camellia.c revision 296465
1/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */ 2/* ==================================================================== 3 * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 4 * ALL RIGHTS RESERVED. 5 * 6 * Intellectual Property information for Camellia: 7 * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html 8 * 9 * News Release for Announcement of Camellia open source: 10 * http://www.ntt.co.jp/news/news06e/0604/060413a.html 11 * 12 * The Camellia Code included herein is developed by 13 * NTT (Nippon Telegraph and Telephone Corporation), and is contributed 14 * to the OpenSSL project. 15 * 16 * The Camellia Code is licensed pursuant to the OpenSSL open source 17 * license provided below. 18 */ 19/* ==================================================================== 20 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 26 * 1. Redistributions of source code must retain the above copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 29 * 2. Redistributions in binary form must reproduce the above copyright 30 * notice, this list of conditions and the following disclaimer in 31 * the documentation and/or other materials provided with the 32 * distribution. 33 * 34 * 3. All advertising materials mentioning features or use of this 35 * software must display the following acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 38 * 39 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 40 * endorse or promote products derived from this software without 41 * prior written permission. For written permission, please contact 42 * openssl-core@openssl.org. 43 * 44 * 5. Products derived from this software may not be called "OpenSSL" 45 * nor may "OpenSSL" appear in their names without prior written 46 * permission of the OpenSSL Project. 47 * 48 * 6. Redistributions of any form whatsoever must retain the following 49 * acknowledgment: 50 * "This product includes software developed by the OpenSSL Project 51 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 54 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 57 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 58 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 59 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 60 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 63 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 64 * OF THE POSSIBILITY OF SUCH DAMAGE. 65 * ==================================================================== 66 */ 67 68/* 69 * Algorithm Specification 70 * http://info.isl.llia/specicrypt/eng/camellia/specifications.html 71 */ 72 73#include <string.h> 74#include <stdlib.h> 75 76#include "camellia.h" 77#include "cmll_locl.h" 78 79/* key constants */ 80#define CAMELLIA_SIGMA1L (0xA09E667FL) 81#define CAMELLIA_SIGMA1R (0x3BCC908BL) 82#define CAMELLIA_SIGMA2L (0xB67AE858L) 83#define CAMELLIA_SIGMA2R (0x4CAA73B2L) 84#define CAMELLIA_SIGMA3L (0xC6EF372FL) 85#define CAMELLIA_SIGMA3R (0xE94F82BEL) 86#define CAMELLIA_SIGMA4L (0x54FF53A5L) 87#define CAMELLIA_SIGMA4R (0xF1D36F1CL) 88#define CAMELLIA_SIGMA5L (0x10E527FAL) 89#define CAMELLIA_SIGMA5R (0xDE682D1DL) 90#define CAMELLIA_SIGMA6L (0xB05688C2L) 91#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) 92 93/* 94 * macros 95 */ 96 97/* e is pointer of subkey */ 98#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) 99#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) 100 101/* rotation right shift 1byte */ 102#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) 103/* rotation left shift 1bit */ 104#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) 105/* rotation left shift 1byte */ 106#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) 107 108#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 109do \ 110 { \ 111 w0 = ll; \ 112 ll = (ll << bits) + (lr >> (32 - bits)); \ 113 lr = (lr << bits) + (rl >> (32 - bits)); \ 114 rl = (rl << bits) + (rr >> (32 - bits)); \ 115 rr = (rr << bits) + (w0 >> (32 - bits)); \ 116 } while(0) 117 118#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 119do \ 120 { \ 121 w0 = ll; \ 122 w1 = lr; \ 123 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 124 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 125 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 126 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 127 } while(0) 128 129#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) 130#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) 131#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) 132#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) 133 134#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 135do \ 136 { \ 137 il = xl ^ kl; \ 138 ir = xr ^ kr; \ 139 t0 = il >> 16; \ 140 t1 = ir >> 16; \ 141 yl = CAMELLIA_SP1110(ir & 0xff) \ 142 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 143 ^ CAMELLIA_SP3033(t1 & 0xff) \ 144 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 145 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 146 ^ CAMELLIA_SP0222(t0 & 0xff) \ 147 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 148 ^ CAMELLIA_SP4404(il & 0xff); \ 149 yl ^= yr; \ 150 yr = CAMELLIA_RR8(yr); \ 151 yr ^= yl; \ 152 } while(0) 153 154/* 155 * for speed up 156 * 157 */ 158#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 159do \ 160 { \ 161 t0 = kll; \ 162 t0 &= ll; \ 163 lr ^= CAMELLIA_RL1(t0); \ 164 t1 = klr; \ 165 t1 |= lr; \ 166 ll ^= t1; \ 167 \ 168 t2 = krr; \ 169 t2 |= rr; \ 170 rl ^= t2; \ 171 t3 = krl; \ 172 t3 &= rl; \ 173 rr ^= CAMELLIA_RL1(t3); \ 174 } while(0) 175 176#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 177do \ 178 { \ 179 il = xl; \ 180 ir = xr; \ 181 t0 = il >> 16; \ 182 t1 = ir >> 16; \ 183 ir = CAMELLIA_SP1110(ir & 0xff) \ 184 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ 185 ^ CAMELLIA_SP3033(t1 & 0xff) \ 186 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ 187 il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ 188 ^ CAMELLIA_SP0222(t0 & 0xff) \ 189 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ 190 ^ CAMELLIA_SP4404(il & 0xff); \ 191 il ^= kl; \ 192 ir ^= kr; \ 193 ir ^= il; \ 194 il = CAMELLIA_RR8(il); \ 195 il ^= ir; \ 196 yl ^= ir; \ 197 yr ^= il; \ 198 } while(0) 199 200static const u32 camellia_sp1110[256] = { 201 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 202 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500, 203 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, 204 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 205 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300, 206 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, 207 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 208 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00, 209 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, 210 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 211 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00, 212 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, 213 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 214 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00, 215 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, 216 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 217 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600, 218 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, 219 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 220 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900, 221 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, 222 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 223 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100, 224 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, 225 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 226 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00, 227 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, 228 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 229 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200, 230 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, 231 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 232 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000, 233 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, 234 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 235 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500, 236 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, 237 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 238 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00, 239 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, 240 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 241 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200, 242 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, 243 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 244 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200, 245 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, 246 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 247 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00, 248 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, 249 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 250 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00, 251 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, 252 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 253 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00, 254 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, 255 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 256 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00, 257 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, 258 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 259 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800, 260 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, 261 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 262 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100, 263 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, 264 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00, 265}; 266 267static const u32 camellia_sp0222[256] = { 268 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 269 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb, 270 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, 271 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 272 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727, 273 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, 274 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 275 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b, 276 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, 277 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 278 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe, 279 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, 280 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 281 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a, 282 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, 283 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 284 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc, 285 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, 286 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 287 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333, 288 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, 289 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 290 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262, 291 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, 292 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 293 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838, 294 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, 295 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 296 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565, 297 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, 298 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 299 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0, 300 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, 301 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 302 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b, 303 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, 304 0x00202020, 0x00898989, 0x00000000, 0x00909090, 305 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7, 306 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, 307 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 308 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404, 309 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, 310 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 311 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5, 312 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, 313 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 314 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696, 315 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, 316 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 317 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d, 318 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, 319 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 320 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4, 321 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, 322 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 323 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5, 324 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, 325 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 326 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0, 327 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, 328 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 329 0x00777777, 0x00939393, 0x00868686, 0x00838383, 330 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, 331 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d, 332}; 333 334static const u32 camellia_sp3033[256] = { 335 0x38003838, 0x41004141, 0x16001616, 0x76007676, 336 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2, 337 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, 338 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 339 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9, 340 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, 341 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 342 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede, 343 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, 344 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 345 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf, 346 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, 347 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 348 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e, 349 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, 350 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 351 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333, 352 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, 353 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 354 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc, 355 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, 356 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 357 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898, 358 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, 359 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 360 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e, 361 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, 362 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 363 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959, 364 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, 365 0x12001212, 0x04000404, 0x74007474, 0x54005454, 366 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828, 367 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, 368 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 369 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca, 370 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, 371 0x08000808, 0x62006262, 0x00000000, 0x24002424, 372 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded, 373 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, 374 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 375 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101, 376 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, 377 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 378 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171, 379 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, 380 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 381 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5, 382 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, 383 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 384 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747, 385 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, 386 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 387 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535, 388 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, 389 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 390 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d, 391 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, 392 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 393 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434, 394 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, 395 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 396 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0, 397 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, 398 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f, 399}; 400 401static const u32 camellia_sp4404[256] = { 402 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 403 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae, 404 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, 405 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 406 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f, 407 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, 408 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 409 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c, 410 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, 411 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 412 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076, 413 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, 414 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 415 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2, 416 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, 417 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 418 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062, 419 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, 420 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 421 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd, 422 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, 423 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 424 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6, 425 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, 426 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 427 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4, 428 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, 429 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 430 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac, 431 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, 432 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 433 0x15150015, 0xadad00ad, 0x77770077, 0x80800080, 434 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, 435 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 436 0xefef00ef, 0x93930093, 0x19190019, 0x21210021, 437 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, 438 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 439 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a, 440 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, 441 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 442 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d, 443 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, 444 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 445 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7, 446 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, 447 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 448 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091, 449 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, 450 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 451 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2, 452 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, 453 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 454 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033, 455 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, 456 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 457 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e, 458 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, 459 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 460 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba, 461 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, 462 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 463 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4, 464 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, 465 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e, 466}; 467 468/** 469 * Stuff related to the Camellia key schedule 470 */ 471#define subl(x) subL[(x)] 472#define subr(x) subR[(x)] 473 474void camellia_setup128(const u8 *key, u32 *subkey) 475{ 476 u32 kll, klr, krl, krr; 477 u32 il, ir, t0, t1, w0, w1; 478 u32 kw4l, kw4r, dw, tl, tr; 479 u32 subL[26]; 480 u32 subR[26]; 481 482 /** 483 * k == kll || klr || krl || krr (|| is concatination) 484 */ 485 kll = GETU32(key); 486 klr = GETU32(key + 4); 487 krl = GETU32(key + 8); 488 krr = GETU32(key + 12); 489 /** 490 * generate KL dependent subkeys 491 */ 492 /* kw1 */ 493 subl(0) = kll; 494 subr(0) = klr; 495 /* kw2 */ 496 subl(1) = krl; 497 subr(1) = krr; 498 /* rotation left shift 15bit */ 499 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 500 /* k3 */ 501 subl(4) = kll; 502 subr(4) = klr; 503 /* k4 */ 504 subl(5) = krl; 505 subr(5) = krr; 506 /* rotation left shift 15+30bit */ 507 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 508 /* k7 */ 509 subl(10) = kll; 510 subr(10) = klr; 511 /* k8 */ 512 subl(11) = krl; 513 subr(11) = krr; 514 /* rotation left shift 15+30+15bit */ 515 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 516 /* k10 */ 517 subl(13) = krl; 518 subr(13) = krr; 519 /* rotation left shift 15+30+15+17 bit */ 520 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 521 /* kl3 */ 522 subl(16) = kll; 523 subr(16) = klr; 524 /* kl4 */ 525 subl(17) = krl; 526 subr(17) = krr; 527 /* rotation left shift 15+30+15+17+17 bit */ 528 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 529 /* k13 */ 530 subl(18) = kll; 531 subr(18) = klr; 532 /* k14 */ 533 subl(19) = krl; 534 subr(19) = krr; 535 /* rotation left shift 15+30+15+17+17+17 bit */ 536 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 537 /* k17 */ 538 subl(22) = kll; 539 subr(22) = klr; 540 /* k18 */ 541 subl(23) = krl; 542 subr(23) = krr; 543 544 /* generate KA */ 545 kll = subl(0); 546 klr = subr(0); 547 krl = subl(1); 548 krr = subr(1); 549 CAMELLIA_F(kll, klr, 550 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, w0, w1, il, ir, t0, t1); 551 krl ^= w0; 552 krr ^= w1; 553 CAMELLIA_F(krl, krr, 554 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kll, klr, il, ir, t0, t1); 555 /* current status == (kll, klr, w0, w1) */ 556 CAMELLIA_F(kll, klr, 557 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, krl, krr, il, ir, t0, t1); 558 krl ^= w0; 559 krr ^= w1; 560 CAMELLIA_F(krl, krr, 561 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, w0, w1, il, ir, t0, t1); 562 kll ^= w0; 563 klr ^= w1; 564 565 /* generate KA dependent subkeys */ 566 /* k1, k2 */ 567 subl(2) = kll; 568 subr(2) = klr; 569 subl(3) = krl; 570 subr(3) = krr; 571 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 572 /* k5,k6 */ 573 subl(6) = kll; 574 subr(6) = klr; 575 subl(7) = krl; 576 subr(7) = krr; 577 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 578 /* kl1, kl2 */ 579 subl(8) = kll; 580 subr(8) = klr; 581 subl(9) = krl; 582 subr(9) = krr; 583 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 584 /* k9 */ 585 subl(12) = kll; 586 subr(12) = klr; 587 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 588 /* k11, k12 */ 589 subl(14) = kll; 590 subr(14) = klr; 591 subl(15) = krl; 592 subr(15) = krr; 593 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 594 /* k15, k16 */ 595 subl(20) = kll; 596 subr(20) = klr; 597 subl(21) = krl; 598 subr(21) = krr; 599 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 600 /* kw3, kw4 */ 601 subl(24) = kll; 602 subr(24) = klr; 603 subl(25) = krl; 604 subr(25) = krr; 605 606 /* absorb kw2 to other subkeys */ 607/* round 2 */ 608 subl(3) ^= subl(1); 609 subr(3) ^= subr(1); 610/* round 4 */ 611 subl(5) ^= subl(1); 612 subr(5) ^= subr(1); 613/* round 6 */ 614 subl(7) ^= subl(1); 615 subr(7) ^= subr(1); 616 subl(1) ^= subr(1) & ~subr(9); 617 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); /* modified for 618 * FLinv(kl2) */ 619/* round 8 */ 620 subl(11) ^= subl(1); 621 subr(11) ^= subr(1); 622/* round 10 */ 623 subl(13) ^= subl(1); 624 subr(13) ^= subr(1); 625/* round 12 */ 626 subl(15) ^= subl(1); 627 subr(15) ^= subr(1); 628 subl(1) ^= subr(1) & ~subr(17); 629 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); /* modified for 630 * FLinv(kl4) */ 631/* round 14 */ 632 subl(19) ^= subl(1); 633 subr(19) ^= subr(1); 634/* round 16 */ 635 subl(21) ^= subl(1); 636 subr(21) ^= subr(1); 637/* round 18 */ 638 subl(23) ^= subl(1); 639 subr(23) ^= subr(1); 640/* kw3 */ 641 subl(24) ^= subl(1); 642 subr(24) ^= subr(1); 643 644 /* absorb kw4 to other subkeys */ 645 kw4l = subl(25); 646 kw4r = subr(25); 647/* round 17 */ 648 subl(22) ^= kw4l; 649 subr(22) ^= kw4r; 650/* round 15 */ 651 subl(20) ^= kw4l; 652 subr(20) ^= kw4r; 653/* round 13 */ 654 subl(18) ^= kw4l; 655 subr(18) ^= kw4r; 656 kw4l ^= kw4r & ~subr(16); 657 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ 658/* round 11 */ 659 subl(14) ^= kw4l; 660 subr(14) ^= kw4r; 661/* round 9 */ 662 subl(12) ^= kw4l; 663 subr(12) ^= kw4r; 664/* round 7 */ 665 subl(10) ^= kw4l; 666 subr(10) ^= kw4r; 667 kw4l ^= kw4r & ~subr(8); 668 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ 669/* round 5 */ 670 subl(6) ^= kw4l; 671 subr(6) ^= kw4r; 672/* round 3 */ 673 subl(4) ^= kw4l; 674 subr(4) ^= kw4r; 675/* round 1 */ 676 subl(2) ^= kw4l; 677 subr(2) ^= kw4r; 678/* kw1 */ 679 subl(0) ^= kw4l; 680 subr(0) ^= kw4r; 681 682 /* key XOR is end of F-function */ 683 CamelliaSubkeyL(0) = subl(0) ^ subl(2); /* kw1 */ 684 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 685 CamelliaSubkeyL(2) = subl(3); /* round 1 */ 686 CamelliaSubkeyR(2) = subr(3); 687 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ 688 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 689 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ 690 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 691 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ 692 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 693 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ 694 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 695 tl = subl(10) ^ (subr(10) & ~subr(8)); 696 dw = tl & subl(8), /* FL(kl1) */ 697 tr = subr(10) ^ CAMELLIA_RL1(dw); 698 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ 699 CamelliaSubkeyR(7) = subr(6) ^ tr; 700 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ 701 CamelliaSubkeyR(8) = subr(8); 702 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ 703 CamelliaSubkeyR(9) = subr(9); 704 tl = subl(7) ^ (subr(7) & ~subr(9)); 705 dw = tl & subl(9), /* FLinv(kl2) */ 706 tr = subr(7) ^ CAMELLIA_RL1(dw); 707 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ 708 CamelliaSubkeyR(10) = tr ^ subr(11); 709 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ 710 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 711 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ 712 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 713 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ 714 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 715 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ 716 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 717 tl = subl(18) ^ (subr(18) & ~subr(16)); 718 dw = tl & subl(16), /* FL(kl3) */ 719 tr = subr(18) ^ CAMELLIA_RL1(dw); 720 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ 721 CamelliaSubkeyR(15) = subr(14) ^ tr; 722 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ 723 CamelliaSubkeyR(16) = subr(16); 724 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ 725 CamelliaSubkeyR(17) = subr(17); 726 tl = subl(15) ^ (subr(15) & ~subr(17)); 727 dw = tl & subl(17), /* FLinv(kl4) */ 728 tr = subr(15) ^ CAMELLIA_RL1(dw); 729 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ 730 CamelliaSubkeyR(18) = tr ^ subr(19); 731 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ 732 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 733 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ 734 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 735 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ 736 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 737 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ 738 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 739 CamelliaSubkeyL(23) = subl(22); /* round 18 */ 740 CamelliaSubkeyR(23) = subr(22); 741 CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */ 742 CamelliaSubkeyR(24) = subr(24) ^ subr(23); 743 744 /* apply the inverse of the last half of P-function */ 745 /* round 1 */ 746 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); 747 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; 748 /* round 2 */ 749 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); 750 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; 751 /* round 3 */ 752 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); 753 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; 754 /* round 4 */ 755 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); 756 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; 757 /* round 5 */ 758 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); 759 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; 760 /* round 6 */ 761 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); 762 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; 763 /* round 7 */ 764 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); 765 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; 766 /* round 8 */ 767 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); 768 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; 769 /* round 9 */ 770 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); 771 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; 772 /* round 10 */ 773 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); 774 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; 775 /* round 11 */ 776 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); 777 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; 778 /* round 12 */ 779 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); 780 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; 781 /* round 13 */ 782 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); 783 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; 784 /* round 14 */ 785 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); 786 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; 787 /* round 15 */ 788 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); 789 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; 790 /* round 16 */ 791 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); 792 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; 793 /* round 17 */ 794 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); 795 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; 796 /* round 18 */ 797 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); 798 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; 799 800 return; 801} 802 803void camellia_setup256(const u8 *key, u32 *subkey) 804{ 805 u32 kll, klr, krl, krr; /* left half of key */ 806 u32 krll, krlr, krrl, krrr; /* right half of key */ 807 u32 il, ir, t0, t1, w0, w1; /* temporary variables */ 808 u32 kw4l, kw4r, dw, tl, tr; 809 u32 subL[34]; 810 u32 subR[34]; 811 812 /** 813 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) 814 * (|| is concatination) 815 */ 816 817 kll = GETU32(key); 818 klr = GETU32(key + 4); 819 krl = GETU32(key + 8); 820 krr = GETU32(key + 12); 821 krll = GETU32(key + 16); 822 krlr = GETU32(key + 20); 823 krrl = GETU32(key + 24); 824 krrr = GETU32(key + 28); 825 826 /* generate KL dependent subkeys */ 827 /* kw1 */ 828 subl(0) = kll; 829 subr(0) = klr; 830 /* kw2 */ 831 subl(1) = krl; 832 subr(1) = krr; 833 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); 834 /* k9 */ 835 subl(12) = kll; 836 subr(12) = klr; 837 /* k10 */ 838 subl(13) = krl; 839 subr(13) = krr; 840 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 841 /* kl3 */ 842 subl(16) = kll; 843 subr(16) = klr; 844 /* kl4 */ 845 subl(17) = krl; 846 subr(17) = krr; 847 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); 848 /* k17 */ 849 subl(22) = kll; 850 subr(22) = klr; 851 /* k18 */ 852 subl(23) = krl; 853 subr(23) = krr; 854 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); 855 /* k23 */ 856 subl(30) = kll; 857 subr(30) = klr; 858 /* k24 */ 859 subl(31) = krl; 860 subr(31) = krr; 861 862 /* generate KR dependent subkeys */ 863 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 864 /* k3 */ 865 subl(4) = krll; 866 subr(4) = krlr; 867 /* k4 */ 868 subl(5) = krrl; 869 subr(5) = krrr; 870 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); 871 /* kl1 */ 872 subl(8) = krll; 873 subr(8) = krlr; 874 /* kl2 */ 875 subl(9) = krrl; 876 subr(9) = krrr; 877 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 878 /* k13 */ 879 subl(18) = krll; 880 subr(18) = krlr; 881 /* k14 */ 882 subl(19) = krrl; 883 subr(19) = krrr; 884 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 885 /* k19 */ 886 subl(26) = krll; 887 subr(26) = krlr; 888 /* k20 */ 889 subl(27) = krrl; 890 subr(27) = krrr; 891 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); 892 893 /* generate KA */ 894 kll = subl(0) ^ krll; 895 klr = subr(0) ^ krlr; 896 krl = subl(1) ^ krrl; 897 krr = subr(1) ^ krrr; 898 CAMELLIA_F(kll, klr, 899 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, w0, w1, il, ir, t0, t1); 900 krl ^= w0; 901 krr ^= w1; 902 CAMELLIA_F(krl, krr, 903 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kll, klr, il, ir, t0, t1); 904 kll ^= krll; 905 klr ^= krlr; 906 CAMELLIA_F(kll, klr, 907 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, krl, krr, il, ir, t0, t1); 908 krl ^= w0 ^ krrl; 909 krr ^= w1 ^ krrr; 910 CAMELLIA_F(krl, krr, 911 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, w0, w1, il, ir, t0, t1); 912 kll ^= w0; 913 klr ^= w1; 914 915 /* generate KB */ 916 krll ^= kll; 917 krlr ^= klr; 918 krrl ^= krl; 919 krrr ^= krr; 920 CAMELLIA_F(krll, krlr, 921 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, w0, w1, il, ir, t0, t1); 922 krrl ^= w0; 923 krrr ^= w1; 924 CAMELLIA_F(krrl, krrr, 925 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, w0, w1, il, ir, t0, t1); 926 krll ^= w0; 927 krlr ^= w1; 928 929 /* generate KA dependent subkeys */ 930 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); 931 /* k5 */ 932 subl(6) = kll; 933 subr(6) = klr; 934 /* k6 */ 935 subl(7) = krl; 936 subr(7) = krr; 937 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); 938 /* k11 */ 939 subl(14) = kll; 940 subr(14) = klr; 941 /* k12 */ 942 subl(15) = krl; 943 subr(15) = krr; 944 /* rotation left shift 32bit */ 945 /* kl5 */ 946 subl(24) = klr; 947 subr(24) = krl; 948 /* kl6 */ 949 subl(25) = krr; 950 subr(25) = kll; 951 /* rotation left shift 49 from k11,k12 -> k21,k22 */ 952 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); 953 /* k21 */ 954 subl(28) = kll; 955 subr(28) = klr; 956 /* k22 */ 957 subl(29) = krl; 958 subr(29) = krr; 959 960 /* generate KB dependent subkeys */ 961 /* k1 */ 962 subl(2) = krll; 963 subr(2) = krlr; 964 /* k2 */ 965 subl(3) = krrl; 966 subr(3) = krrr; 967 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 968 /* k7 */ 969 subl(10) = krll; 970 subr(10) = krlr; 971 /* k8 */ 972 subl(11) = krrl; 973 subr(11) = krrr; 974 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); 975 /* k15 */ 976 subl(20) = krll; 977 subr(20) = krlr; 978 /* k16 */ 979 subl(21) = krrl; 980 subr(21) = krrr; 981 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); 982 /* kw3 */ 983 subl(32) = krll; 984 subr(32) = krlr; 985 /* kw4 */ 986 subl(33) = krrl; 987 subr(33) = krrr; 988 989 /* absorb kw2 to other subkeys */ 990/* round 2 */ 991 subl(3) ^= subl(1); 992 subr(3) ^= subr(1); 993/* round 4 */ 994 subl(5) ^= subl(1); 995 subr(5) ^= subr(1); 996/* round 6 */ 997 subl(7) ^= subl(1); 998 subr(7) ^= subr(1); 999 subl(1) ^= subr(1) & ~subr(9); 1000 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); /* modified for 1001 * FLinv(kl2) */ 1002/* round 8 */ 1003 subl(11) ^= subl(1); 1004 subr(11) ^= subr(1); 1005/* round 10 */ 1006 subl(13) ^= subl(1); 1007 subr(13) ^= subr(1); 1008/* round 12 */ 1009 subl(15) ^= subl(1); 1010 subr(15) ^= subr(1); 1011 subl(1) ^= subr(1) & ~subr(17); 1012 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); /* modified for 1013 * FLinv(kl4) */ 1014/* round 14 */ 1015 subl(19) ^= subl(1); 1016 subr(19) ^= subr(1); 1017/* round 16 */ 1018 subl(21) ^= subl(1); 1019 subr(21) ^= subr(1); 1020/* round 18 */ 1021 subl(23) ^= subl(1); 1022 subr(23) ^= subr(1); 1023 subl(1) ^= subr(1) & ~subr(25); 1024 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); /* modified for 1025 * FLinv(kl6) */ 1026/* round 20 */ 1027 subl(27) ^= subl(1); 1028 subr(27) ^= subr(1); 1029/* round 22 */ 1030 subl(29) ^= subl(1); 1031 subr(29) ^= subr(1); 1032/* round 24 */ 1033 subl(31) ^= subl(1); 1034 subr(31) ^= subr(1); 1035/* kw3 */ 1036 subl(32) ^= subl(1); 1037 subr(32) ^= subr(1); 1038 1039 /* absorb kw4 to other subkeys */ 1040 kw4l = subl(33); 1041 kw4r = subr(33); 1042/* round 23 */ 1043 subl(30) ^= kw4l; 1044 subr(30) ^= kw4r; 1045/* round 21 */ 1046 subl(28) ^= kw4l; 1047 subr(28) ^= kw4r; 1048/* round 19 */ 1049 subl(26) ^= kw4l; 1050 subr(26) ^= kw4r; 1051 kw4l ^= kw4r & ~subr(24); 1052 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ 1053/* round 17 */ 1054 subl(22) ^= kw4l; 1055 subr(22) ^= kw4r; 1056/* round 15 */ 1057 subl(20) ^= kw4l; 1058 subr(20) ^= kw4r; 1059/* round 13 */ 1060 subl(18) ^= kw4l; 1061 subr(18) ^= kw4r; 1062 kw4l ^= kw4r & ~subr(16); 1063 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ 1064/* round 11 */ 1065 subl(14) ^= kw4l; 1066 subr(14) ^= kw4r; 1067/* round 9 */ 1068 subl(12) ^= kw4l; 1069 subr(12) ^= kw4r; 1070/* round 7 */ 1071 subl(10) ^= kw4l; 1072 subr(10) ^= kw4r; 1073 kw4l ^= kw4r & ~subr(8); 1074 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ 1075/* round 5 */ 1076 subl(6) ^= kw4l; 1077 subr(6) ^= kw4r; 1078/* round 3 */ 1079 subl(4) ^= kw4l; 1080 subr(4) ^= kw4r; 1081/* round 1 */ 1082 subl(2) ^= kw4l; 1083 subr(2) ^= kw4r; 1084/* kw1 */ 1085 subl(0) ^= kw4l; 1086 subr(0) ^= kw4r; 1087 1088 /* key XOR is end of F-function */ 1089 CamelliaSubkeyL(0) = subl(0) ^ subl(2); /* kw1 */ 1090 CamelliaSubkeyR(0) = subr(0) ^ subr(2); 1091 CamelliaSubkeyL(2) = subl(3); /* round 1 */ 1092 CamelliaSubkeyR(2) = subr(3); 1093 CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ 1094 CamelliaSubkeyR(3) = subr(2) ^ subr(4); 1095 CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ 1096 CamelliaSubkeyR(4) = subr(3) ^ subr(5); 1097 CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ 1098 CamelliaSubkeyR(5) = subr(4) ^ subr(6); 1099 CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ 1100 CamelliaSubkeyR(6) = subr(5) ^ subr(7); 1101 tl = subl(10) ^ (subr(10) & ~subr(8)); 1102 dw = tl & subl(8), /* FL(kl1) */ 1103 tr = subr(10) ^ CAMELLIA_RL1(dw); 1104 CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ 1105 CamelliaSubkeyR(7) = subr(6) ^ tr; 1106 CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ 1107 CamelliaSubkeyR(8) = subr(8); 1108 CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ 1109 CamelliaSubkeyR(9) = subr(9); 1110 tl = subl(7) ^ (subr(7) & ~subr(9)); 1111 dw = tl & subl(9), /* FLinv(kl2) */ 1112 tr = subr(7) ^ CAMELLIA_RL1(dw); 1113 CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ 1114 CamelliaSubkeyR(10) = tr ^ subr(11); 1115 CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ 1116 CamelliaSubkeyR(11) = subr(10) ^ subr(12); 1117 CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ 1118 CamelliaSubkeyR(12) = subr(11) ^ subr(13); 1119 CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ 1120 CamelliaSubkeyR(13) = subr(12) ^ subr(14); 1121 CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ 1122 CamelliaSubkeyR(14) = subr(13) ^ subr(15); 1123 tl = subl(18) ^ (subr(18) & ~subr(16)); 1124 dw = tl & subl(16), /* FL(kl3) */ 1125 tr = subr(18) ^ CAMELLIA_RL1(dw); 1126 CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ 1127 CamelliaSubkeyR(15) = subr(14) ^ tr; 1128 CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ 1129 CamelliaSubkeyR(16) = subr(16); 1130 CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ 1131 CamelliaSubkeyR(17) = subr(17); 1132 tl = subl(15) ^ (subr(15) & ~subr(17)); 1133 dw = tl & subl(17), /* FLinv(kl4) */ 1134 tr = subr(15) ^ CAMELLIA_RL1(dw); 1135 CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ 1136 CamelliaSubkeyR(18) = tr ^ subr(19); 1137 CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ 1138 CamelliaSubkeyR(19) = subr(18) ^ subr(20); 1139 CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ 1140 CamelliaSubkeyR(20) = subr(19) ^ subr(21); 1141 CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ 1142 CamelliaSubkeyR(21) = subr(20) ^ subr(22); 1143 CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ 1144 CamelliaSubkeyR(22) = subr(21) ^ subr(23); 1145 tl = subl(26) ^ (subr(26) 1146 & ~subr(24)); 1147 dw = tl & subl(24), /* FL(kl5) */ 1148 tr = subr(26) ^ CAMELLIA_RL1(dw); 1149 CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */ 1150 CamelliaSubkeyR(23) = subr(22) ^ tr; 1151 CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */ 1152 CamelliaSubkeyR(24) = subr(24); 1153 CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */ 1154 CamelliaSubkeyR(25) = subr(25); 1155 tl = subl(23) ^ (subr(23) & ~subr(25)); 1156 dw = tl & subl(25), /* FLinv(kl6) */ 1157 tr = subr(23) ^ CAMELLIA_RL1(dw); 1158 CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */ 1159 CamelliaSubkeyR(26) = tr ^ subr(27); 1160 CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */ 1161 CamelliaSubkeyR(27) = subr(26) ^ subr(28); 1162 CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */ 1163 CamelliaSubkeyR(28) = subr(27) ^ subr(29); 1164 CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */ 1165 CamelliaSubkeyR(29) = subr(28) ^ subr(30); 1166 CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */ 1167 CamelliaSubkeyR(30) = subr(29) ^ subr(31); 1168 CamelliaSubkeyL(31) = subl(30); /* round 24 */ 1169 CamelliaSubkeyR(31) = subr(30); 1170 CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */ 1171 CamelliaSubkeyR(32) = subr(32) ^ subr(31); 1172 1173 /* apply the inverse of the last half of P-function */ 1174 /* round 1 */ 1175 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); 1176 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; 1177 /* round 2 */ 1178 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); 1179 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; 1180 /* round 3 */ 1181 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); 1182 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; 1183 /* round 4 */ 1184 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); 1185 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; 1186 /* round 5 */ 1187 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); 1188 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; 1189 /* round 6 */ 1190 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); 1191 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; 1192 /* round 7 */ 1193 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); 1194 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; 1195 /* round 8 */ 1196 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); 1197 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; 1198 /* round 9 */ 1199 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); 1200 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; 1201 /* round 10 */ 1202 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); 1203 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; 1204 /* round 11 */ 1205 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); 1206 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; 1207 /* round 12 */ 1208 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); 1209 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; 1210 /* round 13 */ 1211 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); 1212 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; 1213 /* round 14 */ 1214 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); 1215 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; 1216 /* round 15 */ 1217 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); 1218 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; 1219 /* round 16 */ 1220 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); 1221 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; 1222 /* round 17 */ 1223 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); 1224 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; 1225 /* round 18 */ 1226 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); 1227 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; 1228 /* round 19 */ 1229 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); 1230 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; 1231 /* round 20 */ 1232 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); 1233 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; 1234 /* round 21 */ 1235 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); 1236 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; 1237 /* round 22 */ 1238 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); 1239 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; 1240 /* round 23 */ 1241 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); 1242 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; 1243 /* round 24 */ 1244 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); 1245 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, CamelliaSubkeyL(31) = dw; 1246 1247 return; 1248} 1249 1250void camellia_setup192(const u8 *key, u32 *subkey) 1251{ 1252 u8 kk[32]; 1253 u32 krll, krlr, krrl, krrr; 1254 1255 memcpy(kk, key, 24); 1256 memcpy((u8 *)&krll, key + 16, 4); 1257 memcpy((u8 *)&krlr, key + 20, 4); 1258 krrl = ~krll; 1259 krrr = ~krlr; 1260 memcpy(kk + 24, (u8 *)&krrl, 4); 1261 memcpy(kk + 28, (u8 *)&krrr, 4); 1262 camellia_setup256(kk, subkey); 1263 return; 1264} 1265 1266/** 1267 * Stuff related to camellia encryption/decryption 1268 */ 1269void camellia_encrypt128(const u32 *subkey, u32 *io) 1270{ 1271 u32 il, ir, t0, t1; 1272 1273 /* pre whitening but absorb kw2 */ 1274 io[0] ^= CamelliaSubkeyL(0); 1275 io[1] ^= CamelliaSubkeyR(0); 1276 /* main iteration */ 1277 1278 CAMELLIA_ROUNDSM(io[0], io[1], 1279 CamelliaSubkeyL(2), CamelliaSubkeyR(2), 1280 io[2], io[3], il, ir, t0, t1); 1281 CAMELLIA_ROUNDSM(io[2], io[3], 1282 CamelliaSubkeyL(3), CamelliaSubkeyR(3), 1283 io[0], io[1], il, ir, t0, t1); 1284 CAMELLIA_ROUNDSM(io[0], io[1], 1285 CamelliaSubkeyL(4), CamelliaSubkeyR(4), 1286 io[2], io[3], il, ir, t0, t1); 1287 CAMELLIA_ROUNDSM(io[2], io[3], 1288 CamelliaSubkeyL(5), CamelliaSubkeyR(5), 1289 io[0], io[1], il, ir, t0, t1); 1290 CAMELLIA_ROUNDSM(io[0], io[1], 1291 CamelliaSubkeyL(6), CamelliaSubkeyR(6), 1292 io[2], io[3], il, ir, t0, t1); 1293 CAMELLIA_ROUNDSM(io[2], io[3], 1294 CamelliaSubkeyL(7), CamelliaSubkeyR(7), 1295 io[0], io[1], il, ir, t0, t1); 1296 1297 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1298 CamelliaSubkeyL(8), CamelliaSubkeyR(8), 1299 CamelliaSubkeyL(9), CamelliaSubkeyR(9), t0, t1, il, ir); 1300 1301 CAMELLIA_ROUNDSM(io[0], io[1], 1302 CamelliaSubkeyL(10), CamelliaSubkeyR(10), 1303 io[2], io[3], il, ir, t0, t1); 1304 CAMELLIA_ROUNDSM(io[2], io[3], 1305 CamelliaSubkeyL(11), CamelliaSubkeyR(11), 1306 io[0], io[1], il, ir, t0, t1); 1307 CAMELLIA_ROUNDSM(io[0], io[1], 1308 CamelliaSubkeyL(12), CamelliaSubkeyR(12), 1309 io[2], io[3], il, ir, t0, t1); 1310 CAMELLIA_ROUNDSM(io[2], io[3], 1311 CamelliaSubkeyL(13), CamelliaSubkeyR(13), 1312 io[0], io[1], il, ir, t0, t1); 1313 CAMELLIA_ROUNDSM(io[0], io[1], 1314 CamelliaSubkeyL(14), CamelliaSubkeyR(14), 1315 io[2], io[3], il, ir, t0, t1); 1316 CAMELLIA_ROUNDSM(io[2], io[3], 1317 CamelliaSubkeyL(15), CamelliaSubkeyR(15), 1318 io[0], io[1], il, ir, t0, t1); 1319 1320 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1321 CamelliaSubkeyL(16), CamelliaSubkeyR(16), 1322 CamelliaSubkeyL(17), CamelliaSubkeyR(17), t0, t1, il, ir); 1323 1324 CAMELLIA_ROUNDSM(io[0], io[1], 1325 CamelliaSubkeyL(18), CamelliaSubkeyR(18), 1326 io[2], io[3], il, ir, t0, t1); 1327 CAMELLIA_ROUNDSM(io[2], io[3], 1328 CamelliaSubkeyL(19), CamelliaSubkeyR(19), 1329 io[0], io[1], il, ir, t0, t1); 1330 CAMELLIA_ROUNDSM(io[0], io[1], 1331 CamelliaSubkeyL(20), CamelliaSubkeyR(20), 1332 io[2], io[3], il, ir, t0, t1); 1333 CAMELLIA_ROUNDSM(io[2], io[3], 1334 CamelliaSubkeyL(21), CamelliaSubkeyR(21), 1335 io[0], io[1], il, ir, t0, t1); 1336 CAMELLIA_ROUNDSM(io[0], io[1], 1337 CamelliaSubkeyL(22), CamelliaSubkeyR(22), 1338 io[2], io[3], il, ir, t0, t1); 1339 CAMELLIA_ROUNDSM(io[2], io[3], 1340 CamelliaSubkeyL(23), CamelliaSubkeyR(23), 1341 io[0], io[1], il, ir, t0, t1); 1342 1343 /* post whitening but kw4 */ 1344 io[2] ^= CamelliaSubkeyL(24); 1345 io[3] ^= CamelliaSubkeyR(24); 1346 1347 t0 = io[0]; 1348 t1 = io[1]; 1349 io[0] = io[2]; 1350 io[1] = io[3]; 1351 io[2] = t0; 1352 io[3] = t1; 1353 1354 return; 1355} 1356 1357void camellia_decrypt128(const u32 *subkey, u32 *io) 1358{ 1359 u32 il, ir, t0, t1; /* temporary valiables */ 1360 1361 /* pre whitening but absorb kw2 */ 1362 io[0] ^= CamelliaSubkeyL(24); 1363 io[1] ^= CamelliaSubkeyR(24); 1364 1365 /* main iteration */ 1366 CAMELLIA_ROUNDSM(io[0], io[1], 1367 CamelliaSubkeyL(23), CamelliaSubkeyR(23), 1368 io[2], io[3], il, ir, t0, t1); 1369 CAMELLIA_ROUNDSM(io[2], io[3], 1370 CamelliaSubkeyL(22), CamelliaSubkeyR(22), 1371 io[0], io[1], il, ir, t0, t1); 1372 CAMELLIA_ROUNDSM(io[0], io[1], 1373 CamelliaSubkeyL(21), CamelliaSubkeyR(21), 1374 io[2], io[3], il, ir, t0, t1); 1375 CAMELLIA_ROUNDSM(io[2], io[3], 1376 CamelliaSubkeyL(20), CamelliaSubkeyR(20), 1377 io[0], io[1], il, ir, t0, t1); 1378 CAMELLIA_ROUNDSM(io[0], io[1], 1379 CamelliaSubkeyL(19), CamelliaSubkeyR(19), 1380 io[2], io[3], il, ir, t0, t1); 1381 CAMELLIA_ROUNDSM(io[2], io[3], 1382 CamelliaSubkeyL(18), CamelliaSubkeyR(18), 1383 io[0], io[1], il, ir, t0, t1); 1384 1385 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1386 CamelliaSubkeyL(17), CamelliaSubkeyR(17), 1387 CamelliaSubkeyL(16), CamelliaSubkeyR(16), t0, t1, il, ir); 1388 1389 CAMELLIA_ROUNDSM(io[0], io[1], 1390 CamelliaSubkeyL(15), CamelliaSubkeyR(15), 1391 io[2], io[3], il, ir, t0, t1); 1392 CAMELLIA_ROUNDSM(io[2], io[3], 1393 CamelliaSubkeyL(14), CamelliaSubkeyR(14), 1394 io[0], io[1], il, ir, t0, t1); 1395 CAMELLIA_ROUNDSM(io[0], io[1], 1396 CamelliaSubkeyL(13), CamelliaSubkeyR(13), 1397 io[2], io[3], il, ir, t0, t1); 1398 CAMELLIA_ROUNDSM(io[2], io[3], 1399 CamelliaSubkeyL(12), CamelliaSubkeyR(12), 1400 io[0], io[1], il, ir, t0, t1); 1401 CAMELLIA_ROUNDSM(io[0], io[1], 1402 CamelliaSubkeyL(11), CamelliaSubkeyR(11), 1403 io[2], io[3], il, ir, t0, t1); 1404 CAMELLIA_ROUNDSM(io[2], io[3], 1405 CamelliaSubkeyL(10), CamelliaSubkeyR(10), 1406 io[0], io[1], il, ir, t0, t1); 1407 1408 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1409 CamelliaSubkeyL(9), CamelliaSubkeyR(9), 1410 CamelliaSubkeyL(8), CamelliaSubkeyR(8), t0, t1, il, ir); 1411 1412 CAMELLIA_ROUNDSM(io[0], io[1], 1413 CamelliaSubkeyL(7), CamelliaSubkeyR(7), 1414 io[2], io[3], il, ir, t0, t1); 1415 CAMELLIA_ROUNDSM(io[2], io[3], 1416 CamelliaSubkeyL(6), CamelliaSubkeyR(6), 1417 io[0], io[1], il, ir, t0, t1); 1418 CAMELLIA_ROUNDSM(io[0], io[1], 1419 CamelliaSubkeyL(5), CamelliaSubkeyR(5), 1420 io[2], io[3], il, ir, t0, t1); 1421 CAMELLIA_ROUNDSM(io[2], io[3], 1422 CamelliaSubkeyL(4), CamelliaSubkeyR(4), 1423 io[0], io[1], il, ir, t0, t1); 1424 CAMELLIA_ROUNDSM(io[0], io[1], 1425 CamelliaSubkeyL(3), CamelliaSubkeyR(3), 1426 io[2], io[3], il, ir, t0, t1); 1427 CAMELLIA_ROUNDSM(io[2], io[3], 1428 CamelliaSubkeyL(2), CamelliaSubkeyR(2), 1429 io[0], io[1], il, ir, t0, t1); 1430 1431 /* post whitening but kw4 */ 1432 io[2] ^= CamelliaSubkeyL(0); 1433 io[3] ^= CamelliaSubkeyR(0); 1434 1435 t0 = io[0]; 1436 t1 = io[1]; 1437 io[0] = io[2]; 1438 io[1] = io[3]; 1439 io[2] = t0; 1440 io[3] = t1; 1441 1442 return; 1443} 1444 1445/** 1446 * stuff for 192 and 256bit encryption/decryption 1447 */ 1448void camellia_encrypt256(const u32 *subkey, u32 *io) 1449{ 1450 u32 il, ir, t0, t1; /* temporary valiables */ 1451 1452 /* pre whitening but absorb kw2 */ 1453 io[0] ^= CamelliaSubkeyL(0); 1454 io[1] ^= CamelliaSubkeyR(0); 1455 1456 /* main iteration */ 1457 CAMELLIA_ROUNDSM(io[0], io[1], 1458 CamelliaSubkeyL(2), CamelliaSubkeyR(2), 1459 io[2], io[3], il, ir, t0, t1); 1460 CAMELLIA_ROUNDSM(io[2], io[3], 1461 CamelliaSubkeyL(3), CamelliaSubkeyR(3), 1462 io[0], io[1], il, ir, t0, t1); 1463 CAMELLIA_ROUNDSM(io[0], io[1], 1464 CamelliaSubkeyL(4), CamelliaSubkeyR(4), 1465 io[2], io[3], il, ir, t0, t1); 1466 CAMELLIA_ROUNDSM(io[2], io[3], 1467 CamelliaSubkeyL(5), CamelliaSubkeyR(5), 1468 io[0], io[1], il, ir, t0, t1); 1469 CAMELLIA_ROUNDSM(io[0], io[1], 1470 CamelliaSubkeyL(6), CamelliaSubkeyR(6), 1471 io[2], io[3], il, ir, t0, t1); 1472 CAMELLIA_ROUNDSM(io[2], io[3], 1473 CamelliaSubkeyL(7), CamelliaSubkeyR(7), 1474 io[0], io[1], il, ir, t0, t1); 1475 1476 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1477 CamelliaSubkeyL(8), CamelliaSubkeyR(8), 1478 CamelliaSubkeyL(9), CamelliaSubkeyR(9), t0, t1, il, ir); 1479 1480 CAMELLIA_ROUNDSM(io[0], io[1], 1481 CamelliaSubkeyL(10), CamelliaSubkeyR(10), 1482 io[2], io[3], il, ir, t0, t1); 1483 CAMELLIA_ROUNDSM(io[2], io[3], 1484 CamelliaSubkeyL(11), CamelliaSubkeyR(11), 1485 io[0], io[1], il, ir, t0, t1); 1486 CAMELLIA_ROUNDSM(io[0], io[1], 1487 CamelliaSubkeyL(12), CamelliaSubkeyR(12), 1488 io[2], io[3], il, ir, t0, t1); 1489 CAMELLIA_ROUNDSM(io[2], io[3], 1490 CamelliaSubkeyL(13), CamelliaSubkeyR(13), 1491 io[0], io[1], il, ir, t0, t1); 1492 CAMELLIA_ROUNDSM(io[0], io[1], 1493 CamelliaSubkeyL(14), CamelliaSubkeyR(14), 1494 io[2], io[3], il, ir, t0, t1); 1495 CAMELLIA_ROUNDSM(io[2], io[3], 1496 CamelliaSubkeyL(15), CamelliaSubkeyR(15), 1497 io[0], io[1], il, ir, t0, t1); 1498 1499 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1500 CamelliaSubkeyL(16), CamelliaSubkeyR(16), 1501 CamelliaSubkeyL(17), CamelliaSubkeyR(17), t0, t1, il, ir); 1502 1503 CAMELLIA_ROUNDSM(io[0], io[1], 1504 CamelliaSubkeyL(18), CamelliaSubkeyR(18), 1505 io[2], io[3], il, ir, t0, t1); 1506 CAMELLIA_ROUNDSM(io[2], io[3], 1507 CamelliaSubkeyL(19), CamelliaSubkeyR(19), 1508 io[0], io[1], il, ir, t0, t1); 1509 CAMELLIA_ROUNDSM(io[0], io[1], 1510 CamelliaSubkeyL(20), CamelliaSubkeyR(20), 1511 io[2], io[3], il, ir, t0, t1); 1512 CAMELLIA_ROUNDSM(io[2], io[3], 1513 CamelliaSubkeyL(21), CamelliaSubkeyR(21), 1514 io[0], io[1], il, ir, t0, t1); 1515 CAMELLIA_ROUNDSM(io[0], io[1], 1516 CamelliaSubkeyL(22), CamelliaSubkeyR(22), 1517 io[2], io[3], il, ir, t0, t1); 1518 CAMELLIA_ROUNDSM(io[2], io[3], 1519 CamelliaSubkeyL(23), CamelliaSubkeyR(23), 1520 io[0], io[1], il, ir, t0, t1); 1521 1522 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1523 CamelliaSubkeyL(24), CamelliaSubkeyR(24), 1524 CamelliaSubkeyL(25), CamelliaSubkeyR(25), t0, t1, il, ir); 1525 1526 CAMELLIA_ROUNDSM(io[0], io[1], 1527 CamelliaSubkeyL(26), CamelliaSubkeyR(26), 1528 io[2], io[3], il, ir, t0, t1); 1529 CAMELLIA_ROUNDSM(io[2], io[3], 1530 CamelliaSubkeyL(27), CamelliaSubkeyR(27), 1531 io[0], io[1], il, ir, t0, t1); 1532 CAMELLIA_ROUNDSM(io[0], io[1], 1533 CamelliaSubkeyL(28), CamelliaSubkeyR(28), 1534 io[2], io[3], il, ir, t0, t1); 1535 CAMELLIA_ROUNDSM(io[2], io[3], 1536 CamelliaSubkeyL(29), CamelliaSubkeyR(29), 1537 io[0], io[1], il, ir, t0, t1); 1538 CAMELLIA_ROUNDSM(io[0], io[1], 1539 CamelliaSubkeyL(30), CamelliaSubkeyR(30), 1540 io[2], io[3], il, ir, t0, t1); 1541 CAMELLIA_ROUNDSM(io[2], io[3], 1542 CamelliaSubkeyL(31), CamelliaSubkeyR(31), 1543 io[0], io[1], il, ir, t0, t1); 1544 1545 /* post whitening but kw4 */ 1546 io[2] ^= CamelliaSubkeyL(32); 1547 io[3] ^= CamelliaSubkeyR(32); 1548 1549 t0 = io[0]; 1550 t1 = io[1]; 1551 io[0] = io[2]; 1552 io[1] = io[3]; 1553 io[2] = t0; 1554 io[3] = t1; 1555 1556 return; 1557} 1558 1559void camellia_decrypt256(const u32 *subkey, u32 *io) 1560{ 1561 u32 il, ir, t0, t1; /* temporary valiables */ 1562 1563 /* pre whitening but absorb kw2 */ 1564 io[0] ^= CamelliaSubkeyL(32); 1565 io[1] ^= CamelliaSubkeyR(32); 1566 1567 /* main iteration */ 1568 CAMELLIA_ROUNDSM(io[0], io[1], 1569 CamelliaSubkeyL(31), CamelliaSubkeyR(31), 1570 io[2], io[3], il, ir, t0, t1); 1571 CAMELLIA_ROUNDSM(io[2], io[3], 1572 CamelliaSubkeyL(30), CamelliaSubkeyR(30), 1573 io[0], io[1], il, ir, t0, t1); 1574 CAMELLIA_ROUNDSM(io[0], io[1], 1575 CamelliaSubkeyL(29), CamelliaSubkeyR(29), 1576 io[2], io[3], il, ir, t0, t1); 1577 CAMELLIA_ROUNDSM(io[2], io[3], 1578 CamelliaSubkeyL(28), CamelliaSubkeyR(28), 1579 io[0], io[1], il, ir, t0, t1); 1580 CAMELLIA_ROUNDSM(io[0], io[1], 1581 CamelliaSubkeyL(27), CamelliaSubkeyR(27), 1582 io[2], io[3], il, ir, t0, t1); 1583 CAMELLIA_ROUNDSM(io[2], io[3], 1584 CamelliaSubkeyL(26), CamelliaSubkeyR(26), 1585 io[0], io[1], il, ir, t0, t1); 1586 1587 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1588 CamelliaSubkeyL(25), CamelliaSubkeyR(25), 1589 CamelliaSubkeyL(24), CamelliaSubkeyR(24), t0, t1, il, ir); 1590 1591 CAMELLIA_ROUNDSM(io[0], io[1], 1592 CamelliaSubkeyL(23), CamelliaSubkeyR(23), 1593 io[2], io[3], il, ir, t0, t1); 1594 CAMELLIA_ROUNDSM(io[2], io[3], 1595 CamelliaSubkeyL(22), CamelliaSubkeyR(22), 1596 io[0], io[1], il, ir, t0, t1); 1597 CAMELLIA_ROUNDSM(io[0], io[1], 1598 CamelliaSubkeyL(21), CamelliaSubkeyR(21), 1599 io[2], io[3], il, ir, t0, t1); 1600 CAMELLIA_ROUNDSM(io[2], io[3], 1601 CamelliaSubkeyL(20), CamelliaSubkeyR(20), 1602 io[0], io[1], il, ir, t0, t1); 1603 CAMELLIA_ROUNDSM(io[0], io[1], 1604 CamelliaSubkeyL(19), CamelliaSubkeyR(19), 1605 io[2], io[3], il, ir, t0, t1); 1606 CAMELLIA_ROUNDSM(io[2], io[3], 1607 CamelliaSubkeyL(18), CamelliaSubkeyR(18), 1608 io[0], io[1], il, ir, t0, t1); 1609 1610 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1611 CamelliaSubkeyL(17), CamelliaSubkeyR(17), 1612 CamelliaSubkeyL(16), CamelliaSubkeyR(16), t0, t1, il, ir); 1613 1614 CAMELLIA_ROUNDSM(io[0], io[1], 1615 CamelliaSubkeyL(15), CamelliaSubkeyR(15), 1616 io[2], io[3], il, ir, t0, t1); 1617 CAMELLIA_ROUNDSM(io[2], io[3], 1618 CamelliaSubkeyL(14), CamelliaSubkeyR(14), 1619 io[0], io[1], il, ir, t0, t1); 1620 CAMELLIA_ROUNDSM(io[0], io[1], 1621 CamelliaSubkeyL(13), CamelliaSubkeyR(13), 1622 io[2], io[3], il, ir, t0, t1); 1623 CAMELLIA_ROUNDSM(io[2], io[3], 1624 CamelliaSubkeyL(12), CamelliaSubkeyR(12), 1625 io[0], io[1], il, ir, t0, t1); 1626 CAMELLIA_ROUNDSM(io[0], io[1], 1627 CamelliaSubkeyL(11), CamelliaSubkeyR(11), 1628 io[2], io[3], il, ir, t0, t1); 1629 CAMELLIA_ROUNDSM(io[2], io[3], 1630 CamelliaSubkeyL(10), CamelliaSubkeyR(10), 1631 io[0], io[1], il, ir, t0, t1); 1632 1633 CAMELLIA_FLS(io[0], io[1], io[2], io[3], 1634 CamelliaSubkeyL(9), CamelliaSubkeyR(9), 1635 CamelliaSubkeyL(8), CamelliaSubkeyR(8), t0, t1, il, ir); 1636 1637 CAMELLIA_ROUNDSM(io[0], io[1], 1638 CamelliaSubkeyL(7), CamelliaSubkeyR(7), 1639 io[2], io[3], il, ir, t0, t1); 1640 CAMELLIA_ROUNDSM(io[2], io[3], 1641 CamelliaSubkeyL(6), CamelliaSubkeyR(6), 1642 io[0], io[1], il, ir, t0, t1); 1643 CAMELLIA_ROUNDSM(io[0], io[1], 1644 CamelliaSubkeyL(5), CamelliaSubkeyR(5), 1645 io[2], io[3], il, ir, t0, t1); 1646 CAMELLIA_ROUNDSM(io[2], io[3], 1647 CamelliaSubkeyL(4), CamelliaSubkeyR(4), 1648 io[0], io[1], il, ir, t0, t1); 1649 CAMELLIA_ROUNDSM(io[0], io[1], 1650 CamelliaSubkeyL(3), CamelliaSubkeyR(3), 1651 io[2], io[3], il, ir, t0, t1); 1652 CAMELLIA_ROUNDSM(io[2], io[3], 1653 CamelliaSubkeyL(2), CamelliaSubkeyR(2), 1654 io[0], io[1], il, ir, t0, t1); 1655 1656 /* post whitening but kw4 */ 1657 io[2] ^= CamelliaSubkeyL(0); 1658 io[3] ^= CamelliaSubkeyR(0); 1659 1660 t0 = io[0]; 1661 t1 = io[1]; 1662 io[0] = io[2]; 1663 io[1] = io[3]; 1664 io[2] = t0; 1665 io[3] = t1; 1666 1667 return; 1668} 1669