/src/nss/lib/freebl/camellia.c
Line | Count | Source |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | #ifdef FREEBL_NO_DEPEND |
6 | | #include "stubs.h" |
7 | | #endif |
8 | | |
9 | | #include "prinit.h" |
10 | | #include "prerr.h" |
11 | | #include "secerr.h" |
12 | | |
13 | | #include "prtypes.h" |
14 | | #include "blapi.h" |
15 | | #include "camellia.h" |
16 | | #include "sha_fast.h" /* for SHA_HTONL and related configuration macros */ |
17 | | |
18 | | /* key constants */ |
19 | | |
20 | | #define CAMELLIA_SIGMA1L (0xA09E667FL) |
21 | | #define CAMELLIA_SIGMA1R (0x3BCC908BL) |
22 | | #define CAMELLIA_SIGMA2L (0xB67AE858L) |
23 | | #define CAMELLIA_SIGMA2R (0x4CAA73B2L) |
24 | | #define CAMELLIA_SIGMA3L (0xC6EF372FL) |
25 | | #define CAMELLIA_SIGMA3R (0xE94F82BEL) |
26 | | #define CAMELLIA_SIGMA4L (0x54FF53A5L) |
27 | | #define CAMELLIA_SIGMA4R (0xF1D36F1CL) |
28 | | #define CAMELLIA_SIGMA5L (0x10E527FAL) |
29 | | #define CAMELLIA_SIGMA5R (0xDE682D1DL) |
30 | | #define CAMELLIA_SIGMA6L (0xB05688C2L) |
31 | | #define CAMELLIA_SIGMA6R (0xB3E6C1FDL) |
32 | | |
33 | | /* |
34 | | * macros |
35 | | */ |
36 | | |
37 | | #if defined(HAVE_UNALIGNED_ACCESS) |
38 | | |
39 | | /* require a CPU that allows unaligned access */ |
40 | | |
41 | | #if defined(SHA_NEED_TMP_VARIABLE) |
42 | | #define CAMELLIA_NEED_TMP_VARIABLE 1 |
43 | | #endif |
44 | | |
45 | 497k | #define GETU32(p) SHA_HTONL(*((PRUint32 *)(p))) |
46 | | #define PUTU32(ct, st) \ |
47 | 328k | { \ |
48 | 328k | *((PRUint32 *)(ct)) = SHA_HTONL(st); \ |
49 | 328k | } |
50 | | |
51 | | #else /* no unaligned access */ |
52 | | |
53 | | #define GETU32(pt) \ |
54 | | (((PRUint32)(pt)[0] << 24) ^ ((PRUint32)(pt)[1] << 16) ^ ((PRUint32)(pt)[2] << 8) ^ ((PRUint32)(pt)[3])) |
55 | | |
56 | | #define PUTU32(ct, st) \ |
57 | | { \ |
58 | | (ct)[0] = (PRUint8)((st) >> 24); \ |
59 | | (ct)[1] = (PRUint8)((st) >> 16); \ |
60 | | (ct)[2] = (PRUint8)((st) >> 8); \ |
61 | | (ct)[3] = (PRUint8)(st); \ |
62 | | } |
63 | | |
64 | | #endif |
65 | | |
66 | 3.01M | #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) |
67 | 2.35M | #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) |
68 | | |
69 | | /* rotation right shift 1byte */ |
70 | 1.78M | #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) |
71 | | /* rotation left shift 1bit */ |
72 | 682k | #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) |
73 | | /* rotation left shift 1byte */ |
74 | 657k | #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) |
75 | | |
76 | | #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ |
77 | 352k | do { \ |
78 | 352k | w0 = ll; \ |
79 | 352k | ll = (ll << bits) + (lr >> (32 - bits)); \ |
80 | 352k | lr = (lr << bits) + (rl >> (32 - bits)); \ |
81 | 352k | rl = (rl << bits) + (rr >> (32 - bits)); \ |
82 | 352k | rr = (rr << bits) + (w0 >> (32 - bits)); \ |
83 | 352k | } while (0) |
84 | | |
85 | | #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ |
86 | 76.8k | do { \ |
87 | 76.8k | w0 = ll; \ |
88 | 76.8k | w1 = lr; \ |
89 | 76.8k | ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ |
90 | 76.8k | lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ |
91 | 76.8k | rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ |
92 | 76.8k | rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ |
93 | 76.8k | } while (0) |
94 | | |
95 | 3.56M | #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) |
96 | 3.56M | #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) |
97 | 3.56M | #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) |
98 | 3.56M | #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) |
99 | | |
100 | | #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ |
101 | 151k | do { \ |
102 | 151k | il = xl ^ kl; \ |
103 | 151k | ir = xr ^ kr; \ |
104 | 151k | t0 = il >> 16; \ |
105 | 151k | t1 = ir >> 16; \ |
106 | 151k | yl = CAMELLIA_SP1110(ir & 0xff) ^ \ |
107 | 151k | CAMELLIA_SP0222((t1 >> 8) & 0xff) ^ \ |
108 | 151k | CAMELLIA_SP3033(t1 & 0xff) ^ \ |
109 | 151k | CAMELLIA_SP4404((ir >> 8) & 0xff); \ |
110 | 151k | yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) ^ \ |
111 | 151k | CAMELLIA_SP0222(t0 & 0xff) ^ \ |
112 | 151k | CAMELLIA_SP3033((il >> 8) & 0xff) ^ \ |
113 | 151k | CAMELLIA_SP4404(il & 0xff); \ |
114 | 151k | yl ^= yr; \ |
115 | 151k | yr = CAMELLIA_RR8(yr); \ |
116 | 151k | yr ^= yl; \ |
117 | 151k | } while (0) |
118 | | |
119 | | /* |
120 | | * for speed up |
121 | | * |
122 | | */ |
123 | | #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ |
124 | 189k | do { \ |
125 | 189k | t0 = kll; \ |
126 | 189k | t0 &= ll; \ |
127 | 189k | lr ^= CAMELLIA_RL1(t0); \ |
128 | 189k | t1 = klr; \ |
129 | 189k | t1 |= lr; \ |
130 | 189k | ll ^= t1; \ |
131 | 189k | \ |
132 | 189k | t2 = krr; \ |
133 | 189k | t2 |= rr; \ |
134 | 189k | rl ^= t2; \ |
135 | 189k | t3 = krl; \ |
136 | 189k | t3 &= rl; \ |
137 | 189k | rr ^= CAMELLIA_RL1(t3); \ |
138 | 189k | } while (0) |
139 | | |
140 | | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ |
141 | 1.63M | do { \ |
142 | 1.63M | ir = CAMELLIA_SP1110(xr & 0xff) ^ \ |
143 | 1.63M | CAMELLIA_SP0222((xr >> 24) & 0xff) ^ \ |
144 | 1.63M | CAMELLIA_SP3033((xr >> 16) & 0xff) ^ \ |
145 | 1.63M | CAMELLIA_SP4404((xr >> 8) & 0xff); \ |
146 | 1.63M | il = CAMELLIA_SP1110((xl >> 24) & 0xff) ^ \ |
147 | 1.63M | CAMELLIA_SP0222((xl >> 16) & 0xff) ^ \ |
148 | 1.63M | CAMELLIA_SP3033((xl >> 8) & 0xff) ^ \ |
149 | 1.63M | CAMELLIA_SP4404(xl & 0xff); \ |
150 | 1.63M | il ^= kl; \ |
151 | 1.63M | ir ^= kr; \ |
152 | 1.63M | ir ^= il; \ |
153 | 1.63M | il = CAMELLIA_RR8(il); \ |
154 | 1.63M | il ^= ir; \ |
155 | 1.63M | yl ^= ir; \ |
156 | 1.63M | yr ^= il; \ |
157 | 1.63M | } while (0) |
158 | | |
159 | | static const PRUint32 camellia_sp1110[256] = { |
160 | | 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, |
161 | | 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500, |
162 | | 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, |
163 | | 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, |
164 | | 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300, |
165 | | 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, |
166 | | 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, |
167 | | 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00, |
168 | | 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, |
169 | | 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, |
170 | | 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00, |
171 | | 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, |
172 | | 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, |
173 | | 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00, |
174 | | 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, |
175 | | 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, |
176 | | 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600, |
177 | | 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, |
178 | | 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, |
179 | | 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900, |
180 | | 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, |
181 | | 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, |
182 | | 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100, |
183 | | 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, |
184 | | 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, |
185 | | 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00, |
186 | | 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, |
187 | | 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, |
188 | | 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200, |
189 | | 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, |
190 | | 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, |
191 | | 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000, |
192 | | 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, |
193 | | 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, |
194 | | 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500, |
195 | | 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, |
196 | | 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, |
197 | | 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00, |
198 | | 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, |
199 | | 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, |
200 | | 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200, |
201 | | 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, |
202 | | 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, |
203 | | 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200, |
204 | | 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, |
205 | | 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, |
206 | | 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00, |
207 | | 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, |
208 | | 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, |
209 | | 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00, |
210 | | 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, |
211 | | 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, |
212 | | 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00, |
213 | | 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, |
214 | | 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, |
215 | | 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00, |
216 | | 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, |
217 | | 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, |
218 | | 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800, |
219 | | 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, |
220 | | 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, |
221 | | 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100, |
222 | | 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, |
223 | | 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 |
224 | | }; |
225 | | |
226 | | static const PRUint32 camellia_sp0222[256] = { |
227 | | 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, |
228 | | 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb, |
229 | | 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, |
230 | | 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, |
231 | | 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727, |
232 | | 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, |
233 | | 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, |
234 | | 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b, |
235 | | 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, |
236 | | 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, |
237 | | 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe, |
238 | | 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, |
239 | | 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, |
240 | | 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a, |
241 | | 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, |
242 | | 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, |
243 | | 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc, |
244 | | 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, |
245 | | 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, |
246 | | 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333, |
247 | | 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, |
248 | | 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, |
249 | | 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262, |
250 | | 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, |
251 | | 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, |
252 | | 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838, |
253 | | 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, |
254 | | 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, |
255 | | 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565, |
256 | | 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, |
257 | | 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, |
258 | | 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0, |
259 | | 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, |
260 | | 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, |
261 | | 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b, |
262 | | 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, |
263 | | 0x00202020, 0x00898989, 0x00000000, 0x00909090, |
264 | | 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7, |
265 | | 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, |
266 | | 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, |
267 | | 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404, |
268 | | 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, |
269 | | 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, |
270 | | 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5, |
271 | | 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, |
272 | | 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, |
273 | | 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696, |
274 | | 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, |
275 | | 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, |
276 | | 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d, |
277 | | 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, |
278 | | 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, |
279 | | 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4, |
280 | | 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, |
281 | | 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, |
282 | | 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5, |
283 | | 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, |
284 | | 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, |
285 | | 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0, |
286 | | 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, |
287 | | 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, |
288 | | 0x00777777, 0x00939393, 0x00868686, 0x00838383, |
289 | | 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, |
290 | | 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d |
291 | | }; |
292 | | |
293 | | static const PRUint32 camellia_sp3033[256] = { |
294 | | 0x38003838, 0x41004141, 0x16001616, 0x76007676, |
295 | | 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2, |
296 | | 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, |
297 | | 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, |
298 | | 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9, |
299 | | 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, |
300 | | 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, |
301 | | 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede, |
302 | | 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, |
303 | | 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, |
304 | | 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf, |
305 | | 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, |
306 | | 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, |
307 | | 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e, |
308 | | 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, |
309 | | 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, |
310 | | 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333, |
311 | | 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, |
312 | | 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, |
313 | | 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc, |
314 | | 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, |
315 | | 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, |
316 | | 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898, |
317 | | 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, |
318 | | 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, |
319 | | 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e, |
320 | | 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, |
321 | | 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, |
322 | | 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959, |
323 | | 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, |
324 | | 0x12001212, 0x04000404, 0x74007474, 0x54005454, |
325 | | 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828, |
326 | | 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, |
327 | | 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, |
328 | | 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca, |
329 | | 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, |
330 | | 0x08000808, 0x62006262, 0x00000000, 0x24002424, |
331 | | 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded, |
332 | | 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, |
333 | | 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, |
334 | | 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101, |
335 | | 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, |
336 | | 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, |
337 | | 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171, |
338 | | 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, |
339 | | 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, |
340 | | 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5, |
341 | | 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, |
342 | | 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, |
343 | | 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747, |
344 | | 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, |
345 | | 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, |
346 | | 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535, |
347 | | 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, |
348 | | 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, |
349 | | 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d, |
350 | | 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, |
351 | | 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, |
352 | | 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434, |
353 | | 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, |
354 | | 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, |
355 | | 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0, |
356 | | 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, |
357 | | 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f |
358 | | }; |
359 | | |
360 | | static const PRUint32 camellia_sp4404[256] = { |
361 | | 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, |
362 | | 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae, |
363 | | 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, |
364 | | 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, |
365 | | 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f, |
366 | | 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, |
367 | | 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, |
368 | | 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c, |
369 | | 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, |
370 | | 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, |
371 | | 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076, |
372 | | 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, |
373 | | 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, |
374 | | 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2, |
375 | | 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, |
376 | | 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, |
377 | | 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062, |
378 | | 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, |
379 | | 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, |
380 | | 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd, |
381 | | 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, |
382 | | 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, |
383 | | 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6, |
384 | | 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, |
385 | | 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, |
386 | | 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4, |
387 | | 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, |
388 | | 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, |
389 | | 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac, |
390 | | 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, |
391 | | 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, |
392 | | 0x15150015, 0xadad00ad, 0x77770077, 0x80800080, |
393 | | 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, |
394 | | 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, |
395 | | 0xefef00ef, 0x93930093, 0x19190019, 0x21210021, |
396 | | 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, |
397 | | 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, |
398 | | 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a, |
399 | | 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, |
400 | | 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, |
401 | | 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d, |
402 | | 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, |
403 | | 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, |
404 | | 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7, |
405 | | 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, |
406 | | 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, |
407 | | 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091, |
408 | | 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, |
409 | | 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, |
410 | | 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2, |
411 | | 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, |
412 | | 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, |
413 | | 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033, |
414 | | 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, |
415 | | 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, |
416 | | 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e, |
417 | | 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, |
418 | | 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, |
419 | | 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba, |
420 | | 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, |
421 | | 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, |
422 | | 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4, |
423 | | 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, |
424 | | 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e |
425 | | }; |
426 | | |
427 | | /** |
428 | | * Stuff related to the Camellia key schedule |
429 | | */ |
430 | 4.12M | #define subl(x) subL[(x)] |
431 | 4.27M | #define subr(x) subR[(x)] |
432 | | |
433 | | void |
434 | | camellia_setup128(const unsigned char *key, PRUint32 *subkey) |
435 | 24.9k | { |
436 | 24.9k | PRUint32 kll, klr, krl, krr; |
437 | 24.9k | PRUint32 il, ir, t0, t1, w0, w1; |
438 | 24.9k | PRUint32 kw4l, kw4r, dw, tl, tr; |
439 | 24.9k | PRUint32 subL[26]; |
440 | 24.9k | PRUint32 subR[26]; |
441 | | #if defined(CAMELLIA_NEED_TMP_VARIABLE) |
442 | | PRUint32 tmp; |
443 | | #endif |
444 | | |
445 | | /** |
446 | | * k == kll || klr || krl || krr (|| is concatination) |
447 | | */ |
448 | 24.9k | kll = GETU32(key); |
449 | 24.9k | klr = GETU32(key + 4); |
450 | 24.9k | krl = GETU32(key + 8); |
451 | 24.9k | krr = GETU32(key + 12); |
452 | | /** |
453 | | * generate KL dependent subkeys |
454 | | */ |
455 | 24.9k | subl(0) = kll; |
456 | 24.9k | subr(0) = klr; |
457 | 24.9k | subl(1) = krl; |
458 | 24.9k | subr(1) = krr; |
459 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
460 | 24.9k | subl(4) = kll; |
461 | 24.9k | subr(4) = klr; |
462 | 24.9k | subl(5) = krl; |
463 | 24.9k | subr(5) = krr; |
464 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); |
465 | 24.9k | subl(10) = kll; |
466 | 24.9k | subr(10) = klr; |
467 | 24.9k | subl(11) = krl; |
468 | 24.9k | subr(11) = krr; |
469 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
470 | 24.9k | subl(13) = krl; |
471 | 24.9k | subr(13) = krr; |
472 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
473 | 24.9k | subl(16) = kll; |
474 | 24.9k | subr(16) = klr; |
475 | 24.9k | subl(17) = krl; |
476 | 24.9k | subr(17) = krr; |
477 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
478 | 24.9k | subl(18) = kll; |
479 | 24.9k | subr(18) = klr; |
480 | 24.9k | subl(19) = krl; |
481 | 24.9k | subr(19) = krr; |
482 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
483 | 24.9k | subl(22) = kll; |
484 | 24.9k | subr(22) = klr; |
485 | 24.9k | subl(23) = krl; |
486 | 24.9k | subr(23) = krr; |
487 | | |
488 | | /* generate KA */ |
489 | 24.9k | kll = subl(0); |
490 | 24.9k | klr = subr(0); |
491 | 24.9k | krl = subl(1); |
492 | 24.9k | krr = subr(1); |
493 | 24.9k | CAMELLIA_F(kll, klr, |
494 | 24.9k | CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, |
495 | 24.9k | w0, w1, il, ir, t0, t1); |
496 | 24.9k | krl ^= w0; |
497 | 24.9k | krr ^= w1; |
498 | 24.9k | CAMELLIA_F(krl, krr, |
499 | 24.9k | CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, |
500 | 24.9k | kll, klr, il, ir, t0, t1); |
501 | 24.9k | CAMELLIA_F(kll, klr, |
502 | 24.9k | CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, |
503 | 24.9k | krl, krr, il, ir, t0, t1); |
504 | 24.9k | krl ^= w0; |
505 | 24.9k | krr ^= w1; |
506 | 24.9k | CAMELLIA_F(krl, krr, |
507 | 24.9k | CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, |
508 | 24.9k | w0, w1, il, ir, t0, t1); |
509 | 24.9k | kll ^= w0; |
510 | 24.9k | klr ^= w1; |
511 | | |
512 | | /* generate KA dependent subkeys */ |
513 | 24.9k | subl(2) = kll; |
514 | 24.9k | subr(2) = klr; |
515 | 24.9k | subl(3) = krl; |
516 | 24.9k | subr(3) = krr; |
517 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
518 | 24.9k | subl(6) = kll; |
519 | 24.9k | subr(6) = klr; |
520 | 24.9k | subl(7) = krl; |
521 | 24.9k | subr(7) = krr; |
522 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
523 | 24.9k | subl(8) = kll; |
524 | 24.9k | subr(8) = klr; |
525 | 24.9k | subl(9) = krl; |
526 | 24.9k | subr(9) = krr; |
527 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
528 | 24.9k | subl(12) = kll; |
529 | 24.9k | subr(12) = klr; |
530 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
531 | 24.9k | subl(14) = kll; |
532 | 24.9k | subr(14) = klr; |
533 | 24.9k | subl(15) = krl; |
534 | 24.9k | subr(15) = krr; |
535 | 24.9k | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); |
536 | 24.9k | subl(20) = kll; |
537 | 24.9k | subr(20) = klr; |
538 | 24.9k | subl(21) = krl; |
539 | 24.9k | subr(21) = krr; |
540 | 24.9k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
541 | 24.9k | subl(24) = kll; |
542 | 24.9k | subr(24) = klr; |
543 | 24.9k | subl(25) = krl; |
544 | 24.9k | subr(25) = krr; |
545 | | |
546 | | /* absorb kw2 to other subkeys */ |
547 | 24.9k | subl(3) ^= subl(1); |
548 | 24.9k | subr(3) ^= subr(1); |
549 | 24.9k | subl(5) ^= subl(1); |
550 | 24.9k | subr(5) ^= subr(1); |
551 | 24.9k | subl(7) ^= subl(1); |
552 | 24.9k | subr(7) ^= subr(1); |
553 | 24.9k | subl(1) ^= subr(1) & ~subr(9); |
554 | 24.9k | dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); |
555 | 24.9k | subl(11) ^= subl(1); |
556 | 24.9k | subr(11) ^= subr(1); |
557 | 24.9k | subl(13) ^= subl(1); |
558 | 24.9k | subr(13) ^= subr(1); |
559 | 24.9k | subl(15) ^= subl(1); |
560 | 24.9k | subr(15) ^= subr(1); |
561 | 24.9k | subl(1) ^= subr(1) & ~subr(17); |
562 | 24.9k | dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); |
563 | 24.9k | subl(19) ^= subl(1); |
564 | 24.9k | subr(19) ^= subr(1); |
565 | 24.9k | subl(21) ^= subl(1); |
566 | 24.9k | subr(21) ^= subr(1); |
567 | 24.9k | subl(23) ^= subl(1); |
568 | 24.9k | subr(23) ^= subr(1); |
569 | 24.9k | subl(24) ^= subl(1); |
570 | 24.9k | subr(24) ^= subr(1); |
571 | | |
572 | | /* absorb kw4 to other subkeys */ |
573 | 24.9k | kw4l = subl(25); |
574 | 24.9k | kw4r = subr(25); |
575 | 24.9k | subl(22) ^= kw4l; |
576 | 24.9k | subr(22) ^= kw4r; |
577 | 24.9k | subl(20) ^= kw4l; |
578 | 24.9k | subr(20) ^= kw4r; |
579 | 24.9k | subl(18) ^= kw4l; |
580 | 24.9k | subr(18) ^= kw4r; |
581 | 24.9k | kw4l ^= kw4r & ~subr(16); |
582 | 24.9k | dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); |
583 | 24.9k | subl(14) ^= kw4l; |
584 | 24.9k | subr(14) ^= kw4r; |
585 | 24.9k | subl(12) ^= kw4l; |
586 | 24.9k | subr(12) ^= kw4r; |
587 | 24.9k | subl(10) ^= kw4l; |
588 | 24.9k | subr(10) ^= kw4r; |
589 | 24.9k | kw4l ^= kw4r & ~subr(8); |
590 | 24.9k | dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); |
591 | 24.9k | subl(6) ^= kw4l; |
592 | 24.9k | subr(6) ^= kw4r; |
593 | 24.9k | subl(4) ^= kw4l; |
594 | 24.9k | subr(4) ^= kw4r; |
595 | 24.9k | subl(2) ^= kw4l; |
596 | 24.9k | subr(2) ^= kw4r; |
597 | 24.9k | subl(0) ^= kw4l; |
598 | 24.9k | subr(0) ^= kw4r; |
599 | | |
600 | | /* key XOR is end of F-function */ |
601 | 24.9k | CamelliaSubkeyL(0) = subl(0) ^ subl(2); |
602 | 24.9k | CamelliaSubkeyR(0) = subr(0) ^ subr(2); |
603 | 24.9k | CamelliaSubkeyL(2) = subl(3); |
604 | 24.9k | CamelliaSubkeyR(2) = subr(3); |
605 | 24.9k | CamelliaSubkeyL(3) = subl(2) ^ subl(4); |
606 | 24.9k | CamelliaSubkeyR(3) = subr(2) ^ subr(4); |
607 | 24.9k | CamelliaSubkeyL(4) = subl(3) ^ subl(5); |
608 | 24.9k | CamelliaSubkeyR(4) = subr(3) ^ subr(5); |
609 | 24.9k | CamelliaSubkeyL(5) = subl(4) ^ subl(6); |
610 | 24.9k | CamelliaSubkeyR(5) = subr(4) ^ subr(6); |
611 | 24.9k | CamelliaSubkeyL(6) = subl(5) ^ subl(7); |
612 | 24.9k | CamelliaSubkeyR(6) = subr(5) ^ subr(7); |
613 | 24.9k | tl = subl(10) ^ (subr(10) & ~subr(8)); |
614 | 24.9k | dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); |
615 | 24.9k | CamelliaSubkeyL(7) = subl(6) ^ tl; |
616 | 24.9k | CamelliaSubkeyR(7) = subr(6) ^ tr; |
617 | 24.9k | CamelliaSubkeyL(8) = subl(8); |
618 | 24.9k | CamelliaSubkeyR(8) = subr(8); |
619 | 24.9k | CamelliaSubkeyL(9) = subl(9); |
620 | 24.9k | CamelliaSubkeyR(9) = subr(9); |
621 | 24.9k | tl = subl(7) ^ (subr(7) & ~subr(9)); |
622 | 24.9k | dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); |
623 | 24.9k | CamelliaSubkeyL(10) = tl ^ subl(11); |
624 | 24.9k | CamelliaSubkeyR(10) = tr ^ subr(11); |
625 | 24.9k | CamelliaSubkeyL(11) = subl(10) ^ subl(12); |
626 | 24.9k | CamelliaSubkeyR(11) = subr(10) ^ subr(12); |
627 | 24.9k | CamelliaSubkeyL(12) = subl(11) ^ subl(13); |
628 | 24.9k | CamelliaSubkeyR(12) = subr(11) ^ subr(13); |
629 | 24.9k | CamelliaSubkeyL(13) = subl(12) ^ subl(14); |
630 | 24.9k | CamelliaSubkeyR(13) = subr(12) ^ subr(14); |
631 | 24.9k | CamelliaSubkeyL(14) = subl(13) ^ subl(15); |
632 | 24.9k | CamelliaSubkeyR(14) = subr(13) ^ subr(15); |
633 | 24.9k | tl = subl(18) ^ (subr(18) & ~subr(16)); |
634 | 24.9k | dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); |
635 | 24.9k | CamelliaSubkeyL(15) = subl(14) ^ tl; |
636 | 24.9k | CamelliaSubkeyR(15) = subr(14) ^ tr; |
637 | 24.9k | CamelliaSubkeyL(16) = subl(16); |
638 | 24.9k | CamelliaSubkeyR(16) = subr(16); |
639 | 24.9k | CamelliaSubkeyL(17) = subl(17); |
640 | 24.9k | CamelliaSubkeyR(17) = subr(17); |
641 | 24.9k | tl = subl(15) ^ (subr(15) & ~subr(17)); |
642 | 24.9k | dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); |
643 | 24.9k | CamelliaSubkeyL(18) = tl ^ subl(19); |
644 | 24.9k | CamelliaSubkeyR(18) = tr ^ subr(19); |
645 | 24.9k | CamelliaSubkeyL(19) = subl(18) ^ subl(20); |
646 | 24.9k | CamelliaSubkeyR(19) = subr(18) ^ subr(20); |
647 | 24.9k | CamelliaSubkeyL(20) = subl(19) ^ subl(21); |
648 | 24.9k | CamelliaSubkeyR(20) = subr(19) ^ subr(21); |
649 | 24.9k | CamelliaSubkeyL(21) = subl(20) ^ subl(22); |
650 | 24.9k | CamelliaSubkeyR(21) = subr(20) ^ subr(22); |
651 | 24.9k | CamelliaSubkeyL(22) = subl(21) ^ subl(23); |
652 | 24.9k | CamelliaSubkeyR(22) = subr(21) ^ subr(23); |
653 | 24.9k | CamelliaSubkeyL(23) = subl(22); |
654 | 24.9k | CamelliaSubkeyR(23) = subr(22); |
655 | 24.9k | CamelliaSubkeyL(24) = subl(24) ^ subl(23); |
656 | 24.9k | CamelliaSubkeyR(24) = subr(24) ^ subr(23); |
657 | | |
658 | | /* apply the inverse of the last half of P-function */ |
659 | 24.9k | dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); |
660 | 24.9k | CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; |
661 | 24.9k | dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); |
662 | 24.9k | CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; |
663 | 24.9k | dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); |
664 | 24.9k | CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; |
665 | 24.9k | dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); |
666 | 24.9k | CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; |
667 | 24.9k | dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); |
668 | 24.9k | CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; |
669 | 24.9k | dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); |
670 | 24.9k | CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; |
671 | 24.9k | dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); |
672 | 24.9k | CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; |
673 | 24.9k | dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); |
674 | 24.9k | CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; |
675 | 24.9k | dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); |
676 | 24.9k | CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; |
677 | 24.9k | dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); |
678 | 24.9k | CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; |
679 | 24.9k | dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); |
680 | 24.9k | CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; |
681 | 24.9k | dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); |
682 | 24.9k | CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; |
683 | 24.9k | dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); |
684 | 24.9k | CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; |
685 | 24.9k | dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); |
686 | 24.9k | CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; |
687 | 24.9k | dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); |
688 | 24.9k | CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; |
689 | 24.9k | dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); |
690 | 24.9k | CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; |
691 | 24.9k | dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); |
692 | 24.9k | CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; |
693 | 24.9k | dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); |
694 | 24.9k | CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; |
695 | | |
696 | 24.9k | return; |
697 | 24.9k | } |
698 | | |
699 | | void |
700 | | camellia_setup256(const unsigned char *key, PRUint32 *subkey) |
701 | 8.64k | { |
702 | 8.64k | PRUint32 kll, klr, krl, krr; /* left half of key */ |
703 | 8.64k | PRUint32 krll, krlr, krrl, krrr; /* right half of key */ |
704 | 8.64k | PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */ |
705 | 8.64k | PRUint32 kw4l, kw4r, dw, tl, tr; |
706 | 8.64k | PRUint32 subL[34]; |
707 | 8.64k | PRUint32 subR[34]; |
708 | | #if defined(CAMELLIA_NEED_TMP_VARIABLE) |
709 | | PRUint32 tmp; |
710 | | #endif |
711 | | |
712 | | /** |
713 | | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) |
714 | | * (|| is concatination) |
715 | | */ |
716 | | |
717 | 8.64k | kll = GETU32(key); |
718 | 8.64k | klr = GETU32(key + 4); |
719 | 8.64k | krl = GETU32(key + 8); |
720 | 8.64k | krr = GETU32(key + 12); |
721 | 8.64k | krll = GETU32(key + 16); |
722 | 8.64k | krlr = GETU32(key + 20); |
723 | 8.64k | krrl = GETU32(key + 24); |
724 | 8.64k | krrr = GETU32(key + 28); |
725 | | |
726 | | /* generate KL dependent subkeys */ |
727 | 8.64k | subl(0) = kll; |
728 | 8.64k | subr(0) = klr; |
729 | 8.64k | subl(1) = krl; |
730 | 8.64k | subr(1) = krr; |
731 | 8.64k | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); |
732 | 8.64k | subl(12) = kll; |
733 | 8.64k | subr(12) = klr; |
734 | 8.64k | subl(13) = krl; |
735 | 8.64k | subr(13) = krr; |
736 | 8.64k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
737 | 8.64k | subl(16) = kll; |
738 | 8.64k | subr(16) = klr; |
739 | 8.64k | subl(17) = krl; |
740 | 8.64k | subr(17) = krr; |
741 | 8.64k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); |
742 | 8.64k | subl(22) = kll; |
743 | 8.64k | subr(22) = klr; |
744 | 8.64k | subl(23) = krl; |
745 | 8.64k | subr(23) = krr; |
746 | 8.64k | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); |
747 | 8.64k | subl(30) = kll; |
748 | 8.64k | subr(30) = klr; |
749 | 8.64k | subl(31) = krl; |
750 | 8.64k | subr(31) = krr; |
751 | | |
752 | | /* generate KR dependent subkeys */ |
753 | 8.64k | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); |
754 | 8.64k | subl(4) = krll; |
755 | 8.64k | subr(4) = krlr; |
756 | 8.64k | subl(5) = krrl; |
757 | 8.64k | subr(5) = krrr; |
758 | 8.64k | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); |
759 | 8.64k | subl(8) = krll; |
760 | 8.64k | subr(8) = krlr; |
761 | 8.64k | subl(9) = krrl; |
762 | 8.64k | subr(9) = krrr; |
763 | 8.64k | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); |
764 | 8.64k | subl(18) = krll; |
765 | 8.64k | subr(18) = krlr; |
766 | 8.64k | subl(19) = krrl; |
767 | 8.64k | subr(19) = krrr; |
768 | 8.64k | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); |
769 | 8.64k | subl(26) = krll; |
770 | 8.64k | subr(26) = krlr; |
771 | 8.64k | subl(27) = krrl; |
772 | 8.64k | subr(27) = krrr; |
773 | 8.64k | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); |
774 | | |
775 | | /* generate KA */ |
776 | 8.64k | kll = subl(0) ^ krll; |
777 | 8.64k | klr = subr(0) ^ krlr; |
778 | 8.64k | krl = subl(1) ^ krrl; |
779 | 8.64k | krr = subr(1) ^ krrr; |
780 | 8.64k | CAMELLIA_F(kll, klr, |
781 | 8.64k | CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, |
782 | 8.64k | w0, w1, il, ir, t0, t1); |
783 | 8.64k | krl ^= w0; |
784 | 8.64k | krr ^= w1; |
785 | 8.64k | CAMELLIA_F(krl, krr, |
786 | 8.64k | CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, |
787 | 8.64k | kll, klr, il, ir, t0, t1); |
788 | 8.64k | kll ^= krll; |
789 | 8.64k | klr ^= krlr; |
790 | 8.64k | CAMELLIA_F(kll, klr, |
791 | 8.64k | CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, |
792 | 8.64k | krl, krr, il, ir, t0, t1); |
793 | 8.64k | krl ^= w0 ^ krrl; |
794 | 8.64k | krr ^= w1 ^ krrr; |
795 | 8.64k | CAMELLIA_F(krl, krr, |
796 | 8.64k | CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, |
797 | 8.64k | w0, w1, il, ir, t0, t1); |
798 | 8.64k | kll ^= w0; |
799 | 8.64k | klr ^= w1; |
800 | | |
801 | | /* generate KB */ |
802 | 8.64k | krll ^= kll; |
803 | 8.64k | krlr ^= klr; |
804 | 8.64k | krrl ^= krl; |
805 | 8.64k | krrr ^= krr; |
806 | 8.64k | CAMELLIA_F(krll, krlr, |
807 | 8.64k | CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, |
808 | 8.64k | w0, w1, il, ir, t0, t1); |
809 | 8.64k | krrl ^= w0; |
810 | 8.64k | krrr ^= w1; |
811 | 8.64k | CAMELLIA_F(krrl, krrr, |
812 | 8.64k | CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, |
813 | 8.64k | w0, w1, il, ir, t0, t1); |
814 | 8.64k | krll ^= w0; |
815 | 8.64k | krlr ^= w1; |
816 | | |
817 | | /* generate KA dependent subkeys */ |
818 | 8.64k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); |
819 | 8.64k | subl(6) = kll; |
820 | 8.64k | subr(6) = klr; |
821 | 8.64k | subl(7) = krl; |
822 | 8.64k | subr(7) = krr; |
823 | 8.64k | CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); |
824 | 8.64k | subl(14) = kll; |
825 | 8.64k | subr(14) = klr; |
826 | 8.64k | subl(15) = krl; |
827 | 8.64k | subr(15) = krr; |
828 | 8.64k | subl(24) = klr; |
829 | 8.64k | subr(24) = krl; |
830 | 8.64k | subl(25) = krr; |
831 | 8.64k | subr(25) = kll; |
832 | 8.64k | CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); |
833 | 8.64k | subl(28) = kll; |
834 | 8.64k | subr(28) = klr; |
835 | 8.64k | subl(29) = krl; |
836 | 8.64k | subr(29) = krr; |
837 | | |
838 | | /* generate KB dependent subkeys */ |
839 | 8.64k | subl(2) = krll; |
840 | 8.64k | subr(2) = krlr; |
841 | 8.64k | subl(3) = krrl; |
842 | 8.64k | subr(3) = krrr; |
843 | 8.64k | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); |
844 | 8.64k | subl(10) = krll; |
845 | 8.64k | subr(10) = krlr; |
846 | 8.64k | subl(11) = krrl; |
847 | 8.64k | subr(11) = krrr; |
848 | 8.64k | CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); |
849 | 8.64k | subl(20) = krll; |
850 | 8.64k | subr(20) = krlr; |
851 | 8.64k | subl(21) = krrl; |
852 | 8.64k | subr(21) = krrr; |
853 | 8.64k | CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); |
854 | 8.64k | subl(32) = krll; |
855 | 8.64k | subr(32) = krlr; |
856 | 8.64k | subl(33) = krrl; |
857 | 8.64k | subr(33) = krrr; |
858 | | |
859 | | /* absorb kw2 to other subkeys */ |
860 | 8.64k | subl(3) ^= subl(1); |
861 | 8.64k | subr(3) ^= subr(1); |
862 | 8.64k | subl(5) ^= subl(1); |
863 | 8.64k | subr(5) ^= subr(1); |
864 | 8.64k | subl(7) ^= subl(1); |
865 | 8.64k | subr(7) ^= subr(1); |
866 | 8.64k | subl(1) ^= subr(1) & ~subr(9); |
867 | 8.64k | dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); |
868 | 8.64k | subl(11) ^= subl(1); |
869 | 8.64k | subr(11) ^= subr(1); |
870 | 8.64k | subl(13) ^= subl(1); |
871 | 8.64k | subr(13) ^= subr(1); |
872 | 8.64k | subl(15) ^= subl(1); |
873 | 8.64k | subr(15) ^= subr(1); |
874 | 8.64k | subl(1) ^= subr(1) & ~subr(17); |
875 | 8.64k | dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); |
876 | 8.64k | subl(19) ^= subl(1); |
877 | 8.64k | subr(19) ^= subr(1); |
878 | 8.64k | subl(21) ^= subl(1); |
879 | 8.64k | subr(21) ^= subr(1); |
880 | 8.64k | subl(23) ^= subl(1); |
881 | 8.64k | subr(23) ^= subr(1); |
882 | 8.64k | subl(1) ^= subr(1) & ~subr(25); |
883 | 8.64k | dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); |
884 | 8.64k | subl(27) ^= subl(1); |
885 | 8.64k | subr(27) ^= subr(1); |
886 | 8.64k | subl(29) ^= subl(1); |
887 | 8.64k | subr(29) ^= subr(1); |
888 | 8.64k | subl(31) ^= subl(1); |
889 | 8.64k | subr(31) ^= subr(1); |
890 | 8.64k | subl(32) ^= subl(1); |
891 | 8.64k | subr(32) ^= subr(1); |
892 | | |
893 | | /* absorb kw4 to other subkeys */ |
894 | 8.64k | kw4l = subl(33); |
895 | 8.64k | kw4r = subr(33); |
896 | 8.64k | subl(30) ^= kw4l; |
897 | 8.64k | subr(30) ^= kw4r; |
898 | 8.64k | subl(28) ^= kw4l; |
899 | 8.64k | subr(28) ^= kw4r; |
900 | 8.64k | subl(26) ^= kw4l; |
901 | 8.64k | subr(26) ^= kw4r; |
902 | 8.64k | kw4l ^= kw4r & ~subr(24); |
903 | 8.64k | dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); |
904 | 8.64k | subl(22) ^= kw4l; |
905 | 8.64k | subr(22) ^= kw4r; |
906 | 8.64k | subl(20) ^= kw4l; |
907 | 8.64k | subr(20) ^= kw4r; |
908 | 8.64k | subl(18) ^= kw4l; |
909 | 8.64k | subr(18) ^= kw4r; |
910 | 8.64k | kw4l ^= kw4r & ~subr(16); |
911 | 8.64k | dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); |
912 | 8.64k | subl(14) ^= kw4l; |
913 | 8.64k | subr(14) ^= kw4r; |
914 | 8.64k | subl(12) ^= kw4l; |
915 | 8.64k | subr(12) ^= kw4r; |
916 | 8.64k | subl(10) ^= kw4l; |
917 | 8.64k | subr(10) ^= kw4r; |
918 | 8.64k | kw4l ^= kw4r & ~subr(8); |
919 | 8.64k | dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); |
920 | 8.64k | subl(6) ^= kw4l; |
921 | 8.64k | subr(6) ^= kw4r; |
922 | 8.64k | subl(4) ^= kw4l; |
923 | 8.64k | subr(4) ^= kw4r; |
924 | 8.64k | subl(2) ^= kw4l; |
925 | 8.64k | subr(2) ^= kw4r; |
926 | 8.64k | subl(0) ^= kw4l; |
927 | 8.64k | subr(0) ^= kw4r; |
928 | | |
929 | | /* key XOR is end of F-function */ |
930 | 8.64k | CamelliaSubkeyL(0) = subl(0) ^ subl(2); |
931 | 8.64k | CamelliaSubkeyR(0) = subr(0) ^ subr(2); |
932 | 8.64k | CamelliaSubkeyL(2) = subl(3); |
933 | 8.64k | CamelliaSubkeyR(2) = subr(3); |
934 | 8.64k | CamelliaSubkeyL(3) = subl(2) ^ subl(4); |
935 | 8.64k | CamelliaSubkeyR(3) = subr(2) ^ subr(4); |
936 | 8.64k | CamelliaSubkeyL(4) = subl(3) ^ subl(5); |
937 | 8.64k | CamelliaSubkeyR(4) = subr(3) ^ subr(5); |
938 | 8.64k | CamelliaSubkeyL(5) = subl(4) ^ subl(6); |
939 | 8.64k | CamelliaSubkeyR(5) = subr(4) ^ subr(6); |
940 | 8.64k | CamelliaSubkeyL(6) = subl(5) ^ subl(7); |
941 | 8.64k | CamelliaSubkeyR(6) = subr(5) ^ subr(7); |
942 | 8.64k | tl = subl(10) ^ (subr(10) & ~subr(8)); |
943 | 8.64k | dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); |
944 | 8.64k | CamelliaSubkeyL(7) = subl(6) ^ tl; |
945 | 8.64k | CamelliaSubkeyR(7) = subr(6) ^ tr; |
946 | 8.64k | CamelliaSubkeyL(8) = subl(8); |
947 | 8.64k | CamelliaSubkeyR(8) = subr(8); |
948 | 8.64k | CamelliaSubkeyL(9) = subl(9); |
949 | 8.64k | CamelliaSubkeyR(9) = subr(9); |
950 | 8.64k | tl = subl(7) ^ (subr(7) & ~subr(9)); |
951 | 8.64k | dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); |
952 | 8.64k | CamelliaSubkeyL(10) = tl ^ subl(11); |
953 | 8.64k | CamelliaSubkeyR(10) = tr ^ subr(11); |
954 | 8.64k | CamelliaSubkeyL(11) = subl(10) ^ subl(12); |
955 | 8.64k | CamelliaSubkeyR(11) = subr(10) ^ subr(12); |
956 | 8.64k | CamelliaSubkeyL(12) = subl(11) ^ subl(13); |
957 | 8.64k | CamelliaSubkeyR(12) = subr(11) ^ subr(13); |
958 | 8.64k | CamelliaSubkeyL(13) = subl(12) ^ subl(14); |
959 | 8.64k | CamelliaSubkeyR(13) = subr(12) ^ subr(14); |
960 | 8.64k | CamelliaSubkeyL(14) = subl(13) ^ subl(15); |
961 | 8.64k | CamelliaSubkeyR(14) = subr(13) ^ subr(15); |
962 | 8.64k | tl = subl(18) ^ (subr(18) & ~subr(16)); |
963 | 8.64k | dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); |
964 | 8.64k | CamelliaSubkeyL(15) = subl(14) ^ tl; |
965 | 8.64k | CamelliaSubkeyR(15) = subr(14) ^ tr; |
966 | 8.64k | CamelliaSubkeyL(16) = subl(16); |
967 | 8.64k | CamelliaSubkeyR(16) = subr(16); |
968 | 8.64k | CamelliaSubkeyL(17) = subl(17); |
969 | 8.64k | CamelliaSubkeyR(17) = subr(17); |
970 | 8.64k | tl = subl(15) ^ (subr(15) & ~subr(17)); |
971 | 8.64k | dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); |
972 | 8.64k | CamelliaSubkeyL(18) = tl ^ subl(19); |
973 | 8.64k | CamelliaSubkeyR(18) = tr ^ subr(19); |
974 | 8.64k | CamelliaSubkeyL(19) = subl(18) ^ subl(20); |
975 | 8.64k | CamelliaSubkeyR(19) = subr(18) ^ subr(20); |
976 | 8.64k | CamelliaSubkeyL(20) = subl(19) ^ subl(21); |
977 | 8.64k | CamelliaSubkeyR(20) = subr(19) ^ subr(21); |
978 | 8.64k | CamelliaSubkeyL(21) = subl(20) ^ subl(22); |
979 | 8.64k | CamelliaSubkeyR(21) = subr(20) ^ subr(22); |
980 | 8.64k | CamelliaSubkeyL(22) = subl(21) ^ subl(23); |
981 | 8.64k | CamelliaSubkeyR(22) = subr(21) ^ subr(23); |
982 | 8.64k | tl = subl(26) ^ (subr(26) & ~subr(24)); |
983 | 8.64k | dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); |
984 | 8.64k | CamelliaSubkeyL(23) = subl(22) ^ tl; |
985 | 8.64k | CamelliaSubkeyR(23) = subr(22) ^ tr; |
986 | 8.64k | CamelliaSubkeyL(24) = subl(24); |
987 | 8.64k | CamelliaSubkeyR(24) = subr(24); |
988 | 8.64k | CamelliaSubkeyL(25) = subl(25); |
989 | 8.64k | CamelliaSubkeyR(25) = subr(25); |
990 | 8.64k | tl = subl(23) ^ (subr(23) & ~subr(25)); |
991 | 8.64k | dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); |
992 | 8.64k | CamelliaSubkeyL(26) = tl ^ subl(27); |
993 | 8.64k | CamelliaSubkeyR(26) = tr ^ subr(27); |
994 | 8.64k | CamelliaSubkeyL(27) = subl(26) ^ subl(28); |
995 | 8.64k | CamelliaSubkeyR(27) = subr(26) ^ subr(28); |
996 | 8.64k | CamelliaSubkeyL(28) = subl(27) ^ subl(29); |
997 | 8.64k | CamelliaSubkeyR(28) = subr(27) ^ subr(29); |
998 | 8.64k | CamelliaSubkeyL(29) = subl(28) ^ subl(30); |
999 | 8.64k | CamelliaSubkeyR(29) = subr(28) ^ subr(30); |
1000 | 8.64k | CamelliaSubkeyL(30) = subl(29) ^ subl(31); |
1001 | 8.64k | CamelliaSubkeyR(30) = subr(29) ^ subr(31); |
1002 | 8.64k | CamelliaSubkeyL(31) = subl(30); |
1003 | 8.64k | CamelliaSubkeyR(31) = subr(30); |
1004 | 8.64k | CamelliaSubkeyL(32) = subl(32) ^ subl(31); |
1005 | 8.64k | CamelliaSubkeyR(32) = subr(32) ^ subr(31); |
1006 | | |
1007 | | /* apply the inverse of the last half of P-function */ |
1008 | 8.64k | dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); |
1009 | 8.64k | CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; |
1010 | 8.64k | dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); |
1011 | 8.64k | CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; |
1012 | 8.64k | dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); |
1013 | 8.64k | CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; |
1014 | 8.64k | dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); |
1015 | 8.64k | CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; |
1016 | 8.64k | dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); |
1017 | 8.64k | CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; |
1018 | 8.64k | dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); |
1019 | 8.64k | CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; |
1020 | 8.64k | dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); |
1021 | 8.64k | CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; |
1022 | 8.64k | dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); |
1023 | 8.64k | CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; |
1024 | 8.64k | dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); |
1025 | 8.64k | CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; |
1026 | 8.64k | dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); |
1027 | 8.64k | CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; |
1028 | 8.64k | dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); |
1029 | 8.64k | CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; |
1030 | 8.64k | dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); |
1031 | 8.64k | CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; |
1032 | 8.64k | dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); |
1033 | 8.64k | CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; |
1034 | 8.64k | dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); |
1035 | 8.64k | CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; |
1036 | 8.64k | dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); |
1037 | 8.64k | CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; |
1038 | 8.64k | dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); |
1039 | 8.64k | CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; |
1040 | 8.64k | dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); |
1041 | 8.64k | CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; |
1042 | 8.64k | dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); |
1043 | 8.64k | CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; |
1044 | 8.64k | dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); |
1045 | 8.64k | CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; |
1046 | 8.64k | dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); |
1047 | 8.64k | CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; |
1048 | 8.64k | dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); |
1049 | 8.64k | CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; |
1050 | 8.64k | dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); |
1051 | 8.64k | CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; |
1052 | 8.64k | dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); |
1053 | 8.64k | CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; |
1054 | 8.64k | dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); |
1055 | 8.64k | CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, CamelliaSubkeyL(31) = dw; |
1056 | | |
1057 | 8.64k | return; |
1058 | 8.64k | } |
1059 | | |
1060 | | void |
1061 | | camellia_setup192(const unsigned char *key, PRUint32 *subkey) |
1062 | 424 | { |
1063 | 424 | unsigned char kk[32]; |
1064 | 424 | PRUint32 krll, krlr, krrl, krrr; |
1065 | | |
1066 | 424 | memcpy(kk, key, 24); |
1067 | 424 | memcpy((unsigned char *)&krll, key + 16, 4); |
1068 | 424 | memcpy((unsigned char *)&krlr, key + 20, 4); |
1069 | 424 | krrl = ~krll; |
1070 | 424 | krrr = ~krlr; |
1071 | 424 | memcpy(kk + 24, (unsigned char *)&krrl, 4); |
1072 | 424 | memcpy(kk + 28, (unsigned char *)&krrr, 4); |
1073 | 424 | camellia_setup256(kk, subkey); |
1074 | 424 | return; |
1075 | 424 | } |
1076 | | |
1077 | | /** |
1078 | | * Stuff related to camellia encryption/decryption |
1079 | | * |
1080 | | */ |
1081 | | SECStatus NO_SANITIZE_ALIGNMENT |
1082 | | camellia_encrypt128(const PRUint32 *subkey, |
1083 | | unsigned char *output, |
1084 | | const unsigned char *input) |
1085 | 960 | { |
1086 | 960 | PRUint32 il, ir, t0, t1; |
1087 | 960 | PRUint32 io[4]; |
1088 | | #if defined(CAMELLIA_NEED_TMP_VARIABLE) |
1089 | | PRUint32 tmp; |
1090 | | #endif |
1091 | | |
1092 | 960 | io[0] = GETU32(input); |
1093 | 960 | io[1] = GETU32(input + 4); |
1094 | 960 | io[2] = GETU32(input + 8); |
1095 | 960 | io[3] = GETU32(input + 12); |
1096 | | |
1097 | | /* pre whitening but absorb kw2*/ |
1098 | 960 | io[0] ^= CamelliaSubkeyL(0); |
1099 | 960 | io[1] ^= CamelliaSubkeyR(0); |
1100 | | /* main iteration */ |
1101 | | |
1102 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1103 | 960 | CamelliaSubkeyL(2), CamelliaSubkeyR(2), |
1104 | 960 | io[2], io[3], il, ir, t0, t1); |
1105 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1106 | 960 | CamelliaSubkeyL(3), CamelliaSubkeyR(3), |
1107 | 960 | io[0], io[1], il, ir, t0, t1); |
1108 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1109 | 960 | CamelliaSubkeyL(4), CamelliaSubkeyR(4), |
1110 | 960 | io[2], io[3], il, ir, t0, t1); |
1111 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1112 | 960 | CamelliaSubkeyL(5), CamelliaSubkeyR(5), |
1113 | 960 | io[0], io[1], il, ir, t0, t1); |
1114 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1115 | 960 | CamelliaSubkeyL(6), CamelliaSubkeyR(6), |
1116 | 960 | io[2], io[3], il, ir, t0, t1); |
1117 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1118 | 960 | CamelliaSubkeyL(7), CamelliaSubkeyR(7), |
1119 | 960 | io[0], io[1], il, ir, t0, t1); |
1120 | | |
1121 | 960 | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1122 | 960 | CamelliaSubkeyL(8), CamelliaSubkeyR(8), |
1123 | 960 | CamelliaSubkeyL(9), CamelliaSubkeyR(9), |
1124 | 960 | t0, t1, il, ir); |
1125 | | |
1126 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1127 | 960 | CamelliaSubkeyL(10), CamelliaSubkeyR(10), |
1128 | 960 | io[2], io[3], il, ir, t0, t1); |
1129 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1130 | 960 | CamelliaSubkeyL(11), CamelliaSubkeyR(11), |
1131 | 960 | io[0], io[1], il, ir, t0, t1); |
1132 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1133 | 960 | CamelliaSubkeyL(12), CamelliaSubkeyR(12), |
1134 | 960 | io[2], io[3], il, ir, t0, t1); |
1135 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1136 | 960 | CamelliaSubkeyL(13), CamelliaSubkeyR(13), |
1137 | 960 | io[0], io[1], il, ir, t0, t1); |
1138 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1139 | 960 | CamelliaSubkeyL(14), CamelliaSubkeyR(14), |
1140 | 960 | io[2], io[3], il, ir, t0, t1); |
1141 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1142 | 960 | CamelliaSubkeyL(15), CamelliaSubkeyR(15), |
1143 | 960 | io[0], io[1], il, ir, t0, t1); |
1144 | | |
1145 | 960 | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1146 | 960 | CamelliaSubkeyL(16), CamelliaSubkeyR(16), |
1147 | 960 | CamelliaSubkeyL(17), CamelliaSubkeyR(17), |
1148 | 960 | t0, t1, il, ir); |
1149 | | |
1150 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1151 | 960 | CamelliaSubkeyL(18), CamelliaSubkeyR(18), |
1152 | 960 | io[2], io[3], il, ir, t0, t1); |
1153 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1154 | 960 | CamelliaSubkeyL(19), CamelliaSubkeyR(19), |
1155 | 960 | io[0], io[1], il, ir, t0, t1); |
1156 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1157 | 960 | CamelliaSubkeyL(20), CamelliaSubkeyR(20), |
1158 | 960 | io[2], io[3], il, ir, t0, t1); |
1159 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1160 | 960 | CamelliaSubkeyL(21), CamelliaSubkeyR(21), |
1161 | 960 | io[0], io[1], il, ir, t0, t1); |
1162 | 960 | CAMELLIA_ROUNDSM(io[0], io[1], |
1163 | 960 | CamelliaSubkeyL(22), CamelliaSubkeyR(22), |
1164 | 960 | io[2], io[3], il, ir, t0, t1); |
1165 | 960 | CAMELLIA_ROUNDSM(io[2], io[3], |
1166 | 960 | CamelliaSubkeyL(23), CamelliaSubkeyR(23), |
1167 | 960 | io[0], io[1], il, ir, t0, t1); |
1168 | | |
1169 | | /* post whitening but kw4 */ |
1170 | 960 | io[2] ^= CamelliaSubkeyL(24); |
1171 | 960 | io[3] ^= CamelliaSubkeyR(24); |
1172 | | |
1173 | 960 | t0 = io[0]; |
1174 | 960 | t1 = io[1]; |
1175 | 960 | io[0] = io[2]; |
1176 | 960 | io[1] = io[3]; |
1177 | 960 | io[2] = t0; |
1178 | 960 | io[3] = t1; |
1179 | | |
1180 | 960 | PUTU32(output, io[0]); |
1181 | 960 | PUTU32(output + 4, io[1]); |
1182 | 960 | PUTU32(output + 8, io[2]); |
1183 | 960 | PUTU32(output + 12, io[3]); |
1184 | | |
1185 | 960 | return SECSuccess; |
1186 | 960 | } |
1187 | | |
1188 | | SECStatus NO_SANITIZE_ALIGNMENT |
1189 | | camellia_decrypt128(const PRUint32 *subkey, |
1190 | | unsigned char *output, |
1191 | | const unsigned char *input) |
1192 | 55.9k | { |
1193 | 55.9k | PRUint32 il, ir, t0, t1; /* temporary valiables */ |
1194 | 55.9k | PRUint32 io[4]; |
1195 | | #if defined(CAMELLIA_NEED_TMP_VARIABLE) |
1196 | | PRUint32 tmp; |
1197 | | #endif |
1198 | | |
1199 | 55.9k | io[0] = GETU32(input); |
1200 | 55.9k | io[1] = GETU32(input + 4); |
1201 | 55.9k | io[2] = GETU32(input + 8); |
1202 | 55.9k | io[3] = GETU32(input + 12); |
1203 | | |
1204 | | /* pre whitening but absorb kw2*/ |
1205 | 55.9k | io[0] ^= CamelliaSubkeyL(24); |
1206 | 55.9k | io[1] ^= CamelliaSubkeyR(24); |
1207 | | |
1208 | | /* main iteration */ |
1209 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1210 | 55.9k | CamelliaSubkeyL(23), CamelliaSubkeyR(23), |
1211 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1212 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1213 | 55.9k | CamelliaSubkeyL(22), CamelliaSubkeyR(22), |
1214 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1215 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1216 | 55.9k | CamelliaSubkeyL(21), CamelliaSubkeyR(21), |
1217 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1218 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1219 | 55.9k | CamelliaSubkeyL(20), CamelliaSubkeyR(20), |
1220 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1221 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1222 | 55.9k | CamelliaSubkeyL(19), CamelliaSubkeyR(19), |
1223 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1224 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1225 | 55.9k | CamelliaSubkeyL(18), CamelliaSubkeyR(18), |
1226 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1227 | | |
1228 | 55.9k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1229 | 55.9k | CamelliaSubkeyL(17), CamelliaSubkeyR(17), |
1230 | 55.9k | CamelliaSubkeyL(16), CamelliaSubkeyR(16), |
1231 | 55.9k | t0, t1, il, ir); |
1232 | | |
1233 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1234 | 55.9k | CamelliaSubkeyL(15), CamelliaSubkeyR(15), |
1235 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1236 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1237 | 55.9k | CamelliaSubkeyL(14), CamelliaSubkeyR(14), |
1238 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1239 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1240 | 55.9k | CamelliaSubkeyL(13), CamelliaSubkeyR(13), |
1241 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1242 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1243 | 55.9k | CamelliaSubkeyL(12), CamelliaSubkeyR(12), |
1244 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1245 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1246 | 55.9k | CamelliaSubkeyL(11), CamelliaSubkeyR(11), |
1247 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1248 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1249 | 55.9k | CamelliaSubkeyL(10), CamelliaSubkeyR(10), |
1250 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1251 | | |
1252 | 55.9k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1253 | 55.9k | CamelliaSubkeyL(9), CamelliaSubkeyR(9), |
1254 | 55.9k | CamelliaSubkeyL(8), CamelliaSubkeyR(8), |
1255 | 55.9k | t0, t1, il, ir); |
1256 | | |
1257 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1258 | 55.9k | CamelliaSubkeyL(7), CamelliaSubkeyR(7), |
1259 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1260 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1261 | 55.9k | CamelliaSubkeyL(6), CamelliaSubkeyR(6), |
1262 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1263 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1264 | 55.9k | CamelliaSubkeyL(5), CamelliaSubkeyR(5), |
1265 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1266 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1267 | 55.9k | CamelliaSubkeyL(4), CamelliaSubkeyR(4), |
1268 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1269 | 55.9k | CAMELLIA_ROUNDSM(io[0], io[1], |
1270 | 55.9k | CamelliaSubkeyL(3), CamelliaSubkeyR(3), |
1271 | 55.9k | io[2], io[3], il, ir, t0, t1); |
1272 | 55.9k | CAMELLIA_ROUNDSM(io[2], io[3], |
1273 | 55.9k | CamelliaSubkeyL(2), CamelliaSubkeyR(2), |
1274 | 55.9k | io[0], io[1], il, ir, t0, t1); |
1275 | | |
1276 | | /* post whitening but kw4 */ |
1277 | 55.9k | io[2] ^= CamelliaSubkeyL(0); |
1278 | 55.9k | io[3] ^= CamelliaSubkeyR(0); |
1279 | | |
1280 | 55.9k | t0 = io[0]; |
1281 | 55.9k | t1 = io[1]; |
1282 | 55.9k | io[0] = io[2]; |
1283 | 55.9k | io[1] = io[3]; |
1284 | 55.9k | io[2] = t0; |
1285 | 55.9k | io[3] = t1; |
1286 | | |
1287 | 55.9k | PUTU32(output, io[0]); |
1288 | 55.9k | PUTU32(output + 4, io[1]); |
1289 | 55.9k | PUTU32(output + 8, io[2]); |
1290 | 55.9k | PUTU32(output + 12, io[3]); |
1291 | | |
1292 | 55.9k | return SECSuccess; |
1293 | 55.9k | } |
1294 | | |
1295 | | /** |
1296 | | * stuff for 192 and 256bit encryption/decryption |
1297 | | */ |
1298 | | SECStatus NO_SANITIZE_ALIGNMENT |
1299 | | camellia_encrypt256(const PRUint32 *subkey, |
1300 | | unsigned char *output, |
1301 | | const unsigned char *input) |
1302 | 1.65k | { |
1303 | 1.65k | PRUint32 il, ir, t0, t1; /* temporary valiables */ |
1304 | 1.65k | PRUint32 io[4]; |
1305 | | #if defined(CAMELLIA_NEED_TMP_VARIABLE) |
1306 | | PRUint32 tmp; |
1307 | | #endif |
1308 | | |
1309 | 1.65k | io[0] = GETU32(input); |
1310 | 1.65k | io[1] = GETU32(input + 4); |
1311 | 1.65k | io[2] = GETU32(input + 8); |
1312 | 1.65k | io[3] = GETU32(input + 12); |
1313 | | |
1314 | | /* pre whitening but absorb kw2*/ |
1315 | 1.65k | io[0] ^= CamelliaSubkeyL(0); |
1316 | 1.65k | io[1] ^= CamelliaSubkeyR(0); |
1317 | | |
1318 | | /* main iteration */ |
1319 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1320 | 1.65k | CamelliaSubkeyL(2), CamelliaSubkeyR(2), |
1321 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1322 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1323 | 1.65k | CamelliaSubkeyL(3), CamelliaSubkeyR(3), |
1324 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1325 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1326 | 1.65k | CamelliaSubkeyL(4), CamelliaSubkeyR(4), |
1327 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1328 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1329 | 1.65k | CamelliaSubkeyL(5), CamelliaSubkeyR(5), |
1330 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1331 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1332 | 1.65k | CamelliaSubkeyL(6), CamelliaSubkeyR(6), |
1333 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1334 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1335 | 1.65k | CamelliaSubkeyL(7), CamelliaSubkeyR(7), |
1336 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1337 | | |
1338 | 1.65k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1339 | 1.65k | CamelliaSubkeyL(8), CamelliaSubkeyR(8), |
1340 | 1.65k | CamelliaSubkeyL(9), CamelliaSubkeyR(9), |
1341 | 1.65k | t0, t1, il, ir); |
1342 | | |
1343 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1344 | 1.65k | CamelliaSubkeyL(10), CamelliaSubkeyR(10), |
1345 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1346 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1347 | 1.65k | CamelliaSubkeyL(11), CamelliaSubkeyR(11), |
1348 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1349 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1350 | 1.65k | CamelliaSubkeyL(12), CamelliaSubkeyR(12), |
1351 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1352 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1353 | 1.65k | CamelliaSubkeyL(13), CamelliaSubkeyR(13), |
1354 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1355 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1356 | 1.65k | CamelliaSubkeyL(14), CamelliaSubkeyR(14), |
1357 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1358 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1359 | 1.65k | CamelliaSubkeyL(15), CamelliaSubkeyR(15), |
1360 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1361 | | |
1362 | 1.65k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1363 | 1.65k | CamelliaSubkeyL(16), CamelliaSubkeyR(16), |
1364 | 1.65k | CamelliaSubkeyL(17), CamelliaSubkeyR(17), |
1365 | 1.65k | t0, t1, il, ir); |
1366 | | |
1367 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1368 | 1.65k | CamelliaSubkeyL(18), CamelliaSubkeyR(18), |
1369 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1370 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1371 | 1.65k | CamelliaSubkeyL(19), CamelliaSubkeyR(19), |
1372 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1373 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1374 | 1.65k | CamelliaSubkeyL(20), CamelliaSubkeyR(20), |
1375 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1376 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1377 | 1.65k | CamelliaSubkeyL(21), CamelliaSubkeyR(21), |
1378 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1379 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1380 | 1.65k | CamelliaSubkeyL(22), CamelliaSubkeyR(22), |
1381 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1382 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1383 | 1.65k | CamelliaSubkeyL(23), CamelliaSubkeyR(23), |
1384 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1385 | | |
1386 | 1.65k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1387 | 1.65k | CamelliaSubkeyL(24), CamelliaSubkeyR(24), |
1388 | 1.65k | CamelliaSubkeyL(25), CamelliaSubkeyR(25), |
1389 | 1.65k | t0, t1, il, ir); |
1390 | | |
1391 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1392 | 1.65k | CamelliaSubkeyL(26), CamelliaSubkeyR(26), |
1393 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1394 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1395 | 1.65k | CamelliaSubkeyL(27), CamelliaSubkeyR(27), |
1396 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1397 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1398 | 1.65k | CamelliaSubkeyL(28), CamelliaSubkeyR(28), |
1399 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1400 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1401 | 1.65k | CamelliaSubkeyL(29), CamelliaSubkeyR(29), |
1402 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1403 | 1.65k | CAMELLIA_ROUNDSM(io[0], io[1], |
1404 | 1.65k | CamelliaSubkeyL(30), CamelliaSubkeyR(30), |
1405 | 1.65k | io[2], io[3], il, ir, t0, t1); |
1406 | 1.65k | CAMELLIA_ROUNDSM(io[2], io[3], |
1407 | 1.65k | CamelliaSubkeyL(31), CamelliaSubkeyR(31), |
1408 | 1.65k | io[0], io[1], il, ir, t0, t1); |
1409 | | |
1410 | | /* post whitening but kw4 */ |
1411 | 1.65k | io[2] ^= CamelliaSubkeyL(32); |
1412 | 1.65k | io[3] ^= CamelliaSubkeyR(32); |
1413 | | |
1414 | 1.65k | t0 = io[0]; |
1415 | 1.65k | t1 = io[1]; |
1416 | 1.65k | io[0] = io[2]; |
1417 | 1.65k | io[1] = io[3]; |
1418 | 1.65k | io[2] = t0; |
1419 | 1.65k | io[3] = t1; |
1420 | | |
1421 | 1.65k | PUTU32(output, io[0]); |
1422 | 1.65k | PUTU32(output + 4, io[1]); |
1423 | 1.65k | PUTU32(output + 8, io[2]); |
1424 | 1.65k | PUTU32(output + 12, io[3]); |
1425 | | |
1426 | 1.65k | return SECSuccess; |
1427 | 1.65k | } |
1428 | | |
1429 | | SECStatus NO_SANITIZE_ALIGNMENT |
1430 | | camellia_decrypt256(const PRUint32 *subkey, |
1431 | | unsigned char *output, |
1432 | | const unsigned char *input) |
1433 | 23.6k | { |
1434 | 23.6k | PRUint32 il, ir, t0, t1; /* temporary valiables */ |
1435 | 23.6k | PRUint32 io[4]; |
1436 | | #if defined(CAMELLIA_NEED_TMP_VARIABLE) |
1437 | | PRUint32 tmp; |
1438 | | #endif |
1439 | | |
1440 | 23.6k | io[0] = GETU32(input); |
1441 | 23.6k | io[1] = GETU32(input + 4); |
1442 | 23.6k | io[2] = GETU32(input + 8); |
1443 | 23.6k | io[3] = GETU32(input + 12); |
1444 | | |
1445 | | /* pre whitening but absorb kw2*/ |
1446 | 23.6k | io[0] ^= CamelliaSubkeyL(32); |
1447 | 23.6k | io[1] ^= CamelliaSubkeyR(32); |
1448 | | |
1449 | | /* main iteration */ |
1450 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1451 | 23.6k | CamelliaSubkeyL(31), CamelliaSubkeyR(31), |
1452 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1453 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1454 | 23.6k | CamelliaSubkeyL(30), CamelliaSubkeyR(30), |
1455 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1456 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1457 | 23.6k | CamelliaSubkeyL(29), CamelliaSubkeyR(29), |
1458 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1459 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1460 | 23.6k | CamelliaSubkeyL(28), CamelliaSubkeyR(28), |
1461 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1462 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1463 | 23.6k | CamelliaSubkeyL(27), CamelliaSubkeyR(27), |
1464 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1465 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1466 | 23.6k | CamelliaSubkeyL(26), CamelliaSubkeyR(26), |
1467 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1468 | | |
1469 | 23.6k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1470 | 23.6k | CamelliaSubkeyL(25), CamelliaSubkeyR(25), |
1471 | 23.6k | CamelliaSubkeyL(24), CamelliaSubkeyR(24), |
1472 | 23.6k | t0, t1, il, ir); |
1473 | | |
1474 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1475 | 23.6k | CamelliaSubkeyL(23), CamelliaSubkeyR(23), |
1476 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1477 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1478 | 23.6k | CamelliaSubkeyL(22), CamelliaSubkeyR(22), |
1479 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1480 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1481 | 23.6k | CamelliaSubkeyL(21), CamelliaSubkeyR(21), |
1482 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1483 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1484 | 23.6k | CamelliaSubkeyL(20), CamelliaSubkeyR(20), |
1485 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1486 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1487 | 23.6k | CamelliaSubkeyL(19), CamelliaSubkeyR(19), |
1488 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1489 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1490 | 23.6k | CamelliaSubkeyL(18), CamelliaSubkeyR(18), |
1491 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1492 | | |
1493 | 23.6k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1494 | 23.6k | CamelliaSubkeyL(17), CamelliaSubkeyR(17), |
1495 | 23.6k | CamelliaSubkeyL(16), CamelliaSubkeyR(16), |
1496 | 23.6k | t0, t1, il, ir); |
1497 | | |
1498 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1499 | 23.6k | CamelliaSubkeyL(15), CamelliaSubkeyR(15), |
1500 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1501 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1502 | 23.6k | CamelliaSubkeyL(14), CamelliaSubkeyR(14), |
1503 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1504 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1505 | 23.6k | CamelliaSubkeyL(13), CamelliaSubkeyR(13), |
1506 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1507 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1508 | 23.6k | CamelliaSubkeyL(12), CamelliaSubkeyR(12), |
1509 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1510 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1511 | 23.6k | CamelliaSubkeyL(11), CamelliaSubkeyR(11), |
1512 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1513 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1514 | 23.6k | CamelliaSubkeyL(10), CamelliaSubkeyR(10), |
1515 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1516 | | |
1517 | 23.6k | CAMELLIA_FLS(io[0], io[1], io[2], io[3], |
1518 | 23.6k | CamelliaSubkeyL(9), CamelliaSubkeyR(9), |
1519 | 23.6k | CamelliaSubkeyL(8), CamelliaSubkeyR(8), |
1520 | 23.6k | t0, t1, il, ir); |
1521 | | |
1522 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1523 | 23.6k | CamelliaSubkeyL(7), CamelliaSubkeyR(7), |
1524 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1525 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1526 | 23.6k | CamelliaSubkeyL(6), CamelliaSubkeyR(6), |
1527 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1528 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1529 | 23.6k | CamelliaSubkeyL(5), CamelliaSubkeyR(5), |
1530 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1531 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1532 | 23.6k | CamelliaSubkeyL(4), CamelliaSubkeyR(4), |
1533 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1534 | 23.6k | CAMELLIA_ROUNDSM(io[0], io[1], |
1535 | 23.6k | CamelliaSubkeyL(3), CamelliaSubkeyR(3), |
1536 | 23.6k | io[2], io[3], il, ir, t0, t1); |
1537 | 23.6k | CAMELLIA_ROUNDSM(io[2], io[3], |
1538 | 23.6k | CamelliaSubkeyL(2), CamelliaSubkeyR(2), |
1539 | 23.6k | io[0], io[1], il, ir, t0, t1); |
1540 | | |
1541 | | /* post whitening but kw4 */ |
1542 | 23.6k | io[2] ^= CamelliaSubkeyL(0); |
1543 | 23.6k | io[3] ^= CamelliaSubkeyR(0); |
1544 | | |
1545 | 23.6k | t0 = io[0]; |
1546 | 23.6k | t1 = io[1]; |
1547 | 23.6k | io[0] = io[2]; |
1548 | 23.6k | io[1] = io[3]; |
1549 | 23.6k | io[2] = t0; |
1550 | 23.6k | io[3] = t1; |
1551 | | |
1552 | 23.6k | PUTU32(output, io[0]); |
1553 | 23.6k | PUTU32(output + 4, io[1]); |
1554 | 23.6k | PUTU32(output + 8, io[2]); |
1555 | 23.6k | PUTU32(output + 12, io[3]); |
1556 | | |
1557 | 23.6k | return SECSuccess; |
1558 | 23.6k | } |
1559 | | |
1560 | | /************************************************************************** |
1561 | | * |
1562 | | * Stuff related to the Camellia key schedule |
1563 | | * |
1564 | | *************************************************************************/ |
1565 | | |
1566 | | SECStatus |
1567 | | camellia_key_expansion(CamelliaContext *cx, |
1568 | | const unsigned char *key, |
1569 | | const unsigned int keysize) |
1570 | 33.6k | { |
1571 | 33.6k | cx->keysize = keysize; |
1572 | | |
1573 | 33.6k | switch (keysize) { |
1574 | 24.9k | case 16: |
1575 | 24.9k | camellia_setup128(key, cx->expandedKey); |
1576 | 24.9k | break; |
1577 | 424 | case 24: |
1578 | 424 | camellia_setup192(key, cx->expandedKey); |
1579 | 424 | break; |
1580 | 8.22k | case 32: |
1581 | 8.22k | camellia_setup256(key, cx->expandedKey); |
1582 | 8.22k | break; |
1583 | 0 | default: |
1584 | 0 | break; |
1585 | 33.6k | } |
1586 | 33.6k | return SECSuccess; |
1587 | 33.6k | } |
1588 | | |
1589 | | /************************************************************************** |
1590 | | * |
1591 | | * Camellia modes of operation (ECB and CBC) |
1592 | | * |
1593 | | *************************************************************************/ |
1594 | | |
1595 | | SECStatus |
1596 | | camellia_encryptECB(CamelliaContext *cx, unsigned char *output, |
1597 | | unsigned int *outputLen, unsigned int maxOutputLen, |
1598 | | const unsigned char *input, unsigned int inputLen) |
1599 | 193 | { |
1600 | 193 | CamelliaBlockFunc *encryptor; |
1601 | | |
1602 | 193 | encryptor = (cx->keysize == 16) |
1603 | 193 | ? &camellia_encrypt128 |
1604 | 193 | : &camellia_encrypt256; |
1605 | | |
1606 | 1.85k | while (inputLen > 0) { |
1607 | 1.66k | (*encryptor)(cx->expandedKey, output, input); |
1608 | | |
1609 | 1.66k | output += CAMELLIA_BLOCK_SIZE; |
1610 | 1.66k | input += CAMELLIA_BLOCK_SIZE; |
1611 | 1.66k | inputLen -= CAMELLIA_BLOCK_SIZE; |
1612 | 1.66k | } |
1613 | 193 | return SECSuccess; |
1614 | 193 | } |
1615 | | |
1616 | | SECStatus |
1617 | | camellia_encryptCBC(CamelliaContext *cx, unsigned char *output, |
1618 | | unsigned int *outputLen, unsigned int maxOutputLen, |
1619 | | const unsigned char *input, unsigned int inputLen) |
1620 | 460 | { |
1621 | 460 | unsigned int j; |
1622 | 460 | unsigned char *lastblock; |
1623 | 460 | unsigned char inblock[CAMELLIA_BLOCK_SIZE]; |
1624 | 460 | CamelliaBlockFunc *encryptor; |
1625 | | |
1626 | 460 | if (!inputLen) |
1627 | 0 | return SECSuccess; |
1628 | 460 | lastblock = cx->iv; |
1629 | | |
1630 | 460 | encryptor = (cx->keysize == 16) |
1631 | 460 | ? &camellia_encrypt128 |
1632 | 460 | : &camellia_encrypt256; |
1633 | | |
1634 | 1.40k | while (inputLen > 0) { |
1635 | | /* XOR with the last block (IV if first block) */ |
1636 | 16.0k | for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j) |
1637 | 15.1k | inblock[j] = input[j] ^ lastblock[j]; |
1638 | | /* encrypt */ |
1639 | 945 | (*encryptor)(cx->expandedKey, output, inblock); |
1640 | | |
1641 | | /* move to the next block */ |
1642 | 945 | lastblock = output; |
1643 | 945 | output += CAMELLIA_BLOCK_SIZE; |
1644 | 945 | input += CAMELLIA_BLOCK_SIZE; |
1645 | 945 | inputLen -= CAMELLIA_BLOCK_SIZE; |
1646 | 945 | } |
1647 | 460 | memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE); |
1648 | 460 | return SECSuccess; |
1649 | 460 | } |
1650 | | |
1651 | | SECStatus |
1652 | | camellia_decryptECB(CamelliaContext *cx, unsigned char *output, |
1653 | | unsigned int *outputLen, unsigned int maxOutputLen, |
1654 | | const unsigned char *input, unsigned int inputLen) |
1655 | 187 | { |
1656 | 187 | CamelliaBlockFunc *decryptor; |
1657 | | |
1658 | 187 | decryptor = (cx->keysize == 16) |
1659 | 187 | ? &camellia_decrypt128 |
1660 | 187 | : &camellia_decrypt256; |
1661 | | |
1662 | 1.63k | while (inputLen > 0) { |
1663 | | |
1664 | 1.45k | (*decryptor)(cx->expandedKey, output, input); |
1665 | | |
1666 | 1.45k | output += CAMELLIA_BLOCK_SIZE; |
1667 | 1.45k | input += CAMELLIA_BLOCK_SIZE; |
1668 | 1.45k | inputLen -= CAMELLIA_BLOCK_SIZE; |
1669 | 1.45k | } |
1670 | 187 | return SECSuccess; |
1671 | 187 | } |
1672 | | |
1673 | | SECStatus |
1674 | | camellia_decryptCBC(CamelliaContext *cx, unsigned char *output, |
1675 | | unsigned int *outputLen, unsigned int maxOutputLen, |
1676 | | const unsigned char *input, unsigned int inputLen) |
1677 | 4.66k | { |
1678 | 4.66k | const unsigned char *in; |
1679 | 4.66k | unsigned char *out; |
1680 | 4.66k | unsigned int j; |
1681 | 4.66k | unsigned char newIV[CAMELLIA_BLOCK_SIZE]; |
1682 | 4.66k | CamelliaBlockFunc *decryptor; |
1683 | | |
1684 | 4.66k | if (!inputLen) |
1685 | 0 | return SECSuccess; |
1686 | | |
1687 | 4.66k | PORT_Assert(output - input >= 0 || input - output >= (int)inputLen); |
1688 | | |
1689 | 4.66k | in = input + (inputLen - CAMELLIA_BLOCK_SIZE); |
1690 | 4.66k | memcpy(newIV, in, CAMELLIA_BLOCK_SIZE); |
1691 | 4.66k | out = output + (inputLen - CAMELLIA_BLOCK_SIZE); |
1692 | | |
1693 | 4.66k | decryptor = (cx->keysize == 16) |
1694 | 4.66k | ? &camellia_decrypt128 |
1695 | 4.66k | : &camellia_decrypt256; |
1696 | | |
1697 | 78.1k | while (inputLen > CAMELLIA_BLOCK_SIZE) { |
1698 | 73.4k | (*decryptor)(cx->expandedKey, out, in); |
1699 | | |
1700 | 1.24M | for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j) |
1701 | 1.17M | out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)]; |
1702 | | |
1703 | 73.4k | out -= CAMELLIA_BLOCK_SIZE; |
1704 | 73.4k | in -= CAMELLIA_BLOCK_SIZE; |
1705 | 73.4k | inputLen -= CAMELLIA_BLOCK_SIZE; |
1706 | 73.4k | } |
1707 | 4.66k | if (in == input) { |
1708 | 4.66k | (*decryptor)(cx->expandedKey, out, in); |
1709 | | |
1710 | 79.2k | for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j) |
1711 | 74.5k | out[j] ^= cx->iv[j]; |
1712 | 4.66k | } |
1713 | 4.66k | memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE); |
1714 | 4.66k | return SECSuccess; |
1715 | 4.66k | } |
1716 | | |
1717 | | /************************************************************************** |
1718 | | * |
1719 | | * BLAPI Interface functions |
1720 | | * |
1721 | | *************************************************************************/ |
1722 | | |
1723 | | CamelliaContext * |
1724 | | Camellia_AllocateContext(void) |
1725 | 0 | { |
1726 | 0 | return PORT_ZNew(CamelliaContext); |
1727 | 0 | } |
1728 | | |
1729 | | SECStatus |
1730 | | Camellia_InitContext(CamelliaContext *cx, const unsigned char *key, |
1731 | | unsigned int keysize, |
1732 | | const unsigned char *iv, int mode, unsigned int encrypt, |
1733 | | unsigned int unused) |
1734 | 0 | { |
1735 | 0 | if (key == NULL || |
1736 | 0 | (keysize != 16 && keysize != 24 && keysize != 32)) { |
1737 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1738 | 0 | return SECFailure; |
1739 | 0 | } |
1740 | 0 | if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) { |
1741 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1742 | 0 | return SECFailure; |
1743 | 0 | } |
1744 | 0 | if (mode == NSS_CAMELLIA_CBC && iv == NULL) { |
1745 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1746 | 0 | return SECFailure; |
1747 | 0 | } |
1748 | 0 | if (!cx) { |
1749 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1750 | 0 | return SECFailure; |
1751 | 0 | } |
1752 | 0 | if (mode == NSS_CAMELLIA_CBC) { |
1753 | 0 | memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE); |
1754 | 0 | cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC; |
1755 | 0 | } else { |
1756 | 0 | cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB; |
1757 | 0 | } |
1758 | | |
1759 | | /* Generate expanded key */ |
1760 | 0 | if (camellia_key_expansion(cx, key, keysize) != SECSuccess) |
1761 | 0 | goto cleanup; |
1762 | | |
1763 | 0 | return SECSuccess; |
1764 | 0 | cleanup: |
1765 | 0 | return SECFailure; |
1766 | 0 | } |
1767 | | |
1768 | | /* |
1769 | | * Camellia_CreateContext |
1770 | | * create a new context for Camellia operations |
1771 | | */ |
1772 | | |
1773 | | CamelliaContext * |
1774 | | Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, |
1775 | | int mode, int encrypt, |
1776 | | unsigned int keysize) |
1777 | 33.6k | { |
1778 | 33.6k | CamelliaContext *cx; |
1779 | | |
1780 | 33.6k | if (key == NULL || |
1781 | 33.6k | (keysize != 16 && keysize != 24 && keysize != 32)) { |
1782 | 10 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1783 | 10 | return NULL; |
1784 | 10 | } |
1785 | 33.6k | if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) { |
1786 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1787 | 0 | return NULL; |
1788 | 0 | } |
1789 | 33.6k | if (mode == NSS_CAMELLIA_CBC && iv == NULL) { |
1790 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1791 | 0 | return NULL; |
1792 | 0 | } |
1793 | 33.6k | cx = PORT_ZNew(CamelliaContext); |
1794 | 33.6k | if (!cx) { |
1795 | 0 | PORT_SetError(SEC_ERROR_NO_MEMORY); |
1796 | 0 | return NULL; |
1797 | 0 | } |
1798 | | |
1799 | | /* copy in the iv, if neccessary */ |
1800 | 33.6k | if (mode == NSS_CAMELLIA_CBC) { |
1801 | 33.2k | memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE); |
1802 | 33.2k | cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC; |
1803 | 33.2k | } else { |
1804 | 428 | cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB; |
1805 | 428 | } |
1806 | | /* copy keysize */ |
1807 | 33.6k | cx->keysize = keysize; |
1808 | | |
1809 | | /* Generate expanded key */ |
1810 | 33.6k | if (camellia_key_expansion(cx, key, keysize) != SECSuccess) |
1811 | 0 | goto cleanup; |
1812 | | |
1813 | 33.6k | return cx; |
1814 | 0 | cleanup: |
1815 | 0 | PORT_ZFree(cx, sizeof *cx); |
1816 | 0 | return NULL; |
1817 | 33.6k | } |
1818 | | |
1819 | | /* |
1820 | | * Camellia_DestroyContext |
1821 | | * |
1822 | | * Zero an Camellia cipher context. If freeit is true, also free the pointer |
1823 | | * to the context. |
1824 | | */ |
1825 | | void |
1826 | | Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit) |
1827 | 33.6k | { |
1828 | 33.6k | if (cx) |
1829 | 33.6k | memset(cx, 0, sizeof *cx); |
1830 | 33.6k | if (freeit) |
1831 | 33.6k | PORT_Free(cx); |
1832 | 33.6k | } |
1833 | | |
1834 | | /* |
1835 | | * Camellia_Encrypt |
1836 | | * |
1837 | | * Encrypt an arbitrary-length buffer. The output buffer must already be |
1838 | | * allocated to at least inputLen. |
1839 | | */ |
1840 | | SECStatus |
1841 | | Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, |
1842 | | unsigned int *outputLen, unsigned int maxOutputLen, |
1843 | | const unsigned char *input, unsigned int inputLen) |
1844 | 714 | { |
1845 | | |
1846 | | /* Check args */ |
1847 | 714 | if (cx == NULL || output == NULL || input == NULL || |
1848 | 714 | outputLen == NULL) { |
1849 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1850 | 0 | return SECFailure; |
1851 | 0 | } |
1852 | | |
1853 | 714 | if (inputLen % CAMELLIA_BLOCK_SIZE != 0) { |
1854 | 27 | PORT_SetError(SEC_ERROR_INPUT_LEN); |
1855 | 27 | return SECFailure; |
1856 | 27 | } |
1857 | 687 | if (maxOutputLen < inputLen) { |
1858 | 34 | PORT_SetError(SEC_ERROR_OUTPUT_LEN); |
1859 | 34 | return SECFailure; |
1860 | 34 | } |
1861 | 653 | *outputLen = inputLen; |
1862 | | |
1863 | 653 | return (*cx->worker)(cx, output, outputLen, maxOutputLen, |
1864 | 653 | input, inputLen); |
1865 | 687 | } |
1866 | | |
1867 | | /* |
1868 | | * Camellia_Decrypt |
1869 | | * |
1870 | | * Decrypt and arbitrary-length buffer. The output buffer must already be |
1871 | | * allocated to at least inputLen. |
1872 | | */ |
1873 | | SECStatus |
1874 | | Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, |
1875 | | unsigned int *outputLen, unsigned int maxOutputLen, |
1876 | | const unsigned char *input, unsigned int inputLen) |
1877 | 4.89k | { |
1878 | | |
1879 | | /* Check args */ |
1880 | 4.89k | if (cx == NULL || output == NULL || input == NULL || outputLen == NULL) { |
1881 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1882 | 0 | return SECFailure; |
1883 | 0 | } |
1884 | 4.89k | if (inputLen % CAMELLIA_BLOCK_SIZE != 0) { |
1885 | 34 | PORT_SetError(SEC_ERROR_INPUT_LEN); |
1886 | 34 | return SECFailure; |
1887 | 34 | } |
1888 | 4.85k | if (maxOutputLen < inputLen) { |
1889 | 10 | PORT_SetError(SEC_ERROR_OUTPUT_LEN); |
1890 | 10 | return SECFailure; |
1891 | 10 | } |
1892 | 4.84k | *outputLen = inputLen; |
1893 | | |
1894 | 4.84k | return (*cx->worker)(cx, output, outputLen, maxOutputLen, |
1895 | 4.84k | input, inputLen); |
1896 | 4.85k | } |