1 /* camellia.h ver 1.2.0
3 * Copyright (C) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation).
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 * Algorithm Specification
23 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
33 #include <krb5-types.h>
34 #include "camellia-ntt.h"
38 #define CAMELLIA_SIGMA1L (0xA09E667FL)
39 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
40 #define CAMELLIA_SIGMA2L (0xB67AE858L)
41 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
42 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
43 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
44 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
45 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
46 #define CAMELLIA_SIGMA5L (0x10E527FAL)
47 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
48 #define CAMELLIA_SIGMA6L (0xB05688C2L)
49 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
58 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
59 # define GETU32(p) SWAP(*((u32 *)(p)))
60 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
65 (((u32)(pt)[0] << 24) \
66 ^ ((u32)(pt)[1] << 16) \
67 ^ ((u32)(pt)[2] << 8) \
70 # define PUTU32(ct, st) { \
71 (ct)[0] = (u8)((st) >> 24); \
72 (ct)[1] = (u8)((st) >> 16); \
73 (ct)[2] = (u8)((st) >> 8); \
78 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
79 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
81 /* rotation right shift 1byte */
82 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
83 /* rotation left shift 1bit */
84 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
85 /* rotation left shift 1byte */
86 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
88 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
91 ll = (ll << bits) + (lr >> (32 - bits)); \
92 lr = (lr << bits) + (rl >> (32 - bits)); \
93 rl = (rl << bits) + (rr >> (32 - bits)); \
94 rr = (rr << bits) + (w0 >> (32 - bits)); \
97 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
101 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
102 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
103 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
104 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
107 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
108 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
109 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
110 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
112 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
118 yl = CAMELLIA_SP1110(ir & 0xff) \
119 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
120 ^ CAMELLIA_SP3033(t1 & 0xff) \
121 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
122 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
123 ^ CAMELLIA_SP0222(t0 & 0xff) \
124 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
125 ^ CAMELLIA_SP4404(il & 0xff); \
127 yr = CAMELLIA_RR8(yr); \
136 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
140 lr ^= CAMELLIA_RL1(t0); \
150 rr ^= CAMELLIA_RL1(t3); \
153 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
155 ir = CAMELLIA_SP1110(xr & 0xff) \
156 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
157 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
158 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
159 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
160 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
161 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
162 ^ CAMELLIA_SP4404(xl & 0xff); \
166 il = CAMELLIA_RR8(il); \
173 static const u32 camellia_sp1110[256] = {
174 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
175 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
176 0xe4e4e400,0x85858500,0x57575700,0x35353500,
177 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
178 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
179 0x45454500,0x19191900,0xa5a5a500,0x21212100,
180 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
181 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
182 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
183 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
184 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
185 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
186 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
187 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
188 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
189 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
190 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
191 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
192 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
193 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
194 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
195 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
196 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
197 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
198 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
199 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
200 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
201 0x53535300,0x18181800,0xf2f2f200,0x22222200,
202 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
203 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
204 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
205 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
206 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
207 0xa1a1a100,0x89898900,0x62626200,0x97979700,
208 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
209 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
210 0x10101000,0xc4c4c400,0x00000000,0x48484800,
211 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
212 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
213 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
214 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
215 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
216 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
217 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
218 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
219 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
220 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
221 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
222 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
223 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
224 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
225 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
226 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
227 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
228 0xd4d4d400,0x25252500,0xababab00,0x42424200,
229 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
230 0x72727200,0x07070700,0xb9b9b900,0x55555500,
231 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
232 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
233 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
234 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
235 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
236 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
237 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
240 static const u32 camellia_sp0222[256] = {
241 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
242 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
243 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
244 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
245 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
246 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
247 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
248 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
249 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
250 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
251 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
252 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
