projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[CRYPTO] camellia: De-unrolling
[deliverable/linux.git] / crypto / camellia.c
1 /*
2 * Copyright (C) 2006
3 * NTT (Nippon Telegraph and Telephone Corporation).
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 */
19
20 /*
21 * Algorithm Specification
22 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23 */
24
25 /*
26 *
27 * NOTE --- NOTE --- NOTE --- NOTE
28 * This implementation assumes that all memory addresses passed
29 * as parameters are four-byte aligned.
30 *
31 */
32
33 #include <linux/crypto.h>
34 #include <linux/errno.h>
35 #include <linux/init.h>
36 #include <linux/kernel.h>
37 #include <linux/module.h>
38
39 static const u32 camellia_sp1110[256] = {
40 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
41 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
42 0xe4e4e400,0x85858500,0x57575700,0x35353500,
43 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
44 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
45 0x45454500,0x19191900,0xa5a5a500,0x21212100,
46 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
47 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
48 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
49 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
50 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
51 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
52 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
53 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
54 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
55 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
56 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
57 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
58 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
59 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
60 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
61 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
62 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
63 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
64 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
65 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
66 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
67 0x53535300,0x18181800,0xf2f2f200,0x22222200,
68 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
69 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
70 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
71 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
72 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
73 0xa1a1a100,0x89898900,0x62626200,0x97979700,
74 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
75 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
76 0x10101000,0xc4c4c400,0x00000000,0x48484800,
77 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
78 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
79 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
80 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
81 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
82 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
83 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
84 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
85 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
86 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
87 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
88 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
89 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
90 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
91 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
92 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
93 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
94 0xd4d4d400,0x25252500,0xababab00,0x42424200,
95 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
96 0x72727200,0x07070700,0xb9b9b900,0x55555500,
97 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
98 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
99 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
100 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
101 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
102 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
103 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
104 };
105
106 static const u32 camellia_sp0222[256] = {
107 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
108 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
109 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
110 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
111 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
112 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
113 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
114 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
115 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
116 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
117 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
118 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
119 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
120 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
121 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
122 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
123 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
124 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
125 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
126 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
127 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
128 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
129 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
130 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
131 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
132 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
133 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
134 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
135 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
136 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
137 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
138 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
139 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
140 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
141 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
142 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
143 0x00202020,0x00898989,0x00000000,0x00909090,
144 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
145 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
146 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
147 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
148 0x009b9b9b,0x00949494,0x00212121,0x00666666,
