projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[CRYPTO] ctr: Use crypto_inc and crypto_xor
[linux-2.6-block.git] / crypto / camellia.c
CommitLineData
d64beac0
NT		 1/*
2 * Copyright (C) 2006
3 * NTT (Nippon Telegraph and Telephone Corporation).
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 */
19
20/*
21 * Algorithm Specification
22 * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23 */
24
25/*
26 *
27 * NOTE --- NOTE --- NOTE --- NOTE
28 * This implementation assumes that all memory addresses passed
29 * as parameters are four-byte aligned.
30 *
31 */
32
33#include <linux/crypto.h>
34#include <linux/errno.h>
35#include <linux/init.h>
36#include <linux/kernel.h>
37#include <linux/module.h>
38
d64beac0
NT		 39static const u32 camellia_sp1110[256] = {
40 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
41 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
42 0xe4e4e400,0x85858500,0x57575700,0x35353500,
43 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
44 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
45 0x45454500,0x19191900,0xa5a5a500,0x21212100,
46 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
47 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
48 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
49 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
50 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
51 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
52 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
53 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
54 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
55 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
56 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
57 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
58 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
59 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
60 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
61 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
62 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
63 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
64 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
65 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
66 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
67 0x53535300,0x18181800,0xf2f2f200,0x22222200,
68 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
69 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
70 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
71 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
72 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
73 0xa1a1a100,0x89898900,0x62626200,0x97979700,
74 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
75 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
76 0x10101000,0xc4c4c400,0x00000000,0x48484800,
77 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
78 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
79 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
80 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
81 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
82 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
83 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
84 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
85 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
86 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
87 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
88 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
89 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
90 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
91 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
92 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
93 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
94 0xd4d4d400,0x25252500,0xababab00,0x42424200,
95 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
96 0x72727200,0x07070700,0xb9b9b900,0x55555500,
97 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
98 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
99 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
100 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
101 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
102 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
103 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
104};
105
106static const u32 camellia_sp0222[256] = {
107 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
108 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
109 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
110 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
111 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
112 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
113 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
114 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
115 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
116 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
117 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
118 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
119 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
120 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
121 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
122 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
123 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
124 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
125 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
126 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
127 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
128 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
129 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
130 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
131 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
132 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
133 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
134 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
135 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
136 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
137 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
138 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
139 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
140 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
141 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
142 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
143 0x00202020,0x00898989,0x00000000,0x00909090,
144 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
145 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
146 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
147 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
148 0x009b9b9b,0x00949494,0x00212121,0x00666666,
149 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
150 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
151 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
152 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
153 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
154 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
155 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
156 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
157 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
158 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
159 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
160 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
161 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
162 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
