/src/mbedtls/library/camellia.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Camellia implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6		*/
7		/*
8		* The Camellia block cipher was designed by NTT and Mitsubishi Electric
9		* Corporation.
10		*
11		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
12		*/
13
14		#include "common.h"
15
16		#if defined(MBEDTLS_CAMELLIA_C)
17
18		#include "mbedtls/camellia.h"
19		#include "mbedtls/platform_util.h"
20
21		#include <string.h>
22
23		#include "mbedtls/platform.h"
24
25		#if !defined(MBEDTLS_CAMELLIA_ALT)
26
27		static const unsigned char SIGMA_CHARS[6][8] =
28		{
29		{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
30		{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
31		{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
32		{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
33		{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
34		{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
35		};
36
37		#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
38
39		static const unsigned char FSb[256] =
40		{
41		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
42		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
43		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
44		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
45		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
46		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
47		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
48		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
49		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
50		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
51		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
52		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
53		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
54		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
55		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
56		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
57		};
58
59		#define SBOX1(n) FSb[(n)]
60		#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
61		#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
62		#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
63
64		#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
65
66		static const unsigned char FSb[256] =
67		{
68		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
69		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
70		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
71		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
72		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
73		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
74		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
75		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
76		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
77		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
78		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
79		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
80		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
81		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
82		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
83		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
84		};
85
86		static const unsigned char FSb2[256] =
87		{
88		224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
89		70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
90		13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
91		77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
92		23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
93		191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
94		40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
95		253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
96		85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
97		32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
98		15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
99		164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
100		211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
101		240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
102		228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
103		128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
104		};
105
106		static const unsigned char FSb3[256] =
107		{
108		56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
109		145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
110		67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
111		83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
112		197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
113		239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
114		10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
115		127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
116		85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
117		8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
118		195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
119		41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
120		244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
121		60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
122		57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
123		32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
124		};
125
126		static const unsigned char FSb4[256] =
127		{
