cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

camellia_generic.c (34820B)


      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/*
      3 * Copyright (C) 2006
      4 * NTT (Nippon Telegraph and Telephone Corporation).
      5 */
      6
      7/*
      8 * Algorithm Specification
      9 *  https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
     10 */
     11
     12#include <linux/crypto.h>
     13#include <linux/errno.h>
     14#include <linux/init.h>
     15#include <linux/kernel.h>
     16#include <linux/module.h>
     17#include <linux/bitops.h>
     18#include <asm/unaligned.h>
     19
     20static const u32 camellia_sp1110[256] = {
     21	0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
     22	0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
     23	0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
     24	0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
     25	0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
     26	0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
     27	0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
     28	0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
     29	0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
     30	0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
     31	0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
     32	0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
     33	0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
     34	0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
     35	0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
     36	0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
     37	0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
     38	0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
     39	0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
     40	0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
     41	0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
     42	0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
     43	0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
     44	0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
     45	0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
     46	0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
     47	0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
     48	0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
     49	0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
     50	0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
     51	0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
     52	0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
     53	0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
     54	0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
     55	0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
     56	0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
     57	0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
     58	0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
     59	0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
     60	0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
     61	0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
     62	0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
     63	0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
     64	0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
     65	0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
     66	0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
     67	0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
     68	0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
     69	0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
     70	0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
     71	0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
     72	0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
     73	0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
     74	0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
     75	0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
     76	0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
     77	0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
     78	0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
     79	0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
     80	0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
     81	0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
     82	0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
     83	0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
     84	0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
     85};
     86
     87static const u32 camellia_sp0222[256] = {
     88	0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
     89	0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
     90	0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
     91	0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
     92	0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
     93	0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
     94	0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
     95	0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
     96	0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
     97	0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
     98	0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
     99	0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
    100	0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
    101	0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
    102	0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
    103	0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
    104	0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
    105	0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
    106	0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
    107	0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
    108	0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
    109	0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
    110	0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
    111	0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
    112	0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
    113	0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
    114	0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
    115	0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
    116	0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
    117	0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
    118	0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
    119	0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
    120	0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
    121	0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
    122	0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
    123	0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
    124	0x00202020, 0x00898989, 0x00000000, 0x00909090,
    125	0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
    126	0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
    127	0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
    128	0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
    129	0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
    130	0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
    131	0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
    132	0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
    133	0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
    134	0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
    135	0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
    136	0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
    137	0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
    138	0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
    139	0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
    140	0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
    141	0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
    142	0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
    143	0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
    144	0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
    145	0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
    146	0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
    147	0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
    148	0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
    149	0x00777777, 0x00939393, 0x00868686, 0x00838383,
    150	0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
    151	0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
    152};
    153
    154static const u32 camellia_sp3033[256] = {
    155	0x38003838, 0x41004141, 0x16001616, 0x76007676,
    156	0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
    157	0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
    158	0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
    159	0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
    160	0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
    161	0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
    162	0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
    163	0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
    164	0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
    165	0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
    166	0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
    167	0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
    168	0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
    169	0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
    170	0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
    171	0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
    172	0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
    173	0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
    174	0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
    175	0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
    176	0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
    177	0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
    178	0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
    179	0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
    180	0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
    181	0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
    182	0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
    183	0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
    184	0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
    185	0x12001212, 0x04000404, 0x74007474, 0x54005454,
    186	0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
    187	0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
    188	0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
    189	0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
    190	0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
    191	0x08000808, 0x62006262, 0x00000000, 0x24002424,
    192	0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
    193	0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
    194	0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
    195	0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
    196	0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
    197	0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
    198	0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
    199	0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
    200	0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
    201	0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
    202	0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
    203	0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
    204	0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
    205	0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
    206	0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
    207	0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
    208	0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
    209	0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
    210	0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
    211	0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
    212	0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
    213	0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
    214	0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
    215	0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
    216	0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
    217	0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
    218	0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
    219};
    220
    221static const u32 camellia_sp4404[256] = {
    222	0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
    223	0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
    224	0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
    225	0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
    226	0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
    227	0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
    228	0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
    229	0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
    230	0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
    231	0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
    232	0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
    233	0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
    234	0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
    235	0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
    236	0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
    237	0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
    238	0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
    239	0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
    240	0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
    241	0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
    242	0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
    243	0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
    244	0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
    245	0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
    246	0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
    247	0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
    248	0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
    249	0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
    250	0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
    251	0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
    252	0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
    253	0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
    254	0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
    255	0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
    256	0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
    257	0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
    258	0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
    259	0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
    260	0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
    261	0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
    262	0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
    263	0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
    264	0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
    265	0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
    266	0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
    267	0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
    268	0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
    269	0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
    270	0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
    271	0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
    272	0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
    273	0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
    274	0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
    275	0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
    276	0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
    277	0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
    278	0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
    279	0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
    280	0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
    281	0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
    282	0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
    283	0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
    284	0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
    285	0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
    286};
    287
    288
    289#define CAMELLIA_MIN_KEY_SIZE        16
    290#define CAMELLIA_MAX_KEY_SIZE        32
    291#define CAMELLIA_BLOCK_SIZE          16
    292#define CAMELLIA_TABLE_BYTE_LEN     272
    293
    294/*
    295 * NB: L and R below stand for 'left' and 'right' as in written numbers.
