1 /* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2 /* ====================================================================
3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
6 * Intellectual Property information for Camellia:
7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
9 * News Release for Announcement of Camellia open source:
10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html
12 * The Camellia Code included herein is developed by
13 * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
14 * to the OpenSSL project.
16 * The Camellia Code is licensed pursuant to the OpenSSL open source
17 * license provided below.
19 /* ====================================================================
20 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the above copyright
27 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in
31 * the documentation and/or other materials provided with the
34 * 3. All advertising materials mentioning features or use of this
35 * software must display the following acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
39 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
40 * endorse or promote products derived from this software without
41 * prior written permission. For written permission, please contact
42 * openssl-core@openssl.org.
44 * 5. Products derived from this software may not be called "OpenSSL"
45 * nor may "OpenSSL" appear in their names without prior written
46 * permission of the OpenSSL Project.
48 * 6. Redistributions of any form whatsoever must retain the following
50 * "This product includes software developed by the OpenSSL Project
51 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
53 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
57 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64 * OF THE POSSIBILITY OF SUCH DAMAGE.
65 * ====================================================================
68 /* Algorithm Specification
69 http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
77 #include "cmll_locl.h"
80 #define CAMELLIA_SIGMA1L (0xA09E667FL)
81 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
82 #define CAMELLIA_SIGMA2L (0xB67AE858L)
83 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
84 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
85 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
86 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
87 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
88 #define CAMELLIA_SIGMA5L (0x10E527FAL)
89 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
90 #define CAMELLIA_SIGMA6L (0xB05688C2L)
91 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
97 /* e is pointer of subkey */
98 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
99 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
101 /* rotation right shift 1byte */
102 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
103 /* rotation left shift 1bit */
104 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
105 /* rotation left shift 1byte */
106 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
108 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
112 ll = (ll << bits) + (lr >> (32 - bits)); \
113 lr = (lr << bits) + (rl >> (32 - bits)); \
114 rl = (rl << bits) + (rr >> (32 - bits)); \
115 rr = (rr << bits) + (w0 >> (32 - bits)); \
118 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
123 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
124 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
125 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
126 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
129 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
130 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
131 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
132 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
134 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
141 yl = CAMELLIA_SP1110(ir & 0xff) \
142 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
143 ^ CAMELLIA_SP3033(t1 & 0xff) \
144 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
145 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
146 ^ CAMELLIA_SP0222(t0 & 0xff) \
147 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
148 ^ CAMELLIA_SP4404(il & 0xff); \
150 yr = CAMELLIA_RR8(yr); \
159 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
164 lr ^= CAMELLIA_RL1(t0); \
174 rr ^= CAMELLIA_RL1(t3); \
177 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
184 ir = CAMELLIA_SP1110(ir & 0xff) \
185 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
186 ^ CAMELLIA_SP3033(t1 & 0xff) \
187 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
188 il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
189 ^ CAMELLIA_SP0222(t0 & 0xff) \
190 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
191 ^ CAMELLIA_SP4404(il & 0xff); \
195 il = CAMELLIA_RR8(il); \
201 static const u32 camellia_sp1110[256] =
203 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
204 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
205 0xe4e4e400,0x85858500,0x57575700,0x35353500,
206 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
207 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
208 0x45454500,0x19191900,0xa5a5a500,0x21212100,
209 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
210 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
211 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
212 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
213 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
214 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
215 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
216 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
217 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
218 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
219 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
220 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
221 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
222 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
223 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
224 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
225 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
226 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
227 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
228 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
229 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
230 0x53535300,0x18181800,0xf2f2f200,0x22222200,
231 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
232 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
233 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
234 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
235 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
236 0xa1a1a100,0x89898900,0x62626200,0x97979700,
237 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
238 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
239 0x10101000,0xc4c4c400,0x00000000,0x48484800,
240 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
241 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
242 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
243 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
