3 * NTT (Nippon Telegraph and Telephone Corporation).
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 * Algorithm Specification
22 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
27 * NOTE --- NOTE --- NOTE --- NOTE
28 * This implementation assumes that all memory addresses passed
29 * as parameters are four-byte aligned.
33 #include <linux/crypto.h>
34 #include <linux/errno.h>
35 #include <linux/init.h>
36 #include <linux/kernel.h>
37 #include <linux/module.h>
39 static const u32 camellia_sp1110[256] = {
40 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
41 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
42 0xe4e4e400,0x85858500,0x57575700,0x35353500,
43 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
44 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
45 0x45454500,0x19191900,0xa5a5a500,0x21212100,
46 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
47 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
48 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
49 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
50 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
51 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
52 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
53 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
54 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
55 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
56 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
57 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
58 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
59 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
60 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
61 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
62 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
63 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
64 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
65 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
66 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
67 0x53535300,0x18181800,0xf2f2f200,0x22222200,
68 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
69 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
70 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
71 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
72 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
73 0xa1a1a100,0x89898900,0x62626200,0x97979700,
74 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
75 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
76 0x10101000,0xc4c4c400,0x00000000,0x48484800,
77 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
78 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
79 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
80 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
81 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
82 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
83 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
84 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
85 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
86 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
87 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
88 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
89 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
90 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
91 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
92 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
93 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
94 0xd4d4d400,0x25252500,0xababab00,0x42424200,
95 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
96 0x72727200,0x07070700,0xb9b9b900,0x55555500,
97 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
98 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
99 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
100 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
101 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
102 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
103 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
106 static const u32 camellia_sp0222[256] = {
107 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
108 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
109 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
110 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
111 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
112 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
113 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
114 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
115 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
116 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
117 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
118 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
119 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
120 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
121 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
122 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
123 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
124 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
125 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
126 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
127 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
128 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
129 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
130 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
131 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
132 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
133 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
134 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
135 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
136 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
137 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
138 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
139 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
140 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
141 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
142 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
143 0x00202020,0x00898989,0x00000000,0x00909090,
144 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
145 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
146 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
147 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
148 0x009b9b9b,0x00949494,0x00212121,0x00666666,
149 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
150 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
