1 /* camellia.h ver 1.1.0 2 * 3 * Copyright (c) 2006 4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer as 11 * the first lines of this file unmodified. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * 27 * $FreeBSD: src/sys/crypto/camellia/camellia.c,v 1.1 2007/05/09 19:37:01 gnn Exp $ 28 */ 29 30 /* 31 * Algorithm Specification 32 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 33 */ 34 35 #include <sys/cdefs.h> 36 #include <sys/types.h> 37 #include <sys/endian.h> 38 #ifdef _KERNEL 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #else 42 #include <string.h> 43 #include <assert.h> 44 #define KASSERT(exp, msg) assert(exp) 45 #endif 46 47 #include <crypto/camellia/camellia.h> 48 49 50 /* key constants */ 51 52 #define CAMELLIA_SIGMA1L (0xA09E667FL) 53 #define CAMELLIA_SIGMA1R (0x3BCC908BL) 54 #define CAMELLIA_SIGMA2L (0xB67AE858L) 55 #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 56 #define CAMELLIA_SIGMA3L (0xC6EF372FL) 57 #define CAMELLIA_SIGMA3R (0xE94F82BEL) 58 #define CAMELLIA_SIGMA4L (0x54FF53A5L) 59 #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 60 #define CAMELLIA_SIGMA5L (0x10E527FAL) 61 #define CAMELLIA_SIGMA5R (0xDE682D1DL) 62 #define CAMELLIA_SIGMA6L (0xB05688C2L) 63 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 64 65 /* 66 * macros 67 */ 68 #define GETU32(pt) (((uint32_t)(pt)[0] << 24) \ 69 ^ ((uint32_t)(pt)[1] << 16) \ 70 ^ ((uint32_t)(pt)[2] << 8) \ 71 ^ ((uint32_t)(pt)[3])) 72 73 #define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24); \ 74 (ct)[1] = (uint8_t)((st) >> 16); \ 75 (ct)[2] = (uint8_t)((st) >> 8); \ 76 (ct)[3] = (uint8_t)(st);} 77 78 #define SUBL(INDEX) (subkey[(INDEX)*2+1]) 79 #define SUBR(INDEX) (subkey[(INDEX)*2]) 80 81 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 82 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 83 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 84 85 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 86 do { \ 87 w0 = ll; \ 88 ll = (ll << bits) + (lr >> (32 - bits)); \ 89 lr = (lr << bits) + (rl >> (32 - bits)); \ 90 rl = (rl << bits) + (rr >> (32 - bits)); \ 91 rr = (rr << bits) + (w0 >> (32 - bits)); \ 92 } while(0) 93 94 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 95 do { \ 96 w0 = ll; \ 97 w1 = lr; \ 98 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 99 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 100 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 101 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 102 } while(0) 103 104 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 105 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 106 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 107 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 108 109 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 110 do { \ 111 il = xl ^ kl; \ 112 ir = xr ^ kr; \ 113 t0 = il >> 16; \ 114 t1 = ir >> 16; \ 115 yl = CAMELLIA_SP1110(ir & 0xff) \ 116 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 117 ^ CAMELLIA_SP3033(t1 & 0xff) \ 118 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 119 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 120 ^ CAMELLIA_SP0222(t0 & 0xff) \ 121 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 122 ^ CAMELLIA_SP4404(il & 0xff); \ 123 yl ^= yr; \ 124 yr = CAMELLIA_RR8(yr); \ 125 yr ^= yl; \ 126 } while(0) 127 128 129 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 130 do { \ 131 t0 = kll; \ 132 t2 = krr; \ 133 t0 &= ll; \ 134 t2 |= rr; \ 135 rl ^= t2; \ 136 lr ^= CAMELLIA_RL1(t0); \ 137 t3 = krl; \ 138 t1 = klr; \ 139 t3 &= rl; \ 140 t1 |= lr; \ 141 ll ^= t1; \ 142 rr ^= CAMELLIA_RL1(t3); \ 143 } while(0) 144 145 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 146 do { \ 147 ir = CAMELLIA_SP1110(xr & 0xff); \ 148 il = CAMELLIA_SP1110((xl>>24) & 0xff); \ 149 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ 150 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ 151 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ 152 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ 153 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ 154 il ^= CAMELLIA_SP4404(xl & 0xff); \ 155 il ^= kl; \ 156 ir ^= kr; \ 157 ir ^= il; \ 158 il = CAMELLIA_RR8(il); \ 159 il ^= ir; \ 160 yl ^= ir; \ 161 yr ^= il; \ 162 } while(0) 163 164 165 static const uint32_t camellia_sp1110[256] = { 166 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 167 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 168 0xe4e4e400,0x85858500,0x57575700,0x35353500, 169 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 170 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 171 0x45454500,0x19191900,0xa5a5a500,0x21212100, 172 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 173 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 174 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 175 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 176 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 177 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 178 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 179 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 180 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 181 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 182 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 183 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 184 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 185 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 186 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 187 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 188 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 189 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 190 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 191 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 192 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 193 0x53535300,0x18181800,0xf2f2f200,0x22222200, 194 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 195 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 196 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 197 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 198 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 199 0xa1a1a100,0x89898900,0x62626200,0x97979700, 200 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 201 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 202 