Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/freebl/camellia.c

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/freebl/camellia.h ('k') | mozilla/security/nss/lib/freebl/ctr.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 /*
6 * $Id: camellia.c,v 1.5 2012/04/25 14:49:43 gerv%gerv.net Exp $
7 */
8
9 #ifdef FREEBL_NO_DEPEND
10 #include "stubs.h"
11 #endif
12
13 #include "prinit.h"
14 #include "prerr.h"
15 #include "secerr.h"
16
17 #include "prtypes.h"
18 #include "blapi.h"
19 #include "camellia.h"
20 #include "sha_fast.h" /* for SHA_HTONL and related configuration macros */
21
22
23 /* key constants */
24
25 #define CAMELLIA_SIGMA1L (0xA09E667FL)
26 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
27 #define CAMELLIA_SIGMA2L (0xB67AE858L)
28 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
29 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
30 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
31 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
32 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
33 #define CAMELLIA_SIGMA5L (0x10E527FAL)
34 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
35 #define CAMELLIA_SIGMA6L (0xB05688C2L)
36 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
37
38 /*
39 * macros
40 */
41
42
43 #if defined(SHA_ALLOW_UNALIGNED_ACCESS)
44
45 /* require a CPU that allows unaligned access */
46
47 #if defined(SHA_NEED_TMP_VARIABLE)
48 #define CAMELLIA_NEED_TMP_VARIABLE 1
49 #endif
50
51 # define GETU32(p) SHA_HTONL(*((PRUint32 *)(p)))
52 # define PUTU32(ct, st) {*((PRUint32 *)(ct)) = SHA_HTONL(st);}
53
54 #else /* no unaligned access */
55
56 # define GETU32(pt) \
57 (((PRUint32)(pt)[0] << 24) \
58 ^ ((PRUint32)(pt)[1] << 16) \
59 ^ ((PRUint32)(pt)[2] << 8) \
60 ^ ((PRUint32)(pt)[3]))
61
62 # define PUTU32(ct, st) { \
63 (ct)[0] = (PRUint8)((st) >> 24); \
64 (ct)[1] = (PRUint8)((st) >> 16); \
65 (ct)[2] = (PRUint8)((st) >> 8); \
66 (ct)[3] = (PRUint8)(st); }
67
68 #endif
69
70 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
71 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
72
73 /* rotation right shift 1byte */
74 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
75 /* rotation left shift 1bit */
76 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
77 /* rotation left shift 1byte */
78 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
79
80 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
81 do { \
82 w0 = ll; \
83 ll = (ll << bits) + (lr >> (32 - bits)); \
84 lr = (lr << bits) + (rl >> (32 - bits)); \
85 rl = (rl << bits) + (rr >> (32 - bits)); \
86 rr = (rr << bits) + (w0 >> (32 - bits)); \
87 } while(0)
88
89 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
90 do { \
91 w0 = ll; \
92 w1 = lr; \
93 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
94 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
95 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
96 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
97 } while(0)
98
99 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
100 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
101 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
102 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
103
104 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
105 do { \
106 il = xl ^ kl; \
107 ir = xr ^ kr; \
108 t0 = il >> 16; \
109 t1 = ir >> 16; \
110 yl = CAMELLIA_SP1110(ir & 0xff) \
111 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
112 ^ CAMELLIA_SP3033(t1 & 0xff) \
113 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
114 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
115 ^ CAMELLIA_SP0222(t0 & 0xff) \
116 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
117 ^ CAMELLIA_SP4404(il & 0xff); \
118 yl ^= yr; \
119 yr = CAMELLIA_RR8(yr); \
120 yr ^= yl; \
121 } while(0)
122
123
124 /*
125 * for speed up
126 *
127 */
128 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
129 do { \
130 t0 = kll; \
131 t0 &= ll; \
132 lr ^= CAMELLIA_RL1(t0); \
133 t1 = klr; \
134 t1 |= lr; \
135 ll ^= t1; \
136 \
137 t2 = krr; \
138 t2 |= rr; \
139 rl ^= t2; \
140 t3 = krl; \
141 t3 &= rl; \
142 rr ^= CAMELLIA_RL1(t3); \
143 } while(0)
144
145 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
146 do { \
147 ir = CAMELLIA_SP1110(xr & 0xff) \
148 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
149 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
150 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
151 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
152 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
153 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
154 ^ CAMELLIA_SP4404(xl & 0xff); \
155 il ^= kl; \
156 ir ^= kr; \
157 ir ^= il; \
158 il = CAMELLIA_RR8(il); \
159 il ^= ir; \
160 yl ^= ir; \
161 yr ^= il; \
162 } while(0)
163
164
165 static const PRUint32 camellia_sp1110[256] = {
166 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
167 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
168 0xe4e4e400,0x85858500,0x57575700,0x35353500,
169 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
170 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
171 0x45454500,0x19191900,0xa5a5a500,0x21212100,
172 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
173 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
174 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
175 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
176 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
177 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
178 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
179 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
180 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
181 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
182 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
183 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
184 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
185 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
186 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
187 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
188 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
189 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
190 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
191 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
192 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
193 0x53535300,0x18181800,0xf2f2f200,0x22222200,
194 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
195 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
196 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
197 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
198 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
199 0xa1a1a100,0x89898900,0x62626200,0x97979700,
200 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
201 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
202 0x10101000,0xc4c4c400,0x00000000,0x48484800,
203 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
204 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
205 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
206 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
207 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
208 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
209 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
210 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
211 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
212 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
213 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
214 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
215 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
216 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
217 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
218 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
219 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
220 0xd4d4d400,0x25252500,0xababab00,0x42424200,
221 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
222 0x72727200,0x07070700,0xb9b9b900,0x55555500,
223 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
224 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
225 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
226 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
227 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
228 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
229 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
