diff options
Diffstat (limited to 'crypto/camellia.c')
-rw-r--r-- | crypto/camellia.c | 218 |
1 files changed, 84 insertions, 134 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c index 86af42e92916..493fee7e0a8b 100644 --- a/crypto/camellia.c +++ b/crypto/camellia.c | |||
@@ -393,8 +393,92 @@ static const u32 camellia_sp4404[256] = { | |||
393 | static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) | 393 | static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max) |
394 | { | 394 | { |
395 | u32 dw, tl, tr; | 395 | u32 dw, tl, tr; |
396 | u32 kw4l, kw4r; | ||
396 | int i; | 397 | int i; |
397 | 398 | ||
399 | /* absorb kw2 to other subkeys */ | ||
400 | /* round 2 */ | ||
401 | subL[3] ^= subL[1]; subR[3] ^= subR[1]; | ||
402 | /* round 4 */ | ||
403 | subL[5] ^= subL[1]; subR[5] ^= subR[1]; | ||
404 | /* round 6 */ | ||
405 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; | ||
406 | subL[1] ^= subR[1] & ~subR[9]; | ||
407 | dw = subL[1] & subL[9], | ||
408 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ | ||
409 | /* round 8 */ | ||
410 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; | ||
411 | /* round 10 */ | ||
412 | subL[13] ^= subL[1]; subR[13] ^= subR[1]; | ||
413 | /* round 12 */ | ||
414 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; | ||
415 | subL[1] ^= subR[1] & ~subR[17]; | ||
416 | dw = subL[1] & subL[17], | ||
417 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ | ||
418 | /* round 14 */ | ||
419 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; | ||
420 | /* round 16 */ | ||
421 | subL[21] ^= subL[1]; subR[21] ^= subR[1]; | ||
422 | /* round 18 */ | ||
423 | subL[23] ^= subL[1]; subR[23] ^= subR[1]; | ||
424 | if (max == 24) { | ||
425 | /* kw3 */ | ||
426 | subL[24] ^= subL[1]; subR[24] ^= subR[1]; | ||
427 | |||
428 | /* absorb kw4 to other subkeys */ | ||
429 | kw4l = subL[25]; kw4r = subR[25]; | ||
430 | } else { | ||
431 | subL[1] ^= subR[1] & ~subR[25]; | ||
432 | dw = subL[1] & subL[25], | ||
433 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */ | ||
434 | /* round 20 */ | ||
435 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; | ||
436 | /* round 22 */ | ||
437 | subL[29] ^= subL[1]; subR[29] ^= subR[1]; | ||
438 | /* round 24 */ | ||
439 | subL[31] ^= subL[1]; subR[31] ^= subR[1]; | ||
440 | /* kw3 */ | ||
441 | subL[32] ^= subL[1]; subR[32] ^= subR[1]; | ||
442 | |||
443 | /* absorb kw4 to other subkeys */ | ||
444 | kw4l = subL[33]; kw4r = subR[33]; | ||
445 | /* round 23 */ | ||
446 | subL[30] ^= kw4l; subR[30] ^= kw4r; | ||
447 | /* round 21 */ | ||
448 | subL[28] ^= kw4l; subR[28] ^= kw4r; | ||
449 | /* round 19 */ | ||
450 | subL[26] ^= kw4l; subR[26] ^= kw4r; | ||
451 | kw4l ^= kw4r & ~subR[24]; | ||
452 | dw = kw4l & subL[24], | ||
453 | kw4r ^= ROL1(dw); /* modified for FL(kl5) */ | ||
454 | } | ||
455 | /* round 17 */ | ||
456 | subL[22] ^= kw4l; subR[22] ^= kw4r; | ||
457 | /* round 15 */ | ||
458 | subL[20] ^= kw4l; subR[20] ^= kw4r; | ||
459 | /* round 13 */ | ||
460 | subL[18] ^= kw4l; subR[18] ^= kw4r; | ||
461 | kw4l ^= kw4r & ~subR[16]; | ||
462 | dw = kw4l & subL[16], | ||
463 | kw4r ^= ROL1(dw); /* modified for FL(kl3) */ | ||
464 | /* round 11 */ | ||
465 | subL[14] ^= kw4l; subR[14] ^= kw4r; | ||
466 | /* round 9 */ | ||
467 | subL[12] ^= kw4l; subR[12] ^= kw4r; | ||
468 | /* round 7 */ | ||
469 | subL[10] ^= kw4l; subR[10] ^= kw4r; | ||
470 | kw4l ^= kw4r & ~subR[8]; | ||
471 | dw = kw4l & subL[8], | ||
472 | kw4r ^= ROL1(dw); /* modified for FL(kl1) */ | ||
473 | /* round 5 */ | ||
474 | subL[6] ^= kw4l; subR[6] ^= kw4r; | ||
475 | /* round 3 */ | ||
476 | subL[4] ^= kw4l; subR[4] ^= kw4r; | ||
477 | /* round 1 */ | ||
478 | subL[2] ^= kw4l; subR[2] ^= kw4r; | ||
479 | /* kw1 */ | ||
480 | subL[0] ^= kw4l; subR[0] ^= kw4r; | ||
481 | |||
398 | /* key XOR is end of F-function */ | 482 | /* key XOR is end of F-function */ |
399 | SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ | 483 | SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ |
400 | SUBKEY_R(0) = subR[0] ^ subR[2]; | 484 | SUBKEY_R(0) = subR[0] ^ subR[2]; |
@@ -509,7 +593,6 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
509 | { | 593 | { |
510 | u32 kll, klr, krl, krr; | 594 | u32 kll, klr, krl, krr; |
511 | u32 il, ir, t0, t1, w0, w1; | 595 | u32 il, ir, t0, t1, w0, w1; |
512 | u32 kw4l, kw4r, dw; | ||
513 | u32 subL[26]; | 596 | u32 subL[26]; |
514 | u32 subR[26]; | 597 | u32 subR[26]; |
515 | 598 | ||
@@ -609,63 +692,6 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
609 | subL[24] = kll; subR[24] = klr; | 692 | subL[24] = kll; subR[24] = klr; |
610 | subL[25] = krl; subR[25] = krr; | 693 | subL[25] = krl; subR[25] = krr; |
611 | 694 | ||
612 | /* absorb kw2 to other subkeys */ | ||
613 | /* round 2 */ | ||
614 | subL[3] ^= subL[1]; subR[3] ^= subR[1]; | ||
615 | /* round 4 */ | ||
616 | subL[5] ^= subL[1]; subR[5] ^= subR[1]; | ||
617 | /* round 6 */ | ||
618 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; | ||
619 | subL[1] ^= subR[1] & ~subR[9]; | ||
620 | dw = subL[1] & subL[9], | ||
621 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ | ||
622 | /* round 8 */ | ||
623 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; | ||
624 | /* round 10 */ | ||
625 | subL[13] ^= subL[1]; subR[13] ^= subR[1]; | ||
626 | /* round 12 */ | ||
627 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; | ||
628 | subL[1] ^= subR[1] & ~subR[17]; | ||
629 | dw = subL[1] & subL[17], | ||
630 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ | ||
631 | /* round 14 */ | ||
632 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; | ||
633 | /* round 16 */ | ||
634 | subL[21] ^= subL[1]; subR[21] ^= subR[1]; | ||
635 | /* round 18 */ | ||
636 | subL[23] ^= subL[1]; subR[23] ^= subR[1]; | ||
637 | /* kw3 */ | ||
638 | subL[24] ^= subL[1]; subR[24] ^= subR[1]; | ||
639 | |||
640 | /* absorb kw4 to other subkeys */ | ||
641 | kw4l = subL[25]; kw4r = subR[25]; | ||
642 | /* round 17 */ | ||
643 | subL[22] ^= kw4l; subR[22] ^= kw4r; | ||
644 | /* round 15 */ | ||
645 | subL[20] ^= kw4l; subR[20] ^= kw4r; | ||
646 | /* round 13 */ | ||
647 | subL[18] ^= kw4l; subR[18] ^= kw4r; | ||
648 | kw4l ^= kw4r & ~subR[16]; | ||
649 | dw = kw4l & subL[16], | ||
650 | kw4r ^= ROL1(dw); /* modified for FL(kl3) */ | ||
651 | /* round 11 */ | ||
652 | subL[14] ^= kw4l; subR[14] ^= kw4r; | ||
653 | /* round 9 */ | ||
654 | subL[12] ^= kw4l; subR[12] ^= kw4r; | ||
655 | /* round 7 */ | ||
656 | subL[10] ^= kw4l; subR[10] ^= kw4r; | ||
657 | kw4l ^= kw4r & ~subR[8]; | ||
658 | dw = kw4l & subL[8], | ||
659 | kw4r ^= ROL1(dw); /* modified for FL(kl1) */ | ||
660 | /* round 5 */ | ||
661 | subL[6] ^= kw4l; subR[6] ^= kw4r; | ||
662 | /* round 3 */ | ||
663 | subL[4] ^= kw4l; subR[4] ^= kw4r; | ||
664 | /* round 1 */ | ||
665 | subL[2] ^= kw4l; subR[2] ^= kw4r; | ||
666 | /* kw1 */ | ||
667 | subL[0] ^= kw4l; subR[0] ^= kw4r; | ||
668 | |||
669 | camellia_setup_tail(subkey, subL, subR, 24); | 695 | camellia_setup_tail(subkey, subL, subR, 24); |
670 | } | 696 | } |
671 | 697 | ||
@@ -674,7 +700,6 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
674 | u32 kll, klr, krl, krr; /* left half of key */ | 700 | u32 kll, klr, krl, krr; /* left half of key */ |
675 | u32 krll, krlr, krrl, krrr; /* right half of key */ | 701 | u32 krll, krlr, krrl, krrr; /* right half of key */ |
676 | u32 il, ir, t0, t1, w0, w1; /* temporary variables */ | 702 | u32 il, ir, t0, t1, w0, w1; /* temporary variables */ |
677 | u32 kw4l, kw4r, dw; | ||
678 | u32 subL[34]; | 703 | u32 subL[34]; |
679 | u32 subR[34]; | 704 | u32 subR[34]; |
680 | 705 | ||
@@ -816,81 +841,6 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
816 | /* kw4 */ | 841 | /* kw4 */ |
817 | subL[33] = krrl; subR[33] = krrr; | 842 | subL[33] = krrl; subR[33] = krrr; |
818 | 843 | ||
819 | /* absorb kw2 to other subkeys */ | ||
820 | /* round 2 */ | ||
821 | subL[3] ^= subL[1]; subR[3] ^= subR[1]; | ||
822 | /* round 4 */ | ||
823 | subL[5] ^= subL[1]; subR[5] ^= subR[1]; | ||
824 | /* round 6 */ | ||
825 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; | ||
826 | subL[1] ^= subR[1] & ~subR[9]; | ||
827 | dw = subL[1] & subL[9], | ||
828 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ | ||
829 | /* round 8 */ | ||
830 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; | ||
831 | /* round 10 */ | ||
832 | subL[13] ^= subL[1]; subR[13] ^= subR[1]; | ||
833 | /* round 12 */ | ||
834 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; | ||
835 | subL[1] ^= subR[1] & ~subR[17]; | ||
836 | dw = subL[1] & subL[17], | ||
837 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ | ||
838 | /* round 14 */ | ||
839 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; | ||
840 | /* round 16 */ | ||
841 | subL[21] ^= subL[1]; subR[21] ^= subR[1]; | ||
842 | /* round 18 */ | ||
843 | subL[23] ^= subL[1]; subR[23] ^= subR[1]; | ||
844 | subL[1] ^= subR[1] & ~subR[25]; | ||
845 | dw = subL[1] & subL[25], | ||
846 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */ | ||
847 | /* round 20 */ | ||
848 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; | ||
849 | /* round 22 */ | ||
850 | subL[29] ^= subL[1]; subR[29] ^= subR[1]; | ||
851 | /* round 24 */ | ||
852 | subL[31] ^= subL[1]; subR[31] ^= subR[1]; | ||
853 | /* kw3 */ | ||
854 | subL[32] ^= subL[1]; subR[32] ^= subR[1]; | ||
855 | |||
856 | /* absorb kw4 to other subkeys */ | ||
857 | kw4l = subL[33]; kw4r = subR[33]; | ||
858 | /* round 23 */ | ||
859 | subL[30] ^= kw4l; subR[30] ^= kw4r; | ||
860 | /* round 21 */ | ||
861 | subL[28] ^= kw4l; subR[28] ^= kw4r; | ||
862 | /* round 19 */ | ||
863 | subL[26] ^= kw4l; subR[26] ^= kw4r; | ||
864 | kw4l ^= kw4r & ~subR[24]; | ||
865 | dw = kw4l & subL[24], | ||
866 | kw4r ^= ROL1(dw); /* modified for FL(kl5) */ | ||
867 | /* round 17 */ | ||
868 | subL[22] ^= kw4l; subR[22] ^= kw4r; | ||
869 | /* round 15 */ | ||
870 | subL[20] ^= kw4l; subR[20] ^= kw4r; | ||
871 | /* round 13 */ | ||
872 | subL[18] ^= kw4l; subR[18] ^= kw4r; | ||
873 | kw4l ^= kw4r & ~subR[16]; | ||
874 | dw = kw4l & subL[16], | ||
875 | kw4r ^= ROL1(dw); /* modified for FL(kl3) */ | ||
876 | /* round 11 */ | ||
877 | subL[14] ^= kw4l; subR[14] ^= kw4r; | ||
878 | /* round 9 */ | ||
879 | subL[12] ^= kw4l; subR[12] ^= kw4r; | ||
880 | /* round 7 */ | ||
881 | subL[10] ^= kw4l; subR[10] ^= kw4r; | ||
882 | kw4l ^= kw4r & ~subR[8]; | ||
883 | dw = kw4l & subL[8], | ||
884 | kw4r ^= ROL1(dw); /* modified for FL(kl1) */ | ||
885 | /* round 5 */ | ||
886 | subL[6] ^= kw4l; subR[6] ^= kw4r; | ||
887 | /* round 3 */ | ||
888 | subL[4] ^= kw4l; subR[4] ^= kw4r; | ||
889 | /* round 1 */ | ||
890 | subL[2] ^= kw4l; subR[2] ^= kw4r; | ||
891 | /* kw1 */ | ||
892 | subL[0] ^= kw4l; subR[0] ^= kw4r; | ||
893 | |||
894 | camellia_setup_tail(subkey, subL, subR, 32); | 844 | camellia_setup_tail(subkey, subL, subR, 32); |
895 | } | 845 | } |
896 | 846 | ||