Pull bugzilla-9627 into release branch
[linux-2.6] / crypto / camellia.c
1 /*
2  * Copyright (C) 2006
3  * NTT (Nippon Telegraph and Telephone Corporation).
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
18  */
19
20 /*
21  * Algorithm Specification
22  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
23  */
24
25 /*
26  *
27  * NOTE --- NOTE --- NOTE --- NOTE
28  * This implementation assumes that all memory addresses passed
29  * as parameters are four-byte aligned.
30  *
31  */
32
33 #include <linux/crypto.h>
34 #include <linux/errno.h>
35 #include <linux/init.h>
36 #include <linux/kernel.h>
37 #include <linux/module.h>
38
39
40 #define CAMELLIA_MIN_KEY_SIZE        16
41 #define CAMELLIA_MAX_KEY_SIZE        32
42 #define CAMELLIA_BLOCK_SIZE 16
43 #define CAMELLIA_TABLE_BYTE_LEN 272
44 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
45
46 typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
47
48
49 /* key constants */
50
51 #define CAMELLIA_SIGMA1L (0xA09E667FL)
52 #define CAMELLIA_SIGMA1R (0x3BCC908BL)
53 #define CAMELLIA_SIGMA2L (0xB67AE858L)
54 #define CAMELLIA_SIGMA2R (0x4CAA73B2L)
55 #define CAMELLIA_SIGMA3L (0xC6EF372FL)
56 #define CAMELLIA_SIGMA3R (0xE94F82BEL)
57 #define CAMELLIA_SIGMA4L (0x54FF53A5L)
58 #define CAMELLIA_SIGMA4R (0xF1D36F1CL)
59 #define CAMELLIA_SIGMA5L (0x10E527FAL)
60 #define CAMELLIA_SIGMA5R (0xDE682D1DL)
61 #define CAMELLIA_SIGMA6L (0xB05688C2L)
62 #define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
63
64 struct camellia_ctx {
65         int key_length;
66         KEY_TABLE_TYPE key_table;
67 };
68
69
70 /*
71  *  macros
72  */
73
74
75 # define GETU32(pt) (((u32)(pt)[0] << 24)       \
76                      ^ ((u32)(pt)[1] << 16)     \
77                      ^ ((u32)(pt)[2] <<  8)     \
78                      ^ ((u32)(pt)[3]))
79
80 #define COPY4WORD(dst, src)                     \
81     do {                                        \
82         (dst)[0]=(src)[0];                      \
83         (dst)[1]=(src)[1];                      \
84         (dst)[2]=(src)[2];                      \
85         (dst)[3]=(src)[3];                      \
86     }while(0)
87
88 #define SWAP4WORD(word)                         \
89     do {                                        \
90         CAMELLIA_SWAP4((word)[0]);              \
91         CAMELLIA_SWAP4((word)[1]);              \
92         CAMELLIA_SWAP4((word)[2]);              \
93         CAMELLIA_SWAP4((word)[3]);              \
94     }while(0)
95
96 #define XOR4WORD(a, b)/* a = a ^ b */           \
97     do {                                        \
98         (a)[0]^=(b)[0];                         \
99         (a)[1]^=(b)[1];                         \
100         (a)[2]^=(b)[2];                         \
101         (a)[3]^=(b)[3];                         \
102     }while(0)
103
104 #define XOR4WORD2(a, b, c)/* a = b ^ c */       \
105     do {                                        \
106         (a)[0]=(b)[0]^(c)[0];                   \
107         (a)[1]=(b)[1]^(c)[1];                   \
108         (a)[2]=(b)[2]^(c)[2];                   \
109         (a)[3]=(b)[3]^(c)[3];                   \
110     }while(0)
111
112 #define CAMELLIA_SUBKEY_L(INDEX) (subkey[(INDEX)*2])
113 #define CAMELLIA_SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
114
115 /* rotation right shift 1byte */
116 #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
117 /* rotation left shift 1bit */
118 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
119 /* rotation left shift 1byte */
120 #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
121
122 #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
123     do {                                                \
124         w0 = ll;                                        \
125         ll = (ll << bits) + (lr >> (32 - bits));        \
126         lr = (lr << bits) + (rl >> (32 - bits));        \
127         rl = (rl << bits) + (rr >> (32 - bits));        \
128         rr = (rr << bits) + (w0 >> (32 - bits));        \
129     } while(0)
130
131 #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
132     do {                                                \
133         w0 = ll;                                        \
134         w1 = lr;                                        \
135         ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
136         lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
137         rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
138         rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
139     } while(0)
140
141 #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
142 #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
143 #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
144 #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
145
146 #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)      \
147     do {                                                        \
148         il = xl ^ kl;                                           \
149         ir = xr ^ kr;                                           \
150         t0 = il >> 16;                                          \
151         t1 = ir >> 16;                                          \
152         yl = CAMELLIA_SP1110(ir & 0xff)                         \
153             ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                 \
154             ^ CAMELLIA_SP3033(t1 & 0xff)                        \
155             ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                \
156         yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                  \
157             ^ CAMELLIA_SP0222(t0 & 0xff)                        \
158             ^ CAMELLIA_SP3033((il >> 8) & 0xff)                 \
159             ^ CAMELLIA_SP4404(il & 0xff);                       \
160         yl ^= yr;                                               \
161         yr = CAMELLIA_RR8(yr);                                  \
162         yr ^= yl;                                               \
163     } while(0)
164
165
166 /*
167  * for speed up
168  *
169  */
170 #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
171     do {                                                                \
172         t0 = kll;                                                       \
173         t2 = krr;                                                       \
174         t0 &= ll;                                                       \
175         t2 |= rr;                                                       \
176         rl ^= t2;                                                       \
177         lr ^= CAMELLIA_RL1(t0);                                         \
178         t3 = krl;                                                       \
179         t1 = klr;                                                       \
180         t3 &= rl;                                                       \
181         t1 |= lr;                                                       \
182         ll ^= t1;                                                       \
183         rr ^= CAMELLIA_RL1(t3);                                         \
184     } while(0)
185
186 #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
187     do {                                                                \
188         ir =  CAMELLIA_SP1110(xr & 0xff);                               \
189         il =  CAMELLIA_SP1110((xl>>24) & 0xff);                         \
190         ir ^= CAMELLIA_SP0222((xr>>24) & 0xff);                         \
191         il ^= CAMELLIA_SP0222((xl>>16) & 0xff);                         \
192         ir ^= CAMELLIA_SP3033((xr>>16) & 0xff);                         \
193         il ^= CAMELLIA_SP3033((xl>>8) & 0xff);                          \
194         ir ^= CAMELLIA_SP4404((xr>>8) & 0xff);                          \
195         il ^= CAMELLIA_SP4404(xl & 0xff);                               \
196         il ^= kl;                                                       \
197         ir ^= il ^ kr;                                                  \
198         yl ^= ir;                                                       \
199         yr ^= CAMELLIA_RR8(il) ^ ir;                                    \
200     } while(0)
201
202 /**
203  * Stuff related to the Camellia key schedule
204  */
205 #define SUBL(x) subL[(x)]
206 #define SUBR(x) subR[(x)]
207
208
209 static const u32 camellia_sp1110[256] = {
210         0x70707000,0x82828200,0x2c2c2c00,0xececec00,
211         0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
212         0xe4e4e400,0x85858500,0x57575700,0x35353500,
213         0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
214         0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
215         0x45454500,0x19191900,0xa5a5a500,0x21212100,
216         0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
217         0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
218         0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
219         0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
220         0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
221         0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
222         0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
223         0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
224         0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
225         0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
226         0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
227         0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
228         0x74747400,0x12121200,0x2b2b2b00,0x20202000,
229         0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
230         0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
231         0x34343400,0x7e7e7e00,0x76767600,0x05050500,
232         0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
233         0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
234         0x14141400,0x58585800,0x3a3a3a00,0x61616100,
235         0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
236         0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
237         0x53535300,0x18181800,0xf2f2f200,0x22222200,
238         0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
239         0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
240         0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
241         0x60606000,0xfcfcfc00,0x69696900,0x50505000,
242         0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
243         0xa1a1a100,0x89898900,0x62626200,0x97979700,
244         0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
245         0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
246         0x10101000,0xc4c4c400,0x00000000,0x48484800,
247         0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
248         0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
249         0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
250         0x87878700,0x5c5c5c00,0x83838300,0x02020200,
251         0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
252         0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
253         0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
254         0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
255         0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
256         0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
257         0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
258         0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
259         0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
260         0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
261         0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
262         0x78787800,0x98989800,0x06060600,0x6a6a6a00,
263         0xe7e7e700,0x46464600,0x71717100,0xbababa00,
264         0xd4d4d400,0x25252500,0xababab00,0x42424200,
265         0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
266         0x72727200,0x07070700,0xb9b9b900,0x55555500,
267         0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
268         0x36363600,0x49494900,0x2a2a2a00,0x68686800,
269         0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
270         0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
271         0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
272         0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
273         0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
274 };
275
276 static const u32 camellia_sp0222[256] = {
277         0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
278         0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
279         0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
280         0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
281         0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
282         0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
283         0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
284         0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
285         0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
286         0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
287         0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
288         0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
289         0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
290         0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
291         0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
292         0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
293         0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
294         0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
295         0x00e8e8e8,0x00242424,0x00565656,0x00404040,
296         0x00e1e1e1,0x00636363,0x00090909,0x00333333,
297         0x00bfbfbf,0x00989898,0x00979797,0x00858585,
298         0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
299         0x00dadada,0x006f6f6f,0x00535353,0x00626262,
300         0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
301         0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
302         0x00bdbdbd,0x00363636,0x00222222,0x00383838,
303         0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
304         0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
305         0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
306         0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
307         0x00484848,0x00101010,0x00d1d1d1,0x00515151,
308         0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
309         0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
310         0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
311         0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
312         0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
313         0x00202020,0x00898989,0x00000000,0x00909090,
314         0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
315         0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
316         0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
317         0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
318         0x009b9b9b,0x00949494,0x00212121,0x00666666,
319         0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
320         0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
321         0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
322         0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
323         0x00030303,0x002d2d2d,0x00dedede,0x00969696,
324         0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
325         0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
326         0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
327         0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
328         0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
329         0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
330         0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
331         0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
332         0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
333         0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
334         0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
335         0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
336         0x00787878,0x00707070,0x00e3e3e3,0x00494949,
337         0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
338         0x00777777,0x00939393,0x00868686,0x00838383,
339         0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
340         0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
341 };
342
343 static const u32 camellia_sp3033[256] = {
344         0x38003838,0x41004141,0x16001616,0x76007676,
345         0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
346         0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
347         0x75007575,0x06000606,0x57005757,0xa000a0a0,
348         0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
349         0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
350         0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
351         0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
352         0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
353         0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
354         0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
355         0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
356         0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
357         0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
358         0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
359         0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
360         0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
361         0xfd00fdfd,0x66006666,0x58005858,0x96009696,
362         0x3a003a3a,0x09000909,0x95009595,0x10001010,
363         0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
364         0xef00efef,0x26002626,0xe500e5e5,0x61006161,
365         0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
366         0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
367         0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
368         0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
369         0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
370         0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
371         0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
372         0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
373         0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
374         0x12001212,0x04000404,0x74007474,0x54005454,
375         0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
376         0x55005555,0x68006868,0x50005050,0xbe00bebe,
377         0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
378         0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
379         0x70007070,0xff00ffff,0x32003232,0x69006969,
380         0x08000808,0x62006262,0x00000000,0x24002424,
381         0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
382         0x45004545,0x81008181,0x73007373,0x6d006d6d,
383         0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
384         0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
385         0xe600e6e6,0x25002525,0x48004848,0x99009999,
386         0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
387         0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
388         0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
389         0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
390         0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
391         0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
392         0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
393         0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
394         0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
395         0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
396         0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
397         0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
398         0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
399         0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
400         0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
401         0x7c007c7c,0x77007777,0x56005656,0x05000505,
402         0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
403         0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
404         0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
405         0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
406         0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
407         0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
408 };
409
410 static const u32 camellia_sp4404[256] = {
411         0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
412         0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
413         0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
414         0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
415         0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
416         0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
417         0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
418         0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
419         0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
420         0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
421         0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
422         0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
423         0x14140014,0x3a3a003a,0xdede00de,0x11110011,
424         0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
425         0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
426         0x24240024,0xe8e800e8,0x60600060,0x69690069,
427         0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
428         0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
429         0x10100010,0x00000000,0xa3a300a3,0x75750075,
430         0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
431         0x87870087,0x83830083,0xcdcd00cd,0x90900090,
432         0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
433         0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
434         0x81810081,0x6f6f006f,0x13130013,0x63630063,
435         0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
436         0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
437         0x78780078,0x06060006,0xe7e700e7,0x71710071,
438         0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
439         0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
440         0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
441         0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
442         0x15150015,0xadad00ad,0x77770077,0x80800080,
443         0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
444         0x85850085,0x35350035,0x0c0c000c,0x41410041,
445         0xefef00ef,0x93930093,0x19190019,0x21210021,
446         0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
447         0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
448         0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
449         0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
450         0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
451         0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
452         0x12120012,0x20200020,0xb1b100b1,0x99990099,
453         0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
454         0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
455         0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
456         0x0f0f000f,0x16160016,0x18180018,0x22220022,
457         0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
458         0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
459         0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
460         0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
461         0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
462         0x03030003,0xdada00da,0x3f3f003f,0x94940094,
463         0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
464         0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
465         0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
466         0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
467         0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
468         0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
469         0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
470         0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
471         0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
472         0x49490049,0x68680068,0x38380038,0xa4a400a4,
473         0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
474         0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
475 };
476
477
478
479 static void camellia_setup128(const unsigned char *key, u32 *subkey)
480 {
481         u32 kll, klr, krl, krr;
482         u32 il, ir, t0, t1, w0, w1;
483         u32 kw4l, kw4r, dw, tl, tr;
484         u32 subL[26];
485         u32 subR[26];
486
487         /**
488          *  k == kll || klr || krl || krr (|| is concatination)
489          */
490         kll = GETU32(key     );
491         klr = GETU32(key +  4);
492         krl = GETU32(key +  8);
493         krr = GETU32(key + 12);
494         /**
495          * generate KL dependent subkeys
496          */
497         /* kw1 */
498         SUBL(0) = kll; SUBR(0) = klr;
499         /* kw2 */
500         SUBL(1) = krl; SUBR(1) = krr;
501         /* rotation left shift 15bit */
502         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
503         /* k3 */
504         SUBL(4) = kll; SUBR(4) = klr;
505         /* k4 */
506         SUBL(5) = krl; SUBR(5) = krr;
507         /* rotation left shift 15+30bit */
508         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
509         /* k7 */
510         SUBL(10) = kll; SUBR(10) = klr;
511         /* k8 */
512         SUBL(11) = krl; SUBR(11) = krr;
513         /* rotation left shift 15+30+15bit */
514         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
515         /* k10 */
516         SUBL(13) = krl; SUBR(13) = krr;
517         /* rotation left shift 15+30+15+17 bit */
518         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
519         /* kl3 */
520         SUBL(16) = kll; SUBR(16) = klr;
521         /* kl4 */
522         SUBL(17) = krl; SUBR(17) = krr;
523         /* rotation left shift 15+30+15+17+17 bit */
524         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
525         /* k13 */
526         SUBL(18) = kll; SUBR(18) = klr;
527         /* k14 */
528         SUBL(19) = krl; SUBR(19) = krr;
529         /* rotation left shift 15+30+15+17+17+17 bit */
530         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
531         /* k17 */
532         SUBL(22) = kll; SUBR(22) = klr;
533         /* k18 */
534         SUBL(23) = krl; SUBR(23) = krr;
535
536         /* generate KA */
537         kll = SUBL(0); klr = SUBR(0);
538         krl = SUBL(1); krr = SUBR(1);
539         CAMELLIA_F(kll, klr,
540                    CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
541                    w0, w1, il, ir, t0, t1);
542         krl ^= w0; krr ^= w1;
543         CAMELLIA_F(krl, krr,
544                    CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
545                    kll, klr, il, ir, t0, t1);
546         /* current status == (kll, klr, w0, w1) */
547         CAMELLIA_F(kll, klr,
548                    CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
549                    krl, krr, il, ir, t0, t1);
550         krl ^= w0; krr ^= w1;
551         CAMELLIA_F(krl, krr,
552                    CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
553                    w0, w1, il, ir, t0, t1);
554         kll ^= w0; klr ^= w1;
555
556         /* generate KA dependent subkeys */
557         /* k1, k2 */
558         SUBL(2) = kll; SUBR(2) = klr;
559         SUBL(3) = krl; SUBR(3) = krr;
560         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
561         /* k5,k6 */
562         SUBL(6) = kll; SUBR(6) = klr;
563         SUBL(7) = krl; SUBR(7) = krr;
564         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
565         /* kl1, kl2 */
566         SUBL(8) = kll; SUBR(8) = klr;
567         SUBL(9) = krl; SUBR(9) = krr;
568         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
569         /* k9 */
570         SUBL(12) = kll; SUBR(12) = klr;
571         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
572         /* k11, k12 */
573         SUBL(14) = kll; SUBR(14) = klr;
574         SUBL(15) = krl; SUBR(15) = krr;
575         CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
576         /* k15, k16 */
577         SUBL(20) = kll; SUBR(20) = klr;
578         SUBL(21) = krl; SUBR(21) = krr;
579         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
580         /* kw3, kw4 */
581         SUBL(24) = kll; SUBR(24) = klr;
582         SUBL(25) = krl; SUBR(25) = krr;
583
584
585         /* absorb kw2 to other subkeys */
586         /* round 2 */
587         SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
588         /* round 4 */
589         SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
590         /* round 6 */
591         SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
592         SUBL(1) ^= SUBR(1) & ~SUBR(9);
593         dw = SUBL(1) & SUBL(9),
594                 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
595         /* round 8 */
596         SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
597         /* round 10 */
598         SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
599         /* round 12 */
600         SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
601         SUBL(1) ^= SUBR(1) & ~SUBR(17);
602         dw = SUBL(1) & SUBL(17),
603                 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
604         /* round 14 */
605         SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
606         /* round 16 */
607         SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
608         /* round 18 */
609         SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
610         /* kw3 */
611         SUBL(24) ^= SUBL(1); SUBR(24) ^= SUBR(1);
612
613         /* absorb kw4 to other subkeys */
614         kw4l = SUBL(25); kw4r = SUBR(25);
615         /* round 17 */
616         SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
617         /* round 15 */
618         SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
619         /* round 13 */
620         SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
621         kw4l ^= kw4r & ~SUBR(16);
622         dw = kw4l & SUBL(16),
623                 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
624         /* round 11 */
625         SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
626         /* round 9 */
627         SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
628         /* round 7 */
629         SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
630         kw4l ^= kw4r & ~SUBR(8);
631         dw = kw4l & SUBL(8),
632                 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
633         /* round 5 */
634         SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
635         /* round 3 */
636         SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
637         /* round 1 */
638         SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
639         /* kw1 */
640         SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
641
642
643         /* key XOR is end of F-function */
644         CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
645         CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
646         CAMELLIA_SUBKEY_L(2) = SUBL(3);       /* round 1 */
647         CAMELLIA_SUBKEY_R(2) = SUBR(3);
648         CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
649         CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
650         CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
651         CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
652         CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
653         CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
654         CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
655         CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
656         tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
657         dw = tl & SUBL(8),  /* FL(kl1) */
658                 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
659         CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
660         CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
661         CAMELLIA_SUBKEY_L(8) = SUBL(8);       /* FL(kl1) */
662         CAMELLIA_SUBKEY_R(8) = SUBR(8);
663         CAMELLIA_SUBKEY_L(9) = SUBL(9);       /* FLinv(kl2) */
664         CAMELLIA_SUBKEY_R(9) = SUBR(9);
665         tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
666         dw = tl & SUBL(9),  /* FLinv(kl2) */
667                 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
668         CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
669         CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
670         CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
671         CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
672         CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
673         CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
674         CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
675         CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
676         CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
677         CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
678         tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
679         dw = tl & SUBL(16), /* FL(kl3) */
680                 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
681         CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
682         CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
683         CAMELLIA_SUBKEY_L(16) = SUBL(16);     /* FL(kl3) */
684         CAMELLIA_SUBKEY_R(16) = SUBR(16);
685         CAMELLIA_SUBKEY_L(17) = SUBL(17);     /* FLinv(kl4) */
686         CAMELLIA_SUBKEY_R(17) = SUBR(17);
687         tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
688         dw = tl & SUBL(17), /* FLinv(kl4) */
689                 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
690         CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
691         CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
692         CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
693         CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
694         CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
695         CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
696         CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
697         CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
698         CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
699         CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
700         CAMELLIA_SUBKEY_L(23) = SUBL(22);     /* round 18 */
701         CAMELLIA_SUBKEY_R(23) = SUBR(22);
702         CAMELLIA_SUBKEY_L(24) = SUBL(24) ^ SUBL(23); /* kw3 */
703         CAMELLIA_SUBKEY_R(24) = SUBR(24) ^ SUBR(23);
704
705         /* apply the inverse of the last half of P-function */
706         dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
707                 dw = CAMELLIA_RL8(dw);/* round 1 */
708         CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
709                 CAMELLIA_SUBKEY_L(2) = dw;
710         dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
711                 dw = CAMELLIA_RL8(dw);/* round 2 */
712         CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
713                 CAMELLIA_SUBKEY_L(3) = dw;
714         dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
715                 dw = CAMELLIA_RL8(dw);/* round 3 */
716         CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
717                 CAMELLIA_SUBKEY_L(4) = dw;
718         dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
719                 dw = CAMELLIA_RL8(dw);/* round 4 */
720         CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
721                 CAMELLIA_SUBKEY_L(5) = dw;
722         dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
723                 dw = CAMELLIA_RL8(dw);/* round 5 */
724         CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
725                 CAMELLIA_SUBKEY_L(6) = dw;
726         dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
727                 dw = CAMELLIA_RL8(dw);/* round 6 */
728         CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
729                 CAMELLIA_SUBKEY_L(7) = dw;
730         dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
731                 dw = CAMELLIA_RL8(dw);/* round 7 */
732         CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
733                 CAMELLIA_SUBKEY_L(10) = dw;
734         dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
735                 dw = CAMELLIA_RL8(dw);/* round 8 */
736         CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
737                 CAMELLIA_SUBKEY_L(11) = dw;
738         dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
739                 dw = CAMELLIA_RL8(dw);/* round 9 */
740         CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
741                 CAMELLIA_SUBKEY_L(12) = dw;
742         dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
743                 dw = CAMELLIA_RL8(dw);/* round 10 */
744         CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
745                 CAMELLIA_SUBKEY_L(13) = dw;
746         dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
747                 dw = CAMELLIA_RL8(dw);/* round 11 */
748         CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
749                 CAMELLIA_SUBKEY_L(14) = dw;
750         dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
751                 dw = CAMELLIA_RL8(dw);/* round 12 */
752         CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
753                 CAMELLIA_SUBKEY_L(15) = dw;
754         dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
755                 dw = CAMELLIA_RL8(dw);/* round 13 */
756         CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
757                 CAMELLIA_SUBKEY_L(18) = dw;
758         dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
759                 dw = CAMELLIA_RL8(dw);/* round 14 */
760         CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
761                 CAMELLIA_SUBKEY_L(19) = dw;
762         dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
763                 dw = CAMELLIA_RL8(dw);/* round 15 */
764         CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
765                 CAMELLIA_SUBKEY_L(20) = dw;
766         dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
767                 dw = CAMELLIA_RL8(dw);/* round 16 */
768         CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
769                 CAMELLIA_SUBKEY_L(21) = dw;
770         dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
771                 dw = CAMELLIA_RL8(dw);/* round 17 */
772         CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
773                 CAMELLIA_SUBKEY_L(22) = dw;
774         dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
775                 dw = CAMELLIA_RL8(dw);/* round 18 */
776         CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
777                 CAMELLIA_SUBKEY_L(23) = dw;
778
779         return;
780 }
781
782
783 static void camellia_setup256(const unsigned char *key, u32 *subkey)
784 {
785         u32 kll,klr,krl,krr;           /* left half of key */
786         u32 krll,krlr,krrl,krrr;       /* right half of key */
787         u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
788         u32 kw4l, kw4r, dw, tl, tr;
789         u32 subL[34];
790         u32 subR[34];
791
792         /**
793          *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
794          *  (|| is concatination)
795          */
796
797         kll  = GETU32(key     );
798         klr  = GETU32(key +  4);
799         krl  = GETU32(key +  8);
800         krr  = GETU32(key + 12);
801         krll = GETU32(key + 16);
802         krlr = GETU32(key + 20);
803         krrl = GETU32(key + 24);
804         krrr = GETU32(key + 28);
805
806         /* generate KL dependent subkeys */
807         /* kw1 */
808         SUBL(0) = kll; SUBR(0) = klr;
809         /* kw2 */
810         SUBL(1) = krl; SUBR(1) = krr;
811         CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
812         /* k9 */
813         SUBL(12) = kll; SUBR(12) = klr;
814         /* k10 */
815         SUBL(13) = krl; SUBR(13) = krr;
816         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
817         /* kl3 */
818         SUBL(16) = kll; SUBR(16) = klr;
819         /* kl4 */
820         SUBL(17) = krl; SUBR(17) = krr;
821         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
822         /* k17 */
823         SUBL(22) = kll; SUBR(22) = klr;
824         /* k18 */
825         SUBL(23) = krl; SUBR(23) = krr;
826         CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
827         /* k23 */
828         SUBL(30) = kll; SUBR(30) = klr;
829         /* k24 */
830         SUBL(31) = krl; SUBR(31) = krr;
831
832         /* generate KR dependent subkeys */
833         CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
834         /* k3 */
835         SUBL(4) = krll; SUBR(4) = krlr;
836         /* k4 */
837         SUBL(5) = krrl; SUBR(5) = krrr;
838         CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
839         /* kl1 */
840         SUBL(8) = krll; SUBR(8) = krlr;
841         /* kl2 */
842         SUBL(9) = krrl; SUBR(9) = krrr;
843         CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844         /* k13 */
845         SUBL(18) = krll; SUBR(18) = krlr;
846         /* k14 */
847         SUBL(19) = krrl; SUBR(19) = krrr;
848         CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
849         /* k19 */
850         SUBL(26) = krll; SUBR(26) = krlr;
851         /* k20 */
852         SUBL(27) = krrl; SUBR(27) = krrr;
853         CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
854
855         /* generate KA */
856         kll = SUBL(0) ^ krll; klr = SUBR(0) ^ krlr;
857         krl = SUBL(1) ^ krrl; krr = SUBR(1) ^ krrr;
858         CAMELLIA_F(kll, klr,
859                    CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
860                    w0, w1, il, ir, t0, t1);
861         krl ^= w0; krr ^= w1;
862         CAMELLIA_F(krl, krr,
863                    CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
864                    kll, klr, il, ir, t0, t1);
865         kll ^= krll; klr ^= krlr;
866         CAMELLIA_F(kll, klr,
867                    CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
868                    krl, krr, il, ir, t0, t1);
869         krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
870         CAMELLIA_F(krl, krr,
871                    CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
872                    w0, w1, il, ir, t0, t1);
873         kll ^= w0; klr ^= w1;
874
875         /* generate KB */
876         krll ^= kll; krlr ^= klr;
877         krrl ^= krl; krrr ^= krr;
878         CAMELLIA_F(krll, krlr,
879                    CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
880                    w0, w1, il, ir, t0, t1);
881         krrl ^= w0; krrr ^= w1;
882         CAMELLIA_F(krrl, krrr,
883                    CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
884                    w0, w1, il, ir, t0, t1);
885         krll ^= w0; krlr ^= w1;
886
887         /* generate KA dependent subkeys */
888         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
889         /* k5 */
890         SUBL(6) = kll; SUBR(6) = klr;
891         /* k6 */
892         SUBL(7) = krl; SUBR(7) = krr;
893         CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
894         /* k11 */
895         SUBL(14) = kll; SUBR(14) = klr;
896         /* k12 */
897         SUBL(15) = krl; SUBR(15) = krr;
898         /* rotation left shift 32bit */
899         /* kl5 */
900         SUBL(24) = klr; SUBR(24) = krl;
901         /* kl6 */
902         SUBL(25) = krr; SUBR(25) = kll;
903         /* rotation left shift 49 from k11,k12 -> k21,k22 */
904         CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
905         /* k21 */
906         SUBL(28) = kll; SUBR(28) = klr;
907         /* k22 */
908         SUBL(29) = krl; SUBR(29) = krr;
909
910         /* generate KB dependent subkeys */
911         /* k1 */
912         SUBL(2) = krll; SUBR(2) = krlr;
913         /* k2 */
914         SUBL(3) = krrl; SUBR(3) = krrr;
915         CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
916         /* k7 */
917         SUBL(10) = krll; SUBR(10) = krlr;
918         /* k8 */
919         SUBL(11) = krrl; SUBR(11) = krrr;
920         CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
921         /* k15 */
922         SUBL(20) = krll; SUBR(20) = krlr;
923         /* k16 */
924         SUBL(21) = krrl; SUBR(21) = krrr;
925         CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
926         /* kw3 */
927         SUBL(32) = krll; SUBR(32) = krlr;
928         /* kw4 */
929         SUBL(33) = krrl; SUBR(33) = krrr;
930
931         /* absorb kw2 to other subkeys */
932         /* round 2 */
933         SUBL(3) ^= SUBL(1); SUBR(3) ^= SUBR(1);
934         /* round 4 */
935         SUBL(5) ^= SUBL(1); SUBR(5) ^= SUBR(1);
936         /* round 6 */
937         SUBL(7) ^= SUBL(1); SUBR(7) ^= SUBR(1);
938         SUBL(1) ^= SUBR(1) & ~SUBR(9);
939         dw = SUBL(1) & SUBL(9),
940                 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
941         /* round 8 */
942         SUBL(11) ^= SUBL(1); SUBR(11) ^= SUBR(1);
943         /* round 10 */
944         SUBL(13) ^= SUBL(1); SUBR(13) ^= SUBR(1);
945         /* round 12 */
946         SUBL(15) ^= SUBL(1); SUBR(15) ^= SUBR(1);
947         SUBL(1) ^= SUBR(1) & ~SUBR(17);
948         dw = SUBL(1) & SUBL(17),
949                 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
950         /* round 14 */
951         SUBL(19) ^= SUBL(1); SUBR(19) ^= SUBR(1);
952         /* round 16 */
953         SUBL(21) ^= SUBL(1); SUBR(21) ^= SUBR(1);
954         /* round 18 */
955         SUBL(23) ^= SUBL(1); SUBR(23) ^= SUBR(1);
956         SUBL(1) ^= SUBR(1) & ~SUBR(25);
957         dw = SUBL(1) & SUBL(25),
958                 SUBR(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
959         /* round 20 */
960         SUBL(27) ^= SUBL(1); SUBR(27) ^= SUBR(1);
961         /* round 22 */
962         SUBL(29) ^= SUBL(1); SUBR(29) ^= SUBR(1);
963         /* round 24 */
964         SUBL(31) ^= SUBL(1); SUBR(31) ^= SUBR(1);
965         /* kw3 */
966         SUBL(32) ^= SUBL(1); SUBR(32) ^= SUBR(1);
967
968
969         /* absorb kw4 to other subkeys */
970         kw4l = SUBL(33); kw4r = SUBR(33);
971         /* round 23 */
972         SUBL(30) ^= kw4l; SUBR(30) ^= kw4r;
973         /* round 21 */
974         SUBL(28) ^= kw4l; SUBR(28) ^= kw4r;
975         /* round 19 */
976         SUBL(26) ^= kw4l; SUBR(26) ^= kw4r;
977         kw4l ^= kw4r & ~SUBR(24);
978         dw = kw4l & SUBL(24),
979                 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
980         /* round 17 */
981         SUBL(22) ^= kw4l; SUBR(22) ^= kw4r;
982         /* round 15 */
983         SUBL(20) ^= kw4l; SUBR(20) ^= kw4r;
984         /* round 13 */
985         SUBL(18) ^= kw4l; SUBR(18) ^= kw4r;
986         kw4l ^= kw4r & ~SUBR(16);
987         dw = kw4l & SUBL(16),
988                 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
989         /* round 11 */
990         SUBL(14) ^= kw4l; SUBR(14) ^= kw4r;
991         /* round 9 */
992         SUBL(12) ^= kw4l; SUBR(12) ^= kw4r;
993         /* round 7 */
994         SUBL(10) ^= kw4l; SUBR(10) ^= kw4r;
995         kw4l ^= kw4r & ~SUBR(8);
996         dw = kw4l & SUBL(8),
997                 kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
998         /* round 5 */
999         SUBL(6) ^= kw4l; SUBR(6) ^= kw4r;
1000         /* round 3 */
1001         SUBL(4) ^= kw4l; SUBR(4) ^= kw4r;
1002         /* round 1 */
1003         SUBL(2) ^= kw4l; SUBR(2) ^= kw4r;
1004         /* kw1 */
1005         SUBL(0) ^= kw4l; SUBR(0) ^= kw4r;
1006
1007         /* key XOR is end of F-function */
1008         CAMELLIA_SUBKEY_L(0) = SUBL(0) ^ SUBL(2);/* kw1 */
1009         CAMELLIA_SUBKEY_R(0) = SUBR(0) ^ SUBR(2);
1010         CAMELLIA_SUBKEY_L(2) = SUBL(3);       /* round 1 */
1011         CAMELLIA_SUBKEY_R(2) = SUBR(3);
1012         CAMELLIA_SUBKEY_L(3) = SUBL(2) ^ SUBL(4); /* round 2 */
1013         CAMELLIA_SUBKEY_R(3) = SUBR(2) ^ SUBR(4);
1014         CAMELLIA_SUBKEY_L(4) = SUBL(3) ^ SUBL(5); /* round 3 */
1015         CAMELLIA_SUBKEY_R(4) = SUBR(3) ^ SUBR(5);
1016         CAMELLIA_SUBKEY_L(5) = SUBL(4) ^ SUBL(6); /* round 4 */
1017         CAMELLIA_SUBKEY_R(5) = SUBR(4) ^ SUBR(6);
1018         CAMELLIA_SUBKEY_L(6) = SUBL(5) ^ SUBL(7); /* round 5 */
1019         CAMELLIA_SUBKEY_R(6) = SUBR(5) ^ SUBR(7);
1020         tl = SUBL(10) ^ (SUBR(10) & ~SUBR(8));
1021         dw = tl & SUBL(8),  /* FL(kl1) */
1022                 tr = SUBR(10) ^ CAMELLIA_RL1(dw);
1023         CAMELLIA_SUBKEY_L(7) = SUBL(6) ^ tl; /* round 6 */
1024         CAMELLIA_SUBKEY_R(7) = SUBR(6) ^ tr;
1025         CAMELLIA_SUBKEY_L(8) = SUBL(8);       /* FL(kl1) */
1026         CAMELLIA_SUBKEY_R(8) = SUBR(8);
1027         CAMELLIA_SUBKEY_L(9) = SUBL(9);       /* FLinv(kl2) */
1028         CAMELLIA_SUBKEY_R(9) = SUBR(9);
1029         tl = SUBL(7) ^ (SUBR(7) & ~SUBR(9));
1030         dw = tl & SUBL(9),  /* FLinv(kl2) */
1031                 tr = SUBR(7) ^ CAMELLIA_RL1(dw);
1032         CAMELLIA_SUBKEY_L(10) = tl ^ SUBL(11); /* round 7 */
1033         CAMELLIA_SUBKEY_R(10) = tr ^ SUBR(11);
1034         CAMELLIA_SUBKEY_L(11) = SUBL(10) ^ SUBL(12); /* round 8 */
1035         CAMELLIA_SUBKEY_R(11) = SUBR(10) ^ SUBR(12);
1036         CAMELLIA_SUBKEY_L(12) = SUBL(11) ^ SUBL(13); /* round 9 */
1037         CAMELLIA_SUBKEY_R(12) = SUBR(11) ^ SUBR(13);
1038         CAMELLIA_SUBKEY_L(13) = SUBL(12) ^ SUBL(14); /* round 10 */
1039         CAMELLIA_SUBKEY_R(13) = SUBR(12) ^ SUBR(14);
1040         CAMELLIA_SUBKEY_L(14) = SUBL(13) ^ SUBL(15); /* round 11 */
1041         CAMELLIA_SUBKEY_R(14) = SUBR(13) ^ SUBR(15);
1042         tl = SUBL(18) ^ (SUBR(18) & ~SUBR(16));
1043         dw = tl & SUBL(16), /* FL(kl3) */
1044                 tr = SUBR(18) ^ CAMELLIA_RL1(dw);
1045         CAMELLIA_SUBKEY_L(15) = SUBL(14) ^ tl; /* round 12 */
1046         CAMELLIA_SUBKEY_R(15) = SUBR(14) ^ tr;
1047         CAMELLIA_SUBKEY_L(16) = SUBL(16);     /* FL(kl3) */
1048         CAMELLIA_SUBKEY_R(16) = SUBR(16);
1049         CAMELLIA_SUBKEY_L(17) = SUBL(17);     /* FLinv(kl4) */
1050         CAMELLIA_SUBKEY_R(17) = SUBR(17);
1051         tl = SUBL(15) ^ (SUBR(15) & ~SUBR(17));
1052         dw = tl & SUBL(17), /* FLinv(kl4) */
1053                 tr = SUBR(15) ^ CAMELLIA_RL1(dw);
1054         CAMELLIA_SUBKEY_L(18) = tl ^ SUBL(19); /* round 13 */
1055         CAMELLIA_SUBKEY_R(18) = tr ^ SUBR(19);
1056         CAMELLIA_SUBKEY_L(19) = SUBL(18) ^ SUBL(20); /* round 14 */
1057         CAMELLIA_SUBKEY_R(19) = SUBR(18) ^ SUBR(20);
1058         CAMELLIA_SUBKEY_L(20) = SUBL(19) ^ SUBL(21); /* round 15 */
1059         CAMELLIA_SUBKEY_R(20) = SUBR(19) ^ SUBR(21);
1060         CAMELLIA_SUBKEY_L(21) = SUBL(20) ^ SUBL(22); /* round 16 */
1061         CAMELLIA_SUBKEY_R(21) = SUBR(20) ^ SUBR(22);
1062         CAMELLIA_SUBKEY_L(22) = SUBL(21) ^ SUBL(23); /* round 17 */
1063         CAMELLIA_SUBKEY_R(22) = SUBR(21) ^ SUBR(23);
1064         tl = SUBL(26) ^ (SUBR(26)
1065                          & ~SUBR(24));
1066         dw = tl & SUBL(24), /* FL(kl5) */
1067                 tr = SUBR(26) ^ CAMELLIA_RL1(dw);
1068         CAMELLIA_SUBKEY_L(23) = SUBL(22) ^ tl; /* round 18 */
1069         CAMELLIA_SUBKEY_R(23) = SUBR(22) ^ tr;
1070         CAMELLIA_SUBKEY_L(24) = SUBL(24);     /* FL(kl5) */
1071         CAMELLIA_SUBKEY_R(24) = SUBR(24);
1072         CAMELLIA_SUBKEY_L(25) = SUBL(25);     /* FLinv(kl6) */
1073         CAMELLIA_SUBKEY_R(25) = SUBR(25);
1074         tl = SUBL(23) ^ (SUBR(23) &
1075                          ~SUBR(25));
1076         dw = tl & SUBL(25), /* FLinv(kl6) */
1077                 tr = SUBR(23) ^ CAMELLIA_RL1(dw);
1078         CAMELLIA_SUBKEY_L(26) = tl ^ SUBL(27); /* round 19 */
1079         CAMELLIA_SUBKEY_R(26) = tr ^ SUBR(27);
1080         CAMELLIA_SUBKEY_L(27) = SUBL(26) ^ SUBL(28); /* round 20 */
1081         CAMELLIA_SUBKEY_R(27) = SUBR(26) ^ SUBR(28);
1082         CAMELLIA_SUBKEY_L(28) = SUBL(27) ^ SUBL(29); /* round 21 */
1083         CAMELLIA_SUBKEY_R(28) = SUBR(27) ^ SUBR(29);
1084         CAMELLIA_SUBKEY_L(29) = SUBL(28) ^ SUBL(30); /* round 22 */
1085         CAMELLIA_SUBKEY_R(29) = SUBR(28) ^ SUBR(30);
1086         CAMELLIA_SUBKEY_L(30) = SUBL(29) ^ SUBL(31); /* round 23 */
1087         CAMELLIA_SUBKEY_R(30) = SUBR(29) ^ SUBR(31);
1088         CAMELLIA_SUBKEY_L(31) = SUBL(30);     /* round 24 */
1089         CAMELLIA_SUBKEY_R(31) = SUBR(30);
1090         CAMELLIA_SUBKEY_L(32) = SUBL(32) ^ SUBL(31); /* kw3 */
1091         CAMELLIA_SUBKEY_R(32) = SUBR(32) ^ SUBR(31);
1092
1093         /* apply the inverse of the last half of P-function */
1094         dw = CAMELLIA_SUBKEY_L(2) ^ CAMELLIA_SUBKEY_R(2),
1095                 dw = CAMELLIA_RL8(dw);/* round 1 */
1096         CAMELLIA_SUBKEY_R(2) = CAMELLIA_SUBKEY_L(2) ^ dw,
1097                 CAMELLIA_SUBKEY_L(2) = dw;
1098         dw = CAMELLIA_SUBKEY_L(3) ^ CAMELLIA_SUBKEY_R(3),
1099                 dw = CAMELLIA_RL8(dw);/* round 2 */
1100         CAMELLIA_SUBKEY_R(3) = CAMELLIA_SUBKEY_L(3) ^ dw,
1101                 CAMELLIA_SUBKEY_L(3) = dw;
1102         dw = CAMELLIA_SUBKEY_L(4) ^ CAMELLIA_SUBKEY_R(4),
1103                 dw = CAMELLIA_RL8(dw);/* round 3 */
1104         CAMELLIA_SUBKEY_R(4) = CAMELLIA_SUBKEY_L(4) ^ dw,
1105                 CAMELLIA_SUBKEY_L(4) = dw;
1106         dw = CAMELLIA_SUBKEY_L(5) ^ CAMELLIA_SUBKEY_R(5),
1107                 dw = CAMELLIA_RL8(dw);/* round 4 */
1108         CAMELLIA_SUBKEY_R(5) = CAMELLIA_SUBKEY_L(5) ^ dw,
1109         CAMELLIA_SUBKEY_L(5) = dw;
1110         dw = CAMELLIA_SUBKEY_L(6) ^ CAMELLIA_SUBKEY_R(6),
1111                 dw = CAMELLIA_RL8(dw);/* round 5 */
1112         CAMELLIA_SUBKEY_R(6) = CAMELLIA_SUBKEY_L(6) ^ dw,
1113                 CAMELLIA_SUBKEY_L(6) = dw;
1114         dw = CAMELLIA_SUBKEY_L(7) ^ CAMELLIA_SUBKEY_R(7),
1115                 dw = CAMELLIA_RL8(dw);/* round 6 */
1116         CAMELLIA_SUBKEY_R(7) = CAMELLIA_SUBKEY_L(7) ^ dw,
1117                 CAMELLIA_SUBKEY_L(7) = dw;
1118         dw = CAMELLIA_SUBKEY_L(10) ^ CAMELLIA_SUBKEY_R(10),
1119                 dw = CAMELLIA_RL8(dw);/* round 7 */
1120         CAMELLIA_SUBKEY_R(10) = CAMELLIA_SUBKEY_L(10) ^ dw,
1121                 CAMELLIA_SUBKEY_L(10) = dw;
1122         dw = CAMELLIA_SUBKEY_L(11) ^ CAMELLIA_SUBKEY_R(11),
1123             dw = CAMELLIA_RL8(dw);/* round 8 */
1124         CAMELLIA_SUBKEY_R(11) = CAMELLIA_SUBKEY_L(11) ^ dw,
1125                 CAMELLIA_SUBKEY_L(11) = dw;
1126         dw = CAMELLIA_SUBKEY_L(12) ^ CAMELLIA_SUBKEY_R(12),
1127                 dw = CAMELLIA_RL8(dw);/* round 9 */
1128         CAMELLIA_SUBKEY_R(12) = CAMELLIA_SUBKEY_L(12) ^ dw,
1129                 CAMELLIA_SUBKEY_L(12) = dw;
1130         dw = CAMELLIA_SUBKEY_L(13) ^ CAMELLIA_SUBKEY_R(13),
1131                 dw = CAMELLIA_RL8(dw);/* round 10 */
1132         CAMELLIA_SUBKEY_R(13) = CAMELLIA_SUBKEY_L(13) ^ dw,
1133                 CAMELLIA_SUBKEY_L(13) = dw;
1134         dw = CAMELLIA_SUBKEY_L(14) ^ CAMELLIA_SUBKEY_R(14),
1135                 dw = CAMELLIA_RL8(dw);/* round 11 */
1136         CAMELLIA_SUBKEY_R(14) = CAMELLIA_SUBKEY_L(14) ^ dw,
1137                 CAMELLIA_SUBKEY_L(14) = dw;
1138         dw = CAMELLIA_SUBKEY_L(15) ^ CAMELLIA_SUBKEY_R(15),
1139                 dw = CAMELLIA_RL8(dw);/* round 12 */
1140         CAMELLIA_SUBKEY_R(15) = CAMELLIA_SUBKEY_L(15) ^ dw,
1141                 CAMELLIA_SUBKEY_L(15) = dw;
1142         dw = CAMELLIA_SUBKEY_L(18) ^ CAMELLIA_SUBKEY_R(18),
1143                 dw = CAMELLIA_RL8(dw);/* round 13 */
1144         CAMELLIA_SUBKEY_R(18) = CAMELLIA_SUBKEY_L(18) ^ dw,
1145                 CAMELLIA_SUBKEY_L(18) = dw;
1146         dw = CAMELLIA_SUBKEY_L(19) ^ CAMELLIA_SUBKEY_R(19),
1147                 dw = CAMELLIA_RL8(dw);/* round 14 */
1148         CAMELLIA_SUBKEY_R(19) = CAMELLIA_SUBKEY_L(19) ^ dw,
1149                 CAMELLIA_SUBKEY_L(19) = dw;
1150         dw = CAMELLIA_SUBKEY_L(20) ^ CAMELLIA_SUBKEY_R(20),
1151                 dw = CAMELLIA_RL8(dw);/* round 15 */
1152         CAMELLIA_SUBKEY_R(20) = CAMELLIA_SUBKEY_L(20) ^ dw,
1153                 CAMELLIA_SUBKEY_L(20) = dw;
1154         dw = CAMELLIA_SUBKEY_L(21) ^ CAMELLIA_SUBKEY_R(21),
1155                 dw = CAMELLIA_RL8(dw);/* round 16 */
1156         CAMELLIA_SUBKEY_R(21) = CAMELLIA_SUBKEY_L(21) ^ dw,
1157                 CAMELLIA_SUBKEY_L(21) = dw;
1158         dw = CAMELLIA_SUBKEY_L(22) ^ CAMELLIA_SUBKEY_R(22),
1159                 dw = CAMELLIA_RL8(dw);/* round 17 */
1160         CAMELLIA_SUBKEY_R(22) = CAMELLIA_SUBKEY_L(22) ^ dw,
1161                 CAMELLIA_SUBKEY_L(22) = dw;
1162         dw = CAMELLIA_SUBKEY_L(23) ^ CAMELLIA_SUBKEY_R(23),
1163                 dw = CAMELLIA_RL8(dw);/* round 18 */
1164         CAMELLIA_SUBKEY_R(23) = CAMELLIA_SUBKEY_L(23) ^ dw,
1165                 CAMELLIA_SUBKEY_L(23) = dw;
1166         dw = CAMELLIA_SUBKEY_L(26) ^ CAMELLIA_SUBKEY_R(26),
1167                 dw = CAMELLIA_RL8(dw);/* round 19 */
1168         CAMELLIA_SUBKEY_R(26) = CAMELLIA_SUBKEY_L(26) ^ dw,
1169                 CAMELLIA_SUBKEY_L(26) = dw;
1170         dw = CAMELLIA_SUBKEY_L(27) ^ CAMELLIA_SUBKEY_R(27),
1171                 dw = CAMELLIA_RL8(dw);/* round 20 */
1172         CAMELLIA_SUBKEY_R(27) = CAMELLIA_SUBKEY_L(27) ^ dw,
1173                 CAMELLIA_SUBKEY_L(27) = dw;
1174         dw = CAMELLIA_SUBKEY_L(28) ^ CAMELLIA_SUBKEY_R(28),
1175                 dw = CAMELLIA_RL8(dw);/* round 21 */
1176         CAMELLIA_SUBKEY_R(28) = CAMELLIA_SUBKEY_L(28) ^ dw,
1177                 CAMELLIA_SUBKEY_L(28) = dw;
1178         dw = CAMELLIA_SUBKEY_L(29) ^ CAMELLIA_SUBKEY_R(29),
1179                 dw = CAMELLIA_RL8(dw);/* round 22 */
1180         CAMELLIA_SUBKEY_R(29) = CAMELLIA_SUBKEY_L(29) ^ dw,
1181                 CAMELLIA_SUBKEY_L(29) = dw;
1182         dw = CAMELLIA_SUBKEY_L(30) ^ CAMELLIA_SUBKEY_R(30),
1183                 dw = CAMELLIA_RL8(dw);/* round 23 */
1184         CAMELLIA_SUBKEY_R(30) = CAMELLIA_SUBKEY_L(30) ^ dw,
1185                 CAMELLIA_SUBKEY_L(30) = dw;
1186         dw = CAMELLIA_SUBKEY_L(31) ^ CAMELLIA_SUBKEY_R(31),
1187                 dw = CAMELLIA_RL8(dw);/* round 24 */
1188         CAMELLIA_SUBKEY_R(31) = CAMELLIA_SUBKEY_L(31) ^ dw,
1189                 CAMELLIA_SUBKEY_L(31) = dw;
1190
1191         return;
1192 }
1193
1194 static void camellia_setup192(const unsigned char *key, u32 *subkey)
1195 {
1196         unsigned char kk[32];
1197         u32 krll, krlr, krrl,krrr;
1198
1199         memcpy(kk, key, 24);
1200         memcpy((unsigned char *)&krll, key+16,4);
1201         memcpy((unsigned char *)&krlr, key+20,4);
1202         krrl = ~krll;
1203         krrr = ~krlr;
1204         memcpy(kk+24, (unsigned char *)&krrl, 4);
1205         memcpy(kk+28, (unsigned char *)&krrr, 4);
1206         camellia_setup256(kk, subkey);
1207         return;
1208 }
1209
1210
1211 /**
1212  * Stuff related to camellia encryption/decryption
1213  */
1214 static void camellia_encrypt128(const u32 *subkey, __be32 *io_text)
1215 {
1216         u32 il,ir,t0,t1;               /* temporary valiables */
1217
1218         u32 io[4];
1219
1220         io[0] = be32_to_cpu(io_text[0]);
1221         io[1] = be32_to_cpu(io_text[1]);
1222         io[2] = be32_to_cpu(io_text[2]);
1223         io[3] = be32_to_cpu(io_text[3]);
1224
1225         /* pre whitening but absorb kw2*/
1226         io[0] ^= CAMELLIA_SUBKEY_L(0);
1227         io[1] ^= CAMELLIA_SUBKEY_R(0);
1228         /* main iteration */
1229
1230         CAMELLIA_ROUNDSM(io[0],io[1],
1231                          CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1232                          io[2],io[3],il,ir,t0,t1);
1233         CAMELLIA_ROUNDSM(io[2],io[3],
1234                          CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1235                          io[0],io[1],il,ir,t0,t1);
1236         CAMELLIA_ROUNDSM(io[0],io[1],
1237                          CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1238                          io[2],io[3],il,ir,t0,t1);
1239         CAMELLIA_ROUNDSM(io[2],io[3],
1240                          CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1241                          io[0],io[1],il,ir,t0,t1);
1242         CAMELLIA_ROUNDSM(io[0],io[1],
1243                          CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1244                          io[2],io[3],il,ir,t0,t1);
1245         CAMELLIA_ROUNDSM(io[2],io[3],
1246                          CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1247                          io[0],io[1],il,ir,t0,t1);
1248
1249         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1250                      CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1251                      CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1252                      t0,t1,il,ir);
1253
1254         CAMELLIA_ROUNDSM(io[0],io[1],
1255                          CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1256                          io[2],io[3],il,ir,t0,t1);
1257         CAMELLIA_ROUNDSM(io[2],io[3],
1258                          CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1259                          io[0],io[1],il,ir,t0,t1);
1260         CAMELLIA_ROUNDSM(io[0],io[1],
1261                          CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1262                          io[2],io[3],il,ir,t0,t1);
1263         CAMELLIA_ROUNDSM(io[2],io[3],
1264                          CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1265                          io[0],io[1],il,ir,t0,t1);
1266         CAMELLIA_ROUNDSM(io[0],io[1],
1267                          CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1268                          io[2],io[3],il,ir,t0,t1);
1269         CAMELLIA_ROUNDSM(io[2],io[3],
1270                          CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1271                          io[0],io[1],il,ir,t0,t1);
1272
1273         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1274                      CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1275                      CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1276                      t0,t1,il,ir);
1277
1278         CAMELLIA_ROUNDSM(io[0],io[1],
1279                          CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1280                          io[2],io[3],il,ir,t0,t1);
1281         CAMELLIA_ROUNDSM(io[2],io[3],
1282                          CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1283                          io[0],io[1],il,ir,t0,t1);
1284         CAMELLIA_ROUNDSM(io[0],io[1],
1285                          CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1286                          io[2],io[3],il,ir,t0,t1);
1287         CAMELLIA_ROUNDSM(io[2],io[3],
1288                          CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1289                          io[0],io[1],il,ir,t0,t1);
1290         CAMELLIA_ROUNDSM(io[0],io[1],
1291                          CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1292                          io[2],io[3],il,ir,t0,t1);
1293         CAMELLIA_ROUNDSM(io[2],io[3],
1294                          CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1295                          io[0],io[1],il,ir,t0,t1);
1296
1297         /* post whitening but kw4 */
1298         io[2] ^= CAMELLIA_SUBKEY_L(24);
1299         io[3] ^= CAMELLIA_SUBKEY_R(24);
1300
1301         t0 = io[0];
1302         t1 = io[1];
1303         io[0] = io[2];
1304         io[1] = io[3];
1305         io[2] = t0;
1306         io[3] = t1;
1307
1308         io_text[0] = cpu_to_be32(io[0]);
1309         io_text[1] = cpu_to_be32(io[1]);
1310         io_text[2] = cpu_to_be32(io[2]);
1311         io_text[3] = cpu_to_be32(io[3]);
1312
1313         return;
1314 }
1315
1316 static void camellia_decrypt128(const u32 *subkey, __be32 *io_text)
1317 {
1318         u32 il,ir,t0,t1;               /* temporary valiables */
1319
1320         u32 io[4];
1321
1322         io[0] = be32_to_cpu(io_text[0]);
1323         io[1] = be32_to_cpu(io_text[1]);
1324         io[2] = be32_to_cpu(io_text[2]);
1325         io[3] = be32_to_cpu(io_text[3]);
1326
1327         /* pre whitening but absorb kw2*/
1328         io[0] ^= CAMELLIA_SUBKEY_L(24);
1329         io[1] ^= CAMELLIA_SUBKEY_R(24);
1330
1331         /* main iteration */
1332         CAMELLIA_ROUNDSM(io[0],io[1],
1333                          CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1334                          io[2],io[3],il,ir,t0,t1);
1335         CAMELLIA_ROUNDSM(io[2],io[3],
1336                          CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1337                          io[0],io[1],il,ir,t0,t1);
1338         CAMELLIA_ROUNDSM(io[0],io[1],
1339                          CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1340                          io[2],io[3],il,ir,t0,t1);
1341         CAMELLIA_ROUNDSM(io[2],io[3],
1342                          CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1343                          io[0],io[1],il,ir,t0,t1);
1344         CAMELLIA_ROUNDSM(io[0],io[1],
1345                          CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1346                          io[2],io[3],il,ir,t0,t1);
1347         CAMELLIA_ROUNDSM(io[2],io[3],
1348                          CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1349                          io[0],io[1],il,ir,t0,t1);
1350
1351         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1352                      CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1353                      CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1354                      t0,t1,il,ir);
1355
1356         CAMELLIA_ROUNDSM(io[0],io[1],
1357                          CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1358                          io[2],io[3],il,ir,t0,t1);
1359         CAMELLIA_ROUNDSM(io[2],io[3],
1360                          CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1361                          io[0],io[1],il,ir,t0,t1);
1362         CAMELLIA_ROUNDSM(io[0],io[1],
1363                          CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1364                          io[2],io[3],il,ir,t0,t1);
1365         CAMELLIA_ROUNDSM(io[2],io[3],
1366                          CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1367                          io[0],io[1],il,ir,t0,t1);
1368         CAMELLIA_ROUNDSM(io[0],io[1],
1369                          CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1370                          io[2],io[3],il,ir,t0,t1);
1371         CAMELLIA_ROUNDSM(io[2],io[3],
1372                          CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1373                          io[0],io[1],il,ir,t0,t1);
1374
1375         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1376                      CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1377                      CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1378                      t0,t1,il,ir);
1379
1380         CAMELLIA_ROUNDSM(io[0],io[1],
1381                          CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1382                          io[2],io[3],il,ir,t0,t1);
1383         CAMELLIA_ROUNDSM(io[2],io[3],
1384                          CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1385                          io[0],io[1],il,ir,t0,t1);
1386         CAMELLIA_ROUNDSM(io[0],io[1],
1387                          CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1388                          io[2],io[3],il,ir,t0,t1);
1389         CAMELLIA_ROUNDSM(io[2],io[3],
1390                          CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1391                          io[0],io[1],il,ir,t0,t1);
1392         CAMELLIA_ROUNDSM(io[0],io[1],
1393                          CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1394                          io[2],io[3],il,ir,t0,t1);
1395         CAMELLIA_ROUNDSM(io[2],io[3],
1396                          CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1397                          io[0],io[1],il,ir,t0,t1);
1398
1399         /* post whitening but kw4 */
1400         io[2] ^= CAMELLIA_SUBKEY_L(0);
1401         io[3] ^= CAMELLIA_SUBKEY_R(0);
1402
1403         t0 = io[0];
1404         t1 = io[1];
1405         io[0] = io[2];
1406         io[1] = io[3];
1407         io[2] = t0;
1408         io[3] = t1;
1409
1410         io_text[0] = cpu_to_be32(io[0]);
1411         io_text[1] = cpu_to_be32(io[1]);
1412         io_text[2] = cpu_to_be32(io[2]);
1413         io_text[3] = cpu_to_be32(io[3]);
1414
1415         return;
1416 }
1417
1418
1419 /**
1420  * stuff for 192 and 256bit encryption/decryption
1421  */
1422 static void camellia_encrypt256(const u32 *subkey, __be32 *io_text)
1423 {
1424         u32 il,ir,t0,t1;           /* temporary valiables */
1425
1426         u32 io[4];
1427
1428         io[0] = be32_to_cpu(io_text[0]);
1429         io[1] = be32_to_cpu(io_text[1]);
1430         io[2] = be32_to_cpu(io_text[2]);
1431         io[3] = be32_to_cpu(io_text[3]);
1432
1433         /* pre whitening but absorb kw2*/
1434         io[0] ^= CAMELLIA_SUBKEY_L(0);
1435         io[1] ^= CAMELLIA_SUBKEY_R(0);
1436
1437         /* main iteration */
1438         CAMELLIA_ROUNDSM(io[0],io[1],
1439                          CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1440                          io[2],io[3],il,ir,t0,t1);
1441         CAMELLIA_ROUNDSM(io[2],io[3],
1442                          CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1443                          io[0],io[1],il,ir,t0,t1);
1444         CAMELLIA_ROUNDSM(io[0],io[1],
1445                          CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1446                          io[2],io[3],il,ir,t0,t1);
1447         CAMELLIA_ROUNDSM(io[2],io[3],
1448                          CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1449                          io[0],io[1],il,ir,t0,t1);
1450         CAMELLIA_ROUNDSM(io[0],io[1],
1451                          CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1452                          io[2],io[3],il,ir,t0,t1);
1453         CAMELLIA_ROUNDSM(io[2],io[3],
1454                          CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1455                          io[0],io[1],il,ir,t0,t1);
1456
1457         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1458                      CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1459                      CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1460                      t0,t1,il,ir);
1461
1462         CAMELLIA_ROUNDSM(io[0],io[1],
1463                          CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1464                          io[2],io[3],il,ir,t0,t1);
1465         CAMELLIA_ROUNDSM(io[2],io[3],
1466                          CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1467                          io[0],io[1],il,ir,t0,t1);
1468         CAMELLIA_ROUNDSM(io[0],io[1],
1469                          CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1470                          io[2],io[3],il,ir,t0,t1);
1471         CAMELLIA_ROUNDSM(io[2],io[3],
1472                          CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1473                          io[0],io[1],il,ir,t0,t1);
1474         CAMELLIA_ROUNDSM(io[0],io[1],
1475                          CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1476                          io[2],io[3],il,ir,t0,t1);
1477         CAMELLIA_ROUNDSM(io[2],io[3],
1478                          CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1479                          io[0],io[1],il,ir,t0,t1);
1480
1481         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1482                      CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1483                      CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1484                      t0,t1,il,ir);
1485
1486         CAMELLIA_ROUNDSM(io[0],io[1],
1487                          CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1488                          io[2],io[3],il,ir,t0,t1);
1489         CAMELLIA_ROUNDSM(io[2],io[3],
1490                          CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1491                          io[0],io[1],il,ir,t0,t1);
1492         CAMELLIA_ROUNDSM(io[0],io[1],
1493                          CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1494                          io[2],io[3],il,ir,t0,t1);
1495         CAMELLIA_ROUNDSM(io[2],io[3],
1496                          CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1497                          io[0],io[1],il,ir,t0,t1);
1498         CAMELLIA_ROUNDSM(io[0],io[1],
1499                          CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1500                          io[2],io[3],il,ir,t0,t1);
1501         CAMELLIA_ROUNDSM(io[2],io[3],
1502                          CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1503                          io[0],io[1],il,ir,t0,t1);
1504
1505         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1506                      CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1507                      CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1508                      t0,t1,il,ir);
1509
1510         CAMELLIA_ROUNDSM(io[0],io[1],
1511                          CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1512                          io[2],io[3],il,ir,t0,t1);
1513         CAMELLIA_ROUNDSM(io[2],io[3],
1514                          CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1515                          io[0],io[1],il,ir,t0,t1);
1516         CAMELLIA_ROUNDSM(io[0],io[1],
1517                          CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1518                          io[2],io[3],il,ir,t0,t1);
1519         CAMELLIA_ROUNDSM(io[2],io[3],
1520                          CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1521                          io[0],io[1],il,ir,t0,t1);
1522         CAMELLIA_ROUNDSM(io[0],io[1],
1523                          CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1524                          io[2],io[3],il,ir,t0,t1);
1525         CAMELLIA_ROUNDSM(io[2],io[3],
1526                          CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1527                          io[0],io[1],il,ir,t0,t1);
1528
1529         /* post whitening but kw4 */
1530         io[2] ^= CAMELLIA_SUBKEY_L(32);
1531         io[3] ^= CAMELLIA_SUBKEY_R(32);
1532
1533         t0 = io[0];
1534         t1 = io[1];
1535         io[0] = io[2];
1536         io[1] = io[3];
1537         io[2] = t0;
1538         io[3] = t1;
1539
1540         io_text[0] = cpu_to_be32(io[0]);
1541         io_text[1] = cpu_to_be32(io[1]);
1542         io_text[2] = cpu_to_be32(io[2]);
1543         io_text[3] = cpu_to_be32(io[3]);
1544
1545         return;
1546 }
1547
1548
1549 static void camellia_decrypt256(const u32 *subkey, __be32 *io_text)
1550 {
1551         u32 il,ir,t0,t1;           /* temporary valiables */
1552
1553         u32 io[4];
1554
1555         io[0] = be32_to_cpu(io_text[0]);
1556         io[1] = be32_to_cpu(io_text[1]);
1557         io[2] = be32_to_cpu(io_text[2]);
1558         io[3] = be32_to_cpu(io_text[3]);
1559
1560         /* pre whitening but absorb kw2*/
1561         io[0] ^= CAMELLIA_SUBKEY_L(32);
1562         io[1] ^= CAMELLIA_SUBKEY_R(32);
1563
1564         /* main iteration */
1565         CAMELLIA_ROUNDSM(io[0],io[1],
1566                          CAMELLIA_SUBKEY_L(31),CAMELLIA_SUBKEY_R(31),
1567                          io[2],io[3],il,ir,t0,t1);
1568         CAMELLIA_ROUNDSM(io[2],io[3],
1569                          CAMELLIA_SUBKEY_L(30),CAMELLIA_SUBKEY_R(30),
1570                          io[0],io[1],il,ir,t0,t1);
1571         CAMELLIA_ROUNDSM(io[0],io[1],
1572                          CAMELLIA_SUBKEY_L(29),CAMELLIA_SUBKEY_R(29),
1573                          io[2],io[3],il,ir,t0,t1);
1574         CAMELLIA_ROUNDSM(io[2],io[3],
1575                          CAMELLIA_SUBKEY_L(28),CAMELLIA_SUBKEY_R(28),
1576                          io[0],io[1],il,ir,t0,t1);
1577         CAMELLIA_ROUNDSM(io[0],io[1],
1578                          CAMELLIA_SUBKEY_L(27),CAMELLIA_SUBKEY_R(27),
1579                          io[2],io[3],il,ir,t0,t1);
1580         CAMELLIA_ROUNDSM(io[2],io[3],
1581                          CAMELLIA_SUBKEY_L(26),CAMELLIA_SUBKEY_R(26),
1582                          io[0],io[1],il,ir,t0,t1);
1583
1584         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1585                      CAMELLIA_SUBKEY_L(25),CAMELLIA_SUBKEY_R(25),
1586                      CAMELLIA_SUBKEY_L(24),CAMELLIA_SUBKEY_R(24),
1587                      t0,t1,il,ir);
1588
1589         CAMELLIA_ROUNDSM(io[0],io[1],
1590                          CAMELLIA_SUBKEY_L(23),CAMELLIA_SUBKEY_R(23),
1591                          io[2],io[3],il,ir,t0,t1);
1592         CAMELLIA_ROUNDSM(io[2],io[3],
1593                          CAMELLIA_SUBKEY_L(22),CAMELLIA_SUBKEY_R(22),
1594                          io[0],io[1],il,ir,t0,t1);
1595         CAMELLIA_ROUNDSM(io[0],io[1],
1596                          CAMELLIA_SUBKEY_L(21),CAMELLIA_SUBKEY_R(21),
1597                          io[2],io[3],il,ir,t0,t1);
1598         CAMELLIA_ROUNDSM(io[2],io[3],
1599                          CAMELLIA_SUBKEY_L(20),CAMELLIA_SUBKEY_R(20),
1600                          io[0],io[1],il,ir,t0,t1);
1601         CAMELLIA_ROUNDSM(io[0],io[1],
1602                          CAMELLIA_SUBKEY_L(19),CAMELLIA_SUBKEY_R(19),
1603                          io[2],io[3],il,ir,t0,t1);
1604         CAMELLIA_ROUNDSM(io[2],io[3],
1605                          CAMELLIA_SUBKEY_L(18),CAMELLIA_SUBKEY_R(18),
1606                          io[0],io[1],il,ir,t0,t1);
1607
1608         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1609                      CAMELLIA_SUBKEY_L(17),CAMELLIA_SUBKEY_R(17),
1610                      CAMELLIA_SUBKEY_L(16),CAMELLIA_SUBKEY_R(16),
1611                      t0,t1,il,ir);
1612
1613         CAMELLIA_ROUNDSM(io[0],io[1],
1614                          CAMELLIA_SUBKEY_L(15),CAMELLIA_SUBKEY_R(15),
1615                          io[2],io[3],il,ir,t0,t1);
1616         CAMELLIA_ROUNDSM(io[2],io[3],
1617                          CAMELLIA_SUBKEY_L(14),CAMELLIA_SUBKEY_R(14),
1618                          io[0],io[1],il,ir,t0,t1);
1619         CAMELLIA_ROUNDSM(io[0],io[1],
1620                          CAMELLIA_SUBKEY_L(13),CAMELLIA_SUBKEY_R(13),
1621                          io[2],io[3],il,ir,t0,t1);
1622         CAMELLIA_ROUNDSM(io[2],io[3],
1623                          CAMELLIA_SUBKEY_L(12),CAMELLIA_SUBKEY_R(12),
1624                          io[0],io[1],il,ir,t0,t1);
1625         CAMELLIA_ROUNDSM(io[0],io[1],
1626                          CAMELLIA_SUBKEY_L(11),CAMELLIA_SUBKEY_R(11),
1627                          io[2],io[3],il,ir,t0,t1);
1628         CAMELLIA_ROUNDSM(io[2],io[3],
1629                          CAMELLIA_SUBKEY_L(10),CAMELLIA_SUBKEY_R(10),
1630                          io[0],io[1],il,ir,t0,t1);
1631
1632         CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1633                      CAMELLIA_SUBKEY_L(9),CAMELLIA_SUBKEY_R(9),
1634                      CAMELLIA_SUBKEY_L(8),CAMELLIA_SUBKEY_R(8),
1635                      t0,t1,il,ir);
1636
1637         CAMELLIA_ROUNDSM(io[0],io[1],
1638                          CAMELLIA_SUBKEY_L(7),CAMELLIA_SUBKEY_R(7),
1639                          io[2],io[3],il,ir,t0,t1);
1640         CAMELLIA_ROUNDSM(io[2],io[3],
1641                          CAMELLIA_SUBKEY_L(6),CAMELLIA_SUBKEY_R(6),
1642                          io[0],io[1],il,ir,t0,t1);
1643         CAMELLIA_ROUNDSM(io[0],io[1],
1644                          CAMELLIA_SUBKEY_L(5),CAMELLIA_SUBKEY_R(5),
1645                          io[2],io[3],il,ir,t0,t1);
1646         CAMELLIA_ROUNDSM(io[2],io[3],
1647                          CAMELLIA_SUBKEY_L(4),CAMELLIA_SUBKEY_R(4),
1648                          io[0],io[1],il,ir,t0,t1);
1649         CAMELLIA_ROUNDSM(io[0],io[1],
1650                          CAMELLIA_SUBKEY_L(3),CAMELLIA_SUBKEY_R(3),
1651                          io[2],io[3],il,ir,t0,t1);
1652         CAMELLIA_ROUNDSM(io[2],io[3],
1653                          CAMELLIA_SUBKEY_L(2),CAMELLIA_SUBKEY_R(2),
1654                          io[0],io[1],il,ir,t0,t1);
1655
1656         /* post whitening but kw4 */
1657         io[2] ^= CAMELLIA_SUBKEY_L(0);
1658         io[3] ^= CAMELLIA_SUBKEY_R(0);
1659
1660         t0 = io[0];
1661         t1 = io[1];
1662         io[0] = io[2];
1663         io[1] = io[3];
1664         io[2] = t0;
1665         io[3] = t1;
1666
1667         io_text[0] = cpu_to_be32(io[0]);
1668         io_text[1] = cpu_to_be32(io[1]);
1669         io_text[2] = cpu_to_be32(io[2]);
1670         io_text[3] = cpu_to_be32(io[3]);
1671
1672         return;
1673 }
1674
1675
1676 static int
1677 camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
1678                  unsigned int key_len)
1679 {
1680         struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1681         const unsigned char *key = (const unsigned char *)in_key;
1682         u32 *flags = &tfm->crt_flags;
1683
1684         if (key_len != 16 && key_len != 24 && key_len != 32) {
1685                 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
1686                 return -EINVAL;
1687         }
1688
1689         cctx->key_length = key_len;
1690
1691         switch(key_len) {
1692         case 16:
1693                 camellia_setup128(key, cctx->key_table);
1694                 break;
1695         case 24:
1696                 camellia_setup192(key, cctx->key_table);
1697                 break;
1698         case 32:
1699                 camellia_setup256(key, cctx->key_table);
1700                 break;
1701         default:
1702                 break;
1703         }
1704
1705         return 0;
1706 }
1707
1708
1709 static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1710 {
1711         const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1712         const __be32 *src = (const __be32 *)in;
1713         __be32 *dst = (__be32 *)out;
1714
1715         __be32 tmp[4];
1716
1717         memcpy(tmp, src, CAMELLIA_BLOCK_SIZE);
1718
1719         switch (cctx->key_length) {
1720         case 16:
1721                 camellia_encrypt128(cctx->key_table, tmp);
1722                 break;
1723         case 24:
1724                 /* fall through */
1725         case 32:
1726                 camellia_encrypt256(cctx->key_table, tmp);
1727                 break;
1728         default:
1729                 break;
1730         }
1731
1732         memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE);
1733 }
1734
1735
1736 static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1737 {
1738         const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1739         const __be32 *src = (const __be32 *)in;
1740         __be32 *dst = (__be32 *)out;
1741
1742         __be32 tmp[4];
1743
1744         memcpy(tmp, src, CAMELLIA_BLOCK_SIZE);
1745
1746         switch (cctx->key_length) {
1747         case 16:
1748                 camellia_decrypt128(cctx->key_table, tmp);
1749                 break;
1750         case 24:
1751                 /* fall through */
1752         case 32:
1753                 camellia_decrypt256(cctx->key_table, tmp);
1754                 break;
1755         default:
1756                 break;
1757         }
1758
1759         memcpy(dst, tmp, CAMELLIA_BLOCK_SIZE);
1760 }
1761
1762
1763 static struct crypto_alg camellia_alg = {
1764         .cra_name               =       "camellia",
1765         .cra_driver_name        =       "camellia-generic",
1766         .cra_priority           =       100,
1767         .cra_flags              =       CRYPTO_ALG_TYPE_CIPHER,
1768         .cra_blocksize          =       CAMELLIA_BLOCK_SIZE,
1769         .cra_ctxsize            =       sizeof(struct camellia_ctx),
1770         .cra_alignmask          =       3,
1771         .cra_module             =       THIS_MODULE,
1772         .cra_list               =       LIST_HEAD_INIT(camellia_alg.cra_list),
1773         .cra_u                  =       {
1774                 .cipher = {
1775                         .cia_min_keysize        =       CAMELLIA_MIN_KEY_SIZE,
1776                         .cia_max_keysize        =       CAMELLIA_MAX_KEY_SIZE,
1777                         .cia_setkey             =       camellia_set_key,
1778                         .cia_encrypt            =       camellia_encrypt,
1779                         .cia_decrypt            =       camellia_decrypt
1780                 }
1781         }
1782 };
1783
1784 static int __init camellia_init(void)
1785 {
1786         return crypto_register_alg(&camellia_alg);
1787 }
1788
1789
1790 static void __exit camellia_fini(void)
1791 {
1792         crypto_unregister_alg(&camellia_alg);
1793 }
1794
1795
1796 module_init(camellia_init);
1797 module_exit(camellia_fini);
1798
1799
1800 MODULE_DESCRIPTION("Camellia Cipher Algorithm");
1801 MODULE_LICENSE("GPL");