230 };
231
232 static const PRUint32 camellia_sp0222[256] = {
233 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
234 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
235 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
236 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
237 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
238 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
239 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
240 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
241 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
242 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
243 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
244 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
245 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
246 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
247 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
248 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
249 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
250 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
251 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
252 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
253 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
254 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
255 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
256 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
257 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
258 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
259 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
260 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
261 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
262 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
263 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
264 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
265 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
266 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
267 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
268 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
269 0x00202020,0x00898989,0x00000000,0x00909090,
270 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
271 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
272 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
273 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
274 0x009b9b9b,0x00949494,0x00212121,0x00666666,
275 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
276 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
277 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
278 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
279 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
280 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
281 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
282 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
283 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
284 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
285 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
286 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
287 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
288 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
289 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
290 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
291 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
292 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
293 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
294 0x00777777,0x00939393,0x00868686,0x00838383,
295 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
296 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
297 };
298
299 static const PRUint32 camellia_sp3033[256] = {
300 0x38003838,0x41004141,0x16001616,0x76007676,
301 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
302 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
303 0x75007575,0x06000606,0x57005757,0xa000a0a0,
304 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
305 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
306 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
307 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
308 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
309 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
310 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
311 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
312 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
313 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
314 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
315 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
316 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
317 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
318 0x3a003a3a,0x09000909,0x95009595,0x10001010,
319 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
320 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
321 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
322 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
323 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
324 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
325 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
326 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
327 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
328 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
329 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
330 0x12001212,0x04000404,0x74007474,0x54005454,
331 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
332 0x55005555,0x68006868,0x50005050,0xbe00bebe,
333 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
334 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
335 0x70007070,0xff00ffff,0x32003232,0x69006969,
336 0x08000808,0x62006262,0x00000000,0x24002424,
337 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
338 0x45004545,0x81008181,0x73007373,0x6d006d6d,
339 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
340 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
341 0xe600e6e6,0x25002525,0x48004848,0x99009999,
342 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
343 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
344 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
345 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
346 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
347 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
348 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
349 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
350 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
351 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
352 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
353 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
354 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
355 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
356 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
357 0x7c007c7c,0x77007777,0x56005656,0x05000505,
358 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
359 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
360 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
361 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
362 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
363 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
364 };
365
366 static const PRUint32 camellia_sp4404[256] = {
367 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
368 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
369 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
370 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
371 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
372 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
373 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
374 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
375 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
376 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
377 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
378 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
379 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
380 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
381 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
382 0x24240024,0xe8e800e8,0x60600060,0x69690069,
383 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
384 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
