1 /* camellia.c ver 1.2.0
3 * Copyright (c) 2006,2007
4 * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer as
11 * the first lines of this file unmodified.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 * Copyright (C) 2006-2015 wolfSSL Inc.
32 * This file is part of wolfSSL. (formerly known as CyaSSL)
34 * wolfSSL is free software; you can redistribute it and/or modify
35 * it under the terms of the GNU General Public License as published by
36 * the Free Software Foundation; either version 2 of the License, or
37 * (at your option) any later version.
39 * wolfSSL is distributed in the hope that it will be useful,
40 * but WITHOUT ANY WARRANTY; without even the implied warranty of
41 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
42 * GNU General Public License for more details.
44 * You should have received a copy of the GNU General Public License
45 * along with this program; if not, write to the Free Software
46 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
50 * Algorithm Specification
51 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
59 #include <wolfssl/wolfcrypt/settings.h>
63 #include <wolfssl/wolfcrypt/camellia.h>
64 #include <wolfssl/wolfcrypt/error-crypt.h>
65 #include <wolfssl/wolfcrypt/logging.h>
67 #include <wolfssl/wolfcrypt/misc.h>
69 #include <wolfcrypt/src/misc.c>
72 /* u32 must be 32bit word */
73 typedef unsigned int u32;
74 typedef unsigned char u8;
78 #define CAMELLIA_SIGMA1L ((u32)0xA09E667FL)
79 #define CAMELLIA_SIGMA1R ((u32)0x3BCC908BL)
80 #define CAMELLIA_SIGMA2L ((u32)0xB67AE858L)
81 #define CAMELLIA_SIGMA2R ((u32)0x4CAA73B2L)
82 #define CAMELLIA_SIGMA3L ((u32)0xC6EF372FL)
83 #define CAMELLIA_SIGMA3R ((u32)0xE94F82BEL)
84 #define CAMELLIA_SIGMA4L ((u32)0x54FF53A5L)
85 #define CAMELLIA_SIGMA4R ((u32)0xF1D36F1CL)
86 #define CAMELLIA_SIGMA5L ((u32)0x10E527FAL)
87 #define CAMELLIA_SIGMA5R ((u32)0xDE682D1DL)
88 #define CAMELLIA_SIGMA6L ((u32)0xB05688C2L)
89 #define CAMELLIA_SIGMA6R ((u32)0xB3E6C1FDL)
98 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
99 # define GETU32(p) SWAP(*((u32 *)(p)))
100 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
102 #else /* not MS-VC */
104 # define GETU32(pt) \
105 (((u32)(pt)[0] << 24) \
106 ^ ((u32)(pt)[1] << 16) \
107 ^ ((u32)(pt)[2] << 8) \
110 # define PUTU32(ct, st) { \
111 (ct)[0] = (u8)((st) >> 24); \
112 (ct)[1] = (u8)((st) >> 16); \
113 (ct)[2] = (u8)((st) >> 8); \
114 (ct)[3] = (u8)(st); }
118 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
119 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
121 /* rotation right shift 1byte */
122 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
123 /* rotation left shift 1bit */
124 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
125 /* rotation left shift 1byte */
126 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
128 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
131 ll = (ll << bits) + (lr >> (32 - bits)); \
132 lr = (lr << bits) + (rl >> (32 - bits)); \
133 rl = (rl << bits) + (rr >> (32 - bits)); \
134 rr = (rr << bits) + (w0 >> (32 - bits)); \
137 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
141 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
142 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
143 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
144 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
147 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
148 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
149 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
150 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
152 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
158 yl = CAMELLIA_SP1110(ir & 0xff) \
159 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
160 ^ CAMELLIA_SP3033(t1 & 0xff) \
161 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
162 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
163 ^ CAMELLIA_SP0222(t0 & 0xff) \
164 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
165 ^ CAMELLIA_SP4404(il & 0xff); \
167 yr = CAMELLIA_RR8(yr); \
176 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
180 lr ^= CAMELLIA_RL1(t0); \
190 rr ^= CAMELLIA_RL1(t3); \
193 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
195 ir = CAMELLIA_SP1110(xr & 0xff) \
196 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
197 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
198 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
199 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
200 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
201 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
202 ^ CAMELLIA_SP4404(xl & 0xff); \
206 il = CAMELLIA_RR8(il); \
213 static const u32 camellia_sp1110[256] = {
214 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
215 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
216 0xe4e4e400,0x85858500,0x57575700,0x35353500,
217 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
218 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
219 0x45454500,0x19191900,0xa5a5a500,0x21212100,
220 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
221 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
222 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
223 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
224 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
225 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
226 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
227 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
228 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
229 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
230 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
231 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
232 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
233 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
234 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
235 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
236 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
237 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
238 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
239 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
240 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
241 0x53535300,0x18181800,0xf2f2f200,0x22222200,
242 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
243 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
244 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
245 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
246 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
247 0xa1a1a100,0x89898900,0x62626200,0x97979700,
248 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
249 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
250 0x10101000,0xc4c4c400,0x00000000,0x48484800,
251 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
252 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
253 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
254 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
255 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
256 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
257 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
258 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
259 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
260 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
261 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
262 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
263 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
264 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
265 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
266 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
267 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
268 0xd4d4d400,0x25252500,0xababab00,0x42424200,
269 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
270 0x72727200,0x07070700,0xb9b9b900,0x55555500,
271 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
272 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
273 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
274 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
275 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
276 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
277 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
280 static const u32 camellia_sp0222[256] = {
281 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
282 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
283 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
284 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
285 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
286 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
287 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
288 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
289 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
290 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
291 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
292 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
293 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
294 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
295 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
296 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
297 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
298 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
299 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
300 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
301 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
302 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
303 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
304 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
305 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
306 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
307 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
308 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
309 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
310 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
311 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
312 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
313 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
314 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
315 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
316 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
317 0x00202020,0x00898989,0x00000000,0x00909090,
318 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
319 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
320 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
321 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
322 0x009b9b9b,0x00949494,0x00212121,0x00666666,
323 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
324 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
325 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
326 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
327 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
328 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
329 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
330 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
331 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
332 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
333 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
334 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
335 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
336 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
337 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
338 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
339 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
340 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
341 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
342 0x00777777,0x00939393,0x00868686,0x00838383,
343 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
344 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
347 static const u32 camellia_sp3033[256] = {
348 0x38003838,0x41004141,0x16001616,0x76007676,
349 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
350 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
351 0x75007575,0x06000606,0x57005757,0xa000a0a0,
352 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
353 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
354 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
355 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
356 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
357 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
358 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
359 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
360 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
361 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
362 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
363 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
364 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
365 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
366 0x3a003a3a,0x09000909,0x95009595,0x10001010,
367 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
368 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
369 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
370 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
371 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
372 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
373 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
374 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
375 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
376 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
377 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
378 0x12001212,0x04000404,0x74007474,0x54005454,
379 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
380 0x55005555,0x68006868,0x50005050,0xbe00bebe,
381 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
382 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
383 0x70007070,0xff00ffff,0x32003232,0x69006969,
384 0x08000808,0x62006262,0x00000000,0x24002424,
385 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
386 0x45004545,0x81008181,0x73007373,0x6d006d6d,
387 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
388 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
389 0xe600e6e6,0x25002525,0x48004848,0x99009999,
390 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
391 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
392 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
393 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
394 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
395 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
396 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
397 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
398 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
399 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
400 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
401 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
402 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
403 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
404 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
405 0x7c007c7c,0x77007777,0x56005656,0x05000505,
406 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
407 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
408 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
409 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
410 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
411 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
414 static const u32 camellia_sp4404[256] = {
415 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
416 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
417 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
418 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
419 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
420 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
421 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
422 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
423 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
424 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
425 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
426 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
427 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
428 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
429 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
430 0x24240024,0xe8e800e8,0x60600060,0x69690069,
431 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
432 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
433 0x10100010,0x00000000,0xa3a300a3,0x75750075,
434 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
435 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
436 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
437 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
438 0x81810081,0x6f6f006f,0x13130013,0x63630063,
439 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
440 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
441 0x78780078,0x06060006,0xe7e700e7,0x71710071,
442 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
443 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
444 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
445 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
446 0x15150015,0xadad00ad,0x77770077,0x80800080,
447 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
448 0x85850085,0x35350035,0x0c0c000c,0x41410041,
449 0xefef00ef,0x93930093,0x19190019,0x21210021,
450 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
451 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
452 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
453 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
454 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
455 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
456 0x12120012,0x20200020,0xb1b100b1,0x99990099,
457 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
458 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
459 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
460 0x0f0f000f,0x16160016,0x18180018,0x22220022,
461 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
462 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
463 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
464 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
465 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
466 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
467 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
468 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
469 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
470 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
471 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
472 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
473 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
474 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
475 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
476 0x49490049,0x68680068,0x38380038,0xa4a400a4,
477 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
478 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
483 * Stuff related to the Camellia key schedule
485 #define subl(x) subL[(x)]
486 #define subr(x) subR[(x)]
488 static int camellia_setup128(const unsigned char *key, u32 *subkey)
490 u32 kll, klr, krl, krr;
491 u32 il, ir, t0, t1, w0, w1;
492 u32 kw4l, kw4r, dw, tl, tr;
494 #ifdef WOLFSSL_SMALL_STACK
498 subL = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
502 subR = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
504 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
513 * k == kll || klr || krl || krr (|| is concatination)
516 klr = GETU32(key + 4);
517 krl = GETU32(key + 8);
518 krr = GETU32(key + 12);
520 * generate KL dependent subkeys
522 subl(0) = kll; subr(0) = klr;
523 subl(1) = krl; subr(1) = krr;
524 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
525 subl(4) = kll; subr(4) = klr;
526 subl(5) = krl; subr(5) = krr;
527 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
528 subl(10) = kll; subr(10) = klr;
529 subl(11) = krl; subr(11) = krr;
530 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
531 subl(13) = krl; subr(13) = krr;
532 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
533 subl(16) = kll; subr(16) = klr;
534 subl(17) = krl; subr(17) = krr;
535 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
536 subl(18) = kll; subr(18) = klr;
537 subl(19) = krl; subr(19) = krr;
538 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
539 subl(22) = kll; subr(22) = klr;
540 subl(23) = krl; subr(23) = krr;
543 kll = subl(0); klr = subr(0);
544 krl = subl(1); krr = subr(1);
546 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
547 w0, w1, il, ir, t0, t1);
548 krl ^= w0; krr ^= w1;
550 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
551 kll, klr, il, ir, t0, t1);
553 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
554 krl, krr, il, ir, t0, t1);
555 krl ^= w0; krr ^= w1;
557 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
558 w0, w1, il, ir, t0, t1);
559 kll ^= w0; klr ^= w1;
561 /* generate KA dependent subkeys */
562 subl(2) = kll; subr(2) = klr;
563 subl(3) = krl; subr(3) = krr;
564 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565 subl(6) = kll; subr(6) = klr;
566 subl(7) = krl; subr(7) = krr;
567 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
568 subl(8) = kll; subr(8) = klr;
569 subl(9) = krl; subr(9) = krr;
570 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
571 subl(12) = kll; subr(12) = klr;
572 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
573 subl(14) = kll; subr(14) = klr;
574 subl(15) = krl; subr(15) = krr;
575 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576 subl(20) = kll; subr(20) = klr;
577 subl(21) = krl; subr(21) = krr;
578 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
579 subl(24) = kll; subr(24) = klr;
580 subl(25) = krl; subr(25) = krr;
583 /* absorb kw2 to other subkeys */
584 subl(3) ^= subl(1); subr(3) ^= subr(1);
585 subl(5) ^= subl(1); subr(5) ^= subr(1);
586 subl(7) ^= subl(1); subr(7) ^= subr(1);
587 subl(1) ^= subr(1) & ~subr(9);
588 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
589 subl(11) ^= subl(1); subr(11) ^= subr(1);
590 subl(13) ^= subl(1); subr(13) ^= subr(1);
591 subl(15) ^= subl(1); subr(15) ^= subr(1);
592 subl(1) ^= subr(1) & ~subr(17);
593 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
594 subl(19) ^= subl(1); subr(19) ^= subr(1);
595 subl(21) ^= subl(1); subr(21) ^= subr(1);
596 subl(23) ^= subl(1); subr(23) ^= subr(1);
597 subl(24) ^= subl(1); subr(24) ^= subr(1);
599 /* absorb kw4 to other subkeys */
600 kw4l = subl(25); kw4r = subr(25);
601 subl(22) ^= kw4l; subr(22) ^= kw4r;
602 subl(20) ^= kw4l; subr(20) ^= kw4r;
603 subl(18) ^= kw4l; subr(18) ^= kw4r;
604 kw4l ^= kw4r & ~subr(16);
605 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
606 subl(14) ^= kw4l; subr(14) ^= kw4r;
607 subl(12) ^= kw4l; subr(12) ^= kw4r;
608 subl(10) ^= kw4l; subr(10) ^= kw4r;
609 kw4l ^= kw4r & ~subr(8);
610 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
611 subl(6) ^= kw4l; subr(6) ^= kw4r;
612 subl(4) ^= kw4l; subr(4) ^= kw4r;
613 subl(2) ^= kw4l; subr(2) ^= kw4r;
614 subl(0) ^= kw4l; subr(0) ^= kw4r;
616 /* key XOR is end of F-function */
617 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
618 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
619 CamelliaSubkeyL(2) = subl(3);
620 CamelliaSubkeyR(2) = subr(3);
621 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
622 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
623 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
624 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
625 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
626 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
627 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
628 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
629 tl = subl(10) ^ (subr(10) & ~subr(8));
630 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
631 CamelliaSubkeyL(7) = subl(6) ^ tl;
632 CamelliaSubkeyR(7) = subr(6) ^ tr;
633 CamelliaSubkeyL(8) = subl(8);
634 CamelliaSubkeyR(8) = subr(8);
635 CamelliaSubkeyL(9) = subl(9);
636 CamelliaSubkeyR(9) = subr(9);
637 tl = subl(7) ^ (subr(7) & ~subr(9));
638 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
639 CamelliaSubkeyL(10) = tl ^ subl(11);
640 CamelliaSubkeyR(10) = tr ^ subr(11);
641 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
642 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
643 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
644 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
645 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
646 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
647 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
648 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
649 tl = subl(18) ^ (subr(18) & ~subr(16));
650 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
651 CamelliaSubkeyL(15) = subl(14) ^ tl;
652 CamelliaSubkeyR(15) = subr(14) ^ tr;
653 CamelliaSubkeyL(16) = subl(16);
654 CamelliaSubkeyR(16) = subr(16);
655 CamelliaSubkeyL(17) = subl(17);
656 CamelliaSubkeyR(17) = subr(17);
657 tl = subl(15) ^ (subr(15) & ~subr(17));
658 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
659 CamelliaSubkeyL(18) = tl ^ subl(19);
660 CamelliaSubkeyR(18) = tr ^ subr(19);
661 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
662 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
663 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
664 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
665 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
666 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
667 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
668 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
669 CamelliaSubkeyL(23) = subl(22);
670 CamelliaSubkeyR(23) = subr(22);
671 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
672 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
674 /* apply the inverse of the last half of P-function */
675 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
676 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
677 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
678 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
679 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
680 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
681 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
682 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
683 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
684 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
685 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
686 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
687 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
688 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
689 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
690 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
691 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
692 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
693 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
694 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
695 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
696 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
697 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
698 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
699 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
700 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
701 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
702 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
703 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
704 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
705 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
706 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
707 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
708 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
709 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
710 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
712 #ifdef WOLFSSL_SMALL_STACK
713 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
714 XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
720 static int camellia_setup256(const unsigned char *key, u32 *subkey)
722 u32 kll,klr,krl,krr; /* left half of key */
723 u32 krll,krlr,krrl,krrr; /* right half of key */
724 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
725 u32 kw4l, kw4r, dw, tl, tr;
727 #ifdef WOLFSSL_SMALL_STACK
731 subL = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
735 subR = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
737 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
746 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
747 * (|| is concatination)
751 klr = GETU32(key + 4);
752 krl = GETU32(key + 8);
753 krr = GETU32(key + 12);
754 krll = GETU32(key + 16);
755 krlr = GETU32(key + 20);
756 krrl = GETU32(key + 24);
757 krrr = GETU32(key + 28);
759 /* generate KL dependent subkeys */
760 subl(0) = kll; subr(0) = klr;
761 subl(1) = krl; subr(1) = krr;
762 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
763 subl(12) = kll; subr(12) = klr;
764 subl(13) = krl; subr(13) = krr;
765 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
766 subl(16) = kll; subr(16) = klr;
767 subl(17) = krl; subr(17) = krr;
768 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
769 subl(22) = kll; subr(22) = klr;
770 subl(23) = krl; subr(23) = krr;
771 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
772 subl(30) = kll; subr(30) = klr;
773 subl(31) = krl; subr(31) = krr;
775 /* generate KR dependent subkeys */
776 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
777 subl(4) = krll; subr(4) = krlr;
778 subl(5) = krrl; subr(5) = krrr;
779 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
780 subl(8) = krll; subr(8) = krlr;
781 subl(9) = krrl; subr(9) = krrr;
782 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
783 subl(18) = krll; subr(18) = krlr;
784 subl(19) = krrl; subr(19) = krrr;
785 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
786 subl(26) = krll; subr(26) = krlr;
787 subl(27) = krrl; subr(27) = krrr;
788 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
791 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
792 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
794 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
795 w0, w1, il, ir, t0, t1);
796 krl ^= w0; krr ^= w1;
798 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
799 kll, klr, il, ir, t0, t1);
800 kll ^= krll; klr ^= krlr;
802 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
803 krl, krr, il, ir, t0, t1);
804 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
806 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
807 w0, w1, il, ir, t0, t1);
808 kll ^= w0; klr ^= w1;
811 krll ^= kll; krlr ^= klr;
812 krrl ^= krl; krrr ^= krr;
813 CAMELLIA_F(krll, krlr,
814 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
815 w0, w1, il, ir, t0, t1);
816 krrl ^= w0; krrr ^= w1;
817 CAMELLIA_F(krrl, krrr,
818 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
819 w0, w1, il, ir, t0, t1);
820 krll ^= w0; krlr ^= w1;
822 /* generate KA dependent subkeys */
823 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
824 subl(6) = kll; subr(6) = klr;
825 subl(7) = krl; subr(7) = krr;
826 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
827 subl(14) = kll; subr(14) = klr;
828 subl(15) = krl; subr(15) = krr;
829 subl(24) = klr; subr(24) = krl;
830 subl(25) = krr; subr(25) = kll;
831 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
832 subl(28) = kll; subr(28) = klr;
833 subl(29) = krl; subr(29) = krr;
835 /* generate KB dependent subkeys */
836 subl(2) = krll; subr(2) = krlr;
837 subl(3) = krrl; subr(3) = krrr;
838 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
839 subl(10) = krll; subr(10) = krlr;
840 subl(11) = krrl; subr(11) = krrr;
841 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
842 subl(20) = krll; subr(20) = krlr;
843 subl(21) = krrl; subr(21) = krrr;
844 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
845 subl(32) = krll; subr(32) = krlr;
846 subl(33) = krrl; subr(33) = krrr;
848 /* absorb kw2 to other subkeys */
849 subl(3) ^= subl(1); subr(3) ^= subr(1);
850 subl(5) ^= subl(1); subr(5) ^= subr(1);
851 subl(7) ^= subl(1); subr(7) ^= subr(1);
852 subl(1) ^= subr(1) & ~subr(9);
853 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
854 subl(11) ^= subl(1); subr(11) ^= subr(1);
855 subl(13) ^= subl(1); subr(13) ^= subr(1);
856 subl(15) ^= subl(1); subr(15) ^= subr(1);
857 subl(1) ^= subr(1) & ~subr(17);
858 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
859 subl(19) ^= subl(1); subr(19) ^= subr(1);
860 subl(21) ^= subl(1); subr(21) ^= subr(1);
861 subl(23) ^= subl(1); subr(23) ^= subr(1);
862 subl(1) ^= subr(1) & ~subr(25);
863 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
864 subl(27) ^= subl(1); subr(27) ^= subr(1);
865 subl(29) ^= subl(1); subr(29) ^= subr(1);
866 subl(31) ^= subl(1); subr(31) ^= subr(1);
867 subl(32) ^= subl(1); subr(32) ^= subr(1);
869 /* absorb kw4 to other subkeys */
870 kw4l = subl(33); kw4r = subr(33);
871 subl(30) ^= kw4l; subr(30) ^= kw4r;
872 subl(28) ^= kw4l; subr(28) ^= kw4r;
873 subl(26) ^= kw4l; subr(26) ^= kw4r;
874 kw4l ^= kw4r & ~subr(24);
875 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
876 subl(22) ^= kw4l; subr(22) ^= kw4r;
877 subl(20) ^= kw4l; subr(20) ^= kw4r;
878 subl(18) ^= kw4l; subr(18) ^= kw4r;
879 kw4l ^= kw4r & ~subr(16);
880 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
881 subl(14) ^= kw4l; subr(14) ^= kw4r;
882 subl(12) ^= kw4l; subr(12) ^= kw4r;
883 subl(10) ^= kw4l; subr(10) ^= kw4r;
884 kw4l ^= kw4r & ~subr(8);
885 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
886 subl(6) ^= kw4l; subr(6) ^= kw4r;
887 subl(4) ^= kw4l; subr(4) ^= kw4r;
888 subl(2) ^= kw4l; subr(2) ^= kw4r;
889 subl(0) ^= kw4l; subr(0) ^= kw4r;
891 /* key XOR is end of F-function */
892 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
893 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
894 CamelliaSubkeyL(2) = subl(3);
895 CamelliaSubkeyR(2) = subr(3);
896 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
897 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
898 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
899 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
900 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
901 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
902 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
903 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
904 tl = subl(10) ^ (subr(10) & ~subr(8));
905 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
906 CamelliaSubkeyL(7) = subl(6) ^ tl;
907 CamelliaSubkeyR(7) = subr(6) ^ tr;
908 CamelliaSubkeyL(8) = subl(8);
909 CamelliaSubkeyR(8) = subr(8);
910 CamelliaSubkeyL(9) = subl(9);
911 CamelliaSubkeyR(9) = subr(9);
912 tl = subl(7) ^ (subr(7) & ~subr(9));
913 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
914 CamelliaSubkeyL(10) = tl ^ subl(11);
915 CamelliaSubkeyR(10) = tr ^ subr(11);
916 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
917 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
918 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
919 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
920 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
921 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
922 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
923 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
924 tl = subl(18) ^ (subr(18) & ~subr(16));
925 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
926 CamelliaSubkeyL(15) = subl(14) ^ tl;
927 CamelliaSubkeyR(15) = subr(14) ^ tr;
928 CamelliaSubkeyL(16) = subl(16);
929 CamelliaSubkeyR(16) = subr(16);
930 CamelliaSubkeyL(17) = subl(17);
931 CamelliaSubkeyR(17) = subr(17);
932 tl = subl(15) ^ (subr(15) & ~subr(17));
933 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
934 CamelliaSubkeyL(18) = tl ^ subl(19);
935 CamelliaSubkeyR(18) = tr ^ subr(19);
936 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
937 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
938 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
939 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
940 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
941 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
942 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
943 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
944 tl = subl(26) ^ (subr(26) & ~subr(24));
945 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
946 CamelliaSubkeyL(23) = subl(22) ^ tl;
947 CamelliaSubkeyR(23) = subr(22) ^ tr;
948 CamelliaSubkeyL(24) = subl(24);
949 CamelliaSubkeyR(24) = subr(24);
950 CamelliaSubkeyL(25) = subl(25);
951 CamelliaSubkeyR(25) = subr(25);
952 tl = subl(23) ^ (subr(23) & ~subr(25));
953 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
954 CamelliaSubkeyL(26) = tl ^ subl(27);
955 CamelliaSubkeyR(26) = tr ^ subr(27);
956 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
957 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
958 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
959 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
960 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
961 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
962 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
963 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
964 CamelliaSubkeyL(31) = subl(30);
965 CamelliaSubkeyR(31) = subr(30);
966 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
967 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
969 /* apply the inverse of the last half of P-function */
970 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
971 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
972 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
973 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
974 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
975 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
976 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
977 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
978 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
979 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
980 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
981 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
982 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
983 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
984 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
985 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
986 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
987 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
988 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
989 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
990 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
991 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
992 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
993 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
994 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
995 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
996 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
997 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
998 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
999 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
1000 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
1001 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
1002 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
1003 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
1004 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
1005 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
1006 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
1007 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
1008 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
1009 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
1010 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
1011 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
1012 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
1013 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
1014 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
1015 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
1016 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
1017 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
1019 #ifdef WOLFSSL_SMALL_STACK
1020 XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1021 XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1027 static int camellia_setup192(const unsigned char *key, u32 *subkey)
1029 unsigned char kk[32];
1030 u32 krll, krlr, krrl,krrr;
1032 memcpy(kk, key, 24);
1033 memcpy((unsigned char *)&krll, key+16,4);
1034 memcpy((unsigned char *)&krlr, key+20,4);
1037 memcpy(kk+24, (unsigned char *)&krrl, 4);
1038 memcpy(kk+28, (unsigned char *)&krrr, 4);
1040 return camellia_setup256(kk, subkey);
1045 * Stuff related to camellia encryption/decryption
1047 * "io" must be 4byte aligned and big-endian data.
1049 static void camellia_encrypt128(const u32 *subkey, u32 *io)
1053 /* pre whitening but absorb kw2*/
1054 io[0] ^= CamelliaSubkeyL(0);
1055 io[1] ^= CamelliaSubkeyR(0);
1056 /* main iteration */
1058 CAMELLIA_ROUNDSM(io[0],io[1],
1059 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1060 io[2],io[3],il,ir,t0,t1);
1061 CAMELLIA_ROUNDSM(io[2],io[3],
1062 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1063 io[0],io[1],il,ir,t0,t1);
1064 CAMELLIA_ROUNDSM(io[0],io[1],
1065 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1066 io[2],io[3],il,ir,t0,t1);
1067 CAMELLIA_ROUNDSM(io[2],io[3],
1068 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1069 io[0],io[1],il,ir,t0,t1);
1070 CAMELLIA_ROUNDSM(io[0],io[1],
1071 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1072 io[2],io[3],il,ir,t0,t1);
1073 CAMELLIA_ROUNDSM(io[2],io[3],
1074 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1075 io[0],io[1],il,ir,t0,t1);
1077 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1078 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1079 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1082 CAMELLIA_ROUNDSM(io[0],io[1],
1083 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1084 io[2],io[3],il,ir,t0,t1);
1085 CAMELLIA_ROUNDSM(io[2],io[3],
1086 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1087 io[0],io[1],il,ir,t0,t1);
1088 CAMELLIA_ROUNDSM(io[0],io[1],
1089 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1090 io[2],io[3],il,ir,t0,t1);
1091 CAMELLIA_ROUNDSM(io[2],io[3],
1092 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1093 io[0],io[1],il,ir,t0,t1);
1094 CAMELLIA_ROUNDSM(io[0],io[1],
1095 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1096 io[2],io[3],il,ir,t0,t1);
1097 CAMELLIA_ROUNDSM(io[2],io[3],
1098 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1099 io[0],io[1],il,ir,t0,t1);
1101 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1102 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1103 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1106 CAMELLIA_ROUNDSM(io[0],io[1],
1107 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1108 io[2],io[3],il,ir,t0,t1);
1109 CAMELLIA_ROUNDSM(io[2],io[3],
1110 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1111 io[0],io[1],il,ir,t0,t1);
1112 CAMELLIA_ROUNDSM(io[0],io[1],
1113 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1114 io[2],io[3],il,ir,t0,t1);
1115 CAMELLIA_ROUNDSM(io[2],io[3],
1116 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1117 io[0],io[1],il,ir,t0,t1);
1118 CAMELLIA_ROUNDSM(io[0],io[1],
1119 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1120 io[2],io[3],il,ir,t0,t1);
1121 CAMELLIA_ROUNDSM(io[2],io[3],
1122 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1123 io[0],io[1],il,ir,t0,t1);
1125 /* post whitening but kw4 */
1126 io[2] ^= CamelliaSubkeyL(24);
1127 io[3] ^= CamelliaSubkeyR(24);
1139 static void camellia_decrypt128(const u32 *subkey, u32 *io)
1141 u32 il,ir,t0,t1; /* temporary valiables */
1143 /* pre whitening but absorb kw2*/
1144 io[0] ^= CamelliaSubkeyL(24);
1145 io[1] ^= CamelliaSubkeyR(24);
1147 /* main iteration */
1148 CAMELLIA_ROUNDSM(io[0],io[1],
1149 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1150 io[2],io[3],il,ir,t0,t1);
1151 CAMELLIA_ROUNDSM(io[2],io[3],
1152 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1153 io[0],io[1],il,ir,t0,t1);
1154 CAMELLIA_ROUNDSM(io[0],io[1],
1155 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1156 io[2],io[3],il,ir,t0,t1);
1157 CAMELLIA_ROUNDSM(io[2],io[3],
1158 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1159 io[0],io[1],il,ir,t0,t1);
1160 CAMELLIA_ROUNDSM(io[0],io[1],
1161 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1162 io[2],io[3],il,ir,t0,t1);
1163 CAMELLIA_ROUNDSM(io[2],io[3],
1164 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1165 io[0],io[1],il,ir,t0,t1);
1167 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1168 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1169 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1172 CAMELLIA_ROUNDSM(io[0],io[1],
1173 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1174 io[2],io[3],il,ir,t0,t1);
1175 CAMELLIA_ROUNDSM(io[2],io[3],
1176 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1177 io[0],io[1],il,ir,t0,t1);
1178 CAMELLIA_ROUNDSM(io[0],io[1],
1179 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1180 io[2],io[3],il,ir,t0,t1);
1181 CAMELLIA_ROUNDSM(io[2],io[3],
1182 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1183 io[0],io[1],il,ir,t0,t1);
1184 CAMELLIA_ROUNDSM(io[0],io[1],
1185 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1186 io[2],io[3],il,ir,t0,t1);
1187 CAMELLIA_ROUNDSM(io[2],io[3],
1188 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1189 io[0],io[1],il,ir,t0,t1);
1191 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1192 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1193 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1196 CAMELLIA_ROUNDSM(io[0],io[1],
1197 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1198 io[2],io[3],il,ir,t0,t1);
1199 CAMELLIA_ROUNDSM(io[2],io[3],
1200 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1201 io[0],io[1],il,ir,t0,t1);
1202 CAMELLIA_ROUNDSM(io[0],io[1],
1203 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1204 io[2],io[3],il,ir,t0,t1);
1205 CAMELLIA_ROUNDSM(io[2],io[3],
1206 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1207 io[0],io[1],il,ir,t0,t1);
1208 CAMELLIA_ROUNDSM(io[0],io[1],
1209 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1210 io[2],io[3],il,ir,t0,t1);
1211 CAMELLIA_ROUNDSM(io[2],io[3],
1212 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1213 io[0],io[1],il,ir,t0,t1);
1215 /* post whitening but kw4 */
1216 io[2] ^= CamelliaSubkeyL(0);
1217 io[3] ^= CamelliaSubkeyR(0);
1230 * stuff for 192 and 256bit encryption/decryption
1232 static void camellia_encrypt256(const u32 *subkey, u32 *io)
1234 u32 il,ir,t0,t1; /* temporary valiables */
1236 /* pre whitening but absorb kw2*/
1237 io[0] ^= CamelliaSubkeyL(0);
1238 io[1] ^= CamelliaSubkeyR(0);
1240 /* main iteration */
1241 CAMELLIA_ROUNDSM(io[0],io[1],
1242 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1243 io[2],io[3],il,ir,t0,t1);
1244 CAMELLIA_ROUNDSM(io[2],io[3],
1245 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1246 io[0],io[1],il,ir,t0,t1);
1247 CAMELLIA_ROUNDSM(io[0],io[1],
1248 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1249 io[2],io[3],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[2],io[3],
1251 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1252 io[0],io[1],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[0],io[1],
1254 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1255 io[2],io[3],il,ir,t0,t1);
1256 CAMELLIA_ROUNDSM(io[2],io[3],
1257 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1258 io[0],io[1],il,ir,t0,t1);
1260 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1261 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1262 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1265 CAMELLIA_ROUNDSM(io[0],io[1],
1266 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1267 io[2],io[3],il,ir,t0,t1);
1268 CAMELLIA_ROUNDSM(io[2],io[3],
1269 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1270 io[0],io[1],il,ir,t0,t1);
1271 CAMELLIA_ROUNDSM(io[0],io[1],
1272 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1273 io[2],io[3],il,ir,t0,t1);
1274 CAMELLIA_ROUNDSM(io[2],io[3],
1275 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1276 io[0],io[1],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[0],io[1],
1278 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1279 io[2],io[3],il,ir,t0,t1);
1280 CAMELLIA_ROUNDSM(io[2],io[3],
1281 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1282 io[0],io[1],il,ir,t0,t1);
1284 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1285 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1286 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1289 CAMELLIA_ROUNDSM(io[0],io[1],
1290 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1291 io[2],io[3],il,ir,t0,t1);
1292 CAMELLIA_ROUNDSM(io[2],io[3],
1293 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1294 io[0],io[1],il,ir,t0,t1);
1295 CAMELLIA_ROUNDSM(io[0],io[1],
1296 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1297 io[2],io[3],il,ir,t0,t1);
1298 CAMELLIA_ROUNDSM(io[2],io[3],
1299 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1300 io[0],io[1],il,ir,t0,t1);
1301 CAMELLIA_ROUNDSM(io[0],io[1],
1302 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1303 io[2],io[3],il,ir,t0,t1);
1304 CAMELLIA_ROUNDSM(io[2],io[3],
1305 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1306 io[0],io[1],il,ir,t0,t1);
1308 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1309 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1310 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1313 CAMELLIA_ROUNDSM(io[0],io[1],
1314 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
1317 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1318 io[0],io[1],il,ir,t0,t1);
1319 CAMELLIA_ROUNDSM(io[0],io[1],
1320 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1321 io[2],io[3],il,ir,t0,t1);
1322 CAMELLIA_ROUNDSM(io[2],io[3],
1323 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1324 io[0],io[1],il,ir,t0,t1);
1325 CAMELLIA_ROUNDSM(io[0],io[1],
1326 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
1329 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1330 io[0],io[1],il,ir,t0,t1);
1332 /* post whitening but kw4 */
1333 io[2] ^= CamelliaSubkeyL(32);
1334 io[3] ^= CamelliaSubkeyR(32);
1346 static void camellia_decrypt256(const u32 *subkey, u32 *io)
1348 u32 il,ir,t0,t1; /* temporary valiables */
1350 /* pre whitening but absorb kw2*/
1351 io[0] ^= CamelliaSubkeyL(32);
1352 io[1] ^= CamelliaSubkeyR(32);
1354 /* main iteration */
1355 CAMELLIA_ROUNDSM(io[0],io[1],
1356 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1357 io[2],io[3],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[2],io[3],
1359 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1360 io[0],io[1],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[0],io[1],
1362 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
1365 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1366 io[0],io[1],il,ir,t0,t1);
1367 CAMELLIA_ROUNDSM(io[0],io[1],
1368 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1369 io[2],io[3],il,ir,t0,t1);
1370 CAMELLIA_ROUNDSM(io[2],io[3],
1371 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1372 io[0],io[1],il,ir,t0,t1);
1374 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1375 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1376 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1379 CAMELLIA_ROUNDSM(io[0],io[1],
1380 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1381 io[2],io[3],il,ir,t0,t1);
1382 CAMELLIA_ROUNDSM(io[2],io[3],
1383 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1384 io[0],io[1],il,ir,t0,t1);
1385 CAMELLIA_ROUNDSM(io[0],io[1],
1386 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1387 io[2],io[3],il,ir,t0,t1);
1388 CAMELLIA_ROUNDSM(io[2],io[3],
1389 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1390 io[0],io[1],il,ir,t0,t1);
1391 CAMELLIA_ROUNDSM(io[0],io[1],
1392 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1393 io[2],io[3],il,ir,t0,t1);
1394 CAMELLIA_ROUNDSM(io[2],io[3],
1395 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1396 io[0],io[1],il,ir,t0,t1);
1398 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1399 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1400 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1403 CAMELLIA_ROUNDSM(io[0],io[1],
1404 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1405 io[2],io[3],il,ir,t0,t1);
1406 CAMELLIA_ROUNDSM(io[2],io[3],
1407 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1408 io[0],io[1],il,ir,t0,t1);
1409 CAMELLIA_ROUNDSM(io[0],io[1],
1410 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1411 io[2],io[3],il,ir,t0,t1);
1412 CAMELLIA_ROUNDSM(io[2],io[3],
1413 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1414 io[0],io[1],il,ir,t0,t1);
1415 CAMELLIA_ROUNDSM(io[0],io[1],
1416 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1417 io[2],io[3],il,ir,t0,t1);
1418 CAMELLIA_ROUNDSM(io[2],io[3],
1419 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1420 io[0],io[1],il,ir,t0,t1);
1422 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1423 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1424 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1427 CAMELLIA_ROUNDSM(io[0],io[1],
1428 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1429 io[2],io[3],il,ir,t0,t1);
1430 CAMELLIA_ROUNDSM(io[2],io[3],
1431 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1432 io[0],io[1],il,ir,t0,t1);
1433 CAMELLIA_ROUNDSM(io[0],io[1],
1434 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1435 io[2],io[3],il,ir,t0,t1);
1436 CAMELLIA_ROUNDSM(io[2],io[3],
1437 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1438 io[0],io[1],il,ir,t0,t1);
1439 CAMELLIA_ROUNDSM(io[0],io[1],
1440 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1441 io[2],io[3],il,ir,t0,t1);
1442 CAMELLIA_ROUNDSM(io[2],io[3],
1443 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1444 io[0],io[1],il,ir,t0,t1);
1446 /* post whitening but kw4 */
1447 io[2] ^= CamelliaSubkeyL(0);
1448 io[3] ^= CamelliaSubkeyR(0);
1462 * API for compatibility
1465 static void Camellia_EncryptBlock(const int keyBitLength,
1466 const unsigned char *plaintext,
1467 const KEY_TABLE_TYPE keyTable,
1468 unsigned char *ciphertext)
1472 tmp[0] = GETU32(plaintext);
1473 tmp[1] = GETU32(plaintext + 4);
1474 tmp[2] = GETU32(plaintext + 8);
1475 tmp[3] = GETU32(plaintext + 12);
1477 switch (keyBitLength) {
1479 camellia_encrypt128(keyTable, tmp);
1484 camellia_encrypt256(keyTable, tmp);
1490 PUTU32(ciphertext, tmp[0]);
1491 PUTU32(ciphertext + 4, tmp[1]);
1492 PUTU32(ciphertext + 8, tmp[2]);
1493 PUTU32(ciphertext + 12, tmp[3]);
1496 static void Camellia_DecryptBlock(const int keyBitLength,
1497 const unsigned char *ciphertext,
1498 const KEY_TABLE_TYPE keyTable,
1499 unsigned char *plaintext)
1503 tmp[0] = GETU32(ciphertext);
1504 tmp[1] = GETU32(ciphertext + 4);
1505 tmp[2] = GETU32(ciphertext + 8);
1506 tmp[3] = GETU32(ciphertext + 12);
1508 switch (keyBitLength) {
1510 camellia_decrypt128(keyTable, tmp);
1515 camellia_decrypt256(keyTable, tmp);
1520 PUTU32(plaintext, tmp[0]);
1521 PUTU32(plaintext + 4, tmp[1]);
1522 PUTU32(plaintext + 8, tmp[2]);
1523 PUTU32(plaintext + 12, tmp[3]);
1528 /* wolfCrypt wrappers to the Camellia code */
1530 int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)
1534 if (cam == NULL) return BAD_FUNC_ARG;
1536 XMEMSET(cam->key, 0, sizeof(KEY_TABLE_TYPE));
1540 ret = camellia_setup128(key, cam->key);
1543 ret = camellia_setup192(key, cam->key);
1546 ret = camellia_setup256(key, cam->key);
1549 return BAD_FUNC_ARG;
1555 cam->keySz = len * 8;
1557 return wc_CamelliaSetIV(cam, iv);
1561 int wc_CamelliaSetIV(Camellia* cam, const byte* iv)
1564 return BAD_FUNC_ARG;
1567 XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE);
1569 XMEMSET(cam->reg, 0, CAMELLIA_BLOCK_SIZE);
1575 void wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
1577 Camellia_EncryptBlock(cam->keySz, in, cam->key, out);
1581 void wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
1583 Camellia_DecryptBlock(cam->keySz, in, cam->key, out);
1587 void wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
1589 word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
1592 xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE);
1593 Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg,
1594 cam->key, (byte*)cam->reg);
1595 XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE);
1597 out += CAMELLIA_BLOCK_SIZE;
1598 in += CAMELLIA_BLOCK_SIZE;
1603 void wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
1605 word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
1608 XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE);
1609 Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out);
1610 xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE);
1611 XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE);
1613 out += CAMELLIA_BLOCK_SIZE;
1614 in += CAMELLIA_BLOCK_SIZE;
1619 #endif /* HAVE_CAMELLIA */
projects / freertos / blob