search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fuck! don't perform ssl handshake for blocked hosts!
[mediator.git] / src / libpolarssl / camellia.c
blobc726dc93ae04367ecf0dd5f7eca0936752966ed8
1 /*
2 * Camellia implementation
3 *
4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
5 *
6 * This file is part of mbed TLS (https://tls.mbed.org)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 /*
23 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
24 * Corporation.
25 *
26 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
27 */
28
29 #if !defined(POLARSSL_CONFIG_FILE)
30 #include "polarssl/config.h"
31 #else
32 #include POLARSSL_CONFIG_FILE
33 #endif
34
35 #if defined(POLARSSL_CAMELLIA_C)
36
37 #include "polarssl/camellia.h"
38
39 #if defined(POLARSSL_SELF_TEST)
40 #include <string.h>
41 #if defined(POLARSSL_PLATFORM_C)
42 #include "polarssl/platform.h"
43 #else
44 #include <stdio.h>
45 #define polarssl_printf printf
46 #endif /* POLARSSL_PLATFORM_C */
47 #endif /* POLARSSL_SELF_TEST */
48
49 #include <string.h>
50
51 #if !defined(POLARSSL_CAMELLIA_ALT)
52
53 /* Implementation that should never be optimized out by the compiler */
54 static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56 }
57
58 /*
59 * 32-bit integer manipulation macros (big endian)
60 */
61 #ifndef GET_UINT32_BE
62 #define GET_UINT32_BE(n,b,i) \
63 { \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
68 }
69 #endif
70
71 #ifndef PUT_UINT32_BE
72 #define PUT_UINT32_BE(n,b,i) \
73 { \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
78 }
79 #endif
80
81 static const unsigned char SIGMA_CHARS[6][8] =
82 {
83 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
84 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
85 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
86 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
87 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
88 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
89 };
90
91 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
92
93 static const unsigned char FSb[256] =
94 {
95 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
96 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
97 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
98 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
99 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
100 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
101 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
102 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
103 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
104 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
105 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
106 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
107 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
108 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
109 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
110 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
111 };
112
113 #define SBOX1(n) FSb[(n)]
114 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
115 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
116 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
117
118 #else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
119
120 static const unsigned char FSb[256] =
121 {
122 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
123 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
124 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
125 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
126 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
127 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
128 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
129 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
130 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
131 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
132 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
133 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
134 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
135 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
136 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
137 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
138 };
139
140 static const unsigned char FSb2[256] =
141 {
142 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
143 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
144 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
145 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
146 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
147 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
148 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
149 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
150 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
151 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
152 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
153 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
154 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
155 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
156 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
157 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
158 };
159
160 static const unsigned char FSb3[256] =
161 {
162 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
163 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
164 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
165 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
166 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
167 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
168 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
169 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
170 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
171 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
172 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
173 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
174 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
175 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
176 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
177 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
178 };
179
180 static const unsigned char FSb4[256] =
181 {
182 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
183 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
184 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
185 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
186 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
187 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
188 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
189 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
190 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
191 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
192 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
193 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
194 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
195 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
196 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
197 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
198 };
199
200 #define SBOX1(n) FSb[(n)]
201 #define SBOX2(n) FSb2[(n)]
202 #define SBOX3(n) FSb3[(n)]
203 #define SBOX4(n) FSb4[(n)]
204
205 #endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
206
207 static const unsigned char shifts[2][4][4] =
208 {
209 {
210 { 1, 1, 1, 1 }, /* KL */
211 { 0, 0, 0, 0 }, /* KR */
212 { 1, 1, 1, 1 }, /* KA */
213 { 0, 0, 0, 0 } /* KB */
214 },
215 {
216 { 1, 0, 1, 1 }, /* KL */
217 { 1, 1, 0, 1 }, /* KR */
218 { 1, 1, 1, 0 }, /* KA */
219 { 1, 1, 0, 1 } /* KB */
220 }
221 };
222
223 static const signed char indexes[2][4][20] =
224 {
225 {
226 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
227 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
228 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
229 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
230 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
231 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
232 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
233 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
234 },
235 {
236 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
237 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
238 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
239 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
240 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
241 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
242 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
243 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
244 }
245 };
246
247 static const signed char transposes[2][20] =
248 {
249 {
250 21, 22, 23, 20,
251 -1, -1, -1, -1,
252 18, 19, 16, 17,
253 11, 8, 9, 10,
254 15, 12, 13, 14
255 },
256 {
257 25, 26, 27, 24,
258 29, 30, 31, 28,
259 18, 19, 16, 17,
260 -1, -1, -1, -1,
261 -1, -1, -1, -1
262 }
263 };
264
265 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
266 #define ROTL(DEST, SRC, SHIFT) \
267 { \
268 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
269 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
270 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
271 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
272 }
273
274 #define FL(XL, XR, KL, KR) \
275 { \
276 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
277 (XL) = ((XR) | (KR)) ^ (XL); \
278 }
279
280 #define FLInv(YL, YR, KL, KR) \
281 { \
282 (YL) = ((YR) | (KR)) ^ (YL); \
283 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
284 }
285
286 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
287 { \
288 TK[0] = KC[(OFFSET) * 4 + 0]; \
289 TK[1] = KC[(OFFSET) * 4 + 1]; \
290 TK[2] = KC[(OFFSET) * 4 + 2]; \
291 TK[3] = KC[(OFFSET) * 4 + 3]; \
292 \
293 for( i = 1; i <= 4; i++ ) \
294 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
295 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
296 \
297 for( i = 0; i < 20; i++ ) \
298 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
299 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
300 } \
301 }
302
303 static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
304 uint32_t z[2])
305 {
306 uint32_t I0, I1;
307 I0 = x[0] ^ k[0];
308 I1 = x[1] ^ k[1];
309
310 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
311 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
312 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
313 ((uint32_t) SBOX4((I0 ) & 0xFF) );
314 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
315 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
316 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
317 ((uint32_t) SBOX1((I1 ) & 0xFF) );
318
319 I0 ^= (I1 << 8) | (I1 >> 24);
320 I1 ^= (I0 << 16) | (I0 >> 16);
321 I0 ^= (I1 >> 8) | (I1 << 24);
322 I1 ^= (I0 >> 8) | (I0 << 24);
323
324 z[0] ^= I1;
325 z[1] ^= I0;
326 }
327
328 void camellia_init( camellia_context *ctx )
329 {
330 memset( ctx, 0, sizeof( camellia_context ) );
331 }
332
333 void camellia_free( camellia_context *ctx )
334 {
335 if( ctx == NULL )
336 return;
337
338 polarssl_zeroize( ctx, sizeof( camellia_context ) );
339 }
340
341 /*
342 * Camellia key schedule (encryption)
343 */
344 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
345 unsigned int keysize )
346 {
347 int idx;
348 size_t i;
349 uint32_t *RK;
350 unsigned char t[64];
351 uint32_t SIGMA[6][2];
352 uint32_t KC[16];
353 uint32_t TK[20];
354
355 RK = ctx->rk;
356
357 memset( t, 0, 64 );
358 memset( RK, 0, sizeof(ctx->rk) );
359
360 switch( keysize )
361 {
362 case 128: ctx->nr = 3; idx = 0; break;
363 case 192:
364 case 256: ctx->nr = 4; idx = 1; break;
365 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
366 }
367
368 for( i = 0; i < keysize / 8; ++i )
369 t[i] = key[i];
370
371 if( keysize == 192 ) {
372 for( i = 0; i < 8; i++ )
373 t[24 + i] = ~t[16 + i];
374 }
375
376 /*
377 * Prepare SIGMA values
378 */
379 for( i = 0; i < 6; i++ ) {
380 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
381 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
382 }
383
384 /*
385 * Key storage in KC
386 * Order: KL, KR, KA, KB
387 */
388 memset( KC, 0, sizeof(KC) );
389
390 /* Store KL, KR */
391 for( i = 0; i < 8; i++ )
392 GET_UINT32_BE( KC[i], t, i * 4 );
393
394 /* Generate KA */
395 for( i = 0; i < 4; ++i )
396 KC[8 + i] = KC[i] ^ KC[4 + i];
397
398 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
399 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
400
401 for( i = 0; i < 4; ++i )
402 KC[8 + i] ^= KC[i];
403
404 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
405 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
406
407 if( keysize > 128 ) {
408 /* Generate KB */
409 for( i = 0; i < 4; ++i )
410 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
411
412 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
413 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
414 }
415
416 /*
417 * Generating subkeys
418 */
419
420 /* Manipulating KL */
421 SHIFT_AND_PLACE( idx, 0 );
422
423 /* Manipulating KR */
424 if( keysize > 128 ) {
425 SHIFT_AND_PLACE( idx, 1 );
426 }
427
428 /* Manipulating KA */
429 SHIFT_AND_PLACE( idx, 2 );
430
431 /* Manipulating KB */
432 if( keysize > 128 ) {
433 SHIFT_AND_PLACE( idx, 3 );
434 }
435
436 /* Do transpositions */
437 for( i = 0; i < 20; i++ ) {
438 if( transposes[idx][i] != -1 ) {
439 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
440 }
441 }
442
443 return( 0 );
444 }
445
446 /*
447 * Camellia key schedule (decryption)
448 */
449 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
450 unsigned int keysize )
451 {
452 int idx, ret;
453 size_t i;
454 camellia_context cty;
455 uint32_t *RK;
456 uint32_t *SK;
457
458 camellia_init( &cty );
459
460 /* Also checks keysize */
461 if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) != 0 )
462 goto exit;
463
464 ctx->nr = cty.nr;
465 idx = ( ctx->nr == 4 );
466
467 RK = ctx->rk;
468 SK = cty.rk + 24 * 2 + 8 * idx * 2;
469
470 *RK++ = *SK++;
471 *RK++ = *SK++;
472 *RK++ = *SK++;
473 *RK++ = *SK++;
474
475 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
476 {
477 *RK++ = *SK++;
478 *RK++ = *SK++;
479 }
480
481 SK -= 2;
482
483 *RK++ = *SK++;
484 *RK++ = *SK++;
485 *RK++ = *SK++;
486 *RK++ = *SK++;
487
488 exit:
489 camellia_free( &cty );
490
491 return( ret );
492 }
493
494 /*
495 * Camellia-ECB block encryption/decryption
496 */
497 int camellia_crypt_ecb( camellia_context *ctx,
498 int mode,
499 const unsigned char input[16],
500 unsigned char output[16] )
501 {
502 int NR;
503 uint32_t *RK, X[4];
504
505 ( (void) mode );
506
507 NR = ctx->nr;
508 RK = ctx->rk;
509
510 GET_UINT32_BE( X[0], input, 0 );
511 GET_UINT32_BE( X[1], input, 4 );
512 GET_UINT32_BE( X[2], input, 8 );
513 GET_UINT32_BE( X[3], input, 12 );
514
515 X[0] ^= *RK++;
516 X[1] ^= *RK++;
517 X[2] ^= *RK++;
518 X[3] ^= *RK++;
519
520 while( NR ) {
521 --NR;
522 camellia_feistel( X, RK, X + 2 );
523 RK += 2;
524 camellia_feistel( X + 2, RK, X );
525 RK += 2;
526 camellia_feistel( X, RK, X + 2 );
527 RK += 2;
528 camellia_feistel( X + 2, RK, X );
529 RK += 2;
530 camellia_feistel( X, RK, X + 2 );
531 RK += 2;
532 camellia_feistel( X + 2, RK, X );
533 RK += 2;
534
535 if( NR ) {
536 FL(X[0], X[1], RK[0], RK[1]);
537 RK += 2;
538 FLInv(X[2], X[3], RK[0], RK[1]);
539 RK += 2;
540 }
541 }
542
543 X[2] ^= *RK++;
544 X[3] ^= *RK++;
545 X[0] ^= *RK++;
546 X[1] ^= *RK++;
547
548 PUT_UINT32_BE( X[2], output, 0 );
549 PUT_UINT32_BE( X[3], output, 4 );
550 PUT_UINT32_BE( X[0], output, 8 );
551 PUT_UINT32_BE( X[1], output, 12 );
552
553 return( 0 );
554 }
555
556 #if defined(POLARSSL_CIPHER_MODE_CBC)
557 /*
558 * Camellia-CBC buffer encryption/decryption
559 */
560 int camellia_crypt_cbc( camellia_context *ctx,
561 int mode,
562 size_t length,
563 unsigned char iv[16],
564 const unsigned char *input,
565 unsigned char *output )
566 {
567 int i;
568 unsigned char temp[16];
569
570 if( length % 16 )
571 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
572
573 if( mode == CAMELLIA_DECRYPT )
574 {
575 while( length > 0 )
576 {
577 memcpy( temp, input, 16 );
578 camellia_crypt_ecb( ctx, mode, input, output );
579
580 for( i = 0; i < 16; i++ )
581 output[i] = (unsigned char)( output[i] ^ iv[i] );
582
583 memcpy( iv, temp, 16 );
584
585 input += 16;
586 output += 16;
587 length -= 16;
588 }
589 }
590 else
591 {
592 while( length > 0 )
593 {
594 for( i = 0; i < 16; i++ )
595 output[i] = (unsigned char)( input[i] ^ iv[i] );
596
597 camellia_crypt_ecb( ctx, mode, output, output );
598 memcpy( iv, output, 16 );
599
600 input += 16;
601 output += 16;
602 length -= 16;
603 }
604 }
605
606 return( 0 );
607 }
608 #endif /* POLARSSL_CIPHER_MODE_CBC */
609
610 #if defined(POLARSSL_CIPHER_MODE_CFB)
611 /*
612 * Camellia-CFB128 buffer encryption/decryption
613 */
614 int camellia_crypt_cfb128( camellia_context *ctx,
615 int mode,
616 size_t length,
617 size_t *iv_off,
618 unsigned char iv[16],
619 const unsigned char *input,
620 unsigned char *output )
621 {
622 int c;
623 size_t n = *iv_off;
624
625 if( mode == CAMELLIA_DECRYPT )
626 {
627 while( length-- )
628 {
629 if( n == 0 )
630 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
631
632 c = *input++;
633 *output++ = (unsigned char)( c ^ iv[n] );
634 iv[n] = (unsigned char) c;
635
636 n = ( n + 1 ) & 0x0F;
637 }
638 }
639 else
640 {
641 while( length-- )
642 {
643 if( n == 0 )
644 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
645
646 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
647
648 n = ( n + 1 ) & 0x0F;
649 }
650 }
651
652 *iv_off = n;
653
654 return( 0 );
655 }
656 #endif /* POLARSSL_CIPHER_MODE_CFB */
657
658 #if defined(POLARSSL_CIPHER_MODE_CTR)
659 /*
660 * Camellia-CTR buffer encryption/decryption
661 */
662 int camellia_crypt_ctr( camellia_context *ctx,
663 size_t length,
664 size_t *nc_off,
665 unsigned char nonce_counter[16],
666 unsigned char stream_block[16],
667 const unsigned char *input,
668 unsigned char *output )
669 {
670 int c, i;
671 size_t n = *nc_off;
672
673 while( length-- )
674 {
675 if( n == 0 ) {
676 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
677 stream_block );
678
679 for( i = 16; i > 0; i-- )
680 if( ++nonce_counter[i - 1] != 0 )
681 break;
682 }
683 c = *input++;
684 *output++ = (unsigned char)( c ^ stream_block[n] );
685
686 n = ( n + 1 ) & 0x0F;
687 }
688
689 *nc_off = n;
690
691 return( 0 );
692 }
693 #endif /* POLARSSL_CIPHER_MODE_CTR */
694 #endif /* !POLARSSL_CAMELLIA_ALT */
695
696 #if defined(POLARSSL_SELF_TEST)
697
698 /*
699 * Camellia test vectors from:
700 *
701 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
702 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
703 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
704 * (For each bitlength: Key 0, Nr 39)
705 */
706 #define CAMELLIA_TESTS_ECB 2
707
708 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
709 {
710 {
711 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
712 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
713 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
714 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
715 },
716 {
717 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
718 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
719 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
720 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
721 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
722 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
723 },
724 {
725 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
726 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
727 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
728 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
729 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
731 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
732 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
733 },
734 };
735
736 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
737 {
738 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
739 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
740 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
741 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
742 };
743
744 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
745 {
746 {
747 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
748 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
749 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
750 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
751 },
752 {
753 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
754 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
755 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
756 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
757 },
758 {
759 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
760 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
761 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
762 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
763 }
764 };
765
766 #if defined(POLARSSL_CIPHER_MODE_CBC)
767 #define CAMELLIA_TESTS_CBC 3
768
769 static const unsigned char camellia_test_cbc_key[3][32] =
770 {
771 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
772 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
773 ,
774 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
775 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
776 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
777 ,
778 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
779 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
780 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
781 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
782 };
783
784 static const unsigned char camellia_test_cbc_iv[16] =
785
786 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
787 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
788 ;
789
790 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
791 {
792 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
793 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
794 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
795 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
796 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
797 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
798
799 };
800
801 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
802 {
803 {
804 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
805 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
806 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
807 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
808 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
809 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
810 },
811 {
812 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
813 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
814 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
815 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
816 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
817 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
818 },
819 {
820 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
821 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
822 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
823 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
824 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
825 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
826 }
827 };
828 #endif /* POLARSSL_CIPHER_MODE_CBC */
829
830 #if defined(POLARSSL_CIPHER_MODE_CTR)
831 /*
832 * Camellia-CTR test vectors from:
833 *
834 * http://www.faqs.org/rfcs/rfc5528.html
835 */
836
837 static const unsigned char camellia_test_ctr_key[3][16] =
838 {
839 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
840 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
841 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
842 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
843 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
844 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
845 };
846
847 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
848 {
849 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
850 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
851 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
852 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
853 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
854 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
855 };
856
857 static const unsigned char camellia_test_ctr_pt[3][48] =
858 {
859 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
860 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
861
862 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
863 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
864 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
865 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
866
867 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
868 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
869 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
870 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
871 0x20, 0x21, 0x22, 0x23 }
872 };
873
874 static const unsigned char camellia_test_ctr_ct[3][48] =
875 {
876 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
877 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
878 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
879 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
880 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
881 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
882 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
883 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
884 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
885 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
886 0xDF, 0x50, 0x86, 0x96 }
887 };
888
889 static const int camellia_test_ctr_len[3] =
890 { 16, 32, 36 };
891 #endif /* POLARSSL_CIPHER_MODE_CTR */
892
893 /*
894 * Checkup routine
895 */
896 int camellia_self_test( int verbose )
897 {
898 int i, j, u, v;
899 unsigned char key[32];
900 unsigned char buf[64];
901 unsigned char src[16];
902 unsigned char dst[16];
903 #if defined(POLARSSL_CIPHER_MODE_CBC)
904 unsigned char iv[16];
905 #endif
906 #if defined(POLARSSL_CIPHER_MODE_CTR)
907 size_t offset, len;
908 unsigned char nonce_counter[16];
909 unsigned char stream_block[16];
910 #endif
911
912 camellia_context ctx;
913
914 memset( key, 0, 32 );
915
916 for( j = 0; j < 6; j++ ) {
917 u = j >> 1;
918 v = j & 1;
919
920 if( verbose != 0 )
921 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
922 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
923
924 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
925 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
926
927 if( v == CAMELLIA_DECRYPT ) {
928 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
929 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
930 memcpy( dst, camellia_test_ecb_plain[i], 16 );
931 } else { /* CAMELLIA_ENCRYPT */
932 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
933 memcpy( src, camellia_test_ecb_plain[i], 16 );
934 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
935 }
936
937 camellia_crypt_ecb( &ctx, v, src, buf );
938
939 if( memcmp( buf, dst, 16 ) != 0 )
940 {
941 if( verbose != 0 )
942 polarssl_printf( "failed\n" );
943
944 return( 1 );
945 }
946 }
947
948 if( verbose != 0 )
949 polarssl_printf( "passed\n" );
950 }
951
952 if( verbose != 0 )
953 polarssl_printf( "\n" );
954
955 #if defined(POLARSSL_CIPHER_MODE_CBC)
956 /*
957 * CBC mode
958 */
959 for( j = 0; j < 6; j++ )
960 {
961 u = j >> 1;
962 v = j & 1;
963
964 if( verbose != 0 )
965 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
966 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
967
968 memcpy( src, camellia_test_cbc_iv, 16 );
969 memcpy( dst, camellia_test_cbc_iv, 16 );
970 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
971
972 if( v == CAMELLIA_DECRYPT ) {
973 camellia_setkey_dec( &ctx, key, 128 + u * 64 );
974 } else {
975 camellia_setkey_enc( &ctx, key, 128 + u * 64 );
976 }
977
978 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
979
980 if( v == CAMELLIA_DECRYPT ) {
981 memcpy( iv , src, 16 );
982 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
983 memcpy( dst, camellia_test_cbc_plain[i], 16 );
984 } else { /* CAMELLIA_ENCRYPT */
985 memcpy( iv , dst, 16 );
986 memcpy( src, camellia_test_cbc_plain[i], 16 );
987 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
988 }
989
990 camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
991
992 if( memcmp( buf, dst, 16 ) != 0 )
993 {
994 if( verbose != 0 )
995 polarssl_printf( "failed\n" );
996
997 return( 1 );
998 }
999 }
1000
1001 if( verbose != 0 )
1002 polarssl_printf( "passed\n" );
1003 }
1004 #endif /* POLARSSL_CIPHER_MODE_CBC */
1005
1006 if( verbose != 0 )
1007 polarssl_printf( "\n" );
1008
1009 #if defined(POLARSSL_CIPHER_MODE_CTR)
1010 /*
1011 * CTR mode
1012 */
1013 for( i = 0; i < 6; i++ )
1014 {
1015 u = i >> 1;
1016 v = i & 1;
1017
1018 if( verbose != 0 )
1019 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1020 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
1021
1022 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1023 memcpy( key, camellia_test_ctr_key[u], 16 );
1024
1025 offset = 0;
1026 camellia_setkey_enc( &ctx, key, 128 );
1027
1028 if( v == CAMELLIA_DECRYPT )
1029 {
1030 len = camellia_test_ctr_len[u];
1031 memcpy( buf, camellia_test_ctr_ct[u], len );
1032
1033 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1034 buf, buf );
1035
1036 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1037 {
1038 if( verbose != 0 )
1039 polarssl_printf( "failed\n" );
1040
1041 return( 1 );
1042 }
1043 }
1044 else
1045 {
1046 len = camellia_test_ctr_len[u];
1047 memcpy( buf, camellia_test_ctr_pt[u], len );
1048
1049 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1050 buf, buf );
1051
1052 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1053 {
1054 if( verbose != 0 )
1055 polarssl_printf( "failed\n" );
1056
1057 return( 1 );
1058 }
1059 }
1060
1061 if( verbose != 0 )
1062 polarssl_printf( "passed\n" );
1063 }
1064
1065 if( verbose != 0 )
1066 polarssl_printf( "\n" );
1067 #endif /* POLARSSL_CIPHER_MODE_CTR */
1068
1069 return( 0 );
1070 }
1071
1072 #endif /* POLARSSL_SELF_TEST */
1073
1074 #endif /* POLARSSL_CAMELLIA_C */
simple coroutine-based http/https proxy server