253 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
254 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
255 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
256 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
257 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
258 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
259 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
260 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
261 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
262 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
263 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
264 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
265 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
266 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
267 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
268 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
269 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
270 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
271 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
272 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
273 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
274 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
275 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
276 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
277 0x00202020,0x00898989,0x00000000,0x00909090,
278 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
279 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
280 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
281 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
282 0x009b9b9b,0x00949494,0x00212121,0x00666666,
283 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
284 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
285 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
286 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
287 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
288 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
289 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
290 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
291 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
292 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
293 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
294 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
295 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
296 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
297 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
298 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
299 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
300 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
301 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
302 0x00777777,0x00939393,0x00868686,0x00838383,
303 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
304 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
307 static const u32 camellia_sp3033[256] = {
308 0x38003838,0x41004141,0x16001616,0x76007676,
309 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
310 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
311 0x75007575,0x06000606,0x57005757,0xa000a0a0,
312 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
313 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
314 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
315 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
316 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
317 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
318 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
319 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
320 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
321 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
322 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
323 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
324 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
325 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
326 0x3a003a3a,0x09000909,0x95009595,0x10001010,
327 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
328 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
329 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
330 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
331 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
332 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
333 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
334 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
335 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
336 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
337 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
338 0x12001212,0x04000404,0x74007474,0x54005454,
339 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
340 0x55005555,0x68006868,0x50005050,0xbe00bebe,
341 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
342 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
343 0x70007070,0xff00ffff,0x32003232,0x69006969,
344 0x08000808,0x62006262,0x00000000,0x24002424,
345 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
346 0x45004545,0x81008181,0x73007373,0x6d006d6d,
347 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
348 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
349 0xe600e6e6,0x25002525,0x48004848,0x99009999,
350 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
351 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
352 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
353 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
354 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
355 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
356 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
357 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
358 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
359 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
360 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
361 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
362 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
363 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
364 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
365 0x7c007c7c,0x77007777,0x56005656,0x05000505,
366 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
367 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
368 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
369 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
370 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
371 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
374 static const u32 camellia_sp4404[256] = {
375 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
376 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
377 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
378 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
379 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
380 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
381 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
382 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
383 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
384 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
385 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
386 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
387 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
388 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
389 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
390 0x24240024,0xe8e800e8,0x60600060,0x69690069,
391 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
392 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
393 0x10100010,0x00000000,0xa3a300a3,0x75750075,
394 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
395 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
396 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
