/src/mbedtls/library/camellia.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Camellia implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License"); you may
8		* not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19		/*
20		* The Camellia block cipher was designed by NTT and Mitsubishi Electric
21		* Corporation.
22		*
23		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
24		*/
25
26		#include "common.h"
27
28		#if defined(MBEDTLS_CAMELLIA_C)
29
30		#include "mbedtls/camellia.h"
31		#include "mbedtls/platform_util.h"
32
33		#include <string.h>
34
35		#include "mbedtls/platform.h"
36
37		#if !defined(MBEDTLS_CAMELLIA_ALT)
38
39		static const unsigned char SIGMA_CHARS[6][8] =
40		{
41		{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
42		{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
43		{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
44		{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
45		{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
46		{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
47		};
48
49		#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
50
51		static const unsigned char FSb[256] =
52		{
53		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
54		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
55		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
56		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
57		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
58		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
59		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
60		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
61		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
62		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
63		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
64		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
65		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
66		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
67		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
68		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
69		};
70
71		#define SBOX1(n) FSb[(n)]
72		#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
73		#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
74		#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
75
76		#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
77
78		static const unsigned char FSb[256] =
79		{
80		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
81		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
82		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
83		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
84		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
85		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
86		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
87		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
88		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
89		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
90		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
91		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
92		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
93		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
94		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
95		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
96		};
97
98		static const unsigned char FSb2[256] =
99		{
100		224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
101		70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
102		13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
103		77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
104		23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
105		191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
106		40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
107		253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
108		85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
109		32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
110		15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
111		164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
112		211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
113		240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
114		228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
115		128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
116		};
117
118		static const unsigned char FSb3[256] =
119		{
120		56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
121		145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
122		67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
123		83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
124		197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
125		239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
126		10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
127		127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
128		85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
129		8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
130		195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
131		41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
132		244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
133		60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
134		57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
