Context Navigation

camellia.c

Revision 8, 31.2 kB (checked in by sgk, 4 years ago)
一部プラットフォームで、LITTLE_ENDIAN、BIT_ENDIANが定義済みのため。

Line
1	/* camellia.c ver1.0
2
3	Copyright (c) 2006
4	NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
5
6	Redistribution and use in source and binary forms, with or without
7	modification, are permitted provided that the following conditions
8	are met:
9	1. Redistributions of source code must retain the above copyright
10	notice, this list of conditions and the following disclaimer as
11	the first lines of this file unmodified.
12	2. Redistributions in binary form must reproduce the above copyright
13	notice, this list of conditions and the following disclaimer in the
14	documentation and/or other materials provided with the distribution.
15
16	THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
17	IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18	OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19	IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
20	INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23	THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24	(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25	THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	*/
27
28
29	/*
30	*-------------------------------------------------------------------------------------------------
31	* NOTE --- NOTE --- NOTE --- NOTE
32	* This implementation assumes that all memory addresses passed as parameters are
33	* four-byte aligned.
34	*-------------------------------------------------------------------------------------------------
35	*/
36
37	#include "camellia.h"
38	#include <string.h>
39	#include <stdlib.h>
40
41	/*
42	*-------------------------------------------------------------------------------------------------
43	* These macro variables select what code is used in the creation of the Camellia library objects
44	*-------------------------------------------------------------------------------------------------
45	*/
46
47	#define ZERO_MEMORY 0 /* Set to 1 to add variable cleanse code, 0 otherwise */
48
49	#define USE_C_FEISTEL_CODE 1 /* Set to 1 to use C code, 0 to inline via macro */
50
51	/*
52	*-------------------------------------------------------------------------------------------------
53	* Internal types
54	*-------------------------------------------------------------------------------------------------
55	*/
56
57	typedef unsigned char Byte;
58	typedef unsigned int Word;
59	#if ZERO_MEMORY
60	#define VOLATILE volatile
61	#else
62	#define VOLATILE
63	#endif
64
65	/*
66	*-------------------------------------------------------------------------------------------------
67	* Internal constants
68	*-------------------------------------------------------------------------------------------------
69	*/
70
71	#undef LITTLE_ENDIAN
72	#define LITTLE_ENDIAN 2 /* Intel platforms */
73	#undef BIG_ENDIAN
74	#define BIG_ENDIAN 3 /* Motorola and Sun among others */
75
76	#if __i386__ \|\| __alpha__ \|\| _M_IX86 \|\| __LITTLE_ENDIAN \|\| __LITTLE_ENDIAN__
77	#define ENDIAN_TYPE LITTLE_ENDIAN
78	#else
79	#define ENDIAN_TYPE BIG_ENDIAN
80	#endif
81
82	/*
83	*-------------------------------------------------------------------------------------------------
84	* Word rotation
85	*-------------------------------------------------------------------------------------------------
86	*/
87
88	#if (_MSC_VER && _M_IX86)
89	#define RightRotate(x, s) _lrotr(x, s)
90	#define LeftRotate(x, s) _lrotl(x, s)
91	#elif (__INTEL__ && __MWERKS__)
92	#define RightRotate(x, s) __ror(x, s)
93	#define LeftRotate(x, s) __rol(x, s)
94	#else
95	#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
96	#define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) )
97	#endif
98
99
100	/*
101	*-------------------------------------------------------------------------------------------------
102	* S-box data
103	*-------------------------------------------------------------------------------------------------
104	*/
105	const Word SBOX1_1110[] =
106	{
107	0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
108	0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
109	0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
110	0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
111	0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
112	0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
113	0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
114	0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
115	0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
116	0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
117	0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
118	0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
119	0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
120	0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
121	0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
122	0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
123	0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
124	0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
125	0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
126	0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
127	0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
128	0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
129	0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
130	0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
131	0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
132	0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
133	0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
134	0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
135	0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
136	0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
137	0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
138	0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
139	0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
140	0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
141	0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
142	0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
143	0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
144	0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
145	0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
146	0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
147	0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
148	0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
149	0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00
150	};
151	const Word SBOX4_4404[] =
152	{
153	0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
154	0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
155	0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
156	0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
157	0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
158	0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
159	0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
160	0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
161	0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
162	0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
163	0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
164	0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
165	0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
166	0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
167	0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
168	0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
169	0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
170	0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
171	0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
172	0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
173	0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
174	0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
175	0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
176	0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
177	0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
178	0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
179	0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
