linux/crypto/camellia_generic.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * Copyright (C) 2006
   4 * NTT (Nippon Telegraph and Telephone Corporation).
   5 */
   6
   7/*
   8 * Algorithm Specification
   9 *  https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
  10 */
  11
  12#include <linux/crypto.h>
  13#include <linux/errno.h>
  14#include <linux/init.h>
  15#include <linux/kernel.h>
  16#include <linux/module.h>
  17#include <linux/bitops.h>
  18#include <asm/unaligned.h>
  19
  20static const u32 camellia_sp1110[256] = {
  21        0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
  22        0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
  23        0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
  24        0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
  25        0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
  26        0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
  27        0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
  28        0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
  29        0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
  30        0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
  31        0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
  32        0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
  33        0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
  34        0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
  35        0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
  36        0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
  37        0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
  38        0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
  39        0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
  40        0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
  41        0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
  42        0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
  43        0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
  44        0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
  45        0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
  46        0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
  47        0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
  48        0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
  49        0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
  50        0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
  51        0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
  52        0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
  53        0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
  54        0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
  55        0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
  56        0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
  57        0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
  58        0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
  59        0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
  60        0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
  61        0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
  62        0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
  63        0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
  64        0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
  65        0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
  66        0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
  67        0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
  68        0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
  69        0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
  70        0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
  71        0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
  72        0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
  73        0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
  74        0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
  75        0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
  76        0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
  77        0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
  78        0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
  79        0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
  80        0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
  81        0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
  82        0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
  83        0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
  84        0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
  85};
  86
  87static const u32 camellia_sp0222[256] = {
  88        0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
  89        0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
  90        0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
  91        0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
  92        0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
  93        0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
  94        0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
  95        0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
  96        0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
  97        0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
  98        0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
  99        0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
 100        0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
 101        0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
 102        0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
 103        0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
 104        0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
 105        0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
 106        0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
 107        0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
 108        0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
 109        0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
 110        0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
 111        0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
 112        0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
 113        0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
 114        0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
 115        0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
 116        0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
 117        0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
 118        0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
 119        0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
 120        0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
 121        0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
 122        0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
 123        0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
 124        0x00202020, 0x00898989, 0x00000000, 0x00909090,
 125        0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
 126        0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
 127        0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
 128        0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
 129        0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
 130        0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
 131        0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
 132        0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
 133        0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
 134        0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
 135        0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
 136        0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
 137        0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
 138        0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
 139        0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
 140        0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
 141        0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
 142        0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
 143        0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
 144        0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
 145        0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
 146        0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
 147        0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
 148        0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
 149        0x00777777, 0x00939393, 0x00868686, 0x00838383,
 150        0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
 151        0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
 152};
 153
 154static const u32 camellia_sp3033[256] = {
 155        0x38003838, 0x41004141, 0x16001616, 0x76007676,
 156        0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
 157        0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
 158        0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
 159        0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
 160        0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
 161        0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
 162        0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
 163        0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
 164        0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
 165        0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
 166        0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
 167        0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
 168        0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
 169        0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
 170        0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
 171        0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
 172        0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
 173        0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
 174        0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
 175        0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
 176        0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
 177        0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
 178        0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
 179        0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
 180        0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
 181        0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
 182        0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
 183        0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
 184        0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
 185        0x12001212, 0x04000404, 0x74007474, 0x54005454,
 186        0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
 187        0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
 188        0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
 189        0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
 190        0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
 191        0x08000808, 0x62006262, 0x00000000, 0x24002424,
 192        0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
 193        0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
 194        0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
 195        0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
 196        0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
 197        0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
 198        0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
 199        0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
 200        0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
 201        0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
 202        0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
 203        0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
 204        0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
 205        0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
 206        0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
 207        0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
 208        0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
 209        0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
 210        0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
 211        0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
 212        0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
 213        0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
 214        0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
 215        0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
 216        0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
 217        0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
 218        0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
 219};
 220
 221static const u32 camellia_sp4404[256] = {
 222        0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
 223        0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
 224        0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
 225        0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
 226        0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
 227        0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
 228        0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
 229        0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
 230        0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
 231        0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
 232        0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
 233        0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
 234        0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
 235        0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
 236        0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
 237        0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
 238        0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
 239        0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
 240        0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
 241        0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
 242        0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
 243        0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
 244        0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
 245        0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
 246        0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
 247        0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
 248        0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
 249        0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
 250        0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
 251        0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
 252        0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
 253        0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
 254        0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
 255        0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
 256        0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
 257        0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
 258        0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
 259        0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
 260        0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
 261        0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
 262        0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
 263        0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
 264        0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
 265        0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
 266        0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
 267        0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
 268        0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
 269        0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
 270        0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
 271        0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
 272        0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
 273        0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
 274        0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
 275        0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
 276        0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
 277        0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
 278        0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
 279        0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
 280        0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
 281        0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
 282        0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
 283        0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
 284        0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
 285        0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
 286};
 287
 288
 289#define CAMELLIA_MIN_KEY_SIZE        16
 290#define CAMELLIA_MAX_KEY_SIZE        32
 291#define CAMELLIA_BLOCK_SIZE          16
 292#define CAMELLIA_TABLE_BYTE_LEN     272
 293
 294/*
 295 * NB: L and R below stand for 'left' and 'right' as in written numbers.
