Back to home page

LXR

 
 

    


0001 /*
0002  * Copyright (C) 2006
0003  * NTT (Nippon Telegraph and Telephone Corporation).
0004  *
0005  * This program is free software; you can redistribute it and/or
0006  * modify it under the terms of the GNU General Public License
0007  * as published by the Free Software Foundation; either version 2
0008  * of the License, or (at your option) any later version.
0009  *
0010  * This program is distributed in the hope that it will be useful,
0011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
0012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0013  * GNU General Public License for more details.
0014  *
0015  * You should have received a copy of the GNU General Public License
0016  * along with this program; if not, write to the Free Software
0017  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
0018  */
0019 
0020 /*
0021  * Algorithm Specification
0022  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
0023  */
0024 
0025 /*
0026  *
0027  * NOTE --- NOTE --- NOTE --- NOTE
0028  * This implementation assumes that all memory addresses passed
0029  * as parameters are four-byte aligned.
0030  *
0031  */
0032 
0033 #include <linux/crypto.h>
0034 #include <linux/errno.h>
0035 #include <linux/init.h>
0036 #include <linux/kernel.h>
0037 #include <linux/module.h>
0038 #include <linux/bitops.h>
0039 #include <asm/unaligned.h>
0040 
0041 static const u32 camellia_sp1110[256] = {
0042     0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
0043     0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
0044     0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
0045     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
0046     0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
0047     0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
0048     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
0049     0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
0050     0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
0051     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
0052     0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
0053     0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
0054     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
0055     0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
0056     0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
0057     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
0058     0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
0059     0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
0060     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
0061     0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
0062     0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
0063     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
0064     0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
0065     0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
0066     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
0067     0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
0068     0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
0069     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
0070     0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
0071     0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
0072     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
0073     0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
0074     0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
0075     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
0076     0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
0077     0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
0078     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
0079     0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
0080     0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
0081     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
0082     0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
0083     0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
0084     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
0085     0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
0086     0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
0087     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
0088     0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
0089     0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
0090     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
0091     0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
0092     0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
0093     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
0094     0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
0095     0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
0096     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
0097     0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
0098     0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
0099     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
0100     0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
0101     0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
0102     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
0103     0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
0104     0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
0105     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
0106 };
0107 
0108 static const u32 camellia_sp0222[256] = {
0109     0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
0110     0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
0111     0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
0112     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
0113     0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
0114     0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
0115     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
0116     0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
0117     0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
0118     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
0119     0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
0120     0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
0121     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
0122     0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
0123     0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
0124     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
0125     0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
0126     0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
0127     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
0128     0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
0129     0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
0130     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
0131     0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
0132     0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
0133     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
0134     0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
0135     0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
0136     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
0137     0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
0138     0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
0139     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
0140     0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
0141     0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
0142     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
0143     0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
0144     0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
0145     0x00202020, 0x00898989, 0x00000000, 0x00909090,
0146     0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
0147     0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
0148     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
0149     0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
0150     0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
0151     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
0152     0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
0153     0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
0154     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
0155     0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
0156     0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
0157     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
0158     0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
0159     0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
0160     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
0161     0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
0162     0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
0163     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
0164     0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
0165     0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
0166     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
0167     0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
0168     0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
0169     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
0170     0x00777777, 0x00939393, 0x00868686, 0x00838383,
0171     0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
0172     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
0173 };
0174 
0175 static const u32 camellia_sp3033[256] = {
0176     0x38003838, 0x41004141, 0x16001616, 0x76007676,
0177     0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
0178     0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
0179     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
0180     0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
0181     0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
0182     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
0183     0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
0184     0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
0185     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
0186     0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
0187     0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
0188     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
0189     0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
0190     0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
0191     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
0192     0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
0193     0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
0194     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
0195     0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
0196     0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
0197     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
0198     0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
0199     0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
0200     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
0201     0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
0202     0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
0203     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
0204     0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
0205     0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
0206     0x12001212, 0x04000404, 0x74007474, 0x54005454,
0207     0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
0208     0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
0209     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
0210     0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
0211     0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
0212     0x08000808, 0x62006262, 0x00000000, 0x24002424,
0213     0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
0214     0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
0215     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
0216     0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
0217     0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
0218     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
0219     0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
0220     0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
0221     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
0222     0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
0223     0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
0224     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
0225     0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
0226     0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
0227     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
0228     0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
0229     0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
0230     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
0231     0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
0232     0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
0233     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
0234     0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
0235     0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
0236     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
0237     0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
0238     0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
0239     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
0240 };
0241 
0242 static const u32 camellia_sp4404[256] = {
0243     0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
0244     0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
0245     0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
0246     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
0247     0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
0248     0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
0249     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
0250     0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
0251     0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
0252     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
0253     0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
0254     0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
0255     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
0256     0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
0257     0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
0258     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
0259     0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
0260     0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
0261     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
0262     0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
0263     0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
0264     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
0265     0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
0266     0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
0267     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
0268     0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
0269     0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
0270     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
0271     0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
0272     0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
0273     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
0274     0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
0275     0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
0276     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
0277     0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
0278     0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
0279     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
0280     0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
0281     0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
0282     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
0283     0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
0284     0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
0285     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
0286     0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
0287     0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
0288     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
0289     0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
0290     0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
0291     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
0292     0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
0293     0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
0294     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
0295     0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
0296     0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
0297     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
0298     0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
0299     0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
0300     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
0301     0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
0302     0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
0303     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
0304     0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
0305     0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
0306     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
0307 };
0308 
0309 
0310 #define CAMELLIA_MIN_KEY_SIZE        16
0311 #define CAMELLIA_MAX_KEY_SIZE        32
0312 #define CAMELLIA_BLOCK_SIZE          16
0313 #define CAMELLIA_TABLE_BYTE_LEN     272
0314 
0315 /*
0316  * NB: L and R below stand for 'left' and 'right' as in written numbers.
0317  * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
0318  * _not_ least significant ones!
0319  */
0320 
0321 
0322 /* key constants */
0323 
0324 #define CAMELLIA_SIGMA1L (0xA09E667FL)
0325 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
0326 #define CAMELLIA_SIGMA2L (0xB67AE858L)
0327 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
0328 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
0329 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
0330 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
0331 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
0332 #define CAMELLIA_SIGMA5L (0x10E527FAL)
0333 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
0334 #define CAMELLIA_SIGMA6L (0xB05688C2L)
0335 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
0336 
0337 /*
0338  *  macros
0339  */
0340 #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({      \
0341     w0 = ll;                    \
0342     ll = (ll << bits) + (lr >> (32 - bits));    \
0343     lr = (lr << bits) + (rl >> (32 - bits));    \
0344     rl = (rl << bits) + (rr >> (32 - bits));    \
0345     rr = (rr << bits) + (w0 >> (32 - bits));    \
0346 })
0347 
0348 #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({   \
0349     w0 = ll;                    \
0350     w1 = lr;                    \
0351     ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
0352     lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
0353     rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
0354     rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
0355 })
0356 
0357 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({   \
0358     il = xl ^ kl;                       \
0359     ir = xr ^ kr;                       \
0360     t0 = il >> 16;                      \
0361     t1 = ir >> 16;                      \
0362     yl = camellia_sp1110[(u8)(ir)]              \
0363        ^ camellia_sp0222[(u8)(t1 >> 8)]         \
0364        ^ camellia_sp3033[(u8)(t1)]              \
0365        ^ camellia_sp4404[(u8)(ir >> 8)];            \
0366     yr = camellia_sp1110[(u8)(t0 >> 8)]         \
0367        ^ camellia_sp0222[(u8)(t0)]              \
0368        ^ camellia_sp3033[(u8)(il >> 8)]         \
0369        ^ camellia_sp4404[(u8)(il)];             \
0370     yl ^= yr;                       \
0371     yr = ror32(yr, 8);                  \
0372     yr ^= yl;                       \
0373 })
0374 
0375 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
0376 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
0377 
0378 static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
0379 {
0380     u32 dw, tl, tr;
0381     u32 kw4l, kw4r;
0382 
0383     /* absorb kw2 to other subkeys */
0384     /* round 2 */
0385     subL[3] ^= subL[1]; subR[3] ^= subR[1];
0386     /* round 4 */
0387     subL[5] ^= subL[1]; subR[5] ^= subR[1];
0388     /* round 6 */
0389     subL[7] ^= subL[1]; subR[7] ^= subR[1];
0390     subL[1] ^= subR[1] & ~subR[9];
0391     dw = subL[1] & subL[9];
0392     subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
0393     /* round 8 */
0394     subL[11] ^= subL[1]; subR[11] ^= subR[1];
0395     /* round 10 */
0396     subL[13] ^= subL[1]; subR[13] ^= subR[1];
0397     /* round 12 */
0398     subL[15] ^= subL[1]; subR[15] ^= subR[1];
0399     subL[1] ^= subR[1] & ~subR[17];
0400     dw = subL[1] & subL[17];
0401     subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
0402     /* round 14 */
0403     subL[19] ^= subL[1]; subR[19] ^= subR[1];
0404     /* round 16 */
0405     subL[21] ^= subL[1]; subR[21] ^= subR[1];
0406     /* round 18 */
0407     subL[23] ^= subL[1]; subR[23] ^= subR[1];
0408     if (max == 24) {
0409         /* kw3 */
0410         subL[24] ^= subL[1]; subR[24] ^= subR[1];
0411 
0412     /* absorb kw4 to other subkeys */
0413         kw4l = subL[25]; kw4r = subR[25];
0414     } else {
0415         subL[1] ^= subR[1] & ~subR[25];
0416         dw = subL[1] & subL[25];
0417         subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
0418         /* round 20 */
0419         subL[27] ^= subL[1]; subR[27] ^= subR[1];
0420         /* round 22 */
0421         subL[29] ^= subL[1]; subR[29] ^= subR[1];
0422         /* round 24 */
0423         subL[31] ^= subL[1]; subR[31] ^= subR[1];
0424         /* kw3 */
0425         subL[32] ^= subL[1]; subR[32] ^= subR[1];
0426 
0427     /* absorb kw4 to other subkeys */
0428         kw4l = subL[33]; kw4r = subR[33];
0429         /* round 23 */
0430         subL[30] ^= kw4l; subR[30] ^= kw4r;
0431         /* round 21 */
0432         subL[28] ^= kw4l; subR[28] ^= kw4r;
0433         /* round 19 */
0434         subL[26] ^= kw4l; subR[26] ^= kw4r;
0435         kw4l ^= kw4r & ~subR[24];
0436         dw = kw4l & subL[24];
0437         kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
0438     }
0439     /* round 17 */
0440     subL[22] ^= kw4l; subR[22] ^= kw4r;
0441     /* round 15 */
0442     subL[20] ^= kw4l; subR[20] ^= kw4r;
0443     /* round 13 */
0444     subL[18] ^= kw4l; subR[18] ^= kw4r;
0445     kw4l ^= kw4r & ~subR[16];
0446     dw = kw4l & subL[16];
0447     kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
0448     /* round 11 */
0449     subL[14] ^= kw4l; subR[14] ^= kw4r;
0450     /* round 9 */
0451     subL[12] ^= kw4l; subR[12] ^= kw4r;
0452     /* round 7 */
0453     subL[10] ^= kw4l; subR[10] ^= kw4r;
0454     kw4l ^= kw4r & ~subR[8];
0455     dw = kw4l & subL[8];
0456     kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
0457     /* round 5 */
0458     subL[6] ^= kw4l; subR[6] ^= kw4r;
0459     /* round 3 */
0460     subL[4] ^= kw4l; subR[4] ^= kw4r;
0461     /* round 1 */
0462     subL[2] ^= kw4l; subR[2] ^= kw4r;
0463     /* kw1 */
0464     subL[0] ^= kw4l; subR[0] ^= kw4r;
0465 
0466     /* key XOR is end of F-function */
0467     SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
0468     SUBKEY_R(0) = subR[0] ^ subR[2];
0469     SUBKEY_L(2) = subL[3];       /* round 1 */
0470     SUBKEY_R(2) = subR[3];
0471     SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
0472     SUBKEY_R(3) = subR[2] ^ subR[4];
0473     SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
0474     SUBKEY_R(4) = subR[3] ^ subR[5];
0475     SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
0476     SUBKEY_R(5) = subR[4] ^ subR[6];
0477     SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
0478     SUBKEY_R(6) = subR[5] ^ subR[7];
0479     tl = subL[10] ^ (subR[10] & ~subR[8]);
0480     dw = tl & subL[8];  /* FL(kl1) */
0481     tr = subR[10] ^ rol32(dw, 1);
0482     SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
0483     SUBKEY_R(7) = subR[6] ^ tr;
0484     SUBKEY_L(8) = subL[8];       /* FL(kl1) */
0485     SUBKEY_R(8) = subR[8];
0486     SUBKEY_L(9) = subL[9];       /* FLinv(kl2) */
0487     SUBKEY_R(9) = subR[9];
0488     tl = subL[7] ^ (subR[7] & ~subR[9]);
0489     dw = tl & subL[9];  /* FLinv(kl2) */
0490     tr = subR[7] ^ rol32(dw, 1);
0491     SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
0492     SUBKEY_R(10) = tr ^ subR[11];
0493     SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
0494     SUBKEY_R(11) = subR[10] ^ subR[12];
0495     SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
0496     SUBKEY_R(12) = subR[11] ^ subR[13];
0497     SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
0498     SUBKEY_R(13) = subR[12] ^ subR[14];
0499     SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
0500     SUBKEY_R(14) = subR[13] ^ subR[15];
0501     tl = subL[18] ^ (subR[18] & ~subR[16]);
0502     dw = tl & subL[16]; /* FL(kl3) */
0503     tr = subR[18] ^ rol32(dw, 1);
0504     SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
0505     SUBKEY_R(15) = subR[14] ^ tr;
0506     SUBKEY_L(16) = subL[16];     /* FL(kl3) */
0507     SUBKEY_R(16) = subR[16];
0508     SUBKEY_L(17) = subL[17];     /* FLinv(kl4) */
0509     SUBKEY_R(17) = subR[17];
0510     tl = subL[15] ^ (subR[15] & ~subR[17]);
0511     dw = tl & subL[17]; /* FLinv(kl4) */
0512     tr = subR[15] ^ rol32(dw, 1);
0513     SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
0514     SUBKEY_R(18) = tr ^ subR[19];
0515     SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
0516     SUBKEY_R(19) = subR[18] ^ subR[20];
0517     SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
0518     SUBKEY_R(20) = subR[19] ^ subR[21];
0519     SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
0520     SUBKEY_R(21) = subR[20] ^ subR[22];
0521     SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
0522     SUBKEY_R(22) = subR[21] ^ subR[23];
0523     if (max == 24) {
0524         SUBKEY_L(23) = subL[22];     /* round 18 */
0525         SUBKEY_R(23) = subR[22];
0526         SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
0527         SUBKEY_R(24) = subR[24] ^ subR[23];
0528     } else {
0529         tl = subL[26] ^ (subR[26] & ~subR[24]);
0530         dw = tl & subL[24]; /* FL(kl5) */
0531         tr = subR[26] ^ rol32(dw, 1);
0532         SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
0533         SUBKEY_R(23) = subR[22] ^ tr;
0534         SUBKEY_L(24) = subL[24];     /* FL(kl5) */
0535         SUBKEY_R(24) = subR[24];
0536         SUBKEY_L(25) = subL[25];     /* FLinv(kl6) */
0537         SUBKEY_R(25) = subR[25];
0538         tl = subL[23] ^ (subR[23] & ~subR[25]);
0539         dw = tl & subL[25]; /* FLinv(kl6) */
0540         tr = subR[23] ^ rol32(dw, 1);
0541         SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
0542         SUBKEY_R(26) = tr ^ subR[27];
0543         SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
0544         SUBKEY_R(27) = subR[26] ^ subR[28];
0545         SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
0546         SUBKEY_R(28) = subR[27] ^ subR[29];
0547         SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
0548         SUBKEY_R(29) = subR[28] ^ subR[30];
0549         SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
0550         SUBKEY_R(30) = subR[29] ^ subR[31];
0551         SUBKEY_L(31) = subL[30];     /* round 24 */
0552         SUBKEY_R(31) = subR[30];
0553         SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
0554         SUBKEY_R(32) = subR[32] ^ subR[31];
0555     }
0556 }
0557 
0558 static void camellia_setup128(const unsigned char *key, u32 *subkey)
0559 {
0560     u32 kll, klr, krl, krr;
0561     u32 il, ir, t0, t1, w0, w1;
0562     u32 subL[26];
0563     u32 subR[26];
0564 
0565     /**
0566      *  k == kll || klr || krl || krr (|| is concatenation)
0567      */
0568     kll = get_unaligned_be32(key);
0569     klr = get_unaligned_be32(key + 4);
0570     krl = get_unaligned_be32(key + 8);
0571     krr = get_unaligned_be32(key + 12);
0572 
0573     /* generate KL dependent subkeys */
0574     /* kw1 */
0575     subL[0] = kll; subR[0] = klr;
0576     /* kw2 */
0577     subL[1] = krl; subR[1] = krr;
0578     /* rotation left shift 15bit */
0579     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0580     /* k3 */
0581     subL[4] = kll; subR[4] = klr;
0582     /* k4 */
0583     subL[5] = krl; subR[5] = krr;
0584     /* rotation left shift 15+30bit */
0585     ROLDQ(kll, klr, krl, krr, w0, w1, 30);
0586     /* k7 */
0587     subL[10] = kll; subR[10] = klr;
0588     /* k8 */
0589     subL[11] = krl; subR[11] = krr;
0590     /* rotation left shift 15+30+15bit */
0591     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0592     /* k10 */
0593     subL[13] = krl; subR[13] = krr;
0594     /* rotation left shift 15+30+15+17 bit */
0595     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0596     /* kl3 */
0597     subL[16] = kll; subR[16] = klr;
0598     /* kl4 */
0599     subL[17] = krl; subR[17] = krr;
0600     /* rotation left shift 15+30+15+17+17 bit */
0601     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0602     /* k13 */
0603     subL[18] = kll; subR[18] = klr;
0604     /* k14 */
0605     subL[19] = krl; subR[19] = krr;
0606     /* rotation left shift 15+30+15+17+17+17 bit */
0607     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0608     /* k17 */
0609     subL[22] = kll; subR[22] = klr;
0610     /* k18 */
0611     subL[23] = krl; subR[23] = krr;
0612 
0613     /* generate KA */
0614     kll = subL[0]; klr = subR[0];
0615     krl = subL[1]; krr = subR[1];
0616     CAMELLIA_F(kll, klr,
0617            CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
0618            w0, w1, il, ir, t0, t1);
0619     krl ^= w0; krr ^= w1;
0620     CAMELLIA_F(krl, krr,
0621            CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
0622            kll, klr, il, ir, t0, t1);
0623     /* current status == (kll, klr, w0, w1) */
0624     CAMELLIA_F(kll, klr,
0625            CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
0626            krl, krr, il, ir, t0, t1);
0627     krl ^= w0; krr ^= w1;
0628     CAMELLIA_F(krl, krr,
0629            CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
0630            w0, w1, il, ir, t0, t1);
0631     kll ^= w0; klr ^= w1;
0632 
0633     /* generate KA dependent subkeys */
0634     /* k1, k2 */
0635     subL[2] = kll; subR[2] = klr;
0636     subL[3] = krl; subR[3] = krr;
0637     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0638     /* k5,k6 */
0639     subL[6] = kll; subR[6] = klr;
0640     subL[7] = krl; subR[7] = krr;
0641     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0642     /* kl1, kl2 */
0643     subL[8] = kll; subR[8] = klr;
0644     subL[9] = krl; subR[9] = krr;
0645     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0646     /* k9 */
0647     subL[12] = kll; subR[12] = klr;
0648     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0649     /* k11, k12 */
0650     subL[14] = kll; subR[14] = klr;
0651     subL[15] = krl; subR[15] = krr;
0652     ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
0653     /* k15, k16 */
0654     subL[20] = kll; subR[20] = klr;
0655     subL[21] = krl; subR[21] = krr;
0656     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0657     /* kw3, kw4 */
0658     subL[24] = kll; subR[24] = klr;
0659     subL[25] = krl; subR[25] = krr;
0660 
0661     camellia_setup_tail(subkey, subL, subR, 24);
0662 }
0663 
0664 static void camellia_setup256(const unsigned char *key, u32 *subkey)
0665 {
0666     u32 kll, klr, krl, krr;        /* left half of key */
0667     u32 krll, krlr, krrl, krrr;    /* right half of key */
0668     u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
0669     u32 subL[34];
0670     u32 subR[34];
0671 
0672     /**
0673      *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
0674      *  (|| is concatenation)
0675      */
0676     kll = get_unaligned_be32(key);
0677     klr = get_unaligned_be32(key + 4);
0678     krl = get_unaligned_be32(key + 8);
0679     krr = get_unaligned_be32(key + 12);
0680     krll = get_unaligned_be32(key + 16);
0681     krlr = get_unaligned_be32(key + 20);
0682     krrl = get_unaligned_be32(key + 24);
0683     krrr = get_unaligned_be32(key + 28);
0684 
0685     /* generate KL dependent subkeys */
0686     /* kw1 */
0687     subL[0] = kll; subR[0] = klr;
0688     /* kw2 */
0689     subL[1] = krl; subR[1] = krr;
0690     ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
0691     /* k9 */
0692     subL[12] = kll; subR[12] = klr;
0693     /* k10 */
0694     subL[13] = krl; subR[13] = krr;
0695     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0696     /* kl3 */
0697     subL[16] = kll; subR[16] = klr;
0698     /* kl4 */
0699     subL[17] = krl; subR[17] = krr;
0700     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0701     /* k17 */
0702     subL[22] = kll; subR[22] = klr;
0703     /* k18 */
0704     subL[23] = krl; subR[23] = krr;
0705     ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
0706     /* k23 */
0707     subL[30] = kll; subR[30] = klr;
0708     /* k24 */
0709     subL[31] = krl; subR[31] = krr;
0710 
0711     /* generate KR dependent subkeys */
0712     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
0713     /* k3 */
0714     subL[4] = krll; subR[4] = krlr;
0715     /* k4 */
0716     subL[5] = krrl; subR[5] = krrr;
0717     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
0718     /* kl1 */
0719     subL[8] = krll; subR[8] = krlr;
0720     /* kl2 */
0721     subL[9] = krrl; subR[9] = krrr;
0722     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
0723     /* k13 */
0724     subL[18] = krll; subR[18] = krlr;
0725     /* k14 */
0726     subL[19] = krrl; subR[19] = krrr;
0727     ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
0728     /* k19 */
0729     subL[26] = krll; subR[26] = krlr;
0730     /* k20 */
0731     subL[27] = krrl; subR[27] = krrr;
0732     ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
0733 
0734     /* generate KA */
0735     kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
0736     krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
0737     CAMELLIA_F(kll, klr,
0738            CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
0739            w0, w1, il, ir, t0, t1);
0740     krl ^= w0; krr ^= w1;
0741     CAMELLIA_F(krl, krr,
0742            CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
0743            kll, klr, il, ir, t0, t1);
0744     kll ^= krll; klr ^= krlr;
0745     CAMELLIA_F(kll, klr,
0746            CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
0747            krl, krr, il, ir, t0, t1);
0748     krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
0749     CAMELLIA_F(krl, krr,
0750            CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
0751            w0, w1, il, ir, t0, t1);
0752     kll ^= w0; klr ^= w1;
0753 
0754     /* generate KB */
0755     krll ^= kll; krlr ^= klr;
0756     krrl ^= krl; krrr ^= krr;
0757     CAMELLIA_F(krll, krlr,
0758            CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
0759            w0, w1, il, ir, t0, t1);
0760     krrl ^= w0; krrr ^= w1;
0761     CAMELLIA_F(krrl, krrr,
0762            CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
0763            w0, w1, il, ir, t0, t1);
0764     krll ^= w0; krlr ^= w1;
0765 
0766     /* generate KA dependent subkeys */
0767     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0768     /* k5 */
0769     subL[6] = kll; subR[6] = klr;
0770     /* k6 */
0771     subL[7] = krl; subR[7] = krr;
0772     ROLDQ(kll, klr, krl, krr, w0, w1, 30);
0773     /* k11 */
0774     subL[14] = kll; subR[14] = klr;
0775     /* k12 */
0776     subL[15] = krl; subR[15] = krr;
0777     /* rotation left shift 32bit */
0778     /* kl5 */
0779     subL[24] = klr; subR[24] = krl;
0780     /* kl6 */
0781     subL[25] = krr; subR[25] = kll;
0782     /* rotation left shift 49 from k11,k12 -> k21,k22 */
0783     ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
0784     /* k21 */
0785     subL[28] = kll; subR[28] = klr;
0786     /* k22 */
0787     subL[29] = krl; subR[29] = krr;
0788 
0789     /* generate KB dependent subkeys */
0790     /* k1 */
0791     subL[2] = krll; subR[2] = krlr;
0792     /* k2 */
0793     subL[3] = krrl; subR[3] = krrr;
0794     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
0795     /* k7 */
0796     subL[10] = krll; subR[10] = krlr;
0797     /* k8 */
0798     subL[11] = krrl; subR[11] = krrr;
0799     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
0800     /* k15 */
0801     subL[20] = krll; subR[20] = krlr;
0802     /* k16 */
0803     subL[21] = krrl; subR[21] = krrr;
0804     ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
0805     /* kw3 */
0806     subL[32] = krll; subR[32] = krlr;
0807     /* kw4 */
0808     subL[33] = krrl; subR[33] = krrr;
0809 
0810     camellia_setup_tail(subkey, subL, subR, 32);
0811 }
0812 
0813 static void camellia_setup192(const unsigned char *key, u32 *subkey)
0814 {
0815     unsigned char kk[32];
0816     u32 krll, krlr, krrl, krrr;
0817 
0818     memcpy(kk, key, 24);
0819     memcpy((unsigned char *)&krll, key+16, 4);
0820     memcpy((unsigned char *)&krlr, key+20, 4);
0821     krrl = ~krll;
0822     krrr = ~krlr;
0823     memcpy(kk+24, (unsigned char *)&krrl, 4);
0824     memcpy(kk+28, (unsigned char *)&krrr, 4);
0825     camellia_setup256(kk, subkey);
0826 }
0827 
0828 
0829 /*
0830  * Encrypt/decrypt
0831  */
0832 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
0833     t0 = kll;                           \
0834     t2 = krr;                           \
0835     t0 &= ll;                           \
0836     t2 |= rr;                           \
0837     rl ^= t2;                           \
0838     lr ^= rol32(t0, 1);                     \
0839     t3 = krl;                           \
0840     t1 = klr;                           \
0841     t3 &= rl;                           \
0842     t1 |= lr;                           \
0843     ll ^= t1;                           \
0844     rr ^= rol32(t3, 1);                     \
0845 })
0846 
0847 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({     \
0848     yl ^= kl;                           \
0849     yr ^= kr;                           \
0850     ir =  camellia_sp1110[(u8)xr];                  \
0851     il =  camellia_sp1110[(u8)(xl >> 24)];              \
0852     ir ^= camellia_sp0222[(u8)(xr >> 24)];              \
0853     il ^= camellia_sp0222[(u8)(xl >> 16)];              \
0854     ir ^= camellia_sp3033[(u8)(xr >> 16)];              \
0855     il ^= camellia_sp3033[(u8)(xl >> 8)];               \
0856     ir ^= camellia_sp4404[(u8)(xr >> 8)];               \
0857     il ^= camellia_sp4404[(u8)xl];                  \
0858     ir ^= il;                           \
0859     yl ^= ir;                           \
0860     yr ^= ror32(il, 8) ^ ir;                    \
0861 })
0862 
0863 /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
0864 static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
0865 {
0866     u32 il, ir, t0, t1;            /* temporary variables */
0867 
0868     /* pre whitening but absorb kw2 */
0869     io[0] ^= SUBKEY_L(0);
0870     io[1] ^= SUBKEY_R(0);
0871 
0872     /* main iteration */
0873 #define ROUNDS(i) ({ \
0874     CAMELLIA_ROUNDSM(io[0], io[1], \
0875              SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
0876              io[2], io[3], il, ir); \
0877     CAMELLIA_ROUNDSM(io[2], io[3], \
0878              SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
0879              io[0], io[1], il, ir); \
0880     CAMELLIA_ROUNDSM(io[0], io[1], \
0881              SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
0882              io[2], io[3], il, ir); \
0883     CAMELLIA_ROUNDSM(io[2], io[3], \
0884              SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
0885              io[0], io[1], il, ir); \
0886     CAMELLIA_ROUNDSM(io[0], io[1], \
0887              SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
0888              io[2], io[3], il, ir); \
0889     CAMELLIA_ROUNDSM(io[2], io[3], \
0890              SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
0891              io[0], io[1], il, ir); \
0892 })
0893 #define FLS(i) ({ \
0894     CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
0895              SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
0896              SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
0897              t0, t1, il, ir); \
0898 })
0899 
0900     ROUNDS(0);
0901     FLS(8);
0902     ROUNDS(8);
0903     FLS(16);
0904     ROUNDS(16);
0905     if (max == 32) {
0906         FLS(24);
0907         ROUNDS(24);
0908     }
0909 
0910 #undef ROUNDS
0911 #undef FLS
0912 
0913     /* post whitening but kw4 */
0914     io[2] ^= SUBKEY_L(max);
0915     io[3] ^= SUBKEY_R(max);
0916     /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
0917 }
0918 
0919 static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
0920 {
0921     u32 il, ir, t0, t1;            /* temporary variables */
0922 
0923     /* pre whitening but absorb kw2 */
0924     io[0] ^= SUBKEY_L(i);
0925     io[1] ^= SUBKEY_R(i);
0926 
0927     /* main iteration */
0928 #define ROUNDS(i) ({ \
0929     CAMELLIA_ROUNDSM(io[0], io[1], \
0930              SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
0931              io[2], io[3], il, ir); \
0932     CAMELLIA_ROUNDSM(io[2], io[3], \
0933              SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
0934              io[0], io[1], il, ir); \
0935     CAMELLIA_ROUNDSM(io[0], io[1], \
0936              SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
0937              io[2], io[3], il, ir); \
0938     CAMELLIA_ROUNDSM(io[2], io[3], \
0939              SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
0940              io[0], io[1], il, ir); \
0941     CAMELLIA_ROUNDSM(io[0], io[1], \
0942              SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
0943              io[2], io[3], il, ir); \
0944     CAMELLIA_ROUNDSM(io[2], io[3], \
0945              SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
0946              io[0], io[1], il, ir); \
0947 })
0948 #define FLS(i) ({ \
0949     CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
0950              SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
0951              SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
0952              t0, t1, il, ir); \
0953 })
0954 
0955     if (i == 32) {
0956         ROUNDS(24);
0957         FLS(24);
0958     }
0959     ROUNDS(16);
0960     FLS(16);
0961     ROUNDS(8);
0962     FLS(8);
0963     ROUNDS(0);
0964 
0965 #undef ROUNDS
0966 #undef FLS
0967 
0968     /* post whitening but kw4 */
0969     io[2] ^= SUBKEY_L(0);
0970     io[3] ^= SUBKEY_R(0);
0971     /* NB: 0,1 should be swapped with 2,3 by caller! */
0972 }
0973 
0974 
0975 struct camellia_ctx {
0976     int key_length;
0977     u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
0978 };
0979 
0980 static int
0981 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
0982          unsigned int key_len)
0983 {
0984     struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
0985     const unsigned char *key = (const unsigned char *)in_key;
0986     u32 *flags = &tfm->crt_flags;
0987 
0988     if (key_len != 16 && key_len != 24 && key_len != 32) {
0989         *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
0990         return -EINVAL;
0991     }
0992 
0993     cctx->key_length = key_len;
0994 
0995     switch (key_len) {
0996     case 16:
0997         camellia_setup128(key, cctx->key_table);
0998         break;
0999     case 24:
1000         camellia_setup192(key, cctx->key_table);
1001         break;
1002     case 32:
1003         camellia_setup256(key, cctx->key_table);
1004         break;
1005     }
1006 
1007     return 0;
1008 }
1009 
1010 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1011 {
1012     const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1013     const __be32 *src = (const __be32 *)in;
1014     __be32 *dst = (__be32 *)out;
1015     unsigned int max;
1016 
1017     u32 tmp[4];
1018 
1019     tmp[0] = be32_to_cpu(src[0]);
1020     tmp[1] = be32_to_cpu(src[1]);
1021     tmp[2] = be32_to_cpu(src[2]);
1022     tmp[3] = be32_to_cpu(src[3]);
1023 
1024     if (cctx->key_length == 16)
1025         max = 24;
1026     else
1027         max = 32; /* for key lengths of 24 and 32 */
1028 
1029     camellia_do_encrypt(cctx->key_table, tmp, max);
1030 
1031     /* do_encrypt returns 0,1 swapped with 2,3 */
1032     dst[0] = cpu_to_be32(tmp[2]);
1033     dst[1] = cpu_to_be32(tmp[3]);
1034     dst[2] = cpu_to_be32(tmp[0]);
1035     dst[3] = cpu_to_be32(tmp[1]);
1036 }
1037 
1038 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1039 {
1040     const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1041     const __be32 *src = (const __be32 *)in;
1042     __be32 *dst = (__be32 *)out;
1043     unsigned int max;
1044 
1045     u32 tmp[4];
1046 
1047     tmp[0] = be32_to_cpu(src[0]);
1048     tmp[1] = be32_to_cpu(src[1]);
1049     tmp[2] = be32_to_cpu(src[2]);
1050     tmp[3] = be32_to_cpu(src[3]);
1051 
1052     if (cctx->key_length == 16)
1053         max = 24;
1054     else
1055         max = 32; /* for key lengths of 24 and 32 */
1056 
1057     camellia_do_decrypt(cctx->key_table, tmp, max);
1058 
1059     /* do_decrypt returns 0,1 swapped with 2,3 */
1060     dst[0] = cpu_to_be32(tmp[2]);
1061     dst[1] = cpu_to_be32(tmp[3]);
1062     dst[2] = cpu_to_be32(tmp[0]);
1063     dst[3] = cpu_to_be32(tmp[1]);
1064 }
1065 
1066 static struct crypto_alg camellia_alg = {
1067     .cra_name       =   "camellia",
1068     .cra_driver_name    =   "camellia-generic",
1069     .cra_priority       =   100,
1070     .cra_flags      =   CRYPTO_ALG_TYPE_CIPHER,
1071     .cra_blocksize      =   CAMELLIA_BLOCK_SIZE,
1072     .cra_ctxsize        =   sizeof(struct camellia_ctx),
1073     .cra_alignmask      =   3,
1074     .cra_module     =   THIS_MODULE,
1075     .cra_u          =   {
1076         .cipher = {
1077             .cia_min_keysize    =   CAMELLIA_MIN_KEY_SIZE,
1078             .cia_max_keysize    =   CAMELLIA_MAX_KEY_SIZE,
1079             .cia_setkey     =   camellia_set_key,
1080             .cia_encrypt        =   camellia_encrypt,
1081             .cia_decrypt        =   camellia_decrypt
1082         }
1083     }
1084 };
1085 
1086 static int __init camellia_init(void)
1087 {
1088     return crypto_register_alg(&camellia_alg);
1089 }
1090 
1091 static void __exit camellia_fini(void)
1092 {
1093     crypto_unregister_alg(&camellia_alg);
1094 }
1095 
1096 module_init(camellia_init);
1097 module_exit(camellia_fini);
1098 
1099 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1100 MODULE_LICENSE("GPL");
1101 MODULE_ALIAS_CRYPTO("camellia");
1102 MODULE_ALIAS_CRYPTO("camellia-generic");