NCBI C++ ToolKit
camellia.c
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /*
2  * Camellia implementation
3  *
4  * Copyright The Mbed TLS Contributors
5  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 /*
8  * The Camellia block cipher was designed by NTT and Mitsubishi Electric
9  * Corporation.
10  *
11  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
12  */
13 
14 #include "common.h"
15 
16 #if defined(MBEDTLS_CAMELLIA_C)
17 
18 #include "mbedtls/camellia.h"
19 #include "mbedtls/platform_util.h"
20 
21 #include <string.h>
22 
23 #include "mbedtls/platform.h"
24 
25 #if !defined(MBEDTLS_CAMELLIA_ALT)
26 
27 static const unsigned char SIGMA_CHARS[6][8] =
28 {
29  { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
30  { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
31  { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
32  { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
33  { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
34  { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
35 };
36 
37 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
38 
39 static const unsigned char FSb[256] =
40 {
41  112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
42  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
43  134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
44  166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
45  139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
46  223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
47  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
48  254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
49  170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
50  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
51  135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
52  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
53  233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
54  120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
55  114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
56  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
57 };
58 
59 #define SBOX1(n) FSb[(n)]
60 #define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
61 #define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
62 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
63 
64 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
65 
66 static const unsigned char FSb[256] =
67 {
68  112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
69  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
70  134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
71  166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
72  139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
73  223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
74  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
75  254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
76  170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
77  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
78  135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
79  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
80  233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
81  120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
82  114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
83  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
84 };
85 
86 static const unsigned char FSb2[256] =
87 {
88  224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
89  70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
90  13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
91  77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
92  23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
93  191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
94  40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
95  253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
96  85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
97  32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
98  15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
99  164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
100  211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
101  240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
102  228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
103  128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
104 };
105 
106 static const unsigned char FSb3[256] =
107 {
108  56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
109  145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
110  67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
111  83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
112  197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
113  239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
114  10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
115  127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
116  85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
117  8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
118  195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
119  41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
120  244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
121  60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
122  57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
123  32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
124 };
125 
126 static const unsigned char FSb4[256] =
127 {
128  112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
129  134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
130  139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
131  20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
132  170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
133  135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
134  233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
135  114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
136  130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
137  184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
138  13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
139  88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
140  208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
141  92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
142  121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
143  7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
144 };
145 
146 #define SBOX1(n) FSb[(n)]
147 #define SBOX2(n) FSb2[(n)]
148 #define SBOX3(n) FSb3[(n)]
149 #define SBOX4(n) FSb4[(n)]
150 
151 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
152 
153 static const unsigned char shifts[2][4][4] =
154 {
155  {
156  { 1, 1, 1, 1 }, /* KL */
157  { 0, 0, 0, 0 }, /* KR */
158  { 1, 1, 1, 1 }, /* KA */
159  { 0, 0, 0, 0 } /* KB */
160  },
161  {
162  { 1, 0, 1, 1 }, /* KL */
163  { 1, 1, 0, 1 }, /* KR */
164  { 1, 1, 1, 0 }, /* KA */
165  { 1, 1, 0, 1 } /* KB */
166  }
167 };
168 
169 static const signed char indexes[2][4][20] =
170 {
171  {
172  { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
173  36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
174  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
175  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
176  { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
177  18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
178  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
179  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
180  },
181  {
182  { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
183  -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
184  { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
185  18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
186  { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
187  56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
188  { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
189  22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
190  }
191 };
192 
193 static const signed char transposes[2][20] =
194 {
195  {
196  21, 22, 23, 20,
197  -1, -1, -1, -1,
198  18, 19, 16, 17,
199  11, 8, 9, 10,
200  15, 12, 13, 14
201  },
202  {
203  25, 26, 27, 24,
204  29, 30, 31, 28,
205  18, 19, 16, 17,
206  -1, -1, -1, -1,
207  -1, -1, -1, -1
208  }
209 };
210 
211 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
212 #define ROTL(DEST, SRC, SHIFT) \
213  { \
214  (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
215  (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
216  (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
217  (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
218  }
219 
220 #define FL(XL, XR, KL, KR) \
221  { \
222  (XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR); \
223  (XL) = ((XR) | (KR)) ^ (XL); \
224  }
225 
226 #define FLInv(YL, YR, KL, KR) \
227  { \
228  (YL) = ((YR) | (KR)) ^ (YL); \
229  (YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR); \
230  }
231 
232 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
233  { \
234  TK[0] = KC[(OFFSET) * 4 + 0]; \
235  TK[1] = KC[(OFFSET) * 4 + 1]; \
236  TK[2] = KC[(OFFSET) * 4 + 2]; \
237  TK[3] = KC[(OFFSET) * 4 + 3]; \
238  \
239  for (i = 1; i <= 4; i++) \
240  if (shifts[(INDEX)][(OFFSET)][i -1]) \
241  ROTL(TK + i * 4, TK, (15 * i) % 32); \
242  \
243  for (i = 0; i < 20; i++) \
244  if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
245  RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
246  } \
247  }
248 
249 static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
250  uint32_t z[2])
251 {
252  uint32_t I0, I1;
253  I0 = x[0] ^ k[0];
254  I1 = x[1] ^ k[1];
255 
256  I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) |
257  ((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) |
258  ((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) << 8) |
259  ((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
260  I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) |
261  ((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) |
262  ((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) << 8) |
263  ((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
264 
265  I0 ^= (I1 << 8) | (I1 >> 24);
266  I1 ^= (I0 << 16) | (I0 >> 16);
267  I0 ^= (I1 >> 8) | (I1 << 24);
268  I1 ^= (I0 >> 8) | (I0 << 24);
269 
270  z[0] ^= I1;
271  z[1] ^= I0;
272 }
273 
274 void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
275 {
276  memset(ctx, 0, sizeof(mbedtls_camellia_context));
277 }
278 
279 void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
280 {
281  if (ctx == NULL) {
282  return;
283  }
284 
285  mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
286 }
287 
288 /*
289  * Camellia key schedule (encryption)
290  */
291 int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
292  const unsigned char *key,
293  unsigned int keybits)
294 {
295  int idx;
296  size_t i;
297  uint32_t *RK;
298  unsigned char t[64];
299  uint32_t SIGMA[6][2];
300  uint32_t KC[16];
301  uint32_t TK[20];
302 
303  RK = ctx->rk;
304 
305  memset(t, 0, 64);
306  memset(RK, 0, sizeof(ctx->rk));
307 
308  switch (keybits) {
309  case 128: ctx->nr = 3; idx = 0; break;
310  case 192:
311  case 256: ctx->nr = 4; idx = 1; break;
312  default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
313  }
314 
315  for (i = 0; i < keybits / 8; ++i) {
316  t[i] = key[i];
317  }
318 
319  if (keybits == 192) {
320  for (i = 0; i < 8; i++) {
321  t[24 + i] = ~t[16 + i];
322  }
323  }
324 
325  /*
326  * Prepare SIGMA values
327  */
328  for (i = 0; i < 6; i++) {
329  SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
330  SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
331  }
332 
333  /*
334  * Key storage in KC
335  * Order: KL, KR, KA, KB
336  */
337  memset(KC, 0, sizeof(KC));
338 
339  /* Store KL, KR */
340  for (i = 0; i < 8; i++) {
341  KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
342  }
343 
344  /* Generate KA */
345  for (i = 0; i < 4; ++i) {
346  KC[8 + i] = KC[i] ^ KC[4 + i];
347  }
348 
349  camellia_feistel(KC + 8, SIGMA[0], KC + 10);
350  camellia_feistel(KC + 10, SIGMA[1], KC + 8);
351 
352  for (i = 0; i < 4; ++i) {
353  KC[8 + i] ^= KC[i];
354  }
355 
356  camellia_feistel(KC + 8, SIGMA[2], KC + 10);
357  camellia_feistel(KC + 10, SIGMA[3], KC + 8);
358 
359  if (keybits > 128) {
360  /* Generate KB */
361  for (i = 0; i < 4; ++i) {
362  KC[12 + i] = KC[4 + i] ^ KC[8 + i];
363  }
364 
365  camellia_feistel(KC + 12, SIGMA[4], KC + 14);
366  camellia_feistel(KC + 14, SIGMA[5], KC + 12);
367  }
368 
369  /*
370  * Generating subkeys
371  */
372 
373  /* Manipulating KL */
374  SHIFT_AND_PLACE(idx, 0);
375 
376  /* Manipulating KR */
377  if (keybits > 128) {
378  SHIFT_AND_PLACE(idx, 1);
379  }
380 
381  /* Manipulating KA */
382  SHIFT_AND_PLACE(idx, 2);
383 
384  /* Manipulating KB */
385  if (keybits > 128) {
386  SHIFT_AND_PLACE(idx, 3);
387  }
388 
389  /* Do transpositions */
390  for (i = 0; i < 20; i++) {
391  if (transposes[idx][i] != -1) {
392  RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
393  }
394  }
395 
396  return 0;
397 }
398 
399 /*
400  * Camellia key schedule (decryption)
401  */
402 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
403 int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
404  const unsigned char *key,
405  unsigned int keybits)
406 {
407  int idx, ret;
408  size_t i;
409  mbedtls_camellia_context cty;
410  uint32_t *RK;
411  uint32_t *SK;
412 
413  mbedtls_camellia_init(&cty);
414 
415  /* Also checks keybits */
416  if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
417  goto exit;
418  }
419 
420  ctx->nr = cty.nr;
421  idx = (ctx->nr == 4);
422 
423  RK = ctx->rk;
424  SK = cty.rk + 24 * 2 + 8 * idx * 2;
425 
426  *RK++ = *SK++;
427  *RK++ = *SK++;
428  *RK++ = *SK++;
429  *RK++ = *SK++;
430 
431  for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
432  *RK++ = *SK++;
433  *RK++ = *SK++;
434  }
435 
436  SK -= 2;
437 
438  *RK++ = *SK++;
439  *RK++ = *SK++;
440  *RK++ = *SK++;
441  *RK++ = *SK++;
442 
443 exit:
444  mbedtls_camellia_free(&cty);
445 
446  return ret;
447 }
448 #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
449 
450 /*
451  * Camellia-ECB block encryption/decryption
452  */
453 int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
454  int mode,
455  const unsigned char input[16],
456  unsigned char output[16])
457 {
458  int NR;
459  uint32_t *RK, X[4];
460  if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
461  return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
462  }
463 
464  ((void) mode);
465 
466  NR = ctx->nr;
467  RK = ctx->rk;
468 
469  X[0] = MBEDTLS_GET_UINT32_BE(input, 0);
470  X[1] = MBEDTLS_GET_UINT32_BE(input, 4);
471  X[2] = MBEDTLS_GET_UINT32_BE(input, 8);
472  X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
473 
474  X[0] ^= *RK++;
475  X[1] ^= *RK++;
476  X[2] ^= *RK++;
477  X[3] ^= *RK++;
478 
479  while (NR) {
480  --NR;
481  camellia_feistel(X, RK, X + 2);
482  RK += 2;
483  camellia_feistel(X + 2, RK, X);
484  RK += 2;
485  camellia_feistel(X, RK, X + 2);
486  RK += 2;
487  camellia_feistel(X + 2, RK, X);
488  RK += 2;
489  camellia_feistel(X, RK, X + 2);
490  RK += 2;
491  camellia_feistel(X + 2, RK, X);
492  RK += 2;
493 
494  if (NR) {
495  FL(X[0], X[1], RK[0], RK[1]);
496  RK += 2;
497  FLInv(X[2], X[3], RK[0], RK[1]);
498  RK += 2;
499  }
500  }
501 
502  X[2] ^= *RK++;
503  X[3] ^= *RK++;
504  X[0] ^= *RK++;
505  X[1] ^= *RK++;
506 
507  MBEDTLS_PUT_UINT32_BE(X[2], output, 0);
508  MBEDTLS_PUT_UINT32_BE(X[3], output, 4);
509  MBEDTLS_PUT_UINT32_BE(X[0], output, 8);
510  MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
511 
512  return 0;
513 }
514 
515 #if defined(MBEDTLS_CIPHER_MODE_CBC)
516 /*
517  * Camellia-CBC buffer encryption/decryption
518  */
519 int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
520  int mode,
521  size_t length,