385 0x10100010,0x00000000,0xa3a300a3,0x75750075,
386 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
387 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
388 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
389 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
390 0x81810081,0x6f6f006f,0x13130013,0x63630063,
391 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
392 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
393 0x78780078,0x06060006,0xe7e700e7,0x71710071,
394 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
395 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
396 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
397 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
398 0x15150015,0xadad00ad,0x77770077,0x80800080,
399 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
400 0x85850085,0x35350035,0x0c0c000c,0x41410041,
401 0xefef00ef,0x93930093,0x19190019,0x21210021,
402 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
403 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
404 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
405 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
406 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
407 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
408 0x12120012,0x20200020,0xb1b100b1,0x99990099,
409 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
410 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
411 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
412 0x0f0f000f,0x16160016,0x18180018,0x22220022,
413 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
414 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
415 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
416 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
417 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
418 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
419 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
420 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
421 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
422 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
423 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
424 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
425 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
426 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
427 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
428 0x49490049,0x68680068,0x38380038,0xa4a400a4,
429 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
430 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
431 };
432
433
434 /**
435 * Stuff related to the Camellia key schedule
436 */
437 #define subl(x) subL[(x)]
438 #define subr(x) subR[(x)]
439
440 void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
441 {
442 PRUint32 kll, klr, krl, krr;
443 PRUint32 il, ir, t0, t1, w0, w1;
444 PRUint32 kw4l, kw4r, dw, tl, tr;
445 PRUint32 subL[26];
446 PRUint32 subR[26];
447 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
448 PRUint32 tmp;
449 #endif
450
451 /**
452 * k == kll || klr || krl || krr (|| is concatination)
453 */
454 kll = GETU32(key );
455 klr = GETU32(key + 4);
456 krl = GETU32(key + 8);
457 krr = GETU32(key + 12);
458 /**
459 * generate KL dependent subkeys
460 */
461 subl(0) = kll; subr(0) = klr;
462 subl(1) = krl; subr(1) = krr;
463 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
464 subl(4) = kll; subr(4) = klr;
465 subl(5) = krl; subr(5) = krr;
466 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
467 subl(10) = kll; subr(10) = klr;
468 subl(11) = krl; subr(11) = krr;
469 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
470 subl(13) = krl; subr(13) = krr;
471 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
472 subl(16) = kll; subr(16) = klr;
473 subl(17) = krl; subr(17) = krr;
474 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
475 subl(18) = kll; subr(18) = klr;
476 subl(19) = krl; subr(19) = krr;
477 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
478 subl(22) = kll; subr(22) = klr;
479 subl(23) = krl; subr(23) = krr;
480
481 /* generate KA */
482 kll = subl(0); klr = subr(0);
483 krl = subl(1); krr = subr(1);
484 CAMELLIA_F(kll, klr,
485 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
486 w0, w1, il, ir, t0, t1);
487 krl ^= w0; krr ^= w1;
488 CAMELLIA_F(krl, krr,
489 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
490 kll, klr, il, ir, t0, t1);
491 CAMELLIA_F(kll, klr,
492 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
493 krl, krr, il, ir, t0, t1);
494 krl ^= w0; krr ^= w1;
495 CAMELLIA_F(krl, krr,
496 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
497 w0, w1, il, ir, t0, t1);
498 kll ^= w0; klr ^= w1;
499
500 /* generate KA dependent subkeys */
501 subl(2) = kll; subr(2) = klr;
502 subl(3) = krl; subr(3) = krr;
503 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
504 subl(6) = kll; subr(6) = klr;
505 subl(7) = krl; subr(7) = krr;
506 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
507 subl(8) = kll; subr(8) = klr;
508 subl(9) = krl; subr(9) = krr;
509 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
510 subl(12) = kll; subr(12) = klr;
511 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
512 subl(14) = kll; subr(14) = klr;
513 subl(15) = krl; subr(15) = krr;
514 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
515 subl(20) = kll; subr(20) = klr;
516 subl(21) = krl; subr(21) = krr;
517 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
518 subl(24) = kll; subr(24) = klr;
519 subl(25) = krl; subr(25) = krr;
520
521
522 /* absorb kw2 to other subkeys */
523 subl(3) ^= subl(1); subr(3) ^= subr(1);
524 subl(5) ^= subl(1); subr(5) ^= subr(1);
525 subl(7) ^= subl(1); subr(7) ^= subr(1);
526 subl(1) ^= subr(1) & ~subr(9);
527 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
528 subl(11) ^= subl(1); subr(11) ^= subr(1);
529 subl(13) ^= subl(1); subr(13) ^= subr(1);
530 subl(15) ^= subl(1); subr(15) ^= subr(1);
531 subl(1) ^= subr(1) & ~subr(17);
532 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
533 subl(19) ^= subl(1); subr(19) ^= subr(1);
534 subl(21) ^= subl(1); subr(21) ^= subr(1);
535 subl(23) ^= subl(1); subr(23) ^= subr(1);
536 subl(24) ^= subl(1); subr(24) ^= subr(1);
537
538 /* absorb kw4 to other subkeys */
539 kw4l = subl(25); kw4r = subr(25);
540 subl(22) ^= kw4l; subr(22) ^= kw4r;
541 subl(20) ^= kw4l; subr(20) ^= kw4r;
542 subl(18) ^= kw4l; subr(18) ^= kw4r;
543 kw4l ^= kw4r & ~subr(16);
544 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
545 subl(14) ^= kw4l; subr(14) ^= kw4r;
546 subl(12) ^= kw4l; subr(12) ^= kw4r;
547 subl(10) ^= kw4l; subr(10) ^= kw4r;
548 kw4l ^= kw4r & ~subr(8);
549 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
550 subl(6) ^= kw4l; subr(6) ^= kw4r;
551 subl(4) ^= kw4l; subr(4) ^= kw4r;
552 subl(2) ^= kw4l; subr(2) ^= kw4r;
553 subl(0) ^= kw4l; subr(0) ^= kw4r;
554
555 /* key XOR is end of F-function */
556 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
557 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
558 CamelliaSubkeyL(2) = subl(3);
559 CamelliaSubkeyR(2) = subr(3);
560 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
561 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
562 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
563 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
564 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
565 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
566 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
567 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
568 tl = subl(10) ^ (subr(10) & ~subr(8));
569 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
570 CamelliaSubkeyL(7) = subl(6) ^ tl;
571 CamelliaSubkeyR(7) = subr(6) ^ tr;
572 CamelliaSubkeyL(8) = subl(8);
573 CamelliaSubkeyR(8) = subr(8);
574 CamelliaSubkeyL(9) = subl(9);
575 CamelliaSubkeyR(9) = subr(9);
576 tl = subl(7) ^ (subr(7) & ~subr(9));
577 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
578 CamelliaSubkeyL(10) = tl ^ subl(11);
579 CamelliaSubkeyR(10) = tr ^ subr(11);
580 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
581 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
582 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
583 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
584 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
585 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
586 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
587 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
