/src/mbedtls/library/camellia.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Camellia implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6		*/
7		/*
8		* The Camellia block cipher was designed by NTT and Mitsubishi Electric
9		* Corporation.
10		*
11		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
12		*/
13
14		#include "common.h"
15
16		#if defined(MBEDTLS_CAMELLIA_C)
17
18		#include "mbedtls/camellia.h"
19		#include "mbedtls/platform_util.h"
20
21		#include <string.h>
22
23		#include "mbedtls/platform.h"
24
25		#if !defined(MBEDTLS_CAMELLIA_ALT)
26
27		static const unsigned char SIGMA_CHARS[6][8] =
28		{
29		{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
30		{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
31		{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
32		{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
33		{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
34		{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
35		};
36
37		#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
38
39		static const unsigned char FSb[256] =
40		{
41		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
42		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
43		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
44		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
45		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
46		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
47		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
48		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
49		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
50		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
51		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
52		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
53		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
54		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
55		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
56		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
57		};
58
59	0	#define SBOX1(n) FSb[(n)]
60	0	#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
61	0	#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
62	0	#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
63
64		#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
65
66		static const unsigned char FSb[256] =
67		{
68		112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
69		35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
70		134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
71		166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
72		139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
73		223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
74		20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
75		254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
76		170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
77		16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
78		135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
79		82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
80		233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
81		120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
82		114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
83		64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
84		};
85
86		static const unsigned char FSb2[256] =
87		{
88		224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
89		70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
90		13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
91		77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
92		23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
93		191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
94		40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
95		253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
96		85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
97		32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
98		15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
99		164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
100		211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
101		240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
102		228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
103		128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
104		};
105
106		static const unsigned char FSb3[256] =
107		{
108		56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
109		145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
110		67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
111		83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
112		197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
113		239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
114		10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
115		127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
116		85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
117		8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
118		195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
119		41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
120		244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
121		60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
122		57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
123		32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
124		};
125
126		static const unsigned char FSb4[256] =
127		{
128		112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
129		134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
130		139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
131		20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
132		170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
133		135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
134		233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
135		114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
136		130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
137		184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
138		13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
139		88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
140		208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
141		92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
142		121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
143		7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
144		};
145
146		#define SBOX1(n) FSb[(n)]
147		#define SBOX2(n) FSb2[(n)]
148		#define SBOX3(n) FSb3[(n)]
149		#define SBOX4(n) FSb4[(n)]
150
151		#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
152
153		static const unsigned char shifts[2][4][4] =
154		{
155		{
156		{ 1, 1, 1, 1 }, /* KL */
157		{ 0, 0, 0, 0 }, /* KR */
158		{ 1, 1, 1, 1 }, /* KA */
159		{ 0, 0, 0, 0 } /* KB */
160		},
161		{
162		{ 1, 0, 1, 1 }, /* KL */
163		{ 1, 1, 0, 1 }, /* KR */
164		{ 1, 1, 1, 0 }, /* KA */
165		{ 1, 1, 0, 1 } /* KB */
166		}
167		};
168
169		static const signed char indexes[2][4][20] =
170		{
171		{
172		{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
173		36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
174		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
175		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
176		{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
177		18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
178		{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
179		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
180		},
181		{
182		{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
183		-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
184		{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
185		18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
186		{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
187		56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
188		{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
189		22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
190		}
191		};
192
193		static const signed char transposes[2][20] =
194		{
195		{
196		21, 22, 23, 20,
197		-1, -1, -1, -1,
198		18, 19, 16, 17,
199		11, 8, 9, 10,
200		15, 12, 13, 14
201		},
202		{
203		25, 26, 27, 24,
204		29, 30, 31, 28,
205		18, 19, 16, 17,
206		-1, -1, -1, -1,
207		-1, -1, -1, -1
208		}
209		};
210
211		/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
212		#define ROTL(DEST, SRC, SHIFT) \
213	0	{ \
214	0	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
215	0	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
216	0	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
217	0	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
218	0	}
219
220		#define FL(XL, XR, KL, KR) \
221	0	{ \
222	0	(XR) = ((((XL) &(KL)) << 1) \| (((XL) &(KL)) >> 31)) ^ (XR); \
223	0	(XL) = ((XR) \| (KR)) ^ (XL); \
224	0	}
225
226		#define FLInv(YL, YR, KL, KR) \
227	0	{ \
228	0	(YL) = ((YR) \| (KR)) ^ (YL); \
229	0	(YR) = ((((YL) &(KL)) << 1) \| (((YL) &(KL)) >> 31)) ^ (YR); \
230	0	}
231
232		#define SHIFT_AND_PLACE(INDEX, OFFSET) \
233	0	{ \
234	0	TK[0] = KC[(OFFSET) * 4 + 0]; \
235	0	TK[1] = KC[(OFFSET) * 4 + 1]; \
236	0	TK[2] = KC[(OFFSET) * 4 + 2]; \
237	0	TK[3] = KC[(OFFSET) * 4 + 3]; \
238	0	\
239	0	for (i = 1; i <= 4; i++) \
240	0	if (shifts[(INDEX)][(OFFSET)][i -1]) \
241	0	ROTL(TK + i * 4, TK, (15 * i) % 32); \
242	0	\
243	0	for (i = 0; i < 20; i++) \
244	0	if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
245	0	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
246	0	} \
247	0	}
248
249		static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
250		uint32_t z[2])
251	0	{
252	0	uint32_t I0, I1;
253	0	I0 = x[0] ^ k[0];
254	0	I1 = x[1] ^ k[1];
255
256	0	I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) \|
257	0	((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) \|
258	0	((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) \|
259	0	((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
260	0	I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) \|
261	0	((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) \|
262	0	((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) \|
263	0	((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
264
265	0	I0 ^= (I1 << 8) \| (I1 >> 24);
266	0	I1 ^= (I0 << 16) \| (I0 >> 16);
267	0	I0 ^= (I1 >> 8) \| (I1 << 24);
268	0	I1 ^= (I0 >> 8) \| (I0 << 24);
269
270	0	z[0] ^= I1;
271	0	z[1] ^= I0;
272	0	}
273
274		void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
275	0	{
276	0	memset(ctx, 0, sizeof(mbedtls_camellia_context));
277	0	}
278
279		void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
280	0	{
281	0	if (ctx == NULL) {
282	0	return;
283	0	}
284
285	0	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
286	0	}
287
288		/*
289		* Camellia key schedule (encryption)
290		*/
291		int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
292		const unsigned char *key,
293		unsigned int keybits)
294	0	{
295	0	int idx;
296	0	size_t i;
297	0	uint32_t *RK;
298	0	unsigned char t[64];
299	0	uint32_t SIGMA[6][2];
300	0	uint32_t KC[16];
301	0	uint32_t TK[20];
302
303	0	RK = ctx->rk;
304
305	0	memset(t, 0, 64);
306	0	memset(RK, 0, sizeof(ctx->rk));
307
308	0	switch (keybits) {
309	0	case 128: ctx->nr = 3; idx = 0; break;
310	0	case 192:
311	0	case 256: ctx->nr = 4; idx = 1; break;
312	0	default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
313	0	}
314
315	0	for (i = 0; i < keybits / 8; ++i) {
316	0	t[i] = key[i];
317	0	}
318
319	0	if (keybits == 192) {
320	0	for (i = 0; i < 8; i++) {
321	0	t[24 + i] = ~t[16 + i];
322	0	}
323	0	}
324
325		/*
326		* Prepare SIGMA values
327		*/
328	0	for (i = 0; i < 6; i++) {
329	0	SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
330	0	SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
331	0	}
332
333		/*
334		* Key storage in KC
335		* Order: KL, KR, KA, KB
336		*/
337	0	memset(KC, 0, sizeof(KC));
338
339		/* Store KL, KR */
340	0	for (i = 0; i < 8; i++) {
341	0	KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
342	0	}
343
344		/* Generate KA */
345	0	for (i = 0; i < 4; ++i) {
346	0	KC[8 + i] = KC[i] ^ KC[4 + i];
347	0	}
348
349	0	camellia_feistel(KC + 8, SIGMA[0], KC + 10);
350	0	camellia_feistel(KC + 10, SIGMA[1], KC + 8);
351
352	0	for (i = 0; i < 4; ++i) {
353	0	KC[8 + i] ^= KC[i];
354	0	}
355
356	0	camellia_feistel(KC + 8, SIGMA[2], KC + 10);
357	0	camellia_feistel(KC + 10, SIGMA[3], KC + 8);
358
359	0	if (keybits > 128) {
360		/* Generate KB */
361	0	for (i = 0; i < 4; ++i) {
362	0	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
363	0	}
364
365	0	camellia_feistel(KC + 12, SIGMA[4], KC + 14);
366	0	camellia_feistel(KC + 14, SIGMA[5], KC + 12);
367	0	}
368
369		/*
370		* Generating subkeys
371		*/
372
373		/* Manipulating KL */
374	0	SHIFT_AND_PLACE(idx, 0);
375
376		/* Manipulating KR */
377	0	if (keybits > 128) {
378	0	SHIFT_AND_PLACE(idx, 1);
379	0	}
380
381		/* Manipulating KA */
382	0	SHIFT_AND_PLACE(idx, 2);
383
384		/* Manipulating KB */
385	0	if (keybits > 128) {
386	0	SHIFT_AND_PLACE(idx, 3);
387	0	}
388
389		/* Do transpositions */
390	0	for (i = 0; i < 20; i++) {
391	0	if (transposes[idx][i] != -1) {
392	0	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
393	0	}
394	0	}
395
396	0	return 0;
397	0	}
398
399		/*
400		* Camellia key schedule (decryption)
401		*/
402		#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
403		int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
404		const unsigned char *key,
405		unsigned int keybits)
406	0	{
407	0	int idx, ret;
408	0	size_t i;
409	0	mbedtls_camellia_context cty;
410	0	uint32_t *RK;
411	0	uint32_t *SK;
412
413	0	mbedtls_camellia_init(&cty);
414
415		/* Also checks keybits */
416	0	if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
417	0	goto exit;
418	0	}
419
420	0	ctx->nr = cty.nr;
421	0	idx = (ctx->nr == 4);
422
423	0	RK = ctx->rk;
424	0	SK = cty.rk + 24 * 2 + 8 * idx * 2;
425
426	0	RK++ = SK++;
427	0	RK++ = SK++;
428	0	RK++ = SK++;
429	0	RK++ = SK++;
430
431	0	for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
432	0	RK++ = SK++;
433	0	RK++ = SK++;
434	0	}
435
436	0	SK -= 2;
437
438	0	RK++ = SK++;
439	0	RK++ = SK++;
440	0	RK++ = SK++;
441	0	RK++ = SK++;
442
443	0	exit:
444	0	mbedtls_camellia_free(&cty);
445
446	0	return ret;
447	0	}
448		#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
449
450		/*
451		* Camellia-ECB block encryption/decryption
452		*/
453		int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
454		int mode,
455		const unsigned char input[16],
456		unsigned char output[16])
457	0	{
458	0	int NR;
459	0	uint32_t *RK, X[4];
460	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
461	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
462	0	}
463
464	0	((void) mode);
465
466	0	NR = ctx->nr;
467	0	RK = ctx->rk;
468
469	0	X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
470	0	X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
471	0	X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
472	0	X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
473
474	0	X[0] ^= *RK++;
475	0	X[1] ^= *RK++;
476	0	X[2] ^= *RK++;
477	0	X[3] ^= *RK++;
478
479	0	while (NR) {
480	0	--NR;
481	0	camellia_feistel(X, RK, X + 2);
482	0	RK += 2;
483	0	camellia_feistel(X + 2, RK, X);
484	0	RK += 2;
485	0	camellia_feistel(X, RK, X + 2);
486	0	RK += 2;
487	0	camellia_feistel(X + 2, RK, X);
488	0	RK += 2;
489	0	camellia_feistel(X, RK, X + 2);
490	0	RK += 2;
491	0	camellia_feistel(X + 2, RK, X);
492	0	RK += 2;
493
494	0	if (NR) {
495	0	FL(X[0], X[1], RK[0], RK[1]);
496	0	RK += 2;
497	0	FLInv(X[2], X[3], RK[0], RK[1]);
498	0	RK += 2;
499	0	}
500	0	}
501
502	0	X[2] ^= *RK++;
503	0	X[3] ^= *RK++;
504	0	X[0] ^= *RK++;
505	0	X[1] ^= *RK++;
506
507	0	MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
508	0	MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
509	0	MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
510	0	MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
511
512	0	return 0;
513	0	}
514
515		#if defined(MBEDTLS_CIPHER_MODE_CBC)
516		/*
517		* Camellia-CBC buffer encryption/decryption
518		*/
519		int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
520		int mode,
521		size_t length,
522		unsigned char iv[16],
523		const unsigned char *input,
524		unsigned char *output)
525	0	{
526	0	unsigned char temp[16];
527	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
528	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
529	0	}
530
531	0	if (length % 16) {
532	0	return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
533	0	}
534
535	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
536	0	while (length > 0) {
537	0	memcpy(temp, input, 16);
538	0	mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
539
540	0	mbedtls_xor(output, output, iv, 16);
541
542	0	memcpy(iv, temp, 16);
543
544	0	input += 16;
545	0	output += 16;
546	0	length -= 16;
547	0	}
548	0	} else {
549	0	while (length > 0) {
550	0	mbedtls_xor(output, input, iv, 16);
551
552	0	mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
553	0	memcpy(iv, output, 16);
554
555	0	input += 16;
556	0	output += 16;
557	0	length -= 16;
558	0	}
559	0	}
560
561	0	return 0;
562	0	}
563		#endif /* MBEDTLS_CIPHER_MODE_CBC */
564
565		#if defined(MBEDTLS_CIPHER_MODE_CFB)
566		/*
567		* Camellia-CFB128 buffer encryption/decryption
568		*/
569		int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
570		int mode,
571		size_t length,
572		size_t *iv_off,
573		unsigned char iv[16],
574		const unsigned char *input,
575		unsigned char *output)
576	0	{
577	0	int c;
578	0	size_t n;
579	0	if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
580	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
581	0	}
582
583	0	n = *iv_off;
584	0	if (n >= 16) {
585	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
586	0	}
587
588	0	if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
589	0	while (length--) {
590	0	if (n == 0) {
591	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
592	0	}
593
594	0	c = *input++;
595	0	*output++ = (unsigned char) (c ^ iv[n]);
596	0	iv[n] = (unsigned char) c;
597
598	0	n = (n + 1) & 0x0F;
599	0	}
600	0	} else {
601	0	while (length--) {
602	0	if (n == 0) {
603	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
604	0	}
605
606	0	iv[n] = output++ = (unsigned char) (iv[n] ^ input++);
607
608	0	n = (n + 1) & 0x0F;
609	0	}
610	0	}
611
612	0	*iv_off = n;
613
614	0	return 0;
615	0	}
616		#endif /* MBEDTLS_CIPHER_MODE_CFB */
617
618		#if defined(MBEDTLS_CIPHER_MODE_CTR)
619		/*
620		* Camellia-CTR buffer encryption/decryption
621		*/
622		int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
623		size_t length,
624		size_t *nc_off,
625		unsigned char nonce_counter[16],
626		unsigned char stream_block[16],
627		const unsigned char *input,
628		unsigned char *output)
629	0	{
630	0	int c, i;
631	0	size_t n;
632
633	0	n = *nc_off;
634	0	if (n >= 16) {
635	0	return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
636	0	}
637
638	0	while (length--) {
639	0	if (n == 0) {
640	0	mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
641	0	stream_block);
642
643	0	for (i = 16; i > 0; i--) {
644	0	if (++nonce_counter[i - 1] != 0) {
645	0	break;
646	0	}
647	0	}
648	0	}
649	0	c = *input++;
650	0	*output++ = (unsigned char) (c ^ stream_block[n]);
651
652	0	n = (n + 1) & 0x0F;
653	0	}
654
655	0	*nc_off = n;
656
657	0	return 0;
658	0	}
659		#endif /* MBEDTLS_CIPHER_MODE_CTR */
660		#endif /* !MBEDTLS_CAMELLIA_ALT */
661
662		#if defined(MBEDTLS_SELF_TEST)
663
664		/*
665		* Camellia test vectors from:
666		*
667		* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
668		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
669		* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
670		* (For each bitlength: Key 0, Nr 39)
671		*/
672	0	#define CAMELLIA_TESTS_ECB 2
673
674		static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
675		{
676		{
677		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
678		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
679		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
680		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
681		},
682		{
683		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
684		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
685		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
686		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
687		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
688		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
689		},
690		{
691		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
692		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
693		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
694		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
695		{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
696		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699		},
700		};
701
702		static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
703		{
704		{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
705		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
706		{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
707		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
708		};
709
710		static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
711		{
712		{
713		{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
714		0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
715		{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
716		0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
717		},
718		{
719		{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
720		0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
721		{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
722		0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
723		},
724		{
725		{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
726		0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
727		{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
728		0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
729		}
730		};
731
732		#if defined(MBEDTLS_CIPHER_MODE_CBC)
733	0	#define CAMELLIA_TESTS_CBC 3
734
735		static const unsigned char camellia_test_cbc_key[3][32] =
736		{
737		{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
738		0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
739		,
740		{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
741		0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
742		0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
743		,
744		{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
745		0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
746		0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
747		0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
748		};
749
750		static const unsigned char camellia_test_cbc_iv[16] =
751
752		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
753		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
754		;
755
756		static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
757		{
758		{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
759		0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
760		{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
761		0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
762		{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
763		0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
764
765		};
766
767		static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
768		{
769		{
770		{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
771		0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
772		{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
773		0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
774		{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
775		0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
776		},
777		{
778		{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
779		0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
780		{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
781		0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
782		{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
783		0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
784		},
785		{
786		{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
787		0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
788		{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
789		0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
790		{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
791		0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
792		}
793		};
794		#endif /* MBEDTLS_CIPHER_MODE_CBC */
795
796		#if defined(MBEDTLS_CIPHER_MODE_CTR)
797		/*
798		* Camellia-CTR test vectors from:
799		*
800		* http://www.faqs.org/rfcs/rfc5528.html
801		*/
802
803		static const unsigned char camellia_test_ctr_key[3][16] =
804		{
805		{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
806		0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
807		{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
808		0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
809		{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
810		0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
811		};
812
813		static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
814		{
815		{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
816		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
817		{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
818		0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
819		{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
820		0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
821		};
822
823		static const unsigned char camellia_test_ctr_pt[3][48] =
824		{
825		{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
826		0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
827
828		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
829		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
830		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
831		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
832
833		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834		0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836		0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
837		0x20, 0x21, 0x22, 0x23 }
838		};
839
840		static const unsigned char camellia_test_ctr_ct[3][48] =
841		{
842		{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
843		0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
844		{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
845		0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
846		0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
847		0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
848		{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
849		0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
850		0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
851		0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
852		0xDF, 0x50, 0x86, 0x96 }
853		};
854
855		static const int camellia_test_ctr_len[3] =
856		{ 16, 32, 36 };
857		#endif /* MBEDTLS_CIPHER_MODE_CTR */
858
859		/*
860		* Checkup routine
861		*/
862		int mbedtls_camellia_self_test(int verbose)
863	0	{
864	0	int i, j, u, v;
865	0	unsigned char key[32];
866	0	unsigned char buf[64];
867	0	unsigned char src[16];
868	0	unsigned char dst[16];
869	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
870	0	unsigned char iv[16];
871	0	#endif
872	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
873	0	size_t offset, len;
874	0	unsigned char nonce_counter[16];
875	0	unsigned char stream_block[16];
876	0	#endif
877	0	int ret = 1;
878
879	0	mbedtls_camellia_context ctx;
880
881	0	mbedtls_camellia_init(&ctx);
882	0	memset(key, 0, 32);
883
884	0	for (j = 0; j < 6; j++) {
885	0	u = j >> 1;
886	0	v = j & 1;
887
888	0	if (verbose != 0) {
889	0	mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
890	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
891	0	}
892
893		#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
894		if (v == MBEDTLS_CAMELLIA_DECRYPT) {
895		if (verbose != 0) {
896		mbedtls_printf("skipped\n");
897		}
898		continue;
899		}
900		#endif
901
902	0	for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
903	0	memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
904
905	0	#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
906	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908	0	memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909	0	memcpy(dst, camellia_test_ecb_plain[i], 16);
910	0	} else
911	0	#endif
912	0	{ /* MBEDTLS_CAMELLIA_ENCRYPT */
913	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
914	0	memcpy(src, camellia_test_ecb_plain[i], 16);
915	0	memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
916	0	}
917
918	0	mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
919
920	0	if (memcmp(buf, dst, 16) != 0) {
921	0	if (verbose != 0) {
922	0	mbedtls_printf("failed\n");
923	0	}
924	0	goto exit;
925	0	}
926	0	}
927
928	0	if (verbose != 0) {
929	0	mbedtls_printf("passed\n");
930	0	}
931	0	}
932
933	0	if (verbose != 0) {
934	0	mbedtls_printf("\n");
935	0	}
936
937	0	#if defined(MBEDTLS_CIPHER_MODE_CBC)
938		/*
939		* CBC mode
940		*/
941	0	for (j = 0; j < 6; j++) {
942	0	u = j >> 1;
943	0	v = j & 1;
944
945	0	if (verbose != 0) {
946	0	mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
947	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
948	0	}
949
950	0	memcpy(src, camellia_test_cbc_iv, 16);
951	0	memcpy(dst, camellia_test_cbc_iv, 16);
952	0	memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
953
954	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
955	0	mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
956	0	} else {
957	0	mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
958	0	}
959
960	0	for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
961
962	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
963	0	memcpy(iv, src, 16);
964	0	memcpy(src, camellia_test_cbc_cipher[u][i], 16);
965	0	memcpy(dst, camellia_test_cbc_plain[i], 16);
966	0	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
967	0	memcpy(iv, dst, 16);
968	0	memcpy(src, camellia_test_cbc_plain[i], 16);
969	0	memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
970	0	}
971
972	0	mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
973
974	0	if (memcmp(buf, dst, 16) != 0) {
975	0	if (verbose != 0) {
976	0	mbedtls_printf("failed\n");
977	0	}
978	0	goto exit;
979	0	}
980	0	}
981
982	0	if (verbose != 0) {
983	0	mbedtls_printf("passed\n");
984	0	}
985	0	}
986	0	#endif /* MBEDTLS_CIPHER_MODE_CBC */
987
988	0	if (verbose != 0) {
989	0	mbedtls_printf("\n");
990	0	}
991
992	0	#if defined(MBEDTLS_CIPHER_MODE_CTR)
993		/*
994		* CTR mode
995		*/
996	0	for (i = 0; i < 6; i++) {
997	0	u = i >> 1;
998	0	v = i & 1;
999
1000	0	if (verbose != 0) {
1001	0	mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1002	0	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1003	0	}
1004
1005	0	memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1006	0	memcpy(key, camellia_test_ctr_key[u], 16);
1007
1008	0	offset = 0;
1009	0	mbedtls_camellia_setkey_enc(&ctx, key, 128);
1010
1011	0	if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1012	0	len = camellia_test_ctr_len[u];
1013	0	memcpy(buf, camellia_test_ctr_ct[u], len);
1014
1015	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1016	0	buf, buf);
1017
1018	0	if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1019	0	if (verbose != 0) {
1020	0	mbedtls_printf("failed\n");
1021	0	}
1022	0	goto exit;
1023	0	}
1024	0	} else {
1025	0	len = camellia_test_ctr_len[u];
1026	0	memcpy(buf, camellia_test_ctr_pt[u], len);
1027
1028	0	mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1029	0	buf, buf);
1030
1031	0	if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1032	0	if (verbose != 0) {
1033	0	mbedtls_printf("failed\n");
1034	0	}
1035	0	goto exit;
1036	0	}
1037	0	}
1038
1039	0	if (verbose != 0) {
1040	0	mbedtls_printf("passed\n");
1041	0	}
1042	0	}
1043
1044	0	if (verbose != 0) {
1045	0	mbedtls_printf("\n");
1046	0	}
1047	0	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1048
1049	0	ret = 0;
1050
1051	0	exit:
1052	0	mbedtls_camellia_free(&ctx);
1053	0	return ret;
1054	0	}
1055
1056		#endif /* MBEDTLS_SELF_TEST */
1057
1058		#endif /* MBEDTLS_CAMELLIA_C */

Coverage Report

Created: 2025-03-01 06:26