aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/camellia.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/camellia.c')
-rw-r--r--crypto/camellia.c935
1 files changed, 418 insertions, 517 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c
index aaae60e8bf25..ac372e43e2a3 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -336,13 +336,13 @@ static const u32 camellia_sp4404[256] = {
336 ^ ((u32)(pt)[3])) 336 ^ ((u32)(pt)[3]))
337 337
338/* rotation right shift 1byte */ 338/* rotation right shift 1byte */
339#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 339#define ROR8(x) (((x) >> 8) + ((x) << 24))
340/* rotation left shift 1bit */ 340/* rotation left shift 1bit */
341#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 341#define ROL1(x) (((x) << 1) + ((x) >> 31))
342/* rotation left shift 1byte */ 342/* rotation left shift 1byte */
343#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 343#define ROL8(x) (((x) << 8) + ((x) >> 24))
344 344
345#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 345#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
346 do { \ 346 do { \
347 w0 = ll; \ 347 w0 = ll; \
348 ll = (ll << bits) + (lr >> (32 - bits)); \ 348 ll = (ll << bits) + (lr >> (32 - bits)); \
@@ -351,7 +351,7 @@ static const u32 camellia_sp4404[256] = {
351 rr = (rr << bits) + (w0 >> (32 - bits)); \ 351 rr = (rr << bits) + (w0 >> (32 - bits)); \
352 } while(0) 352 } while(0)
353 353
354#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 354#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
355 do { \ 355 do { \
356 w0 = ll; \ 356 w0 = ll; \
357 w1 = lr; \ 357 w1 = lr; \
@@ -377,7 +377,7 @@ static const u32 camellia_sp4404[256] = {
377 ^ camellia_sp3033[(il >> 8) & 0xff] \ 377 ^ camellia_sp3033[(il >> 8) & 0xff] \
378 ^ camellia_sp4404[il & 0xff]; \ 378 ^ camellia_sp4404[il & 0xff]; \
379 yl ^= yr; \ 379 yl ^= yr; \
380 yr = CAMELLIA_RR8(yr); \ 380 yr = ROR8(yr); \
381 yr ^= yl; \ 381 yr ^= yl; \
382 } while(0) 382 } while(0)
383 383
@@ -393,13 +393,13 @@ static const u32 camellia_sp4404[256] = {
393 t0 &= ll; \ 393 t0 &= ll; \
394 t2 |= rr; \ 394 t2 |= rr; \
395 rl ^= t2; \ 395 rl ^= t2; \
396 lr ^= CAMELLIA_RL1(t0); \ 396 lr ^= ROL1(t0); \
397 t3 = krl; \ 397 t3 = krl; \
398 t1 = klr; \ 398 t1 = klr; \
399 t3 &= rl; \ 399 t3 &= rl; \
400 t1 |= lr; \ 400 t1 |= lr; \
401 ll ^= t1; \ 401 ll ^= t1; \
402 rr ^= CAMELLIA_RL1(t3); \ 402 rr ^= ROL1(t3); \
403 } while(0) 403 } while(0)
404 404
405#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 405#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
@@ -415,12 +415,12 @@ static const u32 camellia_sp4404[256] = {
415 il ^= kl; \ 415 il ^= kl; \
416 ir ^= il ^ kr; \ 416 ir ^= il ^ kr; \
417 yl ^= ir; \ 417 yl ^= ir; \
418 yr ^= CAMELLIA_RR8(il) ^ ir; \ 418 yr ^= ROR8(il) ^ ir; \
419 } while(0) 419 } while(0)
420 420
421 421
422#define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2]) 422#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
423#define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) 423#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
424 424
425static void camellia_setup128(const unsigned char *key, u32 *subkey) 425static void camellia_setup128(const unsigned char *key, u32 *subkey)
426{ 426{
@@ -445,35 +445,35 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
445 /* kw2 */ 445 /* kw2 */
446 subL[1] = krl; subR[1] = krr; 446 subL[1] = krl; subR[1] = krr;
447 /* rotation left shift 15bit */ 447 /* rotation left shift 15bit */
448 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 448 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
449 /* k3 */ 449 /* k3 */
450 subL[4] = kll; subR[4] = klr; 450 subL[4] = kll; subR[4] = klr;
451 /* k4 */ 451 /* k4 */
452 subL[5] = krl; subR[5] = krr; 452 subL[5] = krl; subR[5] = krr;
453 /* rotation left shift 15+30bit */ 453 /* rotation left shift 15+30bit */
454 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 454 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
455 /* k7 */ 455 /* k7 */
456 subL[10] = kll; subR[10] = klr; 456 subL[10] = kll; subR[10] = klr;
457 /* k8 */ 457 /* k8 */
458 subL[11] = krl; subR[11] = krr; 458 subL[11] = krl; subR[11] = krr;
459 /* rotation left shift 15+30+15bit */ 459 /* rotation left shift 15+30+15bit */
460 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 460 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
461 /* k10 */ 461 /* k10 */
462 subL[13] = krl; subR[13] = krr; 462 subL[13] = krl; subR[13] = krr;
463 /* rotation left shift 15+30+15+17 bit */ 463 /* rotation left shift 15+30+15+17 bit */
464 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 464 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
465 /* kl3 */ 465 /* kl3 */
466 subL[16] = kll; subR[16] = klr; 466 subL[16] = kll; subR[16] = klr;
467 /* kl4 */ 467 /* kl4 */
468 subL[17] = krl; subR[17] = krr; 468 subL[17] = krl; subR[17] = krr;
469 /* rotation left shift 15+30+15+17+17 bit */ 469 /* rotation left shift 15+30+15+17+17 bit */
470 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 470 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
471 /* k13 */ 471 /* k13 */
472 subL[18] = kll; subR[18] = klr; 472 subL[18] = kll; subR[18] = klr;
473 /* k14 */ 473 /* k14 */
474 subL[19] = krl; subR[19] = krr; 474 subL[19] = krl; subR[19] = krr;
475 /* rotation left shift 15+30+15+17+17+17 bit */ 475 /* rotation left shift 15+30+15+17+17+17 bit */
476 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 476 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
477 /* k17 */ 477 /* k17 */
478 subL[22] = kll; subR[22] = klr; 478 subL[22] = kll; subR[22] = klr;
479 /* k18 */ 479 /* k18 */
@@ -503,26 +503,26 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
503 /* k1, k2 */ 503 /* k1, k2 */
504 subL[2] = kll; subR[2] = klr; 504 subL[2] = kll; subR[2] = klr;
505 subL[3] = krl; subR[3] = krr; 505 subL[3] = krl; subR[3] = krr;
506 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 506 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
507 /* k5,k6 */ 507 /* k5,k6 */
508 subL[6] = kll; subR[6] = klr; 508 subL[6] = kll; subR[6] = klr;
509 subL[7] = krl; subR[7] = krr; 509 subL[7] = krl; subR[7] = krr;
510 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 510 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
511 /* kl1, kl2 */ 511 /* kl1, kl2 */
512 subL[8] = kll; subR[8] = klr; 512 subL[8] = kll; subR[8] = klr;
513 subL[9] = krl; subR[9] = krr; 513 subL[9] = krl; subR[9] = krr;
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 514 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k9 */ 515 /* k9 */
516 subL[12] = kll; subR[12] = klr; 516 subL[12] = kll; subR[12] = klr;
517 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 517 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
518 /* k11, k12 */ 518 /* k11, k12 */
519 subL[14] = kll; subR[14] = klr; 519 subL[14] = kll; subR[14] = klr;
520 subL[15] = krl; subR[15] = krr; 520 subL[15] = krl; subR[15] = krr;
521 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 521 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
522 /* k15, k16 */ 522 /* k15, k16 */
523 subL[20] = kll; subR[20] = klr; 523 subL[20] = kll; subR[20] = klr;
524 subL[21] = krl; subR[21] = krr; 524 subL[21] = krl; subR[21] = krr;
525 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 525 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
526 /* kw3, kw4 */ 526 /* kw3, kw4 */
527 subL[24] = kll; subR[24] = klr; 527 subL[24] = kll; subR[24] = klr;
528 subL[25] = krl; subR[25] = krr; 528 subL[25] = krl; subR[25] = krr;
@@ -536,7 +536,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
536 subL[7] ^= subL[1]; subR[7] ^= subR[1]; 536 subL[7] ^= subL[1]; subR[7] ^= subR[1];
537 subL[1] ^= subR[1] & ~subR[9]; 537 subL[1] ^= subR[1] & ~subR[9];
538 dw = subL[1] & subL[9], 538 dw = subL[1] & subL[9],
539 subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ 539 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
540 /* round 8 */ 540 /* round 8 */
541 subL[11] ^= subL[1]; subR[11] ^= subR[1]; 541 subL[11] ^= subL[1]; subR[11] ^= subR[1];
542 /* round 10 */ 542 /* round 10 */
@@ -545,7 +545,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
545 subL[15] ^= subL[1]; subR[15] ^= subR[1]; 545 subL[15] ^= subL[1]; subR[15] ^= subR[1];
546 subL[1] ^= subR[1] & ~subR[17]; 546 subL[1] ^= subR[1] & ~subR[17];
547 dw = subL[1] & subL[17], 547 dw = subL[1] & subL[17],
548 subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ 548 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
549 /* round 14 */ 549 /* round 14 */
550 subL[19] ^= subL[1]; subR[19] ^= subR[1]; 550 subL[19] ^= subL[1]; subR[19] ^= subR[1];
551 /* round 16 */ 551 /* round 16 */
@@ -565,7 +565,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
565 subL[18] ^= kw4l; subR[18] ^= kw4r; 565 subL[18] ^= kw4l; subR[18] ^= kw4r;
566 kw4l ^= kw4r & ~subR[16]; 566 kw4l ^= kw4r & ~subR[16];
567 dw = kw4l & subL[16], 567 dw = kw4l & subL[16],
568 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ 568 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
569 /* round 11 */ 569 /* round 11 */
570 subL[14] ^= kw4l; subR[14] ^= kw4r; 570 subL[14] ^= kw4l; subR[14] ^= kw4r;
571 /* round 9 */ 571 /* round 9 */
@@ -574,7 +574,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
574 subL[10] ^= kw4l; subR[10] ^= kw4r; 574 subL[10] ^= kw4l; subR[10] ^= kw4r;
575 kw4l ^= kw4r & ~subR[8]; 575 kw4l ^= kw4r & ~subR[8];
576 dw = kw4l & subL[8], 576 dw = kw4l & subL[8],
577 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ 577 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
