Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
camellia_generic.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2006
3  * NTT (Nippon Telegraph and Telephone Corporation).
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18  */
19 
20 /*
21  * Algorithm Specification
22  * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23  */
24 
25 /*
26  *
27  * NOTE --- NOTE --- NOTE --- NOTE
28  * This implementation assumes that all memory addresses passed
29  * as parameters are four-byte aligned.
30  *
31  */
32 
33 #include <linux/crypto.h>
34 #include <linux/errno.h>
35 #include <linux/init.h>
36 #include <linux/kernel.h>
37 #include <linux/module.h>
38 #include <linux/bitops.h>
39 #include <asm/unaligned.h>
40 
41 static const u32 camellia_sp1110[256] = {
42  0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
43  0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
44  0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
45  0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
46  0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
47  0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
48  0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
49  0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
50  0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
51  0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
52  0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
53  0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
54  0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
55  0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
56  0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
57  0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
58  0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
59  0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
60  0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
61  0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
62  0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
63  0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
64  0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
65  0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
66  0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
67  0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
68  0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
69  0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
70  0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
71  0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
72  0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
73  0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
74  0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
75  0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
76  0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
77  0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
78  0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
79  0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
80  0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
81  0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
82  0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
83  0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
84  0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
85  0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
86  0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
87  0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
88  0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
89  0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
90  0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
91  0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
92  0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
93  0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
94  0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
95  0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
96  0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
97  0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
98  0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
99  0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
100  0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
101  0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
102  0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
103  0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
104  0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
105  0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
106 };
107 
108 static const u32 camellia_sp0222[256] = {
109  0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
110  0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
111  0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
112  0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
113  0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
114  0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
115  0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
116  0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
117  0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
118  0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
119  0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
120  0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
121  0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
122  0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
123  0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
124  0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
125  0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
126  0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
127  0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
128  0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
129  0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
130  0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
131  0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
132  0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
133  0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
134  0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
135  0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
136  0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
137  0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
138  0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
139  0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
140  0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
141  0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
142  0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
143  0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
144  0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
145  0x00202020, 0x00898989, 0x00000000, 0x00909090,
146  0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
147  0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
148  0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
149  0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
150  0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
151  0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
152  0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
153  0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
154  0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
155  0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
156  0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
157  0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
158  0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
159  0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
160  0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
161  0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
162  0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
163  0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
164  0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
165  0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
166  0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
167  0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
168  0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
169  0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
170  0x00777777, 0x00939393, 0x00868686, 0x00838383,
171  0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
172  0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
173 };
174 
175 static const u32 camellia_sp3033[256] = {
176  0x38003838, 0x41004141, 0x16001616, 0x76007676,
177  0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
178  0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
179  0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
180  0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
181  0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
182  0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
183  0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
184  0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
185  0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
186  0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
187  0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
188  0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
189  0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
190  0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
191  0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
192  0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
193  0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
194  0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
195  0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
196  0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
197  0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
198  0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
199  0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
200  0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
201  0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
202  0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
203  0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
204  0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
205  0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
206  0x12001212, 0x04000404, 0x74007474, 0x54005454,
207  0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
208  0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
209  0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
210  0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
211  0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
212  0x08000808, 0x62006262, 0x00000000, 0x24002424,
213  0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
214  0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
215  0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
216  0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
217  0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
218  0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
219  0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
220  0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
221  0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
222  0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
223  0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
224  0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
225  0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
226  0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
227  0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
228  0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
229  0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
230  0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
231  0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
232  0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
233  0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
234  0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
235  0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
236  0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
237  0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
238  0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
239  0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
240 };
241 
242 static const u32 camellia_sp4404[256] = {
243  0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
244  0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
245  0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
246  0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
247  0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
248  0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
249  0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
250  0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
251  0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
252  0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
253  0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
254  0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
255  0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
256  0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
257  0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
258  0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
259  0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
260  0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
261  0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
262  0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
263  0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
264  0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
265  0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
266  0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
267  0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
268  0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
269  0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
270  0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
271  0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
272  0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
273  0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
274  0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
275  0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
276  0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
277  0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
278  0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
279  0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
280  0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
281  0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
282  0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
283  0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
284  0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
285  0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
286  0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
287  0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
288  0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
289  0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
290  0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
291  0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
292  0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
293  0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
294  0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
295  0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
296  0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
297  0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
298  0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
299  0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
300  0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
301  0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
302  0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
303  0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
304  0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
305  0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
306  0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
307 };
308 
309 
310 #define CAMELLIA_MIN_KEY_SIZE 16
311 #define CAMELLIA_MAX_KEY_SIZE 32
312 #define CAMELLIA_BLOCK_SIZE 16
313 #define CAMELLIA_TABLE_BYTE_LEN 272
314 
315 /*
316  * NB: L and R below stand for 'left' and 'right' as in written numbers.
