aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/camellia.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/camellia.c')
-rw-r--r--crypto/camellia.c1781
1 files changed, 554 insertions, 1227 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c
index 6877ecfd90bb..493fee7e0a8b 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -36,176 +36,6 @@
36#include <linux/kernel.h> 36#include <linux/kernel.h>
37#include <linux/module.h> 37#include <linux/module.h>
38 38
39
40#define CAMELLIA_MIN_KEY_SIZE 16
41#define CAMELLIA_MAX_KEY_SIZE 32
42#define CAMELLIA_BLOCK_SIZE 16
43#define CAMELLIA_TABLE_BYTE_LEN 272
44#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
45
46typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
47
48
49/* key constants */
50
51#define CAMELLIA_SIGMA1L (0xA09E667FL)
52#define CAMELLIA_SIGMA1R (0x3BCC908BL)
53#define CAMELLIA_SIGMA2L (0xB67AE858L)
54#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
55#define CAMELLIA_SIGMA3L (0xC6EF372FL)
56#define CAMELLIA_SIGMA3R (0xE94F82BEL)
57#define CAMELLIA_SIGMA4L (0x54FF53A5L)
58#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
59#define CAMELLIA_SIGMA5L (0x10E527FAL)
60#define CAMELLIA_SIGMA5R (0xDE682D1DL)
61#define CAMELLIA_SIGMA6L (0xB05688C2L)
62#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
63
64struct camellia_ctx {
65 int key_length;
66 KEY_TABLE_TYPE key_table;
67};
68
69
70/*
71 * macros
72 */
73
74
75# define GETU32(pt) (((u32)(pt)[0] << 24) \
76 ^ ((u32)(pt)[1] << 16) \
77 ^ ((u32)(pt)[2] << 8) \
78 ^ ((u32)(pt)[3]))
79
80#define COPY4WORD(dst, src) \
81 do { \
82 (dst)[0]=(src)[0]; \
83 (dst)[1]=(src)[1]; \
84 (dst)[2]=(src)[2]; \
85 (dst)[3]=(src)[3]; \
86 }while(0)
87
88#define SWAP4WORD(word) \
89 do { \
90 CAMELLIA_SWAP4((word)[0]); \
91 CAMELLIA_SWAP4((word)[1]); \
92 CAMELLIA_SWAP4((word)[2]); \
93 CAMELLIA_SWAP4((word)[3]); \
94 }while(0)
95
96#define XOR4WORD(a, b)/* a = a ^ b */ \
97 do { \
98 (a)[0]^=(b)[0]; \
99 (a)[1]^=(b)[1]; \
100 (a)[2]^=(b)[2]; \
101 (a)[3]^=(b)[3]; \
102 }while(0)
103
104#define XOR4WORD2(a, b, c)/* a = b ^ c */ \
105 do { \
106 (a)[0]=(b)[0]^(c)[0]; \
107 (a)[1]=(b)[1]^(c)[1]; \
108 (a)[2]=(b)[2]^(c)[2]; \
109 (a)[3]=(b)[3]^(c)[3]; \
110 }while(0)
111
112#define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2])
113#define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
114
115/* rotation right shift 1byte */
116#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117/* rotation left shift 1bit */
118#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119/* rotation left shift 1byte */
120#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
121
122#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
123 do { \
124 w0 = ll; \
125 ll = (ll << bits) + (lr >> (32 - bits)); \
126 lr = (lr << bits) + (rl >> (32 - bits)); \
127 rl = (rl << bits) + (rr >> (32 - bits)); \
128 rr = (rr << bits) + (w0 >> (32 - bits)); \
129 } while(0)
130
131#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
132 do { \
133 w0 = ll; \
134 w1 = lr; \
135 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
136 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
137 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
138 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
139 } while(0)
140
141#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
142#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
143#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
144#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
145
146#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
147 do { \
148 il = xl ^ kl; \
149 ir = xr ^ kr; \
150 t0 = il >> 16; \
151 t1 = ir >> 16; \
152 yl = CAMELLIA_SP1110(ir & 0xff) \
153 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
154 ^ CAMELLIA_SP3033(t1 & 0xff) \
155 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
156 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
157 ^ CAMELLIA_SP0222(t0 & 0xff) \
158 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
159 ^ CAMELLIA_SP4404(il & 0xff); \
160 yl ^= yr; \
161 yr = CAMELLIA_RR8(yr); \
162 yr ^= yl; \
163 } while(0)
164
165
166/*
167 * for speed up
168 *
169 */
170#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
171 do { \
172 t0 = kll; \
173 t2 = krr; \
174 t0 &= ll; \
175 t2 |= rr; \
176 rl ^= t2; \
177 lr ^= CAMELLIA_RL1(t0); \
178 t3 = krl; \
179 t1 = klr; \
180 t3 &= rl; \
181 t1 |= lr; \
182 ll ^= t1; \
183 rr ^= CAMELLIA_RL1(t3); \
184 } while(0)
185
186#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
187 do { \
188 ir = CAMELLIA_SP1110(xr & 0xff); \
189 il = CAMELLIA_SP1110((xl>>24) & 0xff); \
190 ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
191 il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
192 ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
193 il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
194 ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
195 il ^= CAMELLIA_SP4404(xl & 0xff); \
196 il ^= kl; \
197 ir ^= il ^ kr; \
198 yl ^= ir; \
199 yr ^= CAMELLIA_RR8(il) ^ ir; \
200 } while(0)
201
202/**
203 * Stuff related to the Camellia key schedule
204 */
205#define SUBL(x) subL[(x)]
206#define SUBR(x) subR[(x)]
207
208
209static const u32 camellia_sp1110[256] = { 39static const u32 camellia_sp1110[256] = {
210 0x70707000,0x82828200,0x2c2c2c00,0xececec00, 40 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
211 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, 41 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
@@ -475,67 +305,348 @@ static const u32 camellia_sp4404[256] = {
475}; 305};
476 306
477 307
308#define CAMELLIA_MIN_KEY_SIZE 16
309#define CAMELLIA_MAX_KEY_SIZE 32
310#define CAMELLIA_BLOCK_SIZE 16
311#define CAMELLIA_TABLE_BYTE_LEN 272
312
313/*
314 * NB: L and R below stand for 'left' and 'right' as in written numbers.
315 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
316 * _not_ least significant ones!
317 */
318
319
320/* key constants */
321
322#define CAMELLIA_SIGMA1L (0xA09E667FL)
323#define CAMELLIA_SIGMA1R (0x3BCC908BL)
324#define CAMELLIA_SIGMA2L (0xB67AE858L)
325#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
326#define CAMELLIA_SIGMA3L (0xC6EF372FL)
327#define CAMELLIA_SIGMA3R (0xE94F82BEL)
328#define CAMELLIA_SIGMA4L (0x54FF53A5L)
329#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
330#define CAMELLIA_SIGMA5L (0x10E527FAL)
331#define CAMELLIA_SIGMA5R (0xDE682D1DL)
332#define CAMELLIA_SIGMA6L (0xB05688C2L)
333#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
334
335/*
336 * macros
337 */
338#define GETU32(v, pt) \
339 do { \
340 /* latest breed of gcc is clever enough to use move */ \
341 memcpy(&(v), (pt), 4); \
342 (v) = be32_to_cpu(v); \
343 } while(0)
344
345/* rotation right shift 1byte */
346#define ROR8(x) (((x) >> 8) + ((x) << 24))
347/* rotation left shift 1bit */
348#define ROL1(x) (((x) << 1) + ((x) >> 31))
349/* rotation left shift 1byte */
350#define ROL8(x) (((x) << 8) + ((x) >> 24))
351
352#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
353 do { \
354 w0 = ll; \
355 ll = (ll << bits) + (lr >> (32 - bits)); \
356 lr = (lr << bits) + (rl >> (32 - bits)); \
357 rl = (rl << bits) + (rr >> (32 - bits)); \
358 rr = (rr << bits) + (w0 >> (32 - bits)); \
359 } while(0)
360
361#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
362 do { \
363 w0 = ll; \
364 w1 = lr; \
365 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
366 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
367 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
368 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
369 } while(0)
370
371#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
372 do { \
373 il = xl ^ kl; \
374 ir = xr ^ kr; \
375 t0 = il >> 16; \
376 t1 = ir >> 16; \
377 yl = camellia_sp1110[(u8)(ir )] \
378 ^ camellia_sp0222[ (t1 >> 8)] \
379 ^ camellia_sp3033[(u8)(t1 )] \
380 ^ camellia_sp4404[(u8)(ir >> 8)]; \
381 yr = camellia_sp1110[ (t0 >> 8)] \
382 ^ camellia_sp0222[(u8)(t0 )] \
383 ^ camellia_sp3033[(u8)(il >> 8)] \
384 ^ camellia_sp4404[(u8)(il )]; \
385 yl ^= yr; \
386 yr = ROR8(yr); \
387 yr ^= yl; \
388 } while(0)
389
390#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
391#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
392
393static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
394{
395 u32 dw, tl, tr;
396 u32 kw4l, kw4r;
397 int i;
398
399 /* absorb kw2 to other subkeys */
400 /* round 2 */
401 subL[3] ^= subL[1]; subR[3] ^= subR[1];
402 /* round 4 */
403 subL[5] ^= subL[1]; subR[5] ^= subR[1];
404 /* round 6 */
405 subL[7] ^= subL[1]; subR[7] ^= subR[1];
406 subL[1] ^= subR[1] & ~subR[9];
407 dw = subL[1] & subL[9],
408 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
409 /* round 8 */
410 subL[11] ^= subL[1]; subR[11] ^= subR[1];
411 /* round 10 */
412 subL[13] ^= subL[1]; subR[13] ^= subR[1];
413 /* round 12 */
414 subL[15] ^= subL[1]; subR[15] ^= subR[1];
415 subL[1] ^= subR[1] & ~subR[17];
416 dw = subL[1] & subL[17],
417 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
418 /* round 14 */
419 subL[19] ^= subL[1]; subR[19] ^= subR[1];
420 /* round 16 */
421 subL[21] ^= subL[1]; subR[21] ^= subR[1];
422 /* round 18 */
423 subL[23] ^= subL[1]; subR[23] ^= subR[1];
424 if (max == 24) {
425 /* kw3 */
426 subL[24] ^= subL[1]; subR[24] ^= subR[1];
427
428 /* absorb kw4 to other subkeys */
