32 #if !defined(POLARSSL_CONFIG_FILE)
35 #include POLARSSL_CONFIG_FILE
38 #if defined(POLARSSL_CAMELLIA_C)
42 #if defined(POLARSSL_PLATFORM_C)
45 #define polarssl_printf printf
48 #if !defined(POLARSSL_CAMELLIA_ALT)
54 #define GET_UINT32_BE(n,b,i) \
56 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
57 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
58 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
59 | ( (uint32_t) (b)[(i) + 3] ); \
64 #define PUT_UINT32_BE(n,b,i) \
66 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
67 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
68 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
69 (b)[(i) + 3] = (unsigned char) ( (n) ); \
73 static const unsigned char SIGMA_CHARS[6][8] =
75 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
76 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
77 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
78 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
79 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
80 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
83 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
85 static const unsigned char FSb[256] =
87 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
88 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
89 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
90 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
91 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
92 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
93 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
94 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
95 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
96 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
97 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
98 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
99 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
100 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
101 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
102 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
105 #define SBOX1(n) FSb[(n)]
106 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
107 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
108 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
112 static const unsigned char FSb[256] =
114 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
115 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
116 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
117 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
118 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
119 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
120 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
121 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
122 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
123 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
124 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
125 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
126 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
127 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
128 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
129 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
132 static const unsigned char FSb2[256] =
134 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
135 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
136 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
137 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
138 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
139 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
140 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
141 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
142 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
143 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
144 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
145 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
146 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
147 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
148 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
149 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
152 static const unsigned char FSb3[256] =
154 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
155 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
156 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
157 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
158 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
159 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
160 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
161 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
162 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
163 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
164 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
165 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
166 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
167 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
168 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
169 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
172 static const unsigned char FSb4[256] =
174 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
175 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
176 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
177 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
178 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
179 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
180 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
181 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
182 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
183 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
184 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
185 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
186 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
187 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
188 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
189 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
192 #define SBOX1(n) FSb[(n)]
193 #define SBOX2(n) FSb2[(n)]
194 #define SBOX3(n) FSb3[(n)]
195 #define SBOX4(n) FSb4[(n)]
199 static const unsigned char shifts[2][4][4] =
215 static const signed char indexes[2][4][20] =
218 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
219 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 },
220 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
221 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
222 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
223 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 },
224 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
