diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/camellia.c | 935 |
1 files changed, 418 insertions, 517 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c index aaae60e8bf25..ac372e43e2a3 100644 --- a/crypto/camellia.c +++ b/crypto/camellia.c | |||
@@ -336,13 +336,13 @@ static const u32 camellia_sp4404[256] = { | |||
336 | ^ ((u32)(pt)[3])) | 336 | ^ ((u32)(pt)[3])) |
337 | 337 | ||
338 | /* rotation right shift 1byte */ | 338 | /* rotation right shift 1byte */ |
339 | #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) | 339 | #define ROR8(x) (((x) >> 8) + ((x) << 24)) |
340 | /* rotation left shift 1bit */ | 340 | /* rotation left shift 1bit */ |
341 | #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) | 341 | #define ROL1(x) (((x) << 1) + ((x) >> 31)) |
342 | /* rotation left shift 1byte */ | 342 | /* rotation left shift 1byte */ |
343 | #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) | 343 | #define ROL8(x) (((x) << 8) + ((x) >> 24)) |
344 | 344 | ||
345 | #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ | 345 | #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ |
346 | do { \ | 346 | do { \ |
347 | w0 = ll; \ | 347 | w0 = ll; \ |
348 | ll = (ll << bits) + (lr >> (32 - bits)); \ | 348 | ll = (ll << bits) + (lr >> (32 - bits)); \ |
@@ -351,7 +351,7 @@ static const u32 camellia_sp4404[256] = { | |||
351 | rr = (rr << bits) + (w0 >> (32 - bits)); \ | 351 | rr = (rr << bits) + (w0 >> (32 - bits)); \ |
352 | } while(0) | 352 | } while(0) |
353 | 353 | ||
354 | #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ | 354 | #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ |
355 | do { \ | 355 | do { \ |
356 | w0 = ll; \ | 356 | w0 = ll; \ |
357 | w1 = lr; \ | 357 | w1 = lr; \ |
@@ -377,7 +377,7 @@ static const u32 camellia_sp4404[256] = { | |||
377 | ^ camellia_sp3033[(il >> 8) & 0xff] \ | 377 | ^ camellia_sp3033[(il >> 8) & 0xff] \ |
378 | ^ camellia_sp4404[il & 0xff]; \ | 378 | ^ camellia_sp4404[il & 0xff]; \ |
379 | yl ^= yr; \ | 379 | yl ^= yr; \ |
380 | yr = CAMELLIA_RR8(yr); \ | 380 | yr = ROR8(yr); \ |
381 | yr ^= yl; \ | 381 | yr ^= yl; \ |
382 | } while(0) | 382 | } while(0) |
383 | 383 | ||
@@ -393,13 +393,13 @@ static const u32 camellia_sp4404[256] = { | |||
393 | t0 &= ll; \ | 393 | t0 &= ll; \ |
394 | t2 |= rr; \ | 394 | t2 |= rr; \ |
395 | rl ^= t2; \ | 395 | rl ^= t2; \ |
396 | lr ^= CAMELLIA_RL1(t0); \ | 396 | lr ^= ROL1(t0); \ |
397 | t3 = krl; \ | 397 | t3 = krl; \ |
398 | t1 = klr; \ | 398 | t1 = klr; \ |
399 | t3 &= rl; \ | 399 | t3 &= rl; \ |
400 | t1 |= lr; \ | 400 | t1 |= lr; \ |
401 | ll ^= t1; \ | 401 | ll ^= t1; \ |
402 | rr ^= CAMELLIA_RL1(t3); \ | 402 | rr ^= ROL1(t3); \ |
403 | } while(0) | 403 | } while(0) |
404 | 404 | ||
405 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ | 405 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ |
@@ -415,12 +415,12 @@ static const u32 camellia_sp4404[256] = { | |||
415 | il ^= kl; \ | 415 | il ^= kl; \ |
416 | ir ^= il ^ kr; \ | 416 | ir ^= il ^ kr; \ |
417 | yl ^= ir; \ | 417 | yl ^= ir; \ |
418 | yr ^= CAMELLIA_RR8(il) ^ ir; \ | 418 | yr ^= ROR8(il) ^ ir; \ |
419 | } while(0) | 419 | } while(0) |
420 | 420 | ||
421 | 421 | ||
422 | #define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2]) | 422 | #define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) |
423 | #define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) | 423 | #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) |
424 | 424 | ||
425 | static void camellia_setup128(const unsigned char *key, u32 *subkey) | 425 | static void camellia_setup128(const unsigned char *key, u32 *subkey) |
426 | { | 426 | { |
@@ -445,35 +445,35 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
445 | /* kw2 */ | 445 | /* kw2 */ |
446 | subL[1] = krl; subR[1] = krr; | 446 | subL[1] = krl; subR[1] = krr; |
447 | /* rotation left shift 15bit */ | 447 | /* rotation left shift 15bit */ |
448 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 448 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
449 | /* k3 */ | 449 | /* k3 */ |
450 | subL[4] = kll; subR[4] = klr; | 450 | subL[4] = kll; subR[4] = klr; |
451 | /* k4 */ | 451 | /* k4 */ |
452 | subL[5] = krl; subR[5] = krr; | 452 | subL[5] = krl; subR[5] = krr; |
453 | /* rotation left shift 15+30bit */ | 453 | /* rotation left shift 15+30bit */ |
454 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); | 454 | ROLDQ(kll, klr, krl, krr, w0, w1, 30); |
455 | /* k7 */ | 455 | /* k7 */ |
456 | subL[10] = kll; subR[10] = klr; | 456 | subL[10] = kll; subR[10] = klr; |
457 | /* k8 */ | 457 | /* k8 */ |
458 | subL[11] = krl; subR[11] = krr; | 458 | subL[11] = krl; subR[11] = krr; |
459 | /* rotation left shift 15+30+15bit */ | 459 | /* rotation left shift 15+30+15bit */ |
460 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 460 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
461 | /* k10 */ | 461 | /* k10 */ |
462 | subL[13] = krl; subR[13] = krr; | 462 | subL[13] = krl; subR[13] = krr; |
463 | /* rotation left shift 15+30+15+17 bit */ | 463 | /* rotation left shift 15+30+15+17 bit */ |
464 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | 464 | ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
465 | /* kl3 */ | 465 | /* kl3 */ |
466 | subL[16] = kll; subR[16] = klr; | 466 | subL[16] = kll; subR[16] = klr; |
467 | /* kl4 */ | 467 | /* kl4 */ |
468 | subL[17] = krl; subR[17] = krr; | 468 | subL[17] = krl; subR[17] = krr; |
469 | /* rotation left shift 15+30+15+17+17 bit */ | 469 | /* rotation left shift 15+30+15+17+17 bit */ |
470 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | 470 | ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
471 | /* k13 */ | 471 | /* k13 */ |
472 | subL[18] = kll; subR[18] = klr; | 472 | subL[18] = kll; subR[18] = klr; |
473 | /* k14 */ | 473 | /* k14 */ |
474 | subL[19] = krl; subR[19] = krr; | 474 | subL[19] = krl; subR[19] = krr; |
475 | /* rotation left shift 15+30+15+17+17+17 bit */ | 475 | /* rotation left shift 15+30+15+17+17+17 bit */ |
476 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | 476 | ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
477 | /* k17 */ | 477 | /* k17 */ |
478 | subL[22] = kll; subR[22] = klr; | 478 | subL[22] = kll; subR[22] = klr; |
479 | /* k18 */ | 479 | /* k18 */ |
@@ -503,26 +503,26 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
503 | /* k1, k2 */ | 503 | /* k1, k2 */ |
504 | subL[2] = kll; subR[2] = klr; | 504 | subL[2] = kll; subR[2] = klr; |
505 | subL[3] = krl; subR[3] = krr; | 505 | subL[3] = krl; subR[3] = krr; |
506 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 506 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
507 | /* k5,k6 */ | 507 | /* k5,k6 */ |
508 | subL[6] = kll; subR[6] = klr; | 508 | subL[6] = kll; subR[6] = klr; |
509 | subL[7] = krl; subR[7] = krr; | 509 | subL[7] = krl; subR[7] = krr; |
510 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 510 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
511 | /* kl1, kl2 */ | 511 | /* kl1, kl2 */ |
512 | subL[8] = kll; subR[8] = klr; | 512 | subL[8] = kll; subR[8] = klr; |
513 | subL[9] = krl; subR[9] = krr; | 513 | subL[9] = krl; subR[9] = krr; |
514 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 514 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
515 | /* k9 */ | 515 | /* k9 */ |
516 | subL[12] = kll; subR[12] = klr; | 516 | subL[12] = kll; subR[12] = klr; |
517 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 517 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
518 | /* k11, k12 */ | 518 | /* k11, k12 */ |
519 | subL[14] = kll; subR[14] = klr; | 519 | subL[14] = kll; subR[14] = klr; |
520 | subL[15] = krl; subR[15] = krr; | 520 | subL[15] = krl; subR[15] = krr; |
521 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); | 521 | ROLDQo32(kll, klr, krl, krr, w0, w1, 34); |
522 | /* k15, k16 */ | 522 | /* k15, k16 */ |
523 | subL[20] = kll; subR[20] = klr; | 523 | subL[20] = kll; subR[20] = klr; |
524 | subL[21] = krl; subR[21] = krr; | 524 | subL[21] = krl; subR[21] = krr; |
525 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | 525 | ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
526 | /* kw3, kw4 */ | 526 | /* kw3, kw4 */ |
527 | subL[24] = kll; subR[24] = klr; | 527 | subL[24] = kll; subR[24] = klr; |
528 | subL[25] = krl; subR[25] = krr; | 528 | subL[25] = krl; subR[25] = krr; |
@@ -536,7 +536,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
536 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; | 536 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; |
537 | subL[1] ^= subR[1] & ~subR[9]; | 537 | subL[1] ^= subR[1] & ~subR[9]; |
538 | dw = subL[1] & subL[9], | 538 | dw = subL[1] & subL[9], |
539 | subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ | 539 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ |
540 | /* round 8 */ | 540 | /* round 8 */ |
541 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; | 541 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; |
542 | /* round 10 */ | 542 | /* round 10 */ |
@@ -545,7 +545,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
545 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; | 545 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; |
546 | subL[1] ^= subR[1] & ~subR[17]; | 546 | subL[1] ^= subR[1] & ~subR[17]; |
547 | dw = subL[1] & subL[17], | 547 | dw = subL[1] & subL[17], |
548 | subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ | 548 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ |
549 | /* round 14 */ | 549 | /* round 14 */ |
550 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; | 550 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; |
551 | /* round 16 */ | 551 | /* round 16 */ |
@@ -565,7 +565,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
565 | subL[18] ^= kw4l; subR[18] ^= kw4r; | 565 | subL[18] ^= kw4l; subR[18] ^= kw4r; |
566 | kw4l ^= kw4r & ~subR[16]; | 566 | kw4l ^= kw4r & ~subR[16]; |
567 | dw = kw4l & subL[16], | 567 | dw = kw4l & subL[16], |
568 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ | 568 | kw4r ^= ROL1(dw); /* modified for FL(kl3) */ |
569 | /* round 11 */ | 569 | /* round 11 */ |
570 | subL[14] ^= kw4l; subR[14] ^= kw4r; | 570 | subL[14] ^= kw4l; subR[14] ^= kw4r; |
571 | /* round 9 */ | 571 | /* round 9 */ |
@@ -574,7 +574,7 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
574 | subL[10] ^= kw4l; subR[10] ^= kw4r; | 574 | subL[10] ^= kw4l; subR[10] ^= kw4r; |
575 | kw4l ^= kw4r & ~subR[8]; | 575 | kw4l ^= kw4r & ~subR[8]; |
576 | dw = kw4l & subL[8], | 576 | dw = kw4l & subL[8], |
577 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ | 577 | kw4r ^= ROL1(dw); /* modified for FL(kl1) */ |
