security/nss/lib/freebl/camellia.c@b8a032363ba2
security/nss/lib/freebl/camellia.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifdef FREEBL_NO_DEPEND
6 #include "stubs.h"
7 #endif
9 #include "prinit.h"
10 #include "prerr.h"
11 #include "secerr.h"
13 #include "prtypes.h"
14 #include "blapi.h"
15 #include "camellia.h"
16 #include "sha_fast.h" /* for SHA_HTONL and related configuration macros */
19 /* key constants */
21 #define CAMELLIA_SIGMA1L (0xA09E667FL)
22 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
23 #define CAMELLIA_SIGMA2L (0xB67AE858L)
24 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
25 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
26 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
27 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
28 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
29 #define CAMELLIA_SIGMA5L (0x10E527FAL)
30 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
31 #define CAMELLIA_SIGMA6L (0xB05688C2L)
32 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
34 /*
35 * macros
36 */
39 #if defined(SHA_ALLOW_UNALIGNED_ACCESS)
41 /* require a CPU that allows unaligned access */
43 #if defined(SHA_NEED_TMP_VARIABLE)
44 #define CAMELLIA_NEED_TMP_VARIABLE 1
45 #endif
47 # define GETU32(p) SHA_HTONL(*((PRUint32 *)(p)))
48 # define PUTU32(ct, st) {*((PRUint32 *)(ct)) = SHA_HTONL(st);}
50 #else /* no unaligned access */
52 # define GETU32(pt) \
53 (((PRUint32)(pt)[0] << 24) \
54 ^ ((PRUint32)(pt)[1] << 16) \
55 ^ ((PRUint32)(pt)[2] << 8) \
56 ^ ((PRUint32)(pt)[3]))
58 # define PUTU32(ct, st) { \
59 (ct)[0] = (PRUint8)((st) >> 24); \
60 (ct)[1] = (PRUint8)((st) >> 16); \
61 (ct)[2] = (PRUint8)((st) >> 8); \
62 (ct)[3] = (PRUint8)(st); }
64 #endif
66 #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
67 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
69 /* rotation right shift 1byte */
70 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
71 /* rotation left shift 1bit */
72 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
73 /* rotation left shift 1byte */
74 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
76 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
77 do { \
78 w0 = ll; \
79 ll = (ll << bits) + (lr >> (32 - bits)); \
80 lr = (lr << bits) + (rl >> (32 - bits)); \
81 rl = (rl << bits) + (rr >> (32 - bits)); \
82 rr = (rr << bits) + (w0 >> (32 - bits)); \
83 } while(0)
85 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
86 do { \
87 w0 = ll; \
88 w1 = lr; \
89 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
90 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
91 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
92 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
93 } while(0)
95 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
96 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
97 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
98 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
100 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
101 do { \
102 il = xl ^ kl; \
103 ir = xr ^ kr; \
104 t0 = il >> 16; \
105 t1 = ir >> 16; \
106 yl = CAMELLIA_SP1110(ir & 0xff) \
107 ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
108 ^ CAMELLIA_SP3033(t1 & 0xff) \
109 ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
110 yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
111 ^ CAMELLIA_SP0222(t0 & 0xff) \
112 ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
113 ^ CAMELLIA_SP4404(il & 0xff); \
114 yl ^= yr; \
115 yr = CAMELLIA_RR8(yr); \
116 yr ^= yl; \
117 } while(0)
120 /*
121 * for speed up
122 *
123 */
124 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
125 do { \
126 t0 = kll; \
127 t0 &= ll; \
128 lr ^= CAMELLIA_RL1(t0); \
129 t1 = klr; \
130 t1 |= lr; \
131 ll ^= t1; \
132 \
133 t2 = krr; \
134 t2 |= rr; \
135 rl ^= t2; \
136 t3 = krl; \
137 t3 &= rl; \
138 rr ^= CAMELLIA_RL1(t3); \
139 } while(0)
141 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
142 do { \
143 ir = CAMELLIA_SP1110(xr & 0xff) \
144 ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
145 ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
146 ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
147 il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
148 ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
149 ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
150 ^ CAMELLIA_SP4404(xl & 0xff); \
151 il ^= kl; \
152 ir ^= kr; \
153 ir ^= il; \
154 il = CAMELLIA_RR8(il); \
155 il ^= ir; \
156 yl ^= ir; \
157 yr ^= il; \
158 } while(0)
161 static const PRUint32 camellia_sp1110[256] = {
162 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
163 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
164 0xe4e4e400,0x85858500,0x57575700,0x35353500,
165 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
166 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
167 0x45454500,0x19191900,0xa5a5a500,0x21212100,
168 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
169 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
170 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
171 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
172 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
173 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
174 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
175 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
176 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
177 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
178 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
179 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
180 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
181 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
182 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
183 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
184 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
185 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
186 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
187 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
188 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
189 0x53535300,0x18181800,0xf2f2f200,0x22222200,
190 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
191 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
192 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
193 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
194 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
195 0xa1a1a100,0x89898900,0x62626200,0x97979700,
196 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
197 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
198 0x10101000,0xc4c4c400,0x00000000,0x48484800,
199 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
200 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
201 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
202 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
203 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
204 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
205 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
206 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
207 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
208 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
209 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
210 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
211 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
212 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
213 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
214 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
215 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
216 0xd4d4d400,0x25252500,0xababab00,0x42424200,
217 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
218 0x72727200,0x07070700,0xb9b9b900,0x55555500,
219 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
220 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
221 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
222 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
223 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
224 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
225 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
226 };
228 static const PRUint32 camellia_sp0222[256] = {
229 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
230 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
231 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
232 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
233 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
234 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
235 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
236 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
237 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
238 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
239 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
240 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
241 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
242 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
243 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
244 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
245 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
246 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
247 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
248 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
249 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
250 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
251 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
252 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
253 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
254 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
255 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
256 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
257 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
258 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
259 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
260 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
261 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
262 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
263 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
264 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
265 0x00202020,0x00898989,0x00000000,0x00909090,
266 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
267 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
268 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
269 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
270 0x009b9b9b,0x00949494,0x00212121,0x00666666,
271 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
272 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
273 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
274 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
275 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
276 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
277 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
278 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
279 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
280 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
281 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
282 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
283 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
284 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
285 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
286 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
287 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
288 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
289 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
290 0x00777777,0x00939393,0x00868686,0x00838383,
291 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
292 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
293 };
295 static const PRUint32 camellia_sp3033[256] = {
296 0x38003838,0x41004141,0x16001616,0x76007676,
297 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
298 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
299 0x75007575,0x06000606,0x57005757,0xa000a0a0,
300 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
301 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
302 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
303 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
304 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
305 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
306 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
307 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
308 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
309 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
310 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
311 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
312 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
313 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
314 0x3a003a3a,0x09000909,0x95009595,0x10001010,
315 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
316 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
317 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
318 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
319 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
320 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
321 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
322 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
323 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
324 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
325 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
326 0x12001212,0x04000404,0x74007474,0x54005454,
327 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
328 0x55005555,0x68006868,0x50005050,0xbe00bebe,
329 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
330 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
331 0x70007070,0xff00ffff,0x32003232,0x69006969,
332 0x08000808,0x62006262,0x00000000,0x24002424,
333 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
334 0x45004545,0x81008181,0x73007373,0x6d006d6d,
335 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
336 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
337 0xe600e6e6,0x25002525,0x48004848,0x99009999,
338 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
339 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
340 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
341 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
342 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
343 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
344 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
345 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
346 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
347 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
348 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
349 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
350 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
351 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
352 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
353 0x7c007c7c,0x77007777,0x56005656,0x05000505,
354 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
355 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
356 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
357 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
358 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
359 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
360 };
362 static const PRUint32 camellia_sp4404[256] = {
363 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
364 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
365 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
366 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
367 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
368 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
369 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
370 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
371 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
372 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
373 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
374 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
375 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
376 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
377 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
378 0x24240024,0xe8e800e8,0x60600060,0x69690069,
379 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
380 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
381 0x10100010,0x00000000,0xa3a300a3,0x75750075,
382 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
383 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
384 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
385 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
386 0x81810081,0x6f6f006f,0x13130013,0x63630063,
387 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
388 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
389 0x78780078,0x06060006,0xe7e700e7,0x71710071,
390 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
391 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
392 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
393 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
394 0x15150015,0xadad00ad,0x77770077,0x80800080,
395 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
396 0x85850085,0x35350035,0x0c0c000c,0x41410041,
397 0xefef00ef,0x93930093,0x19190019,0x21210021,
398 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
399 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
400 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
401 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
402 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
403 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
404 0x12120012,0x20200020,0xb1b100b1,0x99990099,
405 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
406 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
407 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
408 0x0f0f000f,0x16160016,0x18180018,0x22220022,
409 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
410 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
411 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
412 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
413 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
414 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
415 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
416 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
417 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
418 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
419 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
420 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
421 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
422 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
423 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
424 0x49490049,0x68680068,0x38380038,0xa4a400a4,
425 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
426 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
427 };
430 /**
431 * Stuff related to the Camellia key schedule
432 */
433 #define subl(x) subL[(x)]
434 #define subr(x) subR[(x)]
436 void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
437 {
438 PRUint32 kll, klr, krl, krr;
439 PRUint32 il, ir, t0, t1, w0, w1;
440 PRUint32 kw4l, kw4r, dw, tl, tr;
441 PRUint32 subL[26];
442 PRUint32 subR[26];
443 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
444 PRUint32 tmp;
445 #endif
447 /**
448 * k == kll || klr || krl || krr (|| is concatination)
449 */
450 kll = GETU32(key );
451 klr = GETU32(key + 4);
452 krl = GETU32(key + 8);
453 krr = GETU32(key + 12);
454 /**
455 * generate KL dependent subkeys
456 */
457 subl(0) = kll; subr(0) = klr;
458 subl(1) = krl; subr(1) = krr;
459 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
460 subl(4) = kll; subr(4) = klr;
461 subl(5) = krl; subr(5) = krr;
462 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
463 subl(10) = kll; subr(10) = klr;
464 subl(11) = krl; subr(11) = krr;
465 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
466 subl(13) = krl; subr(13) = krr;
467 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
468 subl(16) = kll; subr(16) = klr;
469 subl(17) = krl; subr(17) = krr;
470 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
471 subl(18) = kll; subr(18) = klr;
472 subl(19) = krl; subr(19) = krr;
473 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
474 subl(22) = kll; subr(22) = klr;
475 subl(23) = krl; subr(23) = krr;
477 /* generate KA */
478 kll = subl(0); klr = subr(0);
479 krl = subl(1); krr = subr(1);
480 CAMELLIA_F(kll, klr,
481 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
482 w0, w1, il, ir, t0, t1);
483 krl ^= w0; krr ^= w1;
484 CAMELLIA_F(krl, krr,
485 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
486 kll, klr, il, ir, t0, t1);
487 CAMELLIA_F(kll, klr,
488 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
489 krl, krr, il, ir, t0, t1);
490 krl ^= w0; krr ^= w1;
491 CAMELLIA_F(krl, krr,
492 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
493 w0, w1, il, ir, t0, t1);
494 kll ^= w0; klr ^= w1;
496 /* generate KA dependent subkeys */
497 subl(2) = kll; subr(2) = klr;
498 subl(3) = krl; subr(3) = krr;
499 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
500 subl(6) = kll; subr(6) = klr;
501 subl(7) = krl; subr(7) = krr;
502 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503 subl(8) = kll; subr(8) = klr;
504 subl(9) = krl; subr(9) = krr;
505 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
506 subl(12) = kll; subr(12) = klr;
507 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
508 subl(14) = kll; subr(14) = klr;
509 subl(15) = krl; subr(15) = krr;
510 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
511 subl(20) = kll; subr(20) = klr;
512 subl(21) = krl; subr(21) = krr;
513 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
514 subl(24) = kll; subr(24) = klr;
515 subl(25) = krl; subr(25) = krr;
518 /* absorb kw2 to other subkeys */
519 subl(3) ^= subl(1); subr(3) ^= subr(1);
520 subl(5) ^= subl(1); subr(5) ^= subr(1);
521 subl(7) ^= subl(1); subr(7) ^= subr(1);
522 subl(1) ^= subr(1) & ~subr(9);
523 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
524 subl(11) ^= subl(1); subr(11) ^= subr(1);
525 subl(13) ^= subl(1); subr(13) ^= subr(1);
526 subl(15) ^= subl(1); subr(15) ^= subr(1);
527 subl(1) ^= subr(1) & ~subr(17);
528 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
529 subl(19) ^= subl(1); subr(19) ^= subr(1);
530 subl(21) ^= subl(1); subr(21) ^= subr(1);
531 subl(23) ^= subl(1); subr(23) ^= subr(1);
532 subl(24) ^= subl(1); subr(24) ^= subr(1);
534 /* absorb kw4 to other subkeys */
535 kw4l = subl(25); kw4r = subr(25);
536 subl(22) ^= kw4l; subr(22) ^= kw4r;
537 subl(20) ^= kw4l; subr(20) ^= kw4r;
538 subl(18) ^= kw4l; subr(18) ^= kw4r;
539 kw4l ^= kw4r & ~subr(16);
540 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
541 subl(14) ^= kw4l; subr(14) ^= kw4r;
542 subl(12) ^= kw4l; subr(12) ^= kw4r;
543 subl(10) ^= kw4l; subr(10) ^= kw4r;
544 kw4l ^= kw4r & ~subr(8);
545 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
546 subl(6) ^= kw4l; subr(6) ^= kw4r;
547 subl(4) ^= kw4l; subr(4) ^= kw4r;
548 subl(2) ^= kw4l; subr(2) ^= kw4r;
549 subl(0) ^= kw4l; subr(0) ^= kw4r;
551 /* key XOR is end of F-function */
552 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
553 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
554 CamelliaSubkeyL(2) = subl(3);
555 CamelliaSubkeyR(2) = subr(3);
556 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
557 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
558 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
559 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
560 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
561 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
562 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
563 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
564 tl = subl(10) ^ (subr(10) & ~subr(8));
565 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
566 CamelliaSubkeyL(7) = subl(6) ^ tl;
567 CamelliaSubkeyR(7) = subr(6) ^ tr;
568 CamelliaSubkeyL(8) = subl(8);
569 CamelliaSubkeyR(8) = subr(8);
570 CamelliaSubkeyL(9) = subl(9);
571 CamelliaSubkeyR(9) = subr(9);
572 tl = subl(7) ^ (subr(7) & ~subr(9));
573 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
574 CamelliaSubkeyL(10) = tl ^ subl(11);
575 CamelliaSubkeyR(10) = tr ^ subr(11);
576 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
577 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
578 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
579 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
580 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
581 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
582 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
583 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
584 tl = subl(18) ^ (subr(18) & ~subr(16));
585 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
586 CamelliaSubkeyL(15) = subl(14) ^ tl;
587 CamelliaSubkeyR(15) = subr(14) ^ tr;
588 CamelliaSubkeyL(16) = subl(16);
589 CamelliaSubkeyR(16) = subr(16);
590 CamelliaSubkeyL(17) = subl(17);
591 CamelliaSubkeyR(17) = subr(17);
592 tl = subl(15) ^ (subr(15) & ~subr(17));
593 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
594 CamelliaSubkeyL(18) = tl ^ subl(19);
595 CamelliaSubkeyR(18) = tr ^ subr(19);
596 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
597 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
598 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
599 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
600 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
601 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
602 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
603 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
604 CamelliaSubkeyL(23) = subl(22);
605 CamelliaSubkeyR(23) = subr(22);
606 CamelliaSubkeyL(24) = subl(24) ^ subl(23);
607 CamelliaSubkeyR(24) = subr(24) ^ subr(23);
609 /* apply the inverse of the last half of P-function */
610 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
611 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
612 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
613 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
614 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
615 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
616 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
617 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
618 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
619 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
620 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
621 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
622 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
623 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
624 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
625 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
626 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
627 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
628 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
629 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
630 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
631 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
632 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
633 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
634 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
635 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
636 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
637 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
638 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
639 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
640 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
641 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
642 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
643 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
644 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
645 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
647 return;
648 }
650 void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
651 {
652 PRUint32 kll,klr,krl,krr; /* left half of key */
653 PRUint32 krll,krlr,krrl,krrr; /* right half of key */
654 PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */
655 PRUint32 kw4l, kw4r, dw, tl, tr;
656 PRUint32 subL[34];
657 PRUint32 subR[34];
658 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
659 PRUint32 tmp;
660 #endif
662 /**
663 * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
664 * (|| is concatination)
665 */
667 kll = GETU32(key );
668 klr = GETU32(key + 4);
669 krl = GETU32(key + 8);
670 krr = GETU32(key + 12);
671 krll = GETU32(key + 16);
672 krlr = GETU32(key + 20);
673 krrl = GETU32(key + 24);
674 krrr = GETU32(key + 28);
676 /* generate KL dependent subkeys */
677 subl(0) = kll; subr(0) = klr;
678 subl(1) = krl; subr(1) = krr;
679 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
680 subl(12) = kll; subr(12) = klr;
681 subl(13) = krl; subr(13) = krr;
682 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
683 subl(16) = kll; subr(16) = klr;
684 subl(17) = krl; subr(17) = krr;
685 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
686 subl(22) = kll; subr(22) = klr;
687 subl(23) = krl; subr(23) = krr;
688 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
689 subl(30) = kll; subr(30) = klr;
690 subl(31) = krl; subr(31) = krr;
692 /* generate KR dependent subkeys */
693 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
694 subl(4) = krll; subr(4) = krlr;
695 subl(5) = krrl; subr(5) = krrr;
696 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
697 subl(8) = krll; subr(8) = krlr;
698 subl(9) = krrl; subr(9) = krrr;
699 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
700 subl(18) = krll; subr(18) = krlr;
701 subl(19) = krrl; subr(19) = krrr;
702 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
703 subl(26) = krll; subr(26) = krlr;
704 subl(27) = krrl; subr(27) = krrr;
705 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
707 /* generate KA */
708 kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
709 krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
710 CAMELLIA_F(kll, klr,
711 CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
712 w0, w1, il, ir, t0, t1);
713 krl ^= w0; krr ^= w1;
714 CAMELLIA_F(krl, krr,
715 CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
716 kll, klr, il, ir, t0, t1);
717 kll ^= krll; klr ^= krlr;
718 CAMELLIA_F(kll, klr,
719 CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
720 krl, krr, il, ir, t0, t1);
721 krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
722 CAMELLIA_F(krl, krr,
723 CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
724 w0, w1, il, ir, t0, t1);
725 kll ^= w0; klr ^= w1;
727 /* generate KB */
728 krll ^= kll; krlr ^= klr;
729 krrl ^= krl; krrr ^= krr;
730 CAMELLIA_F(krll, krlr,
731 CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
732 w0, w1, il, ir, t0, t1);
733 krrl ^= w0; krrr ^= w1;
734 CAMELLIA_F(krrl, krrr,
735 CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
736 w0, w1, il, ir, t0, t1);
737 krll ^= w0; krlr ^= w1;
739 /* generate KA dependent subkeys */
740 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
741 subl(6) = kll; subr(6) = klr;
742 subl(7) = krl; subr(7) = krr;
743 CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
744 subl(14) = kll; subr(14) = klr;
745 subl(15) = krl; subr(15) = krr;
746 subl(24) = klr; subr(24) = krl;
747 subl(25) = krr; subr(25) = kll;
748 CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
749 subl(28) = kll; subr(28) = klr;
750 subl(29) = krl; subr(29) = krr;
752 /* generate KB dependent subkeys */
753 subl(2) = krll; subr(2) = krlr;
754 subl(3) = krrl; subr(3) = krrr;
755 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
756 subl(10) = krll; subr(10) = krlr;
757 subl(11) = krrl; subr(11) = krrr;
758 CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
759 subl(20) = krll; subr(20) = krlr;
760 subl(21) = krrl; subr(21) = krrr;
761 CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
762 subl(32) = krll; subr(32) = krlr;
763 subl(33) = krrl; subr(33) = krrr;
765 /* absorb kw2 to other subkeys */
766 subl(3) ^= subl(1); subr(3) ^= subr(1);
767 subl(5) ^= subl(1); subr(5) ^= subr(1);
768 subl(7) ^= subl(1); subr(7) ^= subr(1);
769 subl(1) ^= subr(1) & ~subr(9);
770 dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
771 subl(11) ^= subl(1); subr(11) ^= subr(1);
772 subl(13) ^= subl(1); subr(13) ^= subr(1);
773 subl(15) ^= subl(1); subr(15) ^= subr(1);
774 subl(1) ^= subr(1) & ~subr(17);
775 dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
776 subl(19) ^= subl(1); subr(19) ^= subr(1);
777 subl(21) ^= subl(1); subr(21) ^= subr(1);
778 subl(23) ^= subl(1); subr(23) ^= subr(1);
779 subl(1) ^= subr(1) & ~subr(25);
780 dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
781 subl(27) ^= subl(1); subr(27) ^= subr(1);
782 subl(29) ^= subl(1); subr(29) ^= subr(1);
783 subl(31) ^= subl(1); subr(31) ^= subr(1);
784 subl(32) ^= subl(1); subr(32) ^= subr(1);
786 /* absorb kw4 to other subkeys */
787 kw4l = subl(33); kw4r = subr(33);
788 subl(30) ^= kw4l; subr(30) ^= kw4r;
789 subl(28) ^= kw4l; subr(28) ^= kw4r;
790 subl(26) ^= kw4l; subr(26) ^= kw4r;
791 kw4l ^= kw4r & ~subr(24);
792 dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
793 subl(22) ^= kw4l; subr(22) ^= kw4r;
794 subl(20) ^= kw4l; subr(20) ^= kw4r;
795 subl(18) ^= kw4l; subr(18) ^= kw4r;
796 kw4l ^= kw4r & ~subr(16);
797 dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
798 subl(14) ^= kw4l; subr(14) ^= kw4r;
799 subl(12) ^= kw4l; subr(12) ^= kw4r;
800 subl(10) ^= kw4l; subr(10) ^= kw4r;
801 kw4l ^= kw4r & ~subr(8);
802 dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
803 subl(6) ^= kw4l; subr(6) ^= kw4r;
804 subl(4) ^= kw4l; subr(4) ^= kw4r;
805 subl(2) ^= kw4l; subr(2) ^= kw4r;
806 subl(0) ^= kw4l; subr(0) ^= kw4r;
808 /* key XOR is end of F-function */
809 CamelliaSubkeyL(0) = subl(0) ^ subl(2);
810 CamelliaSubkeyR(0) = subr(0) ^ subr(2);
811 CamelliaSubkeyL(2) = subl(3);
812 CamelliaSubkeyR(2) = subr(3);
813 CamelliaSubkeyL(3) = subl(2) ^ subl(4);
814 CamelliaSubkeyR(3) = subr(2) ^ subr(4);
815 CamelliaSubkeyL(4) = subl(3) ^ subl(5);
816 CamelliaSubkeyR(4) = subr(3) ^ subr(5);
817 CamelliaSubkeyL(5) = subl(4) ^ subl(6);
818 CamelliaSubkeyR(5) = subr(4) ^ subr(6);
819 CamelliaSubkeyL(6) = subl(5) ^ subl(7);
820 CamelliaSubkeyR(6) = subr(5) ^ subr(7);
821 tl = subl(10) ^ (subr(10) & ~subr(8));
822 dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
823 CamelliaSubkeyL(7) = subl(6) ^ tl;
824 CamelliaSubkeyR(7) = subr(6) ^ tr;
825 CamelliaSubkeyL(8) = subl(8);
826 CamelliaSubkeyR(8) = subr(8);
827 CamelliaSubkeyL(9) = subl(9);
828 CamelliaSubkeyR(9) = subr(9);
829 tl = subl(7) ^ (subr(7) & ~subr(9));
830 dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
831 CamelliaSubkeyL(10) = tl ^ subl(11);
832 CamelliaSubkeyR(10) = tr ^ subr(11);
833 CamelliaSubkeyL(11) = subl(10) ^ subl(12);
834 CamelliaSubkeyR(11) = subr(10) ^ subr(12);
835 CamelliaSubkeyL(12) = subl(11) ^ subl(13);
836 CamelliaSubkeyR(12) = subr(11) ^ subr(13);
837 CamelliaSubkeyL(13) = subl(12) ^ subl(14);
838 CamelliaSubkeyR(13) = subr(12) ^ subr(14);
839 CamelliaSubkeyL(14) = subl(13) ^ subl(15);
840 CamelliaSubkeyR(14) = subr(13) ^ subr(15);
841 tl = subl(18) ^ (subr(18) & ~subr(16));
842 dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
843 CamelliaSubkeyL(15) = subl(14) ^ tl;
844 CamelliaSubkeyR(15) = subr(14) ^ tr;
845 CamelliaSubkeyL(16) = subl(16);
846 CamelliaSubkeyR(16) = subr(16);
847 CamelliaSubkeyL(17) = subl(17);
848 CamelliaSubkeyR(17) = subr(17);
849 tl = subl(15) ^ (subr(15) & ~subr(17));
850 dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
851 CamelliaSubkeyL(18) = tl ^ subl(19);
852 CamelliaSubkeyR(18) = tr ^ subr(19);
853 CamelliaSubkeyL(19) = subl(18) ^ subl(20);
854 CamelliaSubkeyR(19) = subr(18) ^ subr(20);
855 CamelliaSubkeyL(20) = subl(19) ^ subl(21);
856 CamelliaSubkeyR(20) = subr(19) ^ subr(21);
857 CamelliaSubkeyL(21) = subl(20) ^ subl(22);
858 CamelliaSubkeyR(21) = subr(20) ^ subr(22);
859 CamelliaSubkeyL(22) = subl(21) ^ subl(23);
860 CamelliaSubkeyR(22) = subr(21) ^ subr(23);
861 tl = subl(26) ^ (subr(26) & ~subr(24));
862 dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
863 CamelliaSubkeyL(23) = subl(22) ^ tl;
864 CamelliaSubkeyR(23) = subr(22) ^ tr;
865 CamelliaSubkeyL(24) = subl(24);
866 CamelliaSubkeyR(24) = subr(24);
867 CamelliaSubkeyL(25) = subl(25);
868 CamelliaSubkeyR(25) = subr(25);
869 tl = subl(23) ^ (subr(23) & ~subr(25));
870 dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
871 CamelliaSubkeyL(26) = tl ^ subl(27);
872 CamelliaSubkeyR(26) = tr ^ subr(27);
873 CamelliaSubkeyL(27) = subl(26) ^ subl(28);
874 CamelliaSubkeyR(27) = subr(26) ^ subr(28);
875 CamelliaSubkeyL(28) = subl(27) ^ subl(29);
876 CamelliaSubkeyR(28) = subr(27) ^ subr(29);
877 CamelliaSubkeyL(29) = subl(28) ^ subl(30);
878 CamelliaSubkeyR(29) = subr(28) ^ subr(30);
879 CamelliaSubkeyL(30) = subl(29) ^ subl(31);
880 CamelliaSubkeyR(30) = subr(29) ^ subr(31);
881 CamelliaSubkeyL(31) = subl(30);
882 CamelliaSubkeyR(31) = subr(30);
883 CamelliaSubkeyL(32) = subl(32) ^ subl(31);
884 CamelliaSubkeyR(32) = subr(32) ^ subr(31);
886 /* apply the inverse of the last half of P-function */
887 dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
888 CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
889 dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
890 CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
891 dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
892 CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
893 dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
894 CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
895 dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
896 CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
897 dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
898 CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
899 dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
900 CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
901 dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
902 CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
903 dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
904 CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
905 dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
906 CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
907 dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
908 CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
909 dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
910 CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
911 dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
912 CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
913 dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
914 CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
915 dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
916 CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
917 dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
918 CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
919 dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
920 CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
921 dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
922 CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
923 dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
924 CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
925 dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
926 CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
927 dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
928 CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
929 dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
930 CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
931 dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
932 CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
933 dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
934 CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
936 return;
937 }
939 void camellia_setup192(const unsigned char *key, PRUint32 *subkey)
940 {
941 unsigned char kk[32];
942 PRUint32 krll, krlr, krrl,krrr;
944 memcpy(kk, key, 24);
945 memcpy((unsigned char *)&krll, key+16,4);
946 memcpy((unsigned char *)&krlr, key+20,4);
947 krrl = ~krll;
948 krrr = ~krlr;
949 memcpy(kk+24, (unsigned char *)&krrl, 4);
950 memcpy(kk+28, (unsigned char *)&krrr, 4);
951 camellia_setup256(kk, subkey);
952 return;
953 }
956 /**
957 * Stuff related to camellia encryption/decryption
958 *
959 */
960 SECStatus
961 camellia_encrypt128(const PRUint32 *subkey,
962 unsigned char *output,
963 const unsigned char *input)
964 {
965 PRUint32 il, ir, t0, t1;
966 PRUint32 io[4];
967 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
968 PRUint32 tmp;
969 #endif
971 io[0] = GETU32(input);
972 io[1] = GETU32(input+4);
973 io[2] = GETU32(input+8);
974 io[3] = GETU32(input+12);
976 /* pre whitening but absorb kw2*/
977 io[0] ^= CamelliaSubkeyL(0);
978 io[1] ^= CamelliaSubkeyR(0);
979 /* main iteration */
981 CAMELLIA_ROUNDSM(io[0],io[1],
982 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
983 io[2],io[3],il,ir,t0,t1);
984 CAMELLIA_ROUNDSM(io[2],io[3],
985 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
986 io[0],io[1],il,ir,t0,t1);
987 CAMELLIA_ROUNDSM(io[0],io[1],
988 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
989 io[2],io[3],il,ir,t0,t1);
990 CAMELLIA_ROUNDSM(io[2],io[3],
991 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
992 io[0],io[1],il,ir,t0,t1);
993 CAMELLIA_ROUNDSM(io[0],io[1],
994 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
995 io[2],io[3],il,ir,t0,t1);
996 CAMELLIA_ROUNDSM(io[2],io[3],
997 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
998 io[0],io[1],il,ir,t0,t1);
1000 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1001 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1002 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1003 t0,t1,il,ir);
1005 CAMELLIA_ROUNDSM(io[0],io[1],
1006 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1007 io[2],io[3],il,ir,t0,t1);
1008 CAMELLIA_ROUNDSM(io[2],io[3],
1009 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1010 io[0],io[1],il,ir,t0,t1);
1011 CAMELLIA_ROUNDSM(io[0],io[1],
1012 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1013 io[2],io[3],il,ir,t0,t1);
1014 CAMELLIA_ROUNDSM(io[2],io[3],
1015 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1016 io[0],io[1],il,ir,t0,t1);
1017 CAMELLIA_ROUNDSM(io[0],io[1],
1018 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1019 io[2],io[3],il,ir,t0,t1);
1020 CAMELLIA_ROUNDSM(io[2],io[3],
1021 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1022 io[0],io[1],il,ir,t0,t1);
1024 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1025 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1026 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1027 t0,t1,il,ir);
1029 CAMELLIA_ROUNDSM(io[0],io[1],
1030 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1031 io[2],io[3],il,ir,t0,t1);
1032 CAMELLIA_ROUNDSM(io[2],io[3],
1033 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1034 io[0],io[1],il,ir,t0,t1);
1035 CAMELLIA_ROUNDSM(io[0],io[1],
1036 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1037 io[2],io[3],il,ir,t0,t1);
1038 CAMELLIA_ROUNDSM(io[2],io[3],
1039 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1040 io[0],io[1],il,ir,t0,t1);
1041 CAMELLIA_ROUNDSM(io[0],io[1],
1042 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1043 io[2],io[3],il,ir,t0,t1);
1044 CAMELLIA_ROUNDSM(io[2],io[3],
1045 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1046 io[0],io[1],il,ir,t0,t1);
1048 /* post whitening but kw4 */
1049 io[2] ^= CamelliaSubkeyL(24);
1050 io[3] ^= CamelliaSubkeyR(24);
1052 t0 = io[0];
1053 t1 = io[1];
1054 io[0] = io[2];
1055 io[1] = io[3];
1056 io[2] = t0;
1057 io[3] = t1;
1059 PUTU32(output, io[0]);
1060 PUTU32(output+4, io[1]);
1061 PUTU32(output+8, io[2]);
1062 PUTU32(output+12, io[3]);
1064 return SECSuccess;
1065 }
1067 SECStatus
1068 camellia_decrypt128(const PRUint32 *subkey,
1069 unsigned char *output,
1070 const unsigned char *input)
1071 {
1072 PRUint32 il,ir,t0,t1; /* temporary valiables */
1073 PRUint32 io[4];
1074 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
1075 PRUint32 tmp;
1076 #endif
1078 io[0] = GETU32(input);
1079 io[1] = GETU32(input+4);
1080 io[2] = GETU32(input+8);
1081 io[3] = GETU32(input+12);
1083 /* pre whitening but absorb kw2*/
1084 io[0] ^= CamelliaSubkeyL(24);
1085 io[1] ^= CamelliaSubkeyR(24);
1087 /* main iteration */
1088 CAMELLIA_ROUNDSM(io[0],io[1],
1089 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1090 io[2],io[3],il,ir,t0,t1);
1091 CAMELLIA_ROUNDSM(io[2],io[3],
1092 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1093 io[0],io[1],il,ir,t0,t1);
1094 CAMELLIA_ROUNDSM(io[0],io[1],
1095 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1096 io[2],io[3],il,ir,t0,t1);
1097 CAMELLIA_ROUNDSM(io[2],io[3],
1098 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1099 io[0],io[1],il,ir,t0,t1);
1100 CAMELLIA_ROUNDSM(io[0],io[1],
1101 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1102 io[2],io[3],il,ir,t0,t1);
1103 CAMELLIA_ROUNDSM(io[2],io[3],
1104 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1105 io[0],io[1],il,ir,t0,t1);
1107 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1108 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1109 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1110 t0,t1,il,ir);
1112 CAMELLIA_ROUNDSM(io[0],io[1],
1113 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1114 io[2],io[3],il,ir,t0,t1);
1115 CAMELLIA_ROUNDSM(io[2],io[3],
1116 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1117 io[0],io[1],il,ir,t0,t1);
1118 CAMELLIA_ROUNDSM(io[0],io[1],
1119 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1120 io[2],io[3],il,ir,t0,t1);
1121 CAMELLIA_ROUNDSM(io[2],io[3],
1122 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1123 io[0],io[1],il,ir,t0,t1);
1124 CAMELLIA_ROUNDSM(io[0],io[1],
1125 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1126 io[2],io[3],il,ir,t0,t1);
1127 CAMELLIA_ROUNDSM(io[2],io[3],
1128 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1129 io[0],io[1],il,ir,t0,t1);
1131 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1132 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1133 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1134 t0,t1,il,ir);
1136 CAMELLIA_ROUNDSM(io[0],io[1],
1137 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1138 io[2],io[3],il,ir,t0,t1);
1139 CAMELLIA_ROUNDSM(io[2],io[3],
1140 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1141 io[0],io[1],il,ir,t0,t1);
1142 CAMELLIA_ROUNDSM(io[0],io[1],
1143 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1144 io[2],io[3],il,ir,t0,t1);
1145 CAMELLIA_ROUNDSM(io[2],io[3],
1146 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1147 io[0],io[1],il,ir,t0,t1);
1148 CAMELLIA_ROUNDSM(io[0],io[1],
1149 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1150 io[2],io[3],il,ir,t0,t1);
1151 CAMELLIA_ROUNDSM(io[2],io[3],
1152 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1153 io[0],io[1],il,ir,t0,t1);
1155 /* post whitening but kw4 */
1156 io[2] ^= CamelliaSubkeyL(0);
1157 io[3] ^= CamelliaSubkeyR(0);
1159 t0 = io[0];
1160 t1 = io[1];
1161 io[0] = io[2];
1162 io[1] = io[3];
1163 io[2] = t0;
1164 io[3] = t1;
1166 PUTU32(output, io[0]);
1167 PUTU32(output+4, io[1]);
1168 PUTU32(output+8, io[2]);
1169 PUTU32(output+12, io[3]);
1171 return SECSuccess;
1172 }
1174 /**
1175 * stuff for 192 and 256bit encryption/decryption
1176 */
1177 SECStatus
1178 camellia_encrypt256(const PRUint32 *subkey,
1179 unsigned char *output,
1180 const unsigned char *input)
1181 {
1182 PRUint32 il,ir,t0,t1; /* temporary valiables */
1183 PRUint32 io[4];
1184 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
1185 PRUint32 tmp;
1186 #endif
1188 io[0] = GETU32(input);
1189 io[1] = GETU32(input+4);
1190 io[2] = GETU32(input+8);
1191 io[3] = GETU32(input+12);
1193 /* pre whitening but absorb kw2*/
1194 io[0] ^= CamelliaSubkeyL(0);
1195 io[1] ^= CamelliaSubkeyR(0);
1197 /* main iteration */
1198 CAMELLIA_ROUNDSM(io[0],io[1],
1199 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1200 io[2],io[3],il,ir,t0,t1);
1201 CAMELLIA_ROUNDSM(io[2],io[3],
1202 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1203 io[0],io[1],il,ir,t0,t1);
1204 CAMELLIA_ROUNDSM(io[0],io[1],
1205 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1206 io[2],io[3],il,ir,t0,t1);
1207 CAMELLIA_ROUNDSM(io[2],io[3],
1208 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1209 io[0],io[1],il,ir,t0,t1);
1210 CAMELLIA_ROUNDSM(io[0],io[1],
1211 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1212 io[2],io[3],il,ir,t0,t1);
1213 CAMELLIA_ROUNDSM(io[2],io[3],
1214 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1215 io[0],io[1],il,ir,t0,t1);
1217 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1218 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1219 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1220 t0,t1,il,ir);
1222 CAMELLIA_ROUNDSM(io[0],io[1],
1223 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1224 io[2],io[3],il,ir,t0,t1);
1225 CAMELLIA_ROUNDSM(io[2],io[3],
1226 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1227 io[0],io[1],il,ir,t0,t1);
1228 CAMELLIA_ROUNDSM(io[0],io[1],
1229 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1230 io[2],io[3],il,ir,t0,t1);
1231 CAMELLIA_ROUNDSM(io[2],io[3],
1232 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1233 io[0],io[1],il,ir,t0,t1);
1234 CAMELLIA_ROUNDSM(io[0],io[1],
1235 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1236 io[2],io[3],il,ir,t0,t1);
1237 CAMELLIA_ROUNDSM(io[2],io[3],
1238 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1239 io[0],io[1],il,ir,t0,t1);
1241 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1242 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1243 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1244 t0,t1,il,ir);
1246 CAMELLIA_ROUNDSM(io[0],io[1],
1247 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1248 io[2],io[3],il,ir,t0,t1);
1249 CAMELLIA_ROUNDSM(io[2],io[3],
1250 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1251 io[0],io[1],il,ir,t0,t1);
1252 CAMELLIA_ROUNDSM(io[0],io[1],
1253 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1254 io[2],io[3],il,ir,t0,t1);
1255 CAMELLIA_ROUNDSM(io[2],io[3],
1256 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1257 io[0],io[1],il,ir,t0,t1);
1258 CAMELLIA_ROUNDSM(io[0],io[1],
1259 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1260 io[2],io[3],il,ir,t0,t1);
1261 CAMELLIA_ROUNDSM(io[2],io[3],
1262 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1263 io[0],io[1],il,ir,t0,t1);
1265 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1266 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1267 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1268 t0,t1,il,ir);
1270 CAMELLIA_ROUNDSM(io[0],io[1],
1271 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1272 io[2],io[3],il,ir,t0,t1);
1273 CAMELLIA_ROUNDSM(io[2],io[3],
1274 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1275 io[0],io[1],il,ir,t0,t1);
1276 CAMELLIA_ROUNDSM(io[0],io[1],
1277 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1278 io[2],io[3],il,ir,t0,t1);
1279 CAMELLIA_ROUNDSM(io[2],io[3],
1280 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1281 io[0],io[1],il,ir,t0,t1);
1282 CAMELLIA_ROUNDSM(io[0],io[1],
1283 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1284 io[2],io[3],il,ir,t0,t1);
1285 CAMELLIA_ROUNDSM(io[2],io[3],
1286 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1287 io[0],io[1],il,ir,t0,t1);
1289 /* post whitening but kw4 */
1290 io[2] ^= CamelliaSubkeyL(32);
1291 io[3] ^= CamelliaSubkeyR(32);
1293 t0 = io[0];
1294 t1 = io[1];
1295 io[0] = io[2];
1296 io[1] = io[3];
1297 io[2] = t0;
1298 io[3] = t1;
1300 PUTU32(output, io[0]);
1301 PUTU32(output+4, io[1]);
1302 PUTU32(output+8, io[2]);
1303 PUTU32(output+12, io[3]);
1305 return SECSuccess;
1306 }
1308 SECStatus
1309 camellia_decrypt256(const PRUint32 *subkey,
1310 unsigned char *output,
1311 const unsigned char *input)
1312 {
1313 PRUint32 il,ir,t0,t1; /* temporary valiables */
1314 PRUint32 io[4];
1315 #if defined(CAMELLIA_NEED_TMP_VARIABLE)
1316 PRUint32 tmp;
1317 #endif
1319 io[0] = GETU32(input);
1320 io[1] = GETU32(input+4);
1321 io[2] = GETU32(input+8);
1322 io[3] = GETU32(input+12);
1324 /* pre whitening but absorb kw2*/
1325 io[0] ^= CamelliaSubkeyL(32);
1326 io[1] ^= CamelliaSubkeyR(32);
1328 /* main iteration */
1329 CAMELLIA_ROUNDSM(io[0],io[1],
1330 CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1331 io[2],io[3],il,ir,t0,t1);
1332 CAMELLIA_ROUNDSM(io[2],io[3],
1333 CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1334 io[0],io[1],il,ir,t0,t1);
1335 CAMELLIA_ROUNDSM(io[0],io[1],
1336 CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1337 io[2],io[3],il,ir,t0,t1);
1338 CAMELLIA_ROUNDSM(io[2],io[3],
1339 CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1340 io[0],io[1],il,ir,t0,t1);
1341 CAMELLIA_ROUNDSM(io[0],io[1],
1342 CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1343 io[2],io[3],il,ir,t0,t1);
1344 CAMELLIA_ROUNDSM(io[2],io[3],
1345 CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1346 io[0],io[1],il,ir,t0,t1);
1348 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1349 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1350 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1351 t0,t1,il,ir);
1353 CAMELLIA_ROUNDSM(io[0],io[1],
1354 CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1355 io[2],io[3],il,ir,t0,t1);
1356 CAMELLIA_ROUNDSM(io[2],io[3],
1357 CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1358 io[0],io[1],il,ir,t0,t1);
1359 CAMELLIA_ROUNDSM(io[0],io[1],
1360 CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1361 io[2],io[3],il,ir,t0,t1);
1362 CAMELLIA_ROUNDSM(io[2],io[3],
1363 CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1364 io[0],io[1],il,ir,t0,t1);
1365 CAMELLIA_ROUNDSM(io[0],io[1],
1366 CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1367 io[2],io[3],il,ir,t0,t1);
1368 CAMELLIA_ROUNDSM(io[2],io[3],
1369 CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1370 io[0],io[1],il,ir,t0,t1);
1372 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1373 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1374 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1375 t0,t1,il,ir);
1377 CAMELLIA_ROUNDSM(io[0],io[1],
1378 CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1379 io[2],io[3],il,ir,t0,t1);
1380 CAMELLIA_ROUNDSM(io[2],io[3],
1381 CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1382 io[0],io[1],il,ir,t0,t1);
1383 CAMELLIA_ROUNDSM(io[0],io[1],
1384 CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1385 io[2],io[3],il,ir,t0,t1);
1386 CAMELLIA_ROUNDSM(io[2],io[3],
1387 CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1388 io[0],io[1],il,ir,t0,t1);
1389 CAMELLIA_ROUNDSM(io[0],io[1],
1390 CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1391 io[2],io[3],il,ir,t0,t1);
1392 CAMELLIA_ROUNDSM(io[2],io[3],
1393 CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1394 io[0],io[1],il,ir,t0,t1);
1396 CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1397 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1398 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1399 t0,t1,il,ir);
1401 CAMELLIA_ROUNDSM(io[0],io[1],
1402 CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1403 io[2],io[3],il,ir,t0,t1);
1404 CAMELLIA_ROUNDSM(io[2],io[3],
1405 CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1406 io[0],io[1],il,ir,t0,t1);
1407 CAMELLIA_ROUNDSM(io[0],io[1],
1408 CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1409 io[2],io[3],il,ir,t0,t1);
1410 CAMELLIA_ROUNDSM(io[2],io[3],
1411 CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1412 io[0],io[1],il,ir,t0,t1);
1413 CAMELLIA_ROUNDSM(io[0],io[1],
1414 CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1415 io[2],io[3],il,ir,t0,t1);
1416 CAMELLIA_ROUNDSM(io[2],io[3],
1417 CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1418 io[0],io[1],il,ir,t0,t1);
1420 /* post whitening but kw4 */
1421 io[2] ^= CamelliaSubkeyL(0);
1422 io[3] ^= CamelliaSubkeyR(0);
1424 t0 = io[0];
1425 t1 = io[1];
1426 io[0] = io[2];
1427 io[1] = io[3];
1428 io[2] = t0;
1429 io[3] = t1;
1431 PUTU32(output, io[0]);
1432 PUTU32(output+4, io[1]);
1433 PUTU32(output+8, io[2]);
1434 PUTU32(output+12, io[3]);
1436 return SECSuccess;
1437 }
1440 /**************************************************************************
1441 *
1442 * Stuff related to the Camellia key schedule
1443 *
1444 *************************************************************************/
1446 SECStatus
1447 camellia_key_expansion(CamelliaContext *cx,
1448 const unsigned char *key,
1449 const unsigned int keysize)
1450 {
1451 cx->keysize = keysize;
1453 switch(keysize) {
1454 case 16:
1455 camellia_setup128(key, cx->expandedKey);
1456 break;
1457 case 24:
1458 camellia_setup192(key, cx->expandedKey);
1459 break;
1460 case 32:
1461 camellia_setup256(key, cx->expandedKey);
1462 break;
1463 default:
1464 break;
1465 }
1466 return SECSuccess;
1467 }
1470 /**************************************************************************
1471 *
1472 * Camellia modes of operation (ECB and CBC)
1473 *
1474 *************************************************************************/
1476 SECStatus
1477 camellia_encryptECB(CamelliaContext *cx, unsigned char *output,
1478 unsigned int *outputLen, unsigned int maxOutputLen,
1479 const unsigned char *input, unsigned int inputLen)
1480 {
1481 CamelliaBlockFunc *encryptor;
1483 encryptor = (cx->keysize == 16)
1484 ? &camellia_encrypt128
1485 : &camellia_encrypt256;
1487 while (inputLen > 0) {
1488 (*encryptor)(cx->expandedKey, output, input);
1490 output += CAMELLIA_BLOCK_SIZE;
1491 input += CAMELLIA_BLOCK_SIZE;
1492 inputLen -= CAMELLIA_BLOCK_SIZE;
1493 }
1494 return SECSuccess;
1495 }
1497 SECStatus
1498 camellia_encryptCBC(CamelliaContext *cx, unsigned char *output,
1499 unsigned int *outputLen, unsigned int maxOutputLen,
1500 const unsigned char *input, unsigned int inputLen)
1501 {
1502 unsigned int j;
1503 unsigned char *lastblock;
1504 unsigned char inblock[CAMELLIA_BLOCK_SIZE];
1505 CamelliaBlockFunc *encryptor;
1507 if (!inputLen)
1508 return SECSuccess;
1509 lastblock = cx->iv;
1511 encryptor = (cx->keysize == 16)
1512 ? &camellia_encrypt128
1513 : &camellia_encrypt256;
1515 while (inputLen > 0) {
1516 /* XOR with the last block (IV if first block) */
1517 for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
1518 inblock[j] = input[j] ^ lastblock[j];
1519 /* encrypt */
1520 (*encryptor)(cx->expandedKey, output, inblock);
1522 /* move to the next block */
1523 lastblock = output;
1524 output += CAMELLIA_BLOCK_SIZE;
1525 input += CAMELLIA_BLOCK_SIZE;
1526 inputLen -= CAMELLIA_BLOCK_SIZE;
1527 }
1528 memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE);
1529 return SECSuccess;
1530 }
1532 SECStatus
1533 camellia_decryptECB(CamelliaContext *cx, unsigned char *output,
1534 unsigned int *outputLen, unsigned int maxOutputLen,
1535 const unsigned char *input, unsigned int inputLen)
1536 {
1537 CamelliaBlockFunc *decryptor;
1539 decryptor = (cx->keysize == 16)
1540 ? &camellia_decrypt128
1541 : &camellia_decrypt256;
1544 while (inputLen > 0) {
1546 (*decryptor)(cx->expandedKey, output, input);
1548 output += CAMELLIA_BLOCK_SIZE;
1549 input += CAMELLIA_BLOCK_SIZE;
1550 inputLen -= CAMELLIA_BLOCK_SIZE;
1551 }
1552 return SECSuccess;
1553 }
1555 SECStatus
1556 camellia_decryptCBC(CamelliaContext *cx, unsigned char *output,
1557 unsigned int *outputLen, unsigned int maxOutputLen,
1558 const unsigned char *input, unsigned int inputLen)
1559 {
1560 const unsigned char *in;
1561 unsigned char *out;
1562 unsigned int j;
1563 unsigned char newIV[CAMELLIA_BLOCK_SIZE];
1564 CamelliaBlockFunc *decryptor;
1568 if (!inputLen)
1569 return SECSuccess;
1571 PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
1573 in = input + (inputLen - CAMELLIA_BLOCK_SIZE);
1574 memcpy(newIV, in, CAMELLIA_BLOCK_SIZE);
1575 out = output + (inputLen - CAMELLIA_BLOCK_SIZE);
1577 decryptor = (cx->keysize == 16)
1578 ? &camellia_decrypt128
1579 : &camellia_decrypt256;
1581 while (inputLen > CAMELLIA_BLOCK_SIZE) {
1582 (*decryptor)(cx->expandedKey, out, in);
1584 for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
1585 out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)];
1587 out -= CAMELLIA_BLOCK_SIZE;
1588 in -= CAMELLIA_BLOCK_SIZE;
1589 inputLen -= CAMELLIA_BLOCK_SIZE;
1590 }
1591 if (in == input) {
1592 (*decryptor)(cx->expandedKey, out, in);
1594 for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
1595 out[j] ^= cx->iv[j];
1596 }
1597 memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE);
1598 return SECSuccess;
1599 }
1601 /**************************************************************************
1602 *
1603 * BLAPI Interface functions
1604 *
1605 *************************************************************************/
1607 CamelliaContext *
1608 Camellia_AllocateContext(void)
1609 {
1610 return PORT_ZNew(CamelliaContext);
1611 }
1613 SECStatus
1614 Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
1615 unsigned int keysize,
1616 const unsigned char *iv, int mode, unsigned int encrypt,
1617 unsigned int unused)
1618 {
1619 if (key == NULL ||
1620 (keysize != 16 && keysize != 24 && keysize != 32)) {
1621 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1622 return SECFailure;
1623 }
1624 if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
1625 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1626 return SECFailure;
1627 }
1628 if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
1629 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1630 return SECFailure;
1631 }
1632 if (!cx) {
1633 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1634 return SECFailure;
1635 }
1636 if (mode == NSS_CAMELLIA_CBC) {
1637 memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
1638 cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
1639 } else {
1640 cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
1641 }
1643 /* Generate expanded key */
1644 if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
1645 goto cleanup;
1647 return SECSuccess;
1648 cleanup:
1649 return SECFailure;
1650 }
1652 /*
1653 * Camellia_CreateContext
1654 * create a new context for Camellia operations
1655 */
1658 CamelliaContext *
1659 Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
1660 int mode, int encrypt,
1661 unsigned int keysize)
1662 {
1663 CamelliaContext *cx;
1665 if (key == NULL ||
1666 (keysize != 16 && keysize != 24 && keysize != 32)) {
1667 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1668 return NULL;
1669 }
1670 if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
1671 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1672 return NULL;
1673 }
1674 if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
1675 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1676 return NULL;
1677 }
1678 cx = PORT_ZNew(CamelliaContext);
1679 if (!cx) {
1680 PORT_SetError(SEC_ERROR_NO_MEMORY);
1681 return NULL;
1682 }
1684 /* copy in the iv, if neccessary */
1685 if (mode == NSS_CAMELLIA_CBC) {
1686 memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
1687 cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
1688 } else {
1689 cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
1690 }
1691 /* copy keysize */
1692 cx->keysize = keysize;
1694 /* Generate expanded key */
1695 if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
1696 goto cleanup;
1698 return cx;
1699 cleanup:
1700 PORT_ZFree(cx, sizeof *cx);
1701 return NULL;
1702 }
1704 /*
1705 * Camellia_DestroyContext
1706 *
1707 * Zero an Camellia cipher context. If freeit is true, also free the pointer
1708 * to the context.
1709 */
1710 void
1711 Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
1712 {
1713 if (cx)
1714 memset(cx, 0, sizeof *cx);
1715 if (freeit)
1716 PORT_Free(cx);
1717 }
1719 /*
1720 * Camellia_Encrypt
1721 *
1722 * Encrypt an arbitrary-length buffer. The output buffer must already be
1723 * allocated to at least inputLen.
1724 */
1725 SECStatus
1726 Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
1727 unsigned int *outputLen, unsigned int maxOutputLen,
1728 const unsigned char *input, unsigned int inputLen)
1729 {
1731 /* Check args */
1732 if (cx == NULL || output == NULL || input == NULL ||
1733 outputLen == NULL) {
1734 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1735 return SECFailure;
1736 }
1738 if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
1739 PORT_SetError(SEC_ERROR_INPUT_LEN);
1740 return SECFailure;
1741 }
1742 if (maxOutputLen < inputLen) {
1743 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1744 return SECFailure;
1745 }
1746 *outputLen = inputLen;
1748 return (*cx->worker)(cx, output, outputLen, maxOutputLen,
1749 input, inputLen);
1750 }
1752 /*
1753 * Camellia_Decrypt
1754 *
1755 * Decrypt and arbitrary-length buffer. The output buffer must already be
1756 * allocated to at least inputLen.
1757 */
1758 SECStatus
1759 Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
1760 unsigned int *outputLen, unsigned int maxOutputLen,
1761 const unsigned char *input, unsigned int inputLen)
1762 {
1764 /* Check args */
1765 if (cx == NULL || output == NULL || input == NULL
1766 || outputLen == NULL) {
1767 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1768 return SECFailure;
1769 }
1770 if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
1771 PORT_SetError(SEC_ERROR_INPUT_LEN);
1772 return SECFailure;
1773 }
1774 if (maxOutputLen < inputLen) {
1775 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1776 return SECFailure;
1777 }
1778 *outputLen = inputLen;
1780 return (*cx->worker)(cx, output, outputLen, maxOutputLen,
1781 input, inputLen);
1782 }
