TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ff60ee6c2af5512ff67ad9f4f2dc193133a99016 / . / library / camellia.c
blob: 7c499cd532ad553e65c05e90be08351423264beb [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]4 * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
5 * All rights reserved.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 */
21/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]22 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
23 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]24 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]25 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_CAMELLIA_C)
31
32#include "polarssl/camellia.h"
33
34#include <string.h>
35
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]36/*
37 * 32-bit integer manipulation macros (big endian)
38 */
39#ifndef GET_ULONG_BE
40#define GET_ULONG_BE(n,b,i) \
41{ \
42 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]43 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
44 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
45 | ( (unsigned long) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]46}
47#endif
48
49#ifndef PUT_ULONG_BE
50#define PUT_ULONG_BE(n,b,i) \
51{ \
52 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
53 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
54 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
55 (b)[(i) + 3] = (unsigned char) ( (n) ); \
56}
57#endif
58
59static const unsigned char SIGMA_CHARS[6][8] =
60{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]61 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
62 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
63 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
64 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
65 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
66 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]67};
68
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]69#ifdef POLARSSL_CAMELLIA_SMALL_MEMORY
70
71static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]72{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]73 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
74 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
75 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
76 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
77 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
78 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
79 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
80 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
81 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
82 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
83 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
84 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
85 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
86 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
87 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
88 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]89};
90
91#define SBOX1(n) FSb[(n)]
92#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
93#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]94#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
95
96#else
97
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]98static const unsigned char FSb[256] =
99{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]100 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
101 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
102 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
103 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
104 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
105 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
106 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
107 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
108 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
109 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
110 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
111 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
112 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
113 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
114 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
115 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]116};
117
118static const unsigned char FSb2[256] =
119{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]120 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
121 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
122 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
123 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
124 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
125 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
126 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
127 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
128 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
129 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
130 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
131 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
132 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
133 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
134 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
135 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]136};
137
138static const unsigned char FSb3[256] =
139{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]140 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
141 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
142 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
143 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
144 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
145 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
146 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
147 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
148 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
149 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
150 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
151 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
152 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
153 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
154 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
155 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]156};
157
158static const unsigned char FSb4[256] =
159{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]160 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
161 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
162 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
163 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
164 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
165 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
166 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
167 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
168 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
169 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
170 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
171 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
172 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
173 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
174 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
175 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]176};
177
178#define SBOX1(n) FSb[(n)]
179#define SBOX2(n) FSb2[(n)]
180#define SBOX3(n) FSb3[(n)]
181#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]182
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]183#endif
184
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]185static const unsigned char shifts[2][4][4] =
186{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]187 {
188 { 1, 1, 1, 1 }, /* KL */
189 { 0, 0, 0, 0 }, /* KR */
190 { 1, 1, 1, 1 }, /* KA */
191 { 0, 0, 0, 0 } /* KB */
192 },
193 {
194 { 1, 0, 1, 1 }, /* KL */
195 { 1, 1, 0, 1 }, /* KR */
196 { 1, 1, 1, 0 }, /* KA */
197 { 1, 1, 0, 1 } /* KB */
198 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]199};
200
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]201static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]202{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]203 {
204 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
205 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
206 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
207 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
208 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
209 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
210 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
211 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
212 },
213 {
214 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
215 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
216 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
217 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
218 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
219 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
220 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
221 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
222 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]223};
224
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]225static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]226{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]227 {
228 21, 22, 23, 20,
229 -1, -1, -1, -1,
230 18, 19, 16, 17,
231 11, 8, 9, 10,
232 15, 12, 13, 14
233 },
234 {
235 25, 26, 27, 24,
236 29, 30, 31, 28,
237 18, 19, 16, 17,
238 -1, -1, -1, -1,
239 -1, -1, -1, -1
240 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]241};
242
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]243/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]244#define ROTL(DEST, SRC, SHIFT) \
245{ \
246 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
247 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
248 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
249 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]250}
251
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]252#define FL(XL, XR, KL, KR) \
253{ \
254 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
255 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]256}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]257
258#define FLInv(YL, YR, KL, KR) \
259{ \
260 (YL) = ((YR) | (KR)) ^ (YL); \
261 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]262}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]263
264#define SHIFT_AND_PLACE(INDEX, OFFSET) \
265{ \
266 TK[0] = KC[(OFFSET) * 4 + 0]; \
267 TK[1] = KC[(OFFSET) * 4 + 1]; \
268 TK[2] = KC[(OFFSET) * 4 + 2]; \
269 TK[3] = KC[(OFFSET) * 4 + 3]; \
270 \
271 for ( i = 1; i <= 4; i++ ) \
272 if (shifts[(INDEX)][(OFFSET)][i -1]) \
273 ROTL(TK + i * 4, TK, (15 * i) % 32); \
274 \
275 for ( i = 0; i < 20; i++ ) \
276 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
277 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
278 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]279}
280
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame^]281static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]282{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]283 uint32_t I0, I1;
284 I0 = x[0] ^ k[0];
285 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]286
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]287 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
288 (SBOX2((I0 >> 16) & 0xFF) << 16) |
289 (SBOX3((I0 >> 8) & 0xFF) << 8) |
290 (SBOX4((I0 ) & 0xFF) );
291 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
292 (SBOX3((I1 >> 16) & 0xFF) << 16) |
293 (SBOX4((I1 >> 8) & 0xFF) << 8) |
294 (SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]295
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]296 I0 ^= (I1 << 8) | (I1 >> 24);
297 I1 ^= (I0 << 16) | (I0 >> 16);
298 I0 ^= (I1 >> 8) | (I1 << 24);
299 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]300
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]301 z[0] ^= I1;
302 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]303}
304
305/*
306 * Camellia key schedule (encryption)
307 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame^]308int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]309{
310 int i, idx;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]311 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]312 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]313 uint32_t SIGMA[6][2];
314 uint32_t KC[16];
315 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]316
317 RK = ctx->rk;
318
319 memset(t, 0, 64);
320 memset(RK, 0, sizeof(ctx->rk));
321
322 switch( keysize )
323 {
324 case 128: ctx->nr = 3; idx = 0; break;
325 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]326 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]327 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]328 }
329
330 for( i = 0; i < keysize / 8; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]331 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]332
333 if (keysize == 192) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]334 for (i = 0; i < 8; i++)
335 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]336 }
337
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]338 /*
339 * Prepare SIGMA values
340 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]341 for (i = 0; i < 6; i++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]342 GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
343 GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]344 }
345
346 /*
347 * Key storage in KC
348 * Order: KL, KR, KA, KB
349 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]350 memset(KC, 0, sizeof(KC));
351
352 /* Store KL, KR */
353 for (i = 0; i < 8; i++)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]354 GET_ULONG_BE(KC[i], t, i * 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]355
356 /* Generate KA */
357 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]358 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]359
360 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
361 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
362
363 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]364 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]365
366 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
367 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
368
369 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]370 /* Generate KB */
371 for( i = 0; i < 4; ++i)
372 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]373
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]374 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
375 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]376 }
377
378 /*
379 * Generating subkeys
380 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]381
382 /* Manipulating KL */
383 SHIFT_AND_PLACE(idx, 0);
384
385 /* Manipulating KR */
386 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]387 SHIFT_AND_PLACE(idx, 1);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]388 }
389
390 /* Manipulating KA */
391 SHIFT_AND_PLACE(idx, 2);
392
393 /* Manipulating KB */
394 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]395 SHIFT_AND_PLACE(idx, 3);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]396 }
397
398 /* Do transpositions */
399 for ( i = 0; i < 20; i++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]400 if (transposes[idx][i] != -1) {
401 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
402 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]403 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]404
405 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]406}
407
408/*
409 * Camellia key schedule (decryption)
410 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame^]411int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]412{
413 int i, idx;
414 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]415 uint32_t *RK;
416 uint32_t *SK;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]417 int ret;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]418
419 switch( keysize )
420 {
421 case 128: ctx->nr = 3; idx = 0; break;
422 case 192:
423 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]424 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]425 }
426
427 RK = ctx->rk;
428
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]429 ret = camellia_setkey_enc(&cty, key, keysize);
430 if( ret != 0 )
431 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]432
433 SK = cty.rk + 24 * 2 + 8 * idx * 2;
434
435 *RK++ = *SK++;
436 *RK++ = *SK++;
437 *RK++ = *SK++;
438 *RK++ = *SK++;
439
440 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
441 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]442 *RK++ = *SK++;
443 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]444 }
445
446 SK -= 2;
447
448 *RK++ = *SK++;
449 *RK++ = *SK++;
450 *RK++ = *SK++;
451 *RK++ = *SK++;
452
453 memset( &cty, 0, sizeof( camellia_context ) );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]454
455 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]456}
457
458/*
459 * Camellia-ECB block encryption/decryption
460 */
461void camellia_crypt_ecb( camellia_context *ctx,
462 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame^]463 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]464 unsigned char output[16] )
465{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]466 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]467 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]468
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]469 ( (void) mode );
470
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]471 NR = ctx->nr;
472 RK = ctx->rk;
473
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]474 GET_ULONG_BE( X[0], input, 0 );
475 GET_ULONG_BE( X[1], input, 4 );
476 GET_ULONG_BE( X[2], input, 8 );
477 GET_ULONG_BE( X[3], input, 12 );
478
479 X[0] ^= *RK++;
480 X[1] ^= *RK++;
481 X[2] ^= *RK++;
482 X[3] ^= *RK++;
483
484 while (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]485 --NR;
486 camellia_feistel(X, RK, X + 2);
487 RK += 2;
488 camellia_feistel(X + 2, RK, X);
489 RK += 2;
490 camellia_feistel(X, RK, X + 2);
491 RK += 2;
492 camellia_feistel(X + 2, RK, X);
493 RK += 2;
494 camellia_feistel(X, RK, X + 2);
495 RK += 2;
496 camellia_feistel(X + 2, RK, X);
497 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]498
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]499 if (NR) {
500 FL(X[0], X[1], RK[0], RK[1]);
501 RK += 2;
502 FLInv(X[2], X[3], RK[0], RK[1]);
503 RK += 2;
504 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]505 }
506
507 X[2] ^= *RK++;
508 X[3] ^= *RK++;
509 X[0] ^= *RK++;
510 X[1] ^= *RK++;
511
512 PUT_ULONG_BE( X[2], output, 0 );
513 PUT_ULONG_BE( X[3], output, 4 );
514 PUT_ULONG_BE( X[0], output, 8 );
515 PUT_ULONG_BE( X[1], output, 12 );
516}
517
518/*
519 * Camellia-CBC buffer encryption/decryption
520 */
521void camellia_crypt_cbc( camellia_context *ctx,
522 int mode,
523 int length,
524 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame^]525 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]526 unsigned char *output )
527{
528 int i;
529 unsigned char temp[16];
530
531 if( mode == CAMELLIA_DECRYPT )
532 {
533 while( length > 0 )
534 {
535 memcpy( temp, input, 16 );
536 camellia_crypt_ecb( ctx, mode, input, output );
537
538 for( i = 0; i < 16; i++ )
539 output[i] = (unsigned char)( output[i] ^ iv[i] );
540
541 memcpy( iv, temp, 16 );
542
543 input += 16;
544 output += 16;
545 length -= 16;
546 }
547 }
548 else
549 {
550 while( length > 0 )
551 {
552 for( i = 0; i < 16; i++ )
553 output[i] = (unsigned char)( input[i] ^ iv[i] );
554
555 camellia_crypt_ecb( ctx, mode, output, output );
556 memcpy( iv, output, 16 );
557
558 input += 16;
559 output += 16;
560 length -= 16;
561 }
562 }
563}
564
565/*
566 * Camellia-CFB128 buffer encryption/decryption
567 */
568void camellia_crypt_cfb128( camellia_context *ctx,
569 int mode,
570 int length,
571 int *iv_off,
572 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame^]573 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]574 unsigned char *output )
575{
576 int c, n = *iv_off;
577
578 if( mode == CAMELLIA_DECRYPT )
579 {
580 while( length-- )
581 {
582 if( n == 0 )
583 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
584
585 c = *input++;
586 *output++ = (unsigned char)( c ^ iv[n] );
587 iv[n] = (unsigned char) c;
588
589 n = (n + 1) & 0x0F;
590 }
591 }
592 else
593 {
594 while( length-- )
595 {
596 if( n == 0 )
597 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
598
599 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
600
601 n = (n + 1) & 0x0F;
602 }
603 }
604
605 *iv_off = n;
606}
607
608#if defined(POLARSSL_SELF_TEST)
609
610#include <stdio.h>
611
612/*
613 * Camellia test vectors from:
614 *
615 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
616 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
617 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]618 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]619 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]620#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]621
622static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
623{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]624 {
625 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
626 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
627 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
628 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
629 },
630 {
631 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
632 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
633 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
634 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
637 },
638 {
639 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
640 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
641 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
642 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
643 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
644 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
645 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
646 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
647 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]648};
649
650static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
651{
652 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
653 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
654 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
655 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
656};
657
658static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
659{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]660 {
661 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
662 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
663 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
664 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
665 },
666 {
667 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
668 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
669 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
670 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
671 },
672 {
673 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
674 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
675 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
676 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
677 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]678};
679
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]680#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]681
682static const unsigned char camellia_test_cbc_key[3][32] =
683{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]684 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
685 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
686 ,
687 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
688 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
689 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
690 ,
691 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
692 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
693 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
694 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]695};
696
697static const unsigned char camellia_test_cbc_iv[16] =
698
699 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
700 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
701;
702
703static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
704{
705 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
706 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
707 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
708 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
709 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
710 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
711
712};
713
714static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
715{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]716 {
717 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
718 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
719 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
720 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
721 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
722 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
723 },
724 {
725 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
726 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
727 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
728 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
729 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
730 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
731 },
732 {
733 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
734 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
735 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
736 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
737 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
738 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
739 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]740};
741
742
743/*
744 * Checkup routine
745 */
746int camellia_self_test( int verbose )
747{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]748 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]749 unsigned char key[32];
750 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]751 unsigned char src[16];
752 unsigned char dst[16];
753 unsigned char iv[16];
754 camellia_context ctx;
755
756 memset( key, 0, 32 );
757
758 for (j = 0; j < 6; j++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]759 u = j >> 1;
760 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]761
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]762 if( verbose != 0 )
763 printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
764 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]765
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]766 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
767 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]768
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]769 if (v == CAMELLIA_DECRYPT) {
770 camellia_setkey_dec(&ctx, key, 128 + u * 64);
771 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
772 memcpy(dst, camellia_test_ecb_plain[i], 16);
773 } else { /* CAMELLIA_ENCRYPT */
774 camellia_setkey_enc(&ctx, key, 128 + u * 64);
775 memcpy(src, camellia_test_ecb_plain[i], 16);
776 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
777 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]778
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]779 camellia_crypt_ecb(&ctx, v, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]780
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]781 if( memcmp( buf, dst, 16 ) != 0 )
782 {
783 if( verbose != 0 )
784 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]785
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]786 return( 1 );
787 }
788 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]789
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]790 if( verbose != 0 )
791 printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]792 }
793
794 if( verbose != 0 )
795 printf( "\n" );
796
797 /*
798 * CBC mode
799 */
800 for( j = 0; j < 6; j++ )
801 {
802 u = j >> 1;
803 v = j & 1;
804
805 if( verbose != 0 )
806 printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
807 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
808
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]809 memcpy( src, camellia_test_cbc_iv, 16);
810 memcpy( dst, camellia_test_cbc_iv, 16);
811 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]812
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]813 if (v == CAMELLIA_DECRYPT) {
814 camellia_setkey_dec(&ctx, key, 128 + u * 64);
815 } else {
816 camellia_setkey_enc(&ctx, key, 128 + u * 64);
817 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]818
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]819 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]820
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]821 if (v == CAMELLIA_DECRYPT) {
822 memcpy( iv , src, 16 );
823 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
824 memcpy(dst, camellia_test_cbc_plain[i], 16);
825 } else { /* CAMELLIA_ENCRYPT */
826 memcpy( iv , dst, 16 );
827 memcpy(src, camellia_test_cbc_plain[i], 16);
828 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
829 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]830
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]831 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]832
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]833 if( memcmp( buf, dst, 16 ) != 0 )
834 {
835 if( verbose != 0 )
836 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]837
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]838 return( 1 );
839 }
840 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]841
842 if( verbose != 0 )
843 printf( "passed\n" );
844 }
845
846 if( verbose != 0 )
847 printf( "\n" );
848
849 return ( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]850}
851
852#endif
853
854#endif