1 /* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2 /* ====================================================================
3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
6 * Intellectual Property information for Camellia:
7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
9 * News Release for Announcement of Camellia open source:
10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html
12 * The Camellia Code included herein is developed by
13 * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
14 * to the OpenSSL project.
16 * The Camellia Code is licensed pursuant to the OpenSSL open source
17 * license provided below.
19 /* ====================================================================
20 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the above copyright
27 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in
31 * the documentation and/or other materials provided with the
34 * 3. All advertising materials mentioning features or use of this
35 * software must display the following acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
39 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
40 * endorse or promote products derived from this software without
41 * prior written permission. For written permission, please contact
42 * openssl-core@openssl.org.
44 * 5. Products derived from this software may not be called "OpenSSL"
45 * nor may "OpenSSL" appear in their names without prior written
46 * permission of the OpenSSL Project.
48 * 6. Redistributions of any form whatsoever must retain the following
50 * "This product includes software developed by the OpenSSL Project
51 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
53 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
57 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64 * OF THE POSSIBILITY OF SUCH DAMAGE.
65 * ====================================================================
68 /* Algorithm Specification
69 http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
77 #include "cmll_locl.h"
80 * must be defined uint32_t
85 #define CAMELLIA_SIGMA1L (0xA09E667FL)
86 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
87 #define CAMELLIA_SIGMA2L (0xB67AE858L)
88 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
89 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
90 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
91 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
92 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
93 #define CAMELLIA_SIGMA5L (0x10E527FAL)
94 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
95 #define CAMELLIA_SIGMA6L (0xB05688C2L)
96 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
102 /* e is pointer of subkey */
105 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2 + 1])
106 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2])
108 #else /* big endian */
110 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
111 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
113 #endif /* IS_LITTLE_ENDIAN */
115 /* rotation right shift 1byte */
116 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117 /* rotation left shift 1bit */
118 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119 /* rotation left shift 1byte */
120 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
122 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
126 ll = (ll << bits) + (lr >> (32 - bits)); \
127 lr = (lr << bits) + (rl >> (32 - bits)); \
128 rl = (rl << bits) + (rr >> (32 - bits)); \
129 rr = (rr << bits) + (w0 >> (32 - bits)); \
132 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
137 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
138 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
139 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
140 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
143 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
144 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
145 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
146 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
148 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
155 yl = CAMELLIA_SP1110(ir & 0xff) \
156 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
157 ^ CAMELLIA_SP3033(t1 & 0xff) \
158 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
159 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
160 ^ CAMELLIA_SP0222(t0 & 0xff) \
161 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
162 ^ CAMELLIA_SP4404(il & 0xff); \
164 yr = CAMELLIA_RR8(yr); \
173 #if !defined(_MSC_VER)
175 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
183 lr ^= CAMELLIA_RL1(t0); \
189 rr ^= CAMELLIA_RL1(t3); \
192 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
195 ir = CAMELLIA_SP1110(xr & 0xff); \
196 il = CAMELLIA_SP1110((xl>>24) & 0xff); \
197 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
198 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
199 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
200 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
201 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
202 il ^= CAMELLIA_SP4404(xl & 0xff); \
206 yr ^= CAMELLIA_RR8(il) ^ ir; \
209 #else /* for MS-VC */
211 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
216 lr ^= CAMELLIA_RL1(t0); \
226 rr ^= CAMELLIA_RL1(t3); \
229 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
236 ir = CAMELLIA_SP1110(ir & 0xff) \
237 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
238 ^ CAMELLIA_SP3033(t1 & 0xff) \
239 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
240 il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
241 ^ CAMELLIA_SP0222(t0 & 0xff) \
242 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
243 ^ CAMELLIA_SP4404(il & 0xff); \
247 il = CAMELLIA_RR8(il); \
254 static const uint32_t camellia_sp1110[256] =
256 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
257 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
258 0xe4e4e400,0x85858500,0x57575700,0x35353500,
259 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
260 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
261 0x45454500,0x19191900,0xa5a5a500,0x21212100,
262 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
263 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
264 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
265 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
266 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
267 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
268 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
269 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
270 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
271 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
272 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
273 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
274 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
275 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
276 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
277 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
278 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
279 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
280 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
281 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
282 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
283 0x53535300,0x18181800,0xf2f2f200,0x22222200,
