1 /* camellia.h ver 1.1.0 2 * 3 * Copyright (c) 2006 4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer as 11 * the first lines of this file unmodified. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 /* 29 * Algorithm Specification 30 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 31 */ 32 33 #include <sys/cdefs.h> 34 #include <sys/types.h> 35 #include <sys/endian.h> 36 #ifdef _KERNEL 37 #include <sys/systm.h> 38 #else 39 #include <string.h> 40 #include <assert.h> 41 #define KASSERT(exp, msg) assert(exp) 42 #endif 43 44 #include <crypto/camellia/camellia.h> 45 46 47 /* key constants */ 48 49 #define CAMELLIA_SIGMA1L (0xA09E667FL) 50 #define CAMELLIA_SIGMA1R (0x3BCC908BL) 51 #define CAMELLIA_SIGMA2L (0xB67AE858L) 52 #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 53 #define CAMELLIA_SIGMA3L (0xC6EF372FL) 54 #define CAMELLIA_SIGMA3R (0xE94F82BEL) 55 #define CAMELLIA_SIGMA4L (0x54FF53A5L) 56 #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 57 #define CAMELLIA_SIGMA5L (0x10E527FAL) 58 #define CAMELLIA_SIGMA5R (0xDE682D1DL) 59 #define CAMELLIA_SIGMA6L (0xB05688C2L) 60 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 61 62 /* 63 * macros 64 */ 65 #define GETU32(pt) (((uint32_t)(pt)[0] << 24) \ 66 ^ ((uint32_t)(pt)[1] << 16) \ 67 ^ ((uint32_t)(pt)[2] << 8) \ 68 ^ ((uint32_t)(pt)[3])) 69 70 #define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24); \ 71 (ct)[1] = (uint8_t)((st) >> 16); \ 72 (ct)[2] = (uint8_t)((st) >> 8); \ 73 (ct)[3] = (uint8_t)(st);} 74 75 #define SUBL(INDEX) (subkey[(INDEX)*2+1]) 76 #define SUBR(INDEX) (subkey[(INDEX)*2]) 77 78 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 79 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 80 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 81 82 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 83 do { \ 84 w0 = ll; \ 85 ll = (ll << bits) + (lr >> (32 - bits)); \ 86 lr = (lr << bits) + (rl >> (32 - bits)); \ 87 rl = (rl << bits) + (rr >> (32 - bits)); \ 88 rr = (rr << bits) + (w0 >> (32 - bits)); \ 89 } while(0) 90 91 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 92 do { \ 93 w0 = ll; \ 94 w1 = lr; \ 95 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 96 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 97 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 98 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 99 } while(0) 100 101 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 102 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 103 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 104 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 105 106 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 107 do { \ 108 il = xl ^ kl; \ 109 ir = xr ^ kr; \ 110 t0 = il >> 16; \ 111 t1 = ir >> 16; \ 112 yl = CAMELLIA_SP1110(ir & 0xff) \ 113 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 114 ^ CAMELLIA_SP3033(t1 & 0xff) \ 115 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 116 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 117 ^ CAMELLIA_SP0222(t0 & 0xff) \ 118 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 119 ^ CAMELLIA_SP4404(il & 0xff); \ 120 yl ^= yr; \ 121 yr = CAMELLIA_RR8(yr); \ 122 yr ^= yl; \ 123 } while(0) 124 125 126 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 127 do { \ 128 t0 = kll; \ 129 t2 = krr; \ 130 t0 &= ll; \ 131 t2 |= rr; \ 132 rl ^= t2; \ 133 lr ^= CAMELLIA_RL1(t0); \ 134 t3 = krl; \ 135 t1 = klr; \ 136 t3 &= rl; \ 137 t1 |= lr; \ 138 ll ^= t1; \ 139 rr ^= CAMELLIA_RL1(t3); \ 140 } while(0) 141 142 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 143 do { \ 144 ir = CAMELLIA_SP1110(xr & 0xff); \ 145 il = CAMELLIA_SP1110((xl>>24) & 0xff); \ 146 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ 147 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ 148 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ 149 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ 150 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ 151 il ^= CAMELLIA_SP4404(xl & 0xff); \ 152 il ^= kl; \ 153 ir ^= kr; \ 154 ir ^= il; \ 155 il = CAMELLIA_RR8(il); \ 156 il ^= ir; \ 157 yl ^= ir; \ 158 yr ^= il; \ 159 } while(0) 160 161 162 static const uint32_t camellia_sp1110[256] = { 163 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 164 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 165 0xe4e4e400,0x85858500,0x57575700,0x35353500, 166 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 167 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 168 0x45454500,0x19191900,0xa5a5a500,0x21212100, 169 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 170 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 171 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 172 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 173 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 174 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 175 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 176 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 177 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 178 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 179 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 180 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 181 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 182 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 183 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 184 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 185 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 186 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 187 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 188 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 189 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 190 0x53535300,0x18181800,0xf2f2f200,0x22222200, 191 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 192 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 193 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 194 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 195 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 196 0xa1a1a100,0x89898900,0x62626200,0x97979700, 197 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 198 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 199 0x10101000,0xc4c4c400,0x00000000,0x48484800, 200 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 201 