PolarSSL v1.3.9
camellia.c
Go to the documentation of this file.
1/*
2 * Camellia implementation
3 *
4 * Copyright (C) 2006-2014, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27 * Corporation.
28 *
29 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
30 */
31
32#if !defined(POLARSSL_CONFIG_FILE)
33#include "polarssl/config.h"
34#else
35#include POLARSSL_CONFIG_FILE
36#endif
37
38#if defined(POLARSSL_CAMELLIA_C)
39
40#include "polarssl/camellia.h"
41
42#if defined(POLARSSL_PLATFORM_C)
43#include "polarssl/platform.h"
44#else
45#define polarssl_printf printf
46#endif
47
48#if !defined(POLARSSL_CAMELLIA_ALT)
49
50/* Implementation that should never be optimized out by the compiler */
51static void polarssl_zeroize( void *v, size_t n ) {
52 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
53}
54
55/*
56 * 32-bit integer manipulation macros (big endian)
57 */
58#ifndef GET_UINT32_BE
59#define GET_UINT32_BE(n,b,i) \
60{ \
61 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
62 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
63 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
64 | ( (uint32_t) (b)[(i) + 3] ); \
65}
66#endif
67
68#ifndef PUT_UINT32_BE
69#define PUT_UINT32_BE(n,b,i) \
70{ \
71 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
72 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
73 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
74 (b)[(i) + 3] = (unsigned char) ( (n) ); \
75}
76#endif
77
78static const unsigned char SIGMA_CHARS[6][8] =
79{
80 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
81 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
82 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
83 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
84 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
85 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
86};
87
88#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
89
90static const unsigned char FSb[256] =
91{
92 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
93 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
94 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
95 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
96 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
97 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
98 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
99 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
100 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
101 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
102 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
103 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
104 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
105 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
106 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
107 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
108};
109
110#define SBOX1(n) FSb[(n)]
111#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
112#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
113#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
114
115#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
116
117static const unsigned char FSb[256] =
118{
119 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
120 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
121 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
122 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
123 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
124 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
125 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
126 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
127 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
128 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
129 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
130 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
131 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
132 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
133 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
134 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
135};
136
137static const unsigned char FSb2[256] =
138{
139 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
140 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
141 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
142 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
143 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
144 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
145 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
146 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
147 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
148 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
149 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
150 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
151 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
152 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
153 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
154 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
155};
156
157static const unsigned char FSb3[256] =
158{
159 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
160 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
161 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
162 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
163 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
164 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
165 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
166 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
167 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
168 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
169 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
170 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
171 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
172 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
173 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
174 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
175};
176
177static const unsigned char FSb4[256] =
178{
179 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
180 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
181 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
182 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
183 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
184 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
185 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
186 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
187 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
188 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
189 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
190 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
191 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
192 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
193 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
194 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
195};
196
197#define SBOX1(n) FSb[(n)]
198#define SBOX2(n) FSb2[(n)]
199#define SBOX3(n) FSb3[(n)]
200#define SBOX4(n) FSb4[(n)]
201
202#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
203
204static const unsigned char shifts[2][4][4] =
205{
206 {
207 { 1, 1, 1, 1 }, /* KL */
208 { 0, 0, 0, 0 }, /* KR */
209 { 1, 1, 1, 1 }, /* KA */
210 { 0, 0, 0, 0 } /* KB */
211 },
212 {
213 { 1, 0, 1, 1 }, /* KL */
214 { 1, 1, 0, 1 }, /* KR */
215 { 1, 1, 1, 0 }, /* KA */
216 { 1, 1, 0, 1 } /* KB */
217 }
218};
219
220static const signed char indexes[2][4][20] =
221{
222 {
223 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
224 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
225 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
226 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
227 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
228 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
229 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
230 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
231 },
232 {
233 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
234 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
235 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
236 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
237 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
238 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
239 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
240 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
241 }
242};
243
244static const signed char transposes[2][20] =
245{
246 {
247 21, 22, 23, 20,
248 -1, -1, -1, -1,
249 18, 19, 16, 17,
250 11, 8, 9, 10,
251 15, 12, 13, 14
252 },
253 {
254 25, 26, 27, 24,
255 29, 30, 31, 28,
256 18, 19, 16, 17,
257 -1, -1, -1, -1,
258 -1, -1, -1, -1
259 }
260};
261
262/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
263#define ROTL(DEST, SRC, SHIFT) \
264{ \
265 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
266 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
267 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
268 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
269}
270
271#define FL(XL, XR, KL, KR) \
272{ \
273 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
274 (XL) = ((XR) | (KR)) ^ (XL); \
275}
276
277#define FLInv(YL, YR, KL, KR) \
278{ \
279 (YL) = ((YR) | (KR)) ^ (YL); \
280 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
281}
282
283#define SHIFT_AND_PLACE(INDEX, OFFSET) \
284{ \
285 TK[0] = KC[(OFFSET) * 4 + 0]; \
286 TK[1] = KC[(OFFSET) * 4 + 1]; \
287 TK[2] = KC[(OFFSET) * 4 + 2]; \
288 TK[3] = KC[(OFFSET) * 4 + 3]; \
289 \
290 for( i = 1; i <= 4; i++ ) \
291 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
292 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
293 \
294 for( i = 0; i < 20; i++ ) \
295 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
296 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
297 } \
298}
299
300static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
301 uint32_t z[2])
302{
303 uint32_t I0, I1;
304 I0 = x[0] ^ k[0];
305 I1 = x[1] ^ k[1];
306
307 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
308 (SBOX2((I0 >> 16) & 0xFF) << 16) |
309 (SBOX3((I0 >> 8) & 0xFF) << 8) |
310 (SBOX4((I0 ) & 0xFF) );
311 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
312 (SBOX3((I1 >> 16) & 0xFF) << 16) |
313 (SBOX4((I1 >> 8) & 0xFF) << 8) |
314 (SBOX1((I1 ) & 0xFF) );
315
316 I0 ^= (I1 << 8) | (I1 >> 24);
317 I1 ^= (I0 << 16) | (I0 >> 16);
318 I0 ^= (I1 >> 8) | (I1 << 24);
319 I1 ^= (I0 >> 8) | (I0 << 24);
320
321 z[0] ^= I1;
322 z[1] ^= I0;
323}
324
325void camellia_init( camellia_context *ctx )
326{
327 memset( ctx, 0, sizeof( camellia_context ) );
328}
329
330void camellia_free( camellia_context *ctx )
331{
332 if( ctx == NULL )
333 return;
334
335 polarssl_zeroize( ctx, sizeof( camellia_context ) );
336}
337
338/*
339 * Camellia key schedule (encryption)
340 */
341int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
342 unsigned int keysize )
343{
344 int idx;
345 size_t i;
346 uint32_t *RK;
347 unsigned char t[64];
348 uint32_t SIGMA[6][2];
349 uint32_t KC[16];
350 uint32_t TK[20];
351
352 RK = ctx->rk;
353
354 memset( t, 0, 64 );
355 memset( RK, 0, sizeof(ctx->rk) );
356
357 switch( keysize )
358 {
359 case 128: ctx->nr = 3; idx = 0; break;
360 case 192:
361 case 256: ctx->nr = 4; idx = 1; break;
362 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
363 }
364
365 for( i = 0; i < keysize / 8; ++i )
366 t[i] = key[i];
367
368 if( keysize == 192 ) {
369 for( i = 0; i < 8; i++ )
370 t[24 + i] = ~t[16 + i];
371 }
372
373 /*
374 * Prepare SIGMA values
375 */
376 for( i = 0; i < 6; i++ ) {
377 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
378 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
379 }
380
381 /*
382 * Key storage in KC
383 * Order: KL, KR, KA, KB
384 */
385 memset( KC, 0, sizeof(KC) );
386
387 /* Store KL, KR */
388 for( i = 0; i < 8; i++ )
389 GET_UINT32_BE( KC[i], t, i * 4 );
390
391 /* Generate KA */
392 for( i = 0; i < 4; ++i )
393 KC[8 + i] = KC[i] ^ KC[4 + i];
394
395 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
396 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
397
398 for( i = 0; i < 4; ++i )
399 KC[8 + i] ^= KC[i];
400
401 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
402 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
403
404 if( keysize > 128 ) {
405 /* Generate KB */
406 for( i = 0; i < 4; ++i )
407 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
408
409 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
410 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
411 }
412
413 /*
414 * Generating subkeys
415 */
416
417 /* Manipulating KL */
418 SHIFT_AND_PLACE( idx, 0 );
419
420 /* Manipulating KR */
421 if( keysize > 128 ) {
422 SHIFT_AND_PLACE( idx, 1 );
423 }
424
425 /* Manipulating KA */
426 SHIFT_AND_PLACE( idx, 2 );
427
428 /* Manipulating KB */
429 if( keysize > 128 ) {
430 SHIFT_AND_PLACE( idx, 3 );
431 }
432
433 /* Do transpositions */
434 for( i = 0; i < 20; i++ ) {
435 if( transposes[idx][i] != -1 ) {
436 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
437 }
438 }
439
440 return( 0 );
441}
442
443/*
444 * Camellia key schedule (decryption)
445 */
446int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
447 unsigned int keysize )
448{
449 int idx, ret;
450 size_t i;
451 camellia_context cty;
452 uint32_t *RK;
453 uint32_t *SK;
454
455 camellia_init( &cty );
456
457 /* Also checks keysize */
458 if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
459 goto exit;
460
461 ctx->nr = cty.nr;
462 idx = ( ctx->nr == 4 );
463
464 RK = ctx->rk;
465 SK = cty.rk + 24 * 2 + 8 * idx * 2;
466
467 *RK++ = *SK++;
468 *RK++ = *SK++;
469 *RK++ = *SK++;
470 *RK++ = *SK++;
471
472 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
473 {
474 *RK++ = *SK++;
475 *RK++ = *SK++;
476 }
477
478 SK -= 2;
479
480 *RK++ = *SK++;
481 *RK++ = *SK++;
482 *RK++ = *SK++;
483 *RK++ = *SK++;
484
485exit:
486 camellia_free( &cty );
487
488 return( ret );
489}
490
491/*
492 * Camellia-ECB block encryption/decryption
493 */
494int camellia_crypt_ecb( camellia_context *ctx,
495 int mode,
496 const unsigned char input[16],
497 unsigned char output[16] )
498{
499 int NR;
500 uint32_t *RK, X[4];
501
502 ( (void) mode );
503
504 NR = ctx->nr;
505 RK = ctx->rk;
506
507 GET_UINT32_BE( X[0], input, 0 );
508 GET_UINT32_BE( X[1], input, 4 );
509 GET_UINT32_BE( X[2], input, 8 );
510 GET_UINT32_BE( X[3], input, 12 );
511
512 X[0] ^= *RK++;
513 X[1] ^= *RK++;
514 X[2] ^= *RK++;
515 X[3] ^= *RK++;
516
517 while( NR ) {
518 --NR;
519 camellia_feistel( X, RK, X + 2 );
520 RK += 2;
521 camellia_feistel( X + 2, RK, X );
522 RK += 2;
523 camellia_feistel( X, RK, X + 2 );
524 RK += 2;
525 camellia_feistel( X + 2, RK, X );
526 RK += 2;
527 camellia_feistel( X, RK, X + 2 );
528 RK += 2;
529 camellia_feistel( X + 2, RK, X );
530 RK += 2;
531
532 if( NR ) {
533 FL(X[0], X[1], RK[0], RK[1]);
534 RK += 2;
535 FLInv(X[2], X[3], RK[0], RK[1]);
536 RK += 2;
537 }
538 }
539
540 X[2] ^= *RK++;
541 X[3] ^= *RK++;
542 X[0] ^= *RK++;
543 X[1] ^= *RK++;
544
545 PUT_UINT32_BE( X[2], output, 0 );
546 PUT_UINT32_BE( X[3], output, 4 );
547 PUT_UINT32_BE( X[0], output, 8 );
548 PUT_UINT32_BE( X[1], output, 12 );
549
550 return( 0 );
551}
552
553#if defined(POLARSSL_CIPHER_MODE_CBC)
554/*
555 * Camellia-CBC buffer encryption/decryption
556 */
557int camellia_crypt_cbc( camellia_context *ctx,
558 int mode,
559 size_t length,
560 unsigned char iv[16],
561 const unsigned char *input,
562 unsigned char *output )
563{
564 int i;
565 unsigned char temp[16];
566
567 if( length % 16 )
568 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
569
570 if( mode == CAMELLIA_DECRYPT )
571 {
572 while( length > 0 )
573 {
574 memcpy( temp, input, 16 );
575 camellia_crypt_ecb( ctx, mode, input, output );
576
577 for( i = 0; i < 16; i++ )
578 output[i] = (unsigned char)( output[i] ^ iv[i] );
579
580 memcpy( iv, temp, 16 );
581
582 input += 16;
583 output += 16;
584 length -= 16;
585 }
586 }
587 else
588 {
589 while( length > 0 )
590 {
591 for( i = 0; i < 16; i++ )
592 output[i] = (unsigned char)( input[i] ^ iv[i] );
593
594 camellia_crypt_ecb( ctx, mode, output, output );
595 memcpy( iv, output, 16 );
596
597 input += 16;
598 output += 16;
599 length -= 16;
600 }
601 }
602
603 return( 0 );
604}
605#endif /* POLARSSL_CIPHER_MODE_CBC */
606
607#if defined(POLARSSL_CIPHER_MODE_CFB)
608/*
609 * Camellia-CFB128 buffer encryption/decryption
610 */
611int camellia_crypt_cfb128( camellia_context *ctx,
612 int mode,
613 size_t length,
614 size_t *iv_off,
615 unsigned char iv[16],
616 const unsigned char *input,
617 unsigned char *output )
618{
619 int c;
620 size_t n = *iv_off;
621
622 if( mode == CAMELLIA_DECRYPT )
623 {
624 while( length-- )
625 {
626 if( n == 0 )
627 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
628
629 c = *input++;
630 *output++ = (unsigned char)( c ^ iv[n] );
631 iv[n] = (unsigned char) c;
632
633 n = ( n + 1 ) & 0x0F;
634 }
635 }
636 else
637 {
638 while( length-- )
639 {
640 if( n == 0 )
641 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
642
643 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
644
645 n = ( n + 1 ) & 0x0F;
646 }
647 }
648
649 *iv_off = n;
650
651 return( 0 );
652}
653#endif /* POLARSSL_CIPHER_MODE_CFB */
654
655#if defined(POLARSSL_CIPHER_MODE_CTR)
656/*
657 * Camellia-CTR buffer encryption/decryption
658 */
659int camellia_crypt_ctr( camellia_context *ctx,
660 size_t length,
661 size_t *nc_off,
662 unsigned char nonce_counter[16],
663 unsigned char stream_block[16],
664 const unsigned char *input,
665 unsigned char *output )
666{
667 int c, i;
668 size_t n = *nc_off;
669
670 while( length-- )
671 {
672 if( n == 0 ) {
673 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
674 stream_block );
675
676 for( i = 16; i > 0; i-- )
677 if( ++nonce_counter[i - 1] != 0 )
678 break;
679 }
680 c = *input++;
681 *output++ = (unsigned char)( c ^ stream_block[n] );
682
683 n = ( n + 1 ) & 0x0F;
684 }
685
686 *nc_off = n;
687
688 return( 0 );
689}
690#endif /* POLARSSL_CIPHER_MODE_CTR */
691#endif /* !POLARSSL_CAMELLIA_ALT */
692
693#if defined(POLARSSL_SELF_TEST)
694
695#include <stdio.h>
696
697/*
698 * Camellia test vectors from:
699 *
700 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
701 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
702 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
703 * (For each bitlength: Key 0, Nr 39)
704 */
705#define CAMELLIA_TESTS_ECB 2
706
707static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
708{
709 {
710 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
711 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
712 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
713 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
714 },
715 {
716 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
717 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
718 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
719 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
720 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
721 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
722 },
723 {
724 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
725 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
726 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
727 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
728 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
729 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
731 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
732 },
733};
734
735static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
736{
737 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
738 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
739 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
740 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
741};
742
743static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
744{
745 {
746 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
747 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
748 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
749 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
750 },
751 {
752 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
753 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
754 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
755 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
756 },
757 {
758 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
759 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
760 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
761 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
762 }
763};
764
765#if defined(POLARSSL_CIPHER_MODE_CBC)
766#define CAMELLIA_TESTS_CBC 3
767
768static const unsigned char camellia_test_cbc_key[3][32] =
769{
770 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
771 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
772 ,
773 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
774 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
775 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
776 ,
777 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
778 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
779 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
780 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
781};
782
783static const unsigned char camellia_test_cbc_iv[16] =
784
785 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
786 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
787;
788
789static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
790{
791 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
792 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
793 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
794 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
795 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
796 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
797
798};
799
800static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
801{
802 {
803 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
804 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
805 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
806 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
807 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
808 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
809 },
810 {
811 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
812 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
813 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
814 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
815 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
816 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
817 },
818 {
819 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
820 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
821 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
822 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
823 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
824 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
825 }
826};
827#endif /* POLARSSL_CIPHER_MODE_CBC */
828
829#if defined(POLARSSL_CIPHER_MODE_CTR)
830/*
831 * Camellia-CTR test vectors from:
832 *
833 * http://www.faqs.org/rfcs/rfc5528.html
834 */
835
836static const unsigned char camellia_test_ctr_key[3][16] =
837{
838 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
839 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
840 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
841 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
842 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
843 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
844};
845
846static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
847{
848 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
849 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
850 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
851 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
852 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
853 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
854};
855
856static const unsigned char camellia_test_ctr_pt[3][48] =
857{
858 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
859 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
860
861 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
862 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
863 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
864 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
865
866 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
867 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
868 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
869 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
870 0x20, 0x21, 0x22, 0x23 }
871};
872
873static const unsigned char camellia_test_ctr_ct[3][48] =
874{
875 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
876 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
877 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
878 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
879 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
880 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
881 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
882 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
883 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
884 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
885 0xDF, 0x50, 0x86, 0x96 }
886};
887
888static const int camellia_test_ctr_len[3] =
889 { 16, 32, 36 };
890#endif /* POLARSSL_CIPHER_MODE_CTR */
891
892/*
893 * Checkup routine
894 */
895int camellia_self_test( int verbose )
896{
897 int i, j, u, v;
898 unsigned char key[32];
899 unsigned char buf[64];
900 unsigned char src[16];
901 unsigned char dst[16];
902#if defined(POLARSSL_CIPHER_MODE_CBC)
903 unsigned char iv[16];
904#endif
905#if defined(POLARSSL_CIPHER_MODE_CTR)
906 size_t offset, len;
907 unsigned char nonce_counter[16];
908 unsigned char stream_block[16];
909#endif
910
911 camellia_context ctx;
912
913 memset( key, 0, 32 );
914
915 for( j = 0; j < 6; j++ ) {
916 u = j >> 1;
917 v = j & 1;
918
919 if( verbose != 0 )
920 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
921 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
922
923 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
924 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
925
926 if( v == CAMELLIA_DECRYPT ) {
927 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
928 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
929 memcpy( dst, camellia_test_ecb_plain[i], 16 );
930 } else { /* CAMELLIA_ENCRYPT */
931 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
932 memcpy( src, camellia_test_ecb_plain[i], 16 );
933 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
934 }
935
936 camellia_crypt_ecb( &ctx, v, src, buf );
937
938 if( memcmp( buf, dst, 16 ) != 0 )
939 {
940 if( verbose != 0 )
941 polarssl_printf( "failed\n" );
942
943 return( 1 );
944 }
945 }
946
947 if( verbose != 0 )
948 polarssl_printf( "passed\n" );
949 }
950
951 if( verbose != 0 )
952 polarssl_printf( "\n" );
953
954#if defined(POLARSSL_CIPHER_MODE_CBC)
955 /*
956 * CBC mode
957 */
958 for( j = 0; j < 6; j++ )
959 {
960 u = j >> 1;
961 v = j & 1;
962
963 if( verbose != 0 )
964 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
965 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
966
967 memcpy( src, camellia_test_cbc_iv, 16 );
968 memcpy( dst, camellia_test_cbc_iv, 16 );
969 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
970
971 if( v == CAMELLIA_DECRYPT ) {
972 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
973 } else {
974 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
975 }
976
977 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
978
979 if( v == CAMELLIA_DECRYPT ) {
980 memcpy( iv , src, 16 );
981 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
982 memcpy( dst, camellia_test_cbc_plain[i], 16 );
983 } else { /* CAMELLIA_ENCRYPT */
984 memcpy( iv , dst, 16 );
985 memcpy( src, camellia_test_cbc_plain[i], 16 );
986 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
987 }
988
989 camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
990
991 if( memcmp( buf, dst, 16 ) != 0 )
992 {
993 if( verbose != 0 )
994 polarssl_printf( "failed\n" );
995
996 return( 1 );
997 }
998 }
999
1000 if( verbose != 0 )
1001 polarssl_printf( "passed\n" );
1002 }
1003#endif /* POLARSSL_CIPHER_MODE_CBC */
1004
1005 if( verbose != 0 )
1006 polarssl_printf( "\n" );
1007
1008#if defined(POLARSSL_CIPHER_MODE_CTR)
1009 /*
1010 * CTR mode
1011 */
1012 for( i = 0; i < 6; i++ )
1013 {
1014 u = i >> 1;
1015 v = i & 1;
1016
1017 if( verbose != 0 )
1018 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1019 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
1020
1021 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1022 memcpy( key, camellia_test_ctr_key[u], 16 );
1023
1024 offset = 0;
1025 camellia_setkey_enc( &ctx, key, 128 );
1026
1027 if( v == CAMELLIA_DECRYPT )
1028 {
1029 len = camellia_test_ctr_len[u];
1030 memcpy( buf, camellia_test_ctr_ct[u], len );
1031
1032 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1033 buf, buf );
1034
1035 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1036 {
1037 if( verbose != 0 )
1038 polarssl_printf( "failed\n" );
1039
1040 return( 1 );
1041 }
1042 }
1043 else
1044 {
1045 len = camellia_test_ctr_len[u];
1046 memcpy( buf, camellia_test_ctr_pt[u], len );
1047
1048 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1049 buf, buf );
1050
1051 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1052 {
1053 if( verbose != 0 )
1054 polarssl_printf( "failed\n" );
1055
1056 return( 1 );
1057 }
1058 }
1059
1060 if( verbose != 0 )
1061 polarssl_printf( "passed\n" );
1062 }
1063
1064 if( verbose != 0 )
1065 polarssl_printf( "\n" );
1066#endif /* POLARSSL_CIPHER_MODE_CTR */
1067
1068 return( 0 );
1069}
1070
1071#endif /* POLARSSL_SELF_TEST */
1072
1073#endif /* POLARSSL_CAMELLIA_C */
camellia.h
Camellia block cipher.
POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Definition camellia.h:49
CAMELLIA_DECRYPT
#define CAMELLIA_DECRYPT
Definition camellia.h:46
camellia_crypt_cbc
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes)
camellia_crypt_cfb128
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
camellia_setkey_enc
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
camellia_crypt_ecb
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.
Definition camellia.h:48
camellia_setkey_dec
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
camellia_init
void camellia_init(camellia_context *ctx)
Initialize CAMELLIA context.
camellia_free
void camellia_free(camellia_context *ctx)
Clear CAMELLIA context.
CAMELLIA_ENCRYPT
#define CAMELLIA_ENCRYPT
Definition camellia.h:45
camellia_self_test
int camellia_self_test(int verbose)
Checkup routine.
camellia_crypt_ctr
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
config.h
Configuration options (set of defines)
platform.h
PolarSSL Platform abstraction layer.
camellia_context
CAMELLIA context structure.
Definition camellia.h:63
camellia_context::nr
int nr
Definition camellia.h:64
camellia_context::rk
uint32_t rk[68]
Definition camellia.h:65
GET_UINT32_BE
#define GET_UINT32_BE(n, b, i)
Definition test_suite_aes.cbc.c:39
PUT_UINT32_BE
#define PUT_UINT32_BE(n, b, i)
Definition test_suite_aes.cbc.c:49
polarssl_printf
#define polarssl_printf
Definition test_suite_aes.cbc.c:309
Generated on Tue Feb 20 2024 18:30:50 for PolarSSL v1.3.9 by doxygen 1.9.8