135		32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
136		};
137
138		static const unsigned char FSb4[256] =
139		{
140		112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
141		134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
142		139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
143		20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
144		170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
145		135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
146		233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
147		114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
148		130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
149		184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
150		13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
151		88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
152		208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
153		92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
154		121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
155		7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
156		};
157
158	66.5k	#define SBOX1(n) FSb[(n)]
159	66.5k	#define SBOX2(n) FSb2[(n)]
160	66.5k	#define SBOX3(n) FSb3[(n)]
161	66.5k	#define SBOX4(n) FSb4[(n)]
162
163		#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
164
165		static const unsigned char shifts[2][4][4] =
166		{
167		{
168		{ 1, 1, 1, 1 }, /* KL */
169		{ 0, 0, 0, 0 }, /* KR */
170		{ 1, 1, 1, 1 }, /* KA */
171		{ 0, 0, 0, 0 } /* KB */
172		},
173		{
174		{ 1, 0, 1, 1 }, /* KL */
175		{ 1, 1, 0, 1 }, /* KR */
176		{ 1, 1, 1, 0 }, /* KA */
177		{ 1, 1, 0, 1 } /* KB */
178		}
179		};
180
181		static const signed char indexes[2][4][20] =
182		{
183		{
184		{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
185		36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
186		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
187		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
188		{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
189		18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
190		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
191		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
192		},
193		{
194		{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
195		-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
196		{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
197		18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
198		{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
199		56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
200		{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
201		22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
202		}
203		};
204
205		static const signed char transposes[2][20] =
206		{
207		{
208		21, 22, 23, 20,
209		-1, -1, -1, -1,
210		18, 19, 16, 17,
211		11, 8, 9, 10,
212		15, 12, 13, 14
213		},
214		{
215		25, 26, 27, 24,
216		29, 30, 31, 28,
217		18, 19, 16, 17,
218		-1, -1, -1, -1,
219		-1, -1, -1, -1
220		}
221		};
222
223		/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
224		#define ROTL(DEST, SRC, SHIFT) \
225	112	{ \
226	112	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
227	112	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
228	112	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
229	112	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
230	112	}
231
232		#define FL(XL, XR, KL, KR) \
233	4.15k	{ \
234	4.15k	(XR) = ((((XL) &(KL)) << 1) \| (((XL) &(KL)) >> 31)) ^ (XR); \
235	4.15k	(XL) = ((XR) \| (KR)) ^ (XL); \
236	4.15k	}
237
238		#define FLInv(YL, YR, KL, KR) \
239	4.15k	{ \
240	4.15k	(YL) = ((YR) \| (KR)) ^ (YL); \
241	4.15k	(YR) = ((((YL) &(KL)) << 1) \| (((YL) &(KL)) >> 31)) ^ (YR); \
242	4.15k	}
243
244		#define SHIFT_AND_PLACE(INDEX, OFFSET) \
245	32	{ \
246	32	TK[0] = KC[(OFFSET) * 4 + 0]; \
247	32	TK[1] = KC[(OFFSET) * 4 + 1]; \
248	32	TK[2] = KC[(OFFSET) * 4 + 2]; \
249	32	TK[3] = KC[(OFFSET) * 4 + 3]; \
250	32	\
251	160	for (i = 1; i <= 4; i++) \
252	128	if (shifts[(INDEX)][(OFFSET)][i -1]) \
253	128	ROTL(TK + i * 4, TK, (15 * i) % 32); \
254	32	\
255	672	for (i = 0; i < 20; i++) \
256	640	if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
257	448	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
258	448	} \
259	32	}
260
261		static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
262		uint32_t z[2])
263	33.2k	{
264	33.2k	uint32_t I0, I1;
265	33.2k	I0 = x[0] ^ k[0];
266	33.2k	I1 = x[1] ^ k[1];
267
268	33.2k	I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) \|
269	33.2k	((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) \|
270	33.2k	((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) \|
271	33.2k	((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
272	33.2k	I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) \|
273	33.2k	((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) \|
274	33.2k	((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) \|
275	33.2k	((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
276
277	33.2k	I0 ^= (I1 << 8) \| (I1 >> 24);
278	33.2k	I1 ^= (I0 << 16) \| (I0 >> 16);
279	33.2k	I0 ^= (I1 >> 8) \| (I1 << 24);
280	33.2k	I1 ^= (I0 >> 8) \| (I0 << 24);
281
282	33.2k	z[0] ^= I1;
283	33.2k	z[1] ^= I0;
284	33.2k	}
285
286		void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
287	12	{
288	12	memset(ctx, 0, sizeof(mbedtls_camellia_context));
289	12	}
290
291		void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
292	12	{
293	12	if (ctx == NULL) {
294	0	return;
295	0	}
296
297	12	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
298	12	}
299
300		/*
301		* Camellia key schedule (encryption)
302		*/
303		int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
304		const unsigned char *key,
305		unsigned int keybits)
306	8	{
307	8	int idx;
308	8	size_t i;
309	8	uint32_t *RK;
310	8	unsigned char t[64];
311	8	uint32_t SIGMA[6][2];
312	8	uint32_t KC[16];
313	8	uint32_t TK[20];
314
315	8	RK = ctx->rk;
316
317	8	memset(t, 0, 64);
318	8	memset(RK, 0, sizeof(ctx->rk));
319
320	8	switch (keybits) {
321	0	case 128: ctx->nr = 3; idx = 0; break;
322	0	case 192:
323	8	case 256: ctx->nr = 4; idx = 1; break;
324	0	default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
325	8	}
326
327	264	for (i = 0; i < keybits / 8; ++i) {
328	256	t[i] = key[i];
329	256	}
330
331	8	if (keybits == 192) {
332	0	for (i = 0; i < 8; i++) {
333	0	t[24 + i] = ~t[16 + i];
334	0	}
335	0	}
336
337		/*
338		* Prepare SIGMA values
339		*/
340	56	for (i = 0; i < 6; i++) {
341	48	SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
342	48	SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
343	48	}
344
345		/*
346		* Key storage in KC
347		* Order: KL, KR, KA, KB
348		*/
349	8	memset(KC, 0, sizeof(KC));
350
351		/* Store KL, KR */
352	72	for (i = 0; i < 8; i++) {
353	64	KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
354	64	}
355
356		/* Generate KA */
357	40	for (i = 0; i < 4; ++i) {
358	32	KC[8 + i] = KC[i] ^ KC[4 + i];
359	32	}
360
361	8	camellia_feistel(KC + 8, SIGMA[0], KC + 10);
362	8	camellia_feistel(KC + 10, SIGMA[1], KC + 8);
363
364	40	for (i = 0; i < 4; ++i) {
365	32	KC[8 + i] ^= KC[i];
366	32	}
367
368	8	camellia_feistel(KC + 8, SIGMA[2], KC + 10);
369	8	camellia_feistel(KC + 10, SIGMA[3], KC + 8);
370
371	8	if (keybits > 128) {
372		/* Generate KB */
373	40	for (i = 0; i < 4; ++i) {
374	32	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
375	32	}
376
377	8	camellia_feistel(KC + 12, SIGMA[4], KC + 14);
378	8	camellia_feistel(KC + 14, SIGMA[5], KC + 12);
379	8	}
380
381		/*
382		* Generating subkeys
383		*/
384
385		/* Manipulating KL */
386	8	SHIFT_AND_PLACE(idx, 0);
387
388		/* Manipulating KR */
389	8	if (keybits > 128) {
390	8	SHIFT_AND_PLACE(idx, 1);
391	8	}
392
393		/* Manipulating KA */
394	8	SHIFT_AND_PLACE(idx, 2);
395
396		/* Manipulating KB */
397	8	if (keybits > 128) {
398	8	SHIFT_AND_PLACE(idx, 3);
399	8	}
400
401		/* Do transpositions */
402	168	for (i = 0; i < 20; i++) {
403	160	if (transposes[idx][i] != -1) {
404	96	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
405	96	}
406	160	}
407
408	8	return 0;
409	8	}
410
411		/*
412		* Camellia key schedule (decryption)
413		*/
414		int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
415		const unsigned char *key,
416		unsigned int keybits)
417	4	{
418	4	int idx, ret;
419	4	size_t i;
420	4	mbedtls_camellia_context cty;
421	4	uint32_t *RK;
422	4	uint32_t *SK;
423
424	4	mbedtls_camellia_init(&cty);
425
426		/* Also checks keybits */
427	4	if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
428	0	goto exit;
429	0	}
430
431	4	ctx->nr = cty.nr;
432	4	idx = (ctx->nr == 4);
433
434	4	RK = ctx->rk;
435	4	SK = cty.rk + 24 * 2 + 8 * idx * 2;
436
437	4	RK++ = SK++;
438	4	RK++ = SK++;
439	4	RK++ = SK++;
440	4	RK++ = SK++;
441
442	124	for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
443	120	RK++ = SK++;
444	120	RK++ = SK++;
445	120	}
446
447	4	SK -= 2;
448
449	4	RK++ = SK++;
450	4	RK++ = SK++;
451	4	RK++ = SK++;
452	4	RK++ = SK++;
453
454	4	exit:
455	4	mbedtls_camellia_free(&cty);
456
457	4	return ret;
458	4	}
459
460		/*
461		* Camellia-ECB block encryption/decryption
462		*/
463		int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
464		int mode,
465		const unsigned char input[16],
466		unsigned char output[16])
467	1.38k	{
468	1.38k	int NR;
469	1.38k	uint32_t *RK, X[4];
470	1.38k	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
471	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
472	0	}
473
474	1.38k	((void) mode);
475
476	1.38k	NR = ctx->nr;
477	1.38k	RK = ctx->rk;
478
479	1.38k	X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
480	1.38k	X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
481	1.38k	X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
482	1.38k	X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
483
484	1.38k	X[0] ^= *RK++;
485	1.38k	X[1] ^= *RK++;
486	1.38k	X[2] ^= *RK++;
487	1.38k	X[3] ^= *RK++;
488
489	6.92k	while (NR) {
490	5.53k	--NR;
491	5.53k	camellia_feistel(X, RK, X + 2);
492	5.53k	RK += 2;
493	5.53k	camellia_feistel(X + 2, RK, X);
494	5.53k	RK += 2;
495	5.53k	camellia_feistel(X, RK, X + 2);
496	5.53k	RK += 2;
497	5.53k	camellia_feistel(X + 2, RK, X);
498	5.53k	RK += 2;
499	5.53k	camellia_feistel(X, RK, X + 2);
500	5.53k	RK += 2;
501	5.53k	camellia_feistel(X + 2, RK, X);
502	5.53k	RK += 2;
503
504	5.53k	if (NR) {
505	4.15k	FL(X[0], X[1], RK[0], RK[1]);
506	4.15k	RK += 2;
507	4.15k	FLInv(X[2], X[3], RK[0], RK[1]);
508	4.15k	RK += 2;
509	4.15k	}
510	5.53k	}
511
512	1.38k	X[2] ^= *RK++;
513	1.38k	X[3] ^= *RK++;
514	1.38k	X[0] ^= *RK++;
515	1.38k	X[1] ^= *RK++;
516
517	1.38k	MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
518	1.38k	MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
519	1.38k	MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
520	1.38k	MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
521
522	1.38k	return 0;
523	1.38k	}
524
525		#if defined(MBEDTLS_CIPHER_MODE_CBC)
526		/*
527		* Camellia-CBC buffer encryption/decryption
528		*/
529		int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
530		int mode,
531		size_t length,
532		unsigned char iv[16],
533		const unsigned char *input,
534		unsigned char *output)
535	12	{
536	12	unsigned char temp[16];
537	12	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
538	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
539	0	}
540
541	12	if (length % 16) {
542	0	return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
543	0	}
544
545	12	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
546	1.36k	while (length > 0) {
547	1.35k	memcpy(temp, input, 16);
548	1.35k	mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
549
550	1.35k	mbedtls_xor(output, output, iv, 16);
551
552	1.35k	memcpy(iv, temp, 16);
553
554	1.35k	input += 16;
555	1.35k	output += 16;
556	1.35k	length -= 16;
557	1.35k	}
558	8	} else {
559	36	while (length > 0) {
560	28	mbedtls_xor(output, input, iv, 16);
561
562	28	mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
563	28	memcpy(iv, output, 16);
564
565	28	input += 16;
566	28	output += 16;
567	28	length -= 16;
568	28	}
569	8	}
570
571	12	return 0;
572	12	}
573		#endif /* MBEDTLS_CIPHER_MODE_CBC */
574
575		#if defined(MBEDTLS_CIPHER_MODE_CFB)
576		/*
577		* Camellia-CFB128 buffer encryption/decryption
578		*/
579		int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
580		int mode,
581		size_t length,
582		size_t *iv_off,
583		unsigned char iv[16],
584		const unsigned char *input,
585		unsigned char *output)
586	0	{
587	0	int c;
588	0	size_t n;
589	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
590	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
591	0	}
592
593	0	n = *iv_off;
594	0	if (n >= 16) {
595	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
596	0	}
597
598	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
599	0	while (length--) {
600	0	if (n == 0) {
601	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
602	0	}
603
604	0	c = *input++;
605	0	*output++ = (unsigned char) (c ^ iv[n]);
606	0	iv[n] = (unsigned char) c;
607
608	0	n = (n + 1) & 0x0F;
609	0	}
610	0	} else {
611	0	while (length--) {
612	0	if (n == 0) {
613	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
614	0	}
615
616	0	iv[n] = output++ = (unsigned char) (iv[n] ^ input++);
617
618	0	n = (n + 1) & 0x0F;
619	0	}
620	0	}
621
622	0	*iv_off = n;
623
624	0	return 0;
625	0	}
626		#endif /* MBEDTLS_CIPHER_MODE_CFB */
627
628		#if defined(MBEDTLS_CIPHER_MODE_CTR)
629		/*
630		* Camellia-CTR buffer encryption/decryption
631		*/
632		int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
633		size_t length,
634		size_t *nc_off,
635		unsigned char nonce_counter[16],
636		unsigned char stream_block[16],
637		const unsigned char *input,
638		unsigned char *output)
639	0	{
640	0	int c, i;
641	0	size_t n;
642
643	0	n = *nc_off;
644	0	if (n >= 16) {
645	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
646	0	}
647
648	0	while (length--) {
649	0	if (n == 0) {
650	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
651	0	stream_block);
652
653	0	for (i = 16; i > 0; i--) {
654	0	if (++nonce_counter[i - 1] != 0) {
655	0	break;
656	0	}
657	0	}
658	0	}
659	0	c = *input++;
660	0	*output++ = (unsigned char) (c ^ stream_block[n]);
661
662	0	n = (n + 1) & 0x0F;
663	0	}
664
665	0	*nc_off = n;
666
667	0	return 0;
668	0	}
669		#endif /* MBEDTLS_CIPHER_MODE_CTR */
670		#endif /* !MBEDTLS_CAMELLIA_ALT */
671
672		#if defined(MBEDTLS_SELF_TEST)
673
674		/*
675		* Camellia test vectors from:
676		*
677		* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
678		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
679		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
680		* (For each bitlength: Key 0, Nr 39)
681		*/
682	0	#define CAMELLIA_TESTS_ECB 2
683
684		static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
685		{
686		{
687		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
688		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
689		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
690		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
691		},
692		{
693		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
694		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
695		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
696		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699		},
700		{
701		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
702		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
703		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
704		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
705		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
708		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
709		},
710		};
711
712		static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
713		{
714		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
715		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
716		{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
717		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718		};
719
720		static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
721		{
722		{
723		{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
724		0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
725		{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
726		0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
727		},
728		{
729		{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
730		0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
731		{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
732		0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
733		},
734		{
735		{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
736		0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
737		{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
738		0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
739		}
740		};
741
742		#if defined(MBEDTLS_CIPHER_MODE_CBC)
743	0	#define CAMELLIA_TESTS_CBC 3
744
745		static const unsigned char camellia_test_cbc_key[3][32] =
746		{
747		{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
748		0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
749		,
750		{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
751		0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
752		0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
753		,
754		{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
755		0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
756		0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
757		0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
758		};
759
760		static const unsigned char camellia_test_cbc_iv[16] =
761
762		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
763		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
764		;
765
766		static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
767		{
768		{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
769		0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
770		{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
771		0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
772		{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
773		0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
774
775		};
776
777		static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
778		{
779		{
780		{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
781		0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
782		{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
783		0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
784		{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
785		0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
786		},
787		{
788		{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
789		0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
790		{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
791		0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
792		{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
793		0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
794		},
795		{
796		{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
797		0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
798		{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
799		0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
800		{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
801		0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
802		}
803		};
804		#endif /* MBEDTLS_CIPHER_MODE_CBC */
805
806		#if defined(MBEDTLS_CIPHER_MODE_CTR)
807		/*
808		* Camellia-CTR test vectors from:
809		*
810		* http://www.faqs.org/rfcs/rfc5528.html
811		*/
812
813		static const unsigned char camellia_test_ctr_key[3][16] =
814		{
815		{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
816		0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
817		{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
818		0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
819		{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
820		0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
821		};
822
823		static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
824		{
825		{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
826		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
827		{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
828		0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
829		{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
830		0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
831		};
832
833		static const unsigned char camellia_test_ctr_pt[3][48] =
834		{
835		{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
836		0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
837
838		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
842
843		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
844		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
845		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
846		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
847		0x20, 0x21, 0x22, 0x23 }
848		};
849
850		static const unsigned char camellia_test_ctr_ct[3][48] =
851		{
852		{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
853		0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
854		{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
855		0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
856		0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
857		0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
858		{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
859		0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
860		0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
861		0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
862		0xDF, 0x50, 0x86, 0x96 }
863		};
864
865		static const int camellia_test_ctr_len[3] =
866		{ 16, 32, 36 };
867		#endif /* MBEDTLS_CIPHER_MODE_CTR */
868
869		/*
870		* Checkup routine
871		*/
872		int mbedtls_camellia_self_test(int verbose)
873	0	{
874	0	int i, j, u, v;
875	0	unsigned char key[32];
876	0	unsigned char buf[64];
877	0	unsigned char src[16];
878	0	unsigned char dst[16];
879	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
880	0	unsigned char iv[16];
881	0	#endif
882	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
883	0	size_t offset, len;
884	0	unsigned char nonce_counter[16];
885	0	unsigned char stream_block[16];
886	0	#endif
887	0	int ret = 1;
888
889	0	mbedtls_camellia_context ctx;
890
891	0	mbedtls_camellia_init(&ctx);
892	0	memset(key, 0, 32);
893
894	0	for (j = 0; j < 6; j++) {
895	0	u = j >> 1;
896	0	v = j & 1;
897
898	0	if (verbose != 0) {
899	0	mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
900	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
901	0	}
902
903	0	for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
904	0	memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
905
906	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908	0	memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909	0	memcpy(dst, camellia_test_ecb_plain[i], 16);
910	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
911	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
912	0	memcpy(src, camellia_test_ecb_plain[i], 16);
913	0	memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
914	0	}
915
916	0	mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
917
918	0	if (memcmp(buf, dst, 16) != 0) {
919	0	if (verbose != 0) {
920	0	mbedtls_printf("failed\n");
921	0	}
922	0	goto exit;
923	0	}
924	0	}
925
926	0	if (verbose != 0) {
927	0	mbedtls_printf("passed\n");
928	0	}
929	0	}
930
931	0	if (verbose != 0) {
932	0	mbedtls_printf("\n");
933	0	}
934
935	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
936		/*
937		* CBC mode
938		*/
939	0	for (j = 0; j < 6; j++) {
940	0	u = j >> 1;
941	0	v = j & 1;
942
943	0	if (verbose != 0) {
944	0	mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
945	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
946	0	}
947
948	0	memcpy(src, camellia_test_cbc_iv, 16);
949	0	memcpy(dst, camellia_test_cbc_iv, 16);
950	0	memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
951
952	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
953	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
954	0	} else {
955	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
956	0	}
957
958	0	for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
959
960	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
961	0	memcpy(iv, src, 16);
962	0	memcpy(src, camellia_test_cbc_cipher[u][i], 16);
963	0	memcpy(dst, camellia_test_cbc_plain[i], 16);
964	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
965	0	memcpy(iv, dst, 16);
966	0	memcpy(src, camellia_test_cbc_plain[i], 16);
967	0	memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
968	0	}
969
970	0	mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
971
972	0	if (memcmp(buf, dst, 16) != 0) {
973	0	if (verbose != 0) {
974	0	mbedtls_printf("failed\n");
975	0	}
976	0	goto exit;
977	0	}
978	0	}
979
980	0	if (verbose != 0) {
981	0	mbedtls_printf("passed\n");
982	0	}
983	0	}
984	0	#endif /* MBEDTLS_CIPHER_MODE_CBC */
985
986	0	if (verbose != 0) {
987	0	mbedtls_printf("\n");
988	0	}
989
990	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
991		/*
992		* CTR mode
993		*/
994	0	for (i = 0; i < 6; i++) {
995	0	u = i >> 1;
996	0	v = i & 1;
997
998	0	if (verbose != 0) {
999	0	mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1000	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1001	0	}
1002
1003	0	memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1004	0	memcpy(key, camellia_test_ctr_key[u], 16);
1005
1006	0	offset = 0;
1007	0	mbedtls_camellia_setkey_enc(&ctx, key, 128);
1008
1009	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1010	0	len = camellia_test_ctr_len[u];
1011	0	memcpy(buf, camellia_test_ctr_ct[u], len);
1012
1013	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1014	0	buf, buf);
1015
1016	0	if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1017	0	if (verbose != 0) {
1018	0	mbedtls_printf("failed\n");
1019	0	}
1020	0	goto exit;
1021	0	}
1022	0	} else {
1023	0	len = camellia_test_ctr_len[u];
1024	0	memcpy(buf, camellia_test_ctr_pt[u], len);
1025
1026	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1027	0	buf, buf);
1028
1029	0	if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1030	0	if (verbose != 0) {
1031	0	mbedtls_printf("failed\n");
1032	0	}
1033	0	goto exit;
1034	0	}
1035	0	}
1036
1037	0	if (verbose != 0) {
1038	0	mbedtls_printf("passed\n");
1039	0	}
1040	0	}
1041
1042	0	if (verbose != 0) {
1043	0	mbedtls_printf("\n");
1044	0	}
1045	0	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1046
1047	0	ret = 0;
1048
1049	0	exit:
1050	0	mbedtls_camellia_free(&ctx);
1051	0	return ret;
1052	0	}
1053
1054		#endif /* MBEDTLS_SELF_TEST */
1055
1056		#endif /* MBEDTLS_CAMELLIA_C */

Coverage Report

Created: 2023-03-26 14:53