PolarSSL v1.3.7
camellia.c
Go to the documentation of this file.
1 /*
2  * Camellia implementation
3  *
4  * Copyright (C) 2006-2014, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27  * Corporation.
28  *
29  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
30  */
31 
32 #if !defined(POLARSSL_CONFIG_FILE)
33 #include "polarssl/config.h"
34 #else
35 #include POLARSSL_CONFIG_FILE
36 #endif
37 
38 #if defined(POLARSSL_CAMELLIA_C)
39 
40 #include "polarssl/camellia.h"
41 
42 #if defined(POLARSSL_PLATFORM_C)
43 #include "polarssl/platform.h"
44 #else
45 #define polarssl_printf printf
46 #endif
47 
48 #if !defined(POLARSSL_CAMELLIA_ALT)
49 
50 /*
51  * 32-bit integer manipulation macros (big endian)
52  */
53 #ifndef GET_UINT32_BE
54 #define GET_UINT32_BE(n,b,i) \
55 { \
56  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
57  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
58  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
59  | ( (uint32_t) (b)[(i) + 3] ); \
60 }
61 #endif
62 
63 #ifndef PUT_UINT32_BE
64 #define PUT_UINT32_BE(n,b,i) \
65 { \
66  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
67  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
68  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
69  (b)[(i) + 3] = (unsigned char) ( (n) ); \
70 }
71 #endif
72 
73 static const unsigned char SIGMA_CHARS[6][8] =
74 {
75  { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
76  { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
77  { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
78  { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
79  { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
80  { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
81 };
82 
83 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
84 
85 static const unsigned char FSb[256] =
86 {
87  112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
88  35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
89  134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
90  166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
91  139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
92  223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
93  20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
94  254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
95  170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
96  16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
97  135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
98  82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
99  233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
100  120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
101  114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
102  64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
103 };
104 
105 #define SBOX1(n) FSb[(n)]
106 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
107 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
108 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
109 
110 #else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
111 
112 static const unsigned char FSb[256] =
113 {
114  112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
115  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
116  134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
117  166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
118  139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
119  223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
120  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
121  254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
122  170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
123  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
124  135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
125  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
126  233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
127  120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
128  114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
129  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
130 };
131 
132 static const unsigned char FSb2[256] =
133 {
134  224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
135  70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
136  13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
137  77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
138  23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
139  191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
140  40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
141  253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
142  85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
143  32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
144  15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
145  164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
146  211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
147  240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
148  228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
149  128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
150 };
151 
152 static const unsigned char FSb3[256] =
153 {
154  56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
155  145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
156  67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
157  83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
158  197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
159  239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
160  10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
161  127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
162  85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
163  8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
164  195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
165  41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
166  244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
167  60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
168  57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
169  32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
170 };
171 
172 static const unsigned char FSb4[256] =
173 {
174  112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
175  134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
176  139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
177  20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
178  170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
179  135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
180  233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
181  114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
182  130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
183  184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
184  13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
185  88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
186  208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
187  92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
188  121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
189  7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
190 };
191 
192 #define SBOX1(n) FSb[(n)]
193 #define SBOX2(n) FSb2[(n)]
194 #define SBOX3(n) FSb3[(n)]
195 #define SBOX4(n) FSb4[(n)]
196 
197 #endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
198 
199 static const unsigned char shifts[2][4][4] =
200 {
201  {
202  { 1, 1, 1, 1 }, /* KL */
203  { 0, 0, 0, 0 }, /* KR */
204  { 1, 1, 1, 1 }, /* KA */
205  { 0, 0, 0, 0 } /* KB */
206  },
207  {
208  { 1, 0, 1, 1 }, /* KL */
209  { 1, 1, 0, 1 }, /* KR */
210  { 1, 1, 1, 0 }, /* KA */
211  { 1, 1, 0, 1 } /* KB */
212  }
213 };
214 
215 static const signed char indexes[2][4][20] =
216 {
217  {
218  { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
219  36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
220  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
221  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
222  { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
223  18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
224  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
225  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
226  },
227  {
228  { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
229  -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
230  { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
231  18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
232  { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
233  56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
234  { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
235  22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
236  }
237 };
238 
239 static const signed char transposes[2][20] =
240 {
241  {
242  21, 22, 23, 20,
243  -1, -1, -1, -1,
244  18, 19, 16, 17,
245  11, 8, 9, 10,
246  15, 12, 13, 14
247  },
248  {
249  25, 26, 27, 24,
250  29, 30, 31, 28,
251  18, 19, 16, 17,
252  -1, -1, -1, -1,
253  -1, -1, -1, -1
254  }
255 };
256 
257 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
258 #define ROTL(DEST, SRC, SHIFT) \
259 { \
260  (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
261  (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
262  (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
263  (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
264 }
265 
266 #define FL(XL, XR, KL, KR) \
267 { \
268  (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
269  (XL) = ((XR) | (KR)) ^ (XL); \
270 }
271 
272 #define FLInv(YL, YR, KL, KR) \
273 { \
274  (YL) = ((YR) | (KR)) ^ (YL); \
275  (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
276 }
277 
278 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
279 { \
280  TK[0] = KC[(OFFSET) * 4 + 0]; \
281  TK[1] = KC[(OFFSET) * 4 + 1]; \
282  TK[2] = KC[(OFFSET) * 4 + 2]; \
283  TK[3] = KC[(OFFSET) * 4 + 3]; \
284  \
285  for ( i = 1; i <= 4; i++ ) \
286  if (shifts[(INDEX)][(OFFSET)][i -1]) \
287  ROTL(TK + i * 4, TK, (15 * i) % 32); \
288  \
289  for ( i = 0; i < 20; i++ ) \
290  if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
291  RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
292  } \
293 }
294 
295 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
296  uint32_t z[2])
297 {
298  uint32_t I0, I1;
299  I0 = x[0] ^ k[0];
300  I1 = x[1] ^ k[1];
301 
302  I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
303  (SBOX2((I0 >> 16) & 0xFF) << 16) |
304  (SBOX3((I0 >> 8) & 0xFF) << 8) |
305  (SBOX4((I0 ) & 0xFF) );
306  I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
307  (SBOX3((I1 >> 16) & 0xFF) << 16) |
308  (SBOX4((I1 >> 8) & 0xFF) << 8) |
309  (SBOX1((I1 ) & 0xFF) );
310 
311  I0 ^= (I1 << 8) | (I1 >> 24);
312  I1 ^= (I0 << 16) | (I0 >> 16);
313  I0 ^= (I1 >> 8) | (I1 << 24);
314  I1 ^= (I0 >> 8) | (I0 << 24);
315 
316  z[0] ^= I1;
317  z[1] ^= I0;
318 }
319 
320 /*
321  * Camellia key schedule (encryption)
322  */
323 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
324  unsigned int keysize )
325 {
326  int idx;
327  size_t i;
328  uint32_t *RK;
329  unsigned char t[64];
330  uint32_t SIGMA[6][2];
331  uint32_t KC[16];
332  uint32_t TK[20];
333 
334  RK = ctx->rk;
335 
336  memset(t, 0, 64);
337  memset(RK, 0, sizeof(ctx->rk));
338 
339  switch( keysize )
340  {
341  case 128: ctx->nr = 3; idx = 0; break;
342  case 192:
343  case 256: ctx->nr = 4; idx = 1; break;
344  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
345  }
346 
347  for( i = 0; i < keysize / 8; ++i)
348  t[i] = key[i];
349 
350  if (keysize == 192) {
351  for (i = 0; i < 8; i++)
352  t[24 + i] = ~t[16 + i];
353  }
354 
355  /*
356  * Prepare SIGMA values
357  */
358  for (i = 0; i < 6; i++) {
359  GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
360  GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
361  }
362 
363  /*
364  * Key storage in KC
365  * Order: KL, KR, KA, KB
366  */
367  memset(KC, 0, sizeof(KC));
368 
369  /* Store KL, KR */
370  for (i = 0; i < 8; i++)
371  GET_UINT32_BE(KC[i], t, i * 4);
372 
373  /* Generate KA */
374  for( i = 0; i < 4; ++i)
375  KC[8 + i] = KC[i] ^ KC[4 + i];
376 
377  camellia_feistel(KC + 8, SIGMA[0], KC + 10);
378  camellia_feistel(KC + 10, SIGMA[1], KC + 8);
379 
380  for( i = 0; i < 4; ++i)
381  KC[8 + i] ^= KC[i];
382 
383  camellia_feistel(KC + 8, SIGMA[2], KC + 10);
384  camellia_feistel(KC + 10, SIGMA[3], KC + 8);
385 
386  if (keysize > 128) {
387  /* Generate KB */
388  for( i = 0; i < 4; ++i)
389  KC[12 + i] = KC[4 + i] ^ KC[8 + i];
390 
391  camellia_feistel(KC + 12, SIGMA[4], KC + 14);
392  camellia_feistel(KC + 14, SIGMA[5], KC + 12);
393  }
394 
395  /*
396  * Generating subkeys
397  */
398 
399  /* Manipulating KL */
400  SHIFT_AND_PLACE(idx, 0);
401 
402  /* Manipulating KR */
403  if (keysize > 128) {
404  SHIFT_AND_PLACE(idx, 1);
405  }
406 
407  /* Manipulating KA */
408  SHIFT_AND_PLACE(idx, 2);
409 
410  /* Manipulating KB */
411  if (keysize > 128) {
412  SHIFT_AND_PLACE(idx, 3);
413  }
414 
415  /* Do transpositions */
416  for ( i = 0; i < 20; i++ ) {
417  if (transposes[idx][i] != -1) {
418  RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
419  }
420  }
421 
422  return( 0 );
423 }
424 
425 /*
426  * Camellia key schedule (decryption)
427  */
428 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
429  unsigned int keysize )
430 {
431  int idx;
432  size_t i;
433  camellia_context cty;
434  uint32_t *RK;
435  uint32_t *SK;
436  int ret;
437 
438  switch( keysize )
439  {
440  case 128: ctx->nr = 3; idx = 0; break;
441  case 192:
442  case 256: ctx->nr = 4; idx = 1; break;
443  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
444  }
445 
446  RK = ctx->rk;
447 
448  ret = camellia_setkey_enc(&cty, key, keysize);
449  if( ret != 0 )
450  return( ret );
451 
452  SK = cty.rk + 24 * 2 + 8 * idx * 2;
453 
454  *RK++ = *SK++;
455  *RK++ = *SK++;
456  *RK++ = *SK++;
457  *RK++ = *SK++;
458 
459  for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
460  {
461  *RK++ = *SK++;
462  *RK++ = *SK++;
463  }
464 
465  SK -= 2;
466 
467  *RK++ = *SK++;
468  *RK++ = *SK++;
469  *RK++ = *SK++;
470  *RK++ = *SK++;
471 
472  memset( &cty, 0, sizeof( camellia_context ) );
473 
474  return( 0 );
475 }
476 
477 /*
478  * Camellia-ECB block encryption/decryption
479  */
481  int mode,
482  const unsigned char input[16],
483  unsigned char output[16] )
484 {
485  int NR;
486  uint32_t *RK, X[4];
487 
488  ( (void) mode );
489 
490  NR = ctx->nr;
491  RK = ctx->rk;
492 
493  GET_UINT32_BE( X[0], input, 0 );
494  GET_UINT32_BE( X[1], input, 4 );
495  GET_UINT32_BE( X[2], input, 8 );
496  GET_UINT32_BE( X[3], input, 12 );
497 
498  X[0] ^= *RK++;
499  X[1] ^= *RK++;
500  X[2] ^= *RK++;
501  X[3] ^= *RK++;
502 
503  while (NR) {
504  --NR;
505  camellia_feistel(X, RK, X + 2);
506  RK += 2;
507  camellia_feistel(X + 2, RK, X);
508  RK += 2;
509  camellia_feistel(X, RK, X + 2);
510  RK += 2;
511  camellia_feistel(X + 2, RK, X);
512  RK += 2;
513  camellia_feistel(X, RK, X + 2);
514  RK += 2;
515  camellia_feistel(X + 2, RK, X);
516  RK += 2;
517 
518  if (NR) {
519  FL(X[0], X[1], RK[0], RK[1]);
520  RK += 2;
521  FLInv(X[2], X[3], RK[0], RK[1]);
522  RK += 2;
523  }
524  }
525 
526  X[2] ^= *RK++;
527  X[3] ^= *RK++;
528  X[0] ^= *RK++;
529  X[1] ^= *RK++;
530 
531  PUT_UINT32_BE( X[2], output, 0 );
532  PUT_UINT32_BE( X[3], output, 4 );
533  PUT_UINT32_BE( X[0], output, 8 );
534  PUT_UINT32_BE( X[1], output, 12 );
535 
536  return( 0 );
537 }
538 
539 #if defined(POLARSSL_CIPHER_MODE_CBC)
540 /*
541  * Camellia-CBC buffer encryption/decryption
542  */
544  int mode,
545  size_t length,
546  unsigned char iv[16],
547  const unsigned char *input,
548  unsigned char *output )
549 {
550  int i;
551  unsigned char temp[16];
552 
553  if( length % 16 )
555 
556  if( mode == CAMELLIA_DECRYPT )
557  {
558  while( length > 0 )
559  {
560  memcpy( temp, input, 16 );
561  camellia_crypt_ecb( ctx, mode, input, output );
562 
563  for( i = 0; i < 16; i++ )
564  output[i] = (unsigned char)( output[i] ^ iv[i] );
565 
566  memcpy( iv, temp, 16 );
567 
568  input += 16;
569  output += 16;
570  length -= 16;
571  }
572  }
573  else
574  {
575  while( length > 0 )
576  {
577  for( i = 0; i < 16; i++ )
578  output[i] = (unsigned char)( input[i] ^ iv[i] );
579 
580  camellia_crypt_ecb( ctx, mode, output, output );
581  memcpy( iv, output, 16 );
582 
583  input += 16;
584  output += 16;
585  length -= 16;
586  }
587  }
588 
589  return( 0 );
590 }
591 #endif /* POLARSSL_CIPHER_MODE_CBC */
592 
593 #if defined(POLARSSL_CIPHER_MODE_CFB)
594 /*
595  * Camellia-CFB128 buffer encryption/decryption
596  */
598  int mode,
599  size_t length,
600  size_t *iv_off,
601  unsigned char iv[16],
602  const unsigned char *input,
603  unsigned char *output )
604 {
605  int c;
606  size_t n = *iv_off;
607 
608  if( mode == CAMELLIA_DECRYPT )
609  {
610  while( length-- )
611  {
612  if( n == 0 )
613  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
614 
615  c = *input++;
616  *output++ = (unsigned char)( c ^ iv[n] );
617  iv[n] = (unsigned char) c;
618 
619  n = (n + 1) & 0x0F;
620  }
621  }
622  else
623  {
624  while( length-- )
625  {
626  if( n == 0 )
627  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
628 
629  iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
630 
631  n = (n + 1) & 0x0F;
632  }
633  }
634 
635  *iv_off = n;
636 
637  return( 0 );
638 }
639 #endif /* POLARSSL_CIPHER_MODE_CFB */
640 
641 #if defined(POLARSSL_CIPHER_MODE_CTR)
642 /*
643  * Camellia-CTR buffer encryption/decryption
644  */
646  size_t length,
647  size_t *nc_off,
648  unsigned char nonce_counter[16],
649  unsigned char stream_block[16],
650  const unsigned char *input,
651  unsigned char *output )
652 {
653  int c, i;
654  size_t n = *nc_off;
655 
656  while( length-- )
657  {
658  if( n == 0 ) {
659  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
660  stream_block );
661 
662  for( i = 16; i > 0; i-- )
663  if( ++nonce_counter[i - 1] != 0 )
664  break;
665  }
666  c = *input++;
667  *output++ = (unsigned char)( c ^ stream_block[n] );
668 
669  n = (n + 1) & 0x0F;
670  }
671 
672  *nc_off = n;
673 
674  return( 0 );
675 }
676 #endif /* POLARSSL_CIPHER_MODE_CTR */
677 #endif /* !POLARSSL_CAMELLIA_ALT */
678 
679 #if defined(POLARSSL_SELF_TEST)
680 
681 #include <stdio.h>
682 
683 /*
684  * Camellia test vectors from:
685  *
686  * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
687  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
688  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
689  * (For each bitlength: Key 0, Nr 39)
690  */
691 #define CAMELLIA_TESTS_ECB 2
692 
693 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
694 {
695  {
696  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
697  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
698  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
699  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
700  },
701  {
702  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
703  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
704  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
705  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
708  },
709  {
710  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
711  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
712  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
713  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
714  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
715  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
716  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
717  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718  },
719 };
720 
721 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
722 {
723  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
724  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
725  { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
726  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
727 };
728 
729 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
730 {
731  {
732  { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
733  0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
734  { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
735  0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
736  },
737  {
738  { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
739  0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
740  { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
741  0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
742  },
743  {
744  { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
745  0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
746  { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
747  0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
748  }
749 };
750 
751 #if defined(POLARSSL_CIPHER_MODE_CBC)
752 #define CAMELLIA_TESTS_CBC 3
753 
754 static const unsigned char camellia_test_cbc_key[3][32] =
755 {
756  { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
757  0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
758  ,
759  { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
760  0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
761  0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
762  ,
763  { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
764  0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
765  0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
766  0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
767 };
768 
769 static const unsigned char camellia_test_cbc_iv[16] =
770 
771  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
772  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
773 ;
774 
775 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
776 {
777  { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
778  0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
779  { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
780  0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
781  { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
782  0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
783 
784 };
785 
786 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
787 {
788  {
789  { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
790  0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
791  { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
792  0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
793  { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
794  0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
795  },
796  {
797  { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
798  0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
799  { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
800  0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
801  { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
802  0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
803  },
804  {
805  { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
806  0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
807  { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
808  0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
809  { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
810  0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
811  }
812 };
813 #endif /* POLARSSL_CIPHER_MODE_CBC */
814 
815 #if defined(POLARSSL_CIPHER_MODE_CTR)
816 /*
817  * Camellia-CTR test vectors from:
818  *
819  * http://www.faqs.org/rfcs/rfc5528.html
820  */
821 
822 static const unsigned char camellia_test_ctr_key[3][16] =
823 {
824  { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
825  0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
826  { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
827  0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
828  { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
829  0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
830 };
831 
832 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
833 {
834  { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
835  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
836  { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
837  0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
838  { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
839  0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
840 };
841 
842 static const unsigned char camellia_test_ctr_pt[3][48] =
843 {
844  { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
845  0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
846 
847  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
848  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
849  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
850  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
851 
852  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
853  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
854  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
855  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
856  0x20, 0x21, 0x22, 0x23 }
857 };
858 
859 static const unsigned char camellia_test_ctr_ct[3][48] =
860 {
861  { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
862  0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
863  { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
864  0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
865  0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
866  0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
867  { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
868  0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
869  0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
870  0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
871  0xDF, 0x50, 0x86, 0x96 }
872 };
873 
874 static const int camellia_test_ctr_len[3] =
875  { 16, 32, 36 };
876 #endif /* POLARSSL_CIPHER_MODE_CTR */
877 
878 /*
879  * Checkup routine
880  */
881 int camellia_self_test( int verbose )
882 {
883  int i, j, u, v;
884  unsigned char key[32];
885  unsigned char buf[64];
886  unsigned char src[16];
887  unsigned char dst[16];
888 #if defined(POLARSSL_CIPHER_MODE_CBC)
889  unsigned char iv[16];
890 #endif
891 #if defined(POLARSSL_CIPHER_MODE_CTR)
892  size_t offset, len;
893  unsigned char nonce_counter[16];
894  unsigned char stream_block[16];
895 #endif
896 
897  camellia_context ctx;
898 
899  memset( key, 0, 32 );
900 
901  for (j = 0; j < 6; j++) {
902  u = j >> 1;
903  v = j & 1;
904 
905  if( verbose != 0 )
906  polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
907  (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
908 
909  for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
910  memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
911 
912  if (v == CAMELLIA_DECRYPT) {
913  camellia_setkey_dec(&ctx, key, 128 + u * 64);
914  memcpy(src, camellia_test_ecb_cipher[u][i], 16);
915  memcpy(dst, camellia_test_ecb_plain[i], 16);
916  } else { /* CAMELLIA_ENCRYPT */
917  camellia_setkey_enc(&ctx, key, 128 + u * 64);
918  memcpy(src, camellia_test_ecb_plain[i], 16);
919  memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
920  }
921 
922  camellia_crypt_ecb(&ctx, v, src, buf);
923 
924  if( memcmp( buf, dst, 16 ) != 0 )
925  {
926  if( verbose != 0 )
927  polarssl_printf( "failed\n" );
928 
929  return( 1 );
930  }
931  }
932 
933  if( verbose != 0 )
934  polarssl_printf( "passed\n" );
935  }
936 
937  if( verbose != 0 )
938  polarssl_printf( "\n" );
939 
940 #if defined(POLARSSL_CIPHER_MODE_CBC)
941  /*
942  * CBC mode
943  */
944  for( j = 0; j < 6; j++ )
945  {
946  u = j >> 1;
947  v = j & 1;
948 
949  if( verbose != 0 )
950  polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
951  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
952 
953  memcpy( src, camellia_test_cbc_iv, 16);
954  memcpy( dst, camellia_test_cbc_iv, 16);
955  memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
956 
957  if (v == CAMELLIA_DECRYPT) {
958  camellia_setkey_dec(&ctx, key, 128 + u * 64);
959  } else {
960  camellia_setkey_enc(&ctx, key, 128 + u * 64);
961  }
962 
963  for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
964 
965  if (v == CAMELLIA_DECRYPT) {
966  memcpy( iv , src, 16 );
967  memcpy(src, camellia_test_cbc_cipher[u][i], 16);
968  memcpy(dst, camellia_test_cbc_plain[i], 16);
969  } else { /* CAMELLIA_ENCRYPT */
970  memcpy( iv , dst, 16 );
971  memcpy(src, camellia_test_cbc_plain[i], 16);
972  memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
973  }
974 
975  camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
976 
977  if( memcmp( buf, dst, 16 ) != 0 )
978  {
979  if( verbose != 0 )
980  polarssl_printf( "failed\n" );
981 
982  return( 1 );
983  }
984  }
985 
986  if( verbose != 0 )
987  polarssl_printf( "passed\n" );
988  }
989 #endif /* POLARSSL_CIPHER_MODE_CBC */
990 
991  if( verbose != 0 )
992  polarssl_printf( "\n" );
993 
994 #if defined(POLARSSL_CIPHER_MODE_CTR)
995  /*
996  * CTR mode
997  */
998  for( i = 0; i < 6; i++ )
999  {
1000  u = i >> 1;
1001  v = i & 1;
1002 
1003  if( verbose != 0 )
1004  polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1005  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
1006 
1007  memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1008  memcpy( key, camellia_test_ctr_key[u], 16 );
1009 
1010  offset = 0;
1011  camellia_setkey_enc( &ctx, key, 128 );
1012 
1013  if( v == CAMELLIA_DECRYPT )
1014  {
1015  len = camellia_test_ctr_len[u];
1016  memcpy( buf, camellia_test_ctr_ct[u], len );
1017 
1018  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1019  buf, buf );
1020 
1021  if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1022  {
1023  if( verbose != 0 )
1024  polarssl_printf( "failed\n" );
1025 
1026  return( 1 );
1027  }
1028  }
1029  else
1030  {
1031  len = camellia_test_ctr_len[u];
1032  memcpy( buf, camellia_test_ctr_pt[u], len );
1033 
1034  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1035  buf, buf );
1036 
1037  if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1038  {
1039  if( verbose != 0 )
1040  polarssl_printf( "failed\n" );
1041 
1042  return( 1 );
1043  }
1044  }
1045 
1046  if( verbose != 0 )
1047  polarssl_printf( "passed\n" );
1048  }
1049 
1050  if( verbose != 0 )
1051  polarssl_printf( "\n" );
1052 #endif /* POLARSSL_CIPHER_MODE_CTR */
1053 
1054  return ( 0 );
1055 }
1056 
1057 #endif /* POLARSSL_SELF_TEST */
1058 
1059 #endif /* POLARSSL_CAMELLIA_C */
uint32_t rk[68]
Definition: camellia.h:65
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
Camellia block cipher.
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
PolarSSL Platform abstraction layer.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Definition: camellia.h:49
CAMELLIA context structure.
Definition: camellia.h:62
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define polarssl_printf
Definition: platform.h:109
#define CAMELLIA_DECRYPT
Definition: camellia.h:46
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.
Definition: camellia.h:48
#define CAMELLIA_ENCRYPT
Definition: camellia.h:45