326
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1327
io[2],io[3],il,ir,t0,t1);
1328
CAMELLIA_ROUNDSM(io[2],io[3],
1329
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1330
io[0],io[1],il,ir,t0,t1);
1332
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1333
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1334
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1337
CAMELLIA_ROUNDSM(io[0],io[1],
1338
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1339
io[2],io[3],il,ir,t0,t1);
1340
CAMELLIA_ROUNDSM(io[2],io[3],
1341
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1342
io[0],io[1],il,ir,t0,t1);
1343
CAMELLIA_ROUNDSM(io[0],io[1],
1344
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1345
io[2],io[3],il,ir,t0,t1);
1346
CAMELLIA_ROUNDSM(io[2],io[3],
1347
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1348
io[0],io[1],il,ir,t0,t1);
1349
CAMELLIA_ROUNDSM(io[0],io[1],
1350
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1351
io[2],io[3],il,ir,t0,t1);
1352
CAMELLIA_ROUNDSM(io[2],io[3],
1353
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1354
io[0],io[1],il,ir,t0,t1);
1356
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1357
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1358
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1361
CAMELLIA_ROUNDSM(io[0],io[1],
1362
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1363
io[2],io[3],il,ir,t0,t1);
1364
CAMELLIA_ROUNDSM(io[2],io[3],
1365
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1366
io[0],io[1],il,ir,t0,t1);
1367
CAMELLIA_ROUNDSM(io[0],io[1],
1368
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1369
io[2],io[3],il,ir,t0,t1);
1370
CAMELLIA_ROUNDSM(io[2],io[3],
1371
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1372
io[0],io[1],il,ir,t0,t1);
1373
CAMELLIA_ROUNDSM(io[0],io[1],
1374
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1375
io[2],io[3],il,ir,t0,t1);
1376
CAMELLIA_ROUNDSM(io[2],io[3],
1377
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1378
io[0],io[1],il,ir,t0,t1);
1380
/* post whitening but kw4 */
1381
io[2] ^= CamelliaSubkeyL(0);
1382
io[3] ^= CamelliaSubkeyR(0);
1395
* stuff for 192 and 256bit encryption/decryption
1397
void camellia_encrypt256(const u32 *subkey, u32 *io)
1399
u32 il,ir,t0,t1; /* temporary valiables */
1401
/* pre whitening but absorb kw2*/
1402
io[0] ^= CamelliaSubkeyL(0);
1403
io[1] ^= CamelliaSubkeyR(0);
1405
/* main iteration */
1406
CAMELLIA_ROUNDSM(io[0],io[1],
1407
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1408
io[2],io[3],il,ir,t0,t1);
1409
CAMELLIA_ROUNDSM(io[2],io[3],
1410
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1411
io[0],io[1],il,ir,t0,t1);
1412
CAMELLIA_ROUNDSM(io[0],io[1],
1413
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1414
io[2],io[3],il,ir,t0,t1);
1415
CAMELLIA_ROUNDSM(io[2],io[3],
1416
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1417
io[0],io[1],il,ir,t0,t1);
1418
CAMELLIA_ROUNDSM(io[0],io[1],
1419
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1420
io[2],io[3],il,ir,t0,t1);
1421
CAMELLIA_ROUNDSM(io[2],io[3],
1422
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1423
io[0],io[1],il,ir,t0,t1);
1425
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1426
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1427
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1430
CAMELLIA_ROUNDSM(io[0],io[1],
1431
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1432
io[2],io[3],il,ir,t0,t1);
1433
CAMELLIA_ROUNDSM(io[2],io[3],
1434
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1435
io[0],io[1],il,ir,t0,t1);
1436
CAMELLIA_ROUNDSM(io[0],io[1],
1437
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1438
io[2],io[3],il,ir,t0,t1);
1439
CAMELLIA_ROUNDSM(io[2],io[3],
1440
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1441
io[0],io[1],il,ir,t0,t1);
1442
CAMELLIA_ROUNDSM(io[0],io[1],
1443
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1444
io[2],io[3],il,ir,t0,t1);
1445
CAMELLIA_ROUNDSM(io[2],io[3],
1446
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1447
io[0],io[1],il,ir,t0,t1);
1449
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1450
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1451
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1454
CAMELLIA_ROUNDSM(io[0],io[1],
1455
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1456
io[2],io[3],il,ir,t0,t1);
1457
CAMELLIA_ROUNDSM(io[2],io[3],
1458
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1459
io[0],io[1],il,ir,t0,t1);
1460
CAMELLIA_ROUNDSM(io[0],io[1],
1461
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1462
io[2],io[3],il,ir,t0,t1);
1463
CAMELLIA_ROUNDSM(io[2],io[3],
1464
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1465
io[0],io[1],il,ir,t0,t1);
1466
CAMELLIA_ROUNDSM(io[0],io[1],
1467
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1468
io[2],io[3],il,ir,t0,t1);
1469
CAMELLIA_ROUNDSM(io[2],io[3],
1470
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1471