578 | /* round 5 */ | 578 | /* round 5 */ |
579 | subL[6] ^= kw4l; subR[6] ^= kw4r; | 579 | subL[6] ^= kw4l; subR[6] ^= kw4r; |
580 | /* round 3 */ | 580 | /* round 3 */ |
@@ -585,140 +585,104 @@ static void camellia_setup128(const unsigned char *key, u32 *subkey) | |||
585 | subL[0] ^= kw4l; subR[0] ^= kw4r; | 585 | subL[0] ^= kw4l; subR[0] ^= kw4r; |
586 | 586 | ||
587 | /* key XOR is end of F-function */ | 587 | /* key XOR is end of F-function */ |
588 | CAMELLIA_SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ | 588 | SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ |
589 | CAMELLIA_SUBKEY_R(0) = subR[0] ^ subR[2]; | 589 | SUBKEY_R(0) = subR[0] ^ subR[2]; |
590 | CAMELLIA_SUBKEY_L(2) = subL[3]; /* round 1 */ | 590 | SUBKEY_L(2) = subL[3]; /* round 1 */ |
591 | CAMELLIA_SUBKEY_R(2) = subR[3]; | 591 | SUBKEY_R(2) = subR[3]; |
592 | CAMELLIA_SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */ | 592 | SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */ |
593 | CAMELLIA_SUBKEY_R(3) = subR[2] ^ subR[4]; | 593 | SUBKEY_R(3) = subR[2] ^ subR[4]; |
594 | CAMELLIA_SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */ | 594 | SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */ |
595 | CAMELLIA_SUBKEY_R(4) = subR[3] ^ subR[5]; | 595 | SUBKEY_R(4) = subR[3] ^ subR[5]; |
596 | CAMELLIA_SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */ | 596 | SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */ |
597 | CAMELLIA_SUBKEY_R(5) = subR[4] ^ subR[6]; | 597 | SUBKEY_R(5) = subR[4] ^ subR[6]; |
598 | CAMELLIA_SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */ | 598 | SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */ |
599 | CAMELLIA_SUBKEY_R(6) = subR[5] ^ subR[7]; | 599 | SUBKEY_R(6) = subR[5] ^ subR[7]; |
600 | tl = subL[10] ^ (subR[10] & ~subR[8]); | 600 | tl = subL[10] ^ (subR[10] & ~subR[8]); |
601 | dw = tl & subL[8], /* FL(kl1) */ | 601 | dw = tl & subL[8], /* FL(kl1) */ |
602 | tr = subR[10] ^ CAMELLIA_RL1(dw); | 602 | tr = subR[10] ^ ROL1(dw); |
603 | CAMELLIA_SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ | 603 | SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ |
604 | CAMELLIA_SUBKEY_R(7) = subR[6] ^ tr; | 604 | SUBKEY_R(7) = subR[6] ^ tr; |
605 | CAMELLIA_SUBKEY_L(8) = subL[8]; /* FL(kl1) */ | 605 | SUBKEY_L(8) = subL[8]; /* FL(kl1) */ |
606 | CAMELLIA_SUBKEY_R(8) = subR[8]; | 606 | SUBKEY_R(8) = subR[8]; |
607 | CAMELLIA_SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */ | 607 | SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */ |
608 | CAMELLIA_SUBKEY_R(9) = subR[9]; | 608 | SUBKEY_R(9) = subR[9]; |
609 | tl = subL[7] ^ (subR[7] & ~subR[9]); | 609 | tl = subL[7] ^ (subR[7] & ~subR[9]); |
610 | dw = tl & subL[9], /* FLinv(kl2) */ | 610 | dw = tl & subL[9], /* FLinv(kl2) */ |
611 | tr = subR[7] ^ CAMELLIA_RL1(dw); | 611 | tr = subR[7] ^ ROL1(dw); |
612 | CAMELLIA_SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ | 612 | SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ |
613 | CAMELLIA_SUBKEY_R(10) = tr ^ subR[11]; | 613 | SUBKEY_R(10) = tr ^ subR[11]; |
614 | CAMELLIA_SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ | 614 | SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ |
615 | CAMELLIA_SUBKEY_R(11) = subR[10] ^ subR[12]; | 615 | SUBKEY_R(11) = subR[10] ^ subR[12]; |
616 | CAMELLIA_SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */ | 616 | SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */ |
617 | CAMELLIA_SUBKEY_R(12) = subR[11] ^ subR[13]; | 617 | SUBKEY_R(12) = subR[11] ^ subR[13]; |
618 | CAMELLIA_SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */ | 618 | SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */ |
619 | CAMELLIA_SUBKEY_R(13) = subR[12] ^ subR[14]; | 619 | SUBKEY_R(13) = subR[12] ^ subR[14]; |
620 | CAMELLIA_SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */ | 620 | SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */ |
621 | CAMELLIA_SUBKEY_R(14) = subR[13] ^ subR[15]; | 621 | SUBKEY_R(14) = subR[13] ^ subR[15]; |
622 | tl = subL[18] ^ (subR[18] & ~subR[16]); | 622 | tl = subL[18] ^ (subR[18] & ~subR[16]); |
623 | dw = tl & subL[16], /* FL(kl3) */ | 623 | dw = tl & subL[16], /* FL(kl3) */ |
624 | tr = subR[18] ^ CAMELLIA_RL1(dw); | 624 | tr = subR[18] ^ ROL1(dw); |
625 | CAMELLIA_SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ | 625 | SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ |
626 | CAMELLIA_SUBKEY_R(15) = subR[14] ^ tr; | 626 | SUBKEY_R(15) = subR[14] ^ tr; |
627 | CAMELLIA_SUBKEY_L(16) = subL[16]; /* FL(kl3) */ | 627 | SUBKEY_L(16) = subL[16]; /* FL(kl3) */ |
628 | CAMELLIA_SUBKEY_R(16) = subR[16]; | 628 | SUBKEY_R(16) = subR[16]; |
629 | CAMELLIA_SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */ | 629 | SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */ |
630 | CAMELLIA_SUBKEY_R(17) = subR[17]; | 630 | SUBKEY_R(17) = subR[17]; |
631 | tl = subL[15] ^ (subR[15] & ~subR[17]); | 631 | tl = subL[15] ^ (subR[15] & ~subR[17]); |
632 | dw = tl & subL[17], /* FLinv(kl4) */ | 632 | dw = tl & subL[17], /* FLinv(kl4) */ |
633 | tr = subR[15] ^ CAMELLIA_RL1(dw); | 633 | tr = subR[15] ^ ROL1(dw); |
634 | CAMELLIA_SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ | 634 | SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ |
635 | CAMELLIA_SUBKEY_R(18) = tr ^ subR[19]; | 635 | SUBKEY_R(18) = tr ^ subR[19]; |
636 | CAMELLIA_SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ | 636 | SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ |
637 | CAMELLIA_SUBKEY_R(19) = subR[18] ^ subR[20]; | 637 | SUBKEY_R(19) = subR[18] ^ subR[20]; |
638 | CAMELLIA_SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */ | 638 | SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */ |
639 | CAMELLIA_SUBKEY_R(20) = subR[19] ^ subR[21]; | 639 | SUBKEY_R(20) = subR[19] ^ subR[21]; |
640 | CAMELLIA_SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */ | 640 | SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */ |
641 | CAMELLIA_SUBKEY_R(21) = subR[20] ^ subR[22]; | 641 | SUBKEY_R(21) = subR[20] ^ subR[22]; |
642 | CAMELLIA_SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */ | 642 | SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */ |
643 | CAMELLIA_SUBKEY_R(22) = subR[21] ^ subR[23]; | 643 | SUBKEY_R(22) = subR[21] ^ subR[23]; |
644 | CAMELLIA_SUBKEY_L(23) = subL[22]; /* round 18 */ | 644 | SUBKEY_L(23) = subL[22]; /* round 18 */ |
645 | CAMELLIA_SUBKEY_R(23) = subR[22]; | 645 | SUBKEY_R(23) = subR[22]; |
646 | CAMELLIA_SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */ | 646 | SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */ |
647 | CAMELLIA_SUBKEY_R(24) = subR[24] ^ subR[23]; | 647 | SUBKEY_R(24) = subR[24] ^ subR[23]; |
648 | 648 | ||
649 | /* apply the inverse of the last half of P-function */ | 649 | /* apply the inverse of the last half of P-function */ |
650 | dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2), | 650 | dw = SUBKEY_L(2) ^ SUBKEY_R(2); dw = ROL8(dw);/* round 1 */ |
651 | dw = CAMELLIA_RL8(dw);/* round 1 */ | 651 | SUBKEY_R(2) = SUBKEY_L(2) ^ dw; SUBKEY_L(2) = dw; |
652 | CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw, | 652 | dw = SUBKEY_L(3) ^ SUBKEY_R(3); dw = ROL8(dw);/* round 2 */ |
653 | CAMELLIA_SUBKEY_L(2) = dw; | 653 | SUBKEY_R(3) = SUBKEY_L(3) ^ dw; SUBKEY_L(3) = dw; |
654 | dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3), | 654 | dw = SUBKEY_L(4) ^ SUBKEY_R(4); dw = ROL8(dw);/* round 3 */ |
655 | dw = CAMELLIA_RL8(dw);/* round 2 */ | 655 | SUBKEY_R(4) = SUBKEY_L(4) ^ dw; SUBKEY_L(4) = dw; |
656 | CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw, | 656 | dw = SUBKEY_L(5) ^ SUBKEY_R(5); dw = ROL8(dw);/* round 4 */ |
657 | CAMELLIA_SUBKEY_L(3) = dw; | 657 | SUBKEY_R(5) = SUBKEY_L(5) ^ dw; SUBKEY_L(5) = dw; |
658 | dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4), | 658 | dw = SUBKEY_L(6) ^ SUBKEY_R(6); dw = ROL8(dw);/* round 5 */ |
659 | dw = CAMELLIA_RL8(dw);/* round 3 */ | 659 | SUBKEY_R(6) = SUBKEY_L(6) ^ dw; SUBKEY_L(6) = dw; |
660 | CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw, | 660 | dw = SUBKEY_L(7) ^ SUBKEY_R(7); dw = ROL8(dw);/* round 6 */ |
661 | CAMELLIA_SUBKEY_L(4) = dw; | 661 | SUBKEY_R(7) = SUBKEY_L(7) ^ dw; SUBKEY_L(7) = dw; |
662 | dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5), | 662 | dw = SUBKEY_L(10) ^ SUBKEY_R(10); dw = ROL8(dw);/* round 7 */ |
663 | dw = CAMELLIA_RL8(dw);/* round 4 */ | 663 | SUBKEY_R(10) = SUBKEY_L(10) ^ dw; SUBKEY_L(10) = dw; |
664 | CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw, | 664 | dw = SUBKEY_L(11) ^ SUBKEY_R(11); dw = ROL8(dw);/* round 8 */ |
665 | CAMELLIA_SUBKEY_L(5) = dw; | 665 | SUBKEY_R(11) = SUBKEY_L(11) ^ dw; SUBKEY_L(11) = dw; |
666 | dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6), | 666 | dw = SUBKEY_L(12) ^ SUBKEY_R(12); dw = ROL8(dw);/* round 9 */ |
667 | dw = CAMELLIA_RL8(dw);/* round 5 */ | 667 | SUBKEY_R(12) = SUBKEY_L(12) ^ dw; SUBKEY_L(12) = dw; |
668 | CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw, | 668 | dw = SUBKEY_L(13) ^ SUBKEY_R(13); dw = ROL8(dw);/* round 10 */ |
669 | CAMELLIA_SUBKEY_L(6) = dw; | 669 | SUBKEY_R(13) = SUBKEY_L(13) ^ dw; SUBKEY_L(13) = dw; |
670 | dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7), | 670 | dw = SUBKEY_L(14) ^ SUBKEY_R(14); dw = ROL8(dw);/* round 11 */ |
671 | dw = CAMELLIA_RL8(dw);/* round 6 */ | 671 | SUBKEY_R(14) = SUBKEY_L(14) ^ dw; SUBKEY_L(14) = dw; |
672 | CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw, | 672 | dw = SUBKEY_L(15) ^ SUBKEY_R(15); dw = ROL8(dw);/* round 12 */ |
673 | CAMELLIA_SUBKEY_L(7) = dw; | 673 | SUBKEY_R(15) = SUBKEY_L(15) ^ dw; SUBKEY_L(15) = dw; |
674 | dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10), | 674 | dw = SUBKEY_L(18) ^ SUBKEY_R(18); dw = ROL8(dw);/* round 13 */ |
675 | dw = CAMELLIA_RL8(dw);/* round 7 */ | 675 | SUBKEY_R(18) = SUBKEY_L(18) ^ dw; SUBKEY_L(18) = dw; |
676 | CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw, | 676 | dw = SUBKEY_L(19) ^ SUBKEY_R(19); dw = ROL8(dw);/* round 14 */ |
677 | CAMELLIA_SUBKEY_L(10) = dw; | 677 | SUBKEY_R(19) = SUBKEY_L(19) ^ dw; SUBKEY_L(19) = dw; |
678 | dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11), | 678 | dw = SUBKEY_L(20) ^ SUBKEY_R(20); dw = ROL8(dw);/* round 15 */ |
679 | dw = CAMELLIA_RL8(dw);/* round 8 */ | 679 | SUBKEY_R(20) = SUBKEY_L(20) ^ dw; SUBKEY_L(20) = dw; |
680 | CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw, | 680 | dw = SUBKEY_L(21) ^ SUBKEY_R(21); dw = ROL8(dw);/* round 16 */ |
681 | CAMELLIA_SUBKEY_L(11) = dw; | 681 | SUBKEY_R(21) = SUBKEY_L(21) ^ dw; SUBKEY_L(21) = dw; |
