1 /* camellia.c ver 1.2.0
3 * Copyright (c) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer as
11 * the first lines of this file unmodified.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 * Copyright (C) 2006-2014 wolfSSL Inc.
32 * This file is part of CyaSSL.
34 * CyaSSL is free software; you can redistribute it and/or modify
35 * it under the terms of the GNU General Public License as published by
36 * the Free Software Foundation; either version 2 of the License, or
37 * (at your option) any later version.
39 * CyaSSL is distributed in the hope that it will be useful,
40 * but WITHOUT ANY WARRANTY; without even the implied warranty of
41 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
42 * GNU General Public License for more details.
44 * You should have received a copy of the GNU General Public License
45 * along with this program; if not, write to the Free Software
46 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
50 * Algorithm Specification
51 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
59 #include <cyassl/ctaocrypt/settings.h>
63 #include <cyassl/ctaocrypt/camellia.h>
64 #include <cyassl/ctaocrypt/error-crypt.h>
65 #include <cyassl/ctaocrypt/logging.h>
67 #include <cyassl/ctaocrypt/misc.h>
69 #include <ctaocrypt/src/misc.c>
73 /* u32 must be 32bit word */
74 typedef unsigned int u32;
75 typedef unsigned char u8;
79 #define CAMELLIA_SIGMA1L ((u32)0xA09E667FL)
80 #define CAMELLIA_SIGMA1R ((u32)0x3BCC908BL)
81 #define CAMELLIA_SIGMA2L ((u32)0xB67AE858L)
82 #define CAMELLIA_SIGMA2R ((u32)0x4CAA73B2L)
83 #define CAMELLIA_SIGMA3L ((u32)0xC6EF372FL)
84 #define CAMELLIA_SIGMA3R ((u32)0xE94F82BEL)
85 #define CAMELLIA_SIGMA4L ((u32)0x54FF53A5L)
86 #define CAMELLIA_SIGMA4R ((u32)0xF1D36F1CL)
87 #define CAMELLIA_SIGMA5L ((u32)0x10E527FAL)
88 #define CAMELLIA_SIGMA5R ((u32)0xDE682D1DL)
89 #define CAMELLIA_SIGMA6L ((u32)0xB05688C2L)
90 #define CAMELLIA_SIGMA6R ((u32)0xB3E6C1FDL)
99 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
100 # define GETU32(p) SWAP(*((u32 *)(p)))
101 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
103 #else /* not MS-VC */
105 # define GETU32(pt) \
106 (((u32)(pt)[0] << 24) \
107 ^ ((u32)(pt)[1] << 16) \
108 ^ ((u32)(pt)[2] << 8) \
111 # define PUTU32(ct, st) { \
112 (ct)[0] = (u8)((st) >> 24); \
113 (ct)[1] = (u8)((st) >> 16); \
114 (ct)[2] = (u8)((st) >> 8); \
115 (ct)[3] = (u8)(st); }
119 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
120 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
122 /* rotation right shift 1byte */
123 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
124 /* rotation left shift 1bit */
125 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
126 /* rotation left shift 1byte */
127 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
129 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
132 ll = (ll << bits) + (lr >> (32 - bits)); \
133 lr = (lr << bits) + (rl >> (32 - bits)); \
134 rl = (rl << bits) + (rr >> (32 - bits)); \
135 rr = (rr << bits) + (w0 >> (32 - bits)); \
138 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
142 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
143 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
144 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
145 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
148 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
149 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
150 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
151 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
153 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
159 yl = CAMELLIA_SP1110(ir & 0xff) \
160 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
161 ^ CAMELLIA_SP3033(t1 & 0xff) \
162 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
163 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
164 ^ CAMELLIA_SP0222(t0 & 0xff) \
165 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
166 ^ CAMELLIA_SP4404(il & 0xff); \
168 yr = CAMELLIA_RR8(yr); \
177 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
181 lr ^= CAMELLIA_RL1(t0); \
191 rr ^= CAMELLIA_RL1(t3); \
194 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
196 ir = CAMELLIA_SP1110(xr & 0xff) \
197 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
198 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
199 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
200 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
201 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
202 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
203 ^ CAMELLIA_SP4404(xl & 0xff); \
207 il = CAMELLIA_RR8(il); \
214 static const u32 camellia_sp1110[256] = {
215 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
216 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
217 0xe4e4e400,0x85858500,0x57575700,0x35353500,
218 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
219 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
220 0x45454500,0x19191900,0xa5a5a500,0x21212100,
221 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
222 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
223 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
224 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
225 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
226 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
227 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
228 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
229 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
230 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
231 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
232 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
233 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
234 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
235 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
236 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
237 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
238 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
239 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
240 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
241 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
242 0x53535300,0x18181800,0xf2f2f200,0x22222200,
243 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
244 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
245 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
246 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
247 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
248 0xa1a1a100,0x89898900,0x62626200,0x97979700,
249 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
250 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
251 0x10101000,0xc4c4c400,0x00000000,0x48484800,
252 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
253 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
254 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
255 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
256 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
257 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
258 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
259 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
260 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
261 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
262 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
263 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
264 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
265 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
266 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
267 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
268 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
269 0xd4d4d400,0x25252500,0xababab00,0x42424200,
270 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
271 0x72727200,0x07070700,0xb9b9b900,0x55555500,
272 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
273 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
274 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
275 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
276 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
277 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
278 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
281 static const u32 camellia_sp0222[256] = {
282 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
283 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
284 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
285 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
286 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
287 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
288 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
289 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
290 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
291 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
292 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
293 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
294 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
295 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
296 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
297 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
298 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
299 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
300 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
301 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
302 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
303 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
304 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
305 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
306 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
307 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
308 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
309 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
310 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
311 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
312 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
313 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
314 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
315 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
316 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
317 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
318 0x00202020,0x00898989,0x00000000,0x00909090,
319 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
320 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
321 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
322 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
323 0x009b9b9b,0x00949494,0x00212121,0x00666666,
324 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
325 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
326 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
327 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
328 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
329 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
330 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
331 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
332 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
333 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
334 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
335 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
336 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
337 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
338 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
339 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
340 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
341 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
342 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
343 0x00777777,0x00939393,0x00868686,0x00838383,
344 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
345 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
348 static const u32 camellia_sp3033[256] = {
349 0x38003838,0x41004141,0x16001616,0x76007676,
350 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
351 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
352 0x75007575,0x06000606,0x57005757,0xa000a0a0,
353 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
354 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
355 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
356 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
357 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
358 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
359 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
360 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
361 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
362 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
363 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
364 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
365 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
366 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
367 0x3a003a3a,0x09000909,0x95009595,0x10001010,
368 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
369 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
370 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
371 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
372 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
373 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
374 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
375 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
376 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
377 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
378 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
379 0x12001212,0x04000404,0x74007474,0x54005454,
380 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
381 0x55005555,0x68006868,0x50005050,0xbe00bebe,
382 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
383 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
384 0x70007070,0xff00ffff,0x32003232,0x69006969,
385 0x08000808,0x62006262,0x00000000,0x24002424,
386 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
387 0x45004545,0x81008181,0x73007373,0x6d006d6d,
388 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
389 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
390 0xe600e6e6,0x25002525,0x48004848,0x99009999,
391 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
392 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
393 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
394 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
395 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
396 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
397 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
398 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
399 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
400 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
401 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
402 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
403 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
404 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
405 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
406 0x7c007c7c,0x77007777,0x56005656,0x05000505,
407 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
408 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
409 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
410 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
411 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
412 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
415 static const u32 camellia_sp4404[256] = {
416 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
417 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
418 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
419 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
420 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
421 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
422 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
423 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
424 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
425 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
426 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
427 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
428 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
429 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
430 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
431 0x24240024,0xe8e800e8,0x60600060,0x69690069,
432 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
433 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
434 0x10100010,0x00000000,0xa3a300a3,0x75750075,
435 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
436 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
437 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
438 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
439 0x81810081,0x6f6f006f,0x13130013,0x63630063,
440 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
441 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
442 0x78780078,0x06060006,0xe7e700e7,0x71710071,
443 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
444 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
445 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
446 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
447 0x15150015,0xadad00ad,0x77770077,0x80800080,
448 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
449 0x85850085,0x35350035,0x0c0c000c,0x41410041,
450 0xefef00ef,0x93930093,0x19190019,0x21210021,
451 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
452 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
453 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
454 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
455 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
456 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
457 0x12120012,0x20200020,0xb1b100b1,0x99990099,
458 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
459 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
460 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
461 0x0f0f000f,0x16160016,0x18180018,0x22220022,
462 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
463 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
464 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
465 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
466 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
467 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
468 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
469 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
470 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
471 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
472 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
473 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
474 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
475 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
476 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
477 0x49490049,0x68680068,0x38380038,0xa4a400a4,
478 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
479 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
484 * Stuff related to the Camellia key schedule
486 #define subl(x) subL[(x)]
487 #define subr(x) subR[(x)]
489 static int camellia_setup128(const unsigned char *key, u32 *subkey)
491 u32 kll, klr, krl, krr;
492 u32 il, ir, t0, t1, w0, w1;
493 u32 kw4l, kw4r, dw, tl, tr;
495 #ifdef CYASSL_SMALL_STACK
499 subL = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
503 subR = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
505 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
514 * k == kll || klr || krl || krr (|| is concatination)
517 klr = GETU32(key + 4);
518 krl = GETU32(key + 8);
519 krr = GETU32(key + 12);
521 * generate KL dependent subkeys
523 subl(0) = kll; subr(0) = klr;
524 subl(1) = krl; subr(1) = krr;
525 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
526 subl(4) = kll; subr(4) = klr;
527 subl(5) = krl; subr(5) = krr;
528 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
529 subl(10) = kll; subr(10) = klr;
530 subl(11) = krl; subr(11) = krr;
531 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
532 subl(13) = krl; subr(13) = krr;
533 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
534 subl(16) = kll; subr(16) = klr;
535 subl(17) = krl; subr(17) = krr;
536 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
537 subl(18) = kll; subr(18) = klr;
538 subl(19) = krl; subr(19) = krr;
539 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
540 subl(22) = kll; subr(22) = klr;
541 subl(23) = krl; subr(23) = krr;
544 kll = subl(0); klr = subr(0);
545 krl = subl(1); krr = subr(1);
547 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
548 w0, w1, il, ir, t0, t1);
549 krl ^= w0; krr ^= w1;
551 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
552 kll, klr, il, ir, t0, t1);
554 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
555 krl, krr, il, ir, t0, t1);
556 krl ^= w0; krr ^= w1;
558 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
559 w0, w1, il, ir, t0, t1);
560 kll ^= w0; klr ^= w1;
562 /* generate KA dependent subkeys */
563 subl(2) = kll; subr(2) = klr;
564 subl(3) = krl; subr(3) = krr;
565 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
566 subl(6) = kll; subr(6) = klr;
567 subl(7) = krl; subr(7) = krr;
568 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569 subl(8) = kll; subr(8) = klr;
570 subl(9) = krl; subr(9) = krr;
571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572 subl(12) = kll; subr(12) = klr;
573 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
574 subl(14) = kll; subr(14) = klr;
575 subl(15) = krl; subr(15) = krr;
576 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
577 subl(20) = kll; subr(20) = klr;
578 subl(21) = krl; subr(21) = krr;
579 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580 subl(24) = kll; subr(24) = klr;
581 subl(25) = krl; subr(25) = krr;
584 /* absorb kw2 to other subkeys */
585 subl(3) ^= subl(1); subr(3) ^= subr(1);
586 subl(5) ^= subl(1); subr(5) ^= subr(1);
587 subl(7) ^= subl(1); subr(7) ^= subr(1);
588 subl(1) ^= subr(1) & ~subr(9);
589 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
590 subl(11) ^= subl(1); subr(11) ^= subr(1);
591 subl(13) ^= subl(1); subr(13) ^= subr(1);
592 subl(15) ^= subl(1); subr(15) ^= subr(1);
593 subl(1) ^= subr(1) & ~subr(17);
594 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
595 subl(19) ^= subl(1); subr(19) ^= subr(1);
596 subl(21) ^= subl(1); subr(21) ^= subr(1);
597 subl(23) ^= subl(1); subr(23) ^= subr(1);
598 subl(24) ^= subl(1); subr(24) ^= subr(1);
600 /* absorb kw4 to other subkeys */
601 kw4l = subl(25); kw4r = subr(25);
602 subl(22) ^= kw4l; subr(22) ^= kw4r;
603 subl(20) ^= kw4l; subr(20) ^= kw4r;
604 subl(18) ^= kw4l; subr(18) ^= kw4r;
605 kw4l ^= kw4r & ~subr(16);
606 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
607 subl(14) ^= kw4l; subr(14) ^= kw4r;
608 subl(12) ^= kw4l; subr(12) ^= kw4r;
609 subl(10) ^= kw4l; subr(10) ^= kw4r;
610 kw4l ^= kw4r & ~subr(8);
611 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
612 subl(6) ^= kw4l; subr(6) ^= kw4r;
613 subl(4) ^= kw4l; subr(4) ^= kw4r;
614 subl(2) ^= kw4l; subr(2) ^= kw4r;
615 subl(0) ^= kw4l; subr(0) ^= kw4r;
617 /* key XOR is end of F-function */
618 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
619 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
620 CamelliaSubkeyL(2) = subl(3);
621 CamelliaSubkeyR(2) = subr(3);
622 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
623 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
624 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
625 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
626 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
627 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
628 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
629 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
630 tl = subl(10) ^ (subr(10) & ~subr(8));
631 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
632 CamelliaSubkeyL(7) = subl(6) ^ tl;
633 CamelliaSubkeyR(7) = subr(6) ^ tr;
634 CamelliaSubkeyL(8) = subl(8);
635 CamelliaSubkeyR(8) = subr(8);
636 CamelliaSubkeyL(9) = subl(9);
637 CamelliaSubkeyR(9) = subr(9);
638 tl = subl(7) ^ (subr(7) & ~subr(9));
639 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
640 CamelliaSubkeyL(10) = tl ^ subl(11);
641 CamelliaSubkeyR(10) = tr ^ subr(11);
642 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
643 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
644 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
645 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
646 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
