/src/libgcrypt/cipher/camellia-glue.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* camellia-glue.c - Glue for the Camellia cipher |
2 | | * Copyright (C) 2007 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of Libgcrypt. |
5 | | * |
6 | | * Libgcrypt is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as |
8 | | * published by the Free Software Foundation; either version 2.1 of |
9 | | * the License, or (at your option) any later version. |
10 | | * |
11 | | * Libgcrypt is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public |
17 | | * License along with this program; if not, see <https://www.gnu.org/licenses/>. |
18 | | * SPDX-License-Identifier: LGPL-2.1-or-later |
19 | | */ |
20 | | |
21 | | /* I put all the libgcrypt-specific stuff in this file to keep the |
22 | | camellia.c/camellia.h files exactly as provided by NTT. If they |
23 | | update their code, this should make it easier to bring the changes |
24 | | in. - dshaw |
25 | | |
26 | | There is one small change which needs to be done: Include the |
27 | | following code at the top of camellia.h: */ |
28 | | #if 0 |
29 | | |
30 | | /* To use Camellia with libraries it is often useful to keep the name |
31 | | * space of the library clean. The following macro is thus useful: |
32 | | * |
33 | | * #define CAMELLIA_EXT_SYM_PREFIX foo_ |
34 | | * |
35 | | * This prefixes all external symbols with "foo_". |
36 | | */ |
37 | | #ifdef HAVE_CONFIG_H |
38 | | #include <config.h> |
39 | | #endif |
40 | | #ifdef CAMELLIA_EXT_SYM_PREFIX |
41 | | #define CAMELLIA_PREFIX1(x,y) x ## y |
42 | | #define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y) |
43 | | #define CAMELLIA_PREFIX(x) CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x) |
44 | | #define Camellia_Ekeygen CAMELLIA_PREFIX(Camellia_Ekeygen) |
45 | | #define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock) |
46 | | #define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock) |
47 | | #define camellia_decrypt128 CAMELLIA_PREFIX(camellia_decrypt128) |
48 | | #define camellia_decrypt256 CAMELLIA_PREFIX(camellia_decrypt256) |
49 | | #define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128) |
50 | | #define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256) |
51 | | #define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128) |
52 | | #define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192) |
53 | | #define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256) |
54 | | #endif /*CAMELLIA_EXT_SYM_PREFIX*/ |
55 | | |
56 | | #endif /* Code sample. */ |
57 | | |
58 | | |
59 | | #include <config.h> |
60 | | #include "types.h" |
61 | | #include "g10lib.h" |
62 | | #include "cipher.h" |
63 | | #include "camellia.h" |
64 | | #include "bufhelp.h" |
65 | | #include "cipher-internal.h" |
66 | | #include "bulkhelp.h" |
67 | | |
68 | | /* Helper macro to force alignment to 16 bytes. */ |
69 | | #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED |
70 | | # define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) |
71 | | #else |
72 | | # define ATTR_ALIGNED_16 |
73 | | #endif |
74 | | |
75 | | /* USE_AESNI inidicates whether to compile with Intel AES-NI/AVX code. */ |
76 | | #undef USE_AESNI_AVX |
77 | | #if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT) |
78 | | # if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ |
79 | | defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) |
80 | | # define USE_AESNI_AVX 1 |
81 | | # endif |
82 | | #endif |
83 | | |
84 | | /* USE_AESNI_AVX2 inidicates whether to compile with Intel AES-NI/AVX2 code. */ |
85 | | #undef USE_AESNI_AVX2 |
86 | | #if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT) |
87 | | # if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ |
88 | | defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) |
89 | | # define USE_AESNI_AVX2 1 |
90 | | # endif |
91 | | #endif |
92 | | |
93 | | /* USE_VAES_AVX2 inidicates whether to compile with Intel VAES/AVX2 code. */ |
94 | | #undef USE_VAES_AVX2 |
95 | | #if defined(USE_AESNI_AVX2) && defined(HAVE_GCC_INLINE_ASM_VAES_VPCLMUL) |
96 | | # define USE_VAES_AVX2 1 |
97 | | #endif |
98 | | |
99 | | /* USE_GFNI_AVX2 inidicates whether to compile with Intel GFNI/AVX2 code. */ |
100 | | #undef USE_GFNI_AVX2 |
101 | | #if defined(USE_AESNI_AVX2) && defined(ENABLE_GFNI_SUPPORT) |
102 | | # define USE_GFNI_AVX2 1 |
103 | | #endif |
104 | | |
105 | | /* USE_GFNI_AVX512 inidicates whether to compile with Intel GFNI/AVX512 code. */ |
106 | | #undef USE_GFNI_AVX512 |
107 | | #if defined(USE_GFNI_AVX2) && defined(ENABLE_AVX512_SUPPORT) |
108 | | # define USE_GFNI_AVX512 1 |
109 | | #endif |
110 | | |
111 | | /* USE_PPC_CRYPTO indicates whether to enable PowerPC vector crypto |
112 | | * accelerated code. */ |
113 | | #undef USE_PPC_CRYPTO |
114 | | #if !defined(WORDS_BIGENDIAN) && defined(ENABLE_PPC_CRYPTO_SUPPORT) && \ |
115 | | defined(HAVE_COMPATIBLE_CC_PPC_ALTIVEC) && \ |
116 | | defined(HAVE_GCC_INLINE_ASM_PPC_ALTIVEC) && \ |
117 | | (SIZEOF_UNSIGNED_LONG == 8) && (__GNUC__ >= 4) |
118 | | # define USE_PPC_CRYPTO 1 |
119 | | #endif |
120 | | |
121 | | /* USE_AARCH64_CE indicates whether to enable ARMv8/CE accelerated code. */ |
122 | | #undef USE_AARCH64_CE |
123 | | #if defined(__AARCH64EL__) && \ |
124 | | defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) && \ |
125 | | defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO) && \ |
126 | | defined(HAVE_COMPATIBLE_CC_AARCH64_NEON_INTRINSICS) && \ |
127 | | (__GNUC__ >= 4) |
128 | | # define USE_AARCH64_CE 1 |
129 | | #endif |
130 | | |
131 | | typedef struct |
132 | | { |
133 | | KEY_TABLE_TYPE keytable; |
134 | | int keybitlength; |
135 | | #ifdef USE_AESNI_AVX |
136 | | unsigned int use_aesni_avx:1; /* AES-NI/AVX implementation shall be used. */ |
137 | | #endif /*USE_AESNI_AVX*/ |
138 | | #ifdef USE_AESNI_AVX2 |
139 | | unsigned int use_avx2:1; /* If any of AVX2 implementation is enabled. */ |
140 | | unsigned int use_aesni_avx2:1;/* AES-NI/AVX2 implementation shall be used. */ |
141 | | unsigned int use_vaes_avx2:1; /* VAES/AVX2 implementation shall be used. */ |
142 | | unsigned int use_gfni_avx2:1; /* GFNI/AVX2 implementation shall be used. */ |
143 | | unsigned int use_gfni_avx512:1; /* GFNI/AVX512 implementation shall be used. */ |
144 | | #endif /*USE_AESNI_AVX2*/ |
145 | | #ifdef USE_PPC_CRYPTO |
146 | | unsigned int use_ppc:1; |
147 | | unsigned int use_ppc8:1; |
148 | | unsigned int use_ppc9:1; |
149 | | #endif /*USE_PPC_CRYPTO*/ |
150 | | #ifdef USE_AARCH64_CE |
151 | | unsigned int use_aarch64ce:1; |
152 | | #endif /*USE_AARCH64_CE*/ |
153 | | } CAMELLIA_context; |
154 | | |
155 | | /* Assembly implementations use SystemV ABI, ABI conversion and additional |
156 | | * stack to store XMM6-XMM15 needed on Win64. */ |
157 | | #undef ASM_FUNC_ABI |
158 | | #undef ASM_EXTRA_STACK |
159 | | #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2) |
160 | | # ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS |
161 | | # define ASM_FUNC_ABI __attribute__((sysv_abi)) |
162 | | # define ASM_EXTRA_STACK (10 * 16) |
163 | | # else |
164 | | # define ASM_FUNC_ABI |
165 | | # define ASM_EXTRA_STACK 0 |
166 | | # endif |
167 | | #endif |
168 | | |
169 | | #ifdef USE_AESNI_AVX |
170 | | /* Assembler implementations of Camellia using AES-NI and AVX. Process data |
171 | | in 16 blocks same time. |
172 | | */ |
173 | | extern void _gcry_camellia_aesni_avx_ctr_enc(CAMELLIA_context *ctx, |
174 | | unsigned char *out, |
175 | | const unsigned char *in, |
176 | | unsigned char *ctr) ASM_FUNC_ABI; |
177 | | |
178 | | extern void _gcry_camellia_aesni_avx_cbc_dec(CAMELLIA_context *ctx, |
179 | | unsigned char *out, |
180 | | const unsigned char *in, |
181 | | unsigned char *iv) ASM_FUNC_ABI; |
182 | | |
183 | | extern void _gcry_camellia_aesni_avx_cfb_dec(CAMELLIA_context *ctx, |
184 | | unsigned char *out, |
185 | | const unsigned char *in, |
186 | | unsigned char *iv) ASM_FUNC_ABI; |
187 | | |
188 | | extern void _gcry_camellia_aesni_avx_ocb_enc(CAMELLIA_context *ctx, |
189 | | unsigned char *out, |
190 | | const unsigned char *in, |
191 | | unsigned char *offset, |
192 | | unsigned char *checksum, |
193 | | const u64 Ls[16]) ASM_FUNC_ABI; |
194 | | |
195 | | extern void _gcry_camellia_aesni_avx_ocb_dec(CAMELLIA_context *ctx, |
196 | | unsigned char *out, |
197 | | const unsigned char *in, |
198 | | unsigned char *offset, |
199 | | unsigned char *checksum, |
200 | | const u64 Ls[16]) ASM_FUNC_ABI; |
201 | | |
202 | | extern void _gcry_camellia_aesni_avx_ocb_auth(CAMELLIA_context *ctx, |
203 | | const unsigned char *abuf, |
204 | | unsigned char *offset, |
205 | | unsigned char *checksum, |
206 | | const u64 Ls[16]) ASM_FUNC_ABI; |
207 | | |
208 | | extern void _gcry_camellia_aesni_avx_keygen(CAMELLIA_context *ctx, |
209 | | const unsigned char *key, |
210 | | unsigned int keylen) ASM_FUNC_ABI; |
211 | | |
212 | | extern void _gcry_camellia_aesni_avx_ecb_enc(const CAMELLIA_context *ctx, |
213 | | unsigned char *out, |
214 | | const unsigned char *in) |
215 | | ASM_FUNC_ABI; |
216 | | |
217 | | extern void _gcry_camellia_aesni_avx_ecb_dec(const CAMELLIA_context *ctx, |
218 | | unsigned char *out, |
219 | | const unsigned char *in) |
220 | | ASM_FUNC_ABI; |
221 | | |
222 | | static const int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 16 + |
223 | | 2 * sizeof(void *) + ASM_EXTRA_STACK; |
224 | | |
225 | | #endif |
226 | | |
227 | | #ifdef USE_AESNI_AVX2 |
228 | | /* Assembler implementations of Camellia using AES-NI and AVX2. Process data |
229 | | in 32 blocks same time. |
230 | | */ |
231 | | extern void _gcry_camellia_aesni_avx2_ctr_enc(CAMELLIA_context *ctx, |
232 | | unsigned char *out, |
233 | | const unsigned char *in, |
234 | | unsigned char *ctr) ASM_FUNC_ABI; |
235 | | |
236 | | extern void _gcry_camellia_aesni_avx2_cbc_dec(CAMELLIA_context *ctx, |
237 | | unsigned char *out, |
238 | | const unsigned char *in, |
239 | | unsigned char *iv) ASM_FUNC_ABI; |
240 | | |
241 | | extern void _gcry_camellia_aesni_avx2_cfb_dec(CAMELLIA_context *ctx, |
242 | | unsigned char *out, |
243 | | const unsigned char *in, |
244 | | unsigned char *iv) ASM_FUNC_ABI; |
245 | | |
246 | | extern void _gcry_camellia_aesni_avx2_ocb_enc(CAMELLIA_context *ctx, |
247 | | unsigned char *out, |
248 | | const unsigned char *in, |
249 | | unsigned char *offset, |
250 | | unsigned char *checksum, |
251 | | const u64 Ls[32]) ASM_FUNC_ABI; |
252 | | |
253 | | extern void _gcry_camellia_aesni_avx2_ocb_dec(CAMELLIA_context *ctx, |
254 | | unsigned char *out, |
255 | | const unsigned char *in, |
256 | | unsigned char *offset, |
257 | | unsigned char *checksum, |
258 | | const u64 Ls[32]) ASM_FUNC_ABI; |
259 | | |
260 | | extern void _gcry_camellia_aesni_avx2_ocb_auth(CAMELLIA_context *ctx, |
261 | | const unsigned char *abuf, |
262 | | unsigned char *offset, |
263 | | unsigned char *checksum, |
264 | | const u64 Ls[32]) ASM_FUNC_ABI; |
265 | | |
266 | | extern void _gcry_camellia_aesni_avx2_enc_blk1_32(const CAMELLIA_context *ctx, |
267 | | unsigned char *out, |
268 | | const unsigned char *in, |
269 | | unsigned int nblocks) |
270 | | ASM_FUNC_ABI; |
271 | | |
272 | | extern void _gcry_camellia_aesni_avx2_dec_blk1_32(const CAMELLIA_context *ctx, |
273 | | unsigned char *out, |
274 | | const unsigned char *in, |
275 | | unsigned int nblocks) |
276 | | ASM_FUNC_ABI; |
277 | | |
278 | | static const int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 + |
279 | | 2 * sizeof(void *) + ASM_EXTRA_STACK; |
280 | | |
281 | | #endif |
282 | | |
283 | | #ifdef USE_VAES_AVX2 |
284 | | /* Assembler implementations of Camellia using VAES and AVX2. Process data |
285 | | in 32 blocks same time. |
286 | | */ |
287 | | extern void _gcry_camellia_vaes_avx2_ctr_enc(CAMELLIA_context *ctx, |
288 | | unsigned char *out, |
289 | | const unsigned char *in, |
290 | | unsigned char *ctr) ASM_FUNC_ABI; |
291 | | |
292 | | extern void _gcry_camellia_vaes_avx2_cbc_dec(CAMELLIA_context *ctx, |
293 | | unsigned char *out, |
294 | | const unsigned char *in, |
295 | | unsigned char *iv) ASM_FUNC_ABI; |
296 | | |
297 | | extern void _gcry_camellia_vaes_avx2_cfb_dec(CAMELLIA_context *ctx, |
298 | | unsigned char *out, |
299 | | const unsigned char *in, |
300 | | unsigned char *iv) ASM_FUNC_ABI; |
301 | | |
302 | | extern void _gcry_camellia_vaes_avx2_ocb_enc(CAMELLIA_context *ctx, |
303 | | unsigned char *out, |
304 | | const unsigned char *in, |
305 | | unsigned char *offset, |
306 | | unsigned char *checksum, |
307 | | const u64 Ls[32]) ASM_FUNC_ABI; |
308 | | |
309 | | extern void _gcry_camellia_vaes_avx2_ocb_dec(CAMELLIA_context *ctx, |
310 | | unsigned char *out, |
311 | | const unsigned char *in, |
312 | | unsigned char *offset, |
313 | | unsigned char *checksum, |
314 | | const u64 Ls[32]) ASM_FUNC_ABI; |
315 | | |
316 | | extern void _gcry_camellia_vaes_avx2_ocb_auth(CAMELLIA_context *ctx, |
317 | | const unsigned char *abuf, |
318 | | unsigned char *offset, |
319 | | unsigned char *checksum, |
320 | | const u64 Ls[32]) ASM_FUNC_ABI; |
321 | | |
322 | | extern void _gcry_camellia_vaes_avx2_enc_blk1_32(const CAMELLIA_context *ctx, |
323 | | unsigned char *out, |
324 | | const unsigned char *in, |
325 | | unsigned int nblocks) |
326 | | ASM_FUNC_ABI; |
327 | | |
328 | | extern void _gcry_camellia_vaes_avx2_dec_blk1_32(const CAMELLIA_context *ctx, |
329 | | unsigned char *out, |
330 | | const unsigned char *in, |
331 | | unsigned int nblocks) |
332 | | ASM_FUNC_ABI; |
333 | | #endif |
334 | | |
335 | | #ifdef USE_GFNI_AVX2 |
336 | | /* Assembler implementations of Camellia using GFNI and AVX2. Process data |
337 | | in 32 blocks same time. |
338 | | */ |
339 | | extern void _gcry_camellia_gfni_avx2_ctr_enc(CAMELLIA_context *ctx, |
340 | | unsigned char *out, |
341 | | const unsigned char *in, |
342 | | unsigned char *ctr) ASM_FUNC_ABI; |
343 | | |
344 | | extern void _gcry_camellia_gfni_avx2_cbc_dec(CAMELLIA_context *ctx, |
345 | | unsigned char *out, |
346 | | const unsigned char *in, |
347 | | unsigned char *iv) ASM_FUNC_ABI; |
348 | | |
349 | | extern void _gcry_camellia_gfni_avx2_cfb_dec(CAMELLIA_context *ctx, |
350 | | unsigned char *out, |
351 | | const unsigned char *in, |
352 | | unsigned char *iv) ASM_FUNC_ABI; |
353 | | |
354 | | extern void _gcry_camellia_gfni_avx2_ocb_enc(CAMELLIA_context *ctx, |
355 | | unsigned char *out, |
356 | | const unsigned char *in, |
357 | | unsigned char *offset, |
358 | | unsigned char *checksum, |
359 | | const u64 Ls[32]) ASM_FUNC_ABI; |
360 | | |
361 | | extern void _gcry_camellia_gfni_avx2_ocb_dec(CAMELLIA_context *ctx, |
362 | | unsigned char *out, |
363 | | const unsigned char *in, |
364 | | unsigned char *offset, |
365 | | unsigned char *checksum, |
366 | | const u64 Ls[32]) ASM_FUNC_ABI; |
367 | | |
368 | | extern void _gcry_camellia_gfni_avx2_ocb_auth(CAMELLIA_context *ctx, |
369 | | const unsigned char *abuf, |
370 | | unsigned char *offset, |
371 | | unsigned char *checksum, |
372 | | const u64 Ls[32]) ASM_FUNC_ABI; |
373 | | |
374 | | extern void _gcry_camellia_gfni_avx2_enc_blk1_32(const CAMELLIA_context *ctx, |
375 | | unsigned char *out, |
376 | | const unsigned char *in, |
377 | | unsigned int nblocks) |
378 | | ASM_FUNC_ABI; |
379 | | |
380 | | extern void _gcry_camellia_gfni_avx2_dec_blk1_32(const CAMELLIA_context *ctx, |
381 | | unsigned char *out, |
382 | | const unsigned char *in, |
383 | | unsigned int nblocks) |
384 | | ASM_FUNC_ABI; |
385 | | #endif |
386 | | |
387 | | #ifdef USE_GFNI_AVX512 |
388 | | /* Assembler implementations of Camellia using GFNI and AVX512. Process data |
389 | | in 64 blocks same time. |
390 | | */ |
391 | | extern void _gcry_camellia_gfni_avx512_ctr_enc(CAMELLIA_context *ctx, |
392 | | unsigned char *out, |
393 | | const unsigned char *in, |
394 | | unsigned char *ctr) ASM_FUNC_ABI; |
395 | | |
396 | | extern void _gcry_camellia_gfni_avx512_cbc_dec(CAMELLIA_context *ctx, |
397 | | unsigned char *out, |
398 | | const unsigned char *in, |
399 | | unsigned char *iv) ASM_FUNC_ABI; |
400 | | |
401 | | extern void _gcry_camellia_gfni_avx512_cfb_dec(CAMELLIA_context *ctx, |
402 | | unsigned char *out, |
403 | | const unsigned char *in, |
404 | | unsigned char *iv) ASM_FUNC_ABI; |
405 | | |
406 | | extern void _gcry_camellia_gfni_avx512_ocb_enc(CAMELLIA_context *ctx, |
407 | | unsigned char *out, |
408 | | const unsigned char *in, |
409 | | unsigned char *offset, |
410 | | unsigned char *checksum, |
411 | | const u64 Ls[32]) ASM_FUNC_ABI; |
412 | | |
413 | | extern void _gcry_camellia_gfni_avx512_ocb_dec(CAMELLIA_context *ctx, |
414 | | unsigned char *out, |
415 | | const unsigned char *in, |
416 | | unsigned char *offset, |
417 | | unsigned char *checksum, |
418 | | const u64 Ls[32]) ASM_FUNC_ABI; |
419 | | |
420 | | extern void _gcry_camellia_gfni_avx512_enc_blk64(const CAMELLIA_context *ctx, |
421 | | unsigned char *out, |
422 | | const unsigned char *in) |
423 | | ASM_FUNC_ABI; |
424 | | |
425 | | extern void _gcry_camellia_gfni_avx512_dec_blk64(const CAMELLIA_context *ctx, |
426 | | unsigned char *out, |
427 | | const unsigned char *in) |
428 | | ASM_FUNC_ABI; |
429 | | |
430 | | /* Stack not used by AVX512 implementation. */ |
431 | | static const int avx512_burn_stack_depth = 0; |
432 | | #endif |
433 | | |
434 | | #ifdef USE_PPC_CRYPTO |
435 | | extern void _gcry_camellia_ppc8_encrypt_blk16(const void *key_table, |
436 | | void *out, |
437 | | const void *in, |
438 | | int key_length); |
439 | | |
440 | | extern void _gcry_camellia_ppc8_decrypt_blk16(const void *key_table, |
441 | | void *out, |
442 | | const void *in, |
443 | | int key_length); |
444 | | |
445 | | extern void _gcry_camellia_ppc9_encrypt_blk16(const void *key_table, |
446 | | void *out, |
447 | | const void *in, |
448 | | int key_length); |
449 | | |
450 | | extern void _gcry_camellia_ppc9_decrypt_blk16(const void *key_table, |
451 | | void *out, |
452 | | const void *in, |
453 | | int key_length); |
454 | | |
455 | | extern void _gcry_camellia_ppc8_keygen(void *key_table, const void *vkey, |
456 | | unsigned int keylen); |
457 | | |
458 | | extern void _gcry_camellia_ppc9_keygen(void *key_table, const void *vkey, |
459 | | unsigned int keylen); |
460 | | |
461 | | void camellia_ppc_enc_blk16(const CAMELLIA_context *ctx, unsigned char *out, |
462 | | const unsigned char *in) |
463 | | { |
464 | | if (ctx->use_ppc9) |
465 | | _gcry_camellia_ppc9_encrypt_blk16 (ctx->keytable, out, in, |
466 | | ctx->keybitlength / 8); |
467 | | else |
468 | | _gcry_camellia_ppc8_encrypt_blk16 (ctx->keytable, out, in, |
469 | | ctx->keybitlength / 8); |
470 | | } |
471 | | |
472 | | void camellia_ppc_dec_blk16(const CAMELLIA_context *ctx, unsigned char *out, |
473 | | const unsigned char *in) |
474 | | { |
475 | | if (ctx->use_ppc9) |
476 | | _gcry_camellia_ppc9_decrypt_blk16 (ctx->keytable, out, in, |
477 | | ctx->keybitlength / 8); |
478 | | else |
479 | | _gcry_camellia_ppc8_decrypt_blk16 (ctx->keytable, out, in, |
480 | | ctx->keybitlength / 8); |
481 | | } |
482 | | |
483 | | static const int ppc_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 16 + |
484 | | 2 * sizeof(void *); |
485 | | #endif /*USE_PPC_CRYPTO*/ |
486 | | |
487 | | #ifdef USE_AARCH64_CE |
488 | | extern void _gcry_camellia_aarch64ce_encrypt_blk16(const void *key_table, |
489 | | void *out, const void *in, |
490 | | int key_length); |
491 | | |
492 | | extern void _gcry_camellia_aarch64ce_decrypt_blk16(const void *key_table, |
493 | | void *out, const void *in, |
494 | | int key_length); |
495 | | |
496 | | extern void _gcry_camellia_aarch64ce_keygen(void *key_table, const void *vkey, |
497 | | unsigned int keylen); |
498 | | |
499 | | void camellia_aarch64ce_enc_blk16(const CAMELLIA_context *ctx, |
500 | | unsigned char *out, const unsigned char *in) |
501 | | { |
502 | | _gcry_camellia_aarch64ce_encrypt_blk16 (ctx->keytable, out, in, |
503 | | ctx->keybitlength / 8); |
504 | | } |
505 | | |
506 | | void camellia_aarch64ce_dec_blk16(const CAMELLIA_context *ctx, |
507 | | unsigned char *out, const unsigned char *in) |
508 | | { |
509 | | _gcry_camellia_aarch64ce_decrypt_blk16 (ctx->keytable, out, in, |
510 | | ctx->keybitlength / 8); |
511 | | } |
512 | | |
513 | | static const int aarch64ce_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 16 + |
514 | | 2 * sizeof(void *); |
515 | | #endif /*USE_AARCH64_CE*/ |
516 | | |
517 | | static const char *selftest(void); |
518 | | |
519 | | static void _gcry_camellia_ctr_enc (void *context, unsigned char *ctr, |
520 | | void *outbuf_arg, const void *inbuf_arg, |
521 | | size_t nblocks); |
522 | | static void _gcry_camellia_cbc_dec (void *context, unsigned char *iv, |
523 | | void *outbuf_arg, const void *inbuf_arg, |
524 | | size_t nblocks); |
525 | | static void _gcry_camellia_cfb_dec (void *context, unsigned char *iv, |
526 | | void *outbuf_arg, const void *inbuf_arg, |
527 | | size_t nblocks); |
528 | | static void _gcry_camellia_xts_crypt (void *context, unsigned char *tweak, |
529 | | void *outbuf_arg, const void *inbuf_arg, |
530 | | size_t nblocks, int encrypt); |
531 | | static void _gcry_camellia_ecb_crypt (void *context, void *outbuf_arg, |
532 | | const void *inbuf_arg, size_t nblocks, |
533 | | int encrypt); |
534 | | static void _gcry_camellia_ctr32le_enc (void *context, unsigned char *ctr, |
535 | | void *outbuf_arg, const void *inbuf_arg, |
536 | | size_t nblocks); |
537 | | static size_t _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, |
538 | | const void *inbuf_arg, size_t nblocks, |
539 | | int encrypt); |
540 | | static size_t _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, |
541 | | size_t nblocks); |
542 | | |
543 | | static gcry_err_code_t |
544 | | camellia_setkey(void *c, const byte *key, unsigned keylen, |
545 | | cipher_bulk_ops_t *bulk_ops) |
546 | 89 | { |
547 | 89 | CAMELLIA_context *ctx=c; |
548 | 89 | static int initialized=0; |
549 | 89 | static const char *selftest_failed=NULL; |
550 | 89 | unsigned int hwf = _gcry_get_hw_features (); |
551 | | |
552 | 89 | (void)hwf; |
553 | | |
554 | 89 | if(keylen!=16 && keylen!=24 && keylen!=32) |
555 | 8 | return GPG_ERR_INV_KEYLEN; |
556 | | |
557 | 81 | if(!initialized) |
558 | 5 | { |
559 | 5 | initialized=1; |
560 | 5 | selftest_failed=selftest(); |
561 | 5 | if(selftest_failed) |
562 | 0 | log_error("%s\n",selftest_failed); |
563 | 5 | } |
564 | | |
565 | 81 | if(selftest_failed) |
566 | 0 | return GPG_ERR_SELFTEST_FAILED; |
567 | | |
568 | 81 | #ifdef USE_AESNI_AVX |
569 | 81 | ctx->use_aesni_avx = (hwf & HWF_INTEL_AESNI) && (hwf & HWF_INTEL_AVX); |
570 | 81 | #endif |
571 | 81 | #ifdef USE_AESNI_AVX2 |
572 | 81 | ctx->use_aesni_avx2 = (hwf & HWF_INTEL_AESNI) && (hwf & HWF_INTEL_AVX2); |
573 | 81 | ctx->use_vaes_avx2 = 0; |
574 | 81 | ctx->use_gfni_avx2 = 0; |
575 | 81 | ctx->use_gfni_avx512 = 0; |
576 | 81 | ctx->use_avx2 = ctx->use_aesni_avx2; |
577 | 81 | #endif |
578 | 81 | #ifdef USE_VAES_AVX2 |
579 | 81 | ctx->use_vaes_avx2 = (hwf & HWF_INTEL_VAES_VPCLMUL) && (hwf & HWF_INTEL_AVX2); |
580 | 81 | ctx->use_avx2 |= ctx->use_vaes_avx2; |
581 | 81 | #endif |
582 | 81 | #ifdef USE_GFNI_AVX2 |
583 | 81 | ctx->use_gfni_avx2 = (hwf & HWF_INTEL_GFNI) && (hwf & HWF_INTEL_AVX2); |
584 | 81 | ctx->use_avx2 |= ctx->use_gfni_avx2; |
585 | 81 | #endif |
586 | 81 | #ifdef USE_GFNI_AVX512 |
587 | 81 | ctx->use_gfni_avx512 = (hwf & HWF_INTEL_GFNI) && (hwf & HWF_INTEL_AVX512); |
588 | 81 | #endif |
589 | | #ifdef USE_PPC_CRYPTO |
590 | | ctx->use_ppc8 = (hwf & HWF_PPC_VCRYPTO) != 0; |
591 | | ctx->use_ppc9 = (hwf & HWF_PPC_VCRYPTO) && (hwf & HWF_PPC_ARCH_3_00); |
592 | | ctx->use_ppc = ctx->use_ppc8 || ctx->use_ppc9; |
593 | | #endif |
594 | | #ifdef USE_AARCH64_CE |
595 | | ctx->use_aarch64ce = (hwf & HWF_ARM_AES) != 0; |
596 | | #endif |
597 | | |
598 | 81 | ctx->keybitlength=keylen*8; |
599 | | |
600 | | /* Setup bulk encryption routines. */ |
601 | 81 | memset (bulk_ops, 0, sizeof(*bulk_ops)); |
602 | 81 | bulk_ops->cbc_dec = _gcry_camellia_cbc_dec; |
603 | 81 | bulk_ops->cfb_dec = _gcry_camellia_cfb_dec; |
604 | 81 | bulk_ops->ctr_enc = _gcry_camellia_ctr_enc; |
605 | 81 | bulk_ops->ocb_crypt = _gcry_camellia_ocb_crypt; |
606 | 81 | bulk_ops->ocb_auth = _gcry_camellia_ocb_auth; |
607 | 81 | bulk_ops->xts_crypt = _gcry_camellia_xts_crypt; |
608 | 81 | bulk_ops->ecb_crypt = _gcry_camellia_ecb_crypt; |
609 | 81 | bulk_ops->ctr32le_enc = _gcry_camellia_ctr32le_enc; |
610 | | |
611 | 81 | if (0) |
612 | 0 | { } |
613 | 81 | #ifdef USE_AESNI_AVX |
614 | 81 | else if (ctx->use_aesni_avx) |
615 | 81 | _gcry_camellia_aesni_avx_keygen(ctx, key, keylen); |
616 | 0 | #endif |
617 | | #ifdef USE_PPC_CRYPTO |
618 | | else if (ctx->use_ppc9) |
619 | | _gcry_camellia_ppc9_keygen(ctx->keytable, key, keylen); |
620 | | else if (ctx->use_ppc8) |
621 | | _gcry_camellia_ppc8_keygen(ctx->keytable, key, keylen); |
622 | | #endif |
623 | | #ifdef USE_AARCH64_CE |
624 | | else if (ctx->use_aarch64ce) |
625 | | _gcry_camellia_aarch64ce_keygen(ctx->keytable, key, keylen); |
626 | | #endif |
627 | 0 | else |
628 | 0 | { |
629 | 0 | Camellia_Ekeygen(ctx->keybitlength,key,ctx->keytable); |
630 | 0 | _gcry_burn_stack |
631 | 0 | ((19+34+34)*sizeof(u32)+2*sizeof(void*) /* camellia_setup256 */ |
632 | 0 | +(4+32)*sizeof(u32)+2*sizeof(void*) /* camellia_setup192 */ |
633 | 0 | +0+sizeof(int)+2*sizeof(void*) /* Camellia_Ekeygen */ |
634 | 0 | +3*2*sizeof(void*) /* Function calls. */ |
635 | 0 | ); |
636 | 0 | } |
637 | | |
638 | 81 | #ifdef USE_GFNI_AVX2 |
639 | 81 | if (ctx->use_gfni_avx2) |
640 | 0 | { |
641 | | /* Disable AESNI & VAES implementations when GFNI implementation is |
642 | | * enabled. */ |
643 | 0 | #ifdef USE_AESNI_AVX |
644 | 0 | ctx->use_aesni_avx = 0; |
645 | 0 | #endif |
646 | 0 | #ifdef USE_AESNI_AVX2 |
647 | 0 | ctx->use_aesni_avx2 = 0; |
648 | 0 | #endif |
649 | 0 | #ifdef USE_VAES_AVX2 |
650 | 0 | ctx->use_vaes_avx2 = 0; |
651 | 0 | #endif |
652 | 0 | } |
653 | 81 | #endif |
654 | | |
655 | 81 | return 0; |
656 | 81 | } |
657 | | |
658 | | #ifdef USE_ARM_ASM |
659 | | |
660 | | /* Assembly implementations of Camellia. */ |
661 | | extern void _gcry_camellia_arm_encrypt_block(const KEY_TABLE_TYPE keyTable, |
662 | | byte *outbuf, const byte *inbuf, |
663 | | const int keybits); |
664 | | |
665 | | extern void _gcry_camellia_arm_decrypt_block(const KEY_TABLE_TYPE keyTable, |
666 | | byte *outbuf, const byte *inbuf, |
667 | | const int keybits); |
668 | | |
669 | | static void Camellia_EncryptBlock(const int keyBitLength, |
670 | | const unsigned char *plaintext, |
671 | | const KEY_TABLE_TYPE keyTable, |
672 | | unsigned char *cipherText) |
673 | | { |
674 | | _gcry_camellia_arm_encrypt_block(keyTable, cipherText, plaintext, |
675 | | keyBitLength); |
676 | | } |
677 | | |
678 | | static void Camellia_DecryptBlock(const int keyBitLength, |
679 | | const unsigned char *cipherText, |
680 | | const KEY_TABLE_TYPE keyTable, |
681 | | unsigned char *plaintext) |
682 | | { |
683 | | _gcry_camellia_arm_decrypt_block(keyTable, plaintext, cipherText, |
684 | | keyBitLength); |
685 | | } |
686 | | |
687 | | #ifdef __aarch64__ |
688 | | # define CAMELLIA_encrypt_stack_burn_size (0) |
689 | | # define CAMELLIA_decrypt_stack_burn_size (0) |
690 | | #else |
691 | | # define CAMELLIA_encrypt_stack_burn_size (15*4) |
692 | | # define CAMELLIA_decrypt_stack_burn_size (15*4) |
693 | | #endif |
694 | | |
695 | | static unsigned int |
696 | | camellia_encrypt(void *c, byte *outbuf, const byte *inbuf) |
697 | | { |
698 | | CAMELLIA_context *ctx = c; |
699 | | Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); |
700 | | return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size); |
701 | | } |
702 | | |
703 | | static unsigned int |
704 | | camellia_decrypt(void *c, byte *outbuf, const byte *inbuf) |
705 | | { |
706 | | CAMELLIA_context *ctx=c; |
707 | | Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); |
708 | | return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size); |
709 | | } |
710 | | |
711 | | #else /*USE_ARM_ASM*/ |
712 | | |
713 | | static unsigned int |
714 | | camellia_encrypt(void *c, byte *outbuf, const byte *inbuf) |
715 | 6.39k | { |
716 | 6.39k | CAMELLIA_context *ctx=c; |
717 | | |
718 | 6.39k | Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); |
719 | | |
720 | 6.39k | #define CAMELLIA_encrypt_stack_burn_size \ |
721 | 6.39k | (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \ |
722 | 6.39k | +4*sizeof(u32)+4*sizeof(u32) \ |
723 | 6.39k | +2*sizeof(u32*)+4*sizeof(u32) \ |
724 | 6.39k | +2*2*sizeof(void*) /* Function calls. */ \ |
725 | 6.39k | ) |
726 | | |
727 | 6.39k | return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size); |
728 | 6.39k | } |
729 | | |
730 | | static unsigned int |
731 | | camellia_decrypt(void *c, byte *outbuf, const byte *inbuf) |
732 | 25 | { |
733 | 25 | CAMELLIA_context *ctx=c; |
734 | | |
735 | 25 | Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf); |
736 | | |
737 | 25 | #define CAMELLIA_decrypt_stack_burn_size \ |
738 | 25 | (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \ |
739 | 25 | +4*sizeof(u32)+4*sizeof(u32) \ |
740 | 25 | +2*sizeof(u32*)+4*sizeof(u32) \ |
741 | 25 | +2*2*sizeof(void*) /* Function calls. */ \ |
742 | 25 | ) |
743 | | |
744 | 25 | return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size); |
745 | 25 | } |
746 | | |
747 | | #endif /*!USE_ARM_ASM*/ |
748 | | |
749 | | |
750 | | static unsigned int |
751 | | camellia_encrypt_blk1_32 (void *priv, byte *outbuf, const byte *inbuf, |
752 | | size_t num_blks) |
753 | 1 | { |
754 | 1 | const CAMELLIA_context *ctx = priv; |
755 | 1 | unsigned int stack_burn_size = 0; |
756 | | |
757 | 1 | gcry_assert (num_blks <= 32); |
758 | | |
759 | 0 | #ifdef USE_GFNI_AVX2 |
760 | 1 | if (ctx->use_gfni_avx2 && num_blks >= 2) |
761 | 0 | { |
762 | | /* 2 or more parallel block GFNI processing is faster than |
763 | | * generic C implementation. */ |
764 | 0 | _gcry_camellia_gfni_avx2_enc_blk1_32 (ctx, outbuf, inbuf, num_blks); |
765 | 0 | return avx2_burn_stack_depth; |
766 | 0 | } |
767 | 1 | #endif |
768 | 1 | #ifdef USE_VAES_AVX2 |
769 | 1 | if (ctx->use_vaes_avx2 && num_blks >= 4) |
770 | 0 | { |
771 | | /* 4 or more parallel block VAES processing is faster than |
772 | | * generic C implementation. */ |
773 | 0 | _gcry_camellia_vaes_avx2_enc_blk1_32 (ctx, outbuf, inbuf, num_blks); |
774 | 0 | return avx2_burn_stack_depth; |
775 | 0 | } |
776 | 1 | #endif |
777 | 1 | #ifdef USE_AESNI_AVX2 |
778 | 1 | if (ctx->use_aesni_avx2 && num_blks >= 5) |
779 | 0 | { |
780 | | /* 5 or more parallel block AESNI processing is faster than |
781 | | * generic C implementation. */ |
782 | 0 | _gcry_camellia_aesni_avx2_enc_blk1_32 (ctx, outbuf, inbuf, num_blks); |
783 | 0 | return avx2_burn_stack_depth; |
784 | 0 | } |
785 | 1 | #endif |
786 | 1 | #ifdef USE_AESNI_AVX |
787 | 1 | while (ctx->use_aesni_avx && num_blks >= 16) |
788 | 0 | { |
789 | 0 | _gcry_camellia_aesni_avx_ecb_enc (ctx, outbuf, inbuf); |
790 | 0 | stack_burn_size = avx_burn_stack_depth; |
791 | 0 | outbuf += CAMELLIA_BLOCK_SIZE * 16; |
792 | 0 | inbuf += CAMELLIA_BLOCK_SIZE * 16; |
793 | 0 | num_blks -= 16; |
794 | 0 | } |
795 | 1 | #endif |
796 | | #ifdef USE_PPC_CRYPTO |
797 | | while (ctx->use_ppc && num_blks >= 16) |
798 | | { |
799 | | camellia_ppc_enc_blk16 (ctx, outbuf, inbuf); |
800 | | stack_burn_size = ppc_burn_stack_depth; |
801 | | outbuf += CAMELLIA_BLOCK_SIZE * 16; |
802 | | inbuf += CAMELLIA_BLOCK_SIZE * 16; |
803 | | num_blks -= 16; |
804 | | } |
805 | | #endif |
806 | | #ifdef USE_AARCH64_CE |
807 | | while (ctx->use_aarch64ce && num_blks >= 16) |
808 | | { |
809 | | camellia_aarch64ce_enc_blk16 (ctx, outbuf, inbuf); |
810 | | stack_burn_size = aarch64ce_burn_stack_depth; |
811 | | outbuf += CAMELLIA_BLOCK_SIZE * 16; |
812 | | inbuf += CAMELLIA_BLOCK_SIZE * 16; |
813 | | num_blks -= 16; |
814 | | } |
815 | | #endif |
816 | | |
817 | 5 | while (num_blks) |
818 | 4 | { |
819 | 4 | unsigned int nburn = camellia_encrypt((void *)ctx, outbuf, inbuf); |
820 | 4 | stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size; |
821 | 4 | outbuf += CAMELLIA_BLOCK_SIZE; |
822 | 4 | inbuf += CAMELLIA_BLOCK_SIZE; |
823 | 4 | num_blks--; |
824 | 4 | } |
825 | | |
826 | 1 | return stack_burn_size; |
827 | 1 | } |
828 | | |
829 | | static unsigned int |
830 | | camellia_encrypt_blk1_64 (void *priv, byte *outbuf, const byte *inbuf, |
831 | | size_t num_blks) |
832 | 0 | { |
833 | 0 | CAMELLIA_context *ctx = priv; |
834 | 0 | unsigned int stack_burn_size = 0; |
835 | 0 | unsigned int nburn; |
836 | |
|
837 | 0 | gcry_assert (num_blks <= 64); |
838 | | |
839 | 0 | #ifdef USE_GFNI_AVX512 |
840 | 0 | if (num_blks == 64 && ctx->use_gfni_avx512) |
841 | 0 | { |
842 | 0 | _gcry_camellia_gfni_avx512_enc_blk64 (ctx, outbuf, inbuf); |
843 | 0 | return avx512_burn_stack_depth; |
844 | 0 | } |
845 | 0 | #endif |
846 | | |
847 | 0 | do |
848 | 0 | { |
849 | 0 | unsigned int curr_blks = num_blks > 32 ? 32 : num_blks; |
850 | 0 | nburn = camellia_encrypt_blk1_32 (ctx, outbuf, inbuf, curr_blks); |
851 | 0 | stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size; |
852 | 0 | outbuf += curr_blks * 16; |
853 | 0 | inbuf += curr_blks * 16; |
854 | 0 | num_blks -= curr_blks; |
855 | 0 | } |
856 | 0 | while (num_blks > 0); |
857 | |
|
858 | 0 | return stack_burn_size; |
859 | 0 | } |
860 | | |
861 | | static unsigned int |
862 | | camellia_decrypt_blk1_32 (void *priv, byte *outbuf, const byte *inbuf, |
863 | | size_t num_blks) |
864 | 10 | { |
865 | 10 | const CAMELLIA_context *ctx = priv; |
866 | 10 | unsigned int stack_burn_size = 0; |
867 | | |
868 | 10 | gcry_assert (num_blks <= 32); |
869 | | |
870 | 0 | #ifdef USE_GFNI_AVX2 |
871 | 10 | if (ctx->use_gfni_avx2 && num_blks >= 2) |
872 | 0 | { |
873 | | /* 2 or more parallel block GFNI processing is faster than |
874 | | * generic C implementation. */ |
875 | 0 | _gcry_camellia_gfni_avx2_dec_blk1_32 (ctx, outbuf, inbuf, num_blks); |
876 | 0 | return avx2_burn_stack_depth; |
877 | 0 | } |
878 | 10 | #endif |
879 | 10 | #ifdef USE_VAES_AVX2 |
880 | 10 | if (ctx->use_vaes_avx2 && num_blks >= 4) |
881 | 0 | { |
882 | | /* 4 or more parallel block VAES processing is faster than |
883 | | * generic C implementation. */ |
884 | 0 | _gcry_camellia_vaes_avx2_dec_blk1_32 (ctx, outbuf, inbuf, num_blks); |
885 | 0 | return avx2_burn_stack_depth; |
886 | 0 | } |
887 | 10 | #endif |
888 | 10 | #ifdef USE_AESNI_AVX2 |
889 | 10 | if (ctx->use_aesni_avx2 && num_blks >= 5) |
890 | 0 | { |
891 | | /* 5 or more parallel block AESNI processing is faster than |
892 | | * generic C implementation. */ |
893 | 0 | _gcry_camellia_aesni_avx2_dec_blk1_32 (ctx, outbuf, inbuf, num_blks); |
894 | 0 | return avx2_burn_stack_depth; |
895 | 0 | } |
896 | 10 | #endif |
897 | 10 | #ifdef USE_AESNI_AVX |
898 | 10 | while (ctx->use_aesni_avx && num_blks >= 16) |
899 | 0 | { |
900 | 0 | _gcry_camellia_aesni_avx_ecb_dec (ctx, outbuf, inbuf); |
901 | 0 | stack_burn_size = avx_burn_stack_depth; |
902 | 0 | outbuf += CAMELLIA_BLOCK_SIZE * 16; |
903 | 0 | inbuf += CAMELLIA_BLOCK_SIZE * 16; |
904 | 0 | num_blks -= 16; |
905 | 0 | } |
906 | 10 | #endif |
907 | | #ifdef USE_PPC_CRYPTO |
908 | | while (ctx->use_ppc && num_blks >= 16) |
909 | | { |
910 | | camellia_ppc_dec_blk16 (ctx, outbuf, inbuf); |
911 | | stack_burn_size = ppc_burn_stack_depth; |
912 | | outbuf += CAMELLIA_BLOCK_SIZE * 16; |
913 | | inbuf += CAMELLIA_BLOCK_SIZE * 16; |
914 | | num_blks -= 16; |
915 | | } |
916 | | #endif |
917 | | #ifdef USE_AARCH64_CE |
918 | | while (ctx->use_aarch64ce && num_blks >= 16) |
919 | | { |
920 | | camellia_aarch64ce_dec_blk16 (ctx, outbuf, inbuf); |
921 | | stack_burn_size = aarch64ce_burn_stack_depth; |
922 | | outbuf += CAMELLIA_BLOCK_SIZE * 16; |
923 | | inbuf += CAMELLIA_BLOCK_SIZE * 16; |
924 | | num_blks -= 16; |
925 | | } |
926 | | #endif |
927 | | |
928 | 20 | while (num_blks) |
929 | 10 | { |
930 | 10 | unsigned int nburn = camellia_decrypt((void *)ctx, outbuf, inbuf); |
931 | 10 | stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size; |
932 | 10 | outbuf += CAMELLIA_BLOCK_SIZE; |
933 | 10 | inbuf += CAMELLIA_BLOCK_SIZE; |
934 | 10 | num_blks--; |
935 | 10 | } |
936 | | |
937 | 10 | return stack_burn_size; |
938 | 10 | } |
939 | | |
940 | | static unsigned int |
941 | | camellia_decrypt_blk1_64 (void *priv, byte *outbuf, const byte *inbuf, |
942 | | size_t num_blks) |
943 | 0 | { |
944 | 0 | CAMELLIA_context *ctx = priv; |
945 | 0 | unsigned int stack_burn_size = 0; |
946 | 0 | unsigned int nburn; |
947 | |
|
948 | 0 | gcry_assert (num_blks <= 64); |
949 | | |
950 | 0 | #ifdef USE_GFNI_AVX512 |
951 | 0 | if (num_blks == 64 && ctx->use_gfni_avx512) |
952 | 0 | { |
953 | 0 | _gcry_camellia_gfni_avx512_dec_blk64 (ctx, outbuf, inbuf); |
954 | 0 | return avx512_burn_stack_depth; |
955 | 0 | } |
956 | 0 | #endif |
957 | | |
958 | 0 | do |
959 | 0 | { |
960 | 0 | unsigned int curr_blks = num_blks > 32 ? 32 : num_blks; |
961 | 0 | nburn = camellia_decrypt_blk1_32 (ctx, outbuf, inbuf, curr_blks); |
962 | 0 | stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size; |
963 | 0 | outbuf += curr_blks * 16; |
964 | 0 | inbuf += curr_blks * 16; |
965 | 0 | num_blks -= curr_blks; |
966 | 0 | } |
967 | 0 | while (num_blks > 0); |
968 | |
|
969 | 0 | return stack_burn_size; |
970 | 0 | } |
971 | | |
972 | | |
973 | | /* Bulk encryption of complete blocks in CTR mode. This function is only |
974 | | intended for the bulk encryption feature of cipher.c. CTR is expected to be |
975 | | of size CAMELLIA_BLOCK_SIZE. */ |
976 | | static void |
977 | | _gcry_camellia_ctr_enc(void *context, unsigned char *ctr, |
978 | | void *outbuf_arg, const void *inbuf_arg, |
979 | | size_t nblocks) |
980 | 0 | { |
981 | 0 | CAMELLIA_context *ctx = context; |
982 | 0 | unsigned char *outbuf = outbuf_arg; |
983 | 0 | const unsigned char *inbuf = inbuf_arg; |
984 | 0 | int burn_stack_depth = 0; |
985 | |
|
986 | 0 | #ifdef USE_GFNI_AVX512 |
987 | 0 | if (ctx->use_gfni_avx512) |
988 | 0 | { |
989 | 0 | int did_use_gfni_avx512 = 0; |
990 | | |
991 | | /* Process data in 64 block chunks. */ |
992 | 0 | while (nblocks >= 64) |
993 | 0 | { |
994 | 0 | _gcry_camellia_gfni_avx512_ctr_enc (ctx, outbuf, inbuf, ctr); |
995 | 0 | nblocks -= 64; |
996 | 0 | outbuf += 64 * CAMELLIA_BLOCK_SIZE; |
997 | 0 | inbuf += 64 * CAMELLIA_BLOCK_SIZE; |
998 | 0 | did_use_gfni_avx512 = 1; |
999 | 0 | } |
1000 | |
|
1001 | 0 | if (did_use_gfni_avx512) |
1002 | 0 | { |
1003 | 0 | if (burn_stack_depth < avx512_burn_stack_depth) |
1004 | 0 | burn_stack_depth = avx512_burn_stack_depth; |
1005 | 0 | } |
1006 | | |
1007 | | /* Use generic code to handle smaller chunks... */ |
1008 | 0 | } |
1009 | 0 | #endif |
1010 | |
|
1011 | 0 | #ifdef USE_AESNI_AVX2 |
1012 | 0 | if (ctx->use_avx2) |
1013 | 0 | { |
1014 | 0 | int did_use_aesni_avx2 = 0; |
1015 | 0 | typeof (&_gcry_camellia_aesni_avx2_ctr_enc) bulk_ctr_fn = |
1016 | 0 | _gcry_camellia_aesni_avx2_ctr_enc; |
1017 | |
|
1018 | 0 | #ifdef USE_VAES_AVX2 |
1019 | 0 | if (ctx->use_vaes_avx2) |
1020 | 0 | bulk_ctr_fn =_gcry_camellia_vaes_avx2_ctr_enc; |
1021 | 0 | #endif |
1022 | 0 | #ifdef USE_GFNI_AVX2 |
1023 | 0 | if (ctx->use_gfni_avx2) |
1024 | 0 | bulk_ctr_fn =_gcry_camellia_gfni_avx2_ctr_enc; |
1025 | 0 | #endif |
1026 | | |
1027 | | /* Process data in 32 block chunks. */ |
1028 | 0 | while (nblocks >= 32) |
1029 | 0 | { |
1030 | 0 | bulk_ctr_fn (ctx, outbuf, inbuf, ctr); |
1031 | 0 | nblocks -= 32; |
1032 | 0 | outbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1033 | 0 | inbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1034 | 0 | did_use_aesni_avx2 = 1; |
1035 | 0 | } |
1036 | |
|
1037 | 0 | if (did_use_aesni_avx2) |
1038 | 0 | { |
1039 | 0 | if (burn_stack_depth < avx2_burn_stack_depth) |
1040 | 0 | burn_stack_depth = avx2_burn_stack_depth; |
1041 | 0 | } |
1042 | | |
1043 | | /* Use generic code to handle smaller chunks... */ |
1044 | 0 | } |
1045 | 0 | #endif |
1046 | |
|
1047 | 0 | #ifdef USE_AESNI_AVX |
1048 | 0 | if (ctx->use_aesni_avx) |
1049 | 0 | { |
1050 | 0 | int did_use_aesni_avx = 0; |
1051 | | |
1052 | | /* Process data in 16 block chunks. */ |
1053 | 0 | while (nblocks >= 16) |
1054 | 0 | { |
1055 | 0 | _gcry_camellia_aesni_avx_ctr_enc(ctx, outbuf, inbuf, ctr); |
1056 | |
|
1057 | 0 | nblocks -= 16; |
1058 | 0 | outbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1059 | 0 | inbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1060 | 0 | did_use_aesni_avx = 1; |
1061 | 0 | } |
1062 | |
|
1063 | 0 | if (did_use_aesni_avx) |
1064 | 0 | { |
1065 | 0 | if (burn_stack_depth < avx_burn_stack_depth) |
1066 | 0 | burn_stack_depth = avx_burn_stack_depth; |
1067 | 0 | } |
1068 | | |
1069 | | /* Use generic code to handle smaller chunks... */ |
1070 | 0 | } |
1071 | 0 | #endif |
1072 | | |
1073 | | /* Process remaining blocks. */ |
1074 | 0 | if (nblocks) |
1075 | 0 | { |
1076 | 0 | byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32]; |
1077 | 0 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1078 | 0 | size_t nburn; |
1079 | |
|
1080 | 0 | nburn = bulk_ctr_enc_128(ctx, camellia_encrypt_blk1_32, outbuf, inbuf, |
1081 | 0 | nblocks, ctr, tmpbuf, |
1082 | 0 | sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, &tmp_used); |
1083 | 0 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1084 | |
|
1085 | 0 | wipememory(tmpbuf, tmp_used); |
1086 | 0 | } |
1087 | |
|
1088 | 0 | if (burn_stack_depth) |
1089 | 0 | _gcry_burn_stack(burn_stack_depth); |
1090 | 0 | } |
1091 | | |
1092 | | /* Bulk decryption of complete blocks in CBC mode. This function is only |
1093 | | intended for the bulk encryption feature of cipher.c. */ |
1094 | | static void |
1095 | | _gcry_camellia_cbc_dec(void *context, unsigned char *iv, |
1096 | | void *outbuf_arg, const void *inbuf_arg, |
1097 | | size_t nblocks) |
1098 | 10 | { |
1099 | 10 | CAMELLIA_context *ctx = context; |
1100 | 10 | unsigned char *outbuf = outbuf_arg; |
1101 | 10 | const unsigned char *inbuf = inbuf_arg; |
1102 | 10 | int burn_stack_depth = 0; |
1103 | | |
1104 | 10 | #ifdef USE_GFNI_AVX512 |
1105 | 10 | if (ctx->use_gfni_avx512) |
1106 | 0 | { |
1107 | 0 | int did_use_gfni_avx512 = 0; |
1108 | | |
1109 | | /* Process data in 64 block chunks. */ |
1110 | 0 | while (nblocks >= 64) |
1111 | 0 | { |
1112 | 0 | _gcry_camellia_gfni_avx512_cbc_dec (ctx, outbuf, inbuf, iv); |
1113 | 0 | nblocks -= 64; |
1114 | 0 | outbuf += 64 * CAMELLIA_BLOCK_SIZE; |
1115 | 0 | inbuf += 64 * CAMELLIA_BLOCK_SIZE; |
1116 | 0 | did_use_gfni_avx512 = 1; |
1117 | 0 | } |
1118 | |
|
1119 | 0 | if (did_use_gfni_avx512) |
1120 | 0 | { |
1121 | 0 | if (burn_stack_depth < avx512_burn_stack_depth) |
1122 | 0 | burn_stack_depth = avx512_burn_stack_depth; |
1123 | 0 | } |
1124 | | |
1125 | | /* Use generic code to handle smaller chunks... */ |
1126 | 0 | } |
1127 | 10 | #endif |
1128 | | |
1129 | 10 | #ifdef USE_AESNI_AVX2 |
1130 | 10 | if (ctx->use_avx2) |
1131 | 10 | { |
1132 | 10 | int did_use_aesni_avx2 = 0; |
1133 | 10 | typeof (&_gcry_camellia_aesni_avx2_cbc_dec) bulk_cbc_fn = |
1134 | 10 | _gcry_camellia_aesni_avx2_cbc_dec; |
1135 | | |
1136 | 10 | #ifdef USE_VAES_AVX2 |
1137 | 10 | if (ctx->use_vaes_avx2) |
1138 | 0 | bulk_cbc_fn =_gcry_camellia_vaes_avx2_cbc_dec; |
1139 | 10 | #endif |
1140 | 10 | #ifdef USE_GFNI_AVX2 |
1141 | 10 | if (ctx->use_gfni_avx2) |
1142 | 0 | bulk_cbc_fn =_gcry_camellia_gfni_avx2_cbc_dec; |
1143 | 10 | #endif |
1144 | | |
1145 | | /* Process data in 32 block chunks. */ |
1146 | 10 | while (nblocks >= 32) |
1147 | 0 | { |
1148 | 0 | bulk_cbc_fn (ctx, outbuf, inbuf, iv); |
1149 | 0 | nblocks -= 32; |
1150 | 0 | outbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1151 | 0 | inbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1152 | 0 | did_use_aesni_avx2 = 1; |
1153 | 0 | } |
1154 | | |
1155 | 10 | if (did_use_aesni_avx2) |
1156 | 0 | { |
1157 | 0 | if (burn_stack_depth < avx2_burn_stack_depth) |
1158 | 0 | burn_stack_depth = avx2_burn_stack_depth; |
1159 | 0 | } |
1160 | | |
1161 | | /* Use generic code to handle smaller chunks... */ |
1162 | 10 | } |
1163 | 10 | #endif |
1164 | | |
1165 | 10 | #ifdef USE_AESNI_AVX |
1166 | 10 | if (ctx->use_aesni_avx) |
1167 | 10 | { |
1168 | 10 | int did_use_aesni_avx = 0; |
1169 | | |
1170 | | /* Process data in 16 block chunks. */ |
1171 | 10 | while (nblocks >= 16) |
1172 | 0 | { |
1173 | 0 | _gcry_camellia_aesni_avx_cbc_dec(ctx, outbuf, inbuf, iv); |
1174 | |
|
1175 | 0 | nblocks -= 16; |
1176 | 0 | outbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1177 | 0 | inbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1178 | 0 | did_use_aesni_avx = 1; |
1179 | 0 | } |
1180 | | |
1181 | 10 | if (did_use_aesni_avx) |
1182 | 0 | { |
1183 | 0 | if (burn_stack_depth < avx_burn_stack_depth) |
1184 | 0 | burn_stack_depth = avx_burn_stack_depth; |
1185 | 0 | } |
1186 | | |
1187 | | /* Use generic code to handle smaller chunks... */ |
1188 | 10 | } |
1189 | 10 | #endif |
1190 | | |
1191 | | /* Process remaining blocks. */ |
1192 | 10 | if (nblocks) |
1193 | 10 | { |
1194 | 10 | byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32]; |
1195 | 10 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1196 | 10 | size_t nburn; |
1197 | | |
1198 | 10 | nburn = bulk_cbc_dec_128(ctx, camellia_decrypt_blk1_32, outbuf, inbuf, |
1199 | 10 | nblocks, iv, tmpbuf, |
1200 | 10 | sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, &tmp_used); |
1201 | 10 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1202 | | |
1203 | 10 | wipememory(tmpbuf, tmp_used); |
1204 | 10 | } |
1205 | | |
1206 | 10 | if (burn_stack_depth) |
1207 | 10 | _gcry_burn_stack(burn_stack_depth); |
1208 | 10 | } |
1209 | | |
1210 | | /* Bulk decryption of complete blocks in CFB mode. This function is only |
1211 | | intended for the bulk encryption feature of cipher.c. */ |
1212 | | static void |
1213 | | _gcry_camellia_cfb_dec(void *context, unsigned char *iv, |
1214 | | void *outbuf_arg, const void *inbuf_arg, |
1215 | | size_t nblocks) |
1216 | 1 | { |
1217 | 1 | CAMELLIA_context *ctx = context; |
1218 | 1 | unsigned char *outbuf = outbuf_arg; |
1219 | 1 | const unsigned char *inbuf = inbuf_arg; |
1220 | 1 | int burn_stack_depth = 0; |
1221 | | |
1222 | 1 | #ifdef USE_GFNI_AVX512 |
1223 | 1 | if (ctx->use_gfni_avx512) |
1224 | 0 | { |
1225 | 0 | int did_use_gfni_avx512 = 0; |
1226 | | |
1227 | | /* Process data in 64 block chunks. */ |
1228 | 0 | while (nblocks >= 64) |
1229 | 0 | { |
1230 | 0 | _gcry_camellia_gfni_avx512_cfb_dec (ctx, outbuf, inbuf, iv); |
1231 | 0 | nblocks -= 64; |
1232 | 0 | outbuf += 64 * CAMELLIA_BLOCK_SIZE; |
1233 | 0 | inbuf += 64 * CAMELLIA_BLOCK_SIZE; |
1234 | 0 | did_use_gfni_avx512 = 1; |
1235 | 0 | } |
1236 | |
|
1237 | 0 | if (did_use_gfni_avx512) |
1238 | 0 | { |
1239 | 0 | if (burn_stack_depth < avx512_burn_stack_depth) |
1240 | 0 | burn_stack_depth = avx512_burn_stack_depth; |
1241 | 0 | } |
1242 | | |
1243 | | /* Use generic code to handle smaller chunks... */ |
1244 | 0 | } |
1245 | 1 | #endif |
1246 | | |
1247 | 1 | #ifdef USE_AESNI_AVX2 |
1248 | 1 | if (ctx->use_avx2) |
1249 | 1 | { |
1250 | 1 | int did_use_aesni_avx2 = 0; |
1251 | 1 | typeof (&_gcry_camellia_aesni_avx2_cfb_dec) bulk_cfb_fn = |
1252 | 1 | _gcry_camellia_aesni_avx2_cfb_dec; |
1253 | | |
1254 | 1 | #ifdef USE_VAES_AVX2 |
1255 | 1 | if (ctx->use_vaes_avx2) |
1256 | 0 | bulk_cfb_fn =_gcry_camellia_vaes_avx2_cfb_dec; |
1257 | 1 | #endif |
1258 | 1 | #ifdef USE_GFNI_AVX2 |
1259 | 1 | if (ctx->use_gfni_avx2) |
1260 | 0 | bulk_cfb_fn =_gcry_camellia_gfni_avx2_cfb_dec; |
1261 | 1 | #endif |
1262 | | |
1263 | | /* Process data in 32 block chunks. */ |
1264 | 1 | while (nblocks >= 32) |
1265 | 0 | { |
1266 | 0 | bulk_cfb_fn (ctx, outbuf, inbuf, iv); |
1267 | 0 | nblocks -= 32; |
1268 | 0 | outbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1269 | 0 | inbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1270 | 0 | did_use_aesni_avx2 = 1; |
1271 | 0 | } |
1272 | | |
1273 | 1 | if (did_use_aesni_avx2) |
1274 | 0 | { |
1275 | 0 | if (burn_stack_depth < avx2_burn_stack_depth) |
1276 | 0 | burn_stack_depth = avx2_burn_stack_depth; |
1277 | 0 | } |
1278 | | |
1279 | | /* Use generic code to handle smaller chunks... */ |
1280 | 1 | } |
1281 | 1 | #endif |
1282 | | |
1283 | 1 | #ifdef USE_AESNI_AVX |
1284 | 1 | if (ctx->use_aesni_avx) |
1285 | 1 | { |
1286 | 1 | int did_use_aesni_avx = 0; |
1287 | | |
1288 | | /* Process data in 16 block chunks. */ |
1289 | 1 | while (nblocks >= 16) |
1290 | 0 | { |
1291 | 0 | _gcry_camellia_aesni_avx_cfb_dec(ctx, outbuf, inbuf, iv); |
1292 | |
|
1293 | 0 | nblocks -= 16; |
1294 | 0 | outbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1295 | 0 | inbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1296 | 0 | did_use_aesni_avx = 1; |
1297 | 0 | } |
1298 | | |
1299 | 1 | if (did_use_aesni_avx) |
1300 | 0 | { |
1301 | 0 | if (burn_stack_depth < avx_burn_stack_depth) |
1302 | 0 | burn_stack_depth = avx_burn_stack_depth; |
1303 | 0 | } |
1304 | | |
1305 | | /* Use generic code to handle smaller chunks... */ |
1306 | 1 | } |
1307 | 1 | #endif |
1308 | | |
1309 | | /* Process remaining blocks. */ |
1310 | 1 | if (nblocks) |
1311 | 1 | { |
1312 | 1 | byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32]; |
1313 | 1 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1314 | 1 | size_t nburn; |
1315 | | |
1316 | 1 | nburn = bulk_cfb_dec_128(ctx, camellia_encrypt_blk1_32, outbuf, inbuf, |
1317 | 1 | nblocks, iv, tmpbuf, |
1318 | 1 | sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, &tmp_used); |
1319 | 1 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1320 | | |
1321 | 1 | wipememory(tmpbuf, tmp_used); |
1322 | 1 | } |
1323 | | |
1324 | 1 | if (burn_stack_depth) |
1325 | 1 | _gcry_burn_stack(burn_stack_depth); |
1326 | 1 | } |
1327 | | |
1328 | | /* Bulk encryption/decryption in ECB mode. */ |
1329 | | static void |
1330 | | _gcry_camellia_ecb_crypt (void *context, void *outbuf_arg, |
1331 | | const void *inbuf_arg, size_t nblocks, int encrypt) |
1332 | 0 | { |
1333 | 0 | CAMELLIA_context *ctx = context; |
1334 | 0 | unsigned char *outbuf = outbuf_arg; |
1335 | 0 | const unsigned char *inbuf = inbuf_arg; |
1336 | 0 | int burn_stack_depth = 0; |
1337 | | |
1338 | | /* Process remaining blocks. */ |
1339 | 0 | if (nblocks) |
1340 | 0 | { |
1341 | 0 | size_t nburn; |
1342 | |
|
1343 | 0 | nburn = bulk_ecb_crypt_128(ctx, encrypt ? camellia_encrypt_blk1_64 |
1344 | 0 | : camellia_decrypt_blk1_64, |
1345 | 0 | outbuf, inbuf, nblocks, 64); |
1346 | 0 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1347 | 0 | } |
1348 | |
|
1349 | 0 | if (burn_stack_depth) |
1350 | 0 | _gcry_burn_stack(burn_stack_depth); |
1351 | 0 | } |
1352 | | |
1353 | | /* Bulk encryption/decryption of complete blocks in XTS mode. */ |
1354 | | static void |
1355 | | _gcry_camellia_xts_crypt (void *context, unsigned char *tweak, |
1356 | | void *outbuf_arg, const void *inbuf_arg, |
1357 | | size_t nblocks, int encrypt) |
1358 | 0 | { |
1359 | 0 | CAMELLIA_context *ctx = context; |
1360 | 0 | unsigned char *outbuf = outbuf_arg; |
1361 | 0 | const unsigned char *inbuf = inbuf_arg; |
1362 | 0 | int burn_stack_depth = 0; |
1363 | | |
1364 | | /* Process remaining blocks. */ |
1365 | 0 | if (nblocks) |
1366 | 0 | { |
1367 | 0 | byte tmpbuf[CAMELLIA_BLOCK_SIZE * 64]; |
1368 | 0 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1369 | 0 | size_t nburn; |
1370 | |
|
1371 | 0 | nburn = bulk_xts_crypt_128(ctx, encrypt ? camellia_encrypt_blk1_64 |
1372 | 0 | : camellia_decrypt_blk1_64, |
1373 | 0 | outbuf, inbuf, nblocks, tweak, tmpbuf, |
1374 | 0 | sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, |
1375 | 0 | &tmp_used); |
1376 | 0 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1377 | |
|
1378 | 0 | wipememory(tmpbuf, tmp_used); |
1379 | 0 | } |
1380 | |
|
1381 | 0 | if (burn_stack_depth) |
1382 | 0 | _gcry_burn_stack(burn_stack_depth); |
1383 | 0 | } |
1384 | | |
1385 | | /* Bulk encryption of complete blocks in CTR32LE mode (for GCM-SIV). */ |
1386 | | static void |
1387 | | _gcry_camellia_ctr32le_enc(void *context, unsigned char *ctr, |
1388 | | void *outbuf_arg, const void *inbuf_arg, |
1389 | | size_t nblocks) |
1390 | 0 | { |
1391 | 0 | CAMELLIA_context *ctx = context; |
1392 | 0 | byte *outbuf = outbuf_arg; |
1393 | 0 | const byte *inbuf = inbuf_arg; |
1394 | 0 | int burn_stack_depth = 0; |
1395 | | |
1396 | | /* Process remaining blocks. */ |
1397 | 0 | if (nblocks) |
1398 | 0 | { |
1399 | 0 | byte tmpbuf[64 * CAMELLIA_BLOCK_SIZE]; |
1400 | 0 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1401 | 0 | size_t nburn; |
1402 | |
|
1403 | 0 | nburn = bulk_ctr32le_enc_128 (ctx, camellia_encrypt_blk1_64, outbuf, |
1404 | 0 | inbuf, nblocks, ctr, tmpbuf, |
1405 | 0 | sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, |
1406 | 0 | &tmp_used); |
1407 | 0 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1408 | |
|
1409 | 0 | wipememory (tmpbuf, tmp_used); |
1410 | 0 | } |
1411 | |
|
1412 | 0 | if (burn_stack_depth) |
1413 | 0 | _gcry_burn_stack (burn_stack_depth); |
1414 | 0 | } |
1415 | | |
1416 | | /* Bulk encryption/decryption of complete blocks in OCB mode. */ |
1417 | | static size_t |
1418 | | _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, |
1419 | | const void *inbuf_arg, size_t nblocks, int encrypt) |
1420 | 0 | { |
1421 | 0 | #if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2) |
1422 | 0 | CAMELLIA_context *ctx = (void *)&c->context.c; |
1423 | 0 | unsigned char *outbuf = outbuf_arg; |
1424 | 0 | const unsigned char *inbuf = inbuf_arg; |
1425 | 0 | int burn_stack_depth = 0; |
1426 | 0 | u64 blkn = c->u_mode.ocb.data_nblocks; |
1427 | |
|
1428 | | #else |
1429 | | (void)c; |
1430 | | (void)outbuf_arg; |
1431 | | (void)inbuf_arg; |
1432 | | (void)encrypt; |
1433 | | #endif |
1434 | |
|
1435 | 0 | #ifdef USE_GFNI_AVX512 |
1436 | 0 | if (ctx->use_gfni_avx512) |
1437 | 0 | { |
1438 | 0 | int did_use_gfni_avx512 = 0; |
1439 | 0 | u64 Ls[64]; |
1440 | 0 | u64 *l; |
1441 | |
|
1442 | 0 | if (nblocks >= 64) |
1443 | 0 | { |
1444 | 0 | typeof (&_gcry_camellia_gfni_avx512_ocb_dec) bulk_ocb_fn = |
1445 | 0 | encrypt ? _gcry_camellia_gfni_avx512_ocb_enc |
1446 | 0 | : _gcry_camellia_gfni_avx512_ocb_dec; |
1447 | 0 | l = bulk_ocb_prepare_L_pointers_array_blk64 (c, Ls, blkn); |
1448 | | |
1449 | | /* Process data in 64 block chunks. */ |
1450 | 0 | while (nblocks >= 64) |
1451 | 0 | { |
1452 | 0 | blkn += 64; |
1453 | 0 | *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 64); |
1454 | |
|
1455 | 0 | bulk_ocb_fn (ctx, outbuf, inbuf, c->u_iv.iv, c->u_ctr.ctr, Ls); |
1456 | |
|
1457 | 0 | nblocks -= 64; |
1458 | 0 | outbuf += 64 * CAMELLIA_BLOCK_SIZE; |
1459 | 0 | inbuf += 64 * CAMELLIA_BLOCK_SIZE; |
1460 | 0 | did_use_gfni_avx512 = 1; |
1461 | 0 | } |
1462 | 0 | } |
1463 | |
|
1464 | 0 | if (did_use_gfni_avx512) |
1465 | 0 | { |
1466 | 0 | if (burn_stack_depth < avx2_burn_stack_depth) |
1467 | 0 | burn_stack_depth = avx2_burn_stack_depth; |
1468 | 0 | } |
1469 | | |
1470 | | /* Use generic code to handle smaller chunks... */ |
1471 | 0 | } |
1472 | 0 | #endif |
1473 | |
|
1474 | 0 | #ifdef USE_AESNI_AVX2 |
1475 | 0 | if (ctx->use_avx2) |
1476 | 0 | { |
1477 | 0 | int did_use_aesni_avx2 = 0; |
1478 | 0 | u64 Ls[32]; |
1479 | 0 | u64 *l; |
1480 | |
|
1481 | 0 | if (nblocks >= 32) |
1482 | 0 | { |
1483 | 0 | typeof (&_gcry_camellia_aesni_avx2_ocb_dec) bulk_ocb_fn = |
1484 | 0 | encrypt ? _gcry_camellia_aesni_avx2_ocb_enc |
1485 | 0 | : _gcry_camellia_aesni_avx2_ocb_dec; |
1486 | |
|
1487 | 0 | #ifdef USE_VAES_AVX2 |
1488 | 0 | if (ctx->use_vaes_avx2) |
1489 | 0 | bulk_ocb_fn = encrypt ? _gcry_camellia_vaes_avx2_ocb_enc |
1490 | 0 | : _gcry_camellia_vaes_avx2_ocb_dec; |
1491 | 0 | #endif |
1492 | 0 | #ifdef USE_GFNI_AVX2 |
1493 | 0 | if (ctx->use_gfni_avx2) |
1494 | 0 | bulk_ocb_fn = encrypt ? _gcry_camellia_gfni_avx2_ocb_enc |
1495 | 0 | : _gcry_camellia_gfni_avx2_ocb_dec; |
1496 | 0 | #endif |
1497 | 0 | l = bulk_ocb_prepare_L_pointers_array_blk32 (c, Ls, blkn); |
1498 | | |
1499 | | /* Process data in 32 block chunks. */ |
1500 | 0 | while (nblocks >= 32) |
1501 | 0 | { |
1502 | 0 | blkn += 32; |
1503 | 0 | *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 32); |
1504 | |
|
1505 | 0 | bulk_ocb_fn (ctx, outbuf, inbuf, c->u_iv.iv, c->u_ctr.ctr, Ls); |
1506 | |
|
1507 | 0 | nblocks -= 32; |
1508 | 0 | outbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1509 | 0 | inbuf += 32 * CAMELLIA_BLOCK_SIZE; |
1510 | 0 | did_use_aesni_avx2 = 1; |
1511 | 0 | } |
1512 | 0 | } |
1513 | |
|
1514 | 0 | if (did_use_aesni_avx2) |
1515 | 0 | { |
1516 | 0 | if (burn_stack_depth < avx2_burn_stack_depth) |
1517 | 0 | burn_stack_depth = avx2_burn_stack_depth; |
1518 | 0 | } |
1519 | | |
1520 | | /* Use generic code to handle smaller chunks... */ |
1521 | 0 | } |
1522 | 0 | #endif |
1523 | |
|
1524 | 0 | #ifdef USE_AESNI_AVX |
1525 | 0 | if (ctx->use_aesni_avx) |
1526 | 0 | { |
1527 | 0 | int did_use_aesni_avx = 0; |
1528 | 0 | u64 Ls[16]; |
1529 | 0 | u64 *l; |
1530 | |
|
1531 | 0 | if (nblocks >= 16) |
1532 | 0 | { |
1533 | 0 | l = bulk_ocb_prepare_L_pointers_array_blk16 (c, Ls, blkn); |
1534 | | |
1535 | | /* Process data in 16 block chunks. */ |
1536 | 0 | while (nblocks >= 16) |
1537 | 0 | { |
1538 | 0 | blkn += 16; |
1539 | 0 | *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16); |
1540 | |
|
1541 | 0 | if (encrypt) |
1542 | 0 | _gcry_camellia_aesni_avx_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, |
1543 | 0 | c->u_ctr.ctr, Ls); |
1544 | 0 | else |
1545 | 0 | _gcry_camellia_aesni_avx_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, |
1546 | 0 | c->u_ctr.ctr, Ls); |
1547 | |
|
1548 | 0 | nblocks -= 16; |
1549 | 0 | outbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1550 | 0 | inbuf += 16 * CAMELLIA_BLOCK_SIZE; |
1551 | 0 | did_use_aesni_avx = 1; |
1552 | 0 | } |
1553 | 0 | } |
1554 | |
|
1555 | 0 | if (did_use_aesni_avx) |
1556 | 0 | { |
1557 | 0 | if (burn_stack_depth < avx_burn_stack_depth) |
1558 | 0 | burn_stack_depth = avx_burn_stack_depth; |
1559 | 0 | } |
1560 | | |
1561 | | /* Use generic code to handle smaller chunks... */ |
1562 | 0 | } |
1563 | 0 | #endif |
1564 | |
|
1565 | 0 | #if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2) |
1566 | | /* Process remaining blocks. */ |
1567 | 0 | if (nblocks) |
1568 | 0 | { |
1569 | 0 | byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32]; |
1570 | 0 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1571 | 0 | size_t nburn; |
1572 | |
|
1573 | 0 | nburn = bulk_ocb_crypt_128 (c, ctx, encrypt ? camellia_encrypt_blk1_32 |
1574 | 0 | : camellia_decrypt_blk1_32, |
1575 | 0 | outbuf, inbuf, nblocks, &blkn, encrypt, |
1576 | 0 | tmpbuf, sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, |
1577 | 0 | &tmp_used); |
1578 | 0 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1579 | |
|
1580 | 0 | wipememory(tmpbuf, tmp_used); |
1581 | 0 | nblocks = 0; |
1582 | 0 | } |
1583 | |
|
1584 | 0 | c->u_mode.ocb.data_nblocks = blkn; |
1585 | |
|
1586 | 0 | if (burn_stack_depth) |
1587 | 0 | _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *)); |
1588 | 0 | #endif |
1589 | |
|
1590 | 0 | return nblocks; |
1591 | 0 | } |
1592 | | |
1593 | | /* Bulk authentication of complete blocks in OCB mode. */ |
1594 | | static size_t |
1595 | | _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, |
1596 | | size_t nblocks) |
1597 | 0 | { |
1598 | 0 | #if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2) |
1599 | 0 | CAMELLIA_context *ctx = (void *)&c->context.c; |
1600 | 0 | const unsigned char *abuf = abuf_arg; |
1601 | 0 | int burn_stack_depth = 0; |
1602 | 0 | u64 blkn = c->u_mode.ocb.aad_nblocks; |
1603 | | #else |
1604 | | (void)c; |
1605 | | (void)abuf_arg; |
1606 | | #endif |
1607 | |
|
1608 | 0 | #ifdef USE_AESNI_AVX2 |
1609 | 0 | if (ctx->use_avx2) |
1610 | 0 | { |
1611 | 0 | int did_use_aesni_avx2 = 0; |
1612 | 0 | u64 Ls[32]; |
1613 | 0 | u64 *l; |
1614 | |
|
1615 | 0 | if (nblocks >= 32) |
1616 | 0 | { |
1617 | 0 | typeof (&_gcry_camellia_aesni_avx2_ocb_auth) bulk_auth_fn = |
1618 | 0 | _gcry_camellia_aesni_avx2_ocb_auth; |
1619 | |
|
1620 | 0 | #ifdef USE_VAES_AVX2 |
1621 | 0 | if (ctx->use_vaes_avx2) |
1622 | 0 | bulk_auth_fn = _gcry_camellia_vaes_avx2_ocb_auth; |
1623 | 0 | #endif |
1624 | 0 | #ifdef USE_GFNI_AVX2 |
1625 | 0 | if (ctx->use_gfni_avx2) |
1626 | 0 | bulk_auth_fn = _gcry_camellia_gfni_avx2_ocb_auth; |
1627 | 0 | #endif |
1628 | |
|
1629 | 0 | l = bulk_ocb_prepare_L_pointers_array_blk32 (c, Ls, blkn); |
1630 | | |
1631 | | /* Process data in 32 block chunks. */ |
1632 | 0 | while (nblocks >= 32) |
1633 | 0 | { |
1634 | 0 | blkn += 32; |
1635 | 0 | *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 32); |
1636 | |
|
1637 | 0 | bulk_auth_fn (ctx, abuf, c->u_mode.ocb.aad_offset, |
1638 | 0 | c->u_mode.ocb.aad_sum, Ls); |
1639 | |
|
1640 | 0 | nblocks -= 32; |
1641 | 0 | abuf += 32 * CAMELLIA_BLOCK_SIZE; |
1642 | 0 | did_use_aesni_avx2 = 1; |
1643 | 0 | } |
1644 | 0 | } |
1645 | |
|
1646 | 0 | if (did_use_aesni_avx2) |
1647 | 0 | { |
1648 | 0 | if (burn_stack_depth < avx2_burn_stack_depth) |
1649 | 0 | burn_stack_depth = avx2_burn_stack_depth; |
1650 | 0 | } |
1651 | | |
1652 | | /* Use generic code to handle smaller chunks... */ |
1653 | 0 | } |
1654 | 0 | #endif |
1655 | |
|
1656 | 0 | #ifdef USE_AESNI_AVX |
1657 | 0 | if (ctx->use_aesni_avx) |
1658 | 0 | { |
1659 | 0 | int did_use_aesni_avx = 0; |
1660 | 0 | u64 Ls[16]; |
1661 | 0 | u64 *l; |
1662 | |
|
1663 | 0 | if (nblocks >= 16) |
1664 | 0 | { |
1665 | 0 | l = bulk_ocb_prepare_L_pointers_array_blk16 (c, Ls, blkn); |
1666 | | |
1667 | | /* Process data in 16 block chunks. */ |
1668 | 0 | while (nblocks >= 16) |
1669 | 0 | { |
1670 | 0 | blkn += 16; |
1671 | 0 | *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16); |
1672 | |
|
1673 | 0 | _gcry_camellia_aesni_avx_ocb_auth(ctx, abuf, |
1674 | 0 | c->u_mode.ocb.aad_offset, |
1675 | 0 | c->u_mode.ocb.aad_sum, Ls); |
1676 | |
|
1677 | 0 | nblocks -= 16; |
1678 | 0 | abuf += 16 * CAMELLIA_BLOCK_SIZE; |
1679 | 0 | did_use_aesni_avx = 1; |
1680 | 0 | } |
1681 | 0 | } |
1682 | |
|
1683 | 0 | if (did_use_aesni_avx) |
1684 | 0 | { |
1685 | 0 | if (burn_stack_depth < avx_burn_stack_depth) |
1686 | 0 | burn_stack_depth = avx_burn_stack_depth; |
1687 | 0 | } |
1688 | | |
1689 | | /* Use generic code to handle smaller chunks... */ |
1690 | 0 | } |
1691 | 0 | #endif |
1692 | |
|
1693 | 0 | #if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2) |
1694 | | /* Process remaining blocks. */ |
1695 | 0 | if (nblocks) |
1696 | 0 | { |
1697 | 0 | byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32]; |
1698 | 0 | unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; |
1699 | 0 | size_t nburn; |
1700 | |
|
1701 | 0 | nburn = bulk_ocb_auth_128 (c, ctx, camellia_encrypt_blk1_32, |
1702 | 0 | abuf, nblocks, &blkn, tmpbuf, |
1703 | 0 | sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, |
1704 | 0 | &tmp_used); |
1705 | 0 | burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; |
1706 | |
|
1707 | 0 | wipememory(tmpbuf, tmp_used); |
1708 | 0 | nblocks = 0; |
1709 | 0 | } |
1710 | |
|
1711 | 0 | c->u_mode.ocb.aad_nblocks = blkn; |
1712 | |
|
1713 | 0 | if (burn_stack_depth) |
1714 | 0 | _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *)); |
1715 | 0 | #endif |
1716 | |
|
1717 | 0 | return nblocks; |
1718 | 0 | } |
1719 | | |
1720 | | |
1721 | | static const char * |
1722 | | selftest(void) |
1723 | 5 | { |
1724 | 5 | CAMELLIA_context ctx; |
1725 | 5 | byte scratch[16]; |
1726 | 5 | cipher_bulk_ops_t bulk_ops; |
1727 | | |
1728 | | /* These test vectors are from RFC-3713 */ |
1729 | 5 | static const byte plaintext[]= |
1730 | 5 | { |
1731 | 5 | 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, |
1732 | 5 | 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 |
1733 | 5 | }; |
1734 | 5 | static const byte key_128[]= |
1735 | 5 | { |
1736 | 5 | 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, |
1737 | 5 | 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 |
1738 | 5 | }; |
1739 | 5 | static const byte ciphertext_128[]= |
1740 | 5 | { |
1741 | 5 | 0x67,0x67,0x31,0x38,0x54,0x96,0x69,0x73, |
1742 | 5 | 0x08,0x57,0x06,0x56,0x48,0xea,0xbe,0x43 |
1743 | 5 | }; |
1744 | 5 | static const byte key_192[]= |
1745 | 5 | { |
1746 | 5 | 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98, |
1747 | 5 | 0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77 |
1748 | 5 | }; |
1749 | 5 | static const byte ciphertext_192[]= |
1750 | 5 | { |
1751 | 5 | 0xb4,0x99,0x34,0x01,0xb3,0xe9,0x96,0xf8, |
1752 | 5 | 0x4e,0xe5,0xce,0xe7,0xd7,0x9b,0x09,0xb9 |
1753 | 5 | }; |
1754 | 5 | static const byte key_256[]= |
1755 | 5 | { |
1756 | 5 | 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba, |
1757 | 5 | 0x98,0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55, |
1758 | 5 | 0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff |
1759 | 5 | }; |
1760 | 5 | static const byte ciphertext_256[]= |
1761 | 5 | { |
1762 | 5 | 0x9a,0xcc,0x23,0x7d,0xff,0x16,0xd7,0x6c, |
1763 | 5 | 0x20,0xef,0x7c,0x91,0x9e,0x3a,0x75,0x09 |
1764 | 5 | }; |
1765 | | |
1766 | 5 | camellia_setkey(&ctx,key_128,sizeof(key_128),&bulk_ops); |
1767 | 5 | camellia_encrypt(&ctx,scratch,plaintext); |
1768 | 5 | if(memcmp(scratch,ciphertext_128,sizeof(ciphertext_128))!=0) |
1769 | 0 | return "CAMELLIA-128 test encryption failed."; |
1770 | 5 | camellia_decrypt(&ctx,scratch,scratch); |
1771 | 5 | if(memcmp(scratch,plaintext,sizeof(plaintext))!=0) |
1772 | 0 | return "CAMELLIA-128 test decryption failed."; |
1773 | | |
1774 | 5 | camellia_setkey(&ctx,key_192,sizeof(key_192),&bulk_ops); |
1775 | 5 | camellia_encrypt(&ctx,scratch,plaintext); |
1776 | 5 | if(memcmp(scratch,ciphertext_192,sizeof(ciphertext_192))!=0) |
1777 | 0 | return "CAMELLIA-192 test encryption failed."; |
1778 | 5 | camellia_decrypt(&ctx,scratch,scratch); |
1779 | 5 | if(memcmp(scratch,plaintext,sizeof(plaintext))!=0) |
1780 | 0 | return "CAMELLIA-192 test decryption failed."; |
1781 | | |
1782 | 5 | camellia_setkey(&ctx,key_256,sizeof(key_256),&bulk_ops); |
1783 | 5 | camellia_encrypt(&ctx,scratch,plaintext); |
1784 | 5 | if(memcmp(scratch,ciphertext_256,sizeof(ciphertext_256))!=0) |
1785 | 0 | return "CAMELLIA-256 test encryption failed."; |
1786 | 5 | camellia_decrypt(&ctx,scratch,scratch); |
1787 | 5 | if(memcmp(scratch,plaintext,sizeof(plaintext))!=0) |
1788 | 0 | return "CAMELLIA-256 test decryption failed."; |
1789 | | |
1790 | 5 | return NULL; |
1791 | 5 | } |
1792 | | |
1793 | | /* These oids are from |
1794 | | <http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications_oid.html>, |
1795 | | retrieved May 1, 2007. */ |
1796 | | |
1797 | | static const gcry_cipher_oid_spec_t camellia128_oids[] = |
1798 | | { |
1799 | | {"1.2.392.200011.61.1.1.1.2", GCRY_CIPHER_MODE_CBC}, |
1800 | | {"0.3.4401.5.3.1.9.1", GCRY_CIPHER_MODE_ECB}, |
1801 | | {"0.3.4401.5.3.1.9.3", GCRY_CIPHER_MODE_OFB}, |
1802 | | {"0.3.4401.5.3.1.9.4", GCRY_CIPHER_MODE_CFB}, |
1803 | | { NULL } |
1804 | | }; |
1805 | | |
1806 | | static const gcry_cipher_oid_spec_t camellia192_oids[] = |
1807 | | { |
1808 | | {"1.2.392.200011.61.1.1.1.3", GCRY_CIPHER_MODE_CBC}, |
1809 | | {"0.3.4401.5.3.1.9.21", GCRY_CIPHER_MODE_ECB}, |
1810 | | {"0.3.4401.5.3.1.9.23", GCRY_CIPHER_MODE_OFB}, |
1811 | | {"0.3.4401.5.3.1.9.24", GCRY_CIPHER_MODE_CFB}, |
1812 | | { NULL } |
1813 | | }; |
1814 | | |
1815 | | static const gcry_cipher_oid_spec_t camellia256_oids[] = |
1816 | | { |
1817 | | {"1.2.392.200011.61.1.1.1.4", GCRY_CIPHER_MODE_CBC}, |
1818 | | {"0.3.4401.5.3.1.9.41", GCRY_CIPHER_MODE_ECB}, |
1819 | | {"0.3.4401.5.3.1.9.43", GCRY_CIPHER_MODE_OFB}, |
1820 | | {"0.3.4401.5.3.1.9.44", GCRY_CIPHER_MODE_CFB}, |
1821 | | { NULL } |
1822 | | }; |
1823 | | |
1824 | | gcry_cipher_spec_t _gcry_cipher_spec_camellia128 = |
1825 | | { |
1826 | | GCRY_CIPHER_CAMELLIA128, {0, 0}, |
1827 | | "CAMELLIA128",NULL,camellia128_oids,CAMELLIA_BLOCK_SIZE,128, |
1828 | | sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt |
1829 | | }; |
1830 | | |
1831 | | gcry_cipher_spec_t _gcry_cipher_spec_camellia192 = |
1832 | | { |
1833 | | GCRY_CIPHER_CAMELLIA192, {0, 0}, |
1834 | | "CAMELLIA192",NULL,camellia192_oids,CAMELLIA_BLOCK_SIZE,192, |
1835 | | sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt |
1836 | | }; |
1837 | | |
1838 | | gcry_cipher_spec_t _gcry_cipher_spec_camellia256 = |
1839 | | { |
1840 | | GCRY_CIPHER_CAMELLIA256, {0, 0}, |
1841 | | "CAMELLIA256",NULL,camellia256_oids,CAMELLIA_BLOCK_SIZE,256, |
1842 | | sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt |
1843 | | }; |