149 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
150 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
151 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
152 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
153 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
154 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
155 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
156 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
157 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
158 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
159 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
160 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
161 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
162 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
163 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
164 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
165 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
166 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
167 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
168 0x00777777,0x00939393,0x00868686,0x00838383,
169 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
170 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
171 };
172
173 static const u32 camellia_sp3033[256] = {
174 0x38003838,0x41004141,0x16001616,0x76007676,
175 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
176 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
177 0x75007575,0x06000606,0x57005757,0xa000a0a0,
178 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
179 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
180 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
181 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
182 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
183 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
184 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
185 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
186 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
187 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
188 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
189 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
190 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
191 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
192 0x3a003a3a,0x09000909,0x95009595,0x10001010,
193 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
194 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
195 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
196 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
197 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
198 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
199 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
200 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
201 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
202 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
203 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
204 0x12001212,0x04000404,0x74007474,0x54005454,
205 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
206 0x55005555,0x68006868,0x50005050,0xbe00bebe,
207 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
208 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
209 0x70007070,0xff00ffff,0x32003232,0x69006969,
210 0x08000808,0x62006262,0x00000000,0x24002424,
211 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
212 0x45004545,0x81008181,0x73007373,0x6d006d6d,
213 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
214 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
215 0xe600e6e6,0x25002525,0x48004848,0x99009999,
216 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
217 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
218 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
219 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
220 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
221 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
222 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
223 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
224 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
225 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
226 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
227 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
228 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
229 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
230 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
231 0x7c007c7c,0x77007777,0x56005656,0x05000505,
232 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
233 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
234 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
235 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
236 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
237 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
238 };
239
240 static const u32 camellia_sp4404[256] = {
241 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
242 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
243 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
244 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
245 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
246 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
247 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
248 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
249 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
250 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
251 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
252 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
253 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
254 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
255 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
256 0x24240024,0xe8e800e8,0x60600060,0x69690069,
257 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
258 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
259 0x10100010,0x00000000,0xa3a300a3,0x75750075,
260 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
261 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
262 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
263 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
264 0x81810081,0x6f6f006f,0x13130013,0x63630063,
265 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
266 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
267 0x78780078,0x06060006,0xe7e700e7,0x71710071,
268 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
269 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
270 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
271 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
272 0x15150015,0xadad00ad,0x77770077,0x80800080,
273 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
274 0x85850085,0x35350035,0x0c0c000c,0x41410041,
275 0xefef00ef,0x93930093,0x19190019,0x21210021,
276 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
277 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
278 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
279 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
280 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
281 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
282 0x12120012,0x20200020,0xb1b100b1,0x99990099,
283 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
284 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
285 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
286 0x0f0f000f,0x16160016,0x18180018,0x22220022,
287 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
288 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
289 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
290 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
291 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
292 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
293 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
294 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
295 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
296 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
297 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
298 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
299 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
300 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
301 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
302 0x49490049,0x68680068,0x38380038,0xa4a400a4,
303 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
304 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
305 };
306
307
308 #define CAMELLIA_MIN_KEY_SIZE 16
309 #define CAMELLIA_MAX_KEY_SIZE 32
310 #define CAMELLIA_BLOCK_SIZE 16
311 #define CAMELLIA_TABLE_BYTE_LEN 272
312
313
314 /* key constants */
315
316 #define CAMELLIA_SIGMA1L (0xA09E667FL)
317 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
318 #define CAMELLIA_SIGMA2L (0xB67AE858L)
319 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
320 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
321 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
322 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
323 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
324 #define CAMELLIA_SIGMA5L (0x10E527FAL)
325 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
326 #define CAMELLIA_SIGMA6L (0xB05688C2L)
327 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
328
329 /*
330 * macros
331 */
332
333 # define GETU32(v, pt) \
334 do { \
335 /* latest breed of gcc is clever enough to use move */ \
336 memcpy(&(v), (pt), 4); \
337 (v) = be32_to_cpu(v); \
338 } while(0)
339
340 /* rotation right shift 1byte */
341 #define ROR8(x) (((x) >> 8) + ((x) << 24))
342 /* rotation left shift 1bit */
343 #define ROL1(x) (((x) << 1) + ((x) >> 31))
344 /* rotation left shift 1byte */
345 #define ROL8(x) (((x) << 8) + ((x) >> 24))
346
347 #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
348 do { \
349 w0 = ll; \
350 ll = (ll << bits) + (lr >> (32 - bits)); \
351 lr = (lr << bits) + (rl >> (32 - bits)); \
352 rl = (rl << bits) + (rr >> (32 - bits)); \
353 rr = (rr << bits) + (w0 >> (32 - bits)); \
354 } while(0)
355
356 #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
357 do { \
358 w0 = ll; \
359 w1 = lr; \
360 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
361 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
362 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
363 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
364 } while(0)
365
366
367 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
368 do { \
369 il = xl ^ kl; \
370 ir = xr ^ kr; \
371 t0 = il >> 16; \
372 t1 = ir >> 16; \
373 yl = camellia_sp1110[ir & 0xff] \
374 ^ camellia_sp0222[(t1 >> 8) & 0xff] \
375 ^ camellia_sp3033[t1 & 0xff] \
376 ^ camellia_sp4404[(ir >> 8) & 0xff]; \
377 yr = camellia_sp1110[(t0 >> 8) & 0xff] \
378 ^ camellia_sp0222[t0 & 0xff] \
379 ^ camellia_sp3033[(il >> 8) & 0xff] \
380 ^ camellia_sp4404[il & 0xff]; \
381 yl ^= yr; \
382 yr = ROR8(yr); \
383 yr ^= yl; \
384 } while(0)
385
386
387 /*
388 * for speed up
389 *
390 */
391 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
392 do { \
393 t0 = kll; \
394 t2 = krr; \
395 t0 &= ll; \
396 t2 |= rr; \
397 rl ^= t2; \
398 lr ^= ROL1(t0); \
399 t3 = krl; \
400 t1 = klr; \
401 t3 &= rl; \
402 t1 |= lr; \
403 ll ^= t1; \
404 rr ^= ROL1(t3); \
405 } while(0)
406
407 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
408 do { \
409 ir = camellia_sp1110[xr & 0xff]; \
410 il = camellia_sp1110[(xl>>24) & 0xff]; \
411 ir ^= camellia_sp0222[(xr>>24) & 0xff]; \
412 il ^= camellia_sp0222[(xl>>16) & 0xff]; \
413 ir ^= camellia_sp3033[(xr>>16) & 0xff]; \
414 il ^= camellia_sp3033[(xl>>8) & 0xff]; \
415 ir ^= camellia_sp4404[(xr>>8) & 0xff]; \
416 il ^= camellia_sp4404[xl & 0xff]; \
417 il ^= kl; \
418 ir ^= il ^ kr; \
419 yl ^= ir; \
420 yr ^= ROR8(il) ^ ir; \
421 } while(0)
422
423
424 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
425 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
426
427 static void camellia_setup_tail(u32 *subkey, int max)
428 {
429 u32 dw;
430 int i = 2;
431 do {
432 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */
433 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
434 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */
435 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
436 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */
437 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
438 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */
439 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
440 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */
441 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
442 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */
443 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
444 i += 8;
445 } while (i < max);
446 }
447
448 static void camellia_setup128(const unsigned char *key, u32 *subkey)
449 {
450 u32 kll, klr, krl, krr;
451 u32 il, ir, t0, t1, w0, w1;
452 u32 kw4l, kw4r, dw, tl, tr;
453 u32 subL[26];
454 u32 subR[26];
455
456 /**
457 * k == kll || klr || krl || krr (|| is concatination)
458 */
459 GETU32(kll, key );
460 GETU32(klr, key + 4);
461 GETU32(krl, key + 8);
462 GETU32(krr, key + 12);
463
464 /**
465 * generate KL dependent subkeys
466 */
467 /* kw1 */
468 subL[0] = kll; subR[0] = klr;
469 /* kw2 */
470 subL[1] = krl; subR[1] = krr;
471 /* rotation left shift 15bit */
472 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
473 /* k3 */
474 subL[4] = kll; subR[4] = klr;
475 /* k4 */
476 subL[5] = krl; subR[5] = krr;
477 /* rotation left shift 15+30bit */
478 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
479 /* k7 */
480 subL[10] = kll; subR[10] = klr;
481 /* k8 */
482 subL[11] = krl; subR[11] = krr;
483 /* rotation left shift 15+30+15bit */
484 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
485 /* k10 */
486 subL[13] = krl; subR[13] = krr;
487 /* rotation left shift 15+30+15+17 bit */
488 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
489 /* kl3 */
490 subL[16] = kll; subR[16] = klr;
491 /* kl4 */
492 subL[17] = krl; subR[17] = krr;
493 /* rotation left shift 15+30+15+17+17 bit */
494 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
495 /* k13 */
496 subL[18] = kll; subR[18] = klr;
497 /* k14 */
498 subL[19] = krl; subR[19] = krr;
499 /* rotation left shift 15+30+15+17+17+17 bit */
500 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
501 /* k17 */
502 subL[22] = kll; subR[22] = klr;
503 /* k18 */
504 subL[23] = krl; subR[23] = krr;
505
506 /* generate KA */
507 kll = subL[0]; klr = subR[0];
508 krl = subL[1]; krr = subR[1];
509 CAMELLIA_F(kll, klr,
510 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
511 w0, w1, il, ir, t0, t1);
512 krl ^= w0; krr ^= w1;
513 CAMELLIA_F(krl, krr,
514 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
515 kll, klr, il, ir, t0, t1);
516 /* current status == (kll, klr, w0, w1) */
517 CAMELLIA_F(kll, klr,
518 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
519 krl, krr, il, ir, t0, t1);
520 krl ^= w0; krr ^= w1;
521 CAMELLIA_F(krl, krr,
522 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
523 w0, w1, il, ir, t0, t1);
524 kll ^= w0; klr ^= w1;
525
526 /* generate KA dependent subkeys */
527 /* k1, k2 */
528 subL[2] = kll; subR[2] = klr;
529 subL[3] = krl; subR[3] = krr;
530 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
531 /* k5,k6 */
532 subL[6] = kll; subR[6] = klr;
533 subL[7] = krl; subR[7] = krr;
534 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
535 /* kl1, kl2 */
536 subL[8] = kll; subR[8] = klr;
537 subL[9] = krl; subR[9] = krr;
538 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
539 /* k9 */
540 subL[12] = kll; subR[12] = klr;
541 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
542 /* k11, k12 */
543 subL[14] = kll; subR[14] = klr;
544 subL[15] = krl; subR[15] = krr;
545 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
546 /* k15, k16 */
547 subL[20] = kll; subR[20] = klr;
548 subL[21] = krl; subR[21] = krr;
549 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
550 /* kw3, kw4 */
551 subL[24] = kll; subR[24] = klr;
552 subL[25] = krl; subR[25] = krr;
553
554 /* absorb kw2 to other subkeys */
555 /* round 2 */
556 subL[3] ^= subL[1]; subR[3] ^= subR[1];
557 /* round 4 */
558 subL[5] ^= subL[1]; subR[5] ^= subR[1];
559 /* round 6 */
560 subL[7] ^= subL[1]; subR[7] ^= subR[1];
561 subL[1] ^= subR[1] & ~subR[9];
562 dw = subL[1] & subL[9],
563 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
564 /* round 8 */
565 subL[11] ^= subL[1]; subR[11] ^= subR[1];
566 /* round 10 */
567 subL[13] ^= subL[1]; subR[13] ^= subR[1];
568 /* round 12 */
569 subL[15] ^= subL[1]; subR[15] ^= subR[1];
570 subL[1] ^= subR[1] & ~subR[17];
571 dw = subL[1] & subL[17],
572 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
573 /* round 14 */
574 subL[19] ^= subL[1]; subR[19] ^= subR[1];
575 /* round 16 */
576 subL[21] ^= subL[1]; subR[21] ^= subR[1];
577 /* round 18 */
578 subL[23] ^= subL[1]; subR[23] ^= subR[1];
579 /* kw3 */
580 subL[24] ^= subL[1]; subR[24] ^= subR[1];
581
582 /* absorb kw4 to other subkeys */
583 kw4l = subL[25]; kw4r = subR[25];
584 /* round 17 */
585 subL[22] ^= kw4l; subR[22] ^= kw4r;
586 /* round 15 */
587 subL[20] ^= kw4l; subR[20] ^= kw4r;
588 /* round 13 */
589 subL[18] ^= kw4l; subR[18] ^= kw4r;
590 kw4l ^= kw4r & ~subR[16];
591 dw = kw4l & subL[16],
592 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
593 /* round 11 */
594 subL[14] ^= kw4l; subR[14] ^= kw4r;
595 /* round 9 */
596 subL[12] ^= kw4l; subR[12] ^= kw4r;
597 /* round 7 */
598 subL[10] ^= kw4l; subR[10] ^= kw4r;
599 kw4l ^= kw4r & ~subR[8];
600 dw = kw4l & subL[8],
601 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
602 /* round 5 */
603 subL[6] ^= kw4l; subR[6] ^= kw4r;
604 /* round 3 */
605 subL[4] ^= kw4l; subR[4] ^= kw4r;
606 /* round 1 */
607 subL[2] ^= kw4l; subR[2] ^= kw4r;
608 /* kw1 */
609 subL[0] ^= kw4l; subR[0] ^= kw4r;
610
611 /* key XOR is end of F-function */
612 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
613 SUBKEY_R(0) = subR[0] ^ subR[2];
614 SUBKEY_L(2) = subL[3]; /* round 1 */
615 SUBKEY_R(2) = subR[3];
616 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
617 SUBKEY_R(3) = subR[2] ^ subR[4];
618 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
619 SUBKEY_R(4) = subR[3] ^ subR[5];
620 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
621 SUBKEY_R(5) = subR[4] ^ subR[6];
622 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
623 SUBKEY_R(6) = subR[5] ^ subR[7];
624 tl = subL[10] ^ (subR[10] & ~subR[8]);
625 dw = tl & subL[8], /* FL(kl1) */
626 tr = subR[10] ^ ROL1(dw);
627 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
628 SUBKEY_R(7) = subR[6] ^ tr;
629 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
630 SUBKEY_R(8) = subR[8];
631 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
632 SUBKEY_R(9) = subR[9];
633 tl = subL[7] ^ (subR[7] & ~subR[9]);
634 dw = tl & subL[9], /* FLinv(kl2) */
635 tr = subR[7] ^ ROL1(dw);
636 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
637 SUBKEY_R(10) = tr ^ subR[11];
638 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
639 SUBKEY_R(11) = subR[10] ^ subR[12];
640 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
641 SUBKEY_R(12) = subR[11] ^ subR[13];
642 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
643 SUBKEY_R(13) = subR[12] ^ subR[14];
644 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
645 SUBKEY_R(14) = subR[13] ^ subR[15];
646 tl = subL[18] ^ (subR[18] & ~subR[16]);
647 dw = tl & subL[16], /* FL(kl3) */
648 tr = subR[18] ^ ROL1(dw);
649 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
650 SUBKEY_R(15) = subR[14] ^ tr;
651 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
652 SUBKEY_R(16) = subR[16];
653 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
654 SUBKEY_R(17) = subR[17];
655 tl = subL[15] ^ (subR[15] & ~subR[17]);
656 dw = tl & subL[17], /* FLinv(kl4) */
657 tr = subR[15] ^ ROL1(dw);
658 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
659 SUBKEY_R(18) = tr ^ subR[19];
660 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
661 SUBKEY_R(19) = subR[18] ^ subR[20];
