1af39daaad
A few years ago the FSF moved and "59 Temple Place" is wrong. Having this still in our source files feels old and unmaintained. Let's take the license statement serious and not confuse users. As https://www.gnu.org/licenses/gpl-howto.html suggests, we replace the postal address with "<http://www.gnu.org/licenses/>". Signed-off-by: Martin Kepplinger <martink@posteo.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1102 lines
35 KiB
C
1102 lines
35 KiB
C
/*
|
|
* Copyright (C) 2006
|
|
* NTT (Nippon Telegraph and Telephone Corporation).
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/*
|
|
* Algorithm Specification
|
|
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
|
|
*/
|
|
|
|
/*
|
|
*
|
|
* NOTE --- NOTE --- NOTE --- NOTE
|
|
* This implementation assumes that all memory addresses passed
|
|
* as parameters are four-byte aligned.
|
|
*
|
|
*/
|
|
|
|
#include <linux/crypto.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/init.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/bitops.h>
|
|
#include <asm/unaligned.h>
|
|
|
|
static const u32 camellia_sp1110[256] = {
|
|
0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
|
|
0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
|
|
0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
|
|
0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
|
|
0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
|
|
0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
|
|
0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
|
|
0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
|
|
0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
|
|
0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
|
|
0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
|
|
0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
|
|
0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
|
|
0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
|
|
0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
|
|
0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
|
|
0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
|
|
0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
|
|
0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
|
|
0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
|
|
0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
|
|
0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
|
|
0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
|
|
0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
|
|
0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
|
|
0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
|
|
0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
|
|
0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
|
|
0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
|
|
0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
|
|
0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
|
|
0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
|
|
0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
|
|
0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
|
|
0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
|
|
0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
|
|
0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
|
|
0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
|
|
0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
|
|
0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
|
|
0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
|
|
0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
|
|
0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
|
|
0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
|
|
0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
|
|
0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
|
|
0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
|
|
0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
|
|
0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
|
|
0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
|
|
0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
|
|
0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
|
|
0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
|
|
0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
|
|
0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
|
|
0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
|
|
0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
|
|
0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
|
|
0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
|
|
0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
|
|
0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
|
|
0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
|
|
0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
|
|
0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
|
|
};
|
|
|
|
static const u32 camellia_sp0222[256] = {
|
|
0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
|
|
0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
|
|
0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
|
|
0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
|
|
0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
|
|
0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
|
|
0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
|
|
0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
|
|
0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
|
|
0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
|
|
0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
|
|
0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
|
|
0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
|
|
0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
|
|
0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
|
|
0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
|
|
0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
|
|
0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
|
|
0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
|
|
0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
|
|
0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
|
|
0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
|
|
0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
|
|
0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
|
|
0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
|
|
0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
|
|
0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
|
|
0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
|
|
0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
|
|
0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
|
|
0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
|
|
0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
|
|
0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
|
|
0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
|
|
0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
|
|
0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
|
|
0x00202020, 0x00898989, 0x00000000, 0x00909090,
|
|
0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
|
|
0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
|
|
0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
|
|
0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
|
|
0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
|
|
0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
|
|
0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
|
|
0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
|
|
0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
|
|
0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
|
|
0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
|
|
0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
|
|
0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
|
|
0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
|
|
0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
|
|
0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
|
|
0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
|
|
0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
|
|
0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
|
|
0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
|
|
0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
|
|
0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
|
|
0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
|
|
0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
|
|
0x00777777, 0x00939393, 0x00868686, 0x00838383,
|
|
0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
|
|
0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
|
|
};
|
|
|
|
static const u32 camellia_sp3033[256] = {
|
|
0x38003838, 0x41004141, 0x16001616, 0x76007676,
|
|
0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
|
|
0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
|
|
0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
|
|
0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
|
|
0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
|
|
0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
|
|
0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
|
|
0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
|
|
0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
|
|
0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
|
|
0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
|
|
0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
|
|
0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
|
|
0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
|
|
0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
|
|
0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
|
|
0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
|
|
0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
|
|
0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
|
|
0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
|
|
0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
|
|
0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
|
|
0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
|
|
0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
|
|
0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
|
|
0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
|
|
0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
|
|
0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
|
|
0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
|
|
0x12001212, 0x04000404, 0x74007474, 0x54005454,
|
|
0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
|
|
0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
|
|
0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
|
|
0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
|
|
0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
|
|
0x08000808, 0x62006262, 0x00000000, 0x24002424,
|
|
0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
|
|
0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
|
|
0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
|
|
0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
|
|
0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
|
|
0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
|
|
0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
|
|
0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
|
|
0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
|
|
0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
|
|
0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
|
|
0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
|
|
0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
|
|
0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
|
|
0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
|
|
0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
|
|
0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
|
|
0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
|
|
0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
|
|
0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
|
|
0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
|
|
0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
|
|
0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
|
|
0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
|
|
0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
|
|
0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
|
|
0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
|
|
};
|
|
|
|
static const u32 camellia_sp4404[256] = {
|
|
0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
|
|
0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
|
|
0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
|
|
0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
|
|
0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
|
|
0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
|
|
0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
|
|
0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
|
|
0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
|
|
0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
|
|
0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
|
|
0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
|
|
0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
|
|
0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
|
|
0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
|
|
0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
|
|
0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
|
|
0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
|
|
0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
|
|
0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
|
|
0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
|
|
0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
|
|
0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
|
|
0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
|
|
0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
|
|
0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
|
|
0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
|
|
0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
|
|
0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
|
|
0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
|
|
0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
|
|
0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
|
|
0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
|
|
0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
|
|
0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
|
|
0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
|
|
0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
|
|
0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
|
|
0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
|
|
0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
|
|
0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
|
|
0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
|
|
0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
|
|
0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
|
|
0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
|
|
0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
|
|
0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
|
|
0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
|
|
0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
|
|
0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
|
|
0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
|
|
0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
|
|
0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
|
|
0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
|
|
0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
|
|
0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
|
|
0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
|
|
0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
|
|
0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
|
|
0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
|
|
0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
|
|
0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
|
|
0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
|
|
0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
|
|
};
|
|
|
|
|
|
#define CAMELLIA_MIN_KEY_SIZE 16
|
|
#define CAMELLIA_MAX_KEY_SIZE 32
|
|
#define CAMELLIA_BLOCK_SIZE 16
|
|
#define CAMELLIA_TABLE_BYTE_LEN 272
|
|
|
|
/*
|
|
* NB: L and R below stand for 'left' and 'right' as in written numbers.
|
|
* That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
|
|
* _not_ least significant ones!
|
|
*/
|
|
|
|
|
|
/* key constants */
|
|
|
|
#define CAMELLIA_SIGMA1L (0xA09E667FL)
|
|
#define CAMELLIA_SIGMA1R (0x3BCC908BL)
|
|
#define CAMELLIA_SIGMA2L (0xB67AE858L)
|
|
#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
|
|
#define CAMELLIA_SIGMA3L (0xC6EF372FL)
|
|
#define CAMELLIA_SIGMA3R (0xE94F82BEL)
|
|
#define CAMELLIA_SIGMA4L (0x54FF53A5L)
|
|
#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
|
|
#define CAMELLIA_SIGMA5L (0x10E527FAL)
|
|
#define CAMELLIA_SIGMA5R (0xDE682D1DL)
|
|
#define CAMELLIA_SIGMA6L (0xB05688C2L)
|
|
#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
|
|
|
|
/*
|
|
* macros
|
|
*/
|
|
#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \
|
|
w0 = ll; \
|
|
ll = (ll << bits) + (lr >> (32 - bits)); \
|
|
lr = (lr << bits) + (rl >> (32 - bits)); \
|
|
rl = (rl << bits) + (rr >> (32 - bits)); \
|
|
rr = (rr << bits) + (w0 >> (32 - bits)); \
|
|
})
|
|
|
|
#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \
|
|
w0 = ll; \
|
|
w1 = lr; \
|
|
ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
|
|
lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
|
|
rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
|
|
rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
|
|
})
|
|
|
|
#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \
|
|
il = xl ^ kl; \
|
|
ir = xr ^ kr; \
|
|
t0 = il >> 16; \
|
|
t1 = ir >> 16; \
|
|
yl = camellia_sp1110[(u8)(ir)] \
|
|
^ camellia_sp0222[(u8)(t1 >> 8)] \
|
|
^ camellia_sp3033[(u8)(t1)] \
|
|
^ camellia_sp4404[(u8)(ir >> 8)]; \
|
|
yr = camellia_sp1110[(u8)(t0 >> 8)] \
|
|
^ camellia_sp0222[(u8)(t0)] \
|
|
^ camellia_sp3033[(u8)(il >> 8)] \
|
|
^ camellia_sp4404[(u8)(il)]; \
|
|
yl ^= yr; \
|
|
yr = ror32(yr, 8); \
|
|
yr ^= yl; \
|
|
})
|
|
|
|
#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
|
|
#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
|
|
|
|
static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
|
|
{
|
|
u32 dw, tl, tr;
|
|
u32 kw4l, kw4r;
|
|
|
|
/* absorb kw2 to other subkeys */
|
|
/* round 2 */
|
|
subL[3] ^= subL[1]; subR[3] ^= subR[1];
|
|
/* round 4 */
|
|
subL[5] ^= subL[1]; subR[5] ^= subR[1];
|
|
/* round 6 */
|
|
subL[7] ^= subL[1]; subR[7] ^= subR[1];
|
|
subL[1] ^= subR[1] & ~subR[9];
|
|
dw = subL[1] & subL[9];
|
|
subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
|
|
/* round 8 */
|
|
subL[11] ^= subL[1]; subR[11] ^= subR[1];
|
|
/* round 10 */
|
|
subL[13] ^= subL[1]; subR[13] ^= subR[1];
|
|
/* round 12 */
|
|
subL[15] ^= subL[1]; subR[15] ^= subR[1];
|
|
subL[1] ^= subR[1] & ~subR[17];
|
|
dw = subL[1] & subL[17];
|
|
subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
|
|
/* round 14 */
|
|
subL[19] ^= subL[1]; subR[19] ^= subR[1];
|
|
/* round 16 */
|
|
subL[21] ^= subL[1]; subR[21] ^= subR[1];
|
|
/* round 18 */
|
|
subL[23] ^= subL[1]; subR[23] ^= subR[1];
|
|
if (max == 24) {
|
|
/* kw3 */
|
|
subL[24] ^= subL[1]; subR[24] ^= subR[1];
|
|
|
|
/* absorb kw4 to other subkeys */
|
|
kw4l = subL[25]; kw4r = subR[25];
|
|
} else {
|
|
subL[1] ^= subR[1] & ~subR[25];
|
|
dw = subL[1] & subL[25];
|
|
subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
|
|
/* round 20 */
|
|
subL[27] ^= subL[1]; subR[27] ^= subR[1];
|
|
/* round 22 */
|
|
subL[29] ^= subL[1]; subR[29] ^= subR[1];
|
|
/* round 24 */
|
|
subL[31] ^= subL[1]; subR[31] ^= subR[1];
|
|
/* kw3 */
|
|
subL[32] ^= subL[1]; subR[32] ^= subR[1];
|
|
|
|
/* absorb kw4 to other subkeys */
|
|
kw4l = subL[33]; kw4r = subR[33];
|
|
/* round 23 */
|
|
subL[30] ^= kw4l; subR[30] ^= kw4r;
|
|
/* round 21 */
|
|
subL[28] ^= kw4l; subR[28] ^= kw4r;
|
|
/* round 19 */
|
|
subL[26] ^= kw4l; subR[26] ^= kw4r;
|
|
kw4l ^= kw4r & ~subR[24];
|
|
dw = kw4l & subL[24];
|
|
kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
|
|
}
|
|
/* round 17 */
|
|
subL[22] ^= kw4l; subR[22] ^= kw4r;
|
|
/* round 15 */
|
|
subL[20] ^= kw4l; subR[20] ^= kw4r;
|
|
/* round 13 */
|
|
subL[18] ^= kw4l; subR[18] ^= kw4r;
|
|
kw4l ^= kw4r & ~subR[16];
|
|
dw = kw4l & subL[16];
|
|
kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
|
|
/* round 11 */
|
|
subL[14] ^= kw4l; subR[14] ^= kw4r;
|
|
/* round 9 */
|
|
subL[12] ^= kw4l; subR[12] ^= kw4r;
|
|
/* round 7 */
|
|
subL[10] ^= kw4l; subR[10] ^= kw4r;
|
|
kw4l ^= kw4r & ~subR[8];
|
|
dw = kw4l & subL[8];
|
|
kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
|
|
/* round 5 */
|
|
subL[6] ^= kw4l; subR[6] ^= kw4r;
|
|
/* round 3 */
|
|
subL[4] ^= kw4l; subR[4] ^= kw4r;
|
|
/* round 1 */
|
|
subL[2] ^= kw4l; subR[2] ^= kw4r;
|
|
/* kw1 */
|
|
subL[0] ^= kw4l; subR[0] ^= kw4r;
|
|
|
|
/* key XOR is end of F-function */
|
|
SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
|
|
SUBKEY_R(0) = subR[0] ^ subR[2];
|
|
SUBKEY_L(2) = subL[3]; /* round 1 */
|
|
SUBKEY_R(2) = subR[3];
|
|
SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
|
|
SUBKEY_R(3) = subR[2] ^ subR[4];
|
|
SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
|
|
SUBKEY_R(4) = subR[3] ^ subR[5];
|
|
SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
|
|
SUBKEY_R(5) = subR[4] ^ subR[6];
|
|
SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
|
|
SUBKEY_R(6) = subR[5] ^ subR[7];
|
|
tl = subL[10] ^ (subR[10] & ~subR[8]);
|
|
dw = tl & subL[8]; /* FL(kl1) */
|
|
tr = subR[10] ^ rol32(dw, 1);
|
|
SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
|
|
SUBKEY_R(7) = subR[6] ^ tr;
|
|
SUBKEY_L(8) = subL[8]; /* FL(kl1) */
|
|
SUBKEY_R(8) = subR[8];
|
|
SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
|
|
SUBKEY_R(9) = subR[9];
|
|
tl = subL[7] ^ (subR[7] & ~subR[9]);
|
|
dw = tl & subL[9]; /* FLinv(kl2) */
|
|
tr = subR[7] ^ rol32(dw, 1);
|
|
SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
|
|
SUBKEY_R(10) = tr ^ subR[11];
|
|
SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
|
|
SUBKEY_R(11) = subR[10] ^ subR[12];
|
|
SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
|
|
SUBKEY_R(12) = subR[11] ^ subR[13];
|
|
SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
|
|
SUBKEY_R(13) = subR[12] ^ subR[14];
|
|
SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
|
|
SUBKEY_R(14) = subR[13] ^ subR[15];
|
|
tl = subL[18] ^ (subR[18] & ~subR[16]);
|
|
dw = tl & subL[16]; /* FL(kl3) */
|
|
tr = subR[18] ^ rol32(dw, 1);
|
|
SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
|
|
SUBKEY_R(15) = subR[14] ^ tr;
|
|
SUBKEY_L(16) = subL[16]; /* FL(kl3) */
|
|
SUBKEY_R(16) = subR[16];
|
|
SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
|
|
SUBKEY_R(17) = subR[17];
|
|
tl = subL[15] ^ (subR[15] & ~subR[17]);
|
|
dw = tl & subL[17]; /* FLinv(kl4) */
|
|
tr = subR[15] ^ rol32(dw, 1);
|
|
SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
|
|
SUBKEY_R(18) = tr ^ subR[19];
|
|
SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
|
|
SUBKEY_R(19) = subR[18] ^ subR[20];
|
|
SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
|
|
SUBKEY_R(20) = subR[19] ^ subR[21];
|
|
SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
|
|
SUBKEY_R(21) = subR[20] ^ subR[22];
|
|
SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
|
|
SUBKEY_R(22) = subR[21] ^ subR[23];
|
|
if (max == 24) {
|
|
SUBKEY_L(23) = subL[22]; /* round 18 */
|
|
SUBKEY_R(23) = subR[22];
|
|
SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
|
|
SUBKEY_R(24) = subR[24] ^ subR[23];
|
|
} else {
|
|
tl = subL[26] ^ (subR[26] & ~subR[24]);
|
|
dw = tl & subL[24]; /* FL(kl5) */
|
|
tr = subR[26] ^ rol32(dw, 1);
|
|
SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
|
|
SUBKEY_R(23) = subR[22] ^ tr;
|
|
SUBKEY_L(24) = subL[24]; /* FL(kl5) */
|
|
SUBKEY_R(24) = subR[24];
|
|
SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
|
|
SUBKEY_R(25) = subR[25];
|
|
tl = subL[23] ^ (subR[23] & ~subR[25]);
|
|
dw = tl & subL[25]; /* FLinv(kl6) */
|
|
tr = subR[23] ^ rol32(dw, 1);
|
|
SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
|
|
SUBKEY_R(26) = tr ^ subR[27];
|
|
SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
|
|
SUBKEY_R(27) = subR[26] ^ subR[28];
|
|
SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
|
|
SUBKEY_R(28) = subR[27] ^ subR[29];
|
|
SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
|
|
SUBKEY_R(29) = subR[28] ^ subR[30];
|
|
SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
|
|
SUBKEY_R(30) = subR[29] ^ subR[31];
|
|
SUBKEY_L(31) = subL[30]; /* round 24 */
|
|
SUBKEY_R(31) = subR[30];
|
|
SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
|
|
SUBKEY_R(32) = subR[32] ^ subR[31];
|
|
}
|
|
}
|
|
|
|
static void camellia_setup128(const unsigned char *key, u32 *subkey)
|
|
{
|
|
u32 kll, klr, krl, krr;
|
|
u32 il, ir, t0, t1, w0, w1;
|
|
u32 subL[26];
|
|
u32 subR[26];
|
|
|
|
/**
|
|
* k == kll || klr || krl || krr (|| is concatenation)
|
|
*/
|
|
kll = get_unaligned_be32(key);
|
|
klr = get_unaligned_be32(key + 4);
|
|
krl = get_unaligned_be32(key + 8);
|
|
krr = get_unaligned_be32(key + 12);
|
|
|
|
/* generate KL dependent subkeys */
|
|
/* kw1 */
|
|
subL[0] = kll; subR[0] = klr;
|
|
/* kw2 */
|
|
subL[1] = krl; subR[1] = krr;
|
|
/* rotation left shift 15bit */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* k3 */
|
|
subL[4] = kll; subR[4] = klr;
|
|
/* k4 */
|
|
subL[5] = krl; subR[5] = krr;
|
|
/* rotation left shift 15+30bit */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 30);
|
|
/* k7 */
|
|
subL[10] = kll; subR[10] = klr;
|
|
/* k8 */
|
|
subL[11] = krl; subR[11] = krr;
|
|
/* rotation left shift 15+30+15bit */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* k10 */
|
|
subL[13] = krl; subR[13] = krr;
|
|
/* rotation left shift 15+30+15+17 bit */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 17);
|
|
/* kl3 */
|
|
subL[16] = kll; subR[16] = klr;
|
|
/* kl4 */
|
|
subL[17] = krl; subR[17] = krr;
|
|
/* rotation left shift 15+30+15+17+17 bit */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 17);
|
|
/* k13 */
|
|
subL[18] = kll; subR[18] = klr;
|
|
/* k14 */
|
|
subL[19] = krl; subR[19] = krr;
|
|
/* rotation left shift 15+30+15+17+17+17 bit */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 17);
|
|
/* k17 */
|
|
subL[22] = kll; subR[22] = klr;
|
|
/* k18 */
|
|
subL[23] = krl; subR[23] = krr;
|
|
|
|
/* generate KA */
|
|
kll = subL[0]; klr = subR[0];
|
|
krl = subL[1]; krr = subR[1];
|
|
CAMELLIA_F(kll, klr,
|
|
CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
|
|
w0, w1, il, ir, t0, t1);
|
|
krl ^= w0; krr ^= w1;
|
|
CAMELLIA_F(krl, krr,
|
|
CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
|
|
kll, klr, il, ir, t0, t1);
|
|
/* current status == (kll, klr, w0, w1) */
|
|
CAMELLIA_F(kll, klr,
|
|
CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
|
|
krl, krr, il, ir, t0, t1);
|
|
krl ^= w0; krr ^= w1;
|
|
CAMELLIA_F(krl, krr,
|
|
CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
|
|
w0, w1, il, ir, t0, t1);
|
|
kll ^= w0; klr ^= w1;
|
|
|
|
/* generate KA dependent subkeys */
|
|
/* k1, k2 */
|
|
subL[2] = kll; subR[2] = klr;
|
|
subL[3] = krl; subR[3] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* k5,k6 */
|
|
subL[6] = kll; subR[6] = klr;
|
|
subL[7] = krl; subR[7] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* kl1, kl2 */
|
|
subL[8] = kll; subR[8] = klr;
|
|
subL[9] = krl; subR[9] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* k9 */
|
|
subL[12] = kll; subR[12] = klr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* k11, k12 */
|
|
subL[14] = kll; subR[14] = klr;
|
|
subL[15] = krl; subR[15] = krr;
|
|
ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
|
|
/* k15, k16 */
|
|
subL[20] = kll; subR[20] = klr;
|
|
subL[21] = krl; subR[21] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 17);
|
|
/* kw3, kw4 */
|
|
subL[24] = kll; subR[24] = klr;
|
|
subL[25] = krl; subR[25] = krr;
|
|
|
|
camellia_setup_tail(subkey, subL, subR, 24);
|
|
}
|
|
|
|
static void camellia_setup256(const unsigned char *key, u32 *subkey)
|
|
{
|
|
u32 kll, klr, krl, krr; /* left half of key */
|
|
u32 krll, krlr, krrl, krrr; /* right half of key */
|
|
u32 il, ir, t0, t1, w0, w1; /* temporary variables */
|
|
u32 subL[34];
|
|
u32 subR[34];
|
|
|
|
/**
|
|
* key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
|
|
* (|| is concatenation)
|
|
*/
|
|
kll = get_unaligned_be32(key);
|
|
klr = get_unaligned_be32(key + 4);
|
|
krl = get_unaligned_be32(key + 8);
|
|
krr = get_unaligned_be32(key + 12);
|
|
krll = get_unaligned_be32(key + 16);
|
|
krlr = get_unaligned_be32(key + 20);
|
|
krrl = get_unaligned_be32(key + 24);
|
|
krrr = get_unaligned_be32(key + 28);
|
|
|
|
/* generate KL dependent subkeys */
|
|
/* kw1 */
|
|
subL[0] = kll; subR[0] = klr;
|
|
/* kw2 */
|
|
subL[1] = krl; subR[1] = krr;
|
|
ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
|
|
/* k9 */
|
|
subL[12] = kll; subR[12] = klr;
|
|
/* k10 */
|
|
subL[13] = krl; subR[13] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* kl3 */
|
|
subL[16] = kll; subR[16] = klr;
|
|
/* kl4 */
|
|
subL[17] = krl; subR[17] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 17);
|
|
/* k17 */
|
|
subL[22] = kll; subR[22] = klr;
|
|
/* k18 */
|
|
subL[23] = krl; subR[23] = krr;
|
|
ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
|
|
/* k23 */
|
|
subL[30] = kll; subR[30] = klr;
|
|
/* k24 */
|
|
subL[31] = krl; subR[31] = krr;
|
|
|
|
/* generate KR dependent subkeys */
|
|
ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
|
|
/* k3 */
|
|
subL[4] = krll; subR[4] = krlr;
|
|
/* k4 */
|
|
subL[5] = krrl; subR[5] = krrr;
|
|
ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
|
|
/* kl1 */
|
|
subL[8] = krll; subR[8] = krlr;
|
|
/* kl2 */
|
|
subL[9] = krrl; subR[9] = krrr;
|
|
ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
|
|
/* k13 */
|
|
subL[18] = krll; subR[18] = krlr;
|
|
/* k14 */
|
|
subL[19] = krrl; subR[19] = krrr;
|
|
ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
|
|
/* k19 */
|
|
subL[26] = krll; subR[26] = krlr;
|
|
/* k20 */
|
|
subL[27] = krrl; subR[27] = krrr;
|
|
ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
|
|
|
|
/* generate KA */
|
|
kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
|
|
krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
|
|
CAMELLIA_F(kll, klr,
|
|
CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
|
|
w0, w1, il, ir, t0, t1);
|
|
krl ^= w0; krr ^= w1;
|
|
CAMELLIA_F(krl, krr,
|
|
CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
|
|
kll, klr, il, ir, t0, t1);
|
|
kll ^= krll; klr ^= krlr;
|
|
CAMELLIA_F(kll, klr,
|
|
CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
|
|
krl, krr, il, ir, t0, t1);
|
|
krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
|
|
CAMELLIA_F(krl, krr,
|
|
CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
|
|
w0, w1, il, ir, t0, t1);
|
|
kll ^= w0; klr ^= w1;
|
|
|
|
/* generate KB */
|
|
krll ^= kll; krlr ^= klr;
|
|
krrl ^= krl; krrr ^= krr;
|
|
CAMELLIA_F(krll, krlr,
|
|
CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
|
|
w0, w1, il, ir, t0, t1);
|
|
krrl ^= w0; krrr ^= w1;
|
|
CAMELLIA_F(krrl, krrr,
|
|
CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
|
|
w0, w1, il, ir, t0, t1);
|
|
krll ^= w0; krlr ^= w1;
|
|
|
|
/* generate KA dependent subkeys */
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 15);
|
|
/* k5 */
|
|
subL[6] = kll; subR[6] = klr;
|
|
/* k6 */
|
|
subL[7] = krl; subR[7] = krr;
|
|
ROLDQ(kll, klr, krl, krr, w0, w1, 30);
|
|
/* k11 */
|
|
subL[14] = kll; subR[14] = klr;
|
|
/* k12 */
|
|
subL[15] = krl; subR[15] = krr;
|
|
/* rotation left shift 32bit */
|
|
/* kl5 */
|
|
subL[24] = klr; subR[24] = krl;
|
|
/* kl6 */
|
|
subL[25] = krr; subR[25] = kll;
|
|
/* rotation left shift 49 from k11,k12 -> k21,k22 */
|
|
ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
|
|
/* k21 */
|
|
subL[28] = kll; subR[28] = klr;
|
|
/* k22 */
|
|
subL[29] = krl; subR[29] = krr;
|
|
|
|
/* generate KB dependent subkeys */
|
|
/* k1 */
|
|
subL[2] = krll; subR[2] = krlr;
|
|
/* k2 */
|
|
subL[3] = krrl; subR[3] = krrr;
|
|
ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
|
|
/* k7 */
|
|
subL[10] = krll; subR[10] = krlr;
|
|
/* k8 */
|
|
subL[11] = krrl; subR[11] = krrr;
|
|
ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
|
|
/* k15 */
|
|
subL[20] = krll; subR[20] = krlr;
|
|
/* k16 */
|
|
subL[21] = krrl; subR[21] = krrr;
|
|
ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
|
|
/* kw3 */
|
|
subL[32] = krll; subR[32] = krlr;
|
|
/* kw4 */
|
|
subL[33] = krrl; subR[33] = krrr;
|
|
|
|
camellia_setup_tail(subkey, subL, subR, 32);
|
|
}
|
|
|
|
static void camellia_setup192(const unsigned char *key, u32 *subkey)
|
|
{
|
|
unsigned char kk[32];
|
|
u32 krll, krlr, krrl, krrr;
|
|
|
|
memcpy(kk, key, 24);
|
|
memcpy((unsigned char *)&krll, key+16, 4);
|
|
memcpy((unsigned char *)&krlr, key+20, 4);
|
|
krrl = ~krll;
|
|
krrr = ~krlr;
|
|
memcpy(kk+24, (unsigned char *)&krrl, 4);
|
|
memcpy(kk+28, (unsigned char *)&krrr, 4);
|
|
camellia_setup256(kk, subkey);
|
|
}
|
|
|
|
|
|
/*
|
|
* Encrypt/decrypt
|
|
*/
|
|
#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
|
|
t0 = kll; \
|
|
t2 = krr; \
|
|
t0 &= ll; \
|
|
t2 |= rr; \
|
|
rl ^= t2; \
|
|
lr ^= rol32(t0, 1); \
|
|
t3 = krl; \
|
|
t1 = klr; \
|
|
t3 &= rl; \
|
|
t1 |= lr; \
|
|
ll ^= t1; \
|
|
rr ^= rol32(t3, 1); \
|
|
})
|
|
|
|
#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \
|
|
yl ^= kl; \
|
|
yr ^= kr; \
|
|
ir = camellia_sp1110[(u8)xr]; \
|
|
il = camellia_sp1110[(u8)(xl >> 24)]; \
|
|
ir ^= camellia_sp0222[(u8)(xr >> 24)]; \
|
|
il ^= camellia_sp0222[(u8)(xl >> 16)]; \
|
|
ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
|
|
il ^= camellia_sp3033[(u8)(xl >> 8)]; \
|
|
ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
|
|
il ^= camellia_sp4404[(u8)xl]; \
|
|
ir ^= il; \
|
|
yl ^= ir; \
|
|
yr ^= ror32(il, 8) ^ ir; \
|
|
})
|
|
|
|
/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
|
|
static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
|
|
{
|
|
u32 il, ir, t0, t1; /* temporary variables */
|
|
|
|
/* pre whitening but absorb kw2 */
|
|
io[0] ^= SUBKEY_L(0);
|
|
io[1] ^= SUBKEY_R(0);
|
|
|
|
/* main iteration */
|
|
#define ROUNDS(i) ({ \
|
|
CAMELLIA_ROUNDSM(io[0], io[1], \
|
|
SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
|
|
io[2], io[3], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[2], io[3], \
|
|
SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
|
|
io[0], io[1], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[0], io[1], \
|
|
SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
|
|
io[2], io[3], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[2], io[3], \
|
|
SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
|
|
io[0], io[1], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[0], io[1], \
|
|
SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
|
|
io[2], io[3], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[2], io[3], \
|
|
SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
|
|
io[0], io[1], il, ir); \
|
|
})
|
|
#define FLS(i) ({ \
|
|
CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
|
|
SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
|
|
SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
|
|
t0, t1, il, ir); \
|
|
})
|
|
|
|
ROUNDS(0);
|
|
FLS(8);
|
|
ROUNDS(8);
|
|
FLS(16);
|
|
ROUNDS(16);
|
|
if (max == 32) {
|
|
FLS(24);
|
|
ROUNDS(24);
|
|
}
|
|
|
|
#undef ROUNDS
|
|
#undef FLS
|
|
|
|
/* post whitening but kw4 */
|
|
io[2] ^= SUBKEY_L(max);
|
|
io[3] ^= SUBKEY_R(max);
|
|
/* NB: io[0],[1] should be swapped with [2],[3] by caller! */
|
|
}
|
|
|
|
static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
|
|
{
|
|
u32 il, ir, t0, t1; /* temporary variables */
|
|
|
|
/* pre whitening but absorb kw2 */
|
|
io[0] ^= SUBKEY_L(i);
|
|
io[1] ^= SUBKEY_R(i);
|
|
|
|
/* main iteration */
|
|
#define ROUNDS(i) ({ \
|
|
CAMELLIA_ROUNDSM(io[0], io[1], \
|
|
SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
|
|
io[2], io[3], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[2], io[3], \
|
|
SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
|
|
io[0], io[1], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[0], io[1], \
|
|
SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
|
|
io[2], io[3], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[2], io[3], \
|
|
SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
|
|
io[0], io[1], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[0], io[1], \
|
|
SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
|
|
io[2], io[3], il, ir); \
|
|
CAMELLIA_ROUNDSM(io[2], io[3], \
|
|
SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
|
|
io[0], io[1], il, ir); \
|
|
})
|
|
#define FLS(i) ({ \
|
|
CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
|
|
SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
|
|
SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
|
|
t0, t1, il, ir); \
|
|
})
|
|
|
|
if (i == 32) {
|
|
ROUNDS(24);
|
|
FLS(24);
|
|
}
|
|
ROUNDS(16);
|
|
FLS(16);
|
|
ROUNDS(8);
|
|
FLS(8);
|
|
ROUNDS(0);
|
|
|
|
#undef ROUNDS
|
|
#undef FLS
|
|
|
|
/* post whitening but kw4 */
|
|
io[2] ^= SUBKEY_L(0);
|
|
io[3] ^= SUBKEY_R(0);
|
|
/* NB: 0,1 should be swapped with 2,3 by caller! */
|
|
}
|
|
|
|
|
|
struct camellia_ctx {
|
|
int key_length;
|
|
u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
|
|
};
|
|
|
|
static int
|
|
camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
|
|
unsigned int key_len)
|
|
{
|
|
struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
|
|
const unsigned char *key = (const unsigned char *)in_key;
|
|
u32 *flags = &tfm->crt_flags;
|
|
|
|
if (key_len != 16 && key_len != 24 && key_len != 32) {
|
|
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
|
|
return -EINVAL;
|
|
}
|
|
|
|
cctx->key_length = key_len;
|
|
|
|
switch (key_len) {
|
|
case 16:
|
|
camellia_setup128(key, cctx->key_table);
|
|
break;
|
|
case 24:
|
|
camellia_setup192(key, cctx->key_table);
|
|
break;
|
|
case 32:
|
|
camellia_setup256(key, cctx->key_table);
|
|
break;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
|
|
{
|
|
const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
|
|
const __be32 *src = (const __be32 *)in;
|
|
__be32 *dst = (__be32 *)out;
|
|
unsigned int max;
|
|
|
|
u32 tmp[4];
|
|
|
|
tmp[0] = be32_to_cpu(src[0]);
|
|
tmp[1] = be32_to_cpu(src[1]);
|
|
tmp[2] = be32_to_cpu(src[2]);
|
|
tmp[3] = be32_to_cpu(src[3]);
|
|
|
|
if (cctx->key_length == 16)
|
|
max = 24;
|
|
else
|
|
max = 32; /* for key lengths of 24 and 32 */
|
|
|
|
camellia_do_encrypt(cctx->key_table, tmp, max);
|
|
|
|
/* do_encrypt returns 0,1 swapped with 2,3 */
|
|
dst[0] = cpu_to_be32(tmp[2]);
|
|
dst[1] = cpu_to_be32(tmp[3]);
|
|
dst[2] = cpu_to_be32(tmp[0]);
|
|
dst[3] = cpu_to_be32(tmp[1]);
|
|
}
|
|
|
|
static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
|
|
{
|
|
const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
|
|
const __be32 *src = (const __be32 *)in;
|
|
__be32 *dst = (__be32 *)out;
|
|
unsigned int max;
|
|
|
|
u32 tmp[4];
|
|
|
|
tmp[0] = be32_to_cpu(src[0]);
|
|
tmp[1] = be32_to_cpu(src[1]);
|
|
tmp[2] = be32_to_cpu(src[2]);
|
|
tmp[3] = be32_to_cpu(src[3]);
|
|
|
|
if (cctx->key_length == 16)
|
|
max = 24;
|
|
else
|
|
max = 32; /* for key lengths of 24 and 32 */
|
|
|
|
camellia_do_decrypt(cctx->key_table, tmp, max);
|
|
|
|
/* do_decrypt returns 0,1 swapped with 2,3 */
|
|
dst[0] = cpu_to_be32(tmp[2]);
|
|
dst[1] = cpu_to_be32(tmp[3]);
|
|
dst[2] = cpu_to_be32(tmp[0]);
|
|
dst[3] = cpu_to_be32(tmp[1]);
|
|
}
|
|
|
|
static struct crypto_alg camellia_alg = {
|
|
.cra_name = "camellia",
|
|
.cra_driver_name = "camellia-generic",
|
|
.cra_priority = 100,
|
|
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
|
|
.cra_blocksize = CAMELLIA_BLOCK_SIZE,
|
|
.cra_ctxsize = sizeof(struct camellia_ctx),
|
|
.cra_alignmask = 3,
|
|
.cra_module = THIS_MODULE,
|
|
.cra_u = {
|
|
.cipher = {
|
|
.cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
|
|
.cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
|
|
.cia_setkey = camellia_set_key,
|
|
.cia_encrypt = camellia_encrypt,
|
|
.cia_decrypt = camellia_decrypt
|
|
}
|
|
}
|
|
};
|
|
|
|
static int __init camellia_init(void)
|
|
{
|
|
return crypto_register_alg(&camellia_alg);
|
|
}
|
|
|
|
static void __exit camellia_fini(void)
|
|
{
|
|
crypto_unregister_alg(&camellia_alg);
|
|
}
|
|
|
|
module_init(camellia_init);
|
|
module_exit(camellia_fini);
|
|
|
|
MODULE_DESCRIPTION("Camellia Cipher Algorithm");
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_ALIAS_CRYPTO("camellia");
|
|
MODULE_ALIAS_CRYPTO("camellia-generic");
|