search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #2735 from jareckib/master
[RRG-proxmark3.git] / common / mbedtls / camellia.c
blob7b49f9aaee6394ef1fc2aee1bb65dd52fcf58f10
1 /*
2 * Camellia implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19 /*
20 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
21 * Corporation.
22 *
23 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
24 */
25
26 #include "common.h"
27
28 #if defined(MBEDTLS_CAMELLIA_C)
29
30 #include "mbedtls/camellia.h"
31 #include "mbedtls/platform_util.h"
32
33 #include <string.h>
34
35 #if defined(MBEDTLS_SELF_TEST)
36 #if defined(MBEDTLS_PLATFORM_C)
37 #include "mbedtls/platform.h"
38 #else
39 #include <stdio.h>
40 #define mbedtls_printf printf
41 #endif /* MBEDTLS_PLATFORM_C */
42 #endif /* MBEDTLS_SELF_TEST */
43
44 #if !defined(MBEDTLS_CAMELLIA_ALT)
45
46 /* Parameter validation macros */
47 #define CAMELLIA_VALIDATE_RET( cond ) \
48 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
49 #define CAMELLIA_VALIDATE( cond ) \
50 MBEDTLS_INTERNAL_VALIDATE( cond )
51
52 /*
53 * 32-bit integer manipulation macros (big endian)
54 */
55 #ifndef GET_UINT32_BE
56 #define GET_UINT32_BE(n,b,i) \
57 { \
58 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
59 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
60 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
61 | ( (uint32_t) (b)[(i) + 3] ); \
62 }
63 #endif
64
65 #ifndef PUT_UINT32_BE
66 #define PUT_UINT32_BE(n,b,i) \
67 { \
68 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
69 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
70 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
71 (b)[(i) + 3] = (unsigned char) ( (n) ); \
72 }
73 #endif
74
75 static const unsigned char SIGMA_CHARS[6][8] = {
76 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
77 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
78 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
79 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
80 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
81 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
82 };
83
84 #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
85
86 static const unsigned char FSb[256] = {
87 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
88 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
89 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
90 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
91 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
92 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
93 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
94 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
95 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
96 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
97 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
98 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
99 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
100 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
101 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
102 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
103 };
104
105 #define SBOX1(n) FSb[(n)]
106 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
107 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
108 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
109
110 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
111
112 static const unsigned char FSb[256] = {
113 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
114 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
115 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
116 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
117 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
118 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
119 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
120 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
121 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
122 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
123 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
124 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
125 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
126 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
127 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
128 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
129 };
130
131 static const unsigned char FSb2[256] = {
132 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
133 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
134 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
135 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
136 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
137 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
138 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
139 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
140 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
141 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
142 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
143 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
144 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
145 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
146 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
147 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
148 };
149
150 static const unsigned char FSb3[256] = {
151 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
152 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