151 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
152 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
153 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
154 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
155 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
156 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
157 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
158 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
159 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
160 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
161 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
162 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
163 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
164 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
165 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
166 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
167 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
168 0x00777777,0x00939393,0x00868686,0x00838383,
169 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
170 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
173 static const u32 camellia_sp3033[256] = {
174 0x38003838,0x41004141,0x16001616,0x76007676,
175 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
176 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
177 0x75007575,0x06000606,0x57005757,0xa000a0a0,
178 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
179 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
180 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
181 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
182 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
183 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
184 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
185 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
186 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
187 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
188 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
189 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
190 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
191 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
192 0x3a003a3a,0x09000909,0x95009595,0x10001010,
193 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
194 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
195 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
196 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
197 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
198 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
199 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
200 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
201 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
202 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
203 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
204 0x12001212,0x04000404,0x74007474,0x54005454,
205 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
206 0x55005555,0x68006868,0x50005050,0xbe00bebe,
207 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
208 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
209 0x70007070,0xff00ffff,0x32003232,0x69006969,
210 0x08000808,0x62006262,0x00000000,0x24002424,
211 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
212 0x45004545,0x81008181,0x73007373,0x6d006d6d,
213 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
214 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
215 0xe600e6e6,0x25002525,0x48004848,0x99009999,
216 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
217 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
218 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
219 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
220 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
221 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
222 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
223 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
224 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
225 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
226 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
227 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
228 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
229 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
230 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
231 0x7c007c7c,0x77007777,0x56005656,0x05000505,
232 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
233 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
234 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
235 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
236 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
237 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
240 static const u32 camellia_sp4404[256] = {
241 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
242 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
243 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
244 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
245 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
246 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
247 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
248 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
249 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
250 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
251 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
252 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
253 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
254 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
255 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
256 0x24240024,0xe8e800e8,0x60600060,0x69690069,
257 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
258 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
259 0x10100010,0x00000000,0xa3a300a3,0x75750075,
260 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
261 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
262 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
263 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
264 0x81810081,0x6f6f006f,0x13130013,0x63630063,
265 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
266 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
267 0x78780078,0x06060006,0xe7e700e7,0x71710071,
268 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
269 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
270 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
271 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
272 0x15150015,0xadad00ad,0x77770077,0x80800080,
273 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
