Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
camellia.c
00001 /* 00002 * Camellia implementation 00003 * 00004 * Copyright (C) 2006-2014, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The Camellia block cipher was designed by NTT and Mitsubishi Electric 00027 * Corporation. 00028 * 00029 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf 00030 */ 00031 00032 #if !defined(POLARSSL_CONFIG_FILE) 00033 #include "polarssl/config.h" 00034 #else 00035 #include POLARSSL_CONFIG_FILE 00036 #endif 00037 00038 #if defined(POLARSSL_CAMELLIA_C) 00039 00040 #include "polarssl/camellia.h" 00041 00042 #if defined(POLARSSL_PLATFORM_C) 00043 #include "polarssl/platform.h" 00044 #else 00045 #define polarssl_printf printf 00046 #endif 00047 00048 #if !defined(POLARSSL_CAMELLIA_ALT) 00049 00050 /* 00051 * 32-bit integer manipulation macros (big endian) 00052 */ 00053 #ifndef GET_UINT32_BE 00054 #define GET_UINT32_BE(n,b,i) \ 00055 { \ 00056 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00057 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00058 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00059 | ( (uint32_t) (b)[(i) + 3] ); \ 00060 } 00061 #endif 00062 00063 #ifndef PUT_UINT32_BE 00064 #define PUT_UINT32_BE(n,b,i) \ 00065 { \ 00066 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00067 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00068 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00069 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00070 } 00071 #endif 00072 00073 static const unsigned char SIGMA_CHARS[6][8] = 00074 { 00075 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, 00076 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 }, 00077 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe }, 00078 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c }, 00079 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d }, 00080 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd } 00081 }; 00082 00083 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY) 00084 00085 static const unsigned char FSb[256] = 00086 { 00087 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, 00088 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, 00089 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, 00090 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, 00091 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, 00092 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, 00093 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, 00094 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, 00095 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, 00096 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, 00097 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, 00098 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, 00099 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, 00100 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, 00101 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, 00102 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 00103 }; 00104 00105 #define SBOX1(n) FSb[(n)] 00106 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) 00107 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) 00108 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff] 00109 00110 #else /* POLARSSL_CAMELLIA_SMALL_MEMORY */ 00111 00112 static const unsigned char FSb[256] = 00113 { 00114 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, 00115 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, 00116 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, 00117 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, 00118 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, 00119 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, 00120 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, 00121 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, 00122 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, 00123 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 00124 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 00125 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 00126 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 00127 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 00128 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, 00129 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 00130 }; 00131 00132 static const unsigned char FSb2[256] = 00133 { 00134 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, 00135 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, 00136 