153 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
154 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
155 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
156 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
157 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
158 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
159 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
160 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
161 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
162 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
163 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
164 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
165 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
166 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
167 };
168
169 static const unsigned char FSb4[256] = {
170 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
171 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
172 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
173 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
174 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
175 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
176 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
177 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
178 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
179 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
180 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
181 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
182 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
183 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
184 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
185 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
186 };
187
188 #define SBOX1(n) FSb[(n)]
189 #define SBOX2(n) FSb2[(n)]
190 #define SBOX3(n) FSb3[(n)]
191 #define SBOX4(n) FSb4[(n)]
192
193 #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
194
195 static const unsigned char shifts[2][4][4] = {
196 {
197 { 1, 1, 1, 1 }, /* KL */
198 { 0, 0, 0, 0 }, /* KR */
199 { 1, 1, 1, 1 }, /* KA */
200 { 0, 0, 0, 0 } /* KB */
201 },
202 {
203 { 1, 0, 1, 1 }, /* KL */
204 { 1, 1, 0, 1 }, /* KR */
205 { 1, 1, 1, 0 }, /* KA */
206 { 1, 1, 0, 1 } /* KB */
207 }
208 };
209
210 static const signed char indexes[2][4][20] = {
211 {
212 {
213 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
214 36, 37, 23, 20, 21, 22, 27, -1, -1, 26
215 }, /* KL -> RK */
216 {
217 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
218 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
219 }, /* KR -> RK */
220 {
221 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
222 18, 19, -1, 24, 25, -1, 31, 28, 29, 30
223 }, /* KA -> RK */
224 {
225 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
226 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
227 } /* KB -> RK */
228 },
229 {
230 {
231 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
232 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34
233 }, /* KL -> RK */
234 {
235 -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
236 18, 19, -1, -1, -1, -1, 39, 36, 37, 38
237 }, /* KR -> RK */
238 {
239 -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
240 56, 57, 31, 28, 29, 30, -1, -1, -1, -1
241 }, /* KA -> RK */
242 {
243 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
244 22, 23, -1, -1, -1, -1, 43, 40, 41, 42
245 } /* KB -> RK */
246 }
247 };
248
249 static const signed char transposes[2][20] = {
250 {
251 21, 22, 23, 20,
252 -1, -1, -1, -1,
253 18, 19, 16, 17,
254 11, 8, 9, 10,
255 15, 12, 13, 14
256 },
257 {
258 25, 26, 27, 24,
259 29, 30, 31, 28,
260 18, 19, 16, 17,
261 -1, -1, -1, -1,
262 -1, -1, -1, -1
263 }
264 };
265
266 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
267 #define ROTL(DEST, SRC, SHIFT) \
268 { \
269 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
270 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
271 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
272 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
273 }
274
275 #define FL(XL, XR, KL, KR) \
276 { \
277 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
278 (XL) = ((XR) | (KR)) ^ (XL); \
279 }
280
281 #define FLInv(YL, YR, KL, KR) \
282 { \
283 (YL) = ((YR) | (KR)) ^ (YL); \
284 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
285 }
286
287 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
288 { \
289 TK[0] = KC[(OFFSET) * 4 + 0]; \
290 TK[1] = KC[(OFFSET) * 4 + 1]; \
291 TK[2] = KC[(OFFSET) * 4 + 2]; \
292 TK[3] = KC[(OFFSET) * 4 + 3]; \
293 \
294 for( i = 1; i <= 4; i++ ) \
295 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
296 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
297 \
298 for( i = 0; i < 20; i++ ) \
299 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
300 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
301 } \
302 }
303
304 static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
305 uint32_t z[2]) {
306 uint32_t I0, I1;
307 I0 = x[0] ^ k[0];
308 I1 = x[1] ^ k[1];
309
310 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
311 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
312 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
313 ((uint32_t) SBOX4((I0) & 0xFF));
314 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
315 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
316 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
317 ((uint32_t) SBOX1((I1) & 0xFF));
318
319 I0 ^= (I1 << 8) | (I1 >> 24);
320 I1 ^= (I0 << 16) | (I0 >> 16);
321 I0 ^= (I1 >> 8) | (I1 << 24);
322 I1 ^= (I0 >> 8) | (I0 << 24);
323
324 z[0] ^= I1;
325 z[1] ^= I0;
326 }
327
328 void mbedtls_camellia_init(mbedtls_camellia_context *ctx) {
329 CAMELLIA_VALIDATE(ctx != NULL);
330 memset(ctx, 0, sizeof(mbedtls_camellia_context));
331 }
332
333 void mbedtls_camellia_free(mbedtls_camellia_context *ctx) {
334 if (ctx == NULL)
335 return;
336
337 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
338 }
339
340 /*
341 * Camellia key schedule (encryption)
342 */
343 int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
344 const unsigned char *key,
345 unsigned int keybits) {
346 int idx;
347 size_t i;
348 uint32_t *RK;
349 unsigned char t[64];
350 uint32_t SIGMA[6][2];
351 uint32_t KC[16];
352 uint32_t TK[20];
353
354 CAMELLIA_VALIDATE_RET(ctx != NULL);
355 CAMELLIA_VALIDATE_RET(key != NULL);
356
357 RK = ctx->rk;
358
359 memset(t, 0, 64);
360 memset(RK, 0, sizeof(ctx->rk));
361
362 switch (keybits) {
363 case 128:
364 ctx->nr = 3;
365 idx = 0;
366 break;
367 case 192:
368 case 256:
369 ctx->nr = 4;
370 idx = 1;
371 break;
372 default :
373 return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA);
374 }
375
376 for (i = 0; i < keybits / 8; ++i)
377 t[i] = key[i];
378
379 if (keybits == 192) {
380 for (i = 0; i < 8; i++)
381 t[24 + i] = ~t[16 + i];
382 }
383
384 /*
385 * Prepare SIGMA values
386 */
387 for (i = 0; i < 6; i++) {
388 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
389 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
390 }
391
392 /*
393 * Key storage in KC
394 * Order: KL, KR, KA, KB
395 */
396 memset(KC, 0, sizeof(KC));
397
398 /* Store KL, KR */
399 for (i = 0; i < 8; i++)
400 GET_UINT32_BE(KC[i], t, i * 4);
401
402 /* Generate KA */
403 for (i = 0; i < 4; ++i)
404 KC[8 + i] = KC[i] ^ KC[4 + i];
405
406 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
407 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
408
409 for (i = 0; i < 4; ++i)
410 KC[8 + i] ^= KC[i];
411
412 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
413 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
414
415 if (keybits > 128) {
416 /* Generate KB */
417 for (i = 0; i < 4; ++i)
418 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
419
420 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
421 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
422 }
423
424 /*
425 * Generating subkeys
426 */
427
428 /* Manipulating KL */
429 SHIFT_AND_PLACE(idx, 0);
430
431 /* Manipulating KR */
432 if (keybits > 128) {
433 SHIFT_AND_PLACE(idx, 1);
434 }
435
436 /* Manipulating KA */
437 SHIFT_AND_PLACE(idx, 2);
438
439 /* Manipulating KB */
440 if (keybits > 128) {
441 SHIFT_AND_PLACE(idx, 3);
442 }
443
444 /* Do transpositions */
445 for (i = 0; i < 20; i++) {
446 if (transposes[idx][i] != -1) {
447 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
448 }
449 }
450
451 return (0);
452 }
453
454 /*
455 * Camellia key schedule (decryption)
456 */
457 int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
458 const unsigned char *key,
459 unsigned int keybits) {
460 int idx, ret;
461 size_t i;
462 mbedtls_camellia_context cty;
463 uint32_t *RK;
464 uint32_t *SK;
465 CAMELLIA_VALIDATE_RET(ctx != NULL);
466 CAMELLIA_VALIDATE_RET(key != NULL);
467
468 mbedtls_camellia_init(&cty);
469
470 /* Also checks keybits */
471 if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0)
472 goto exit;
473
474 ctx->nr = cty.nr;
475 idx = (ctx->nr == 4);
476
477 RK = ctx->rk;
478 SK = cty.rk + 24 * 2 + 8 * idx * 2;
479
480 *RK++ = *SK++;
481 *RK++ = *SK++;
482 *RK++ = *SK++;
483 *RK++ = *SK++;
484
485 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
486 *RK++ = *SK++;
487 *RK++ = *SK++;
488 }
489
490 SK -= 2;
491
492 *RK++ = *SK++;
493 *RK++ = *SK++;
494 *RK++ = *SK++;
495 *RK++ = *SK++;
496
497 exit:
498 mbedtls_camellia_free(&cty);
499
500 return (ret);
501 }
502
503 /*
504 * Camellia-ECB block encryption/decryption
505 */
506 int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
507 int mode,
508 const unsigned char input[16],
509 unsigned char output[16]) {
510 int NR;
511 uint32_t *RK, X[4];
512 CAMELLIA_VALIDATE_RET(ctx != NULL);
513 CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
514 mode == MBEDTLS_CAMELLIA_DECRYPT);
515 CAMELLIA_VALIDATE_RET(input != NULL);
516 CAMELLIA_VALIDATE_RET(output != NULL);
517
518 ((void) mode);
519
520 NR = ctx->nr;
521 RK = ctx->rk;
522
523 GET_UINT32_BE(X[0], input, 0);
524 GET_UINT32_BE(X[1], input, 4);
525 GET_UINT32_BE(X[2], input, 8);
526 GET_UINT32_BE(X[3], input, 12);
527
528 X[0] ^= *RK++;
529 X[1] ^= *RK++;
530 X[2] ^= *RK++;
531 X[3] ^= *RK++;
532
533 while (NR) {
534 --NR;
535 camellia_feistel(X, RK, X + 2);
536 RK += 2;
537 camellia_feistel(X + 2, RK, X);
538 RK += 2;
539 camellia_feistel(X, RK, X + 2);
540 RK += 2;
541 camellia_feistel(X + 2, RK, X);
542 RK += 2;
543 camellia_feistel(X, RK, X + 2);
544 RK += 2;
545 camellia_feistel(X + 2, RK, X);
546 RK += 2;
547
548 if (NR) {
549 FL(X[0], X[1], RK[0], RK[1]);
550 RK += 2;
551 FLInv(X[2], X[3], RK[0], RK[1]);
552 RK += 2;
553 }
554 }
555
556 X[2] ^= *RK++;
557 X[3] ^= *RK++;
558 X[0] ^= *RK++;
559 X[1] ^= *RK++;
560
561 PUT_UINT32_BE(X[2], output, 0);
562 PUT_UINT32_BE(X[3], output, 4);
563 PUT_UINT32_BE(X[0], output, 8);
564 PUT_UINT32_BE(X[1], output, 12);
565
566 return (0);
567 }
568
569 #if defined(MBEDTLS_CIPHER_MODE_CBC)
570 /*
571 * Camellia-CBC buffer encryption/decryption
572 */
573 int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
574 int mode,
575 size_t length,
576 unsigned char iv[16],
577 const unsigned char *input,
578 unsigned char *output) {
579 int i;
580 unsigned char temp[16];
581 CAMELLIA_VALIDATE_RET(ctx != NULL);
582 CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
583 mode == MBEDTLS_CAMELLIA_DECRYPT);
584 CAMELLIA_VALIDATE_RET(iv != NULL);
585 CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
586 CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
587
588 if (length % 16)
589 return (MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH);
590
591 if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
592 while (length > 0) {
593 memcpy(temp, input, 16);
594 mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
595
596 for (i = 0; i < 16; i++)
597 output[i] = (unsigned char)(output[i] ^ iv[i]);
598
599 memcpy(iv, temp, 16);
600
601 input += 16;
602 output += 16;
603 length -= 16;
604 }
605 } else {
606 while (length > 0) {
607 for (i = 0; i < 16; i++)
608 output[i] = (unsigned char)(input[i] ^ iv[i]);
609
610 mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
611 memcpy(iv, output, 16);
612
613 input += 16;
614 output += 16;
615 length -= 16;
616 }
617 }
618
619 return (0);
620 }
621 #endif /* MBEDTLS_CIPHER_MODE_CBC */
622
623 #if defined(MBEDTLS_CIPHER_MODE_CFB)
624 /*
625 * Camellia-CFB128 buffer encryption/decryption
626 */
627 int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
628 int mode,
629 size_t length,
630 size_t *iv_off,
631 unsigned char iv[16],
632 const unsigned char *input,
633 unsigned char *output) {
634 int c;
635 size_t n;
636 CAMELLIA_VALIDATE_RET(ctx != NULL);
637 CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
638 mode == MBEDTLS_CAMELLIA_DECRYPT);
639 CAMELLIA_VALIDATE_RET(iv != NULL);
640 CAMELLIA_VALIDATE_RET(iv_off != NULL);
641 CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
642 CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
643
644 n = *iv_off;
645 if (n >= 16)
646 return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA);
647
648 if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
649 while (length--) {
650 if (n == 0)
651 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
652
653 c = *input++;
654 *output++ = (unsigned char)(c ^ iv[n]);
655 iv[n] = (unsigned char) c;
656
657 n = (n + 1) & 0x0F;
658 }
659 } else {
660 while (length--) {
661 if (n == 0)
662 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
663
664 iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++);
665
666 n = (n + 1) & 0x0F;
667 }
668 }
669
670 *iv_off = n;
671
672 return (0);
673 }
674 #endif /* MBEDTLS_CIPHER_MODE_CFB */
675
676 #if defined(MBEDTLS_CIPHER_MODE_CTR)
677 /*
678 * Camellia-CTR buffer encryption/decryption
679 */
680 int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
681 size_t length,
682 size_t *nc_off,
683 unsigned char nonce_counter[16],
684 unsigned char stream_block[16],
685 const unsigned char *input,
686 unsigned char *output) {
687 int c, i;
688 size_t n;
689 CAMELLIA_VALIDATE_RET(ctx != NULL);
690 CAMELLIA_VALIDATE_RET(nonce_counter != NULL);
691 CAMELLIA_VALIDATE_RET(stream_block != NULL);
692 CAMELLIA_VALIDATE_RET(nc_off != NULL);
693 CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
694 CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
695
696 n = *nc_off;
697 if (n >= 16)
698 return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA);
699
700 while (length--) {
701 if (n == 0) {
702 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
703 stream_block);
704
705 for (i = 16; i > 0; i--)
706 if (++nonce_counter[i - 1] != 0)
707 break;
708 }
709 c = *input++;
710 *output++ = (unsigned char)(c ^ stream_block[n]);
711
712 n = (n + 1) & 0x0F;
713 }
714
715 *nc_off = n;
716
717 return (0);
718 }
719 #endif /* MBEDTLS_CIPHER_MODE_CTR */
720 #endif /* !MBEDTLS_CAMELLIA_ALT */
721
722 #if defined(MBEDTLS_SELF_TEST)
723
724 /*
725 * Camellia test vectors from:
726 *
727 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
728 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
729 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
730 * (For each bitlength: Key 0, Nr 39)
731 */
732 #define CAMELLIA_TESTS_ECB 2
733
734 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = {
735 {
736 {
737 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
738 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
739 },
740 {
741 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
742 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
743 }
744 },
745 {
746 {
747 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
748 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
749 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
750 },
751 {
752 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
753 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
754 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
755 }
756 },
757 {
758 {
759 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
760 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
761 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
762 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
763 },
764 {
765 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
766 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
767 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
768 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
769 }
770 },
771 };
772
773 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = {
774 {
775 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
776 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
777 },
778 {
779 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
780 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
781 }
782 };
783
784 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = {
785 {
786 {
787 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
788 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
789 },
790 {
791 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
792 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31
793 }
794 },
795 {
796 {
797 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
798 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
799 },
800 {
801 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
802 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64
803 }
804 },
805 {
806 {
807 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
808 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
809 },
810 {
811 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
812 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35
813 }
814 }
815 };
816
817 #if defined(MBEDTLS_CIPHER_MODE_CBC)
818 #define CAMELLIA_TESTS_CBC 3
819
820 static const unsigned char camellia_test_cbc_key[3][32] = {
821 {
822 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
823 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
824 }
825 ,
826 {
827 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
828 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
829 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
830 }
831 ,
832 {
833 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
834 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
835 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
836 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
837 }
838 };
839
840 static const unsigned char camellia_test_cbc_iv[16] =
841
842 {
843 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
844 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
845 }
846 ;
847
848 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = {
849 {
850 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
851 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
852 },
853 {
854 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
855 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
856 },
857 {
858 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
859 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF
860 }
861
862 };
863
864 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = {
865 {
866 {
867 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
868 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
869 },
870 {
871 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
872 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87
873 },
874 {
875 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
876 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54
877 }
878 },
879 {
880 {
881 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
882 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
883 },
884 {
885 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
886 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5
887 },
888 {
889 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
890 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49
891 }
892 },
893 {
894 {
895 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
896 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
897 },
898 {
899 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
900 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50
901 },
902 {
903 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
904 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83
905 }
906 }
907 };
908 #endif /* MBEDTLS_CIPHER_MODE_CBC */
909
910 #if defined(MBEDTLS_CIPHER_MODE_CTR)
911 /*
912 * Camellia-CTR test vectors from:
913 *
914 * http://www.faqs.org/rfcs/rfc5528.html
915 */
916
917 static const unsigned char camellia_test_ctr_key[3][16] = {
918 {
919 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
920 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E
921 },
922 {
923 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
924 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63
925 },
926 {
927 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
928 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC
929 }
930 };
931
932 static const unsigned char camellia_test_ctr_nonce_counter[3][16] = {
933 {
934 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
935 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
936 },
937 {
938 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
939 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01
940 },
941 {
942 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
943 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01
944 }
945 };
946
947 static const unsigned char camellia_test_ctr_pt[3][48] = {
948 {
949 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
950 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67
951 },
952
953 {
954 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
955 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
956 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
957 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
958 },
959
960 {
961 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
962 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
963 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
964 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
965 0x20, 0x21, 0x22, 0x23
966 }
967 };
968
969 static const unsigned char camellia_test_ctr_ct[3][48] = {
970 {
971 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
972 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F
973 },
974 {
975 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
976 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
977 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
978 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48
979 },
980 {
981 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
982 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
983 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
984 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
985 0xDF, 0x50, 0x86, 0x96
986 }
987 };
988
989 static const int camellia_test_ctr_len[3] =
990 { 16, 32, 36 };
991 #endif /* MBEDTLS_CIPHER_MODE_CTR */
992
993 /*
994 * Checkup routine
995 */
996 int mbedtls_camellia_self_test(int verbose) {
997 int i, j, u, v;
998 unsigned char key[32];
999 unsigned char buf[64];
1000 unsigned char src[16];
1001 unsigned char dst[16];
1002 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1003 unsigned char iv[16];
1004 #endif
1005 #if defined(MBEDTLS_CIPHER_MODE_CTR)
1006 size_t offset, len;
1007 unsigned char nonce_counter[16];
1008 unsigned char stream_block[16];
1009 #endif
1010
1011 mbedtls_camellia_context ctx;
1012
1013 memset(key, 0, 32);
1014
1015 for (j = 0; j < 6; j++) {
1016 u = j >> 1;
1017 v = j & 1;
1018
1019 if (verbose != 0)
1020 mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
1021 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1022
1023 for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
1024 memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
1025
1026 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1027 mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
1028 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
1029 memcpy(dst, camellia_test_ecb_plain[i], 16);
1030 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
1031 mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
1032 memcpy(src, camellia_test_ecb_plain[i], 16);
1033 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
1034 }
1035
1036 mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
1037
1038 if (memcmp(buf, dst, 16) != 0) {
1039 if (verbose != 0)
1040 mbedtls_printf("failed\n");
1041
1042 return (1);
1043 }
1044 }
1045
1046 if (verbose != 0)
1047 mbedtls_printf("passed\n");
1048 }
1049
1050 if (verbose != 0)
1051 mbedtls_printf("\n");
1052
1053 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1054 /*
1055 * CBC mode
1056 */
1057 for (j = 0; j < 6; j++) {
1058 u = j >> 1;
1059 v = j & 1;
1060
1061 if (verbose != 0)
1062 mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
1063 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1064
1065 memcpy(src, camellia_test_cbc_iv, 16);
1066 memcpy(dst, camellia_test_cbc_iv, 16);
1067 memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
1068
1069 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1070 mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
1071 } else {
1072 mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
1073 }
1074
1075 for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
1076
1077 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1078 memcpy(iv, src, 16);
1079 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
1080 memcpy(dst, camellia_test_cbc_plain[i], 16);
1081 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
1082 memcpy(iv, dst, 16);
1083 memcpy(src, camellia_test_cbc_plain[i], 16);
1084 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
1085 }
1086
1087 mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
1088
1089 if (memcmp(buf, dst, 16) != 0) {
1090 if (verbose != 0)
1091 mbedtls_printf("failed\n");
1092
1093 return (1);
1094 }
1095 }
1096
1097 if (verbose != 0)
1098 mbedtls_printf("passed\n");
1099 }
1100 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1101
1102 if (verbose != 0)
1103 mbedtls_printf("\n");
1104
1105 #if defined(MBEDTLS_CIPHER_MODE_CTR)
1106 /*
1107 * CTR mode
1108 */
1109 for (i = 0; i < 6; i++) {
1110 u = i >> 1;
1111 v = i & 1;
1112
1113 if (verbose != 0)
1114 mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
1115 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1116
1117 memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1118 memcpy(key, camellia_test_ctr_key[u], 16);
1119
1120 offset = 0;
1121 mbedtls_camellia_setkey_enc(&ctx, key, 128);
1122
1123 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1124 len = camellia_test_ctr_len[u];
1125 memcpy(buf, camellia_test_ctr_ct[u], len);
1126
1127 mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1128 buf, buf);
1129
1130 if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1131 if (verbose != 0)
1132 mbedtls_printf("failed\n");
1133
1134 return (1);
1135 }
1136 } else {
1137 len = camellia_test_ctr_len[u];
1138 memcpy(buf, camellia_test_ctr_pt[u], len);
1139
1140 mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1141 buf, buf);
1142
1143 if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1144 if (verbose != 0)
1145 mbedtls_printf("failed\n");
1146
1147 return (1);
1148 }
1149 }
1150
1151 if (verbose != 0)
1152 mbedtls_printf("passed\n");
1153 }
1154
1155 if (verbose != 0)
1156 mbedtls_printf("\n");
1157 #endif /* MBEDTLS_CIPHER_MODE_CTR */
1158
1159 return (0);
1160 }
1161
1162 #endif /* MBEDTLS_SELF_TEST */
1163
1164 #endif /* MBEDTLS_CAMELLIA_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware