Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/crypto/camellia/camellia.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/crypto/camellia/camellia.h ('k') | openssl/crypto/camellia/cmll_cbc.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */ 1 /* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2 /* ==================================================================== 2 /* ====================================================================
3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
4 * ALL RIGHTS RESERVED. 4 * ALL RIGHTS RESERVED.
5 * 5 *
6 * Intellectual Property information for Camellia: 6 * Intellectual Property information for Camellia:
7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html 7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
8 * 8 *
9 * News Release for Announcement of Camellia open source: 9 * News Release for Announcement of Camellia open source:
10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html 10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64 * OF THE POSSIBILITY OF SUCH DAMAGE. 64 * OF THE POSSIBILITY OF SUCH DAMAGE.
65 * ==================================================================== 65 * ====================================================================
66 */ 66 */
67 67
68 /* Algorithm Specification 68 /* Algorithm Specification
69 http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 69 http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
70 */ 70 */
71 71
72 72 /*
73 * This release balances code size and performance. In particular key
74 * schedule setup is fully unrolled, because doing so *significantly*
75 * reduces amount of instructions per setup round and code increase is
76 * justifiable. In block functions on the other hand only inner loops
77 * are unrolled, as full unroll gives only nominal performance boost,
78 * while code size grows 4 or 7 times. Also, unlike previous versions
79 * this one "encourages" compiler to keep intermediate variables in
80 * registers, which should give better "all round" results, in other
81 * words reasonable performance even with not so modern compilers.
82 */
83
84 #include "camellia.h"
85 #include "cmll_locl.h"
73 #include <string.h> 86 #include <string.h>
74 #include <stdlib.h> 87 #include <stdlib.h>
75 88
76 #include "camellia.h" 89 /* 32-bit rotations */
77 #include "cmll_locl.h" 90 #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE _ASM)
78 91 # if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X 64))
79 /* key constants */ 92 # define RightRotate(x, s) _lrotr(x, s)
80 #define CAMELLIA_SIGMA1L (0xA09E667FL) 93 # define LeftRotate(x, s) _lrotl(x, s)
81 #define CAMELLIA_SIGMA1R (0x3BCC908BL) 94 # if _MSC_VER >= 1400
82 #define CAMELLIA_SIGMA2L (0xB67AE858L) 95 # define SWAP(x) _byteswap_ulong(x)
83 #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 96 # else
84 #define CAMELLIA_SIGMA3L (0xC6EF372FL) 97 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
85 #define CAMELLIA_SIGMA3R (0xE94F82BEL) 98 # endif
86 #define CAMELLIA_SIGMA4L (0x54FF53A5L) 99 # define GETU32(p) SWAP(*((u32 *)(p)))
87 #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 100 # define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
88 #define CAMELLIA_SIGMA5L (0x10E527FAL) 101 # elif defined(__GNUC__) && __GNUC__>=2
89 #define CAMELLIA_SIGMA5R (0xDE682D1DL) 102 # if defined(__i386) || defined(__x86_64)
90 #define CAMELLIA_SIGMA6L (0xB05688C2L) 103 # define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x) :"cc"); ret; })
91 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 104 # define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x) :"cc"); ret; })
92 105 # if defined(B_ENDIAN) /* stratus.com does it */
106 # define GETU32(p) (*(u32 *)(p))
107 # define PUTU32(p,v) (*(u32 *)(p)=(v))
108 # else
109 # define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r )); r; })
110 # define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p )=r; })
111 # endif
112 # elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
113 defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
114 # define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r" (x),"I"(s)); ret; })
115 # define RightRotate(x,s) LeftRotate(x,(32-s))
116 # elif defined(__s390x__)
117 # define LeftRotate(x,s) ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"( s)); ret; })
118 # define RightRotate(x,s) LeftRotate(x,(32-s))
119 # define GETU32(p) (*(u32 *)(p))
120 # define PUTU32(p,v) (*(u32 *)(p)=(v))
121 # endif
122 # endif
123 #endif
124
125 #if !defined(RightRotate) && !defined(LeftRotate)
126 # define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
127 # define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) )
128 #endif
129
130 #if !defined(GETU32) && !defined(PUTU32)
131 # define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] < < 8) ^ ((u32)(p)[3]))
132 # define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v))
133 #endif
134
135 /* S-box data */
136 #define SBOX1_1110 Camellia_SBOX[0]
137 #define SBOX4_4404 Camellia_SBOX[1]
138 #define SBOX2_0222 Camellia_SBOX[2]
139 #define SBOX3_3033 Camellia_SBOX[3]
140 static const u32 Camellia_SBOX[][256] = {
141 { 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
142 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
143 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
144 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
145 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
146 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
147 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
148 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
149 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
150 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
151 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
152 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
153 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
154 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
155 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
156 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
157 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
158 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
159 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
160 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
161 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
162 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
163 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
164 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
165 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
166 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
167 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
168 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
169 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
170 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
171 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
172 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
173 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
174 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
175 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
176 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
177 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
178 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
179 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
180 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
181 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
182 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
183 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 },
184 { 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
185 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
186 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
187 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
188 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
189 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
190 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
191 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
192 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
193 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
194 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
195 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
196 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
197 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
198 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
199 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
200 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
201 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
202 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
203 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
204 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
205 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
206 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
207 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
208 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
209 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
210 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
211 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
212 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
213 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
214 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
215 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
216 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
217 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
218 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
219 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
220 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
221 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
222 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
223 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
224 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
225 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
226 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e },
227 { 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
228 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
229 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
230 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
231 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
232 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
233 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
234 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
235 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
236 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
237 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
238 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
239 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
240 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
241 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
242 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
243 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
244 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
245 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
246 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
247 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
248 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
249 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
250 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
251 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
252 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
253 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
254 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
255 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
256 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
257 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
258 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
259 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
260 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
261 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
262 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
263 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
264 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
265 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
266 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
267 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
268 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
269 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d },
270 { 0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
271 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
272 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
273 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
274 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
275 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
276 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
277 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
278 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
279 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
280 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
281 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
282 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
283 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
284 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
285 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
286 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
287 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
288 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
289 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
290 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
291 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
292 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
293 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
294 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
295 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
296 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
297 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
298 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
299 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
300 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
301 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
302 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
303 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
304 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
305 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
306 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
307 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
308 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
309 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
310 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
311 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
312 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f }
313 };
314
315 /* Key generation constants */
316 static const u32 SIGMA[] = {
317 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
318 0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
319 };
320
321 /* The phi algorithm given in C.2.7 of the Camellia spec document. */
93 /* 322 /*
94 * macros 323 * This version does not attempt to minimize amount of temporary
324 * variables, but instead explicitly exposes algorithm's parallelism.
325 * It is therefore most appropriate for platforms with not less than
326 * ~16 registers. For platforms with less registers [well, x86 to be
327 * specific] assembler version should be/is provided anyway...
95 */ 328 */
96 329 #define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
97 /* e is pointer of subkey */ 330 » register u32 _t0,_t1,_t2,_t3;\
98 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) 331 \
99 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) 332 » _t0 = _s0 ^ (_key)[0];\
100 333 » _t3 = SBOX4_4404[_t0&0xff];\
101 /* rotation right shift 1byte */ 334 » _t1 = _s1 ^ (_key)[1];\
102 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 335 » _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
103 /* rotation left shift 1bit */ 336 » _t2 = SBOX1_1110[_t1&0xff];\
104 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 337 » _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
105 /* rotation left shift 1byte */ 338 » _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
106 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 339 » _t3 ^= SBOX1_1110[(_t0 >> 24)];\
107 340 » _t2 ^= _t3;\
108 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)» \ 341 » _t3 = RightRotate(_t3,8);\
109 do» » » » » » » \ 342 » _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
110 » {» » » » » » \ 343 » _s3 ^= _t3;\
111 » w0 = ll;» » » » » \ 344 » _t2 ^= SBOX2_0222[(_t1 >> 24)];\
112 » ll = (ll << bits) + (lr >> (32 - bits));» \ 345 » _s2 ^= _t2; \
113 » lr = (lr << bits) + (rl >> (32 - bits));» \ 346 » _s3 ^= _t2;\
114 » rl = (rl << bits) + (rr >> (32 - bits));» \ 347 } while(0)
115 » rr = (rr << bits) + (w0 >> (32 - bits));» \
116 » } while(0)
117
118 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits)»\
119 do» » » » » » » \
120 » {» » » » » » \
121 » w0 = ll;» » » » » \
122 » w1 = lr;» » » » » \
123 » ll = (lr << (bits - 32)) + (rl >> (64 - bits));»\
124 » lr = (rl << (bits - 32)) + (rr >> (64 - bits));»\
125 » rl = (rr << (bits - 32)) + (w0 >> (64 - bits));»\
126 » rr = (w0 << (bits - 32)) + (w1 >> (64 - bits));»\
127 » } while(0)
128
129 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
130 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
131 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
132 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
133
134 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)» » \
135 do» » » » » » » » » \
136 » {» » » » » » » » \
137 » il = xl ^ kl;» » » » » » » \
138 » ir = xr ^ kr;» » » » » » » \
139 » t0 = il >> 16;» » » » » » » \
140 » t1 = ir >> 16;» » » » » » » \
141 » yl = CAMELLIA_SP1110(ir & 0xff)»» » » » \
142 » » ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)» » » \
143 » » ^ CAMELLIA_SP3033(t1 & 0xff)» » » » \
144 » » ^ CAMELLIA_SP4404((ir >> 8) & 0xff);» » » \
145 » yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)» » » » \
146 » » ^ CAMELLIA_SP0222(t0 & 0xff)» » » » \
147 » » ^ CAMELLIA_SP3033((il >> 8) & 0xff)» » » \
148 » » ^ CAMELLIA_SP4404(il & 0xff);» » » » \
149 » yl ^= yr;» » » » » » » \
150 » yr = CAMELLIA_RR8(yr);» » » » » » \
151 » yr ^= yl;» » » » » » » \
152 » } while(0)
153
154 348
155 /* 349 /*
156 * for speed up 350 * Note that n has to be less than 32. Rotations for larger amount
157 * 351 * of bits are achieved by "rotating" order of s-elements and
352 * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
158 */ 353 */
159 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 354 #define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
160 do» » » » » » » » » \ 355 » u32 _t0=_s0>>(32-_n);\
161 » {» » » » » » » » \ 356 » _s0 = (_s0<<_n) | (_s1>>(32-_n));\
162 » t0 = kll;» » » » » » » \ 357 » _s1 = (_s1<<_n) | (_s2>>(32-_n));\
163 » t0 &= ll;» » » » » » » \ 358 » _s2 = (_s2<<_n) | (_s3>>(32-_n));\
164 » lr ^= CAMELLIA_RL1(t0);»» » » » » \ 359 » _s3 = (_s3<<_n) | _t0;\
165 » t1 = klr;» » » » » » » \ 360 } while (0)
166 » t1 |= lr;» » » » » » » \ 361
167 » ll ^= t1;» » » » » » » \ 362 int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
168 » » » » » » » » » \
169 » t2 = krr;» » » » » » » \
170 » t2 |= rr;» » » » » » » \
171 » rl ^= t2;» » » » » » » \
172 » t3 = krl;» » » » » » » \
173 » t3 &= rl;» » » » » » » \
174 » rr ^= CAMELLIA_RL1(t3);»» » » » » \
175 » } while(0)
176
177 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)» \
178 do» » » » » » » » » \
179 » {» » » » » » » » \
180 » il = xl;» » » » » » » \
181 » ir = xr;» » » » » » » \
182 » t0 = il >> 16;» » » » » » » \
183 » t1 = ir >> 16;» » » » » » » \
184 » ir = CAMELLIA_SP1110(ir & 0xff)»» » » » \
185 » » ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)» » » \
186 » » ^ CAMELLIA_SP3033(t1 & 0xff)» » » » \
187 » » ^ CAMELLIA_SP4404((ir >> 8) & 0xff);» » » \
188 » il = CAMELLIA_SP1110((t0 >> 8) & 0xff)» » » » \
189 » » ^ CAMELLIA_SP0222(t0 & 0xff)» » » » \
190 » » ^ CAMELLIA_SP3033((il >> 8) & 0xff)» » » \
191 » » ^ CAMELLIA_SP4404(il & 0xff);» » » » \
192 » il ^= kl;» » » » » » » \
193 » ir ^= kr;» » » » » » » \
194 » ir ^= il;» » » » » » » \
195 » il = CAMELLIA_RR8(il);» » » » » » \
196 » il ^= ir;» » » » » » » \
197 » yl ^= ir;» » » » » » » \
198 » yr ^= il;» » » » » » » \
199 » } while(0)
200
201 static const u32 camellia_sp1110[256] =
202 { 363 {
203 » 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 364 » register u32 s0,s1,s2,s3;
204 » 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 365
205 » 0xe4e4e400,0x85858500,0x57575700,0x35353500, 366 » k[0] = s0 = GETU32(rawKey);
206 » 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 367 » k[1] = s1 = GETU32(rawKey+4);
207 » 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 368 » k[2] = s2 = GETU32(rawKey+8);
208 » 0x45454500,0x19191900,0xa5a5a500,0x21212100, 369 » k[3] = s3 = GETU32(rawKey+12);
209 » 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 370
210 » 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 371 » if (keyBitLength != 128)
211 » 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 372 » » {
212 » 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 373 » » k[8] = s0 = GETU32(rawKey+16);
213 » 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 374 » » k[9] = s1 = GETU32(rawKey+20);
214 » 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 375 » » if (keyBitLength == 192)
215 » 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 376 » » » {
216 » 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 377 » » » k[10] = s2 = ~s0;
217 » 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 378 » » » k[11] = s3 = ~s1;
218 » 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 379 » » » }
219 » 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 380 » » else
220 » 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 381 » » » {
221 » 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 382 » » » k[10] = s2 = GETU32(rawKey+24);
222 » 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 383 » » » k[11] = s3 = GETU32(rawKey+28);
223 » 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 384 » » » }
224 » 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 385 » » s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
225 » 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 386 » » }
226 » 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 387
227 » 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 388 » /* Use the Feistel routine to scramble the key material */
228 » 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 389 » Camellia_Feistel(s0,s1,s2,s3,SIGMA+0);
229 » 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 390 » Camellia_Feistel(s2,s3,s0,s1,SIGMA+2);
230 » 0x53535300,0x18181800,0xf2f2f200,0x22222200, 391
231 » 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 392 » s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
232 » 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 393 » Camellia_Feistel(s0,s1,s2,s3,SIGMA+4);
233 » 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 394 » Camellia_Feistel(s2,s3,s0,s1,SIGMA+6);
234 » 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 395
235 » 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 396 » /* Fill the keyTable. Requires many block rotations. */
236 » 0xa1a1a100,0x89898900,0x62626200,0x97979700, 397 » if (keyBitLength == 128)
237 » 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 398 » » {
238 » 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 399 » » k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3;
239 » 0x10101000,0xc4c4c400,0x00000000,0x48484800, 400 » » RotLeft128(s0,s1,s2,s3,15);» /* KA <<< 15 */
240 » 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 401 » » k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
241 » 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 402 » » RotLeft128(s0,s1,s2,s3,15);» /* KA <<< 30 */
242 » 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 403 » » k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
243 » 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 404 » » RotLeft128(s0,s1,s2,s3,15);» /* KA <<< 45 */
244 » 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 405 » » k[24] = s0, k[25] = s1;
245 » 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 406 » » RotLeft128(s0,s1,s2,s3,15);» /* KA <<< 60 */
246 » 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 407 » » k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
247 » 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 408 » » RotLeft128(s1,s2,s3,s0,2);» /* KA <<< 94 */
248 » 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 409 » » k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
249 » 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 410 » » RotLeft128(s1,s2,s3,s0,17);» /* KA <<<111 */
250 » 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 411 » » k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
251 » 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 412
252 » 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 413 » » s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3];
253 » 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 414 » » RotLeft128(s0,s1,s2,s3,15);» /* KL <<< 15 */
254 » 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 415 » » k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3;
255 » 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 416 » » RotLeft128(s0,s1,s2,s3,30);» /* KL <<< 45 */
256 » 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 417 » » k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
257 » 0xd4d4d400,0x25252500,0xababab00,0x42424200, 418 » » RotLeft128(s0,s1,s2,s3,15);» /* KL <<< 60 */
258 » 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 419 » » k[26] = s2, k[27] = s3;
259 » 0x72727200,0x07070700,0xb9b9b900,0x55555500, 420 » » RotLeft128(s0,s1,s2,s3,17);» /* KL <<< 77 */
260 » 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 421 » » k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
261 » 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 422 » » RotLeft128(s0,s1,s2,s3,17);» /* KL <<< 94 */
262 » 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 423 » » k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
263 » 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 424 » » RotLeft128(s0,s1,s2,s3,17);» /* KL <<<111 */
264 » 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 425 » » k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
265 » 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 426
266 » 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 427 » » return 3;» /* grand rounds */
267 » }; 428 » » }
268 429 » else
269 static const u32 camellia_sp0222[256] = 430 » » {
431 » » k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
432 » » s0 ^= k[8], s1 ^= k[9], s2 ^=k[10], s3 ^=k[11];
433 » » Camellia_Feistel(s0,s1,s2,s3,(SIGMA+8));
434 » » Camellia_Feistel(s2,s3,s0,s1,(SIGMA+10));
435
436 » » k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3;
437 » » RotLeft128(s0,s1,s2,s3,30);» /* KB <<< 30 */
438 » » k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
439 » » RotLeft128(s0,s1,s2,s3,30);» /* KB <<< 60 */
440 » » k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
441 » » RotLeft128(s1,s2,s3,s0,19);» /* KB <<<111 */
442 » » k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
443
444 » » s0 = k[ 8], s1 = k[ 9], s2 = k[10], s3 = k[11];
445 » » RotLeft128(s0,s1,s2,s3,15);» /* KR <<< 15 */
446 » » k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3;
447 » » RotLeft128(s0,s1,s2,s3,15);» /* KR <<< 30 */
448 » » k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
449 » » RotLeft128(s0,s1,s2,s3,30);» /* KR <<< 60 */
450 » » k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
451 » » RotLeft128(s1,s2,s3,s0,2);» /* KR <<< 94 */
452 » » k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
453
454 » » s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
455 » » RotLeft128(s0,s1,s2,s3,15);» /* KA <<< 15 */
456 » » k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
457 » » RotLeft128(s0,s1,s2,s3,30);» /* KA <<< 45 */
458 » » k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
459 » » » » » » /* KA <<< 77 */
460 » » k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
461 » » RotLeft128(s1,s2,s3,s0,17);» /* KA <<< 94 */
462 » » k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
463
464 » » s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3];
465 » » RotLeft128(s1,s2,s3,s0,13);» /* KL <<< 45 */
466 » » k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
467 » » RotLeft128(s1,s2,s3,s0,15);» /* KL <<< 60 */
468 » » k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
469 » » RotLeft128(s1,s2,s3,s0,17);» /* KL <<< 77 */
470 » » k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
471 » » RotLeft128(s2,s3,s0,s1,2);» /* KL <<<111 */
472 » » k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
473
474 » » return 4;» /* grand rounds */
475 » » }
476 » /*
477 » * It is possible to perform certain precalculations, which
478 » * would spare few cycles in block procedure. It's not done,
479 » * because it upsets the performance balance between key
480 » * setup and block procedures, negatively affecting overall
481 » * throughput in applications operating on short messages
482 » * and volatile keys.
