Select Git revision
camellia128-set-encrypt-key.c
Forked from
Nettle / nettle
1795 commits behind, 2 commits ahead of the upstream repository.
-
Niels Möller authored
Use distinct context structs and functions for camellia128 and camellia256.
Niels Möller authoredUse distinct context structs and functions for camellia128 and camellia256.
camellia128-set-encrypt-key.c 2.95 KiB
/* camellia128-set-encrypt-key.c
*
* Key setup for the camellia block cipher.
*/
/*
* Copyright (C) 2006,2007
* NTT (Nippon Telegraph and Telephone Corporation).
*
* Copyright (C) 2010, 2013 Niels Möller
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/*
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/* Based on camellia.c ver 1.2.0, see
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <limits.h>
#include "camellia-internal.h"
#include "macros.h"
void
camellia128_set_encrypt_key (struct camellia128_ctx *ctx,
const uint8_t *key)
{
uint64_t k0, k1;
uint64_t subkey[_CAMELLIA128_NKEYS + 2];
uint64_t w;
k0 = READ_UINT64(key);
k1 = READ_UINT64(key + 8);
/**
* generate KL dependent subkeys
*/
subkey[0] = k0; subkey[1] = k1;
ROTL128(15, k0, k1);
subkey[4] = k0; subkey[5] = k1;
ROTL128(30, k0, k1);
subkey[10] = k0; subkey[11] = k1;
ROTL128(15, k0, k1);
subkey[13] = k1;
ROTL128(17, k0, k1);
subkey[16] = k0; subkey[17] = k1;
ROTL128(17, k0, k1);
subkey[18] = k0; subkey[19] = k1; ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1;
/* generate KA. D1 is k0, d2 is k1. */
/* FIXME: Make notation match the spec better. */
/* For the 128-bit case, KR = 0, the construction of KA reduces to:
D1 = KL >> 64;
W = KL & MASK64;
D2 = F(D1, Sigma1);
W = D2 ^ W
D1 = F(W, Sigma2)
D2 = D2 ^ F(D1, Sigma3);
D1 = D1 ^ F(D2, Sigma4);
KA = (D1 << 64) | D2;
*/
k0 = subkey[0]; w = subkey[1];
CAMELLIA_F(k0, SIGMA1, k1);
w ^= k1;
CAMELLIA_F(w, SIGMA2, k0);
CAMELLIA_F(k0, SIGMA3, w);
k1 ^= w;
CAMELLIA_F(k1, SIGMA4, w);
k0 ^= w;
/* generate KA dependent subkeys */
subkey[2] = k0; subkey[3] = k1;
ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1;
ROTL128(15, k0, k1);
subkey[8] = k0; subkey[9] = k1;
ROTL128(15, k0, k1);
subkey[12] = k0;
ROTL128(15, k0, k1);
subkey[14] = k0; subkey[15] = k1;
ROTL128(34, k0, k1);
subkey[20] = k0; subkey[21] = k1;
ROTL128(17, k0, k1);
subkey[24] = k0; subkey[25] = k1;
/* Common final processing */
_camellia_absorb (_CAMELLIA128_NKEYS, ctx->keys, subkey);
}