Knight KE / Mbed OS Game_Master
Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers camellia.c Source File

camellia.c

00001 /*
00002  *  Camellia implementation
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 /*
00022  *  The Camellia block cipher was designed by NTT and Mitsubishi Electric
00023  *  Corporation.
00024  *
00025  *  http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
00026  */
00027 
00028 #if !defined(MBEDTLS_CONFIG_FILE)
00029 #include "mbedtls/config.h"
00030 #else
00031 #include MBEDTLS_CONFIG_FILE
00032 #endif
00033 
00034 #if defined(MBEDTLS_CAMELLIA_C)
00035 
00036 #include "mbedtls/camellia.h"
00037 #include "mbedtls/platform_util.h"
00038 
00039 #include <string.h>
00040 
00041 #if defined(MBEDTLS_SELF_TEST)
00042 #if defined(MBEDTLS_PLATFORM_C)
00043 #include "mbedtls/platform.h"
00044 #else
00045 #include <stdio.h>
00046 #define mbedtls_printf printf
00047 #endif /* MBEDTLS_PLATFORM_C */
00048 #endif /* MBEDTLS_SELF_TEST */
00049 
00050 #if !defined(MBEDTLS_CAMELLIA_ALT)
00051 
00052 /*
00053  * 32-bit integer manipulation macros (big endian)
00054  */
00055 #ifndef GET_UINT32_BE
00056 #define GET_UINT32_BE(n,b,i)                            \
00057 {                                                       \
00058     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
00059         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
00060         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
00061         | ( (uint32_t) (b)[(i) + 3]       );            \
00062 }
00063 #endif
00064 
00065 #ifndef PUT_UINT32_BE
00066 #define PUT_UINT32_BE(n,b,i)                            \
00067 {                                                       \
00068     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00069     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00070     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00071     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00072 }
00073 #endif
00074 
00075 static const unsigned char SIGMA_CHARS[6][8] =
00076 {
00077     { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
00078     { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
00079     { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
00080     { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
00081     { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
00082     { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
00083 };
00084 
00085 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
00086 
00087 static const unsigned char FSb[256] =
00088 {
00089     112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
00090      35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
00091     134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
00092     166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
00093     139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
00094     223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
00095      20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
00096     254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
00097     170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
00098      16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
00099     135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
00100      82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
00101     233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
00102     120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
00103     114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
00104      64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
00105 };
00106 
00107 #define SBOX1(n) FSb[(n)]
00108 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
00109 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
00110 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
00111 
00112 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
00113 
00114 static const unsigned char FSb[256] =
00115 {
00116  112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
00117   35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
00118  134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
00119  166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
00120  139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
00121  223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
00122   20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
00123  254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
00124  170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
00125   16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
00126  135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
00127   82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
00128  233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
00129  120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
00130  114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
00131  64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
00132 };
00133 
00134 static const unsigned char FSb2[256] =
00135 {
00136  224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
00137   70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
00138   13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
00139   77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
00140   23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
00141  191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
00142   40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
00143  253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
00144   85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
00145   32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
00146   15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
00147  164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
00148  211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
00149  240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
00150  228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
00151  128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
00152 };
00153 
00154 static const unsigned char FSb3[256] =
00155 {
00156   56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
00157  145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
00158   67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
00159   83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
00160  197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
00161  239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
00162   10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
00163  127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
00164   85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
00165    8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
00166  195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
00167   41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
00168  244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
00169   60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
00170   57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
00171   32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
00172 };
00173 
00174 static const unsigned char FSb4[256] =
00175 {
00176  112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
00177  134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
00178  139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
00179   20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
00180  170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
00181  135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
00182  233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
00183  114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
00184  130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
00185  184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
00186   13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
00187   88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
00188  208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
00189   92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
00190  121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
00191   7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
00192 };
00193 
00194 #define SBOX1(n) FSb[(n)]
00195 #define SBOX2(n) FSb2[(n)]
00196 #define SBOX3(n) FSb3[(n)]
00197 #define SBOX4(n) FSb4[(n)]
00198 
00199 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
00200 
00201 static const unsigned char shifts[2][4][4] =
00202 {
00203     {
00204         { 1, 1, 1, 1 }, /* KL */
00205         { 0, 0, 0, 0 }, /* KR */
00206         { 1, 1, 1, 1 }, /* KA */
00207         { 0, 0, 0, 0 }  /* KB */
00208     },
00209     {
00210         { 1, 0, 1, 1 }, /* KL */
00211         { 1, 1, 0, 1 }, /* KR */
00212         { 1, 1, 1, 0 }, /* KA */
00213         { 1, 1, 0, 1 }  /* KB */
00214     }
00215 };
00216 
00217 static const signed char indexes[2][4][20] =
00218 {
00219     {
00220         {  0,  1,  2,  3,  8,  9, 10, 11, 38, 39,
00221           36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
00222         { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
00223           -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
00224         {  4,  5,  6,  7, 12, 13, 14, 15, 16, 17,
00225           18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
00226         { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
00227           -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }  /* KB -> RK */
00228     },
00229     {
00230         {  0,  1,  2,  3, 61, 62, 63, 60, -1, -1,
00231           -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
00232         { -1, -1, -1, -1,  8,  9, 10, 11, 16, 17,
00233           18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
00234         { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
00235           56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
00236         {  4,  5,  6,  7, 65, 66, 67, 64, 20, 21,
00237           22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }  /* KB -> RK */
00238     }
00239 };
00240 
00241 static const signed char transposes[2][20] =
00242 {
00243     {
00244         21, 22, 23, 20,
00245         -1, -1, -1, -1,
00246         18, 19, 16, 17,
00247         11,  8,  9, 10,
00248         15, 12, 13, 14
00249     },
00250     {
00251         25, 26, 27, 24,
00252         29, 30, 31, 28,
00253         18, 19, 16, 17,
00254         -1, -1, -1, -1,
00255         -1, -1, -1, -1
00256     }
00257 };
00258 
00259 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
00260 #define ROTL(DEST, SRC, SHIFT)                                      \
00261 {                                                                   \
00262     (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
00263     (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
00264     (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
00265     (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
00266 }
00267 
00268 #define FL(XL, XR, KL, KR)                                          \
00269 {                                                                   \
00270     (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR);   \
00271     (XL) = ((XR) | (KR)) ^ (XL);                                    \
00272 }
00273 
00274 #define FLInv(YL, YR, KL, KR)                                       \
00275 {                                                                   \
00276     (YL) = ((YR) | (KR)) ^ (YL);                                    \
00277     (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR);   \
00278 }
00279 
00280 #define SHIFT_AND_PLACE(INDEX, OFFSET)                      \
00281 {                                                           \
00282     TK[0] = KC[(OFFSET) * 4 + 0];                           \
00283     TK[1] = KC[(OFFSET) * 4 + 1];                           \
00284     TK[2] = KC[(OFFSET) * 4 + 2];                           \
00285     TK[3] = KC[(OFFSET) * 4 + 3];                           \
00286                                                             \
00287     for( i = 1; i <= 4; i++ )                               \
00288         if( shifts[(INDEX)][(OFFSET)][i -1] )               \
00289             ROTL(TK + i * 4, TK, ( 15 * i ) % 32);          \
00290                                                             \
00291     for( i = 0; i < 20; i++ )                               \
00292         if( indexes[(INDEX)][(OFFSET)][i] != -1 ) {         \
00293             RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ];    \
00294         }                                                   \
00295 }
00296 
00297 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
00298                               uint32_t z[2])
00299 {
00300     uint32_t I0, I1;
00301     I0 = x[0] ^ k[0];
00302     I1 = x[1] ^ k[1];
00303 
00304     I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
00305          ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
00306          ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
00307          ((uint32_t) SBOX4((I0      ) & 0xFF)      );
00308     I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
00309          ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
00310          ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
00311          ((uint32_t) SBOX1((I1      ) & 0xFF)      );
00312 
00313     I0 ^= (I1 << 8) | (I1 >> 24);
00314     I1 ^= (I0 << 16) | (I0 >> 16);
00315     I0 ^= (I1 >> 8) | (I1 << 24);
00316     I1 ^= (I0 >> 8) | (I0 << 24);
00317 
00318     z[0] ^= I1;
00319     z[1] ^= I0;
00320 }
00321 
00322 void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
00323 {
00324     memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
00325 }
00326 
00327 void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
00328 {
00329     if( ctx == NULL )
00330         return;
00331 
00332     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
00333 }
00334 
00335 /*
00336  * Camellia key schedule (encryption)
00337  */
00338 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
00339                          unsigned int keybits )
00340 {
00341     int idx;
00342     size_t i;
00343     uint32_t *RK;
00344     unsigned char t[64];
00345     uint32_t SIGMA[6][2];
00346     uint32_t KC[16];
00347     uint32_t TK[20];
00348 
00349     RK = ctx->rk ;
00350 
00351     memset( t, 0, 64 );
00352     memset( RK, 0, sizeof(ctx->rk ) );
00353 
00354     switch( keybits )
00355     {
00356         case 128: ctx->nr  = 3; idx = 0; break;
00357         case 192:
00358         case 256: ctx->nr  = 4; idx = 1; break;
00359         default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
00360     }
00361 
00362     for( i = 0; i < keybits / 8; ++i )
00363         t[i] = key[i];
00364 
00365     if( keybits == 192 ) {
00366         for( i = 0; i < 8; i++ )
00367             t[24 + i] = ~t[16 + i];
00368     }
00369 
00370     /*
00371      * Prepare SIGMA values
00372      */
00373     for( i = 0; i < 6; i++ ) {
00374         GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
00375         GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
00376     }
00377 
00378     /*
00379      * Key storage in KC
00380      * Order: KL, KR, KA, KB
00381      */
00382     memset( KC, 0, sizeof(KC) );
00383 
00384     /* Store KL, KR */
00385     for( i = 0; i < 8; i++ )
00386         GET_UINT32_BE( KC[i], t, i * 4 );
00387 
00388     /* Generate KA */
00389     for( i = 0; i < 4; ++i )
00390         KC[8 + i] = KC[i] ^ KC[4 + i];
00391 
00392     camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
00393     camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
00394 
00395     for( i = 0; i < 4; ++i )
00396         KC[8 + i] ^= KC[i];
00397 
00398     camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
00399     camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
00400 
00401     if( keybits > 128 ) {
00402         /* Generate KB */
00403         for( i = 0; i < 4; ++i )
00404             KC[12 + i] = KC[4 + i] ^ KC[8 + i];
00405 
00406         camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
00407         camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
00408     }
00409 
00410     /*
00411      * Generating subkeys
00412      */
00413 
00414     /* Manipulating KL */
00415     SHIFT_AND_PLACE( idx, 0 );
00416 
00417     /* Manipulating KR */
00418     if( keybits > 128 ) {
00419         SHIFT_AND_PLACE( idx, 1 );
00420     }
00421 
00422     /* Manipulating KA */
00423     SHIFT_AND_PLACE( idx, 2 );
00424 
00425     /* Manipulating KB */
00426     if( keybits > 128 ) {
00427         SHIFT_AND_PLACE( idx, 3 );
00428     }
00429 
00430     /* Do transpositions */
00431     for( i = 0; i < 20; i++ ) {
00432         if( transposes[idx][i] != -1 ) {
00433             RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
00434         }
00435     }
00436 
00437     return( 0 );
00438 }
00439 
00440 /*
00441  * Camellia key schedule (decryption)
00442  */
00443 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
00444                          unsigned int keybits )
00445 {
00446     int idx, ret;
00447     size_t i;
00448     mbedtls_camellia_context cty;
00449     uint32_t *RK;
00450     uint32_t *SK;
00451 
00452     mbedtls_camellia_init( &cty );
00453 
00454     /* Also checks keybits */
00455     if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
00456         goto exit;
00457 
00458     ctx->nr  = cty.nr ;
00459     idx = ( ctx->nr  == 4 );
00460 
00461     RK = ctx->rk ;
00462     SK = cty.rk  + 24 * 2 + 8 * idx * 2;
00463 
00464     *RK++ = *SK++;
00465     *RK++ = *SK++;
00466     *RK++ = *SK++;
00467     *RK++ = *SK++;
00468 
00469     for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
00470     {
00471         *RK++ = *SK++;
00472         *RK++ = *SK++;
00473     }
00474 
00475     SK -= 2;
00476 
00477     *RK++ = *SK++;
00478     *RK++ = *SK++;
00479     *RK++ = *SK++;
00480     *RK++ = *SK++;
00481 
00482 exit:
00483     mbedtls_camellia_free( &cty );
00484 
00485     return( ret );
00486 }
00487 
00488 /*
00489  * Camellia-ECB block encryption/decryption
00490  */
00491 int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
00492                     int mode,
00493                     const unsigned char input[16],
00494                     unsigned char output[16] )
00495 {
00496     int NR;
00497     uint32_t *RK, X[4];
00498 
00499     ( (void) mode );
00500 
00501     NR = ctx->nr ;
00502     RK = ctx->rk ;
00503 
00504     GET_UINT32_BE( X[0], input,  0 );
00505     GET_UINT32_BE( X[1], input,  4 );
00506     GET_UINT32_BE( X[2], input,  8 );
00507     GET_UINT32_BE( X[3], input, 12 );
00508 
00509     X[0] ^= *RK++;
00510     X[1] ^= *RK++;
00511     X[2] ^= *RK++;
00512     X[3] ^= *RK++;
00513 
00514     while( NR ) {
00515         --NR;
00516         camellia_feistel( X, RK, X + 2 );
00517         RK += 2;
00518         camellia_feistel( X + 2, RK, X );
00519         RK += 2;
00520         camellia_feistel( X, RK, X + 2 );
00521         RK += 2;
00522         camellia_feistel( X + 2, RK, X );
00523         RK += 2;
00524         camellia_feistel( X, RK, X + 2 );
00525         RK += 2;
00526         camellia_feistel( X + 2, RK, X );
00527         RK += 2;
00528 
00529         if( NR ) {
00530             FL(X[0], X[1], RK[0], RK[1]);
00531             RK += 2;
00532             FLInv(X[2], X[3], RK[0], RK[1]);
00533             RK += 2;
00534         }
00535     }
00536 
00537     X[2] ^= *RK++;
00538     X[3] ^= *RK++;
00539     X[0] ^= *RK++;
00540     X[1] ^= *RK++;
00541 
00542     PUT_UINT32_BE( X[2], output,  0 );
00543     PUT_UINT32_BE( X[3], output,  4 );
00544     PUT_UINT32_BE( X[0], output,  8 );
00545     PUT_UINT32_BE( X[1], output, 12 );
00546 
00547     return( 0 );
00548 }
00549 
00550 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00551 /*
00552  * Camellia-CBC buffer encryption/decryption
00553  */
00554 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
00555                     int mode,
00556                     size_t length,
00557                     unsigned char iv[16],
00558                     const unsigned char *input,
00559                     unsigned char *output )
00560 {
00561     int i;
00562     unsigned char temp[16];
00563 
00564     if( length % 16 )
00565         return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
00566 
00567     if( mode == MBEDTLS_CAMELLIA_DECRYPT )
00568     {
00569         while( length > 0 )
00570         {
00571             memcpy( temp, input, 16 );
00572             mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
00573 
00574             for( i = 0; i < 16; i++ )
00575                 output[i] = (unsigned char)( output[i] ^ iv[i] );
00576 
00577             memcpy( iv, temp, 16 );
00578 
00579             input  += 16;
00580             output += 16;
00581             length -= 16;
00582         }
00583     }
00584     else
00585     {
00586         while( length > 0 )
00587         {
00588             for( i = 0; i < 16; i++ )
00589                 output[i] = (unsigned char)( input[i] ^ iv[i] );
00590 
00591             mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
00592             memcpy( iv, output, 16 );
00593 
00594             input  += 16;
00595             output += 16;
00596             length -= 16;
00597         }
00598     }
00599 
00600     return( 0 );
00601 }
00602 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00603 
00604 #if defined(MBEDTLS_CIPHER_MODE_CFB)
00605 /*
00606  * Camellia-CFB128 buffer encryption/decryption
00607  */
00608 int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
00609                        int mode,
00610                        size_t length,
00611                        size_t *iv_off,
00612                        unsigned char iv[16],
00613                        const unsigned char *input,
00614                        unsigned char *output )
00615 {
00616     int c;
00617     size_t n = *iv_off;
00618 
00619     if( mode == MBEDTLS_CAMELLIA_DECRYPT )
00620     {
00621         while( length-- )
00622         {
00623             if( n == 0 )
00624                 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
00625 
00626             c = *input++;
00627             *output++ = (unsigned char)( c ^ iv[n] );
00628             iv[n] = (unsigned char) c;
00629 
00630             n = ( n + 1 ) & 0x0F;
00631         }
00632     }
00633     else
00634     {
00635         while( length-- )
00636         {
00637             if( n == 0 )
00638                 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
00639 
00640             iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
00641 
00642             n = ( n + 1 ) & 0x0F;
00643         }
00644     }
00645 
00646     *iv_off = n;
00647 
00648     return( 0 );
00649 }
00650 #endif /* MBEDTLS_CIPHER_MODE_CFB */
00651 
00652 #if defined(MBEDTLS_CIPHER_MODE_CTR)
00653 /*
00654  * Camellia-CTR buffer encryption/decryption
00655  */
00656 int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
00657                        size_t length,
00658                        size_t *nc_off,
00659                        unsigned char nonce_counter[16],
00660                        unsigned char stream_block[16],
00661                        const unsigned char *input,
00662                        unsigned char *output )
00663 {
00664     int c, i;
00665     size_t n = *nc_off;
00666 
00667     while( length-- )
00668     {
00669         if( n == 0 ) {
00670             mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
00671                                 stream_block );
00672 
00673             for( i = 16; i > 0; i-- )
00674                 if( ++nonce_counter[i - 1] != 0 )
00675                     break;
00676         }
00677         c = *input++;
00678         *output++ = (unsigned char)( c ^ stream_block[n] );
00679 
00680         n = ( n + 1 ) & 0x0F;
00681     }
00682 
00683     *nc_off = n;
00684 
00685     return( 0 );
00686 }
00687 #endif /* MBEDTLS_CIPHER_MODE_CTR */
00688 #endif /* !MBEDTLS_CAMELLIA_ALT */
00689 
00690 #if defined(MBEDTLS_SELF_TEST)
00691 
00692 /*
00693  * Camellia test vectors from:
00694  *
00695  * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
00696  *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
00697  *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
00698  *                      (For each bitlength: Key 0, Nr 39)
00699  */
00700 #define CAMELLIA_TESTS_ECB  2
00701 
00702 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
00703 {
00704     {
00705         { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00706           0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
00707         { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00708           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00709     },
00710     {
00711         { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00712           0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
00713           0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
00714         { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00715           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00716           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00717     },
00718     {
00719         { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00720           0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
00721           0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
00722           0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
00723         { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00724           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00725           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00726           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00727     },
00728 };
00729 
00730 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
00731 {
00732     { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00733       0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
00734     { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
00735       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00736 };
00737 
00738 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
00739 {
00740     {
00741         { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
00742           0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
00743         { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
00744           0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
00745     },
00746     {
00747         { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
00748           0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
00749         { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
00750           0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
00751     },
00752     {
00753         { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
00754           0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
00755         { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
00756           0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
00757     }
00758 };
00759 
00760 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00761 #define CAMELLIA_TESTS_CBC  3
00762 
00763 static const unsigned char camellia_test_cbc_key[3][32] =
00764 {
00765         { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
00766           0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
00767     ,
00768         { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
00769           0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
00770           0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
00771     ,
00772         { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
00773           0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
00774           0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
00775           0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
00776 };
00777 
00778 static const unsigned char camellia_test_cbc_iv[16] =
00779 
00780     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00781       0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
00782 ;
00783 
00784 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
00785 {
00786     { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
00787       0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
00788     { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
00789       0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
00790     { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
00791       0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
00792 
00793 };
00794 
00795 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
00796 {
00797     {
00798         { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
00799           0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
00800         { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
00801           0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
00802         { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
00803           0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
00804     },
00805     {
00806         { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
00807           0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
00808         { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
00809           0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
00810         { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
00811           0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
00812     },
00813     {
00814         { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
00815           0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
00816         { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
00817           0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
00818         { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
00819           0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
00820     }
00821 };
00822 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00823 
00824 #if defined(MBEDTLS_CIPHER_MODE_CTR)
00825 /*
00826  * Camellia-CTR test vectors from:
00827  *
00828  * http://www.faqs.org/rfcs/rfc5528.html
00829  */
00830 
00831 static const unsigned char camellia_test_ctr_key[3][16] =
00832 {
00833     { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
00834       0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
00835     { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
00836       0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
00837     { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
00838       0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
00839 };
00840 
00841 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
00842 {
00843     { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
00844       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
00845     { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
00846       0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
00847     { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
00848       0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
00849 };
00850 
00851 static const unsigned char camellia_test_ctr_pt[3][48] =
00852 {
00853     { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
00854       0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
00855 
00856     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00857       0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
00858       0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
00859       0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
00860 
00861     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00862       0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
00863       0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
00864       0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
00865       0x20, 0x21, 0x22, 0x23 }
00866 };
00867 
00868 static const unsigned char camellia_test_ctr_ct[3][48] =
00869 {
00870     { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
00871       0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
00872     { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
00873       0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
00874       0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
00875       0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
00876     { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
00877       0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
00878       0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
00879       0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
00880       0xDF, 0x50, 0x86, 0x96 }
00881 };
00882 
00883 static const int camellia_test_ctr_len[3] =
00884     { 16, 32, 36 };
00885 #endif /* MBEDTLS_CIPHER_MODE_CTR */
00886 
00887 /*
00888  * Checkup routine
00889  */
00890 int mbedtls_camellia_self_test( int verbose )
00891 {
00892     int i, j, u, v;
00893     unsigned char key[32];
00894     unsigned char buf[64];
00895     unsigned char src[16];
00896     unsigned char dst[16];
00897 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00898     unsigned char iv[16];
00899 #endif
00900 #if defined(MBEDTLS_CIPHER_MODE_CTR)
00901     size_t offset, len;
00902     unsigned char nonce_counter[16];
00903     unsigned char stream_block[16];
00904 #endif
00905 
00906     mbedtls_camellia_context ctx;
00907 
00908     memset( key, 0, 32 );
00909 
00910     for( j = 0; j < 6; j++ ) {
00911         u = j >> 1;
00912     v = j & 1;
00913 
00914     if( verbose != 0 )
00915         mbedtls_printf( "  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
00916                          (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
00917 
00918     for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
00919         memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
00920 
00921         if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
00922             mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
00923             memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
00924             memcpy( dst, camellia_test_ecb_plain[i], 16 );
00925         } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
00926             mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
00927             memcpy( src, camellia_test_ecb_plain[i], 16 );
00928             memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
00929         }
00930 
00931         mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
00932 
00933         if( memcmp( buf, dst, 16 ) != 0 )
00934         {
00935             if( verbose != 0 )
00936                 mbedtls_printf( "failed\n" );
00937 
00938             return( 1 );
00939         }
00940     }
00941 
00942     if( verbose != 0 )
00943         mbedtls_printf( "passed\n" );
00944     }
00945 
00946     if( verbose != 0 )
00947         mbedtls_printf( "\n" );
00948 
00949 #if defined(MBEDTLS_CIPHER_MODE_CBC)
00950     /*
00951      * CBC mode
00952      */
00953     for( j = 0; j < 6; j++ )
00954     {
00955         u = j >> 1;
00956         v = j  & 1;
00957 
00958         if( verbose != 0 )
00959             mbedtls_printf( "  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
00960                              ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
00961 
00962         memcpy( src, camellia_test_cbc_iv, 16 );
00963         memcpy( dst, camellia_test_cbc_iv, 16 );
00964         memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
00965 
00966         if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
00967             mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
00968         } else {
00969             mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
00970         }
00971 
00972         for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
00973 
00974             if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
00975                 memcpy( iv , src, 16 );
00976                 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
00977                 memcpy( dst, camellia_test_cbc_plain[i], 16 );
00978             } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
00979                 memcpy( iv , dst, 16 );
00980                 memcpy( src, camellia_test_cbc_plain[i], 16 );
00981                 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
00982             }
00983 
00984             mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
00985 
00986             if( memcmp( buf, dst, 16 ) != 0 )
00987             {
00988                 if( verbose != 0 )
00989                     mbedtls_printf( "failed\n" );
00990 
00991                 return( 1 );
00992             }
00993         }
00994 
00995         if( verbose != 0 )
00996             mbedtls_printf( "passed\n" );
00997     }
00998 #endif /* MBEDTLS_CIPHER_MODE_CBC */
00999 
01000     if( verbose != 0 )
01001         mbedtls_printf( "\n" );
01002 
01003 #if defined(MBEDTLS_CIPHER_MODE_CTR)
01004     /*
01005      * CTR mode
01006      */
01007     for( i = 0; i < 6; i++ )
01008     {
01009         u = i >> 1;
01010         v = i  & 1;
01011 
01012         if( verbose != 0 )
01013             mbedtls_printf( "  CAMELLIA-CTR-128 (%s): ",
01014                              ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
01015 
01016         memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
01017         memcpy( key, camellia_test_ctr_key[u], 16 );
01018 
01019         offset = 0;
01020         mbedtls_camellia_setkey_enc( &ctx, key, 128 );
01021 
01022         if( v == MBEDTLS_CAMELLIA_DECRYPT )
01023         {
01024             len = camellia_test_ctr_len[u];
01025             memcpy( buf, camellia_test_ctr_ct[u], len );
01026 
01027             mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
01028                                 buf, buf );
01029 
01030             if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
01031             {
01032                 if( verbose != 0 )
01033                     mbedtls_printf( "failed\n" );
01034 
01035                 return( 1 );
01036             }
01037         }
01038         else
01039         {
01040             len = camellia_test_ctr_len[u];
01041             memcpy( buf, camellia_test_ctr_pt[u], len );
01042 
01043             mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
01044                                 buf, buf );
01045 
01046             if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
01047             {
01048                 if( verbose != 0 )
01049                     mbedtls_printf( "failed\n" );
01050 
01051                 return( 1 );
01052             }
01053         }
01054 
01055         if( verbose != 0 )
01056             mbedtls_printf( "passed\n" );
01057     }
01058 
01059     if( verbose != 0 )
01060         mbedtls_printf( "\n" );
01061 #endif /* MBEDTLS_CIPHER_MODE_CTR */
01062 
01063     return( 0 );
01064 }
01065 
01066 #endif /* MBEDTLS_SELF_TEST */
01067 
01068 #endif /* MBEDTLS_CAMELLIA_C */