Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 2a9c8b62bffe43c21619f31d46c6fcf7d272462d / . / library / camellia.c
blob: 35ca23d53d4194ad2dee4ef4a11973e6c96b4069 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnard085ab042015-01-23 11:06:27 +0000[diff] [blame]6 * This file is part of mbed TLS (https://www.polarssl.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]23 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
24 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]25 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]26 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]27 */
28
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]30#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#else
32#include POLARSSL_CONFIG_FILE
33#endif
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]34
35#if defined(POLARSSL_CAMELLIA_C)
36
37#include "polarssl/camellia.h"
38
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]39#if defined(POLARSSL_PLATFORM_C)
40#include "polarssl/platform.h"
41#else
42#define polarssl_printf printf
43#endif
44
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]45#if !defined(POLARSSL_CAMELLIA_ALT)
46
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]47/* Implementation that should never be optimized out by the compiler */
48static void polarssl_zeroize( void *v, size_t n ) {
49 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
50}
51
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]52/*
53 * 32-bit integer manipulation macros (big endian)
54 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]55#ifndef GET_UINT32_BE
56#define GET_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]57{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]58 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
59 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
60 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
61 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]62}
63#endif
64
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]65#ifndef PUT_UINT32_BE
66#define PUT_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]67{ \
68 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
69 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
70 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
71 (b)[(i) + 3] = (unsigned char) ( (n) ); \
72}
73#endif
74
75static const unsigned char SIGMA_CHARS[6][8] =
76{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]77 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
78 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
79 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
80 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
81 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
82 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]83};
84
Paul Bakker33008ee2011-11-18 12:58:25 +0000[diff] [blame]85#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]86
87static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]88{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]89 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
90 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
91 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
92 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
93 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
94 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
95 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
96 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
97 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
98 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
99 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
100 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
101 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
102 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
103 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
104 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]105};
106
107#define SBOX1(n) FSb[(n)]
108#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
109#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]110#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
111
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]112#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]113
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]114static const unsigned char FSb[256] =
115{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]116 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
117 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
118 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
119 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
120 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
121 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
122 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
123 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
124 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
125 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
126 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
127 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
128 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
129 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
130 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
131 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]132};
133
134static const unsigned char FSb2[256] =
135{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]136 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
137 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
138 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
139 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
140 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
141 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
142 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
143 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
144 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
145 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
146 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
147 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
148 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
149 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
150 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
151 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]152};
153
154static const unsigned char FSb3[256] =
155{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]156 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
157 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
158 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
159 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
160 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
161 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
162 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
163 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
164 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
165 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
166 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
167 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
168 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
169 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
170 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
171 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]172};
173
174static const unsigned char FSb4[256] =
175{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]176 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
177 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
178 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
179 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
180 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
181 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
182 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
183 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
184 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
185 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
186 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
187 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
188 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
189 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
190 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
191 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]192};
193
194#define SBOX1(n) FSb[(n)]
195#define SBOX2(n) FSb2[(n)]
196#define SBOX3(n) FSb3[(n)]
197#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]198
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]199#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]200
