/src/mbedtls/library/camellia.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Camellia implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License"); you may
8		* not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19		/*
20		* The Camellia block cipher was designed by NTT and Mitsubishi Electric
21		* Corporation.
22		*
23		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
24		*/
25
26		#include "common.h"
27
28		#if defined(MBEDTLS_CAMELLIA_C)
29
30		#include "mbedtls/camellia.h"
31		#include "mbedtls/platform_util.h"
32
33		#include <string.h>
34
35		#include "mbedtls/platform.h"
36
37		#if !defined(MBEDTLS_CAMELLIA_ALT)
38
39		static const unsigned char SIGMA_CHARS[6][8] =
40		{
41		{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
42		{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
43		{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
44		{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
45		{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
46		{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
47		};
48
49		#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
50
51		static const unsigned char FSb[256] =
52		{
53		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
54		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
55		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
56		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
57		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
58		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
59		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
60		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
61		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
62		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
63		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
64		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
65		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
66		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
67		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
68		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
69		};
70
71		#define SBOX1(n) FSb[(n)]
72		#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
73		#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
74		#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
75
76		#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
77
78		static const unsigned char FSb[256] =
79		{
80		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
81		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
82		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
83		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
84		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
85		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
86		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
87		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
88		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
89		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
90		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
91		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
92		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
93		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
94		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
95		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
96		};
97
98		static const unsigned char FSb2[256] =
99		{
100		224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
101		70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
102		13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
103		77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
104		23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
105		191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
106		40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
107		253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
108		85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
109		32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
110		15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
111		164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
112		211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
113		240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
114		228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
115		128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
116		};
117
118		static const unsigned char FSb3[256] =
119		{
120		56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
121		145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
122		67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
123		83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
124		197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
125		239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
126		10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
127		127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
128		85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
129		8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
130		195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
131		41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
132		244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
133		60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
134		57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
135		32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
136		};
137
138		static const unsigned char FSb4[256] =
139		{
140		112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
141		134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
142		139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
143		20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
144		170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
145		135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
146		233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
147		114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
148		130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
149		184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
150		13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
151		88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
152		208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
153		92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
154		121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
155		7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
156		};
157
158	58.9k	#define SBOX1(n) FSb[(n)]
159	58.9k	#define SBOX2(n) FSb2[(n)]
160	58.9k	#define SBOX3(n) FSb3[(n)]
161	58.9k	#define SBOX4(n) FSb4[(n)]
162
163		#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
164
165		static const unsigned char shifts[2][4][4] =
166		{
167		{
168		{ 1, 1, 1, 1 }, /* KL */
169		{ 0, 0, 0, 0 }, /* KR */
170		{ 1, 1, 1, 1 }, /* KA */
171		{ 0, 0, 0, 0 } /* KB */
172		},
173		{
174		{ 1, 0, 1, 1 }, /* KL */
175		{ 1, 1, 0, 1 }, /* KR */
176		{ 1, 1, 1, 0 }, /* KA */
177		{ 1, 1, 0, 1 } /* KB */
178		}
179		};
180
181		static const signed char indexes[2][4][20] =
182		{
183		{
184		{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
185		36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
186		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
187		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
188		{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
189		18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
190		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
191		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
192		},
193		{
194		{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
195		-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
196		{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
197		18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
198		{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
199		56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
200		{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
201		22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
202		}
203		};
204
205		static const signed char transposes[2][20] =
206		{
207		{
208		21, 22, 23, 20,
209		-1, -1, -1, -1,
210		18, 19, 16, 17,
211		11, 8, 9, 10,
212		15, 12, 13, 14
213		},
214		{
215		25, 26, 27, 24,
216		29, 30, 31, 28,
217		18, 19, 16, 17,
218		-1, -1, -1, -1,
219		-1, -1, -1, -1
220		}
221		};
222
223		/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
224		#define ROTL(DEST, SRC, SHIFT) \
225	832	{ \
226	832	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
227	832	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
228	832	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
229	832	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
230	832	}
231
232		#define FL(XL, XR, KL, KR) \
233	3.35k	{ \
234	3.35k	(XR) = ((((XL) &(KL)) << 1) \| (((XL) &(KL)) >> 31)) ^ (XR); \
235	3.35k	(XL) = ((XR) \| (KR)) ^ (XL); \
236	3.35k	}
237
238		#define FLInv(YL, YR, KL, KR) \
239	3.35k	{ \
240	3.35k	(YL) = ((YR) \| (KR)) ^ (YL); \
241	3.35k	(YR) = ((((YL) &(KL)) << 1) \| (((YL) &(KL)) >> 31)) ^ (YR); \
242	3.35k	}
243
244		#define SHIFT_AND_PLACE(INDEX, OFFSET) \
245	200	{ \
246	200	TK[0] = KC[(OFFSET) * 4 + 0]; \
247	200	TK[1] = KC[(OFFSET) * 4 + 1]; \
248	200	TK[2] = KC[(OFFSET) * 4 + 2]; \
249	200	TK[3] = KC[(OFFSET) * 4 + 3]; \
250	200	\
251	1.00k	for (i = 1; i <= 4; i++) \
252	800	if (shifts[(INDEX)][(OFFSET)][i -1]) \
253	800	ROTL(TK + i * 4, TK, (15 * i) % 32); \
254	200	\
255	4.20k	for (i = 0; i < 20; i++) \
256	4.00k	if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
257	3.15k	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
258	3.15k	} \
259	200	}
260
261		static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
262		uint32_t z[2])
263	29.4k	{
264	29.4k	uint32_t I0, I1;
265	29.4k	I0 = x[0] ^ k[0];
266	29.4k	I1 = x[1] ^ k[1];
267
268	29.4k	I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) \|
269	29.4k	((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) \|
270	29.4k	((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) \|
271	29.4k	((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
272	29.4k	I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) \|
273	29.4k	((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) \|
274	29.4k	((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) \|
275	29.4k	((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
276
277	29.4k	I0 ^= (I1 << 8) \| (I1 >> 24);
278	29.4k	I1 ^= (I0 << 16) \| (I0 >> 16);
279	29.4k	I0 ^= (I1 >> 8) \| (I1 << 24);
280	29.4k	I1 ^= (I0 >> 8) \| (I0 << 24);
281
282	29.4k	z[0] ^= I1;
283	29.4k	z[1] ^= I0;
284	29.4k	}
285
286		void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
287	92	{
288	92	memset(ctx, 0, sizeof(mbedtls_camellia_context));
289	92	}
290
291		void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
292	92	{
293	92	if (ctx == NULL) {
294	0	return;
295	0	}
296
297	92	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
298	92	}
299
300		/*
301		* Camellia key schedule (encryption)
302		*/
303		int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
304		const unsigned char *key,
305		unsigned int keybits)
306	72	{
307	72	int idx;
308	72	size_t i;
309	72	uint32_t *RK;
310	72	unsigned char t[64];
311	72	uint32_t SIGMA[6][2];
312	72	uint32_t KC[16];
313	72	uint32_t TK[20];
314
315	72	RK = ctx->rk;
316
317	72	memset(t, 0, 64);
318	72	memset(RK, 0, sizeof(ctx->rk));
319
320	72	switch (keybits) {
321	44	case 128: ctx->nr = 3; idx = 0; break;
322	0	case 192:
323	28	case 256: ctx->nr = 4; idx = 1; break;
324	0	default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
325	72	}
326
327	1.67k	for (i = 0; i < keybits / 8; ++i) {
328	1.60k	t[i] = key[i];
329	1.60k	}
330
331	72	if (keybits == 192) {
332	0	for (i = 0; i < 8; i++) {
333	0	t[24 + i] = ~t[16 + i];
334	0	}
335	0	}
336
337		/*
338		* Prepare SIGMA values
339		*/
340	504	for (i = 0; i < 6; i++) {
341	432	SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
342	432	SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
343	432	}
344
345		/*
346		* Key storage in KC
347		* Order: KL, KR, KA, KB
348		*/
349	72	memset(KC, 0, sizeof(KC));
350
351		/* Store KL, KR */
352	648	for (i = 0; i < 8; i++) {
353	576	KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
354	576	}
355
356		/* Generate KA */
357	360	for (i = 0; i < 4; ++i) {
358	288	KC[8 + i] = KC[i] ^ KC[4 + i];
359	288	}
360
361	72	camellia_feistel(KC + 8, SIGMA[0], KC + 10);
362	72	camellia_feistel(KC + 10, SIGMA[1], KC + 8);
363
364	360	for (i = 0; i < 4; ++i) {
365	288	KC[8 + i] ^= KC[i];
366	288	}
367
368	72	camellia_feistel(KC + 8, SIGMA[2], KC + 10);
369	72	camellia_feistel(KC + 10, SIGMA[3], KC + 8);
370
371	72	if (keybits > 128) {
372		/* Generate KB */
373	140	for (i = 0; i < 4; ++i) {
374	112	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
375	112	}
376
377	28	camellia_feistel(KC + 12, SIGMA[4], KC + 14);
378	28	camellia_feistel(KC + 14, SIGMA[5], KC + 12);
379	28	}
380
381		/*
382		* Generating subkeys
383		*/
384
385		/* Manipulating KL */
386	72	SHIFT_AND_PLACE(idx, 0);
387
388		/* Manipulating KR */
389	72	if (keybits > 128) {
390	28	SHIFT_AND_PLACE(idx, 1);
391	28	}
392
393		/* Manipulating KA */
394	72	SHIFT_AND_PLACE(idx, 2);
395
396		/* Manipulating KB */
397	72	if (keybits > 128) {
398	28	SHIFT_AND_PLACE(idx, 3);
399	28	}
400
401		/* Do transpositions */
402	1.51k	for (i = 0; i < 20; i++) {
403	1.44k	if (transposes[idx][i] != -1) {
404	1.04k	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
405	1.04k	}
406	1.44k	}
407
408	72	return 0;
409	72	}
410
411		/*
412		* Camellia key schedule (decryption)
413		*/
414		int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
415		const unsigned char *key,
416		unsigned int keybits)
417	20	{
418	20	int idx, ret;
419	20	size_t i;
420	20	mbedtls_camellia_context cty;
421	20	uint32_t *RK;
422	20	uint32_t *SK;
423
424	20	mbedtls_camellia_init(&cty);
425
426		/* Also checks keybits */
427	20	if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
428	0	goto exit;
429	0	}
430
431	20	ctx->nr = cty.nr;
432	20	idx = (ctx->nr == 4);
433
434	20	RK = ctx->rk;
435	20	SK = cty.rk + 24 * 2 + 8 * idx * 2;
436
437	20	RK++ = SK++;
438	20	RK++ = SK++;
439	20	RK++ = SK++;
440	20	RK++ = SK++;
441
442	572	for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
443	552	RK++ = SK++;
444	552	RK++ = SK++;
445	552	}
446
447	20	SK -= 2;
448
449	20	RK++ = SK++;
450	20	RK++ = SK++;
451	20	RK++ = SK++;
452	20	RK++ = SK++;
453
454	20	exit:
455	20	mbedtls_camellia_free(&cty);
456
457	20	return ret;
458	20	}
459
460		/*
461		* Camellia-ECB block encryption/decryption
462		*/
463		int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
464		int mode,
465		const unsigned char input[16],
466		unsigned char output[16])
467	1.50k	{
468	1.50k	int NR;
469	1.50k	uint32_t *RK, X[4];
470	1.50k	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
471	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
472	0	}
473
474	1.50k	((void) mode);
475
476	1.50k	NR = ctx->nr;
477	1.50k	RK = ctx->rk;
478
479	1.50k	X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
480	1.50k	X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
481	1.50k	X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
482	1.50k	X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
483
484	1.50k	X[0] ^= *RK++;
485	1.50k	X[1] ^= *RK++;
486	1.50k	X[2] ^= *RK++;
487	1.50k	X[3] ^= *RK++;
488
489	6.36k	while (NR) {
490	4.85k	--NR;
491	4.85k	camellia_feistel(X, RK, X + 2);
492	4.85k	RK += 2;
493	4.85k	camellia_feistel(X + 2, RK, X);
494	4.85k	RK += 2;
495	4.85k	camellia_feistel(X, RK, X + 2);
496	4.85k	RK += 2;
497	4.85k	camellia_feistel(X + 2, RK, X);
498	4.85k	RK += 2;
499	4.85k	camellia_feistel(X, RK, X + 2);
500	4.85k	RK += 2;
501	4.85k	camellia_feistel(X + 2, RK, X);
502	4.85k	RK += 2;
503
504	4.85k	if (NR) {
505	3.35k	FL(X[0], X[1], RK[0], RK[1]);
506	3.35k	RK += 2;
507	3.35k	FLInv(X[2], X[3], RK[0], RK[1]);
508	3.35k	RK += 2;
509	3.35k	}
510	4.85k	}
511
512	1.50k	X[2] ^= *RK++;
513	1.50k	X[3] ^= *RK++;
514	1.50k	X[0] ^= *RK++;
515	1.50k	X[1] ^= *RK++;
516
517	1.50k	MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
518	1.50k	MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
519	1.50k	MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
520	1.50k	MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
521
522	1.50k	return 0;
523	1.50k	}
524
525		#if defined(MBEDTLS_CIPHER_MODE_CBC)
526		/*
527		* Camellia-CBC buffer encryption/decryption
528		*/
529		int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
530		int mode,
531		size_t length,
532		unsigned char iv[16],
533		const unsigned char *input,
534		unsigned char *output)
535	47	{
536	47	unsigned char temp[16];
537	47	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
538	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
539	0	}
540
541	47	if (length % 16) {
542	0	return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
543	0	}
544
545	47	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
546	316	while (length > 0) {
547	308	memcpy(temp, input, 16);
548	308	mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
549
550	308	mbedtls_xor(output, output, iv, 16);
551
552	308	memcpy(iv, temp, 16);
553
554	308	input += 16;
555	308	output += 16;
556	308	length -= 16;
557	308	}
558	39	} else {
559	135	while (length > 0) {
560	96	mbedtls_xor(output, input, iv, 16);
561
562	96	mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
563	96	memcpy(iv, output, 16);
564
565	96	input += 16;
566	96	output += 16;
567	96	length -= 16;
568	96	}
569	39	}
570
571	47	return 0;
572	47	}
573		#endif /* MBEDTLS_CIPHER_MODE_CBC */
574
575		#if defined(MBEDTLS_CIPHER_MODE_CFB)
576		/*
577		* Camellia-CFB128 buffer encryption/decryption
578		*/
579		int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
580		int mode,
581		size_t length,
582		size_t *iv_off,
583		unsigned char iv[16],
584		const unsigned char *input,
585		unsigned char *output)
586	0	{
587	0	int c;
588	0	size_t n;
589	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
590	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
591	0	}
592
593	0	n = *iv_off;
594	0	if (n >= 16) {
595	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
596	0	}
597
598	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
599	0	while (length--) {
600	0	if (n == 0) {
601	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
602	0	}
603
604	0	c = *input++;
605	0	*output++ = (unsigned char) (c ^ iv[n]);
606	0	iv[n] = (unsigned char) c;
607
608	0	n = (n + 1) & 0x0F;
609	0	}
610	0	} else {
611	0	while (length--) {
612	0	if (n == 0) {
613	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
614	0	}
615
616	0	iv[n] = output++ = (unsigned char) (iv[n] ^ input++);
617
618	0	n = (n + 1) & 0x0F;
619	0	}
620	0	}
621
622	0	*iv_off = n;
623
624	0	return 0;
625	0	}
626		#endif /* MBEDTLS_CIPHER_MODE_CFB */
627
628		#if defined(MBEDTLS_CIPHER_MODE_CTR)
629		/*
630		* Camellia-CTR buffer encryption/decryption
631		*/
632		int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
633		size_t length,
634		size_t *nc_off,
635		unsigned char nonce_counter[16],
636		unsigned char stream_block[16],
637		const unsigned char *input,
638		unsigned char *output)
639	0	{
640	0	int c, i;
641	0	size_t n;
642
643	0	n = *nc_off;
644	0	if (n >= 16) {
645	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
646	0	}
647
648	0	while (length--) {
649	0	if (n == 0) {
650	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
651	0	stream_block);
652
653	0	for (i = 16; i > 0; i--) {
654	0	if (++nonce_counter[i - 1] != 0) {
655	0	break;
656	0	}
657	0	}
658	0	}
659	0	c = *input++;
660	0	*output++ = (unsigned char) (c ^ stream_block[n]);
661
662	0	n = (n + 1) & 0x0F;
663	0	}
664
665	0	*nc_off = n;
666
667	0	return 0;
668	0	}
669		#endif /* MBEDTLS_CIPHER_MODE_CTR */
670		#endif /* !MBEDTLS_CAMELLIA_ALT */
671
672		#if defined(MBEDTLS_SELF_TEST)
673
674		/*
675		* Camellia test vectors from:
676		*
677		* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
678		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
679		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
680		* (For each bitlength: Key 0, Nr 39)
681		*/
682	0	#define CAMELLIA_TESTS_ECB 2
683
684		static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
685		{
686		{
687		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
688		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
689		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
690		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
691		},
692		{
693		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
694		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
695		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
696		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699		},
700		{
701		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
702		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
703		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
704		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
705		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
708		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
709		},
710		};
711
712		static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
713		{
714		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
715		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
716		{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
717		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718		};
719
720		static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
721		{
722		{
723		{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
724		0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
725		{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
726		0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
727		},
728		{
729		{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
730		0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
731		{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
732		0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
733		},
734		{
735		{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
736		0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
737		{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
738		0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
739		}
740		};
741
742		#if defined(MBEDTLS_CIPHER_MODE_CBC)
743	0	#define CAMELLIA_TESTS_CBC 3
744
745		static const unsigned char camellia_test_cbc_key[3][32] =
746		{
747		{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
748		0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
749		,
750		{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
751		0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
752		0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
753		,
754		{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
755		0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
756		0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
757		0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
758		};
759
760		static const unsigned char camellia_test_cbc_iv[16] =
761
762		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
763		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
764		;
765
766		static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
767		{
768		{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
769		0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
770		{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
771		0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
772		{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
773		0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
774
775		};
776
777		static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
778		{
779		{
780		{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
781		0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
782		{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
783		0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
784		{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
785		0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
786		},
787		{
788		{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
789		0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
790		{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
791		0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
792		{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
793		0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
794		},
795		{
796		{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
797		0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
798		{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
799		0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
800		{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
801		0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
802		}
803		};
804		#endif /* MBEDTLS_CIPHER_MODE_CBC */
805
806		#if defined(MBEDTLS_CIPHER_MODE_CTR)
807		/*
808		* Camellia-CTR test vectors from:
809		*
810		* http://www.faqs.org/rfcs/rfc5528.html
811		*/
812
813		static const unsigned char camellia_test_ctr_key[3][16] =
814		{
815		{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
816		0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
817		{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
818		0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
819		{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
820		0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
821		};
822
823		static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
824		{
825		{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
826		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
827		{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
828		0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
829		{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
830		0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
831		};
832
833		static const unsigned char camellia_test_ctr_pt[3][48] =
834		{
835		{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
836		0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
837
838		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
842
843		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
844		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
845		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
846		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
847		0x20, 0x21, 0x22, 0x23 }
848		};
849
850		static const unsigned char camellia_test_ctr_ct[3][48] =
851		{
852		{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
853		0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
854		{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
855		0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
856		0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
857		0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
858		{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
859		0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
860		0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
861		0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
862		0xDF, 0x50, 0x86, 0x96 }
863		};
864
865		static const int camellia_test_ctr_len[3] =
866		{ 16, 32, 36 };
867		#endif /* MBEDTLS_CIPHER_MODE_CTR */
868
869		/*
870		* Checkup routine
871		*/
872		int mbedtls_camellia_self_test(int verbose)
873	0	{
874	0	int i, j, u, v;
875	0	unsigned char key[32];
876	0	unsigned char buf[64];
877	0	unsigned char src[16];
878	0	unsigned char dst[16];
879	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
880	0	unsigned char iv[16];
881	0	#endif
882	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
883	0	size_t offset, len;
884	0	unsigned char nonce_counter[16];
885	0	unsigned char stream_block[16];
886	0	#endif
887	0	int ret = 1;
888
889	0	mbedtls_camellia_context ctx;
890
891	0	mbedtls_camellia_init(&ctx);
892	0	memset(key, 0, 32);
893
894	0	for (j = 0; j < 6; j++) {
895	0	u = j >> 1;
896	0	v = j & 1;
897
898	0	if (verbose != 0) {
899	0	mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
900	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
901	0	}
902
903	0	for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
904	0	memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
905
906	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908	0	memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909	0	memcpy(dst, camellia_test_ecb_plain[i], 16);
910	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
911	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
912	0	memcpy(src, camellia_test_ecb_plain[i], 16);
913	0	memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
914	0	}
915
916	0	mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
917
918	0	if (memcmp(buf, dst, 16) != 0) {
919	0	if (verbose != 0) {
920	0	mbedtls_printf("failed\n");
921	0	}
922	0	goto exit;
923	0	}
924	0	}
925
926	0	if (verbose != 0) {
927	0	mbedtls_printf("passed\n");
928	0	}
929	0	}
930
931	0	if (verbose != 0) {
932	0	mbedtls_printf("\n");
933	0	}
934
935	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
936		/*
937		* CBC mode
938		*/
939	0	for (j = 0; j < 6; j++) {
940	0	u = j >> 1;
941	0	v = j & 1;
942
943	0	if (verbose != 0) {
944	0	mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
945	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
946	0	}
947
948	0	memcpy(src, camellia_test_cbc_iv, 16);
949	0	memcpy(dst, camellia_test_cbc_iv, 16);
950	0	memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
951
952	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
953	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
954	0	} else {
955	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
956	0	}
957
958	0	for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
959
960	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
961	0	memcpy(iv, src, 16);
962	0	memcpy(src, camellia_test_cbc_cipher[u][i], 16);
963	0	memcpy(dst, camellia_test_cbc_plain[i], 16);
964	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
965	0	memcpy(iv, dst, 16);
966	0	memcpy(src, camellia_test_cbc_plain[i], 16);
967	0	memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
968	0	}
969
970	0	mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
971
972	0	if (memcmp(buf, dst, 16) != 0) {
973	0	if (verbose != 0) {
974	0	mbedtls_printf("failed\n");
975	0	}
976	0	goto exit;
977	0	}
978	0	}
979
980	0	if (verbose != 0) {
981	0	mbedtls_printf("passed\n");
982	0	}
983	0	}
984	0	#endif /* MBEDTLS_CIPHER_MODE_CBC */
985
986	0	if (verbose != 0) {
987	0	mbedtls_printf("\n");
988	0	}
989
990	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
991		/*
992		* CTR mode
993		*/
994	0	for (i = 0; i < 6; i++) {
995	0	u = i >> 1;
996	0	v = i & 1;
997
998	0	if (verbose != 0) {
999	0	mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1000	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1001	0	}
1002
1003	0	memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1004	0	memcpy(key, camellia_test_ctr_key[u], 16);
1005
1006	0	offset = 0;
1007	0	mbedtls_camellia_setkey_enc(&ctx, key, 128);
1008
1009	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1010	0	len = camellia_test_ctr_len[u];
1011	0	memcpy(buf, camellia_test_ctr_ct[u], len);
1012
1013	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1014	0	buf, buf);
1015
1016	0	if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1017	0	if (verbose != 0) {
1018	0	mbedtls_printf("failed\n");
1019	0	}
1020	0	goto exit;
1021	0	}
1022	0	} else {
1023	0	len = camellia_test_ctr_len[u];
1024	0	memcpy(buf, camellia_test_ctr_pt[u], len);
1025
1026	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1027	0	buf, buf);
1028
1029	0	if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1030	0	if (verbose != 0) {
1031	0	mbedtls_printf("failed\n");
1032	0	}
1033	0	goto exit;
1034	0	}
1035	0	}
1036
1037	0	if (verbose != 0) {
1038	0	mbedtls_printf("passed\n");
1039	0	}
1040	0	}
1041
1042	0	if (verbose != 0) {
1043	0	mbedtls_printf("\n");
1044	0	}
1045	0	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1046
1047	0	ret = 0;
1048
1049	0	exit:
1050	0	mbedtls_camellia_free(&ctx);
1051	0	return ret;
1052	0	}
1053
1054		#endif /* MBEDTLS_SELF_TEST */
1055
1056		#endif /* MBEDTLS_CAMELLIA_C */

Coverage Report

Created: 2024-01-21 07:00