Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfcrypt/src/camellia.c@ 352

Last change on this file since 352 was 352, checked in by coas-nagasima, 6 years ago
arm向けASP3版ECNLを追加
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc;charset=UTF-8`
File size: 58.6 KB

Line
1	/* camellia.c ver 1.2.0
2	*
3	* Copyright (c) 2006,2007
4	* NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	* 1. Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer as
11	* the first lines of this file unmodified.
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19	* IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	*/
27
28	/* camellia.c
29	*
30	* Copyright (C) 2006-2017 wolfSSL Inc.
31	*
32	* This file is part of wolfSSL.
33	*
34	* wolfSSL is free software; you can redistribute it and/or modify
35	* it under the terms of the GNU General Public License as published by
36	* the Free Software Foundation; either version 2 of the License, or
37	* (at your option) any later version.
38	*
39	* wolfSSL is distributed in the hope that it will be useful,
40	* but WITHOUT ANY WARRANTY; without even the implied warranty of
41	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
42	* GNU General Public License for more details.
43	*
44	* You should have received a copy of the GNU General Public License
45	* along with this program; if not, write to the Free Software
46	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
47	*/
48
49
50	/*
51	* Algorithm Specification
52	* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
53	*/
54
55
56	#ifdef HAVE_CONFIG_H
57	#include <config.h>
58	#endif
59
60	#include <wolfssl/wolfcrypt/settings.h>
61
62	#ifdef HAVE_CAMELLIA
63
64	#include <wolfssl/wolfcrypt/camellia.h>
65	#include <wolfssl/wolfcrypt/error-crypt.h>
66	#include <wolfssl/wolfcrypt/logging.h>
67	#ifdef NO_INLINE
68	#include <wolfssl/wolfcrypt/misc.h>
69	#else
70	#define WOLFSSL_MISC_INCLUDED
71	#include <wolfcrypt/src/misc.c>
72	#endif
73
74	/* u32 must be 32bit word */
75	typedef unsigned int u32;
76	typedef unsigned char u8;
77
78	/* key constants */
79
80	#define CAMELLIA_SIGMA1L ((u32)0xA09E667FL)
81	#define CAMELLIA_SIGMA1R ((u32)0x3BCC908BL)
82	#define CAMELLIA_SIGMA2L ((u32)0xB67AE858L)
83	#define CAMELLIA_SIGMA2R ((u32)0x4CAA73B2L)
84	#define CAMELLIA_SIGMA3L ((u32)0xC6EF372FL)
85	#define CAMELLIA_SIGMA3R ((u32)0xE94F82BEL)
86	#define CAMELLIA_SIGMA4L ((u32)0x54FF53A5L)
87	#define CAMELLIA_SIGMA4R ((u32)0xF1D36F1CL)
88	#define CAMELLIA_SIGMA5L ((u32)0x10E527FAL)
89	#define CAMELLIA_SIGMA5R ((u32)0xDE682D1DL)
90	#define CAMELLIA_SIGMA6L ((u32)0xB05688C2L)
91	#define CAMELLIA_SIGMA6R ((u32)0xB3E6C1FDL)
92
93	/*
94	* macros
95	*/
96
97
98	#if defined(_MSC_VER)
99
100	# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff \| _lrotr(x, 8) & 0xff00ff00)
101	# define GETU32(p) SWAP(((u32 )(p)))
102	# define PUTU32(ct, st) {((u32 )(ct)) = SWAP((st));}
103
104	#else /* not MS-VC */
105
106	# define GETU32(pt) \
107	(((u32)(pt)[0] << 24) \
108	^ ((u32)(pt)[1] << 16) \
109	^ ((u32)(pt)[2] << 8) \
110	^ ((u32)(pt)[3]))
111
112	# define PUTU32(ct, st) { \
113	(ct)[0] = (u8)((st) >> 24); \
114	(ct)[1] = (u8)((st) >> 16); \
115	(ct)[2] = (u8)((st) >> 8); \
116	(ct)[3] = (u8)(st); }
117
118	#endif
119
120	#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
121	#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
122
123	/* rotation right shift 1byte */
124	#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
125	/* rotation left shift 1bit */
126	#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
127	/* rotation left shift 1byte */
128	#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
129
130	#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
131	do { \
132	w0 = ll; \
133	ll = (ll << bits) + (lr >> (32 - bits)); \
134	lr = (lr << bits) + (rl >> (32 - bits)); \
135	rl = (rl << bits) + (rr >> (32 - bits)); \
136	rr = (rr << bits) + (w0 >> (32 - bits)); \
137	} while(0)
138
139	#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
140	do { \
141	w0 = ll; \
142	w1 = lr; \
143	ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
144	lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
145	rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
146	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
147	} while(0)
148
149	#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
150	#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
151	#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
152	#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
153
154	#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
155	do { \
156	il = xl ^ kl; \
157	ir = xr ^ kr; \
158	t0 = il >> 16; \
159	t1 = ir >> 16; \
160	yl = CAMELLIA_SP1110(ir & 0xff) \
161	^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
162	^ CAMELLIA_SP3033(t1 & 0xff) \
163	^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
164	yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
165	^ CAMELLIA_SP0222(t0 & 0xff) \
166	^ CAMELLIA_SP3033((il >> 8) & 0xff) \
167	^ CAMELLIA_SP4404(il & 0xff); \
168	yl ^= yr; \
169	yr = CAMELLIA_RR8(yr); \
170	yr ^= yl; \
171	} while(0)
172
173
174	/*
175	* for speed up
176	*
177	*/
178	#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
179	do { \
180	t0 = kll; \
181	t0 &= ll; \
182	lr ^= CAMELLIA_RL1(t0); \
183	t1 = klr; \
184	t1 \|= lr; \
185	ll ^= t1; \
186	\
187	t2 = krr; \
188	t2 \|= rr; \
189	rl ^= t2; \
190	t3 = krl; \
191	t3 &= rl; \
192	rr ^= CAMELLIA_RL1(t3); \
193	} while(0)
194
195	#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
196	do { \
197	ir = CAMELLIA_SP1110(xr & 0xff) \
198	^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
199	^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
200	^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
201	il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
202	^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
203	^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
204	^ CAMELLIA_SP4404(xl & 0xff); \
205	il ^= kl; \
206	ir ^= kr; \
207	ir ^= il; \
208	il = CAMELLIA_RR8(il); \
209	il ^= ir; \
210	yl ^= ir; \
211	yr ^= il; \
212	} while(0)
213
214
215	static const u32 camellia_sp1110[256] = {
216	0x70707000,0x82828200,0x2c2c2c00,0xececec00,
217	0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
218	0xe4e4e400,0x85858500,0x57575700,0x35353500,
219	0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
220	0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
221	0x45454500,0x19191900,0xa5a5a500,0x21212100,
222	0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
223	0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
224	0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
225	0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
226	0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
227	0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
228	0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
229	0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
230	0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
231	0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
232	0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
233	0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
234	0x74747400,0x12121200,0x2b2b2b00,0x20202000,
235	0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
236	0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
237	0x34343400,0x7e7e7e00,0x76767600,0x05050500,
238	0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
239	0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
240	0x14141400,0x58585800,0x3a3a3a00,0x61616100,
241	0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
242	0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
243	0x53535300,0x18181800,0xf2f2f200,0x22222200,
244	0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
245	0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
246	0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
247	0x60606000,0xfcfcfc00,0x69696900,0x50505000,
248	0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
249	0xa1a1a100,0x89898900,0x62626200,0x97979700,
250	0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
251	0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
252	0x10101000,0xc4c4c400,0x00000000,0x48484800,
253	0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
254	0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
255	0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
256	0x87878700,0x5c5c5c00,0x83838300,0x02020200,
257	0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
258	0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
259	0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
260	0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
261	0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
262	0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
263	0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
264	0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
265	0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
266	0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
267	0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
268	0x78787800,0x98989800,0x06060600,0x6a6a6a00,
269	0xe7e7e700,0x46464600,0x71717100,0xbababa00,
270	0xd4d4d400,0x25252500,0xababab00,0x42424200,
271	0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
272	0x72727200,0x07070700,0xb9b9b900,0x55555500,
273	0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
274	0x36363600,0x49494900,0x2a2a2a00,0x68686800,
275	0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
276	0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
277	0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
278	0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
279	0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
280	};
281
282	static const u32 camellia_sp0222[256] = {
283	0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
284	0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
285	0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
286	0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
287	0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
288	0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
289	0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
290	0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
291	0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
292	0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
293	0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
294	0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
295	0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
296	0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
297	0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
298	0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
299	0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
300	0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
301	0x00e8e8e8,0x00242424,0x00565656,0x00404040,
302	0x00e1e1e1,0x00636363,0x00090909,0x00333333,
303	0x00bfbfbf,0x00989898,0x00979797,0x00858585,
304	0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
305	0x00dadada,0x006f6f6f,0x00535353,0x00626262,
306	0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
307	0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
308	0x00bdbdbd,0x00363636,0x00222222,0x00383838,
309	0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
310	0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
311	0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
312	0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
313	0x00484848,0x00101010,0x00d1d1d1,0x00515151,
314	0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
315	0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
316	0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
317	0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
318	0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
319	0x00202020,0x00898989,0x00000000,0x00909090,
320	0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
321	0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
322	0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
323	0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
324	0x009b9b9b,0x00949494,0x00212121,0x00666666,
325	0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
326	0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
327	0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
328	0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
329	0x00030303,0x002d2d2d,0x00dedede,0x00969696,
330	0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
331	0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
332	0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
333	0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
334	0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
335	0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
336	0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
337	0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
338	0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
339	0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
340	0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
341	0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
342	0x00787878,0x00707070,0x00e3e3e3,0x00494949,
343	0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
344	0x00777777,0x00939393,0x00868686,0x00838383,
345	0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
346	0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
347	};
348
349	static const u32 camellia_sp3033[256] = {
350	0x38003838,0x41004141,0x16001616,0x76007676,
351	0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
352	0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
353	0x75007575,0x06000606,0x57005757,0xa000a0a0,
354	0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
355	0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
356	0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
357	0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
358	0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
359	0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
360	0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
361	0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
362	0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
363	0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
364	0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
365	0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
366	0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
367	0xfd00fdfd,0x66006666,0x58005858,0x96009696,
368	0x3a003a3a,0x09000909,0x95009595,0x10001010,
369	0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
370	0xef00efef,0x26002626,0xe500e5e5,0x61006161,
371	0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
372	0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
373	0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
374	0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
375	0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
376	0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
377	0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
378	0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
379	0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
380	0x12001212,0x04000404,0x74007474,0x54005454,
381	0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
382	0x55005555,0x68006868,0x50005050,0xbe00bebe,
383	0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
384	0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
385	0x70007070,0xff00ffff,0x32003232,0x69006969,
386	0x08000808,0x62006262,0x00000000,0x24002424,
387	0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
388	0x45004545,0x81008181,0x73007373,0x6d006d6d,
389	0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
390	0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
391	0xe600e6e6,0x25002525,0x48004848,0x99009999,
392	0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
393	0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
394	0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
395	0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
396	0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
397	0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
398	0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
399	0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
400	0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
401	0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
402	0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
403	0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
404	0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
405	0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
406	0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
407	0x7c007c7c,0x77007777,0x56005656,0x05000505,
408	0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
409	0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
410	0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
411	0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
412	0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
413	0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
414	};
415
416	static const u32 camellia_sp4404[256] = {
417	0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
418	0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
419	0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
420	0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
421	0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
422	0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
423	0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
424	0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
425	0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
426	0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
427	0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
428	0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
429	0x14140014,0x3a3a003a,0xdede00de,0x11110011,
430	0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
431	0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
432	0x24240024,0xe8e800e8,0x60600060,0x69690069,
433	0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
434	0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
435	0x10100010,0x00000000,0xa3a300a3,0x75750075,
436	0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
437	0x87870087,0x83830083,0xcdcd00cd,0x90900090,
438	0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
439	0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
440	0x81810081,0x6f6f006f,0x13130013,0x63630063,
441	0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
442	0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
443	0x78780078,0x06060006,0xe7e700e7,0x71710071,
444	0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
445	0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
446	0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
447	0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
448	0x15150015,0xadad00ad,0x77770077,0x80800080,
449	0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
450	0x85850085,0x35350035,0x0c0c000c,0x41410041,
451	0xefef00ef,0x93930093,0x19190019,0x21210021,
452	0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
453	0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
454	0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
455	0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
456	0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
457	0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
458	0x12120012,0x20200020,0xb1b100b1,0x99990099,
459	0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
460	0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
461	0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
462	0x0f0f000f,0x16160016,0x18180018,0x22220022,
463	0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
464	0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
465	0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
466	0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
467	0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
468	0x03030003,0xdada00da,0x3f3f003f,0x94940094,
469	0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
470	0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
471	0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
472	0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
473	0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
474	0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
475	0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
476	0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
477	0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
478	0x49490049,0x68680068,0x38380038,0xa4a400a4,
479	0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
480	0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
481	};
482
483
484	/**
485	* Stuff related to the Camellia key schedule
486	*/
487	#define subl(x) subL[(x)]
488	#define subr(x) subR[(x)]
489
490	static int camellia_setup128(const unsigned char key, u32 subkey)
491	{
492	u32 kll, klr, krl, krr;
493	u32 il, ir, t0, t1, w0, w1;
494	u32 kw4l, kw4r, dw, tl, tr;
495
496	#ifdef WOLFSSL_SMALL_STACK
497	u32* subL;
498	u32* subR;
499
500	subL = (u32) XMALLOC(sizeof(u32) 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
501	if (subL == NULL)
502	return MEMORY_E;
503
504	subR = (u32) XMALLOC(sizeof(u32) 26, NULL, DYNAMIC_TYPE_TMP_BUFFER);
505	if (subR == NULL) {
506	XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
507	return MEMORY_E;
508	}
509	#else
510	u32 subL[26];
511	u32 subR[26];
512	#endif
513
514	/**
515	* k == kll \|\| klr \|\| krl \|\| krr (\|\| is concatenation)
516	*/
517	kll = GETU32(key );
518	klr = GETU32(key + 4);
519	krl = GETU32(key + 8);
520	krr = GETU32(key + 12);
521	/**
522	* generate KL dependent subkeys
523	*/
524	subl(0) = kll; subr(0) = klr;
525	subl(1) = krl; subr(1) = krr;
526	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
527	subl(4) = kll; subr(4) = klr;
528	subl(5) = krl; subr(5) = krr;
529	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
530	subl(10) = kll; subr(10) = klr;
531	subl(11) = krl; subr(11) = krr;
532	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
533	subl(13) = krl; subr(13) = krr;
534	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
535	subl(16) = kll; subr(16) = klr;
536	subl(17) = krl; subr(17) = krr;
537	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
538	subl(18) = kll; subr(18) = klr;
539	subl(19) = krl; subr(19) = krr;
540	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
541	subl(22) = kll; subr(22) = klr;
542	subl(23) = krl; subr(23) = krr;
543
544	/* generate KA */
545	kll = subl(0); klr = subr(0);
546	krl = subl(1); krr = subr(1);
547	CAMELLIA_F(kll, klr,
548	CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
549	w0, w1, il, ir, t0, t1);
550	krl ^= w0; krr ^= w1;
551	CAMELLIA_F(krl, krr,
552	CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
553	kll, klr, il, ir, t0, t1);
554	CAMELLIA_F(kll, klr,
555	CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
556	krl, krr, il, ir, t0, t1);
557	krl ^= w0; krr ^= w1;
558	CAMELLIA_F(krl, krr,
559	CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
560	w0, w1, il, ir, t0, t1);
561	kll ^= w0; klr ^= w1;
562
563	/* generate KA dependent subkeys */
564	subl(2) = kll; subr(2) = klr;
565	subl(3) = krl; subr(3) = krr;
566	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
567	subl(6) = kll; subr(6) = klr;
568	subl(7) = krl; subr(7) = krr;
569	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
570	subl(8) = kll; subr(8) = klr;
571	subl(9) = krl; subr(9) = krr;
572	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
573	subl(12) = kll; subr(12) = klr;
574	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
575	subl(14) = kll; subr(14) = klr;
576	subl(15) = krl; subr(15) = krr;
577	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
578	subl(20) = kll; subr(20) = klr;
579	subl(21) = krl; subr(21) = krr;
580	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
581	subl(24) = kll; subr(24) = klr;
582	subl(25) = krl; subr(25) = krr;
583
584
585	/* absorb kw2 to other subkeys */
586	subl(3) ^= subl(1); subr(3) ^= subr(1);
587	subl(5) ^= subl(1); subr(5) ^= subr(1);
588	subl(7) ^= subl(1); subr(7) ^= subr(1);
589	subl(1) ^= subr(1) & ~subr(9);
590	dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
591	subl(11) ^= subl(1); subr(11) ^= subr(1);
592	subl(13) ^= subl(1); subr(13) ^= subr(1);
593	subl(15) ^= subl(1); subr(15) ^= subr(1);
594	subl(1) ^= subr(1) & ~subr(17);
595	dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
596	subl(19) ^= subl(1); subr(19) ^= subr(1);
597	subl(21) ^= subl(1); subr(21) ^= subr(1);
598	subl(23) ^= subl(1); subr(23) ^= subr(1);
599	subl(24) ^= subl(1); subr(24) ^= subr(1);
600
601	/* absorb kw4 to other subkeys */
602	kw4l = subl(25); kw4r = subr(25);
603	subl(22) ^= kw4l; subr(22) ^= kw4r;
604	subl(20) ^= kw4l; subr(20) ^= kw4r;
605	subl(18) ^= kw4l; subr(18) ^= kw4r;
606	kw4l ^= kw4r & ~subr(16);
607	dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
608	subl(14) ^= kw4l; subr(14) ^= kw4r;
609	subl(12) ^= kw4l; subr(12) ^= kw4r;
610	subl(10) ^= kw4l; subr(10) ^= kw4r;
611	kw4l ^= kw4r & ~subr(8);
612	dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
613	subl(6) ^= kw4l; subr(6) ^= kw4r;
614	subl(4) ^= kw4l; subr(4) ^= kw4r;
615	subl(2) ^= kw4l; subr(2) ^= kw4r;
616	subl(0) ^= kw4l; subr(0) ^= kw4r;
617
618	/* key XOR is end of F-function */
619	CamelliaSubkeyL(0) = subl(0) ^ subl(2);
620	CamelliaSubkeyR(0) = subr(0) ^ subr(2);
621	CamelliaSubkeyL(2) = subl(3);
622	CamelliaSubkeyR(2) = subr(3);
623	CamelliaSubkeyL(3) = subl(2) ^ subl(4);
624	CamelliaSubkeyR(3) = subr(2) ^ subr(4);
625	CamelliaSubkeyL(4) = subl(3) ^ subl(5);
626	CamelliaSubkeyR(4) = subr(3) ^ subr(5);
627	CamelliaSubkeyL(5) = subl(4) ^ subl(6);
628	CamelliaSubkeyR(5) = subr(4) ^ subr(6);
629	CamelliaSubkeyL(6) = subl(5) ^ subl(7);
630	CamelliaSubkeyR(6) = subr(5) ^ subr(7);
631	tl = subl(10) ^ (subr(10) & ~subr(8));
632	dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
633	CamelliaSubkeyL(7) = subl(6) ^ tl;
634	CamelliaSubkeyR(7) = subr(6) ^ tr;
635	CamelliaSubkeyL(8) = subl(8);
636	CamelliaSubkeyR(8) = subr(8);
637	CamelliaSubkeyL(9) = subl(9);
638	CamelliaSubkeyR(9) = subr(9);
639	tl = subl(7) ^ (subr(7) & ~subr(9));
640	dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
641	CamelliaSubkeyL(10) = tl ^ subl(11);
642	CamelliaSubkeyR(10) = tr ^ subr(11);
643	CamelliaSubkeyL(11) = subl(10) ^ subl(12);
644	CamelliaSubkeyR(11) = subr(10) ^ subr(12);
645	CamelliaSubkeyL(12) = subl(11) ^ subl(13);
646	CamelliaSubkeyR(12) = subr(11) ^ subr(13);
647	CamelliaSubkeyL(13) = subl(12) ^ subl(14);
648	CamelliaSubkeyR(13) = subr(12) ^ subr(14);
649	CamelliaSubkeyL(14) = subl(13) ^ subl(15);
650	CamelliaSubkeyR(14) = subr(13) ^ subr(15);
651	tl = subl(18) ^ (subr(18) & ~subr(16));
652	dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
653	CamelliaSubkeyL(15) = subl(14) ^ tl;
654	CamelliaSubkeyR(15) = subr(14) ^ tr;
655	CamelliaSubkeyL(16) = subl(16);
656	CamelliaSubkeyR(16) = subr(16);
657	CamelliaSubkeyL(17) = subl(17);
658	CamelliaSubkeyR(17) = subr(17);
659	tl = subl(15) ^ (subr(15) & ~subr(17));
660	dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
661	CamelliaSubkeyL(18) = tl ^ subl(19);
662	CamelliaSubkeyR(18) = tr ^ subr(19);
663	CamelliaSubkeyL(19) = subl(18) ^ subl(20);
664	CamelliaSubkeyR(19) = subr(18) ^ subr(20);
665	CamelliaSubkeyL(20) = subl(19) ^ subl(21);
666	CamelliaSubkeyR(20) = subr(19) ^ subr(21);
667	CamelliaSubkeyL(21) = subl(20) ^ subl(22);
668	CamelliaSubkeyR(21) = subr(20) ^ subr(22);
669	CamelliaSubkeyL(22) = subl(21) ^ subl(23);
670	CamelliaSubkeyR(22) = subr(21) ^ subr(23);
671	CamelliaSubkeyL(23) = subl(22);
672	CamelliaSubkeyR(23) = subr(22);
673	CamelliaSubkeyL(24) = subl(24) ^ subl(23);
674	CamelliaSubkeyR(24) = subr(24) ^ subr(23);
675
676	/* apply the inverse of the last half of P-function */
677	dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
678	CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
679	dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
680	CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
681	dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
682	CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
683	dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
684	CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
685	dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
686	CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
687	dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
688	CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
689	dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
690	CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
691	dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
692	CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
693	dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
694	CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
695	dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
696	CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
697	dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
698	CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
699	dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
700	CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
701	dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
702	CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
703	dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
704	CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
705	dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
706	CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
707	dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
708	CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
709	dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
710	CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
711	dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
712	CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
713
714	#ifdef WOLFSSL_SMALL_STACK
715	XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
716	XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
717	#endif
718
719	return 0;
720	}
721
722	static int camellia_setup256(const unsigned char key, u32 subkey)
723	{
724	u32 kll,klr,krl,krr; /* left half of key */
725	u32 krll,krlr,krrl,krrr; /* right half of key */
726	u32 il, ir, t0, t1, w0, w1; /* temporary variables */
727	u32 kw4l, kw4r, dw, tl, tr;
728
729	#ifdef WOLFSSL_SMALL_STACK
730	u32* subL;
731	u32* subR;
732
733	subL = (u32) XMALLOC(sizeof(u32) 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
734	if (subL == NULL)
735	return MEMORY_E;
736
737	subR = (u32) XMALLOC(sizeof(u32) 34, NULL, DYNAMIC_TYPE_TMP_BUFFER);
738	if (subR == NULL) {
739	XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
740	return MEMORY_E;
741	}
742	#else
743	u32 subL[34];
744	u32 subR[34];
745	#endif
746
747	/**
748	* key = (kll \|\| klr \|\| krl \|\| krr \|\| krll \|\| krlr \|\| krrl \|\| krrr)
749	* (\|\| is concatenation)
750	*/
751
752	kll = GETU32(key );
753	klr = GETU32(key + 4);
754	krl = GETU32(key + 8);
755	krr = GETU32(key + 12);
756	krll = GETU32(key + 16);
757	krlr = GETU32(key + 20);
758	krrl = GETU32(key + 24);
759	krrr = GETU32(key + 28);
760
761	/* generate KL dependent subkeys */
762	subl(0) = kll; subr(0) = klr;
763	subl(1) = krl; subr(1) = krr;
764	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
765	subl(12) = kll; subr(12) = klr;
766	subl(13) = krl; subr(13) = krr;
767	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
768	subl(16) = kll; subr(16) = klr;
769	subl(17) = krl; subr(17) = krr;
770	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
771	subl(22) = kll; subr(22) = klr;
772	subl(23) = krl; subr(23) = krr;
773	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
774	subl(30) = kll; subr(30) = klr;
775	subl(31) = krl; subr(31) = krr;
776
777	/* generate KR dependent subkeys */
778	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
779	subl(4) = krll; subr(4) = krlr;
780	subl(5) = krrl; subr(5) = krrr;
781	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
782	subl(8) = krll; subr(8) = krlr;
783	subl(9) = krrl; subr(9) = krrr;
784	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
785	subl(18) = krll; subr(18) = krlr;
786	subl(19) = krrl; subr(19) = krrr;
787	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
788	subl(26) = krll; subr(26) = krlr;
789	subl(27) = krrl; subr(27) = krrr;
790	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
791
792	/* generate KA */
793	kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
794	krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
795	CAMELLIA_F(kll, klr,
796	CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
797	w0, w1, il, ir, t0, t1);
798	krl ^= w0; krr ^= w1;
799	CAMELLIA_F(krl, krr,
800	CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
801	kll, klr, il, ir, t0, t1);
802	kll ^= krll; klr ^= krlr;
803	CAMELLIA_F(kll, klr,
804	CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
805	krl, krr, il, ir, t0, t1);
806	krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
807	CAMELLIA_F(krl, krr,
808	CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
809	w0, w1, il, ir, t0, t1);
810	kll ^= w0; klr ^= w1;
811
812	/* generate KB */
813	krll ^= kll; krlr ^= klr;
814	krrl ^= krl; krrr ^= krr;
815	CAMELLIA_F(krll, krlr,
816	CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
817	w0, w1, il, ir, t0, t1);
818	krrl ^= w0; krrr ^= w1;
819	CAMELLIA_F(krrl, krrr,
820	CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
821	w0, w1, il, ir, t0, t1);
822	krll ^= w0; krlr ^= w1;
823
824	/* generate KA dependent subkeys */
825	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
826	subl(6) = kll; subr(6) = klr;
827	subl(7) = krl; subr(7) = krr;
828	CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
829	subl(14) = kll; subr(14) = klr;
830	subl(15) = krl; subr(15) = krr;
831	subl(24) = klr; subr(24) = krl;
832	subl(25) = krr; subr(25) = kll;
833	CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
834	subl(28) = kll; subr(28) = klr;
835	subl(29) = krl; subr(29) = krr;
836
837	/* generate KB dependent subkeys */
838	subl(2) = krll; subr(2) = krlr;
839	subl(3) = krrl; subr(3) = krrr;
840	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
841	subl(10) = krll; subr(10) = krlr;
842	subl(11) = krrl; subr(11) = krrr;
843	CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
844	subl(20) = krll; subr(20) = krlr;
845	subl(21) = krrl; subr(21) = krrr;
846	CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
847	subl(32) = krll; subr(32) = krlr;
848	subl(33) = krrl; subr(33) = krrr;
849
850	/* absorb kw2 to other subkeys */
851	subl(3) ^= subl(1); subr(3) ^= subr(1);
852	subl(5) ^= subl(1); subr(5) ^= subr(1);
853	subl(7) ^= subl(1); subr(7) ^= subr(1);
854	subl(1) ^= subr(1) & ~subr(9);
855	dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
856	subl(11) ^= subl(1); subr(11) ^= subr(1);
857	subl(13) ^= subl(1); subr(13) ^= subr(1);
858	subl(15) ^= subl(1); subr(15) ^= subr(1);
859	subl(1) ^= subr(1) & ~subr(17);
860	dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
861	subl(19) ^= subl(1); subr(19) ^= subr(1);
862	subl(21) ^= subl(1); subr(21) ^= subr(1);
863	subl(23) ^= subl(1); subr(23) ^= subr(1);
864	subl(1) ^= subr(1) & ~subr(25);
865	dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
866	subl(27) ^= subl(1); subr(27) ^= subr(1);
867	subl(29) ^= subl(1); subr(29) ^= subr(1);
868	subl(31) ^= subl(1); subr(31) ^= subr(1);
869	subl(32) ^= subl(1); subr(32) ^= subr(1);
870
871	/* absorb kw4 to other subkeys */
872	kw4l = subl(33); kw4r = subr(33);
873	subl(30) ^= kw4l; subr(30) ^= kw4r;
874	subl(28) ^= kw4l; subr(28) ^= kw4r;
875	subl(26) ^= kw4l; subr(26) ^= kw4r;
876	kw4l ^= kw4r & ~subr(24);
877	dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
878	subl(22) ^= kw4l; subr(22) ^= kw4r;
879	subl(20) ^= kw4l; subr(20) ^= kw4r;
880	subl(18) ^= kw4l; subr(18) ^= kw4r;
881	kw4l ^= kw4r & ~subr(16);
882	dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
883	subl(14) ^= kw4l; subr(14) ^= kw4r;
884	subl(12) ^= kw4l; subr(12) ^= kw4r;
885	subl(10) ^= kw4l; subr(10) ^= kw4r;
886	kw4l ^= kw4r & ~subr(8);
887	dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
888	subl(6) ^= kw4l; subr(6) ^= kw4r;
889	subl(4) ^= kw4l; subr(4) ^= kw4r;
890	subl(2) ^= kw4l; subr(2) ^= kw4r;
891	subl(0) ^= kw4l; subr(0) ^= kw4r;
892
893	/* key XOR is end of F-function */
894	CamelliaSubkeyL(0) = subl(0) ^ subl(2);
895	CamelliaSubkeyR(0) = subr(0) ^ subr(2);
896	CamelliaSubkeyL(2) = subl(3);
897	CamelliaSubkeyR(2) = subr(3);
898	CamelliaSubkeyL(3) = subl(2) ^ subl(4);
899	CamelliaSubkeyR(3) = subr(2) ^ subr(4);
900	CamelliaSubkeyL(4) = subl(3) ^ subl(5);
901	CamelliaSubkeyR(4) = subr(3) ^ subr(5);
902	CamelliaSubkeyL(5) = subl(4) ^ subl(6);
903	CamelliaSubkeyR(5) = subr(4) ^ subr(6);
904	CamelliaSubkeyL(6) = subl(5) ^ subl(7);
905	CamelliaSubkeyR(6) = subr(5) ^ subr(7);
906	tl = subl(10) ^ (subr(10) & ~subr(8));
907	dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
908	CamelliaSubkeyL(7) = subl(6) ^ tl;
909	CamelliaSubkeyR(7) = subr(6) ^ tr;
910	CamelliaSubkeyL(8) = subl(8);
911	CamelliaSubkeyR(8) = subr(8);
912	CamelliaSubkeyL(9) = subl(9);
913	CamelliaSubkeyR(9) = subr(9);
914	tl = subl(7) ^ (subr(7) & ~subr(9));
915	dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
916	CamelliaSubkeyL(10) = tl ^ subl(11);
917	CamelliaSubkeyR(10) = tr ^ subr(11);
918	CamelliaSubkeyL(11) = subl(10) ^ subl(12);
919	CamelliaSubkeyR(11) = subr(10) ^ subr(12);
920	CamelliaSubkeyL(12) = subl(11) ^ subl(13);
921	CamelliaSubkeyR(12) = subr(11) ^ subr(13);
922	CamelliaSubkeyL(13) = subl(12) ^ subl(14);
923	CamelliaSubkeyR(13) = subr(12) ^ subr(14);
924	CamelliaSubkeyL(14) = subl(13) ^ subl(15);
925	CamelliaSubkeyR(14) = subr(13) ^ subr(15);
926	tl = subl(18) ^ (subr(18) & ~subr(16));
927	dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
928	CamelliaSubkeyL(15) = subl(14) ^ tl;
929	CamelliaSubkeyR(15) = subr(14) ^ tr;
930	CamelliaSubkeyL(16) = subl(16);
931	CamelliaSubkeyR(16) = subr(16);
932	CamelliaSubkeyL(17) = subl(17);
933	CamelliaSubkeyR(17) = subr(17);
934	tl = subl(15) ^ (subr(15) & ~subr(17));
935	dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
936	CamelliaSubkeyL(18) = tl ^ subl(19);
937	CamelliaSubkeyR(18) = tr ^ subr(19);
938	CamelliaSubkeyL(19) = subl(18) ^ subl(20);
939	CamelliaSubkeyR(19) = subr(18) ^ subr(20);
940	CamelliaSubkeyL(20) = subl(19) ^ subl(21);
941	CamelliaSubkeyR(20) = subr(19) ^ subr(21);
942	CamelliaSubkeyL(21) = subl(20) ^ subl(22);
943	CamelliaSubkeyR(21) = subr(20) ^ subr(22);
944	CamelliaSubkeyL(22) = subl(21) ^ subl(23);
945	CamelliaSubkeyR(22) = subr(21) ^ subr(23);
946	tl = subl(26) ^ (subr(26) & ~subr(24));
947	dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
948	CamelliaSubkeyL(23) = subl(22) ^ tl;
949	CamelliaSubkeyR(23) = subr(22) ^ tr;
950	CamelliaSubkeyL(24) = subl(24);
951	CamelliaSubkeyR(24) = subr(24);
952	CamelliaSubkeyL(25) = subl(25);
953	CamelliaSubkeyR(25) = subr(25);
954	tl = subl(23) ^ (subr(23) & ~subr(25));
955	dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
956	CamelliaSubkeyL(26) = tl ^ subl(27);
957	CamelliaSubkeyR(26) = tr ^ subr(27);
958	CamelliaSubkeyL(27) = subl(26) ^ subl(28);
959	CamelliaSubkeyR(27) = subr(26) ^ subr(28);
960	CamelliaSubkeyL(28) = subl(27) ^ subl(29);
961	CamelliaSubkeyR(28) = subr(27) ^ subr(29);
962	CamelliaSubkeyL(29) = subl(28) ^ subl(30);
963	CamelliaSubkeyR(29) = subr(28) ^ subr(30);
964	CamelliaSubkeyL(30) = subl(29) ^ subl(31);
965	CamelliaSubkeyR(30) = subr(29) ^ subr(31);
966	CamelliaSubkeyL(31) = subl(30);
967	CamelliaSubkeyR(31) = subr(30);
968	CamelliaSubkeyL(32) = subl(32) ^ subl(31);
969	CamelliaSubkeyR(32) = subr(32) ^ subr(31);
970
971	/* apply the inverse of the last half of P-function */
972	dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
973	CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
974	dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
975	CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
976	dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
977	CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
978	dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
979	CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
980	dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
981	CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
982	dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
983	CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
984	dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
985	CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
986	dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
987	CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
988	dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
989	CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
990	dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
991	CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
992	dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
993	CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
994	dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
995	CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
996	dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
997	CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
998	dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
999	CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
1000	dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
1001	CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
1002	dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
1003	CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
1004	dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
1005	CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
1006	dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
1007	CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
1008	dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
1009	CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
1010	dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
1011	CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
1012	dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
1013	CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
1014	dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
1015	CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
1016	dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
1017	CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
1018	dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
1019	CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
1020
1021	#ifdef WOLFSSL_SMALL_STACK
1022	XFREE(subL, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1023	XFREE(subR, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1024	#endif
1025
1026	return 0;
1027	}
1028
1029	static int camellia_setup192(const unsigned char key, u32 subkey)
1030	{
1031	unsigned char kk[32];
1032	u32 krll, krlr, krrl,krrr;
1033
1034	XMEMCPY(kk, key, 24);
1035	XMEMCPY((unsigned char *)&krll, key+16,4);
1036	XMEMCPY((unsigned char *)&krlr, key+20,4);
1037	krrl = ~krll;
1038	krrr = ~krlr;
1039	XMEMCPY(kk+24, (unsigned char *)&krrl, 4);
1040	XMEMCPY(kk+28, (unsigned char *)&krrr, 4);
1041
1042	return camellia_setup256(kk, subkey);
1043	}
1044
1045
1046	/**
1047	* Stuff related to camellia encryption/decryption
1048	*
1049	* "io" must be 4byte aligned and big-endian data.
1050	*/
1051	static void camellia_encrypt128(const u32 subkey, u32 io)
1052	{
1053	u32 il, ir, t0, t1;
1054
1055	/* pre whitening but absorb kw2*/
1056	io[0] ^= CamelliaSubkeyL(0);
1057	io[1] ^= CamelliaSubkeyR(0);
1058	/* main iteration */
1059
1060	CAMELLIA_ROUNDSM(io[0],io[1],
1061	CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1062	io[2],io[3],il,ir,t0,t1);
1063	CAMELLIA_ROUNDSM(io[2],io[3],
1064	CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1065	io[0],io[1],il,ir,t0,t1);
1066	CAMELLIA_ROUNDSM(io[0],io[1],
1067	CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1068	io[2],io[3],il,ir,t0,t1);
1069	CAMELLIA_ROUNDSM(io[2],io[3],
1070	CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1071	io[0],io[1],il,ir,t0,t1);
1072	CAMELLIA_ROUNDSM(io[0],io[1],
1073	CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1074	io[2],io[3],il,ir,t0,t1);
1075	CAMELLIA_ROUNDSM(io[2],io[3],
1076	CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1077	io[0],io[1],il,ir,t0,t1);
1078
1079	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1080	CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1081	CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1082	t0,t1,il,ir);
1083
1084	CAMELLIA_ROUNDSM(io[0],io[1],
1085	CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1086	io[2],io[3],il,ir,t0,t1);
1087	CAMELLIA_ROUNDSM(io[2],io[3],
1088	CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1089	io[0],io[1],il,ir,t0,t1);
1090	CAMELLIA_ROUNDSM(io[0],io[1],
1091	CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1092	io[2],io[3],il,ir,t0,t1);
1093	CAMELLIA_ROUNDSM(io[2],io[3],
1094	CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1095	io[0],io[1],il,ir,t0,t1);
1096	CAMELLIA_ROUNDSM(io[0],io[1],
1097	CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1098	io[2],io[3],il,ir,t0,t1);
1099	CAMELLIA_ROUNDSM(io[2],io[3],
1100	CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1101	io[0],io[1],il,ir,t0,t1);
1102
1103	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1104	CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1105	CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1106	t0,t1,il,ir);
1107
1108	CAMELLIA_ROUNDSM(io[0],io[1],
1109	CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1110	io[2],io[3],il,ir,t0,t1);
1111	CAMELLIA_ROUNDSM(io[2],io[3],
1112	CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1113	io[0],io[1],il,ir,t0,t1);
1114	CAMELLIA_ROUNDSM(io[0],io[1],
1115	CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1116	io[2],io[3],il,ir,t0,t1);
1117	CAMELLIA_ROUNDSM(io[2],io[3],
1118	CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1119	io[0],io[1],il,ir,t0,t1);
1120	CAMELLIA_ROUNDSM(io[0],io[1],
1121	CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1122	io[2],io[3],il,ir,t0,t1);
1123	CAMELLIA_ROUNDSM(io[2],io[3],
1124	CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1125	io[0],io[1],il,ir,t0,t1);
1126
1127	/* post whitening but kw4 */
1128	io[2] ^= CamelliaSubkeyL(24);
1129	io[3] ^= CamelliaSubkeyR(24);
1130
1131	t0 = io[0];
1132	t1 = io[1];
1133	io[0] = io[2];
1134	io[1] = io[3];
1135	io[2] = t0;
1136	io[3] = t1;
1137
1138	return;
1139	}
1140
1141	static void camellia_decrypt128(const u32 subkey, u32 io)
1142	{
1143	u32 il,ir,t0,t1; /* temporary variables */
1144
1145	/* pre whitening but absorb kw2*/
1146	io[0] ^= CamelliaSubkeyL(24);
1147	io[1] ^= CamelliaSubkeyR(24);
1148
1149	/* main iteration */
1150	CAMELLIA_ROUNDSM(io[0],io[1],
1151	CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1152	io[2],io[3],il,ir,t0,t1);
1153	CAMELLIA_ROUNDSM(io[2],io[3],
1154	CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1155	io[0],io[1],il,ir,t0,t1);
1156	CAMELLIA_ROUNDSM(io[0],io[1],
1157	CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1158	io[2],io[3],il,ir,t0,t1);
1159	CAMELLIA_ROUNDSM(io[2],io[3],
1160	CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1161	io[0],io[1],il,ir,t0,t1);
1162	CAMELLIA_ROUNDSM(io[0],io[1],
1163	CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1164	io[2],io[3],il,ir,t0,t1);
1165	CAMELLIA_ROUNDSM(io[2],io[3],
1166	CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1167	io[0],io[1],il,ir,t0,t1);
1168
1169	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1170	CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1171	CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1172	t0,t1,il,ir);
1173
1174	CAMELLIA_ROUNDSM(io[0],io[1],
1175	CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1176	io[2],io[3],il,ir,t0,t1);
1177	CAMELLIA_ROUNDSM(io[2],io[3],
1178	CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1179	io[0],io[1],il,ir,t0,t1);
1180	CAMELLIA_ROUNDSM(io[0],io[1],
1181	CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1182	io[2],io[3],il,ir,t0,t1);
1183	CAMELLIA_ROUNDSM(io[2],io[3],
1184	CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1185	io[0],io[1],il,ir,t0,t1);
1186	CAMELLIA_ROUNDSM(io[0],io[1],
1187	CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1188	io[2],io[3],il,ir,t0,t1);
1189	CAMELLIA_ROUNDSM(io[2],io[3],
1190	CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1191	io[0],io[1],il,ir,t0,t1);
1192
1193	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1194	CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1195	CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1196	t0,t1,il,ir);
1197
1198	CAMELLIA_ROUNDSM(io[0],io[1],
1199	CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1200	io[2],io[3],il,ir,t0,t1);
1201	CAMELLIA_ROUNDSM(io[2],io[3],
1202	CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1203	io[0],io[1],il,ir,t0,t1);
1204	CAMELLIA_ROUNDSM(io[0],io[1],
1205	CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1206	io[2],io[3],il,ir,t0,t1);
1207	CAMELLIA_ROUNDSM(io[2],io[3],
1208	CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1209	io[0],io[1],il,ir,t0,t1);
1210	CAMELLIA_ROUNDSM(io[0],io[1],
1211	CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1212	io[2],io[3],il,ir,t0,t1);
1213	CAMELLIA_ROUNDSM(io[2],io[3],
1214	CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1215	io[0],io[1],il,ir,t0,t1);
1216
1217	/* post whitening but kw4 */
1218	io[2] ^= CamelliaSubkeyL(0);
1219	io[3] ^= CamelliaSubkeyR(0);
1220
1221	t0 = io[0];
1222	t1 = io[1];
1223	io[0] = io[2];
1224	io[1] = io[3];
1225	io[2] = t0;
1226	io[3] = t1;
1227
1228	return;
1229	}
1230
1231	/**
1232	* stuff for 192 and 256bit encryption/decryption
1233	*/
1234	static void camellia_encrypt256(const u32 subkey, u32 io)
1235	{
1236	u32 il,ir,t0,t1; /* temporary variables */
1237
1238	/* pre whitening but absorb kw2*/
1239	io[0] ^= CamelliaSubkeyL(0);
1240	io[1] ^= CamelliaSubkeyR(0);
1241
1242	/* main iteration */
1243	CAMELLIA_ROUNDSM(io[0],io[1],
1244	CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1245	io[2],io[3],il,ir,t0,t1);
1246	CAMELLIA_ROUNDSM(io[2],io[3],
1247	CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1248	io[0],io[1],il,ir,t0,t1);
1249	CAMELLIA_ROUNDSM(io[0],io[1],
1250	CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1251	io[2],io[3],il,ir,t0,t1);
1252	CAMELLIA_ROUNDSM(io[2],io[3],
1253	CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1254	io[0],io[1],il,ir,t0,t1);
1255	CAMELLIA_ROUNDSM(io[0],io[1],
1256	CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1257	io[2],io[3],il,ir,t0,t1);
1258	CAMELLIA_ROUNDSM(io[2],io[3],
1259	CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1260	io[0],io[1],il,ir,t0,t1);
1261
1262	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1263	CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1264	CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1265	t0,t1,il,ir);
1266
1267	CAMELLIA_ROUNDSM(io[0],io[1],
1268	CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1269	io[2],io[3],il,ir,t0,t1);
1270	CAMELLIA_ROUNDSM(io[2],io[3],
1271	CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1272	io[0],io[1],il,ir,t0,t1);
1273	CAMELLIA_ROUNDSM(io[0],io[1],
1274	CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1275	io[2],io[3],il,ir,t0,t1);
1276	CAMELLIA_ROUNDSM(io[2],io[3],
1277	CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1278	io[0],io[1],il,ir,t0,t1);
1279	CAMELLIA_ROUNDSM(io[0],io[1],
1280	CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1281	io[2],io[3],il,ir,t0,t1);
1282	CAMELLIA_ROUNDSM(io[2],io[3],
1283	CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1284	io[0],io[1],il,ir,t0,t1);
1285
1286	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1287	CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1288	CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1289	t0,t1,il,ir);
1290
1291	CAMELLIA_ROUNDSM(io[0],io[1],
1292	CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1293	io[2],io[3],il,ir,t0,t1);
1294	CAMELLIA_ROUNDSM(io[2],io[3],
1295	CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1296	io[0],io[1],il,ir,t0,t1);
1297	CAMELLIA_ROUNDSM(io[0],io[1],
1298	CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1299	io[2],io[3],il,ir,t0,t1);
1300	CAMELLIA_ROUNDSM(io[2],io[3],
1301	CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1302	io[0],io[1],il,ir,t0,t1);
1303	CAMELLIA_ROUNDSM(io[0],io[1],
1304	CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1305	io[2],io[3],il,ir,t0,t1);
1306	CAMELLIA_ROUNDSM(io[2],io[3],
1307	CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1308	io[0],io[1],il,ir,t0,t1);
1309
1310	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1311	CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1312	CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1313	t0,t1,il,ir);
1314
1315	CAMELLIA_ROUNDSM(io[0],io[1],
1316	CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1317	io[2],io[3],il,ir,t0,t1);
1318	CAMELLIA_ROUNDSM(io[2],io[3],
1319	CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1320	io[0],io[1],il,ir,t0,t1);
1321	CAMELLIA_ROUNDSM(io[0],io[1],
1322	CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1323	io[2],io[3],il,ir,t0,t1);
1324	CAMELLIA_ROUNDSM(io[2],io[3],
1325	CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1326	io[0],io[1],il,ir,t0,t1);
1327	CAMELLIA_ROUNDSM(io[0],io[1],
1328	CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1329	io[2],io[3],il,ir,t0,t1);
1330	CAMELLIA_ROUNDSM(io[2],io[3],
1331	CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1332	io[0],io[1],il,ir,t0,t1);
1333
1334	/* post whitening but kw4 */
1335	io[2] ^= CamelliaSubkeyL(32);
1336	io[3] ^= CamelliaSubkeyR(32);
1337
1338	t0 = io[0];
1339	t1 = io[1];
1340	io[0] = io[2];
1341	io[1] = io[3];
1342	io[2] = t0;
1343	io[3] = t1;
1344
1345	return;
1346	}
1347
1348	static void camellia_decrypt256(const u32 subkey, u32 io)
1349	{
1350	u32 il,ir,t0,t1; /* temporary variables */
1351
1352	/* pre whitening but absorb kw2*/
1353	io[0] ^= CamelliaSubkeyL(32);
1354	io[1] ^= CamelliaSubkeyR(32);
1355
1356	/* main iteration */
1357	CAMELLIA_ROUNDSM(io[0],io[1],
1358	CamelliaSubkeyL(31),CamelliaSubkeyR(31),
1359	io[2],io[3],il,ir,t0,t1);
1360	CAMELLIA_ROUNDSM(io[2],io[3],
1361	CamelliaSubkeyL(30),CamelliaSubkeyR(30),
1362	io[0],io[1],il,ir,t0,t1);
1363	CAMELLIA_ROUNDSM(io[0],io[1],
1364	CamelliaSubkeyL(29),CamelliaSubkeyR(29),
1365	io[2],io[3],il,ir,t0,t1);
1366	CAMELLIA_ROUNDSM(io[2],io[3],
1367	CamelliaSubkeyL(28),CamelliaSubkeyR(28),
1368	io[0],io[1],il,ir,t0,t1);
1369	CAMELLIA_ROUNDSM(io[0],io[1],
1370	CamelliaSubkeyL(27),CamelliaSubkeyR(27),
1371	io[2],io[3],il,ir,t0,t1);
1372	CAMELLIA_ROUNDSM(io[2],io[3],
1373	CamelliaSubkeyL(26),CamelliaSubkeyR(26),
1374	io[0],io[1],il,ir,t0,t1);
1375
1376	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1377	CamelliaSubkeyL(25),CamelliaSubkeyR(25),
1378	CamelliaSubkeyL(24),CamelliaSubkeyR(24),
1379	t0,t1,il,ir);
1380
1381	CAMELLIA_ROUNDSM(io[0],io[1],
1382	CamelliaSubkeyL(23),CamelliaSubkeyR(23),
1383	io[2],io[3],il,ir,t0,t1);
1384	CAMELLIA_ROUNDSM(io[2],io[3],
1385	CamelliaSubkeyL(22),CamelliaSubkeyR(22),
1386	io[0],io[1],il,ir,t0,t1);
1387	CAMELLIA_ROUNDSM(io[0],io[1],
1388	CamelliaSubkeyL(21),CamelliaSubkeyR(21),
1389	io[2],io[3],il,ir,t0,t1);
1390	CAMELLIA_ROUNDSM(io[2],io[3],
1391	CamelliaSubkeyL(20),CamelliaSubkeyR(20),
1392	io[0],io[1],il,ir,t0,t1);
1393	CAMELLIA_ROUNDSM(io[0],io[1],
1394	CamelliaSubkeyL(19),CamelliaSubkeyR(19),
1395	io[2],io[3],il,ir,t0,t1);
1396	CAMELLIA_ROUNDSM(io[2],io[3],
1397	CamelliaSubkeyL(18),CamelliaSubkeyR(18),
1398	io[0],io[1],il,ir,t0,t1);
1399
1400	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1401	CamelliaSubkeyL(17),CamelliaSubkeyR(17),
1402	CamelliaSubkeyL(16),CamelliaSubkeyR(16),
1403	t0,t1,il,ir);
1404
1405	CAMELLIA_ROUNDSM(io[0],io[1],
1406	CamelliaSubkeyL(15),CamelliaSubkeyR(15),
1407	io[2],io[3],il,ir,t0,t1);
1408	CAMELLIA_ROUNDSM(io[2],io[3],
1409	CamelliaSubkeyL(14),CamelliaSubkeyR(14),
1410	io[0],io[1],il,ir,t0,t1);
1411	CAMELLIA_ROUNDSM(io[0],io[1],
1412	CamelliaSubkeyL(13),CamelliaSubkeyR(13),
1413	io[2],io[3],il,ir,t0,t1);
1414	CAMELLIA_ROUNDSM(io[2],io[3],
1415	CamelliaSubkeyL(12),CamelliaSubkeyR(12),
1416	io[0],io[1],il,ir,t0,t1);
1417	CAMELLIA_ROUNDSM(io[0],io[1],
1418	CamelliaSubkeyL(11),CamelliaSubkeyR(11),
1419	io[2],io[3],il,ir,t0,t1);
1420	CAMELLIA_ROUNDSM(io[2],io[3],
1421	CamelliaSubkeyL(10),CamelliaSubkeyR(10),
1422	io[0],io[1],il,ir,t0,t1);
1423
1424	CAMELLIA_FLS(io[0],io[1],io[2],io[3],
1425	CamelliaSubkeyL(9),CamelliaSubkeyR(9),
1426	CamelliaSubkeyL(8),CamelliaSubkeyR(8),
1427	t0,t1,il,ir);
1428
1429	CAMELLIA_ROUNDSM(io[0],io[1],
1430	CamelliaSubkeyL(7),CamelliaSubkeyR(7),
1431	io[2],io[3],il,ir,t0,t1);
1432	CAMELLIA_ROUNDSM(io[2],io[3],
1433	CamelliaSubkeyL(6),CamelliaSubkeyR(6),
1434	io[0],io[1],il,ir,t0,t1);
1435	CAMELLIA_ROUNDSM(io[0],io[1],
1436	CamelliaSubkeyL(5),CamelliaSubkeyR(5),
1437	io[2],io[3],il,ir,t0,t1);
1438	CAMELLIA_ROUNDSM(io[2],io[3],
1439	CamelliaSubkeyL(4),CamelliaSubkeyR(4),
1440	io[0],io[1],il,ir,t0,t1);
1441	CAMELLIA_ROUNDSM(io[0],io[1],
1442	CamelliaSubkeyL(3),CamelliaSubkeyR(3),
1443	io[2],io[3],il,ir,t0,t1);
1444	CAMELLIA_ROUNDSM(io[2],io[3],
1445	CamelliaSubkeyL(2),CamelliaSubkeyR(2),
1446	io[0],io[1],il,ir,t0,t1);
1447
1448	/* post whitening but kw4 */
1449	io[2] ^= CamelliaSubkeyL(0);
1450	io[3] ^= CamelliaSubkeyR(0);
1451
1452	t0 = io[0];
1453	t1 = io[1];
1454	io[0] = io[2];
1455	io[1] = io[3];
1456	io[2] = t0;
1457	io[3] = t1;
1458
1459	return;
1460	}
1461
1462	/***
1463	*
1464	* API for compatibility
1465	*/
1466
1467	static void Camellia_EncryptBlock(const int keyBitLength,
1468	const unsigned char *plaintext,
1469	const KEY_TABLE_TYPE keyTable,
1470	unsigned char *ciphertext)
1471	{
1472	u32 tmp[4];
1473
1474	tmp[0] = GETU32(plaintext);
1475	tmp[1] = GETU32(plaintext + 4);
1476	tmp[2] = GETU32(plaintext + 8);
1477	tmp[3] = GETU32(plaintext + 12);
1478
1479	switch (keyBitLength) {
1480	case 128:
1481	camellia_encrypt128(keyTable, tmp);
1482	break;
1483	case 192:
1484	/* fall through */
1485	case 256:
1486	camellia_encrypt256(keyTable, tmp);
1487	break;
1488	default:
1489	break;
1490	}
1491
1492	PUTU32(ciphertext, tmp[0]);
1493	PUTU32(ciphertext + 4, tmp[1]);
1494	PUTU32(ciphertext + 8, tmp[2]);
1495	PUTU32(ciphertext + 12, tmp[3]);
1496	}
1497
1498	static void Camellia_DecryptBlock(const int keyBitLength,
1499	const unsigned char *ciphertext,
1500	const KEY_TABLE_TYPE keyTable,
1501	unsigned char *plaintext)
1502	{
1503	u32 tmp[4];
1504
1505	tmp[0] = GETU32(ciphertext);
1506	tmp[1] = GETU32(ciphertext + 4);
1507	tmp[2] = GETU32(ciphertext + 8);
1508	tmp[3] = GETU32(ciphertext + 12);
1509
1510	switch (keyBitLength) {
1511	case 128:
1512	camellia_decrypt128(keyTable, tmp);
1513	break;
1514	case 192:
1515	/* fall through */
1516	case 256:
1517	camellia_decrypt256(keyTable, tmp);
1518	break;
1519	default:
1520	break;
1521	}
1522	PUTU32(plaintext, tmp[0]);
1523	PUTU32(plaintext + 4, tmp[1]);
1524	PUTU32(plaintext + 8, tmp[2]);
1525	PUTU32(plaintext + 12, tmp[3]);
1526	}
1527
1528
1529
1530	/* wolfCrypt wrappers to the Camellia code */
1531
1532	int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv)
1533	{
1534	int ret = 0;
1535
1536	if (cam == NULL) return BAD_FUNC_ARG;
1537
1538	XMEMSET(cam->key, 0, sizeof(KEY_TABLE_TYPE));
1539
1540	switch (len) {
1541	case 16:
1542	ret = camellia_setup128(key, cam->key);
1543	break;
1544	case 24:
1545	ret = camellia_setup192(key, cam->key);
1546	break;
1547	case 32:
1548	ret = camellia_setup256(key, cam->key);
1549	break;
1550	default:
1551	return BAD_FUNC_ARG;
1552	}
1553
1554	if (ret != 0)
1555	return ret;
1556
1557	cam->keySz = len * 8;
1558
1559	return wc_CamelliaSetIV(cam, iv);
1560	}
1561
1562
1563	int wc_CamelliaSetIV(Camellia* cam, const byte* iv)
1564	{
1565	if (cam == NULL)
1566	return BAD_FUNC_ARG;
1567
1568	if (iv)
1569	XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE);
1570	else
1571	XMEMSET(cam->reg, 0, CAMELLIA_BLOCK_SIZE);
1572
1573	return 0;
1574	}
1575
1576
1577	int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in)
1578	{
1579	if (cam == NULL \|\| out == NULL \|\| in == NULL) {
1580	return BAD_FUNC_ARG;
1581	}
1582	Camellia_EncryptBlock(cam->keySz, in, cam->key, out);
1583
1584	return 0;
1585	}
1586
1587
1588	int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in)
1589	{
1590	if (cam == NULL \|\| out == NULL \|\| in == NULL) {
1591	return BAD_FUNC_ARG;
1592	}
1593	Camellia_DecryptBlock(cam->keySz, in, cam->key, out);
1594
1595	return 0;
1596	}
1597
1598
1599	int wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
1600	{
1601	if (cam == NULL \|\| out == NULL \|\| in == NULL) {
1602	return BAD_FUNC_ARG;
1603	}
1604	word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
1605
1606	while (blocks--) {
1607	xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE);
1608	Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg,
1609	cam->key, (byte*)cam->reg);
1610	XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE);
1611
1612	out += CAMELLIA_BLOCK_SIZE;
1613	in += CAMELLIA_BLOCK_SIZE;
1614	}
1615
1616	return 0;
1617	}
1618
1619
1620	int wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz)
1621	{
1622	if (cam == NULL \|\| out == NULL \|\| in == NULL) {
1623	return BAD_FUNC_ARG;
1624	}
1625	word32 blocks = sz / CAMELLIA_BLOCK_SIZE;
1626
1627	while (blocks--) {
1628	XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE);
1629	Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out);
1630	xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE);
1631	XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE);
1632
1633	out += CAMELLIA_BLOCK_SIZE;
1634	in += CAMELLIA_BLOCK_SIZE;
1635	}
1636
1637	return 0;
1638	}
1639
1640
1641	#endif /* HAVE_CAMELLIA */
1642

Note: See TracBrowser for help on using the repository browser.

Download in other formats: