Context Navigation

camellia.c @ f244de9

4.1155-freebsd-126-freebsd-12freebsd-9.3

Last change on this file since f244de9 was f244de9, checked in by Sebastian Huber <sebastian.huber@…>, on 11/06/13 at 07:56:38

Rename rtems-bsd-config.h

Rename rtems-bsd-config.h in rtems-bsd-kernel-space.h.

Property mode set to 100644

File size: 47.5 KB

Line
1	#include <machine/rtems-bsd-kernel-space.h>
2
3	/* camellia.h ver 1.1.0
4	*
5	* Copyright (c) 2006
6	* NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	* 1. Redistributions of source code must retain the above copyright
12	* notice, this list of conditions and the following disclaimer as
13	* the first lines of this file unmodified.
14	* 2. Redistributions in binary form must reproduce the above copyright
15	* notice, this list of conditions and the following disclaimer in the
16	* documentation and/or other materials provided with the distribution.
17	*
18	* THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
19	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21	* IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
22	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28	*
29	* $FreeBSD$
30	*/
31
32	/*
33	* Algorithm Specification
34	* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
35	*/
36
37	#include <sys/cdefs.h>
38	#include <rtems/bsd/sys/types.h>
39	#include <sys/endian.h>
40	#ifdef _KERNEL
41	#include <sys/systm.h>
42	#else
43	#include <string.h>
44	#include <assert.h>
45	#define KASSERT(exp, msg) assert(exp)
46	#endif
47
48	#include <crypto/camellia/camellia.h>
49
50
51	/* key constants */
52
53	#define CAMELLIA_SIGMA1L (0xA09E667FL)
54	#define CAMELLIA_SIGMA1R (0x3BCC908BL)
55	#define CAMELLIA_SIGMA2L (0xB67AE858L)
56	#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
57	#define CAMELLIA_SIGMA3L (0xC6EF372FL)
58	#define CAMELLIA_SIGMA3R (0xE94F82BEL)
59	#define CAMELLIA_SIGMA4L (0x54FF53A5L)
60	#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
61	#define CAMELLIA_SIGMA5L (0x10E527FAL)
62	#define CAMELLIA_SIGMA5R (0xDE682D1DL)
63	#define CAMELLIA_SIGMA6L (0xB05688C2L)
64	#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
65
66	/*
67	* macros
68	*/
69	#define GETU32(pt) (((uint32_t)(pt)[0] << 24) \
70	^ ((uint32_t)(pt)[1] << 16) \
71	^ ((uint32_t)(pt)[2] << 8) \
72	^ ((uint32_t)(pt)[3]))
73
74	#define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24); \
75	(ct)[1] = (uint8_t)((st) >> 16); \
76	(ct)[2] = (uint8_t)((st) >> 8); \
77	(ct)[3] = (uint8_t)(st);}
78
79	#define SUBL(INDEX) (subkey[(INDEX)*2+1])
80	#define SUBR(INDEX) (subkey[(INDEX)*2])
81
82	#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
83	#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
84	#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
85
86	#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
87	do { \
88	w0 = ll; \
89	ll = (ll << bits) + (lr >> (32 - bits)); \
90	lr = (lr << bits) + (rl >> (32 - bits)); \
91	rl = (rl << bits) + (rr >> (32 - bits)); \
92	rr = (rr << bits) + (w0 >> (32 - bits)); \
93	} while(0)
94
95	#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
96	do { \
97	w0 = ll; \
98	w1 = lr; \
99	ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
100	lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
101	rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
102	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
103	} while(0)
104
105	#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
106	#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
107	#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
108	#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
109
110	#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
111	do { \
112	il = xl ^ kl; \
113	ir = xr ^ kr; \
114	t0 = il >> 16; \
115	t1 = ir >> 16; \
116	yl = CAMELLIA_SP1110(ir & 0xff) \
117	^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
118	^ CAMELLIA_SP3033(t1 & 0xff) \
119	^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
120	yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
121	^ CAMELLIA_SP0222(t0 & 0xff) \
122	^ CAMELLIA_SP3033((il >> 8) & 0xff) \
123	^ CAMELLIA_SP4404(il & 0xff); \
124	yl ^= yr; \
125	yr = CAMELLIA_RR8(yr); \
126	yr ^= yl; \
127	} while(0)
128
129
130	#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
131	do { \
132	t0 = kll; \
133	t2 = krr; \
134	t0 &= ll; \
135	t2 \|= rr; \
136	rl ^= t2; \
137	lr ^= CAMELLIA_RL1(t0); \
138	t3 = krl; \
139	t1 = klr; \
140	t3 &= rl; \
141	t1 \|= lr; \
142	ll ^= t1; \
143	rr ^= CAMELLIA_RL1(t3); \
144	} while(0)
145
146	#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
147	do { \
148	ir = CAMELLIA_SP1110(xr & 0xff); \
149	il = CAMELLIA_SP1110((xl>>24) & 0xff); \
150	ir ^= CAMELLIA_SP0222((xr>>24) & 0xff); \
151	il ^= CAMELLIA_SP0222((xl>>16) & 0xff); \
152	ir ^= CAMELLIA_SP3033((xr>>16) & 0xff); \
153	il ^= CAMELLIA_SP3033((xl>>8) & 0xff); \
154	ir ^= CAMELLIA_SP4404((xr>>8) & 0xff); \
155	il ^= CAMELLIA_SP4404(xl & 0xff); \
156	il ^= kl; \
157	ir ^= kr; \
158	ir ^= il; \
159	il = CAMELLIA_RR8(il); \
160	il ^= ir; \
161	yl ^= ir; \
162	yr ^= il; \
163	} while(0)
164
165
166	static const uint32_t camellia_sp1110[256] = {
167	0x70707000,0x82828200,0x2c2c2c00,0xececec00,
168	0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
169	0xe4e4e400,0x85858500,0x57575700,0x35353500,
170	0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
171	0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
172	0x45454500,0x19191900,0xa5a5a500,0x21212100,
173	0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
174	0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
175	0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
176	0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
177	0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
178	0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
179	0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
180	0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
181	0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
182	0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
183	0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
184	0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
185	0x74747400,0x12121200,0x2b2b2b00,0x20202000,
186	0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
187	0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
188	0x34343400,0x7e7e7e00,0x76767600,0x05050500,
189	0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
190	0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
191	0x14141400,0x58585800,0x3a3a3a00,0x61616100,