429 kw4l = subL[25]; kw4r = subR[25];
430 } else {
431 subL[1] ^= subR[1] & ~subR[25];
432 dw = subL[1] & subL[25],
433 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
434 /* round 20 */
435 subL[27] ^= subL[1]; subR[27] ^= subR[1];
436 /* round 22 */
437 subL[29] ^= subL[1]; subR[29] ^= subR[1];
438 /* round 24 */
439 subL[31] ^= subL[1]; subR[31] ^= subR[1];
440 /* kw3 */
441 subL[32] ^= subL[1]; subR[32] ^= subR[1];
442
443 /* absorb kw4 to other subkeys */
444 kw4l = subL[33]; kw4r = subR[33];
445 /* round 23 */
446 subL[30] ^= kw4l; subR[30] ^= kw4r;
447 /* round 21 */
448 subL[28] ^= kw4l; subR[28] ^= kw4r;
449 /* round 19 */
450 subL[26] ^= kw4l; subR[26] ^= kw4r;
451 kw4l ^= kw4r & ~subR[24];
452 dw = kw4l & subL[24],
453 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
454 }
455 /* round 17 */
456 subL[22] ^= kw4l; subR[22] ^= kw4r;
457 /* round 15 */
458 subL[20] ^= kw4l; subR[20] ^= kw4r;
459 /* round 13 */
460 subL[18] ^= kw4l; subR[18] ^= kw4r;
461 kw4l ^= kw4r & ~subR[16];
462 dw = kw4l & subL[16],
463 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
464 /* round 11 */
465 subL[14] ^= kw4l; subR[14] ^= kw4r;
466 /* round 9 */
467 subL[12] ^= kw4l; subR[12] ^= kw4r;
468 /* round 7 */
469 subL[10] ^= kw4l; subR[10] ^= kw4r;
470 kw4l ^= kw4r & ~subR[8];
471 dw = kw4l & subL[8],
472 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
473 /* round 5 */
474 subL[6] ^= kw4l; subR[6] ^= kw4r;
475 /* round 3 */
476 subL[4] ^= kw4l; subR[4] ^= kw4r;
477 /* round 1 */
478 subL[2] ^= kw4l; subR[2] ^= kw4r;
479 /* kw1 */
480 subL[0] ^= kw4l; subR[0] ^= kw4r;
481
482 /* key XOR is end of F-function */
483 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
484 SUBKEY_R(0) = subR[0] ^ subR[2];
485 SUBKEY_L(2) = subL[3]; /* round 1 */
486 SUBKEY_R(2) = subR[3];
487 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
488 SUBKEY_R(3) = subR[2] ^ subR[4];
489 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
490 SUBKEY_R(4) = subR[3] ^ subR[5];
491 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
492 SUBKEY_R(5) = subR[4] ^ subR[6];
493 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
494 SUBKEY_R(6) = subR[5] ^ subR[7];
495 tl = subL[10] ^ (subR[10] & ~subR[8]);
496 dw = tl & subL[8], /* FL(kl1) */
497 tr = subR[10] ^ ROL1(dw);
498 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
499 SUBKEY_R(7) = subR[6] ^ tr;
500 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
501 SUBKEY_R(8) = subR[8];
502 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
503 SUBKEY_R(9) = subR[9];
504 tl = subL[7] ^ (subR[7] & ~subR[9]);
505 dw = tl & subL[9], /* FLinv(kl2) */
506 tr = subR[7] ^ ROL1(dw);
507 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
508 SUBKEY_R(10) = tr ^ subR[11];
509 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
510 SUBKEY_R(11) = subR[10] ^ subR[12];
511 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
512 SUBKEY_R(12) = subR[11] ^ subR[13];
513 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
514 SUBKEY_R(13) = subR[12] ^ subR[14];
515 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
516 SUBKEY_R(14) = subR[13] ^ subR[15];
517 tl = subL[18] ^ (subR[18] & ~subR[16]);
518 dw = tl & subL[16], /* FL(kl3) */
519 tr = subR[18] ^ ROL1(dw);
520 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
521 SUBKEY_R(15) = subR[14] ^ tr;
522 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
523 SUBKEY_R(16) = subR[16];
524 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
525 SUBKEY_R(17) = subR[17];
526 tl = subL[15] ^ (subR[15] & ~subR[17]);
527 dw = tl & subL[17], /* FLinv(kl4) */
528 tr = subR[15] ^ ROL1(dw);
529 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
530 SUBKEY_R(18) = tr ^ subR[19];
531 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
532 SUBKEY_R(19) = subR[18] ^ subR[20];
533 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
534 SUBKEY_R(20) = subR[19] ^ subR[21];
535 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
536 SUBKEY_R(21) = subR[20] ^ subR[22];
537 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
538 SUBKEY_R(22) = subR[21] ^ subR[23];
539 if (max == 24) {
540 SUBKEY_L(23) = subL[22]; /* round 18 */
541 SUBKEY_R(23) = subR[22];
542 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
543 SUBKEY_R(24) = subR[24] ^ subR[23];
544 } else {
545 tl = subL[26] ^ (subR[26] & ~subR[24]);
546 dw = tl & subL[24], /* FL(kl5) */
547 tr = subR[26] ^ ROL1(dw);
548 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
549 SUBKEY_R(23) = subR[22] ^ tr;
550 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
551 SUBKEY_R(24) = subR[24];
552 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
553 SUBKEY_R(25) = subR[25];
554 tl = subL[23] ^ (subR[23] & ~subR[25]);
555 dw = tl & subL[25], /* FLinv(kl6) */
556 tr = subR[23] ^ ROL1(dw);
557 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
558 SUBKEY_R(26) = tr ^ subR[27];
559 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
560 SUBKEY_R(27) = subR[26] ^ subR[28];
561 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
562 SUBKEY_R(28) = subR[27] ^ subR[29];
563 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
564 SUBKEY_R(29) = subR[28] ^ subR[30];
565 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
566 SUBKEY_R(30) = subR[29] ^ subR[31];
567 SUBKEY_L(31) = subL[30]; /* round 24 */
568 SUBKEY_R(31) = subR[30];
569 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
570 SUBKEY_R(32) = subR[32] ^ subR[31];
571 }
572
573 /* apply the inverse of the last half of P-function */
574 i = 2;
575 do {
576 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */
577 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
578 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */
579 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
580 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */
581 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
582 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */
583 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
584 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */
585 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
586 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */
587 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
588 i += 8;
589 } while (i < max);
590}
478 591
479static void camellia_setup128(const unsigned char *key, u32 *subkey) 592static void camellia_setup128(const unsigned char *key, u32 *subkey)
480{ 593{
481 u32 kll, klr, krl, krr; 594 u32 kll, klr, krl, krr;
482 u32 il, ir, t0, t1, w0, w1; 595 u32 il, ir, t0, t1, w0, w1;
483 u32 kw4l, kw4r, dw, tl, tr;
484 u32 subL[26]; 596 u32 subL[26];
485 u32 subR[26]; 597 u32 subR[26];
486 598
487 /** 599 /**
488 * k == kll || klr || krl || krr (|| is concatination) 600 * k == kll || klr || krl || krr (|| is concatenation)
489 */
490 kll = GETU32(key );
491 klr = GETU32(key + 4);
492 krl = GETU32(key + 8);
493 krr = GETU32(key + 12);
494 /**
495 * generate KL dependent subkeys
496 */ 601 */
602 GETU32(kll, key );
603 GETU32(klr, key + 4);
604 GETU32(krl, key + 8);
605 GETU32(krr, key + 12);
606
607 /* generate KL dependent subkeys */
497 /* kw1 */ 608 /* kw1 */
498 SUBL(0) = kll; SUBR(0) = klr; 609 subL[0] = kll; subR[0] = klr;
499 /* kw2 */ 610 /* kw2 */
500 SUBL(1) = krl; SUBR(1) = krr; 611 subL[1] = krl; subR[1] = krr;
501 /* rotation left shift 15bit */ 612 /* rotation left shift 15bit */
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 613 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 /* k3 */ 614 /* k3 */
504 SUBL(4) = kll; SUBR(4) = klr; 615 subL[4] = kll; subR[4] = klr;
505 /* k4 */ 616 /* k4 */
506 SUBL(5) = krl; SUBR(5) = krr; 617 subL[5] = krl; subR[5] = krr;
507 /* rotation left shift 15+30bit */ 618 /* rotation left shift 15+30bit */
508 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 619 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509 /* k7 */ 620 /* k7 */
510 SUBL(10) = kll; SUBR(10) = klr; 621 subL[10] = kll; subR[10] = klr;
511 /* k8 */ 622 /* k8 */
512 SUBL(11) = krl; SUBR(11) = krr; 623 subL[11] = krl; subR[11] = krr;
513 /* rotation left shift 15+30+15bit */ 624 /* rotation left shift 15+30+15bit */
514 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 625 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515 /* k10 */ 626 /* k10 */
516 SUBL(13) = krl; SUBR(13) = krr; 627 subL[13] = krl; subR[13] = krr;
517 /* rotation left shift 15+30+15+17 bit */ 628 /* rotation left shift 15+30+15+17 bit */
518 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 629 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519 /* kl3 */ 630 /* kl3 */
520 SUBL(16) = kll; SUBR(16) = klr; 631 subL[16] = kll; subR[16] = klr;
521 /* kl4 */ 632 /* kl4 */
522 SUBL(17) = krl; SUBR(17) = krr; 633 subL[17] = krl; subR[17] = krr;
523 /* rotation left shift 15+30+15+17+17 bit */ 634 /* rotation left shift 15+30+15+17+17 bit */
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 635 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525 /* k13 */ 636 /* k13 */
526 SUBL(18) = kll; SUBR(18) = klr; 637 subL[18] = kll; subR[18] = klr;
527 /* k14 */ 638 /* k14 */
528 SUBL(19) = krl; SUBR(19) = krr; 639 subL[19] = krl; subR[19] = krr;
529 /* rotation left shift 15+30+15+17+17+17 bit */ 640 /* rotation left shift 15+30+15+17+17+17 bit */
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 641 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531 /* k17 */ 642 /* k17 */
532 SUBL(22) = kll; SUBR(22) = klr; 643 subL[22] = kll; subR[22] = klr;
533 /* k18 */ 644 /* k18 */
534 SUBL(23) = krl; SUBR(23) = krr; 645 subL[23] = krl; subR[23] = krr;
535 646
536 /* generate KA */ 647 /* generate KA */
537 kll = SUBL(0); klr = SUBR(0); 648 kll = subL[0]; klr = subR[0];
538 krl = SUBL(1); krr = SUBR(1); 649 krl = subL[1]; krr = subR[1];
539 CAMELLIA_F(kll, klr, 650 CAMELLIA_F(kll, klr,
540 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 651 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541 w0, w1, il, ir, t0, t1); 652 w0, w1, il, ir, t0, t1);
@@ -555,306 +666,108 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey)
555 666
556 /* generate KA dependent subkeys */ 667 /* generate KA dependent subkeys */
557 /* k1, k2 */ 668 /* k1, k2 */
558 SUBL(2) = kll; SUBR(2) = klr; 669 subL[2] = kll; subR[2] = klr;
559 SUBL(3) = krl; SUBR(3) = krr; 670 subL[3] = krl; subR[3] = krr;
560 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 671 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561 /* k5,k6 */ 672 /* k5,k6 */
562 SUBL(6) = kll; SUBR(6) = klr; 673 subL[6] = kll; subR[6] = klr;
563 SUBL(7) = krl; SUBR(7) = krr; 674 subL[7] = krl; subR[7] = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 675 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 /* kl1, kl2 */ 676 /* kl1, kl2 */
566 SUBL(8) = kll; SUBR(8) = klr; 677 subL[8] = kll; subR[8] = klr;
567 SUBL(9) = krl; SUBR(9) = krr; 678 subL[9] = krl; subR[9] = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 679 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 /* k9 */ 680 /* k9 */
570 SUBL(12) = kll; SUBR(12) = klr; 681 subL[12] = kll; subR[12] = klr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 682 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 /* k11, k12 */ 683 /* k11, k12 */
573 SUBL(14) = kll; SUBR(14) = klr; 684 subL[14] = kll; subR[14] = klr;
574 SUBL(15) = krl; SUBR(15) = krr; 685 subL[15] = krl; subR[15] = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 686 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 /* k15, k16 */ 687 /* k15, k16 */
577 SUBL(20) = kll; SUBR(20) = klr; 688 subL[20] = kll; subR[20] = klr;
578 SUBL(21) = krl; SUBR(21) = krr; 689 subL[21] = krl; subR[21] = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 690 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 /* kw3, kw4 */ 691 /* kw3, kw4 */
581 SUBL(24) = kll; SUBR(24) = klr; 692 subL[24] = kll; subR[24] = klr;
582 SUBL(25) = krl; SUBR(25) = krr; 693 subL[25] = krl; subR[25] = krr;
583 694
584 695 camellia_setup_tail(subkey, subL, subR, 24);
585 /* absorb kw2 to other subkeys */
586 /* round 2 */
587 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
588 /* round 4 */
589 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
590 /* round 6 */
591 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
592 SUBL(1) ^= SUBR(1) & ~SUBR(9);
593 dw = SUBL(1) & SUBL(9),
594 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595 /* round 8 */
596 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
597 /* round 10 */
598 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
599 /* round 12 */
600 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
601 SUBL(1) ^= SUBR(1) & ~SUBR(17);
602 dw = SUBL(1) & SUBL(17),
603 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604 /* round 14 */
605 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
606 /* round 16 */
607 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
608 /* round 18 */
609 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
610 /* kw3 */
611 SUBL(24) ^= SUBL(1); SUBR(24) ^= SUBR(1);
612
613 /* absorb kw4 to other subkeys */
614 kw4l = SUBL(25); kw4r = SUBR(25);
615 /* round 17 */
616 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
617 /* round 15 */
618 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
619 /* round 13 */
620 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
621 kw4l ^= kw4r & ~SUBR(16);
622 dw = kw4l & SUBL(16),
623 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624 /* round 11 */
625 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
626 /* round 9 */
627 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
628 /* round 7 */
629 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
630 kw4l ^= kw4r & ~SUBR(8);
631 dw = kw4l & SUBL(8),
632 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633 /* round 5 */
634 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
635 /* round 3 */
636 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
637 /* round 1 */
638 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
639 /* kw1 */
640 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
641
642
643 /* key XOR is end of F-function */
644 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
645 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
646 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
647 CAMELLIA_SUBKEY_R(2) = SUBR(3);
648 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
649 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
650 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
651 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
652 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
653 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
654 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
655 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
656 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
657 dw = tl & SUBL(8), /* FL(kl1) */
658 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
659 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
660 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
661 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
662 CAMELLIA_SUBKEY_R(8) = SUBR(8);
663 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
664 CAMELLIA_SUBKEY_R(9) = SUBR(9);
665 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
666 dw = tl & SUBL(9), /* FLinv(kl2) */
667 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
668 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
669 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
670 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
671 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
672 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
673 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
674 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
675 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
676 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
677 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
678 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
679 dw = tl & SUBL(16), /* FL(kl3) */
680 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
681 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
682 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
683 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
684 CAMELLIA_SUBKEY_R(16) = SUBR(16);
685 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
686 CAMELLIA_SUBKEY_R(17) = SUBR(17);
687 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
688 dw = tl & SUBL(17), /* FLinv(kl4) */
689 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
690 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
691 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
692 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
693 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
694 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
695 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
696 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
697 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
698 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
699 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
700 CAMELLIA_SUBKEY_L(23) = SUBL(22); /* round 18 */
701 CAMELLIA_SUBKEY_R(23) = SUBR(22);
702 CAMELLIA_SUBKEY_L(24) = SUBL(24) ^ SUBL(23); /* kw3 */
703 CAMELLIA_SUBKEY_R(24) = SUBR(24) ^ SUBR(23);
704
705 /* apply the inverse of the last half of P-function */
706 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
707 dw = CAMELLIA_RL8(dw);/* round 1 */
708 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
709 CAMELLIA_SUBKEY_L(2) = dw;
710 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
711 dw = CAMELLIA_RL8(dw);/* round 2 */
712 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
713 CAMELLIA_SUBKEY_L(3) = dw;
714 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
715 dw = CAMELLIA_RL8(dw);/* round 3 */
716 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
717 CAMELLIA_SUBKEY_L(4) = dw;
718 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
719 dw = CAMELLIA_RL8(dw);/* round 4 */
720 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
721 CAMELLIA_SUBKEY_L(5) = dw;
722 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
723 dw = CAMELLIA_RL8(dw);/* round 5 */
724 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
725 CAMELLIA_SUBKEY_L(6) = dw;
726 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
727 dw = CAMELLIA_RL8(dw);/* round 6 */
728 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
729 CAMELLIA_SUBKEY_L(7) = dw;
730 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
731 dw = CAMELLIA_RL8(dw);/* round 7 */
732 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
733 CAMELLIA_SUBKEY_L(10) = dw;
734 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
735 dw = CAMELLIA_RL8(dw);/* round 8 */
736 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
737 CAMELLIA_SUBKEY_L(11) = dw;
738 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
739 dw = CAMELLIA_RL8(dw);/* round 9 */
740 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
741 CAMELLIA_SUBKEY_L(12) = dw;
742 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
743 dw = CAMELLIA_RL8(dw);/* round 10 */
744 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
745 CAMELLIA_SUBKEY_L(13) = dw;
746 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
747 dw = CAMELLIA_RL8(dw);/* round 11 */
748 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
749 CAMELLIA_SUBKEY_L(14) = dw;
750 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
751 dw = CAMELLIA_RL8(dw);/* round 12 */
752 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
753 CAMELLIA_SUBKEY_L(15) = dw;
754 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
755 dw = CAMELLIA_RL8(dw);/* round 13 */
756 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
757 CAMELLIA_SUBKEY_L(18) = dw;
758 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
759 dw = CAMELLIA_RL8(dw);/* round 14 */
760 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
761 CAMELLIA_SUBKEY_L(19) = dw;
762 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
763 dw = CAMELLIA_RL8(dw);/* round 15 */
764 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
765 CAMELLIA_SUBKEY_L(20) = dw;
766 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
767 dw = CAMELLIA_RL8(dw);/* round 16 */
768 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
769 CAMELLIA_SUBKEY_L(21) = dw;
770 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
771 dw = CAMELLIA_RL8(dw);/* round 17 */
772 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
773 CAMELLIA_SUBKEY_L(22) = dw;
774 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
775 dw = CAMELLIA_RL8(dw);/* round 18 */
776 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
777 CAMELLIA_SUBKEY_L(23) = dw;
778
779 return;
780} 696}
781 697
782
783static void camellia_setup256(const unsigned char *key, u32 *subkey) 698static void camellia_setup256(const unsigned char *key, u32 *subkey)
784{ 699{
785 u32 kll,klr,krl,krr; /* left half of key */ 700 u32 kll, klr, krl, krr; /* left half of key */
786 u32 krll,krlr,krrl,krrr; /* right half of key */ 701 u32 krll, krlr, krrl, krrr; /* right half of key */
787 u32 il, ir, t0, t1, w0, w1; /* temporary variables */ 702 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
788 u32 kw4l, kw4r, dw, tl, tr;
789 u32 subL[34]; 703 u32 subL[34];
790 u32 subR[34]; 704 u32 subR[34];
791 705
792 /** 706 /**
793 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 707 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
794 * (|| is concatination) 708 * (|| is concatenation)
795 */ 709 */
796 710 GETU32(kll, key );
797 kll = GETU32(key ); 711 GETU32(klr, key + 4);
798 klr = GETU32(key + 4); 712 GETU32(krl, key + 8);
799 krl = GETU32(key + 8); 713 GETU32(krr, key + 12);
800 krr = GETU32(key + 12); 714 GETU32(krll, key + 16);
801 krll = GETU32(key + 16); 715 GETU32(krlr, key + 20);
802 krlr = GETU32(key + 20); 716 GETU32(krrl, key + 24);
803 krrl = GETU32(key + 24); 717 GETU32(krrr, key + 28);
804 krrr = GETU32(key + 28);
805 718
806 /* generate KL dependent subkeys */ 719 /* generate KL dependent subkeys */
807 /* kw1 */ 720 /* kw1 */
808 SUBL(0) = kll; SUBR(0) = klr; 721 subL[0] = kll; subR[0] = klr;
809 /* kw2 */ 722 /* kw2 */
810 SUBL(1) = krl; SUBR(1) = krr; 723 subL[1] = krl; subR[1] = krr;
811 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 724 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812 /* k9 */ 725 /* k9 */
813 SUBL(12) = kll; SUBR(12) = klr; 726 subL[12] = kll; subR[12] = klr;
814 /* k10 */ 727 /* k10 */
815 SUBL(13) = krl; SUBR(13) = krr; 728 subL[13] = krl; subR[13] = krr;
816 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 729 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817 /* kl3 */ 730 /* kl3 */
818 SUBL(16) = kll; SUBR(16) = klr; 731 subL[16] = kll; subR[16] = klr;
819 /* kl4 */ 732 /* kl4 */
820 SUBL(17) = krl; SUBR(17) = krr; 733 subL[17] = krl; subR[17] = krr;
821 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 734 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822 /* k17 */ 735 /* k17 */
823 SUBL(22) = kll; SUBR(22) = klr; 736 subL[22] = kll; subR[22] = klr;
824 /* k18 */ 737 /* k18 */
825 SUBL(23) = krl; SUBR(23) = krr; 738 subL[23] = krl; subR[23] = krr;
826 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 739 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827 /* k23 */ 740 /* k23 */
828 SUBL(30) = kll; SUBR(30) = klr; 741 subL[30] = kll; subR[30] = klr;
829 /* k24 */ 742 /* k24 */
830 SUBL(31) = krl; SUBR(31) = krr; 743 subL[31] = krl; subR[31] = krr;
831 744
832 /* generate KR dependent subkeys */ 745 /* generate KR dependent subkeys */
833 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 746 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834 /* k3 */ 747 /* k3 */
835 SUBL(4) = krll; SUBR(4) = krlr; 748 subL[4] = krll; subR[4] = krlr;
836 /* k4 */ 749 /* k4 */
837 SUBL(5) = krrl; SUBR(5) = krrr; 750 subL[5] = krrl; subR[5] = krrr;
838 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 751 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839 /* kl1 */ 752 /* kl1 */
840 SUBL(8) = krll; SUBR(8) = krlr; 753 subL[8] = krll; subR[8] = krlr;
841 /* kl2 */ 754 /* kl2 */
842 SUBL(9) = krrl; SUBR(9) = krrr; 755 subL[9] = krrl; subR[9] = krrr;
843 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 756 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844 /* k13 */ 757 /* k13 */
845 SUBL(18) = krll; SUBR(18) = krlr; 758 subL[18] = krll; subR[18] = krlr;
846 /* k14 */ 759 /* k14 */
847 SUBL(19) = krrl; SUBR(19) = krrr; 760 subL[19] = krrl; subR[19] = krrr;
848 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 761 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849 /* k19 */ 762 /* k19 */
850 SUBL(26) = krll; SUBR(26) = krlr; 763 subL[26] = krll; subR[26] = krlr;
851 /* k20 */ 764 /* k20 */
852 SUBL(27) = krrl; SUBR(27) = krrr; 765 subL[27] = krrl; subR[27] = krrr;
853 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 766 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
854 767
855 /* generate KA */ 768 /* generate KA */
856 kll = SUBL(0) ^ krll; klr = SUBR(0) ^ krlr; 769 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
857 krl = SUBL(1) ^ krrl; krr = SUBR(1) ^ krrr; 770 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
858 CAMELLIA_F(kll, klr, 771 CAMELLIA_F(kll, klr,
859 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, 772 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
860 w0, w1, il, ir, t0, t1); 773 w0, w1, il, ir, t0, t1);
@@ -885,310 +798,50 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey)
885 krll ^= w0; krlr ^= w1; 798 krll ^= w0; krlr ^= w1;
886 799
887 /* generate KA dependent subkeys */ 800 /* generate KA dependent subkeys */
888 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 801 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889 /* k5 */ 802 /* k5 */
890 SUBL(6) = kll; SUBR(6) = klr; 803 subL[6] = kll; subR[6] = klr;
891 /* k6 */ 804 /* k6 */
892 SUBL(7) = krl; SUBR(7) = krr; 805 subL[7] = krl; subR[7] = krr;
893 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 806 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894 /* k11 */ 807 /* k11 */
895 SUBL(14) = kll; SUBR(14) = klr; 808 subL[14] = kll; subR[14] = klr;
896 /* k12 */ 809 /* k12 */
897 SUBL(15) = krl; SUBR(15) = krr; 810 subL[15] = krl; subR[15] = krr;
898 /* rotation left shift 32bit */ 811 /* rotation left shift 32bit */
899 /* kl5 */ 812 /* kl5 */
900 SUBL(24) = klr; SUBR(24) = krl; 813 subL[24] = klr; subR[24] = krl;
901 /* kl6 */ 814 /* kl6 */
902 SUBL(25) = krr; SUBR(25) = kll; 815 subL[25] = krr; subR[25] = kll;
903 /* rotation left shift 49 from k11,k12 -> k21,k22 */ 816 /* rotation left shift 49 from k11,k12 -> k21,k22 */
904 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 817 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905 /* k21 */ 818 /* k21 */
906 SUBL(28) = kll; SUBR(28) = klr; 819 subL[28] = kll; subR[28] = klr;
907 /* k22 */ 820 /* k22 */
908 SUBL(29) = krl; SUBR(29) = krr; 821 subL[29] = krl; subR[29] = krr;
909 822
910 /* generate KB dependent subkeys */ 823 /* generate KB dependent subkeys */
911 /* k1 */ 824 /* k1 */
912 SUBL(2) = krll; SUBR(2) = krlr; 825 subL[2] = krll; subR[2] = krlr;
913 /* k2 */ 826 /* k2 */
914 SUBL(3) = krrl; SUBR(3) = krrr; 827 subL[3] = krrl; subR[3] = krrr;
915 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 828 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916 /* k7 */ 829 /* k7 */
917 SUBL(10) = krll; SUBR(10) = krlr; 830 subL[10] = krll; subR[10] = krlr;
918 /* k8 */ 831 /* k8 */
919 SUBL(11) = krrl; SUBR(11) = krrr; 832 subL[11] = krrl; subR[11] = krrr;
920 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 833 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921 /* k15 */ 834 /* k15 */
922 SUBL(20) = krll; SUBR(20) = krlr; 835 subL[20] = krll; subR[20] = krlr;
923 /* k16 */ 836 /* k16 */
924 SUBL(21) = krrl; SUBR(21) = krrr; 837 subL[21] = krrl; subR[21] = krrr;
