Kernel

Kernel Git Source Tree

Root/crypto/camellia.c

1	/*
2	* Copyright (C) 2006
3	* NTT (Nippon Telegraph and Telephone Corporation).
4	*
5	* This program is free software; you can redistribute it and/or
6	* modify it under the terms of the GNU General Public License
7	* as published by the Free Software Foundation; either version 2
8	* of the License, or (at your option) any later version.
9	*
10	* This program is distributed in the hope that it will be useful,
11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	* GNU General Public License for more details.
14	*
15	* You should have received a copy of the GNU General Public License
16	* along with this program; if not, write to the Free Software
17	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18	*/
19
20	/*
21	* Algorithm Specification
22	* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23	*/
24
25	/*
26	*
27	* NOTE --- NOTE --- NOTE --- NOTE
28	* This implementation assumes that all memory addresses passed
29	* as parameters are four-byte aligned.
30	*
31	*/
32
33	#include <linux/crypto.h>
34	#include <linux/errno.h>
35	#include <linux/init.h>
36	#include <linux/kernel.h>
37	#include <linux/module.h>
38	#include <linux/bitops.h>
39	#include <asm/unaligned.h>
40
41	static const u32 camellia_sp1110[256] = {
42	0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
43	0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
44	0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
45	0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
46	0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
47	0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
48	0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
49	0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
50	0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
51	0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
52	0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
53	0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
54	0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
55	0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
56	0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
57	0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
58	0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
59	0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
60	0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
61	0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
62	0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
63	0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
64	0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
65	0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
66	0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
67	0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
68	0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
69	0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
70	0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
71	0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
72	0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
73	0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
74	0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
75	0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
76	0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
77	0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
78	0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
79	0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
80	0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
81	0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
82	0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
83	0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
84	0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
85	0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
86	0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
87	0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
88	0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
89	0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
90	0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
91	0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
92	0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
93	0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
94	0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
95	0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
96	0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
97	0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
98	0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
99	0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
100	0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
101	0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
102	0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
103	0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
104	0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
105	0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
106	};
107
108	static const u32 camellia_sp0222[256] = {
109	0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
110	0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
111	0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
112	0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
113	0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
114	0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
115	0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
116	0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
117	0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
118	0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
119	0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
120	0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
121	0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
122	0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
123	0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
124	0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
125	0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
126	0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
127	0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
128	0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
129	0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
130	0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
131	0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
132	0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
133	0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
134	0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
135	0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
136	0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
137	0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
138	0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
139	0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
140	0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
141	0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
142	0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
143	0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
144	0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
145	0x00202020, 0x00898989, 0x00000000, 0x00909090,
146	0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
147	0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
148	0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
149	0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
150	0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
151	0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
152	0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
153	0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
154	0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
155	0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
156	0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
157	0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
158	0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
159	0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
160	0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
161	0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
162	0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
163	0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
164	0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
165	0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
166	0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
167	0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
168	0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
169	0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
170	0x00777777, 0x00939393, 0x00868686, 0x00838383,
171	0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
172	0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
173	};
174
175	static const u32 camellia_sp3033[256] = {
176	0x38003838, 0x41004141, 0x16001616, 0x76007676,
177	0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
178	0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
179	0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
180	0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
181	0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
182	0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
183	0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
184	0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
185	0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
186	0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
187	0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
188	0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
189	0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
190	0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
191	0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
192	0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
193	0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
194	0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
195	0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
196	0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
197	0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
198	0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
199	0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
200	0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
201	0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
202	0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
203	0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
204	0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
205	0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
206	0x12001212, 0x04000404, 0x74007474, 0x54005454,
207	0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
208	0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
209	0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
210	0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
211	0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
212	0x08000808, 0x62006262, 0x00000000, 0x24002424,
213	0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
214	0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
215	0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
216	0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
217	0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
218	0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
219	0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
220	0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
221	0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
222	0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
223	0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
224	0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
225	0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
226	0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
227	0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
228	0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
229	0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
230	0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
231	0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
232	0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
233	0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
234	0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
235	0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
236	0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
237	0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
238	0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
239	0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
240	};
241
242	static const u32 camellia_sp4404[256] = {
243	0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
244	0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
245	0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
246	0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
247	0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
248	0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
249	0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
250	0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
251	0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
252	0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
253	0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
254	0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
255	0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
256	0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
257	0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
258	0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
259	0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
260	0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
261	0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
262	0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
263	0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
264	0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
265	0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
266	0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
267	0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
268	0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
269	0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
270	0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
271	0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
272	0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
273	0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
274	0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
275	0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
276	0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
277	0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
278	0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
279	0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
280	0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
281	0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
282	0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
283	0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
284	0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
285	0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
286	0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
287	0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
288	0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
289	0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
290	0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
291	0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
292	0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
293	0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
294	0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
295	0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
296	0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
297	0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
298	0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
299	0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
300	0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
301	0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
302	0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
303	0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
304	0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
305	0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
306	0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
307	};
308
309
310	#define CAMELLIA_MIN_KEY_SIZE 16
311	#define CAMELLIA_MAX_KEY_SIZE 32
312	#define CAMELLIA_BLOCK_SIZE 16
313	#define CAMELLIA_TABLE_BYTE_LEN 272
314
315	/*
316	* NB: L and R below stand for 'left' and 'right' as in written numbers.
317	* That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
318	* _not_ least significant ones!
319	*/
320
321
322	/* key constants */
323
324	#define CAMELLIA_SIGMA1L (0xA09E667FL)
325	#define CAMELLIA_SIGMA1R (0x3BCC908BL)
326	#define CAMELLIA_SIGMA2L (0xB67AE858L)
327	#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
328	#define CAMELLIA_SIGMA3L (0xC6EF372FL)
329	#define CAMELLIA_SIGMA3R (0xE94F82BEL)
330	#define CAMELLIA_SIGMA4L (0x54FF53A5L)
331	#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
332	#define CAMELLIA_SIGMA5L (0x10E527FAL)
333	#define CAMELLIA_SIGMA5R (0xDE682D1DL)
334	#define CAMELLIA_SIGMA6L (0xB05688C2L)
335	#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
336
337	/*
338	* macros
339	*/
340	#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
341	do { \
342	w0 = ll; \
343	ll = (ll << bits) + (lr >> (32 - bits)); \
344	lr = (lr << bits) + (rl >> (32 - bits)); \
345	rl = (rl << bits) + (rr >> (32 - bits)); \
346	rr = (rr << bits) + (w0 >> (32 - bits)); \
347	} while (0)
348
349	#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
350	do { \
351	w0 = ll; \
352	w1 = lr; \
353	ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
354	lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
355	rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
356	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
357	} while (0)
358
359	#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
360	do { \
361	il = xl ^ kl; \
362	ir = xr ^ kr; \
363	t0 = il >> 16; \
364	t1 = ir >> 16; \
365	yl = camellia_sp1110[(u8)(ir )] \
366	^ camellia_sp0222[ (t1 >> 8)] \
367	^ camellia_sp3033[(u8)(t1 )] \
368	^ camellia_sp4404[(u8)(ir >> 8)]; \
369	yr = camellia_sp1110[ (t0 >> 8)] \
370	^ camellia_sp0222[(u8)(t0 )] \
371	^ camellia_sp3033[(u8)(il >> 8)] \
372	^ camellia_sp4404[(u8)(il )]; \
373	yl ^= yr; \
374	yr = ror32(yr, 8); \
375	yr ^= yl; \
376	} while (0)
377
378	#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
379	#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
380
381	static void camellia_setup_tail(u32 subkey, u32 subL, u32 *subR, int max)
382	{
383	u32 dw, tl, tr;
384	u32 kw4l, kw4r;
385	int i;
386
387	/* absorb kw2 to other subkeys */
388	/* round 2 */
389	subL[3] ^= subL[1]; subR[3] ^= subR[1];
390	/* round 4 */
391	subL[5] ^= subL[1]; subR[5] ^= subR[1];
392	/* round 6 */
393	subL[7] ^= subL[1]; subR[7] ^= subR[1];
394	subL[1] ^= subR[1] & ~subR[9];
395	dw = subL[1] & subL[9],
396	subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
397	/* round 8 */
398	subL[11] ^= subL[1]; subR[11] ^= subR[1];
399	/* round 10 */
400	subL[13] ^= subL[1]; subR[13] ^= subR[1];
401	/* round 12 */
402	subL[15] ^= subL[1]; subR[15] ^= subR[1];
403	subL[1] ^= subR[1] & ~subR[17];
404	dw = subL[1] & subL[17],
405	subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
406	/* round 14 */
407	subL[19] ^= subL[1]; subR[19] ^= subR[1];
408	/* round 16 */
409	subL[21] ^= subL[1]; subR[21] ^= subR[1];
410	/* round 18 */
411	subL[23] ^= subL[1]; subR[23] ^= subR[1];
412	if (max == 24) {
413	/* kw3 */
414	subL[24] ^= subL[1]; subR[24] ^= subR[1];
415
416	/* absorb kw4 to other subkeys */
417	kw4l = subL[25]; kw4r = subR[25];
418	} else {
419	subL[1] ^= subR[1] & ~subR[25];
420	dw = subL[1] & subL[25],
421	subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
422	/* round 20 */
423	subL[27] ^= subL[1]; subR[27] ^= subR[1];
424	/* round 22 */
425	subL[29] ^= subL[1]; subR[29] ^= subR[1];
426	/* round 24 */
427	subL[31] ^= subL[1]; subR[31] ^= subR[1];
428	/* kw3 */
429	subL[32] ^= subL[1]; subR[32] ^= subR[1];
430
431	/* absorb kw4 to other subkeys */
432	kw4l = subL[33]; kw4r = subR[33];
433	/* round 23 */
434	subL[30] ^= kw4l; subR[30] ^= kw4r;
435	/* round 21 */
436	subL[28] ^= kw4l; subR[28] ^= kw4r;
437	/* round 19 */
438	subL[26] ^= kw4l; subR[26] ^= kw4r;
439	kw4l ^= kw4r & ~subR[24];
440	dw = kw4l & subL[24],
441	kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
442	}
443	/* round 17 */
444	subL[22] ^= kw4l; subR[22] ^= kw4r;
445	/* round 15 */
446	subL[20] ^= kw4l; subR[20] ^= kw4r;
447	/* round 13 */
448	subL[18] ^= kw4l; subR[18] ^= kw4r;
449	kw4l ^= kw4r & ~subR[16];
450	dw = kw4l & subL[16],
451	kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
452	/* round 11 */
453	subL[14] ^= kw4l; subR[14] ^= kw4r;
454	/* round 9 */
455	subL[12] ^= kw4l; subR[12] ^= kw4r;
456	/* round 7 */
457	subL[10] ^= kw4l; subR[10] ^= kw4r;
458	kw4l ^= kw4r & ~subR[8];
459	dw = kw4l & subL[8],
460	kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
461	/* round 5 */
462	subL[6] ^= kw4l; subR[6] ^= kw4r;
463	/* round 3 */
464	subL[4] ^= kw4l; subR[4] ^= kw4r;
465	/* round 1 */
466	subL[2] ^= kw4l; subR[2] ^= kw4r;
467	/* kw1 */
468	subL[0] ^= kw4l; subR[0] ^= kw4r;
469
470	/* key XOR is end of F-function */
471	SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
472	SUBKEY_R(0) = subR[0] ^ subR[2];
473	SUBKEY_L(2) = subL[3]; /* round 1 */
474	SUBKEY_R(2) = subR[3];
475	SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
476	SUBKEY_R(3) = subR[2] ^ subR[4];
477	SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
478	SUBKEY_R(4) = subR[3] ^ subR[5];
479	SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
480	SUBKEY_R(5) = subR[4] ^ subR[6];
481	SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
482	SUBKEY_R(6) = subR[5] ^ subR[7];
483	tl = subL[10] ^ (subR[10] & ~subR[8]);
484	dw = tl & subL[8], /* FL(kl1) */
485	tr = subR[10] ^ rol32(dw, 1);
486	SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
487	SUBKEY_R(7) = subR[6] ^ tr;
488	SUBKEY_L(8) = subL[8]; /* FL(kl1) */
489	SUBKEY_R(8) = subR[8];
490	SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
491	SUBKEY_R(9) = subR[9];
492	tl = subL[7] ^ (subR[7] & ~subR[9]);
493	dw = tl & subL[9], /* FLinv(kl2) */
494	tr = subR[7] ^ rol32(dw, 1);
495	SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
496	SUBKEY_R(10) = tr ^ subR[11];
497	SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
498	SUBKEY_R(11) = subR[10] ^ subR[12];
499	SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
500	SUBKEY_R(12) = subR[11] ^ subR[13];
501	SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
502	SUBKEY_R(13) = subR[12] ^ subR[14];
503	SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
504	SUBKEY_R(14) = subR[13] ^ subR[15];
505	tl = subL[18] ^ (subR[18] & ~subR[16]);
506	dw = tl & subL[16], /* FL(kl3) */
507	tr = subR[18] ^ rol32(dw, 1);
508	SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
509	SUBKEY_R(15) = subR[14] ^ tr;
510	SUBKEY_L(16) = subL[16]; /* FL(kl3) */
511	SUBKEY_R(16) = subR[16];
512	SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
513	SUBKEY_R(17) = subR[17];
514	tl = subL[15] ^ (subR[15] & ~subR[17]);
515	dw = tl & subL[17], /* FLinv(kl4) */
516	tr = subR[15] ^ rol32(dw, 1);
517	SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
518	SUBKEY_R(18) = tr ^ subR[19];
519	SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
520	SUBKEY_R(19) = subR[18] ^ subR[20];
521	SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
522	SUBKEY_R(20) = subR[19] ^ subR[21];
523	SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
524	SUBKEY_R(21) = subR[20] ^ subR[22];
525	SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
526	SUBKEY_R(22) = subR[21] ^ subR[23];
527	if (max == 24) {
528	SUBKEY_L(23) = subL[22]; /* round 18 */
529	SUBKEY_R(23) = subR[22];
530	SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
531	SUBKEY_R(24) = subR[24] ^ subR[23];
532	} else {
533	tl = subL[26] ^ (subR[26] & ~subR[24]);
534	dw = tl & subL[24], /* FL(kl5) */
535	tr = subR[26] ^ rol32(dw, 1);
536	SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
537	SUBKEY_R(23) = subR[22] ^ tr;
538	SUBKEY_L(24) = subL[24]; /* FL(kl5) */
539	SUBKEY_R(24) = subR[24];
540	SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
541	SUBKEY_R(25) = subR[25];
542	tl = subL[23] ^ (subR[23] & ~subR[25]);
543	dw = tl & subL[25], /* FLinv(kl6) */
544	tr = subR[23] ^ rol32(dw, 1);
545	SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
546	SUBKEY_R(26) = tr ^ subR[27];
547	SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
548	SUBKEY_R(27) = subR[26] ^ subR[28];
549	SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
550	SUBKEY_R(28) = subR[27] ^ subR[29];
551	SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
552	SUBKEY_R(29) = subR[28] ^ subR[30];
553	SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
554	SUBKEY_R(30) = subR[29] ^ subR[31];
555	SUBKEY_L(31) = subL[30]; /* round 24 */
556	SUBKEY_R(31) = subR[30];
557	SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
558	SUBKEY_R(32) = subR[32] ^ subR[31];
559	}
560
561	/* apply the inverse of the last half of P-function */
562	i = 2;
563	do {
564	dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */
565	SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw;
566	dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */
567	SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw;
568	dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */
569	SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw;
570	dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */
571	SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw;
572	dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 8);/* round 5 */
573	SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw;
574	dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */
575	SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw;
576	i += 8;
577	} while (i < max);
578	}
579
580	static void camellia_setup128(const unsigned char key, u32 subkey)
581	{
582	u32 kll, klr, krl, krr;
583	u32 il, ir, t0, t1, w0, w1;
584	u32 subL[26];
585	u32 subR[26];
586
587	/**
588	* k == kll \|\| klr \|\| krl \|\| krr (\|\| is concatenation)
589	*/
590	kll = get_unaligned_be32(key);
591	klr = get_unaligned_be32(key + 4);
592	krl = get_unaligned_be32(key + 8);
593	krr = get_unaligned_be32(key + 12);
594
595	/* generate KL dependent subkeys */
596	/* kw1 */
597	subL[0] = kll; subR[0] = klr;
598	/* kw2 */
599	subL[1] = krl; subR[1] = krr;
600	/* rotation left shift 15bit */
601	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
602	/* k3 */
603	subL[4] = kll; subR[4] = klr;
604	/* k4 */
605	subL[5] = krl; subR[5] = krr;
606	/* rotation left shift 15+30bit */
607	ROLDQ(kll, klr, krl, krr, w0, w1, 30);
608	/* k7 */
609	subL[10] = kll; subR[10] = klr;
610	/* k8 */
611	subL[11] = krl; subR[11] = krr;
612	/* rotation left shift 15+30+15bit */
613	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
614	/* k10 */
615	subL[13] = krl; subR[13] = krr;
616	/* rotation left shift 15+30+15+17 bit */
617	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
618	/* kl3 */
619	subL[16] = kll; subR[16] = klr;
620	/* kl4 */
621	subL[17] = krl; subR[17] = krr;
622	/* rotation left shift 15+30+15+17+17 bit */
623	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
624	/* k13 */
625	subL[18] = kll; subR[18] = klr;
626	/* k14 */
627	subL[19] = krl; subR[19] = krr;
628	/* rotation left shift 15+30+15+17+17+17 bit */
629	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
630	/* k17 */
631	subL[22] = kll; subR[22] = klr;
632	/* k18 */
633	subL[23] = krl; subR[23] = krr;
634
635	/* generate KA */
636	kll = subL[0]; klr = subR[0];
637	krl = subL[1]; krr = subR[1];
638	CAMELLIA_F(kll, klr,
639	CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
640	w0, w1, il, ir, t0, t1);
641	krl ^= w0; krr ^= w1;
642	CAMELLIA_F(krl, krr,
643	CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
644	kll, klr, il, ir, t0, t1);
645	/* current status == (kll, klr, w0, w1) */
646	CAMELLIA_F(kll, klr,
647	CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
648	krl, krr, il, ir, t0, t1);
649	krl ^= w0; krr ^= w1;
650	CAMELLIA_F(krl, krr,
651	CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
652	w0, w1, il, ir, t0, t1);
653	kll ^= w0; klr ^= w1;
654
655	/* generate KA dependent subkeys */
656	/* k1, k2 */
657	subL[2] = kll; subR[2] = klr;
658	subL[3] = krl; subR[3] = krr;
659	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
660	/* k5,k6 */
661	subL[6] = kll; subR[6] = klr;
662	subL[7] = krl; subR[7] = krr;
663	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
664	/* kl1, kl2 */
665	subL[8] = kll; subR[8] = klr;
666	subL[9] = krl; subR[9] = krr;
667	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
668	/* k9 */
669	subL[12] = kll; subR[12] = klr;
670	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
671	/* k11, k12 */
672	subL[14] = kll; subR[14] = klr;
673	subL[15] = krl; subR[15] = krr;
674	ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
675	/* k15, k16 */
676	subL[20] = kll; subR[20] = klr;
677	subL[21] = krl; subR[21] = krr;
678	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
679	/* kw3, kw4 */
680	subL[24] = kll; subR[24] = klr;
681	subL[25] = krl; subR[25] = krr;
682
683	camellia_setup_tail(subkey, subL, subR, 24);
684	}
685
686	static void camellia_setup256(const unsigned char key, u32 subkey)
687	{
688	u32 kll, klr, krl, krr; /* left half of key */
689	u32 krll, krlr, krrl, krrr; /* right half of key */
690	u32 il, ir, t0, t1, w0, w1; /* temporary variables */
691	u32 subL[34];
692	u32 subR[34];
693
694	/**
695	* key = (kll \|\| klr \|\| krl \|\| krr \|\| krll \|\| krlr \|\| krrl \|\| krrr)
696	* (\|\| is concatenation)
697	*/
698	kll = get_unaligned_be32(key);
699	klr = get_unaligned_be32(key + 4);
700	krl = get_unaligned_be32(key + 8);
701	krr = get_unaligned_be32(key + 12);
702	krll = get_unaligned_be32(key + 16);
703	krlr = get_unaligned_be32(key + 20);
704	krrl = get_unaligned_be32(key + 24);
705	krrr = get_unaligned_be32(key + 28);
706
707	/* generate KL dependent subkeys */
708	/* kw1 */
709	subL[0] = kll; subR[0] = klr;
710	/* kw2 */
711	subL[1] = krl; subR[1] = krr;
712	ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
713	/* k9 */
714	subL[12] = kll; subR[12] = klr;
715	/* k10 */
716	subL[13] = krl; subR[13] = krr;
717	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
718	/* kl3 */
719	subL[16] = kll; subR[16] = klr;
720	/* kl4 */
721	subL[17] = krl; subR[17] = krr;
722	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
723	/* k17 */
724	subL[22] = kll; subR[22] = klr;
725	/* k18 */
726	subL[23] = krl; subR[23] = krr;
727	ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
728	/* k23 */
729	subL[30] = kll; subR[30] = klr;
730	/* k24 */
731	subL[31] = krl; subR[31] = krr;
732
733	/* generate KR dependent subkeys */
734	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
735	/* k3 */
736	subL[4] = krll; subR[4] = krlr;
737	/* k4 */
738	subL[5] = krrl; subR[5] = krrr;
739	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
740	/* kl1 */
741	subL[8] = krll; subR[8] = krlr;
742	/* kl2 */
743	subL[9] = krrl; subR[9] = krrr;
744	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
745	/* k13 */
746	subL[18] = krll; subR[18] = krlr;
747	/* k14 */
748	subL[19] = krrl; subR[19] = krrr;
749	ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
750	/* k19 */
751	subL[26] = krll; subR[26] = krlr;
752	/* k20 */
753	subL[27] = krrl; subR[27] = krrr;
754	ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
755
756	/* generate KA */
757	kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
758	krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
759	CAMELLIA_F(kll, klr,
760	CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
761	w0, w1, il, ir, t0, t1);
762	krl ^= w0; krr ^= w1;
763	CAMELLIA_F(krl, krr,
764	CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
765	kll, klr, il, ir, t0, t1);
766	kll ^= krll; klr ^= krlr;
767	CAMELLIA_F(kll, klr,
768	CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
769	krl, krr, il, ir, t0, t1);
770	krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
771	CAMELLIA_F(krl, krr,
772	CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
773	w0, w1, il, ir, t0, t1);
774	kll ^= w0; klr ^= w1;
775
776	/* generate KB */
777	krll ^= kll; krlr ^= klr;
778	krrl ^= krl; krrr ^= krr;
779	CAMELLIA_F(krll, krlr,
780	CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
781	w0, w1, il, ir, t0, t1);
782	krrl ^= w0; krrr ^= w1;
783	CAMELLIA_F(krrl, krrr,
784	CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
785	w0, w1, il, ir, t0, t1);
786	krll ^= w0; krlr ^= w1;
787
788	/* generate KA dependent subkeys */
789	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
790	/* k5 */
791	subL[6] = kll; subR[6] = klr;
792	/* k6 */
793	subL[7] = krl; subR[7] = krr;
794	ROLDQ(kll, klr, krl, krr, w0, w1, 30);
795	/* k11 */
796	subL[14] = kll; subR[14] = klr;
797	/* k12 */
798	subL[15] = krl; subR[15] = krr;
799	/* rotation left shift 32bit */
800	/* kl5 */
801	subL[24] = klr; subR[24] = krl;
802	/* kl6 */
803	subL[25] = krr; subR[25] = kll;
804	/* rotation left shift 49 from k11,k12 -> k21,k22 */
805	ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
806	/* k21 */
807	subL[28] = kll; subR[28] = klr;
808	/* k22 */
809	subL[29] = krl; subR[29] = krr;
810
811	/* generate KB dependent subkeys */
812	/* k1 */
813	subL[2] = krll; subR[2] = krlr;
814	/* k2 */
815	subL[3] = krrl; subR[3] = krrr;
816	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
817	/* k7 */
818	subL[10] = krll; subR[10] = krlr;
819	/* k8 */
820	subL[11] = krrl; subR[11] = krrr;
821	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
822	/* k15 */
823	subL[20] = krll; subR[20] = krlr;
824	/* k16 */
825	subL[21] = krrl; subR[21] = krrr;
826	ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
827	/* kw3 */
828	subL[32] = krll; subR[32] = krlr;
829	/* kw4 */
830	subL[33] = krrl; subR[33] = krrr;
831
832	camellia_setup_tail(subkey, subL, subR, 32);
833	}
834
835	static void camellia_setup192(const unsigned char key, u32 subkey)
836	{
837	unsigned char kk[32];
838	u32 krll, krlr, krrl, krrr;
839
840	memcpy(kk, key, 24);
841	memcpy((unsigned char *)&krll, key+16, 4);
842	memcpy((unsigned char *)&krlr, key+20, 4);
843	krrl = ~krll;
844	krrr = ~krlr;
845	memcpy(kk+24, (unsigned char *)&krrl, 4);
846	memcpy(kk+28, (unsigned char *)&krrr, 4);
847	camellia_setup256(kk, subkey);
848	}
849
850
851	/*
852	* Encrypt/decrypt
853	*/
854	#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
855	do { \
856	t0 = kll; \
857	t2 = krr; \
858	t0 &= ll; \
859	t2 \|= rr; \
860	rl ^= t2; \
861	lr ^= rol32(t0, 1); \
862	t3 = krl; \
863	t1 = klr; \
864	t3 &= rl; \
865	t1 \|= lr; \
866	ll ^= t1; \
867	rr ^= rol32(t3, 1); \
868	} while (0)
869
870	#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \
871	do { \
872	ir = camellia_sp1110[(u8)xr]; \
873	il = camellia_sp1110[ (xl >> 24)]; \
874	ir ^= camellia_sp0222[ (xr >> 24)]; \
875	il ^= camellia_sp0222[(u8)(xl >> 16)]; \
876	ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
877	il ^= camellia_sp3033[(u8)(xl >> 8)]; \
878	ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
879	il ^= camellia_sp4404[(u8)xl]; \
880	il ^= kl; \
881	ir ^= il ^ kr; \
882	yl ^= ir; \
883	yr ^= ror32(il, 8) ^ ir; \
884	} while (0)
885
886	/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
887	static void camellia_do_encrypt(const u32 subkey, u32 io, unsigned max)
888	{
889	u32 il, ir, t0, t1; /* temporary variables */
890
891	/* pre whitening but absorb kw2 */
892	io[0] ^= SUBKEY_L(0);
893	io[1] ^= SUBKEY_R(0);
894
895	/* main iteration */
896	#define ROUNDS(i) do { \
897	CAMELLIA_ROUNDSM(io[0], io[1], \
898	SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
899	io[2], io[3], il, ir); \
900	CAMELLIA_ROUNDSM(io[2], io[3], \
901	SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
902	io[0], io[1], il, ir); \
903	CAMELLIA_ROUNDSM(io[0], io[1], \
904	SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
905	io[2], io[3], il, ir); \
906	CAMELLIA_ROUNDSM(io[2], io[3], \
907	SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
908	io[0], io[1], il, ir); \
909	CAMELLIA_ROUNDSM(io[0], io[1], \
910	SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
911	io[2], io[3], il, ir); \
912	CAMELLIA_ROUNDSM(io[2], io[3], \
913	SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
914	io[0], io[1], il, ir); \
915	} while (0)
916	#define FLS(i) do { \
917	CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
918	SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
919	SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
920	t0, t1, il, ir); \
921	} while (0)
922
923	ROUNDS(0);
924	FLS(8);
925	ROUNDS(8);
926	FLS(16);
927	ROUNDS(16);
928	if (max == 32) {
929	FLS(24);
930	ROUNDS(24);
931	}
932
933	#undef ROUNDS
934	#undef FLS
935
936	/* post whitening but kw4 */
937	io[2] ^= SUBKEY_L(max);
938	io[3] ^= SUBKEY_R(max);
939	/* NB: io[0],[1] should be swapped with [2],[3] by caller! */
940	}
941
942	static void camellia_do_decrypt(const u32 subkey, u32 io, unsigned i)
943	{
944	u32 il, ir, t0, t1; /* temporary variables */
945
946	/* pre whitening but absorb kw2 */
947	io[0] ^= SUBKEY_L(i);
948	io[1] ^= SUBKEY_R(i);
949
950	/* main iteration */
951	#define ROUNDS(i) do { \
952	CAMELLIA_ROUNDSM(io[0], io[1], \
953	SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
954	io[2], io[3], il, ir); \
955	CAMELLIA_ROUNDSM(io[2], io[3], \
956	SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
957	io[0], io[1], il, ir); \
958	CAMELLIA_ROUNDSM(io[0], io[1], \
959	SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
960	io[2], io[3], il, ir); \
961	CAMELLIA_ROUNDSM(io[2], io[3], \
962	SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
963	io[0], io[1], il, ir); \
964	CAMELLIA_ROUNDSM(io[0], io[1], \
965	SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
966	io[2], io[3], il, ir); \
967	CAMELLIA_ROUNDSM(io[2], io[3], \
968	SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
969	io[0], io[1], il, ir); \
970	} while (0)
971	#define FLS(i) do { \
972	CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
973	SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
974	SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
975	t0, t1, il, ir); \
976	} while (0)
977
978	if (i == 32) {
979	ROUNDS(24);
980	FLS(24);
981	}
982	ROUNDS(16);
983	FLS(16);
984	ROUNDS(8);
985	FLS(8);
986	ROUNDS(0);
987
988	#undef ROUNDS
989	#undef FLS
990
991	/* post whitening but kw4 */
992	io[2] ^= SUBKEY_L(0);
993	io[3] ^= SUBKEY_R(0);
994	/* NB: 0,1 should be swapped with 2,3 by caller! */
995	}
996
997
998	struct camellia_ctx {
999	int key_length;
1000	u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
1001	};
1002
1003	static int
1004	camellia_set_key(struct crypto_tfm tfm, const u8 in_key,
1005	unsigned int key_len)
1006	{
1007	struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1008	const unsigned char key = (const unsigned char )in_key;
1009	u32 *flags = &tfm->crt_flags;
1010
1011	if (key_len != 16 && key_len != 24 && key_len != 32) {
1012	*flags \|= CRYPTO_TFM_RES_BAD_KEY_LEN;
1013	return -EINVAL;
1014	}
1015
1016	cctx->key_length = key_len;
1017
1018	switch (key_len) {
1019	case 16:
1020	camellia_setup128(key, cctx->key_table);
1021	break;
1022	case 24:
1023	camellia_setup192(key, cctx->key_table);
1024	break;
1025	case 32:
1026	camellia_setup256(key, cctx->key_table);
1027	break;
1028	}
1029
1030	return 0;
1031	}
1032
1033	static void camellia_encrypt(struct crypto_tfm tfm, u8 out, const u8 *in)
1034	{
1035	const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1036	const __be32 src = (const __be32 )in;
1037	__be32 dst = (__be32 )out;
1038
1039	u32 tmp[4];
1040
1041	tmp[0] = be32_to_cpu(src[0]);
1042	tmp[1] = be32_to_cpu(src[1]);
1043	tmp[2] = be32_to_cpu(src[2]);
1044	tmp[3] = be32_to_cpu(src[3]);
1045
1046	camellia_do_encrypt(cctx->key_table, tmp,
1047	cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1048	);
1049
1050	/* do_encrypt returns 0,1 swapped with 2,3 */
1051	dst[0] = cpu_to_be32(tmp[2]);
1052	dst[1] = cpu_to_be32(tmp[3]);
1053	dst[2] = cpu_to_be32(tmp[0]);
1054	dst[3] = cpu_to_be32(tmp[1]);
1055	}
1056
1057	static void camellia_decrypt(struct crypto_tfm tfm, u8 out, const u8 *in)
1058	{
1059	const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1060	const __be32 src = (const __be32 )in;
1061	__be32 dst = (__be32 )out;
1062
1063	u32 tmp[4];
1064
1065	tmp[0] = be32_to_cpu(src[0]);
1066	tmp[1] = be32_to_cpu(src[1]);
1067	tmp[2] = be32_to_cpu(src[2]);
1068	tmp[3] = be32_to_cpu(src[3]);
1069
1070	camellia_do_decrypt(cctx->key_table, tmp,
1071	cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */
1072	);
1073
1074	/* do_decrypt returns 0,1 swapped with 2,3 */
1075	dst[0] = cpu_to_be32(tmp[2]);
1076	dst[1] = cpu_to_be32(tmp[3]);
1077	dst[2] = cpu_to_be32(tmp[0]);
1078	dst[3] = cpu_to_be32(tmp[1]);
1079	}
1080
1081	static struct crypto_alg camellia_alg = {
1082	.cra_name = "camellia",
1083	.cra_driver_name = "camellia-generic",
1084	.cra_priority = 100,
1085	.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1086	.cra_blocksize = CAMELLIA_BLOCK_SIZE,
1087	.cra_ctxsize = sizeof(struct camellia_ctx),
1088	.cra_alignmask = 3,
1089	.cra_module = THIS_MODULE,
1090	.cra_list = LIST_HEAD_INIT(camellia_alg.cra_list),
1091	.cra_u = {
1092	.cipher = {
1093	.cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1094	.cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1095	.cia_setkey = camellia_set_key,
1096	.cia_encrypt = camellia_encrypt,
1097	.cia_decrypt = camellia_decrypt
1098	}
1099	}
1100	};
1101
1102	static int __init camellia_init(void)
1103	{
1104	return crypto_register_alg(&camellia_alg);
1105	}
1106
1107	static void __exit camellia_fini(void)
1108	{
1109	crypto_unregister_alg(&camellia_alg);
1110	}
1111
1112	module_init(camellia_init);
1113	module_exit(camellia_fini);
1114
1115	MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1116	MODULE_LICENSE("GPL");
1117

Download this file

Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master

Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9

Kernel

Kernel Git Source Tree

Root/crypto/camellia.c

interactive