Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / a658a4051b03ad7d17b3c8d976af2d1caa5e8281 / . / library / camellia.c
blob: 62f245c91a693e970029f9ae0e699f7be298e9b2 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame^]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnard967a2a52015-01-22 14:28:16 +0000[diff] [blame]6 * This file is part of mbed TLS (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]26 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]28 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]29 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]30 */
31
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]33#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]34#else
35#include POLARSSL_CONFIG_FILE
36#endif
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]37
38#if defined(POLARSSL_CAMELLIA_C)
39
40#include "polarssl/camellia.h"
41
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]42#if defined(POLARSSL_PLATFORM_C)
43#include "polarssl/platform.h"
44#else
45#define polarssl_printf printf
46#endif
47
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]48#if !defined(POLARSSL_CAMELLIA_ALT)
49
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]50/* Implementation that should never be optimized out by the compiler */
51static void polarssl_zeroize( void *v, size_t n ) {
52 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
53}
54
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]55/*
56 * 32-bit integer manipulation macros (big endian)
57 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]58#ifndef GET_UINT32_BE
59#define GET_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]60{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]61 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
62 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
63 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
64 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]65}
66#endif
67
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]68#ifndef PUT_UINT32_BE
69#define PUT_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]70{ \
71 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
72 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
73 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
74 (b)[(i) + 3] = (unsigned char) ( (n) ); \
75}
76#endif
77
78static const unsigned char SIGMA_CHARS[6][8] =
79{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]80 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
81 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
82 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
83 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
84 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
85 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]86};
87
Paul Bakker33008ee2011-11-18 12:58:25 +0000[diff] [blame]88#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]89
90static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]91{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]92 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
93 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
94 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
95 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
96 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
97 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
98 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
99 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
100 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
101 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
102 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
103 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
104 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
105 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
106 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
107 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]108};
109
110#define SBOX1(n) FSb[(n)]
111#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
112#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]113#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
114
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]115#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]116
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]117static const unsigned char FSb[256] =
118{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]119 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
120 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
121 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
122 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
123 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
124 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
125 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
126 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
127 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
128 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
129 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
130 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
131 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
132 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
133 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
134 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]135};
136
137static const unsigned char FSb2[256] =
138{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]139 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
140 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
141 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
142 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
143 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
144 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
145 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
146 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
147 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
148 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
149 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
150 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
151 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
152 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
153 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
154 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]155};
156
157static const unsigned char FSb3[256] =
158{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]159 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
160 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
161 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
162 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
163 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
164 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
165 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
166 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
167 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
168 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
169 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
170 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
171 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
172 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
173 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
174 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]175};
176
177static const unsigned char FSb4[256] =
178{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]179 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
180 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
181 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
182 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
183 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
184 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
185 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
186 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
187 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
188 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
189 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
190 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
191 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
192 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
193 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
194 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]195};
196
197#define SBOX1(n) FSb[(n)]
198#define SBOX2(n) FSb2[(n)]
199#define SBOX3(n) FSb3[(n)]
200#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]201
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]202#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]203
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]204static const unsigned char shifts[2][4][4] =
205{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]206 {
207 { 1, 1, 1, 1 }, /* KL */
208 { 0, 0, 0, 0 }, /* KR */
209 { 1, 1, 1, 1 }, /* KA */
210 { 0, 0, 0, 0 } /* KB */
211 },
212 {
213 { 1, 0, 1, 1 }, /* KL */
214 { 1, 1, 0, 1 }, /* KR */
215 { 1, 1, 1, 0 }, /* KA */
216 { 1, 1, 0, 1 } /* KB */
217 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]218};
219
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]220static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]221{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]222 {
223 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
224 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
225 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
226 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
227 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
228 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
229 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
230 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
231 },
232 {
233 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
234 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
235 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
236 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
237 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
238 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
239 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
240 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
241 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]242};
243
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]244static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]245{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]246 {
247 21, 22, 23, 20,
248 -1, -1, -1, -1,
249 18, 19, 16, 17,
250 11, 8, 9, 10,
251 15, 12, 13, 14
252 },
253 {
254 25, 26, 27, 24,
255 29, 30, 31, 28,
256 18, 19, 16, 17,
257 -1, -1, -1, -1,
258 -1, -1, -1, -1
259 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]260};
261
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]262/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]263#define ROTL(DEST, SRC, SHIFT) \
264{ \
265 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
266 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
267 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
268 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]269}
270
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]271#define FL(XL, XR, KL, KR) \
272{ \
273 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
274 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]275}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]276
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]277#define FLInv(YL, YR, KL, KR) \
278{ \
279 (YL) = ((YR) | (KR)) ^ (YL); \
280 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]281}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]282
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]283#define SHIFT_AND_PLACE(INDEX, OFFSET) \
284{ \
285 TK[0] = KC[(OFFSET) * 4 + 0]; \
286 TK[1] = KC[(OFFSET) * 4 + 1]; \
287 TK[2] = KC[(OFFSET) * 4 + 2]; \
288 TK[3] = KC[(OFFSET) * 4 + 3]; \
289 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]290 for( i = 1; i <= 4; i++ ) \
291 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
292 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]293 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]294 for( i = 0; i < 20; i++ ) \
295 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
296 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
297 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]298}
299
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]300static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
301 uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]302{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]303 uint32_t I0, I1;
304 I0 = x[0] ^ k[0];
305 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]306
Manuel Pégourié-Gonnardb31b61b2014-11-10 13:05:43 +0100[diff] [blame]307 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
308 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
309 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
310 ((uint32_t) SBOX4((I0 ) & 0xFF) );
311 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
312 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
313 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
314 ((uint32_t) SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]315
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]316 I0 ^= (I1 << 8) | (I1 >> 24);
317 I1 ^= (I0 << 16) | (I0 >> 16);
318 I0 ^= (I1 >> 8) | (I1 << 24);
319 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]320
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]321 z[0] ^= I1;
322 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]323}
324
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]325void camellia_init( camellia_context *ctx )
326{
327 memset( ctx, 0, sizeof( camellia_context ) );
328}
329
330void camellia_free( camellia_context *ctx )
331{
332 if( ctx == NULL )
333 return;
334
335 polarssl_zeroize( ctx, sizeof( camellia_context ) );
336}
337
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]338/*
339 * Camellia key schedule (encryption)
340 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]341int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
342 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]343{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]344 int idx;
345 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]346 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]347 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]348 uint32_t SIGMA[6][2];
349 uint32_t KC[16];
350 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]351
352 RK = ctx->rk;
353
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]354 memset( t, 0, 64 );
355 memset( RK, 0, sizeof(ctx->rk) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]356
357 switch( keysize )
358 {
359 case 128: ctx->nr = 3; idx = 0; break;
360 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]361 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]362 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]363 }
364
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]365 for( i = 0; i < keysize / 8; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]366 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]367
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]368 if( keysize == 192 ) {
369 for( i = 0; i < 8; i++ )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]370 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]371 }
372
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]373 /*
374 * Prepare SIGMA values
375 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]376 for( i = 0; i < 6; i++ ) {
377 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
378 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]379 }
380
381 /*
382 * Key storage in KC
383 * Order: KL, KR, KA, KB
384 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]385 memset( KC, 0, sizeof(KC) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]386
387 /* Store KL, KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]388 for( i = 0; i < 8; i++ )
389 GET_UINT32_BE( KC[i], t, i * 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]390
391 /* Generate KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]392 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]393 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]394
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]395 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
396 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]397
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]398 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]399 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]400
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]401 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
402 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]403
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]404 if( keysize > 128 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]405 /* Generate KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]406 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]407 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]408
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]409 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
410 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]411 }
412
413 /*
414 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]415 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]416
417 /* Manipulating KL */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]418 SHIFT_AND_PLACE( idx, 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]419
420 /* Manipulating KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]421 if( keysize > 128 ) {
422 SHIFT_AND_PLACE( idx, 1 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]423 }
424
425 /* Manipulating KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]426 SHIFT_AND_PLACE( idx, 2 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]427
428 /* Manipulating KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]429 if( keysize > 128 ) {
430 SHIFT_AND_PLACE( idx, 3 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]431 }
432
433 /* Do transpositions */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]434 for( i = 0; i < 20; i++ ) {
435 if( transposes[idx][i] != -1 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]436 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
437 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]438 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]439
440 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]441}
442
443/*
444 * Camellia key schedule (decryption)
445 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]446int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
447 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]448{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]449 int idx, ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]450 size_t i;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]451 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]452 uint32_t *RK;
453 uint32_t *SK;
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]454
455 camellia_init( &cty );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]456
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]457 /* Also checks keysize */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]458 if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]459 goto exit;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]460
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]461 ctx->nr = cty.nr;
462 idx = ( ctx->nr == 4 );
463
464 RK = ctx->rk;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]465 SK = cty.rk + 24 * 2 + 8 * idx * 2;
466
467 *RK++ = *SK++;
468 *RK++ = *SK++;
469 *RK++ = *SK++;
470 *RK++ = *SK++;
471
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]472 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]473 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]474 *RK++ = *SK++;
475 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]476 }
477
478 SK -= 2;
479
480 *RK++ = *SK++;
481 *RK++ = *SK++;
482 *RK++ = *SK++;
483 *RK++ = *SK++;
484
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]485exit:
486 camellia_free( &cty );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]487
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]488 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]489}
490
491/*
492 * Camellia-ECB block encryption/decryption
493 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]494int camellia_crypt_ecb( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]495 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]496 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]497 unsigned char output[16] )
498{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]499 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]500 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]501
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]502 ( (void) mode );
503
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]504 NR = ctx->nr;
505 RK = ctx->rk;
506
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]507 GET_UINT32_BE( X[0], input, 0 );
508 GET_UINT32_BE( X[1], input, 4 );
509 GET_UINT32_BE( X[2], input, 8 );
510 GET_UINT32_BE( X[3], input, 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]511
512 X[0] ^= *RK++;
513 X[1] ^= *RK++;
514 X[2] ^= *RK++;
515 X[3] ^= *RK++;
516
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]517 while( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]518 --NR;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]519 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]520 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]521 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]522 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]523 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]524 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]525 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]526 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]527 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]528 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]529 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]530 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]531
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]532 if( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]533 FL(X[0], X[1], RK[0], RK[1]);
534 RK += 2;
535 FLInv(X[2], X[3], RK[0], RK[1]);
536 RK += 2;
537 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]538 }
539
540 X[2] ^= *RK++;
541 X[3] ^= *RK++;
542 X[0] ^= *RK++;
543 X[1] ^= *RK++;
544
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]545 PUT_UINT32_BE( X[2], output, 0 );
546 PUT_UINT32_BE( X[3], output, 4 );
547 PUT_UINT32_BE( X[0], output, 8 );
548 PUT_UINT32_BE( X[1], output, 12 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]549
550 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]551}
552
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]553#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]554/*
555 * Camellia-CBC buffer encryption/decryption
556 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]557int camellia_crypt_cbc( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]558 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]559 size_t length,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]560 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]561 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]562 unsigned char *output )
563{
564 int i;
565 unsigned char temp[16];
566
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]567 if( length % 16 )
568 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
569
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]570 if( mode == CAMELLIA_DECRYPT )
571 {
572 while( length > 0 )
573 {
574 memcpy( temp, input, 16 );
575 camellia_crypt_ecb( ctx, mode, input, output );
576
577 for( i = 0; i < 16; i++ )
578 output[i] = (unsigned char)( output[i] ^ iv[i] );
579
580 memcpy( iv, temp, 16 );
581
582 input += 16;
583 output += 16;
584 length -= 16;
585 }
586 }
587 else
588 {
589 while( length > 0 )
590 {
591 for( i = 0; i < 16; i++ )
592 output[i] = (unsigned char)( input[i] ^ iv[i] );
593
594 camellia_crypt_ecb( ctx, mode, output, output );
595 memcpy( iv, output, 16 );
596
597 input += 16;
598 output += 16;
599 length -= 16;
600 }
601 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]602
603 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]604}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]605#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]606
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]607#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]608/*
609 * Camellia-CFB128 buffer encryption/decryption
610 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]611int camellia_crypt_cfb128( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]612 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]613 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]614 size_t *iv_off,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]615 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]616 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]617 unsigned char *output )
618{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]619 int c;
620 size_t n = *iv_off;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]621
622 if( mode == CAMELLIA_DECRYPT )
623 {
624 while( length-- )
625 {
626 if( n == 0 )
627 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
628
629 c = *input++;
630 *output++ = (unsigned char)( c ^ iv[n] );
631 iv[n] = (unsigned char) c;
632
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]633 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]634 }
635 }
636 else
637 {
638 while( length-- )
639 {
640 if( n == 0 )
641 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
642
643 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
644
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]645 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]646 }
647 }
648
649 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]650
651 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]652}
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]653#endif /* POLARSSL_CIPHER_MODE_CFB */
654
655#if defined(POLARSSL_CIPHER_MODE_CTR)
656/*
657 * Camellia-CTR buffer encryption/decryption
658 */
659int camellia_crypt_ctr( camellia_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]660 size_t length,
661 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]662 unsigned char nonce_counter[16],
663 unsigned char stream_block[16],
664 const unsigned char *input,
665 unsigned char *output )
666{
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]667 int c, i;
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]668 size_t n = *nc_off;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]669
670 while( length-- )
671 {
672 if( n == 0 ) {
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]673 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
674 stream_block );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]675
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]676 for( i = 16; i > 0; i-- )
677 if( ++nonce_counter[i - 1] != 0 )
678 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]679 }
680 c = *input++;
681 *output++ = (unsigned char)( c ^ stream_block[n] );
682
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]683 n = ( n + 1 ) & 0x0F;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]684 }
685
686 *nc_off = n;
687
688 return( 0 );
689}
690#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]691#endif /* !POLARSSL_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]692
693#if defined(POLARSSL_SELF_TEST)
694
695#include <stdio.h>
696
697/*
698 * Camellia test vectors from:
699 *
700 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
701 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
702 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]703 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]704 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]705#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]706
707static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
708{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]709 {
710 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
711 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]712 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]713 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
714 },
715 {
716 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
717 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
718 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]719 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]720 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
721 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
722 },
723 {
724 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
725 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
726 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
727 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]728 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]729 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
731 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
732 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]733};
734
735static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
736{
737 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
738 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]739 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]740 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
741};
742
743static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
744{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]745 {
746 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
747 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
748 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
749 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
750 },
751 {
752 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
753 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
754 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
755 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
756 },
757 {
758 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
759 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
760 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
761 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
762 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]763};
764
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]765#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]766#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]767
768static const unsigned char camellia_test_cbc_key[3][32] =
769{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]770 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
771 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
772 ,
773 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
774 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
775 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
776 ,
777 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
778 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
779 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
780 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]781};
782
783static const unsigned char camellia_test_cbc_iv[16] =
784
785 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
786 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
787;
788
789static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
790{
791 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
792 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
793 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
794 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
795 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
796 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
797
798};
799
800static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
801{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]802 {
803 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
804 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
805 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
806 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
807 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
808 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
809 },
810 {
811 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
812 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
813 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
814 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
815 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
816 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
817 },
818 {
819 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
820 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
821 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
822 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
823 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
824 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
825 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]826};
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]827#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]828
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]829#if defined(POLARSSL_CIPHER_MODE_CTR)
830/*
831 * Camellia-CTR test vectors from:
832 *
833 * http://www.faqs.org/rfcs/rfc5528.html
834 */
835
836static const unsigned char camellia_test_ctr_key[3][16] =
837{
838 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
839 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
840 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
841 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
842 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
843 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
844};
845
846static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
847{
848 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
849 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
850 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
851 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
852 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
853 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
854};
855
856static const unsigned char camellia_test_ctr_pt[3][48] =
857{
858 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
859 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
860
861 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
862 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
863 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
864 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
865
866 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
867 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
868 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
869 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
870 0x20, 0x21, 0x22, 0x23 }
871};
872
873static const unsigned char camellia_test_ctr_ct[3][48] =
874{
875 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
876 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
877 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
878 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
879 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
880 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
881 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
882 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
883 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
884 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
885 0xDF, 0x50, 0x86, 0x96 }
886};
887
888static const int camellia_test_ctr_len[3] =
889 { 16, 32, 36 };
890#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]891
892/*
893 * Checkup routine
894 */
895int camellia_self_test( int verbose )
896{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]897 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]898 unsigned char key[32];
899 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]900 unsigned char src[16];
901 unsigned char dst[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]902#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]903 unsigned char iv[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]904#endif
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]905#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]906 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]907 unsigned char nonce_counter[16];
908 unsigned char stream_block[16];
909#endif
910
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]911 camellia_context ctx;
912
913 memset( key, 0, 32 );
914
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]915 for( j = 0; j < 6; j++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]916 u = j >> 1;
917 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]918
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]919 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]920 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
921 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]922
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]923 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
924 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]925
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]926 if( v == CAMELLIA_DECRYPT ) {
927 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
928 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
929 memcpy( dst, camellia_test_ecb_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]930 } else { /* CAMELLIA_ENCRYPT */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]931 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
932 memcpy( src, camellia_test_ecb_plain[i], 16 );
933 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]934 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]935
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]936 camellia_crypt_ecb( &ctx, v, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]937
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]938 if( memcmp( buf, dst, 16 ) != 0 )
939 {
940 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]941 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]942
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]943 return( 1 );
944 }
945 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]946
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]947 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]948 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]949 }
950
951 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]952 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]953
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]954#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]955 /*
956 * CBC mode
957 */
958 for( j = 0; j < 6; j++ )
959 {
960 u = j >> 1;
961 v = j & 1;
962
963 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]964 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
965 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]966
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]967 memcpy( src, camellia_test_cbc_iv, 16 );
968 memcpy( dst, camellia_test_cbc_iv, 16 );
969 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]970
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]971 if( v == CAMELLIA_DECRYPT ) {
972 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]973 } else {
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]974 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]975 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]976
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]977 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]978
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]979 if( v == CAMELLIA_DECRYPT ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]980 memcpy( iv , src, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]981 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
982 memcpy( dst, camellia_test_cbc_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]983 } else { /* CAMELLIA_ENCRYPT */
984 memcpy( iv , dst, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]985 memcpy( src, camellia_test_cbc_plain[i], 16 );
986 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]987 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]988
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]989 camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]990
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]991 if( memcmp( buf, dst, 16 ) != 0 )
992 {
993 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]994 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]995
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]996 return( 1 );
997 }
998 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]999
1000 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1001 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1002 }
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]1003#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1004
1005 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1006 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1007
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1008#if defined(POLARSSL_CIPHER_MODE_CTR)
1009 /*
1010 * CTR mode
1011 */
1012 for( i = 0; i < 6; i++ )
1013 {
1014 u = i >> 1;
1015 v = i & 1;
1016
1017 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1018 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1019 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1020
1021 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1022 memcpy( key, camellia_test_ctr_key[u], 16 );
1023
1024 offset = 0;
1025 camellia_setkey_enc( &ctx, key, 128 );
1026
1027 if( v == CAMELLIA_DECRYPT )
1028 {
1029 len = camellia_test_ctr_len[u];
1030 memcpy( buf, camellia_test_ctr_ct[u], len );
1031
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1032 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1033 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1034
1035 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1036 {
1037 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1038 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1039
1040 return( 1 );
1041 }
1042 }
1043 else
1044 {
1045 len = camellia_test_ctr_len[u];
1046 memcpy( buf, camellia_test_ctr_pt[u], len );
1047
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1048 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1049 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1050
1051 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1052 {
1053 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1054 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1055
1056 return( 1 );
1057 }
1058 }
1059
1060 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1061 polarssl_printf( "passed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1062 }
1063
1064 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1065 polarssl_printf( "\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1066#endif /* POLARSSL_CIPHER_MODE_CTR */
1067
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]1068 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1069}
1070
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1071#endif /* POLARSSL_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1072
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1073#endif /* POLARSSL_CAMELLIA_C */