274 0x85850085,0x35350035,0x0c0c000c,0x41410041,
275 0xefef00ef,0x93930093,0x19190019,0x21210021,
276 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
277 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
278 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
279 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
280 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
281 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
282 0x12120012,0x20200020,0xb1b100b1,0x99990099,
283 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
284 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
285 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
286 0x0f0f000f,0x16160016,0x18180018,0x22220022,
287 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
288 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
289 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
290 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
291 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
292 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
293 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
294 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
295 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
296 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
297 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
298 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
299 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
300 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
301 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
302 0x49490049,0x68680068,0x38380038,0xa4a400a4,
303 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
304 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
308 #define CAMELLIA_MIN_KEY_SIZE 16
309 #define CAMELLIA_MAX_KEY_SIZE 32
310 #define CAMELLIA_BLOCK_SIZE 16
311 #define CAMELLIA_TABLE_BYTE_LEN 272
316 #define CAMELLIA_SIGMA1L (0xA09E667FL)
317 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
318 #define CAMELLIA_SIGMA2L (0xB67AE858L)
319 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
320 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
321 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
322 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
323 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
324 #define CAMELLIA_SIGMA5L (0x10E527FAL)
325 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
326 #define CAMELLIA_SIGMA6L (0xB05688C2L)
327 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
333 # define GETU32(v, pt) \
335 /* latest breed of gcc is clever enough to use move */ \
336 memcpy(&(v), (pt), 4); \
337 (v) = be32_to_cpu(v); \
340 /* rotation right shift 1byte */
341 #define ROR8(x) (((x) >> 8) + ((x) << 24))
342 /* rotation left shift 1bit */
343 #define ROL1(x) (((x) << 1) + ((x) >> 31))
344 /* rotation left shift 1byte */
345 #define ROL8(x) (((x) << 8) + ((x) >> 24))
347 #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
350 ll = (ll << bits) + (lr >> (32 - bits)); \
351 lr = (lr << bits) + (rl >> (32 - bits)); \
352 rl = (rl << bits) + (rr >> (32 - bits)); \
353 rr = (rr << bits) + (w0 >> (32 - bits)); \
356 #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
360 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
361 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
362 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
363 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
367 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
373 yl = camellia_sp1110[ir & 0xff] \
374 ^ camellia_sp0222[(t1 >> 8) & 0xff] \
375 ^ camellia_sp3033[t1 & 0xff] \
376 ^ camellia_sp4404[(ir >> 8) & 0xff]; \
377 yr = camellia_sp1110[(t0 >> 8) & 0xff] \
378 ^ camellia_sp0222[t0 & 0xff] \
379 ^ camellia_sp3033[(il >> 8) & 0xff] \
380 ^ camellia_sp4404[il & 0xff]; \
391 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
407 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
409 ir = camellia_sp1110[xr & 0xff]; \
410 il = camellia_sp1110[(xl>>24) & 0xff]; \
411 ir ^= camellia_sp0222[(xr>>24) & 0xff]; \
412 il ^= camellia_sp0222[(xl>>16) & 0xff]; \
413 ir ^= camellia_sp3033[(xr>>16) & 0xff]; \
414 il ^= camellia_sp3033[(xl>>8) & 0xff]; \
415 ir ^= camellia_sp4404[(xr>>8) & 0xff]; \
416 il ^= camellia_sp4404[xl & 0xff]; \
420 yr ^= ROR8(il) ^ ir; \
424 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
425 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
427 static void camellia_setup128(const unsigned char *key, u32 *subkey)
429 u32 kll, klr, krl, krr;
430 u32 il, ir, t0, t1, w0, w1;
431 u32 kw4l, kw4r, dw, tl, tr;
436 * k == kll || klr || krl || krr (|| is concatination)
439 GETU32(klr, key + 4);
440 GETU32(krl, key + 8);
441 GETU32(krr, key + 12);
444 * generate KL dependent subkeys
447 subL[0] = kll; subR[0] = klr;
449 subL[1] = krl; subR[1] = krr;
450 /* rotation left shift 15bit */
451 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
453 subL[4] = kll; subR[4] = klr;
455 subL[5] = krl; subR[5] = krr;
456 /* rotation left shift 15+30bit */
457 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
459 subL[10] = kll; subR[10] = klr;
461 subL[11] = krl; subR[11] = krr;
462 /* rotation left shift 15+30+15bit */
463 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
465 subL[13] = krl; subR[13] = krr;
466 /* rotation left shift 15+30+15+17 bit */
467 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
469 subL[16] = kll; subR[16] = klr;
471 subL[17] = krl; subR[17] = krr;
472 /* rotation left shift 15+30+15+17+17 bit */
473 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
475 subL[18] = kll; subR[18] = klr;
477 subL[19] = krl; subR[19] = krr;
478 /* rotation left shift 15+30+15+17+17+17 bit */
479 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
481 subL[22] = kll; subR[22] = klr;
483 subL[23] = krl; subR[23] = krr;
486 kll = subL[0]; klr = subR[0];
487 krl = subL[1]; krr = subR[1];
489 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
490 w0, w1, il, ir, t0, t1);
491 krl ^= w0; krr ^= w1;
493 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
494 kll, klr, il, ir, t0, t1);
495 /* current status == (kll, klr, w0, w1) */
497 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
498 krl, krr, il, ir, t0, t1);
499 krl ^= w0; krr ^= w1;
501 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
502 w0, w1, il, ir, t0, t1);
503 kll ^= w0; klr ^= w1;
505 /* generate KA dependent subkeys */
507 subL[2] = kll; subR[2] = klr;
508 subL[3] = krl; subR[3] = krr;
509 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
511 subL[6] = kll; subR[6] = klr;
512 subL[7] = krl; subR[7] = krr;
513 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 subL[8] = kll; subR[8] = klr;