588 tl = subl(18) ^ (subr(18) & ~subr(16));
589 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
590 CamelliaSubkeyL(15) = subl(14) ^ tl;
591 CamelliaSubkeyR(15) = subr(14) ^ tr;
592 CamelliaSubkeyL(16) = subl(16);
593 CamelliaSubkeyR(16) = subr(16);
594 CamelliaSubkeyL(17) = subl(17);
595 CamelliaSubkeyR(17) = subr(17);
596 tl = subl(15) ^ (subr(15) & ~subr(17));
597 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
598 CamelliaSubkeyL(18) = tl ^ subl(19);
599 CamelliaSubkeyR(18) = tr ^ subr(19);
600 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
601 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
602 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
603 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
604 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
605 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
606 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
607 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
608 CamelliaSubkeyL(23) = subl(22);
609 CamelliaSubkeyR(23) = subr(22);
610 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
611 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
612
613 /* apply the inverse of the last half of P-function */
614 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
615 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
616 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
617 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
618 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
619 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
620 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
621 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
622 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
623 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
624 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
625 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
626 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
627 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
628 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
629 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
630 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
631 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
632 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
633 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
634 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
635 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
636 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
637 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
638 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
639 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
640 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
641 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
642 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
643 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
644 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
645 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
646 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
647 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
648 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
649 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
650
651 return;
652 }
653
654 void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
655 {
656 PRUint32 kll,klr,krl,krr; /* left half of key */
657 PRUint32 krll,krlr,krrl,krrr; /* right half of key */
658 PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */
659 PRUint32 kw4l, kw4r, dw, tl, tr;
660 PRUint32 subL[34];
661 PRUint32 subR[34];
662 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
663 PRUint32 tmp;
664 #endif
665
666 /**
667 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
668 * (|| is concatination)
669 */
670
671 kll = GETU32(key );
672 klr = GETU32(key + 4);
673 krl = GETU32(key + 8);
674 krr = GETU32(key + 12);
675 krll = GETU32(key + 16);
676 krlr = GETU32(key + 20);
677 krrl = GETU32(key + 24);
678 krrr = GETU32(key + 28);
679
680 /* generate KL dependent subkeys */
681 subl(0) = kll; subr(0) = klr;
682 subl(1) = krl; subr(1) = krr;
683 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
684 subl(12) = kll; subr(12) = klr;
685 subl(13) = krl; subr(13) = krr;
686 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
687 subl(16) = kll; subr(16) = klr;
688 subl(17) = krl; subr(17) = krr;
689 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
690 subl(22) = kll; subr(22) = klr;
691 subl(23) = krl; subr(23) = krr;
692 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
693 subl(30) = kll; subr(30) = klr;
694 subl(31) = krl; subr(31) = krr;
695
696 /* generate KR dependent subkeys */
697 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
698 subl(4) = krll; subr(4) = krlr;
699 subl(5) = krrl; subr(5) = krrr;
700 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
701 subl(8) = krll; subr(8) = krlr;
702 subl(9) = krrl; subr(9) = krrr;
703 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
704 subl(18) = krll; subr(18) = krlr;
705 subl(19) = krrl; subr(19) = krrr;
706 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
707 subl(26) = krll; subr(26) = krlr;
708 subl(27) = krrl; subr(27) = krrr;
709 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
710
711 /* generate KA */
712 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
713 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
714 CAMELLIA_F(kll, klr,
715 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
716 w0, w1, il, ir, t0, t1);
717 krl ^= w0; krr ^= w1;
718 CAMELLIA_F(krl, krr,
719 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
720 kll, klr, il, ir, t0, t1);
721 kll ^= krll; klr ^= krlr;
722 CAMELLIA_F(kll, klr,
723 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
724 krl, krr, il, ir, t0, t1);
725 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
726 CAMELLIA_F(krl, krr,
727 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
728 w0, w1, il, ir, t0, t1);
729 kll ^= w0; klr ^= w1;
730
731 /* generate KB */
732 krll ^= kll; krlr ^= klr;
733 krrl ^= krl; krrr ^= krr;
734 CAMELLIA_F(krll, krlr,
735 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
736 w0, w1, il, ir, t0, t1);
737 krrl ^= w0; krrr ^= w1;
738 CAMELLIA_F(krrl, krrr,
739 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
740 w0, w1, il, ir, t0, t1);
741 krll ^= w0; krlr ^= w1;
742
743 /* generate KA dependent subkeys */
744 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
745 subl(6) = kll; subr(6) = klr;
746 subl(7) = krl; subr(7) = krr;
747 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
748 subl(14) = kll; subr(14) = klr;
749 subl(15) = krl; subr(15) = krr;
750 subl(24) = klr; subr(24) = krl;
751 subl(25) = krr; subr(25) = kll;
752 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
753 subl(28) = kll; subr(28) = klr;
754 subl(29) = krl; subr(29) = krr;
755
756 /* generate KB dependent subkeys */
757 subl(2) = krll; subr(2) = krlr;
758 subl(3) = krrl; subr(3) = krrr;
759 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
760 subl(10) = krll; subr(10) = krlr;
761 subl(11) = krrl; subr(11) = krrr;
762 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
763 subl(20) = krll; subr(20) = krlr;
764 subl(21) = krrl; subr(21) = krrr;
765 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
766 subl(32) = krll; subr(32) = krlr;
767 subl(33) = krrl; subr(33) = krrr;
768
769 /* absorb kw2 to other subkeys */
770 subl(3) ^= subl(1); subr(3) ^= subr(1);
771 subl(5) ^= subl(1); subr(5) ^= subr(1);
772 subl(7) ^= subl(1); subr(7) ^= subr(1);
773 subl(1) ^= subr(1) & ~subr(9);
774 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
775 subl(11) ^= subl(1); subr(11) ^= subr(1);
776 subl(13) ^= subl(1); subr(13) ^= subr(1);
777 subl(15) ^= subl(1); subr(15) ^= subr(1);
778 subl(1) ^= subr(1) & ~subr(17);
779 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
780 subl(19) ^= subl(1); subr(19) ^= subr(1);
781 subl(21) ^= subl(1); subr(21) ^= subr(1);
782 subl(23) ^= subl(1); subr(23) ^= subr(1);
783 subl(1) ^= subr(1) & ~subr(25);
784 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
785 subl(27) ^= subl(1); subr(27) ^= subr(1);
786 subl(29) ^= subl(1); subr(29) ^= subr(1);
787 subl(31) ^= subl(1); subr(31) ^= subr(1);
788 subl(32) ^= subl(1); subr(32) ^= subr(1);
789
790 /* absorb kw4 to other subkeys */
791 kw4l = subl(33); kw4r = subr(33);
792 subl(30) ^= kw4l; subr(30) ^= kw4r;
