TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 66d5d076f754507e1746597a337053e2f7e64cf7 / . / library / camellia.c
blob: f1d4d6b24bbb5f81531825b94785b1c4556749c3 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]26 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]28 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]29 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]30 */
31
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]33#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]34#else
35#include POLARSSL_CONFIG_FILE
36#endif
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]37
38#if defined(POLARSSL_CAMELLIA_C)
39
40#include "polarssl/camellia.h"
41
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]42#if defined(POLARSSL_PLATFORM_C)
43#include "polarssl/platform.h"
44#else
45#define polarssl_printf printf
46#endif
47
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]48#if !defined(POLARSSL_CAMELLIA_ALT)
49
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]50/* Implementation that should never be optimized out by the compiler */
51static void polarssl_zeroize( void *v, size_t n ) {
52 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
53}
54
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]55/*
56 * 32-bit integer manipulation macros (big endian)
57 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]58#ifndef GET_UINT32_BE
59#define GET_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]60{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]61 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
62 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
63 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
64 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]65}
66#endif
67
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]68#ifndef PUT_UINT32_BE
69#define PUT_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]70{ \
71 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
72 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
73 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
74 (b)[(i) + 3] = (unsigned char) ( (n) ); \
75}
76#endif
77
78static const unsigned char SIGMA_CHARS[6][8] =
79{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]80 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
81 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
82 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
83 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
84 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
85 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]86};
87
Paul Bakker33008ee2011-11-18 12:58:25 +0000[diff] [blame]88#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]89
90static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]91{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]92 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
93 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
94 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
95 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
96 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
97 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
98 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
99 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
100 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
101 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
102 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
103 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
104 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
105 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
106 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
107 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]108};
109
110#define SBOX1(n) FSb[(n)]
111#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
112#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]113#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
114
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]115#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]116
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]117static const unsigned char FSb[256] =
118{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]119 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
120 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
121 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
122 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
123 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
124 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
125 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
126 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
127 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
128 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
129 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
130 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
131 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
132 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
133 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
134 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]135};
136
137static const unsigned char FSb2[256] =
138{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]139 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
140 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
141 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
142 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
143 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
144 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
145 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
146 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
147 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
148 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
149 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
150 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
151 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
152 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
153 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
154 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]155};
156
157static const unsigned char FSb3[256] =
158{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]159 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
160 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
161 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
162 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
163 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
164 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
165 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
166 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
167 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
168 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
169 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
170 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
171 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
172 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
173 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
174 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]175};
176
177static const unsigned char FSb4[256] =
178{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]179 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
180 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
181 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
182 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
183 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
184 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
185 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
186 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
187 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
188 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
189 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
190 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
191 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
192 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
193 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
194 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]195};
196
197#define SBOX1(n) FSb[(n)]
198#define SBOX2(n) FSb2[(n)]
199#define SBOX3(n) FSb3[(n)]
200#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]201
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]202#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]203
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]204static const unsigned char shifts[2][4][4] =
205{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]206 {
207 { 1, 1, 1, 1 }, /* KL */
208 { 0, 0, 0, 0 }, /* KR */
209 { 1, 1, 1, 1 }, /* KA */
210 { 0, 0, 0, 0 } /* KB */
211 },
212 {
213 { 1, 0, 1, 1 }, /* KL */
214 { 1, 1, 0, 1 }, /* KR */
215 { 1, 1, 1, 0 }, /* KA */
216 { 1, 1, 0, 1 } /* KB */
217 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]218};
219
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]220static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]221{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]222 {
223 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
224 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
225 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
226 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
227 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
228 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
229 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
230 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
231 },
232 {
233 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
234 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
235 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
236 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
237 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
238 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
239 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
240 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
241 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]242};
243
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]244static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]245{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]246 {
247 21, 22, 23, 20,
248 -1, -1, -1, -1,
249 18, 19, 16, 17,
250 11, 8, 9, 10,
251 15, 12, 13, 14
252 },
253 {
254 25, 26, 27, 24,
255 29, 30, 31, 28,
256 18, 19, 16, 17,
257 -1, -1, -1, -1,
258 -1, -1, -1, -1
259 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]260};
261
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]262/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]263#define ROTL(DEST, SRC, SHIFT) \
264{ \
265 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
266 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
267 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
268 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]269}
270
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]271#define FL(XL, XR, KL, KR) \
272{ \
273 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
274 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]275}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]276
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]277#define FLInv(YL, YR, KL, KR) \
278{ \
279 (YL) = ((YR) | (KR)) ^ (YL); \
280 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]281}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]282
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]283#define SHIFT_AND_PLACE(INDEX, OFFSET) \
284{ \
285 TK[0] = KC[(OFFSET) * 4 + 0]; \
286 TK[1] = KC[(OFFSET) * 4 + 1]; \
287 TK[2] = KC[(OFFSET) * 4 + 2]; \
288 TK[3] = KC[(OFFSET) * 4 + 3]; \
289 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]290 for( i = 1; i <= 4; i++ ) \
291 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
292 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]293 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]294 for( i = 0; i < 20; i++ ) \
295 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
296 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
297 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]298}
299
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]300static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
301 uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]302{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]303 uint32_t I0, I1;
304 I0 = x[0] ^ k[0];
305 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]306
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]307 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
308 (SBOX2((I0 >> 16) & 0xFF) << 16) |
309 (SBOX3((I0 >> 8) & 0xFF) << 8) |
310 (SBOX4((I0 ) & 0xFF) );
311 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
312 (SBOX3((I1 >> 16) & 0xFF) << 16) |
313 (SBOX4((I1 >> 8) & 0xFF) << 8) |
314 (SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]315
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]316 I0 ^= (I1 << 8) | (I1 >> 24);
317 I1 ^= (I0 << 16) | (I0 >> 16);
318 I0 ^= (I1 >> 8) | (I1 << 24);
319 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]320
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]321 z[0] ^= I1;
322 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]323}
324
325/*
326 * Camellia key schedule (encryption)
327 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]328int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
329 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]330{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]331 int idx;
332 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]333 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]334 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]335 uint32_t SIGMA[6][2];
336 uint32_t KC[16];
337 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]338
339 RK = ctx->rk;
340
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]341 memset( t, 0, 64 );
342 memset( RK, 0, sizeof(ctx->rk) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]343
344 switch( keysize )
345 {
346 case 128: ctx->nr = 3; idx = 0; break;
347 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]348 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]349 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]350 }
351
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]352 for( i = 0; i < keysize / 8; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]353 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]354
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]355 if( keysize == 192 ) {
356 for( i = 0; i < 8; i++ )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]357 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]358 }
359
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]360 /*
361 * Prepare SIGMA values
362 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]363 for( i = 0; i < 6; i++ ) {
364 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
365 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]366 }
367
368 /*
369 * Key storage in KC
370 * Order: KL, KR, KA, KB
371 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]372 memset( KC, 0, sizeof(KC) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]373
374 /* Store KL, KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]375 for( i = 0; i < 8; i++ )
376 GET_UINT32_BE( KC[i], t, i * 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]377
378 /* Generate KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]379 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]380 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]381
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]382 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
383 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]384
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]385 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]386 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]387
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]388 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
389 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]390
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]391 if( keysize > 128 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]392 /* Generate KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]393 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]394 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]395
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]396 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
397 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]398 }
399
400 /*
401 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]402 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]403
404 /* Manipulating KL */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]405 SHIFT_AND_PLACE( idx, 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]406
407 /* Manipulating KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]408 if( keysize > 128 ) {
409 SHIFT_AND_PLACE( idx, 1 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]410 }
411
412 /* Manipulating KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]413 SHIFT_AND_PLACE( idx, 2 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]414
415 /* Manipulating KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]416 if( keysize > 128 ) {
417 SHIFT_AND_PLACE( idx, 3 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]418 }
419
420 /* Do transpositions */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]421 for( i = 0; i < 20; i++ ) {
422 if( transposes[idx][i] != -1 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]423 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
424 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]425 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]426
427 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]428}
429
430/*
431 * Camellia key schedule (decryption)
432 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]433int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
434 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]435{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]436 int idx;
437 size_t i;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]438 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]439 uint32_t *RK;
440 uint32_t *SK;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]441 int ret;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]442
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]443 /* Also checks keysize */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]444 if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]445 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]446
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]447 ctx->nr = cty.nr;
448 idx = ( ctx->nr == 4 );
449
450 RK = ctx->rk;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]451 SK = cty.rk + 24 * 2 + 8 * idx * 2;
452
453 *RK++ = *SK++;
454 *RK++ = *SK++;
455 *RK++ = *SK++;
456 *RK++ = *SK++;
457
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]458 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]459 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]460 *RK++ = *SK++;
461 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]462 }
463
464 SK -= 2;
465
466 *RK++ = *SK++;
467 *RK++ = *SK++;
468 *RK++ = *SK++;
469 *RK++ = *SK++;
470
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]471 polarssl_zeroize( &cty, sizeof( camellia_context ) );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]472
473 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]474}
475
476/*
477 * Camellia-ECB block encryption/decryption
478 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]479int camellia_crypt_ecb( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]480 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]481 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]482 unsigned char output[16] )
483{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]484 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]485 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]486
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]487 ( (void) mode );
488
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]489 NR = ctx->nr;
490 RK = ctx->rk;
491
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]492 GET_UINT32_BE( X[0], input, 0 );
493 GET_UINT32_BE( X[1], input, 4 );
494 GET_UINT32_BE( X[2], input, 8 );
495 GET_UINT32_BE( X[3], input, 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]496
497 X[0] ^= *RK++;
498 X[1] ^= *RK++;
499 X[2] ^= *RK++;
500 X[3] ^= *RK++;
501
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]502 while( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]503 --NR;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]504 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]505 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]506 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]507 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]508 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]509 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]510 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]511 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]512 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]513 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]514 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]515 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]516
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]517 if( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]518 FL(X[0], X[1], RK[0], RK[1]);
519 RK += 2;
520 FLInv(X[2], X[3], RK[0], RK[1]);
521 RK += 2;
522 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]523 }
524
525 X[2] ^= *RK++;
526 X[3] ^= *RK++;
527 X[0] ^= *RK++;
528 X[1] ^= *RK++;
529
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]530 PUT_UINT32_BE( X[2], output, 0 );
531 PUT_UINT32_BE( X[3], output, 4 );
532 PUT_UINT32_BE( X[0], output, 8 );
533 PUT_UINT32_BE( X[1], output, 12 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]534
535 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]536}
537
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]538#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]539/*
540 * Camellia-CBC buffer encryption/decryption
541 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]542int camellia_crypt_cbc( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]543 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]544 size_t length,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]545 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]546 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]547 unsigned char *output )
548{
549 int i;
550 unsigned char temp[16];
551
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]552 if( length % 16 )
553 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
554
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]555 if( mode == CAMELLIA_DECRYPT )
556 {
557 while( length > 0 )
558 {
559 memcpy( temp, input, 16 );
560 camellia_crypt_ecb( ctx, mode, input, output );
561
562 for( i = 0; i < 16; i++ )
563 output[i] = (unsigned char)( output[i] ^ iv[i] );
564
565 memcpy( iv, temp, 16 );
566
567 input += 16;
568 output += 16;
569 length -= 16;
570 }
571 }
572 else
573 {
574 while( length > 0 )
575 {
576 for( i = 0; i < 16; i++ )
577 output[i] = (unsigned char)( input[i] ^ iv[i] );
578
579 camellia_crypt_ecb( ctx, mode, output, output );
580 memcpy( iv, output, 16 );
581
582 input += 16;
583 output += 16;
584 length -= 16;
585 }
586 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]587
588 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]589}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]590#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]591
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]592#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]593/*
594 * Camellia-CFB128 buffer encryption/decryption
595 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]596int camellia_crypt_cfb128( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]597 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]598 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]599 size_t *iv_off,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]600 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]601 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]602 unsigned char *output )
603{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]604 int c;
605 size_t n = *iv_off;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]606
607 if( mode == CAMELLIA_DECRYPT )
608 {
609 while( length-- )
610 {
611 if( n == 0 )
612 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
613
614 c = *input++;
615 *output++ = (unsigned char)( c ^ iv[n] );
616 iv[n] = (unsigned char) c;
617
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]618 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]619 }
620 }
621 else
622 {
623 while( length-- )
624 {
625 if( n == 0 )
626 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
627
628 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
629
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]630 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]631 }
632 }
633
634 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]635
636 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]637}
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]638#endif /* POLARSSL_CIPHER_MODE_CFB */
639
640#if defined(POLARSSL_CIPHER_MODE_CTR)
641/*
642 * Camellia-CTR buffer encryption/decryption
643 */
644int camellia_crypt_ctr( camellia_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]645 size_t length,
646 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]647 unsigned char nonce_counter[16],
648 unsigned char stream_block[16],
649 const unsigned char *input,
650 unsigned char *output )
651{
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]652 int c, i;
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]653 size_t n = *nc_off;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]654
655 while( length-- )
656 {
657 if( n == 0 ) {
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]658 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
659 stream_block );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]660
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]661 for( i = 16; i > 0; i-- )
662 if( ++nonce_counter[i - 1] != 0 )
663 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]664 }
665 c = *input++;
666 *output++ = (unsigned char)( c ^ stream_block[n] );
667
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]668 n = ( n + 1 ) & 0x0F;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]669 }
670
671 *nc_off = n;
672
673 return( 0 );
674}
675#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]676#endif /* !POLARSSL_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]677
678#if defined(POLARSSL_SELF_TEST)
679
680#include <stdio.h>
681
682/*
683 * Camellia test vectors from:
684 *
685 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
686 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
687 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]688 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]689 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]690#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]691
692static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
693{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]694 {
695 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
696 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]697 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]698 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699 },
700 {
701 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
702 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
703 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]704 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]705 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
707 },
708 {
709 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
710 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
711 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
712 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]713 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]714 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
715 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
716 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
717 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]718};
719
720static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
721{
722 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
723 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]724 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]725 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
726};
727
728static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
729{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]730 {
731 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
732 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
733 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
734 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
735 },
736 {
737 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
738 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
739 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
740 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
741 },
742 {
743 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
744 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
745 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
746 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
747 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]748};
749
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]750#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]751#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]752
753static const unsigned char camellia_test_cbc_key[3][32] =
754{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]755 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
756 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
757 ,
758 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
759 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
760 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
761 ,
762 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
763 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
764 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
765 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]766};
767
768static const unsigned char camellia_test_cbc_iv[16] =
769
770 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
771 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
772;
773
774static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
775{
776 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
777 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
778 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
779 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
780 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
781 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
782
783};
784
785static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
786{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]787 {
788 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
789 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
790 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
791 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
792 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
793 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
794 },
795 {
796 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
797 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
798 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
799 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
800 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
801 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
802 },
803 {
804 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
805 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
806 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
807 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
808 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
809 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
810 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]811};
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]812#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]813
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]814#if defined(POLARSSL_CIPHER_MODE_CTR)
815/*
816 * Camellia-CTR test vectors from:
817 *
818 * http://www.faqs.org/rfcs/rfc5528.html
819 */
820
821static const unsigned char camellia_test_ctr_key[3][16] =
822{
823 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
824 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
825 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
826 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
827 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
828 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
829};
830
831static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
832{
833 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
834 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
835 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
836 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
837 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
838 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
839};
840
841static const unsigned char camellia_test_ctr_pt[3][48] =
842{
843 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
844 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
845
846 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
847 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
848 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
849 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
850
851 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
852 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
853 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
854 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
855 0x20, 0x21, 0x22, 0x23 }
856};
857
858static const unsigned char camellia_test_ctr_ct[3][48] =
859{
860 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
861 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
862 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
863 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
864 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
865 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
866 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
867 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
868 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
869 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
870 0xDF, 0x50, 0x86, 0x96 }
871};
872
873static const int camellia_test_ctr_len[3] =
874 { 16, 32, 36 };
875#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]876
877/*
878 * Checkup routine
879 */
880int camellia_self_test( int verbose )
881{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]882 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]883 unsigned char key[32];
884 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]885 unsigned char src[16];
886 unsigned char dst[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]887#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]888 unsigned char iv[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]889#endif
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]890#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]891 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]892 unsigned char nonce_counter[16];
893 unsigned char stream_block[16];
894#endif
895
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]896 camellia_context ctx;
897
898 memset( key, 0, 32 );
899
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]900 for( j = 0; j < 6; j++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]901 u = j >> 1;
902 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]903
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]904 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]905 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
906 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]907
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]908 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
909 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]910
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]911 if( v == CAMELLIA_DECRYPT ) {
912 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
913 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
914 memcpy( dst, camellia_test_ecb_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]915 } else { /* CAMELLIA_ENCRYPT */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]916 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
917 memcpy( src, camellia_test_ecb_plain[i], 16 );
918 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]919 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]920
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]921 camellia_crypt_ecb( &ctx, v, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]922
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]923 if( memcmp( buf, dst, 16 ) != 0 )
924 {
925 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]926 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]927
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]928 return( 1 );
929 }
930 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]931
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]932 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]933 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]934 }
935
936 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]937 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]938
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]939#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]940 /*
941 * CBC mode
942 */
943 for( j = 0; j < 6; j++ )
944 {
945 u = j >> 1;
946 v = j & 1;
947
948 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]949 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
950 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]951
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]952 memcpy( src, camellia_test_cbc_iv, 16 );
953 memcpy( dst, camellia_test_cbc_iv, 16 );
954 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]955
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]956 if( v == CAMELLIA_DECRYPT ) {
957 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]958 } else {
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]959 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]960 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]961
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]962 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]963
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]964 if( v == CAMELLIA_DECRYPT ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]965 memcpy( iv , src, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]966 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
967 memcpy( dst, camellia_test_cbc_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]968 } else { /* CAMELLIA_ENCRYPT */
969 memcpy( iv , dst, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]970 memcpy( src, camellia_test_cbc_plain[i], 16 );
971 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]972 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]973
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame^]974 camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]975
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]976 if( memcmp( buf, dst, 16 ) != 0 )
977 {
978 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]979 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]980
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]981 return( 1 );
982 }
983 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]984
985 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]986 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]987 }
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]988#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]989
990 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]991 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]992
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]993#if defined(POLARSSL_CIPHER_MODE_CTR)
994 /*
995 * CTR mode
996 */
997 for( i = 0; i < 6; i++ )
998 {
999 u = i >> 1;
1000 v = i & 1;
1001
1002 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1003 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1004 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1005
1006 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1007 memcpy( key, camellia_test_ctr_key[u], 16 );
1008
1009 offset = 0;
1010 camellia_setkey_enc( &ctx, key, 128 );
1011
1012 if( v == CAMELLIA_DECRYPT )
1013 {
1014 len = camellia_test_ctr_len[u];
1015 memcpy( buf, camellia_test_ctr_ct[u], len );
1016
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1017 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1018 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1019
1020 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1021 {
1022 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1023 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1024
1025 return( 1 );
1026 }
1027 }
1028 else
1029 {
1030 len = camellia_test_ctr_len[u];
1031 memcpy( buf, camellia_test_ctr_pt[u], len );
1032
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1033 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1034 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1035
1036 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1037 {
1038 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1039 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1040
1041 return( 1 );
1042 }
1043 }
1044
1045 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1046 polarssl_printf( "passed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1047 }
1048
1049 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1050 polarssl_printf( "\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1051#endif /* POLARSSL_CIPHER_MODE_CTR */
1052
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]1053 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1054}
1055
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1056#endif /* POLARSSL_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1057
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1058#endif /* POLARSSL_CAMELLIA_C */