26 #define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))
27 #define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))
30 #define MASK32 0xffffffff
31 #define MASK64 0xffffffffffffffff
33 #define Sigma1 0xA09E667F3BCC908B
34 #define Sigma2 0xB67AE8584CAA73B2
35 #define Sigma3 0xC6EF372FE94F82BE
36 #define Sigma4 0x54FF53A5F1D36F1C
37 #define Sigma5 0x10E527FADE682D1D
38 #define Sigma6 0xB05688C2B3E6C1FD
40 static uint64_t
SP[8][256];
50 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
51 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
52 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
53 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
54 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
55 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
56 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
57 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
58 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
59 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
60 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
61 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
62 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
63 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
64 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
65 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
69 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
70 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
71 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
72 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
73 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
74 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
75 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
76 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
77 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
78 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
79 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
80 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
81 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
82 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
83 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
84 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
88 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
89 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
90 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
91 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
92 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
93 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
94 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
95 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
96 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
97 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
98 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
99 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
100 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
101 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
102 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
103 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
107 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
108 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
109 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
110 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
111 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
112 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
113 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
114 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
115 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
116 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
117 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
118 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
119 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
120 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
121 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
122 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
127 static void LR128(uint64_t d[2],
const uint64_t K[2],
int x)
130 if (64 <= x && x < 128) {
134 if (x <= 0 || x >= 128) {
139 d[0] = (K[i] << x | K[!i] >> (64 - x));
140 d[1] = (K[!i] << x | K[i] >> (64 - x));
143 static uint64_t
F(uint64_t F_IN, uint64_t KE)
150 static uint64_t
FL(uint64_t FL_IN, uint64_t KE)
152 uint32_t x1, x2, k1, k2;
157 x2 = x2 ^
LR32((x1 & k1), 1);
159 return ((uint64_t)x1 << 32) | (uint64_t)x2;
162 static uint64_t
FLINV(uint64_t FLINV_IN, uint64_t KE)
164 uint32_t x1, x2, k1, k2;
170 x2 = x2 ^
LR32((x1 & k1), 1);
171 return ((uint64_t)x1 << 32) | (uint64_t)x2;
175 {0, 15, 15, 45, 45, 60, 94, 94, 111},
176 {0, 15, 15, 30, 45, 45, 60, 60, 77, 94, 94, 111}
180 {2, 0, 2, 0, 2, 2, 0, 2, 0},
181 {3, 1, 2, 3, 0, 2, 1, 3, 0, 1, 2, 0}
187 uint64_t *Kd[4], d[2];
195 for (i = 0; i < 9; i++) {
208 LR128(d, Kd[2], 111);
212 for (i = 0; i < 12; i++) {
226 LR128(d, Kd[3], 111);
239 D2 ^=
F(D1, cs->
K[0]);
240 D1 ^=
F(D2, cs->
K[1]);
241 D2 ^=
F(D1, cs->
K[2]);
242 D1 ^=
F(D2, cs->
K[3]);
243 D2 ^=
F(D1, cs->
K[4]);
244 D1 ^=
F(D2, cs->
K[5]);
245 D1 =
FL(D1, cs->
Ke[0]);
247 D2 ^=
F(D1, cs->
K[6]);
248 D1 ^=
F(D2, cs->
K[7]);
249 D2 ^=
F(D1, cs->
K[8]);
250 D1 ^=
F(D2, cs->
K[9]);
251 D2 ^=
F(D1, cs->
K[10]);
252 D1 ^=
F(D2, cs->
K[11]);
253 D1 =
FL(D1, cs->
Ke[2]);
255 D2 ^=
F(D1, cs->
K[12]);
256 D1 ^=
F(D2, cs->
K[13]);
257 D2 ^=
F(D1, cs->
K[14]);
258 D1 ^=
F(D2, cs->
K[15]);
259 D2 ^=
F(D1, cs->
K[16]);
260 D1 ^=
F(D2, cs->
K[17]);
262 D1 =
FL(D1, cs->
Ke[4]);
264 D2 ^=
F(D1, cs->
K[18]);
265 D1 ^=
F(D2, cs->
K[19]);
266 D2 ^=
F(D1, cs->
K[20]);
267 D1 ^=
F(D2, cs->
K[21]);
268 D2 ^=
F(D1, cs->
K[22]);
269 D1 ^=
F(D2, cs->
K[23]);
285 D2 ^=
F(D1, cs->
K[23]);
286 D1 ^=
F(D2, cs->
K[22]);
287 D2 ^=
F(D1, cs->
K[21]);
288 D1 ^=
F(D2, cs->
K[20]);
289 D2 ^=
F(D1, cs->
K[19]);
290 D1 ^=
F(D2, cs->
K[18]);
291 D1 =
FL(D1, cs->
Ke[5]);
294 D2 ^=
F(D1, cs->
K[17]);
295 D1 ^=
F(D2, cs->
K[16]);
296 D2 ^=
F(D1, cs->
K[15]);
297 D1 ^=
F(D2, cs->
K[14]);
298 D2 ^=
F(D1, cs->
K[13]);
299 D1 ^=
F(D2, cs->
K[12]);
300 D1 =
FL(D1, cs->
Ke[3]);
302 D2 ^=
F(D1, cs->
K[11]);
303 D1 ^=
F(D2, cs->
K[10]);
304 D2 ^=
F(D1, cs->
K[9]);
305 D1 ^=
F(D2, cs->
K[8]);
306 D2 ^=
F(D1, cs->
K[7]);
307 D1 ^=
F(D2, cs->
K[6]);
308 D1 =
FL(D1, cs->
Ke[1]);
310 D2 ^=
F(D1, cs->
K[5]);
311 D1 ^=
F(D2, cs->
K[4]);
312 D2 ^=
F(D1, cs->
K[3]);
313 D1 ^=
F(D2, cs->
K[2]);
314 D2 ^=
F(D1, cs->
K[1]);
315 D1 ^=
F(D2, cs->
K[0]);
331 for (i = 0; i < 256; i++) {
333 SP[0][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ z;
334 SP[7][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ (z << 16) ^ (z << 8);
336 SP[1][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 16);
337 SP[4][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8) ^ z;
339 SP[2][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8);
340 SP[5][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 8) ^ z;
342 SP[3][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 8) ^ z;
343 SP[6][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 24) ^ (z << 16) ^ z;
354 uint64_t Kl[2], Kr[2], Ka[2], Kb[2];
356 if (key_bits != 128 && key_bits != 192 && key_bits != 256)
358 memset(Kb, 0,
sizeof(Kb));
359 memset(Kr, 0,
sizeof(Kr));
363 if (key_bits == 192) {
366 }
else if (key_bits == 256) {
381 if (key_bits != 128) {
401 for (i = 0; i < 16; i++)
402 dst[i] = src[i] ^ iv[i];
static uint64_t FL(uint64_t FL_IN, uint64_t KE)
static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)
static void LR128(uint64_t d[2], const uint64_t K[2], int x)
static uint64_t SP[8][256]
static uint64_t F(uint64_t F_IN, uint64_t KE)
struct AVCAMELLIA * av_camellia_alloc(void)
Allocate an AVCAMELLIA context To free the struct: av_free(ptr)
Macro definitions for various function/variable attributes.
Public header for libavutil CAMELLIA algorithm.
static const uint8_t SBOX3[256]
void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
Encrypt or decrypt a buffer using a previously initialized context.
static const uint8_t SBOX2[256]
static void computeSP(void)
av_cold int av_camellia_init(AVCAMELLIA *cs, const uint8_t *key, int key_bits)
Initialize an AVCAMELLIA context.
static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])
const int av_camellia_size
static const uint8_t SBOX1[256]
static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)
static const uint8_t SBOX4[256]
static const uint8_t vars[2][12]
uint64_t_TMPL AV_WL64 unsigned int_TMPL AV_WL32 unsigned int_TMPL AV_WL24 unsigned int_TMPL AV_WL16 uint64_t_TMPL AV_RB64
common internal and external API header
static const uint8_t shifts[2][12]
static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)
void * av_mallocz(size_t size)
Allocate a block of size bytes with alignment suitable for all memory accesses (including vectors if ...