The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/crypto/camellia/camellia.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /* camellia.h ver 1.1.0
    2  *
    3  * Copyright (c) 2006
    4  * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
    5  *
    6  * Redistribution and use in source and binary forms, with or without
    7  * modification, are permitted provided that the following conditions
    8  * are met:
    9  * 1. Redistributions of source code must retain the above copyright
   10  *   notice, this list of conditions and the following disclaimer as
   11  *   the first lines of this file unmodified.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *   notice, this list of conditions and the following disclaimer in the
   14  *   documentation and/or other materials provided with the distribution.
   15  *
   16  * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
   17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   19  * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
   20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   26  *
   27  * $FreeBSD: src/sys/crypto/camellia/camellia.c,v 1.1 2007/05/09 19:37:01 gnn Exp $
   28  */
   29 
   30 /*
   31  * Algorithm Specification
   32  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
   33  */
   34 
   35 #include <sys/types.h>
   36 #include <sys/endian.h>
   37 #ifdef _KERNEL
   38 #include <sys/param.h>
   39 #include <sys/systm.h>
   40 #else
   41 #include <string.h>
   42 #include <assert.h>
   43 #define KASSERT(exp, msg) assert(exp)
   44 #endif
   45 
   46 #include <crypto/camellia/camellia.h>
   47 
   48 
   49 /* key constants */
   50 
   51 #define CAMELLIA_SIGMA1L (0xA09E667FL)
   52 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
   53 #define CAMELLIA_SIGMA2L (0xB67AE858L)
   54 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
   55 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
   56 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
   57 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
   58 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
   59 #define CAMELLIA_SIGMA5L (0x10E527FAL)
   60 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
   61 #define CAMELLIA_SIGMA6L (0xB05688C2L)
   62 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
   63 
   64 /*
   65  *  macros
   66  */
   67 #define GETU32(pt) (((uint32_t)(pt)[0] << 24)           \
   68                      ^ ((uint32_t)(pt)[1] << 16)        \
   69                      ^ ((uint32_t)(pt)[2] <<  8)        \
   70                      ^ ((uint32_t)(pt)[3]))
   71 
   72 #define PUTU32(ct, st) {(ct)[0] = (uint8_t)((st) >> 24);        \
   73                         (ct)[1] = (uint8_t)((st) >> 16);        \
   74                         (ct)[2] = (uint8_t)((st) >>  8);        \
   75                         (ct)[3] = (uint8_t)(st);}
   76 
   77 #define SUBL(INDEX) (subkey[(INDEX)*2+1])
   78 #define SUBR(INDEX) (subkey[(INDEX)*2])
   79 
   80 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
   81 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
   82 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
   83 
   84 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
   85     do {                                                \
   86         w0 = ll;                                        \
   87         ll = (ll << bits) + (lr >> (32 - bits));        \
   88         lr = (lr << bits) + (rl >> (32 - bits));        \
   89         rl = (rl << bits) + (rr >> (32 - bits));        \
   90         rr = (rr << bits) + (w0 >> (32 - bits));        \
   91     } while(0)
   92 
   93 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
   94     do {                                                \
   95         w0 = ll;                                        \
   96         w1 = lr;                                        \
   97         ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
   98         lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
   99         rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
  100         rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
  101     } while(0)
  102 
  103 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
  104 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
  105 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
  106 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
  107 
  108 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)      \
  109     do {                                                        \
  110         il = xl ^ kl;                                           \
  111         ir = xr ^ kr;                                           \
  112         t0 = il >> 16;                                          \
  113         t1 = ir >> 16;                                          \
  114         yl = CAMELLIA_SP1110(ir & 0xff)                         \
  115             ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                 \
  116             ^ CAMELLIA_SP3033(t1 & 0xff)                        \
  117             ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                \
  118         yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                  \
  119             ^ CAMELLIA_SP0222(t0 & 0xff)                        \
  120             ^ CAMELLIA_SP3033((il >> 8) & 0xff)                 \
  121             ^ CAMELLIA_SP4404(il & 0xff);                       \
  122         yl ^= yr;                                               \
  123         yr = CAMELLIA_RR8(yr);                                  \
  124         yr ^= yl;                                               \
  125     } while(0)
  126 
  127 
  128 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
  129     do {                                                                \
  130         t0 = kll;                                                       \
  131         t2 = krr;                                                       \
  132         t0 &= ll;                                                       \
  133         t2 |= rr;                                                       \
  134         rl ^= t2;                                                       \
  135         lr ^= CAMELLIA_RL1(t0);                                         \
  136         t3 = krl;                                                       \
  137         t1 = klr;                                                       \
  138         t3 &= rl;                                                       \
  139         t1 |= lr;                                                       \
  140         ll ^= t1;                                                       \
  141         rr ^= CAMELLIA_RL1(t3);                                         \
  142     } while(0)
  143 
  144 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
  145     do {                                                                \
  146         ir =  CAMELLIA_SP1110(xr & 0xff);                               \
  147         il =  CAMELLIA_SP1110((xl>>24) & 0xff);                         \
  148         ir ^= CAMELLIA_SP0222((xr>>24) & 0xff);                         \
  149         il ^= CAMELLIA_SP0222((xl>>16) & 0xff);                         \
  150         ir ^= CAMELLIA_SP3033((xr>>16) & 0xff);                         \
  151         il ^= CAMELLIA_SP3033((xl>>8) & 0xff);                          \
  152         ir ^= CAMELLIA_SP4404((xr>>8) & 0xff);                          \
  153         il ^= CAMELLIA_SP4404(xl & 0xff);                               \
  154         il ^= kl;                                                       \
  155         ir ^= kr;                                                       \
  156         ir ^= il;                                                       \
  157         il = CAMELLIA_RR8(il);                                          \
  158         il ^= ir;                                                       \
  159         yl ^= ir;                                                       \
  160         yr ^= il;                                                       \
  161     } while(0)
  162 
  163 
  164 static const uint32_t camellia_sp1110[256] = {
  165     0x70707000,0x82828200,0x2c2c2c00,0xececec00,
  166     0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
  167     0xe4e4e400,0x85858500,0x57575700,0x35353500,
  168     0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
  169     0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
  170     0x45454500,0x19191900,0xa5a5a500,0x21212100,
  171     0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
  172     0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
  173     0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
  174     0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
  175     0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
  176     0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
  177     0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
  178     0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
  179     0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
  180     0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
  181     0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
  182     0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
  183     0x74747400,0x12121200,0x2b2b2b00,0x20202000,
  184     0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
  185     0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
  186     0x34343400,0x7e7e7e00,0x76767600,0x05050500,
  187     0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
  188     0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
  189     0x14141400,0x58585800,0x3a3a3a00,0x61616100,
  190     0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
  191     0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
  192     0x53535300,0x18181800,0xf2f2f200,0x22222200,
  193     0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
  194     0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
  195     0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
  196     0x60606000,0xfcfcfc00,0x69696900,0x50505000,
  197     0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
  198     0xa1a1a100,0x89898900,0x62626200,0x97979700,
  199     0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
  200     0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
  201     0x10101000,0xc4c4c400,0x00000000,0x48484800,
  202     0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
  203     0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
  204     0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
  205     0x87878700,0x5c5c5c00,0x83838300,0x02020200,
  206     0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
  207     0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
  208     0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
  209     0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
  210     0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
  211     0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
  212     0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
  213     0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
  214     0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
  215     0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
  216     0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
  217     0x78787800,0x98989800,0x06060600,0x6a6a6a00,
  218     0xe7e7e700,0x46464600,0x71717100,0xbababa00,
  219     0xd4d4d400,0x25252500,0xababab00,0x42424200,
  220     0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
  221     0x72727200,0x07070700,0xb9b9b900,0x55555500,
  222     0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
  223     0x36363600,0x49494900,0x2a2a2a00,0x68686800,
  224     0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
  225     0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
  226     0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
  227     0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
  228     0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
  229 };
  230 
  231 static const uint32_t camellia_sp0222[256] = {
  232     0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
  233     0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
  234     0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
  235     0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
  236     0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
  237     0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
  238     0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
  239     0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
  240     0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
  241     0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
  242     0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
  243     0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
  244     0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
  245     0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
  246     0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
  247     0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
  248     0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
  249     0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
  250     0x00e8e8e8,0x00242424,0x00565656,0x00404040,
  251     0x00e1e1e1,0x00636363,0x00090909,0x00333333,
  252     0x00bfbfbf,0x00989898,0x00979797,0x00858585,
  253     0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
  254     0x00dadada,0x006f6f6f,0x00535353,0x00626262,
  255     0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
  256     0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
  257     0x00bdbdbd,0x00363636,0x00222222,0x00383838,
  258     0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
  259     0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
  260     0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
  261     0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
  262     0x00484848,0x00101010,0x00d1d1d1,0x00515151,
  263     0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
  264     0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
  265     0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
  266     0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
  267     0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
  268     0x00202020,0x00898989,0x00000000,0x00909090,
  269     0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
  270     0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
  271     0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
  272     0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
  273     0x009b9b9b,0x00949494,0x00212121,0x00666666,
  274     0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
  275     0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
  276     0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
  277     0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
  278     0x00030303,0x002d2d2d,0x00dedede,0x00969696,
  279     0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
  280     0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
  281     0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
  282     0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
  283     0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
  284     0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
  285     0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
  286     0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
  287     0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
  288     0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
  289     0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
  290     0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
  291     0x00787878,0x00707070,0x00e3e3e3,0x00494949,
  292     0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
  293     0x00777777,0x00939393,0x00868686,0x00838383,
  294     0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
  295     0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
  296 };
  297 
  298 static const uint32_t camellia_sp3033[256] = {
  299     0x38003838,0x41004141,0x16001616,0x76007676,
  300     0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
  301     0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
  302     0x75007575,0x06000606,0x57005757,0xa000a0a0,
  303     0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
  304     0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
  305     0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
  306     0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
  307     0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
  308     0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
  309     0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
  310     0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
  311     0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
  312     0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
  313     0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
  314     0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
  315     0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
  316     0xfd00fdfd,0x66006666,0x58005858,0x96009696,
  317     0x3a003a3a,0x09000909,0x95009595,0x10001010,
  318     0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
  319     0xef00efef,0x26002626,0xe500e5e5,0x61006161,
  320     0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
  321     0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
  322     0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
  323     0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
  324     0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
  325     0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
  326     0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
  327     0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
  328     0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
  329     0x12001212,0x04000404,0x74007474,0x54005454,
  330     0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
  331     0x55005555,0x68006868,0x50005050,0xbe00bebe,
  332     0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
  333     0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
  334     0x70007070,0xff00ffff,0x32003232,0x69006969,
  335     0x08000808,0x62006262,0x00000000,0x24002424,
  336     0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
  337     0x45004545,0x81008181,0x73007373,0x6d006d6d,
  338     0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
  339     0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
  340     0xe600e6e6,0x25002525,0x48004848,0x99009999,
  341     0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
  342     0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
  343     0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
  344     0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
  345     0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
  346     0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
  347     0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
  348     0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
  349     0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
  350     0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
  351     0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
  352     0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
  353     0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
  354     0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
  355     0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
  356     0x7c007c7c,0x77007777,0x56005656,0x05000505,
  357     0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
  358     0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
  359     0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
  360     0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
  361     0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
  362     0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
  363 };
  364 
  365 static const uint32_t camellia_sp4404[256] = {
  366     0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
  367     0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
  368     0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
  369     0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
  370     0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
  371     0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
  372     0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
  373     0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
  374     0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
  375     0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
  376     0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
  377     0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
  378     0x14140014,0x3a3a003a,0xdede00de,0x11110011,
  379     0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
  380     0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
  381     0x24240024,0xe8e800e8,0x60600060,0x69690069,
  382     0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
  383     0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
  384     0x10100010,0x00000000,0xa3a300a3,0x75750075,
  385     0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
  386     0x87870087,0x83830083,0xcdcd00cd,0x90900090,
  387     0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
  388     0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
  389     0x81810081,0x6f6f006f,0x13130013,0x63630063,
  390     0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
  391     0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
  392     0x78780078,0x06060006,0xe7e700e7,0x71710071,
  393     0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
  394     0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
  395     0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
  396     0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
  397     0x15150015,0xadad00ad,0x77770077,0x80800080,
  398     0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
  399     0x85850085,0x35350035,0x0c0c000c,0x41410041,
  400     0xefef00ef,0x93930093,0x19190019,0x21210021,
  401     0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
  402     0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
  403     0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
  404     0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
  405     0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
  406     0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
  407     0x12120012,0x20200020,0xb1b100b1,0x99990099,
  408     0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
  409     0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
  410     0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
  411     0x0f0f000f,0x16160016,0x18180018,0x22220022,
  412     0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
  413     0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
  414     0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
  415     0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
  416     0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
  417     0x03030003,0xdada00da,0x3f3f003f,0x94940094,
  418     0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
  419     0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
  420     0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
  421     0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
  422     0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
  423     0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
  424     0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
  425     0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
  426     0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
  427     0x49490049,0x68680068,0x38380038,0xa4a400a4,
  428     0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
  429     0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
  430 };
  431 
  432 
  433 /*
  434  * Stuff related to the Camellia key schedule
  435  */
  436 #define subl(x) subL[(x)]
  437 #define subr(x) subR[(x)]
  438 
  439 void
  440 camellia_setup128(const unsigned char *key, uint32_t *subkey)
  441 {
  442     uint32_t kll, klr, krl, krr;
  443     uint32_t il, ir, t0, t1, w0, w1;
  444     uint32_t kw4l, kw4r, dw, tl, tr;
  445     uint32_t subL[26];
  446     uint32_t subR[26];
  447 
  448     /*
  449      *  k == kll || klr || krl || krr (|| is concatination)
  450      */
  451     kll = GETU32(key     );
  452     klr = GETU32(key +  4);
  453     krl = GETU32(key +  8);
  454     krr = GETU32(key + 12);
  455     /*
  456      * generate KL dependent subkeys
  457      */
  458     subl(0) = kll; subr(0) = klr;
  459     subl(1) = krl; subr(1) = krr;
  460     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  461     subl(4) = kll; subr(4) = klr;
  462     subl(5) = krl; subr(5) = krr;
  463     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
  464     subl(10) = kll; subr(10) = klr;
  465     subl(11) = krl; subr(11) = krr;
  466     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  467     subl(13) = krl; subr(13) = krr;
  468     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
  469     subl(16) = kll; subr(16) = klr;
  470     subl(17) = krl; subr(17) = krr;
  471     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
  472     subl(18) = kll; subr(18) = klr;
  473     subl(19) = krl; subr(19) = krr;
  474     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
  475     subl(22) = kll; subr(22) = klr;
  476     subl(23) = krl; subr(23) = krr;
  477 
  478     /* generate KA */
  479     kll = subl(0); klr = subr(0);
  480     krl = subl(1); krr = subr(1);
  481     CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
  482                w0, w1, il, ir, t0, t1);
  483     krl ^= w0; krr ^= w1;
  484     CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
  485                kll, klr, il, ir, t0, t1);
  486     CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
  487                krl, krr, il, ir, t0, t1);
  488     krl ^= w0; krr ^= w1;
  489     CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
  490                w0, w1, il, ir, t0, t1);
  491     kll ^= w0; klr ^= w1;
  492 
  493     /* generate KA dependent subkeys */
  494     subl(2) = kll; subr(2) = klr;
  495     subl(3) = krl; subr(3) = krr;
  496     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  497     subl(6) = kll; subr(6) = klr;
  498     subl(7) = krl; subr(7) = krr;
  499     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  500     subl(8) = kll; subr(8) = klr;
  501     subl(9) = krl; subr(9) = krr;
  502     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  503     subl(12) = kll; subr(12) = klr;
  504     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  505     subl(14) = kll; subr(14) = klr;
  506     subl(15) = krl; subr(15) = krr;
  507     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
  508     subl(20) = kll; subr(20) = klr;
  509     subl(21) = krl; subr(21) = krr;
  510     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
  511     subl(24) = kll; subr(24) = klr;
  512     subl(25) = krl; subr(25) = krr;
  513 
  514 
  515     /* absorb kw2 to other subkeys */
  516     subl(3) ^= subl(1); subr(3) ^= subr(1);
  517     subl(5) ^= subl(1); subr(5) ^= subr(1);
  518     subl(7) ^= subl(1); subr(7) ^= subr(1);
  519     subl(1) ^= subr(1) & ~subr(9);
  520     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
  521     subl(11) ^= subl(1); subr(11) ^= subr(1);
  522     subl(13) ^= subl(1); subr(13) ^= subr(1);
  523     subl(15) ^= subl(1); subr(15) ^= subr(1);
  524     subl(1) ^= subr(1) & ~subr(17);
  525     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
  526     subl(19) ^= subl(1); subr(19) ^= subr(1);
  527     subl(21) ^= subl(1); subr(21) ^= subr(1);
  528     subl(23) ^= subl(1); subr(23) ^= subr(1);
  529     subl(24) ^= subl(1); subr(24) ^= subr(1);
  530 
  531     /* absorb kw4 to other subkeys */
  532     kw4l = subl(25); kw4r = subr(25);
  533     subl(22) ^= kw4l; subr(22) ^= kw4r;
  534     subl(20) ^= kw4l; subr(20) ^= kw4r;
  535     subl(18) ^= kw4l; subr(18) ^= kw4r;
  536     kw4l ^= kw4r & ~subr(16);
  537     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
  538     subl(14) ^= kw4l; subr(14) ^= kw4r;
  539     subl(12) ^= kw4l; subr(12) ^= kw4r;
  540     subl(10) ^= kw4l; subr(10) ^= kw4r;
  541     kw4l ^= kw4r & ~subr(8);
  542     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
  543     subl(6) ^= kw4l; subr(6) ^= kw4r;
  544     subl(4) ^= kw4l; subr(4) ^= kw4r;
  545     subl(2) ^= kw4l; subr(2) ^= kw4r;
  546     subl(0) ^= kw4l; subr(0) ^= kw4r;
  547 
  548     /* key XOR is end of F-function */
  549     SUBL(0) = subl(0) ^ subl(2);
  550     SUBR(0) = subr(0) ^ subr(2);
  551     SUBL(2) = subl(3);
  552     SUBR(2) = subr(3);
  553     SUBL(3) = subl(2) ^ subl(4);
  554     SUBR(3) = subr(2) ^ subr(4);
  555     SUBL(4) = subl(3) ^ subl(5);
  556     SUBR(4) = subr(3) ^ subr(5);
  557     SUBL(5) = subl(4) ^ subl(6);
  558     SUBR(5) = subr(4) ^ subr(6);
  559     SUBL(6) = subl(5) ^ subl(7);
  560     SUBR(6) = subr(5) ^ subr(7);
  561     tl = subl(10) ^ (subr(10) & ~subr(8));
  562     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
  563     SUBL(7) = subl(6) ^ tl;
  564     SUBR(7) = subr(6) ^ tr;
  565     SUBL(8) = subl(8);
  566     SUBR(8) = subr(8);
  567     SUBL(9) = subl(9);
  568     SUBR(9) = subr(9);
  569     tl = subl(7) ^ (subr(7) & ~subr(9));
  570     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
  571     SUBL(10) = tl ^ subl(11);
  572     SUBR(10) = tr ^ subr(11);
  573     SUBL(11) = subl(10) ^ subl(12);
  574     SUBR(11) = subr(10) ^ subr(12);
  575     SUBL(12) = subl(11) ^ subl(13);
  576     SUBR(12) = subr(11) ^ subr(13);
  577     SUBL(13) = subl(12) ^ subl(14);
  578     SUBR(13) = subr(12) ^ subr(14);
  579     SUBL(14) = subl(13) ^ subl(15);
  580     SUBR(14) = subr(13) ^ subr(15);
  581     tl = subl(18) ^ (subr(18) & ~subr(16));
  582     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
  583     SUBL(15) = subl(14) ^ tl;
  584     SUBR(15) = subr(14) ^ tr;
  585     SUBL(16) = subl(16);
  586     SUBR(16) = subr(16);
  587     SUBL(17) = subl(17);
  588     SUBR(17) = subr(17);
  589     tl = subl(15) ^ (subr(15) & ~subr(17));
  590     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
  591     SUBL(18) = tl ^ subl(19);
  592     SUBR(18) = tr ^ subr(19);
  593     SUBL(19) = subl(18) ^ subl(20);
  594     SUBR(19) = subr(18) ^ subr(20);
  595     SUBL(20) = subl(19) ^ subl(21);
  596     SUBR(20) = subr(19) ^ subr(21);
  597     SUBL(21) = subl(20) ^ subl(22);
  598     SUBR(21) = subr(20) ^ subr(22);
  599     SUBL(22) = subl(21) ^ subl(23);
  600     SUBR(22) = subr(21) ^ subr(23);
  601     SUBL(23) = subl(22);
  602     SUBR(23) = subr(22);
  603     SUBL(24) = subl(24) ^ subl(23);
  604     SUBR(24) = subr(24) ^ subr(23);
  605 
  606     /* apply the inverse of the last half of P-function */
  607     dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
  608     SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
  609     dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
  610     SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
  611     dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
  612     SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
  613     dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
  614     SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
  615     dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
  616     SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
  617     dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
  618     SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
  619     dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
  620     SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
  621     dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
  622     SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
  623     dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
  624     SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
  625     dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
  626     SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
  627     dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
  628     SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
  629     dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
  630     SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
  631     dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
  632     SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
  633     dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
  634     SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
  635     dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
  636     SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
  637     dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
  638     SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
  639     dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
  640     SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
  641     dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
  642     SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
  643 }
  644 
  645 void
  646 camellia_setup256(const unsigned char *key, uint32_t *subkey)
  647 {
  648     uint32_t kll,klr,krl,krr;           /* left half of key */
  649     uint32_t krll,krlr,krrl,krrr;       /* right half of key */
  650     uint32_t il, ir, t0, t1, w0, w1;    /* temporary variables */
  651     uint32_t kw4l, kw4r, dw, tl, tr;
  652     uint32_t subL[34];
  653     uint32_t subR[34];
  654 
  655     /*
  656      *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
  657      *  (|| is concatination)
  658      */
  659 
  660     kll  = GETU32(key     );
  661     klr  = GETU32(key +  4);
  662     krl  = GETU32(key +  8);
  663     krr  = GETU32(key + 12);
  664     krll = GETU32(key + 16);
  665     krlr = GETU32(key + 20);
  666     krrl = GETU32(key + 24);
  667     krrr = GETU32(key + 28);
  668 
  669     /* generate KL dependent subkeys */
  670     subl(0) = kll; subr(0) = klr;
  671     subl(1) = krl; subr(1) = krr;
  672     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
  673     subl(12) = kll; subr(12) = klr;
  674     subl(13) = krl; subr(13) = krr;
  675     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  676     subl(16) = kll; subr(16) = klr;
  677     subl(17) = krl; subr(17) = krr;
  678     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
  679     subl(22) = kll; subr(22) = klr;
  680     subl(23) = krl; subr(23) = krr;
  681     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
  682     subl(30) = kll; subr(30) = klr;
  683     subl(31) = krl; subr(31) = krr;
  684 
  685     /* generate KR dependent subkeys */
  686     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
  687     subl(4) = krll; subr(4) = krlr;
  688     subl(5) = krrl; subr(5) = krrr;
  689     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
  690     subl(8) = krll; subr(8) = krlr;
  691     subl(9) = krrl; subr(9) = krrr;
  692     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
  693     subl(18) = krll; subr(18) = krlr;
  694     subl(19) = krrl; subr(19) = krrr;
  695     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
  696     subl(26) = krll; subr(26) = krlr;
  697     subl(27) = krrl; subr(27) = krrr;
  698     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
  699 
  700     /* generate KA */
  701     kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
  702     krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
  703     CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
  704                w0, w1, il, ir, t0, t1);
  705     krl ^= w0; krr ^= w1;
  706     CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
  707                kll, klr, il, ir, t0, t1);
  708     kll ^= krll; klr ^= krlr;
  709     CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
  710                krl, krr, il, ir, t0, t1);
  711     krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
  712     CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
  713                w0, w1, il, ir, t0, t1);
  714     kll ^= w0; klr ^= w1;
  715 
  716     /* generate KB */
  717     krll ^= kll; krlr ^= klr;
  718     krrl ^= krl; krrr ^= krr;
  719     CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
  720                w0, w1, il, ir, t0, t1);
  721     krrl ^= w0; krrr ^= w1;
  722     CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
  723                w0, w1, il, ir, t0, t1);
  724     krll ^= w0; krlr ^= w1;
  725 
  726     /* generate KA dependent subkeys */
  727     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
  728     subl(6) = kll; subr(6) = klr;
  729     subl(7) = krl; subr(7) = krr;
  730     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
  731     subl(14) = kll; subr(14) = klr;
  732     subl(15) = krl; subr(15) = krr;
  733     subl(24) = klr; subr(24) = krl;
  734     subl(25) = krr; subr(25) = kll;
  735     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
  736     subl(28) = kll; subr(28) = klr;
  737     subl(29) = krl; subr(29) = krr;
  738 
  739     /* generate KB dependent subkeys */
  740     subl(2) = krll; subr(2) = krlr;
  741     subl(3) = krrl; subr(3) = krrr;
  742     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
  743     subl(10) = krll; subr(10) = krlr;
  744     subl(11) = krrl; subr(11) = krrr;
  745     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
  746     subl(20) = krll; subr(20) = krlr;
  747     subl(21) = krrl; subr(21) = krrr;
  748     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
  749     subl(32) = krll; subr(32) = krlr;
  750     subl(33) = krrl; subr(33) = krrr;
  751 
  752     /* absorb kw2 to other subkeys */
  753     subl(3) ^= subl(1); subr(3) ^= subr(1);
  754     subl(5) ^= subl(1); subr(5) ^= subr(1);
  755     subl(7) ^= subl(1); subr(7) ^= subr(1);
  756     subl(1) ^= subr(1) & ~subr(9);
  757     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
  758     subl(11) ^= subl(1); subr(11) ^= subr(1);
  759     subl(13) ^= subl(1); subr(13) ^= subr(1);
  760     subl(15) ^= subl(1); subr(15) ^= subr(1);
  761     subl(1) ^= subr(1) & ~subr(17);
  762     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
  763     subl(19) ^= subl(1); subr(19) ^= subr(1);
  764     subl(21) ^= subl(1); subr(21) ^= subr(1);
  765     subl(23) ^= subl(1); subr(23) ^= subr(1);
  766     subl(1) ^= subr(1) & ~subr(25);
  767     dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
  768     subl(27) ^= subl(1); subr(27) ^= subr(1);
  769     subl(29) ^= subl(1); subr(29) ^= subr(1);
  770     subl(31) ^= subl(1); subr(31) ^= subr(1);
  771     subl(32) ^= subl(1); subr(32) ^= subr(1);
  772 
  773 
  774     /* absorb kw4 to other subkeys */
  775     kw4l = subl(33); kw4r = subr(33);
  776     subl(30) ^= kw4l; subr(30) ^= kw4r;
  777     subl(28) ^= kw4l; subr(28) ^= kw4r;
  778     subl(26) ^= kw4l; subr(26) ^= kw4r;
  779     kw4l ^= kw4r & ~subr(24);
  780     dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
  781     subl(22) ^= kw4l; subr(22) ^= kw4r;
  782     subl(20) ^= kw4l; subr(20) ^= kw4r;
  783     subl(18) ^= kw4l; subr(18) ^= kw4r;
  784     kw4l ^= kw4r & ~subr(16);
  785     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
  786     subl(14) ^= kw4l; subr(14) ^= kw4r;
  787     subl(12) ^= kw4l; subr(12) ^= kw4r;
  788     subl(10) ^= kw4l; subr(10) ^= kw4r;
  789     kw4l ^= kw4r & ~subr(8);
  790     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
  791     subl(6) ^= kw4l; subr(6) ^= kw4r;
  792     subl(4) ^= kw4l; subr(4) ^= kw4r;
  793     subl(2) ^= kw4l; subr(2) ^= kw4r;
  794     subl(0) ^= kw4l; subr(0) ^= kw4r;
  795 
  796     /* key XOR is end of F-function */
  797     SUBL(0) = subl(0) ^ subl(2);
  798     SUBR(0) = subr(0) ^ subr(2);
  799     SUBL(2) = subl(3);
  800     SUBR(2) = subr(3);
  801     SUBL(3) = subl(2) ^ subl(4);
  802     SUBR(3) = subr(2) ^ subr(4);
  803     SUBL(4) = subl(3) ^ subl(5);
  804     SUBR(4) = subr(3) ^ subr(5);
  805     SUBL(5) = subl(4) ^ subl(6);
  806     SUBR(5) = subr(4) ^ subr(6);
  807     SUBL(6) = subl(5) ^ subl(7);
  808     SUBR(6) = subr(5) ^ subr(7);
  809     tl = subl(10) ^ (subr(10) & ~subr(8));
  810     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
  811     SUBL(7) = subl(6) ^ tl;
  812     SUBR(7) = subr(6) ^ tr;
  813     SUBL(8) = subl(8);
  814     SUBR(8) = subr(8);
  815     SUBL(9) = subl(9);
  816     SUBR(9) = subr(9);
  817     tl = subl(7) ^ (subr(7) & ~subr(9));
  818     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
  819     SUBL(10) = tl ^ subl(11);
  820     SUBR(10) = tr ^ subr(11);
  821     SUBL(11) = subl(10) ^ subl(12);
  822     SUBR(11) = subr(10) ^ subr(12);
  823     SUBL(12) = subl(11) ^ subl(13);
  824     SUBR(12) = subr(11) ^ subr(13);
  825     SUBL(13) = subl(12) ^ subl(14);
  826     SUBR(13) = subr(12) ^ subr(14);
  827     SUBL(14) = subl(13) ^ subl(15);
  828     SUBR(14) = subr(13) ^ subr(15);
  829     tl = subl(18) ^ (subr(18) & ~subr(16));
  830     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
  831     SUBL(15) = subl(14) ^ tl;
  832     SUBR(15) = subr(14) ^ tr;
  833     SUBL(16) = subl(16);
  834     SUBR(16) = subr(16);
  835     SUBL(17) = subl(17);
  836     SUBR(17) = subr(17);
  837     tl = subl(15) ^ (subr(15) & ~subr(17));
  838     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
  839     SUBL(18) = tl ^ subl(19);
  840     SUBR(18) = tr ^ subr(19);
  841     SUBL(19) = subl(18) ^ subl(20);
  842     SUBR(19) = subr(18) ^ subr(20);
  843     SUBL(20) = subl(19) ^ subl(21);
  844     SUBR(20) = subr(19) ^ subr(21);
  845     SUBL(21) = subl(20) ^ subl(22);
  846     SUBR(21) = subr(20) ^ subr(22);
  847     SUBL(22) = subl(21) ^ subl(23);
  848     SUBR(22) = subr(21) ^ subr(23);
  849     tl = subl(26) ^ (subr(26) & ~subr(24));
  850     dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
  851     SUBL(23) = subl(22) ^ tl;
  852     SUBR(23) = subr(22) ^ tr;
  853     SUBL(24) = subl(24);
  854     SUBR(24) = subr(24);
  855     SUBL(25) = subl(25);
  856     SUBR(25) = subr(25);
  857     tl = subl(23) ^ (subr(23) & ~subr(25));
  858     dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
  859     SUBL(26) = tl ^ subl(27);
  860     SUBR(26) = tr ^ subr(27);
  861     SUBL(27) = subl(26) ^ subl(28);
  862     SUBR(27) = subr(26) ^ subr(28);
  863     SUBL(28) = subl(27) ^ subl(29);
  864     SUBR(28) = subr(27) ^ subr(29);
  865     SUBL(29) = subl(28) ^ subl(30);
  866     SUBR(29) = subr(28) ^ subr(30);
  867     SUBL(30) = subl(29) ^ subl(31);
  868     SUBR(30) = subr(29) ^ subr(31);
  869     SUBL(31) = subl(30);
  870     SUBR(31) = subr(30);
  871     SUBL(32) = subl(32) ^ subl(31);
  872     SUBR(32) = subr(32) ^ subr(31);
  873 
  874     /* apply the inverse of the last half of P-function */
  875     dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
  876     SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
  877     dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
  878     SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
  879     dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
  880     SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
  881     dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
  882     SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
  883     dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
  884     SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
  885     dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
  886     SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
  887     dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
  888     SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
  889     dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
  890     SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
  891     dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
  892     SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
  893     dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
  894     SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
  895     dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
  896     SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
  897     dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
  898     SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
  899     dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
  900     SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
  901     dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
  902     SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
  903     dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
  904     SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
  905     dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
  906     SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
  907     dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
  908     SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
  909     dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
  910     SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
  911     dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw);
  912     SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw;
  913     dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw);
  914     SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw;
  915     dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw);
  916     SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw;
  917     dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw);
  918     SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw;
  919     dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw);
  920     SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw;
  921     dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw);
  922     SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw;
  923 }
  924 
  925 void
  926 camellia_setup192(const unsigned char *key, uint32_t *subkey)
  927 {
  928     unsigned char kk[32];
  929     uint32_t krll, krlr, krrl,krrr;
  930 
  931     memcpy(kk, key, 24);
  932     memcpy((unsigned char *)&krll, key+16,4);
  933     memcpy((unsigned char *)&krlr, key+20,4);
  934     krrl = ~krll;
  935     krrr = ~krlr;
  936     memcpy(kk+24, (unsigned char *)&krrl, 4);
  937     memcpy(kk+28, (unsigned char *)&krrr, 4);
  938     camellia_setup256(kk, subkey);
  939 }
  940 
  941 
  942 /**
  943  * Stuff related to camellia encryption/decryption
  944  */
  945 void
  946 camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
  947 {
  948     uint32_t il, ir, t0, t1;
  949 
  950     /* pre whitening but absorb kw2*/
  951     io[0] ^= SUBL(0);
  952     io[1] ^= SUBR(0);
  953     /* main iteration */
  954 
  955     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
  956                      io[2],io[3],il,ir,t0,t1);
  957     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
  958                      io[0],io[1],il,ir,t0,t1);
  959     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
  960                      io[2],io[3],il,ir,t0,t1);
  961     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
  962                      io[0],io[1],il,ir,t0,t1);
  963     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
  964                      io[2],io[3],il,ir,t0,t1);
  965     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
  966                      io[0],io[1],il,ir,t0,t1);
  967 
  968     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
  969                  t0,t1,il,ir);
  970 
  971     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
  972                      io[2],io[3],il,ir,t0,t1);
  973     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
  974                      io[0],io[1],il,ir,t0,t1);
  975     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
  976                      io[2],io[3],il,ir,t0,t1);
  977     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
  978                      io[0],io[1],il,ir,t0,t1);
  979     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
  980                      io[2],io[3],il,ir,t0,t1);
  981     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
  982                      io[0],io[1],il,ir,t0,t1);
  983 
  984     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17),
  985                  t0,t1,il,ir);
  986 
  987     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
  988                      io[2],io[3],il,ir,t0,t1);
  989     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
  990                      io[0],io[1],il,ir,t0,t1);
  991     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
  992                      io[2],io[3],il,ir,t0,t1);
  993     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
  994                      io[0],io[1],il,ir,t0,t1);
  995     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
  996                      io[2],io[3],il,ir,t0,t1);
  997     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
  998                      io[0],io[1],il,ir,t0,t1);
  999 
 1000     /* post whitening but kw4 */
 1001     io[2] ^= SUBL(24);
 1002     io[3] ^= SUBR(24);
 1003 
 1004     t0 = io[0];
 1005     t1 = io[1];
 1006     io[0] = io[2];
 1007     io[1] = io[3];
 1008     io[2] = t0;
 1009     io[3] = t1;
 1010 }
 1011 
 1012 void
 1013 camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
 1014 {
 1015     uint32_t il,ir,t0,t1;               /* temporary valiables */
 1016 
 1017     /* pre whitening but absorb kw2*/
 1018     io[0] ^= SUBL(24);
 1019     io[1] ^= SUBR(24);
 1020 
 1021     /* main iteration */
 1022     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23),
 1023                      io[2],io[3],il,ir,t0,t1);
 1024     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22),
 1025                      io[0],io[1],il,ir,t0,t1);
 1026     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21),
 1027                      io[2],io[3],il,ir,t0,t1);
 1028     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20),
 1029                      io[0],io[1],il,ir,t0,t1);
 1030     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19),
 1031                      io[2],io[3],il,ir,t0,t1);
 1032     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18),
 1033                      io[0],io[1],il,ir,t0,t1);
 1034 
 1035     CAMELLIA_FLS(io[0],io[1],io[2],io[3],SUBL(17),SUBR(17),SUBL(16),SUBR(16),
 1036                  t0,t1,il,ir);
 1037 
 1038     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15),
 1039                      io[2],io[3],il,ir,t0,t1);
 1040     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14),
 1041                      io[0],io[1],il,ir,t0,t1);
 1042     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13),
 1043                      io[2],io[3],il,ir,t0,t1);
 1044     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12),
 1045                      io[0],io[1],il,ir,t0,t1);
 1046     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11),
 1047                      io[2],io[3],il,ir,t0,t1);
 1048     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10),
 1049                      io[0],io[1],il,ir,t0,t1);
 1050 
 1051     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8),
 1052                  t0,t1,il,ir);
 1053 
 1054     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7),
 1055                      io[2],io[3],il,ir,t0,t1);
 1056     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6),
 1057                      io[0],io[1],il,ir,t0,t1);
 1058     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5),
 1059                      io[2],io[3],il,ir,t0,t1);
 1060     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4),
 1061                      io[0],io[1],il,ir,t0,t1);
 1062     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3),
 1063                      io[2],io[3],il,ir,t0,t1);
 1064     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2),
 1065                      io[0],io[1],il,ir,t0,t1);
 1066 
 1067     /* post whitening but kw4 */
 1068     io[2] ^= SUBL(0);
 1069     io[3] ^= SUBR(0);
 1070 
 1071     t0 = io[0];
 1072     t1 = io[1];
 1073     io[0] = io[2];
 1074     io[1] = io[3];
 1075     io[2] = t0;
 1076     io[3] = t1;
 1077 }
 1078 
 1079 /**
 1080  * stuff for 192 and 256bit encryption/decryption
 1081  */
 1082 void
 1083 camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
 1084 {
 1085     uint32_t il,ir,t0,t1;           /* temporary valiables */
 1086 
 1087     /* pre whitening but absorb kw2*/
 1088     io[0] ^= SUBL(0);
 1089     io[1] ^= SUBR(0);
 1090 
 1091     /* main iteration */
 1092     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
 1093                      io[2],io[3],il,ir,t0,t1);
 1094     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
 1095                      io[0],io[1],il,ir,t0,t1);
 1096     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
 1097                      io[2],io[3],il,ir,t0,t1);
 1098     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
 1099                      io[0],io[1],il,ir,t0,t1);
 1100     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
 1101                      io[2],io[3],il,ir,t0,t1);
 1102     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
 1103                      io[0],io[1],il,ir,t0,t1);
 1104 
 1105     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
 1106                  t0,t1,il,ir);
 1107 
 1108     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
 1109                      io[2],io[3],il,ir,t0,t1);
 1110     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
 1111                      io[0],io[1],il,ir,t0,t1);
 1112     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
 1113                      io[2],io[3],il,ir,t0,t1);
 1114     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
 1115                      io[0],io[1],il,ir,t0,t1);
 1116     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
 1117                      io[2],io[3],il,ir,t0,t1);
 1118     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
 1119                      io[0],io[1],il,ir,t0,t1);
 1120 
 1121     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16),SUBR(16), SUBL(17),SUBR(17),
 1122                  t0,t1,il,ir);
 1123 
 1124     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
 1125                      io[2],io[3],il,ir,t0,t1);
 1126     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
 1127                      io[0],io[1],il,ir,t0,t1);
 1128     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
 1129                      io[2],io[3],il,ir,t0,t1);
 1130     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
 1131                      io[0],io[1],il,ir,t0,t1);
 1132     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
 1133                      io[2],io[3],il,ir,t0,t1);
 1134     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
 1135                      io[0],io[1],il,ir,t0,t1);
 1136 
 1137     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(24),SUBR(24), SUBL(25),SUBR(25),
 1138                  t0,t1,il,ir);
 1139 
 1140     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(26),SUBR(26),
 1141                      io[2],io[3],il,ir,t0,t1);
 1142     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(27),SUBR(27),
 1143                      io[0],io[1],il,ir,t0,t1);
 1144     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(28),SUBR(28),
 1145                      io[2],io[3],il,ir,t0,t1);
 1146     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(29),SUBR(29),
 1147                      io[0],io[1],il,ir,t0,t1);
 1148     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(30),SUBR(30),
 1149                      io[2],io[3],il,ir,t0,t1);
 1150     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(31),SUBR(31),
 1151                      io[0],io[1],il,ir,t0,t1);
 1152 
 1153     /* post whitening but kw4 */
 1154     io[2] ^= SUBL(32);
 1155     io[3] ^= SUBR(32);
 1156 
 1157     t0 = io[0];
 1158     t1 = io[1];
 1159     io[0] = io[2];
 1160     io[1] = io[3];
 1161     io[2] = t0;
 1162     io[3] = t1;
 1163 }
 1164 
 1165 void
 1166 camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
 1167 {
 1168     uint32_t il,ir,t0,t1;           /* temporary valiables */
 1169 
 1170     /* pre whitening but absorb kw2*/
 1171     io[0] ^= SUBL(32);
 1172     io[1] ^= SUBR(32);
 1173 
 1174     /* main iteration */
 1175     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(31),SUBR(31),
 1176                      io[2],io[3],il,ir,t0,t1);
 1177     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(30),SUBR(30),
 1178                      io[0],io[1],il,ir,t0,t1);
 1179     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(29),SUBR(29),
 1180                      io[2],io[3],il,ir,t0,t1);
 1181     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(28),SUBR(28),
 1182                      io[0],io[1],il,ir,t0,t1);
 1183     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(27),SUBR(27),
 1184                      io[2],io[3],il,ir,t0,t1);
 1185     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(26),SUBR(26),
 1186                      io[0],io[1],il,ir,t0,t1);
 1187 
 1188     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(25),SUBR(25), SUBL(24),SUBR(24),
 1189                  t0,t1,il,ir);
 1190 
 1191     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(23),SUBR(23),
 1192                      io[2],io[3],il,ir,t0,t1);
 1193     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(22),SUBR(22),
 1194                      io[0],io[1],il,ir,t0,t1);
 1195     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(21),SUBR(21),
 1196                      io[2],io[3],il,ir,t0,t1);
 1197     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(20),SUBR(20),
 1198                      io[0],io[1],il,ir,t0,t1);
 1199     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(19),SUBR(19),
 1200                      io[2],io[3],il,ir,t0,t1);
 1201     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(18),SUBR(18),
 1202                      io[0],io[1],il,ir,t0,t1);
 1203 
 1204     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(17),SUBR(17), SUBL(16),SUBR(16),
 1205                  t0,t1,il,ir);
 1206 
 1207     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(15),SUBR(15),
 1208                      io[2],io[3],il,ir,t0,t1);
 1209     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(14),SUBR(14),
 1210                      io[0],io[1],il,ir,t0,t1);
 1211     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(13),SUBR(13),
 1212                      io[2],io[3],il,ir,t0,t1);
 1213     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(12),SUBR(12),
 1214                      io[0],io[1],il,ir,t0,t1);
 1215     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(11),SUBR(11),
 1216                      io[2],io[3],il,ir,t0,t1);
 1217     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(10),SUBR(10),
 1218                      io[0],io[1],il,ir,t0,t1);
 1219 
 1220     CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(9),SUBR(9), SUBL(8),SUBR(8),
 1221                  t0,t1,il,ir);
 1222 
 1223     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(7),SUBR(7),
 1224                      io[2],io[3],il,ir,t0,t1);
 1225     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(6),SUBR(6),
 1226                      io[0],io[1],il,ir,t0,t1);
 1227     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(5),SUBR(5),
 1228                      io[2],io[3],il,ir,t0,t1);
 1229     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(4),SUBR(4),
 1230                      io[0],io[1],il,ir,t0,t1);
 1231     CAMELLIA_ROUNDSM(io[0],io[1], SUBL(3),SUBR(3),
 1232                      io[2],io[3],il,ir,t0,t1);
 1233     CAMELLIA_ROUNDSM(io[2],io[3], SUBL(2),SUBR(2),
 1234                      io[0],io[1],il,ir,t0,t1);
 1235 
 1236     /* post whitening but kw4 */
 1237     io[2] ^= SUBL(0);
 1238     io[3] ^= SUBR(0);
 1239 
 1240     t0 = io[0];
 1241     t1 = io[1];
 1242     io[0] = io[2];
 1243     io[1] = io[3];
 1244     io[2] = t0;
 1245     io[3] = t1;
 1246 }
 1247 
 1248 void
 1249 Camellia_Ekeygen(const int keyBitLength,
 1250                  const unsigned char *rawKey,
 1251                  uint32_t *subkey)
 1252 {
 1253     KASSERT(keyBitLength == 128 || keyBitLength == 192 || keyBitLength == 256,
 1254             ("Invalid key size (%d).", keyBitLength));
 1255 
 1256     switch(keyBitLength) {
 1257     case 128:
 1258         camellia_setup128(rawKey, subkey);
 1259         break;
 1260     case 192:
 1261         camellia_setup192(rawKey, subkey);
 1262         break;
 1263     case 256:
 1264         camellia_setup256(rawKey, subkey);
 1265         break;
 1266     default:
 1267         break;
 1268     }
 1269 }
 1270 void
 1271 Camellia_EncryptBlock(const int keyBitLength,
 1272                       const unsigned char *plaintext,
 1273                       const uint32_t *subkey,
 1274                       unsigned char *ciphertext)
 1275 {
 1276     uint32_t tmp[4];
 1277 
 1278     tmp[0] = GETU32(plaintext);
 1279     tmp[1] = GETU32(plaintext + 4);
 1280     tmp[2] = GETU32(plaintext + 8);
 1281     tmp[3] = GETU32(plaintext + 12);
 1282 
 1283     switch (keyBitLength) {
 1284     case 128:
 1285         camellia_encrypt128(subkey, tmp);
 1286         break;
 1287     case 192:
 1288         /* fall through */
 1289     case 256:
 1290         camellia_encrypt256(subkey, tmp);
 1291         break;
 1292     default:
 1293         break;
 1294     }
 1295 
 1296     PUTU32(ciphertext,    tmp[0]);
 1297     PUTU32(ciphertext+4,  tmp[1]);
 1298     PUTU32(ciphertext+8,  tmp[2]);
 1299     PUTU32(ciphertext+12, tmp[3]);
 1300 }
 1301 
 1302 void
 1303 Camellia_DecryptBlock(const int keyBitLength,
 1304                       const unsigned char *ciphertext,
 1305                       const uint32_t *subkey,
 1306                       unsigned char *plaintext)
 1307 {
 1308     uint32_t tmp[4];
 1309 
 1310     tmp[0] = GETU32(ciphertext);
 1311     tmp[1] = GETU32(ciphertext + 4);
 1312     tmp[2] = GETU32(ciphertext + 8);
 1313     tmp[3] = GETU32(ciphertext + 12);
 1314 
 1315     switch (keyBitLength) {
 1316     case 128:
 1317         camellia_decrypt128(subkey, tmp);
 1318         break;
 1319     case 192:
 1320         /* fall through */
 1321     case 256:
 1322         camellia_decrypt256(subkey, tmp);
 1323         break;
 1324     default:
 1325         break;
 1326     }
 1327 
 1328     PUTU32(plaintext,    tmp[0]);
 1329     PUTU32(plaintext+4,  tmp[1]);
 1330     PUTU32(plaintext+8,  tmp[2]);
 1331     PUTU32(plaintext+12, tmp[3]);
 1332 }

Cache object: 486910cdcc06424863f6a6e8dec8aec4


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.