192	0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
193	0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
194	0x53535300,0x18181800,0xf2f2f200,0x22222200,
195	0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
196	0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
197	0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
198	0x60606000,0xfcfcfc00,0x69696900,0x50505000,
199	0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
200	0xa1a1a100,0x89898900,0x62626200,0x97979700,
201	0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
202	0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
203	0x10101000,0xc4c4c400,0x00000000,0x48484800,
204	0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
205	0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
206	0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
207	0x87878700,0x5c5c5c00,0x83838300,0x02020200,
208	0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
209	0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
210	0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
211	0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
212	0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
213	0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
214	0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
215	0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
216	0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
217	0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
218	0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
219	0x78787800,0x98989800,0x06060600,0x6a6a6a00,
220	0xe7e7e700,0x46464600,0x71717100,0xbababa00,
221	0xd4d4d400,0x25252500,0xababab00,0x42424200,
222	0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
223	0x72727200,0x07070700,0xb9b9b900,0x55555500,
224	0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
225	0x36363600,0x49494900,0x2a2a2a00,0x68686800,
226	0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
227	0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
228	0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
229	0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
230	0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
231	};
232
233	static const uint32_t camellia_sp0222[256] = {
234	0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
235	0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
236	0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
237	0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
238	0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
239	0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
240	0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
241	0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
242	0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
243	0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
244	0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
245	0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
246	0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
247	0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
248	0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
249	0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
250	0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
251	0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
252	0x00e8e8e8,0x00242424,0x00565656,0x00404040,
253	0x00e1e1e1,0x00636363,0x00090909,0x00333333,
254	0x00bfbfbf,0x00989898,0x00979797,0x00858585,
255	0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
256	0x00dadada,0x006f6f6f,0x00535353,0x00626262,
257	0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
258	0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
259	0x00bdbdbd,0x00363636,0x00222222,0x00383838,
260	0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
261	0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
262	0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
263	0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
264	0x00484848,0x00101010,0x00d1d1d1,0x00515151,
265	0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
266	0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
267	0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
268	0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
269	0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
270	0x00202020,0x00898989,0x00000000,0x00909090,
271	0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
272	0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
273	0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
274	0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
275	0x009b9b9b,0x00949494,0x00212121,0x00666666,
276	0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
277	0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
278	0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
279	0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
280	0x00030303,0x002d2d2d,0x00dedede,0x00969696,
281	0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
282	0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
283	0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
284	0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
285	0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
286	0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
287	0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
288	0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
289	0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
290	0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
291	0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
292	0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
293	0x00787878,0x00707070,0x00e3e3e3,0x00494949,
294	0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
295	0x00777777,0x00939393,0x00868686,0x00838383,
296	0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
297	0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
298	};
299
300	static const uint32_t camellia_sp3033[256] = {
301	0x38003838,0x41004141,0x16001616,0x76007676,
302	0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
303	0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
304	0x75007575,0x06000606,0x57005757,0xa000a0a0,
305	0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
306	0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
307	0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
308	0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
309	0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
310	0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
311	0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
312	0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
313	0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
314	0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
315	0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
316	0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
317	0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
318	0xfd00fdfd,0x66006666,0x58005858,0x96009696,
319	0x3a003a3a,0x09000909,0x95009595,0x10001010,
320	0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
321	0xef00efef,0x26002626,0xe500e5e5,0x61006161,
322	0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
323	0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
324	0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
325	0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
326	0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
327	0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
328	0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
329	0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
330	0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
331	0x12001212,0x04000404,0x74007474,0x54005454,
332	0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
333	0x55005555,0x68006868,0x50005050,0xbe00bebe,
334	0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
335	0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
336	0x70007070,0xff00ffff,0x32003232,0x69006969,
337	0x08000808,0x62006262,0x00000000,0x24002424,
338	0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
339	0x45004545,0x81008181,0x73007373,0x6d006d6d,
340	0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
341	0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
342	0xe600e6e6,0x25002525,0x48004848,0x99009999,
343	0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
344	0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
345	0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
346	0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
347	0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
348	0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
349	0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
350	0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
351	0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
352	0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
353	0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
354	0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
355	0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
356	0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
357	0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
358	0x7c007c7c,0x77007777,0x56005656,0x05000505,
359	0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
360	0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
361	0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
362	0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
363	0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
364	0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
365	};
366
367	static const uint32_t camellia_sp4404[256] = {
368	0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
369	0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
370	0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
371	0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
372	0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
373	0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
374	0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
375	0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
376	0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
377	0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
378	0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
379	0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
380	0x14140014,0x3a3a003a,0xdede00de,0x11110011,
381	0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
382	0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
383	0x24240024,0xe8e800e8,0x60600060,0x69690069,
384	0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
385	0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
386	0x10100010,0x00000000,0xa3a300a3,0x75750075,
387	0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
388	0x87870087,0x83830083,0xcdcd00cd,0x90900090,
389	0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
390	0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
391	0x81810081,0x6f6f006f,0x13130013,0x63630063,
392	0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
393	0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
394	0x78780078,0x06060006,0xe7e700e7,0x71710071,
395	0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
396	0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
397	0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
398	0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
399	0x15150015,0xadad00ad,0x77770077,0x80800080,
400	0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
401	0x85850085,0x35350035,0x0c0c000c,0x41410041,
402	0xefef00ef,0x93930093,0x19190019,0x21210021,
403	0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
404	0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
405	0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
406	0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
407	0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
408	0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
409	0x12120012,0x20200020,0xb1b100b1,0x99990099,
410	0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
411	0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
412	0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
413	0x0f0f000f,0x16160016,0x18180018,0x22220022,
414	0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
415	0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
416	0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
417	0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
418	0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
419	0x03030003,0xdada00da,0x3f3f003f,0x94940094,
420	0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
421	0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
422	0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
423	0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
424	0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
425	0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
426	0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
427	0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
428	0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
429	0x49490049,0x68680068,0x38380038,0xa4a400a4,
430	0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
431	0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
432	};
433
434
435	/*
436	* Stuff related to the Camellia key schedule
437	*/
438	#define subl(x) subL[(x)]
439	#define subr(x) subR[(x)]
440
441	void
442	camellia_setup128(const unsigned char key, uint32_t subkey)
443	{
444	uint32_t kll, klr, krl, krr;
445	uint32_t il, ir, t0, t1, w0, w1;
446	uint32_t kw4l, kw4r, dw, tl, tr;
447	uint32_t subL[26];
448	uint32_t subR[26];
449
450	/*
451	* k == kll \|\| klr \|\| krl \|\| krr (\|\| is concatination)
452	*/
453	kll = GETU32(key );
454	klr = GETU32(key + 4);
455	krl = GETU32(key + 8);
456	krr = GETU32(key + 12);
457	/*
458	* generate KL dependent subkeys
459	*/
460	subl(0) = kll; subr(0) = klr;
461	subl(1) = krl; subr(1) = krr;
462	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
463	subl(4) = kll; subr(4) = klr;
464	subl(5) = krl; subr(5) = krr;
465	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
466	subl(10) = kll; subr(10) = klr;
467	subl(11) = krl; subr(11) = krr;
468	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
469	subl(13) = krl; subr(13) = krr;
470	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
471	subl(16) = kll; subr(16) = klr;
472	subl(17) = krl; subr(17) = krr;
473	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
474	subl(18) = kll; subr(18) = klr;
475	subl(19) = krl; subr(19) = krr;
476	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
477	subl(22) = kll; subr(22) = klr;
478	subl(23) = krl; subr(23) = krr;
479
480	/* generate KA */
481	kll = subl(0); klr = subr(0);
482	krl = subl(1); krr = subr(1);
483	CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
484	w0, w1, il, ir, t0, t1);
485	krl ^= w0; krr ^= w1;
486	CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
487	kll, klr, il, ir, t0, t1);
488	CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
489	krl, krr, il, ir, t0, t1);
490	krl ^= w0; krr ^= w1;
491	CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
492	w0, w1, il, ir, t0, t1);
493	kll ^= w0; klr ^= w1;
494
495	/* generate KA dependent subkeys */
496	subl(2) = kll; subr(2) = klr;
497	subl(3) = krl; subr(3) = krr;
498	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
499	subl(6) = kll; subr(6) = klr;
500	subl(7) = krl; subr(7) = krr;
501	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
502	subl(8) = kll; subr(8) = klr;
503	subl(9) = krl; subr(9) = krr;
504	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
505	subl(12) = kll; subr(12) = klr;
506	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
507	subl(14) = kll; subr(14) = klr;
508	subl(15) = krl; subr(15) = krr;
509	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
510	subl(20) = kll; subr(20) = klr;
511	subl(21) = krl; subr(21) = krr;
512	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
513	subl(24) = kll; subr(24) = klr;
514	subl(25) = krl; subr(25) = krr;
515
516
517	/* absorb kw2 to other subkeys */
518	subl(3) ^= subl(1); subr(3) ^= subr(1);
519	subl(5) ^= subl(1); subr(5) ^= subr(1);
520	subl(7) ^= subl(1); subr(7) ^= subr(1);
521	subl(1) ^= subr(1) & ~subr(9);
522	dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
523	subl(11) ^= subl(1); subr(11) ^= subr(1);
524	subl(13) ^= subl(1); subr(13) ^= subr(1);
525	subl(15) ^= subl(1); subr(15) ^= subr(1);
526	subl(1) ^= subr(1) & ~subr(17);
527	dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
528	subl(19) ^= subl(1); subr(19) ^= subr(1);
529	subl(21) ^= subl(1); subr(21) ^= subr(1);
530	subl(23) ^= subl(1); subr(23) ^= subr(1);
531	subl(24) ^= subl(1); subr(24) ^= subr(1);
532
533	/* absorb kw4 to other subkeys */
534	kw4l = subl(25); kw4r = subr(25);
535	subl(22) ^= kw4l; subr(22) ^= kw4r;
536	subl(20) ^= kw4l; subr(20) ^= kw4r;
537	subl(18) ^= kw4l; subr(18) ^= kw4r;
538	kw4l ^= kw4r & ~subr(16);
539	dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
540	subl(14) ^= kw4l; subr(14) ^= kw4r;
541	subl(12) ^= kw4l; subr(12) ^= kw4r;
542	subl(10) ^= kw4l; subr(10) ^= kw4r;
543	kw4l ^= kw4r & ~subr(8);
544	dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
545	subl(6) ^= kw4l; subr(6) ^= kw4r;
546	subl(4) ^= kw4l; subr(4) ^= kw4r;
547	subl(2) ^= kw4l; subr(2) ^= kw4r;
548	subl(0) ^= kw4l; subr(0) ^= kw4r;
549
550	/* key XOR is end of F-function */
551	SUBL(0) = subl(0) ^ subl(2);
552	SUBR(0) = subr(0) ^ subr(2);
553	SUBL(2) = subl(3);
554	SUBR(2) = subr(3);
555	SUBL(3) = subl(2) ^ subl(4);
556	SUBR(3) = subr(2) ^ subr(4);
557	SUBL(4) = subl(3) ^ subl(5);
558	SUBR(4) = subr(3) ^ subr(5);
559	SUBL(5) = subl(4) ^ subl(6);
560	SUBR(5) = subr(4) ^ subr(6);
561	SUBL(6) = subl(5) ^ subl(7);
562	SUBR(6) = subr(5) ^ subr(7);
563	tl = subl(10) ^ (subr(10) & ~subr(8));
564	dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
565	SUBL(7) = subl(6) ^ tl;
566	SUBR(7) = subr(6) ^ tr;
567	SUBL(8) = subl(8);
568	SUBR(8) = subr(8);
569	SUBL(9) = subl(9);
570	SUBR(9) = subr(9);
571	tl = subl(7) ^ (subr(7) & ~subr(9));
572	dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
573	SUBL(10) = tl ^ subl(11);
574	SUBR(10) = tr ^ subr(11);
575	SUBL(11) = subl(10) ^ subl(12);
576	SUBR(11) = subr(10) ^ subr(12);
577	SUBL(12) = subl(11) ^ subl(13);
578	SUBR(12) = subr(11) ^ subr(13);
579	SUBL(13) = subl(12) ^ subl(14);
580	SUBR(13) = subr(12) ^ subr(14);
581	SUBL(14) = subl(13) ^ subl(15);
582	SUBR(14) = subr(13) ^ subr(15);
583	tl = subl(18) ^ (subr(18) & ~subr(16));
584	dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
585	SUBL(15) = subl(14) ^ tl;
586	SUBR(15) = subr(14) ^ tr;
587	SUBL(16) = subl(16);
588	SUBR(16) = subr(16);
589	SUBL(17) = subl(17);
590	SUBR(17) = subr(17);
591	tl = subl(15) ^ (subr(15) & ~subr(17));
592	dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
593	SUBL(18) = tl ^ subl(19);
594	SUBR(18) = tr ^ subr(19);
595	SUBL(19) = subl(18) ^ subl(20);
596	SUBR(19) = subr(18) ^ subr(20);
597	SUBL(20) = subl(19) ^ subl(21);
598	SUBR(20) = subr(19) ^ subr(21);
599	SUBL(21) = subl(20) ^ subl(22);
600	SUBR(21) = subr(20) ^ subr(22);
601	SUBL(22) = subl(21) ^ subl(23);
602	SUBR(22) = subr(21) ^ subr(23);
603	SUBL(23) = subl(22);
604	SUBR(23) = subr(22);
605	SUBL(24) = subl(24) ^ subl(23);
606	SUBR(24) = subr(24) ^ subr(23);
607
608	/* apply the inverse of the last half of P-function */
609	dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
610	SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
611	dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
612	SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
613	dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
614	SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
615	dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
616	SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
617	dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
618	SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
619	dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
620	SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
621	dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
622	SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
623	dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
624	SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
625	dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
626	SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
627	dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
628	SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
629	dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
630	SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
631	dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
632	SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
633	dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
634	SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
635	dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
636	SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
637	dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
638	SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
639	dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
640	SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
641	dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
642	SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
643	dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
644	SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
645	}
646
647	void
648	camellia_setup256(const unsigned char key, uint32_t subkey)
649	{
650	uint32_t kll,klr,krl,krr; /* left half of key */
651	uint32_t krll,krlr,krrl,krrr; /* right half of key */
652	uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */
653	uint32_t kw4l, kw4r, dw, tl, tr;
654	uint32_t subL[34];
655	uint32_t subR[34];
656
657	/*
658	* key = (kll \|\| klr \|\| krl \|\| krr \|\| krll \|\| krlr \|\| krrl \|\| krrr)
659	* (\|\| is concatination)
660	*/
661
662	kll = GETU32(key );
663	klr = GETU32(key + 4);
664	krl = GETU32(key + 8);
665	krr = GETU32(key + 12);
666	krll = GETU32(key + 16);
667	krlr = GETU32(key + 20);
668	krrl = GETU32(key + 24);
669	krrr = GETU32(key + 28);
670
671	/* generate KL dependent subkeys */
672	subl(0) = kll; subr(0) = klr;
673	subl(1) = krl; subr(1) = krr;
674	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
675	subl(12) = kll; subr(12) = klr;
676	subl(13) = krl; subr(13) = krr;
677	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
678	subl(16) = kll; subr(16) = klr;
679	subl(17) = krl; subr(17) = krr;
680	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
681	subl(22) = kll; subr(22) = klr;
682	subl(23) = krl; subr(23) = krr;
683	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
684	subl(30) = kll; subr(30) = klr;
685	subl(31) = krl; subr(31) = krr;
686
687	/* generate KR dependent subkeys */
688	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
689	subl(4) = krll; subr(4) = krlr;
690	subl(5) = krrl; subr(5) = krrr;
691	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
692	subl(8) = krll; subr(8) = krlr;
693	subl(9) = krrl; subr(9) = krrr;
694	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
695	subl(18) = krll; subr(18) = krlr;
696	subl(19) = krrl; subr(19) = krrr;
697	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
698	subl(26) = krll; subr(26) = krlr;
699	subl(27) = krrl; subr(27) = krrr;
700	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
701
702	/* generate KA */
703	kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
704	krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
705	CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
706	w0, w1, il, ir, t0, t1);
707	krl ^= w0; krr ^= w1;
708	CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
709	kll, klr, il, ir, t0, t1);
710	kll ^= krll; klr ^= krlr;
711	CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
712	krl, krr, il, ir, t0, t1);
713	krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
714	CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
715	w0, w1, il, ir, t0, t1);
716	kll ^= w0; klr ^= w1;
717
718	/* generate KB */
719	krll ^= kll; krlr ^= klr;
720	krrl ^= krl; krrr ^= krr;
721	CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
722	w0, w1, il, ir, t0, t1);
723	krrl ^= w0; krrr ^= w1;
724	CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
725	w0, w1, il, ir, t0, t1);
726	krll ^= w0; krlr ^= w1;
727
728	/* generate KA dependent subkeys */
729	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
730	subl(6) = kll; subr(6) = klr;
731	subl(7) = krl; subr(7) = krr;
732	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
733	subl(14) = kll; subr(14) = klr;
734	subl(15) = krl; subr(15) = krr;
735	subl(24) = klr; subr(24) = krl;
736	subl(25) = krr; subr(25) = kll;
737	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
738	subl(28) = kll; subr(28) = klr;
739	subl(29) = krl; subr(29) = krr;
740
741	/* generate KB dependent subkeys */
742	subl(2) = krll; subr(2) = krlr;
743	subl(3) = krrl; subr(3) = krrr;
744	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
745	subl(10) = krll; subr(10) = krlr;
746	subl(11) = krrl; subr(11) = krrr;
747	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
748	subl(20) = krll; subr(20) = krlr;
749	subl(21) = krrl; subr(21) = krrr;
750	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
751	subl(32) = krll; subr(32) = krlr;
752	subl(33) = krrl; subr(33) = krrr;
753
754	/* absorb kw2 to other subkeys */
755	subl(3) ^= subl(1); subr(3) ^= subr(1);
756	subl(5) ^= subl(1); subr(5) ^= subr(1);
757	subl(7) ^= subl(1); subr(7) ^= subr(1);
758	subl(1) ^= subr(1) & ~subr(9);
759	dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
760	subl(11) ^= subl(1); subr(11) ^= subr(1);
761	subl(13) ^= subl(1); subr(13) ^= subr(1);
762	subl(15) ^= subl(1); subr(15) ^= subr(1);
763	subl(1) ^= subr(1) & ~subr(17);
764	dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
765	subl(19) ^= subl(1); subr(19) ^= subr(1);
766	subl(21) ^= subl(1); subr(21) ^= subr(1);
767	subl(23) ^= subl(1); subr(23) ^= subr(1);
768	subl(1) ^= subr(1) & ~subr(25);
769	dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
770	subl(27) ^= subl(1); subr(27) ^= subr(1);
771	subl(29) ^= subl(1); subr(29) ^= subr(1);
772	subl(31) ^= subl(1); subr(31) ^= subr(1);
773	subl(32) ^= subl(1); subr(32) ^= subr(1);
774
775
776	/* absorb kw4 to other subkeys */
777	kw4l = subl(33); kw4r = subr(33);
778	subl(30) ^= kw4l; subr(30) ^= kw4r;
779	subl(28) ^= kw4l; subr(28) ^= kw4r;
780	subl(26) ^= kw4l; subr(26) ^= kw4r;
781	kw4l ^= kw4r & ~subr(24);
782	dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
783	subl(22) ^= kw4l; subr(22) ^= kw4r;
784	subl(20) ^= kw4l; subr(20) ^= kw4r;
785	subl(18) ^= kw4l; subr(18) ^= kw4r;
786	kw4l ^= kw4r & ~subr(16);
787	dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
788	subl(14) ^= kw4l; subr(14) ^= kw4r;
789	subl(12) ^= kw4l; subr(12) ^= kw4r;
790	subl(10) ^= kw4l; subr(10) ^= kw4r;
791	kw4l ^= kw4r & ~subr(8);
792	dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
793	subl(6) ^= kw4l; subr(6) ^= kw4r;
794	subl(4) ^= kw4l; subr(4) ^= kw4r;
795	subl(2) ^= kw4l; subr(2) ^= kw4r;
796	subl(0) ^= kw4l; subr(0) ^= kw4r;
797
798	/* key XOR is end of F-function */
799	SUBL(0) = subl(0) ^ subl(2);
800	SUBR(0) = subr(0) ^ subr(2);
801	SUBL(2) = subl(3);
802	SUBR(2) = subr(3);
803	SUBL(3) = subl(2) ^ subl(4);
804	SUBR(3) = subr(2) ^ subr(4);
805	SUBL(4) = subl(3) ^ subl(5);
806	SUBR(4) = subr(3) ^ subr(5);
807	SUBL(5) = subl(4) ^ subl(6);
808	SUBR(5) = subr(4) ^ subr(6);
809	SUBL(6) = subl(5) ^ subl(7);
810	SUBR(6) = subr(5) ^ subr(7);
811	tl = subl(10) ^ (subr(10) & ~subr(8));
812	dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
813	SUBL(7) = subl(6) ^ tl;
814	SUBR(7) = subr(6) ^ tr;
815	SUBL(8) = subl(8);
816	SUBR(8) = subr(8);
817	SUBL(9) = subl(9);
818	SUBR(9) = subr(9);
819	tl = subl(7) ^ (subr(7) & ~subr(9));
820	dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
821	SUBL(10) = tl ^ subl(11);
822	SUBR(10) = tr ^ subr(11);
823	SUBL(11) = subl(10) ^ subl(12);
824	SUBR(11) = subr(10) ^ subr(12);
825	SUBL(12) = subl(11) ^ subl(13);
826	SUBR(12) = subr(11) ^ subr(13);
827	SUBL(13) = subl(12) ^ subl(14);
828	SUBR(13) = subr(12) ^ subr(14);
829	SUBL(14) = subl(13) ^ subl(15);
830	SUBR(14) = subr(13) ^ subr(15);
831	tl = subl(18) ^ (subr(18) & ~subr(16));
832	dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
833	SUBL(15) = subl(14) ^ tl;
834	SUBR(15) = subr(14) ^ tr;
835	SUBL(16) = subl(16);
836	SUBR(16) = subr(16);
837	SUBL(17) = subl(17);
838	SUBR(17) = subr(17);
839	tl = subl(15) ^ (subr(15) & ~subr(17));
840	dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
841	SUBL(18) = tl ^ subl(19);
842	SUBR(18) = tr ^ subr(19);
843	SUBL(19) = subl(18) ^ subl(20);
844	SUBR(19) = subr(18) ^ subr(20);
845	SUBL(20) = subl(19) ^ subl(21);
846	SUBR(20) = subr(19) ^ subr(21);
847	SUBL(21) = subl(20) ^ subl(22);
848	SUBR(21) = subr(20) ^ subr(22);
849	SUBL(22) = subl(21) ^ subl(23);
850	SUBR(22) = subr(21) ^ subr(23);
851	tl = subl(26) ^ (subr(26) & ~subr(24));
852	dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
853	SUBL(23) = subl(22) ^ tl;
854	SUBR(23) = subr(22) ^ tr;
855	SUBL(24) = subl(24);
856	SUBR(24) = subr(24);
857	SUBL(25) = subl(25);
858	SUBR(25) = subr(25);
859	tl = subl(23) ^ (subr(23) & ~subr(25));
860	dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
861	SUBL(26) = tl ^ subl(27);
862	SUBR(26) = tr ^ subr(27);
863	SUBL(27) = subl(26) ^ subl(28);
864	SUBR(27) = subr(26) ^ subr(28);
865	SUBL(28) = subl(27) ^ subl(29);
866	SUBR(28) = subr(27) ^ subr(29);
867	SUBL(29) = subl(28) ^ subl(30);
868	SUBR(29) = subr(28) ^ subr(30);
869	SUBL(30) = subl(29) ^ subl(31);
870	SUBR(30) = subr(29) ^ subr(31);
871	SUBL(31) = subl(30);
872	SUBR(31) = subr(30);
873	SUBL(32) = subl(32) ^ subl(31);
874	SUBR(32) = subr(32) ^ subr(31);
875
876	/* apply the inverse of the last half of P-function */
877	dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
878	SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
879	dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
880	SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
881	dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
882	SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
883	dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
884	SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
885	dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
886	SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
887	dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
888	SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
889	dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
890	SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
891	dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
892	SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
893	dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
894	SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
895	dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
896	SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
897	dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
898	SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
899	dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
900	SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
901	dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
902	SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
903	dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
904	SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
905	dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
906	SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
907	dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
908	SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
909	dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
910	SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
911	dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
912	SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
913	dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw);
914	SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw;
915	dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw);
916	SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw;
917	dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw);
918	SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw;
919	dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw);
920	SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw;
921	dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw);
922	SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw;
923	dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw);