284 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
285 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
286 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
287 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
288 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
289 0xa1a1a100,0x89898900,0x62626200,0x97979700,
290 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
291 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
292 0x10101000,0xc4c4c400,0x00000000,0x48484800,
293 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
294 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
295 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
296 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
297 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
298 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
299 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
300 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
301 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
302 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
303 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
304 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
305 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
306 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
307 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
308 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
309 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
310 0xd4d4d400,0x25252500,0xababab00,0x42424200,
311 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
312 0x72727200,0x07070700,0xb9b9b900,0x55555500,
313 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
314 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
315 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
316 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
317 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
318 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
319 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
322 static const uint32_t camellia_sp0222[256] =
324 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
325 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
326 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
327 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
328 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
329 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
330 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
331 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
332 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
333 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
334 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
335 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
336 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
337 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
338 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
339 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
340 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
341 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
342 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
343 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
344 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
345 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
346 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
347 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
348 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
349 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
350 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
351 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
352 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
353 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
354 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
355 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
356 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
357 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
358 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
359 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
360 0x00202020,0x00898989,0x00000000,0x00909090,
361 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
362 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
363 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
364 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
365 0x009b9b9b,0x00949494,0x00212121,0x00666666,
366 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
367 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
368 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
369 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
370 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
371 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
372 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
373 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
374 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
375 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
376 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
377 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
378 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
379 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
380 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
381 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
382 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
383 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
384 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
385 0x00777777,0x00939393,0x00868686,0x00838383,
386 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
387 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
390 static const uint32_t camellia_sp3033[256] =
392 0x38003838,0x41004141,0x16001616,0x76007676,
393 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
394 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
395 0x75007575,0x06000606,0x57005757,0xa000a0a0,
396 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
397 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
398 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
399 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
400 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
401 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
402 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
403 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
404 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
405 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
406 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
407 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
408 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
409 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
410 0x3a003a3a,0x09000909,0x95009595,0x10001010,
411 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
412 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
413 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
414 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
415 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
416 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
417 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
418 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
419 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
420 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
