static UINT32 opDECW(v60_state *cpustate) /* TRUSTED */
{
UINT32 appw;
cpustate->modadd = cpustate->PC + 1;
cpustate->moddim = 2;
cpustate->amlength1 = ReadAMAddress(cpustate);
if (cpustate->amflag)
appw = cpustate->reg[cpustate->amout];
else
appw = cpustate->program->read_dword_unaligned(cpustate->amout);
SUBL(appw, 1);
if (cpustate->amflag)
cpustate->reg[cpustate->amout] = appw;
else
cpustate->program->write_dword_unaligned(cpustate->amout, appw);
return cpustate->amlength1 + 1;
}
UINT32 opDECW(void) /* TRUSTED */
{
UINT32 appw;
modAdd=PC+1;
modDim=2;
amLength1=ReadAMAddress();
if (amFlag)
appw=v60.reg[amOut];
else
appw=MemRead32(amOut);
SUBL(appw, 1);
if (amFlag)
v60.reg[amOut]=appw;
else
MemWrite32(amOut,appw);
return amLength1+1;
}
/**
* Stuff related to camellia encryption/decryption
*/
void
camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
{
uint32_t il, ir, t0, t1;
/* pre whitening but absorb kw2*/
io[0] ^= SUBL(0);
io[1] ^= SUBR(0);
/* main iteration */
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(2),SUBR(2),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(3),SUBR(3),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(4),SUBR(4),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(5),SUBR(5),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(6),SUBR(6),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(7),SUBR(7),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(8),SUBR(8), SUBL(9),SUBR(9),
t0,t1,il,ir);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(10),SUBR(10),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(11),SUBR(11),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(12),SUBR(12),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(13),SUBR(13),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(14),SUBR(14),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(15),SUBR(15),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_FLS(io[0],io[1],io[2],io[3], SUBL(16), SUBR(16), SUBL(17),SUBR(17),
t0,t1,il,ir);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(18),SUBR(18),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(19),SUBR(19),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(20),SUBR(20),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(21),SUBR(21),
io[0],io[1],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[0],io[1], SUBL(22),SUBR(22),
io[2],io[3],il,ir,t0,t1);
CAMELLIA_ROUNDSM(io[2],io[3], SUBL(23),SUBR(23),
io[0],io[1],il,ir,t0,t1);
/* post whitening but kw4 */
io[2] ^= SUBL(24);
io[3] ^= SUBR(24);
t0 = io[0];
t1 = io[1];
io[0] = io[2];
io[1] = io[3];
io[2] = t0;
io[3] = t1;
}
void
camellia_setup256(const unsigned char *key, uint32_t *subkey)
{
uint32_t kll,klr,krl,krr; /* left half of key */
uint32_t krll,krlr,krrl,krrr; /* right half of key */
uint32_t il, ir, t0, t1, w0, w1; /* temporary variables */
uint32_t kw4l, kw4r, dw, tl, tr;
uint32_t subL[34];
uint32_t subR[34];
/*
* key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
* (|| is concatination)
*/
kll = GETU32(key );
klr = GETU32(key + 4);
krl = GETU32(key + 8);
krr = GETU32(key + 12);
krll = GETU32(key + 16);
krlr = GETU32(key + 20);
krrl = GETU32(key + 24);
krrr = GETU32(key + 28);
/* generate KL dependent subkeys */
subl(0) = kll; subr(0) = klr;
subl(1) = krl; subr(1) = krr;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
subl(12) = kll; subr(12) = klr;
subl(13) = krl; subr(13) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
subl(16) = kll; subr(16) = klr;
subl(17) = krl; subr(17) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
subl(22) = kll; subr(22) = klr;
subl(23) = krl; subr(23) = krr;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
subl(30) = kll; subr(30) = klr;
subl(31) = krl; subr(31) = krr;
/* generate KR dependent subkeys */
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
subl(4) = krll; subr(4) = krlr;
subl(5) = krrl; subr(5) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
subl(8) = krll; subr(8) = krlr;
subl(9) = krrl; subr(9) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
subl(18) = krll; subr(18) = krlr;
subl(19) = krrl; subr(19) = krrr;
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
subl(26) = krll; subr(26) = krlr;
subl(27) = krrl; subr(27) = krrr;
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
/* generate KA */
kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
CAMELLIA_F(kll, klr, CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
w0, w1, il, ir, t0, t1);
krl ^= w0; krr ^= w1;
CAMELLIA_F(krl, krr, CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
kll, klr, il, ir, t0, t1);
kll ^= krll; klr ^= krlr;
CAMELLIA_F(kll, klr, CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
krl, krr, il, ir, t0, t1);
krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
CAMELLIA_F(krl, krr, CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
w0, w1, il, ir, t0, t1);
kll ^= w0; klr ^= w1;
/* generate KB */
krll ^= kll; krlr ^= klr;
krrl ^= krl; krrr ^= krr;
CAMELLIA_F(krll, krlr, CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
w0, w1, il, ir, t0, t1);
krrl ^= w0; krrr ^= w1;
CAMELLIA_F(krrl, krrr, CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
w0, w1, il, ir, t0, t1);
krll ^= w0; krlr ^= w1;
/* generate KA dependent subkeys */
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
subl(6) = kll; subr(6) = klr;
subl(7) = krl; subr(7) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
subl(14) = kll; subr(14) = klr;
subl(15) = krl; subr(15) = krr;
subl(24) = klr; subr(24) = krl;
subl(25) = krr; subr(25) = kll;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
subl(28) = kll; subr(28) = klr;
subl(29) = krl; subr(29) = krr;
/* generate KB dependent subkeys */
subl(2) = krll; subr(2) = krlr;
subl(3) = krrl; subr(3) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
subl(10) = krll; subr(10) = krlr;
subl(11) = krrl; subr(11) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
subl(20) = krll; subr(20) = krlr;
subl(21) = krrl; subr(21) = krrr;
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
subl(32) = krll; subr(32) = krlr;
subl(33) = krrl; subr(33) = krrr;
/* absorb kw2 to other subkeys */
subl(3) ^= subl(1); subr(3) ^= subr(1);
subl(5) ^= subl(1); subr(5) ^= subr(1);
subl(7) ^= subl(1); subr(7) ^= subr(1);
subl(1) ^= subr(1) & ~subr(9);
dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
subl(11) ^= subl(1); subr(11) ^= subr(1);
subl(13) ^= subl(1); subr(13) ^= subr(1);
subl(15) ^= subl(1); subr(15) ^= subr(1);
subl(1) ^= subr(1) & ~subr(17);
dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
subl(19) ^= subl(1); subr(19) ^= subr(1);
subl(21) ^= subl(1); subr(21) ^= subr(1);
subl(23) ^= subl(1); subr(23) ^= subr(1);
subl(1) ^= subr(1) & ~subr(25);
dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
subl(27) ^= subl(1); subr(27) ^= subr(1);
subl(29) ^= subl(1); subr(29) ^= subr(1);
subl(31) ^= subl(1); subr(31) ^= subr(1);
subl(32) ^= subl(1); subr(32) ^= subr(1);
/* absorb kw4 to other subkeys */
kw4l = subl(33); kw4r = subr(33);
subl(30) ^= kw4l; subr(30) ^= kw4r;
subl(28) ^= kw4l; subr(28) ^= kw4r;
subl(26) ^= kw4l; subr(26) ^= kw4r;
kw4l ^= kw4r & ~subr(24);
dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
subl(22) ^= kw4l; subr(22) ^= kw4r;
subl(20) ^= kw4l; subr(20) ^= kw4r;
subl(18) ^= kw4l; subr(18) ^= kw4r;
kw4l ^= kw4r & ~subr(16);
dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
subl(14) ^= kw4l; subr(14) ^= kw4r;
subl(12) ^= kw4l; subr(12) ^= kw4r;
subl(10) ^= kw4l; subr(10) ^= kw4r;
kw4l ^= kw4r & ~subr(8);
dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
subl(6) ^= kw4l; subr(6) ^= kw4r;
subl(4) ^= kw4l; subr(4) ^= kw4r;
subl(2) ^= kw4l; subr(2) ^= kw4r;
subl(0) ^= kw4l; subr(0) ^= kw4r;
/* key XOR is end of F-function */
SUBL(0) = subl(0) ^ subl(2);
SUBR(0) = subr(0) ^ subr(2);
SUBL(2) = subl(3);
SUBR(2) = subr(3);
SUBL(3) = subl(2) ^ subl(4);
SUBR(3) = subr(2) ^ subr(4);
SUBL(4) = subl(3) ^ subl(5);
SUBR(4) = subr(3) ^ subr(5);
SUBL(5) = subl(4) ^ subl(6);
SUBR(5) = subr(4) ^ subr(6);
SUBL(6) = subl(5) ^ subl(7);
SUBR(6) = subr(5) ^ subr(7);
tl = subl(10) ^ (subr(10) & ~subr(8));
dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
SUBL(7) = subl(6) ^ tl;
SUBR(7) = subr(6) ^ tr;
SUBL(8) = subl(8);
SUBR(8) = subr(8);
SUBL(9) = subl(9);
SUBR(9) = subr(9);
tl = subl(7) ^ (subr(7) & ~subr(9));
dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
SUBL(10) = tl ^ subl(11);
SUBR(10) = tr ^ subr(11);
SUBL(11) = subl(10) ^ subl(12);
SUBR(11) = subr(10) ^ subr(12);
SUBL(12) = subl(11) ^ subl(13);
SUBR(12) = subr(11) ^ subr(13);
SUBL(13) = subl(12) ^ subl(14);
SUBR(13) = subr(12) ^ subr(14);
SUBL(14) = subl(13) ^ subl(15);
SUBR(14) = subr(13) ^ subr(15);
tl = subl(18) ^ (subr(18) & ~subr(16));
dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
SUBL(15) = subl(14) ^ tl;
SUBR(15) = subr(14) ^ tr;
SUBL(16) = subl(16);
SUBR(16) = subr(16);
SUBL(17) = subl(17);
SUBR(17) = subr(17);
tl = subl(15) ^ (subr(15) & ~subr(17));
dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
SUBL(18) = tl ^ subl(19);
SUBR(18) = tr ^ subr(19);
SUBL(19) = subl(18) ^ subl(20);
SUBR(19) = subr(18) ^ subr(20);
SUBL(20) = subl(19) ^ subl(21);
SUBR(20) = subr(19) ^ subr(21);
SUBL(21) = subl(20) ^ subl(22);
SUBR(21) = subr(20) ^ subr(22);
SUBL(22) = subl(21) ^ subl(23);
SUBR(22) = subr(21) ^ subr(23);
tl = subl(26) ^ (subr(26) & ~subr(24));
dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
SUBL(23) = subl(22) ^ tl;
SUBR(23) = subr(22) ^ tr;
SUBL(24) = subl(24);
SUBR(24) = subr(24);
SUBL(25) = subl(25);
SUBR(25) = subr(25);
tl = subl(23) ^ (subr(23) & ~subr(25));
dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
SUBL(26) = tl ^ subl(27);
SUBR(26) = tr ^ subr(27);
SUBL(27) = subl(26) ^ subl(28);
SUBR(27) = subr(26) ^ subr(28);
SUBL(28) = subl(27) ^ subl(29);
SUBR(28) = subr(27) ^ subr(29);
SUBL(29) = subl(28) ^ subl(30);
SUBR(29) = subr(28) ^ subr(30);
SUBL(30) = subl(29) ^ subl(31);
SUBR(30) = subr(29) ^ subr(31);
SUBL(31) = subl(30);
SUBR(31) = subr(30);
SUBL(32) = subl(32) ^ subl(31);
SUBR(32) = subr(32) ^ subr(31);
/* apply the inverse of the last half of P-function */
dw = SUBL(2) ^ SUBR(2), dw = CAMELLIA_RL8(dw);
SUBR(2) = SUBL(2) ^ dw, SUBL(2) = dw;
dw = SUBL(3) ^ SUBR(3), dw = CAMELLIA_RL8(dw);
SUBR(3) = SUBL(3) ^ dw, SUBL(3) = dw;
dw = SUBL(4) ^ SUBR(4), dw = CAMELLIA_RL8(dw);
SUBR(4) = SUBL(4) ^ dw, SUBL(4) = dw;
dw = SUBL(5) ^ SUBR(5), dw = CAMELLIA_RL8(dw);
SUBR(5) = SUBL(5) ^ dw, SUBL(5) = dw;
dw = SUBL(6) ^ SUBR(6), dw = CAMELLIA_RL8(dw);
SUBR(6) = SUBL(6) ^ dw, SUBL(6) = dw;
dw = SUBL(7) ^ SUBR(7), dw = CAMELLIA_RL8(dw);
SUBR(7) = SUBL(7) ^ dw, SUBL(7) = dw;
dw = SUBL(10) ^ SUBR(10), dw = CAMELLIA_RL8(dw);
SUBR(10) = SUBL(10) ^ dw, SUBL(10) = dw;
dw = SUBL(11) ^ SUBR(11), dw = CAMELLIA_RL8(dw);
SUBR(11) = SUBL(11) ^ dw, SUBL(11) = dw;
dw = SUBL(12) ^ SUBR(12), dw = CAMELLIA_RL8(dw);
SUBR(12) = SUBL(12) ^ dw, SUBL(12) = dw;
dw = SUBL(13) ^ SUBR(13), dw = CAMELLIA_RL8(dw);
SUBR(13) = SUBL(13) ^ dw, SUBL(13) = dw;
dw = SUBL(14) ^ SUBR(14), dw = CAMELLIA_RL8(dw);
SUBR(14) = SUBL(14) ^ dw, SUBL(14) = dw;
dw = SUBL(15) ^ SUBR(15), dw = CAMELLIA_RL8(dw);
SUBR(15) = SUBL(15) ^ dw, SUBL(15) = dw;
dw = SUBL(18) ^ SUBR(18), dw = CAMELLIA_RL8(dw);
SUBR(18) = SUBL(18) ^ dw, SUBL(18) = dw;
dw = SUBL(19) ^ SUBR(19), dw = CAMELLIA_RL8(dw);
SUBR(19) = SUBL(19) ^ dw, SUBL(19) = dw;
dw = SUBL(20) ^ SUBR(20), dw = CAMELLIA_RL8(dw);
SUBR(20) = SUBL(20) ^ dw, SUBL(20) = dw;
dw = SUBL(21) ^ SUBR(21), dw = CAMELLIA_RL8(dw);
SUBR(21) = SUBL(21) ^ dw, SUBL(21) = dw;
dw = SUBL(22) ^ SUBR(22), dw = CAMELLIA_RL8(dw);
SUBR(22) = SUBL(22) ^ dw, SUBL(22) = dw;
dw = SUBL(23) ^ SUBR(23), dw = CAMELLIA_RL8(dw);
SUBR(23) = SUBL(23) ^ dw, SUBL(23) = dw;
dw = SUBL(26) ^ SUBR(26), dw = CAMELLIA_RL8(dw);
SUBR(26) = SUBL(26) ^ dw, SUBL(26) = dw;
dw = SUBL(27) ^ SUBR(27), dw = CAMELLIA_RL8(dw);
SUBR(27) = SUBL(27) ^ dw, SUBL(27) = dw;
dw = SUBL(28) ^ SUBR(28), dw = CAMELLIA_RL8(dw);
SUBR(28) = SUBL(28) ^ dw, SUBL(28) = dw;
dw = SUBL(29) ^ SUBR(29), dw = CAMELLIA_RL8(dw);
SUBR(29) = SUBL(29) ^ dw, SUBL(29) = dw;
dw = SUBL(30) ^ SUBR(30), dw = CAMELLIA_RL8(dw);
SUBR(30) = SUBL(30) ^ dw, SUBL(30) = dw;
dw = SUBL(31) ^ SUBR(31), dw = CAMELLIA_RL8(dw);
SUBR(31) = SUBL(31) ^ dw, SUBL(31) = dw;
}