 296 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
 297 * _not_ least significant ones!
 298 */
 299
 300
 301/* key constants */
 302
 303#define CAMELLIA_SIGMA1L (0xA09E667FL)
 304#define CAMELLIA_SIGMA1R (0x3BCC908BL)
 305#define CAMELLIA_SIGMA2L (0xB67AE858L)
 306#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
 307#define CAMELLIA_SIGMA3L (0xC6EF372FL)
 308#define CAMELLIA_SIGMA3R (0xE94F82BEL)
 309#define CAMELLIA_SIGMA4L (0x54FF53A5L)
 310#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
 311#define CAMELLIA_SIGMA5L (0x10E527FAL)
 312#define CAMELLIA_SIGMA5R (0xDE682D1DL)
 313#define CAMELLIA_SIGMA6L (0xB05688C2L)
 314#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
 315
 316/*
 317 *  macros
 318 */
 319#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({          \
 320        w0 = ll;                                        \
 321        ll = (ll << bits) + (lr >> (32 - bits));        \
 322        lr = (lr << bits) + (rl >> (32 - bits));        \
 323        rl = (rl << bits) + (rr >> (32 - bits));        \
 324        rr = (rr << bits) + (w0 >> (32 - bits));        \
 325})
 326
 327#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({       \
 328        w0 = ll;                                        \
 329        w1 = lr;                                        \
 330        ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
 331        lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
 332        rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
 333        rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
 334})
 335
 336#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({   \
 337        il = xl ^ kl;                                           \
 338        ir = xr ^ kr;                                           \
 339        t0 = il >> 16;                                          \
 340        t1 = ir >> 16;                                          \
 341        yl = camellia_sp1110[(u8)(ir)]                          \
 342           ^ camellia_sp0222[(u8)(t1 >> 8)]                     \
 343           ^ camellia_sp3033[(u8)(t1)]                          \
 344           ^ camellia_sp4404[(u8)(ir >> 8)];                    \
 345        yr = camellia_sp1110[(u8)(t0 >> 8)]                     \
 346           ^ camellia_sp0222[(u8)(t0)]                          \
 347           ^ camellia_sp3033[(u8)(il >> 8)]                     \
 348           ^ camellia_sp4404[(u8)(il)];                         \
 349        yl ^= yr;                                               \
 350        yr = ror32(yr, 8);                                      \
 351        yr ^= yl;                                               \
 352})
 353
 354#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
 355#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
 356
 357static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
 358{
 359        u32 dw, tl, tr;
 360        u32 kw4l, kw4r;
 361
 362        /* absorb kw2 to other subkeys */
 363        /* round 2 */
 364        subL[3] ^= subL[1]; subR[3] ^= subR[1];
 365        /* round 4 */
 366        subL[5] ^= subL[1]; subR[5] ^= subR[1];
 367        /* round 6 */
 368        subL[7] ^= subL[1]; subR[7] ^= subR[1];
 369        subL[1] ^= subR[1] & ~subR[9];
 370        dw = subL[1] & subL[9];
 371        subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
 372        /* round 8 */
 373        subL[11] ^= subL[1]; subR[11] ^= subR[1];
 374        /* round 10 */
 375        subL[13] ^= subL[1]; subR[13] ^= subR[1];
 376        /* round 12 */
 377        subL[15] ^= subL[1]; subR[15] ^= subR[1];
 378        subL[1] ^= subR[1] & ~subR[17];
 379        dw = subL[1] & subL[17];
 380        subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
 381        /* round 14 */
 382        subL[19] ^= subL[1]; subR[19] ^= subR[1];
 383        /* round 16 */
 384        subL[21] ^= subL[1]; subR[21] ^= subR[1];
 385        /* round 18 */
 386        subL[23] ^= subL[1]; subR[23] ^= subR[1];
 387        if (max == 24) {
 388                /* kw3 */
 389                subL[24] ^= subL[1]; subR[24] ^= subR[1];
 390
 391        /* absorb kw4 to other subkeys */
 392                kw4l = subL[25]; kw4r = subR[25];
 393        } else {
 394                subL[1] ^= subR[1] & ~subR[25];
 395                dw = subL[1] & subL[25];
 396                subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
 397                /* round 20 */
 398                subL[27] ^= subL[1]; subR[27] ^= subR[1];
 399                /* round 22 */
 400                subL[29] ^= subL[1]; subR[29] ^= subR[1];
 401                /* round 24 */
 402                subL[31] ^= subL[1]; subR[31] ^= subR[1];
 403                /* kw3 */
 404                subL[32] ^= subL[1]; subR[32] ^= subR[1];
 405
 406        /* absorb kw4 to other subkeys */
 407                kw4l = subL[33]; kw4r = subR[33];
 408                /* round 23 */
 409                subL[30] ^= kw4l; subR[30] ^= kw4r;
 410                /* round 21 */
 411                subL[28] ^= kw4l; subR[28] ^= kw4r;
 412                /* round 19 */
 413                subL[26] ^= kw4l; subR[26] ^= kw4r;
 414                kw4l ^= kw4r & ~subR[24];
 415                dw = kw4l & subL[24];
 416                kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
 417        }
 418        /* round 17 */
 419        subL[22] ^= kw4l; subR[22] ^= kw4r;
 420        /* round 15 */
 421        subL[20] ^= kw4l; subR[20] ^= kw4r;
 422        /* round 13 */
 423        subL[18] ^= kw4l; subR[18] ^= kw4r;
 424        kw4l ^= kw4r & ~subR[16];
 425        dw = kw4l & subL[16];
 426        kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
 427        /* round 11 */
 428        subL[14] ^= kw4l; subR[14] ^= kw4r;
 429        /* round 9 */
 430        subL[12] ^= kw4l; subR[12] ^= kw4r;
 431        /* round 7 */
 432        subL[10] ^= kw4l; subR[10] ^= kw4r;
 433        kw4l ^= kw4r & ~subR[8];
 434        dw = kw4l & subL[8];
 435        kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
 436        /* round 5 */
 437        subL[6] ^= kw4l; subR[6] ^= kw4r;
 438        /* round 3 */
 439        subL[4] ^= kw4l; subR[4] ^= kw4r;
 440        /* round 1 */
 441        subL[2] ^= kw4l; subR[2] ^= kw4r;
 442        /* kw1 */
 443        subL[0] ^= kw4l; subR[0] ^= kw4r;
 444
 445        /* key XOR is end of F-function */
 446        SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
 447        SUBKEY_R(0) = subR[0] ^ subR[2];
 448        SUBKEY_L(2) = subL[3];       /* round 1 */
 449        SUBKEY_R(2) = subR[3];
 450        SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
 451        SUBKEY_R(3) = subR[2] ^ subR[4];
 452        SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
 453        SUBKEY_R(4) = subR[3] ^ subR[5];
 454        SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
 455        SUBKEY_R(5) = subR[4] ^ subR[6];
 456        SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
 457        SUBKEY_R(6) = subR[5] ^ subR[7];
 458        tl = subL[10] ^ (subR[10] & ~subR[8]);
 459        dw = tl & subL[8];  /* FL(kl1) */
 460        tr = subR[10] ^ rol32(dw, 1);
 461        SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
 462        SUBKEY_R(7) = subR[6] ^ tr;
 463        SUBKEY_L(8) = subL[8];       /* FL(kl1) */
 464        SUBKEY_R(8) = subR[8];
 465        SUBKEY_L(9) = subL[9];       /* FLinv(kl2) */
 466        SUBKEY_R(9) = subR[9];
 467        tl = subL[7] ^ (subR[7] & ~subR[9]);
 468        dw = tl & subL[9];  /* FLinv(kl2) */
 469        tr = subR[7] ^ rol32(dw, 1);
 470        SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
 471        SUBKEY_R(10) = tr ^ subR[11];
 472        SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
 473        SUBKEY_R(11) = subR[10] ^ subR[12];
 474        SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
 475        SUBKEY_R(12) = subR[11] ^ subR[13];
 476        SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
 477        SUBKEY_R(13) = subR[12] ^ subR[14];
 478        SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
 479        SUBKEY_R(14) = subR[13] ^ subR[15];
 480        tl = subL[18] ^ (subR[18] & ~subR[16]);
 481        dw = tl & subL[16]; /* FL(kl3) */
 482        tr = subR[18] ^ rol32(dw, 1);
 483        SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
 484        SUBKEY_R(15) = subR[14] ^ tr;
 485        SUBKEY_L(16) = subL[16];     /* FL(kl3) */
 486        SUBKEY_R(16) = subR[16];
 487        SUBKEY_L(17) = subL[17];     /* FLinv(kl4) */
 488        SUBKEY_R(17) = subR[17];
 489        tl = subL[15] ^ (subR[15] & ~subR[17]);
 490        dw = tl & subL[17]; /* FLinv(kl4) */
 491        tr = subR[15] ^ rol32(dw, 1);
 492        SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
 493        SUBKEY_R(18) = tr ^ subR[19];
 494        SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
 495        SUBKEY_R(19) = subR[18] ^ subR[20];
 496        SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
 497        SUBKEY_R(20) = subR[19] ^ subR[21];
 498        SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
 499        SUBKEY_R(21) = subR[20] ^ subR[22];
 500        SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
 501        SUBKEY_R(22) = subR[21] ^ subR[23];
 502        if (max == 24) {
 503                SUBKEY_L(23) = subL[22];     /* round 18 */
 504                SUBKEY_R(23) = subR[22];
 505                SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
 506                SUBKEY_R(24) = subR[24] ^ subR[23];
 507        } else {
 508                tl = subL[26] ^ (subR[26] & ~subR[24]);
 509                dw = tl & subL[24]; /* FL(kl5) */
 510                tr = subR[26] ^ rol32(dw, 1);
 511                SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
 512                SUBKEY_R(23) = subR[22] ^ tr;
 513                SUBKEY_L(24) = subL[24];     /* FL(kl5) */
 514                SUBKEY_R(24) = subR[24];
 515                SUBKEY_L(25) = subL[25];     /* FLinv(kl6) */
 516                SUBKEY_R(25) = subR[25];
 517                tl = subL[23] ^ (subR[23] & ~subR[25]);
 518                dw = tl & subL[25]; /* FLinv(kl6) */
 519                tr = subR[23] ^ rol32(dw, 1);
 520                SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
 521                SUBKEY_R(26) = tr ^ subR[27];
 522                SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
 523                SUBKEY_R(27) = subR[26] ^ subR[28];
 524                SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
 525                SUBKEY_R(28) = subR[27] ^ subR[29];
 526                SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
 527                SUBKEY_R(29) = subR[28] ^ subR[30];
 528                SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
 529                SUBKEY_R(30) = subR[29] ^ subR[31];
 530                SUBKEY_L(31) = subL[30];     /* round 24 */
 531                SUBKEY_R(31) = subR[30];
 532                SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
 533                SUBKEY_R(32) = subR[32] ^ subR[31];
 534        }
 535}
 536
 537static void camellia_setup128(const unsigned char *key, u32 *subkey)
 538{
 539        u32 kll, klr, krl, krr;
 540        u32 il, ir, t0, t1, w0, w1;
 541        u32 subL[26];
 542        u32 subR[26];
 543
 544        /**
 545         *  k == kll || klr || krl || krr (|| is concatenation)
 546         */
 547        kll = get_unaligned_be32(key);
 548        klr = get_unaligned_be32(key + 4);
 549        krl = get_unaligned_be32(key + 8);
 550        krr = get_unaligned_be32(key + 12);
 551
 552        /* generate KL dependent subkeys */
 553        /* kw1 */
 554        subL[0] = kll; subR[0] = klr;
 555        /* kw2 */
 556        subL[1] = krl; subR[1] = krr;
 557        /* rotation left shift 15bit */
 558        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 559        /* k3 */
 560        subL[4] = kll; subR[4] = klr;
 561        /* k4 */
 562        subL[5] = krl; subR[5] = krr;
 563        /* rotation left shift 15+30bit */
 564        ROLDQ(kll, klr, krl, krr, w0, w1, 30);
 565        /* k7 */
 566        subL[10] = kll; subR[10] = klr;
 567        /* k8 */
 568        subL[11] = krl; subR[11] = krr;
 569        /* rotation left shift 15+30+15bit */
 570        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 571        /* k10 */
 572        subL[13] = krl; subR[13] = krr;
 573        /* rotation left shift 15+30+15+17 bit */
 574        ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 575        /* kl3 */
 576        subL[16] = kll; subR[16] = klr;
 577        /* kl4 */
 578        subL[17] = krl; subR[17] = krr;
 579        /* rotation left shift 15+30+15+17+17 bit */
 580        ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 581        /* k13 */
 582        subL[18] = kll; subR[18] = klr;
 583        /* k14 */
 584        subL[19] = krl; subR[19] = krr;
 585        /* rotation left shift 15+30+15+17+17+17 bit */
 586        ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 587        /* k17 */
 588        subL[22] = kll; subR[22] = klr;
 589        /* k18 */
 590        subL[23] = krl; subR[23] = krr;
 591
 592        /* generate KA */
 593        kll = subL[0]; klr = subR[0];
 594        krl = subL[1]; krr = subR[1];
 595        CAMELLIA_F(kll, klr,
 596                   CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
 597                   w0, w1, il, ir, t0, t1);
 598        krl ^= w0; krr ^= w1;
 599        CAMELLIA_F(krl, krr,
 600                   CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
 601                   kll, klr, il, ir, t0, t1);
 602        /* current status == (kll, klr, w0, w1) */
 603        CAMELLIA_F(kll, klr,
 604                   CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
 605                   krl, krr, il, ir, t0, t1);
 606        krl ^= w0; krr ^= w1;
 607        CAMELLIA_F(krl, krr,
 608                   CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
 609                   w0, w1, il, ir, t0, t1);
 610        kll ^= w0; klr ^= w1;
 611
 612        /* generate KA dependent subkeys */
 613        /* k1, k2 */
 614        subL[2] = kll; subR[2] = klr;
 615        subL[3] = krl; subR[3] = krr;
 616        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 617        /* k5,k6 */
 618        subL[6] = kll; subR[6] = klr;
 619        subL[7] = krl; subR[7] = krr;
 620        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 621        /* kl1, kl2 */
 622        subL[8] = kll; subR[8] = klr;
 623        subL[9] = krl; subR[9] = krr;
 624        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 625        /* k9 */
 626        subL[12] = kll; subR[12] = klr;
 627        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 628        /* k11, k12 */
 629        subL[14] = kll; subR[14] = klr;
 630        subL[15] = krl; subR[15] = krr;
 631        ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
 632        /* k15, k16 */
 633        subL[20] = kll; subR[20] = klr;
 634        subL[21] = krl; subR[21] = krr;
 635        ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 636        /* kw3, kw4 */
 637        subL[24] = kll; subR[24] = klr;
 638        subL[25] = krl; subR[25] = krr;
 639
 640        camellia_setup_tail(subkey, subL, subR, 24);
 641}
 642
 643static void camellia_setup256(const unsigned char *key, u32 *subkey)
 644{
 645        u32 kll, klr, krl, krr;        /* left half of key */
 646        u32 krll, krlr, krrl, krrr;    /* right half of key */
 647        u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
 648        u32 subL[34];
 649        u32 subR[34];
 650
 651        /**
 652         *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
 653         *  (|| is concatenation)
 654         */
 655        kll = get_unaligned_be32(key);
 656        klr = get_unaligned_be32(key + 4);
 657        krl = get_unaligned_be32(key + 8);
 658        krr = get_unaligned_be32(key + 12);
 659        krll = get_unaligned_be32(key + 16);
 660        krlr = get_unaligned_be32(key + 20);
 661        krrl = get_unaligned_be32(key + 24);
 662        krrr = get_unaligned_be32(key + 28);
 663
 664        /* generate KL dependent subkeys */
 665        /* kw1 */
 666        subL[0] = kll; subR[0] = klr;
 667        /* kw2 */
 668        subL[1] = krl; subR[1] = krr;
 669        ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
 670        /* k9 */
 671        subL[12] = kll; subR[12] = klr;
 672        /* k10 */
 673        subL[13] = krl; subR[13] = krr;
 674        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 675        /* kl3 */
 676        subL[16] = kll; subR[16] = klr;
 677        /* kl4 */
 678        subL[17] = krl; subR[17] = krr;
 679        ROLDQ(kll, klr, krl, krr, w0, w1, 17);
 680        /* k17 */
 681        subL[22] = kll; subR[22] = klr;
 682        /* k18 */
 683        subL[23] = krl; subR[23] = krr;
 684        ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
 685        /* k23 */
 686        subL[30] = kll; subR[30] = klr;
 687        /* k24 */
 688        subL[31] = krl; subR[31] = krr;
 689
 690        /* generate KR dependent subkeys */
 691        ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
 692        /* k3 */
 693        subL[4] = krll; subR[4] = krlr;
 694        /* k4 */
 695        subL[5] = krrl; subR[5] = krrr;
 696        ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
 697        /* kl1 */
 698        subL[8] = krll; subR[8] = krlr;
 699        /* kl2 */
 700        subL[9] = krrl; subR[9] = krrr;
 701        ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
 702        /* k13 */
 703        subL[18] = krll; subR[18] = krlr;
 704        /* k14 */
 705        subL[19] = krrl; subR[19] = krrr;
 706        ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
 707        /* k19 */
 708        subL[26] = krll; subR[26] = krlr;
 709        /* k20 */
 710        subL[27] = krrl; subR[27] = krrr;
 711        ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
 712
 713        /* generate KA */
 714        kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
 715        krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
 716        CAMELLIA_F(kll, klr,
 717                   CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
 718                   w0, w1, il, ir, t0, t1);
 719        krl ^= w0; krr ^= w1;
 720        CAMELLIA_F(krl, krr,
 721                   CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
 722                   kll, klr, il, ir, t0, t1);
 723        kll ^= krll; klr ^= krlr;
 724        CAMELLIA_F(kll, klr,
 725                   CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
 726                   krl, krr, il, ir, t0, t1);
 727        krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
 728        CAMELLIA_F(krl, krr,
 729                   CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
 730                   w0, w1, il, ir, t0, t1);
 731        kll ^= w0; klr ^= w1;
 732
 733        /* generate KB */
 734        krll ^= kll; krlr ^= klr;
 735        krrl ^= krl; krrr ^= krr;
 736        CAMELLIA_F(krll, krlr,
 737                   CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
 738                   w0, w1, il, ir, t0, t1);
 739        krrl ^= w0; krrr ^= w1;
 740        CAMELLIA_F(krrl, krrr,
 741                   CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
 742                   w0, w1, il, ir, t0, t1);
 743        krll ^= w0; krlr ^= w1;
 744
 745        /* generate KA dependent subkeys */
 746        ROLDQ(kll, klr, krl, krr, w0, w1, 15);
 747        /* k5 */
 748        subL[6] = kll; subR[6] = klr;
 749        /* k6 */
 750        subL[7] = krl; subR[7] = krr;
 751        ROLDQ(kll, klr, krl, krr, w0, w1, 30);
 752        /* k11 */
 753        subL[14] = kll; subR[14] = klr;
 754        /* k12 */
 755        subL[15] = krl; subR[15] = krr;
 756        /* rotation left shift 32bit */
 757        /* kl5 */
 758        subL[24] = klr; subR[24] = krl;
 759        /* kl6 */
 760        subL[25] = krr; subR[25] = kll;
 761        /* rotation left shift 49 from k11,k12 -> k21,k22 */
 762        ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
 763        /* k21 */
 764        subL[28] = kll; subR[28] = klr;
 765        /* k22 */
 766        subL[29] = krl; subR[29] = krr;
 767
 768        /* generate KB dependent subkeys */
 769        /* k1 */
 770        subL[2] = krll; subR[2] = krlr;
 771        /* k2 */
 772        subL[3] = krrl; subR[3] = krrr;
 773        ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
 774        /* k7 */
 775        subL[10] = krll; subR[10] = krlr;
 776        /* k8 */
 777        subL[11] = krrl; subR[11] = krrr;
 778        ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
 779        /* k15 */
 780        subL[20] = krll; subR[20] = krlr;
 781        /* k16 */
 782        subL[21] = krrl; subR[21] = krrr;
 783        ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
 784        /* kw3 */
 785        subL[32] = krll; subR[32] = krlr;
 786        /* kw4 */
 787        subL[33] = krrl; subR[33] = krrr;
 788
 789        camellia_setup_tail(subkey, subL, subR, 32);
 790}
 791
 792static void camellia_setup192(const unsigned char *key, u32 *subkey)
 793{
 794        unsigned char kk[32];
 795        u32 krll, krlr, krrl, krrr;
 796
 797        memcpy(kk, key, 24);
 798        memcpy((unsigned char *)&krll, key+16, 4);
 799        memcpy((unsigned char *)&krlr, key+20, 4);
 800        krrl = ~krll;
 801        krrr = ~krlr;
 802        memcpy(kk+24, (unsigned char *)&krrl, 4);
 803        memcpy(kk+28, (unsigned char *)&krrr, 4);
 804        camellia_setup256(kk, subkey);
 805}
 806
 807
 808/*
 809 * Encrypt/decrypt
 810 */
 811#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
 812        t0 = kll;                                                       \
 813        t2 = krr;                                                       \
 814        t0 &= ll;                                                       \
 815        t2 |= rr;                                                       \
 816        rl ^= t2;                                                       \
 817        lr ^= rol32(t0, 1);                                             \
 818        t3 = krl;                                                       \
 819        t1 = klr;                                                       \
 820        t3 &= rl;                                                       \
 821        t1 |= lr;                                                       \
 822        ll ^= t1;                                                       \
 823        rr ^= rol32(t3, 1);                                             \
 824})
 825
 826#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({             \
 827        yl ^= kl;                                                       \
 828        yr ^= kr;                                                       \
 829        ir =  camellia_sp1110[(u8)xr];                                  \
 830        il =  camellia_sp1110[(u8)(xl >> 24)];                          \
 831        ir ^= camellia_sp0222[(u8)(xr >> 24)];                          \
 832        il ^= camellia_sp0222[(u8)(xl >> 16)];                          \
 833        ir ^= camellia_sp3033[(u8)(xr >> 16)];                          \
 834        il ^= camellia_sp3033[(u8)(xl >> 8)];                           \
 835        ir ^= camellia_sp4404[(u8)(xr >> 8)];                           \
 836        il ^= camellia_sp4404[(u8)xl];                                  \
 837        ir ^= il;                                                       \
 838        yl ^= ir;                                                       \
 839        yr ^= ror32(il, 8) ^ ir;                                        \
 840})
 841
 842/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
 843static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
 844{
 845        u32 il, ir, t0, t1;            /* temporary variables */
 846
 847        /* pre whitening but absorb kw2 */
 848        io[0] ^= SUBKEY_L(0);
 849        io[1] ^= SUBKEY_R(0);
 850
 851        /* main iteration */
 852#define ROUNDS(i) ({ \
 853        CAMELLIA_ROUNDSM(io[0], io[1], \
 854                         SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
 855                         io[2], io[3], il, ir); \
 856        CAMELLIA_ROUNDSM(io[2], io[3], \
 857                         SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
 858                         io[0], io[1], il, ir); \
 859        CAMELLIA_ROUNDSM(io[0], io[1], \
 860                         SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
 861                         io[2], io[3], il, ir); \
 862        CAMELLIA_ROUNDSM(io[2], io[3], \
 863                         SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
 864                         io[0], io[1], il, ir); \
 865        CAMELLIA_ROUNDSM(io[0], io[1], \
 866                         SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
 867                         io[2], io[3], il, ir); \
 868        CAMELLIA_ROUNDSM(io[2], io[3], \
 869                         SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
 870                         io[0], io[1], il, ir); \
 871})
 872#define FLS(i) ({ \
 873        CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
 874                     SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
 875                     SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
 876                     t0, t1, il, ir); \
 877})
 878
 879        ROUNDS(0);
 880        FLS(8);
 881        ROUNDS(8);
 882        FLS(16);
 883        ROUNDS(16);
 884        if (max == 32) {
 885                FLS(24);
 886                ROUNDS(24);
 887        }
 888
 889#undef ROUNDS
 890#undef FLS
 891
 892        /* post whitening but kw4 */
 893        io[2] ^= SUBKEY_L(max);
 894        io[3] ^= SUBKEY_R(max);
 895        /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
 896}
 897
 898static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
 899{
 900        u32 il, ir, t0, t1;            /* temporary variables */
 901
 902        /* pre whitening but absorb kw2 */
 903        io[0] ^= SUBKEY_L(i);
 904        io[1] ^= SUBKEY_R(i);
 905
 906        /* main iteration */
 907#define ROUNDS(i) ({ \
 908        CAMELLIA_ROUNDSM(io[0], io[1], \
 909                         SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
 910                         io[2], io[3], il, ir); \
 911        CAMELLIA_ROUNDSM(io[2], io[3], \
 912                         SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
 913                         io[0], io[1], il, ir); \
 914        CAMELLIA_ROUNDSM(io[0], io[1], \
 915                         SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
 916                         io[2], io[3], il, ir); \
 917        CAMELLIA_ROUNDSM(io[2], io[3], \
 918                         SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
 919                         io[0], io[1], il, ir); \
 920        CAMELLIA_ROUNDSM(io[0], io[1], \
 921                         SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
 922                         io[2], io[3], il, ir); \
 923        CAMELLIA_ROUNDSM(io[2], io[3], \
 924                         SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
 925                         io[0], io[1], il, ir); \
 926})
 927#define FLS(i) ({ \
 928        CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
 929                     SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
 930                     SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
 931                     t0, t1, il, ir); \
 932})
 933
 934        if (i == 32) {
 935                ROUNDS(24);
 936                FLS(24);
 937        }
 938        ROUNDS(16);
 939        FLS(16);
 940        ROUNDS(8);
 941        FLS(8);
 942        ROUNDS(0);
 943
 944#undef ROUNDS
 945#undef FLS
 946
 947        /* post whitening but kw4 */
 948        io[2] ^= SUBKEY_L(0);
 949        io[3] ^= SUBKEY_R(0);
 950        /* NB: 0,1 should be swapped with 2,3 by caller! */
 951}
 952
 953
 954struct camellia_ctx {
 955        int key_length;
 956        u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
 957};
 958
 959static int
 960camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 961                 unsigned int key_len)
 962{
 963        struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
 964        const unsigned char *key = (const unsigned char *)in_key;
 965
 966        if (key_len != 16 && key_len != 24 && key_len != 32)
 967                return -EINVAL;
 968
 969        cctx->key_length = key_len;
 970
 971        switch (key_len) {
 972        case 16:
 973                camellia_setup128(key, cctx->key_table);
 974                break;
 975        case 24:
 976                camellia_setup192(key, cctx->key_table);
 977                break;
 978        case 32:
 979                camellia_setup256(key, cctx->key_table);
 980                break;
 981        }
 982
 983        return 0;
 984}
 985
 986static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 987{
 988        const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
 989        unsigned int max;
 990
 991        u32 tmp[4];
 992
 993        tmp[0] = get_unaligned_be32(in);
 994        tmp[1] = get_unaligned_be32(in + 4);
 995        tmp[2] = get_unaligned_be32(in + 8);
 996        tmp[3] = get_unaligned_be32(in + 12);
 997
 998        if (cctx->key_length == 16)
 999                max = 24;
1000        else
1001                max = 32; /* for key lengths of 24 and 32 */
1002
1003        camellia_do_encrypt(cctx->key_table, tmp, max);
1004
1005        /* do_encrypt returns 0,1 swapped with 2,3 */
1006        put_unaligned_be32(tmp[2], out);
1007        put_unaligned_be32(tmp[3], out + 4);
1008        put_unaligned_be32(tmp[0], out + 8);
1009        put_unaligned_be32(tmp[1], out + 12);
1010}
1011
1012static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1013{
1014        const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1015        unsigned int max;
1016
1017        u32 tmp[4];
1018
1019        tmp[0] = get_unaligned_be32(in);
1020        tmp[1] = get_unaligned_be32(in + 4);
1021        tmp[2] = get_unaligned_be32(in + 8);
1022        tmp[3] = get_unaligned_be32(in + 12);
1023
1024        if (cctx->key_length == 16)
1025                max = 24;
1026        else
1027                max = 32; /* for key lengths of 24 and 32 */
1028
1029        camellia_do_decrypt(cctx->key_table, tmp, max);
1030
1031        /* do_decrypt returns 0,1 swapped with 2,3 */
1032        put_unaligned_be32(tmp[2], out);
1033        put_unaligned_be32(tmp[3], out + 4);
1034        put_unaligned_be32(tmp[0], out + 8);
1035        put_unaligned_be32(tmp[1], out + 12);
1036}
1037
1038static struct crypto_alg camellia_alg = {
1039        .cra_name               =       "camellia",
1040        .cra_driver_name        =       "camellia-generic",
1041        .cra_priority           =       100,
1042        .cra_flags              =       CRYPTO_ALG_TYPE_CIPHER,
1043        .cra_blocksize          =       CAMELLIA_BLOCK_SIZE,
1044        .cra_ctxsize            =       sizeof(struct camellia_ctx),
1045        .cra_module             =       THIS_MODULE,
1046        .cra_u                  =       {
1047                .cipher = {
1048                        .cia_min_keysize        =       CAMELLIA_MIN_KEY_SIZE,
1049                        .cia_max_keysize        =       CAMELLIA_MAX_KEY_SIZE,
1050                        .cia_setkey             =       camellia_set_key,
1051                        .cia_encrypt            =       camellia_encrypt,
1052                        .cia_decrypt            =       camellia_decrypt
1053                }
1054        }
1055};
1056
1057static int __init camellia_init(void)
1058{
1059        return crypto_register_alg(&camellia_alg);
1060}
1061
1062static void __exit camellia_fini(void)
1063{
1064        crypto_unregister_alg(&camellia_alg);
1065}
1066
1067subsys_initcall(camellia_init);
1068module_exit(camellia_fini);
1069
1070MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1071MODULE_LICENSE("GPL");
1072MODULE_ALIAS_CRYPTO("camellia");
1073MODULE_ALIAS_CRYPTO("camellia-generic");
1074
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.