522  unsigned char iv[16],
523  const unsigned char *input,
524  unsigned char *output)
525 {
526  unsigned char temp[16];
527  if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
528  return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
529  }
530 
531  if (length % 16) {
532  return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
533  }
534 
535  if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
536  while (length > 0) {
537  memcpy(temp, input, 16);
538  mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
539 
540  mbedtls_xor(output, output, iv, 16);
541 
542  memcpy(iv, temp, 16);
543 
544  input += 16;
545  output += 16;
546  length -= 16;
547  }
548  } else {
549  while (length > 0) {
550  mbedtls_xor(output, input, iv, 16);
551 
552  mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
553  memcpy(iv, output, 16);
554 
555  input += 16;
556  output += 16;
557  length -= 16;
558  }
559  }
560 
561  return 0;
562 }
563 #endif /* MBEDTLS_CIPHER_MODE_CBC */
564 
565 #if defined(MBEDTLS_CIPHER_MODE_CFB)
566 /*
567  * Camellia-CFB128 buffer encryption/decryption
568  */
569 int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
570  int mode,
571  size_t length,
572  size_t *iv_off,
573  unsigned char iv[16],
574  const unsigned char *input,
575  unsigned char *output)
576 {
577  int c;
578  size_t n;
579  if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
580  return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
581  }
582 
583  n = *iv_off;
584  if (n >= 16) {
585  return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
586  }
587 
588  if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
589  while (length--) {
590  if (n == 0) {
591  mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
592  }
593 
594  c = *input++;
595  *output++ = (unsigned char) (c ^ iv[n]);
596  iv[n] = (unsigned char) c;
597 
598  n = (n + 1) & 0x0F;
599  }
600  } else {
601  while (length--) {
602  if (n == 0) {
603  mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
604  }
605 
606  iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
607 
608  n = (n + 1) & 0x0F;
609  }
610  }
611 
612  *iv_off = n;
613 
614  return 0;
615 }
616 #endif /* MBEDTLS_CIPHER_MODE_CFB */
617 
618 #if defined(MBEDTLS_CIPHER_MODE_CTR)
619 /*
620  * Camellia-CTR buffer encryption/decryption
621  */
622 int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
623  size_t length,
624  size_t *nc_off,
625  unsigned char nonce_counter[16],
626  unsigned char stream_block[16],
627  const unsigned char *input,
628  unsigned char *output)
629 {
630  int c, i;
631  size_t n;
632 
633  n = *nc_off;
634  if (n >= 16) {
635  return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
636  }
637 
638  while (length--) {
639  if (n == 0) {
640  mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
641  stream_block);
642 
643  for (i = 16; i > 0; i--) {
644  if (++nonce_counter[i - 1] != 0) {
645  break;
646  }
647  }
648  }
649  c = *input++;
650  *output++ = (unsigned char) (c ^ stream_block[n]);
651 
652  n = (n + 1) & 0x0F;
653  }
654 
655  *nc_off = n;
656 
657  return 0;
658 }
659 #endif /* MBEDTLS_CIPHER_MODE_CTR */
660 #endif /* !MBEDTLS_CAMELLIA_ALT */
661 
662 #if defined(MBEDTLS_SELF_TEST)
663 
664 /*
665  * Camellia test vectors from:
666  *
667  * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
668  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
669  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
670  * (For each bitlength: Key 0, Nr 39)
671  */
672 #define CAMELLIA_TESTS_ECB 2
673 
674 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
675 {
676  {
677  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
678  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
679  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
680  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
681  },
682  {
683  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
684  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
685  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
686  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
687  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
688  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
689  },
690  {
691  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
692  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
693  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
694  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
695  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
696  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699  },
700 };
701 
702 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
703 {
704  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
705  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
706  { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
707  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
708 };
709 
710 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
711 {
712  {
713  { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
714  0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
715  { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
716  0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
717  },
718  {
719  { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
720  0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
721  { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
722  0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
723  },
724  {
725  { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
726  0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
727  { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
728  0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
729  }
730 };
731 
732 #if defined(MBEDTLS_CIPHER_MODE_CBC)
733 #define CAMELLIA_TESTS_CBC 3
734 
735 static const unsigned char camellia_test_cbc_key[3][32] =
736 {
737  { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
738  0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
739  ,
740  { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
741  0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
742  0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
743  ,
744  { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
745  0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
746  0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
747  0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
748 };
749 
750 static const unsigned char camellia_test_cbc_iv[16] =
751 
752 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
753  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
754 ;
755 
756 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
757 {
758  { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
759  0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
760  { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
761  0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
762  { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
763  0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
764 
765 };
766 
767 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
768 {
769  {
770  { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
771  0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
772  { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
773  0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
774  { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
775  0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
776  },
777  {
778  { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
779  0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
780  { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
781  0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
782  { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
783  0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
784  },
785  {
786  { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
787  0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
788  { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
789  0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
790  { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
791  0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
792  }
793 };
794 #endif /* MBEDTLS_CIPHER_MODE_CBC */
795 
796 #if defined(MBEDTLS_CIPHER_MODE_CTR)
797 /*
798  * Camellia-CTR test vectors from:
799  *
800  * http://www.faqs.org/rfcs/rfc5528.html
801  */
802 
803 static const unsigned char camellia_test_ctr_key[3][16] =
804 {
805  { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
806  0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
807  { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
808  0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
809  { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
810  0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
811 };
812 
813 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
814 {
815  { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
816  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
817  { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
818  0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
819  { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
820  0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
821 };
822 
823 static const unsigned char camellia_test_ctr_pt[3][48] =
824 {
825  { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
826  0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
827 
828  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
829  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
830  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
831  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
832 
833  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
837  0x20, 0x21, 0x22, 0x23 }
838 };
839 
840 static const unsigned char camellia_test_ctr_ct[3][48] =
841 {
842  { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
843  0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
844  { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
845  0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
846  0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
847  0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
848  { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
849  0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
850  0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
851  0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
852  0xDF, 0x50, 0x86, 0x96 }
853 };
854 
855 static const int camellia_test_ctr_len[3] =
856 { 16, 32, 36 };
857 #endif /* MBEDTLS_CIPHER_MODE_CTR */
858 
859 /*
860  * Checkup routine
861  */
862 int mbedtls_camellia_self_test(int verbose)
863 {
864  int i, j, u, v;
865  unsigned char key[32];
866  unsigned char buf[64];
867  unsigned char src[16];
868  unsigned char dst[16];
869 #if defined(MBEDTLS_CIPHER_MODE_CBC)
870  unsigned char iv[16];
871 #endif
872 #if defined(MBEDTLS_CIPHER_MODE_CTR)
873  size_t offset, len;
874  unsigned char nonce_counter[16];
875  unsigned char stream_block[16];
876 #endif
877  int ret = 1;
878 
879  mbedtls_camellia_context ctx;
880 
881  mbedtls_camellia_init(&ctx);
882  memset(key, 0, 32);
883 
884  for (j = 0; j < 6; j++) {
885  u = j >> 1;
886  v = j & 1;
887 
888  if (verbose != 0) {
889  mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
890  (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
891  }
892 
893 #if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
894  if (v == MBEDTLS_CAMELLIA_DECRYPT) {
895  if (verbose != 0) {
896  mbedtls_printf("skipped\n");
897  }
898  continue;
899  }
900 #endif
901 
902  for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
903  memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
904 
905 #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
906  if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907  mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908  memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909  memcpy(dst, camellia_test_ecb_plain[i], 16);
910  } else
911 #endif
912  { /* MBEDTLS_CAMELLIA_ENCRYPT */
913  mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
914  memcpy(src, camellia_test_ecb_plain[i], 16);
915  memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
916  }
917 
918  mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
919 
920  if (memcmp(buf, dst, 16) != 0) {
921  if (verbose != 0) {
922  mbedtls_printf("failed\n");
923  }
924  goto exit;
925  }
926  }
927 
928  if (verbose != 0) {
929  mbedtls_printf("passed\n");
930  }
931  }
932 
933  if (verbose != 0) {
934  mbedtls_printf("\n");
935  }
936 
937 #if defined(MBEDTLS_CIPHER_MODE_CBC)
938  /*
939  * CBC mode
940  */
941  for (j = 0; j < 6; j++) {
942  u = j >> 1;
943  v = j & 1;
944 
945  if (verbose != 0) {
946  mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
947  (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
948  }
949 
950  memcpy(src, camellia_test_cbc_iv, 16);
951  memcpy(dst, camellia_test_cbc_iv, 16);
952  memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
953 
954  if (v == MBEDTLS_CAMELLIA_DECRYPT) {
955  mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
956  } else {
957  mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
958  }
959 
960  for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
961 
962  if (v == MBEDTLS_CAMELLIA_DECRYPT) {
963  memcpy(iv, src, 16);
964  memcpy(src, camellia_test_cbc_cipher[u][i], 16);
965  memcpy(dst, camellia_test_cbc_plain[i], 16);
966  } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
967  memcpy(iv, dst, 16);
968  memcpy(src, camellia_test_cbc_plain[i], 16);
969  memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
970  }
971 
972  mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
973 
974  if (memcmp(buf, dst, 16) != 0) {
975  if (verbose != 0) {
976  mbedtls_printf("failed\n");
977  }
978  goto exit;
979  }
980  }
981 
982  if (verbose != 0) {
983  mbedtls_printf("passed\n");
984  }
985  }
986 #endif /* MBEDTLS_CIPHER_MODE_CBC */
987 
988  if (verbose != 0) {
989  mbedtls_printf("\n");
990  }
991 
992 #if defined(MBEDTLS_CIPHER_MODE_CTR)
993  /*
994  * CTR mode
995  */
996  for (i = 0; i < 6; i++) {
997  u = i >> 1;
998  v = i & 1;
999 
1000  if (verbose != 0) {
1001  mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1002  (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1003  }
1004 
1005  memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1006  memcpy(key, camellia_test_ctr_key[u], 16);
1007 
1008  offset = 0;
1009  mbedtls_camellia_setkey_enc(&ctx, key, 128);
1010 
1011  if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1012  len = camellia_test_ctr_len[u];
1013  memcpy(buf, camellia_test_ctr_ct[u], len);
1014 
1015  mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1016  buf, buf);
1017 
1018  if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1019  if (verbose != 0) {
1020  mbedtls_printf("failed\n");
1021  }
1022  goto exit;
1023  }
1024  } else {
1025  len = camellia_test_ctr_len[u];
1026  memcpy(buf, camellia_test_ctr_pt[u], len);
1027 
1028  mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1029  buf, buf);
1030 
1031  if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1032  if (verbose != 0) {
1033  mbedtls_printf("failed\n");
1034  }
1035  goto exit;
1036  }
1037  }
1038 
1039  if (verbose != 0) {
1040  mbedtls_printf("passed\n");
1041  }
1042  }
1043 
1044  if (verbose != 0) {
1045  mbedtls_printf("\n");
1046  }
1047 #endif /* MBEDTLS_CIPHER_MODE_CTR */
1048 
1049  ret = 0;
1050 
1051 exit:
1052  mbedtls_camellia_free(&ctx);
1053  return ret;
1054 }
1055 
1056 #endif /* MBEDTLS_SELF_TEST */
1057 
1058 #endif /* MBEDTLS_CAMELLIA_C */
MBEDTLS_BYTE_1
#define MBEDTLS_BYTE_1(x)
Definition: alignment.h:269
MBEDTLS_PUT_UINT32_BE
#define MBEDTLS_PUT_UINT32_BE(n, data, offset)
Put in memory a 32 bits unsigned integer in big-endian order.
Definition: alignment.h:427
MBEDTLS_GET_UINT32_BE
#define MBEDTLS_GET_UINT32_BE(data, offset)
Get the unsigned 32 bits integer corresponding to four bytes in big-endian order (MSB first).
Definition: alignment.h:412
MBEDTLS_BYTE_2
#define MBEDTLS_BYTE_2(x)
Definition: alignment.h:270
MBEDTLS_BYTE_0
#define MBEDTLS_BYTE_0(x)
Byte Reading Macros.
Definition: alignment.h:268
MBEDTLS_BYTE_3
#define MBEDTLS_BYTE_3(x)
Definition: alignment.h:271
camellia.h
Camellia block cipher.
MBEDTLS_CAMELLIA_ENCRYPT
#define MBEDTLS_CAMELLIA_ENCRYPT
Definition: camellia.h:21
mbedtls_camellia_setkey_enc
int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits)
Perform a CAMELLIA key schedule operation for encryption.
MBEDTLS_CAMELLIA_DECRYPT
#define MBEDTLS_CAMELLIA_DECRYPT
Definition: camellia.h:22
mbedtls_camellia_crypt_ecb
int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
Perform a CAMELLIA-ECB block encryption/decryption operation.
MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
Bad input data.
Definition: camellia.h:25
mbedtls_camellia_setkey_dec
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits)
Perform a CAMELLIA key schedule operation for decryption.
MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Definition: camellia.h:28
mbedtls_camellia_init
void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
Initialize a CAMELLIA context.
mbedtls_camellia_free
void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
Clear a CAMELLIA context.
mbedtls_xor
static void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n)
Perform a fast block XOR operation, such that r[i] = a[i] ^ b[i] where 0 <= i < n.
Definition: common.h:186
ctx
CS_CONTEXT * ctx
Definition: t0006.c:12
output
static SQLCHAR output[256]
Definition: print.c:5
offset
int offset
Definition: replacements.h:160
uint32_t
Uint4 uint32_t
Definition: tds_sysdep_public.h:54
NULL
#define NULL
Definition: ncbistd.hpp:225
exit
exit(2)
buf
char * buf
Definition: lex.newick.cpp:1452
input
static int input()
Definition: lex.newick.cpp:1147
i
int i
Definition: lex.newick.cpp:1456
n
yy_size_t n
Definition: lex.newick.cpp:1455
len
int len
Definition: lex.newick.cpp:1450
lmdb::mode
mdb_mode_t mode
Definition: lmdb++.h:38
ncbi::grid::netcache::search::fields::key
const struct ncbi::grid::netcache::search::fields::KEY key
t
EIPRangeType t
Definition: ncbi_localip.c:101
mbedtls_camellia_crypt_ctr
#define mbedtls_camellia_crypt_ctr
Definition: ncbicxx_rename_mbedtls.h:299
mbedtls_camellia_crypt_cfb128
#define mbedtls_camellia_crypt_cfb128
Definition: ncbicxx_rename_mbedtls.h:297
mbedtls_platform_zeroize
#define mbedtls_platform_zeroize
Definition: ncbicxx_rename_mbedtls.h:1087
mbedtls_camellia_crypt_cbc
#define mbedtls_camellia_crypt_cbc
Definition: ncbicxx_rename_mbedtls.h:295
platform.h
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
mbedtls_printf
#define mbedtls_printf
Definition: platform.h:219
platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.
verbose
true_type verbose
Definition: processing.cpp:890
uint32_t
#define uint32_t
Definition: config.h:42
mbedtls_camellia_context
CAMELLIA context structure.
Definition: camellia.h:41
Generated by doxygen 1.9.0
Modified on Mon May 13 04:34:16 2024 by modify_doxy.py rev. 669887