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 202 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 203 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 204 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 205 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 206 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 207 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 208 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 209 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 210 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 211 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 212 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 213 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 214 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 215 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 216 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 217 0xd4d4d400,0x25252500,0xababab00,0x42424200, 218 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 219 0x72727200,0x07070700,0xb9b9b900,0x55555500, 220 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 221 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 222 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 223 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 224 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 225 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 226 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 227 }; 228 229 static const uint32_t camellia_sp0222[256] = { 230 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 231 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 232 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 233 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 234 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 235 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 236 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 237 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 238 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 239 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 240 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 241 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 242 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 243 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 244 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 245 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 246 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 247 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 248 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 249 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 250 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 251 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 252 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 253 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 254 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 255 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 256 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 257 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 258 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 259 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 260 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 261 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 262 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 263 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 264 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 265 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 266 0x00202020,0x00898989,0x00000000,0x00909090, 267 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 268 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 269 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 270 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 271 0x009b9b9b,0x00949494,0x00212121,0x00666666, 272 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 273 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 274 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 275 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 276 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 277 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 278 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 279 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 280 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 281 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 282 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 283 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 284 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 285 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 286 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 287 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 288 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 289 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 290 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 291 0x00777777,0x00939393,0x00868686,0x00838383, 292 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 293 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 294 }; 295 296 static const uint32_t camellia_sp3033[256] = { 297 0x38003838,0x41004141,0x16001616,0x76007676, 298 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 299 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 300 0x75007575,0x06000606,0x57005757,0xa000a0a0, 301 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 302 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 303 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 304 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 305 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 306 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 307 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 308 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 309 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 310 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 311 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 312 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 313 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 314 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 315 0x3a003a3a,0x09000909,0x95009595,0x10001010, 316 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 317 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 318 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 319 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 320 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 321 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 322 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 323 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 324 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 325 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 326 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 327 0x12001212,0x04000404,0x74007474,0x54005454, 328 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 329 0x55005555,0x68006868,0x50005050,0xbe00bebe, 330 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 331 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 332 0x70007070,0xff00ffff,0x32003232,0x69006969, 333 0x08000808,0x62006262,0x00000000,0x24002424, 334 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 335 0x45004545,0x81008181,0x73007373,0x6d006d6d, 336 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 337 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 338 0xe600e6e6,0x25002525,0x48004848,0x99009999, 339 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 340 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 341 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 342 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 343 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 344 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 345 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 346 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 347 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 348 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 349 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 350 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 351 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 352 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 353 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 354 0x7c007c7c,0x77007777,0x56005656,0x05000505, 355 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 356 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 357 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 358 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 359 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 360 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 361 }; 362 363 static const uint32_t camellia_sp4404[256] = { 364 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 365 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 366 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 367 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 368 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 369 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 370 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 371 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 372 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 373 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 374 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 375 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 376 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 377 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 378 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 379 0x24240024,0xe8e800e8,0x60600060,0x69690069, 380 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 381 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 382 0x10100010,0x00000000,0xa3a300a3,0x75750075, 383 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 384 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 385 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 386 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 387 0x81810081,0x6f6f006f,0x13130013,0x63630063, 388 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 389 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 390 0x78780078,0x06060006,0xe7e700e7,0x71710071, 391 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 392 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 393 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 394 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 395 0x15150015,0xadad00ad,0x77770077,0x80800080, 396 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 397 0x85850085,0x35350035,0x0c0c000c,0x41410041, 398 0xefef00ef,0x93930093,0x19190019,0x21210021, 399 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 400 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 401 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 402 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 403 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 404 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 405 0x12120012,0x20200020,0xb1b100b1,0x99990099, 406 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 407 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 408 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 409 0x0f0f000f,0x16160016,0x18180018,0x22220022, 410 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 411 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 412 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 413 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 414 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 415 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 416 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 417 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 418 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 419 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 420 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 421 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 422 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 423 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 424 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 425 0x49490049,0x68680068,0x38380038,0xa4a400a4, 426 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 427 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 428 }; 429 430 431 /* 432 * Stuff related to the Camellia key schedule 433 */ 434 #define subl(x) subL[(x)] 435 #define subr(x) subR[(x)] 436 437 void 438 camellia_setup128(const unsigned char *key, uint32_t *subkey) 439 { 440 uint32_t kll, klr, krl, krr; 441 uint32_t il, ir, t0, t1, w0, w1; 442 uint32_t kw4l, kw4r, dw, tl, tr; 443 uint32_t subL[26]; 444 uint32_t subR[26]; 445 446 /* 447 * k == kll || klr || krl || krr (|| is concatination) 448 */ 449 kll = GETU32(key ); 450 klr = GETU32(key + 4); 451 krl = GETU32(key + 8); 452 krr = GETU32(key + 12); 453 /* 454 * generate KL dependent subkeys 455 */ 456 subl(0) = kll; subr(0) = klr; 457 subl(1) = krl; subr(1) = krr; 458 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 459 subl(4) = kll; subr(4) = klr; 460 subl(5) = krl; subr(5) = krr; 461 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 462 subl(10) = kll; subr(10) = klr; 463 subl(11) = krl; subr(11) = krr; 464 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 465 subl(13) = krl; subr(13) = krr; 466 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 467 subl(16) = kll; subr(16) = klr; 468 subl(17) = krl; subr(17) = krr; 469 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 470 subl(18) = kll; subr(18) = klr; 471 subl(19) = krl; subr(19) = krr; 472 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 473 subl(22) = kll; subr(22) = klr; 474 subl(23) = krl; subr(23) = krr; 475 476 /* generate KA */ 477 kll = subl(0); klr = subr(0); 478 krl = subl(1); krr = subr(1); 479 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 480 w0, w1, il, ir, t0, t1); 481 krl ^= w0; krr ^= w1; 482 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 483 kll, klr, il, ir, t0, t1); 484 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 485 krl, krr, il, ir, t0, t1); 486 krl ^= w0; krr ^= w1; 487 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 488 w0, w1, il, ir, t0, t1); 489 kll ^= w0; klr ^= w1; 490 491 /* generate KA dependent subkeys */ 492 subl(2) = kll; subr(2) = klr; 493 subl(3) = krl; subr(3) = krr; 494 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 495 subl(6) = kll; subr(6) = klr; 496 subl(7) = krl; subr(7) = krr; 497 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 498 subl(8) = kll; subr(8) = klr; 499 subl(9) = krl; subr(9) = krr; 500 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 501 subl(12) = kll; subr(12) = klr; 502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 503 subl(14) = kll; subr(14) = klr; 504 subl(15) = krl; subr(15) = krr; 505 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 506 subl(20) = kll; subr(20) = klr; 507 subl(21) = krl; subr(21) = krr; 508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 509 subl(24) = kll; subr(24) = klr; 510 subl(25) = krl; subr(25) = krr; 511 512 513 /* absorb kw2 to other subkeys */ 514 subl(3) ^= subl(1); subr(3) ^= subr(1); 515 subl(5) ^= subl(1); subr(5) ^= subr(1); 516 subl(7) ^= subl(1); subr(7) ^= subr(1); 517 subl(1) ^= subr(1) & ~subr(9); 518 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 519 subl(11) ^= subl(1); subr(11) ^= subr(1); 520 subl(13) ^= subl(1); subr(13) ^= subr(1); 521 subl(15) ^= subl(1); subr(15) ^= subr(1); 522 subl(1) ^= subr(1) & ~subr(17); 523 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 524 subl(19) ^= subl(1); subr(19) ^= subr(1); 525 subl(21) ^= subl(1); subr(21) ^= subr(1); 526 subl(23) ^= subl(1); subr(23) ^= subr(1); 527 subl(24) ^= subl(1); subr(24) ^= subr(1); 528 529 /* absorb kw4 to other subkeys */ 530 kw4l = subl(25); kw4r = subr(25); 531 subl(22) ^= kw4l; subr(22) ^= kw4r; 532 subl(20) ^= kw4l; subr(20) ^= kw4r; 533 subl(18) ^= kw4l; subr(18) ^= kw4r; 534 kw4l ^= kw4r & ~subr(16); 535 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 536 subl(14) ^= kw4l; subr(14) ^= kw4r; 537 subl(12) ^= kw4l; subr(12) ^= kw4r; 538 subl(10) ^= kw4l; subr(10) ^= kw4r; 539 kw4l ^= kw4r & ~subr(8); 540 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 541 subl(6) ^= kw4l; subr(6) ^= kw4r; 542 subl(4) ^= kw4l; subr(4) ^= kw4r; 543 subl(2) ^= kw4l; subr(2) ^= kw4r; 544 subl(0) ^= kw4l; subr(0) ^= kw4r; 545 546 /* key XOR is end of F-function */ 547 SUBL(0) = subl(0) ^ subl(2); 548 SUBR(0) = subr(0) ^ subr(2); 549 SUBL(2) = subl(3); 550 SUBR(2) = subr(3); 551 SUBL(3) = subl(2) ^ subl(4); 552 SUBR(3) = subr(2) ^ subr(4); 553 SUBL(4) = subl(3) ^ subl(5); 554 SUBR(4) = subr(3) ^ subr(5); 555 SUBL(5) = subl(4) ^ subl(6); 556 SUBR(5) = subr(4) ^ subr(6); 557 SUBL(6) = subl(5) ^ subl(7); 558 SUBR(6) = subr(5) ^ subr(7); 559 tl = subl(10) ^ (subr(10) & ~subr(8)); 560 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 561 SUBL(7) = subl(6) ^ tl; 562 SUBR(7) = subr(6) ^ tr; 563 SUBL(8) = subl(8); 564 SUBR(8) = subr(8); 565 SUBL(9) = subl(9); 566 SUBR(9) = subr(9); 567 tl = subl(7) ^ (subr(7) & ~subr(9)); 568 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 569 SUBL(10) = tl ^ subl(11); 570 SUBR(10) = tr ^ subr(11); 571 SUBL(11) = subl(10) ^ subl(12); 572 SUBR(11) = subr(10) ^ subr(12); 573 SUBL(12) = subl(11) ^ subl(13); 574 SUBR(12) = subr(11) ^ subr(13); 575 SUBL(13) = subl(12) ^ subl(14); 576 SUBR(13) = subr(12) ^ subr(14); 577 SUBL(14) = subl(13) ^ subl(15); 578 SUBR(14) = subr(13) ^ subr(15); 579 tl = subl(18) ^ (subr(18) & ~subr(16)); 580 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 581 SUBL(15) = subl(14) ^ tl; 582 SUBR(15) = subr(14) ^ tr; 583 SUBL(16) = subl(16); 584 SUBR(16) = subr(16); 585 SUBL(17) = subl(17); 586 SUBR(17) = subr(17); 587 tl = subl(15) ^ (subr(15) & ~subr(17)); 588 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 589 SUBL(18) = tl ^ subl(19); 590 SUBR(18) = tr ^ subr(19); 591 SUBL(19) = subl(18) ^ subl(20); 592 SUBR(19) = subr(18) ^ subr(20); 593 SUBL(20) = subl(19) ^ subl(21); 594 SUBR(20) = subr(19) ^ subr(21); 595 SUBL(21) = subl(20) ^ subl(22); 596 SUBR(21) = subr(20) ^ subr(22); 597 SUBL(22) = subl(21) ^ subl(23); 598 SUBR(22) = subr(21) ^ subr(23); 599 SUBL(23) = subl(22); 600 SUBR(23) = subr(22); 601 SUBL(24) = subl(24) ^ subl(23); 602 SUBR(24) = subr(24) ^ subr(23); 603 604 /* apply the inverse of the last half of P-function */ 605 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 606 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 607 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 608 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 609 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 610 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 611 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 612 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 613 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 