/src/mbedtls/library/camellia.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Camellia implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License"); you may
8		* not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19		/*
20		* The Camellia block cipher was designed by NTT and Mitsubishi Electric
21		* Corporation.
22		*
23		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
24		*/
25
26		#include "common.h"
27
28		#if defined(MBEDTLS_CAMELLIA_C)
29
30		#include "mbedtls/camellia.h"
31		#include "mbedtls/platform_util.h"
32
33		#include <string.h>
34
35		#include "mbedtls/platform.h"
36
37		#if !defined(MBEDTLS_CAMELLIA_ALT)
38
39		static const unsigned char SIGMA_CHARS[6][8] =
40		{
41		{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
42		{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
43		{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
44		{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
45		{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
46		{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
47		};
48
49		#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
50
51		static const unsigned char FSb[256] =
52		{
53		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
54		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
55		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
56		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
57		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
58		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
59		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
60		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
61		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
62		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
63		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
64		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
65		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
66		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
67		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
68		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
69		};
70
71		#define SBOX1(n) FSb[(n)]
72		#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
73		#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
74		#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
75
76		#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
77
78		static const unsigned char FSb[256] =
79		{
80		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
81		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
82		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
83		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
84		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
85		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
86		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
87		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
88		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
89		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
90		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
91		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
92		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
93		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
94		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
95		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
96		};
97
98		static const unsigned char FSb2[256] =
99		{
100		224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
101		70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
102		13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
103		77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
104		23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
105		191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
106		40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
107		253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
108		85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
109		32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
110		15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
111		164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
112		211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
113		240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
114		228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
115		128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
116		};
117
118		static const unsigned char FSb3[256] =
119		{
120		56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
121		145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
122		67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
123		83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
124		197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
125		239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
126		10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
127		127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
128		85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
129		8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
130		195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
131		41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
132		244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
133		60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
134		57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
135		32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
136		};
137
138		static const unsigned char FSb4[256] =
139		{
140		112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
141		134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
142		139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
143		20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
144		170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
145		135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
146		233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
147		114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
148		130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
149		184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
150		13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
151		88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
152		208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
153		92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
154		121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
155		7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
156		};
157
158	294k	#define SBOX1(n) FSb[(n)]
159	294k	#define SBOX2(n) FSb2[(n)]
160	294k	#define SBOX3(n) FSb3[(n)]
161	294k	#define SBOX4(n) FSb4[(n)]
162
163		#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
164
165		static const unsigned char shifts[2][4][4] =
166		{
167		{
168		{ 1, 1, 1, 1 }, /* KL */
169		{ 0, 0, 0, 0 }, /* KR */
170		{ 1, 1, 1, 1 }, /* KA */
171		{ 0, 0, 0, 0 } /* KB */
172		},
173		{
174		{ 1, 0, 1, 1 }, /* KL */
175		{ 1, 1, 0, 1 }, /* KR */
176		{ 1, 1, 1, 0 }, /* KA */
177		{ 1, 1, 0, 1 } /* KB */
178		}
179		};
180
181		static const signed char indexes[2][4][20] =
182		{
183		{
184		{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
185		36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
186		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
187		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
188		{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
189		18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
190		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
191		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
192		},
193		{
194		{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
195		-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
196		{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
197		18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
198		{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
199		56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
200		{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
201		22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
202		}
203		};
204
205		static const signed char transposes[2][20] =
206		{
207		{
208		21, 22, 23, 20,
209		-1, -1, -1, -1,
210		18, 19, 16, 17,
211		11, 8, 9, 10,
212		15, 12, 13, 14
213		},
214		{
215		25, 26, 27, 24,
216		29, 30, 31, 28,
217		18, 19, 16, 17,
218		-1, -1, -1, -1,
219		-1, -1, -1, -1
220		}
221		};
222
223		/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
224		#define ROTL(DEST, SRC, SHIFT) \
225	3.97k	{ \
226	3.97k	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
227	3.97k	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
228	3.97k	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
229	3.97k	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
230	3.97k	}
231
232		#define FL(XL, XR, KL, KR) \
233	17.6k	{ \
234	17.6k	(XR) = ((((XL) &(KL)) << 1) \| (((XL) &(KL)) >> 31)) ^ (XR); \
235	17.6k	(XL) = ((XR) \| (KR)) ^ (XL); \
236	17.6k	}
237
238		#define FLInv(YL, YR, KL, KR) \
239	17.6k	{ \
240	17.6k	(YL) = ((YR) \| (KR)) ^ (YL); \
241	17.6k	(YR) = ((((YL) &(KL)) << 1) \| (((YL) &(KL)) >> 31)) ^ (YR); \
242	17.6k	}
243
244		#define SHIFT_AND_PLACE(INDEX, OFFSET) \
245	1.04k	{ \
246	1.04k	TK[0] = KC[(OFFSET) * 4 + 0]; \
247	1.04k	TK[1] = KC[(OFFSET) * 4 + 1]; \
248	1.04k	TK[2] = KC[(OFFSET) * 4 + 2]; \
249	1.04k	TK[3] = KC[(OFFSET) * 4 + 3]; \
250	1.04k	\
251	5.20k	for (i = 1; i <= 4; i++) \
252	4.16k	if (shifts[(INDEX)][(OFFSET)][i -1]) \
253	4.16k	ROTL(TK + i * 4, TK, (15 * i) % 32); \
254	1.04k	\
255	21.8k	for (i = 0; i < 20; i++) \
256	20.8k	if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
257	15.4k	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
258	15.4k	} \
259	1.04k	}
260
261		static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
262		uint32_t z[2])
263	147k	{
264	147k	uint32_t I0, I1;
265	147k	I0 = x[0] ^ k[0];
266	147k	I1 = x[1] ^ k[1];
267
268	147k	I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) \|
269	147k	((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) \|
270	147k	((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) \|
271	147k	((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
272	147k	I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) \|
273	147k	((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) \|
274	147k	((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) \|
275	147k	((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
276
277	147k	I0 ^= (I1 << 8) \| (I1 >> 24);
278	147k	I1 ^= (I0 << 16) \| (I0 >> 16);
279	147k	I0 ^= (I1 >> 8) \| (I1 << 24);
280	147k	I1 ^= (I0 >> 8) \| (I0 << 24);
281
282	147k	z[0] ^= I1;
283	147k	z[1] ^= I0;
284	147k	}
285
286		void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
287	416	{
288	416	memset(ctx, 0, sizeof(mbedtls_camellia_context));
289	416	}
290
291		void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
292	416	{
293	416	if (ctx == NULL) {
294	0	return;
295	0	}
296
297	416	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
298	416	}
299
300		/*
301		* Camellia key schedule (encryption)
302		*/
303		int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
304		const unsigned char *key,
305		unsigned int keybits)
306	316	{
307	316	int idx;
308	316	size_t i;
309	316	uint32_t *RK;
310	316	unsigned char t[64];
311	316	uint32_t SIGMA[6][2];
312	316	uint32_t KC[16];
313	316	uint32_t TK[20];
314
315	316	RK = ctx->rk;
316
317	316	memset(t, 0, 64);
318	316	memset(RK, 0, sizeof(ctx->rk));
319
320	316	switch (keybits) {
321	112	case 128: ctx->nr = 3; idx = 0; break;
322	0	case 192:
323	204	case 256: ctx->nr = 4; idx = 1; break;
324	0	default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
325	316	}
326
327	8.63k	for (i = 0; i < keybits / 8; ++i) {
328	8.32k	t[i] = key[i];
329	8.32k	}
330
331	316	if (keybits == 192) {
332	0	for (i = 0; i < 8; i++) {
333	0	t[24 + i] = ~t[16 + i];
334	0	}
335	0	}
336
337		/*
338		* Prepare SIGMA values
339		*/
340	2.21k	for (i = 0; i < 6; i++) {
341	1.89k	SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
342	1.89k	SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
343	1.89k	}
344
345		/*
346		* Key storage in KC
347		* Order: KL, KR, KA, KB
348		*/
349	316	memset(KC, 0, sizeof(KC));
350
351		/* Store KL, KR */
352	2.84k	for (i = 0; i < 8; i++) {
353	2.52k	KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
354	2.52k	}
355
356		/* Generate KA */
357	1.58k	for (i = 0; i < 4; ++i) {
358	1.26k	KC[8 + i] = KC[i] ^ KC[4 + i];
359	1.26k	}
360
361	316	camellia_feistel(KC + 8, SIGMA[0], KC + 10);
362	316	camellia_feistel(KC + 10, SIGMA[1], KC + 8);
363
364	1.58k	for (i = 0; i < 4; ++i) {
365	1.26k	KC[8 + i] ^= KC[i];
366	1.26k	}
367
368	316	camellia_feistel(KC + 8, SIGMA[2], KC + 10);
369	316	camellia_feistel(KC + 10, SIGMA[3], KC + 8);
370
371	316	if (keybits > 128) {
372		/* Generate KB */
373	1.02k	for (i = 0; i < 4; ++i) {
374	816	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
375	816	}
376
377	204	camellia_feistel(KC + 12, SIGMA[4], KC + 14);
378	204	camellia_feistel(KC + 14, SIGMA[5], KC + 12);
379	204	}
380
381		/*
382		* Generating subkeys
383		*/
384
385		/* Manipulating KL */
386	316	SHIFT_AND_PLACE(idx, 0);
387
388		/* Manipulating KR */
389	316	if (keybits > 128) {
390	204	SHIFT_AND_PLACE(idx, 1);
391	204	}
392
393		/* Manipulating KA */
394	316	SHIFT_AND_PLACE(idx, 2);
395
396		/* Manipulating KB */
397	316	if (keybits > 128) {
398	204	SHIFT_AND_PLACE(idx, 3);
399	204	}
400
401		/* Do transpositions */
402	6.63k	for (i = 0; i < 20; i++) {
403	6.32k	if (transposes[idx][i] != -1) {
404	4.24k	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
405	4.24k	}
406	6.32k	}
407
408	316	return 0;
409	316	}
410
411		/*
412		* Camellia key schedule (decryption)
413		*/
414		int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
415		const unsigned char *key,
416		unsigned int keybits)
417	100	{
418	100	int idx, ret;
419	100	size_t i;
420	100	mbedtls_camellia_context cty;
421	100	uint32_t *RK;
422	100	uint32_t *SK;
423
424	100	mbedtls_camellia_init(&cty);
425
426		/* Also checks keybits */
427	100	if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
428	0	goto exit;
429	0	}
430
431	100	ctx->nr = cty.nr;
432	100	idx = (ctx->nr == 4);
433
434	100	RK = ctx->rk;
435	100	SK = cty.rk + 24 * 2 + 8 * idx * 2;
436
437	100	RK++ = SK++;
438	100	RK++ = SK++;
439	100	RK++ = SK++;
440	100	RK++ = SK++;
441
442	2.90k	for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
443	2.80k	RK++ = SK++;
444	2.80k	RK++ = SK++;
445	2.80k	}
446
447	100	SK -= 2;
448
449	100	RK++ = SK++;
450	100	RK++ = SK++;
451	100	RK++ = SK++;
452	100	RK++ = SK++;
453
454	100	exit:
455	100	mbedtls_camellia_free(&cty);
456
457	100	return ret;
458	100	}
459
460		/*
461		* Camellia-ECB block encryption/decryption
462		*/
463		int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
464		int mode,
465		const unsigned char input[16],
466		unsigned char output[16])
467	6.59k	{
468	6.59k	int NR;
469	6.59k	uint32_t *RK, X[4];
470	6.59k	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
471	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
472	0	}
473
474	6.59k	((void) mode);
475
476	6.59k	NR = ctx->nr;
477	6.59k	RK = ctx->rk;
478
479	6.59k	X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
480	6.59k	X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
481	6.59k	X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
482	6.59k	X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
483
484	6.59k	X[0] ^= *RK++;
485	6.59k	X[1] ^= *RK++;
486	6.59k	X[2] ^= *RK++;
487	6.59k	X[3] ^= *RK++;
488
489	30.8k	while (NR) {
490	24.2k	--NR;
491	24.2k	camellia_feistel(X, RK, X + 2);
492	24.2k	RK += 2;
493	24.2k	camellia_feistel(X + 2, RK, X);
494	24.2k	RK += 2;
495	24.2k	camellia_feistel(X, RK, X + 2);
496	24.2k	RK += 2;
497	24.2k	camellia_feistel(X + 2, RK, X);
498	24.2k	RK += 2;
499	24.2k	camellia_feistel(X, RK, X + 2);
500	24.2k	RK += 2;
501	24.2k	camellia_feistel(X + 2, RK, X);
502	24.2k	RK += 2;
503
504	24.2k	if (NR) {
505	17.6k	FL(X[0], X[1], RK[0], RK[1]);
506	17.6k	RK += 2;
507	17.6k	FLInv(X[2], X[3], RK[0], RK[1]);
508	17.6k	RK += 2;
509	17.6k	}
510	24.2k	}
511
512	6.59k	X[2] ^= *RK++;
513	6.59k	X[3] ^= *RK++;
514	6.59k	X[0] ^= *RK++;
515	6.59k	X[1] ^= *RK++;
516
517	6.59k	MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
518	6.59k	MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
519	6.59k	MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
520	6.59k	MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
521
522	6.59k	return 0;
523	6.59k	}
524
525		#if defined(MBEDTLS_CIPHER_MODE_CBC)
526		/*
527		* Camellia-CBC buffer encryption/decryption
528		*/
529		int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
530		int mode,
531		size_t length,
532		unsigned char iv[16],
533		const unsigned char *input,
534		unsigned char *output)
535	273	{
536	273	unsigned char temp[16];
537	273	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
538	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
539	0	}
540
541	273	if (length % 16) {
542	0	return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
543	0	}
544
545	273	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
546	2.02k	while (length > 0) {
547	1.98k	memcpy(temp, input, 16);
548	1.98k	mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
549
550	1.98k	mbedtls_xor(output, output, iv, 16);
551
552	1.98k	memcpy(iv, temp, 16);
553
554	1.98k	input += 16;
555	1.98k	output += 16;
556	1.98k	length -= 16;
557	1.98k	}
558	235	} else {
559	961	while (length > 0) {
560	726	mbedtls_xor(output, input, iv, 16);
561
562	726	mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
563	726	memcpy(iv, output, 16);
564
565	726	input += 16;
566	726	output += 16;
567	726	length -= 16;
568	726	}
569	235	}
570
571	273	return 0;
572	273	}
573		#endif /* MBEDTLS_CIPHER_MODE_CBC */
574
575		#if defined(MBEDTLS_CIPHER_MODE_CFB)
576		/*
577		* Camellia-CFB128 buffer encryption/decryption
578		*/
579		int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
580		int mode,
581		size_t length,
582		size_t *iv_off,
583		unsigned char iv[16],
584		const unsigned char *input,
585		unsigned char *output)
586	0	{
587	0	int c;
588	0	size_t n;
589	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
590	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
591	0	}
592
593	0	n = *iv_off;
594	0	if (n >= 16) {
595	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
596	0	}
597
598	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
599	0	while (length--) {
600	0	if (n == 0) {
601	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
602	0	}
603
604	0	c = *input++;
605	0	*output++ = (unsigned char) (c ^ iv[n]);
606	0	iv[n] = (unsigned char) c;
607
608	0	n = (n + 1) & 0x0F;
609	0	}
610	0	} else {
611	0	while (length--) {
612	0	if (n == 0) {
613	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
614	0	}
615
616	0	iv[n] = output++ = (unsigned char) (iv[n] ^ input++);
617
618	0	n = (n + 1) & 0x0F;
619	0	}
620	0	}
621
622	0	*iv_off = n;
623
624	0	return 0;
625	0	}
626		#endif /* MBEDTLS_CIPHER_MODE_CFB */
627
628		#if defined(MBEDTLS_CIPHER_MODE_CTR)
629		/*
630		* Camellia-CTR buffer encryption/decryption
631		*/
632		int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
633		size_t length,
634		size_t *nc_off,
635		unsigned char nonce_counter[16],
636		unsigned char stream_block[16],
637		const unsigned char *input,
638		unsigned char *output)
639	0	{
640	0	int c, i;
641	0	size_t n;
642
643	0	n = *nc_off;
644	0	if (n >= 16) {
645	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
646	0	}
647
648	0	while (length--) {
649	0	if (n == 0) {
650	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
651	0	stream_block);
652
653	0	for (i = 16; i > 0; i--) {
654	0	if (++nonce_counter[i - 1] != 0) {
655	0	break;
656	0	}
657	0	}
658	0	}
659	0	c = *input++;
660	0	*output++ = (unsigned char) (c ^ stream_block[n]);
661
662	0	n = (n + 1) & 0x0F;
663	0	}
664
665	0	*nc_off = n;
666
667	0	return 0;
668	0	}
669		#endif /* MBEDTLS_CIPHER_MODE_CTR */
670		#endif /* !MBEDTLS_CAMELLIA_ALT */
671
672		#if defined(MBEDTLS_SELF_TEST)
673
674		/*
675		* Camellia test vectors from:
676		*
677		* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
678		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
679		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
680		* (For each bitlength: Key 0, Nr 39)
681		*/
682	0	#define CAMELLIA_TESTS_ECB 2
683
684		static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
685		{
686		{
687		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
688		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
689		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
690		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
691		},
692		{
693		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
694		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
695		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
696		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699		},
700		{
701		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
702		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
703		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
704		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
705		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
708		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
709		},
710		};
711
712		static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
713		{
714		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
715		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
716		{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
717		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718		};
719
720		static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
721		{
722		{
723		{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
724		0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
725		{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
726		0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
727		},
728		{
729		{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
730		0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
731		{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
732		0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
733		},
734		{
735		{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
736		0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
737		{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
738		0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
739		}
740		};
741
742		#if defined(MBEDTLS_CIPHER_MODE_CBC)
743	0	#define CAMELLIA_TESTS_CBC 3
744
745		static const unsigned char camellia_test_cbc_key[3][32] =
746		{
747		{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
748		0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
749		,
750		{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
751		0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
752		0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
753		,
754		{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
755		0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
756		0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
757		0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
758		};
759
760		static const unsigned char camellia_test_cbc_iv[16] =
761
762		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
763		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
764		;
765
766		static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
767		{
768		{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
769		0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
770		{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
771		0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
772		{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
773		0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
774
775		};
776
777		static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
778		{
779		{
780		{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
781		0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
782		{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
783		0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
784		{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
785		0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
786		},
787		{
788		{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
789		0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
790		{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
791		0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
792		{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
793		0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
794		},
795		{
796		{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
797		0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
798		{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
799		0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
800		{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
801		0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
802		}
803		};
804		#endif /* MBEDTLS_CIPHER_MODE_CBC */
805
806		#if defined(MBEDTLS_CIPHER_MODE_CTR)
807		/*
808		* Camellia-CTR test vectors from:
809		*
810		* http://www.faqs.org/rfcs/rfc5528.html
811		*/
812
813		static const unsigned char camellia_test_ctr_key[3][16] =
814		{
815		{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
816		0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
817		{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
818		0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
819		{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
820		0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
821		};
822
823		static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
824		{
825		{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
826		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
827		{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
828		0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
829		{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
830		0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
831		};
832
833		static const unsigned char camellia_test_ctr_pt[3][48] =
834		{
835		{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
836		0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
837
838		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
842
843		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
844		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
845		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
846		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
847		0x20, 0x21, 0x22, 0x23 }
848		};
849
850		static const unsigned char camellia_test_ctr_ct[3][48] =
851		{
852		{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
853		0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
854		{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
855		0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
856		0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
857		0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
858		{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
859		0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
860		0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
861		0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
862		0xDF, 0x50, 0x86, 0x96 }
863		};
864
865		static const int camellia_test_ctr_len[3] =
866		{ 16, 32, 36 };
867		#endif /* MBEDTLS_CIPHER_MODE_CTR */
868
869		/*
870		* Checkup routine
871		*/
872		int mbedtls_camellia_self_test(int verbose)
873	0	{
874	0	int i, j, u, v;
875	0	unsigned char key[32];
876	0	unsigned char buf[64];
877	0	unsigned char src[16];
878	0	unsigned char dst[16];
879	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
880	0	unsigned char iv[16];
881	0	#endif
882	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
883	0	size_t offset, len;
884	0	unsigned char nonce_counter[16];
885	0	unsigned char stream_block[16];
886	0	#endif
887	0	int ret = 1;
888
889	0	mbedtls_camellia_context ctx;
890
891	0	mbedtls_camellia_init(&ctx);
892	0	memset(key, 0, 32);
893
894	0	for (j = 0; j < 6; j++) {
895	0	u = j >> 1;
896	0	v = j & 1;
897
898	0	if (verbose != 0) {
899	0	mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
900	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
901	0	}
902
903	0	for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
904	0	memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
905
906	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908	0	memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909	0	memcpy(dst, camellia_test_ecb_plain[i], 16);
910	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
911	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
912	0	memcpy(src, camellia_test_ecb_plain[i], 16);
913	0	memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
914	0	}
915
916	0	mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
917
918	0	if (memcmp(buf, dst, 16) != 0) {
919	0	if (verbose != 0) {
920	0	mbedtls_printf("failed\n");
921	0	}
922	0	goto exit;
923	0	}
924	0	}
925
926	0	if (verbose != 0) {
927	0	mbedtls_printf("passed\n");
928	0	}
929	0	}
930
931	0	if (verbose != 0) {
932	0	mbedtls_printf("\n");
933	0	}
934
935	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
936		/*
937		* CBC mode
938		*/
939	0	for (j = 0; j < 6; j++) {
940	0	u = j >> 1;
941	0	v = j & 1;
942
943	0	if (verbose != 0) {
944	0	mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
945	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
946	0	}
947
948	0	memcpy(src, camellia_test_cbc_iv, 16);
949	0	memcpy(dst, camellia_test_cbc_iv, 16);
950	0	memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
951
952	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
953	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
954	0	} else {
955	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
956	0	}
957
958	0	for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
959
960	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
961	0	memcpy(iv, src, 16);
962	0	memcpy(src, camellia_test_cbc_cipher[u][i], 16);
963	0	memcpy(dst, camellia_test_cbc_plain[i], 16);
964	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
965	0	memcpy(iv, dst, 16);
966	0	memcpy(src, camellia_test_cbc_plain[i], 16);
967	0	memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
968	0	}
969
970	0	mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
971
972	0	if (memcmp(buf, dst, 16) != 0) {
973	0	if (verbose != 0) {
974	0	mbedtls_printf("failed\n");
975	0	}
976	0	goto exit;
977	0	}
978	0	}
979
980	0	if (verbose != 0) {
981	0	mbedtls_printf("passed\n");
982	0	}
983	0	}
984	0	#endif /* MBEDTLS_CIPHER_MODE_CBC */
985
986	0	if (verbose != 0) {
987	0	mbedtls_printf("\n");
988	0	}
989
990	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
991		/*
992		* CTR mode
993		*/
994	0	for (i = 0; i < 6; i++) {
995	0	u = i >> 1;
996	0	v = i & 1;
997
998	0	if (verbose != 0) {
999	0	mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1000	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1001	0	}
1002
1003	0	memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1004	0	memcpy(key, camellia_test_ctr_key[u], 16);
1005
1006	0	offset = 0;
1007	0	mbedtls_camellia_setkey_enc(&ctx, key, 128);
1008
1009	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1010	0	len = camellia_test_ctr_len[u];
1011	0	memcpy(buf, camellia_test_ctr_ct[u], len);
1012
1013	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1014	0	buf, buf);
1015
1016	0	if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1017	0	if (verbose != 0) {
1018	0	mbedtls_printf("failed\n");
1019	0	}
1020	0	goto exit;
1021	0	}
1022	0	} else {
1023	0	len = camellia_test_ctr_len[u];
1024	0	memcpy(buf, camellia_test_ctr_pt[u], len);
1025
1026	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1027	0	buf, buf);
1028
1029	0	if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1030	0	if (verbose != 0) {
1031	0	mbedtls_printf("failed\n");
1032	0	}
1033	0	goto exit;
1034	0	}
1035	0	}
1036
1037	0	if (verbose != 0) {
1038	0	mbedtls_printf("passed\n");
1039	0	}
1040	0	}
1041
1042	0	if (verbose != 0) {
1043	0	mbedtls_printf("\n");
1044	0	}
1045	0	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1046
1047	0	ret = 0;
1048
1049	0	exit:
1050	0	mbedtls_camellia_free(&ctx);
1051	0	return ret;
1052	0	}
1053
1054		#endif /* MBEDTLS_SELF_TEST */
1055
1056		#endif /* MBEDTLS_CAMELLIA_C */

Coverage Report

Created: 2024-08-01 14:30