793 subl(28) ^= kw4l; subr(28) ^= kw4r;
794 subl(26) ^= kw4l; subr(26) ^= kw4r;
795 kw4l ^= kw4r & ~subr(24);
796 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
797 subl(22) ^= kw4l; subr(22) ^= kw4r;
798 subl(20) ^= kw4l; subr(20) ^= kw4r;
799 subl(18) ^= kw4l; subr(18) ^= kw4r;
800 kw4l ^= kw4r & ~subr(16);
801 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
802 subl(14) ^= kw4l; subr(14) ^= kw4r;
803 subl(12) ^= kw4l; subr(12) ^= kw4r;
804 subl(10) ^= kw4l; subr(10) ^= kw4r;
805 kw4l ^= kw4r & ~subr(8);
806 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
807 subl(6) ^= kw4l; subr(6) ^= kw4r;
808 subl(4) ^= kw4l; subr(4) ^= kw4r;
809 subl(2) ^= kw4l; subr(2) ^= kw4r;
810 subl(0) ^= kw4l; subr(0) ^= kw4r;
811
812 /* key XOR is end of F-function */
813 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
814 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
815 CamelliaSubkeyL(2) = subl(3);
816 CamelliaSubkeyR(2) = subr(3);
817 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
818 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
819 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
820 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
821 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
822 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
823 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
824 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
825 tl = subl(10) ^ (subr(10) & ~subr(8));
826 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
827 CamelliaSubkeyL(7) = subl(6) ^ tl;
828 CamelliaSubkeyR(7) = subr(6) ^ tr;
829 CamelliaSubkeyL(8) = subl(8);
830 CamelliaSubkeyR(8) = subr(8);
831 CamelliaSubkeyL(9) = subl(9);
832 CamelliaSubkeyR(9) = subr(9);
833 tl = subl(7) ^ (subr(7) & ~subr(9));
834 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
835 CamelliaSubkeyL(10) = tl ^ subl(11);
836 CamelliaSubkeyR(10) = tr ^ subr(11);
837 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
838 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
839 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
840 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
841 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
842 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
843 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
844 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
845 tl = subl(18) ^ (subr(18) & ~subr(16));
846 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
847 CamelliaSubkeyL(15) = subl(14) ^ tl;
848 CamelliaSubkeyR(15) = subr(14) ^ tr;
849 CamelliaSubkeyL(16) = subl(16);
850 CamelliaSubkeyR(16) = subr(16);
851 CamelliaSubkeyL(17) = subl(17);
852 CamelliaSubkeyR(17) = subr(17);
853 tl = subl(15) ^ (subr(15) & ~subr(17));
854 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
855 CamelliaSubkeyL(18) = tl ^ subl(19);
856 CamelliaSubkeyR(18) = tr ^ subr(19);
857 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
858 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
859 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
860 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
861 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
862 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
863 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
864 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
865 tl = subl(26) ^ (subr(26) & ~subr(24));
866 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
867 CamelliaSubkeyL(23) = subl(22) ^ tl;
868 CamelliaSubkeyR(23) = subr(22) ^ tr;
869 CamelliaSubkeyL(24) = subl(24);
870 CamelliaSubkeyR(24) = subr(24);
871 CamelliaSubkeyL(25) = subl(25);
872 CamelliaSubkeyR(25) = subr(25);
873 tl = subl(23) ^ (subr(23) & ~subr(25));
874 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
875 CamelliaSubkeyL(26) = tl ^ subl(27);
876 CamelliaSubkeyR(26) = tr ^ subr(27);
877 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
878 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
879 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
880 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
881 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
882 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
883 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
884 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
885 CamelliaSubkeyL(31) = subl(30);
886 CamelliaSubkeyR(31) = subr(30);
887 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
888 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
889
890 /* apply the inverse of the last half of P-function */
891 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
892 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
893 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
894 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
895 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
896 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
897 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
898 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
899 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
900 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
901 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
902 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
903 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
904 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
905 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
906 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
907 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
908 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
909 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
910 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
911 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
912 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
913 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
914 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
915 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
916 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
917 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
918 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
919 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
920 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
921 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
922 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
923 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
924 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
925 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
926 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
927 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
928 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
929 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
930 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
931 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
932 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
933 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
934 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
935 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
936 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
937 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
938 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
939
940 return;
941 }
942
943 void camellia_setup192(const unsigned char *key, PRUint32 *subkey)
944 {
945 unsigned char kk[32];
946 PRUint32 krll, krlr, krrl,krrr;
947
948 memcpy(kk, key, 24);
949 memcpy((unsigned char *)&krll, key+16,4);
950 memcpy((unsigned char *)&krlr, key+20,4);
951 krrl = ~krll;
952 krrr = ~krlr;
953 memcpy(kk+24, (unsigned char *)&krrl, 4);
954 memcpy(kk+28, (unsigned char *)&krrr, 4);
955 camellia_setup256(kk, subkey);
956 return;
957 }
958
959
960 /**
961 * Stuff related to camellia encryption/decryption
962 *
963 */
964 SECStatus
965 camellia_encrypt128(const PRUint32 *subkey,
966 unsigned char *output,
967 const unsigned char *input)
968 {
969 PRUint32 il, ir, t0, t1;
970 PRUint32 io[4];
971 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
972 PRUint32 tmp;
973 #endif
974
975 io[0] = GETU32(input);
976 io[1] = GETU32(input+4);
977 io[2] = GETU32(input+8);
978 io[3] = GETU32(input+12);
979
980 /* pre whitening but absorb kw2*/
981 io[0] ^= CamelliaSubkeyL(0);
982 io[1] ^= CamelliaSubkeyR(0);
983 /* main iteration */
984
985 CAMELLIA_ROUNDSM(io[0],io[1],
986 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
987 io[2],io[3],il,ir,t0,t1);
988 CAMELLIA_ROUNDSM(io[2],io[3],
989 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
990 io[0],io[1],il,ir,t0,t1);
991 CAMELLIA_ROUNDSM(io[0],io[1],
992 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
993 io[2],io[3],il,ir,t0,t1);
994 CAMELLIA_ROUNDSM(io[2],io[3],
995 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
996 io[0],io[1],il,ir,t0,t1);
997 CAMELLIA_ROUNDSM(io[0],io[1],
998 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
999 io[2],io[3],il,ir,t0,t1);
1000 CAMELLIA_ROUNDSM(io[2],io[3],
1001 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1002 io[0],io[1],il,ir,t0,t1);
1003
1004 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1005 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1006 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1007 t0,t1,il,ir);
1008
1009 CAMELLIA_ROUNDSM(io[0],io[1],
1010 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1011 io[2],io[3],il,ir,t0,t1);
1012 CAMELLIA_ROUNDSM(io[2],io[3],
1013 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1014 io[0],io[1],il,ir,t0,t1);
1015 CAMELLIA_ROUNDSM(io[0],io[1],
1016 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1017 io[2],io[3],il,ir,t0,t1);
1018 CAMELLIA_ROUNDSM(io[2],io[3],
1019 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1020 io[0],io[1],il,ir,t0,t1);
1021 CAMELLIA_ROUNDSM(io[0],io[1],
1022 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1023 io[2],io[3],il,ir,t0,t1);
1024 CAMELLIA_ROUNDSM(io[2],io[3],
1025 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1026 io[0],io[1],il,ir,t0,t1);
1027
1028 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1029 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1030 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1031 t0,t1,il,ir);
1032
1033 CAMELLIA_ROUNDSM(io[0],io[1],
1034 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1035 io[2],io[3],il,ir,t0,t1);
1036 CAMELLIA_ROUNDSM(io[2],io[3],
1037 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1038 io[0],io[1],il,ir,t0,t1);
1039 CAMELLIA_ROUNDSM(io[0],io[1],
1040 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1041 io[2],io[3],il,ir,t0,t1);
1042 CAMELLIA_ROUNDSM(io[2],io[3],
1043 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1044 io[0],io[1],il,ir,t0,t1);
1045 CAMELLIA_ROUNDSM(io[0],io[1],
1046 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1047 io[2],io[3],il,ir,t0,t1);
1048 CAMELLIA_ROUNDSM(io[2],io[3],
1049 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1050 io[0],io[1],il,ir,t0,t1);
1051
1052 /* post whitening but kw4 */
1053 io[2] ^= CamelliaSubkeyL(24);
1054 io[3] ^= CamelliaSubkeyR(24);
1055
1056 t0 = io[0];
1057 t1 = io[1];
1058 io[0] = io[2];
1059 io[1] = io[3];
1060 io[2] = t0;
1061 io[3] = t1;
1062
1063 PUTU32(output, io[0]);
1064 PUTU32(output+4, io[1]);
1065 PUTU32(output+8, io[2]);
1066 PUTU32(output+12, io[3]);
1067
1068 return SECSuccess;
1069 }
1070
1071 SECStatus
1072 camellia_decrypt128(const PRUint32 *subkey,
1073 unsigned char *output,
1074 const unsigned char *input)
1075 {
1076 PRUint32 il,ir,t0,t1; /* temporary valiables */
1077 PRUint32 io[4];
1078 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
1079 PRUint32 tmp;
1080 #endif
1081
1082 io[0] = GETU32(input);
1083 io[1] = GETU32(input+4);
1084 io[2] = GETU32(input+8);
1085 io[3] = GETU32(input+12);
1086
1087 /* pre whitening but absorb kw2*/
1088 io[0] ^= CamelliaSubkeyL(24);
1089 io[1] ^= CamelliaSubkeyR(24);
1090
1091 /* main iteration */
1092 CAMELLIA_ROUNDSM(io[0],io[1],
1093 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1094 io[2],io[3],il,ir,t0,t1);
1095 CAMELLIA_ROUNDSM(io[2],io[3],
1096 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1097 io[0],io[1],il,ir,t0,t1);
1098 CAMELLIA_ROUNDSM(io[0],io[1],
1099 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1100 io[2],io[3],il,ir,t0,t1);
1101 CAMELLIA_ROUNDSM(io[2],io[3],
1102 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1103 io[0],io[1],il,ir,t0,t1);
1104 CAMELLIA_ROUNDSM(io[0],io[1],
1105 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1106 io[2],io[3],il,ir,t0,t1);
1107 CAMELLIA_ROUNDSM(io[2],io[3],
1108 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1109 io[0],io[1],il,ir,t0,t1);
1110
1111 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1112 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1113 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1114 t0,t1,il,ir);
1115
1116 CAMELLIA_ROUNDSM(io[0],io[1],
1117 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1118 io[2],io[3],il,ir,t0,t1);
1119 CAMELLIA_ROUNDSM(io[2],io[3],
1120 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1121 io[0],io[1],il,ir,t0,t1);
1122 CAMELLIA_ROUNDSM(io[0],io[1],
1123 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1124 io[2],io[3],il,ir,t0,t1);
1125 CAMELLIA_ROUNDSM(io[2],io[3],
1126 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1127 io[0],io[1],il,ir,t0,t1);
1128 CAMELLIA_ROUNDSM(io[0],io[1],
1129 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1130 io[2],io[3],il,ir,t0,t1);
1131 CAMELLIA_ROUNDSM(io[2],io[3],
1132 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1133 io[0],io[1],il,ir,t0,t1);
1134
1135 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1136 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1137 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1138 t0,t1,il,ir);
1139
1140 CAMELLIA_ROUNDSM(io[0],io[1],
1141 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1142 io[2],io[3],il,ir,t0,t1);
1143 CAMELLIA_ROUNDSM(io[2],io[3],
1144 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1145 io[0],io[1],il,ir,t0,t1);
1146 CAMELLIA_ROUNDSM(io[0],io[1],
1147 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1148 io[2],io[3],il,ir,t0,t1);
1149 CAMELLIA_ROUNDSM(io[2],io[3],
1150 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1151 io[0],io[1],il,ir,t0,t1);
1152 CAMELLIA_ROUNDSM(io[0],io[1],
1153 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1154 io[2],io[3],il,ir,t0,t1);
1155 CAMELLIA_ROUNDSM(io[2],io[3],
1156 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1157 io[0],io[1],il,ir,t0,t1);
1158
1159 /* post whitening but kw4 */
1160 io[2] ^= CamelliaSubkeyL(0);
1161 io[3] ^= CamelliaSubkeyR(0);
1162
1163 t0 = io[0];
1164 t1 = io[1];
1165 io[0] = io[2];
1166 io[1] = io[3];
1167 io[2] = t0;
1168 io[3] = t1;
1169
1170 PUTU32(output, io[0]);
1171 PUTU32(output+4, io[1]);
1172 PUTU32(output+8, io[2]);
1173 PUTU32(output+12, io[3]);
1174
1175 return SECSuccess;
1176 }
1177
1178 /**
1179 * stuff for 192 and 256bit encryption/decryption
1180 */
1181 SECStatus
1182 camellia_encrypt256(const PRUint32 *subkey,
1183 unsigned char *output,
1184 const unsigned char *input)
1185 {
1186 PRUint32 il,ir,t0,t1; /* temporary valiables */
1187 PRUint32 io[4];
1188 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
1189 PRUint32 tmp;
1190 #endif
1191
1192 io[0] = GETU32(input);
1193 io[1] = GETU32(input+4);
1194 io[2] = GETU32(input+8);
1195 io[3] = GETU32(input+12);
1196
1197 /* pre whitening but absorb kw2*/
1198 io[0] ^= CamelliaSubkeyL(0);
1199 io[1] ^= CamelliaSubkeyR(0);
1200
1201 /* main iteration */
1202 CAMELLIA_ROUNDSM(io[0],io[1],
1203 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1204 io[2],io[3],il,ir,t0,t1);
1205 CAMELLIA_ROUNDSM(io[2],io[3],
1206 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1207 io[0],io[1],il,ir,t0,t1);
1208 CAMELLIA_ROUNDSM(io[0],io[1],
1209 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1210 io[2],io[3],il,ir,t0,t1);
1211 CAMELLIA_ROUNDSM(io[2],io[3],
1212 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1213 io[0],io[1],il,ir,t0,t1);
1214 CAMELLIA_ROUNDSM(io[0],io[1],
1215 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1216 io[2],io[3],il,ir,t0,t1);
1217 CAMELLIA_ROUNDSM(io[2],io[3],
1218 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1219 io[0],io[1],il,ir,t0,t1);
1220
1221 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1222 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1223 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1224 t0,t1,il,ir);
1225
1226 CAMELLIA_ROUNDSM(io[0],io[1],
1227 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1228 io[2],io[3],il,ir,t0,t1);
1229 CAMELLIA_ROUNDSM(io[2],io[3],
1230 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1231 io[0],io[1],il,ir,t0,t1);
1232 CAMELLIA_ROUNDSM(io[0],io[1],
1233 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1234 io[2],io[3],il,ir,t0,t1);
1235 CAMELLIA_ROUNDSM(io[2],io[3],