662 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
663 SUBKEY_R(20) = subR[19] ^ subR[21];
664 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
665 SUBKEY_R(21) = subR[20] ^ subR[22];
666 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
667 SUBKEY_R(22) = subR[21] ^ subR[23];
668 SUBKEY_L(23) = subL[22]; /* round 18 */
669 SUBKEY_R(23) = subR[22];
670 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
671 SUBKEY_R(24) = subR[24] ^ subR[23];
672
673 /* apply the inverse of the last half of P-function */
674 camellia_setup_tail(subkey, 24);
675 }
676
677 static void camellia_setup256(const unsigned char *key, u32 *subkey)
678 {
679 u32 kll, klr, krl, krr; /* left half of key */
680 u32 krll, krlr, krrl, krrr; /* right half of key */
681 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
682 u32 kw4l, kw4r, dw, tl, tr;
683 u32 subL[34];
684 u32 subR[34];
685
686 /**
687 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
688 * (|| is concatination)
689 */
690 GETU32(kll, key );
691 GETU32(klr, key + 4);
692 GETU32(krl, key + 8);
693 GETU32(krr, key + 12);
694 GETU32(krll, key + 16);
695 GETU32(krlr, key + 20);
696 GETU32(krrl, key + 24);
697 GETU32(krrr, key + 28);
698
699 /* generate KL dependent subkeys */
700 /* kw1 */
701 subL[0] = kll; subR[0] = klr;
702 /* kw2 */
703 subL[1] = krl; subR[1] = krr;
704 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
705 /* k9 */
706 subL[12] = kll; subR[12] = klr;
707 /* k10 */
708 subL[13] = krl; subR[13] = krr;
709 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
710 /* kl3 */
711 subL[16] = kll; subR[16] = klr;
712 /* kl4 */
713 subL[17] = krl; subR[17] = krr;
714 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
715 /* k17 */
716 subL[22] = kll; subR[22] = klr;
717 /* k18 */
718 subL[23] = krl; subR[23] = krr;
719 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
720 /* k23 */
721 subL[30] = kll; subR[30] = klr;
722 /* k24 */
723 subL[31] = krl; subR[31] = krr;
724
725 /* generate KR dependent subkeys */
726 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
727 /* k3 */
728 subL[4] = krll; subR[4] = krlr;
729 /* k4 */
730 subL[5] = krrl; subR[5] = krrr;
731 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
732 /* kl1 */
733 subL[8] = krll; subR[8] = krlr;
734 /* kl2 */
735 subL[9] = krrl; subR[9] = krrr;
736 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
737 /* k13 */
738 subL[18] = krll; subR[18] = krlr;
739 /* k14 */
740 subL[19] = krrl; subR[19] = krrr;
741 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
742 /* k19 */
743 subL[26] = krll; subR[26] = krlr;
744 /* k20 */
745 subL[27] = krrl; subR[27] = krrr;
746 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
747
748 /* generate KA */
749 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
750 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
751 CAMELLIA_F(kll, klr,
752 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
753 w0, w1, il, ir, t0, t1);
754 krl ^= w0; krr ^= w1;
755 CAMELLIA_F(krl, krr,
756 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
757 kll, klr, il, ir, t0, t1);
758 kll ^= krll; klr ^= krlr;
759 CAMELLIA_F(kll, klr,
760 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
761 krl, krr, il, ir, t0, t1);
762 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
763 CAMELLIA_F(krl, krr,
764 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
765 w0, w1, il, ir, t0, t1);
766 kll ^= w0; klr ^= w1;
767
768 /* generate KB */
769 krll ^= kll; krlr ^= klr;
770 krrl ^= krl; krrr ^= krr;
771 CAMELLIA_F(krll, krlr,
772 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
773 w0, w1, il, ir, t0, t1);
774 krrl ^= w0; krrr ^= w1;
775 CAMELLIA_F(krrl, krrr,
776 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
777 w0, w1, il, ir, t0, t1);
778 krll ^= w0; krlr ^= w1;
779
780 /* generate KA dependent subkeys */
781 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
782 /* k5 */
783 subL[6] = kll; subR[6] = klr;
784 /* k6 */
785 subL[7] = krl; subR[7] = krr;
786 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
787 /* k11 */
788 subL[14] = kll; subR[14] = klr;
789 /* k12 */
790 subL[15] = krl; subR[15] = krr;
791 /* rotation left shift 32bit */
792 /* kl5 */
793 subL[24] = klr; subR[24] = krl;
794 /* kl6 */
795 subL[25] = krr; subR[25] = kll;
796 /* rotation left shift 49 from k11,k12 -> k21,k22 */
797 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
798 /* k21 */
799 subL[28] = kll; subR[28] = klr;
800 /* k22 */
801 subL[29] = krl; subR[29] = krr;
802
803 /* generate KB dependent subkeys */
804 /* k1 */
805 subL[2] = krll; subR[2] = krlr;
806 /* k2 */
807 subL[3] = krrl; subR[3] = krrr;
808 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
809 /* k7 */
810 subL[10] = krll; subR[10] = krlr;
811 /* k8 */
812 subL[11] = krrl; subR[11] = krrr;
813 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
814 /* k15 */
815 subL[20] = krll; subR[20] = krlr;
816 /* k16 */
817 subL[21] = krrl; subR[21] = krrr;
818 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
819 /* kw3 */
820 subL[32] = krll; subR[32] = krlr;
821 /* kw4 */
822 subL[33] = krrl; subR[33] = krrr;
823
824 /* absorb kw2 to other subkeys */
825 /* round 2 */
826 subL[3] ^= subL[1]; subR[3] ^= subR[1];
827 /* round 4 */
828 subL[5] ^= subL[1]; subR[5] ^= subR[1];
829 /* round 6 */
830 subL[7] ^= subL[1]; subR[7] ^= subR[1];
831 subL[1] ^= subR[1] & ~subR[9];
832 dw = subL[1] & subL[9],
833 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
834 /* round 8 */
835 subL[11] ^= subL[1]; subR[11] ^= subR[1];
836 /* round 10 */
837 subL[13] ^= subL[1]; subR[13] ^= subR[1];
838 /* round 12 */
839 subL[15] ^= subL[1]; subR[15] ^= subR[1];
840 subL[1] ^= subR[1] & ~subR[17];
841 dw = subL[1] & subL[17],
842 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
843 /* round 14 */
844 subL[19] ^= subL[1]; subR[19] ^= subR[1];
845 /* round 16 */
846 subL[21] ^= subL[1]; subR[21] ^= subR[1];
847 /* round 18 */
848 subL[23] ^= subL[1]; subR[23] ^= subR[1];
849 subL[1] ^= subR[1] & ~subR[25];
850 dw = subL[1] & subL[25],
851 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
852 /* round 20 */
853 subL[27] ^= subL[1]; subR[27] ^= subR[1];
854 /* round 22 */
855 subL[29] ^= subL[1]; subR[29] ^= subR[1];
856 /* round 24 */
857 subL[31] ^= subL[1]; subR[31] ^= subR[1];
858 /* kw3 */
859 subL[32] ^= subL[1]; subR[32] ^= subR[1];
860
861 /* absorb kw4 to other subkeys */
862 kw4l = subL[33]; kw4r = subR[33];
863 /* round 23 */
864 subL[30] ^= kw4l; subR[30] ^= kw4r;
865 /* round 21 */
866 subL[28] ^= kw4l; subR[28] ^= kw4r;
867 /* round 19 */
868 subL[26] ^= kw4l; subR[26] ^= kw4r;
869 kw4l ^= kw4r & ~subR[24];
870 dw = kw4l & subL[24],
871 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
872 /* round 17 */
873 subL[22] ^= kw4l; subR[22] ^= kw4r;