225 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }
228 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
229 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 },
230 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
231 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 },
232 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
233 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 },
234 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
235 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }
239 static const signed char transposes[2][20] =
258 #define ROTL(DEST, SRC, SHIFT) \
260 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
261 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
262 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
263 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
266 #define FL(XL, XR, KL, KR) \
268 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
269 (XL) = ((XR) | (KR)) ^ (XL); \
272 #define FLInv(YL, YR, KL, KR) \
274 (YL) = ((YR) | (KR)) ^ (YL); \
275 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
278 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
280 TK[0] = KC[(OFFSET) * 4 + 0]; \
281 TK[1] = KC[(OFFSET) * 4 + 1]; \
282 TK[2] = KC[(OFFSET) * 4 + 2]; \
283 TK[3] = KC[(OFFSET) * 4 + 3]; \
285 for ( i = 1; i <= 4; i++ ) \
286 if (shifts[(INDEX)][(OFFSET)][i -1]) \
287 ROTL(TK + i * 4, TK, (15 * i) % 32); \
289 for ( i = 0; i < 20; i++ ) \
290 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
291 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
295 static void camellia_feistel(
const uint32_t x[2],
const uint32_t k[2],
302 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
303 (SBOX2((I0 >> 16) & 0xFF) << 16) |
304 (SBOX3((I0 >> 8) & 0xFF) << 8) |
305 (SBOX4((I0 ) & 0xFF) );
306 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
307 (SBOX3((I1 >> 16) & 0xFF) << 16) |
308 (SBOX4((I1 >> 8) & 0xFF) << 8) |
309 (SBOX1((I1 ) & 0xFF) );
311 I0 ^= (I1 << 8) | (I1 >> 24);
312 I1 ^= (I0 << 16) | (I0 >> 16);
313 I0 ^= (I1 >> 8) | (I1 << 24);
314 I1 ^= (I0 >> 8) | (I0 << 24);
324 unsigned int keysize )
330 uint32_t SIGMA[6][2];
337 memset(RK, 0,
sizeof(ctx->
rk));
341 case 128: ctx->
nr = 3; idx = 0;
break;
343 case 256: ctx->
nr = 4; idx = 1;
break;
347 for( i = 0; i < keysize / 8; ++i)
350 if (keysize == 192) {
351 for (i = 0; i < 8; i++)
352 t[24 + i] = ~t[16 + i];
358 for (i = 0; i < 6; i++) {
359 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
360 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
367 memset(KC, 0,
sizeof(KC));
370 for (i = 0; i < 8; i++)
371 GET_UINT32_BE(KC[i], t, i * 4);
374 for( i = 0; i < 4; ++i)
375 KC[8 + i] = KC[i] ^ KC[4 + i];
377 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
378 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
380 for( i = 0; i < 4; ++i)
383 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
384 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
388 for( i = 0; i < 4; ++i)
389 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
391 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
392 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
400 SHIFT_AND_PLACE(idx, 0);
404 SHIFT_AND_PLACE(idx, 1);
408 SHIFT_AND_PLACE(idx, 2);
412 SHIFT_AND_PLACE(idx, 3);
416 for ( i = 0; i < 20; i++ ) {
417 if (transposes[idx][i] != -1) {
418 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
429 unsigned int keysize )
440 case 128: ctx->
nr = 3; idx = 0;
break;
442 case 256: ctx->
nr = 4; idx = 1;
break;
452 SK = cty.
rk + 24 * 2 + 8 * idx * 2;
459 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
482 const unsigned char input[16],
483 unsigned char output[16] )
493 GET_UINT32_BE( X[0], input, 0 );
494 GET_UINT32_BE( X[1], input, 4 );
495 GET_UINT32_BE( X[2], input, 8 );
496 GET_UINT32_BE( X[3], input, 12 );
505 camellia_feistel(X, RK, X + 2);
507 camellia_feistel(X + 2, RK, X);
509 camellia_feistel(X, RK, X + 2);
511 camellia_feistel(X + 2, RK, X);
513 camellia_feistel(X, RK, X + 2);
515 camellia_feistel(X + 2, RK, X);
519 FL(X[0], X[1], RK[0], RK[1]);
521 FLInv(X[2], X[3], RK[0], RK[1]);
531 PUT_UINT32_BE( X[2], output, 0 );
532 PUT_UINT32_BE( X[3], output, 4 );
533 PUT_UINT32_BE( X[0], output, 8 );
534 PUT_UINT32_BE( X[1], output, 12 );
539 #if defined(POLARSSL_CIPHER_MODE_CBC)
546 unsigned char iv[16],
547 const unsigned char *input,
548 unsigned char *output )
551 unsigned char temp[16];
560 memcpy( temp, input, 16 );
563 for( i = 0; i < 16; i++ )
564 output[i] = (
unsigned char)( output[i] ^ iv[i] );
566 memcpy( iv, temp, 16 );
577 for( i = 0; i < 16; i++ )
578 output[i] = (
unsigned char)( input[i] ^ iv[i] );
581 memcpy( iv, output, 16 );
593 #if defined(POLARSSL_CIPHER_MODE_CFB)
601 unsigned char iv[16],
602 const unsigned char *input,
603 unsigned char *output )
616 *output++ = (
unsigned char)( c ^ iv[n] );
617 iv[n] = (
unsigned char) c;
629 iv[n] = *output++ = (
unsigned char)( iv[n] ^ *input++ );
641 #if defined(POLARSSL_CIPHER_MODE_CTR)
648 unsigned char nonce_counter[16],
649 unsigned char stream_block[16],
650 const unsigned char *input,
651 unsigned char *output )
662 for( i = 16; i > 0; i-- )
663 if( ++nonce_counter[i - 1] != 0 )
667 *output++ = (
unsigned char)( c ^ stream_block[n] );
679 #if defined(POLARSSL_SELF_TEST)
691 #define CAMELLIA_TESTS_ECB 2
693 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
696 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
697 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
698 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
699 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
702 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
703 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
704 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
705 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
710 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
711 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
712 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
713 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
714 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
715 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
716 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
721 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
723 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
724 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
725 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
729 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
732 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
733 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
734 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
735 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
738 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
739 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
740 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
741 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
744 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
745 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
746 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
747 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
751 #if defined(POLARSSL_CIPHER_MODE_CBC)
752 #define CAMELLIA_TESTS_CBC 3
754 static const unsigned char camellia_test_cbc_key[3][32] =
756 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
757 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
759 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
760 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
761 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
763 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
764 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
765 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
766 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
769 static const unsigned char camellia_test_cbc_iv[16] =
771 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
772 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
775 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
777 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
778 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
779 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
780 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
781 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
782 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
786 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
789 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
790 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
791 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
792 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
793 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
794 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
797 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
798 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
799 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
800 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
801 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
802 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
805 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
806 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
807 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
808 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
809 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
810 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
815 #if defined(POLARSSL_CIPHER_MODE_CTR)
822 static const unsigned char camellia_test_ctr_key[3][16] =
824 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
825 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
826 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
827 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
828 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
829 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
832 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
834 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
835 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
836 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
837 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
838 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
839 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
842 static const unsigned char camellia_test_ctr_pt[3][48] =
844 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
845 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
847 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
848 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
849 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
850 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
852 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
853 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
854 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
855 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
856 0x20, 0x21, 0x22, 0x23 }
859 static const unsigned char camellia_test_ctr_ct[3][48] =
861 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
862 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
863 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
864 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
865 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
866 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
867 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
868 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
869 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
870 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
871 0xDF, 0x50, 0x86, 0x96 }
874 static const int camellia_test_ctr_len[3] =
884 unsigned char key[32];
885 unsigned char buf[64];
886 unsigned char src[16];
887 unsigned char dst[16];
888 #if defined(POLARSSL_CIPHER_MODE_CBC)
889 unsigned char iv[16];
891 #if defined(POLARSSL_CIPHER_MODE_CTR)
893 unsigned char nonce_counter[16];
894 unsigned char stream_block[16];
899 memset( key, 0, 32 );
901 for (j = 0; j < 6; j++) {
909 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
910 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
914 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
915 memcpy(dst, camellia_test_ecb_plain[i], 16);
918 memcpy(src, camellia_test_ecb_plain[i], 16);
919 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
924 if( memcmp( buf, dst, 16 ) != 0 )
940 #if defined(POLARSSL_CIPHER_MODE_CBC)
944 for( j = 0; j < 6; j++ )
953 memcpy( src, camellia_test_cbc_iv, 16);
954 memcpy( dst, camellia_test_cbc_iv, 16);
955 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
963 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
966 memcpy( iv , src, 16 );
967 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
968 memcpy(dst, camellia_test_cbc_plain[i], 16);
970 memcpy( iv , dst, 16 );
971 memcpy(src, camellia_test_cbc_plain[i], 16);
972 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
977 if( memcmp( buf, dst, 16 ) != 0 )
994 #if defined(POLARSSL_CIPHER_MODE_CTR)
998 for( i = 0; i < 6; i++ )
1007 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1008 memcpy( key, camellia_test_ctr_key[u], 16 );
1015 len = camellia_test_ctr_len[u];
1016 memcpy( buf, camellia_test_ctr_ct[u], len );
1021 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1031 len = camellia_test_ctr_len[u];
1032 memcpy( buf, camellia_test_ctr_pt[u], len );
1037 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
CAMELLIA context structure.
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.