TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d23399eb699f2533f62779ac629b943c99a4c479 / . / library / camellia.c
blob: 6e781c72b81e507a33e2edc47dcc507d88da9790 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]18 */
19/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]20 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
21 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]22 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]23 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]24 */
25
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]26#include "common.h"
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if defined(MBEDTLS_CAMELLIA_C)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]29
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]30#include "mbedtls/camellia.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]31#include "mbedtls/platform_util.h"
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]32
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]33#include <string.h>
Manuel Pégourié-Gonnard394608e2015-02-17 16:01:07 +0100[diff] [blame]34
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]36
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#if !defined(MBEDTLS_CAMELLIA_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]38
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]39static const unsigned char SIGMA_CHARS[6][8] =
40{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]41 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
42 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
43 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
44 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
45 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
46 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]47};
48
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]49#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]50
51static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]52{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]53 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
54 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
55 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
56 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
57 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
58 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
59 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
60 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
61 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
62 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
63 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
64 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
65 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
66 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
67 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
68 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]69};
70
71#define SBOX1(n) FSb[(n)]
72#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
73#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]74#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
75
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]77
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]78static const unsigned char FSb[256] =
79{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]80 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
81 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
82 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
83 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
84 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
85 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
86 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
87 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
88 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
89 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
90 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
91 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
92 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
93 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
94 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
95 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]96};
97
98static const unsigned char FSb2[256] =
99{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]100 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
101 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
102 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
103 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
104 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
105 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
106 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
107 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
108 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
109 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
110 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
111 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
112 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
113 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
114 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
115 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]116};
117
118static const unsigned char FSb3[256] =
119{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]120 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
121 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
122 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
123 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
124 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
125 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
126 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
127 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
128 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
129 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
130 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
131 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
132 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
133 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
134 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
135 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]136};
137
138static const unsigned char FSb4[256] =
139{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]140 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
141 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
142 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
143 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
144 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
145 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
146 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
147 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
148 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
149 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
150 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
151 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
152 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
153 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
154 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
155 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]156};
157
158#define SBOX1(n) FSb[(n)]
159#define SBOX2(n) FSb2[(n)]
160#define SBOX3(n) FSb3[(n)]
161#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]162
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]163#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]164
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]165static const unsigned char shifts[2][4][4] =
166{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]167 {
168 { 1, 1, 1, 1 }, /* KL */
169 { 0, 0, 0, 0 }, /* KR */
170 { 1, 1, 1, 1 }, /* KA */
171 { 0, 0, 0, 0 } /* KB */
172 },
173 {
174 { 1, 0, 1, 1 }, /* KL */
175 { 1, 1, 0, 1 }, /* KR */
176 { 1, 1, 1, 0 }, /* KA */
177 { 1, 1, 0, 1 } /* KB */
178 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]179};
180
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]181static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]182{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]183 {
184 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
185 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
186 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
187 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
188 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
189 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
190 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
191 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
192 },
193 {
194 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
195 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
196 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
197 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
198 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
199 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
