1 /* camellia.h ver 1.1.0 2 * 3 * Copyright (c) 2006 4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer as 11 * the first lines of this file unmodified. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * 27 * $FreeBSD$ 28 */ 29 30 /* 31 * Algorithm Specification 32 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 33 */ 34 35 #include <sys/cdefs.h> 36 #include <sys/types.h> 37 #include <sys/endian.h> 38 #ifdef _KERNEL 39 #include <sys/systm.h> 40 #else 41 #include <string.h> 42 #include <assert.h> 43 #define KASSERT(exp, msg) assert(exp) 44 #endif 45 46 #include <crypto/camellia/camellia.h> 47 48 49 /* key constants */ 50 51 #define CAMELLIA_SIGMA1L (0xA09E667FL) 52 #define CAMELLIA_SIGMA1R (0x3BCC908BL) 53 #define CAMELLIA_SIGMA2L (0xB67AE858L) 54 #define CAMELLIA_SIGMA2R (0x4CAA73B2L) 55 #define CAMELLIA_SIGMA3L (0xC6EF372FL) 56 #define CAMELLIA_SIGMA3R (0xE94F82BEL) 57 #define CAMELLIA_SIGMA4L (0x54FF53A5L) 58 #define CAMELLIA_SIGMA4R (0xF1D36F1CL) 59 #define CAMELLIA_SIGMA5L (0x10E527FAL) 60 #define CAMELLIA_SIGMA5R (0xDE682D1DL) 61 #define CAMELLIA_SIGMA6L (0xB05688C2L) 62 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 63 64 /* 65 * macros 66 */ 67 #define GETU32(pt) (((uint32_t)(pt)[0] << 24) \ 68 ^ ((uint32_t)(pt)[1] << 16) \ 69 ^ ((uint32_t)(pt)[2] << 8) \ 70 ^ ((uint32_t)(pt)[3])) 71 72 #define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24); \ 73 (ct)[1] = (uint8_t)((st) >> 16); \ 74 (ct)[2] = (uint8_t)((st) >> 8); \ 75 (ct)[3] = (uint8_t)(st);} 76 77 #define SUBL(INDEX) (subkey[(INDEX)*2+1]) 78 #define SUBR(INDEX) (subkey[(INDEX)*2]) 79 80 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 81 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 82 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 83 84 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 85 do { \ 86 w0 = ll; \ 87 ll = (ll << bits) + (lr >> (32 - bits)); \ 88 lr = (lr << bits) + (rl >> (32 - bits)); \ 89 rl = (rl << bits) + (rr >> (32 - bits)); \ 90 rr = (rr << bits) + (w0 >> (32 - bits)); \ 91 } while(0) 92 93 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 94 do { \ 95 w0 = ll; \ 96 w1 = lr; \ 97 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 98 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 99 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 100 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 101 } while(0) 102 103 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 104 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 105 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 106 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 107 108 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 109 do { \ 110 il = xl ^ kl; \ 111 ir = xr ^ kr; \ 112 t0 = il >> 16; \ 113 t1 = ir >> 16; \ 114 yl = CAMELLIA_SP1110(ir & 0xff) \ 115 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 116 ^ CAMELLIA_SP3033(t1 & 0xff) \ 117 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 118 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 119 ^ CAMELLIA_SP0222(t0 & 0xff) \ 120 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 121 ^ CAMELLIA_SP4404(il & 0xff); \ 122 yl ^= yr; \ 123 yr = CAMELLIA_RR8(yr); \ 124 yr ^= yl; \ 125 } while(0) 126 127 128 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 129 do { \ 130 t0 = kll; \ 131 t2 = krr; \ 132 t0 &= ll; \ 133 t2 |= rr; \ 134 rl ^= t2; \ 135 lr ^= CAMELLIA_RL1(t0); \ 136 t3 = krl; \ 137 t1 = klr; \ 138 t3 &= rl; \ 139 t1 |= lr; \ 140 ll ^= t1; \ 141 rr ^= CAMELLIA_RL1(t3); \ 142 } while(0) 143 144 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 145 do { \ 146 ir = CAMELLIA_SP1110(xr & 0xff); \ 147 il = CAMELLIA_SP1110((xl>>24) & 0xff); \ 148 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \ 149 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \ 150 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \ 151 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \ 152 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \ 153 il ^= CAMELLIA_SP4404(xl & 0xff); \ 154 il ^= kl; \ 155 ir ^= kr; \ 156 ir ^= il; \ 157 il = CAMELLIA_RR8(il); \ 158 il ^= ir; \ 159 yl ^= ir; \ 160 yr ^= il; \ 161 } while(0) 162 163 164 static const uint32_t camellia_sp1110[256] = { 165 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 166 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 167 0xe4e4e400,0x85858500,0x57575700,0x35353500, 168 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, 169 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, 170 0x45454500,0x19191900,0xa5a5a500,0x21212100, 171 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, 172 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, 173 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, 174 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, 175 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, 176 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, 177 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, 178 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, 179 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, 180 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, 181 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, 182 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, 183 0x74747400,0x12121200,0x2b2b2b00,0x20202000, 184 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, 185 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, 186 0x34343400,0x7e7e7e00,0x76767600,0x05050500, 187 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, 188 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, 189 0x14141400,0x58585800,0x3a3a3a00,0x61616100, 190 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, 191 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, 192 0x53535300,0x18181800,0xf2f2f200,0x22222200, 193 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, 194 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, 195 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, 196 0x60606000,0xfcfcfc00,0x69696900,0x50505000, 197 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, 198 0xa1a1a100,0x89898900,0x62626200,0x97979700, 199 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, 200 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, 201 0x10101000,0xc4c4c400,0x00000000,0x48484800, 202 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, 203 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, 