516 subL[9] = krl; subR[9] = krr;
517 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
519 subL[12] = kll; subR[12] = klr;
520 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
522 subL[14] = kll; subR[14] = klr;
523 subL[15] = krl; subR[15] = krr;
524 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
526 subL[20] = kll; subR[20] = klr;
527 subL[21] = krl; subR[21] = krr;
528 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
530 subL[24] = kll; subR[24] = klr;
531 subL[25] = krl; subR[25] = krr;
533 /* absorb kw2 to other subkeys */
535 subL[3] ^= subL[1]; subR[3] ^= subR[1];
537 subL[5] ^= subL[1]; subR[5] ^= subR[1];
539 subL[7] ^= subL[1]; subR[7] ^= subR[1];
540 subL[1] ^= subR[1] & ~subR[9];
541 dw = subL[1] & subL[9],
542 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
544 subL[11] ^= subL[1]; subR[11] ^= subR[1];
546 subL[13] ^= subL[1]; subR[13] ^= subR[1];
548 subL[15] ^= subL[1]; subR[15] ^= subR[1];
549 subL[1] ^= subR[1] & ~subR[17];
550 dw = subL[1] & subL[17],
551 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
553 subL[19] ^= subL[1]; subR[19] ^= subR[1];
555 subL[21] ^= subL[1]; subR[21] ^= subR[1];
557 subL[23] ^= subL[1]; subR[23] ^= subR[1];
559 subL[24] ^= subL[1]; subR[24] ^= subR[1];
561 /* absorb kw4 to other subkeys */
562 kw4l = subL[25]; kw4r = subR[25];
564 subL[22] ^= kw4l; subR[22] ^= kw4r;
566 subL[20] ^= kw4l; subR[20] ^= kw4r;
568 subL[18] ^= kw4l; subR[18] ^= kw4r;
569 kw4l ^= kw4r & ~subR[16];
570 dw = kw4l & subL[16],
571 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
573 subL[14] ^= kw4l; subR[14] ^= kw4r;
575 subL[12] ^= kw4l; subR[12] ^= kw4r;
577 subL[10] ^= kw4l; subR[10] ^= kw4r;
578 kw4l ^= kw4r & ~subR[8];
580 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
582 subL[6] ^= kw4l; subR[6] ^= kw4r;
584 subL[4] ^= kw4l; subR[4] ^= kw4r;
586 subL[2] ^= kw4l; subR[2] ^= kw4r;
588 subL[0] ^= kw4l; subR[0] ^= kw4r;
590 /* key XOR is end of F-function */
591 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
592 SUBKEY_R(0) = subR[0] ^ subR[2];
593 SUBKEY_L(2) = subL[3]; /* round 1 */
594 SUBKEY_R(2) = subR[3];
595 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
596 SUBKEY_R(3) = subR[2] ^ subR[4];
597 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
598 SUBKEY_R(4) = subR[3] ^ subR[5];
599 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
600 SUBKEY_R(5) = subR[4] ^ subR[6];
601 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
602 SUBKEY_R(6) = subR[5] ^ subR[7];
603 tl = subL[10] ^ (subR[10] & ~subR[8]);
604 dw = tl & subL[8], /* FL(kl1) */
605 tr = subR[10] ^ ROL1(dw);
606 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
607 SUBKEY_R(7) = subR[6] ^ tr;
608 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
609 SUBKEY_R(8) = subR[8];
610 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
611 SUBKEY_R(9) = subR[9];
612 tl = subL[7] ^ (subR[7] & ~subR[9]);
613 dw = tl & subL[9], /* FLinv(kl2) */
614 tr = subR[7] ^ ROL1(dw);
615 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
616 SUBKEY_R(10) = tr ^ subR[11];
617 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
618 SUBKEY_R(11) = subR[10] ^ subR[12];
619 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
620 SUBKEY_R(12) = subR[11] ^ subR[13];
621 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
622 SUBKEY_R(13) = subR[12] ^ subR[14];
623 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
624 SUBKEY_R(14) = subR[13] ^ subR[15];
625 tl = subL[18] ^ (subR[18] & ~subR[16]);
626 dw = tl & subL[16], /* FL(kl3) */
627 tr = subR[18] ^ ROL1(dw);
628 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
629 SUBKEY_R(15) = subR[14] ^ tr;
630 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
631 SUBKEY_R(16) = subR[16];
632 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
633 SUBKEY_R(17) = subR[17];
634 tl = subL[15] ^ (subR[15] & ~subR[17]);
635 dw = tl & subL[17], /* FLinv(kl4) */
636 tr = subR[15] ^ ROL1(dw);
637 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
638 SUBKEY_R(18) = tr ^ subR[19];
639 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
640 SUBKEY_R(19) = subR[18] ^ subR[20];
641 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
642 SUBKEY_R(20) = subR[19] ^ subR[21];
643 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
644 SUBKEY_R(21) = subR[20] ^ subR[22];
645 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
646 SUBKEY_R(22) = subR[21] ^ subR[23];
647 SUBKEY_L(23) = subL[22]; /* round 18 */
648 SUBKEY_R(23) = subR[22];
649 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
650 SUBKEY_R(24) = subR[24] ^ subR[23];
652 /* apply the inverse of the last half of P-function */
653 dw = SUBKEY_L(2) ^ SUBKEY_R(2); dw = ROL8(dw);/* round 1 */
654 SUBKEY_R(2) = SUBKEY_L(2) ^ dw; SUBKEY_L(2) = dw;
655 dw = SUBKEY_L(3) ^ SUBKEY_R(3); dw = ROL8(dw);/* round 2 */
656 SUBKEY_R(3) = SUBKEY_L(3) ^ dw; SUBKEY_L(3) = dw;
657 dw = SUBKEY_L(4) ^ SUBKEY_R(4); dw = ROL8(dw);/* round 3 */
658 SUBKEY_R(4) = SUBKEY_L(4) ^ dw; SUBKEY_L(4) = dw;
659 dw = SUBKEY_L(5) ^ SUBKEY_R(5); dw = ROL8(dw);/* round 4 */
660 SUBKEY_R(5) = SUBKEY_L(5) ^ dw; SUBKEY_L(5) = dw;
661 dw = SUBKEY_L(6) ^ SUBKEY_R(6); dw = ROL8(dw);/* round 5 */
662 SUBKEY_R(6) = SUBKEY_L(6) ^ dw; SUBKEY_L(6) = dw;
663 dw = SUBKEY_L(7) ^ SUBKEY_R(7); dw = ROL8(dw);/* round 6 */
664 SUBKEY_R(7) = SUBKEY_L(7) ^ dw; SUBKEY_L(7) = dw;
665 dw = SUBKEY_L(10) ^ SUBKEY_R(10); dw = ROL8(dw);/* round 7 */
666 SUBKEY_R(10) = SUBKEY_L(10) ^ dw; SUBKEY_L(10) = dw;
667 dw = SUBKEY_L(11) ^ SUBKEY_R(11); dw = ROL8(dw);/* round 8 */
668 SUBKEY_R(11) = SUBKEY_L(11) ^ dw; SUBKEY_L(11) = dw;
669 dw = SUBKEY_L(12) ^ SUBKEY_R(12); dw = ROL8(dw);/* round 9 */
670 SUBKEY_R(12) = SUBKEY_L(12) ^ dw; SUBKEY_L(12) = dw;
671 dw = SUBKEY_L(13) ^ SUBKEY_R(13); dw = ROL8(dw);/* round 10 */
672 SUBKEY_R(13) = SUBKEY_L(13) ^ dw; SUBKEY_L(13) = dw;
673 dw = SUBKEY_L(14) ^ SUBKEY_R(14); dw = ROL8(dw);/* round 11 */
674 SUBKEY_R(14) = SUBKEY_L(14) ^ dw; SUBKEY_L(14) = dw;
675 dw = SUBKEY_L(15) ^ SUBKEY_R(15); dw = ROL8(dw);/* round 12 */
676 SUBKEY_R(15) = SUBKEY_L(15) ^ dw; SUBKEY_L(15) = dw;
677 dw = SUBKEY_L(18) ^ SUBKEY_R(18); dw = ROL8(dw);/* round 13 */
678 SUBKEY_R(18) = SUBKEY_L(18) ^ dw; SUBKEY_L(18) = dw;
679 dw = SUBKEY_L(19) ^ SUBKEY_R(19); dw = ROL8(dw);/* round 14 */
680 SUBKEY_R(19) = SUBKEY_L(19) ^ dw; SUBKEY_L(19) = dw;
681 dw = SUBKEY_L(20) ^ SUBKEY_R(20); dw = ROL8(dw);/* round 15 */
682 SUBKEY_R(20) = SUBKEY_L(20) ^ dw; SUBKEY_L(20) = dw;
683 dw = SUBKEY_L(21) ^ SUBKEY_R(21); dw = ROL8(dw);/* round 16 */
684 SUBKEY_R(21) = SUBKEY_L(21) ^ dw; SUBKEY_L(21) = dw;
685 dw = SUBKEY_L(22) ^ SUBKEY_R(22); dw = ROL8(dw);/* round 17 */
