SHA-512: Add AVX and AVX2 implementations for x86-64
[libgcrypt.git] / cipher / camellia.c
1 /* camellia.h   ver 1.2.0
2  *
3  * Copyright (C) 2006,2007
4  * NTT (Nippon Telegraph and Telephone Corporation).
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19
20 /*
21  * Algorithm Specification
22  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23  */
24
25 #include <config.h>
26 #include <string.h>
27 #include <stdlib.h>
28
29 #include "types.h"
30 #include "bufhelp.h"
31 #include "camellia.h"
32
33 typedef byte u8;
34
35 /* key constants */
36
37 #define CAMELLIA_SIGMA1L (0xA09E667FL)
38 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
39 #define CAMELLIA_SIGMA2L (0xB67AE858L)
40 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
41 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
42 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
43 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
44 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
45 #define CAMELLIA_SIGMA5L (0x10E527FAL)
46 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
47 #define CAMELLIA_SIGMA6L (0xB05688C2L)
48 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
49
50 /*
51  *  macros
52  */
53
54
55 #if defined(_MSC_VER)
56
57 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
58 # define GETU32(p) SWAP(*((u32 *)(p)))
59 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
60
61 #else /* not MS-VC */
62
63 # define GETU32(pt) buf_get_be32(pt)
64 # define PUTU32(ct, st) buf_put_be32(ct, st)
65
66 #endif
67
68 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
69 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
70
71 /* rotation right shift 1byte */
72 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
73 /* rotation left shift 1bit */
74 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
75 /* rotation left shift 1byte */
76 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
77
78 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
79     do {                                                \
80         w0 = ll;                                        \
81         ll = (ll << bits) + (lr >> (32 - bits));        \
82         lr = (lr << bits) + (rl >> (32 - bits));        \
83         rl = (rl << bits) + (rr >> (32 - bits));        \
84         rr = (rr << bits) + (w0 >> (32 - bits));        \
85     } while(0)
86
87 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
88     do {                                                \
89         w0 = ll;                                        \
90         w1 = lr;                                        \
91         ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
92         lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
93         rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
94         rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
95     } while(0)
96
97 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
98 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
99 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
100 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
101
102 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)      \
103     do {                                                        \
104         il = xl ^ kl;                                           \
105         ir = xr ^ kr;                                           \
106         t0 = il >> 16;                                          \
107         t1 = ir >> 16;                                          \
108         yl = CAMELLIA_SP1110(ir & 0xff)                         \
109             ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                 \
110             ^ CAMELLIA_SP3033(t1 & 0xff)                        \
111             ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                \
112         yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                  \
113             ^ CAMELLIA_SP0222(t0 & 0xff)                        \
114             ^ CAMELLIA_SP3033((il >> 8) & 0xff)                 \
115             ^ CAMELLIA_SP4404(il & 0xff);                       \
116         yl ^= yr;                                               \
117         yr = CAMELLIA_RR8(yr);                                  \
118         yr ^= yl;                                               \
119     } while(0)
120
121
122 /*
123  * for speed up
124  *
125  */
126 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
127     do {                                                                \
128         t0 = kll;                                                       \
129         t0 &= ll;                                                       \
130         lr ^= CAMELLIA_RL1(t0);                                         \
131         t1 = klr;                                                       \
132         t1 |= lr;                                                       \
133         ll ^= t1;                                                       \
134                                                                         \
135         t2 = krr;                                                       \
136         t2 |= rr;                                                       \
137         rl ^= t2;                                                       \
138         t3 = krl;                                                       \
139         t3 &= rl;                                                       \
140         rr ^= CAMELLIA_RL1(t3);                                         \
141     } while(0)
142
143 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
144     do {                                                                \
145         yl ^= kl;                                                       \
146         yr ^= kr;                                                       \
147         ir = CAMELLIA_SP1110(xr & 0xff)                                 \
148             ^ CAMELLIA_SP0222((xr >> 24) & 0xff)                        \
149             ^ CAMELLIA_SP3033((xr >> 16) & 0xff)                        \
150             ^ CAMELLIA_SP4404((xr >> 8) & 0xff);                        \
151         il = CAMELLIA_SP1110((xl >> 24) & 0xff)                         \
152             ^ CAMELLIA_SP0222((xl >> 16) & 0xff)                        \
153             ^ CAMELLIA_SP3033((xl >> 8) & 0xff)                         \
154             ^ CAMELLIA_SP4404(xl & 0xff);                               \
155         ir ^= il;                                                       \
156         il = CAMELLIA_RR8(il);                                          \
157         il ^= ir;                                                       \
158         yl ^= ir;                                                       \
159         yr ^= il;                                                       \
160     } while(0)
161
162
163 static const u32 camellia_sp1110[256] = {
164     0x70707000,0x82828200,0x2c2c2c00,0xececec00,
165     0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
166     0xe4e4e400,0x85858500,0x57575700,0x35353500,
167     0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
168     0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
169     0x45454500,0x19191900,0xa5a5a500,0x21212100,
170     0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
171     0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
172     0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
173     0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
174     0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
175     0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
176     0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
177     0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
178     0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
179     0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
180     0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
181     0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
182     0x74747400,0x12121200,0x2b2b2b00,0x20202000,
183     0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
184     0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
185     0x34343400,0x7e7e7e00,0x76767600,0x05050500,
186     0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
187     0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
188     0x14141400,0x58585800,0x3a3a3a00,0x61616100,
189     0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
190     0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
191     0x53535300,0x18181800,0xf2f2f200,0x22222200,
192     0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
193     0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
194     0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
195     0x60606000,0xfcfcfc00,0x69696900,0x50505000,
196     0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
197     0xa1a1a100,0x89898900,0x62626200,0x97979700,
198     0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
199     0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
200     0x10101000,0xc4c4c400,0x00000000,0x48484800,
201     0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
202     0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
203     0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
204     0x87878700,0x5c5c5c00,0x83838300,0x02020200,
205     0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
206     0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
207     0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
208     0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
209     0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
210     0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
211     0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
212     0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
213     0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
214     0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
215     0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
216     0x78787800,0x98989800,0x06060600,0x6a6a6a00,
217     0xe7e7e700,0x46464600,0x71717100,0xbababa00,
218     0xd4d4d400,0x25252500,0xababab00,0x42424200,
219     0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
220     0x72727200,0x07070700,0xb9b9b900,0x55555500,
221     0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
222     0x36363600,0x49494900,0x2a2a2a00,0x68686800,
223     0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
224     0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
225     0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
226     0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
227     0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
228 };
229
230 static const u32 camellia_sp0222[256] = {
231     0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
232     0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
233     0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
234     0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
235     0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
236     0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
237     0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
238     0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
239     0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
240     0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
241     0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
242     0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
243     0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
244     0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
245     0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
246     0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
247     0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
248     0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
249     0x00e8e8e8,0x00242424,0x00565656,0x00404040,
250     0x00e1e1e1,0x00636363,0x00090909,0x00333333,
251     0x00bfbfbf,0x00989898,0x00979797,0x00858585,
252     0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
253     0x00dadada,0x006f6f6f,0x00535353,0x00626262,
254     0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
255     0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
256     0x00bdbdbd,0x00363636,0x00222222,0x00383838,
257     0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
258     0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
259     0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
260     0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
261     0x00484848,0x00101010,0x00d1d1d1,0x00515151,
262     0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
263     0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
264     0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
265     0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
266     0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
267     0x00202020,0x00898989,0x00000000,0x00909090,
268     0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
269     0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
270     0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
271     0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
272     0x009b9b9b,0x00949494,0x00212121,0x00666666,
273     0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
274     0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
275     0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
276     0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
277     0x00030303,0x002d2d2d,0x00dedede,0x00969696,
278     0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
279     0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
280     0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
281     0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
282     0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
283     0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
284     0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
285     0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
286     0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
287     0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
288     0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
289     0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
290     0x00787878,0x00707070,0x00e3e3e3,0x00494949,
291     0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
292     0x00777777,0x00939393,0x00868686,0x00838383,
293     0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
294     0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
295 };
296
297 static const u32 camellia_sp3033[256] = {
298     0x38003838,0x41004141,0x16001616,0x76007676,
299     0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
300     0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
301     0x75007575,0x06000606,0x57005757,0xa000a0a0,
302     0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
303     0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
304     0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
305     0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
306     0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
307     0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
308     0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
309     0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
310     0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
311     0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
312     0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
313     0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
314     0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
315     0xfd00fdfd,0x66006666,0x58005858,0x96009696,
316     0x3a003a3a,0x09000909,0x95009595,0x10001010,
317     0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
318     0xef00efef,0x26002626,0xe500e5e5,0x61006161,
319     0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
320     0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
321     0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
322     0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
323     0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
324     0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
325     0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
326     0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
327     0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
328     0x12001212,0x04000404,0x74007474,0x54005454,
329     0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
330     0x55005555,0x68006868,0x50005050,0xbe00bebe,
331     0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
332     0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
333     0x70007070,0xff00ffff,0x32003232,0x69006969,
334     0x08000808,0x62006262,0x00000000,0x24002424,
335     0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
336     0x45004545,0x81008181,0x73007373,0x6d006d6d,
337     0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
338     0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
339     0xe600e6e6,0x25002525,0x48004848,0x99009999,
340     0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
341     0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
342     0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
343     0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
344     0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
345     0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
346     0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
347     0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
348     0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
349     0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
350     0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
351     0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
352     0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
353     0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
354     0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
355     0x7c007c7c,0x77007777,0x56005656,0x05000505,
356     0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
357     0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
358     0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
359     0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
360     0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
361     0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
362 };
363
364 static const u32 camellia_sp4404[256] = {
365     0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
366     0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
367     0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
368     0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
369     0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
370     0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
371     0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
372     0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
373     0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
374     0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
375     0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
376     0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
377     0x14140014,0x3a3a003a,0xdede00de,0x11110011,
378     0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
379     0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
380     0x24240024,0xe8e800e8,0x60600060,0x69690069,
381     0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
382     0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
383     0x10100010,0x00000000,0xa3a300a3,0x75750075,
384     0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
385     0x87870087,0x83830083,0xcdcd00cd,0x90900090,
386     0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
387     0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
388     0x81810081,0x6f6f006f,0x13130013,0x63630063,
389     0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
390     0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
391     0x78780078,0x06060006,0xe7e700e7,0x71710071,
392     0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
393     0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
394     0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
395     0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
396     0x15150015,0xadad00ad,0x77770077,0x80800080,
397     0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
398     0x85850085,0x35350035,0x0c0c000c,0x41410041,
399     0xefef00ef,0x93930093,0x19190019,0x21210021,
400     0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
401     0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
402     0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
403     0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
404     0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
405     0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
406     0x12120012,0x20200020,0xb1b100b1,0x99990099,
407     0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
408     0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
409     0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
410     0x0f0f000f,0x16160016,0x18180018,0x22220022,
411     0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
412     0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
413     0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
414     0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
415     0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
416     0x03030003,0xdada00da,0x3f3f003f,0x94940094,
417     0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
418     0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
419     0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
420     0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
421     0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
422     0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
423     0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
424     0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
425     0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
426     0x49490049,0x68680068,0x38380038,0xa4a400a4,
427     0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
428     0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
429 };
430
431
432 /**
433  * Stuff related to the Camellia key schedule
434  */
435 #define subl(x) subL[(x)]
436 #define subr(x) subR[(x)]
437
438 void camellia_setup128(const unsigned char *key, u32 *subkey)
439 {
440     u32 kll, klr, krl, krr;
441     u32 il, ir, t0, t1, w0, w1;
442     u32 kw4l, kw4r, dw, tl, tr;
443     u32 subL[26];
444     u32 subR[26];
445
446     /**
447      *  k == kll || klr || krl || krr (|| is concatination)
448      */
449     kll = GETU32(key     );
450     klr = GETU32(key +  4);
451     krl = GETU32(key +  8);
452     krr = GETU32(key + 12);
453     /**
454      * generate KL dependent subkeys
455      */
456     subl(0) = kll; subr(0) = klr;
457     subl(1) = krl; subr(1) = krr;
458     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
459     subl(4) = kll; subr(4) = klr;
460     subl(5) = krl; subr(5) = krr;
461     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
462     subl(10) = kll; subr(10) = klr;
463     subl(11) = krl; subr(11) = krr;
464     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
465     subl(13) = krl; subr(13) = krr;
466     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
467     subl(16) = kll; subr(16) = klr;
468     subl(17) = krl; subr(17) = krr;
469     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
470     subl(18) = kll; subr(18) = klr;
471     subl(19) = krl; subr(19) = krr;
472     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
473     subl(22) = kll; subr(22) = klr;
474     subl(23) = krl; subr(23) = krr;
475
476     /* generate KA */
477     kll = subl(0); klr = subr(0);
478     krl = subl(1); krr = subr(1);
479     CAMELLIA_F(kll, klr,
480                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
481                w0, w1, il, ir, t0, t1);
482     krl ^= w0; krr ^= w1;
483     CAMELLIA_F(krl, krr,
484                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
485                kll, klr, il, ir, t0, t1);
486     CAMELLIA_F(kll, klr,
487                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
488                krl, krr, il, ir, t0, t1);
489     krl ^= w0; krr ^= w1;
490     CAMELLIA_F(krl, krr,
491                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
492                w0, w1, il, ir, t0, t1);
493     kll ^= w0; klr ^= w1;
494
495     /* generate KA dependent subkeys */
496     subl(2) = kll; subr(2) = klr;
497     subl(3) = krl; subr(3) = krr;
498     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
499     subl(6) = kll; subr(6) = klr;
500     subl(7) = krl; subr(7) = krr;
501     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
502     subl(8) = kll; subr(8) = klr;
503     subl(9) = krl; subr(9) = krr;
504     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
505     subl(12) = kll; subr(12) = klr;
506     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
507     subl(14) = kll; subr(14) = klr;
508     subl(15) = krl; subr(15) = krr;
509     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
510     subl(20) = kll; subr(20) = klr;
511     subl(21) = krl; subr(21) = krr;
512     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
513     subl(24) = kll; subr(24) = klr;
514     subl(25) = krl; subr(25) = krr;
515
516
517     /* absorb kw2 to other subkeys */
518     subl(3) ^= subl(1); subr(3) ^= subr(1);
519     subl(5) ^= subl(1); subr(5) ^= subr(1);
520     subl(7) ^= subl(1); subr(7) ^= subr(1);
521     subl(1) ^= subr(1) & ~subr(9);
522     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
523     subl(11) ^= subl(1); subr(11) ^= subr(1);
524     subl(13) ^= subl(1); subr(13) ^= subr(1);
525     subl(15) ^= subl(1); subr(15) ^= subr(1);
526     subl(1) ^= subr(1) & ~subr(17);
527     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
528     subl(19) ^= subl(1); subr(19) ^= subr(1);
529     subl(21) ^= subl(1); subr(21) ^= subr(1);
530     subl(23) ^= subl(1); subr(23) ^= subr(1);
531     subl(24) ^= subl(1); subr(24) ^= subr(1);
532
533     /* absorb kw4 to other subkeys */
534     kw4l = subl(25); kw4r = subr(25);
535     subl(22) ^= kw4l; subr(22) ^= kw4r;
536     subl(20) ^= kw4l; subr(20) ^= kw4r;
537     subl(18) ^= kw4l; subr(18) ^= kw4r;
538     kw4l ^= kw4r & ~subr(16);
539     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
540     subl(14) ^= kw4l; subr(14) ^= kw4r;
541     subl(12) ^= kw4l; subr(12) ^= kw4r;
542     subl(10) ^= kw4l; subr(10) ^= kw4r;
543     kw4l ^= kw4r & ~subr(8);
544     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
545     subl(6) ^= kw4l; subr(6) ^= kw4r;
546     subl(4) ^= kw4l; subr(4) ^= kw4r;
547     subl(2) ^= kw4l; subr(2) ^= kw4r;
548     subl(0) ^= kw4l; subr(0) ^= kw4r;
549
550     /* key XOR is end of F-function */
551     CamelliaSubkeyL(0) = subl(0) ^ subl(2);
552     CamelliaSubkeyR(0) = subr(0) ^ subr(2);
553     CamelliaSubkeyL(2) = subl(3);
554     CamelliaSubkeyR(2) = subr(3);
555     CamelliaSubkeyL(3) = subl(2) ^ subl(4);
556     CamelliaSubkeyR(3) = subr(2) ^ subr(4);
557     CamelliaSubkeyL(4) = subl(3) ^ subl(5);
558     CamelliaSubkeyR(4) = subr(3) ^ subr(5);
559     CamelliaSubkeyL(5) = subl(4) ^ subl(6);
560     CamelliaSubkeyR(5) = subr(4) ^ subr(6);
561     CamelliaSubkeyL(6) = subl(5) ^ subl(7);
562     CamelliaSubkeyR(6) = subr(5) ^ subr(7);
563     tl = subl(10) ^ (subr(10) & ~subr(8));
564     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
565     CamelliaSubkeyL(7) = subl(6) ^ tl;
566     CamelliaSubkeyR(7) = subr(6) ^ tr;
567     CamelliaSubkeyL(8) = subl(8);
568     CamelliaSubkeyR(8) = subr(8);
569     CamelliaSubkeyL(9) = subl(9);
570     CamelliaSubkeyR(9) = subr(9);
571     tl = subl(7) ^ (subr(7) & ~subr(9));
572     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
573     CamelliaSubkeyL(10) = tl ^ subl(11);
574     CamelliaSubkeyR(10) = tr ^ subr(11);
575     CamelliaSubkeyL(11) = subl(10) ^ subl(12);
576     CamelliaSubkeyR(11) = subr(10) ^ subr(12);
577     CamelliaSubkeyL(12) = subl(11) ^ subl(13);
578     CamelliaSubkeyR(12) = subr(11) ^ subr(13);
579     CamelliaSubkeyL(13) = subl(12) ^ subl(14);
580     CamelliaSubkeyR(13) = subr(12) ^ subr(14);
581     CamelliaSubkeyL(14) = subl(13) ^ subl(15);
582     CamelliaSubkeyR(14) = subr(13) ^ subr(15);
583     tl = subl(18) ^ (subr(18) & ~subr(16));
584     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
585     CamelliaSubkeyL(15) = subl(14) ^ tl;
586     CamelliaSubkeyR(15) = subr(14) ^ tr;
587     CamelliaSubkeyL(16) = subl(16);
588     CamelliaSubkeyR(16) = subr(16);
589     CamelliaSubkeyL(17) = subl(17);
590     CamelliaSubkeyR(17) = subr(17);
591     tl = subl(15) ^ (subr(15) & ~subr(17));
592     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
593     CamelliaSubkeyL(18) = tl ^ subl(19);
594     CamelliaSubkeyR(18) = tr ^ subr(19);
595     CamelliaSubkeyL(19) = subl(18) ^ subl(20);
596     CamelliaSubkeyR(19) = subr(18) ^ subr(20);
597     CamelliaSubkeyL(20) = subl(19) ^ subl(21);
598     CamelliaSubkeyR(20) = subr(19) ^ subr(21);
599     CamelliaSubkeyL(21) = subl(20) ^ subl(22);
600     CamelliaSubkeyR(21) = subr(20) ^ subr(22);
601     CamelliaSubkeyL(22) = subl(21) ^ subl(23);
602     CamelliaSubkeyR(22) = subr(21) ^ subr(23);
603     CamelliaSubkeyL(23) = subl(22);
604     CamelliaSubkeyR(23) = subr(22);
605     CamelliaSubkeyL(24) = subl(24) ^ subl(23);
606     CamelliaSubkeyR(24) = subr(24) ^ subr(23);
607
608     return;
609 }
610
611 void camellia_setup256(const unsigned char *key, u32 *subkey)
612 {
613     u32 kll,klr,krl,krr;           /* left half of key */
614     u32 krll,krlr,krrl,krrr;       /* right half of key */
615     u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
616     u32 kw4l, kw4r, dw, tl, tr;
617     u32 subL[34];
618     u32 subR[34];
619
620     /**
621      *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
622      *  (|| is concatination)
623      */
624
625     kll  = GETU32(key     );
626     klr  = GETU32(key +  4);
627     krl  = GETU32(key +  8);
628     krr  = GETU32(key + 12);
629     krll = GETU32(key + 16);
630     krlr = GETU32(key + 20);
631     krrl = GETU32(key + 24);
632     krrr = GETU32(key + 28);
633
634     /* generate KL dependent subkeys */
635     subl(0) = kll; subr(0) = klr;
636     subl(1) = krl; subr(1) = krr;
637     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
638     subl(12) = kll; subr(12) = klr;
639     subl(13) = krl; subr(13) = krr;
640     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
641     subl(16) = kll; subr(16) = klr;
642     subl(17) = krl; subr(17) = krr;
643     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
644     subl(22) = kll; subr(22) = klr;
645     subl(23) = krl; subr(23) = krr;
646     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
647     subl(30) = kll; subr(30) = klr;
648     subl(31) = krl; subr(31) = krr;
649
650     /* generate KR dependent subkeys */
651     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
652     subl(4) = krll; subr(4) = krlr;
653     subl(5) = krrl; subr(5) = krrr;
654     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
655     subl(8) = krll; subr(8) = krlr;
656     subl(9) = krrl; subr(9) = krrr;
657     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
658     subl(18) = krll; subr(18) = krlr;
659     subl(19) = krrl; subr(19) = krrr;
660     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
661     subl(26) = krll; subr(26) = krlr;
662     subl(27) = krrl; subr(27) = krrr;
663     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
664
665     /* generate KA */
666     kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
667     krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
668     CAMELLIA_F(kll, klr,
669                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
670                w0, w1, il, ir, t0, t1);
671     krl ^= w0; krr ^= w1;
672     CAMELLIA_F(krl, krr,
673                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
674                kll, klr, il, ir, t0, t1);
675     kll ^= krll; klr ^= krlr;
676     CAMELLIA_F(kll, klr,
677                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
678                krl, krr, il, ir, t0, t1);
679     krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
680     CAMELLIA_F(krl, krr,
681                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
682                w0, w1, il, ir, t0, t1);
683     kll ^= w0; klr ^= w1;
684
685     /* generate KB */
686     krll ^= kll; krlr ^= klr;
687     krrl ^= krl; krrr ^= krr;
688     CAMELLIA_F(krll, krlr,
689                CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
690                w0, w1, il, ir, t0, t1);
691     krrl ^= w0; krrr ^= w1;
692     CAMELLIA_F(krrl, krrr,
693                CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
694                w0, w1, il, ir, t0, t1);
695     krll ^= w0; krlr ^= w1;
696
697     /* generate KA dependent subkeys */
698     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
699     subl(6) = kll; subr(6) = klr;
700     subl(7) = krl; subr(7) = krr;
701     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
702     subl(14) = kll; subr(14) = klr;
703     subl(15) = krl; subr(15) = krr;
704     subl(24) = klr; subr(24) = krl;
705     subl(25) = krr; subr(25) = kll;
706     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
707     subl(28) = kll; subr(28) = klr;
708     subl(29) = krl; subr(29) = krr;
709
710     /* generate KB dependent subkeys */
711     subl(2) = krll; subr(2) = krlr;
712     subl(3) = krrl; subr(3) = krrr;
713     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
714     subl(10) = krll; subr(10) = krlr;
715     subl(11) = krrl; subr(11) = krrr;
716     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
717     subl(20) = krll; subr(20) = krlr;
718     subl(21) = krrl; subr(21) = krrr;
719     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
720     subl(32) = krll; subr(32) = krlr;
721     subl(33) = krrl; subr(33) = krrr;
722
723     /* absorb kw2 to other subkeys */
724     subl(3) ^= subl(1); subr(3) ^= subr(1);
725     subl(5) ^= subl(1); subr(5) ^= subr(1);
726     subl(7) ^= subl(1); subr(7) ^= subr(1);
727     subl(1) ^= subr(1) & ~subr(9);
728     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
729     subl(11) ^= subl(1); subr(11) ^= subr(1);
730     subl(13) ^= subl(1); subr(13) ^= subr(1);
731     subl(15) ^= subl(1); subr(15) ^= subr(1);
732     subl(1) ^= subr(1) & ~subr(17);
733     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
734     subl(19) ^= subl(1); subr(19) ^= subr(1);
735     subl(21) ^= subl(1); subr(21) ^= subr(1);
736     subl(23) ^= subl(1); subr(23) ^= subr(1);
737     subl(1) ^= subr(1) & ~subr(25);
738     dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
739     subl(27) ^= subl(1); subr(27) ^= subr(1);
740     subl(29) ^= subl(1); subr(29) ^= subr(1);
741     subl(31) ^= subl(1); subr(31) ^= subr(1);
742     subl(32) ^= subl(1); subr(32) ^= subr(1);
743
744     /* absorb kw4 to other subkeys */
745     kw4l = subl(33); kw4r = subr(33);
746     subl(30) ^= kw4l; subr(30) ^= kw4r;
747     subl(28) ^= kw4l; subr(28) ^= kw4r;
748     subl(26) ^= kw4l; subr(26) ^= kw4r;
749     kw4l ^= kw4r & ~subr(24);
750     dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
751     subl(22) ^= kw4l; subr(22) ^= kw4r;
752     subl(20) ^= kw4l; subr(20) ^= kw4r;
753     subl(18) ^= kw4l; subr(18) ^= kw4r;
754     kw4l ^= kw4r & ~subr(16);
755     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
756     subl(14) ^= kw4l; subr(14) ^= kw4r;
757     subl(12) ^= kw4l; subr(12) ^= kw4r;
758     subl(10) ^= kw4l; subr(10) ^= kw4r;
759     kw4l ^= kw4r & ~subr(8);
760     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
761     subl(6) ^= kw4l; subr(6) ^= kw4r;
762     subl(4) ^= kw4l; subr(4) ^= kw4r;
763     subl(2) ^= kw4l; subr(2) ^= kw4r;
764     subl(0) ^= kw4l; subr(0) ^= kw4r;
765
766     /* key XOR is end of F-function */
767     CamelliaSubkeyL(0) = subl(0) ^ subl(2);
768     CamelliaSubkeyR(0) = subr(0) ^ subr(2);
769     CamelliaSubkeyL(2) = subl(3);
770     CamelliaSubkeyR(2) = subr(3);
771     CamelliaSubkeyL(3) = subl(2) ^ subl(4);
772     CamelliaSubkeyR(3) = subr(2) ^ subr(4);
773     CamelliaSubkeyL(4) = subl(3) ^ subl(5);
774     CamelliaSubkeyR(4) = subr(3) ^ subr(5);
775     CamelliaSubkeyL(5) = subl(4) ^ subl(6);
776     CamelliaSubkeyR(5) = subr(4) ^ subr(6);
777     CamelliaSubkeyL(6) = subl(5) ^ subl(7);
778     CamelliaSubkeyR(6) = subr(5) ^ subr(7);
779     tl = subl(10) ^ (subr(10) & ~subr(8));
780     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
781     CamelliaSubkeyL(7) = subl(6) ^ tl;
782     CamelliaSubkeyR(7) = subr(6) ^ tr;
783     CamelliaSubkeyL(8) = subl(8);
784     CamelliaSubkeyR(8) = subr(8);
785     CamelliaSubkeyL(9) = subl(9);
786     CamelliaSubkeyR(9) = subr(9);
787     tl = subl(7) ^ (subr(7) & ~subr(9));
788     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
789     CamelliaSubkeyL(10) = tl ^ subl(11);
790     CamelliaSubkeyR(10) = tr ^ subr(11);
791     CamelliaSubkeyL(11) = subl(10) ^ subl(12);
792     CamelliaSubkeyR(11) = subr(10) ^ subr(12);
793     CamelliaSubkeyL(12) = subl(11) ^ subl(13);
794     CamelliaSubkeyR(12) = subr(11) ^ subr(13);
795     CamelliaSubkeyL(13) = subl(12) ^ subl(14);
796     CamelliaSubkeyR(13) = subr(12) ^ subr(14);
797     CamelliaSubkeyL(14) = subl(13) ^ subl(15);
798     CamelliaSubkeyR(14) = subr(13) ^ subr(15);
799     tl = subl(18) ^ (subr(18) & ~subr(16));
800     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
801     CamelliaSubkeyL(15) = subl(14) ^ tl;
802     CamelliaSubkeyR(15) = subr(14) ^ tr;
803     CamelliaSubkeyL(16) = subl(16);
804     CamelliaSubkeyR(16) = subr(16);
805     CamelliaSubkeyL(17) = subl(17);
806     CamelliaSubkeyR(17) = subr(17);
807     tl = subl(15) ^ (subr(15) & ~subr(17));
808     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
809     CamelliaSubkeyL(18) = tl ^ subl(19);
810     CamelliaSubkeyR(18) = tr ^ subr(19);
811     CamelliaSubkeyL(19) = subl(18) ^ subl(20);
812     CamelliaSubkeyR(19) = subr(18) ^ subr(20);
813     CamelliaSubkeyL(20) = subl(19) ^ subl(21);
814     CamelliaSubkeyR(20) = subr(19) ^ subr(21);
815     CamelliaSubkeyL(21) = subl(20) ^ subl(22);
816     CamelliaSubkeyR(21) = subr(20) ^ subr(22);
817     CamelliaSubkeyL(22) = subl(21) ^ subl(23);
818     CamelliaSubkeyR(22) = subr(21) ^ subr(23);
819     tl = subl(26) ^ (subr(26) & ~subr(24));
820     dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
821     CamelliaSubkeyL(23) = subl(22) ^ tl;
822     CamelliaSubkeyR(23) = subr(22) ^ tr;
823     CamelliaSubkeyL(24) = subl(24);
824     CamelliaSubkeyR(24) = subr(24);
825     CamelliaSubkeyL(25) = subl(25);
826     CamelliaSubkeyR(25) = subr(25);
827     tl = subl(23) ^ (subr(23) &  ~subr(25));
828     dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
829     CamelliaSubkeyL(26) = tl ^ subl(27);
830     CamelliaSubkeyR(26) = tr ^ subr(27);
831     CamelliaSubkeyL(27) = subl(26) ^ subl(28);
832     CamelliaSubkeyR(27) = subr(26) ^ subr(28);
833     CamelliaSubkeyL(28) = subl(27) ^ subl(29);
834     CamelliaSubkeyR(28) = subr(27) ^ subr(29);
835     CamelliaSubkeyL(29) = subl(28) ^ subl(30);
836     CamelliaSubkeyR(29) = subr(28) ^ subr(30);
837     CamelliaSubkeyL(30) = subl(29) ^ subl(31);
838     CamelliaSubkeyR(30) = subr(29) ^ subr(31);
839     CamelliaSubkeyL(31) = subl(30);
840     CamelliaSubkeyR(31) = subr(30);
841     CamelliaSubkeyL(32) = subl(32) ^ subl(31);
842     CamelliaSubkeyR(32) = subr(32) ^ subr(31);
843
844     return;
845 }
846
847 void camellia_setup192(const unsigned char *key, u32 *subkey)
848 {
849     unsigned char kk[32];
850     u32 krll, krlr, krrl,krrr;
851
852     memcpy(kk, key, 24);
853     memcpy((unsigned char *)&krll, key+16,4);
854     memcpy((unsigned char *)&krlr, key+20,4);
855     krrl = ~krll;
856     krrr = ~krlr;
857     memcpy(kk+24, (unsigned char *)&krrl, 4);
858     memcpy(kk+28, (unsigned char *)&krrr, 4);
859     camellia_setup256(kk, subkey);
860     return;
861 }
862
863
864 #ifndef USE_ARM_ASM
865 /**
866  * Stuff related to camellia encryption/decryption
867  *
868  * "io" must be 4byte aligned and big-endian data.
869  */
870 void camellia_encrypt128(const u32 *subkey, u32 *blocks)
871 {
872     u32 il, ir, t0, t1;
873     u32 io[4];
874
875     io[0] = blocks[0];
876     io[1] = blocks[1];
877     io[2] = blocks[2];
878     io[3] = blocks[3];
879
880     /* pre whitening but absorb kw2*/
881     io[0] ^= CamelliaSubkeyL(0);
882     io[1] ^= CamelliaSubkeyR(0);
883     /* main iteration */
884
885     CAMELLIA_ROUNDSM(io[0],io[1],
886                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
887                      io[2],io[3],il,ir,t0,t1);
888     CAMELLIA_ROUNDSM(io[2],io[3],
889                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
890                      io[0],io[1],il,ir,t0,t1);
891     CAMELLIA_ROUNDSM(io[0],io[1],
892                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
893                      io[2],io[3],il,ir,t0,t1);
894     CAMELLIA_ROUNDSM(io[2],io[3],
895                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
896                      io[0],io[1],il,ir,t0,t1);
897     CAMELLIA_ROUNDSM(io[0],io[1],
898                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
899                      io[2],io[3],il,ir,t0,t1);
900     CAMELLIA_ROUNDSM(io[2],io[3],
901                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
902                      io[0],io[1],il,ir,t0,t1);
903
904     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
905                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
906                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
907                  t0,t1,il,ir);
908
909     CAMELLIA_ROUNDSM(io[0],io[1],
910                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
911                      io[2],io[3],il,ir,t0,t1);
912     CAMELLIA_ROUNDSM(io[2],io[3],
913                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
914                      io[0],io[1],il,ir,t0,t1);
915     CAMELLIA_ROUNDSM(io[0],io[1],
916                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
917                      io[2],io[3],il,ir,t0,t1);
918     CAMELLIA_ROUNDSM(io[2],io[3],
919                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
920                      io[0],io[1],il,ir,t0,t1);
921     CAMELLIA_ROUNDSM(io[0],io[1],
922                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
923                      io[2],io[3],il,ir,t0,t1);
924     CAMELLIA_ROUNDSM(io[2],io[3],
925                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
926                      io[0],io[1],il,ir,t0,t1);
927
928     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
929                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
930                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
931                  t0,t1,il,ir);
932
933     CAMELLIA_ROUNDSM(io[0],io[1],
934                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
935                      io[2],io[3],il,ir,t0,t1);
936     CAMELLIA_ROUNDSM(io[2],io[3],
937                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
938                      io[0],io[1],il,ir,t0,t1);
939     CAMELLIA_ROUNDSM(io[0],io[1],
940                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
941                      io[2],io[3],il,ir,t0,t1);
942     CAMELLIA_ROUNDSM(io[2],io[3],
943                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
944                      io[0],io[1],il,ir,t0,t1);
945     CAMELLIA_ROUNDSM(io[0],io[1],
946                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
947                      io[2],io[3],il,ir,t0,t1);
948     CAMELLIA_ROUNDSM(io[2],io[3],
949                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
950                      io[0],io[1],il,ir,t0,t1);
951
952     /* post whitening but kw4 */
953     io[2] ^= CamelliaSubkeyL(24);
954     io[3] ^= CamelliaSubkeyR(24);
955
956     t0 = io[0];
957     t1 = io[1];
958     io[0] = io[2];
959     io[1] = io[3];
960     io[2] = t0;
961     io[3] = t1;
962
963     blocks[0] = io[0];
964     blocks[1] = io[1];
965     blocks[2] = io[2];
966     blocks[3] = io[3];
967
968     return;
969 }
970
971 void camellia_decrypt128(const u32 *subkey, u32 *blocks)
972 {
973     u32 il,ir,t0,t1;               /* temporary valiables */
974     u32 io[4];
975
976     io[0] = blocks[0];
977     io[1] = blocks[1];
978     io[2] = blocks[2];
979     io[3] = blocks[3];
980
981     /* pre whitening but absorb kw2*/
982     io[0] ^= CamelliaSubkeyL(24);
983     io[1] ^= CamelliaSubkeyR(24);
984
985     /* main iteration */
986     CAMELLIA_ROUNDSM(io[0],io[1],
987                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
988                      io[2],io[3],il,ir,t0,t1);
989     CAMELLIA_ROUNDSM(io[2],io[3],
990                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
991                      io[0],io[1],il,ir,t0,t1);
992     CAMELLIA_ROUNDSM(io[0],io[1],
993                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
994                      io[2],io[3],il,ir,t0,t1);
995     CAMELLIA_ROUNDSM(io[2],io[3],
996                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
997                      io[0],io[1],il,ir,t0,t1);
998     CAMELLIA_ROUNDSM(io[0],io[1],
999                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1000                      io[2],io[3],il,ir,t0,t1);
1001     CAMELLIA_ROUNDSM(io[2],io[3],
1002                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1003                      io[0],io[1],il,ir,t0,t1);
1004
1005     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1006                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1007                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1008                  t0,t1,il,ir);
1009
1010     CAMELLIA_ROUNDSM(io[0],io[1],
1011                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1012                      io[2],io[3],il,ir,t0,t1);
1013     CAMELLIA_ROUNDSM(io[2],io[3],
1014                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1015                      io[0],io[1],il,ir,t0,t1);
1016     CAMELLIA_ROUNDSM(io[0],io[1],
1017                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1018                      io[2],io[3],il,ir,t0,t1);
1019     CAMELLIA_ROUNDSM(io[2],io[3],
1020                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1021                      io[0],io[1],il,ir,t0,t1);
1022     CAMELLIA_ROUNDSM(io[0],io[1],
1023                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1024                      io[2],io[3],il,ir,t0,t1);
1025     CAMELLIA_ROUNDSM(io[2],io[3],
1026                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1027                      io[0],io[1],il,ir,t0,t1);
1028
1029     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1030                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1031                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1032                  t0,t1,il,ir);
1033
1034     CAMELLIA_ROUNDSM(io[0],io[1],
1035                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1036                      io[2],io[3],il,ir,t0,t1);
1037     CAMELLIA_ROUNDSM(io[2],io[3],
1038                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1039                      io[0],io[1],il,ir,t0,t1);
1040     CAMELLIA_ROUNDSM(io[0],io[1],
1041                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1042                      io[2],io[3],il,ir,t0,t1);
1043     CAMELLIA_ROUNDSM(io[2],io[3],
1044                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1045                      io[0],io[1],il,ir,t0,t1);
1046     CAMELLIA_ROUNDSM(io[0],io[1],
1047                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1048                      io[2],io[3],il,ir,t0,t1);
1049     CAMELLIA_ROUNDSM(io[2],io[3],
1050                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1051                      io[0],io[1],il,ir,t0,t1);
1052
1053     /* post whitening but kw4 */
1054     io[2] ^= CamelliaSubkeyL(0);
1055     io[3] ^= CamelliaSubkeyR(0);
1056
1057     t0 = io[0];
1058     t1 = io[1];
1059     io[0] = io[2];
1060     io[1] = io[3];
1061     io[2] = t0;
1062     io[3] = t1;
1063
1064     blocks[0] = io[0];
1065     blocks[1] = io[1];
1066     blocks[2] = io[2];
1067     blocks[3] = io[3];
1068
1069     return;
1070 }
1071
1072 /**
1073  * stuff for 192 and 256bit encryption/decryption
1074  */
1075 void camellia_encrypt256(const u32 *subkey, u32 *blocks)
1076 {
1077     u32 il,ir,t0,t1;           /* temporary valiables */
1078     u32 io[4];
1079
1080     io[0] = blocks[0];
1081     io[1] = blocks[1];
1082     io[2] = blocks[2];
1083     io[3] = blocks[3];
1084
1085     /* pre whitening but absorb kw2*/
1086     io[0] ^= CamelliaSubkeyL(0);
1087     io[1] ^= CamelliaSubkeyR(0);
1088
1089     /* main iteration */
1090     CAMELLIA_ROUNDSM(io[0],io[1],
1091                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1092                      io[2],io[3],il,ir,t0,t1);
1093     CAMELLIA_ROUNDSM(io[2],io[3],
1094                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1095                      io[0],io[1],il,ir,t0,t1);
1096     CAMELLIA_ROUNDSM(io[0],io[1],
1097                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1098                      io[2],io[3],il,ir,t0,t1);
1099     CAMELLIA_ROUNDSM(io[2],io[3],
1100                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1101                      io[0],io[1],il,ir,t0,t1);
1102     CAMELLIA_ROUNDSM(io[0],io[1],
1103                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1104                      io[2],io[3],il,ir,t0,t1);
1105     CAMELLIA_ROUNDSM(io[2],io[3],
1106                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1107                      io[0],io[1],il,ir,t0,t1);
1108
1109     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1110                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1111                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1112                  t0,t1,il,ir);
1113
1114     CAMELLIA_ROUNDSM(io[0],io[1],
1115                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1116                      io[2],io[3],il,ir,t0,t1);
1117     CAMELLIA_ROUNDSM(io[2],io[3],
1118                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1119                      io[0],io[1],il,ir,t0,t1);
1120     CAMELLIA_ROUNDSM(io[0],io[1],
1121                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1122                      io[2],io[3],il,ir,t0,t1);
1123     CAMELLIA_ROUNDSM(io[2],io[3],
1124                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1125                      io[0],io[1],il,ir,t0,t1);
1126     CAMELLIA_ROUNDSM(io[0],io[1],
1127                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1128                      io[2],io[3],il,ir,t0,t1);
1129     CAMELLIA_ROUNDSM(io[2],io[3],
1130                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1131                      io[0],io[1],il,ir,t0,t1);
1132
1133     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1134                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1135                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1136                  t0,t1,il,ir);
1137
1138     CAMELLIA_ROUNDSM(io[0],io[1],
1139                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1140                      io[2],io[3],il,ir,t0,t1);
1141     CAMELLIA_ROUNDSM(io[2],io[3],
1142                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1143                      io[0],io[1],il,ir,t0,t1);
1144     CAMELLIA_ROUNDSM(io[0],io[1],
1145                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1146                      io[2],io[3],il,ir,t0,t1);
1147     CAMELLIA_ROUNDSM(io[2],io[3],
1148                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1149                      io[0],io[1],il,ir,t0,t1);
1150     CAMELLIA_ROUNDSM(io[0],io[1],
1151                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1152                      io[2],io[3],il,ir,t0,t1);
1153     CAMELLIA_ROUNDSM(io[2],io[3],
1154                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1155                      io[0],io[1],il,ir,t0,t1);
1156
1157     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1158                  CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1159                  CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1160                  t0,t1,il,ir);
1161
1162     CAMELLIA_ROUNDSM(io[0],io[1],
1163                      CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1164                      io[2],io[3],il,ir,t0,t1);
1165     CAMELLIA_ROUNDSM(io[2],io[3],
1166                      CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1167                      io[0],io[1],il,ir,t0,t1);
1168     CAMELLIA_ROUNDSM(io[0],io[1],
1169                      CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1170                      io[2],io[3],il,ir,t0,t1);
1171     CAMELLIA_ROUNDSM(io[2],io[3],
1172                      CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1173                      io[0],io[1],il,ir,t0,t1);
1174     CAMELLIA_ROUNDSM(io[0],io[1],
1175                      CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1176                      io[2],io[3],il,ir,t0,t1);
1177     CAMELLIA_ROUNDSM(io[2],io[3],
1178                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1179                      io[0],io[1],il,ir,t0,t1);
1180
1181     /* post whitening but kw4 */
1182     io[2] ^= CamelliaSubkeyL(32);
1183     io[3] ^= CamelliaSubkeyR(32);
1184
1185     t0 = io[0];
1186     t1 = io[1];
1187     io[0] = io[2];
1188     io[1] = io[3];
1189     io[2] = t0;
1190     io[3] = t1;
1191
1192     blocks[0] = io[0];
1193     blocks[1] = io[1];
1194     blocks[2] = io[2];
1195     blocks[3] = io[3];
1196
1197     return;
1198 }
1199
1200 void camellia_decrypt256(const u32 *subkey, u32 *blocks)
1201 {
1202     u32 il,ir,t0,t1;           /* temporary valiables */
1203     u32 io[4];
1204
1205     io[0] = blocks[0];
1206     io[1] = blocks[1];
1207     io[2] = blocks[2];
1208     io[3] = blocks[3];
1209
1210     /* pre whitening but absorb kw2*/
1211     io[0] ^= CamelliaSubkeyL(32);
1212     io[1] ^= CamelliaSubkeyR(32);
1213
1214     /* main iteration */
1215     CAMELLIA_ROUNDSM(io[0],io[1],
1216                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1217                      io[2],io[3],il,ir,t0,t1);
1218     CAMELLIA_ROUNDSM(io[2],io[3],
1219                      CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1220                      io[0],io[1],il,ir,t0,t1);
1221     CAMELLIA_ROUNDSM(io[0],io[1],
1222                      CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1223                      io[2],io[3],il,ir,t0,t1);
1224     CAMELLIA_ROUNDSM(io[2],io[3],
1225                      CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1226                      io[0],io[1],il,ir,t0,t1);
1227     CAMELLIA_ROUNDSM(io[0],io[1],
1228                      CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1229                      io[2],io[3],il,ir,t0,t1);
1230     CAMELLIA_ROUNDSM(io[2],io[3],
1231                      CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1232                      io[0],io[1],il,ir,t0,t1);
1233
1234     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1235                  CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1236                  CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1237                  t0,t1,il,ir);
1238
1239     CAMELLIA_ROUNDSM(io[0],io[1],
1240                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1241                      io[2],io[3],il,ir,t0,t1);
1242     CAMELLIA_ROUNDSM(io[2],io[3],
1243                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1244                      io[0],io[1],il,ir,t0,t1);
1245     CAMELLIA_ROUNDSM(io[0],io[1],
1246                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1247                      io[2],io[3],il,ir,t0,t1);
1248     CAMELLIA_ROUNDSM(io[2],io[3],
1249                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1250                      io[0],io[1],il,ir,t0,t1);
1251     CAMELLIA_ROUNDSM(io[0],io[1],
1252                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1253                      io[2],io[3],il,ir,t0,t1);
1254     CAMELLIA_ROUNDSM(io[2],io[3],
1255                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1256                      io[0],io[1],il,ir,t0,t1);
1257
1258     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1259                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1260                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1261                  t0,t1,il,ir);
1262
1263     CAMELLIA_ROUNDSM(io[0],io[1],
1264                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1265                      io[2],io[3],il,ir,t0,t1);
1266     CAMELLIA_ROUNDSM(io[2],io[3],
1267                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1268                      io[0],io[1],il,ir,t0,t1);
1269     CAMELLIA_ROUNDSM(io[0],io[1],
1270                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1271                      io[2],io[3],il,ir,t0,t1);
1272     CAMELLIA_ROUNDSM(io[2],io[3],
1273                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1274                      io[0],io[1],il,ir,t0,t1);
1275     CAMELLIA_ROUNDSM(io[0],io[1],
1276                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1277                      io[2],io[3],il,ir,t0,t1);
1278     CAMELLIA_ROUNDSM(io[2],io[3],
1279                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1280                      io[0],io[1],il,ir,t0,t1);
1281
1282     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1283                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1284                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1285                  t0,t1,il,ir);
1286
1287     CAMELLIA_ROUNDSM(io[0],io[1],
1288                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1289                      io[2],io[3],il,ir,t0,t1);
1290     CAMELLIA_ROUNDSM(io[2],io[3],
1291                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1292                      io[0],io[1],il,ir,t0,t1);
1293     CAMELLIA_ROUNDSM(io[0],io[1],
1294                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1295                      io[2],io[3],il,ir,t0,t1);
1296     CAMELLIA_ROUNDSM(io[2],io[3],
1297                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1298                      io[0],io[1],il,ir,t0,t1);
1299     CAMELLIA_ROUNDSM(io[0],io[1],
1300                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1301                      io[2],io[3],il,ir,t0,t1);
1302     CAMELLIA_ROUNDSM(io[2],io[3],
1303                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1304                      io[0],io[1],il,ir,t0,t1);
1305
1306     /* post whitening but kw4 */
1307     io[2] ^= CamelliaSubkeyL(0);
1308     io[3] ^= CamelliaSubkeyR(0);
1309
1310     t0 = io[0];
1311     t1 = io[1];
1312     io[0] = io[2];
1313     io[1] = io[3];
1314     io[2] = t0;
1315     io[3] = t1;
1316
1317     blocks[0] = io[0];
1318     blocks[1] = io[1];
1319     blocks[2] = io[2];
1320     blocks[3] = io[3];
1321
1322     return;
1323 }
1324 #endif /*!USE_ARM_ASM*/
1325
1326
1327 /***
1328  *
1329  * API for compatibility
1330  */
1331
1332 void Camellia_Ekeygen(const int keyBitLength,
1333                       const unsigned char *rawKey,
1334                       KEY_TABLE_TYPE keyTable)
1335 {
1336     switch(keyBitLength) {
1337     case 128:
1338         camellia_setup128(rawKey, keyTable);
1339         break;
1340     case 192:
1341         camellia_setup192(rawKey, keyTable);
1342         break;
1343     case 256:
1344         camellia_setup256(rawKey, keyTable);
1345         break;
1346     default:
1347         break;
1348     }
1349 }
1350
1351
1352 #ifndef USE_ARM_ASM
1353 void Camellia_EncryptBlock(const int keyBitLength,
1354                            const unsigned char *plaintext,
1355                            const KEY_TABLE_TYPE keyTable,
1356                            unsigned char *ciphertext)
1357 {
1358     u32 tmp[4];
1359
1360     tmp[0] = GETU32(plaintext);
1361     tmp[1] = GETU32(plaintext + 4);
1362     tmp[2] = GETU32(plaintext + 8);
1363     tmp[3] = GETU32(plaintext + 12);
1364
1365     switch (keyBitLength) {
1366     case 128:
1367         camellia_encrypt128(keyTable, tmp);
1368         break;
1369     case 192:
1370         /* fall through */
1371     case 256:
1372         camellia_encrypt256(keyTable, tmp);
1373         break;
1374     default:
1375         break;
1376     }
1377
1378     PUTU32(ciphertext, tmp[0]);
1379     PUTU32(ciphertext + 4, tmp[1]);
1380     PUTU32(ciphertext + 8, tmp[2]);
1381     PUTU32(ciphertext + 12, tmp[3]);
1382 }
1383
1384 void Camellia_DecryptBlock(const int keyBitLength,
1385                            const unsigned char *ciphertext,
1386                            const KEY_TABLE_TYPE keyTable,
1387                            unsigned char *plaintext)
1388 {
1389     u32 tmp[4];
1390
1391     tmp[0] = GETU32(ciphertext);
1392     tmp[1] = GETU32(ciphertext + 4);
1393     tmp[2] = GETU32(ciphertext + 8);
1394     tmp[3] = GETU32(ciphertext + 12);
1395
1396     switch (keyBitLength) {
1397     case 128:
1398         camellia_decrypt128(keyTable, tmp);
1399         break;
1400     case 192:
1401         /* fall through */
1402     case 256:
1403         camellia_decrypt256(keyTable, tmp);
1404         break;
1405     default:
1406         break;
1407     }
1408     PUTU32(plaintext, tmp[0]);
1409     PUTU32(plaintext + 4, tmp[1]);
1410     PUTU32(plaintext + 8, tmp[2]);
1411     PUTU32(plaintext + 12, tmp[3]);
1412 }
1413 #endif /*!USE_ARM_ASM*/