1*817466cbSJens Wiklander /* 2*817466cbSJens Wiklander * Camellia implementation 3*817466cbSJens Wiklander * 4*817466cbSJens Wiklander * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5*817466cbSJens Wiklander * SPDX-License-Identifier: Apache-2.0 6*817466cbSJens Wiklander * 7*817466cbSJens Wiklander * Licensed under the Apache License, Version 2.0 (the "License"); you may 8*817466cbSJens Wiklander * not use this file except in compliance with the License. 9*817466cbSJens Wiklander * You may obtain a copy of the License at 10*817466cbSJens Wiklander * 11*817466cbSJens Wiklander * http://www.apache.org/licenses/LICENSE-2.0 12*817466cbSJens Wiklander * 13*817466cbSJens Wiklander * Unless required by applicable law or agreed to in writing, software 14*817466cbSJens Wiklander * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15*817466cbSJens Wiklander * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16*817466cbSJens Wiklander * See the License for the specific language governing permissions and 17*817466cbSJens Wiklander * limitations under the License. 18*817466cbSJens Wiklander * 19*817466cbSJens Wiklander * This file is part of mbed TLS (https://tls.mbed.org) 20*817466cbSJens Wiklander */ 21*817466cbSJens Wiklander /* 22*817466cbSJens Wiklander * The Camellia block cipher was designed by NTT and Mitsubishi Electric 23*817466cbSJens Wiklander * Corporation. 24*817466cbSJens Wiklander * 25*817466cbSJens Wiklander * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf 26*817466cbSJens Wiklander */ 27*817466cbSJens Wiklander 28*817466cbSJens Wiklander #if !defined(MBEDTLS_CONFIG_FILE) 29*817466cbSJens Wiklander #include "mbedtls/config.h" 30*817466cbSJens Wiklander #else 31*817466cbSJens Wiklander #include MBEDTLS_CONFIG_FILE 32*817466cbSJens Wiklander #endif 33*817466cbSJens Wiklander 34*817466cbSJens Wiklander #if defined(MBEDTLS_CAMELLIA_C) 35*817466cbSJens Wiklander 36*817466cbSJens Wiklander #include "mbedtls/camellia.h" 37*817466cbSJens Wiklander 38*817466cbSJens Wiklander #include <string.h> 39*817466cbSJens Wiklander 40*817466cbSJens Wiklander #if defined(MBEDTLS_SELF_TEST) 41*817466cbSJens Wiklander #if defined(MBEDTLS_PLATFORM_C) 42*817466cbSJens Wiklander #include "mbedtls/platform.h" 43*817466cbSJens Wiklander #else 44*817466cbSJens Wiklander #include <stdio.h> 45*817466cbSJens Wiklander #define mbedtls_printf printf 46*817466cbSJens Wiklander #endif /* MBEDTLS_PLATFORM_C */ 47*817466cbSJens Wiklander #endif /* MBEDTLS_SELF_TEST */ 48*817466cbSJens Wiklander 49*817466cbSJens Wiklander #if !defined(MBEDTLS_CAMELLIA_ALT) 50*817466cbSJens Wiklander 51*817466cbSJens Wiklander /* Implementation that should never be optimized out by the compiler */ 52*817466cbSJens Wiklander static void mbedtls_zeroize( void *v, size_t n ) { 53*817466cbSJens Wiklander volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; 54*817466cbSJens Wiklander } 55*817466cbSJens Wiklander 56*817466cbSJens Wiklander /* 57*817466cbSJens Wiklander * 32-bit integer manipulation macros (big endian) 58*817466cbSJens Wiklander */ 59*817466cbSJens Wiklander #ifndef GET_UINT32_BE 60*817466cbSJens Wiklander #define GET_UINT32_BE(n,b,i) \ 61*817466cbSJens Wiklander { \ 62*817466cbSJens Wiklander (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 63*817466cbSJens Wiklander | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 64*817466cbSJens Wiklander | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 65*817466cbSJens Wiklander | ( (uint32_t) (b)[(i) + 3] ); \ 66*817466cbSJens Wiklander } 67*817466cbSJens Wiklander #endif 68*817466cbSJens Wiklander 69*817466cbSJens Wiklander #ifndef PUT_UINT32_BE 70*817466cbSJens Wiklander #define PUT_UINT32_BE(n,b,i) \ 71*817466cbSJens Wiklander { \ 72*817466cbSJens Wiklander (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 73*817466cbSJens Wiklander (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 74*817466cbSJens Wiklander (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 75*817466cbSJens Wiklander (b)[(i) + 3] = (unsigned char) ( (n) ); \ 76*817466cbSJens Wiklander } 77*817466cbSJens Wiklander #endif 78*817466cbSJens Wiklander 79*817466cbSJens Wiklander static const unsigned char SIGMA_CHARS[6][8] = 80*817466cbSJens Wiklander { 81*817466cbSJens Wiklander { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, 82*817466cbSJens Wiklander { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 }, 83*817466cbSJens Wiklander { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe }, 84*817466cbSJens Wiklander { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c }, 85*817466cbSJens Wiklander { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d }, 86*817466cbSJens Wiklander { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd } 87*817466cbSJens Wiklander }; 88*817466cbSJens Wiklander 89*817466cbSJens Wiklander #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) 90*817466cbSJens Wiklander 91*817466cbSJens Wiklander static const unsigned char FSb[256] = 92*817466cbSJens Wiklander { 93*817466cbSJens Wiklander 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, 94*817466cbSJens Wiklander 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, 95*817466cbSJens Wiklander 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, 96*817466cbSJens Wiklander 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, 97*817466cbSJens Wiklander 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, 98*817466cbSJens Wiklander 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, 99*817466cbSJens Wiklander 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, 100*817466cbSJens Wiklander 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, 101*817466cbSJens Wiklander 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, 102*817466cbSJens Wiklander 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, 103*817466cbSJens Wiklander 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, 104*817466cbSJens Wiklander 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, 105*817466cbSJens Wiklander 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, 106*817466cbSJens Wiklander 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, 107*817466cbSJens Wiklander 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, 108*817466cbSJens Wiklander 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 109*817466cbSJens Wiklander }; 110*817466cbSJens Wiklander 111*817466cbSJens Wiklander #define SBOX1(n) FSb[(n)] 112*817466cbSJens Wiklander #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) 113*817466cbSJens Wiklander #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) 114*817466cbSJens Wiklander #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff] 115*817466cbSJens Wiklander 116*817466cbSJens Wiklander #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ 117*817466cbSJens Wiklander 118*817466cbSJens Wiklander static const unsigned char FSb[256] = 119*817466cbSJens Wiklander { 120*817466cbSJens Wiklander 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, 121*817466cbSJens Wiklander 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, 122*817466cbSJens Wiklander 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, 123*817466cbSJens Wiklander 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, 124*817466cbSJens Wiklander 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, 125*817466cbSJens Wiklander 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, 126*817466cbSJens Wiklander 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, 127*817466cbSJens Wiklander 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, 128*817466cbSJens Wiklander 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, 129*817466cbSJens Wiklander 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 130*817466cbSJens Wiklander 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 131*817466cbSJens Wiklander 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 132*817466cbSJens Wiklander 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 133*817466cbSJens Wiklander 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 134*817466cbSJens Wiklander 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, 135*817466cbSJens Wiklander 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 136*817466cbSJens Wiklander }; 137*817466cbSJens Wiklander 138*817466cbSJens Wiklander static const unsigned char FSb2[256] = 139*817466cbSJens Wiklander { 140*817466cbSJens Wiklander 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, 141*817466cbSJens Wiklander 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, 142*817466cbSJens Wiklander 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, 143*817466cbSJens Wiklander 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, 144*817466cbSJens Wiklander 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, 145*817466cbSJens Wiklander 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, 146*817466cbSJens Wiklander 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, 147*817466cbSJens Wiklander 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, 148*817466cbSJens Wiklander 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, 149*817466cbSJens Wiklander 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, 150*817466cbSJens Wiklander 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, 151*817466cbSJens Wiklander 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, 152*817466cbSJens Wiklander 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, 153*817466cbSJens Wiklander 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, 154*817466cbSJens Wiklander 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, 155*817466cbSJens Wiklander 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 156*817466cbSJens Wiklander }; 157*817466cbSJens Wiklander 158*817466cbSJens Wiklander static const unsigned char FSb3[256] = 159*817466cbSJens Wiklander { 160*817466cbSJens Wiklander 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, 161*817466cbSJens Wiklander 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, 162*817466cbSJens Wiklander 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, 163*817466cbSJens Wiklander 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, 164*817466cbSJens Wiklander 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, 165*817466cbSJens Wiklander 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, 166*817466cbSJens Wiklander 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, 167*817466cbSJens Wiklander 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, 168*817466cbSJens Wiklander 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, 169*817466cbSJens Wiklander 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, 170*817466cbSJens Wiklander 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, 171*817466cbSJens Wiklander 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, 172*817466cbSJens Wiklander 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, 173*817466cbSJens Wiklander 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, 174*817466cbSJens Wiklander 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, 175*817466cbSJens Wiklander 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 176*817466cbSJens Wiklander }; 177*817466cbSJens Wiklander 178*817466cbSJens Wiklander static const unsigned char FSb4[256] = 179*817466cbSJens Wiklander { 180*817466cbSJens Wiklander 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, 181*817466cbSJens Wiklander 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, 182*817466cbSJens Wiklander 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, 183*817466cbSJens Wiklander 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, 184*817466cbSJens Wiklander 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, 185*817466cbSJens Wiklander 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, 186*817466cbSJens Wiklander 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, 187*817466cbSJens Wiklander 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, 188*817466cbSJens Wiklander 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, 189*817466cbSJens Wiklander 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, 190*817466cbSJens Wiklander 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, 191*817466cbSJens Wiklander 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, 192*817466cbSJens Wiklander 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, 193*817466cbSJens Wiklander 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, 194*817466cbSJens Wiklander 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, 195*817466cbSJens Wiklander 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 196*817466cbSJens Wiklander }; 197*817466cbSJens Wiklander 198*817466cbSJens Wiklander #define SBOX1(n) FSb[(n)] 199*817466cbSJens Wiklander #define SBOX2(n) FSb2[(n)] 200*817466cbSJens Wiklander #define SBOX3(n) FSb3[(n)] 201*817466cbSJens Wiklander #define SBOX4(n) FSb4[(n)] 202*817466cbSJens Wiklander 203*817466cbSJens Wiklander #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ 204*817466cbSJens Wiklander 205*817466cbSJens Wiklander static const unsigned char shifts[2][4][4] = 206*817466cbSJens Wiklander { 207*817466cbSJens Wiklander { 208*817466cbSJens Wiklander { 1, 1, 1, 1 }, /* KL */ 209*817466cbSJens Wiklander { 0, 0, 0, 0 }, /* KR */ 210*817466cbSJens Wiklander { 1, 1, 1, 1 }, /* KA */ 211*817466cbSJens Wiklander { 0, 0, 0, 0 } /* KB */ 212*817466cbSJens Wiklander }, 213*817466cbSJens Wiklander { 214*817466cbSJens Wiklander { 1, 0, 1, 1 }, /* KL */ 215*817466cbSJens Wiklander { 1, 1, 0, 1 }, /* KR */ 216*817466cbSJens Wiklander { 1, 1, 1, 0 }, /* KA */ 217*817466cbSJens Wiklander { 1, 1, 0, 1 } /* KB */ 218*817466cbSJens Wiklander } 219*817466cbSJens Wiklander }; 220*817466cbSJens Wiklander 221*817466cbSJens Wiklander static const signed char indexes[2][4][20] = 222*817466cbSJens Wiklander { 223*817466cbSJens Wiklander { 224*817466cbSJens Wiklander { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, 225*817466cbSJens Wiklander 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ 226*817466cbSJens Wiklander { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 227*817466cbSJens Wiklander -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ 228*817466cbSJens Wiklander { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, 