camellia.c

openssl

	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
	/* kl3 */
	subl(16) = kll; subr(16) = klr;
	/* kl4 */
	subl(17) = krl; subr(17) = krr;
	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
	/* k17 */
	subl(22) = kll; subr(22) = klr;
	/* k18 */
	subl(23) = krl; subr(23) = krr;
	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
	/* k23 */
	subl(30) = kll; subr(30) = klr;
	/* k24 */
	subl(31) = krl; subr(31) = krr;

	/* generate KR dependent subkeys */
	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
	/* k3 */
	subl(4) = krll; subr(4) = krlr;
	/* k4 */
	subl(5) = krrl; subr(5) = krrr;
	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
	/* kl1 */
	subl(8) = krll; subr(8) = krlr;
	/* kl2 */
	subl(9) = krrl; subr(9) = krrr;
	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
	/* k13 */
	subl(18) = krll; subr(18) = krlr;
	/* k14 */
	subl(19) = krrl; subr(19) = krrr;
	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
	/* k19 */
	subl(26) = krll; subr(26) = krlr;
	/* k20 */
	subl(27) = krrl; subr(27) = krrr;
	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);

	/* generate KA */
	kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
	krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
	CAMELLIA_F(kll, klr,
		CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
		w0, w1, il, ir, t0, t1);
	krl ^= w0; krr ^= w1;
	CAMELLIA_F(krl, krr,
		CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
		kll, klr, il, ir, t0, t1);
	kll ^= krll; klr ^= krlr;
	CAMELLIA_F(kll, klr,
		CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
		krl, krr, il, ir, t0, t1);
	krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
	CAMELLIA_F(krl, krr,
		CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
		w0, w1, il, ir, t0, t1);
	kll ^= w0; klr ^= w1;

	/* generate KB */
	krll ^= kll; krlr ^= klr;
	krrl ^= krl; krrr ^= krr;
	CAMELLIA_F(krll, krlr,
		CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
		w0, w1, il, ir, t0, t1);
	krrl ^= w0; krrr ^= w1;
	CAMELLIA_F(krrl, krrr,
		CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
		w0, w1, il, ir, t0, t1);
	krll ^= w0; krlr ^= w1;

	/* generate KA dependent subkeys */
	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
	/* k5 */
	subl(6) = kll; subr(6) = klr;
	/* k6 */
	subl(7) = krl; subr(7) = krr;
	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
	/* k11 */
	subl(14) = kll; subr(14) = klr;
	/* k12 */
	subl(15) = krl; subr(15) = krr;
	/* rotation left shift 32bit */
	/* kl5 */
	subl(24) = klr; subr(24) = krl;
	/* kl6 */
	subl(25) = krr; subr(25) = kll;
	/* rotation left shift 49 from k11,k12 -> k21,k22 */
	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
	/* k21 */
	subl(28) = kll; subr(28) = klr;
	/* k22 */
	subl(29) = krl; subr(29) = krr;

	/* generate KB dependent subkeys */
	/* k1 */
	subl(2) = krll; subr(2) = krlr;
	/* k2 */
	subl(3) = krrl; subr(3) = krrr;
	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
	/* k7 */
	subl(10) = krll; subr(10) = krlr;
	/* k8 */
	subl(11) = krrl; subr(11) = krrr;
	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
	/* k15 */
	subl(20) = krll; subr(20) = krlr;
	/* k16 */
	subl(21) = krrl; subr(21) = krrr;
	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
	/* kw3 */
	subl(32) = krll; subr(32) = krlr;
	/* kw4 */
	subl(33) = krrl; subr(33) = krrr;

	/* absorb kw2 to other subkeys */
/* round 2 */
	subl(3) ^= subl(1); subr(3) ^= subr(1);
/* round 4 */
	subl(5) ^= subl(1); subr(5) ^= subr(1);
/* round 6 */
	subl(7) ^= subl(1); subr(7) ^= subr(1);
	subl(1) ^= subr(1) & ~subr(9);
	dw = subl(1) & subl(9),
		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
/* round 8 */
	subl(11) ^= subl(1); subr(11) ^= subr(1);
/* round 10 */
	subl(13) ^= subl(1); subr(13) ^= subr(1);
/* round 12 */
	subl(15) ^= subl(1); subr(15) ^= subr(1);
	subl(1) ^= subr(1) & ~subr(17);
	dw = subl(1) & subl(17),
		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
/* round 14 */
	subl(19) ^= subl(1); subr(19) ^= subr(1);
/* round 16 */
	subl(21) ^= subl(1); subr(21) ^= subr(1);
/* round 18 */
	subl(23) ^= subl(1); subr(23) ^= subr(1);
	subl(1) ^= subr(1) & ~subr(25);
	dw = subl(1) & subl(25),
		subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
/* round 20 */
	subl(27) ^= subl(1); subr(27) ^= subr(1);
/* round 22 */
	subl(29) ^= subl(1); subr(29) ^= subr(1);
/* round 24 */
	subl(31) ^= subl(1); subr(31) ^= subr(1);
/* kw3 */
	subl(32) ^= subl(1); subr(32) ^= subr(1);


	/* absorb kw4 to other subkeys */
	kw4l = subl(33); kw4r = subr(33);
/* round 23 */
	subl(30) ^= kw4l; subr(30) ^= kw4r;
/* round 21 */
	subl(28) ^= kw4l; subr(28) ^= kw4r;
/* round 19 */
	subl(26) ^= kw4l; subr(26) ^= kw4r;
	kw4l ^= kw4r & ~subr(24);
	dw = kw4l & subl(24),
		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
/* round 17 */
	subl(22) ^= kw4l; subr(22) ^= kw4r;
/* round 15 */
	subl(20) ^= kw4l; subr(20) ^= kw4r;
/* round 13 */
	subl(18) ^= kw4l; subr(18) ^= kw4r;
	kw4l ^= kw4r & ~subr(16);
	dw = kw4l & subl(16),
		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
/* round 11 */
	subl(14) ^= kw4l; subr(14) ^= kw4r;
/* round 9 */
	subl(12) ^= kw4l; subr(12) ^= kw4r;
/* round 7 */
	subl(10) ^= kw4l; subr(10) ^= kw4r;
	kw4l ^= kw4r & ~subr(8);
	dw = kw4l & subl(8),
		kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
/* round 5 */
	subl(6) ^= kw4l; subr(6) ^= kw4r;
/* round 3 */
	subl(4) ^= kw4l; subr(4) ^= kw4r;
/* round 1 */
	subl(2) ^= kw4l; subr(2) ^= kw4r;
/* kw1 */
	subl(0) ^= kw4l; subr(0) ^= kw4r;

	/* key XOR is end of F-function */
	CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
	CamelliaSubkeyR(0) = subr(0) ^ subr(2);
	CamelliaSubkeyL(2) = subl(3);       /* round 1 */
	CamelliaSubkeyR(2) = subr(3);
	CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
	CamelliaSubkeyR(3) = subr(2) ^ subr(4);
	CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
	CamelliaSubkeyR(4) = subr(3) ^ subr(5);
	CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
	CamelliaSubkeyR(5) = subr(4) ^ subr(6);
	CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
	CamelliaSubkeyR(6) = subr(5) ^ subr(7);
	tl = subl(10) ^ (subr(10) & ~subr(8));
	dw = tl & subl(8),  /* FL(kl1) */
		tr = subr(10) ^ CAMELLIA_RL1(dw);
	CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
	CamelliaSubkeyR(7) = subr(6) ^ tr;
	CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
	CamelliaSubkeyR(8) = subr(8);
	CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
	CamelliaSubkeyR(9) = subr(9);
	tl = subl(7) ^ (subr(7) & ~subr(9));
	dw = tl & subl(9),  /* FLinv(kl2) */
		tr = subr(7) ^ CAMELLIA_RL1(dw);
	CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
	CamelliaSubkeyR(10) = tr ^ subr(11);
	CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
	CamelliaSubkeyR(11) = subr(10) ^ subr(12);
	CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
	CamelliaSubkeyR(12) = subr(11) ^ subr(13);
	CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
	CamelliaSubkeyR(13) = subr(12) ^ subr(14);
	CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
	CamelliaSubkeyR(14) = subr(13) ^ subr(15);
	tl = subl(18) ^ (subr(18) & ~subr(16));
	dw = tl & subl(16), /* FL(kl3) */
		tr = subr(18) ^ CAMELLIA_RL1(dw);
	CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
	CamelliaSubkeyR(15) = subr(14) ^ tr;
	CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
	CamelliaSubkeyR(16) = subr(16);
	CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
	CamelliaSubkeyR(17) = subr(17);
	tl = subl(15) ^ (subr(15) & ~subr(17));
	dw = tl & subl(17), /* FLinv(kl4) */
		tr = subr(15) ^ CAMELLIA_RL1(dw);
	CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
	CamelliaSubkeyR(18) = tr ^ subr(19);
	CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
	CamelliaSubkeyR(19) = subr(18) ^ subr(20);
	CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
	CamelliaSubkeyR(20) = subr(19) ^ subr(21);
	CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
	CamelliaSubkeyR(21) = subr(20) ^ subr(22);
	CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
	CamelliaSubkeyR(22) = subr(21) ^ subr(23);
	tl = subl(26) ^ (subr(26)
		& ~subr(24));
	dw = tl & subl(24), /* FL(kl5) */
		tr = subr(26) ^ CAMELLIA_RL1(dw);
	CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
	CamelliaSubkeyR(23) = subr(22) ^ tr;
	CamelliaSubkeyL(24) = subl(24);     /* FL(kl5) */
	CamelliaSubkeyR(24) = subr(24);
	CamelliaSubkeyL(25) = subl(25);     /* FLinv(kl6) */
	CamelliaSubkeyR(25) = subr(25);
	tl = subl(23) ^ (subr(23) &
		~subr(25));
	dw = tl & subl(25), /* FLinv(kl6) */
		tr = subr(23) ^ CAMELLIA_RL1(dw);
	CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
	CamelliaSubkeyR(26) = tr ^ subr(27);
	CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
	CamelliaSubkeyR(27) = subr(26) ^ subr(28);
	CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
	CamelliaSubkeyR(28) = subr(27) ^ subr(29);
	CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
	CamelliaSubkeyR(29) = subr(28) ^ subr(30);
	CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
	CamelliaSubkeyR(30) = subr(29) ^ subr(31);
	CamelliaSubkeyL(31) = subl(30);     /* round 24 */
	CamelliaSubkeyR(31) = subr(30);
	CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
	CamelliaSubkeyR(32) = subr(32) ^ subr(31);

	/* apply the inverse of the last half of P-function */
	dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
		dw = CAMELLIA_RL8(dw);/* round 1 */
	CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
		CamelliaSubkeyL(2) = dw;
	dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
		dw = CAMELLIA_RL8(dw);/* round 2 */
	CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
		CamelliaSubkeyL(3) = dw;
	dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
		dw = CAMELLIA_RL8(dw);/* round 3 */
	CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
		CamelliaSubkeyL(4) = dw;
	dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
		dw = CAMELLIA_RL8(dw);/* round 4 */
	CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
		CamelliaSubkeyL(5) = dw;
	dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
		dw = CAMELLIA_RL8(dw);/* round 5 */
	CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
		CamelliaSubkeyL(6) = dw;
	dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
		dw = CAMELLIA_RL8(dw);/* round 6 */
	CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
		CamelliaSubkeyL(7) = dw;
	dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
		dw = CAMELLIA_RL8(dw);/* round 7 */
	CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
		CamelliaSubkeyL(10) = dw;
	dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
		dw = CAMELLIA_RL8(dw);/* round 8 */
	CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
		CamelliaSubkeyL(11) = dw;
	dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
		dw = CAMELLIA_RL8(dw);/* round 9 */
	CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
		CamelliaSubkeyL(12) = dw;
	dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
		dw = CAMELLIA_RL8(dw);/* round 10 */
	CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
		CamelliaSubkeyL(13) = dw;
	dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
		dw = CAMELLIA_RL8(dw);/* round 11 */
	CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
		CamelliaSubkeyL(14) = dw;
	dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
		dw = CAMELLIA_RL8(dw);/* round 12 */
	CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
		CamelliaSubkeyL(15) = dw;
	dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
		dw = CAMELLIA_RL8(dw);/* round 13 */
	CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
		CamelliaSubkeyL(18) = dw;
	dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
		dw = CAMELLIA_RL8(dw);/* round 14 */
	CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
		CamelliaSubkeyL(19) = dw;
	dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
		dw = CAMELLIA_RL8(dw);/* round 15 */
	CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
		CamelliaSubkeyL(20) = dw;
	dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
		dw = CAMELLIA_RL8(dw);/* round 16 */
	CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
		CamelliaSubkeyL(21) = dw;
	dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
		dw = CAMELLIA_RL8(dw);/* round 17 */
	CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
		CamelliaSubkeyL(22) = dw;
	dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
		dw = CAMELLIA_RL8(dw);/* round 18 */
	CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
		CamelliaSubkeyL(23) = dw;
	dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
		dw = CAMELLIA_RL8(dw);/* round 19 */
	CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
		CamelliaSubkeyL(26) = dw;
	dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
		dw = CAMELLIA_RL8(dw);/* round 20 */
	CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
		CamelliaSubkeyL(27) = dw;
	dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
		dw = CAMELLIA_RL8(dw);/* round 21 */
	CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
		CamelliaSubkeyL(28) = dw;
	dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
		dw = CAMELLIA_RL8(dw);/* round 22 */
	CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
		CamelliaSubkeyL(29) = dw;
	dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
		dw = CAMELLIA_RL8(dw);/* round 23 */
	CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
		CamelliaSubkeyL(30) = dw;
	dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
		dw = CAMELLIA_RL8(dw);/* round 24 */
	CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
		CamelliaSubkeyL(31) = dw;

    
	return;
	}

void camellia_setup192(const u8 *key, u32 *subkey)
	{
	u8 kk[32];
	u32 krll, krlr, krrl,krrr;

	memcpy(kk, key, 24);
	memcpy((u8 *)&krll, key+16,4);
	memcpy((u8 *)&krlr, key+20,4);
	krrl = ~krll;
	krrr = ~krlr;
	memcpy(kk+24, (u8 *)&krrl, 4);
	memcpy(kk+28, (u8 *)&krrr, 4);
	camellia_setup256(kk, subkey);
	return;
	}


/**
 * Stuff related to camellia encryption/decryption
 */
void camellia_encrypt128(const u32 *subkey, u32 *io)
	{
	u32 il, ir, t0, t1;

	/* pre whitening but absorb kw2*/
	io[0] ^= CamelliaSubkeyL(0);
	io[1] ^= CamelliaSubkeyR(0);
	/* main iteration */