874 /* round 15 */
875 subL[20] ^= kw4l; subR[20] ^= kw4r;
876 /* round 13 */
877 subL[18] ^= kw4l; subR[18] ^= kw4r;
878 kw4l ^= kw4r & ~subR[16];
879 dw = kw4l & subL[16],
880 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
881 /* round 11 */
882 subL[14] ^= kw4l; subR[14] ^= kw4r;
883 /* round 9 */
884 subL[12] ^= kw4l; subR[12] ^= kw4r;
885 /* round 7 */
886 subL[10] ^= kw4l; subR[10] ^= kw4r;
887 kw4l ^= kw4r & ~subR[8];
888 dw = kw4l & subL[8],
889 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
890 /* round 5 */
891 subL[6] ^= kw4l; subR[6] ^= kw4r;
892 /* round 3 */
893 subL[4] ^= kw4l; subR[4] ^= kw4r;
894 /* round 1 */
895 subL[2] ^= kw4l; subR[2] ^= kw4r;
896 /* kw1 */
897 subL[0] ^= kw4l; subR[0] ^= kw4r;
898
899 /* key XOR is end of F-function */
900 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
901 SUBKEY_R(0) = subR[0] ^ subR[2];
902 SUBKEY_L(2) = subL[3]; /* round 1 */
903 SUBKEY_R(2) = subR[3];
904 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
905 SUBKEY_R(3) = subR[2] ^ subR[4];
906 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
907 SUBKEY_R(4) = subR[3] ^ subR[5];
908 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
909 SUBKEY_R(5) = subR[4] ^ subR[6];
910 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
911 SUBKEY_R(6) = subR[5] ^ subR[7];
912 tl = subL[10] ^ (subR[10] & ~subR[8]);
913 dw = tl & subL[8], /* FL(kl1) */
914 tr = subR[10] ^ ROL1(dw);
915 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
916 SUBKEY_R(7) = subR[6] ^ tr;
917 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
918 SUBKEY_R(8) = subR[8];
919 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
920 SUBKEY_R(9) = subR[9];
921 tl = subL[7] ^ (subR[7] & ~subR[9]);
922 dw = tl & subL[9], /* FLinv(kl2) */
923 tr = subR[7] ^ ROL1(dw);
924 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
925 SUBKEY_R(10) = tr ^ subR[11];
926 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
927 SUBKEY_R(11) = subR[10] ^ subR[12];
928 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
929 SUBKEY_R(12) = subR[11] ^ subR[13];
930 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
931 SUBKEY_R(13) = subR[12] ^ subR[14];
932 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
933 SUBKEY_R(14) = subR[13] ^ subR[15];
934 tl = subL[18] ^ (subR[18] & ~subR[16]);
935 dw = tl & subL[16], /* FL(kl3) */
936 tr = subR[18] ^ ROL1(dw);
937 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
938 SUBKEY_R(15) = subR[14] ^ tr;
939 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
940 SUBKEY_R(16) = subR[16];
941 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
942 SUBKEY_R(17) = subR[17];
943 tl = subL[15] ^ (subR[15] & ~subR[17]);
944 dw = tl & subL[17], /* FLinv(kl4) */
945 tr = subR[15] ^ ROL1(dw);
946 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
947 SUBKEY_R(18) = tr ^ subR[19];
948 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
949 SUBKEY_R(19) = subR[18] ^ subR[20];
950 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
951 SUBKEY_R(20) = subR[19] ^ subR[21];
952 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
953 SUBKEY_R(21) = subR[20] ^ subR[22];
954 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
955 SUBKEY_R(22) = subR[21] ^ subR[23];
956 tl = subL[26] ^ (subR[26] & ~subR[24]);
957 dw = tl & subL[24], /* FL(kl5) */
958 tr = subR[26] ^ ROL1(dw);
959 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
960 SUBKEY_R(23) = subR[22] ^ tr;
961 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
962 SUBKEY_R(24) = subR[24];
963 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
964 SUBKEY_R(25) = subR[25];
965 tl = subL[23] ^ (subR[23] & ~subR[25]);
966 dw = tl & subL[25], /* FLinv(kl6) */
967 tr = subR[23] ^ ROL1(dw);
968 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
969 SUBKEY_R(26) = tr ^ subR[27];
970 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
971 SUBKEY_R(27) = subR[26] ^ subR[28];
972 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
973 SUBKEY_R(28) = subR[27] ^ subR[29];
974 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
975 SUBKEY_R(29) = subR[28] ^ subR[30];
976 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
977 SUBKEY_R(30) = subR[29] ^ subR[31];
978 SUBKEY_L(31) = subL[30]; /* round 24 */
979 SUBKEY_R(31) = subR[30];
980 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
981 SUBKEY_R(32) = subR[32] ^ subR[31];
982
983 /* apply the inverse of the last half of P-function */
984 camellia_setup_tail(subkey, 32);
985 }
986
987 static void camellia_setup192(const unsigned char *key, u32 *subkey)
988 {
989 unsigned char kk[32];
990 u32 krll, krlr, krrl,krrr;
991
992 memcpy(kk, key, 24);
993 memcpy((unsigned char *)&krll, key+16, 4);
994 memcpy((unsigned char *)&krlr, key+20, 4);
995 krrl = ~krll;
996 krrr = ~krlr;
997 memcpy(kk+24, (unsigned char *)&krrl, 4);
998 memcpy(kk+28, (unsigned char *)&krrr, 4);
999 camellia_setup256(kk, subkey);
1000 }
1001
1002
1003 static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1004 {
1005 u32 il,ir,t0,t1; /* temporary variables */
1006
1007 u32 io[4];
1008
1009 /* pre whitening but absorb kw2 */
1010 io[0] = io_text[0] ^ SUBKEY_L(0);
1011 io[1] = io_text[1] ^ SUBKEY_R(0);
1012 io[2] = io_text[2];
1013 io[3] = io_text[3];
1014
1015 /* main iteration */
1016 CAMELLIA_ROUNDSM(io[0],io[1],
1017 SUBKEY_L(2),SUBKEY_R(2),
1018 io[2],io[3],il,ir,t0,t1);
1019 CAMELLIA_ROUNDSM(io[2],io[3],
1020 SUBKEY_L(3),SUBKEY_R(3),
1021 io[0],io[1],il,ir,t0,t1);
1022 CAMELLIA_ROUNDSM(io[0],io[1],
1023 SUBKEY_L(4),SUBKEY_R(4),
1024 io[2],io[3],il,ir,t0,t1);
1025 CAMELLIA_ROUNDSM(io[2],io[3],
1026 SUBKEY_L(5),SUBKEY_R(5),
1027 io[0],io[1],il,ir,t0,t1);
1028 CAMELLIA_ROUNDSM(io[0],io[1],
1029 SUBKEY_L(6),SUBKEY_R(6),
1030 io[2],io[3],il,ir,t0,t1);
1031 CAMELLIA_ROUNDSM(io[2],io[3],
1032 SUBKEY_L(7),SUBKEY_R(7),
1033 io[0],io[1],il,ir,t0,t1);
1034
1035 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1036 SUBKEY_L(8),SUBKEY_R(8),
1037 SUBKEY_L(9),SUBKEY_R(9),
1038 t0,t1,il,ir);
1039
1040 CAMELLIA_ROUNDSM(io[0],io[1],
1041 SUBKEY_L(10),SUBKEY_R(10),
1042 io[2],io[3],il,ir,t0,t1);
1043 CAMELLIA_ROUNDSM(io[2],io[3],
1044 SUBKEY_L(11),SUBKEY_R(11),
1045 io[0],io[1],il,ir,t0,t1);
1046 CAMELLIA_ROUNDSM(io[0],io[1],
1047 SUBKEY_L(12),SUBKEY_R(12),
1048 io[2],io[3],il,ir,t0,t1);
1049 CAMELLIA_ROUNDSM(io[2],io[3],
1050 SUBKEY_L(13),SUBKEY_R(13),
1051 io[0],io[1],il,ir,t0,t1);
1052 CAMELLIA_ROUNDSM(io[0],io[1],
1053 SUBKEY_L(14),SUBKEY_R(14),
1054 io[2],io[3],il,ir,t0,t1);
1055 CAMELLIA_ROUNDSM(io[2],io[3],
1056 SUBKEY_L(15),SUBKEY_R(15),
1057 io[0],io[1],il,ir,t0,t1);
1058
1059 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1060 SUBKEY_L(16),SUBKEY_R(16),
1061 SUBKEY_L(17),SUBKEY_R(17),
1062 t0,t1,il,ir);