317  * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
318  * _not_ least significant ones!
319  */
320 
321 
322 /* key constants */
323 
324 #define CAMELLIA_SIGMA1L (0xA09E667FL)
325 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
326 #define CAMELLIA_SIGMA2L (0xB67AE858L)
327 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
328 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
329 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
330 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
331 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
332 #define CAMELLIA_SIGMA5L (0x10E527FAL)
333 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
334 #define CAMELLIA_SIGMA6L (0xB05688C2L)
335 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
336 
337 /*
338  * macros
339  */
340 #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \
341  w0 = ll; \
342  ll = (ll << bits) + (lr >> (32 - bits)); \
343  lr = (lr << bits) + (rl >> (32 - bits)); \
344  rl = (rl << bits) + (rr >> (32 - bits)); \
345  rr = (rr << bits) + (w0 >> (32 - bits)); \
346 })
347 
348 #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \
349  w0 = ll; \
350  w1 = lr; \
351  ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
352  lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
353  rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
354  rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
355 })
356 
357 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \
358  il = xl ^ kl; \
359  ir = xr ^ kr; \
360  t0 = il >> 16; \
361  t1 = ir >> 16; \
362  yl = camellia_sp1110[(u8)(ir)] \
363  ^ camellia_sp0222[(u8)(t1 >> 8)] \
364  ^ camellia_sp3033[(u8)(t1)] \
365  ^ camellia_sp4404[(u8)(ir >> 8)]; \
366  yr = camellia_sp1110[(u8)(t0 >> 8)] \
367  ^ camellia_sp0222[(u8)(t0)] \
368  ^ camellia_sp3033[(u8)(il >> 8)] \
369  ^ camellia_sp4404[(u8)(il)]; \
370  yl ^= yr; \
371  yr = ror32(yr, 8); \
372  yr ^= yl; \
373 })
374 
375 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
376 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
377 
378 static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
379 {
380  u32 dw, tl, tr;
381  u32 kw4l, kw4r;
382 
383  /* absorb kw2 to other subkeys */
384  /* round 2 */
385  subL[3] ^= subL[1]; subR[3] ^= subR[1];
386  /* round 4 */
387  subL[5] ^= subL[1]; subR[5] ^= subR[1];
388  /* round 6 */
389  subL[7] ^= subL[1]; subR[7] ^= subR[1];
390  subL[1] ^= subR[1] & ~subR[9];
391  dw = subL[1] & subL[9],
392  subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
393  /* round 8 */
394  subL[11] ^= subL[1]; subR[11] ^= subR[1];
395  /* round 10 */
396  subL[13] ^= subL[1]; subR[13] ^= subR[1];
397  /* round 12 */
398  subL[15] ^= subL[1]; subR[15] ^= subR[1];
399  subL[1] ^= subR[1] & ~subR[17];
400  dw = subL[1] & subL[17],
401  subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
402  /* round 14 */
403  subL[19] ^= subL[1]; subR[19] ^= subR[1];
404  /* round 16 */
405  subL[21] ^= subL[1]; subR[21] ^= subR[1];
406  /* round 18 */
407  subL[23] ^= subL[1]; subR[23] ^= subR[1];
408  if (max == 24) {
409  /* kw3 */
410  subL[24] ^= subL[1]; subR[24] ^= subR[1];
411 
412  /* absorb kw4 to other subkeys */
413  kw4l = subL[25]; kw4r = subR[25];
414  } else {
415  subL[1] ^= subR[1] & ~subR[25];
416  dw = subL[1] & subL[25],
417  subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
418  /* round 20 */
419  subL[27] ^= subL[1]; subR[27] ^= subR[1];
420  /* round 22 */
421  subL[29] ^= subL[1]; subR[29] ^= subR[1];
422  /* round 24 */
423  subL[31] ^= subL[1]; subR[31] ^= subR[1];
424  /* kw3 */
425  subL[32] ^= subL[1]; subR[32] ^= subR[1];
426 
427  /* absorb kw4 to other subkeys */
428  kw4l = subL[33]; kw4r = subR[33];
429  /* round 23 */
430  subL[30] ^= kw4l; subR[30] ^= kw4r;
431  /* round 21 */
432  subL[28] ^= kw4l; subR[28] ^= kw4r;
433  /* round 19 */
434  subL[26] ^= kw4l; subR[26] ^= kw4r;
435  kw4l ^= kw4r & ~subR[24];
436  dw = kw4l & subL[24],
437  kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
438  }
439  /* round 17 */
440  subL[22] ^= kw4l; subR[22] ^= kw4r;
441  /* round 15 */
442  subL[20] ^= kw4l; subR[20] ^= kw4r;
443  /* round 13 */
444  subL[18] ^= kw4l; subR[18] ^= kw4r;
445  kw4l ^= kw4r & ~subR[16];
446  dw = kw4l & subL[16],
447  kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
448  /* round 11 */
449  subL[14] ^= kw4l; subR[14] ^= kw4r;
450  /* round 9 */
451  subL[12] ^= kw4l; subR[12] ^= kw4r;
452  /* round 7 */
453  subL[10] ^= kw4l; subR[10] ^= kw4r;
454  kw4l ^= kw4r & ~subR[8];
455  dw = kw4l & subL[8],
456  kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
457  /* round 5 */
458  subL[6] ^= kw4l; subR[6] ^= kw4r;
459  /* round 3 */
460  subL[4] ^= kw4l; subR[4] ^= kw4r;
461  /* round 1 */
462  subL[2] ^= kw4l; subR[2] ^= kw4r;
463  /* kw1 */
464  subL[0] ^= kw4l; subR[0] ^= kw4r;
465 
466  /* key XOR is end of F-function */
467  SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
468  SUBKEY_R(0) = subR[0] ^ subR[2];
469  SUBKEY_L(2) = subL[3]; /* round 1 */
470  SUBKEY_R(2) = subR[3];
471  SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
472  SUBKEY_R(3) = subR[2] ^ subR[4];
473  SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
474  SUBKEY_R(4) = subR[3] ^ subR[5];
475  SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
476  SUBKEY_R(5) = subR[4] ^ subR[6];
477  SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
478  SUBKEY_R(6) = subR[5] ^ subR[7];
479  tl = subL[10] ^ (subR[10] & ~subR[8]);
480  dw = tl & subL[8], /* FL(kl1) */
481  tr = subR[10] ^ rol32(dw, 1);
482  SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
483  SUBKEY_R(7) = subR[6] ^ tr;
484  SUBKEY_L(8) = subL[8]; /* FL(kl1) */
485  SUBKEY_R(8) = subR[8];
486  SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
487  SUBKEY_R(9) = subR[9];
488  tl = subL[7] ^ (subR[7] & ~subR[9]);
489  dw = tl & subL[9], /* FLinv(kl2) */
490  tr = subR[7] ^ rol32(dw, 1);
491  SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
492  SUBKEY_R(10) = tr ^ subR[11];
493  SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
494  SUBKEY_R(11) = subR[10] ^ subR[12];
495  SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
496  SUBKEY_R(12) = subR[11] ^ subR[13];
497  SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
498  SUBKEY_R(13) = subR[12] ^ subR[14];
499  SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
500  SUBKEY_R(14) = subR[13] ^ subR[15];
501  tl = subL[18] ^ (subR[18] & ~subR[16]);
502  dw = tl & subL[16], /* FL(kl3) */
503  tr = subR[18] ^ rol32(dw, 1);
504  SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
505  SUBKEY_R(15) = subR[14] ^ tr;
506  SUBKEY_L(16) = subL[16]; /* FL(kl3) */
507  SUBKEY_R(16) = subR[16];
508  SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
509  SUBKEY_R(17) = subR[17];
510  tl = subL[15] ^ (subR[15] & ~subR[17]);
511  dw = tl & subL[17], /* FLinv(kl4) */
512  tr = subR[15] ^ rol32(dw, 1);
513  SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
514  SUBKEY_R(18) = tr ^ subR[19];
515  SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
516  SUBKEY_R(19) = subR[18] ^ subR[20];
517  SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
518  SUBKEY_R(20) = subR[19] ^ subR[21];
519  SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
520  SUBKEY_R(21) = subR[20] ^ subR[22];
521  SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
522  SUBKEY_R(22) = subR[21] ^ subR[23];
523  if (max == 24) {
524  SUBKEY_L(23) = subL[22]; /* round 18 */
525  SUBKEY_R(23) = subR[22];
526  SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
527  SUBKEY_R(24) = subR[24] ^ subR[23];
528  } else {
529  tl = subL[26] ^ (subR[26] & ~subR[24]);
530  dw = tl & subL[24], /* FL(kl5) */
531  tr = subR[26] ^ rol32(dw, 1);
532  SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
533  SUBKEY_R(23) = subR[22] ^ tr;
534  SUBKEY_L(24) = subL[24]; /* FL(kl5) */
535  SUBKEY_R(24) = subR[24];
536  SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
537  SUBKEY_R(25) = subR[25];
538  tl = subL[23] ^ (subR[23] & ~subR[25]);
539  dw = tl & subL[25], /* FLinv(kl6) */
540  tr = subR[23] ^ rol32(dw, 1);
541  SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
542  SUBKEY_R(26) = tr ^ subR[27];
543  SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
544  SUBKEY_R(27) = subR[26] ^ subR[28];
545  SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
546  SUBKEY_R(28) = subR[27] ^ subR[29];
547  SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
548  SUBKEY_R(29) = subR[28] ^ subR[30];
549  SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
550  SUBKEY_R(30) = subR[29] ^ subR[31];
551  SUBKEY_L(31) = subL[30]; /* round 24 */
552  SUBKEY_R(31) = subR[30];
553  SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
554  SUBKEY_R(32) = subR[32] ^ subR[31];
555  }
556 }
557 
558 static void camellia_setup128(const unsigned char *key, u32 *subkey)
559 {
560  u32 kll, klr, krl, krr;
561  u32 il, ir, t0, t1, w0, w1;
562  u32 subL[26];
563  u32 subR[26];
564 
568  kll = get_unaligned_be32(key);
569  klr = get_unaligned_be32(key + 4);
570  krl = get_unaligned_be32(key + 8);
571  krr = get_unaligned_be32(key + 12);
572 
573  /* generate KL dependent subkeys */
574  /* kw1 */
575  subL[0] = kll; subR[0] = klr;
576  /* kw2 */
577  subL[1] = krl; subR[1] = krr;
578  /* rotation left shift 15bit */
579  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
580  /* k3 */
581  subL[4] = kll; subR[4] = klr;
582  /* k4 */
583  subL[5] = krl; subR[5] = krr;
584  /* rotation left shift 15+30bit */
585  ROLDQ(kll, klr, krl, krr, w0, w1, 30);
586  /* k7 */
587  subL[10] = kll; subR[10] = klr;
588  /* k8 */
589  subL[11] = krl; subR[11] = krr;
590  /* rotation left shift 15+30+15bit */
591  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
592  /* k10 */
593  subL[13] = krl; subR[13] = krr;
594  /* rotation left shift 15+30+15+17 bit */
595  ROLDQ(kll, klr, krl, krr, w0, w1, 17);
596  /* kl3 */
597  subL[16] = kll; subR[16] = klr;
598  /* kl4 */
599  subL[17] = krl; subR[17] = krr;
600  /* rotation left shift 15+30+15+17+17 bit */
601  ROLDQ(kll, klr, krl, krr, w0, w1, 17);
602  /* k13 */
603  subL[18] = kll; subR[18] = klr;
604  /* k14 */
605  subL[19] = krl; subR[19] = krr;
606  /* rotation left shift 15+30+15+17+17+17 bit */
607  ROLDQ(kll, klr, krl, krr, w0, w1, 17);
608  /* k17 */
609  subL[22] = kll; subR[22] = klr;
610  /* k18 */
611  subL[23] = krl; subR[23] = krr;
612 
613  /* generate KA */
614  kll = subL[0]; klr = subR[0];
615  krl = subL[1]; krr = subR[1];
616  CAMELLIA_F(kll, klr,
617  CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
618  w0, w1, il, ir, t0, t1);
619  krl ^= w0; krr ^= w1;
620  CAMELLIA_F(krl, krr,
621  CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
