1  /* camellia.c ver 1.2.0


2  *


3  * Copyright (c) 2006,2007


4  * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.


5  *


6  * Redistribution and use in source and binary forms, with or without


7  * modification, are permitted provided that the following conditions


8  * are met:


9  * 1. Redistributions of source code must retain the above copyright


10  * notice, this list of conditions and the following disclaimer as


11  * the first lines of this file unmodified.


12  * 2. Redistributions in binary form must reproduce the above copyright


13  * notice, this list of conditions and the following disclaimer in the


14  * documentation and/or other materials provided with the distribution.


15  *


16  * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR


17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES


18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.


19  * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,


20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT


21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,


22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY


23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT


24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF


25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


26  */


27 


28  /* camellia.c


29  *


30  * Copyright (C) 20062015 wolfSSL Inc.


31  *


32  * This file is part of wolfSSL. (formerly known as CyaSSL)


33  *


34  * wolfSSL is free software; you can redistribute it and/or modify


35  * it under the terms of the GNU General Public License as published by


36  * the Free Software Foundation; either version 2 of the License, or


37  * (at your option) any later version.


38  *


39  * wolfSSL is distributed in the hope that it will be useful,


40  * but WITHOUT ANY WARRANTY; without even the implied warranty of


41  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the


42  * GNU General Public License for more details.


43  *


44  * You should have received a copy of the GNU General Public License


45  * along with this program; if not, write to the Free Software


46  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 021101301, USA


47  */


48 


49  /*


50  * Algorithm Specification


51  * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html


52  */


53 


54 


55  #ifdef HAVE_CONFIG_H


56  #include <config.h>


57  #endif


58 


59  #include <wolfssl/wolfcrypt/settings.h>


60 


61  #ifdef HAVE_CAMELLIA


62 


63  #include <wolfssl/wolfcrypt/camellia.h>


64  #include <wolfssl/wolfcrypt/errorcrypt.h>


65  #include <wolfssl/wolfcrypt/logging.h>


66  #ifdef NO_INLINE


67  #include <wolfssl/wolfcrypt/misc.h>


68  #else


69  #include <wolfcrypt/src/misc.c>


70  #endif


71 


72  /* u32 must be 32bit word */


73  typedef unsigned int u32;


74  typedef unsigned char u8;


75 


76  /* key constants */


77 


78  #define CAMELLIA_SIGMA1L ((u32)0xA09E667FL)


79  #define CAMELLIA_SIGMA1R ((u32)0x3BCC908BL)


80  #define CAMELLIA_SIGMA2L ((u32)0xB67AE858L)


81  #define CAMELLIA_SIGMA2R ((u32)0x4CAA73B2L)


82  #define CAMELLIA_SIGMA3L ((u32)0xC6EF372FL)


83  #define CAMELLIA_SIGMA3R ((u32)0xE94F82BEL)


84  #define CAMELLIA_SIGMA4L ((u32)0x54FF53A5L)


85  #define CAMELLIA_SIGMA4R ((u32)0xF1D36F1CL)


86  #define CAMELLIA_SIGMA5L ((u32)0x10E527FAL)


87  #define CAMELLIA_SIGMA5R ((u32)0xDE682D1DL)


88  #define CAMELLIA_SIGMA6L ((u32)0xB05688C2L)


89  #define CAMELLIA_SIGMA6R ((u32)0xB3E6C1FDL)


90 


91  /*


92  * macros


93  */


94 


95 


96  #if defined(_MSC_VER)


97 


98  # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff  _lrotr(x, 8) & 0xff00ff00)


99  # define GETU32(p) SWAP(*((u32 *)(p)))


100  # define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}


101 


102  #else /* not MSVC */


103 


104  # define GETU32(pt) \


105  (((u32)(pt)[0] << 24) \


106  ^ ((u32)(pt)[1] << 16) \


107  ^ ((u32)(pt)[2] << 8) \


108  ^ ((u32)(pt)[3]))


109 


110  # define PUTU32(ct, st) { \


111  (ct)[0] = (u8)((st) >> 24); \


112  (ct)[1] = (u8)((st) >> 16); \


113  (ct)[2] = (u8)((st) >> 8); \


114  (ct)[3] = (u8)(st); }


115 


116  #endif


117 


118  #define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])


119  #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])


120 


121  /* rotation right shift 1byte */


122  #define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))


123  /* rotation left shift 1bit */


124  #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))


125  /* rotation left shift 1byte */


126  #define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))


127 


128  #define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \


129  do { \


130  w0 = ll; \


131  ll = (ll << bits) + (lr >> (32  bits)); \


132  lr = (lr << bits) + (rl >> (32  bits)); \


133  rl = (rl << bits) + (rr >> (32  bits)); \


134  rr = (rr << bits) + (w0 >> (32  bits)); \


135  } while(0)


136 


137  #define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \


138  do { \


139  w0 = ll; \


140  w1 = lr; \


141  ll = (lr << (bits  32)) + (rl >> (64  bits)); \


142  lr = (rl << (bits  32)) + (rr >> (64  bits)); \


143  rl = (rr << (bits  32)) + (w0 >> (64  bits)); \


144  rr = (w0 << (bits  32)) + (w1 >> (64  bits)); \


145  } while(0)


146 


147  #define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])


148  #define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])


149  #define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])


150  #define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])


151 


152  #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \


153  do { \


154  il = xl ^ kl; \


155  ir = xr ^ kr; \


156  t0 = il >> 16; \


157  t1 = ir >> 16; \


158  yl = CAMELLIA_SP1110(ir & 0xff) \


159  ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \


160  ^ CAMELLIA_SP3033(t1 & 0xff) \


161  ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \


162  yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \


163  ^ CAMELLIA_SP0222(t0 & 0xff) \


164  ^ CAMELLIA_SP3033((il >> 8) & 0xff) \


165  ^ CAMELLIA_SP4404(il & 0xff); \


166  yl ^= yr; \


167  yr = CAMELLIA_RR8(yr); \


168  yr ^= yl; \


169  } while(0)


170 


171 


172  /*


173  * for speed up


174  *


175  */


176  #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \


177  do { \


178  t0 = kll; \


179  t0 &= ll; \


180  lr ^= CAMELLIA_RL1(t0); \


181  t1 = klr; \


182  t1 = lr; \


183  ll ^= t1; \


184  \


185  t2 = krr; \


186  t2 = rr; \


187  rl ^= t2; \


188  t3 = krl; \


189  t3 &= rl; \


190  rr ^= CAMELLIA_RL1(t3); \


191  } while(0)


192 


193  #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \


194  do { \


195  ir = CAMELLIA_SP1110(xr & 0xff) \


196  ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \


197  ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \


198  ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \


199  il = CAMELLIA_SP1110((xl >> 24) & 0xff) \


200  ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \


201  ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \


202  ^ CAMELLIA_SP4404(xl & 0xff); \


203  il ^= kl; \


204  ir ^= kr; \


205  ir ^= il; \


206  il = CAMELLIA_RR8(il); \


207  il ^= ir; \


208  yl ^= ir; \


209  yr ^= il; \


210  } while(0)


211 


212 


213  static const u32 camellia_sp1110[256] = {


214  0x70707000,0x82828200,0x2c2c2c00,0xececec00,


215  0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,


216  0xe4e4e400,0x85858500,0x57575700,0x35353500,


217  0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,


218  0x23232300,0xefefef00,0x6b6b6b00,0x93939300,


219  0x45454500,0x19191900,0xa5a5a500,0x21212100,


220  0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,


221  0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,


222  0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,


223  0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,


224  0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,


225  0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,


226  0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,


227  0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,


228  0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,


229  0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,


230  0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,


231  0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,


232  0x74747400,0x12121200,0x2b2b2b00,0x20202000,


233  0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,


234  0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,


235  0x34343400,0x7e7e7e00,0x76767600,0x05050500,


236  0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,


237  0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,


238  0x14141400,0x58585800,0x3a3a3a00,0x61616100,


239  0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,


240  0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,


241  0x53535300,0x18181800,0xf2f2f200,0x22222200,


242  0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,


243  0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,


244  0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,


245  0x60606000,0xfcfcfc00,0x69696900,0x50505000,


246  0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,


247  0xa1a1a100,0x89898900,0x62626200,0x97979700,


248  0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,


249  0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,


250  0x10101000,0xc4c4c400,0x00000000,0x48484800,


251  0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,


252  0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,


253  0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,


254  0x87878700,0x5c5c5c00,0x83838300,0x02020200,


255  0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,


256  0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,


257  0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,


258  0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,


259  0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,


260  0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,


261  0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,


262  0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,


263  0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,


264  0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,


265  0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,


266  0x78787800,0x98989800,0x06060600,0x6a6a6a00,


267  0xe7e7e700,0x46464600,0x71717100,0xbababa00,


268  0xd4d4d400,0x25252500,0xababab00,0x42424200,


269  0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,


270  0x72727200,0x07070700,0xb9b9b900,0x55555500,


271  0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,


272  0x36363600,0x49494900,0x2a2a2a00,0x68686800,


273  0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,


274  0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,


275  0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,


276  0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,


277  0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,


278  };


279 


280  static const u32 camellia_sp0222[256] = {


281  0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,


282  0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,


283  0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,


284  0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,


285  0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,


286  0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,


287  0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,


288  0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,


289  0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,


290  0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,


291  0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,


292  0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,


293  0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,


294  0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,


295  0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,


296  0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,


297  0x00171717,0x001a1a1a,0x00353535,0x00cccccc,


298  0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,


299  0x00e8e8e8,0x00242424,0x00565656,0x00404040,


300  0x00e1e1e1,0x00636363,0x00090909,0x00333333,


301  0x00bfbfbf,0x00989898,0x00979797,0x00858585,


302  0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,


303  0x00dadada,0x006f6f6f,0x00535353,0x00626262,


304  0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,


305  0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,


306  0x00bdbdbd,0x00363636,0x00222222,0x00383838,


307  0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,


308  0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,


309  0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,


310  0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,


311  0x00484848,0x00101010,0x00d1d1d1,0x00515151,


312  0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,


313  0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,


314  0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,


315  0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,


316  0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,


317  0x00202020,0x00898989,0x00000000,0x00909090,


318  0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,


319  0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,


320  0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,


321  0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,


322  0x009b9b9b,0x00949494,0x00212121,0x00666666,


323  0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,


324  0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,


325  0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,


326  0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,


327  0x00030303,0x002d2d2d,0x00dedede,0x00969696,


328  0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,


329  0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,


330  0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,


331  0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,


332  0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,


333  0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,


334  0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,


335  0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,


336  0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,


337  0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,


338  0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,


339  0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,


340  0x00787878,0x00707070,0x00e3e3e3,0x00494949,


341  0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,


342  0x00777777,0x00939393,0x00868686,0x00838383,


343  0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,


344  0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,


345  };


346 


347  static const u32 camellia_sp3033[256] = {


348  0x38003838,0x41004141,0x16001616,0x76007676,


349  0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,


350  0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,


351  0x75007575,0x06000606,0x57005757,0xa000a0a0,


352  0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,


353  0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,


354  0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,


355  0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,


356  0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,


357  0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,


358  0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,


359  0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,


360  0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,


361  0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,


362  0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,


363  0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,


364  0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,


365  0xfd00fdfd,0x66006666,0x58005858,0x96009696,


366  0x3a003a3a,0x09000909,0x95009595,0x10001010,


367  0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,


368  0xef00efef,0x26002626,0xe500e5e5,0x61006161,


369  0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,


370  0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,


371  0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,


372  0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,


373  0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,


374  0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,


375  0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,


376  0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,


377  0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,


378  0x12001212,0x04000404,0x74007474,0x54005454,


379  0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,


380  0x55005555,0x68006868,0x50005050,0xbe00bebe,


381  0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,


382  0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,


383  0x70007070,0xff00ffff,0x32003232,0x69006969,


384  0x08000808,0x62006262,0x00000000,0x24002424,


385  0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,


386  0x45004545,0x81008181,0x73007373,0x6d006d6d,


387  0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,


388  0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,


389  0xe600e6e6,0x25002525,0x48004848,0x99009999,


390  0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,


391  0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,


392  0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,


393  0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,


394  0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,


395  0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,


396  0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,


397  0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,


398  0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,


399  0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,


400  0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,


401  0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,


402  0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,


403  0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,


404  0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,


405  0x7c007c7c,0x77007777,0x56005656,0x05000505,


406  0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,


407  0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,


408  0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,


409  0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,


410  0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,


411  0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,


412  };


413 


414  static const u32 camellia_sp4404[256] = {


415  0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,


416  0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,


417  0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,


418  0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,


419  0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,


420  0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,


421  0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,


422  0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,


423  0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,


424  0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,


425  0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,


426  0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,


427  0x14140014,0x3a3a003a,0xdede00de,0x11110011,


428  0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,


429  0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,


430  0x24240024,0xe8e800e8,0x60600060,0x69690069,


431  0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,


432  0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,


433  0x10100010,0x00000000,0xa3a300a3,0x75750075,


434  0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,


435  0x87870087,0x83830083,0xcdcd00cd,0x90900090,


436  0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,


437  0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,


438  0x81810081,0x6f6f006f,0x13130013,0x63630063,


439  0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,


440  0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,


441  0x78780078,0x06060006,0xe7e700e7,0x71710071,


442  0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,


443  0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,


444  0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,


445  0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,


446  0x15150015,0xadad00ad,0x77770077,0x80800080,


447  0x82820082,0xecec00ec,0x27270027,0xe5e500e5,


448  0x85850085,0x35350035,0x0c0c000c,0x41410041,


449  0xefef00ef,0x93930093,0x19190019,0x21210021,


450  0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,


451  0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,


452  0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,


453  0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,


454  0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,


455  0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,


456  0x12120012,0x20200020,0xb1b100b1,0x99990099,


457  0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,


458  0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,


459  0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,


460  0x0f0f000f,0x16160016,0x18180018,0x22220022,


461  0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,


462  0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,


463  0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,


464  0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,


465  0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,


466  0x03030003,0xdada00da,0x3f3f003f,0x94940094,


467  0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,


468  0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,


469  0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,


470  0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,


471  0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,


472  0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,


473  0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,


474  0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,


475  0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,


476  0x49490049,0x68680068,0x38380038,0xa4a400a4,


477  0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,


478  0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,


479  };


480 


481 


482  /**


483  * Stuff related to the Camellia key schedule


484  */


485  #define subl(x) subL[(x)]


486  #define subr(x) subR[(x)]


487 


488  static int camellia_setup128(const unsigned char *key, u32 *subkey)


489  {


490  u32 kll, klr, krl, krr;


491  u32 il, ir, t0, t1, w0, w1;


492  u32 kw4l, kw4r, dw, tl, tr;


493 


494  #ifdef WOLFSSL_SMALL_STACK


495  u32* subL;


496  u32* subR;


497 


498  subL = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);


499  if (subL == NULL)


500  return MEMORY_E;


501 


502  subR = (u32*) XMALLOC(sizeof(u32) * 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);


503  if (subR == NULL) {


504  XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);


505  return MEMORY_E;


506  }


507  #else


508  u32 subL[26];


509  u32 subR[26];


510  #endif


511 


512  /**


513  * k == kll  klr  krl  krr ( is concatination)


514  */


515  kll = GETU32(key );


516  klr = GETU32(key + 4);


517  krl = GETU32(key + 8);


518  krr = GETU32(key + 12);


519  /**


520  * generate KL dependent subkeys


521  */


522  subl(0) = kll; subr(0) = klr;


523  subl(1) = krl; subr(1) = krr;


524  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


525  subl(4) = kll; subr(4) = klr;


526  subl(5) = krl; subr(5) = krr;


527  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);


528  subl(10) = kll; subr(10) = klr;


529  subl(11) = krl; subr(11) = krr;


530  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


531  subl(13) = krl; subr(13) = krr;


532  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);


533  subl(16) = kll; subr(16) = klr;


534  subl(17) = krl; subr(17) = krr;


535  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);


536  subl(18) = kll; subr(18) = klr;


537  subl(19) = krl; subr(19) = krr;


538  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);


539  subl(22) = kll; subr(22) = klr;


540  subl(23) = krl; subr(23) = krr;


541 


542  /* generate KA */


543  kll = subl(0); klr = subr(0);


544  krl = subl(1); krr = subr(1);


545  CAMELLIA_F(kll, klr,


546  CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,


547  w0, w1, il, ir, t0, t1);


548  krl ^= w0; krr ^= w1;


549  CAMELLIA_F(krl, krr,


550  CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,


551  kll, klr, il, ir, t0, t1);


552  CAMELLIA_F(kll, klr,


553  CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,


554  krl, krr, il, ir, t0, t1);


555  krl ^= w0; krr ^= w1;


556  CAMELLIA_F(krl, krr,


557  CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,


558  w0, w1, il, ir, t0, t1);


559  kll ^= w0; klr ^= w1;


560 


561  /* generate KA dependent subkeys */


562  subl(2) = kll; subr(2) = klr;


563  subl(3) = krl; subr(3) = krr;


564  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


565  subl(6) = kll; subr(6) = klr;


566  subl(7) = krl; subr(7) = krr;


567  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


568  subl(8) = kll; subr(8) = klr;


569  subl(9) = krl; subr(9) = krr;


570  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


571  subl(12) = kll; subr(12) = klr;


572  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


573  subl(14) = kll; subr(14) = klr;


574  subl(15) = krl; subr(15) = krr;


575  CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);


576  subl(20) = kll; subr(20) = klr;


577  subl(21) = krl; subr(21) = krr;


578  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);


579  subl(24) = kll; subr(24) = klr;


580  subl(25) = krl; subr(25) = krr;


581 


582 


583  /* absorb kw2 to other subkeys */


584  subl(3) ^= subl(1); subr(3) ^= subr(1);


585  subl(5) ^= subl(1); subr(5) ^= subr(1);


586  subl(7) ^= subl(1); subr(7) ^= subr(1);


587  subl(1) ^= subr(1) & ~subr(9);


588  dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);


589  subl(11) ^= subl(1); subr(11) ^= subr(1);


590  subl(13) ^= subl(1); subr(13) ^= subr(1);


591  subl(15) ^= subl(1); subr(15) ^= subr(1);


592  subl(1) ^= subr(1) & ~subr(17);


593  dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);


594  subl(19) ^= subl(1); subr(19) ^= subr(1);


595  subl(21) ^= subl(1); subr(21) ^= subr(1);


596  subl(23) ^= subl(1); subr(23) ^= subr(1);


597  subl(24) ^= subl(1); subr(24) ^= subr(1);


598 


599  /* absorb kw4 to other subkeys */


600  kw4l = subl(25); kw4r = subr(25);


601  subl(22) ^= kw4l; subr(22) ^= kw4r;


602  subl(20) ^= kw4l; subr(20) ^= kw4r;


603  subl(18) ^= kw4l; subr(18) ^= kw4r;


604  kw4l ^= kw4r & ~subr(16);


605  dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);


606  subl(14) ^= kw4l; subr(14) ^= kw4r;


607  subl(12) ^= kw4l; subr(12) ^= kw4r;


608  subl(10) ^= kw4l; subr(10) ^= kw4r;


609  kw4l ^= kw4r & ~subr(8);


610  dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);


611  subl(6) ^= kw4l; subr(6) ^= kw4r;


612  subl(4) ^= kw4l; subr(4) ^= kw4r;


613  subl(2) ^= kw4l; subr(2) ^= kw4r;


614  subl(0) ^= kw4l; subr(0) ^= kw4r;


615 


616  /* key XOR is end of Ffunction */


617  CamelliaSubkeyL(0) = subl(0) ^ subl(2);


618  CamelliaSubkeyR(0) = subr(0) ^ subr(2);


619  CamelliaSubkeyL(2) = subl(3);


620  CamelliaSubkeyR(2) = subr(3);


621  CamelliaSubkeyL(3) = subl(2) ^ subl(4);


622  CamelliaSubkeyR(3) = subr(2) ^ subr(4);


623  CamelliaSubkeyL(4) = subl(3) ^ subl(5);


624  CamelliaSubkeyR(4) = subr(3) ^ subr(5);


625  CamelliaSubkeyL(5) = subl(4) ^ subl(6);


626  CamelliaSubkeyR(5) = subr(4) ^ subr(6);


627  CamelliaSubkeyL(6) = subl(5) ^ subl(7);


628  CamelliaSubkeyR(6) = subr(5) ^ subr(7);


629  tl = subl(10) ^ (subr(10) & ~subr(8));


630  dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);


631  CamelliaSubkeyL(7) = subl(6) ^ tl;


632  CamelliaSubkeyR(7) = subr(6) ^ tr;


633  CamelliaSubkeyL(8) = subl(8);


634  CamelliaSubkeyR(8) = subr(8);


635  CamelliaSubkeyL(9) = subl(9);


636  CamelliaSubkeyR(9) = subr(9);


637  tl = subl(7) ^ (subr(7) & ~subr(9));


638  dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);


639  CamelliaSubkeyL(10) = tl ^ subl(11);


640  CamelliaSubkeyR(10) = tr ^ subr(11);


641  CamelliaSubkeyL(11) = subl(10) ^ subl(12);


642  CamelliaSubkeyR(11) = subr(10) ^ subr(12);


643  CamelliaSubkeyL(12) = subl(11) ^ subl(13);


644  CamelliaSubkeyR(12) = subr(11) ^ subr(13);


645  CamelliaSubkeyL(13) = subl(12) ^ subl(14);


646  CamelliaSubkeyR(13) = subr(12) ^ subr(14);


647  CamelliaSubkeyL(14) = subl(13) ^ subl(15);


648  CamelliaSubkeyR(14) = subr(13) ^ subr(15);


649  tl = subl(18) ^ (subr(18) & ~subr(16));


650  dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);


651  CamelliaSubkeyL(15) = subl(14) ^ tl;


652  CamelliaSubkeyR(15) = subr(14) ^ tr;


653  CamelliaSubkeyL(16) = subl(16);


654  CamelliaSubkeyR(16) = subr(16);


655  CamelliaSubkeyL(17) = subl(17);


656  CamelliaSubkeyR(17) = subr(17);


657  tl = subl(15) ^ (subr(15) & ~subr(17));


658  dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);


659  CamelliaSubkeyL(18) = tl ^ subl(19);


660  CamelliaSubkeyR(18) = tr ^ subr(19);


661  CamelliaSubkeyL(19) = subl(18) ^ subl(20);


662  CamelliaSubkeyR(19) = subr(18) ^ subr(20);


663  CamelliaSubkeyL(20) = subl(19) ^ subl(21);


664  CamelliaSubkeyR(20) = subr(19) ^ subr(21);


665  CamelliaSubkeyL(21) = subl(20) ^ subl(22);


666  CamelliaSubkeyR(21) = subr(20) ^ subr(22);


667  CamelliaSubkeyL(22) = subl(21) ^ subl(23);


668  CamelliaSubkeyR(22) = subr(21) ^ subr(23);


669  CamelliaSubkeyL(23) = subl(22);


670  CamelliaSubkeyR(23) = subr(22);


671  CamelliaSubkeyL(24) = subl(24) ^ subl(23);


672  CamelliaSubkeyR(24) = subr(24) ^ subr(23);


673 


674  /* apply the inverse of the last half of Pfunction */


675  dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);


676  CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;


677  dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);


678  CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;


679  dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);


680  CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;


681  dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);


682  CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;


683  dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);


684  CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;


685  dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);


686  CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;


687  dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);


688  CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;


689  dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);


690  CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;


691  dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);


692  CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;


693  dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);


694  CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;


695  dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);


696  CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;


697  dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);


698  CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;


699  dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);


700  CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;


701  dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);


702  CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;


703  dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);


704  CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;


705  dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);


706  CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;


707  dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);


708  CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;


709  dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);


710  CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;


711 


712  #ifdef WOLFSSL_SMALL_STACK


713  XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);


714  XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);


715  #endif


716 


717  return 0;


718  }


719 


720  static int camellia_setup256(const unsigned char *key, u32 *subkey)


721  {


722  u32 kll,klr,krl,krr; /* left half of key */


723  u32 krll,krlr,krrl,krrr; /* right half of key */


724  u32 il, ir, t0, t1, w0, w1; /* temporary variables */


725  u32 kw4l, kw4r, dw, tl, tr;


726 


727  #ifdef WOLFSSL_SMALL_STACK


728  u32* subL;


729  u32* subR;


730 


731  subL = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);


732  if (subL == NULL)


733  return MEMORY_E;


734 


735  subR = (u32*) XMALLOC(sizeof(u32) * 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);


736  if (subR == NULL) {


737  XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);


738  return MEMORY_E;


739  }


740  #else


741  u32 subL[34];


742  u32 subR[34];


743  #endif


744 


745  /**


746  * key = (kll  klr  krl  krr  krll  krlr  krrl  krrr)


747  * ( is concatination)


748  */


749 


750  kll = GETU32(key );


751  klr = GETU32(key + 4);


752  krl = GETU32(key + 8);


753  krr = GETU32(key + 12);


754  krll = GETU32(key + 16);


755  krlr = GETU32(key + 20);


756  krrl = GETU32(key + 24);


757  krrr = GETU32(key + 28);


758 


759  /* generate KL dependent subkeys */


760  subl(0) = kll; subr(0) = klr;


761  subl(1) = krl; subr(1) = krr;


762  CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);


763  subl(12) = kll; subr(12) = klr;


764  subl(13) = krl; subr(13) = krr;


765  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


766  subl(16) = kll; subr(16) = klr;


767  subl(17) = krl; subr(17) = krr;


768  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);


769  subl(22) = kll; subr(22) = klr;


770  subl(23) = krl; subr(23) = krr;


771  CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);


772  subl(30) = kll; subr(30) = klr;


773  subl(31) = krl; subr(31) = krr;


774 


775  /* generate KR dependent subkeys */


776  CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);


777  subl(4) = krll; subr(4) = krlr;


778  subl(5) = krrl; subr(5) = krrr;


779  CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);


780  subl(8) = krll; subr(8) = krlr;


781  subl(9) = krrl; subr(9) = krrr;


782  CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);


783  subl(18) = krll; subr(18) = krlr;


784  subl(19) = krrl; subr(19) = krrr;


785  CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);


786  subl(26) = krll; subr(26) = krlr;


787  subl(27) = krrl; subr(27) = krrr;


788  CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);


789 


790  /* generate KA */


791  kll = subl(0) ^ krll; klr = subr(0) ^ krlr;


792  krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;


793  CAMELLIA_F(kll, klr,


794  CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,


795  w0, w1, il, ir, t0, t1);


796  krl ^= w0; krr ^= w1;


797  CAMELLIA_F(krl, krr,


798  CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,


799  kll, klr, il, ir, t0, t1);


800  kll ^= krll; klr ^= krlr;


801  CAMELLIA_F(kll, klr,


802  CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,


803  krl, krr, il, ir, t0, t1);


804  krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;


805  CAMELLIA_F(krl, krr,


806  CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,


807  w0, w1, il, ir, t0, t1);


808  kll ^= w0; klr ^= w1;


809 


810  /* generate KB */


811  krll ^= kll; krlr ^= klr;


812  krrl ^= krl; krrr ^= krr;


813  CAMELLIA_F(krll, krlr,


814  CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,


815  w0, w1, il, ir, t0, t1);


816  krrl ^= w0; krrr ^= w1;


817  CAMELLIA_F(krrl, krrr,


818  CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,


819  w0, w1, il, ir, t0, t1);


820  krll ^= w0; krlr ^= w1;


821 


822  /* generate KA dependent subkeys */


823  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);


824  subl(6) = kll; subr(6) = klr;


825  subl(7) = krl; subr(7) = krr;


826  CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);


827  subl(14) = kll; subr(14) = klr;


828  subl(15) = krl; subr(15) = krr;


829  subl(24) = klr; subr(24) = krl;


830  subl(25) = krr; subr(25) = kll;


831  CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);


832  subl(28) = kll; subr(28) = klr;


833  subl(29) = krl; subr(29) = krr;


834 


835  /* generate KB dependent subkeys */


836  subl(2) = krll; subr(2) = krlr;


837  subl(3) = krrl; subr(3) = krrr;


838  CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);


839  subl(10) = krll; subr(10) = krlr;


840  subl(11) = krrl; subr(11) = krrr;


841  CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);


842  subl(20) = krll; subr(20) = krlr;


843  subl(21) = krrl; subr(21) = krrr;


844  CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);


845  subl(32) = krll; subr(32) = krlr;


846  subl(33) = krrl; subr(33) = krrr;


847 


848  /* absorb kw2 to other subkeys */


849  subl(3) ^= subl(1); subr(3) ^= subr(1);


850  subl(5) ^= subl(1); subr(5) ^= subr(1);


851  subl(7) ^= subl(1); subr(7) ^= subr(1);


852  subl(1) ^= subr(1) & ~subr(9);


853  dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);


854  subl(11) ^= subl(1); subr(11) ^= subr(1);


855  subl(13) ^= subl(1); subr(13) ^= subr(1);


856  subl(15) ^= subl(1); subr(15) ^= subr(1);


857  subl(1) ^= subr(1) & ~subr(17);


858  dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);


859  subl(19) ^= subl(1); subr(19) ^= subr(1);


860  subl(21) ^= subl(1); subr(21) ^= subr(1);


861  subl(23) ^= subl(1); subr(23) ^= subr(1);


862  subl(1) ^= subr(1) & ~subr(25);


863  dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);


864  subl(27) ^= subl(1); subr(27) ^= subr(1);


865  subl(29) ^= subl(1); subr(29) ^= subr(1);


866  subl(31) ^= subl(1); subr(31) ^= subr(1);


867  subl(32) ^= subl(1); subr(32) ^= subr(1);


868 


869  /* absorb kw4 to other subkeys */


870  kw4l = subl(33); kw4r = subr(33);


871  subl(30) ^= kw4l; subr(30) ^= kw4r;


872  subl(28) ^= kw4l; subr(28) ^= kw4r;


873  subl(26) ^= kw4l; subr(26) ^= kw4r;


874  kw4l ^= kw4r & ~subr(24);


875  dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);


876  subl(22) ^= kw4l; subr(22) ^= kw4r;


877  subl(20) ^= kw4l; subr(20) ^= kw4r;


878  subl(18) ^= kw4l; subr(18) ^= kw4r;


879  kw4l ^= kw4r & ~subr(16);


880  dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);


881  subl(14) ^= kw4l; subr(14) ^= kw4r;


882  subl(12) ^= kw4l; subr(12) ^= kw4r;


883  subl(10) ^= kw4l; subr(10) ^= kw4r;


884  kw4l ^= kw4r & ~subr(8);


885  dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);


886  subl(6) ^= kw4l; subr(6) ^= kw4r;


887  subl(4) ^= kw4l; subr(4) ^= kw4r;


888  subl(2) ^= kw4l; subr(2) ^= kw4r;


889  subl(0) ^= kw4l; subr(0) ^= kw4r;


890 


891  /* key XOR is end of Ffunction */


892  CamelliaSubkeyL(0) = subl(0) ^ subl(2);


893  CamelliaSubkeyR(0) = subr(0) ^ subr(2);


894  CamelliaSubkeyL(2) = subl(3);


895  CamelliaSubkeyR(2) = subr(3);


896  CamelliaSubkeyL(3) = subl(2) ^ subl(4);


897  CamelliaSubkeyR(3) = subr(2) ^ subr(4);


898  CamelliaSubkeyL(4) = subl(3) ^ subl(5);


899  CamelliaSubkeyR(4) = subr(3) ^ subr(5);


900  CamelliaSubkeyL(5) = subl(4) ^ subl(6);


901  CamelliaSubkeyR(5) = subr(4) ^ subr(6);


902  CamelliaSubkeyL(6) = subl(5) ^ subl(7);


903  CamelliaSubkeyR(6) = subr(5) ^ subr(7);


904  tl = subl(10) ^ (subr(10) & ~subr(8));


905  dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);


906  CamelliaSubkeyL(7) = subl(6) ^ tl;


907  CamelliaSubkeyR(7) = subr(6) ^ tr;


908  CamelliaSubkeyL(8) = subl(8);


909  CamelliaSubkeyR(8) = subr(8);


910  CamelliaSubkeyL(9) = subl(9);


911  CamelliaSubkeyR(9) = subr(9);


912  tl = subl(7) ^ (subr(7) & ~subr(9));


913  dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);


914  CamelliaSubkeyL(10) = tl ^ subl(11);


915  CamelliaSubkeyR(10) = tr ^ subr(11);


916  CamelliaSubkeyL(11) = subl(10) ^ subl(12);


917  CamelliaSubkeyR(11) = subr(10) ^ subr(12);


918  CamelliaSubkeyL(12) = subl(11) ^ subl(13);


919  CamelliaSubkeyR(12) = subr(11) ^ subr(13);


920  CamelliaSubkeyL(13) = subl(12) ^ subl(14);


921  CamelliaSubkeyR(13) = subr(12) ^ subr(14);


922  CamelliaSubkeyL(14) = subl(13) ^ subl(15);


923  CamelliaSubkeyR(14) = subr(13) ^ subr(15);


924  tl = subl(18) ^ (subr(18) & ~subr(16));


925  dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);


926  CamelliaSubkeyL(15) = subl(14) ^ tl;


927  CamelliaSubkeyR(15) = subr(14) ^ tr;


928  CamelliaSubkeyL(16) = subl(16);


929  CamelliaSubkeyR(16) = subr(16);


930  CamelliaSubkeyL(17) = subl(17);


931  CamelliaSubkeyR(17) = subr(17);


932  tl = subl(15) ^ (subr(15) & ~subr(17));


933  dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);


934  CamelliaSubkeyL(18) = tl ^ subl(19);


935  CamelliaSubkeyR(18) = tr ^ subr(19);


936  CamelliaSubkeyL(19) = subl(18) ^ subl(20);


937  CamelliaSubkeyR(19) = subr(18) ^ subr(20);


938  CamelliaSubkeyL(20) = subl(19) ^ subl(21);


939  CamelliaSubkeyR(20) = subr(19) ^ subr(21);


940  CamelliaSubkeyL(21) = subl(20) ^ subl(22);


941  CamelliaSubkeyR(21) = subr(20) ^ subr(22);


942  CamelliaSubkeyL(22) = subl(21) ^ subl(23);


943  CamelliaSubkeyR(22) = subr(21) ^ subr(23);


944  tl = subl(26) ^ (subr(26) & ~subr(24));


945  dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);


946  CamelliaSubkeyL(23) = subl(22) ^ tl;


947  CamelliaSubkeyR(23) = subr(22) ^ tr;


948  CamelliaSubkeyL(24) = subl(24);


949  CamelliaSubkeyR(24) = subr(24);


950  CamelliaSubkeyL(25) = subl(25);


951  CamelliaSubkeyR(25) = subr(25);


952  tl = subl(23) ^ (subr(23) & ~subr(25));


953  dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);


954  CamelliaSubkeyL(26) = tl ^ subl(27);


955  CamelliaSubkeyR(26) = tr ^ subr(27);


956  CamelliaSubkeyL(27) = subl(26) ^ subl(28);


957  CamelliaSubkeyR(27) = subr(26) ^ subr(28);


958  CamelliaSubkeyL(28) = subl(27) ^ subl(29);


959  CamelliaSubkeyR(28) = subr(27) ^ subr(29);


960  CamelliaSubkeyL(29) = subl(28) ^ subl(30);


961  CamelliaSubkeyR(29) = subr(28) ^ subr(30);


962  CamelliaSubkeyL(30) = subl(29) ^ subl(31);


963  CamelliaSubkeyR(30) = subr(29) ^ subr(31);


964  CamelliaSubkeyL(31) = subl(30);


965  CamelliaSubkeyR(31) = subr(30);


966  CamelliaSubkeyL(32) = subl(32) ^ subl(31);


967  CamelliaSubkeyR(32) = subr(32) ^ subr(31);


968 


969  /* apply the inverse of the last half of Pfunction */


970  dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);


971  CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;


972  dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);


973  CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;


974  dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);


975  CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;


976  dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);


977  CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;


978  dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);


979  CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;


980  dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);


981  CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;


982  dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);


983  CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;


984  dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);


985  CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;


986  dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);


987  CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;


988  dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);


989  CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;


990  dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);


991  CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;


992  dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);


993  CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;


994  dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);


995  CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;


996  dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);


997  CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;


998  dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);


999  CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;


1000  dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);


1001  CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;


1002  dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);


1003  CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;


1004  dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);


1005  CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;


1006  dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);


1007  CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;


1008  dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);


1009  CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;


1010  dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);


1011  CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;


1012  dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);


1013  CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;


1014  dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);


1015  CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;


1016  dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);


1017  CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;


1018 


1019  #ifdef WOLFSSL_SMALL_STACK


1020  XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);


1021  XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);


1022  #endif


1023 


1024  return 0;


1025  }


1026 


1027  static int camellia_setup192(const unsigned char *key, u32 *subkey)


1028  {


1029  unsigned char kk[32];


1030  u32 krll, krlr, krrl,krrr;


1031 


1032  XMEMCPY(kk, key, 24);


1033  XMEMCPY((unsigned char *)&krll, key+16,4);


1034  XMEMCPY((unsigned char *)&krlr, key+20,4);


1035  krrl = ~krll;


1036  krrr = ~krlr;


1037  XMEMCPY(kk+24, (unsigned char *)&krrl, 4);


1038  XMEMCPY(kk+28, (unsigned char *)&krrr, 4);


1039 


1040  return camellia_setup256(kk, subkey);


1041  }


1042 


1043 


1044  /**


1045  * Stuff related to camellia encryption/decryption


1046  *


1047  * "io" must be 4byte aligned and bigendian data.


1048  */


1049  static void camellia_encrypt128(const u32 *subkey, u32 *io)


1050  {


1051  u32 il, ir, t0, t1;


1052 


1053  /* pre whitening but absorb kw2*/


1054  io[0] ^= CamelliaSubkeyL(0);


1055  io[1] ^= CamelliaSubkeyR(0);


1056  /* main iteration */


1057 


1058  CAMELLIA_ROUNDSM(io[0],io[1],


1059  CamelliaSubkeyL(2),CamelliaSubkeyR(2),


1060  io[2],io[3],il,ir,t0,t1);


1061  CAMELLIA_ROUNDSM(io[2],io[3],


1062  CamelliaSubkeyL(3),CamelliaSubkeyR(3),


1063  io[0],io[1],il,ir,t0,t1);


1064  CAMELLIA_ROUNDSM(io[0],io[1],


1065  CamelliaSubkeyL(4),CamelliaSubkeyR(4),


1066  io[2],io[3],il,ir,t0,t1);


1067  CAMELLIA_ROUNDSM(io[2],io[3],


1068  CamelliaSubkeyL(5),CamelliaSubkeyR(5),


1069  io[0],io[1],il,ir,t0,t1);


1070  CAMELLIA_ROUNDSM(io[0],io[1],


1071  CamelliaSubkeyL(6),CamelliaSubkeyR(6),


1072  io[2],io[3],il,ir,t0,t1);


1073  CAMELLIA_ROUNDSM(io[2],io[3],


1074  CamelliaSubkeyL(7),CamelliaSubkeyR(7),


1075  io[0],io[1],il,ir,t0,t1);


1076 


1077  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1078  CamelliaSubkeyL(8),CamelliaSubkeyR(8),


1079  CamelliaSubkeyL(9),CamelliaSubkeyR(9),


1080  t0,t1,il,ir);


1081 


1082  CAMELLIA_ROUNDSM(io[0],io[1],


1083  CamelliaSubkeyL(10),CamelliaSubkeyR(10),


1084  io[2],io[3],il,ir,t0,t1);


1085  CAMELLIA_ROUNDSM(io[2],io[3],


1086  CamelliaSubkeyL(11),CamelliaSubkeyR(11),


1087  io[0],io[1],il,ir,t0,t1);


1088  CAMELLIA_ROUNDSM(io[0],io[1],


1089  CamelliaSubkeyL(12),CamelliaSubkeyR(12),


1090  io[2],io[3],il,ir,t0,t1);


1091  CAMELLIA_ROUNDSM(io[2],io[3],


1092  CamelliaSubkeyL(13),CamelliaSubkeyR(13),


1093  io[0],io[1],il,ir,t0,t1);


1094  CAMELLIA_ROUNDSM(io[0],io[1],


1095  CamelliaSubkeyL(14),CamelliaSubkeyR(14),


1096  io[2],io[3],il,ir,t0,t1);


1097  CAMELLIA_ROUNDSM(io[2],io[3],


1098  CamelliaSubkeyL(15),CamelliaSubkeyR(15),


1099  io[0],io[1],il,ir,t0,t1);


1100 


1101  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1102  CamelliaSubkeyL(16),CamelliaSubkeyR(16),


1103  CamelliaSubkeyL(17),CamelliaSubkeyR(17),


1104  t0,t1,il,ir);


1105 


1106  CAMELLIA_ROUNDSM(io[0],io[1],


1107  CamelliaSubkeyL(18),CamelliaSubkeyR(18),


1108  io[2],io[3],il,ir,t0,t1);


1109  CAMELLIA_ROUNDSM(io[2],io[3],


1110  CamelliaSubkeyL(19),CamelliaSubkeyR(19),


1111  io[0],io[1],il,ir,t0,t1);


1112  CAMELLIA_ROUNDSM(io[0],io[1],


1113  CamelliaSubkeyL(20),CamelliaSubkeyR(20),


1114  io[2],io[3],il,ir,t0,t1);


1115  CAMELLIA_ROUNDSM(io[2],io[3],


1116  CamelliaSubkeyL(21),CamelliaSubkeyR(21),


1117  io[0],io[1],il,ir,t0,t1);


1118  CAMELLIA_ROUNDSM(io[0],io[1],


1119  CamelliaSubkeyL(22),CamelliaSubkeyR(22),


1120  io[2],io[3],il,ir,t0,t1);


1121  CAMELLIA_ROUNDSM(io[2],io[3],


1122  CamelliaSubkeyL(23),CamelliaSubkeyR(23),


1123  io[0],io[1],il,ir,t0,t1);


1124 


1125  /* post whitening but kw4 */


1126  io[2] ^= CamelliaSubkeyL(24);


1127  io[3] ^= CamelliaSubkeyR(24);


1128 


1129  t0 = io[0];


1130  t1 = io[1];


1131  io[0] = io[2];


1132  io[1] = io[3];


1133  io[2] = t0;


1134  io[3] = t1;


1135 


1136  return;


1137  }


1138 


1139  static void camellia_decrypt128(const u32 *subkey, u32 *io)


1140  {


1141  u32 il,ir,t0,t1; /* temporary valiables */


1142 


1143  /* pre whitening but absorb kw2*/


1144  io[0] ^= CamelliaSubkeyL(24);


1145  io[1] ^= CamelliaSubkeyR(24);


1146 


1147  /* main iteration */


1148  CAMELLIA_ROUNDSM(io[0],io[1],


1149  CamelliaSubkeyL(23),CamelliaSubkeyR(23),


1150  io[2],io[3],il,ir,t0,t1);


1151  CAMELLIA_ROUNDSM(io[2],io[3],


1152  CamelliaSubkeyL(22),CamelliaSubkeyR(22),


1153  io[0],io[1],il,ir,t0,t1);


1154  CAMELLIA_ROUNDSM(io[0],io[1],


1155  CamelliaSubkeyL(21),CamelliaSubkeyR(21),


1156  io[2],io[3],il,ir,t0,t1);


1157  CAMELLIA_ROUNDSM(io[2],io[3],


1158  CamelliaSubkeyL(20),CamelliaSubkeyR(20),


1159  io[0],io[1],il,ir,t0,t1);


1160  CAMELLIA_ROUNDSM(io[0],io[1],


1161  CamelliaSubkeyL(19),CamelliaSubkeyR(19),


1162  io[2],io[3],il,ir,t0,t1);


1163  CAMELLIA_ROUNDSM(io[2],io[3],


1164  CamelliaSubkeyL(18),CamelliaSubkeyR(18),


1165  io[0],io[1],il,ir,t0,t1);


1166 


1167  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1168  CamelliaSubkeyL(17),CamelliaSubkeyR(17),


1169  CamelliaSubkeyL(16),CamelliaSubkeyR(16),


1170  t0,t1,il,ir);


1171 


1172  CAMELLIA_ROUNDSM(io[0],io[1],


1173  CamelliaSubkeyL(15),CamelliaSubkeyR(15),


1174  io[2],io[3],il,ir,t0,t1);


1175  CAMELLIA_ROUNDSM(io[2],io[3],


1176  CamelliaSubkeyL(14),CamelliaSubkeyR(14),


1177  io[0],io[1],il,ir,t0,t1);


1178  CAMELLIA_ROUNDSM(io[0],io[1],


1179  CamelliaSubkeyL(13),CamelliaSubkeyR(13),


1180  io[2],io[3],il,ir,t0,t1);


1181  CAMELLIA_ROUNDSM(io[2],io[3],


1182  CamelliaSubkeyL(12),CamelliaSubkeyR(12),


1183  io[0],io[1],il,ir,t0,t1);


1184  CAMELLIA_ROUNDSM(io[0],io[1],


1185  CamelliaSubkeyL(11),CamelliaSubkeyR(11),


1186  io[2],io[3],il,ir,t0,t1);


1187  CAMELLIA_ROUNDSM(io[2],io[3],


1188  CamelliaSubkeyL(10),CamelliaSubkeyR(10),


1189  io[0],io[1],il,ir,t0,t1);


1190 


1191  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1192  CamelliaSubkeyL(9),CamelliaSubkeyR(9),


1193  CamelliaSubkeyL(8),CamelliaSubkeyR(8),


1194  t0,t1,il,ir);


1195 


1196  CAMELLIA_ROUNDSM(io[0],io[1],


1197  CamelliaSubkeyL(7),CamelliaSubkeyR(7),


1198  io[2],io[3],il,ir,t0,t1);


1199  CAMELLIA_ROUNDSM(io[2],io[3],


1200  CamelliaSubkeyL(6),CamelliaSubkeyR(6),


1201  io[0],io[1],il,ir,t0,t1);


1202  CAMELLIA_ROUNDSM(io[0],io[1],


1203  CamelliaSubkeyL(5),CamelliaSubkeyR(5),


1204  io[2],io[3],il,ir,t0,t1);


1205  CAMELLIA_ROUNDSM(io[2],io[3],


1206  CamelliaSubkeyL(4),CamelliaSubkeyR(4),


1207  io[0],io[1],il,ir,t0,t1);


1208  CAMELLIA_ROUNDSM(io[0],io[1],


1209  CamelliaSubkeyL(3),CamelliaSubkeyR(3),


1210  io[2],io[3],il,ir,t0,t1);


1211  CAMELLIA_ROUNDSM(io[2],io[3],


1212  CamelliaSubkeyL(2),CamelliaSubkeyR(2),


1213  io[0],io[1],il,ir,t0,t1);


1214 


1215  /* post whitening but kw4 */


1216  io[2] ^= CamelliaSubkeyL(0);


1217  io[3] ^= CamelliaSubkeyR(0);


1218 


1219  t0 = io[0];


1220  t1 = io[1];


1221  io[0] = io[2];


1222  io[1] = io[3];


1223  io[2] = t0;


1224  io[3] = t1;


1225 


1226  return;


1227  }


1228 


1229  /**


1230  * stuff for 192 and 256bit encryption/decryption


1231  */


1232  static void camellia_encrypt256(const u32 *subkey, u32 *io)


1233  {


1234  u32 il,ir,t0,t1; /* temporary valiables */


1235 


1236  /* pre whitening but absorb kw2*/


1237  io[0] ^= CamelliaSubkeyL(0);


1238  io[1] ^= CamelliaSubkeyR(0);


1239 


1240  /* main iteration */


1241  CAMELLIA_ROUNDSM(io[0],io[1],


1242  CamelliaSubkeyL(2),CamelliaSubkeyR(2),


1243  io[2],io[3],il,ir,t0,t1);


1244  CAMELLIA_ROUNDSM(io[2],io[3],


1245  CamelliaSubkeyL(3),CamelliaSubkeyR(3),


1246  io[0],io[1],il,ir,t0,t1);


1247  CAMELLIA_ROUNDSM(io[0],io[1],


1248  CamelliaSubkeyL(4),CamelliaSubkeyR(4),


1249  io[2],io[3],il,ir,t0,t1);


1250  CAMELLIA_ROUNDSM(io[2],io[3],


1251  CamelliaSubkeyL(5),CamelliaSubkeyR(5),


1252  io[0],io[1],il,ir,t0,t1);


1253  CAMELLIA_ROUNDSM(io[0],io[1],


1254  CamelliaSubkeyL(6),CamelliaSubkeyR(6),


1255  io[2],io[3],il,ir,t0,t1);


1256  CAMELLIA_ROUNDSM(io[2],io[3],


1257  CamelliaSubkeyL(7),CamelliaSubkeyR(7),


1258  io[0],io[1],il,ir,t0,t1);


1259 


1260  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1261  CamelliaSubkeyL(8),CamelliaSubkeyR(8),


1262  CamelliaSubkeyL(9),CamelliaSubkeyR(9),


1263  t0,t1,il,ir);


1264 


1265  CAMELLIA_ROUNDSM(io[0],io[1],


1266  CamelliaSubkeyL(10),CamelliaSubkeyR(10),


1267  io[2],io[3],il,ir,t0,t1);


1268  CAMELLIA_ROUNDSM(io[2],io[3],


1269  CamelliaSubkeyL(11),CamelliaSubkeyR(11),


1270  io[0],io[1],il,ir,t0,t1);


1271  CAMELLIA_ROUNDSM(io[0],io[1],


1272  CamelliaSubkeyL(12),CamelliaSubkeyR(12),


1273  io[2],io[3],il,ir,t0,t1);


1274  CAMELLIA_ROUNDSM(io[2],io[3],


1275  CamelliaSubkeyL(13),CamelliaSubkeyR(13),


1276  io[0],io[1],il,ir,t0,t1);


1277  CAMELLIA_ROUNDSM(io[0],io[1],


1278  CamelliaSubkeyL(14),CamelliaSubkeyR(14),


1279  io[2],io[3],il,ir,t0,t1);


1280  CAMELLIA_ROUNDSM(io[2],io[3],


1281  CamelliaSubkeyL(15),CamelliaSubkeyR(15),


1282  io[0],io[1],il,ir,t0,t1);


1283 


1284  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1285  CamelliaSubkeyL(16),CamelliaSubkeyR(16),


1286  CamelliaSubkeyL(17),CamelliaSubkeyR(17),


1287  t0,t1,il,ir);


1288 


1289  CAMELLIA_ROUNDSM(io[0],io[1],


1290  CamelliaSubkeyL(18),CamelliaSubkeyR(18),


1291  io[2],io[3],il,ir,t0,t1);


1292  CAMELLIA_ROUNDSM(io[2],io[3],


1293  CamelliaSubkeyL(19),CamelliaSubkeyR(19),


1294  io[0],io[1],il,ir,t0,t1);


1295  CAMELLIA_ROUNDSM(io[0],io[1],


1296  CamelliaSubkeyL(20),CamelliaSubkeyR(20),


1297  io[2],io[3],il,ir,t0,t1);


1298  CAMELLIA_ROUNDSM(io[2],io[3],


1299  CamelliaSubkeyL(21),CamelliaSubkeyR(21),


1300  io[0],io[1],il,ir,t0,t1);


1301  CAMELLIA_ROUNDSM(io[0],io[1],


1302  CamelliaSubkeyL(22),CamelliaSubkeyR(22),


1303  io[2],io[3],il,ir,t0,t1);


1304  CAMELLIA_ROUNDSM(io[2],io[3],


1305  CamelliaSubkeyL(23),CamelliaSubkeyR(23),


1306  io[0],io[1],il,ir,t0,t1);


1307 


1308  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1309  CamelliaSubkeyL(24),CamelliaSubkeyR(24),


1310  CamelliaSubkeyL(25),CamelliaSubkeyR(25),


1311  t0,t1,il,ir);


1312 


1313  CAMELLIA_ROUNDSM(io[0],io[1],


1314  CamelliaSubkeyL(26),CamelliaSubkeyR(26),


1315  io[2],io[3],il,ir,t0,t1);


1316  CAMELLIA_ROUNDSM(io[2],io[3],


1317  CamelliaSubkeyL(27),CamelliaSubkeyR(27),


1318  io[0],io[1],il,ir,t0,t1);


1319  CAMELLIA_ROUNDSM(io[0],io[1],


1320  CamelliaSubkeyL(28),CamelliaSubkeyR(28),


1321  io[2],io[3],il,ir,t0,t1);


1322  CAMELLIA_ROUNDSM(io[2],io[3],


1323  CamelliaSubkeyL(29),CamelliaSubkeyR(29),


1324  io[0],io[1],il,ir,t0,t1);


1325  CAMELLIA_ROUNDSM(io[0],io[1],


1326  CamelliaSubkeyL(30),CamelliaSubkeyR(30),


1327  io[2],io[3],il,ir,t0,t1);


1328  CAMELLIA_ROUNDSM(io[2],io[3],


1329  CamelliaSubkeyL(31),CamelliaSubkeyR(31),


1330  io[0],io[1],il,ir,t0,t1);


1331 


1332  /* post whitening but kw4 */


1333  io[2] ^= CamelliaSubkeyL(32);


1334  io[3] ^= CamelliaSubkeyR(32);


1335 


1336  t0 = io[0];


1337  t1 = io[1];


1338  io[0] = io[2];


1339  io[1] = io[3];


1340  io[2] = t0;


1341  io[3] = t1;


1342 


1343  return;


1344  }


1345 


1346  static void camellia_decrypt256(const u32 *subkey, u32 *io)


1347  {


1348  u32 il,ir,t0,t1; /* temporary valiables */


1349 


1350  /* pre whitening but absorb kw2*/


1351  io[0] ^= CamelliaSubkeyL(32);


1352  io[1] ^= CamelliaSubkeyR(32);


1353 


1354  /* main iteration */


1355  CAMELLIA_ROUNDSM(io[0],io[1],


1356  CamelliaSubkeyL(31),CamelliaSubkeyR(31),


1357  io[2],io[3],il,ir,t0,t1);


1358  CAMELLIA_ROUNDSM(io[2],io[3],


1359  CamelliaSubkeyL(30),CamelliaSubkeyR(30),


1360  io[0],io[1],il,ir,t0,t1);


1361  CAMELLIA_ROUNDSM(io[0],io[1],


1362  CamelliaSubkeyL(29),CamelliaSubkeyR(29),


1363  io[2],io[3],il,ir,t0,t1);


1364  CAMELLIA_ROUNDSM(io[2],io[3],


1365  CamelliaSubkeyL(28),CamelliaSubkeyR(28),


1366  io[0],io[1],il,ir,t0,t1);


1367  CAMELLIA_ROUNDSM(io[0],io[1],


1368  CamelliaSubkeyL(27),CamelliaSubkeyR(27),


1369  io[2],io[3],il,ir,t0,t1);


1370  CAMELLIA_ROUNDSM(io[2],io[3],


1371  CamelliaSubkeyL(26),CamelliaSubkeyR(26),


1372  io[0],io[1],il,ir,t0,t1);


1373 


1374  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1375  CamelliaSubkeyL(25),CamelliaSubkeyR(25),


1376  CamelliaSubkeyL(24),CamelliaSubkeyR(24),


1377  t0,t1,il,ir);


1378 


1379  CAMELLIA_ROUNDSM(io[0],io[1],


1380  CamelliaSubkeyL(23),CamelliaSubkeyR(23),


1381  io[2],io[3],il,ir,t0,t1);


1382  CAMELLIA_ROUNDSM(io[2],io[3],


1383  CamelliaSubkeyL(22),CamelliaSubkeyR(22),


1384  io[0],io[1],il,ir,t0,t1);


1385  CAMELLIA_ROUNDSM(io[0],io[1],


1386  CamelliaSubkeyL(21),CamelliaSubkeyR(21),


1387  io[2],io[3],il,ir,t0,t1);


1388  CAMELLIA_ROUNDSM(io[2],io[3],


1389  CamelliaSubkeyL(20),CamelliaSubkeyR(20),


1390  io[0],io[1],il,ir,t0,t1);


1391  CAMELLIA_ROUNDSM(io[0],io[1],


1392  CamelliaSubkeyL(19),CamelliaSubkeyR(19),


1393  io[2],io[3],il,ir,t0,t1);


1394  CAMELLIA_ROUNDSM(io[2],io[3],


1395  CamelliaSubkeyL(18),CamelliaSubkeyR(18),


1396  io[0],io[1],il,ir,t0,t1);


1397 


1398  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1399  CamelliaSubkeyL(17),CamelliaSubkeyR(17),


1400  CamelliaSubkeyL(16),CamelliaSubkeyR(16),


1401  t0,t1,il,ir);


1402 


1403  CAMELLIA_ROUNDSM(io[0],io[1],


1404  CamelliaSubkeyL(15),CamelliaSubkeyR(15),


1405  io[2],io[3],il,ir,t0,t1);


1406  CAMELLIA_ROUNDSM(io[2],io[3],


1407  CamelliaSubkeyL(14),CamelliaSubkeyR(14),


1408  io[0],io[1],il,ir,t0,t1);


1409  CAMELLIA_ROUNDSM(io[0],io[1],


1410  CamelliaSubkeyL(13),CamelliaSubkeyR(13),


1411  io[2],io[3],il,ir,t0,t1);


1412  CAMELLIA_ROUNDSM(io[2],io[3],


1413  CamelliaSubkeyL(12),CamelliaSubkeyR(12),


1414  io[0],io[1],il,ir,t0,t1);


1415  CAMELLIA_ROUNDSM(io[0],io[1],


1416  CamelliaSubkeyL(11),CamelliaSubkeyR(11),


1417  io[2],io[3],il,ir,t0,t1);


1418  CAMELLIA_ROUNDSM(io[2],io[3],


1419  CamelliaSubkeyL(10),CamelliaSubkeyR(10),


1420  io[0],io[1],il,ir,t0,t1);


1421 


1422  CAMELLIA_FLS(io[0],io[1],io[2],io[3],


1423  CamelliaSubkeyL(9),CamelliaSubkeyR(9),


1424  CamelliaSubkeyL(8),CamelliaSubkeyR(8),


1425  t0,t1,il,ir);


1426 


1427  CAMELLIA_ROUNDSM(io[0],io[1],


1428  CamelliaSubkeyL(7),CamelliaSubkeyR(7),


1429  io[2],io[3],il,ir,t0,t1);


1430  CAMELLIA_ROUNDSM(io[2],io[3],


1431  CamelliaSubkeyL(6),CamelliaSubkeyR(6),


1432  io[0],io[1],il,ir,t0,t1);


1433  CAMELLIA_ROUNDSM(io[0],io[1],


1434  CamelliaSubkeyL(5),CamelliaSubkeyR(5),


1435  io[2],io[3],il,ir,t0,t1);


1436  CAMELLIA_ROUNDSM(io[2],io[3],


1437  CamelliaSubkeyL(4),CamelliaSubkeyR(4),


1438  io[0],io[1],il,ir,t0,t1);


1439  CAMELLIA_ROUNDSM(io[0],io[1],


1440  CamelliaSubkeyL(3),CamelliaSubkeyR(3),


1441  io[2],io[3],il,ir,t0,t1);


1442  CAMELLIA_ROUNDSM(io[2],io[3],


1443  CamelliaSubkeyL(2),CamelliaSubkeyR(2),


1444  io[0],io[1],il,ir,t0,t1);


1445 


1446  /* post whitening but kw4 */


1447  io[2] ^= CamelliaSubkeyL(0);


1448  io[3] ^= CamelliaSubkeyR(0);


1449 


1450  t0 = io[0];


1451  t1 = io[1];


1452  io[0] = io[2];


1453  io[1] = io[3];


1454  io[2] = t0;


1455  io[3] = t1;


1456 


1457  return;


1458  }


1459 


1460  /***


1461  *


1462  * API for compatibility


1463  */


1464 


1465  static void Camellia_EncryptBlock(const int keyBitLength,


1466  const unsigned char *plaintext,


1467  const KEY_TABLE_TYPE keyTable,


1468  unsigned char *ciphertext)


1469  {


1470  u32 tmp[4];


1471 


1472  tmp[0] = GETU32(plaintext);


1473  tmp[1] = GETU32(plaintext + 4);


1474  tmp[2] = GETU32(plaintext + 8);


1475  tmp[3] = GETU32(plaintext + 12);


1476 


1477  switch (keyBitLength) {


1478  case 128:


1479  camellia_encrypt128(keyTable, tmp);


1480  break;


1481  case 192:


1482  /* fall through */


1483  case 256:


1484  camellia_encrypt256(keyTable, tmp);


1485  break;


1486  default:


1487  break;


1488  }


1489 


1490  PUTU32(ciphertext, tmp[0]);


1491  PUTU32(ciphertext + 4, tmp[1]);


1492  PUTU32(ciphertext + 8, tmp[2]);


1493  PUTU32(ciphertext + 12, tmp[3]);


1494  }


1495 


1496  static void Camellia_DecryptBlock(const int keyBitLength,


1497  const unsigned char *ciphertext,


1498  const KEY_TABLE_TYPE keyTable,


1499  unsigned char *plaintext)


1500  {


1501  u32 tmp[4];


1502 


1503  tmp[0] = GETU32(ciphertext);


1504  tmp[1] = GETU32(ciphertext + 4);


1505  tmp[2] = GETU32(ciphertext + 8);


1506  tmp[3] = GETU32(ciphertext + 12);


1507 


1508  switch (keyBitLength) {


1509  case 128:


1510  camellia_decrypt128(keyTable, tmp);


1511  break;


1512  case 192:


1513  /* fall through */


1514  case 256:


1515  camellia_decrypt256(keyTable, tmp);


1516  break;


1517  default:


1518  break;


1519  }


1520  PUTU32(plaintext, tmp[0]);


1521  PUTU32(plaintext + 4, tmp[1]);


1522  PUTU32(plaintext + 8, tmp[2]);


1523  PUTU32(plaintext + 12, tmp[3]);


1524  }


1525 


1526 


1527 


1528  /* wolfCrypt wrappers to the Camellia code */


1529 


1530  int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)


1531  {


1532  int ret = 0;


1533 


1534  if (cam == NULL) return BAD_FUNC_ARG;


1535 


1536  XMEMSET(cam>key, 0, sizeof(KEY_TABLE_TYPE));


1537 


1538  switch (len) {


1539  case 16:


1540  ret = camellia_setup128(key, cam>key);


1541  break;


1542  case 24:


1543  ret = camellia_setup192(key, cam>key);


1544  break;


1545  case 32:


1546  ret = camellia_setup256(key, cam>key);


1547  break;


1548  default:


1549  return BAD_FUNC_ARG;


1550  }


1551 


1552  if (ret != 0)


1553  return ret;


1554 


1555  cam>keySz = len * 8;


1556 


1557  return wc_CamelliaSetIV(cam, iv);


1558  }


1559 


1560 


1561  int wc_CamelliaSetIV(Camellia* cam, const byte* iv)


1562  {


1563  if (cam == NULL)


1564  return BAD_FUNC_ARG;


1565 


1566  if (iv)


1567  XMEMCPY(cam>reg, iv, CAMELLIA_BLOCK_SIZE);


1568  else


1569  XMEMSET(cam>reg, 0, CAMELLIA_BLOCK_SIZE);


1570 


1571  return 0;


1572  }


1573 


1574 


1575  void wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)


1576  {


1577  Camellia_EncryptBlock(cam>keySz, in, cam>key, out);


1578  }


1579 


1580 


1581  void wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)


1582  {


1583  Camellia_DecryptBlock(cam>keySz, in, cam>key, out);


1584  }


1585 


1586 


1587  void wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)


1588  {


1589  word32 blocks = sz / CAMELLIA_BLOCK_SIZE;


1590 


1591  while (blocks) {


1592  xorbuf((byte*)cam>reg, in, CAMELLIA_BLOCK_SIZE);


1593  Camellia_EncryptBlock(cam>keySz, (byte*)cam>reg,


1594  cam>key, (byte*)cam>reg);


1595  XMEMCPY(out, cam>reg, CAMELLIA_BLOCK_SIZE);


1596 


1597  out += CAMELLIA_BLOCK_SIZE;


1598  in += CAMELLIA_BLOCK_SIZE;


1599  }


1600  }


1601 


1602 


1603  void wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)


1604  {


1605  word32 blocks = sz / CAMELLIA_BLOCK_SIZE;


1606 


1607  while (blocks) {


1608  XMEMCPY(cam>tmp, in, CAMELLIA_BLOCK_SIZE);


1609  Camellia_DecryptBlock(cam>keySz, (byte*)cam>tmp, cam>key, out);


1610  xorbuf(out, (byte*)cam>reg, CAMELLIA_BLOCK_SIZE);


1611  XMEMCPY(cam>reg, cam>tmp, CAMELLIA_BLOCK_SIZE);


1612 


1613  out += CAMELLIA_BLOCK_SIZE;


1614  in += CAMELLIA_BLOCK_SIZE;


1615  }


1616  }


1617 


1618 


1619  #endif /* HAVE_CAMELLIA */


1620 