163 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
164 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
165 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
166 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
167 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
168 0x00777777,0x00939393,0x00868686,0x00838383,
169 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
170 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
171};
172
173static const u32 camellia_sp3033[256] = {
174 0x38003838,0x41004141,0x16001616,0x76007676,
175 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
176 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
177 0x75007575,0x06000606,0x57005757,0xa000a0a0,
178 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
179 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
180 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
181 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
182 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
183 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
184 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
185 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
186 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
187 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
188 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
189 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
190 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
191 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
192 0x3a003a3a,0x09000909,0x95009595,0x10001010,
193 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
194 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
195 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
196 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
197 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
198 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
199 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
200 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
201 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
202 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
203 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
204 0x12001212,0x04000404,0x74007474,0x54005454,
205 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
206 0x55005555,0x68006868,0x50005050,0xbe00bebe,
207 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
208 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
209 0x70007070,0xff00ffff,0x32003232,0x69006969,
210 0x08000808,0x62006262,0x00000000,0x24002424,
211 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
212 0x45004545,0x81008181,0x73007373,0x6d006d6d,
213 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
214 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
215 0xe600e6e6,0x25002525,0x48004848,0x99009999,
216 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
217 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
218 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
219 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
220 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
221 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
222 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
223 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
224 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
225 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
226 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
227 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
228 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
229 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
230 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
231 0x7c007c7c,0x77007777,0x56005656,0x05000505,
232 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
233 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
234 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
235 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
236 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
237 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
238};
239
240static const u32 camellia_sp4404[256] = {
241 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
242 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
243 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
244 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
245 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
246 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
247 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
248 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
249 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
250 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
251 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
252 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
253 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
254 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
255 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
256 0x24240024,0xe8e800e8,0x60600060,0x69690069,
257 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
258 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
259 0x10100010,0x00000000,0xa3a300a3,0x75750075,
260 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
261 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
262 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
263 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
264 0x81810081,0x6f6f006f,0x13130013,0x63630063,
265 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
266 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
267 0x78780078,0x06060006,0xe7e700e7,0x71710071,
268 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
269 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
270 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
271 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
272 0x15150015,0xadad00ad,0x77770077,0x80800080,
273 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
274 0x85850085,0x35350035,0x0c0c000c,0x41410041,
275 0xefef00ef,0x93930093,0x19190019,0x21210021,
276 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
277 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
278 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
279 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
280 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
281 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
282 0x12120012,0x20200020,0xb1b100b1,0x99990099,
283 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
284 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
285 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
286 0x0f0f000f,0x16160016,0x18180018,0x22220022,
287 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
288 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
289 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
290 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
291 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
292 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
293 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
294 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
295 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
296 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
297 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
298 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
299 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
300 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
301 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
302 0x49490049,0x68680068,0x38380038,0xa4a400a4,
303 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
304 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
305};
306
307
1721a812
DV		 308#define CAMELLIA_MIN_KEY_SIZE 16
309#define CAMELLIA_MAX_KEY_SIZE 32
310#define CAMELLIA_BLOCK_SIZE 16
311#define CAMELLIA_TABLE_BYTE_LEN 272
312
313
314/* key constants */
315
316#define CAMELLIA_SIGMA1L (0xA09E667FL)
317#define CAMELLIA_SIGMA1R (0x3BCC908BL)
318#define CAMELLIA_SIGMA2L (0xB67AE858L)
319#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
320#define CAMELLIA_SIGMA3L (0xC6EF372FL)
321#define CAMELLIA_SIGMA3R (0xE94F82BEL)
322#define CAMELLIA_SIGMA4L (0x54FF53A5L)
323#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
324#define CAMELLIA_SIGMA5L (0x10E527FAL)
325#define CAMELLIA_SIGMA5R (0xDE682D1DL)
326#define CAMELLIA_SIGMA6L (0xB05688C2L)
327#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
328
329/*
330 * macros
331 */
332
1ce73e8d
DV		 333# define GETU32(v, pt) \
334 do { \
335 /* latest breed of gcc is clever enough to use move */ \
336 memcpy(&(v), (pt), 4); \
337 (v) = be32_to_cpu(v); \
338 } while(0)
1721a812
DV		 339
340/* rotation right shift 1byte */
3a5e5f81 341#define ROR8(x) (((x) >> 8) + ((x) << 24))
1721a812 342/* rotation left shift 1bit */
3a5e5f81 343#define ROL1(x) (((x) << 1) + ((x) >> 31))
1721a812 344/* rotation left shift 1byte */
3a5e5f81 345#define ROL8(x) (((x) << 8) + ((x) >> 24))
1721a812 346
3a5e5f81 347#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
1721a812
DV		 348 do { \
349 w0 = ll; \
350 ll = (ll << bits) + (lr >> (32 - bits)); \
351 lr = (lr << bits) + (rl >> (32 - bits)); \
352 rl = (rl << bits) + (rr >> (32 - bits)); \
353 rr = (rr << bits) + (w0 >> (32 - bits)); \
354 } while(0)
355
3a5e5f81 356#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
1721a812
DV		 357 do { \
358 w0 = ll; \
359 w1 = lr; \
360 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
361 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
362 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
363 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
364 } while(0)
365
366
367#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
368 do { \
369 il = xl ^ kl; \
370 ir = xr ^ kr; \
371 t0 = il >> 16; \
372 t1 = ir >> 16; \
373 yl = camellia_sp1110[ir & 0xff] \
374 ^ camellia_sp0222[(t1 >> 8) & 0xff] \
375 ^ camellia_sp3033[t1 & 0xff] \
376 ^ camellia_sp4404[(ir >> 8) & 0xff]; \
377 yr = camellia_sp1110[(t0 >> 8) & 0xff] \
378 ^ camellia_sp0222[t0 & 0xff] \
379 ^ camellia_sp3033[(il >> 8) & 0xff] \
380 ^ camellia_sp4404[il & 0xff]; \
381 yl ^= yr; \
3a5e5f81 382 yr = ROR8(yr); \
1721a812
DV		 383 yr ^= yl; \
384 } while(0)
385
386
387/*
388 * for speed up
389 *
390 */
391#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
392 do { \
393 t0 = kll; \
394 t2 = krr; \
395 t0 &= ll; \
396 t2 |= rr; \
397 rl ^= t2; \
3a5e5f81 398 lr ^= ROL1(t0); \
1721a812
DV		 399 t3 = krl; \
400 t1 = klr; \
401 t3 &= rl; \
402 t1 |= lr; \
403 ll ^= t1; \
3a5e5f81 404 rr ^= ROL1(t3); \
1721a812
DV		 405 } while(0)
406
407#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
408 do { \
409 ir = camellia_sp1110[xr & 0xff]; \
410 il = camellia_sp1110[(xl>>24) & 0xff]; \
411 ir ^= camellia_sp0222[(xr>>24) & 0xff]; \
412 il ^= camellia_sp0222[(xl>>16) & 0xff]; \
413 ir ^= camellia_sp3033[(xr>>16) & 0xff]; \
414 il ^= camellia_sp3033[(xl>>8) & 0xff]; \
415 ir ^= camellia_sp4404[(xr>>8) & 0xff]; \
416 il ^= camellia_sp4404[xl & 0xff]; \
417 il ^= kl; \
418 ir ^= il ^ kr; \
419 yl ^= ir; \
3a5e5f81 420 yr ^= ROR8(il) ^ ir; \
1721a812
DV		 421 } while(0)
422
423
3a5e5f81
DV		 424#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
425#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
d64beac0 426
d3e74805
DV		 427static void camellia_setup_tail(u32 *subkey, int max)
428{
429 u32 dw;
430 int i = 2;
431 do {
432 dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */
433 SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
434 dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */
435 SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
436 dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */
437 SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
438 dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */
439 SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
440 dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */
441 SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
442 dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */
443 SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
444 i += 8;
445 } while (i < max);
446}
447
d64beac0
NT		 448static void camellia_setup128(const unsigned char *key, u32 *subkey)
449{
450 u32 kll, klr, krl, krr;
451 u32 il, ir, t0, t1, w0, w1;
452 u32 kw4l, kw4r, dw, tl, tr;
453 u32 subL[26];
454 u32 subR[26];
455
456 /**
457 * k == kll || klr || krl || krr (|| is concatination)
458 */
1ce73e8d
DV		 459 GETU32(kll, key );
460 GETU32(klr, key + 4);
461 GETU32(krl, key + 8);
462 GETU32(krr, key + 12);
463
d64beac0
NT		 464 /**
465 * generate KL dependent subkeys
466 */
467 /* kw1 */
1721a812 468 subL[0] = kll; subR[0] = klr;
d64beac0 469 /* kw2 */
1721a812 470 subL[1] = krl; subR[1] = krr;
d64beac0 471 /* rotation left shift 15bit */
3a5e5f81 472 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 473 /* k3 */
1721a812 474 subL[4] = kll; subR[4] = klr;
d64beac0 475 /* k4 */
1721a812 476 subL[5] = krl; subR[5] = krr;
d64beac0 477 /* rotation left shift 15+30bit */
3a5e5f81 478 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
d64beac0 479 /* k7 */
1721a812 480 subL[10] = kll; subR[10] = klr;
d64beac0 481 /* k8 */
1721a812 482 subL[11] = krl; subR[11] = krr;
d64beac0 483 /* rotation left shift 15+30+15bit */
3a5e5f81 484 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 485 /* k10 */
1721a812 486 subL[13] = krl; subR[13] = krr;
d64beac0 487 /* rotation left shift 15+30+15+17 bit */
3a5e5f81 488 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
d64beac0 489 /* kl3 */
1721a812 490 subL[16] = kll; subR[16] = klr;
d64beac0 491 /* kl4 */
1721a812 492 subL[17] = krl; subR[17] = krr;
d64beac0 493 /* rotation left shift 15+30+15+17+17 bit */
3a5e5f81 494 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
d64beac0 495 /* k13 */
1721a812 496 subL[18] = kll; subR[18] = klr;
d64beac0 497 /* k14 */
1721a812 498 subL[19] = krl; subR[19] = krr;
d64beac0 499 /* rotation left shift 15+30+15+17+17+17 bit */
3a5e5f81 500 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
d64beac0 501 /* k17 */
1721a812 502 subL[22] = kll; subR[22] = klr;
d64beac0 503 /* k18 */
1721a812 504 subL[23] = krl; subR[23] = krr;
d64beac0
NT		 505
506 /* generate KA */
1721a812
DV		 507 kll = subL[0]; klr = subR[0];
508 krl = subL[1]; krr = subR[1];
d64beac0
NT		 509 CAMELLIA_F(kll, klr,
510 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
511 w0, w1, il, ir, t0, t1);
512 krl ^= w0; krr ^= w1;
513 CAMELLIA_F(krl, krr,
514 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
515 kll, klr, il, ir, t0, t1);
516 /* current status == (kll, klr, w0, w1) */
517 CAMELLIA_F(kll, klr,
518 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
519 krl, krr, il, ir, t0, t1);
520 krl ^= w0; krr ^= w1;
521 CAMELLIA_F(krl, krr,
522 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
523 w0, w1, il, ir, t0, t1);
524 kll ^= w0; klr ^= w1;
525
526 /* generate KA dependent subkeys */
527 /* k1, k2 */
1721a812
DV		 528 subL[2] = kll; subR[2] = klr;
529 subL[3] = krl; subR[3] = krr;
3a5e5f81 530 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 531 /* k5,k6 */
1721a812
DV		 532 subL[6] = kll; subR[6] = klr;
533 subL[7] = krl; subR[7] = krr;
3a5e5f81 534 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 535 /* kl1, kl2 */
1721a812
DV		 536 subL[8] = kll; subR[8] = klr;
537 subL[9] = krl; subR[9] = krr;
3a5e5f81 538 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 539 /* k9 */
1721a812 540 subL[12] = kll; subR[12] = klr;
3a5e5f81 541 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 542 /* k11, k12 */
1721a812
DV		 543 subL[14] = kll; subR[14] = klr;
544 subL[15] = krl; subR[15] = krr;
3a5e5f81 545 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
d64beac0 546 /* k15, k16 */
1721a812
DV		 547 subL[20] = kll; subR[20] = klr;
548 subL[21] = krl; subR[21] = krr;
3a5e5f81 549 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
d64beac0 550 /* kw3, kw4 */
1721a812
DV		 551 subL[24] = kll; subR[24] = klr;
552 subL[25] = krl; subR[25] = krr;
d64beac0
NT		 553
554 /* absorb kw2 to other subkeys */
555 /* round 2 */
1721a812 556 subL[3] ^= subL[1]; subR[3] ^= subR[1];
d64beac0 557 /* round 4 */
1721a812 558 subL[5] ^= subL[1]; subR[5] ^= subR[1];
d64beac0 559 /* round 6 */
1721a812
DV		 560 subL[7] ^= subL[1]; subR[7] ^= subR[1];
561 subL[1] ^= subR[1] & ~subR[9];
562 dw = subL[1] & subL[9],
3a5e5f81 563 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
d64beac0 564 /* round 8 */
1721a812 565 subL[11] ^= subL[1]; subR[11] ^= subR[1];
d64beac0 566 /* round 10 */
1721a812 567 subL[13] ^= subL[1]; subR[13] ^= subR[1];
d64beac0 568 /* round 12 */
1721a812
DV		 569 subL[15] ^= subL[1]; subR[15] ^= subR[1];
570 subL[1] ^= subR[1] & ~subR[17];
571 dw = subL[1] & subL[17],
3a5e5f81 572 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
d64beac0 573 /* round 14 */
1721a812 574 subL[19] ^= subL[1]; subR[19] ^= subR[1];
d64beac0 575 /* round 16 */
1721a812 576 subL[21] ^= subL[1]; subR[21] ^= subR[1];
d64beac0 577 /* round 18 */
1721a812 578 subL[23] ^= subL[1]; subR[23] ^= subR[1];
d64beac0 579 /* kw3 */
1721a812 580 subL[24] ^= subL[1]; subR[24] ^= subR[1];
d64beac0
NT		 581
582 /* absorb kw4 to other subkeys */
1721a812 583 kw4l = subL[25]; kw4r = subR[25];
d64beac0 584 /* round 17 */
1721a812 585 subL[22] ^= kw4l; subR[22] ^= kw4r;
d64beac0 586 /* round 15 */
1721a812 587 subL[20] ^= kw4l; subR[20] ^= kw4r;
d64beac0 588 /* round 13 */
1721a812
DV		 589 subL[18] ^= kw4l; subR[18] ^= kw4r;
590 kw4l ^= kw4r & ~subR[16];
591 dw = kw4l & subL[16],
3a5e5f81 592 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
d64beac0 593 /* round 11 */
1721a812 594 subL[14] ^= kw4l; subR[14] ^= kw4r;
d64beac0 595 /* round 9 */
1721a812 596 subL[12] ^= kw4l; subR[12] ^= kw4r;
d64beac0 597 /* round 7 */
1721a812
DV		 598 subL[10] ^= kw4l; subR[10] ^= kw4r;
599 kw4l ^= kw4r & ~subR[8];
600 dw = kw4l & subL[8],
3a5e5f81 601 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
d64beac0 602 /* round 5 */
1721a812 603 subL[6] ^= kw4l; subR[6] ^= kw4r;
d64beac0 604 /* round 3 */
1721a812 605 subL[4] ^= kw4l; subR[4] ^= kw4r;
d64beac0 606 /* round 1 */
1721a812 607 subL[2] ^= kw4l; subR[2] ^= kw4r;
d64beac0 608 /* kw1 */
1721a812 609 subL[0] ^= kw4l; subR[0] ^= kw4r;
d64beac0
NT		 610
611 /* key XOR is end of F-function */
3a5e5f81
DV		 612 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
613 SUBKEY_R(0) = subR[0] ^ subR[2];
614 SUBKEY_L(2) = subL[3]; /* round 1 */
615 SUBKEY_R(2) = subR[3];
616 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
617 SUBKEY_R(3) = subR[2] ^ subR[4];
618 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
619 SUBKEY_R(4) = subR[3] ^ subR[5];
620 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
621 SUBKEY_R(5) = subR[4] ^ subR[6];
622 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
623 SUBKEY_R(6) = subR[5] ^ subR[7];
1721a812
DV		 624 tl = subL[10] ^ (subR[10] & ~subR[8]);
625 dw = tl & subL[8], /* FL(kl1) */
3a5e5f81
DV		 626 tr = subR[10] ^ ROL1(dw);
627 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
628 SUBKEY_R(7) = subR[6] ^ tr;
629 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
630 SUBKEY_R(8) = subR[8];
631 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
632 SUBKEY_R(9) = subR[9];
1721a812
DV		 633 tl = subL[7] ^ (subR[7] & ~subR[9]);
634 dw = tl & subL[9], /* FLinv(kl2) */
3a5e5f81
DV		 635 tr = subR[7] ^ ROL1(dw);
636 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
637 SUBKEY_R(10) = tr ^ subR[11];
638 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
639 SUBKEY_R(11) = subR[10] ^ subR[12];
640 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
641 SUBKEY_R(12) = subR[11] ^ subR[13];
642 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
643 SUBKEY_R(13) = subR[12] ^ subR[14];
644 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
645 SUBKEY_R(14) = subR[13] ^ subR[15];
1721a812
DV		 646 tl = subL[18] ^ (subR[18] & ~subR[16]);
647 dw = tl & subL[16], /* FL(kl3) */
3a5e5f81
DV		 648 tr = subR[18] ^ ROL1(dw);
649 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
650 SUBKEY_R(15) = subR[14] ^ tr;
651 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
652 SUBKEY_R(16) = subR[16];
653 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
654 SUBKEY_R(17) = subR[17];
1721a812
DV		 655 tl = subL[15] ^ (subR[15] & ~subR[17]);
656 dw = tl & subL[17], /* FLinv(kl4) */
3a5e5f81
DV		 657 tr = subR[15] ^ ROL1(dw);
658 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
659 SUBKEY_R(18) = tr ^ subR[19];
660 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
661 SUBKEY_R(19) = subR[18] ^ subR[20];
662 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
663 SUBKEY_R(20) = subR[19] ^ subR[21];
664 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
665 SUBKEY_R(21) = subR[20] ^ subR[22];
666 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
667 SUBKEY_R(22) = subR[21] ^ subR[23];
668 SUBKEY_L(23) = subL[22]; /* round 18 */
669 SUBKEY_R(23) = subR[22];
670 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
671 SUBKEY_R(24) = subR[24] ^ subR[23];
d64beac0
NT		 672
673 /* apply the inverse of the last half of P-function */
d3e74805 674 camellia_setup_tail(subkey, 24);
d64beac0
NT		 675}
676
d64beac0
NT		 677static void camellia_setup256(const unsigned char *key, u32 *subkey)
678{
1ce73e8d
DV		 679 u32 kll, klr, krl, krr; /* left half of key */
680 u32 krll, krlr, krrl, krrr; /* right half of key */
d64beac0
NT		 681 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
682 u32 kw4l, kw4r, dw, tl, tr;
683 u32 subL[34];
684 u32 subR[34];
685
686 /**
687 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
688 * (|| is concatination)
689 */
1ce73e8d
DV		 690 GETU32(kll, key );
691 GETU32(klr, key + 4);
692 GETU32(krl, key + 8);
693 GETU32(krr, key + 12);
694 GETU32(krll, key + 16);
695 GETU32(krlr, key + 20);
696 GETU32(krrl, key + 24);
697 GETU32(krrr, key + 28);
d64beac0
NT		 698
699 /* generate KL dependent subkeys */
700 /* kw1 */
1721a812 701 subL[0] = kll; subR[0] = klr;
d64beac0 702 /* kw2 */
1721a812 703 subL[1] = krl; subR[1] = krr;
3a5e5f81 704 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
d64beac0 705 /* k9 */
1721a812 706 subL[12] = kll; subR[12] = klr;
d64beac0 707 /* k10 */
1721a812 708 subL[13] = krl; subR[13] = krr;
3a5e5f81 709 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 710 /* kl3 */
1721a812 711 subL[16] = kll; subR[16] = klr;
d64beac0 712 /* kl4 */
1721a812 713 subL[17] = krl; subR[17] = krr;
3a5e5f81 714 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
d64beac0 715 /* k17 */
1721a812 716 subL[22] = kll; subR[22] = klr;
d64beac0 717 /* k18 */
1721a812 718 subL[23] = krl; subR[23] = krr;
3a5e5f81 719 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
d64beac0 720 /* k23 */
1721a812 721 subL[30] = kll; subR[30] = klr;
d64beac0 722 /* k24 */
1721a812 723 subL[31] = krl; subR[31] = krr;
d64beac0
NT		 724
725 /* generate KR dependent subkeys */
3a5e5f81 726 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
d64beac0 727 /* k3 */
1721a812 728 subL[4] = krll; subR[4] = krlr;
d64beac0 729 /* k4 */
1721a812 730 subL[5] = krrl; subR[5] = krrr;
3a5e5f81 731 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
d64beac0 732 /* kl1 */
1721a812 733 subL[8] = krll; subR[8] = krlr;
d64beac0 734 /* kl2 */
1721a812 735 subL[9] = krrl; subR[9] = krrr;
3a5e5f81 736 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
d64beac0 737 /* k13 */
1721a812 738 subL[18] = krll; subR[18] = krlr;
d64beac0 739 /* k14 */
1721a812 740 subL[19] = krrl; subR[19] = krrr;
3a5e5f81 741 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
d64beac0 742 /* k19 */
1721a812 743 subL[26] = krll; subR[26] = krlr;
d64beac0 744 /* k20 */
1721a812 745 subL[27] = krrl; subR[27] = krrr;
3a5e5f81 746 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
d64beac0
NT		 747
748 /* generate KA */
1721a812
DV		 749 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
750 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
d64beac0
NT		 751 CAMELLIA_F(kll, klr,
752 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
753 w0, w1, il, ir, t0, t1);
754 krl ^= w0; krr ^= w1;
755 CAMELLIA_F(krl, krr,
756 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
757 kll, klr, il, ir, t0, t1);
758 kll ^= krll; klr ^= krlr;
759 CAMELLIA_F(kll, klr,
760 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
761 krl, krr, il, ir, t0, t1);
762 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
763 CAMELLIA_F(krl, krr,
764 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
765 w0, w1, il, ir, t0, t1);
766 kll ^= w0; klr ^= w1;
767
768 /* generate KB */
769 krll ^= kll; krlr ^= klr;
770 krrl ^= krl; krrr ^= krr;
771 CAMELLIA_F(krll, krlr,
772 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
773 w0, w1, il, ir, t0, t1);
774 krrl ^= w0; krrr ^= w1;
775 CAMELLIA_F(krrl, krrr,
776 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
777 w0, w1, il, ir, t0, t1);
778 krll ^= w0; krlr ^= w1;
779
780 /* generate KA dependent subkeys */
3a5e5f81 781 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
d64beac0 782 /* k5 */
1721a812 783 subL[6] = kll; subR[6] = klr;
d64beac0 784 /* k6 */
1721a812 785 subL[7] = krl; subR[7] = krr;
3a5e5f81 786 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
d64beac0 787 /* k11 */
1721a812 788 subL[14] = kll; subR[14] = klr;
d64beac0 789 /* k12 */
1721a812 790 subL[15] = krl; subR[15] = krr;
d64beac0
NT		 791 /* rotation left shift 32bit */
792 /* kl5 */
1721a812 793 subL[24] = klr; subR[24] = krl;
d64beac0 794 /* kl6 */
1721a812 795 subL[25] = krr; subR[25] = kll;
d64beac0 796 /* rotation left shift 49 from k11,k12 -> k21,k22 */
3a5e5f81 797 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
d64beac0 798 /* k21 */
1721a812 799 subL[28] = kll; subR[28] = klr;
d64beac0 800 /* k22 */
1721a812 801 subL[29] = krl; subR[29] = krr;
d64beac0
NT		 802
803 /* generate KB dependent subkeys */
804 /* k1 */
1721a812 805 subL[2] = krll; subR[2] = krlr;
d64beac0 806 /* k2 */
1721a812 807 subL[3] = krrl; subR[3] = krrr;
3a5e5f81 808 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
d64beac0 809 /* k7 */
1721a812 810 subL[10] = krll; subR[10] = krlr;
d64beac0 811 /* k8 */
1721a812 812 subL[11] = krrl; subR[11] = krrr;
3a5e5f81 813 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
d64beac0 814 /* k15 */
1721a812 815 subL[20] = krll; subR[20] = krlr;
d64beac0 816 /* k16 */
1721a812 817 subL[21] = krrl; subR[21] = krrr;
3a5e5f81 818 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
d64beac0 819 /* kw3 */
1721a812 820 subL[32] = krll; subR[32] = krlr;
d64beac0 821 /* kw4 */
1721a812 822 subL[33] = krrl; subR[33] = krrr;
d64beac0
NT		 823
824 /* absorb kw2 to other subkeys */
825 /* round 2 */
1721a812 826 subL[3] ^= subL[1]; subR[3] ^= subR[1];
d64beac0 827 /* round 4 */
1721a812 828 subL[5] ^= subL[1]; subR[5] ^= subR[1];
d64beac0 829 /* round 6 */
1721a812
DV		 830 subL[7] ^= subL[1]; subR[7] ^= subR[1];
831 subL[1] ^= subR[1] & ~subR[9];
832 dw = subL[1] & subL[9],
3a5e5f81 833 subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */
d64beac0 834 /* round 8 */
1721a812 835 subL[11] ^= subL[1]; subR[11] ^= subR[1];
d64beac0 836 /* round 10 */
1721a812 837 subL[13] ^= subL[1]; subR[13] ^= subR[1];
d64beac0 838 /* round 12 */
1721a812
DV		 839 subL[15] ^= subL[1]; subR[15] ^= subR[1];
840 subL[1] ^= subR[1] & ~subR[17];
841 dw = subL[1] & subL[17],
3a5e5f81 842 subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */
d64beac0 843 /* round 14 */
1721a812 844 subL[19] ^= subL[1]; subR[19] ^= subR[1];
d64beac0 845 /* round 16 */
1721a812 846 subL[21] ^= subL[1]; subR[21] ^= subR[1];
d64beac0 847 /* round 18 */
1721a812
DV		 848 subL[23] ^= subL[1]; subR[23] ^= subR[1];
849 subL[1] ^= subR[1] & ~subR[25];
850 dw = subL[1] & subL[25],
3a5e5f81 851 subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */
d64beac0 852 /* round 20 */
1721a812 853 subL[27] ^= subL[1]; subR[27] ^= subR[1];
d64beac0 854 /* round 22 */
1721a812 855 subL[29] ^= subL[1]; subR[29] ^= subR[1];
d64beac0 856 /* round 24 */
1721a812 857 subL[31] ^= subL[1]; subR[31] ^= subR[1];
d64beac0 858 /* kw3 */
1721a812 859 subL[32] ^= subL[1]; subR[32] ^= subR[1];
d64beac0
NT		 860
861 /* absorb kw4 to other subkeys */
1721a812 862 kw4l = subL[33]; kw4r = subR[33];
d64beac0 863 /* round 23 */
1721a812 864 subL[30] ^= kw4l; subR[30] ^= kw4r;
d64beac0 865 /* round 21 */
1721a812 866 subL[28] ^= kw4l; subR[28] ^= kw4r;
d64beac0 867 /* round 19 */
1721a812
DV		 868 subL[26] ^= kw4l; subR[26] ^= kw4r;
869 kw4l ^= kw4r & ~subR[24];
870 dw = kw4l & subL[24],
3a5e5f81 871 kw4r ^= ROL1(dw); /* modified for FL(kl5) */
d64beac0 872 /* round 17 */
1721a812 873 subL[22] ^= kw4l; subR[22] ^= kw4r;
d64beac0 874 /* round 15 */
1721a812 875 subL[20] ^= kw4l; subR[20] ^= kw4r;
d64beac0 876 /* round 13 */
1721a812
DV		 877 subL[18] ^= kw4l; subR[18] ^= kw4r;
878 kw4l ^= kw4r & ~subR[16];
879 dw = kw4l & subL[16],
3a5e5f81 880 kw4r ^= ROL1(dw); /* modified for FL(kl3) */
d64beac0 881 /* round 11 */
1721a812 882 subL[14] ^= kw4l; subR[14] ^= kw4r;
d64beac0 883 /* round 9 */
1721a812 884 subL[12] ^= kw4l; subR[12] ^= kw4r;
d64beac0 885 /* round 7 */
1721a812
DV		 886 subL[10] ^= kw4l; subR[10] ^= kw4r;
887 kw4l ^= kw4r & ~subR[8];
888 dw = kw4l & subL[8],
3a5e5f81 889 kw4r ^= ROL1(dw); /* modified for FL(kl1) */
d64beac0 890 /* round 5 */
1721a812 891 subL[6] ^= kw4l; subR[6] ^= kw4r;
d64beac0 892 /* round 3 */
1721a812 893 subL[4] ^= kw4l; subR[4] ^= kw4r;
d64beac0 894 /* round 1 */
1721a812 895 subL[2] ^= kw4l; subR[2] ^= kw4r;
d64beac0 896 /* kw1 */
1721a812 897 subL[0] ^= kw4l; subR[0] ^= kw4r;
d64beac0
NT		 898
899 /* key XOR is end of F-function */
3a5e5f81
DV		 900 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
901 SUBKEY_R(0) = subR[0] ^ subR[2];
902 SUBKEY_L(2) = subL[3]; /* round 1 */
903 SUBKEY_R(2) = subR[3];
904 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
905 SUBKEY_R(3) = subR[2] ^ subR[4];
906 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
907 SUBKEY_R(4) = subR[3] ^ subR[5];
908 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
909 SUBKEY_R(5) = subR[4] ^ subR[6];
910 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
911 SUBKEY_R(6) = subR[5] ^ subR[7];
1721a812
DV		 912 tl = subL[10] ^ (subR[10] & ~subR[8]);
913 dw = tl & subL[8], /* FL(kl1) */
3a5e5f81
DV		 914 tr = subR[10] ^ ROL1(dw);
915 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
916 SUBKEY_R(7) = subR[6] ^ tr;
917 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
918 SUBKEY_R(8) = subR[8];
919 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
920 SUBKEY_R(9) = subR[9];
1721a812
DV		 921 tl = subL[7] ^ (subR[7] & ~subR[9]);
922 dw = tl & subL[9], /* FLinv(kl2) */
3a5e5f81
DV		 923 tr = subR[7] ^ ROL1(dw);
924 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
925 SUBKEY_R(10) = tr ^ subR[11];
926 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
927 SUBKEY_R(11) = subR[10] ^ subR[12];
928 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
929 SUBKEY_R(12) = subR[11] ^ subR[13];
930 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
931 SUBKEY_R(13) = subR[12] ^ subR[14];
932 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
933 SUBKEY_R(14) = subR[13] ^ subR[15];
1721a812
DV		 934 tl = subL[18] ^ (subR[18] & ~subR[16]);
935 dw = tl & subL[16], /* FL(kl3) */
3a5e5f81
DV		 936 tr = subR[18] ^ ROL1(dw);
937 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
938 SUBKEY_R(15) = subR[14] ^ tr;
939 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
940 SUBKEY_R(16) = subR[16];
941 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
942 SUBKEY_R(17) = subR[17];
1721a812
DV		 943 tl = subL[15] ^ (subR[15] & ~subR[17]);
944 dw = tl & subL[17], /* FLinv(kl4) */
3a5e5f81
DV		 945 tr = subR[15] ^ ROL1(dw);
946 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
947 SUBKEY_R(18) = tr ^ subR[19];
948 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
949 SUBKEY_R(19) = subR[18] ^ subR[20];
950 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
951 SUBKEY_R(20) = subR[19] ^ subR[21];
952 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
953 SUBKEY_R(21) = subR[20] ^ subR[22];
954 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
955 SUBKEY_R(22) = subR[21] ^ subR[23];
956 tl = subL[26] ^ (subR[26] & ~subR[24]);
1721a812 957 dw = tl & subL[24], /* FL(kl5) */
3a5e5f81
DV		 958 tr = subR[26] ^ ROL1(dw);
959 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
960 SUBKEY_R(23) = subR[22] ^ tr;
961 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
962 SUBKEY_R(24) = subR[24];
963 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
964 SUBKEY_R(25) = subR[25];
965 tl = subL[23] ^ (subR[23] & ~subR[25]);
1721a812 966 dw = tl & subL[25], /* FLinv(kl6) */
3a5e5f81
DV		 967 tr = subR[23] ^ ROL1(dw);
968 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
969 SUBKEY_R(26) = tr ^ subR[27];
970 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
971 SUBKEY_R(27) = subR[26] ^ subR[28];
972 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
973 SUBKEY_R(28) = subR[27] ^ subR[29];
974 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
975 SUBKEY_R(29) = subR[28] ^ subR[30];
976 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
977 SUBKEY_R(30) = subR[29] ^ subR[31];
978 SUBKEY_L(31) = subL[30]; /* round 24 */
979 SUBKEY_R(31) = subR[30];
980 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
981 SUBKEY_R(32) = subR[32] ^ subR[31];
d64beac0
NT		 982
983 /* apply the inverse of the last half of P-function */
d3e74805 984 camellia_setup_tail(subkey, 32);
d64beac0
NT		 985}
986
987static void camellia_setup192(const unsigned char *key, u32 *subkey)
988{
989 unsigned char kk[32];
990 u32 krll, krlr, krrl,krrr;
991
992 memcpy(kk, key, 24);
1721a812
DV		 993 memcpy((unsigned char *)&krll, key+16, 4);
994 memcpy((unsigned char *)&krlr, key+20, 4);
d64beac0
NT		 995 krrl = ~krll;
996 krrr = ~krlr;
997 memcpy(kk+24, (unsigned char *)&krrl, 4);
998 memcpy(kk+28, (unsigned char *)&krrr, 4);
999 camellia_setup256(kk, subkey);
d64beac0
NT		 1000}
1001
1002
3a5e5f81 1003static void camellia_encrypt128(const u32 *subkey, u32 *io_text)
d64beac0 1004{
3a5e5f81 1005 u32 il,ir,t0,t1; /* temporary variables */
d64beac0
NT		 1006
1007 u32 io[4];
1008
1721a812 1009 /* pre whitening but absorb kw2 */
3a5e5f81
DV		 1010 io[0] = io_text[0] ^ SUBKEY_L(0);
1011 io[1] = io_text[1] ^ SUBKEY_R(0);
1012 io[2] = io_text[2];
1013 io[3] = io_text[3];
d64beac0 1014
1721a812 1015 /* main iteration */
d64beac0 1016 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1017 SUBKEY_L(2),SUBKEY_R(2),
d64beac0
NT		 1018 io[2],io[3],il,ir,t0,t1);
1019 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1020 SUBKEY_L(3),SUBKEY_R(3),
d64beac0
NT		 1021 io[0],io[1],il,ir,t0,t1);
1022 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1023 SUBKEY_L(4),SUBKEY_R(4),
d64beac0
NT		 1024 io[2],io[3],il,ir,t0,t1);
1025 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1026 SUBKEY_L(5),SUBKEY_R(5),
d64beac0
NT		 1027 io[0],io[1],il,ir,t0,t1);
1028 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1029 SUBKEY_L(6),SUBKEY_R(6),
d64beac0
NT		 1030 io[2],io[3],il,ir,t0,t1);
1031 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1032 SUBKEY_L(7),SUBKEY_R(7),
d64beac0
NT		 1033 io[0],io[1],il,ir,t0,t1);
1034
1035 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1036 SUBKEY_L(8),SUBKEY_R(8),
1037 SUBKEY_L(9),SUBKEY_R(9),
d64beac0
NT		 1038 t0,t1,il,ir);
1039
1040 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1041 SUBKEY_L(10),SUBKEY_R(10),
d64beac0
NT		 1042 io[2],io[3],il,ir,t0,t1);
1043 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1044 SUBKEY_L(11),SUBKEY_R(11),
d64beac0
NT		 1045 io[0],io[1],il,ir,t0,t1);
1046 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1047 SUBKEY_L(12),SUBKEY_R(12),
d64beac0
NT		 1048 io[2],io[3],il,ir,t0,t1);
1049 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1050 SUBKEY_L(13),SUBKEY_R(13),
d64beac0
NT		 1051 io[0],io[1],il,ir,t0,t1);
1052 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1053 SUBKEY_L(14),SUBKEY_R(14),
d64beac0
NT		 1054 io[2],io[3],il,ir,t0,t1);
1055 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1056 SUBKEY_L(15),SUBKEY_R(15),
d64beac0
NT		 1057 io[0],io[1],il,ir,t0,t1);
1058
1059 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1060 SUBKEY_L(16),SUBKEY_R(16),
1061 SUBKEY_L(17),SUBKEY_R(17),
d64beac0
NT		 1062 t0,t1,il,ir);
1063
1064 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1065 SUBKEY_L(18),SUBKEY_R(18),
d64beac0
NT		 1066 io[2],io[3],il,ir,t0,t1);
1067 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1068 SUBKEY_L(19),SUBKEY_R(19),
d64beac0
NT		 1069 io[0],io[1],il,ir,t0,t1);
1070 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1071 SUBKEY_L(20),SUBKEY_R(20),
d64beac0
NT		 1072 io[2],io[3],il,ir,t0,t1);
1073 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1074 SUBKEY_L(21),SUBKEY_R(21),
d64beac0
NT		 1075 io[0],io[1],il,ir,t0,t1);
1076 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1077 SUBKEY_L(22),SUBKEY_R(22),
d64beac0
NT		 1078 io[2],io[3],il,ir,t0,t1);
1079 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1080 SUBKEY_L(23),SUBKEY_R(23),
d64beac0
NT		 1081 io[0],io[1],il,ir,t0,t1);
1082
1083 /* post whitening but kw4 */
3a5e5f81
DV		 1084 io_text[0] = io[2] ^ SUBKEY_L(24);
1085 io_text[1] = io[3] ^ SUBKEY_R(24);
1086 io_text[2] = io[0];
1087 io_text[3] = io[1];
d64beac0
NT		 1088}
1089
3a5e5f81 1090static void camellia_decrypt128(const u32 *subkey, u32 *io_text)
d64beac0 1091{
3a5e5f81 1092 u32 il,ir,t0,t1; /* temporary variables */
d64beac0
NT		 1093
1094 u32 io[4];
1095
1721a812 1096 /* pre whitening but absorb kw2 */
3a5e5f81
DV		 1097 io[0] = io_text[0] ^ SUBKEY_L(24);
1098 io[1] = io_text[1] ^ SUBKEY_R(24);
1099 io[2] = io_text[2];
1100 io[3] = io_text[3];
d64beac0
NT		 1101
1102 /* main iteration */
1103 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1104 SUBKEY_L(23),SUBKEY_R(23),
d64beac0
NT		 1105 io[2],io[3],il,ir,t0,t1);
1106 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1107 SUBKEY_L(22),SUBKEY_R(22),
d64beac0
NT		 1108 io[0],io[1],il,ir,t0,t1);
1109 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1110 SUBKEY_L(21),SUBKEY_R(21),
d64beac0
NT		 1111 io[2],io[3],il,ir,t0,t1);
1112 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1113 SUBKEY_L(20),SUBKEY_R(20),
d64beac0
NT		 1114 io[0],io[1],il,ir,t0,t1);
1115 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1116 SUBKEY_L(19),SUBKEY_R(19),
d64beac0
NT		 1117 io[2],io[3],il,ir,t0,t1);
1118 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1119 SUBKEY_L(18),SUBKEY_R(18),
d64beac0
NT		 1120 io[0],io[1],il,ir,t0,t1);
1121
1122 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1123 SUBKEY_L(17),SUBKEY_R(17),
1124 SUBKEY_L(16),SUBKEY_R(16),
d64beac0
NT		 1125 t0,t1,il,ir);
1126
1127 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1128 SUBKEY_L(15),SUBKEY_R(15),
d64beac0
NT		 1129 io[2],io[3],il,ir,t0,t1);
1130 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1131 SUBKEY_L(14),SUBKEY_R(14),
d64beac0
NT		 1132 io[0],io[1],il,ir,t0,t1);
1133 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1134 SUBKEY_L(13),SUBKEY_R(13),
d64beac0
NT		 1135 io[2],io[3],il,ir,t0,t1);
1136 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1137 SUBKEY_L(12),SUBKEY_R(12),
d64beac0
NT		 1138 io[0],io[1],il,ir,t0,t1);
1139 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1140 SUBKEY_L(11),SUBKEY_R(11),
d64beac0
NT		 1141 io[2],io[3],il,ir,t0,t1);
1142 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1143 SUBKEY_L(10),SUBKEY_R(10),
d64beac0
NT		 1144 io[0],io[1],il,ir,t0,t1);
1145
1146 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1147 SUBKEY_L(9),SUBKEY_R(9),
1148 SUBKEY_L(8),SUBKEY_R(8),
d64beac0
NT		 1149 t0,t1,il,ir);
1150
1151 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1152 SUBKEY_L(7),SUBKEY_R(7),
d64beac0
NT		 1153 io[2],io[3],il,ir,t0,t1);
1154 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1155 SUBKEY_L(6),SUBKEY_R(6),
d64beac0
NT		 1156 io[0],io[1],il,ir,t0,t1);
1157 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1158 SUBKEY_L(5),SUBKEY_R(5),
d64beac0
NT		 1159 io[2],io[3],il,ir,t0,t1);
1160 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1161 SUBKEY_L(4),SUBKEY_R(4),
d64beac0
NT		 1162 io[0],io[1],il,ir,t0,t1);
1163 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1164 SUBKEY_L(3),SUBKEY_R(3),
d64beac0
NT		 1165 io[2],io[3],il,ir,t0,t1);
1166 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1167 SUBKEY_L(2),SUBKEY_R(2),
d64beac0
NT		 1168 io[0],io[1],il,ir,t0,t1);
1169
1170 /* post whitening but kw4 */
3a5e5f81
DV		 1171 io_text[0] = io[2] ^ SUBKEY_L(0);
1172 io_text[1] = io[3] ^ SUBKEY_R(0);
1173 io_text[2] = io[0];
1174 io_text[3] = io[1];
d64beac0
NT		 1175}
1176
3a5e5f81 1177static void camellia_encrypt256(const u32 *subkey, u32 *io_text)
d64beac0 1178{
3a5e5f81 1179 u32 il,ir,t0,t1; /* temporary variables */
d64beac0
NT		 1180
1181 u32 io[4];
1182
1721a812 1183 /* pre whitening but absorb kw2 */
3a5e5f81
DV		 1184 io[0] = io_text[0] ^ SUBKEY_L(0);
1185 io[1] = io_text[1] ^ SUBKEY_R(0);
1186 io[2] = io_text[2];
1187 io[3] = io_text[3];
d64beac0
NT		 1188
1189 /* main iteration */
1190 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1191 SUBKEY_L(2),SUBKEY_R(2),
d64beac0
NT		 1192 io[2],io[3],il,ir,t0,t1);
1193 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1194 SUBKEY_L(3),SUBKEY_R(3),
d64beac0
NT		 1195 io[0],io[1],il,ir,t0,t1);
1196 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1197 SUBKEY_L(4),SUBKEY_R(4),
d64beac0
NT		 1198 io[2],io[3],il,ir,t0,t1);
1199 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1200 SUBKEY_L(5),SUBKEY_R(5),
d64beac0
NT		 1201 io[0],io[1],il,ir,t0,t1);
1202 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1203 SUBKEY_L(6),SUBKEY_R(6),
d64beac0
NT		 1204 io[2],io[3],il,ir,t0,t1);
1205 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1206 SUBKEY_L(7),SUBKEY_R(7),
d64beac0
NT		 1207 io[0],io[1],il,ir,t0,t1);
1208
1209 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1210 SUBKEY_L(8),SUBKEY_R(8),
1211 SUBKEY_L(9),SUBKEY_R(9),
d64beac0
NT		 1212 t0,t1,il,ir);
1213
1214 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1215 SUBKEY_L(10),SUBKEY_R(10),
d64beac0
NT		 1216 io[2],io[3],il,ir,t0,t1);
1217 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1218 SUBKEY_L(11),SUBKEY_R(11),
d64beac0
NT		 1219 io[0],io[1],il,ir,t0,t1);
1220 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1221 SUBKEY_L(12),SUBKEY_R(12),
d64beac0
NT		 1222 io[2],io[3],il,ir,t0,t1);
1223 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1224 SUBKEY_L(13),SUBKEY_R(13),
d64beac0
NT		 1225 io[0],io[1],il,ir,t0,t1);
1226 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1227 SUBKEY_L(14),SUBKEY_R(14),
d64beac0
NT		 1228 io[2],io[3],il,ir,t0,t1);
1229 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1230 SUBKEY_L(15),SUBKEY_R(15),
d64beac0
NT		 1231 io[0],io[1],il,ir,t0,t1);
1232
1233 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1234 SUBKEY_L(16),SUBKEY_R(16),
1235 SUBKEY_L(17),SUBKEY_R(17),
d64beac0
NT		 1236 t0,t1,il,ir);
1237
1238 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1239 SUBKEY_L(18),SUBKEY_R(18),
d64beac0
NT		 1240 io[2],io[3],il,ir,t0,t1);
1241 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1242 SUBKEY_L(19),SUBKEY_R(19),
d64beac0
NT		 1243 io[0],io[1],il,ir,t0,t1);
1244 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1245 SUBKEY_L(20),SUBKEY_R(20),
d64beac0
NT		 1246 io[2],io[3],il,ir,t0,t1);
1247 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1248 SUBKEY_L(21),SUBKEY_R(21),
d64beac0
NT		 1249 io[0],io[1],il,ir,t0,t1);
1250 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1251 SUBKEY_L(22),SUBKEY_R(22),
d64beac0
NT		 1252 io[2],io[3],il,ir,t0,t1);
1253 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1254 SUBKEY_L(23),SUBKEY_R(23),
d64beac0
NT		 1255 io[0],io[1],il,ir,t0,t1);
1256
1257 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1258 SUBKEY_L(24),SUBKEY_R(24),
1259 SUBKEY_L(25),SUBKEY_R(25),
d64beac0
NT		 1260 t0,t1,il,ir);
1261
1262 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1263 SUBKEY_L(26),SUBKEY_R(26),
d64beac0
NT		 1264 io[2],io[3],il,ir,t0,t1);
1265 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1266 SUBKEY_L(27),SUBKEY_R(27),
d64beac0
NT		 1267 io[0],io[1],il,ir,t0,t1);
1268 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1269 SUBKEY_L(28),SUBKEY_R(28),
d64beac0
NT		 1270 io[2],io[3],il,ir,t0,t1);
1271 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1272 SUBKEY_L(29),SUBKEY_R(29),
d64beac0
NT		 1273 io[0],io[1],il,ir,t0,t1);
1274 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1275 SUBKEY_L(30),SUBKEY_R(30),
d64beac0
NT		 1276 io[2],io[3],il,ir,t0,t1);
1277 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1278 SUBKEY_L(31),SUBKEY_R(31),
d64beac0
NT		 1279 io[0],io[1],il,ir,t0,t1);
1280
1281 /* post whitening but kw4 */
3a5e5f81
DV		 1282 io_text[0] = io[2] ^ SUBKEY_L(32);
1283 io_text[1] = io[3] ^ SUBKEY_R(32);
1284 io_text[2] = io[0];
1285 io_text[3] = io[1];
d64beac0
NT		 1286}
1287
3a5e5f81 1288static void camellia_decrypt256(const u32 *subkey, u32 *io_text)
d64beac0 1289{
3a5e5f81 1290 u32 il,ir,t0,t1; /* temporary variables */
d64beac0
NT		 1291
1292 u32 io[4];
1293
1721a812 1294 /* pre whitening but absorb kw2 */
3a5e5f81
DV		 1295 io[0] = io_text[0] ^ SUBKEY_L(32);
1296 io[1] = io_text[1] ^ SUBKEY_R(32);
1297 io[2] = io_text[2];
1298 io[3] = io_text[3];
d64beac0
NT		 1299
1300 /* main iteration */
1301 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1302 SUBKEY_L(31),SUBKEY_R(31),
d64beac0
NT		 1303 io[2],io[3],il,ir,t0,t1);
1304 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1305 SUBKEY_L(30),SUBKEY_R(30),
d64beac0
NT		 1306 io[0],io[1],il,ir,t0,t1);
1307 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1308 SUBKEY_L(29),SUBKEY_R(29),
d64beac0
NT		 1309 io[2],io[3],il,ir,t0,t1);
1310 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1311 SUBKEY_L(28),SUBKEY_R(28),
d64beac0
NT		 1312 io[0],io[1],il,ir,t0,t1);
1313 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1314 SUBKEY_L(27),SUBKEY_R(27),
d64beac0
NT		 1315 io[2],io[3],il,ir,t0,t1);
1316 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1317 SUBKEY_L(26),SUBKEY_R(26),
d64beac0
NT		 1318 io[0],io[1],il,ir,t0,t1);
1319
1320 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1321 SUBKEY_L(25),SUBKEY_R(25),
1322 SUBKEY_L(24),SUBKEY_R(24),
d64beac0
NT		 1323 t0,t1,il,ir);
1324
1325 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1326 SUBKEY_L(23),SUBKEY_R(23),
d64beac0
NT		 1327 io[2],io[3],il,ir,t0,t1);
1328 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1329 SUBKEY_L(22),SUBKEY_R(22),
d64beac0
NT		 1330 io[0],io[1],il,ir,t0,t1);
1331 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1332 SUBKEY_L(21),SUBKEY_R(21),
d64beac0
NT		 1333 io[2],io[3],il,ir,t0,t1);
1334 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1335 SUBKEY_L(20),SUBKEY_R(20),
d64beac0
NT		 1336 io[0],io[1],il,ir,t0,t1);
1337 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1338 SUBKEY_L(19),SUBKEY_R(19),
d64beac0
NT		 1339 io[2],io[3],il,ir,t0,t1);
1340 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1341 SUBKEY_L(18),SUBKEY_R(18),
d64beac0
NT		 1342 io[0],io[1],il,ir,t0,t1);
1343
1344 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1345 SUBKEY_L(17),SUBKEY_R(17),
1346 SUBKEY_L(16),SUBKEY_R(16),
d64beac0
NT		 1347 t0,t1,il,ir);
1348
1349 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1350 SUBKEY_L(15),SUBKEY_R(15),
d64beac0
NT		 1351 io[2],io[3],il,ir,t0,t1);
1352 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1353 SUBKEY_L(14),SUBKEY_R(14),
d64beac0
NT		 1354 io[0],io[1],il,ir,t0,t1);
1355 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1356 SUBKEY_L(13),SUBKEY_R(13),
d64beac0
NT		 1357 io[2],io[3],il,ir,t0,t1);
1358 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1359 SUBKEY_L(12),SUBKEY_R(12),
d64beac0
NT		 1360 io[0],io[1],il,ir,t0,t1);
1361 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1362 SUBKEY_L(11),SUBKEY_R(11),
d64beac0
NT		 1363 io[2],io[3],il,ir,t0,t1);
1364 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1365 SUBKEY_L(10),SUBKEY_R(10),
d64beac0
NT		 1366 io[0],io[1],il,ir,t0,t1);
1367
1368 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
3a5e5f81
DV		 1369 SUBKEY_L(9),SUBKEY_R(9),
1370 SUBKEY_L(8),SUBKEY_R(8),
d64beac0
NT		 1371 t0,t1,il,ir);
1372
1373 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1374 SUBKEY_L(7),SUBKEY_R(7),
d64beac0
NT		 1375 io[2],io[3],il,ir,t0,t1);
1376 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1377 SUBKEY_L(6),SUBKEY_R(6),
d64beac0
NT		 1378 io[0],io[1],il,ir,t0,t1);
1379 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1380 SUBKEY_L(5),SUBKEY_R(5),
d64beac0
NT		 1381 io[2],io[3],il,ir,t0,t1);
1382 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1383 SUBKEY_L(4),SUBKEY_R(4),
d64beac0
NT		 1384 io[0],io[1],il,ir,t0,t1);
1385 CAMELLIA_ROUNDSM(io[0],io[1],
3a5e5f81 1386 SUBKEY_L(3),SUBKEY_R(3),
d64beac0
NT		 1387 io[2],io[3],il,ir,t0,t1);
1388 CAMELLIA_ROUNDSM(io[2],io[3],
3a5e5f81 1389 SUBKEY_L(2),SUBKEY_R(2),
d64beac0
NT		 1390 io[0],io[1],il,ir,t0,t1);
1391
1392 /* post whitening but kw4 */
3a5e5f81
DV		 1393 io_text[0] = io[2] ^ SUBKEY_L(0);
1394 io_text[1] = io[3] ^ SUBKEY_R(0);
1395 io_text[2] = io[0];
1396 io_text[3] = io[1];
d64beac0
NT		 1397}
1398
1399
1721a812
DV		 1400struct camellia_ctx {
1401 int key_length;
1402 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / 4];
1403};
1404
d64beac0
NT		 1405static int
1406camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1407 unsigned int key_len)
1408{
1409 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1410 const unsigned char *key = (const unsigned char *)in_key;
1411 u32 *flags = &tfm->crt_flags;
1412
1413 if (key_len != 16 && key_len != 24 && key_len != 32) {
1414 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1415 return -EINVAL;
1416 }
1417
1418 cctx->key_length = key_len;
1419
1721a812 1420 switch (key_len) {
d64beac0
NT		 1421 case 16:
1422 camellia_setup128(key, cctx->key_table);
1423 break;
1424 case 24:
1425 camellia_setup192(key, cctx->key_table);
1426 break;
1427 case 32:
1428 camellia_setup256(key, cctx->key_table);
1429 break;
d64beac0
NT		 1430 }
1431
1432 return 0;
1433}
1434
d64beac0
NT		 1435static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1436{
1437 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1438 const __be32 *src = (const __be32 *)in;
1439 __be32 *dst = (__be32 *)out;
1440
3a5e5f81 1441 u32 tmp[4];
d64beac0 1442
3a5e5f81
DV		 1443 tmp[0] = be32_to_cpu(src[0]);
1444 tmp[1] = be32_to_cpu(src[1]);
1445 tmp[2] = be32_to_cpu(src[2]);
1446 tmp[3] = be32_to_cpu(src[3]);
d64beac0
NT		 1447
1448 switch (cctx->key_length) {
1449 case 16:
1450 camellia_encrypt128(cctx->key_table, tmp);
1451 break;
1452 case 24:
1453 /* fall through */
1454 case 32:
1455 camellia_encrypt256(cctx->key_table, tmp);
1456 break;
d64beac0
NT		 1457 }
1458
3a5e5f81
DV		 1459 dst[0] = cpu_to_be32(tmp[0]);
1460 dst[1] = cpu_to_be32(tmp[1]);
1461 dst[2] = cpu_to_be32(tmp[2]);
1462 dst[3] = cpu_to_be32(tmp[3]);
d64beac0
NT		 1463}
1464
d64beac0
NT		 1465static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1466{
1467 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1468 const __be32 *src = (const __be32 *)in;
1469 __be32 *dst = (__be32 *)out;
1470
3a5e5f81 1471 u32 tmp[4];
d64beac0 1472
3a5e5f81
DV		 1473 tmp[0] = be32_to_cpu(src[0]);
1474 tmp[1] = be32_to_cpu(src[1]);
1475 tmp[2] = be32_to_cpu(src[2]);
1476 tmp[3] = be32_to_cpu(src[3]);
d64beac0
NT		 1477
1478 switch (cctx->key_length) {
1479 case 16:
1480 camellia_decrypt128(cctx->key_table, tmp);
1481 break;
1482 case 24:
1483 /* fall through */
1484 case 32:
1485 camellia_decrypt256(cctx->key_table, tmp);
1486 break;
d64beac0
NT		 1487 }
1488
3a5e5f81
DV		 1489 dst[0] = cpu_to_be32(tmp[0]);
1490 dst[1] = cpu_to_be32(tmp[1]);
1491 dst[2] = cpu_to_be32(tmp[2]);
1492 dst[3] = cpu_to_be32(tmp[3]);
d64beac0
NT		 1493}
1494
d64beac0
NT		 1495static struct crypto_alg camellia_alg = {
1496 .cra_name = "camellia",
1497 .cra_driver_name = "camellia-generic",
1498 .cra_priority = 100,
1499 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1500 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1501 .cra_ctxsize = sizeof(struct camellia_ctx),
1502 .cra_alignmask = 3,
1503 .cra_module = THIS_MODULE,
1504 .cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1505 .cra_u = {
1506 .cipher = {
1507 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1508 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1509 .cia_setkey = camellia_set_key,
1510 .cia_encrypt = camellia_encrypt,
1511 .cia_decrypt = camellia_decrypt
1512 }
1513 }
1514};
1515
1516static int __init camellia_init(void)
1517{
1518 return crypto_register_alg(&camellia_alg);
1519}
1520
d64beac0
NT		 1521static void __exit camellia_fini(void)
1522{
1523 crypto_unregister_alg(&camellia_alg);
1524}
1525
d64beac0
NT		 1526module_init(camellia_init);
1527module_exit(camellia_fini);
1528
d64beac0
NT		 1529MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1530MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)