200 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
201 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
202 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]203};
204
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]205static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]206{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]207 {
208 21, 22, 23, 20,
209 -1, -1, -1, -1,
210 18, 19, 16, 17,
211 11, 8, 9, 10,
212 15, 12, 13, 14
213 },
214 {
215 25, 26, 27, 24,
216 29, 30, 31, 28,
217 18, 19, 16, 17,
218 -1, -1, -1, -1,
219 -1, -1, -1, -1
220 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]221};
222
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]223/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]224#define ROTL(DEST, SRC, SHIFT) \
225{ \
226 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
227 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
228 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
229 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]230}
231
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]232#define FL(XL, XR, KL, KR) \
233{ \
234 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
235 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]236}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]237
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]238#define FLInv(YL, YR, KL, KR) \
239{ \
240 (YL) = ((YR) | (KR)) ^ (YL); \
241 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]242}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]243
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]244#define SHIFT_AND_PLACE(INDEX, OFFSET) \
245{ \
246 TK[0] = KC[(OFFSET) * 4 + 0]; \
247 TK[1] = KC[(OFFSET) * 4 + 1]; \
248 TK[2] = KC[(OFFSET) * 4 + 2]; \
249 TK[3] = KC[(OFFSET) * 4 + 3]; \
250 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]251 for( i = 1; i <= 4; i++ ) \
252 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
253 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]254 \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]255 for( i = 0; i < 20; i++ ) \
256 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
257 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
258 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]259}
260
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]261static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
262 uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]263{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]264 uint32_t I0, I1;
265 I0 = x[0] ^ k[0];
266 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]267
Joe Subbianicd84d762021-07-08 14:59:52 +0100[diff] [blame]268 I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
269 ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
270 ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) << 8) |
271 ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 )) );
272 I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
273 ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
274 ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) << 8) |
275 ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 )) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]276
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]277 I0 ^= (I1 << 8) | (I1 >> 24);
278 I1 ^= (I0 << 16) | (I0 >> 16);
279 I0 ^= (I1 >> 8) | (I1 << 24);
280 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]281
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]282 z[0] ^= I1;
283 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]284}
285
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]286void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]287{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]288 memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]289}
290
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]291void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]292{
293 if( ctx == NULL )
294 return;
295
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]296 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]297}
298
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]299/*
300 * Camellia key schedule (encryption)
301 */
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]302int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
303 const unsigned char *key,
304 unsigned int keybits )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]305{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]306 int idx;
307 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]308 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]309 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]310 uint32_t SIGMA[6][2];
311 uint32_t KC[16];
312 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]313
314 RK = ctx->rk;
315
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]316 memset( t, 0, 64 );
317 memset( RK, 0, sizeof(ctx->rk) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]318
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]319 switch( keybits )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]320 {
321 case 128: ctx->nr = 3; idx = 0; break;
322 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]323 case 256: ctx->nr = 4; idx = 1; break;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]324 default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]325 }
326
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]327 for( i = 0; i < keybits / 8; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]328 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]329
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]330 if( keybits == 192 ) {
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]331 for( i = 0; i < 8; i++ )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]332 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]333 }
334
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]335 /*
336 * Prepare SIGMA values
337 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]338 for( i = 0; i < 6; i++ ) {
Joe Subbiani6a506312021-07-07 16:56:29 +0100[diff] [blame]339 SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
340 SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]341 }
342
343 /*
344 * Key storage in KC
345 * Order: KL, KR, KA, KB
346 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]347 memset( KC, 0, sizeof(KC) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]348
349 /* Store KL, KR */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]350 for( i = 0; i < 8; i++ )
Joe Subbiani6a506312021-07-07 16:56:29 +0100[diff] [blame]351 KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]352
353 /* Generate KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]354 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]355 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]356
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]357 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
358 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]359
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]360 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]361 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]362
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]363 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
364 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]365
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]366 if( keybits > 128 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]367 /* Generate KB */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]368 for( i = 0; i < 4; ++i )
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]369 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]370
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]371 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
372 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]373 }
374
375 /*
376 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]377 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]378
379 /* Manipulating KL */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]380 SHIFT_AND_PLACE( idx, 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]381
382 /* Manipulating KR */
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]383 if( keybits > 128 ) {
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]384 SHIFT_AND_PLACE( idx, 1 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]385 }
386
387 /* Manipulating KA */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]388 SHIFT_AND_PLACE( idx, 2 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]389
390 /* Manipulating KB */
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]391 if( keybits > 128 ) {
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]392 SHIFT_AND_PLACE( idx, 3 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]393 }
394
395 /* Do transpositions */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]396 for( i = 0; i < 20; i++ ) {
397 if( transposes[idx][i] != -1 ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]398 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
399 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]400 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]401
402 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]403}
404
405/*
406 * Camellia key schedule (decryption)
407 */
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]408int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
409 const unsigned char *key,
410 unsigned int keybits )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]411{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]412 int idx, ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]413 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 mbedtls_camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]415 uint32_t *RK;
416 uint32_t *SK;
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]417
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]418 mbedtls_camellia_init( &cty );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]419
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]420 /* Also checks keybits */
421 if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]422 goto exit;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]423
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]424 ctx->nr = cty.nr;
425 idx = ( ctx->nr == 4 );
426
427 RK = ctx->rk;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]428 SK = cty.rk + 24 * 2 + 8 * idx * 2;
429
430 *RK++ = *SK++;
431 *RK++ = *SK++;
432 *RK++ = *SK++;
433 *RK++ = *SK++;
434
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]435 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]436 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]437 *RK++ = *SK++;
438 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]439 }
440
441 SK -= 2;
442
443 *RK++ = *SK++;
444 *RK++ = *SK++;
445 *RK++ = *SK++;
446 *RK++ = *SK++;
447
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]448exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]449 mbedtls_camellia_free( &cty );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]450
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]451 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]452}
453
454/*
455 * Camellia-ECB block encryption/decryption
456 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]457int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]458 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]459 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]460 unsigned char output[16] )
461{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]462 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]463 uint32_t *RK, X[4];
Tuvshinzaya Erdenekhuu1fd7f982022-08-05 15:31:57 +0100[diff] [blame]464 if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
465 return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]466
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]467 ( (void) mode );
468
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]469 NR = ctx->nr;
470 RK = ctx->rk;
471
Joe Subbiani6a506312021-07-07 16:56:29 +0100[diff] [blame]472 X[0] = MBEDTLS_GET_UINT32_BE( input, 0 );
473 X[1] = MBEDTLS_GET_UINT32_BE( input, 4 );
474 X[2] = MBEDTLS_GET_UINT32_BE( input, 8 );
475 X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]476
477 X[0] ^= *RK++;
478 X[1] ^= *RK++;
479 X[2] ^= *RK++;
480 X[3] ^= *RK++;
481
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]482 while( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]483 --NR;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]484 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]485 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]486 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]487 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]488 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]489 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]490 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]491 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]492 camellia_feistel( X, RK, X + 2 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]493 RK += 2;
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]494 camellia_feistel( X + 2, RK, X );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]495 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]496
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]497 if( NR ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]498 FL(X[0], X[1], RK[0], RK[1]);
499 RK += 2;
500 FLInv(X[2], X[3], RK[0], RK[1]);
501 RK += 2;
502 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]503 }
504
505 X[2] ^= *RK++;
506 X[3] ^= *RK++;
507 X[0] ^= *RK++;
508 X[1] ^= *RK++;
509
Joe Subbiani5ecac212021-06-24 13:00:03 +0100[diff] [blame]510 MBEDTLS_PUT_UINT32_BE( X[2], output, 0 );
511 MBEDTLS_PUT_UINT32_BE( X[3], output, 4 );
512 MBEDTLS_PUT_UINT32_BE( X[0], output, 8 );
513 MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]514
515 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]516}
517
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]518#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]519/*
520 * Camellia-CBC buffer encryption/decryption
521 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]522int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]523 int mode,
524 size_t length,
525 unsigned char iv[16],
526 const unsigned char *input,
527 unsigned char *output )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]528{
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]529 unsigned char temp[16];
Tuvshinzaya Erdenekhuu1fd7f982022-08-05 15:31:57 +0100[diff] [blame]530 if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
531 return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]532
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]533 if( length % 16 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534 return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]535
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]536 if( mode == MBEDTLS_CAMELLIA_DECRYPT )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]537 {
538 while( length > 0 )
539 {
540 memcpy( temp, input, 16 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]541 mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]542
Dave Rodgmand23399e2022-11-22 16:23:11 +0000[diff] [blame^]543 mbedtls_xor( output, output, iv, 16 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]544
545 memcpy( iv, temp, 16 );
546
547 input += 16;
548 output += 16;
549 length -= 16;
550 }
551 }
552 else
553 {
554 while( length > 0 )
555 {
Dave Rodgmand23399e2022-11-22 16:23:11 +0000[diff] [blame^]556 mbedtls_xor( output, input, iv, 16 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]557
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]559 memcpy( iv, output, 16 );
560
561 input += 16;
562 output += 16;
563 length -= 16;
564 }
565 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]566
567 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]568}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]569#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]570
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]571#if defined(MBEDTLS_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]572/*
573 * Camellia-CFB128 buffer encryption/decryption
574 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]575int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]576 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]577 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]578 size_t *iv_off,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]579 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]580 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]581 unsigned char *output )
582{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]583 int c;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]584 size_t n;
Tuvshinzaya Erdenekhuu1fd7f982022-08-05 15:31:57 +0100[diff] [blame]585 if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
586 return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]587
588 n = *iv_off;
589 if( n >= 16 )
590 return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]591
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]592 if( mode == MBEDTLS_CAMELLIA_DECRYPT )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]593 {
594 while( length-- )
595 {
596 if( n == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]597 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]598
599 c = *input++;
600 *output++ = (unsigned char)( c ^ iv[n] );
601 iv[n] = (unsigned char) c;
602
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]603 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]604 }
605 }
606 else
607 {
608 while( length-- )
609 {
610 if( n == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]611 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]612
613 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
614
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]615 n = ( n + 1 ) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]616 }
617 }
618
619 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]620
621 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]622}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]623#endif /* MBEDTLS_CIPHER_MODE_CFB */
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]624
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]625#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]626/*
627 * Camellia-CTR buffer encryption/decryption
628 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]629int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]630 size_t length,
631 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]632 unsigned char nonce_counter[16],
633 unsigned char stream_block[16],
634 const unsigned char *input,
635 unsigned char *output )
636{
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]637 int c, i;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]638 size_t n;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]639
640 n = *nc_off;
641 if( n >= 16 )
642 return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]643
644 while( length-- )
645 {
646 if( n == 0 ) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]647 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]648 stream_block );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]649
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]650 for( i = 16; i > 0; i-- )
651 if( ++nonce_counter[i - 1] != 0 )
652 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]653 }
654 c = *input++;
655 *output++ = (unsigned char)( c ^ stream_block[n] );
656
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]657 n = ( n + 1 ) & 0x0F;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]658 }
659
660 *nc_off = n;
661
662 return( 0 );
663}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]664#endif /* MBEDTLS_CIPHER_MODE_CTR */
665#endif /* !MBEDTLS_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]666
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]667#if defined(MBEDTLS_SELF_TEST)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]668
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]669/*
670 * Camellia test vectors from:
671 *
672 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
673 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
674 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]675 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]676 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]677#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]678
679static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
680{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]681 {
682 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
683 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]684 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]685 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
686 },
687 {
688 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
689 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
690 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]691 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]692 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
693 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
694 },
695 {
696 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
697 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
698 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
699 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]700 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]701 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
702 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
703 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
704 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]705};
706
707static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
708{
709 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
710 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]711 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]712 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
713};
714
715static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
716{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]717 {
718 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
719 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
720 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
721 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
722 },
723 {
724 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
725 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
726 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
727 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
728 },
729 {
730 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
731 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
732 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
733 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
734 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]735};
736
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]737#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]738#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]739
740static const unsigned char camellia_test_cbc_key[3][32] =
741{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]742 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
743 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
744 ,
745 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
746 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
747 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
748 ,
749 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
750 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
751 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
752 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]753};
754
755static const unsigned char camellia_test_cbc_iv[16] =
756
757 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
758 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
759;
760
761static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
762{
763 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
764 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
765 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
766 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
767 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
768 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
769
770};
771
772static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
773{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]774 {
775 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
776 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
777 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
778 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
779 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
780 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
781 },
782 {
783 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
784 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
785 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
786 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
787 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
788 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
789 },
790 {
791 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
792 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
793 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
794 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
795 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
796 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
797 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]798};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]799#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]800
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]801#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]802/*
803 * Camellia-CTR test vectors from:
804 *
805 * http://www.faqs.org/rfcs/rfc5528.html
806 */
807
808static const unsigned char camellia_test_ctr_key[3][16] =
809{
810 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
811 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
812 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
813 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
814 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
815 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
816};
817
818static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
819{
820 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
821 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
822 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
823 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
824 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
825 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
826};
827
828static const unsigned char camellia_test_ctr_pt[3][48] =
829{
830 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
831 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
832
833 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
837
838 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
842 0x20, 0x21, 0x22, 0x23 }
843};
844
845static const unsigned char camellia_test_ctr_ct[3][48] =
846{
847 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
848 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
849 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
850 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
851 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
852 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
853 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
854 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
855 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
856 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
857 0xDF, 0x50, 0x86, 0x96 }
858};
859
860static const int camellia_test_ctr_len[3] =
861 { 16, 32, 36 };
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]862#endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]863
864/*
865 * Checkup routine
866 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]867int mbedtls_camellia_self_test( int verbose )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]868{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]869 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]870 unsigned char key[32];
871 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]872 unsigned char src[16];
873 unsigned char dst[16];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]874#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]875 unsigned char iv[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]876#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]877#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]878 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]879 unsigned char nonce_counter[16];
880 unsigned char stream_block[16];
881#endif
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]882 int ret = 1;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]883
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]884 mbedtls_camellia_context ctx;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]885
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]886 mbedtls_camellia_init( &ctx );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]887 memset( key, 0, 32 );
888
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]889 for( j = 0; j < 6; j++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]890 u = j >> 1;
891 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]892
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]893 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]894 mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
895 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]896
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]897 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
898 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]899
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]900 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
901 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]902 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
903 memcpy( dst, camellia_test_ecb_plain[i], 16 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]904 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
905 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]906 memcpy( src, camellia_test_ecb_plain[i], 16 );
907 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]908 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]909
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]910 mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]911
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]912 if( memcmp( buf, dst, 16 ) != 0 )
913 {
914 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]915 mbedtls_printf( "failed\n" );
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]916 goto exit;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]917 }
918 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]919
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]920 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]921 mbedtls_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]922 }
923
924 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]925 mbedtls_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]926
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]927#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]928 /*
929 * CBC mode
930 */
931 for( j = 0; j < 6; j++ )
932 {
933 u = j >> 1;
934 v = j & 1;
935
936 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]937 mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
938 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]939
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]940 memcpy( src, camellia_test_cbc_iv, 16 );
941 memcpy( dst, camellia_test_cbc_iv, 16 );
942 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]943
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]944 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]945 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
946 } else {
947 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]948 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]949
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]950 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]951
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]952 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
953 memcpy( iv , src, 16 );
954 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
955 memcpy( dst, camellia_test_cbc_plain[i], 16 );
956 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
957 memcpy( iv , dst, 16 );
958 memcpy( src, camellia_test_cbc_plain[i], 16 );
959 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
960 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]961
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]962 mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
963
964 if( memcmp( buf, dst, 16 ) != 0 )
965 {
966 if( verbose != 0 )
967 mbedtls_printf( "failed\n" );
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]968 goto exit;
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]969 }
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]970 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]971
972 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]973 mbedtls_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]974 }
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]975#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]976
977 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]978 mbedtls_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]979
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]980#if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]981 /*
982 * CTR mode
983 */
984 for( i = 0; i < 6; i++ )
985 {
986 u = i >> 1;
987 v = i & 1;
988
989 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]990 mbedtls_printf( " CAMELLIA-CTR-128 (%s): ",
991 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]992
993 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
994 memcpy( key, camellia_test_ctr_key[u], 16 );
995
996 offset = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]997 mbedtls_camellia_setkey_enc( &ctx, key, 128 );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]998
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]999 if( v == MBEDTLS_CAMELLIA_DECRYPT )
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1000 {
1001 len = camellia_test_ctr_len[u];
1002 memcpy( buf, camellia_test_ctr_ct[u], len );
1003
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1004 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1005 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1006
1007 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1008 {
1009 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1010 mbedtls_printf( "failed\n" );
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]1011 goto exit;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1012 }
1013 }
1014 else
1015 {
1016 len = camellia_test_ctr_len[u];
1017 memcpy( buf, camellia_test_ctr_pt[u], len );
1018
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1019 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]1020 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1021
1022 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1023 {
1024 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1025 mbedtls_printf( "failed\n" );
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]1026 goto exit;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1027 }
1028 }
1029
1030 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1031 mbedtls_printf( "passed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1032 }
1033
1034 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1035 mbedtls_printf( "\n" );
1036#endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1037
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]1038 ret = 0;
1039
1040exit:
1041 mbedtls_camellia_free( &ctx );
1042 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1043}
1044
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1045#endif /* MBEDTLS_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1046
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1047#endif /* MBEDTLS_CAMELLIA_C */