aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--crypto/camellia.c509
1 files changed, 106 insertions, 403 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c
index 9b1f068e45cc..0534e6b7a1aa 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -1001,400 +1001,115 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
1001 yr ^= ROR8(il) ^ ir; \ 1001 yr ^= ROR8(il) ^ ir; \
1002 } while(0) 1002 } while(0)
1003 1003
1004static void camellia_encrypt128(const u32 *subkey, u32 *io_text) 1004/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
1005static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
1005{ 1006{
1006 u32 il,ir,t0,t1; /* temporary variables */ 1007 u32 il,ir,t0,t1; /* temporary variables */
1007 1008
1008 u32 io[4];
1009
1010 /* pre whitening but absorb kw2 */ 1009 /* pre whitening but absorb kw2 */
1011 io[0] = io_text[0] ^ SUBKEY_L(0); 1010 io[0] ^= SUBKEY_L(0);
1012 io[1] = io_text[1] ^ SUBKEY_R(0); 1011 io[1] ^= SUBKEY_R(0);
1013 io[2] = io_text[2];
1014 io[3] = io_text[3];
1015 1012
1016 /* main iteration */ 1013 /* main iteration */
1017 CAMELLIA_ROUNDSM(io[0],io[1], 1014#define ROUNDS(i) do { \
1018 SUBKEY_L(2),SUBKEY_R(2), 1015 CAMELLIA_ROUNDSM(io[0],io[1], \
1019 io[2],io[3],il,ir); 1016 SUBKEY_L(i + 2),SUBKEY_R(i + 2), \
1020 CAMELLIA_ROUNDSM(io[2],io[3], 1017 io[2],io[3],il,ir); \
1021 SUBKEY_L(3),SUBKEY_R(3), 1018 CAMELLIA_ROUNDSM(io[2],io[3], \
1022 io[0],io[1],il,ir); 1019 SUBKEY_L(i + 3),SUBKEY_R(i + 3), \
1023 CAMELLIA_ROUNDSM(io[0],io[1], 1020 io[0],io[1],il,ir); \
1024 SUBKEY_L(4),SUBKEY_R(4), 1021 CAMELLIA_ROUNDSM(io[0],io[1], \
1025 io[2],io[3],il,ir); 1022 SUBKEY_L(i + 4),SUBKEY_R(i + 4), \
1026 CAMELLIA_ROUNDSM(io[2],io[3], 1023 io[2],io[3],il,ir); \
1027 SUBKEY_L(5),SUBKEY_R(5), 1024 CAMELLIA_ROUNDSM(io[2],io[3], \
1028 io[0],io[1],il,ir); 1025 SUBKEY_L(i + 5),SUBKEY_R(i + 5), \
1029 CAMELLIA_ROUNDSM(io[0],io[1], 1026 io[0],io[1],il,ir); \
1030 SUBKEY_L(6),SUBKEY_R(6), 1027 CAMELLIA_ROUNDSM(io[0],io[1], \
1031 io[2],io[3],il,ir); 1028 SUBKEY_L(i + 6),SUBKEY_R(i + 6), \
1032 CAMELLIA_ROUNDSM(io[2],io[3], 1029 io[2],io[3],il,ir); \
1033 SUBKEY_L(7),SUBKEY_R(7), 1030 CAMELLIA_ROUNDSM(io[2],io[3], \
1034 io[0],io[1],il,ir); 1031 SUBKEY_L(i + 7),SUBKEY_R(i + 7), \
1035 1032 io[0],io[1],il,ir); \
1036 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1033} while (0)
1037 SUBKEY_L(8),SUBKEY_R(8), 1034#define FLS(i) do { \
1038 SUBKEY_L(9),SUBKEY_R(9), 1035 CAMELLIA_FLS(io[0],io[1],io[2],io[3], \
1039 t0,t1,il,ir); 1036 SUBKEY_L(i + 0),SUBKEY_R(i + 0), \
1040 1037 SUBKEY_L(i + 1),SUBKEY_R(i + 1), \
1041 CAMELLIA_ROUNDSM(io[0],io[1], 1038 t0,t1,il,ir); \
1042 SUBKEY_L(10),SUBKEY_R(10), 1039} while (0)
1043 io[2],io[3],il,ir); 1040
1044 CAMELLIA_ROUNDSM(io[2],io[3], 1041 ROUNDS(0);
1045 SUBKEY_L(11),SUBKEY_R(11), 1042 FLS(8);
1046 io[0],io[1],il,ir); 1043 ROUNDS(8);
1047 CAMELLIA_ROUNDSM(io[0],io[1], 1044 FLS(16);
1048 SUBKEY_L(12),SUBKEY_R(12), 1045 ROUNDS(16);
1049 io[2],io[3],il,ir); 1046 if (max == 32) {
1050 CAMELLIA_ROUNDSM(io[2],io[3], 1047 FLS(24);
1051 SUBKEY_L(13),SUBKEY_R(13), 1048 ROUNDS(24);
1052 io[0],io[1],il,ir); 1049 }
1053 CAMELLIA_ROUNDSM(io[0],io[1],
1054 SUBKEY_L(14),SUBKEY_R(14),
1055 io[2],io[3],il,ir);
1056 CAMELLIA_ROUNDSM(io[2],io[3],
1057 SUBKEY_L(15),SUBKEY_R(15),
1058 io[0],io[1],il,ir);
1059
1060 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1061 SUBKEY_L(16),SUBKEY_R(16),
1062 SUBKEY_L(17),SUBKEY_R(17),
1063 t0,t1,il,ir);
1064
1065 CAMELLIA_ROUNDSM(io[0],io[1],
1066 SUBKEY_L(18),SUBKEY_R(18),
1067 io[2],io[3],il,ir);
1068 CAMELLIA_ROUNDSM(io[2],io[3],
1069 SUBKEY_L(19),SUBKEY_R(19),
1070 io[0],io[1],il,ir);
1071 CAMELLIA_ROUNDSM(io[0],io[1],
1072 SUBKEY_L(20),SUBKEY_R(20),
1073 io[2],io[3],il,ir);
1074 CAMELLIA_ROUNDSM(io[2],io[3],
1075 SUBKEY_L(21),SUBKEY_R(21),
1076 io[0],io[1],il,ir);
1077 CAMELLIA_ROUNDSM(io[0],io[1],
1078 SUBKEY_L(22),SUBKEY_R(22),
1079 io[2],io[3],il,ir);
1080 CAMELLIA_ROUNDSM(io[2],io[3],
1081 SUBKEY_L(23),SUBKEY_R(23),
1082 io[0],io[1],il,ir);
1083
1084 /* post whitening but kw4 */
1085 io_text[0] = io[2] ^ SUBKEY_L(24);
1086 io_text[1] = io[3] ^ SUBKEY_R(24);
1087 io_text[2] = io[0];
1088 io_text[3] = io[1];
1089}
1090
1091static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1092{
1093 u32 il,ir,t0,t1; /* temporary variables */
1094
1095 u32 io[4];
1096
1097 /* pre whitening but absorb kw2 */
1098 io[0] = io_text[0] ^ SUBKEY_L(24);
1099 io[1] = io_text[1] ^ SUBKEY_R(24);
1100 io[2] = io_text[2];
1101 io[3] = io_text[3];
1102 1050
1103 /* main iteration */ 1051#undef ROUNDS
1104 CAMELLIA_ROUNDSM(io[0],io[1], 1052#undef FLS
1105 SUBKEY_L(23),SUBKEY_R(23),
1106 io[2],io[3],il,ir);
1107 CAMELLIA_ROUNDSM(io[2],io[3],
1108 SUBKEY_L(22),SUBKEY_R(22),
1109 io[0],io[1],il,ir);
1110 CAMELLIA_ROUNDSM(io[0],io[1],
1111 SUBKEY_L(21),SUBKEY_R(21),
1112 io[2],io[3],il,ir);
1113 CAMELLIA_ROUNDSM(io[2],io[3],
1114 SUBKEY_L(20),SUBKEY_R(20),
1115 io[0],io[1],il,ir);
1116 CAMELLIA_ROUNDSM(io[0],io[1],
1117 SUBKEY_L(19),SUBKEY_R(19),
1118 io[2],io[3],il,ir);
1119 CAMELLIA_ROUNDSM(io[2],io[3],
1120 SUBKEY_L(18),SUBKEY_R(18),
1121 io[0],io[1],il,ir);
1122
1123 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1124 SUBKEY_L(17),SUBKEY_R(17),
1125 SUBKEY_L(16),SUBKEY_R(16),
1126 t0,t1,il,ir);
1127
1128 CAMELLIA_ROUNDSM(io[0],io[1],
1129 SUBKEY_L(15),SUBKEY_R(15),
1130 io[2],io[3],il,ir);
1131 CAMELLIA_ROUNDSM(io[2],io[3],
1132 SUBKEY_L(14),SUBKEY_R(14),
1133 io[0],io[1],il,ir);
1134 CAMELLIA_ROUNDSM(io[0],io[1],
1135 SUBKEY_L(13),SUBKEY_R(13),
1136 io[2],io[3],il,ir);
1137 CAMELLIA_ROUNDSM(io[2],io[3],
1138 SUBKEY_L(12),SUBKEY_R(12),
1139 io[0],io[1],il,ir);
1140 CAMELLIA_ROUNDSM(io[0],io[1],
1141 SUBKEY_L(11),SUBKEY_R(11),
1142 io[2],io[3],il,ir);
1143 CAMELLIA_ROUNDSM(io[2],io[3],
1144 SUBKEY_L(10),SUBKEY_R(10),
1145 io[0],io[1],il,ir);
1146
1147 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1148 SUBKEY_L(9),SUBKEY_R(9),
1149 SUBKEY_L(8),SUBKEY_R(8),
1150 t0,t1,il,ir);
1151
1152 CAMELLIA_ROUNDSM(io[0],io[1],
1153 SUBKEY_L(7),SUBKEY_R(7),
1154 io[2],io[3],il,ir);
1155 CAMELLIA_ROUNDSM(io[2],io[3],
1156 SUBKEY_L(6),SUBKEY_R(6),
1157 io[0],io[1],il,ir);
1158 CAMELLIA_ROUNDSM(io[0],io[1],
1159 SUBKEY_L(5),SUBKEY_R(5),
1160 io[2],io[3],il,ir);
1161 CAMELLIA_ROUNDSM(io[2],io[3],
1162 SUBKEY_L(4),SUBKEY_R(4),
1163 io[0],io[1],il,ir);
1164 CAMELLIA_ROUNDSM(io[0],io[1],
1165 SUBKEY_L(3),SUBKEY_R(3),
1166 io[2],io[3],il,ir);
1167 CAMELLIA_ROUNDSM(io[2],io[3],
1168 SUBKEY_L(2),SUBKEY_R(2),
1169 io[0],io[1],il,ir);
1170 1053
1171 /* post whitening but kw4 */ 1054 /* post whitening but kw4 */
1172 io_text[0] = io[2] ^ SUBKEY_L(0); 1055 io[2] ^= SUBKEY_L(max);
1173 io_text[1] = io[3] ^ SUBKEY_R(0); 1056 io[3] ^= SUBKEY_R(max);
1174 io_text[2] = io[0]; 1057 /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
1175 io_text[3] = io[1];
1176} 1058}
1177 1059
1178static void camellia_encrypt256(const u32 *subkey, u32 *io_text) 1060static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
1179{ 1061{
1180 u32 il,ir,t0,t1; /* temporary variables */ 1062 u32 il,ir,t0,t1; /* temporary variables */
1181
1182 u32 io[4];
1183 1063
1184 /* pre whitening but absorb kw2 */ 1064 /* pre whitening but absorb kw2 */
1185 io[0] = io_text[0] ^ SUBKEY_L(0); 1065 io[0] ^= SUBKEY_L(i);
1186 io[1] = io_text[1] ^ SUBKEY_R(0); 1066 io[1] ^= SUBKEY_R(i);
1187 io[2] = io_text[2];
1188 io[3] = io_text[3];
1189 1067
1190 /* main iteration */ 1068 /* main iteration */
1191 CAMELLIA_ROUNDSM(io[0],io[1], 1069#define ROUNDS(i) do { \
1192 SUBKEY_L(2),SUBKEY_R(2), 1070 CAMELLIA_ROUNDSM(io[0],io[1], \
1193 io[2],io[3],il,ir); 1071 SUBKEY_L(i + 7),SUBKEY_R(i + 7), \
1194 CAMELLIA_ROUNDSM(io[2],io[3], 1072 io[2],io[3],il,ir); \
1195 SUBKEY_L(3),SUBKEY_R(3), 1073 CAMELLIA_ROUNDSM(io[2],io[3], \
1196 io[0],io[1],il,ir); 1074 SUBKEY_L(i + 6),SUBKEY_R(i + 6), \
1197 CAMELLIA_ROUNDSM(io[0],io[1], 1075 io[0],io[1],il,ir); \
1198 SUBKEY_L(4),SUBKEY_R(4), 1076 CAMELLIA_ROUNDSM(io[0],io[1], \
1199 io[2],io[3],il,ir); 1077 SUBKEY_L(i + 5),SUBKEY_R(i + 5), \
1200 CAMELLIA_ROUNDSM(io[2],io[3], 1078 io[2],io[3],il,ir); \
1201 SUBKEY_L(5),SUBKEY_R(5), 1079 CAMELLIA_ROUNDSM(io[2],io[3], \
1202 io[0],io[1],il,ir); 1080 SUBKEY_L(i + 4),SUBKEY_R(i + 4), \
1203 CAMELLIA_ROUNDSM(io[0],io[1], 1081 io[0],io[1],il,ir); \
1204 SUBKEY_L(6),SUBKEY_R(6), 1082 CAMELLIA_ROUNDSM(io[0],io[1], \
1205 io[2],io[3],il,ir); 1083 SUBKEY_L(i + 3),SUBKEY_R(i + 3), \
1206 CAMELLIA_ROUNDSM(io[2],io[3], 1084 io[2],io[3],il,ir); \
1207 SUBKEY_L(7),SUBKEY_R(7), 1085 CAMELLIA_ROUNDSM(io[2],io[3], \
1208 io[0],io[1],il,ir); 1086 SUBKEY_L(i + 2),SUBKEY_R(i + 2), \
1209 1087 io[0],io[1],il,ir); \
1210 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1088} while (0)
1211 SUBKEY_L(8),SUBKEY_R(8), 1089#define FLS(i) do { \
1212 SUBKEY_L(9),SUBKEY_R(9), 1090 CAMELLIA_FLS(io[0],io[1],io[2],io[3], \
1213 t0,t1,il,ir); 1091 SUBKEY_L(i + 1),SUBKEY_R(i + 1), \
1214 1092 SUBKEY_L(i + 0),SUBKEY_R(i + 0), \
1215 CAMELLIA_ROUNDSM(io[0],io[1], 1093 t0,t1,il,ir); \
1216 SUBKEY_L(10),SUBKEY_R(10), 1094} while (0)
1217 io[2],io[3],il,ir); 1095
1218 CAMELLIA_ROUNDSM(io[2],io[3], 1096 if (i == 32) {
1219 SUBKEY_L(11),SUBKEY_R(11), 1097 ROUNDS(24);
1220 io[0],io[1],il,ir); 1098 FLS(24);
1221 CAMELLIA_ROUNDSM(io[0],io[1], 1099 }
1222 SUBKEY_L(12),SUBKEY_R(12), 1100 ROUNDS(16);
1223 io[2],io[3],il,ir); 1101 FLS(16);
1224 CAMELLIA_ROUNDSM(io[2],io[3], 1102 ROUNDS(8);
1225 SUBKEY_L(13),SUBKEY_R(13), 1103 FLS(8);
1226 io[0],io[1],il,ir); 1104 ROUNDS(0);
1227 CAMELLIA_ROUNDSM(io[0],io[1],
1228 SUBKEY_L(14),SUBKEY_R(14),
1229 io[2],io[3],il,ir);
1230 CAMELLIA_ROUNDSM(io[2],io[3],
1231 SUBKEY_L(15),SUBKEY_R(15),
1232 io[0],io[1],il,ir);
1233
1234 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1235 SUBKEY_L(16),SUBKEY_R(16),
1236 SUBKEY_L(17),SUBKEY_R(17),
1237 t0,t1,il,ir);
1238
1239 CAMELLIA_ROUNDSM(io[0],io[1],
1240 SUBKEY_L(18),SUBKEY_R(18),
1241 io[2],io[3],il,ir);
1242 CAMELLIA_ROUNDSM(io[2],io[3],
1243 SUBKEY_L(19),SUBKEY_R(19),
1244 io[0],io[1],il,ir);
1245 CAMELLIA_ROUNDSM(io[0],io[1],
1246 SUBKEY_L(20),SUBKEY_R(20),
1247 io[2],io[3],il,ir);
1248 CAMELLIA_ROUNDSM(io[2],io[3],
1249 SUBKEY_L(21),SUBKEY_R(21),
1250 io[0],io[1],il,ir);
1251 CAMELLIA_ROUNDSM(io[0],io[1],
1252 SUBKEY_L(22),SUBKEY_R(22),
1253 io[2],io[3],il,ir);
1254 CAMELLIA_ROUNDSM(io[2],io[3],
1255 SUBKEY_L(23),SUBKEY_R(23),
1256 io[0],io[1],il,ir);
1257
1258 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1259 SUBKEY_L(24),SUBKEY_R(24),
1260 SUBKEY_L(25),SUBKEY_R(25),
1261 t0,t1,il,ir);
1262
1263 CAMELLIA_ROUNDSM(io[0],io[1],
1264 SUBKEY_L(26),SUBKEY_R(26),
1265 io[2],io[3],il,ir);
1266 CAMELLIA_ROUNDSM(io[2],io[3],
1267 SUBKEY_L(27),SUBKEY_R(27),
1268 io[0],io[1],il,ir);
1269 CAMELLIA_ROUNDSM(io[0],io[1],
1270 SUBKEY_L(28),SUBKEY_R(28),
1271 io[2],io[3],il,ir);
1272 CAMELLIA_ROUNDSM(io[2],io[3],
1273 SUBKEY_L(29),SUBKEY_R(29),
1274 io[0],io[1],il,ir);
1275 CAMELLIA_ROUNDSM(io[0],io[1],
1276 SUBKEY_L(30),SUBKEY_R(30),
1277 io[2],io[3],il,ir);
1278 CAMELLIA_ROUNDSM(io[2],io[3],
1279 SUBKEY_L(31),SUBKEY_R(31),
1280 io[0],io[1],il,ir);
1281
1282 /* post whitening but kw4 */
1283 io_text[0] = io[2] ^ SUBKEY_L(32);
1284 io_text[1] = io[3] ^ SUBKEY_R(32);
1285 io_text[2] = io[0];
1286 io_text[3] = io[1];
1287}
1288
1289static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1290{
1291 u32 il,ir,t0,t1; /* temporary variables */
1292 1105
1293 u32 io[4]; 1106#undef ROUNDS
1294 1107#undef FLS
1295 /* pre whitening but absorb kw2 */
1296 io[0] = io_text[0] ^ SUBKEY_L(32);
1297 io[1] = io_text[1] ^ SUBKEY_R(32);
1298 io[2] = io_text[2];
1299 io[3] = io_text[3];
1300
1301 /* main iteration */
1302 CAMELLIA_ROUNDSM(io[0],io[1],
1303 SUBKEY_L(31),SUBKEY_R(31),
1304 io[2],io[3],il,ir);
1305 CAMELLIA_ROUNDSM(io[2],io[3],
1306 SUBKEY_L(30),SUBKEY_R(30),
1307 io[0],io[1],il,ir);
1308 CAMELLIA_ROUNDSM(io[0],io[1],
1309 SUBKEY_L(29),SUBKEY_R(29),
1310 io[2],io[3],il,ir);
1311 CAMELLIA_ROUNDSM(io[2],io[3],
1312 SUBKEY_L(28),SUBKEY_R(28),
1313 io[0],io[1],il,ir);
1314 CAMELLIA_ROUNDSM(io[0],io[1],
1315 SUBKEY_L(27),SUBKEY_R(27),
1316 io[2],io[3],il,ir);
1317 CAMELLIA_ROUNDSM(io[2],io[3],
1318 SUBKEY_L(26),SUBKEY_R(26),
1319 io[0],io[1],il,ir);
1320
1321 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1322 SUBKEY_L(25),SUBKEY_R(25),
1323 SUBKEY_L(24),SUBKEY_R(24),
1324 t0,t1,il,ir);
1325
1326 CAMELLIA_ROUNDSM(io[0],io[1],
1327 SUBKEY_L(23),SUBKEY_R(23),
1328 io[2],io[3],il,ir);
1329 CAMELLIA_ROUNDSM(io[2],io[3],
1330 SUBKEY_L(22),SUBKEY_R(22),
1331 io[0],io[1],il,ir);
1332 CAMELLIA_ROUNDSM(io[0],io[1],
1333 SUBKEY_L(21),SUBKEY_R(21),
1334 io[2],io[3],il,ir);
1335 CAMELLIA_ROUNDSM(io[2],io[3],
1336 SUBKEY_L(20),SUBKEY_R(20),
1337 io[0],io[1],il,ir);
1338 CAMELLIA_ROUNDSM(io[0],io[1],
1339 SUBKEY_L(19),SUBKEY_R(19),
1340 io[2],io[3],il,ir);
1341 CAMELLIA_ROUNDSM(io[2],io[3],
1342 SUBKEY_L(18),SUBKEY_R(18),
1343 io[0],io[1],il,ir);
1344
1345 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1346 SUBKEY_L(17),SUBKEY_R(17),
1347 SUBKEY_L(16),SUBKEY_R(16),
1348 t0,t1,il,ir);
1349
1350 CAMELLIA_ROUNDSM(io[0],io[1],
1351 SUBKEY_L(15),SUBKEY_R(15),
1352 io[2],io[3],il,ir);
1353 CAMELLIA_ROUNDSM(io[2],io[3],
1354 SUBKEY_L(14),SUBKEY_R(14),
1355 io[0],io[1],il,ir);
1356 CAMELLIA_ROUNDSM(io[0],io[1],
1357 SUBKEY_L(13),SUBKEY_R(13),
1358 io[2],io[3],il,ir);
1359 CAMELLIA_ROUNDSM(io[2],io[3],
1360 SUBKEY_L(12),SUBKEY_R(12),
1361 io[0],io[1],il,ir);
1362 CAMELLIA_ROUNDSM(io[0],io[1],
1363 SUBKEY_L(11),SUBKEY_R(11),
1364 io[2],io[3],il,ir);
1365 CAMELLIA_ROUNDSM(io[2],io[3],
1366 SUBKEY_L(10),SUBKEY_R(10),
1367 io[0],io[1],il,ir);
1368
1369 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1370 SUBKEY_L(9),SUBKEY_R(9),
1371 SUBKEY_L(8),SUBKEY_R(8),
1372 t0,t1,il,ir);
1373
1374 CAMELLIA_ROUNDSM(io[0],io[1],
1375 SUBKEY_L(7),SUBKEY_R(7),
1376 io[2],io[3],il,ir);
1377 CAMELLIA_ROUNDSM(io[2],io[3],
1378 SUBKEY_L(6),SUBKEY_R(6),
1379 io[0],io[1],il,ir);
1380 CAMELLIA_ROUNDSM(io[0],io[1],
1381 SUBKEY_L(5),SUBKEY_R(5),
1382 io[2],io[3],il,ir);
1383 CAMELLIA_ROUNDSM(io[2],io[3],
1384 SUBKEY_L(4),SUBKEY_R(4),
1385 io[0],io[1],il,ir);
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 SUBKEY_L(3),SUBKEY_R(3),
1388 io[2],io[3],il,ir);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 SUBKEY_L(2),SUBKEY_R(2),
1391 io[0],io[1],il,ir);
1392 1108
1393 /* post whitening but kw4 */ 1109 /* post whitening but kw4 */
1394 io_text[0] = io[2] ^ SUBKEY_L(0); 1110 io[2] ^= SUBKEY_L(0);
1395 io_text[1] = io[3] ^ SUBKEY_R(0); 1111 io[3] ^= SUBKEY_R(0);
1396 io_text[2] = io[0]; 1112 /* NB: 0,1 should be swapped with 2,3 by caller! */
1397 io_text[3] = io[1];
1398} 1113}
1399 1114
1400 1115
@@ -1446,21 +1161,15 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1446 tmp[2] = be32_to_cpu(src[2]); 1161 tmp[2] = be32_to_cpu(src[2]);
1447 tmp[3] = be32_to_cpu(src[3]); 1162 tmp[3] = be32_to_cpu(src[3]);
1448 1163
1449 switch (cctx->key_length) { 1164 camellia_do_encrypt(cctx->key_table, tmp,
1450 case 16: 1165 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1451 camellia_encrypt128(cctx->key_table, tmp); 1166 );
1452 break;
1453 case 24:
1454 /* fall through */
1455 case 32:
1456 camellia_encrypt256(cctx->key_table, tmp);
1457 break;
1458 }
1459 1167
1460 dst[0] = cpu_to_be32(tmp[0]); 1168 /* do_encrypt returns 0,1 swapped with 2,3 */
1461 dst[1] = cpu_to_be32(tmp[1]); 1169 dst[0] = cpu_to_be32(tmp[2]);
1462 dst[2] = cpu_to_be32(tmp[2]); 1170 dst[1] = cpu_to_be32(tmp[3]);
1463 dst[3] = cpu_to_be32(tmp[3]); 1171 dst[2] = cpu_to_be32(tmp[0]);
1172 dst[3] = cpu_to_be32(tmp[1]);
1464} 1173}
1465 1174
1466static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 1175static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
@@ -1476,21 +1185,15 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1476 tmp[2] = be32_to_cpu(src[2]); 1185 tmp[2] = be32_to_cpu(src[2]);
1477 tmp[3] = be32_to_cpu(src[3]); 1186 tmp[3] = be32_to_cpu(src[3]);
1478 1187
1479 switch (cctx->key_length) { 1188 camellia_do_decrypt(cctx->key_table, tmp,
1480 case 16: 1189 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1481 camellia_decrypt128(cctx->key_table, tmp); 1190 );
1482 break;
1483 case 24:
1484 /* fall through */
1485 case 32:
1486 camellia_decrypt256(cctx->key_table, tmp);
1487 break;
1488 }
1489 1191
1490 dst[0] = cpu_to_be32(tmp[0]); 1192 /* do_decrypt returns 0,1 swapped with 2,3 */
1491 dst[1] = cpu_to_be32(tmp[1]); 1193 dst[0] = cpu_to_be32(tmp[2]);
1492 dst[2] = cpu_to_be32(tmp[2]); 1194 dst[1] = cpu_to_be32(tmp[3]);
1493 dst[3] = cpu_to_be32(tmp[3]); 1195 dst[2] = cpu_to_be32(tmp[0]);
1196 dst[3] = cpu_to_be32(tmp[1]);
1494} 1197}
1495 1198
1496static struct crypto_alg camellia_alg = { 1199static struct crypto_alg camellia_alg = {