686 SUBKEY_R(22) = SUBKEY_L(22) ^ dw; SUBKEY_L(22) = dw;
687 dw = SUBKEY_L(23) ^ SUBKEY_R(23); dw = ROL8(dw);/* round 18 */
688 SUBKEY_R(23) = SUBKEY_L(23) ^ dw; SUBKEY_L(23) = dw;
691 static void camellia_setup256(const unsigned char *key, u32 *subkey)
693 u32 kll, klr, krl, krr; /* left half of key */
694 u32 krll, krlr, krrl, krrr; /* right half of key */
695 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
696 u32 kw4l, kw4r, dw, tl, tr;
701 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
702 * (|| is concatination)
705 GETU32(klr, key + 4);
706 GETU32(krl, key + 8);
707 GETU32(krr, key + 12);
708 GETU32(krll, key + 16);
709 GETU32(krlr, key + 20);
710 GETU32(krrl, key + 24);
711 GETU32(krrr, key + 28);
713 /* generate KL dependent subkeys */
715 subL[0] = kll; subR[0] = klr;
717 subL[1] = krl; subR[1] = krr;
718 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
720 subL[12] = kll; subR[12] = klr;
722 subL[13] = krl; subR[13] = krr;
723 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
725 subL[16] = kll; subR[16] = klr;
727 subL[17] = krl; subR[17] = krr;
728 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
730 subL[22] = kll; subR[22] = klr;
732 subL[23] = krl; subR[23] = krr;
733 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
735 subL[30] = kll; subR[30] = klr;
737 subL[31] = krl; subR[31] = krr;
739 /* generate KR dependent subkeys */
740 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
742 subL[4] = krll; subR[4] = krlr;
744 subL[5] = krrl; subR[5] = krrr;
745 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
747 subL[8] = krll; subR[8] = krlr;
749 subL[9] = krrl; subR[9] = krrr;
750 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
752 subL[18] = krll; subR[18] = krlr;
754 subL[19] = krrl; subR[19] = krrr;
755 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
757 subL[26] = krll; subR[26] = krlr;
759 subL[27] = krrl; subR[27] = krrr;
760 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
763 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
764 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
766 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
767 w0, w1, il, ir, t0, t1);
768 krl ^= w0; krr ^= w1;
770 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
771 kll, klr, il, ir, t0, t1);
772 kll ^= krll; klr ^= krlr;
774 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
775 krl, krr, il, ir, t0, t1);
776 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
778 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
779 w0, w1, il, ir, t0, t1);
780 kll ^= w0; klr ^= w1;
783 krll ^= kll; krlr ^= klr;
784 krrl ^= krl; krrr ^= krr;
785 CAMELLIA_F(krll, krlr,
786 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
787 w0, w1, il, ir, t0, t1);
788 krrl ^= w0; krrr ^= w1;
789 CAMELLIA_F(krrl, krrr,
790 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
791 w0, w1, il, ir, t0, t1);
792 krll ^= w0; krlr ^= w1;
794 /* generate KA dependent subkeys */
795 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
797 subL[6] = kll; subR[6] = klr;
799 subL[7] = krl; subR[7] = krr;
800 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
802 subL[14] = kll; subR[14] = klr;
804 subL[15] = krl; subR[15] = krr;
805 /* rotation left shift 32bit */
807 subL[24] = klr; subR[24] = krl;
809 subL[25] = krr; subR[25] = kll;
810 /* rotation left shift 49 from k11,k12 -> k21,k22 */
811 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
813 subL[28] = kll; subR[28] = klr;
815 subL[29] = krl; subR[29] = krr;
817 /* generate KB dependent subkeys */
819 subL[2] = krll; subR[2] = krlr;
821 subL[3] = krrl; subR[3] = krrr;
822 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
824 subL[10] = krll; subR[10] = krlr;
826 subL[11] = krrl; subR[11] = krrr;
827 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
829 subL[20] = krll; subR[20] = krlr;
831 subL[21] = krrl; subR[21] = krrr;
832 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
834 subL[32] = krll; subR[32] = krlr;
836 subL[33] = krrl; subR[33] = krrr;
838 /* absorb kw2 to other subkeys */
840 subL[3] ^= subL[1]; subR[3] ^= subR[1];
842 subL[5] ^= subL[1]; subR[5] ^= subR[1];
844 subL[7] ^= subL[1]; subR[7] ^= subR[1];
845 subL[1] ^= subR[1] & ~subR[9];
846 dw = subL[1] & subL[9],
847 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
849 subL[11] ^= subL[1]; subR[11] ^= subR[1];
851 subL[13] ^= subL[1]; subR[13] ^= subR[1];
853 subL[15] ^= subL[1]; subR[15] ^= subR[1];
854 subL[1] ^= subR[1] & ~subR[17];
855 dw = subL[1] & subL[17],
856 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
858 subL[19] ^= subL[1]; subR[19] ^= subR[1];
860 subL[21] ^= subL[1]; subR[21] ^= subR[1];
862 subL[23] ^= subL[1]; subR[23] ^= subR[1];
863 subL[1] ^= subR[1] & ~subR[25];
864 dw = subL[1] & subL[25],
865 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
867 subL[27] ^= subL[1]; subR[27] ^= subR[1];
869 subL[29] ^= subL[1]; subR[29] ^= subR[1];
871 subL[31] ^= subL[1]; subR[31] ^= subR[1];
873 subL[32] ^= subL[1]; subR[32] ^= subR[1];
875 /* absorb kw4 to other subkeys */
876 kw4l = subL[33]; kw4r = subR[33];
878 subL[30] ^= kw4l; subR[30] ^= kw4r;
880 subL[28] ^= kw4l; subR[28] ^= kw4r;
882 subL[26] ^= kw4l; subR[26] ^= kw4r;
883 kw4l ^= kw4r & ~subR[24];
884 dw = kw4l & subL[24],
885 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
887 subL[22] ^= kw4l; subR[22] ^= kw4r;
889 subL[20] ^= kw4l; subR[20] ^= kw4r;
891 subL[18] ^= kw4l; subR[18] ^= kw4r;
892 kw4l ^= kw4r & ~subR[16];
893 dw = kw4l & subL[16],
894 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
896 subL[14] ^= kw4l; subR[14] ^= kw4r;
898 subL[12] ^= kw4l; subR[12] ^= kw4r;
900 subL[10] ^= kw4l; subR[10] ^= kw4r;
901 kw4l ^= kw4r & ~subR[8];
903 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
905 subL[6] ^= kw4l; subR[6] ^= kw4r;
907 subL[4] ^= kw4l; subR[4] ^= kw4r;
909 subL[2] ^= kw4l; subR[2] ^= kw4r;
911 subL[0] ^= kw4l; subR[0] ^= kw4r;
913 /* key XOR is end of F-function */
914 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
915 SUBKEY_R(0) = subR[0] ^ subR[2];
916 SUBKEY_L(2) = subL[3]; /* round 1 */
917 SUBKEY_R(2) = subR[3];
918 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
919 SUBKEY_R(3) = subR[2] ^ subR[4];
920 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
921 SUBKEY_R(4) = subR[3] ^ subR[5];
922 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
923 SUBKEY_R(5) = subR[4] ^ subR[6];
924 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
925 SUBKEY_R(6) = subR[5] ^ subR[7];
926 tl = subL[10] ^ (subR[10] & ~subR[8]);
927 dw = tl & subL[8], /* FL(kl1) */
928 tr = subR[10] ^ ROL1(dw);
929 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
930 SUBKEY_R(7) = subR[6] ^ tr;
931 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
932 SUBKEY_R(8) = subR[8];
933 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
934 SUBKEY_R(9) = subR[9];
935 tl = subL[7] ^ (subR[7] & ~subR[9]);
936 dw = tl & subL[9], /* FLinv(kl2) */
937 tr = subR[7] ^ ROL1(dw);
938 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
939 SUBKEY_R(10) = tr ^ subR[11];
940 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
941 SUBKEY_R(11) = subR[10] ^ subR[12];
942 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
943 SUBKEY_R(12) = subR[11] ^ subR[13];
944 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
945 SUBKEY_R(13) = subR[12] ^ subR[14];
946 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
947 SUBKEY_R(14) = subR[13] ^ subR[15];
948 tl = subL[18] ^ (subR[18] & ~subR[16]);
949 dw = tl & subL[16], /* FL(kl3) */
950 tr = subR[18] ^ ROL1(dw);
951 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
952 SUBKEY_R(15) = subR[14] ^ tr;
953 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
954 SUBKEY_R(16) = subR[16];
955 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
956 SUBKEY_R(17) = subR[17];
957 tl = subL[15] ^ (subR[15] & ~subR[17]);
958 dw = tl & subL[17], /* FLinv(kl4) */
959 tr = subR[15] ^ ROL1(dw);
960 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
961 SUBKEY_R(18) = tr ^ subR[19];
962 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
963 SUBKEY_R(19) = subR[18] ^ subR[20];
964 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
965 SUBKEY_R(20) = subR[19] ^ subR[21];
966 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
967 SUBKEY_R(21) = subR[20] ^ subR[22];
968 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
969 SUBKEY_R(22) = subR[21] ^ subR[23];
970 tl = subL[26] ^ (subR[26] & ~subR[24]);
971 dw = tl & subL[24], /* FL(kl5) */
972 tr = subR[26] ^ ROL1(dw);
973 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
974 SUBKEY_R(23) = subR[22] ^ tr;
975 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
976 SUBKEY_R(24) = subR[24];
977 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
978 SUBKEY_R(25) = subR[25];
979 tl = subL[23] ^ (subR[23] & ~subR[25]);
980 dw = tl & subL[25], /* FLinv(kl6) */
981 tr = subR[23] ^ ROL1(dw);
982 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
983 SUBKEY_R(26) = tr ^ subR[27];
984 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
985 SUBKEY_R(27) = subR[26] ^ subR[28];
986 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
987 SUBKEY_R(28) = subR[27] ^ subR[29];
988 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
989 SUBKEY_R(29) = subR[28] ^ subR[30];
990 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
991 SUBKEY_R(30) = subR[29] ^ subR[31];
992 SUBKEY_L(31) = subL[30]; /* round 24 */
993 SUBKEY_R(31) = subR[30];
994 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
995 SUBKEY_R(32) = subR[32] ^ subR[31];
997 /* apply the inverse of the last half of P-function */
998 dw = SUBKEY_L(2) ^ SUBKEY_R(2); dw = ROL8(dw);/* round 1 */
999 SUBKEY_R(2) = SUBKEY_L(2) ^ dw; SUBKEY_L(2) = dw;
1000 dw = SUBKEY_L(3) ^ SUBKEY_R(3); dw = ROL8(dw);/* round 2 */
1001 SUBKEY_R(3) = SUBKEY_L(3) ^ dw; SUBKEY_L(3) = dw;
1002 dw = SUBKEY_L(4) ^ SUBKEY_R(4); dw = ROL8(dw);/* round 3 */
1003 SUBKEY_R(4) = SUBKEY_L(4) ^ dw; SUBKEY_L(4) = dw;
1004 dw = SUBKEY_L(5) ^ SUBKEY_R(5); dw = ROL8(dw);/* round 4 */
1005 SUBKEY_R(5) = SUBKEY_L(5) ^ dw; SUBKEY_L(5) = dw;
1006 dw = SUBKEY_L(6) ^ SUBKEY_R(6); dw = ROL8(dw);/* round 5 */
1007 SUBKEY_R(6) = SUBKEY_L(6) ^ dw; SUBKEY_L(6) = dw;
1008 dw = SUBKEY_L(7) ^ SUBKEY_R(7); dw = ROL8(dw);/* round 6 */
1009 SUBKEY_R(7) = SUBKEY_L(7) ^ dw; SUBKEY_L(7) = dw;
1010 dw = SUBKEY_L(10) ^ SUBKEY_R(10); dw = ROL8(dw);/* round 7 */
1011 SUBKEY_R(10) = SUBKEY_L(10) ^ dw; SUBKEY_L(10) = dw;
1012 dw = SUBKEY_L(11) ^ SUBKEY_R(11); dw = ROL8(dw);/* round 8 */
1013 SUBKEY_R(11) = SUBKEY_L(11) ^ dw; SUBKEY_L(11) = dw;
1014 dw = SUBKEY_L(12) ^ SUBKEY_R(12); dw = ROL8(dw);/* round 9 */
1015 SUBKEY_R(12) = SUBKEY_L(12) ^ dw; SUBKEY_L(12) = dw;
1016 dw = SUBKEY_L(13) ^ SUBKEY_R(13); dw = ROL8(dw);/* round 10 */
1017 SUBKEY_R(13) = SUBKEY_L(13) ^ dw; SUBKEY_L(13) = dw;
1018 dw = SUBKEY_L(14) ^ SUBKEY_R(14); dw = ROL8(dw);/* round 11 */
1019 SUBKEY_R(14) = SUBKEY_L(14) ^ dw; SUBKEY_L(14) = dw;
1020 dw = SUBKEY_L(15) ^ SUBKEY_R(15); dw = ROL8(dw);/* round 12 */
1021 SUBKEY_R(15) = SUBKEY_L(15) ^ dw; SUBKEY_L(15) = dw;
1022 dw = SUBKEY_L(18) ^ SUBKEY_R(18); dw = ROL8(dw);/* round 13 */
1023 SUBKEY_R(18) = SUBKEY_L(18) ^ dw; SUBKEY_L(18) = dw;
1024 dw = SUBKEY_L(19) ^ SUBKEY_R(19); dw = ROL8(dw);/* round 14 */
1025 SUBKEY_R(19) = SUBKEY_L(19) ^ dw; SUBKEY_L(19) = dw;
1026 dw = SUBKEY_L(20) ^ SUBKEY_R(20); dw = ROL8(dw);/* round 15 */
1027 SUBKEY_R(20) = SUBKEY_L(20) ^ dw; SUBKEY_L(20) = dw;
1028 dw = SUBKEY_L(21) ^ SUBKEY_R(21); dw = ROL8(dw);/* round 16 */
1029 SUBKEY_R(21) = SUBKEY_L(21) ^ dw; SUBKEY_L(21) = dw;
1030 dw = SUBKEY_L(22) ^ SUBKEY_R(22); dw = ROL8(dw);/* round 17 */
1031 SUBKEY_R(22) = SUBKEY_L(22) ^ dw; SUBKEY_L(22) = dw;
1032 dw = SUBKEY_L(23) ^ SUBKEY_R(23); dw = ROL8(dw);/* round 18 */
1033 SUBKEY_R(23) = SUBKEY_L(23) ^ dw; SUBKEY_L(23) = dw;
1034 dw = SUBKEY_L(26) ^ SUBKEY_R(26); dw = ROL8(dw);/* round 19 */
1035 SUBKEY_R(26) = SUBKEY_L(26) ^ dw; SUBKEY_L(26) = dw;
1036 dw = SUBKEY_L(27) ^ SUBKEY_R(27); dw = ROL8(dw);/* round 20 */
1037 SUBKEY_R(27) = SUBKEY_L(27) ^ dw; SUBKEY_L(27) = dw;
1038 dw = SUBKEY_L(28) ^ SUBKEY_R(28); dw = ROL8(dw);/* round 21 */
1039 SUBKEY_R(28) = SUBKEY_L(28) ^ dw; SUBKEY_L(28) = dw;
1040 dw = SUBKEY_L(29) ^ SUBKEY_R(29); dw = ROL8(dw);/* round 22 */
1041 SUBKEY_R(29) = SUBKEY_L(29) ^ dw; SUBKEY_L(29) = dw;
1042 dw = SUBKEY_L(30) ^ SUBKEY_R(30); dw = ROL8(dw);/* round 23 */
1043 SUBKEY_R(30) = SUBKEY_L(30) ^ dw; SUBKEY_L(30) = dw;
1044 dw = SUBKEY_L(31) ^ SUBKEY_R(31); dw = ROL8(dw);/* round 24 */
1045 SUBKEY_R(31) = SUBKEY_L(31) ^ dw; SUBKEY_L(31) = dw;
1048 static void camellia_setup192(const unsigned char *key, u32 *subkey)
1050 unsigned char kk[32];
1051 u32 krll, krlr, krrl,krrr;
1053 memcpy(kk, key, 24);
1054 memcpy((unsigned char *)&krll, key+16, 4);
1055 memcpy((unsigned char *)&krlr, key+20, 4);
1058 memcpy(kk+24, (unsigned char *)&krrl, 4);
1059 memcpy(kk+28, (unsigned char *)&krrr, 4);
1060 camellia_setup256(kk, subkey);
1064 static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1066 u32 il,ir,t0,t1; /* temporary variables */
1070 /* pre whitening but absorb kw2 */
1071 io[0] = io_text[0] ^ SUBKEY_L(0);
1072 io[1] = io_text[1] ^ SUBKEY_R(0);
1076 /* main iteration */
1077 CAMELLIA_ROUNDSM(io[0],io[1],
1078 SUBKEY_L(2),SUBKEY_R(2),
1079 io[2],io[3],il,ir,t0,t1);
1080 CAMELLIA_ROUNDSM(io[2],io[3],
1081 SUBKEY_L(3),SUBKEY_R(3),
1082 io[0],io[1],il,ir,t0,t1);
1083 CAMELLIA_ROUNDSM(io[0],io[1],
1084 SUBKEY_L(4),SUBKEY_R(4),
1085 io[2],io[3],il,ir,t0,t1);
1086 CAMELLIA_ROUNDSM(io[2],io[3],
1087 SUBKEY_L(5),SUBKEY_R(5),
1088 io[0],io[1],il,ir,t0,t1);
1089 CAMELLIA_ROUNDSM(io[0],io[1],
1090 SUBKEY_L(6),SUBKEY_R(6),
1091 io[2],io[3],il,ir,t0,t1);
1092 CAMELLIA_ROUNDSM(io[2],io[3],
1093 SUBKEY_L(7),SUBKEY_R(7),
1094 io[0],io[1],il,ir,t0,t1);
1096 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1097 SUBKEY_L(8),SUBKEY_R(8),
1098 SUBKEY_L(9),SUBKEY_R(9),
1101 CAMELLIA_ROUNDSM(io[0],io[1],
1102 SUBKEY_L(10),SUBKEY_R(10),
1103 io[2],io[3],il,ir,t0,t1);
1104 CAMELLIA_ROUNDSM(io[2],io[3],
1105 SUBKEY_L(11),SUBKEY_R(11),
1106 io[0],io[1],il,ir,t0,t1);
1107 CAMELLIA_ROUNDSM(io[0],io[1],
1108 SUBKEY_L(12),SUBKEY_R(12),
1109 io[2],io[3],il,ir,t0,t1);
1110 CAMELLIA_ROUNDSM(io[2],io[3],
1111 SUBKEY_L(13),SUBKEY_R(13),
1112 io[0],io[1],il,ir,t0,t1);
1113 CAMELLIA_ROUNDSM(io[0],io[1],
1114 SUBKEY_L(14),SUBKEY_R(14),
1115 io[2],io[3],il,ir,t0,t1);
1116 CAMELLIA_ROUNDSM(io[2],io[3],
1117 SUBKEY_L(15),SUBKEY_R(15),
1118 io[0],io[1],il,ir,t0,t1);
1120 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1121 SUBKEY_L(16),SUBKEY_R(16),
1122 SUBKEY_L(17),SUBKEY_R(17),
1125 CAMELLIA_ROUNDSM(io[0],io[1],
1126 SUBKEY_L(18),SUBKEY_R(18),
1127 io[2],io[3],il,ir,t0,t1);
1128 CAMELLIA_ROUNDSM(io[2],io[3],
1129 SUBKEY_L(19),SUBKEY_R(19),
1130 io[0],io[1],il,ir,t0,t1);
1131 CAMELLIA_ROUNDSM(io[0],io[1],
1132 SUBKEY_L(20),SUBKEY_R(20),
1133 io[2],io[3],il,ir,t0,t1);
1134 CAMELLIA_ROUNDSM(io[2],io[3],
1135 SUBKEY_L(21),SUBKEY_R(21),
1136 io[0],io[1],il,ir,t0,t1);
1137 CAMELLIA_ROUNDSM(io[0],io[1],
1138 SUBKEY_L(22),SUBKEY_R(22),
1139 io[2],io[3],il,ir,t0,t1);
1140 CAMELLIA_ROUNDSM(io[2],io[3],
1141 SUBKEY_L(23),SUBKEY_R(23),
1142 io[0],io[1],il,ir,t0,t1);
1144 /* post whitening but kw4 */
1145 io_text[0] = io[2] ^ SUBKEY_L(24);
1146 io_text[1] = io[3] ^ SUBKEY_R(24);
1151 static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1153 u32 il,ir,t0,t1; /* temporary variables */
1157 /* pre whitening but absorb kw2 */
1158 io[0] = io_text[0] ^ SUBKEY_L(24);
1159 io[1] = io_text[1] ^ SUBKEY_R(24);
1163 /* main iteration */
1164 CAMELLIA_ROUNDSM(io[0],io[1],
1165 SUBKEY_L(23),SUBKEY_R(23),
1166 io[2],io[3],il,ir,t0,t1);
1167 CAMELLIA_ROUNDSM(io[2],io[3],
1168 SUBKEY_L(22),SUBKEY_R(22),
1169 io[0],io[1],il,ir,t0,t1);
1170 CAMELLIA_ROUNDSM(io[0],io[1],
1171 SUBKEY_L(21),SUBKEY_R(21),
1172 io[2],io[3],il,ir,t0,t1);
1173 CAMELLIA_ROUNDSM(io[2],io[3],
1174 SUBKEY_L(20),SUBKEY_R(20),
1175 io[0],io[1],il,ir,t0,t1);
1176 CAMELLIA_ROUNDSM(io[0],io[1],
1177 SUBKEY_L(19),SUBKEY_R(19),
1178 io[2],io[3],il,ir,t0,t1);
1179 CAMELLIA_ROUNDSM(io[2],io[3],
1180 SUBKEY_L(18),SUBKEY_R(18),
1181 io[0],io[1],il,ir,t0,t1);
1183 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1184 SUBKEY_L(17),SUBKEY_R(17),
1185 SUBKEY_L(16),SUBKEY_R(16),
1188 CAMELLIA_ROUNDSM(io[0],io[1],
1189 SUBKEY_L(15),SUBKEY_R(15),
1190 io[2],io[3],il,ir,t0,t1);
1191 CAMELLIA_ROUNDSM(io[2],io[3],
1192 SUBKEY_L(14),SUBKEY_R(14),
1193 io[0],io[1],il,ir,t0,t1);
1194 CAMELLIA_ROUNDSM(io[0],io[1],
1195 SUBKEY_L(13),SUBKEY_R(13),
1196 io[2],io[3],il,ir,t0,t1);
1197 CAMELLIA_ROUNDSM(io[2],io[3],
1198 SUBKEY_L(12),SUBKEY_R(12),
1199 io[0],io[1],il,ir,t0,t1);
1200 CAMELLIA_ROUNDSM(io[0],io[1],
1201 SUBKEY_L(11),SUBKEY_R(11),
1202 io[2],io[3],il,ir,t0,t1);
1203 CAMELLIA_ROUNDSM(io[2],io[3],
1204 SUBKEY_L(10),SUBKEY_R(10),
1205 io[0],io[1],il,ir,t0,t1);
1207 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1208 SUBKEY_L(9),SUBKEY_R(9),
1209 SUBKEY_L(8),SUBKEY_R(8),
1212 CAMELLIA_ROUNDSM(io[0],io[1],
1213 SUBKEY_L(7),SUBKEY_R(7),
1214 io[2],io[3],il,ir,t0,t1);
1215 CAMELLIA_ROUNDSM(io[2],io[3],
1216 SUBKEY_L(6),SUBKEY_R(6),
1217 io[0],io[1],il,ir,t0,t1);
1218 CAMELLIA_ROUNDSM(io[0],io[1],
1219 SUBKEY_L(5),SUBKEY_R(5),
1220 io[2],io[3],il,ir,t0,t1);
1221 CAMELLIA_ROUNDSM(io[2],io[3],
1222 SUBKEY_L(4),SUBKEY_R(4),
1223 io[0],io[1],il,ir,t0,t1);
1224 CAMELLIA_ROUNDSM(io[0],io[1],
1225 SUBKEY_L(3),SUBKEY_R(3),
1226 io[2],io[3],il,ir,t0,t1);
1227 CAMELLIA_ROUNDSM(io[2],io[3],
1228 SUBKEY_L(2),SUBKEY_R(2),
1229 io[0],io[1],il,ir,t0,t1);
1231 /* post whitening but kw4 */
1232 io_text[0] = io[2] ^ SUBKEY_L(0);
1233 io_text[1] = io[3] ^ SUBKEY_R(0);
1238 static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1240 u32 il,ir,t0,t1; /* temporary variables */
1244 /* pre whitening but absorb kw2 */
1245 io[0] = io_text[0] ^ SUBKEY_L(0);
1246 io[1] = io_text[1] ^ SUBKEY_R(0);
1250 /* main iteration */
1251 CAMELLIA_ROUNDSM(io[0],io[1],
1252 SUBKEY_L(2),SUBKEY_R(2),
1253 io[2],io[3],il,ir,t0,t1);
1254 CAMELLIA_ROUNDSM(io[2],io[3],
1255 SUBKEY_L(3),SUBKEY_R(3),
1256 io[0],io[1],il,ir,t0,t1);
1257 CAMELLIA_ROUNDSM(io[0],io[1],
1258 SUBKEY_L(4),SUBKEY_R(4),
1259 io[2],io[3],il,ir,t0,t1);
1260 CAMELLIA_ROUNDSM(io[2],io[3],
1261 SUBKEY_L(5),SUBKEY_R(5),
1262 io[0],io[1],il,ir,t0,t1);
1263 CAMELLIA_ROUNDSM(io[0],io[1],
1264 SUBKEY_L(6),SUBKEY_R(6),
1265 io[2],io[3],il,ir,t0,t1);
1266 CAMELLIA_ROUNDSM(io[2],io[3],
1267 SUBKEY_L(7),SUBKEY_R(7),
1268 io[0],io[1],il,ir,t0,t1);
1270 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1271 SUBKEY_L(8),SUBKEY_R(8),
1272 SUBKEY_L(9),SUBKEY_R(9),
1275 CAMELLIA_ROUNDSM(io[0],io[1],
1276 SUBKEY_L(10),SUBKEY_R(10),
1277 io[2],io[3],il,ir,t0,t1);
1278 CAMELLIA_ROUNDSM(io[2],io[3],
1279 SUBKEY_L(11),SUBKEY_R(11),
1280 io[0],io[1],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[0],io[1],
1282 SUBKEY_L(12),SUBKEY_R(12),
1283 io[2],io[3],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[2],io[3],
1285 SUBKEY_L(13),SUBKEY_R(13),
1286 io[0],io[1],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[0],io[1],
1288 SUBKEY_L(14),SUBKEY_R(14),
1289 io[2],io[3],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[2],io[3],
1291 SUBKEY_L(15),SUBKEY_R(15),
1292 io[0],io[1],il,ir,t0,t1);
1294 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1295 SUBKEY_L(16),SUBKEY_R(16),
1296 SUBKEY_L(17),SUBKEY_R(17),
1299 CAMELLIA_ROUNDSM(io[0],io[1],
1300 SUBKEY_L(18),SUBKEY_R(18),
1301 io[2],io[3],il,ir,t0,t1);
1302 CAMELLIA_ROUNDSM(io[2],io[3],
1303 SUBKEY_L(19),SUBKEY_R(19),
1304 io[0],io[1],il,ir,t0,t1);
1305 CAMELLIA_ROUNDSM(io[0],io[1],
1306 SUBKEY_L(20),SUBKEY_R(20),
1307 io[2],io[3],il,ir,t0,t1);
1308 CAMELLIA_ROUNDSM(io[2],io[3],
1309 SUBKEY_L(21),SUBKEY_R(21),
1310 io[0],io[1],il,ir,t0,t1);
1311 CAMELLIA_ROUNDSM(io[0],io[1],
1312 SUBKEY_L(22),SUBKEY_R(22),
1313 io[2],io[3],il,ir,t0,t1);
1314 CAMELLIA_ROUNDSM(io[2],io[3],
1315 SUBKEY_L(23),SUBKEY_R(23),
1316 io[0],io[1],il,ir,t0,t1);
1318 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1319 SUBKEY_L(24),SUBKEY_R(24),
