mbed-os5 only for TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Committer:
kenjiArai
Date:
Tue Dec 17 23:23:45 2019 +0000
Revision:
0:5b88d5760320
mbed-os5 only for TYBLE16

Who changed what in which revision?

UserRevisionLine numberNew contents of line
kenjiArai 0:5b88d5760320 1 /*
kenjiArai 0:5b88d5760320 2 * Camellia implementation
kenjiArai 0:5b88d5760320 3 *
kenjiArai 0:5b88d5760320 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
kenjiArai 0:5b88d5760320 5 * SPDX-License-Identifier: Apache-2.0
kenjiArai 0:5b88d5760320 6 *
kenjiArai 0:5b88d5760320 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
kenjiArai 0:5b88d5760320 8 * not use this file except in compliance with the License.
kenjiArai 0:5b88d5760320 9 * You may obtain a copy of the License at
kenjiArai 0:5b88d5760320 10 *
kenjiArai 0:5b88d5760320 11 * http://www.apache.org/licenses/LICENSE-2.0
kenjiArai 0:5b88d5760320 12 *
kenjiArai 0:5b88d5760320 13 * Unless required by applicable law or agreed to in writing, software
kenjiArai 0:5b88d5760320 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
kenjiArai 0:5b88d5760320 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
kenjiArai 0:5b88d5760320 16 * See the License for the specific language governing permissions and
kenjiArai 0:5b88d5760320 17 * limitations under the License.
kenjiArai 0:5b88d5760320 18 *
kenjiArai 0:5b88d5760320 19 * This file is part of mbed TLS (https://tls.mbed.org)
kenjiArai 0:5b88d5760320 20 */
kenjiArai 0:5b88d5760320 21 /*
kenjiArai 0:5b88d5760320 22 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
kenjiArai 0:5b88d5760320 23 * Corporation.
kenjiArai 0:5b88d5760320 24 *
kenjiArai 0:5b88d5760320 25 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
kenjiArai 0:5b88d5760320 26 */
kenjiArai 0:5b88d5760320 27
kenjiArai 0:5b88d5760320 28 #if !defined(MBEDTLS_CONFIG_FILE)
kenjiArai 0:5b88d5760320 29 #include "mbedtls/config.h"
kenjiArai 0:5b88d5760320 30 #else
kenjiArai 0:5b88d5760320 31 #include MBEDTLS_CONFIG_FILE
kenjiArai 0:5b88d5760320 32 #endif
kenjiArai 0:5b88d5760320 33
kenjiArai 0:5b88d5760320 34 #if defined(MBEDTLS_CAMELLIA_C)
kenjiArai 0:5b88d5760320 35
kenjiArai 0:5b88d5760320 36 #include "mbedtls/camellia.h"
kenjiArai 0:5b88d5760320 37 #include "mbedtls/platform_util.h"
kenjiArai 0:5b88d5760320 38
kenjiArai 0:5b88d5760320 39 #include <string.h>
kenjiArai 0:5b88d5760320 40
kenjiArai 0:5b88d5760320 41 #if defined(MBEDTLS_SELF_TEST)
kenjiArai 0:5b88d5760320 42 #if defined(MBEDTLS_PLATFORM_C)
kenjiArai 0:5b88d5760320 43 #include "mbedtls/platform.h"
kenjiArai 0:5b88d5760320 44 #else
kenjiArai 0:5b88d5760320 45 #include <stdio.h>
kenjiArai 0:5b88d5760320 46 #define mbedtls_printf printf
kenjiArai 0:5b88d5760320 47 #endif /* MBEDTLS_PLATFORM_C */
kenjiArai 0:5b88d5760320 48 #endif /* MBEDTLS_SELF_TEST */
kenjiArai 0:5b88d5760320 49
kenjiArai 0:5b88d5760320 50 #if !defined(MBEDTLS_CAMELLIA_ALT)
kenjiArai 0:5b88d5760320 51
kenjiArai 0:5b88d5760320 52 /* Parameter validation macros */
kenjiArai 0:5b88d5760320 53 #define CAMELLIA_VALIDATE_RET( cond ) \
kenjiArai 0:5b88d5760320 54 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
kenjiArai 0:5b88d5760320 55 #define CAMELLIA_VALIDATE( cond ) \
kenjiArai 0:5b88d5760320 56 MBEDTLS_INTERNAL_VALIDATE( cond )
kenjiArai 0:5b88d5760320 57
kenjiArai 0:5b88d5760320 58 /*
kenjiArai 0:5b88d5760320 59 * 32-bit integer manipulation macros (big endian)
kenjiArai 0:5b88d5760320 60 */
kenjiArai 0:5b88d5760320 61 #ifndef GET_UINT32_BE
kenjiArai 0:5b88d5760320 62 #define GET_UINT32_BE(n,b,i) \
kenjiArai 0:5b88d5760320 63 { \
kenjiArai 0:5b88d5760320 64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
kenjiArai 0:5b88d5760320 65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
kenjiArai 0:5b88d5760320 66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
kenjiArai 0:5b88d5760320 67 | ( (uint32_t) (b)[(i) + 3] ); \
kenjiArai 0:5b88d5760320 68 }
kenjiArai 0:5b88d5760320 69 #endif
kenjiArai 0:5b88d5760320 70
kenjiArai 0:5b88d5760320 71 #ifndef PUT_UINT32_BE
kenjiArai 0:5b88d5760320 72 #define PUT_UINT32_BE(n,b,i) \
kenjiArai 0:5b88d5760320 73 { \
kenjiArai 0:5b88d5760320 74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
kenjiArai 0:5b88d5760320 75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
kenjiArai 0:5b88d5760320 76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
kenjiArai 0:5b88d5760320 77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
kenjiArai 0:5b88d5760320 78 }
kenjiArai 0:5b88d5760320 79 #endif
kenjiArai 0:5b88d5760320 80
kenjiArai 0:5b88d5760320 81 static const unsigned char SIGMA_CHARS[6][8] =
kenjiArai 0:5b88d5760320 82 {
kenjiArai 0:5b88d5760320 83 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
kenjiArai 0:5b88d5760320 84 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
kenjiArai 0:5b88d5760320 85 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
kenjiArai 0:5b88d5760320 86 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
kenjiArai 0:5b88d5760320 87 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
kenjiArai 0:5b88d5760320 88 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
kenjiArai 0:5b88d5760320 89 };
kenjiArai 0:5b88d5760320 90
kenjiArai 0:5b88d5760320 91 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
kenjiArai 0:5b88d5760320 92
kenjiArai 0:5b88d5760320 93 static const unsigned char FSb[256] =
kenjiArai 0:5b88d5760320 94 {
kenjiArai 0:5b88d5760320 95 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
kenjiArai 0:5b88d5760320 96 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
kenjiArai 0:5b88d5760320 97 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
kenjiArai 0:5b88d5760320 98 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
kenjiArai 0:5b88d5760320 99 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
kenjiArai 0:5b88d5760320 100 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
kenjiArai 0:5b88d5760320 101 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
kenjiArai 0:5b88d5760320 102 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
kenjiArai 0:5b88d5760320 103 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
kenjiArai 0:5b88d5760320 104 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
kenjiArai 0:5b88d5760320 105 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
kenjiArai 0:5b88d5760320 106 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
kenjiArai 0:5b88d5760320 107 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
kenjiArai 0:5b88d5760320 108 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
kenjiArai 0:5b88d5760320 109 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
kenjiArai 0:5b88d5760320 110 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
kenjiArai 0:5b88d5760320 111 };
kenjiArai 0:5b88d5760320 112
kenjiArai 0:5b88d5760320 113 #define SBOX1(n) FSb[(n)]
kenjiArai 0:5b88d5760320 114 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
kenjiArai 0:5b88d5760320 115 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
kenjiArai 0:5b88d5760320 116 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
kenjiArai 0:5b88d5760320 117
kenjiArai 0:5b88d5760320 118 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
kenjiArai 0:5b88d5760320 119
kenjiArai 0:5b88d5760320 120 static const unsigned char FSb[256] =
kenjiArai 0:5b88d5760320 121 {
kenjiArai 0:5b88d5760320 122 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
kenjiArai 0:5b88d5760320 123 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
kenjiArai 0:5b88d5760320 124 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
kenjiArai 0:5b88d5760320 125 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
kenjiArai 0:5b88d5760320 126 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
kenjiArai 0:5b88d5760320 127 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
kenjiArai 0:5b88d5760320 128 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
kenjiArai 0:5b88d5760320 129 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
kenjiArai 0:5b88d5760320 130 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
kenjiArai 0:5b88d5760320 131 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
kenjiArai 0:5b88d5760320 132 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
kenjiArai 0:5b88d5760320 133 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
kenjiArai 0:5b88d5760320 134 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
kenjiArai 0:5b88d5760320 135 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
kenjiArai 0:5b88d5760320 136 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
kenjiArai 0:5b88d5760320 137 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
kenjiArai 0:5b88d5760320 138 };
kenjiArai 0:5b88d5760320 139
kenjiArai 0:5b88d5760320 140 static const unsigned char FSb2[256] =
kenjiArai 0:5b88d5760320 141 {
kenjiArai 0:5b88d5760320 142 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
kenjiArai 0:5b88d5760320 143 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
kenjiArai 0:5b88d5760320 144 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
kenjiArai 0:5b88d5760320 145 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
kenjiArai 0:5b88d5760320 146 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
kenjiArai 0:5b88d5760320 147 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
kenjiArai 0:5b88d5760320 148 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
kenjiArai 0:5b88d5760320 149 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
kenjiArai 0:5b88d5760320 150 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
kenjiArai 0:5b88d5760320 151 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
kenjiArai 0:5b88d5760320 152 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
kenjiArai 0:5b88d5760320 153 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
kenjiArai 0:5b88d5760320 154 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
kenjiArai 0:5b88d5760320 155 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
kenjiArai 0:5b88d5760320 156 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
kenjiArai 0:5b88d5760320 157 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
kenjiArai 0:5b88d5760320 158 };
kenjiArai 0:5b88d5760320 159
kenjiArai 0:5b88d5760320 160 static const unsigned char FSb3[256] =
kenjiArai 0:5b88d5760320 161 {
kenjiArai 0:5b88d5760320 162 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
kenjiArai 0:5b88d5760320 163 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
kenjiArai 0:5b88d5760320 164 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
kenjiArai 0:5b88d5760320 165 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
kenjiArai 0:5b88d5760320 166 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
kenjiArai 0:5b88d5760320 167 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
kenjiArai 0:5b88d5760320 168 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
kenjiArai 0:5b88d5760320 169 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
kenjiArai 0:5b88d5760320 170 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
kenjiArai 0:5b88d5760320 171 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
kenjiArai 0:5b88d5760320 172 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
kenjiArai 0:5b88d5760320 173 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
kenjiArai 0:5b88d5760320 174 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
kenjiArai 0:5b88d5760320 175 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
kenjiArai 0:5b88d5760320 176 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
kenjiArai 0:5b88d5760320 177 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
kenjiArai 0:5b88d5760320 178 };
kenjiArai 0:5b88d5760320 179
kenjiArai 0:5b88d5760320 180 static const unsigned char FSb4[256] =
kenjiArai 0:5b88d5760320 181 {
kenjiArai 0:5b88d5760320 182 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
kenjiArai 0:5b88d5760320 183 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
kenjiArai 0:5b88d5760320 184 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
kenjiArai 0:5b88d5760320 185 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
kenjiArai 0:5b88d5760320 186 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
kenjiArai 0:5b88d5760320 187 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
kenjiArai 0:5b88d5760320 188 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
kenjiArai 0:5b88d5760320 189 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
kenjiArai 0:5b88d5760320 190 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
kenjiArai 0:5b88d5760320 191 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
kenjiArai 0:5b88d5760320 192 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
kenjiArai 0:5b88d5760320 193 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
kenjiArai 0:5b88d5760320 194 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
kenjiArai 0:5b88d5760320 195 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
kenjiArai 0:5b88d5760320 196 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
kenjiArai 0:5b88d5760320 197 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
kenjiArai 0:5b88d5760320 198 };
kenjiArai 0:5b88d5760320 199
kenjiArai 0:5b88d5760320 200 #define SBOX1(n) FSb[(n)]
kenjiArai 0:5b88d5760320 201 #define SBOX2(n) FSb2[(n)]
kenjiArai 0:5b88d5760320 202 #define SBOX3(n) FSb3[(n)]
kenjiArai 0:5b88d5760320 203 #define SBOX4(n) FSb4[(n)]
kenjiArai 0:5b88d5760320 204
kenjiArai 0:5b88d5760320 205 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
kenjiArai 0:5b88d5760320 206
kenjiArai 0:5b88d5760320 207 static const unsigned char shifts[2][4][4] =
kenjiArai 0:5b88d5760320 208 {
kenjiArai 0:5b88d5760320 209 {
kenjiArai 0:5b88d5760320 210 { 1, 1, 1, 1 }, /* KL */
kenjiArai 0:5b88d5760320 211 { 0, 0, 0, 0 }, /* KR */
kenjiArai 0:5b88d5760320 212 { 1, 1, 1, 1 }, /* KA */
kenjiArai 0:5b88d5760320 213 { 0, 0, 0, 0 } /* KB */
kenjiArai 0:5b88d5760320 214 },
kenjiArai 0:5b88d5760320 215 {
kenjiArai 0:5b88d5760320 216 { 1, 0, 1, 1 }, /* KL */
kenjiArai 0:5b88d5760320 217 { 1, 1, 0, 1 }, /* KR */
kenjiArai 0:5b88d5760320 218 { 1, 1, 1, 0 }, /* KA */
kenjiArai 0:5b88d5760320 219 { 1, 1, 0, 1 } /* KB */
kenjiArai 0:5b88d5760320 220 }
kenjiArai 0:5b88d5760320 221 };
kenjiArai 0:5b88d5760320 222
kenjiArai 0:5b88d5760320 223 static const signed char indexes[2][4][20] =
kenjiArai 0:5b88d5760320 224 {
kenjiArai 0:5b88d5760320 225 {
kenjiArai 0:5b88d5760320 226 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
kenjiArai 0:5b88d5760320 227 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
kenjiArai 0:5b88d5760320 228 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
kenjiArai 0:5b88d5760320 229 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
kenjiArai 0:5b88d5760320 230 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
kenjiArai 0:5b88d5760320 231 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
kenjiArai 0:5b88d5760320 232 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
kenjiArai 0:5b88d5760320 233 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
kenjiArai 0:5b88d5760320 234 },
kenjiArai 0:5b88d5760320 235 {
kenjiArai 0:5b88d5760320 236 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
kenjiArai 0:5b88d5760320 237 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
kenjiArai 0:5b88d5760320 238 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
kenjiArai 0:5b88d5760320 239 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
kenjiArai 0:5b88d5760320 240 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
kenjiArai 0:5b88d5760320 241 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
kenjiArai 0:5b88d5760320 242 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
kenjiArai 0:5b88d5760320 243 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
kenjiArai 0:5b88d5760320 244 }
kenjiArai 0:5b88d5760320 245 };
kenjiArai 0:5b88d5760320 246
kenjiArai 0:5b88d5760320 247 static const signed char transposes[2][20] =
kenjiArai 0:5b88d5760320 248 {
kenjiArai 0:5b88d5760320 249 {
kenjiArai 0:5b88d5760320 250 21, 22, 23, 20,
kenjiArai 0:5b88d5760320 251 -1, -1, -1, -1,
kenjiArai 0:5b88d5760320 252 18, 19, 16, 17,
kenjiArai 0:5b88d5760320 253 11, 8, 9, 10,
kenjiArai 0:5b88d5760320 254 15, 12, 13, 14
kenjiArai 0:5b88d5760320 255 },
kenjiArai 0:5b88d5760320 256 {
kenjiArai 0:5b88d5760320 257 25, 26, 27, 24,
kenjiArai 0:5b88d5760320 258 29, 30, 31, 28,
kenjiArai 0:5b88d5760320 259 18, 19, 16, 17,
kenjiArai 0:5b88d5760320 260 -1, -1, -1, -1,
kenjiArai 0:5b88d5760320 261 -1, -1, -1, -1
kenjiArai 0:5b88d5760320 262 }
kenjiArai 0:5b88d5760320 263 };
kenjiArai 0:5b88d5760320 264
kenjiArai 0:5b88d5760320 265 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
kenjiArai 0:5b88d5760320 266 #define ROTL(DEST, SRC, SHIFT) \
kenjiArai 0:5b88d5760320 267 { \
kenjiArai 0:5b88d5760320 268 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
kenjiArai 0:5b88d5760320 269 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
kenjiArai 0:5b88d5760320 270 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
kenjiArai 0:5b88d5760320 271 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
kenjiArai 0:5b88d5760320 272 }
kenjiArai 0:5b88d5760320 273
kenjiArai 0:5b88d5760320 274 #define FL(XL, XR, KL, KR) \
kenjiArai 0:5b88d5760320 275 { \
kenjiArai 0:5b88d5760320 276 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
kenjiArai 0:5b88d5760320 277 (XL) = ((XR) | (KR)) ^ (XL); \
kenjiArai 0:5b88d5760320 278 }
kenjiArai 0:5b88d5760320 279
kenjiArai 0:5b88d5760320 280 #define FLInv(YL, YR, KL, KR) \
kenjiArai 0:5b88d5760320 281 { \
kenjiArai 0:5b88d5760320 282 (YL) = ((YR) | (KR)) ^ (YL); \
kenjiArai 0:5b88d5760320 283 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
kenjiArai 0:5b88d5760320 284 }
kenjiArai 0:5b88d5760320 285
kenjiArai 0:5b88d5760320 286 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
kenjiArai 0:5b88d5760320 287 { \
kenjiArai 0:5b88d5760320 288 TK[0] = KC[(OFFSET) * 4 + 0]; \
kenjiArai 0:5b88d5760320 289 TK[1] = KC[(OFFSET) * 4 + 1]; \
kenjiArai 0:5b88d5760320 290 TK[2] = KC[(OFFSET) * 4 + 2]; \
kenjiArai 0:5b88d5760320 291 TK[3] = KC[(OFFSET) * 4 + 3]; \
kenjiArai 0:5b88d5760320 292 \
kenjiArai 0:5b88d5760320 293 for( i = 1; i <= 4; i++ ) \
kenjiArai 0:5b88d5760320 294 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
kenjiArai 0:5b88d5760320 295 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
kenjiArai 0:5b88d5760320 296 \
kenjiArai 0:5b88d5760320 297 for( i = 0; i < 20; i++ ) \
kenjiArai 0:5b88d5760320 298 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
kenjiArai 0:5b88d5760320 299 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
kenjiArai 0:5b88d5760320 300 } \
kenjiArai 0:5b88d5760320 301 }
kenjiArai 0:5b88d5760320 302
kenjiArai 0:5b88d5760320 303 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
kenjiArai 0:5b88d5760320 304 uint32_t z[2])
kenjiArai 0:5b88d5760320 305 {
kenjiArai 0:5b88d5760320 306 uint32_t I0, I1;
kenjiArai 0:5b88d5760320 307 I0 = x[0] ^ k[0];
kenjiArai 0:5b88d5760320 308 I1 = x[1] ^ k[1];
kenjiArai 0:5b88d5760320 309
kenjiArai 0:5b88d5760320 310 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
kenjiArai 0:5b88d5760320 311 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
kenjiArai 0:5b88d5760320 312 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
kenjiArai 0:5b88d5760320 313 ((uint32_t) SBOX4((I0 ) & 0xFF) );
kenjiArai 0:5b88d5760320 314 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
kenjiArai 0:5b88d5760320 315 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
kenjiArai 0:5b88d5760320 316 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
kenjiArai 0:5b88d5760320 317 ((uint32_t) SBOX1((I1 ) & 0xFF) );
kenjiArai 0:5b88d5760320 318
kenjiArai 0:5b88d5760320 319 I0 ^= (I1 << 8) | (I1 >> 24);
kenjiArai 0:5b88d5760320 320 I1 ^= (I0 << 16) | (I0 >> 16);
kenjiArai 0:5b88d5760320 321 I0 ^= (I1 >> 8) | (I1 << 24);
kenjiArai 0:5b88d5760320 322 I1 ^= (I0 >> 8) | (I0 << 24);
kenjiArai 0:5b88d5760320 323
kenjiArai 0:5b88d5760320 324 z[0] ^= I1;
kenjiArai 0:5b88d5760320 325 z[1] ^= I0;
kenjiArai 0:5b88d5760320 326 }
kenjiArai 0:5b88d5760320 327
kenjiArai 0:5b88d5760320 328 void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
kenjiArai 0:5b88d5760320 329 {
kenjiArai 0:5b88d5760320 330 CAMELLIA_VALIDATE( ctx != NULL );
kenjiArai 0:5b88d5760320 331 memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
kenjiArai 0:5b88d5760320 332 }
kenjiArai 0:5b88d5760320 333
kenjiArai 0:5b88d5760320 334 void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
kenjiArai 0:5b88d5760320 335 {
kenjiArai 0:5b88d5760320 336 if( ctx == NULL )
kenjiArai 0:5b88d5760320 337 return;
kenjiArai 0:5b88d5760320 338
kenjiArai 0:5b88d5760320 339 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
kenjiArai 0:5b88d5760320 340 }
kenjiArai 0:5b88d5760320 341
kenjiArai 0:5b88d5760320 342 /*
kenjiArai 0:5b88d5760320 343 * Camellia key schedule (encryption)
kenjiArai 0:5b88d5760320 344 */
kenjiArai 0:5b88d5760320 345 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
kenjiArai 0:5b88d5760320 346 const unsigned char *key,
kenjiArai 0:5b88d5760320 347 unsigned int keybits )
kenjiArai 0:5b88d5760320 348 {
kenjiArai 0:5b88d5760320 349 int idx;
kenjiArai 0:5b88d5760320 350 size_t i;
kenjiArai 0:5b88d5760320 351 uint32_t *RK;
kenjiArai 0:5b88d5760320 352 unsigned char t[64];
kenjiArai 0:5b88d5760320 353 uint32_t SIGMA[6][2];
kenjiArai 0:5b88d5760320 354 uint32_t KC[16];
kenjiArai 0:5b88d5760320 355 uint32_t TK[20];
kenjiArai 0:5b88d5760320 356
kenjiArai 0:5b88d5760320 357 CAMELLIA_VALIDATE_RET( ctx != NULL );
kenjiArai 0:5b88d5760320 358 CAMELLIA_VALIDATE_RET( key != NULL );
kenjiArai 0:5b88d5760320 359
kenjiArai 0:5b88d5760320 360 RK = ctx->rk;
kenjiArai 0:5b88d5760320 361
kenjiArai 0:5b88d5760320 362 memset( t, 0, 64 );
kenjiArai 0:5b88d5760320 363 memset( RK, 0, sizeof(ctx->rk) );
kenjiArai 0:5b88d5760320 364
kenjiArai 0:5b88d5760320 365 switch( keybits )
kenjiArai 0:5b88d5760320 366 {
kenjiArai 0:5b88d5760320 367 case 128: ctx->nr = 3; idx = 0; break;
kenjiArai 0:5b88d5760320 368 case 192:
kenjiArai 0:5b88d5760320 369 case 256: ctx->nr = 4; idx = 1; break;
kenjiArai 0:5b88d5760320 370 default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
kenjiArai 0:5b88d5760320 371 }
kenjiArai 0:5b88d5760320 372
kenjiArai 0:5b88d5760320 373 for( i = 0; i < keybits / 8; ++i )
kenjiArai 0:5b88d5760320 374 t[i] = key[i];
kenjiArai 0:5b88d5760320 375
kenjiArai 0:5b88d5760320 376 if( keybits == 192 ) {
kenjiArai 0:5b88d5760320 377 for( i = 0; i < 8; i++ )
kenjiArai 0:5b88d5760320 378 t[24 + i] = ~t[16 + i];
kenjiArai 0:5b88d5760320 379 }
kenjiArai 0:5b88d5760320 380
kenjiArai 0:5b88d5760320 381 /*
kenjiArai 0:5b88d5760320 382 * Prepare SIGMA values
kenjiArai 0:5b88d5760320 383 */
kenjiArai 0:5b88d5760320 384 for( i = 0; i < 6; i++ ) {
kenjiArai 0:5b88d5760320 385 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
kenjiArai 0:5b88d5760320 386 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
kenjiArai 0:5b88d5760320 387 }
kenjiArai 0:5b88d5760320 388
kenjiArai 0:5b88d5760320 389 /*
kenjiArai 0:5b88d5760320 390 * Key storage in KC
kenjiArai 0:5b88d5760320 391 * Order: KL, KR, KA, KB
kenjiArai 0:5b88d5760320 392 */
kenjiArai 0:5b88d5760320 393 memset( KC, 0, sizeof(KC) );
kenjiArai 0:5b88d5760320 394
kenjiArai 0:5b88d5760320 395 /* Store KL, KR */
kenjiArai 0:5b88d5760320 396 for( i = 0; i < 8; i++ )
kenjiArai 0:5b88d5760320 397 GET_UINT32_BE( KC[i], t, i * 4 );
kenjiArai 0:5b88d5760320 398
kenjiArai 0:5b88d5760320 399 /* Generate KA */
kenjiArai 0:5b88d5760320 400 for( i = 0; i < 4; ++i )
kenjiArai 0:5b88d5760320 401 KC[8 + i] = KC[i] ^ KC[4 + i];
kenjiArai 0:5b88d5760320 402
kenjiArai 0:5b88d5760320 403 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
kenjiArai 0:5b88d5760320 404 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
kenjiArai 0:5b88d5760320 405
kenjiArai 0:5b88d5760320 406 for( i = 0; i < 4; ++i )
kenjiArai 0:5b88d5760320 407 KC[8 + i] ^= KC[i];
kenjiArai 0:5b88d5760320 408
kenjiArai 0:5b88d5760320 409 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
kenjiArai 0:5b88d5760320 410 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
kenjiArai 0:5b88d5760320 411
kenjiArai 0:5b88d5760320 412 if( keybits > 128 ) {
kenjiArai 0:5b88d5760320 413 /* Generate KB */
kenjiArai 0:5b88d5760320 414 for( i = 0; i < 4; ++i )
kenjiArai 0:5b88d5760320 415 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
kenjiArai 0:5b88d5760320 416
kenjiArai 0:5b88d5760320 417 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
kenjiArai 0:5b88d5760320 418 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
kenjiArai 0:5b88d5760320 419 }
kenjiArai 0:5b88d5760320 420
kenjiArai 0:5b88d5760320 421 /*
kenjiArai 0:5b88d5760320 422 * Generating subkeys
kenjiArai 0:5b88d5760320 423 */
kenjiArai 0:5b88d5760320 424
kenjiArai 0:5b88d5760320 425 /* Manipulating KL */
kenjiArai 0:5b88d5760320 426 SHIFT_AND_PLACE( idx, 0 );
kenjiArai 0:5b88d5760320 427
kenjiArai 0:5b88d5760320 428 /* Manipulating KR */
kenjiArai 0:5b88d5760320 429 if( keybits > 128 ) {
kenjiArai 0:5b88d5760320 430 SHIFT_AND_PLACE( idx, 1 );
kenjiArai 0:5b88d5760320 431 }
kenjiArai 0:5b88d5760320 432
kenjiArai 0:5b88d5760320 433 /* Manipulating KA */
kenjiArai 0:5b88d5760320 434 SHIFT_AND_PLACE( idx, 2 );
kenjiArai 0:5b88d5760320 435
kenjiArai 0:5b88d5760320 436 /* Manipulating KB */
kenjiArai 0:5b88d5760320 437 if( keybits > 128 ) {
kenjiArai 0:5b88d5760320 438 SHIFT_AND_PLACE( idx, 3 );
kenjiArai 0:5b88d5760320 439 }
kenjiArai 0:5b88d5760320 440
kenjiArai 0:5b88d5760320 441 /* Do transpositions */
kenjiArai 0:5b88d5760320 442 for( i = 0; i < 20; i++ ) {
kenjiArai 0:5b88d5760320 443 if( transposes[idx][i] != -1 ) {
kenjiArai 0:5b88d5760320 444 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
kenjiArai 0:5b88d5760320 445 }
kenjiArai 0:5b88d5760320 446 }
kenjiArai 0:5b88d5760320 447
kenjiArai 0:5b88d5760320 448 return( 0 );
kenjiArai 0:5b88d5760320 449 }
kenjiArai 0:5b88d5760320 450
kenjiArai 0:5b88d5760320 451 /*
kenjiArai 0:5b88d5760320 452 * Camellia key schedule (decryption)
kenjiArai 0:5b88d5760320 453 */
kenjiArai 0:5b88d5760320 454 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
kenjiArai 0:5b88d5760320 455 const unsigned char *key,
kenjiArai 0:5b88d5760320 456 unsigned int keybits )
kenjiArai 0:5b88d5760320 457 {
kenjiArai 0:5b88d5760320 458 int idx, ret;
kenjiArai 0:5b88d5760320 459 size_t i;
kenjiArai 0:5b88d5760320 460 mbedtls_camellia_context cty;
kenjiArai 0:5b88d5760320 461 uint32_t *RK;
kenjiArai 0:5b88d5760320 462 uint32_t *SK;
kenjiArai 0:5b88d5760320 463 CAMELLIA_VALIDATE_RET( ctx != NULL );
kenjiArai 0:5b88d5760320 464 CAMELLIA_VALIDATE_RET( key != NULL );
kenjiArai 0:5b88d5760320 465
kenjiArai 0:5b88d5760320 466 mbedtls_camellia_init( &cty );
kenjiArai 0:5b88d5760320 467
kenjiArai 0:5b88d5760320 468 /* Also checks keybits */
kenjiArai 0:5b88d5760320 469 if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
kenjiArai 0:5b88d5760320 470 goto exit;
kenjiArai 0:5b88d5760320 471
kenjiArai 0:5b88d5760320 472 ctx->nr = cty.nr;
kenjiArai 0:5b88d5760320 473 idx = ( ctx->nr == 4 );
kenjiArai 0:5b88d5760320 474
kenjiArai 0:5b88d5760320 475 RK = ctx->rk;
kenjiArai 0:5b88d5760320 476 SK = cty.rk + 24 * 2 + 8 * idx * 2;
kenjiArai 0:5b88d5760320 477
kenjiArai 0:5b88d5760320 478 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 479 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 480 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 481 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 482
kenjiArai 0:5b88d5760320 483 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
kenjiArai 0:5b88d5760320 484 {
kenjiArai 0:5b88d5760320 485 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 486 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 487 }
kenjiArai 0:5b88d5760320 488
kenjiArai 0:5b88d5760320 489 SK -= 2;
kenjiArai 0:5b88d5760320 490
kenjiArai 0:5b88d5760320 491 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 492 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 493 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 494 *RK++ = *SK++;
kenjiArai 0:5b88d5760320 495
kenjiArai 0:5b88d5760320 496 exit:
kenjiArai 0:5b88d5760320 497 mbedtls_camellia_free( &cty );
kenjiArai 0:5b88d5760320 498
kenjiArai 0:5b88d5760320 499 return( ret );
kenjiArai 0:5b88d5760320 500 }
kenjiArai 0:5b88d5760320 501
kenjiArai 0:5b88d5760320 502 /*
kenjiArai 0:5b88d5760320 503 * Camellia-ECB block encryption/decryption
kenjiArai 0:5b88d5760320 504 */
kenjiArai 0:5b88d5760320 505 int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
kenjiArai 0:5b88d5760320 506 int mode,
kenjiArai 0:5b88d5760320 507 const unsigned char input[16],
kenjiArai 0:5b88d5760320 508 unsigned char output[16] )
kenjiArai 0:5b88d5760320 509 {
kenjiArai 0:5b88d5760320 510 int NR;
kenjiArai 0:5b88d5760320 511 uint32_t *RK, X[4];
kenjiArai 0:5b88d5760320 512 CAMELLIA_VALIDATE_RET( ctx != NULL );
kenjiArai 0:5b88d5760320 513 CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
kenjiArai 0:5b88d5760320 514 mode == MBEDTLS_CAMELLIA_DECRYPT );
kenjiArai 0:5b88d5760320 515 CAMELLIA_VALIDATE_RET( input != NULL );
kenjiArai 0:5b88d5760320 516 CAMELLIA_VALIDATE_RET( output != NULL );
kenjiArai 0:5b88d5760320 517
kenjiArai 0:5b88d5760320 518 ( (void) mode );
kenjiArai 0:5b88d5760320 519
kenjiArai 0:5b88d5760320 520 NR = ctx->nr;
kenjiArai 0:5b88d5760320 521 RK = ctx->rk;
kenjiArai 0:5b88d5760320 522
kenjiArai 0:5b88d5760320 523 GET_UINT32_BE( X[0], input, 0 );
kenjiArai 0:5b88d5760320 524 GET_UINT32_BE( X[1], input, 4 );
kenjiArai 0:5b88d5760320 525 GET_UINT32_BE( X[2], input, 8 );
kenjiArai 0:5b88d5760320 526 GET_UINT32_BE( X[3], input, 12 );
kenjiArai 0:5b88d5760320 527
kenjiArai 0:5b88d5760320 528 X[0] ^= *RK++;
kenjiArai 0:5b88d5760320 529 X[1] ^= *RK++;
kenjiArai 0:5b88d5760320 530 X[2] ^= *RK++;
kenjiArai 0:5b88d5760320 531 X[3] ^= *RK++;
kenjiArai 0:5b88d5760320 532
kenjiArai 0:5b88d5760320 533 while( NR ) {
kenjiArai 0:5b88d5760320 534 --NR;
kenjiArai 0:5b88d5760320 535 camellia_feistel( X, RK, X + 2 );
kenjiArai 0:5b88d5760320 536 RK += 2;
kenjiArai 0:5b88d5760320 537 camellia_feistel( X + 2, RK, X );
kenjiArai 0:5b88d5760320 538 RK += 2;
kenjiArai 0:5b88d5760320 539 camellia_feistel( X, RK, X + 2 );
kenjiArai 0:5b88d5760320 540 RK += 2;
kenjiArai 0:5b88d5760320 541 camellia_feistel( X + 2, RK, X );
kenjiArai 0:5b88d5760320 542 RK += 2;
kenjiArai 0:5b88d5760320 543 camellia_feistel( X, RK, X + 2 );
kenjiArai 0:5b88d5760320 544 RK += 2;
kenjiArai 0:5b88d5760320 545 camellia_feistel( X + 2, RK, X );
kenjiArai 0:5b88d5760320 546 RK += 2;
kenjiArai 0:5b88d5760320 547
kenjiArai 0:5b88d5760320 548 if( NR ) {
kenjiArai 0:5b88d5760320 549 FL(X[0], X[1], RK[0], RK[1]);
kenjiArai 0:5b88d5760320 550 RK += 2;
kenjiArai 0:5b88d5760320 551 FLInv(X[2], X[3], RK[0], RK[1]);
kenjiArai 0:5b88d5760320 552 RK += 2;
kenjiArai 0:5b88d5760320 553 }
kenjiArai 0:5b88d5760320 554 }
kenjiArai 0:5b88d5760320 555
kenjiArai 0:5b88d5760320 556 X[2] ^= *RK++;
kenjiArai 0:5b88d5760320 557 X[3] ^= *RK++;
kenjiArai 0:5b88d5760320 558 X[0] ^= *RK++;
kenjiArai 0:5b88d5760320 559 X[1] ^= *RK++;
kenjiArai 0:5b88d5760320 560
kenjiArai 0:5b88d5760320 561 PUT_UINT32_BE( X[2], output, 0 );
kenjiArai 0:5b88d5760320 562 PUT_UINT32_BE( X[3], output, 4 );
kenjiArai 0:5b88d5760320 563 PUT_UINT32_BE( X[0], output, 8 );
kenjiArai 0:5b88d5760320 564 PUT_UINT32_BE( X[1], output, 12 );
kenjiArai 0:5b88d5760320 565
kenjiArai 0:5b88d5760320 566 return( 0 );
kenjiArai 0:5b88d5760320 567 }
kenjiArai 0:5b88d5760320 568
kenjiArai 0:5b88d5760320 569 #if defined(MBEDTLS_CIPHER_MODE_CBC)
kenjiArai 0:5b88d5760320 570 /*
kenjiArai 0:5b88d5760320 571 * Camellia-CBC buffer encryption/decryption
kenjiArai 0:5b88d5760320 572 */
kenjiArai 0:5b88d5760320 573 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
kenjiArai 0:5b88d5760320 574 int mode,
kenjiArai 0:5b88d5760320 575 size_t length,
kenjiArai 0:5b88d5760320 576 unsigned char iv[16],
kenjiArai 0:5b88d5760320 577 const unsigned char *input,
kenjiArai 0:5b88d5760320 578 unsigned char *output )
kenjiArai 0:5b88d5760320 579 {
kenjiArai 0:5b88d5760320 580 int i;
kenjiArai 0:5b88d5760320 581 unsigned char temp[16];
kenjiArai 0:5b88d5760320 582 CAMELLIA_VALIDATE_RET( ctx != NULL );
kenjiArai 0:5b88d5760320 583 CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
kenjiArai 0:5b88d5760320 584 mode == MBEDTLS_CAMELLIA_DECRYPT );
kenjiArai 0:5b88d5760320 585 CAMELLIA_VALIDATE_RET( iv != NULL );
kenjiArai 0:5b88d5760320 586 CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
kenjiArai 0:5b88d5760320 587 CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
kenjiArai 0:5b88d5760320 588
kenjiArai 0:5b88d5760320 589 if( length % 16 )
kenjiArai 0:5b88d5760320 590 return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
kenjiArai 0:5b88d5760320 591
kenjiArai 0:5b88d5760320 592 if( mode == MBEDTLS_CAMELLIA_DECRYPT )
kenjiArai 0:5b88d5760320 593 {
kenjiArai 0:5b88d5760320 594 while( length > 0 )
kenjiArai 0:5b88d5760320 595 {
kenjiArai 0:5b88d5760320 596 memcpy( temp, input, 16 );
kenjiArai 0:5b88d5760320 597 mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
kenjiArai 0:5b88d5760320 598
kenjiArai 0:5b88d5760320 599 for( i = 0; i < 16; i++ )
kenjiArai 0:5b88d5760320 600 output[i] = (unsigned char)( output[i] ^ iv[i] );
kenjiArai 0:5b88d5760320 601
kenjiArai 0:5b88d5760320 602 memcpy( iv, temp, 16 );
kenjiArai 0:5b88d5760320 603
kenjiArai 0:5b88d5760320 604 input += 16;
kenjiArai 0:5b88d5760320 605 output += 16;
kenjiArai 0:5b88d5760320 606 length -= 16;
kenjiArai 0:5b88d5760320 607 }
kenjiArai 0:5b88d5760320 608 }
kenjiArai 0:5b88d5760320 609 else
kenjiArai 0:5b88d5760320 610 {
kenjiArai 0:5b88d5760320 611 while( length > 0 )
kenjiArai 0:5b88d5760320 612 {
kenjiArai 0:5b88d5760320 613 for( i = 0; i < 16; i++ )
kenjiArai 0:5b88d5760320 614 output[i] = (unsigned char)( input[i] ^ iv[i] );
kenjiArai 0:5b88d5760320 615
kenjiArai 0:5b88d5760320 616 mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
kenjiArai 0:5b88d5760320 617 memcpy( iv, output, 16 );
kenjiArai 0:5b88d5760320 618
kenjiArai 0:5b88d5760320 619 input += 16;
kenjiArai 0:5b88d5760320 620 output += 16;
kenjiArai 0:5b88d5760320 621 length -= 16;
kenjiArai 0:5b88d5760320 622 }
kenjiArai 0:5b88d5760320 623 }
kenjiArai 0:5b88d5760320 624
kenjiArai 0:5b88d5760320 625 return( 0 );
kenjiArai 0:5b88d5760320 626 }
kenjiArai 0:5b88d5760320 627 #endif /* MBEDTLS_CIPHER_MODE_CBC */
kenjiArai 0:5b88d5760320 628
kenjiArai 0:5b88d5760320 629 #if defined(MBEDTLS_CIPHER_MODE_CFB)
kenjiArai 0:5b88d5760320 630 /*
kenjiArai 0:5b88d5760320 631 * Camellia-CFB128 buffer encryption/decryption
kenjiArai 0:5b88d5760320 632 */
kenjiArai 0:5b88d5760320 633 int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
kenjiArai 0:5b88d5760320 634 int mode,
kenjiArai 0:5b88d5760320 635 size_t length,
kenjiArai 0:5b88d5760320 636 size_t *iv_off,
kenjiArai 0:5b88d5760320 637 unsigned char iv[16],
kenjiArai 0:5b88d5760320 638 const unsigned char *input,
kenjiArai 0:5b88d5760320 639 unsigned char *output )
kenjiArai 0:5b88d5760320 640 {
kenjiArai 0:5b88d5760320 641 int c;
kenjiArai 0:5b88d5760320 642 size_t n;
kenjiArai 0:5b88d5760320 643 CAMELLIA_VALIDATE_RET( ctx != NULL );
kenjiArai 0:5b88d5760320 644 CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
kenjiArai 0:5b88d5760320 645 mode == MBEDTLS_CAMELLIA_DECRYPT );
kenjiArai 0:5b88d5760320 646 CAMELLIA_VALIDATE_RET( iv != NULL );
kenjiArai 0:5b88d5760320 647 CAMELLIA_VALIDATE_RET( iv_off != NULL );
kenjiArai 0:5b88d5760320 648 CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
kenjiArai 0:5b88d5760320 649 CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
kenjiArai 0:5b88d5760320 650
kenjiArai 0:5b88d5760320 651 n = *iv_off;
kenjiArai 0:5b88d5760320 652 if( n >= 16 )
kenjiArai 0:5b88d5760320 653 return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
kenjiArai 0:5b88d5760320 654
kenjiArai 0:5b88d5760320 655 if( mode == MBEDTLS_CAMELLIA_DECRYPT )
kenjiArai 0:5b88d5760320 656 {
kenjiArai 0:5b88d5760320 657 while( length-- )
kenjiArai 0:5b88d5760320 658 {
kenjiArai 0:5b88d5760320 659 if( n == 0 )
kenjiArai 0:5b88d5760320 660 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
kenjiArai 0:5b88d5760320 661
kenjiArai 0:5b88d5760320 662 c = *input++;
kenjiArai 0:5b88d5760320 663 *output++ = (unsigned char)( c ^ iv[n] );
kenjiArai 0:5b88d5760320 664 iv[n] = (unsigned char) c;
kenjiArai 0:5b88d5760320 665
kenjiArai 0:5b88d5760320 666 n = ( n + 1 ) & 0x0F;
kenjiArai 0:5b88d5760320 667 }
kenjiArai 0:5b88d5760320 668 }
kenjiArai 0:5b88d5760320 669 else
kenjiArai 0:5b88d5760320 670 {
kenjiArai 0:5b88d5760320 671 while( length-- )
kenjiArai 0:5b88d5760320 672 {
kenjiArai 0:5b88d5760320 673 if( n == 0 )
kenjiArai 0:5b88d5760320 674 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
kenjiArai 0:5b88d5760320 675
kenjiArai 0:5b88d5760320 676 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
kenjiArai 0:5b88d5760320 677
kenjiArai 0:5b88d5760320 678 n = ( n + 1 ) & 0x0F;
kenjiArai 0:5b88d5760320 679 }
kenjiArai 0:5b88d5760320 680 }
kenjiArai 0:5b88d5760320 681
kenjiArai 0:5b88d5760320 682 *iv_off = n;
kenjiArai 0:5b88d5760320 683
kenjiArai 0:5b88d5760320 684 return( 0 );
kenjiArai 0:5b88d5760320 685 }
kenjiArai 0:5b88d5760320 686 #endif /* MBEDTLS_CIPHER_MODE_CFB */
kenjiArai 0:5b88d5760320 687
kenjiArai 0:5b88d5760320 688 #if defined(MBEDTLS_CIPHER_MODE_CTR)
kenjiArai 0:5b88d5760320 689 /*
kenjiArai 0:5b88d5760320 690 * Camellia-CTR buffer encryption/decryption
kenjiArai 0:5b88d5760320 691 */
kenjiArai 0:5b88d5760320 692 int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
kenjiArai 0:5b88d5760320 693 size_t length,
kenjiArai 0:5b88d5760320 694 size_t *nc_off,
kenjiArai 0:5b88d5760320 695 unsigned char nonce_counter[16],
kenjiArai 0:5b88d5760320 696 unsigned char stream_block[16],
kenjiArai 0:5b88d5760320 697 const unsigned char *input,
kenjiArai 0:5b88d5760320 698 unsigned char *output )
kenjiArai 0:5b88d5760320 699 {
kenjiArai 0:5b88d5760320 700 int c, i;
kenjiArai 0:5b88d5760320 701 size_t n;
kenjiArai 0:5b88d5760320 702 CAMELLIA_VALIDATE_RET( ctx != NULL );
kenjiArai 0:5b88d5760320 703 CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
kenjiArai 0:5b88d5760320 704 CAMELLIA_VALIDATE_RET( stream_block != NULL );
kenjiArai 0:5b88d5760320 705 CAMELLIA_VALIDATE_RET( nc_off != NULL );
kenjiArai 0:5b88d5760320 706 CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
kenjiArai 0:5b88d5760320 707 CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
kenjiArai 0:5b88d5760320 708
kenjiArai 0:5b88d5760320 709 n = *nc_off;
kenjiArai 0:5b88d5760320 710 if( n >= 16 )
kenjiArai 0:5b88d5760320 711 return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
kenjiArai 0:5b88d5760320 712
kenjiArai 0:5b88d5760320 713 while( length-- )
kenjiArai 0:5b88d5760320 714 {
kenjiArai 0:5b88d5760320 715 if( n == 0 ) {
kenjiArai 0:5b88d5760320 716 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
kenjiArai 0:5b88d5760320 717 stream_block );
kenjiArai 0:5b88d5760320 718
kenjiArai 0:5b88d5760320 719 for( i = 16; i > 0; i-- )
kenjiArai 0:5b88d5760320 720 if( ++nonce_counter[i - 1] != 0 )
kenjiArai 0:5b88d5760320 721 break;
kenjiArai 0:5b88d5760320 722 }
kenjiArai 0:5b88d5760320 723 c = *input++;
kenjiArai 0:5b88d5760320 724 *output++ = (unsigned char)( c ^ stream_block[n] );
kenjiArai 0:5b88d5760320 725
kenjiArai 0:5b88d5760320 726 n = ( n + 1 ) & 0x0F;
kenjiArai 0:5b88d5760320 727 }
kenjiArai 0:5b88d5760320 728
kenjiArai 0:5b88d5760320 729 *nc_off = n;
kenjiArai 0:5b88d5760320 730
kenjiArai 0:5b88d5760320 731 return( 0 );
kenjiArai 0:5b88d5760320 732 }
kenjiArai 0:5b88d5760320 733 #endif /* MBEDTLS_CIPHER_MODE_CTR */
kenjiArai 0:5b88d5760320 734 #endif /* !MBEDTLS_CAMELLIA_ALT */
kenjiArai 0:5b88d5760320 735
kenjiArai 0:5b88d5760320 736 #if defined(MBEDTLS_SELF_TEST)
kenjiArai 0:5b88d5760320 737
kenjiArai 0:5b88d5760320 738 /*
kenjiArai 0:5b88d5760320 739 * Camellia test vectors from:
kenjiArai 0:5b88d5760320 740 *
kenjiArai 0:5b88d5760320 741 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
kenjiArai 0:5b88d5760320 742 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
kenjiArai 0:5b88d5760320 743 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
kenjiArai 0:5b88d5760320 744 * (For each bitlength: Key 0, Nr 39)
kenjiArai 0:5b88d5760320 745 */
kenjiArai 0:5b88d5760320 746 #define CAMELLIA_TESTS_ECB 2
kenjiArai 0:5b88d5760320 747
kenjiArai 0:5b88d5760320 748 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
kenjiArai 0:5b88d5760320 749 {
kenjiArai 0:5b88d5760320 750 {
kenjiArai 0:5b88d5760320 751 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
kenjiArai 0:5b88d5760320 752 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
kenjiArai 0:5b88d5760320 753 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 754 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
kenjiArai 0:5b88d5760320 755 },
kenjiArai 0:5b88d5760320 756 {
kenjiArai 0:5b88d5760320 757 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
kenjiArai 0:5b88d5760320 758 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
kenjiArai 0:5b88d5760320 759 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
kenjiArai 0:5b88d5760320 760 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 761 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 762 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
kenjiArai 0:5b88d5760320 763 },
kenjiArai 0:5b88d5760320 764 {
kenjiArai 0:5b88d5760320 765 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
kenjiArai 0:5b88d5760320 766 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
kenjiArai 0:5b88d5760320 767 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
kenjiArai 0:5b88d5760320 768 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
kenjiArai 0:5b88d5760320 769 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 770 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 771 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 772 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
kenjiArai 0:5b88d5760320 773 },
kenjiArai 0:5b88d5760320 774 };
kenjiArai 0:5b88d5760320 775
kenjiArai 0:5b88d5760320 776 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
kenjiArai 0:5b88d5760320 777 {
kenjiArai 0:5b88d5760320 778 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
kenjiArai 0:5b88d5760320 779 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
kenjiArai 0:5b88d5760320 780 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 781 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
kenjiArai 0:5b88d5760320 782 };
kenjiArai 0:5b88d5760320 783
kenjiArai 0:5b88d5760320 784 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
kenjiArai 0:5b88d5760320 785 {
kenjiArai 0:5b88d5760320 786 {
kenjiArai 0:5b88d5760320 787 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
kenjiArai 0:5b88d5760320 788 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
kenjiArai 0:5b88d5760320 789 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
kenjiArai 0:5b88d5760320 790 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
kenjiArai 0:5b88d5760320 791 },
kenjiArai 0:5b88d5760320 792 {
kenjiArai 0:5b88d5760320 793 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
kenjiArai 0:5b88d5760320 794 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
kenjiArai 0:5b88d5760320 795 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
kenjiArai 0:5b88d5760320 796 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
kenjiArai 0:5b88d5760320 797 },
kenjiArai 0:5b88d5760320 798 {
kenjiArai 0:5b88d5760320 799 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
kenjiArai 0:5b88d5760320 800 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
kenjiArai 0:5b88d5760320 801 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
kenjiArai 0:5b88d5760320 802 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
kenjiArai 0:5b88d5760320 803 }
kenjiArai 0:5b88d5760320 804 };
kenjiArai 0:5b88d5760320 805
kenjiArai 0:5b88d5760320 806 #if defined(MBEDTLS_CIPHER_MODE_CBC)
kenjiArai 0:5b88d5760320 807 #define CAMELLIA_TESTS_CBC 3
kenjiArai 0:5b88d5760320 808
kenjiArai 0:5b88d5760320 809 static const unsigned char camellia_test_cbc_key[3][32] =
kenjiArai 0:5b88d5760320 810 {
kenjiArai 0:5b88d5760320 811 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
kenjiArai 0:5b88d5760320 812 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
kenjiArai 0:5b88d5760320 813 ,
kenjiArai 0:5b88d5760320 814 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
kenjiArai 0:5b88d5760320 815 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
kenjiArai 0:5b88d5760320 816 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
kenjiArai 0:5b88d5760320 817 ,
kenjiArai 0:5b88d5760320 818 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
kenjiArai 0:5b88d5760320 819 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
kenjiArai 0:5b88d5760320 820 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
kenjiArai 0:5b88d5760320 821 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
kenjiArai 0:5b88d5760320 822 };
kenjiArai 0:5b88d5760320 823
kenjiArai 0:5b88d5760320 824 static const unsigned char camellia_test_cbc_iv[16] =
kenjiArai 0:5b88d5760320 825
kenjiArai 0:5b88d5760320 826 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
kenjiArai 0:5b88d5760320 827 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
kenjiArai 0:5b88d5760320 828 ;
kenjiArai 0:5b88d5760320 829
kenjiArai 0:5b88d5760320 830 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
kenjiArai 0:5b88d5760320 831 {
kenjiArai 0:5b88d5760320 832 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
kenjiArai 0:5b88d5760320 833 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
kenjiArai 0:5b88d5760320 834 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
kenjiArai 0:5b88d5760320 835 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
kenjiArai 0:5b88d5760320 836 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
kenjiArai 0:5b88d5760320 837 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
kenjiArai 0:5b88d5760320 838
kenjiArai 0:5b88d5760320 839 };
kenjiArai 0:5b88d5760320 840
kenjiArai 0:5b88d5760320 841 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
kenjiArai 0:5b88d5760320 842 {
kenjiArai 0:5b88d5760320 843 {
kenjiArai 0:5b88d5760320 844 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
kenjiArai 0:5b88d5760320 845 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
kenjiArai 0:5b88d5760320 846 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
kenjiArai 0:5b88d5760320 847 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
kenjiArai 0:5b88d5760320 848 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
kenjiArai 0:5b88d5760320 849 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
kenjiArai 0:5b88d5760320 850 },
kenjiArai 0:5b88d5760320 851 {
kenjiArai 0:5b88d5760320 852 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
kenjiArai 0:5b88d5760320 853 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
kenjiArai 0:5b88d5760320 854 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
kenjiArai 0:5b88d5760320 855 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
kenjiArai 0:5b88d5760320 856 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
kenjiArai 0:5b88d5760320 857 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
kenjiArai 0:5b88d5760320 858 },
kenjiArai 0:5b88d5760320 859 {
kenjiArai 0:5b88d5760320 860 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
kenjiArai 0:5b88d5760320 861 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
kenjiArai 0:5b88d5760320 862 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
kenjiArai 0:5b88d5760320 863 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
kenjiArai 0:5b88d5760320 864 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
kenjiArai 0:5b88d5760320 865 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
kenjiArai 0:5b88d5760320 866 }
kenjiArai 0:5b88d5760320 867 };
kenjiArai 0:5b88d5760320 868 #endif /* MBEDTLS_CIPHER_MODE_CBC */
kenjiArai 0:5b88d5760320 869
kenjiArai 0:5b88d5760320 870 #if defined(MBEDTLS_CIPHER_MODE_CTR)
kenjiArai 0:5b88d5760320 871 /*
kenjiArai 0:5b88d5760320 872 * Camellia-CTR test vectors from:
kenjiArai 0:5b88d5760320 873 *
kenjiArai 0:5b88d5760320 874 * http://www.faqs.org/rfcs/rfc5528.html
kenjiArai 0:5b88d5760320 875 */
kenjiArai 0:5b88d5760320 876
kenjiArai 0:5b88d5760320 877 static const unsigned char camellia_test_ctr_key[3][16] =
kenjiArai 0:5b88d5760320 878 {
kenjiArai 0:5b88d5760320 879 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
kenjiArai 0:5b88d5760320 880 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
kenjiArai 0:5b88d5760320 881 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
kenjiArai 0:5b88d5760320 882 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
kenjiArai 0:5b88d5760320 883 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
kenjiArai 0:5b88d5760320 884 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
kenjiArai 0:5b88d5760320 885 };
kenjiArai 0:5b88d5760320 886
kenjiArai 0:5b88d5760320 887 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
kenjiArai 0:5b88d5760320 888 {
kenjiArai 0:5b88d5760320 889 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
kenjiArai 0:5b88d5760320 890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
kenjiArai 0:5b88d5760320 891 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
kenjiArai 0:5b88d5760320 892 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
kenjiArai 0:5b88d5760320 893 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
kenjiArai 0:5b88d5760320 894 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
kenjiArai 0:5b88d5760320 895 };
kenjiArai 0:5b88d5760320 896
kenjiArai 0:5b88d5760320 897 static const unsigned char camellia_test_ctr_pt[3][48] =
kenjiArai 0:5b88d5760320 898 {
kenjiArai 0:5b88d5760320 899 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
kenjiArai 0:5b88d5760320 900 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
kenjiArai 0:5b88d5760320 901
kenjiArai 0:5b88d5760320 902 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
kenjiArai 0:5b88d5760320 903 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
kenjiArai 0:5b88d5760320 904 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
kenjiArai 0:5b88d5760320 905 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
kenjiArai 0:5b88d5760320 906
kenjiArai 0:5b88d5760320 907 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
kenjiArai 0:5b88d5760320 908 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
kenjiArai 0:5b88d5760320 909 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
kenjiArai 0:5b88d5760320 910 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
kenjiArai 0:5b88d5760320 911 0x20, 0x21, 0x22, 0x23 }
kenjiArai 0:5b88d5760320 912 };
kenjiArai 0:5b88d5760320 913
kenjiArai 0:5b88d5760320 914 static const unsigned char camellia_test_ctr_ct[3][48] =
kenjiArai 0:5b88d5760320 915 {
kenjiArai 0:5b88d5760320 916 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
kenjiArai 0:5b88d5760320 917 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
kenjiArai 0:5b88d5760320 918 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
kenjiArai 0:5b88d5760320 919 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
kenjiArai 0:5b88d5760320 920 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
kenjiArai 0:5b88d5760320 921 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
kenjiArai 0:5b88d5760320 922 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
kenjiArai 0:5b88d5760320 923 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
kenjiArai 0:5b88d5760320 924 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
kenjiArai 0:5b88d5760320 925 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
kenjiArai 0:5b88d5760320 926 0xDF, 0x50, 0x86, 0x96 }
kenjiArai 0:5b88d5760320 927 };
kenjiArai 0:5b88d5760320 928
kenjiArai 0:5b88d5760320 929 static const int camellia_test_ctr_len[3] =
kenjiArai 0:5b88d5760320 930 { 16, 32, 36 };
kenjiArai 0:5b88d5760320 931 #endif /* MBEDTLS_CIPHER_MODE_CTR */
kenjiArai 0:5b88d5760320 932
kenjiArai 0:5b88d5760320 933 /*
kenjiArai 0:5b88d5760320 934 * Checkup routine
kenjiArai 0:5b88d5760320 935 */
kenjiArai 0:5b88d5760320 936 int mbedtls_camellia_self_test( int verbose )
kenjiArai 0:5b88d5760320 937 {
kenjiArai 0:5b88d5760320 938 int i, j, u, v;
kenjiArai 0:5b88d5760320 939 unsigned char key[32];
kenjiArai 0:5b88d5760320 940 unsigned char buf[64];
kenjiArai 0:5b88d5760320 941 unsigned char src[16];
kenjiArai 0:5b88d5760320 942 unsigned char dst[16];
kenjiArai 0:5b88d5760320 943 #if defined(MBEDTLS_CIPHER_MODE_CBC)
kenjiArai 0:5b88d5760320 944 unsigned char iv[16];
kenjiArai 0:5b88d5760320 945 #endif
kenjiArai 0:5b88d5760320 946 #if defined(MBEDTLS_CIPHER_MODE_CTR)
kenjiArai 0:5b88d5760320 947 size_t offset, len;
kenjiArai 0:5b88d5760320 948 unsigned char nonce_counter[16];
kenjiArai 0:5b88d5760320 949 unsigned char stream_block[16];
kenjiArai 0:5b88d5760320 950 #endif
kenjiArai 0:5b88d5760320 951
kenjiArai 0:5b88d5760320 952 mbedtls_camellia_context ctx;
kenjiArai 0:5b88d5760320 953
kenjiArai 0:5b88d5760320 954 memset( key, 0, 32 );
kenjiArai 0:5b88d5760320 955
kenjiArai 0:5b88d5760320 956 for( j = 0; j < 6; j++ ) {
kenjiArai 0:5b88d5760320 957 u = j >> 1;
kenjiArai 0:5b88d5760320 958 v = j & 1;
kenjiArai 0:5b88d5760320 959
kenjiArai 0:5b88d5760320 960 if( verbose != 0 )
kenjiArai 0:5b88d5760320 961 mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
kenjiArai 0:5b88d5760320 962 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
kenjiArai 0:5b88d5760320 963
kenjiArai 0:5b88d5760320 964 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
kenjiArai 0:5b88d5760320 965 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
kenjiArai 0:5b88d5760320 966
kenjiArai 0:5b88d5760320 967 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
kenjiArai 0:5b88d5760320 968 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
kenjiArai 0:5b88d5760320 969 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
kenjiArai 0:5b88d5760320 970 memcpy( dst, camellia_test_ecb_plain[i], 16 );
kenjiArai 0:5b88d5760320 971 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
kenjiArai 0:5b88d5760320 972 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
kenjiArai 0:5b88d5760320 973 memcpy( src, camellia_test_ecb_plain[i], 16 );
kenjiArai 0:5b88d5760320 974 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
kenjiArai 0:5b88d5760320 975 }
kenjiArai 0:5b88d5760320 976
kenjiArai 0:5b88d5760320 977 mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
kenjiArai 0:5b88d5760320 978
kenjiArai 0:5b88d5760320 979 if( memcmp( buf, dst, 16 ) != 0 )
kenjiArai 0:5b88d5760320 980 {
kenjiArai 0:5b88d5760320 981 if( verbose != 0 )
kenjiArai 0:5b88d5760320 982 mbedtls_printf( "failed\n" );
kenjiArai 0:5b88d5760320 983
kenjiArai 0:5b88d5760320 984 return( 1 );
kenjiArai 0:5b88d5760320 985 }
kenjiArai 0:5b88d5760320 986 }
kenjiArai 0:5b88d5760320 987
kenjiArai 0:5b88d5760320 988 if( verbose != 0 )
kenjiArai 0:5b88d5760320 989 mbedtls_printf( "passed\n" );
kenjiArai 0:5b88d5760320 990 }
kenjiArai 0:5b88d5760320 991
kenjiArai 0:5b88d5760320 992 if( verbose != 0 )
kenjiArai 0:5b88d5760320 993 mbedtls_printf( "\n" );
kenjiArai 0:5b88d5760320 994
kenjiArai 0:5b88d5760320 995 #if defined(MBEDTLS_CIPHER_MODE_CBC)
kenjiArai 0:5b88d5760320 996 /*
kenjiArai 0:5b88d5760320 997 * CBC mode
kenjiArai 0:5b88d5760320 998 */
kenjiArai 0:5b88d5760320 999 for( j = 0; j < 6; j++ )
kenjiArai 0:5b88d5760320 1000 {
kenjiArai 0:5b88d5760320 1001 u = j >> 1;
kenjiArai 0:5b88d5760320 1002 v = j & 1;
kenjiArai 0:5b88d5760320 1003
kenjiArai 0:5b88d5760320 1004 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1005 mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
kenjiArai 0:5b88d5760320 1006 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
kenjiArai 0:5b88d5760320 1007
kenjiArai 0:5b88d5760320 1008 memcpy( src, camellia_test_cbc_iv, 16 );
kenjiArai 0:5b88d5760320 1009 memcpy( dst, camellia_test_cbc_iv, 16 );
kenjiArai 0:5b88d5760320 1010 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
kenjiArai 0:5b88d5760320 1011
kenjiArai 0:5b88d5760320 1012 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
kenjiArai 0:5b88d5760320 1013 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
kenjiArai 0:5b88d5760320 1014 } else {
kenjiArai 0:5b88d5760320 1015 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
kenjiArai 0:5b88d5760320 1016 }
kenjiArai 0:5b88d5760320 1017
kenjiArai 0:5b88d5760320 1018 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
kenjiArai 0:5b88d5760320 1019
kenjiArai 0:5b88d5760320 1020 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
kenjiArai 0:5b88d5760320 1021 memcpy( iv , src, 16 );
kenjiArai 0:5b88d5760320 1022 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
kenjiArai 0:5b88d5760320 1023 memcpy( dst, camellia_test_cbc_plain[i], 16 );
kenjiArai 0:5b88d5760320 1024 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
kenjiArai 0:5b88d5760320 1025 memcpy( iv , dst, 16 );
kenjiArai 0:5b88d5760320 1026 memcpy( src, camellia_test_cbc_plain[i], 16 );
kenjiArai 0:5b88d5760320 1027 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
kenjiArai 0:5b88d5760320 1028 }
kenjiArai 0:5b88d5760320 1029
kenjiArai 0:5b88d5760320 1030 mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
kenjiArai 0:5b88d5760320 1031
kenjiArai 0:5b88d5760320 1032 if( memcmp( buf, dst, 16 ) != 0 )
kenjiArai 0:5b88d5760320 1033 {
kenjiArai 0:5b88d5760320 1034 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1035 mbedtls_printf( "failed\n" );
kenjiArai 0:5b88d5760320 1036
kenjiArai 0:5b88d5760320 1037 return( 1 );
kenjiArai 0:5b88d5760320 1038 }
kenjiArai 0:5b88d5760320 1039 }
kenjiArai 0:5b88d5760320 1040
kenjiArai 0:5b88d5760320 1041 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1042 mbedtls_printf( "passed\n" );
kenjiArai 0:5b88d5760320 1043 }
kenjiArai 0:5b88d5760320 1044 #endif /* MBEDTLS_CIPHER_MODE_CBC */
kenjiArai 0:5b88d5760320 1045
kenjiArai 0:5b88d5760320 1046 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1047 mbedtls_printf( "\n" );
kenjiArai 0:5b88d5760320 1048
kenjiArai 0:5b88d5760320 1049 #if defined(MBEDTLS_CIPHER_MODE_CTR)
kenjiArai 0:5b88d5760320 1050 /*
kenjiArai 0:5b88d5760320 1051 * CTR mode
kenjiArai 0:5b88d5760320 1052 */
kenjiArai 0:5b88d5760320 1053 for( i = 0; i < 6; i++ )
kenjiArai 0:5b88d5760320 1054 {
kenjiArai 0:5b88d5760320 1055 u = i >> 1;
kenjiArai 0:5b88d5760320 1056 v = i & 1;
kenjiArai 0:5b88d5760320 1057
kenjiArai 0:5b88d5760320 1058 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1059 mbedtls_printf( " CAMELLIA-CTR-128 (%s): ",
kenjiArai 0:5b88d5760320 1060 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
kenjiArai 0:5b88d5760320 1061
kenjiArai 0:5b88d5760320 1062 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
kenjiArai 0:5b88d5760320 1063 memcpy( key, camellia_test_ctr_key[u], 16 );
kenjiArai 0:5b88d5760320 1064
kenjiArai 0:5b88d5760320 1065 offset = 0;
kenjiArai 0:5b88d5760320 1066 mbedtls_camellia_setkey_enc( &ctx, key, 128 );
kenjiArai 0:5b88d5760320 1067
kenjiArai 0:5b88d5760320 1068 if( v == MBEDTLS_CAMELLIA_DECRYPT )
kenjiArai 0:5b88d5760320 1069 {
kenjiArai 0:5b88d5760320 1070 len = camellia_test_ctr_len[u];
kenjiArai 0:5b88d5760320 1071 memcpy( buf, camellia_test_ctr_ct[u], len );
kenjiArai 0:5b88d5760320 1072
kenjiArai 0:5b88d5760320 1073 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
kenjiArai 0:5b88d5760320 1074 buf, buf );
kenjiArai 0:5b88d5760320 1075
kenjiArai 0:5b88d5760320 1076 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
kenjiArai 0:5b88d5760320 1077 {
kenjiArai 0:5b88d5760320 1078 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1079 mbedtls_printf( "failed\n" );
kenjiArai 0:5b88d5760320 1080
kenjiArai 0:5b88d5760320 1081 return( 1 );
kenjiArai 0:5b88d5760320 1082 }
kenjiArai 0:5b88d5760320 1083 }
kenjiArai 0:5b88d5760320 1084 else
kenjiArai 0:5b88d5760320 1085 {
kenjiArai 0:5b88d5760320 1086 len = camellia_test_ctr_len[u];
kenjiArai 0:5b88d5760320 1087 memcpy( buf, camellia_test_ctr_pt[u], len );
kenjiArai 0:5b88d5760320 1088
kenjiArai 0:5b88d5760320 1089 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
kenjiArai 0:5b88d5760320 1090 buf, buf );
kenjiArai 0:5b88d5760320 1091
kenjiArai 0:5b88d5760320 1092 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
kenjiArai 0:5b88d5760320 1093 {
kenjiArai 0:5b88d5760320 1094 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1095 mbedtls_printf( "failed\n" );
kenjiArai 0:5b88d5760320 1096
kenjiArai 0:5b88d5760320 1097 return( 1 );
kenjiArai 0:5b88d5760320 1098 }
kenjiArai 0:5b88d5760320 1099 }
kenjiArai 0:5b88d5760320 1100
kenjiArai 0:5b88d5760320 1101 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1102 mbedtls_printf( "passed\n" );
kenjiArai 0:5b88d5760320 1103 }
kenjiArai 0:5b88d5760320 1104
kenjiArai 0:5b88d5760320 1105 if( verbose != 0 )
kenjiArai 0:5b88d5760320 1106 mbedtls_printf( "\n" );
kenjiArai 0:5b88d5760320 1107 #endif /* MBEDTLS_CIPHER_MODE_CTR */
kenjiArai 0:5b88d5760320 1108
kenjiArai 0:5b88d5760320 1109 return( 0 );
kenjiArai 0:5b88d5760320 1110 }
kenjiArai 0:5b88d5760320 1111
kenjiArai 0:5b88d5760320 1112 #endif /* MBEDTLS_SELF_TEST */
kenjiArai 0:5b88d5760320 1113
kenjiArai 0:5b88d5760320 1114 #endif /* MBEDTLS_CAMELLIA_C */