PolarSSL v1.2.10
camellia.c
Go to the documentation of this file.
1 /*
2  * Camellia implementation
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27  * Corporation.
28  *
29  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
30  */
31 
32 #include "polarssl/config.h"
33 
34 #if defined(POLARSSL_CAMELLIA_C)
35 
36 #include "polarssl/camellia.h"
37 
38 #if !defined(POLARSSL_CAMELLIA_ALT)
39 
40 /*
41  * 32-bit integer manipulation macros (big endian)
42  */
43 #ifndef GET_UINT32_BE
44 #define GET_UINT32_BE(n,b,i) \
45 { \
46  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49  | ( (uint32_t) (b)[(i) + 3] ); \
50 }
51 #endif
52 
53 #ifndef PUT_UINT32_BE
54 #define PUT_UINT32_BE(n,b,i) \
55 { \
56  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59  (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 }
61 #endif
62 
63 static const unsigned char SIGMA_CHARS[6][8] =
64 {
65  { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
66  { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
67  { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
68  { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
69  { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
70  { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
71 };
72 
73 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
74 
75 static const unsigned char FSb[256] =
76 {
77  112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
78  35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
79  134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
80  166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
81  139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
82  223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
83  20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
84  254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
85  170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
86  16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
87  135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
88  82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
89  233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
90  120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
91  114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
92  64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
93 };
94 
95 #define SBOX1(n) FSb[(n)]
96 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
97 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
98 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
99 
100 #else
101 
102 static const unsigned char FSb[256] =
103 {
104  112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
105  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
106  134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
107  166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
108  139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
109  223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
110  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
111  254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
112  170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
113  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
114  135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
115  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
116  233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
117  120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
118  114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
119  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
120 };
121 
122 static const unsigned char FSb2[256] =
123 {
124  224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
125  70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
126  13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
127  77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
128  23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
129  191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
130  40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
131  253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
132  85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
133  32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
134  15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
135  164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
136  211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
137  240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
138  228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
139  128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
140 };
141 
142 static const unsigned char FSb3[256] =
143 {
144  56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
145  145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
146  67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
147  83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
148  197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
149  239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
150  10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
151  127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
152  85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
153  8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
154  195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
155  41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
156  244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
157  60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
158  57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
159  32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
160 };
161 
162 static const unsigned char FSb4[256] =
163 {
164  112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
165  134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
166  139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
167  20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
168  170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
169  135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
170  233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
171  114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
172  130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
173  184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
174  13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
175  88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
176  208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
177  92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
178  121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
179  7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
180 };
181 
182 #define SBOX1(n) FSb[(n)]
183 #define SBOX2(n) FSb2[(n)]
184 #define SBOX3(n) FSb3[(n)]
185 #define SBOX4(n) FSb4[(n)]
186 
187 #endif
188 
189 static const unsigned char shifts[2][4][4] =
190 {
191  {
192  { 1, 1, 1, 1 }, /* KL */
193  { 0, 0, 0, 0 }, /* KR */
194  { 1, 1, 1, 1 }, /* KA */
195  { 0, 0, 0, 0 } /* KB */
196  },
197  {
198  { 1, 0, 1, 1 }, /* KL */
199  { 1, 1, 0, 1 }, /* KR */
200  { 1, 1, 1, 0 }, /* KA */
201  { 1, 1, 0, 1 } /* KB */
202  }
203 };
204 
205 static const signed char indexes[2][4][20] =
206 {
207  {
208  { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
209  36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
210  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
211  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
212  { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
213  18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
214  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
215  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
216  },
217  {
218  { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
219  -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
220  { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
221  18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
222  { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
223  56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
224  { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
225  22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
226  }
227 };
228 
229 static const signed char transposes[2][20] =
230 {
231  {
232  21, 22, 23, 20,
233  -1, -1, -1, -1,
234  18, 19, 16, 17,
235  11, 8, 9, 10,
236  15, 12, 13, 14
237  },
238  {
239  25, 26, 27, 24,
240  29, 30, 31, 28,
241  18, 19, 16, 17,
242  -1, -1, -1, -1,
243  -1, -1, -1, -1
244  }
245 };
246 
247 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
248 #define ROTL(DEST, SRC, SHIFT) \
249 { \
250  (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
251  (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
252  (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
253  (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
254 }
255 
256 #define FL(XL, XR, KL, KR) \
257 { \
258  (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
259  (XL) = ((XR) | (KR)) ^ (XL); \
260 }
261 
262 #define FLInv(YL, YR, KL, KR) \
263 { \
264  (YL) = ((YR) | (KR)) ^ (YL); \
265  (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
266 }
267 
268 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
269 { \
270  TK[0] = KC[(OFFSET) * 4 + 0]; \
271  TK[1] = KC[(OFFSET) * 4 + 1]; \
272  TK[2] = KC[(OFFSET) * 4 + 2]; \
273  TK[3] = KC[(OFFSET) * 4 + 3]; \
274  \
275  for ( i = 1; i <= 4; i++ ) \
276  if (shifts[(INDEX)][(OFFSET)][i -1]) \
277  ROTL(TK + i * 4, TK, (15 * i) % 32); \
278  \
279  for ( i = 0; i < 20; i++ ) \
280  if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
281  RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
282  } \
283 }
284 
285 static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2])
286 {
287  uint32_t I0, I1;
288  I0 = x[0] ^ k[0];
289  I1 = x[1] ^ k[1];
290 
291  I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
292  (SBOX2((I0 >> 16) & 0xFF) << 16) |
293  (SBOX3((I0 >> 8) & 0xFF) << 8) |
294  (SBOX4((I0 ) & 0xFF) );
295  I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
296  (SBOX3((I1 >> 16) & 0xFF) << 16) |
297  (SBOX4((I1 >> 8) & 0xFF) << 8) |
298  (SBOX1((I1 ) & 0xFF) );
299 
300  I0 ^= (I1 << 8) | (I1 >> 24);
301  I1 ^= (I0 << 16) | (I0 >> 16);
302  I0 ^= (I1 >> 8) | (I1 << 24);
303  I1 ^= (I0 >> 8) | (I0 << 24);
304 
305  z[0] ^= I1;
306  z[1] ^= I0;
307 }
308 
309 /*
310  * Camellia key schedule (encryption)
311  */
312 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
313 {
314  int idx;
315  size_t i;
316  uint32_t *RK;
317  unsigned char t[64];
318  uint32_t SIGMA[6][2];
319  uint32_t KC[16];
320  uint32_t TK[20];
321 
322  RK = ctx->rk;
323 
324  memset(t, 0, 64);
325  memset(RK, 0, sizeof(ctx->rk));
326 
327  switch( keysize )
328  {
329  case 128: ctx->nr = 3; idx = 0; break;
330  case 192:
331  case 256: ctx->nr = 4; idx = 1; break;
332  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
333  }
334 
335  for( i = 0; i < keysize / 8; ++i)
336  t[i] = key[i];
337 
338  if (keysize == 192) {
339  for (i = 0; i < 8; i++)
340  t[24 + i] = ~t[16 + i];
341  }
342 
343  /*
344  * Prepare SIGMA values
345  */
346  for (i = 0; i < 6; i++) {
347  GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
348  GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
349  }
350 
351  /*
352  * Key storage in KC
353  * Order: KL, KR, KA, KB
354  */
355  memset(KC, 0, sizeof(KC));
356 
357  /* Store KL, KR */
358  for (i = 0; i < 8; i++)
359  GET_UINT32_BE(KC[i], t, i * 4);
360 
361  /* Generate KA */
362  for( i = 0; i < 4; ++i)
363  KC[8 + i] = KC[i] ^ KC[4 + i];
364 
365  camellia_feistel(KC + 8, SIGMA[0], KC + 10);
366  camellia_feistel(KC + 10, SIGMA[1], KC + 8);
367 
368  for( i = 0; i < 4; ++i)
369  KC[8 + i] ^= KC[i];
370 
371  camellia_feistel(KC + 8, SIGMA[2], KC + 10);
372  camellia_feistel(KC + 10, SIGMA[3], KC + 8);
373 
374  if (keysize > 128) {
375  /* Generate KB */
376  for( i = 0; i < 4; ++i)
377  KC[12 + i] = KC[4 + i] ^ KC[8 + i];
378 
379  camellia_feistel(KC + 12, SIGMA[4], KC + 14);
380  camellia_feistel(KC + 14, SIGMA[5], KC + 12);
381  }
382 
383  /*
384  * Generating subkeys
385  */
386 
387  /* Manipulating KL */
388  SHIFT_AND_PLACE(idx, 0);
389 
390  /* Manipulating KR */
391  if (keysize > 128) {
392  SHIFT_AND_PLACE(idx, 1);
393  }
394 
395  /* Manipulating KA */
396  SHIFT_AND_PLACE(idx, 2);
397 
398  /* Manipulating KB */
399  if (keysize > 128) {
400  SHIFT_AND_PLACE(idx, 3);
401  }
402 
403  /* Do transpositions */
404  for ( i = 0; i < 20; i++ ) {
405  if (transposes[idx][i] != -1) {
406  RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
407  }
408  }
409 
410  return( 0 );
411 }
412 
413 /*
414  * Camellia key schedule (decryption)
415  */
416 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
417 {
418  int idx;
419  size_t i;
420  camellia_context cty;
421  uint32_t *RK;
422  uint32_t *SK;
423  int ret;
424 
425  switch( keysize )
426  {
427  case 128: ctx->nr = 3; idx = 0; break;
428  case 192:
429  case 256: ctx->nr = 4; idx = 1; break;
430  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
431  }
432 
433  RK = ctx->rk;
434 
435  ret = camellia_setkey_enc(&cty, key, keysize);
436  if( ret != 0 )
437  return( ret );
438 
439  SK = cty.rk + 24 * 2 + 8 * idx * 2;
440 
441  *RK++ = *SK++;
442  *RK++ = *SK++;
443  *RK++ = *SK++;
444  *RK++ = *SK++;
445 
446  for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
447  {
448  *RK++ = *SK++;
449  *RK++ = *SK++;
450  }
451 
452  SK -= 2;
453 
454  *RK++ = *SK++;
455  *RK++ = *SK++;
456  *RK++ = *SK++;
457  *RK++ = *SK++;
458 
459  memset( &cty, 0, sizeof( camellia_context ) );
460 
461  return( 0 );
462 }
463 
464 /*
465  * Camellia-ECB block encryption/decryption
466  */
468  int mode,
469  const unsigned char input[16],
470  unsigned char output[16] )
471 {
472  int NR;
473  uint32_t *RK, X[4];
474 
475  ( (void) mode );
476 
477  NR = ctx->nr;
478  RK = ctx->rk;
479 
480  GET_UINT32_BE( X[0], input, 0 );
481  GET_UINT32_BE( X[1], input, 4 );
482  GET_UINT32_BE( X[2], input, 8 );
483  GET_UINT32_BE( X[3], input, 12 );
484 
485  X[0] ^= *RK++;
486  X[1] ^= *RK++;
487  X[2] ^= *RK++;
488  X[3] ^= *RK++;
489 
490  while (NR) {
491  --NR;
492  camellia_feistel(X, RK, X + 2);
493  RK += 2;
494  camellia_feistel(X + 2, RK, X);
495  RK += 2;
496  camellia_feistel(X, RK, X + 2);
497  RK += 2;
498  camellia_feistel(X + 2, RK, X);
499  RK += 2;
500  camellia_feistel(X, RK, X + 2);
501  RK += 2;
502  camellia_feistel(X + 2, RK, X);
503  RK += 2;
504 
505  if (NR) {
506  FL(X[0], X[1], RK[0], RK[1]);
507  RK += 2;
508  FLInv(X[2], X[3], RK[0], RK[1]);
509  RK += 2;
510  }
511  }
512 
513  X[2] ^= *RK++;
514  X[3] ^= *RK++;
515  X[0] ^= *RK++;
516  X[1] ^= *RK++;
517 
518  PUT_UINT32_BE( X[2], output, 0 );
519  PUT_UINT32_BE( X[3], output, 4 );
520  PUT_UINT32_BE( X[0], output, 8 );
521  PUT_UINT32_BE( X[1], output, 12 );
522 
523  return( 0 );
524 }
525 
526 /*
527  * Camellia-CBC buffer encryption/decryption
528  */
530  int mode,
531  size_t length,
532  unsigned char iv[16],
533  const unsigned char *input,
534  unsigned char *output )
535 {
536  int i;
537  unsigned char temp[16];
538 
539  if( length % 16 )
541 
542  if( mode == CAMELLIA_DECRYPT )
543  {
544  while( length > 0 )
545  {
546  memcpy( temp, input, 16 );
547  camellia_crypt_ecb( ctx, mode, input, output );
548 
549  for( i = 0; i < 16; i++ )
550  output[i] = (unsigned char)( output[i] ^ iv[i] );
551 
552  memcpy( iv, temp, 16 );
553 
554  input += 16;
555  output += 16;
556  length -= 16;
557  }
558  }
559  else
560  {
561  while( length > 0 )
562  {
563  for( i = 0; i < 16; i++ )
564  output[i] = (unsigned char)( input[i] ^ iv[i] );
565 
566  camellia_crypt_ecb( ctx, mode, output, output );
567  memcpy( iv, output, 16 );
568 
569  input += 16;
570  output += 16;
571  length -= 16;
572  }
573  }
574 
575  return( 0 );
576 }
577 
578 #if defined(POLARSSL_CIPHER_MODE_CFB)
579 /*
580  * Camellia-CFB128 buffer encryption/decryption
581  */
583  int mode,
584  size_t length,
585  size_t *iv_off,
586  unsigned char iv[16],
587  const unsigned char *input,
588  unsigned char *output )
589 {
590  int c;
591  size_t n = *iv_off;
592 
593  if( mode == CAMELLIA_DECRYPT )
594  {
595  while( length-- )
596  {
597  if( n == 0 )
598  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
599 
600  c = *input++;
601  *output++ = (unsigned char)( c ^ iv[n] );
602  iv[n] = (unsigned char) c;
603 
604  n = (n + 1) & 0x0F;
605  }
606  }
607  else
608  {
609  while( length-- )
610  {
611  if( n == 0 )
612  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
613 
614  iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
615 
616  n = (n + 1) & 0x0F;
617  }
618  }
619 
620  *iv_off = n;
621 
622  return( 0 );
623 }
624 #endif /* POLARSSL_CIPHER_MODE_CFB */
625 
626 #if defined(POLARSSL_CIPHER_MODE_CTR)
627 /*
628  * Camellia-CTR buffer encryption/decryption
629  */
631  size_t length,
632  size_t *nc_off,
633  unsigned char nonce_counter[16],
634  unsigned char stream_block[16],
635  const unsigned char *input,
636  unsigned char *output )
637 {
638  int c, i;
639  size_t n = *nc_off;
640 
641  while( length-- )
642  {
643  if( n == 0 ) {
644  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, stream_block );
645 
646  for( i = 16; i > 0; i-- )
647  if( ++nonce_counter[i - 1] != 0 )
648  break;
649  }
650  c = *input++;
651  *output++ = (unsigned char)( c ^ stream_block[n] );
652 
653  n = (n + 1) & 0x0F;
654  }
655 
656  *nc_off = n;
657 
658  return( 0 );
659 }
660 #endif /* POLARSSL_CIPHER_MODE_CTR */
661 #endif /* !POLARSSL_CAMELLIA_ALT */
662 
663 #if defined(POLARSSL_SELF_TEST)
664 
665 #include <stdio.h>
666 
667 /*
668  * Camellia test vectors from:
669  *
670  * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
671  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
672  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
673  * (For each bitlength: Key 0, Nr 39)
674  */
675 #define CAMELLIA_TESTS_ECB 2
676 
677 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
678 {
679  {
680  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
681  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
682  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
683  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
684  },
685  {
686  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
687  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
688  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
689  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
690  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
691  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
692  },
693  {
694  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
695  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
696  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
697  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
698  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
699  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
700  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
701  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
702  },
703 };
704 
705 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
706 {
707  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
708  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
709  { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
710  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
711 };
712 
713 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
714 {
715  {
716  { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
717  0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
718  { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
719  0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
720  },
721  {
722  { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
723  0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
724  { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
725  0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
726  },
727  {
728  { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
729  0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
730  { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
731  0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
732  }
733 };
734 
735 #define CAMELLIA_TESTS_CBC 3
736 
737 static const unsigned char camellia_test_cbc_key[3][32] =
738 {
739  { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
740  0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
741  ,
742  { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
743  0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
744  0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
745  ,
746  { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
747  0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
748  0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
749  0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
750 };
751 
752 static const unsigned char camellia_test_cbc_iv[16] =
753 
754  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
755  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
756 ;
757 
758 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
759 {
760  { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
761  0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
762  { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
763  0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
764  { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
765  0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
766 
767 };
768 
769 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
770 {
771  {
772  { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
773  0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
774  { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
775  0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
776  { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
777  0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
778  },
779  {
780  { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
781  0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
782  { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
783  0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
784  { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
785  0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
786  },
787  {
788  { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
789  0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
790  { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
791  0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
792  { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
793  0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
794  }
795 };
796 
797 #if defined(POLARSSL_CIPHER_MODE_CTR)
798 /*
799  * Camellia-CTR test vectors from:
800  *
801  * http://www.faqs.org/rfcs/rfc5528.html
802  */
803 
804 static const unsigned char camellia_test_ctr_key[3][16] =
805 {
806  { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
807  0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
808  { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
809  0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
810  { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
811  0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
812 };
813 
814 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
815 {
816  { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
817  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
818  { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
819  0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
820  { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
821  0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
822 };
823 
824 static const unsigned char camellia_test_ctr_pt[3][48] =
825 {
826  { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
827  0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
828 
829  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
830  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
831  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
832  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
833 
834  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
835  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
836  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
837  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
838  0x20, 0x21, 0x22, 0x23 }
839 };
840 
841 static const unsigned char camellia_test_ctr_ct[3][48] =
842 {
843  { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
844  0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
845  { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
846  0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
847  0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
848  0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
849  { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
850  0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
851  0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
852  0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
853  0xDF, 0x50, 0x86, 0x96 }
854 };
855 
856 static const int camellia_test_ctr_len[3] =
857  { 16, 32, 36 };
858 #endif /* POLARSSL_CIPHER_MODE_CTR */
859 
860 /*
861  * Checkup routine
862  */
863 int camellia_self_test( int verbose )
864 {
865  int i, j, u, v;
866  unsigned char key[32];
867  unsigned char buf[64];
868  unsigned char src[16];
869  unsigned char dst[16];
870  unsigned char iv[16];
871 #if defined(POLARSSL_CIPHER_MODE_CTR)
872  size_t offset, len;
873  unsigned char nonce_counter[16];
874  unsigned char stream_block[16];
875 #endif
876 
877  camellia_context ctx;
878 
879  memset( key, 0, 32 );
880 
881  for (j = 0; j < 6; j++) {
882  u = j >> 1;
883  v = j & 1;
884 
885  if( verbose != 0 )
886  printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
887  (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
888 
889  for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
890  memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
891 
892  if (v == CAMELLIA_DECRYPT) {
893  camellia_setkey_dec(&ctx, key, 128 + u * 64);
894  memcpy(src, camellia_test_ecb_cipher[u][i], 16);
895  memcpy(dst, camellia_test_ecb_plain[i], 16);
896  } else { /* CAMELLIA_ENCRYPT */
897  camellia_setkey_enc(&ctx, key, 128 + u * 64);
898  memcpy(src, camellia_test_ecb_plain[i], 16);
899  memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
900  }
901 
902  camellia_crypt_ecb(&ctx, v, src, buf);
903 
904  if( memcmp( buf, dst, 16 ) != 0 )
905  {
906  if( verbose != 0 )
907  printf( "failed\n" );
908 
909  return( 1 );
910  }
911  }
912 
913  if( verbose != 0 )
914  printf( "passed\n" );
915  }
916 
917  if( verbose != 0 )
918  printf( "\n" );
919 
920  /*
921  * CBC mode
922  */
923  for( j = 0; j < 6; j++ )
924  {
925  u = j >> 1;
926  v = j & 1;
927 
928  if( verbose != 0 )
929  printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
930  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
931 
932  memcpy( src, camellia_test_cbc_iv, 16);
933  memcpy( dst, camellia_test_cbc_iv, 16);
934  memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
935 
936  if (v == CAMELLIA_DECRYPT) {
937  camellia_setkey_dec(&ctx, key, 128 + u * 64);
938  } else {
939  camellia_setkey_enc(&ctx, key, 128 + u * 64);
940  }
941 
942  for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
943 
944  if (v == CAMELLIA_DECRYPT) {
945  memcpy( iv , src, 16 );
946  memcpy(src, camellia_test_cbc_cipher[u][i], 16);
947  memcpy(dst, camellia_test_cbc_plain[i], 16);
948  } else { /* CAMELLIA_ENCRYPT */
949  memcpy( iv , dst, 16 );
950  memcpy(src, camellia_test_cbc_plain[i], 16);
951  memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
952  }
953 
954  camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
955 
956  if( memcmp( buf, dst, 16 ) != 0 )
957  {
958  if( verbose != 0 )
959  printf( "failed\n" );
960 
961  return( 1 );
962  }
963  }
964 
965  if( verbose != 0 )
966  printf( "passed\n" );
967  }
968 
969  if( verbose != 0 )
970  printf( "\n" );
971 
972 #if defined(POLARSSL_CIPHER_MODE_CTR)
973  /*
974  * CTR mode
975  */
976  for( i = 0; i < 6; i++ )
977  {
978  u = i >> 1;
979  v = i & 1;
980 
981  if( verbose != 0 )
982  printf( " CAMELLIA-CTR-128 (%s): ",
983  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
984 
985  memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
986  memcpy( key, camellia_test_ctr_key[u], 16 );
987 
988  offset = 0;
989  camellia_setkey_enc( &ctx, key, 128 );
990 
991  if( v == CAMELLIA_DECRYPT )
992  {
993  len = camellia_test_ctr_len[u];
994  memcpy( buf, camellia_test_ctr_ct[u], len );
995 
996  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
997 
998  if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
999  {
1000  if( verbose != 0 )
1001  printf( "failed\n" );
1002 
1003  return( 1 );
1004  }
1005  }
1006  else
1007  {
1008  len = camellia_test_ctr_len[u];
1009  memcpy( buf, camellia_test_ctr_pt[u], len );
1010 
1011  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
1012 
1013  if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1014  {
1015  if( verbose != 0 )
1016  printf( "failed\n" );
1017 
1018  return( 1 );
1019  }
1020  }
1021 
1022  if( verbose != 0 )
1023  printf( "passed\n" );
1024  }
1025 
1026  if( verbose != 0 )
1027  printf( "\n" );
1028 #endif /* POLARSSL_CIPHER_MODE_CTR */
1029 
1030  return ( 0 );
1031 }
1032 
1033 #endif
1034 
1035 #endif
uint32_t rk[68]
Definition: camellia.h:57
asn1_buf buf
Buffer containing the given ASN.1 item.
Definition: asn1.h:132
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
Camellia block cipher.
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Definition: camellia.h:45
CAMELLIA context structure.
Definition: camellia.h:54
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define CAMELLIA_DECRYPT
Definition: camellia.h:42
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.
Definition: camellia.h:44
#define CAMELLIA_ENCRYPT
Definition: camellia.h:41