io[0],io[1],il,ir,t0,t1);
1473
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1474
CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1475
CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1478
CAMELLIA_ROUNDSM(io[0],io[1],
1479
CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1480
io[2],io[3],il,ir,t0,t1);
1481
CAMELLIA_ROUNDSM(io[2],io[3],
1482
CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1483
io[0],io[1],il,ir,t0,t1);
1484
CAMELLIA_ROUNDSM(io[0],io[1],
1485
CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1486
io[2],io[3],il,ir,t0,t1);
1487
CAMELLIA_ROUNDSM(io[2],io[3],
1488
CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1489
io[0],io[1],il,ir,t0,t1);
1490
CAMELLIA_ROUNDSM(io[0],io[1],
1491
CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1492
io[2],io[3],il,ir,t0,t1);
1493
CAMELLIA_ROUNDSM(io[2],io[3],
1494
CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1495
io[0],io[1],il,ir,t0,t1);
1497
/* post whitening but kw4 */
1498
io[2] ^= CamelliaSubkeyL(32);
1499
io[3] ^= CamelliaSubkeyR(32);
1511
void camellia_decrypt256(const u32 *subkey, u32 *io)
1513
u32 il,ir,t0,t1; /* temporary valiables */
1515
/* pre whitening but absorb kw2*/
1516
io[0] ^= CamelliaSubkeyL(32);
1517
io[1] ^= CamelliaSubkeyR(32);
1519
/* main iteration */
1520
CAMELLIA_ROUNDSM(io[0],io[1],
1521
CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1522
io[2],io[3],il,ir,t0,t1);
1523
CAMELLIA_ROUNDSM(io[2],io[3],
1524
CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1525
io[0],io[1],il,ir,t0,t1);
1526
CAMELLIA_ROUNDSM(io[0],io[1],
1527
CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1528
io[2],io[3],il,ir,t0,t1);
1529
CAMELLIA_ROUNDSM(io[2],io[3],
1530
CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1531
io[0],io[1],il,ir,t0,t1);
1532
CAMELLIA_ROUNDSM(io[0],io[1],
1533
CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1534
io[2],io[3],il,ir,t0,t1);
1535
CAMELLIA_ROUNDSM(io[2],io[3],
1536
CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1537
io[0],io[1],il,ir,t0,t1);
1539
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1540
CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1541
CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1544
CAMELLIA_ROUNDSM(io[0],io[1],
1545
CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1546
io[2],io[3],il,ir,t0,t1);
1547
CAMELLIA_ROUNDSM(io[2],io[3],
1548
CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1549
io[0],io[1],il,ir,t0,t1);
1550
CAMELLIA_ROUNDSM(io[0],io[1],
1551
CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1552
io[2],io[3],il,ir,t0,t1);
1553
CAMELLIA_ROUNDSM(io[2],io[3],
1554
CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1555
io[0],io[1],il,ir,t0,t1);
1556
CAMELLIA_ROUNDSM(io[0],io[1],
1557
CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1558
io[2],io[3],il,ir,t0,t1);
1559
CAMELLIA_ROUNDSM(io[2],io[3],
1560
CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1561
io[0],io[1],il,ir,t0,t1);
1563
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1564
CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1565
CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1568
CAMELLIA_ROUNDSM(io[0],io[1],
1569
CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1570
io[2],io[3],il,ir,t0,t1);
1571
CAMELLIA_ROUNDSM(io[2],io[3],
1572
CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1573
io[0],io[1],il,ir,t0,t1);
1574
CAMELLIA_ROUNDSM(io[0],io[1],
1575
CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1576
io[2],io[3],il,ir,t0,t1);
1577
CAMELLIA_ROUNDSM(io[2],io[3],
1578
CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1579
io[0],io[1],il,ir,t0,t1);
1580
CAMELLIA_ROUNDSM(io[0],io[1],
1581
CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1582
io[2],io[3],il,ir,t0,t1);
1583
CAMELLIA_ROUNDSM(io[2],io[3],
1584
CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1585
io[0],io[1],il,ir,t0,t1);
1587
CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1588
CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1589
CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1592
CAMELLIA_ROUNDSM(io[0],io[1],
1593
CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1594
io[2],io[3],il,ir,t0,t1);
1595
CAMELLIA_ROUNDSM(io[2],io[3],
1596
CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1597
io[0],io[1],il,ir,t0,t1);
1598
CAMELLIA_ROUNDSM(io[0],io[1],
1599
CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1600
io[2],io[3],il,ir,t0,t1);
1601
CAMELLIA_ROUNDSM(io[2],io[3],
1602
CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1603
io[0],io[1],il,ir,t0,t1);
1604
CAMELLIA_ROUNDSM(io[0],io[1],
1605
CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1606
io[2],io[3],il,ir,t0,t1);
1607
CAMELLIA_ROUNDSM(io[2],io[3],
1608
CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1609
io[0],io[1],il,ir,t0,t1);
1611
/* post whitening but kw4 */
1612
io[2] ^= CamelliaSubkeyL(0);
1613
io[3] ^= CamelliaSubkeyR(0);
added
removed
crypto/camellia/camellia.c