647 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
648 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
649 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
650 tl = subl(18) ^ (subr(18) & ~subr(16));
651 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
652 CamelliaSubkeyL(15) = subl(14) ^ tl;
653 CamelliaSubkeyR(15) = subr(14) ^ tr;
654 CamelliaSubkeyL(16) = subl(16);
655 CamelliaSubkeyR(16) = subr(16);
656 CamelliaSubkeyL(17) = subl(17);
657 CamelliaSubkeyR(17) = subr(17);
658 tl = subl(15) ^ (subr(15) & ~subr(17));
659 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
660 CamelliaSubkeyL(18) = tl ^ subl(19);
661 CamelliaSubkeyR(18) = tr ^ subr(19);
662 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
663 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
664 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
665 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
666 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
667 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
668 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
669 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
670 CamelliaSubkeyL(23) = subl(22);
671 CamelliaSubkeyR(23) = subr(22);
672 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
673 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
675 /* apply the inverse of the last half of P-function */
676 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
677 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
678 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
679 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
680 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
681 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
682 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
683 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
684 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
685 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
686 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
687 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
688 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
689 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
690 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
691 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
692 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
693 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
694 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
695 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
696 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
697 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
698 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
699 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
700 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
701 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
702 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
703 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
704 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
705 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
706 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
707 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
708 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
709 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
710 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
711 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
713 #ifdef CYASSL_SMALL_STACK
714 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
715 XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
721 static int camellia_setup256(const unsigned char *key, u32 *subkey)
723 u32 kll,klr,krl,krr; /* left half of key */
724 u32 krll,krlr,krrl,krrr; /* right half of key */
725 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
726 u32 kw4l, kw4r, dw, tl, tr;
728 #ifdef CYASSL_SMALL_STACK
732 subL = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
736 subR = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
738 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
747 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
748 * (|| is concatination)
752 klr = GETU32(key + 4);
753 krl = GETU32(key + 8);
754 krr = GETU32(key + 12);
755 krll = GETU32(key + 16);
756 krlr = GETU32(key + 20);
757 krrl = GETU32(key + 24);
758 krrr = GETU32(key + 28);
760 /* generate KL dependent subkeys */
761 subl(0) = kll; subr(0) = klr;
762 subl(1) = krl; subr(1) = krr;
763 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
764 subl(12) = kll; subr(12) = klr;
765 subl(13) = krl; subr(13) = krr;
766 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
767 subl(16) = kll; subr(16) = klr;
768 subl(17) = krl; subr(17) = krr;
769 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
770 subl(22) = kll; subr(22) = klr;
771 subl(23) = krl; subr(23) = krr;
772 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
773 subl(30) = kll; subr(30) = klr;
774 subl(31) = krl; subr(31) = krr;
776 /* generate KR dependent subkeys */
777 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
778 subl(4) = krll; subr(4) = krlr;
779 subl(5) = krrl; subr(5) = krrr;
780 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
781 subl(8) = krll; subr(8) = krlr;
782 subl(9) = krrl; subr(9) = krrr;
783 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
784 subl(18) = krll; subr(18) = krlr;
785 subl(19) = krrl; subr(19) = krrr;
786 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
787 subl(26) = krll; subr(26) = krlr;
788 subl(27) = krrl; subr(27) = krrr;
789 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
792 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
793 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
795 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
796 w0, w1, il, ir, t0, t1);
797 krl ^= w0; krr ^= w1;
799 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
800 kll, klr, il, ir, t0, t1);
801 kll ^= krll; klr ^= krlr;
803 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
804 krl, krr, il, ir, t0, t1);
805 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
807 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
808 w0, w1, il, ir, t0, t1);
809 kll ^= w0; klr ^= w1;
812 krll ^= kll; krlr ^= klr;
813 krrl ^= krl; krrr ^= krr;
814 CAMELLIA_F(krll, krlr,
815 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
816 w0, w1, il, ir, t0, t1);
817 krrl ^= w0; krrr ^= w1;
818 CAMELLIA_F(krrl, krrr,
819 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
820 w0, w1, il, ir, t0, t1);
821 krll ^= w0; krlr ^= w1;
823 /* generate KA dependent subkeys */
824 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
825 subl(6) = kll; subr(6) = klr;
826 subl(7) = krl; subr(7) = krr;
827 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
828 subl(14) = kll; subr(14) = klr;
829 subl(15) = krl; subr(15) = krr;
830 subl(24) = klr; subr(24) = krl;
831 subl(25) = krr; subr(25) = kll;
832 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
833 subl(28) = kll; subr(28) = klr;
834 subl(29) = krl; subr(29) = krr;
836 /* generate KB dependent subkeys */
837 subl(2) = krll; subr(2) = krlr;
838 subl(3) = krrl; subr(3) = krrr;
839 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
840 subl(10) = krll; subr(10) = krlr;
841 subl(11) = krrl; subr(11) = krrr;
842 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
843 subl(20) = krll; subr(20) = krlr;
844 subl(21) = krrl; subr(21) = krrr;
845 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
846 subl(32) = krll; subr(32) = krlr;
847 subl(33) = krrl; subr(33) = krrr;
849 /* absorb kw2 to other subkeys */
850 subl(3) ^= subl(1); subr(3) ^= subr(1);
851 subl(5) ^= subl(1); subr(5) ^= subr(1);
852 subl(7) ^= subl(1); subr(7) ^= subr(1);
853 subl(1) ^= subr(1) & ~subr(9);
854 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
855 subl(11) ^= subl(1); subr(11) ^= subr(1);
856 subl(13) ^= subl(1); subr(13) ^= subr(1);
857 subl(15) ^= subl(1); subr(15) ^= subr(1);
858 subl(1) ^= subr(1) & ~subr(17);
859 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
860 subl(19) ^= subl(1); subr(19) ^= subr(1);
861 subl(21) ^= subl(1); subr(21) ^= subr(1);
862 subl(23) ^= subl(1); subr(23) ^= subr(1);
863 subl(1) ^= subr(1) & ~subr(25);
864 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
865 subl(27) ^= subl(1); subr(27) ^= subr(1);
866 subl(29) ^= subl(1); subr(29) ^= subr(1);
867 subl(31) ^= subl(1); subr(31) ^= subr(1);
868 subl(32) ^= subl(1); subr(32) ^= subr(1);
870 /* absorb kw4 to other subkeys */
871 kw4l = subl(33); kw4r = subr(33);
872 subl(30) ^= kw4l; subr(30) ^= kw4r;
873 subl(28) ^= kw4l; subr(28) ^= kw4r;
874 subl(26) ^= kw4l; subr(26) ^= kw4r;
875 kw4l ^= kw4r & ~subr(24);
876 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
877 subl(22) ^= kw4l; subr(22) ^= kw4r;
878 subl(20) ^= kw4l; subr(20) ^= kw4r;
879 subl(18) ^= kw4l; subr(18) ^= kw4r;
880 kw4l ^= kw4r & ~subr(16);
881 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
882 subl(14) ^= kw4l; subr(14) ^= kw4r;
883 subl(12) ^= kw4l; subr(12) ^= kw4r;
884 subl(10) ^= kw4l; subr(10) ^= kw4r;
885 kw4l ^= kw4r & ~subr(8);
886 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
887 subl(6) ^= kw4l; subr(6) ^= kw4r;
888 subl(4) ^= kw4l; subr(4) ^= kw4r;
889 subl(2) ^= kw4l; subr(2) ^= kw4r;
890 subl(0) ^= kw4l; subr(0) ^= kw4r;
892 /* key XOR is end of F-function */
893 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
894 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
895 CamelliaSubkeyL(2) = subl(3);
896 CamelliaSubkeyR(2) = subr(3);
897 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
898 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
899 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
900 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
901 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
902 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
903 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
904 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
905 tl = subl(10) ^ (subr(10) & ~subr(8));
906 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
907 CamelliaSubkeyL(7) = subl(6) ^ tl;
908 CamelliaSubkeyR(7) = subr(6) ^ tr;
909 CamelliaSubkeyL(8) = subl(8);
910 CamelliaSubkeyR(8) = subr(8);
911 CamelliaSubkeyL(9) = subl(9);
912 CamelliaSubkeyR(9) = subr(9);
913 tl = subl(7) ^ (subr(7) & ~subr(9));
914 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
915 CamelliaSubkeyL(10) = tl ^ subl(11);
916 CamelliaSubkeyR(10) = tr ^ subr(11);
917 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
918 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
919 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
920 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
921 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
922 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
923 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
924 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
925 tl = subl(18) ^ (subr(18) & ~subr(16));
926 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
927 CamelliaSubkeyL(15) = subl(14) ^ tl;
928 CamelliaSubkeyR(15) = subr(14) ^ tr;
929 CamelliaSubkeyL(16) = subl(16);
930 CamelliaSubkeyR(16) = subr(16);
931 CamelliaSubkeyL(17) = subl(17);
932 CamelliaSubkeyR(17) = subr(17);
933 tl = subl(15) ^ (subr(15) & ~subr(17));
934 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
935 CamelliaSubkeyL(18) = tl ^ subl(19);
936 CamelliaSubkeyR(18) = tr ^ subr(19);
937 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
938 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
939 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
940 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
941 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
942 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
943 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
944 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
945 tl = subl(26) ^ (subr(26) & ~subr(24));
946 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
947 CamelliaSubkeyL(23) = subl(22) ^ tl;
948 CamelliaSubkeyR(23) = subr(22) ^ tr;
949 CamelliaSubkeyL(24) = subl(24);
950 CamelliaSubkeyR(24) = subr(24);
951 CamelliaSubkeyL(25) = subl(25);
952 CamelliaSubkeyR(25) = subr(25);
953 tl = subl(23) ^ (subr(23) & ~subr(25));
954 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
955 CamelliaSubkeyL(26) = tl ^ subl(27);
956 CamelliaSubkeyR(26) = tr ^ subr(27);
957 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
958 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
959 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
960 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
961 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
962 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
963 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
964 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
965 CamelliaSubkeyL(31) = subl(30);
966 CamelliaSubkeyR(31) = subr(30);
967 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
968 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
970 /* apply the inverse of the last half of P-function */
971 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
972 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
973 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
974 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
975 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
976 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
977 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
978 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
979 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
980 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
981 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
982 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
983 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
984 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
985 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
986 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
987 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
988 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
989 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
990 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
991 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
992 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
993 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
994 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
995 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
996 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
997 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
998 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
999 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
1000 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
1001 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
1002 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
1003 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
1004 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
1005 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
1006 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
1007 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
1008 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
1009 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
1010 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
1011 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
1012 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
1013 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
1014 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
1015 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
1016 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
1017 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
1018 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
1020 #ifdef CYASSL_SMALL_STACK
1021 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1022 XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1028 static int camellia_setup192(const unsigned char *key, u32 *subkey)
1030 unsigned char kk[32];
1031 u32 krll, krlr, krrl,krrr;
1033 memcpy(kk, key, 24);
1034 memcpy((unsigned char *)&krll, key+16,4);
1035 memcpy((unsigned char *)&krlr, key+20,4);
1038 memcpy(kk+24, (unsigned char *)&krrl, 4);
1039 memcpy(kk+28, (unsigned char *)&krrr, 4);
1041 return camellia_setup256(kk, subkey);
1046 * Stuff related to camellia encryption/decryption
1048 * "io" must be 4byte aligned and big-endian data.
1050 static void camellia_encrypt128(const u32 *subkey, u32 *io)
1054 /* pre whitening but absorb kw2*/
1055 io[0] ^= CamelliaSubkeyL(0);
1056 io[1] ^= CamelliaSubkeyR(0);
1057 /* main iteration */
1059 CAMELLIA_ROUNDSM(io[0],io[1],
1060 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1061 io[2],io[3],il,ir,t0,t1);
1062 CAMELLIA_ROUNDSM(io[2],io[3],
1063 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1064 io[0],io[1],il,ir,t0,t1);
1065 CAMELLIA_ROUNDSM(io[0],io[1],
1066 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1067 io[2],io[3],il,ir,t0,t1);
1068 CAMELLIA_ROUNDSM(io[2],io[3],
1069 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1070 io[0],io[1],il,ir,t0,t1);
1071 CAMELLIA_ROUNDSM(io[0],io[1],
1072 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1073 io[2],io[3],il,ir,t0,t1);
1074 CAMELLIA_ROUNDSM(io[2],io[3],
1075 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1076 io[0],io[1],il,ir,t0,t1);
1078 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1079 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1080 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1083 CAMELLIA_ROUNDSM(io[0],io[1],
1084 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1085 io[2],io[3],il,ir,t0,t1);
1086 CAMELLIA_ROUNDSM(io[2],io[3],
1087 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1088 io[0],io[1],il,ir,t0,t1);
1089 CAMELLIA_ROUNDSM(io[0],io[1],
1090 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1091 io[2],io[3],il,ir,t0,t1);
1092 CAMELLIA_ROUNDSM(io[2],io[3],
1093 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1094 io[0],io[1],il,ir,t0,t1);
1095 CAMELLIA_ROUNDSM(io[0],io[1],
1096 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1097 io[2],io[3],il,ir,t0,t1);
1098 CAMELLIA_ROUNDSM(io[2],io[3],
1099 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1100 io[0],io[1],il,ir,t0,t1);
1102 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1103 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1104 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1107 CAMELLIA_ROUNDSM(io[0],io[1],
1108 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1109 io[2],io[3],il,ir,t0,t1);
1110 CAMELLIA_ROUNDSM(io[2],io[3],
1111 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1112 io[0],io[1],il,ir,t0,t1);
1113 CAMELLIA_ROUNDSM(io[0],io[1],
1114 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1115 io[2],io[3],il,ir,t0,t1);
1116 CAMELLIA_ROUNDSM(io[2],io[3],
1117 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1118 io[0],io[1],il,ir,t0,t1);
1119 CAMELLIA_ROUNDSM(io[0],io[1],
1120 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1121 io[2],io[3],il,ir,t0,t1);
1122 CAMELLIA_ROUNDSM(io[2],io[3],
1123 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1124 io[0],io[1],il,ir,t0,t1);
1126 /* post whitening but kw4 */
1127 io[2] ^= CamelliaSubkeyL(24);
1128 io[3] ^= CamelliaSubkeyR(24);
1140 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1142 u32 il,ir,t0,t1; /* temporary valiables */
1144 /* pre whitening but absorb kw2*/
1145 io[0] ^= CamelliaSubkeyL(24);
1146 io[1] ^= CamelliaSubkeyR(24);
1148 /* main iteration */
1149 CAMELLIA_ROUNDSM(io[0],io[1],
1150 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1151 io[2],io[3],il,ir,t0,t1);
1152 CAMELLIA_ROUNDSM(io[2],io[3],
1153 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1154 io[0],io[1],il,ir,t0,t1);
1155 CAMELLIA_ROUNDSM(io[0],io[1],
1156 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1157 io[2],io[3],il,ir,t0,t1);
1158 CAMELLIA_ROUNDSM(io[2],io[3],
1159 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1160 io[0],io[1],il,ir,t0,t1);
1161 CAMELLIA_ROUNDSM(io[0],io[1],
1162 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1163 io[2],io[3],il,ir,t0,t1);
1164 CAMELLIA_ROUNDSM(io[2],io[3],
1165 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1166 io[0],io[1],il,ir,t0,t1);
1168 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1169 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1170 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1173 CAMELLIA_ROUNDSM(io[0],io[1],
1174 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1175 io[2],io[3],il,ir,t0,t1);
1176 CAMELLIA_ROUNDSM(io[2],io[3],
1177 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1178 io[0],io[1],il,ir,t0,t1);
1179 CAMELLIA_ROUNDSM(io[0],io[1],
1180 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1181 io[2],io[3],il,ir,t0,t1);
1182 CAMELLIA_ROUNDSM(io[2],io[3],
1183 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1184 io[0],io[1],il,ir,t0,t1);
1185 CAMELLIA_ROUNDSM(io[0],io[1],
1186 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1187 io[2],io[3],il,ir,t0,t1);
1188 CAMELLIA_ROUNDSM(io[2],io[3],
1189 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1190 io[0],io[1],il,ir,t0,t1);
1192 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1193 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1194 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1197 CAMELLIA_ROUNDSM(io[0],io[1],
1198 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1199 io[2],io[3],il,ir,t0,t1);
1200 CAMELLIA_ROUNDSM(io[2],io[3],
1201 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1202 io[0],io[1],il,ir,t0,t1);
1203 CAMELLIA_ROUNDSM(io[0],io[1],
1204 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1205 io[2],io[3],il,ir,t0,t1);
1206 CAMELLIA_ROUNDSM(io[2],io[3],
1207 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1208 io[0],io[1],il,ir,t0,t1);
1209 CAMELLIA_ROUNDSM(io[0],io[1],
1210 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1211 io[2],io[3],il,ir,t0,t1);
1212 CAMELLIA_ROUNDSM(io[2],io[3],
1213 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1214 io[0],io[1],il,ir,t0,t1);
1216 /* post whitening but kw4 */
1217 io[2] ^= CamelliaSubkeyL(0);
1218 io[3] ^= CamelliaSubkeyR(0);
1231 * stuff for 192 and 256bit encryption/decryption
1233 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1235 u32 il,ir,t0,t1; /* temporary valiables */
1237 /* pre whitening but absorb kw2*/
1238 io[0] ^= CamelliaSubkeyL(0);
1239 io[1] ^= CamelliaSubkeyR(0);
1241 /* main iteration */
1242 CAMELLIA_ROUNDSM(io[0],io[1],
1243 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1244 io[2],io[3],il,ir,t0,t1);
1245 CAMELLIA_ROUNDSM(io[2],io[3],
1246 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1247 io[0],io[1],il,ir,t0,t1);
1248 CAMELLIA_ROUNDSM(io[0],io[1],
1249 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1250 io[2],io[3],il,ir,t0,t1);
1251 CAMELLIA_ROUNDSM(io[2],io[3],
1252 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1253 io[0],io[1],il,ir,t0,t1);
1254 CAMELLIA_ROUNDSM(io[0],io[1],
1255 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1256 io[2],io[3],il,ir,t0,t1);
1257 CAMELLIA_ROUNDSM(io[2],io[3],
1258 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1259 io[0],io[1],il,ir,t0,t1);
1261 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1262 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1263 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1266 CAMELLIA_ROUNDSM(io[0],io[1],
1267 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1268 io[2],io[3],il,ir,t0,t1);
1269 CAMELLIA_ROUNDSM(io[2],io[3],
1270 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1271 io[0],io[1],il,ir,t0,t1);
1272 CAMELLIA_ROUNDSM(io[0],io[1],
1273 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1274 io[2],io[3],il,ir,t0,t1);
1275 CAMELLIA_ROUNDSM(io[2],io[3],
1276 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1277 io[0],io[1],il,ir,t0,t1);
1278 CAMELLIA_ROUNDSM(io[0],io[1],
1279 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1280 io[2],io[3],il,ir,t0,t1);
1281 CAMELLIA_ROUNDSM(io[2],io[3],
1282 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1283 io[0],io[1],il,ir,t0,t1);
1285 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1286 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1287 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1290 CAMELLIA_ROUNDSM(io[0],io[1],
1291 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1292 io[2],io[3],il,ir,t0,t1);
1293 CAMELLIA_ROUNDSM(io[2],io[3],
1294 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1295 io[0],io[1],il,ir,t0,t1);
1296 CAMELLIA_ROUNDSM(io[0],io[1],
1297 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1298 io[2],io[3],il,ir,t0,t1);
1299 CAMELLIA_ROUNDSM(io[2],io[3],
1300 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1301 io[0],io[1],il,ir,t0,t1);
1302 CAMELLIA_ROUNDSM(io[0],io[1],
1303 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1304 io[2],io[3],il,ir,t0,t1);
1305 CAMELLIA_ROUNDSM(io[2],io[3],
1306 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1307 io[0],io[1],il,ir,t0,t1);
1309 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1310 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1311 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1314 CAMELLIA_ROUNDSM(io[0],io[1],
1315 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1316 io[2],io[3],il,ir,t0,t1);
1317 CAMELLIA_ROUNDSM(io[2],io[3],
1318 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1319 io[0],io[1],il,ir,t0,t1);
1320 CAMELLIA_ROUNDSM(io[0],io[1],
1321 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1322 io[2],io[3],il,ir,t0,t1);
1323 CAMELLIA_ROUNDSM(io[2],io[3],
1324 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1325 io[0],io[1],il,ir,t0,t1);
1326 CAMELLIA_ROUNDSM(io[0],io[1],
1327 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1328 io[2],io[3],il,ir,t0,t1);
1329 CAMELLIA_ROUNDSM(io[2],io[3],
1330 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1331 io[0],io[1],il,ir,t0,t1);
1333 /* post whitening but kw4 */
1334 io[2] ^= CamelliaSubkeyL(32);
1335 io[3] ^= CamelliaSubkeyR(32);
1347 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1349 u32 il,ir,t0,t1; /* temporary valiables */
1351 /* pre whitening but absorb kw2*/
1352 io[0] ^= CamelliaSubkeyL(32);
1353 io[1] ^= CamelliaSubkeyR(32);
1355 /* main iteration */
1356 CAMELLIA_ROUNDSM(io[0],io[1],
1357 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1358 io[2],io[3],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[2],io[3],
1360 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1361 io[0],io[1],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[0],io[1],
1363 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1364 io[2],io[3],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[2],io[3],
1366 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1367 io[0],io[1],il,ir,t0,t1);
1368 CAMELLIA_ROUNDSM(io[0],io[1],
1369 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1370 io[2],io[3],il,ir,t0,t1);
1371 CAMELLIA_ROUNDSM(io[2],io[3],
1372 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1373 io[0],io[1],il,ir,t0,t1);
1375 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1376 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1377 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1380 CAMELLIA_ROUNDSM(io[0],io[1],
1381 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1382 io[2],io[3],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[2],io[3],
