Blame - library/camellia.c - mirror/mbed-tls - TrustedFirmware Git Browser

2009-01-10 23:31:23 +0000

[diff] [blame]

1

/*

2

* Camellia implementation

3

*

Bence Szépkúti

1e14827

2020-08-07 13:07:28 +0200

[diff] [blame]

4

* Copyright The Mbed TLS Contributors

Dave Rodgman

16799db

2023-11-02 19:47:20 +0000

[diff] [blame^]

5

* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

6

*/

7

/*

Paul Bakker

b5ef0ba

2009-01-11 20:25:36 +0000

[diff] [blame]

8

* The Camellia block cipher was designed by NTT and Mitsubishi Electric

9

* Corporation.

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

10

*

Paul Bakker

b5ef0ba

2009-01-11 20:25:36 +0000

[diff] [blame]

11

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

12

*/

13

Gilles Peskine

db09ef6

2020-06-03 01:43:33 +0200

[diff] [blame]

14

#include "common.h"

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

15

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

16

#if defined(MBEDTLS_CAMELLIA_C)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

17

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

18

#include "mbedtls/camellia.h"

Andres Amaya Garcia

1f6301b

2018-04-17 09:51:09 -0500

[diff] [blame]

19

#include "mbedtls/platform_util.h"

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

20

Rich Evans

00ab470

2015-02-06 13:43:58 +0000

[diff] [blame]

21

#include <string.h>

Manuel Pégourié-Gonnard

394608e

2015-02-17 16:01:07 +0100

[diff] [blame]

22

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

23

#include "mbedtls/platform.h"

Paul Bakker

7dc4c44

2014-02-01 22:50:26 +0100

[diff] [blame]

24

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

25

#if !defined(MBEDTLS_CAMELLIA_ALT)

Paul Bakker

90995b5

2013-06-24 19:20:35 +0200

[diff] [blame]

26

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

27

static const unsigned char SIGMA_CHARS[6][8] =

28

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

29

{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },

30

{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },

31

{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },

32

{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },

33

{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },

34

{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

35

};

36

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

37

#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

38

39

static const unsigned char FSb[256] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

40

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

41

112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,

42

35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,

43

134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,

44

166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,

45

139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,

46

223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,

47

20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,

48

254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,

49

170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,

50

16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,

51

135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,

52

82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,

53

233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,

54

120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,

55

114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,

56

64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

57

};

58

59

#define SBOX1(n) FSb[(n)]

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

60

#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)

61

#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

62

#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]

63

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

64

#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

65

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

66

static const unsigned char FSb[256] =

67

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

68

112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,

69

35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,

70

134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,

71

166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,

72

139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,

73

223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,

74

20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,

75

254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,

76

170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,

77

16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,

78

135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,

79

82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,

80

233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,

81

120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,

82

114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,

83

64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

84

};

85

86

static const unsigned char FSb2[256] =

87

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

88

224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,

89

70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,

90

13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,

91

77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,

92

23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,

93

191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,

94

40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,

95

253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,

96

85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,

97

32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,

98

15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,

99

164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,

100

211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,

101

240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,

102

228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,

103

128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

104

};

105

106

static const unsigned char FSb3[256] =

107

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

108

56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,

109

145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,

110

67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,

111

83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,

112

197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,

113

239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,

114

10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,

115

127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,

116

85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,

117

8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,

118

195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,

119

41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,

120

244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,

121

60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,

122

57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,

123

32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

124

};

125

126

static const unsigned char FSb4[256] =

127

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

128

112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,

129

134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,

130

139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,

131

20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,

132

170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,

133

135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,

134

233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,

135

114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,

136

130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,

137

184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,

138

13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,

139

88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,

140

208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,

141

92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,

142

121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,

143

7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

144

};

145

146

#define SBOX1(n) FSb[(n)]

147

#define SBOX2(n) FSb2[(n)]

148

#define SBOX3(n) FSb3[(n)]

149

#define SBOX4(n) FSb4[(n)]

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

150

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

151

#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

152

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

153

static const unsigned char shifts[2][4][4] =

154

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

155

{

156

{ 1, 1, 1, 1 }, /* KL */

157

{ 0, 0, 0, 0 }, /* KR */

158

{ 1, 1, 1, 1 }, /* KA */

159

{ 0, 0, 0, 0 } /* KB */

160

},

161

{

162

{ 1, 0, 1, 1 }, /* KL */

163

{ 1, 1, 0, 1 }, /* KR */

164

{ 1, 1, 1, 0 }, /* KA */

165

{ 1, 1, 0, 1 } /* KB */

166

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

167

};

168

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

169

static const signed char indexes[2][4][20] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

170

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

171

{

172

{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

173

36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

174

{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

175

-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */

176

{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

177

18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

178

{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

179

-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */

180

},

181

{

182

{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

183

-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

184

{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,

185

18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */

186

{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,

187

56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */

188

{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

189

22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

190

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

191

};

192

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

193

static const signed char transposes[2][20] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

194

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

{

21, 22, 23, 20,

-1, -1, -1, -1,

18, 19, 16, 17,

11, 8, 9, 10,

15, 12, 13, 14

},

{

25, 26, 27, 24,

29, 30, 31, 28,

18, 19, 16, 17,

-1, -1, -1, -1,

-1, -1, -1, -1

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

209

};

210

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

211

/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

212

#define ROTL(DEST, SRC, SHIFT) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

213

{ \

214

(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \

215

(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \

216

(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \

217

(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \

218

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

219

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

220

#define FL(XL, XR, KL, KR) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

221

{ \

222

(XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR); \

223

(XL) = ((XR) | (KR)) ^ (XL); \

224

}

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

225

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

226

#define FLInv(YL, YR, KL, KR) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

227

{ \

228

(YL) = ((YR) | (KR)) ^ (YL); \

229

(YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR); \

230

}

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

231

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

232

#define SHIFT_AND_PLACE(INDEX, OFFSET) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

233

{ \

234

TK[0] = KC[(OFFSET) * 4 + 0]; \

235

TK[1] = KC[(OFFSET) * 4 + 1]; \

236

TK[2] = KC[(OFFSET) * 4 + 2]; \

237

TK[3] = KC[(OFFSET) * 4 + 3]; \

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

238

\

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

239

for (i = 1; i <= 4; i++) \

240

if (shifts[(INDEX)][(OFFSET)][i -1]) \

241

ROTL(TK + i * 4, TK, (15 * i) % 32); \

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

242

\

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

243

for (i = 0; i < 20; i++) \

244

if (indexes[(INDEX)][(OFFSET)][i] != -1) { \

245

RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \

Paul Bakker

66d5d07

2014-06-17 16:39:18 +0200

[diff] [blame]

246

} \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

247

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

248

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

249

static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],

250

uint32_t z[2])

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

251

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

252

uint32_t I0, I1;

253

I0 = x[0] ^ k[0];

254

I1 = x[1] ^ k[1];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

255

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

256

I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) |

257

((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) |

258

((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) |

259

((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));

260

I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) |

261

((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) |

262

((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) |

263

((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

264

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

265

I0 ^= (I1 << 8) | (I1 >> 24);

266

I1 ^= (I0 << 16) | (I0 >> 16);

267

I0 ^= (I1 >> 8) | (I1 << 24);

268

I1 ^= (I0 >> 8) | (I0 << 24);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

269

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

270

z[0] ^= I1;

271

z[1] ^= I0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

272

}

273

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

274

void mbedtls_camellia_init(mbedtls_camellia_context *ctx)

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

275

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

276

memset(ctx, 0, sizeof(mbedtls_camellia_context));

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

277

}

278

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

279

void mbedtls_camellia_free(mbedtls_camellia_context *ctx)

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

280

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

281

if (ctx == NULL) {

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

282

return;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

283

}

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

284

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

285

mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

286

}

287

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

288

/*

289

* Camellia key schedule (encryption)

290

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

291

int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,

292

const unsigned char *key,

293

unsigned int keybits)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

294

{

Paul Bakker

23986e5

2011-04-24 08:57:21 +0000

[diff] [blame]

295

int idx;

296

size_t i;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

297

uint32_t *RK;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

298

unsigned char t[64];

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

299

uint32_t SIGMA[6][2];

300

uint32_t KC[16];

301

uint32_t TK[20];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

RK = ctx->rk;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

305

memset(t, 0, 64);

306

memset(RK, 0, sizeof(ctx->rk));

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

307

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

308

switch (keybits) {

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

309

case 128: ctx->nr = 3; idx = 0; break;

310

case 192:

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

311

case 256: ctx->nr = 4; idx = 1; break;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

312

default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

313

}

314

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

315

for (i = 0; i < keybits / 8; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

316

t[i] = key[i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

317

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

318

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

319

if (keybits == 192) {

320

for (i = 0; i < 8; i++) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

321

t[24 + i] = ~t[16 + i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

322

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

323

}

324

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

325

/*

326

* Prepare SIGMA values

327

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

328

for (i = 0; i < 6; i++) {

329

SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);

330

SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Key storage in KC

* Order: KL, KR, KA, KB

336

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

337

memset(KC, 0, sizeof(KC));

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

338

339

/* Store KL, KR */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

340

for (i = 0; i < 8; i++) {

341

KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);

342

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

343

344

/* Generate KA */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

345

for (i = 0; i < 4; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

346

KC[8 + i] = KC[i] ^ KC[4 + i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

347

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

348

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

349

camellia_feistel(KC + 8, SIGMA[0], KC + 10);

350

camellia_feistel(KC + 10, SIGMA[1], KC + 8);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

351

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

352

for (i = 0; i < 4; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

353

KC[8 + i] ^= KC[i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

354

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

355

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

356

camellia_feistel(KC + 8, SIGMA[2], KC + 10);

357

camellia_feistel(KC + 10, SIGMA[3], KC + 8);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

358

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

359

if (keybits > 128) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

360

/* Generate KB */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

361

for (i = 0; i < 4; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

362

KC[12 + i] = KC[4 + i] ^ KC[8 + i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

363

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

364

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

365

camellia_feistel(KC + 12, SIGMA[4], KC + 14);

366

camellia_feistel(KC + 14, SIGMA[5], KC + 12);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Generating subkeys

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

371

*/

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

372

373

/* Manipulating KL */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

374

SHIFT_AND_PLACE(idx, 0);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

375

376

/* Manipulating KR */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

377

if (keybits > 128) {

378

SHIFT_AND_PLACE(idx, 1);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

379

}

380

381

/* Manipulating KA */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

382

SHIFT_AND_PLACE(idx, 2);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

383

384

/* Manipulating KB */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

385

if (keybits > 128) {

386

SHIFT_AND_PLACE(idx, 3);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

387

}

388

389

/* Do transpositions */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

390

for (i = 0; i < 20; i++) {

391

if (transposes[idx][i] != -1) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

392

RK[32 + 12 * idx + i] = RK[transposes[idx][i]];

393

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

394

}

Paul Bakker

2b222c8

2009-07-27 21:03:45 +0000

[diff] [blame]

395

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

396

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Camellia key schedule (decryption)

401

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

402

int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,

403

const unsigned char *key,

404

unsigned int keybits)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

405

{

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

406

int idx, ret;

Paul Bakker

23986e5

2011-04-24 08:57:21 +0000

[diff] [blame]

407

size_t i;

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

408

mbedtls_camellia_context cty;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

409

uint32_t *RK;

410

uint32_t *SK;

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

411

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

412

mbedtls_camellia_init(&cty);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

413

Manuel Pégourié-Gonnard

b8186a5

2015-06-18 14:58:58 +0200

[diff] [blame]

414

/* Also checks keybits */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

415

if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

416

goto exit;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

417

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

418

Manuel Pégourié-Gonnard

3ac6a2b

2014-05-28 22:04:25 +0200

[diff] [blame]

419

ctx->nr = cty.nr;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

420

idx = (ctx->nr == 4);

Manuel Pégourié-Gonnard

3ac6a2b

2014-05-28 22:04:25 +0200

[diff] [blame]

421

422

RK = ctx->rk;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

423

SK = cty.rk + 24 * 2 + 8 * idx * 2;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

430

for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

431

*RK++ = *SK++;

432

*RK++ = *SK++;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

SK -= 2;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

442

exit:

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

443

mbedtls_camellia_free(&cty);

Paul Bakker

2b222c8

2009-07-27 21:03:45 +0000

[diff] [blame]

444

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

445

return ret;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Camellia-ECB block encryption/decryption

450

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

451

int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,

452

int mode,

453

const unsigned char input[16],

454

unsigned char output[16])

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

455

{

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

456

int NR;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

457

uint32_t *RK, X[4];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

458

if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {

Tuvshinzaya Erdenekhuu

1fd7f98

2022-08-05 15:31:57 +0100

[diff] [blame]

459

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

460

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

461

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

462

((void) mode);

Paul Bakker

c2547b0

2009-07-20 20:40:52 +0000

[diff] [blame]

463

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

NR = ctx->nr;

RK = ctx->rk;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

467

X[0] = MBEDTLS_GET_UINT32_BE(input, 0);

468

X[1] = MBEDTLS_GET_UINT32_BE(input, 4);

469

X[2] = MBEDTLS_GET_UINT32_BE(input, 8);

470

X[3] = MBEDTLS_GET_UINT32_BE(input, 12);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

X[0] ^= *RK++;

X[1] ^= *RK++;

X[2] ^= *RK++;

X[3] ^= *RK++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

477

while (NR) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

478

--NR;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

479

camellia_feistel(X, RK, X + 2);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

480

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

481

camellia_feistel(X + 2, RK, X);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

482

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

483

camellia_feistel(X, RK, X + 2);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

484

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

485

camellia_feistel(X + 2, RK, X);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

486

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

487

camellia_feistel(X, RK, X + 2);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

488

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

489

camellia_feistel(X + 2, RK, X);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

490

RK += 2;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

491

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

492

if (NR) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

493

FL(X[0], X[1], RK[0], RK[1]);

494

RK += 2;

495

FLInv(X[2], X[3], RK[0], RK[1]);

496

RK += 2;

497

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

X[2] ^= *RK++;

X[3] ^= *RK++;

X[0] ^= *RK++;

X[1] ^= *RK++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

505

MBEDTLS_PUT_UINT32_BE(X[2], output, 0);

506

MBEDTLS_PUT_UINT32_BE(X[3], output, 4);

507

MBEDTLS_PUT_UINT32_BE(X[0], output, 8);

508

MBEDTLS_PUT_UINT32_BE(X[1], output, 12);

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

509

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

510

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

511

}

512

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

513

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

514

/*

515

* Camellia-CBC buffer encryption/decryption

516

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

517

int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,

518

int mode,

519

size_t length,

520

unsigned char iv[16],

521

const unsigned char *input,

522

unsigned char *output)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

523

{

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

524

unsigned char temp[16];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

525

if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {

Tuvshinzaya Erdenekhuu

1fd7f98

2022-08-05 15:31:57 +0100

[diff] [blame]

526

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

527

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

528

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

529

if (length % 16) {

530

return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;

531

}

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

532

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

533

if (mode == MBEDTLS_CAMELLIA_DECRYPT) {

534

while (length > 0) {

535

memcpy(temp, input, 16);

536

mbedtls_camellia_crypt_ecb(ctx, mode, input, output);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

537

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

538

mbedtls_xor(output, output, iv, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

539

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

540

memcpy(iv, temp, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

input += 16;

output += 16;

length -= 16;

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

546

} else {

547

while (length > 0) {

548

mbedtls_xor(output, input, iv, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

549

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

550

mbedtls_camellia_crypt_ecb(ctx, mode, output, output);

551

memcpy(iv, output, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

input += 16;

output += 16;

length -= 16;

}

}

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

558

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

559

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

560

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

561

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

562

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

563

#if defined(MBEDTLS_CIPHER_MODE_CFB)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

564

/*

565

* Camellia-CFB128 buffer encryption/decryption

566

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

567

int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,

int mode,

size_t length,

size_t *iv_off,

unsigned char iv[16],

572

const unsigned char *input,

573

unsigned char *output)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

574

{

Paul Bakker

1ef71df

2011-06-09 14:14:58 +0000

[diff] [blame]

575

int c;

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

576

size_t n;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

577

if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {

Tuvshinzaya Erdenekhuu

1fd7f98

2022-08-05 15:31:57 +0100

[diff] [blame]

578

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

579

}

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

580

581

n = *iv_off;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

582

if (n >= 16) {

583

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

584

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

585

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

586

if (mode == MBEDTLS_CAMELLIA_DECRYPT) {

587

while (length--) {

588

if (n == 0) {

589

mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);

590

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

591

592

c = *input++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

593

*output++ = (unsigned char) (c ^ iv[n]);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

594

iv[n] = (unsigned char) c;

595

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

596

n = (n + 1) & 0x0F;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

597

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

} else {

while (length--) {

if (n == 0) {

mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);

602

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

603

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

604

iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

605

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

606

n = (n + 1) & 0x0F;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

}

*iv_off = n;

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

611

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

612

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

613

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

614

#endif /* MBEDTLS_CIPHER_MODE_CFB */

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

615

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

616

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

617

/*

618

* Camellia-CTR buffer encryption/decryption

619

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

620

int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,

621

size_t length,

622

size_t *nc_off,

623

unsigned char nonce_counter[16],

624

unsigned char stream_block[16],

625

const unsigned char *input,

626

unsigned char *output)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

627

{

Paul Bakker

369e14b

2012-04-18 14:16:09 +0000

[diff] [blame]

628

int c, i;

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

629

size_t n;

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

630

631

n = *nc_off;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

632

if (n >= 16) {

633

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

634

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

635

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

636

while (length--) {

637

if (n == 0) {

638

mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,

639

stream_block);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

640

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

641

for (i = 16; i > 0; i--) {

642

if (++nonce_counter[i - 1] != 0) {

Paul Bakker

369e14b

2012-04-18 14:16:09 +0000

[diff] [blame]

643

break;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

644

}

645

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

646

}

647

c = *input++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

648

*output++ = (unsigned char) (c ^ stream_block[n]);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

649

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

650

n = (n + 1) & 0x0F;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

}

*nc_off = n;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

655

return 0;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

656

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

657

#endif /* MBEDTLS_CIPHER_MODE_CTR */

658

#endif /* !MBEDTLS_CAMELLIA_ALT */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

659

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

660

#if defined(MBEDTLS_SELF_TEST)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

661

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

662

/*

663

* Camellia test vectors from:

664

*

665

* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:

666

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt

667

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

668

* (For each bitlength: Key 0, Nr 39)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

669

*/

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

670

#define CAMELLIA_TESTS_ECB 2

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

671

672

static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =

673

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

674

{

675

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

676

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

677

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

678

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

679

},

680

{

681

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

682

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,

683

0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

684

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

685

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

686

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

687

},

688

{

689

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

690

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,

691

0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,

692

0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

693

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

694

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

695

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

696

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

697

},

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

698

};

699

700

static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =

701

{

702

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

703

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

704

{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

705

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

706

};

707

708

static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =

709

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

710

{

711

{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,

712

0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },

713

{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,

714

0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }

715

},

716

{

717

{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,

718

0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },

719

{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,

720

0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }

721

},

722

{

723

{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,

724

0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },

725

{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,

726

0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }

727

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

728

};

729

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

730

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

731

#define CAMELLIA_TESTS_CBC 3

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

732

733

static const unsigned char camellia_test_cbc_key[3][32] =

734

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

735

{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,

736

0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

737

,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

738

{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,

739

0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,

740

0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

741

,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

742

{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,

743

0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,

744

0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,

745

0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

746

};

747

748

static const unsigned char camellia_test_cbc_iv[16] =

749

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

750

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

751

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

752

;

753

754

static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =

755

{

756

{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,

757

0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },

758

{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,

759

0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },

760

{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,

761

0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }

};

static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =

766

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

767

{

768

{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,

769

0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },

770

{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,

771

0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },

772

{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,

773

0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }

774

},

775

{

776

{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,

777

0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },

778

{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,

779

0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },

780

{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,

781

0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }

782

},

783

{

784

{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,

785

0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },

786

{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,

787

0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },

788

{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,

789

0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }

790

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

791

};

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

792

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

793

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

794

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

795

/*

796

* Camellia-CTR test vectors from:

797

*

798

* http://www.faqs.org/rfcs/rfc5528.html

799

*/

800

801

static const unsigned char camellia_test_ctr_key[3][16] =

802

{

803

{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,

804

0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },

805

{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,

806

0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },

807

{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,

808

0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }

809

};

810

811

static const unsigned char camellia_test_ctr_nonce_counter[3][16] =

812

{

813

{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,

814

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },

815

{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,

816

0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },

817

{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,

818

0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }

819

};

820

821

static const unsigned char camellia_test_ctr_pt[3][48] =

822

{

823

{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,

824

0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },

825

826

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

827

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,

828

0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

829

0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },

830

831

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

832

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,

833

0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

834

0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,

835

0x20, 0x21, 0x22, 0x23 }

836

};

837

838

static const unsigned char camellia_test_ctr_ct[3][48] =

839

{

840

{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,

841

0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },

842

{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,

843

0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,

844

0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,

845

0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },

846

{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,

847

0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,

848

0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,

849

0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,

850

0xDF, 0x50, 0x86, 0x96 }

851

};

852

853

static const int camellia_test_ctr_len[3] =

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

854

{ 16, 32, 36 };

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

855

#endif /* MBEDTLS_CIPHER_MODE_CTR */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

/*

* Checkup routine

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

860

int mbedtls_camellia_self_test(int verbose)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

861

{

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

862

int i, j, u, v;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

863

unsigned char key[32];

864

unsigned char buf[64];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

865

unsigned char src[16];

866

unsigned char dst[16];

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

867

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

868

unsigned char iv[16];

Manuel Pégourié-Gonnard

92cb1d3

2013-09-13 16:24:20 +0200

[diff] [blame]

869

#endif

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

870

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

1ef71df

2011-06-09 14:14:58 +0000

[diff] [blame]

871

size_t offset, len;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

872

unsigned char nonce_counter[16];

873

unsigned char stream_block[16];

874

#endif

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

875

int ret = 1;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

876

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

877

mbedtls_camellia_context ctx;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

878

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

879

mbedtls_camellia_init(&ctx);

880

memset(key, 0, 32);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

881

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

882

for (j = 0; j < 6; j++) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

883

u = j >> 1;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

884

v = j & 1;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

885

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

886

if (verbose != 0) {

887

mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,

888

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

889

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

890

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

891

for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {

892

memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

893

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

894

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

895

mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);

896

memcpy(src, camellia_test_ecb_cipher[u][i], 16);

897

memcpy(dst, camellia_test_ecb_plain[i], 16);

898

} else { /* MBEDTLS_CAMELLIA_ENCRYPT */

899

mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);

900

memcpy(src, camellia_test_ecb_plain[i], 16);

901

memcpy(dst, camellia_test_ecb_cipher[u][i], 16);

902

}

903

904

mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);

905

906

if (memcmp(buf, dst, 16) != 0) {

907

if (verbose != 0) {

908

mbedtls_printf("failed\n");

}

goto exit;

}

}

if (verbose != 0) {

mbedtls_printf("passed\n");

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

916

}

917

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

918

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

919

if (verbose != 0) {

920

mbedtls_printf("\n");

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

921

}

922

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

923

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

924

/*

925

* CBC mode

926

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

927

for (j = 0; j < 6; j++) {

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

u = j >> 1;

v = j & 1;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

931

if (verbose != 0) {

932

mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,

933

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

934

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

935

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

936

memcpy(src, camellia_test_cbc_iv, 16);

937

memcpy(dst, camellia_test_cbc_iv, 16);

938

memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

939

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

940

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

941

mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);

942

} else {

943

mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);

944

}

945

946

for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {

947

948

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

949

memcpy(iv, src, 16);

950

memcpy(src, camellia_test_cbc_cipher[u][i], 16);

951

memcpy(dst, camellia_test_cbc_plain[i], 16);

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

952

} else { /* MBEDTLS_CAMELLIA_ENCRYPT */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

953

memcpy(iv, dst, 16);

954

memcpy(src, camellia_test_cbc_plain[i], 16);

955

memcpy(dst, camellia_test_cbc_cipher[u][i], 16);

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

956

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

957

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

958

mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

959

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

960

if (memcmp(buf, dst, 16) != 0) {

961

if (verbose != 0) {

962

mbedtls_printf("failed\n");

963

}

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

964

goto exit;

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

965

}

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

966

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

967

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

968

if (verbose != 0) {

969

mbedtls_printf("passed\n");

970

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

971

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

972

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

973

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

974

if (verbose != 0) {

975

mbedtls_printf("\n");

976

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

977

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

978

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

979

/*

980

* CTR mode

981

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

982

for (i = 0; i < 6; i++) {

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

u = i >> 1;

v = i & 1;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

986

if (verbose != 0) {

987

mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",

988

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

989

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

990

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

991

memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);

992

memcpy(key, camellia_test_ctr_key[u], 16);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

993

994

offset = 0;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

995

mbedtls_camellia_setkey_enc(&ctx, key, 128);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

996

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

997

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

998

len = camellia_test_ctr_len[u];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

999

memcpy(buf, camellia_test_ctr_ct[u], len);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1000

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1001

mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,

1002

buf, buf);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1003

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1004

if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {

1005

if (verbose != 0) {

1006

mbedtls_printf("failed\n");

1007

}

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

1008

goto exit;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1009

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1010

} else {

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1011

len = camellia_test_ctr_len[u];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1012

memcpy(buf, camellia_test_ctr_pt[u], len);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1013

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1014

mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,

1015

buf, buf);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1016

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1017

if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {

1018

if (verbose != 0) {

1019

mbedtls_printf("failed\n");

1020

}

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

1021

goto exit;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

}

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1025

if (verbose != 0) {

1026

mbedtls_printf("passed\n");

1027

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1028

}

1029

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1030

if (verbose != 0) {

1031

mbedtls_printf("\n");

1032

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1033

#endif /* MBEDTLS_CIPHER_MODE_CTR */

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1034

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

1035

ret = 0;

1036

1037

exit:

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1038

mbedtls_camellia_free(&ctx);

1039

return ret;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1040

}

1041

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1042

#endif /* MBEDTLS_SELF_TEST */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1043

Manuel Pégourié-Gonnard