622  kll, klr, il, ir, t0, t1);
623  /* current status == (kll, klr, w0, w1) */
624  CAMELLIA_F(kll, klr,
625  CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
626  krl, krr, il, ir, t0, t1);
627  krl ^= w0; krr ^= w1;
628  CAMELLIA_F(krl, krr,
629  CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
630  w0, w1, il, ir, t0, t1);
631  kll ^= w0; klr ^= w1;
632 
633  /* generate KA dependent subkeys */
634  /* k1, k2 */
635  subL[2] = kll; subR[2] = klr;
636  subL[3] = krl; subR[3] = krr;
637  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
638  /* k5,k6 */
639  subL[6] = kll; subR[6] = klr;
640  subL[7] = krl; subR[7] = krr;
641  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
642  /* kl1, kl2 */
643  subL[8] = kll; subR[8] = klr;
644  subL[9] = krl; subR[9] = krr;
645  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
646  /* k9 */
647  subL[12] = kll; subR[12] = klr;
648  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
649  /* k11, k12 */
650  subL[14] = kll; subR[14] = klr;
651  subL[15] = krl; subR[15] = krr;
652  ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
653  /* k15, k16 */
654  subL[20] = kll; subR[20] = klr;
655  subL[21] = krl; subR[21] = krr;
656  ROLDQ(kll, klr, krl, krr, w0, w1, 17);
657  /* kw3, kw4 */
658  subL[24] = kll; subR[24] = klr;
659  subL[25] = krl; subR[25] = krr;
660 
661  camellia_setup_tail(subkey, subL, subR, 24);
662 }
663 
664 static void camellia_setup256(const unsigned char *key, u32 *subkey)
665 {
666  u32 kll, klr, krl, krr; /* left half of key */
667  u32 krll, krlr, krrl, krrr; /* right half of key */
668  u32 il, ir, t0, t1, w0, w1; /* temporary variables */
669  u32 subL[34];
670  u32 subR[34];
671 
676  kll = get_unaligned_be32(key);
677  klr = get_unaligned_be32(key + 4);
678  krl = get_unaligned_be32(key + 8);
679  krr = get_unaligned_be32(key + 12);
680  krll = get_unaligned_be32(key + 16);
681  krlr = get_unaligned_be32(key + 20);
682  krrl = get_unaligned_be32(key + 24);
683  krrr = get_unaligned_be32(key + 28);
684 
685  /* generate KL dependent subkeys */
686  /* kw1 */
687  subL[0] = kll; subR[0] = klr;
688  /* kw2 */
689  subL[1] = krl; subR[1] = krr;
690  ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
691  /* k9 */
692  subL[12] = kll; subR[12] = klr;
693  /* k10 */
694  subL[13] = krl; subR[13] = krr;
695  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
696  /* kl3 */
697  subL[16] = kll; subR[16] = klr;
698  /* kl4 */
699  subL[17] = krl; subR[17] = krr;
700  ROLDQ(kll, klr, krl, krr, w0, w1, 17);
701  /* k17 */
702  subL[22] = kll; subR[22] = klr;
703  /* k18 */
704  subL[23] = krl; subR[23] = krr;
705  ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
706  /* k23 */
707  subL[30] = kll; subR[30] = klr;
708  /* k24 */
709  subL[31] = krl; subR[31] = krr;
710 
711  /* generate KR dependent subkeys */
712  ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
713  /* k3 */
714  subL[4] = krll; subR[4] = krlr;
715  /* k4 */
716  subL[5] = krrl; subR[5] = krrr;
717  ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
718  /* kl1 */
719  subL[8] = krll; subR[8] = krlr;
720  /* kl2 */
721  subL[9] = krrl; subR[9] = krrr;
722  ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
723  /* k13 */
724  subL[18] = krll; subR[18] = krlr;
725  /* k14 */
726  subL[19] = krrl; subR[19] = krrr;
727  ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
728  /* k19 */
729  subL[26] = krll; subR[26] = krlr;
730  /* k20 */
731  subL[27] = krrl; subR[27] = krrr;
732  ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
733 
734  /* generate KA */
735  kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
736  krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
737  CAMELLIA_F(kll, klr,
738  CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
739  w0, w1, il, ir, t0, t1);
740  krl ^= w0; krr ^= w1;
741  CAMELLIA_F(krl, krr,
742  CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
743  kll, klr, il, ir, t0, t1);
744  kll ^= krll; klr ^= krlr;
745  CAMELLIA_F(kll, klr,
746  CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
747  krl, krr, il, ir, t0, t1);
748  krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
749  CAMELLIA_F(krl, krr,
750  CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
751  w0, w1, il, ir, t0, t1);
752  kll ^= w0; klr ^= w1;
753 
754  /* generate KB */
755  krll ^= kll; krlr ^= klr;
756  krrl ^= krl; krrr ^= krr;
757  CAMELLIA_F(krll, krlr,
758  CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
759  w0, w1, il, ir, t0, t1);
760  krrl ^= w0; krrr ^= w1;
761  CAMELLIA_F(krrl, krrr,
762  CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
763  w0, w1, il, ir, t0, t1);
764  krll ^= w0; krlr ^= w1;
765 
766  /* generate KA dependent subkeys */
767  ROLDQ(kll, klr, krl, krr, w0, w1, 15);
768  /* k5 */
769  subL[6] = kll; subR[6] = klr;
770  /* k6 */
771  subL[7] = krl; subR[7] = krr;
772  ROLDQ(kll, klr, krl, krr, w0, w1, 30);
773  /* k11 */
774  subL[14] = kll; subR[14] = klr;
775  /* k12 */
776  subL[15] = krl; subR[15] = krr;
777  /* rotation left shift 32bit */
778  /* kl5 */
779  subL[24] = klr; subR[24] = krl;
780  /* kl6 */
781  subL[25] = krr; subR[25] = kll;
782  /* rotation left shift 49 from k11,k12 -> k21,k22 */
783  ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
784  /* k21 */
785  subL[28] = kll; subR[28] = klr;
786  /* k22 */
787  subL[29] = krl; subR[29] = krr;
788 
789  /* generate KB dependent subkeys */
790  /* k1 */
791  subL[2] = krll; subR[2] = krlr;
792  /* k2 */
793  subL[3] = krrl; subR[3] = krrr;
794  ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
795  /* k7 */
796  subL[10] = krll; subR[10] = krlr;
797  /* k8 */
798  subL[11] = krrl; subR[11] = krrr;
799  ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
800  /* k15 */
801  subL[20] = krll; subR[20] = krlr;
802  /* k16 */
803  subL[21] = krrl; subR[21] = krrr;
804  ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
805  /* kw3 */
806  subL[32] = krll; subR[32] = krlr;
807  /* kw4 */
808  subL[33] = krrl; subR[33] = krrr;
809 
810  camellia_setup_tail(subkey, subL, subR, 32);
811 }
812 
813 static void camellia_setup192(const unsigned char *key, u32 *subkey)
814 {
815  unsigned char kk[32];
816  u32 krll, krlr, krrl, krrr;
817 
818  memcpy(kk, key, 24);
819  memcpy((unsigned char *)&krll, key+16, 4);
820  memcpy((unsigned char *)&krlr, key+20, 4);
821  krrl = ~krll;
822  krrr = ~krlr;
823  memcpy(kk+24, (unsigned char *)&krrl, 4);
824  memcpy(kk+28, (unsigned char *)&krrr, 4);
825  camellia_setup256(kk, subkey);
826 }
827 
828 
829 /*
830  * Encrypt/decrypt
831  */
832 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
833  t0 = kll; \
834  t2 = krr; \
835  t0 &= ll; \
836  t2 |= rr; \
837  rl ^= t2; \
838  lr ^= rol32(t0, 1); \
839  t3 = krl; \
840  t1 = klr; \
841  t3 &= rl; \
842  t1 |= lr; \
843  ll ^= t1; \
844  rr ^= rol32(t3, 1); \
845 })
846 
847 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \
848  yl ^= kl; \
849  yr ^= kr; \
850  ir = camellia_sp1110[(u8)xr]; \
851  il = camellia_sp1110[(u8)(xl >> 24)]; \
852  ir ^= camellia_sp0222[(u8)(xr >> 24)]; \
853  il ^= camellia_sp0222[(u8)(xl >> 16)]; \
854  ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
855  il ^= camellia_sp3033[(u8)(xl >> 8)]; \
856  ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
857  il ^= camellia_sp4404[(u8)xl]; \
858  ir ^= il; \
859  yl ^= ir; \
860  yr ^= ror32(il, 8) ^ ir; \
861 })
862 
863 /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
864 static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
865 {
866  u32 il, ir, t0, t1; /* temporary variables */
867 
868  /* pre whitening but absorb kw2 */
869  io[0] ^= SUBKEY_L(0);
870  io[1] ^= SUBKEY_R(0);
871 
872  /* main iteration */
873 #define ROUNDS(i) ({ \
874  CAMELLIA_ROUNDSM(io[0], io[1], \
875  SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
876  io[2], io[3], il, ir); \
877  CAMELLIA_ROUNDSM(io[2], io[3], \
878  SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
879  io[0], io[1], il, ir); \
880  CAMELLIA_ROUNDSM(io[0], io[1], \
881  SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
882  io[2], io[3], il, ir); \
883  CAMELLIA_ROUNDSM(io[2], io[3], \
884  SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
885  io[0], io[1], il, ir); \
886  CAMELLIA_ROUNDSM(io[0], io[1], \
887  SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
888  io[2], io[3], il, ir); \
889  CAMELLIA_ROUNDSM(io[2], io[3], \
890  SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
891  io[0], io[1], il, ir); \
892 })
893 #define FLS(i) ({ \
894  CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
895  SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
896  SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
897  t0, t1, il, ir); \
898 })
899 
900  ROUNDS(0);
901  FLS(8);
902  ROUNDS(8);
903  FLS(16);
904  ROUNDS(16);
905  if (max == 32) {
906  FLS(24);
907  ROUNDS(24);
908  }
909 
910 #undef ROUNDS
911 #undef FLS
912 
913  /* post whitening but kw4 */
914  io[2] ^= SUBKEY_L(max);
915  io[3] ^= SUBKEY_R(max);
916  /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
917 }
918 
919 static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
920 {
921  u32 il, ir, t0, t1; /* temporary variables */
922 
923  /* pre whitening but absorb kw2 */
924  io[0] ^= SUBKEY_L(i);
925  io[1] ^= SUBKEY_R(i);
926 
927  /* main iteration */
928 #define ROUNDS(i) ({ \
929  CAMELLIA_ROUNDSM(io[0], io[1], \
930  SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
931  io[2], io[3], il, ir); \
932  CAMELLIA_ROUNDSM(io[2], io[3], \
933  SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
934  io[0], io[1], il, ir); \
935  CAMELLIA_ROUNDSM(io[0], io[1], \
936  SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
937  io[2], io[3], il, ir); \
938  CAMELLIA_ROUNDSM(io[2], io[3], \
939  SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
940  io[0], io[1], il, ir); \
941  CAMELLIA_ROUNDSM(io[0], io[1], \
942  SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
943  io[2], io[3], il, ir); \
944  CAMELLIA_ROUNDSM(io[2], io[3], \
945  SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
946  io[0], io[1], il, ir); \
947 })
948 #define FLS(i) ({ \
949  CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
950  SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
951  SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
952  t0, t1, il, ir); \
953 })
954 
955  if (i == 32) {
956  ROUNDS(24);
957  FLS(24);
958  }
959  ROUNDS(16);
960  FLS(16);
961  ROUNDS(8);
962  FLS(8);
963  ROUNDS(0);
964 
965 #undef ROUNDS
966 #undef FLS
967 
968  /* post whitening but kw4 */
969  io[2] ^= SUBKEY_L(0);
970  io[3] ^= SUBKEY_R(0);
971  /* NB: 0,1 should be swapped with 2,3 by caller! */
972 }
973 
974 
975 struct camellia_ctx {
976  int key_length;
977  u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
978 };
979 
980 static int
981 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
982  unsigned int key_len)
983 {
984  struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
985  const unsigned char *key = (const unsigned char *)in_key;
986  u32 *flags = &tfm->crt_flags;
987 
988  if (key_len != 16 && key_len != 24 && key_len != 32) {
989  *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
990  return -EINVAL;
991  }
992 
993  cctx->key_length = key_len;
994 
995  switch (key_len) {
996  case 16:
997  camellia_setup128(key, cctx->key_table);
998  break;
999  case 24:
1000  camellia_setup192(key, cctx->key_table);
1001  break;
1002  case 32:
1003  camellia_setup256(key, cctx->key_table);
1004  break;
1005  }
1006 
1007  return 0;
1008 }
1009 
1010 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1011 {
1012  const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1013  const __be32 *src = (const __be32 *)in;
1014  __be32 *dst = (__be32 *)out;
1015  unsigned int max;
1016 
1017  u32 tmp[4];
1018 
1019  tmp[0] = be32_to_cpu(src[0]);
1020  tmp[1] = be32_to_cpu(src[1]);
1021  tmp[2] = be32_to_cpu(src[2]);
1022  tmp[3] = be32_to_cpu(src[3]);
1023 
1024  if (cctx->key_length == 16)
1025  max = 24;
1026  else
1027  max = 32; /* for key lengths of 24 and 32 */
1028 
1029  camellia_do_encrypt(cctx->key_table, tmp, max);
1030 
1031  /* do_encrypt returns 0,1 swapped with 2,3 */
1032  dst[0] = cpu_to_be32(tmp[2]);
1033  dst[1] = cpu_to_be32(tmp[3]);
1034  dst[2] = cpu_to_be32(tmp[0]);
1035  dst[3] = cpu_to_be32(tmp[1]);
1036 }
1037 
1038 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1039 {
1040  const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1041  const __be32 *src = (const __be32 *)in;
1042  __be32 *dst = (__be32 *)out;
1043  unsigned int max;
1044 
1045  u32 tmp[4];
1046 
1047  tmp[0] = be32_to_cpu(src[0]);
1048  tmp[1] = be32_to_cpu(src[1]);
1049  tmp[2] = be32_to_cpu(src[2]);
1050  tmp[3] = be32_to_cpu(src[3]);
1051 
1052  if (cctx->key_length == 16)
1053  max = 24;
1054  else
1055  max = 32; /* for key lengths of 24 and 32 */
1056 
1057  camellia_do_decrypt(cctx->key_table, tmp, max);
1058 
1059  /* do_decrypt returns 0,1 swapped with 2,3 */
1060  dst[0] = cpu_to_be32(tmp[2]);
1061  dst[1] = cpu_to_be32(tmp[3]);
1062  dst[2] = cpu_to_be32(tmp[0]);
1063  dst[3] = cpu_to_be32(tmp[1]);
1064 }
1065 
1066 static struct crypto_alg camellia_alg = {
1067  .cra_name = "camellia",
1068  .cra_driver_name = "camellia-generic",
1069  .cra_priority = 100,
1070  .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1071  .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1072  .cra_ctxsize = sizeof(struct camellia_ctx),
1073  .cra_alignmask = 3,
1074  .cra_module = THIS_MODULE,
1075  .cra_u = {
1076  .cipher = {
1077  .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1078  .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1079  .cia_setkey = camellia_set_key,
1080  .cia_encrypt = camellia_encrypt,
1081  .cia_decrypt = camellia_decrypt
1082  }
1083  }
1084 };
1085 
1086 static int __init camellia_init(void)
1087 {
1088  return crypto_register_alg(&camellia_alg);
1089 }
1090 
1091 static void __exit camellia_fini(void)
1092 {
1093  crypto_unregister_alg(&camellia_alg);
1094 }
1095 
1096 module_init(camellia_init);
1097 module_exit(camellia_fini);
1098 
1099 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1100 MODULE_LICENSE("GPL");
1101 MODULE_ALIAS("camellia");
Generated on Thu Jan 10 2013 13:22:56 for Linux Kernel by   doxygen 1.8.2