483 » */
484 » }
485
486 void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
487 » » const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
270 { 488 {
271 » 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 489 » register u32 s0,s1,s2,s3;
272 » 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 490 » const u32 *k = keyTable,*kend = keyTable+grandRounds*16;
273 » 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 491
274 » 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 492 » s0 = GETU32(plaintext) ^ k[0];
275 » 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 493 » s1 = GETU32(plaintext+4) ^ k[1];
276 » 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 494 » s2 = GETU32(plaintext+8) ^ k[2];
277 » 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 495 » s3 = GETU32(plaintext+12) ^ k[3];
278 » 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 496 » k += 4;
279 » 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 497
280 » 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 498 » while (1)
281 » 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 499 » » {
282 » 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 500 » » /* Camellia makes 6 Feistel rounds */
283 » 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 501 » » Camellia_Feistel(s0,s1,s2,s3,k+0);
284 » 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 502 » » Camellia_Feistel(s2,s3,s0,s1,k+2);
285 » 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 503 » » Camellia_Feistel(s0,s1,s2,s3,k+4);
286 » 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 504 » » Camellia_Feistel(s2,s3,s0,s1,k+6);
287 » 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 505 » » Camellia_Feistel(s0,s1,s2,s3,k+8);
288 » 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 506 » » Camellia_Feistel(s2,s3,s0,s1,k+10);
289 » 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 507 » » k += 12;
290 » 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 508
291 » 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 509 » » if (k == kend) break;
292 » 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 510
293 » 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 511 » » /* This is the same function as the diffusion function D
294 » 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 512 » » * of the accompanying documentation. See section 3.2
295 » 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 513 » » * for properties of the FLlayer function. */
296 » 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 514 » » s1 ^= LeftRotate(s0 & k[0], 1);
297 » 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 515 » » s2 ^= s3 | k[3];
298 » 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 516 » » s0 ^= s1 | k[1];
299 » 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 517 » » s3 ^= LeftRotate(s2 & k[2], 1);
300 » 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 518 » » k += 4;
301 » 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 519 » » }
302 » 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 520
303 » 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 521 » s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
304 » 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 522
305 » 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 523 » PUTU32(ciphertext, s2);
306 » 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 524 » PUTU32(ciphertext+4, s3);
307 » 0x00202020,0x00898989,0x00000000,0x00909090, 525 » PUTU32(ciphertext+8, s0);
308 » 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 526 » PUTU32(ciphertext+12,s1);
309 » 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 527 » }
310 » 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 528 void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
311 » 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 529 » » const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
312 » 0x009b9b9b,0x00949494,0x00212121,0x00666666,
313 » 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
314 » 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
315 » 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
316 » 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
317 » 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
318 » 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
319 » 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
320 » 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
321 » 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
322 » 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
323 » 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
324 » 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
325 » 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
326 » 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
327 » 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
328 » 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
329 » 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
330 » 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
331 » 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
332 » 0x00777777,0x00939393,0x00868686,0x00838383,
333 » 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
334 » 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
335 » };
336
337 static const u32 camellia_sp3033[256] =
338 { 530 {
339 » 0x38003838,0x41004141,0x16001616,0x76007676, 531 » Camellia_EncryptBlock_Rounds(keyBitLength==128?3:4,
340 » 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 532 » » » plaintext,keyTable,ciphertext);
341 » 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 533 » }
342 » 0x75007575,0x06000606,0x57005757,0xa000a0a0, 534
343 » 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 535 void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
344 » 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 536 » » const KEY_TABLE_TYPE keyTable, u8 plaintext[])
345 » 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
346 » 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
347 » 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
348 » 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
349 » 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
350 » 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
351 » 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
352 » 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
353 » 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
354 » 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
355 » 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
356 » 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
357 » 0x3a003a3a,0x09000909,0x95009595,0x10001010,
358 » 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
359 » 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
360 » 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
361 » 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
362 » 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
363 » 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
364 » 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
365 » 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
366 » 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
367 » 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
368 » 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
369 » 0x12001212,0x04000404,0x74007474,0x54005454,
370 » 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
371 » 0x55005555,0x68006868,0x50005050,0xbe00bebe,
372 » 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
373 » 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
374 » 0x70007070,0xff00ffff,0x32003232,0x69006969,
375 » 0x08000808,0x62006262,0x00000000,0x24002424,
376 » 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
377 » 0x45004545,0x81008181,0x73007373,0x6d006d6d,
378 » 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
379 » 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
380 » 0xe600e6e6,0x25002525,0x48004848,0x99009999,
381 » 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
382 » 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
383 » 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
384 » 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
385 » 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
386 » 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
387 » 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
388 » 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
389 » 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
390 » 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
391 » 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
392 » 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
393 » 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
394 » 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
395 » 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
396 » 0x7c007c7c,0x77007777,0x56005656,0x05000505,
397 » 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
398 » 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
399 » 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
400 » 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
401 » 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
402 » 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
403 » };
404
405 static const u32 camellia_sp4404[256] =
406 { 537 {
