Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
camellia.c
00001 /* 00002 * Camellia implementation 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * The Camellia block cipher was designed by NTT and Mitsubishi Electric 00023 * Corporation. 00024 * 00025 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf 00026 */ 00027 00028 #if !defined(MBEDTLS_CONFIG_FILE) 00029 #include "mbedtls/config.h" 00030 #else 00031 #include MBEDTLS_CONFIG_FILE 00032 #endif 00033 00034 #if defined(MBEDTLS_CAMELLIA_C) 00035 00036 #include "mbedtls/camellia.h" 00037 #include "mbedtls/platform_util.h" 00038 00039 #include <string.h> 00040 00041 #if defined(MBEDTLS_SELF_TEST) 00042 #if defined(MBEDTLS_PLATFORM_C) 00043 #include "mbedtls/platform.h" 00044 #else 00045 #include <stdio.h> 00046 #define mbedtls_printf printf 00047 #endif /* MBEDTLS_PLATFORM_C */ 00048 #endif /* MBEDTLS_SELF_TEST */ 00049 00050 #if !defined(MBEDTLS_CAMELLIA_ALT) 00051 00052 /* 00053 * 32-bit integer manipulation macros (big endian) 00054 */ 00055 #ifndef GET_UINT32_BE 00056 #define GET_UINT32_BE(n,b,i) \ 00057 { \ 00058 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00059 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00060 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00061 | ( (uint32_t) (b)[(i) + 3] ); \ 00062 } 00063 #endif 00064 00065 #ifndef PUT_UINT32_BE 00066 #define PUT_UINT32_BE(n,b,i) \ 00067 { \ 00068 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00069 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00070 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00071 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00072 } 00073 #endif 00074 00075 static const unsigned char SIGMA_CHARS[6][8] = 00076 { 00077 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, 00078 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 }, 00079 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe }, 00080 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c }, 00081 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d }, 00082 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd } 00083 }; 00084 00085 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) 00086 00087 static const unsigned char FSb[256] = 00088 { 00089 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, 00090 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, 00091 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, 00092 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, 00093 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, 00094 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, 00095 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, 00096 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, 00097 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, 00098 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, 00099 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, 00100 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, 00101 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, 00102 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, 00103 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, 00104 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 00105 }; 00106 00107 #define SBOX1(n) FSb[(n)] 00108 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) 00109 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) 00110 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff] 00111 00112 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ 00113 00114 static const unsigned char FSb[256] = 00115 { 00116 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, 00117 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, 00118 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, 00119 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, 00120 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, 00121 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, 00122 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, 00123 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, 00124 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, 00125 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 00126 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 00127 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 00128 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 00129 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 00130 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, 00131 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 00132 }; 00133 00134 static const unsigned char FSb2[256] = 00135 { 00136 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, 00137 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, 00138 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, 00139 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, 00140 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, 00141 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, 00142 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, 00143 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, 00144 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, 00145 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, 00146 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, 00147 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, 00148 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, 00149 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, 00150 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, 00151 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 00152 }; 00153 00154 static const unsigned char FSb3[256] = 00155 { 00156 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, 00157 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, 00158 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, 00159 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, 00160 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, 00161 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, 00162 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, 00163 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, 00164 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, 00165 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, 00166 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, 00167 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, 00168 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, 00169 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, 00170 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, 00171 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 00172 }; 00173 00174 static const unsigned char FSb4[256] = 00175 { 00176 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, 00177 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, 00178 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, 00179 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, 00180 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, 00181 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, 00182 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, 00183 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, 00184 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, 00185 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, 00186 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, 00187 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, 00188 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, 00189 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, 00190 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, 00191 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 00192 }; 00193 00194 #define SBOX1(n) FSb[(n)] 00195 #define SBOX2(n) FSb2[(n)] 00196 #define SBOX3(n) FSb3[(n)] 00197 #define SBOX4(n) FSb4[(n)] 00198 00199 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ 00200 00201 static const unsigned char shifts[2][4][4] = 00202 { 00203 { 00204 { 1, 1, 1, 1 }, /* KL */ 00205 { 0, 0, 0, 0 }, /* KR */ 00206 { 1, 1, 1, 1 }, /* KA */ 00207 { 0, 0, 0, 0 } /* KB */ 00208 }, 00209 { 00210 { 1, 0, 1, 1 }, /* KL */ 00211 { 1, 1, 0, 1 }, /* KR */ 00212 { 1, 1, 1, 0 }, /* KA */ 00213 { 1, 1, 0, 1 } /* KB */ 00214 } 00215 }; 00216 00217 static const signed char indexes[2][4][20] = 00218 { 00219 { 00220 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, 00221 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ 00222 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00223 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ 00224 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, 00225 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ 00226 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00227 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ 00228 }, 00229 { 00230 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, 00231 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ 00232 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, 00233 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ 00234 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, 00235 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ 00236 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, 00237 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ 00238 } 00239 }; 00240 00241 static const signed char transposes[2][20] = 00242 { 00243 { 00244 21, 22, 23, 20, 00245 -1, -1, -1, -1, 00246 18, 19, 16, 17, 00247 11, 8, 9, 10, 00248 15, 12, 13, 14 00249 }, 00250 { 00251 25, 26, 27, 24, 00252 29, 30, 31, 28, 00253 18, 19, 16, 17, 00254 -1, -1, -1, -1, 00255 -1, -1, -1, -1 00256 } 00257 }; 00258 00259 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */ 00260 #define ROTL(DEST, SRC, SHIFT) \ 00261 { \ 00262 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ 00263 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ 00264 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ 00265 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ 00266 } 00267 00268 #define FL(XL, XR, KL, KR) \ 00269 { \ 00270 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \ 00271 (XL) = ((XR) | (KR)) ^ (XL); \ 00272 } 00273 00274 #define FLInv(YL, YR, KL, KR) \ 00275 { \ 00276 (YL) = ((YR) | (KR)) ^ (YL); \ 00277 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \ 00278 } 00279 00280 #define SHIFT_AND_PLACE(INDEX, OFFSET) \ 00281 { \ 00282 TK[0] = KC[(OFFSET) * 4 + 0]; \ 00283 TK[1] = KC[(OFFSET) * 4 + 1]; \ 00284 TK[2] = KC[(OFFSET) * 4 + 2]; \ 00285 TK[3] = KC[(OFFSET) * 4 + 3]; \ 00286 \ 00287 for( i = 1; i <= 4; i++ ) \ 00288 if( shifts[(INDEX)][(OFFSET)][i -1] ) \ 00289 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \ 00290 \ 00291 for( i = 0; i < 20; i++ ) \ 00292 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \ 00293 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \ 00294 } \ 00295 } 00296 00297 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], 00298 uint32_t z[2]) 00299 { 00300 uint32_t I0, I1; 00301 I0 = x[0] ^ k[0]; 00302 I1 = x[1] ^ k[1]; 00303 00304 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | 00305 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | 00306 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | 00307 ((uint32_t) SBOX4((I0 ) & 0xFF) ); 00308 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | 00309 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | 00310 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | 00311 ((uint32_t) SBOX1((I1 ) & 0xFF) ); 00312 00313 I0 ^= (I1 << 8) | (I1 >> 24); 00314 I1 ^= (I0 << 16) | (I0 >> 16); 00315 I0 ^= (I1 >> 8) | (I1 << 24); 00316 I1 ^= (I0 >> 8) | (I0 << 24); 00317 00318 z[0] ^= I1; 00319 z[1] ^= I0; 00320 } 00321 00322 void mbedtls_camellia_init( mbedtls_camellia_context *ctx ) 00323 { 00324 memset( ctx, 0, sizeof( mbedtls_camellia_context ) ); 00325 } 00326 00327 void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) 00328 { 00329 if( ctx == NULL ) 00330 return; 00331 00332 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); 00333 } 00334 00335 /* 00336 * Camellia key schedule (encryption) 00337 */ 00338 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, 00339 unsigned int keybits ) 00340 { 00341 int idx; 00342 size_t i; 00343 uint32_t *RK; 00344 unsigned char t[64]; 00345 uint32_t SIGMA[6][2]; 00346 uint32_t KC[16]; 00347 uint32_t TK[20]; 00348 00349 RK = ctx->rk ; 00350 00351 memset( t, 0, 64 ); 00352 memset( RK, 0, sizeof(ctx->rk ) ); 00353 00354 switch( keybits ) 00355 { 00356 case 128: ctx->nr = 3; idx = 0; break; 00357 case 192: 00358 case 256: ctx->nr = 4; idx = 1; break; 00359 default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH ); 00360 } 00361 00362 for( i = 0; i < keybits / 8; ++i ) 00363 t[i] = key[i]; 00364 00365 if( keybits == 192 ) { 00366 for( i = 0; i < 8; i++ ) 00367 t[24 + i] = ~t[16 + i]; 00368 } 00369 00370 /* 00371 * Prepare SIGMA values 00372 */ 00373 for( i = 0; i < 6; i++ ) { 00374 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 ); 00375 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 ); 00376 } 00377 00378 /* 00379 * Key storage in KC 00380 * Order: KL, KR, KA, KB 00381 */ 00382 memset( KC, 0, sizeof(KC) ); 00383 00384 /* Store KL, KR */ 00385 for( i = 0; i < 8; i++ ) 00386 GET_UINT32_BE( KC[i], t, i * 4 ); 00387 00388 /* Generate KA */ 00389 for( i = 0; i < 4; ++i ) 00390 KC[8 + i] = KC[i] ^ KC[4 + i]; 00391 00392 camellia_feistel( KC + 8, SIGMA[0], KC + 10 ); 00393 camellia_feistel( KC + 10, SIGMA[1], KC + 8 ); 00394 00395 for( i = 0; i < 4; ++i ) 00396 KC[8 + i] ^= KC[i]; 00397 00398 camellia_feistel( KC + 8, SIGMA[2], KC + 10 ); 00399 camellia_feistel( KC + 10, SIGMA[3], KC + 8 ); 00400 00401 if( keybits > 128 ) { 00402 /* Generate KB */ 00403 for( i = 0; i < 4; ++i ) 00404 KC[12 + i] = KC[4 + i] ^ KC[8 + i]; 00405 00406 camellia_feistel( KC + 12, SIGMA[4], KC + 14 ); 00407 camellia_feistel( KC + 14, SIGMA[5], KC + 12 ); 00408 } 00409 00410 /* 00411 * Generating subkeys 00412 */ 00413 00414 /* Manipulating KL */ 00415 SHIFT_AND_PLACE( idx, 0 ); 00416 00417 /* Manipulating KR */ 00418 if( keybits > 128 ) { 00419 SHIFT_AND_PLACE( idx, 1 ); 00420 } 00421 00422 /* Manipulating KA */ 00423 SHIFT_AND_PLACE( idx, 2 ); 00424 00425 /* Manipulating KB */ 00426 if( keybits > 128 ) { 00427 SHIFT_AND_PLACE( idx, 3 ); 00428 } 00429 00430 /* Do transpositions */ 00431 for( i = 0; i < 20; i++ ) { 00432 if( transposes[idx][i] != -1 ) { 00433 RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; 00434 } 00435 } 00436 00437 return( 0 ); 00438 } 00439 00440 /* 00441 * Camellia key schedule (decryption) 00442 */ 00443 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, 00444 unsigned int keybits ) 00445 { 00446 int idx, ret; 00447 size_t i; 00448 mbedtls_camellia_context cty; 00449 uint32_t *RK; 00450 uint32_t *SK; 00451 00452 mbedtls_camellia_init( &cty ); 00453 00454 /* Also checks keybits */ 00455 if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 ) 00456 goto exit; 00457 00458 ctx->nr = cty.nr ; 00459 idx = ( ctx->nr == 4 ); 00460 00461 RK = ctx->rk ; 00462 SK = cty.rk + 24 * 2 + 8 * idx * 2; 00463 00464 *RK++ = *SK++; 00465 *RK++ = *SK++; 00466 *RK++ = *SK++; 00467 *RK++ = *SK++; 00468 00469 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 ) 00470 { 00471 *RK++ = *SK++; 00472 *RK++ = *SK++; 00473 } 00474 00475 SK -= 2; 00476 00477 *RK++ = *SK++; 00478 *RK++ = *SK++; 00479 *RK++ = *SK++; 00480 *RK++ = *SK++; 00481 00482 exit: 00483 mbedtls_camellia_free( &cty ); 00484 00485 return( ret ); 00486 } 00487 00488 /* 00489 * Camellia-ECB block encryption/decryption 00490 */ 00491 int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, 00492 int mode, 00493 const unsigned char input[16], 00494 unsigned char output[16] ) 00495 { 00496 int NR; 00497 uint32_t *RK, X[4]; 00498 00499 ( (void) mode ); 00500 00501 NR = ctx->nr ; 00502 RK = ctx->rk ; 00503 00504 GET_UINT32_BE( X[0], input, 0 ); 00505 GET_UINT32_BE( X[1], input, 4 ); 00506 GET_UINT32_BE( X[2], input, 8 ); 00507 GET_UINT32_BE( X[3], input, 12 ); 00508 00509 X[0] ^= *RK++; 00510 X[1] ^= *RK++; 00511 X[2] ^= *RK++; 00512 X[3] ^= *RK++; 00513 00514 while( NR ) { 00515 --NR; 00516 camellia_feistel( X, RK, X + 2 ); 00517 RK += 2; 00518 camellia_feistel( X + 2, RK, X ); 00519 RK += 2; 00520 camellia_feistel( X, RK, X + 2 ); 00521 RK += 2; 00522 camellia_feistel( X + 2, RK, X ); 00523 RK += 2; 00524 camellia_feistel( X, RK, X + 2 ); 00525 RK += 2; 00526 camellia_feistel( X + 2, RK, X ); 00527 RK += 2; 00528 00529 if( NR ) { 00530 FL(X[0], X[1], RK[0], RK[1]); 00531 RK += 2; 00532 FLInv(X[2], X[3], RK[0], RK[1]); 00533 RK += 2; 00534 } 00535 } 00536 00537 X[2] ^= *RK++; 00538 X[3] ^= *RK++; 00539 X[0] ^= *RK++; 00540 X[1] ^= *RK++; 00541 00542 PUT_UINT32_BE( X[2], output, 0 ); 00543 PUT_UINT32_BE( X[3], output, 4 ); 00544 PUT_UINT32_BE( X[0], output, 8 ); 00545 PUT_UINT32_BE( X[1], output, 12 ); 00546 00547 return( 0 ); 00548 } 00549 00550 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00551 /* 00552 * Camellia-CBC buffer encryption/decryption 00553 */ 00554 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, 00555 int mode, 00556 size_t length, 00557 unsigned char iv[16], 00558 const unsigned char *input, 00559 unsigned char *output ) 00560 { 00561 int i; 00562 unsigned char temp[16]; 00563 00564 if( length % 16 ) 00565 return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); 00566 00567 if( mode == MBEDTLS_CAMELLIA_DECRYPT ) 00568 { 00569 while( length > 0 ) 00570 { 00571 memcpy( temp, input, 16 ); 00572 mbedtls_camellia_crypt_ecb( ctx, mode, input, output ); 00573 00574 for( i = 0; i < 16; i++ ) 00575 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00576 00577 memcpy( iv, temp, 16 ); 00578 00579 input += 16; 00580 output += 16; 00581 length -= 16; 00582 } 00583 } 00584 else 00585 { 00586 while( length > 0 ) 00587 { 00588 for( i = 0; i < 16; i++ ) 00589 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00590 00591 mbedtls_camellia_crypt_ecb( ctx, mode, output, output ); 00592 memcpy( iv, output, 16 ); 00593 00594 input += 16; 00595 output += 16; 00596 length -= 16; 00597 } 00598 } 00599 00600 return( 0 ); 00601 } 00602 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00603 00604 #if defined(MBEDTLS_CIPHER_MODE_CFB) 00605 /* 00606 * Camellia-CFB128 buffer encryption/decryption 00607 */ 00608 int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, 00609 int mode, 00610 size_t length, 00611 size_t *iv_off, 00612 unsigned char iv[16], 00613 const unsigned char *input, 00614 unsigned char *output ) 00615 { 00616 int c; 00617 size_t n = *iv_off; 00618 00619 if( mode == MBEDTLS_CAMELLIA_DECRYPT ) 00620 { 00621 while( length-- ) 00622 { 00623 if( n == 0 ) 00624 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); 00625 00626 c = *input++; 00627 *output++ = (unsigned char)( c ^ iv[n] ); 00628 iv[n] = (unsigned char) c; 00629 00630 n = ( n + 1 ) & 0x0F; 00631 } 00632 } 00633 else 00634 { 00635 while( length-- ) 00636 { 00637 if( n == 0 ) 00638 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); 00639 00640 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 00641 00642 n = ( n + 1 ) & 0x0F; 00643 } 00644 } 00645 00646 *iv_off = n; 00647 00648 return( 0 ); 00649 } 00650 #endif /* MBEDTLS_CIPHER_MODE_CFB */ 00651 00652 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00653 /* 00654 * Camellia-CTR buffer encryption/decryption 00655 */ 00656 int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, 00657 size_t length, 00658 size_t *nc_off, 00659 unsigned char nonce_counter[16], 00660 unsigned char stream_block[16], 00661 const unsigned char *input, 00662 unsigned char *output ) 00663 { 00664 int c, i; 00665 size_t n = *nc_off; 00666 00667 while( length-- ) 00668 { 00669 if( n == 0 ) { 00670 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, 00671 stream_block ); 00672 00673 for( i = 16; i > 0; i-- ) 00674 if( ++nonce_counter[i - 1] != 0 ) 00675 break; 00676 } 00677 c = *input++; 00678 *output++ = (unsigned char)( c ^ stream_block[n] ); 00679 00680 n = ( n + 1 ) & 0x0F; 00681 } 00682 00683 *nc_off = n; 00684 00685 return( 0 ); 00686 } 00687 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00688 #endif /* !MBEDTLS_CAMELLIA_ALT */ 00689 00690 #if defined(MBEDTLS_SELF_TEST) 00691 00692 /* 00693 * Camellia test vectors from: 00694 * 00695 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html: 00696 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt 00697 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt 00698 * (For each bitlength: Key 0, Nr 39) 00699 */ 00700 #define CAMELLIA_TESTS_ECB 2 00701 00702 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = 00703 { 00704 { 00705 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00706 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00707 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00708 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00709 }, 00710 { 00711 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00712 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00713 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, 00714 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00715 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00716 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00717 }, 00718 { 00719 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00720 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00721 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 00722 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 00723 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00724 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00725 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00727 }, 00728 }; 00729 00730 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = 00731 { 00732 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00733 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00734 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 00735 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00736 }; 00737 00738 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = 00739 { 00740 { 00741 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 00742 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, 00743 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, 00744 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 } 00745 }, 00746 { 00747 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 00748 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, 00749 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, 00750 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 } 00751 }, 00752 { 00753 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 00754 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, 00755 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, 00756 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 } 00757 } 00758 }; 00759 00760 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00761 #define CAMELLIA_TESTS_CBC 3 00762 00763 static const unsigned char camellia_test_cbc_key[3][32] = 00764 { 00765 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 00766 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } 00767 , 00768 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 00769 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 00770 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } 00771 , 00772 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 00773 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 00774 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 00775 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 00776 }; 00777 00778 static const unsigned char camellia_test_cbc_iv[16] = 00779 00780 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00781 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } 00782 ; 00783 00784 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = 00785 { 00786 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 00787 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }, 00788 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 00789 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }, 00790 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 00791 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF } 00792 00793 }; 00794 00795 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = 00796 { 00797 { 00798 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, 00799 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB }, 00800 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, 00801 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 }, 00802 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, 00803 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 } 00804 }, 00805 { 00806 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, 00807 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 }, 00808 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, 00809 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 }, 00810 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, 00811 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 } 00812 }, 00813 { 00814 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, 00815 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA }, 00816 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, 00817 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 }, 00818 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, 00819 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } 00820 } 00821 }; 00822 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00823 00824 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00825 /* 00826 * Camellia-CTR test vectors from: 00827 * 00828 * http://www.faqs.org/rfcs/rfc5528.html 00829 */ 00830 00831 static const unsigned char camellia_test_ctr_key[3][16] = 00832 { 00833 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 00834 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 00835 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 00836 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 00837 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 00838 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 00839 }; 00840 00841 static const unsigned char camellia_test_ctr_nonce_counter[3][16] = 00842 { 00843 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 00844 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 00845 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 00846 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 00847 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 00848 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 00849 }; 00850 00851 static const unsigned char camellia_test_ctr_pt[3][48] = 00852 { 00853 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 00854 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 00855 00856 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00857 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00858 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00859 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 00860 00861 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00862 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00863 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00864 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 00865 0x20, 0x21, 0x22, 0x23 } 00866 }; 00867 00868 static const unsigned char camellia_test_ctr_ct[3][48] = 00869 { 00870 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, 00871 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F }, 00872 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, 00873 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, 00874 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, 00875 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 }, 00876 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, 00877 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, 00878 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, 00879 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, 00880 0xDF, 0x50, 0x86, 0x96 } 00881 }; 00882 00883 static const int camellia_test_ctr_len[3] = 00884 { 16, 32, 36 }; 00885 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00886 00887 /* 00888 * Checkup routine 00889 */ 00890 int mbedtls_camellia_self_test( int verbose ) 00891 { 00892 int i, j, u, v; 00893 unsigned char key[32]; 00894 unsigned char buf[64]; 00895 unsigned char src[16]; 00896 unsigned char dst[16]; 00897 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00898 unsigned char iv[16]; 00899 #endif 00900 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00901 size_t offset, len; 00902 unsigned char nonce_counter[16]; 00903 unsigned char stream_block[16]; 00904 #endif 00905 00906 mbedtls_camellia_context ctx; 00907 00908 memset( key, 0, 32 ); 00909 00910 for( j = 0; j < 6; j++ ) { 00911 u = j >> 1; 00912 v = j & 1; 00913 00914 if( verbose != 0 ) 00915 mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, 00916 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); 00917 00918 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { 00919 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u ); 00920 00921 if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 00922 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); 00923 memcpy( src, camellia_test_ecb_cipher[u][i], 16 ); 00924 memcpy( dst, camellia_test_ecb_plain[i], 16 ); 00925 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ 00926 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); 00927 memcpy( src, camellia_test_ecb_plain[i], 16 ); 00928 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 ); 00929 } 00930 00931 mbedtls_camellia_crypt_ecb( &ctx, v, src, buf ); 00932 00933 if( memcmp( buf, dst, 16 ) != 0 ) 00934 { 00935 if( verbose != 0 ) 00936 mbedtls_printf( "failed\n" ); 00937 00938 return( 1 ); 00939 } 00940 } 00941 00942 if( verbose != 0 ) 00943 mbedtls_printf( "passed\n" ); 00944 } 00945 00946 if( verbose != 0 ) 00947 mbedtls_printf( "\n" ); 00948 00949 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00950 /* 00951 * CBC mode 00952 */ 00953 for( j = 0; j < 6; j++ ) 00954 { 00955 u = j >> 1; 00956 v = j & 1; 00957 00958 if( verbose != 0 ) 00959 mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, 00960 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 00961 00962 memcpy( src, camellia_test_cbc_iv, 16 ); 00963 memcpy( dst, camellia_test_cbc_iv, 16 ); 00964 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); 00965 00966 if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 00967 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); 00968 } else { 00969 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); 00970 } 00971 00972 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { 00973 00974 if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 00975 memcpy( iv , src, 16 ); 00976 memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); 00977 memcpy( dst, camellia_test_cbc_plain[i], 16 ); 00978 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ 00979 memcpy( iv , dst, 16 ); 00980 memcpy( src, camellia_test_cbc_plain[i], 16 ); 00981 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); 00982 } 00983 00984 mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); 00985 00986 if( memcmp( buf, dst, 16 ) != 0 ) 00987 { 00988 if( verbose != 0 ) 00989 mbedtls_printf( "failed\n" ); 00990 00991 return( 1 ); 00992 } 00993 } 00994 00995 if( verbose != 0 ) 00996 mbedtls_printf( "passed\n" ); 00997 } 00998 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00999 01000 if( verbose != 0 ) 01001 mbedtls_printf( "\n" ); 01002 01003 #if defined(MBEDTLS_CIPHER_MODE_CTR) 01004 /* 01005 * CTR mode 01006 */ 01007 for( i = 0; i < 6; i++ ) 01008 { 01009 u = i >> 1; 01010 v = i & 1; 01011 01012 if( verbose != 0 ) 01013 mbedtls_printf( " CAMELLIA-CTR-128 (%s): ", 01014 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 01015 01016 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); 01017 memcpy( key, camellia_test_ctr_key[u], 16 ); 01018 01019 offset = 0; 01020 mbedtls_camellia_setkey_enc( &ctx, key, 128 ); 01021 01022 if( v == MBEDTLS_CAMELLIA_DECRYPT ) 01023 { 01024 len = camellia_test_ctr_len[u]; 01025 memcpy( buf, camellia_test_ctr_ct[u], len ); 01026 01027 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01028 buf, buf ); 01029 01030 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) 01031 { 01032 if( verbose != 0 ) 01033 mbedtls_printf( "failed\n" ); 01034 01035 return( 1 ); 01036 } 01037 } 01038 else 01039 { 01040 len = camellia_test_ctr_len[u]; 01041 memcpy( buf, camellia_test_ctr_pt[u], len ); 01042 01043 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01044 buf, buf ); 01045 01046 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) 01047 { 01048 if( verbose != 0 ) 01049 mbedtls_printf( "failed\n" ); 01050 01051 return( 1 ); 01052 } 01053 } 01054 01055 if( verbose != 0 ) 01056 mbedtls_printf( "passed\n" ); 01057 } 01058 01059 if( verbose != 0 ) 01060 mbedtls_printf( "\n" ); 01061 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 01062 01063 return( 0 ); 01064 } 01065 01066 #endif /* MBEDTLS_SELF_TEST */ 01067 01068 #endif /* MBEDTLS_CAMELLIA_C */
Generated on Tue Jul 12 2022 12:43:37 by