1236 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1237 io[0],io[1],il,ir,t0,t1);
1238 CAMELLIA_ROUNDSM(io[0],io[1],
1239 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1240 io[2],io[3],il,ir,t0,t1);
1241 CAMELLIA_ROUNDSM(io[2],io[3],
1242 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1243 io[0],io[1],il,ir,t0,t1);
1244
1245 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1246 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1247 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1248 t0,t1,il,ir);
1249
1250 CAMELLIA_ROUNDSM(io[0],io[1],
1251 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1252 io[2],io[3],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[2],io[3],
1254 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1255 io[0],io[1],il,ir,t0,t1);
1256 CAMELLIA_ROUNDSM(io[0],io[1],
1257 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1258 io[2],io[3],il,ir,t0,t1);
1259 CAMELLIA_ROUNDSM(io[2],io[3],
1260 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1261 io[0],io[1],il,ir,t0,t1);
1262 CAMELLIA_ROUNDSM(io[0],io[1],
1263 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1264 io[2],io[3],il,ir,t0,t1);
1265 CAMELLIA_ROUNDSM(io[2],io[3],
1266 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1267 io[0],io[1],il,ir,t0,t1);
1268
1269 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1270 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1271 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1272 t0,t1,il,ir);
1273
1274 CAMELLIA_ROUNDSM(io[0],io[1],
1275 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1276 io[2],io[3],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[2],io[3],
1278 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1279 io[0],io[1],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[0],io[1],
1281 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1282 io[2],io[3],il,ir,t0,t1);
1283 CAMELLIA_ROUNDSM(io[2],io[3],
1284 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1285 io[0],io[1],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[0],io[1],
1287 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1288 io[2],io[3],il,ir,t0,t1);
1289 CAMELLIA_ROUNDSM(io[2],io[3],
1290 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1291 io[0],io[1],il,ir,t0,t1);
1292
1293 /* post whitening but kw4 */
1294 io[2] ^= CamelliaSubkeyL(32);
1295 io[3] ^= CamelliaSubkeyR(32);
1296
1297 t0 = io[0];
1298 t1 = io[1];
1299 io[0] = io[2];
1300 io[1] = io[3];
1301 io[2] = t0;
1302 io[3] = t1;
1303
1304 PUTU32(output, io[0]);
1305 PUTU32(output+4, io[1]);
1306 PUTU32(output+8, io[2]);
1307 PUTU32(output+12, io[3]);
1308
1309 return SECSuccess;
1310 }
1311
1312 SECStatus
1313 camellia_decrypt256(const PRUint32 *subkey,
1314 unsigned char *output,
1315 const unsigned char *input)
1316 {
1317 PRUint32 il,ir,t0,t1; /* temporary valiables */
1318 PRUint32 io[4];
1319 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
1320 PRUint32 tmp;
1321 #endif
1322
1323 io[0] = GETU32(input);
1324 io[1] = GETU32(input+4);
1325 io[2] = GETU32(input+8);
1326 io[3] = GETU32(input+12);
1327
1328 /* pre whitening but absorb kw2*/
1329 io[0] ^= CamelliaSubkeyL(32);
1330 io[1] ^= CamelliaSubkeyR(32);
1331
1332 /* main iteration */
1333 CAMELLIA_ROUNDSM(io[0],io[1],
1334 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1335 io[2],io[3],il,ir,t0,t1);
1336 CAMELLIA_ROUNDSM(io[2],io[3],
1337 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1338 io[0],io[1],il,ir,t0,t1);
1339 CAMELLIA_ROUNDSM(io[0],io[1],
1340 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1341 io[2],io[3],il,ir,t0,t1);
1342 CAMELLIA_ROUNDSM(io[2],io[3],
1343 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1344 io[0],io[1],il,ir,t0,t1);
1345 CAMELLIA_ROUNDSM(io[0],io[1],
1346 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1347 io[2],io[3],il,ir,t0,t1);
1348 CAMELLIA_ROUNDSM(io[2],io[3],
1349 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1350 io[0],io[1],il,ir,t0,t1);
1351
1352 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1353 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1354 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1355 t0,t1,il,ir);
1356
1357 CAMELLIA_ROUNDSM(io[0],io[1],
1358 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1359 io[2],io[3],il,ir,t0,t1);
1360 CAMELLIA_ROUNDSM(io[2],io[3],
1361 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1362 io[0],io[1],il,ir,t0,t1);
1363 CAMELLIA_ROUNDSM(io[0],io[1],
1364 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1365 io[2],io[3],il,ir,t0,t1);
1366 CAMELLIA_ROUNDSM(io[2],io[3],
1367 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1368 io[0],io[1],il,ir,t0,t1);
1369 CAMELLIA_ROUNDSM(io[0],io[1],
1370 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1371 io[2],io[3],il,ir,t0,t1);
1372 CAMELLIA_ROUNDSM(io[2],io[3],
1373 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1374 io[0],io[1],il,ir,t0,t1);
1375
1376 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1377 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1378 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1379 t0,t1,il,ir);
1380
1381 CAMELLIA_ROUNDSM(io[0],io[1],
1382 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1383 io[2],io[3],il,ir,t0,t1);
1384 CAMELLIA_ROUNDSM(io[2],io[3],
1385 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1386 io[0],io[1],il,ir,t0,t1);
1387 CAMELLIA_ROUNDSM(io[0],io[1],
1388 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1389 io[2],io[3],il,ir,t0,t1);
1390 CAMELLIA_ROUNDSM(io[2],io[3],
1391 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1392 io[0],io[1],il,ir,t0,t1);
1393 CAMELLIA_ROUNDSM(io[0],io[1],
1394 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1395 io[2],io[3],il,ir,t0,t1);
1396 CAMELLIA_ROUNDSM(io[2],io[3],
1397 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1398 io[0],io[1],il,ir,t0,t1);
1399
1400 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1401 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1402 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1403 t0,t1,il,ir);
1404
1405 CAMELLIA_ROUNDSM(io[0],io[1],
1406 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1407 io[2],io[3],il,ir,t0,t1);
1408 CAMELLIA_ROUNDSM(io[2],io[3],
1409 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1410 io[0],io[1],il,ir,t0,t1);
1411 CAMELLIA_ROUNDSM(io[0],io[1],
1412 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1413 io[2],io[3],il,ir,t0,t1);
1414 CAMELLIA_ROUNDSM(io[2],io[3],
1415 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1416 io[0],io[1],il,ir,t0,t1);
1417 CAMELLIA_ROUNDSM(io[0],io[1],
1418 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1419 io[2],io[3],il,ir,t0,t1);
1420 CAMELLIA_ROUNDSM(io[2],io[3],
1421 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1422 io[0],io[1],il,ir,t0,t1);
1423
1424 /* post whitening but kw4 */
1425 io[2] ^= CamelliaSubkeyL(0);
1426 io[3] ^= CamelliaSubkeyR(0);
1427
1428 t0 = io[0];
1429 t1 = io[1];
1430 io[0] = io[2];
1431 io[1] = io[3];
1432 io[2] = t0;
1433 io[3] = t1;
1434
1435 PUTU32(output, io[0]);
1436 PUTU32(output+4, io[1]);
1437 PUTU32(output+8, io[2]);
1438 PUTU32(output+12, io[3]);
1439
1440 return SECSuccess;
1441 }
1442
1443
1444 /**************************************************************************
1445 *
1446 * Stuff related to the Camellia key schedule
1447 *
1448 *************************************************************************/
1449
1450 SECStatus
1451 camellia_key_expansion(CamelliaContext *cx,
1452 const unsigned char *key,
1453 const unsigned int keysize)
1454 {
1455 cx->keysize = keysize;
1456
1457 switch(keysize) {
1458 case 16:
1459 camellia_setup128(key, cx->expandedKey);
1460 break;
1461 case 24:
1462 camellia_setup192(key, cx->expandedKey);
1463 break;
1464 case 32:
1465 camellia_setup256(key, cx->expandedKey);
1466 break;
1467 default:
1468 break;
1469 }
1470 return SECSuccess;
1471 }
1472
1473
1474 /**************************************************************************
1475 *
1476 * Camellia modes of operation (ECB and CBC)
1477 *
1478 *************************************************************************/
1479
1480 SECStatus
1481 camellia_encryptECB(CamelliaContext *cx, unsigned char *output,
1482 unsigned int *outputLen, unsigned int maxOutputLen,
1483 const unsigned char *input, unsigned int inputLen)
1484 {
1485 CamelliaBlockFunc *encryptor;
1486
1487 encryptor = (cx->keysize == 16)
1488 ? &camellia_encrypt128
1489 : &camellia_encrypt256;
1490
1491 while (inputLen > 0) {