397 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
398 0x81810081,0x6f6f006f,0x13130013,0x63630063,
399 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
400 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
401 0x78780078,0x06060006,0xe7e700e7,0x71710071,
402 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
403 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
404 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
405 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
406 0x15150015,0xadad00ad,0x77770077,0x80800080,
407 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
408 0x85850085,0x35350035,0x0c0c000c,0x41410041,
409 0xefef00ef,0x93930093,0x19190019,0x21210021,
410 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
411 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
412 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
413 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
414 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
415 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
416 0x12120012,0x20200020,0xb1b100b1,0x99990099,
417 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
418 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
419 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
420 0x0f0f000f,0x16160016,0x18180018,0x22220022,
421 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
422 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
423 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
424 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
425 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
426 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
427 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
428 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
429 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
430 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
431 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
432 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
433 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
434 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
435 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
436 0x49490049,0x68680068,0x38380038,0xa4a400a4,
437 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
438 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
443 * Stuff related to the Camellia key schedule
445 #define subl(x) subL[(x)]
446 #define subr(x) subR[(x)]
448 static void camellia_setup128(const unsigned char *key, u32 *subkey)
450 u32 kll, klr, krl, krr;
451 u32 il, ir, t0, t1, w0, w1;
452 u32 kw4l, kw4r, dw, tl, tr;
457 * k == kll || klr || krl || krr (|| is concatination)
460 klr = GETU32(key + 4);
461 krl = GETU32(key + 8);
462 krr = GETU32(key + 12);
464 * generate KL dependent subkeys
466 subl(0) = kll; subr(0) = klr;
467 subl(1) = krl; subr(1) = krr;
468 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
469 subl(4) = kll; subr(4) = klr;
470 subl(5) = krl; subr(5) = krr;
471 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
472 subl(10) = kll; subr(10) = klr;
473 subl(11) = krl; subr(11) = krr;
474 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
475 subl(13) = krl; subr(13) = krr;
476 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
477 subl(16) = kll; subr(16) = klr;
478 subl(17) = krl; subr(17) = krr;
479 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
480 subl(18) = kll; subr(18) = klr;
481 subl(19) = krl; subr(19) = krr;
482 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
483 subl(22) = kll; subr(22) = klr;
484 subl(23) = krl; subr(23) = krr;
487 kll = subl(0); klr = subr(0);
488 krl = subl(1); krr = subr(1);
490 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
491 w0, w1, il, ir, t0, t1);
492 krl ^= w0; krr ^= w1;
494 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
495 kll, klr, il, ir, t0, t1);
497 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
498 krl, krr, il, ir, t0, t1);
499 krl ^= w0; krr ^= w1;
501 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
502 w0, w1, il, ir, t0, t1);
503 kll ^= w0; klr ^= w1;
505 /* generate KA dependent subkeys */
506 subl(2) = kll; subr(2) = klr;
507 subl(3) = krl; subr(3) = krr;
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
509 subl(6) = kll; subr(6) = klr;
510 subl(7) = krl; subr(7) = krr;
511 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
512 subl(8) = kll; subr(8) = klr;
513 subl(9) = krl; subr(9) = krr;
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 subl(12) = kll; subr(12) = klr;
516 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
517 subl(14) = kll; subr(14) = klr;
518 subl(15) = krl; subr(15) = krr;
519 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
520 subl(20) = kll; subr(20) = klr;
521 subl(21) = krl; subr(21) = krr;
522 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
523 subl(24) = kll; subr(24) = klr;
524 subl(25) = krl; subr(25) = krr;
527 /* absorb kw2 to other subkeys */
528 subl(3) ^= subl(1); subr(3) ^= subr(1);
529 subl(5) ^= subl(1); subr(5) ^= subr(1);
530 subl(7) ^= subl(1); subr(7) ^= subr(1);
531 subl(1) ^= subr(1) & ~subr(9);
532 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
533 subl(11) ^= subl(1); subr(11) ^= subr(1);
534 subl(13) ^= subl(1); subr(13) ^= subr(1);
535 subl(15) ^= subl(1); subr(15) ^= subr(1);
536 subl(1) ^= subr(1) & ~subr(17);
537 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
538 subl(19) ^= subl(1); subr(19) ^= subr(1);
539 subl(21) ^= subl(1); subr(21) ^= subr(1);
540 subl(23) ^= subl(1); subr(23) ^= subr(1);
541 subl(24) ^= subl(1); subr(24) ^= subr(1);
543 /* absorb kw4 to other subkeys */
544 kw4l = subl(25); kw4r = subr(25);
545 subl(22) ^= kw4l; subr(22) ^= kw4r;
546 subl(20) ^= kw4l; subr(20) ^= kw4r;
547 subl(18) ^= kw4l; subr(18) ^= kw4r;
548 kw4l ^= kw4r & ~subr(16);
549 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
550 subl(14) ^= kw4l; subr(14) ^= kw4r;
551 subl(12) ^= kw4l; subr(12) ^= kw4r;
552 subl(10) ^= kw4l; subr(10) ^= kw4r;
553 kw4l ^= kw4r & ~subr(8);
554 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
555 subl(6) ^= kw4l; subr(6) ^= kw4r;
556 subl(4) ^= kw4l; subr(4) ^= kw4r;
557 subl(2) ^= kw4l; subr(2) ^= kw4r;
558 subl(0) ^= kw4l; subr(0) ^= kw4r;
560 /* key XOR is end of F-function */
561 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
562 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
563 CamelliaSubkeyL(2) = subl(3);
564 CamelliaSubkeyR(2) = subr(3);
565 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
566 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
567 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
568 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
569 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
570 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
571 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
572 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
573 tl = subl(10) ^ (subr(10) & ~subr(8));
574 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
575 CamelliaSubkeyL(7) = subl(6) ^ tl;
576 CamelliaSubkeyR(7) = subr(6) ^ tr;
577 CamelliaSubkeyL(8) = subl(8);
578 CamelliaSubkeyR(8) = subr(8);
579 CamelliaSubkeyL(9) = subl(9);
580 CamelliaSubkeyR(9) = subr(9);
581 tl = subl(7) ^ (subr(7) & ~subr(9));
582 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
583 CamelliaSubkeyL(10) = tl ^ subl(11);
584 CamelliaSubkeyR(10) = tr ^ subr(11);
585 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
586 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
587 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
588 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
589 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
590 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
591 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
592 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
