1 /* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
2 /* ====================================================================
3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
6 * Intellectual Property information for Camellia:
7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
9 * News Release for Announcement of Camellia open source:
10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html
12 * The Camellia Code included herein is developed by
13 * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
14 * to the OpenSSL project.
16 * The Camellia Code is licensed pursuant to the OpenSSL open source
17 * license provided below.
19 /* ====================================================================
20 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the above copyright
27 * notice, this list of conditions and the following disclaimer.
29 * 2. Redistributions in binary form must reproduce the above copyright
30 * notice, this list of conditions and the following disclaimer in
31 * the documentation and/or other materials provided with the
34 * 3. All advertising materials mentioning features or use of this
35 * software must display the following acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
39 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
40 * endorse or promote products derived from this software without
41 * prior written permission. For written permission, please contact
42 * openssl-core@openssl.org.
44 * 5. Products derived from this software may not be called "OpenSSL"
45 * nor may "OpenSSL" appear in their names without prior written
46 * permission of the OpenSSL Project.
48 * 6. Redistributions of any form whatsoever must retain the following
50 * "This product includes software developed by the OpenSSL Project
51 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
53 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
57 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64 * OF THE POSSIBILITY OF SUCH DAMAGE.
65 * ====================================================================
69 * Algorithm Specification
70 * http://info.isl.llia/specicrypt/eng/camellia/specifications.html
77 #include "cmll_locl.h"
80 #define CAMELLIA_SIGMA1L (0xA09E667FL)
81 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
82 #define CAMELLIA_SIGMA2L (0xB67AE858L)
83 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
84 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
85 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
86 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
87 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
88 #define CAMELLIA_SIGMA5L (0x10E527FAL)
89 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
90 #define CAMELLIA_SIGMA6L (0xB05688C2L)
91 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
97 /* e is pointer of subkey */
98 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
99 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
101 /* rotation right shift 1byte */
102 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
103 /* rotation left shift 1bit */
104 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
105 /* rotation left shift 1byte */
106 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
108 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
112 ll = (ll << bits) + (lr >> (32 - bits)); \
113 lr = (lr << bits) + (rl >> (32 - bits)); \
114 rl = (rl << bits) + (rr >> (32 - bits)); \
115 rr = (rr << bits) + (w0 >> (32 - bits)); \
118 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
123 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
124 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
125 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
126 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
129 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
130 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
131 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
132 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
134 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
141 yl = CAMELLIA_SP1110(ir & 0xff) \
142 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
143 ^ CAMELLIA_SP3033(t1 & 0xff) \
144 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
145 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
146 ^ CAMELLIA_SP0222(t0 & 0xff) \
147 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
148 ^ CAMELLIA_SP4404(il & 0xff); \
150 yr = CAMELLIA_RR8(yr); \
158 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
163 lr ^= CAMELLIA_RL1(t0); \
173 rr ^= CAMELLIA_RL1(t3); \
176 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
183 ir = CAMELLIA_SP1110(ir & 0xff) \
184 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
185 ^ CAMELLIA_SP3033(t1 & 0xff) \
186 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
187 il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
188 ^ CAMELLIA_SP0222(t0 & 0xff) \
189 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
190 ^ CAMELLIA_SP4404(il & 0xff); \
194 il = CAMELLIA_RR8(il); \
200 static const u32 camellia_sp1110[256] = {
201 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
202 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
203 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
204 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
205 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
206 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
207 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
208 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
209 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
210 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
211 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
212 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
213 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
214 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
215 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
216 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
217 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
218 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
219 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
220 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
221 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
222 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
223 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