0x10101000,0xc4c4c400,0x00000000,0x48484800, 203 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 204 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 205 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 206 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 207 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 208 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 209 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 210 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 211 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 212 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 213 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 214 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 215 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 216 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 217 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 218 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 219 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 220 0xd4d4d400,0x25252500,0xababab00,0x42424200, 221 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 222 0x72727200,0x07070700,0xb9b9b900,0x55555500, 223 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 224 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 225 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 226 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 227 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 228 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 229 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 230 }; 231 232 static const uint32_t camellia_sp0222[256] = { 233 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 234 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 235 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 236 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 237 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 238 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 239 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 240 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 241 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 242 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 243 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 244 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 245 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 246 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 247 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 248 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 249 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 250 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 251 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 252 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 253 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 254 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 255 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 256 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 257 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 258 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 259 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 260 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 261 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 262 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 263 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 264 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 265 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 266 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 267 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 268 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 269 0x00202020,0x00898989,0x00000000,0x00909090, 270 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 271 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 272 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 273 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 274 0x009b9b9b,0x00949494,0x00212121,0x00666666, 275 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 276 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 277 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 278 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 279 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 280 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 281 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 282 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 283 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 284 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 285 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 286 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 287 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 288 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 289 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 290 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 291 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 292 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 293 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 294 0x00777777,0x00939393,0x00868686,0x00838383, 295 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 296 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 297 }; 298 299 static const uint32_t camellia_sp3033[256] = { 300 0x38003838,0x41004141,0x16001616,0x76007676, 301 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 302 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 303 0x75007575,0x06000606,0x57005757,0xa000a0a0, 304 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 305 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 306 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 307 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 308 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 309 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 310 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 311 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 312 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 313 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 314 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 315 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 316 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 317 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 318 0x3a003a3a,0x09000909,0x95009595,0x10001010, 319 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 320 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 321 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 322 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 323 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 324 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 325 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 326 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 327 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 328 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 329 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 330 0x12001212,0x04000404,0x74007474,0x54005454, 331 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 332 0x55005555,0x68006868,0x50005050,0xbe00bebe, 333 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 334 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 335 0x70007070,0xff00ffff,0x32003232,0x69006969, 336 0x08000808,0x62006262,0x00000000,0x24002424, 337 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 338 0x45004545,0x81008181,0x73007373,0x6d006d6d, 339 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 340 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 341 0xe600e6e6,0x25002525,0x48004848,0x99009999, 342 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 343 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 344 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 345 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 346 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 347 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 348 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 349 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 350 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 351 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 352 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 353 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 354 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 355 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 356 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 357 0x7c007c7c,0x77007777,0x56005656,0x05000505, 358 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 359 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 360 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 361 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 362 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 363 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 364 }; 365 366 static const uint32_t camellia_sp4404[256] = { 367 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 368 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 369 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 370 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 371 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 372 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 373 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 374 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 375 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 376 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 377 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 378 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 379 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 380 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 381 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 382 0x24240024,0xe8e800e8,0x60600060,0x69690069, 383 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 384 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 385 0x10100010,0x00000000,0xa3a300a3,0x75750075, 386 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 387 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 388 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 389 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 390 0x81810081,0x6f6f006f,0x13130013,0x63630063, 391 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 392 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 393 0x78780078,0x06060006,0xe7e700e7,0x71710071, 394 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 395 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 396 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 397 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 398 0x15150015,0xadad00ad,0x77770077,0x80800080, 399 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 400 0x85850085,0x35350035,0x0c0c000c,0x41410041, 401 0xefef00ef,0x93930093,0x19190019,0x21210021, 402 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 403 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 404 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 405 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 406 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 407 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 408 0x12120012,0x20200020,0xb1b100b1,0x99990099, 409 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 410 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 411 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 412 0x0f0f000f,0x16160016,0x18180018,0x22220022, 413 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 414 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 415 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 416 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 417 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 418 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 419 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 420 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 421 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 422 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 423 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 424 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 425 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 426 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 427 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 428 0x49490049,0x68680068,0x38380038,0xa4a400a4, 429 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 430 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 431 }; 432 433 434 /* 435 * Stuff related to the Camellia key schedule 436 */ 437 #define subl(x) subL[(x)] 438 #define subr(x) subR[(x)] 439 440 void 441 camellia_setup128(const unsigned char *key, uint32_t *subkey) 442 { 443 uint32_t kll, klr, krl, krr; 444 uint32_t il, ir, t0, t1, w0, w1; 445 uint32_t kw4l, kw4r, dw, tl, tr; 446 uint32_t subL[26]; 447 uint32_t subR[26]; 448 449 /* 450 * k == kll || klr || krl || krr (|| is concatination) 451 */ 452 kll = GETU32(key ); 453 klr = GETU32(key + 4); 454 krl = GETU32(key + 8); 455 krr = GETU32(key + 12); 456 /* 457 * generate KL dependent subkeys 458 */ 459 subl(0) = kll; subr(0) = klr; 460 subl(1) = krl; subr(1) = krr; 461 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 462 subl(4) = kll; subr(4) = klr; 463 subl(5) = krl; subr(5) = krr; 464 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 465 subl(10) = kll; subr(10) = klr; 466 subl(11) = krl; subr(11) = krr; 467 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 468 subl(13) = krl; subr(13) = krr; 469 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 470 subl(16) = kll; subr(16) = klr; 471 subl(17) = krl; subr(17) = krr; 472 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 473 subl(18) = kll; subr(18) = klr; 474 subl(19) = krl; subr(19) = krr; 475 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 476 subl(22) = kll; subr(22) = klr; 477 subl(23) = krl; subr(23) = krr; 478 479 /* generate KA */ 480 kll = subl(0); klr = subr(0); 481 krl = subl(1); krr = subr(1); 482 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 483 w0, w1, il, ir, t0, t1); 484 krl ^= w0; krr ^= w1; 485 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 486 kll, klr, il, ir, t0, t1); 487 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 488 krl, krr, il, ir, t0, t1); 489 krl ^= w0; krr ^= w1; 490 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 491 w0, w1, il, ir, t0, t1); 492 kll ^= w0; klr ^= w1; 493 494 /* generate KA dependent subkeys */ 495 subl(2) = kll; subr(2) = klr; 496 subl(3) = krl; subr(3) = krr; 497 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 498 subl(6) = kll; subr(6) = klr; 499 subl(7) = krl; subr(7) = krr; 500 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 501 subl(8) = kll; subr(8) = klr; 502 subl(9) = krl; subr(9) = krr; 503 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 504 subl(12) = kll; subr(12) = klr; 505 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 506 subl(14) = kll; subr(14) = klr; 507 subl(15) = krl; subr(15) = krr; 508 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 509 subl(20) = kll; subr(20) = klr; 510 subl(21) = krl; subr(21) = krr; 511 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 512 subl(24) = kll; subr(24) = klr; 513 subl(25) = krl; subr(25) = krr; 514 515 516 /* absorb kw2 to other subkeys */ 517 subl(3) ^= subl(1); subr(3) ^= subr(1); 518 subl(5) ^= subl(1); subr(5) ^= subr(1); 519 subl(7) ^= subl(1); subr(7) ^= subr(1); 520 subl(1) ^= subr(1) & ~subr(9); 521 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 522 subl(11) ^= subl(1); subr(11) ^= subr(1); 523 subl(13) ^= subl(1); subr(13) ^= subr(1); 524 subl(15) ^= subl(1); subr(15) ^= subr(1); 525 subl(1) ^= subr(1) & ~subr(17); 526 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 527 subl(19) ^= subl(1); subr(19) ^= subr(1); 528 subl(21) ^= subl(1); subr(21) ^= subr(1); 529 subl(23) ^= subl(1); subr(23) ^= subr(1); 530 subl(24) ^= subl(1); subr(24) ^= subr(1); 531 532 /* absorb kw4 to other subkeys */ 533 kw4l = subl(25); kw4r = subr(25); 534 subl(22) ^= kw4l; subr(22) ^= kw4r; 535 subl(20) ^= kw4l; subr(20) ^= kw4r; 536 subl(18) ^= kw4l; subr(18) ^= kw4r; 537 kw4l ^= kw4r & ~subr(16); 538 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 539 subl(14) ^= kw4l; subr(14) ^= kw4r; 540 subl(12) ^= kw4l; subr(12) ^= kw4r; 541 subl(10) ^= kw4l; subr(10) ^= kw4r; 542 kw4l ^= kw4r & ~subr(8); 543 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 544 subl(6) ^= kw4l; subr(6) ^= kw4r; 545 subl(4) ^= kw4l; subr(4) ^= kw4r; 546 subl(2) ^= kw4l; subr(2) ^= kw4r; 547 subl(0) ^= kw4l; subr(0) ^= kw4r; 548 549 /* key XOR is end of F-function */ 550 SUBL(0) = subl(0) ^ subl(2); 551 SUBR(0) = subr(0) ^ subr(2); 552 SUBL(2) = subl(3); 553 SUBR(2) = subr(3); 554 SUBL(3) = subl(2) ^ subl(4); 555 SUBR(3) = subr(2) ^ subr(4); 556 SUBL(4) = subl(3) ^ subl(5); 557 SUBR(4) = subr(3) ^ subr(5); 558 SUBL(5) = subl(4) ^ subl(6); 559 SUBR(5) = subr(4) ^ subr(6); 560 SUBL(6) = subl(5) ^ subl(7); 561 SUBR(6) = subr(5) ^ subr(7); 562 tl = subl(10) ^ (subr(10) & ~subr(8)); 563 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 564 SUBL(7) = subl(6) ^ tl; 565 SUBR(7) = subr(6) ^ tr; 566 SUBL(8) = subl(8); 567 SUBR(8) = subr(8); 568 SUBL(9) = subl(9); 569 SUBR(9) = subr(9); 570 tl = subl(7) ^ (subr(7) & ~subr(9)); 571 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 572 SUBL(10) = tl ^ subl(11); 573 SUBR(10) = tr ^ subr(11); 574 SUBL(11) = subl(10) ^ subl(12); 575 SUBR(11) = subr(10) ^ subr(12); 576 SUBL(12) = subl(11) ^ subl(13); 577 SUBR(12) = subr(11) ^ subr(13); 578 SUBL(13) = subl(12) ^ subl(14); 579 SUBR(13) = subr(12) ^ subr(14); 580 SUBL(14) = subl(13) ^ subl(15); 581 SUBR(14) = subr(13) ^ subr(15); 582 tl = subl(18) ^ (subr(18) & ~subr(16)); 583 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 584 SUBL(15) = subl(14) ^ tl; 585 SUBR(15) = subr(14) ^ tr; 586 SUBL(16) = subl(16); 587 SUBR(16) = subr(16); 588 SUBL(17) = subl(17); 589 SUBR(17) = subr(17); 590 tl = subl(15) ^ (subr(15) & ~subr(17)); 591 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 592 SUBL(18) = tl ^ subl(19); 593 SUBR(18) = tr ^ subr(19); 594 SUBL(19) = subl(18) ^ subl(20); 595 SUBR(19) = subr(18) ^ subr(20); 596 SUBL(20) = subl(19) ^ subl(21); 597 SUBR(20) = subr(19) ^ subr(21); 598 SUBL(21) = subl(20) ^ subl(22); 599 SUBR(21) = subr(20) ^ subr(22); 600 SUBL(22) = subl(21) ^ subl(23); 601 SUBR(22) = subr(21) ^ subr(23); 602 SUBL(23) = subl(22); 603 SUBR(23) = subr(22); 604 SUBL(24) = subl(24) ^ subl(23); 605 SUBR(24) = subr(24) ^ subr(23); 606 607 /* apply the inverse of the last half of P-function */ 608 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 609 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 610 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 611 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 612 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 613 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 614 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 615 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 616 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 617 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 618 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 619 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 620 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 621 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 622 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 623 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 624 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 625 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 626 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 627 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 628 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 629 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 630 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 631 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 632 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 633 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 634 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 635 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 636 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 637 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 638 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 639 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 640 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 641 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 642 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 643 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 644 } 645 646 void 647 camellia_setup256(const unsigned char *key, uint32_t *subkey) 648 { 649 uint32_t kll,klr,krl,krr; /* left half of key */ 650 uint32_t krll,krlr,krrl,krrr; /* right half of key */ 651 uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */ 652 uint32_t kw4l, kw4r, dw, tl, tr; 653 uint32_t subL[34]; 654 uint32_t subR[34]; 655 656 /* 657 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 658 * (|| is concatination) 659 */ 660 661 kll = GETU32(key ); 662 klr = GETU32(key + 4); 663 krl = GETU32(key + 8); 664 krr = GETU32(key + 12); 665 krll = GETU32(key + 16); 666 krlr = GETU32(key + 20); 667 krrl = GETU32(key + 24); 668 krrr = GETU32(key + 28); 669 670 /* generate KL dependent subkeys */ 671 subl(0) = kll; subr(0) = klr; 672 subl(1) = krl; subr(1) = krr; 673 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 674 subl(12) = kll; subr(12) = klr; 675 subl(13) = krl; subr(13) = krr; 676 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 677 subl(16) = kll; subr(16) = klr; 678 subl(17) = krl; subr(17) = krr; 679 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 680 subl(22) = kll; subr(22) = klr; 681 subl(23) = krl; subr(23) = krr; 682 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 683 subl(30) = kll; subr(30) = klr; 684 subl(31) = krl; subr(31) = krr; 685 686 /* generate KR dependent subkeys */ 687 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 688 subl(4) = krll; subr(4) = krlr; 689 subl(5) = krrl; subr(5) = krrr; 690 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 691 subl(8) = krll; subr(8) = krlr; 692 subl(9) = krrl; subr(9) = krrr; 693 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 694 subl(18) = krll; subr(18) = krlr; 695 subl(19) = krrl; subr(19) = krrr; 696 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 697 subl(26) = krll; subr(26) = krlr; 698 subl(27) = krrl; subr(27) = krrr; 699 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 700 701 /* generate KA */ 702 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 703 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 704 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 705 w0, w1, il, ir, t0, t1); 706 krl ^= w0; krr ^= w1; 707 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 708 kll, klr, il, ir, t0, t1); 709 kll ^= krll; klr ^= krlr; 710 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 711 krl, krr, il, ir, t0, t1); 712 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 713 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 714 w0, w1, il, ir, t0, t1); 715 kll ^= w0; klr ^= w1; 716 717 /* generate KB */ 718 krll ^= kll; krlr ^= klr; 719 krrl ^= krl; krrr ^= krr; 720 CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 721 w0, w1, il, ir, t0, t1); 722 krrl ^= w0; krrr ^= w1; 723 CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 724 w0, w1, il, ir, t0, t1); 725 krll ^= w0; krlr ^= w1; 726 727 /* generate KA dependent subkeys */ 728 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 729 subl(6) = kll; subr(6) = klr; 730 subl(7) = krl; subr(7) = krr; 731 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 732 subl(14) = kll; subr(14) = klr; 733 subl(15) = krl; subr(15) = krr; 734 subl(24) = klr; subr(24) = krl; 735 subl(25) = krr; subr(25) = kll; 736 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 737 subl(28) = kll; subr(28) = klr; 738 subl(29) = krl; subr(29) = krr; 739 740 /* generate KB dependent subkeys */ 741 subl(2) = krll; subr(2) = krlr; 742 subl(3) = krrl; subr(3) = krrr; 743 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 744 subl(10) = krll; subr(10) = krlr; 745 subl(11) = krrl; subr(11) = krrr; 746 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 747 subl(20) = krll; subr(20) = krlr; 748 subl(21) = krrl; subr(21) = krrr; 749 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 750 subl(32) = krll; subr(32) = krlr; 751 subl(33) = krrl; subr(33) = krrr; 752 753 /* absorb kw2 to other subkeys */ 754 subl(3) ^= subl(1); subr(3) ^= subr(1); 755 subl(5) ^= subl(1); subr(5) ^= subr(1); 756 subl(7) ^= subl(1); subr(7) ^= subr(1); 757 subl(1) ^= subr(1) & ~subr(9); 758 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 759 subl(11) ^= subl(1); subr(11) ^= subr(1); 760 subl(13) ^= subl(1); subr(13) ^= subr(1); 761 subl(15) ^= subl(1); subr(15) ^= subr(1); 762 subl(1) ^= subr(1) & ~subr(17); 763 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 764 subl(19) ^= subl(1); subr(19) ^= subr(1); 765 subl(21) ^= subl(1); subr(21) ^= subr(1); 766 subl(23) ^= subl(1); subr(23) ^= subr(1); 767 subl(1) ^= subr(1) & ~subr(25); 768 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 769 subl(27) ^= subl(1); subr(27) ^= subr(1); 770 subl(29) ^= subl(1); subr(29) ^= subr(1); 771 subl(31) ^= subl(1); subr(31) ^= subr(1); 772 subl(32) ^= subl(1); subr(32) ^= subr(1); 773 774 775 /* absorb kw4 to other subkeys */ 776 kw4l = subl(33); kw4r = subr(33); 777 subl(30) ^= kw4l; subr(30) ^= kw4r; 778 subl(28) ^= kw4l; subr(28) ^= kw4r; 779 subl(26) ^= kw4l; subr(26) ^= kw4r; 780 kw4l ^= kw4r & ~subr(24); 781 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 782 subl(22) ^= kw4l; subr(22) ^= kw4r; 783 subl(20) ^= kw4l; subr(20) ^= kw4r; 784 subl(18) ^= kw4l; subr(18) ^= kw4r; 785 kw4l ^= kw4r & ~subr(16); 786 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 787 subl(14) ^= kw4l; subr(14) ^= kw4r; 788 subl(12) ^= kw4l; subr(12) ^= kw4r; 789 subl(10) ^= kw4l; subr(10) ^= kw4r; 790 kw4l ^= kw4r & ~subr(8); 791 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 792 subl(6) ^= kw4l; subr(6) ^= kw4r; 793 subl(4) ^= kw4l; subr(4) ^= kw4r; 794 subl(2) ^= kw4l; subr(2) ^= kw4r; 795 subl(0) ^= kw4l; subr(0) ^= kw4r; 796 797 /* key XOR is end of F-function */ 798 SUBL(0) = subl(0) ^ subl(2); 799 SUBR(0) = subr(0) ^ subr(2); 800 SUBL(2) = subl(3); 801 SUBR(2) = subr(3); 802 SUBL(3) = subl(2) ^ subl(4); 803 SUBR(3) = subr(2) ^ subr(4); 804 SUBL(4) = subl(3) ^ subl(5); 805 SUBR(4) = subr(3) ^ subr(5); 806 SUBL(5) = subl(4) ^ subl(6); 807 SUBR(5) = subr(4) ^ subr(6); 808 SUBL(6) = subl(5) ^ subl(7); 809 SUBR(6) = subr(5) ^ subr(7); 810 tl = subl(10) ^ (subr(10) & ~subr(8)); 811 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 812 SUBL(7) = subl(6) ^ tl; 813 SUBR(7) = subr(6) ^ tr; 814 SUBL(8) = subl(8); 815 SUBR(8) = subr(8); 816 SUBL(9) = subl(9); 817 SUBR(9) = subr(9); 818 tl = subl(7) ^ (subr(7) & ~subr(9)); 819 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 820 SUBL(10) = tl ^ subl(11); 821 SUBR(10) = tr ^ subr(11); 822 SUBL(11) = subl(10) ^ subl(12); 823 SUBR(11) = subr(10) ^ subr(12); 824 SUBL(12) = subl(11) ^ subl(13); 825 SUBR(12) = subr(11) ^ subr(13); 826 SUBL(13) = subl(12) ^ subl(14); 827 SUBR(13) = subr(12) ^ subr(14); 828 SUBL(14) = subl(13) ^ subl(15); 829 SUBR(14) = subr(13) ^ subr(15); 830 tl = subl(18) ^ (subr(18) & ~subr(16)); 831 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 832 SUBL(15) = subl(14) ^ tl; 833 SUBR(15) = subr(14) ^ tr; 834 SUBL(16) = subl(16); 835 SUBR(16) = subr(16); 836 SUBL(17) = subl(17); 837 SUBR(17) = subr(17); 838 tl = subl(15) ^ (subr(15) & ~subr(17)); 839 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 840 SUBL(18) = tl ^ subl(19); 841 SUBR(18) = tr ^ subr(19); 842 SUBL(19) = subl(18) ^ subl(20); 843 SUBR(19) = subr(18) ^ subr(20); 844 SUBL(20) = subl(19) ^ subl(21); 845 SUBR(20) = subr(19) ^ subr(21); 846 SUBL(21) = subl(20) ^ subl(22); 847 SUBR(21) = subr(20) ^ subr(22); 848 SUBL(22) = subl(21) ^ subl(23); 849 SUBR(22) = subr(21) ^ subr(23); 850 tl = subl(26) ^ (subr(26) & ~subr(24)); 851 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 852 SUBL(23) = subl(22) ^ tl; 853 SUBR(23) = subr(22) ^ tr; 854 SUBL(24) = subl(24); 855 SUBR(24) = subr(24); 856 SUBL(25) = subl(25); 857 SUBR(25) = subr(25); 858 tl = subl(23) ^ (subr(23) & ~subr(25)); 859 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 860 SUBL(26) = tl ^ subl(27); 861 SUBR(26) = tr ^ subr(27); 862 SUBL(27) = subl(26) ^ subl(28); 863 SUBR(27) = subr(26) ^ subr(28); 864 SUBL(28) = subl(27) ^ subl(29); 865 SUBR(28) = subr(27) ^ subr(29); 866 SUBL(29) = subl(28) ^ subl(30); 867 SUBR(29) = subr(28) ^ subr(30); 868 SUBL(30) = subl(29) ^ subl(31); 869 SUBR(30) = subr(29) ^ subr(31); 870 SUBL(31) = subl(30); 871 SUBR(31) = subr(30); 872 SUBL(32) = subl(32) ^ subl(31); 873 SUBR(32) = subr(32) ^ subr(31); 874 875 /* apply the inverse of the last half of P-function */ 876 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 877 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 878 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 879 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 880 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 881 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 882 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 883 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 884 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 885 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 886 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 887 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 888 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 889 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 890 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 891 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 892 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 893 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 894 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 895 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 896 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 897 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 898 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 899 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 900 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 901 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 902 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 903 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 904 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 905 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 906 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 907 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 908 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 909 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 910 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 911 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 912 dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw); 913 SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw; 914 dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw); 915 SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw; 916 dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw); 917 SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw; 918 dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw); 919 SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw; 920 dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw); 921 SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw; 922 dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw); 923 SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw; 924 } 925 926 void 927 camellia_setup192(const unsigned char *key, uint32_t *subkey) 928 { 929 unsigned char kk[32]; 930 uint32_t krll, krlr, krrl,krrr; 931 932 memcpy(kk, key, 24); 933 memcpy((unsigned char *)&krll, key+16,4); 934 memcpy((unsigned char *)&krlr, key+20,4); 935 krrl = ~krll; 936 krrr = ~krlr; 937 memcpy(kk+24, (unsigned char *)&krrl, 4); 938 memcpy(kk+28, (unsigned char *)&krrr, 4); 939 camellia_setup256(kk, subkey); 940 } 941 942 943 /** 944 * Stuff related to camellia encryption/decryption 945 */ 946 void 947 camellia_encrypt128(const uint32_t *subkey, uint32_t *io) 948 { 949 uint32_t il, ir, t0, t1; 950 951 /* pre whitening but absorb kw2*/ 952 io[0] ^= SUBL(0); 953 io[1] ^= SUBR(0); 954 /* main iteration */ 955 956 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 957 io[2],io[3],il,ir,t0,t1); 958 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 959 io[0],io[1],il,ir,t0,t1); 960 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 961 io[2],io[3],il,ir,t0,t1); 962 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 963 io[0],io[1],il,ir,t0,t1); 964 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 965 io[2],io[3],il,ir,t0,t1); 966 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 967 io[0],io[1],il,ir,t0,t1); 968 969 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 970 t0,t1,il,ir); 971 972 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 973 io[2],io[3],il,ir,t0,t1); 974 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 975 io[0],io[1],il,ir,t0,t1); 976 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 977 io[2],io[3],il,ir,t0,t1); 978 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 979 io[0],io[1],il,ir,t0,t1); 980 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 981 io[2],io[3],il,ir,t0,t1); 982 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 983 io[0],io[1],il,ir,t0,t1); 984 985 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17), 986 t0,t1,il,ir); 987 988 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 989 io[2],io[3],il,ir,t0,t1); 990 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 991 io[0],io[1],il,ir,t0,t1); 992 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 993 io[2],io[3],il,ir,t0,t1); 994 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 995 io[0],io[1],il,ir,t0,t1); 996 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 997 io[2],io[3],il,ir,t0,t1); 998 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 999 io[0],io[1],il,ir,t0,t1); 1000 1001 /* post whitening but kw4 */ 1002 io[2] ^= SUBL(24); 1003 io[3] ^= SUBR(24); 1004 1005 t0 = io[0]; 1006 t1 = io[1]; 1007 io[0] = io[2]; 1008 io[1] = io[3]; 1009 io[2] = t0; 1010 io[3] = t1; 1011 } 1012 1013 void 1014 camellia_decrypt128(const uint32_t *subkey, uint32_t *io) 1015 { 1016 uint32_t il,ir,t0,t1; /* temporary valiables */ 1017 1018 /* pre whitening but absorb kw2*/ 1019 io[0] ^= SUBL(24); 1020 io[1] ^= SUBR(24); 1021 1022 /* main iteration */ 1023 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1024 io[2],io[3],il,ir,t0,t1); 1025 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1026 io[0],io[1],il,ir,t0,t1); 1027 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1028 io[2],io[3],il,ir,t0,t1); 1029 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1030 io[0],io[1],il,ir,t0,t1); 1031 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1032 io[2],io[3],il,ir,t0,t1); 1033 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1034 io[0],io[1],il,ir,t0,t1); 1035 1036 CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16), 1037 t0,t1,il,ir); 1038 1039 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1040 io[2],io[3],il,ir,t0,t1); 1041 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1042 io[0],io[1],il,ir,t0,t1); 1043 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1044 io[2],io[3],il,ir,t0,t1); 1045 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1046 io[0],io[1],il,ir,t0,t1); 1047 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1048 io[2],io[3],il,ir,t0,t1); 1049 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1050 io[0],io[1],il,ir,t0,t1); 1051 1052 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1053 t0,t1,il,ir); 1054 1055 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1056 io[2],io[3],il,ir,t0,t1); 1057 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1058 io[0],io[1],il,ir,t0,t1); 1059 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1060 io[2],io[3],il,ir,t0,t1); 1061 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1062 io[0],io[1],il,ir,t0,t1); 1063 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1064 io[2],io[3],il,ir,t0,t1); 1065 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1066 io[0],io[1],il,ir,t0,t1); 1067 1068 /* post whitening but kw4 */ 1069 io[2] ^= SUBL(0); 1070 io[3] ^= SUBR(0); 1071 1072 t0 = io[0]; 1073 t1 = io[1]; 1074 io[0] = io[2]; 1075 io[1] = io[3]; 1076 io[2] = t0; 1077 io[3] = t1; 1078 } 1079 1080 /** 1081 * stuff for 192 and 256bit encryption/decryption 1082 */ 1083 void 1084 camellia_encrypt256(const uint32_t *subkey, uint32_t *io) 1085 { 1086 uint32_t il,ir,t0,t1; /* temporary valiables */ 1087 1088 /* pre whitening but absorb kw2*/ 1089 io[0] ^= SUBL(0); 1090 io[1] ^= SUBR(0); 1091 1092 /* main iteration */ 1093 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 1094 io[2],io[3],il,ir,t0,t1); 1095 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 1096 io[0],io[1],il,ir,t0,t1); 1097 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 1098 io[2],io[3],il,ir,t0,t1); 1099 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 1100 io[0],io[1],il,ir,t0,t1); 1101 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 1102 io[2],io[3],il,ir,t0,t1); 1103 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 1104 io[0],io[1],il,ir,t0,t1); 1105 1106 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 1107 t0,t1,il,ir); 1108 1109 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 1110 io[2],io[3],il,ir,t0,t1); 1111 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 1112 io[0],io[1],il,ir,t0,t1); 1113 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 1114 io[2],io[3],il,ir,t0,t1); 1115 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 1116 io[0],io[1],il,ir,t0,t1); 1117 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 1118 io[2],io[3],il,ir,t0,t1); 1119 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 1120 io[0],io[1],il,ir,t0,t1); 1121 1122 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17), 1123 t0,t1,il,ir); 1124 1125 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 1126 io[2],io[3],il,ir,t0,t1); 1127 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 1128 io[0],io[1],il,ir,t0,t1); 1129 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 1130 io[2],io[3],il,ir,t0,t1); 1131 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 1132 io[0],io[1],il,ir,t0,t1); 1133 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 1134 io[2],io[3],il,ir,t0,t1); 1135 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 1136 io[0],io[1],il,ir,t0,t1); 1137 1138 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25), 1139 t0,t1,il,ir); 1140 1141 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26), 1142 io[2],io[3],il,ir,t0,t1); 1143 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27), 1144 io[0],io[1],il,ir,t0,t1); 1145 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28), 1146 io[2],io[3],il,ir,t0,t1); 1147 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29), 1148 io[0],io[1],il,ir,t0,t1); 1149 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30), 1150 io[2],io[3],il,ir,t0,t1); 1151 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31), 1152 io[0],io[1],il,ir,t0,t1); 1153 1154 /* post whitening but kw4 */ 1155 io[2] ^= SUBL(32); 1156 io[3] ^= SUBR(32); 1157 1158 t0 = io[0]; 1159 t1 = io[1]; 1160 io[0] = io[2]; 1161 io[1] = io[3]; 1162 io[2] = t0; 1163 io[3] = t1; 1164 } 1165 1166 void 1167 camellia_decrypt256(const uint32_t *subkey, uint32_t *io) 1168 { 1169 uint32_t il,ir,t0,t1; /* temporary valiables */ 1170 1171 /* pre whitening but absorb kw2*/ 1172 io[0] ^= SUBL(32); 1173 io[1] ^= SUBR(32); 1174 1175 /* main iteration */ 1176 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31), 1177 io[2],io[3],il,ir,t0,t1); 1178 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30), 1179 io[0],io[1],il,ir,t0,t1); 1180 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29), 1181 io[2],io[3],il,ir,t0,t1); 1182 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28), 1183 io[0],io[1],il,ir,t0,t1); 1184 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27), 1185 io[2],io[3],il,ir,t0,t1); 1186 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26), 1187 io[0],io[1],il,ir,t0,t1); 1188 1189 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24), 1190 t0,t1,il,ir); 1191 1192 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1193 io[2],io[3],il,ir,t0,t1); 1194 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1195 io[0],io[1],il,ir,t0,t1); 1196 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1197 io[2],io[3],il,ir,t0,t1); 1198 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1199 io[0],io[1],il,ir,t0,t1); 1200 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1201 io[2],io[3],il,ir,t0,t1); 1202 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1203 io[0],io[1],il,ir,t0,t1); 1204 1205 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16), 1206 t0,t1,il,ir); 1207 1208 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1209 io[2],io[3],il,ir,t0,t1); 1210 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1211 io[0],io[1],il,ir,t0,t1); 1212 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1213 io[2],io[3],il,ir,t0,t1); 1214 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1215 io[0],io[1],il,ir,t0,t1); 1216 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1217 io[2],io[3],il,ir,t0,t1); 1218 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1219 io[0],io[1],il,ir,t0,t1); 1220 1221 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1222 t0,t1,il,ir); 1223 1224 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1225 io[2],io[3],il,ir,t0,t1); 1226 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1227 io[0],io[1],il,ir,t0,t1); 1228 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1229 io[2],io[3],il,ir,t0,t1); 1230 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1231 io[0],io[1],il,ir,t0,t1); 1232 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1233 io[2],io[3],il,ir,t0,t1); 1234 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1235 io[0],io[1],il,ir,t0,t1); 1236 1237 /* post whitening but kw4 */ 1238 io[2] ^= SUBL(0); 1239 io[3] ^= SUBR(0); 1240 1241 t0 = io[0]; 1242 t1 = io[1]; 1243 io[0] = io[2]; 1244 io[1] = io[3]; 1245 io[2] = t0; 1246 io[3] = t1; 1247 } 1248 1249 void 1250 Camellia_Ekeygen(const int keyBitLength, 1251 const unsigned char *rawKey, 1252 uint32_t *subkey) 1253 { 1254 KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256, 1255 ("Invalid key size (%d).", keyBitLength)); 1256 1257 switch(keyBitLength) { 1258 case 128: 1259 camellia_setup128(rawKey, subkey); 1260 break; 1261 case 192: 1262 camellia_setup192(rawKey, subkey); 1263 break; 1264 case 256: 1265 camellia_setup256(rawKey, subkey); 1266 break; 1267 default: 1268 break; 1269 } 1270 } 1271 void 1272 Camellia_EncryptBlock(const int keyBitLength, 1273 const unsigned char *plaintext, 1274 const uint32_t *subkey, 1275 unsigned char *ciphertext) 1276 { 1277 uint32_t tmp[4]; 1278 1279 tmp[0] = GETU32(plaintext); 1280 tmp[1] = GETU32(plaintext + 4); 1281 tmp[2] = GETU32(plaintext + 8); 1282 tmp[3] = GETU32(plaintext + 12); 1283 1284 switch (keyBitLength) { 1285 case 128: 1286 camellia_encrypt128(subkey, tmp); 1287 break; 1288 case 192: 1289 /* fall through */ 1290 case 256: 1291 camellia_encrypt256(subkey, tmp); 1292 break; 1293 default: 1294 break; 1295 } 1296 1297 PUTU32(ciphertext, tmp[0]); 1298 PUTU32(ciphertext+4, tmp[1]); 1299 PUTU32(ciphertext+8, tmp[2]); 1300 PUTU32(ciphertext+12, tmp[3]); 1301 } 1302 1303 void 1304 Camellia_DecryptBlock(const int keyBitLength, 1305 const unsigned char *ciphertext, 1306 const uint32_t *subkey, 1307 unsigned char *plaintext) 1308 { 1309 uint32_t tmp[4]; 1310 1311 tmp[0] = GETU32(ciphertext); 1312 tmp[1] = GETU32(ciphertext + 4); 1313 tmp[2] = GETU32(ciphertext + 8); 1314 tmp[3] = GETU32(ciphertext + 12); 1315 1316 switch (keyBitLength) { 1317 case 128: 1318 camellia_decrypt128(subkey, tmp); 1319 break; 1320 case 192: 1321 /* fall through */ 1322 case 256: 1323 camellia_decrypt256(subkey, tmp); 1324 break; 1325 default: 1326 break; 1327 } 1328 1329 PUTU32(plaintext, tmp[0]); 1330 PUTU32(plaintext+4, tmp[1]); 1331 PUTU32(plaintext+8, tmp[2]); 1332 PUTU32(plaintext+12, tmp[3]); 1333 } 1334