407 » 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 538 » u32 s0,s1,s2,s3;
408 » 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 539 » const u32 *k = keyTable+grandRounds*16,*kend = keyTable+4;
409 » 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 540
410 » 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 541 » s0 = GETU32(ciphertext) ^ k[0];
411 » 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 542 » s1 = GETU32(ciphertext+4) ^ k[1];
412 » 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 543 » s2 = GETU32(ciphertext+8) ^ k[2];
413 » 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 544 » s3 = GETU32(ciphertext+12) ^ k[3];
414 » 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 545
415 » 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 546 » while (1)
416 » 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 547 » » {
417 » 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 548 » » /* Camellia makes 6 Feistel rounds */
418 » 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 549 » » k -= 12;
419 » 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 550 » » Camellia_Feistel(s0,s1,s2,s3,k+10);
420 » 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 551 » » Camellia_Feistel(s2,s3,s0,s1,k+8);
421 » 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 552 » » Camellia_Feistel(s0,s1,s2,s3,k+6);
422 » 0x24240024,0xe8e800e8,0x60600060,0x69690069, 553 » » Camellia_Feistel(s2,s3,s0,s1,k+4);
423 » 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 554 » » Camellia_Feistel(s0,s1,s2,s3,k+2);
424 » 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 555 » » Camellia_Feistel(s2,s3,s0,s1,k+0);
425 » 0x10100010,0x00000000,0xa3a300a3,0x75750075, 556
426 » 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 557 » » if (k == kend) break;
427 » 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 558
428 » 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 559 » » /* This is the same function as the diffusion function D
429 » 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 560 » » * of the accompanying documentation. See section 3.2
430 » 0x81810081,0x6f6f006f,0x13130013,0x63630063, 561 » » * for properties of the FLlayer function. */
431 » 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 562 » » k -= 4;
432 » 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 563 » » s1 ^= LeftRotate(s0 & k[2], 1);
433 » 0x78780078,0x06060006,0xe7e700e7,0x71710071, 564 » » s2 ^= s3 | k[1];
434 » 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 565 » » s0 ^= s1 | k[3];
435 » 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 566 » » s3 ^= LeftRotate(s2 & k[0], 1);
436 » 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 567 » » }
437 » 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 568
438 » 0x15150015,0xadad00ad,0x77770077,0x80800080, 569 » k -= 4;
439 » 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 570 » s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
440 » 0x85850085,0x35350035,0x0c0c000c,0x41410041, 571
441 » 0xefef00ef,0x93930093,0x19190019,0x21210021, 572 » PUTU32(plaintext, s2);
442 » 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 573 » PUTU32(plaintext+4, s3);
443 » 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 574 » PUTU32(plaintext+8, s0);
444 » 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 575 » PUTU32(plaintext+12,s1);
445 » 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 576 » }
446 » 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 577 void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
447 » 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 578 » » const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
448 » 0x12120012,0x20200020,0xb1b100b1,0x99990099,
449 » 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
450 » 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
451 » 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
452 » 0x0f0f000f,0x16160016,0x18180018,0x22220022,
453 » 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
454 » 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
455 » 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
456 » 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
457 » 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
458 » 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
459 » 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
460 » 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
461 » 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
462 » 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
463 » 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
464 » 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
465 » 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
466 » 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
467 » 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
468 » 0x49490049,0x68680068,0x38380038,0xa4a400a4,
469 » 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
470 » 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
471 » };
472
473 /**
474 * Stuff related to the Camellia key schedule
475 */
476 #define subl(x) subL[(x)]
477 #define subr(x) subR[(x)]
478
479 void camellia_setup128(const u8 *key, u32 *subkey)
480 { 579 {
481 u32 kll, klr, krl, krr; 580 Camellia_DecryptBlock_Rounds(keyBitLength==128?3:4,
482 u32 il, ir, t0, t1, w0, w1; 581 plaintext,keyTable,ciphertext);
483 u32 kw4l, kw4r, dw, tl, tr;
484 u32 subL[26];
485 u32 subR[26];
486
487 /**
488 * k == kll || klr || krl || krr (|| is concatination)
489 */
490 kll = GETU32(key );
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
494 /**
495 * generate KL dependent subkeys
496 */
497 /* kw1 */
498 subl(0) = kll; subr(0) = klr;
499 /* kw2 */
500 subl(1) = krl; subr(1) = krr;
501 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 /* k3 */
504 subl(4) = kll; subr(4) = klr;
505 /* k4 */
506 subl(5) = krl; subr(5) = krr;
507 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509 /* k7 */
510 subl(10) = kll; subr(10) = klr;
511 /* k8 */
512 subl(11) = krl; subr(11) = krr;
513 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k10 */
516 subl(13) = krl; subr(13) = krr;
517 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 /* kl3 */
520 subl(16) = kll; subr(16) = klr;
521 /* kl4 */
522 subl(17) = krl; subr(17) = krr;
523 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525 /* k13 */
526 subl(18) = kll; subr(18) = klr;
527 /* k14 */
528 subl(19) = krl; subr(19) = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 /* k17 */
532 subl(22) = kll; subr(22) = klr;
533 /* k18 */
534 subl(23) = krl; subr(23) = krr;
535
536 /* generate KA */
537 kll = subl(0); klr = subr(0);
538 krl = subl(1); krr = subr(1);
539 CAMELLIA_F(kll, klr,
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1);
542 krl ^= w0; krr ^= w1;
543 CAMELLIA_F(krl, krr,
544 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545 kll, klr, il, ir, t0, t1);
546 /* current status == (kll, klr, w0, w1) */
547 CAMELLIA_F(kll, klr,
548 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549 krl, krr, il, ir, t0, t1);
550 krl ^= w0; krr ^= w1;
551 CAMELLIA_F(krl, krr,
552 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553 w0, w1, il, ir, t0, t1);
554 kll ^= w0; klr ^= w1;
555
556 /* generate KA dependent subkeys */
557 /* k1, k2 */
558 subl(2) = kll; subr(2) = klr;
559 subl(3) = krl; subr(3) = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561 /* k5,k6 */
562 subl(6) = kll; subr(6) = klr;
563 subl(7) = krl; subr(7) = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 /* kl1, kl2 */
566 subl(8) = kll; subr(8) = klr;
567 subl(9) = krl; subr(9) = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 /* k9 */
570 subl(12) = kll; subr(12) = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 /* k11, k12 */
573 subl(14) = kll; subr(14) = klr;
574 subl(15) = krl; subr(15) = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 /* k15, k16 */
577 subl(20) = kll; subr(20) = klr;
578 subl(21) = krl; subr(21) = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 /* kw3, kw4 */
581 subl(24) = kll; subr(24) = klr;
582 subl(25) = krl; subr(25) = krr;
583
584
585 /* absorb kw2 to other subkeys */
586 /* round 2 */
587 subl(3) ^= subl(1); subr(3) ^= subr(1);
588 /* round 4 */
589 subl(5) ^= subl(1); subr(5) ^= subr(1);
590 /* round 6 */
591 subl(7) ^= subl(1); subr(7) ^= subr(1);
592 subl(1) ^= subr(1) & ~subr(9);
593 dw = subl(1) & subl(9),
594 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595 /* round 8 */
596 subl(11) ^= subl(1); subr(11) ^= subr(1);
597 /* round 10 */
598 subl(13) ^= subl(1); subr(13) ^= subr(1);
599 /* round 12 */
600 subl(15) ^= subl(1); subr(15) ^= subr(1);
601 subl(1) ^= subr(1) & ~subr(17);
602 dw = subl(1) & subl(17),
603 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604 /* round 14 */
605 subl(19) ^= subl(1); subr(19) ^= subr(1);
606 /* round 16 */
607 subl(21) ^= subl(1); subr(21) ^= subr(1);
608 /* round 18 */
609 subl(23) ^= subl(1); subr(23) ^= subr(1);
610 /* kw3 */
611 subl(24) ^= subl(1); subr(24) ^= subr(1);
612
613 /* absorb kw4 to other subkeys */
614 kw4l = subl(25); kw4r = subr(25);
615 /* round 17 */
616 subl(22) ^= kw4l; subr(22) ^= kw4r;
617 /* round 15 */
618 subl(20) ^= kw4l; subr(20) ^= kw4r;
619 /* round 13 */
620 subl(18) ^= kw4l; subr(18) ^= kw4r;
621 kw4l ^= kw4r & ~subr(16);
622 dw = kw4l & subl(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624 /* round 11 */