614 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 615 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 616 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 617 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 618 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 619 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 620 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 621 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 622 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 623 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 624 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 625 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 626 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 627 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 628 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 629 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 630 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 631 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 632 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 633 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 634 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 635 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 636 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 637 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 638 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 639 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 640 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 641 } 642 643 void 644 camellia_setup256(const unsigned char *key, uint32_t *subkey) 645 { 646 uint32_t kll,klr,krl,krr; /* left half of key */ 647 uint32_t krll,krlr,krrl,krrr; /* right half of key */ 648 uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */ 649 uint32_t kw4l, kw4r, dw, tl, tr; 650 uint32_t subL[34]; 651 uint32_t subR[34]; 652 653 /* 654 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 655 * (|| is concatination) 656 */ 657 658 kll = GETU32(key ); 659 klr = GETU32(key + 4); 660 krl = GETU32(key + 8); 661 krr = GETU32(key + 12); 662 krll = GETU32(key + 16); 663 krlr = GETU32(key + 20); 664 krrl = GETU32(key + 24); 665 krrr = GETU32(key + 28); 666 667 /* generate KL dependent subkeys */ 668 subl(0) = kll; subr(0) = klr; 669 subl(1) = krl; subr(1) = krr; 670 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 671 subl(12) = kll; subr(12) = klr; 672 subl(13) = krl; subr(13) = krr; 673 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 674 subl(16) = kll; subr(16) = klr; 675 subl(17) = krl; subr(17) = krr; 676 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 677 subl(22) = kll; subr(22) = klr; 678 subl(23) = krl; subr(23) = krr; 679 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 680 subl(30) = kll; subr(30) = klr; 681 subl(31) = krl; subr(31) = krr; 682 683 /* generate KR dependent subkeys */ 684 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 685 subl(4) = krll; subr(4) = krlr; 686 subl(5) = krrl; subr(5) = krrr; 687 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 688 subl(8) = krll; subr(8) = krlr; 689 subl(9) = krrl; subr(9) = krrr; 690 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 691 subl(18) = krll; subr(18) = krlr; 692 subl(19) = krrl; subr(19) = krrr; 693 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 694 subl(26) = krll; subr(26) = krlr; 695 subl(27) = krrl; subr(27) = krrr; 696 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 697 698 /* generate KA */ 699 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 700 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 701 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 702 w0, w1, il, ir, t0, t1); 703 krl ^= w0; krr ^= w1; 704 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 705 kll, klr, il, ir, t0, t1); 706 kll ^= krll; klr ^= krlr; 707 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 708 krl, krr, il, ir, t0, t1); 709 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 710 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 711 w0, w1, il, ir, t0, t1); 712 kll ^= w0; klr ^= w1; 713 714 /* generate KB */ 715 krll ^= kll; krlr ^= klr; 716 krrl ^= krl; krrr ^= krr; 717 CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 718 w0, w1, il, ir, t0, t1); 719 krrl ^= w0; krrr ^= w1; 720 CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 721 w0, w1, il, ir, t0, t1); 722 krll ^= w0; krlr ^= w1; 723 724 /* generate KA dependent subkeys */ 725 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 726 subl(6) = kll; subr(6) = klr; 727 subl(7) = krl; subr(7) = krr; 728 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 729 subl(14) = kll; subr(14) = klr; 730 subl(15) = krl; subr(15) = krr; 731 subl(24) = klr; subr(24) = krl; 732 subl(25) = krr; subr(25) = kll; 733 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 734 subl(28) = kll; subr(28) = klr; 735 subl(29) = krl; subr(29) = krr; 736 737 /* generate KB dependent subkeys */ 738 subl(2) = krll; subr(2) = krlr; 739 subl(3) = krrl; subr(3) = krrr; 740 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 741 subl(10) = krll; subr(10) = krlr; 742 subl(11) = krrl; subr(11) = krrr; 743 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 744 subl(20) = krll; subr(20) = krlr; 745 subl(21) = krrl; subr(21) = krrr; 746 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 747 subl(32) = krll; subr(32) = krlr; 748 subl(33) = krrl; subr(33) = krrr; 749 750 /* absorb kw2 to other subkeys */ 751 subl(3) ^= subl(1); subr(3) ^= subr(1); 752 subl(5) ^= subl(1); subr(5) ^= subr(1); 753 subl(7) ^= subl(1); subr(7) ^= subr(1); 754 subl(1) ^= subr(1) & ~subr(9); 755 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 756 subl(11) ^= subl(1); subr(11) ^= subr(1); 757 subl(13) ^= subl(1); subr(13) ^= subr(1); 758 subl(15) ^= subl(1); subr(15) ^= subr(1); 759 subl(1) ^= subr(1) & ~subr(17); 760 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 761 subl(19) ^= subl(1); subr(19) ^= subr(1); 762 subl(21) ^= subl(1); subr(21) ^= subr(1); 763 subl(23) ^= subl(1); subr(23) ^= subr(1); 764 subl(1) ^= subr(1) & ~subr(25); 765 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 766 subl(27) ^= subl(1); subr(27) ^= subr(1); 767 subl(29) ^= subl(1); subr(29) ^= subr(1); 768 subl(31) ^= subl(1); subr(31) ^= subr(1); 769 subl(32) ^= subl(1); subr(32) ^= subr(1); 