224 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
225 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
226 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
227 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
228 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
229 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
230 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
231 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
232 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
233 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
234 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
235 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
236 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
237 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
238 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
239 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
240 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
241 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
242 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
243 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
244 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
245 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
246 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
247 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
248 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
249 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
250 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
251 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
252 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
253 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
254 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
255 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
256 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
257 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
258 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
259 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
260 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
261 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
262 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
263 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
264 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
267 static const u32 camellia_sp0222[256] = {
268 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
269 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
270 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
271 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
272 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
273 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
274 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
275 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
276 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
277 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
278 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
279 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
280 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
281 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
282 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
283 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
284 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
285 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
286 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
287 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
288 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
289 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
290 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
291 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
292 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
293 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
294 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
295 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
296 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
297 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
298 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
299 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
300 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
301 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
302 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
303 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
304 0x00202020, 0x00898989, 0x00000000, 0x00909090,
305 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
306 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
307 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
308 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
309 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
310 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
311 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
312 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
313 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
314 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
315 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
316 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
317 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
318 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
319 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
320 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
321 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
322 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
323 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
324 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
325 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
326 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
327 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
328 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
329 0x00777777, 0x00939393, 0x00868686, 0x00838383,
330 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
331 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
334 static const u32 camellia_sp3033[256] = {
335 0x38003838, 0x41004141, 0x16001616, 0x76007676,
336 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
337 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
338 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
339 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
340 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
341 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
342 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
343 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
344 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
345 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
346 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
347 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
348 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
349 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
350 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
351 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
352 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
353 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
354 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
355 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
356 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
357 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
358 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
359 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
360 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
361 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
362 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
363 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
364 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
365 0x12001212, 0x04000404, 0x74007474, 0x54005454,
366 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
367 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
368 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
369 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
370 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
371 0x08000808, 0x62006262, 0x00000000, 0x24002424,
372 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
373 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
374 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
375 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
376 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
377 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
378 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
379 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
380 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
381 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
382 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
383 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
384 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
385 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
386 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
387 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
388 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
389 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
390 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
391 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
392 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
393 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
394 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
395 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
396 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
397 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
398 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
401 static const u32 camellia_sp4404[256] = {
402 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
403 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
404 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
405 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
406 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
407 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
408 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
409 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
410 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
411 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
412 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
413 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
414 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
415 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
416 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
417 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
418 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
419 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
420 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
421 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
422 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
423 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
424 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
425 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
426 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
427 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
428 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
429 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
430 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
431 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
432 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
433 0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
434 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
435 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
436 0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
437 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
438 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
439 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
440 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
441 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
442 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
443 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
444 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
445 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
446 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
447 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
448 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
449 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
450 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
451 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
452 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
453 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
454 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
455 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
456 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
457 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
458 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
459 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
460 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
461 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
462 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
463 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
464 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
465 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
469 * Stuff related to the Camellia key schedule
471 #define subl(x) subL[(x)]
472 #define subr(x) subR[(x)]
474 void camellia_setup128(const u8 *key, u32 *subkey)
476 u32 kll, klr, krl, krr;
477 u32 il, ir, t0, t1, w0, w1;
478 u32 kw4l, kw4r, dw, tl, tr;
483 * k == kll || klr || krl || krr (|| is concatination)
486 klr = GETU32(key + 4);
487 krl = GETU32(key + 8);
488 krr = GETU32(key + 12);
490 * generate KL dependent subkeys
498 /* rotation left shift 15bit */
499 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
506 /* rotation left shift 15+30bit */
507 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
514 /* rotation left shift 15+30+15bit */
515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
519 /* rotation left shift 15+30+15+17 bit */
520 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
527 /* rotation left shift 15+30+15+17+17 bit */
528 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
535 /* rotation left shift 15+30+15+17+17+17 bit */
536 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
550 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, w0, w1, il, ir, t0, t1);
554 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kll, klr, il, ir, t0, t1);
555 /* current status == (kll, klr, w0, w1) */
557 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, krl, krr, il, ir, t0, t1);
561 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, w0, w1, il, ir, t0, t1);
565 /* generate KA dependent subkeys */
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
577 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
583 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
587 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
593 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
599 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
606 /* absorb kw2 to other subkeys */
616 subl(1) ^= subr(1) & ~subr(9);
617 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
628 subl(1) ^= subr(1) & ~subr(17);
629 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
644 /* absorb kw4 to other subkeys */
656 kw4l ^= kw4r & ~subr(16);
657 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
667 kw4l ^= kw4r & ~subr(8);
668 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
682 /* key XOR is end of F-function */
683 CamelliaSubkeyL(0) = subl(0) ^ subl(2); /* kw1 */
684 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
685 CamelliaSubkeyL(2) = subl(3); /* round 1 */
686 CamelliaSubkeyR(2) = subr(3);
687 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
688 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
689 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
690 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
691 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
692 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
693 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
694 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
695 tl = subl(10) ^ (subr(10) & ~subr(8));
696 dw = tl & subl(8), /* FL(kl1) */
697 tr = subr(10) ^ CAMELLIA_RL1(dw);
698 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
699 CamelliaSubkeyR(7) = subr(6) ^ tr;
700 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
701 CamelliaSubkeyR(8) = subr(8);
702 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
703 CamelliaSubkeyR(9) = subr(9);
704 tl = subl(7) ^ (subr(7) & ~subr(9));
705 dw = tl & subl(9), /* FLinv(kl2) */
706 tr = subr(7) ^ CAMELLIA_RL1(dw);
707 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
708 CamelliaSubkeyR(10) = tr ^ subr(11);
709 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
710 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
711 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
712 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
713 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
714 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
715 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
716 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
717 tl = subl(18) ^ (subr(18) & ~subr(16));
718 dw = tl & subl(16), /* FL(kl3) */
719 tr = subr(18) ^ CAMELLIA_RL1(dw);
720 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
721 CamelliaSubkeyR(15) = subr(14) ^ tr;
722 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
723 CamelliaSubkeyR(16) = subr(16);
724 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
725 CamelliaSubkeyR(17) = subr(17);
726 tl = subl(15) ^ (subr(15) & ~subr(17));
727 dw = tl & subl(17), /* FLinv(kl4) */
728 tr = subr(15) ^ CAMELLIA_RL1(dw);
729 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
730 CamelliaSubkeyR(18) = tr ^ subr(19);
731 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
732 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
733 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
734 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
735 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
736 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
737 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
738 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
739 CamelliaSubkeyL(23) = subl(22); /* round 18 */
740 CamelliaSubkeyR(23) = subr(22);
741 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
742 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
744 /* apply the inverse of the last half of P-function */
746 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
747 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
749 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
750 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
752 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
753 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
755 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
756 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
758 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
759 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
761 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
762 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
764 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
765 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
767 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
768 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
770 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
771 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
773 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
774 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
776 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
777 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
779 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
780 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
782 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
783 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
785 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
786 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
788 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
789 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
791 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
792 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
794 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
795 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
797 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
798 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
803 void camellia_setup256(const u8 *key, u32 *subkey)
805 u32 kll, klr, krl, krr; /* left half of key */
806 u32 krll, krlr, krrl, krrr; /* right half of key */
807 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
808 u32 kw4l, kw4r, dw, tl, tr;
813 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
814 * (|| is concatination)
818 klr = GETU32(key + 4);
819 krl = GETU32(key + 8);
820 krr = GETU32(key + 12);
821 krll = GETU32(key + 16);
822 krlr = GETU32(key + 20);
823 krrl = GETU32(key + 24);
824 krrr = GETU32(key + 28);
826 /* generate KL dependent subkeys */
833 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
840 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
847 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
854 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
862 /* generate KR dependent subkeys */
863 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
870 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
877 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
884 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
891 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
894 kll = subl(0) ^ krll;
895 klr = subr(0) ^ krlr;
896 krl = subl(1) ^ krrl;
897 krr = subr(1) ^ krrr;
899 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, w0, w1, il, ir, t0, t1);
903 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kll, klr, il, ir, t0, t1);
907 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, krl, krr, il, ir, t0, t1);
911 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, w0, w1, il, ir, t0, t1);
920 CAMELLIA_F(krll, krlr,
921 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, w0, w1, il, ir, t0, t1);
924 CAMELLIA_F(krrl, krrr,
925 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, w0, w1, il, ir, t0, t1);
929 /* generate KA dependent subkeys */
930 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
937 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
944 /* rotation left shift 32bit */
951 /* rotation left shift 49 from k11,k12 -> k21,k22 */
952 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
960 /* generate KB dependent subkeys */
967 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
974 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
981 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
989 /* absorb kw2 to other subkeys */
999 subl(1) ^= subr(1) & ~subr(9);
1000 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
1003 subl(11) ^= subl(1);
1004 subr(11) ^= subr(1);
1006 subl(13) ^= subl(1);
1007 subr(13) ^= subr(1);
1009 subl(15) ^= subl(1);
1010 subr(15) ^= subr(1);
1011 subl(1) ^= subr(1) & ~subr(17);
1012 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
1015 subl(19) ^= subl(1);
1016 subr(19) ^= subr(1);
1018 subl(21) ^= subl(1);
1019 subr(21) ^= subr(1);
1021 subl(23) ^= subl(1);
1022 subr(23) ^= subr(1);
1023 subl(1) ^= subr(1) & ~subr(25);
1024 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
1027 subl(27) ^= subl(1);
1028 subr(27) ^= subr(1);
1030 subl(29) ^= subl(1);
1031 subr(29) ^= subr(1);
1033 subl(31) ^= subl(1);
1034 subr(31) ^= subr(1);
1036 subl(32) ^= subl(1);
1037 subr(32) ^= subr(1);
1039 /* absorb kw4 to other subkeys */
1051 kw4l ^= kw4r & ~subr(24);
1052 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
1062 kw4l ^= kw4r & ~subr(16);
1063 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
1073 kw4l ^= kw4r & ~subr(8);
1074 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
1088 /* key XOR is end of F-function */
1089 CamelliaSubkeyL(0) = subl(0) ^ subl(2); /* kw1 */
1090 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
1091 CamelliaSubkeyL(2) = subl(3); /* round 1 */
1092 CamelliaSubkeyR(2) = subr(3);
1093 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
1094 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
1095 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
1096 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
1097 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
1098 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
1099 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
1100 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
1101 tl = subl(10) ^ (subr(10) & ~subr(8));
1102 dw = tl & subl(8), /* FL(kl1) */
1103 tr = subr(10) ^ CAMELLIA_RL1(dw);
1104 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
1105 CamelliaSubkeyR(7) = subr(6) ^ tr;
1106 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
1107 CamelliaSubkeyR(8) = subr(8);
1108 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
1109 CamelliaSubkeyR(9) = subr(9);
1110 tl = subl(7) ^ (subr(7) & ~subr(9));
1111 dw = tl & subl(9), /* FLinv(kl2) */
1112 tr = subr(7) ^ CAMELLIA_RL1(dw);
1113 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
1114 CamelliaSubkeyR(10) = tr ^ subr(11);
1115 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
1116 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
1117 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
1118 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
1119 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
1120 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
1121 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
1122 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
1123 tl = subl(18) ^ (subr(18) & ~subr(16));
1124 dw = tl & subl(16), /* FL(kl3) */
1125 tr = subr(18) ^ CAMELLIA_RL1(dw);
1126 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
1127 CamelliaSubkeyR(15) = subr(14) ^ tr;
1128 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
1129 CamelliaSubkeyR(16) = subr(16);
1130 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
1131 CamelliaSubkeyR(17) = subr(17);
1132 tl = subl(15) ^ (subr(15) & ~subr(17));
1133 dw = tl & subl(17), /* FLinv(kl4) */
1134 tr = subr(15) ^ CAMELLIA_RL1(dw);
1135 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
1136 CamelliaSubkeyR(18) = tr ^ subr(19);
1137 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
1138 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
1139 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
1140 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
1141 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
1142 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
1143 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
1144 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
1145 tl = subl(26) ^ (subr(26)
1147 dw = tl & subl(24), /* FL(kl5) */
1148 tr = subr(26) ^ CAMELLIA_RL1(dw);
1149 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
1150 CamelliaSubkeyR(23) = subr(22) ^ tr;
1151 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
1152 CamelliaSubkeyR(24) = subr(24);
1153 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
1154 CamelliaSubkeyR(25) = subr(25);
1155 tl = subl(23) ^ (subr(23) & ~subr(25));
1156 dw = tl & subl(25), /* FLinv(kl6) */
1157 tr = subr(23) ^ CAMELLIA_RL1(dw);
1158 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
1159 CamelliaSubkeyR(26) = tr ^ subr(27);
1160 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
1161 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
1162 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
1163 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
1164 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
1165 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
1166 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
1167 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
1168 CamelliaSubkeyL(31) = subl(30); /* round 24 */
1169 CamelliaSubkeyR(31) = subr(30);
1170 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
1171 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
1173 /* apply the inverse of the last half of P-function */
1175 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
1176 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
1178 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
1179 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
1181 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
1182 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
1184 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
1185 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
1187 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
1188 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
1190 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
1191 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
1193 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
1194 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
1196 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
1197 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
1199 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
1200 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
1202 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
1203 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
1205 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
1206 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
1208 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
1209 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
1211 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
1212 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
1214 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
1215 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
1217 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
1218 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
1220 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
1221 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
1223 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
1224 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
1226 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
1227 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
1229 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
1230 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
1232 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
1233 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
1235 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
1236 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
1238 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
1239 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
1241 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
1242 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
1244 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
1245 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, CamelliaSubkeyL(31) = dw;
1250 void camellia_setup192(const u8 *key, u32 *subkey)
1253 u32 krll, krlr, krrl, krrr;
1255 memcpy(kk, key, 24);
1256 memcpy((u8 *)&krll, key + 16, 4);
1257 memcpy((u8 *)&krlr, key + 20, 4);
1260 memcpy(kk + 24, (u8 *)&krrl, 4);
1261 memcpy(kk + 28, (u8 *)&krrr, 4);
1262 camellia_setup256(kk, subkey);
1267 * Stuff related to camellia encryption/decryption
1269 void camellia_encrypt128(const u32 *subkey, u32 *io)
1273 /* pre whitening but absorb kw2 */
1274 io[0] ^= CamelliaSubkeyL(0);
1275 io[1] ^= CamelliaSubkeyR(0);
1276 /* main iteration */
1278 CAMELLIA_ROUNDSM(io[0], io[1],
1279 CamelliaSubkeyL(2), CamelliaSubkeyR(2),
1280 io[2], io[3], il, ir, t0, t1);
1281 CAMELLIA_ROUNDSM(io[2], io[3],
1282 CamelliaSubkeyL(3), CamelliaSubkeyR(3),
1283 io[0], io[1], il, ir, t0, t1);
1284 CAMELLIA_ROUNDSM(io[0], io[1],
1285 CamelliaSubkeyL(4), CamelliaSubkeyR(4),
1286 io[2], io[3], il, ir, t0, t1);
1287 CAMELLIA_ROUNDSM(io[2], io[3],
1288 CamelliaSubkeyL(5), CamelliaSubkeyR(5),
1289 io[0], io[1], il, ir, t0, t1);
1290 CAMELLIA_ROUNDSM(io[0], io[1],
1291 CamelliaSubkeyL(6), CamelliaSubkeyR(6),
1292 io[2], io[3], il, ir, t0, t1);
1293 CAMELLIA_ROUNDSM(io[2], io[3],
1294 CamelliaSubkeyL(7), CamelliaSubkeyR(7),
1295 io[0], io[1], il, ir, t0, t1);
1297 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1298 CamelliaSubkeyL(8), CamelliaSubkeyR(8),
1299 CamelliaSubkeyL(9), CamelliaSubkeyR(9), t0, t1, il, ir);
1301 CAMELLIA_ROUNDSM(io[0], io[1],
1302 CamelliaSubkeyL(10), CamelliaSubkeyR(10),
1303 io[2], io[3], il, ir, t0, t1);
1304 CAMELLIA_ROUNDSM(io[2], io[3],
1305 CamelliaSubkeyL(11), CamelliaSubkeyR(11),
1306 io[0], io[1], il, ir, t0, t1);
1307 CAMELLIA_ROUNDSM(io[0], io[1],
1308 CamelliaSubkeyL(12), CamelliaSubkeyR(12),
1309 io[2], io[3], il, ir, t0, t1);
1310 CAMELLIA_ROUNDSM(io[2], io[3],
1311 CamelliaSubkeyL(13), CamelliaSubkeyR(13),
1312 io[0], io[1], il, ir, t0, t1);
1313 CAMELLIA_ROUNDSM(io[0], io[1],
1314 CamelliaSubkeyL(14), CamelliaSubkeyR(14),
1315 io[2], io[3], il, ir, t0, t1);
1316 CAMELLIA_ROUNDSM(io[2], io[3],
1317 CamelliaSubkeyL(15), CamelliaSubkeyR(15),
1318 io[0], io[1], il, ir, t0, t1);
1320 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1321 CamelliaSubkeyL(16), CamelliaSubkeyR(16),
1322 CamelliaSubkeyL(17), CamelliaSubkeyR(17), t0, t1, il, ir);
1324 CAMELLIA_ROUNDSM(io[0], io[1],
1325 CamelliaSubkeyL(18), CamelliaSubkeyR(18),
1326 io[2], io[3], il, ir, t0, t1);
1327 CAMELLIA_ROUNDSM(io[2], io[3],
1328 CamelliaSubkeyL(19), CamelliaSubkeyR(19),
1329 io[0], io[1], il, ir, t0, t1);
1330 CAMELLIA_ROUNDSM(io[0], io[1],
1331 CamelliaSubkeyL(20), CamelliaSubkeyR(20),
1332 io[2], io[3], il, ir, t0, t1);
1333 CAMELLIA_ROUNDSM(io[2], io[3],
1334 CamelliaSubkeyL(21), CamelliaSubkeyR(21),
1335 io[0], io[1], il, ir, t0, t1);
1336 CAMELLIA_ROUNDSM(io[0], io[1],
1337 CamelliaSubkeyL(22), CamelliaSubkeyR(22),
1338 io[2], io[3], il, ir, t0, t1);
1339 CAMELLIA_ROUNDSM(io[2], io[3],
1340 CamelliaSubkeyL(23), CamelliaSubkeyR(23),
1341 io[0], io[1], il, ir, t0, t1);
1343 /* post whitening but kw4 */
1344 io[2] ^= CamelliaSubkeyL(24);
1345 io[3] ^= CamelliaSubkeyR(24);
1357 void camellia_decrypt128(const u32 *subkey, u32 *io)
1359 u32 il, ir, t0, t1; /* temporary valiables */
1361 /* pre whitening but absorb kw2 */
1362 io[0] ^= CamelliaSubkeyL(24);
1363 io[1] ^= CamelliaSubkeyR(24);
1365 /* main iteration */
1366 CAMELLIA_ROUNDSM(io[0], io[1],
1367 CamelliaSubkeyL(23), CamelliaSubkeyR(23),
1368 io[2], io[3], il, ir, t0, t1);
1369 CAMELLIA_ROUNDSM(io[2], io[3],
1370 CamelliaSubkeyL(22), CamelliaSubkeyR(22),
1371 io[0], io[1], il, ir, t0, t1);
1372 CAMELLIA_ROUNDSM(io[0], io[1],
1373 CamelliaSubkeyL(21), CamelliaSubkeyR(21),
1374 io[2], io[3], il, ir, t0, t1);
1375 CAMELLIA_ROUNDSM(io[2], io[3],
1376 CamelliaSubkeyL(20), CamelliaSubkeyR(20),
1377 io[0], io[1], il, ir, t0, t1);
1378 CAMELLIA_ROUNDSM(io[0], io[1],
1379 CamelliaSubkeyL(19), CamelliaSubkeyR(19),
1380 io[2], io[3], il, ir, t0, t1);
1381 CAMELLIA_ROUNDSM(io[2], io[3],
1382 CamelliaSubkeyL(18), CamelliaSubkeyR(18),
1383 io[0], io[1], il, ir, t0, t1);
1385 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1386 CamelliaSubkeyL(17), CamelliaSubkeyR(17),
1387 CamelliaSubkeyL(16), CamelliaSubkeyR(16), t0, t1, il, ir);
1389 CAMELLIA_ROUNDSM(io[0], io[1],
1390 CamelliaSubkeyL(15), CamelliaSubkeyR(15),
1391 io[2], io[3], il, ir, t0, t1);
1392 CAMELLIA_ROUNDSM(io[2], io[3],
1393 CamelliaSubkeyL(14), CamelliaSubkeyR(14),
1394 io[0], io[1], il, ir, t0, t1);
1395 CAMELLIA_ROUNDSM(io[0], io[1],
1396 CamelliaSubkeyL(13), CamelliaSubkeyR(13),
1397 io[2], io[3], il, ir, t0, t1);
1398 CAMELLIA_ROUNDSM(io[2], io[3],
1399 CamelliaSubkeyL(12), CamelliaSubkeyR(12),
1400 io[0], io[1], il, ir, t0, t1);
1401 CAMELLIA_ROUNDSM(io[0], io[1],
1402 CamelliaSubkeyL(11), CamelliaSubkeyR(11),
1403 io[2], io[3], il, ir, t0, t1);
1404 CAMELLIA_ROUNDSM(io[2], io[3],
1405 CamelliaSubkeyL(10), CamelliaSubkeyR(10),
1406 io[0], io[1], il, ir, t0, t1);
1408 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1409 CamelliaSubkeyL(9), CamelliaSubkeyR(9),
1410 CamelliaSubkeyL(8), CamelliaSubkeyR(8), t0, t1, il, ir);
1412 CAMELLIA_ROUNDSM(io[0], io[1],
1413 CamelliaSubkeyL(7), CamelliaSubkeyR(7),
1414 io[2], io[3], il, ir, t0, t1);
1415 CAMELLIA_ROUNDSM(io[2], io[3],
1416 CamelliaSubkeyL(6), CamelliaSubkeyR(6),
1417 io[0], io[1], il, ir, t0, t1);
1418 CAMELLIA_ROUNDSM(io[0], io[1],
1419 CamelliaSubkeyL(5), CamelliaSubkeyR(5),
1420 io[2], io[3], il, ir, t0, t1);
1421 CAMELLIA_ROUNDSM(io[2], io[3],
1422 CamelliaSubkeyL(4), CamelliaSubkeyR(4),
1423 io[0], io[1], il, ir, t0, t1);
1424 CAMELLIA_ROUNDSM(io[0], io[1],
1425 CamelliaSubkeyL(3), CamelliaSubkeyR(3),
1426 io[2], io[3], il, ir, t0, t1);
1427 CAMELLIA_ROUNDSM(io[2], io[3],
1428 CamelliaSubkeyL(2), CamelliaSubkeyR(2),
1429 io[0], io[1], il, ir, t0, t1);
1431 /* post whitening but kw4 */
1432 io[2] ^= CamelliaSubkeyL(0);
1433 io[3] ^= CamelliaSubkeyR(0);
1446 * stuff for 192 and 256bit encryption/decryption
1448 void camellia_encrypt256(const u32 *subkey, u32 *io)
1450 u32 il, ir, t0, t1; /* temporary valiables */
1452 /* pre whitening but absorb kw2 */
1453 io[0] ^= CamelliaSubkeyL(0);
1454 io[1] ^= CamelliaSubkeyR(0);
1456 /* main iteration */
1457 CAMELLIA_ROUNDSM(io[0], io[1],
1458 CamelliaSubkeyL(2), CamelliaSubkeyR(2),
1459 io[2], io[3], il, ir, t0, t1);
1460 CAMELLIA_ROUNDSM(io[2], io[3],
1461 CamelliaSubkeyL(3), CamelliaSubkeyR(3),
1462 io[0], io[1], il, ir, t0, t1);
1463 CAMELLIA_ROUNDSM(io[0], io[1],
1464 CamelliaSubkeyL(4), CamelliaSubkeyR(4),
1465 io[2], io[3], il, ir, t0, t1);
1466 CAMELLIA_ROUNDSM(io[2], io[3],
1467 CamelliaSubkeyL(5), CamelliaSubkeyR(5),
1468 io[0], io[1], il, ir, t0, t1);
1469 CAMELLIA_ROUNDSM(io[0], io[1],
1470 CamelliaSubkeyL(6), CamelliaSubkeyR(6),
1471 io[2], io[3], il, ir, t0, t1);
1472 CAMELLIA_ROUNDSM(io[2], io[3],
1473 CamelliaSubkeyL(7), CamelliaSubkeyR(7),
1474 io[0], io[1], il, ir, t0, t1);
1476 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1477 CamelliaSubkeyL(8), CamelliaSubkeyR(8),
1478 CamelliaSubkeyL(9), CamelliaSubkeyR(9), t0, t1, il, ir);
1480 CAMELLIA_ROUNDSM(io[0], io[1],
1481 CamelliaSubkeyL(10), CamelliaSubkeyR(10),
1482 io[2], io[3], il, ir, t0, t1);
1483 CAMELLIA_ROUNDSM(io[2], io[3],
1484 CamelliaSubkeyL(11), CamelliaSubkeyR(11),
1485 io[0], io[1], il, ir, t0, t1);
1486 CAMELLIA_ROUNDSM(io[0], io[1],
1487 CamelliaSubkeyL(12), CamelliaSubkeyR(12),
1488 io[2], io[3], il, ir, t0, t1);
1489 CAMELLIA_ROUNDSM(io[2], io[3],
1490 CamelliaSubkeyL(13), CamelliaSubkeyR(13),
1491 io[0], io[1], il, ir, t0, t1);
1492 CAMELLIA_ROUNDSM(io[0], io[1],
1493 CamelliaSubkeyL(14), CamelliaSubkeyR(14),
1494 io[2], io[3], il, ir, t0, t1);
1495 CAMELLIA_ROUNDSM(io[2], io[3],
1496 CamelliaSubkeyL(15), CamelliaSubkeyR(15),
1497 io[0], io[1], il, ir, t0, t1);
1499 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1500 CamelliaSubkeyL(16), CamelliaSubkeyR(16),
1501 CamelliaSubkeyL(17), CamelliaSubkeyR(17), t0, t1, il, ir);
1503 CAMELLIA_ROUNDSM(io[0], io[1],
1504 CamelliaSubkeyL(18), CamelliaSubkeyR(18),
1505 io[2], io[3], il, ir, t0, t1);
1506 CAMELLIA_ROUNDSM(io[2], io[3],
1507 CamelliaSubkeyL(19), CamelliaSubkeyR(19),
1508 io[0], io[1], il, ir, t0, t1);
1509 CAMELLIA_ROUNDSM(io[0], io[1],
1510 CamelliaSubkeyL(20), CamelliaSubkeyR(20),
1511 io[2], io[3], il, ir, t0, t1);
1512 CAMELLIA_ROUNDSM(io[2], io[3],
1513 CamelliaSubkeyL(21), CamelliaSubkeyR(21),
1514 io[0], io[1], il, ir, t0, t1);
1515 CAMELLIA_ROUNDSM(io[0], io[1],
1516 CamelliaSubkeyL(22), CamelliaSubkeyR(22),
1517 io[2], io[3], il, ir, t0, t1);
1518 CAMELLIA_ROUNDSM(io[2], io[3],
1519 CamelliaSubkeyL(23), CamelliaSubkeyR(23),
1520 io[0], io[1], il, ir, t0, t1);
1522 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1523 CamelliaSubkeyL(24), CamelliaSubkeyR(24),
1524 CamelliaSubkeyL(25), CamelliaSubkeyR(25), t0, t1, il, ir);
1526 CAMELLIA_ROUNDSM(io[0], io[1],
1527 CamelliaSubkeyL(26), CamelliaSubkeyR(26),
1528 io[2], io[3], il, ir, t0, t1);
1529 CAMELLIA_ROUNDSM(io[2], io[3],
1530 CamelliaSubkeyL(27), CamelliaSubkeyR(27),
1531 io[0], io[1], il, ir, t0, t1);
1532 CAMELLIA_ROUNDSM(io[0], io[1],
1533 CamelliaSubkeyL(28), CamelliaSubkeyR(28),
1534 io[2], io[3], il, ir, t0, t1);
1535 CAMELLIA_ROUNDSM(io[2], io[3],
1536 CamelliaSubkeyL(29), CamelliaSubkeyR(29),
1537 io[0], io[1], il, ir, t0, t1);
1538 CAMELLIA_ROUNDSM(io[0], io[1],
1539 CamelliaSubkeyL(30), CamelliaSubkeyR(30),
1540 io[2], io[3], il, ir, t0, t1);
1541 CAMELLIA_ROUNDSM(io[2], io[3],
1542 CamelliaSubkeyL(31), CamelliaSubkeyR(31),
1543 io[0], io[1], il, ir, t0, t1);
1545 /* post whitening but kw4 */
1546 io[2] ^= CamelliaSubkeyL(32);
1547 io[3] ^= CamelliaSubkeyR(32);
1559 void camellia_decrypt256(const u32 *subkey, u32 *io)
1561 u32 il, ir, t0, t1; /* temporary valiables */
1563 /* pre whitening but absorb kw2 */
1564 io[0] ^= CamelliaSubkeyL(32);
1565 io[1] ^= CamelliaSubkeyR(32);
1567 /* main iteration */
1568 CAMELLIA_ROUNDSM(io[0], io[1],
1569 CamelliaSubkeyL(31), CamelliaSubkeyR(31),
1570 io[2], io[3], il, ir, t0, t1);
1571 CAMELLIA_ROUNDSM(io[2], io[3],
1572 CamelliaSubkeyL(30), CamelliaSubkeyR(30),
1573 io[0], io[1], il, ir, t0, t1);
1574 CAMELLIA_ROUNDSM(io[0], io[1],
1575 CamelliaSubkeyL(29), CamelliaSubkeyR(29),
1576 io[2], io[3], il, ir, t0, t1);
1577 CAMELLIA_ROUNDSM(io[2], io[3],
1578 CamelliaSubkeyL(28), CamelliaSubkeyR(28),
1579 io[0], io[1], il, ir, t0, t1);
1580 CAMELLIA_ROUNDSM(io[0], io[1],
1581 CamelliaSubkeyL(27), CamelliaSubkeyR(27),
1582 io[2], io[3], il, ir, t0, t1);
1583 CAMELLIA_ROUNDSM(io[2], io[3],
1584 CamelliaSubkeyL(26), CamelliaSubkeyR(26),
1585 io[0], io[1], il, ir, t0, t1);
1587 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1588 CamelliaSubkeyL(25), CamelliaSubkeyR(25),
1589 CamelliaSubkeyL(24), CamelliaSubkeyR(24), t0, t1, il, ir);
1591 CAMELLIA_ROUNDSM(io[0], io[1],
1592 CamelliaSubkeyL(23), CamelliaSubkeyR(23),
1593 io[2], io[3], il, ir, t0, t1);
1594 CAMELLIA_ROUNDSM(io[2], io[3],
1595 CamelliaSubkeyL(22), CamelliaSubkeyR(22),
1596 io[0], io[1], il, ir, t0, t1);
1597 CAMELLIA_ROUNDSM(io[0], io[1],
1598 CamelliaSubkeyL(21), CamelliaSubkeyR(21),
1599 io[2], io[3], il, ir, t0, t1);
1600 CAMELLIA_ROUNDSM(io[2], io[3],
1601 CamelliaSubkeyL(20), CamelliaSubkeyR(20),
1602 io[0], io[1], il, ir, t0, t1);
1603 CAMELLIA_ROUNDSM(io[0], io[1],
1604 CamelliaSubkeyL(19), CamelliaSubkeyR(19),
1605 io[2], io[3], il, ir, t0, t1);
1606 CAMELLIA_ROUNDSM(io[2], io[3],
1607 CamelliaSubkeyL(18), CamelliaSubkeyR(18),
1608 io[0], io[1], il, ir, t0, t1);
1610 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1611 CamelliaSubkeyL(17), CamelliaSubkeyR(17),
1612 CamelliaSubkeyL(16), CamelliaSubkeyR(16), t0, t1, il, ir);
1614 CAMELLIA_ROUNDSM(io[0], io[1],
1615 CamelliaSubkeyL(15), CamelliaSubkeyR(15),
1616 io[2], io[3], il, ir, t0, t1);
1617 CAMELLIA_ROUNDSM(io[2], io[3],
1618 CamelliaSubkeyL(14), CamelliaSubkeyR(14),
1619 io[0], io[1], il, ir, t0, t1);
1620 CAMELLIA_ROUNDSM(io[0], io[1],
1621 CamelliaSubkeyL(13), CamelliaSubkeyR(13),
1622 io[2], io[3], il, ir, t0, t1);
1623 CAMELLIA_ROUNDSM(io[2], io[3],
1624 CamelliaSubkeyL(12), CamelliaSubkeyR(12),
1625 io[0], io[1], il, ir, t0, t1);
1626 CAMELLIA_ROUNDSM(io[0], io[1],
1627 CamelliaSubkeyL(11), CamelliaSubkeyR(11),
1628 io[2], io[3], il, ir, t0, t1);
1629 CAMELLIA_ROUNDSM(io[2], io[3],
1630 CamelliaSubkeyL(10), CamelliaSubkeyR(10),
1631 io[0], io[1], il, ir, t0, t1);
1633 CAMELLIA_FLS(io[0], io[1], io[2], io[3],
1634 CamelliaSubkeyL(9), CamelliaSubkeyR(9),
1635 CamelliaSubkeyL(8), CamelliaSubkeyR(8), t0, t1, il, ir);
1637 CAMELLIA_ROUNDSM(io[0], io[1],
1638 CamelliaSubkeyL(7), CamelliaSubkeyR(7),
1639 io[2], io[3], il, ir, t0, t1);
1640 CAMELLIA_ROUNDSM(io[2], io[3],
1641 CamelliaSubkeyL(6), CamelliaSubkeyR(6),
1642 io[0], io[1], il, ir, t0, t1);
1643 CAMELLIA_ROUNDSM(io[0], io[1],
1644 CamelliaSubkeyL(5), CamelliaSubkeyR(5),
1645 io[2], io[3], il, ir, t0, t1);
1646 CAMELLIA_ROUNDSM(io[2], io[3],
1647 CamelliaSubkeyL(4), CamelliaSubkeyR(4),
1648 io[0], io[1], il, ir, t0, t1);
1649 CAMELLIA_ROUNDSM(io[0], io[1],
1650 CamelliaSubkeyL(3), CamelliaSubkeyR(3),
1651 io[2], io[3], il, ir, t0, t1);
1652 CAMELLIA_ROUNDSM(io[2], io[3],
1653 CamelliaSubkeyL(2), CamelliaSubkeyR(2),
1654 io[0], io[1], il, ir, t0, t1);
1656 /* post whitening but kw4 */
1657 io[2] ^= CamelliaSubkeyL(0);
1658 io[3] ^= CamelliaSubkeyR(0);