421 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
422 0x12001212,0x04000404,0x74007474,0x54005454,
423 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
424 0x55005555,0x68006868,0x50005050,0xbe00bebe,
425 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
426 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
427 0x70007070,0xff00ffff,0x32003232,0x69006969,
428 0x08000808,0x62006262,0x00000000,0x24002424,
429 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
430 0x45004545,0x81008181,0x73007373,0x6d006d6d,
431 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
432 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
433 0xe600e6e6,0x25002525,0x48004848,0x99009999,
434 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
435 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
436 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
437 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
438 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
439 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
440 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
441 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
442 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
443 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
444 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
445 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
446 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
447 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
448 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
449 0x7c007c7c,0x77007777,0x56005656,0x05000505,
450 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
451 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
452 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
453 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
454 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
455 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
458 static const uint32_t camellia_sp4404[256] =
460 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
461 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
462 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
463 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
464 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
465 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
466 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
467 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
468 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
469 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
470 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
471 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
472 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
473 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
474 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
475 0x24240024,0xe8e800e8,0x60600060,0x69690069,
476 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
477 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
478 0x10100010,0x00000000,0xa3a300a3,0x75750075,
479 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
480 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
481 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
482 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
483 0x81810081,0x6f6f006f,0x13130013,0x63630063,
484 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
485 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
486 0x78780078,0x06060006,0xe7e700e7,0x71710071,
487 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
488 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
489 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
490 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
491 0x15150015,0xadad00ad,0x77770077,0x80800080,
492 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
493 0x85850085,0x35350035,0x0c0c000c,0x41410041,
494 0xefef00ef,0x93930093,0x19190019,0x21210021,
495 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
496 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
497 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
498 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
499 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
500 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
501 0x12120012,0x20200020,0xb1b100b1,0x99990099,
502 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
503 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
504 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
505 0x0f0f000f,0x16160016,0x18180018,0x22220022,
506 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
507 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
508 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
509 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
510 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
511 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
512 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
513 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
514 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
515 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
516 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
517 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
518 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
519 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
520 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
521 0x49490049,0x68680068,0x38380038,0xa4a400a4,
522 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
523 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
528 * Stuff related to the Camellia key schedule
530 #define subl(x) subL[(x)]
531 #define subr(x) subR[(x)]
533 void camellia_setup128(const unsigned char *key, uint32_t *subkey)
535 uint32_t kll, klr, krl, krr;
536 uint32_t il, ir, t0, t1, w0, w1;
537 uint32_t kw4l, kw4r, dw, tl, tr;
542 * k == kll || klr || krl || krr (|| is concatination)
545 klr = GETU32(key + 4);
546 krl = GETU32(key + 8);
547 krr = GETU32(key + 12);
549 * generate KL dependent subkeys
552 subl(0) = kll; subr(0) = klr;
554 subl(1) = krl; subr(1) = krr;
555 /* rotation left shift 15bit */
556 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
558 subl(4) = kll; subr(4) = klr;
560 subl(5) = krl; subr(5) = krr;
561 /* rotation left shift 15+30bit */
562 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
564 subl(10) = kll; subr(10) = klr;
566 subl(11) = krl; subr(11) = krr;
567 /* rotation left shift 15+30+15bit */
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
570 subl(13) = krl; subr(13) = krr;
571 /* rotation left shift 15+30+15+17 bit */
572 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
574 subl(16) = kll; subr(16) = klr;
576 subl(17) = krl; subr(17) = krr;
577 /* rotation left shift 15+30+15+17+17 bit */
578 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 subl(18) = kll; subr(18) = klr;
582 subl(19) = krl; subr(19) = krr;
583 /* rotation left shift 15+30+15+17+17+17 bit */
584 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
586 subl(22) = kll; subr(22) = klr;
588 subl(23) = krl; subr(23) = krr;
591 kll = subl(0); klr = subr(0);
592 krl = subl(1); krr = subr(1);
594 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
595 w0, w1, il, ir, t0, t1);
596 krl ^= w0; krr ^= w1;
598 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
599 kll, klr, il, ir, t0, t1);
600 /* current status == (kll, klr, w0, w1) */
