aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--crypto/camellia.c269
1 files changed, 135 insertions, 134 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c
index 2e129ab1a6a2..9b1f068e45cc 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -310,6 +310,12 @@ static const u32 camellia_sp4404[256] = {
310#define CAMELLIA_BLOCK_SIZE 16 310#define CAMELLIA_BLOCK_SIZE 16
311#define CAMELLIA_TABLE_BYTE_LEN 272 311#define CAMELLIA_TABLE_BYTE_LEN 272
312 312
313/*
314 * NB: L and R below stand for 'left' and 'right' as in written numbers.
315 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
316 * _not_ least significant ones!
317 */
318
313 319
314/* key constants */ 320/* key constants */
315 321
@@ -329,8 +335,7 @@ static const u32 camellia_sp4404[256] = {
329/* 335/*
330 * macros 336 * macros
331 */ 337 */
332 338#define GETU32(v, pt) \
333# define GETU32(v, pt) \
334 do { \ 339 do { \
335 /* latest breed of gcc is clever enough to use move */ \ 340 /* latest breed of gcc is clever enough to use move */ \
336 memcpy(&(v), (pt), 4); \ 341 memcpy(&(v), (pt), 4); \
@@ -363,64 +368,25 @@ static const u32 camellia_sp4404[256] = {
363 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 368 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
364 } while(0) 369 } while(0)
365 370
366
367#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 371#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
368 do { \ 372 do { \
369 il = xl ^ kl; \ 373 il = xl ^ kl; \
370 ir = xr ^ kr; \ 374 ir = xr ^ kr; \
371 t0 = il >> 16; \ 375 t0 = il >> 16; \
372 t1 = ir >> 16; \ 376 t1 = ir >> 16; \
373 yl = camellia_sp1110[ir & 0xff] \ 377 yl = camellia_sp1110[(u8)(ir )] \
374 ^ camellia_sp0222[(t1 >> 8) & 0xff] \ 378 ^ camellia_sp0222[ (t1 >> 8)] \
375 ^ camellia_sp3033[t1 & 0xff] \ 379 ^ camellia_sp3033[(u8)(t1 )] \
376 ^ camellia_sp4404[(ir >> 8) & 0xff]; \ 380 ^ camellia_sp4404[(u8)(ir >> 8)]; \
377 yr = camellia_sp1110[(t0 >> 8) & 0xff] \ 381 yr = camellia_sp1110[ (t0 >> 8)] \
378 ^ camellia_sp0222[t0 & 0xff] \ 382 ^ camellia_sp0222[(u8)(t0 )] \
379 ^ camellia_sp3033[(il >> 8) & 0xff] \ 383 ^ camellia_sp3033[(u8)(il >> 8)] \
380 ^ camellia_sp4404[il & 0xff]; \ 384 ^ camellia_sp4404[(u8)(il )]; \
381 yl ^= yr; \ 385 yl ^= yr; \
382 yr = ROR8(yr); \ 386 yr = ROR8(yr); \
383 yr ^= yl; \ 387 yr ^= yl; \
384 } while(0) 388 } while(0)
385 389
386
387/*
388 * for speed up
389 *
390 */
391#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
392 do { \
393 t0 = kll; \
394 t2 = krr; \
395 t0 &= ll; \
396 t2 |= rr; \
397 rl ^= t2; \
398 lr ^= ROL1(t0); \
399 t3 = krl; \
400 t1 = klr; \
401 t3 &= rl; \
402 t1 |= lr; \
403 ll ^= t1; \
404 rr ^= ROL1(t3); \
405 } while(0)
406
407#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
408 do { \
409 ir = camellia_sp1110[xr & 0xff]; \
410 il = camellia_sp1110[(xl>>24) & 0xff]; \
411 ir ^= camellia_sp0222[(xr>>24) & 0xff]; \
412 il ^= camellia_sp0222[(xl>>16) & 0xff]; \
413 ir ^= camellia_sp3033[(xr>>16) & 0xff]; \
414 il ^= camellia_sp3033[(xl>>8) & 0xff]; \
415 ir ^= camellia_sp4404[(xr>>8) & 0xff]; \
416 il ^= camellia_sp4404[xl & 0xff]; \
417 il ^= kl; \
418 ir ^= il ^ kr; \
419 yl ^= ir; \
420 yr ^= ROR8(il) ^ ir; \
421 } while(0)
422
423
424#define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) 390#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
425#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) 391#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
426 392
@@ -1000,6 +966,41 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
1000} 966}
1001 967
1002 968
969/*
970 * Encrypt/decrypt
971 */
972#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
973 do { \
974 t0 = kll; \
975 t2 = krr; \
976 t0 &= ll; \
977 t2 |= rr; \
978 rl ^= t2; \
979 lr ^= ROL1(t0); \
980 t3 = krl; \
981 t1 = klr; \
982 t3 &= rl; \
983 t1 |= lr; \
984 ll ^= t1; \
985 rr ^= ROL1(t3); \
986 } while(0)
987
988#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \
989 do { \
990 ir = camellia_sp1110[(u8)xr]; \
991 il = camellia_sp1110[ (xl >> 24)]; \
992 ir ^= camellia_sp0222[ (xr >> 24)]; \
993 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
994 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
995 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
996 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
997 il ^= camellia_sp4404[(u8)xl]; \
998 il ^= kl; \
999 ir ^= il ^ kr; \
1000 yl ^= ir; \
1001 yr ^= ROR8(il) ^ ir; \
1002 } while(0)
1003
1003static void camellia_encrypt128(const u32 *subkey, u32 *io_text) 1004static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1004{ 1005{
1005 u32 il,ir,t0,t1; /* temporary variables */ 1006 u32 il,ir,t0,t1; /* temporary variables */
@@ -1015,22 +1016,22 @@ static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1015 /* main iteration */ 1016 /* main iteration */
1016 CAMELLIA_ROUNDSM(io[0],io[1], 1017 CAMELLIA_ROUNDSM(io[0],io[1],
1017 SUBKEY_L(2),SUBKEY_R(2), 1018 SUBKEY_L(2),SUBKEY_R(2),
1018 io[2],io[3],il,ir,t0,t1); 1019 io[2],io[3],il,ir);
1019 CAMELLIA_ROUNDSM(io[2],io[3], 1020 CAMELLIA_ROUNDSM(io[2],io[3],
1020 SUBKEY_L(3),SUBKEY_R(3), 1021 SUBKEY_L(3),SUBKEY_R(3),
1021 io[0],io[1],il,ir,t0,t1); 1022 io[0],io[1],il,ir);
1022 CAMELLIA_ROUNDSM(io[0],io[1], 1023 CAMELLIA_ROUNDSM(io[0],io[1],
1023 SUBKEY_L(4),SUBKEY_R(4), 1024 SUBKEY_L(4),SUBKEY_R(4),
1024 io[2],io[3],il,ir,t0,t1); 1025 io[2],io[3],il,ir);
1025 CAMELLIA_ROUNDSM(io[2],io[3], 1026 CAMELLIA_ROUNDSM(io[2],io[3],
1026 SUBKEY_L(5),SUBKEY_R(5), 1027 SUBKEY_L(5),SUBKEY_R(5),
1027 io[0],io[1],il,ir,t0,t1); 1028 io[0],io[1],il,ir);
1028 CAMELLIA_ROUNDSM(io[0],io[1], 1029 CAMELLIA_ROUNDSM(io[0],io[1],
1029 SUBKEY_L(6),SUBKEY_R(6), 1030 SUBKEY_L(6),SUBKEY_R(6),
1030 io[2],io[3],il,ir,t0,t1); 1031 io[2],io[3],il,ir);
1031 CAMELLIA_ROUNDSM(io[2],io[3], 1032 CAMELLIA_ROUNDSM(io[2],io[3],
1032 SUBKEY_L(7),SUBKEY_R(7), 1033 SUBKEY_L(7),SUBKEY_R(7),
1033 io[0],io[1],il,ir,t0,t1); 1034 io[0],io[1],il,ir);
1034 1035
1035 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1036 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1036 SUBKEY_L(8),SUBKEY_R(8), 1037 SUBKEY_L(8),SUBKEY_R(8),
@@ -1039,22 +1040,22 @@ static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1039 1040
1040 CAMELLIA_ROUNDSM(io[0],io[1], 1041 CAMELLIA_ROUNDSM(io[0],io[1],
1041 SUBKEY_L(10),SUBKEY_R(10), 1042 SUBKEY_L(10),SUBKEY_R(10),
1042 io[2],io[3],il,ir,t0,t1); 1043 io[2],io[3],il,ir);
1043 CAMELLIA_ROUNDSM(io[2],io[3], 1044 CAMELLIA_ROUNDSM(io[2],io[3],
1044 SUBKEY_L(11),SUBKEY_R(11), 1045 SUBKEY_L(11),SUBKEY_R(11),
1045 io[0],io[1],il,ir,t0,t1); 1046 io[0],io[1],il,ir);
1046 CAMELLIA_ROUNDSM(io[0],io[1], 1047 CAMELLIA_ROUNDSM(io[0],io[1],
1047 SUBKEY_L(12),SUBKEY_R(12), 1048 SUBKEY_L(12),SUBKEY_R(12),
1048 io[2],io[3],il,ir,t0,t1); 1049 io[2],io[3],il,ir);
1049 CAMELLIA_ROUNDSM(io[2],io[3], 1050 CAMELLIA_ROUNDSM(io[2],io[3],
1050 SUBKEY_L(13),SUBKEY_R(13), 1051 SUBKEY_L(13),SUBKEY_R(13),
1051 io[0],io[1],il,ir,t0,t1); 1052 io[0],io[1],il,ir);
1052 CAMELLIA_ROUNDSM(io[0],io[1], 1053 CAMELLIA_ROUNDSM(io[0],io[1],
1053 SUBKEY_L(14),SUBKEY_R(14), 1054 SUBKEY_L(14),SUBKEY_R(14),
1054 io[2],io[3],il,ir,t0,t1); 1055 io[2],io[3],il,ir);
1055 CAMELLIA_ROUNDSM(io[2],io[3], 1056 CAMELLIA_ROUNDSM(io[2],io[3],
1056 SUBKEY_L(15),SUBKEY_R(15), 1057 SUBKEY_L(15),SUBKEY_R(15),
1057 io[0],io[1],il,ir,t0,t1); 1058 io[0],io[1],il,ir);
1058 1059
1059 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1060 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1060 SUBKEY_L(16),SUBKEY_R(16), 1061 SUBKEY_L(16),SUBKEY_R(16),
@@ -1063,22 +1064,22 @@ static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1063 1064
1064 CAMELLIA_ROUNDSM(io[0],io[1], 1065 CAMELLIA_ROUNDSM(io[0],io[1],
1065 SUBKEY_L(18),SUBKEY_R(18), 1066 SUBKEY_L(18),SUBKEY_R(18),
1066 io[2],io[3],il,ir,t0,t1); 1067 io[2],io[3],il,ir);
1067 CAMELLIA_ROUNDSM(io[2],io[3], 1068 CAMELLIA_ROUNDSM(io[2],io[3],
1068 SUBKEY_L(19),SUBKEY_R(19), 1069 SUBKEY_L(19),SUBKEY_R(19),
1069 io[0],io[1],il,ir,t0,t1); 1070 io[0],io[1],il,ir);
1070 CAMELLIA_ROUNDSM(io[0],io[1], 1071 CAMELLIA_ROUNDSM(io[0],io[1],
1071 SUBKEY_L(20),SUBKEY_R(20), 1072 SUBKEY_L(20),SUBKEY_R(20),
1072 io[2],io[3],il,ir,t0,t1); 1073 io[2],io[3],il,ir);
1073 CAMELLIA_ROUNDSM(io[2],io[3], 1074 CAMELLIA_ROUNDSM(io[2],io[3],
1074 SUBKEY_L(21),SUBKEY_R(21), 1075 SUBKEY_L(21),SUBKEY_R(21),
1075 io[0],io[1],il,ir,t0,t1); 1076 io[0],io[1],il,ir);
1076 CAMELLIA_ROUNDSM(io[0],io[1], 1077 CAMELLIA_ROUNDSM(io[0],io[1],
1077 SUBKEY_L(22),SUBKEY_R(22), 1078 SUBKEY_L(22),SUBKEY_R(22),
1078 io[2],io[3],il,ir,t0,t1); 1079 io[2],io[3],il,ir);
1079 CAMELLIA_ROUNDSM(io[2],io[3], 1080 CAMELLIA_ROUNDSM(io[2],io[3],
1080 SUBKEY_L(23),SUBKEY_R(23), 1081 SUBKEY_L(23),SUBKEY_R(23),
1081 io[0],io[1],il,ir,t0,t1); 1082 io[0],io[1],il,ir);
1082 1083
1083 /* post whitening but kw4 */ 1084 /* post whitening but kw4 */
1084 io_text[0] = io[2] ^ SUBKEY_L(24); 1085 io_text[0] = io[2] ^ SUBKEY_L(24);
@@ -1102,22 +1103,22 @@ static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1102 /* main iteration */ 1103 /* main iteration */
1103 CAMELLIA_ROUNDSM(io[0],io[1], 1104 CAMELLIA_ROUNDSM(io[0],io[1],
1104 SUBKEY_L(23),SUBKEY_R(23), 1105 SUBKEY_L(23),SUBKEY_R(23),
1105 io[2],io[3],il,ir,t0,t1); 1106 io[2],io[3],il,ir);
1106 CAMELLIA_ROUNDSM(io[2],io[3], 1107 CAMELLIA_ROUNDSM(io[2],io[3],
1107 SUBKEY_L(22),SUBKEY_R(22), 1108 SUBKEY_L(22),SUBKEY_R(22),
1108 io[0],io[1],il,ir,t0,t1); 1109 io[0],io[1],il,ir);
1109 CAMELLIA_ROUNDSM(io[0],io[1], 1110 CAMELLIA_ROUNDSM(io[0],io[1],
1110 SUBKEY_L(21),SUBKEY_R(21), 1111 SUBKEY_L(21),SUBKEY_R(21),
1111 io[2],io[3],il,ir,t0,t1); 1112 io[2],io[3],il,ir);
1112 CAMELLIA_ROUNDSM(io[2],io[3], 1113 CAMELLIA_ROUNDSM(io[2],io[3],
1113 SUBKEY_L(20),SUBKEY_R(20), 1114 SUBKEY_L(20),SUBKEY_R(20),
1114 io[0],io[1],il,ir,t0,t1); 1115 io[0],io[1],il,ir);
1115 CAMELLIA_ROUNDSM(io[0],io[1], 1116 CAMELLIA_ROUNDSM(io[0],io[1],
1116 SUBKEY_L(19),SUBKEY_R(19), 1117 SUBKEY_L(19),SUBKEY_R(19),
1117 io[2],io[3],il,ir,t0,t1); 1118 io[2],io[3],il,ir);
1118 CAMELLIA_ROUNDSM(io[2],io[3], 1119 CAMELLIA_ROUNDSM(io[2],io[3],
1119 SUBKEY_L(18),SUBKEY_R(18), 1120 SUBKEY_L(18),SUBKEY_R(18),
1120 io[0],io[1],il,ir,t0,t1); 1121 io[0],io[1],il,ir);
1121 1122
1122 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1123 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1123 SUBKEY_L(17),SUBKEY_R(17), 1124 SUBKEY_L(17),SUBKEY_R(17),
@@ -1126,22 +1127,22 @@ static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1126 1127
1127 CAMELLIA_ROUNDSM(io[0],io[1], 1128 CAMELLIA_ROUNDSM(io[0],io[1],
1128 SUBKEY_L(15),SUBKEY_R(15), 1129 SUBKEY_L(15),SUBKEY_R(15),
1129 io[2],io[3],il,ir,t0,t1); 1130 io[2],io[3],il,ir);
1130 CAMELLIA_ROUNDSM(io[2],io[3], 1131 CAMELLIA_ROUNDSM(io[2],io[3],
1131 SUBKEY_L(14),SUBKEY_R(14), 1132 SUBKEY_L(14),SUBKEY_R(14),
1132 io[0],io[1],il,ir,t0,t1); 1133 io[0],io[1],il,ir);
1133 CAMELLIA_ROUNDSM(io[0],io[1], 1134 CAMELLIA_ROUNDSM(io[0],io[1],
1134 SUBKEY_L(13),SUBKEY_R(13), 1135 SUBKEY_L(13),SUBKEY_R(13),
1135 io[2],io[3],il,ir,t0,t1); 1136 io[2],io[3],il,ir);
1136 CAMELLIA_ROUNDSM(io[2],io[3], 1137 CAMELLIA_ROUNDSM(io[2],io[3],
1137 SUBKEY_L(12),SUBKEY_R(12), 1138 SUBKEY_L(12),SUBKEY_R(12),
1138 io[0],io[1],il,ir,t0,t1); 1139 io[0],io[1],il,ir);
1139 CAMELLIA_ROUNDSM(io[0],io[1], 1140 CAMELLIA_ROUNDSM(io[0],io[1],
1140 SUBKEY_L(11),SUBKEY_R(11), 1141 SUBKEY_L(11),SUBKEY_R(11),
1141 io[2],io[3],il,ir,t0,t1); 1142 io[2],io[3],il,ir);
1142 CAMELLIA_ROUNDSM(io[2],io[3], 1143 CAMELLIA_ROUNDSM(io[2],io[3],
1143 SUBKEY_L(10),SUBKEY_R(10), 1144 SUBKEY_L(10),SUBKEY_R(10),
1144 io[0],io[1],il,ir,t0,t1); 1145 io[0],io[1],il,ir);
1145 1146
1146 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1147 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1147 SUBKEY_L(9),SUBKEY_R(9), 1148 SUBKEY_L(9),SUBKEY_R(9),
@@ -1150,22 +1151,22 @@ static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1150 1151
1151 CAMELLIA_ROUNDSM(io[0],io[1], 1152 CAMELLIA_ROUNDSM(io[0],io[1],
1152 SUBKEY_L(7),SUBKEY_R(7), 1153 SUBKEY_L(7),SUBKEY_R(7),
1153 io[2],io[3],il,ir,t0,t1); 1154 io[2],io[3],il,ir);
1154 CAMELLIA_ROUNDSM(io[2],io[3], 1155 CAMELLIA_ROUNDSM(io[2],io[3],
1155 SUBKEY_L(6),SUBKEY_R(6), 1156 SUBKEY_L(6),SUBKEY_R(6),
1156 io[0],io[1],il,ir,t0,t1); 1157 io[0],io[1],il,ir);
1157 CAMELLIA_ROUNDSM(io[0],io[1], 1158 CAMELLIA_ROUNDSM(io[0],io[1],
1158 SUBKEY_L(5),SUBKEY_R(5), 1159 SUBKEY_L(5),SUBKEY_R(5),
1159 io[2],io[3],il,ir,t0,t1); 1160 io[2],io[3],il,ir);
1160 CAMELLIA_ROUNDSM(io[2],io[3], 1161 CAMELLIA_ROUNDSM(io[2],io[3],
1161 SUBKEY_L(4),SUBKEY_R(4), 1162 SUBKEY_L(4),SUBKEY_R(4),
1162 io[0],io[1],il,ir,t0,t1); 1163 io[0],io[1],il,ir);
1163 CAMELLIA_ROUNDSM(io[0],io[1], 1164 CAMELLIA_ROUNDSM(io[0],io[1],
1164 SUBKEY_L(3),SUBKEY_R(3), 1165 SUBKEY_L(3),SUBKEY_R(3),
1165 io[2],io[3],il,ir,t0,t1); 1166 io[2],io[3],il,ir);
1166 CAMELLIA_ROUNDSM(io[2],io[3], 1167 CAMELLIA_ROUNDSM(io[2],io[3],
1167 SUBKEY_L(2),SUBKEY_R(2), 1168 SUBKEY_L(2),SUBKEY_R(2),
1168 io[0],io[1],il,ir,t0,t1); 1169 io[0],io[1],il,ir);
1169 1170
1170 /* post whitening but kw4 */ 1171 /* post whitening but kw4 */
1171 io_text[0] = io[2] ^ SUBKEY_L(0); 1172 io_text[0] = io[2] ^ SUBKEY_L(0);
@@ -1189,22 +1190,22 @@ static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1189 /* main iteration */ 1190 /* main iteration */
1190 CAMELLIA_ROUNDSM(io[0],io[1], 1191 CAMELLIA_ROUNDSM(io[0],io[1],
1191 SUBKEY_L(2),SUBKEY_R(2), 1192 SUBKEY_L(2),SUBKEY_R(2),
1192 io[2],io[3],il,ir,t0,t1); 1193 io[2],io[3],il,ir);
1193 CAMELLIA_ROUNDSM(io[2],io[3], 1194 CAMELLIA_ROUNDSM(io[2],io[3],
1194 SUBKEY_L(3),SUBKEY_R(3), 1195 SUBKEY_L(3),SUBKEY_R(3),
1195 io[0],io[1],il,ir,t0,t1); 1196 io[0],io[1],il,ir);
1196 CAMELLIA_ROUNDSM(io[0],io[1], 1197 CAMELLIA_ROUNDSM(io[0],io[1],
1197 SUBKEY_L(4),SUBKEY_R(4), 1198 SUBKEY_L(4),SUBKEY_R(4),
1198 io[2],io[3],il,ir,t0,t1); 1199 io[2],io[3],il,ir);
1199 CAMELLIA_ROUNDSM(io[2],io[3], 1200 CAMELLIA_ROUNDSM(io[2],io[3],
1200 SUBKEY_L(5),SUBKEY_R(5), 1201 SUBKEY_L(5),SUBKEY_R(5),
1201 io[0],io[1],il,ir,t0,t1); 1202 io[0],io[1],il,ir);
1202 CAMELLIA_ROUNDSM(io[0],io[1], 1203 CAMELLIA_ROUNDSM(io[0],io[1],
1203 SUBKEY_L(6),SUBKEY_R(6), 1204 SUBKEY_L(6),SUBKEY_R(6),
1204 io[2],io[3],il,ir,t0,t1); 1205 io[2],io[3],il,ir);
1205 CAMELLIA_ROUNDSM(io[2],io[3], 1206 CAMELLIA_ROUNDSM(io[2],io[3],
1206 SUBKEY_L(7),SUBKEY_R(7), 1207 SUBKEY_L(7),SUBKEY_R(7),
1207 io[0],io[1],il,ir,t0,t1); 1208 io[0],io[1],il,ir);
1208 1209
1209 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1210 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1210 SUBKEY_L(8),SUBKEY_R(8), 1211 SUBKEY_L(8),SUBKEY_R(8),
@@ -1213,22 +1214,22 @@ static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1213 1214
1214 CAMELLIA_ROUNDSM(io[0],io[1], 1215 CAMELLIA_ROUNDSM(io[0],io[1],
1215 SUBKEY_L(10),SUBKEY_R(10), 1216 SUBKEY_L(10),SUBKEY_R(10),
1216 io[2],io[3],il,ir,t0,t1); 1217 io[2],io[3],il,ir);
1217 CAMELLIA_ROUNDSM(io[2],io[3], 1218 CAMELLIA_ROUNDSM(io[2],io[3],
1218 SUBKEY_L(11),SUBKEY_R(11), 1219 SUBKEY_L(11),SUBKEY_R(11),
1219 io[0],io[1],il,ir,t0,t1); 1220 io[0],io[1],il,ir);
1220 CAMELLIA_ROUNDSM(io[0],io[1], 1221 CAMELLIA_ROUNDSM(io[0],io[1],
1221 SUBKEY_L(12),SUBKEY_R(12), 1222 SUBKEY_L(12),SUBKEY_R(12),
1222 io[2],io[3],il,ir,t0,t1); 1223 io[2],io[3],il,ir);
1223 CAMELLIA_ROUNDSM(io[2],io[3], 1224 CAMELLIA_ROUNDSM(io[2],io[3],
1224 SUBKEY_L(13),SUBKEY_R(13), 1225 SUBKEY_L(13),SUBKEY_R(13),
1225 io[0],io[1],il,ir,t0,t1); 1226 io[0],io[1],il,ir);
1226 CAMELLIA_ROUNDSM(io[0],io[1], 1227 CAMELLIA_ROUNDSM(io[0],io[1],
1227 SUBKEY_L(14),SUBKEY_R(14), 1228 SUBKEY_L(14),SUBKEY_R(14),
1228 io[2],io[3],il,ir,t0,t1); 1229 io[2],io[3],il,ir);
1229 CAMELLIA_ROUNDSM(io[2],io[3], 1230 CAMELLIA_ROUNDSM(io[2],io[3],
1230 SUBKEY_L(15),SUBKEY_R(15), 1231 SUBKEY_L(15),SUBKEY_R(15),
1231 io[0],io[1],il,ir,t0,t1); 1232 io[0],io[1],il,ir);
1232 1233
1233 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1234 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1234 SUBKEY_L(16),SUBKEY_R(16), 1235 SUBKEY_L(16),SUBKEY_R(16),
@@ -1237,22 +1238,22 @@ static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1237 1238
1238 CAMELLIA_ROUNDSM(io[0],io[1], 1239 CAMELLIA_ROUNDSM(io[0],io[1],
1239 SUBKEY_L(18),SUBKEY_R(18), 1240 SUBKEY_L(18),SUBKEY_R(18),
1240 io[2],io[3],il,ir,t0,t1); 1241 io[2],io[3],il,ir);
1241 CAMELLIA_ROUNDSM(io[2],io[3], 1242 CAMELLIA_ROUNDSM(io[2],io[3],
1242 SUBKEY_L(19),SUBKEY_R(19), 1243 SUBKEY_L(19),SUBKEY_R(19),
1243 io[0],io[1],il,ir,t0,t1); 1244 io[0],io[1],il,ir);
1244 CAMELLIA_ROUNDSM(io[0],io[1], 1245 CAMELLIA_ROUNDSM(io[0],io[1],
1245 SUBKEY_L(20),SUBKEY_R(20), 1246 SUBKEY_L(20),SUBKEY_R(20),
1246 io[2],io[3],il,ir,t0,t1); 1247 io[2],io[3],il,ir);
1247 CAMELLIA_ROUNDSM(io[2],io[3], 1248 CAMELLIA_ROUNDSM(io[2],io[3],
1248 SUBKEY_L(21),SUBKEY_R(21), 1249 SUBKEY_L(21),SUBKEY_R(21),
1249 io[0],io[1],il,ir,t0,t1); 1250 io[0],io[1],il,ir);
1250 CAMELLIA_ROUNDSM(io[0],io[1], 1251 CAMELLIA_ROUNDSM(io[0],io[1],
1251 SUBKEY_L(22),SUBKEY_R(22), 1252 SUBKEY_L(22),SUBKEY_R(22),
1252 io[2],io[3],il,ir,t0,t1); 1253 io[2],io[3],il,ir);
1253 CAMELLIA_ROUNDSM(io[2],io[3], 1254 CAMELLIA_ROUNDSM(io[2],io[3],
1254 SUBKEY_L(23),SUBKEY_R(23), 1255 SUBKEY_L(23),SUBKEY_R(23),
1255 io[0],io[1],il,ir,t0,t1); 1256 io[0],io[1],il,ir);
1256 1257
1257 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1258 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1258 SUBKEY_L(24),SUBKEY_R(24), 1259 SUBKEY_L(24),SUBKEY_R(24),
@@ -1261,22 +1262,22 @@ static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1261 1262
1262 CAMELLIA_ROUNDSM(io[0],io[1], 1263 CAMELLIA_ROUNDSM(io[0],io[1],
1263 SUBKEY_L(26),SUBKEY_R(26), 1264 SUBKEY_L(26),SUBKEY_R(26),
1264 io[2],io[3],il,ir,t0,t1); 1265 io[2],io[3],il,ir);
1265 CAMELLIA_ROUNDSM(io[2],io[3], 1266 CAMELLIA_ROUNDSM(io[2],io[3],
1266 SUBKEY_L(27),SUBKEY_R(27), 1267 SUBKEY_L(27),SUBKEY_R(27),
1267 io[0],io[1],il,ir,t0,t1); 1268 io[0],io[1],il,ir);
1268 CAMELLIA_ROUNDSM(io[0],io[1], 1269 CAMELLIA_ROUNDSM(io[0],io[1],
1269 SUBKEY_L(28),SUBKEY_R(28), 1270 SUBKEY_L(28),SUBKEY_R(28),
1270 io[2],io[3],il,ir,t0,t1); 1271 io[2],io[3],il,ir);
1271 CAMELLIA_ROUNDSM(io[2],io[3], 1272 CAMELLIA_ROUNDSM(io[2],io[3],
1272 SUBKEY_L(29),SUBKEY_R(29), 1273 SUBKEY_L(29),SUBKEY_R(29),
1273 io[0],io[1],il,ir,t0,t1); 1274 io[0],io[1],il,ir);
1274 CAMELLIA_ROUNDSM(io[0],io[1], 1275 CAMELLIA_ROUNDSM(io[0],io[1],
1275 SUBKEY_L(30),SUBKEY_R(30), 1276 SUBKEY_L(30),SUBKEY_R(30),
1276 io[2],io[3],il,ir,t0,t1); 1277 io[2],io[3],il,ir);
1277 CAMELLIA_ROUNDSM(io[2],io[3], 1278 CAMELLIA_ROUNDSM(io[2],io[3],
1278 SUBKEY_L(31),SUBKEY_R(31), 1279 SUBKEY_L(31),SUBKEY_R(31),
1279 io[0],io[1],il,ir,t0,t1); 1280 io[0],io[1],il,ir);
1280 1281
1281 /* post whitening but kw4 */ 1282 /* post whitening but kw4 */
1282 io_text[0] = io[2] ^ SUBKEY_L(32); 1283 io_text[0] = io[2] ^ SUBKEY_L(32);
@@ -1300,22 +1301,22 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1300 /* main iteration */ 1301 /* main iteration */
1301 CAMELLIA_ROUNDSM(io[0],io[1], 1302 CAMELLIA_ROUNDSM(io[0],io[1],
1302 SUBKEY_L(31),SUBKEY_R(31), 1303 SUBKEY_L(31),SUBKEY_R(31),
1303 io[2],io[3],il,ir,t0,t1); 1304 io[2],io[3],il,ir);
1304 CAMELLIA_ROUNDSM(io[2],io[3], 1305 CAMELLIA_ROUNDSM(io[2],io[3],
1305 SUBKEY_L(30),SUBKEY_R(30), 1306 SUBKEY_L(30),SUBKEY_R(30),
1306 io[0],io[1],il,ir,t0,t1); 1307 io[0],io[1],il,ir);
1307 CAMELLIA_ROUNDSM(io[0],io[1], 1308 CAMELLIA_ROUNDSM(io[0],io[1],
1308 SUBKEY_L(29),SUBKEY_R(29), 1309 SUBKEY_L(29),SUBKEY_R(29),
1309 io[2],io[3],il,ir,t0,t1); 1310 io[2],io[3],il,ir);
1310 CAMELLIA_ROUNDSM(io[2],io[3], 1311 CAMELLIA_ROUNDSM(io[2],io[3],
1311 SUBKEY_L(28),SUBKEY_R(28), 1312 SUBKEY_L(28),SUBKEY_R(28),
1312 io[0],io[1],il,ir,t0,t1); 1313 io[0],io[1],il,ir);
1313 CAMELLIA_ROUNDSM(io[0],io[1], 1314 CAMELLIA_ROUNDSM(io[0],io[1],
1314 SUBKEY_L(27),SUBKEY_R(27), 1315 SUBKEY_L(27),SUBKEY_R(27),
1315 io[2],io[3],il,ir,t0,t1); 1316 io[2],io[3],il,ir);
1316 CAMELLIA_ROUNDSM(io[2],io[3], 1317 CAMELLIA_ROUNDSM(io[2],io[3],
1317 SUBKEY_L(26),SUBKEY_R(26), 1318 SUBKEY_L(26),SUBKEY_R(26),
1318 io[0],io[1],il,ir,t0,t1); 1319 io[0],io[1],il,ir);
1319 1320
1320 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1321 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1321 SUBKEY_L(25),SUBKEY_R(25), 1322 SUBKEY_L(25),SUBKEY_R(25),
@@ -1324,22 +1325,22 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1324 1325
1325 CAMELLIA_ROUNDSM(io[0],io[1], 1326 CAMELLIA_ROUNDSM(io[0],io[1],
1326 SUBKEY_L(23),SUBKEY_R(23), 1327 SUBKEY_L(23),SUBKEY_R(23),
1327 io[2],io[3],il,ir,t0,t1); 1328 io[2],io[3],il,ir);
1328 CAMELLIA_ROUNDSM(io[2],io[3], 1329 CAMELLIA_ROUNDSM(io[2],io[3],
1329 SUBKEY_L(22),SUBKEY_R(22), 1330 SUBKEY_L(22),SUBKEY_R(22),
1330 io[0],io[1],il,ir,t0,t1); 1331 io[0],io[1],il,ir);
1331 CAMELLIA_ROUNDSM(io[0],io[1], 1332 CAMELLIA_ROUNDSM(io[0],io[1],
1332 SUBKEY_L(21),SUBKEY_R(21), 1333 SUBKEY_L(21),SUBKEY_R(21),
1333 io[2],io[3],il,ir,t0,t1); 1334 io[2],io[3],il,ir);
1334 CAMELLIA_ROUNDSM(io[2],io[3], 1335 CAMELLIA_ROUNDSM(io[2],io[3],
1335 SUBKEY_L(20),SUBKEY_R(20), 1336 SUBKEY_L(20),SUBKEY_R(20),
1336 io[0],io[1],il,ir,t0,t1); 1337 io[0],io[1],il,ir);
1337 CAMELLIA_ROUNDSM(io[0],io[1], 1338 CAMELLIA_ROUNDSM(io[0],io[1],
1338 SUBKEY_L(19),SUBKEY_R(19), 1339 SUBKEY_L(19),SUBKEY_R(19),
1339 io[2],io[3],il,ir,t0,t1); 1340 io[2],io[3],il,ir);
1340 CAMELLIA_ROUNDSM(io[2],io[3], 1341 CAMELLIA_ROUNDSM(io[2],io[3],
1341 SUBKEY_L(18),SUBKEY_R(18), 1342 SUBKEY_L(18),SUBKEY_R(18),
1342 io[0],io[1],il,ir,t0,t1); 1343 io[0],io[1],il,ir);
1343 1344
1344 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1345 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1345 SUBKEY_L(17),SUBKEY_R(17), 1346 SUBKEY_L(17),SUBKEY_R(17),
@@ -1348,22 +1349,22 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1348 1349
1349 CAMELLIA_ROUNDSM(io[0],io[1], 1350 CAMELLIA_ROUNDSM(io[0],io[1],
1350 SUBKEY_L(15),SUBKEY_R(15), 1351 SUBKEY_L(15),SUBKEY_R(15),
1351 io[2],io[3],il,ir,t0,t1); 1352 io[2],io[3],il,ir);
1352 CAMELLIA_ROUNDSM(io[2],io[3], 1353 CAMELLIA_ROUNDSM(io[2],io[3],
1353 SUBKEY_L(14),SUBKEY_R(14), 1354 SUBKEY_L(14),SUBKEY_R(14),
1354 io[0],io[1],il,ir,t0,t1); 1355 io[0],io[1],il,ir);
1355 CAMELLIA_ROUNDSM(io[0],io[1], 1356 CAMELLIA_ROUNDSM(io[0],io[1],
1356 SUBKEY_L(13),SUBKEY_R(13), 1357 SUBKEY_L(13),SUBKEY_R(13),
1357 io[2],io[3],il,ir,t0,t1); 1358 io[2],io[3],il,ir);
1358 CAMELLIA_ROUNDSM(io[2],io[3], 1359 CAMELLIA_ROUNDSM(io[2],io[3],
1359 SUBKEY_L(12),SUBKEY_R(12), 1360 SUBKEY_L(12),SUBKEY_R(12),
1360 io[0],io[1],il,ir,t0,t1); 1361 io[0],io[1],il,ir);
1361 CAMELLIA_ROUNDSM(io[0],io[1], 1362 CAMELLIA_ROUNDSM(io[0],io[1],
1362 SUBKEY_L(11),SUBKEY_R(11), 1363 SUBKEY_L(11),SUBKEY_R(11),
1363 io[2],io[3],il,ir,t0,t1); 1364 io[2],io[3],il,ir);
1364 CAMELLIA_ROUNDSM(io[2],io[3], 1365 CAMELLIA_ROUNDSM(io[2],io[3],
1365 SUBKEY_L(10),SUBKEY_R(10), 1366 SUBKEY_L(10),SUBKEY_R(10),
1366 io[0],io[1],il,ir,t0,t1); 1367 io[0],io[1],il,ir);
1367 1368
1368 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1369 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1369 SUBKEY_L(9),SUBKEY_R(9), 1370 SUBKEY_L(9),SUBKEY_R(9),
@@ -1372,22 +1373,22 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1372 1373
1373 CAMELLIA_ROUNDSM(io[0],io[1], 1374 CAMELLIA_ROUNDSM(io[0],io[1],
1374 SUBKEY_L(7),SUBKEY_R(7), 1375 SUBKEY_L(7),SUBKEY_R(7),
1375 io[2],io[3],il,ir,t0,t1); 1376 io[2],io[3],il,ir);
1376 CAMELLIA_ROUNDSM(io[2],io[3], 1377 CAMELLIA_ROUNDSM(io[2],io[3],
1377 SUBKEY_L(6),SUBKEY_R(6), 1378 SUBKEY_L(6),SUBKEY_R(6),
1378 io[0],io[1],il,ir,t0,t1); 1379 io[0],io[1],il,ir);
1379 CAMELLIA_ROUNDSM(io[0],io[1], 1380 CAMELLIA_ROUNDSM(io[0],io[1],
1380 SUBKEY_L(5),SUBKEY_R(5), 1381 SUBKEY_L(5),SUBKEY_R(5),
1381 io[2],io[3],il,ir,t0,t1); 1382 io[2],io[3],il,ir);
1382 CAMELLIA_ROUNDSM(io[2],io[3], 1383 CAMELLIA_ROUNDSM(io[2],io[3],
1383 SUBKEY_L(4),SUBKEY_R(4), 1384 SUBKEY_L(4),SUBKEY_R(4),
1384 io[0],io[1],il,ir,t0,t1); 1385 io[0],io[1],il,ir);
1385 CAMELLIA_ROUNDSM(io[0],io[1], 1386 CAMELLIA_ROUNDSM(io[0],io[1],
1386 SUBKEY_L(3),SUBKEY_R(3), 1387 SUBKEY_L(3),SUBKEY_R(3),
1387 io[2],io[3],il,ir,t0,t1); 1388 io[2],io[3],il,ir);
1388 CAMELLIA_ROUNDSM(io[2],io[3], 1389 CAMELLIA_ROUNDSM(io[2],io[3],
1389 SUBKEY_L(2),SUBKEY_R(2), 1390 SUBKEY_L(2),SUBKEY_R(2),
1390 io[0],io[1],il,ir,t0,t1); 1391 io[0],io[1],il,ir);
1391 1392
1392 /* post whitening but kw4 */ 1393 /* post whitening but kw4 */
1393 io_text[0] = io[2] ^ SUBKEY_L(0); 1394 io_text[0] = io[2] ^ SUBKEY_L(0);
@@ -1399,7 +1400,7 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1399 1400
1400struct camellia_ctx { 1401struct camellia_ctx {
1401 int key_length; 1402 int key_length;
1402 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / 4]; 1403 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
1403}; 1404};
1404 1405
1405static int 1406static int