925 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 838 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926 /* kw3 */ 839 /* kw3 */
927 SUBL(32) = krll; SUBR(32) = krlr; 840 subL[32] = krll; subR[32] = krlr;
928 /* kw4 */ 841 /* kw4 */
929 SUBL(33) = krrl; SUBR(33) = krrr; 842 subL[33] = krrl; subR[33] = krrr;
930
931 /* absorb kw2 to other subkeys */
932 /* round 2 */
933 SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
934 /* round 4 */
935 SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
936 /* round 6 */
937 SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
938 SUBL(1) ^= SUBR(1) & ~SUBR(9);
939 dw = SUBL(1) & SUBL(9),
940 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941 /* round 8 */
942 SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
943 /* round 10 */
944 SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
945 /* round 12 */
946 SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
947 SUBL(1) ^= SUBR(1) & ~SUBR(17);
948 dw = SUBL(1) & SUBL(17),
949 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950 /* round 14 */
951 SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
952 /* round 16 */
953 SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
954 /* round 18 */
955 SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
956 SUBL(1) ^= SUBR(1) & ~SUBR(25);
957 dw = SUBL(1) & SUBL(25),
958 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959 /* round 20 */
960 SUBL(27) ^= SUBL(1); SUBR(27) ^= SUBR(1);
961 /* round 22 */
962 SUBL(29) ^= SUBL(1); SUBR(29) ^= SUBR(1);
963 /* round 24 */
964 SUBL(31) ^= SUBL(1); SUBR(31) ^= SUBR(1);
965 /* kw3 */
966 SUBL(32) ^= SUBL(1); SUBR(32) ^= SUBR(1);
967
968
969 /* absorb kw4 to other subkeys */
970 kw4l = SUBL(33); kw4r = SUBR(33);
971 /* round 23 */
972 SUBL(30) ^= kw4l; SUBR(30) ^= kw4r;
973 /* round 21 */
974 SUBL(28) ^= kw4l; SUBR(28) ^= kw4r;
975 /* round 19 */
976 SUBL(26) ^= kw4l; SUBR(26) ^= kw4r;
977 kw4l ^= kw4r & ~SUBR(24);
978 dw = kw4l & SUBL(24),
979 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980 /* round 17 */
981 SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
982 /* round 15 */
983 SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
984 /* round 13 */
985 SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
986 kw4l ^= kw4r & ~SUBR(16);
987 dw = kw4l & SUBL(16),
988 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989 /* round 11 */
990 SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
991 /* round 9 */
992 SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
993 /* round 7 */
994 SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
995 kw4l ^= kw4r & ~SUBR(8);
996 dw = kw4l & SUBL(8),
997 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998 /* round 5 */
999 SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
1000 /* round 3 */
1001 SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
1002 /* round 1 */
1003 SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
1004 /* kw1 */
1005 SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
1006 843
1007 /* key XOR is end of F-function */ 844 camellia_setup_tail(subkey, subL, subR, 32);
1008 CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
1009 CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
1010 CAMELLIA_SUBKEY_L(2) = SUBL(3); /* round 1 */
1011 CAMELLIA_SUBKEY_R(2) = SUBR(3);
1012 CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
1013 CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
1014 CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
1015 CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
1016 CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
1017 CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
1018 CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
1019 CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
1020 tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
1021 dw = tl & SUBL(8), /* FL(kl1) */
1022 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
1023 CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
1024 CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
1025 CAMELLIA_SUBKEY_L(8) = SUBL(8); /* FL(kl1) */
1026 CAMELLIA_SUBKEY_R(8) = SUBR(8);
1027 CAMELLIA_SUBKEY_L(9) = SUBL(9); /* FLinv(kl2) */
1028 CAMELLIA_SUBKEY_R(9) = SUBR(9);
1029 tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
1030 dw = tl & SUBL(9), /* FLinv(kl2) */
1031 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
1032 CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
1033 CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
1034 CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
1035 CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
1036 CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
1037 CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
1038 CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
1039 CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
1040 CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
1041 CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
1042 tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
1043 dw = tl & SUBL(16), /* FL(kl3) */
1044 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
1045 CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
1046 CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
1047 CAMELLIA_SUBKEY_L(16) = SUBL(16); /* FL(kl3) */
1048 CAMELLIA_SUBKEY_R(16) = SUBR(16);
1049 CAMELLIA_SUBKEY_L(17) = SUBL(17); /* FLinv(kl4) */
1050 CAMELLIA_SUBKEY_R(17) = SUBR(17);
1051 tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
1052 dw = tl & SUBL(17), /* FLinv(kl4) */
1053 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
1054 CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
1055 CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
1056 CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
1057 CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
1058 CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
1059 CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
1060 CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
1061 CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
1062 CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
1063 CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
1064 tl = SUBL(26) ^ (SUBR(26)
1065 & ~SUBR(24));
1066 dw = tl & SUBL(24), /* FL(kl5) */
1067 tr = SUBR(26) ^ CAMELLIA_RL1(dw);
1068 CAMELLIA_SUBKEY_L(23) = SUBL(22) ^ tl; /* round 18 */
1069 CAMELLIA_SUBKEY_R(23) = SUBR(22) ^ tr;
1070 CAMELLIA_SUBKEY_L(24) = SUBL(24); /* FL(kl5) */
1071 CAMELLIA_SUBKEY_R(24) = SUBR(24);
1072 CAMELLIA_SUBKEY_L(25) = SUBL(25); /* FLinv(kl6) */
1073 CAMELLIA_SUBKEY_R(25) = SUBR(25);
1074 tl = SUBL(23) ^ (SUBR(23) &
1075 ~SUBR(25));
1076 dw = tl & SUBL(25), /* FLinv(kl6) */
1077 tr = SUBR(23) ^ CAMELLIA_RL1(dw);
1078 CAMELLIA_SUBKEY_L(26) = tl ^ SUBL(27); /* round 19 */
1079 CAMELLIA_SUBKEY_R(26) = tr ^ SUBR(27);
1080 CAMELLIA_SUBKEY_L(27) = SUBL(26) ^ SUBL(28); /* round 20 */
1081 CAMELLIA_SUBKEY_R(27) = SUBR(26) ^ SUBR(28);
1082 CAMELLIA_SUBKEY_L(28) = SUBL(27) ^ SUBL(29); /* round 21 */
1083 CAMELLIA_SUBKEY_R(28) = SUBR(27) ^ SUBR(29);
1084 CAMELLIA_SUBKEY_L(29) = SUBL(28) ^ SUBL(30); /* round 22 */
1085 CAMELLIA_SUBKEY_R(29) = SUBR(28) ^ SUBR(30);
1086 CAMELLIA_SUBKEY_L(30) = SUBL(29) ^ SUBL(31); /* round 23 */
1087 CAMELLIA_SUBKEY_R(30) = SUBR(29) ^ SUBR(31);
1088 CAMELLIA_SUBKEY_L(31) = SUBL(30); /* round 24 */
1089 CAMELLIA_SUBKEY_R(31) = SUBR(30);
1090 CAMELLIA_SUBKEY_L(32) = SUBL(32) ^ SUBL(31); /* kw3 */
1091 CAMELLIA_SUBKEY_R(32) = SUBR(32) ^ SUBR(31);
1092
1093 /* apply the inverse of the last half of P-function */
1094 dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
1095 dw = CAMELLIA_RL8(dw);/* round 1 */
1096 CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
1097 CAMELLIA_SUBKEY_L(2) = dw;
1098 dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
1099 dw = CAMELLIA_RL8(dw);/* round 2 */
1100 CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
1101 CAMELLIA_SUBKEY_L(3) = dw;
1102 dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
1103 dw = CAMELLIA_RL8(dw);/* round 3 */
1104 CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
1105 CAMELLIA_SUBKEY_L(4) = dw;
1106 dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
1107 dw = CAMELLIA_RL8(dw);/* round 4 */
1108 CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
1109 CAMELLIA_SUBKEY_L(5) = dw;
1110 dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
1111 dw = CAMELLIA_RL8(dw);/* round 5 */
1112 CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
1113 CAMELLIA_SUBKEY_L(6) = dw;
1114 dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
1115 dw = CAMELLIA_RL8(dw);/* round 6 */
1116 CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
1117 CAMELLIA_SUBKEY_L(7) = dw;
1118 dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
1119 dw = CAMELLIA_RL8(dw);/* round 7 */
1120 CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
1121 CAMELLIA_SUBKEY_L(10) = dw;
1122 dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
1123 dw = CAMELLIA_RL8(dw);/* round 8 */
1124 CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
1125 CAMELLIA_SUBKEY_L(11) = dw;
1126 dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
1127 dw = CAMELLIA_RL8(dw);/* round 9 */
1128 CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
