Blame - library/camellia.c - mirror/mbed-tls - TrustedFirmware Git Browser

2009-01-10 23:31:23 +0000

[diff] [blame]

1

/*

2

* Camellia implementation

3

*

Manuel Pégourié-Gonnard

6fb8187

2015-07-27 11:11:48 +0200

[diff] [blame]

4

Manuel Pégourié-Gonnard

37ff140

2015-09-04 14:21:07 +0200

[diff] [blame]

5

* SPDX-License-Identifier: Apache-2.0

6

*

7

* Licensed under the Apache License, Version 2.0 (the "License"); you may

8

* not use this file except in compliance with the License.

9

* You may obtain a copy of the License at

10

*

11

* http://www.apache.org/licenses/LICENSE-2.0

12

*

13

* Unless required by applicable law or agreed to in writing, software

14

* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

15

* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

16

* See the License for the specific language governing permissions and

17

* limitations under the License.

Paul Bakker

b96f154

2010-07-18 20:36:00 +0000

[diff] [blame]

18

*

Manuel Pégourié-Gonnard

fe44643

2015-03-06 13:17:10 +0000

[diff] [blame]

19

* This file is part of mbed TLS (https://tls.mbed.org)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

20

*/

21

/*

Paul Bakker

b5ef0ba

2009-01-11 20:25:36 +0000

[diff] [blame]

22

* The Camellia block cipher was designed by NTT and Mitsubishi Electric

23

* Corporation.

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

24

*

Paul Bakker

b5ef0ba

2009-01-11 20:25:36 +0000

[diff] [blame]

25

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

26

*/

27

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

28

#if !defined(MBEDTLS_CONFIG_FILE)

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

29

#include "mbedtls/config.h"

Manuel Pégourié-Gonnard

cef4ad2

2014-04-29 12:39:06 +0200

[diff] [blame]

30

#else

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

31

#include MBEDTLS_CONFIG_FILE

Manuel Pégourié-Gonnard

cef4ad2

2014-04-29 12:39:06 +0200

[diff] [blame]

32

#endif

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

33

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

34

#if defined(MBEDTLS_CAMELLIA_C)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

35

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

36

#include "mbedtls/camellia.h"

Andres Amaya Garcia

1f6301b

2018-04-17 09:51:09 -0500

[diff] [blame]

37

#include "mbedtls/platform_util.h"

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

38

Rich Evans

00ab470

2015-02-06 13:43:58 +0000

[diff] [blame]

39

#include <string.h>

Manuel Pégourié-Gonnard

394608e

2015-02-17 16:01:07 +0100

[diff] [blame]

40

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

41

#if defined(MBEDTLS_SELF_TEST)

42

#if defined(MBEDTLS_PLATFORM_C)

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

43

#include "mbedtls/platform.h"

Paul Bakker

7dc4c44

2014-02-01 22:50:26 +0100

[diff] [blame]

44

#else

Rich Evans

00ab470

2015-02-06 13:43:58 +0000

[diff] [blame]

45

#include <stdio.h>

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

46

#define mbedtls_printf printf

47

#endif /* MBEDTLS_PLATFORM_C */

48

#endif /* MBEDTLS_SELF_TEST */

Paul Bakker

7dc4c44

2014-02-01 22:50:26 +0100

[diff] [blame]

49

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

50

#if !defined(MBEDTLS_CAMELLIA_ALT)

Paul Bakker

90995b5

2013-06-24 19:20:35 +0200

[diff] [blame]

51

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

52

/* Parameter validation macros */

53

#define CAMELLIA_VALIDATE_RET( cond ) \

54

MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )

55

#define CAMELLIA_VALIDATE( cond ) \

56

MBEDTLS_INTERNAL_VALIDATE( cond )

57

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

58

/*

59

* 32-bit integer manipulation macros (big endian)

60

*/

Paul Bakker

5c2364c

2012-10-01 14:41:15 +0000

[diff] [blame]

61

#ifndef GET_UINT32_BE

62

#define GET_UINT32_BE(n,b,i) \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

63

{ \

Paul Bakker

5c2364c

2012-10-01 14:41:15 +0000

[diff] [blame]

64

(n) = ( (uint32_t) (b)[(i) ] << 24 ) \

65

| ( (uint32_t) (b)[(i) + 1] << 16 ) \

66

| ( (uint32_t) (b)[(i) + 2] << 8 ) \

67

| ( (uint32_t) (b)[(i) + 3] ); \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

#endif

Paul Bakker

2012-10-01 14:41:15 +0000

[diff] [blame]

71

#ifndef PUT_UINT32_BE

72

#define PUT_UINT32_BE(n,b,i) \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

73

{ \

74

(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \

75

(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \

76

(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \

77

(b)[(i) + 3] = (unsigned char) ( (n) ); \

}

#endif

static const unsigned char SIGMA_CHARS[6][8] =

82

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

83

{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },

84

{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },

85

{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },

86

{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },

87

{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },

88

{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

89

};

90

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

91

#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

92

93

static const unsigned char FSb[256] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

94

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

95

112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,

96

35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,

97

134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,

98

166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,

99

139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,

100

223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,

101

20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,

102

254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,

103

170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,

104

16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,

105

135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,

106

82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,

107

233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,

108

120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,

109

114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,

110

64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

111

};

112

113

#define SBOX1(n) FSb[(n)]

114

#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)

115

#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

116

#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]

117

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

118

#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

119

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

120

static const unsigned char FSb[256] =

121

{

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

122

112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,

123

35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,

124

134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,

125

166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,

126

139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,

127

223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,

128

20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,

129

254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,

130

170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,

131

16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,

132

135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,

133

82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,

134

233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,

135

120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,

136

114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,

137

64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

138

};

139

140

static const unsigned char FSb2[256] =

141

{

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

142

224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,

143

70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,

144

13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,

145

77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,

146

23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,

147

191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,

148

40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,

149

253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,

150

85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,

151

32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,

152

15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,

153

164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,

154

211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,

155

240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,

156

228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,

157

128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

158

};

159

160

static const unsigned char FSb3[256] =

161

{

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

162

56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,

163

145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,

164

67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,

165

83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,

166

197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,

167

239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,

168

10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,

169

127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,

170

85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,

171

8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,

172

195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,

173

41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,

174

244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,

175

60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,

176

57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,

177

32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

178

};

179

180

static const unsigned char FSb4[256] =

181

{

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

182

112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,

183

134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,

184

139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,

185

20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,

186

170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,

187

135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,

188

233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,

189

114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,

190

130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,

191

184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,

192

13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,

193

88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,

194

208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,

195

92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,

196

121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,

197

7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

198

};

199

200

#define SBOX1(n) FSb[(n)]

201

#define SBOX2(n) FSb2[(n)]

202

#define SBOX3(n) FSb3[(n)]

203

#define SBOX4(n) FSb4[(n)]

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

204

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

205

#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

206

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

207

static const unsigned char shifts[2][4][4] =

208

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

209

{

210

{ 1, 1, 1, 1 }, /* KL */

211

{ 0, 0, 0, 0 }, /* KR */

212

{ 1, 1, 1, 1 }, /* KA */

213

{ 0, 0, 0, 0 } /* KB */

214

},

215

{

216

{ 1, 0, 1, 1 }, /* KL */

217

{ 1, 1, 0, 1 }, /* KR */

218

{ 1, 1, 1, 0 }, /* KA */

219

{ 1, 1, 0, 1 } /* KB */

220

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

221

};

222

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

223

static const signed char indexes[2][4][20] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

224

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

225

{

226

{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,

227

36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */

228

{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

229

-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */

230

{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,

231

18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */

232

{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

233

-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */

234

},

235

{

236

{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,

237

-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */

238

{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,

239

18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */

240

{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,

241

56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */

242

{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,

243

22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */

244

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

245

};

246

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

247

static const signed char transposes[2][20] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

248

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

{

21, 22, 23, 20,

-1, -1, -1, -1,

18, 19, 16, 17,

11, 8, 9, 10,

15, 12, 13, 14

},

{

25, 26, 27, 24,

29, 30, 31, 28,

18, 19, 16, 17,

-1, -1, -1, -1,

-1, -1, -1, -1

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

263

};

264

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

265

/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

266

#define ROTL(DEST, SRC, SHIFT) \

267

{ \

268

(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \

269

(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \

270

(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \

271

(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

272

}

273

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

274

#define FL(XL, XR, KL, KR) \

275

{ \

276

(XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \

277

(XL) = ((XR) | (KR)) ^ (XL); \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

278

}

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

279

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

280

#define FLInv(YL, YR, KL, KR) \

281

{ \

282

(YL) = ((YR) | (KR)) ^ (YL); \

283

(YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

284

}

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

285

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

286

#define SHIFT_AND_PLACE(INDEX, OFFSET) \

287

{ \

288

TK[0] = KC[(OFFSET) * 4 + 0]; \

289

TK[1] = KC[(OFFSET) * 4 + 1]; \

290

TK[2] = KC[(OFFSET) * 4 + 2]; \

291

TK[3] = KC[(OFFSET) * 4 + 3]; \

292

\

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

293

for( i = 1; i <= 4; i++ ) \

294

if( shifts[(INDEX)][(OFFSET)][i -1] ) \

295

ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

296

\

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

297

for( i = 0; i < 20; i++ ) \

298

if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \

299

RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \

300

} \

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

301

}

302

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

303

static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],

304

uint32_t z[2])

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

305

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

306

uint32_t I0, I1;

307

I0 = x[0] ^ k[0];

308

I1 = x[1] ^ k[1];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

309

Manuel Pégourié-Gonnard

b31b61b

2014-11-10 13:05:43 +0100

[diff] [blame]

310

I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |

311

((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |

312

((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |

313

((uint32_t) SBOX4((I0 ) & 0xFF) );

314

I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |

315

((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |

316

((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |

317

((uint32_t) SBOX1((I1 ) & 0xFF) );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

318

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

319

I0 ^= (I1 << 8) | (I1 >> 24);

320

I1 ^= (I0 << 16) | (I0 >> 16);

321

I0 ^= (I1 >> 8) | (I1 << 24);

322

I1 ^= (I0 >> 8) | (I0 << 24);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

323

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

324

z[0] ^= I1;

325

z[1] ^= I0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

326

}

327

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

328

void mbedtls_camellia_init( mbedtls_camellia_context *ctx )

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

329

{

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

330

CAMELLIA_VALIDATE( ctx != NULL );

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

331

memset( ctx, 0, sizeof( mbedtls_camellia_context ) );

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

332

}

333

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

334

void mbedtls_camellia_free( mbedtls_camellia_context *ctx )

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

{

if( ctx == NULL )

return;

Andres Amaya Garcia

2018-04-17 09:51:09 -0500

[diff] [blame]

339

mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

340

}

341

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

342

/*

343

* Camellia key schedule (encryption)

344

*/

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

345

int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,

346

const unsigned char *key,

347

unsigned int keybits )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

348

{

Paul Bakker

2011-04-24 08:57:21 +0000

[diff] [blame]

349

int idx;

350

size_t i;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

351

uint32_t *RK;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

352

unsigned char t[64];

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

353

uint32_t SIGMA[6][2];

354

uint32_t KC[16];

355

uint32_t TK[20];

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

356

CAMELLIA_VALIDATE_RET( ctx != NULL );

357

CAMELLIA_VALIDATE_RET( key != NULL );

358

CAMELLIA_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

RK = ctx->rk;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

362

memset( t, 0, 64 );

363

memset( RK, 0, sizeof(ctx->rk) );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

364

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

365

switch( keybits )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

366

{

367

case 128: ctx->nr = 3; idx = 0; break;

368

case 192:

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

369

case 256: ctx->nr = 4; idx = 1; break;

Hanno Becker

4c029d0

2018-12-17 13:20:05 +0000

[diff] [blame]

370

default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

371

}

372

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

373

for( i = 0; i < keybits / 8; ++i )

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

374

t[i] = key[i];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

375

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

376

if( keybits == 192 ) {

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

377

for( i = 0; i < 8; i++ )

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

378

t[24 + i] = ~t[16 + i];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

379

}

380

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

381

/*

382

* Prepare SIGMA values

383

*/

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

384

for( i = 0; i < 6; i++ ) {

385

GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );

386

GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Key storage in KC

* Order: KL, KR, KA, KB

392

*/

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

393

memset( KC, 0, sizeof(KC) );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

394

395

/* Store KL, KR */

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

396

for( i = 0; i < 8; i++ )

397

GET_UINT32_BE( KC[i], t, i * 4 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

398

399

/* Generate KA */

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

400

for( i = 0; i < 4; ++i )

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

401

KC[8 + i] = KC[i] ^ KC[4 + i];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

402

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

403

camellia_feistel( KC + 8, SIGMA[0], KC + 10 );

404

camellia_feistel( KC + 10, SIGMA[1], KC + 8 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

405

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

406

for( i = 0; i < 4; ++i )

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

407

KC[8 + i] ^= KC[i];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

408

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

409

camellia_feistel( KC + 8, SIGMA[2], KC + 10 );

410

camellia_feistel( KC + 10, SIGMA[3], KC + 8 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

411

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

412

if( keybits > 128 ) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

413

/* Generate KB */

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

414

for( i = 0; i < 4; ++i )

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

415

KC[12 + i] = KC[4 + i] ^ KC[8 + i];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

416

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

417

camellia_feistel( KC + 12, SIGMA[4], KC + 14 );

418

camellia_feistel( KC + 14, SIGMA[5], KC + 12 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Generating subkeys

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

423

*/

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

424

425

/* Manipulating KL */

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

426

SHIFT_AND_PLACE( idx, 0 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

427

428

/* Manipulating KR */

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

429

if( keybits > 128 ) {

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

430

SHIFT_AND_PLACE( idx, 1 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

431

}

432

433

/* Manipulating KA */

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

434

SHIFT_AND_PLACE( idx, 2 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

435

436

/* Manipulating KB */

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

437

if( keybits > 128 ) {

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

438

SHIFT_AND_PLACE( idx, 3 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

439

}

440

441

/* Do transpositions */

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

442

for( i = 0; i < 20; i++ ) {

443

if( transposes[idx][i] != -1 ) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

444

RK[32 + 12 * idx + i] = RK[transposes[idx][i]];

445

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

446

}

Paul Bakker

2b222c8

2009-07-27 21:03:45 +0000

[diff] [blame]

447

448

return( 0 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Camellia key schedule (decryption)

453

*/

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

454

int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,

455

const unsigned char *key,

456

unsigned int keybits )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

457

{

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

458

int idx, ret;

Paul Bakker

2011-04-24 08:57:21 +0000

[diff] [blame]

459

size_t i;

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

460

mbedtls_camellia_context cty;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

461

uint32_t *RK;

462

uint32_t *SK;

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

463

CAMELLIA_VALIDATE_RET( ctx != NULL );

464

CAMELLIA_VALIDATE_RET( key != NULL );

465

CAMELLIA_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

466

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

467

mbedtls_camellia_init( &cty );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

468

Manuel Pégourié-Gonnard

2015-06-18 14:58:58 +0200

[diff] [blame]

469

/* Also checks keybits */

470

if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

471

goto exit;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

472

Manuel Pégourié-Gonnard

3ac6a2b

2014-05-28 22:04:25 +0200

[diff] [blame]

473

ctx->nr = cty.nr;

474

idx = ( ctx->nr == 4 );

475

476

RK = ctx->rk;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

477

SK = cty.rk + 24 * 2 + 8 * idx * 2;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

484

for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

485

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

486

*RK++ = *SK++;

487

*RK++ = *SK++;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

SK -= 2;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

497

exit:

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

498

mbedtls_camellia_free( &cty );

Paul Bakker

2b222c8

2009-07-27 21:03:45 +0000

[diff] [blame]

499

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

500

return( ret );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Camellia-ECB block encryption/decryption

505

*/

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

506

int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

507

int mode,

Paul Bakker

ff60ee6

2010-03-16 21:09:09 +0000

[diff] [blame]

508

const unsigned char input[16],

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

509

unsigned char output[16] )

510

{

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

511

int NR;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

512

uint32_t *RK, X[4];

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

513

CAMELLIA_VALIDATE_RET( ctx != NULL );

514

CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||

515

mode == MBEDTLS_CAMELLIA_DECRYPT );

516

CAMELLIA_VALIDATE_RET( input != NULL );

517

CAMELLIA_VALIDATE_RET( output != NULL );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

518

Paul Bakker

c2547b0

2009-07-20 20:40:52 +0000

[diff] [blame]

519

( (void) mode );

520

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

NR = ctx->nr;

RK = ctx->rk;

Paul Bakker

2012-10-01 14:41:15 +0000

[diff] [blame]

524

GET_UINT32_BE( X[0], input, 0 );

525

GET_UINT32_BE( X[1], input, 4 );

526

GET_UINT32_BE( X[2], input, 8 );

527

GET_UINT32_BE( X[3], input, 12 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

X[0] ^= *RK++;

X[1] ^= *RK++;

X[2] ^= *RK++;

X[3] ^= *RK++;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

534

while( NR ) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

535

--NR;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

536

camellia_feistel( X, RK, X + 2 );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

537

RK += 2;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

538

camellia_feistel( X + 2, RK, X );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

539

RK += 2;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

540

camellia_feistel( X, RK, X + 2 );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

541

RK += 2;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

542

camellia_feistel( X + 2, RK, X );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

543

RK += 2;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

544

camellia_feistel( X, RK, X + 2 );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

545

RK += 2;

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

546

camellia_feistel( X + 2, RK, X );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

547

RK += 2;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

548

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

549

if( NR ) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

550

FL(X[0], X[1], RK[0], RK[1]);

551

RK += 2;

552

FLInv(X[2], X[3], RK[0], RK[1]);

553

RK += 2;

554

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

X[2] ^= *RK++;

X[3] ^= *RK++;

X[0] ^= *RK++;

X[1] ^= *RK++;

Paul Bakker

2012-10-01 14:41:15 +0000

[diff] [blame]

562

PUT_UINT32_BE( X[2], output, 0 );

563

PUT_UINT32_BE( X[3], output, 4 );

564

PUT_UINT32_BE( X[0], output, 8 );

565

PUT_UINT32_BE( X[1], output, 12 );

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

566

567

return( 0 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

568

}

569

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

570

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

571

/*

572

* Camellia-CBC buffer encryption/decryption

573

*/

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

574

int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

575

int mode,

Paul Bakker

2011-04-24 08:57:21 +0000

[diff] [blame]

576

size_t length,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

577

unsigned char iv[16],

Paul Bakker

ff60ee6

2010-03-16 21:09:09 +0000

[diff] [blame]

578

const unsigned char *input,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

579

unsigned char *output )

580

{

581

int i;

582

unsigned char temp[16];

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

583

CAMELLIA_VALIDATE_RET( ctx != NULL );

584

CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||

585

mode == MBEDTLS_CAMELLIA_DECRYPT );

586

CAMELLIA_VALIDATE_RET( iv != NULL );

587

CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );

588

CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

589

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

590

if( length % 16 )

Hanno Becker

938f9e9

2018-12-18 09:40:25 +0000

[diff] [blame]

591

return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

592

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

593

if( mode == MBEDTLS_CAMELLIA_DECRYPT )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

{

while( length > 0 )

{

memcpy( temp, input, 16 );

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

598

mbedtls_camellia_crypt_ecb( ctx, mode, input, output );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

599

600

for( i = 0; i < 16; i++ )

601

output[i] = (unsigned char)( output[i] ^ iv[i] );

602

603

memcpy( iv, temp, 16 );

input += 16;

output += 16;

length -= 16;

}

}

else

{

while( length > 0 )

{

for( i = 0; i < 16; i++ )

615

output[i] = (unsigned char)( input[i] ^ iv[i] );

616

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

617

mbedtls_camellia_crypt_ecb( ctx, mode, output, output );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

618

memcpy( iv, output, 16 );

input += 16;

output += 16;

length -= 16;

}

}

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

625

626

return( 0 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

627

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

628

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

629

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

630

#if defined(MBEDTLS_CIPHER_MODE_CFB)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

631

/*

632

* Camellia-CFB128 buffer encryption/decryption

633

*/

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

634

int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

635

int mode,

Paul Bakker

2011-04-24 08:57:21 +0000

[diff] [blame]

636

size_t length,

Paul Bakker

2011-06-09 14:14:58 +0000

[diff] [blame]

637

size_t *iv_off,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

638

unsigned char iv[16],

Paul Bakker

ff60ee6

2010-03-16 21:09:09 +0000

[diff] [blame]

639

const unsigned char *input,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

640

unsigned char *output )

641

{

Paul Bakker

2011-06-09 14:14:58 +0000

[diff] [blame]

642

int c;

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

643

size_t n;

644

CAMELLIA_VALIDATE_RET( ctx != NULL );

645

CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||

646

mode == MBEDTLS_CAMELLIA_DECRYPT );

647

CAMELLIA_VALIDATE_RET( iv != NULL );

648

CAMELLIA_VALIDATE_RET( iv_off != NULL );

649

CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );

650

CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );

n = *iv_off;

if( n >= 16 )

return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

655

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

656

if( mode == MBEDTLS_CAMELLIA_DECRYPT )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

{

while( length-- )

{

if( n == 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

661

mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

662

663

c = *input++;

664

*output++ = (unsigned char)( c ^ iv[n] );

665

iv[n] = (unsigned char) c;

666

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

667

n = ( n + 1 ) & 0x0F;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

}

else

{

while( length-- )

{

if( n == 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

675

mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

676

677

iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );

678

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

679

n = ( n + 1 ) & 0x0F;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

}

*iv_off = n;

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

684

685

return( 0 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

686

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

687

#endif /* MBEDTLS_CIPHER_MODE_CFB */

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

688

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

689

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

690

/*

691

* Camellia-CTR buffer encryption/decryption

692

*/

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

693

int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,

Paul Bakker

2011-06-09 14:14:58 +0000

[diff] [blame]

694

size_t length,

695

size_t *nc_off,

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

696

unsigned char nonce_counter[16],

697

unsigned char stream_block[16],

698

const unsigned char *input,

699

unsigned char *output )

700

{

Paul Bakker

369e14b

2012-04-18 14:16:09 +0000

[diff] [blame]

701

int c, i;

Hanno Becker

2018-12-12 18:02:06 +0000

[diff] [blame^]

702

size_t n;

703

CAMELLIA_VALIDATE_RET( ctx != NULL );

704

CAMELLIA_VALIDATE_RET( nonce_counter != NULL );

705

CAMELLIA_VALIDATE_RET( stream_block != NULL );

706

CAMELLIA_VALIDATE_RET( nc_off != NULL );

707

CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );

708

CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );

n = *nc_off;

if( n >= 16 )

return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

while( length-- )

{

if( n == 0 ) {

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

717

mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

718

stream_block );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

719

Paul Bakker

369e14b

2012-04-18 14:16:09 +0000

[diff] [blame]

720

for( i = 16; i > 0; i-- )

721

if( ++nonce_counter[i - 1] != 0 )

722

break;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

723

}

724

c = *input++;

725

*output++ = (unsigned char)( c ^ stream_block[n] );

726

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

727

n = ( n + 1 ) & 0x0F;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

}

*nc_off = n;

return( 0 );

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

734

#endif /* MBEDTLS_CIPHER_MODE_CTR */

735

#endif /* !MBEDTLS_CAMELLIA_ALT */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

736

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

737

#if defined(MBEDTLS_SELF_TEST)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

738

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

739

/*

740

* Camellia test vectors from:

741

*

742

* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:

743

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt

744

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

745

* (For each bitlength: Key 0, Nr 39)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

746

*/

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

747

#define CAMELLIA_TESTS_ECB 2

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

748

749

static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =

750

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

751

{

752

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

753

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

754

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

755

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

756

},

757

{

758

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

759

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,

760

0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

761

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

762

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

763

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

764

},

765

{

766

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

767

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,

768

0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,

769

0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

770

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

771

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

772

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

773

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

774

},

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

775

};

776

777

static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =

778

{

779

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

780

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

781

{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

782

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

783

};

784

785

static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =

786

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

787

{

788

{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,

789

0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },

790

{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,

791

0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }

792

},

793

{

794

{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,

795

0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },

796

{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,

797

0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }

798

},

799

{

800

{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,

801

0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },

802

{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,

803

0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }

804

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

805

};

806

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

807

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

808

#define CAMELLIA_TESTS_CBC 3

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

809

810

static const unsigned char camellia_test_cbc_key[3][32] =

811

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

812

{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,

813

0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }

814

,

815

{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,

816

0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,

817

0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }

818

,

819

{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,

820

0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,

821

0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,

822

0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

823

};

824

825

static const unsigned char camellia_test_cbc_iv[16] =

826

827

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

828

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }

829

;

830

831

static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =

832

{

833

{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,

834

0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },

835

{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,

836

0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },

837

{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,

838

0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }

};

static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =

843

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

844

{

845

{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,

846

0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },

847

{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,

848

0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },

849

{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,

850

0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }

851

},

852

{

853

{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,

854

0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },

855

{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,

856

0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },

857

{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,

858

0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }

859

},

860

{

861

{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,

862

0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },

863

{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,

864

0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },

865

{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,

866

0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }

867

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

868

};

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

869

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

870

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

871

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

872

/*

873

* Camellia-CTR test vectors from:

874

*

875

* http://www.faqs.org/rfcs/rfc5528.html

876

*/

877

878

static const unsigned char camellia_test_ctr_key[3][16] =

879

{

880

{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,

881

0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },

882

{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,

883

0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },

884

{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,

885

0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }

886

};

887

888

static const unsigned char camellia_test_ctr_nonce_counter[3][16] =

889

{

890

{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,

891

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },

892

{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,

893

0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },

894

{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,

895

0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }

896

};

897

898

static const unsigned char camellia_test_ctr_pt[3][48] =

899

{

900

{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,

901

0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },

902

903

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

904

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,

905

0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

906

0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },

907

908

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

909

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,

910

0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

911

0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,

912

0x20, 0x21, 0x22, 0x23 }

913

};

914

915

static const unsigned char camellia_test_ctr_ct[3][48] =

916

{

917

{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,

918

0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },

919

{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,

920

0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,

921

0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,

922

0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },

923

{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,

924

0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,

925

0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,

926

0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,

927

0xDF, 0x50, 0x86, 0x96 }

928

};

929

930

static const int camellia_test_ctr_len[3] =

931

{ 16, 32, 36 };

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

932

#endif /* MBEDTLS_CIPHER_MODE_CTR */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

/*

* Checkup routine

*/

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

937

int mbedtls_camellia_self_test( int verbose )

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

938

{

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

939

int i, j, u, v;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

940

unsigned char key[32];

941

unsigned char buf[64];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

942

unsigned char src[16];

943

unsigned char dst[16];

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

944

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

945

unsigned char iv[16];

Manuel Pégourié-Gonnard

92cb1d3

2013-09-13 16:24:20 +0200

[diff] [blame]

946

#endif

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

947

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-06-09 14:14:58 +0000

[diff] [blame]

948

size_t offset, len;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

949

unsigned char nonce_counter[16];

950

unsigned char stream_block[16];

951

#endif

952

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

953

mbedtls_camellia_context ctx;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

954

955

memset( key, 0, 32 );

956

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

957

for( j = 0; j < 6; j++ ) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

958

u = j >> 1;

959

v = j & 1;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

960

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

961

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

962

mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,

963

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

964

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

965

for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {

966

memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

967

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

968

if( v == MBEDTLS_CAMELLIA_DECRYPT ) {

969

mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

970

memcpy( src, camellia_test_ecb_cipher[u][i], 16 );

971

memcpy( dst, camellia_test_ecb_plain[i], 16 );

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

972

} else { /* MBEDTLS_CAMELLIA_ENCRYPT */

973

mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );

Paul Bakker

2014-06-17 16:39:18 +0200

[diff] [blame]

974

memcpy( src, camellia_test_ecb_plain[i], 16 );

975

memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

976

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

977

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

978

mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

979

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

980

if( memcmp( buf, dst, 16 ) != 0 )

981

{

982

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

983

mbedtls_printf( "failed\n" );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

984

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

985

return( 1 );

986

}

987

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

988

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

989

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

990

mbedtls_printf( "passed\n" );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

991

}

992

993

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

994

mbedtls_printf( "\n" );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

995

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

996

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

/*

* CBC mode

*/

for( j = 0; j < 6; j++ )

{

u = j >> 1;

v = j & 1;

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1006

mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,

1007

( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1008

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

1009

memcpy( src, camellia_test_cbc_iv, 16 );

1010

memcpy( dst, camellia_test_cbc_iv, 16 );

1011

memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1012

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1013

if( v == MBEDTLS_CAMELLIA_DECRYPT ) {

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

1014

mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );

1015

} else {

1016

mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

1017

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1018

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

1019

for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1020

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

1021

if( v == MBEDTLS_CAMELLIA_DECRYPT ) {

1022

memcpy( iv , src, 16 );

1023

memcpy( src, camellia_test_cbc_cipher[u][i], 16 );

1024

memcpy( dst, camellia_test_cbc_plain[i], 16 );

1025

} else { /* MBEDTLS_CAMELLIA_ENCRYPT */

1026

memcpy( iv , dst, 16 );

1027

memcpy( src, camellia_test_cbc_plain[i], 16 );

1028

memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );

1029

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1030

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

1031

mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );

1032

1033

if( memcmp( buf, dst, 16 ) != 0 )

1034

{

1035

if( verbose != 0 )

1036

mbedtls_printf( "failed\n" );

1037

1038

return( 1 );

1039

}

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

1040

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1041

1042

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1043

mbedtls_printf( "passed\n" );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1044

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1045

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1046

1047

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1048

mbedtls_printf( "\n" );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1049

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1050

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

/*

* CTR mode

*/

for( i = 0; i < 6; i++ )

{

u = i >> 1;

v = i & 1;

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1060

mbedtls_printf( " CAMELLIA-CTR-128 (%s): ",

1061

( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1062

1063

memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );

1064

memcpy( key, camellia_test_ctr_key[u], 16 );

1065

1066

offset = 0;

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1067

mbedtls_camellia_setkey_enc( &ctx, key, 128 );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1068

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1069

if( v == MBEDTLS_CAMELLIA_DECRYPT )

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1070

{

1071

len = camellia_test_ctr_len[u];

1072

memcpy( buf, camellia_test_ctr_ct[u], len );

1073

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1074

mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

1075

buf, buf );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1076

1077

if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )

1078

{

1079

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1080

mbedtls_printf( "failed\n" );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

return( 1 );

}

}

else

{

len = camellia_test_ctr_len[u];

1088

memcpy( buf, camellia_test_ctr_pt[u], len );

1089

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1090

mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,

Paul Bakker

2014-05-01 14:18:25 +0200

[diff] [blame]

1091

buf, buf );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1092

1093

if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )

1094

{

1095

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1096

mbedtls_printf( "failed\n" );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

return( 1 );

}

}

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1103

mbedtls_printf( "passed\n" );

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1104

}

1105

1106

if( verbose != 0 )

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1107

mbedtls_printf( "\n" );

1108

#endif /* MBEDTLS_CIPHER_MODE_CTR */

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1109

Paul Bakker

d8bb826

2014-06-17 14:06:49 +0200

[diff] [blame]

1110

return( 0 );

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1111

}

1112

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1113

#endif /* MBEDTLS_SELF_TEST */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1114

Manuel Pégourié-Gonnard