TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 259fa60f6c430d8bd670afeba63a5c6a8df2c85d / . / library / aria.c
blob: da31f09d7154c78f8b3a8de3d227fcaf9deb2998 [file] [log] [blame]
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]1/*
2 * ARIA implementation
3 *
4 * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_ARIA_C)
29
30#include "mbedtls/aria.h"
31
32#include <string.h>
33
34#if defined(MBEDTLS_SELF_TEST)
35#if defined(MBEDTLS_PLATFORM_C)
36#include "mbedtls/platform.h"
37#else
38#include <stdio.h>
39#define mbedtls_printf printf
40#endif /* MBEDTLS_PLATFORM_C */
41#endif /* MBEDTLS_SELF_TEST */
42
43#if !defined(MBEDTLS_ARIA_ALT)
44
45// 32-bit integer manipulation macros (little endian)
46
47#ifndef GET_UINT32_LE
48#define GET_UINT32_LE(n,b,i) \
49{ \
50 (n) = ( (uint32_t) (b)[(i) ] ) \
51 | ( (uint32_t) (b)[(i) + 1] << 8 ) \
52 | ( (uint32_t) (b)[(i) + 2] << 16 ) \
53 | ( (uint32_t) (b)[(i) + 3] << 24 ); \
54}
55#endif
56
57#ifndef PUT_UINT32_LE
58#define PUT_UINT32_LE(n,b,i) \
59{ \
60 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
61 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
62 (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
63 (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
64}
65#endif
66
67// FLIP1 modifies byte order ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits
68#define ARIA_FLIP1(x) (((x) >> 16) ^ ((x) << 16))
69
70// FLIP2 modifies byte order ( A B C D ) -> ( B A D C ), swap pairs of bytes
71#define ARIA_FLIP2(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8))
72
73// Affine Transform A
74// (ra, rb, rc, rd) = state in/out
75// (ta, tb, tc) = temporary variables
76
77#define ARIA_A( ra, rb, rc, rd, ta, tb, tc ) { \
78 ta = rb; \
79 rb = ra; \
80 ra = ARIA_FLIP1( ta ); \
81 tb = ARIA_FLIP1( rd ); \
82 rd = ARIA_FLIP2( rc ); \
83 rc = ARIA_FLIP2( tb ); \
84 ta ^= rd; \
85 tc = ARIA_FLIP1( rb ); \
86 ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \
87 tb ^= ARIA_FLIP1( rd ); \
88 tc ^= ARIA_FLIP2( ra ); \
89 rb ^= ta ^ tb; \
90 tb = ARIA_FLIP1( tb ) ^ ta; \
91 ra ^= ARIA_FLIP2( tb ); \
92 ta = ARIA_FLIP1( ta ); \
93 rd ^= ARIA_FLIP2( ta ) ^ tc; \
94 tc = ARIA_FLIP1( tc ); \
95 rc ^= ARIA_FLIP2( tc ) ^ ta; \
96}
97
98
99// ARIA Round function ( Substitution Layer SLx + Affine Transform A )
100// (ra, rb, rc, rd) = state in/out
101// (sa, sb, sc, sd) = 256 8-bit S-Boxes
102// (ta, tb, tc) = temporary variables
103
104#define ARIA_SLA( ra, rb, rc, rd, sa, sb, sc, sd, ta, tb, tc ) { \
105 ta = ( (uint32_t) sc[(rb >> 16) & 0xFF]) ^ \
106 (((uint32_t) sd[ rb >> 24]) << 8) ^ \
107 (((uint32_t) sa[ rb & 0xFF]) << 16) ^ \
108 (((uint32_t) sb[(rb >> 8) & 0xFF]) << 24); \
109 rb = ( (uint32_t) sa[ ra & 0xFF]) ^ \
110 (((uint32_t) sb[(ra >> 8) & 0xFF]) << 8) ^ \
111 (((uint32_t) sc[(ra >> 16) & 0xFF]) << 16) ^ \
112 (((uint32_t) sd[ ra >> 24]) << 24); \
113 ra = ta; \
114 ta = ( (uint32_t) sd[ rd >> 24]) ^ \
115 (((uint32_t) sc[(rd >> 16) & 0xFF]) << 8) ^ \
116 (((uint32_t) sb[(rd >> 8) & 0xFF]) << 16) ^ \
117 (((uint32_t) sa[ rd & 0xFF]) << 24); \
118 rd = ( (uint32_t) sb[(rc >> 8) & 0xFF]) ^ \
119 (((uint32_t) sa[ rc & 0xFF]) << 8) ^ \
120 (((uint32_t) sd[ rc >> 24]) << 16) ^ \
121 (((uint32_t) sc[(rc >> 16) & 0xFF]) << 24); \
122 rc = ta; \
123 ta = ARIA_FLIP1( ra ) ^ rd; \
124 tc = ARIA_FLIP1( rb ); \
125 ta = ARIA_FLIP2( ta ) ^ tc ^ rc; \
126 tb = ARIA_FLIP2( rc ) ^ ARIA_FLIP1( rd ); \
127 tc ^= ARIA_FLIP2( ra ); \
128 rb ^= ta^ tb; \
129 tb = ARIA_FLIP1( tb ) ^ ta; \
130 ra ^= ARIA_FLIP2( tb ); \
131 ta = ARIA_FLIP1( ta ); \
132 rd ^= ARIA_FLIP2( ta ) ^ tc; \
133 tc = ARIA_FLIP1( tc ); \
134 rc ^= ARIA_FLIP2( tc ) ^ ta; \
135}
136
137// S-Boxes
138
139static const uint8_t aria_sb1[0x100] =
140{
141 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B,
142 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
143 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26,
144 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
145 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2,
146 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
147 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED,
148 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
149 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F,
150 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
151 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC,
152 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
153 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14,
154 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
155 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D,
156 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
157 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F,
158 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
159 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11,
160 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
161 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F,
162 0xB0, 0x54, 0xBB, 0x16
163};
164
165static const uint8_t aria_sb2[0x100] =
166{
167 0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46,
168 0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B,
169 0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 0x1D, 0x06, 0x41, 0x6B,
170 0x55, 0xF0, 0x99, 0x69, 0xEA, 0x9C, 0x18, 0xAE, 0x63, 0xDF, 0xE7, 0xBB,
171 0x00, 0x73, 0x66, 0xFB, 0x96, 0x4C, 0x85, 0xE4, 0x3A, 0x09, 0x45, 0xAA,
172 0x0F, 0xEE, 0x10, 0xEB, 0x2D, 0x7F, 0xF4, 0x29, 0xAC, 0xCF, 0xAD, 0x91,
173 0x8D, 0x78, 0xC8, 0x95, 0xF9, 0x2F, 0xCE, 0xCD, 0x08, 0x7A, 0x88, 0x38,
174 0x5C, 0x83, 0x2A, 0x28, 0x47, 0xDB, 0xB8, 0xC7, 0x93, 0xA4, 0x12, 0x53,
175 0xFF, 0x87, 0x0E, 0x31, 0x36, 0x21, 0x58, 0x48, 0x01, 0x8E, 0x37, 0x74,
176 0x32, 0xCA, 0xE9, 0xB1, 0xB7, 0xAB, 0x0C, 0xD7, 0xC4, 0x56, 0x42, 0x26,
177 0x07, 0x98, 0x60, 0xD9, 0xB6, 0xB9, 0x11, 0x40, 0xEC, 0x20, 0x8C, 0xBD,
178 0xA0, 0xC9, 0x84, 0x04, 0x49, 0x23, 0xF1, 0x4F, 0x50, 0x1F, 0x13, 0xDC,
179 0xD8, 0xC0, 0x9E, 0x57, 0xE3, 0xC3, 0x7B, 0x65, 0x3B, 0x02, 0x8F, 0x3E,
180 0xE8, 0x25, 0x92, 0xE5, 0x15, 0xDD, 0xFD, 0x17, 0xA9, 0xBF, 0xD4, 0x9A,
181 0x7E, 0xC5, 0x39, 0x67, 0xFE, 0x76, 0x9D, 0x43, 0xA7, 0xE1, 0xD0, 0xF5,
182 0x68, 0xF2, 0x1B, 0x34, 0x70, 0x05, 0xA3, 0x8A, 0xD5, 0x79, 0x86, 0xA8,
183 0x30, 0xC6, 0x51, 0x4B, 0x1E, 0xA6, 0x27, 0xF6, 0x35, 0xD2, 0x6E, 0x24,
184 0x16, 0x82, 0x5F, 0xDA, 0xE6, 0x75, 0xA2, 0xEF, 0x2C, 0xB2, 0x1C, 0x9F,
185 0x5D, 0x6F, 0x80, 0x0A, 0x72, 0x44, 0x9B, 0x6C, 0x90, 0x0B, 0x5B, 0x33,
186 0x7D, 0x5A, 0x52, 0xF3, 0x61, 0xA1, 0xF7, 0xB0, 0xD6, 0x3F, 0x7C, 0x6D,
187 0xED, 0x14, 0xE0, 0xA5, 0x3D, 0x22, 0xB3, 0xF8, 0x89, 0xDE, 0x71, 0x1A,
188 0xAF, 0xBA, 0xB5, 0x81
189};
190
191static const uint8_t aria_is1[0x100] =
192{
193 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E,
194 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
195 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32,
196 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
197 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49,
198 0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
199 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 0x6C, 0x70, 0x48, 0x50,
200 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
201 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05,
202 0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
203 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41,
204 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
205 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8,
206 0x1C, 0x75, 0xDF, 0x6E, 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
207 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B,
208 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
209 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59,
210 0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
211 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D,
212 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
213 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63,
214 0x55, 0x21, 0x0C, 0x7D
215};
216
217static const uint8_t aria_is2[0x100] =
218{
219 0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1,
220 0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3,
221 0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 0x81, 0x65, 0xF5, 0x89,
222 0xCB, 0x9D, 0x77, 0xC6, 0x57, 0x43, 0x56, 0x17, 0xD4, 0x40, 0x1A, 0x4D,
223 0xC0, 0x63, 0x6C, 0xE3, 0xB7, 0xC8, 0x64, 0x6A, 0x53, 0xAA, 0x38, 0x98,
224 0x0C, 0xF4, 0x9B, 0xED, 0x7F, 0x22, 0x76, 0xAF, 0xDD, 0x3A, 0x0B, 0x58,
225 0x67, 0x88, 0x06, 0xC3, 0x35, 0x0D, 0x01, 0x8B, 0x8C, 0xC2, 0xE6, 0x5F,
226 0x02, 0x24, 0x75, 0x93, 0x66, 0x1E, 0xE5, 0xE2, 0x54, 0xD8, 0x10, 0xCE,
227 0x7A, 0xE8, 0x08, 0x2C, 0x12, 0x97, 0x32, 0xAB, 0xB4, 0x27, 0x0A, 0x23,
228 0xDF, 0xEF, 0xCA, 0xD9, 0xB8, 0xFA, 0xDC, 0x31, 0x6B, 0xD1, 0xAD, 0x19,
229 0x49, 0xBD, 0x51, 0x96, 0xEE, 0xE4, 0xA8, 0x41, 0xDA, 0xFF, 0xCD, 0x55,
230 0x86, 0x36, 0xBE, 0x61, 0x52, 0xF8, 0xBB, 0x0E, 0x82, 0x48, 0x69, 0x9A,
231 0xE0, 0x47, 0x9E, 0x5C, 0x04, 0x4B, 0x34, 0x15, 0x79, 0x26, 0xA7, 0xDE,
232 0x29, 0xAE, 0x92, 0xD7, 0x84, 0xE9, 0xD2, 0xBA, 0x5D, 0xF3, 0xC5, 0xB0,
233 0xBF, 0xA4, 0x3B, 0x71, 0x44, 0x46, 0x2B, 0xFC, 0xEB, 0x6F, 0xD5, 0xF6,
234 0x14, 0xFE, 0x7C, 0x70, 0x5A, 0x7D, 0xFD, 0x2F, 0x18, 0x83, 0x16, 0xA5,
235 0x91, 0x1F, 0x05, 0x95, 0x74, 0xA9, 0xC1, 0x5B, 0x4A, 0x85, 0x6D, 0x13,
236 0x07, 0x4F, 0x4E, 0x45, 0xB2, 0x0F, 0xC9, 0x1C, 0xA6, 0xBC, 0xEC, 0x73,
237 0x90, 0x7B, 0xCF, 0x59, 0x8F, 0xA1, 0xF9, 0x2D, 0xF2, 0xB1, 0x00, 0x94,
238 0x37, 0x9F, 0xD0, 0x2E, 0x9C, 0x6E, 0x28, 0x3F, 0x80, 0xF0, 0x3D, 0xD3,
239 0x25, 0x8A, 0xB5, 0xE7, 0x42, 0xB3, 0xC7, 0xEA, 0xF7, 0x4C, 0x11, 0x33,
240 0x03, 0xA2, 0xAC, 0x60
241};
242// FO and FE are helpers for key schedule
243
244// r = FO( p, k ) ^ x
245
246static void aria_fo( uint32_t r[4],
247 const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] )
248{
249 uint32_t a, b, c, d;
250 uint32_t t, u, v;
251
252 a = p[0] ^ k[0];
253 b = p[1] ^ k[1];
254 c = p[2] ^ k[2];
255 d = p[3] ^ k[3];
256
257 ARIA_SLA( a, b, c, d, aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v );
258
259 r[0] = a ^ x[0];
260 r[1] = b ^ x[1];
261 r[2] = c ^ x[2];
262 r[3] = d ^ x[3];
263}
264
265// r = FE( p, k ) ^ x
266
267static void aria_fe(uint32_t r[4],
268 const uint32_t p[4], const uint32_t k[4], const uint32_t x[4] )
269{
270 uint32_t a, b, c, d;
271 uint32_t t, u, v;
272
273 a = p[0] ^ k[0];
274 b = p[1] ^ k[1];
275 c = p[2] ^ k[2];
276 d = p[3] ^ k[3];
277
278 ARIA_SLA( a, b, c, d, aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v );
279
280 r[0] = a ^ x[0];
281 r[1] = b ^ x[1];
282 r[2] = c ^ x[2];
283 r[3] = d ^ x[3];
284}
285
286// Big endian 128-bit rotation: d = a ^ (b <<< n), used only in key setup.
287// This is relatively slow since our implementation is geared towards
288// little-endian targets and stores state in that order.
289
290static void aria_rot128(uint32_t r[4], const uint32_t a[4],
291 const uint32_t b[4], int n)
292{
293 int i, j, n1, n2;
294 uint32_t t, u;
295
296 j = (n >> 5) & 3; // word offset
297 n1 = n & 0x1F; // bit offsets
298 n2 = 32 - n1; // n1 should be nonzero!
299 t = ARIA_FLIP1( ARIA_FLIP2( b[j] ) ); // big endian
300 for( i = 0; i < 4; i++ )
301 {
302 j = (j + 1) & 3; // get next word, big endian
303 u = ARIA_FLIP1( ARIA_FLIP2( b[j] ) );
304 t <<= n1; // rotate
305 if (n2 < 32) // intel rotate 32 bits = 0 bits..
306 t |= u >> n2;
307 t = ARIA_FLIP1( ARIA_FLIP2( t ) ); // back to little endian
308 r[i] = a[i] ^ t; // store
309 t = u; // move to next word
310 }
311}
312
313// Set encryption key
314
315int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
316 const unsigned char *key, unsigned int keybits)
317{
318 // round constant masks
319 const uint32_t rc[3][4] =
320 {
321 { 0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA },
322 { 0xCC4AB16D, 0x20C8219E, 0xD5B128FF, 0xB0E25DEF },
323 { 0x1D3792DB, 0x70E92621, 0x75972403, 0x0EC9E804 }
324 };
325
326 int i;
327 uint32_t w[4][4], *w2;
328
329 if (keybits != 128 && keybits != 192 && keybits != 256)
330 return MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH;
331
332 // W0 = KL
333 GET_UINT32_LE( w[0][0], key, 0 ); // copy key to W0 | W1
334 GET_UINT32_LE( w[0][1], key, 4 );
335 GET_UINT32_LE( w[0][2], key, 8 );
336 GET_UINT32_LE( w[0][3], key, 12 );
337
338 memset(w[1], 0, 16);
339 if( keybits >= 192 )
340 {
341 GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key
342 GET_UINT32_LE( w[1][1], key, 20 );
343 }
344 if( keybits == 256 )
345 {
346 GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key
347 GET_UINT32_LE( w[1][3], key, 28 );
348 }
349
350 i = (keybits - 128) >> 6; // index: 0, 1, 2
351 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16
352
353 aria_fo( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR
354 i = i < 2 ? i + 1 : 0;
355 aria_fe( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0
356 i = i < 2 ? i + 1 : 0;
357 aria_fo( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1
358
359 for( i = 0; i < 4; i++ ) // create round keys
360 {
361 w2 = w[(i + 1) & 3];
362 aria_rot128( ctx->rk[i ], w[i], w2, -19);
363 aria_rot128( ctx->rk[i + 4], w[i], w2, -31);
364 aria_rot128( ctx->rk[i + 8], w[i], w2, 61);
365 aria_rot128( ctx->rk[i + 12], w[i], w2, 31);
366 }
367 aria_rot128( ctx->rk[16], w[0], w[1], 19 );
368
369 return 0;
370}
371
372// Set decryption key
373
374int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
375 const unsigned char *key, unsigned int keybits)
376{
377 int i, j, k, ret;
378 uint32_t t, u, v;
379
380 ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
381 if( ret != 0 )
382 return ret;
383
384 // flip the order of round keys
385 for( i = 0, j = ctx->nr; i < j; i++, j-- )
386 {
387 for( k = 0; k < 4; k++ )
388 {
389 t = ctx->rk[i][k];
390 ctx->rk[i][k] = ctx->rk[j][k];
391 ctx->rk[j][k] = t;
392 }
393 }
394
395 // apply affine transform to middle keys
396 for (i = 1; i < ctx->nr; i++ )
397 {
398 ARIA_A( ctx->rk[i][0], ctx->rk[i][1], ctx->rk[i][2], ctx->rk[i][3],
399 t, u, v );
400 }
401
402 return 0;
403}
404
405// Encrypt a block
406
407int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
408 int mode,
409 const unsigned char input[16],
410 unsigned char output[16] )
411{
412 int i;
413
414 uint32_t a, b, c, d;
415 uint32_t t, u, v;
416
417 ( (void) mode );
418
419 GET_UINT32_LE( a, input, 0 );
420 GET_UINT32_LE( b, input, 4 );
421 GET_UINT32_LE( c, input, 8 );
422 GET_UINT32_LE( d, input, 12 );
423
424 i = 0;
425 while (1)
426 {
427 a ^= ctx->rk[i][0];
428 b ^= ctx->rk[i][1];
429 c ^= ctx->rk[i][2];
430 d ^= ctx->rk[i][3];
431 i++;
432 ARIA_SLA( a, b, c, d,
433 aria_sb1, aria_sb2, aria_is1, aria_is2, t, u, v );
434
435 a ^= ctx->rk[i][0];
436 b ^= ctx->rk[i][1];
437 c ^= ctx->rk[i][2];
438 d ^= ctx->rk[i][3];
439 i++;
440 if (i >= ctx->nr)
441 break;
442
443 ARIA_SLA( a, b, c, d,
444 aria_is1, aria_is2, aria_sb1, aria_sb2, t, u, v );
445 }
446
447 // final substitution
448
449 a = ctx->rk[i][0] ^
450 ( (uint32_t) aria_is1[ a & 0xFF]) ^
451 (((uint32_t) aria_is2[(a >> 8) & 0xFF]) << 8) ^
452 (((uint32_t) aria_sb1[(a >> 16) & 0xFF]) << 16) ^
453 (((uint32_t) aria_sb2[ a >> 24 ]) << 24);
454
455 b = ctx->rk[i][1] ^
456 ( (uint32_t) aria_is1[ b & 0xFF]) ^
457 (((uint32_t) aria_is2[(b >> 8) & 0xFF]) << 8) ^
458 (((uint32_t) aria_sb1[(b >> 16) & 0xFF]) << 16) ^
459 (((uint32_t) aria_sb2[ b >> 24 ]) << 24);
460
461 c = ctx->rk[i][2] ^
462 ( (uint32_t) aria_is1[ c & 0xFF]) ^
463 (((uint32_t) aria_is2[(c >> 8) & 0xFF]) << 8) ^
464 (((uint32_t) aria_sb1[(c >> 16) & 0xFF]) << 16) ^
465 (((uint32_t) aria_sb2[ c >> 24 ]) << 24);
466
467 d = ctx->rk[i][3] ^
468 ( (uint32_t) aria_is1[ d & 0xFF]) ^
469 (((uint32_t) aria_is2[(d >> 8) & 0xFF]) << 8) ^
470 (((uint32_t) aria_sb1[(d >> 16) & 0xFF]) << 16) ^
471 (((uint32_t) aria_sb2[ d >> 24 ]) << 24);
472
473 PUT_UINT32_LE( a, output, 0 );
474 PUT_UINT32_LE( b, output, 4 );
475 PUT_UINT32_LE( c, output, 8 );
476 PUT_UINT32_LE( d, output, 12 );
477
478 return 0;
479}
480
481
482
483#if defined(MBEDTLS_CIPHER_MODE_CBC)
484/*
485 * ARIA-CBC buffer encryption/decryption
486 */
487int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
488 int mode,
489 size_t length,
490 unsigned char iv[16],
491 const unsigned char *input,
492 unsigned char *output )
493{
494 int i;
495 unsigned char temp[16];
496
497 if( length % 16 )
498 return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
499
500 if( mode == MBEDTLS_ARIA_DECRYPT )
501 {
502 while( length > 0 )
503 {
504 memcpy( temp, input, 16 );
505 mbedtls_aria_crypt_ecb( ctx, mode, input, output );
506
507 for( i = 0; i < 16; i++ )
508 output[i] = (unsigned char)( output[i] ^ iv[i] );
509
510 memcpy( iv, temp, 16 );
511
512 input += 16;
513 output += 16;
514 length -= 16;
515 }
516 }
517 else
518 {
519 while( length > 0 )
520 {
521 for( i = 0; i < 16; i++ )
522 output[i] = (unsigned char)( input[i] ^ iv[i] );
523
524 mbedtls_aria_crypt_ecb( ctx, mode, output, output );
525 memcpy( iv, output, 16 );
526
527 input += 16;
528 output += 16;
529 length -= 16;
530 }
531 }
532
533 return( 0 );
534}
535#endif /* MBEDTLS_CIPHER_MODE_CBC */
536
537#if defined(MBEDTLS_CIPHER_MODE_CFB)
538/*
539 * ARIA-CFB128 buffer encryption/decryption
540 */
541int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
542 int mode,
543 size_t length,
544 size_t *iv_off,
545 unsigned char iv[16],
546 const unsigned char *input,
547 unsigned char *output )
548{
549 int c;
550 size_t n = *iv_off;
551
552 if( mode == MBEDTLS_ARIA_DECRYPT )
553 {
554 while( length-- )
555 {
556 if( n == 0 )
557 mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv );
558
559 c = *input++;
560 *output++ = (unsigned char)( c ^ iv[n] );
561 iv[n] = (unsigned char) c;
562
563 n = ( n + 1 ) & 0x0F;
564 }
565 }
566 else
567 {
568 while( length-- )
569 {
570 if( n == 0 )
571 mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, iv, iv );
572
573 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
574
575 n = ( n + 1 ) & 0x0F;
576 }
577 }
578
579 *iv_off = n;
580
581 return( 0 );
582}
583#endif /* MBEDTLS_CIPHER_MODE_CFB */
584
585#if defined(MBEDTLS_CIPHER_MODE_CTR)
586/*
587 * ARIA-CTR buffer encryption/decryption
588 */
589int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
590 size_t length,
591 size_t *nc_off,
592 unsigned char nonce_counter[16],
593 unsigned char stream_block[16],
594 const unsigned char *input,
595 unsigned char *output )
596{
597 int c, i;
598 size_t n = *nc_off;
599
600 while( length-- )
601 {
602 if( n == 0 ) {
603 mbedtls_aria_crypt_ecb( ctx, MBEDTLS_ARIA_ENCRYPT, nonce_counter,
604 stream_block );
605
606 for( i = 16; i > 0; i-- )
607 if( ++nonce_counter[i - 1] != 0 )
608 break;
609 }
610 c = *input++;
611 *output++ = (unsigned char)( c ^ stream_block[n] );
612
613 n = ( n + 1 ) & 0x0F;
614 }
615
616 *nc_off = n;
617
618 return( 0 );
619}
620#endif /* MBEDTLS_CIPHER_MODE_CTR */
621#endif /* !MBEDTLS_ARIA_ALT */
622
623#if defined(MBEDTLS_SELF_TEST)
624
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]625// Basic ARIA ECB test vectors from RFC 5794
626
627static const uint8_t aria_test1_ecb_key[32] = // test key
628{
629 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit
630 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
631 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit
632 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit
633};
634
635static const uint8_t aria_test1_ecb_pt[16] = // plaintext
636{
637 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all
638 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes
639};
640
641static const uint8_t aria_test1_ecb_ct[3][16] = // ciphertext
642{
643 { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit
644 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 },
645 { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit
646 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 },
647 { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit
648 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC }
649};
650
651// Mode tests from "Test Vectors for ARIA" Version 1.0
652// http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf
653
654#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
655 defined(MBEDTLS_CIPHER_MODE_CFB) || \
656 defined(MBEDTLS_CIPHER_MODE_CTR))
657
658static const uint8_t aria_test2_key[32] =
659{
660 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 128 bit
661 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
662 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 192 bit
663 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff // 256 bit
664};
665
666static const uint8_t aria_test2_iv[16] =
667{
668 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for all
669 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0
670};
671
672static const uint8_t aria_test2_pt[48] =
673{
674 0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa, // same for all
675 0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb,
676 0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc,
677 0x11, 0x11, 0x11, 0x11, 0xdd, 0xdd, 0xdd, 0xdd,
678 0x22, 0x22, 0x22, 0x22, 0xaa, 0xaa, 0xaa, 0xaa,
679 0x22, 0x22, 0x22, 0x22, 0xbb, 0xbb, 0xbb, 0xbb,
680};
681
682#endif /* defined(MBEDTLS_CIPHER_MODE_CBC) || \
683 defined(MBEDTLS_CIPHER_MODE_CFB) || \
684 defined(MBEDTLS_CIPHER_MODE_CTR) */
685
686#if defined(MBEDTLS_CIPHER_MODE_CBC)
687static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertxt
688{
689 { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key
690 0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34,
691 0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64,
692 0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38,
693 0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c,
694 0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 },
695 { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key
696 0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f,
697 0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1,
698 0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5,
699 0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92,
700 0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e },
701 { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key
702 0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab,
703 0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef,
704 0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52,
705 0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5,
706 0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b }
707};
708#endif /* MBEDTLS_CIPHER_MODE_CBC */
709
710#if defined(MBEDTLS_CIPHER_MODE_CFB)
711static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertxt
712{
713 { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key
714 0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00,
715 0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a,
716 0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01,
717 0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96,
718 0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b },
719 { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key
720 0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c,
721 0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94,
722 0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59,
723 0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86,
724 0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b },
725 { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key
726 0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35,
727 0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70,
728 0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa,
729 0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c,
730 0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 }
731};
732#endif /* MBEDTLS_CIPHER_MODE_CFB */
733
734#if defined(MBEDTLS_CIPHER_MODE_CTR)
735static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertxt
736{
737 { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key
738 0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1,
739 0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1,
740 0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f,
741 0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71,
742 0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 },
743 { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key
744 0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce,
745 0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde,
746 0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79,
747 0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce,
748 0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf },
749 { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key
750 0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2,
751 0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89,
752 0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f,
753 0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7,
754 0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 }
755};
756#endif /* MBEDTLS_CIPHER_MODE_CFB */
757
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]758/*
759 * Checkup routine
760 */
761
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]762#define ARIA_SELF_TEST_IF_FAIL \
763 { \
764 if( verbose ) \
765 printf( "failed\n" ); \
766 return( 1 ); \
767 } else { \
768 if( verbose ) \
769 printf( "passed\n" ); \
770 }
771
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]772int mbedtls_aria_self_test( int verbose )
773{
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]774 int i;
775 uint8_t blk[16];
776 mbedtls_aria_context ctx;
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]777#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
778 defined(MBEDTLS_CIPHER_MODE_CFB) || \
779 defined(MBEDTLS_CIPHER_MODE_CTR))
780 size_t j;
781 uint8_t buf[48], iv[16];
782#endif
783
784 // Test set 1
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]785
786 for( i = 0; i < 3; i++ )
787 {
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]788 // test ECB encryption
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]789 if( verbose )
790 printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i);
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]791 mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]792 mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT,
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]793 aria_test1_ecb_pt, blk );
794 if( memcmp( blk, aria_test1_ecb_ct[i], 16 ) != 0 )
795 ARIA_SELF_TEST_IF_FAIL;
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]796
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]797 // test ECB decryption
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]798 if( verbose )
799 printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i);
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]800 mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]801 mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT,
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]802 aria_test1_ecb_ct[i], blk );
803 if (memcmp( blk, aria_test1_ecb_pt, 16 ) != 0)
804 ARIA_SELF_TEST_IF_FAIL;
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]805 }
Markku-Juhani O. Saarinen259fa602017-11-30 15:48:37 +0000[diff] [blame^]806 if( verbose )
807 printf("\n");
808
809 // Test set 2
810
811#if defined(MBEDTLS_CIPHER_MODE_CBC)
812 for( i = 0; i < 3; i++ )
813 {
814 // Test CBC encryption
815 if( verbose )
816 printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i);
817 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
818 memcpy( iv, aria_test2_iv, 16 );
819 memset( buf, 0x55, sizeof(buf) );
820 mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
821 aria_test2_pt, buf );
822 if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 )
823 ARIA_SELF_TEST_IF_FAIL;
824
825 // Test CBC decryption
826 if( verbose )
827 printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i);
828 mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
829 memcpy( iv, aria_test2_iv, 16 );
830 memset( buf, 0xAA, sizeof(buf) );
831 mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
832 aria_test2_cbc_ct[i], buf );
833 if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
834 ARIA_SELF_TEST_IF_FAIL;
835 }
836 if( verbose )
837 printf("\n");
838
839#endif /* MBEDTLS_CIPHER_MODE_CBC */
840
841#if defined(MBEDTLS_CIPHER_MODE_CFB)
842 for( i = 0; i < 3; i++ )
843 {
844 // Test CFB encryption
845 if( verbose )
846 printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i);
847 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
848 memcpy( iv, aria_test2_iv, 16 );
849 memset( buf, 0x55, sizeof(buf) );
850 j = 0;
851 mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
852 aria_test2_pt, buf );
853 if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 )
854 ARIA_SELF_TEST_IF_FAIL;
855
856 // Test CFB decryption
857 if( verbose )
858 printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i);
859 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
860 memcpy( iv, aria_test2_iv, 16 );
861 memset( buf, 0xAA, sizeof(buf) );
862 j = 0;
863 mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
864 iv, aria_test2_cfb_ct[i], buf );
865 if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
866 ARIA_SELF_TEST_IF_FAIL;
867 }
868 if( verbose )
869 printf("\n");
870#endif /* MBEDTLS_CIPHER_MODE_CFB */
871
872#if defined(MBEDTLS_CIPHER_MODE_CTR)
873 for( i = 0; i < 3; i++ )
874 {
875 // Test CTR encryption
876 if( verbose )
877 printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i);
878 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
879 memset( iv, 0, 16 ); // IV = 0
880 memset( buf, 0x55, sizeof(buf) );
881 j = 0;
882 mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
883 aria_test2_pt, buf );
884 if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 )
885 ARIA_SELF_TEST_IF_FAIL;
886
887 // Test CTR decryption
888 if( verbose )
889 printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i);
890 mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
891 memset( iv, 0, 16 ); // IV = 0
892 memset( buf, 0xAA, sizeof(buf) );
893 j = 0;
894 mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
895 aria_test2_ctr_ct[i], buf );
896 if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
897 ARIA_SELF_TEST_IF_FAIL;
898 }
899 if( verbose )
900 printf("\n");
901#endif /* MBEDTLS_CIPHER_MODE_CTR */
Markku-Juhani O. Saarinen41efbaa2017-11-30 11:37:55 +0000[diff] [blame]902
903 return( 0 );
904}
905
906#endif /* MBEDTLS_SELF_TEST */
907
908#endif /* MBEDTLS_ARIA_C */