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]201static const unsigned char shifts[2][4][4] =
202{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]203 {
204 { 1, 1, 1, 1 }, /* KL */
205 { 0, 0, 0, 0 }, /* KR */
206 { 1, 1, 1, 1 }, /* KA */
207 { 0, 0, 0, 0 } /* KB */
208 },
209 {
210 { 1, 0, 1, 1 }, /* KL */
211 { 1, 1, 0, 1 }, /* KR */
212 { 1, 1, 1, 0 }, /* KA */
213 { 1, 1, 0, 1 } /* KB */
214 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]215};
216
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]217static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]218{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]219 {
220 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
221 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
222 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
223 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
224 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
225 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
226 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
227 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
228 },
229 {
230 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
231 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
232 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
233 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
234 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
235 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
236 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
237 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
238 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]239};
240
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]241static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]242{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]243 {
244 21, 22, 23, 20,
245 -1, -1, -1, -1,
246 18, 19, 16, 17,
247 11, 8, 9, 10,
248 15, 12, 13, 14
249 },
250 {
251 25, 26, 27, 24,
252 29, 30, 31, 28,
253 18, 19, 16, 17,
254 -1, -1, -1, -1,
255 -1, -1, -1, -1
256 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]257};
258
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]259/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]260#define ROTL(DEST, SRC, SHIFT) \
261{ \
262 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
263 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
264 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
265 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]266}
267
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]268#define FL(XL, XR, KL, KR) \
269{ \
270 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
271 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]272}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]273
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]274#define FLInv(YL, YR, KL, KR) \
275{ \
276 (YL) = ((YR) | (KR)) ^ (YL); \
277 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]278}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]279
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]280#define SHIFT_AND_PLACE(INDEX, OFFSET) \
281{ \
282 TK[0] = KC[(OFFSET) * 4 + 0]; \
283 TK[1] = KC[(OFFSET) * 4 + 1]; \
284 TK[2] = KC[(OFFSET) * 4 + 2]; \
285 TK[3] = KC[(OFFSET) * 4 + 3]; \
286 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]287 for( i = 1; i <= 4; i++ ) \
288 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
289 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]290 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]291 for( i = 0; i < 20; i++ ) \
292 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
293 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
294 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]295}
296
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]297static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
298 uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]299{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]300 uint32_t I0, I1;
301 I0 = x[0] ^ k[0];
302 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]303
Manuel Pégourié-Gonnardb31b61b2014-11-10 13:05:43 +0100[diff] [blame]304 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
305 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
306 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
307 ((uint32_t) SBOX4((I0 ) & 0xFF) );
308 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
309 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
310 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
311 ((uint32_t) SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]312
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]313 I0 ^= (I1 << 8) | (I1 >> 24);
314 I1 ^= (I0 << 16) | (I0 >> 16);
315 I0 ^= (I1 >> 8) | (I1 << 24);
316 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]317
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]318 z[0] ^= I1;
319 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]320}
321
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]322void camellia_init( camellia_context *ctx )
323{
324 memset( ctx, 0, sizeof( camellia_context ) );
325}
326
327void camellia_free( camellia_context *ctx )
328{
329 if( ctx == NULL )
330 return;
331
332 polarssl_zeroize( ctx, sizeof( camellia_context ) );
333}
334
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]335/*
336 * Camellia key schedule (encryption)
337 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]338int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
339 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]340{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]341 int idx;
342 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]343 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]344 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]345 uint32_t SIGMA[6][2];
346 uint32_t KC[16];
347 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]348
349 RK = ctx->rk;
350
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]351 memset( t, 0, 64 );
352 memset( RK, 0, sizeof(ctx->rk) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]353
354 switch( keysize )
355 {
356 case 128: ctx->nr = 3; idx = 0; break;
357 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]358 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]359 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]360 }
361
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]362 for( i = 0; i < keysize / 8; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]363 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]364
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]365 if( keysize == 192 ) {
366 for( i = 0; i < 8; i++ )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]367 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]368 }
369
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]370 /*
371 * Prepare SIGMA values
372 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]373 for( i = 0; i < 6; i++ ) {
374 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
375 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]376 }
377
378 /*
379 * Key storage in KC
380 * Order: KL, KR, KA, KB
381 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]382 memset( KC, 0, sizeof(KC) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]383
384 /* Store KL, KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]385 for( i = 0; i < 8; i++ )
386 GET_UINT32_BE( KC[i], t, i * 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]387
388 /* Generate KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]389 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]390 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]391
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]392 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
393 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]394
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]395 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]396 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]397
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]398 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
399 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]400
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]401 if( keysize > 128 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]402 /* Generate KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]403 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]404 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]405
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]406 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
407 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]408 }
409
410 /*
411 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]412 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]413
414 /* Manipulating KL */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]415 SHIFT_AND_PLACE( idx, 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]416
417 /* Manipulating KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]418 if( keysize > 128 ) {
419 SHIFT_AND_PLACE( idx, 1 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]420 }
421
422 /* Manipulating KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]423 SHIFT_AND_PLACE( idx, 2 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]424
425 /* Manipulating KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]426 if( keysize > 128 ) {
427 SHIFT_AND_PLACE( idx, 3 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]428 }
429
430 /* Do transpositions */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]431 for( i = 0; i < 20; i++ ) {
432 if( transposes[idx][i] != -1 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]433 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
434 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]435 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]436
437 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]438}
439
440/*
441 * Camellia key schedule (decryption)
442 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]443int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
444 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]445{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]446 int idx, ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]447 size_t i;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]448 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]449 uint32_t *RK;
450 uint32_t *SK;
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]451
452 camellia_init( &cty );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]453
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]454 /* Also checks keysize */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]455 if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]456 goto exit;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]457
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]458 ctx->nr = cty.nr;
459 idx = ( ctx->nr == 4 );
460
461 RK = ctx->rk;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]462 SK = cty.rk + 24 * 2 + 8 * idx * 2;
463
464 *RK++ = *SK++;
465 *RK++ = *SK++;
466 *RK++ = *SK++;
467 *RK++ = *SK++;
468
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]469 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]470 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]471 *RK++ = *SK++;
472 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]473 }
474
475 SK -= 2;
476
477 *RK++ = *SK++;
478 *RK++ = *SK++;
479 *RK++ = *SK++;
480 *RK++ = *SK++;
481
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]482exit:
483 camellia_free( &cty );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]484
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]485 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]486}
487
488/*
489 * Camellia-ECB block encryption/decryption
490 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]491int camellia_crypt_ecb( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]492 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]493 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]494 unsigned char output[16] )
495{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]496 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]497 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]498
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]499 ( (void) mode );
500
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]501 NR = ctx->nr;
502 RK = ctx->rk;
503
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]504 GET_UINT32_BE( X[0], input, 0 );
505 GET_UINT32_BE( X[1], input, 4 );
506 GET_UINT32_BE( X[2], input, 8 );
507 GET_UINT32_BE( X[3], input, 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]508
509 X[0] ^= *RK++;
510 X[1] ^= *RK++;
511 X[2] ^= *RK++;
512 X[3] ^= *RK++;
513
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]514 while( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]515 --NR;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]516 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]517 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]518 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]519 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]520 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]521 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]522 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]523 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]524 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]525 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]526 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]527 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]528
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]529 if( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]530 FL(X[0], X[1], RK[0], RK[1]);
531 RK += 2;
532 FLInv(X[2], X[3], RK[0], RK[1]);
533 RK += 2;
534 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]535 }
536
537 X[2] ^= *RK++;
538 X[3] ^= *RK++;
539 X[0] ^= *RK++;
540 X[1] ^= *RK++;
541
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]542 PUT_UINT32_BE( X[2], output, 0 );
543 PUT_UINT32_BE( X[3], output, 4 );
544 PUT_UINT32_BE( X[0], output, 8 );
545 PUT_UINT32_BE( X[1], output, 12 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]546
547 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]548}
549
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]550#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]551/*
552 * Camellia-CBC buffer encryption/decryption
553 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]554int camellia_crypt_cbc( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]555 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]556 size_t length,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]557 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]558 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]559 unsigned char *output )
560{
561 int i;
562 unsigned char temp[16];
563
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]564 if( length % 16 )
565 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
566
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]567 if( mode == CAMELLIA_DECRYPT )
568 {
569 while( length > 0 )
570 {
571 memcpy( temp, input, 16 );
572 camellia_crypt_ecb( ctx, mode, input, output );
573
574 for( i = 0; i < 16; i++ )
575 output[i] = (unsigned char)( output[i] ^ iv[i] );
576
577 memcpy( iv, temp, 16 );
578
579 input += 16;
580 output += 16;
581 length -= 16;
582 }
583 }
584 else
585 {
586 while( length > 0 )
587 {
588 for( i = 0; i < 16; i++ )
589 output[i] = (unsigned char)( input[i] ^ iv[i] );
590
591 camellia_crypt_ecb( ctx, mode, output, output );
592 memcpy( iv, output, 16 );
593
594 input += 16;
595 output += 16;
596 length -= 16;
597 }
598 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]599
600 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]601}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]602#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]603
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]604#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]605/*
606 * Camellia-CFB128 buffer encryption/decryption
607 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]608int camellia_crypt_cfb128( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]609 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]610 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]611 size_t *iv_off,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]612 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]613 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]614 unsigned char *output )
615{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]616 int c;
617 size_t n = *iv_off;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]618
619 if( mode == CAMELLIA_DECRYPT )
620 {
621 while( length-- )
622 {
623 if( n == 0 )
624 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
625
626 c = *input++;
627 *output++ = (unsigned char)( c ^ iv[n] );
628 iv[n] = (unsigned char) c;
629
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]630 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]631 }
632 }
633 else
634 {
635 while( length-- )
636 {
637 if( n == 0 )
638 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
639
640 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
641
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]642 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]643 }
644 }
645
646 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]647
648 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]649}
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]650#endif /* POLARSSL_CIPHER_MODE_CFB */
651
652#if defined(POLARSSL_CIPHER_MODE_CTR)
653/*
654 * Camellia-CTR buffer encryption/decryption
655 */
656int camellia_crypt_ctr( camellia_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]657 size_t length,
658 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]659 unsigned char nonce_counter[16],
660 unsigned char stream_block[16],
661 const unsigned char *input,
662 unsigned char *output )
663{
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]664 int c, i;
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]665 size_t n = *nc_off;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]666
667 while( length-- )
668 {
669 if( n == 0 ) {
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]670 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
671 stream_block );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]672
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]673 for( i = 16; i > 0; i-- )
674 if( ++nonce_counter[i - 1] != 0 )
675 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]676 }
677 c = *input++;
678 *output++ = (unsigned char)( c ^ stream_block[n] );
679
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]680 n = ( n + 1 ) & 0x0F;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]681 }
682
683 *nc_off = n;
684
685 return( 0 );
686}
687#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]688#endif /* !POLARSSL_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]689
690#if defined(POLARSSL_SELF_TEST)
691
692#include <stdio.h>
693
694/*
695 * Camellia test vectors from:
696 *
697 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
698 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
699 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]700 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]701 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]702#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]703
704static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
705{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]706 {
707 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
708 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]709 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]710 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
711 },
712 {
713 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
714 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
715 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]716 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
718 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
719 },
720 {
721 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
722 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
723 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
724 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]725 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
727 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
728 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
729 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]730};
731
732static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
733{
734 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
735 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]736 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]737 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
738};
739
740static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
741{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]742 {
743 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
744 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
745 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
746 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
747 },
748 {
749 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
750 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
751 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
752 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
753 },
754 {
755 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
756 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
757 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
758 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
759 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]760};
761
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]762#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]763#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]764
765static const unsigned char camellia_test_cbc_key[3][32] =
766{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]767 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
768 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
769 ,
770 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
771 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
772 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
773 ,
774 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
775 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
776 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
777 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]778};
779
780static const unsigned char camellia_test_cbc_iv[16] =
781
782 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
783 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
784;
785
786static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
787{
788 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
789 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
790 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
791 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
792 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
793 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
794
795};
796
797static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
798{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]799 {
800 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
801 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
802 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
803 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
804 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
805 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
806 },
807 {
808 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
809 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
810 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
811 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
812 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
813 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
814 },
815 {
816 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
817 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
818 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
819 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
820 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
821 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
822 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]823};
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]824#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]825
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]826#if defined(POLARSSL_CIPHER_MODE_CTR)
827/*
828 * Camellia-CTR test vectors from:
829 *
830 * http://www.faqs.org/rfcs/rfc5528.html
831 */
832
833static const unsigned char camellia_test_ctr_key[3][16] =
834{
835 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
836 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
837 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
838 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
839 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
840 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
841};
842
843static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
844{
845 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
846 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
847 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
848 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
849 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
850 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
851};
852
853static const unsigned char camellia_test_ctr_pt[3][48] =
854{
855 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
856 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
857
858 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
859 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
860 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
861 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
862
863 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
864 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
865 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
866 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
867 0x20, 0x21, 0x22, 0x23 }
868};
869
870static const unsigned char camellia_test_ctr_ct[3][48] =
871{
872 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
873 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
874 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
875 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
876 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
877 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
878 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
879 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
880 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
881 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
882 0xDF, 0x50, 0x86, 0x96 }
883};
884
885static const int camellia_test_ctr_len[3] =
886 { 16, 32, 36 };
887#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]888
889/*
890 * Checkup routine
891 */
892int camellia_self_test( int verbose )
893{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]894 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]895 unsigned char key[32];
896 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]897 unsigned char src[16];
898 unsigned char dst[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]899#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]900 unsigned char iv[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]901#endif
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]902#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]903 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]904 unsigned char nonce_counter[16];
905 unsigned char stream_block[16];
906#endif
907
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]908 camellia_context ctx;
909
910 memset( key, 0, 32 );
911
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]912 for( j = 0; j < 6; j++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]913 u = j >> 1;
914 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]915
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]916 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]917 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
918 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]919
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]920 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
921 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]922
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]923 if( v == CAMELLIA_DECRYPT ) {
924 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
925 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
926 memcpy( dst, camellia_test_ecb_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]927 } else { /* CAMELLIA_ENCRYPT */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]928 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
929 memcpy( src, camellia_test_ecb_plain[i], 16 );
930 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]931 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]932
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]933 camellia_crypt_ecb( &ctx, v, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]934
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]935 if( memcmp( buf, dst, 16 ) != 0 )
936 {
937 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]938 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]939
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]940 return( 1 );
941 }
942 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]943
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]944 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]945 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]946 }
947
948 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]949 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]950
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]951#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]952 /*
953 * CBC mode
954 */
955 for( j = 0; j < 6; j++ )
956 {
957 u = j >> 1;
958 v = j & 1;
959
960 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]961 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
962 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]963
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]964 memcpy( src, camellia_test_cbc_iv, 16 );
965 memcpy( dst, camellia_test_cbc_iv, 16 );
966 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]967
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]968 if( v == CAMELLIA_DECRYPT ) {
969 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]970 } else {
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]971 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]972 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]973
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]974 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]975
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]976 if( v == CAMELLIA_DECRYPT ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]977 memcpy( iv , src, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]978 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
979 memcpy( dst, camellia_test_cbc_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]980 } else { /* CAMELLIA_ENCRYPT */
981 memcpy( iv , dst, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]982 memcpy( src, camellia_test_cbc_plain[i], 16 );
983 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]984 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]985
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]986 camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]987
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]988 if( memcmp( buf, dst, 16 ) != 0 )
989 {
990 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]991 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]992
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]993 return( 1 );
994 }
995 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]996
997 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]998 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]999 }
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]1000#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1001
1002 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1003 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1004
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1005#if defined(POLARSSL_CIPHER_MODE_CTR)
1006 /*
1007 * CTR mode
1008 */
1009 for( i = 0; i < 6; i++ )
1010 {
1011 u = i >> 1;
1012 v = i & 1;
1013
1014 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1015 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1016 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1017
1018 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1019 memcpy( key, camellia_test_ctr_key[u], 16 );
1020
1021 offset = 0;
1022 camellia_setkey_enc( &ctx, key, 128 );
1023
1024 if( v == CAMELLIA_DECRYPT )
1025 {
1026 len = camellia_test_ctr_len[u];
1027 memcpy( buf, camellia_test_ctr_ct[u], len );
1028
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1029 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1030 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1031
1032 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1033 {
1034 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1035 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1036
1037 return( 1 );
1038 }
1039 }
1040 else
1041 {
1042 len = camellia_test_ctr_len[u];
1043 memcpy( buf, camellia_test_ctr_pt[u], len );
1044
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1045 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1046 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1047
1048 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1049 {
1050 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1051 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1052
1053 return( 1 );
1054 }
1055 }
1056
1057 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1058 polarssl_printf( "passed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1059 }
1060
1061 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1062 polarssl_printf( "\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1063#endif /* POLARSSL_CIPHER_MODE_CTR */
1064
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]1065 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1066}
1067
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1068#endif /* POLARSSL_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1069
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1070#endif /* POLARSSL_CAMELLIA_C */