TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2b222c830b74ddbc98e6cb26dfc28dc8f3f2501a / . / library / camellia.c
blob: e10ab58187c7175d04ef548d17d9407d83490e58 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Paul Bakker785a9ee2009-01-25 14:15:10 +0000[diff] [blame]4 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]21 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
22 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]23 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]24 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]25 */
26
27#include "polarssl/config.h"
28
29#if defined(POLARSSL_CAMELLIA_C)
30
31#include "polarssl/camellia.h"
32
33#include <string.h>
34
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]35/*
36 * 32-bit integer manipulation macros (big endian)
37 */
38#ifndef GET_ULONG_BE
39#define GET_ULONG_BE(n,b,i) \
40{ \
41 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]42 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
43 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
44 | ( (unsigned long) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]45}
46#endif
47
48#ifndef PUT_ULONG_BE
49#define PUT_ULONG_BE(n,b,i) \
50{ \
51 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
52 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
53 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
54 (b)[(i) + 3] = (unsigned char) ( (n) ); \
55}
56#endif
57
58static const unsigned char SIGMA_CHARS[6][8] =
59{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]60 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
61 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
62 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
63 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
64 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
65 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]66};
67
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]68#ifdef POLARSSL_CAMELLIA_SMALL_MEMORY
69
70static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]71{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]72 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
73 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
74 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
75 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
76 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
77 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
78 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
79 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
80 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
81 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
82 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
83 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
84 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
85 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
86 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
87 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]88};
89
90#define SBOX1(n) FSb[(n)]
91#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
92#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]93#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
94
95#else
96
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]97static const unsigned char FSb[256] =
98{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]99 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
100 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
101 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
102 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
103 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
104 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
105 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
106 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
107 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
108 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
109 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
110 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
111 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
112 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
113 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
114 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]115};
116
117static const unsigned char FSb2[256] =
118{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]119 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
120 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
121 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
122 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
123 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
124 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
125 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
126 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
127 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
128 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
129 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
130 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
131 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
132 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
133 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
134 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]135};
136
137static const unsigned char FSb3[256] =
138{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]139 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
140 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
141 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
142 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
143 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
144 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
145 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
146 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
147 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
148 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
149 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
150 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
151 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
152 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
153 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
154 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]155};
156
157static const unsigned char FSb4[256] =
158{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]159 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
160 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
161 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
162 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
163 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
164 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
165 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
166 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
167 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
168 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
169 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
170 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
171 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
172 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
173 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
174 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]175};
176
177#define SBOX1(n) FSb[(n)]
178#define SBOX2(n) FSb2[(n)]
179#define SBOX3(n) FSb3[(n)]
180#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]181
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]182#endif
183
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]184static const unsigned char shifts[2][4][4] =
185{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]186 {
187 { 1, 1, 1, 1 }, /* KL */
188 { 0, 0, 0, 0 }, /* KR */
189 { 1, 1, 1, 1 }, /* KA */
190 { 0, 0, 0, 0 } /* KB */
191 },
192 {
193 { 1, 0, 1, 1 }, /* KL */
194 { 1, 1, 0, 1 }, /* KR */
195 { 1, 1, 1, 0 }, /* KA */
196 { 1, 1, 0, 1 } /* KB */
197 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]198};
199
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]200static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]201{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]202 {
203 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
204 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
205 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
206 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
207 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
208 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
209 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
210 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
211 },
212 {
213 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
214 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
215 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
216 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
217 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
218 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
219 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
220 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
221 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]222};
223
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]224static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]225{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]226 {
227 21, 22, 23, 20,
228 -1, -1, -1, -1,
229 18, 19, 16, 17,
230 11, 8, 9, 10,
231 15, 12, 13, 14
232 },
233 {
234 25, 26, 27, 24,
235 29, 30, 31, 28,
236 18, 19, 16, 17,
237 -1, -1, -1, -1,
238 -1, -1, -1, -1
239 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]240};
241
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]242/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]243#define ROTL(DEST, SRC, SHIFT) \
244{ \
245 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
246 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
247 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
248 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]249}
250
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]251#define FL(XL, XR, KL, KR) \
252{ \
253 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
254 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]255}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]256
257#define FLInv(YL, YR, KL, KR) \
258{ \
259 (YL) = ((YR) | (KR)) ^ (YL); \
260 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]261}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]262
263#define SHIFT_AND_PLACE(INDEX, OFFSET) \
264{ \
265 TK[0] = KC[(OFFSET) * 4 + 0]; \
266 TK[1] = KC[(OFFSET) * 4 + 1]; \
267 TK[2] = KC[(OFFSET) * 4 + 2]; \
268 TK[3] = KC[(OFFSET) * 4 + 3]; \
269 \
270 for ( i = 1; i <= 4; i++ ) \
271 if (shifts[(INDEX)][(OFFSET)][i -1]) \
272 ROTL(TK + i * 4, TK, (15 * i) % 32); \
273 \
274 for ( i = 0; i < 20; i++ ) \
275 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
276 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
277 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]278}
279
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]280static void camellia_feistel(uint32_t x[2], uint32_t k[2], uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]281{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]282 uint32_t I0, I1;
283 I0 = x[0] ^ k[0];
284 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]285
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]286 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
287 (SBOX2((I0 >> 16) & 0xFF) << 16) |
288 (SBOX3((I0 >> 8) & 0xFF) << 8) |
289 (SBOX4((I0 ) & 0xFF) );
290 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
291 (SBOX3((I1 >> 16) & 0xFF) << 16) |
292 (SBOX4((I1 >> 8) & 0xFF) << 8) |
293 (SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]294
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]295 I0 ^= (I1 << 8) | (I1 >> 24);
296 I1 ^= (I0 << 16) | (I0 >> 16);
297 I0 ^= (I1 >> 8) | (I1 << 24);
298 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]299
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]300 z[0] ^= I1;
301 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]302}
303
304/*
305 * Camellia key schedule (encryption)
306 */
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]307int camellia_setkey_enc( camellia_context *ctx, unsigned char *key, int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]308{
309 int i, idx;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]310 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]311 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]312 uint32_t SIGMA[6][2];
313 uint32_t KC[16];
314 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]315
316 RK = ctx->rk;
317
318 memset(t, 0, 64);
319 memset(RK, 0, sizeof(ctx->rk));
320
321 switch( keysize )
322 {
323 case 128: ctx->nr = 3; idx = 0; break;
324 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]325 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]326 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]327 }
328
329 for( i = 0; i < keysize / 8; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]330 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]331
332 if (keysize == 192) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]333 for (i = 0; i < 8; i++)
334 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]335 }
336
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]337 /*
338 * Prepare SIGMA values
339 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]340 for (i = 0; i < 6; i++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]341 GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
342 GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]343 }
344
345 /*
346 * Key storage in KC
347 * Order: KL, KR, KA, KB
348 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]349 memset(KC, 0, sizeof(KC));
350
351 /* Store KL, KR */
352 for (i = 0; i < 8; i++)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]353 GET_ULONG_BE(KC[i], t, i * 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]354
355 /* Generate KA */
356 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]357 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]358
359 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
360 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
361
362 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]363 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]364
365 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
366 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
367
368 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]369 /* Generate KB */
370 for( i = 0; i < 4; ++i)
371 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]372
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]373 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
374 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]375 }
376
377 /*
378 * Generating subkeys
379 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]380
381 /* Manipulating KL */
382 SHIFT_AND_PLACE(idx, 0);
383
384 /* Manipulating KR */
385 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]386 SHIFT_AND_PLACE(idx, 1);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]387 }
388
389 /* Manipulating KA */
390 SHIFT_AND_PLACE(idx, 2);
391
392 /* Manipulating KB */
393 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]394 SHIFT_AND_PLACE(idx, 3);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]395 }
396
397 /* Do transpositions */
398 for ( i = 0; i < 20; i++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]399 if (transposes[idx][i] != -1) {
400 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
401 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]402 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]403
404 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]405}
406
407/*
408 * Camellia key schedule (decryption)
409 */
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]410int camellia_setkey_dec( camellia_context *ctx, unsigned char *key, int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]411{
412 int i, idx;
413 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]414 uint32_t *RK;
415 uint32_t *SK;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]416 int ret;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]417
418 switch( keysize )
419 {
420 case 128: ctx->nr = 3; idx = 0; break;
421 case 192:
422 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]423 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]424 }
425
426 RK = ctx->rk;
427
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]428 ret = camellia_setkey_enc(&cty, key, keysize);
429 if( ret != 0 )
430 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]431
432 SK = cty.rk + 24 * 2 + 8 * idx * 2;
433
434 *RK++ = *SK++;
435 *RK++ = *SK++;
436 *RK++ = *SK++;
437 *RK++ = *SK++;
438
439 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
440 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]441 *RK++ = *SK++;
442 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]443 }
444
445 SK -= 2;
446
447 *RK++ = *SK++;
448 *RK++ = *SK++;
449 *RK++ = *SK++;
450 *RK++ = *SK++;
451
452 memset( &cty, 0, sizeof( camellia_context ) );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame^]453
454 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]455}
456
457/*
458 * Camellia-ECB block encryption/decryption
459 */
460void camellia_crypt_ecb( camellia_context *ctx,
461 int mode,
462 unsigned char input[16],
463 unsigned char output[16] )
464{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]465 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]466 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]467
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]468 ( (void) mode );
469
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]470 NR = ctx->nr;
471 RK = ctx->rk;
472
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]473 GET_ULONG_BE( X[0], input, 0 );
474 GET_ULONG_BE( X[1], input, 4 );
475 GET_ULONG_BE( X[2], input, 8 );
476 GET_ULONG_BE( X[3], input, 12 );
477
478 X[0] ^= *RK++;
479 X[1] ^= *RK++;
480 X[2] ^= *RK++;
481 X[3] ^= *RK++;
482
483 while (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]484 --NR;
485 camellia_feistel(X, RK, X + 2);
486 RK += 2;
487 camellia_feistel(X + 2, RK, X);
488 RK += 2;
489 camellia_feistel(X, RK, X + 2);
490 RK += 2;
491 camellia_feistel(X + 2, RK, X);
492 RK += 2;
493 camellia_feistel(X, RK, X + 2);
494 RK += 2;
495 camellia_feistel(X + 2, RK, X);
496 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]497
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]498 if (NR) {
499 FL(X[0], X[1], RK[0], RK[1]);
500 RK += 2;
501 FLInv(X[2], X[3], RK[0], RK[1]);
502 RK += 2;
503 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]504 }
505
506 X[2] ^= *RK++;
507 X[3] ^= *RK++;
508 X[0] ^= *RK++;
509 X[1] ^= *RK++;
510
511 PUT_ULONG_BE( X[2], output, 0 );
512 PUT_ULONG_BE( X[3], output, 4 );
513 PUT_ULONG_BE( X[0], output, 8 );
514 PUT_ULONG_BE( X[1], output, 12 );
515}
516
517/*
518 * Camellia-CBC buffer encryption/decryption
519 */
520void camellia_crypt_cbc( camellia_context *ctx,
521 int mode,
522 int length,
523 unsigned char iv[16],
524 unsigned char *input,
525 unsigned char *output )
526{
527 int i;
528 unsigned char temp[16];
529
530 if( mode == CAMELLIA_DECRYPT )
531 {
532 while( length > 0 )
533 {
534 memcpy( temp, input, 16 );
535 camellia_crypt_ecb( ctx, mode, input, output );
536
537 for( i = 0; i < 16; i++ )
538 output[i] = (unsigned char)( output[i] ^ iv[i] );
539
540 memcpy( iv, temp, 16 );
541
542 input += 16;
543 output += 16;
544 length -= 16;
545 }
546 }
547 else
548 {
549 while( length > 0 )
550 {
551 for( i = 0; i < 16; i++ )
552 output[i] = (unsigned char)( input[i] ^ iv[i] );
553
554 camellia_crypt_ecb( ctx, mode, output, output );
555 memcpy( iv, output, 16 );
556
557 input += 16;
558 output += 16;
559 length -= 16;
560 }
561 }
562}
563
564/*
565 * Camellia-CFB128 buffer encryption/decryption
566 */
567void camellia_crypt_cfb128( camellia_context *ctx,
568 int mode,
569 int length,
570 int *iv_off,
571 unsigned char iv[16],
572 unsigned char *input,
573 unsigned char *output )
574{
575 int c, n = *iv_off;
576
577 if( mode == CAMELLIA_DECRYPT )
578 {
579 while( length-- )
580 {
581 if( n == 0 )
582 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
583
584 c = *input++;
585 *output++ = (unsigned char)( c ^ iv[n] );
586 iv[n] = (unsigned char) c;
587
588 n = (n + 1) & 0x0F;
589 }
590 }
591 else
592 {
593 while( length-- )
594 {
595 if( n == 0 )
596 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
597
598 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
599
600 n = (n + 1) & 0x0F;
601 }
602 }
603
604 *iv_off = n;
605}
606
607#if defined(POLARSSL_SELF_TEST)
608
609#include <stdio.h>
610
611/*
612 * Camellia test vectors from:
613 *
614 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
615 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
616 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]617 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]618 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]619#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]620
621static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
622{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]623 {
624 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
625 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
626 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
628 },
629 {
630 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
631 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
632 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
633 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
634 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
636 },
637 {
638 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
639 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
640 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
641 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
642 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
643 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
644 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
645 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
646 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]647};
648
649static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
650{
651 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
652 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
653 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
654 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
655};
656
657static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
658{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]659 {
660 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
661 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
662 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
663 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
664 },
665 {
666 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
667 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
668 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
669 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
670 },
671 {
672 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
673 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
674 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
675 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
676 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]677};
678
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]679#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]680
681static const unsigned char camellia_test_cbc_key[3][32] =
682{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]683 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
684 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
685 ,
686 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
687 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
688 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
689 ,
690 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
691 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
692 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
693 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]694};
695
696static const unsigned char camellia_test_cbc_iv[16] =
697
698 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
699 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
700;
701
702static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
703{
704 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
705 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
706 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
707 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
708 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
709 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
710
711};
712
713static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
714{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]715 {
716 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
717 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
718 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
719 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
720 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
721 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
722 },
723 {
724 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
725 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
726 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
727 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
728 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
729 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
730 },
731 {
732 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
733 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
734 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
735 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
736 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
737 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
738 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]739};
740
741
742/*
743 * Checkup routine
744 */
745int camellia_self_test( int verbose )
746{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]747 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]748 unsigned char key[32];
749 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]750 unsigned char src[16];
751 unsigned char dst[16];
752 unsigned char iv[16];
753 camellia_context ctx;
754
755 memset( key, 0, 32 );
756
757 for (j = 0; j < 6; j++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]758 u = j >> 1;
759 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]760
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]761 if( verbose != 0 )
762 printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
763 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]764
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]765 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
766 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]767
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]768 if (v == CAMELLIA_DECRYPT) {
769 camellia_setkey_dec(&ctx, key, 128 + u * 64);
770 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
771 memcpy(dst, camellia_test_ecb_plain[i], 16);
772 } else { /* CAMELLIA_ENCRYPT */
773 camellia_setkey_enc(&ctx, key, 128 + u * 64);
774 memcpy(src, camellia_test_ecb_plain[i], 16);
775 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
776 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]777
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]778 camellia_crypt_ecb(&ctx, v, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]779
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]780 if( memcmp( buf, dst, 16 ) != 0 )
781 {
782 if( verbose != 0 )
783 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]784
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]785 return( 1 );
786 }
787 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]788
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]789 if( verbose != 0 )
790 printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]791 }
792
793 if( verbose != 0 )
794 printf( "\n" );
795
796 /*
797 * CBC mode
798 */
799 for( j = 0; j < 6; j++ )
800 {
801 u = j >> 1;
802 v = j & 1;
803
804 if( verbose != 0 )
805 printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
806 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
807
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]808 memcpy( src, camellia_test_cbc_iv, 16);
809 memcpy( dst, camellia_test_cbc_iv, 16);
810 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]811
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]812 if (v == CAMELLIA_DECRYPT) {
813 camellia_setkey_dec(&ctx, key, 128 + u * 64);
814 } else {
815 camellia_setkey_enc(&ctx, key, 128 + u * 64);
816 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]817
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]818 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]819
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]820 if (v == CAMELLIA_DECRYPT) {
821 memcpy( iv , src, 16 );
822 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
823 memcpy(dst, camellia_test_cbc_plain[i], 16);
824 } else { /* CAMELLIA_ENCRYPT */
825 memcpy( iv , dst, 16 );
826 memcpy(src, camellia_test_cbc_plain[i], 16);
827 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
828 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]829
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]830 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]831
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]832 if( memcmp( buf, dst, 16 ) != 0 )
833 {
834 if( verbose != 0 )
835 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]836
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]837 return( 1 );
838 }
839 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]840
841 if( verbose != 0 )
842 printf( "passed\n" );
843 }
844
845 if( verbose != 0 )
846 printf( "\n" );
847
848 return ( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]849}
850
851#endif
852
853#endif