blob: 0b9f409f73705bedc097412cec6043475658639b [file] [log] [blame]
Thomas Gleixner1ccea772019-05-19 15:51:43 +02001// SPDX-License-Identifier: GPL-2.0-or-later
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11002/*
3 * Copyright (C) 2006
4 * NTT (Nippon Telegraph and Telephone Corporation).
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11005 */
6
7/*
8 * Algorithm Specification
Alexander A. Klimov9332a9e2020-07-19 18:49:59 +02009 * https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110010 */
11
12/*
13 *
14 * NOTE --- NOTE --- NOTE --- NOTE
15 * This implementation assumes that all memory addresses passed
16 * as parameters are four-byte aligned.
17 *
18 */
19
20#include <linux/crypto.h>
21#include <linux/errno.h>
22#include <linux/init.h>
23#include <linux/kernel.h>
24#include <linux/module.h>
Harvey Harrison32bd78e2008-10-12 20:40:12 +080025#include <linux/bitops.h>
26#include <asm/unaligned.h>
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110027
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110028static const u32 camellia_sp1110[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +080029 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
30 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
31 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
32 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
33 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
34 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
35 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
36 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
37 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
38 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
39 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
40 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
41 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
42 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
43 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
44 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
45 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
46 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
47 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
48 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
49 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
50 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
51 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
52 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
53 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
54 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
55 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
56 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
57 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
58 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
59 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
60 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
61 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
62 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
63 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
64 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
65 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
66 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
67 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
68 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
69 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
70 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
71 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
72 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
73 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
74 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
75 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
76 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
77 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
78 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
79 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
80 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
81 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
82 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
83 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
84 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
85 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
86 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
87 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
88 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
89 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
90 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
91 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
92 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110093};
94
95static const u32 camellia_sp0222[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +080096 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
97 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
98 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
99 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
100 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
101 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
102 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
103 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
104 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
105 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
106 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
107 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
108 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
109 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
110 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
111 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
112 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
113 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
114 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
115 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
116 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
117 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
118 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
119 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
120 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
121 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
122 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
123 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
124 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
125 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
126 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
127 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
128 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
129 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
130 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
131 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
132 0x00202020, 0x00898989, 0x00000000, 0x00909090,
133 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
134 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
135 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
136 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
137 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
138 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
139 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
140 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
141 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
142 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
143 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
144 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
145 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
146 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
147 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
148 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
149 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
150 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
151 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
152 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
153 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
154 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
155 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
156 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
157 0x00777777, 0x00939393, 0x00868686, 0x00838383,
158 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
159 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100160};
161
162static const u32 camellia_sp3033[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +0800163 0x38003838, 0x41004141, 0x16001616, 0x76007676,
164 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
165 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
166 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
167 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
168 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
169 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
170 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
171 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
172 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
173 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
174 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
175 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
176 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
177 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
178 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
179 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
180 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
181 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
182 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
183 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
184 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
185 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
186 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
187 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
188 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
189 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
190 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
191 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
192 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
193 0x12001212, 0x04000404, 0x74007474, 0x54005454,
194 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
195 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
196 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
197 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
198 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
199 0x08000808, 0x62006262, 0x00000000, 0x24002424,
200 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
201 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
202 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
203 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
204 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
205 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
206 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
207 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
208 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
209 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
210 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
211 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
212 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
213 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
214 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
215 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
216 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
217 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
218 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
219 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
220 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
221 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
222 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
223 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
224 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
225 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
226 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100227};
228
229static const u32 camellia_sp4404[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +0800230 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
231 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
232 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
233 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
234 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
235 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
236 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
237 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
238 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
239 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
240 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
241 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
242 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
243 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
244 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
245 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
246 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
247 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
248 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
249 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
250 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
251 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
252 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
253 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
254 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
255 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
256 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
257 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
258 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
259 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
260 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
261 0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
262 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
263 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
264 0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
265 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
266 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
267 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
268 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
269 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
270 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
271 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
272 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
273 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
274 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
275 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
276 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
277 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
278 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
279 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
280 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
281 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
282 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
283 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
284 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
285 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
286 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
287 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
288 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
289 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
290 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
291 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
292 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
293 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100294};
295
296
Denys Vlasenko1721a812007-11-06 22:01:20 +0800297#define CAMELLIA_MIN_KEY_SIZE 16
298#define CAMELLIA_MAX_KEY_SIZE 32
299#define CAMELLIA_BLOCK_SIZE 16
300#define CAMELLIA_TABLE_BYTE_LEN 272
301
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800302/*
303 * NB: L and R below stand for 'left' and 'right' as in written numbers.
304 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
305 * _not_ least significant ones!
306 */
307
Denys Vlasenko1721a812007-11-06 22:01:20 +0800308
309/* key constants */
310
311#define CAMELLIA_SIGMA1L (0xA09E667FL)
312#define CAMELLIA_SIGMA1R (0x3BCC908BL)
313#define CAMELLIA_SIGMA2L (0xB67AE858L)
314#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
315#define CAMELLIA_SIGMA3L (0xC6EF372FL)
316#define CAMELLIA_SIGMA3R (0xE94F82BEL)
317#define CAMELLIA_SIGMA4L (0x54FF53A5L)
318#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
319#define CAMELLIA_SIGMA5L (0x10E527FAL)
320#define CAMELLIA_SIGMA5R (0xDE682D1DL)
321#define CAMELLIA_SIGMA6L (0xB05688C2L)
322#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
323
324/*
325 * macros
326 */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200327#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800328 w0 = ll; \
329 ll = (ll << bits) + (lr >> (32 - bits)); \
330 lr = (lr << bits) + (rl >> (32 - bits)); \
331 rl = (rl << bits) + (rr >> (32 - bits)); \
332 rr = (rr << bits) + (w0 >> (32 - bits)); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200333})
Denys Vlasenko1721a812007-11-06 22:01:20 +0800334
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200335#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800336 w0 = ll; \
337 w1 = lr; \
338 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
339 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
340 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
341 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200342})
Denys Vlasenko1721a812007-11-06 22:01:20 +0800343
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200344#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800345 il = xl ^ kl; \
346 ir = xr ^ kr; \
347 t0 = il >> 16; \
348 t1 = ir >> 16; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200349 yl = camellia_sp1110[(u8)(ir)] \
350 ^ camellia_sp0222[(u8)(t1 >> 8)] \
351 ^ camellia_sp3033[(u8)(t1)] \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800352 ^ camellia_sp4404[(u8)(ir >> 8)]; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200353 yr = camellia_sp1110[(u8)(t0 >> 8)] \
354 ^ camellia_sp0222[(u8)(t0)] \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800355 ^ camellia_sp3033[(u8)(il >> 8)] \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200356 ^ camellia_sp4404[(u8)(il)]; \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800357 yl ^= yr; \
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800358 yr = ror32(yr, 8); \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800359 yr ^= yl; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200360})
Denys Vlasenko1721a812007-11-06 22:01:20 +0800361
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800362#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
363#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100364
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800365static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
Denys Vlasenkod3e74802007-11-06 22:15:19 +0800366{
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800367 u32 dw, tl, tr;
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800368 u32 kw4l, kw4r;
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800369
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800370 /* absorb kw2 to other subkeys */
371 /* round 2 */
372 subL[3] ^= subL[1]; subR[3] ^= subR[1];
373 /* round 4 */
374 subL[5] ^= subL[1]; subR[5] ^= subR[1];
375 /* round 6 */
376 subL[7] ^= subL[1]; subR[7] ^= subR[1];
377 subL[1] ^= subR[1] & ~subR[9];
Julia Lawall452ec042013-08-14 15:52:58 +0200378 dw = subL[1] & subL[9];
379 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800380 /* round 8 */
381 subL[11] ^= subL[1]; subR[11] ^= subR[1];
382 /* round 10 */
383 subL[13] ^= subL[1]; subR[13] ^= subR[1];
384 /* round 12 */
385 subL[15] ^= subL[1]; subR[15] ^= subR[1];
386 subL[1] ^= subR[1] & ~subR[17];
Julia Lawall452ec042013-08-14 15:52:58 +0200387 dw = subL[1] & subL[17];
388 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800389 /* round 14 */
390 subL[19] ^= subL[1]; subR[19] ^= subR[1];
391 /* round 16 */
392 subL[21] ^= subL[1]; subR[21] ^= subR[1];
393 /* round 18 */
394 subL[23] ^= subL[1]; subR[23] ^= subR[1];
395 if (max == 24) {
396 /* kw3 */
397 subL[24] ^= subL[1]; subR[24] ^= subR[1];
398
399 /* absorb kw4 to other subkeys */
400 kw4l = subL[25]; kw4r = subR[25];
401 } else {
402 subL[1] ^= subR[1] & ~subR[25];
Julia Lawall452ec042013-08-14 15:52:58 +0200403 dw = subL[1] & subL[25];
404 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800405 /* round 20 */
406 subL[27] ^= subL[1]; subR[27] ^= subR[1];
407 /* round 22 */
408 subL[29] ^= subL[1]; subR[29] ^= subR[1];
409 /* round 24 */
410 subL[31] ^= subL[1]; subR[31] ^= subR[1];
411 /* kw3 */
412 subL[32] ^= subL[1]; subR[32] ^= subR[1];
413
414 /* absorb kw4 to other subkeys */
415 kw4l = subL[33]; kw4r = subR[33];
416 /* round 23 */
417 subL[30] ^= kw4l; subR[30] ^= kw4r;
418 /* round 21 */
419 subL[28] ^= kw4l; subR[28] ^= kw4r;
420 /* round 19 */
421 subL[26] ^= kw4l; subR[26] ^= kw4r;
422 kw4l ^= kw4r & ~subR[24];
Julia Lawall452ec042013-08-14 15:52:58 +0200423 dw = kw4l & subL[24];
424 kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800425 }
426 /* round 17 */
427 subL[22] ^= kw4l; subR[22] ^= kw4r;
428 /* round 15 */
429 subL[20] ^= kw4l; subR[20] ^= kw4r;
430 /* round 13 */
431 subL[18] ^= kw4l; subR[18] ^= kw4r;
432 kw4l ^= kw4r & ~subR[16];
Julia Lawall452ec042013-08-14 15:52:58 +0200433 dw = kw4l & subL[16];
434 kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800435 /* round 11 */
436 subL[14] ^= kw4l; subR[14] ^= kw4r;
437 /* round 9 */
438 subL[12] ^= kw4l; subR[12] ^= kw4r;
439 /* round 7 */
440 subL[10] ^= kw4l; subR[10] ^= kw4r;
441 kw4l ^= kw4r & ~subR[8];
Julia Lawall452ec042013-08-14 15:52:58 +0200442 dw = kw4l & subL[8];
443 kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800444 /* round 5 */
445 subL[6] ^= kw4l; subR[6] ^= kw4r;
446 /* round 3 */
447 subL[4] ^= kw4l; subR[4] ^= kw4r;
448 /* round 1 */
449 subL[2] ^= kw4l; subR[2] ^= kw4r;
450 /* kw1 */
451 subL[0] ^= kw4l; subR[0] ^= kw4r;
452
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800453 /* key XOR is end of F-function */
454 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
455 SUBKEY_R(0) = subR[0] ^ subR[2];
456 SUBKEY_L(2) = subL[3]; /* round 1 */
457 SUBKEY_R(2) = subR[3];
458 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
459 SUBKEY_R(3) = subR[2] ^ subR[4];
460 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
461 SUBKEY_R(4) = subR[3] ^ subR[5];
462 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
463 SUBKEY_R(5) = subR[4] ^ subR[6];
464 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
465 SUBKEY_R(6) = subR[5] ^ subR[7];
466 tl = subL[10] ^ (subR[10] & ~subR[8]);
Julia Lawall452ec042013-08-14 15:52:58 +0200467 dw = tl & subL[8]; /* FL(kl1) */
468 tr = subR[10] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800469 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
470 SUBKEY_R(7) = subR[6] ^ tr;
471 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
472 SUBKEY_R(8) = subR[8];
473 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
474 SUBKEY_R(9) = subR[9];
475 tl = subL[7] ^ (subR[7] & ~subR[9]);
Julia Lawall452ec042013-08-14 15:52:58 +0200476 dw = tl & subL[9]; /* FLinv(kl2) */
477 tr = subR[7] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800478 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
479 SUBKEY_R(10) = tr ^ subR[11];
480 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
481 SUBKEY_R(11) = subR[10] ^ subR[12];
482 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
483 SUBKEY_R(12) = subR[11] ^ subR[13];
484 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
485 SUBKEY_R(13) = subR[12] ^ subR[14];
486 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
487 SUBKEY_R(14) = subR[13] ^ subR[15];
488 tl = subL[18] ^ (subR[18] & ~subR[16]);
Julia Lawall452ec042013-08-14 15:52:58 +0200489 dw = tl & subL[16]; /* FL(kl3) */
490 tr = subR[18] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800491 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
492 SUBKEY_R(15) = subR[14] ^ tr;
493 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
494 SUBKEY_R(16) = subR[16];
495 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
496 SUBKEY_R(17) = subR[17];
497 tl = subL[15] ^ (subR[15] & ~subR[17]);
Julia Lawall452ec042013-08-14 15:52:58 +0200498 dw = tl & subL[17]; /* FLinv(kl4) */
499 tr = subR[15] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800500 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
501 SUBKEY_R(18) = tr ^ subR[19];
502 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
503 SUBKEY_R(19) = subR[18] ^ subR[20];
504 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
505 SUBKEY_R(20) = subR[19] ^ subR[21];
506 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
507 SUBKEY_R(21) = subR[20] ^ subR[22];
508 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
509 SUBKEY_R(22) = subR[21] ^ subR[23];
510 if (max == 24) {
511 SUBKEY_L(23) = subL[22]; /* round 18 */
512 SUBKEY_R(23) = subR[22];
513 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
514 SUBKEY_R(24) = subR[24] ^ subR[23];
515 } else {
516 tl = subL[26] ^ (subR[26] & ~subR[24]);
Julia Lawall452ec042013-08-14 15:52:58 +0200517 dw = tl & subL[24]; /* FL(kl5) */
518 tr = subR[26] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800519 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
520 SUBKEY_R(23) = subR[22] ^ tr;
521 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
522 SUBKEY_R(24) = subR[24];
523 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
524 SUBKEY_R(25) = subR[25];
525 tl = subL[23] ^ (subR[23] & ~subR[25]);
Julia Lawall452ec042013-08-14 15:52:58 +0200526 dw = tl & subL[25]; /* FLinv(kl6) */
527 tr = subR[23] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800528 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
529 SUBKEY_R(26) = tr ^ subR[27];
530 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
531 SUBKEY_R(27) = subR[26] ^ subR[28];
532 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
533 SUBKEY_R(28) = subR[27] ^ subR[29];
534 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
535 SUBKEY_R(29) = subR[28] ^ subR[30];
536 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
537 SUBKEY_R(30) = subR[29] ^ subR[31];
538 SUBKEY_L(31) = subL[30]; /* round 24 */
539 SUBKEY_R(31) = subR[30];
540 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
541 SUBKEY_R(32) = subR[32] ^ subR[31];
542 }
Denys Vlasenkod3e74802007-11-06 22:15:19 +0800543}
544
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100545static void camellia_setup128(const unsigned char *key, u32 *subkey)
546{
547 u32 kll, klr, krl, krr;
548 u32 il, ir, t0, t1, w0, w1;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100549 u32 subL[26];
550 u32 subR[26];
551
552 /**
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800553 * k == kll || klr || krl || krr (|| is concatenation)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100554 */
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800555 kll = get_unaligned_be32(key);
556 klr = get_unaligned_be32(key + 4);
557 krl = get_unaligned_be32(key + 8);
558 krr = get_unaligned_be32(key + 12);
Denys Vlasenko1ce73e82007-11-06 22:13:40 +0800559
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800560 /* generate KL dependent subkeys */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100561 /* kw1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800562 subL[0] = kll; subR[0] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100563 /* kw2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800564 subL[1] = krl; subR[1] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100565 /* rotation left shift 15bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800566 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100567 /* k3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800568 subL[4] = kll; subR[4] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100569 /* k4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800570 subL[5] = krl; subR[5] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100571 /* rotation left shift 15+30bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800572 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100573 /* k7 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800574 subL[10] = kll; subR[10] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100575 /* k8 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800576 subL[11] = krl; subR[11] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100577 /* rotation left shift 15+30+15bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800578 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100579 /* k10 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800580 subL[13] = krl; subR[13] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100581 /* rotation left shift 15+30+15+17 bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800582 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100583 /* kl3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800584 subL[16] = kll; subR[16] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100585 /* kl4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800586 subL[17] = krl; subR[17] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100587 /* rotation left shift 15+30+15+17+17 bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800588 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100589 /* k13 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800590 subL[18] = kll; subR[18] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100591 /* k14 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800592 subL[19] = krl; subR[19] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100593 /* rotation left shift 15+30+15+17+17+17 bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800594 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100595 /* k17 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800596 subL[22] = kll; subR[22] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100597 /* k18 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800598 subL[23] = krl; subR[23] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100599
600 /* generate KA */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800601 kll = subL[0]; klr = subR[0];
602 krl = subL[1]; krr = subR[1];
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100603 CAMELLIA_F(kll, klr,
604 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
605 w0, w1, il, ir, t0, t1);
606 krl ^= w0; krr ^= w1;
607 CAMELLIA_F(krl, krr,
608 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
609 kll, klr, il, ir, t0, t1);
610 /* current status == (kll, klr, w0, w1) */
611 CAMELLIA_F(kll, klr,
612 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
613 krl, krr, il, ir, t0, t1);
614 krl ^= w0; krr ^= w1;
615 CAMELLIA_F(krl, krr,
616 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
617 w0, w1, il, ir, t0, t1);
618 kll ^= w0; klr ^= w1;
619
620 /* generate KA dependent subkeys */
621 /* k1, k2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800622 subL[2] = kll; subR[2] = klr;
623 subL[3] = krl; subR[3] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800624 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100625 /* k5,k6 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800626 subL[6] = kll; subR[6] = klr;
627 subL[7] = krl; subR[7] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800628 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100629 /* kl1, kl2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800630 subL[8] = kll; subR[8] = klr;
631 subL[9] = krl; subR[9] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800632 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100633 /* k9 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800634 subL[12] = kll; subR[12] = klr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800635 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100636 /* k11, k12 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800637 subL[14] = kll; subR[14] = klr;
638 subL[15] = krl; subR[15] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800639 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100640 /* k15, k16 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800641 subL[20] = kll; subR[20] = klr;
642 subL[21] = krl; subR[21] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800643 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100644 /* kw3, kw4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800645 subL[24] = kll; subR[24] = klr;
646 subL[25] = krl; subR[25] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100647
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800648 camellia_setup_tail(subkey, subL, subR, 24);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100649}
650
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100651static void camellia_setup256(const unsigned char *key, u32 *subkey)
652{
Denys Vlasenko1ce73e82007-11-06 22:13:40 +0800653 u32 kll, klr, krl, krr; /* left half of key */
654 u32 krll, krlr, krrl, krrr; /* right half of key */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100655 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100656 u32 subL[34];
657 u32 subR[34];
658
659 /**
660 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800661 * (|| is concatenation)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100662 */
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800663 kll = get_unaligned_be32(key);
664 klr = get_unaligned_be32(key + 4);
665 krl = get_unaligned_be32(key + 8);
666 krr = get_unaligned_be32(key + 12);
667 krll = get_unaligned_be32(key + 16);
668 krlr = get_unaligned_be32(key + 20);
669 krrl = get_unaligned_be32(key + 24);
670 krrr = get_unaligned_be32(key + 28);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100671
672 /* generate KL dependent subkeys */
673 /* kw1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800674 subL[0] = kll; subR[0] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100675 /* kw2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800676 subL[1] = krl; subR[1] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800677 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100678 /* k9 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800679 subL[12] = kll; subR[12] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100680 /* k10 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800681 subL[13] = krl; subR[13] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800682 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100683 /* kl3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800684 subL[16] = kll; subR[16] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100685 /* kl4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800686 subL[17] = krl; subR[17] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800687 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100688 /* k17 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800689 subL[22] = kll; subR[22] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100690 /* k18 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800691 subL[23] = krl; subR[23] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800692 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100693 /* k23 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800694 subL[30] = kll; subR[30] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100695 /* k24 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800696 subL[31] = krl; subR[31] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100697
698 /* generate KR dependent subkeys */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800699 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100700 /* k3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800701 subL[4] = krll; subR[4] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100702 /* k4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800703 subL[5] = krrl; subR[5] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800704 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100705 /* kl1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800706 subL[8] = krll; subR[8] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100707 /* kl2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800708 subL[9] = krrl; subR[9] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800709 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100710 /* k13 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800711 subL[18] = krll; subR[18] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100712 /* k14 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800713 subL[19] = krrl; subR[19] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800714 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100715 /* k19 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800716 subL[26] = krll; subR[26] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100717 /* k20 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800718 subL[27] = krrl; subR[27] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800719 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100720
721 /* generate KA */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800722 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
723 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100724 CAMELLIA_F(kll, klr,
725 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
726 w0, w1, il, ir, t0, t1);
727 krl ^= w0; krr ^= w1;
728 CAMELLIA_F(krl, krr,
729 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
730 kll, klr, il, ir, t0, t1);
731 kll ^= krll; klr ^= krlr;
732 CAMELLIA_F(kll, klr,
733 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
734 krl, krr, il, ir, t0, t1);
735 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
736 CAMELLIA_F(krl, krr,
737 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
738 w0, w1, il, ir, t0, t1);
739 kll ^= w0; klr ^= w1;
740
741 /* generate KB */
742 krll ^= kll; krlr ^= klr;
743 krrl ^= krl; krrr ^= krr;
744 CAMELLIA_F(krll, krlr,
745 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
746 w0, w1, il, ir, t0, t1);
747 krrl ^= w0; krrr ^= w1;
748 CAMELLIA_F(krrl, krrr,
749 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
750 w0, w1, il, ir, t0, t1);
751 krll ^= w0; krlr ^= w1;
752
753 /* generate KA dependent subkeys */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800754 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100755 /* k5 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800756 subL[6] = kll; subR[6] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100757 /* k6 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800758 subL[7] = krl; subR[7] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800759 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100760 /* k11 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800761 subL[14] = kll; subR[14] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100762 /* k12 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800763 subL[15] = krl; subR[15] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100764 /* rotation left shift 32bit */
765 /* kl5 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800766 subL[24] = klr; subR[24] = krl;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100767 /* kl6 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800768 subL[25] = krr; subR[25] = kll;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100769 /* rotation left shift 49 from k11,k12 -> k21,k22 */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800770 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100771 /* k21 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800772 subL[28] = kll; subR[28] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100773 /* k22 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800774 subL[29] = krl; subR[29] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100775
776 /* generate KB dependent subkeys */
777 /* k1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800778 subL[2] = krll; subR[2] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100779 /* k2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800780 subL[3] = krrl; subR[3] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800781 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100782 /* k7 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800783 subL[10] = krll; subR[10] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100784 /* k8 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800785 subL[11] = krrl; subR[11] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800786 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100787 /* k15 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800788 subL[20] = krll; subR[20] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100789 /* k16 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800790 subL[21] = krrl; subR[21] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800791 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100792 /* kw3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800793 subL[32] = krll; subR[32] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100794 /* kw4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800795 subL[33] = krrl; subR[33] = krrr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100796
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800797 camellia_setup_tail(subkey, subL, subR, 32);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100798}
799
800static void camellia_setup192(const unsigned char *key, u32 *subkey)
801{
802 unsigned char kk[32];
Richard Hartmann621dd362010-02-16 20:27:57 +0800803 u32 krll, krlr, krrl, krrr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100804
805 memcpy(kk, key, 24);
Denys Vlasenko1721a812007-11-06 22:01:20 +0800806 memcpy((unsigned char *)&krll, key+16, 4);
807 memcpy((unsigned char *)&krlr, key+20, 4);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100808 krrl = ~krll;
809 krrr = ~krlr;
810 memcpy(kk+24, (unsigned char *)&krrl, 4);
811 memcpy(kk+28, (unsigned char *)&krrr, 4);
812 camellia_setup256(kk, subkey);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100813}
814
815
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800816/*
817 * Encrypt/decrypt
818 */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200819#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800820 t0 = kll; \
821 t2 = krr; \
822 t0 &= ll; \
823 t2 |= rr; \
824 rl ^= t2; \
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800825 lr ^= rol32(t0, 1); \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800826 t3 = krl; \
827 t1 = klr; \
828 t3 &= rl; \
829 t1 |= lr; \
830 ll ^= t1; \
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800831 rr ^= rol32(t3, 1); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200832})
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800833
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200834#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \
Jussi Kivilinnac9b56d32012-03-03 13:59:00 +0200835 yl ^= kl; \
836 yr ^= kr; \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800837 ir = camellia_sp1110[(u8)xr]; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200838 il = camellia_sp1110[(u8)(xl >> 24)]; \
839 ir ^= camellia_sp0222[(u8)(xr >> 24)]; \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800840 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
841 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
842 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
843 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
844 il ^= camellia_sp4404[(u8)xl]; \
Jussi Kivilinnac9b56d32012-03-03 13:59:00 +0200845 ir ^= il; \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800846 yl ^= ir; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200847 yr ^= ror32(il, 8) ^ ir; \
848})
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800849
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800850/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
851static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100852{
Richard Hartmann621dd362010-02-16 20:27:57 +0800853 u32 il, ir, t0, t1; /* temporary variables */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100854
Denys Vlasenko1721a812007-11-06 22:01:20 +0800855 /* pre whitening but absorb kw2 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800856 io[0] ^= SUBKEY_L(0);
857 io[1] ^= SUBKEY_R(0);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100858
Denys Vlasenko1721a812007-11-06 22:01:20 +0800859 /* main iteration */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200860#define ROUNDS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800861 CAMELLIA_ROUNDSM(io[0], io[1], \
862 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
863 io[2], io[3], il, ir); \
864 CAMELLIA_ROUNDSM(io[2], io[3], \
865 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
866 io[0], io[1], il, ir); \
867 CAMELLIA_ROUNDSM(io[0], io[1], \
868 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
869 io[2], io[3], il, ir); \
870 CAMELLIA_ROUNDSM(io[2], io[3], \
871 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
872 io[0], io[1], il, ir); \
873 CAMELLIA_ROUNDSM(io[0], io[1], \
874 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
875 io[2], io[3], il, ir); \
876 CAMELLIA_ROUNDSM(io[2], io[3], \
877 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
878 io[0], io[1], il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200879})
880#define FLS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800881 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
882 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
883 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
884 t0, t1, il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200885})
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100886
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800887 ROUNDS(0);
888 FLS(8);
889 ROUNDS(8);
890 FLS(16);
891 ROUNDS(16);
892 if (max == 32) {
893 FLS(24);
894 ROUNDS(24);
895 }
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100896
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800897#undef ROUNDS
898#undef FLS
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100899
900 /* post whitening but kw4 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800901 io[2] ^= SUBKEY_L(max);
902 io[3] ^= SUBKEY_R(max);
903 /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100904}
905
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800906static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100907{
Richard Hartmann621dd362010-02-16 20:27:57 +0800908 u32 il, ir, t0, t1; /* temporary variables */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100909
Denys Vlasenko1721a812007-11-06 22:01:20 +0800910 /* pre whitening but absorb kw2 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800911 io[0] ^= SUBKEY_L(i);
912 io[1] ^= SUBKEY_R(i);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100913
914 /* main iteration */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200915#define ROUNDS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800916 CAMELLIA_ROUNDSM(io[0], io[1], \
917 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
918 io[2], io[3], il, ir); \
919 CAMELLIA_ROUNDSM(io[2], io[3], \
920 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
921 io[0], io[1], il, ir); \
922 CAMELLIA_ROUNDSM(io[0], io[1], \
923 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
924 io[2], io[3], il, ir); \
925 CAMELLIA_ROUNDSM(io[2], io[3], \
926 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
927 io[0], io[1], il, ir); \
928 CAMELLIA_ROUNDSM(io[0], io[1], \
929 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
930 io[2], io[3], il, ir); \
931 CAMELLIA_ROUNDSM(io[2], io[3], \
932 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
933 io[0], io[1], il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200934})
935#define FLS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800936 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
937 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
938 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
939 t0, t1, il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200940})
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100941
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800942 if (i == 32) {
943 ROUNDS(24);
944 FLS(24);
945 }
946 ROUNDS(16);
947 FLS(16);
948 ROUNDS(8);
949 FLS(8);
950 ROUNDS(0);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100951
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800952#undef ROUNDS
953#undef FLS
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100954
955 /* post whitening but kw4 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800956 io[2] ^= SUBKEY_L(0);
957 io[3] ^= SUBKEY_R(0);
958 /* NB: 0,1 should be swapped with 2,3 by caller! */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100959}
960
961
Denys Vlasenko1721a812007-11-06 22:01:20 +0800962struct camellia_ctx {
963 int key_length;
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800964 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
Denys Vlasenko1721a812007-11-06 22:01:20 +0800965};
966
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100967static int
968camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
969 unsigned int key_len)
970{
971 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
972 const unsigned char *key = (const unsigned char *)in_key;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100973
Eric Biggers674f3682019-12-30 21:19:36 -0600974 if (key_len != 16 && key_len != 24 && key_len != 32)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100975 return -EINVAL;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100976
977 cctx->key_length = key_len;
978
Denys Vlasenko1721a812007-11-06 22:01:20 +0800979 switch (key_len) {
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100980 case 16:
981 camellia_setup128(key, cctx->key_table);
982 break;
983 case 24:
984 camellia_setup192(key, cctx->key_table);
985 break;
986 case 32:
987 camellia_setup256(key, cctx->key_table);
988 break;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100989 }
990
991 return 0;
992}
993
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100994static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
995{
996 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
997 const __be32 *src = (const __be32 *)in;
998 __be32 *dst = (__be32 *)out;
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200999 unsigned int max;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001000
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +08001001 u32 tmp[4];
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001002
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +08001003 tmp[0] = be32_to_cpu(src[0]);
1004 tmp[1] = be32_to_cpu(src[1]);
1005 tmp[2] = be32_to_cpu(src[2]);
1006 tmp[3] = be32_to_cpu(src[3]);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001007
Jussi Kivilinnae2861a72012-03-05 20:26:37 +02001008 if (cctx->key_length == 16)
1009 max = 24;
1010 else
1011 max = 32; /* for key lengths of 24 and 32 */
1012
1013 camellia_do_encrypt(cctx->key_table, tmp, max);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001014
Denys Vlasenkoacca79a2007-11-23 21:10:03 +08001015 /* do_encrypt returns 0,1 swapped with 2,3 */
1016 dst[0] = cpu_to_be32(tmp[2]);
1017 dst[1] = cpu_to_be32(tmp[3]);
1018 dst[2] = cpu_to_be32(tmp[0]);
1019 dst[3] = cpu_to_be32(tmp[1]);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001020}
1021
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001022static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1023{
1024 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1025 const __be32 *src = (const __be32 *)in;
1026 __be32 *dst = (__be32 *)out;
Jussi Kivilinnae2861a72012-03-05 20:26:37 +02001027 unsigned int max;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001028
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +08001029 u32 tmp[4];
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001030
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +08001031 tmp[0] = be32_to_cpu(src[0]);
1032 tmp[1] = be32_to_cpu(src[1]);
1033 tmp[2] = be32_to_cpu(src[2]);
1034 tmp[3] = be32_to_cpu(src[3]);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001035
Jussi Kivilinnae2861a72012-03-05 20:26:37 +02001036 if (cctx->key_length == 16)
1037 max = 24;
1038 else
1039 max = 32; /* for key lengths of 24 and 32 */
1040
1041 camellia_do_decrypt(cctx->key_table, tmp, max);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001042
Denys Vlasenkoacca79a2007-11-23 21:10:03 +08001043 /* do_decrypt returns 0,1 swapped with 2,3 */
1044 dst[0] = cpu_to_be32(tmp[2]);
1045 dst[1] = cpu_to_be32(tmp[3]);
1046 dst[2] = cpu_to_be32(tmp[0]);
1047 dst[3] = cpu_to_be32(tmp[1]);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001048}
1049
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001050static struct crypto_alg camellia_alg = {
1051 .cra_name = "camellia",
1052 .cra_driver_name = "camellia-generic",
1053 .cra_priority = 100,
1054 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1055 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1056 .cra_ctxsize = sizeof(struct camellia_ctx),
1057 .cra_alignmask = 3,
1058 .cra_module = THIS_MODULE,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001059 .cra_u = {
1060 .cipher = {
1061 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1062 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1063 .cia_setkey = camellia_set_key,
1064 .cia_encrypt = camellia_encrypt,
1065 .cia_decrypt = camellia_decrypt
1066 }
1067 }
1068};
1069
1070static int __init camellia_init(void)
1071{
1072 return crypto_register_alg(&camellia_alg);
1073}
1074
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001075static void __exit camellia_fini(void)
1076{
1077 crypto_unregister_alg(&camellia_alg);
1078}
1079
Eric Biggersc4741b22019-04-11 21:57:42 -07001080subsys_initcall(camellia_init);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001081module_exit(camellia_fini);
1082
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001083MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1084MODULE_LICENSE("GPL");
Kees Cook5d26a102014-11-20 17:05:53 -08001085MODULE_ALIAS_CRYPTO("camellia");
Mathias Krause3e14dcf2015-01-11 18:17:42 +01001086MODULE_ALIAS_CRYPTO("camellia-generic");