1492 (*encryptor)(cx->expandedKey, output, input);
1493
1494 output += CAMELLIA_BLOCK_SIZE;
1495 input += CAMELLIA_BLOCK_SIZE;
1496 inputLen -= CAMELLIA_BLOCK_SIZE;
1497 }
1498 return SECSuccess;
1499 }
1500
1501 SECStatus
1502 camellia_encryptCBC(CamelliaContext *cx, unsigned char *output,
1503 unsigned int *outputLen, unsigned int maxOutputLen,
1504 const unsigned char *input, unsigned int inputLen)
1505 {
1506 unsigned int j;
1507 unsigned char *lastblock;
1508 unsigned char inblock[CAMELLIA_BLOCK_SIZE];
1509 CamelliaBlockFunc *encryptor;
1510
1511 if (!inputLen)
1512 return SECSuccess;
1513 lastblock = cx->iv;
1514
1515 encryptor = (cx->keysize == 16)
1516 ? &camellia_encrypt128
1517 : &camellia_encrypt256;
1518
1519 while (inputLen > 0) {
1520 /* XOR with the last block (IV if first block) */
1521 for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
1522 inblock[j] = input[j] ^ lastblock[j];
1523 /* encrypt */
1524 (*encryptor)(cx->expandedKey, output, inblock);
1525
1526 /* move to the next block */
1527 lastblock = output;
1528 output += CAMELLIA_BLOCK_SIZE;
1529 input += CAMELLIA_BLOCK_SIZE;
1530 inputLen -= CAMELLIA_BLOCK_SIZE;
1531 }
1532 memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE);
1533 return SECSuccess;
1534 }
1535
1536 SECStatus
1537 camellia_decryptECB(CamelliaContext *cx, unsigned char *output,
1538 unsigned int *outputLen, unsigned int maxOutputLen,
1539 const unsigned char *input, unsigned int inputLen)
1540 {
1541 CamelliaBlockFunc *decryptor;
1542
1543 decryptor = (cx->keysize == 16)
1544 ? &camellia_decrypt128
1545 : &camellia_decrypt256;
1546
1547
1548 while (inputLen > 0) {
1549
1550 (*decryptor)(cx->expandedKey, output, input);
1551
1552 output += CAMELLIA_BLOCK_SIZE;
1553 input += CAMELLIA_BLOCK_SIZE;
1554 inputLen -= CAMELLIA_BLOCK_SIZE;
1555 }
1556 return SECSuccess;
1557 }
1558
1559 SECStatus
1560 camellia_decryptCBC(CamelliaContext *cx, unsigned char *output,
1561 unsigned int *outputLen, unsigned int maxOutputLen,
1562 const unsigned char *input, unsigned int inputLen)
1563 {
1564 const unsigned char *in;
1565 unsigned char *out;
1566 unsigned int j;
1567 unsigned char newIV[CAMELLIA_BLOCK_SIZE];
1568 CamelliaBlockFunc *decryptor;
1569
1570
1571
1572 if (!inputLen)
1573 return SECSuccess;
1574
1575 PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
1576
1577 in = input + (inputLen - CAMELLIA_BLOCK_SIZE);
1578 memcpy(newIV, in, CAMELLIA_BLOCK_SIZE);
1579 out = output + (inputLen - CAMELLIA_BLOCK_SIZE);
1580
1581 decryptor = (cx->keysize == 16)
1582 ? &camellia_decrypt128
1583 : &camellia_decrypt256;
1584
1585 while (inputLen > CAMELLIA_BLOCK_SIZE) {
1586 (*decryptor)(cx->expandedKey, out, in);
1587
1588 for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
1589 out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)];
1590
1591 out -= CAMELLIA_BLOCK_SIZE;
1592 in -= CAMELLIA_BLOCK_SIZE;
1593 inputLen -= CAMELLIA_BLOCK_SIZE;
1594 }
1595 if (in == input) {
1596 (*decryptor)(cx->expandedKey, out, in);
1597
1598 for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
1599 out[j] ^= cx->iv[j];
1600 }
1601 memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE);
1602 return SECSuccess;
1603 }
1604
1605 /**************************************************************************
1606 *
1607 * BLAPI Interface functions
1608 *
1609 *************************************************************************/
1610
1611 CamelliaContext *
1612 Camellia_AllocateContext(void)
1613 {
1614 return PORT_ZNew(CamelliaContext);
1615 }
1616
1617 SECStatus
1618 Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
1619 unsigned int keysize,
1620 const unsigned char *iv, int mode, unsigned int encrypt,
1621 unsigned int unused)
1622 {
1623 if (key == NULL ||
1624 (keysize != 16 && keysize != 24 && keysize != 32)) {
1625 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1626 return SECFailure;
1627 }
1628 if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
1629 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1630 return SECFailure;
1631 }
1632 if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
1633 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1634 return SECFailure;
1635 }
1636 if (!cx) {
1637 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1638 return SECFailure;
1639 }
1640 if (mode == NSS_CAMELLIA_CBC) {
1641 memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
1642 cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
1643 } else {
1644 cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
1645 }
1646
1647 /* Generate expanded key */
1648 if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
1649 goto cleanup;
1650
1651 return SECSuccess;
1652 cleanup:
1653 return SECFailure;
1654 }
1655
1656 /*
1657 * Camellia_CreateContext
1658 * create a new context for Camellia operations
1659 */
1660
1661
1662 CamelliaContext *
1663 Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
1664 int mode, int encrypt,
1665 unsigned int keysize)
1666 {
1667 CamelliaContext *cx;
1668
1669 if (key == NULL ||
1670 (keysize != 16 && keysize != 24 && keysize != 32)) {
1671 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1672 return NULL;
1673 }
1674 if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
1675 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1676 return NULL;
1677 }
1678 if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
1679 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1680 return NULL;
1681 }
1682 cx = PORT_ZNew(CamelliaContext);
1683 if (!cx) {
1684 PORT_SetError(SEC_ERROR_NO_MEMORY);
1685 return NULL;
1686 }
1687
1688 /* copy in the iv, if neccessary */
1689 if (mode == NSS_CAMELLIA_CBC) {
1690 memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
1691 cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
1692 } else {
1693 cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
1694 }
1695 /* copy keysize */
1696 cx->keysize = keysize;
1697
1698 /* Generate expanded key */
1699 if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
1700 goto cleanup;
1701
1702 return cx;
1703 cleanup:
1704 PORT_ZFree(cx, sizeof *cx);
1705 return NULL;
1706 }
1707
1708 /*
1709 * Camellia_DestroyContext
1710 *
1711 * Zero an Camellia cipher context. If freeit is true, also free the pointer
1712 * to the context.
1713 */
1714 void
1715 Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
1716 {
1717 if (cx)
1718 memset(cx, 0, sizeof *cx);
1719 if (freeit)
1720 PORT_Free(cx);
1721 }
1722
1723 /*
1724 * Camellia_Encrypt
1725 *
1726 * Encrypt an arbitrary-length buffer. The output buffer must already be
1727 * allocated to at least inputLen.
1728 */
1729 SECStatus
1730 Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
1731 unsigned int *outputLen, unsigned int maxOutputLen,
1732 const unsigned char *input, unsigned int inputLen)
1733 {
1734
1735 /* Check args */
1736 if (cx == NULL || output == NULL || input == NULL ||
1737 outputLen == NULL) {
1738 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1739 return SECFailure;
1740 }
1741
1742 if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
1743 PORT_SetError(SEC_ERROR_INPUT_LEN);
1744 return SECFailure;
1745 }
1746 if (maxOutputLen < inputLen) {
1747 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1748 return SECFailure;
1749 }
1750 *outputLen = inputLen;
1751
1752 return (*cx->worker)(cx, output, outputLen, maxOutputLen,
1753 input, inputLen);
1754 }
1755
1756 /*
1757 * Camellia_Decrypt
1758 *
1759 * Decrypt and arbitrary-length buffer. The output buffer must already be
1760 * allocated to at least inputLen.
1761 */
1762 SECStatus
1763 Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
1764 unsigned int *outputLen, unsigned int maxOutputLen,
1765 const unsigned char *input, unsigned int inputLen)
1766 {
1767
1768 /* Check args */
1769 if (cx == NULL || output == NULL || input == NULL
1770 || outputLen == NULL) {
1771 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1772 return SECFailure;
1773 }
1774 if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
1775 PORT_SetError(SEC_ERROR_INPUT_LEN);
1776 return SECFailure;
1777 }
1778 if (maxOutputLen < inputLen) {
1779 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1780 return SECFailure;
1781 }
1782 *outputLen = inputLen;
1783
1784 return (*cx->worker)(cx, output, outputLen, maxOutputLen,
1785 input, inputLen);
1786 }
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/freebl/camellia.h ('k') | mozilla/security/nss/lib/freebl/ctr.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698