244 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
245 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
246 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
247 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
248 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
249 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
250 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
251 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
252 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
253 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
254 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
255 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
256 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
257 0xd4d4d400,0x25252500,0xababab00,0x42424200,
258 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
259 0x72727200,0x07070700,0xb9b9b900,0x55555500,
260 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
261 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
262 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
263 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
264 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
265 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
266 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
269 static const u32 camellia_sp0222[256] =
271 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
272 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
273 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
274 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
275 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
276 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
277 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
278 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
279 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
280 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
281 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
282 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
283 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
284 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
285 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
286 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
287 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
288 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
289 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
290 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
291 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
292 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
293 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
294 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
295 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
296 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
297 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
298 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
299 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
300 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
301 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
302 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
303 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
304 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
305 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
306 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
307 0x00202020,0x00898989,0x00000000,0x00909090,
308 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
309 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
310 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
311 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
312 0x009b9b9b,0x00949494,0x00212121,0x00666666,
313 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
314 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
315 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
316 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
317 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
318 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
319 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
320 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
321 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
322 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
323 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
324 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
325 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
326 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
327 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
328 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
329 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
330 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
331 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
332 0x00777777,0x00939393,0x00868686,0x00838383,
333 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
334 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
337 static const u32 camellia_sp3033[256] =
339 0x38003838,0x41004141,0x16001616,0x76007676,
340 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
341 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
342 0x75007575,0x06000606,0x57005757,0xa000a0a0,
343 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
344 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
345 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
346 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
347 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
348 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
349 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
350 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
351 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
352 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
353 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
354 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
355 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
356 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
357 0x3a003a3a,0x09000909,0x95009595,0x10001010,
358 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
359 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
360 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
361 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
362 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
363 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
364 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
365 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
366 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
367 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
368 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
369 0x12001212,0x04000404,0x74007474,0x54005454,
370 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
371 0x55005555,0x68006868,0x50005050,0xbe00bebe,
372 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
373 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
374 0x70007070,0xff00ffff,0x32003232,0x69006969,
375 0x08000808,0x62006262,0x00000000,0x24002424,
376 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
377 0x45004545,0x81008181,0x73007373,0x6d006d6d,
378 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
379 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
380 0xe600e6e6,0x25002525,0x48004848,0x99009999,
381 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
382 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
383 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
384 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
385 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
386 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
387 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
388 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
389 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
390 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
391 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
392 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
393 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
394 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
395 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
396 0x7c007c7c,0x77007777,0x56005656,0x05000505,
397 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
398 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
399 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
400 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
401 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
402 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
405 static const u32 camellia_sp4404[256] =
407 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
408 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
409 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
410 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
411 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
412 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
413 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
414 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
415 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
416 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
417 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
418 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
419 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
420 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
421 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
422 0x24240024,0xe8e800e8,0x60600060,0x69690069,
423 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
424 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
425 0x10100010,0x00000000,0xa3a300a3,0x75750075,
426 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
427 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
428 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
429 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
430 0x81810081,0x6f6f006f,0x13130013,0x63630063,
431 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
432 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
433 0x78780078,0x06060006,0xe7e700e7,0x71710071,
434 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
435 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
436 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
437 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
438 0x15150015,0xadad00ad,0x77770077,0x80800080,
439 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
440 0x85850085,0x35350035,0x0c0c000c,0x41410041,
441 0xefef00ef,0x93930093,0x19190019,0x21210021,
442 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
443 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
444 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
445 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
446 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
447 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
448 0x12120012,0x20200020,0xb1b100b1,0x99990099,
449 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
450 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
451 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
452 0x0f0f000f,0x16160016,0x18180018,0x22220022,
453 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
454 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
455 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
456 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
457 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
458 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
459 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
460 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
461 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
462 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
463 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
464 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
465 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
466 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
467 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
468 0x49490049,0x68680068,0x38380038,0xa4a400a4,
469 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
470 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
474 * Stuff related to the Camellia key schedule
476 #define subl(x) subL[(x)]
477 #define subr(x) subR[(x)]
479 void camellia_setup128(const u8 *key, u32 *subkey)
481 u32 kll, klr, krl, krr;
482 u32 il, ir, t0, t1, w0, w1;
483 u32 kw4l, kw4r, dw, tl, tr;
488 * k == kll || klr || krl || krr (|| is concatination)
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
495 * generate KL dependent subkeys
498 subl(0) = kll; subr(0) = klr;
500 subl(1) = krl; subr(1) = krr;
501 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
504 subl(4) = kll; subr(4) = klr;
506 subl(5) = krl; subr(5) = krr;
507 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
510 subl(10) = kll; subr(10) = klr;
512 subl(11) = krl; subr(11) = krr;
513 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
516 subl(13) = krl; subr(13) = krr;
517 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
520 subl(16) = kll; subr(16) = klr;
522 subl(17) = krl; subr(17) = krr;
523 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
526 subl(18) = kll; subr(18) = klr;
528 subl(19) = krl; subr(19) = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
532 subl(22) = kll; subr(22) = klr;
534 subl(23) = krl; subr(23) = krr;
537 kll = subl(0); klr = subr(0);
538 krl = subl(1); krr = subr(1);
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1);
542 krl ^= w0; krr ^= w1;
544 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545 kll, klr, il, ir, t0, t1);
546 /* current status == (kll, klr, w0, w1) */
548 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549 krl, krr, il, ir, t0, t1);
550 krl ^= w0; krr ^= w1;
552 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553 w0, w1, il, ir, t0, t1);
554 kll ^= w0; klr ^= w1;
556 /* generate KA dependent subkeys */
558 subl(2) = kll; subr(2) = klr;
559 subl(3) = krl; subr(3) = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
562 subl(6) = kll; subr(6) = klr;
563 subl(7) = krl; subr(7) = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
566 subl(8) = kll; subr(8) = klr;
567 subl(9) = krl; subr(9) = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
570 subl(12) = kll; subr(12) = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
573 subl(14) = kll; subr(14) = klr;
574 subl(15) = krl; subr(15) = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
577 subl(20) = kll; subr(20) = klr;
578 subl(21) = krl; subr(21) = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
581 subl(24) = kll; subr(24) = klr;
582 subl(25) = krl; subr(25) = krr;
585 /* absorb kw2 to other subkeys */
587 subl(3) ^= subl(1); subr(3) ^= subr(1);
589 subl(5) ^= subl(1); subr(5) ^= subr(1);
591 subl(7) ^= subl(1); subr(7) ^= subr(1);
592 subl(1) ^= subr(1) & ~subr(9);
593 dw = subl(1) & subl(9),
594 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
596 subl(11) ^= subl(1); subr(11) ^= subr(1);
598 subl(13) ^= subl(1); subr(13) ^= subr(1);
600 subl(15) ^= subl(1); subr(15) ^= subr(1);
601 subl(1) ^= subr(1) & ~subr(17);
602 dw = subl(1) & subl(17),
603 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
605 subl(19) ^= subl(1); subr(19) ^= subr(1);
607 subl(21) ^= subl(1); subr(21) ^= subr(1);
609 subl(23) ^= subl(1); subr(23) ^= subr(1);
611 subl(24) ^= subl(1); subr(24) ^= subr(1);
613 /* absorb kw4 to other subkeys */
614 kw4l = subl(25); kw4r = subr(25);
616 subl(22) ^= kw4l; subr(22) ^= kw4r;
618 subl(20) ^= kw4l; subr(20) ^= kw4r;
620 subl(18) ^= kw4l; subr(18) ^= kw4r;
621 kw4l ^= kw4r & ~subr(16);
622 dw = kw4l & subl(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
625 subl(14) ^= kw4l; subr(14) ^= kw4r;
627 subl(12) ^= kw4l; subr(12) ^= kw4r;
629 subl(10) ^= kw4l; subr(10) ^= kw4r;
630 kw4l ^= kw4r & ~subr(8);
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
634 subl(6) ^= kw4l; subr(6) ^= kw4r;
636 subl(4) ^= kw4l; subr(4) ^= kw4r;
638 subl(2) ^= kw4l; subr(2) ^= kw4r;
640 subl(0) ^= kw4l; subr(0) ^= kw4r;
643 /* key XOR is end of F-function */
644 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
645 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
646 CamelliaSubkeyL(2) = subl(3); /* round 1 */
647 CamelliaSubkeyR(2) = subr(3);
648 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
649 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
650 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
651 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
652 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
653 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
654 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
655 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
656 tl = subl(10) ^ (subr(10) & ~subr(8));
657 dw = tl & subl(8), /* FL(kl1) */
658 tr = subr(10) ^ CAMELLIA_RL1(dw);
659 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
660 CamelliaSubkeyR(7) = subr(6) ^ tr;
661 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
662 CamelliaSubkeyR(8) = subr(8);
663 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
664 CamelliaSubkeyR(9) = subr(9);
665 tl = subl(7) ^ (subr(7) & ~subr(9));
666 dw = tl & subl(9), /* FLinv(kl2) */
667 tr = subr(7) ^ CAMELLIA_RL1(dw);
668 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
669 CamelliaSubkeyR(10) = tr ^ subr(11);
670 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
671 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
672 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
673 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
674 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
675 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
676 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
677 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
678 tl = subl(18) ^ (subr(18) & ~subr(16));
679 dw = tl & subl(16), /* FL(kl3) */
680 tr = subr(18) ^ CAMELLIA_RL1(dw);
681 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
682 CamelliaSubkeyR(15) = subr(14) ^ tr;
683 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
684 CamelliaSubkeyR(16) = subr(16);
685 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
686 CamelliaSubkeyR(17) = subr(17);
687 tl = subl(15) ^ (subr(15) & ~subr(17));
688 dw = tl & subl(17), /* FLinv(kl4) */
689 tr = subr(15) ^ CAMELLIA_RL1(dw);
690 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
691 CamelliaSubkeyR(18) = tr ^ subr(19);
692 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
693 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
694 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
695 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
696 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
697 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
698 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
699 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
700 CamelliaSubkeyL(23) = subl(22); /* round 18 */
701 CamelliaSubkeyR(23) = subr(22);
702 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
703 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
705 /* apply the inverse of the last half of P-function */
706 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
707 dw = CAMELLIA_RL8(dw);/* round 1 */
708 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
709 CamelliaSubkeyL(2) = dw;
710 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
711 dw = CAMELLIA_RL8(dw);/* round 2 */
712 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
713 CamelliaSubkeyL(3) = dw;
714 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
715 dw = CAMELLIA_RL8(dw);/* round 3 */
716 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
717 CamelliaSubkeyL(4) = dw;
718 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
719 dw = CAMELLIA_RL8(dw);/* round 4 */
720 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
721 CamelliaSubkeyL(5) = dw;
722 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
723 dw = CAMELLIA_RL8(dw);/* round 5 */
724 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
725 CamelliaSubkeyL(6) = dw;
726 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
727 dw = CAMELLIA_RL8(dw);/* round 6 */
728 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
729 CamelliaSubkeyL(7) = dw;
730 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
731 dw = CAMELLIA_RL8(dw);/* round 7 */
732 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
733 CamelliaSubkeyL(10) = dw;
734 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
735 dw = CAMELLIA_RL8(dw);/* round 8 */
736 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
737 CamelliaSubkeyL(11) = dw;
738 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
739 dw = CAMELLIA_RL8(dw);/* round 9 */
740 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
741 CamelliaSubkeyL(12) = dw;
742 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
743 dw = CAMELLIA_RL8(dw);/* round 10 */
744 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
745 CamelliaSubkeyL(13) = dw;
746 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
747 dw = CAMELLIA_RL8(dw);/* round 11 */
748 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
749 CamelliaSubkeyL(14) = dw;
750 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
751 dw = CAMELLIA_RL8(dw);/* round 12 */
752 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
753 CamelliaSubkeyL(15) = dw;
754 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
755 dw = CAMELLIA_RL8(dw);/* round 13 */