229*817466cbSJens Wiklander 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ 230*817466cbSJens Wiklander { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 231*817466cbSJens Wiklander -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ 232*817466cbSJens Wiklander }, 233*817466cbSJens Wiklander { 234*817466cbSJens Wiklander { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, 235*817466cbSJens Wiklander -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ 236*817466cbSJens Wiklander { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, 237*817466cbSJens Wiklander 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ 238*817466cbSJens Wiklander { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, 239*817466cbSJens Wiklander 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ 240*817466cbSJens Wiklander { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, 241*817466cbSJens Wiklander 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ 242*817466cbSJens Wiklander } 243*817466cbSJens Wiklander }; 244*817466cbSJens Wiklander 245*817466cbSJens Wiklander static const signed char transposes[2][20] = 246*817466cbSJens Wiklander { 247*817466cbSJens Wiklander { 248*817466cbSJens Wiklander 21, 22, 23, 20, 249*817466cbSJens Wiklander -1, -1, -1, -1, 250*817466cbSJens Wiklander 18, 19, 16, 17, 251*817466cbSJens Wiklander 11, 8, 9, 10, 252*817466cbSJens Wiklander 15, 12, 13, 14 253*817466cbSJens Wiklander }, 254*817466cbSJens Wiklander { 255*817466cbSJens Wiklander 25, 26, 27, 24, 256*817466cbSJens Wiklander 29, 30, 31, 28, 257*817466cbSJens Wiklander 18, 19, 16, 17, 258*817466cbSJens Wiklander -1, -1, -1, -1, 259*817466cbSJens Wiklander -1, -1, -1, -1 260*817466cbSJens Wiklander } 261*817466cbSJens Wiklander }; 262*817466cbSJens Wiklander 263*817466cbSJens Wiklander /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */ 264*817466cbSJens Wiklander #define ROTL(DEST, SRC, SHIFT) \ 265*817466cbSJens Wiklander { \ 266*817466cbSJens Wiklander (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ 267*817466cbSJens Wiklander (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ 268*817466cbSJens Wiklander (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ 269*817466cbSJens Wiklander (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ 270*817466cbSJens Wiklander } 271*817466cbSJens Wiklander 272*817466cbSJens Wiklander #define FL(XL, XR, KL, KR) \ 273*817466cbSJens Wiklander { \ 274*817466cbSJens Wiklander (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \ 275*817466cbSJens Wiklander (XL) = ((XR) | (KR)) ^ (XL); \ 276*817466cbSJens Wiklander } 277*817466cbSJens Wiklander 278*817466cbSJens Wiklander #define FLInv(YL, YR, KL, KR) \ 279*817466cbSJens Wiklander { \ 280*817466cbSJens Wiklander (YL) = ((YR) | (KR)) ^ (YL); \ 281*817466cbSJens Wiklander (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \ 282*817466cbSJens Wiklander } 283*817466cbSJens Wiklander 284*817466cbSJens Wiklander #define SHIFT_AND_PLACE(INDEX, OFFSET) \ 285*817466cbSJens Wiklander { \ 286*817466cbSJens Wiklander TK[0] = KC[(OFFSET) * 4 + 0]; \ 287*817466cbSJens Wiklander TK[1] = KC[(OFFSET) * 4 + 1]; \ 288*817466cbSJens Wiklander TK[2] = KC[(OFFSET) * 4 + 2]; \ 289*817466cbSJens Wiklander TK[3] = KC[(OFFSET) * 4 + 3]; \ 290*817466cbSJens Wiklander \ 291*817466cbSJens Wiklander for( i = 1; i <= 4; i++ ) \ 292*817466cbSJens Wiklander if( shifts[(INDEX)][(OFFSET)][i -1] ) \ 293*817466cbSJens Wiklander ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \ 294*817466cbSJens Wiklander \ 295*817466cbSJens Wiklander for( i = 0; i < 20; i++ ) \ 296*817466cbSJens Wiklander if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \ 297*817466cbSJens Wiklander RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \ 298*817466cbSJens Wiklander } \ 299*817466cbSJens Wiklander } 300*817466cbSJens Wiklander 301*817466cbSJens Wiklander static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], 302*817466cbSJens Wiklander uint32_t z[2]) 303*817466cbSJens Wiklander { 304*817466cbSJens Wiklander uint32_t I0, I1; 305*817466cbSJens Wiklander I0 = x[0] ^ k[0]; 306*817466cbSJens Wiklander I1 = x[1] ^ k[1]; 307*817466cbSJens Wiklander 308*817466cbSJens Wiklander I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | 309*817466cbSJens Wiklander ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | 310*817466cbSJens Wiklander ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | 311*817466cbSJens Wiklander ((uint32_t) SBOX4((I0 ) & 0xFF) ); 312*817466cbSJens Wiklander I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | 313*817466cbSJens Wiklander ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | 314*817466cbSJens Wiklander ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | 315*817466cbSJens Wiklander ((uint32_t) SBOX1((I1 ) & 0xFF) ); 316*817466cbSJens Wiklander 317*817466cbSJens Wiklander I0 ^= (I1 << 8) | (I1 >> 24); 318*817466cbSJens Wiklander I1 ^= (I0 << 16) | (I0 >> 16); 319*817466cbSJens Wiklander I0 ^= (I1 >> 8) | (I1 << 24); 320*817466cbSJens Wiklander I1 ^= (I0 >> 8) | (I0 << 24); 321*817466cbSJens Wiklander 322*817466cbSJens Wiklander z[0] ^= I1; 323*817466cbSJens Wiklander z[1] ^= I0; 324*817466cbSJens Wiklander } 325*817466cbSJens Wiklander 326*817466cbSJens Wiklander void mbedtls_camellia_init( mbedtls_camellia_context *ctx ) 327*817466cbSJens Wiklander { 328*817466cbSJens Wiklander memset( ctx, 0, sizeof( mbedtls_camellia_context ) ); 329*817466cbSJens Wiklander } 330*817466cbSJens Wiklander 331*817466cbSJens Wiklander void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) 332*817466cbSJens Wiklander { 333*817466cbSJens Wiklander if( ctx == NULL ) 334*817466cbSJens Wiklander return; 335*817466cbSJens Wiklander 336*817466cbSJens Wiklander mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); 337*817466cbSJens Wiklander } 338*817466cbSJens Wiklander 339*817466cbSJens Wiklander /* 340*817466cbSJens Wiklander * Camellia key schedule (encryption) 341*817466cbSJens Wiklander */ 342*817466cbSJens Wiklander int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, 343*817466cbSJens Wiklander unsigned int keybits ) 344*817466cbSJens Wiklander { 345*817466cbSJens Wiklander int idx; 346*817466cbSJens Wiklander size_t i; 347*817466cbSJens Wiklander uint32_t *RK; 348*817466cbSJens Wiklander unsigned char t[64]; 349*817466cbSJens Wiklander uint32_t SIGMA[6][2]; 350*817466cbSJens Wiklander uint32_t KC[16]; 351*817466cbSJens Wiklander uint32_t TK[20]; 352*817466cbSJens Wiklander 353*817466cbSJens Wiklander RK = ctx->rk; 354*817466cbSJens Wiklander 355*817466cbSJens Wiklander memset( t, 0, 64 ); 356*817466cbSJens Wiklander memset( RK, 0, sizeof(ctx->rk) ); 357*817466cbSJens Wiklander 358*817466cbSJens Wiklander switch( keybits ) 359*817466cbSJens Wiklander { 360*817466cbSJens Wiklander case 128: ctx->nr = 3; idx = 0; break; 361*817466cbSJens Wiklander case 192: 362*817466cbSJens Wiklander case 256: ctx->nr = 4; idx = 1; break; 363*817466cbSJens Wiklander default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH ); 364*817466cbSJens Wiklander } 365*817466cbSJens Wiklander 366*817466cbSJens Wiklander for( i = 0; i < keybits / 8; ++i ) 367*817466cbSJens Wiklander t[i] = key[i]; 368*817466cbSJens Wiklander 369*817466cbSJens Wiklander if( keybits == 192 ) { 370*817466cbSJens Wiklander for( i = 0; i < 8; i++ ) 371*817466cbSJens Wiklander t[24 + i] = ~t[16 + i]; 372*817466cbSJens Wiklander } 373*817466cbSJens Wiklander 374*817466cbSJens Wiklander /* 375*817466cbSJens Wiklander * Prepare SIGMA values 376*817466cbSJens Wiklander */ 377*817466cbSJens Wiklander for( i = 0; i < 6; i++ ) { 378*817466cbSJens Wiklander GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 ); 379*817466cbSJens Wiklander GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 ); 380*817466cbSJens Wiklander } 381*817466cbSJens Wiklander 382*817466cbSJens Wiklander /* 383*817466cbSJens Wiklander * Key storage in KC 384*817466cbSJens Wiklander * Order: KL, KR, KA, KB 385*817466cbSJens Wiklander */ 386*817466cbSJens Wiklander memset( KC, 0, sizeof(KC) ); 387*817466cbSJens Wiklander 388*817466cbSJens Wiklander /* Store KL, KR */ 389*817466cbSJens Wiklander for( i = 0; i < 8; i++ ) 390*817466cbSJens Wiklander GET_UINT32_BE( KC[i], t, i * 4 ); 391*817466cbSJens Wiklander 392*817466cbSJens Wiklander /* Generate KA */ 393*817466cbSJens Wiklander for( i = 0; i < 4; ++i ) 394*817466cbSJens Wiklander KC[8 + i] = KC[i] ^ KC[4 + i]; 395*817466cbSJens Wiklander 396*817466cbSJens Wiklander camellia_feistel( KC + 8, SIGMA[0], KC + 10 ); 397*817466cbSJens Wiklander camellia_feistel( KC + 10, SIGMA[1], KC + 8 ); 398*817466cbSJens Wiklander 399*817466cbSJens Wiklander for( i = 0; i < 4; ++i ) 400*817466cbSJens Wiklander KC[8 + i] ^= KC[i]; 401*817466cbSJens Wiklander 402*817466cbSJens Wiklander camellia_feistel( KC + 8, SIGMA[2], KC + 10 ); 403*817466cbSJens Wiklander camellia_feistel( KC + 10, SIGMA[3], KC + 8 ); 404*817466cbSJens Wiklander 405*817466cbSJens Wiklander if( keybits > 128 ) { 406*817466cbSJens Wiklander /* Generate KB */ 407*817466cbSJens Wiklander for( i = 0; i < 4; ++i ) 408*817466cbSJens Wiklander KC[12 + i] = KC[4 + i] ^ KC[8 + i]; 409*817466cbSJens Wiklander 410*817466cbSJens Wiklander camellia_feistel( KC + 12, SIGMA[4], KC + 14 ); 411*817466cbSJens Wiklander camellia_feistel( KC + 14, SIGMA[5], KC + 12 ); 412*817466cbSJens Wiklander } 413*817466cbSJens Wiklander 414*817466cbSJens Wiklander /* 415*817466cbSJens Wiklander * Generating subkeys 416*817466cbSJens Wiklander */ 417*817466cbSJens Wiklander 418*817466cbSJens Wiklander /* Manipulating KL */ 419*817466cbSJens Wiklander SHIFT_AND_PLACE( idx, 0 ); 420*817466cbSJens Wiklander 421*817466cbSJens Wiklander /* Manipulating KR */ 422*817466cbSJens Wiklander if( keybits > 128 ) { 423*817466cbSJens Wiklander SHIFT_AND_PLACE( idx, 1 ); 424*817466cbSJens Wiklander } 425*817466cbSJens Wiklander 426*817466cbSJens Wiklander /* Manipulating KA */ 427*817466cbSJens Wiklander SHIFT_AND_PLACE( idx, 2 ); 428*817466cbSJens Wiklander 429*817466cbSJens Wiklander /* Manipulating KB */ 430*817466cbSJens Wiklander if( keybits > 128 ) { 431*817466cbSJens Wiklander SHIFT_AND_PLACE( idx, 3 ); 432*817466cbSJens Wiklander } 433*817466cbSJens Wiklander 434*817466cbSJens Wiklander /* Do transpositions */ 435*817466cbSJens Wiklander for( i = 0; i < 20; i++ ) { 436*817466cbSJens Wiklander if( transposes[idx][i] != -1 ) { 437*817466cbSJens Wiklander RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; 438*817466cbSJens Wiklander } 439*817466cbSJens Wiklander } 440*817466cbSJens Wiklander 441*817466cbSJens Wiklander return( 0 ); 442*817466cbSJens Wiklander } 443*817466cbSJens Wiklander 444*817466cbSJens Wiklander /* 445*817466cbSJens Wiklander * Camellia key schedule (decryption) 446*817466cbSJens Wiklander */ 447*817466cbSJens Wiklander int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, 448*817466cbSJens Wiklander unsigned int keybits ) 449*817466cbSJens Wiklander { 450*817466cbSJens Wiklander int idx, ret; 451*817466cbSJens Wiklander size_t i; 452*817466cbSJens Wiklander mbedtls_camellia_context cty; 453*817466cbSJens Wiklander uint32_t *RK; 454*817466cbSJens Wiklander uint32_t *SK; 455*817466cbSJens Wiklander 456*817466cbSJens Wiklander mbedtls_camellia_init( &cty ); 457*817466cbSJens Wiklander 458*817466cbSJens Wiklander /* Also checks keybits */ 459*817466cbSJens Wiklander if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 ) 460*817466cbSJens Wiklander goto exit; 461*817466cbSJens Wiklander 462*817466cbSJens Wiklander ctx->nr = cty.nr; 463*817466cbSJens Wiklander idx = ( ctx->nr == 4 ); 464*817466cbSJens Wiklander 465*817466cbSJens Wiklander RK = ctx->rk; 466*817466cbSJens Wiklander SK = cty.rk + 24 * 2 + 8 * idx * 2; 467*817466cbSJens Wiklander 468*817466cbSJens Wiklander *RK++ = *SK++; 469*817466cbSJens Wiklander *RK++ = *SK++; 470*817466cbSJens Wiklander *RK++ = *SK++; 471*817466cbSJens Wiklander *RK++ = *SK++; 472*817466cbSJens Wiklander 473*817466cbSJens Wiklander for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 ) 474*817466cbSJens Wiklander { 475*817466cbSJens Wiklander *RK++ = *SK++; 476*817466cbSJens Wiklander *RK++ = *SK++; 477*817466cbSJens Wiklander } 478*817466cbSJens Wiklander 479*817466cbSJens Wiklander SK -= 2; 480*817466cbSJens Wiklander 481*817466cbSJens Wiklander *RK++ = *SK++; 482*817466cbSJens Wiklander *RK++ = *SK++; 483*817466cbSJens Wiklander *RK++ = *SK++; 484*817466cbSJens Wiklander *RK++ = *SK++; 485*817466cbSJens Wiklander 486*817466cbSJens Wiklander exit: 487*817466cbSJens Wiklander mbedtls_camellia_free( &cty ); 488*817466cbSJens Wiklander 489*817466cbSJens Wiklander return( ret ); 490*817466cbSJens Wiklander } 491*817466cbSJens Wiklander 492*817466cbSJens Wiklander /* 493*817466cbSJens Wiklander * Camellia-ECB block encryption/decryption 494*817466cbSJens Wiklander */ 495*817466cbSJens Wiklander int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, 496*817466cbSJens Wiklander int mode, 497*817466cbSJens Wiklander const unsigned char input[16], 498*817466cbSJens Wiklander unsigned char output[16] ) 499*817466cbSJens Wiklander { 500*817466cbSJens Wiklander int NR; 501*817466cbSJens Wiklander uint32_t *RK, X[4]; 502*817466cbSJens Wiklander 503*817466cbSJens Wiklander ( (void) mode ); 504*817466cbSJens Wiklander 505*817466cbSJens Wiklander NR = ctx->nr; 506*817466cbSJens Wiklander RK = ctx->rk; 507*817466cbSJens Wiklander 508*817466cbSJens Wiklander GET_UINT32_BE( X[0], input, 0 ); 509*817466cbSJens Wiklander GET_UINT32_BE( X[1], input, 4 ); 510*817466cbSJens Wiklander GET_UINT32_BE( X[2], input, 8 ); 511*817466cbSJens Wiklander GET_UINT32_BE( X[3], input, 12 ); 512*817466cbSJens Wiklander 513*817466cbSJens Wiklander X[0] ^= *RK++; 514*817466cbSJens Wiklander X[1] ^= *RK++; 515*817466cbSJens Wiklander X[2] ^= *RK++; 516*817466cbSJens Wiklander X[3] ^= *RK++; 517*817466cbSJens Wiklander 518*817466cbSJens Wiklander while( NR ) { 519*817466cbSJens Wiklander --NR; 520*817466cbSJens Wiklander camellia_feistel( X, RK, X + 2 ); 521*817466cbSJens Wiklander RK += 2; 522*817466cbSJens Wiklander camellia_feistel( X + 2, RK, X ); 523*817466cbSJens Wiklander RK += 2; 524*817466cbSJens Wiklander camellia_feistel( X, RK, X + 2 ); 525*817466cbSJens Wiklander RK += 2; 526*817466cbSJens Wiklander camellia_feistel( X + 2, RK, X ); 527*817466cbSJens Wiklander RK += 2; 528*817466cbSJens Wiklander camellia_feistel( X, RK, X + 2 ); 529*817466cbSJens Wiklander RK += 2; 530*817466cbSJens Wiklander camellia_feistel( X + 2, RK, X ); 531*817466cbSJens Wiklander RK += 2; 532*817466cbSJens Wiklander 533*817466cbSJens Wiklander if( NR ) { 534*817466cbSJens Wiklander FL(X[0], X[1], RK[0], RK[1]); 535*817466cbSJens Wiklander RK += 2; 536*817466cbSJens Wiklander FLInv(X[2], X[3], RK[0], RK[1]); 537*817466cbSJens Wiklander RK += 2; 538*817466cbSJens Wiklander } 539*817466cbSJens Wiklander } 540*817466cbSJens Wiklander 541*817466cbSJens Wiklander X[2] ^= *RK++; 542*817466cbSJens Wiklander X[3] ^= *RK++; 543*817466cbSJens Wiklander X[0] ^= *RK++; 544*817466cbSJens Wiklander X[1] ^= *RK++; 545*817466cbSJens Wiklander 546*817466cbSJens Wiklander PUT_UINT32_BE( X[2], output, 0 ); 547*817466cbSJens Wiklander PUT_UINT32_BE( X[3], output, 4 ); 548*817466cbSJens Wiklander PUT_UINT32_BE( X[0], output, 8 ); 549*817466cbSJens Wiklander PUT_UINT32_BE( X[1], output, 12 ); 550*817466cbSJens Wiklander 551*817466cbSJens Wiklander return( 0 ); 552*817466cbSJens Wiklander } 553*817466cbSJens Wiklander 554*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CBC) 555*817466cbSJens Wiklander /* 556*817466cbSJens Wiklander * Camellia-CBC buffer encryption/decryption 557*817466cbSJens Wiklander */ 558*817466cbSJens Wiklander int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, 559*817466cbSJens Wiklander int mode, 560*817466cbSJens Wiklander size_t length, 561*817466cbSJens Wiklander unsigned char iv[16], 562*817466cbSJens Wiklander const unsigned char *input, 563*817466cbSJens Wiklander unsigned char *output ) 564*817466cbSJens Wiklander { 565*817466cbSJens Wiklander int i; 566*817466cbSJens Wiklander unsigned char temp[16]; 567*817466cbSJens Wiklander 568*817466cbSJens Wiklander if( length % 16 ) 569*817466cbSJens Wiklander return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); 570*817466cbSJens Wiklander 571*817466cbSJens Wiklander if( mode == MBEDTLS_CAMELLIA_DECRYPT ) 572*817466cbSJens Wiklander { 573*817466cbSJens Wiklander while( length > 0 ) 574*817466cbSJens Wiklander { 575*817466cbSJens Wiklander memcpy( temp, input, 16 ); 576*817466cbSJens Wiklander mbedtls_camellia_crypt_ecb( ctx, mode, input, output ); 577*817466cbSJens Wiklander 578*817466cbSJens Wiklander for( i = 0; i < 16; i++ ) 579*817466cbSJens Wiklander output[i] = (unsigned char)( output[i] ^ iv[i] ); 580*817466cbSJens Wiklander 581*817466cbSJens Wiklander memcpy( iv, temp, 16 ); 582*817466cbSJens Wiklander 583*817466cbSJens Wiklander input += 16; 584*817466cbSJens Wiklander output += 16; 585*817466cbSJens Wiklander length -= 16; 586*817466cbSJens Wiklander } 587*817466cbSJens Wiklander } 588*817466cbSJens Wiklander else 589*817466cbSJens Wiklander { 590*817466cbSJens Wiklander while( length > 0 ) 591*817466cbSJens Wiklander { 592*817466cbSJens Wiklander for( i = 0; i < 16; i++ ) 593*817466cbSJens Wiklander output[i] = (unsigned char)( input[i] ^ iv[i] ); 594*817466cbSJens Wiklander 595*817466cbSJens Wiklander mbedtls_camellia_crypt_ecb( ctx, mode, output, output ); 596*817466cbSJens Wiklander memcpy( iv, output, 16 ); 597*817466cbSJens Wiklander 598*817466cbSJens Wiklander input += 16; 599*817466cbSJens Wiklander output += 16; 600*817466cbSJens Wiklander length -= 16; 601*817466cbSJens Wiklander } 602*817466cbSJens Wiklander } 603*817466cbSJens Wiklander 604*817466cbSJens Wiklander return( 0 ); 605*817466cbSJens Wiklander } 606*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CBC */ 607*817466cbSJens Wiklander 608*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CFB) 609*817466cbSJens Wiklander /* 610*817466cbSJens Wiklander * Camellia-CFB128 buffer encryption/decryption 611*817466cbSJens Wiklander */ 612*817466cbSJens Wiklander int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, 613*817466cbSJens Wiklander int mode, 614*817466cbSJens Wiklander size_t length, 615*817466cbSJens Wiklander size_t *iv_off, 616*817466cbSJens Wiklander unsigned char iv[16], 617*817466cbSJens Wiklander const unsigned char *input, 618*817466cbSJens Wiklander unsigned char *output ) 619*817466cbSJens Wiklander { 620*817466cbSJens Wiklander int c; 621*817466cbSJens Wiklander size_t n = *iv_off; 622*817466cbSJens Wiklander 623*817466cbSJens Wiklander if( mode == MBEDTLS_CAMELLIA_DECRYPT ) 624*817466cbSJens Wiklander { 625*817466cbSJens Wiklander while( length-- ) 626*817466cbSJens Wiklander { 627*817466cbSJens Wiklander if( n == 0 ) 628*817466cbSJens Wiklander mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); 629*817466cbSJens Wiklander 630*817466cbSJens Wiklander c = *input++; 631*817466cbSJens Wiklander *output++ = (unsigned char)( c ^ iv[n] ); 632*817466cbSJens Wiklander iv[n] = (unsigned char) c; 633*817466cbSJens Wiklander 634*817466cbSJens Wiklander n = ( n + 1 ) & 0x0F; 635*817466cbSJens Wiklander } 636*817466cbSJens Wiklander } 637*817466cbSJens Wiklander else 638*817466cbSJens Wiklander { 639*817466cbSJens Wiklander while( length-- ) 640*817466cbSJens Wiklander { 641*817466cbSJens Wiklander if( n == 0 ) 642*817466cbSJens Wiklander mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); 643*817466cbSJens Wiklander 644*817466cbSJens Wiklander iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 645*817466cbSJens Wiklander 646*817466cbSJens Wiklander n = ( n + 1 ) & 0x0F; 647*817466cbSJens Wiklander } 648*817466cbSJens Wiklander } 649*817466cbSJens Wiklander 650*817466cbSJens Wiklander *iv_off = n; 651*817466cbSJens Wiklander 652*817466cbSJens Wiklander return( 0 ); 653*817466cbSJens Wiklander } 654*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CFB */ 655*817466cbSJens Wiklander 656*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CTR) 657*817466cbSJens Wiklander /* 658*817466cbSJens Wiklander * Camellia-CTR buffer encryption/decryption 659*817466cbSJens Wiklander */ 660*817466cbSJens Wiklander int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, 661*817466cbSJens Wiklander size_t length, 662*817466cbSJens Wiklander size_t *nc_off, 663*817466cbSJens Wiklander unsigned char nonce_counter[16], 664*817466cbSJens Wiklander unsigned char stream_block[16], 665*817466cbSJens Wiklander const unsigned char *input, 666*817466cbSJens Wiklander unsigned char *output ) 667*817466cbSJens Wiklander { 668*817466cbSJens Wiklander int c, i; 669*817466cbSJens Wiklander size_t n = *nc_off; 670*817466cbSJens Wiklander 671*817466cbSJens Wiklander while( length-- ) 672*817466cbSJens Wiklander { 673*817466cbSJens Wiklander if( n == 0 ) { 674*817466cbSJens Wiklander mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, 675*817466cbSJens Wiklander stream_block ); 676*817466cbSJens Wiklander 677*817466cbSJens Wiklander for( i = 16; i > 0; i-- ) 678*817466cbSJens Wiklander if( ++nonce_counter[i - 1] != 0 ) 679*817466cbSJens Wiklander break; 680*817466cbSJens Wiklander } 681*817466cbSJens Wiklander c = *input++; 682*817466cbSJens Wiklander *output++ = (unsigned char)( c ^ stream_block[n] ); 683*817466cbSJens Wiklander 684*817466cbSJens Wiklander n = ( n + 1 ) & 0x0F; 685*817466cbSJens Wiklander } 686*817466cbSJens Wiklander 687*817466cbSJens Wiklander *nc_off = n; 688*817466cbSJens Wiklander 689*817466cbSJens Wiklander return( 0 ); 690*817466cbSJens Wiklander } 691*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CTR */ 692*817466cbSJens Wiklander #endif /* !MBEDTLS_CAMELLIA_ALT */ 693*817466cbSJens Wiklander 694*817466cbSJens Wiklander #if defined(MBEDTLS_SELF_TEST) 695*817466cbSJens Wiklander 696*817466cbSJens Wiklander /* 697*817466cbSJens Wiklander * Camellia test vectors from: 698*817466cbSJens Wiklander * 699*817466cbSJens Wiklander * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html: 700*817466cbSJens Wiklander * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt 701*817466cbSJens Wiklander * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt 702*817466cbSJens Wiklander * (For each bitlength: Key 0, Nr 39) 703*817466cbSJens Wiklander */ 704*817466cbSJens Wiklander #define CAMELLIA_TESTS_ECB 2 705*817466cbSJens Wiklander 706*817466cbSJens Wiklander static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = 707*817466cbSJens Wiklander { 708*817466cbSJens Wiklander { 709*817466cbSJens Wiklander { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 710*817466cbSJens Wiklander 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 711*817466cbSJens Wiklander { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 712*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 713*817466cbSJens Wiklander }, 714*817466cbSJens Wiklander { 715*817466cbSJens Wiklander { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 716*817466cbSJens Wiklander 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 717*817466cbSJens Wiklander 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, 718*817466cbSJens Wiklander { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 719*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 720*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 721*817466cbSJens Wiklander }, 722*817466cbSJens Wiklander { 723*817466cbSJens Wiklander { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 724*817466cbSJens Wiklander 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 725*817466cbSJens Wiklander 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 726*817466cbSJens Wiklander 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 727*817466cbSJens Wiklander { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 728*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 729*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 730*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 731*817466cbSJens Wiklander }, 732*817466cbSJens Wiklander }; 733*817466cbSJens Wiklander 734*817466cbSJens Wiklander static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = 735*817466cbSJens Wiklander { 736*817466cbSJens Wiklander { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 737*817466cbSJens Wiklander 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 738*817466cbSJens Wiklander { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 739*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 740*817466cbSJens Wiklander }; 741*817466cbSJens Wiklander 742*817466cbSJens Wiklander static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = 743*817466cbSJens Wiklander { 744*817466cbSJens Wiklander { 745*817466cbSJens Wiklander { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 746*817466cbSJens Wiklander 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, 747*817466cbSJens Wiklander { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, 748*817466cbSJens Wiklander 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 } 749*817466cbSJens Wiklander }, 750*817466cbSJens Wiklander { 751*817466cbSJens Wiklander { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 752*817466cbSJens Wiklander 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, 753*817466cbSJens Wiklander { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, 754*817466cbSJens Wiklander 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 } 755*817466cbSJens Wiklander }, 756*817466cbSJens Wiklander { 757*817466cbSJens Wiklander { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 758*817466cbSJens Wiklander 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, 759*817466cbSJens Wiklander { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, 760*817466cbSJens Wiklander 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 } 761*817466cbSJens Wiklander } 762*817466cbSJens Wiklander }; 763*817466cbSJens Wiklander 764*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CBC) 765*817466cbSJens Wiklander #define CAMELLIA_TESTS_CBC 3 766*817466cbSJens Wiklander 767*817466cbSJens Wiklander static const unsigned char camellia_test_cbc_key[3][32] = 768*817466cbSJens Wiklander { 769*817466cbSJens Wiklander { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 770*817466cbSJens Wiklander 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } 771*817466cbSJens Wiklander , 772*817466cbSJens Wiklander { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 773*817466cbSJens Wiklander 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 774*817466cbSJens Wiklander 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } 775*817466cbSJens Wiklander , 776*817466cbSJens Wiklander { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 777*817466cbSJens Wiklander 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 778*817466cbSJens Wiklander 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 779*817466cbSJens Wiklander 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 780*817466cbSJens Wiklander }; 781*817466cbSJens Wiklander 782*817466cbSJens Wiklander static const unsigned char camellia_test_cbc_iv[16] = 783*817466cbSJens Wiklander 784*817466cbSJens Wiklander { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 785*817466cbSJens Wiklander 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } 786*817466cbSJens Wiklander ; 787*817466cbSJens Wiklander 788*817466cbSJens Wiklander static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = 789*817466cbSJens Wiklander { 790*817466cbSJens Wiklander { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 791*817466cbSJens Wiklander 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }, 792*817466cbSJens Wiklander { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 793*817466cbSJens Wiklander 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }, 794*817466cbSJens Wiklander { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 795*817466cbSJens Wiklander 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF } 796*817466cbSJens Wiklander 797*817466cbSJens Wiklander }; 798*817466cbSJens Wiklander 799*817466cbSJens Wiklander static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = 800*817466cbSJens Wiklander { 801*817466cbSJens Wiklander { 802*817466cbSJens Wiklander { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, 803*817466cbSJens Wiklander 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB }, 804*817466cbSJens Wiklander { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, 805*817466cbSJens Wiklander 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 }, 806*817466cbSJens Wiklander { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, 807*817466cbSJens Wiklander 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 } 808*817466cbSJens Wiklander }, 809*817466cbSJens Wiklander { 810*817466cbSJens Wiklander { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, 811*817466cbSJens Wiklander 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 }, 812*817466cbSJens Wiklander { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, 813*817466cbSJens Wiklander 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 }, 814*817466cbSJens Wiklander { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, 815*817466cbSJens Wiklander 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 } 816*817466cbSJens Wiklander }, 817*817466cbSJens Wiklander { 818*817466cbSJens Wiklander { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, 819*817466cbSJens Wiklander 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA }, 820*817466cbSJens Wiklander { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, 821*817466cbSJens Wiklander 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 }, 822*817466cbSJens Wiklander { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, 823*817466cbSJens Wiklander 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } 824*817466cbSJens Wiklander } 825*817466cbSJens Wiklander }; 826*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CBC */ 827*817466cbSJens Wiklander 828*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CTR) 829*817466cbSJens Wiklander /* 830*817466cbSJens Wiklander * Camellia-CTR test vectors from: 831*817466cbSJens Wiklander * 832*817466cbSJens Wiklander * http://www.faqs.org/rfcs/rfc5528.html 833*817466cbSJens Wiklander */ 834*817466cbSJens Wiklander 835*817466cbSJens Wiklander static const unsigned char camellia_test_ctr_key[3][16] = 836*817466cbSJens Wiklander { 837*817466cbSJens Wiklander { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 838*817466cbSJens Wiklander 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 839*817466cbSJens Wiklander { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 840*817466cbSJens Wiklander 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 841*817466cbSJens Wiklander { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 842*817466cbSJens Wiklander 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 843*817466cbSJens Wiklander }; 844*817466cbSJens Wiklander 845*817466cbSJens Wiklander static const unsigned char camellia_test_ctr_nonce_counter[3][16] = 846*817466cbSJens Wiklander { 847*817466cbSJens Wiklander { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 848*817466cbSJens Wiklander 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 849*817466cbSJens Wiklander { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 850*817466cbSJens Wiklander 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 851*817466cbSJens Wiklander { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 852*817466cbSJens Wiklander 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 853*817466cbSJens Wiklander }; 854*817466cbSJens Wiklander 855*817466cbSJens Wiklander static const unsigned char camellia_test_ctr_pt[3][48] = 856*817466cbSJens Wiklander { 857*817466cbSJens Wiklander { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 858*817466cbSJens Wiklander 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 859*817466cbSJens Wiklander 860*817466cbSJens Wiklander { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 861*817466cbSJens Wiklander 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 862*817466cbSJens Wiklander 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 863*817466cbSJens Wiklander 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 864*817466cbSJens Wiklander 865*817466cbSJens Wiklander { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 866*817466cbSJens Wiklander 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 867*817466cbSJens Wiklander 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 868*817466cbSJens Wiklander 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 869*817466cbSJens Wiklander 0x20, 0x21, 0x22, 0x23 } 870*817466cbSJens Wiklander }; 871*817466cbSJens Wiklander 872*817466cbSJens Wiklander static const unsigned char camellia_test_ctr_ct[3][48] = 873*817466cbSJens Wiklander { 874*817466cbSJens Wiklander { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, 875*817466cbSJens Wiklander 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F }, 876*817466cbSJens Wiklander { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, 877*817466cbSJens Wiklander 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, 878*817466cbSJens Wiklander 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, 879*817466cbSJens Wiklander 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 }, 880*817466cbSJens Wiklander { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, 881*817466cbSJens Wiklander 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, 882*817466cbSJens Wiklander 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, 883*817466cbSJens Wiklander 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, 884*817466cbSJens Wiklander 0xDF, 0x50, 0x86, 0x96 } 885*817466cbSJens Wiklander }; 886*817466cbSJens Wiklander 887*817466cbSJens Wiklander static const int camellia_test_ctr_len[3] = 888*817466cbSJens Wiklander { 16, 32, 36 }; 889*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CTR */ 890*817466cbSJens Wiklander 891*817466cbSJens Wiklander /* 892*817466cbSJens Wiklander * Checkup routine 893*817466cbSJens Wiklander */ 894*817466cbSJens Wiklander int mbedtls_camellia_self_test( int verbose ) 895*817466cbSJens Wiklander { 896*817466cbSJens Wiklander int i, j, u, v; 897*817466cbSJens Wiklander unsigned char key[32]; 898*817466cbSJens Wiklander unsigned char buf[64]; 899*817466cbSJens Wiklander unsigned char src[16]; 900*817466cbSJens Wiklander unsigned char dst[16]; 901*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CBC) 902*817466cbSJens Wiklander unsigned char iv[16]; 903*817466cbSJens Wiklander #endif 904*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CTR) 905*817466cbSJens Wiklander size_t offset, len; 906*817466cbSJens Wiklander unsigned char nonce_counter[16]; 907*817466cbSJens Wiklander unsigned char stream_block[16]; 908*817466cbSJens Wiklander #endif 909*817466cbSJens Wiklander 910*817466cbSJens Wiklander mbedtls_camellia_context ctx; 911*817466cbSJens Wiklander 912*817466cbSJens Wiklander memset( key, 0, 32 ); 913*817466cbSJens Wiklander 914*817466cbSJens Wiklander for( j = 0; j < 6; j++ ) { 915*817466cbSJens Wiklander u = j >> 1; 916*817466cbSJens Wiklander v = j & 1; 917*817466cbSJens Wiklander 918*817466cbSJens Wiklander if( verbose != 0 ) 919*817466cbSJens Wiklander mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, 920*817466cbSJens Wiklander (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); 921*817466cbSJens Wiklander 922*817466cbSJens Wiklander for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { 923*817466cbSJens Wiklander memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u ); 924*817466cbSJens Wiklander 925*817466cbSJens Wiklander if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 926*817466cbSJens Wiklander mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); 927*817466cbSJens Wiklander memcpy( src, camellia_test_ecb_cipher[u][i], 16 ); 928*817466cbSJens Wiklander memcpy( dst, camellia_test_ecb_plain[i], 16 ); 929*817466cbSJens Wiklander } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ 930*817466cbSJens Wiklander mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); 931*817466cbSJens Wiklander memcpy( src, camellia_test_ecb_plain[i], 16 ); 932*817466cbSJens Wiklander memcpy( dst, camellia_test_ecb_cipher[u][i], 16 ); 933*817466cbSJens Wiklander } 934*817466cbSJens Wiklander 935*817466cbSJens Wiklander mbedtls_camellia_crypt_ecb( &ctx, v, src, buf ); 936*817466cbSJens Wiklander 937*817466cbSJens Wiklander if( memcmp( buf, dst, 16 ) != 0 ) 938*817466cbSJens Wiklander { 939*817466cbSJens Wiklander if( verbose != 0 ) 940*817466cbSJens Wiklander mbedtls_printf( "failed\n" ); 941*817466cbSJens Wiklander 942*817466cbSJens Wiklander return( 1 ); 943*817466cbSJens Wiklander } 944*817466cbSJens Wiklander } 945*817466cbSJens Wiklander 946*817466cbSJens Wiklander if( verbose != 0 ) 947*817466cbSJens Wiklander mbedtls_printf( "passed\n" ); 948*817466cbSJens Wiklander } 949*817466cbSJens Wiklander 950*817466cbSJens Wiklander if( verbose != 0 ) 951*817466cbSJens Wiklander mbedtls_printf( "\n" ); 952*817466cbSJens Wiklander 953*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CBC) 954*817466cbSJens Wiklander /* 955*817466cbSJens Wiklander * CBC mode 956*817466cbSJens Wiklander */ 957*817466cbSJens Wiklander for( j = 0; j < 6; j++ ) 958*817466cbSJens Wiklander { 959*817466cbSJens Wiklander u = j >> 1; 960*817466cbSJens Wiklander v = j & 1; 961*817466cbSJens Wiklander 962*817466cbSJens Wiklander if( verbose != 0 ) 963*817466cbSJens Wiklander mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, 964*817466cbSJens Wiklander ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 965*817466cbSJens Wiklander 966*817466cbSJens Wiklander memcpy( src, camellia_test_cbc_iv, 16 ); 967*817466cbSJens Wiklander memcpy( dst, camellia_test_cbc_iv, 16 ); 968*817466cbSJens Wiklander memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); 969*817466cbSJens Wiklander 970*817466cbSJens Wiklander if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 971*817466cbSJens Wiklander mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); 972*817466cbSJens Wiklander } else { 973*817466cbSJens Wiklander mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); 974*817466cbSJens Wiklander } 975*817466cbSJens Wiklander 976*817466cbSJens Wiklander for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { 977*817466cbSJens Wiklander 978*817466cbSJens Wiklander if( v == MBEDTLS_CAMELLIA_DECRYPT ) { 979*817466cbSJens Wiklander memcpy( iv , src, 16 ); 980*817466cbSJens Wiklander memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); 981*817466cbSJens Wiklander memcpy( dst, camellia_test_cbc_plain[i], 16 ); 982*817466cbSJens Wiklander } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ 983*817466cbSJens Wiklander memcpy( iv , dst, 16 ); 984*817466cbSJens Wiklander memcpy( src, camellia_test_cbc_plain[i], 16 ); 985*817466cbSJens Wiklander memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); 986*817466cbSJens Wiklander } 987*817466cbSJens Wiklander 988*817466cbSJens Wiklander mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); 989*817466cbSJens Wiklander 990*817466cbSJens Wiklander if( memcmp( buf, dst, 16 ) != 0 ) 991*817466cbSJens Wiklander { 992*817466cbSJens Wiklander if( verbose != 0 ) 993*817466cbSJens Wiklander mbedtls_printf( "failed\n" ); 994*817466cbSJens Wiklander 995*817466cbSJens Wiklander return( 1 ); 996*817466cbSJens Wiklander } 997*817466cbSJens Wiklander } 998*817466cbSJens Wiklander 999*817466cbSJens Wiklander if( verbose != 0 ) 1000*817466cbSJens Wiklander mbedtls_printf( "passed\n" ); 1001*817466cbSJens Wiklander } 1002*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1003*817466cbSJens Wiklander 1004*817466cbSJens Wiklander if( verbose != 0 ) 1005*817466cbSJens Wiklander mbedtls_printf( "\n" ); 1006*817466cbSJens Wiklander 1007*817466cbSJens Wiklander #if defined(MBEDTLS_CIPHER_MODE_CTR) 1008*817466cbSJens Wiklander /* 1009*817466cbSJens Wiklander * CTR mode 1010*817466cbSJens Wiklander */ 1011*817466cbSJens Wiklander for( i = 0; i < 6; i++ ) 1012*817466cbSJens Wiklander { 1013*817466cbSJens Wiklander u = i >> 1; 1014*817466cbSJens Wiklander v = i & 1; 1015*817466cbSJens Wiklander 1016*817466cbSJens Wiklander if( verbose != 0 ) 1017*817466cbSJens Wiklander mbedtls_printf( " CAMELLIA-CTR-128 (%s): ", 1018*817466cbSJens Wiklander ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 1019*817466cbSJens Wiklander 1020*817466cbSJens Wiklander memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); 1021*817466cbSJens Wiklander memcpy( key, camellia_test_ctr_key[u], 16 ); 1022*817466cbSJens Wiklander 1023*817466cbSJens Wiklander offset = 0; 1024*817466cbSJens Wiklander mbedtls_camellia_setkey_enc( &ctx, key, 128 ); 1025*817466cbSJens Wiklander 1026*817466cbSJens Wiklander if( v == MBEDTLS_CAMELLIA_DECRYPT ) 1027*817466cbSJens Wiklander { 1028*817466cbSJens Wiklander len = camellia_test_ctr_len[u]; 1029*817466cbSJens Wiklander memcpy( buf, camellia_test_ctr_ct[u], len ); 1030*817466cbSJens Wiklander 1031*817466cbSJens Wiklander mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 1032*817466cbSJens Wiklander buf, buf ); 1033*817466cbSJens Wiklander 1034*817466cbSJens Wiklander if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) 1035*817466cbSJens Wiklander { 1036*817466cbSJens Wiklander if( verbose != 0 ) 1037*817466cbSJens Wiklander mbedtls_printf( "failed\n" ); 1038*817466cbSJens Wiklander 1039*817466cbSJens Wiklander return( 1 ); 1040*817466cbSJens Wiklander } 1041*817466cbSJens Wiklander } 1042*817466cbSJens Wiklander else 1043*817466cbSJens Wiklander { 1044*817466cbSJens Wiklander len = camellia_test_ctr_len[u]; 1045*817466cbSJens Wiklander memcpy( buf, camellia_test_ctr_pt[u], len ); 1046*817466cbSJens Wiklander 1047*817466cbSJens Wiklander mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, 1048*817466cbSJens Wiklander buf, buf ); 1049*817466cbSJens Wiklander 1050*817466cbSJens Wiklander if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) 1051*817466cbSJens Wiklander { 1052*817466cbSJens Wiklander if( verbose != 0 ) 1053*817466cbSJens Wiklander mbedtls_printf( "failed\n" ); 1054*817466cbSJens Wiklander 1055*817466cbSJens Wiklander return( 1 ); 1056*817466cbSJens Wiklander } 1057*817466cbSJens Wiklander } 1058*817466cbSJens Wiklander 1059*817466cbSJens Wiklander if( verbose != 0 ) 1060*817466cbSJens Wiklander mbedtls_printf( "passed\n" ); 1061*817466cbSJens Wiklander } 1062*817466cbSJens Wiklander 1063*817466cbSJens Wiklander if( verbose != 0 ) 1064*817466cbSJens Wiklander mbedtls_printf( "\n" ); 1065*817466cbSJens Wiklander #endif /* MBEDTLS_CIPHER_MODE_CTR */ 1066*817466cbSJens Wiklander 1067*817466cbSJens Wiklander return( 0 ); 1068*817466cbSJens Wiklander } 1069*817466cbSJens Wiklander 1070*817466cbSJens Wiklander #endif /* MBEDTLS_SELF_TEST */ 1071*817466cbSJens Wiklander 1072*817466cbSJens Wiklander #endif /* MBEDTLS_CAMELLIA_C */ 1073