593 tl = subl(18) ^ (subr(18) & ~subr(16));
594 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
595 CamelliaSubkeyL(15) = subl(14) ^ tl;
596 CamelliaSubkeyR(15) = subr(14) ^ tr;
597 CamelliaSubkeyL(16) = subl(16);
598 CamelliaSubkeyR(16) = subr(16);
599 CamelliaSubkeyL(17) = subl(17);
600 CamelliaSubkeyR(17) = subr(17);
601 tl = subl(15) ^ (subr(15) & ~subr(17));
602 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
603 CamelliaSubkeyL(18) = tl ^ subl(19);
604 CamelliaSubkeyR(18) = tr ^ subr(19);
605 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
606 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
607 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
608 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
609 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
610 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
611 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
612 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
613 CamelliaSubkeyL(23) = subl(22);
614 CamelliaSubkeyR(23) = subr(22);
615 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
616 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
618 /* apply the inverse of the last half of P-function */
619 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
620 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
621 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
622 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
623 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
624 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
625 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
626 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
627 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
628 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
629 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
630 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
631 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
632 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
633 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
634 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
635 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
636 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
637 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
638 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
639 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
640 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
641 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
642 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
643 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
644 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
645 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
646 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
647 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
648 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
649 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
650 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
651 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
652 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
653 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
654 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
659 static void camellia_setup256(const unsigned char *key, u32 *subkey)
661 u32 kll,klr,krl,krr; /* left half of key */
662 u32 krll,krlr,krrl,krrr; /* right half of key */
663 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
664 u32 kw4l, kw4r, dw, tl, tr;
669 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
670 * (|| is concatination)
674 klr = GETU32(key + 4);
675 krl = GETU32(key + 8);
676 krr = GETU32(key + 12);
677 krll = GETU32(key + 16);
678 krlr = GETU32(key + 20);
679 krrl = GETU32(key + 24);
680 krrr = GETU32(key + 28);
682 /* generate KL dependent subkeys */
683 subl(0) = kll; subr(0) = klr;
684 subl(1) = krl; subr(1) = krr;
685 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
686 subl(12) = kll; subr(12) = klr;
687 subl(13) = krl; subr(13) = krr;
688 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
689 subl(16) = kll; subr(16) = klr;
690 subl(17) = krl; subr(17) = krr;
691 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
692 subl(22) = kll; subr(22) = klr;
693 subl(23) = krl; subr(23) = krr;
694 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
695 subl(30) = kll; subr(30) = klr;
696 subl(31) = krl; subr(31) = krr;
698 /* generate KR dependent subkeys */
699 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
700 subl(4) = krll; subr(4) = krlr;
701 subl(5) = krrl; subr(5) = krrr;
702 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
703 subl(8) = krll; subr(8) = krlr;
704 subl(9) = krrl; subr(9) = krrr;
705 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
706 subl(18) = krll; subr(18) = krlr;
707 subl(19) = krrl; subr(19) = krrr;
708 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
709 subl(26) = krll; subr(26) = krlr;
710 subl(27) = krrl; subr(27) = krrr;
711 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
714 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
715 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
717 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
718 w0, w1, il, ir, t0, t1);
719 krl ^= w0; krr ^= w1;
721 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
722 kll, klr, il, ir, t0, t1);
723 kll ^= krll; klr ^= krlr;
725 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
726 krl, krr, il, ir, t0, t1);
727 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
729 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
730 w0, w1, il, ir, t0, t1);
731 kll ^= w0; klr ^= w1;
734 krll ^= kll; krlr ^= klr;
735 krrl ^= krl; krrr ^= krr;
736 CAMELLIA_F(krll, krlr,
737 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
738 w0, w1, il, ir, t0, t1);
739 krrl ^= w0; krrr ^= w1;
740 CAMELLIA_F(krrl, krrr,
741 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
742 w0, w1, il, ir, t0, t1);
743 krll ^= w0; krlr ^= w1;
745 /* generate KA dependent subkeys */
746 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
747 subl(6) = kll; subr(6) = klr;
748 subl(7) = krl; subr(7) = krr;
749 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
750 subl(14) = kll; subr(14) = klr;
751 subl(15) = krl; subr(15) = krr;
752 subl(24) = klr; subr(24) = krl;
753 subl(25) = krr; subr(25) = kll;
754 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
755 subl(28) = kll; subr(28) = klr;
756 subl(29) = krl; subr(29) = krr;
758 /* generate KB dependent subkeys */
759 subl(2) = krll; subr(2) = krlr;
760 subl(3) = krrl; subr(3) = krrr;
761 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
762 subl(10) = krll; subr(10) = krlr;
763 subl(11) = krrl; subr(11) = krrr;
764 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
765 subl(20) = krll; subr(20) = krlr;
766 subl(21) = krrl; subr(21) = krrr;
767 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
768 subl(32) = krll; subr(32) = krlr;
769 subl(33) = krrl; subr(33) = krrr;
771 /* absorb kw2 to other subkeys */
772 subl(3) ^= subl(1); subr(3) ^= subr(1);
773 subl(5) ^= subl(1); subr(5) ^= subr(1);
774 subl(7) ^= subl(1); subr(7) ^= subr(1);
775 subl(1) ^= subr(1) & ~subr(9);
776 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
777 subl(11) ^= subl(1); subr(11) ^= subr(1);
778 subl(13) ^= subl(1); subr(13) ^= subr(1);
779 subl(15) ^= subl(1); subr(15) ^= subr(1);
780 subl(1) ^= subr(1) & ~subr(17);
781 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
782 subl(19) ^= subl(1); subr(19) ^= subr(1);
783 subl(21) ^= subl(1); subr(21) ^= subr(1);
784 subl(23) ^= subl(1); subr(23) ^= subr(1);
785 subl(1) ^= subr(1) & ~subr(25);
786 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
787 subl(27) ^= subl(1); subr(27) ^= subr(1);
788 subl(29) ^= subl(1); subr(29) ^= subr(1);
789 subl(31) ^= subl(1); subr(31) ^= subr(1);
790 subl(32) ^= subl(1); subr(32) ^= subr(1);