578 /* round 5 */ 578 /* round 5 */
579 subL[6] ^= kw4l; subR[6] ^= kw4r; 579 subL[6] ^= kw4l; subR[6] ^= kw4r;
580 /* round 3 */ 580 /* round 3 */
@@ -585,140 +585,104 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
585 subL[0] ^= kw4l; subR[0] ^= kw4r; 585 subL[0] ^= kw4l; subR[0] ^= kw4r;
586 586
587 /* key XOR is end of F-function */ 587 /* key XOR is end of F-function */
588 CAMELLIA_SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ 588 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
589 CAMELLIA_SUBKEY_R(0) = subR[0] ^ subR[2]; 589 SUBKEY_R(0) = subR[0] ^ subR[2];
590 CAMELLIA_SUBKEY_L(2) = subL[3]; /* round 1 */ 590 SUBKEY_L(2) = subL[3]; /* round 1 */
591 CAMELLIA_SUBKEY_R(2) = subR[3]; 591 SUBKEY_R(2) = subR[3];
592 CAMELLIA_SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */ 592 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
593 CAMELLIA_SUBKEY_R(3) = subR[2] ^ subR[4]; 593 SUBKEY_R(3) = subR[2] ^ subR[4];
594 CAMELLIA_SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */ 594 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
595 CAMELLIA_SUBKEY_R(4) = subR[3] ^ subR[5]; 595 SUBKEY_R(4) = subR[3] ^ subR[5];
596 CAMELLIA_SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */ 596 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
597 CAMELLIA_SUBKEY_R(5) = subR[4] ^ subR[6]; 597 SUBKEY_R(5) = subR[4] ^ subR[6];
598 CAMELLIA_SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */ 598 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
599 CAMELLIA_SUBKEY_R(6) = subR[5] ^ subR[7]; 599 SUBKEY_R(6) = subR[5] ^ subR[7];
600 tl = subL[10] ^ (subR[10] & ~subR[8]); 600 tl = subL[10] ^ (subR[10] & ~subR[8]);
601 dw = tl & subL[8], /* FL(kl1) */ 601 dw = tl & subL[8], /* FL(kl1) */
602 tr = subR[10] ^ CAMELLIA_RL1(dw); 602 tr = subR[10] ^ ROL1(dw);
603 CAMELLIA_SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ 603 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
604 CAMELLIA_SUBKEY_R(7) = subR[6] ^ tr; 604 SUBKEY_R(7) = subR[6] ^ tr;
605 CAMELLIA_SUBKEY_L(8) = subL[8]; /* FL(kl1) */ 605 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
606 CAMELLIA_SUBKEY_R(8) = subR[8]; 606 SUBKEY_R(8) = subR[8];
607 CAMELLIA_SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */ 607 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
608 CAMELLIA_SUBKEY_R(9) = subR[9]; 608 SUBKEY_R(9) = subR[9];
609 tl = subL[7] ^ (subR[7] & ~subR[9]); 609 tl = subL[7] ^ (subR[7] & ~subR[9]);
610 dw = tl & subL[9], /* FLinv(kl2) */ 610 dw = tl & subL[9], /* FLinv(kl2) */
611 tr = subR[7] ^ CAMELLIA_RL1(dw); 611 tr = subR[7] ^ ROL1(dw);
612 CAMELLIA_SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ 612 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
613 CAMELLIA_SUBKEY_R(10) = tr ^ subR[11]; 613 SUBKEY_R(10) = tr ^ subR[11];
614 CAMELLIA_SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ 614 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
615 CAMELLIA_SUBKEY_R(11) = subR[10] ^ subR[12]; 615 SUBKEY_R(11) = subR[10] ^ subR[12];
616 CAMELLIA_SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */ 616 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
617 CAMELLIA_SUBKEY_R(12) = subR[11] ^ subR[13]; 617 SUBKEY_R(12) = subR[11] ^ subR[13];
618 CAMELLIA_SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */ 618 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
619 CAMELLIA_SUBKEY_R(13) = subR[12] ^ subR[14]; 619 SUBKEY_R(13) = subR[12] ^ subR[14];
620 CAMELLIA_SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */ 620 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
621 CAMELLIA_SUBKEY_R(14) = subR[13] ^ subR[15]; 621 SUBKEY_R(14) = subR[13] ^ subR[15];
622 tl = subL[18] ^ (subR[18] & ~subR[16]); 622 tl = subL[18] ^ (subR[18] & ~subR[16]);
623 dw = tl & subL[16], /* FL(kl3) */ 623 dw = tl & subL[16], /* FL(kl3) */
624 tr = subR[18] ^ CAMELLIA_RL1(dw); 624 tr = subR[18] ^ ROL1(dw);
625 CAMELLIA_SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ 625 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
626 CAMELLIA_SUBKEY_R(15) = subR[14] ^ tr; 626 SUBKEY_R(15) = subR[14] ^ tr;
627 CAMELLIA_SUBKEY_L(16) = subL[16]; /* FL(kl3) */ 627 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
628 CAMELLIA_SUBKEY_R(16) = subR[16]; 628 SUBKEY_R(16) = subR[16];
629 CAMELLIA_SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */ 629 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
630 CAMELLIA_SUBKEY_R(17) = subR[17]; 630 SUBKEY_R(17) = subR[17];
631 tl = subL[15] ^ (subR[15] & ~subR[17]); 631 tl = subL[15] ^ (subR[15] & ~subR[17]);
632 dw = tl & subL[17], /* FLinv(kl4) */ 632 dw = tl & subL[17], /* FLinv(kl4) */
633 tr = subR[15] ^ CAMELLIA_RL1(dw); 633 tr = subR[15] ^ ROL1(dw);
634 CAMELLIA_SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ 634 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
635 CAMELLIA_SUBKEY_R(18) = tr ^ subR[19]; 635 SUBKEY_R(18) = tr ^ subR[19];
636 CAMELLIA_SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ 636 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
637 CAMELLIA_SUBKEY_R(19) = subR[18] ^ subR[20]; 637 SUBKEY_R(19) = subR[18] ^ subR[20];
638 CAMELLIA_SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */ 638 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
639 CAMELLIA_SUBKEY_R(20) = subR[19] ^ subR[21]; 639 SUBKEY_R(20) = subR[19] ^ subR[21];
640 CAMELLIA_SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */ 640 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
641 CAMELLIA_SUBKEY_R(21) = subR[20] ^ subR[22]; 641 SUBKEY_R(21) = subR[20] ^ subR[22];
642 CAMELLIA_SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */ 642 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
643 CAMELLIA_SUBKEY_R(22) = subR[21] ^ subR[23]; 643 SUBKEY_R(22) = subR[21] ^ subR[23];
644 CAMELLIA_SUBKEY_L(23) = subL[22]; /* round 18 */ 644 SUBKEY_L(23) = subL[22]; /* round 18 */
645 CAMELLIA_SUBKEY_R(23) = subR[22]; 645 SUBKEY_R(23) = subR[22];
646 CAMELLIA_SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */ 646 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
647 CAMELLIA_SUBKEY_R(24) = subR[24] ^ subR[23]; 647 SUBKEY_R(24) = subR[24] ^ subR[23];
648 648
649 /* apply the inverse of the last half of P-function */ 649 /* apply the inverse of the last half of P-function */
650 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2), 650 dw = SUBKEY_L(2) ^ SUBKEY_R(2); dw = ROL8(dw);/* round 1 */
651 dw = CAMELLIA_RL8(dw);/* round 1 */ 651 SUBKEY_R(2) = SUBKEY_L(2) ^ dw; SUBKEY_L(2) = dw;
652 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw, 652 dw = SUBKEY_L(3) ^ SUBKEY_R(3); dw = ROL8(dw);/* round 2 */
653 CAMELLIA_SUBKEY_L(2) = dw; 653 SUBKEY_R(3) = SUBKEY_L(3) ^ dw; SUBKEY_L(3) = dw;
654 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3), 654 dw = SUBKEY_L(4) ^ SUBKEY_R(4); dw = ROL8(dw);/* round 3 */
655 dw = CAMELLIA_RL8(dw);/* round 2 */ 655 SUBKEY_R(4) = SUBKEY_L(4) ^ dw; SUBKEY_L(4) = dw;
656 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw, 656 dw = SUBKEY_L(5) ^ SUBKEY_R(5); dw = ROL8(dw);/* round 4 */
657 CAMELLIA_SUBKEY_L(3) = dw; 657 SUBKEY_R(5) = SUBKEY_L(5) ^ dw; SUBKEY_L(5) = dw;
658 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4), 658 dw = SUBKEY_L(6) ^ SUBKEY_R(6); dw = ROL8(dw);/* round 5 */
659 dw = CAMELLIA_RL8(dw);/* round 3 */ 659 SUBKEY_R(6) = SUBKEY_L(6) ^ dw; SUBKEY_L(6) = dw;
660 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw, 660 dw = SUBKEY_L(7) ^ SUBKEY_R(7); dw = ROL8(dw);/* round 6 */
661 CAMELLIA_SUBKEY_L(4) = dw; 661 SUBKEY_R(7) = SUBKEY_L(7) ^ dw; SUBKEY_L(7) = dw;
662 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5), 662 dw = SUBKEY_L(10) ^ SUBKEY_R(10); dw = ROL8(dw);/* round 7 */
663 dw = CAMELLIA_RL8(dw);/* round 4 */ 663 SUBKEY_R(10) = SUBKEY_L(10) ^ dw; SUBKEY_L(10) = dw;
664 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw, 664 dw = SUBKEY_L(11) ^ SUBKEY_R(11); dw = ROL8(dw);/* round 8 */
665 CAMELLIA_SUBKEY_L(5) = dw; 665 SUBKEY_R(11) = SUBKEY_L(11) ^ dw; SUBKEY_L(11) = dw;
666 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6), 666 dw = SUBKEY_L(12) ^ SUBKEY_R(12); dw = ROL8(dw);/* round 9 */
667 dw = CAMELLIA_RL8(dw);/* round 5 */ 667 SUBKEY_R(12) = SUBKEY_L(12) ^ dw; SUBKEY_L(12) = dw;
668 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw, 668 dw = SUBKEY_L(13) ^ SUBKEY_R(13); dw = ROL8(dw);/* round 10 */
669 CAMELLIA_SUBKEY_L(6) = dw; 669 SUBKEY_R(13) = SUBKEY_L(13) ^ dw; SUBKEY_L(13) = dw;
670 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7), 670 dw = SUBKEY_L(14) ^ SUBKEY_R(14); dw = ROL8(dw);/* round 11 */
671 dw = CAMELLIA_RL8(dw);/* round 6 */ 671 SUBKEY_R(14) = SUBKEY_L(14) ^ dw; SUBKEY_L(14) = dw;
672 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw, 672 dw = SUBKEY_L(15) ^ SUBKEY_R(15); dw = ROL8(dw);/* round 12 */
673 CAMELLIA_SUBKEY_L(7) = dw; 673 SUBKEY_R(15) = SUBKEY_L(15) ^ dw; SUBKEY_L(15) = dw;
674 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10), 674 dw = SUBKEY_L(18) ^ SUBKEY_R(18); dw = ROL8(dw);/* round 13 */
675 dw = CAMELLIA_RL8(dw);/* round 7 */ 675 SUBKEY_R(18) = SUBKEY_L(18) ^ dw; SUBKEY_L(18) = dw;
676 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw, 676 dw = SUBKEY_L(19) ^ SUBKEY_R(19); dw = ROL8(dw);/* round 14 */
677 CAMELLIA_SUBKEY_L(10) = dw; 677 SUBKEY_R(19) = SUBKEY_L(19) ^ dw; SUBKEY_L(19) = dw;
678 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11), 678 dw = SUBKEY_L(20) ^ SUBKEY_R(20); dw = ROL8(dw);/* round 15 */
679 dw = CAMELLIA_RL8(dw);/* round 8 */ 679 SUBKEY_R(20) = SUBKEY_L(20) ^ dw; SUBKEY_L(20) = dw;
680 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw, 680 dw = SUBKEY_L(21) ^ SUBKEY_R(21); dw = ROL8(dw);/* round 16 */
681 CAMELLIA_SUBKEY_L(11) = dw; 681 SUBKEY_R(21) = SUBKEY_L(21) ^ dw; SUBKEY_L(21) = dw;
682 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12), 682 dw = SUBKEY_L(22) ^ SUBKEY_R(22); dw = ROL8(dw);/* round 17 */
683 dw = CAMELLIA_RL8(dw);/* round 9 */ 683 SUBKEY_R(22) = SUBKEY_L(22) ^ dw; SUBKEY_L(22) = dw;
684 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw, 684 dw = SUBKEY_L(23) ^ SUBKEY_R(23); dw = ROL8(dw);/* round 18 */
685 CAMELLIA_SUBKEY_L(12) = dw; 685 SUBKEY_R(23) = SUBKEY_L(23) ^ dw; SUBKEY_L(23) = dw;
686 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
687 dw = CAMELLIA_RL8(dw);/* round 10 */
688 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
689 CAMELLIA_SUBKEY_L(13) = dw;
690 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
691 dw = CAMELLIA_RL8(dw);/* round 11 */
692 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
693 CAMELLIA_SUBKEY_L(14) = dw;
694 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
695 dw = CAMELLIA_RL8(dw);/* round 12 */
696 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
697 CAMELLIA_SUBKEY_L(15) = dw;
698 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
699 dw = CAMELLIA_RL8(dw);/* round 13 */
700 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
701 CAMELLIA_SUBKEY_L(18) = dw;
702 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
703 dw = CAMELLIA_RL8(dw);/* round 14 */
704 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
705 CAMELLIA_SUBKEY_L(19) = dw;
706 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
707 dw = CAMELLIA_RL8(dw);/* round 15 */
708 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
709 CAMELLIA_SUBKEY_L(20) = dw;
710 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
711 dw = CAMELLIA_RL8(dw);/* round 16 */
712 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
713 CAMELLIA_SUBKEY_L(21) = dw;
714 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
715 dw = CAMELLIA_RL8(dw);/* round 17 */
716 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
717 CAMELLIA_SUBKEY_L(22) = dw;
718 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
719 dw = CAMELLIA_RL8(dw);/* round 18 */
720 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
721 CAMELLIA_SUBKEY_L(23) = dw;
722} 686}
723 687
724static void camellia_setup256(const unsigned char *key, u32 *subkey) 688static void camellia_setup256(const unsigned char *key, u32 *subkey)
@@ -734,7 +698,6 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
734 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 698 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
735 * (|| is concatination) 699 * (|| is concatination)
736 */ 700 */
737
738 kll = GETU32(key ); 701 kll = GETU32(key );
739 klr = GETU32(key + 4); 702 klr = GETU32(key + 4);
740 krl = GETU32(key + 8); 703 krl = GETU32(key + 8);
@@ -749,49 +712,49 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
749 subL[0] = kll; subR[0] = klr; 712 subL[0] = kll; subR[0] = klr;
750 /* kw2 */ 713 /* kw2 */
751 subL[1] = krl; subR[1] = krr; 714 subL[1] = krl; subR[1] = krr;
752 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 715 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
753 /* k9 */ 716 /* k9 */
754 subL[12] = kll; subR[12] = klr; 717 subL[12] = kll; subR[12] = klr;
755 /* k10 */ 718 /* k10 */
756 subL[13] = krl; subR[13] = krr; 719 subL[13] = krl; subR[13] = krr;
757 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 720 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
758 /* kl3 */ 721 /* kl3 */
759 subL[16] = kll; subR[16] = klr; 722 subL[16] = kll; subR[16] = klr;
760 /* kl4 */ 723 /* kl4 */
761 subL[17] = krl; subR[17] = krr; 724 subL[17] = krl; subR[17] = krr;
762 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 725 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
763 /* k17 */ 726 /* k17 */
764 subL[22] = kll; subR[22] = klr; 727 subL[22] = kll; subR[22] = klr;
765 /* k18 */ 728 /* k18 */
766 subL[23] = krl; subR[23] = krr; 729 subL[23] = krl; subR[23] = krr;
767 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 730 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
768 /* k23 */ 731 /* k23 */
769 subL[30] = kll; subR[30] = klr; 732 subL[30] = kll; subR[30] = klr;
770 /* k24 */ 733 /* k24 */
771 subL[31] = krl; subR[31] = krr; 734 subL[31] = krl; subR[31] = krr;
772 735
773 /* generate KR dependent subkeys */ 736 /* generate KR dependent subkeys */
774 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 737 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
775 /* k3 */ 738 /* k3 */
776 subL[4] = krll; subR[4] = krlr; 739 subL[4] = krll; subR[4] = krlr;
777 /* k4 */ 740 /* k4 */
778 subL[5] = krrl; subR[5] = krrr; 741 subL[5] = krrl; subR[5] = krrr;
779 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 742 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
780 /* kl1 */ 743 /* kl1 */
781 subL[8] = krll; subR[8] = krlr; 744 subL[8] = krll; subR[8] = krlr;
782 /* kl2 */ 745 /* kl2 */
783 subL[9] = krrl; subR[9] = krrr; 746 subL[9] = krrl; subR[9] = krrr;
784 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 747 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
785 /* k13 */ 748 /* k13 */
786 subL[18] = krll; subR[18] = krlr; 749 subL[18] = krll; subR[18] = krlr;
787 /* k14 */ 750 /* k14 */
788 subL[19] = krrl; subR[19] = krrr; 751 subL[19] = krrl; subR[19] = krrr;
789 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 752 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
790 /* k19 */ 753 /* k19 */
791 subL[26] = krll; subR[26] = krlr; 754 subL[26] = krll; subR[26] = krlr;
792 /* k20 */ 755 /* k20 */
793 subL[27] = krrl; subR[27] = krrr; 756 subL[27] = krrl; subR[27] = krrr;
794 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 757 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
795 758
796 /* generate KA */ 759 /* generate KA */
797 kll = subL[0] ^ krll; klr = subR[0] ^ krlr; 760 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
@@ -826,12 +789,12 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
826 krll ^= w0; krlr ^= w1; 789 krll ^= w0; krlr ^= w1;
827 790
828 /* generate KA dependent subkeys */ 791 /* generate KA dependent subkeys */
829 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 792 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
830 /* k5 */ 793 /* k5 */
831 subL[6] = kll; subR[6] = klr; 794 subL[6] = kll; subR[6] = klr;
832 /* k6 */ 795 /* k6 */
833 subL[7] = krl; subR[7] = krr; 796 subL[7] = krl; subR[7] = krr;
834 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 797 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
835 /* k11 */ 798 /* k11 */
836 subL[14] = kll; subR[14] = klr; 799 subL[14] = kll; subR[14] = klr;
837 /* k12 */ 800 /* k12 */
@@ -842,7 +805,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
842 /* kl6 */ 805 /* kl6 */
843 subL[25] = krr; subR[25] = kll; 806 subL[25] = krr; subR[25] = kll;
844 /* rotation left shift 49 from k11,k12 -> k21,k22 */ 807 /* rotation left shift 49 from k11,k12 -> k21,k22 */
845 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 808 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
846 /* k21 */ 809 /* k21 */
847 subL[28] = kll; subR[28] = klr; 810 subL[28] = kll; subR[28] = klr;
848 /* k22 */ 811 /* k22 */
@@ -853,17 +816,17 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
853 subL[2] = krll; subR[2] = krlr; 816 subL[2] = krll; subR[2] = krlr;
854 /* k2 */ 817 /* k2 */
855 subL[3] = krrl; subR[3] = krrr; 818 subL[3] = krrl; subR[3] = krrr;
856 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 819 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
857 /* k7 */ 820 /* k7 */
858 subL[10] = krll; subR[10] = krlr; 821 subL[10] = krll; subR[10] = krlr;
859 /* k8 */ 822 /* k8 */
860 subL[11] = krrl; subR[11] = krrr; 823 subL[11] = krrl; subR[11] = krrr;
861 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 824 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
862 /* k15 */ 825 /* k15 */
863 subL[20] = krll; subR[20] = krlr; 826 subL[20] = krll; subR[20] = krlr;
864 /* k16 */ 827 /* k16 */
865 subL[21] = krrl; subR[21] = krrr; 828 subL[21] = krrl; subR[21] = krrr;
866 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 829 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
867 /* kw3 */ 830 /* kw3 */
868 subL[32] = krll; subR[32] = krlr; 831 subL[32] = krll; subR[32] = krlr;
869 /* kw4 */ 832 /* kw4 */
@@ -878,7 +841,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
878 subL[7] ^= subL[1]; subR[7] ^= subR[1]; 841 subL[7] ^= subL[1]; subR[7] ^= subR[1];
879 subL[1] ^= subR[1] & ~subR[9]; 842 subL[1] ^= subR[1] & ~subR[9];
880 dw = subL[1] & subL[9], 843 dw = subL[1] & subL[9],
881 subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ 844 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
882 /* round 8 */ 845 /* round 8 */
883 subL[11] ^= subL[1]; subR[11] ^= subR[1]; 846 subL[11] ^= subL[1]; subR[11] ^= subR[1];
884 /* round 10 */ 847 /* round 10 */
@@ -887,7 +850,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
887 subL[15] ^= subL[1]; subR[15] ^= subR[1]; 850 subL[15] ^= subL[1]; subR[15] ^= subR[1];
888 subL[1] ^= subR[1] & ~subR[17]; 851 subL[1] ^= subR[1] & ~subR[17];
889 dw = subL[1] & subL[17], 852 dw = subL[1] & subL[17],
890 subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ 853 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
891 /* round 14 */ 854 /* round 14 */
892 subL[19] ^= subL[1]; subR[19] ^= subR[1]; 855 subL[19] ^= subL[1]; subR[19] ^= subR[1];
893 /* round 16 */ 856 /* round 16 */
@@ -896,7 +859,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
896 subL[23] ^= subL[1]; subR[23] ^= subR[1]; 859 subL[23] ^= subL[1]; subR[23] ^= subR[1];
897 subL[1] ^= subR[1] & ~subR[25]; 860 subL[1] ^= subR[1] & ~subR[25];
898 dw = subL[1] & subL[25], 861 dw = subL[1] & subL[25],
899 subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ 862 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
900 /* round 20 */ 863 /* round 20 */
901 subL[27] ^= subL[1]; subR[27] ^= subR[1]; 864 subL[27] ^= subL[1]; subR[27] ^= subR[1];
902 /* round 22 */ 865 /* round 22 */
@@ -916,7 +879,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
916 subL[26] ^= kw4l; subR[26] ^= kw4r; 879 subL[26] ^= kw4l; subR[26] ^= kw4r;
917 kw4l ^= kw4r & ~subR[24]; 880 kw4l ^= kw4r & ~subR[24];
918 dw = kw4l & subL[24], 881 dw = kw4l & subL[24],
919 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ 882 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
920 /* round 17 */ 883 /* round 17 */
921 subL[22] ^= kw4l; subR[22] ^= kw4r; 884 subL[22] ^= kw4l; subR[22] ^= kw4r;
922 /* round 15 */ 885 /* round 15 */
@@ -925,7 +888,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
925 subL[18] ^= kw4l; subR[18] ^= kw4r; 888 subL[18] ^= kw4l; subR[18] ^= kw4r;
926 kw4l ^= kw4r & ~subR[16]; 889 kw4l ^= kw4r & ~subR[16];
927 dw = kw4l & subL[16], 890 dw = kw4l & subL[16],
928 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ 891 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
929 /* round 11 */ 892 /* round 11 */
930 subL[14] ^= kw4l; subR[14] ^= kw4r; 893 subL[14] ^= kw4l; subR[14] ^= kw4r;
931 /* round 9 */ 894 /* round 9 */
@@ -934,7 +897,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
934 subL[10] ^= kw4l; subR[10] ^= kw4r; 897 subL[10] ^= kw4l; subR[10] ^= kw4r;
935 kw4l ^= kw4r & ~subR[8]; 898 kw4l ^= kw4r & ~subR[8];
936 dw = kw4l & subL[8], 899 dw = kw4l & subL[8],
937 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ 900 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
938 /* round 5 */ 901 /* round 5 */
939 subL[6] ^= kw4l; subR[6] ^= kw4r; 902 subL[6] ^= kw4l; subR[6] ^= kw4r;
940 /* round 3 */ 903 /* round 3 */
@@ -945,188 +908,138 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
945 subL[0] ^= kw4l; subR[0] ^= kw4r; 908 subL[0] ^= kw4l; subR[0] ^= kw4r;
946 909
947 /* key XOR is end of F-function */ 910 /* key XOR is end of F-function */
948 CAMELLIA_SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ 911 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
949 CAMELLIA_SUBKEY_R(0) = subR[0] ^ subR[2]; 912 SUBKEY_R(0) = subR[0] ^ subR[2];
950 CAMELLIA_SUBKEY_L(2) = subL[3]; /* round 1 */ 913 SUBKEY_L(2) = subL[3]; /* round 1 */
951 CAMELLIA_SUBKEY_R(2) = subR[3]; 914 SUBKEY_R(2) = subR[3];
952 CAMELLIA_SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */ 915 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
953 CAMELLIA_SUBKEY_R(3) = subR[2] ^ subR[4]; 916 SUBKEY_R(3) = subR[2] ^ subR[4];
954 CAMELLIA_SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */ 917 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
955 CAMELLIA_SUBKEY_R(4) = subR[3] ^ subR[5]; 918 SUBKEY_R(4) = subR[3] ^ subR[5];
956 CAMELLIA_SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */ 919 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
957 CAMELLIA_SUBKEY_R(5) = subR[4] ^ subR[6]; 920 SUBKEY_R(5) = subR[4] ^ subR[6];
958 CAMELLIA_SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */ 921 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
959 CAMELLIA_SUBKEY_R(6) = subR[5] ^ subR[7]; 922 SUBKEY_R(6) = subR[5] ^ subR[7];
960 tl = subL[10] ^ (subR[10] & ~subR[8]); 923 tl = subL[10] ^ (subR[10] & ~subR[8]);
961 dw = tl & subL[8], /* FL(kl1) */ 924 dw = tl & subL[8], /* FL(kl1) */
962 tr = subR[10] ^ CAMELLIA_RL1(dw); 925 tr = subR[10] ^ ROL1(dw);
963 CAMELLIA_SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ 926 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
964 CAMELLIA_SUBKEY_R(7) = subR[6] ^ tr; 927 SUBKEY_R(7) = subR[6] ^ tr;
965 CAMELLIA_SUBKEY_L(8) = subL[8]; /* FL(kl1) */ 928 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
966 CAMELLIA_SUBKEY_R(8) = subR[8]; 929 SUBKEY_R(8) = subR[8];
967 CAMELLIA_SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */ 930 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
968 CAMELLIA_SUBKEY_R(9) = subR[9]; 931 SUBKEY_R(9) = subR[9];
969 tl = subL[7] ^ (subR[7] & ~subR[9]); 932 tl = subL[7] ^ (subR[7] & ~subR[9]);
970 dw = tl & subL[9], /* FLinv(kl2) */ 933 dw = tl & subL[9], /* FLinv(kl2) */
971 tr = subR[7] ^ CAMELLIA_RL1(dw); 934 tr = subR[7] ^ ROL1(dw);
972 CAMELLIA_SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ 935 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
973 CAMELLIA_SUBKEY_R(10) = tr ^ subR[11]; 936 SUBKEY_R(10) = tr ^ subR[11];
974 CAMELLIA_SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ 937 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
975 CAMELLIA_SUBKEY_R(11) = subR[10] ^ subR[12]; 938 SUBKEY_R(11) = subR[10] ^ subR[12];
976 CAMELLIA_SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */ 939 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
977 CAMELLIA_SUBKEY_R(12) = subR[11] ^ subR[13]; 940 SUBKEY_R(12) = subR[11] ^ subR[13];
978 CAMELLIA_SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */ 941 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
979 CAMELLIA_SUBKEY_R(13) = subR[12] ^ subR[14]; 942 SUBKEY_R(13) = subR[12] ^ subR[14];
980 CAMELLIA_SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */ 943 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
981 CAMELLIA_SUBKEY_R(14) = subR[13] ^ subR[15]; 944 SUBKEY_R(14) = subR[13] ^ subR[15];
982 tl = subL[18] ^ (subR[18] & ~subR[16]); 945 tl = subL[18] ^ (subR[18] & ~subR[16]);
983 dw = tl & subL[16], /* FL(kl3) */ 946 dw = tl & subL[16], /* FL(kl3) */
984 tr = subR[18] ^ CAMELLIA_RL1(dw); 947 tr = subR[18] ^ ROL1(dw);
985 CAMELLIA_SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ 948 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
986 CAMELLIA_SUBKEY_R(15) = subR[14] ^ tr; 949 SUBKEY_R(15) = subR[14] ^ tr;
987 CAMELLIA_SUBKEY_L(16) = subL[16]; /* FL(kl3) */ 950 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
988 CAMELLIA_SUBKEY_R(16) = subR[16]; 951 SUBKEY_R(16) = subR[16];
989 CAMELLIA_SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */ 952 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
990 CAMELLIA_SUBKEY_R(17) = subR[17]; 953 SUBKEY_R(17) = subR[17];
991 tl = subL[15] ^ (subR[15] & ~subR[17]); 954 tl = subL[15] ^ (subR[15] & ~subR[17]);
992 dw = tl & subL[17], /* FLinv(kl4) */ 955 dw = tl & subL[17], /* FLinv(kl4) */
993 tr = subR[15] ^ CAMELLIA_RL1(dw); 956 tr = subR[15] ^ ROL1(dw);
994 CAMELLIA_SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ 957 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
995 CAMELLIA_SUBKEY_R(18) = tr ^ subR[19]; 958 SUBKEY_R(18) = tr ^ subR[19];
996 CAMELLIA_SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ 959 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
997 CAMELLIA_SUBKEY_R(19) = subR[18] ^ subR[20]; 960 SUBKEY_R(19) = subR[18] ^ subR[20];
998 CAMELLIA_SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */ 961 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
999 CAMELLIA_SUBKEY_R(20) = subR[19] ^ subR[21]; 962 SUBKEY_R(20) = subR[19] ^ subR[21];
1000 CAMELLIA_SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */ 963 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
1001 CAMELLIA_SUBKEY_R(21) = subR[20] ^ subR[22]; 964 SUBKEY_R(21) = subR[20] ^ subR[22];
1002 CAMELLIA_SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */ 965 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
1003 CAMELLIA_SUBKEY_R(22) = subR[21] ^ subR[23]; 966 SUBKEY_R(22) = subR[21] ^ subR[23];
1004 tl = subL[26] ^ (subR[26] 967 tl = subL[26] ^ (subR[26] & ~subR[24]);
1005 & ~subR[24]);
1006 dw = tl & subL[24], /* FL(kl5) */ 968 dw = tl & subL[24], /* FL(kl5) */
1007 tr = subR[26] ^ CAMELLIA_RL1(dw); 969 tr = subR[26] ^ ROL1(dw);
1008 CAMELLIA_SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ 970 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
1009 CAMELLIA_SUBKEY_R(23) = subR[22] ^ tr; 971 SUBKEY_R(23) = subR[22] ^ tr;
1010 CAMELLIA_SUBKEY_L(24) = subL[24]; /* FL(kl5) */ 972 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
1011 CAMELLIA_SUBKEY_R(24) = subR[24]; 973 SUBKEY_R(24) = subR[24];
1012 CAMELLIA_SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */ 974 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
1013 CAMELLIA_SUBKEY_R(25) = subR[25]; 975 SUBKEY_R(25) = subR[25];
1014 tl = subL[23] ^ (subR[23] & 976 tl = subL[23] ^ (subR[23] & ~subR[25]);
1015 ~subR[25]);
1016 dw = tl & subL[25], /* FLinv(kl6) */ 977 dw = tl & subL[25], /* FLinv(kl6) */
1017 tr = subR[23] ^ CAMELLIA_RL1(dw); 978 tr = subR[23] ^ ROL1(dw);
1018 CAMELLIA_SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ 979 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
1019 CAMELLIA_SUBKEY_R(26) = tr ^ subR[27]; 980 SUBKEY_R(26) = tr ^ subR[27];
1020 CAMELLIA_SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ 981 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
1021 CAMELLIA_SUBKEY_R(27) = subR[26] ^ subR[28]; 982 SUBKEY_R(27) = subR[26] ^ subR[28];
1022 CAMELLIA_SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */ 983 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
1023 CAMELLIA_SUBKEY_R(28) = subR[27] ^ subR[29]; 984 SUBKEY_R(28) = subR[27] ^ subR[29];
1024 CAMELLIA_SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */ 985 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
1025 CAMELLIA_SUBKEY_R(29) = subR[28] ^ subR[30]; 986 SUBKEY_R(29) = subR[28] ^ subR[30];
1026 CAMELLIA_SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */ 987 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
1027 CAMELLIA_SUBKEY_R(30) = subR[29] ^ subR[31]; 988 SUBKEY_R(30) = subR[29] ^ subR[31];
1028 CAMELLIA_SUBKEY_L(31) = subL[30]; /* round 24 */ 989 SUBKEY_L(31) = subL[30]; /* round 24 */
1029 CAMELLIA_SUBKEY_R(31) = subR[30]; 990 SUBKEY_R(31) = subR[30];
1030 CAMELLIA_SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */ 991 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
1031 CAMELLIA_SUBKEY_R(32) = subR[32] ^ subR[31]; 992 SUBKEY_R(32) = subR[32] ^ subR[31];
1032 993
1033 /* apply the inverse of the last half of P-function */ 994 /* apply the inverse of the last half of P-function */
1034 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2), 995 dw = SUBKEY_L(2) ^ SUBKEY_R(2); dw = ROL8(dw);/* round 1 */
1035 dw = CAMELLIA_RL8(dw);/* round 1 */ 996 SUBKEY_R(2) = SUBKEY_L(2) ^ dw; SUBKEY_L(2) = dw;
1036 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw, 997 dw = SUBKEY_L(3) ^ SUBKEY_R(3); dw = ROL8(dw);/* round 2 */
1037 CAMELLIA_SUBKEY_L(2) = dw; 998 SUBKEY_R(3) = SUBKEY_L(3) ^ dw; SUBKEY_L(3) = dw;
1038 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3), 999 dw = SUBKEY_L(4) ^ SUBKEY_R(4); dw = ROL8(dw);/* round 3 */
1039 dw = CAMELLIA_RL8(dw);/* round 2 */ 1000 SUBKEY_R(4) = SUBKEY_L(4) ^ dw; SUBKEY_L(4) = dw;
1040 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw, 1001 dw = SUBKEY_L(5) ^ SUBKEY_R(5); dw = ROL8(dw);/* round 4 */
1041 CAMELLIA_SUBKEY_L(3) = dw; 1002 SUBKEY_R(5) = SUBKEY_L(5) ^ dw; SUBKEY_L(5) = dw;
1042 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4), 1003 dw = SUBKEY_L(6) ^ SUBKEY_R(6); dw = ROL8(dw);/* round 5 */
1043 dw = CAMELLIA_RL8(dw);/* round 3 */ 1004 SUBKEY_R(6) = SUBKEY_L(6) ^ dw; SUBKEY_L(6) = dw;
1044 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw, 1005 dw = SUBKEY_L(7) ^ SUBKEY_R(7); dw = ROL8(dw);/* round 6 */
1045 CAMELLIA_SUBKEY_L(4) = dw; 1006 SUBKEY_R(7) = SUBKEY_L(7) ^ dw; SUBKEY_L(7) = dw;
1046 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5), 1007 dw = SUBKEY_L(10) ^ SUBKEY_R(10); dw = ROL8(dw);/* round 7 */
1047 dw = CAMELLIA_RL8(dw);/* round 4 */ 1008 SUBKEY_R(10) = SUBKEY_L(10) ^ dw; SUBKEY_L(10) = dw;
1048 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw, 1009 dw = SUBKEY_L(11) ^ SUBKEY_R(11); dw = ROL8(dw);/* round 8 */
1049 CAMELLIA_SUBKEY_L(5) = dw; 1010 SUBKEY_R(11) = SUBKEY_L(11) ^ dw; SUBKEY_L(11) = dw;
1050 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6), 1011 dw = SUBKEY_L(12) ^ SUBKEY_R(12); dw = ROL8(dw);/* round 9 */
1051 dw = CAMELLIA_RL8(dw);/* round 5 */ 1012 SUBKEY_R(12) = SUBKEY_L(12) ^ dw; SUBKEY_L(12) = dw;
1052 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw, 1013 dw = SUBKEY_L(13) ^ SUBKEY_R(13); dw = ROL8(dw);/* round 10 */
1053 CAMELLIA_SUBKEY_L(6) = dw; 1014 SUBKEY_R(13) = SUBKEY_L(13) ^ dw; SUBKEY_L(13) = dw;
1054 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7), 1015 dw = SUBKEY_L(14) ^ SUBKEY_R(14); dw = ROL8(dw);/* round 11 */
1055 dw = CAMELLIA_RL8(dw);/* round 6 */ 1016 SUBKEY_R(14) = SUBKEY_L(14) ^ dw; SUBKEY_L(14) = dw;
1056 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw, 1017 dw = SUBKEY_L(15) ^ SUBKEY_R(15); dw = ROL8(dw);/* round 12 */
1057 CAMELLIA_SUBKEY_L(7) = dw; 1018 SUBKEY_R(15) = SUBKEY_L(15) ^ dw; SUBKEY_L(15) = dw;
1058 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10), 1019 dw = SUBKEY_L(18) ^ SUBKEY_R(18); dw = ROL8(dw);/* round 13 */
1059 dw = CAMELLIA_RL8(dw);/* round 7 */ 1020 SUBKEY_R(18) = SUBKEY_L(18) ^ dw; SUBKEY_L(18) = dw;
1060 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw, 1021 dw = SUBKEY_L(19) ^ SUBKEY_R(19); dw = ROL8(dw);/* round 14 */
1061 CAMELLIA_SUBKEY_L(10) = dw; 1022 SUBKEY_R(19) = SUBKEY_L(19) ^ dw; SUBKEY_L(19) = dw;
1062 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11), 1023 dw = SUBKEY_L(20) ^ SUBKEY_R(20); dw = ROL8(dw);/* round 15 */
1063 dw = CAMELLIA_RL8(dw);/* round 8 */ 1024 SUBKEY_R(20) = SUBKEY_L(20) ^ dw; SUBKEY_L(20) = dw;
1064 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw, 1025 dw = SUBKEY_L(21) ^ SUBKEY_R(21); dw = ROL8(dw);/* round 16 */
1065 CAMELLIA_SUBKEY_L(11) = dw; 1026 SUBKEY_R(21) = SUBKEY_L(21) ^ dw; SUBKEY_L(21) = dw;
1066 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12), 1027 dw = SUBKEY_L(22) ^ SUBKEY_R(22); dw = ROL8(dw);/* round 17 */
1067 dw = CAMELLIA_RL8(dw);/* round 9 */ 1028 SUBKEY_R(22) = SUBKEY_L(22) ^ dw; SUBKEY_L(22) = dw;
1068 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw, 1029 dw = SUBKEY_L(23) ^ SUBKEY_R(23); dw = ROL8(dw);/* round 18 */
1069 CAMELLIA_SUBKEY_L(12) = dw; 1030 SUBKEY_R(23) = SUBKEY_L(23) ^ dw; SUBKEY_L(23) = dw;
1070 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13), 1031 dw = SUBKEY_L(26) ^ SUBKEY_R(26); dw = ROL8(dw);/* round 19 */
1071 dw = CAMELLIA_RL8(dw);/* round 10 */ 1032 SUBKEY_R(26) = SUBKEY_L(26) ^ dw; SUBKEY_L(26) = dw;
1072 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw, 1033 dw = SUBKEY_L(27) ^ SUBKEY_R(27); dw = ROL8(dw);/* round 20 */
1073 CAMELLIA_SUBKEY_L(13) = dw; 1034 SUBKEY_R(27) = SUBKEY_L(27) ^ dw; SUBKEY_L(27) = dw;
1074 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14), 1035 dw = SUBKEY_L(28) ^ SUBKEY_R(28); dw = ROL8(dw);/* round 21 */
1075 dw = CAMELLIA_RL8(dw);/* round 11 */ 1036 SUBKEY_R(28) = SUBKEY_L(28) ^ dw; SUBKEY_L(28) = dw;
1076 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw, 1037 dw = SUBKEY_L(29) ^ SUBKEY_R(29); dw = ROL8(dw);/* round 22 */
1077 CAMELLIA_SUBKEY_L(14) = dw; 1038 SUBKEY_R(29) = SUBKEY_L(29) ^ dw; SUBKEY_L(29) = dw;
1078 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15), 1039 dw = SUBKEY_L(30) ^ SUBKEY_R(30); dw = ROL8(dw);/* round 23 */
1079 dw = CAMELLIA_RL8(dw);/* round 12 */ 1040 SUBKEY_R(30) = SUBKEY_L(30) ^ dw; SUBKEY_L(30) = dw;
1080 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw, 1041 dw = SUBKEY_L(31) ^ SUBKEY_R(31); dw = ROL8(dw);/* round 24 */
1081 CAMELLIA_SUBKEY_L(15) = dw; 1042 SUBKEY_R(31) = SUBKEY_L(31) ^ dw; SUBKEY_L(31) = dw;
1082 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
1083 dw = CAMELLIA_RL8(dw);/* round 13 */
1084 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
1085 CAMELLIA_SUBKEY_L(18) = dw;
1086 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
1087 dw = CAMELLIA_RL8(dw);/* round 14 */
1088 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
1089 CAMELLIA_SUBKEY_L(19) = dw;
1090 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
1091 dw = CAMELLIA_RL8(dw);/* round 15 */
1092 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
1093 CAMELLIA_SUBKEY_L(20) = dw;
1094 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
1095 dw = CAMELLIA_RL8(dw);/* round 16 */
1096 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
1097 CAMELLIA_SUBKEY_L(21) = dw;
1098 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
1099 dw = CAMELLIA_RL8(dw);/* round 17 */
1100 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
1101 CAMELLIA_SUBKEY_L(22) = dw;
1102 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
1103 dw = CAMELLIA_RL8(dw);/* round 18 */
1104 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
1105 CAMELLIA_SUBKEY_L(23) = dw;
1106 dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26),
1107 dw = CAMELLIA_RL8(dw);/* round 19 */
1108 CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw,
1109 CAMELLIA_SUBKEY_L(26) = dw;
1110 dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27),
1111 dw = CAMELLIA_RL8(dw);/* round 20 */
1112 CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw,
1113 CAMELLIA_SUBKEY_L(27) = dw;
1114 dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28),
1115 dw = CAMELLIA_RL8(dw);/* round 21 */
1116 CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw,
1117 CAMELLIA_SUBKEY_L(28) = dw;
1118 dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29),
1119 dw = CAMELLIA_RL8(dw);/* round 22 */
1120 CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw,
1121 CAMELLIA_SUBKEY_L(29) = dw;
1122 dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30),
1123 dw = CAMELLIA_RL8(dw);/* round 23 */
1124 CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw,
1125 CAMELLIA_SUBKEY_L(30) = dw;
1126 dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31),
1127 dw = CAMELLIA_RL8(dw);/* round 24 */
1128 CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw,
1129 CAMELLIA_SUBKEY_L(31) = dw;
1130} 1043}
1131 1044
1132static void camellia_setup192(const unsigned char *key, u32 *subkey) 1045static void camellia_setup192(const unsigned char *key, u32 *subkey)
@@ -1145,424 +1058,400 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
1145} 1058}
1146 1059
1147 1060
1148static void camellia_encrypt128(const u32 *subkey, __be32 *io_text) 1061static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
1149{ 1062{
1150 u32 il,ir,t0,t1; /* temporary valiables */ 1063 u32 il,ir,t0,t1; /* temporary variables */
1151 1064
1152 u32 io[4]; 1065 u32 io[4];
1153 1066
1154 io[0] = be32_to_cpu(io_text[0]);
1155 io[1] = be32_to_cpu(io_text[1]);
1156 io[2] = be32_to_cpu(io_text[2]);
1157 io[3] = be32_to_cpu(io_text[3]);
1158
1159 /* pre whitening but absorb kw2 */ 1067 /* pre whitening but absorb kw2 */
1160 io[0] ^= CAMELLIA_SUBKEY_L(0); 1068 io[0] = io_text[0] ^ SUBKEY_L(0);
1161 io[1] ^= CAMELLIA_SUBKEY_R(0); 1069 io[1] = io_text[1] ^ SUBKEY_R(0);
1070 io[2] = io_text[2];
1071 io[3] = io_text[3];
1162 1072
1163 /* main iteration */ 1073 /* main iteration */
1164 CAMELLIA_ROUNDSM(io[0],io[1], 1074 CAMELLIA_ROUNDSM(io[0],io[1],
1165 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), 1075 SUBKEY_L(2),SUBKEY_R(2),
1166 io[2],io[3],il,ir,t0,t1); 1076 io[2],io[3],il,ir,t0,t1);
1167 CAMELLIA_ROUNDSM(io[2],io[3], 1077 CAMELLIA_ROUNDSM(io[2],io[3],
1168 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), 1078 SUBKEY_L(3),SUBKEY_R(3),
1169 io[0],io[1],il,ir,t0,t1); 1079 io[0],io[1],il,ir,t0,t1);
1170 CAMELLIA_ROUNDSM(io[0],io[1], 1080 CAMELLIA_ROUNDSM(io[0],io[1],
1171 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), 1081 SUBKEY_L(4),SUBKEY_R(4),
1172 io[2],io[3],il,ir,t0,t1); 1082 io[2],io[3],il,ir,t0,t1);
1173 CAMELLIA_ROUNDSM(io[2],io[3], 1083 CAMELLIA_ROUNDSM(io[2],io[3],
1174 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), 1084 SUBKEY_L(5),SUBKEY_R(5),
1175 io[0],io[1],il,ir,t0,t1); 1085 io[0],io[1],il,ir,t0,t1);
1176 CAMELLIA_ROUNDSM(io[0],io[1], 1086 CAMELLIA_ROUNDSM(io[0],io[1],
1177 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), 1087 SUBKEY_L(6),SUBKEY_R(6),
1178 io[2],io[3],il,ir,t0,t1); 1088 io[2],io[3],il,ir,t0,t1);
1179 CAMELLIA_ROUNDSM(io[2],io[3], 1089 CAMELLIA_ROUNDSM(io[2],io[3],
1180 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), 1090 SUBKEY_L(7),SUBKEY_R(7),
1181 io[0],io[1],il,ir,t0,t1); 1091 io[0],io[1],il,ir,t0,t1);
1182 1092
1183 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1093 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1184 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), 1094 SUBKEY_L(8),SUBKEY_R(8),
1185 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), 1095 SUBKEY_L(9),SUBKEY_R(9),
1186 t0,t1,il,ir); 1096 t0,t1,il,ir);
1187 1097
1188 CAMELLIA_ROUNDSM(io[0],io[1], 1098 CAMELLIA_ROUNDSM(io[0],io[1],
1189 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), 1099 SUBKEY_L(10),SUBKEY_R(10),
1190 io[2],io[3],il,ir,t0,t1); 1100 io[2],io[3],il,ir,t0,t1);
1191 CAMELLIA_ROUNDSM(io[2],io[3], 1101 CAMELLIA_ROUNDSM(io[2],io[3],
1192 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), 1102 SUBKEY_L(11),SUBKEY_R(11),
1193 io[0],io[1],il,ir,t0,t1); 1103 io[0],io[1],il,ir,t0,t1);
1194 CAMELLIA_ROUNDSM(io[0],io[1], 1104 CAMELLIA_ROUNDSM(io[0],io[1],
1195 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), 1105 SUBKEY_L(12),SUBKEY_R(12),
1196 io[2],io[3],il,ir,t0,t1); 1106 io[2],io[3],il,ir,t0,t1);
1197 CAMELLIA_ROUNDSM(io[2],io[3], 1107 CAMELLIA_ROUNDSM(io[2],io[3],
1198 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), 1108 SUBKEY_L(13),SUBKEY_R(13),
1199 io[0],io[1],il,ir,t0,t1); 1109 io[0],io[1],il,ir,t0,t1);
1200 CAMELLIA_ROUNDSM(io[0],io[1], 1110 CAMELLIA_ROUNDSM(io[0],io[1],
1201 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), 1111 SUBKEY_L(14),SUBKEY_R(14),
1202 io[2],io[3],il,ir,t0,t1); 1112 io[2],io[3],il,ir,t0,t1);
1203 CAMELLIA_ROUNDSM(io[2],io[3], 1113 CAMELLIA_ROUNDSM(io[2],io[3],
1204 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), 1114 SUBKEY_L(15),SUBKEY_R(15),
1205 io[0],io[1],il,ir,t0,t1); 1115 io[0],io[1],il,ir,t0,t1);
1206 1116
1207 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1117 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1208 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), 1118 SUBKEY_L(16),SUBKEY_R(16),
1209 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), 1119 SUBKEY_L(17),SUBKEY_R(17),
1210 t0,t1,il,ir); 1120 t0,t1,il,ir);
1211 1121
1212 CAMELLIA_ROUNDSM(io[0],io[1], 1122 CAMELLIA_ROUNDSM(io[0],io[1],
1213 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), 1123 SUBKEY_L(18),SUBKEY_R(18),
1214 io[2],io[3],il,ir,t0,t1); 1124 io[2],io[3],il,ir,t0,t1);
1215 CAMELLIA_ROUNDSM(io[2],io[3], 1125 CAMELLIA_ROUNDSM(io[2],io[3],
1216 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 1126 SUBKEY_L(19),SUBKEY_R(19),
1217 io[0],io[1],il,ir,t0,t1); 1127 io[0],io[1],il,ir,t0,t1);
1218 CAMELLIA_ROUNDSM(io[0],io[1], 1128 CAMELLIA_ROUNDSM(io[0],io[1],
1219 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 1129 SUBKEY_L(20),SUBKEY_R(20),
1220 io[2],io[3],il,ir,t0,t1); 1130 io[2],io[3],il,ir,t0,t1);
1221 CAMELLIA_ROUNDSM(io[2],io[3], 1131 CAMELLIA_ROUNDSM(io[2],io[3],
1222 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 1132 SUBKEY_L(21),SUBKEY_R(21),
1223 io[0],io[1],il,ir,t0,t1); 1133 io[0],io[1],il,ir,t0,t1);
1224 CAMELLIA_ROUNDSM(io[0],io[1], 1134 CAMELLIA_ROUNDSM(io[0],io[1],
1225 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 1135 SUBKEY_L(22),SUBKEY_R(22),
1226 io[2],io[3],il,ir,t0,t1); 1136 io[2],io[3],il,ir,t0,t1);
1227 CAMELLIA_ROUNDSM(io[2],io[3], 1137 CAMELLIA_ROUNDSM(io[2],io[3],
1228 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 1138 SUBKEY_L(23),SUBKEY_R(23),
1229 io[0],io[1],il,ir,t0,t1); 1139 io[0],io[1],il,ir,t0,t1);
1230 1140
1231 /* post whitening but kw4 */ 1141 /* post whitening but kw4 */
1232 io[2] ^= CAMELLIA_SUBKEY_L(24); 1142 io_text[0] = io[2] ^ SUBKEY_L(24);
1233 io[3] ^= CAMELLIA_SUBKEY_R(24); 1143 io_text[1] = io[3] ^ SUBKEY_R(24);
1234 1144 io_text[2] = io[0];
1235 io_text[0] = cpu_to_be32(io[2]); 1145 io_text[3] = io[1];
1236 io_text[1] = cpu_to_be32(io[3]);
1237 io_text[2] = cpu_to_be32(io[0]);
1238 io_text[3] = cpu_to_be32(io[1]);
1239} 1146}
1240 1147
1241static void camellia_decrypt128(const u32 *subkey, __be32 *io_text) 1148static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
1242{ 1149{
1243 u32 il,ir,t0,t1; /* temporary valiables */ 1150 u32 il,ir,t0,t1; /* temporary variables */
1244 1151
1245 u32 io[4]; 1152 u32 io[4];
1246 1153
1247 io[0] = be32_to_cpu(io_text[0]);
1248 io[1] = be32_to_cpu(io_text[1]);
1249 io[2] = be32_to_cpu(io_text[2]);
1250 io[3] = be32_to_cpu(io_text[3]);
1251
1252 /* pre whitening but absorb kw2 */ 1154 /* pre whitening but absorb kw2 */
1253 io[0] ^= CAMELLIA_SUBKEY_L(24); 1155 io[0] = io_text[0] ^ SUBKEY_L(24);
1254 io[1] ^= CAMELLIA_SUBKEY_R(24); 1156 io[1] = io_text[1] ^ SUBKEY_R(24);
1157 io[2] = io_text[2];
1158 io[3] = io_text[3];
1255 1159
1256 /* main iteration */ 1160 /* main iteration */
1257 CAMELLIA_ROUNDSM(io[0],io[1], 1161 CAMELLIA_ROUNDSM(io[0],io[1],
1258 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 1162 SUBKEY_L(23),SUBKEY_R(23),
1259 io[2],io[3],il,ir,t0,t1); 1163 io[2],io[3],il,ir,t0,t1);
1260 CAMELLIA_ROUNDSM(io[2],io[3], 1164 CAMELLIA_ROUNDSM(io[2],io[3],
1261 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 1165 SUBKEY_L(22),SUBKEY_R(22),
1262 io[0],io[1],il,ir,t0,t1); 1166 io[0],io[1],il,ir,t0,t1);
1263 CAMELLIA_ROUNDSM(io[0],io[1], 1167 CAMELLIA_ROUNDSM(io[0],io[1],
1264 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 1168 SUBKEY_L(21),SUBKEY_R(21),
1265 io[2],io[3],il,ir,t0,t1); 1169 io[2],io[3],il,ir,t0,t1);
1266 CAMELLIA_ROUNDSM(io[2],io[3], 1170 CAMELLIA_ROUNDSM(io[2],io[3],
1267 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 1171 SUBKEY_L(20),SUBKEY_R(20),
1268 io[0],io[1],il,ir,t0,t1); 1172 io[0],io[1],il,ir,t0,t1);
1269 CAMELLIA_ROUNDSM(io[0],io[1], 1173 CAMELLIA_ROUNDSM(io[0],io[1],
1270 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 1174 SUBKEY_L(19),SUBKEY_R(19),
1271 io[2],io[3],il,ir,t0,t1); 1175 io[2],io[3],il,ir,t0,t1);
1272 CAMELLIA_ROUNDSM(io[2],io[3], 1176 CAMELLIA_ROUNDSM(io[2],io[3],
1273 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), 1177 SUBKEY_L(18),SUBKEY_R(18),
1274 io[0],io[1],il,ir,t0,t1); 1178 io[0],io[1],il,ir,t0,t1);
1275 1179
1276 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1180 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1277 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), 1181 SUBKEY_L(17),SUBKEY_R(17),
1278 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), 1182 SUBKEY_L(16),SUBKEY_R(16),
1279 t0,t1,il,ir); 1183 t0,t1,il,ir);
1280 1184
1281 CAMELLIA_ROUNDSM(io[0],io[1], 1185 CAMELLIA_ROUNDSM(io[0],io[1],
1282 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), 1186 SUBKEY_L(15),SUBKEY_R(15),
1283 io[2],io[3],il,ir,t0,t1); 1187 io[2],io[3],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[2],io[3], 1188 CAMELLIA_ROUNDSM(io[2],io[3],
1285 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), 1189 SUBKEY_L(14),SUBKEY_R(14),
1286 io[0],io[1],il,ir,t0,t1); 1190 io[0],io[1],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[0],io[1], 1191 CAMELLIA_ROUNDSM(io[0],io[1],
1288 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), 1192 SUBKEY_L(13),SUBKEY_R(13),
1289 io[2],io[3],il,ir,t0,t1); 1193 io[2],io[3],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[2],io[3], 1194 CAMELLIA_ROUNDSM(io[2],io[3],
1291 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), 1195 SUBKEY_L(12),SUBKEY_R(12),
1292 io[0],io[1],il,ir,t0,t1); 1196 io[0],io[1],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[0],io[1], 1197 CAMELLIA_ROUNDSM(io[0],io[1],
1294 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), 1198 SUBKEY_L(11),SUBKEY_R(11),
1295 io[2],io[3],il,ir,t0,t1); 1199 io[2],io[3],il,ir,t0,t1);
1296 CAMELLIA_ROUNDSM(io[2],io[3], 1200 CAMELLIA_ROUNDSM(io[2],io[3],
1297 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), 1201 SUBKEY_L(10),SUBKEY_R(10),
1298 io[0],io[1],il,ir,t0,t1); 1202 io[0],io[1],il,ir,t0,t1);
1299 1203
1300 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1204 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1301 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), 1205 SUBKEY_L(9),SUBKEY_R(9),
1302 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), 1206 SUBKEY_L(8),SUBKEY_R(8),
1303 t0,t1,il,ir); 1207 t0,t1,il,ir);
1304 1208
1305 CAMELLIA_ROUNDSM(io[0],io[1], 1209 CAMELLIA_ROUNDSM(io[0],io[1],
1306 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), 1210 SUBKEY_L(7),SUBKEY_R(7),
1307 io[2],io[3],il,ir,t0,t1); 1211 io[2],io[3],il,ir,t0,t1);
1308 CAMELLIA_ROUNDSM(io[2],io[3], 1212 CAMELLIA_ROUNDSM(io[2],io[3],
1309 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), 1213 SUBKEY_L(6),SUBKEY_R(6),
1310 io[0],io[1],il,ir,t0,t1); 1214 io[0],io[1],il,ir,t0,t1);
1311 CAMELLIA_ROUNDSM(io[0],io[1], 1215 CAMELLIA_ROUNDSM(io[0],io[1],
1312 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), 1216 SUBKEY_L(5),SUBKEY_R(5),
1313 io[2],io[3],il,ir,t0,t1); 1217 io[2],io[3],il,ir,t0,t1);
1314 CAMELLIA_ROUNDSM(io[2],io[3], 1218 CAMELLIA_ROUNDSM(io[2],io[3],
1315 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), 1219 SUBKEY_L(4),SUBKEY_R(4),
1316 io[0],io[1],il,ir,t0,t1); 1220 io[0],io[1],il,ir,t0,t1);
1317 CAMELLIA_ROUNDSM(io[0],io[1], 1221 CAMELLIA_ROUNDSM(io[0],io[1],
1318 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), 1222 SUBKEY_L(3),SUBKEY_R(3),
1319 io[2],io[3],il,ir,t0,t1); 1223 io[2],io[3],il,ir,t0,t1);
1320 CAMELLIA_ROUNDSM(io[2],io[3], 1224 CAMELLIA_ROUNDSM(io[2],io[3],
1321 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), 1225 SUBKEY_L(2),SUBKEY_R(2),
1322 io[0],io[1],il,ir,t0,t1); 1226 io[0],io[1],il,ir,t0,t1);
1323 1227
1324 /* post whitening but kw4 */ 1228 /* post whitening but kw4 */
1325 io[2] ^= CAMELLIA_SUBKEY_L(0); 1229 io_text[0] = io[2] ^ SUBKEY_L(0);
1326 io[3] ^= CAMELLIA_SUBKEY_R(0); 1230 io_text[1] = io[3] ^ SUBKEY_R(0);
1327 1231 io_text[2] = io[0];
1328 io_text[0] = cpu_to_be32(io[2]); 1232 io_text[3] = io[1];
1329 io_text[1] = cpu_to_be32(io[3]);
1330 io_text[2] = cpu_to_be32(io[0]);
1331 io_text[3] = cpu_to_be32(io[1]);
1332} 1233}
1333 1234
1334static void camellia_encrypt256(const u32 *subkey, __be32 *io_text) 1235static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
1335{ 1236{
1336 u32 il,ir,t0,t1; /* temporary valiables */ 1237 u32 il,ir,t0,t1; /* temporary variables */
1337 1238
1338 u32 io[4]; 1239 u32 io[4];
1339 1240
1340 io[0] = be32_to_cpu(io_text[0]);
1341 io[1] = be32_to_cpu(io_text[1]);
1342 io[2] = be32_to_cpu(io_text[2]);
1343 io[3] = be32_to_cpu(io_text[3]);
1344
1345 /* pre whitening but absorb kw2 */ 1241 /* pre whitening but absorb kw2 */
1346 io[0] ^= CAMELLIA_SUBKEY_L(0); 1242 io[0] = io_text[0] ^ SUBKEY_L(0);
1347 io[1] ^= CAMELLIA_SUBKEY_R(0); 1243 io[1] = io_text[1] ^ SUBKEY_R(0);
1244 io[2] = io_text[2];
1245 io[3] = io_text[3];
1348 1246
1349 /* main iteration */ 1247 /* main iteration */
1350 CAMELLIA_ROUNDSM(io[0],io[1], 1248 CAMELLIA_ROUNDSM(io[0],io[1],
1351 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), 1249 SUBKEY_L(2),SUBKEY_R(2),
1352 io[2],io[3],il,ir,t0,t1); 1250 io[2],io[3],il,ir,t0,t1);
1353 CAMELLIA_ROUNDSM(io[2],io[3], 1251 CAMELLIA_ROUNDSM(io[2],io[3],
1354 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), 1252 SUBKEY_L(3),SUBKEY_R(3),
1355 io[0],io[1],il,ir,t0,t1); 1253 io[0],io[1],il,ir,t0,t1);
1356 CAMELLIA_ROUNDSM(io[0],io[1], 1254 CAMELLIA_ROUNDSM(io[0],io[1],
1357 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), 1255 SUBKEY_L(4),SUBKEY_R(4),
1358 io[2],io[3],il,ir,t0,t1); 1256 io[2],io[3],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[2],io[3], 1257 CAMELLIA_ROUNDSM(io[2],io[3],
1360 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), 1258 SUBKEY_L(5),SUBKEY_R(5),
1361 io[0],io[1],il,ir,t0,t1); 1259 io[0],io[1],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[0],io[1], 1260 CAMELLIA_ROUNDSM(io[0],io[1],
1363 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), 1261 SUBKEY_L(6),SUBKEY_R(6),
1364 io[2],io[3],il,ir,t0,t1); 1262 io[2],io[3],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[2],io[3], 1263 CAMELLIA_ROUNDSM(io[2],io[3],
1366 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), 1264 SUBKEY_L(7),SUBKEY_R(7),
1367 io[0],io[1],il,ir,t0,t1); 1265 io[0],io[1],il,ir,t0,t1);
1368 1266
1369 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1267 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1370 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), 1268 SUBKEY_L(8),SUBKEY_R(8),
1371 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), 1269 SUBKEY_L(9),SUBKEY_R(9),
1372 t0,t1,il,ir); 1270 t0,t1,il,ir);
1373 1271
1374 CAMELLIA_ROUNDSM(io[0],io[1], 1272 CAMELLIA_ROUNDSM(io[0],io[1],
1375 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), 1273 SUBKEY_L(10),SUBKEY_R(10),
1376 io[2],io[3],il,ir,t0,t1); 1274 io[2],io[3],il,ir,t0,t1);
1377 CAMELLIA_ROUNDSM(io[2],io[3], 1275 CAMELLIA_ROUNDSM(io[2],io[3],
1378 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), 1276 SUBKEY_L(11),SUBKEY_R(11),
1379 io[0],io[1],il,ir,t0,t1); 1277 io[0],io[1],il,ir,t0,t1);
1380 CAMELLIA_ROUNDSM(io[0],io[1], 1278 CAMELLIA_ROUNDSM(io[0],io[1],
1381 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), 1279 SUBKEY_L(12),SUBKEY_R(12),
1382 io[2],io[3],il,ir,t0,t1); 1280 io[2],io[3],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[2],io[3], 1281 CAMELLIA_ROUNDSM(io[2],io[3],
1384 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), 1282 SUBKEY_L(13),SUBKEY_R(13),
1385 io[0],io[1],il,ir,t0,t1); 1283 io[0],io[1],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[0],io[1], 1284 CAMELLIA_ROUNDSM(io[0],io[1],
1387 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), 1285 SUBKEY_L(14),SUBKEY_R(14),
1388 io[2],io[3],il,ir,t0,t1); 1286 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3], 1287 CAMELLIA_ROUNDSM(io[2],io[3],
1390 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), 1288 SUBKEY_L(15),SUBKEY_R(15),
1391 io[0],io[1],il,ir,t0,t1); 1289 io[0],io[1],il,ir,t0,t1);
1392 1290
1393 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1291 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1394 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), 1292 SUBKEY_L(16),SUBKEY_R(16),
1395 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), 1293 SUBKEY_L(17),SUBKEY_R(17),
1396 t0,t1,il,ir); 1294 t0,t1,il,ir);
1397 1295
1398 CAMELLIA_ROUNDSM(io[0],io[1], 1296 CAMELLIA_ROUNDSM(io[0],io[1],
1399 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), 1297 SUBKEY_L(18),SUBKEY_R(18),
1400 io[2],io[3],il,ir,t0,t1); 1298 io[2],io[3],il,ir,t0,t1);
1401 CAMELLIA_ROUNDSM(io[2],io[3], 1299 CAMELLIA_ROUNDSM(io[2],io[3],
1402 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 1300 SUBKEY_L(19),SUBKEY_R(19),
1403 io[0],io[1],il,ir,t0,t1); 1301 io[0],io[1],il,ir,t0,t1);
1404 CAMELLIA_ROUNDSM(io[0],io[1], 1302 CAMELLIA_ROUNDSM(io[0],io[1],
1405 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 1303 SUBKEY_L(20),SUBKEY_R(20),
1406 io[2],io[3],il,ir,t0,t1); 1304 io[2],io[3],il,ir,t0,t1);
1407 CAMELLIA_ROUNDSM(io[2],io[3], 1305 CAMELLIA_ROUNDSM(io[2],io[3],
1408 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 1306 SUBKEY_L(21),SUBKEY_R(21),
1409 io[0],io[1],il,ir,t0,t1); 1307 io[0],io[1],il,ir,t0,t1);
1410 CAMELLIA_ROUNDSM(io[0],io[1], 1308 CAMELLIA_ROUNDSM(io[0],io[1],
1411 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 1309 SUBKEY_L(22),SUBKEY_R(22),
1412 io[2],io[3],il,ir,t0,t1); 1310 io[2],io[3],il,ir,t0,t1);
1413 CAMELLIA_ROUNDSM(io[2],io[3], 1311 CAMELLIA_ROUNDSM(io[2],io[3],
1414 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 1312 SUBKEY_L(23),SUBKEY_R(23),
1415 io[0],io[1],il,ir,t0,t1); 1313 io[0],io[1],il,ir,t0,t1);
1416 1314
1417 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1315 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1418 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), 1316 SUBKEY_L(24),SUBKEY_R(24),
1419 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), 1317 SUBKEY_L(25),SUBKEY_R(25),
1420 t0,t1,il,ir); 1318 t0,t1,il,ir);
1421 1319
1422 CAMELLIA_ROUNDSM(io[0],io[1], 1320 CAMELLIA_ROUNDSM(io[0],io[1],
1423 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), 1321 SUBKEY_L(26),SUBKEY_R(26),
1424 io[2],io[3],il,ir,t0,t1); 1322 io[2],io[3],il,ir,t0,t1);
1425 CAMELLIA_ROUNDSM(io[2],io[3], 1323 CAMELLIA_ROUNDSM(io[2],io[3],
1426 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), 1324 SUBKEY_L(27),SUBKEY_R(27),
1427 io[0],io[1],il,ir,t0,t1); 1325 io[0],io[1],il,ir,t0,t1);
1428 CAMELLIA_ROUNDSM(io[0],io[1], 1326 CAMELLIA_ROUNDSM(io[0],io[1],
1429 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), 1327 SUBKEY_L(28),SUBKEY_R(28),
1430 io[2],io[3],il,ir,t0,t1); 1328 io[2],io[3],il,ir,t0,t1);
1431 CAMELLIA_ROUNDSM(io[2],io[3], 1329 CAMELLIA_ROUNDSM(io[2],io[3],
1432 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), 1330 SUBKEY_L(29),SUBKEY_R(29),
1433 io[0],io[1],il,ir,t0,t1); 1331 io[0],io[1],il,ir,t0,t1);
1434 CAMELLIA_ROUNDSM(io[0],io[1], 1332 CAMELLIA_ROUNDSM(io[0],io[1],
1435 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), 1333 SUBKEY_L(30),SUBKEY_R(30),
1436 io[2],io[3],il,ir,t0,t1); 1334 io[2],io[3],il,ir,t0,t1);
1437 CAMELLIA_ROUNDSM(io[2],io[3], 1335 CAMELLIA_ROUNDSM(io[2],io[3],
1438 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), 1336 SUBKEY_L(31),SUBKEY_R(31),
1439 io[0],io[1],il,ir,t0,t1); 1337 io[0],io[1],il,ir,t0,t1);
1440 1338
1441 /* post whitening but kw4 */ 1339 /* post whitening but kw4 */
1442 io[2] ^= CAMELLIA_SUBKEY_L(32); 1340 io_text[0] = io[2] ^ SUBKEY_L(32);
1443 io[3] ^= CAMELLIA_SUBKEY_R(32); 1341 io_text[1] = io[3] ^ SUBKEY_R(32);
1444 1342 io_text[2] = io[0];
1445 io_text[0] = cpu_to_be32(io[2]); 1343 io_text[3] = io[1];
1446 io_text[1] = cpu_to_be32(io[3]);
1447 io_text[2] = cpu_to_be32(io[0]);
1448 io_text[3] = cpu_to_be32(io[1]);
1449} 1344}
1450 1345
1451static void camellia_decrypt256(const u32 *subkey, __be32 *io_text) 1346static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
1452{ 1347{
1453 u32 il,ir,t0,t1; /* temporary valiables */ 1348 u32 il,ir,t0,t1; /* temporary variables */
1454 1349
1455 u32 io[4]; 1350 u32 io[4];
1456 1351
1457 io[0] = be32_to_cpu(io_text[0]);
1458 io[1] = be32_to_cpu(io_text[1]);
1459 io[2] = be32_to_cpu(io_text[2]);
1460 io[3] = be32_to_cpu(io_text[3]);
1461
1462 /* pre whitening but absorb kw2 */ 1352 /* pre whitening but absorb kw2 */
1463 io[0] ^= CAMELLIA_SUBKEY_L(32); 1353 io[0] = io_text[0] ^ SUBKEY_L(32);
1464 io[1] ^= CAMELLIA_SUBKEY_R(32); 1354 io[1] = io_text[1] ^ SUBKEY_R(32);
1355 io[2] = io_text[2];
1356 io[3] = io_text[3];
1465 1357
1466 /* main iteration */ 1358 /* main iteration */
1467 CAMELLIA_ROUNDSM(io[0],io[1], 1359 CAMELLIA_ROUNDSM(io[0],io[1],
1468 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), 1360 SUBKEY_L(31),SUBKEY_R(31),
1469 io[2],io[3],il,ir,t0,t1); 1361 io[2],io[3],il,ir,t0,t1);
1470 CAMELLIA_ROUNDSM(io[2],io[3], 1362 CAMELLIA_ROUNDSM(io[2],io[3],
1471 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), 1363 SUBKEY_L(30),SUBKEY_R(30),
1472 io[0],io[1],il,ir,t0,t1); 1364 io[0],io[1],il,ir,t0,t1);
1473 CAMELLIA_ROUNDSM(io[0],io[1], 1365 CAMELLIA_ROUNDSM(io[0],io[1],
1474 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), 1366 SUBKEY_L(29),SUBKEY_R(29),
1475 io[2],io[3],il,ir,t0,t1); 1367 io[2],io[3],il,ir,t0,t1);
1476 CAMELLIA_ROUNDSM(io[2],io[3], 1368 CAMELLIA_ROUNDSM(io[2],io[3],
1477 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), 1369 SUBKEY_L(28),SUBKEY_R(28),
1478 io[0],io[1],il,ir,t0,t1); 1370 io[0],io[1],il,ir,t0,t1);
1479 CAMELLIA_ROUNDSM(io[0],io[1], 1371 CAMELLIA_ROUNDSM(io[0],io[1],
1480 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), 1372 SUBKEY_L(27),SUBKEY_R(27),
1481 io[2],io[3],il,ir,t0,t1); 1373 io[2],io[3],il,ir,t0,t1);
1482 CAMELLIA_ROUNDSM(io[2],io[3], 1374 CAMELLIA_ROUNDSM(io[2],io[3],
1483 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), 1375 SUBKEY_L(26),SUBKEY_R(26),
1484 io[0],io[1],il,ir,t0,t1); 1376 io[0],io[1],il,ir,t0,t1);
1485 1377
1486 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1378 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1487 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), 1379 SUBKEY_L(25),SUBKEY_R(25),
1488 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), 1380 SUBKEY_L(24),SUBKEY_R(24),
1489 t0,t1,il,ir); 1381 t0,t1,il,ir);
1490 1382
1491 CAMELLIA_ROUNDSM(io[0],io[1], 1383 CAMELLIA_ROUNDSM(io[0],io[1],
1492 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 1384 SUBKEY_L(23),SUBKEY_R(23),
1493 io[2],io[3],il,ir,t0,t1); 1385 io[2],io[3],il,ir,t0,t1);
1494 CAMELLIA_ROUNDSM(io[2],io[3], 1386 CAMELLIA_ROUNDSM(io[2],io[3],
1495 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 1387 SUBKEY_L(22),SUBKEY_R(22),
1496 io[0],io[1],il,ir,t0,t1); 1388 io[0],io[1],il,ir,t0,t1);
1497 CAMELLIA_ROUNDSM(io[0],io[1], 1389 CAMELLIA_ROUNDSM(io[0],io[1],
1498 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 1390 SUBKEY_L(21),SUBKEY_R(21),
1499 io[2],io[3],il,ir,t0,t1); 1391 io[2],io[3],il,ir,t0,t1);
1500 CAMELLIA_ROUNDSM(io[2],io[3], 1392 CAMELLIA_ROUNDSM(io[2],io[3],
1501 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 1393 SUBKEY_L(20),SUBKEY_R(20),
1502 io[0],io[1],il,ir,t0,t1); 1394 io[0],io[1],il,ir,t0,t1);
1503 CAMELLIA_ROUNDSM(io[0],io[1], 1395 CAMELLIA_ROUNDSM(io[0],io[1],
1504 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 1396 SUBKEY_L(19),SUBKEY_R(19),
1505 io[2],io[3],il,ir,t0,t1); 1397 io[2],io[3],il,ir,t0,t1);
1506 CAMELLIA_ROUNDSM(io[2],io[3], 1398 CAMELLIA_ROUNDSM(io[2],io[3],
1507 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), 1399 SUBKEY_L(18),SUBKEY_R(18),
1508 io[0],io[1],il,ir,t0,t1); 1400 io[0],io[1],il,ir,t0,t1);
1509 1401
1510 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1402 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1511 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), 1403 SUBKEY_L(17),SUBKEY_R(17),
1512 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), 1404 SUBKEY_L(16),SUBKEY_R(16),
1513 t0,t1,il,ir); 1405 t0,t1,il,ir);
1514 1406
1515 CAMELLIA_ROUNDSM(io[0],io[1], 1407 CAMELLIA_ROUNDSM(io[0],io[1],
1516 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), 1408 SUBKEY_L(15),SUBKEY_R(15),
1517 io[2],io[3],il,ir,t0,t1); 1409 io[2],io[3],il,ir,t0,t1);
1518 CAMELLIA_ROUNDSM(io[2],io[3], 1410 CAMELLIA_ROUNDSM(io[2],io[3],
1519 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), 1411 SUBKEY_L(14),SUBKEY_R(14),
1520 io[0],io[1],il,ir,t0,t1); 1412 io[0],io[1],il,ir,t0,t1);
1521 CAMELLIA_ROUNDSM(io[0],io[1], 1413 CAMELLIA_ROUNDSM(io[0],io[1],
1522 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), 1414 SUBKEY_L(13),SUBKEY_R(13),
1523 io[2],io[3],il,ir,t0,t1); 1415 io[2],io[3],il,ir,t0,t1);
1524 CAMELLIA_ROUNDSM(io[2],io[3], 1416 CAMELLIA_ROUNDSM(io[2],io[3],
1525 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), 1417 SUBKEY_L(12),SUBKEY_R(12),
1526 io[0],io[1],il,ir,t0,t1); 1418 io[0],io[1],il,ir,t0,t1);
1527 CAMELLIA_ROUNDSM(io[0],io[1], 1419 CAMELLIA_ROUNDSM(io[0],io[1],
1528 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), 1420 SUBKEY_L(11),SUBKEY_R(11),
1529 io[2],io[3],il,ir,t0,t1); 1421 io[2],io[3],il,ir,t0,t1);
1530 CAMELLIA_ROUNDSM(io[2],io[3], 1422 CAMELLIA_ROUNDSM(io[2],io[3],
1531 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), 1423 SUBKEY_L(10),SUBKEY_R(10),
1532 io[0],io[1],il,ir,t0,t1); 1424 io[0],io[1],il,ir,t0,t1);
1533 1425
1534 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 1426 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1535 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), 1427 SUBKEY_L(9),SUBKEY_R(9),
1536 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), 1428 SUBKEY_L(8),SUBKEY_R(8),
1537 t0,t1,il,ir); 1429 t0,t1,il,ir);
1538 1430
1539 CAMELLIA_ROUNDSM(io[0],io[1], 1431 CAMELLIA_ROUNDSM(io[0],io[1],
1540 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), 1432 SUBKEY_L(7),SUBKEY_R(7),
1541 io[2],io[3],il,ir,t0,t1); 1433 io[2],io[3],il,ir,t0,t1);
1542 CAMELLIA_ROUNDSM(io[2],io[3], 1434 CAMELLIA_ROUNDSM(io[2],io[3],
1543 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), 1435 SUBKEY_L(6),SUBKEY_R(6),
1544 io[0],io[1],il,ir,t0,t1); 1436 io[0],io[1],il,ir,t0,t1);
1545 CAMELLIA_ROUNDSM(io[0],io[1], 1437 CAMELLIA_ROUNDSM(io[0],io[1],
1546 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), 1438 SUBKEY_L(5),SUBKEY_R(5),
1547 io[2],io[3],il,ir,t0,t1); 1439 io[2],io[3],il,ir,t0,t1);
1548 CAMELLIA_ROUNDSM(io[2],io[3], 1440 CAMELLIA_ROUNDSM(io[2],io[3],
1549 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), 1441 SUBKEY_L(4),SUBKEY_R(4),
1550 io[0],io[1],il,ir,t0,t1); 1442 io[0],io[1],il,ir,t0,t1);
1551 CAMELLIA_ROUNDSM(io[0],io[1], 1443 CAMELLIA_ROUNDSM(io[0],io[1],
1552 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), 1444 SUBKEY_L(3),SUBKEY_R(3),
1553 io[2],io[3],il,ir,t0,t1); 1445 io[2],io[3],il,ir,t0,t1);
1554 CAMELLIA_ROUNDSM(io[2],io[3], 1446 CAMELLIA_ROUNDSM(io[2],io[3],
1555 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), 1447 SUBKEY_L(2),SUBKEY_R(2),
1556 io[0],io[1],il,ir,t0,t1); 1448 io[0],io[1],il,ir,t0,t1);
1557 1449
1558 /* post whitening but kw4 */ 1450 /* post whitening but kw4 */
1559 io[2] ^= CAMELLIA_SUBKEY_L(0); 1451 io_text[0] = io[2] ^ SUBKEY_L(0);
1560 io[3] ^= CAMELLIA_SUBKEY_R(0); 1452 io_text[1] = io[3] ^ SUBKEY_R(0);
1561 1453 io_text[2] = io[0];
1562 io_text[0] = cpu_to_be32(io[2]); 1454 io_text[3] = io[1];
1563 io_text[1] = cpu_to_be32(io[3]);
1564 io_text[2] = cpu_to_be32(io[0]);
1565 io_text[3] = cpu_to_be32(io[1]);
1566} 1455}
1567 1456
1568 1457
@@ -1607,9 +1496,12 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1607 const __be32 *src = (const __be32 *)in; 1496 const __be32 *src = (const __be32 *)in;
1608 __be32 *dst = (__be32 *)out; 1497 __be32 *dst = (__be32 *)out;
1609 1498
1610 __be32 tmp[4]; 1499 u32 tmp[4];
1611 1500
1612 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); 1501 tmp[0] = be32_to_cpu(src[0]);
1502 tmp[1] = be32_to_cpu(src[1]);
1503 tmp[2] = be32_to_cpu(src[2]);
1504 tmp[3] = be32_to_cpu(src[3]);
1613 1505
1614 switch (cctx->key_length) { 1506 switch (cctx->key_length) {
1615 case 16: 1507 case 16:
@@ -1622,7 +1514,10 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1622 break; 1514 break;
1623 } 1515 }
1624 1516
1625 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); 1517 dst[0] = cpu_to_be32(tmp[0]);
1518 dst[1] = cpu_to_be32(tmp[1]);
1519 dst[2] = cpu_to_be32(tmp[2]);
1520 dst[3] = cpu_to_be32(tmp[3]);
1626} 1521}
1627 1522
1628static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 1523static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
@@ -1631,9 +1526,12 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1631 const __be32 *src = (const __be32 *)in; 1526 const __be32 *src = (const __be32 *)in;
1632 __be32 *dst = (__be32 *)out; 1527 __be32 *dst = (__be32 *)out;
1633 1528
1634 __be32 tmp[4]; 1529 u32 tmp[4];
1635 1530
1636 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); 1531 tmp[0] = be32_to_cpu(src[0]);
1532 tmp[1] = be32_to_cpu(src[1]);
1533 tmp[2] = be32_to_cpu(src[2]);
1534 tmp[3] = be32_to_cpu(src[3]);
1637 1535
1638 switch (cctx->key_length) { 1536 switch (cctx->key_length) {
1639 case 16: 1537 case 16:
@@ -1646,7 +1544,10 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1646 break; 1544 break;
1647 } 1545 }
1648 1546
1649 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); 1547 dst[0] = cpu_to_be32(tmp[0]);
1548 dst[1] = cpu_to_be32(tmp[1]);
1549 dst[2] = cpu_to_be32(tmp[2]);
1550 dst[3] = cpu_to_be32(tmp[3]);
1650} 1551}
1651 1552
1652static struct crypto_alg camellia_alg = { 1553static struct crypto_alg camellia_alg = {