Back to home page

OSCL-LXR
 
 

     

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  * Copyright (C) 2006
0004  * NTT (Nippon Telegraph and Telephone Corporation).
0005  */
0006 
0007 /*
0008  * Algorithm Specification
0009  *  https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
0010  */
0011 
0012 #include <linux/crypto.h>
0013 #include <linux/errno.h>
0014 #include <linux/init.h>
0015 #include <linux/kernel.h>
0016 #include <linux/module.h>
0017 #include <linux/bitops.h>
0018 #include <asm/unaligned.h>
0019 
0020 static const u32 camellia_sp1110[256] = {
0021     0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
0022     0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
0023     0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
0024     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
0025     0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
0026     0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
0027     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
0028     0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
0029     0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
0030     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
0031     0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
0032     0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
0033     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
0034     0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
0035     0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
0036     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
0037     0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
0038     0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
0039     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
0040     0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
0041     0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
0042     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
0043     0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
0044     0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
0045     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
0046     0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
0047     0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
0048     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
0049     0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
0050     0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
0051     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
0052     0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
0053     0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
0054     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
0055     0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
0056     0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
0057     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
0058     0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
0059     0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
0060     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
0061     0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
0062     0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
0063     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
0064     0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
0065     0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
0066     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
0067     0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
0068     0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
0069     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
0070     0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
0071     0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
0072     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
0073     0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
0074     0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
0075     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
0076     0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
0077     0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
0078     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
0079     0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
0080     0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
0081     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
0082     0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
0083     0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
0084     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
0085 };
0086 
0087 static const u32 camellia_sp0222[256] = {
0088     0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
0089     0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
0090     0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
0091     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
0092     0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
0093     0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
0094     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
0095     0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
0096     0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
0097     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
0098     0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
0099     0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
0100     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
0101     0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
0102     0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
0103     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
0104     0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
0105     0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
0106     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
0107     0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
0108     0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
0109     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
0110     0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
0111     0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
0112     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
0113     0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
0114     0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
0115     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
0116     0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
0117     0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
0118     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
0119     0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
0120     0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
0121     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
0122     0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
0123     0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
0124     0x00202020, 0x00898989, 0x00000000, 0x00909090,
0125     0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
0126     0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
0127     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
0128     0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
0129     0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
0130     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
0131     0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
0132     0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
0133     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
0134     0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
0135     0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
0136     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
0137     0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
0138     0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
0139     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
0140     0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
0141     0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
0142     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
0143     0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
0144     0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
0145     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
0146     0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
0147     0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
0148     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
0149     0x00777777, 0x00939393, 0x00868686, 0x00838383,
0150     0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
0151     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
0152 };
0153 
0154 static const u32 camellia_sp3033[256] = {
0155     0x38003838, 0x41004141, 0x16001616, 0x76007676,
0156     0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
0157     0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
0158     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
0159     0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
0160     0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
0161     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
0162     0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
0163     0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
0164     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
0165     0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
0166     0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
0167     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
0168     0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
0169     0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
0170     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
0171     0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
0172     0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
0173     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
0174     0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
0175     0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
0176     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
0177     0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
0178     0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
0179     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
0180     0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
0181     0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
0182     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
0183     0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
0184     0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
0185     0x12001212, 0x04000404, 0x74007474, 0x54005454,
0186     0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
0187     0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
0188     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
0189     0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
0190     0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
0191     0x08000808, 0x62006262, 0x00000000, 0x24002424,
0192     0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
0193     0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
0194     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
0195     0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
0196     0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
0197     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
0198     0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
0199     0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
0200     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
0201     0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
0202     0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
0203     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
0204     0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
0205     0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
0206     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
0207     0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
0208     0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
0209     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
0210     0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
0211     0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
0212     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
0213     0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
0214     0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
0215     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
0216     0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
0217     0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
0218     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
0219 };
0220 
0221 static const u32 camellia_sp4404[256] = {
0222     0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
0223     0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
0224     0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
0225     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
0226     0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
0227     0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
0228     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
0229     0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
0230     0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
0231     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
0232     0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
0233     0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
0234     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
0235     0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
0236     0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
0237     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
0238     0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
0239     0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
0240     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
0241     0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
0242     0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
0243     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
0244     0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
0245     0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
0246     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
0247     0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
0248     0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
0249     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
0250     0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
0251     0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
0252     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
0253     0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
0254     0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
0255     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
0256     0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
0257     0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
0258     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
0259     0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
0260     0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
0261     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
0262     0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
0263     0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
0264     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
0265     0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
0266     0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
0267     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
0268     0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
0269     0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
0270     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
0271     0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
0272     0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
0273     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
0274     0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
0275     0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
0276     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
0277     0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
0278     0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
0279     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
0280     0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
0281     0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
0282     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
0283     0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
0284     0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
0285     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
0286 };
0287 
0288 
0289 #define CAMELLIA_MIN_KEY_SIZE        16
0290 #define CAMELLIA_MAX_KEY_SIZE        32
0291 #define CAMELLIA_BLOCK_SIZE          16
0292 #define CAMELLIA_TABLE_BYTE_LEN     272
0293 
0294 /*
0295  * NB: L and R below stand for 'left' and 'right' as in written numbers.
0296  * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
0297  * _not_ least significant ones!
0298  */
0299 
0300 
0301 /* key constants */
0302 
0303 #define CAMELLIA_SIGMA1L (0xA09E667FL)
0304 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
0305 #define CAMELLIA_SIGMA2L (0xB67AE858L)
0306 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
0307 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
0308 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
0309 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
0310 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
0311 #define CAMELLIA_SIGMA5L (0x10E527FAL)
0312 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
0313 #define CAMELLIA_SIGMA6L (0xB05688C2L)
0314 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
0315 
0316 /*
0317  *  macros
0318  */
0319 #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({      \
0320     w0 = ll;                    \
0321     ll = (ll << bits) + (lr >> (32 - bits));    \
0322     lr = (lr << bits) + (rl >> (32 - bits));    \
0323     rl = (rl << bits) + (rr >> (32 - bits));    \
0324     rr = (rr << bits) + (w0 >> (32 - bits));    \
0325 })
0326 
0327 #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({   \
0328     w0 = ll;                    \
0329     w1 = lr;                    \
0330     ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
0331     lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
0332     rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
0333     rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
0334 })
0335 
0336 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({   \
0337     il = xl ^ kl;                       \
0338     ir = xr ^ kr;                       \
0339     t0 = il >> 16;                      \
0340     t1 = ir >> 16;                      \
0341     yl = camellia_sp1110[(u8)(ir)]              \
0342        ^ camellia_sp0222[(u8)(t1 >> 8)]         \
0343        ^ camellia_sp3033[(u8)(t1)]              \
0344        ^ camellia_sp4404[(u8)(ir >> 8)];            \
0345     yr = camellia_sp1110[(u8)(t0 >> 8)]         \
0346        ^ camellia_sp0222[(u8)(t0)]              \
0347        ^ camellia_sp3033[(u8)(il >> 8)]         \
0348        ^ camellia_sp4404[(u8)(il)];             \
0349     yl ^= yr;                       \
0350     yr = ror32(yr, 8);                  \
0351     yr ^= yl;                       \
0352 })
0353 
0354 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
0355 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
0356 
0357 static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
0358 {
0359     u32 dw, tl, tr;
0360     u32 kw4l, kw4r;
0361 
0362     /* absorb kw2 to other subkeys */
0363     /* round 2 */
0364     subL[3] ^= subL[1]; subR[3] ^= subR[1];
0365     /* round 4 */
0366     subL[5] ^= subL[1]; subR[5] ^= subR[1];
0367     /* round 6 */
0368     subL[7] ^= subL[1]; subR[7] ^= subR[1];
0369     subL[1] ^= subR[1] & ~subR[9];
0370     dw = subL[1] & subL[9];
0371     subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
0372     /* round 8 */
0373     subL[11] ^= subL[1]; subR[11] ^= subR[1];
0374     /* round 10 */
0375     subL[13] ^= subL[1]; subR[13] ^= subR[1];
0376     /* round 12 */
0377     subL[15] ^= subL[1]; subR[15] ^= subR[1];
0378     subL[1] ^= subR[1] & ~subR[17];
0379     dw = subL[1] & subL[17];
0380     subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
0381     /* round 14 */
0382     subL[19] ^= subL[1]; subR[19] ^= subR[1];
0383     /* round 16 */
0384     subL[21] ^= subL[1]; subR[21] ^= subR[1];
0385     /* round 18 */
0386     subL[23] ^= subL[1]; subR[23] ^= subR[1];
0387     if (max == 24) {
0388         /* kw3 */
0389         subL[24] ^= subL[1]; subR[24] ^= subR[1];
0390 
0391     /* absorb kw4 to other subkeys */
0392         kw4l = subL[25]; kw4r = subR[25];
0393     } else {
0394         subL[1] ^= subR[1] & ~subR[25];
0395         dw = subL[1] & subL[25];
0396         subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
0397         /* round 20 */
0398         subL[27] ^= subL[1]; subR[27] ^= subR[1];
0399         /* round 22 */
0400         subL[29] ^= subL[1]; subR[29] ^= subR[1];
0401         /* round 24 */
0402         subL[31] ^= subL[1]; subR[31] ^= subR[1];
0403         /* kw3 */
0404         subL[32] ^= subL[1]; subR[32] ^= subR[1];
0405 
0406     /* absorb kw4 to other subkeys */
0407         kw4l = subL[33]; kw4r = subR[33];
0408         /* round 23 */
0409         subL[30] ^= kw4l; subR[30] ^= kw4r;
0410         /* round 21 */
0411         subL[28] ^= kw4l; subR[28] ^= kw4r;
0412         /* round 19 */
0413         subL[26] ^= kw4l; subR[26] ^= kw4r;
0414         kw4l ^= kw4r & ~subR[24];
0415         dw = kw4l & subL[24];
0416         kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
0417     }
0418     /* round 17 */
0419     subL[22] ^= kw4l; subR[22] ^= kw4r;
0420     /* round 15 */
0421     subL[20] ^= kw4l; subR[20] ^= kw4r;
0422     /* round 13 */
0423     subL[18] ^= kw4l; subR[18] ^= kw4r;
0424     kw4l ^= kw4r & ~subR[16];
0425     dw = kw4l & subL[16];
0426     kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
0427     /* round 11 */
0428     subL[14] ^= kw4l; subR[14] ^= kw4r;
0429     /* round 9 */
0430     subL[12] ^= kw4l; subR[12] ^= kw4r;
0431     /* round 7 */
0432     subL[10] ^= kw4l; subR[10] ^= kw4r;
0433     kw4l ^= kw4r & ~subR[8];
0434     dw = kw4l & subL[8];
0435     kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
0436     /* round 5 */
0437     subL[6] ^= kw4l; subR[6] ^= kw4r;
0438     /* round 3 */
0439     subL[4] ^= kw4l; subR[4] ^= kw4r;
0440     /* round 1 */
0441     subL[2] ^= kw4l; subR[2] ^= kw4r;
0442     /* kw1 */
0443     subL[0] ^= kw4l; subR[0] ^= kw4r;
0444 
0445     /* key XOR is end of F-function */
0446     SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
0447     SUBKEY_R(0) = subR[0] ^ subR[2];
0448     SUBKEY_L(2) = subL[3];       /* round 1 */
0449     SUBKEY_R(2) = subR[3];
0450     SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
0451     SUBKEY_R(3) = subR[2] ^ subR[4];
0452     SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
0453     SUBKEY_R(4) = subR[3] ^ subR[5];
0454     SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
0455     SUBKEY_R(5) = subR[4] ^ subR[6];
0456     SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
0457     SUBKEY_R(6) = subR[5] ^ subR[7];
0458     tl = subL[10] ^ (subR[10] & ~subR[8]);
0459     dw = tl & subL[8];  /* FL(kl1) */
0460     tr = subR[10] ^ rol32(dw, 1);
0461     SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
0462     SUBKEY_R(7) = subR[6] ^ tr;
0463     SUBKEY_L(8) = subL[8];       /* FL(kl1) */
0464     SUBKEY_R(8) = subR[8];
0465     SUBKEY_L(9) = subL[9];       /* FLinv(kl2) */
0466     SUBKEY_R(9) = subR[9];
0467     tl = subL[7] ^ (subR[7] & ~subR[9]);
0468     dw = tl & subL[9];  /* FLinv(kl2) */
0469     tr = subR[7] ^ rol32(dw, 1);
0470     SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
0471     SUBKEY_R(10) = tr ^ subR[11];
0472     SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
0473     SUBKEY_R(11) = subR[10] ^ subR[12];
0474     SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
0475     SUBKEY_R(12) = subR[11] ^ subR[13];
0476     SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
0477     SUBKEY_R(13) = subR[12] ^ subR[14];
0478     SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
0479     SUBKEY_R(14) = subR[13] ^ subR[15];
0480     tl = subL[18] ^ (subR[18] & ~subR[16]);
0481     dw = tl & subL[16]; /* FL(kl3) */
0482     tr = subR[18] ^ rol32(dw, 1);
0483     SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
0484     SUBKEY_R(15) = subR[14] ^ tr;
0485     SUBKEY_L(16) = subL[16];     /* FL(kl3) */
0486     SUBKEY_R(16) = subR[16];
0487     SUBKEY_L(17) = subL[17];     /* FLinv(kl4) */
0488     SUBKEY_R(17) = subR[17];
0489     tl = subL[15] ^ (subR[15] & ~subR[17]);
0490     dw = tl & subL[17]; /* FLinv(kl4) */
0491     tr = subR[15] ^ rol32(dw, 1);
0492     SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
0493     SUBKEY_R(18) = tr ^ subR[19];
0494     SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
0495     SUBKEY_R(19) = subR[18] ^ subR[20];
0496     SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
0497     SUBKEY_R(20) = subR[19] ^ subR[21];
0498     SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
0499     SUBKEY_R(21) = subR[20] ^ subR[22];
0500     SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
0501     SUBKEY_R(22) = subR[21] ^ subR[23];
0502     if (max == 24) {
0503         SUBKEY_L(23) = subL[22];     /* round 18 */
0504         SUBKEY_R(23) = subR[22];
0505         SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
0506         SUBKEY_R(24) = subR[24] ^ subR[23];
0507     } else {
0508         tl = subL[26] ^ (subR[26] & ~subR[24]);
0509         dw = tl & subL[24]; /* FL(kl5) */
0510         tr = subR[26] ^ rol32(dw, 1);
0511         SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
0512         SUBKEY_R(23) = subR[22] ^ tr;
0513         SUBKEY_L(24) = subL[24];     /* FL(kl5) */
0514         SUBKEY_R(24) = subR[24];
0515         SUBKEY_L(25) = subL[25];     /* FLinv(kl6) */
0516         SUBKEY_R(25) = subR[25];
0517         tl = subL[23] ^ (subR[23] & ~subR[25]);
0518         dw = tl & subL[25]; /* FLinv(kl6) */
0519         tr = subR[23] ^ rol32(dw, 1);
0520         SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
0521         SUBKEY_R(26) = tr ^ subR[27];
0522         SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
0523         SUBKEY_R(27) = subR[26] ^ subR[28];
0524         SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
0525         SUBKEY_R(28) = subR[27] ^ subR[29];
0526         SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
0527         SUBKEY_R(29) = subR[28] ^ subR[30];
0528         SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
0529         SUBKEY_R(30) = subR[29] ^ subR[31];
0530         SUBKEY_L(31) = subL[30];     /* round 24 */
0531         SUBKEY_R(31) = subR[30];
0532         SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
0533         SUBKEY_R(32) = subR[32] ^ subR[31];
0534     }
0535 }
0536 
0537 static void camellia_setup128(const unsigned char *key, u32 *subkey)
0538 {
0539     u32 kll, klr, krl, krr;
0540     u32 il, ir, t0, t1, w0, w1;
0541     u32 subL[26];
0542     u32 subR[26];
0543 
0544     /**
0545      *  k == kll || klr || krl || krr (|| is concatenation)
0546      */
0547     kll = get_unaligned_be32(key);
0548     klr = get_unaligned_be32(key + 4);
0549     krl = get_unaligned_be32(key + 8);
0550     krr = get_unaligned_be32(key + 12);
0551 
0552     /* generate KL dependent subkeys */
0553     /* kw1 */
0554     subL[0] = kll; subR[0] = klr;
0555     /* kw2 */
0556     subL[1] = krl; subR[1] = krr;
0557     /* rotation left shift 15bit */
0558     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0559     /* k3 */
0560     subL[4] = kll; subR[4] = klr;
0561     /* k4 */
0562     subL[5] = krl; subR[5] = krr;
0563     /* rotation left shift 15+30bit */
0564     ROLDQ(kll, klr, krl, krr, w0, w1, 30);
0565     /* k7 */
0566     subL[10] = kll; subR[10] = klr;
0567     /* k8 */
0568     subL[11] = krl; subR[11] = krr;
0569     /* rotation left shift 15+30+15bit */
0570     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0571     /* k10 */
0572     subL[13] = krl; subR[13] = krr;
0573     /* rotation left shift 15+30+15+17 bit */
0574     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0575     /* kl3 */
0576     subL[16] = kll; subR[16] = klr;
0577     /* kl4 */
0578     subL[17] = krl; subR[17] = krr;
0579     /* rotation left shift 15+30+15+17+17 bit */
0580     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0581     /* k13 */
0582     subL[18] = kll; subR[18] = klr;
0583     /* k14 */
0584     subL[19] = krl; subR[19] = krr;
0585     /* rotation left shift 15+30+15+17+17+17 bit */
0586     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0587     /* k17 */
0588     subL[22] = kll; subR[22] = klr;
0589     /* k18 */
0590     subL[23] = krl; subR[23] = krr;
0591 
0592     /* generate KA */
0593     kll = subL[0]; klr = subR[0];
0594     krl = subL[1]; krr = subR[1];
0595     CAMELLIA_F(kll, klr,
0596            CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
0597            w0, w1, il, ir, t0, t1);
0598     krl ^= w0; krr ^= w1;
0599     CAMELLIA_F(krl, krr,
0600            CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
0601            kll, klr, il, ir, t0, t1);
0602     /* current status == (kll, klr, w0, w1) */
0603     CAMELLIA_F(kll, klr,
0604            CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
0605            krl, krr, il, ir, t0, t1);
0606     krl ^= w0; krr ^= w1;
0607     CAMELLIA_F(krl, krr,
0608            CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
0609            w0, w1, il, ir, t0, t1);
0610     kll ^= w0; klr ^= w1;
0611 
0612     /* generate KA dependent subkeys */
0613     /* k1, k2 */
0614     subL[2] = kll; subR[2] = klr;
0615     subL[3] = krl; subR[3] = krr;
0616     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0617     /* k5,k6 */
0618     subL[6] = kll; subR[6] = klr;
0619     subL[7] = krl; subR[7] = krr;
0620     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0621     /* kl1, kl2 */
0622     subL[8] = kll; subR[8] = klr;
0623     subL[9] = krl; subR[9] = krr;
0624     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0625     /* k9 */
0626     subL[12] = kll; subR[12] = klr;
0627     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0628     /* k11, k12 */
0629     subL[14] = kll; subR[14] = klr;
0630     subL[15] = krl; subR[15] = krr;
0631     ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
0632     /* k15, k16 */
0633     subL[20] = kll; subR[20] = klr;
0634     subL[21] = krl; subR[21] = krr;
0635     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0636     /* kw3, kw4 */
0637     subL[24] = kll; subR[24] = klr;
0638     subL[25] = krl; subR[25] = krr;
0639 
0640     camellia_setup_tail(subkey, subL, subR, 24);
0641 }
0642 
0643 static void camellia_setup256(const unsigned char *key, u32 *subkey)
0644 {
0645     u32 kll, klr, krl, krr;        /* left half of key */
0646     u32 krll, krlr, krrl, krrr;    /* right half of key */
0647     u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
0648     u32 subL[34];
0649     u32 subR[34];
0650 
0651     /**
0652      *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
0653      *  (|| is concatenation)
0654      */
0655     kll = get_unaligned_be32(key);
0656     klr = get_unaligned_be32(key + 4);
0657     krl = get_unaligned_be32(key + 8);
0658     krr = get_unaligned_be32(key + 12);
0659     krll = get_unaligned_be32(key + 16);
0660     krlr = get_unaligned_be32(key + 20);
0661     krrl = get_unaligned_be32(key + 24);
0662     krrr = get_unaligned_be32(key + 28);
0663 
0664     /* generate KL dependent subkeys */
0665     /* kw1 */
0666     subL[0] = kll; subR[0] = klr;
0667     /* kw2 */
0668     subL[1] = krl; subR[1] = krr;
0669     ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
0670     /* k9 */
0671     subL[12] = kll; subR[12] = klr;
0672     /* k10 */
0673     subL[13] = krl; subR[13] = krr;
0674     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0675     /* kl3 */
0676     subL[16] = kll; subR[16] = klr;
0677     /* kl4 */
0678     subL[17] = krl; subR[17] = krr;
0679     ROLDQ(kll, klr, krl, krr, w0, w1, 17);
0680     /* k17 */
0681     subL[22] = kll; subR[22] = klr;
0682     /* k18 */
0683     subL[23] = krl; subR[23] = krr;
0684     ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
0685     /* k23 */
0686     subL[30] = kll; subR[30] = klr;
0687     /* k24 */
0688     subL[31] = krl; subR[31] = krr;
0689 
0690     /* generate KR dependent subkeys */
0691     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
0692     /* k3 */
0693     subL[4] = krll; subR[4] = krlr;
0694     /* k4 */
0695     subL[5] = krrl; subR[5] = krrr;
0696     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
0697     /* kl1 */
0698     subL[8] = krll; subR[8] = krlr;
0699     /* kl2 */
0700     subL[9] = krrl; subR[9] = krrr;
0701     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
0702     /* k13 */
0703     subL[18] = krll; subR[18] = krlr;
0704     /* k14 */
0705     subL[19] = krrl; subR[19] = krrr;
0706     ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
0707     /* k19 */
0708     subL[26] = krll; subR[26] = krlr;
0709     /* k20 */
0710     subL[27] = krrl; subR[27] = krrr;
0711     ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
0712 
0713     /* generate KA */
0714     kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
0715     krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
0716     CAMELLIA_F(kll, klr,
0717            CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
0718            w0, w1, il, ir, t0, t1);
0719     krl ^= w0; krr ^= w1;
0720     CAMELLIA_F(krl, krr,
0721            CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
0722            kll, klr, il, ir, t0, t1);
0723     kll ^= krll; klr ^= krlr;
0724     CAMELLIA_F(kll, klr,
0725            CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
0726            krl, krr, il, ir, t0, t1);
0727     krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
0728     CAMELLIA_F(krl, krr,
0729            CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
0730            w0, w1, il, ir, t0, t1);
0731     kll ^= w0; klr ^= w1;
0732 
0733     /* generate KB */
0734     krll ^= kll; krlr ^= klr;
0735     krrl ^= krl; krrr ^= krr;
0736     CAMELLIA_F(krll, krlr,
0737            CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
0738            w0, w1, il, ir, t0, t1);
0739     krrl ^= w0; krrr ^= w1;
0740     CAMELLIA_F(krrl, krrr,
0741            CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
0742            w0, w1, il, ir, t0, t1);
0743     krll ^= w0; krlr ^= w1;
0744 
0745     /* generate KA dependent subkeys */
0746     ROLDQ(kll, klr, krl, krr, w0, w1, 15);
0747     /* k5 */
0748     subL[6] = kll; subR[6] = klr;
0749     /* k6 */
0750     subL[7] = krl; subR[7] = krr;
0751     ROLDQ(kll, klr, krl, krr, w0, w1, 30);
0752     /* k11 */
0753     subL[14] = kll; subR[14] = klr;
0754     /* k12 */
0755     subL[15] = krl; subR[15] = krr;
0756     /* rotation left shift 32bit */
0757     /* kl5 */
0758     subL[24] = klr; subR[24] = krl;
0759     /* kl6 */
0760     subL[25] = krr; subR[25] = kll;
0761     /* rotation left shift 49 from k11,k12 -> k21,k22 */
0762     ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
0763     /* k21 */
0764     subL[28] = kll; subR[28] = klr;
0765     /* k22 */
0766     subL[29] = krl; subR[29] = krr;
0767 
0768     /* generate KB dependent subkeys */
0769     /* k1 */
0770     subL[2] = krll; subR[2] = krlr;
0771     /* k2 */
0772     subL[3] = krrl; subR[3] = krrr;
0773     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
0774     /* k7 */
0775     subL[10] = krll; subR[10] = krlr;
0776     /* k8 */
0777     subL[11] = krrl; subR[11] = krrr;
0778     ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
0779     /* k15 */
0780     subL[20] = krll; subR[20] = krlr;
0781     /* k16 */
0782     subL[21] = krrl; subR[21] = krrr;
0783     ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
0784     /* kw3 */
0785     subL[32] = krll; subR[32] = krlr;
0786     /* kw4 */
0787     subL[33] = krrl; subR[33] = krrr;
0788 
0789     camellia_setup_tail(subkey, subL, subR, 32);
0790 }
0791 
0792 static void camellia_setup192(const unsigned char *key, u32 *subkey)
0793 {
0794     unsigned char kk[32];
0795     u32 krll, krlr, krrl, krrr;
0796 
0797     memcpy(kk, key, 24);
0798     memcpy((unsigned char *)&krll, key+16, 4);
0799     memcpy((unsigned char *)&krlr, key+20, 4);
0800     krrl = ~krll;
0801     krrr = ~krlr;
0802     memcpy(kk+24, (unsigned char *)&krrl, 4);
0803     memcpy(kk+28, (unsigned char *)&krrr, 4);
0804     camellia_setup256(kk, subkey);
0805 }
0806 
0807 
0808 /*
0809  * Encrypt/decrypt
0810  */
0811 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
0812     t0 = kll;                           \
0813     t2 = krr;                           \
0814     t0 &= ll;                           \
0815     t2 |= rr;                           \
0816     rl ^= t2;                           \
0817     lr ^= rol32(t0, 1);                     \
0818     t3 = krl;                           \
0819     t1 = klr;                           \
0820     t3 &= rl;                           \
0821     t1 |= lr;                           \
0822     ll ^= t1;                           \
0823     rr ^= rol32(t3, 1);                     \
0824 })
0825 
0826 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({     \
0827     yl ^= kl;                           \
0828     yr ^= kr;                           \
0829     ir =  camellia_sp1110[(u8)xr];                  \
0830     il =  camellia_sp1110[(u8)(xl >> 24)];              \
0831     ir ^= camellia_sp0222[(u8)(xr >> 24)];              \
0832     il ^= camellia_sp0222[(u8)(xl >> 16)];              \
0833     ir ^= camellia_sp3033[(u8)(xr >> 16)];              \
0834     il ^= camellia_sp3033[(u8)(xl >> 8)];               \
0835     ir ^= camellia_sp4404[(u8)(xr >> 8)];               \
0836     il ^= camellia_sp4404[(u8)xl];                  \
0837     ir ^= il;                           \
0838     yl ^= ir;                           \
0839     yr ^= ror32(il, 8) ^ ir;                    \
0840 })
0841 
0842 /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
0843 static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
0844 {
0845     u32 il, ir, t0, t1;            /* temporary variables */
0846 
0847     /* pre whitening but absorb kw2 */
0848     io[0] ^= SUBKEY_L(0);
0849     io[1] ^= SUBKEY_R(0);
0850 
0851     /* main iteration */
0852 #define ROUNDS(i) ({ \
0853     CAMELLIA_ROUNDSM(io[0], io[1], \
0854              SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
0855              io[2], io[3], il, ir); \
0856     CAMELLIA_ROUNDSM(io[2], io[3], \
0857              SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
0858              io[0], io[1], il, ir); \
0859     CAMELLIA_ROUNDSM(io[0], io[1], \
0860              SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
0861              io[2], io[3], il, ir); \
0862     CAMELLIA_ROUNDSM(io[2], io[3], \
0863              SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
0864              io[0], io[1], il, ir); \
0865     CAMELLIA_ROUNDSM(io[0], io[1], \
0866              SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
0867              io[2], io[3], il, ir); \
0868     CAMELLIA_ROUNDSM(io[2], io[3], \
0869              SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
0870              io[0], io[1], il, ir); \
0871 })
0872 #define FLS(i) ({ \
0873     CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
0874              SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
0875              SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
0876              t0, t1, il, ir); \
0877 })
0878 
0879     ROUNDS(0);
0880     FLS(8);
0881     ROUNDS(8);
0882     FLS(16);
0883     ROUNDS(16);
0884     if (max == 32) {
0885         FLS(24);
0886         ROUNDS(24);
0887     }
0888 
0889 #undef ROUNDS
0890 #undef FLS
0891 
0892     /* post whitening but kw4 */
0893     io[2] ^= SUBKEY_L(max);
0894     io[3] ^= SUBKEY_R(max);
0895     /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
0896 }
0897 
0898 static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
0899 {
0900     u32 il, ir, t0, t1;            /* temporary variables */
0901 
0902     /* pre whitening but absorb kw2 */
0903     io[0] ^= SUBKEY_L(i);
0904     io[1] ^= SUBKEY_R(i);
0905 
0906     /* main iteration */
0907 #define ROUNDS(i) ({ \
0908     CAMELLIA_ROUNDSM(io[0], io[1], \
0909              SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
0910              io[2], io[3], il, ir); \
0911     CAMELLIA_ROUNDSM(io[2], io[3], \
0912              SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
0913              io[0], io[1], il, ir); \
0914     CAMELLIA_ROUNDSM(io[0], io[1], \
0915              SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
0916              io[2], io[3], il, ir); \
0917     CAMELLIA_ROUNDSM(io[2], io[3], \
0918              SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
0919              io[0], io[1], il, ir); \
0920     CAMELLIA_ROUNDSM(io[0], io[1], \
0921              SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
0922              io[2], io[3], il, ir); \
0923     CAMELLIA_ROUNDSM(io[2], io[3], \
0924              SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
0925              io[0], io[1], il, ir); \
0926 })
0927 #define FLS(i) ({ \
0928     CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
0929              SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
0930              SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
0931              t0, t1, il, ir); \
0932 })
0933 
0934     if (i == 32) {
0935         ROUNDS(24);
0936         FLS(24);
0937     }
0938     ROUNDS(16);
0939     FLS(16);
0940     ROUNDS(8);
0941     FLS(8);
0942     ROUNDS(0);
0943 
0944 #undef ROUNDS
0945 #undef FLS
0946 
0947     /* post whitening but kw4 */
0948     io[2] ^= SUBKEY_L(0);
0949     io[3] ^= SUBKEY_R(0);
0950     /* NB: 0,1 should be swapped with 2,3 by caller! */
0951 }
0952 
0953 
0954 struct camellia_ctx {
0955     int key_length;
0956     u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
0957 };
0958 
0959 static int
0960 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
0961          unsigned int key_len)
0962 {
0963     struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
0964     const unsigned char *key = (const unsigned char *)in_key;
0965 
0966     if (key_len != 16 && key_len != 24 && key_len != 32)
0967         return -EINVAL;
0968 
0969     cctx->key_length = key_len;
0970 
0971     switch (key_len) {
0972     case 16:
0973         camellia_setup128(key, cctx->key_table);
0974         break;
0975     case 24:
0976         camellia_setup192(key, cctx->key_table);
0977         break;
0978     case 32:
0979         camellia_setup256(key, cctx->key_table);
0980         break;
0981     }
0982 
0983     return 0;
0984 }
0985 
0986 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
0987 {
0988     const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
0989     unsigned int max;
0990 
0991     u32 tmp[4];
0992 
0993     tmp[0] = get_unaligned_be32(in);
0994     tmp[1] = get_unaligned_be32(in + 4);
0995     tmp[2] = get_unaligned_be32(in + 8);
0996     tmp[3] = get_unaligned_be32(in + 12);
0997 
0998     if (cctx->key_length == 16)
0999         max = 24;
1000     else
1001         max = 32; /* for key lengths of 24 and 32 */
1002 
1003     camellia_do_encrypt(cctx->key_table, tmp, max);
1004 
1005     /* do_encrypt returns 0,1 swapped with 2,3 */
1006     put_unaligned_be32(tmp[2], out);
1007     put_unaligned_be32(tmp[3], out + 4);
1008     put_unaligned_be32(tmp[0], out + 8);
1009     put_unaligned_be32(tmp[1], out + 12);
1010 }
1011 
1012 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1013 {
1014     const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1015     unsigned int max;
1016 
1017     u32 tmp[4];
1018 
1019     tmp[0] = get_unaligned_be32(in);
1020     tmp[1] = get_unaligned_be32(in + 4);
1021     tmp[2] = get_unaligned_be32(in + 8);
1022     tmp[3] = get_unaligned_be32(in + 12);
1023 
1024     if (cctx->key_length == 16)
1025         max = 24;
1026     else
1027         max = 32; /* for key lengths of 24 and 32 */
1028 
1029     camellia_do_decrypt(cctx->key_table, tmp, max);
1030 
1031     /* do_decrypt returns 0,1 swapped with 2,3 */
1032     put_unaligned_be32(tmp[2], out);
1033     put_unaligned_be32(tmp[3], out + 4);
1034     put_unaligned_be32(tmp[0], out + 8);
1035     put_unaligned_be32(tmp[1], out + 12);
1036 }
1037 
1038 static struct crypto_alg camellia_alg = {
1039     .cra_name       =   "camellia",
1040     .cra_driver_name    =   "camellia-generic",
1041     .cra_priority       =   100,
1042     .cra_flags      =   CRYPTO_ALG_TYPE_CIPHER,
1043     .cra_blocksize      =   CAMELLIA_BLOCK_SIZE,
1044     .cra_ctxsize        =   sizeof(struct camellia_ctx),
1045     .cra_module     =   THIS_MODULE,
1046     .cra_u          =   {
1047         .cipher = {
1048             .cia_min_keysize    =   CAMELLIA_MIN_KEY_SIZE,
1049             .cia_max_keysize    =   CAMELLIA_MAX_KEY_SIZE,
1050             .cia_setkey     =   camellia_set_key,
1051             .cia_encrypt        =   camellia_encrypt,
1052             .cia_decrypt        =   camellia_decrypt
1053         }
1054     }
1055 };
1056 
1057 static int __init camellia_init(void)
1058 {
1059     return crypto_register_alg(&camellia_alg);
1060 }
1061 
1062 static void __exit camellia_fini(void)
1063 {
1064     crypto_unregister_alg(&camellia_alg);
1065 }
1066 
1067 subsys_initcall(camellia_init);
1068 module_exit(camellia_fini);
1069 
1070 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1071 MODULE_LICENSE("GPL");
1072 MODULE_ALIAS_CRYPTO("camellia");
1073 MODULE_ALIAS_CRYPTO("camellia-generic");
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!