Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
camellia.c
00001 /* 00002 * Camellia implementation 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * The Camellia block cipher was designed by NTT and Mitsubishi Electric 00023 * Corporation. 00024 * 00025 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf 00026 */ 00027 00028 #if !defined(MBEDTLS_CONFIG_FILE) 00029 #include "mbedtls/config.h" 00030 #else 00031 #include MBEDTLS_CONFIG_FILE 00032 #endif 00033 00034 #if defined(MBEDTLS_CAMELLIA_C) 00035 00036 #include "mbedtls/camellia.h" 00037 #include "mbedtls/platform_util.h" 00038 00039 #include <string.h> 00040 00041 #if defined(MBEDTLS_SELF_TEST) 00042 #if defined(MBEDTLS_PLATFORM_C) 00043 #include "mbedtls/platform.h" 00044 #else 00045 #include <stdio.h> 00046 #define mbedtls_printf printf 00047 #endif /* MBEDTLS_PLATFORM_C */ 00048 #endif /* MBEDTLS_SELF_TEST */ 00049 00050 #if !defined(MBEDTLS_CAMELLIA_ALT) 00051 00052 /* Parameter validation macros */ 00053 #define CAMELLIA_VALIDATE_RET( cond ) \ 00054 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ) 00055 #define CAMELLIA_VALIDATE( cond ) \ 00056 MBEDTLS_INTERNAL_VALIDATE( cond ) 00057 00058 /* 00059 * 32-bit integer manipulation macros (big endian) 00060 */ 00061 #ifndef GET_UINT32_BE 00062 #define GET_UINT32_BE(n,b,i) \ 00063 { \ 00064 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00065 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00066 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00067 | ( (uint32_t) (b)[(i) + 3] ); \ 00068 } 00069 #endif 00070 00071 #ifndef PUT_UINT32_BE 00072 #define PUT_UINT32_BE(n,b,i) \ 00073 { \ 00074 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00075 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00076 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00077 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00078 } 00079 #endif 00080 00081 static const unsigned char SIGMA_CHARS[6][8] = 00082 { 00083 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, 00084 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 }, 00085 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe }, 00086 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c }, 00087 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d }, 00088 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd } 00089 }; 00090 00091 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) 00092 00093 static const unsigned char FSb[256] = 00094 { 00095 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, 00096 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, 00097 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, 00098 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, 00099 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, 00100 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, 00101 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, 00102 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, 00103 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, 00104 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, 00105 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, 00106 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, 00107 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, 00108 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, 00109 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, 00110 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 00111 }; 00112 00113 #define SBOX1(n) FSb[(n)] 00114 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) 00115 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) 00116 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff] 00117 00118 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ 00119 00120 static const unsigned char FSb[256] = 00121 { 00122 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, 00123 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, 00124 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, 00125 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, 00126 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, 00127 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, 00128 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, 00129 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, 00130 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, 00131 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 00132 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 00133 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 00134 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 00135 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 00136 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, 00137 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 00138 }; 00139 00140 static const unsigned char FSb2[256] = 00141 { 00142 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, 00143 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, 00144 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, 00145 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, 00146 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, 00147 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, 00148 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, 00149 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, 00150 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, 00151 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, 00152 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, 00153 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, 00154 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, 00155 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, 00156 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, 00157 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 00158 }; 00159 00160 static const unsigned char FSb3[256] = 00161 { 00162 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, 00163 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, 00164 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, 00165 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, 00166 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, 00167 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, 00168 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, 00169 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, 00170 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, 00171 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, 00172 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, 00173 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, 00174 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, 00175 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, 00176 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, 00177 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 00178 }; 00179 00180 static const unsigned char FSb4[256] = 00181 { 00182 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, 00183 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, 00184 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, 00185 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, 00186 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, 00187 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, 00188 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, 00189 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, 00190 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, 00191 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, 00192 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, 00193 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, 00194 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, 00195 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, 00196 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, 00197 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 00198 }; 00199 00200 #define SBOX1(n) FSb[(n)] 00201 #define SBOX2(n) FSb2[(n)] 00202 #define SBOX3(n) FSb3[(n)] 00203 #define SBOX4(n) FSb4[(n)] 00204 00205 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ 00206 00207 static const unsigned char shifts[2][4][4] = 00208 { 00209 { 00210 { 1, 1, 1, 1 }, /* KL */ 00211 { 0, 0, 0, 0 }, /* KR */ 00212 { 1, 1, 1, 1 }, /* KA */ 00213 { 0, 0, 0, 0 } /* KB */ 00214 }, 00215 { 00216 { 1, 0, 1, 1 }, /* KL */ 00217 { 1, 1, 0, 1 }, /* KR */ 00218 { 1, 1, 1, 0 }, /* KA */ 00219 { 1, 1, 0, 1 } /* KB */ 00220 } 00221 }; 00222 00223 static const signed char indexes[2][4][20] = 00224 { 00225 { 00226 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, 00227 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ 00228 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00229 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ 00230 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, 00231 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ 00232 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00233 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ 00234 }, 00235 { 00236 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, 00237 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ 00238 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, 00239 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ 00240 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, 00241 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ 00242 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, 00243 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ 00244 } 00245 }; 00246 00247 static const signed char transposes[2][20] = 00248 { 00249 { 00250 21, 22, 23, 20, 00251 -1, -1, -1, -1, 00252 18, 19, 16, 17, 00253 11, 8, 9, 10, 00254 15, 12, 13, 14 00255 }, 00256 { 00257 25, 26, 27, 24, 00258 29, 30, 31, 28, 00259 18, 19, 16, 17, 00260 -1, -1, -1, -1, 00261 -1, -1, -1, -1 00262 } 00263 }; 00264 00265 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */ 00266 #define ROTL(DEST, SRC, SHIFT) \ 00267 { \ 00268 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ 00269 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ 00270 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ 00271 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ 00272 } 00273 00274 #define FL(XL, XR, KL, KR) \ 00275 { \ 00276 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \ 00277 (XL) = ((XR) | (KR)) ^ (XL); \ 00278 } 00279 00280 #define FLInv(YL, YR, KL, KR) \ 00281 { \ 00282 (YL) = ((YR) | (KR)) ^ (YL); \ 00283 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \ 00284 } 00285 00286 #define SHIFT_AND_PLACE(INDEX, OFFSET) \ 00287 { \ 00288 TK[0] = KC[(OFFSET) * 4 + 0]; \ 00289 TK[1] = KC[(OFFSET) * 4 + 1]; \ 00290 TK[2] = KC[(OFFSET) * 4 + 2]; \ 00291 TK[3] = KC[(OFFSET) * 4 + 3]; \ 00292 \ 00293 for( i = 1; i <= 4; i++ ) \ 00294 if( shifts[(INDEX)][(OFFSET)][i -1] ) \ 00295 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \ 00296 \ 00297 for( i = 0; i < 20; i++ ) \ 00298 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \ 00299 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \ 00300 } \ 00301 } 00302 00303 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], 00304 uint32_t z[2]) 00305 { 00306 uint32_t I0, I1; 00307 I0 = x[0] ^ k[0]; 00308 I1 = x[1] ^ k[1]; 00309 00310 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | 00311 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | 00312 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | 00313 ((uint32_t) SBOX4((I0 ) & 0xFF) ); 00314 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | 00315 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | 00316 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | 00317 ((uint32_t) SBOX1((I1 ) & 0xFF) ); 00318 00319 I0 ^= (I1 << 8) | (I1 >> 24); 00320 I1 ^= (I0 << 16) | (I0 >> 16); 00321 I0 ^= (I1 >> 8) | (I1 << 24); 00322 I1 ^= (I0 >> 8) | (I0 << 24); 00323 00324 z[0] ^= I1; 00325 z[1] ^= I0; 00326 } 00327 00328 void mbedtls_camellia_init( mbedtls_camellia_context *ctx ) 00329 { 00330 CAMELLIA_VALIDATE( ctx != NULL ); 00331 memset( ctx, 0, sizeof( mbedtls_camellia_context ) ); 00332 } 00333 00334 void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) 00335 { 00336 if( ctx == NULL ) 00337 return; 00338 00339 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); 00340 } 00341 00342 /* 00343 * Camellia key schedule (encryption) 00344 */ 00345 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, 00346 const unsigned char *key, 00347 unsigned int keybits ) 00348 { 00349 int idx; 00350 size_t i; 00351 uint32_t *RK; 00352 unsigned char t[64]; 00353 uint32_t SIGMA[6][2]; 00354 uint32_t KC[16]; 00355 uint32_t TK[20]; 00356 00357 CAMELLIA_VALIDATE_RET( ctx != NULL ); 00358 CAMELLIA_VALIDATE_RET( key != NULL ); 00359 00360 RK = ctx->rk ; 00361 00362 memset( t, 0, 64 ); 00363 memset( RK, 0, sizeof(ctx->rk ) ); 00364 00365 switch( keybits ) 00366 { 00367 case 128: ctx->nr = 3; idx = 0; break; 00368 case 192: 00369 case 256: ctx->nr = 4; idx = 1; break; 00370 default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); 00371 } 00372 00373 for( i = 0; i < keybits / 8; ++i ) 00374 t[i] = key[i]; 00375 00376 if( keybits == 192 ) { 00377 for( i = 0; i < 8; i++ ) 00378 t[24 + i] = ~t[16 + i]; 00379 } 00380 00381 /* 00382 * Prepare SIGMA values 00383 */ 00384 for( i = 0; i < 6; i++ ) { 00385 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 ); 00386 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 ); 00387 } 00388 00389 /* 00390 * Key storage in KC 00391 * Order: KL, KR, KA, KB 00392 */ 00393 memset( KC, 0, sizeof(KC) ); 00394 00395 /* Store KL, KR */ 00396 for( i = 0; i < 8; i++ ) 00397 GET_UINT32_BE( KC[i], t, i * 4 ); 00398 00399 /* Generate KA */ 00400 for( i = 0; i < 4; ++i ) 00401 KC[8 + i] = KC[i] ^ KC[4 + i]; 00402 00403 camellia_feistel( KC + 8, SIGMA[0], KC + 10 ); 00404 camellia_feistel( KC + 10, SIGMA[1], KC + 8 ); 00405 00406 for( i = 0; i < 4; ++i ) 00407 KC[8 + i] ^= KC[i]; 00408 00409 camellia_feistel( KC + 8, SIGMA[2], KC + 10 ); 00410 camellia_feistel( KC + 10, SIGMA[3], KC + 8 ); 00411 00412 if( keybits > 128 ) { 00413 /* Generate KB */ 00414 for( i = 0; i < 4; ++i ) 00415 KC[12 + i] = KC[4 + i] ^ KC[8 + i]; 00416 00417 camellia_feistel( KC + 12, SIGMA[4], KC + 14 ); 00418 camellia_feistel( KC + 14, SIGMA[5], KC + 12 ); 00419 } 00420 00421 /* 00422 * Generating subkeys 00423 */ 00424 00425 /* Manipulating KL */ 00426 SHIFT_AND_PLACE( idx, 0 ); 00427 00428 /* Manipulating KR */ 00429 if( keybits > 128 ) { 00430 SHIFT_AND_PLACE( idx, 1 ); 00431 } 00432 00433 /* Manipulating KA */ 00434 SHIFT_AND_PLACE( idx, 2 ); 00435 00436 /* Manipulating KB */ 00437 if( keybits > 128 ) { 00438 SHIFT_AND_PLACE( idx, 3 ); 00439 } 00440 00441 /* Do transpositions */ 00442 for( i = 0; i < 20; i++ ) { 00443 if( transposes[idx][i] != -1 ) { 00444 RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; 00445 } 00446 } 00447 00448 return( 0 ); 00449 } 00450 00451 /* 00452 * Camellia key schedule (decryption) 00453 */ 00454 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, 00455 const unsigned char *key, 00456 unsigned int keybits ) 00457 { 00458 int idx, ret; 00459 size_t i; 00460 mbedtls_camellia_context cty; 00461 uint32_t *RK; 00462 uint32_t *SK; 00463 CAMELLIA_VALIDATE_RET( ctx != NULL ); 00464 CAMELLIA_VALIDATE_RET( key != NULL ); 00465 00466 mbedtls_camellia_init( &cty ); 00467 00468 /* Also checks keybits */ 00469 if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 ) 00470 goto exit; 00471 00472 ctx->nr = cty.nr ; 00473 idx = ( ctx->nr == 4 ); 00474 00475 RK = ctx->rk ; 00476 SK = cty.rk + 24 * 2 + 8 * idx * 2; 00477 00478 *RK++ = *SK++; 00479 *RK++ = *SK++; 00480 *RK++ = *SK++; 00481 *RK++ = *SK++; 00482 00483 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 ) 00484 { 00485 *RK++ = *SK++; 00486 *RK++ = *SK++; 00487 } 00488 00489 SK -= 2; 00490 00491 *RK++ = *SK++; 00492 *RK++ = *SK++; 00493 *RK++ = *SK++; 00494 *RK++ = *SK++; 00495 00496 exit: 00497 mbedtls_camellia_free( &cty ); 00498 00499 return( ret ); 00500 } 00501 00502 /* 00503 * Camellia-ECB block encryption/decryption 00504 */ 00505 int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, 00506 int mode, 00507 const unsigned char input[16], 00508 unsigned char output[16] ) 00509 { 00510 int NR; 00511 uint32_t *RK, X[4]; 00512 CAMELLIA_VALIDATE_RET( ctx != NULL ); 00513 CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || 00514 mode == MBEDTLS_CAMELLIA_DECRYPT ); 00515 CAMELLIA_VALIDATE_RET( input != NULL ); 00516 CAMELLIA_VALIDATE_RET( output != NULL ); 00517 00518 ( (void) mode ); 00519 00520 NR = ctx->nr ; 00521 RK = ctx->rk ; 00522 00523 GET_UINT32_BE( X[0], input, 0 ); 00524 GET_UINT32_BE( X[1], input, 4 ); 00525 GET_UINT32_BE( X[2], input, 8 ); 00526 GET_UINT32_BE( X[3], input, 12 ); 00527 00528 X[0] ^= *RK++; 00529 X[1] ^= *RK++; 00530 X[2] ^= *RK++; 00531 X[3] ^= *RK++; 00532 00533 while( NR ) { 00534 --NR; 00535 camellia_feistel( X, RK, X + 2 ); 00536 RK += 2; 00537 camellia_feistel( X + 2, RK, X ); 00538 RK += 2; 00539 camellia_feistel( X, RK, X + 2 ); 00540 RK += 2; 00541 camellia_feistel( X + 2, RK, X ); 00542 RK += 2; 00543 camellia_feistel( X, RK, X + 2 ); 00544 RK += 2; 00545 camellia_feistel( X + 2, RK, X ); 00546 RK += 2; 00547 00548 if( NR ) { 00549 FL(X[0], X[1], RK[0], RK[1]); 00550 RK += 2; 00551 FLInv(X[2], X[3], RK[0], RK[1]); 00552 RK += 2; 00553 } 00554 } 00555 00556 X[2] ^= *RK++; 00557 X[3] ^= *RK++; 00558 X[0] ^= *RK++; 00559 X[1] ^= *RK++; 00560 00561 PUT_UINT32_BE( X[2], output, 0 ); 00562 PUT_UINT32_BE( X[3], output, 4 ); 00563 PUT_UINT32_BE( X[0], output, 8 ); 00564 PUT_UINT32_BE( X[1], output, 12 ); 00565 00566 return( 0 ); 00567 } 00568 00569 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00570 /* 00571 * Camellia-CBC buffer encryption/decryption 00572 */ 00573 int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, 00574 int mode, 00575 size_t length, 00576 unsigned char iv[16], 00577 const unsigned char *input, 00578 unsigned char *output ) 00579 { 00580 int i; 00581 unsigned char temp[16]; 00582 CAMELLIA_VALIDATE_RET( ctx != NULL ); 00583 CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || 00584 mode == MBEDTLS_CAMELLIA_DECRYPT ); 00585 CAMELLIA_VALIDATE_RET( iv != NULL ); 00586 CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); 00587 CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); 00588 00589 if( length % 16 ) 00590 return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); 00591 00592 if( mode == MBEDTLS_CAMELLIA_DECRYPT ) 00593 { 00594 while( length > 0 ) 00595 { 00596 memcpy( temp, input, 16 ); 00597 mbedtls_camellia_crypt_ecb( ctx, mode, input, output ); 00598 00599 for( i = 0; i < 16; i++ ) 00600 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00601 00602 memcpy( iv, temp, 16 ); 00603 00604 input += 16; 00605 output += 16; 00606 length -= 16; 00607 } 00608 } 00609 else 00610 { 00611 while( length > 0 ) 00612 { 00613 for( i = 0; i < 16; i++ ) 00614 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00615 00616 mbedtls_camellia_crypt_ecb( ctx, mode, output, output ); 00617 memcpy( iv, output, 16 ); 00618 00619 input += 16; 00620 output += 16; 00621 length -= 16; 00622 } 00623 } 00624 00625 return( 0 ); 00626 } 00627 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00628 00629 #if defined(MBEDTLS_CIPHER_MODE_CFB) 00630 /* 00631 * Camellia-CFB128 buffer encryption/decryption 00632 */ 00633 int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, 00634 int mode, 00635 size_t length, 00636 size_t *iv_off, 00637 unsigned char iv[16], 00638 const unsigned char *input, 00639 unsigned char *output ) 00640 { 00641 int c; 00642 size_t n; 00643 CAMELLIA_VALIDATE_RET( ctx != NULL ); 00644 CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || 00645 mode == MBEDTLS_CAMELLIA_DECRYPT ); 00646 CAMELLIA_VALIDATE_RET( iv != NULL ); 00647 CAMELLIA_VALIDATE_RET( iv_off != NULL ); 00648 CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); 00649 CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); 00650 00651 n = *iv_off; 00652 if( n >= 16 ) 00653 return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); 00654 00655 if( mode == MBEDTLS_CAMELLIA_DECRYPT ) 00656 { 00657 while( length-- ) 00658 { 00659 if( n == 0 ) 00660 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); 00661 00662 c = *input++; 00663 *output++ = (unsigned char)( c ^ iv[n] ); 00664 iv[n] = (unsigned char) c; 00665 00666 n = ( n + 1 ) & 0x0F; 00667 } 00668 } 00669 else 00670 { 00671 while( length-- ) 00672 { 00673 if( n == 0 ) 00674 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); 00675 00676 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 00677 00678 n = ( n + 1 ) & 0x0F; 00679 } 00680 } 00681 00682 *iv_off = n; 00683 00684 return( 0 ); 00685 } 00686 #endif /* MBEDTLS_CIPHER_MODE_CFB */ 00687 00688 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00689 /* 00690 * Camellia-CTR buffer encryption/decryption 00691 */ 00692 int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, 00693 size_t length, 00694 size_t *nc_off, 00695 unsigned char nonce_counter[16], 00696 unsigned char stream_block[16], 00697 const unsigned char *input, 00698 unsigned char *output ) 00699 { 00700 int c, i; 00701 size_t n; 00702 CAMELLIA_VALIDATE_RET( ctx != NULL ); 00703 CAMELLIA_VALIDATE_RET( nonce_counter != NULL ); 00704 CAMELLIA_VALIDATE_RET( stream_block != NULL ); 00705 CAMELLIA_VALIDATE_RET( nc_off != NULL ); 00706 CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); 00707 CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); 00708 00709 n = *nc_off; 00710 if( n >= 16 ) 00711 return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); 00712 00713 while( length-- ) 00714 { 00715 if( n == 0 ) { 00716 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, 00717 stream_block ); 00718 00719 for( i = 16; i > 0; i-- ) 00720 if( ++nonce_counter[i - 1] != 0 ) 00721 break; 00722 } 00723 c = *input++; 00724 *output++ = (unsigned char)( c ^ stream_block[n] ); 00725 00726 n = ( n + 1 ) & 0x0F; 00727 } 00728 00729 *nc_off = n; 00730 00731 return( 0 ); 00732 } 00733 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00734 #endif /* !MBEDTLS_CAMELLIA_ALT */ 00735 00736 #if defined(MBEDTLS_SELF_TEST) 00737 00738 /* 00739 * Camellia test vectors from: 00740 * 00741 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html: 00742 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt 00743 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt 00744 * (For each bitlength: Key 0, Nr 39) 00745 */ 00746 #define CAMELLIA_TESTS_ECB 2 00747 00748 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = 00749 { 00750 { 00751 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00752 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00753 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00754 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00755 }, 00756 { 00757 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00758 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00759 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, 00760 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00761 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00762 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00763 }, 00764 { 00765 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00766 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00767 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 00768 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 00769 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00770 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00771 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00772 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00773 }, 00774 }; 00775 00776 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = 00777 { 00778 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00779 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00780 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 00781 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00782 }; 00783 00784 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = 00785 { 00786 { 00787 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 00788 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, 00789 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, 00790 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 } 00791 }, 00792 { 00793 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 00794 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, 00795 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, 00796 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 } 00797 }, 00798 { 00799 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 00800 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, 00801 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, 00802 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 } 00803 } 00804 }; 00805 00806 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00807 #define CAMELLIA_TESTS_CBC 3 00808 00809 static const unsigned char camellia_test_cbc_key[3][32] = 00810 { 00811 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 00812 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } 00813 , 00814 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 00815 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 00816 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } 00817 , 00818 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 00819 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 00820 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 00821 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 00822 }; 00823 00824 static const unsigned char camellia_test_cbc_iv[16] = 00825 00826 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00827 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } 00828 ; 00829 00830 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = 00831 { 00832 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 00833 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }, 00834 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 00835 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }, 00836 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 00837 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF } 00838 00839 }; 00840 00841 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = 00842 { 00843 { 00844 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, 00845 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB }, 00846 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, 00847 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 }, 00848 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, 00849 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 } 00850 }, 00851 { 00852 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, 00853 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 }, 00854 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, 00855 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 }, 00856 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, 00857 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 } 00858 }, 00859 { 00860 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, 00861 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA }, 00862 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, 00863 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 }, 00864 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, 00865 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } 00866 } 00867 }; 00868 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00869 00870 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00871 /* 00872 * Camellia-CTR test vectors from: 00873 * 00874 * http://www.faqs.org/rfcs/rfc5528.html 00875 */ 00876 00877 static const unsigned char camellia_test_ctr_key[3][16] = 00878 { 00879 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 00880 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 00881 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 00882 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 00883 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 00884 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 00885 }; 00886 00887 static const unsigned char camellia_test_ctr_nonce_counter[3][16] = 00888 { 00889 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 00890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 00891 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 00892 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 00893 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 00894 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 00895 }; 00896 00897 static const unsigned char camellia_test_ctr_pt[3][48] = 00898 { 00899 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 00900 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 00901 00902 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00903 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00904 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00905 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 00906 00907 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00908 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00909 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00910 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 00911 0x20, 0x21, 0x22, 0x23 } 00912 }; 00913 00914 static const unsigned char camellia_test_ctr_ct[3][48] = 00915 { 00916 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, 00917 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F }, 00918 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, 00919 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, 00920 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, 00921 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 }, 00922 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, 00923 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, 00924 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, 00925 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, 00926 0xDF, 0x50, 0x86, 0x96 } 00927 }; 00928 00929 static const int camellia_test_ctr_len[3] = 00930 { 16, 32, 36 }; 00931 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00932 00933 /* 00934 * Checkup routine 00935 */ 00936 int mbedtls_camellia_self_test( int verbose ) 00937 { 00938 int i, j, u, v; 00939 unsigned char key[32]; 00940 unsigned char buf[64]; 00941 unsigned char src[16]; 00942 unsigned char dst[16]; 00943 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00944 unsigned char iv[16]; 00945 #endif 00946 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00947 size_t offset, len; 00948 unsigned char nonce_counter[16]; 00949 unsigned char stream_block[16]; 00950 #endif 00951 00952 mbedtls_camellia_context ctx; 00953 00954 memset( key, 0, 32 ); 00955 00956 for( j = 0; j < 6; j++ ) { 00957 u = j >> 1; 00958 v = j & 1; 00959 00960 if( verbose != 0 ) 00961 mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, 00962 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); 00963 00964 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { 00965 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u ); 00966 00967 if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 00968 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); 00969 memcpy( src, camellia_test_ecb_cipher[u][i], 16 ); 00970 memcpy( dst, camellia_test_ecb_plain[i], 16 ); 00971 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ 00972 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); 00973 memcpy( src, camellia_test_ecb_plain[i], 16 ); 00974 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 ); 00975 } 00976 00977 mbedtls_camellia_crypt_ecb( &ctx, v, src, buf ); 00978 00979 if( memcmp( buf, dst, 16 ) != 0 ) 00980 { 00981 if( verbose != 0 ) 00982 mbedtls_printf( "failed\n" ); 00983 00984 return( 1 ); 00985 } 00986 } 00987 00988 if( verbose != 0 ) 00989 mbedtls_printf( "passed\n" ); 00990 } 00991 00992 if( verbose != 0 ) 00993 mbedtls_printf( "\n" ); 00994 00995 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00996 /* 00997 * CBC mode 00998 */ 00999 for( j = 0; j < 6; j++ ) 01000 { 01001 u = j >> 1; 01002 v = j & 1; 01003 01004 if( verbose != 0 ) 01005 mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, 01006 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 01007 01008 memcpy( src, camellia_test_cbc_iv, 16 ); 01009 memcpy( dst, camellia_test_cbc_iv, 16 ); 01010 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); 01011 01012 if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 01013 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); 01014 } else { 01015 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); 01016 } 01017 01018 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { 01019 01020 if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 01021 memcpy( iv , src, 16 ); 01022 memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); 01023 memcpy( dst, camellia_test_cbc_plain[i], 16 ); 01024 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ 01025 memcpy( iv , dst, 16 ); 01026 memcpy( src, camellia_test_cbc_plain[i], 16 ); 01027 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); 01028 } 01029 01030 mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); 01031 01032 if( memcmp( buf, dst, 16 ) != 0 ) 01033 { 01034 if( verbose != 0 ) 01035 mbedtls_printf( "failed\n" ); 01036 01037 return( 1 ); 01038 } 01039 } 01040 01041 if( verbose != 0 ) 01042 mbedtls_printf( "passed\n" ); 01043 } 01044 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 01045 01046 if( verbose != 0 ) 01047 mbedtls_printf( "\n" ); 01048 01049 #if defined(MBEDTLS_CIPHER_MODE_CTR) 01050 /* 01051 * CTR mode 01052 */ 01053 for( i = 0; i < 6; i++ ) 01054 { 01055 u = i >> 1; 01056 v = i & 1; 01057 01058 if( verbose != 0 ) 01059 mbedtls_printf( " CAMELLIA-CTR-128 (%s): ", 01060 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 01061 01062 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); 01063 memcpy( key, camellia_test_ctr_key[u], 16 ); 01064 01065 offset = 0; 01066 mbedtls_camellia_setkey_enc( &ctx, key, 128 ); 01067 01068 if( v == MBEDTLS_CAMELLIA_DECRYPT ) 01069 { 01070 len = camellia_test_ctr_len[u]; 01071 memcpy( buf, camellia_test_ctr_ct[u], len ); 01072 01073 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01074 buf, buf ); 01075 01076 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) 01077 { 01078 if( verbose != 0 ) 01079 mbedtls_printf( "failed\n" ); 01080 01081 return( 1 ); 01082 } 01083 } 01084 else 01085 { 01086 len = camellia_test_ctr_len[u]; 01087 memcpy( buf, camellia_test_ctr_pt[u], len ); 01088 01089 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 01090 buf, buf ); 01091 01092 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) 01093 { 01094 if( verbose != 0 ) 01095 mbedtls_printf( "failed\n" ); 01096 01097 return( 1 ); 01098 } 01099 } 01100 01101 if( verbose != 0 ) 01102 mbedtls_printf( "passed\n" ); 01103 } 01104 01105 if( verbose != 0 ) 01106 mbedtls_printf( "\n" ); 01107 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 01108 01109 return( 0 ); 01110 } 01111 01112 #endif /* MBEDTLS_SELF_TEST */ 01113 01114 #endif /* MBEDTLS_CAMELLIA_C */
Generated on Tue Jul 12 2022 13:54:04 by
