/src/mbedtls/library/camellia.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Camellia implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License"); you may
8		* not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19		/*
20		* The Camellia block cipher was designed by NTT and Mitsubishi Electric
21		* Corporation.
22		*
23		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
24		*/
25
26		#include "common.h"
27
28		#if defined(MBEDTLS_CAMELLIA_C)
29
30		#include "mbedtls/camellia.h"
31		#include "mbedtls/platform_util.h"
32
33		#include <string.h>
34
35		#include "mbedtls/platform.h"
36
37		#if !defined(MBEDTLS_CAMELLIA_ALT)
38
39		static const unsigned char SIGMA_CHARS[6][8] =
40		{
41		{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
42		{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
43		{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
44		{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
45		{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
46		{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
47		};
48
49		#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
50
51		static const unsigned char FSb[256] =
52		{
53		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
54		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
55		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
56		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
57		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
58		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
59		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
60		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
61		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
62		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
63		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
64		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
65		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
66		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
67		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
68		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
69		};
70
71		#define SBOX1(n) FSb[(n)]
72		#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
73		#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
74		#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
75
76		#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
77
78		static const unsigned char FSb[256] =
79		{
80		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
81		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
82		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
83		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
84		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
85		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
86		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
87		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
88		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
89		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
90		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
91		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
92		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
93		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
94		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
95		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
96		};
97
98		static const unsigned char FSb2[256] =
99		{
100		224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
101		70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
102		13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
103		77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
104		23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
105		191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
106		40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
107		253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
108		85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
109		32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
110		15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
111		164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
112		211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
113		240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
114		228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
115		128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
116		};
117
118		static const unsigned char FSb3[256] =
119		{
120		56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
121		145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
122		67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
123		83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
124		197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
125		239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
126		10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
127		127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
128		85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
129		8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
130		195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
131		41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
132		244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
133		60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
134		57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
135		32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
136		};
137
138		static const unsigned char FSb4[256] =
139		{
140		112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
141		134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
142		139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
143		20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
144		170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
145		135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
146		233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
147		114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
148		130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
149		184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
150		13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
151		88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
152		208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
153		92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
154		121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
155		7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
156		};
157
158	20.4k	#define SBOX1(n) FSb[(n)]
159	20.4k	#define SBOX2(n) FSb2[(n)]
160	20.4k	#define SBOX3(n) FSb3[(n)]
161	20.4k	#define SBOX4(n) FSb4[(n)]
162
163		#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
164
165		static const unsigned char shifts[2][4][4] =
166		{
167		{
168		{ 1, 1, 1, 1 }, /* KL */
169		{ 0, 0, 0, 0 }, /* KR */
170		{ 1, 1, 1, 1 }, /* KA */
171		{ 0, 0, 0, 0 } /* KB */
172		},
173		{
174		{ 1, 0, 1, 1 }, /* KL */
175		{ 1, 1, 0, 1 }, /* KR */
176		{ 1, 1, 1, 0 }, /* KA */
177		{ 1, 1, 0, 1 } /* KB */
178		}
179		};
180
181		static const signed char indexes[2][4][20] =
182		{
183		{
184		{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
185		36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
186		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
187		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
188		{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
189		18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
190		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
191		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
192		},
193		{
194		{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
195		-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
196		{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
197		18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
198		{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
199		56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
200		{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
201		22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
202		}
203		};
204
205		static const signed char transposes[2][20] =
206		{
207		{
208		21, 22, 23, 20,
209		-1, -1, -1, -1,
210		18, 19, 16, 17,
211		11, 8, 9, 10,
212		15, 12, 13, 14
213		},
214		{
215		25, 26, 27, 24,
216		29, 30, 31, 28,
217		18, 19, 16, 17,
218		-1, -1, -1, -1,
219		-1, -1, -1, -1
220		}
221		};
222
223		/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
224		#define ROTL(DEST, SRC, SHIFT) \
225	404	{ \
226	404	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
227	404	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
228	404	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
229	404	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
230	404	}
231
232		#define FL(XL, XR, KL, KR) \
233	1.12k	{ \
234	1.12k	(XR) = ((((XL) &(KL)) << 1) \| (((XL) &(KL)) >> 31)) ^ (XR); \
235	1.12k	(XL) = ((XR) \| (KR)) ^ (XL); \
236	1.12k	}
237
238		#define FLInv(YL, YR, KL, KR) \
239	1.12k	{ \
240	1.12k	(YL) = ((YR) \| (KR)) ^ (YL); \
241	1.12k	(YR) = ((((YL) &(KL)) << 1) \| (((YL) &(KL)) >> 31)) ^ (YR); \
242	1.12k	}
243
244		#define SHIFT_AND_PLACE(INDEX, OFFSET) \
245	88	{ \
246	88	TK[0] = KC[(OFFSET) * 4 + 0]; \
247	88	TK[1] = KC[(OFFSET) * 4 + 1]; \
248	88	TK[2] = KC[(OFFSET) * 4 + 2]; \
249	88	TK[3] = KC[(OFFSET) * 4 + 3]; \
250	88	\
251	440	for (i = 1; i <= 4; i++) \
252	352	if (shifts[(INDEX)][(OFFSET)][i -1]) \
253	352	ROTL(TK + i * 4, TK, (15 * i) % 32); \
254	88	\
255	1.84k	for (i = 0; i < 20; i++) \
256	1.76k	if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
257	1.48k	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
258	1.48k	} \
259	88	}
260
261		static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
262		uint32_t z[2])
263	10.2k	{
264	10.2k	uint32_t I0, I1;
265	10.2k	I0 = x[0] ^ k[0];
266	10.2k	I1 = x[1] ^ k[1];
267
268	10.2k	I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) \|
269	10.2k	((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) \|
270	10.2k	((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) \|
271	10.2k	((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
272	10.2k	I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) \|
273	10.2k	((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) \|
274	10.2k	((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) \|
275	10.2k	((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
276
277	10.2k	I0 ^= (I1 << 8) \| (I1 >> 24);
278	10.2k	I1 ^= (I0 << 16) \| (I0 >> 16);
279	10.2k	I0 ^= (I1 >> 8) \| (I1 << 24);
280	10.2k	I1 ^= (I0 >> 8) \| (I0 << 24);
281
282	10.2k	z[0] ^= I1;
283	10.2k	z[1] ^= I0;
284	10.2k	}
285
286		void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
287	52	{
288	52	memset(ctx, 0, sizeof(mbedtls_camellia_context));
289	52	}
290
291		void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
292	52	{
293	52	if (ctx == NULL) {
294	0	return;
295	0	}
296
297	52	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
298	52	}
299
300		/*
301		* Camellia key schedule (encryption)
302		*/
303		int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
304		const unsigned char *key,
305		unsigned int keybits)
306	38	{
307	38	int idx;
308	38	size_t i;
309	38	uint32_t *RK;
310	38	unsigned char t[64];
311	38	uint32_t SIGMA[6][2];
312	38	uint32_t KC[16];
313	38	uint32_t TK[20];
314
315	38	RK = ctx->rk;
316
317	38	memset(t, 0, 64);
318	38	memset(RK, 0, sizeof(ctx->rk));
319
320	38	switch (keybits) {
321	32	case 128: ctx->nr = 3; idx = 0; break;
322	0	case 192:
323	6	case 256: ctx->nr = 4; idx = 1; break;
324	0	default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
325	38	}
326
327	742	for (i = 0; i < keybits / 8; ++i) {
328	704	t[i] = key[i];
329	704	}
330
331	38	if (keybits == 192) {
332	0	for (i = 0; i < 8; i++) {
333	0	t[24 + i] = ~t[16 + i];
334	0	}
335	0	}
336
337		/*
338		* Prepare SIGMA values
339		*/
340	266	for (i = 0; i < 6; i++) {
341	228	SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
342	228	SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
343	228	}
344
345		/*
346		* Key storage in KC
347		* Order: KL, KR, KA, KB
348		*/
349	38	memset(KC, 0, sizeof(KC));
350
351		/* Store KL, KR */
352	342	for (i = 0; i < 8; i++) {
353	304	KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
354	304	}
355
356		/* Generate KA */
357	190	for (i = 0; i < 4; ++i) {
358	152	KC[8 + i] = KC[i] ^ KC[4 + i];
359	152	}
360
361	38	camellia_feistel(KC + 8, SIGMA[0], KC + 10);
362	38	camellia_feistel(KC + 10, SIGMA[1], KC + 8);
363
364	190	for (i = 0; i < 4; ++i) {
365	152	KC[8 + i] ^= KC[i];
366	152	}
367
368	38	camellia_feistel(KC + 8, SIGMA[2], KC + 10);
369	38	camellia_feistel(KC + 10, SIGMA[3], KC + 8);
370
371	38	if (keybits > 128) {
372		/* Generate KB */
373	30	for (i = 0; i < 4; ++i) {
374	24	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
375	24	}
376
377	6	camellia_feistel(KC + 12, SIGMA[4], KC + 14);
378	6	camellia_feistel(KC + 14, SIGMA[5], KC + 12);
379	6	}
380
381		/*
382		* Generating subkeys
383		*/
384
385		/* Manipulating KL */
386	38	SHIFT_AND_PLACE(idx, 0);
387
388		/* Manipulating KR */
389	38	if (keybits > 128) {
390	6	SHIFT_AND_PLACE(idx, 1);
391	6	}
392
393		/* Manipulating KA */
394	38	SHIFT_AND_PLACE(idx, 2);
395
396		/* Manipulating KB */
397	38	if (keybits > 128) {
398	6	SHIFT_AND_PLACE(idx, 3);
399	6	}
400
401		/* Do transpositions */
402	798	for (i = 0; i < 20; i++) {
403	760	if (transposes[idx][i] != -1) {
404	584	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
405	584	}
406	760	}
407
408	38	return 0;
409	38	}
410
411		/*
412		* Camellia key schedule (decryption)
413		*/
414		int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
415		const unsigned char *key,
416		unsigned int keybits)
417	14	{
418	14	int idx, ret;
419	14	size_t i;
420	14	mbedtls_camellia_context cty;
421	14	uint32_t *RK;
422	14	uint32_t *SK;
423
424	14	mbedtls_camellia_init(&cty);
425
426		/* Also checks keybits */
427	14	if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
428	0	goto exit;
429	0	}
430
431	14	ctx->nr = cty.nr;
432	14	idx = (ctx->nr == 4);
433
434	14	RK = ctx->rk;
435	14	SK = cty.rk + 24 * 2 + 8 * idx * 2;
436
437	14	RK++ = SK++;
438	14	RK++ = SK++;
439	14	RK++ = SK++;
440	14	RK++ = SK++;
441
442	330	for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
443	316	RK++ = SK++;
444	316	RK++ = SK++;
445	316	}
446
447	14	SK -= 2;
448
449	14	RK++ = SK++;
450	14	RK++ = SK++;
451	14	RK++ = SK++;
452	14	RK++ = SK++;
453
454	14	exit:
455	14	mbedtls_camellia_free(&cty);
456
457	14	return ret;
458	14	}
459
460		/*
461		* Camellia-ECB block encryption/decryption
462		*/
463		int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
464		int mode,
465		const unsigned char input[16],
466		unsigned char output[16])
467	551	{
468	551	int NR;
469	551	uint32_t *RK, X[4];
470	551	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
471	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
472	0	}
473
474	551	((void) mode);
475
476	551	NR = ctx->nr;
477	551	RK = ctx->rk;
478
479	551	X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
480	551	X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
481	551	X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
482	551	X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
483
484	551	X[0] ^= *RK++;
485	551	X[1] ^= *RK++;
486	551	X[2] ^= *RK++;
487	551	X[3] ^= *RK++;
488
489	2.22k	while (NR) {
490	1.67k	--NR;
491	1.67k	camellia_feistel(X, RK, X + 2);
492	1.67k	RK += 2;
493	1.67k	camellia_feistel(X + 2, RK, X);
494	1.67k	RK += 2;
495	1.67k	camellia_feistel(X, RK, X + 2);
496	1.67k	RK += 2;
497	1.67k	camellia_feistel(X + 2, RK, X);
498	1.67k	RK += 2;
499	1.67k	camellia_feistel(X, RK, X + 2);
500	1.67k	RK += 2;
501	1.67k	camellia_feistel(X + 2, RK, X);
502	1.67k	RK += 2;
503
504	1.67k	if (NR) {
505	1.12k	FL(X[0], X[1], RK[0], RK[1]);
506	1.12k	RK += 2;
507	1.12k	FLInv(X[2], X[3], RK[0], RK[1]);
508	1.12k	RK += 2;
509	1.12k	}
510	1.67k	}
511
512	551	X[2] ^= *RK++;
513	551	X[3] ^= *RK++;
514	551	X[0] ^= *RK++;
515	551	X[1] ^= *RK++;
516
517	551	MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
518	551	MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
519	551	MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
520	551	MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
521
522	551	return 0;
523	551	}
524
525		#if defined(MBEDTLS_CIPHER_MODE_CBC)
526		/*
527		* Camellia-CBC buffer encryption/decryption
528		*/
529		int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
530		int mode,
531		size_t length,
532		unsigned char iv[16],
533		const unsigned char *input,
534		unsigned char *output)
535	41	{
536	41	unsigned char temp[16];
537	41	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
538	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
539	0	}
540
541	41	if (length % 16) {
542	0	return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
543	0	}
544
545	41	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
546	429	while (length > 0) {
547	420	memcpy(temp, input, 16);
548	420	mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
549
550	420	mbedtls_xor(output, output, iv, 16);
551
552	420	memcpy(iv, temp, 16);
553
554	420	input += 16;
555	420	output += 16;
556	420	length -= 16;
557	420	}
558	32	} else {
559	122	while (length > 0) {
560	90	mbedtls_xor(output, input, iv, 16);
561
562	90	mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
563	90	memcpy(iv, output, 16);
564
565	90	input += 16;
566	90	output += 16;
567	90	length -= 16;
568	90	}
569	32	}
570
571	41	return 0;
572	41	}
573		#endif /* MBEDTLS_CIPHER_MODE_CBC */
574
575		#if defined(MBEDTLS_CIPHER_MODE_CFB)
576		/*
577		* Camellia-CFB128 buffer encryption/decryption
578		*/
579		int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
580		int mode,
581		size_t length,
582		size_t *iv_off,
583		unsigned char iv[16],
584		const unsigned char *input,
585		unsigned char *output)
586	0	{
587	0	int c;
588	0	size_t n;
589	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
590	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
591	0	}
592
593	0	n = *iv_off;
594	0	if (n >= 16) {
595	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
596	0	}
597
598	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
599	0	while (length--) {
600	0	if (n == 0) {
601	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
602	0	}
603
604	0	c = *input++;
605	0	*output++ = (unsigned char) (c ^ iv[n]);
606	0	iv[n] = (unsigned char) c;
607
608	0	n = (n + 1) & 0x0F;
609	0	}
610	0	} else {
611	0	while (length--) {
612	0	if (n == 0) {
613	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
614	0	}
615
616	0	iv[n] = output++ = (unsigned char) (iv[n] ^ input++);
617
618	0	n = (n + 1) & 0x0F;
619	0	}
620	0	}
621
622	0	*iv_off = n;
623
624	0	return 0;
625	0	}
626		#endif /* MBEDTLS_CIPHER_MODE_CFB */
627
628		#if defined(MBEDTLS_CIPHER_MODE_CTR)
629		/*
630		* Camellia-CTR buffer encryption/decryption
631		*/
632		int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
633		size_t length,
634		size_t *nc_off,
635		unsigned char nonce_counter[16],
636		unsigned char stream_block[16],
637		const unsigned char *input,
638		unsigned char *output)
639	0	{
640	0	int c, i;
641	0	size_t n;
642
643	0	n = *nc_off;
644	0	if (n >= 16) {
645	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
646	0	}
647
648	0	while (length--) {
649	0	if (n == 0) {
650	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
651	0	stream_block);
652
653	0	for (i = 16; i > 0; i--) {
654	0	if (++nonce_counter[i - 1] != 0) {
655	0	break;
656	0	}
657	0	}
658	0	}
659	0	c = *input++;
660	0	*output++ = (unsigned char) (c ^ stream_block[n]);
661
662	0	n = (n + 1) & 0x0F;
663	0	}
664
665	0	*nc_off = n;
666
667	0	return 0;
668	0	}
669		#endif /* MBEDTLS_CIPHER_MODE_CTR */
670		#endif /* !MBEDTLS_CAMELLIA_ALT */
671
672		#if defined(MBEDTLS_SELF_TEST)
673
674		/*
675		* Camellia test vectors from:
676		*
677		* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
678		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
679		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
680		* (For each bitlength: Key 0, Nr 39)
681		*/
682	0	#define CAMELLIA_TESTS_ECB 2
683
684		static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
685		{
686		{
687		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
688		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
689		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
690		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
691		},
692		{
693		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
694		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
695		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
696		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699		},
700		{
701		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
702		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
703		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
704		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
705		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
708		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
709		},
710		};
711
712		static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
713		{
714		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
715		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
716		{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
717		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718		};
719
720		static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
721		{
722		{
723		{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
724		0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
725		{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
726		0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
727		},
728		{
729		{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
730		0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
731		{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
732		0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
733		},
734		{
735		{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
736		0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
737		{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
738		0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
739		}
740		};
741
742		#if defined(MBEDTLS_CIPHER_MODE_CBC)
743	0	#define CAMELLIA_TESTS_CBC 3
744
745		static const unsigned char camellia_test_cbc_key[3][32] =
746		{
747		{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
748		0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
749		,
750		{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
751		0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
752		0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
753		,
754		{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
755		0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
756		0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
757		0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
758		};
759
760		static const unsigned char camellia_test_cbc_iv[16] =
761
762		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
763		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
764		;
765
766		static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
767		{
768		{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
769		0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
770		{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
771		0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
772		{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
773		0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
774
775		};
776
777		static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
778		{
779		{
780		{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
781		0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
782		{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
783		0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
784		{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
785		0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
786		},
787		{
788		{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
789		0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
790		{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
791		0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
792		{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
793		0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
794		},
795		{
796		{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
797		0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
798		{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
799		0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
800		{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
801		0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
802		}
803		};
804		#endif /* MBEDTLS_CIPHER_MODE_CBC */
805
806		#if defined(MBEDTLS_CIPHER_MODE_CTR)
807		/*
808		* Camellia-CTR test vectors from:
809		*
810		* http://www.faqs.org/rfcs/rfc5528.html
811		*/
812
813		static const unsigned char camellia_test_ctr_key[3][16] =
814		{
815		{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
816		0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
817		{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
818		0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
819		{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
820		0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
821		};
822
823		static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
824		{
825		{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
826		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
827		{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
828		0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
829		{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
830		0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
831		};
832
833		static const unsigned char camellia_test_ctr_pt[3][48] =
834		{
835		{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
836		0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
837
838		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
842
843		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
844		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
845		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
846		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
847		0x20, 0x21, 0x22, 0x23 }
848		};
849
850		static const unsigned char camellia_test_ctr_ct[3][48] =
851		{
852		{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
853		0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
854		{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
855		0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
856		0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
857		0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
858		{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
859		0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
860		0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
861		0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
862		0xDF, 0x50, 0x86, 0x96 }
863		};
864
865		static const int camellia_test_ctr_len[3] =
866		{ 16, 32, 36 };
867		#endif /* MBEDTLS_CIPHER_MODE_CTR */
868
869		/*
870		* Checkup routine
871		*/
872		int mbedtls_camellia_self_test(int verbose)
873	0	{
874	0	int i, j, u, v;
875	0	unsigned char key[32];
876	0	unsigned char buf[64];
877	0	unsigned char src[16];
878	0	unsigned char dst[16];
879	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
880	0	unsigned char iv[16];
881	0	#endif
882	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
883	0	size_t offset, len;
884	0	unsigned char nonce_counter[16];
885	0	unsigned char stream_block[16];
886	0	#endif
887	0	int ret = 1;
888
889	0	mbedtls_camellia_context ctx;
890
891	0	mbedtls_camellia_init(&ctx);
892	0	memset(key, 0, 32);
893
894	0	for (j = 0; j < 6; j++) {
895	0	u = j >> 1;
896	0	v = j & 1;
897
898	0	if (verbose != 0) {
899	0	mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
900	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
901	0	}
902
903	0	for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
904	0	memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
905
906	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908	0	memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909	0	memcpy(dst, camellia_test_ecb_plain[i], 16);
910	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
911	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
912	0	memcpy(src, camellia_test_ecb_plain[i], 16);
913	0	memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
914	0	}
915
916	0	mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
917
918	0	if (memcmp(buf, dst, 16) != 0) {
919	0	if (verbose != 0) {
920	0	mbedtls_printf("failed\n");
921	0	}
922	0	goto exit;
923	0	}
924	0	}
925
926	0	if (verbose != 0) {
927	0	mbedtls_printf("passed\n");
928	0	}
929	0	}
930
931	0	if (verbose != 0) {
932	0	mbedtls_printf("\n");
933	0	}
934
935	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
936		/*
937		* CBC mode
938		*/
939	0	for (j = 0; j < 6; j++) {
940	0	u = j >> 1;
941	0	v = j & 1;
942
943	0	if (verbose != 0) {
944	0	mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
945	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
946	0	}
947
948	0	memcpy(src, camellia_test_cbc_iv, 16);
949	0	memcpy(dst, camellia_test_cbc_iv, 16);
950	0	memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
951
952	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
953	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
954	0	} else {
955	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
956	0	}
957
958	0	for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
959
960	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
961	0	memcpy(iv, src, 16);
962	0	memcpy(src, camellia_test_cbc_cipher[u][i], 16);
963	0	memcpy(dst, camellia_test_cbc_plain[i], 16);
964	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
965	0	memcpy(iv, dst, 16);
966	0	memcpy(src, camellia_test_cbc_plain[i], 16);
967	0	memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
968	0	}
969
970	0	mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
971
972	0	if (memcmp(buf, dst, 16) != 0) {
973	0	if (verbose != 0) {
974	0	mbedtls_printf("failed\n");
975	0	}
976	0	goto exit;
977	0	}
978	0	}
979
980	0	if (verbose != 0) {
981	0	mbedtls_printf("passed\n");
982	0	}
983	0	}
984	0	#endif /* MBEDTLS_CIPHER_MODE_CBC */
985
986	0	if (verbose != 0) {
987	0	mbedtls_printf("\n");
988	0	}
989
990	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
991		/*
992		* CTR mode
993		*/
994	0	for (i = 0; i < 6; i++) {
995	0	u = i >> 1;
996	0	v = i & 1;
997
998	0	if (verbose != 0) {
999	0	mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1000	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1001	0	}
1002
1003	0	memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1004	0	memcpy(key, camellia_test_ctr_key[u], 16);
1005
1006	0	offset = 0;
1007	0	mbedtls_camellia_setkey_enc(&ctx, key, 128);
1008
1009	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1010	0	len = camellia_test_ctr_len[u];
1011	0	memcpy(buf, camellia_test_ctr_ct[u], len);
1012
1013	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1014	0	buf, buf);
1015
1016	0	if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1017	0	if (verbose != 0) {
1018	0	mbedtls_printf("failed\n");
1019	0	}
1020	0	goto exit;
1021	0	}
1022	0	} else {
1023	0	len = camellia_test_ctr_len[u];
1024	0	memcpy(buf, camellia_test_ctr_pt[u], len);
1025
1026	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1027	0	buf, buf);
1028
1029	0	if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1030	0	if (verbose != 0) {
1031	0	mbedtls_printf("failed\n");
1032	0	}
1033	0	goto exit;
1034	0	}
1035	0	}
1036
1037	0	if (verbose != 0) {
1038	0	mbedtls_printf("passed\n");
1039	0	}
1040	0	}
1041
1042	0	if (verbose != 0) {
1043	0	mbedtls_printf("\n");
1044	0	}
1045	0	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1046
1047	0	ret = 0;
1048
1049	0	exit:
1050	0	mbedtls_camellia_free(&ctx);
1051	0	return ret;
1052	0	}
1053
1054		#endif /* MBEDTLS_SELF_TEST */
1055
1056		#endif /* MBEDTLS_CAMELLIA_C */

Coverage Report

Created: 2024-01-21 07:01