682 | dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12), | 682 | dw = SUBKEY_L(22) ^ SUBKEY_R(22); dw = ROL8(dw);/* round 17 */ |
683 | dw = CAMELLIA_RL8(dw);/* round 9 */ | 683 | SUBKEY_R(22) = SUBKEY_L(22) ^ dw; SUBKEY_L(22) = dw; |
684 | CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw, | 684 | dw = SUBKEY_L(23) ^ SUBKEY_R(23); dw = ROL8(dw);/* round 18 */ |
685 | CAMELLIA_SUBKEY_L(12) = dw; | 685 | SUBKEY_R(23) = SUBKEY_L(23) ^ dw; SUBKEY_L(23) = dw; |
686 | dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13), | ||
687 | dw = CAMELLIA_RL8(dw);/* round 10 */ | ||
688 | CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw, | ||
689 | CAMELLIA_SUBKEY_L(13) = dw; | ||
690 | dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14), | ||
691 | dw = CAMELLIA_RL8(dw);/* round 11 */ | ||
692 | CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw, | ||
693 | CAMELLIA_SUBKEY_L(14) = dw; | ||
694 | dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15), | ||
695 | dw = CAMELLIA_RL8(dw);/* round 12 */ | ||
696 | CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw, | ||
697 | CAMELLIA_SUBKEY_L(15) = dw; | ||
698 | dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18), | ||
699 | dw = CAMELLIA_RL8(dw);/* round 13 */ | ||
700 | CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw, | ||
701 | CAMELLIA_SUBKEY_L(18) = dw; | ||
702 | dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19), | ||
703 | dw = CAMELLIA_RL8(dw);/* round 14 */ | ||
704 | CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw, | ||
705 | CAMELLIA_SUBKEY_L(19) = dw; | ||
706 | dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20), | ||
707 | dw = CAMELLIA_RL8(dw);/* round 15 */ | ||
708 | CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw, | ||
709 | CAMELLIA_SUBKEY_L(20) = dw; | ||
710 | dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21), | ||
711 | dw = CAMELLIA_RL8(dw);/* round 16 */ | ||
712 | CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw, | ||
713 | CAMELLIA_SUBKEY_L(21) = dw; | ||
714 | dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22), | ||
715 | dw = CAMELLIA_RL8(dw);/* round 17 */ | ||
716 | CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw, | ||
717 | CAMELLIA_SUBKEY_L(22) = dw; | ||
718 | dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23), | ||
719 | dw = CAMELLIA_RL8(dw);/* round 18 */ | ||
720 | CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw, | ||
721 | CAMELLIA_SUBKEY_L(23) = dw; | ||
722 | } | 686 | } |
723 | 687 | ||
724 | static void camellia_setup256(const unsigned char *key, u32 *subkey) | 688 | static void camellia_setup256(const unsigned char *key, u32 *subkey) |
@@ -734,7 +698,6 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
734 | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) | 698 | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) |
735 | * (|| is concatination) | 699 | * (|| is concatination) |
736 | */ | 700 | */ |
737 | |||
738 | kll = GETU32(key ); | 701 | kll = GETU32(key ); |
739 | klr = GETU32(key + 4); | 702 | klr = GETU32(key + 4); |
740 | krl = GETU32(key + 8); | 703 | krl = GETU32(key + 8); |
@@ -749,49 +712,49 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
749 | subL[0] = kll; subR[0] = klr; | 712 | subL[0] = kll; subR[0] = klr; |
750 | /* kw2 */ | 713 | /* kw2 */ |
751 | subL[1] = krl; subR[1] = krr; | 714 | subL[1] = krl; subR[1] = krr; |
752 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); | 715 | ROLDQo32(kll, klr, krl, krr, w0, w1, 45); |
753 | /* k9 */ | 716 | /* k9 */ |
754 | subL[12] = kll; subR[12] = klr; | 717 | subL[12] = kll; subR[12] = klr; |
755 | /* k10 */ | 718 | /* k10 */ |
756 | subL[13] = krl; subR[13] = krr; | 719 | subL[13] = krl; subR[13] = krr; |
757 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 720 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
758 | /* kl3 */ | 721 | /* kl3 */ |
759 | subL[16] = kll; subR[16] = klr; | 722 | subL[16] = kll; subR[16] = klr; |
760 | /* kl4 */ | 723 | /* kl4 */ |
761 | subL[17] = krl; subR[17] = krr; | 724 | subL[17] = krl; subR[17] = krr; |
762 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); | 725 | ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
763 | /* k17 */ | 726 | /* k17 */ |
764 | subL[22] = kll; subR[22] = klr; | 727 | subL[22] = kll; subR[22] = klr; |
765 | /* k18 */ | 728 | /* k18 */ |
766 | subL[23] = krl; subR[23] = krr; | 729 | subL[23] = krl; subR[23] = krr; |
767 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); | 730 | ROLDQo32(kll, klr, krl, krr, w0, w1, 34); |
768 | /* k23 */ | 731 | /* k23 */ |
769 | subL[30] = kll; subR[30] = klr; | 732 | subL[30] = kll; subR[30] = klr; |
770 | /* k24 */ | 733 | /* k24 */ |
771 | subL[31] = krl; subR[31] = krr; | 734 | subL[31] = krl; subR[31] = krr; |
772 | 735 | ||
773 | /* generate KR dependent subkeys */ | 736 | /* generate KR dependent subkeys */ |
774 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); | 737 | ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); |
775 | /* k3 */ | 738 | /* k3 */ |
776 | subL[4] = krll; subR[4] = krlr; | 739 | subL[4] = krll; subR[4] = krlr; |
777 | /* k4 */ | 740 | /* k4 */ |
778 | subL[5] = krrl; subR[5] = krrr; | 741 | subL[5] = krrl; subR[5] = krrr; |
779 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); | 742 | ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); |
780 | /* kl1 */ | 743 | /* kl1 */ |
781 | subL[8] = krll; subR[8] = krlr; | 744 | subL[8] = krll; subR[8] = krlr; |
782 | /* kl2 */ | 745 | /* kl2 */ |
783 | subL[9] = krrl; subR[9] = krrr; | 746 | subL[9] = krrl; subR[9] = krrr; |
784 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); | 747 | ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); |
785 | /* k13 */ | 748 | /* k13 */ |
786 | subL[18] = krll; subR[18] = krlr; | 749 | subL[18] = krll; subR[18] = krlr; |
787 | /* k14 */ | 750 | /* k14 */ |
788 | subL[19] = krrl; subR[19] = krrr; | 751 | subL[19] = krrl; subR[19] = krrr; |
789 | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); | 752 | ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); |
790 | /* k19 */ | 753 | /* k19 */ |
791 | subL[26] = krll; subR[26] = krlr; | 754 | subL[26] = krll; subR[26] = krlr; |
792 | /* k20 */ | 755 | /* k20 */ |
793 | subL[27] = krrl; subR[27] = krrr; | 756 | subL[27] = krrl; subR[27] = krrr; |
794 | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); | 757 | ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); |
795 | 758 | ||
796 | /* generate KA */ | 759 | /* generate KA */ |
797 | kll = subL[0] ^ krll; klr = subR[0] ^ krlr; | 760 | kll = subL[0] ^ krll; klr = subR[0] ^ krlr; |
@@ -826,12 +789,12 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
826 | krll ^= w0; krlr ^= w1; | 789 | krll ^= w0; krlr ^= w1; |
827 | 790 | ||
828 | /* generate KA dependent subkeys */ | 791 | /* generate KA dependent subkeys */ |
829 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); | 792 | ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
830 | /* k5 */ | 793 | /* k5 */ |
831 | subL[6] = kll; subR[6] = klr; | 794 | subL[6] = kll; subR[6] = klr; |
832 | /* k6 */ | 795 | /* k6 */ |
833 | subL[7] = krl; subR[7] = krr; | 796 | subL[7] = krl; subR[7] = krr; |
834 | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); | 797 | ROLDQ(kll, klr, krl, krr, w0, w1, 30); |
835 | /* k11 */ | 798 | /* k11 */ |
836 | subL[14] = kll; subR[14] = klr; | 799 | subL[14] = kll; subR[14] = klr; |
837 | /* k12 */ | 800 | /* k12 */ |
@@ -842,7 +805,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
842 | /* kl6 */ | 805 | /* kl6 */ |
843 | subL[25] = krr; subR[25] = kll; | 806 | subL[25] = krr; subR[25] = kll; |
844 | /* rotation left shift 49 from k11,k12 -> k21,k22 */ | 807 | /* rotation left shift 49 from k11,k12 -> k21,k22 */ |
845 | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); | 808 | ROLDQo32(kll, klr, krl, krr, w0, w1, 49); |
846 | /* k21 */ | 809 | /* k21 */ |
847 | subL[28] = kll; subR[28] = klr; | 810 | subL[28] = kll; subR[28] = klr; |
848 | /* k22 */ | 811 | /* k22 */ |
@@ -853,17 +816,17 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
853 | subL[2] = krll; subR[2] = krlr; | 816 | subL[2] = krll; subR[2] = krlr; |
854 | /* k2 */ | 817 | /* k2 */ |
855 | subL[3] = krrl; subR[3] = krrr; | 818 | subL[3] = krrl; subR[3] = krrr; |
856 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); | 819 | ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); |
857 | /* k7 */ | 820 | /* k7 */ |
858 | subL[10] = krll; subR[10] = krlr; | 821 | subL[10] = krll; subR[10] = krlr; |
859 | /* k8 */ | 822 | /* k8 */ |
860 | subL[11] = krrl; subR[11] = krrr; | 823 | subL[11] = krrl; subR[11] = krrr; |
861 | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); | 824 | ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); |
862 | /* k15 */ | 825 | /* k15 */ |
863 | subL[20] = krll; subR[20] = krlr; | 826 | subL[20] = krll; subR[20] = krlr; |
864 | /* k16 */ | 827 | /* k16 */ |
865 | subL[21] = krrl; subR[21] = krrr; | 828 | subL[21] = krrl; subR[21] = krrr; |
866 | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); | 829 | ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); |
867 | /* kw3 */ | 830 | /* kw3 */ |
868 | subL[32] = krll; subR[32] = krlr; | 831 | subL[32] = krll; subR[32] = krlr; |
869 | /* kw4 */ | 832 | /* kw4 */ |
@@ -878,7 +841,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
878 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; | 841 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; |
879 | subL[1] ^= subR[1] & ~subR[9]; | 842 | subL[1] ^= subR[1] & ~subR[9]; |
880 | dw = subL[1] & subL[9], | 843 | dw = subL[1] & subL[9], |
881 | subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ | 844 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ |
882 | /* round 8 */ | 845 | /* round 8 */ |
883 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; | 846 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; |
884 | /* round 10 */ | 847 | /* round 10 */ |
@@ -887,7 +850,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
887 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; | 850 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; |
888 | subL[1] ^= subR[1] & ~subR[17]; | 851 | subL[1] ^= subR[1] & ~subR[17]; |
889 | dw = subL[1] & subL[17], | 852 | dw = subL[1] & subL[17], |
890 | subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ | 853 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ |
891 | /* round 14 */ | 854 | /* round 14 */ |
892 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; | 855 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; |
893 | /* round 16 */ | 856 | /* round 16 */ |
@@ -896,7 +859,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
896 | subL[23] ^= subL[1]; subR[23] ^= subR[1]; | 859 | subL[23] ^= subL[1]; subR[23] ^= subR[1]; |
897 | subL[1] ^= subR[1] & ~subR[25]; | 860 | subL[1] ^= subR[1] & ~subR[25]; |
898 | dw = subL[1] & subL[25], | 861 | dw = subL[1] & subL[25], |
899 | subR[1] ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ | 862 | subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */ |
900 | /* round 20 */ | 863 | /* round 20 */ |
901 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; | 864 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; |
902 | /* round 22 */ | 865 | /* round 22 */ |
@@ -916,7 +879,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
916 | subL[26] ^= kw4l; subR[26] ^= kw4r; | 879 | subL[26] ^= kw4l; subR[26] ^= kw4r; |
917 | kw4l ^= kw4r & ~subR[24]; | 880 | kw4l ^= kw4r & ~subR[24]; |
918 | dw = kw4l & subL[24], | 881 | dw = kw4l & subL[24], |
919 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ | 882 | kw4r ^= ROL1(dw); /* modified for FL(kl5) */ |
920 | /* round 17 */ | 883 | /* round 17 */ |
921 | subL[22] ^= kw4l; subR[22] ^= kw4r; | 884 | subL[22] ^= kw4l; subR[22] ^= kw4r; |
922 | /* round 15 */ | 885 | /* round 15 */ |
@@ -925,7 +888,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
925 | subL[18] ^= kw4l; subR[18] ^= kw4r; | 888 | subL[18] ^= kw4l; subR[18] ^= kw4r; |
926 | kw4l ^= kw4r & ~subR[16]; | 889 | kw4l ^= kw4r & ~subR[16]; |
927 | dw = kw4l & subL[16], | 890 | dw = kw4l & subL[16], |
928 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ | 891 | kw4r ^= ROL1(dw); /* modified for FL(kl3) */ |
929 | /* round 11 */ | 892 | /* round 11 */ |
930 | subL[14] ^= kw4l; subR[14] ^= kw4r; | 893 | subL[14] ^= kw4l; subR[14] ^= kw4r; |
931 | /* round 9 */ | 894 | /* round 9 */ |
@@ -934,7 +897,7 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
934 | subL[10] ^= kw4l; subR[10] ^= kw4r; | 897 | subL[10] ^= kw4l; subR[10] ^= kw4r; |
935 | kw4l ^= kw4r & ~subR[8]; | 898 | kw4l ^= kw4r & ~subR[8]; |
936 | dw = kw4l & subL[8], | 899 | dw = kw4l & subL[8], |
937 | kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ | 900 | kw4r ^= ROL1(dw); /* modified for FL(kl1) */ |
938 | /* round 5 */ | 901 | /* round 5 */ |
939 | subL[6] ^= kw4l; subR[6] ^= kw4r; | 902 | subL[6] ^= kw4l; subR[6] ^= kw4r; |
940 | /* round 3 */ | 903 | /* round 3 */ |
@@ -945,188 +908,138 @@ static void camellia_setup256(const unsigned char *key, u32 *subkey) | |||
945 | subL[0] ^= kw4l; subR[0] ^= kw4r; | 908 | subL[0] ^= kw4l; subR[0] ^= kw4r; |
946 | 909 | ||
947 | /* key XOR is end of F-function */ | 910 | /* key XOR is end of F-function */ |
948 | CAMELLIA_SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ | 911 | SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */ |
949 | CAMELLIA_SUBKEY_R(0) = subR[0] ^ subR[2]; | 912 | SUBKEY_R(0) = subR[0] ^ subR[2]; |
950 | CAMELLIA_SUBKEY_L(2) = subL[3]; /* round 1 */ | 913 | SUBKEY_L(2) = subL[3]; /* round 1 */ |
951 | CAMELLIA_SUBKEY_R(2) = subR[3]; | 914 | SUBKEY_R(2) = subR[3]; |
952 | CAMELLIA_SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */ | 915 | SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */ |
953 | CAMELLIA_SUBKEY_R(3) = subR[2] ^ subR[4]; | 916 | SUBKEY_R(3) = subR[2] ^ subR[4]; |
954 | CAMELLIA_SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */ | 917 | SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */ |
955 | CAMELLIA_SUBKEY_R(4) = subR[3] ^ subR[5]; | 918 | SUBKEY_R(4) = subR[3] ^ subR[5]; |
956 | CAMELLIA_SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */ | 919 | SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */ |
957 | CAMELLIA_SUBKEY_R(5) = subR[4] ^ subR[6]; | 920 | SUBKEY_R(5) = subR[4] ^ subR[6]; |
958 | CAMELLIA_SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */ | 921 | SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */ |
959 | CAMELLIA_SUBKEY_R(6) = subR[5] ^ subR[7]; | 922 | SUBKEY_R(6) = subR[5] ^ subR[7]; |
960 | tl = subL[10] ^ (subR[10] & ~subR[8]); | 923 | tl = subL[10] ^ (subR[10] & ~subR[8]); |
961 | dw = tl & subL[8], /* FL(kl1) */ | 924 | dw = tl & subL[8], /* FL(kl1) */ |
962 | tr = subR[10] ^ CAMELLIA_RL1(dw); | 925 | tr = subR[10] ^ ROL1(dw); |
963 | CAMELLIA_SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ | 926 | SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ |
964 | CAMELLIA_SUBKEY_R(7) = subR[6] ^ tr; | 927 | SUBKEY_R(7) = subR[6] ^ tr; |
965 | CAMELLIA_SUBKEY_L(8) = subL[8]; /* FL(kl1) */ | 928 | SUBKEY_L(8) = subL[8]; /* FL(kl1) */ |
966 | CAMELLIA_SUBKEY_R(8) = subR[8]; | 929 | SUBKEY_R(8) = subR[8]; |
967 | CAMELLIA_SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */ | 930 | SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */ |
968 | CAMELLIA_SUBKEY_R(9) = subR[9]; | 931 | SUBKEY_R(9) = subR[9]; |
969 | tl = subL[7] ^ (subR[7] & ~subR[9]); | 932 | tl = subL[7] ^ (subR[7] & ~subR[9]); |
970 | dw = tl & subL[9], /* FLinv(kl2) */ | 933 | dw = tl & subL[9], /* FLinv(kl2) */ |
971 | tr = subR[7] ^ CAMELLIA_RL1(dw); | 934 | tr = subR[7] ^ ROL1(dw); |
972 | CAMELLIA_SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ | 935 | SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ |
973 | CAMELLIA_SUBKEY_R(10) = tr ^ subR[11]; | 936 | SUBKEY_R(10) = tr ^ subR[11]; |
974 | CAMELLIA_SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ | 937 | SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ |
975 | CAMELLIA_SUBKEY_R(11) = subR[10] ^ subR[12]; | 938 | SUBKEY_R(11) = subR[10] ^ subR[12]; |
976 | CAMELLIA_SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */ | 939 | SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */ |
977 | CAMELLIA_SUBKEY_R(12) = subR[11] ^ subR[13]; | 940 | SUBKEY_R(12) = subR[11] ^ subR[13]; |
978 | CAMELLIA_SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */ | 941 | SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */ |
979 | CAMELLIA_SUBKEY_R(13) = subR[12] ^ subR[14]; | 942 | SUBKEY_R(13) = subR[12] ^ subR[14]; |
980 | CAMELLIA_SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */ | 943 | SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */ |
981 | CAMELLIA_SUBKEY_R(14) = subR[13] ^ subR[15]; | 944 | SUBKEY_R(14) = subR[13] ^ subR[15]; |
982 | tl = subL[18] ^ (subR[18] & ~subR[16]); | 945 | tl = subL[18] ^ (subR[18] & ~subR[16]); |
983 | dw = tl & subL[16], /* FL(kl3) */ | 946 | dw = tl & subL[16], /* FL(kl3) */ |
984 | tr = subR[18] ^ CAMELLIA_RL1(dw); | 947 | tr = subR[18] ^ ROL1(dw); |
985 | CAMELLIA_SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ | 948 | SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ |
986 | CAMELLIA_SUBKEY_R(15) = subR[14] ^ tr; | 949 | SUBKEY_R(15) = subR[14] ^ tr; |
987 | CAMELLIA_SUBKEY_L(16) = subL[16]; /* FL(kl3) */ | 950 | SUBKEY_L(16) = subL[16]; /* FL(kl3) */ |
988 | CAMELLIA_SUBKEY_R(16) = subR[16]; | 951 | SUBKEY_R(16) = subR[16]; |
989 | CAMELLIA_SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */ | 952 | SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */ |
990 | CAMELLIA_SUBKEY_R(17) = subR[17]; | 953 | SUBKEY_R(17) = subR[17]; |
991 | tl = subL[15] ^ (subR[15] & ~subR[17]); | 954 | tl = subL[15] ^ (subR[15] & ~subR[17]); |
992 | dw = tl & subL[17], /* FLinv(kl4) */ | 955 | dw = tl & subL[17], /* FLinv(kl4) */ |
993 | tr = subR[15] ^ CAMELLIA_RL1(dw); | 956 | tr = subR[15] ^ ROL1(dw); |
994 | CAMELLIA_SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ | 957 | SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ |
995 | CAMELLIA_SUBKEY_R(18) = tr ^ subR[19]; | 958 | SUBKEY_R(18) = tr ^ subR[19]; |
996 | CAMELLIA_SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ | 959 | SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ |
997 | CAMELLIA_SUBKEY_R(19) = subR[18] ^ subR[20]; | 960 | SUBKEY_R(19) = subR[18] ^ subR[20]; |
998 | CAMELLIA_SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */ | 961 | SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */ |
999 | CAMELLIA_SUBKEY_R(20) = subR[19] ^ subR[21]; | 962 | SUBKEY_R(20) = subR[19] ^ subR[21]; |
1000 | CAMELLIA_SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */ | 963 | SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */ |
1001 | CAMELLIA_SUBKEY_R(21) = subR[20] ^ subR[22]; | 964 | SUBKEY_R(21) = subR[20] ^ subR[22]; |
1002 | CAMELLIA_SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */ | 965 | SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */ |
1003 | CAMELLIA_SUBKEY_R(22) = subR[21] ^ subR[23]; | 966 | SUBKEY_R(22) = subR[21] ^ subR[23]; |
1004 | tl = subL[26] ^ (subR[26] | 967 | tl = subL[26] ^ (subR[26] & ~subR[24]); |
1005 | & ~subR[24]); | ||
1006 | dw = tl & subL[24], /* FL(kl5) */ | 968 | dw = tl & subL[24], /* FL(kl5) */ |
1007 | tr = subR[26] ^ CAMELLIA_RL1(dw); | 969 | tr = subR[26] ^ ROL1(dw); |
1008 | CAMELLIA_SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ | 970 | SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ |
1009 | CAMELLIA_SUBKEY_R(23) = subR[22] ^ tr; | 971 | SUBKEY_R(23) = subR[22] ^ tr; |
1010 | CAMELLIA_SUBKEY_L(24) = subL[24]; /* FL(kl5) */ | 972 | SUBKEY_L(24) = subL[24]; /* FL(kl5) */ |
1011 | CAMELLIA_SUBKEY_R(24) = subR[24]; | 973 | SUBKEY_R(24) = subR[24]; |
1012 | CAMELLIA_SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */ | 974 | SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */ |
1013 | CAMELLIA_SUBKEY_R(25) = subR[25]; | 975 | SUBKEY_R(25) = subR[25]; |
1014 | tl = subL[23] ^ (subR[23] & | 976 | tl = subL[23] ^ (subR[23] & ~subR[25]); |
1015 | ~subR[25]); | ||
1016 | dw = tl & subL[25], /* FLinv(kl6) */ | 977 | dw = tl & subL[25], /* FLinv(kl6) */ |
1017 | tr = subR[23] ^ CAMELLIA_RL1(dw); | 978 | tr = subR[23] ^ ROL1(dw); |
1018 | CAMELLIA_SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ | 979 | SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ |
1019 | CAMELLIA_SUBKEY_R(26) = tr ^ subR[27]; | 980 | SUBKEY_R(26) = tr ^ subR[27]; |
1020 | CAMELLIA_SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ | 981 | SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ |
1021 | CAMELLIA_SUBKEY_R(27) = subR[26] ^ subR[28]; | 982 | SUBKEY_R(27) = subR[26] ^ subR[28]; |
1022 | CAMELLIA_SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */ | 983 | SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */ |
1023 | CAMELLIA_SUBKEY_R(28) = subR[27] ^ subR[29]; | 984 | SUBKEY_R(28) = subR[27] ^ subR[29]; |
1024 | CAMELLIA_SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */ | 985 | SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */ |
1025 | CAMELLIA_SUBKEY_R(29) = subR[28] ^ subR[30]; | 986 | SUBKEY_R(29) = subR[28] ^ subR[30]; |
1026 | CAMELLIA_SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */ | 987 | SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */ |
1027 | CAMELLIA_SUBKEY_R(30) = subR[29] ^ subR[31]; | 988 | SUBKEY_R(30) = subR[29] ^ subR[31]; |
1028 | CAMELLIA_SUBKEY_L(31) = subL[30]; /* round 24 */ | 989 | SUBKEY_L(31) = subL[30]; /* round 24 */ |
1029 | CAMELLIA_SUBKEY_R(31) = subR[30]; | 990 | SUBKEY_R(31) = subR[30]; |
1030 | CAMELLIA_SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */ | 991 | SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */ |
1031 | CAMELLIA_SUBKEY_R(32) = subR[32] ^ subR[31]; | 992 | SUBKEY_R(32) = subR[32] ^ subR[31]; |
1032 | 993 | ||
1033 | /* apply the inverse of the last half of P-function */ | 994 | /* apply the inverse of the last half of P-function */ |
1034 | dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2), | 995 | dw = SUBKEY_L(2) ^ SUBKEY_R(2); dw = ROL8(dw);/* round 1 */ |
1035 | dw = CAMELLIA_RL8(dw);/* round 1 */ | 996 | SUBKEY_R(2) = SUBKEY_L(2) ^ dw; SUBKEY_L(2) = dw; |
1036 | CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw, | 997 | dw = SUBKEY_L(3) ^ SUBKEY_R(3); dw = ROL8(dw);/* round 2 */ |
1037 | CAMELLIA_SUBKEY_L(2) = dw; | 998 | SUBKEY_R(3) = SUBKEY_L(3) ^ dw; SUBKEY_L(3) = dw; |
1038 | dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3), | 999 | dw = SUBKEY_L(4) ^ SUBKEY_R(4); dw = ROL8(dw);/* round 3 */ |
1039 | dw = CAMELLIA_RL8(dw);/* round 2 */ | 1000 | SUBKEY_R(4) = SUBKEY_L(4) ^ dw; SUBKEY_L(4) = dw; |
1040 | CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw, | 1001 | dw = SUBKEY_L(5) ^ SUBKEY_R(5); dw = ROL8(dw);/* round 4 */ |
1041 | CAMELLIA_SUBKEY_L(3) = dw; | 1002 | SUBKEY_R(5) = SUBKEY_L(5) ^ dw; SUBKEY_L(5) = dw; |
1042 | dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4), | 1003 | dw = SUBKEY_L(6) ^ SUBKEY_R(6); dw = ROL8(dw);/* round 5 */ |
1043 | dw = CAMELLIA_RL8(dw);/* round 3 */ | 1004 | SUBKEY_R(6) = SUBKEY_L(6) ^ dw; SUBKEY_L(6) = dw; |
1044 | CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw, | 1005 | dw = SUBKEY_L(7) ^ SUBKEY_R(7); dw = ROL8(dw);/* round 6 */ |
1045 | CAMELLIA_SUBKEY_L(4) = dw; | 1006 | SUBKEY_R(7) = SUBKEY_L(7) ^ dw; SUBKEY_L(7) = dw; |
1046 | dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5), | 1007 | dw = SUBKEY_L(10) ^ SUBKEY_R(10); dw = ROL8(dw);/* round 7 */ |
1047 | dw = CAMELLIA_RL8(dw);/* round 4 */ | 1008 | SUBKEY_R(10) = SUBKEY_L(10) ^ dw; SUBKEY_L(10) = dw; |
1048 | CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw, | 1009 | dw = SUBKEY_L(11) ^ SUBKEY_R(11); dw = ROL8(dw);/* round 8 */ |
1049 | CAMELLIA_SUBKEY_L(5) = dw; | 1010 | SUBKEY_R(11) = SUBKEY_L(11) ^ dw; SUBKEY_L(11) = dw; |
1050 | dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6), | 1011 | dw = SUBKEY_L(12) ^ SUBKEY_R(12); dw = ROL8(dw);/* round 9 */ |
1051 | dw = CAMELLIA_RL8(dw);/* round 5 */ | 1012 | SUBKEY_R(12) = SUBKEY_L(12) ^ dw; SUBKEY_L(12) = dw; |
1052 | CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw, | 1013 | dw = SUBKEY_L(13) ^ SUBKEY_R(13); dw = ROL8(dw);/* round 10 */ |
1053 | CAMELLIA_SUBKEY_L(6) = dw; | 1014 | SUBKEY_R(13) = SUBKEY_L(13) ^ dw; SUBKEY_L(13) = dw; |
1054 | dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7), | 1015 | dw = SUBKEY_L(14) ^ SUBKEY_R(14); dw = ROL8(dw);/* round 11 */ |
1055 | dw = CAMELLIA_RL8(dw);/* round 6 */ | 1016 | SUBKEY_R(14) = SUBKEY_L(14) ^ dw; SUBKEY_L(14) = dw; |
1056 | CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw, | 1017 | dw = SUBKEY_L(15) ^ SUBKEY_R(15); dw = ROL8(dw);/* round 12 */ |
1057 | CAMELLIA_SUBKEY_L(7) = dw; | 1018 | SUBKEY_R(15) = SUBKEY_L(15) ^ dw; SUBKEY_L(15) = dw; |
1058 | dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10), | 1019 | dw = SUBKEY_L(18) ^ SUBKEY_R(18); dw = ROL8(dw);/* round 13 */ |
1059 | dw = CAMELLIA_RL8(dw);/* round 7 */ | 1020 | SUBKEY_R(18) = SUBKEY_L(18) ^ dw; SUBKEY_L(18) = dw; |
1060 | CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw, | 1021 | dw = SUBKEY_L(19) ^ SUBKEY_R(19); dw = ROL8(dw);/* round 14 */ |
1061 | CAMELLIA_SUBKEY_L(10) = dw; | 1022 | SUBKEY_R(19) = SUBKEY_L(19) ^ dw; SUBKEY_L(19) = dw; |
1062 | dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11), | 1023 | dw = SUBKEY_L(20) ^ SUBKEY_R(20); dw = ROL8(dw);/* round 15 */ |
1063 | dw = CAMELLIA_RL8(dw);/* round 8 */ | 1024 | SUBKEY_R(20) = SUBKEY_L(20) ^ dw; SUBKEY_L(20) = dw; |
1064 | CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw, | 1025 | dw = SUBKEY_L(21) ^ SUBKEY_R(21); dw = ROL8(dw);/* round 16 */ |
1065 | CAMELLIA_SUBKEY_L(11) = dw; | 1026 | SUBKEY_R(21) = SUBKEY_L(21) ^ dw; SUBKEY_L(21) = dw; |
1066 | dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12), | 1027 | dw = SUBKEY_L(22) ^ SUBKEY_R(22); dw = ROL8(dw);/* round 17 */ |
1067 | dw = CAMELLIA_RL8(dw);/* round 9 */ | 1028 | SUBKEY_R(22) = SUBKEY_L(22) ^ dw; SUBKEY_L(22) = dw; |
1068 | CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw, | 1029 | dw = SUBKEY_L(23) ^ SUBKEY_R(23); dw = ROL8(dw);/* round 18 */ |
1069 | CAMELLIA_SUBKEY_L(12) = dw; | 1030 | SUBKEY_R(23) = SUBKEY_L(23) ^ dw; SUBKEY_L(23) = dw; |
1070 | dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13), | 1031 | dw = SUBKEY_L(26) ^ SUBKEY_R(26); dw = ROL8(dw);/* round 19 */ |
1071 | dw = CAMELLIA_RL8(dw);/* round 10 */ | 1032 | SUBKEY_R(26) = SUBKEY_L(26) ^ dw; SUBKEY_L(26) = dw; |
1072 | CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw, | 1033 | dw = SUBKEY_L(27) ^ SUBKEY_R(27); dw = ROL8(dw);/* round 20 */ |
1073 | CAMELLIA_SUBKEY_L(13) = dw; | 1034 | SUBKEY_R(27) = SUBKEY_L(27) ^ dw; SUBKEY_L(27) = dw; |
1074 | dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14), | 1035 | dw = SUBKEY_L(28) ^ SUBKEY_R(28); dw = ROL8(dw);/* round 21 */ |
1075 | dw = CAMELLIA_RL8(dw);/* round 11 */ | 1036 | SUBKEY_R(28) = SUBKEY_L(28) ^ dw; SUBKEY_L(28) = dw; |
1076 | CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw, | 1037 | dw = SUBKEY_L(29) ^ SUBKEY_R(29); dw = ROL8(dw);/* round 22 */ |
1077 | CAMELLIA_SUBKEY_L(14) = dw; | 1038 | SUBKEY_R(29) = SUBKEY_L(29) ^ dw; SUBKEY_L(29) = dw; |
1078 | dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15), | 1039 | dw = SUBKEY_L(30) ^ SUBKEY_R(30); dw = ROL8(dw);/* round 23 */ |
1079 | dw = CAMELLIA_RL8(dw);/* round 12 */ | 1040 | SUBKEY_R(30) = SUBKEY_L(30) ^ dw; SUBKEY_L(30) = dw; |
1080 | CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw, | 1041 | dw = SUBKEY_L(31) ^ SUBKEY_R(31); dw = ROL8(dw);/* round 24 */ |
1081 | CAMELLIA_SUBKEY_L(15) = dw; | 1042 | SUBKEY_R(31) = SUBKEY_L(31) ^ dw; SUBKEY_L(31) = dw; |
1082 | dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18), | ||
1083 | dw = CAMELLIA_RL8(dw);/* round 13 */ | ||
1084 | CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw, | ||
1085 | CAMELLIA_SUBKEY_L(18) = dw; | ||
1086 | dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19), | ||
1087 | dw = CAMELLIA_RL8(dw);/* round 14 */ | ||
1088 | CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw, | ||
1089 | CAMELLIA_SUBKEY_L(19) = dw; | ||
1090 | dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20), | ||
1091 | dw = CAMELLIA_RL8(dw);/* round 15 */ | ||
1092 | CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw, | ||
1093 | CAMELLIA_SUBKEY_L(20) = dw; | ||
1094 | dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21), | ||
1095 | dw = CAMELLIA_RL8(dw);/* round 16 */ | ||
1096 | CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw, | ||
1097 | CAMELLIA_SUBKEY_L(21) = dw; | ||
1098 | dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22), | ||
1099 | dw = CAMELLIA_RL8(dw);/* round 17 */ | ||
1100 | CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw, | ||
1101 | CAMELLIA_SUBKEY_L(22) = dw; | ||
1102 | dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23), | ||
1103 | dw = CAMELLIA_RL8(dw);/* round 18 */ | ||
1104 | CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw, | ||
1105 | CAMELLIA_SUBKEY_L(23) = dw; | ||
1106 | dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26), | ||
1107 | dw = CAMELLIA_RL8(dw);/* round 19 */ | ||
1108 | CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw, | ||
1109 | CAMELLIA_SUBKEY_L(26) = dw; | ||
1110 | dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27), | ||
1111 | dw = CAMELLIA_RL8(dw);/* round 20 */ | ||
1112 | CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw, | ||
1113 | CAMELLIA_SUBKEY_L(27) = dw; | ||
1114 | dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28), | ||
1115 | dw = CAMELLIA_RL8(dw);/* round 21 */ | ||
1116 | CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw, | ||
1117 | CAMELLIA_SUBKEY_L(28) = dw; | ||
1118 | dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29), | ||
1119 | dw = CAMELLIA_RL8(dw);/* round 22 */ | ||
1120 | CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw, | ||
1121 | CAMELLIA_SUBKEY_L(29) = dw; | ||
1122 | dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30), | ||
1123 | dw = CAMELLIA_RL8(dw);/* round 23 */ | ||
1124 | CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw, | ||
1125 | CAMELLIA_SUBKEY_L(30) = dw; | ||
1126 | dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31), | ||
1127 | dw = CAMELLIA_RL8(dw);/* round 24 */ | ||
1128 | CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw, | ||
1129 | CAMELLIA_SUBKEY_L(31) = dw; | ||
1130 | } | 1043 | } |
1131 | 1044 | ||
1132 | static void camellia_setup192(const unsigned char *key, u32 *subkey) | 1045 | static void camellia_setup192(const unsigned char *key, u32 *subkey) |
@@ -1145,424 +1058,400 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) | |||
1145 | } | 1058 | } |
1146 | 1059 | ||
1147 | 1060 | ||
1148 | static void camellia_encrypt128(const u32 *subkey, __be32 *io_text) | 1061 | static void camellia_encrypt128(const u32 *subkey, u32 *io_text) |
1149 | { | 1062 | { |
1150 | u32 il,ir,t0,t1; /* temporary valiables */ | 1063 | u32 il,ir,t0,t1; /* temporary variables */ |
1151 | 1064 | ||
1152 | u32 io[4]; | 1065 | u32 io[4]; |
1153 | 1066 | ||
1154 | io[0] = be32_to_cpu(io_text[0]); | ||
1155 | io[1] = be32_to_cpu(io_text[1]); | ||
1156 | io[2] = be32_to_cpu(io_text[2]); | ||
1157 | io[3] = be32_to_cpu(io_text[3]); | ||
1158 | |||
1159 | /* pre whitening but absorb kw2 */ | 1067 | /* pre whitening but absorb kw2 */ |
1160 | io[0] ^= CAMELLIA_SUBKEY_L(0); | 1068 | io[0] = io_text[0] ^ SUBKEY_L(0); |
1161 | io[1] ^= CAMELLIA_SUBKEY_R(0); | 1069 | io[1] = io_text[1] ^ SUBKEY_R(0); |
1070 | io[2] = io_text[2]; | ||
1071 | io[3] = io_text[3]; | ||
1162 | 1072 | ||
1163 | /* main iteration */ | 1073 | /* main iteration */ |
1164 | CAMELLIA_ROUNDSM(io[0],io[1], | 1074 | CAMELLIA_ROUNDSM(io[0],io[1], |
1165 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | 1075 | SUBKEY_L(2),SUBKEY_R(2), |
1166 | io[2],io[3],il,ir,t0,t1); | 1076 | io[2],io[3],il,ir,t0,t1); |
1167 | CAMELLIA_ROUNDSM(io[2],io[3], | 1077 | CAMELLIA_ROUNDSM(io[2],io[3], |
1168 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | 1078 | SUBKEY_L(3),SUBKEY_R(3), |
1169 | io[0],io[1],il,ir,t0,t1); | 1079 | io[0],io[1],il,ir,t0,t1); |
1170 | CAMELLIA_ROUNDSM(io[0],io[1], | 1080 | CAMELLIA_ROUNDSM(io[0],io[1], |
1171 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | 1081 | SUBKEY_L(4),SUBKEY_R(4), |
1172 | io[2],io[3],il,ir,t0,t1); | 1082 | io[2],io[3],il,ir,t0,t1); |
1173 | CAMELLIA_ROUNDSM(io[2],io[3], | 1083 | CAMELLIA_ROUNDSM(io[2],io[3], |
1174 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | 1084 | SUBKEY_L(5),SUBKEY_R(5), |
1175 | io[0],io[1],il,ir,t0,t1); | 1085 | io[0],io[1],il,ir,t0,t1); |
1176 | CAMELLIA_ROUNDSM(io[0],io[1], | 1086 | CAMELLIA_ROUNDSM(io[0],io[1], |
1177 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | 1087 | SUBKEY_L(6),SUBKEY_R(6), |
1178 | io[2],io[3],il,ir,t0,t1); | 1088 | io[2],io[3],il,ir,t0,t1); |
1179 | CAMELLIA_ROUNDSM(io[2],io[3], | 1089 | CAMELLIA_ROUNDSM(io[2],io[3], |
1180 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | 1090 | SUBKEY_L(7),SUBKEY_R(7), |
1181 | io[0],io[1],il,ir,t0,t1); | 1091 | io[0],io[1],il,ir,t0,t1); |
1182 | 1092 | ||
1183 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1093 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1184 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | 1094 | SUBKEY_L(8),SUBKEY_R(8), |
1185 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | 1095 | SUBKEY_L(9),SUBKEY_R(9), |
1186 | t0,t1,il,ir); | 1096 | t0,t1,il,ir); |
1187 | 1097 | ||
1188 | CAMELLIA_ROUNDSM(io[0],io[1], | 1098 | CAMELLIA_ROUNDSM(io[0],io[1], |
1189 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | 1099 | SUBKEY_L(10),SUBKEY_R(10), |
1190 | io[2],io[3],il,ir,t0,t1); | 1100 | io[2],io[3],il,ir,t0,t1); |
1191 | CAMELLIA_ROUNDSM(io[2],io[3], | 1101 | CAMELLIA_ROUNDSM(io[2],io[3], |
1192 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | 1102 | SUBKEY_L(11),SUBKEY_R(11), |
1193 | io[0],io[1],il,ir,t0,t1); | 1103 | io[0],io[1],il,ir,t0,t1); |
1194 | CAMELLIA_ROUNDSM(io[0],io[1], | 1104 | CAMELLIA_ROUNDSM(io[0],io[1], |
1195 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | 1105 | SUBKEY_L(12),SUBKEY_R(12), |
1196 | io[2],io[3],il,ir,t0,t1); | 1106 | io[2],io[3],il,ir,t0,t1); |
1197 | CAMELLIA_ROUNDSM(io[2],io[3], | 1107 | CAMELLIA_ROUNDSM(io[2],io[3], |
1198 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | 1108 | SUBKEY_L(13),SUBKEY_R(13), |
1199 | io[0],io[1],il,ir,t0,t1); | 1109 | io[0],io[1],il,ir,t0,t1); |
1200 | CAMELLIA_ROUNDSM(io[0],io[1], | 1110 | CAMELLIA_ROUNDSM(io[0],io[1], |
1201 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | 1111 | SUBKEY_L(14),SUBKEY_R(14), |
1202 | io[2],io[3],il,ir,t0,t1); | 1112 | io[2],io[3],il,ir,t0,t1); |
1203 | CAMELLIA_ROUNDSM(io[2],io[3], | 1113 | CAMELLIA_ROUNDSM(io[2],io[3], |
1204 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | 1114 | SUBKEY_L(15),SUBKEY_R(15), |
1205 | io[0],io[1],il,ir,t0,t1); | 1115 | io[0],io[1],il,ir,t0,t1); |
1206 | 1116 | ||
1207 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1117 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1208 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | 1118 | SUBKEY_L(16),SUBKEY_R(16), |
1209 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | 1119 | SUBKEY_L(17),SUBKEY_R(17), |
1210 | t0,t1,il,ir); | 1120 | t0,t1,il,ir); |
1211 | 1121 | ||
1212 | CAMELLIA_ROUNDSM(io[0],io[1], | 1122 | CAMELLIA_ROUNDSM(io[0],io[1], |
1213 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | 1123 | SUBKEY_L(18),SUBKEY_R(18), |
1214 | io[2],io[3],il,ir,t0,t1); | 1124 | io[2],io[3],il,ir,t0,t1); |
1215 | CAMELLIA_ROUNDSM(io[2],io[3], | 1125 | CAMELLIA_ROUNDSM(io[2],io[3], |
1216 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | 1126 | SUBKEY_L(19),SUBKEY_R(19), |
1217 | io[0],io[1],il,ir,t0,t1); | 1127 | io[0],io[1],il,ir,t0,t1); |
1218 | CAMELLIA_ROUNDSM(io[0],io[1], | 1128 | CAMELLIA_ROUNDSM(io[0],io[1], |
1219 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | 1129 | SUBKEY_L(20),SUBKEY_R(20), |
1220 | io[2],io[3],il,ir,t0,t1); | 1130 | io[2],io[3],il,ir,t0,t1); |
1221 | CAMELLIA_ROUNDSM(io[2],io[3], | 1131 | CAMELLIA_ROUNDSM(io[2],io[3], |
1222 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | 1132 | SUBKEY_L(21),SUBKEY_R(21), |
1223 | io[0],io[1],il,ir,t0,t1); | 1133 | io[0],io[1],il,ir,t0,t1); |
1224 | CAMELLIA_ROUNDSM(io[0],io[1], | 1134 | CAMELLIA_ROUNDSM(io[0],io[1], |
1225 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | 1135 | SUBKEY_L(22),SUBKEY_R(22), |
1226 | io[2],io[3],il,ir,t0,t1); | 1136 | io[2],io[3],il,ir,t0,t1); |
1227 | CAMELLIA_ROUNDSM(io[2],io[3], | 1137 | CAMELLIA_ROUNDSM(io[2],io[3], |
1228 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | 1138 | SUBKEY_L(23),SUBKEY_R(23), |
1229 | io[0],io[1],il,ir,t0,t1); | 1139 | io[0],io[1],il,ir,t0,t1); |
1230 | 1140 | ||
1231 | /* post whitening but kw4 */ | 1141 | /* post whitening but kw4 */ |
1232 | io[2] ^= CAMELLIA_SUBKEY_L(24); | 1142 | io_text[0] = io[2] ^ SUBKEY_L(24); |
1233 | io[3] ^= CAMELLIA_SUBKEY_R(24); | 1143 | io_text[1] = io[3] ^ SUBKEY_R(24); |
1234 | 1144 | io_text[2] = io[0]; | |
1235 | io_text[0] = cpu_to_be32(io[2]); | 1145 | io_text[3] = io[1]; |
1236 | io_text[1] = cpu_to_be32(io[3]); | ||
1237 | io_text[2] = cpu_to_be32(io[0]); | ||
1238 | io_text[3] = cpu_to_be32(io[1]); | ||
1239 | } | 1146 | } |
1240 | 1147 | ||
1241 | static void camellia_decrypt128(const u32 *subkey, __be32 *io_text) | 1148 | static void camellia_decrypt128(const u32 *subkey, u32 *io_text) |
1242 | { | 1149 | { |
1243 | u32 il,ir,t0,t1; /* temporary valiables */ | 1150 | u32 il,ir,t0,t1; /* temporary variables */ |
1244 | 1151 | ||
1245 | u32 io[4]; | 1152 | u32 io[4]; |
1246 | 1153 | ||
1247 | io[0] = be32_to_cpu(io_text[0]); | ||
1248 | io[1] = be32_to_cpu(io_text[1]); | ||
1249 | io[2] = be32_to_cpu(io_text[2]); | ||
1250 | io[3] = be32_to_cpu(io_text[3]); | ||
1251 | |||
1252 | /* pre whitening but absorb kw2 */ | 1154 | /* pre whitening but absorb kw2 */ |
1253 | io[0] ^= CAMELLIA_SUBKEY_L(24); | 1155 | io[0] = io_text[0] ^ SUBKEY_L(24); |
1254 | io[1] ^= CAMELLIA_SUBKEY_R(24); | 1156 | io[1] = io_text[1] ^ SUBKEY_R(24); |
1157 | io[2] = io_text[2]; | ||
1158 | io[3] = io_text[3]; | ||
1255 | 1159 | ||
1256 | /* main iteration */ | 1160 | /* main iteration */ |
1257 | CAMELLIA_ROUNDSM(io[0],io[1], | 1161 | CAMELLIA_ROUNDSM(io[0],io[1], |
1258 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | 1162 | SUBKEY_L(23),SUBKEY_R(23), |
1259 | io[2],io[3],il,ir,t0,t1); | 1163 | io[2],io[3],il,ir,t0,t1); |
1260 | CAMELLIA_ROUNDSM(io[2],io[3], | 1164 | CAMELLIA_ROUNDSM(io[2],io[3], |
1261 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | 1165 | SUBKEY_L(22),SUBKEY_R(22), |
1262 | io[0],io[1],il,ir,t0,t1); | 1166 | io[0],io[1],il,ir,t0,t1); |
1263 | CAMELLIA_ROUNDSM(io[0],io[1], | 1167 | CAMELLIA_ROUNDSM(io[0],io[1], |
1264 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | 1168 | SUBKEY_L(21),SUBKEY_R(21), |
1265 | io[2],io[3],il,ir,t0,t1); | 1169 | io[2],io[3],il,ir,t0,t1); |
1266 | CAMELLIA_ROUNDSM(io[2],io[3], | 1170 | CAMELLIA_ROUNDSM(io[2],io[3], |
1267 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | 1171 | SUBKEY_L(20),SUBKEY_R(20), |
1268 | io[0],io[1],il,ir,t0,t1); | 1172 | io[0],io[1],il,ir,t0,t1); |
1269 | CAMELLIA_ROUNDSM(io[0],io[1], | 1173 | CAMELLIA_ROUNDSM(io[0],io[1], |
1270 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | 1174 | SUBKEY_L(19),SUBKEY_R(19), |
1271 | io[2],io[3],il,ir,t0,t1); | 1175 | io[2],io[3],il,ir,t0,t1); |
1272 | CAMELLIA_ROUNDSM(io[2],io[3], | 1176 | CAMELLIA_ROUNDSM(io[2],io[3], |
1273 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | 1177 | SUBKEY_L(18),SUBKEY_R(18), |
1274 | io[0],io[1],il,ir,t0,t1); | 1178 | io[0],io[1],il,ir,t0,t1); |
1275 | 1179 | ||
1276 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1180 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1277 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | 1181 | SUBKEY_L(17),SUBKEY_R(17), |
1278 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | 1182 | SUBKEY_L(16),SUBKEY_R(16), |
1279 | t0,t1,il,ir); | 1183 | t0,t1,il,ir); |
1280 | 1184 | ||
1281 | CAMELLIA_ROUNDSM(io[0],io[1], | 1185 | CAMELLIA_ROUNDSM(io[0],io[1], |
1282 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | 1186 | SUBKEY_L(15),SUBKEY_R(15), |
1283 | io[2],io[3],il,ir,t0,t1); | 1187 | io[2],io[3],il,ir,t0,t1); |
1284 | CAMELLIA_ROUNDSM(io[2],io[3], | 1188 | CAMELLIA_ROUNDSM(io[2],io[3], |
1285 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | 1189 | SUBKEY_L(14),SUBKEY_R(14), |
1286 | io[0],io[1],il,ir,t0,t1); | 1190 | io[0],io[1],il,ir,t0,t1); |
1287 | CAMELLIA_ROUNDSM(io[0],io[1], | 1191 | CAMELLIA_ROUNDSM(io[0],io[1], |
1288 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | 1192 | SUBKEY_L(13),SUBKEY_R(13), |
1289 | io[2],io[3],il,ir,t0,t1); | 1193 | io[2],io[3],il,ir,t0,t1); |
1290 | CAMELLIA_ROUNDSM(io[2],io[3], | 1194 | CAMELLIA_ROUNDSM(io[2],io[3], |
1291 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | 1195 | SUBKEY_L(12),SUBKEY_R(12), |
1292 | io[0],io[1],il,ir,t0,t1); | 1196 | io[0],io[1],il,ir,t0,t1); |
1293 | CAMELLIA_ROUNDSM(io[0],io[1], | 1197 | CAMELLIA_ROUNDSM(io[0],io[1], |
1294 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | 1198 | SUBKEY_L(11),SUBKEY_R(11), |
1295 | io[2],io[3],il,ir,t0,t1); | 1199 | io[2],io[3],il,ir,t0,t1); |
1296 | CAMELLIA_ROUNDSM(io[2],io[3], | 1200 | CAMELLIA_ROUNDSM(io[2],io[3], |
1297 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | 1201 | SUBKEY_L(10),SUBKEY_R(10), |
1298 | io[0],io[1],il,ir,t0,t1); | 1202 | io[0],io[1],il,ir,t0,t1); |
1299 | 1203 | ||
1300 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1204 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1301 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | 1205 | SUBKEY_L(9),SUBKEY_R(9), |
1302 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | 1206 | SUBKEY_L(8),SUBKEY_R(8), |
1303 | t0,t1,il,ir); | 1207 | t0,t1,il,ir); |
1304 | 1208 | ||
1305 | CAMELLIA_ROUNDSM(io[0],io[1], | 1209 | CAMELLIA_ROUNDSM(io[0],io[1], |
1306 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | 1210 | SUBKEY_L(7),SUBKEY_R(7), |
1307 | io[2],io[3],il,ir,t0,t1); | 1211 | io[2],io[3],il,ir,t0,t1); |
1308 | CAMELLIA_ROUNDSM(io[2],io[3], | 1212 | CAMELLIA_ROUNDSM(io[2],io[3], |
1309 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | 1213 | SUBKEY_L(6),SUBKEY_R(6), |
1310 | io[0],io[1],il,ir,t0,t1); | 1214 | io[0],io[1],il,ir,t0,t1); |
1311 | CAMELLIA_ROUNDSM(io[0],io[1], | 1215 | CAMELLIA_ROUNDSM(io[0],io[1], |
1312 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | 1216 | SUBKEY_L(5),SUBKEY_R(5), |
1313 | io[2],io[3],il,ir,t0,t1); | 1217 | io[2],io[3],il,ir,t0,t1); |
1314 | CAMELLIA_ROUNDSM(io[2],io[3], | 1218 | CAMELLIA_ROUNDSM(io[2],io[3], |
1315 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | 1219 | SUBKEY_L(4),SUBKEY_R(4), |
1316 | io[0],io[1],il,ir,t0,t1); | 1220 | io[0],io[1],il,ir,t0,t1); |
1317 | CAMELLIA_ROUNDSM(io[0],io[1], | 1221 | CAMELLIA_ROUNDSM(io[0],io[1], |
1318 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | 1222 | SUBKEY_L(3),SUBKEY_R(3), |
1319 | io[2],io[3],il,ir,t0,t1); | 1223 | io[2],io[3],il,ir,t0,t1); |
1320 | CAMELLIA_ROUNDSM(io[2],io[3], | 1224 | CAMELLIA_ROUNDSM(io[2],io[3], |
1321 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | 1225 | SUBKEY_L(2),SUBKEY_R(2), |
1322 | io[0],io[1],il,ir,t0,t1); | 1226 | io[0],io[1],il,ir,t0,t1); |
1323 | 1227 | ||
1324 | /* post whitening but kw4 */ | 1228 | /* post whitening but kw4 */ |
1325 | io[2] ^= CAMELLIA_SUBKEY_L(0); | 1229 | io_text[0] = io[2] ^ SUBKEY_L(0); |
1326 | io[3] ^= CAMELLIA_SUBKEY_R(0); | 1230 | io_text[1] = io[3] ^ SUBKEY_R(0); |
1327 | 1231 | io_text[2] = io[0]; | |
1328 | io_text[0] = cpu_to_be32(io[2]); | 1232 | io_text[3] = io[1]; |
1329 | io_text[1] = cpu_to_be32(io[3]); | ||
1330 | io_text[2] = cpu_to_be32(io[0]); | ||
1331 | io_text[3] = cpu_to_be32(io[1]); | ||
1332 | } | 1233 | } |
1333 | 1234 | ||
1334 | static void camellia_encrypt256(const u32 *subkey, __be32 *io_text) | 1235 | static void camellia_encrypt256(const u32 *subkey, u32 *io_text) |
1335 | { | 1236 | { |
1336 | u32 il,ir,t0,t1; /* temporary valiables */ | 1237 | u32 il,ir,t0,t1; /* temporary variables */ |
1337 | 1238 | ||
1338 | u32 io[4]; | 1239 | u32 io[4]; |
1339 | 1240 | ||
1340 | io[0] = be32_to_cpu(io_text[0]); | ||
1341 | io[1] = be32_to_cpu(io_text[1]); | ||
1342 | io[2] = be32_to_cpu(io_text[2]); | ||
1343 | io[3] = be32_to_cpu(io_text[3]); | ||
1344 | |||
1345 | /* pre whitening but absorb kw2 */ | 1241 | /* pre whitening but absorb kw2 */ |
1346 | io[0] ^= CAMELLIA_SUBKEY_L(0); | 1242 | io[0] = io_text[0] ^ SUBKEY_L(0); |
1347 | io[1] ^= CAMELLIA_SUBKEY_R(0); | 1243 | io[1] = io_text[1] ^ SUBKEY_R(0); |
1244 | io[2] = io_text[2]; | ||
1245 | io[3] = io_text[3]; | ||
1348 | 1246 | ||
1349 | /* main iteration */ | 1247 | /* main iteration */ |
1350 | CAMELLIA_ROUNDSM(io[0],io[1], | 1248 | CAMELLIA_ROUNDSM(io[0],io[1], |
1351 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | 1249 | SUBKEY_L(2),SUBKEY_R(2), |
1352 | io[2],io[3],il,ir,t0,t1); | 1250 | io[2],io[3],il,ir,t0,t1); |
1353 | CAMELLIA_ROUNDSM(io[2],io[3], | 1251 | CAMELLIA_ROUNDSM(io[2],io[3], |
1354 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | 1252 | SUBKEY_L(3),SUBKEY_R(3), |
1355 | io[0],io[1],il,ir,t0,t1); | 1253 | io[0],io[1],il,ir,t0,t1); |
1356 | CAMELLIA_ROUNDSM(io[0],io[1], | 1254 | CAMELLIA_ROUNDSM(io[0],io[1], |
1357 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | 1255 | SUBKEY_L(4),SUBKEY_R(4), |
1358 | io[2],io[3],il,ir,t0,t1); | 1256 | io[2],io[3],il,ir,t0,t1); |
1359 | CAMELLIA_ROUNDSM(io[2],io[3], | 1257 | CAMELLIA_ROUNDSM(io[2],io[3], |
1360 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | 1258 | SUBKEY_L(5),SUBKEY_R(5), |
1361 | io[0],io[1],il,ir,t0,t1); | 1259 | io[0],io[1],il,ir,t0,t1); |
1362 | CAMELLIA_ROUNDSM(io[0],io[1], | 1260 | CAMELLIA_ROUNDSM(io[0],io[1], |
1363 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | 1261 | SUBKEY_L(6),SUBKEY_R(6), |
1364 | io[2],io[3],il,ir,t0,t1); | 1262 | io[2],io[3],il,ir,t0,t1); |
1365 | CAMELLIA_ROUNDSM(io[2],io[3], | 1263 | CAMELLIA_ROUNDSM(io[2],io[3], |
1366 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | 1264 | SUBKEY_L(7),SUBKEY_R(7), |
1367 | io[0],io[1],il,ir,t0,t1); | 1265 | io[0],io[1],il,ir,t0,t1); |
1368 | 1266 | ||
1369 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1267 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1370 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | 1268 | SUBKEY_L(8),SUBKEY_R(8), |
1371 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | 1269 | SUBKEY_L(9),SUBKEY_R(9), |
1372 | t0,t1,il,ir); | 1270 | t0,t1,il,ir); |
1373 | 1271 | ||
1374 | CAMELLIA_ROUNDSM(io[0],io[1], | 1272 | CAMELLIA_ROUNDSM(io[0],io[1], |
1375 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | 1273 | SUBKEY_L(10),SUBKEY_R(10), |
1376 | io[2],io[3],il,ir,t0,t1); | 1274 | io[2],io[3],il,ir,t0,t1); |
1377 | CAMELLIA_ROUNDSM(io[2],io[3], | 1275 | CAMELLIA_ROUNDSM(io[2],io[3], |
1378 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | 1276 | SUBKEY_L(11),SUBKEY_R(11), |
1379 | io[0],io[1],il,ir,t0,t1); | 1277 | io[0],io[1],il,ir,t0,t1); |
1380 | CAMELLIA_ROUNDSM(io[0],io[1], | 1278 | CAMELLIA_ROUNDSM(io[0],io[1], |
1381 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | 1279 | SUBKEY_L(12),SUBKEY_R(12), |
1382 | io[2],io[3],il,ir,t0,t1); | 1280 | io[2],io[3],il,ir,t0,t1); |
1383 | CAMELLIA_ROUNDSM(io[2],io[3], | 1281 | CAMELLIA_ROUNDSM(io[2],io[3], |
1384 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | 1282 | SUBKEY_L(13),SUBKEY_R(13), |
1385 | io[0],io[1],il,ir,t0,t1); | 1283 | io[0],io[1],il,ir,t0,t1); |
1386 | CAMELLIA_ROUNDSM(io[0],io[1], | 1284 | CAMELLIA_ROUNDSM(io[0],io[1], |
1387 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | 1285 | SUBKEY_L(14),SUBKEY_R(14), |
1388 | io[2],io[3],il,ir,t0,t1); | 1286 | io[2],io[3],il,ir,t0,t1); |
1389 | CAMELLIA_ROUNDSM(io[2],io[3], | 1287 | CAMELLIA_ROUNDSM(io[2],io[3], |
1390 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | 1288 | SUBKEY_L(15),SUBKEY_R(15), |
1391 | io[0],io[1],il,ir,t0,t1); | 1289 | io[0],io[1],il,ir,t0,t1); |
1392 | 1290 | ||
1393 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1291 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1394 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | 1292 | SUBKEY_L(16),SUBKEY_R(16), |
1395 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | 1293 | SUBKEY_L(17),SUBKEY_R(17), |
1396 | t0,t1,il,ir); | 1294 | t0,t1,il,ir); |
1397 | 1295 | ||
1398 | CAMELLIA_ROUNDSM(io[0],io[1], | 1296 | CAMELLIA_ROUNDSM(io[0],io[1], |
1399 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | 1297 | SUBKEY_L(18),SUBKEY_R(18), |
1400 | io[2],io[3],il,ir,t0,t1); | 1298 | io[2],io[3],il,ir,t0,t1); |
1401 | CAMELLIA_ROUNDSM(io[2],io[3], | 1299 | CAMELLIA_ROUNDSM(io[2],io[3], |
1402 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | 1300 | SUBKEY_L(19),SUBKEY_R(19), |
1403 | io[0],io[1],il,ir,t0,t1); | 1301 | io[0],io[1],il,ir,t0,t1); |
1404 | CAMELLIA_ROUNDSM(io[0],io[1], | 1302 | CAMELLIA_ROUNDSM(io[0],io[1], |
1405 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | 1303 | SUBKEY_L(20),SUBKEY_R(20), |
1406 | io[2],io[3],il,ir,t0,t1); | 1304 | io[2],io[3],il,ir,t0,t1); |
1407 | CAMELLIA_ROUNDSM(io[2],io[3], | 1305 | CAMELLIA_ROUNDSM(io[2],io[3], |
1408 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | 1306 | SUBKEY_L(21),SUBKEY_R(21), |
1409 | io[0],io[1],il,ir,t0,t1); | 1307 | io[0],io[1],il,ir,t0,t1); |
1410 | CAMELLIA_ROUNDSM(io[0],io[1], | 1308 | CAMELLIA_ROUNDSM(io[0],io[1], |
1411 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | 1309 | SUBKEY_L(22),SUBKEY_R(22), |
1412 | io[2],io[3],il,ir,t0,t1); | 1310 | io[2],io[3],il,ir,t0,t1); |
1413 | CAMELLIA_ROUNDSM(io[2],io[3], | 1311 | CAMELLIA_ROUNDSM(io[2],io[3], |
1414 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | 1312 | SUBKEY_L(23),SUBKEY_R(23), |
1415 | io[0],io[1],il,ir,t0,t1); | 1313 | io[0],io[1],il,ir,t0,t1); |
1416 | 1314 | ||
1417 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1315 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1418 | CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), | 1316 | SUBKEY_L(24),SUBKEY_R(24), |
1419 | CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), | 1317 | SUBKEY_L(25),SUBKEY_R(25), |
1420 | t0,t1,il,ir); | 1318 | t0,t1,il,ir); |
1421 | 1319 | ||
1422 | CAMELLIA_ROUNDSM(io[0],io[1], | 1320 | CAMELLIA_ROUNDSM(io[0],io[1], |
1423 | CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), | 1321 | SUBKEY_L(26),SUBKEY_R(26), |
1424 | io[2],io[3],il,ir,t0,t1); | 1322 | io[2],io[3],il,ir,t0,t1); |
1425 | CAMELLIA_ROUNDSM(io[2],io[3], | 1323 | CAMELLIA_ROUNDSM(io[2],io[3], |
1426 | CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), | 1324 | SUBKEY_L(27),SUBKEY_R(27), |
1427 | io[0],io[1],il,ir,t0,t1); | 1325 | io[0],io[1],il,ir,t0,t1); |
1428 | CAMELLIA_ROUNDSM(io[0],io[1], | 1326 | CAMELLIA_ROUNDSM(io[0],io[1], |
1429 | CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), | 1327 | SUBKEY_L(28),SUBKEY_R(28), |
1430 | io[2],io[3],il,ir,t0,t1); | 1328 | io[2],io[3],il,ir,t0,t1); |
1431 | CAMELLIA_ROUNDSM(io[2],io[3], | 1329 | CAMELLIA_ROUNDSM(io[2],io[3], |
1432 | CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), | 1330 | SUBKEY_L(29),SUBKEY_R(29), |
1433 | io[0],io[1],il,ir,t0,t1); | 1331 | io[0],io[1],il,ir,t0,t1); |
1434 | CAMELLIA_ROUNDSM(io[0],io[1], | 1332 | CAMELLIA_ROUNDSM(io[0],io[1], |
1435 | CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), | 1333 | SUBKEY_L(30),SUBKEY_R(30), |
1436 | io[2],io[3],il,ir,t0,t1); | 1334 | io[2],io[3],il,ir,t0,t1); |
1437 | CAMELLIA_ROUNDSM(io[2],io[3], | 1335 | CAMELLIA_ROUNDSM(io[2],io[3], |
1438 | CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), | 1336 | SUBKEY_L(31),SUBKEY_R(31), |
1439 | io[0],io[1],il,ir,t0,t1); | 1337 | io[0],io[1],il,ir,t0,t1); |
1440 | 1338 | ||
1441 | /* post whitening but kw4 */ | 1339 | /* post whitening but kw4 */ |
1442 | io[2] ^= CAMELLIA_SUBKEY_L(32); | 1340 | io_text[0] = io[2] ^ SUBKEY_L(32); |
1443 | io[3] ^= CAMELLIA_SUBKEY_R(32); | 1341 | io_text[1] = io[3] ^ SUBKEY_R(32); |
1444 | 1342 | io_text[2] = io[0]; | |
1445 | io_text[0] = cpu_to_be32(io[2]); | 1343 | io_text[3] = io[1]; |
1446 | io_text[1] = cpu_to_be32(io[3]); | ||
1447 | io_text[2] = cpu_to_be32(io[0]); | ||
1448 | io_text[3] = cpu_to_be32(io[1]); | ||
1449 | } | 1344 | } |
1450 | 1345 | ||
1451 | static void camellia_decrypt256(const u32 *subkey, __be32 *io_text) | 1346 | static void camellia_decrypt256(const u32 *subkey, u32 *io_text) |
1452 | { | 1347 | { |
1453 | u32 il,ir,t0,t1; /* temporary valiables */ | 1348 | u32 il,ir,t0,t1; /* temporary variables */ |
1454 | 1349 | ||
1455 | u32 io[4]; | 1350 | u32 io[4]; |
1456 | 1351 | ||
1457 | io[0] = be32_to_cpu(io_text[0]); | ||
1458 | io[1] = be32_to_cpu(io_text[1]); | ||
1459 | io[2] = be32_to_cpu(io_text[2]); | ||