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, 00137 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, 00138 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, 00139 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, 00140 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, 00141 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, 00142 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, 00143 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, 00144 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, 00145 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, 00146 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, 00147 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, 00148 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, 00149 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 00150 }; 00151 00152 static const unsigned char FSb3[256] = 00153 { 00154 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, 00155 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, 00156 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, 00157 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, 00158 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, 00159 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, 00160 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, 00161 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, 00162 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, 00163 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, 00164 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, 00165 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, 00166 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, 00167 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, 00168 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, 00169 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 00170 }; 00171 00172 static const unsigned char FSb4[256] = 00173 { 00174 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, 00175 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, 00176 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, 00177 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, 00178 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, 00179 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, 00180 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, 00181 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, 00182 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, 00183 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, 00184 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, 00185 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, 00186 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, 00187 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, 00188 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, 00189 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 00190 }; 00191 00192 #define SBOX1(n) FSb[(n)] 00193 #define SBOX2(n) FSb2[(n)] 00194 #define SBOX3(n) FSb3[(n)] 00195 #define SBOX4(n) FSb4[(n)] 00196 00197 #endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */ 00198 00199 static const unsigned char shifts[2][4][4] = 00200 { 00201 { 00202 { 1, 1, 1, 1 }, /* KL */ 00203 { 0, 0, 0, 0 }, /* KR */ 00204 { 1, 1, 1, 1 }, /* KA */ 00205 { 0, 0, 0, 0 } /* KB */ 00206 }, 00207 { 00208 { 1, 0, 1, 1 }, /* KL */ 00209 { 1, 1, 0, 1 }, /* KR */ 00210 { 1, 1, 1, 0 }, /* KA */ 00211 { 1, 1, 0, 1 } /* KB */ 00212 } 00213 }; 00214 00215 static const signed char indexes[2][4][20] = 00216 { 00217 { 00218 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, 00219 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ 00220 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00221 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ 00222 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, 00223 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ 00224 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00225 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ 00226 }, 00227 { 00228 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, 00229 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ 00230 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, 00231 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ 00232 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, 00233 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ 00234 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, 00235 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ 00236 } 00237 }; 00238 00239 static const signed char transposes[2][20] = 00240 { 00241 { 00242 21, 22, 23, 20, 00243 -1, -1, -1, -1, 00244 18, 19, 16, 17, 00245 11, 8, 9, 10, 00246 15, 12, 13, 14 00247 }, 00248 { 00249 25, 26, 27, 24, 00250 29, 30, 31, 28, 00251 18, 19, 16, 17, 00252 -1, -1, -1, -1, 00253 -1, -1, -1, -1 00254 } 00255 }; 00256 00257 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */ 00258 #define ROTL(DEST, SRC, SHIFT) \ 00259 { \ 00260 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ 00261 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ 00262 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ 00263 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ 00264 } 00265 00266 #define FL(XL, XR, KL, KR) \ 00267 { \ 00268 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \ 00269 (XL) = ((XR) | (KR)) ^ (XL); \ 00270 } 00271 00272 #define FLInv(YL, YR, KL, KR) \ 00273 { \ 00274 (YL) = ((YR) | (KR)) ^ (YL); \ 00275 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \ 00276 } 00277 00278 #define SHIFT_AND_PLACE(INDEX, OFFSET) \ 00279 { \ 00280 TK[0] = KC[(OFFSET) * 4 + 0]; \ 00281 TK[1] = KC[(OFFSET) * 4 + 1]; \ 00282 TK[2] = KC[(OFFSET) * 4 + 2]; \ 00283 TK[3] = KC[(OFFSET) * 4 + 3]; \ 00284 \ 00285 for ( i = 1; i <= 4; i++ ) \ 00286 if (shifts[(INDEX)][(OFFSET)][i -1]) \ 00287 ROTL(TK + i * 4, TK, (15 * i) % 32); \ 00288 \ 00289 for ( i = 0; i < 20; i++ ) \ 00290 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \ 00291 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \ 00292 } \ 00293 } 00294 00295 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], 00296 uint32_t z[2]) 00297 { 00298 uint32_t I0, I1; 00299 I0 = x[0] ^ k[0]; 00300 I1 = x[1] ^ k[1]; 00301 00302 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) | 00303 (SBOX2((I0 >> 16) & 0xFF) << 16) | 00304 (SBOX3((I0 >> 8) & 0xFF) << 8) | 00305 (SBOX4((I0 ) & 0xFF) ); 00306 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) | 00307 (SBOX3((I1 >> 16) & 0xFF) << 16) | 00308 (SBOX4((I1 >> 8) & 0xFF) << 8) | 00309 (SBOX1((I1 ) & 0xFF) ); 00310 00311 I0 ^= (I1 << 8) | (I1 >> 24); 00312 I1 ^= (I0 << 16) | (I0 >> 16); 00313 I0 ^= (I1 >> 8) | (I1 << 24); 00314 I1 ^= (I0 >> 8) | (I0 << 24); 00315 00316 z[0] ^= I1; 00317 z[1] ^= I0; 00318 } 00319 00320 /* 00321 * Camellia key schedule (encryption) 00322 */ 00323 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, 00324 unsigned int keysize ) 00325 { 00326 int idx; 00327 size_t i; 00328 uint32_t *RK; 00329 unsigned char t[64]; 00330 uint32_t SIGMA[6][2]; 00331 uint32_t KC[16]; 00332 uint32_t TK[20]; 00333 00334 RK = ctx->rk ; 00335 00336 memset(t, 0, 64); 00337 memset(RK, 0, sizeof(ctx->rk )); 00338 00339 switch( keysize ) 00340 { 00341 case 128: ctx->nr = 3; idx = 0; break; 00342 case 192: 00343 case 256: ctx->nr = 4; idx = 1; break; 00344 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH ); 00345 } 00346 00347 for( i = 0; i < keysize / 8; ++i) 00348 t[i] = key[i]; 00349 00350 if (keysize == 192) { 00351 for (i = 0; i < 8; i++) 00352 t[24 + i] = ~t[16 + i]; 00353 } 00354 00355 /* 00356 * Prepare SIGMA values 00357 */ 00358 for (i = 0; i < 6; i++) { 00359 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0); 00360 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4); 00361 } 00362 00363 /* 00364 * Key storage in KC 00365 * Order: KL, KR, KA, KB 00366 */ 00367 memset(KC, 0, sizeof(KC)); 00368 00369 /* Store KL, KR */ 00370 for (i = 0; i < 8; i++) 00371 GET_UINT32_BE(KC[i], t, i * 4); 00372 00373 /* Generate KA */ 00374 for( i = 0; i < 4; ++i) 00375 KC[8 + i] = KC[i] ^ KC[4 + i]; 00376 00377 camellia_feistel(KC + 8, SIGMA[0], KC + 10); 00378 camellia_feistel(KC + 10, SIGMA[1], KC + 8); 00379 00380 for( i = 0; i < 4; ++i) 00381 KC[8 + i] ^= KC[i]; 00382 00383 camellia_feistel(KC + 8, SIGMA[2], KC + 10); 00384 camellia_feistel(KC + 10, SIGMA[3], KC + 8); 00385 00386 if (keysize > 128) { 00387 /* Generate KB */ 00388 for( i = 0; i < 4; ++i) 00389 KC[12 + i] = KC[4 + i] ^ KC[8 + i]; 00390 00391 camellia_feistel(KC + 12, SIGMA[4], KC + 14); 00392 camellia_feistel(KC + 14, SIGMA[5], KC + 12); 00393 } 00394 00395 /* 00396 * Generating subkeys 00397 */ 00398 00399 /* Manipulating KL */ 00400 SHIFT_AND_PLACE(idx, 0); 00401 00402 /* Manipulating KR */ 00403 if (keysize > 128) { 00404 SHIFT_AND_PLACE(idx, 1); 00405 } 00406 00407 /* Manipulating KA */ 00408 SHIFT_AND_PLACE(idx, 2); 00409 00410 /* Manipulating KB */ 00411 if (keysize > 128) { 00412 SHIFT_AND_PLACE(idx, 3); 00413 } 00414 00415 /* Do transpositions */ 00416 for ( i = 0; i < 20; i++ ) { 00417 if (transposes[idx][i] != -1) { 00418 RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; 00419 } 00420 } 00421 00422 return( 0 ); 00423 } 00424 00425 /* 00426 * Camellia key schedule (decryption) 00427 */ 00428 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, 00429 unsigned int keysize ) 00430 { 00431 int idx; 00432 size_t i; 00433 camellia_context cty; 00434 uint32_t *RK; 00435 uint32_t *SK; 00436 int ret; 00437 00438 switch( keysize ) 00439 { 00440 case 128: ctx->nr = 3; idx = 0; break; 00441 case 192: 00442 case 256: ctx->nr = 4; idx = 1; break; 00443 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH ); 00444 } 00445 00446 RK = ctx->rk ; 00447 00448 ret = camellia_setkey_enc(&cty, key, keysize); 00449 if( ret != 0 ) 00450 return( ret ); 00451 00452 SK = cty.rk + 24 * 2 + 8 * idx * 2; 00453 00454 *RK++ = *SK++; 00455 *RK++ = *SK++; 00456 *RK++ = *SK++; 00457 *RK++ = *SK++; 00458 00459 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) 00460 { 00461 *RK++ = *SK++; 00462 *RK++ = *SK++; 00463 } 00464 00465 SK -= 2; 00466 00467 *RK++ = *SK++; 00468 *RK++ = *SK++; 00469 *RK++ = *SK++; 00470 *RK++ = *SK++; 00471 00472 memset( &cty, 0, sizeof( camellia_context ) ); 00473 00474 return( 0 ); 00475 } 00476 00477 /* 00478 * Camellia-ECB block encryption/decryption 00479 */ 00480 int camellia_crypt_ecb( camellia_context *ctx, 00481 int mode, 00482 const unsigned char input[16], 00483 unsigned char output[16] ) 00484 { 00485 int NR; 00486 uint32_t *RK, X[4]; 00487 00488 ( (void) mode ); 00489 00490 NR = ctx->nr ; 00491 RK = ctx->rk ; 00492 00493 GET_UINT32_BE( X[0], input, 0 ); 00494 GET_UINT32_BE( X[1], input, 4 ); 00495 GET_UINT32_BE( X[2], input, 8 ); 00496 GET_UINT32_BE( X[3], input, 12 ); 00497 00498 X[0] ^= *RK++; 00499 X[1] ^= *RK++; 00500 X[2] ^= *RK++; 00501 X[3] ^= *RK++; 00502 00503 while (NR) { 00504 --NR; 00505 camellia_feistel(X, RK, X + 2); 00506 RK += 2; 00507 camellia_feistel(X + 2, RK, X); 00508 RK += 2; 00509 camellia_feistel(X, RK, X + 2); 00510 RK += 2; 00511 camellia_feistel(X + 2, RK, X); 00512 RK += 2; 00513 camellia_feistel(X, RK, X + 2); 00514 RK += 2; 00515 camellia_feistel(X + 2, RK, X); 00516 RK += 2; 00517 00518 if (NR) { 00519 FL(X[0], X[1], RK[0], RK[1]); 00520 RK += 2; 00521 FLInv(X[2], X[3], RK[0], RK[1]); 00522 RK += 2; 00523 } 00524 } 00525 00526 X[2] ^= *RK++; 00527 X[3] ^= *RK++; 00528 X[0] ^= *RK++; 00529 X[1] ^= *RK++; 00530 00531 PUT_UINT32_BE( X[2], output, 0 ); 00532 PUT_UINT32_BE( X[3], output, 4 ); 00533 PUT_UINT32_BE( X[0], output, 8 ); 00534 PUT_UINT32_BE( X[1], output, 12 ); 00535 00536 return( 0 ); 00537 } 00538 00539 #if defined(POLARSSL_CIPHER_MODE_CBC) 00540 /* 00541 * Camellia-CBC buffer encryption/decryption 00542 */ 00543 int camellia_crypt_cbc( camellia_context *ctx, 00544 int mode, 00545 size_t length, 00546 unsigned char iv[16], 00547 const unsigned char *input, 00548 unsigned char *output ) 00549 { 00550 int i; 00551 unsigned char temp[16]; 00552 00553 if( length % 16 ) 00554 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); 00555 00556 if( mode == CAMELLIA_DECRYPT ) 00557 { 00558 while( length > 0 ) 00559 { 00560 memcpy( temp, input, 16 ); 00561 camellia_crypt_ecb( ctx, mode, input, output ); 00562 00563 for( i = 0; i < 16; i++ ) 00564 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00565 00566 memcpy( iv, temp, 16 ); 00567 00568 input += 16; 00569 output += 16; 00570 length -= 16; 00571 } 00572 } 00573 else 00574 { 00575 while( length > 0 ) 00576 { 00577 for( i = 0; i < 16; i++ ) 00578 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00579 00580 camellia_crypt_ecb( ctx, mode, output, output ); 00581 memcpy( iv, output, 16 ); 00582 00583 input += 16; 00584 output += 16; 00585 length -= 16; 00586 } 00587 } 00588 00589 return( 0 ); 00590 } 00591 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00592 00593 #if defined(POLARSSL_CIPHER_MODE_CFB) 00594 /* 00595 * Camellia-CFB128 buffer encryption/decryption 00596 */ 00597 int camellia_crypt_cfb128( camellia_context *ctx, 00598 int mode, 00599 size_t length, 00600 size_t *iv_off, 00601 unsigned char iv[16], 00602 const unsigned char *input, 00603 unsigned char *output ) 00604 { 00605 int c; 00606 size_t n = *iv_off; 00607 00608 if( mode == CAMELLIA_DECRYPT ) 00609 { 00610 while( length-- ) 00611 { 00612 if( n == 0 ) 00613 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv ); 00614 00615 c = *input++; 00616 *output++ = (unsigned char)( c ^ iv[n] ); 00617 iv[n] = (unsigned char) c; 00618 00619 n = (n + 1) & 0x0F; 00620 } 00621 } 00622 else 00623 { 00624 while( length-- ) 00625 { 00626 if( n == 0 ) 00627 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv ); 00628 00629 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 00630 00631 n = (n + 1) & 0x0F; 00632 } 00633 } 00634 00635 *iv_off = n; 00636 00637 return( 0 ); 00638 } 00639 #endif /* POLARSSL_CIPHER_MODE_CFB */ 00640 00641 #if defined(POLARSSL_CIPHER_MODE_CTR) 00642 /* 00643 * Camellia-CTR buffer encryption/decryption 00644 */ 00645 int camellia_crypt_ctr( camellia_context *ctx, 00646 size_t length, 00647 size_t *nc_off, 00648 unsigned char nonce_counter[16], 00649 unsigned char stream_block[16], 00650 const unsigned char *input, 00651 unsigned char *output ) 00652 { 00653 int c, i; 00654 size_t n = *nc_off; 00655 00656 while( length-- ) 00657 { 00658 if( n == 0 ) { 00659 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, 00660 stream_block ); 00661 00662 for( i = 16; i > 0; i-- ) 00663 if( ++nonce_counter[i - 1] != 0 ) 00664 break; 00665 } 00666 c = *input++; 00667 *output++ = (unsigned char)( c ^ stream_block[n] ); 00668 00669 n = (n + 1) & 0x0F; 00670 } 00671 00672 *nc_off = n; 00673 00674 return( 0 ); 00675 } 00676 #endif /* POLARSSL_CIPHER_MODE_CTR */ 00677 #endif /* !POLARSSL_CAMELLIA_ALT */ 00678 00679 #if defined(POLARSSL_SELF_TEST) 00680 00681 #include <stdio.h> 00682 00683 /* 00684 * Camellia test vectors from: 00685 * 00686 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html: 00687 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt 00688 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt 00689 * (For each bitlength: Key 0, Nr 39) 00690 */ 00691 #define CAMELLIA_TESTS_ECB 2 00692 00693 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = 00694 { 00695 { 00696 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00697 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00698 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00699 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00700 }, 00701 { 00702 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00703 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00704 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, 00705 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00707 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00708 }, 00709 { 00710 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00711 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00712 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 00713 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 00714 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00715 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00716 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00718 }, 00719 }; 00720 00721 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = 00722 { 00723 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00724 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00725 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 00726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00727 }; 00728 00729 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = 00730 { 00731 { 00732 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 00733 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, 00734 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, 00735 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 } 00736 }, 00737 { 00738 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 00739 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, 00740 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, 00741 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 } 00742 }, 00743 { 00744 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 00745 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, 00746 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, 00747 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 } 00748 } 00749 }; 00750 00751 #if defined(POLARSSL_CIPHER_MODE_CBC) 00752 #define CAMELLIA_TESTS_CBC 3 00753 00754 static const unsigned char camellia_test_cbc_key[3][32] = 00755 { 00756 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 00757 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } 00758 , 00759 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 00760 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 00761 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } 00762 , 00763 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 00764 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 00765 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 00766 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 00767 }; 00768 00769 static const unsigned char camellia_test_cbc_iv[16] = 00770 00771 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00772 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } 00773 ; 00774 00775 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = 00776 { 00777 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 00778 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }, 00779 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 00780 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }, 00781 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 00782 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF } 00783 00784 }; 00785 00786 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = 00787 { 00788 { 00789 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, 00790 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB }, 00791 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, 00792 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 }, 00793 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, 00794 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 } 00795 }, 00796 { 00797 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, 00798 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 }, 00799 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, 00800 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 }, 00801 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, 00802 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 } 00803 }, 00804 { 00805 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, 00806 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA }, 00807 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, 00808 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 }, 00809 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, 00810 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } 00811 } 00812 }; 00813 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00814 00815 #if defined(POLARSSL_CIPHER_MODE_CTR) 00816 /* 00817 * Camellia-CTR test vectors from: 00818 * 00819 * http://www.faqs.org/rfcs/rfc5528.html 00820 */ 00821 00822 static const unsigned char camellia_test_ctr_key[3][16] = 00823 { 00824 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 00825 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 00826 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 00827 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 00828 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 00829 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 00830 }; 00831 00832 static const unsigned char camellia_test_ctr_nonce_counter[3][16] = 00833 { 00834 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 00835 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 00836 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 00837 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 00838 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 00839 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 00840 }; 00841 00842 static const unsigned char camellia_test_ctr_pt[3][48] = 00843 { 00844 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 00845 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 00846 00847 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00848 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00849 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00850 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 00851 00852 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00853 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00854 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00855 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 00856 0x20, 0x21, 0x22, 0x23 } 00857 }; 00858 00859 static const unsigned char camellia_test_ctr_ct[3][48] = 00860 { 00861 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, 00862 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F }, 00863 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, 00864 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, 00865 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, 00866 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 }, 00867 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, 00868 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, 00869 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, 00870 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, 00871 0xDF, 0x50, 0x86, 0x96 } 00872 }; 00873 00874 static const int camellia_test_ctr_len[3] = 00875 { 16, 32, 36 }; 00876 #endif /* POLARSSL_CIPHER_MODE_CTR */ 00877 00878 /* 00879 * Checkup routine 00880 */ 00881 int camellia_self_test( int verbose ) 00882 { 00883 int i, j, u, v; 00884 unsigned char key[32]; 00885 unsigned char buf[64]; 00886 unsigned char src[16]; 00887 unsigned char dst[16]; 00888 #if defined(POLARSSL_CIPHER_MODE_CBC) 00889 unsigned char iv[16]; 00890 #endif 00891 #if defined(POLARSSL_CIPHER_MODE_CTR) 00892 size_t offset, len; 00893 unsigned char nonce_counter[16]; 00894 unsigned char stream_block[16]; 00895 #endif 00896 00897 camellia_context ctx; 00898 00899 memset( key, 0, 32 ); 00900 00901 for (j = 0; j < 6; j++) { 00902 u = j >> 1; 00903 v = j & 1; 00904 00905 if( verbose != 0 ) 00906 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, 00907 (v == CAMELLIA_DECRYPT) ? "dec" : "enc"); 00908 00909 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { 00910 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u); 00911 00912 if (v == CAMELLIA_DECRYPT) { 00913 camellia_setkey_dec(&ctx, key, 128 + u * 64); 00914 memcpy(src, camellia_test_ecb_cipher[u][i], 16); 00915 memcpy(dst, camellia_test_ecb_plain[i], 16); 00916 } else { /* CAMELLIA_ENCRYPT */ 00917 camellia_setkey_enc(&ctx, key, 128 + u * 64); 00918 memcpy(src, camellia_test_ecb_plain[i], 16); 00919 memcpy(dst, camellia_test_ecb_cipher[u][i], 16); 00920 } 00921 00922 camellia_crypt_ecb(&ctx, v, src, buf); 00923 00924 if( memcmp( buf, dst, 16 ) != 0 ) 00925 { 00926 if( verbose != 0 ) 00927 polarssl_printf( "failed\n" ); 00928 00929 return( 1 ); 00930 } 00931 } 00932 00933 if( verbose != 0 ) 00934 polarssl_printf( "passed\n" ); 00935 } 00936 00937 if( verbose != 0 ) 00938 polarssl_printf( "\n" ); 00939 00940 #if defined(POLARSSL_CIPHER_MODE_CBC) 00941 /* 00942 * CBC mode 00943 */ 00944 for( j = 0; j < 6; j++ ) 00945 { 00946 u = j >> 1; 00947 v = j & 1; 00948 00949 if( verbose != 0 ) 00950 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, 00951 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 00952 00953 memcpy( src, camellia_test_cbc_iv, 16); 00954 memcpy( dst, camellia_test_cbc_iv, 16); 00955 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u); 00956 00957 if (v == CAMELLIA_DECRYPT) { 00958 camellia_setkey_dec(&ctx, key, 128 + u * 64); 00959 } else { 00960 camellia_setkey_enc(&ctx, key, 128 + u * 64); 00961 } 00962 00963 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { 00964 00965 if (v == CAMELLIA_DECRYPT) { 00966 memcpy( iv , src, 16 ); 00967 memcpy(src, camellia_test_cbc_cipher[u][i], 16); 00968 memcpy(dst, camellia_test_cbc_plain[i], 16); 00969 } else { /* CAMELLIA_ENCRYPT */ 00970 memcpy( iv , dst, 16 ); 00971 memcpy(src, camellia_test_cbc_plain[i], 16); 00972 memcpy(dst, camellia_test_cbc_cipher[u][i], 16); 00973 } 00974 00975 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf); 00976 00977 if( memcmp( buf, dst, 16 ) != 0 ) 00978 { 00979 if( verbose != 0 ) 00980 polarssl_printf( "failed\n" ); 00981 00982 return( 1 ); 00983 } 00984 } 00985 00986 if( verbose != 0 ) 00987 polarssl_printf( "passed\n" ); 00988 } 00989 #endif /* POLARSSL_CIPHER_MODE_CBC */ 00990 00991 if( verbose != 0 ) 00992 polarssl_printf( "\n" ); 00993 00994 #if defined(POLARSSL_CIPHER_MODE_CTR) 00995 /* 00996 * CTR mode 00997 */ 00998 for( i = 0; i < 6; i++ ) 00999 { 01000 u = i >> 1; 01001 v = i & 1; 01002 01003 if( verbose != 0 ) 01004 polarssl_printf( " CAMELLIA-CTR-128 (%s): ", 01005 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 01006 01007 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); 01008 memcpy( key, camellia_test_ctr_key[u], 16 ); 01009 01010 offset = 0; 01011 camellia_setkey_enc( &ctx, key, 128 ); 01012 01013 if( v == CAMELLIA_DECRYPT ) 01014 { 01015 len = camellia_test_ctr_len[u]; 01016 memcpy( buf, camellia_test_ctr_ct[u], len ); 01017 01018 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01019 buf, buf ); 01020 01021 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) 01022 { 01023 if( verbose != 0 ) 01024 polarssl_printf( "failed\n" ); 01025 01026 return( 1 ); 01027 } 01028 } 01029 else 01030 { 01031 len = camellia_test_ctr_len[u]; 01032 memcpy( buf, camellia_test_ctr_pt[u], len ); 01033 01034 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01035 buf, buf ); 01036 01037 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) 01038 { 01039 if( verbose != 0 ) 01040 polarssl_printf( "failed\n" ); 01041 01042 return( 1 ); 01043 } 01044 } 01045 01046 if( verbose != 0 ) 01047 polarssl_printf( "passed\n" ); 01048 } 01049 01050 if( verbose != 0 ) 01051 polarssl_printf( "\n" ); 01052 #endif /* POLARSSL_CIPHER_MODE_CTR */ 01053 01054 return ( 0 ); 01055 } 01056 01057 #endif /* POLARSSL_SELF_TEST */ 01058 01059 #endif /* POLARSSL_CAMELLIA_C */ 01060 01061
Generated on Tue Jul 12 2022 19:40:15 by
1.7.2