1384 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1385 io[0],io[1],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[0],io[1],
1387 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1388 io[2],io[3],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[2],io[3],
1390 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1391 io[0],io[1],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[0],io[1],
1393 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1394 io[2],io[3],il,ir,t0,t1);
1395 CAMELLIA_ROUNDSM(io[2],io[3],
1396 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1397 io[0],io[1],il,ir,t0,t1);
1399 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1400 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1401 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1404 CAMELLIA_ROUNDSM(io[0],io[1],
1405 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1406 io[2],io[3],il,ir,t0,t1);
1407 CAMELLIA_ROUNDSM(io[2],io[3],
1408 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1409 io[0],io[1],il,ir,t0,t1);
1410 CAMELLIA_ROUNDSM(io[0],io[1],
1411 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1412 io[2],io[3],il,ir,t0,t1);
1413 CAMELLIA_ROUNDSM(io[2],io[3],
1414 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1415 io[0],io[1],il,ir,t0,t1);
1416 CAMELLIA_ROUNDSM(io[0],io[1],
1417 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1418 io[2],io[3],il,ir,t0,t1);
1419 CAMELLIA_ROUNDSM(io[2],io[3],
1420 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1421 io[0],io[1],il,ir,t0,t1);
1423 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1424 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1425 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1428 CAMELLIA_ROUNDSM(io[0],io[1],
1429 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1430 io[2],io[3],il,ir,t0,t1);
1431 CAMELLIA_ROUNDSM(io[2],io[3],
1432 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1433 io[0],io[1],il,ir,t0,t1);
1434 CAMELLIA_ROUNDSM(io[0],io[1],
1435 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1436 io[2],io[3],il,ir,t0,t1);
1437 CAMELLIA_ROUNDSM(io[2],io[3],
1438 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1439 io[0],io[1],il,ir,t0,t1);
1440 CAMELLIA_ROUNDSM(io[0],io[1],
1441 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1442 io[2],io[3],il,ir,t0,t1);
1443 CAMELLIA_ROUNDSM(io[2],io[3],
1444 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1445 io[0],io[1],il,ir,t0,t1);
1447 /* post whitening but kw4 */
1448 io[2] ^= CamelliaSubkeyL(0);
1449 io[3] ^= CamelliaSubkeyR(0);
1463 * API for compatibility
1466 static void Camellia_EncryptBlock(const int keyBitLength,
1467 const unsigned char *plaintext,
1468 const KEY_TABLE_TYPE keyTable,
1469 unsigned char *ciphertext)
1473 tmp[0] = GETU32(plaintext);
1474 tmp[1] = GETU32(plaintext + 4);
1475 tmp[2] = GETU32(plaintext + 8);
1476 tmp[3] = GETU32(plaintext + 12);
1478 switch (keyBitLength) {
1480 camellia_encrypt128(keyTable, tmp);
1485 camellia_encrypt256(keyTable, tmp);
1491 PUTU32(ciphertext, tmp[0]);
1492 PUTU32(ciphertext + 4, tmp[1]);
1493 PUTU32(ciphertext + 8, tmp[2]);
1494 PUTU32(ciphertext + 12, tmp[3]);
1497 static void Camellia_DecryptBlock(const int keyBitLength,
1498 const unsigned char *ciphertext,
1499 const KEY_TABLE_TYPE keyTable,
1500 unsigned char *plaintext)
1504 tmp[0] = GETU32(ciphertext);
1505 tmp[1] = GETU32(ciphertext + 4);
1506 tmp[2] = GETU32(ciphertext + 8);
1507 tmp[3] = GETU32(ciphertext + 12);
1509 switch (keyBitLength) {
1511 camellia_decrypt128(keyTable, tmp);
1516 camellia_decrypt256(keyTable, tmp);
1521 PUTU32(plaintext, tmp[0]);
1522 PUTU32(plaintext + 4, tmp[1]);
1523 PUTU32(plaintext + 8, tmp[2]);
1524 PUTU32(plaintext + 12, tmp[3]);
1529 /* CTaoCrypt wrappers to the Camellia code */
1531 int CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)
1535 if (cam == NULL) return BAD_FUNC_ARG;
1537 XMEMSET(cam->key, 0, sizeof(KEY_TABLE_TYPE));
1541 ret = camellia_setup128(key, cam->key);
1544 ret = camellia_setup192(key, cam->key);
1547 ret = camellia_setup256(key, cam->key);
1550 return BAD_FUNC_ARG;
1556 cam->keySz = len * 8;
1558 return CamelliaSetIV(cam, iv);
1562 int CamelliaSetIV(Camellia* cam, const byte* iv)
1565 return BAD_FUNC_ARG;
1568 XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE);
1570 XMEMSET(cam->reg, 0, CAMELLIA_BLOCK_SIZE);
1576 void CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
1578 Camellia_EncryptBlock(cam->keySz, in, cam->key, out);
1582 void CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
1584 Camellia_DecryptBlock(cam->keySz, in, cam->key, out);
1588 void CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
1590 word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
1593 xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE);
1594 Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg,
1595 cam->key, (byte*)cam->reg);
1596 XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE);
1598 out += CAMELLIA_BLOCK_SIZE;
1599 in += CAMELLIA_BLOCK_SIZE;
1604 void CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
1606 word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
1609 XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE);
1610 Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out);
1611 xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE);
1612 XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE);
1614 out += CAMELLIA_BLOCK_SIZE;
1615 in += CAMELLIA_BLOCK_SIZE;
1620 #endif /* HAVE_CAMELLIA */