180	0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
181	0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
182	0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
183	0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
184	0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
185	0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
186	0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
187	0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
188	0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
189	0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
190	0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
191	0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
192	0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
193	0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
194	0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
195	0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e
196	};
197	const Word SBOX2_0222[] =
198	{
199	0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
200	0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
201	0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
202	0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
203	0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
204	0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
205	0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
206	0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
207	0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
208	0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
209	0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
210	0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
211	0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
212	0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
213	0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
214	0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
215	0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
216	0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
217	0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
218	0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
219	0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
220	0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
221	0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
222	0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
223	0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
224	0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
225	0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
226	0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
227	0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
228	0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
229	0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
230	0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
231	0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
232	0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
233	0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
234	0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
235	0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
236	0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
237	0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
238	0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
239	0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
240	0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
241	0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d
242	};
243	const Word SBOX3_3033[] =
244	{
245	0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
246	0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
247	0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
248	0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
249	0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
250	0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
251	0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
252	0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
253	0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
254	0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
255	0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
256	0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
257	0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
258	0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
259	0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
260	0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
261	0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
262	0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
263	0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
264	0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
265	0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
266	0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
267	0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
268	0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
269	0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
270	0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
271	0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
272	0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
273	0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
274	0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
275	0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
276	0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
277	0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
278	0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
279	0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
280	0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
281	0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
282	0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
283	0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
284	0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
285	0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
286	0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
287	0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f
288	};
289
290	/*
291	*-------------------------------------------------------------------------------------------------
292	* Copy a 16-byte buffer (word aligned) to another. Convert endianness if on little-
293	* endian machine.
294	*-------------------------------------------------------------------------------------------------
295	*/
296	#if ENDIAN_TYPE == LITTLE_ENDIAN
297	static void CopyConvertEndianness16
298	(
299	VOLATILE const Word *src,
300	VOLATILE Word *dst
301	)
302	{
303	dst[0] = (LeftRotate(src[0], 8) & 0x00ff00ff) \|
304	(RightRotate(src[0], 8) & 0xff00ff00);
305	dst[1] = (LeftRotate(src[1], 8) & 0x00ff00ff) \|
306	(RightRotate(src[1], 8) & 0xff00ff00);
307	dst[2] = (LeftRotate(src[2], 8) & 0x00ff00ff) \|
308	(RightRotate(src[2], 8) & 0xff00ff00);
309	dst[3] = (LeftRotate(src[3], 8) & 0x00ff00ff) \|
310	(RightRotate(src[3], 8) & 0xff00ff00);
311	}
312
313	#else
314	#define CopyConvertEndianness16(src, dst) memcpy((char )(dst), (char )(src), 16)
315	#endif
316
317	/*
318	*-------------------------------------------------------------------------------------------------
319	* Computes the exclusive-or of x and y and and assigns it to z, ie,
320	*
321	* z = x ^ y
322	*-------------------------------------------------------------------------------------------------
323	*/
324	#define XorBlock(x, y, z)\
325	do {\
326	(z)[0] = (x)[0] ^ (y)[0];\
327	(z)[1] = (x)[1] ^ (y)[1];\
328	(z)[2] = (x)[2] ^ (y)[2];\
329	(z)[3] = (x)[3] ^ (y)[3];\
330	} while(0)
331	/*
332	*-------------------------------------------------------------------------------------------------
333	* Transforms an array of 4 words by flipping the first two words with the last 2 words.
334	*-------------------------------------------------------------------------------------------------
335	*/
336	#define SwapHalf(x)\
337	do {\
338	Word _t;\
339	_t = (x)[0];\
340	(x)[0] = (x)[2];\
341	(x)[2] = _t;\
342	_t = (x)[1];\
343	(x)[1] = (x)[3];\
344	(x)[3] = _t;\
345	} while(0)
346
347	/*
348	*-------------------------------------------------------------------------------------------------
349	* This function is only used in key generation.
350	*-------------------------------------------------------------------------------------------------
351	*/
352
353	static void RotBlock
354	(
355	VOLATILE const Word x[],
356	const int n,
357	Word y[]
358	)
359	{
360	int r = (n & 31); /* Must not be 0 */
361	int idx = (n >> 5);
362	int idx1 = (idx + 1) & 3;
363	int idx2 = (idx1 + 1) & 3;
364
365	y[0] = (x[idx] << r) \| (x[idx1] >> (32 - r));
366	y[1] = (x[idx1] << r) \| (x[idx2] >> (32 - r));
367	}
368
369
370	/*
371	*-------------------------------------------------------------------------------------------------
372	* The phi algorithm given in C.2.7 of the Camellia spec document.
373	*-------------------------------------------------------------------------------------------------
374	*/
375
376
377
378	#if (USE_C_FEISTEL_CODE)
379	static void Camellia_Feistel
380	(
381	VOLATILE Word *x,
382	VOLATILE const Word *k,
383	const int key_offset
384	)
385	{
386	VOLATILE Word D, U;
387	VOLATILE Word s1, s2;
388
389	s1 = x[0] ^ k[0];
390	U = SBOX4_4404[(Byte)s1];
391	U ^= SBOX3_3033[(Byte)(s1 >> 8)];
392	U ^= SBOX2_0222[(Byte)(s1 >> 16)];
393	U ^= SBOX1_1110[(Byte)(s1 >> 24)];
394	s2 = x[1] ^ k[1];
395	D = SBOX1_1110[(Byte)s2];
396	D ^= SBOX4_4404[(Byte)(s2 >> 8)];
397	D ^= SBOX3_3033[(Byte)(s2 >> 16)];
398	D ^= SBOX2_0222[(Byte)(s2 >> 24)];
399
400	x[2] ^= D ^ U;
401	x[3] ^= D ^ U ^ RightRotate(U, 8);
402
403	s1 = x[2] ^ k[key_offset];
404	U = SBOX4_4404[(Byte)s1];
405	U ^= SBOX3_3033[(Byte)(s1 >> 8)];
406	U ^= SBOX2_0222[(Byte)(s1 >> 16)];
407	U ^= SBOX1_1110[(Byte)(s1 >> 24)];
408	s2 = x[3] ^ k[key_offset+1];
409	D = SBOX1_1110[(Byte)s2];
410	D ^= SBOX4_4404[(Byte)(s2 >> 8)];
411	D ^= SBOX3_3033[(Byte)(s2 >> 16)];
412	D ^= SBOX2_0222[(Byte)(s2 >> 24)];
413
414	x[0] ^= D ^ U;
415	x[1] ^= D ^ U ^ RightRotate(U, 8);
416
417	#if ZERO_MEMORY
418	k = x = (Word *)0;
419	D = U = s1 = s2 = 0;
420	#endif
421	}
422
423	#else /* use macro code. Slower on PC due to code/cache interaction */
424
425	#define Camellia_Feistel(xx,kk,oo)\
426	do {\
427	Word * const _x = (Word *)(xx);\
428	const Word * const _k = (Word *)(kk);\
429	Word _D, _U;\
430	Word _s1, _s2;\
431	Word _temp;\
432	\
433	_s1 = _x[0] ^ _k[0];\
434	_U = SBOX4_4404[(Byte)_s1];\
435	_U ^= SBOX3_3033[(Byte)(_s1 >> 8)];\
436	_U ^= SBOX2_0222[(Byte)(_s1 >> 16)];\
437	_U ^= SBOX1_1110[(Byte)(_s1 >> 24)];\
438	_s2 = _x[1] ^ _k[1];\
439	_D = SBOX1_1110[(Byte)_s2];\
440	_D ^= SBOX4_4404[(Byte)(_s2 >> 8)];\
441	_D ^= SBOX3_3033[(Byte)(_s2 >> 16)];\
442	_D ^= SBOX2_0222[(Byte)(_s2 >> 24)];\
443	\
444	_x[2] ^= _D ^ _U;\
445	_x[3] ^= _D ^ _U ^ RightRotate(_U, 8);\
446	\
447	_s1 = _x[2] ^ _k[oo];\
448	_U = SBOX4_4404[(Byte)_s1];\
449	_U ^= SBOX3_3033[(Byte)(_s1 >> 8)];\
450	_U ^= SBOX2_0222[(Byte)(_s1 >> 16)];\
451	_U ^= SBOX1_1110[(Byte)(_s1 >> 24)];\
452	_s2 = _x[3] ^ _k[(oo)+1];\
453	_D = SBOX1_1110[(Byte)_s2];\
454	_D ^= SBOX4_4404[(Byte)(_s2 >> 8)];\
455	_D ^= SBOX3_3033[(Byte)(_s2 >> 16)];\
456	_D ^= SBOX2_0222[(Byte)(_s2 >> 24)];\
457	\
458	_x[0] ^= _D ^ _U;\
459	_x[1] ^= _D ^ _U ^ RightRotate(_U, 8);\
460	} while(0)
461
462	#endif /* USE_C_FEISTEL_CODE */
463
464
465
466	/* Routine derived from camellia.c
467	*-------------------------------------------------------------------------------------------------
468	* Module: Camellia block cipher library.
469	*
470	* Description: Optimized, portable C implementation of the Camellia Cipher functions.
471	*
472	* Copyright (c) NTT, All Rights Reserved
473	*-------------------------------------------------------------------------------------------------
474	*/
475
476	/* Key generation constants */
477
478	const Word SIGMA[] = {
479	0xa09e667f, 0x3bcc908b,
480	0xb67ae858, 0x4caa73b2,
481	0xc6ef372f, 0xe94f82be,
482	0x54ff53a5, 0xf1d36f1c,
483	0x10e527fa, 0xde682d1d,
484	0xb05688c2, 0xb3e6c1fd
485	};
486
487	const int KSFT1[26] = {
488	0, 64, 0, 64, 15, 79, 15, 79, 30, 94, 45, 109, 45, 124, 60, 124, 77, 13,
489	94, 30, 94, 30, 111, 47, 111, 47
490	};
491
492	const int KIDX1[26] = {
493	0, 0, 8, 8, 0, 0, 8, 8, 8, 8, 0, 0, 8, 0, 8, 8, 0, 0, 0, 0, 8, 8, 0, 0, 8, 8
494	};
495
496	const int KSFT2[34] = {
497	0, 64, 0, 64, 15, 79, 15, 79, 30, 94, 30, 94, 45, 109, 45, 109, 60, 124,
498	60, 124, 60, 124, 77, 13, 77, 13, 94, 30, 94, 30, 111, 47, 111, 47
499	};
500
501	const int KIDX2[34] = {
502	0, 0, 12, 12, 4, 4, 8, 8, 4, 4, 12, 12, 0, 0, 8, 8, 0, 0, 4, 4, 12, 12,
503	0, 0, 8, 8, 4, 4, 8, 8, 0, 0, 12, 12
504	};
505
506
507	/*
508	*-------------------------------------------------------------------------------------------------
509	* Generates the key table e from rawKey. The reference implementation has been
510	* mangled to avoid the necessity of having to separately code the Feistel function.
511	*-------------------------------------------------------------------------------------------------
512	*/
513	void Camellia_Ekeygen
514	(
515	const int keyBitLength,
516	const Byte *rawKey,
517	KEY_TABLE_TYPE keyTable
518	)
519	{
520	VOLATILE Word t[16];
521	int i;
522
523
524	/* Copy raw key material into the key table. Keep the bytes register- */
525	/* endian-correct (ie. bytes appear in registers in the correct order */
526	/* but will appear reversed in memory on a little-endian machine */
527	if (keyBitLength == 128){
528	CopyConvertEndianness16((Word )rawKey, (Word )t);
529	for (i = 4; i < 8; i++) t[i] = 0;
530	}
531	else if (keyBitLength == 192){
532	CopyConvertEndianness16((Word )rawKey, (Word )t);
533	for (i = 4; i < 6; i++) {
534	Word tmp = (rawKey[4i] << 24) \| (rawKey[4i+1] << 16) \|
535	(rawKey[4i+2] << 8) \| (rawKey[4i+3] << 0);
536	t[i] = tmp;
537	t[i+2] = ~tmp;
538	}
539	}
540	else if (keyBitLength == 256){
541	CopyConvertEndianness16((Word )rawKey, (Word )t);
542	CopyConvertEndianness16(((Word )rawKey)+4, ((Word )t)+4);
543	}
544
545	/* Use the feistel routine to scramble the key material */
546	XorBlock(t, t+4, t+8);
547	Camellia_Feistel(t+8, SIGMA, 2);
548	XorBlock(t+8, t, t+8);
549	Camellia_Feistel(t+8, SIGMA+4,2);
550
551	/* Fill the keyTable. Requires many block rotations. */
552	if (keyBitLength == 128){
553	memcpy(keyTable, t, 16);
554	memcpy(keyTable+4, t+8, 16);
555	for (i = 4; i < 26; i += 2 ){
556	RotBlock(t + KIDX1[i + 0], KSFT1[i + 0], keyTable+i*2);
557	RotBlock(t + KIDX1[i + 1], KSFT1[i + 1], keyTable+i*2+2);
558	}
559	}
560	else{
561	XorBlock(t+8, t+4, t+12);
562	Camellia_Feistel(t+12, SIGMA+8,2);
563	memcpy(keyTable, t, 16);
564	memcpy(keyTable+4, t+12, 16);
565	for (i = 4; i < 34; i += 2){
566	RotBlock(t + KIDX2[i + 0], KSFT2[i + 0], keyTable+i*2);
567	RotBlock(t + KIDX2[i + 1], KSFT2[i + 1], keyTable+i*2+2);
568	}
569	}
570
571	#if ZERO_MEMORY
572	rawKey = 0;
573	keyTable = 0;
574	memset(t, 0, sizeof(t));
575	#endif
576	}
577
578
579	/*
580	*-------------------------------------------------------------------------------------------------
581	* Described in great length in the accompanying document.
582	*-------------------------------------------------------------------------------------------------
583	*/
584	void Camellia_EncryptBlock
585	(
586	const int keyBitLength,
587	const Byte plaintext[],
588	const KEY_TABLE_TYPE keyTable,
589	Byte ciphertext[]
590	)
591	{
592	int j;
593	int grandRounds;
594
595	int totalGrandRounds = (keyBitLength == 128)? 3 : 4;
596	VOLATILE Word ct = (Word )ciphertext;
597	int flayerLimit = totalGrandRounds - 1;
598	VOLATILE const Word *k = keyTable+4;
599
600	/*
601	*----------------------------------------------------------------------------------------------
602	* Copy over plaintext to a ciphertext buffer, and change endianness if needed
603	*----------------------------------------------------------------------------------------------
604	*/
605
606	CopyConvertEndianness16((Word *)plaintext, ct);
607
608	/*
609	*----------------------------------------------------------------------------------------------
610	* Encrypt plaintext block via multiple feistel rounds
611	*----------------------------------------------------------------------------------------------
612	*/
613
614	XorBlock(ct, keyTable, ct);
615
616
617	for (grandRounds = 0; grandRounds < totalGrandRounds; grandRounds++)
618	{
619	/* Camellia makes 6 feistel rounds */
620	for (j = 0; j < 6; j+=2, k += 4)
621	Camellia_Feistel(ct,k,2);
622
623	if (grandRounds < flayerLimit)
624	{
625	/*
626	*-------------------------------------------------------------------------------------------------
627	* This is the same function as the diffusion function D of the accompanying documentation.
628	* See section 3.2 of the accompanying documentation for properties of the FLlayer function.
629	*----------------------------------------------------------------------------------------------
630	*/
631	ct[1] ^= LeftRotate(ct[0] & k[0], 1);
632	ct[0] ^= ct[1] \| k[1];
633	ct[2] ^= ct[3] \| k[3];
634	ct[3] ^= LeftRotate(ct[2] & k[2], 1);
635	k += 4;
636	}
637	}
638
639	/*
640	*----------------------------------------------------------------------------------
641	* Apply the permutation function Pi1. Since Pi1 uses the key words in ascending
642	* order it is necessary when decrypting to decrement the key word ptr again.
643	*----------------------------------------------------------------------------------
644	*/
645	SwapHalf(ct);
646	XorBlock(ct, k, ct);
647
648	/*
649	*----------------------------------------------------------------------------------------------
650	* Convert endianness if needed and copy out to output array
651	*----------------------------------------------------------------------------------------------
652	*/
653	#if (ENDIAN_TYPE == LITTLE_ENDIAN)
654	CopyConvertEndianness16(ct, ct);
655	#endif
656
657	#if ZERO_MEMORY
658	plaintext = ciphertext = 0;
659	k = ct = 0;
660	keyTable = 0;
661	#endif
662
663	}
664
665
666
667
668	/*
669	*-------------------------------------------------------------------------------------------------
670	* Described in great length in the accompanying document.
671	*-------------------------------------------------------------------------------------------------
672	*/
673	void Camellia_DecryptBlock
674	(
675	const int keyBitLength,
676	const Byte ciphertext[],
677	const KEY_TABLE_TYPE keyTable,
678	Byte plaintext[]
679	)
680	{
681	int grandRounds;
682	int flayerLimit;
683	int totalGrandRounds;
684	int keyTableOffset;
685	int j;
686	const Word *k;
687	Word pt = (Word )plaintext;
688
689	if (keyBitLength == 128) {
690	totalGrandRounds = 3;
691	keyTableOffset = 48;
692	} else {
693	totalGrandRounds = 4;
694	keyTableOffset = 64;
695	}
696	k = keyTable+keyTableOffset;
697	flayerLimit = totalGrandRounds - 1;
698
699	/*
700	*----------------------------------------------------------------------------------------------
701	* Copy over cipher text to a Word aligned buffer, and change endianness if needed
702	*----------------------------------------------------------------------------------------------
703	*/
704
705	CopyConvertEndianness16((Word *)ciphertext, pt);
706
707	/*
708	*----------------------------------------------------------------------------------------------
709	* Decrypt ciphertext block
710	*----------------------------------------------------------------------------------------------
711	*/
712	XorBlock(pt, k, pt);
713	k -= 2;
714
715	for (grandRounds = 0; grandRounds < totalGrandRounds; grandRounds++)
716	{
717	/* Camellia makes 6 feistel rounds */
718	for (j = 0; j < 6; j+=2, k -= 4)
719	Camellia_Feistel(pt,k,-2);
720
721	if (grandRounds < flayerLimit)
722	{
723	/*
724	*-------------------------------------------------------------------------------------------------
725	* This is the same function as the diffusion function D of the accompanying documentation.
726	* See section 3.2 of the accompanying documentation for properties of the FLlayer function.
727	*----------------------------------------------------------------------------------------------
728	*/
729	pt[1] ^= LeftRotate(pt[0] & k[0], 1);
730	pt[0] ^= pt[1] \| k[1];
731	pt[2] ^= pt[3] \| k[-1];
732	pt[3] ^= LeftRotate(pt[2] & k[-2], 1);
733	k -= 4;
734	}
735	}
736
737	/*
738	*----------------------------------------------------------------------------------
739	* Apply the permutation function Pi1. Since Pi1 uses the key words in ascending
740	* order it is necessary when decrypting to decrement the key word ptr again.
741	*----------------------------------------------------------------------------------
742	*/
743	k -= 2;
744	SwapHalf(pt);
745	XorBlock(pt, k, pt);
746
747	/*
748	*----------------------------------------------------------------------------------------------
749	* Convert endianness if needed and copy out to output array
750	*----------------------------------------------------------------------------------------------
751	*/
752
753	#if (ENDIAN_TYPE == LITTLE_ENDIAN)
754	CopyConvertEndianness16(pt, pt);
755	#endif
756
757
758	#if ZERO_MEMORY
759	ciphertext = plaintext = 0;
760	k = pt = 0;
761	keyTable = 0;
762	#endif
763	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/camellia/trunk/camellia.c

Download in other formats: