TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / c2547b00340d472f6b4d8ccef06b18330c00427e / . / library / camellia.c
blob: 3f3b26856de4b032c64b8c4f3fd0650ac8c421ad [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Paul Bakker785a9ee2009-01-25 14:15:10 +0000[diff] [blame]4 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]21 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
22 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]23 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]24 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]25 */
26
27#include "polarssl/config.h"
28
29#if defined(POLARSSL_CAMELLIA_C)
30
31#include "polarssl/camellia.h"
32
33#include <string.h>
34
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]35/*
36 * 32-bit integer manipulation macros (big endian)
37 */
38#ifndef GET_ULONG_BE
39#define GET_ULONG_BE(n,b,i) \
40{ \
41 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]42 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
43 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
44 | ( (unsigned long) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]45}
46#endif
47
48#ifndef PUT_ULONG_BE
49#define PUT_ULONG_BE(n,b,i) \
50{ \
51 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
52 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
53 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
54 (b)[(i) + 3] = (unsigned char) ( (n) ); \
55}
56#endif
57
58static const unsigned char SIGMA_CHARS[6][8] =
59{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]60 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
61 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
62 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
63 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
64 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
65 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]66};
67
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]68#ifdef POLARSSL_CAMELLIA_SMALL_MEMORY
69
70static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]71{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]72 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
73 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
74 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
75 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
76 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
77 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
78 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
79 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
80 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
81 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
82 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
83 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
84 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
85 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
86 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
87 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]88};
89
90#define SBOX1(n) FSb[(n)]
91#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
92#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]93#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
94
95#else
96
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]97static const unsigned char FSb[256] =
98{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]99 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
100 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
101 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
102 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
103 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
104 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
105 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
106 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
107 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
108 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
109 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
110 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
111 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
112 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
113 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
114 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]115};
116
117static const unsigned char FSb2[256] =
118{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]119 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
120 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
121 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
122 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
123 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
124 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
125 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
126 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
127 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
128 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
129 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
130 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
131 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
132 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
133 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
134 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]135};
136
137static const unsigned char FSb3[256] =
138{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]139 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
140 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
141 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
142 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
143 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
144 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
145 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
146 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
147 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
148 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
149 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
150 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
151 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
152 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
153 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
154 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]155};
156
157static const unsigned char FSb4[256] =
158{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]159 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
160 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
161 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
162 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
163 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
164 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
165 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
166 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
167 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
168 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
169 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
170 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
171 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
172 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
173 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
174 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]175};
176
177#define SBOX1(n) FSb[(n)]
178#define SBOX2(n) FSb2[(n)]
179#define SBOX3(n) FSb3[(n)]
180#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]181
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]182#endif
183
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]184static const unsigned char shifts[2][4][4] =
185{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]186 {
187 { 1, 1, 1, 1 }, /* KL */
188 { 0, 0, 0, 0 }, /* KR */
189 { 1, 1, 1, 1 }, /* KA */
190 { 0, 0, 0, 0 } /* KB */
191 },
192 {
193 { 1, 0, 1, 1 }, /* KL */
194 { 1, 1, 0, 1 }, /* KR */
195 { 1, 1, 1, 0 }, /* KA */
196 { 1, 1, 0, 1 } /* KB */
197 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]198};
199
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]200static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]201{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]202 {
203 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
204 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
205 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
206 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
207 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
208 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
209 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
210 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
211 },
212 {
213 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
214 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
215 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
216 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
217 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
218 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
219 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
220 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
221 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]222};
223
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]224static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]225{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]226 {
227 21, 22, 23, 20,
228 -1, -1, -1, -1,
229 18, 19, 16, 17,
230 11, 8, 9, 10,
231 15, 12, 13, 14
232 },
233 {
234 25, 26, 27, 24,
235 29, 30, 31, 28,
236 18, 19, 16, 17,
237 -1, -1, -1, -1,
238 -1, -1, -1, -1
239 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]240};
241
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]242/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]243#define ROTL(DEST, SRC, SHIFT) \
244{ \
245 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
246 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
247 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
248 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]249}
250
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]251#define FL(XL, XR, KL, KR) \
252{ \
253 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
254 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]255}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]256
257#define FLInv(YL, YR, KL, KR) \
258{ \
259 (YL) = ((YR) | (KR)) ^ (YL); \
260 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]261}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]262
263#define SHIFT_AND_PLACE(INDEX, OFFSET) \
264{ \
265 TK[0] = KC[(OFFSET) * 4 + 0]; \
266 TK[1] = KC[(OFFSET) * 4 + 1]; \
267 TK[2] = KC[(OFFSET) * 4 + 2]; \
268 TK[3] = KC[(OFFSET) * 4 + 3]; \
269 \
270 for ( i = 1; i <= 4; i++ ) \
271 if (shifts[(INDEX)][(OFFSET)][i -1]) \
272 ROTL(TK + i * 4, TK, (15 * i) % 32); \
273 \
274 for ( i = 0; i < 20; i++ ) \
275 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
276 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
277 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]278}
279
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]280static void camellia_feistel(uint32_t x[2], uint32_t k[2], uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]281{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]282 uint32_t I0, I1;
283 I0 = x[0] ^ k[0];
284 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]285
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]286 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
287 (SBOX2((I0 >> 16) & 0xFF) << 16) |
288 (SBOX3((I0 >> 8) & 0xFF) << 8) |
289 (SBOX4((I0 ) & 0xFF) );
290 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
291 (SBOX3((I1 >> 16) & 0xFF) << 16) |
292 (SBOX4((I1 >> 8) & 0xFF) << 8) |
293 (SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]294
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]295 I0 ^= (I1 << 8) | (I1 >> 24);
296 I1 ^= (I0 << 16) | (I0 >> 16);
297 I0 ^= (I1 >> 8) | (I1 << 24);
298 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]299
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]300 z[0] ^= I1;
301 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]302}
303
304/*
305 * Camellia key schedule (encryption)
306 */
307void camellia_setkey_enc( camellia_context *ctx, unsigned char *key, int keysize )
308{
309 int i, idx;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]310 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]311 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]312 uint32_t SIGMA[6][2];
313 uint32_t KC[16];
314 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]315
316 RK = ctx->rk;
317
318 memset(t, 0, 64);
319 memset(RK, 0, sizeof(ctx->rk));
320
321 switch( keysize )
322 {
323 case 128: ctx->nr = 3; idx = 0; break;
324 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]325 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]326 default : return;
327 }
328
329 for( i = 0; i < keysize / 8; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]330 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]331
332 if (keysize == 192) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]333 for (i = 0; i < 8; i++)
334 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]335 }
336
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]337 /*
338 * Prepare SIGMA values
339 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]340 for (i = 0; i < 6; i++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]341 GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
342 GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]343 }
344
345 /*
346 * Key storage in KC
347 * Order: KL, KR, KA, KB
348 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]349 memset(KC, 0, sizeof(KC));
350
351 /* Store KL, KR */
352 for (i = 0; i < 8; i++)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]353 GET_ULONG_BE(KC[i], t, i * 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]354
355 /* Generate KA */
356 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]357 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]358
359 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
360 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
361
362 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]363 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]364
365 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
366 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
367
368 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]369 /* Generate KB */
370 for( i = 0; i < 4; ++i)
371 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]372
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]373 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
374 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]375 }
376
377 /*
378 * Generating subkeys
379 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]380
381 /* Manipulating KL */
382 SHIFT_AND_PLACE(idx, 0);
383
384 /* Manipulating KR */
385 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]386 SHIFT_AND_PLACE(idx, 1);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]387 }
388
389 /* Manipulating KA */
390 SHIFT_AND_PLACE(idx, 2);
391
392 /* Manipulating KB */
393 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]394 SHIFT_AND_PLACE(idx, 3);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]395 }
396
397 /* Do transpositions */
398 for ( i = 0; i < 20; i++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]399 if (transposes[idx][i] != -1) {
400 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
401 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]402 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]403}
404
405/*
406 * Camellia key schedule (decryption)
407 */
408void camellia_setkey_dec( camellia_context *ctx, unsigned char *key, int keysize )
409{
410 int i, idx;
411 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]412 uint32_t *RK;
413 uint32_t *SK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]414
415 switch( keysize )
416 {
417 case 128: ctx->nr = 3; idx = 0; break;
418 case 192:
419 case 256: ctx->nr = 4; idx = 1; break;
420 default : return;
421 }
422
423 RK = ctx->rk;
424
425 camellia_setkey_enc(&cty, key, keysize);
426
427 SK = cty.rk + 24 * 2 + 8 * idx * 2;
428
429 *RK++ = *SK++;
430 *RK++ = *SK++;
431 *RK++ = *SK++;
432 *RK++ = *SK++;
433
434 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
435 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]436 *RK++ = *SK++;
437 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]438 }
439
440 SK -= 2;
441
442 *RK++ = *SK++;
443 *RK++ = *SK++;
444 *RK++ = *SK++;
445 *RK++ = *SK++;
446
447 memset( &cty, 0, sizeof( camellia_context ) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]448}
449
450/*
451 * Camellia-ECB block encryption/decryption
452 */
453void camellia_crypt_ecb( camellia_context *ctx,
454 int mode,
455 unsigned char input[16],
456 unsigned char output[16] )
457{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]458 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]459 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]460
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame^]461 ( (void) mode );
462
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]463 NR = ctx->nr;
464 RK = ctx->rk;
465
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]466 GET_ULONG_BE( X[0], input, 0 );
467 GET_ULONG_BE( X[1], input, 4 );
468 GET_ULONG_BE( X[2], input, 8 );
469 GET_ULONG_BE( X[3], input, 12 );
470
471 X[0] ^= *RK++;
472 X[1] ^= *RK++;
473 X[2] ^= *RK++;
474 X[3] ^= *RK++;
475
476 while (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]477 --NR;
478 camellia_feistel(X, RK, X + 2);
479 RK += 2;
480 camellia_feistel(X + 2, RK, X);
481 RK += 2;
482 camellia_feistel(X, RK, X + 2);
483 RK += 2;
484 camellia_feistel(X + 2, RK, X);
485 RK += 2;
486 camellia_feistel(X, RK, X + 2);
487 RK += 2;
488 camellia_feistel(X + 2, RK, X);
489 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]490
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]491 if (NR) {
492 FL(X[0], X[1], RK[0], RK[1]);
493 RK += 2;
494 FLInv(X[2], X[3], RK[0], RK[1]);
495 RK += 2;
496 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]497 }
498
499 X[2] ^= *RK++;
500 X[3] ^= *RK++;
501 X[0] ^= *RK++;
502 X[1] ^= *RK++;
503
504 PUT_ULONG_BE( X[2], output, 0 );
505 PUT_ULONG_BE( X[3], output, 4 );
506 PUT_ULONG_BE( X[0], output, 8 );
507 PUT_ULONG_BE( X[1], output, 12 );
508}
509
510/*
511 * Camellia-CBC buffer encryption/decryption
512 */
513void camellia_crypt_cbc( camellia_context *ctx,
514 int mode,
515 int length,
516 unsigned char iv[16],
517 unsigned char *input,
518 unsigned char *output )
519{
520 int i;
521 unsigned char temp[16];
522
523 if( mode == CAMELLIA_DECRYPT )
524 {
525 while( length > 0 )
526 {
527 memcpy( temp, input, 16 );
528 camellia_crypt_ecb( ctx, mode, input, output );
529
530 for( i = 0; i < 16; i++ )
531 output[i] = (unsigned char)( output[i] ^ iv[i] );
532
533 memcpy( iv, temp, 16 );
534
535 input += 16;
536 output += 16;
537 length -= 16;
538 }
539 }
540 else
541 {
542 while( length > 0 )
543 {
544 for( i = 0; i < 16; i++ )
545 output[i] = (unsigned char)( input[i] ^ iv[i] );
546
547 camellia_crypt_ecb( ctx, mode, output, output );
548 memcpy( iv, output, 16 );
549
550 input += 16;
551 output += 16;
552 length -= 16;
553 }
554 }
555}
556
557/*
558 * Camellia-CFB128 buffer encryption/decryption
559 */
560void camellia_crypt_cfb128( camellia_context *ctx,
561 int mode,
562 int length,
563 int *iv_off,
564 unsigned char iv[16],
565 unsigned char *input,
566 unsigned char *output )
567{
568 int c, n = *iv_off;
569
570 if( mode == CAMELLIA_DECRYPT )
571 {
572 while( length-- )
573 {
574 if( n == 0 )
575 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
576
577 c = *input++;
578 *output++ = (unsigned char)( c ^ iv[n] );
579 iv[n] = (unsigned char) c;
580
581 n = (n + 1) & 0x0F;
582 }
583 }
584 else
585 {
586 while( length-- )
587 {
588 if( n == 0 )
589 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
590
591 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
592
593 n = (n + 1) & 0x0F;
594 }
595 }
596
597 *iv_off = n;
598}
599
600#if defined(POLARSSL_SELF_TEST)
601
602#include <stdio.h>
603
604/*
605 * Camellia test vectors from:
606 *
607 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
608 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
609 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]610 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]611 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]612#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]613
614static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
615{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]616 {
617 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
618 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
619 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
620 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
621 },
622 {
623 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
624 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
625 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
626 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
628 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
629 },
630 {
631 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
632 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
633 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
634 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
635 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
637 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
638 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
639 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]640};
641
642static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
643{
644 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
645 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
646 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
647 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
648};
649
650static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
651{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]652 {
653 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
654 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
655 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
656 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
657 },
658 {
659 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
660 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
661 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
662 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
663 },
664 {
665 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
666 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
667 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
668 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
669 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]670};
671
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]672#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]673
674static const unsigned char camellia_test_cbc_key[3][32] =
675{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]676 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
677 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
678 ,
679 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
680 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
681 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
682 ,
683 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
684 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
685 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
686 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]687};
688
689static const unsigned char camellia_test_cbc_iv[16] =
690
691 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
692 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
693;
694
695static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
696{
697 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
698 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
699 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
700 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
701 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
702 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
703
704};
705
706static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
707{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]708 {
709 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
710 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
711 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
712 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
713 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
714 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
715 },
716 {
717 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
718 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
719 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
720 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
721 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
722 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
723 },
724 {
725 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
726 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
727 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
728 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
729 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
730 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
731 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]732};
733
734
735/*
736 * Checkup routine
737 */
738int camellia_self_test( int verbose )
739{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]740 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]741 unsigned char key[32];
742 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]743 unsigned char src[16];
744 unsigned char dst[16];
745 unsigned char iv[16];
746 camellia_context ctx;
747
748 memset( key, 0, 32 );
749
750 for (j = 0; j < 6; j++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]751 u = j >> 1;
752 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]753
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]754 if( verbose != 0 )
755 printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
756 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]757
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]758 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
759 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]760
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]761 if (v == CAMELLIA_DECRYPT) {
762 camellia_setkey_dec(&ctx, key, 128 + u * 64);
763 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
764 memcpy(dst, camellia_test_ecb_plain[i], 16);
765 } else { /* CAMELLIA_ENCRYPT */
766 camellia_setkey_enc(&ctx, key, 128 + u * 64);
767 memcpy(src, camellia_test_ecb_plain[i], 16);
768 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
769 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]770
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]771 camellia_crypt_ecb(&ctx, v, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]772
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]773 if( memcmp( buf, dst, 16 ) != 0 )
774 {
775 if( verbose != 0 )
776 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]777
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]778 return( 1 );
779 }
780 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]781
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]782 if( verbose != 0 )
783 printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]784 }
785
786 if( verbose != 0 )
787 printf( "\n" );
788
789 /*
790 * CBC mode
791 */
792 for( j = 0; j < 6; j++ )
793 {
794 u = j >> 1;
795 v = j & 1;
796
797 if( verbose != 0 )
798 printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
799 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
800
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]801 memcpy( src, camellia_test_cbc_iv, 16);
802 memcpy( dst, camellia_test_cbc_iv, 16);
803 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]804
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]805 if (v == CAMELLIA_DECRYPT) {
806 camellia_setkey_dec(&ctx, key, 128 + u * 64);
807 } else {
808 camellia_setkey_enc(&ctx, key, 128 + u * 64);
809 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]810
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]811 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]812
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]813 if (v == CAMELLIA_DECRYPT) {
814 memcpy( iv , src, 16 );
815 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
816 memcpy(dst, camellia_test_cbc_plain[i], 16);
817 } else { /* CAMELLIA_ENCRYPT */
818 memcpy( iv , dst, 16 );
819 memcpy(src, camellia_test_cbc_plain[i], 16);
820 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
821 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]822
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]823 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]824
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]825 if( memcmp( buf, dst, 16 ) != 0 )
826 {
827 if( verbose != 0 )
828 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]829
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]830 return( 1 );
831 }
832 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]833
834 if( verbose != 0 )
835 printf( "passed\n" );
836 }
837
838 if( verbose != 0 )
839 printf( "\n" );
840
841 return ( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]842}
843
844#endif
845
846#endif