1320 SUBKEY_L(25),SUBKEY_R(25),
1323 CAMELLIA_ROUNDSM(io[0],io[1],
1324 SUBKEY_L(26),SUBKEY_R(26),
1325 io[2],io[3],il,ir,t0,t1);
1326 CAMELLIA_ROUNDSM(io[2],io[3],
1327 SUBKEY_L(27),SUBKEY_R(27),
1328 io[0],io[1],il,ir,t0,t1);
1329 CAMELLIA_ROUNDSM(io[0],io[1],
1330 SUBKEY_L(28),SUBKEY_R(28),
1331 io[2],io[3],il,ir,t0,t1);
1332 CAMELLIA_ROUNDSM(io[2],io[3],
1333 SUBKEY_L(29),SUBKEY_R(29),
1334 io[0],io[1],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[0],io[1],
1336 SUBKEY_L(30),SUBKEY_R(30),
1337 io[2],io[3],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[2],io[3],
1339 SUBKEY_L(31),SUBKEY_R(31),
1340 io[0],io[1],il,ir,t0,t1);
1342 /* post whitening but kw4 */
1343 io_text[0] = io[2] ^ SUBKEY_L(32);
1344 io_text[1] = io[3] ^ SUBKEY_R(32);
1349 static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1351 u32 il,ir,t0,t1; /* temporary variables */
1355 /* pre whitening but absorb kw2 */
1356 io[0] = io_text[0] ^ SUBKEY_L(32);
1357 io[1] = io_text[1] ^ SUBKEY_R(32);
1361 /* main iteration */
1362 CAMELLIA_ROUNDSM(io[0],io[1],
1363 SUBKEY_L(31),SUBKEY_R(31),
1364 io[2],io[3],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[2],io[3],
1366 SUBKEY_L(30),SUBKEY_R(30),
1367 io[0],io[1],il,ir,t0,t1);
1368 CAMELLIA_ROUNDSM(io[0],io[1],
1369 SUBKEY_L(29),SUBKEY_R(29),
1370 io[2],io[3],il,ir,t0,t1);
1371 CAMELLIA_ROUNDSM(io[2],io[3],
1372 SUBKEY_L(28),SUBKEY_R(28),
1373 io[0],io[1],il,ir,t0,t1);
1374 CAMELLIA_ROUNDSM(io[0],io[1],
1375 SUBKEY_L(27),SUBKEY_R(27),
1376 io[2],io[3],il,ir,t0,t1);
1377 CAMELLIA_ROUNDSM(io[2],io[3],
1378 SUBKEY_L(26),SUBKEY_R(26),
1379 io[0],io[1],il,ir,t0,t1);
1381 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1382 SUBKEY_L(25),SUBKEY_R(25),
1383 SUBKEY_L(24),SUBKEY_R(24),
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 SUBKEY_L(23),SUBKEY_R(23),
1388 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 SUBKEY_L(22),SUBKEY_R(22),
1391 io[0],io[1],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[0],io[1],
1393 SUBKEY_L(21),SUBKEY_R(21),
1394 io[2],io[3],il,ir,t0,t1);
1395 CAMELLIA_ROUNDSM(io[2],io[3],
1396 SUBKEY_L(20),SUBKEY_R(20),
1397 io[0],io[1],il,ir,t0,t1);
1398 CAMELLIA_ROUNDSM(io[0],io[1],
1399 SUBKEY_L(19),SUBKEY_R(19),
1400 io[2],io[3],il,ir,t0,t1);
1401 CAMELLIA_ROUNDSM(io[2],io[3],
1402 SUBKEY_L(18),SUBKEY_R(18),
1403 io[0],io[1],il,ir,t0,t1);
1405 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1406 SUBKEY_L(17),SUBKEY_R(17),
1407 SUBKEY_L(16),SUBKEY_R(16),
1410 CAMELLIA_ROUNDSM(io[0],io[1],
1411 SUBKEY_L(15),SUBKEY_R(15),
1412 io[2],io[3],il,ir,t0,t1);
1413 CAMELLIA_ROUNDSM(io[2],io[3],
1414 SUBKEY_L(14),SUBKEY_R(14),
1415 io[0],io[1],il,ir,t0,t1);
1416 CAMELLIA_ROUNDSM(io[0],io[1],
1417 SUBKEY_L(13),SUBKEY_R(13),
1418 io[2],io[3],il,ir,t0,t1);
1419 CAMELLIA_ROUNDSM(io[2],io[3],
1420 SUBKEY_L(12),SUBKEY_R(12),
1421 io[0],io[1],il,ir,t0,t1);
1422 CAMELLIA_ROUNDSM(io[0],io[1],
1423 SUBKEY_L(11),SUBKEY_R(11),
1424 io[2],io[3],il,ir,t0,t1);
1425 CAMELLIA_ROUNDSM(io[2],io[3],
1426 SUBKEY_L(10),SUBKEY_R(10),
1427 io[0],io[1],il,ir,t0,t1);
1429 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1430 SUBKEY_L(9),SUBKEY_R(9),
1431 SUBKEY_L(8),SUBKEY_R(8),
1434 CAMELLIA_ROUNDSM(io[0],io[1],
1435 SUBKEY_L(7),SUBKEY_R(7),
1436 io[2],io[3],il,ir,t0,t1);
1437 CAMELLIA_ROUNDSM(io[2],io[3],
1438 SUBKEY_L(6),SUBKEY_R(6),
1439 io[0],io[1],il,ir,t0,t1);
1440 CAMELLIA_ROUNDSM(io[0],io[1],
1441 SUBKEY_L(5),SUBKEY_R(5),
1442 io[2],io[3],il,ir,t0,t1);
1443 CAMELLIA_ROUNDSM(io[2],io[3],
1444 SUBKEY_L(4),SUBKEY_R(4),
1445 io[0],io[1],il,ir,t0,t1);
1446 CAMELLIA_ROUNDSM(io[0],io[1],
1447 SUBKEY_L(3),SUBKEY_R(3),
1448 io[2],io[3],il,ir,t0,t1);
1449 CAMELLIA_ROUNDSM(io[2],io[3],
1450 SUBKEY_L(2),SUBKEY_R(2),
1451 io[0],io[1],il,ir,t0,t1);
1453 /* post whitening but kw4 */
1454 io_text[0] = io[2] ^ SUBKEY_L(0);
1455 io_text[1] = io[3] ^ SUBKEY_R(0);
1461 struct camellia_ctx {
1463 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / 4];
1467 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1468 unsigned int key_len)
1470 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1471 const unsigned char *key = (const unsigned char *)in_key;
1472 u32 *flags = &tfm->crt_flags;
1474 if (key_len != 16 && key_len != 24 && key_len != 32) {
1475 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1479 cctx->key_length = key_len;
1483 camellia_setup128(key, cctx->key_table);
1486 camellia_setup192(key, cctx->key_table);
1489 camellia_setup256(key, cctx->key_table);
1496 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1498 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1499 const __be32 *src = (const __be32 *)in;
1500 __be32 *dst = (__be32 *)out;
1504 tmp[0] = be32_to_cpu(src[0]);
1505 tmp[1] = be32_to_cpu(src[1]);
1506 tmp[2] = be32_to_cpu(src[2]);
1507 tmp[3] = be32_to_cpu(src[3]);
1509 switch (cctx->key_length) {
1511 camellia_encrypt128(cctx->key_table, tmp);
1516 camellia_encrypt256(cctx->key_table, tmp);
1520 dst[0] = cpu_to_be32(tmp[0]);
1521 dst[1] = cpu_to_be32(tmp[1]);
1522 dst[2] = cpu_to_be32(tmp[2]);
1523 dst[3] = cpu_to_be32(tmp[3]);
1526 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1528 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1529 const __be32 *src = (const __be32 *)in;
1530 __be32 *dst = (__be32 *)out;
1534 tmp[0] = be32_to_cpu(src[0]);
1535 tmp[1] = be32_to_cpu(src[1]);
1536 tmp[2] = be32_to_cpu(src[2]);
1537 tmp[3] = be32_to_cpu(src[3]);
1539 switch (cctx->key_length) {
1541 camellia_decrypt128(cctx->key_table, tmp);
1546 camellia_decrypt256(cctx->key_table, tmp);
1550 dst[0] = cpu_to_be32(tmp[0]);
1551 dst[1] = cpu_to_be32(tmp[1]);
1552 dst[2] = cpu_to_be32(tmp[2]);
1553 dst[3] = cpu_to_be32(tmp[3]);
1556 static struct crypto_alg camellia_alg = {
1557 .cra_name = "camellia",
1558 .cra_driver_name = "camellia-generic",
1559 .cra_priority = 100,
1560 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1561 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1562 .cra_ctxsize = sizeof(struct camellia_ctx),
1564 .cra_module = THIS_MODULE,
1565 .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1568 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1569 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1570 .cia_setkey = camellia_set_key,
1571 .cia_encrypt = camellia_encrypt,
1572 .cia_decrypt = camellia_decrypt
1577 static int __init camellia_init(void)
1579 return crypto_register_alg(&camellia_alg);
1582 static void __exit camellia_fini(void)
1584 crypto_unregister_alg(&camellia_alg);
1587 module_init(camellia_init);
1588 module_exit(camellia_fini);
1590 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1591 MODULE_LICENSE("GPL");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob