Version:  2.0.40 2.2.26 2.4.37 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10

Linux/crypto/camellia_generic.c

  1 /*
  2  * Copyright (C) 2006
  3  * NTT (Nippon Telegraph and Telephone Corporation).
  4  *
  5  * This program is free software; you can redistribute it and/or
  6  * modify it under the terms of the GNU General Public License
  7  * as published by the Free Software Foundation; either version 2
  8  * of the License, or (at your option) any later version.
  9  *
 10  * This program is distributed in the hope that it will be useful,
 11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13  * GNU General Public License for more details.
 14  *
 15  * You should have received a copy of the GNU General Public License
 16  * along with this program; if not, write to the Free Software
 17  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 18  */
 19 
 20 /*
 21  * Algorithm Specification
 22  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
 23  */
 24 
 25 /*
 26  *
 27  * NOTE --- NOTE --- NOTE --- NOTE
 28  * This implementation assumes that all memory addresses passed
 29  * as parameters are four-byte aligned.
 30  *
 31  */
 32 
 33 #include <linux/crypto.h>
 34 #include <linux/errno.h>
 35 #include <linux/init.h>
 36 #include <linux/kernel.h>
 37 #include <linux/module.h>
 38 #include <linux/bitops.h>
 39 #include <asm/unaligned.h>
 40 
 41 static const u32 camellia_sp1110[256] = {
 42         0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
 43         0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
 44         0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
 45         0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
 46         0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
 47         0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
 48         0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
 49         0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
 50         0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
 51         0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
 52         0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
 53         0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
 54         0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
 55         0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
 56         0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
 57         0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
 58         0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
 59         0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
 60         0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
 61         0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
 62         0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
 63         0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
 64         0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
 65         0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
 66         0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
 67         0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
 68         0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
 69         0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
 70         0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
 71         0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
 72         0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
 73         0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
 74         0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
 75         0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
 76         0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
 77         0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
 78         0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
 79         0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
 80         0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
 81         0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
 82         0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
 83         0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
 84         0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
 85         0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
 86         0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
 87         0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
 88         0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
 89         0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
 90         0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
 91         0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
 92         0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
 93         0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
 94         0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
 95         0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
 96         0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
 97         0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
 98         0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
 99         0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
100         0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
101         0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
102         0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
103         0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
104         0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
105         0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
106 };
107 
108 static const u32 camellia_sp0222[256] = {
109         0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
110         0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
111         0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
112         0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
113         0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
114         0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
115         0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
116         0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
117         0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
118         0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
119         0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
120         0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
121         0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
122         0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
123         0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
124         0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
125         0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
126         0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
127         0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
128         0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
129         0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
130         0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
131         0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
132         0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
133         0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
134         0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
135         0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
136         0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
137         0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
138         0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
139         0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
140         0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
141         0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
142         0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
143         0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
144         0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
145         0x00202020, 0x00898989, 0x00000000, 0x00909090,
146         0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
147         0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
148         0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
149         0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
150         0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
151         0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
152         0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
153         0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
154         0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
155         0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
156         0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
157         0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
158         0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
159         0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
160         0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
161         0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
162         0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
163         0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
164         0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
165         0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
166         0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
167         0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
168         0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
169         0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
170         0x00777777, 0x00939393, 0x00868686, 0x00838383,
171         0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
172         0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
173 };
174 
175 static const u32 camellia_sp3033[256] = {
176         0x38003838, 0x41004141, 0x16001616, 0x76007676,
177         0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
178         0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
179         0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
180         0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
181         0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
182         0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
183         0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
184         0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
185         0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
186         0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
187         0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
188         0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
189         0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
190         0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
191         0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
192         0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
193         0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
194         0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
195         0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
196         0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
197         0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
198         0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
199         0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
200         0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
201         0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
202         0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
203         0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
204         0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
205         0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
206         0x12001212, 0x04000404, 0x74007474, 0x54005454,
207         0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
208         0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
209         0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
210         0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
211         0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
212         0x08000808, 0x62006262, 0x00000000, 0x24002424,
213         0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
214         0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
215         0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
216         0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
217         0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
218         0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
219         0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
220         0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
221         0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
222         0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
223         0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
224         0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
225         0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
226         0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
227         0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
228         0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
229         0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
230         0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
231         0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
232         0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
233         0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
234         0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
235         0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
236         0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
237         0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
238         0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
239         0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
240 };
241 
242 static const u32 camellia_sp4404[256] = {
243         0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
244         0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
245         0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
246         0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
247         0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
248         0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
249         0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
250         0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
251         0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
252         0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
253         0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
254         0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
255         0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
256         0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
257         0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
258         0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
259         0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
260         0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
261         0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
262         0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
263         0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
264         0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
265         0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
266         0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
267         0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
268         0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
269         0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
270         0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
271         0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
272         0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
273         0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
274         0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
275         0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
276         0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
277         0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
278         0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
279         0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
280         0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
281         0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
282         0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
283         0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
284         0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
285         0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
286         0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
287         0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
288         0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
289         0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
290         0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
291         0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
292         0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
293         0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
294         0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
295         0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
296         0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
297         0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
298         0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
299         0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
300         0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
301         0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
302         0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
303         0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
304         0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
305         0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
306         0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
307 };
308 
309 
310 #define CAMELLIA_MIN_KEY_SIZE        16
311 #define CAMELLIA_MAX_KEY_SIZE        32
312 #define CAMELLIA_BLOCK_SIZE          16
313 #define CAMELLIA_TABLE_BYTE_LEN     272
314 
315 /*
316  * NB: L and R below stand for 'left' and 'right' as in written numbers.
317  * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
318  * _not_ least significant ones!
319  */
320 
321 
322 /* key constants */
323 
324 #define CAMELLIA_SIGMA1L (0xA09E667FL)
325 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
326 #define CAMELLIA_SIGMA2L (0xB67AE858L)
327 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
328 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
329 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
330 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
331 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
332 #define CAMELLIA_SIGMA5L (0x10E527FAL)
333 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
334 #define CAMELLIA_SIGMA6L (0xB05688C2L)
335 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
336 
337 /*
338  *  macros
339  */
340 #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({          \
341         w0 = ll;                                        \
342         ll = (ll << bits) + (lr >> (32 - bits));        \
343         lr = (lr << bits) + (rl >> (32 - bits));        \
344         rl = (rl << bits) + (rr >> (32 - bits));        \
345         rr = (rr << bits) + (w0 >> (32 - bits));        \
346 })
347 
348 #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({       \
349         w0 = ll;                                        \
350         w1 = lr;                                        \
351         ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
352         lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
353         rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
354         rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
355 })
356 
357 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({   \
358         il = xl ^ kl;                                           \
359         ir = xr ^ kr;                                           \
360         t0 = il >> 16;                                          \
361         t1 = ir >> 16;                                          \
362         yl = camellia_sp1110[(u8)(ir)]                          \
363            ^ camellia_sp0222[(u8)(t1 >> 8)]                     \
364            ^ camellia_sp3033[(u8)(t1)]                          \
365            ^ camellia_sp4404[(u8)(ir >> 8)];                    \
366         yr = camellia_sp1110[(u8)(t0 >> 8)]                     \
367            ^ camellia_sp0222[(u8)(t0)]                          \
368            ^ camellia_sp3033[(u8)(il >> 8)]                     \
369            ^ camellia_sp4404[(u8)(il)];                         \
370         yl ^= yr;                                               \
371         yr = ror32(yr, 8);                                      \
372         yr ^= yl;                                               \
373 })
374 
375 #define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
376 #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
377 
378 static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
379 {
380         u32 dw, tl, tr;
381         u32 kw4l, kw4r;
382 
383         /* absorb kw2 to other subkeys */
384         /* round 2 */
385         subL[3] ^= subL[1]; subR[3] ^= subR[1];
386         /* round 4 */
387         subL[5] ^= subL[1]; subR[5] ^= subR[1];
388         /* round 6 */
389         subL[7] ^= subL[1]; subR[7] ^= subR[1];
390         subL[1] ^= subR[1] & ~subR[9];
391         dw = subL[1] & subL[9];
392         subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
393         /* round 8 */
394         subL[11] ^= subL[1]; subR[11] ^= subR[1];
395         /* round 10 */
396         subL[13] ^= subL[1]; subR[13] ^= subR[1];
397         /* round 12 */
398         subL[15] ^= subL[1]; subR[15] ^= subR[1];
399         subL[1] ^= subR[1] & ~subR[17];
400         dw = subL[1] & subL[17];
401         subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
402         /* round 14 */
403         subL[19] ^= subL[1]; subR[19] ^= subR[1];
404         /* round 16 */
405         subL[21] ^= subL[1]; subR[21] ^= subR[1];
406         /* round 18 */
407         subL[23] ^= subL[1]; subR[23] ^= subR[1];
408         if (max == 24) {
409                 /* kw3 */
410                 subL[24] ^= subL[1]; subR[24] ^= subR[1];
411 
412         /* absorb kw4 to other subkeys */
413                 kw4l = subL[25]; kw4r = subR[25];
414         } else {
415                 subL[1] ^= subR[1] & ~subR[25];
416                 dw = subL[1] & subL[25];
417                 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
418                 /* round 20 */
419                 subL[27] ^= subL[1]; subR[27] ^= subR[1];
420                 /* round 22 */
421                 subL[29] ^= subL[1]; subR[29] ^= subR[1];
422                 /* round 24 */
423                 subL[31] ^= subL[1]; subR[31] ^= subR[1];
424                 /* kw3 */
425                 subL[32] ^= subL[1]; subR[32] ^= subR[1];
426 
427         /* absorb kw4 to other subkeys */
428                 kw4l = subL[33]; kw4r = subR[33];
429                 /* round 23 */
430                 subL[30] ^= kw4l; subR[30] ^= kw4r;
431                 /* round 21 */
432                 subL[28] ^= kw4l; subR[28] ^= kw4r;
433                 /* round 19 */
434                 subL[26] ^= kw4l; subR[26] ^= kw4r;
435                 kw4l ^= kw4r & ~subR[24];
436                 dw = kw4l & subL[24];
437                 kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
438         }
439         /* round 17 */
440         subL[22] ^= kw4l; subR[22] ^= kw4r;
441         /* round 15 */
442         subL[20] ^= kw4l; subR[20] ^= kw4r;
443         /* round 13 */
444         subL[18] ^= kw4l; subR[18] ^= kw4r;
445         kw4l ^= kw4r & ~subR[16];
446         dw = kw4l & subL[16];
447         kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
448         /* round 11 */
449         subL[14] ^= kw4l; subR[14] ^= kw4r;
450         /* round 9 */
451         subL[12] ^= kw4l; subR[12] ^= kw4r;
452         /* round 7 */
453         subL[10] ^= kw4l; subR[10] ^= kw4r;
454         kw4l ^= kw4r & ~subR[8];
455         dw = kw4l & subL[8];
456         kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
457         /* round 5 */
458         subL[6] ^= kw4l; subR[6] ^= kw4r;
459         /* round 3 */
460         subL[4] ^= kw4l; subR[4] ^= kw4r;
461         /* round 1 */
462         subL[2] ^= kw4l; subR[2] ^= kw4r;
463         /* kw1 */
464         subL[0] ^= kw4l; subR[0] ^= kw4r;
465 
466         /* key XOR is end of F-function */
467         SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
468         SUBKEY_R(0) = subR[0] ^ subR[2];
469         SUBKEY_L(2) = subL[3];       /* round 1 */
470         SUBKEY_R(2) = subR[3];
471         SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
472         SUBKEY_R(3) = subR[2] ^ subR[4];
473         SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
474         SUBKEY_R(4) = subR[3] ^ subR[5];
475         SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
476         SUBKEY_R(5) = subR[4] ^ subR[6];
477         SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
478         SUBKEY_R(6) = subR[5] ^ subR[7];
479         tl = subL[10] ^ (subR[10] & ~subR[8]);
480         dw = tl & subL[8];  /* FL(kl1) */
481         tr = subR[10] ^ rol32(dw, 1);
482         SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
483         SUBKEY_R(7) = subR[6] ^ tr;
484         SUBKEY_L(8) = subL[8];       /* FL(kl1) */
485         SUBKEY_R(8) = subR[8];
486         SUBKEY_L(9) = subL[9];       /* FLinv(kl2) */
487         SUBKEY_R(9) = subR[9];
488         tl = subL[7] ^ (subR[7] & ~subR[9]);
489         dw = tl & subL[9];  /* FLinv(kl2) */
490         tr = subR[7] ^ rol32(dw, 1);
491         SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
492         SUBKEY_R(10) = tr ^ subR[11];
493         SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
494         SUBKEY_R(11) = subR[10] ^ subR[12];
495         SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
496         SUBKEY_R(12) = subR[11] ^ subR[13];
497         SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
498         SUBKEY_R(13) = subR[12] ^ subR[14];
499         SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
500         SUBKEY_R(14) = subR[13] ^ subR[15];
501         tl = subL[18] ^ (subR[18] & ~subR[16]);
502         dw = tl & subL[16]; /* FL(kl3) */
503         tr = subR[18] ^ rol32(dw, 1);
504         SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
505         SUBKEY_R(15) = subR[14] ^ tr;
506         SUBKEY_L(16) = subL[16];     /* FL(kl3) */
507         SUBKEY_R(16) = subR[16];
508         SUBKEY_L(17) = subL[17];     /* FLinv(kl4) */
509         SUBKEY_R(17) = subR[17];
510         tl = subL[15] ^ (subR[15] & ~subR[17]);
511         dw = tl & subL[17]; /* FLinv(kl4) */
512         tr = subR[15] ^ rol32(dw, 1);
513         SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
514         SUBKEY_R(18) = tr ^ subR[19];
515         SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
516         SUBKEY_R(19) = subR[18] ^ subR[20];
517         SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
518         SUBKEY_R(20) = subR[19] ^ subR[21];
519         SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
520         SUBKEY_R(21) = subR[20] ^ subR[22];
521         SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
522         SUBKEY_R(22) = subR[21] ^ subR[23];
523         if (max == 24) {
524                 SUBKEY_L(23) = subL[22];     /* round 18 */
525                 SUBKEY_R(23) = subR[22];
526                 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
527                 SUBKEY_R(24) = subR[24] ^ subR[23];
528         } else {
529                 tl = subL[26] ^ (subR[26] & ~subR[24]);
530                 dw = tl & subL[24]; /* FL(kl5) */
531                 tr = subR[26] ^ rol32(dw, 1);
532                 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
533                 SUBKEY_R(23) = subR[22] ^ tr;
534                 SUBKEY_L(24) = subL[24];     /* FL(kl5) */
535                 SUBKEY_R(24) = subR[24];
536                 SUBKEY_L(25) = subL[25];     /* FLinv(kl6) */
537                 SUBKEY_R(25) = subR[25];
538                 tl = subL[23] ^ (subR[23] & ~subR[25]);
539                 dw = tl & subL[25]; /* FLinv(kl6) */
540                 tr = subR[23] ^ rol32(dw, 1);
541                 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
542                 SUBKEY_R(26) = tr ^ subR[27];
543                 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
544                 SUBKEY_R(27) = subR[26] ^ subR[28];
545                 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
546                 SUBKEY_R(28) = subR[27] ^ subR[29];
547                 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
548                 SUBKEY_R(29) = subR[28] ^ subR[30];
549                 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
550                 SUBKEY_R(30) = subR[29] ^ subR[31];
551                 SUBKEY_L(31) = subL[30];     /* round 24 */
552                 SUBKEY_R(31) = subR[30];
553                 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
554                 SUBKEY_R(32) = subR[32] ^ subR[31];
555         }
556 }
557 
558 static void camellia_setup128(const unsigned char *key, u32 *subkey)
559 {
560         u32 kll, klr, krl, krr;
561         u32 il, ir, t0, t1, w0, w1;
562         u32 subL[26];
563         u32 subR[26];
564 
565         /**
566          *  k == kll || klr || krl || krr (|| is concatenation)
567          */
568         kll = get_unaligned_be32(key);
569         klr = get_unaligned_be32(key + 4);
570         krl = get_unaligned_be32(key + 8);
571         krr = get_unaligned_be32(key + 12);
572 
573         /* generate KL dependent subkeys */
574         /* kw1 */
575         subL[0] = kll; subR[0] = klr;
576         /* kw2 */
577         subL[1] = krl; subR[1] = krr;
578         /* rotation left shift 15bit */
579         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
580         /* k3 */
581         subL[4] = kll; subR[4] = klr;
582         /* k4 */
583         subL[5] = krl; subR[5] = krr;
584         /* rotation left shift 15+30bit */
585         ROLDQ(kll, klr, krl, krr, w0, w1, 30);
586         /* k7 */
587         subL[10] = kll; subR[10] = klr;
588         /* k8 */
589         subL[11] = krl; subR[11] = krr;
590         /* rotation left shift 15+30+15bit */
591         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
592         /* k10 */
593         subL[13] = krl; subR[13] = krr;
594         /* rotation left shift 15+30+15+17 bit */
595         ROLDQ(kll, klr, krl, krr, w0, w1, 17);
596         /* kl3 */
597         subL[16] = kll; subR[16] = klr;
598         /* kl4 */
599         subL[17] = krl; subR[17] = krr;
600         /* rotation left shift 15+30+15+17+17 bit */
601         ROLDQ(kll, klr, krl, krr, w0, w1, 17);
602         /* k13 */
603         subL[18] = kll; subR[18] = klr;
604         /* k14 */
605         subL[19] = krl; subR[19] = krr;
606         /* rotation left shift 15+30+15+17+17+17 bit */
607         ROLDQ(kll, klr, krl, krr, w0, w1, 17);
608         /* k17 */
609         subL[22] = kll; subR[22] = klr;
610         /* k18 */
611         subL[23] = krl; subR[23] = krr;
612 
613         /* generate KA */
614         kll = subL[0]; klr = subR[0];
615         krl = subL[1]; krr = subR[1];
616         CAMELLIA_F(kll, klr,
617                    CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
618                    w0, w1, il, ir, t0, t1);
619         krl ^= w0; krr ^= w1;
620         CAMELLIA_F(krl, krr,
621                    CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
622                    kll, klr, il, ir, t0, t1);
623         /* current status == (kll, klr, w0, w1) */
624         CAMELLIA_F(kll, klr,
625                    CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
626                    krl, krr, il, ir, t0, t1);
627         krl ^= w0; krr ^= w1;
628         CAMELLIA_F(krl, krr,
629                    CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
630                    w0, w1, il, ir, t0, t1);
631         kll ^= w0; klr ^= w1;
632 
633         /* generate KA dependent subkeys */
634         /* k1, k2 */
635         subL[2] = kll; subR[2] = klr;
636         subL[3] = krl; subR[3] = krr;
637         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
638         /* k5,k6 */
639         subL[6] = kll; subR[6] = klr;
640         subL[7] = krl; subR[7] = krr;
641         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
642         /* kl1, kl2 */
643         subL[8] = kll; subR[8] = klr;
644         subL[9] = krl; subR[9] = krr;
645         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
646         /* k9 */
647         subL[12] = kll; subR[12] = klr;
648         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
649         /* k11, k12 */
650         subL[14] = kll; subR[14] = klr;
651         subL[15] = krl; subR[15] = krr;
652         ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
653         /* k15, k16 */
654         subL[20] = kll; subR[20] = klr;
655         subL[21] = krl; subR[21] = krr;
656         ROLDQ(kll, klr, krl, krr, w0, w1, 17);
657         /* kw3, kw4 */
658         subL[24] = kll; subR[24] = klr;
659         subL[25] = krl; subR[25] = krr;
660 
661         camellia_setup_tail(subkey, subL, subR, 24);
662 }
663 
664 static void camellia_setup256(const unsigned char *key, u32 *subkey)
665 {
666         u32 kll, klr, krl, krr;        /* left half of key */
667         u32 krll, krlr, krrl, krrr;    /* right half of key */
668         u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
669         u32 subL[34];
670         u32 subR[34];
671 
672         /**
673          *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
674          *  (|| is concatenation)
675          */
676         kll = get_unaligned_be32(key);
677         klr = get_unaligned_be32(key + 4);
678         krl = get_unaligned_be32(key + 8);
679         krr = get_unaligned_be32(key + 12);
680         krll = get_unaligned_be32(key + 16);
681         krlr = get_unaligned_be32(key + 20);
682         krrl = get_unaligned_be32(key + 24);
683         krrr = get_unaligned_be32(key + 28);
684 
685         /* generate KL dependent subkeys */
686         /* kw1 */
687         subL[0] = kll; subR[0] = klr;
688         /* kw2 */
689         subL[1] = krl; subR[1] = krr;
690         ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
691         /* k9 */
692         subL[12] = kll; subR[12] = klr;
693         /* k10 */
694         subL[13] = krl; subR[13] = krr;
695         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
696         /* kl3 */
697         subL[16] = kll; subR[16] = klr;
698         /* kl4 */
699         subL[17] = krl; subR[17] = krr;
700         ROLDQ(kll, klr, krl, krr, w0, w1, 17);
701         /* k17 */
702         subL[22] = kll; subR[22] = klr;
703         /* k18 */
704         subL[23] = krl; subR[23] = krr;
705         ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
706         /* k23 */
707         subL[30] = kll; subR[30] = klr;
708         /* k24 */
709         subL[31] = krl; subR[31] = krr;
710 
711         /* generate KR dependent subkeys */
712         ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
713         /* k3 */
714         subL[4] = krll; subR[4] = krlr;
715         /* k4 */
716         subL[5] = krrl; subR[5] = krrr;
717         ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
718         /* kl1 */
719         subL[8] = krll; subR[8] = krlr;
720         /* kl2 */
721         subL[9] = krrl; subR[9] = krrr;
722         ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
723         /* k13 */
724         subL[18] = krll; subR[18] = krlr;
725         /* k14 */
726         subL[19] = krrl; subR[19] = krrr;
727         ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
728         /* k19 */
729         subL[26] = krll; subR[26] = krlr;
730         /* k20 */
731         subL[27] = krrl; subR[27] = krrr;
732         ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
733 
734         /* generate KA */
735         kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
736         krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
737         CAMELLIA_F(kll, klr,
738                    CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
739                    w0, w1, il, ir, t0, t1);
740         krl ^= w0; krr ^= w1;
741         CAMELLIA_F(krl, krr,
742                    CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
743                    kll, klr, il, ir, t0, t1);
744         kll ^= krll; klr ^= krlr;
745         CAMELLIA_F(kll, klr,
746                    CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
747                    krl, krr, il, ir, t0, t1);
748         krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
749         CAMELLIA_F(krl, krr,
750                    CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
751                    w0, w1, il, ir, t0, t1);
752         kll ^= w0; klr ^= w1;
753 
754         /* generate KB */
755         krll ^= kll; krlr ^= klr;
756         krrl ^= krl; krrr ^= krr;
757         CAMELLIA_F(krll, krlr,
758                    CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
759                    w0, w1, il, ir, t0, t1);
760         krrl ^= w0; krrr ^= w1;
761         CAMELLIA_F(krrl, krrr,
762                    CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
763                    w0, w1, il, ir, t0, t1);
764         krll ^= w0; krlr ^= w1;
765 
766         /* generate KA dependent subkeys */
767         ROLDQ(kll, klr, krl, krr, w0, w1, 15);
768         /* k5 */
769         subL[6] = kll; subR[6] = klr;
770         /* k6 */
771         subL[7] = krl; subR[7] = krr;
772         ROLDQ(kll, klr, krl, krr, w0, w1, 30);
773         /* k11 */
774         subL[14] = kll; subR[14] = klr;
775         /* k12 */
776         subL[15] = krl; subR[15] = krr;
777         /* rotation left shift 32bit */
778         /* kl5 */
779         subL[24] = klr; subR[24] = krl;
780         /* kl6 */
781         subL[25] = krr; subR[25] = kll;
782         /* rotation left shift 49 from k11,k12 -> k21,k22 */
783         ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
784         /* k21 */
785         subL[28] = kll; subR[28] = klr;
786         /* k22 */
787         subL[29] = krl; subR[29] = krr;
788 
789         /* generate KB dependent subkeys */
790         /* k1 */
791         subL[2] = krll; subR[2] = krlr;
792         /* k2 */
793         subL[3] = krrl; subR[3] = krrr;
794         ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
795         /* k7 */
796         subL[10] = krll; subR[10] = krlr;
797         /* k8 */
798         subL[11] = krrl; subR[11] = krrr;
799         ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
800         /* k15 */
801         subL[20] = krll; subR[20] = krlr;
802         /* k16 */
803         subL[21] = krrl; subR[21] = krrr;
804         ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
805         /* kw3 */
806         subL[32] = krll; subR[32] = krlr;
807         /* kw4 */
808         subL[33] = krrl; subR[33] = krrr;
809 
810         camellia_setup_tail(subkey, subL, subR, 32);
811 }
812 
813 static void camellia_setup192(const unsigned char *key, u32 *subkey)
814 {
815         unsigned char kk[32];
816         u32 krll, krlr, krrl, krrr;
817 
818         memcpy(kk, key, 24);
819         memcpy((unsigned char *)&krll, key+16, 4);
820         memcpy((unsigned char *)&krlr, key+20, 4);
821         krrl = ~krll;
822         krrr = ~krlr;
823         memcpy(kk+24, (unsigned char *)&krrl, 4);
824         memcpy(kk+28, (unsigned char *)&krrr, 4);
825         camellia_setup256(kk, subkey);
826 }
827 
828 
829 /*
830  * Encrypt/decrypt
831  */
832 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
833         t0 = kll;                                                       \
834         t2 = krr;                                                       \
835         t0 &= ll;                                                       \
836         t2 |= rr;                                                       \
837         rl ^= t2;                                                       \
838         lr ^= rol32(t0, 1);                                             \
839         t3 = krl;                                                       \
840         t1 = klr;                                                       \
841         t3 &= rl;                                                       \
842         t1 |= lr;                                                       \
843         ll ^= t1;                                                       \
844         rr ^= rol32(t3, 1);                                             \
845 })
846 
847 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({             \
848         yl ^= kl;                                                       \
849         yr ^= kr;                                                       \
850         ir =  camellia_sp1110[(u8)xr];                                  \
851         il =  camellia_sp1110[(u8)(xl >> 24)];                          \
852         ir ^= camellia_sp0222[(u8)(xr >> 24)];                          \
853         il ^= camellia_sp0222[(u8)(xl >> 16)];                          \
854         ir ^= camellia_sp3033[(u8)(xr >> 16)];                          \
855         il ^= camellia_sp3033[(u8)(xl >> 8)];                           \
856         ir ^= camellia_sp4404[(u8)(xr >> 8)];                           \
857         il ^= camellia_sp4404[(u8)xl];                                  \
858         ir ^= il;                                                       \
859         yl ^= ir;                                                       \
860         yr ^= ror32(il, 8) ^ ir;                                        \
861 })
862 
863 /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
864 static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
865 {
866         u32 il, ir, t0, t1;            /* temporary variables */
867 
868         /* pre whitening but absorb kw2 */
869         io[0] ^= SUBKEY_L(0);
870         io[1] ^= SUBKEY_R(0);
871 
872         /* main iteration */
873 #define ROUNDS(i) ({ \
874         CAMELLIA_ROUNDSM(io[0], io[1], \
875                          SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
876                          io[2], io[3], il, ir); \
877         CAMELLIA_ROUNDSM(io[2], io[3], \
878                          SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
879                          io[0], io[1], il, ir); \
880         CAMELLIA_ROUNDSM(io[0], io[1], \
881                          SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
882                          io[2], io[3], il, ir); \
883         CAMELLIA_ROUNDSM(io[2], io[3], \
884                          SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
885                          io[0], io[1], il, ir); \
886         CAMELLIA_ROUNDSM(io[0], io[1], \
887                          SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
888                          io[2], io[3], il, ir); \
889         CAMELLIA_ROUNDSM(io[2], io[3], \
890                          SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
891                          io[0], io[1], il, ir); \
892 })
893 #define FLS(i) ({ \
894         CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
895                      SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
896                      SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
897                      t0, t1, il, ir); \
898 })
899 
900         ROUNDS(0);
901         FLS(8);
902         ROUNDS(8);
903         FLS(16);
904         ROUNDS(16);
905         if (max == 32) {
906                 FLS(24);
907                 ROUNDS(24);
908         }
909 
910 #undef ROUNDS
911 #undef FLS
912 
913         /* post whitening but kw4 */
914         io[2] ^= SUBKEY_L(max);
915         io[3] ^= SUBKEY_R(max);
916         /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
917 }
918 
919 static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
920 {
921         u32 il, ir, t0, t1;            /* temporary variables */
922 
923         /* pre whitening but absorb kw2 */
924         io[0] ^= SUBKEY_L(i);
925         io[1] ^= SUBKEY_R(i);
926 
927         /* main iteration */
928 #define ROUNDS(i) ({ \
929         CAMELLIA_ROUNDSM(io[0], io[1], \
930                          SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
931                          io[2], io[3], il, ir); \
932         CAMELLIA_ROUNDSM(io[2], io[3], \
933                          SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
934                          io[0], io[1], il, ir); \
935         CAMELLIA_ROUNDSM(io[0], io[1], \
936                          SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
937                          io[2], io[3], il, ir); \
938         CAMELLIA_ROUNDSM(io[2], io[3], \
939                          SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
940                          io[0], io[1], il, ir); \
941         CAMELLIA_ROUNDSM(io[0], io[1], \
942                          SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
943                          io[2], io[3], il, ir); \
944         CAMELLIA_ROUNDSM(io[2], io[3], \
945                          SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
946                          io[0], io[1], il, ir); \
947 })
948 #define FLS(i) ({ \
949         CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
950                      SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
951                      SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
952                      t0, t1, il, ir); \
953 })
954 
955         if (i == 32) {
956                 ROUNDS(24);
957                 FLS(24);
958         }
959         ROUNDS(16);
960         FLS(16);
961         ROUNDS(8);
962         FLS(8);
963         ROUNDS(0);
964 
965 #undef ROUNDS
966 #undef FLS
967 
968         /* post whitening but kw4 */
969         io[2] ^= SUBKEY_L(0);
970         io[3] ^= SUBKEY_R(0);
971         /* NB: 0,1 should be swapped with 2,3 by caller! */
972 }
973 
974 
975 struct camellia_ctx {
976         int key_length;
977         u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
978 };
979 
980 static int
981 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
982                  unsigned int key_len)
983 {
984         struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
985         const unsigned char *key = (const unsigned char *)in_key;
986         u32 *flags = &tfm->crt_flags;
987 
988         if (key_len != 16 && key_len != 24 && key_len != 32) {
989                 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
990                 return -EINVAL;
991         }
992 
993         cctx->key_length = key_len;
994 
995         switch (key_len) {
996         case 16:
997                 camellia_setup128(key, cctx->key_table);
998                 break;
999         case 24:
1000                 camellia_setup192(key, cctx->key_table);
1001                 break;
1002         case 32:
1003                 camellia_setup256(key, cctx->key_table);
1004                 break;
1005         }
1006 
1007         return 0;
1008 }
1009 
1010 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1011 {
1012         const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1013         const __be32 *src = (const __be32 *)in;
1014         __be32 *dst = (__be32 *)out;
1015         unsigned int max;
1016 
1017         u32 tmp[4];
1018 
1019         tmp[0] = be32_to_cpu(src[0]);
1020         tmp[1] = be32_to_cpu(src[1]);
1021         tmp[2] = be32_to_cpu(src[2]);
1022         tmp[3] = be32_to_cpu(src[3]);
1023 
1024         if (cctx->key_length == 16)
1025                 max = 24;
1026         else
1027                 max = 32; /* for key lengths of 24 and 32 */
1028 
1029         camellia_do_encrypt(cctx->key_table, tmp, max);
1030 
1031         /* do_encrypt returns 0,1 swapped with 2,3 */
1032         dst[0] = cpu_to_be32(tmp[2]);
1033         dst[1] = cpu_to_be32(tmp[3]);
1034         dst[2] = cpu_to_be32(tmp[0]);
1035         dst[3] = cpu_to_be32(tmp[1]);
1036 }
1037 
1038 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1039 {
1040         const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1041         const __be32 *src = (const __be32 *)in;
1042         __be32 *dst = (__be32 *)out;
1043         unsigned int max;
1044 
1045         u32 tmp[4];
1046 
1047         tmp[0] = be32_to_cpu(src[0]);
1048         tmp[1] = be32_to_cpu(src[1]);
1049         tmp[2] = be32_to_cpu(src[2]);
1050         tmp[3] = be32_to_cpu(src[3]);
1051 
1052         if (cctx->key_length == 16)
1053                 max = 24;
1054         else
1055                 max = 32; /* for key lengths of 24 and 32 */
1056 
1057         camellia_do_decrypt(cctx->key_table, tmp, max);
1058 
1059         /* do_decrypt returns 0,1 swapped with 2,3 */
1060         dst[0] = cpu_to_be32(tmp[2]);
1061         dst[1] = cpu_to_be32(tmp[3]);
1062         dst[2] = cpu_to_be32(tmp[0]);
1063         dst[3] = cpu_to_be32(tmp[1]);
1064 }
1065 
1066 static struct crypto_alg camellia_alg = {
1067         .cra_name               =       "camellia",
1068         .cra_driver_name        =       "camellia-generic",
1069         .cra_priority           =       100,
1070         .cra_flags              =       CRYPTO_ALG_TYPE_CIPHER,
1071         .cra_blocksize          =       CAMELLIA_BLOCK_SIZE,
1072         .cra_ctxsize            =       sizeof(struct camellia_ctx),
1073         .cra_alignmask          =       3,
1074         .cra_module             =       THIS_MODULE,
1075         .cra_u                  =       {
1076                 .cipher = {
1077                         .cia_min_keysize        =       CAMELLIA_MIN_KEY_SIZE,
1078                         .cia_max_keysize        =       CAMELLIA_MAX_KEY_SIZE,
1079                         .cia_setkey             =       camellia_set_key,
1080                         .cia_encrypt            =       camellia_encrypt,
1081                         .cia_decrypt            =       camellia_decrypt
1082                 }
1083         }
1084 };
1085 
1086 static int __init camellia_init(void)
1087 {
1088         return crypto_register_alg(&camellia_alg);
1089 }
1090 
1091 static void __exit camellia_fini(void)
1092 {
1093         crypto_unregister_alg(&camellia_alg);
1094 }
1095 
1096 module_init(camellia_init);
1097 module_exit(camellia_fini);
1098 
1099 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1100 MODULE_LICENSE("GPL");
1101 MODULE_ALIAS_CRYPTO("camellia");
1102 MODULE_ALIAS_CRYPTO("camellia-generic");
1103 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us