1460 | io[3] = be32_to_cpu(io_text[3]); | ||
1461 | |||
1462 | /* pre whitening but absorb kw2 */ | 1352 | /* pre whitening but absorb kw2 */ |
1463 | io[0] ^= CAMELLIA_SUBKEY_L(32); | 1353 | io[0] = io_text[0] ^ SUBKEY_L(32); |
1464 | io[1] ^= CAMELLIA_SUBKEY_R(32); | 1354 | io[1] = io_text[1] ^ SUBKEY_R(32); |
1355 | io[2] = io_text[2]; | ||
1356 | io[3] = io_text[3]; | ||
1465 | 1357 | ||
1466 | /* main iteration */ | 1358 | /* main iteration */ |
1467 | CAMELLIA_ROUNDSM(io[0],io[1], | 1359 | CAMELLIA_ROUNDSM(io[0],io[1], |
1468 | CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31), | 1360 | SUBKEY_L(31),SUBKEY_R(31), |
1469 | io[2],io[3],il,ir,t0,t1); | 1361 | io[2],io[3],il,ir,t0,t1); |
1470 | CAMELLIA_ROUNDSM(io[2],io[3], | 1362 | CAMELLIA_ROUNDSM(io[2],io[3], |
1471 | CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30), | 1363 | SUBKEY_L(30),SUBKEY_R(30), |
1472 | io[0],io[1],il,ir,t0,t1); | 1364 | io[0],io[1],il,ir,t0,t1); |
1473 | CAMELLIA_ROUNDSM(io[0],io[1], | 1365 | CAMELLIA_ROUNDSM(io[0],io[1], |
1474 | CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29), | 1366 | SUBKEY_L(29),SUBKEY_R(29), |
1475 | io[2],io[3],il,ir,t0,t1); | 1367 | io[2],io[3],il,ir,t0,t1); |
1476 | CAMELLIA_ROUNDSM(io[2],io[3], | 1368 | CAMELLIA_ROUNDSM(io[2],io[3], |
1477 | CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28), | 1369 | SUBKEY_L(28),SUBKEY_R(28), |
1478 | io[0],io[1],il,ir,t0,t1); | 1370 | io[0],io[1],il,ir,t0,t1); |
1479 | CAMELLIA_ROUNDSM(io[0],io[1], | 1371 | CAMELLIA_ROUNDSM(io[0],io[1], |
1480 | CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27), | 1372 | SUBKEY_L(27),SUBKEY_R(27), |
1481 | io[2],io[3],il,ir,t0,t1); | 1373 | io[2],io[3],il,ir,t0,t1); |
1482 | CAMELLIA_ROUNDSM(io[2],io[3], | 1374 | CAMELLIA_ROUNDSM(io[2],io[3], |
1483 | CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26), | 1375 | SUBKEY_L(26),SUBKEY_R(26), |
1484 | io[0],io[1],il,ir,t0,t1); | 1376 | io[0],io[1],il,ir,t0,t1); |
1485 | 1377 | ||
1486 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1378 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1487 | CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25), | 1379 | SUBKEY_L(25),SUBKEY_R(25), |
1488 | CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24), | 1380 | SUBKEY_L(24),SUBKEY_R(24), |
1489 | t0,t1,il,ir); | 1381 | t0,t1,il,ir); |
1490 | 1382 | ||
1491 | CAMELLIA_ROUNDSM(io[0],io[1], | 1383 | CAMELLIA_ROUNDSM(io[0],io[1], |
1492 | CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23), | 1384 | SUBKEY_L(23),SUBKEY_R(23), |
1493 | io[2],io[3],il,ir,t0,t1); | 1385 | io[2],io[3],il,ir,t0,t1); |
1494 | CAMELLIA_ROUNDSM(io[2],io[3], | 1386 | CAMELLIA_ROUNDSM(io[2],io[3], |
1495 | CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22), | 1387 | SUBKEY_L(22),SUBKEY_R(22), |
1496 | io[0],io[1],il,ir,t0,t1); | 1388 | io[0],io[1],il,ir,t0,t1); |
1497 | CAMELLIA_ROUNDSM(io[0],io[1], | 1389 | CAMELLIA_ROUNDSM(io[0],io[1], |
1498 | CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21), | 1390 | SUBKEY_L(21),SUBKEY_R(21), |
1499 | io[2],io[3],il,ir,t0,t1); | 1391 | io[2],io[3],il,ir,t0,t1); |
1500 | CAMELLIA_ROUNDSM(io[2],io[3], | 1392 | CAMELLIA_ROUNDSM(io[2],io[3], |
1501 | CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20), | 1393 | SUBKEY_L(20),SUBKEY_R(20), |
1502 | io[0],io[1],il,ir,t0,t1); | 1394 | io[0],io[1],il,ir,t0,t1); |
1503 | CAMELLIA_ROUNDSM(io[0],io[1], | 1395 | CAMELLIA_ROUNDSM(io[0],io[1], |
1504 | CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19), | 1396 | SUBKEY_L(19),SUBKEY_R(19), |
1505 | io[2],io[3],il,ir,t0,t1); | 1397 | io[2],io[3],il,ir,t0,t1); |
1506 | CAMELLIA_ROUNDSM(io[2],io[3], | 1398 | CAMELLIA_ROUNDSM(io[2],io[3], |
1507 | CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18), | 1399 | SUBKEY_L(18),SUBKEY_R(18), |
1508 | io[0],io[1],il,ir,t0,t1); | 1400 | io[0],io[1],il,ir,t0,t1); |
1509 | 1401 | ||
1510 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1402 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1511 | CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17), | 1403 | SUBKEY_L(17),SUBKEY_R(17), |
1512 | CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16), | 1404 | SUBKEY_L(16),SUBKEY_R(16), |
1513 | t0,t1,il,ir); | 1405 | t0,t1,il,ir); |
1514 | 1406 | ||
1515 | CAMELLIA_ROUNDSM(io[0],io[1], | 1407 | CAMELLIA_ROUNDSM(io[0],io[1], |
1516 | CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15), | 1408 | SUBKEY_L(15),SUBKEY_R(15), |
1517 | io[2],io[3],il,ir,t0,t1); | 1409 | io[2],io[3],il,ir,t0,t1); |
1518 | CAMELLIA_ROUNDSM(io[2],io[3], | 1410 | CAMELLIA_ROUNDSM(io[2],io[3], |
1519 | CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14), | 1411 | SUBKEY_L(14),SUBKEY_R(14), |
1520 | io[0],io[1],il,ir,t0,t1); | 1412 | io[0],io[1],il,ir,t0,t1); |
1521 | CAMELLIA_ROUNDSM(io[0],io[1], | 1413 | CAMELLIA_ROUNDSM(io[0],io[1], |
1522 | CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13), | 1414 | SUBKEY_L(13),SUBKEY_R(13), |
1523 | io[2],io[3],il,ir,t0,t1); | 1415 | io[2],io[3],il,ir,t0,t1); |
1524 | CAMELLIA_ROUNDSM(io[2],io[3], | 1416 | CAMELLIA_ROUNDSM(io[2],io[3], |
1525 | CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12), | 1417 | SUBKEY_L(12),SUBKEY_R(12), |
1526 | io[0],io[1],il,ir,t0,t1); | 1418 | io[0],io[1],il,ir,t0,t1); |
1527 | CAMELLIA_ROUNDSM(io[0],io[1], | 1419 | CAMELLIA_ROUNDSM(io[0],io[1], |
1528 | CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11), | 1420 | SUBKEY_L(11),SUBKEY_R(11), |
1529 | io[2],io[3],il,ir,t0,t1); | 1421 | io[2],io[3],il,ir,t0,t1); |
1530 | CAMELLIA_ROUNDSM(io[2],io[3], | 1422 | CAMELLIA_ROUNDSM(io[2],io[3], |
1531 | CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10), | 1423 | SUBKEY_L(10),SUBKEY_R(10), |
1532 | io[0],io[1],il,ir,t0,t1); | 1424 | io[0],io[1],il,ir,t0,t1); |
1533 | 1425 | ||
1534 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], | 1426 | CAMELLIA_FLS(io[0],io[1],io[2],io[3], |
1535 | CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9), | 1427 | SUBKEY_L(9),SUBKEY_R(9), |
1536 | CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8), | 1428 | SUBKEY_L(8),SUBKEY_R(8), |
1537 | t0,t1,il,ir); | 1429 | t0,t1,il,ir); |
1538 | 1430 | ||
1539 | CAMELLIA_ROUNDSM(io[0],io[1], | 1431 | CAMELLIA_ROUNDSM(io[0],io[1], |
1540 | CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7), | 1432 | SUBKEY_L(7),SUBKEY_R(7), |
1541 | io[2],io[3],il,ir,t0,t1); | 1433 | io[2],io[3],il,ir,t0,t1); |
1542 | CAMELLIA_ROUNDSM(io[2],io[3], | 1434 | CAMELLIA_ROUNDSM(io[2],io[3], |
1543 | CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6), | 1435 | SUBKEY_L(6),SUBKEY_R(6), |
1544 | io[0],io[1],il,ir,t0,t1); | 1436 | io[0],io[1],il,ir,t0,t1); |
1545 | CAMELLIA_ROUNDSM(io[0],io[1], | 1437 | CAMELLIA_ROUNDSM(io[0],io[1], |
1546 | CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5), | 1438 | SUBKEY_L(5),SUBKEY_R(5), |
1547 | io[2],io[3],il,ir,t0,t1); | 1439 | io[2],io[3],il,ir,t0,t1); |
1548 | CAMELLIA_ROUNDSM(io[2],io[3], | 1440 | CAMELLIA_ROUNDSM(io[2],io[3], |
1549 | CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4), | 1441 | SUBKEY_L(4),SUBKEY_R(4), |
1550 | io[0],io[1],il,ir,t0,t1); | 1442 | io[0],io[1],il,ir,t0,t1); |
1551 | CAMELLIA_ROUNDSM(io[0],io[1], | 1443 | CAMELLIA_ROUNDSM(io[0],io[1], |
1552 | CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3), | 1444 | SUBKEY_L(3),SUBKEY_R(3), |
1553 | io[2],io[3],il,ir,t0,t1); | 1445 | io[2],io[3],il,ir,t0,t1); |
1554 | CAMELLIA_ROUNDSM(io[2],io[3], | 1446 | CAMELLIA_ROUNDSM(io[2],io[3], |
1555 | CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2), | 1447 | SUBKEY_L(2),SUBKEY_R(2), |
1556 | io[0],io[1],il,ir,t0,t1); | 1448 | io[0],io[1],il,ir,t0,t1); |
1557 | 1449 | ||
1558 | /* post whitening but kw4 */ | 1450 | /* post whitening but kw4 */ |
1559 | io[2] ^= CAMELLIA_SUBKEY_L(0); | 1451 | io_text[0] = io[2] ^ SUBKEY_L(0); |
1560 | io[3] ^= CAMELLIA_SUBKEY_R(0); | 1452 | io_text[1] = io[3] ^ SUBKEY_R(0); |
1561 | 1453 | io_text[2] = io[0]; | |
1562 | io_text[0] = cpu_to_be32(io[2]); | 1454 | io_text[3] = io[1]; |
1563 | io_text[1] = cpu_to_be32(io[3]); | ||
1564 | io_text[2] = cpu_to_be32(io[0]); | ||
1565 | io_text[3] = cpu_to_be32(io[1]); | ||
1566 | } | 1455 | } |
1567 | 1456 | ||
1568 | 1457 | ||
@@ -1607,9 +1496,12 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1607 | const __be32 *src = (const __be32 *)in; | 1496 | const __be32 *src = (const __be32 *)in; |
1608 | __be32 *dst = (__be32 *)out; | 1497 | __be32 *dst = (__be32 *)out; |
1609 | 1498 | ||
1610 | __be32 tmp[4]; | 1499 | u32 tmp[4]; |
1611 | 1500 | ||
1612 | memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); | 1501 | tmp[0] = be32_to_cpu(src[0]); |
1502 | tmp[1] = be32_to_cpu(src[1]); | ||
1503 | tmp[2] = be32_to_cpu(src[2]); | ||
1504 | tmp[3] = be32_to_cpu(src[3]); | ||
1613 | 1505 | ||
1614 | switch (cctx->key_length) { | 1506 | switch (cctx->key_length) { |
1615 | case 16: | 1507 | case 16: |
@@ -1622,7 +1514,10 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1622 | break; | 1514 | break; |
1623 | } | 1515 | } |
1624 | 1516 | ||
1625 | memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); | 1517 | dst[0] = cpu_to_be32(tmp[0]); |
1518 | dst[1] = cpu_to_be32(tmp[1]); | ||
1519 | dst[2] = cpu_to_be32(tmp[2]); | ||
1520 | dst[3] = cpu_to_be32(tmp[3]); | ||
1626 | } | 1521 | } |
1627 | 1522 | ||
1628 | static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | 1523 | static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
@@ -1631,9 +1526,12 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1631 | const __be32 *src = (const __be32 *)in; | 1526 | const __be32 *src = (const __be32 *)in; |
1632 | __be32 *dst = (__be32 *)out; | 1527 | __be32 *dst = (__be32 *)out; |
1633 | 1528 | ||
1634 | __be32 tmp[4]; | 1529 | u32 tmp[4]; |
1635 | 1530 | ||
1636 | memcpy(tmp, src, CAMELLIA_BLOCK_SIZE); | 1531 | tmp[0] = be32_to_cpu(src[0]); |
1532 | tmp[1] = be32_to_cpu(src[1]); | ||
1533 | tmp[2] = be32_to_cpu(src[2]); | ||
1534 | tmp[3] = be32_to_cpu(src[3]); | ||
1637 | 1535 | ||
1638 | switch (cctx->key_length) { | 1536 | switch (cctx->key_length) { |
1639 | case 16: | 1537 | case 16: |
@@ -1646,7 +1544,10 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1646 | break; | 1544 | break; |
1647 | } | 1545 | } |
1648 | 1546 | ||
1649 | memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE); | 1547 | dst[0] = cpu_to_be32(tmp[0]); |
1548 | dst[1] = cpu_to_be32(tmp[1]); | ||
1549 | dst[2] = cpu_to_be32(tmp[2]); | ||
1550 | dst[3] = cpu_to_be32(tmp[3]); | ||
1650 | } | 1551 | } |
1651 | 1552 | ||
1652 | static struct crypto_alg camellia_alg = { | 1553 | static struct crypto_alg camellia_alg = { |