Blame - library/camellia.c - mirror/mbed-tls - TrustedFirmware Git Browser

2009-01-10 23:31:23 +0000

[diff] [blame]

1

/*

2

* Camellia implementation

3

*

Bence Szépkúti

1e14827

2020-08-07 13:07:28 +0200

[diff] [blame]

4

* Copyright The Mbed TLS Contributors

Manuel Pégourié-Gonnard

37ff140

2015-09-04 14:21:07 +0200

[diff] [blame]

5

* SPDX-License-Identifier: Apache-2.0

6

*

7

* Licensed under the Apache License, Version 2.0 (the "License"); you may

8

* not use this file except in compliance with the License.

9

* You may obtain a copy of the License at

10

*

11

* http://www.apache.org/licenses/LICENSE-2.0

12

*

13

* Unless required by applicable law or agreed to in writing, software

14

* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

15

* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

16

* See the License for the specific language governing permissions and

17

* limitations under the License.

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

18

*/

19

/*

Paul Bakker

b5ef0ba

2009-01-11 20:25:36 +0000

[diff] [blame]

20

* The Camellia block cipher was designed by NTT and Mitsubishi Electric

21

* Corporation.

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

22

*

Paul Bakker

b5ef0ba

2009-01-11 20:25:36 +0000

[diff] [blame]

23

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

24

*/

25

Gilles Peskine

db09ef6

2020-06-03 01:43:33 +0200

[diff] [blame]

26

#include "common.h"

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

27

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

28

#if defined(MBEDTLS_CAMELLIA_C)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

29

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

30

#include "mbedtls/camellia.h"

Andres Amaya Garcia

1f6301b

2018-04-17 09:51:09 -0500

[diff] [blame]

31

#include "mbedtls/platform_util.h"

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

32

Rich Evans

00ab470

2015-02-06 13:43:58 +0000

[diff] [blame]

33

#include <string.h>

Manuel Pégourié-Gonnard

394608e

2015-02-17 16:01:07 +0100

[diff] [blame]

34

Manuel Pégourié-Gonnard

7f80997

2015-03-09 17:05:11 +0000

[diff] [blame]

35

#include "mbedtls/platform.h"

Paul Bakker

7dc4c44

2014-02-01 22:50:26 +0100

[diff] [blame]

36

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

37

#if !defined(MBEDTLS_CAMELLIA_ALT)

Paul Bakker

90995b5

2013-06-24 19:20:35 +0200

[diff] [blame]

38

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

39

static const unsigned char SIGMA_CHARS[6][8] =

40

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

41

{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },

42

{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },

43

{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },

44

{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },

45

{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },

46

{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

47

};

48

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

49

#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

50

51

static const unsigned char FSb[256] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

52

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

53

112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,

54

35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,

55

134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,

56

166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,

57

139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,

58

223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,

59

20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,

60

254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,

61

170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,

62

16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,

63

135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,

64

82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,

65

233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,

66

120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,

67

114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,

68

64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

69

};

70

71

#define SBOX1(n) FSb[(n)]

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

72

#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)

73

#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

74

#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]

75

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

76

#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

77

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

78

static const unsigned char FSb[256] =

79

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

80

112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,

81

35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,

82

134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,

83

166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,

84

139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,

85

223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,

86

20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,

87

254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,

88

170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,

89

16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,

90

135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,

91

82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,

92

233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,

93

120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,

94

114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,

95

64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

96

};

97

98

static const unsigned char FSb2[256] =

99

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

100

224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,

101

70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,

102

13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,

103

77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,

104

23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,

105

191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,

106

40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,

107

253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,

108

85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,

109

32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,

110

15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,

111

164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,

112

211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,

113

240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,

114

228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,

115

128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

116

};

117

118

static const unsigned char FSb3[256] =

119

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

120

56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,

121

145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,

122

67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,

123

83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,

124

197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,

125

239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,

126

10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,

127

127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,

128

85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,

129

8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,

130

195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,

131

41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,

132

244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,

133

60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,

134

57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,

135

32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

136

};

137

138

static const unsigned char FSb4[256] =

139

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

140

112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,

141

134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,

142

139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,

143

20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,

144

170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,

145

135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,

146

233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,

147

114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,

148

130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,

149

184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,

150

13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,

151

88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,

152

208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,

153

92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,

154

121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,

155

7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

156

};

157

158

#define SBOX1(n) FSb[(n)]

159

#define SBOX2(n) FSb2[(n)]

160

#define SBOX3(n) FSb3[(n)]

161

#define SBOX4(n) FSb4[(n)]

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

162

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

163

#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */

Paul Bakker

2009-01-12 22:12:03 +0000

[diff] [blame]

164

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

165

static const unsigned char shifts[2][4][4] =

166

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

167

{

168

{ 1, 1, 1, 1 }, /* KL */

169

{ 0, 0, 0, 0 }, /* KR */

170

{ 1, 1, 1, 1 }, /* KA */

171

{ 0, 0, 0, 0 } /* KB */

172

},

173

{

174

{ 1, 0, 1, 1 }, /* KL */

175

{ 1, 1, 0, 1 }, /* KR */

176

{ 1, 1, 1, 0 }, /* KA */

177

{ 1, 1, 0, 1 } /* KB */

178

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

179

};

180

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

181

static const signed char indexes[2][4][20] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

182

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

183

{

184

{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

185

36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

186

{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

187

-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */

188

{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

189

18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

190

{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

191

-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */

192

},

193

{

194

{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

195

-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

196

{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,

197

18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */

198

{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,

199

56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */

200

{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

201

22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

202

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

203

};

204

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

205

static const signed char transposes[2][20] =

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

206

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

{

21, 22, 23, 20,

-1, -1, -1, -1,

18, 19, 16, 17,

11, 8, 9, 10,

15, 12, 13, 14

},

{

25, 26, 27, 24,

29, 30, 31, 28,

18, 19, 16, 17,

-1, -1, -1, -1,

-1, -1, -1, -1

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

221

};

222

Paul Bakker

2009-01-11 21:36:43 +0000

[diff] [blame]

223

/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

224

#define ROTL(DEST, SRC, SHIFT) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

225

{ \

226

(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \

227

(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \

228

(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \

229

(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \

230

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

231

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

232

#define FL(XL, XR, KL, KR) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

233

{ \

234

(XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR); \

235

(XL) = ((XR) | (KR)) ^ (XL); \

236

}

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

237

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

238

#define FLInv(YL, YR, KL, KR) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

239

{ \

240

(YL) = ((YR) | (KR)) ^ (YL); \

241

(YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR); \

242

}

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

243

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

244

#define SHIFT_AND_PLACE(INDEX, OFFSET) \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

245

{ \

246

TK[0] = KC[(OFFSET) * 4 + 0]; \

247

TK[1] = KC[(OFFSET) * 4 + 1]; \

248

TK[2] = KC[(OFFSET) * 4 + 2]; \

249

TK[3] = KC[(OFFSET) * 4 + 3]; \

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

250

\

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

251

for (i = 1; i <= 4; i++) \

252

if (shifts[(INDEX)][(OFFSET)][i -1]) \

253

ROTL(TK + i * 4, TK, (15 * i) % 32); \

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

254

\

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

255

for (i = 0; i < 20; i++) \

256

if (indexes[(INDEX)][(OFFSET)][i] != -1) { \

257

RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \

Paul Bakker

66d5d07

2014-06-17 16:39:18 +0200

[diff] [blame]

258

} \

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

259

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

260

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

261

static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],

262

uint32_t z[2])

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

263

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

264

uint32_t I0, I1;

265

I0 = x[0] ^ k[0];

266

I1 = x[1] ^ k[1];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

267

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

268

I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) |

269

((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) |

270

((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) |

271

((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));

272

I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) |

273

((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) |

274

((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) |

275

((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

276

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

277

I0 ^= (I1 << 8) | (I1 >> 24);

278

I1 ^= (I0 << 16) | (I0 >> 16);

279

I0 ^= (I1 >> 8) | (I1 << 24);

280

I1 ^= (I0 >> 8) | (I0 << 24);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

281

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

282

z[0] ^= I1;

283

z[1] ^= I0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

284

}

285

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

286

void mbedtls_camellia_init(mbedtls_camellia_context *ctx)

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

287

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

288

memset(ctx, 0, sizeof(mbedtls_camellia_context));

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

289

}

290

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

291

void mbedtls_camellia_free(mbedtls_camellia_context *ctx)

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

292

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

293

if (ctx == NULL) {

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

294

return;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

295

}

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

296

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

297

mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

298

}

299

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

300

/*

301

* Camellia key schedule (encryption)

302

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

303

int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,

304

const unsigned char *key,

305

unsigned int keybits)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

306

{

Paul Bakker

23986e5

2011-04-24 08:57:21 +0000

[diff] [blame]

307

int idx;

308

size_t i;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

309

uint32_t *RK;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

310

unsigned char t[64];

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

311

uint32_t SIGMA[6][2];

312

uint32_t KC[16];

313

uint32_t TK[20];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

RK = ctx->rk;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

317

memset(t, 0, 64);

318

memset(RK, 0, sizeof(ctx->rk));

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

319

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

320

switch (keybits) {

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

321

case 128: ctx->nr = 3; idx = 0; break;

322

case 192:

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

323

case 256: ctx->nr = 4; idx = 1; break;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

324

default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

325

}

326

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

327

for (i = 0; i < keybits / 8; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

328

t[i] = key[i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

329

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

330

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

331

if (keybits == 192) {

332

for (i = 0; i < 8; i++) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

333

t[24 + i] = ~t[16 + i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

334

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

335

}

336

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

337

/*

338

* Prepare SIGMA values

339

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

340

for (i = 0; i < 6; i++) {

341

SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);

342

SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Key storage in KC

* Order: KL, KR, KA, KB

348

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

349

memset(KC, 0, sizeof(KC));

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

350

351

/* Store KL, KR */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

352

for (i = 0; i < 8; i++) {

353

KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);

354

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

355

356

/* Generate KA */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

357

for (i = 0; i < 4; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

358

KC[8 + i] = KC[i] ^ KC[4 + i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

359

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

360

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

361

camellia_feistel(KC + 8, SIGMA[0], KC + 10);

362

camellia_feistel(KC + 10, SIGMA[1], KC + 8);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

363

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

364

for (i = 0; i < 4; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

365

KC[8 + i] ^= KC[i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

366

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

367

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

368

camellia_feistel(KC + 8, SIGMA[2], KC + 10);

369

camellia_feistel(KC + 10, SIGMA[3], KC + 8);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

370

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

371

if (keybits > 128) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

372

/* Generate KB */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

373

for (i = 0; i < 4; ++i) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

374

KC[12 + i] = KC[4 + i] ^ KC[8 + i];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

375

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

376

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

377

camellia_feistel(KC + 12, SIGMA[4], KC + 14);

378

camellia_feistel(KC + 14, SIGMA[5], KC + 12);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Generating subkeys

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

383

*/

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

384

385

/* Manipulating KL */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

386

SHIFT_AND_PLACE(idx, 0);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

387

388

/* Manipulating KR */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

389

if (keybits > 128) {

390

SHIFT_AND_PLACE(idx, 1);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

391

}

392

393

/* Manipulating KA */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

394

SHIFT_AND_PLACE(idx, 2);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

395

396

/* Manipulating KB */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

397

if (keybits > 128) {

398

SHIFT_AND_PLACE(idx, 3);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

399

}

400

401

/* Do transpositions */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

402

for (i = 0; i < 20; i++) {

403

if (transposes[idx][i] != -1) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

404

RK[32 + 12 * idx + i] = RK[transposes[idx][i]];

405

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

406

}

Paul Bakker

2b222c8

2009-07-27 21:03:45 +0000

[diff] [blame]

407

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

408

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

/*

* Camellia key schedule (decryption)

413

*/

Yanray Wang

2023-10-31 17:10:32 +0800

[diff] [blame^]

414

#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

415

int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,

416

const unsigned char *key,

417

unsigned int keybits)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

418

{

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

419

int idx, ret;

Paul Bakker

23986e5

2011-04-24 08:57:21 +0000

[diff] [blame]

420

size_t i;

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

421

mbedtls_camellia_context cty;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

422

uint32_t *RK;

423

uint32_t *SK;

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

424

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

425

mbedtls_camellia_init(&cty);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

426

Manuel Pégourié-Gonnard

b8186a5

2015-06-18 14:58:58 +0200

[diff] [blame]

427

/* Also checks keybits */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

428

if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

429

goto exit;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

430

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

431

Manuel Pégourié-Gonnard

3ac6a2b

2014-05-28 22:04:25 +0200

[diff] [blame]

432

ctx->nr = cty.nr;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

433

idx = (ctx->nr == 4);

Manuel Pégourié-Gonnard

3ac6a2b

2014-05-28 22:04:25 +0200

[diff] [blame]

434

435

RK = ctx->rk;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

436

SK = cty.rk + 24 * 2 + 8 * idx * 2;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

443

for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

444

*RK++ = *SK++;

445

*RK++ = *SK++;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

SK -= 2;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

*RK++ = *SK++;

Paul Bakker

2014-06-18 11:12:03 +0200

[diff] [blame]

455

exit:

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

456

mbedtls_camellia_free(&cty);

Paul Bakker

2b222c8

2009-07-27 21:03:45 +0000

[diff] [blame]

457

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

458

return ret;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

459

}

Yanray Wang

2023-10-31 17:10:32 +0800

[diff] [blame^]

460

#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

461

462

/*

463

* Camellia-ECB block encryption/decryption

464

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

465

int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,

466

int mode,

467

const unsigned char input[16],

468

unsigned char output[16])

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

469

{

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

470

int NR;

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

471

uint32_t *RK, X[4];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

472

if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {

Tuvshinzaya Erdenekhuu

1fd7f98

2022-08-05 15:31:57 +0100

[diff] [blame]

473

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

474

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

475

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

476

((void) mode);

Paul Bakker

c2547b0

2009-07-20 20:40:52 +0000

[diff] [blame]

477

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

NR = ctx->nr;

RK = ctx->rk;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

481

X[0] = MBEDTLS_GET_UINT32_BE(input, 0);

482

X[1] = MBEDTLS_GET_UINT32_BE(input, 4);

483

X[2] = MBEDTLS_GET_UINT32_BE(input, 8);

484

X[3] = MBEDTLS_GET_UINT32_BE(input, 12);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

X[0] ^= *RK++;

X[1] ^= *RK++;

X[2] ^= *RK++;

X[3] ^= *RK++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

491

while (NR) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

492

--NR;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

493

camellia_feistel(X, RK, X + 2);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

494

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

495

camellia_feistel(X + 2, RK, X);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

496

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

497

camellia_feistel(X, RK, X + 2);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

498

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

499

camellia_feistel(X + 2, RK, X);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

500

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

501

camellia_feistel(X, RK, X + 2);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

502

RK += 2;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

503

camellia_feistel(X + 2, RK, X);

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

504

RK += 2;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

505

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

506

if (NR) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

507

FL(X[0], X[1], RK[0], RK[1]);

508

RK += 2;

509

FLInv(X[2], X[3], RK[0], RK[1]);

510

RK += 2;

511

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

X[2] ^= *RK++;

X[3] ^= *RK++;

X[0] ^= *RK++;

X[1] ^= *RK++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

519

MBEDTLS_PUT_UINT32_BE(X[2], output, 0);

520

MBEDTLS_PUT_UINT32_BE(X[3], output, 4);

521

MBEDTLS_PUT_UINT32_BE(X[0], output, 8);

522

MBEDTLS_PUT_UINT32_BE(X[1], output, 12);

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

523

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

524

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

525

}

526

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

527

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

528

/*

529

* Camellia-CBC buffer encryption/decryption

530

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

531

int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,

532

int mode,

533

size_t length,

534

unsigned char iv[16],

535

const unsigned char *input,

536

unsigned char *output)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

537

{

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

538

unsigned char temp[16];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

539

if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {

Tuvshinzaya Erdenekhuu

1fd7f98

2022-08-05 15:31:57 +0100

[diff] [blame]

540

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

541

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

542

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

543

if (length % 16) {

544

return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;

545

}

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

546

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

547

if (mode == MBEDTLS_CAMELLIA_DECRYPT) {

548

while (length > 0) {

549

memcpy(temp, input, 16);

550

mbedtls_camellia_crypt_ecb(ctx, mode, input, output);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

551

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

552

mbedtls_xor(output, output, iv, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

553

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

554

memcpy(iv, temp, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

input += 16;

output += 16;

length -= 16;

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

560

} else {

561

while (length > 0) {

562

mbedtls_xor(output, input, iv, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

563

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

564

mbedtls_camellia_crypt_ecb(ctx, mode, output, output);

565

memcpy(iv, output, 16);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

input += 16;

output += 16;

length -= 16;

}

}

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

572

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

573

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

574

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

575

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

576

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

577

#if defined(MBEDTLS_CIPHER_MODE_CFB)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

578

/*

579

* Camellia-CFB128 buffer encryption/decryption

580

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

581

int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,

int mode,

size_t length,

size_t *iv_off,

unsigned char iv[16],

586

const unsigned char *input,

587

unsigned char *output)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

588

{

Paul Bakker

1ef71df

2011-06-09 14:14:58 +0000

[diff] [blame]

589

int c;

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

590

size_t n;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

591

if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {

Tuvshinzaya Erdenekhuu

1fd7f98

2022-08-05 15:31:57 +0100

[diff] [blame]

592

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

593

}

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

594

595

n = *iv_off;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

596

if (n >= 16) {

597

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

598

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

599

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

600

if (mode == MBEDTLS_CAMELLIA_DECRYPT) {

601

while (length--) {

602

if (n == 0) {

603

mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);

604

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

605

606

c = *input++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

607

*output++ = (unsigned char) (c ^ iv[n]);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

608

iv[n] = (unsigned char) c;

609

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

610

n = (n + 1) & 0x0F;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

611

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

} else {

while (length--) {

if (n == 0) {

mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);

616

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

617

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

618

iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

619

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

620

n = (n + 1) & 0x0F;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

}

}

*iv_off = n;

Paul Bakker

2010-03-18 21:21:02 +0000

[diff] [blame]

625

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

626

return 0;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

627

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

628

#endif /* MBEDTLS_CIPHER_MODE_CFB */

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

629

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

630

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

631

/*

632

* Camellia-CTR buffer encryption/decryption

633

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

634

int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,

635

size_t length,

636

size_t *nc_off,

637

unsigned char nonce_counter[16],

638

unsigned char stream_block[16],

639

const unsigned char *input,

640

unsigned char *output)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

641

{

Paul Bakker

369e14b

2012-04-18 14:16:09 +0000

[diff] [blame]

642

int c, i;

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

643

size_t n;

Andrzej Kurek

2019-01-31 08:20:20 -0500

[diff] [blame]

644

645

n = *nc_off;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

646

if (n >= 16) {

647

return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;

648

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

649

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

650

while (length--) {

651

if (n == 0) {

652

mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,

653

stream_block);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

654

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

655

for (i = 16; i > 0; i--) {

656

if (++nonce_counter[i - 1] != 0) {

Paul Bakker

369e14b

2012-04-18 14:16:09 +0000

[diff] [blame]

657

break;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

658

}

659

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

660

}

661

c = *input++;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

662

*output++ = (unsigned char) (c ^ stream_block[n]);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

663

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

664

n = (n + 1) & 0x0F;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

}

*nc_off = n;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

669

return 0;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

670

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

671

#endif /* MBEDTLS_CIPHER_MODE_CTR */

672

#endif /* !MBEDTLS_CAMELLIA_ALT */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

673

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

674

#if defined(MBEDTLS_SELF_TEST)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

675

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

676

/*

677

* Camellia test vectors from:

678

*

679

* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:

680

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt

681

* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

682

* (For each bitlength: Key 0, Nr 39)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

683

*/

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

684

#define CAMELLIA_TESTS_ECB 2

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

685

686

static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =

687

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

688

{

689

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

690

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

691

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

692

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

693

},

694

{

695

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

696

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,

697

0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

698

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

699

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

700

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

701

},

702

{

703

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

704

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,

705

0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,

706

0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

707

{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

708

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

709

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

710

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

711

},

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

712

};

713

714

static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =

715

{

716

{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,

717

0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },

Paul Bakker

2014-05-01 13:03:14 +0200

[diff] [blame]

718

{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

719

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }

720

};

721

722

static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =

723

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

724

{

725

{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,

726

0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },

727

{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,

728

0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }

729

},

730

{

731

{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,

732

0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },

733

{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,

734

0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }

735

},

736

{

737

{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,

738

0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },

739

{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,

740

0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }

741

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

742

};

743

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

744

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

745

#define CAMELLIA_TESTS_CBC 3

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

746

747

static const unsigned char camellia_test_cbc_key[3][32] =

748

{

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

749

{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,

750

0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

751

,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

752

{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,

753

0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,

754

0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

755

,

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

756

{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,

757

0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,

758

0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,

759

0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

760

};

761

762

static const unsigned char camellia_test_cbc_iv[16] =

763

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

764

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

765

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

766

;

767

768

static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =

769

{

770

{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,

771

0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },

772

{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,

773

0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },

774

{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,

775

0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }

};

static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =

780

{

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

781

{

782

{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,

783

0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },

784

{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,

785

0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },

786

{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,

787

0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }

788

},

789

{

790

{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,

791

0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },

792

{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,

793

0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },

794

{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,

795

0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }

796

},

797

{

798

{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,

799

0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },

800

{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,

801

0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },

802

{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,

803

0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }

804

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

805

};

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

806

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

807

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

808

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

809

/*

810

* Camellia-CTR test vectors from:

811

*

812

* http://www.faqs.org/rfcs/rfc5528.html

813

*/

814

815

static const unsigned char camellia_test_ctr_key[3][16] =

816

{

817

{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,

818

0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },

819

{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,

820

0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },

821

{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,

822

0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }

823

};

824

825

static const unsigned char camellia_test_ctr_nonce_counter[3][16] =

826

{

827

{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,

828

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },

829

{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,

830

0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },

831

{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,

832

0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }

833

};

834

835

static const unsigned char camellia_test_ctr_pt[3][48] =

836

{

837

{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,

838

0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },

839

840

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

841

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,

842

0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

843

0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },

844

845

{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

846

0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,

847

0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

848

0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,

849

0x20, 0x21, 0x22, 0x23 }

850

};

851

852

static const unsigned char camellia_test_ctr_ct[3][48] =

853

{

854

{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,

855

0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },

856

{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,

857

0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,

858

0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,

859

0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },

860

{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,

861

0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,

862

0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,

863

0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,

864

0xDF, 0x50, 0x86, 0x96 }

865

};

866

867

static const int camellia_test_ctr_len[3] =

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

868

{ 16, 32, 36 };

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

869

#endif /* MBEDTLS_CIPHER_MODE_CTR */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

/*

* Checkup routine

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

874

int mbedtls_camellia_self_test(int verbose)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

875

{

Paul Bakker

2009-03-28 17:53:03 +0000

[diff] [blame]

876

int i, j, u, v;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

877

unsigned char key[32];

878

unsigned char buf[64];

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

879

unsigned char src[16];

880

unsigned char dst[16];

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

881

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

882

unsigned char iv[16];

Manuel Pégourié-Gonnard

92cb1d3

2013-09-13 16:24:20 +0200

[diff] [blame]

883

#endif

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

884

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

1ef71df

2011-06-09 14:14:58 +0000

[diff] [blame]

885

size_t offset, len;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

886

unsigned char nonce_counter[16];

887

unsigned char stream_block[16];

888

#endif

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

889

int ret = 1;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

890

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

891

mbedtls_camellia_context ctx;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

892

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

893

mbedtls_camellia_init(&ctx);

894

memset(key, 0, 32);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

895

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

896

for (j = 0; j < 6; j++) {

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

897

u = j >> 1;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

898

v = j & 1;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

899

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

900

if (verbose != 0) {

901

mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,

902

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

903

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

904

Yanray Wang

2023-10-31 17:10:32 +0800

[diff] [blame^]

905

#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)

Yanray Wang

9141ad1

2023-08-24 14:53:16 +0800

[diff] [blame]

906

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

907

if (verbose != 0) {

908

mbedtls_printf("skipped\n");

}

continue;

}

#endif

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

914

for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {

915

memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

916

Yanray Wang

2023-10-31 17:10:32 +0800

[diff] [blame^]

917

#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

918

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

919

mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);

920

memcpy(src, camellia_test_ecb_cipher[u][i], 16);

921

memcpy(dst, camellia_test_ecb_plain[i], 16);

Yanray Wang

9141ad1

2023-08-24 14:53:16 +0800

[diff] [blame]

922

} else

923

#endif

924

{ /* MBEDTLS_CAMELLIA_ENCRYPT */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

925

mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);

926

memcpy(src, camellia_test_ecb_plain[i], 16);

927

memcpy(dst, camellia_test_ecb_cipher[u][i], 16);

928

}

929

930

mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);

931

932

if (memcmp(buf, dst, 16) != 0) {

933

if (verbose != 0) {

934

mbedtls_printf("failed\n");

}

goto exit;

}

}

if (verbose != 0) {

mbedtls_printf("passed\n");

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

942

}

943

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

944

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

945

if (verbose != 0) {

946

mbedtls_printf("\n");

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

947

}

948

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

949

#if defined(MBEDTLS_CIPHER_MODE_CBC)

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

950

/*

951

* CBC mode

952

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

953

for (j = 0; j < 6; j++) {

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

u = j >> 1;

v = j & 1;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

957

if (verbose != 0) {

958

mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,

959

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

960

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

961

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

962

memcpy(src, camellia_test_cbc_iv, 16);

963

memcpy(dst, camellia_test_cbc_iv, 16);

964

memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

965

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

966

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

967

mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);

968

} else {

969

mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);

970

}

971

972

for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {

973

974

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

975

memcpy(iv, src, 16);

976

memcpy(src, camellia_test_cbc_cipher[u][i], 16);

977

memcpy(dst, camellia_test_cbc_plain[i], 16);

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

978

} else { /* MBEDTLS_CAMELLIA_ENCRYPT */

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

979

memcpy(iv, dst, 16);

980

memcpy(src, camellia_test_cbc_plain[i], 16);

981

memcpy(dst, camellia_test_cbc_cipher[u][i], 16);

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

982

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

983

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

984

mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

985

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

986

if (memcmp(buf, dst, 16) != 0) {

987

if (verbose != 0) {

988

mbedtls_printf("failed\n");

989

}

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

990

goto exit;

Janos Follath

2016-05-31 14:03:54 +0100

[diff] [blame]

991

}

Paul Bakker

2009-05-03 13:09:15 +0000

[diff] [blame]

992

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

993

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

994

if (verbose != 0) {

995

mbedtls_printf("passed\n");

996

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

997

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

998

#endif /* MBEDTLS_CIPHER_MODE_CBC */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

999

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1000

if (verbose != 0) {

1001

mbedtls_printf("\n");

1002

}

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1003

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1004

#if defined(MBEDTLS_CIPHER_MODE_CTR)

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1005

/*

1006

* CTR mode

1007

*/

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1008

for (i = 0; i < 6; i++) {

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

u = i >> 1;

v = i & 1;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1012

if (verbose != 0) {

1013

mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",

1014

(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");

1015

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1016

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1017

memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);

1018

memcpy(key, camellia_test_ctr_key[u], 16);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1019

1020

offset = 0;

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1021

mbedtls_camellia_setkey_enc(&ctx, key, 128);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1022

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1023

if (v == MBEDTLS_CAMELLIA_DECRYPT) {

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1024

len = camellia_test_ctr_len[u];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1025

memcpy(buf, camellia_test_ctr_ct[u], len);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1026

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1027

mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,

1028

buf, buf);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1029

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1030

if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {

1031

if (verbose != 0) {

1032

mbedtls_printf("failed\n");

1033

}

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

1034

goto exit;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1035

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1036

} else {

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1037

len = camellia_test_ctr_len[u];

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1038

memcpy(buf, camellia_test_ctr_pt[u], len);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1039

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1040

mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,

1041

buf, buf);

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1042

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1043

if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {

1044

if (verbose != 0) {

1045

mbedtls_printf("failed\n");

1046

}

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

1047

goto exit;

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

}

}

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1051

if (verbose != 0) {

1052

mbedtls_printf("passed\n");

1053

}

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1054

}

1055

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1056

if (verbose != 0) {

1057

mbedtls_printf("\n");

1058

}

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1059

#endif /* MBEDTLS_CIPHER_MODE_CTR */

Paul Bakker

2011-04-19 14:29:23 +0000

[diff] [blame]

1060

Gilles Peskine

2021-05-25 09:17:46 +0200

[diff] [blame]

1061

ret = 0;

1062

1063

exit:

Gilles Peskine

2023-01-11 14:50:10 +0100

[diff] [blame]

1064

mbedtls_camellia_free(&ctx);

1065

return ret;

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1066

}

1067

Manuel Pégourié-Gonnard

2015-04-08 12:49:31 +0200

[diff] [blame]

1068

#endif /* MBEDTLS_SELF_TEST */

Paul Bakker

2009-01-10 23:31:23 +0000

[diff] [blame]

1069

Manuel Pégourié-Gonnard