blob: fd1a88af9e77fd091292e72b6c27753ca5d24331 [file] [log] [blame]
Thomas Gleixner1ccea772019-05-19 15:51:43 +02001// SPDX-License-Identifier: GPL-2.0-or-later
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11002/*
3 * Copyright (C) 2006
4 * NTT (Nippon Telegraph and Telephone Corporation).
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11005 */
6
7/*
8 * Algorithm Specification
Alexander A. Klimov9332a9e2020-07-19 18:49:59 +02009 * https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110010 */
11
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110012#include <linux/crypto.h>
13#include <linux/errno.h>
14#include <linux/init.h>
15#include <linux/kernel.h>
16#include <linux/module.h>
Harvey Harrison32bd78e2008-10-12 20:40:12 +080017#include <linux/bitops.h>
18#include <asm/unaligned.h>
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110019
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110020static const u32 camellia_sp1110[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +080021 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
22 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
23 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
24 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
25 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
26 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
27 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
28 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
29 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
30 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
31 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
32 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
33 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
34 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
35 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
36 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
37 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
38 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
39 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
40 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
41 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
42 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
43 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
44 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
45 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
46 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
47 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
48 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
49 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
50 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
51 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
52 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
53 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
54 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
55 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
56 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
57 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
58 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
59 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
60 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
61 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
62 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
63 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
64 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
65 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
66 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
67 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
68 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
69 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
70 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
71 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
72 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
73 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
74 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
75 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
76 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
77 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
78 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
79 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
80 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
81 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
82 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
83 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
84 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +110085};
86
87static const u32 camellia_sp0222[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +080088 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
89 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
90 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
91 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
92 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
93 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
94 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
95 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
96 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
97 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
98 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
99 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
100 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
101 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
102 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
103 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
104 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
105 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
106 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
107 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
108 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
109 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
110 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
111 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
112 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
113 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
114 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
115 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
116 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
117 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
118 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
119 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
120 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
121 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
122 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
123 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
124 0x00202020, 0x00898989, 0x00000000, 0x00909090,
125 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
126 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
127 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
128 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
129 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
130 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
131 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
132 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
133 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
134 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
135 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
136 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
137 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
138 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
139 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
140 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
141 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
142 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
143 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
144 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
145 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
146 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
147 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
148 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
149 0x00777777, 0x00939393, 0x00868686, 0x00838383,
150 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
151 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100152};
153
154static const u32 camellia_sp3033[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +0800155 0x38003838, 0x41004141, 0x16001616, 0x76007676,
156 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
157 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
158 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
159 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
160 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
161 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
162 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
163 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
164 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
165 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
166 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
167 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
168 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
169 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
170 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
171 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
172 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
173 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
174 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
175 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
176 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
177 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
178 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
179 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
180 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
181 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
182 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
183 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
184 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
185 0x12001212, 0x04000404, 0x74007474, 0x54005454,
186 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
187 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
188 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
189 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
190 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
191 0x08000808, 0x62006262, 0x00000000, 0x24002424,
192 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
193 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
194 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
195 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
196 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
197 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
198 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
199 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
200 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
201 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
202 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
203 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
204 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
205 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
206 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
207 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
208 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
209 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
210 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
211 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
212 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
213 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
214 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
215 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
216 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
217 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
218 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100219};
220
221static const u32 camellia_sp4404[256] = {
Richard Hartmann621dd362010-02-16 20:27:57 +0800222 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
223 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
224 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
225 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
226 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
227 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
228 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
229 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
230 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
231 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
232 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
233 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
234 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
235 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
236 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
237 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
238 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
239 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
240 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
241 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
242 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
243 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
244 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
245 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
246 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
247 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
248 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
249 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
250 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
251 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
252 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
253 0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
254 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
255 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
256 0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
257 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
258 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
259 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
260 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
261 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
262 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
263 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
264 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
265 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
266 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
267 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
268 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
269 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
270 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
271 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
272 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
273 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
274 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
275 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
276 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
277 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
278 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
279 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
280 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
281 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
282 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
283 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
284 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
285 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100286};
287
288
Denys Vlasenko1721a812007-11-06 22:01:20 +0800289#define CAMELLIA_MIN_KEY_SIZE 16
290#define CAMELLIA_MAX_KEY_SIZE 32
291#define CAMELLIA_BLOCK_SIZE 16
292#define CAMELLIA_TABLE_BYTE_LEN 272
293
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800294/*
295 * NB: L and R below stand for 'left' and 'right' as in written numbers.
296 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
297 * _not_ least significant ones!
298 */
299
Denys Vlasenko1721a812007-11-06 22:01:20 +0800300
301/* key constants */
302
303#define CAMELLIA_SIGMA1L (0xA09E667FL)
304#define CAMELLIA_SIGMA1R (0x3BCC908BL)
305#define CAMELLIA_SIGMA2L (0xB67AE858L)
306#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
307#define CAMELLIA_SIGMA3L (0xC6EF372FL)
308#define CAMELLIA_SIGMA3R (0xE94F82BEL)
309#define CAMELLIA_SIGMA4L (0x54FF53A5L)
310#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
311#define CAMELLIA_SIGMA5L (0x10E527FAL)
312#define CAMELLIA_SIGMA5R (0xDE682D1DL)
313#define CAMELLIA_SIGMA6L (0xB05688C2L)
314#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
315
316/*
317 * macros
318 */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200319#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800320 w0 = ll; \
321 ll = (ll << bits) + (lr >> (32 - bits)); \
322 lr = (lr << bits) + (rl >> (32 - bits)); \
323 rl = (rl << bits) + (rr >> (32 - bits)); \
324 rr = (rr << bits) + (w0 >> (32 - bits)); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200325})
Denys Vlasenko1721a812007-11-06 22:01:20 +0800326
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200327#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800328 w0 = ll; \
329 w1 = lr; \
330 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
331 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
332 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
333 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200334})
Denys Vlasenko1721a812007-11-06 22:01:20 +0800335
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200336#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800337 il = xl ^ kl; \
338 ir = xr ^ kr; \
339 t0 = il >> 16; \
340 t1 = ir >> 16; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200341 yl = camellia_sp1110[(u8)(ir)] \
342 ^ camellia_sp0222[(u8)(t1 >> 8)] \
343 ^ camellia_sp3033[(u8)(t1)] \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800344 ^ camellia_sp4404[(u8)(ir >> 8)]; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200345 yr = camellia_sp1110[(u8)(t0 >> 8)] \
346 ^ camellia_sp0222[(u8)(t0)] \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800347 ^ camellia_sp3033[(u8)(il >> 8)] \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200348 ^ camellia_sp4404[(u8)(il)]; \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800349 yl ^= yr; \
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800350 yr = ror32(yr, 8); \
Denys Vlasenko1721a812007-11-06 22:01:20 +0800351 yr ^= yl; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200352})
Denys Vlasenko1721a812007-11-06 22:01:20 +0800353
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800354#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
355#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100356
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800357static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
Denys Vlasenkod3e74802007-11-06 22:15:19 +0800358{
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800359 u32 dw, tl, tr;
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800360 u32 kw4l, kw4r;
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800361
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800362 /* absorb kw2 to other subkeys */
363 /* round 2 */
364 subL[3] ^= subL[1]; subR[3] ^= subR[1];
365 /* round 4 */
366 subL[5] ^= subL[1]; subR[5] ^= subR[1];
367 /* round 6 */
368 subL[7] ^= subL[1]; subR[7] ^= subR[1];
369 subL[1] ^= subR[1] & ~subR[9];
Julia Lawall452ec042013-08-14 15:52:58 +0200370 dw = subL[1] & subL[9];
371 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800372 /* round 8 */
373 subL[11] ^= subL[1]; subR[11] ^= subR[1];
374 /* round 10 */
375 subL[13] ^= subL[1]; subR[13] ^= subR[1];
376 /* round 12 */
377 subL[15] ^= subL[1]; subR[15] ^= subR[1];
378 subL[1] ^= subR[1] & ~subR[17];
Julia Lawall452ec042013-08-14 15:52:58 +0200379 dw = subL[1] & subL[17];
380 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800381 /* round 14 */
382 subL[19] ^= subL[1]; subR[19] ^= subR[1];
383 /* round 16 */
384 subL[21] ^= subL[1]; subR[21] ^= subR[1];
385 /* round 18 */
386 subL[23] ^= subL[1]; subR[23] ^= subR[1];
387 if (max == 24) {
388 /* kw3 */
389 subL[24] ^= subL[1]; subR[24] ^= subR[1];
390
391 /* absorb kw4 to other subkeys */
392 kw4l = subL[25]; kw4r = subR[25];
393 } else {
394 subL[1] ^= subR[1] & ~subR[25];
Julia Lawall452ec042013-08-14 15:52:58 +0200395 dw = subL[1] & subL[25];
396 subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800397 /* round 20 */
398 subL[27] ^= subL[1]; subR[27] ^= subR[1];
399 /* round 22 */
400 subL[29] ^= subL[1]; subR[29] ^= subR[1];
401 /* round 24 */
402 subL[31] ^= subL[1]; subR[31] ^= subR[1];
403 /* kw3 */
404 subL[32] ^= subL[1]; subR[32] ^= subR[1];
405
406 /* absorb kw4 to other subkeys */
407 kw4l = subL[33]; kw4r = subR[33];
408 /* round 23 */
409 subL[30] ^= kw4l; subR[30] ^= kw4r;
410 /* round 21 */
411 subL[28] ^= kw4l; subR[28] ^= kw4r;
412 /* round 19 */
413 subL[26] ^= kw4l; subR[26] ^= kw4r;
414 kw4l ^= kw4r & ~subR[24];
Julia Lawall452ec042013-08-14 15:52:58 +0200415 dw = kw4l & subL[24];
416 kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800417 }
418 /* round 17 */
419 subL[22] ^= kw4l; subR[22] ^= kw4r;
420 /* round 15 */
421 subL[20] ^= kw4l; subR[20] ^= kw4r;
422 /* round 13 */
423 subL[18] ^= kw4l; subR[18] ^= kw4r;
424 kw4l ^= kw4r & ~subR[16];
Julia Lawall452ec042013-08-14 15:52:58 +0200425 dw = kw4l & subL[16];
426 kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800427 /* round 11 */
428 subL[14] ^= kw4l; subR[14] ^= kw4r;
429 /* round 9 */
430 subL[12] ^= kw4l; subR[12] ^= kw4r;
431 /* round 7 */
432 subL[10] ^= kw4l; subR[10] ^= kw4r;
433 kw4l ^= kw4r & ~subR[8];
Julia Lawall452ec042013-08-14 15:52:58 +0200434 dw = kw4l & subL[8];
435 kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
Denys Vlasenkoff85a802007-11-23 21:21:03 +0800436 /* round 5 */
437 subL[6] ^= kw4l; subR[6] ^= kw4r;
438 /* round 3 */
439 subL[4] ^= kw4l; subR[4] ^= kw4r;
440 /* round 1 */
441 subL[2] ^= kw4l; subR[2] ^= kw4r;
442 /* kw1 */
443 subL[0] ^= kw4l; subR[0] ^= kw4r;
444
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800445 /* key XOR is end of F-function */
446 SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
447 SUBKEY_R(0) = subR[0] ^ subR[2];
448 SUBKEY_L(2) = subL[3]; /* round 1 */
449 SUBKEY_R(2) = subR[3];
450 SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
451 SUBKEY_R(3) = subR[2] ^ subR[4];
452 SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
453 SUBKEY_R(4) = subR[3] ^ subR[5];
454 SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
455 SUBKEY_R(5) = subR[4] ^ subR[6];
456 SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
457 SUBKEY_R(6) = subR[5] ^ subR[7];
458 tl = subL[10] ^ (subR[10] & ~subR[8]);
Julia Lawall452ec042013-08-14 15:52:58 +0200459 dw = tl & subL[8]; /* FL(kl1) */
460 tr = subR[10] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800461 SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
462 SUBKEY_R(7) = subR[6] ^ tr;
463 SUBKEY_L(8) = subL[8]; /* FL(kl1) */
464 SUBKEY_R(8) = subR[8];
465 SUBKEY_L(9) = subL[9]; /* FLinv(kl2) */
466 SUBKEY_R(9) = subR[9];
467 tl = subL[7] ^ (subR[7] & ~subR[9]);
Julia Lawall452ec042013-08-14 15:52:58 +0200468 dw = tl & subL[9]; /* FLinv(kl2) */
469 tr = subR[7] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800470 SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
471 SUBKEY_R(10) = tr ^ subR[11];
472 SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
473 SUBKEY_R(11) = subR[10] ^ subR[12];
474 SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
475 SUBKEY_R(12) = subR[11] ^ subR[13];
476 SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
477 SUBKEY_R(13) = subR[12] ^ subR[14];
478 SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
479 SUBKEY_R(14) = subR[13] ^ subR[15];
480 tl = subL[18] ^ (subR[18] & ~subR[16]);
Julia Lawall452ec042013-08-14 15:52:58 +0200481 dw = tl & subL[16]; /* FL(kl3) */
482 tr = subR[18] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800483 SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
484 SUBKEY_R(15) = subR[14] ^ tr;
485 SUBKEY_L(16) = subL[16]; /* FL(kl3) */
486 SUBKEY_R(16) = subR[16];
487 SUBKEY_L(17) = subL[17]; /* FLinv(kl4) */
488 SUBKEY_R(17) = subR[17];
489 tl = subL[15] ^ (subR[15] & ~subR[17]);
Julia Lawall452ec042013-08-14 15:52:58 +0200490 dw = tl & subL[17]; /* FLinv(kl4) */
491 tr = subR[15] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800492 SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
493 SUBKEY_R(18) = tr ^ subR[19];
494 SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
495 SUBKEY_R(19) = subR[18] ^ subR[20];
496 SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
497 SUBKEY_R(20) = subR[19] ^ subR[21];
498 SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
499 SUBKEY_R(21) = subR[20] ^ subR[22];
500 SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
501 SUBKEY_R(22) = subR[21] ^ subR[23];
502 if (max == 24) {
503 SUBKEY_L(23) = subL[22]; /* round 18 */
504 SUBKEY_R(23) = subR[22];
505 SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
506 SUBKEY_R(24) = subR[24] ^ subR[23];
507 } else {
508 tl = subL[26] ^ (subR[26] & ~subR[24]);
Julia Lawall452ec042013-08-14 15:52:58 +0200509 dw = tl & subL[24]; /* FL(kl5) */
510 tr = subR[26] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800511 SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
512 SUBKEY_R(23) = subR[22] ^ tr;
513 SUBKEY_L(24) = subL[24]; /* FL(kl5) */
514 SUBKEY_R(24) = subR[24];
515 SUBKEY_L(25) = subL[25]; /* FLinv(kl6) */
516 SUBKEY_R(25) = subR[25];
517 tl = subL[23] ^ (subR[23] & ~subR[25]);
Julia Lawall452ec042013-08-14 15:52:58 +0200518 dw = tl & subL[25]; /* FLinv(kl6) */
519 tr = subR[23] ^ rol32(dw, 1);
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800520 SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
521 SUBKEY_R(26) = tr ^ subR[27];
522 SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
523 SUBKEY_R(27) = subR[26] ^ subR[28];
524 SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
525 SUBKEY_R(28) = subR[27] ^ subR[29];
526 SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
527 SUBKEY_R(29) = subR[28] ^ subR[30];
528 SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
529 SUBKEY_R(30) = subR[29] ^ subR[31];
530 SUBKEY_L(31) = subL[30]; /* round 24 */
531 SUBKEY_R(31) = subR[30];
532 SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
533 SUBKEY_R(32) = subR[32] ^ subR[31];
534 }
Denys Vlasenkod3e74802007-11-06 22:15:19 +0800535}
536
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100537static void camellia_setup128(const unsigned char *key, u32 *subkey)
538{
539 u32 kll, klr, krl, krr;
540 u32 il, ir, t0, t1, w0, w1;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100541 u32 subL[26];
542 u32 subR[26];
543
544 /**
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800545 * k == kll || klr || krl || krr (|| is concatenation)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100546 */
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800547 kll = get_unaligned_be32(key);
548 klr = get_unaligned_be32(key + 4);
549 krl = get_unaligned_be32(key + 8);
550 krr = get_unaligned_be32(key + 12);
Denys Vlasenko1ce73e82007-11-06 22:13:40 +0800551
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800552 /* generate KL dependent subkeys */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100553 /* kw1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800554 subL[0] = kll; subR[0] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100555 /* kw2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800556 subL[1] = krl; subR[1] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100557 /* rotation left shift 15bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800558 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100559 /* k3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800560 subL[4] = kll; subR[4] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100561 /* k4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800562 subL[5] = krl; subR[5] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100563 /* rotation left shift 15+30bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800564 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100565 /* k7 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800566 subL[10] = kll; subR[10] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100567 /* k8 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800568 subL[11] = krl; subR[11] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100569 /* rotation left shift 15+30+15bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800570 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100571 /* k10 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800572 subL[13] = krl; subR[13] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100573 /* rotation left shift 15+30+15+17 bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800574 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100575 /* kl3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800576 subL[16] = kll; subR[16] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100577 /* kl4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800578 subL[17] = krl; subR[17] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100579 /* rotation left shift 15+30+15+17+17 bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800580 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100581 /* k13 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800582 subL[18] = kll; subR[18] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100583 /* k14 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800584 subL[19] = krl; subR[19] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100585 /* rotation left shift 15+30+15+17+17+17 bit */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800586 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100587 /* k17 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800588 subL[22] = kll; subR[22] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100589 /* k18 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800590 subL[23] = krl; subR[23] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100591
592 /* generate KA */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800593 kll = subL[0]; klr = subR[0];
594 krl = subL[1]; krr = subR[1];
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100595 CAMELLIA_F(kll, klr,
596 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
597 w0, w1, il, ir, t0, t1);
598 krl ^= w0; krr ^= w1;
599 CAMELLIA_F(krl, krr,
600 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
601 kll, klr, il, ir, t0, t1);
602 /* current status == (kll, klr, w0, w1) */
603 CAMELLIA_F(kll, klr,
604 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
605 krl, krr, il, ir, t0, t1);
606 krl ^= w0; krr ^= w1;
607 CAMELLIA_F(krl, krr,
608 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
609 w0, w1, il, ir, t0, t1);
610 kll ^= w0; klr ^= w1;
611
612 /* generate KA dependent subkeys */
613 /* k1, k2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800614 subL[2] = kll; subR[2] = klr;
615 subL[3] = krl; subR[3] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800616 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100617 /* k5,k6 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800618 subL[6] = kll; subR[6] = klr;
619 subL[7] = krl; subR[7] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800620 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100621 /* kl1, kl2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800622 subL[8] = kll; subR[8] = klr;
623 subL[9] = krl; subR[9] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800624 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100625 /* k9 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800626 subL[12] = kll; subR[12] = klr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800627 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100628 /* k11, k12 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800629 subL[14] = kll; subR[14] = klr;
630 subL[15] = krl; subR[15] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800631 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100632 /* k15, k16 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800633 subL[20] = kll; subR[20] = klr;
634 subL[21] = krl; subR[21] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800635 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100636 /* kw3, kw4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800637 subL[24] = kll; subR[24] = klr;
638 subL[25] = krl; subR[25] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100639
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800640 camellia_setup_tail(subkey, subL, subR, 24);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100641}
642
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100643static void camellia_setup256(const unsigned char *key, u32 *subkey)
644{
Denys Vlasenko1ce73e82007-11-06 22:13:40 +0800645 u32 kll, klr, krl, krr; /* left half of key */
646 u32 krll, krlr, krrl, krrr; /* right half of key */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100647 u32 il, ir, t0, t1, w0, w1; /* temporary variables */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100648 u32 subL[34];
649 u32 subR[34];
650
651 /**
652 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800653 * (|| is concatenation)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100654 */
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800655 kll = get_unaligned_be32(key);
656 klr = get_unaligned_be32(key + 4);
657 krl = get_unaligned_be32(key + 8);
658 krr = get_unaligned_be32(key + 12);
659 krll = get_unaligned_be32(key + 16);
660 krlr = get_unaligned_be32(key + 20);
661 krrl = get_unaligned_be32(key + 24);
662 krrr = get_unaligned_be32(key + 28);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100663
664 /* generate KL dependent subkeys */
665 /* kw1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800666 subL[0] = kll; subR[0] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100667 /* kw2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800668 subL[1] = krl; subR[1] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800669 ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100670 /* k9 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800671 subL[12] = kll; subR[12] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100672 /* k10 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800673 subL[13] = krl; subR[13] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800674 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100675 /* kl3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800676 subL[16] = kll; subR[16] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100677 /* kl4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800678 subL[17] = krl; subR[17] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800679 ROLDQ(kll, klr, krl, krr, w0, w1, 17);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100680 /* k17 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800681 subL[22] = kll; subR[22] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100682 /* k18 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800683 subL[23] = krl; subR[23] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800684 ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100685 /* k23 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800686 subL[30] = kll; subR[30] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100687 /* k24 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800688 subL[31] = krl; subR[31] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100689
690 /* generate KR dependent subkeys */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800691 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100692 /* k3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800693 subL[4] = krll; subR[4] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100694 /* k4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800695 subL[5] = krrl; subR[5] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800696 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100697 /* kl1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800698 subL[8] = krll; subR[8] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100699 /* kl2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800700 subL[9] = krrl; subR[9] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800701 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100702 /* k13 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800703 subL[18] = krll; subR[18] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100704 /* k14 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800705 subL[19] = krrl; subR[19] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800706 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100707 /* k19 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800708 subL[26] = krll; subR[26] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100709 /* k20 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800710 subL[27] = krrl; subR[27] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800711 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100712
713 /* generate KA */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800714 kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
715 krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100716 CAMELLIA_F(kll, klr,
717 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
718 w0, w1, il, ir, t0, t1);
719 krl ^= w0; krr ^= w1;
720 CAMELLIA_F(krl, krr,
721 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
722 kll, klr, il, ir, t0, t1);
723 kll ^= krll; klr ^= krlr;
724 CAMELLIA_F(kll, klr,
725 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
726 krl, krr, il, ir, t0, t1);
727 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
728 CAMELLIA_F(krl, krr,
729 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
730 w0, w1, il, ir, t0, t1);
731 kll ^= w0; klr ^= w1;
732
733 /* generate KB */
734 krll ^= kll; krlr ^= klr;
735 krrl ^= krl; krrr ^= krr;
736 CAMELLIA_F(krll, krlr,
737 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
738 w0, w1, il, ir, t0, t1);
739 krrl ^= w0; krrr ^= w1;
740 CAMELLIA_F(krrl, krrr,
741 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
742 w0, w1, il, ir, t0, t1);
743 krll ^= w0; krlr ^= w1;
744
745 /* generate KA dependent subkeys */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800746 ROLDQ(kll, klr, krl, krr, w0, w1, 15);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100747 /* k5 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800748 subL[6] = kll; subR[6] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100749 /* k6 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800750 subL[7] = krl; subR[7] = krr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800751 ROLDQ(kll, klr, krl, krr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100752 /* k11 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800753 subL[14] = kll; subR[14] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100754 /* k12 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800755 subL[15] = krl; subR[15] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100756 /* rotation left shift 32bit */
757 /* kl5 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800758 subL[24] = klr; subR[24] = krl;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100759 /* kl6 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800760 subL[25] = krr; subR[25] = kll;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100761 /* rotation left shift 49 from k11,k12 -> k21,k22 */
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800762 ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100763 /* k21 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800764 subL[28] = kll; subR[28] = klr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100765 /* k22 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800766 subL[29] = krl; subR[29] = krr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100767
768 /* generate KB dependent subkeys */
769 /* k1 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800770 subL[2] = krll; subR[2] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100771 /* k2 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800772 subL[3] = krrl; subR[3] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800773 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100774 /* k7 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800775 subL[10] = krll; subR[10] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100776 /* k8 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800777 subL[11] = krrl; subR[11] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800778 ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100779 /* k15 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800780 subL[20] = krll; subR[20] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100781 /* k16 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800782 subL[21] = krrl; subR[21] = krrr;
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800783 ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100784 /* kw3 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800785 subL[32] = krll; subR[32] = krlr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100786 /* kw4 */
Denys Vlasenko1721a812007-11-06 22:01:20 +0800787 subL[33] = krrl; subR[33] = krrr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100788
Denys Vlasenkodedcf8b2007-11-23 21:14:24 +0800789 camellia_setup_tail(subkey, subL, subR, 32);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100790}
791
792static void camellia_setup192(const unsigned char *key, u32 *subkey)
793{
794 unsigned char kk[32];
Richard Hartmann621dd362010-02-16 20:27:57 +0800795 u32 krll, krlr, krrl, krrr;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100796
797 memcpy(kk, key, 24);
Denys Vlasenko1721a812007-11-06 22:01:20 +0800798 memcpy((unsigned char *)&krll, key+16, 4);
799 memcpy((unsigned char *)&krlr, key+20, 4);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100800 krrl = ~krll;
801 krrr = ~krlr;
802 memcpy(kk+24, (unsigned char *)&krrl, 4);
803 memcpy(kk+28, (unsigned char *)&krrr, 4);
804 camellia_setup256(kk, subkey);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100805}
806
807
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800808/*
809 * Encrypt/decrypt
810 */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200811#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800812 t0 = kll; \
813 t2 = krr; \
814 t0 &= ll; \
815 t2 |= rr; \
816 rl ^= t2; \
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800817 lr ^= rol32(t0, 1); \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800818 t3 = krl; \
819 t1 = klr; \
820 t3 &= rl; \
821 t1 |= lr; \
822 ll ^= t1; \
Harvey Harrison32bd78e2008-10-12 20:40:12 +0800823 rr ^= rol32(t3, 1); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200824})
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800825
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200826#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \
Jussi Kivilinnac9b56d32012-03-03 13:59:00 +0200827 yl ^= kl; \
828 yr ^= kr; \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800829 ir = camellia_sp1110[(u8)xr]; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200830 il = camellia_sp1110[(u8)(xl >> 24)]; \
831 ir ^= camellia_sp0222[(u8)(xr >> 24)]; \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800832 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
833 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
834 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
835 ir ^= camellia_sp4404[(u8)(xr >> 8)]; \
836 il ^= camellia_sp4404[(u8)xl]; \
Jussi Kivilinnac9b56d32012-03-03 13:59:00 +0200837 ir ^= il; \
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800838 yl ^= ir; \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200839 yr ^= ror32(il, 8) ^ ir; \
840})
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800841
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800842/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
843static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100844{
Richard Hartmann621dd362010-02-16 20:27:57 +0800845 u32 il, ir, t0, t1; /* temporary variables */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100846
Denys Vlasenko1721a812007-11-06 22:01:20 +0800847 /* pre whitening but absorb kw2 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800848 io[0] ^= SUBKEY_L(0);
849 io[1] ^= SUBKEY_R(0);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100850
Denys Vlasenko1721a812007-11-06 22:01:20 +0800851 /* main iteration */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200852#define ROUNDS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800853 CAMELLIA_ROUNDSM(io[0], io[1], \
854 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
855 io[2], io[3], il, ir); \
856 CAMELLIA_ROUNDSM(io[2], io[3], \
857 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
858 io[0], io[1], il, ir); \
859 CAMELLIA_ROUNDSM(io[0], io[1], \
860 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
861 io[2], io[3], il, ir); \
862 CAMELLIA_ROUNDSM(io[2], io[3], \
863 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
864 io[0], io[1], il, ir); \
865 CAMELLIA_ROUNDSM(io[0], io[1], \
866 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
867 io[2], io[3], il, ir); \
868 CAMELLIA_ROUNDSM(io[2], io[3], \
869 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
870 io[0], io[1], il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200871})
872#define FLS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800873 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
874 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
875 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
876 t0, t1, il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200877})
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100878
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800879 ROUNDS(0);
880 FLS(8);
881 ROUNDS(8);
882 FLS(16);
883 ROUNDS(16);
884 if (max == 32) {
885 FLS(24);
886 ROUNDS(24);
887 }
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100888
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800889#undef ROUNDS
890#undef FLS
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100891
892 /* post whitening but kw4 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800893 io[2] ^= SUBKEY_L(max);
894 io[3] ^= SUBKEY_R(max);
895 /* NB: io[0],[1] should be swapped with [2],[3] by caller! */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100896}
897
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800898static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100899{
Richard Hartmann621dd362010-02-16 20:27:57 +0800900 u32 il, ir, t0, t1; /* temporary variables */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100901
Denys Vlasenko1721a812007-11-06 22:01:20 +0800902 /* pre whitening but absorb kw2 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800903 io[0] ^= SUBKEY_L(i);
904 io[1] ^= SUBKEY_R(i);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100905
906 /* main iteration */
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200907#define ROUNDS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800908 CAMELLIA_ROUNDSM(io[0], io[1], \
909 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
910 io[2], io[3], il, ir); \
911 CAMELLIA_ROUNDSM(io[2], io[3], \
912 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
913 io[0], io[1], il, ir); \
914 CAMELLIA_ROUNDSM(io[0], io[1], \
915 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
916 io[2], io[3], il, ir); \
917 CAMELLIA_ROUNDSM(io[2], io[3], \
918 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
919 io[0], io[1], il, ir); \
920 CAMELLIA_ROUNDSM(io[0], io[1], \
921 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
922 io[2], io[3], il, ir); \
923 CAMELLIA_ROUNDSM(io[2], io[3], \
924 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
925 io[0], io[1], il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200926})
927#define FLS(i) ({ \
Richard Hartmann621dd362010-02-16 20:27:57 +0800928 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
929 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
930 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
931 t0, t1, il, ir); \
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200932})
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100933
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800934 if (i == 32) {
935 ROUNDS(24);
936 FLS(24);
937 }
938 ROUNDS(16);
939 FLS(16);
940 ROUNDS(8);
941 FLS(8);
942 ROUNDS(0);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100943
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800944#undef ROUNDS
945#undef FLS
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100946
947 /* post whitening but kw4 */
Denys Vlasenkoacca79a2007-11-23 21:10:03 +0800948 io[2] ^= SUBKEY_L(0);
949 io[3] ^= SUBKEY_R(0);
950 /* NB: 0,1 should be swapped with 2,3 by caller! */
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100951}
952
953
Denys Vlasenko1721a812007-11-06 22:01:20 +0800954struct camellia_ctx {
955 int key_length;
Denys Vlasenko2ddae4a2007-11-23 21:05:55 +0800956 u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
Denys Vlasenko1721a812007-11-06 22:01:20 +0800957};
958
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100959static int
960camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
961 unsigned int key_len)
962{
963 struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
964 const unsigned char *key = (const unsigned char *)in_key;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100965
Eric Biggers674f3682019-12-30 21:19:36 -0600966 if (key_len != 16 && key_len != 24 && key_len != 32)
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100967 return -EINVAL;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100968
969 cctx->key_length = key_len;
970
Denys Vlasenko1721a812007-11-06 22:01:20 +0800971 switch (key_len) {
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100972 case 16:
973 camellia_setup128(key, cctx->key_table);
974 break;
975 case 24:
976 camellia_setup192(key, cctx->key_table);
977 break;
978 case 32:
979 camellia_setup256(key, cctx->key_table);
980 break;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100981 }
982
983 return 0;
984}
985
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100986static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
987{
988 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200989 unsigned int max;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100990
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +0800991 u32 tmp[4];
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100992
Ard Biesheuvel83385412021-02-01 19:02:33 +0100993 tmp[0] = get_unaligned_be32(in);
994 tmp[1] = get_unaligned_be32(in + 4);
995 tmp[2] = get_unaligned_be32(in + 8);
996 tmp[3] = get_unaligned_be32(in + 12);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +1100997
Jussi Kivilinnae2861a72012-03-05 20:26:37 +0200998 if (cctx->key_length == 16)
999 max = 24;
1000 else
1001 max = 32; /* for key lengths of 24 and 32 */
1002
1003 camellia_do_encrypt(cctx->key_table, tmp, max);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001004
Denys Vlasenkoacca79a2007-11-23 21:10:03 +08001005 /* do_encrypt returns 0,1 swapped with 2,3 */
Ard Biesheuvel83385412021-02-01 19:02:33 +01001006 put_unaligned_be32(tmp[2], out);
1007 put_unaligned_be32(tmp[3], out + 4);
1008 put_unaligned_be32(tmp[0], out + 8);
1009 put_unaligned_be32(tmp[1], out + 12);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001010}
1011
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001012static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1013{
1014 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
Jussi Kivilinnae2861a72012-03-05 20:26:37 +02001015 unsigned int max;
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001016
Denys Vlasenko3a5e5f812007-11-06 22:05:36 +08001017 u32 tmp[4];
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001018
Ard Biesheuvel83385412021-02-01 19:02:33 +01001019 tmp[0] = get_unaligned_be32(in);
1020 tmp[1] = get_unaligned_be32(in + 4);
1021 tmp[2] = get_unaligned_be32(in + 8);
1022 tmp[3] = get_unaligned_be32(in + 12);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001023
Jussi Kivilinnae2861a72012-03-05 20:26:37 +02001024 if (cctx->key_length == 16)
1025 max = 24;
1026 else
1027 max = 32; /* for key lengths of 24 and 32 */
1028
1029 camellia_do_decrypt(cctx->key_table, tmp, max);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001030
Denys Vlasenkoacca79a2007-11-23 21:10:03 +08001031 /* do_decrypt returns 0,1 swapped with 2,3 */
Ard Biesheuvel83385412021-02-01 19:02:33 +01001032 put_unaligned_be32(tmp[2], out);
1033 put_unaligned_be32(tmp[3], out + 4);
1034 put_unaligned_be32(tmp[0], out + 8);
1035 put_unaligned_be32(tmp[1], out + 12);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001036}
1037
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001038static struct crypto_alg camellia_alg = {
1039 .cra_name = "camellia",
1040 .cra_driver_name = "camellia-generic",
1041 .cra_priority = 100,
1042 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
1043 .cra_blocksize = CAMELLIA_BLOCK_SIZE,
1044 .cra_ctxsize = sizeof(struct camellia_ctx),
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001045 .cra_module = THIS_MODULE,
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001046 .cra_u = {
1047 .cipher = {
1048 .cia_min_keysize = CAMELLIA_MIN_KEY_SIZE,
1049 .cia_max_keysize = CAMELLIA_MAX_KEY_SIZE,
1050 .cia_setkey = camellia_set_key,
1051 .cia_encrypt = camellia_encrypt,
1052 .cia_decrypt = camellia_decrypt
1053 }
1054 }
1055};
1056
1057static int __init camellia_init(void)
1058{
1059 return crypto_register_alg(&camellia_alg);
1060}
1061
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001062static void __exit camellia_fini(void)
1063{
1064 crypto_unregister_alg(&camellia_alg);
1065}
1066
Eric Biggersc4741b22019-04-11 21:57:42 -07001067subsys_initcall(camellia_init);
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001068module_exit(camellia_fini);
1069
Noriaki TAKAMIYAd64beac2007-01-24 21:47:48 +11001070MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1071MODULE_LICENSE("GPL");
Kees Cook5d26a102014-11-20 17:05:53 -08001072MODULE_ALIAS_CRYPTO("camellia");
Mathias Krause3e14dcf2015-01-11 18:17:42 +01001073MODULE_ALIAS_CRYPTO("camellia-generic");