1129 CAMELLIA_SUBKEY_L(12) = dw;
1130 dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
1131 dw = CAMELLIA_RL8(dw);/* round 10 */
1132 CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
1133 CAMELLIA_SUBKEY_L(13) = dw;
1134 dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
1135 dw = CAMELLIA_RL8(dw);/* round 11 */
1136 CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
1137 CAMELLIA_SUBKEY_L(14) = dw;
1138 dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
1139 dw = CAMELLIA_RL8(dw);/* round 12 */
1140 CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
1141 CAMELLIA_SUBKEY_L(15) = dw;
1142 dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
1143 dw = CAMELLIA_RL8(dw);/* round 13 */
1144 CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
1145 CAMELLIA_SUBKEY_L(18) = dw;
1146 dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
1147 dw = CAMELLIA_RL8(dw);/* round 14 */
1148 CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
1149 CAMELLIA_SUBKEY_L(19) = dw;
1150 dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
1151 dw = CAMELLIA_RL8(dw);/* round 15 */
1152 CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
1153 CAMELLIA_SUBKEY_L(20) = dw;
1154 dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
1155 dw = CAMELLIA_RL8(dw);/* round 16 */
1156 CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
1157 CAMELLIA_SUBKEY_L(21) = dw;
1158 dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
1159 dw = CAMELLIA_RL8(dw);/* round 17 */
1160 CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
1161 CAMELLIA_SUBKEY_L(22) = dw;
1162 dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
1163 dw = CAMELLIA_RL8(dw);/* round 18 */
1164 CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
1165 CAMELLIA_SUBKEY_L(23) = dw;
1166 dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26),
1167 dw = CAMELLIA_RL8(dw);/* round 19 */
1168 CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw,
1169 CAMELLIA_SUBKEY_L(26) = dw;
1170 dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27),
1171 dw = CAMELLIA_RL8(dw);/* round 20 */
1172 CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw,
1173 CAMELLIA_SUBKEY_L(27) = dw;
1174 dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28),
1175 dw = CAMELLIA_RL8(dw);/* round 21 */
1176 CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw,
1177 CAMELLIA_SUBKEY_L(28) = dw;
1178 dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29),
1179 dw = CAMELLIA_RL8(dw);/* round 22 */
1180 CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw,
1181 CAMELLIA_SUBKEY_L(29) = dw;
1182 dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30),
1183 dw = CAMELLIA_RL8(dw);/* round 23 */
1184 CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw,
1185 CAMELLIA_SUBKEY_L(30) = dw;
1186 dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31),
1187 dw = CAMELLIA_RL8(dw);/* round 24 */
1188 CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw,
1189 CAMELLIA_SUBKEY_L(31) = dw;
1190
1191 return;
1192} 845}
1193 846
1194static void camellia_setup192(const unsigned char *key, u32 *subkey) 847static void camellia_setup192(const unsigned char *key, u32 *subkey)
@@ -1197,482 +850,168 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
1197 u32 krll, krlr, krrl,krrr; 850 u32 krll, krlr, krrl,krrr;
1198 851
1199 memcpy(kk, key, 24); 852 memcpy(kk, key, 24);
1200 memcpy((unsigned char *)&krll, key+16,4); 853 memcpy((unsigned char *)&krll, key+16, 4);
1201 memcpy((unsigned char *)&krlr, key+20,4); 854 memcpy((unsigned char *)&krlr, key+20, 4);
1202 krrl = ~krll; 855 krrl = ~krll;
1203 krrr = ~krlr; 856 krrr = ~krlr;
1204 memcpy(kk+24, (unsigned char *)&krrl, 4); 857 memcpy(kk+24, (unsigned char *)&krrl, 4);
1205 memcpy(kk+28, (unsigned char *)&krrr, 4); 858 memcpy(kk+28, (unsigned char *)&krrr, 4);
1206 camellia_setup256(kk, subkey); 859 camellia_setup256(kk, subkey);
1207 return;
1208} 860}
1209 861
1210 862
1211/** 863/*
1212 * Stuff related to camellia encryption/decryption 864 * Encrypt/decrypt
1213 */ 865 */
1214static void camellia_encrypt128(const u32 *subkey, __be32 *io_text) 866#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
1215{ 867 do { \
1216 u32 il,ir,t0,t1; /* temporary valiables */ 868 t0 = kll; \
1217 869 t2 = krr; \
1218 u32 io[4]; 870 t0 &= ll; \
1219 871 t2 |= rr; \
1220 io[0] = be32_to_cpu(io_text[0]); 872 rl ^= t2; \
1221 io[1] = be32_to_cpu(io_text[1]); 873 lr ^= ROL1(t0); \
1222 io[2] = be32_to_cpu(io_text[2]); 874 t3 = krl; \
1223 io[3] = be32_to_cpu(io_text[3]); 875 t1 = klr; \
1224 876 t3 &= rl; \
1225 /* pre whitening but absorb kw2*/ 877 t1 |= lr; \
1226 io[0] ^= CAMELLIA_SUBKEY_L(0); 878 ll ^= t1; \
1227 io[1] ^= CAMELLIA_SUBKEY_R(0); 879 rr ^= ROL1(t3); \
1228 /* main iteration */ 880 } while(0)
1229
1230 CAMELLIA_ROUNDSM(io[0],io[1],
1231 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1232 io[2],io[3],il,ir,t0,t1);
1233 CAMELLIA_ROUNDSM(io[2],io[3],
1234 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1235 io[0],io[1],il,ir,t0,t1);
1236 CAMELLIA_ROUNDSM(io[0],io[1],
1237 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1238 io[2],io[3],il,ir,t0,t1);
1239 CAMELLIA_ROUNDSM(io[2],io[3],
1240 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1241 io[0],io[1],il,ir,t0,t1);
1242 CAMELLIA_ROUNDSM(io[0],io[1],
1243 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1244 io[2],io[3],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[2],io[3],
1246 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1247 io[0],io[1],il,ir,t0,t1);
1248
1249 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1250 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1251 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1252 t0,t1,il,ir);
1253
1254 CAMELLIA_ROUNDSM(io[0],io[1],
1255 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1256 io[2],io[3],il,ir,t0,t1);
1257 CAMELLIA_ROUNDSM(io[2],io[3],
1258 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1259 io[0],io[1],il,ir,t0,t1);
1260 CAMELLIA_ROUNDSM(io[0],io[1],
1261 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1262 io[2],io[3],il,ir,t0,t1);
1263 CAMELLIA_ROUNDSM(io[2],io[3],
1264 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1265 io[0],io[1],il,ir,t0,t1);
1266 CAMELLIA_ROUNDSM(io[0],io[1],
1267 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1268 io[2],io[3],il,ir,t0,t1);
1269 CAMELLIA_ROUNDSM(io[2],io[3],
1270 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1271 io[0],io[1],il,ir,t0,t1);
1272
1273 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1274 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1275 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1276 t0,t1,il,ir);
1277
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1283 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_ROUNDSM(io[0],io[1],
1285 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1286 io[2],io[3],il,ir,t0,t1);
1287 CAMELLIA_ROUNDSM(io[2],io[3],
1288 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1289 io[0],io[1],il,ir,t0,t1);
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1295 io[0],io[1],il,ir,t0,t1);
1296 881
1297 /* post whitening but kw4 */ 882#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \
1298 io[2] ^= CAMELLIA_SUBKEY_L(24); 883 do { \
1299 io[3] ^= CAMELLIA_SUBKEY_R(24); 884 ir = camellia_sp1110[(u8)xr]; \
1300 885 il = camellia_sp1110[ (xl >> 24)]; \
1301 t0 = io[0]; 886 ir ^= camellia_sp0222[ (xr >> 24)]; \
1302 t1 = io[1]; 887 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
1303 io[0] = io[2]; 888 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
1304 io[1] = io[3]; 889 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
1305 io[2] = t0; 890 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
1306 io[3] = t1; 891 il ^= camellia_sp4404[(u8)xl]; \
1307 892 il ^= kl; \
1308 io_text[0] = cpu_to_be32(io[0]); 893 ir ^= il ^ kr; \
1309 io_text[1] = cpu_to_be32(io[1]); 894 yl ^= ir; \
1310 io_text[2] = cpu_to_be32(io[2]); 895 yr ^= ROR8(il) ^ ir; \
1311 io_text[3] = cpu_to_be32(io[3]); 896 } while(0)
1312
1313 return;
1314}
1315 897
1316static void camellia_decrypt128(const u32 *subkey, __be32 *io_text) 898/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
899static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
1317{ 900{
1318 u32 il,ir,t0,t1; /* temporary valiables */ 901 u32 il,ir,t0,t1; /* temporary variables */
1319 902
1320 u32 io[4]; 903 /* pre whitening but absorb kw2 */
1321 904 io[0] ^= SUBKEY_L(0);
1322 io[0] = be32_to_cpu(io_text[0]); 905 io[1] ^= SUBKEY_R(0);
1323 io[1] = be32_to_cpu(io_text[1]);
1324 io[2] = be32_to_cpu(io_text[2]);
1325 io[3] = be32_to_cpu(io_text[3]);
1326
1327 /* pre whitening but absorb kw2*/
1328 io[0] ^= CAMELLIA_SUBKEY_L(24);
1329 io[1] ^= CAMELLIA_SUBKEY_R(24);
1330 906
1331 /* main iteration */ 907 /* main iteration */
1332 CAMELLIA_ROUNDSM(io[0],io[1], 908#define ROUNDS(i) do { \
1333 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 909 CAMELLIA_ROUNDSM(io[0],io[1], \
1334 io[2],io[3],il,ir,t0,t1); 910 SUBKEY_L(i + 2),SUBKEY_R(i + 2), \
1335 CAMELLIA_ROUNDSM(io[2],io[3], 911 io[2],io[3],il,ir); \
1336 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 912 CAMELLIA_ROUNDSM(io[2],io[3], \
1337 io[0],io[1],il,ir,t0,t1); 913 SUBKEY_L(i + 3),SUBKEY_R(i + 3), \
1338 CAMELLIA_ROUNDSM(io[0],io[1], 914 io[0],io[1],il,ir); \
1339 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 915 CAMELLIA_ROUNDSM(io[0],io[1], \
1340 io[2],io[3],il,ir,t0,t1); 916 SUBKEY_L(i + 4),SUBKEY_R(i + 4), \
1341 CAMELLIA_ROUNDSM(io[2],io[3], 917 io[2],io[3],il,ir); \
1342 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 918 CAMELLIA_ROUNDSM(io[2],io[3], \
1343 io[0],io[1],il,ir,t0,t1); 919 SUBKEY_L(i + 5),SUBKEY_R(i + 5), \
1344 CAMELLIA_ROUNDSM(io[0],io[1], 920 io[0],io[1],il,ir); \
1345 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 921 CAMELLIA_ROUNDSM(io[0],io[1], \
1346 io[2],io[3],il,ir,t0,t1); 922 SUBKEY_L(i + 6),SUBKEY_R(i + 6), \
1347 CAMELLIA_ROUNDSM(io[2],io[3], 923 io[2],io[3],il,ir); \
1348 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), 924 CAMELLIA_ROUNDSM(io[2],io[3], \
1349 io[0],io[1],il,ir,t0,t1); 925 SUBKEY_L(i + 7),SUBKEY_R(i + 7), \
1350 926 io[0],io[1],il,ir); \
1351 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 927} while (0)
1352 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), 928#define FLS(i) do { \
1353 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), 929 CAMELLIA_FLS(io[0],io[1],io[2],io[3], \
1354 t0,t1,il,ir); 930 SUBKEY_L(i + 0),SUBKEY_R(i + 0), \
1355 931 SUBKEY_L(i + 1),SUBKEY_R(i + 1), \
1356 CAMELLIA_ROUNDSM(io[0],io[1], 932 t0,t1,il,ir); \
1357 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), 933} while (0)
1358 io[2],io[3],il,ir,t0,t1); 934
1359 CAMELLIA_ROUNDSM(io[2],io[3], 935 ROUNDS(0);
1360 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), 936 FLS(8);
1361 io[0],io[1],il,ir,t0,t1); 937 ROUNDS(8);
1362 CAMELLIA_ROUNDSM(io[0],io[1], 938 FLS(16);
1363 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), 939 ROUNDS(16);
1364 io[2],io[3],il,ir,t0,t1); 940 if (max == 32) {
1365 CAMELLIA_ROUNDSM(io[2],io[3], 941 FLS(24);
1366 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), 942 ROUNDS(24);
1367 io[0],io[1],il,ir,t0,t1); 943 }
1368 CAMELLIA_ROUNDSM(io[0],io[1],
1369 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1370 io[2],io[3],il,ir,t0,t1);
1371 CAMELLIA_ROUNDSM(io[2],io[3],
1372 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1373 io[0],io[1],il,ir,t0,t1);
1374
1375 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1376 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1377 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1378 t0,t1,il,ir);
1379
1380 CAMELLIA_ROUNDSM(io[0],io[1],
1381 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1382 io[2],io[3],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[2],io[3],
1384 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1385 io[0],io[1],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1388 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1391 io[0],io[1],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[0],io[1],
1393 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1394 io[2],io[3],il,ir,t0,t1);
1395 CAMELLIA_ROUNDSM(io[2],io[3],
1396 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1397 io[0],io[1],il,ir,t0,t1);
1398
1399 /* post whitening but kw4 */
1400 io[2] ^= CAMELLIA_SUBKEY_L(0);
1401 io[3] ^= CAMELLIA_SUBKEY_R(0);
1402
1403 t0 = io[0];
1404 t1 = io[1];
1405 io[0] = io[2];
1406 io[1] = io[3];
1407 io[2] = t0;
1408 io[3] = t1;
1409
1410 io_text[0] = cpu_to_be32(io[0]);
1411 io_text[1] = cpu_to_be32(io[1]);
1412 io_text[2] = cpu_to_be32(io[2]);
1413 io_text[3] = cpu_to_be32(io[3]);
1414
1415 return;
1416}
1417
1418
1419/**
1420 * stuff for 192 and 256bit encryption/decryption
1421 */
1422static void camellia_encrypt256(const u32 *subkey, __be32 *io_text)
1423{
1424 u32 il,ir,t0,t1; /* temporary valiables */
1425
1426 u32 io[4];
1427
1428 io[0] = be32_to_cpu(io_text[0]);
1429 io[1] = be32_to_cpu(io_text[1]);
1430 io[2] = be32_to_cpu(io_text[2]);
1431 io[3] = be32_to_cpu(io_text[3]);
1432 944
1433 /* pre whitening but absorb kw2*/ 945#undef ROUNDS
1434 io[0] ^= CAMELLIA_SUBKEY_L(0); 946#undef FLS
1435 io[1] ^= CAMELLIA_SUBKEY_R(0);
1436
1437 /* main iteration */
1438 CAMELLIA_ROUNDSM(io[0],io[1],
1439 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1440 io[2],io[3],il,ir,t0,t1);
1441 CAMELLIA_ROUNDSM(io[2],io[3],
1442 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1443 io[0],io[1],il,ir,t0,t1);
1444 CAMELLIA_ROUNDSM(io[0],io[1],
1445 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1446 io[2],io[3],il,ir,t0,t1);
1447 CAMELLIA_ROUNDSM(io[2],io[3],
1448 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1449 io[0],io[1],il,ir,t0,t1);
1450 CAMELLIA_ROUNDSM(io[0],io[1],
1451 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1452 io[2],io[3],il,ir,t0,t1);
1453 CAMELLIA_ROUNDSM(io[2],io[3],
1454 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1455 io[0],io[1],il,ir,t0,t1);
1456
1457 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1458 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1459 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1460 t0,t1,il,ir);
1461
1462 CAMELLIA_ROUNDSM(io[0],io[1],
1463 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1464 io[2],io[3],il,ir,t0,t1);
1465 CAMELLIA_ROUNDSM(io[2],io[3],
1466 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1467 io[0],io[1],il,ir,t0,t1);
1468 CAMELLIA_ROUNDSM(io[0],io[1],
1469 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1470 io[2],io[3],il,ir,t0,t1);
1471 CAMELLIA_ROUNDSM(io[2],io[3],
1472 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1473 io[0],io[1],il,ir,t0,t1);
1474 CAMELLIA_ROUNDSM(io[0],io[1],
1475 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1476 io[2],io[3],il,ir,t0,t1);
1477 CAMELLIA_ROUNDSM(io[2],io[3],
1478 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1479 io[0],io[1],il,ir,t0,t1);
1480
1481 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1482 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1483 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1484 t0,t1,il,ir);
1485
1486 CAMELLIA_ROUNDSM(io[0],io[1],
1487 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1488 io[2],io[3],il,ir,t0,t1);
1489 CAMELLIA_ROUNDSM(io[2],io[3],
1490 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1491 io[0],io[1],il,ir,t0,t1);
1492 CAMELLIA_ROUNDSM(io[0],io[1],
1493 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1494 io[2],io[3],il,ir,t0,t1);
1495 CAMELLIA_ROUNDSM(io[2],io[3],
1496 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1497 io[0],io[1],il,ir,t0,t1);
1498 CAMELLIA_ROUNDSM(io[0],io[1],
1499 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1500 io[2],io[3],il,ir,t0,t1);
1501 CAMELLIA_ROUNDSM(io[2],io[3],
1502 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1503 io[0],io[1],il,ir,t0,t1);
1504
1505 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1506 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1507 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1508 t0,t1,il,ir);
1509
1510 CAMELLIA_ROUNDSM(io[0],io[1],
1511 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1512 io[2],io[3],il,ir,t0,t1);
1513 CAMELLIA_ROUNDSM(io[2],io[3],
1514 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1515 io[0],io[1],il,ir,t0,t1);
1516 CAMELLIA_ROUNDSM(io[0],io[1],
1517 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1518 io[2],io[3],il,ir,t0,t1);
1519 CAMELLIA_ROUNDSM(io[2],io[3],
1520 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1521 io[0],io[1],il,ir,t0,t1);
1522 CAMELLIA_ROUNDSM(io[0],io[1],
1523 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1524 io[2],io[3],il,ir,t0,t1);
1525 CAMELLIA_ROUNDSM(io[2],io[3],
1526 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1527 io[0],io[1],il,ir,t0,t1);
1528 947
1529 /* post whitening but kw4 */ 948 /* post whitening but kw4 */
1530 io[2] ^= CAMELLIA_SUBKEY_L(32); 949 io[2] ^= SUBKEY_L(max);
1531 io[3] ^= CAMELLIA_SUBKEY_R(32); 950 io[3] ^= SUBKEY_R(max);
1532 951 /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
1533 t0 = io[0];
1534 t1 = io[1];
1535 io[0] = io[2];
1536 io[1] = io[3];
1537 io[2] = t0;
1538 io[3] = t1;
1539
1540 io_text[0] = cpu_to_be32(io[0]);
1541 io_text[1] = cpu_to_be32(io[1]);
1542 io_text[2] = cpu_to_be32(io[2]);
1543 io_text[3] = cpu_to_be32(io[3]);
1544
1545 return;
1546} 952}
1547 953
1548 954static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
1549static void camellia_decrypt256(const u32 *subkey, __be32 *io_text)
1550{ 955{
1551 u32 il,ir,t0,t1; /* temporary valiables */ 956 u32 il,ir,t0,t1; /* temporary variables */
1552 957
1553 u32 io[4]; 958 /* pre whitening but absorb kw2 */
1554 959 io[0] ^= SUBKEY_L(i);
1555 io[0] = be32_to_cpu(io_text[0]); 960 io[1] ^= SUBKEY_R(i);
1556 io[1] = be32_to_cpu(io_text[1]);
1557 io[2] = be32_to_cpu(io_text[2]);
1558 io[3] = be32_to_cpu(io_text[3]);
1559
1560 /* pre whitening but absorb kw2*/
1561 io[0] ^= CAMELLIA_SUBKEY_L(32);
1562 io[1] ^= CAMELLIA_SUBKEY_R(32);
1563 961
1564 /* main iteration */ 962 /* main iteration */
1565 CAMELLIA_ROUNDSM(io[0],io[1], 963#define ROUNDS(i) do { \
1566 CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), 964 CAMELLIA_ROUNDSM(io[0],io[1], \
1567 io[2],io[3],il,ir,t0,t1); 965 SUBKEY_L(i + 7),SUBKEY_R(i + 7), \
1568 CAMELLIA_ROUNDSM(io[2],io[3], 966 io[2],io[3],il,ir); \
1569 CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), 967 CAMELLIA_ROUNDSM(io[2],io[3], \
1570 io[0],io[1],il,ir,t0,t1); 968 SUBKEY_L(i + 6),SUBKEY_R(i + 6), \
1571 CAMELLIA_ROUNDSM(io[0],io[1], 969 io[0],io[1],il,ir); \
1572 CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), 970 CAMELLIA_ROUNDSM(io[0],io[1], \
1573 io[2],io[3],il,ir,t0,t1); 971 SUBKEY_L(i + 5),SUBKEY_R(i + 5), \
1574 CAMELLIA_ROUNDSM(io[2],io[3], 972 io[2],io[3],il,ir); \
1575 CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), 973 CAMELLIA_ROUNDSM(io[2],io[3], \
1576 io[0],io[1],il,ir,t0,t1); 974 SUBKEY_L(i + 4),SUBKEY_R(i + 4), \
1577 CAMELLIA_ROUNDSM(io[0],io[1], 975 io[0],io[1],il,ir); \
1578 CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), 976 CAMELLIA_ROUNDSM(io[0],io[1], \
1579 io[2],io[3],il,ir,t0,t1); 977 SUBKEY_L(i + 3),SUBKEY_R(i + 3), \
1580 CAMELLIA_ROUNDSM(io[2],io[3], 978 io[2],io[3],il,ir); \
1581 CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), 979 CAMELLIA_ROUNDSM(io[2],io[3], \
1582 io[0],io[1],il,ir,t0,t1); 980 SUBKEY_L(i + 2),SUBKEY_R(i + 2), \
1583 981 io[0],io[1],il,ir); \
1584 CAMELLIA_FLS(io[0],io[1],io[2],io[3], 982} while (0)
1585 CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), 983#define FLS(i) do { \
1586 CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), 984 CAMELLIA_FLS(io[0],io[1],io[2],io[3], \
1587 t0,t1,il,ir); 985 SUBKEY_L(i + 1),SUBKEY_R(i + 1), \
1588 986 SUBKEY_L(i + 0),SUBKEY_R(i + 0), \
1589 CAMELLIA_ROUNDSM(io[0],io[1], 987 t0,t1,il,ir); \
1590 CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), 988} while (0)
1591 io[2],io[3],il,ir,t0,t1); 989
1592 CAMELLIA_ROUNDSM(io[2],io[3], 990 if (i == 32) {
1593 CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), 991 ROUNDS(24);
1594 io[0],io[1],il,ir,t0,t1); 992 FLS(24);
1595 CAMELLIA_ROUNDSM(io[0],io[1], 993 }
1596 CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), 994 ROUNDS(16);
1597 io[2],io[3],il,ir,t0,t1); 995 FLS(16);
1598 CAMELLIA_ROUNDSM(io[2],io[3], 996 ROUNDS(8);
1599 CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), 997 FLS(8);
1600 io[0],io[1],il,ir,t0,t1); 998 ROUNDS(0);
1601 CAMELLIA_ROUNDSM(io[0],io[1], 999
1602 CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), 1000#undef ROUNDS
1603 io[2],io[3],il,ir,t0,t1); 1001#undef FLS
1604 CAMELLIA_ROUNDSM(io[2],io[3],
1605 CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1606 io[0],io[1],il,ir,t0,t1);
1607
1608 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1609 CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1610 CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1611 t0,t1,il,ir);
1612
1613 CAMELLIA_ROUNDSM(io[0],io[1],
1614 CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1615 io[2],io[3],il,ir,t0,t1);
1616 CAMELLIA_ROUNDSM(io[2],io[3],
1617 CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1618 io[0],io[1],il,ir,t0,t1);
1619 CAMELLIA_ROUNDSM(io[0],io[1],
1620 CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1621 io[2],io[3],il,ir,t0,t1);
1622 CAMELLIA_ROUNDSM(io[2],io[3],
1623 CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1624 io[0],io[1],il,ir,t0,t1);
1625 CAMELLIA_ROUNDSM(io[0],io[1],
1626 CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1627 io[2],io[3],il,ir,t0,t1);
1628 CAMELLIA_ROUNDSM(io[2],io[3],
1629 CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1630 io[0],io[1],il,ir,t0,t1);
1631
1632 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1633 CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1634 CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1635 t0,t1,il,ir);
1636
1637 CAMELLIA_ROUNDSM(io[0],io[1],
1638 CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1639 io[2],io[3],il,ir,t0,t1);
1640 CAMELLIA_ROUNDSM(io[2],io[3],
1641 CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1642 io[0],io[1],il,ir,t0,t1);
1643 CAMELLIA_ROUNDSM(io[0],io[1],
1644 CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1645 io[2],io[3],il,ir,t0,t1);
1646 CAMELLIA_ROUNDSM(io[2],io[3],
1647 CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1648 io[0],io[1],il,ir,t0,t1);
1649 CAMELLIA_ROUNDSM(io[0],io[1],
1650 CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1651 io[2],io[3],il,ir,t0,t1);
1652 CAMELLIA_ROUNDSM(io[2],io[3],
1653 CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1654 io[0],io[1],il,ir,t0,t1);
1655 1002
1656 /* post whitening but kw4 */ 1003 /* post whitening but kw4 */
1657 io[2] ^= CAMELLIA_SUBKEY_L(0); 1004 io[2] ^= SUBKEY_L(0);
1658 io[3] ^= CAMELLIA_SUBKEY_R(0); 1005 io[3] ^= SUBKEY_R(0);
1659 1006 /* NB: 0,1 should be swapped with 2,3 by caller! */
1660 t0 = io[0];
1661 t1 = io[1];
1662 io[0] = io[2];
1663 io[1] = io[3];
1664 io[2] = t0;
1665 io[3] = t1;
1666
1667 io_text[0] = cpu_to_be32(io[0]);
1668 io_text[1] = cpu_to_be32(io[1]);
1669 io_text[2] = cpu_to_be32(io[2]);
1670 io_text[3] = cpu_to_be32(io[3]);
1671
1672 return;
1673} 1007}
1674 1008
1675 1009
1010struct camellia_ctx {
1011 int key_length;
1012 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
1013};
1014
1676static int 1015static int
1677camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key, 1016camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1678 unsigned int key_len) 1017 unsigned int key_len)
@@ -1688,7 +1027,7 @@ camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1688 1027
1689 cctx->key_length = key_len; 1028 cctx->key_length = key_len;
1690 1029
1691 switch(key_len) { 1030 switch (key_len) {
1692 case 16: 1031 case 16:
1693 camellia_setup128(key, cctx->key_table); 1032 camellia_setup128(key, cctx->key_table);
1694 break; 1033 break;
@@ -1698,68 +1037,59 @@ camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1698 case 32: 1037 case 32:
1699 camellia_setup256(key, cctx->key_table); 1038 camellia_setup256(key, cctx->key_table);
1700 break; 1039 break;
1701 default:
1702 break;
1703 } 1040 }
1704 1041
1705 return 0; 1042 return 0;
1706} 1043}
1707 1044
1708
1709static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 1045static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1710{ 1046{
1711 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1047 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1712 const __be32 *src = (const __be32 *)in; 1048 const __be32 *src = (const __be32 *)in;
1713 __be32 *dst = (__be32 *)out; 1049 __be32 *dst = (__be32 *)out;
1714 1050
1715 __be32 tmp[4]; 1051 u32 tmp[4];
1716 1052
1717 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); 1053 tmp[0] = be32_to_cpu(src[0]);
1054 tmp[1] = be32_to_cpu(src[1]);
1055 tmp[2] = be32_to_cpu(src[2]);
1056 tmp[3] = be32_to_cpu(src[3]);
1718 1057
1719 switch (cctx->key_length) { 1058 camellia_do_encrypt(cctx->key_table, tmp,
1720 case 16: 1059 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1721 camellia_encrypt128(cctx->key_table, tmp); 1060 );
1722 break;
1723 case 24:
1724 /* fall through */
1725 case 32:
1726 camellia_encrypt256(cctx->key_table, tmp);
1727 break;
1728 default:
1729 break;
1730 }
1731 1061
1732 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); 1062 /* do_encrypt returns 0,1 swapped with 2,3 */
1063 dst[0] = cpu_to_be32(tmp[2]);
1064 dst[1] = cpu_to_be32(tmp[3]);
1065 dst[2] = cpu_to_be32(tmp[0]);
1066 dst[3] = cpu_to_be32(tmp[1]);
1733} 1067}
1734 1068
1735
1736static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 1069static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1737{ 1070{
1738 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1071 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1739 const __be32 *src = (const __be32 *)in; 1072 const __be32 *src = (const __be32 *)in;
1740 __be32 *dst = (__be32 *)out; 1073 __be32 *dst = (__be32 *)out;
1741 1074
1742 __be32 tmp[4]; 1075 u32 tmp[4];
1743 1076
1744 memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); 1077 tmp[0] = be32_to_cpu(src[0]);
1078 tmp[1] = be32_to_cpu(src[1]);
1079 tmp[2] = be32_to_cpu(src[2]);
1080 tmp[3] = be32_to_cpu(src[3]);
1745 1081
1746 switch (cctx->key_length) { 1082 camellia_do_decrypt(cctx->key_table, tmp,
1747 case 16: 1083 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1748 camellia_decrypt128(cctx->key_table, tmp); 1084 );
1749 break;
1750 case 24:
1751 /* fall through */
1752 case 32:
1753 camellia_decrypt256(cctx->key_table, tmp);
1754 break;
1755 default:
1756 break;
1757 }
1758 1085
1759 memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); 1086 /* do_decrypt returns 0,1 swapped with 2,3 */
1087 dst[0] = cpu_to_be32(tmp[2]);
1088 dst[1] = cpu_to_be32(tmp[3]);
1089 dst[2] = cpu_to_be32(tmp[0]);
1090 dst[3] = cpu_to_be32(tmp[1]);
1760} 1091}
1761 1092
1762
1763static struct crypto_alg camellia_alg = { 1093static struct crypto_alg camellia_alg = {
1764 .cra_name = "camellia", 1094 .cra_name = "camellia",
1765 .cra_driver_name = "camellia-generic", 1095 .cra_driver_name = "camellia-generic",
@@ -1786,16 +1116,13 @@ static int __init camellia_init(void)
1786 return crypto_register_alg(&camellia_alg); 1116 return crypto_register_alg(&camellia_alg);
1787} 1117}
1788 1118
1789
1790static void __exit camellia_fini(void) 1119static void __exit camellia_fini(void)
1791{ 1120{
1792 crypto_unregister_alg(&camellia_alg); 1121 crypto_unregister_alg(&camellia_alg);
1793} 1122}
1794 1123
1795
1796module_init(camellia_init); 1124module_init(camellia_init);
1797module_exit(camellia_fini); 1125module_exit(camellia_fini);
1798 1126
1799
1800MODULE_DESCRIPTION("Camellia Cipher Algorithm"); 1127MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1801MODULE_LICENSE("GPL"); 1128MODULE_LICENSE("GPL");
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-04 07:03:22 -0500