1063
1064 CAMELLIA_ROUNDSM(io[0],io[1],
1065 SUBKEY_L(18),SUBKEY_R(18),
1066 io[2],io[3],il,ir,t0,t1);
1067 CAMELLIA_ROUNDSM(io[2],io[3],
1068 SUBKEY_L(19),SUBKEY_R(19),
1069 io[0],io[1],il,ir,t0,t1);
1070 CAMELLIA_ROUNDSM(io[0],io[1],
1071 SUBKEY_L(20),SUBKEY_R(20),
1072 io[2],io[3],il,ir,t0,t1);
1073 CAMELLIA_ROUNDSM(io[2],io[3],
1074 SUBKEY_L(21),SUBKEY_R(21),
1075 io[0],io[1],il,ir,t0,t1);
1076 CAMELLIA_ROUNDSM(io[0],io[1],
1077 SUBKEY_L(22),SUBKEY_R(22),
1078 io[2],io[3],il,ir,t0,t1);
1079 CAMELLIA_ROUNDSM(io[2],io[3],
1080 SUBKEY_L(23),SUBKEY_R(23),
1081 io[0],io[1],il,ir,t0,t1);
1082
1083 /* post whitening but kw4 */
1084 io_text[0] = io[2] ^ SUBKEY_L(24);
1085 io_text[1] = io[3] ^ SUBKEY_R(24);
1086 io_text[2] = io[0];
1087 io_text[3] = io[1];
1088 }
1089
1090 static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1091 {
1092 u32 il,ir,t0,t1; /* temporary variables */
1093
1094 u32 io[4];
1095
1096 /* pre whitening but absorb kw2 */
1097 io[0] = io_text[0] ^ SUBKEY_L(24);
1098 io[1] = io_text[1] ^ SUBKEY_R(24);
1099 io[2] = io_text[2];
1100 io[3] = io_text[3];
1101
1102 /* main iteration */
1103 CAMELLIA_ROUNDSM(io[0],io[1],
1104 SUBKEY_L(23),SUBKEY_R(23),
1105 io[2],io[3],il,ir,t0,t1);
1106 CAMELLIA_ROUNDSM(io[2],io[3],
1107 SUBKEY_L(22),SUBKEY_R(22),
1108 io[0],io[1],il,ir,t0,t1);
1109 CAMELLIA_ROUNDSM(io[0],io[1],
1110 SUBKEY_L(21),SUBKEY_R(21),
1111 io[2],io[3],il,ir,t0,t1);
1112 CAMELLIA_ROUNDSM(io[2],io[3],
1113 SUBKEY_L(20),SUBKEY_R(20),
1114 io[0],io[1],il,ir,t0,t1);
1115 CAMELLIA_ROUNDSM(io[0],io[1],
1116 SUBKEY_L(19),SUBKEY_R(19),
1117 io[2],io[3],il,ir,t0,t1);
1118 CAMELLIA_ROUNDSM(io[2],io[3],
1119 SUBKEY_L(18),SUBKEY_R(18),
1120 io[0],io[1],il,ir,t0,t1);
1121
1122 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1123 SUBKEY_L(17),SUBKEY_R(17),
1124 SUBKEY_L(16),SUBKEY_R(16),
1125 t0,t1,il,ir);
1126
1127 CAMELLIA_ROUNDSM(io[0],io[1],
1128 SUBKEY_L(15),SUBKEY_R(15),
1129 io[2],io[3],il,ir,t0,t1);
1130 CAMELLIA_ROUNDSM(io[2],io[3],
1131 SUBKEY_L(14),SUBKEY_R(14),
1132 io[0],io[1],il,ir,t0,t1);
1133 CAMELLIA_ROUNDSM(io[0],io[1],
1134 SUBKEY_L(13),SUBKEY_R(13),
1135 io[2],io[3],il,ir,t0,t1);
1136 CAMELLIA_ROUNDSM(io[2],io[3],
1137 SUBKEY_L(12),SUBKEY_R(12),
1138 io[0],io[1],il,ir,t0,t1);
1139 CAMELLIA_ROUNDSM(io[0],io[1],
1140 SUBKEY_L(11),SUBKEY_R(11),
1141 io[2],io[3],il,ir,t0,t1);
1142 CAMELLIA_ROUNDSM(io[2],io[3],
1143 SUBKEY_L(10),SUBKEY_R(10),
1144 io[0],io[1],il,ir,t0,t1);
1145
1146 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1147 SUBKEY_L(9),SUBKEY_R(9),
1148 SUBKEY_L(8),SUBKEY_R(8),
1149 t0,t1,il,ir);
1150
1151 CAMELLIA_ROUNDSM(io[0],io[1],
1152 SUBKEY_L(7),SUBKEY_R(7),
1153 io[2],io[3],il,ir,t0,t1);
1154 CAMELLIA_ROUNDSM(io[2],io[3],
1155 SUBKEY_L(6),SUBKEY_R(6),
1156 io[0],io[1],il,ir,t0,t1);
1157 CAMELLIA_ROUNDSM(io[0],io[1],
1158 SUBKEY_L(5),SUBKEY_R(5),
1159 io[2],io[3],il,ir,t0,t1);
1160 CAMELLIA_ROUNDSM(io[2],io[3],
1161 SUBKEY_L(4),SUBKEY_R(4),
1162 io[0],io[1],il,ir,t0,t1);
1163 CAMELLIA_ROUNDSM(io[0],io[1],
1164 SUBKEY_L(3),SUBKEY_R(3),
1165 io[2],io[3],il,ir,t0,t1);
1166 CAMELLIA_ROUNDSM(io[2],io[3],
1167 SUBKEY_L(2),SUBKEY_R(2),
1168 io[0],io[1],il,ir,t0,t1);
1169
1170 /* post whitening but kw4 */
1171 io_text[0] = io[2] ^ SUBKEY_L(0);
1172 io_text[1] = io[3] ^ SUBKEY_R(0);
1173 io_text[2] = io[0];
1174 io_text[3] = io[1];
1175 }
1176
1177 static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1178 {
1179 u32 il,ir,t0,t1; /* temporary variables */
1180
1181 u32 io[4];
1182
1183 /* pre whitening but absorb kw2 */
1184 io[0] = io_text[0] ^ SUBKEY_L(0);
1185 io[1] = io_text[1] ^ SUBKEY_R(0);
1186 io[2] = io_text[2];
1187 io[3] = io_text[3];
1188
1189 /* main iteration */
1190 CAMELLIA_ROUNDSM(io[0],io[1],
1191 SUBKEY_L(2),SUBKEY_R(2),
1192 io[2],io[3],il,ir,t0,t1);
1193 CAMELLIA_ROUNDSM(io[2],io[3],
1194 SUBKEY_L(3),SUBKEY_R(3),
1195 io[0],io[1],il,ir,t0,t1);
1196 CAMELLIA_ROUNDSM(io[0],io[1],
1197 SUBKEY_L(4),SUBKEY_R(4),
1198 io[2],io[3],il,ir,t0,t1);
1199 CAMELLIA_ROUNDSM(io[2],io[3],
1200 SUBKEY_L(5),SUBKEY_R(5),
1201 io[0],io[1],il,ir,t0,t1);
1202 CAMELLIA_ROUNDSM(io[0],io[1],
1203 SUBKEY_L(6),SUBKEY_R(6),
1204 io[2],io[3],il,ir,t0,t1);
1205 CAMELLIA_ROUNDSM(io[2],io[3],
1206 SUBKEY_L(7),SUBKEY_R(7),
1207 io[0],io[1],il,ir,t0,t1);
1208
1209 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1210 SUBKEY_L(8),SUBKEY_R(8),
1211 SUBKEY_L(9),SUBKEY_R(9),
1212 t0,t1,il,ir);
1213
1214 CAMELLIA_ROUNDSM(io[0],io[1],
1215 SUBKEY_L(10),SUBKEY_R(10),
1216 io[2],io[3],il,ir,t0,t1);
1217 CAMELLIA_ROUNDSM(io[2],io[3],
1218 SUBKEY_L(11),SUBKEY_R(11),
1219 io[0],io[1],il,ir,t0,t1);
1220 CAMELLIA_ROUNDSM(io[0],io[1],
1221 SUBKEY_L(12),SUBKEY_R(12),
1222 io[2],io[3],il,ir,t0,t1);
1223 CAMELLIA_ROUNDSM(io[2],io[3],
1224 SUBKEY_L(13),SUBKEY_R(13),
1225 io[0],io[1],il,ir,t0,t1);
1226 CAMELLIA_ROUNDSM(io[0],io[1],
1227 SUBKEY_L(14),SUBKEY_R(14),
1228 io[2],io[3],il,ir,t0,t1);
1229 CAMELLIA_ROUNDSM(io[2],io[3],
1230 SUBKEY_L(15),SUBKEY_R(15),
1231 io[0],io[1],il,ir,t0,t1);
1232
1233 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1234 SUBKEY_L(16),SUBKEY_R(16),
1235 SUBKEY_L(17),SUBKEY_R(17),
1236 t0,t1,il,ir);
1237
1238 CAMELLIA_ROUNDSM(io[0],io[1],
1239 SUBKEY_L(18),SUBKEY_R(18),
1240 io[2],io[3],il,ir,t0,t1);
1241 CAMELLIA_ROUNDSM(io[2],io[3],
1242 SUBKEY_L(19),SUBKEY_R(19),
1243 io[0],io[1],il,ir,t0,t1);
1244 CAMELLIA_ROUNDSM(io[0],io[1],
1245 SUBKEY_L(20),SUBKEY_R(20),
1246 io[2],io[3],il,ir,t0,t1);
1247 CAMELLIA_ROUNDSM(io[2],io[3],
1248 SUBKEY_L(21),SUBKEY_R(21),
1249 io[0],io[1],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[0],io[1],
1251 SUBKEY_L(22),SUBKEY_R(22),
1252 io[2],io[3],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[2],io[3],
1254 SUBKEY_L(23),SUBKEY_R(23),
1255 io[0],io[1],il,ir,t0,t1);
1256
1257 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1258 SUBKEY_L(24),SUBKEY_R(24),
1259 SUBKEY_L(25),SUBKEY_R(25),
1260 t0,t1,il,ir);
1261
1262 CAMELLIA_ROUNDSM(io[0],io[1],
1263 SUBKEY_L(26),SUBKEY_R(26),
1264 io[2],io[3],il,ir,t0,t1);
1265 CAMELLIA_ROUNDSM(io[2],io[3],
1266 SUBKEY_L(27),SUBKEY_R(27),
1267 io[0],io[1],il,ir,t0,t1);
1268 CAMELLIA_ROUNDSM(io[0],io[1],
1269 SUBKEY_L(28),SUBKEY_R(28),
1270 io[2],io[3],il,ir,t0,t1);
1271 CAMELLIA_ROUNDSM(io[2],io[3],
1272 SUBKEY_L(29),SUBKEY_R(29),
1273 io[0],io[1],il,ir,t0,t1);
1274 CAMELLIA_ROUNDSM(io[0],io[1],
1275 SUBKEY_L(30),SUBKEY_R(30),
1276 io[2],io[3],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[2],io[3],
1278 SUBKEY_L(31),SUBKEY_R(31),
1279 io[0],io[1],il,ir,t0,t1);
1280
1281 /* post whitening but kw4 */
1282 io_text[0] = io[2] ^ SUBKEY_L(32);
1283 io_text[1] = io[3] ^ SUBKEY_R(32);
1284 io_text[2] = io[0];
1285 io_text[3] = io[1];
1286 }
1287
1288 static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1289 {
1290 u32 il,ir,t0,t1; /* temporary variables */
1291
1292 u32 io[4];
1293
1294 /* pre whitening but absorb kw2 */
1295 io[0] = io_text[0] ^ SUBKEY_L(32);
1296 io[1] = io_text[1] ^ SUBKEY_R(32);
1297 io[2] = io_text[2];
1298 io[3] = io_text[3];
1299
1300 /* main iteration */
1301 CAMELLIA_ROUNDSM(io[0],io[1],
1302 SUBKEY_L(31),SUBKEY_R(31),
1303 io[2],io[3],il,ir,t0,t1);
1304 CAMELLIA_ROUNDSM(io[2],io[3],
1305 SUBKEY_L(30),SUBKEY_R(30),
1306 io[0],io[1],il,ir,t0,t1);
1307 CAMELLIA_ROUNDSM(io[0],io[1],
1308 SUBKEY_L(29),SUBKEY_R(29),
1309 io[2],io[3],il,ir,t0,t1);
1310 CAMELLIA_ROUNDSM(io[2],io[3],
1311 SUBKEY_L(28),SUBKEY_R(28),
1312 io[0],io[1],il,ir,t0,t1);
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 SUBKEY_L(27),SUBKEY_R(27),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 SUBKEY_L(26),SUBKEY_R(26),
1318 io[0],io[1],il,ir,t0,t1);
1319
1320 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1321 SUBKEY_L(25),SUBKEY_R(25),
1322 SUBKEY_L(24),SUBKEY_R(24),
1323 t0,t1,il,ir);
1324
1325 CAMELLIA_ROUNDSM(io[0],io[1],
1326 SUBKEY_L(23),SUBKEY_R(23),
1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
1329 SUBKEY_L(22),SUBKEY_R(22),
1330 io[0],io[1],il,ir,t0,t1);
1331 CAMELLIA_ROUNDSM(io[0],io[1],
1332 SUBKEY_L(21),SUBKEY_R(21),
1333 io[2],io[3],il,ir,t0,t1);
1334 CAMELLIA_ROUNDSM(io[2],io[3],
1335 SUBKEY_L(20),SUBKEY_R(20),
1336 io[0],io[1],il,ir,t0,t1);
1337 CAMELLIA_ROUNDSM(io[0],io[1],
1338 SUBKEY_L(19),SUBKEY_R(19),
1339 io[2],io[3],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[2],io[3],
1341 SUBKEY_L(18),SUBKEY_R(18),
1342 io[0],io[1],il,ir,t0,t1);
1343
1344 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1345 SUBKEY_L(17),SUBKEY_R(17),
1346 SUBKEY_L(16),SUBKEY_R(16),
1347 t0,t1,il,ir);
1348
1349 CAMELLIA_ROUNDSM(io[0],io[1],
1350 SUBKEY_L(15),SUBKEY_R(15),
1351 io[2],io[3],il,ir,t0,t1);
1352 CAMELLIA_ROUNDSM(io[2],io[3],
1353 SUBKEY_L(14),SUBKEY_R(14),
1354 io[0],io[1],il,ir,t0,t1);
1355 CAMELLIA_ROUNDSM(io[0],io[1],
1356 SUBKEY_L(13),SUBKEY_R(13),
1357 io[2],io[3],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[2],io[3],
1359 SUBKEY_L(12),SUBKEY_R(12),
1360 io[0],io[1],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 SUBKEY_L(11),SUBKEY_R(11),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 SUBKEY_L(10),SUBKEY_R(10),
1366 io[0],io[1],il,ir,t0,t1);
1367
1368 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1369 SUBKEY_L(9),SUBKEY_R(9),
1370 SUBKEY_L(8),SUBKEY_R(8),
1371 t0,t1,il,ir);
1372
1373 CAMELLIA_ROUNDSM(io[0],io[1],
1374 SUBKEY_L(7),SUBKEY_R(7),
1375 io[2],io[3],il,ir,t0,t1);
1376 CAMELLIA_ROUNDSM(io[2],io[3],
1377 SUBKEY_L(6),SUBKEY_R(6),
1378 io[0],io[1],il,ir,t0,t1);
1379 CAMELLIA_ROUNDSM(io[0],io[1],
1380 SUBKEY_L(5),SUBKEY_R(5),
1381 io[2],io[3],il,ir,t0,t1);
1382 CAMELLIA_ROUNDSM(io[2],io[3],
1383 SUBKEY_L(4),SUBKEY_R(4),
1384 io[0],io[1],il,ir,t0,t1);
1385 CAMELLIA_ROUNDSM(io[0],io[1],
1386 SUBKEY_L(3),SUBKEY_R(3),
1387 io[2],io[3],il,ir,t0,t1);
1388 CAMELLIA_ROUNDSM(io[2],io[3],
1389 SUBKEY_L(2),SUBKEY_R(2),
1390 io[0],io[1],il,ir,t0,t1);
1391
1392 /* post whitening but kw4 */
1393 io_text[0] = io[2] ^ SUBKEY_L(0);
1394 io_text[1] = io[3] ^ SUBKEY_R(0);
1395 io_text[2] = io[0];
1396 io_text[3] = io[1];
1397 }
1398
1399
1400 struct camellia_ctx {
1401 int key_length;
1402 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / 4];
1403 };
1404
1405 static int
1406 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1407 unsigned int key_len)
1408 {
1409 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1410 const unsigned char *key = (const unsigned char *)in_key;
1411 u32 *flags = &tfm->crt_flags;
1412
1413 if (key_len != 16 && key_len != 24 && key_len != 32) {
1414 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1415 return -EINVAL;
1416 }
1417
1418 cctx->key_length = key_len;
1419
1420 switch (key_len) {
1421 case 16:
1422 camellia_setup128(key, cctx->key_table);
1423 break;
1424 case 24:
1425 camellia_setup192(key, cctx->key_table);
1426 break;
1427 case 32:
1428 camellia_setup256(key, cctx->key_table);
1429 break;
1430 }
1431
1432 return 0;
1433 }
1434
1435 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1436 {
1437 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1438 const __be32 *src = (const __be32 *)in;
1439 __be32 *dst = (__be32 *)out;
1440
1441 u32 tmp[4];
1442
1443 tmp[0] = be32_to_cpu(src[0]);
1444 tmp[1] = be32_to_cpu(src[1]);
1445 tmp[2] = be32_to_cpu(src[2]);
1446 tmp[3] = be32_to_cpu(src[3]);
1447
1448 switch (cctx->key_length) {
1449 case 16:
1450 camellia_encrypt128(cctx->key_table, tmp);
1451 break;
1452 case 24:
1453 /* fall through */
1454 case 32:
1455 camellia_encrypt256(cctx->key_table, tmp);
1456 break;
1457 }
1458
1459 dst[0] = cpu_to_be32(tmp[0]);
1460 dst[1] = cpu_to_be32(tmp[1]);
1461 dst[2] = cpu_to_be32(tmp[2]);
1462 dst[3] = cpu_to_be32(tmp[3]);
1463 }
1464
1465 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1466 {
1467 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1468 const __be32 *src = (const __be32 *)in;
1469 __be32 *dst = (__be32 *)out;
1470
1471 u32 tmp[4];
1472
1473 tmp[0] = be32_to_cpu(src[0]);
1474 tmp[1] = be32_to_cpu(src[1]);
1475 tmp[2] = be32_to_cpu(src[2]);
1476 tmp[3] = be32_to_cpu(src[3]);
1477
1478 switch (cctx->key_length) {
1479 case 16:
1480 camellia_decrypt128(cctx->key_table, tmp);
1481 break;
1482 case 24:
1483 /* fall through */
1484 case 32:
1485 camellia_decrypt256(cctx->key_table, tmp);
1486 break;
1487 }
1488
1489 dst[0] = cpu_to_be32(tmp[0]);
1490 dst[1] = cpu_to_be32(tmp[1]);
1491 dst[2] = cpu_to_be32(tmp[2]);
1492 dst[3] = cpu_to_be32(tmp[3]);
1493 }
1494
1495 static struct crypto_alg camellia_alg = {
1496 .cra_name = "camellia",
1497 .cra_driver_name = "camellia-generic",
1498 .cra_priority = 100,
1499 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1500 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1501 .cra_ctxsize = sizeof(struct camellia_ctx),
1502 .cra_alignmask = 3,
1503 .cra_module = THIS_MODULE,
1504 .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1505 .cra_u = {
1506 .cipher = {
1507 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1508 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1509 .cia_setkey = camellia_set_key,
1510 .cia_encrypt = camellia_encrypt,
1511 .cia_decrypt = camellia_decrypt
1512 }
1513 }
1514 };
1515
1516 static int __init camellia_init(void)
1517 {
1518 return crypto_register_alg(&camellia_alg);
1519 }
1520
1521 static void __exit camellia_fini(void)
1522 {
1523 crypto_unregister_alg(&camellia_alg);
1524 }
1525
1526 module_init(camellia_init);
1527 module_exit(camellia_fini);
1528
1529 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1530 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.100676 seconds and 6 git commands to generate.