602 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
603 krl, krr, il, ir, t0, t1);
604 krl ^= w0; krr ^= w1;
606 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
607 w0, w1, il, ir, t0, t1);
608 kll ^= w0; klr ^= w1;
610 /* generate KA dependent subkeys */
612 subl(2) = kll; subr(2) = klr;
613 subl(3) = krl; subr(3) = krr;
614 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
616 subl(6) = kll; subr(6) = klr;
617 subl(7) = krl; subr(7) = krr;
618 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
620 subl(8) = kll; subr(8) = klr;
621 subl(9) = krl; subr(9) = krr;
622 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
624 subl(12) = kll; subr(12) = klr;
625 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
627 subl(14) = kll; subr(14) = klr;
628 subl(15) = krl; subr(15) = krr;
629 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
631 subl(20) = kll; subr(20) = klr;
632 subl(21) = krl; subr(21) = krr;
633 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
635 subl(24) = kll; subr(24) = klr;
636 subl(25) = krl; subr(25) = krr;
639 /* absorb kw2 to other subkeys */
641 subl(3) ^= subl(1); subr(3) ^= subr(1);
643 subl(5) ^= subl(1); subr(5) ^= subr(1);
645 subl(7) ^= subl(1); subr(7) ^= subr(1);
646 subl(1) ^= subr(1) & ~subr(9);
647 dw = subl(1) & subl(9),
648 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
650 subl(11) ^= subl(1); subr(11) ^= subr(1);
652 subl(13) ^= subl(1); subr(13) ^= subr(1);
654 subl(15) ^= subl(1); subr(15) ^= subr(1);
655 subl(1) ^= subr(1) & ~subr(17);
656 dw = subl(1) & subl(17),
657 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
659 subl(19) ^= subl(1); subr(19) ^= subr(1);
661 subl(21) ^= subl(1); subr(21) ^= subr(1);
663 subl(23) ^= subl(1); subr(23) ^= subr(1);
665 subl(24) ^= subl(1); subr(24) ^= subr(1);
667 /* absorb kw4 to other subkeys */
668 kw4l = subl(25); kw4r = subr(25);
670 subl(22) ^= kw4l; subr(22) ^= kw4r;
672 subl(20) ^= kw4l; subr(20) ^= kw4r;
674 subl(18) ^= kw4l; subr(18) ^= kw4r;
675 kw4l ^= kw4r & ~subr(16);
676 dw = kw4l & subl(16),
677 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
679 subl(14) ^= kw4l; subr(14) ^= kw4r;
681 subl(12) ^= kw4l; subr(12) ^= kw4r;
683 subl(10) ^= kw4l; subr(10) ^= kw4r;
684 kw4l ^= kw4r & ~subr(8);
686 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
688 subl(6) ^= kw4l; subr(6) ^= kw4r;
690 subl(4) ^= kw4l; subr(4) ^= kw4r;
692 subl(2) ^= kw4l; subr(2) ^= kw4r;
694 subl(0) ^= kw4l; subr(0) ^= kw4r;
697 /* key XOR is end of F-function */
698 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
699 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
700 CamelliaSubkeyL(2) = subl(3); /* round 1 */
701 CamelliaSubkeyR(2) = subr(3);
702 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
703 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
704 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
705 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
706 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
707 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
708 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
709 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
710 tl = subl(10) ^ (subr(10) & ~subr(8));
711 dw = tl & subl(8), /* FL(kl1) */
712 tr = subr(10) ^ CAMELLIA_RL1(dw);
713 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
714 CamelliaSubkeyR(7) = subr(6) ^ tr;
715 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
716 CamelliaSubkeyR(8) = subr(8);
717 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
718 CamelliaSubkeyR(9) = subr(9);
719 tl = subl(7) ^ (subr(7) & ~subr(9));
720 dw = tl & subl(9), /* FLinv(kl2) */
721 tr = subr(7) ^ CAMELLIA_RL1(dw);
722 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
723 CamelliaSubkeyR(10) = tr ^ subr(11);
724 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
725 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
726 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
727 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
728 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
729 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
730 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
731 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
732 tl = subl(18) ^ (subr(18) & ~subr(16));
733 dw = tl & subl(16), /* FL(kl3) */
734 tr = subr(18) ^ CAMELLIA_RL1(dw);
735 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
736 CamelliaSubkeyR(15) = subr(14) ^ tr;
737 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
738 CamelliaSubkeyR(16) = subr(16);
739 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
740 CamelliaSubkeyR(17) = subr(17);
741 tl = subl(15) ^ (subr(15) & ~subr(17));
742 dw = tl & subl(17), /* FLinv(kl4) */
743 tr = subr(15) ^ CAMELLIA_RL1(dw);
744 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
745 CamelliaSubkeyR(18) = tr ^ subr(19);
746 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
747 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
748 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
749 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
750 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
751 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
752 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
753 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
754 CamelliaSubkeyL(23) = subl(22); /* round 18 */
755 CamelliaSubkeyR(23) = subr(22);
756 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
757 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
759 /* apply the inverse of the last half of P-function */
760 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
761 dw = CAMELLIA_RL8(dw);/* round 1 */
762 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
763 CamelliaSubkeyL(2) = dw;
764 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
765 dw = CAMELLIA_RL8(dw);/* round 2 */
766 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
767 CamelliaSubkeyL(3) = dw;
768 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
769 dw = CAMELLIA_RL8(dw);/* round 3 */
770 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
771 CamelliaSubkeyL(4) = dw;
772 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
773 dw = CAMELLIA_RL8(dw);/* round 4 */
774 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
775 CamelliaSubkeyL(5) = dw;
776 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
777 dw = CAMELLIA_RL8(dw);/* round 5 */
778 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
779 CamelliaSubkeyL(6) = dw;
780 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
781 dw = CAMELLIA_RL8(dw);/* round 6 */
782 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
783 CamelliaSubkeyL(7) = dw;
784 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
785 dw = CAMELLIA_RL8(dw);/* round 7 */
786 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
787 CamelliaSubkeyL(10) = dw;
788 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
789 dw = CAMELLIA_RL8(dw);/* round 8 */
790 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
791 CamelliaSubkeyL(11) = dw;
792 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
793 dw = CAMELLIA_RL8(dw);/* round 9 */
794 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
795 CamelliaSubkeyL(12) = dw;
796 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
797 dw = CAMELLIA_RL8(dw);/* round 10 */
798 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
799 CamelliaSubkeyL(13) = dw;
800 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
801 dw = CAMELLIA_RL8(dw);/* round 11 */
802 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
803 CamelliaSubkeyL(14) = dw;
804 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
805 dw = CAMELLIA_RL8(dw);/* round 12 */
806 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
807 CamelliaSubkeyL(15) = dw;
808 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
809 dw = CAMELLIA_RL8(dw);/* round 13 */
810 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
811 CamelliaSubkeyL(18) = dw;
812 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
813 dw = CAMELLIA_RL8(dw);/* round 14 */
814 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
815 CamelliaSubkeyL(19) = dw;
816 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
817 dw = CAMELLIA_RL8(dw);/* round 15 */
818 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
819 CamelliaSubkeyL(20) = dw;
820 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
821 dw = CAMELLIA_RL8(dw);/* round 16 */
822 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
823 CamelliaSubkeyL(21) = dw;
824 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
825 dw = CAMELLIA_RL8(dw);/* round 17 */
826 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
827 CamelliaSubkeyL(22) = dw;
828 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
829 dw = CAMELLIA_RL8(dw);/* round 18 */
830 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
831 CamelliaSubkeyL(23) = dw;
836 void camellia_setup256(const unsigned char *key, uint32_t *subkey)
838 uint32_t kll,klr,krl,krr; /* left half of key */
839 uint32_t krll,krlr,krrl,krrr; /* right half of key */
840 uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */
841 uint32_t kw4l, kw4r, dw, tl, tr;
846 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
847 * (|| is concatination)
851 klr = GETU32(key + 4);
852 krl = GETU32(key + 8);
853 krr = GETU32(key + 12);
854 krll = GETU32(key + 16);
855 krlr = GETU32(key + 20);
856 krrl = GETU32(key + 24);
857 krrr = GETU32(key + 28);
859 /* generate KL dependent subkeys */
861 subl(0) = kll; subr(0) = klr;
863 subl(1) = krl; subr(1) = krr;
864 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
866 subl(12) = kll; subr(12) = klr;
868 subl(13) = krl; subr(13) = krr;
869 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
871 subl(16) = kll; subr(16) = klr;
873 subl(17) = krl; subr(17) = krr;
874 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
876 subl(22) = kll; subr(22) = klr;
878 subl(23) = krl; subr(23) = krr;
879 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
881 subl(30) = kll; subr(30) = klr;
883 subl(31) = krl; subr(31) = krr;
885 /* generate KR dependent subkeys */
886 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
888 subl(4) = krll; subr(4) = krlr;
890 subl(5) = krrl; subr(5) = krrr;
891 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
893 subl(8) = krll; subr(8) = krlr;
895 subl(9) = krrl; subr(9) = krrr;
896 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
898 subl(18) = krll; subr(18) = krlr;
900 subl(19) = krrl; subr(19) = krrr;
901 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
903 subl(26) = krll; subr(26) = krlr;
905 subl(27) = krrl; subr(27) = krrr;
906 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
909 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
910 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
912 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
913 w0, w1, il, ir, t0, t1);
914 krl ^= w0; krr ^= w1;
916 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
917 kll, klr, il, ir, t0, t1);
918 kll ^= krll; klr ^= krlr;
920 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
921 krl, krr, il, ir, t0, t1);
922 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
924 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
925 w0, w1, il, ir, t0, t1);
926 kll ^= w0; klr ^= w1;
929 krll ^= kll; krlr ^= klr;
930 krrl ^= krl; krrr ^= krr;
931 CAMELLIA_F(krll, krlr,
932 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
933 w0, w1, il, ir, t0, t1);
934 krrl ^= w0; krrr ^= w1;
935 CAMELLIA_F(krrl, krrr,
936 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
937 w0, w1, il, ir, t0, t1);
938 krll ^= w0; krlr ^= w1;
940 /* generate KA dependent subkeys */
941 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
943 subl(6) = kll; subr(6) = klr;
945 subl(7) = krl; subr(7) = krr;
946 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
948 subl(14) = kll; subr(14) = klr;
950 subl(15) = krl; subr(15) = krr;
951 /* rotation left shift 32bit */
953 subl(24) = klr; subr(24) = krl;
955 subl(25) = krr; subr(25) = kll;
956 /* rotation left shift 49 from k11,k12 -> k21,k22 */
957 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
959 subl(28) = kll; subr(28) = klr;
961 subl(29) = krl; subr(29) = krr;
963 /* generate KB dependent subkeys */
965 subl(2) = krll; subr(2) = krlr;
967 subl(3) = krrl; subr(3) = krrr;
968 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
970 subl(10) = krll; subr(10) = krlr;
972 subl(11) = krrl; subr(11) = krrr;
973 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
975 subl(20) = krll; subr(20) = krlr;
977 subl(21) = krrl; subr(21) = krrr;
978 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
980 subl(32) = krll; subr(32) = krlr;
982 subl(33) = krrl; subr(33) = krrr;
984 /* absorb kw2 to other subkeys */
986 subl(3) ^= subl(1); subr(3) ^= subr(1);
988 subl(5) ^= subl(1); subr(5) ^= subr(1);
990 subl(7) ^= subl(1); subr(7) ^= subr(1);
991 subl(1) ^= subr(1) & ~subr(9);
992 dw = subl(1) & subl(9),
993 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
995 subl(11) ^= subl(1); subr(11) ^= subr(1);
997 subl(13) ^= subl(1); subr(13) ^= subr(1);
999 subl(15) ^= subl(1); subr(15) ^= subr(1);
1000 subl(1) ^= subr(1) & ~subr(17);
1001 dw = subl(1) & subl(17),
1002 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
1004 subl(19) ^= subl(1); subr(19) ^= subr(1);
1006 subl(21) ^= subl(1); subr(21) ^= subr(1);
1008 subl(23) ^= subl(1); subr(23) ^= subr(1);
1009 subl(1) ^= subr(1) & ~subr(25);
1010 dw = subl(1) & subl(25),
1011 subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
1013 subl(27) ^= subl(1); subr(27) ^= subr(1);
1015 subl(29) ^= subl(1); subr(29) ^= subr(1);
1017 subl(31) ^= subl(1); subr(31) ^= subr(1);
1019 subl(32) ^= subl(1); subr(32) ^= subr(1);
1022 /* absorb kw4 to other subkeys */
1023 kw4l = subl(33); kw4r = subr(33);
1025 subl(30) ^= kw4l; subr(30) ^= kw4r;
1027 subl(28) ^= kw4l; subr(28) ^= kw4r;
1029 subl(26) ^= kw4l; subr(26) ^= kw4r;
1030 kw4l ^= kw4r & ~subr(24);
1031 dw = kw4l & subl(24),
1032 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
1034 subl(22) ^= kw4l; subr(22) ^= kw4r;
1036 subl(20) ^= kw4l; subr(20) ^= kw4r;
1038 subl(18) ^= kw4l; subr(18) ^= kw4r;
1039 kw4l ^= kw4r & ~subr(16);
1040 dw = kw4l & subl(16),
1041 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
1043 subl(14) ^= kw4l; subr(14) ^= kw4r;
1045 subl(12) ^= kw4l; subr(12) ^= kw4r;
1047 subl(10) ^= kw4l; subr(10) ^= kw4r;
1048 kw4l ^= kw4r & ~subr(8);
1049 dw = kw4l & subl(8),
1050 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
1052 subl(6) ^= kw4l; subr(6) ^= kw4r;
1054 subl(4) ^= kw4l; subr(4) ^= kw4r;
1056 subl(2) ^= kw4l; subr(2) ^= kw4r;
1058 subl(0) ^= kw4l; subr(0) ^= kw4r;
1060 /* key XOR is end of F-function */
1061 CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
1062 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1063 CamelliaSubkeyL(2) = subl(3); /* round 1 */
1064 CamelliaSubkeyR(2) = subr(3);
1065 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1066 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1067 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1068 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1069 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1070 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1071 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1072 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1073 tl = subl(10) ^ (subr(10) & ~subr(8));
1074 dw = tl & subl(8), /* FL(kl1) */
1075 tr = subr(10) ^ CAMELLIA_RL1(dw);
1076 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1077 CamelliaSubkeyR(7) = subr(6) ^ tr;
1078 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1079 CamelliaSubkeyR(8) = subr(8);
1080 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1081 CamelliaSubkeyR(9) = subr(9);
1082 tl = subl(7) ^ (subr(7) & ~subr(9));
1083 dw = tl & subl(9), /* FLinv(kl2) */
1084 tr = subr(7) ^ CAMELLIA_RL1(dw);
1085 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1086 CamelliaSubkeyR(10) = tr ^ subr(11);
1087 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1088 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1089 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1090 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1091 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1092 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1093 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1094 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1095 tl = subl(18) ^ (subr(18) & ~subr(16));
1096 dw = tl & subl(16), /* FL(kl3) */
1097 tr = subr(18) ^ CAMELLIA_RL1(dw);
1098 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1099 CamelliaSubkeyR(15) = subr(14) ^ tr;
1100 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1101 CamelliaSubkeyR(16) = subr(16);
1102 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1103 CamelliaSubkeyR(17) = subr(17);
1104 tl = subl(15) ^ (subr(15) & ~subr(17));
1105 dw = tl & subl(17), /* FLinv(kl4) */
1106 tr = subr(15) ^ CAMELLIA_RL1(dw);
1107 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1108 CamelliaSubkeyR(18) = tr ^ subr(19);
1109 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1110 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1111 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1112 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1113 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1114 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1115 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1116 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1117 tl = subl(26) ^ (subr(26)
1119 dw = tl & subl(24), /* FL(kl5) */
1120 tr = subr(26) ^ CAMELLIA_RL1(dw);
1121 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1122 CamelliaSubkeyR(23) = subr(22) ^ tr;
1123 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1124 CamelliaSubkeyR(24) = subr(24);
1125 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1126 CamelliaSubkeyR(25) = subr(25);
1127 tl = subl(23) ^ (subr(23) &
1129 dw = tl & subl(25), /* FLinv(kl6) */
1130 tr = subr(23) ^ CAMELLIA_RL1(dw);
1131 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1132 CamelliaSubkeyR(26) = tr ^ subr(27);
1133 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1134 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1135 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1136 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1137 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1138 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1139 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1140 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1141 CamelliaSubkeyL(31) = subl(30); /* round 24 */
1142 CamelliaSubkeyR(31) = subr(30);
1143 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1144 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1146 /* apply the inverse of the last half of P-function */
1147 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
1148 dw = CAMELLIA_RL8(dw);/* round 1 */
1149 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
1150 CamelliaSubkeyL(2) = dw;
1151 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
1152 dw = CAMELLIA_RL8(dw);/* round 2 */
1153 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
1154 CamelliaSubkeyL(3) = dw;
1155 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
1156 dw = CAMELLIA_RL8(dw);/* round 3 */
1157 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
1158 CamelliaSubkeyL(4) = dw;
1159 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
1160 dw = CAMELLIA_RL8(dw);/* round 4 */
1161 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
1162 CamelliaSubkeyL(5) = dw;
1163 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
1164 dw = CAMELLIA_RL8(dw);/* round 5 */
1165 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
1166 CamelliaSubkeyL(6) = dw;
1167 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
1168 dw = CAMELLIA_RL8(dw);/* round 6 */
1169 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
1170 CamelliaSubkeyL(7) = dw;
1171 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
1172 dw = CAMELLIA_RL8(dw);/* round 7 */
1173 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
1174 CamelliaSubkeyL(10) = dw;
1175 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
1176 dw = CAMELLIA_RL8(dw);/* round 8 */
1177 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
1178 CamelliaSubkeyL(11) = dw;
1179 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
1180 dw = CAMELLIA_RL8(dw);/* round 9 */
1181 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
1182 CamelliaSubkeyL(12) = dw;
1183 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
1184 dw = CAMELLIA_RL8(dw);/* round 10 */
1185 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
1186 CamelliaSubkeyL(13) = dw;
1187 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
1188 dw = CAMELLIA_RL8(dw);/* round 11 */
1189 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
1190 CamelliaSubkeyL(14) = dw;
1191 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
1192 dw = CAMELLIA_RL8(dw);/* round 12 */
1193 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
1194 CamelliaSubkeyL(15) = dw;
1195 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
1196 dw = CAMELLIA_RL8(dw);/* round 13 */
1197 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
1198 CamelliaSubkeyL(18) = dw;
1199 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
1200 dw = CAMELLIA_RL8(dw);/* round 14 */
1201 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
1202 CamelliaSubkeyL(19) = dw;
1203 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
1204 dw = CAMELLIA_RL8(dw);/* round 15 */
1205 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
1206 CamelliaSubkeyL(20) = dw;
1207 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
1208 dw = CAMELLIA_RL8(dw);/* round 16 */
1209 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
1210 CamelliaSubkeyL(21) = dw;
1211 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
1212 dw = CAMELLIA_RL8(dw);/* round 17 */
1213 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
1214 CamelliaSubkeyL(22) = dw;
1215 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
1216 dw = CAMELLIA_RL8(dw);/* round 18 */
1217 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
1218 CamelliaSubkeyL(23) = dw;
1219 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
1220 dw = CAMELLIA_RL8(dw);/* round 19 */
1221 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
1222 CamelliaSubkeyL(26) = dw;
1223 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
1224 dw = CAMELLIA_RL8(dw);/* round 20 */
1225 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
1226 CamelliaSubkeyL(27) = dw;
1227 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
1228 dw = CAMELLIA_RL8(dw);/* round 21 */
1229 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
1230 CamelliaSubkeyL(28) = dw;
1231 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
1232 dw = CAMELLIA_RL8(dw);/* round 22 */
1233 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
1234 CamelliaSubkeyL(29) = dw;
1235 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
1236 dw = CAMELLIA_RL8(dw);/* round 23 */
1237 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
1238 CamelliaSubkeyL(30) = dw;
1239 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
1240 dw = CAMELLIA_RL8(dw);/* round 24 */
1241 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
1242 CamelliaSubkeyL(31) = dw;
1248 void camellia_setup192(const unsigned char *key, uint32_t *subkey)
1250 unsigned char kk[32];
1251 uint32_t krll, krlr, krrl,krrr;
1253 memcpy(kk, key, 24);
1254 memcpy((unsigned char *)&krll, key+16,4);
1255 memcpy((unsigned char *)&krlr, key+20,4);
1258 memcpy(kk+24, (unsigned char *)&krrl, 4);
1259 memcpy(kk+28, (unsigned char *)&krrr, 4);
1260 camellia_setup256(kk, subkey);
1266 * Stuff related to camellia encryption/decryption
1268 void camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
1270 uint32_t il, ir, t0, t1;
1273 /* pre whitening but absorb kw2*/
1274 io[0] ^= CamelliaSubkeyL(0);
1275 io[1] ^= CamelliaSubkeyR(0);
1276 /* main iteration */
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1283 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[0],io[1],
1285 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1286 io[2],io[3],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[2],io[3],
1288 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1289 io[0],io[1],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1295 io[0],io[1],il,ir,t0,t1);
1297 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1298 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1299 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1302 CAMELLIA_ROUNDSM(io[0],io[1],
1303 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1304 io[2],io[3],il,ir,t0,t1);
1305 CAMELLIA_ROUNDSM(io[2],io[3],
1306 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1307 io[0],io[1],il,ir,t0,t1);
1308 CAMELLIA_ROUNDSM(io[0],io[1],
1309 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1310 io[2],io[3],il,ir,t0,t1);
1311 CAMELLIA_ROUNDSM(io[2],io[3],
1312 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1313 io[0],io[1],il,ir,t0,t1);
1314 CAMELLIA_ROUNDSM(io[0],io[1],
1315 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1316 io[2],io[3],il,ir,t0,t1);
1317 CAMELLIA_ROUNDSM(io[2],io[3],
1318 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1319 io[0],io[1],il,ir,t0,t1);
1321 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1322 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1323 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1326 CAMELLIA_ROUNDSM(io[0],io[1],
1327 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1328 io[2],io[3],il,ir,t0,t1);
1329 CAMELLIA_ROUNDSM(io[2],io[3],
1330 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1331 io[0],io[1],il,ir,t0,t1);
1332 CAMELLIA_ROUNDSM(io[0],io[1],
1333 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1334 io[2],io[3],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[2],io[3],
1336 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1337 io[0],io[1],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[0],io[1],
1339 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1340 io[2],io[3],il,ir,t0,t1);
1341 CAMELLIA_ROUNDSM(io[2],io[3],
1342 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1343 io[0],io[1],il,ir,t0,t1);
1345 /* post whitening but kw4 */
1346 io[2] ^= CamelliaSubkeyL(24);
1347 io[3] ^= CamelliaSubkeyR(24);
1360 void camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
1362 uint32_t il,ir,t0,t1; /* temporary valiables */
1366 /* pre whitening but absorb kw2*/
1367 io[0] ^= CamelliaSubkeyL(24);
1368 io[1] ^= CamelliaSubkeyR(24);
1370 /* main iteration */
1371 CAMELLIA_ROUNDSM(io[0],io[1],
1372 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1373 io[2],io[3],il,ir,t0,t1);
1374 CAMELLIA_ROUNDSM(io[2],io[3],
1375 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1376 io[0],io[1],il,ir,t0,t1);
1377 CAMELLIA_ROUNDSM(io[0],io[1],
1378 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1379 io[2],io[3],il,ir,t0,t1);
1380 CAMELLIA_ROUNDSM(io[2],io[3],
1381 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1382 io[0],io[1],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[0],io[1],
1384 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1385 io[2],io[3],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[2],io[3],
1387 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1388 io[0],io[1],il,ir,t0,t1);
1390 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1391 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1392 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1395 CAMELLIA_ROUNDSM(io[0],io[1],
1396 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1397 io[2],io[3],il,ir,t0,t1);
1398 CAMELLIA_ROUNDSM(io[2],io[3],
1399 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1400 io[0],io[1],il,ir,t0,t1);
1401 CAMELLIA_ROUNDSM(io[0],io[1],
1402 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1403 io[2],io[3],il,ir,t0,t1);
1404 CAMELLIA_ROUNDSM(io[2],io[3],
1405 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1406 io[0],io[1],il,ir,t0,t1);
1407 CAMELLIA_ROUNDSM(io[0],io[1],
1408 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1409 io[2],io[3],il,ir,t0,t1);
1410 CAMELLIA_ROUNDSM(io[2],io[3],
1411 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1412 io[0],io[1],il,ir,t0,t1);
1414 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1415 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1416 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1419 CAMELLIA_ROUNDSM(io[0],io[1],
1420 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1421 io[2],io[3],il,ir,t0,t1);
1422 CAMELLIA_ROUNDSM(io[2],io[3],
1423 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1424 io[0],io[1],il,ir,t0,t1);
1425 CAMELLIA_ROUNDSM(io[0],io[1],
1426 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1427 io[2],io[3],il,ir,t0,t1);
1428 CAMELLIA_ROUNDSM(io[2],io[3],
1429 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1430 io[0],io[1],il,ir,t0,t1);
1431 CAMELLIA_ROUNDSM(io[0],io[1],
1432 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1433 io[2],io[3],il,ir,t0,t1);
1434 CAMELLIA_ROUNDSM(io[2],io[3],
1435 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1436 io[0],io[1],il,ir,t0,t1);
1438 /* post whitening but kw4 */
1439 io[2] ^= CamelliaSubkeyL(0);
1440 io[3] ^= CamelliaSubkeyR(0);
1454 * stuff for 192 and 256bit encryption/decryption
1456 void camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
1458 uint32_t il,ir,t0,t1; /* temporary valiables */
1462 /* pre whitening but absorb kw2*/
1463 io[0] ^= CamelliaSubkeyL(0);
1464 io[1] ^= CamelliaSubkeyR(0);
1466 /* main iteration */
1467 CAMELLIA_ROUNDSM(io[0],io[1],
1468 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1469 io[2],io[3],il,ir,t0,t1);
1470 CAMELLIA_ROUNDSM(io[2],io[3],
1471 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1472 io[0],io[1],il,ir,t0,t1);
1473 CAMELLIA_ROUNDSM(io[0],io[1],
1474 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1475 io[2],io[3],il,ir,t0,t1);
1476 CAMELLIA_ROUNDSM(io[2],io[3],
1477 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1478 io[0],io[1],il,ir,t0,t1);
1479 CAMELLIA_ROUNDSM(io[0],io[1],
1480 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1481 io[2],io[3],il,ir,t0,t1);
1482 CAMELLIA_ROUNDSM(io[2],io[3],
1483 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1484 io[0],io[1],il,ir,t0,t1);
1486 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1487 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1488 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1491 CAMELLIA_ROUNDSM(io[0],io[1],
1492 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1493 io[2],io[3],il,ir,t0,t1);
1494 CAMELLIA_ROUNDSM(io[2],io[3],
1495 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1496 io[0],io[1],il,ir,t0,t1);
1497 CAMELLIA_ROUNDSM(io[0],io[1],
1498 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1499 io[2],io[3],il,ir,t0,t1);
1500 CAMELLIA_ROUNDSM(io[2],io[3],
1501 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1502 io[0],io[1],il,ir,t0,t1);
1503 CAMELLIA_ROUNDSM(io[0],io[1],
1504 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1505 io[2],io[3],il,ir,t0,t1);
1506 CAMELLIA_ROUNDSM(io[2],io[3],
1507 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1508 io[0],io[1],il,ir,t0,t1);
1510 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1511 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1512 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1515 CAMELLIA_ROUNDSM(io[0],io[1],
1516 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1517 io[2],io[3],il,ir,t0,t1);
1518 CAMELLIA_ROUNDSM(io[2],io[3],
1519 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1520 io[0],io[1],il,ir,t0,t1);
1521 CAMELLIA_ROUNDSM(io[0],io[1],
1522 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1523 io[2],io[3],il,ir,t0,t1);
1524 CAMELLIA_ROUNDSM(io[2],io[3],
1525 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1526 io[0],io[1],il,ir,t0,t1);
1527 CAMELLIA_ROUNDSM(io[0],io[1],
1528 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1529 io[2],io[3],il,ir,t0,t1);
1530 CAMELLIA_ROUNDSM(io[2],io[3],
1531 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1532 io[0],io[1],il,ir,t0,t1);
1534 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1535 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1536 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1539 CAMELLIA_ROUNDSM(io[0],io[1],
1540 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1541 io[2],io[3],il,ir,t0,t1);
1542 CAMELLIA_ROUNDSM(io[2],io[3],
1543 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1544 io[0],io[1],il,ir,t0,t1);
1545 CAMELLIA_ROUNDSM(io[0],io[1],
1546 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1547 io[2],io[3],il,ir,t0,t1);
1548 CAMELLIA_ROUNDSM(io[2],io[3],
1549 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1550 io[0],io[1],il,ir,t0,t1);
1551 CAMELLIA_ROUNDSM(io[0],io[1],
1552 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1553 io[2],io[3],il,ir,t0,t1);
1554 CAMELLIA_ROUNDSM(io[2],io[3],
1555 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1556 io[0],io[1],il,ir,t0,t1);
1558 /* post whitening but kw4 */
1559 io[2] ^= CamelliaSubkeyL(32);
1560 io[3] ^= CamelliaSubkeyR(32);
1573 void camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
1575 uint32_t il,ir,t0,t1; /* temporary valiables */
1578 /* pre whitening but absorb kw2*/
1579 io[0] ^= CamelliaSubkeyL(32);
1580 io[1] ^= CamelliaSubkeyR(32);
1582 /* main iteration */
1583 CAMELLIA_ROUNDSM(io[0],io[1],
1584 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1585 io[2],io[3],il,ir,t0,t1);
1586 CAMELLIA_ROUNDSM(io[2],io[3],
1587 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1588 io[0],io[1],il,ir,t0,t1);
1589 CAMELLIA_ROUNDSM(io[0],io[1],
1590 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1591 io[2],io[3],il,ir,t0,t1);
1592 CAMELLIA_ROUNDSM(io[2],io[3],
1593 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1594 io[0],io[1],il,ir,t0,t1);
1595 CAMELLIA_ROUNDSM(io[0],io[1],
1596 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1597 io[2],io[3],il,ir,t0,t1);
1598 CAMELLIA_ROUNDSM(io[2],io[3],
1599 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1600 io[0],io[1],il,ir,t0,t1);
1602 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1603 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1604 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1607 CAMELLIA_ROUNDSM(io[0],io[1],
1608 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1609 io[2],io[3],il,ir,t0,t1);
1610 CAMELLIA_ROUNDSM(io[2],io[3],
1611 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1612 io[0],io[1],il,ir,t0,t1);
1613 CAMELLIA_ROUNDSM(io[0],io[1],
1614 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1615 io[2],io[3],il,ir,t0,t1);
1616 CAMELLIA_ROUNDSM(io[2],io[3],
1617 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1618 io[0],io[1],il,ir,t0,t1);
1619 CAMELLIA_ROUNDSM(io[0],io[1],
1620 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1621 io[2],io[3],il,ir,t0,t1);
1622 CAMELLIA_ROUNDSM(io[2],io[3],
1623 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1624 io[0],io[1],il,ir,t0,t1);
1626 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1627 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1628 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1631 CAMELLIA_ROUNDSM(io[0],io[1],
1632 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1633 io[2],io[3],il,ir,t0,t1);
1634 CAMELLIA_ROUNDSM(io[2],io[3],
1635 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1636 io[0],io[1],il,ir,t0,t1);
1637 CAMELLIA_ROUNDSM(io[0],io[1],
1638 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1639 io[2],io[3],il,ir,t0,t1);
1640 CAMELLIA_ROUNDSM(io[2],io[3],
1641 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1642 io[0],io[1],il,ir,t0,t1);
1643 CAMELLIA_ROUNDSM(io[0],io[1],
1644 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1645 io[2],io[3],il,ir,t0,t1);
1646 CAMELLIA_ROUNDSM(io[2],io[3],
1647 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1648 io[0],io[1],il,ir,t0,t1);
1650 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1651 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1652 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1655 CAMELLIA_ROUNDSM(io[0],io[1],
1656 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1657 io[2],io[3],il,ir,t0,t1);
1658 CAMELLIA_ROUNDSM(io[2],io[3],
1659 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1660 io[0],io[1],il,ir,t0,t1);
1661 CAMELLIA_ROUNDSM(io[0],io[1],
1662 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1663 io[2],io[3],il,ir,t0,t1);
1664 CAMELLIA_ROUNDSM(io[2],io[3],
1665 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1666 io[0],io[1],il,ir,t0,t1);
1667 CAMELLIA_ROUNDSM(io[0],io[1],
1668 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1669 io[2],io[3],il,ir,t0,t1);
1670 CAMELLIA_ROUNDSM(io[2],io[3],
1671 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1672 io[0],io[1],il,ir,t0,t1);
1674 /* post whitening but kw4 */
1675 io[2] ^= CamelliaSubkeyL(0);
1676 io[3] ^= CamelliaSubkeyR(0);