LCOV - code coverage report
Current view: top level - cipher - camellia.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 551 554 99.5 %
Date: 2017-03-02 16:44:37 Functions: 10 10 100.0 %

          Line data    Source code
       1             : /* camellia.h   ver 1.2.0
       2             :  *
       3             :  * Copyright (C) 2006,2007
       4             :  * NTT (Nippon Telegraph and Telephone Corporation).
       5             :  *
       6             :  * This library is free software; you can redistribute it and/or
       7             :  * modify it under the terms of the GNU Lesser General Public
       8             :  * License as published by the Free Software Foundation; either
       9             :  * version 2.1 of the License, or (at your option) any later version.
      10             :  *
      11             :  * This library is distributed in the hope that it will be useful,
      12             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      14             :  * Lesser General Public License for more details.
      15             :  *
      16             :  * You should have received a copy of the GNU Lesser General Public
      17             :  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
      18             :  */
      19             : 
      20             : /*
      21             :  * Algorithm Specification
      22             :  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
      23             :  */
      24             : 
      25             : #include <config.h>
      26             : #include <string.h>
      27             : #include <stdlib.h>
      28             : 
      29             : #include "types.h"
      30             : #include "bufhelp.h"
      31             : #include "camellia.h"
      32             : 
      33             : typedef byte u8;
      34             : 
      35             : /* key constants */
      36             : 
      37             : #define CAMELLIA_SIGMA1L (0xA09E667FL)
      38             : #define CAMELLIA_SIGMA1R (0x3BCC908BL)
      39             : #define CAMELLIA_SIGMA2L (0xB67AE858L)
      40             : #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
      41             : #define CAMELLIA_SIGMA3L (0xC6EF372FL)
      42             : #define CAMELLIA_SIGMA3R (0xE94F82BEL)
      43             : #define CAMELLIA_SIGMA4L (0x54FF53A5L)
      44             : #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
      45             : #define CAMELLIA_SIGMA5L (0x10E527FAL)
      46             : #define CAMELLIA_SIGMA5R (0xDE682D1DL)
      47             : #define CAMELLIA_SIGMA6L (0xB05688C2L)
      48             : #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
      49             : 
      50             : /*
      51             :  *  macros
      52             :  */
      53             : 
      54             : 
      55             : #if defined(_MSC_VER)
      56             : 
      57             : # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
      58             : # define GETU32(p) SWAP(*((u32 *)(p)))
      59             : # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
      60             : 
      61             : #else /* not MS-VC */
      62             : 
      63             : # define GETU32(pt) buf_get_be32(pt)
      64             : # define PUTU32(ct, st) buf_put_be32(ct, st)
      65             : 
      66             : #endif
      67             : 
      68             : #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
      69             : #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
      70             : 
      71             : /* rotation right shift 1byte */
      72             : #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
      73             : /* rotation left shift 1bit */
      74             : #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
      75             : /* rotation left shift 1byte */
      76             : #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
      77             : 
      78             : #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
      79             :     do {                                                \
      80             :         w0 = ll;                                        \
      81             :         ll = (ll << bits) + (lr >> (32 - bits));    \
      82             :         lr = (lr << bits) + (rl >> (32 - bits));    \
      83             :         rl = (rl << bits) + (rr >> (32 - bits));    \
      84             :         rr = (rr << bits) + (w0 >> (32 - bits));    \
      85             :     } while(0)
      86             : 
      87             : #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
      88             :     do {                                                \
      89             :         w0 = ll;                                        \
      90             :         w1 = lr;                                        \
      91             :         ll = (lr << (bits - 32)) + (rl >> (64 - bits));     \
      92             :         lr = (rl << (bits - 32)) + (rr >> (64 - bits));     \
      93             :         rl = (rr << (bits - 32)) + (w0 >> (64 - bits));     \
      94             :         rr = (w0 << (bits - 32)) + (w1 >> (64 - bits));     \
      95             :     } while(0)
      96             : 
      97             : #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
      98             : #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
      99             : #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
     100             : #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
     101             : 
     102             : #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)      \
     103             :     do {                                                        \
     104             :         il = xl ^ kl;                                           \
     105             :         ir = xr ^ kr;                                           \
     106             :         t0 = il >> 16;                                            \
     107             :         t1 = ir >> 16;                                            \
     108             :         yl = CAMELLIA_SP1110(ir & 0xff)                             \
     109             :             ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                       \
     110             :             ^ CAMELLIA_SP3033(t1 & 0xff)                    \
     111             :             ^ CAMELLIA_SP4404((ir >> 8) & 0xff);              \
     112             :         yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                        \
     113             :             ^ CAMELLIA_SP0222(t0 & 0xff)                    \
     114             :             ^ CAMELLIA_SP3033((il >> 8) & 0xff)                       \
     115             :             ^ CAMELLIA_SP4404(il & 0xff);                   \
     116             :         yl ^= yr;                                               \
     117             :         yr = CAMELLIA_RR8(yr);                                  \
     118             :         yr ^= yl;                                               \
     119             :     } while(0)
     120             : 
     121             : 
     122             : /*
     123             :  * for speed up
     124             :  *
     125             :  */
     126             : #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
     127             :     do {                                                                \
     128             :         t0 = kll;                                                       \
     129             :         t0 &= ll;                                                   \
     130             :         lr ^= CAMELLIA_RL1(t0);                                         \
     131             :         t1 = klr;                                                       \
     132             :         t1 |= lr;                                                       \
     133             :         ll ^= t1;                                                       \
     134             :                                                                         \
     135             :         t2 = krr;                                                       \
     136             :         t2 |= rr;                                                       \
     137             :         rl ^= t2;                                                       \
     138             :         t3 = krl;                                                       \
     139             :         t3 &= rl;                                                   \
     140             :         rr ^= CAMELLIA_RL1(t3);                                         \
     141             :     } while(0)
     142             : 
     143             : #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
     144             :     do {                                                                \
     145             :         yl ^= kl;                                                       \
     146             :         yr ^= kr;                                                       \
     147             :         ir = CAMELLIA_SP1110(xr & 0xff)                                     \
     148             :             ^ CAMELLIA_SP0222((xr >> 24) & 0xff)                      \
     149             :             ^ CAMELLIA_SP3033((xr >> 16) & 0xff)                      \
     150             :             ^ CAMELLIA_SP4404((xr >> 8) & 0xff);                      \
     151             :         il = CAMELLIA_SP1110((xl >> 24) & 0xff)                               \
     152             :             ^ CAMELLIA_SP0222((xl >> 16) & 0xff)                      \
     153             :             ^ CAMELLIA_SP3033((xl >> 8) & 0xff)                               \
     154             :             ^ CAMELLIA_SP4404(xl & 0xff);                           \
     155             :         ir ^= il;                                                       \
     156             :         il = CAMELLIA_RR8(il);                                          \
     157             :         il ^= ir;                                                       \
     158             :         yl ^= ir;                                                       \
     159             :         yr ^= il;                                                       \
     160             :     } while(0)
     161             : 
     162             : 
     163             : static const u32 camellia_sp1110[256] = {
     164             :     0x70707000,0x82828200,0x2c2c2c00,0xececec00,
     165             :     0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
     166             :     0xe4e4e400,0x85858500,0x57575700,0x35353500,
     167             :     0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
     168             :     0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
     169             :     0x45454500,0x19191900,0xa5a5a500,0x21212100,
     170             :     0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
     171             :     0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
     172             :     0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
     173             :     0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
     174             :     0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
     175             :     0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
     176             :     0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
     177             :     0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
     178             :     0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
     179             :     0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
     180             :     0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
     181             :     0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
     182             :     0x74747400,0x12121200,0x2b2b2b00,0x20202000,
     183             :     0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
     184             :     0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
     185             :     0x34343400,0x7e7e7e00,0x76767600,0x05050500,
     186             :     0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
     187             :     0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
     188             :     0x14141400,0x58585800,0x3a3a3a00,0x61616100,
     189             :     0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
     190             :     0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
     191             :     0x53535300,0x18181800,0xf2f2f200,0x22222200,
     192             :     0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
     193             :     0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
     194             :     0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
     195             :     0x60606000,0xfcfcfc00,0x69696900,0x50505000,
     196             :     0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
     197             :     0xa1a1a100,0x89898900,0x62626200,0x97979700,
     198             :     0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
     199             :     0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
     200             :     0x10101000,0xc4c4c400,0x00000000,0x48484800,
     201             :     0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
     202             :     0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
     203             :     0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
     204             :     0x87878700,0x5c5c5c00,0x83838300,0x02020200,
     205             :     0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
     206             :     0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
     207             :     0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
     208             :     0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
     209             :     0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
     210             :     0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
     211             :     0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
     212             :     0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
     213             :     0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
     214             :     0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
     215             :     0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
     216             :     0x78787800,0x98989800,0x06060600,0x6a6a6a00,
     217             :     0xe7e7e700,0x46464600,0x71717100,0xbababa00,
     218             :     0xd4d4d400,0x25252500,0xababab00,0x42424200,
     219             :     0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
     220             :     0x72727200,0x07070700,0xb9b9b900,0x55555500,
     221             :     0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
     222             :     0x36363600,0x49494900,0x2a2a2a00,0x68686800,
     223             :     0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
     224             :     0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
     225             :     0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
     226             :     0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
     227             :     0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
     228             : };
     229             : 
     230             : static const u32 camellia_sp0222[256] = {
     231             :     0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
     232             :     0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
     233             :     0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
     234             :     0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
     235             :     0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
     236             :     0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
     237             :     0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
     238             :     0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
     239             :     0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
     240             :     0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
     241             :     0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
     242             :     0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
     243             :     0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
     244             :     0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
     245             :     0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
     246             :     0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
     247             :     0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
     248             :     0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
     249             :     0x00e8e8e8,0x00242424,0x00565656,0x00404040,
     250             :     0x00e1e1e1,0x00636363,0x00090909,0x00333333,
     251             :     0x00bfbfbf,0x00989898,0x00979797,0x00858585,
     252             :     0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
     253             :     0x00dadada,0x006f6f6f,0x00535353,0x00626262,
     254             :     0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
     255             :     0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
     256             :     0x00bdbdbd,0x00363636,0x00222222,0x00383838,
     257             :     0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
     258             :     0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
     259             :     0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
     260             :     0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
     261             :     0x00484848,0x00101010,0x00d1d1d1,0x00515151,
     262             :     0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
     263             :     0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
     264             :     0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
     265             :     0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
     266             :     0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
     267             :     0x00202020,0x00898989,0x00000000,0x00909090,
     268             :     0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
     269             :     0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
     270             :     0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
     271             :     0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
     272             :     0x009b9b9b,0x00949494,0x00212121,0x00666666,
     273             :     0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
     274             :     0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
     275             :     0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
     276             :     0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
     277             :     0x00030303,0x002d2d2d,0x00dedede,0x00969696,
     278             :     0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
     279             :     0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
     280             :     0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
     281             :     0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
     282             :     0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
     283             :     0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
     284             :     0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
     285             :     0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
     286             :     0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
     287             :     0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
     288             :     0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
     289             :     0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
     290             :     0x00787878,0x00707070,0x00e3e3e3,0x00494949,
     291             :     0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
     292             :     0x00777777,0x00939393,0x00868686,0x00838383,
     293             :     0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
     294             :     0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
     295             : };
     296             : 
     297             : static const u32 camellia_sp3033[256] = {
     298             :     0x38003838,0x41004141,0x16001616,0x76007676,
     299             :     0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
     300             :     0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
     301             :     0x75007575,0x06000606,0x57005757,0xa000a0a0,
     302             :     0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
     303             :     0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
     304             :     0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
     305             :     0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
     306             :     0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
     307             :     0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
     308             :     0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
     309             :     0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
     310             :     0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
     311             :     0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
     312             :     0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
     313             :     0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
     314             :     0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
     315             :     0xfd00fdfd,0x66006666,0x58005858,0x96009696,
     316             :     0x3a003a3a,0x09000909,0x95009595,0x10001010,
     317             :     0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
     318             :     0xef00efef,0x26002626,0xe500e5e5,0x61006161,
     319             :     0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
     320             :     0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
     321             :     0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
     322             :     0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
     323             :     0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
     324             :     0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
     325             :     0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
     326             :     0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
     327             :     0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
     328             :     0x12001212,0x04000404,0x74007474,0x54005454,
     329             :     0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
     330             :     0x55005555,0x68006868,0x50005050,0xbe00bebe,
     331             :     0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
     332             :     0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
     333             :     0x70007070,0xff00ffff,0x32003232,0x69006969,
     334             :     0x08000808,0x62006262,0x00000000,0x24002424,
     335             :     0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
     336             :     0x45004545,0x81008181,0x73007373,0x6d006d6d,
     337             :     0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
     338             :     0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
     339             :     0xe600e6e6,0x25002525,0x48004848,0x99009999,
     340             :     0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
     341             :     0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
     342             :     0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
     343             :     0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
     344             :     0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
     345             :     0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
     346             :     0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
     347             :     0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
     348             :     0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
     349             :     0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
     350             :     0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
     351             :     0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
     352             :     0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
     353             :     0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
     354             :     0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
     355             :     0x7c007c7c,0x77007777,0x56005656,0x05000505,
     356             :     0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
     357             :     0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
     358             :     0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
     359             :     0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
     360             :     0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
     361             :     0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
     362             : };
     363             : 
     364             : static const u32 camellia_sp4404[256] = {
     365             :     0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
     366             :     0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
     367             :     0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
     368             :     0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
     369             :     0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
     370             :     0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
     371             :     0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
     372             :     0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
     373             :     0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
     374             :     0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
     375             :     0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
     376             :     0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
     377             :     0x14140014,0x3a3a003a,0xdede00de,0x11110011,
     378             :     0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
     379             :     0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
     380             :     0x24240024,0xe8e800e8,0x60600060,0x69690069,
     381             :     0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
     382             :     0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
     383             :     0x10100010,0x00000000,0xa3a300a3,0x75750075,
     384             :     0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
     385             :     0x87870087,0x83830083,0xcdcd00cd,0x90900090,
     386             :     0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
     387             :     0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
     388             :     0x81810081,0x6f6f006f,0x13130013,0x63630063,
     389             :     0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
     390             :     0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
     391             :     0x78780078,0x06060006,0xe7e700e7,0x71710071,
     392             :     0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
     393             :     0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
     394             :     0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
     395             :     0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
     396             :     0x15150015,0xadad00ad,0x77770077,0x80800080,
     397             :     0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
     398             :     0x85850085,0x35350035,0x0c0c000c,0x41410041,
     399             :     0xefef00ef,0x93930093,0x19190019,0x21210021,
     400             :     0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
     401             :     0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
     402             :     0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
     403             :     0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
     404             :     0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
     405             :     0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
     406             :     0x12120012,0x20200020,0xb1b100b1,0x99990099,
     407             :     0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
     408             :     0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
     409             :     0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
     410             :     0x0f0f000f,0x16160016,0x18180018,0x22220022,
     411             :     0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
     412             :     0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
     413             :     0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
     414             :     0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
     415             :     0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
     416             :     0x03030003,0xdada00da,0x3f3f003f,0x94940094,
     417             :     0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
     418             :     0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
     419             :     0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
     420             :     0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
     421             :     0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
     422             :     0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
     423             :     0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
     424             :     0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
     425             :     0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
     426             :     0x49490049,0x68680068,0x38380038,0xa4a400a4,
     427             :     0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
     428             :     0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
     429             : };
     430             : 
     431             : 
     432             : /**
     433             :  * Stuff related to the Camellia key schedule
     434             :  */
     435             : #define subl(x) subL[(x)]
     436             : #define subr(x) subR[(x)]
     437             : 
     438         552 : void camellia_setup128(const unsigned char *key, u32 *subkey)
     439             : {
     440             :     u32 kll, klr, krl, krr;
     441             :     u32 il, ir, t0, t1, w0, w1;
     442             :     u32 kw4l, kw4r, dw, tl, tr;
     443             :     u32 subL[26];
     444             :     u32 subR[26];
     445             : 
     446             :     /**
     447             :      *  k == kll || klr || krl || krr (|| is concatination)
     448             :      */
     449         552 :     kll = GETU32(key     );
     450         552 :     klr = GETU32(key +  4);
     451         552 :     krl = GETU32(key +  8);
     452         552 :     krr = GETU32(key + 12);
     453             :     /**
     454             :      * generate KL dependent subkeys
     455             :      */
     456         552 :     subl(0) = kll; subr(0) = klr;
     457         552 :     subl(1) = krl; subr(1) = krr;
     458         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     459         552 :     subl(4) = kll; subr(4) = klr;
     460         552 :     subl(5) = krl; subr(5) = krr;
     461         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
     462         552 :     subl(10) = kll; subr(10) = klr;
     463         552 :     subl(11) = krl; subr(11) = krr;
     464         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     465         552 :     subl(13) = krl; subr(13) = krr;
     466         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
     467         552 :     subl(16) = kll; subr(16) = klr;
     468         552 :     subl(17) = krl; subr(17) = krr;
     469         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
     470         552 :     subl(18) = kll; subr(18) = klr;
     471         552 :     subl(19) = krl; subr(19) = krr;
     472         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
     473         552 :     subl(22) = kll; subr(22) = klr;
     474         552 :     subl(23) = krl; subr(23) = krr;
     475             : 
     476             :     /* generate KA */
     477         552 :     kll = subl(0); klr = subr(0);
     478         552 :     krl = subl(1); krr = subr(1);
     479         552 :     CAMELLIA_F(kll, klr,
     480             :                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
     481             :                w0, w1, il, ir, t0, t1);
     482         552 :     krl ^= w0; krr ^= w1;
     483         552 :     CAMELLIA_F(krl, krr,
     484             :                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
     485             :                kll, klr, il, ir, t0, t1);
     486         552 :     CAMELLIA_F(kll, klr,
     487             :                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
     488             :                krl, krr, il, ir, t0, t1);
     489         552 :     krl ^= w0; krr ^= w1;
     490         552 :     CAMELLIA_F(krl, krr,
     491             :                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
     492             :                w0, w1, il, ir, t0, t1);
     493         552 :     kll ^= w0; klr ^= w1;
     494             : 
     495             :     /* generate KA dependent subkeys */
     496         552 :     subl(2) = kll; subr(2) = klr;
     497         552 :     subl(3) = krl; subr(3) = krr;
     498         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     499         552 :     subl(6) = kll; subr(6) = klr;
     500         552 :     subl(7) = krl; subr(7) = krr;
     501         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     502         552 :     subl(8) = kll; subr(8) = klr;
     503         552 :     subl(9) = krl; subr(9) = krr;
     504         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     505         552 :     subl(12) = kll; subr(12) = klr;
     506         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     507         552 :     subl(14) = kll; subr(14) = klr;
     508         552 :     subl(15) = krl; subr(15) = krr;
     509         552 :     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
     510         552 :     subl(20) = kll; subr(20) = klr;
     511         552 :     subl(21) = krl; subr(21) = krr;
     512         552 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
     513         552 :     subl(24) = kll; subr(24) = klr;
     514         552 :     subl(25) = krl; subr(25) = krr;
     515             : 
     516             : 
     517             :     /* absorb kw2 to other subkeys */
     518         552 :     subl(3) ^= subl(1); subr(3) ^= subr(1);
     519         552 :     subl(5) ^= subl(1); subr(5) ^= subr(1);
     520         552 :     subl(7) ^= subl(1); subr(7) ^= subr(1);
     521         552 :     subl(1) ^= subr(1) & ~subr(9);
     522         552 :     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
     523         552 :     subl(11) ^= subl(1); subr(11) ^= subr(1);
     524         552 :     subl(13) ^= subl(1); subr(13) ^= subr(1);
     525         552 :     subl(15) ^= subl(1); subr(15) ^= subr(1);
     526         552 :     subl(1) ^= subr(1) & ~subr(17);
     527         552 :     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
     528         552 :     subl(19) ^= subl(1); subr(19) ^= subr(1);
     529         552 :     subl(21) ^= subl(1); subr(21) ^= subr(1);
     530         552 :     subl(23) ^= subl(1); subr(23) ^= subr(1);
     531         552 :     subl(24) ^= subl(1); subr(24) ^= subr(1);
     532             : 
     533             :     /* absorb kw4 to other subkeys */
     534         552 :     kw4l = subl(25); kw4r = subr(25);
     535         552 :     subl(22) ^= kw4l; subr(22) ^= kw4r;
     536         552 :     subl(20) ^= kw4l; subr(20) ^= kw4r;
     537         552 :     subl(18) ^= kw4l; subr(18) ^= kw4r;
     538         552 :     kw4l ^= kw4r & ~subr(16);
     539         552 :     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
     540         552 :     subl(14) ^= kw4l; subr(14) ^= kw4r;
     541         552 :     subl(12) ^= kw4l; subr(12) ^= kw4r;
     542         552 :     subl(10) ^= kw4l; subr(10) ^= kw4r;
     543         552 :     kw4l ^= kw4r & ~subr(8);
     544         552 :     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
     545         552 :     subl(6) ^= kw4l; subr(6) ^= kw4r;
     546         552 :     subl(4) ^= kw4l; subr(4) ^= kw4r;
     547         552 :     subl(2) ^= kw4l; subr(2) ^= kw4r;
     548         552 :     subl(0) ^= kw4l; subr(0) ^= kw4r;
     549             : 
     550             :     /* key XOR is end of F-function */
     551         552 :     CamelliaSubkeyL(0) = subl(0) ^ subl(2);
     552         552 :     CamelliaSubkeyR(0) = subr(0) ^ subr(2);
     553         552 :     CamelliaSubkeyL(2) = subl(3);
     554         552 :     CamelliaSubkeyR(2) = subr(3);
     555         552 :     CamelliaSubkeyL(3) = subl(2) ^ subl(4);
     556         552 :     CamelliaSubkeyR(3) = subr(2) ^ subr(4);
     557         552 :     CamelliaSubkeyL(4) = subl(3) ^ subl(5);
     558         552 :     CamelliaSubkeyR(4) = subr(3) ^ subr(5);
     559         552 :     CamelliaSubkeyL(5) = subl(4) ^ subl(6);
     560         552 :     CamelliaSubkeyR(5) = subr(4) ^ subr(6);
     561         552 :     CamelliaSubkeyL(6) = subl(5) ^ subl(7);
     562         552 :     CamelliaSubkeyR(6) = subr(5) ^ subr(7);
     563         552 :     tl = subl(10) ^ (subr(10) & ~subr(8));
     564         552 :     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
     565         552 :     CamelliaSubkeyL(7) = subl(6) ^ tl;
     566         552 :     CamelliaSubkeyR(7) = subr(6) ^ tr;
     567         552 :     CamelliaSubkeyL(8) = subl(8);
     568         552 :     CamelliaSubkeyR(8) = subr(8);
     569         552 :     CamelliaSubkeyL(9) = subl(9);
     570         552 :     CamelliaSubkeyR(9) = subr(9);
     571         552 :     tl = subl(7) ^ (subr(7) & ~subr(9));
     572         552 :     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
     573         552 :     CamelliaSubkeyL(10) = tl ^ subl(11);
     574         552 :     CamelliaSubkeyR(10) = tr ^ subr(11);
     575         552 :     CamelliaSubkeyL(11) = subl(10) ^ subl(12);
     576         552 :     CamelliaSubkeyR(11) = subr(10) ^ subr(12);
     577         552 :     CamelliaSubkeyL(12) = subl(11) ^ subl(13);
     578         552 :     CamelliaSubkeyR(12) = subr(11) ^ subr(13);
     579         552 :     CamelliaSubkeyL(13) = subl(12) ^ subl(14);
     580         552 :     CamelliaSubkeyR(13) = subr(12) ^ subr(14);
     581         552 :     CamelliaSubkeyL(14) = subl(13) ^ subl(15);
     582         552 :     CamelliaSubkeyR(14) = subr(13) ^ subr(15);
     583         552 :     tl = subl(18) ^ (subr(18) & ~subr(16));
     584         552 :     dw = tl & subl(16),     tr = subr(18) ^ CAMELLIA_RL1(dw);
     585         552 :     CamelliaSubkeyL(15) = subl(14) ^ tl;
     586         552 :     CamelliaSubkeyR(15) = subr(14) ^ tr;
     587         552 :     CamelliaSubkeyL(16) = subl(16);
     588         552 :     CamelliaSubkeyR(16) = subr(16);
     589         552 :     CamelliaSubkeyL(17) = subl(17);
     590         552 :     CamelliaSubkeyR(17) = subr(17);
     591         552 :     tl = subl(15) ^ (subr(15) & ~subr(17));
     592         552 :     dw = tl & subl(17),     tr = subr(15) ^ CAMELLIA_RL1(dw);
     593         552 :     CamelliaSubkeyL(18) = tl ^ subl(19);
     594         552 :     CamelliaSubkeyR(18) = tr ^ subr(19);
     595         552 :     CamelliaSubkeyL(19) = subl(18) ^ subl(20);
     596         552 :     CamelliaSubkeyR(19) = subr(18) ^ subr(20);
     597         552 :     CamelliaSubkeyL(20) = subl(19) ^ subl(21);
     598         552 :     CamelliaSubkeyR(20) = subr(19) ^ subr(21);
     599         552 :     CamelliaSubkeyL(21) = subl(20) ^ subl(22);
     600         552 :     CamelliaSubkeyR(21) = subr(20) ^ subr(22);
     601         552 :     CamelliaSubkeyL(22) = subl(21) ^ subl(23);
     602         552 :     CamelliaSubkeyR(22) = subr(21) ^ subr(23);
     603         552 :     CamelliaSubkeyL(23) = subl(22);
     604         552 :     CamelliaSubkeyR(23) = subr(22);
     605         552 :     CamelliaSubkeyL(24) = subl(24) ^ subl(23);
     606         552 :     CamelliaSubkeyR(24) = subr(24) ^ subr(23);
     607             : 
     608         552 :     return;
     609             : }
     610             : 
     611         411 : void camellia_setup256(const unsigned char *key, u32 *subkey)
     612             : {
     613             :     u32 kll,klr,krl,krr;           /* left half of key */
     614             :     u32 krll,krlr,krrl,krrr;       /* right half of key */
     615             :     u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
     616             :     u32 kw4l, kw4r, dw, tl, tr;
     617             :     u32 subL[34];
     618             :     u32 subR[34];
     619             : 
     620             :     /**
     621             :      *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
     622             :      *  (|| is concatination)
     623             :      */
     624             : 
     625         411 :     kll  = GETU32(key     );
     626         411 :     klr  = GETU32(key +  4);
     627         411 :     krl  = GETU32(key +  8);
     628         411 :     krr  = GETU32(key + 12);
     629         411 :     krll = GETU32(key + 16);
     630         411 :     krlr = GETU32(key + 20);
     631         411 :     krrl = GETU32(key + 24);
     632         411 :     krrr = GETU32(key + 28);
     633             : 
     634             :     /* generate KL dependent subkeys */
     635         411 :     subl(0) = kll; subr(0) = klr;
     636         411 :     subl(1) = krl; subr(1) = krr;
     637         411 :     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
     638         411 :     subl(12) = kll; subr(12) = klr;
     639         411 :     subl(13) = krl; subr(13) = krr;
     640         411 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     641         411 :     subl(16) = kll; subr(16) = klr;
     642         411 :     subl(17) = krl; subr(17) = krr;
     643         411 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
     644         411 :     subl(22) = kll; subr(22) = klr;
     645         411 :     subl(23) = krl; subr(23) = krr;
     646         411 :     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
     647         411 :     subl(30) = kll; subr(30) = klr;
     648         411 :     subl(31) = krl; subr(31) = krr;
     649             : 
     650             :     /* generate KR dependent subkeys */
     651         411 :     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
     652         411 :     subl(4) = krll; subr(4) = krlr;
     653         411 :     subl(5) = krrl; subr(5) = krrr;
     654         411 :     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
     655         411 :     subl(8) = krll; subr(8) = krlr;
     656         411 :     subl(9) = krrl; subr(9) = krrr;
     657         411 :     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
     658         411 :     subl(18) = krll; subr(18) = krlr;
     659         411 :     subl(19) = krrl; subr(19) = krrr;
     660         411 :     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
     661         411 :     subl(26) = krll; subr(26) = krlr;
     662         411 :     subl(27) = krrl; subr(27) = krrr;
     663         411 :     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
     664             : 
     665             :     /* generate KA */
     666         411 :     kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
     667         411 :     krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
     668         411 :     CAMELLIA_F(kll, klr,
     669             :                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
     670             :                w0, w1, il, ir, t0, t1);
     671         411 :     krl ^= w0; krr ^= w1;
     672         411 :     CAMELLIA_F(krl, krr,
     673             :                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
     674             :                kll, klr, il, ir, t0, t1);
     675         411 :     kll ^= krll; klr ^= krlr;
     676         411 :     CAMELLIA_F(kll, klr,
     677             :                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
     678             :                krl, krr, il, ir, t0, t1);
     679         411 :     krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
     680         411 :     CAMELLIA_F(krl, krr,
     681             :                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
     682             :                w0, w1, il, ir, t0, t1);
     683         411 :     kll ^= w0; klr ^= w1;
     684             : 
     685             :     /* generate KB */
     686         411 :     krll ^= kll; krlr ^= klr;
     687         411 :     krrl ^= krl; krrr ^= krr;
     688         411 :     CAMELLIA_F(krll, krlr,
     689             :                CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
     690             :                w0, w1, il, ir, t0, t1);
     691         411 :     krrl ^= w0; krrr ^= w1;
     692         411 :     CAMELLIA_F(krrl, krrr,
     693             :                CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
     694             :                w0, w1, il, ir, t0, t1);
     695         411 :     krll ^= w0; krlr ^= w1;
     696             : 
     697             :     /* generate KA dependent subkeys */
     698         411 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
     699         411 :     subl(6) = kll; subr(6) = klr;
     700         411 :     subl(7) = krl; subr(7) = krr;
     701         411 :     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
     702         411 :     subl(14) = kll; subr(14) = klr;
     703         411 :     subl(15) = krl; subr(15) = krr;
     704         411 :     subl(24) = klr; subr(24) = krl;
     705         411 :     subl(25) = krr; subr(25) = kll;
     706         411 :     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
     707         411 :     subl(28) = kll; subr(28) = klr;
     708         411 :     subl(29) = krl; subr(29) = krr;
     709             : 
     710             :     /* generate KB dependent subkeys */
     711         411 :     subl(2) = krll; subr(2) = krlr;
     712         411 :     subl(3) = krrl; subr(3) = krrr;
     713         411 :     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
     714         411 :     subl(10) = krll; subr(10) = krlr;
     715         411 :     subl(11) = krrl; subr(11) = krrr;
     716         411 :     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
     717         411 :     subl(20) = krll; subr(20) = krlr;
     718         411 :     subl(21) = krrl; subr(21) = krrr;
     719         411 :     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
     720         411 :     subl(32) = krll; subr(32) = krlr;
     721         411 :     subl(33) = krrl; subr(33) = krrr;
     722             : 
     723             :     /* absorb kw2 to other subkeys */
     724         411 :     subl(3) ^= subl(1); subr(3) ^= subr(1);
     725         411 :     subl(5) ^= subl(1); subr(5) ^= subr(1);
     726         411 :     subl(7) ^= subl(1); subr(7) ^= subr(1);
     727         411 :     subl(1) ^= subr(1) & ~subr(9);
     728         411 :     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
     729         411 :     subl(11) ^= subl(1); subr(11) ^= subr(1);
     730         411 :     subl(13) ^= subl(1); subr(13) ^= subr(1);
     731         411 :     subl(15) ^= subl(1); subr(15) ^= subr(1);
     732         411 :     subl(1) ^= subr(1) & ~subr(17);
     733         411 :     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
     734         411 :     subl(19) ^= subl(1); subr(19) ^= subr(1);
     735         411 :     subl(21) ^= subl(1); subr(21) ^= subr(1);
     736         411 :     subl(23) ^= subl(1); subr(23) ^= subr(1);
     737         411 :     subl(1) ^= subr(1) & ~subr(25);
     738         411 :     dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
     739         411 :     subl(27) ^= subl(1); subr(27) ^= subr(1);
     740         411 :     subl(29) ^= subl(1); subr(29) ^= subr(1);
     741         411 :     subl(31) ^= subl(1); subr(31) ^= subr(1);
     742         411 :     subl(32) ^= subl(1); subr(32) ^= subr(1);
     743             : 
     744             :     /* absorb kw4 to other subkeys */
     745         411 :     kw4l = subl(33); kw4r = subr(33);
     746         411 :     subl(30) ^= kw4l; subr(30) ^= kw4r;
     747         411 :     subl(28) ^= kw4l; subr(28) ^= kw4r;
     748         411 :     subl(26) ^= kw4l; subr(26) ^= kw4r;
     749         411 :     kw4l ^= kw4r & ~subr(24);
     750         411 :     dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
     751         411 :     subl(22) ^= kw4l; subr(22) ^= kw4r;
     752         411 :     subl(20) ^= kw4l; subr(20) ^= kw4r;
     753         411 :     subl(18) ^= kw4l; subr(18) ^= kw4r;
     754         411 :     kw4l ^= kw4r & ~subr(16);
     755         411 :     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
     756         411 :     subl(14) ^= kw4l; subr(14) ^= kw4r;
     757         411 :     subl(12) ^= kw4l; subr(12) ^= kw4r;
     758         411 :     subl(10) ^= kw4l; subr(10) ^= kw4r;
     759         411 :     kw4l ^= kw4r & ~subr(8);
     760         411 :     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
     761         411 :     subl(6) ^= kw4l; subr(6) ^= kw4r;
     762         411 :     subl(4) ^= kw4l; subr(4) ^= kw4r;
     763         411 :     subl(2) ^= kw4l; subr(2) ^= kw4r;
     764         411 :     subl(0) ^= kw4l; subr(0) ^= kw4r;
     765             : 
     766             :     /* key XOR is end of F-function */
     767         411 :     CamelliaSubkeyL(0) = subl(0) ^ subl(2);
     768         411 :     CamelliaSubkeyR(0) = subr(0) ^ subr(2);
     769         411 :     CamelliaSubkeyL(2) = subl(3);
     770         411 :     CamelliaSubkeyR(2) = subr(3);
     771         411 :     CamelliaSubkeyL(3) = subl(2) ^ subl(4);
     772         411 :     CamelliaSubkeyR(3) = subr(2) ^ subr(4);
     773         411 :     CamelliaSubkeyL(4) = subl(3) ^ subl(5);
     774         411 :     CamelliaSubkeyR(4) = subr(3) ^ subr(5);
     775         411 :     CamelliaSubkeyL(5) = subl(4) ^ subl(6);
     776         411 :     CamelliaSubkeyR(5) = subr(4) ^ subr(6);
     777         411 :     CamelliaSubkeyL(6) = subl(5) ^ subl(7);
     778         411 :     CamelliaSubkeyR(6) = subr(5) ^ subr(7);
     779         411 :     tl = subl(10) ^ (subr(10) & ~subr(8));
     780         411 :     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
     781         411 :     CamelliaSubkeyL(7) = subl(6) ^ tl;
     782         411 :     CamelliaSubkeyR(7) = subr(6) ^ tr;
     783         411 :     CamelliaSubkeyL(8) = subl(8);
     784         411 :     CamelliaSubkeyR(8) = subr(8);
     785         411 :     CamelliaSubkeyL(9) = subl(9);
     786         411 :     CamelliaSubkeyR(9) = subr(9);
     787         411 :     tl = subl(7) ^ (subr(7) & ~subr(9));
     788         411 :     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
     789         411 :     CamelliaSubkeyL(10) = tl ^ subl(11);
     790         411 :     CamelliaSubkeyR(10) = tr ^ subr(11);
     791         411 :     CamelliaSubkeyL(11) = subl(10) ^ subl(12);
     792         411 :     CamelliaSubkeyR(11) = subr(10) ^ subr(12);
     793         411 :     CamelliaSubkeyL(12) = subl(11) ^ subl(13);
     794         411 :     CamelliaSubkeyR(12) = subr(11) ^ subr(13);
     795         411 :     CamelliaSubkeyL(13) = subl(12) ^ subl(14);
     796         411 :     CamelliaSubkeyR(13) = subr(12) ^ subr(14);
     797         411 :     CamelliaSubkeyL(14) = subl(13) ^ subl(15);
     798         411 :     CamelliaSubkeyR(14) = subr(13) ^ subr(15);
     799         411 :     tl = subl(18) ^ (subr(18) & ~subr(16));
     800         411 :     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
     801         411 :     CamelliaSubkeyL(15) = subl(14) ^ tl;
     802         411 :     CamelliaSubkeyR(15) = subr(14) ^ tr;
     803         411 :     CamelliaSubkeyL(16) = subl(16);
     804         411 :     CamelliaSubkeyR(16) = subr(16);
     805         411 :     CamelliaSubkeyL(17) = subl(17);
     806         411 :     CamelliaSubkeyR(17) = subr(17);
     807         411 :     tl = subl(15) ^ (subr(15) & ~subr(17));
     808         411 :     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
     809         411 :     CamelliaSubkeyL(18) = tl ^ subl(19);
     810         411 :     CamelliaSubkeyR(18) = tr ^ subr(19);
     811         411 :     CamelliaSubkeyL(19) = subl(18) ^ subl(20);
     812         411 :     CamelliaSubkeyR(19) = subr(18) ^ subr(20);
     813         411 :     CamelliaSubkeyL(20) = subl(19) ^ subl(21);
     814         411 :     CamelliaSubkeyR(20) = subr(19) ^ subr(21);
     815         411 :     CamelliaSubkeyL(21) = subl(20) ^ subl(22);
     816         411 :     CamelliaSubkeyR(21) = subr(20) ^ subr(22);
     817         411 :     CamelliaSubkeyL(22) = subl(21) ^ subl(23);
     818         411 :     CamelliaSubkeyR(22) = subr(21) ^ subr(23);
     819         411 :     tl = subl(26) ^ (subr(26) & ~subr(24));
     820         411 :     dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
     821         411 :     CamelliaSubkeyL(23) = subl(22) ^ tl;
     822         411 :     CamelliaSubkeyR(23) = subr(22) ^ tr;
     823         411 :     CamelliaSubkeyL(24) = subl(24);
     824         411 :     CamelliaSubkeyR(24) = subr(24);
     825         411 :     CamelliaSubkeyL(25) = subl(25);
     826         411 :     CamelliaSubkeyR(25) = subr(25);
     827         411 :     tl = subl(23) ^ (subr(23) &  ~subr(25));
     828         411 :     dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
     829         411 :     CamelliaSubkeyL(26) = tl ^ subl(27);
     830         411 :     CamelliaSubkeyR(26) = tr ^ subr(27);
     831         411 :     CamelliaSubkeyL(27) = subl(26) ^ subl(28);
     832         411 :     CamelliaSubkeyR(27) = subr(26) ^ subr(28);
     833         411 :     CamelliaSubkeyL(28) = subl(27) ^ subl(29);
     834         411 :     CamelliaSubkeyR(28) = subr(27) ^ subr(29);
     835         411 :     CamelliaSubkeyL(29) = subl(28) ^ subl(30);
     836         411 :     CamelliaSubkeyR(29) = subr(28) ^ subr(30);
     837         411 :     CamelliaSubkeyL(30) = subl(29) ^ subl(31);
     838         411 :     CamelliaSubkeyR(30) = subr(29) ^ subr(31);
     839         411 :     CamelliaSubkeyL(31) = subl(30);
     840         411 :     CamelliaSubkeyR(31) = subr(30);
     841         411 :     CamelliaSubkeyL(32) = subl(32) ^ subl(31);
     842         411 :     CamelliaSubkeyR(32) = subr(32) ^ subr(31);
     843             : 
     844         411 :     return;
     845             : }
     846             : 
     847         205 : void camellia_setup192(const unsigned char *key, u32 *subkey)
     848             : {
     849             :     unsigned char kk[32];
     850             :     u32 krll, krlr, krrl,krrr;
     851             : 
     852         205 :     memcpy(kk, key, 24);
     853         205 :     memcpy((unsigned char *)&krll, key+16,4);
     854         205 :     memcpy((unsigned char *)&krlr, key+20,4);
     855         205 :     krrl = ~krll;
     856         205 :     krrr = ~krlr;
     857         205 :     memcpy(kk+24, (unsigned char *)&krrl, 4);
     858         205 :     memcpy(kk+28, (unsigned char *)&krrr, 4);
     859         205 :     camellia_setup256(kk, subkey);
     860         205 :     return;
     861             : }
     862             : 
     863             : 
     864             : #ifndef USE_ARM_ASM
     865             : /**
     866             :  * Stuff related to camellia encryption/decryption
     867             :  *
     868             :  * "io" must be 4byte aligned and big-endian data.
     869             :  */
     870     4912112 : void camellia_encrypt128(const u32 *subkey, u32 *blocks)
     871             : {
     872             :     u32 il, ir, t0, t1;
     873             :     u32 io[4];
     874             : 
     875     4912112 :     io[0] = blocks[0];
     876     4912112 :     io[1] = blocks[1];
     877     4912112 :     io[2] = blocks[2];
     878     4912112 :     io[3] = blocks[3];
     879             : 
     880             :     /* pre whitening but absorb kw2*/
     881     4912112 :     io[0] ^= CamelliaSubkeyL(0);
     882     4912112 :     io[1] ^= CamelliaSubkeyR(0);
     883             :     /* main iteration */
     884             : 
     885     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     886             :                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
     887             :                      io[2],io[3],il,ir,t0,t1);
     888     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     889             :                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
     890             :                      io[0],io[1],il,ir,t0,t1);
     891     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     892             :                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
     893             :                      io[2],io[3],il,ir,t0,t1);
     894     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     895             :                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
     896             :                      io[0],io[1],il,ir,t0,t1);
     897     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     898             :                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
     899             :                      io[2],io[3],il,ir,t0,t1);
     900     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     901             :                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
     902             :                      io[0],io[1],il,ir,t0,t1);
     903             : 
     904     4912112 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
     905             :                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
     906             :                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
     907             :                  t0,t1,il,ir);
     908             : 
     909     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     910             :                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
     911             :                      io[2],io[3],il,ir,t0,t1);
     912     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     913             :                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
     914             :                      io[0],io[1],il,ir,t0,t1);
     915     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     916             :                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
     917             :                      io[2],io[3],il,ir,t0,t1);
     918     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     919             :                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
     920             :                      io[0],io[1],il,ir,t0,t1);
     921     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     922             :                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
     923             :                      io[2],io[3],il,ir,t0,t1);
     924     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     925             :                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
     926             :                      io[0],io[1],il,ir,t0,t1);
     927             : 
     928     4912112 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
     929             :                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
     930             :                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
     931             :                  t0,t1,il,ir);
     932             : 
     933     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     934             :                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
     935             :                      io[2],io[3],il,ir,t0,t1);
     936     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     937             :                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
     938             :                      io[0],io[1],il,ir,t0,t1);
     939     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     940             :                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
     941             :                      io[2],io[3],il,ir,t0,t1);
     942     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     943             :                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
     944             :                      io[0],io[1],il,ir,t0,t1);
     945     4912112 :     CAMELLIA_ROUNDSM(io[0],io[1],
     946             :                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
     947             :                      io[2],io[3],il,ir,t0,t1);
     948     4912112 :     CAMELLIA_ROUNDSM(io[2],io[3],
     949             :                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
     950             :                      io[0],io[1],il,ir,t0,t1);
     951             : 
     952             :     /* post whitening but kw4 */
     953     4912112 :     io[2] ^= CamelliaSubkeyL(24);
     954     4912112 :     io[3] ^= CamelliaSubkeyR(24);
     955             : 
     956     4912112 :     t0 = io[0];
     957     4912112 :     t1 = io[1];
     958     4912112 :     io[0] = io[2];
     959     4912112 :     io[1] = io[3];
     960     4912112 :     io[2] = t0;
     961     4912112 :     io[3] = t1;
     962             : 
     963     4912112 :     blocks[0] = io[0];
     964     4912112 :     blocks[1] = io[1];
     965     4912112 :     blocks[2] = io[2];
     966     4912112 :     blocks[3] = io[3];
     967             : 
     968     4912112 :     return;
     969             : }
     970             : 
     971     1183530 : void camellia_decrypt128(const u32 *subkey, u32 *blocks)
     972             : {
     973             :     u32 il,ir,t0,t1;               /* temporary valiables */
     974             :     u32 io[4];
     975             : 
     976     1183530 :     io[0] = blocks[0];
     977     1183530 :     io[1] = blocks[1];
     978     1183530 :     io[2] = blocks[2];
     979     1183530 :     io[3] = blocks[3];
     980             : 
     981             :     /* pre whitening but absorb kw2*/
     982     1183530 :     io[0] ^= CamelliaSubkeyL(24);
     983     1183530 :     io[1] ^= CamelliaSubkeyR(24);
     984             : 
     985             :     /* main iteration */
     986     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
     987             :                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
     988             :                      io[2],io[3],il,ir,t0,t1);
     989     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
     990             :                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
     991             :                      io[0],io[1],il,ir,t0,t1);
     992     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
     993             :                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
     994             :                      io[2],io[3],il,ir,t0,t1);
     995     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
     996             :                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
     997             :                      io[0],io[1],il,ir,t0,t1);
     998     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
     999             :                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
    1000             :                      io[2],io[3],il,ir,t0,t1);
    1001     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1002             :                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
    1003             :                      io[0],io[1],il,ir,t0,t1);
    1004             : 
    1005     1183530 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1006             :                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
    1007             :                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
    1008             :                  t0,t1,il,ir);
    1009             : 
    1010     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1011             :                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
    1012             :                      io[2],io[3],il,ir,t0,t1);
    1013     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1014             :                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
    1015             :                      io[0],io[1],il,ir,t0,t1);
    1016     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1017             :                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
    1018             :                      io[2],io[3],il,ir,t0,t1);
    1019     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1020             :                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
    1021             :                      io[0],io[1],il,ir,t0,t1);
    1022     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1023             :                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
    1024             :                      io[2],io[3],il,ir,t0,t1);
    1025     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1026             :                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
    1027             :                      io[0],io[1],il,ir,t0,t1);
    1028             : 
    1029     1183530 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1030             :                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
    1031             :                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
    1032             :                  t0,t1,il,ir);
    1033             : 
    1034     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1035             :                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
    1036             :                      io[2],io[3],il,ir,t0,t1);
    1037     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1038             :                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
    1039             :                      io[0],io[1],il,ir,t0,t1);
    1040     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1041             :                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
    1042             :                      io[2],io[3],il,ir,t0,t1);
    1043     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1044             :                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
    1045             :                      io[0],io[1],il,ir,t0,t1);
    1046     1183530 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1047             :                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
    1048             :                      io[2],io[3],il,ir,t0,t1);
    1049     1183530 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1050             :                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
    1051             :                      io[0],io[1],il,ir,t0,t1);
    1052             : 
    1053             :     /* post whitening but kw4 */
    1054     1183530 :     io[2] ^= CamelliaSubkeyL(0);
    1055     1183530 :     io[3] ^= CamelliaSubkeyR(0);
    1056             : 
    1057     1183530 :     t0 = io[0];
    1058     1183530 :     t1 = io[1];
    1059     1183530 :     io[0] = io[2];
    1060     1183530 :     io[1] = io[3];
    1061     1183530 :     io[2] = t0;
    1062     1183530 :     io[3] = t1;
    1063             : 
    1064     1183530 :     blocks[0] = io[0];
    1065     1183530 :     blocks[1] = io[1];
    1066     1183530 :     blocks[2] = io[2];
    1067     1183530 :     blocks[3] = io[3];
    1068             : 
    1069     1183530 :     return;
    1070             : }
    1071             : 
    1072             : /**
    1073             :  * stuff for 192 and 256bit encryption/decryption
    1074             :  */
    1075     9032490 : void camellia_encrypt256(const u32 *subkey, u32 *blocks)
    1076             : {
    1077             :     u32 il,ir,t0,t1;           /* temporary valiables */
    1078             :     u32 io[4];
    1079             : 
    1080     9032490 :     io[0] = blocks[0];
    1081     9032490 :     io[1] = blocks[1];
    1082     9032490 :     io[2] = blocks[2];
    1083     9032490 :     io[3] = blocks[3];
    1084             : 
    1085             :     /* pre whitening but absorb kw2*/
    1086     9032490 :     io[0] ^= CamelliaSubkeyL(0);
    1087     9032490 :     io[1] ^= CamelliaSubkeyR(0);
    1088             : 
    1089             :     /* main iteration */
    1090     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1091             :                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
    1092             :                      io[2],io[3],il,ir,t0,t1);
    1093     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1094             :                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
    1095             :                      io[0],io[1],il,ir,t0,t1);
    1096     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1097             :                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
    1098             :                      io[2],io[3],il,ir,t0,t1);
    1099     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1100             :                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
    1101             :                      io[0],io[1],il,ir,t0,t1);
    1102     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1103             :                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
    1104             :                      io[2],io[3],il,ir,t0,t1);
    1105     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1106             :                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
    1107             :                      io[0],io[1],il,ir,t0,t1);
    1108             : 
    1109     9032490 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1110             :                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
    1111             :                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
    1112             :                  t0,t1,il,ir);
    1113             : 
    1114     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1115             :                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
    1116             :                      io[2],io[3],il,ir,t0,t1);
    1117     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1118             :                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
    1119             :                      io[0],io[1],il,ir,t0,t1);
    1120     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1121             :                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
    1122             :                      io[2],io[3],il,ir,t0,t1);
    1123     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1124             :                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
    1125             :                      io[0],io[1],il,ir,t0,t1);
    1126     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1127             :                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
    1128             :                      io[2],io[3],il,ir,t0,t1);
    1129     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1130             :                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
    1131             :                      io[0],io[1],il,ir,t0,t1);
    1132             : 
    1133     9032490 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1134             :                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
    1135             :                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
    1136             :                  t0,t1,il,ir);
    1137             : 
    1138     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1139             :                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
    1140             :                      io[2],io[3],il,ir,t0,t1);
    1141     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1142             :                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
    1143             :                      io[0],io[1],il,ir,t0,t1);
    1144     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1145             :                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
    1146             :                      io[2],io[3],il,ir,t0,t1);
    1147     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1148             :                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
    1149             :                      io[0],io[1],il,ir,t0,t1);
    1150     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1151             :                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
    1152             :                      io[2],io[3],il,ir,t0,t1);
    1153     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1154             :                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
    1155             :                      io[0],io[1],il,ir,t0,t1);
    1156             : 
    1157     9032490 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1158             :                  CamelliaSubkeyL(24),CamelliaSubkeyR(24),
    1159             :                  CamelliaSubkeyL(25),CamelliaSubkeyR(25),
    1160             :                  t0,t1,il,ir);
    1161             : 
    1162     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1163             :                      CamelliaSubkeyL(26),CamelliaSubkeyR(26),
    1164             :                      io[2],io[3],il,ir,t0,t1);
    1165     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1166             :                      CamelliaSubkeyL(27),CamelliaSubkeyR(27),
    1167             :                      io[0],io[1],il,ir,t0,t1);
    1168     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1169             :                      CamelliaSubkeyL(28),CamelliaSubkeyR(28),
    1170             :                      io[2],io[3],il,ir,t0,t1);
    1171     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1172             :                      CamelliaSubkeyL(29),CamelliaSubkeyR(29),
    1173             :                      io[0],io[1],il,ir,t0,t1);
    1174     9032490 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1175             :                      CamelliaSubkeyL(30),CamelliaSubkeyR(30),
    1176             :                      io[2],io[3],il,ir,t0,t1);
    1177     9032490 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1178             :                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
    1179             :                      io[0],io[1],il,ir,t0,t1);
    1180             : 
    1181             :     /* post whitening but kw4 */
    1182     9032490 :     io[2] ^= CamelliaSubkeyL(32);
    1183     9032490 :     io[3] ^= CamelliaSubkeyR(32);
    1184             : 
    1185     9032490 :     t0 = io[0];
    1186     9032490 :     t1 = io[1];
    1187     9032490 :     io[0] = io[2];
    1188     9032490 :     io[1] = io[3];
    1189     9032490 :     io[2] = t0;
    1190     9032490 :     io[3] = t1;
    1191             : 
    1192     9032490 :     blocks[0] = io[0];
    1193     9032490 :     blocks[1] = io[1];
    1194     9032490 :     blocks[2] = io[2];
    1195     9032490 :     blocks[3] = io[3];
    1196             : 
    1197     9032490 :     return;
    1198             : }
    1199             : 
    1200     2369726 : void camellia_decrypt256(const u32 *subkey, u32 *blocks)
    1201             : {
    1202             :     u32 il,ir,t0,t1;           /* temporary valiables */
    1203             :     u32 io[4];
    1204             : 
    1205     2369726 :     io[0] = blocks[0];
    1206     2369726 :     io[1] = blocks[1];
    1207     2369726 :     io[2] = blocks[2];
    1208     2369726 :     io[3] = blocks[3];
    1209             : 
    1210             :     /* pre whitening but absorb kw2*/
    1211     2369726 :     io[0] ^= CamelliaSubkeyL(32);
    1212     2369726 :     io[1] ^= CamelliaSubkeyR(32);
    1213             : 
    1214             :     /* main iteration */
    1215     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1216             :                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
    1217             :                      io[2],io[3],il,ir,t0,t1);
    1218     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1219             :                      CamelliaSubkeyL(30),CamelliaSubkeyR(30),
    1220             :                      io[0],io[1],il,ir,t0,t1);
    1221     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1222             :                      CamelliaSubkeyL(29),CamelliaSubkeyR(29),
    1223             :                      io[2],io[3],il,ir,t0,t1);
    1224     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1225             :                      CamelliaSubkeyL(28),CamelliaSubkeyR(28),
    1226             :                      io[0],io[1],il,ir,t0,t1);
    1227     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1228             :                      CamelliaSubkeyL(27),CamelliaSubkeyR(27),
    1229             :                      io[2],io[3],il,ir,t0,t1);
    1230     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1231             :                      CamelliaSubkeyL(26),CamelliaSubkeyR(26),
    1232             :                      io[0],io[1],il,ir,t0,t1);
    1233             : 
    1234     2369726 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1235             :                  CamelliaSubkeyL(25),CamelliaSubkeyR(25),
    1236             :                  CamelliaSubkeyL(24),CamelliaSubkeyR(24),
    1237             :                  t0,t1,il,ir);
    1238             : 
    1239     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1240             :                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
    1241             :                      io[2],io[3],il,ir,t0,t1);
    1242     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1243             :                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
    1244             :                      io[0],io[1],il,ir,t0,t1);
    1245     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1246             :                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
    1247             :                      io[2],io[3],il,ir,t0,t1);
    1248     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1249             :                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
    1250             :                      io[0],io[1],il,ir,t0,t1);
    1251     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1252             :                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
    1253             :                      io[2],io[3],il,ir,t0,t1);
    1254     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1255             :                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
    1256             :                      io[0],io[1],il,ir,t0,t1);
    1257             : 
    1258     2369726 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1259             :                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
    1260             :                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
    1261             :                  t0,t1,il,ir);
    1262             : 
    1263     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1264             :                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
    1265             :                      io[2],io[3],il,ir,t0,t1);
    1266     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1267             :                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
    1268             :                      io[0],io[1],il,ir,t0,t1);
    1269     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1270             :                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
    1271             :                      io[2],io[3],il,ir,t0,t1);
    1272     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1273             :                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
    1274             :                      io[0],io[1],il,ir,t0,t1);
    1275     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1276             :                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
    1277             :                      io[2],io[3],il,ir,t0,t1);
    1278     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1279             :                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
    1280             :                      io[0],io[1],il,ir,t0,t1);
    1281             : 
    1282     2369726 :     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
    1283             :                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
    1284             :                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
    1285             :                  t0,t1,il,ir);
    1286             : 
    1287     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1288             :                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
    1289             :                      io[2],io[3],il,ir,t0,t1);
    1290     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1291             :                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
    1292             :                      io[0],io[1],il,ir,t0,t1);
    1293     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1294             :                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
    1295             :                      io[2],io[3],il,ir,t0,t1);
    1296     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1297             :                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
    1298             :                      io[0],io[1],il,ir,t0,t1);
    1299     2369726 :     CAMELLIA_ROUNDSM(io[0],io[1],
    1300             :                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
    1301             :                      io[2],io[3],il,ir,t0,t1);
    1302     2369726 :     CAMELLIA_ROUNDSM(io[2],io[3],
    1303             :                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
    1304             :                      io[0],io[1],il,ir,t0,t1);
    1305             : 
    1306             :     /* post whitening but kw4 */
    1307     2369726 :     io[2] ^= CamelliaSubkeyL(0);
    1308     2369726 :     io[3] ^= CamelliaSubkeyR(0);
    1309             : 
    1310     2369726 :     t0 = io[0];
    1311     2369726 :     t1 = io[1];
    1312     2369726 :     io[0] = io[2];
    1313     2369726 :     io[1] = io[3];
    1314     2369726 :     io[2] = t0;
    1315     2369726 :     io[3] = t1;
    1316             : 
    1317     2369726 :     blocks[0] = io[0];
    1318     2369726 :     blocks[1] = io[1];
    1319     2369726 :     blocks[2] = io[2];
    1320     2369726 :     blocks[3] = io[3];
    1321             : 
    1322     2369726 :     return;
    1323             : }
    1324             : #endif /*!USE_ARM_ASM*/
    1325             : 
    1326             : 
    1327             : /***
    1328             :  *
    1329             :  * API for compatibility
    1330             :  */
    1331             : 
    1332         963 : void Camellia_Ekeygen(const int keyBitLength,
    1333             :                       const unsigned char *rawKey,
    1334             :                       KEY_TABLE_TYPE keyTable)
    1335             : {
    1336         963 :     switch(keyBitLength) {
    1337             :     case 128:
    1338         552 :         camellia_setup128(rawKey, keyTable);
    1339         552 :         break;
    1340             :     case 192:
    1341         205 :         camellia_setup192(rawKey, keyTable);
    1342         205 :         break;
    1343             :     case 256:
    1344         206 :         camellia_setup256(rawKey, keyTable);
    1345         206 :         break;
    1346             :     default:
    1347           0 :         break;
    1348             :     }
    1349         963 : }
    1350             : 
    1351             : 
    1352             : #ifndef USE_ARM_ASM
    1353    13944602 : void Camellia_EncryptBlock(const int keyBitLength,
    1354             :                            const unsigned char *plaintext,
    1355             :                            const KEY_TABLE_TYPE keyTable,
    1356             :                            unsigned char *ciphertext)
    1357             : {
    1358             :     u32 tmp[4];
    1359             : 
    1360    13944602 :     tmp[0] = GETU32(plaintext);
    1361    13944602 :     tmp[1] = GETU32(plaintext + 4);
    1362    13944602 :     tmp[2] = GETU32(plaintext + 8);
    1363    13944602 :     tmp[3] = GETU32(plaintext + 12);
    1364             : 
    1365    13944602 :     switch (keyBitLength) {
    1366             :     case 128:
    1367     4912112 :         camellia_encrypt128(keyTable, tmp);
    1368     4912112 :         break;
    1369             :     case 192:
    1370             :         /* fall through */
    1371             :     case 256:
    1372     9032490 :         camellia_encrypt256(keyTable, tmp);
    1373     9032490 :         break;
    1374             :     default:
    1375           0 :         break;
    1376             :     }
    1377             : 
    1378    13944602 :     PUTU32(ciphertext, tmp[0]);
    1379    13944602 :     PUTU32(ciphertext + 4, tmp[1]);
    1380    13944602 :     PUTU32(ciphertext + 8, tmp[2]);
    1381    13944602 :     PUTU32(ciphertext + 12, tmp[3]);
    1382    13944602 : }
    1383             : 
    1384     3553256 : void Camellia_DecryptBlock(const int keyBitLength,
    1385             :                            const unsigned char *ciphertext,
    1386             :                            const KEY_TABLE_TYPE keyTable,
    1387             :                            unsigned char *plaintext)
    1388             : {
    1389             :     u32 tmp[4];
    1390             : 
    1391     3553256 :     tmp[0] = GETU32(ciphertext);
    1392     3553256 :     tmp[1] = GETU32(ciphertext + 4);
    1393     3553256 :     tmp[2] = GETU32(ciphertext + 8);
    1394     3553256 :     tmp[3] = GETU32(ciphertext + 12);
    1395             : 
    1396     3553256 :     switch (keyBitLength) {
    1397             :     case 128:
    1398     1183530 :         camellia_decrypt128(keyTable, tmp);
    1399     1183530 :         break;
    1400             :     case 192:
    1401             :         /* fall through */
    1402             :     case 256:
    1403     2369726 :         camellia_decrypt256(keyTable, tmp);
    1404     2369726 :         break;
    1405             :     default:
    1406           0 :         break;
    1407             :     }
    1408     3553256 :     PUTU32(plaintext, tmp[0]);
    1409     3553256 :     PUTU32(plaintext + 4, tmp[1]);
    1410     3553256 :     PUTU32(plaintext + 8, tmp[2]);
    1411     3553256 :     PUTU32(plaintext + 12, tmp[3]);
    1412     3553256 : }
    1413             : #endif /*!USE_ARM_ASM*/

Generated by: LCOV version 1.13