in kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/CamelliaKey.java [240:425]
private void init(byte[] key, boolean isEncrypt) {
keySize = key.length;
int[] k = new int[8];
int[] ka = new int[4];
int[] kb = new int[4];
int[] t = new int[4];
switch (key.length) {
case 16:
k[0] = BytesUtil.bytes2int(key, 0, true);
k[1] = BytesUtil.bytes2int(key, 4, true);
k[2] = BytesUtil.bytes2int(key, 8, true);
k[3] = BytesUtil.bytes2int(key, 12, true);
k[4] = k[5] = k[6] = k[7] = 0;
break;
case 24:
k[0] = BytesUtil.bytes2int(key, 0, true);
k[1] = BytesUtil.bytes2int(key, 4, true);
k[2] = BytesUtil.bytes2int(key, 8, true);
k[3] = BytesUtil.bytes2int(key, 12, true);
k[4] = BytesUtil.bytes2int(key, 16, true);
k[5] = BytesUtil.bytes2int(key, 20, true);
k[6] = ~k[4];
k[7] = ~k[5];
break;
case 32:
k[0] = BytesUtil.bytes2int(key, 0, true);
k[1] = BytesUtil.bytes2int(key, 4, true);
k[2] = BytesUtil.bytes2int(key, 8, true);
k[3] = BytesUtil.bytes2int(key, 12, true);
k[4] = BytesUtil.bytes2int(key, 16, true);
k[5] = BytesUtil.bytes2int(key, 20, true);
k[6] = BytesUtil.bytes2int(key, 24, true);
k[7] = BytesUtil.bytes2int(key, 28, true);
break;
default:
throw new
IllegalArgumentException("Invalid key size, only support 16/24/32 bytes");
}
for (int i = 0; i < 4; i++) {
ka[i] = k[i] ^ k[i + 4];
}
/* compute KA */
f2(ka, SIGMA, 0);
for (int i = 0; i < 4; i++) {
ka[i] ^= k[i];
}
f2(ka, SIGMA, 4);
if (keySize == 16) {
if (isEncrypt) {
/* KL dependant keys */
kw[0] = k[0];
kw[1] = k[1];
kw[2] = k[2];
kw[3] = k[3];
roldq(15, k, 0, subkey, 4);
roldq(30, k, 0, subkey, 12);
roldq(15, k, 0, t, 0);
subkey[18] = t[2];
subkey[19] = t[3];
roldq(17, k, 0, ke, 4);
roldq(17, k, 0, subkey, 24);
roldq(17, k, 0, subkey, 32);
/* KA dependant keys */
subkey[0] = ka[0];
subkey[1] = ka[1];
subkey[2] = ka[2];
subkey[3] = ka[3];
roldq(15, ka, 0, subkey, 8);
roldq(15, ka, 0, ke, 0);
roldq(15, ka, 0, t, 0);
subkey[16] = t[0];
subkey[17] = t[1];
roldq(15, ka, 0, subkey, 20);
roldqo32(34, ka, 0, subkey, 28);
roldq(17, ka, 0, kw, 4);
} else { // decryption
/* KL dependant keys */
kw[4] = k[0];
kw[5] = k[1];
kw[6] = k[2];
kw[7] = k[3];
decroldq(15, k, 0, subkey, 28);
decroldq(30, k, 0, subkey, 20);
decroldq(15, k, 0, t, 0);
subkey[16] = t[0];
subkey[17] = t[1];
decroldq(17, k, 0, ke, 0);
decroldq(17, k, 0, subkey, 8);
decroldq(17, k, 0, subkey, 0);
/* KA dependant keys */
subkey[34] = ka[0];
subkey[35] = ka[1];
subkey[32] = ka[2];
subkey[33] = ka[3];
decroldq(15, ka, 0, subkey, 24);
decroldq(15, ka, 0, ke, 4);
decroldq(15, ka, 0, t, 0);
subkey[18] = t[2];
subkey[19] = t[3];
decroldq(15, ka, 0, subkey, 12);
decroldqo32(34, ka, 0, subkey, 4);
roldq(17, ka, 0, kw, 0);
}
} else { // 192bit or 256bit
/* compute KB */
for (int i = 0; i < 4; i++) {
kb[i] = ka[i] ^ k[i + 4];
}
f2(kb, SIGMA, 8);
if (isEncrypt) {
/* KL dependant keys */
kw[0] = k[0];
kw[1] = k[1];
kw[2] = k[2];
kw[3] = k[3];
roldqo32(45, k, 0, subkey, 16);
roldq(15, k, 0, ke, 4);
roldq(17, k, 0, subkey, 32);
roldqo32(34, k, 0, subkey, 44);
/* KR dependant keys */
roldq(15, k, 4, subkey, 4);
roldq(15, k, 4, ke, 0);
roldq(30, k, 4, subkey, 24);
roldqo32(34, k, 4, subkey, 36);
/* KA dependant keys */
roldq(15, ka, 0, subkey, 8);
roldq(30, ka, 0, subkey, 20);
/* 32bit rotation */
ke[8] = ka[1];
ke[9] = ka[2];
ke[10] = ka[3];
ke[11] = ka[0];
roldqo32(49, ka, 0, subkey, 40);
/* KB dependant keys */
subkey[0] = kb[0];
subkey[1] = kb[1];
subkey[2] = kb[2];
subkey[3] = kb[3];
roldq(30, kb, 0, subkey, 12);
roldq(30, kb, 0, subkey, 28);
roldqo32(51, kb, 0, kw, 4);
} else { // decryption
/* KL dependant keys */
kw[4] = k[0];
kw[5] = k[1];
kw[6] = k[2];
kw[7] = k[3];
decroldqo32(45, k, 0, subkey, 28);
decroldq(15, k, 0, ke, 4);
decroldq(17, k, 0, subkey, 12);
decroldqo32(34, k, 0, subkey, 0);
/* KR dependant keys */
decroldq(15, k, 4, subkey, 40);
decroldq(15, k, 4, ke, 8);
decroldq(30, k, 4, subkey, 20);
decroldqo32(34, k, 4, subkey, 8);
/* KA dependant keys */
decroldq(15, ka, 0, subkey, 36);
decroldq(30, ka, 0, subkey, 24);
/* 32bit rotation */
ke[2] = ka[1];
ke[3] = ka[2];
ke[0] = ka[3];
ke[1] = ka[0];
decroldqo32(49, ka, 0, subkey, 4);
/* KB dependant keys */
subkey[46] = kb[0];
subkey[47] = kb[1];
subkey[44] = kb[2];
subkey[45] = kb[3];
decroldq(30, kb, 0, subkey, 32);
decroldq(30, kb, 0, subkey, 16);
roldqo32(51, kb, 0, kw, 0);
}
}
}