    296 * That is, in (xxxL,xxxR) pair xxxL holds most significant digits,
    297 * _not_ least significant ones!
    298 */
    299
    300
    301/* key constants */
    302
    303#define CAMELLIA_SIGMA1L (0xA09E667FL)
    304#define CAMELLIA_SIGMA1R (0x3BCC908BL)
    305#define CAMELLIA_SIGMA2L (0xB67AE858L)
    306#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
    307#define CAMELLIA_SIGMA3L (0xC6EF372FL)
    308#define CAMELLIA_SIGMA3R (0xE94F82BEL)
    309#define CAMELLIA_SIGMA4L (0x54FF53A5L)
    310#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
    311#define CAMELLIA_SIGMA5L (0x10E527FAL)
    312#define CAMELLIA_SIGMA5R (0xDE682D1DL)
    313#define CAMELLIA_SIGMA6L (0xB05688C2L)
    314#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
    315
    316/*
    317 *  macros
    318 */
    319#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({		\
    320	w0 = ll;					\
    321	ll = (ll << bits) + (lr >> (32 - bits));	\
    322	lr = (lr << bits) + (rl >> (32 - bits));	\
    323	rl = (rl << bits) + (rr >> (32 - bits));	\
    324	rr = (rr << bits) + (w0 >> (32 - bits));	\
    325})
    326
    327#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({	\
    328	w0 = ll;					\
    329	w1 = lr;					\
    330	ll = (lr << (bits - 32)) + (rl >> (64 - bits));	\
    331	lr = (rl << (bits - 32)) + (rr >> (64 - bits));	\
    332	rl = (rr << (bits - 32)) + (w0 >> (64 - bits));	\
    333	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits));	\
    334})
    335
    336#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({	\
    337	il = xl ^ kl;						\
    338	ir = xr ^ kr;						\
    339	t0 = il >> 16;						\
    340	t1 = ir >> 16;						\
    341	yl = camellia_sp1110[(u8)(ir)]				\
    342	   ^ camellia_sp0222[(u8)(t1 >> 8)]			\
    343	   ^ camellia_sp3033[(u8)(t1)]				\
    344	   ^ camellia_sp4404[(u8)(ir >> 8)];			\
    345	yr = camellia_sp1110[(u8)(t0 >> 8)]			\
    346	   ^ camellia_sp0222[(u8)(t0)]				\
    347	   ^ camellia_sp3033[(u8)(il >> 8)]			\
    348	   ^ camellia_sp4404[(u8)(il)];				\
    349	yl ^= yr;						\
    350	yr = ror32(yr, 8);					\
    351	yr ^= yl;						\
    352})
    353
    354#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
    355#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
    356
    357static void camellia_setup_tail(u32 *subkey, u32 *subL, u32 *subR, int max)
    358{
    359	u32 dw, tl, tr;
    360	u32 kw4l, kw4r;
    361
    362	/* absorb kw2 to other subkeys */
    363	/* round 2 */
    364	subL[3] ^= subL[1]; subR[3] ^= subR[1];
    365	/* round 4 */
    366	subL[5] ^= subL[1]; subR[5] ^= subR[1];
    367	/* round 6 */
    368	subL[7] ^= subL[1]; subR[7] ^= subR[1];
    369	subL[1] ^= subR[1] & ~subR[9];
    370	dw = subL[1] & subL[9];
    371	subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */
    372	/* round 8 */
    373	subL[11] ^= subL[1]; subR[11] ^= subR[1];
    374	/* round 10 */
    375	subL[13] ^= subL[1]; subR[13] ^= subR[1];
    376	/* round 12 */
    377	subL[15] ^= subL[1]; subR[15] ^= subR[1];
    378	subL[1] ^= subR[1] & ~subR[17];
    379	dw = subL[1] & subL[17];
    380	subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */
    381	/* round 14 */
    382	subL[19] ^= subL[1]; subR[19] ^= subR[1];
    383	/* round 16 */
    384	subL[21] ^= subL[1]; subR[21] ^= subR[1];
    385	/* round 18 */
    386	subL[23] ^= subL[1]; subR[23] ^= subR[1];
    387	if (max == 24) {
    388		/* kw3 */
    389		subL[24] ^= subL[1]; subR[24] ^= subR[1];
    390
    391	/* absorb kw4 to other subkeys */
    392		kw4l = subL[25]; kw4r = subR[25];
    393	} else {
    394		subL[1] ^= subR[1] & ~subR[25];
    395		dw = subL[1] & subL[25];
    396		subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */
    397		/* round 20 */
    398		subL[27] ^= subL[1]; subR[27] ^= subR[1];
    399		/* round 22 */
    400		subL[29] ^= subL[1]; subR[29] ^= subR[1];
    401		/* round 24 */
    402		subL[31] ^= subL[1]; subR[31] ^= subR[1];
    403		/* kw3 */
    404		subL[32] ^= subL[1]; subR[32] ^= subR[1];
    405
    406	/* absorb kw4 to other subkeys */
    407		kw4l = subL[33]; kw4r = subR[33];
    408		/* round 23 */
    409		subL[30] ^= kw4l; subR[30] ^= kw4r;
    410		/* round 21 */
    411		subL[28] ^= kw4l; subR[28] ^= kw4r;
    412		/* round 19 */
    413		subL[26] ^= kw4l; subR[26] ^= kw4r;
    414		kw4l ^= kw4r & ~subR[24];
    415		dw = kw4l & subL[24];
    416		kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */
    417	}
    418	/* round 17 */
    419	subL[22] ^= kw4l; subR[22] ^= kw4r;
    420	/* round 15 */
    421	subL[20] ^= kw4l; subR[20] ^= kw4r;
    422	/* round 13 */
    423	subL[18] ^= kw4l; subR[18] ^= kw4r;
    424	kw4l ^= kw4r & ~subR[16];
    425	dw = kw4l & subL[16];
    426	kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */
    427	/* round 11 */
    428	subL[14] ^= kw4l; subR[14] ^= kw4r;
    429	/* round 9 */
    430	subL[12] ^= kw4l; subR[12] ^= kw4r;
    431	/* round 7 */
    432	subL[10] ^= kw4l; subR[10] ^= kw4r;
    433	kw4l ^= kw4r & ~subR[8];
    434	dw = kw4l & subL[8];
    435	kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */
    436	/* round 5 */
    437	subL[6] ^= kw4l; subR[6] ^= kw4r;
    438	/* round 3 */
    439	subL[4] ^= kw4l; subR[4] ^= kw4r;
    440	/* round 1 */
    441	subL[2] ^= kw4l; subR[2] ^= kw4r;
    442	/* kw1 */
    443	subL[0] ^= kw4l; subR[0] ^= kw4r;
    444
    445	/* key XOR is end of F-function */
    446	SUBKEY_L(0) = subL[0] ^ subL[2];/* kw1 */
    447	SUBKEY_R(0) = subR[0] ^ subR[2];
    448	SUBKEY_L(2) = subL[3];       /* round 1 */
    449	SUBKEY_R(2) = subR[3];
    450	SUBKEY_L(3) = subL[2] ^ subL[4]; /* round 2 */
    451	SUBKEY_R(3) = subR[2] ^ subR[4];
    452	SUBKEY_L(4) = subL[3] ^ subL[5]; /* round 3 */
    453	SUBKEY_R(4) = subR[3] ^ subR[5];
    454	SUBKEY_L(5) = subL[4] ^ subL[6]; /* round 4 */
    455	SUBKEY_R(5) = subR[4] ^ subR[6];
    456	SUBKEY_L(6) = subL[5] ^ subL[7]; /* round 5 */
    457	SUBKEY_R(6) = subR[5] ^ subR[7];
    458	tl = subL[10] ^ (subR[10] & ~subR[8]);
    459	dw = tl & subL[8];  /* FL(kl1) */
    460	tr = subR[10] ^ rol32(dw, 1);
    461	SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */
    462	SUBKEY_R(7) = subR[6] ^ tr;
    463	SUBKEY_L(8) = subL[8];       /* FL(kl1) */
    464	SUBKEY_R(8) = subR[8];
    465	SUBKEY_L(9) = subL[9];       /* FLinv(kl2) */
    466	SUBKEY_R(9) = subR[9];
    467	tl = subL[7] ^ (subR[7] & ~subR[9]);
    468	dw = tl & subL[9];  /* FLinv(kl2) */
    469	tr = subR[7] ^ rol32(dw, 1);
    470	SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */
    471	SUBKEY_R(10) = tr ^ subR[11];
    472	SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */
    473	SUBKEY_R(11) = subR[10] ^ subR[12];
    474	SUBKEY_L(12) = subL[11] ^ subL[13]; /* round 9 */
    475	SUBKEY_R(12) = subR[11] ^ subR[13];
    476	SUBKEY_L(13) = subL[12] ^ subL[14]; /* round 10 */
    477	SUBKEY_R(13) = subR[12] ^ subR[14];
    478	SUBKEY_L(14) = subL[13] ^ subL[15]; /* round 11 */
    479	SUBKEY_R(14) = subR[13] ^ subR[15];
    480	tl = subL[18] ^ (subR[18] & ~subR[16]);
    481	dw = tl & subL[16]; /* FL(kl3) */
    482	tr = subR[18] ^ rol32(dw, 1);
    483	SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */
    484	SUBKEY_R(15) = subR[14] ^ tr;
    485	SUBKEY_L(16) = subL[16];     /* FL(kl3) */
    486	SUBKEY_R(16) = subR[16];
    487	SUBKEY_L(17) = subL[17];     /* FLinv(kl4) */
    488	SUBKEY_R(17) = subR[17];
    489	tl = subL[15] ^ (subR[15] & ~subR[17]);
    490	dw = tl & subL[17]; /* FLinv(kl4) */
    491	tr = subR[15] ^ rol32(dw, 1);
    492	SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */
    493	SUBKEY_R(18) = tr ^ subR[19];
    494	SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */
    495	SUBKEY_R(19) = subR[18] ^ subR[20];
    496	SUBKEY_L(20) = subL[19] ^ subL[21]; /* round 15 */
    497	SUBKEY_R(20) = subR[19] ^ subR[21];
    498	SUBKEY_L(21) = subL[20] ^ subL[22]; /* round 16 */
    499	SUBKEY_R(21) = subR[20] ^ subR[22];
    500	SUBKEY_L(22) = subL[21] ^ subL[23]; /* round 17 */
    501	SUBKEY_R(22) = subR[21] ^ subR[23];
    502	if (max == 24) {
    503		SUBKEY_L(23) = subL[22];     /* round 18 */
    504		SUBKEY_R(23) = subR[22];
    505		SUBKEY_L(24) = subL[24] ^ subL[23]; /* kw3 */
    506		SUBKEY_R(24) = subR[24] ^ subR[23];
    507	} else {
    508		tl = subL[26] ^ (subR[26] & ~subR[24]);
    509		dw = tl & subL[24]; /* FL(kl5) */
    510		tr = subR[26] ^ rol32(dw, 1);
    511		SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */
    512		SUBKEY_R(23) = subR[22] ^ tr;
    513		SUBKEY_L(24) = subL[24];     /* FL(kl5) */
    514		SUBKEY_R(24) = subR[24];
    515		SUBKEY_L(25) = subL[25];     /* FLinv(kl6) */
    516		SUBKEY_R(25) = subR[25];
    517		tl = subL[23] ^ (subR[23] & ~subR[25]);
    518		dw = tl & subL[25]; /* FLinv(kl6) */
    519		tr = subR[23] ^ rol32(dw, 1);
    520		SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */
    521		SUBKEY_R(26) = tr ^ subR[27];
    522		SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */
    523		SUBKEY_R(27) = subR[26] ^ subR[28];
    524		SUBKEY_L(28) = subL[27] ^ subL[29]; /* round 21 */
    525		SUBKEY_R(28) = subR[27] ^ subR[29];
    526		SUBKEY_L(29) = subL[28] ^ subL[30]; /* round 22 */
    527		SUBKEY_R(29) = subR[28] ^ subR[30];
    528		SUBKEY_L(30) = subL[29] ^ subL[31]; /* round 23 */
    529		SUBKEY_R(30) = subR[29] ^ subR[31];
    530		SUBKEY_L(31) = subL[30];     /* round 24 */
    531		SUBKEY_R(31) = subR[30];
    532		SUBKEY_L(32) = subL[32] ^ subL[31]; /* kw3 */
    533		SUBKEY_R(32) = subR[32] ^ subR[31];
    534	}
    535}
    536
    537static void camellia_setup128(const unsigned char *key, u32 *subkey)
    538{
    539	u32 kll, klr, krl, krr;
    540	u32 il, ir, t0, t1, w0, w1;
    541	u32 subL[26];
    542	u32 subR[26];
    543
    544	/**
    545	 *  k == kll || klr || krl || krr (|| is concatenation)
    546	 */
    547	kll = get_unaligned_be32(key);
    548	klr = get_unaligned_be32(key + 4);
    549	krl = get_unaligned_be32(key + 8);
    550	krr = get_unaligned_be32(key + 12);
    551
    552	/* generate KL dependent subkeys */
    553	/* kw1 */
    554	subL[0] = kll; subR[0] = klr;
    555	/* kw2 */
    556	subL[1] = krl; subR[1] = krr;
    557	/* rotation left shift 15bit */
    558	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    559	/* k3 */
    560	subL[4] = kll; subR[4] = klr;
    561	/* k4 */
    562	subL[5] = krl; subR[5] = krr;
    563	/* rotation left shift 15+30bit */
    564	ROLDQ(kll, klr, krl, krr, w0, w1, 30);
    565	/* k7 */
    566	subL[10] = kll; subR[10] = klr;
    567	/* k8 */
    568	subL[11] = krl; subR[11] = krr;
    569	/* rotation left shift 15+30+15bit */
    570	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    571	/* k10 */
    572	subL[13] = krl; subR[13] = krr;
    573	/* rotation left shift 15+30+15+17 bit */
    574	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
    575	/* kl3 */
    576	subL[16] = kll; subR[16] = klr;
    577	/* kl4 */
    578	subL[17] = krl; subR[17] = krr;
    579	/* rotation left shift 15+30+15+17+17 bit */
    580	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
    581	/* k13 */
    582	subL[18] = kll; subR[18] = klr;
    583	/* k14 */
    584	subL[19] = krl; subR[19] = krr;
    585	/* rotation left shift 15+30+15+17+17+17 bit */
    586	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
    587	/* k17 */
    588	subL[22] = kll; subR[22] = klr;
    589	/* k18 */
    590	subL[23] = krl; subR[23] = krr;
    591
    592	/* generate KA */
    593	kll = subL[0]; klr = subR[0];
    594	krl = subL[1]; krr = subR[1];
    595	CAMELLIA_F(kll, klr,
    596		   CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
    597		   w0, w1, il, ir, t0, t1);
    598	krl ^= w0; krr ^= w1;
    599	CAMELLIA_F(krl, krr,
    600		   CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
    601		   kll, klr, il, ir, t0, t1);
    602	/* current status == (kll, klr, w0, w1) */
    603	CAMELLIA_F(kll, klr,
    604		   CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
    605		   krl, krr, il, ir, t0, t1);
    606	krl ^= w0; krr ^= w1;
    607	CAMELLIA_F(krl, krr,
    608		   CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
    609		   w0, w1, il, ir, t0, t1);
    610	kll ^= w0; klr ^= w1;
    611
    612	/* generate KA dependent subkeys */
    613	/* k1, k2 */
    614	subL[2] = kll; subR[2] = klr;
    615	subL[3] = krl; subR[3] = krr;
    616	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    617	/* k5,k6 */
    618	subL[6] = kll; subR[6] = klr;
    619	subL[7] = krl; subR[7] = krr;
    620	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    621	/* kl1, kl2 */
    622	subL[8] = kll; subR[8] = klr;
    623	subL[9] = krl; subR[9] = krr;
    624	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    625	/* k9 */
    626	subL[12] = kll; subR[12] = klr;
    627	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    628	/* k11, k12 */
    629	subL[14] = kll; subR[14] = klr;
    630	subL[15] = krl; subR[15] = krr;
    631	ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
    632	/* k15, k16 */
    633	subL[20] = kll; subR[20] = klr;
    634	subL[21] = krl; subR[21] = krr;
    635	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
    636	/* kw3, kw4 */
    637	subL[24] = kll; subR[24] = klr;
    638	subL[25] = krl; subR[25] = krr;
    639
    640	camellia_setup_tail(subkey, subL, subR, 24);
    641}
    642
    643static void camellia_setup256(const unsigned char *key, u32 *subkey)
    644{
    645	u32 kll, klr, krl, krr;        /* left half of key */
    646	u32 krll, krlr, krrl, krrr;    /* right half of key */
    647	u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
    648	u32 subL[34];
    649	u32 subR[34];
    650
    651	/**
    652	 *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
    653	 *  (|| is concatenation)
    654	 */
    655	kll = get_unaligned_be32(key);
    656	klr = get_unaligned_be32(key + 4);
    657	krl = get_unaligned_be32(key + 8);
    658	krr = get_unaligned_be32(key + 12);
    659	krll = get_unaligned_be32(key + 16);
    660	krlr = get_unaligned_be32(key + 20);
    661	krrl = get_unaligned_be32(key + 24);
    662	krrr = get_unaligned_be32(key + 28);
    663
    664	/* generate KL dependent subkeys */
    665	/* kw1 */
    666	subL[0] = kll; subR[0] = klr;
    667	/* kw2 */
    668	subL[1] = krl; subR[1] = krr;
    669	ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
    670	/* k9 */
    671	subL[12] = kll; subR[12] = klr;
    672	/* k10 */
    673	subL[13] = krl; subR[13] = krr;
    674	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    675	/* kl3 */
    676	subL[16] = kll; subR[16] = klr;
    677	/* kl4 */
    678	subL[17] = krl; subR[17] = krr;
    679	ROLDQ(kll, klr, krl, krr, w0, w1, 17);
    680	/* k17 */
    681	subL[22] = kll; subR[22] = klr;
    682	/* k18 */
    683	subL[23] = krl; subR[23] = krr;
    684	ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
    685	/* k23 */
    686	subL[30] = kll; subR[30] = klr;
    687	/* k24 */
    688	subL[31] = krl; subR[31] = krr;
    689
    690	/* generate KR dependent subkeys */
    691	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
    692	/* k3 */
    693	subL[4] = krll; subR[4] = krlr;
    694	/* k4 */
    695	subL[5] = krrl; subR[5] = krrr;
    696	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
    697	/* kl1 */
    698	subL[8] = krll; subR[8] = krlr;
    699	/* kl2 */
    700	subL[9] = krrl; subR[9] = krrr;
    701	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
    702	/* k13 */
    703	subL[18] = krll; subR[18] = krlr;
    704	/* k14 */
    705	subL[19] = krrl; subR[19] = krrr;
    706	ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
    707	/* k19 */
    708	subL[26] = krll; subR[26] = krlr;
    709	/* k20 */
    710	subL[27] = krrl; subR[27] = krrr;
    711	ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
    712
    713	/* generate KA */
    714	kll = subL[0] ^ krll; klr = subR[0] ^ krlr;
    715	krl = subL[1] ^ krrl; krr = subR[1] ^ krrr;
    716	CAMELLIA_F(kll, klr,
    717		   CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
    718		   w0, w1, il, ir, t0, t1);
    719	krl ^= w0; krr ^= w1;
    720	CAMELLIA_F(krl, krr,
    721		   CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
    722		   kll, klr, il, ir, t0, t1);
    723	kll ^= krll; klr ^= krlr;
    724	CAMELLIA_F(kll, klr,
    725		   CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
    726		   krl, krr, il, ir, t0, t1);
    727	krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
    728	CAMELLIA_F(krl, krr,
    729		   CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
    730		   w0, w1, il, ir, t0, t1);
    731	kll ^= w0; klr ^= w1;
    732
    733	/* generate KB */
    734	krll ^= kll; krlr ^= klr;
    735	krrl ^= krl; krrr ^= krr;
    736	CAMELLIA_F(krll, krlr,
    737		   CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
    738		   w0, w1, il, ir, t0, t1);
    739	krrl ^= w0; krrr ^= w1;
    740	CAMELLIA_F(krrl, krrr,
    741		   CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
    742		   w0, w1, il, ir, t0, t1);
    743	krll ^= w0; krlr ^= w1;
    744
    745	/* generate KA dependent subkeys */
    746	ROLDQ(kll, klr, krl, krr, w0, w1, 15);
    747	/* k5 */
    748	subL[6] = kll; subR[6] = klr;
    749	/* k6 */
    750	subL[7] = krl; subR[7] = krr;
    751	ROLDQ(kll, klr, krl, krr, w0, w1, 30);
    752	/* k11 */
    753	subL[14] = kll; subR[14] = klr;
    754	/* k12 */
    755	subL[15] = krl; subR[15] = krr;
    756	/* rotation left shift 32bit */
    757	/* kl5 */
    758	subL[24] = klr; subR[24] = krl;
    759	/* kl6 */
    760	subL[25] = krr; subR[25] = kll;
    761	/* rotation left shift 49 from k11,k12 -> k21,k22 */
    762	ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
    763	/* k21 */
    764	subL[28] = kll; subR[28] = klr;
    765	/* k22 */
    766	subL[29] = krl; subR[29] = krr;
    767
    768	/* generate KB dependent subkeys */
    769	/* k1 */
    770	subL[2] = krll; subR[2] = krlr;
    771	/* k2 */
    772	subL[3] = krrl; subR[3] = krrr;
    773	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
    774	/* k7 */
    775	subL[10] = krll; subR[10] = krlr;
    776	/* k8 */
    777	subL[11] = krrl; subR[11] = krrr;
    778	ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
    779	/* k15 */
    780	subL[20] = krll; subR[20] = krlr;
    781	/* k16 */
    782	subL[21] = krrl; subR[21] = krrr;
    783	ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
    784	/* kw3 */
    785	subL[32] = krll; subR[32] = krlr;
    786	/* kw4 */
    787	subL[33] = krrl; subR[33] = krrr;
    788
    789	camellia_setup_tail(subkey, subL, subR, 32);
    790}
    791
    792static void camellia_setup192(const unsigned char *key, u32 *subkey)
    793{
    794	unsigned char kk[32];
    795	u32 krll, krlr, krrl, krrr;
    796
    797	memcpy(kk, key, 24);
    798	memcpy((unsigned char *)&krll, key+16, 4);
    799	memcpy((unsigned char *)&krlr, key+20, 4);
    800	krrl = ~krll;
    801	krrr = ~krlr;
    802	memcpy(kk+24, (unsigned char *)&krrl, 4);
    803	memcpy(kk+28, (unsigned char *)&krrr, 4);
    804	camellia_setup256(kk, subkey);
    805}
    806
    807
    808/*
    809 * Encrypt/decrypt
    810 */
    811#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
    812	t0 = kll;							\
    813	t2 = krr;							\
    814	t0 &= ll;							\
    815	t2 |= rr;							\
    816	rl ^= t2;							\
    817	lr ^= rol32(t0, 1);						\
    818	t3 = krl;							\
    819	t1 = klr;							\
    820	t3 &= rl;							\
    821	t1 |= lr;							\
    822	ll ^= t1;							\
    823	rr ^= rol32(t3, 1);						\
    824})
    825
    826#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({		\
    827	yl ^= kl;							\
    828	yr ^= kr;							\
    829	ir =  camellia_sp1110[(u8)xr];					\
    830	il =  camellia_sp1110[(u8)(xl >> 24)];				\
    831	ir ^= camellia_sp0222[(u8)(xr >> 24)];				\
    832	il ^= camellia_sp0222[(u8)(xl >> 16)];				\
    833	ir ^= camellia_sp3033[(u8)(xr >> 16)];				\
    834	il ^= camellia_sp3033[(u8)(xl >> 8)];				\
    835	ir ^= camellia_sp4404[(u8)(xr >> 8)];				\
    836	il ^= camellia_sp4404[(u8)xl];					\
    837	ir ^= il;							\
    838	yl ^= ir;							\
    839	yr ^= ror32(il, 8) ^ ir;					\
    840})
    841
    842/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
    843static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
    844{
    845	u32 il, ir, t0, t1;            /* temporary variables */
    846
    847	/* pre whitening but absorb kw2 */
    848	io[0] ^= SUBKEY_L(0);
    849	io[1] ^= SUBKEY_R(0);
    850
    851	/* main iteration */
    852#define ROUNDS(i) ({ \
    853	CAMELLIA_ROUNDSM(io[0], io[1], \
    854			 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
    855			 io[2], io[3], il, ir); \
    856	CAMELLIA_ROUNDSM(io[2], io[3], \
    857			 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
    858			 io[0], io[1], il, ir); \
    859	CAMELLIA_ROUNDSM(io[0], io[1], \
    860			 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
    861			 io[2], io[3], il, ir); \
    862	CAMELLIA_ROUNDSM(io[2], io[3], \
    863			 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
    864			 io[0], io[1], il, ir); \
    865	CAMELLIA_ROUNDSM(io[0], io[1], \
    866			 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
    867			 io[2], io[3], il, ir); \
    868	CAMELLIA_ROUNDSM(io[2], io[3], \
    869			 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
    870			 io[0], io[1], il, ir); \
    871})
    872#define FLS(i) ({ \
    873	CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
    874		     SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
    875		     SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
    876		     t0, t1, il, ir); \
    877})
    878
    879	ROUNDS(0);
    880	FLS(8);
    881	ROUNDS(8);
    882	FLS(16);
    883	ROUNDS(16);
    884	if (max == 32) {
    885		FLS(24);
    886		ROUNDS(24);
    887	}
    888
    889#undef ROUNDS
    890#undef FLS
    891
    892	/* post whitening but kw4 */
    893	io[2] ^= SUBKEY_L(max);
    894	io[3] ^= SUBKEY_R(max);
    895	/* NB: io[0],[1] should be swapped with [2],[3] by caller! */
    896}
    897
    898static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
    899{
    900	u32 il, ir, t0, t1;            /* temporary variables */
    901
    902	/* pre whitening but absorb kw2 */
    903	io[0] ^= SUBKEY_L(i);
    904	io[1] ^= SUBKEY_R(i);
    905
    906	/* main iteration */
    907#define ROUNDS(i) ({ \
    908	CAMELLIA_ROUNDSM(io[0], io[1], \
    909			 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
    910			 io[2], io[3], il, ir); \
    911	CAMELLIA_ROUNDSM(io[2], io[3], \
    912			 SUBKEY_L(i + 6), SUBKEY_R(i + 6), \
    913			 io[0], io[1], il, ir); \
    914	CAMELLIA_ROUNDSM(io[0], io[1], \
    915			 SUBKEY_L(i + 5), SUBKEY_R(i + 5), \
    916			 io[2], io[3], il, ir); \
    917	CAMELLIA_ROUNDSM(io[2], io[3], \
    918			 SUBKEY_L(i + 4), SUBKEY_R(i + 4), \
    919			 io[0], io[1], il, ir); \
    920	CAMELLIA_ROUNDSM(io[0], io[1], \
    921			 SUBKEY_L(i + 3), SUBKEY_R(i + 3), \
    922			 io[2], io[3], il, ir); \
    923	CAMELLIA_ROUNDSM(io[2], io[3], \
    924			 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
    925			 io[0], io[1], il, ir); \
    926})
    927#define FLS(i) ({ \
    928	CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
    929		     SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
    930		     SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
    931		     t0, t1, il, ir); \
    932})
    933
    934	if (i == 32) {
    935		ROUNDS(24);
    936		FLS(24);
    937	}
    938	ROUNDS(16);
    939	FLS(16);
    940	ROUNDS(8);
    941	FLS(8);
    942	ROUNDS(0);
    943
    944#undef ROUNDS
    945#undef FLS
    946
    947	/* post whitening but kw4 */
    948	io[2] ^= SUBKEY_L(0);
    949	io[3] ^= SUBKEY_R(0);
    950	/* NB: 0,1 should be swapped with 2,3 by caller! */
    951}
    952
    953
    954struct camellia_ctx {
    955	int key_length;
    956	u32 key_table[CAMELLIA_TABLE_BYTE_LEN / sizeof(u32)];
    957};
    958
    959static int
    960camellia_set_key(struct crypto_tfm *tfm, const u8 *in_key,
    961		 unsigned int key_len)
    962{
    963	struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
    964	const unsigned char *key = (const unsigned char *)in_key;
    965
    966	if (key_len != 16 && key_len != 24 && key_len != 32)
    967		return -EINVAL;
    968
    969	cctx->key_length = key_len;
    970
    971	switch (key_len) {
    972	case 16:
    973		camellia_setup128(key, cctx->key_table);
    974		break;
    975	case 24:
    976		camellia_setup192(key, cctx->key_table);
    977		break;
    978	case 32:
    979		camellia_setup256(key, cctx->key_table);
    980		break;
    981	}
    982
    983	return 0;
    984}
    985
    986static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
    987{
    988	const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
    989	unsigned int max;
    990
    991	u32 tmp[4];
    992
    993	tmp[0] = get_unaligned_be32(in);
    994	tmp[1] = get_unaligned_be32(in + 4);
    995	tmp[2] = get_unaligned_be32(in + 8);
    996	tmp[3] = get_unaligned_be32(in + 12);
    997
    998	if (cctx->key_length == 16)
    999		max = 24;
   1000	else
   1001		max = 32; /* for key lengths of 24 and 32 */
   1002
   1003	camellia_do_encrypt(cctx->key_table, tmp, max);
   1004
   1005	/* do_encrypt returns 0,1 swapped with 2,3 */
   1006	put_unaligned_be32(tmp[2], out);
   1007	put_unaligned_be32(tmp[3], out + 4);
   1008	put_unaligned_be32(tmp[0], out + 8);
   1009	put_unaligned_be32(tmp[1], out + 12);
   1010}
   1011
   1012static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
   1013{
   1014	const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
   1015	unsigned int max;
   1016
   1017	u32 tmp[4];
   1018
   1019	tmp[0] = get_unaligned_be32(in);
   1020	tmp[1] = get_unaligned_be32(in + 4);
   1021	tmp[2] = get_unaligned_be32(in + 8);
   1022	tmp[3] = get_unaligned_be32(in + 12);
   1023
   1024	if (cctx->key_length == 16)
   1025		max = 24;
   1026	else
   1027		max = 32; /* for key lengths of 24 and 32 */
   1028
   1029	camellia_do_decrypt(cctx->key_table, tmp, max);
   1030
   1031	/* do_decrypt returns 0,1 swapped with 2,3 */
   1032	put_unaligned_be32(tmp[2], out);
   1033	put_unaligned_be32(tmp[3], out + 4);
   1034	put_unaligned_be32(tmp[0], out + 8);
   1035	put_unaligned_be32(tmp[1], out + 12);
   1036}
   1037
   1038static struct crypto_alg camellia_alg = {
   1039	.cra_name		=	"camellia",
   1040	.cra_driver_name	=	"camellia-generic",
   1041	.cra_priority		=	100,
   1042	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
   1043	.cra_blocksize		=	CAMELLIA_BLOCK_SIZE,
   1044	.cra_ctxsize		=	sizeof(struct camellia_ctx),
   1045	.cra_module		=	THIS_MODULE,
   1046	.cra_u			=	{
   1047		.cipher = {
   1048			.cia_min_keysize	=	CAMELLIA_MIN_KEY_SIZE,
   1049			.cia_max_keysize	=	CAMELLIA_MAX_KEY_SIZE,
   1050			.cia_setkey		=	camellia_set_key,
   1051			.cia_encrypt		=	camellia_encrypt,
   1052			.cia_decrypt		=	camellia_decrypt
   1053		}
   1054	}
   1055};
   1056
   1057static int __init camellia_init(void)
   1058{
   1059	return crypto_register_alg(&camellia_alg);
   1060}
   1061
   1062static void __exit camellia_fini(void)
   1063{
   1064	crypto_unregister_alg(&camellia_alg);
   1065}
   1066
   1067subsys_initcall(camellia_init);
   1068module_exit(camellia_fini);
   1069
   1070MODULE_DESCRIPTION("Camellia Cipher Algorithm");
   1071MODULE_LICENSE("GPL");
   1072MODULE_ALIAS_CRYPTO("camellia");
   1073MODULE_ALIAS_CRYPTO("camellia-generic");