128		112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
129		134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
130		139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
131		20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
132		170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
133		135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
134		233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
135		114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
136		130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
137		184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
138		13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
139		88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
140		208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
141		92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
142		121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
143		7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
144		};
145
146	4.34k	#define SBOX1(n) FSb[(n)]
147	4.34k	#define SBOX2(n) FSb2[(n)]
148	4.34k	#define SBOX3(n) FSb3[(n)]
149	4.34k	#define SBOX4(n) FSb4[(n)]
150
151		#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
152
153		static const unsigned char shifts[2][4][4] =
154		{
155		{
156		{ 1, 1, 1, 1 }, /* KL */
157		{ 0, 0, 0, 0 }, /* KR */
158		{ 1, 1, 1, 1 }, /* KA */
159		{ 0, 0, 0, 0 } /* KB */
160		},
161		{
162		{ 1, 0, 1, 1 }, /* KL */
163		{ 1, 1, 0, 1 }, /* KR */
164		{ 1, 1, 1, 0 }, /* KA */
165		{ 1, 1, 0, 1 } /* KB */
166		}
167		};
168
169		static const signed char indexes[2][4][20] =
170		{
171		{
172		{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
173		36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
174		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
175		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
176		{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
177		18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
178		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
179		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
180		},
181		{
182		{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
183		-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
184		{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
185		18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
186		{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
187		56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
188		{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
189		22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
190		}
191		};
192
193		static const signed char transposes[2][20] =
194		{
195		{
196		21, 22, 23, 20,
197		-1, -1, -1, -1,
198		18, 19, 16, 17,
199		11, 8, 9, 10,
200		15, 12, 13, 14
201		},
202		{
203		25, 26, 27, 24,
204		29, 30, 31, 28,
205		18, 19, 16, 17,
206		-1, -1, -1, -1,
207		-1, -1, -1, -1
208		}
209		};
210
211		/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
212		#define ROTL(DEST, SRC, SHIFT) \
213	1.31k	{ \
214	1.31k	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
215	1.31k	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
216	1.31k	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
217	1.31k	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
218	1.31k	}
219
220		#define FL(XL, XR, KL, KR) \
221	201	{ \
222	201	(XR) = ((((XL) &(KL)) << 1) \| (((XL) &(KL)) >> 31)) ^ (XR); \
223	201	(XL) = ((XR) \| (KR)) ^ (XL); \
224	201	}
225
226		#define FLInv(YL, YR, KL, KR) \
227	201	{ \
228	201	(YL) = ((YR) \| (KR)) ^ (YL); \
229	201	(YR) = ((((YL) &(KL)) << 1) \| (((YL) &(KL)) >> 31)) ^ (YR); \
230	201	}
231
232		#define SHIFT_AND_PLACE(INDEX, OFFSET) \
233	350	{ \
234	350	TK[0] = KC[(OFFSET) * 4 + 0]; \
235	350	TK[1] = KC[(OFFSET) * 4 + 1]; \
236	350	TK[2] = KC[(OFFSET) * 4 + 2]; \
237	350	TK[3] = KC[(OFFSET) * 4 + 3]; \
238	350	\
239	1.75k	for (i = 1; i <= 4; i++) \
240	1.40k	if (shifts[(INDEX)][(OFFSET)][i -1]) \
241	1.40k	ROTL(TK + i * 4, TK, (15 * i) % 32); \
242	350	\
243	7.35k	for (i = 0; i < 20; i++) \
244	7.00k	if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
245	5.13k	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
246	5.13k	} \
247	350	}
248
249		static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
250		uint32_t z[2])
251	2.17k	{
252	2.17k	uint32_t I0, I1;
253	2.17k	I0 = x[0] ^ k[0];
254	2.17k	I1 = x[1] ^ k[1];
255
256	2.17k	I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) \|
257	2.17k	((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) \|
258	2.17k	((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) \|
259	2.17k	((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
260	2.17k	I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) \|
261	2.17k	((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) \|
262	2.17k	((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) \|
263	2.17k	((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
264
265	2.17k	I0 ^= (I1 << 8) \| (I1 >> 24);
266	2.17k	I1 ^= (I0 << 16) \| (I0 >> 16);
267	2.17k	I0 ^= (I1 >> 8) \| (I1 << 24);
268	2.17k	I1 ^= (I0 >> 8) \| (I0 << 24);
269
270	2.17k	z[0] ^= I1;
271	2.17k	z[1] ^= I0;
272	2.17k	}
273
274		void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
275	211	{
276	211	memset(ctx, 0, sizeof(mbedtls_camellia_context));
277	211	}
278
279		void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
280	211	{
281	211	if (ctx == NULL) {
282	0	return;
283	0	}
284
285	211	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
286	211	}
287
288		/*
289		* Camellia key schedule (encryption)
290		*/
291		int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
292		const unsigned char *key,
293		unsigned int keybits)
294	102	{
295	102	int idx;
296	102	size_t i;
297	102	uint32_t *RK;
298	102	unsigned char t[64];
299	102	uint32_t SIGMA[6][2];
300	102	uint32_t KC[16];
301	102	uint32_t TK[20];
302
303	102	RK = ctx->rk;
304
305	102	memset(t, 0, 64);
306	102	memset(RK, 0, sizeof(ctx->rk));
307
308	102	switch (keybits) {
309	29	case 128: ctx->nr = 3; idx = 0; break;
310	20	case 192:
311	73	case 256: ctx->nr = 4; idx = 1; break;
312	0	default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
313	102	}
314
315	2.74k	for (i = 0; i < keybits / 8; ++i) {
316	2.64k	t[i] = key[i];
317	2.64k	}
318
319	102	if (keybits == 192) {
320	180	for (i = 0; i < 8; i++) {
321	160	t[24 + i] = ~t[16 + i];
322	160	}
323	20	}
324
325		/*
326		* Prepare SIGMA values
327		*/
328	714	for (i = 0; i < 6; i++) {
329	612	SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
330	612	SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
331	612	}
332
333		/*
334		* Key storage in KC
335		* Order: KL, KR, KA, KB
336		*/
337	102	memset(KC, 0, sizeof(KC));
338
339		/* Store KL, KR */
340	918	for (i = 0; i < 8; i++) {
341	816	KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
342	816	}
343
344		/* Generate KA */
345	510	for (i = 0; i < 4; ++i) {
346	408	KC[8 + i] = KC[i] ^ KC[4 + i];
347	408	}
348
349	102	camellia_feistel(KC + 8, SIGMA[0], KC + 10);
350	102	camellia_feistel(KC + 10, SIGMA[1], KC + 8);
351
352	510	for (i = 0; i < 4; ++i) {
353	408	KC[8 + i] ^= KC[i];
354	408	}
355
356	102	camellia_feistel(KC + 8, SIGMA[2], KC + 10);
357	102	camellia_feistel(KC + 10, SIGMA[3], KC + 8);
358
359	102	if (keybits > 128) {
360		/* Generate KB */
361	365	for (i = 0; i < 4; ++i) {
362	292	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
363	292	}
364
365	73	camellia_feistel(KC + 12, SIGMA[4], KC + 14);
366	73	camellia_feistel(KC + 14, SIGMA[5], KC + 12);
367	73	}
368
369		/*
370		* Generating subkeys
371		*/
372
373		/* Manipulating KL */
374	102	SHIFT_AND_PLACE(idx, 0);
375
376		/* Manipulating KR */
377	102	if (keybits > 128) {
378	73	SHIFT_AND_PLACE(idx, 1);
379	73	}
380
381		/* Manipulating KA */
382	102	SHIFT_AND_PLACE(idx, 2);
383
384		/* Manipulating KB */
385	102	if (keybits > 128) {
386	73	SHIFT_AND_PLACE(idx, 3);
387	73	}
388
389		/* Do transpositions */
390	2.14k	for (i = 0; i < 20; i++) {
391	2.04k	if (transposes[idx][i] != -1) {
392	1.34k	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
393	1.34k	}
394	2.04k	}
395
396	102	return 0;
397	102	}
398
399		/*
400		* Camellia key schedule (decryption)
401		*/
402		#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
403		int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
404		const unsigned char *key,
405		unsigned int keybits)
406	47	{
407	47	int idx, ret;
408	47	size_t i;
409	47	mbedtls_camellia_context cty;
410	47	uint32_t *RK;
411	47	uint32_t *SK;
412
413	47	mbedtls_camellia_init(&cty);
414
415		/* Also checks keybits */
416	47	if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
417	0	goto exit;
418	0	}
419
420	47	ctx->nr = cty.nr;
421	47	idx = (ctx->nr == 4);
422
423	47	RK = ctx->rk;
424	47	SK = cty.rk + 24 * 2 + 8 * idx * 2;
425
426	47	RK++ = SK++;
427	47	RK++ = SK++;
428	47	RK++ = SK++;
429	47	RK++ = SK++;
430
431	1.44k	for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
432	1.40k	RK++ = SK++;
433	1.40k	RK++ = SK++;
434	1.40k	}
435
436	47	SK -= 2;
437
438	47	RK++ = SK++;
439	47	RK++ = SK++;
440	47	RK++ = SK++;
441	47	RK++ = SK++;
442
443	47	exit:
444	47	mbedtls_camellia_free(&cty);
445
446	47	return ret;
447	47	}
448		#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
449
450		/*
451		* Camellia-ECB block encryption/decryption
452		*/
453		int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
454		int mode,
455		const unsigned char input[16],
456		unsigned char output[16])
457	69	{
458	69	int NR;
459	69	uint32_t *RK, X[4];
460	69	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
461	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
462	0	}
463
464	69	((void) mode);
465
466	69	NR = ctx->nr;
467	69	RK = ctx->rk;
468
469	69	X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
470	69	X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
471	69	X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
472	69	X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
473
474	69	X[0] ^= *RK++;
475	69	X[1] ^= *RK++;
476	69	X[2] ^= *RK++;
477	69	X[3] ^= *RK++;
478
479	339	while (NR) {
480	270	--NR;
481	270	camellia_feistel(X, RK, X + 2);
482	270	RK += 2;
483	270	camellia_feistel(X + 2, RK, X);
484	270	RK += 2;
485	270	camellia_feistel(X, RK, X + 2);
486	270	RK += 2;
487	270	camellia_feistel(X + 2, RK, X);
488	270	RK += 2;
489	270	camellia_feistel(X, RK, X + 2);
490	270	RK += 2;
491	270	camellia_feistel(X + 2, RK, X);
492	270	RK += 2;
493
494	270	if (NR) {
495	201	FL(X[0], X[1], RK[0], RK[1]);
496	201	RK += 2;
497	201	FLInv(X[2], X[3], RK[0], RK[1]);
498	201	RK += 2;
499	201	}
500	270	}
501
502	69	X[2] ^= *RK++;
503	69	X[3] ^= *RK++;
504	69	X[0] ^= *RK++;
505	69	X[1] ^= *RK++;
506
507	69	MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
508	69	MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
509	69	MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
510	69	MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
511
512	69	return 0;
513	69	}
514
515		#if defined(MBEDTLS_CIPHER_MODE_CBC)
516		/*
517		* Camellia-CBC buffer encryption/decryption
518		*/
519		int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
520		int mode,
521		size_t length,
522		unsigned char iv[16],
523		const unsigned char *input,
524		unsigned char *output)
525	0	{
526	0	unsigned char temp[16];
527	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
528	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
529	0	}
530
531	0	if (length % 16) {
532	0	return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
533	0	}
534
535	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
536	0	while (length > 0) {
537	0	memcpy(temp, input, 16);
538	0	mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
539
540	0	mbedtls_xor(output, output, iv, 16);
541
542	0	memcpy(iv, temp, 16);
543
544	0	input += 16;
545	0	output += 16;
546	0	length -= 16;
547	0	}
548	0	} else {
549	0	while (length > 0) {
550	0	mbedtls_xor(output, input, iv, 16);
551
552	0	mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
553	0	memcpy(iv, output, 16);
554
555	0	input += 16;
556	0	output += 16;
557	0	length -= 16;
558	0	}
559	0	}
560
561	0	return 0;
562	0	}
563		#endif /* MBEDTLS_CIPHER_MODE_CBC */
564
565		#if defined(MBEDTLS_CIPHER_MODE_CFB)
566		/*
567		* Camellia-CFB128 buffer encryption/decryption
568		*/
569		int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
570		int mode,
571		size_t length,
572		size_t *iv_off,
573		unsigned char iv[16],
574		const unsigned char *input,
575		unsigned char *output)
576	0	{
577	0	int c;
578	0	size_t n;
579	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
580	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
581	0	}
582
583	0	n = *iv_off;
584	0	if (n >= 16) {
585	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
586	0	}
587
588	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
589	0	while (length--) {
590	0	if (n == 0) {
591	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
592	0	}
593
594	0	c = *input++;
595	0	*output++ = (unsigned char) (c ^ iv[n]);
596	0	iv[n] = (unsigned char) c;
597
598	0	n = (n + 1) & 0x0F;
599	0	}
600	0	} else {
601	0	while (length--) {
602	0	if (n == 0) {
603	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
604	0	}
605
606	0	iv[n] = output++ = (unsigned char) (iv[n] ^ input++);
607
608	0	n = (n + 1) & 0x0F;
609	0	}
610	0	}
611
612	0	*iv_off = n;
613
614	0	return 0;
615	0	}
616		#endif /* MBEDTLS_CIPHER_MODE_CFB */
617
618		#if defined(MBEDTLS_CIPHER_MODE_CTR)
619		/*
620		* Camellia-CTR buffer encryption/decryption
621		*/
622		int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
623		size_t length,
624		size_t *nc_off,
625		unsigned char nonce_counter[16],
626		unsigned char stream_block[16],
627		const unsigned char *input,
628		unsigned char *output)
629	3	{
630	3	int c, i;
631	3	size_t n;
632
633	3	n = *nc_off;
634	3	if (n >= 16) {
635	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
636	0	}
637
638	19	while (length--) {
639	16	if (n == 0) {
640	1	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
641	1	stream_block);
642
643	1	for (i = 16; i > 0; i--) {
644	1	if (++nonce_counter[i - 1] != 0) {
645	1	break;
646	1	}
647	1	}
648	1	}
649	16	c = *input++;
650	16	*output++ = (unsigned char) (c ^ stream_block[n]);
651
652	16	n = (n + 1) & 0x0F;
653	16	}
654
655	3	*nc_off = n;
656
657	3	return 0;
658	3	}
659		#endif /* MBEDTLS_CIPHER_MODE_CTR */
660		#endif /* !MBEDTLS_CAMELLIA_ALT */
661
662		#if defined(MBEDTLS_SELF_TEST)
663
664		/*
665		* Camellia test vectors from:
666		*
667		* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
668		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
669		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
670		* (For each bitlength: Key 0, Nr 39)
671		*/
672	0	#define CAMELLIA_TESTS_ECB 2
673
674		static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
675		{
676		{
677		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
678		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
679		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
680		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
681		},
682		{
683		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
684		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
685		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
686		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
687		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
688		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
689		},
690		{
691		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
692		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
693		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
694		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
695		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
696		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699		},
700		};
701
702		static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
703		{
704		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
705		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
706		{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
707		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
708		};
709
710		static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
711		{
712		{
713		{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
714		0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
715		{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
716		0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
717		},
718		{
719		{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
720		0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
721		{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
722		0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
723		},
724		{
725		{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
726		0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
727		{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
728		0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
729		}
730		};
731
732		#if defined(MBEDTLS_CIPHER_MODE_CBC)
733	0	#define CAMELLIA_TESTS_CBC 3
734
735		static const unsigned char camellia_test_cbc_key[3][32] =
736		{
737		{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
738		0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
739		,
740		{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
741		0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
742		0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
743		,
744		{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
745		0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
746		0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
747		0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
748		};
749
750		static const unsigned char camellia_test_cbc_iv[16] =
751
752		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
753		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
754		;
755
756		static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
757		{
758		{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
759		0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
760		{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
761		0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
762		{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
763		0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
764
765		};
766
767		static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
768		{
769		{
770		{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
771		0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
772		{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
773		0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
774		{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
775		0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
776		},
777		{
778		{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
779		0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
780		{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
781		0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
782		{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
783		0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
784		},
785		{
786		{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
787		0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
788		{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
789		0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
790		{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
791		0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
792		}
793		};
794		#endif /* MBEDTLS_CIPHER_MODE_CBC */
795
796		#if defined(MBEDTLS_CIPHER_MODE_CTR)
797		/*
798		* Camellia-CTR test vectors from:
799		*
800		* http://www.faqs.org/rfcs/rfc5528.html
801		*/
802
803		static const unsigned char camellia_test_ctr_key[3][16] =
804		{
805		{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
806		0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
807		{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
808		0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
809		{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
810		0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
811		};
812
813		static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
814		{
815		{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
816		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
817		{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
818		0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
819		{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
820		0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
821		};
822
823		static const unsigned char camellia_test_ctr_pt[3][48] =
824		{
825		{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
826		0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
827
828		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
829		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
830		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
831		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
832
833		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
837		0x20, 0x21, 0x22, 0x23 }
838		};
839
840		static const unsigned char camellia_test_ctr_ct[3][48] =
841		{
842		{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
843		0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
844		{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
845		0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
846		0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
847		0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
848		{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
849		0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
850		0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
851		0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
852		0xDF, 0x50, 0x86, 0x96 }
853		};
854
855		static const int camellia_test_ctr_len[3] =
856		{ 16, 32, 36 };
857		#endif /* MBEDTLS_CIPHER_MODE_CTR */
858
859		/*
860		* Checkup routine
861		*/
862		int mbedtls_camellia_self_test(int verbose)
863	0	{
864	0	int i, j, u, v;
865	0	unsigned char key[32];
866	0	unsigned char buf[64];
867	0	unsigned char src[16];
868	0	unsigned char dst[16];
869	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
870	0	unsigned char iv[16];
871	0	#endif
872	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
873	0	size_t offset, len;
874	0	unsigned char nonce_counter[16];
875	0	unsigned char stream_block[16];
876	0	#endif
877	0	int ret = 1;
878
879	0	mbedtls_camellia_context ctx;
880
881	0	mbedtls_camellia_init(&ctx);
882	0	memset(key, 0, 32);
883
884	0	for (j = 0; j < 6; j++) {
885	0	u = j >> 1;
886	0	v = j & 1;
887
888	0	if (verbose != 0) {
889	0	mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
890	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
891	0	}
892
893		#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
894		if (v == MBEDTLS_CAMELLIA_DECRYPT) {
895		if (verbose != 0) {
896		mbedtls_printf("skipped\n");
897		}
898		continue;
899		}
900		#endif
901
902	0	for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
903	0	memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
904
905	0	#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
906	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908	0	memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909	0	memcpy(dst, camellia_test_ecb_plain[i], 16);
910	0	} else
911	0	#endif
912	0	{ /* MBEDTLS_CAMELLIA_ENCRYPT */
913	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
914	0	memcpy(src, camellia_test_ecb_plain[i], 16);
915	0	memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
916	0	}
917
918	0	mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
919
920	0	if (memcmp(buf, dst, 16) != 0) {
921	0	if (verbose != 0) {
922	0	mbedtls_printf("failed\n");
923	0	}
924	0	goto exit;
925	0	}
926	0	}
927
928	0	if (verbose != 0) {
929	0	mbedtls_printf("passed\n");
930	0	}
931	0	}
932
933	0	if (verbose != 0) {
934	0	mbedtls_printf("\n");
935	0	}
936
937	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
938		/*
939		* CBC mode
940		*/
941	0	for (j = 0; j < 6; j++) {
942	0	u = j >> 1;
943	0	v = j & 1;
944
945	0	if (verbose != 0) {
946	0	mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
947	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
948	0	}
949
950	0	memcpy(src, camellia_test_cbc_iv, 16);
951	0	memcpy(dst, camellia_test_cbc_iv, 16);
952	0	memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
953
954	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
955	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
956	0	} else {
957	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
958	0	}
959
960	0	for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
961
962	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
963	0	memcpy(iv, src, 16);
964	0	memcpy(src, camellia_test_cbc_cipher[u][i], 16);
965	0	memcpy(dst, camellia_test_cbc_plain[i], 16);
966	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
967	0	memcpy(iv, dst, 16);
968	0	memcpy(src, camellia_test_cbc_plain[i], 16);
969	0	memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
970	0	}
971
972	0	mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
973
974	0	if (memcmp(buf, dst, 16) != 0) {
975	0	if (verbose != 0) {
976	0	mbedtls_printf("failed\n");
977	0	}
978	0	goto exit;
979	0	}
980	0	}
981
982	0	if (verbose != 0) {
983	0	mbedtls_printf("passed\n");
984	0	}
985	0	}
986	0	#endif /* MBEDTLS_CIPHER_MODE_CBC */
987
988	0	if (verbose != 0) {
989	0	mbedtls_printf("\n");
990	0	}
991
992	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
993		/*
994		* CTR mode
995		*/
996	0	for (i = 0; i < 6; i++) {
997	0	u = i >> 1;
998	0	v = i & 1;
999
1000	0	if (verbose != 0) {
1001	0	mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1002	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1003	0	}
1004
1005	0	memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1006	0	memcpy(key, camellia_test_ctr_key[u], 16);
1007
1008	0	offset = 0;
1009	0	mbedtls_camellia_setkey_enc(&ctx, key, 128);
1010
1011	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1012	0	len = camellia_test_ctr_len[u];
1013	0	memcpy(buf, camellia_test_ctr_ct[u], len);
1014
1015	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1016	0	buf, buf);
1017
1018	0	if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1019	0	if (verbose != 0) {
1020	0	mbedtls_printf("failed\n");
1021	0	}
1022	0	goto exit;
1023	0	}
1024	0	} else {
1025	0	len = camellia_test_ctr_len[u];
1026	0	memcpy(buf, camellia_test_ctr_pt[u], len);
1027
1028	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1029	0	buf, buf);
1030
1031	0	if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1032	0	if (verbose != 0) {
1033	0	mbedtls_printf("failed\n");
1034	0	}
1035	0	goto exit;
1036	0	}
1037	0	}
1038
1039	0	if (verbose != 0) {
1040	0	mbedtls_printf("passed\n");
1041	0	}
1042	0	}
1043
1044	0	if (verbose != 0) {
1045	0	mbedtls_printf("\n");
1046	0	}
1047	0	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1048
1049	0	ret = 0;
1050
1051	0	exit:
1052	0	mbedtls_camellia_free(&ctx);
1053	0	return ret;
1054	0	}
1055
1056		#endif /* MBEDTLS_SELF_TEST */
1057
1058		#endif /* MBEDTLS_CAMELLIA_C */

Coverage Report

Created: 2024-11-21 07:03