204 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, 205 0x87878700,0x5c5c5c00,0x83838300,0x02020200, 206 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, 207 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, 208 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, 209 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, 210 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, 211 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, 212 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, 213 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, 214 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, 215 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, 216 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, 217 0x78787800,0x98989800,0x06060600,0x6a6a6a00, 218 0xe7e7e700,0x46464600,0x71717100,0xbababa00, 219 0xd4d4d400,0x25252500,0xababab00,0x42424200, 220 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, 221 0x72727200,0x07070700,0xb9b9b900,0x55555500, 222 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, 223 0x36363600,0x49494900,0x2a2a2a00,0x68686800, 224 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, 225 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, 226 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, 227 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, 228 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, 229 }; 230 231 static const uint32_t camellia_sp0222[256] = { 232 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, 233 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, 234 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, 235 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, 236 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, 237 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, 238 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, 239 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, 240 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, 241 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, 242 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, 243 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, 244 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, 245 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, 246 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, 247 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, 248 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, 249 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, 250 0x00e8e8e8,0x00242424,0x00565656,0x00404040, 251 0x00e1e1e1,0x00636363,0x00090909,0x00333333, 252 0x00bfbfbf,0x00989898,0x00979797,0x00858585, 253 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, 254 0x00dadada,0x006f6f6f,0x00535353,0x00626262, 255 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, 256 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, 257 0x00bdbdbd,0x00363636,0x00222222,0x00383838, 258 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, 259 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, 260 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, 261 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, 262 0x00484848,0x00101010,0x00d1d1d1,0x00515151, 263 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, 264 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, 265 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, 266 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, 267 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, 268 0x00202020,0x00898989,0x00000000,0x00909090, 269 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, 270 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, 271 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, 272 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, 273 0x009b9b9b,0x00949494,0x00212121,0x00666666, 274 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, 275 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, 276 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, 277 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, 278 0x00030303,0x002d2d2d,0x00dedede,0x00969696, 279 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, 280 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, 281 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, 282 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, 283 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, 284 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, 285 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, 286 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, 287 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, 288 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, 289 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, 290 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, 291 0x00787878,0x00707070,0x00e3e3e3,0x00494949, 292 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, 293 0x00777777,0x00939393,0x00868686,0x00838383, 294 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, 295 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, 296 }; 297 298 static const uint32_t camellia_sp3033[256] = { 299 0x38003838,0x41004141,0x16001616,0x76007676, 300 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, 301 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, 302 0x75007575,0x06000606,0x57005757,0xa000a0a0, 303 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, 304 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, 305 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, 306 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, 307 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, 308 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, 309 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, 310 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, 311 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, 312 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, 313 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, 314 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, 315 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, 316 0xfd00fdfd,0x66006666,0x58005858,0x96009696, 317 0x3a003a3a,0x09000909,0x95009595,0x10001010, 318 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, 319 0xef00efef,0x26002626,0xe500e5e5,0x61006161, 320 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, 321 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, 322 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, 323 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, 324 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, 325 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, 326 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, 327 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, 328 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, 329 0x12001212,0x04000404,0x74007474,0x54005454, 330 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, 331 0x55005555,0x68006868,0x50005050,0xbe00bebe, 332 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, 333 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, 334 0x70007070,0xff00ffff,0x32003232,0x69006969, 335 0x08000808,0x62006262,0x00000000,0x24002424, 336 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, 337 0x45004545,0x81008181,0x73007373,0x6d006d6d, 338 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, 339 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, 340 0xe600e6e6,0x25002525,0x48004848,0x99009999, 341 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, 342 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, 343 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, 344 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, 345 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, 346 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, 347 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, 348 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, 349 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, 350 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, 351 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, 352 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, 353 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, 354 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, 355 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, 356 0x7c007c7c,0x77007777,0x56005656,0x05000505, 357 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, 358 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, 359 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, 360 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, 361 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, 362 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, 363 }; 364 365 static const uint32_t camellia_sp4404[256] = { 366 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, 367 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, 368 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, 369 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, 370 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, 371 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, 372 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, 373 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, 374 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, 375 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, 376 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, 377 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, 378 0x14140014,0x3a3a003a,0xdede00de,0x11110011, 379 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, 380 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, 381 0x24240024,0xe8e800e8,0x60600060,0x69690069, 382 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, 383 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, 384 0x10100010,0x00000000,0xa3a300a3,0x75750075, 385 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, 386 0x87870087,0x83830083,0xcdcd00cd,0x90900090, 387 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, 388 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, 389 0x81810081,0x6f6f006f,0x13130013,0x63630063, 390 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, 391 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, 392 0x78780078,0x06060006,0xe7e700e7,0x71710071, 393 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, 394 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, 395 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, 396 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, 397 0x15150015,0xadad00ad,0x77770077,0x80800080, 398 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, 399 0x85850085,0x35350035,0x0c0c000c,0x41410041, 400 0xefef00ef,0x93930093,0x19190019,0x21210021, 401 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, 402 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, 403 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, 404 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, 405 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, 406 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, 407 0x12120012,0x20200020,0xb1b100b1,0x99990099, 408 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, 409 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, 410 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, 411 0x0f0f000f,0x16160016,0x18180018,0x22220022, 412 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, 413 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, 414 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, 415 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, 416 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, 417 0x03030003,0xdada00da,0x3f3f003f,0x94940094, 418 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, 419 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, 420 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, 421 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, 422 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, 423 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, 424 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, 425 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, 426 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, 427 0x49490049,0x68680068,0x38380038,0xa4a400a4, 428 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, 429 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, 430 }; 431 432 433 /* 434 * Stuff related to the Camellia key schedule 435 */ 436 #define subl(x) subL[(x)] 437 #define subr(x) subR[(x)] 438 439 void 440 camellia_setup128(const unsigned char *key, uint32_t *subkey) 441 { 442 uint32_t kll, klr, krl, krr; 443 uint32_t il, ir, t0, t1, w0, w1; 444 uint32_t kw4l, kw4r, dw, tl, tr; 445 uint32_t subL[26]; 446 uint32_t subR[26]; 447 448 /* 449 * k == kll || klr || krl || krr (|| is concatination) 450 */ 451 kll = GETU32(key ); 452 klr = GETU32(key + 4); 453 krl = GETU32(key + 8); 454 krr = GETU32(key + 12); 455 /* 456 * generate KL dependent subkeys 457 */ 458 subl(0) = kll; subr(0) = klr; 459 subl(1) = krl; subr(1) = krr; 460 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 461 subl(4) = kll; subr(4) = klr; 462 subl(5) = krl; subr(5) = krr; 463 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 464 subl(10) = kll; subr(10) = klr; 465 subl(11) = krl; subr(11) = krr; 466 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 467 subl(13) = krl; subr(13) = krr; 468 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 469 subl(16) = kll; subr(16) = klr; 470 subl(17) = krl; subr(17) = krr; 471 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 472 subl(18) = kll; subr(18) = klr; 473 subl(19) = krl; subr(19) = krr; 474 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 475 subl(22) = kll; subr(22) = klr; 476 subl(23) = krl; subr(23) = krr; 477 478 /* generate KA */ 479 kll = subl(0); klr = subr(0); 480 krl = subl(1); krr = subr(1); 481 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 482 w0, w1, il, ir, t0, t1); 483 krl ^= w0; krr ^= w1; 484 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 485 kll, klr, il, ir, t0, t1); 486 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 487 krl, krr, il, ir, t0, t1); 488 krl ^= w0; krr ^= w1; 489 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 490 w0, w1, il, ir, t0, t1); 491 kll ^= w0; klr ^= w1; 492 493 /* generate KA dependent subkeys */ 494 subl(2) = kll; subr(2) = klr; 495 subl(3) = krl; subr(3) = krr; 496 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 497 subl(6) = kll; subr(6) = klr; 498 subl(7) = krl; subr(7) = krr; 499 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 500 subl(8) = kll; subr(8) = klr; 501 subl(9) = krl; subr(9) = krr; 502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 503 subl(12) = kll; subr(12) = klr; 504 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 505 subl(14) = kll; subr(14) = klr; 506 subl(15) = krl; subr(15) = krr; 507 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 508 subl(20) = kll; subr(20) = klr; 509 subl(21) = krl; subr(21) = krr; 510 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 511 subl(24) = kll; subr(24) = klr; 512 subl(25) = krl; subr(25) = krr; 513 514 515 /* absorb kw2 to other subkeys */ 516 subl(3) ^= subl(1); subr(3) ^= subr(1); 517 subl(5) ^= subl(1); subr(5) ^= subr(1); 518 subl(7) ^= subl(1); subr(7) ^= subr(1); 519 subl(1) ^= subr(1) & ~subr(9); 520 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 521 subl(11) ^= subl(1); subr(11) ^= subr(1); 522 subl(13) ^= subl(1); subr(13) ^= subr(1); 523 subl(15) ^= subl(1); subr(15) ^= subr(1); 524 subl(1) ^= subr(1) & ~subr(17); 525 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 526 subl(19) ^= subl(1); subr(19) ^= subr(1); 527 subl(21) ^= subl(1); subr(21) ^= subr(1); 528 subl(23) ^= subl(1); subr(23) ^= subr(1); 529 subl(24) ^= subl(1); subr(24) ^= subr(1); 530 531 /* absorb kw4 to other subkeys */ 532 kw4l = subl(25); kw4r = subr(25); 533 subl(22) ^= kw4l; subr(22) ^= kw4r; 534 subl(20) ^= kw4l; subr(20) ^= kw4r; 535 subl(18) ^= kw4l; subr(18) ^= kw4r; 536 kw4l ^= kw4r & ~subr(16); 537 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 538 subl(14) ^= kw4l; subr(14) ^= kw4r; 539 subl(12) ^= kw4l; subr(12) ^= kw4r; 540 subl(10) ^= kw4l; subr(10) ^= kw4r; 541 kw4l ^= kw4r & ~subr(8); 542 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 543 subl(6) ^= kw4l; subr(6) ^= kw4r; 544 subl(4) ^= kw4l; subr(4) ^= kw4r; 545 subl(2) ^= kw4l; subr(2) ^= kw4r; 546 subl(0) ^= kw4l; subr(0) ^= kw4r; 547 548 /* key XOR is end of F-function */ 549 SUBL(0) = subl(0) ^ subl(2); 550 SUBR(0) = subr(0) ^ subr(2); 551 SUBL(2) = subl(3); 552 SUBR(2) = subr(3); 553 SUBL(3) = subl(2) ^ subl(4); 554 SUBR(3) = subr(2) ^ subr(4); 555 SUBL(4) = subl(3) ^ subl(5); 556 SUBR(4) = subr(3) ^ subr(5); 557 SUBL(5) = subl(4) ^ subl(6); 558 SUBR(5) = subr(4) ^ subr(6); 559 SUBL(6) = subl(5) ^ subl(7); 560 SUBR(6) = subr(5) ^ subr(7); 561 tl = subl(10) ^ (subr(10) & ~subr(8)); 562 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 563 SUBL(7) = subl(6) ^ tl; 564 SUBR(7) = subr(6) ^ tr; 565 SUBL(8) = subl(8); 566 SUBR(8) = subr(8); 567 SUBL(9) = subl(9); 568 SUBR(9) = subr(9); 569 tl = subl(7) ^ (subr(7) & ~subr(9)); 570 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 571 SUBL(10) = tl ^ subl(11); 572 SUBR(10) = tr ^ subr(11); 573 SUBL(11) = subl(10) ^ subl(12); 574 SUBR(11) = subr(10) ^ subr(12); 575 SUBL(12) = subl(11) ^ subl(13); 576 SUBR(12) = subr(11) ^ subr(13); 577 SUBL(13) = subl(12) ^ subl(14); 578 SUBR(13) = subr(12) ^ subr(14); 579 SUBL(14) = subl(13) ^ subl(15); 580 SUBR(14) = subr(13) ^ subr(15); 581 tl = subl(18) ^ (subr(18) & ~subr(16)); 582 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 583 SUBL(15) = subl(14) ^ tl; 584 SUBR(15) = subr(14) ^ tr; 585 SUBL(16) = subl(16); 586 SUBR(16) = subr(16); 587 SUBL(17) = subl(17); 588 SUBR(17) = subr(17); 589 tl = subl(15) ^ (subr(15) & ~subr(17)); 590 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 591 SUBL(18) = tl ^ subl(19); 592 SUBR(18) = tr ^ subr(19); 593 SUBL(19) = subl(18) ^ subl(20); 594 SUBR(19) = subr(18) ^ subr(20); 595 SUBL(20) = subl(19) ^ subl(21); 596 SUBR(20) = subr(19) ^ subr(21); 597 SUBL(21) = subl(20) ^ subl(22); 598 SUBR(21) = subr(20) ^ subr(22); 599 SUBL(22) = subl(21) ^ subl(23); 600 SUBR(22) = subr(21) ^ subr(23); 601 SUBL(23) = subl(22); 602 SUBR(23) = subr(22); 603 SUBL(24) = subl(24) ^ subl(23); 604 SUBR(24) = subr(24) ^ subr(23); 605 606 /* apply the inverse of the last half of P-function */ 607 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 608 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 609 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 610 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 611 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 612 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 613 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 614 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 615 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 616 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 617 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 618 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 619 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 620 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 621 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 622 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 623 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 624 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 625 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 626 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 627 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 628 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 629 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 630 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 631 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 632 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 633 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 634 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 635 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 636 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 637 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 638 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 639 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 640 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 641 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 642 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 643 } 644 645 void 646 camellia_setup256(const unsigned char *key, uint32_t *subkey) 647 { 648 uint32_t kll,klr,krl,krr; /* left half of key */ 649 uint32_t krll,krlr,krrl,krrr; /* right half of key */ 650 uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */ 651 uint32_t kw4l, kw4r, dw, tl, tr; 652 uint32_t subL[34]; 653 uint32_t subR[34]; 654 655 /* 656 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 657 * (|| is concatination) 658 */ 659 660 kll = GETU32(key ); 661 klr = GETU32(key + 4); 662 krl = GETU32(key + 8); 663 krr = GETU32(key + 12); 664 krll = GETU32(key + 16); 665 krlr = GETU32(key + 20); 666 krrl = GETU32(key + 24); 667 krrr = GETU32(key + 28); 668 669 /* generate KL dependent subkeys */ 670 subl(0) = kll; subr(0) = klr; 671 subl(1) = krl; subr(1) = krr; 672 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 673 subl(12) = kll; subr(12) = klr; 674 subl(13) = krl; subr(13) = krr; 675 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 676 subl(16) = kll; subr(16) = klr; 677 subl(17) = krl; subr(17) = krr; 678 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 679 subl(22) = kll; subr(22) = klr; 680 subl(23) = krl; subr(23) = krr; 681 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 682 subl(30) = kll; subr(30) = klr; 683 subl(31) = krl; subr(31) = krr; 684 685 /* generate KR dependent subkeys */ 686 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 687 subl(4) = krll; subr(4) = krlr; 688 subl(5) = krrl; subr(5) = krrr; 689 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 690 subl(8) = krll; subr(8) = krlr; 691 subl(9) = krrl; subr(9) = krrr; 692 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 693 subl(18) = krll; subr(18) = krlr; 694 subl(19) = krrl; subr(19) = krrr; 695 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 696 subl(26) = krll; subr(26) = krlr; 697 subl(27) = krrl; subr(27) = krrr; 698 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 699 700 /* generate KA */ 701 kll = subl(0) ^ krll; klr = subr(0) ^ krlr; 702 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; 703 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 704 w0, w1, il, ir, t0, t1); 705 krl ^= w0; krr ^= w1; 706 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, 707 kll, klr, il, ir, t0, t1); 708 kll ^= krll; klr ^= krlr; 709 CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, 710 krl, krr, il, ir, t0, t1); 711 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; 712 CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, 713 w0, w1, il, ir, t0, t1); 714 kll ^= w0; klr ^= w1; 715 716 /* generate KB */ 717 krll ^= kll; krlr ^= klr; 718 krrl ^= krl; krrr ^= krr; 719 CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, 720 w0, w1, il, ir, t0, t1); 721 krrl ^= w0; krrr ^= w1; 722 CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, 723 w0, w1, il, ir, t0, t1); 724 krll ^= w0; krlr ^= w1; 725 726 /* generate KA dependent subkeys */ 727 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 728 subl(6) = kll; subr(6) = klr; 729 subl(7) = krl; subr(7) = krr; 730 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 731 subl(14) = kll; subr(14) = klr; 732 subl(15) = krl; subr(15) = krr; 733 subl(24) = klr; subr(24) = krl; 734 subl(25) = krr; subr(25) = kll; 735 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 736 subl(28) = kll; subr(28) = klr; 737 subl(29) = krl; subr(29) = krr; 738 739 /* generate KB dependent subkeys */ 740 subl(2) = krll; subr(2) = krlr; 741 subl(3) = krrl; subr(3) = krrr; 742 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 743 subl(10) = krll; subr(10) = krlr; 744 subl(11) = krrl; subr(11) = krrr; 745 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 746 subl(20) = krll; subr(20) = krlr; 747 subl(21) = krrl; subr(21) = krrr; 748 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 749 subl(32) = krll; subr(32) = krlr; 750 subl(33) = krrl; subr(33) = krrr; 751 752 /* absorb kw2 to other subkeys */ 753 subl(3) ^= subl(1); subr(3) ^= subr(1); 754 subl(5) ^= subl(1); subr(5) ^= subr(1); 755 subl(7) ^= subl(1); subr(7) ^= subr(1); 756 subl(1) ^= subr(1) & ~subr(9); 757 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); 758 subl(11) ^= subl(1); subr(11) ^= subr(1); 759 subl(13) ^= subl(1); subr(13) ^= subr(1); 760 subl(15) ^= subl(1); subr(15) ^= subr(1); 761 subl(1) ^= subr(1) & ~subr(17); 762 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); 763 subl(19) ^= subl(1); subr(19) ^= subr(1); 764 subl(21) ^= subl(1); subr(21) ^= subr(1); 765 subl(23) ^= subl(1); subr(23) ^= subr(1); 766 subl(1) ^= subr(1) & ~subr(25); 767 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); 768 subl(27) ^= subl(1); subr(27) ^= subr(1); 769 subl(29) ^= subl(1); subr(29) ^= subr(1); 770 subl(31) ^= subl(1); subr(31) ^= subr(1); 771 subl(32) ^= subl(1); subr(32) ^= subr(1); 772 773 774 /* absorb kw4 to other subkeys */ 775 kw4l = subl(33); kw4r = subr(33); 776 subl(30) ^= kw4l; subr(30) ^= kw4r; 777 subl(28) ^= kw4l; subr(28) ^= kw4r; 778 subl(26) ^= kw4l; subr(26) ^= kw4r; 779 kw4l ^= kw4r & ~subr(24); 780 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); 781 subl(22) ^= kw4l; subr(22) ^= kw4r; 782 subl(20) ^= kw4l; subr(20) ^= kw4r; 783 subl(18) ^= kw4l; subr(18) ^= kw4r; 784 kw4l ^= kw4r & ~subr(16); 785 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); 786 subl(14) ^= kw4l; subr(14) ^= kw4r; 787 subl(12) ^= kw4l; subr(12) ^= kw4r; 788 subl(10) ^= kw4l; subr(10) ^= kw4r; 789 kw4l ^= kw4r & ~subr(8); 790 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); 791 subl(6) ^= kw4l; subr(6) ^= kw4r; 792 subl(4) ^= kw4l; subr(4) ^= kw4r; 793 subl(2) ^= kw4l; subr(2) ^= kw4r; 794 subl(0) ^= kw4l; subr(0) ^= kw4r; 795 796 /* key XOR is end of F-function */ 797 SUBL(0) = subl(0) ^ subl(2); 798 SUBR(0) = subr(0) ^ subr(2); 799 SUBL(2) = subl(3); 800 SUBR(2) = subr(3); 801 SUBL(3) = subl(2) ^ subl(4); 802 SUBR(3) = subr(2) ^ subr(4); 803 SUBL(4) = subl(3) ^ subl(5); 804 SUBR(4) = subr(3) ^ subr(5); 805 SUBL(5) = subl(4) ^ subl(6); 806 SUBR(5) = subr(4) ^ subr(6); 807 SUBL(6) = subl(5) ^ subl(7); 808 SUBR(6) = subr(5) ^ subr(7); 809 tl = subl(10) ^ (subr(10) & ~subr(8)); 810 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); 811 SUBL(7) = subl(6) ^ tl; 812 SUBR(7) = subr(6) ^ tr; 813 SUBL(8) = subl(8); 814 SUBR(8) = subr(8); 815 SUBL(9) = subl(9); 816 SUBR(9) = subr(9); 817 tl = subl(7) ^ (subr(7) & ~subr(9)); 818 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); 819 SUBL(10) = tl ^ subl(11); 820 SUBR(10) = tr ^ subr(11); 821 SUBL(11) = subl(10) ^ subl(12); 822 SUBR(11) = subr(10) ^ subr(12); 823 SUBL(12) = subl(11) ^ subl(13); 824 SUBR(12) = subr(11) ^ subr(13); 825 SUBL(13) = subl(12) ^ subl(14); 826 SUBR(13) = subr(12) ^ subr(14); 827 SUBL(14) = subl(13) ^ subl(15); 828 SUBR(14) = subr(13) ^ subr(15); 829 tl = subl(18) ^ (subr(18) & ~subr(16)); 830 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); 831 SUBL(15) = subl(14) ^ tl; 832 SUBR(15) = subr(14) ^ tr; 833 SUBL(16) = subl(16); 834 SUBR(16) = subr(16); 835 SUBL(17) = subl(17); 836 SUBR(17) = subr(17); 837 tl = subl(15) ^ (subr(15) & ~subr(17)); 838 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); 839 SUBL(18) = tl ^ subl(19); 840 SUBR(18) = tr ^ subr(19); 841 SUBL(19) = subl(18) ^ subl(20); 842 SUBR(19) = subr(18) ^ subr(20); 843 SUBL(20) = subl(19) ^ subl(21); 844 SUBR(20) = subr(19) ^ subr(21); 845 SUBL(21) = subl(20) ^ subl(22); 846 SUBR(21) = subr(20) ^ subr(22); 847 SUBL(22) = subl(21) ^ subl(23); 848 SUBR(22) = subr(21) ^ subr(23); 849 tl = subl(26) ^ (subr(26) & ~subr(24)); 850 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); 851 SUBL(23) = subl(22) ^ tl; 852 SUBR(23) = subr(22) ^ tr; 853 SUBL(24) = subl(24); 854 SUBR(24) = subr(24); 855 SUBL(25) = subl(25); 856 SUBR(25) = subr(25); 857 tl = subl(23) ^ (subr(23) & ~subr(25)); 858 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); 859 SUBL(26) = tl ^ subl(27); 860 SUBR(26) = tr ^ subr(27); 861 SUBL(27) = subl(26) ^ subl(28); 862 SUBR(27) = subr(26) ^ subr(28); 863 SUBL(28) = subl(27) ^ subl(29); 864 SUBR(28) = subr(27) ^ subr(29); 865 SUBL(29) = subl(28) ^ subl(30); 866 SUBR(29) = subr(28) ^ subr(30); 867 SUBL(30) = subl(29) ^ subl(31); 868 SUBR(30) = subr(29) ^ subr(31); 869 SUBL(31) = subl(30); 870 SUBR(31) = subr(30); 871 SUBL(32) = subl(32) ^ subl(31); 872 SUBR(32) = subr(32) ^ subr(31); 873 874 /* apply the inverse of the last half of P-function */ 875 dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw); 876 SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw; 877 dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw); 878 SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw; 879 dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw); 880 SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw; 881 dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw); 882 SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw; 883 dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw); 884 SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw; 885 dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw); 886 SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw; 887 dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw); 888 SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw; 889 dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw); 890 SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw; 891 dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw); 892 SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw; 893 dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw); 894 SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw; 895 dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw); 896 SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw; 897 dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw); 898 SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw; 899 dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw); 900 SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw; 901 dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw); 902 SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw; 903 dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw); 904 SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw; 905 dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw); 906 SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw; 907 dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw); 908 SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw; 909 dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw); 910 SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw; 911 dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw); 912 SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw; 913 dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw); 914 SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw; 915 dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw); 916 SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw; 917 dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw); 918 SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw; 919 dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw); 920 SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw; 921 dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw); 922 SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw; 923 } 924 925 void 926 camellia_setup192(const unsigned char *key, uint32_t *subkey) 927 { 928 unsigned char kk[32]; 929 uint32_t krll, krlr, krrl,krrr; 930 931 memcpy(kk, key, 24); 932 memcpy((unsigned char *)&krll, key+16,4); 933 memcpy((unsigned char *)&krlr, key+20,4); 934 krrl = ~krll; 935 krrr = ~krlr; 936 memcpy(kk+24, (unsigned char *)&krrl, 4); 937 memcpy(kk+28, (unsigned char *)&krrr, 4); 938 camellia_setup256(kk, subkey); 939 } 940 941 942 /** 943 * Stuff related to camellia encryption/decryption 944 */ 945 void 946 camellia_encrypt128(const uint32_t *subkey, uint32_t *io) 947 { 948 uint32_t il, ir, t0, t1; 949 950 /* pre whitening but absorb kw2*/ 951 io[0] ^= SUBL(0); 952 io[1] ^= SUBR(0); 953 /* main iteration */ 954 955 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 956 io[2],io[3],il,ir,t0,t1); 957 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 958 io[0],io[1],il,ir,t0,t1); 959 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 960 io[2],io[3],il,ir,t0,t1); 961 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 962 io[0],io[1],il,ir,t0,t1); 963 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 964 io[2],io[3],il,ir,t0,t1); 965 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 966 io[0],io[1],il,ir,t0,t1); 967 968 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 969 t0,t1,il,ir); 970 971 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 972 io[2],io[3],il,ir,t0,t1); 973 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 974 io[0],io[1],il,ir,t0,t1); 975 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 976 io[2],io[3],il,ir,t0,t1); 977 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 978 io[0],io[1],il,ir,t0,t1); 979 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 980 io[2],io[3],il,ir,t0,t1); 981 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 982 io[0],io[1],il,ir,t0,t1); 983 984 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17), 985 t0,t1,il,ir); 986 987 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 988 io[2],io[3],il,ir,t0,t1); 989 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 990 io[0],io[1],il,ir,t0,t1); 991 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 992 io[2],io[3],il,ir,t0,t1); 993 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 994 io[0],io[1],il,ir,t0,t1); 995 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 996 io[2],io[3],il,ir,t0,t1); 997 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 998 io[0],io[1],il,ir,t0,t1); 999 1000 /* post whitening but kw4 */ 1001 io[2] ^= SUBL(24); 1002 io[3] ^= SUBR(24); 1003 1004 t0 = io[0]; 1005 t1 = io[1]; 1006 io[0] = io[2]; 1007 io[1] = io[3]; 1008 io[2] = t0; 1009 io[3] = t1; 1010 } 1011 1012 void 1013 camellia_decrypt128(const uint32_t *subkey, uint32_t *io) 1014 { 1015 uint32_t il,ir,t0,t1; /* temporary valiables */ 1016 1017 /* pre whitening but absorb kw2*/ 1018 io[0] ^= SUBL(24); 1019 io[1] ^= SUBR(24); 1020 1021 /* main iteration */ 1022 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1023 io[2],io[3],il,ir,t0,t1); 1024 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1025 io[0],io[1],il,ir,t0,t1); 1026 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1027 io[2],io[3],il,ir,t0,t1); 1028 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1029 io[0],io[1],il,ir,t0,t1); 1030 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1031 io[2],io[3],il,ir,t0,t1); 1032 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1033 io[0],io[1],il,ir,t0,t1); 1034 1035 CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16), 1036 t0,t1,il,ir); 1037 1038 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1039 io[2],io[3],il,ir,t0,t1); 1040 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1041 io[0],io[1],il,ir,t0,t1); 1042 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1043 io[2],io[3],il,ir,t0,t1); 1044 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1045 io[0],io[1],il,ir,t0,t1); 1046 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1047 io[2],io[3],il,ir,t0,t1); 1048 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1049 io[0],io[1],il,ir,t0,t1); 1050 1051 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1052 t0,t1,il,ir); 1053 1054 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1055 io[2],io[3],il,ir,t0,t1); 1056 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1057 io[0],io[1],il,ir,t0,t1); 1058 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1059 io[2],io[3],il,ir,t0,t1); 1060 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1061 io[0],io[1],il,ir,t0,t1); 1062 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1063 io[2],io[3],il,ir,t0,t1); 1064 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1065 io[0],io[1],il,ir,t0,t1); 1066 1067 /* post whitening but kw4 */ 1068 io[2] ^= SUBL(0); 1069 io[3] ^= SUBR(0); 1070 1071 t0 = io[0]; 1072 t1 = io[1]; 1073 io[0] = io[2]; 1074 io[1] = io[3]; 1075 io[2] = t0; 1076 io[3] = t1; 1077 } 1078 1079 /** 1080 * stuff for 192 and 256bit encryption/decryption 1081 */ 1082 void 1083 camellia_encrypt256(const uint32_t *subkey, uint32_t *io) 1084 { 1085 uint32_t il,ir,t0,t1; /* temporary valiables */ 1086 1087 /* pre whitening but absorb kw2*/ 1088 io[0] ^= SUBL(0); 1089 io[1] ^= SUBR(0); 1090 1091 /* main iteration */ 1092 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2), 1093 io[2],io[3],il,ir,t0,t1); 1094 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3), 1095 io[0],io[1],il,ir,t0,t1); 1096 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4), 1097 io[2],io[3],il,ir,t0,t1); 1098 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5), 1099 io[0],io[1],il,ir,t0,t1); 1100 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6), 1101 io[2],io[3],il,ir,t0,t1); 1102 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7), 1103 io[0],io[1],il,ir,t0,t1); 1104 1105 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9), 1106 t0,t1,il,ir); 1107 1108 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10), 1109 io[2],io[3],il,ir,t0,t1); 1110 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11), 1111 io[0],io[1],il,ir,t0,t1); 1112 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12), 1113 io[2],io[3],il,ir,t0,t1); 1114 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13), 1115 io[0],io[1],il,ir,t0,t1); 1116 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14), 1117 io[2],io[3],il,ir,t0,t1); 1118 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15), 1119 io[0],io[1],il,ir,t0,t1); 1120 1121 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17), 1122 t0,t1,il,ir); 1123 1124 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18), 1125 io[2],io[3],il,ir,t0,t1); 1126 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19), 1127 io[0],io[1],il,ir,t0,t1); 1128 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20), 1129 io[2],io[3],il,ir,t0,t1); 1130 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21), 1131 io[0],io[1],il,ir,t0,t1); 1132 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22), 1133 io[2],io[3],il,ir,t0,t1); 1134 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23), 1135 io[0],io[1],il,ir,t0,t1); 1136 1137 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25), 1138 t0,t1,il,ir); 1139 1140 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26), 1141 io[2],io[3],il,ir,t0,t1); 1142 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27), 1143 io[0],io[1],il,ir,t0,t1); 1144 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28), 1145 io[2],io[3],il,ir,t0,t1); 1146 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29), 1147 io[0],io[1],il,ir,t0,t1); 1148 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30), 1149 io[2],io[3],il,ir,t0,t1); 1150 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31), 1151 io[0],io[1],il,ir,t0,t1); 1152 1153 /* post whitening but kw4 */ 1154 io[2] ^= SUBL(32); 1155 io[3] ^= SUBR(32); 1156 1157 t0 = io[0]; 1158 t1 = io[1]; 1159 io[0] = io[2]; 1160 io[1] = io[3]; 1161 io[2] = t0; 1162 io[3] = t1; 1163 } 1164 1165 void 1166 camellia_decrypt256(const uint32_t *subkey, uint32_t *io) 1167 { 1168 uint32_t il,ir,t0,t1; /* temporary valiables */ 1169 1170 /* pre whitening but absorb kw2*/ 1171 io[0] ^= SUBL(32); 1172 io[1] ^= SUBR(32); 1173 1174 /* main iteration */ 1175 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31), 1176 io[2],io[3],il,ir,t0,t1); 1177 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30), 1178 io[0],io[1],il,ir,t0,t1); 1179 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29), 1180 io[2],io[3],il,ir,t0,t1); 1181 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28), 1182 io[0],io[1],il,ir,t0,t1); 1183 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27), 1184 io[2],io[3],il,ir,t0,t1); 1185 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26), 1186 io[0],io[1],il,ir,t0,t1); 1187 1188 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24), 1189 t0,t1,il,ir); 1190 1191 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23), 1192 io[2],io[3],il,ir,t0,t1); 1193 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22), 1194 io[0],io[1],il,ir,t0,t1); 1195 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21), 1196 io[2],io[3],il,ir,t0,t1); 1197 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20), 1198 io[0],io[1],il,ir,t0,t1); 1199 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19), 1200 io[2],io[3],il,ir,t0,t1); 1201 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18), 1202 io[0],io[1],il,ir,t0,t1); 1203 1204 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16), 1205 t0,t1,il,ir); 1206 1207 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15), 1208 io[2],io[3],il,ir,t0,t1); 1209 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14), 1210 io[0],io[1],il,ir,t0,t1); 1211 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13), 1212 io[2],io[3],il,ir,t0,t1); 1213 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12), 1214 io[0],io[1],il,ir,t0,t1); 1215 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11), 1216 io[2],io[3],il,ir,t0,t1); 1217 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10), 1218 io[0],io[1],il,ir,t0,t1); 1219 1220 CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8), 1221 t0,t1,il,ir); 1222 1223 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7), 1224 io[2],io[3],il,ir,t0,t1); 1225 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6), 1226 io[0],io[1],il,ir,t0,t1); 1227 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5), 1228 io[2],io[3],il,ir,t0,t1); 1229 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4), 1230 io[0],io[1],il,ir,t0,t1); 1231 CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3), 1232 io[2],io[3],il,ir,t0,t1); 1233 CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2), 1234 io[0],io[1],il,ir,t0,t1); 1235 1236 /* post whitening but kw4 */ 1237 io[2] ^= SUBL(0); 1238 io[3] ^= SUBR(0); 1239 1240 t0 = io[0]; 1241 t1 = io[1]; 1242 io[0] = io[2]; 1243 io[1] = io[3]; 1244 io[2] = t0; 1245 io[3] = t1; 1246 } 1247 1248 void 1249 Camellia_Ekeygen(const int keyBitLength, 1250 const unsigned char *rawKey, 1251 uint32_t *subkey) 1252 { 1253 KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256, 1254 ("Invalid key size (%d).", keyBitLength)); 1255 1256 switch(keyBitLength) { 1257 case 128: 1258 camellia_setup128(rawKey, subkey); 1259 break; 1260 case 192: 1261 camellia_setup192(rawKey, subkey); 1262 break; 1263 case 256: 1264 camellia_setup256(rawKey, subkey); 1265 break; 1266 default: 1267 break; 1268 } 1269 } 1270 void 1271 Camellia_EncryptBlock(const int keyBitLength, 1272 const unsigned char *plaintext, 1273 const uint32_t *subkey, 1274 unsigned char *ciphertext) 1275 { 1276 uint32_t tmp[4]; 1277 1278 tmp[0] = GETU32(plaintext); 1279 tmp[1] = GETU32(plaintext + 4); 1280 tmp[2] = GETU32(plaintext + 8); 1281 tmp[3] = GETU32(plaintext + 12); 1282 1283 switch (keyBitLength) { 1284 case 128: 1285 camellia_encrypt128(subkey, tmp); 1286 break; 1287 case 192: 1288 /* fall through */ 1289 case 256: 1290 camellia_encrypt256(subkey, tmp); 1291 break; 1292 default: 1293 break; 1294 } 1295 1296 PUTU32(ciphertext, tmp[0]); 1297 PUTU32(ciphertext+4, tmp[1]); 1298 PUTU32(ciphertext+8, tmp[2]); 1299 PUTU32(ciphertext+12, tmp[3]); 1300 } 1301 1302 void 1303 Camellia_DecryptBlock(const int keyBitLength, 1304 const unsigned char *ciphertext, 1305 const uint32_t *subkey, 1306 unsigned char *plaintext) 1307 { 1308 uint32_t tmp[4]; 1309 1310 tmp[0] = GETU32(ciphertext); 1311 tmp[1] = GETU32(ciphertext + 4); 1312 tmp[2] = GETU32(ciphertext + 8); 1313 tmp[3] = GETU32(ciphertext + 12); 1314 1315 switch (keyBitLength) { 1316 case 128: 1317 camellia_decrypt128(subkey, tmp); 1318 break; 1319 case 192: 1320 /* fall through */ 1321 case 256: 1322 camellia_decrypt256(subkey, tmp); 1323 break; 1324 default: 1325 break; 1326 } 1327 1328 PUTU32(plaintext, tmp[0]); 1329 PUTU32(plaintext+4, tmp[1]); 1330 PUTU32(plaintext+8, tmp[2]); 1331 PUTU32(plaintext+12, tmp[3]); 1332 } 1333