792 /* absorb kw4 to other subkeys */
793 kw4l = subl(33); kw4r = subr(33);
794 subl(30) ^= kw4l; subr(30) ^= kw4r;
795 subl(28) ^= kw4l; subr(28) ^= kw4r;
796 subl(26) ^= kw4l; subr(26) ^= kw4r;
797 kw4l ^= kw4r & ~subr(24);
798 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
799 subl(22) ^= kw4l; subr(22) ^= kw4r;
800 subl(20) ^= kw4l; subr(20) ^= kw4r;
801 subl(18) ^= kw4l; subr(18) ^= kw4r;
802 kw4l ^= kw4r & ~subr(16);
803 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
804 subl(14) ^= kw4l; subr(14) ^= kw4r;
805 subl(12) ^= kw4l; subr(12) ^= kw4r;
806 subl(10) ^= kw4l; subr(10) ^= kw4r;
807 kw4l ^= kw4r & ~subr(8);
808 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
809 subl(6) ^= kw4l; subr(6) ^= kw4r;
810 subl(4) ^= kw4l; subr(4) ^= kw4r;
811 subl(2) ^= kw4l; subr(2) ^= kw4r;
812 subl(0) ^= kw4l; subr(0) ^= kw4r;
814 /* key XOR is end of F-function */
815 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
816 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
817 CamelliaSubkeyL(2) = subl(3);
818 CamelliaSubkeyR(2) = subr(3);
819 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
820 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
821 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
822 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
823 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
824 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
825 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
826 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
827 tl = subl(10) ^ (subr(10) & ~subr(8));
828 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
829 CamelliaSubkeyL(7) = subl(6) ^ tl;
830 CamelliaSubkeyR(7) = subr(6) ^ tr;
831 CamelliaSubkeyL(8) = subl(8);
832 CamelliaSubkeyR(8) = subr(8);
833 CamelliaSubkeyL(9) = subl(9);
834 CamelliaSubkeyR(9) = subr(9);
835 tl = subl(7) ^ (subr(7) & ~subr(9));
836 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
837 CamelliaSubkeyL(10) = tl ^ subl(11);
838 CamelliaSubkeyR(10) = tr ^ subr(11);
839 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
840 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
841 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
842 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
843 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
844 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
845 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
846 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
847 tl = subl(18) ^ (subr(18) & ~subr(16));
848 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
849 CamelliaSubkeyL(15) = subl(14) ^ tl;
850 CamelliaSubkeyR(15) = subr(14) ^ tr;
851 CamelliaSubkeyL(16) = subl(16);
852 CamelliaSubkeyR(16) = subr(16);
853 CamelliaSubkeyL(17) = subl(17);
854 CamelliaSubkeyR(17) = subr(17);
855 tl = subl(15) ^ (subr(15) & ~subr(17));
856 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
857 CamelliaSubkeyL(18) = tl ^ subl(19);
858 CamelliaSubkeyR(18) = tr ^ subr(19);
859 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
860 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
861 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
862 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
863 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
864 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
865 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
866 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
867 tl = subl(26) ^ (subr(26) & ~subr(24));
868 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
869 CamelliaSubkeyL(23) = subl(22) ^ tl;
870 CamelliaSubkeyR(23) = subr(22) ^ tr;
871 CamelliaSubkeyL(24) = subl(24);
872 CamelliaSubkeyR(24) = subr(24);
873 CamelliaSubkeyL(25) = subl(25);
874 CamelliaSubkeyR(25) = subr(25);
875 tl = subl(23) ^ (subr(23) & ~subr(25));
876 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
877 CamelliaSubkeyL(26) = tl ^ subl(27);
878 CamelliaSubkeyR(26) = tr ^ subr(27);
879 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
880 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
881 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
882 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
883 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
884 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
885 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
886 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
887 CamelliaSubkeyL(31) = subl(30);
888 CamelliaSubkeyR(31) = subr(30);
889 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
890 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
892 /* apply the inverse of the last half of P-function */
893 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
894 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
895 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
896 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
897 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
898 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
899 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
900 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
901 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
902 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
903 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
904 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
905 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
906 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
907 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
908 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
909 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
910 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
911 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
912 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
913 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
914 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
915 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
916 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
917 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
918 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
919 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
920 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
921 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
922 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
923 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
924 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
925 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
926 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
927 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
928 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
929 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
930 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
931 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
932 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
933 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
934 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
935 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
936 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
937 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
938 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
939 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
940 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
945 static void camellia_setup192(const unsigned char *key, u32 *subkey)
947 unsigned char kk[32];
948 u32 krll, krlr, krrl,krrr;
951 memcpy((unsigned char *)&krll, key+16,4);
952 memcpy((unsigned char *)&krlr, key+20,4);
955 memcpy(kk+24, (unsigned char *)&krrl, 4);
956 memcpy(kk+28, (unsigned char *)&krrr, 4);
957 camellia_setup256(kk, subkey);
963 * Stuff related to camellia encryption/decryption
965 * "io" must be 4byte aligned and big-endian data.
967 static void camellia_encrypt128(const u32 *subkey, u32 *io)
971 /* pre whitening but absorb kw2*/
972 io[0] ^= CamelliaSubkeyL(0);
973 io[1] ^= CamelliaSubkeyR(0);
976 CAMELLIA_ROUNDSM(io[0],io[1],
977 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
978 io[2],io[3],il,ir,t0,t1);
979 CAMELLIA_ROUNDSM(io[2],io[3],
980 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
981 io[0],io[1],il,ir,t0,t1);
982 CAMELLIA_ROUNDSM(io[0],io[1],
983 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
984 io[2],io[3],il,ir,t0,t1);
985 CAMELLIA_ROUNDSM(io[2],io[3],
986 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
987 io[0],io[1],il,ir,t0,t1);
988 CAMELLIA_ROUNDSM(io[0],io[1],
989 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
990 io[2],io[3],il,ir,t0,t1);
991 CAMELLIA_ROUNDSM(io[2],io[3],
992 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
993 io[0],io[1],il,ir,t0,t1);
995 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
996 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
997 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1000 CAMELLIA_ROUNDSM(io[0],io[1],
1001 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1002 io[2],io[3],il,ir,t0,t1);
1003 CAMELLIA_ROUNDSM(io[2],io[3],
1004 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1005 io[0],io[1],il,ir,t0,t1);
1006 CAMELLIA_ROUNDSM(io[0],io[1],
1007 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1008 io[2],io[3],il,ir,t0,t1);
1009 CAMELLIA_ROUNDSM(io[2],io[3],
1010 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1011 io[0],io[1],il,ir,t0,t1);
1012 CAMELLIA_ROUNDSM(io[0],io[1],
1013 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1014 io[2],io[3],il,ir,t0,t1);
1015 CAMELLIA_ROUNDSM(io[2],io[3],
1016 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1017 io[0],io[1],il,ir,t0,t1);
1019 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1020 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1021 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1024 CAMELLIA_ROUNDSM(io[0],io[1],
1025 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1026 io[2],io[3],il,ir,t0,t1);
1027 CAMELLIA_ROUNDSM(io[2],io[3],
1028 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1029 io[0],io[1],il,ir,t0,t1);
1030 CAMELLIA_ROUNDSM(io[0],io[1],
1031 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1032 io[2],io[3],il,ir,t0,t1);
1033 CAMELLIA_ROUNDSM(io[2],io[3],
1034 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1035 io[0],io[1],il,ir,t0,t1);
1036 CAMELLIA_ROUNDSM(io[0],io[1],
1037 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1038 io[2],io[3],il,ir,t0,t1);
1039 CAMELLIA_ROUNDSM(io[2],io[3],
1040 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1041 io[0],io[1],il,ir,t0,t1);
1043 /* post whitening but kw4 */
1044 io[2] ^= CamelliaSubkeyL(24);
1045 io[3] ^= CamelliaSubkeyR(24);
1057 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1059 u32 il,ir,t0,t1; /* temporary valiables */
1061 /* pre whitening but absorb kw2*/
1062 io[0] ^= CamelliaSubkeyL(24);
1063 io[1] ^= CamelliaSubkeyR(24);
1065 /* main iteration */
1066 CAMELLIA_ROUNDSM(io[0],io[1],
1067 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1068 io[2],io[3],il,ir,t0,t1);
1069 CAMELLIA_ROUNDSM(io[2],io[3],
1070 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1071 io[0],io[1],il,ir,t0,t1);
1072 CAMELLIA_ROUNDSM(io[0],io[1],
1073 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1074 io[2],io[3],il,ir,t0,t1);
1075 CAMELLIA_ROUNDSM(io[2],io[3],
1076 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1077 io[0],io[1],il,ir,t0,t1);
1078 CAMELLIA_ROUNDSM(io[0],io[1],
1079 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1080 io[2],io[3],il,ir,t0,t1);
1081 CAMELLIA_ROUNDSM(io[2],io[3],
1082 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1083 io[0],io[1],il,ir,t0,t1);
1085 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1086 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1087 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1090 CAMELLIA_ROUNDSM(io[0],io[1],
1091 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1092 io[2],io[3],il,ir,t0,t1);
1093 CAMELLIA_ROUNDSM(io[2],io[3],
1094 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1095 io[0],io[1],il,ir,t0,t1);
1096 CAMELLIA_ROUNDSM(io[0],io[1],
1097 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1098 io[2],io[3],il,ir,t0,t1);
1099 CAMELLIA_ROUNDSM(io[2],io[3],
1100 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1101 io[0],io[1],il,ir,t0,t1);
1102 CAMELLIA_ROUNDSM(io[0],io[1],
1103 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1104 io[2],io[3],il,ir,t0,t1);
1105 CAMELLIA_ROUNDSM(io[2],io[3],
1106 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1107 io[0],io[1],il,ir,t0,t1);
1109 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1110 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1111 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1114 CAMELLIA_ROUNDSM(io[0],io[1],
1115 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1116 io[2],io[3],il,ir,t0,t1);
1117 CAMELLIA_ROUNDSM(io[2],io[3],
1118 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1119 io[0],io[1],il,ir,t0,t1);
1120 CAMELLIA_ROUNDSM(io[0],io[1],
1121 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1122 io[2],io[3],il,ir,t0,t1);
1123 CAMELLIA_ROUNDSM(io[2],io[3],
1124 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1125 io[0],io[1],il,ir,t0,t1);
1126 CAMELLIA_ROUNDSM(io[0],io[1],
1127 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1128 io[2],io[3],il,ir,t0,t1);
1129 CAMELLIA_ROUNDSM(io[2],io[3],
1130 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1131 io[0],io[1],il,ir,t0,t1);
1133 /* post whitening but kw4 */
1134 io[2] ^= CamelliaSubkeyL(0);
1135 io[3] ^= CamelliaSubkeyR(0);
1148 * stuff for 192 and 256bit encryption/decryption
1150 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1152 u32 il,ir,t0,t1; /* temporary valiables */
1154 /* pre whitening but absorb kw2*/
1155 io[0] ^= CamelliaSubkeyL(0);
1156 io[1] ^= CamelliaSubkeyR(0);
1158 /* main iteration */
1159 CAMELLIA_ROUNDSM(io[0],io[1],
1160 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1161 io[2],io[3],il,ir,t0,t1);
1162 CAMELLIA_ROUNDSM(io[2],io[3],
1163 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1164 io[0],io[1],il,ir,t0,t1);
1165 CAMELLIA_ROUNDSM(io[0],io[1],
1166 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1167 io[2],io[3],il,ir,t0,t1);
1168 CAMELLIA_ROUNDSM(io[2],io[3],
1169 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1170 io[0],io[1],il,ir,t0,t1);
1171 CAMELLIA_ROUNDSM(io[0],io[1],
1172 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1173 io[2],io[3],il,ir,t0,t1);
1174 CAMELLIA_ROUNDSM(io[2],io[3],
1175 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1176 io[0],io[1],il,ir,t0,t1);
1178 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1179 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1180 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1183 CAMELLIA_ROUNDSM(io[0],io[1],
1184 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1185 io[2],io[3],il,ir,t0,t1);
1186 CAMELLIA_ROUNDSM(io[2],io[3],
1187 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1188 io[0],io[1],il,ir,t0,t1);
1189 CAMELLIA_ROUNDSM(io[0],io[1],
1190 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1191 io[2],io[3],il,ir,t0,t1);
1192 CAMELLIA_ROUNDSM(io[2],io[3],
1193 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1194 io[0],io[1],il,ir,t0,t1);
1195 CAMELLIA_ROUNDSM(io[0],io[1],
1196 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1197 io[2],io[3],il,ir,t0,t1);
1198 CAMELLIA_ROUNDSM(io[2],io[3],
1199 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1200 io[0],io[1],il,ir,t0,t1);
1202 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1203 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1204 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1207 CAMELLIA_ROUNDSM(io[0],io[1],
1208 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1209 io[2],io[3],il,ir,t0,t1);
1210 CAMELLIA_ROUNDSM(io[2],io[3],
1211 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1212 io[0],io[1],il,ir,t0,t1);
1213 CAMELLIA_ROUNDSM(io[0],io[1],
1214 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1215 io[2],io[3],il,ir,t0,t1);
1216 CAMELLIA_ROUNDSM(io[2],io[3],
1217 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1218 io[0],io[1],il,ir,t0,t1);
1219 CAMELLIA_ROUNDSM(io[0],io[1],
1220 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1221 io[2],io[3],il,ir,t0,t1);
1222 CAMELLIA_ROUNDSM(io[2],io[3],
1223 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1224 io[0],io[1],il,ir,t0,t1);
1226 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1227 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1228 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1231 CAMELLIA_ROUNDSM(io[0],io[1],
1232 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1233 io[2],io[3],il,ir,t0,t1);
1234 CAMELLIA_ROUNDSM(io[2],io[3],
1235 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1236 io[0],io[1],il,ir,t0,t1);
1237 CAMELLIA_ROUNDSM(io[0],io[1],
1238 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1239 io[2],io[3],il,ir,t0,t1);
1240 CAMELLIA_ROUNDSM(io[2],io[3],
1241 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1242 io[0],io[1],il,ir,t0,t1);
1243 CAMELLIA_ROUNDSM(io[0],io[1],
1244 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1245 io[2],io[3],il,ir,t0,t1);
1246 CAMELLIA_ROUNDSM(io[2],io[3],
1247 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1248 io[0],io[1],il,ir,t0,t1);
1250 /* post whitening but kw4 */
1251 io[2] ^= CamelliaSubkeyL(32);
1252 io[3] ^= CamelliaSubkeyR(32);
1264 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1266 u32 il,ir,t0,t1; /* temporary valiables */
1268 /* pre whitening but absorb kw2*/
1269 io[0] ^= CamelliaSubkeyL(32);
1270 io[1] ^= CamelliaSubkeyR(32);
1272 /* main iteration */
1273 CAMELLIA_ROUNDSM(io[0],io[1],
1274 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1275 io[2],io[3],il,ir,t0,t1);