770 771 772 /* absorb kw4 to other subkeys */ 773 kw4l = subl(33); kw4r = subr(33); 774 subl(30) ^= kw4l; subr(30) ^= kw4r; 775 subl(28) ^= kw4l; subr(28) ^= kw4r; 776 subl(26) ^= kw4l; subr(26) ^= kw4r; 777 kw4l ^= kw4r & ~subr(24); 778 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 779 subl(22) ^= kw4l; subr(22) ^= kw4r; 780 subl(20) ^= kw4l; subr(20) ^= kw4r; 781 subl(18) ^= kw4l; subr(18) ^= kw4r; 782 kw4l ^= kw4r & ~subr(16); 783 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 784 subl(14) ^= kw4l; subr(14) ^= kw4r; 785 subl(12) ^= kw4l; subr(12) ^= kw4r; 786 subl(10) ^= kw4l; subr(10) ^= kw4r; 787 kw4l ^= kw4r & ~subr(8); 788 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 789 subl(6) ^= kw4l; subr(6) ^= kw4r; 790 subl(4) ^= kw4l; subr(4) ^= kw4r; 791 subl(2) ^= kw4l; subr(2) ^= kw4r; 792 subl(0) ^= kw4l; subr(0) ^= kw4r; 793 794 /* key XOR is end of F-function */ 795 SUBL(0) = subl(0) ^ subl(2); 796 SUBR(0) = subr(0) ^ subr(2); 797 SUBL(2) = subl(3); 798 SUBR(2) = subr(3); 799 SUBL(3) = subl(2) ^ subl(4); 800 SUBR(3) = subr(2) ^ subr(4); 801 SUBL(4) = subl(3) ^ subl(5); 802 SUBR(4) = subr(3) ^ subr(5); 803 SUBL(5) = subl(4) ^ subl(6); 804 SUBR(5) = subr(4) ^ subr(6); 805 SUBL(6) = subl(5) ^ subl(7); 806 SUBR(6) = subr(5) ^ subr(7); 807 tl = subl(10) ^ (subr(10) & ~subr(8)); 808 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 809 SUBL(7) = subl(6) ^ tl; 810 SUBR(7) = subr(6) ^ tr; 811 SUBL(8) = subl(8); 812 SUBR(8) = subr(8); 813 SUBL(9) = subl(9); 814 SUBR(9) = subr(9); 815 tl = subl(7) ^ (subr(7) & ~subr(9)); 816 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 817 SUBL(10) = tl ^ subl(11); 818 SUBR(10) = tr ^ subr(11); 819 SUBL(11) = subl(10) ^ subl(12); 820 SUBR(11) = subr(10) ^ subr(12); 821 SUBL(12) = subl(11) ^ subl(13); 822 SUBR(12) = subr(11) ^ subr(13); 823 SUBL(13) = subl(12) ^ subl(14); 824 SUBR(13) = subr(12) ^ subr(14); 825 SUBL(14) = subl(13) ^ subl(15); 826 SUBR(14) = subr(13) ^ subr(15); 827 tl = subl(18) ^ (subr(18) & ~subr(16)); 828 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 829 SUBL(15) = subl(14) ^ tl; 830 SUBR(15) = subr(14) ^ tr; 831 SUBL(16) = subl(16); 832 SUBR(16) = subr(16); 833 SUBL(17) = subl(17); 834 SUBR(17) = subr(17); 835 tl = subl(15) ^ (subr(15) & ~subr(17)); 836 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 837 SUBL(18) = tl ^ subl(19); 838 SUBR(18) = tr ^ subr(19); 839 SUBL(19) = subl(18) ^ subl(20); 840 SUBR(19) = subr(18) ^ subr(20); 841 SUBL(20) = subl(19) ^ subl(21); 842 SUBR(20) = subr(19) ^ subr(21); 843 SUBL(21) = subl(20) ^ subl(22); 844 SUBR(21) = subr(20) ^ subr(22); 845 SUBL(22) = subl(21) ^ subl(23); 846 SUBR(22) = subr(21) ^ subr(23); 847 tl = subl(26) ^ (subr(26) & ~subr(24)); 848 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 849 SUBL(23) = subl(22) ^ tl; 850 SUBR(23) = subr(22) ^ tr; 851 SUBL(24) = subl(24); 852 SUBR(24) = subr(24); 853 SUBL(25) = subl(25); 854 SUBR(25) = subr(25); 855 tl = subl(23) ^ (subr(23) & ~subr(25)); 856 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 857 SUBL(26) = tl ^ subl(27); 858 SUBR(26) = tr ^ subr(27); 859 SUBL(27) = subl(26) ^ subl(28); 860 SUBR(27) = subr(26) ^ subr(28); 861 SUBL(28) = subl(27) ^ subl(29); 862 SUBR(28) = subr(27) ^ subr(29); 863 SUBL(29) = subl(28) ^ subl(30); 864 SUBR(29) = subr(28) ^ subr(30); 865 SUBL(30) = subl(29) ^ subl(31); 866 SUBR(30) = subr(29) ^ subr(31); 867 SUBL(31) = subl(30); 868 SUBR(31) = subr(30); 869 SUBL(32) = subl(32) ^ subl(31); 870 SUBR(32) = subr(32) ^ subr(31); 871 872 /* apply the inverse of the last half of P-function */ 873 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 874 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 875 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 876 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 877 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 878 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 879 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 880 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 881 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 882 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 883 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 884 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 885 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 886 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 887 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 888 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 889 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 890 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 891 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 892 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 893 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 894 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 895 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 896 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 897 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 898 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 899 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 900 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 901 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 902 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 903 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 904 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 905 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 906 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 907 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 908 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 909 dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw); 910 SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw; 911 dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw); 912 SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw; 913 dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw); 914 SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw; 915 dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw); 916 SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw; 917 dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw); 918 SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw; 919 dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw); 920 SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw; 921 } 922 923 void 924 camellia_setup192(const unsigned char *key, uint32_t *subkey) 925 { 926 unsigned char kk[32]; 927 uint32_t krll, krlr, krrl,krrr; 928 929 memcpy(kk, key, 24); 930 memcpy((unsigned char *)&krll, key+16,4); 931 memcpy((unsigned char *)&krlr, key+20,4); 932 krrl = ~krll; 933 krrr = ~krlr; 934 memcpy(kk+24, (unsigned char *)&krrl, 4); 935 memcpy(kk+28, (unsigned char *)&krrr, 4); 936 camellia_setup256(kk, subkey); 937 } 938 939 940 /** 941 * Stuff related to camellia encryption/decryption 942 */ 943 void 944 camellia_encrypt128(const uint32_t *subkey, uint32_t *io) 945 { 946 uint32_t il, ir, t0, t1; 947 948 /* pre whitening but absorb kw2*/ 949 io[0] ^= SUBL(0); 950 io[1] ^= SUBR(0); 951 /* main iteration */ 952 953 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 954 io[2],io[3],il,ir,t0,t1); 955 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 956 io[0],io[1],il,ir,t0,t1); 957 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 958 io[2],io[3],il,ir,t0,t1); 959 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 960 io[0],io[1],il,ir,t0,t1); 961 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 962 io[2],io[3],il,ir,t0,t1); 963 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 964 io[0],io[1],il,ir,t0,t1); 965 966 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 967 t0,t1,il,ir); 968 969 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 970 io[2],io[3],il,ir,t0,t1); 971 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 972 io[0],io[1],il,ir,t0,t1); 973 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 974 io[2],io[3],il,ir,t0,t1); 975 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 976 io[0],io[1],il,ir,t0,t1); 977 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 978 io[2],io[3],il,ir,t0,t1); 979 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 980 io[0],io[1],il,ir,t0,t1); 981 982 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17), 983 t0,t1,il,ir); 984 985 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 986 io[2],io[3],il,ir,t0,t1); 987 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 988 io[0],io[1],il,ir,t0,t1); 989 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 990 io[2],io[3],il,ir,t0,t1); 991 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 992 io[0],io[1],il,ir,t0,t1); 993 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 994 io[2],io[3],il,ir,t0,t1); 995 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 996 io[0],io[1],il,ir,t0,t1); 997 998 /* post whitening but kw4 */ 999 io[2] ^= SUBL(24); 1000 io[3] ^= SUBR(24); 1001 1002 t0 = io[0]; 1003 t1 = io[1]; 1004 io[0] = io[2]; 1005 io[1] = io[3]; 1006 io[2] = t0; 1007 io[3] = t1; 1008 } 1009 1010 void 1011 camellia_decrypt128(const uint32_t *subkey, uint32_t *io) 1012 { 1013 uint32_t il,ir,t0,t1; /* temporary variables */ 1014 1015 /* pre whitening but absorb kw2*/ 1016 io[0] ^= SUBL(24); 1017 io[1] ^= SUBR(24); 1018 1019 /* main iteration */ 1020 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1021 io[2],io[3],il,ir,t0,t1); 1022 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1023 io[0],io[1],il,ir,t0,t1); 1024 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1025 io[2],io[3],il,ir,t0,t1); 1026 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1027 io[0],io[1],il,ir,t0,t1); 1028 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1029 io[2],io[3],il,ir,t0,t1); 1030 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1031 io[0],io[1],il,ir,t0,t1); 1032 1033 CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16), 1034 t0,t1,il,ir); 1035 1036 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1037 io[2],io[3],il,ir,t0,t1); 1038 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1039 io[0],io[1],il,ir,t0,t1); 1040 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1041 io[2],io[3],il,ir,t0,t1); 1042 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1043 io[0],io[1],il,ir,t0,t1); 1044 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1045 io[2],io[3],il,ir,t0,t1); 1046 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1047 io[0],io[1],il,ir,t0,t1); 1048 1049 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1050 t0,t1,il,ir); 1051 1052 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1053 io[2],io[3],il,ir,t0,t1); 1054 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1055 io[0],io[1],il,ir,t0,t1); 1056 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1057 io[2],io[3],il,ir,t0,t1); 1058 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1059 io[0],io[1],il,ir,t0,t1); 1060 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1061 io[2],io[3],il,ir,t0,t1); 1062 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1063 io[0],io[1],il,ir,t0,t1); 1064 1065 /* post whitening but kw4 */ 1066 io[2] ^= SUBL(0); 1067 io[3] ^= SUBR(0); 1068 1069 t0 = io[0]; 1070 t1 = io[1]; 1071 io[0] = io[2]; 1072 io[1] = io[3]; 1073 io[2] = t0; 1074 io[3] = t1; 1075 } 1076 1077 /** 1078 * stuff for 192 and 256bit encryption/decryption 1079 */ 1080 void 1081 camellia_encrypt256(const uint32_t *subkey, uint32_t *io) 1082 { 1083 uint32_t il,ir,t0,t1; /* temporary variables */ 1084 1085 /* pre whitening but absorb kw2*/ 1086 io[0] ^= SUBL(0); 1087 io[1] ^= SUBR(0); 1088 1089 /* main iteration */ 1090 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 1091 io[2],io[3],il,ir,t0,t1); 1092 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 1093 io[0],io[1],il,ir,t0,t1); 1094 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 1095 io[2],io[3],il,ir,t0,t1); 1096 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 1097 io[0],io[1],il,ir,t0,t1); 1098 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 1099 io[2],io[3],il,ir,t0,t1); 1100 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 1101 io[0],io[1],il,ir,t0,t1); 1102 1103 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 1104 t0,t1,il,ir); 1105 1106 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 1107 io[2],io[3],il,ir,t0,t1); 1108 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 1109 io[0],io[1],il,ir,t0,t1); 1110 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 1111 io[2],io[3],il,ir,t0,t1); 1112 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 1113 io[0],io[1],il,ir,t0,t1); 1114 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 1115 io[2],io[3],il,ir,t0,t1); 1116 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 1117 io[0],io[1],il,ir,t0,t1); 1118 1119 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17), 1120 t0,t1,il,ir); 1121 1122 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 1123 io[2],io[3],il,ir,t0,t1); 1124 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 1125 io[0],io[1],il,ir,t0,t1); 1126 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 1127 io[2],io[3],il,ir,t0,t1); 1128 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 1129 io[0],io[1],il,ir,t0,t1); 1130 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 1131 io[2],io[3],il,ir,t0,t1); 1132 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 1133 io[0],io[1],il,ir,t0,t1); 1134 1135 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25), 1136 t0,t1,il,ir); 1137 1138 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26), 1139 io[2],io[3],il,ir,t0,t1); 1140 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27), 1141 io[0],io[1],il,ir,t0,t1); 1142 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28), 1143 io[2],io[3],il,ir,t0,t1); 1144 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29), 1145 io[0],io[1],il,ir,t0,t1); 1146 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30), 1147 io[2],io[3],il,ir,t0,t1); 1148 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31), 1149 io[0],io[1],il,ir,t0,t1); 1150 1151 /* post whitening but kw4 */ 1152 io[2] ^= SUBL(32); 1153 io[3] ^= SUBR(32); 1154 1155 t0 = io[0]; 1156 t1 = io[1]; 1157 io[0] = io[2]; 1158 io[1] = io[3]; 1159 io[2] = t0; 1160 io[3] = t1; 1161 } 1162 1163 void 1164 camellia_decrypt256(const uint32_t *subkey, uint32_t *io) 1165 { 1166 uint32_t il,ir,t0,t1; /* temporary variables */ 1167 1168 /* pre whitening but absorb kw2*/ 1169 io[0] ^= SUBL(32); 1170 io[1] ^= SUBR(32); 1171 1172 /* main iteration */ 1173 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31), 1174 io[2],io[3],il,ir,t0,t1); 1175 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30), 1176 io[0],io[1],il,ir,t0,t1); 1177 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29), 1178 io[2],io[3],il,ir,t0,t1); 1179 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28), 1180 io[0],io[1],il,ir,t0,t1); 1181 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27), 1182 io[2],io[3],il,ir,t0,t1); 1183 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26), 1184 io[0],io[1],il,ir,t0,t1); 1185 1186 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24), 1187 t0,t1,il,ir); 1188 1189 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1190 io[2],io[3],il,ir,t0,t1); 1191 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1192 io[0],io[1],il,ir,t0,t1); 1193 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1194 io[2],io[3],il,ir,t0,t1); 1195 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1196 io[0],io[1],il,ir,t0,t1); 1197 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1198 io[2],io[3],il,ir,t0,t1); 1199 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1200 io[0],io[1],il,ir,t0,t1); 1201 1202 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16), 1203 t0,t1,il,ir); 1204 1205 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1206 io[2],io[3],il,ir,t0,t1); 1207 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1208 io[0],io[1],il,ir,t0,t1); 1209 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1210 io[2],io[3],il,ir,t0,t1); 1211 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1212 io[0],io[1],il,ir,t0,t1); 1213 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1214 io[2],io[3],il,ir,t0,t1); 1215 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1216 io[0],io[1],il,ir,t0,t1); 1217 1218 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1219 t0,t1,il,ir); 1220 1221 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1222 io[2],io[3],il,ir,t0,t1); 1223 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1224 io[0],io[1],il,ir,t0,t1); 1225 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1226 io[2],io[3],il,ir,t0,t1); 1227 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1228 io[0],io[1],il,ir,t0,t1); 1229 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1230 io[2],io[3],il,ir,t0,t1); 1231 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1232 io[0],io[1],il,ir,t0,t1); 1233 1234 /* post whitening but kw4 */ 1235 io[2] ^= SUBL(0); 1236 io[3] ^= SUBR(0); 1237 1238 t0 = io[0]; 1239 t1 = io[1]; 1240 io[0] = io[2]; 1241 io[1] = io[3]; 1242 io[2] = t0; 1243 io[3] = t1; 1244 } 1245 1246 void 1247 Camellia_Ekeygen(const int keyBitLength, 1248 const unsigned char *rawKey, 1249 uint32_t *subkey) 1250 { 1251 KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256, 1252 ("Invalid key size (%d).", keyBitLength)); 1253 1254 switch(keyBitLength) { 1255 case 128: 1256 camellia_setup128(rawKey, subkey); 1257 break; 1258 case 192: 1259 camellia_setup192(rawKey, subkey); 1260 break; 1261 case 256: 1262 camellia_setup256(rawKey, subkey); 1263 break; 1264 default: 1265 break; 1266 } 1267 } 1268 void 1269 Camellia_EncryptBlock(const int keyBitLength, 1270 const unsigned char *plaintext, 1271 const uint32_t *subkey, 1272 unsigned char *ciphertext) 1273 { 1274 uint32_t tmp[4]; 1275 1276 tmp[0] = GETU32(plaintext); 1277 tmp[1] = GETU32(plaintext + 4); 1278 tmp[2] = GETU32(plaintext + 8); 1279 tmp[3] = GETU32(plaintext + 12); 1280 1281 switch (keyBitLength) { 1282 case 128: 1283 camellia_encrypt128(subkey, tmp); 1284 break; 1285 case 192: 1286 /* fall through */ 1287 case 256: 1288 camellia_encrypt256(subkey, tmp); 1289 break; 1290 default: 1291 break; 1292 } 1293 1294 PUTU32(ciphertext, tmp[0]); 1295 PUTU32(ciphertext+4, tmp[1]); 1296 PUTU32(ciphertext+8, tmp[2]); 1297 PUTU32(ciphertext+12, tmp[3]); 1298 } 1299 1300 void 1301 Camellia_DecryptBlock(const int keyBitLength, 1302 const unsigned char *ciphertext, 1303 const uint32_t *subkey, 1304 unsigned char *plaintext) 1305 { 1306 uint32_t tmp[4]; 1307 1308 tmp[0] = GETU32(ciphertext); 1309 tmp[1] = GETU32(ciphertext + 4); 1310 tmp[2] = GETU32(ciphertext + 8); 1311 tmp[3] = GETU32(ciphertext + 12); 1312 1313 switch (keyBitLength) { 1314 case 128: 1315 camellia_decrypt128(subkey, tmp); 1316 break; 1317 case 192: 1318 /* fall through */ 1319 case 256: 1320 camellia_decrypt256(subkey, tmp); 1321 break; 1322 default: 1323 break; 1324 } 1325 1326 PUTU32(plaintext, tmp[0]); 1327 PUTU32(plaintext+4, tmp[1]); 1328 PUTU32(plaintext+8, tmp[2]); 1329 PUTU32(plaintext+12, tmp[3]); 1330 } 1331