1 /* camellia.h ver 1.2.0
3 * Copyright (C) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation).
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 * Algorithm Specification
23 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
29 #include <krb5-types.h>
30 #include "camellia-ntt.h"
34 #define CAMELLIA_SIGMA1L (0xA09E667FL)
35 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
36 #define CAMELLIA_SIGMA2L (0xB67AE858L)
37 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
38 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
39 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
40 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
41 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
42 #define CAMELLIA_SIGMA5L (0x10E527FAL)
43 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
44 #define CAMELLIA_SIGMA6L (0xB05688C2L)
45 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
54 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
55 # define GETU32(p) SWAP(*((u32 *)(p)))
56 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
61 (((u32)(pt)[0] << 24) \
62 ^ ((u32)(pt)[1] << 16) \
63 ^ ((u32)(pt)[2] << 8) \
66 # define PUTU32(ct, st) { \
67 (ct)[0] = (u8)((st) >> 24); \
68 (ct)[1] = (u8)((st) >> 16); \
69 (ct)[2] = (u8)((st) >> 8); \
74 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
75 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
77 /* rotation right shift 1byte */
78 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
79 /* rotation left shift 1bit */
80 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
81 /* rotation left shift 1byte */
82 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
84 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
87 ll = (ll << bits) + (lr >> (32 - bits)); \
88 lr = (lr << bits) + (rl >> (32 - bits)); \
89 rl = (rl << bits) + (rr >> (32 - bits)); \
90 rr = (rr << bits) + (w0 >> (32 - bits)); \
93 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
97 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
98 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
99 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
100 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
103 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
104 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
105 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
106 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
108 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
114 yl = CAMELLIA_SP1110(ir & 0xff) \
115 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
116 ^ CAMELLIA_SP3033(t1 & 0xff) \
117 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
118 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
119 ^ CAMELLIA_SP0222(t0 & 0xff) \
120 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
121 ^ CAMELLIA_SP4404(il & 0xff); \
123 yr = CAMELLIA_RR8(yr); \
132 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
136 lr ^= CAMELLIA_RL1(t0); \
146 rr ^= CAMELLIA_RL1(t3); \
149 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
151 ir = CAMELLIA_SP1110(xr & 0xff) \
152 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
153 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
154 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
155 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
156 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
157 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
158 ^ CAMELLIA_SP4404(xl & 0xff); \
162 il = CAMELLIA_RR8(il); \
169 static const u32 camellia_sp1110[256] = {
170 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
171 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
172 0xe4e4e400,0x85858500,0x57575700,0x35353500,
173 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
174 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
175 0x45454500,0x19191900,0xa5a5a500,0x21212100,
176 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
177 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
178 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
179 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
180 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
181 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
182 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
183 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
184 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
185 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
186 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
187 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
188 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
189 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
190 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
191 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
192 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
193 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
194 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
195 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
196 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
197 0x53535300,0x18181800,0xf2f2f200,0x22222200,
198 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
199 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
200 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
201 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
202 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
203 0xa1a1a100,0x89898900,0x62626200,0x97979700,
204 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
205 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
206 0x10101000,0xc4c4c400,0x00000000,0x48484800,
207 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
208 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
209 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
210 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
211 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
212 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
213 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
214 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
215 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
216 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
217 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
218 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
219 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
220 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
221 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
222 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
223 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
224 0xd4d4d400,0x25252500,0xababab00,0x42424200,
225 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
226 0x72727200,0x07070700,0xb9b9b900,0x55555500,
227 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
228 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
229 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
230 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
231 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
232 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
233 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
236 static const u32 camellia_sp0222[256] = {
237 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
238 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
239 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
240 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
241 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
242 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
243 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
244 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
245 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
246 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
247 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
248 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
249 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
250 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
251 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
252 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
253 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
254 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
255 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
256 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
257 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
258 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
259 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
260 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
261 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
262 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
263 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
264 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
265 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
266 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
267 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
268 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
269 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
270 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
271 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
272 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
273 0x00202020,0x00898989,0x00000000,0x00909090,
274 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
275 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
276 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
277 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
278 0x009b9b9b,0x00949494,0x00212121,0x00666666,
279 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
280 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
281 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
282 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
283 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
284 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
285 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
286 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
287 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
288 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
289 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
290 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
291 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
292 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
293 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
294 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
295 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
296 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
297 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
298 0x00777777,0x00939393,0x00868686,0x00838383,
299 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
300 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
303 static const u32 camellia_sp3033[256] = {
304 0x38003838,0x41004141,0x16001616,0x76007676,
305 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
306 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
307 0x75007575,0x06000606,0x57005757,0xa000a0a0,
308 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
309 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
310 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
311 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
312 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
313 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
314 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
315 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
316 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
317 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
318 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
319 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
320 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
321 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
322 0x3a003a3a,0x09000909,0x95009595,0x10001010,
323 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
324 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
325 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
326 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
327 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
328 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
329 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
330 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
331 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
332 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
333 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
334 0x12001212,0x04000404,0x74007474,0x54005454,
335 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
336 0x55005555,0x68006868,0x50005050,0xbe00bebe,
337 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
338 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
339 0x70007070,0xff00ffff,0x32003232,0x69006969,
340 0x08000808,0x62006262,0x00000000,0x24002424,
341 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
342 0x45004545,0x81008181,0x73007373,0x6d006d6d,
343 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
344 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
345 0xe600e6e6,0x25002525,0x48004848,0x99009999,
346 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
347 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
348 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
349 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
350 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
351 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
352 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
353 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
354 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
355 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
356 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
357 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
358 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
359 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
360 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
361 0x7c007c7c,0x77007777,0x56005656,0x05000505,
362 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
363 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
364 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
365 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
366 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
367 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
370 static const u32 camellia_sp4404[256] = {
371 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
372 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
373 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
374 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
375 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
376 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
377 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
378 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
379 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
380 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
381 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
382 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
383 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
384 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
385 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
386 0x24240024,0xe8e800e8,0x60600060,0x69690069,
387 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
388 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
389 0x10100010,0x00000000,0xa3a300a3,0x75750075,
390 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
391 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
392 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
393 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
394 0x81810081,0x6f6f006f,0x13130013,0x63630063,
395 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
396 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
397 0x78780078,0x06060006,0xe7e700e7,0x71710071,
398 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
399 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
400 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
401 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
402 0x15150015,0xadad00ad,0x77770077,0x80800080,
403 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
404 0x85850085,0x35350035,0x0c0c000c,0x41410041,
405 0xefef00ef,0x93930093,0x19190019,0x21210021,
406 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
407 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
408 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
409 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
410 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
411 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
412 0x12120012,0x20200020,0xb1b100b1,0x99990099,
413 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
414 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
415 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
416 0x0f0f000f,0x16160016,0x18180018,0x22220022,
417 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
418 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
419 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
420 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
421 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
422 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
423 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
424 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
425 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
426 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
427 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
428 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
429 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
430 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
431 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
432 0x49490049,0x68680068,0x38380038,0xa4a400a4,
433 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
434 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
439 * Stuff related to the Camellia key schedule
441 #define subl(x) subL[(x)]
442 #define subr(x) subR[(x)]
444 static void camellia_setup128(const unsigned char *key, u32 *subkey)
446 u32 kll, klr, krl, krr;
447 u32 il, ir, t0, t1, w0, w1;
448 u32 kw4l, kw4r, dw, tl, tr;
453 * k == kll || klr || krl || krr (|| is concatination)
456 klr = GETU32(key + 4);
457 krl = GETU32(key + 8);
458 krr = GETU32(key + 12);
460 * generate KL dependent subkeys
462 subl(0) = kll; subr(0) = klr;
463 subl(1) = krl; subr(1) = krr;
464 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
465 subl(4) = kll; subr(4) = klr;
466 subl(5) = krl; subr(5) = krr;
467 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
468 subl(10) = kll; subr(10) = klr;
469 subl(11) = krl; subr(11) = krr;
470 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
471 subl(13) = krl; subr(13) = krr;
472 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
473 subl(16) = kll; subr(16) = klr;
474 subl(17) = krl; subr(17) = krr;
475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
476 subl(18) = kll; subr(18) = klr;
477 subl(19) = krl; subr(19) = krr;
478 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
479 subl(22) = kll; subr(22) = klr;
480 subl(23) = krl; subr(23) = krr;
483 kll = subl(0); klr = subr(0);
484 krl = subl(1); krr = subr(1);
486 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
487 w0, w1, il, ir, t0, t1);
488 krl ^= w0; krr ^= w1;
490 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
491 kll, klr, il, ir, t0, t1);
493 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
494 krl, krr, il, ir, t0, t1);
495 krl ^= w0; krr ^= w1;
497 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
498 w0, w1, il, ir, t0, t1);
499 kll ^= w0; klr ^= w1;
501 /* generate KA dependent subkeys */
502 subl(2) = kll; subr(2) = klr;
503 subl(3) = krl; subr(3) = krr;
504 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
505 subl(6) = kll; subr(6) = klr;
506 subl(7) = krl; subr(7) = krr;
507 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
508 subl(8) = kll; subr(8) = klr;
509 subl(9) = krl; subr(9) = krr;
510 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
511 subl(12) = kll; subr(12) = klr;
512 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
513 subl(14) = kll; subr(14) = klr;
514 subl(15) = krl; subr(15) = krr;
515 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
516 subl(20) = kll; subr(20) = klr;
517 subl(21) = krl; subr(21) = krr;
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 subl(24) = kll; subr(24) = klr;
520 subl(25) = krl; subr(25) = krr;
523 /* absorb kw2 to other subkeys */
524 subl(3) ^= subl(1); subr(3) ^= subr(1);
525 subl(5) ^= subl(1); subr(5) ^= subr(1);
526 subl(7) ^= subl(1); subr(7) ^= subr(1);
527 subl(1) ^= subr(1) & ~subr(9);
528 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
529 subl(11) ^= subl(1); subr(11) ^= subr(1);
530 subl(13) ^= subl(1); subr(13) ^= subr(1);
531 subl(15) ^= subl(1); subr(15) ^= subr(1);
532 subl(1) ^= subr(1) & ~subr(17);
533 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
534 subl(19) ^= subl(1); subr(19) ^= subr(1);
535 subl(21) ^= subl(1); subr(21) ^= subr(1);
536 subl(23) ^= subl(1); subr(23) ^= subr(1);
537 subl(24) ^= subl(1); subr(24) ^= subr(1);
539 /* absorb kw4 to other subkeys */
540 kw4l = subl(25); kw4r = subr(25);
541 subl(22) ^= kw4l; subr(22) ^= kw4r;
542 subl(20) ^= kw4l; subr(20) ^= kw4r;
543 subl(18) ^= kw4l; subr(18) ^= kw4r;
544 kw4l ^= kw4r & ~subr(16);
545 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
546 subl(14) ^= kw4l; subr(14) ^= kw4r;
547 subl(12) ^= kw4l; subr(12) ^= kw4r;
548 subl(10) ^= kw4l; subr(10) ^= kw4r;
549 kw4l ^= kw4r & ~subr(8);
550 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
551 subl(6) ^= kw4l; subr(6) ^= kw4r;
552 subl(4) ^= kw4l; subr(4) ^= kw4r;
553 subl(2) ^= kw4l; subr(2) ^= kw4r;
554 subl(0) ^= kw4l; subr(0) ^= kw4r;
556 /* key XOR is end of F-function */
557 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
558 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
559 CamelliaSubkeyL(2) = subl(3);
560 CamelliaSubkeyR(2) = subr(3);
561 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
562 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
563 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
564 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
565 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
566 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
567 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
568 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
569 tl = subl(10) ^ (subr(10) & ~subr(8));
570 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
571 CamelliaSubkeyL(7) = subl(6) ^ tl;
572 CamelliaSubkeyR(7) = subr(6) ^ tr;
573 CamelliaSubkeyL(8) = subl(8);
574 CamelliaSubkeyR(8) = subr(8);
575 CamelliaSubkeyL(9) = subl(9);
576 CamelliaSubkeyR(9) = subr(9);
577 tl = subl(7) ^ (subr(7) & ~subr(9));
578 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
579 CamelliaSubkeyL(10) = tl ^ subl(11);
580 CamelliaSubkeyR(10) = tr ^ subr(11);
581 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
582 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
583 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
584 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
585 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
586 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
587 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
588 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
589 tl = subl(18) ^ (subr(18) & ~subr(16));
590 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
591 CamelliaSubkeyL(15) = subl(14) ^ tl;
592 CamelliaSubkeyR(15) = subr(14) ^ tr;
593 CamelliaSubkeyL(16) = subl(16);
594 CamelliaSubkeyR(16) = subr(16);
595 CamelliaSubkeyL(17) = subl(17);
596 CamelliaSubkeyR(17) = subr(17);
597 tl = subl(15) ^ (subr(15) & ~subr(17));
598 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
599 CamelliaSubkeyL(18) = tl ^ subl(19);
600 CamelliaSubkeyR(18) = tr ^ subr(19);
601 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
602 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
603 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
604 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
605 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
606 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
607 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
608 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
609 CamelliaSubkeyL(23) = subl(22);
610 CamelliaSubkeyR(23) = subr(22);
611 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
612 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
614 /* apply the inverse of the last half of P-function */
615 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
616 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
617 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
618 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
619 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
620 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
621 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
622 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
623 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
624 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
625 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
626 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
627 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
628 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
629 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
630 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
631 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
632 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
633 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
634 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
635 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
636 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
637 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
638 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
639 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
640 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
641 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
642 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
643 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
644 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
645 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
646 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
647 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
648 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
649 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
650 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
655 static void camellia_setup256(const unsigned char *key, u32 *subkey)
657 u32 kll,klr,krl,krr; /* left half of key */
658 u32 krll,krlr,krrl,krrr; /* right half of key */
659 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
660 u32 kw4l, kw4r, dw, tl, tr;
665 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
666 * (|| is concatination)
670 klr = GETU32(key + 4);
671 krl = GETU32(key + 8);
672 krr = GETU32(key + 12);
673 krll = GETU32(key + 16);
674 krlr = GETU32(key + 20);
675 krrl = GETU32(key + 24);
676 krrr = GETU32(key + 28);
678 /* generate KL dependent subkeys */
679 subl(0) = kll; subr(0) = klr;
680 subl(1) = krl; subr(1) = krr;
681 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
682 subl(12) = kll; subr(12) = klr;
683 subl(13) = krl; subr(13) = krr;
684 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
685 subl(16) = kll; subr(16) = klr;
686 subl(17) = krl; subr(17) = krr;
687 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
688 subl(22) = kll; subr(22) = klr;
689 subl(23) = krl; subr(23) = krr;
690 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
691 subl(30) = kll; subr(30) = klr;
692 subl(31) = krl; subr(31) = krr;
694 /* generate KR dependent subkeys */
695 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
696 subl(4) = krll; subr(4) = krlr;
697 subl(5) = krrl; subr(5) = krrr;
698 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
699 subl(8) = krll; subr(8) = krlr;
700 subl(9) = krrl; subr(9) = krrr;
701 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
702 subl(18) = krll; subr(18) = krlr;
703 subl(19) = krrl; subr(19) = krrr;
704 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
705 subl(26) = krll; subr(26) = krlr;
706 subl(27) = krrl; subr(27) = krrr;
707 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
710 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
711 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
713 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
714 w0, w1, il, ir, t0, t1);
715 krl ^= w0; krr ^= w1;
717 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
718 kll, klr, il, ir, t0, t1);
719 kll ^= krll; klr ^= krlr;
721 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
722 krl, krr, il, ir, t0, t1);
723 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
725 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
726 w0, w1, il, ir, t0, t1);
727 kll ^= w0; klr ^= w1;
730 krll ^= kll; krlr ^= klr;
731 krrl ^= krl; krrr ^= krr;
732 CAMELLIA_F(krll, krlr,
733 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
734 w0, w1, il, ir, t0, t1);
735 krrl ^= w0; krrr ^= w1;
736 CAMELLIA_F(krrl, krrr,
737 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
738 w0, w1, il, ir, t0, t1);
739 krll ^= w0; krlr ^= w1;
741 /* generate KA dependent subkeys */
742 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
743 subl(6) = kll; subr(6) = klr;
744 subl(7) = krl; subr(7) = krr;
745 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
746 subl(14) = kll; subr(14) = klr;
747 subl(15) = krl; subr(15) = krr;
748 subl(24) = klr; subr(24) = krl;
749 subl(25) = krr; subr(25) = kll;
750 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
751 subl(28) = kll; subr(28) = klr;
752 subl(29) = krl; subr(29) = krr;
754 /* generate KB dependent subkeys */
755 subl(2) = krll; subr(2) = krlr;
756 subl(3) = krrl; subr(3) = krrr;
757 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
758 subl(10) = krll; subr(10) = krlr;
759 subl(11) = krrl; subr(11) = krrr;
760 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
761 subl(20) = krll; subr(20) = krlr;
762 subl(21) = krrl; subr(21) = krrr;
763 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
764 subl(32) = krll; subr(32) = krlr;
765 subl(33) = krrl; subr(33) = krrr;
767 /* absorb kw2 to other subkeys */
768 subl(3) ^= subl(1); subr(3) ^= subr(1);
769 subl(5) ^= subl(1); subr(5) ^= subr(1);
770 subl(7) ^= subl(1); subr(7) ^= subr(1);
771 subl(1) ^= subr(1) & ~subr(9);
772 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
773 subl(11) ^= subl(1); subr(11) ^= subr(1);
774 subl(13) ^= subl(1); subr(13) ^= subr(1);
775 subl(15) ^= subl(1); subr(15) ^= subr(1);
776 subl(1) ^= subr(1) & ~subr(17);
777 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
778 subl(19) ^= subl(1); subr(19) ^= subr(1);
779 subl(21) ^= subl(1); subr(21) ^= subr(1);
780 subl(23) ^= subl(1); subr(23) ^= subr(1);
781 subl(1) ^= subr(1) & ~subr(25);
782 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
783 subl(27) ^= subl(1); subr(27) ^= subr(1);
784 subl(29) ^= subl(1); subr(29) ^= subr(1);
785 subl(31) ^= subl(1); subr(31) ^= subr(1);
786 subl(32) ^= subl(1); subr(32) ^= subr(1);
788 /* absorb kw4 to other subkeys */
789 kw4l = subl(33); kw4r = subr(33);
790 subl(30) ^= kw4l; subr(30) ^= kw4r;
791 subl(28) ^= kw4l; subr(28) ^= kw4r;
792 subl(26) ^= kw4l; subr(26) ^= kw4r;
793 kw4l ^= kw4r & ~subr(24);
794 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
795 subl(22) ^= kw4l; subr(22) ^= kw4r;
796 subl(20) ^= kw4l; subr(20) ^= kw4r;
797 subl(18) ^= kw4l; subr(18) ^= kw4r;
798 kw4l ^= kw4r & ~subr(16);
799 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
800 subl(14) ^= kw4l; subr(14) ^= kw4r;
801 subl(12) ^= kw4l; subr(12) ^= kw4r;
802 subl(10) ^= kw4l; subr(10) ^= kw4r;
803 kw4l ^= kw4r & ~subr(8);
804 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
805 subl(6) ^= kw4l; subr(6) ^= kw4r;
806 subl(4) ^= kw4l; subr(4) ^= kw4r;
807 subl(2) ^= kw4l; subr(2) ^= kw4r;
808 subl(0) ^= kw4l; subr(0) ^= kw4r;
810 /* key XOR is end of F-function */
811 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
812 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
813 CamelliaSubkeyL(2) = subl(3);
814 CamelliaSubkeyR(2) = subr(3);
815 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
816 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
817 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
818 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
819 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
820 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
821 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
822 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
823 tl = subl(10) ^ (subr(10) & ~subr(8));
824 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
825 CamelliaSubkeyL(7) = subl(6) ^ tl;
826 CamelliaSubkeyR(7) = subr(6) ^ tr;
827 CamelliaSubkeyL(8) = subl(8);
828 CamelliaSubkeyR(8) = subr(8);
829 CamelliaSubkeyL(9) = subl(9);
830 CamelliaSubkeyR(9) = subr(9);
831 tl = subl(7) ^ (subr(7) & ~subr(9));
832 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
833 CamelliaSubkeyL(10) = tl ^ subl(11);
834 CamelliaSubkeyR(10) = tr ^ subr(11);
835 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
836 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
837 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
838 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
839 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
840 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
841 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
842 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
843 tl = subl(18) ^ (subr(18) & ~subr(16));
844 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
845 CamelliaSubkeyL(15) = subl(14) ^ tl;
846 CamelliaSubkeyR(15) = subr(14) ^ tr;
847 CamelliaSubkeyL(16) = subl(16);
848 CamelliaSubkeyR(16) = subr(16);
849 CamelliaSubkeyL(17) = subl(17);
850 CamelliaSubkeyR(17) = subr(17);
851 tl = subl(15) ^ (subr(15) & ~subr(17));
852 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
853 CamelliaSubkeyL(18) = tl ^ subl(19);
854 CamelliaSubkeyR(18) = tr ^ subr(19);
855 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
856 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
857 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
858 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
859 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
860 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
861 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
862 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
863 tl = subl(26) ^ (subr(26) & ~subr(24));
864 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
865 CamelliaSubkeyL(23) = subl(22) ^ tl;
866 CamelliaSubkeyR(23) = subr(22) ^ tr;
867 CamelliaSubkeyL(24) = subl(24);
868 CamelliaSubkeyR(24) = subr(24);
869 CamelliaSubkeyL(25) = subl(25);
870 CamelliaSubkeyR(25) = subr(25);
871 tl = subl(23) ^ (subr(23) & ~subr(25));
872 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
873 CamelliaSubkeyL(26) = tl ^ subl(27);
874 CamelliaSubkeyR(26) = tr ^ subr(27);
875 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
876 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
877 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
878 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
879 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
880 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
881 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
882 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
883 CamelliaSubkeyL(31) = subl(30);
884 CamelliaSubkeyR(31) = subr(30);
885 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
886 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
888 /* apply the inverse of the last half of P-function */
889 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
890 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
891 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
892 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
893 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
894 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
895 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
896 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
897 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
898 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
899 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
900 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
901 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
902 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
903 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
904 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
905 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
906 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
907 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
908 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
909 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
910 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
911 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
912 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
913 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
914 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
915 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
916 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
917 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
918 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
919 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
920 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
921 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
922 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
923 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
924 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
925 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
926 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
927 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
928 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
929 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
930 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
931 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
932 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
933 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
934 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
935 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
936 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
941 static void camellia_setup192(const unsigned char *key, u32 *subkey)
943 unsigned char kk[32];
944 u32 krll, krlr, krrl,krrr;
947 memcpy((unsigned char *)&krll, key+16,4);
948 memcpy((unsigned char *)&krlr, key+20,4);
951 memcpy(kk+24, (unsigned char *)&krrl, 4);
952 memcpy(kk+28, (unsigned char *)&krrr, 4);
953 camellia_setup256(kk, subkey);
959 * Stuff related to camellia encryption/decryption
961 * "io" must be 4byte aligned and big-endian data.
963 static void camellia_encrypt128(const u32 *subkey, u32 *io)
967 /* pre whitening but absorb kw2*/
968 io[0] ^= CamelliaSubkeyL(0);
969 io[1] ^= CamelliaSubkeyR(0);
972 CAMELLIA_ROUNDSM(io[0],io[1],
973 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
974 io[2],io[3],il,ir,t0,t1);
975 CAMELLIA_ROUNDSM(io[2],io[3],
976 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
977 io[0],io[1],il,ir,t0,t1);
978 CAMELLIA_ROUNDSM(io[0],io[1],
979 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
980 io[2],io[3],il,ir,t0,t1);
981 CAMELLIA_ROUNDSM(io[2],io[3],
982 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
983 io[0],io[1],il,ir,t0,t1);
984 CAMELLIA_ROUNDSM(io[0],io[1],
985 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
986 io[2],io[3],il,ir,t0,t1);
987 CAMELLIA_ROUNDSM(io[2],io[3],
988 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
989 io[0],io[1],il,ir,t0,t1);
991 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
992 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
993 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
996 CAMELLIA_ROUNDSM(io[0],io[1],
997 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
998 io[2],io[3],il,ir,t0,t1);
999 CAMELLIA_ROUNDSM(io[2],io[3],
1000 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1001 io[0],io[1],il,ir,t0,t1);
1002 CAMELLIA_ROUNDSM(io[0],io[1],
1003 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1004 io[2],io[3],il,ir,t0,t1);
1005 CAMELLIA_ROUNDSM(io[2],io[3],
1006 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1007 io[0],io[1],il,ir,t0,t1);
1008 CAMELLIA_ROUNDSM(io[0],io[1],
1009 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1010 io[2],io[3],il,ir,t0,t1);
1011 CAMELLIA_ROUNDSM(io[2],io[3],
1012 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1013 io[0],io[1],il,ir,t0,t1);
1015 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1016 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1017 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1020 CAMELLIA_ROUNDSM(io[0],io[1],
1021 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1022 io[2],io[3],il,ir,t0,t1);
1023 CAMELLIA_ROUNDSM(io[2],io[3],
1024 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1025 io[0],io[1],il,ir,t0,t1);
1026 CAMELLIA_ROUNDSM(io[0],io[1],
1027 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1028 io[2],io[3],il,ir,t0,t1);
1029 CAMELLIA_ROUNDSM(io[2],io[3],
1030 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1031 io[0],io[1],il,ir,t0,t1);
1032 CAMELLIA_ROUNDSM(io[0],io[1],
1033 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1034 io[2],io[3],il,ir,t0,t1);
1035 CAMELLIA_ROUNDSM(io[2],io[3],
1036 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1037 io[0],io[1],il,ir,t0,t1);
1039 /* post whitening but kw4 */
1040 io[2] ^= CamelliaSubkeyL(24);
1041 io[3] ^= CamelliaSubkeyR(24);
1053 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1055 u32 il,ir,t0,t1; /* temporary valiables */
1057 /* pre whitening but absorb kw2*/
1058 io[0] ^= CamelliaSubkeyL(24);
1059 io[1] ^= CamelliaSubkeyR(24);
1061 /* main iteration */
1062 CAMELLIA_ROUNDSM(io[0],io[1],
1063 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1064 io[2],io[3],il,ir,t0,t1);
1065 CAMELLIA_ROUNDSM(io[2],io[3],
1066 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1067 io[0],io[1],il,ir,t0,t1);
1068 CAMELLIA_ROUNDSM(io[0],io[1],
1069 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1070 io[2],io[3],il,ir,t0,t1);
1071 CAMELLIA_ROUNDSM(io[2],io[3],
1072 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1073 io[0],io[1],il,ir,t0,t1);
1074 CAMELLIA_ROUNDSM(io[0],io[1],
1075 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1076 io[2],io[3],il,ir,t0,t1);
1077 CAMELLIA_ROUNDSM(io[2],io[3],
1078 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1079 io[0],io[1],il,ir,t0,t1);
1081 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1082 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1083 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1086 CAMELLIA_ROUNDSM(io[0],io[1],
1087 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1088 io[2],io[3],il,ir,t0,t1);
1089 CAMELLIA_ROUNDSM(io[2],io[3],
1090 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1091 io[0],io[1],il,ir,t0,t1);
1092 CAMELLIA_ROUNDSM(io[0],io[1],
1093 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1094 io[2],io[3],il,ir,t0,t1);
1095 CAMELLIA_ROUNDSM(io[2],io[3],
1096 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1097 io[0],io[1],il,ir,t0,t1);
1098 CAMELLIA_ROUNDSM(io[0],io[1],
1099 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1100 io[2],io[3],il,ir,t0,t1);
1101 CAMELLIA_ROUNDSM(io[2],io[3],
1102 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1103 io[0],io[1],il,ir,t0,t1);
1105 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1106 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1107 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1110 CAMELLIA_ROUNDSM(io[0],io[1],
1111 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1112 io[2],io[3],il,ir,t0,t1);
1113 CAMELLIA_ROUNDSM(io[2],io[3],
1114 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1115 io[0],io[1],il,ir,t0,t1);
1116 CAMELLIA_ROUNDSM(io[0],io[1],
1117 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1118 io[2],io[3],il,ir,t0,t1);
1119 CAMELLIA_ROUNDSM(io[2],io[3],
1120 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1121 io[0],io[1],il,ir,t0,t1);
1122 CAMELLIA_ROUNDSM(io[0],io[1],
1123 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1124 io[2],io[3],il,ir,t0,t1);
1125 CAMELLIA_ROUNDSM(io[2],io[3],
1126 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1127 io[0],io[1],il,ir,t0,t1);
1129 /* post whitening but kw4 */
1130 io[2] ^= CamelliaSubkeyL(0);
1131 io[3] ^= CamelliaSubkeyR(0);
1144 * stuff for 192 and 256bit encryption/decryption
1146 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1148 u32 il,ir,t0,t1; /* temporary valiables */
1150 /* pre whitening but absorb kw2*/
1151 io[0] ^= CamelliaSubkeyL(0);
1152 io[1] ^= CamelliaSubkeyR(0);
1154 /* main iteration */
1155 CAMELLIA_ROUNDSM(io[0],io[1],
1156 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1157 io[2],io[3],il,ir,t0,t1);
1158 CAMELLIA_ROUNDSM(io[2],io[3],
1159 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1160 io[0],io[1],il,ir,t0,t1);
1161 CAMELLIA_ROUNDSM(io[0],io[1],
1162 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1163 io[2],io[3],il,ir,t0,t1);
1164 CAMELLIA_ROUNDSM(io[2],io[3],
1165 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1166 io[0],io[1],il,ir,t0,t1);
1167 CAMELLIA_ROUNDSM(io[0],io[1],
1168 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1169 io[2],io[3],il,ir,t0,t1);
1170 CAMELLIA_ROUNDSM(io[2],io[3],
1171 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1172 io[0],io[1],il,ir,t0,t1);
1174 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1175 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1176 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1179 CAMELLIA_ROUNDSM(io[0],io[1],
1180 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1181 io[2],io[3],il,ir,t0,t1);
1182 CAMELLIA_ROUNDSM(io[2],io[3],
1183 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1184 io[0],io[1],il,ir,t0,t1);
1185 CAMELLIA_ROUNDSM(io[0],io[1],
1186 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1187 io[2],io[3],il,ir,t0,t1);
1188 CAMELLIA_ROUNDSM(io[2],io[3],
1189 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1190 io[0],io[1],il,ir,t0,t1);
1191 CAMELLIA_ROUNDSM(io[0],io[1],
1192 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1193 io[2],io[3],il,ir,t0,t1);
1194 CAMELLIA_ROUNDSM(io[2],io[3],
1195 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1196 io[0],io[1],il,ir,t0,t1);
1198 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1199 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1200 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1203 CAMELLIA_ROUNDSM(io[0],io[1],
1204 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1205 io[2],io[3],il,ir,t0,t1);
1206 CAMELLIA_ROUNDSM(io[2],io[3],
1207 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1208 io[0],io[1],il,ir,t0,t1);
1209 CAMELLIA_ROUNDSM(io[0],io[1],
1210 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1211 io[2],io[3],il,ir,t0,t1);
1212 CAMELLIA_ROUNDSM(io[2],io[3],
1213 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1214 io[0],io[1],il,ir,t0,t1);
1215 CAMELLIA_ROUNDSM(io[0],io[1],
1216 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1217 io[2],io[3],il,ir,t0,t1);
1218 CAMELLIA_ROUNDSM(io[2],io[3],
1219 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1220 io[0],io[1],il,ir,t0,t1);
1222 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1223 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1224 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1227 CAMELLIA_ROUNDSM(io[0],io[1],
1228 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1229 io[2],io[3],il,ir,t0,t1);
1230 CAMELLIA_ROUNDSM(io[2],io[3],
1231 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1232 io[0],io[1],il,ir,t0,t1);
1233 CAMELLIA_ROUNDSM(io[0],io[1],
1234 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1235 io[2],io[3],il,ir,t0,t1);
1236 CAMELLIA_ROUNDSM(io[2],io[3],
1237 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1238 io[0],io[1],il,ir,t0,t1);
1239 CAMELLIA_ROUNDSM(io[0],io[1],
1240 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1241 io[2],io[3],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[2],io[3],
1243 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1244 io[0],io[1],il,ir,t0,t1);
1246 /* post whitening but kw4 */
1247 io[2] ^= CamelliaSubkeyL(32);
1248 io[3] ^= CamelliaSubkeyR(32);
1260 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1262 u32 il,ir,t0,t1; /* temporary valiables */
1264 /* pre whitening but absorb kw2*/
1265 io[0] ^= CamelliaSubkeyL(32);
1266 io[1] ^= CamelliaSubkeyR(32);
1268 /* main iteration */
1269 CAMELLIA_ROUNDSM(io[0],io[1],
1270 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1271 io[2],io[3],il,ir,t0,t1);
1272 CAMELLIA_ROUNDSM(io[2],io[3],
1273 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1274 io[0],io[1],il,ir,t0,t1);
1275 CAMELLIA_ROUNDSM(io[0],io[1],
1276 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1277 io[2],io[3],il,ir,t0,t1);
1278 CAMELLIA_ROUNDSM(io[2],io[3],
1279 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1280 io[0],io[1],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[0],io[1],
1282 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1283 io[2],io[3],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[2],io[3],
1285 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1286 io[0],io[1],il,ir,t0,t1);
1288 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1289 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1290 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1293 CAMELLIA_ROUNDSM(io[0],io[1],
1294 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1295 io[2],io[3],il,ir,t0,t1);
1296 CAMELLIA_ROUNDSM(io[2],io[3],
1297 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1298 io[0],io[1],il,ir,t0,t1);
1299 CAMELLIA_ROUNDSM(io[0],io[1],
1300 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1301 io[2],io[3],il,ir,t0,t1);
1302 CAMELLIA_ROUNDSM(io[2],io[3],
1303 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1304 io[0],io[1],il,ir,t0,t1);
1305 CAMELLIA_ROUNDSM(io[0],io[1],
1306 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1307 io[2],io[3],il,ir,t0,t1);
1308 CAMELLIA_ROUNDSM(io[2],io[3],
1309 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1310 io[0],io[1],il,ir,t0,t1);
1312 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1313 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1314 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1317 CAMELLIA_ROUNDSM(io[0],io[1],
1318 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1319 io[2],io[3],il,ir,t0,t1);
1320 CAMELLIA_ROUNDSM(io[2],io[3],
1321 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1322 io[0],io[1],il,ir,t0,t1);
1323 CAMELLIA_ROUNDSM(io[0],io[1],
1324 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1325 io[2],io[3],il,ir,t0,t1);
1326 CAMELLIA_ROUNDSM(io[2],io[3],
1327 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1328 io[0],io[1],il,ir,t0,t1);
1329 CAMELLIA_ROUNDSM(io[0],io[1],
1330 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1331 io[2],io[3],il,ir,t0,t1);
1332 CAMELLIA_ROUNDSM(io[2],io[3],
1333 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1334 io[0],io[1],il,ir,t0,t1);
1336 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1337 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1338 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1341 CAMELLIA_ROUNDSM(io[0],io[1],
1342 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1343 io[2],io[3],il,ir,t0,t1);
1344 CAMELLIA_ROUNDSM(io[2],io[3],
1345 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1346 io[0],io[1],il,ir,t0,t1);
1347 CAMELLIA_ROUNDSM(io[0],io[1],
1348 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1349 io[2],io[3],il,ir,t0,t1);
1350 CAMELLIA_ROUNDSM(io[2],io[3],
1351 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1352 io[0],io[1],il,ir,t0,t1);
1353 CAMELLIA_ROUNDSM(io[0],io[1],
1354 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1355 io[2],io[3],il,ir,t0,t1);
1356 CAMELLIA_ROUNDSM(io[2],io[3],
1357 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1358 io[0],io[1],il,ir,t0,t1);
1360 /* post whitening but kw4 */
1361 io[2] ^= CamelliaSubkeyL(0);
1362 io[3] ^= CamelliaSubkeyR(0);
1376 * API for compatibility
1379 void Camellia_Ekeygen(const int keyBitLength,
1380 const unsigned char *rawKey,
1381 KEY_TABLE_TYPE keyTable)
1383 switch(keyBitLength) {
1385 camellia_setup128(rawKey, keyTable);
1388 camellia_setup192(rawKey, keyTable);
1391 camellia_setup256(rawKey, keyTable);
1399 void Camellia_EncryptBlock(const int keyBitLength,
1400 const unsigned char *plaintext,
1401 const KEY_TABLE_TYPE keyTable,
1402 unsigned char *ciphertext)
1406 tmp[0] = GETU32(plaintext);
1407 tmp[1] = GETU32(plaintext + 4);
1408 tmp[2] = GETU32(plaintext + 8);
1409 tmp[3] = GETU32(plaintext + 12);
1411 switch (keyBitLength) {
1413 camellia_encrypt128(keyTable, tmp);
1418 camellia_encrypt256(keyTable, tmp);
1424 PUTU32(ciphertext, tmp[0]);
1425 PUTU32(ciphertext + 4, tmp[1]);
1426 PUTU32(ciphertext + 8, tmp[2]);
1427 PUTU32(ciphertext + 12, tmp[3]);
1430 void Camellia_DecryptBlock(const int keyBitLength,
1431 const unsigned char *ciphertext,
1432 const KEY_TABLE_TYPE keyTable,
1433 unsigned char *plaintext)
1437 tmp[0] = GETU32(ciphertext);
1438 tmp[1] = GETU32(ciphertext + 4);
1439 tmp[2] = GETU32(ciphertext + 8);
1440 tmp[3] = GETU32(ciphertext + 12);
1442 switch (keyBitLength) {
1444 camellia_decrypt128(keyTable, tmp);
1449 camellia_decrypt256(keyTable, tmp);
1454 PUTU32(plaintext, tmp[0]);
1455 PUTU32(plaintext + 4, tmp[1]);
1456 PUTU32(plaintext + 8, tmp[2]);
1457 PUTU32(plaintext + 12, tmp[3]);
git.samba.org / samba.git / blob