756 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
757 CamelliaSubkeyL(18) = dw;
758 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
759 dw = CAMELLIA_RL8(dw);/* round 14 */
760 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
761 CamelliaSubkeyL(19) = dw;
762 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
763 dw = CAMELLIA_RL8(dw);/* round 15 */
764 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
765 CamelliaSubkeyL(20) = dw;
766 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
767 dw = CAMELLIA_RL8(dw);/* round 16 */
768 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
769 CamelliaSubkeyL(21) = dw;
770 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
771 dw = CAMELLIA_RL8(dw);/* round 17 */
772 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
773 CamelliaSubkeyL(22) = dw;
774 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
775 dw = CAMELLIA_RL8(dw);/* round 18 */
776 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
777 CamelliaSubkeyL(23) = dw;
782 void camellia_setup256(const u8 *key, u32 *subkey)
784 u32 kll,klr,krl,krr; /* left half of key */
785 u32 krll,krlr,krrl,krrr; /* right half of key */
786 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
787 u32 kw4l, kw4r, dw, tl, tr;
792 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
793 * (|| is concatination)
797 klr = GETU32(key + 4);
798 krl = GETU32(key + 8);
799 krr = GETU32(key + 12);
800 krll = GETU32(key + 16);
801 krlr = GETU32(key + 20);
802 krrl = GETU32(key + 24);
803 krrr = GETU32(key + 28);
805 /* generate KL dependent subkeys */
807 subl(0) = kll; subr(0) = klr;
809 subl(1) = krl; subr(1) = krr;
810 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812 subl(12) = kll; subr(12) = klr;
814 subl(13) = krl; subr(13) = krr;
815 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817 subl(16) = kll; subr(16) = klr;
819 subl(17) = krl; subr(17) = krr;
820 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822 subl(22) = kll; subr(22) = klr;
824 subl(23) = krl; subr(23) = krr;
825 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827 subl(30) = kll; subr(30) = klr;
829 subl(31) = krl; subr(31) = krr;
831 /* generate KR dependent subkeys */
832 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834 subl(4) = krll; subr(4) = krlr;
836 subl(5) = krrl; subr(5) = krrr;
837 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839 subl(8) = krll; subr(8) = krlr;
841 subl(9) = krrl; subr(9) = krrr;
842 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844 subl(18) = krll; subr(18) = krlr;
846 subl(19) = krrl; subr(19) = krrr;
847 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849 subl(26) = krll; subr(26) = krlr;
851 subl(27) = krrl; subr(27) = krrr;
852 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
855 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
856 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
858 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
859 w0, w1, il, ir, t0, t1);
860 krl ^= w0; krr ^= w1;
862 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
863 kll, klr, il, ir, t0, t1);
864 kll ^= krll; klr ^= krlr;
866 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
867 krl, krr, il, ir, t0, t1);
868 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
870 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
871 w0, w1, il, ir, t0, t1);
872 kll ^= w0; klr ^= w1;
875 krll ^= kll; krlr ^= klr;
876 krrl ^= krl; krrr ^= krr;
877 CAMELLIA_F(krll, krlr,
878 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
879 w0, w1, il, ir, t0, t1);
880 krrl ^= w0; krrr ^= w1;
881 CAMELLIA_F(krrl, krrr,
882 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
883 w0, w1, il, ir, t0, t1);
884 krll ^= w0; krlr ^= w1;
886 /* generate KA dependent subkeys */
887 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889 subl(6) = kll; subr(6) = klr;
891 subl(7) = krl; subr(7) = krr;
892 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894 subl(14) = kll; subr(14) = klr;
896 subl(15) = krl; subr(15) = krr;
897 /* rotation left shift 32bit */
899 subl(24) = klr; subr(24) = krl;
901 subl(25) = krr; subr(25) = kll;
902 /* rotation left shift 49 from k11,k12 -> k21,k22 */
903 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905 subl(28) = kll; subr(28) = klr;
907 subl(29) = krl; subr(29) = krr;
909 /* generate KB dependent subkeys */
911 subl(2) = krll; subr(2) = krlr;
913 subl(3) = krrl; subr(3) = krrr;
914 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916 subl(10) = krll; subr(10) = krlr;
918 subl(11) = krrl; subr(11) = krrr;
919 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921 subl(20) = krll; subr(20) = krlr;
923 subl(21) = krrl; subr(21) = krrr;
924 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926 subl(32) = krll; subr(32) = krlr;
928 subl(33) = krrl; subr(33) = krrr;
930 /* absorb kw2 to other subkeys */
932 subl(3) ^= subl(1); subr(3) ^= subr(1);
934 subl(5) ^= subl(1); subr(5) ^= subr(1);
936 subl(7) ^= subl(1); subr(7) ^= subr(1);
937 subl(1) ^= subr(1) & ~subr(9);
938 dw = subl(1) & subl(9),
939 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941 subl(11) ^= subl(1); subr(11) ^= subr(1);
943 subl(13) ^= subl(1); subr(13) ^= subr(1);
945 subl(15) ^= subl(1); subr(15) ^= subr(1);
946 subl(1) ^= subr(1) & ~subr(17);
947 dw = subl(1) & subl(17),
948 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950 subl(19) ^= subl(1); subr(19) ^= subr(1);
952 subl(21) ^= subl(1); subr(21) ^= subr(1);
954 subl(23) ^= subl(1); subr(23) ^= subr(1);
955 subl(1) ^= subr(1) & ~subr(25);
956 dw = subl(1) & subl(25),
957 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959 subl(27) ^= subl(1); subr(27) ^= subr(1);
961 subl(29) ^= subl(1); subr(29) ^= subr(1);
963 subl(31) ^= subl(1); subr(31) ^= subr(1);
965 subl(32) ^= subl(1); subr(32) ^= subr(1);
968 /* absorb kw4 to other subkeys */
969 kw4l = subl(33); kw4r = subr(33);
971 subl(30) ^= kw4l; subr(30) ^= kw4r;
973 subl(28) ^= kw4l; subr(28) ^= kw4r;
975 subl(26) ^= kw4l; subr(26) ^= kw4r;
976 kw4l ^= kw4r & ~subr(24);
977 dw = kw4l & subl(24),
978 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980 subl(22) ^= kw4l; subr(22) ^= kw4r;
982 subl(20) ^= kw4l; subr(20) ^= kw4r;
984 subl(18) ^= kw4l; subr(18) ^= kw4r;
985 kw4l ^= kw4r & ~subr(16);
986 dw = kw4l & subl(16),
987 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989 subl(14) ^= kw4l; subr(14) ^= kw4r;
991 subl(12) ^= kw4l; subr(12) ^= kw4r;
993 subl(10) ^= kw4l; subr(10) ^= kw4r;
994 kw4l ^= kw4r & ~subr(8);
996 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998 subl(6) ^= kw4l; subr(6) ^= kw4r;
1000 subl(4) ^= kw4l; subr(4) ^= kw4r;
1002 subl(2) ^= kw4l; subr(2) ^= kw4r;
1004 subl(0) ^= kw4l; subr(0) ^= kw4r;
1006 /* key XOR is end of F-function */
1007 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
1008 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1009 CamelliaSubkeyL(2) = subl(3); /* round 1 */
1010 CamelliaSubkeyR(2) = subr(3);
1011 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1012 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1013 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1014 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1015 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1016 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1017 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1018 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1019 tl = subl(10) ^ (subr(10) & ~subr(8));
1020 dw = tl & subl(8), /* FL(kl1) */
1021 tr = subr(10) ^ CAMELLIA_RL1(dw);
1022 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1023 CamelliaSubkeyR(7) = subr(6) ^ tr;
1024 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1025 CamelliaSubkeyR(8) = subr(8);
1026 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1027 CamelliaSubkeyR(9) = subr(9);
1028 tl = subl(7) ^ (subr(7) & ~subr(9));
1029 dw = tl & subl(9), /* FLinv(kl2) */
1030 tr = subr(7) ^ CAMELLIA_RL1(dw);
1031 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1032 CamelliaSubkeyR(10) = tr ^ subr(11);
1033 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1034 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1035 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1036 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1037 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1038 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1039 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1040 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1041 tl = subl(18) ^ (subr(18) & ~subr(16));
1042 dw = tl & subl(16), /* FL(kl3) */
1043 tr = subr(18) ^ CAMELLIA_RL1(dw);
1044 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1045 CamelliaSubkeyR(15) = subr(14) ^ tr;
1046 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1047 CamelliaSubkeyR(16) = subr(16);
1048 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1049 CamelliaSubkeyR(17) = subr(17);
1050 tl = subl(15) ^ (subr(15) & ~subr(17));
1051 dw = tl & subl(17), /* FLinv(kl4) */
1052 tr = subr(15) ^ CAMELLIA_RL1(dw);
1053 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1054 CamelliaSubkeyR(18) = tr ^ subr(19);
1055 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1056 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1057 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1058 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1059 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1060 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1061 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1062 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1063 tl = subl(26) ^ (subr(26)
1065 dw = tl & subl(24), /* FL(kl5) */
1066 tr = subr(26) ^ CAMELLIA_RL1(dw);
1067 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1068 CamelliaSubkeyR(23) = subr(22) ^ tr;
1069 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1070 CamelliaSubkeyR(24) = subr(24);
1071 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1072 CamelliaSubkeyR(25) = subr(25);
1073 tl = subl(23) ^ (subr(23) &
1075 dw = tl & subl(25), /* FLinv(kl6) */
1076 tr = subr(23) ^ CAMELLIA_RL1(dw);
1077 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1078 CamelliaSubkeyR(26) = tr ^ subr(27);
1079 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1080 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1081 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1082 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1083 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1084 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1085 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1086 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1087 CamelliaSubkeyL(31) = subl(30); /* round 24 */
1088 CamelliaSubkeyR(31) = subr(30);
1089 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1090 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1092 /* apply the inverse of the last half of P-function */
1093 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
1094 dw = CAMELLIA_RL8(dw);/* round 1 */
1095 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
1096 CamelliaSubkeyL(2) = dw;
1097 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
1098 dw = CAMELLIA_RL8(dw);/* round 2 */
1099 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
1100 CamelliaSubkeyL(3) = dw;
1101 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
1102 dw = CAMELLIA_RL8(dw);/* round 3 */
1103 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
1104 CamelliaSubkeyL(4) = dw;
1105 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
1106 dw = CAMELLIA_RL8(dw);/* round 4 */
1107 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
1108 CamelliaSubkeyL(5) = dw;
1109 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
1110 dw = CAMELLIA_RL8(dw);/* round 5 */
1111 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
1112 CamelliaSubkeyL(6) = dw;
1113 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
1114 dw = CAMELLIA_RL8(dw);/* round 6 */
1115 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
1116 CamelliaSubkeyL(7) = dw;
1117 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
1118 dw = CAMELLIA_RL8(dw);/* round 7 */
1119 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
1120 CamelliaSubkeyL(10) = dw;
1121 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
1122 dw = CAMELLIA_RL8(dw);/* round 8 */
1123 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
1124 CamelliaSubkeyL(11) = dw;
1125 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
1126 dw = CAMELLIA_RL8(dw);/* round 9 */
1127 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
1128 CamelliaSubkeyL(12) = dw;
1129 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
1130 dw = CAMELLIA_RL8(dw);/* round 10 */
1131 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
1132 CamelliaSubkeyL(13) = dw;
1133 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
1134 dw = CAMELLIA_RL8(dw);/* round 11 */
1135 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
1136 CamelliaSubkeyL(14) = dw;
1137 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
1138 dw = CAMELLIA_RL8(dw);/* round 12 */
1139 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
1140 CamelliaSubkeyL(15) = dw;
1141 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
1142 dw = CAMELLIA_RL8(dw);/* round 13 */
1143 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
1144 CamelliaSubkeyL(18) = dw;
1145 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
1146 dw = CAMELLIA_RL8(dw);/* round 14 */
1147 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
1148 CamelliaSubkeyL(19) = dw;
1149 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
1150 dw = CAMELLIA_RL8(dw);/* round 15 */
1151 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
1152 CamelliaSubkeyL(20) = dw;
1153 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
1154 dw = CAMELLIA_RL8(dw);/* round 16 */
1155 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
1156 CamelliaSubkeyL(21) = dw;
1157 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
1158 dw = CAMELLIA_RL8(dw);/* round 17 */
1159 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
1160 CamelliaSubkeyL(22) = dw;
1161 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
1162 dw = CAMELLIA_RL8(dw);/* round 18 */
1163 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
1164 CamelliaSubkeyL(23) = dw;
1165 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
1166 dw = CAMELLIA_RL8(dw);/* round 19 */
1167 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