1276 CAMELLIA_ROUNDSM(io[2],io[3],
1277 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1278 io[0],io[1],il,ir,t0,t1);
1279 CAMELLIA_ROUNDSM(io[0],io[1],
1280 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1281 io[2],io[3],il,ir,t0,t1);
1282 CAMELLIA_ROUNDSM(io[2],io[3],
1283 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1284 io[0],io[1],il,ir,t0,t1);
1285 CAMELLIA_ROUNDSM(io[0],io[1],
1286 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1287 io[2],io[3],il,ir,t0,t1);
1288 CAMELLIA_ROUNDSM(io[2],io[3],
1289 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1290 io[0],io[1],il,ir,t0,t1);
1292 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1293 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1294 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1297 CAMELLIA_ROUNDSM(io[0],io[1],
1298 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1299 io[2],io[3],il,ir,t0,t1);
1300 CAMELLIA_ROUNDSM(io[2],io[3],
1301 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1302 io[0],io[1],il,ir,t0,t1);
1303 CAMELLIA_ROUNDSM(io[0],io[1],
1304 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1305 io[2],io[3],il,ir,t0,t1);
1306 CAMELLIA_ROUNDSM(io[2],io[3],
1307 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1308 io[0],io[1],il,ir,t0,t1);
1309 CAMELLIA_ROUNDSM(io[0],io[1],
1310 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1311 io[2],io[3],il,ir,t0,t1);
1312 CAMELLIA_ROUNDSM(io[2],io[3],
1313 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1314 io[0],io[1],il,ir,t0,t1);
1316 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1317 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1318 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1321 CAMELLIA_ROUNDSM(io[0],io[1],
1322 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1323 io[2],io[3],il,ir,t0,t1);
1324 CAMELLIA_ROUNDSM(io[2],io[3],
1325 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1326 io[0],io[1],il,ir,t0,t1);
1327 CAMELLIA_ROUNDSM(io[0],io[1],
1328 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1329 io[2],io[3],il,ir,t0,t1);
1330 CAMELLIA_ROUNDSM(io[2],io[3],
1331 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1332 io[0],io[1],il,ir,t0,t1);
1333 CAMELLIA_ROUNDSM(io[0],io[1],
1334 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1335 io[2],io[3],il,ir,t0,t1);
1336 CAMELLIA_ROUNDSM(io[2],io[3],
1337 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1338 io[0],io[1],il,ir,t0,t1);
1340 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1341 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1342 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1345 CAMELLIA_ROUNDSM(io[0],io[1],
1346 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1347 io[2],io[3],il,ir,t0,t1);
1348 CAMELLIA_ROUNDSM(io[2],io[3],
1349 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1350 io[0],io[1],il,ir,t0,t1);
1351 CAMELLIA_ROUNDSM(io[0],io[1],
1352 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1353 io[2],io[3],il,ir,t0,t1);
1354 CAMELLIA_ROUNDSM(io[2],io[3],
1355 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1356 io[0],io[1],il,ir,t0,t1);
1357 CAMELLIA_ROUNDSM(io[0],io[1],
1358 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1359 io[2],io[3],il,ir,t0,t1);
1360 CAMELLIA_ROUNDSM(io[2],io[3],
1361 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1362 io[0],io[1],il,ir,t0,t1);
1364 /* post whitening but kw4 */
1365 io[2] ^= CamelliaSubkeyL(0);
1366 io[3] ^= CamelliaSubkeyR(0);
1380 * API for compatibility
1383 void Camellia_Ekeygen(const int keyBitLength,
1384 const unsigned char *rawKey,
1385 KEY_TABLE_TYPE keyTable)
1387 switch(keyBitLength) {
1389 camellia_setup128(rawKey, keyTable);
1392 camellia_setup192(rawKey, keyTable);
1395 camellia_setup256(rawKey, keyTable);
1403 void Camellia_EncryptBlock(const int keyBitLength,
1404 const unsigned char *plaintext,
1405 const KEY_TABLE_TYPE keyTable,
1406 unsigned char *ciphertext)
1410 tmp[0] = GETU32(plaintext);
1411 tmp[1] = GETU32(plaintext + 4);
1412 tmp[2] = GETU32(plaintext + 8);
1413 tmp[3] = GETU32(plaintext + 12);
1415 switch (keyBitLength) {
1417 camellia_encrypt128(keyTable, tmp);
1422 camellia_encrypt256(keyTable, tmp);
1428 PUTU32(ciphertext, tmp[0]);
1429 PUTU32(ciphertext + 4, tmp[1]);
1430 PUTU32(ciphertext + 8, tmp[2]);
1431 PUTU32(ciphertext + 12, tmp[3]);
1434 void Camellia_DecryptBlock(const int keyBitLength,
1435 const unsigned char *ciphertext,
1436 const KEY_TABLE_TYPE keyTable,
1437 unsigned char *plaintext)
1441 tmp[0] = GETU32(ciphertext);
1442 tmp[1] = GETU32(ciphertext + 4);
1443 tmp[2] = GETU32(ciphertext + 8);
1444 tmp[3] = GETU32(ciphertext + 12);
1446 switch (keyBitLength) {
1448 camellia_decrypt128(keyTable, tmp);
1453 camellia_decrypt256(keyTable, tmp);
1458 PUTU32(plaintext, tmp[0]);
1459 PUTU32(plaintext + 4, tmp[1]);
1460 PUTU32(plaintext + 8, tmp[2]);
1461 PUTU32(plaintext + 12, tmp[3]);
git.samba.org / metze / heimdal / wip.git / blob