924	SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw;
925	}
926
927	void
928	camellia_setup192(const unsigned char key, uint32_t subkey)
929	{
930	unsigned char kk[32];
931	uint32_t krll, krlr, krrl,krrr;
932
933	memcpy(kk, key, 24);
934	memcpy((unsigned char *)&krll, key+16,4);
935	memcpy((unsigned char *)&krlr, key+20,4);
936	krrl = ~krll;
937	krrr = ~krlr;
938	memcpy(kk+24, (unsigned char *)&krrl, 4);
939	memcpy(kk+28, (unsigned char *)&krrr, 4);
940	camellia_setup256(kk, subkey);
941	}
942
943
944	/**
945	* Stuff related to camellia encryption/decryption
946	*/
947	void
948	camellia_encrypt128(const uint32_t subkey, uint32_t io)
949	{
950	uint32_t il, ir, t0, t1;
951
952	/* pre whitening but absorb kw2*/
953	io[0] ^= SUBL(0);
954	io[1] ^= SUBR(0);
955	/* main iteration */
956
957	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
958	io[2],io[3],il,ir,t0,t1);
959	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
960	io[0],io[1],il,ir,t0,t1);
961	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
962	io[2],io[3],il,ir,t0,t1);
963	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
964	io[0],io[1],il,ir,t0,t1);
965	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
966	io[2],io[3],il,ir,t0,t1);
967	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
968	io[0],io[1],il,ir,t0,t1);
969
970	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
971	t0,t1,il,ir);
972
973	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
974	io[2],io[3],il,ir,t0,t1);
975	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
976	io[0],io[1],il,ir,t0,t1);
977	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
978	io[2],io[3],il,ir,t0,t1);
979	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
980	io[0],io[1],il,ir,t0,t1);
981	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
982	io[2],io[3],il,ir,t0,t1);
983	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
984	io[0],io[1],il,ir,t0,t1);
985
986	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17),
987	t0,t1,il,ir);
988
989	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
990	io[2],io[3],il,ir,t0,t1);
991	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
992	io[0],io[1],il,ir,t0,t1);
993	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
994	io[2],io[3],il,ir,t0,t1);
995	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
996	io[0],io[1],il,ir,t0,t1);
997	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
998	io[2],io[3],il,ir,t0,t1);
999	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
1000	io[0],io[1],il,ir,t0,t1);
1001
1002	/* post whitening but kw4 */
1003	io[2] ^= SUBL(24);
1004	io[3] ^= SUBR(24);
1005
1006	t0 = io[0];
1007	t1 = io[1];
1008	io[0] = io[2];
1009	io[1] = io[3];
1010	io[2] = t0;
1011	io[3] = t1;
1012	}
1013
1014	void
1015	camellia_decrypt128(const uint32_t subkey, uint32_t io)
1016	{
1017	uint32_t il,ir,t0,t1; /* temporary valiables */
1018
1019	/* pre whitening but absorb kw2*/
1020	io[0] ^= SUBL(24);
1021	io[1] ^= SUBR(24);
1022
1023	/* main iteration */
1024	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23),
1025	io[2],io[3],il,ir,t0,t1);
1026	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22),
1027	io[0],io[1],il,ir,t0,t1);
1028	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21),
1029	io[2],io[3],il,ir,t0,t1);
1030	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20),
1031	io[0],io[1],il,ir,t0,t1);
1032	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19),
1033	io[2],io[3],il,ir,t0,t1);
1034	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18),
1035	io[0],io[1],il,ir,t0,t1);
1036
1037	CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16),
1038	t0,t1,il,ir);
1039
1040	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15),
1041	io[2],io[3],il,ir,t0,t1);
1042	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14),
1043	io[0],io[1],il,ir,t0,t1);
1044	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13),
1045	io[2],io[3],il,ir,t0,t1);
1046	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12),
1047	io[0],io[1],il,ir,t0,t1);
1048	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11),
1049	io[2],io[3],il,ir,t0,t1);
1050	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10),
1051	io[0],io[1],il,ir,t0,t1);
1052
1053	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8),
1054	t0,t1,il,ir);
1055
1056	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7),
1057	io[2],io[3],il,ir,t0,t1);
1058	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6),
1059	io[0],io[1],il,ir,t0,t1);
1060	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5),
1061	io[2],io[3],il,ir,t0,t1);
1062	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4),
1063	io[0],io[1],il,ir,t0,t1);
1064	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3),
1065	io[2],io[3],il,ir,t0,t1);
1066	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2),
1067	io[0],io[1],il,ir,t0,t1);
1068
1069	/* post whitening but kw4 */
1070	io[2] ^= SUBL(0);
1071	io[3] ^= SUBR(0);
1072
1073	t0 = io[0];
1074	t1 = io[1];
1075	io[0] = io[2];
1076	io[1] = io[3];
1077	io[2] = t0;
1078	io[3] = t1;
1079	}
1080
1081	/**
1082	* stuff for 192 and 256bit encryption/decryption
1083	*/
1084	void
1085	camellia_encrypt256(const uint32_t subkey, uint32_t io)
1086	{
1087	uint32_t il,ir,t0,t1; /* temporary valiables */
1088
1089	/* pre whitening but absorb kw2*/
1090	io[0] ^= SUBL(0);
1091	io[1] ^= SUBR(0);
1092
1093	/* main iteration */
1094	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
1095	io[2],io[3],il,ir,t0,t1);
1096	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
1097	io[0],io[1],il,ir,t0,t1);
1098	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
1099	io[2],io[3],il,ir,t0,t1);
1100	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
1101	io[0],io[1],il,ir,t0,t1);
1102	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
1103	io[2],io[3],il,ir,t0,t1);
1104	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
1105	io[0],io[1],il,ir,t0,t1);
1106
1107	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
1108	t0,t1,il,ir);
1109
1110	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
1111	io[2],io[3],il,ir,t0,t1);
1112	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
1113	io[0],io[1],il,ir,t0,t1);
1114	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
1115	io[2],io[3],il,ir,t0,t1);
1116	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
1117	io[0],io[1],il,ir,t0,t1);
1118	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
1119	io[2],io[3],il,ir,t0,t1);
1120	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
1121	io[0],io[1],il,ir,t0,t1);
1122
1123	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17),
1124	t0,t1,il,ir);
1125
1126	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
1127	io[2],io[3],il,ir,t0,t1);
1128	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
1129	io[0],io[1],il,ir,t0,t1);
1130	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
1131	io[2],io[3],il,ir,t0,t1);
1132	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
1133	io[0],io[1],il,ir,t0,t1);
1134	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
1135	io[2],io[3],il,ir,t0,t1);
1136	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
1137	io[0],io[1],il,ir,t0,t1);
1138
1139	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25),
1140	t0,t1,il,ir);
1141
1142	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26),
1143	io[2],io[3],il,ir,t0,t1);
1144	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27),
1145	io[0],io[1],il,ir,t0,t1);
1146	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28),
1147	io[2],io[3],il,ir,t0,t1);
1148	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29),
1149	io[0],io[1],il,ir,t0,t1);
1150	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30),
1151	io[2],io[3],il,ir,t0,t1);
1152	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31),
1153	io[0],io[1],il,ir,t0,t1);
1154
1155	/* post whitening but kw4 */
1156	io[2] ^= SUBL(32);
1157	io[3] ^= SUBR(32);
1158
1159	t0 = io[0];
1160	t1 = io[1];
1161	io[0] = io[2];
1162	io[1] = io[3];
1163	io[2] = t0;
1164	io[3] = t1;
1165	}
1166
1167	void
1168	camellia_decrypt256(const uint32_t subkey, uint32_t io)
1169	{
1170	uint32_t il,ir,t0,t1; /* temporary valiables */
1171
1172	/* pre whitening but absorb kw2*/
1173	io[0] ^= SUBL(32);
1174	io[1] ^= SUBR(32);
1175
1176	/* main iteration */
1177	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31),
1178	io[2],io[3],il,ir,t0,t1);
1179	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30),
1180	io[0],io[1],il,ir,t0,t1);
1181	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29),
1182	io[2],io[3],il,ir,t0,t1);
1183	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28),
1184	io[0],io[1],il,ir,t0,t1);
1185	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27),
1186	io[2],io[3],il,ir,t0,t1);
1187	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26),
1188	io[0],io[1],il,ir,t0,t1);
1189
1190	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24),
1191	t0,t1,il,ir);
1192
1193	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23),
1194	io[2],io[3],il,ir,t0,t1);
1195	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22),
1196	io[0],io[1],il,ir,t0,t1);
1197	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21),
1198	io[2],io[3],il,ir,t0,t1);
1199	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20),
1200	io[0],io[1],il,ir,t0,t1);
1201	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19),
1202	io[2],io[3],il,ir,t0,t1);
1203	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18),
1204	io[0],io[1],il,ir,t0,t1);
1205
1206	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16),
1207	t0,t1,il,ir);
1208
1209	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15),
1210	io[2],io[3],il,ir,t0,t1);
1211	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14),
1212	io[0],io[1],il,ir,t0,t1);
1213	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13),
1214	io[2],io[3],il,ir,t0,t1);
1215	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12),
1216	io[0],io[1],il,ir,t0,t1);
1217	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11),
1218	io[2],io[3],il,ir,t0,t1);
1219	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10),
1220	io[0],io[1],il,ir,t0,t1);
1221
1222	CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8),
1223	t0,t1,il,ir);
1224
1225	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7),
1226	io[2],io[3],il,ir,t0,t1);
1227	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6),
1228	io[0],io[1],il,ir,t0,t1);
1229	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5),
1230	io[2],io[3],il,ir,t0,t1);
1231	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4),
1232	io[0],io[1],il,ir,t0,t1);
1233	CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3),
1234	io[2],io[3],il,ir,t0,t1);
1235	CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2),
1236	io[0],io[1],il,ir,t0,t1);
1237
1238	/* post whitening but kw4 */
1239	io[2] ^= SUBL(0);
1240	io[3] ^= SUBR(0);
1241
1242	t0 = io[0];
1243	t1 = io[1];
1244	io[0] = io[2];
1245	io[1] = io[3];
1246	io[2] = t0;
1247	io[3] = t1;
1248	}
1249
1250	void
1251	Camellia_Ekeygen(const int keyBitLength,
1252	const unsigned char *rawKey,
1253	uint32_t *subkey)
1254	{
1255	KASSERT(keyBitLength == 128 \|\| keyBitLength == 192 \|\| keyBitLength == 256,
1256	("Invalid key size (%d).", keyBitLength));
1257
1258	switch(keyBitLength) {
1259	case 128:
1260	camellia_setup128(rawKey, subkey);
1261	break;
1262	case 192:
1263	camellia_setup192(rawKey, subkey);
1264	break;
1265	case 256:
1266	camellia_setup256(rawKey, subkey);
1267	break;
1268	default:
1269	break;
1270	}
1271	}
1272	void
1273	Camellia_EncryptBlock(const int keyBitLength,
1274	const unsigned char *plaintext,
1275	const uint32_t *subkey,
1276	unsigned char *ciphertext)
1277	{
1278	uint32_t tmp[4];
1279
1280	tmp[0] = GETU32(plaintext);
1281	tmp[1] = GETU32(plaintext + 4);
1282	tmp[2] = GETU32(plaintext + 8);
1283	tmp[3] = GETU32(plaintext + 12);
1284
1285	switch (keyBitLength) {
1286	case 128:
1287	camellia_encrypt128(subkey, tmp);
1288	break;
1289	case 192:
1290	/* fall through */
1291	case 256:
1292	camellia_encrypt256(subkey, tmp);
1293	break;
1294	default:
1295	break;
1296	}
1297
1298	PUTU32(ciphertext, tmp[0]);
1299	PUTU32(ciphertext+4, tmp[1]);
1300	PUTU32(ciphertext+8, tmp[2]);
1301	PUTU32(ciphertext+12, tmp[3]);
1302	}
1303
1304	void
1305	Camellia_DecryptBlock(const int keyBitLength,
1306	const unsigned char *ciphertext,
1307	const uint32_t *subkey,
1308	unsigned char *plaintext)
1309	{
1310	uint32_t tmp[4];
1311
1312	tmp[0] = GETU32(ciphertext);
1313	tmp[1] = GETU32(ciphertext + 4);
1314	tmp[2] = GETU32(ciphertext + 8);
1315	tmp[3] = GETU32(ciphertext + 12);
1316
1317	switch (keyBitLength) {
1318	case 128:
1319	camellia_decrypt128(subkey, tmp);
1320	break;
1321	case 192:
1322	/* fall through */
1323	case 256:
1324	camellia_decrypt256(subkey, tmp);
1325	break;
1326	default:
1327	break;
1328	}
1329
1330	PUTU32(plaintext, tmp[0]);
1331	PUTU32(plaintext+4, tmp[1]);
1332	PUTU32(plaintext+8, tmp[2]);
1333	PUTU32(plaintext+12, tmp[3]);
1334	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/freebsd/sys/crypto/camellia/camellia.c @ f244de9

Download in other formats: