camellia: add ARMv6 assembly implementation
[libgcrypt.git] / cipher / camellia.c
1 /* camellia.h   ver 1.2.0
2  *
3  * Copyright (C) 2006,2007
4  * NTT (Nippon Telegraph and Telephone Corporation).
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19
20 /*
21  * Algorithm Specification
22  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23  */
24
25 #include <string.h>
26 #include <stdlib.h>
27
28 #include "camellia.h"
29
30 /* u32 must be 32bit word */
31 typedef unsigned int u32;
32 typedef unsigned char u8;
33
34 /* key constants */
35
36 #define CAMELLIA_SIGMA1L (0xA09E667FL)
37 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
38 #define CAMELLIA_SIGMA2L (0xB67AE858L)
39 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
40 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
41 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
42 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
43 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
44 #define CAMELLIA_SIGMA5L (0x10E527FAL)
45 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
46 #define CAMELLIA_SIGMA6L (0xB05688C2L)
47 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
48
49 /*
50  *  macros
51  */
52
53
54 #if defined(_MSC_VER)
55
56 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
57 # define GETU32(p) SWAP(*((u32 *)(p)))
58 # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
59
60 #else /* not MS-VC */
61
62 # define GETU32(pt)                             \
63     (((u32)(pt)[0] << 24)                       \
64      ^ ((u32)(pt)[1] << 16)                     \
65      ^ ((u32)(pt)[2] <<  8)                     \
66      ^ ((u32)(pt)[3]))
67
68 # define PUTU32(ct, st)  {                      \
69         (ct)[0] = (u8)((st) >> 24);             \
70         (ct)[1] = (u8)((st) >> 16);             \
71         (ct)[2] = (u8)((st) >>  8);             \
72         (ct)[3] = (u8)(st); }
73
74 #endif
75
76 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
77 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
78
79 /* rotation right shift 1byte */
80 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
81 /* rotation left shift 1bit */
82 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
83 /* rotation left shift 1byte */
84 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
85
86 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
87     do {                                                \
88         w0 = ll;                                        \
89         ll = (ll << bits) + (lr >> (32 - bits));        \
90         lr = (lr << bits) + (rl >> (32 - bits));        \
91         rl = (rl << bits) + (rr >> (32 - bits));        \
92         rr = (rr << bits) + (w0 >> (32 - bits));        \
93     } while(0)
94
95 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
96     do {                                                \
97         w0 = ll;                                        \
98         w1 = lr;                                        \
99         ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
100         lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
101         rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
102         rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
103     } while(0)
104
105 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
106 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
107 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
108 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
109
110 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)      \
111     do {                                                        \
112         il = xl ^ kl;                                           \
113         ir = xr ^ kr;                                           \
114         t0 = il >> 16;                                          \
115         t1 = ir >> 16;                                          \
116         yl = CAMELLIA_SP1110(ir & 0xff)                         \
117             ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                 \
118             ^ CAMELLIA_SP3033(t1 & 0xff)                        \
119             ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                \
120         yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                  \
121             ^ CAMELLIA_SP0222(t0 & 0xff)                        \
122             ^ CAMELLIA_SP3033((il >> 8) & 0xff)                 \
123             ^ CAMELLIA_SP4404(il & 0xff);                       \
124         yl ^= yr;                                               \
125         yr = CAMELLIA_RR8(yr);                                  \
126         yr ^= yl;                                               \
127     } while(0)
128
129
130 /*
131  * for speed up
132  *
133  */
134 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
135     do {                                                                \
136         t0 = kll;                                                       \
137         t0 &= ll;                                                       \
138         lr ^= CAMELLIA_RL1(t0);                                         \
139         t1 = klr;                                                       \
140         t1 |= lr;                                                       \
141         ll ^= t1;                                                       \
142                                                                         \
143         t2 = krr;                                                       \
144         t2 |= rr;                                                       \
145         rl ^= t2;                                                       \
146         t3 = krl;                                                       \
147         t3 &= rl;                                                       \
148         rr ^= CAMELLIA_RL1(t3);                                         \
149     } while(0)
150
151 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
152     do {                                                                \
153         yl ^= kl;                                                       \
154         yr ^= kr;                                                       \
155         ir = CAMELLIA_SP1110(xr & 0xff)                                 \
156             ^ CAMELLIA_SP0222((xr >> 24) & 0xff)                        \
157             ^ CAMELLIA_SP3033((xr >> 16) & 0xff)                        \
158             ^ CAMELLIA_SP4404((xr >> 8) & 0xff);                        \
159         il = CAMELLIA_SP1110((xl >> 24) & 0xff)                         \
160             ^ CAMELLIA_SP0222((xl >> 16) & 0xff)                        \
161             ^ CAMELLIA_SP3033((xl >> 8) & 0xff)                         \
162             ^ CAMELLIA_SP4404(xl & 0xff);                               \
163         ir ^= il;                                                       \
164         il = CAMELLIA_RR8(il);                                          \
165         il ^= ir;                                                       \
166         yl ^= ir;                                                       \
167         yr ^= il;                                                       \
168     } while(0)
169
170
171 static const u32 camellia_sp1110[256] = {
172     0x70707000,0x82828200,0x2c2c2c00,0xececec00,
173     0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
174     0xe4e4e400,0x85858500,0x57575700,0x35353500,
175     0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
176     0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
177     0x45454500,0x19191900,0xa5a5a500,0x21212100,
178     0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
179     0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
180     0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
181     0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
182     0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
183     0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
184     0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
185     0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
186     0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
187     0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
188     0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
189     0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
190     0x74747400,0x12121200,0x2b2b2b00,0x20202000,
191     0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
192     0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
193     0x34343400,0x7e7e7e00,0x76767600,0x05050500,
194     0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
195     0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
196     0x14141400,0x58585800,0x3a3a3a00,0x61616100,
197     0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
198     0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
199     0x53535300,0x18181800,0xf2f2f200,0x22222200,
200     0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
201     0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
202     0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
203     0x60606000,0xfcfcfc00,0x69696900,0x50505000,
204     0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
205     0xa1a1a100,0x89898900,0x62626200,0x97979700,
206     0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
207     0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
208     0x10101000,0xc4c4c400,0x00000000,0x48484800,
209     0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
210     0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
211     0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
212     0x87878700,0x5c5c5c00,0x83838300,0x02020200,
213     0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
214     0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
215     0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
216     0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
217     0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
218     0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
219     0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
220     0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
221     0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
222     0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
223     0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
224     0x78787800,0x98989800,0x06060600,0x6a6a6a00,
225     0xe7e7e700,0x46464600,0x71717100,0xbababa00,
226     0xd4d4d400,0x25252500,0xababab00,0x42424200,
227     0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
228     0x72727200,0x07070700,0xb9b9b900,0x55555500,
229     0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
230     0x36363600,0x49494900,0x2a2a2a00,0x68686800,
231     0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
232     0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
233     0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
234     0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
235     0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
236 };
237
238 static const u32 camellia_sp0222[256] = {
239     0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
240     0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
241     0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
242     0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
243     0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
244     0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
245     0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
246     0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
247     0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
248     0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
249     0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
250     0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
251     0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
252     0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
253     0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
254     0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
255     0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
256     0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
257     0x00e8e8e8,0x00242424,0x00565656,0x00404040,
258     0x00e1e1e1,0x00636363,0x00090909,0x00333333,
259     0x00bfbfbf,0x00989898,0x00979797,0x00858585,
260     0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
261     0x00dadada,0x006f6f6f,0x00535353,0x00626262,
262     0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
263     0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
264     0x00bdbdbd,0x00363636,0x00222222,0x00383838,
265     0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
266     0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
267     0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
268     0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
269     0x00484848,0x00101010,0x00d1d1d1,0x00515151,
270     0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
271     0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
272     0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
273     0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
274     0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
275     0x00202020,0x00898989,0x00000000,0x00909090,
276     0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
277     0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
278     0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
279     0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
280     0x009b9b9b,0x00949494,0x00212121,0x00666666,
281     0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
282     0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
283     0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
284     0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
285     0x00030303,0x002d2d2d,0x00dedede,0x00969696,
286     0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
287     0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
288     0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
289     0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
290     0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
291     0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
292     0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
293     0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
294     0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
295     0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
296     0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
297     0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
298     0x00787878,0x00707070,0x00e3e3e3,0x00494949,
299     0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
300     0x00777777,0x00939393,0x00868686,0x00838383,
301     0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
302     0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
303 };
304
305 static const u32 camellia_sp3033[256] = {
306     0x38003838,0x41004141,0x16001616,0x76007676,
307     0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
308     0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
309     0x75007575,0x06000606,0x57005757,0xa000a0a0,
310     0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
311     0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
312     0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
313     0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
314     0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
315     0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
316     0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
317     0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
318     0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
319     0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
320     0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
321     0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
322     0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
323     0xfd00fdfd,0x66006666,0x58005858,0x96009696,
324     0x3a003a3a,0x09000909,0x95009595,0x10001010,
325     0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
326     0xef00efef,0x26002626,0xe500e5e5,0x61006161,
327     0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
328     0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
329     0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
330     0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
331     0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
332     0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
333     0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
334     0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
335     0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
336     0x12001212,0x04000404,0x74007474,0x54005454,
337     0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
338     0x55005555,0x68006868,0x50005050,0xbe00bebe,
339     0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
340     0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
341     0x70007070,0xff00ffff,0x32003232,0x69006969,
342     0x08000808,0x62006262,0x00000000,0x24002424,
343     0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
344     0x45004545,0x81008181,0x73007373,0x6d006d6d,
345     0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
346     0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
347     0xe600e6e6,0x25002525,0x48004848,0x99009999,
348     0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
349     0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
350     0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
351     0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
352     0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
353     0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
354     0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
355     0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
356     0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
357     0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
358     0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
359     0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
360     0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
361     0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
362     0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
363     0x7c007c7c,0x77007777,0x56005656,0x05000505,
364     0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
365     0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
366     0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
367     0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
368     0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
369     0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
370 };
371
372 static const u32 camellia_sp4404[256] = {
373     0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
374     0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
375     0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
376     0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
377     0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
378     0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
379     0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
380     0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
381     0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
382     0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
383     0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
384     0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
385     0x14140014,0x3a3a003a,0xdede00de,0x11110011,
386     0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
387     0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
388     0x24240024,0xe8e800e8,0x60600060,0x69690069,
389     0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
390     0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
391     0x10100010,0x00000000,0xa3a300a3,0x75750075,
392     0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
393     0x87870087,0x83830083,0xcdcd00cd,0x90900090,
394     0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
395     0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
396     0x81810081,0x6f6f006f,0x13130013,0x63630063,
397     0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
398     0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
399     0x78780078,0x06060006,0xe7e700e7,0x71710071,
400     0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
401     0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
402     0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
403     0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
404     0x15150015,0xadad00ad,0x77770077,0x80800080,
405     0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
406     0x85850085,0x35350035,0x0c0c000c,0x41410041,
407     0xefef00ef,0x93930093,0x19190019,0x21210021,
408     0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
409     0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
410     0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
411     0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
412     0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
413     0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
414     0x12120012,0x20200020,0xb1b100b1,0x99990099,
415     0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
416     0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
417     0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
418     0x0f0f000f,0x16160016,0x18180018,0x22220022,
419     0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
420     0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
421     0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
422     0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
423     0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
424     0x03030003,0xdada00da,0x3f3f003f,0x94940094,
425     0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
426     0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
427     0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
428     0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
429     0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
430     0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
431     0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
432     0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
433     0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
434     0x49490049,0x68680068,0x38380038,0xa4a400a4,
435     0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
436     0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
437 };
438
439
440 /**
441  * Stuff related to the Camellia key schedule
442  */
443 #define subl(x) subL[(x)]
444 #define subr(x) subR[(x)]
445
446 void camellia_setup128(const unsigned char *key, u32 *subkey)
447 {
448     u32 kll, klr, krl, krr;
449     u32 il, ir, t0, t1, w0, w1;
450     u32 kw4l, kw4r, dw, tl, tr;
451     u32 subL[26];
452     u32 subR[26];
453
454     /**
455      *  k == kll || klr || krl || krr (|| is concatination)
456      */
457     kll = GETU32(key     );
458     klr = GETU32(key +  4);
459     krl = GETU32(key +  8);
460     krr = GETU32(key + 12);
461     /**
462      * generate KL dependent subkeys
463      */
464     subl(0) = kll; subr(0) = klr;
465     subl(1) = krl; subr(1) = krr;
466     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
467     subl(4) = kll; subr(4) = klr;
468     subl(5) = krl; subr(5) = krr;
469     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
470     subl(10) = kll; subr(10) = klr;
471     subl(11) = krl; subr(11) = krr;
472     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
473     subl(13) = krl; subr(13) = krr;
474     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
475     subl(16) = kll; subr(16) = klr;
476     subl(17) = krl; subr(17) = krr;
477     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
478     subl(18) = kll; subr(18) = klr;
479     subl(19) = krl; subr(19) = krr;
480     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
481     subl(22) = kll; subr(22) = klr;
482     subl(23) = krl; subr(23) = krr;
483
484     /* generate KA */
485     kll = subl(0); klr = subr(0);
486     krl = subl(1); krr = subr(1);
487     CAMELLIA_F(kll, klr,
488                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
489                w0, w1, il, ir, t0, t1);
490     krl ^= w0; krr ^= w1;
491     CAMELLIA_F(krl, krr,
492                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
493                kll, klr, il, ir, t0, t1);
494     CAMELLIA_F(kll, klr,
495                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
496                krl, krr, il, ir, t0, t1);
497     krl ^= w0; krr ^= w1;
498     CAMELLIA_F(krl, krr,
499                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
500                w0, w1, il, ir, t0, t1);
501     kll ^= w0; klr ^= w1;
502
503     /* generate KA dependent subkeys */
504     subl(2) = kll; subr(2) = klr;
505     subl(3) = krl; subr(3) = krr;
506     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
507     subl(6) = kll; subr(6) = klr;
508     subl(7) = krl; subr(7) = krr;
509     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
510     subl(8) = kll; subr(8) = klr;
511     subl(9) = krl; subr(9) = krr;
512     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
513     subl(12) = kll; subr(12) = klr;
514     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515     subl(14) = kll; subr(14) = klr;
516     subl(15) = krl; subr(15) = krr;
517     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
518     subl(20) = kll; subr(20) = klr;
519     subl(21) = krl; subr(21) = krr;
520     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
521     subl(24) = kll; subr(24) = klr;
522     subl(25) = krl; subr(25) = krr;
523
524
525     /* absorb kw2 to other subkeys */
526     subl(3) ^= subl(1); subr(3) ^= subr(1);
527     subl(5) ^= subl(1); subr(5) ^= subr(1);
528     subl(7) ^= subl(1); subr(7) ^= subr(1);
529     subl(1) ^= subr(1) & ~subr(9);
530     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
531     subl(11) ^= subl(1); subr(11) ^= subr(1);
532     subl(13) ^= subl(1); subr(13) ^= subr(1);
533     subl(15) ^= subl(1); subr(15) ^= subr(1);
534     subl(1) ^= subr(1) & ~subr(17);
535     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
536     subl(19) ^= subl(1); subr(19) ^= subr(1);
537     subl(21) ^= subl(1); subr(21) ^= subr(1);
538     subl(23) ^= subl(1); subr(23) ^= subr(1);
539     subl(24) ^= subl(1); subr(24) ^= subr(1);
540
541     /* absorb kw4 to other subkeys */
542     kw4l = subl(25); kw4r = subr(25);
543     subl(22) ^= kw4l; subr(22) ^= kw4r;
544     subl(20) ^= kw4l; subr(20) ^= kw4r;
545     subl(18) ^= kw4l; subr(18) ^= kw4r;
546     kw4l ^= kw4r & ~subr(16);
547     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
548     subl(14) ^= kw4l; subr(14) ^= kw4r;
549     subl(12) ^= kw4l; subr(12) ^= kw4r;
550     subl(10) ^= kw4l; subr(10) ^= kw4r;
551     kw4l ^= kw4r & ~subr(8);
552     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
553     subl(6) ^= kw4l; subr(6) ^= kw4r;
554     subl(4) ^= kw4l; subr(4) ^= kw4r;
555     subl(2) ^= kw4l; subr(2) ^= kw4r;
556     subl(0) ^= kw4l; subr(0) ^= kw4r;
557
558     /* key XOR is end of F-function */
559     CamelliaSubkeyL(0) = subl(0) ^ subl(2);
560     CamelliaSubkeyR(0) = subr(0) ^ subr(2);
561     CamelliaSubkeyL(2) = subl(3);
562     CamelliaSubkeyR(2) = subr(3);
563     CamelliaSubkeyL(3) = subl(2) ^ subl(4);
564     CamelliaSubkeyR(3) = subr(2) ^ subr(4);
565     CamelliaSubkeyL(4) = subl(3) ^ subl(5);
566     CamelliaSubkeyR(4) = subr(3) ^ subr(5);
567     CamelliaSubkeyL(5) = subl(4) ^ subl(6);
568     CamelliaSubkeyR(5) = subr(4) ^ subr(6);
569     CamelliaSubkeyL(6) = subl(5) ^ subl(7);
570     CamelliaSubkeyR(6) = subr(5) ^ subr(7);
571     tl = subl(10) ^ (subr(10) & ~subr(8));
572     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
573     CamelliaSubkeyL(7) = subl(6) ^ tl;
574     CamelliaSubkeyR(7) = subr(6) ^ tr;
575     CamelliaSubkeyL(8) = subl(8);
576     CamelliaSubkeyR(8) = subr(8);
577     CamelliaSubkeyL(9) = subl(9);
578     CamelliaSubkeyR(9) = subr(9);
579     tl = subl(7) ^ (subr(7) & ~subr(9));
580     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
581     CamelliaSubkeyL(10) = tl ^ subl(11);
582     CamelliaSubkeyR(10) = tr ^ subr(11);
583     CamelliaSubkeyL(11) = subl(10) ^ subl(12);
584     CamelliaSubkeyR(11) = subr(10) ^ subr(12);
585     CamelliaSubkeyL(12) = subl(11) ^ subl(13);
586     CamelliaSubkeyR(12) = subr(11) ^ subr(13);
587     CamelliaSubkeyL(13) = subl(12) ^ subl(14);
588     CamelliaSubkeyR(13) = subr(12) ^ subr(14);
589     CamelliaSubkeyL(14) = subl(13) ^ subl(15);
590     CamelliaSubkeyR(14) = subr(13) ^ subr(15);
591     tl = subl(18) ^ (subr(18) & ~subr(16));
592     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
593     CamelliaSubkeyL(15) = subl(14) ^ tl;
594     CamelliaSubkeyR(15) = subr(14) ^ tr;
595     CamelliaSubkeyL(16) = subl(16);
596     CamelliaSubkeyR(16) = subr(16);
597     CamelliaSubkeyL(17) = subl(17);
598     CamelliaSubkeyR(17) = subr(17);
599     tl = subl(15) ^ (subr(15) & ~subr(17));
600     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
601     CamelliaSubkeyL(18) = tl ^ subl(19);
602     CamelliaSubkeyR(18) = tr ^ subr(19);
603     CamelliaSubkeyL(19) = subl(18) ^ subl(20);
604     CamelliaSubkeyR(19) = subr(18) ^ subr(20);
605     CamelliaSubkeyL(20) = subl(19) ^ subl(21);
606     CamelliaSubkeyR(20) = subr(19) ^ subr(21);
607     CamelliaSubkeyL(21) = subl(20) ^ subl(22);
608     CamelliaSubkeyR(21) = subr(20) ^ subr(22);
609     CamelliaSubkeyL(22) = subl(21) ^ subl(23);
610     CamelliaSubkeyR(22) = subr(21) ^ subr(23);
611     CamelliaSubkeyL(23) = subl(22);
612     CamelliaSubkeyR(23) = subr(22);
613     CamelliaSubkeyL(24) = subl(24) ^ subl(23);
614     CamelliaSubkeyR(24) = subr(24) ^ subr(23);
615
616     return;
617 }
618
619 void camellia_setup256(const unsigned char *key, u32 *subkey)
620 {
621     u32 kll,klr,krl,krr;           /* left half of key */
622     u32 krll,krlr,krrl,krrr;       /* right half of key */
623     u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
624     u32 kw4l, kw4r, dw, tl, tr;
625     u32 subL[34];
626     u32 subR[34];
627
628     /**
629      *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
630      *  (|| is concatination)
631      */
632
633     kll  = GETU32(key     );
634     klr  = GETU32(key +  4);
635     krl  = GETU32(key +  8);
636     krr  = GETU32(key + 12);
637     krll = GETU32(key + 16);
638     krlr = GETU32(key + 20);
639     krrl = GETU32(key + 24);
640     krrr = GETU32(key + 28);
641
642     /* generate KL dependent subkeys */
643     subl(0) = kll; subr(0) = klr;
644     subl(1) = krl; subr(1) = krr;
645     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
646     subl(12) = kll; subr(12) = klr;
647     subl(13) = krl; subr(13) = krr;
648     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
649     subl(16) = kll; subr(16) = klr;
650     subl(17) = krl; subr(17) = krr;
651     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
652     subl(22) = kll; subr(22) = klr;
653     subl(23) = krl; subr(23) = krr;
654     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
655     subl(30) = kll; subr(30) = klr;
656     subl(31) = krl; subr(31) = krr;
657
658     /* generate KR dependent subkeys */
659     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
660     subl(4) = krll; subr(4) = krlr;
661     subl(5) = krrl; subr(5) = krrr;
662     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
663     subl(8) = krll; subr(8) = krlr;
664     subl(9) = krrl; subr(9) = krrr;
665     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
666     subl(18) = krll; subr(18) = krlr;
667     subl(19) = krrl; subr(19) = krrr;
668     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
669     subl(26) = krll; subr(26) = krlr;
670     subl(27) = krrl; subr(27) = krrr;
671     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
672
673     /* generate KA */
674     kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
675     krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
676     CAMELLIA_F(kll, klr,
677                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
678                w0, w1, il, ir, t0, t1);
679     krl ^= w0; krr ^= w1;
680     CAMELLIA_F(krl, krr,
681                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
682                kll, klr, il, ir, t0, t1);
683     kll ^= krll; klr ^= krlr;
684     CAMELLIA_F(kll, klr,
685                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
686                krl, krr, il, ir, t0, t1);
687     krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
688     CAMELLIA_F(krl, krr,
689                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
690                w0, w1, il, ir, t0, t1);
691     kll ^= w0; klr ^= w1;
692
693     /* generate KB */
694     krll ^= kll; krlr ^= klr;
695     krrl ^= krl; krrr ^= krr;
696     CAMELLIA_F(krll, krlr,
697                CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
698                w0, w1, il, ir, t0, t1);
699     krrl ^= w0; krrr ^= w1;
700     CAMELLIA_F(krrl, krrr,
701                CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
702                w0, w1, il, ir, t0, t1);
703     krll ^= w0; krlr ^= w1;
704
705     /* generate KA dependent subkeys */
706     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
707     subl(6) = kll; subr(6) = klr;
708     subl(7) = krl; subr(7) = krr;
709     CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
710     subl(14) = kll; subr(14) = klr;
711     subl(15) = krl; subr(15) = krr;
712     subl(24) = klr; subr(24) = krl;
713     subl(25) = krr; subr(25) = kll;
714     CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
715     subl(28) = kll; subr(28) = klr;
716     subl(29) = krl; subr(29) = krr;
717
718     /* generate KB dependent subkeys */
719     subl(2) = krll; subr(2) = krlr;
720     subl(3) = krrl; subr(3) = krrr;
721     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
722     subl(10) = krll; subr(10) = krlr;
723     subl(11) = krrl; subr(11) = krrr;
724     CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
725     subl(20) = krll; subr(20) = krlr;
726     subl(21) = krrl; subr(21) = krrr;
727     CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
728     subl(32) = krll; subr(32) = krlr;
729     subl(33) = krrl; subr(33) = krrr;
730
731     /* absorb kw2 to other subkeys */
732     subl(3) ^= subl(1); subr(3) ^= subr(1);
733     subl(5) ^= subl(1); subr(5) ^= subr(1);
734     subl(7) ^= subl(1); subr(7) ^= subr(1);
735     subl(1) ^= subr(1) & ~subr(9);
736     dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
737     subl(11) ^= subl(1); subr(11) ^= subr(1);
738     subl(13) ^= subl(1); subr(13) ^= subr(1);
739     subl(15) ^= subl(1); subr(15) ^= subr(1);
740     subl(1) ^= subr(1) & ~subr(17);
741     dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
742     subl(19) ^= subl(1); subr(19) ^= subr(1);
743     subl(21) ^= subl(1); subr(21) ^= subr(1);
744     subl(23) ^= subl(1); subr(23) ^= subr(1);
745     subl(1) ^= subr(1) & ~subr(25);
746     dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
747     subl(27) ^= subl(1); subr(27) ^= subr(1);
748     subl(29) ^= subl(1); subr(29) ^= subr(1);
749     subl(31) ^= subl(1); subr(31) ^= subr(1);
750     subl(32) ^= subl(1); subr(32) ^= subr(1);
751
752     /* absorb kw4 to other subkeys */
753     kw4l = subl(33); kw4r = subr(33);
754     subl(30) ^= kw4l; subr(30) ^= kw4r;
755     subl(28) ^= kw4l; subr(28) ^= kw4r;
756     subl(26) ^= kw4l; subr(26) ^= kw4r;
757     kw4l ^= kw4r & ~subr(24);
758     dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
759     subl(22) ^= kw4l; subr(22) ^= kw4r;
760     subl(20) ^= kw4l; subr(20) ^= kw4r;
761     subl(18) ^= kw4l; subr(18) ^= kw4r;
762     kw4l ^= kw4r & ~subr(16);
763     dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
764     subl(14) ^= kw4l; subr(14) ^= kw4r;
765     subl(12) ^= kw4l; subr(12) ^= kw4r;
766     subl(10) ^= kw4l; subr(10) ^= kw4r;
767     kw4l ^= kw4r & ~subr(8);
768     dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
769     subl(6) ^= kw4l; subr(6) ^= kw4r;
770     subl(4) ^= kw4l; subr(4) ^= kw4r;
771     subl(2) ^= kw4l; subr(2) ^= kw4r;
772     subl(0) ^= kw4l; subr(0) ^= kw4r;
773
774     /* key XOR is end of F-function */
775     CamelliaSubkeyL(0) = subl(0) ^ subl(2);
776     CamelliaSubkeyR(0) = subr(0) ^ subr(2);
777     CamelliaSubkeyL(2) = subl(3);
778     CamelliaSubkeyR(2) = subr(3);
779     CamelliaSubkeyL(3) = subl(2) ^ subl(4);
780     CamelliaSubkeyR(3) = subr(2) ^ subr(4);
781     CamelliaSubkeyL(4) = subl(3) ^ subl(5);
782     CamelliaSubkeyR(4) = subr(3) ^ subr(5);
783     CamelliaSubkeyL(5) = subl(4) ^ subl(6);
784     CamelliaSubkeyR(5) = subr(4) ^ subr(6);
785     CamelliaSubkeyL(6) = subl(5) ^ subl(7);
786     CamelliaSubkeyR(6) = subr(5) ^ subr(7);
787     tl = subl(10) ^ (subr(10) & ~subr(8));
788     dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
789     CamelliaSubkeyL(7) = subl(6) ^ tl;
790     CamelliaSubkeyR(7) = subr(6) ^ tr;
791     CamelliaSubkeyL(8) = subl(8);
792     CamelliaSubkeyR(8) = subr(8);
793     CamelliaSubkeyL(9) = subl(9);
794     CamelliaSubkeyR(9) = subr(9);
795     tl = subl(7) ^ (subr(7) & ~subr(9));
796     dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
797     CamelliaSubkeyL(10) = tl ^ subl(11);
798     CamelliaSubkeyR(10) = tr ^ subr(11);
799     CamelliaSubkeyL(11) = subl(10) ^ subl(12);
800     CamelliaSubkeyR(11) = subr(10) ^ subr(12);
801     CamelliaSubkeyL(12) = subl(11) ^ subl(13);
802     CamelliaSubkeyR(12) = subr(11) ^ subr(13);
803     CamelliaSubkeyL(13) = subl(12) ^ subl(14);
804     CamelliaSubkeyR(13) = subr(12) ^ subr(14);
805     CamelliaSubkeyL(14) = subl(13) ^ subl(15);
806     CamelliaSubkeyR(14) = subr(13) ^ subr(15);
807     tl = subl(18) ^ (subr(18) & ~subr(16));
808     dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
809     CamelliaSubkeyL(15) = subl(14) ^ tl;
810     CamelliaSubkeyR(15) = subr(14) ^ tr;
811     CamelliaSubkeyL(16) = subl(16);
812     CamelliaSubkeyR(16) = subr(16);
813     CamelliaSubkeyL(17) = subl(17);
814     CamelliaSubkeyR(17) = subr(17);
815     tl = subl(15) ^ (subr(15) & ~subr(17));
816     dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
817     CamelliaSubkeyL(18) = tl ^ subl(19);
818     CamelliaSubkeyR(18) = tr ^ subr(19);
819     CamelliaSubkeyL(19) = subl(18) ^ subl(20);
820     CamelliaSubkeyR(19) = subr(18) ^ subr(20);
821     CamelliaSubkeyL(20) = subl(19) ^ subl(21);
822     CamelliaSubkeyR(20) = subr(19) ^ subr(21);
823     CamelliaSubkeyL(21) = subl(20) ^ subl(22);
824     CamelliaSubkeyR(21) = subr(20) ^ subr(22);
825     CamelliaSubkeyL(22) = subl(21) ^ subl(23);
826     CamelliaSubkeyR(22) = subr(21) ^ subr(23);
827     tl = subl(26) ^ (subr(26) & ~subr(24));
828     dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
829     CamelliaSubkeyL(23) = subl(22) ^ tl;
830     CamelliaSubkeyR(23) = subr(22) ^ tr;
831     CamelliaSubkeyL(24) = subl(24);
832     CamelliaSubkeyR(24) = subr(24);
833     CamelliaSubkeyL(25) = subl(25);
834     CamelliaSubkeyR(25) = subr(25);
835     tl = subl(23) ^ (subr(23) &  ~subr(25));
836     dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
837     CamelliaSubkeyL(26) = tl ^ subl(27);
838     CamelliaSubkeyR(26) = tr ^ subr(27);
839     CamelliaSubkeyL(27) = subl(26) ^ subl(28);
840     CamelliaSubkeyR(27) = subr(26) ^ subr(28);
841     CamelliaSubkeyL(28) = subl(27) ^ subl(29);
842     CamelliaSubkeyR(28) = subr(27) ^ subr(29);
843     CamelliaSubkeyL(29) = subl(28) ^ subl(30);
844     CamelliaSubkeyR(29) = subr(28) ^ subr(30);
845     CamelliaSubkeyL(30) = subl(29) ^ subl(31);
846     CamelliaSubkeyR(30) = subr(29) ^ subr(31);
847     CamelliaSubkeyL(31) = subl(30);
848     CamelliaSubkeyR(31) = subr(30);
849     CamelliaSubkeyL(32) = subl(32) ^ subl(31);
850     CamelliaSubkeyR(32) = subr(32) ^ subr(31);
851
852     return;
853 }
854
855 void camellia_setup192(const unsigned char *key, u32 *subkey)
856 {
857     unsigned char kk[32];
858     u32 krll, krlr, krrl,krrr;
859
860     memcpy(kk, key, 24);
861     memcpy((unsigned char *)&krll, key+16,4);
862     memcpy((unsigned char *)&krlr, key+20,4);
863     krrl = ~krll;
864     krrr = ~krlr;
865     memcpy(kk+24, (unsigned char *)&krrl, 4);
866     memcpy(kk+28, (unsigned char *)&krrr, 4);
867     camellia_setup256(kk, subkey);
868     return;
869 }
870
871
872 #ifndef USE_ARMV6_ASM
873 /**
874  * Stuff related to camellia encryption/decryption
875  *
876  * "io" must be 4byte aligned and big-endian data.
877  */
878 void camellia_encrypt128(const u32 *subkey, u32 *blocks)
879 {
880     u32 il, ir, t0, t1;
881     u32 io[4];
882
883     io[0] = blocks[0];
884     io[1] = blocks[1];
885     io[2] = blocks[2];
886     io[3] = blocks[3];
887
888     /* pre whitening but absorb kw2*/
889     io[0] ^= CamelliaSubkeyL(0);
890     io[1] ^= CamelliaSubkeyR(0);
891     /* main iteration */
892
893     CAMELLIA_ROUNDSM(io[0],io[1],
894                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
895                      io[2],io[3],il,ir,t0,t1);
896     CAMELLIA_ROUNDSM(io[2],io[3],
897                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
898                      io[0],io[1],il,ir,t0,t1);
899     CAMELLIA_ROUNDSM(io[0],io[1],
900                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
901                      io[2],io[3],il,ir,t0,t1);
902     CAMELLIA_ROUNDSM(io[2],io[3],
903                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
904                      io[0],io[1],il,ir,t0,t1);
905     CAMELLIA_ROUNDSM(io[0],io[1],
906                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
907                      io[2],io[3],il,ir,t0,t1);
908     CAMELLIA_ROUNDSM(io[2],io[3],
909                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
910                      io[0],io[1],il,ir,t0,t1);
911
912     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
913                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
914                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
915                  t0,t1,il,ir);
916
917     CAMELLIA_ROUNDSM(io[0],io[1],
918                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
919                      io[2],io[3],il,ir,t0,t1);
920     CAMELLIA_ROUNDSM(io[2],io[3],
921                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
922                      io[0],io[1],il,ir,t0,t1);
923     CAMELLIA_ROUNDSM(io[0],io[1],
924                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
925                      io[2],io[3],il,ir,t0,t1);
926     CAMELLIA_ROUNDSM(io[2],io[3],
927                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
928                      io[0],io[1],il,ir,t0,t1);
929     CAMELLIA_ROUNDSM(io[0],io[1],
930                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
931                      io[2],io[3],il,ir,t0,t1);
932     CAMELLIA_ROUNDSM(io[2],io[3],
933                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
934                      io[0],io[1],il,ir,t0,t1);
935
936     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
937                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
938                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
939                  t0,t1,il,ir);
940
941     CAMELLIA_ROUNDSM(io[0],io[1],
942                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
943                      io[2],io[3],il,ir,t0,t1);
944     CAMELLIA_ROUNDSM(io[2],io[3],
945                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
946                      io[0],io[1],il,ir,t0,t1);
947     CAMELLIA_ROUNDSM(io[0],io[1],
948                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
949                      io[2],io[3],il,ir,t0,t1);
950     CAMELLIA_ROUNDSM(io[2],io[3],
951                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
952                      io[0],io[1],il,ir,t0,t1);
953     CAMELLIA_ROUNDSM(io[0],io[1],
954                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
955                      io[2],io[3],il,ir,t0,t1);
956     CAMELLIA_ROUNDSM(io[2],io[3],
957                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
958                      io[0],io[1],il,ir,t0,t1);
959
960     /* post whitening but kw4 */
961     io[2] ^= CamelliaSubkeyL(24);
962     io[3] ^= CamelliaSubkeyR(24);
963
964     t0 = io[0];
965     t1 = io[1];
966     io[0] = io[2];
967     io[1] = io[3];
968     io[2] = t0;
969     io[3] = t1;
970
971     blocks[0] = io[0];
972     blocks[1] = io[1];
973     blocks[2] = io[2];
974     blocks[3] = io[3];
975
976     return;
977 }
978
979 void camellia_decrypt128(const u32 *subkey, u32 *blocks)
980 {
981     u32 il,ir,t0,t1;               /* temporary valiables */
982     u32 io[4];
983
984     io[0] = blocks[0];
985     io[1] = blocks[1];
986     io[2] = blocks[2];
987     io[3] = blocks[3];
988
989     /* pre whitening but absorb kw2*/
990     io[0] ^= CamelliaSubkeyL(24);
991     io[1] ^= CamelliaSubkeyR(24);
992
993     /* main iteration */
994     CAMELLIA_ROUNDSM(io[0],io[1],
995                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
996                      io[2],io[3],il,ir,t0,t1);
997     CAMELLIA_ROUNDSM(io[2],io[3],
998                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
999                      io[0],io[1],il,ir,t0,t1);
1000     CAMELLIA_ROUNDSM(io[0],io[1],
1001                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1002                      io[2],io[3],il,ir,t0,t1);
1003     CAMELLIA_ROUNDSM(io[2],io[3],
1004                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1005                      io[0],io[1],il,ir,t0,t1);
1006     CAMELLIA_ROUNDSM(io[0],io[1],
1007                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1008                      io[2],io[3],il,ir,t0,t1);
1009     CAMELLIA_ROUNDSM(io[2],io[3],
1010                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1011                      io[0],io[1],il,ir,t0,t1);
1012
1013     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1014                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1015                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1016                  t0,t1,il,ir);
1017
1018     CAMELLIA_ROUNDSM(io[0],io[1],
1019                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1020                      io[2],io[3],il,ir,t0,t1);
1021     CAMELLIA_ROUNDSM(io[2],io[3],
1022                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1023                      io[0],io[1],il,ir,t0,t1);
1024     CAMELLIA_ROUNDSM(io[0],io[1],
1025                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1026                      io[2],io[3],il,ir,t0,t1);
1027     CAMELLIA_ROUNDSM(io[2],io[3],
1028                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1029                      io[0],io[1],il,ir,t0,t1);
1030     CAMELLIA_ROUNDSM(io[0],io[1],
1031                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1032                      io[2],io[3],il,ir,t0,t1);
1033     CAMELLIA_ROUNDSM(io[2],io[3],
1034                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1035                      io[0],io[1],il,ir,t0,t1);
1036
1037     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1038                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1039                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1040                  t0,t1,il,ir);
1041
1042     CAMELLIA_ROUNDSM(io[0],io[1],
1043                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1044                      io[2],io[3],il,ir,t0,t1);
1045     CAMELLIA_ROUNDSM(io[2],io[3],
1046                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1047                      io[0],io[1],il,ir,t0,t1);
1048     CAMELLIA_ROUNDSM(io[0],io[1],
1049                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1050                      io[2],io[3],il,ir,t0,t1);
1051     CAMELLIA_ROUNDSM(io[2],io[3],
1052                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1053                      io[0],io[1],il,ir,t0,t1);
1054     CAMELLIA_ROUNDSM(io[0],io[1],
1055                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1056                      io[2],io[3],il,ir,t0,t1);
1057     CAMELLIA_ROUNDSM(io[2],io[3],
1058                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1059                      io[0],io[1],il,ir,t0,t1);
1060
1061     /* post whitening but kw4 */
1062     io[2] ^= CamelliaSubkeyL(0);
1063     io[3] ^= CamelliaSubkeyR(0);
1064
1065     t0 = io[0];
1066     t1 = io[1];
1067     io[0] = io[2];
1068     io[1] = io[3];
1069     io[2] = t0;
1070     io[3] = t1;
1071
1072     blocks[0] = io[0];
1073     blocks[1] = io[1];
1074     blocks[2] = io[2];
1075     blocks[3] = io[3];
1076
1077     return;
1078 }
1079
1080 /**
1081  * stuff for 192 and 256bit encryption/decryption
1082  */
1083 void camellia_encrypt256(const u32 *subkey, u32 *blocks)
1084 {
1085     u32 il,ir,t0,t1;           /* temporary valiables */
1086     u32 io[4];
1087
1088     io[0] = blocks[0];
1089     io[1] = blocks[1];
1090     io[2] = blocks[2];
1091     io[3] = blocks[3];
1092
1093     /* pre whitening but absorb kw2*/
1094     io[0] ^= CamelliaSubkeyL(0);
1095     io[1] ^= CamelliaSubkeyR(0);
1096
1097     /* main iteration */
1098     CAMELLIA_ROUNDSM(io[0],io[1],
1099                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1100                      io[2],io[3],il,ir,t0,t1);
1101     CAMELLIA_ROUNDSM(io[2],io[3],
1102                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1103                      io[0],io[1],il,ir,t0,t1);
1104     CAMELLIA_ROUNDSM(io[0],io[1],
1105                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1106                      io[2],io[3],il,ir,t0,t1);
1107     CAMELLIA_ROUNDSM(io[2],io[3],
1108                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1109                      io[0],io[1],il,ir,t0,t1);
1110     CAMELLIA_ROUNDSM(io[0],io[1],
1111                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1112                      io[2],io[3],il,ir,t0,t1);
1113     CAMELLIA_ROUNDSM(io[2],io[3],
1114                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1115                      io[0],io[1],il,ir,t0,t1);
1116
1117     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1118                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1119                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1120                  t0,t1,il,ir);
1121
1122     CAMELLIA_ROUNDSM(io[0],io[1],
1123                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1124                      io[2],io[3],il,ir,t0,t1);
1125     CAMELLIA_ROUNDSM(io[2],io[3],
1126                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1127                      io[0],io[1],il,ir,t0,t1);
1128     CAMELLIA_ROUNDSM(io[0],io[1],
1129                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1130                      io[2],io[3],il,ir,t0,t1);
1131     CAMELLIA_ROUNDSM(io[2],io[3],
1132                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1133                      io[0],io[1],il,ir,t0,t1);
1134     CAMELLIA_ROUNDSM(io[0],io[1],
1135                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1136                      io[2],io[3],il,ir,t0,t1);
1137     CAMELLIA_ROUNDSM(io[2],io[3],
1138                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1139                      io[0],io[1],il,ir,t0,t1);
1140
1141     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1142                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1143                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1144                  t0,t1,il,ir);
1145
1146     CAMELLIA_ROUNDSM(io[0],io[1],
1147                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1148                      io[2],io[3],il,ir,t0,t1);
1149     CAMELLIA_ROUNDSM(io[2],io[3],
1150                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1151                      io[0],io[1],il,ir,t0,t1);
1152     CAMELLIA_ROUNDSM(io[0],io[1],
1153                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1154                      io[2],io[3],il,ir,t0,t1);
1155     CAMELLIA_ROUNDSM(io[2],io[3],
1156                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1157                      io[0],io[1],il,ir,t0,t1);
1158     CAMELLIA_ROUNDSM(io[0],io[1],
1159                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1160                      io[2],io[3],il,ir,t0,t1);
1161     CAMELLIA_ROUNDSM(io[2],io[3],
1162                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1163                      io[0],io[1],il,ir,t0,t1);
1164
1165     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1166                  CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1167                  CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1168                  t0,t1,il,ir);
1169
1170     CAMELLIA_ROUNDSM(io[0],io[1],
1171                      CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1172                      io[2],io[3],il,ir,t0,t1);
1173     CAMELLIA_ROUNDSM(io[2],io[3],
1174                      CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1175                      io[0],io[1],il,ir,t0,t1);
1176     CAMELLIA_ROUNDSM(io[0],io[1],
1177                      CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1178                      io[2],io[3],il,ir,t0,t1);
1179     CAMELLIA_ROUNDSM(io[2],io[3],
1180                      CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1181                      io[0],io[1],il,ir,t0,t1);
1182     CAMELLIA_ROUNDSM(io[0],io[1],
1183                      CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1184                      io[2],io[3],il,ir,t0,t1);
1185     CAMELLIA_ROUNDSM(io[2],io[3],
1186                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1187                      io[0],io[1],il,ir,t0,t1);
1188
1189     /* post whitening but kw4 */
1190     io[2] ^= CamelliaSubkeyL(32);
1191     io[3] ^= CamelliaSubkeyR(32);
1192
1193     t0 = io[0];
1194     t1 = io[1];
1195     io[0] = io[2];
1196     io[1] = io[3];
1197     io[2] = t0;
1198     io[3] = t1;
1199
1200     blocks[0] = io[0];
1201     blocks[1] = io[1];
1202     blocks[2] = io[2];
1203     blocks[3] = io[3];
1204
1205     return;
1206 }
1207
1208 void camellia_decrypt256(const u32 *subkey, u32 *blocks)
1209 {
1210     u32 il,ir,t0,t1;           /* temporary valiables */
1211     u32 io[4];
1212
1213     io[0] = blocks[0];
1214     io[1] = blocks[1];
1215     io[2] = blocks[2];
1216     io[3] = blocks[3];
1217
1218     /* pre whitening but absorb kw2*/
1219     io[0] ^= CamelliaSubkeyL(32);
1220     io[1] ^= CamelliaSubkeyR(32);
1221
1222     /* main iteration */
1223     CAMELLIA_ROUNDSM(io[0],io[1],
1224                      CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1225                      io[2],io[3],il,ir,t0,t1);
1226     CAMELLIA_ROUNDSM(io[2],io[3],
1227                      CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1228                      io[0],io[1],il,ir,t0,t1);
1229     CAMELLIA_ROUNDSM(io[0],io[1],
1230                      CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1231                      io[2],io[3],il,ir,t0,t1);
1232     CAMELLIA_ROUNDSM(io[2],io[3],
1233                      CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1234                      io[0],io[1],il,ir,t0,t1);
1235     CAMELLIA_ROUNDSM(io[0],io[1],
1236                      CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1237                      io[2],io[3],il,ir,t0,t1);
1238     CAMELLIA_ROUNDSM(io[2],io[3],
1239                      CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1240                      io[0],io[1],il,ir,t0,t1);
1241
1242     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1243                  CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1244                  CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1245                  t0,t1,il,ir);
1246
1247     CAMELLIA_ROUNDSM(io[0],io[1],
1248                      CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1249                      io[2],io[3],il,ir,t0,t1);
1250     CAMELLIA_ROUNDSM(io[2],io[3],
1251                      CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1252                      io[0],io[1],il,ir,t0,t1);
1253     CAMELLIA_ROUNDSM(io[0],io[1],
1254                      CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1255                      io[2],io[3],il,ir,t0,t1);
1256     CAMELLIA_ROUNDSM(io[2],io[3],
1257                      CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1258                      io[0],io[1],il,ir,t0,t1);
1259     CAMELLIA_ROUNDSM(io[0],io[1],
1260                      CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1261                      io[2],io[3],il,ir,t0,t1);
1262     CAMELLIA_ROUNDSM(io[2],io[3],
1263                      CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1264                      io[0],io[1],il,ir,t0,t1);
1265
1266     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1267                  CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1268                  CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1269                  t0,t1,il,ir);
1270
1271     CAMELLIA_ROUNDSM(io[0],io[1],
1272                      CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1273                      io[2],io[3],il,ir,t0,t1);
1274     CAMELLIA_ROUNDSM(io[2],io[3],
1275                      CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1276                      io[0],io[1],il,ir,t0,t1);
1277     CAMELLIA_ROUNDSM(io[0],io[1],
1278                      CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1279                      io[2],io[3],il,ir,t0,t1);
1280     CAMELLIA_ROUNDSM(io[2],io[3],
1281                      CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1282                      io[0],io[1],il,ir,t0,t1);
1283     CAMELLIA_ROUNDSM(io[0],io[1],
1284                      CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1285                      io[2],io[3],il,ir,t0,t1);
1286     CAMELLIA_ROUNDSM(io[2],io[3],
1287                      CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1288                      io[0],io[1],il,ir,t0,t1);
1289
1290     CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1291                  CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1292                  CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1293                  t0,t1,il,ir);
1294
1295     CAMELLIA_ROUNDSM(io[0],io[1],
1296                      CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1297                      io[2],io[3],il,ir,t0,t1);
1298     CAMELLIA_ROUNDSM(io[2],io[3],
1299                      CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1300                      io[0],io[1],il,ir,t0,t1);
1301     CAMELLIA_ROUNDSM(io[0],io[1],
1302                      CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1303                      io[2],io[3],il,ir,t0,t1);
1304     CAMELLIA_ROUNDSM(io[2],io[3],
1305                      CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1306                      io[0],io[1],il,ir,t0,t1);
1307     CAMELLIA_ROUNDSM(io[0],io[1],
1308                      CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1309                      io[2],io[3],il,ir,t0,t1);
1310     CAMELLIA_ROUNDSM(io[2],io[3],
1311                      CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1312                      io[0],io[1],il,ir,t0,t1);
1313
1314     /* post whitening but kw4 */
1315     io[2] ^= CamelliaSubkeyL(0);
1316     io[3] ^= CamelliaSubkeyR(0);
1317
1318     t0 = io[0];
1319     t1 = io[1];
1320     io[0] = io[2];
1321     io[1] = io[3];
1322     io[2] = t0;
1323     io[3] = t1;
1324
1325     blocks[0] = io[0];
1326     blocks[1] = io[1];
1327     blocks[2] = io[2];
1328     blocks[3] = io[3];
1329
1330     return;
1331 }
1332 #endif /*!USE_ARMV6_ASM*/
1333
1334
1335 /***
1336  *
1337  * API for compatibility
1338  */
1339
1340 void Camellia_Ekeygen(const int keyBitLength,
1341                       const unsigned char *rawKey,
1342                       KEY_TABLE_TYPE keyTable)
1343 {
1344     switch(keyBitLength) {
1345     case 128:
1346         camellia_setup128(rawKey, keyTable);
1347         break;
1348     case 192:
1349         camellia_setup192(rawKey, keyTable);
1350         break;
1351     case 256:
1352         camellia_setup256(rawKey, keyTable);
1353         break;
1354     default:
1355         break;
1356     }
1357 }
1358
1359
1360 #ifndef USE_ARMV6_ASM
1361 void Camellia_EncryptBlock(const int keyBitLength,
1362                            const unsigned char *plaintext,
1363                            const KEY_TABLE_TYPE keyTable,
1364                            unsigned char *ciphertext)
1365 {
1366     u32 tmp[4];
1367
1368     tmp[0] = GETU32(plaintext);
1369     tmp[1] = GETU32(plaintext + 4);
1370     tmp[2] = GETU32(plaintext + 8);
1371     tmp[3] = GETU32(plaintext + 12);
1372
1373     switch (keyBitLength) {
1374     case 128:
1375         camellia_encrypt128(keyTable, tmp);
1376         break;
1377     case 192:
1378         /* fall through */
1379     case 256:
1380         camellia_encrypt256(keyTable, tmp);
1381         break;
1382     default:
1383         break;
1384     }
1385
1386     PUTU32(ciphertext, tmp[0]);
1387     PUTU32(ciphertext + 4, tmp[1]);
1388     PUTU32(ciphertext + 8, tmp[2]);
1389     PUTU32(ciphertext + 12, tmp[3]);
1390 }
1391
1392 void Camellia_DecryptBlock(const int keyBitLength,
1393                            const unsigned char *ciphertext,
1394                            const KEY_TABLE_TYPE keyTable,
1395                            unsigned char *plaintext)
1396 {
1397     u32 tmp[4];
1398
1399     tmp[0] = GETU32(ciphertext);
1400     tmp[1] = GETU32(ciphertext + 4);
1401     tmp[2] = GETU32(ciphertext + 8);
1402     tmp[3] = GETU32(ciphertext + 12);
1403
1404     switch (keyBitLength) {
1405     case 128:
1406         camellia_decrypt128(keyTable, tmp);
1407         break;
1408     case 192:
1409         /* fall through */
1410     case 256:
1411         camellia_decrypt256(keyTable, tmp);
1412         break;
1413     default:
1414         break;
1415     }
1416     PUTU32(plaintext, tmp[0]);
1417     PUTU32(plaintext + 4, tmp[1]);
1418     PUTU32(plaintext + 8, tmp[2]);
1419     PUTU32(plaintext + 12, tmp[3]);
1420 }
1421 #endif /*!USE_ARMV6_ASM*/