625 subl(14) ^= kw4l; subr(14) ^= kw4r;
626 /* round 9 */
627 subl(12) ^= kw4l; subr(12) ^= kw4r;
628 /* round 7 */
629 subl(10) ^= kw4l; subr(10) ^= kw4r;
630 kw4l ^= kw4r & ~subr(8);
631 dw = kw4l & subl(8),
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633 /* round 5 */
634 subl(6) ^= kw4l; subr(6) ^= kw4r;
635 /* round 3 */
636 subl(4) ^= kw4l; subr(4) ^= kw4r;
637 /* round 1 */
638 subl(2) ^= kw4l; subr(2) ^= kw4r;
639 /* kw1 */
640 subl(0) ^= kw4l; subr(0) ^= kw4r;
641
642
643 /* key XOR is end of F-function */
644 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
645 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
646 CamelliaSubkeyL(2) = subl(3); /* round 1 */
647 CamelliaSubkeyR(2) = subr(3);
648 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
649 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
650 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
651 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
652 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
653 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
654 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
655 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
656 tl = subl(10) ^ (subr(10) & ~subr(8));
657 dw = tl & subl(8), /* FL(kl1) */
658 tr = subr(10) ^ CAMELLIA_RL1(dw);
659 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
660 CamelliaSubkeyR(7) = subr(6) ^ tr;
661 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
662 CamelliaSubkeyR(8) = subr(8);
663 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
664 CamelliaSubkeyR(9) = subr(9);
665 tl = subl(7) ^ (subr(7) & ~subr(9));
666 dw = tl & subl(9), /* FLinv(kl2) */
667 tr = subr(7) ^ CAMELLIA_RL1(dw);
668 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
669 CamelliaSubkeyR(10) = tr ^ subr(11);
670 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
671 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
672 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
673 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
674 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
675 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
676 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
677 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
678 tl = subl(18) ^ (subr(18) & ~subr(16));
679 dw = tl & subl(16), /* FL(kl3) */
680 tr = subr(18) ^ CAMELLIA_RL1(dw);
681 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
682 CamelliaSubkeyR(15) = subr(14) ^ tr;
683 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
684 CamelliaSubkeyR(16) = subr(16);
685 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
686 CamelliaSubkeyR(17) = subr(17);
687 tl = subl(15) ^ (subr(15) & ~subr(17));
688 dw = tl & subl(17), /* FLinv(kl4) */
689 tr = subr(15) ^ CAMELLIA_RL1(dw);
690 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
691 CamelliaSubkeyR(18) = tr ^ subr(19);
692 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
693 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
694 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
695 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
696 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
697 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
698 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
699 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
700 CamelliaSubkeyL(23) = subl(22); /* round 18 */
701 CamelliaSubkeyR(23) = subr(22);
702 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
703 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
704
705 /* apply the inverse of the last half of P-function */
706 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
707 dw = CAMELLIA_RL8(dw);/* round 1 */
708 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
709 CamelliaSubkeyL(2) = dw;
710 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
711 dw = CAMELLIA_RL8(dw);/* round 2 */
712 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
713 CamelliaSubkeyL(3) = dw;
714 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
715 dw = CAMELLIA_RL8(dw);/* round 3 */
716 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
717 CamelliaSubkeyL(4) = dw;
718 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
719 dw = CAMELLIA_RL8(dw);/* round 4 */
720 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
721 CamelliaSubkeyL(5) = dw;
722 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
723 dw = CAMELLIA_RL8(dw);/* round 5 */
724 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
725 CamelliaSubkeyL(6) = dw;
726 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
727 dw = CAMELLIA_RL8(dw);/* round 6 */
728 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
729 CamelliaSubkeyL(7) = dw;
730 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
731 dw = CAMELLIA_RL8(dw);/* round 7 */
732 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
733 CamelliaSubkeyL(10) = dw;
734 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
735 dw = CAMELLIA_RL8(dw);/* round 8 */
736 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
737 CamelliaSubkeyL(11) = dw;
738 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
739 dw = CAMELLIA_RL8(dw);/* round 9 */
740 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
741 CamelliaSubkeyL(12) = dw;
742 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
743 dw = CAMELLIA_RL8(dw);/* round 10 */
744 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
745 CamelliaSubkeyL(13) = dw;
746 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
747 dw = CAMELLIA_RL8(dw);/* round 11 */
748 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
749 CamelliaSubkeyL(14) = dw;
750 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
751 dw = CAMELLIA_RL8(dw);/* round 12 */
752 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
753 CamelliaSubkeyL(15) = dw;
754 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
755 dw = CAMELLIA_RL8(dw);/* round 13 */
756 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
757 CamelliaSubkeyL(18) = dw;
758 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
759 dw = CAMELLIA_RL8(dw);/* round 14 */
760 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
761 CamelliaSubkeyL(19) = dw;
762 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
763 dw = CAMELLIA_RL8(dw);/* round 15 */
764 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
765 CamelliaSubkeyL(20) = dw;
766 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
767 dw = CAMELLIA_RL8(dw);/* round 16 */
768 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
769 CamelliaSubkeyL(21) = dw;
770 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
771 dw = CAMELLIA_RL8(dw);/* round 17 */
772 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
773 CamelliaSubkeyL(22) = dw;
774 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
775 dw = CAMELLIA_RL8(dw);/* round 18 */
776 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
777 CamelliaSubkeyL(23) = dw;
778
779 return;
780 } 582 }
781
782 void camellia_setup256(const u8 *key, u32 *subkey)
783 {
784 u32 kll,klr,krl,krr; /* left half of key */
785 u32 krll,krlr,krrl,krrr; /* right half of key */
786 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
787 u32 kw4l, kw4r, dw, tl, tr;
788 u32 subL[34];
789 u32 subR[34];
790
791 /**
792 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
793 * (|| is concatination)
794 */
795
796 kll = GETU32(key );
797 klr = GETU32(key + 4);
798 krl = GETU32(key + 8);
799 krr = GETU32(key + 12);
800 krll = GETU32(key + 16);
801 krlr = GETU32(key + 20);
802 krrl = GETU32(key + 24);
803 krrr = GETU32(key + 28);
804
805 /* generate KL dependent subkeys */
806 /* kw1 */
807 subl(0) = kll; subr(0) = klr;
808 /* kw2 */
809 subl(1) = krl; subr(1) = krr;
810 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
811 /* k9 */
812 subl(12) = kll; subr(12) = klr;
813 /* k10 */
814 subl(13) = krl; subr(13) = krr;
815 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
816 /* kl3 */
817 subl(16) = kll; subr(16) = klr;
818 /* kl4 */
819 subl(17) = krl; subr(17) = krr;
820 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
821 /* k17 */
822 subl(22) = kll; subr(22) = klr;
823 /* k18 */
824 subl(23) = krl; subr(23) = krr;
825 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
826 /* k23 */
827 subl(30) = kll; subr(30) = klr;
828 /* k24 */
829 subl(31) = krl; subr(31) = krr;
830
831 /* generate KR dependent subkeys */
832 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
833 /* k3 */
834 subl(4) = krll; subr(4) = krlr;
835 /* k4 */
836 subl(5) = krrl; subr(5) = krrr;
837 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
838 /* kl1 */
839 subl(8) = krll; subr(8) = krlr;
840 /* kl2 */
841 subl(9) = krrl; subr(9) = krrr;
842 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
843 /* k13 */
844 subl(18) = krll; subr(18) = krlr;
845 /* k14 */
846 subl(19) = krrl; subr(19) = krrr;
847 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
848 /* k19 */
849 subl(26) = krll; subr(26) = krlr;
850 /* k20 */
851 subl(27) = krrl; subr(27) = krrr;
852 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
853
854 /* generate KA */
855 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
856 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
857 CAMELLIA_F(kll, klr,
858 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
859 w0, w1, il, ir, t0, t1);
860 krl ^= w0; krr ^= w1;
861 CAMELLIA_F(krl, krr,
862 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
863 kll, klr, il, ir, t0, t1);
864 kll ^= krll; klr ^= krlr;
865 CAMELLIA_F(kll, klr,
866 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
867 krl, krr, il, ir, t0, t1);
868 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
869 CAMELLIA_F(krl, krr,
870 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
871 w0, w1, il, ir, t0, t1);
872 kll ^= w0; klr ^= w1;
873
874 /* generate KB */
875 krll ^= kll; krlr ^= klr;
876 krrl ^= krl; krrr ^= krr;
877 CAMELLIA_F(krll, krlr,
878 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
879 w0, w1, il, ir, t0, t1);
880 krrl ^= w0; krrr ^= w1;
881 CAMELLIA_F(krrl, krrr,
882 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
883 w0, w1, il, ir, t0, t1);
884 krll ^= w0; krlr ^= w1;
885
886 /* generate KA dependent subkeys */
887 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
888 /* k5 */
889 subl(6) = kll; subr(6) = klr;
890 /* k6 */
891 subl(7) = krl; subr(7) = krr;
892 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
893 /* k11 */
894 subl(14) = kll; subr(14) = klr;
895 /* k12 */
896 subl(15) = krl; subr(15) = krr;
897 /* rotation left shift 32bit */
898 /* kl5 */
899 subl(24) = klr; subr(24) = krl;
900 /* kl6 */
901 subl(25) = krr; subr(25) = kll;
902 /* rotation left shift 49 from k11,k12 -> k21,k22 */
903 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
904 /* k21 */
905 subl(28) = kll; subr(28) = klr;
906 /* k22 */
907 subl(29) = krl; subr(29) = krr;
908
909 /* generate KB dependent subkeys */
910 /* k1 */
911 subl(2) = krll; subr(2) = krlr;
912 /* k2 */
913 subl(3) = krrl; subr(3) = krrr;
914 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
915 /* k7 */
916 subl(10) = krll; subr(10) = krlr;
917 /* k8 */
918 subl(11) = krrl; subr(11) = krrr;
919 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
920 /* k15 */
921 subl(20) = krll; subr(20) = krlr;
922 /* k16 */
923 subl(21) = krrl; subr(21) = krrr;
924 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
925 /* kw3 */
926 subl(32) = krll; subr(32) = krlr;
927 /* kw4 */
928 subl(33) = krrl; subr(33) = krrr;
929
930 /* absorb kw2 to other subkeys */
931 /* round 2 */
932 subl(3) ^= subl(1); subr(3) ^= subr(1);
933 /* round 4 */
934 subl(5) ^= subl(1); subr(5) ^= subr(1);
935 /* round 6 */
936 subl(7) ^= subl(1); subr(7) ^= subr(1);
937 subl(1) ^= subr(1) & ~subr(9);
938 dw = subl(1) & subl(9),
939 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
940 /* round 8 */
941 subl(11) ^= subl(1); subr(11) ^= subr(1);
942 /* round 10 */
943 subl(13) ^= subl(1); subr(13) ^= subr(1);
944 /* round 12 */
945 subl(15) ^= subl(1); subr(15) ^= subr(1);
946 subl(1) ^= subr(1) & ~subr(17);
947 dw = subl(1) & subl(17),
948 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
949 /* round 14 */
950 subl(19) ^= subl(1); subr(19) ^= subr(1);
951 /* round 16 */
952 subl(21) ^= subl(1); subr(21) ^= subr(1);
953 /* round 18 */
954 subl(23) ^= subl(1); subr(23) ^= subr(1);
955 subl(1) ^= subr(1) & ~subr(25);
956 dw = subl(1) & subl(25),
957 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
958 /* round 20 */
959 subl(27) ^= subl(1); subr(27) ^= subr(1);
960 /* round 22 */
961 subl(29) ^= subl(1); subr(29) ^= subr(1);
962 /* round 24 */
963 subl(31) ^= subl(1); subr(31) ^= subr(1);
964 /* kw3 */
965 subl(32) ^= subl(1); subr(32) ^= subr(1);
966
967
968 /* absorb kw4 to other subkeys */
969 kw4l = subl(33); kw4r = subr(33);
970 /* round 23 */
971 subl(30) ^= kw4l; subr(30) ^= kw4r;
972 /* round 21 */
973 subl(28) ^= kw4l; subr(28) ^= kw4r;
974 /* round 19 */
975 subl(26) ^= kw4l; subr(26) ^= kw4r;
976 kw4l ^= kw4r & ~subr(24);
977 dw = kw4l & subl(24),
978 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
979 /* round 17 */
980 subl(22) ^= kw4l; subr(22) ^= kw4r;
981 /* round 15 */
982 subl(20) ^= kw4l; subr(20) ^= kw4r;
983 /* round 13 */
984 subl(18) ^= kw4l; subr(18) ^= kw4r;
985 kw4l ^= kw4r & ~subr(16);
986 dw = kw4l & subl(16),
987 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
988 /* round 11 */
989 subl(14) ^= kw4l; subr(14) ^= kw4r;
990 /* round 9 */
991 subl(12) ^= kw4l; subr(12) ^= kw4r;
992 /* round 7 */
993 subl(10) ^= kw4l; subr(10) ^= kw4r;
994 kw4l ^= kw4r & ~subr(8);
995 dw = kw4l & subl(8),
996 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
997 /* round 5 */
998 subl(6) ^= kw4l; subr(6) ^= kw4r;
999 /* round 3 */
1000 subl(4) ^= kw4l; subr(4) ^= kw4r;
1001 /* round 1 */
1002 subl(2) ^= kw4l; subr(2) ^= kw4r;
1003 /* kw1 */
1004 subl(0) ^= kw4l; subr(0) ^= kw4r;
1005
1006 /* key XOR is end of F-function */
1007 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
1008 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1009 CamelliaSubkeyL(2) = subl(3); /* round 1 */
1010 CamelliaSubkeyR(2) = subr(3);
1011 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1012 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1013 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1014 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1015 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1016 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1017 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1018 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1019 tl = subl(10) ^ (subr(10) & ~subr(8));
1020 dw = tl & subl(8), /* FL(kl1) */
1021 tr = subr(10) ^ CAMELLIA_RL1(dw);
1022 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1023 CamelliaSubkeyR(7) = subr(6) ^ tr;
1024 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1025 CamelliaSubkeyR(8) = subr(8);
1026 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1027 CamelliaSubkeyR(9) = subr(9);
1028 tl = subl(7) ^ (subr(7) & ~subr(9));
1029 dw = tl & subl(9), /* FLinv(kl2) */
1030 tr = subr(7) ^ CAMELLIA_RL1(dw);
1031 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1032 CamelliaSubkeyR(10) = tr ^ subr(11);
1033 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1034 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1035 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1036 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1037 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1038 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1039 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1040 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1041 tl = subl(18) ^ (subr(18) & ~subr(16));
1042 dw = tl & subl(16), /* FL(kl3) */
1043 tr = subr(18) ^ CAMELLIA_RL1(dw);
1044 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1045 CamelliaSubkeyR(15) = subr(14) ^ tr;
1046 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1047 CamelliaSubkeyR(16) = subr(16);
1048 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1049 CamelliaSubkeyR(17) = subr(17);
1050 tl = subl(15) ^ (subr(15) & ~subr(17));
1051 dw = tl & subl(17), /* FLinv(kl4) */
1052 tr = subr(15) ^ CAMELLIA_RL1(dw);
1053 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1054 CamelliaSubkeyR(18) = tr ^ subr(19);
1055 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1056 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1057 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1058 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1059 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1060 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1061 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1062 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1063 tl = subl(26) ^ (subr(26)
1064 & ~subr(24));
1065 dw = tl & subl(24), /* FL(kl5) */
1066 tr = subr(26) ^ CAMELLIA_RL1(dw);
1067 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1068 CamelliaSubkeyR(23) = subr(22) ^ tr;
1069 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1070 CamelliaSubkeyR(24) = subr(24);
1071 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1072 CamelliaSubkeyR(25) = subr(25);
1073 tl = subl(23) ^ (subr(23) &
1074 ~subr(25));
1075 dw = tl & subl(25), /* FLinv(kl6) */
1076 tr = subr(23) ^ CAMELLIA_RL1(dw);
1077 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1078 CamelliaSubkeyR(26) = tr ^ subr(27);
1079 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1080 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1081 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1082 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1083 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1084 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1085 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1086 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1087 CamelliaSubkeyL(31) = subl(30); /* round 24 */
1088 CamelliaSubkeyR(31) = subr(30);
1089 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1090 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1091
1092 /* apply the inverse of the last half of P-function */
1093 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
1094 dw = CAMELLIA_RL8(dw);/* round 1 */
1095 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
1096 CamelliaSubkeyL(2) = dw;
1097 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
1098 dw = CAMELLIA_RL8(dw);/* round 2 */
1099 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
1100 CamelliaSubkeyL(3) = dw;
1101 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
1102 dw = CAMELLIA_RL8(dw);/* round 3 */
1103 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
1104 CamelliaSubkeyL(4) = dw;
1105 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
1106 dw = CAMELLIA_RL8(dw);/* round 4 */
1107 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
1108 CamelliaSubkeyL(5) = dw;
1109 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
1110 dw = CAMELLIA_RL8(dw);/* round 5 */
1111 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
1112 CamelliaSubkeyL(6) = dw;
1113 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
1114 dw = CAMELLIA_RL8(dw);/* round 6 */
1115 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
1116 CamelliaSubkeyL(7) = dw;
1117 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
1118 dw = CAMELLIA_RL8(dw);/* round 7 */
1119 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
1120 CamelliaSubkeyL(10) = dw;
1121 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
1122 dw = CAMELLIA_RL8(dw);/* round 8 */
1123 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
1124 CamelliaSubkeyL(11) = dw;
1125 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
1126 dw = CAMELLIA_RL8(dw);/* round 9 */
1127 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
1128 CamelliaSubkeyL(12) = dw;
1129 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
1130 dw = CAMELLIA_RL8(dw);/* round 10 */
1131 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
1132 CamelliaSubkeyL(13) = dw;
1133 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
1134 dw = CAMELLIA_RL8(dw);/* round 11 */
1135 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
1136 CamelliaSubkeyL(14) = dw;
1137 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
1138 dw = CAMELLIA_RL8(dw);/* round 12 */
1139 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
1140 CamelliaSubkeyL(15) = dw;
1141 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
1142 dw = CAMELLIA_RL8(dw);/* round 13 */
1143 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
1144 CamelliaSubkeyL(18) = dw;
1145 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
1146 dw = CAMELLIA_RL8(dw);/* round 14 */
1147 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
1148 CamelliaSubkeyL(19) = dw;
1149 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
1150 dw = CAMELLIA_RL8(dw);/* round 15 */
1151 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
1152 CamelliaSubkeyL(20) = dw;
1153 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
1154 dw = CAMELLIA_RL8(dw);/* round 16 */
1155 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
1156 CamelliaSubkeyL(21) = dw;
1157 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
1158 dw = CAMELLIA_RL8(dw);/* round 17 */
1159 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
1160 CamelliaSubkeyL(22) = dw;
1161 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
1162 dw = CAMELLIA_RL8(dw);/* round 18 */
1163 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
1164 CamelliaSubkeyL(23) = dw;
1165 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
1166 dw = CAMELLIA_RL8(dw);/* round 19 */
1167 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
1168 CamelliaSubkeyL(26) = dw;
1169 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
1170 dw = CAMELLIA_RL8(dw);/* round 20 */
1171 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
1172 CamelliaSubkeyL(27) = dw;
1173 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
1174 dw = CAMELLIA_RL8(dw);/* round 21 */
1175 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
1176 CamelliaSubkeyL(28) = dw;
1177 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
1178 dw = CAMELLIA_RL8(dw);/* round 22 */
1179 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
1180 CamelliaSubkeyL(29) = dw;
1181 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
1182 dw = CAMELLIA_RL8(dw);/* round 23 */
1183 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
1184 CamelliaSubkeyL(30) = dw;
1185 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
1186 dw = CAMELLIA_RL8(dw);/* round 24 */
1187 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
1188 CamelliaSubkeyL(31) = dw;
1189
1190
1191 return;
1192 }
1193
1194 void camellia_setup192(const u8 *key, u32 *subkey)
1195 {
1196 u8 kk[32];
1197 u32 krll, krlr, krrl,krrr;
1198
1199 memcpy(kk, key, 24);
1200 memcpy((u8 *)&krll, key+16,4);
1201 memcpy((u8 *)&krlr, key+20,4);
1202 krrl = ~krll;
1203 krrr = ~krlr;
1204 memcpy(kk+24, (u8 *)&krrl, 4);
1205 memcpy(kk+28, (u8 *)&krrr, 4);
1206 camellia_setup256(kk, subkey);
1207 return;
1208 }
1209
1210
1211 /**
1212 * Stuff related to camellia encryption/decryption
1213 */
1214 void camellia_encrypt128(const u32 *subkey, u32 *io)
1215 {
1216 u32 il, ir, t0, t1;
1217
1218 /* pre whitening but absorb kw2*/
1219 io[0] ^= CamelliaSubkeyL(0);
1220 io[1] ^= CamelliaSubkeyR(0);
1221 /* main iteration */
1222
1223 CAMELLIA_ROUNDSM(io[0],io[1],
1224 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1225 io[2],io[3],il,ir,t0,t1);
1226 CAMELLIA_ROUNDSM(io[2],io[3],
1227 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1228 io[0],io[1],il,ir,t0,t1);
1229 CAMELLIA_ROUNDSM(io[0],io[1],
1230 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1231 io[2],io[3],il,ir,t0,t1);
1232 CAMELLIA_ROUNDSM(io[2],io[3],
1233 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1234 io[0],io[1],il,ir,t0,t1);
1235 CAMELLIA_ROUNDSM(io[0],io[1],
1236 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1237 io[2],io[3],il,ir,t0,t1);
1238 CAMELLIA_ROUNDSM(io[2],io[3],
1239 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1240 io[0],io[1],il,ir,t0,t1);
1241
1242 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1243 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1244 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1245 t0,t1,il,ir);
1246
1247 CAMELLIA_ROUNDSM(io[0],io[1],
1248 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1249 io[2],io[3],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[2],io[3],
1251 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1252 io[0],io[1],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[0],io[1],
1254 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1255 io[2],io[3],il,ir,t0,t1);
1256 CAMELLIA_ROUNDSM(io[2],io[3],
1257 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1258 io[0],io[1],il,ir,t0,t1);
1259 CAMELLIA_ROUNDSM(io[0],io[1],
1260 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1261 io[2],io[3],il,ir,t0,t1);
1262 CAMELLIA_ROUNDSM(io[2],io[3],
1263 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1264 io[0],io[1],il,ir,t0,t1);
1265
1266 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1267 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1268 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1269 t0,t1,il,ir);
1270
1271 CAMELLIA_ROUNDSM(io[0],io[1],
1272 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1273 io[2],io[3],il,ir,t0,t1);
1274 CAMELLIA_ROUNDSM(io[2],io[3],
1275 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1276 io[0],io[1],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[0],io[1],
1278 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1279 io[2],io[3],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[2],io[3],
1281 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1282 io[0],io[1],il,ir,t0,t1);
1283 CAMELLIA_ROUNDSM(io[0],io[1],
1284 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1285 io[2],io[3],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[2],io[3],
1287 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1288 io[0],io[1],il,ir,t0,t1);
1289
1290 /* post whitening but kw4 */
1291 io[2] ^= CamelliaSubkeyL(24);
1292 io[3] ^= CamelliaSubkeyR(24);
1293
1294 t0 = io[0];
1295 t1 = io[1];
1296 io[0] = io[2];
1297 io[1] = io[3];
1298 io[2] = t0;
1299 io[3] = t1;
1300
1301 return;
1302 }
1303
1304 void camellia_decrypt128(const u32 *subkey, u32 *io)
1305 {
1306 u32 il,ir,t0,t1; /* temporary valiables */
1307
1308 /* pre whitening but absorb kw2*/
1309 io[0] ^= CamelliaSubkeyL(24);
1310 io[1] ^= CamelliaSubkeyR(24);
1311
1312 /* main iteration */
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1318 io[0],io[1],il,ir,t0,t1);
1319 CAMELLIA_ROUNDSM(io[0],io[1],
1320 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1321 io[2],io[3],il,ir,t0,t1);
1322 CAMELLIA_ROUNDSM(io[2],io[3],
1323 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1324 io[0],io[1],il,ir,t0,t1);
1325 CAMELLIA_ROUNDSM(io[0],io[1],
1326 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
1329 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1330 io[0],io[1],il,ir,t0,t1);
1331
1332 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1333 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1334 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1335 t0,t1,il,ir);
1336
1337 CAMELLIA_ROUNDSM(io[0],io[1],
1338 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1339 io[2],io[3],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[2],io[3],
1341 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1342 io[0],io[1],il,ir,t0,t1);
1343 CAMELLIA_ROUNDSM(io[0],io[1],
1344 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1345 io[2],io[3],il,ir,t0,t1);
1346 CAMELLIA_ROUNDSM(io[2],io[3],
1347 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1348 io[0],io[1],il,ir,t0,t1);
1349 CAMELLIA_ROUNDSM(io[0],io[1],
1350 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1351 io[2],io[3],il,ir,t0,t1);
1352 CAMELLIA_ROUNDSM(io[2],io[3],
1353 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1354 io[0],io[1],il,ir,t0,t1);
1355
1356 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1357 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1358 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1359 t0,t1,il,ir);
1360
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1366 io[0],io[1],il,ir,t0,t1);
1367 CAMELLIA_ROUNDSM(io[0],io[1],
1368 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1369 io[2],io[3],il,ir,t0,t1);
1370 CAMELLIA_ROUNDSM(io[2],io[3],
1371 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1372 io[0],io[1],il,ir,t0,t1);
1373 CAMELLIA_ROUNDSM(io[0],io[1],
1374 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1375 io[2],io[3],il,ir,t0,t1);
1376 CAMELLIA_ROUNDSM(io[2],io[3],
1377 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1378 io[0],io[1],il,ir,t0,t1);
1379
1380 /* post whitening but kw4 */
1381 io[2] ^= CamelliaSubkeyL(0);
1382 io[3] ^= CamelliaSubkeyR(0);
1383
1384 t0 = io[0];
1385 t1 = io[1];
1386 io[0] = io[2];
1387 io[1] = io[3];
1388 io[2] = t0;
1389 io[3] = t1;
1390
1391 return;
1392 }
1393
1394 /**
1395 * stuff for 192 and 256bit encryption/decryption
1396 */
1397 void camellia_encrypt256(const u32 *subkey, u32 *io)
1398 {
1399 u32 il,ir,t0,t1; /* temporary valiables */
1400
1401 /* pre whitening but absorb kw2*/
1402 io[0] ^= CamelliaSubkeyL(0);
1403 io[1] ^= CamelliaSubkeyR(0);
1404
1405 /* main iteration */
1406 CAMELLIA_ROUNDSM(io[0],io[1],
1407 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1408 io[2],io[3],il,ir,t0,t1);
1409 CAMELLIA_ROUNDSM(io[2],io[3],
1410 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1411 io[0],io[1],il,ir,t0,t1);
1412 CAMELLIA_ROUNDSM(io[0],io[1],
1413 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1414 io[2],io[3],il,ir,t0,t1);
1415 CAMELLIA_ROUNDSM(io[2],io[3],
1416 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1417 io[0],io[1],il,ir,t0,t1);
1418 CAMELLIA_ROUNDSM(io[0],io[1],
1419 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1420 io[2],io[3],il,ir,t0,t1);
1421 CAMELLIA_ROUNDSM(io[2],io[3],
1422 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1423 io[0],io[1],il,ir,t0,t1);
1424
1425 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1426 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1427 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1428 t0,t1,il,ir);
1429
1430 CAMELLIA_ROUNDSM(io[0],io[1],
1431 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1432 io[2],io[3],il,ir,t0,t1);
1433 CAMELLIA_ROUNDSM(io[2],io[3],
1434 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1435 io[0],io[1],il,ir,t0,t1);
1436 CAMELLIA_ROUNDSM(io[0],io[1],
1437 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1438 io[2],io[3],il,ir,t0,t1);
1439 CAMELLIA_ROUNDSM(io[2],io[3],
1440 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1441 io[0],io[1],il,ir,t0,t1);
1442 CAMELLIA_ROUNDSM(io[0],io[1],
1443 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1444 io[2],io[3],il,ir,t0,t1);
1445 CAMELLIA_ROUNDSM(io[2],io[3],
1446 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1447 io[0],io[1],il,ir,t0,t1);
1448
1449 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1450 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1451 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1452 t0,t1,il,ir);
1453
1454 CAMELLIA_ROUNDSM(io[0],io[1],
1455 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1456 io[2],io[3],il,ir,t0,t1);
1457 CAMELLIA_ROUNDSM(io[2],io[3],
1458 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1459 io[0],io[1],il,ir,t0,t1);
1460 CAMELLIA_ROUNDSM(io[0],io[1],
1461 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1462 io[2],io[3],il,ir,t0,t1);
1463 CAMELLIA_ROUNDSM(io[2],io[3],
1464 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1465 io[0],io[1],il,ir,t0,t1);
1466 CAMELLIA_ROUNDSM(io[0],io[1],
1467 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1468 io[2],io[3],il,ir,t0,t1);
1469 CAMELLIA_ROUNDSM(io[2],io[3],
1470 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1471 io[0],io[1],il,ir,t0,t1);
1472
1473 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1474 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1475 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1476 t0,t1,il,ir);
1477
1478 CAMELLIA_ROUNDSM(io[0],io[1],
1479 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1480 io[2],io[3],il,ir,t0,t1);
1481 CAMELLIA_ROUNDSM(io[2],io[3],
1482 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1483 io[0],io[1],il,ir,t0,t1);
1484 CAMELLIA_ROUNDSM(io[0],io[1],
1485 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1486 io[2],io[3],il,ir,t0,t1);
1487 CAMELLIA_ROUNDSM(io[2],io[3],
1488 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1489 io[0],io[1],il,ir,t0,t1);
1490 CAMELLIA_ROUNDSM(io[0],io[1],
1491 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1492 io[2],io[3],il,ir,t0,t1);
1493 CAMELLIA_ROUNDSM(io[2],io[3],
1494 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1495 io[0],io[1],il,ir,t0,t1);
1496
1497 /* post whitening but kw4 */
1498 io[2] ^= CamelliaSubkeyL(32);
1499 io[3] ^= CamelliaSubkeyR(32);
1500
1501 t0 = io[0];
1502 t1 = io[1];
1503 io[0] = io[2];
1504 io[1] = io[3];
1505 io[2] = t0;
1506 io[3] = t1;
1507
1508 return;
1509 }
1510
1511 void camellia_decrypt256(const u32 *subkey, u32 *io)
1512 {
1513 u32 il,ir,t0,t1; /* temporary valiables */
1514
1515 /* pre whitening but absorb kw2*/
1516 io[0] ^= CamelliaSubkeyL(32);
1517 io[1] ^= CamelliaSubkeyR(32);
1518
1519 /* main iteration */
1520 CAMELLIA_ROUNDSM(io[0],io[1],
1521 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1522 io[2],io[3],il,ir,t0,t1);
1523 CAMELLIA_ROUNDSM(io[2],io[3],
1524 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1525 io[0],io[1],il,ir,t0,t1);
1526 CAMELLIA_ROUNDSM(io[0],io[1],
1527 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1528 io[2],io[3],il,ir,t0,t1);
1529 CAMELLIA_ROUNDSM(io[2],io[3],
1530 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1531 io[0],io[1],il,ir,t0,t1);
1532 CAMELLIA_ROUNDSM(io[0],io[1],
1533 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1534 io[2],io[3],il,ir,t0,t1);
1535 CAMELLIA_ROUNDSM(io[2],io[3],
1536 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1537 io[0],io[1],il,ir,t0,t1);
1538
1539 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1540 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1541 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1542 t0,t1,il,ir);
1543
1544 CAMELLIA_ROUNDSM(io[0],io[1],
1545 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1546 io[2],io[3],il,ir,t0,t1);
1547 CAMELLIA_ROUNDSM(io[2],io[3],
1548 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1549 io[0],io[1],il,ir,t0,t1);
1550 CAMELLIA_ROUNDSM(io[0],io[1],
1551 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1552 io[2],io[3],il,ir,t0,t1);
1553 CAMELLIA_ROUNDSM(io[2],io[3],
1554 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1555 io[0],io[1],il,ir,t0,t1);
1556 CAMELLIA_ROUNDSM(io[0],io[1],
1557 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1558 io[2],io[3],il,ir,t0,t1);
1559 CAMELLIA_ROUNDSM(io[2],io[3],
1560 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1561 io[0],io[1],il,ir,t0,t1);
1562
1563 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1564 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1565 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1566 t0,t1,il,ir);
1567
1568 CAMELLIA_ROUNDSM(io[0],io[1],
1569 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1570 io[2],io[3],il,ir,t0,t1);
1571 CAMELLIA_ROUNDSM(io[2],io[3],
1572 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1573 io[0],io[1],il,ir,t0,t1);
1574 CAMELLIA_ROUNDSM(io[0],io[1],
1575 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1576 io[2],io[3],il,ir,t0,t1);
1577 CAMELLIA_ROUNDSM(io[2],io[3],
1578 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1579 io[0],io[1],il,ir,t0,t1);
1580 CAMELLIA_ROUNDSM(io[0],io[1],
1581 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1582 io[2],io[3],il,ir,t0,t1);
1583 CAMELLIA_ROUNDSM(io[2],io[3],
1584 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1585 io[0],io[1],il,ir,t0,t1);
1586
1587 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1588 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1589 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1590 t0,t1,il,ir);
1591
1592 CAMELLIA_ROUNDSM(io[0],io[1],
1593 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1594 io[2],io[3],il,ir,t0,t1);
1595 CAMELLIA_ROUNDSM(io[2],io[3],
1596 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1597 io[0],io[1],il,ir,t0,t1);
1598 CAMELLIA_ROUNDSM(io[0],io[1],
1599 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1600 io[2],io[3],il,ir,t0,t1);
1601 CAMELLIA_ROUNDSM(io[2],io[3],
1602 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1603 io[0],io[1],il,ir,t0,t1);
1604 CAMELLIA_ROUNDSM(io[0],io[1],
1605 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1606 io[2],io[3],il,ir,t0,t1);
1607 CAMELLIA_ROUNDSM(io[2],io[3],
1608 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1609 io[0],io[1],il,ir,t0,t1);
1610
1611 /* post whitening but kw4 */
1612 io[2] ^= CamelliaSubkeyL(0);
1613 io[3] ^= CamelliaSubkeyR(0);
1614
1615 t0 = io[0];
1616 t1 = io[1];
1617 io[0] = io[2];
1618 io[1] = io[3];
1619 io[2] = t0;
1620 io[3] = t1;
1621
1622 return;
1623 }
1624
OLDNEW
« no previous file with comments | « openssl/crypto/camellia/camellia.h ('k') | openssl/crypto/camellia/cmll_cbc.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698