1168 CamelliaSubkeyL(26) = dw;
1169 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
1170 dw = CAMELLIA_RL8(dw);/* round 20 */
1171 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
1172 CamelliaSubkeyL(27) = dw;
1173 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
1174 dw = CAMELLIA_RL8(dw);/* round 21 */
1175 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
1176 CamelliaSubkeyL(28) = dw;
1177 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
1178 dw = CAMELLIA_RL8(dw);/* round 22 */
1179 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
1180 CamelliaSubkeyL(29) = dw;
1181 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
1182 dw = CAMELLIA_RL8(dw);/* round 23 */
1183 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
1184 CamelliaSubkeyL(30) = dw;
1185 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
1186 dw = CAMELLIA_RL8(dw);/* round 24 */
1187 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
1188 CamelliaSubkeyL(31) = dw;
1194 void camellia_setup192(const u8 *key, u32 *subkey)
1197 u32 krll, krlr, krrl,krrr;
1199 memcpy(kk, key, 24);
1200 memcpy((u8 *)&krll, key+16,4);
1201 memcpy((u8 *)&krlr, key+20,4);
1204 memcpy(kk+24, (u8 *)&krrl, 4);
1205 memcpy(kk+28, (u8 *)&krrr, 4);
1206 camellia_setup256(kk, subkey);
1212 * Stuff related to camellia encryption/decryption
1214 void camellia_encrypt128(const u32 *subkey, u32 *io)
1218 /* pre whitening but absorb kw2*/
1219 io[0] ^= CamelliaSubkeyL(0);
1220 io[1] ^= CamelliaSubkeyR(0);
1221 /* main iteration */
1223 CAMELLIA_ROUNDSM(io[0],io[1],
1224 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1225 io[2],io[3],il,ir,t0,t1);
1226 CAMELLIA_ROUNDSM(io[2],io[3],
1227 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1228 io[0],io[1],il,ir,t0,t1);
1229 CAMELLIA_ROUNDSM(io[0],io[1],
1230 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1231 io[2],io[3],il,ir,t0,t1);
1232 CAMELLIA_ROUNDSM(io[2],io[3],
1233 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1234 io[0],io[1],il,ir,t0,t1);
1235 CAMELLIA_ROUNDSM(io[0],io[1],
1236 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1237 io[2],io[3],il,ir,t0,t1);
1238 CAMELLIA_ROUNDSM(io[2],io[3],
1239 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1240 io[0],io[1],il,ir,t0,t1);
1242 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1243 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1244 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1247 CAMELLIA_ROUNDSM(io[0],io[1],
1248 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1249 io[2],io[3],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[2],io[3],
1251 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1252 io[0],io[1],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[0],io[1],
1254 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1255 io[2],io[3],il,ir,t0,t1);
1256 CAMELLIA_ROUNDSM(io[2],io[3],
1257 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1258 io[0],io[1],il,ir,t0,t1);
1259 CAMELLIA_ROUNDSM(io[0],io[1],
1260 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1261 io[2],io[3],il,ir,t0,t1);
1262 CAMELLIA_ROUNDSM(io[2],io[3],
1263 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1264 io[0],io[1],il,ir,t0,t1);
1266 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1267 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1268 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1271 CAMELLIA_ROUNDSM(io[0],io[1],
1272 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1273 io[2],io[3],il,ir,t0,t1);
1274 CAMELLIA_ROUNDSM(io[2],io[3],
1275 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1276 io[0],io[1],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[0],io[1],
1278 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1279 io[2],io[3],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[2],io[3],
1281 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1282 io[0],io[1],il,ir,t0,t1);
1283 CAMELLIA_ROUNDSM(io[0],io[1],
1284 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1285 io[2],io[3],il,ir,t0,t1);
1286 CAMELLIA_ROUNDSM(io[2],io[3],
1287 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1288 io[0],io[1],il,ir,t0,t1);
1290 /* post whitening but kw4 */
1291 io[2] ^= CamelliaSubkeyL(24);
1292 io[3] ^= CamelliaSubkeyR(24);
1304 void camellia_decrypt128(const u32 *subkey, u32 *io)
1306 u32 il,ir,t0,t1; /* temporary valiables */
1308 /* pre whitening but absorb kw2*/
1309 io[0] ^= CamelliaSubkeyL(24);
1310 io[1] ^= CamelliaSubkeyR(24);
1312 /* main iteration */
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1318 io[0],io[1],il,ir,t0,t1);
1319 CAMELLIA_ROUNDSM(io[0],io[1],
1320 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1321 io[2],io[3],il,ir,t0,t1);
1322 CAMELLIA_ROUNDSM(io[2],io[3],
1323 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1324 io[0],io[1],il,ir,t0,t1);
1325 CAMELLIA_ROUNDSM(io[0],io[1],
1326 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
1329 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1330 io[0],io[1],il,ir,t0,t1);
1332 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1333 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1334 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1337 CAMELLIA_ROUNDSM(io[0],io[1],
1338 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1339 io[2],io[3],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[2],io[3],
1341 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1342 io[0],io[1],il,ir,t0,t1);
1343 CAMELLIA_ROUNDSM(io[0],io[1],
1344 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1345 io[2],io[3],il,ir,t0,t1);
1346 CAMELLIA_ROUNDSM(io[2],io[3],
1347 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1348 io[0],io[1],il,ir,t0,t1);
1349 CAMELLIA_ROUNDSM(io[0],io[1],
1350 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1351 io[2],io[3],il,ir,t0,t1);
1352 CAMELLIA_ROUNDSM(io[2],io[3],
1353 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1354 io[0],io[1],il,ir,t0,t1);
1356 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1357 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1358 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1366 io[0],io[1],il,ir,t0,t1);
1367 CAMELLIA_ROUNDSM(io[0],io[1],
1368 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1369 io[2],io[3],il,ir,t0,t1);
1370 CAMELLIA_ROUNDSM(io[2],io[3],
1371 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1372 io[0],io[1],il,ir,t0,t1);
1373 CAMELLIA_ROUNDSM(io[0],io[1],
1374 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1375 io[2],io[3],il,ir,t0,t1);
1376 CAMELLIA_ROUNDSM(io[2],io[3],
1377 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1378 io[0],io[1],il,ir,t0,t1);
1380 /* post whitening but kw4 */
1381 io[2] ^= CamelliaSubkeyL(0);
1382 io[3] ^= CamelliaSubkeyR(0);
1395 * stuff for 192 and 256bit encryption/decryption
1397 void camellia_encrypt256(const u32 *subkey, u32 *io)
1399 u32 il,ir,t0,t1; /* temporary valiables */
1401 /* pre whitening but absorb kw2*/
1402 io[0] ^= CamelliaSubkeyL(0);
1403 io[1] ^= CamelliaSubkeyR(0);
1405 /* main iteration */
1406 CAMELLIA_ROUNDSM(io[0],io[1],
1407 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1408 io[2],io[3],il,ir,t0,t1);
1409 CAMELLIA_ROUNDSM(io[2],io[3],
1410 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1411 io[0],io[1],il,ir,t0,t1);
1412 CAMELLIA_ROUNDSM(io[0],io[1],
1413 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1414 io[2],io[3],il,ir,t0,t1);
1415 CAMELLIA_ROUNDSM(io[2],io[3],
1416 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1417 io[0],io[1],il,ir,t0,t1);
1418 CAMELLIA_ROUNDSM(io[0],io[1],
1419 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1420 io[2],io[3],il,ir,t0,t1);
1421 CAMELLIA_ROUNDSM(io[2],io[3],
1422 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1423 io[0],io[1],il,ir,t0,t1);
1425 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1426 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1427 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1430 CAMELLIA_ROUNDSM(io[0],io[1],
1431 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1432 io[2],io[3],il,ir,t0,t1);
1433 CAMELLIA_ROUNDSM(io[2],io[3],
1434 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1435 io[0],io[1],il,ir,t0,t1);
1436 CAMELLIA_ROUNDSM(io[0],io[1],
1437 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1438 io[2],io[3],il,ir,t0,t1);
1439 CAMELLIA_ROUNDSM(io[2],io[3],
1440 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1441 io[0],io[1],il,ir,t0,t1);
1442 CAMELLIA_ROUNDSM(io[0],io[1],
1443 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1444 io[2],io[3],il,ir,t0,t1);
1445 CAMELLIA_ROUNDSM(io[2],io[3],
1446 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1447 io[0],io[1],il,ir,t0,t1);
1449 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1450 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1451 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1454 CAMELLIA_ROUNDSM(io[0],io[1],
1455 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1456 io[2],io[3],il,ir,t0,t1);
1457 CAMELLIA_ROUNDSM(io[2],io[3],
1458 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1459 io[0],io[1],il,ir,t0,t1);
1460 CAMELLIA_ROUNDSM(io[0],io[1],
1461 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1462 io[2],io[3],il,ir,t0,t1);
1463 CAMELLIA_ROUNDSM(io[2],io[3],
1464 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1465 io[0],io[1],il,ir,t0,t1);
1466 CAMELLIA_ROUNDSM(io[0],io[1],
1467 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1468 io[2],io[3],il,ir,t0,t1);
1469 CAMELLIA_ROUNDSM(io[2],io[3],
1470 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1471 io[0],io[1],il,ir,t0,t1);
1473 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1474 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1475 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1478 CAMELLIA_ROUNDSM(io[0],io[1],
1479 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1480 io[2],io[3],il,ir,t0,t1);
1481 CAMELLIA_ROUNDSM(io[2],io[3],
1482 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1483 io[0],io[1],il,ir,t0,t1);
1484 CAMELLIA_ROUNDSM(io[0],io[1],
1485 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1486 io[2],io[3],il,ir,t0,t1);
1487 CAMELLIA_ROUNDSM(io[2],io[3],
1488 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1489 io[0],io[1],il,ir,t0,t1);
1490 CAMELLIA_ROUNDSM(io[0],io[1],
1491 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1492 io[2],io[3],il,ir,t0,t1);
1493 CAMELLIA_ROUNDSM(io[2],io[3],
1494 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1495 io[0],io[1],il,ir,t0,t1);
1497 /* post whitening but kw4 */
1498 io[2] ^= CamelliaSubkeyL(32);
1499 io[3] ^= CamelliaSubkeyR(32);
1511 void camellia_decrypt256(const u32 *subkey, u32 *io)
1513 u32 il,ir,t0,t1; /* temporary valiables */
1515 /* pre whitening but absorb kw2*/
1516 io[0] ^= CamelliaSubkeyL(32);
1517 io[1] ^= CamelliaSubkeyR(32);
1519 /* main iteration */
1520 CAMELLIA_ROUNDSM(io[0],io[1],
1521 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1522 io[2],io[3],il,ir,t0,t1);
1523 CAMELLIA_ROUNDSM(io[2],io[3],
1524 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1525 io[0],io[1],il,ir,t0,t1);
1526 CAMELLIA_ROUNDSM(io[0],io[1],
1527 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1528 io[2],io[3],il,ir,t0,t1);
1529 CAMELLIA_ROUNDSM(io[2],io[3],
1530 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1531 io[0],io[1],il,ir,t0,t1);
1532 CAMELLIA_ROUNDSM(io[0],io[1],
1533 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1534 io[2],io[3],il,ir,t0,t1);
1535 CAMELLIA_ROUNDSM(io[2],io[3],
1536 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1537 io[0],io[1],il,ir,t0,t1);
1539 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1540 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1541 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1544 CAMELLIA_ROUNDSM(io[0],io[1],
1545 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1546 io[2],io[3],il,ir,t0,t1);
1547 CAMELLIA_ROUNDSM(io[2],io[3],
1548 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1549 io[0],io[1],il,ir,t0,t1);
1550 CAMELLIA_ROUNDSM(io[0],io[1],
1551 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1552 io[2],io[3],il,ir,t0,t1);
1553 CAMELLIA_ROUNDSM(io[2],io[3],
1554 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1555 io[0],io[1],il,ir,t0,t1);
1556 CAMELLIA_ROUNDSM(io[0],io[1],
1557 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1558 io[2],io[3],il,ir,t0,t1);
1559 CAMELLIA_ROUNDSM(io[2],io[3],
1560 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1561 io[0],io[1],il,ir,t0,t1);
1563 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1564 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1565 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1568 CAMELLIA_ROUNDSM(io[0],io[1],
1569 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1570 io[2],io[3],il,ir,t0,t1);
1571 CAMELLIA_ROUNDSM(io[2],io[3],
1572 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1573 io[0],io[1],il,ir,t0,t1);
1574 CAMELLIA_ROUNDSM(io[0],io[1],
1575 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1576 io[2],io[3],il,ir,t0,t1);
1577 CAMELLIA_ROUNDSM(io[2],io[3],
1578 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1579 io[0],io[1],il,ir,t0,t1);
1580 CAMELLIA_ROUNDSM(io[0],io[1],
1581 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1582 io[2],io[3],il,ir,t0,t1);
1583 CAMELLIA_ROUNDSM(io[2],io[3],
1584 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1585 io[0],io[1],il,ir,t0,t1);
1587 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1588 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1589 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1592 CAMELLIA_ROUNDSM(io[0],io[1],
1593 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1594 io[2],io[3],il,ir,t0,t1);
1595 CAMELLIA_ROUNDSM(io[2],io[3],
1596 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1597 io[0],io[1],il,ir,t0,t1);
1598 CAMELLIA_ROUNDSM(io[0],io[1],
1599 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1600 io[2],io[3],il,ir,t0,t1);
1601 CAMELLIA_ROUNDSM(io[2],io[3],
1602 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1603 io[0],io[1],il,ir,t0,t1);
1604 CAMELLIA_ROUNDSM(io[0],io[1],
1605 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1606 io[2],io[3],il,ir,t0,t1);
1607 CAMELLIA_ROUNDSM(io[2],io[3],
1608 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1609 io[0],io[1],il,ir,t0,t1);
1611 /* post whitening but kw4 */
1612 io[2] ^= CamelliaSubkeyL(0);
1613 io[3] ^= CamelliaSubkeyR(0);