blob: 72d902b8e2df5bc1f1d27f2b98053cf8dc34ac22 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +00001/*
2 * Camellia implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +00004 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +00005 *
Manuel Pégourié-Gonnard860b5162015-01-28 17:12:07 +00006 * This file is part of mbed TLS (https://polarssl.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +00007 *
Paul Bakker38119b12009-01-10 23:31:23 +00008 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +000023 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
24 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +000025 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +000026 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +000027 */
28
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020029#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker38119b12009-01-10 23:31:23 +000030#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020031#else
32#include POLARSSL_CONFIG_FILE
33#endif
Paul Bakker38119b12009-01-10 23:31:23 +000034
35#if defined(POLARSSL_CAMELLIA_C)
36
37#include "polarssl/camellia.h"
38
Rich Evans00ab4702015-02-06 13:43:58 +000039#if defined(POLARSSL_SELF_TEST)
40#include <string.h>
Paul Bakker7dc4c442014-02-01 22:50:26 +010041#if defined(POLARSSL_PLATFORM_C)
42#include "polarssl/platform.h"
43#else
Rich Evans00ab4702015-02-06 13:43:58 +000044#include <stdio.h>
Paul Bakker7dc4c442014-02-01 22:50:26 +010045#define polarssl_printf printf
Rich Evans00ab4702015-02-06 13:43:58 +000046#endif /* POLARSSL_PLATFORM_C */
47#endif /* POLARSSL_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +010048
Paul Bakker90995b52013-06-24 19:20:35 +020049#if !defined(POLARSSL_CAMELLIA_ALT)
50
Paul Bakker34617722014-06-13 17:20:13 +020051/* Implementation that should never be optimized out by the compiler */
52static void polarssl_zeroize( void *v, size_t n ) {
53 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
54}
55
Paul Bakker38119b12009-01-10 23:31:23 +000056/*
57 * 32-bit integer manipulation macros (big endian)
58 */
Paul Bakker5c2364c2012-10-01 14:41:15 +000059#ifndef GET_UINT32_BE
60#define GET_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +000061{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +000062 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
63 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
64 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
65 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +000066}
67#endif
68
Paul Bakker5c2364c2012-10-01 14:41:15 +000069#ifndef PUT_UINT32_BE
70#define PUT_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +000071{ \
72 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
73 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
74 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
75 (b)[(i) + 3] = (unsigned char) ( (n) ); \
76}
77#endif
78
79static const unsigned char SIGMA_CHARS[6][8] =
80{
Paul Bakkerc81f6c32009-05-03 13:09:15 +000081 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
82 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
83 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
84 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
85 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
86 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +000087};
88
Paul Bakker33008ee2011-11-18 12:58:25 +000089#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +000090
91static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +000092{
Paul Bakkerc81f6c32009-05-03 13:09:15 +000093 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
94 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
95 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
96 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
97 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
98 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
99 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
100 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
101 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
102 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
103 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
104 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
105 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
106 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
107 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
108 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000109};
110
111#define SBOX1(n) FSb[(n)]
112#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
113#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000114#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
115
Paul Bakker9af723c2014-05-01 13:03:14 +0200116#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000117
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000118static const unsigned char FSb[256] =
119{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200120 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
121 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
122 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
123 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
124 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
125 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
126 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
127 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
128 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
129 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
130 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
131 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
132 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
133 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
134 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
135 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000136};
137
138static const unsigned char FSb2[256] =
139{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200140 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
141 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
142 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
143 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
144 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
145 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
146 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
147 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
148 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
149 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
150 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
151 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
152 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
153 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
154 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
155 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000156};
157
158static const unsigned char FSb3[256] =
159{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200160 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
161 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
162 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
163 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
164 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
165 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
166 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
167 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
168 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
169 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
170 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
171 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
172 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
173 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
174 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
175 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000176};
177
178static const unsigned char FSb4[256] =
179{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200180 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
181 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
182 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
183 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
184 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
185 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
186 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
187 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
188 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
189 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
190 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
191 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
192 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
193 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
194 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
195 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000196};
197
198#define SBOX1(n) FSb[(n)]
199#define SBOX2(n) FSb2[(n)]
200#define SBOX3(n) FSb3[(n)]
201#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000202
Paul Bakker9af723c2014-05-01 13:03:14 +0200203#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000204
Paul Bakker38119b12009-01-10 23:31:23 +0000205static const unsigned char shifts[2][4][4] =
206{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000207 {
208 { 1, 1, 1, 1 }, /* KL */
209 { 0, 0, 0, 0 }, /* KR */
210 { 1, 1, 1, 1 }, /* KA */
211 { 0, 0, 0, 0 } /* KB */
212 },
213 {
214 { 1, 0, 1, 1 }, /* KL */
215 { 1, 1, 0, 1 }, /* KR */
216 { 1, 1, 1, 0 }, /* KA */
217 { 1, 1, 0, 1 } /* KB */
218 }
Paul Bakker38119b12009-01-10 23:31:23 +0000219};
220
Paul Bakker026c03b2009-03-28 17:53:03 +0000221static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000222{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000223 {
224 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
225 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
226 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
227 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
228 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
229 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
230 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
231 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
232 },
233 {
234 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
235 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
236 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
237 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
238 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
239 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
240 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
241 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
242 }
Paul Bakker38119b12009-01-10 23:31:23 +0000243};
244
Paul Bakker026c03b2009-03-28 17:53:03 +0000245static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000246{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000247 {
248 21, 22, 23, 20,
249 -1, -1, -1, -1,
250 18, 19, 16, 17,
251 11, 8, 9, 10,
252 15, 12, 13, 14
253 },
254 {
255 25, 26, 27, 24,
256 29, 30, 31, 28,
257 18, 19, 16, 17,
258 -1, -1, -1, -1,
259 -1, -1, -1, -1
260 }
Paul Bakker38119b12009-01-10 23:31:23 +0000261};
262
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000263/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000264#define ROTL(DEST, SRC, SHIFT) \
265{ \
266 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
267 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
268 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
269 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000270}
271
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000272#define FL(XL, XR, KL, KR) \
273{ \
274 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
275 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000276}
Paul Bakker9af723c2014-05-01 13:03:14 +0200277
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000278#define FLInv(YL, YR, KL, KR) \
279{ \
280 (YL) = ((YR) | (KR)) ^ (YL); \
281 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000282}
Paul Bakker9af723c2014-05-01 13:03:14 +0200283
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000284#define SHIFT_AND_PLACE(INDEX, OFFSET) \
285{ \
286 TK[0] = KC[(OFFSET) * 4 + 0]; \
287 TK[1] = KC[(OFFSET) * 4 + 1]; \
288 TK[2] = KC[(OFFSET) * 4 + 2]; \
289 TK[3] = KC[(OFFSET) * 4 + 3]; \
290 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200291 for( i = 1; i <= 4; i++ ) \
292 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
293 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000294 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200295 for( i = 0; i < 20; i++ ) \
296 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
297 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
298 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000299}
300
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200301static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
302 uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000303{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000304 uint32_t I0, I1;
305 I0 = x[0] ^ k[0];
306 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000307
Manuel Pégourié-Gonnardb31b61b2014-11-10 13:05:43 +0100308 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
309 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
310 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
311 ((uint32_t) SBOX4((I0 ) & 0xFF) );
312 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
313 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
314 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
315 ((uint32_t) SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000316
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000317 I0 ^= (I1 << 8) | (I1 >> 24);
318 I1 ^= (I0 << 16) | (I0 >> 16);
319 I0 ^= (I1 >> 8) | (I1 << 24);
320 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000321
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000322 z[0] ^= I1;
323 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000324}
325
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200326void camellia_init( camellia_context *ctx )
327{
328 memset( ctx, 0, sizeof( camellia_context ) );
329}
330
331void camellia_free( camellia_context *ctx )
332{
333 if( ctx == NULL )
334 return;
335
336 polarssl_zeroize( ctx, sizeof( camellia_context ) );
337}
338
Paul Bakker38119b12009-01-10 23:31:23 +0000339/*
340 * Camellia key schedule (encryption)
341 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200342int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
343 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000344{
Paul Bakker23986e52011-04-24 08:57:21 +0000345 int idx;
346 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000347 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000348 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000349 uint32_t SIGMA[6][2];
350 uint32_t KC[16];
351 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000352
353 RK = ctx->rk;
354
Paul Bakker66d5d072014-06-17 16:39:18 +0200355 memset( t, 0, 64 );
356 memset( RK, 0, sizeof(ctx->rk) );
Paul Bakker38119b12009-01-10 23:31:23 +0000357
358 switch( keysize )
359 {
360 case 128: ctx->nr = 3; idx = 0; break;
361 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000362 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000363 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000364 }
365
Paul Bakker66d5d072014-06-17 16:39:18 +0200366 for( i = 0; i < keysize / 8; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000367 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000368
Paul Bakker66d5d072014-06-17 16:39:18 +0200369 if( keysize == 192 ) {
370 for( i = 0; i < 8; i++ )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000371 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000372 }
373
Paul Bakker38119b12009-01-10 23:31:23 +0000374 /*
375 * Prepare SIGMA values
376 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200377 for( i = 0; i < 6; i++ ) {
378 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
379 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000380 }
381
382 /*
383 * Key storage in KC
384 * Order: KL, KR, KA, KB
385 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200386 memset( KC, 0, sizeof(KC) );
Paul Bakker38119b12009-01-10 23:31:23 +0000387
388 /* Store KL, KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200389 for( i = 0; i < 8; i++ )
390 GET_UINT32_BE( KC[i], t, i * 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000391
392 /* Generate KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200393 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000394 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000395
Paul Bakker66d5d072014-06-17 16:39:18 +0200396 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
397 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000398
Paul Bakker66d5d072014-06-17 16:39:18 +0200399 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000400 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000401
Paul Bakker66d5d072014-06-17 16:39:18 +0200402 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
403 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000404
Paul Bakker66d5d072014-06-17 16:39:18 +0200405 if( keysize > 128 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000406 /* Generate KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200407 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000408 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000409
Paul Bakker66d5d072014-06-17 16:39:18 +0200410 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
411 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000412 }
413
414 /*
415 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200416 */
Paul Bakker38119b12009-01-10 23:31:23 +0000417
418 /* Manipulating KL */
Paul Bakker66d5d072014-06-17 16:39:18 +0200419 SHIFT_AND_PLACE( idx, 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000420
421 /* Manipulating KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200422 if( keysize > 128 ) {
423 SHIFT_AND_PLACE( idx, 1 );
Paul Bakker38119b12009-01-10 23:31:23 +0000424 }
425
426 /* Manipulating KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200427 SHIFT_AND_PLACE( idx, 2 );
Paul Bakker38119b12009-01-10 23:31:23 +0000428
429 /* Manipulating KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200430 if( keysize > 128 ) {
431 SHIFT_AND_PLACE( idx, 3 );
Paul Bakker38119b12009-01-10 23:31:23 +0000432 }
433
434 /* Do transpositions */
Paul Bakker66d5d072014-06-17 16:39:18 +0200435 for( i = 0; i < 20; i++ ) {
436 if( transposes[idx][i] != -1 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000437 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
438 }
Paul Bakker38119b12009-01-10 23:31:23 +0000439 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000440
441 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000442}
443
444/*
445 * Camellia key schedule (decryption)
446 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200447int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
448 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000449{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200450 int idx, ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000451 size_t i;
Paul Bakker38119b12009-01-10 23:31:23 +0000452 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000453 uint32_t *RK;
454 uint32_t *SK;
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200455
456 camellia_init( &cty );
Paul Bakker38119b12009-01-10 23:31:23 +0000457
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200458 /* Also checks keysize */
Manuel Pégourié-Gonnard7f849052015-02-10 17:12:44 +0100459 if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) != 0 )
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200460 goto exit;
Paul Bakker38119b12009-01-10 23:31:23 +0000461
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200462 ctx->nr = cty.nr;
463 idx = ( ctx->nr == 4 );
464
465 RK = ctx->rk;
Paul Bakker38119b12009-01-10 23:31:23 +0000466 SK = cty.rk + 24 * 2 + 8 * idx * 2;
467
468 *RK++ = *SK++;
469 *RK++ = *SK++;
470 *RK++ = *SK++;
471 *RK++ = *SK++;
472
Paul Bakker66d5d072014-06-17 16:39:18 +0200473 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
Paul Bakker38119b12009-01-10 23:31:23 +0000474 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000475 *RK++ = *SK++;
476 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000477 }
478
479 SK -= 2;
480
481 *RK++ = *SK++;
482 *RK++ = *SK++;
483 *RK++ = *SK++;
484 *RK++ = *SK++;
485
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200486exit:
487 camellia_free( &cty );
Paul Bakker2b222c82009-07-27 21:03:45 +0000488
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200489 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000490}
491
492/*
493 * Camellia-ECB block encryption/decryption
494 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000495int camellia_crypt_ecb( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000496 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000497 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000498 unsigned char output[16] )
499{
Paul Bakker026c03b2009-03-28 17:53:03 +0000500 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000501 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000502
Paul Bakkerc2547b02009-07-20 20:40:52 +0000503 ( (void) mode );
504
Paul Bakker38119b12009-01-10 23:31:23 +0000505 NR = ctx->nr;
506 RK = ctx->rk;
507
Paul Bakker5c2364c2012-10-01 14:41:15 +0000508 GET_UINT32_BE( X[0], input, 0 );
509 GET_UINT32_BE( X[1], input, 4 );
510 GET_UINT32_BE( X[2], input, 8 );
511 GET_UINT32_BE( X[3], input, 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000512
513 X[0] ^= *RK++;
514 X[1] ^= *RK++;
515 X[2] ^= *RK++;
516 X[3] ^= *RK++;
517
Paul Bakker66d5d072014-06-17 16:39:18 +0200518 while( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000519 --NR;
Paul Bakker66d5d072014-06-17 16:39:18 +0200520 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000521 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200522 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000523 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200524 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000525 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200526 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000527 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200528 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000529 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200530 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000531 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000532
Paul Bakker66d5d072014-06-17 16:39:18 +0200533 if( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000534 FL(X[0], X[1], RK[0], RK[1]);
535 RK += 2;
536 FLInv(X[2], X[3], RK[0], RK[1]);
537 RK += 2;
538 }
Paul Bakker38119b12009-01-10 23:31:23 +0000539 }
540
541 X[2] ^= *RK++;
542 X[3] ^= *RK++;
543 X[0] ^= *RK++;
544 X[1] ^= *RK++;
545
Paul Bakker5c2364c2012-10-01 14:41:15 +0000546 PUT_UINT32_BE( X[2], output, 0 );
547 PUT_UINT32_BE( X[3], output, 4 );
548 PUT_UINT32_BE( X[0], output, 8 );
549 PUT_UINT32_BE( X[1], output, 12 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000550
551 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000552}
553
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200554#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000555/*
556 * Camellia-CBC buffer encryption/decryption
557 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000558int camellia_crypt_cbc( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000559 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000560 size_t length,
Paul Bakker38119b12009-01-10 23:31:23 +0000561 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000562 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000563 unsigned char *output )
564{
565 int i;
566 unsigned char temp[16];
567
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000568 if( length % 16 )
569 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
570
Paul Bakker38119b12009-01-10 23:31:23 +0000571 if( mode == CAMELLIA_DECRYPT )
572 {
573 while( length > 0 )
574 {
575 memcpy( temp, input, 16 );
576 camellia_crypt_ecb( ctx, mode, input, output );
577
578 for( i = 0; i < 16; i++ )
579 output[i] = (unsigned char)( output[i] ^ iv[i] );
580
581 memcpy( iv, temp, 16 );
582
583 input += 16;
584 output += 16;
585 length -= 16;
586 }
587 }
588 else
589 {
590 while( length > 0 )
591 {
592 for( i = 0; i < 16; i++ )
593 output[i] = (unsigned char)( input[i] ^ iv[i] );
594
595 camellia_crypt_ecb( ctx, mode, output, output );
596 memcpy( iv, output, 16 );
597
598 input += 16;
599 output += 16;
600 length -= 16;
601 }
602 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000603
604 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000605}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200606#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000607
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000608#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000609/*
610 * Camellia-CFB128 buffer encryption/decryption
611 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000612int camellia_crypt_cfb128( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000613 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000614 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000615 size_t *iv_off,
Paul Bakker38119b12009-01-10 23:31:23 +0000616 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000617 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000618 unsigned char *output )
619{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000620 int c;
621 size_t n = *iv_off;
Paul Bakker38119b12009-01-10 23:31:23 +0000622
623 if( mode == CAMELLIA_DECRYPT )
624 {
625 while( length-- )
626 {
627 if( n == 0 )
628 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
629
630 c = *input++;
631 *output++ = (unsigned char)( c ^ iv[n] );
632 iv[n] = (unsigned char) c;
633
Paul Bakker66d5d072014-06-17 16:39:18 +0200634 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000635 }
636 }
637 else
638 {
639 while( length-- )
640 {
641 if( n == 0 )
642 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
643
644 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
645
Paul Bakker66d5d072014-06-17 16:39:18 +0200646 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000647 }
648 }
649
650 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000651
652 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000653}
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000654#endif /* POLARSSL_CIPHER_MODE_CFB */
655
656#if defined(POLARSSL_CIPHER_MODE_CTR)
657/*
658 * Camellia-CTR buffer encryption/decryption
659 */
660int camellia_crypt_ctr( camellia_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000661 size_t length,
662 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000663 unsigned char nonce_counter[16],
664 unsigned char stream_block[16],
665 const unsigned char *input,
666 unsigned char *output )
667{
Paul Bakker369e14b2012-04-18 14:16:09 +0000668 int c, i;
Paul Bakker1ef71df2011-06-09 14:14:58 +0000669 size_t n = *nc_off;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000670
671 while( length-- )
672 {
673 if( n == 0 ) {
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200674 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
675 stream_block );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000676
Paul Bakker369e14b2012-04-18 14:16:09 +0000677 for( i = 16; i > 0; i-- )
678 if( ++nonce_counter[i - 1] != 0 )
679 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000680 }
681 c = *input++;
682 *output++ = (unsigned char)( c ^ stream_block[n] );
683
Paul Bakker66d5d072014-06-17 16:39:18 +0200684 n = ( n + 1 ) & 0x0F;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000685 }
686
687 *nc_off = n;
688
689 return( 0 );
690}
691#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200692#endif /* !POLARSSL_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000693
694#if defined(POLARSSL_SELF_TEST)
695
Paul Bakker38119b12009-01-10 23:31:23 +0000696/*
697 * Camellia test vectors from:
698 *
699 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
700 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
701 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000702 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000703 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000704#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000705
706static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
707{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000708 {
709 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
710 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200711 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000712 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
713 },
714 {
715 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
716 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
717 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200718 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000719 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
720 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
721 },
722 {
723 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
724 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
725 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
726 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
Paul Bakker9af723c2014-05-01 13:03:14 +0200727 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000728 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
729 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
731 },
Paul Bakker38119b12009-01-10 23:31:23 +0000732};
733
734static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
735{
736 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
737 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200738 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
Paul Bakker38119b12009-01-10 23:31:23 +0000739 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
740};
741
742static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
743{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000744 {
745 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
746 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
747 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
748 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
749 },
750 {
751 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
752 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
753 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
754 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
755 },
756 {
757 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
758 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
759 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
760 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
761 }
Paul Bakker38119b12009-01-10 23:31:23 +0000762};
763
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200764#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000765#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000766
767static const unsigned char camellia_test_cbc_key[3][32] =
768{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000769 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
770 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
771 ,
772 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
773 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
774 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
775 ,
776 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
777 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
778 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
779 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000780};
781
782static const unsigned char camellia_test_cbc_iv[16] =
783
784 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
785 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
786;
787
788static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
789{
790 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
791 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
792 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
793 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
794 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
795 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
796
797};
798
799static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
800{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000801 {
802 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
803 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
804 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
805 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
806 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
807 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
808 },
809 {
810 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
811 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
812 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
813 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
814 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
815 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
816 },
817 {
818 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
819 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
820 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
821 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
822 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
823 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
824 }
Paul Bakker38119b12009-01-10 23:31:23 +0000825};
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200826#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000827
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000828#if defined(POLARSSL_CIPHER_MODE_CTR)
829/*
830 * Camellia-CTR test vectors from:
831 *
832 * http://www.faqs.org/rfcs/rfc5528.html
833 */
834
835static const unsigned char camellia_test_ctr_key[3][16] =
836{
837 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
838 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
839 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
840 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
841 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
842 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
843};
844
845static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
846{
847 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
848 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
849 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
850 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
851 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
852 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
853};
854
855static const unsigned char camellia_test_ctr_pt[3][48] =
856{
857 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
858 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
859
860 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
861 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
862 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
863 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
864
865 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
866 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
867 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
868 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
869 0x20, 0x21, 0x22, 0x23 }
870};
871
872static const unsigned char camellia_test_ctr_ct[3][48] =
873{
874 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
875 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
876 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
877 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
878 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
879 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
880 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
881 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
882 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
883 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
884 0xDF, 0x50, 0x86, 0x96 }
885};
886
887static const int camellia_test_ctr_len[3] =
888 { 16, 32, 36 };
889#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000890
891/*
892 * Checkup routine
893 */
894int camellia_self_test( int verbose )
895{
Paul Bakker026c03b2009-03-28 17:53:03 +0000896 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000897 unsigned char key[32];
898 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000899 unsigned char src[16];
900 unsigned char dst[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200901#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000902 unsigned char iv[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200903#endif
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000904#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000905 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000906 unsigned char nonce_counter[16];
907 unsigned char stream_block[16];
908#endif
909
Paul Bakker38119b12009-01-10 23:31:23 +0000910 camellia_context ctx;
911
912 memset( key, 0, 32 );
913
Paul Bakker66d5d072014-06-17 16:39:18 +0200914 for( j = 0; j < 6; j++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000915 u = j >> 1;
916 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000917
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000918 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100919 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
920 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000921
Paul Bakker66d5d072014-06-17 16:39:18 +0200922 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
923 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000924
Paul Bakker66d5d072014-06-17 16:39:18 +0200925 if( v == CAMELLIA_DECRYPT ) {
926 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
927 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
928 memcpy( dst, camellia_test_ecb_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000929 } else { /* CAMELLIA_ENCRYPT */
Paul Bakker66d5d072014-06-17 16:39:18 +0200930 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
931 memcpy( src, camellia_test_ecb_plain[i], 16 );
932 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000933 }
Paul Bakker38119b12009-01-10 23:31:23 +0000934
Paul Bakker66d5d072014-06-17 16:39:18 +0200935 camellia_crypt_ecb( &ctx, v, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000936
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000937 if( memcmp( buf, dst, 16 ) != 0 )
938 {
939 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100940 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000941
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000942 return( 1 );
943 }
944 }
Paul Bakker38119b12009-01-10 23:31:23 +0000945
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000946 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100947 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000948 }
949
950 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100951 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000952
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200953#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000954 /*
955 * CBC mode
956 */
957 for( j = 0; j < 6; j++ )
958 {
959 u = j >> 1;
960 v = j & 1;
961
962 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100963 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
964 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakker38119b12009-01-10 23:31:23 +0000965
Paul Bakker66d5d072014-06-17 16:39:18 +0200966 memcpy( src, camellia_test_cbc_iv, 16 );
967 memcpy( dst, camellia_test_cbc_iv, 16 );
968 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000969
Paul Bakker66d5d072014-06-17 16:39:18 +0200970 if( v == CAMELLIA_DECRYPT ) {
971 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000972 } else {
Paul Bakker66d5d072014-06-17 16:39:18 +0200973 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000974 }
Paul Bakker38119b12009-01-10 23:31:23 +0000975
Paul Bakker66d5d072014-06-17 16:39:18 +0200976 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000977
Paul Bakker66d5d072014-06-17 16:39:18 +0200978 if( v == CAMELLIA_DECRYPT ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000979 memcpy( iv , src, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200980 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
981 memcpy( dst, camellia_test_cbc_plain[i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000982 } else { /* CAMELLIA_ENCRYPT */
983 memcpy( iv , dst, 16 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200984 memcpy( src, camellia_test_cbc_plain[i], 16 );
985 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000986 }
Paul Bakker38119b12009-01-10 23:31:23 +0000987
Paul Bakker66d5d072014-06-17 16:39:18 +0200988 camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000989
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000990 if( memcmp( buf, dst, 16 ) != 0 )
991 {
992 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100993 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000994
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000995 return( 1 );
996 }
997 }
Paul Bakker38119b12009-01-10 23:31:23 +0000998
999 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001000 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +00001001 }
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +02001002#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +00001003
1004 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001005 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +00001006
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001007#if defined(POLARSSL_CIPHER_MODE_CTR)
1008 /*
1009 * CTR mode
1010 */
1011 for( i = 0; i < 6; i++ )
1012 {
1013 u = i >> 1;
1014 v = i & 1;
1015
1016 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001017 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1018 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001019
1020 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1021 memcpy( key, camellia_test_ctr_key[u], 16 );
1022
1023 offset = 0;
1024 camellia_setkey_enc( &ctx, key, 128 );
1025
1026 if( v == CAMELLIA_DECRYPT )
1027 {
1028 len = camellia_test_ctr_len[u];
1029 memcpy( buf, camellia_test_ctr_ct[u], len );
1030
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +02001031 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1032 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001033
1034 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1035 {
1036 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001037 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001038
1039 return( 1 );
1040 }
1041 }
1042 else
1043 {
1044 len = camellia_test_ctr_len[u];
1045 memcpy( buf, camellia_test_ctr_pt[u], len );
1046
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +02001047 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1048 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001049
1050 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1051 {
1052 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001053 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001054
1055 return( 1 );
1056 }
1057 }
1058
1059 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001060 polarssl_printf( "passed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001061 }
1062
1063 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +01001064 polarssl_printf( "\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +00001065#endif /* POLARSSL_CIPHER_MODE_CTR */
1066
Paul Bakkerd8bb8262014-06-17 14:06:49 +02001067 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +00001068}
1069
Paul Bakker9af723c2014-05-01 13:03:14 +02001070#endif /* POLARSSL_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +00001071
Paul Bakker9af723c2014-05-01 13:03:14 +02001072#endif /* POLARSSL_CAMELLIA_C */