Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

camellia.c@ 398

Last change on this file since 398 was 398, checked in by coas-nagasima, 5 years ago
mbedTLS版Azure IoT Hub接続サンプルのソースコードを追加
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc;charset=UTF-8`
File size: 36.2 KB

Line
1	/*
2	* Camellia implementation
3	*
4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5	* SPDX-License-Identifier: Apache-2.0
6	*
7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
8	* not use this file except in compliance with the License.
9	* You may obtain a copy of the License at
10	*
11	* http://www.apache.org/licenses/LICENSE-2.0
12	*
13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and
17	* limitations under the License.
18	*
19	* This file is part of mbed TLS (https://tls.mbed.org)
20	*/
21	/*
22	* The Camellia block cipher was designed by NTT and Mitsubishi Electric
23	* Corporation.
24	*
25	* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
26	*/
27
28	#if !defined(MBEDTLS_CONFIG_FILE)
29	#include "mbedtls/config.h"
30	#else
31	#include MBEDTLS_CONFIG_FILE
32	#endif
33
34	#if defined(MBEDTLS_CAMELLIA_C)
35
36	#include "mbedtls/camellia.h"
37	#include "mbedtls/platform_util.h"
38
39	#include <string.h>
40
41	#if defined(MBEDTLS_SELF_TEST)
42	#if defined(MBEDTLS_PLATFORM_C)
43	#include "mbedtls/platform.h"
44	#else
45	#include <stdio.h>
46	#define mbedtls_printf printf
47	#endif /* MBEDTLS_PLATFORM_C */
48	#endif /* MBEDTLS_SELF_TEST */
49
50	#if !defined(MBEDTLS_CAMELLIA_ALT)
51
52	/* Parameter validation macros */
53	#define CAMELLIA_VALIDATE_RET( cond ) \
54	MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
55	#define CAMELLIA_VALIDATE( cond ) \
56	MBEDTLS_INTERNAL_VALIDATE( cond )
57
58	/*
59	* 32-bit integer manipulation macros (big endian)
60	*/
61	#ifndef GET_UINT32_BE
62	#define GET_UINT32_BE(n,b,i) \
63	{ \
64	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
66	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
67	\| ( (uint32_t) (b)[(i) + 3] ); \
68	}
69	#endif
70
71	#ifndef PUT_UINT32_BE
72	#define PUT_UINT32_BE(n,b,i) \
73	{ \
74	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77	(b)[(i) + 3] = (unsigned char) ( (n) ); \
78	}
79	#endif
80
81	static const unsigned char SIGMA_CHARS[6][8] =
82	{
83	{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
84	{ 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
85	{ 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
86	{ 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
87	{ 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
88	{ 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
89	};
90
91	#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
92
93	static const unsigned char FSb[256] =
94	{
95	112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
96	35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
97	134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
98	166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
99	139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
100	223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
101	20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
102	254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
103	170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
104	16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
105	135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
106	82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
107	233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
108	120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
109	114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
110	64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
111	};
112
113	#define SBOX1(n) FSb[(n)]
114	#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
115	#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
116	#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
117
118	#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
119
120	static const unsigned char FSb[256] =
121	{
122	112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
123	35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
124	134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
125	166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
126	139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
127	223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
128	20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
129	254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
130	170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
131	16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
132	135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
133	82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
134	233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
135	120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
136	114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
137	64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
138	};
139
140	static const unsigned char FSb2[256] =
141	{
142	224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
143	70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
144	13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
145	77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
146	23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
147	191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
148	40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
149	253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
150	85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
151	32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
152	15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
153	164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
154	211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
155	240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
156	228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
157	128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
158	};
159
160	static const unsigned char FSb3[256] =
161	{
162	56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
163	145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
164	67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
165	83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
166	197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
167	239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
168	10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
169	127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
170	85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
171	8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
172	195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
173	41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
174	244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
175	60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
176	57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
177	32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
178	};
179
180	static const unsigned char FSb4[256] =
181	{
182	112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
183	134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
184	139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
185	20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
186	170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
187	135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
188	233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
189	114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
190	130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
191	184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
192	13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
193	88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
194	208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
195	92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
196	121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
197	7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
198	};
199
200	#define SBOX1(n) FSb[(n)]
201	#define SBOX2(n) FSb2[(n)]
202	#define SBOX3(n) FSb3[(n)]
203	#define SBOX4(n) FSb4[(n)]
204
205	#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
206
207	static const unsigned char shifts[2][4][4] =
208	{
209	{
210	{ 1, 1, 1, 1 }, /* KL */
211	{ 0, 0, 0, 0 }, /* KR */
212	{ 1, 1, 1, 1 }, /* KA */
213	{ 0, 0, 0, 0 } /* KB */
214	},
215	{
216	{ 1, 0, 1, 1 }, /* KL */
217	{ 1, 1, 0, 1 }, /* KR */
218	{ 1, 1, 1, 0 }, /* KA */
219	{ 1, 1, 0, 1 } /* KB */
220	}
221	};
222
223	static const signed char indexes[2][4][20] =
224	{
225	{
226	{ 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
227	36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
228	{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
229	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
230	{ 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
231	18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
232	{ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
233	-1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
234	},
235	{
236	{ 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
237	-1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
238	{ -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
239	18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
240	{ -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
241	56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
242	{ 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
243	22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
244	}
245	};
246
247	static const signed char transposes[2][20] =
248	{
249	{
250	21, 22, 23, 20,
251	-1, -1, -1, -1,
252	18, 19, 16, 17,
253	11, 8, 9, 10,
254	15, 12, 13, 14
255	},
256	{
257	25, 26, 27, 24,
258	29, 30, 31, 28,
259	18, 19, 16, 17,
260	-1, -1, -1, -1,
261	-1, -1, -1, -1
262	}
263	};
264
265	/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
266	#define ROTL(DEST, SRC, SHIFT) \
267	{ \
268	(DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
269	(DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
270	(DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
271	(DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
272	}
273
274	#define FL(XL, XR, KL, KR) \
275	{ \
276	(XR) = ((((XL) & (KL)) << 1) \| (((XL) & (KL)) >> 31)) ^ (XR); \
277	(XL) = ((XR) \| (KR)) ^ (XL); \
278	}
279
280	#define FLInv(YL, YR, KL, KR) \
281	{ \
282	(YL) = ((YR) \| (KR)) ^ (YL); \
283	(YR) = ((((YL) & (KL)) << 1) \| (((YL) & (KL)) >> 31)) ^ (YR); \
284	}
285
286	#define SHIFT_AND_PLACE(INDEX, OFFSET) \
287	{ \
288	TK[0] = KC[(OFFSET) * 4 + 0]; \
289	TK[1] = KC[(OFFSET) * 4 + 1]; \
290	TK[2] = KC[(OFFSET) * 4 + 2]; \
291	TK[3] = KC[(OFFSET) * 4 + 3]; \
292	\
293	for( i = 1; i <= 4; i++ ) \
294	if( shifts[(INDEX)][(OFFSET)][i -1] ) \
295	ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
296	\
297	for( i = 0; i < 20; i++ ) \
298	if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
299	RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
300	} \
301	}
302
303	static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
304	uint32_t z[2])
305	{
306	uint32_t I0, I1;
307	I0 = x[0] ^ k[0];
308	I1 = x[1] ^ k[1];
309
310	I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) \|
311	((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) \|
312	((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) \|
313	((uint32_t) SBOX4((I0 ) & 0xFF) );
314	I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) \|
315	((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) \|
316	((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) \|
317	((uint32_t) SBOX1((I1 ) & 0xFF) );
318
319	I0 ^= (I1 << 8) \| (I1 >> 24);
320	I1 ^= (I0 << 16) \| (I0 >> 16);
321	I0 ^= (I1 >> 8) \| (I1 << 24);
322	I1 ^= (I0 >> 8) \| (I0 << 24);
323
324	z[0] ^= I1;
325	z[1] ^= I0;
326	}
327
328	void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
329	{
330	CAMELLIA_VALIDATE( ctx != NULL );
331	memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
332	}
333
334	void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
335	{
336	if( ctx == NULL )
337	return;
338
339	mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
340	}
341
342	/*
343	* Camellia key schedule (encryption)
344	*/
345	int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
346	const unsigned char *key,
347	unsigned int keybits )
348	{
349	int idx;
350	size_t i;
351	uint32_t *RK;
352	unsigned char t[64];
353	uint32_t SIGMA[6][2];
354	uint32_t KC[16];
355	uint32_t TK[20];
356
357	CAMELLIA_VALIDATE_RET( ctx != NULL );
358	CAMELLIA_VALIDATE_RET( key != NULL );
359
360	RK = ctx->rk;
361
362	memset( t, 0, 64 );
363	memset( RK, 0, sizeof(ctx->rk) );
364
365	switch( keybits )
366	{
367	case 128: ctx->nr = 3; idx = 0; break;
368	case 192:
369	case 256: ctx->nr = 4; idx = 1; break;
370	default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
371	}
372
373	for( i = 0; i < keybits / 8; ++i )
374	t[i] = key[i];
375
376	if( keybits == 192 ) {
377	for( i = 0; i < 8; i++ )
378	t[24 + i] = ~t[16 + i];
379	}
380
381	/*
382	* Prepare SIGMA values
383	*/
384	for( i = 0; i < 6; i++ ) {
385	GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
386	GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
387	}
388
389	/*
390	* Key storage in KC
391	* Order: KL, KR, KA, KB
392	*/
393	memset( KC, 0, sizeof(KC) );
394
395	/* Store KL, KR */
396	for( i = 0; i < 8; i++ )
397	GET_UINT32_BE( KC[i], t, i * 4 );
398
399	/* Generate KA */
400	for( i = 0; i < 4; ++i )
401	KC[8 + i] = KC[i] ^ KC[4 + i];
402
403	camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
404	camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
405
406	for( i = 0; i < 4; ++i )
407	KC[8 + i] ^= KC[i];
408
409	camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
410	camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
411
412	if( keybits > 128 ) {
413	/* Generate KB */
414	for( i = 0; i < 4; ++i )
415	KC[12 + i] = KC[4 + i] ^ KC[8 + i];
416
417	camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
418	camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
419	}
420
421	/*
422	* Generating subkeys
423	*/
424
425	/* Manipulating KL */
426	SHIFT_AND_PLACE( idx, 0 );
427
428	/* Manipulating KR */
429	if( keybits > 128 ) {
430	SHIFT_AND_PLACE( idx, 1 );
431	}
432
433	/* Manipulating KA */
434	SHIFT_AND_PLACE( idx, 2 );
435
436	/* Manipulating KB */
437	if( keybits > 128 ) {
438	SHIFT_AND_PLACE( idx, 3 );
439	}
440
441	/* Do transpositions */
442	for( i = 0; i < 20; i++ ) {
443	if( transposes[idx][i] != -1 ) {
444	RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
445	}
446	}
447
448	return( 0 );
449	}
450
451	/*
452	* Camellia key schedule (decryption)
453	*/
454	int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
455	const unsigned char *key,
456	unsigned int keybits )
457	{
458	int idx, ret;
459	size_t i;
460	mbedtls_camellia_context cty;
461	uint32_t *RK;
462	uint32_t *SK;
463	CAMELLIA_VALIDATE_RET( ctx != NULL );
464	CAMELLIA_VALIDATE_RET( key != NULL );
465
466	mbedtls_camellia_init( &cty );
467
468	/* Also checks keybits */
469	if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
470	goto exit;
471
472	ctx->nr = cty.nr;
473	idx = ( ctx->nr == 4 );
474
475	RK = ctx->rk;
476	SK = cty.rk + 24 * 2 + 8 * idx * 2;
477
478	RK++ = SK++;
479	RK++ = SK++;
480	RK++ = SK++;
481	RK++ = SK++;
482
483	for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
484	{
485	RK++ = SK++;
486	RK++ = SK++;
487	}
488
489	SK -= 2;
490
491	RK++ = SK++;
492	RK++ = SK++;
493	RK++ = SK++;
494	RK++ = SK++;
495
496	exit:
497	mbedtls_camellia_free( &cty );
498
499	return( ret );
500	}
501
502	/*
503	* Camellia-ECB block encryption/decryption
504	*/
505	int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
506	int mode,
507	const unsigned char input[16],
508	unsigned char output[16] )
509	{
510	int NR;
511	uint32_t *RK, X[4];
512	CAMELLIA_VALIDATE_RET( ctx != NULL );
513	CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT \|\|
514	mode == MBEDTLS_CAMELLIA_DECRYPT );
515	CAMELLIA_VALIDATE_RET( input != NULL );
516	CAMELLIA_VALIDATE_RET( output != NULL );
517
518	( (void) mode );
519
520	NR = ctx->nr;
521	RK = ctx->rk;
522
523	GET_UINT32_BE( X[0], input, 0 );
524	GET_UINT32_BE( X[1], input, 4 );
525	GET_UINT32_BE( X[2], input, 8 );
526	GET_UINT32_BE( X[3], input, 12 );
527
528	X[0] ^= *RK++;
529	X[1] ^= *RK++;
530	X[2] ^= *RK++;
531	X[3] ^= *RK++;
532
533	while( NR ) {
534	--NR;
535	camellia_feistel( X, RK, X + 2 );
536	RK += 2;
537	camellia_feistel( X + 2, RK, X );
538	RK += 2;
539	camellia_feistel( X, RK, X + 2 );
540	RK += 2;
541	camellia_feistel( X + 2, RK, X );
542	RK += 2;
543	camellia_feistel( X, RK, X + 2 );
544	RK += 2;
545	camellia_feistel( X + 2, RK, X );
546	RK += 2;
547
548	if( NR ) {
549	FL(X[0], X[1], RK[0], RK[1]);
550	RK += 2;
551	FLInv(X[2], X[3], RK[0], RK[1]);
552	RK += 2;
553	}
554	}
555
556	X[2] ^= *RK++;
557	X[3] ^= *RK++;
558	X[0] ^= *RK++;
559	X[1] ^= *RK++;
560
561	PUT_UINT32_BE( X[2], output, 0 );
562	PUT_UINT32_BE( X[3], output, 4 );
563	PUT_UINT32_BE( X[0], output, 8 );
564	PUT_UINT32_BE( X[1], output, 12 );
565
566	return( 0 );
567	}
568
569	#if defined(MBEDTLS_CIPHER_MODE_CBC)
570	/*
571	* Camellia-CBC buffer encryption/decryption
572	*/
573	int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
574	int mode,
575	size_t length,
576	unsigned char iv[16],
577	const unsigned char *input,
578	unsigned char *output )
579	{
580	int i;
581	unsigned char temp[16];
582	CAMELLIA_VALIDATE_RET( ctx != NULL );
583	CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT \|\|
584	mode == MBEDTLS_CAMELLIA_DECRYPT );
585	CAMELLIA_VALIDATE_RET( iv != NULL );
586	CAMELLIA_VALIDATE_RET( length == 0 \|\| input != NULL );
587	CAMELLIA_VALIDATE_RET( length == 0 \|\| output != NULL );
588
589	if( length % 16 )
590	return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
591
592	if( mode == MBEDTLS_CAMELLIA_DECRYPT )
593	{
594	while( length > 0 )
595	{
596	memcpy( temp, input, 16 );
597	mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
598
599	for( i = 0; i < 16; i++ )
600	output[i] = (unsigned char)( output[i] ^ iv[i] );
601
602	memcpy( iv, temp, 16 );
603
604	input += 16;
605	output += 16;
606	length -= 16;
607	}
608	}
609	else
610	{
611	while( length > 0 )
612	{
613	for( i = 0; i < 16; i++ )
614	output[i] = (unsigned char)( input[i] ^ iv[i] );
615
616	mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
617	memcpy( iv, output, 16 );
618
619	input += 16;
620	output += 16;
621	length -= 16;
622	}
623	}
624
625	return( 0 );
626	}
627	#endif /* MBEDTLS_CIPHER_MODE_CBC */
628
629	#if defined(MBEDTLS_CIPHER_MODE_CFB)
630	/*
631	* Camellia-CFB128 buffer encryption/decryption
632	*/
633	int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
634	int mode,
635	size_t length,
636	size_t *iv_off,
637	unsigned char iv[16],
638	const unsigned char *input,
639	unsigned char *output )
640	{
641	int c;
642	size_t n;
643	CAMELLIA_VALIDATE_RET( ctx != NULL );
644	CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT \|\|
645	mode == MBEDTLS_CAMELLIA_DECRYPT );
646	CAMELLIA_VALIDATE_RET( iv != NULL );
647	CAMELLIA_VALIDATE_RET( iv_off != NULL );
648	CAMELLIA_VALIDATE_RET( length == 0 \|\| input != NULL );
649	CAMELLIA_VALIDATE_RET( length == 0 \|\| output != NULL );
650
651	n = *iv_off;
652	if( n >= 16 )
653	return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
654
655	if( mode == MBEDTLS_CAMELLIA_DECRYPT )
656	{
657	while( length-- )
658	{
659	if( n == 0 )
660	mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
661
662	c = *input++;
663	*output++ = (unsigned char)( c ^ iv[n] );
664	iv[n] = (unsigned char) c;
665
666	n = ( n + 1 ) & 0x0F;
667	}
668	}
669	else
670	{
671	while( length-- )
672	{
673	if( n == 0 )
674	mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
675
676	iv[n] = output++ = (unsigned char)( iv[n] ^ input++ );
677
678	n = ( n + 1 ) & 0x0F;
679	}
680	}
681
682	*iv_off = n;
683
684	return( 0 );
685	}
686	#endif /* MBEDTLS_CIPHER_MODE_CFB */
687
688	#if defined(MBEDTLS_CIPHER_MODE_CTR)
689	/*
690	* Camellia-CTR buffer encryption/decryption
691	*/
692	int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
693	size_t length,
694	size_t *nc_off,
695	unsigned char nonce_counter[16],
696	unsigned char stream_block[16],
697	const unsigned char *input,
698	unsigned char *output )
699	{
700	int c, i;
701	size_t n;
702	CAMELLIA_VALIDATE_RET( ctx != NULL );
703	CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
704	CAMELLIA_VALIDATE_RET( stream_block != NULL );
705	CAMELLIA_VALIDATE_RET( nc_off != NULL );
706	CAMELLIA_VALIDATE_RET( length == 0 \|\| input != NULL );
707	CAMELLIA_VALIDATE_RET( length == 0 \|\| output != NULL );
708
709	n = *nc_off;
710	if( n >= 16 )
711	return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
712
713	while( length-- )
714	{
715	if( n == 0 ) {
716	mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
717	stream_block );
718
719	for( i = 16; i > 0; i-- )
720	if( ++nonce_counter[i - 1] != 0 )
721	break;
722	}
723	c = *input++;
724	*output++ = (unsigned char)( c ^ stream_block[n] );
725
726	n = ( n + 1 ) & 0x0F;
727	}
728
729	*nc_off = n;
730
731	return( 0 );
732	}
733	#endif /* MBEDTLS_CIPHER_MODE_CTR */
734	#endif /* !MBEDTLS_CAMELLIA_ALT */
735
736	#if defined(MBEDTLS_SELF_TEST)
737
738	/*
739	* Camellia test vectors from:
740	*
741	* http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
742	* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
743	* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
744	* (For each bitlength: Key 0, Nr 39)
745	*/
746	#define CAMELLIA_TESTS_ECB 2
747
748	static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
749	{
750	{
751	{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
752	0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
753	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
754	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
755	},
756	{
757	{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
758	0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
759	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
760	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
761	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
762	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
763	},
764	{
765	{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
766	0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
767	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
768	0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
769	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
770	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
771	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
772	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
773	},
774	};
775
776	static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
777	{
778	{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
779	0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
780	{ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
781	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
782	};
783
784	static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
785	{
786	{
787	{ 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
788	0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
789	{ 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
790	0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
791	},
792	{
793	{ 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
794	0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
795	{ 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
796	0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
797	},
798	{
799	{ 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
800	0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
801	{ 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
802	0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
803	}
804	};
805
806	#if defined(MBEDTLS_CIPHER_MODE_CBC)
807	#define CAMELLIA_TESTS_CBC 3
808
809	static const unsigned char camellia_test_cbc_key[3][32] =
810	{
811	{ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
812	0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
813	,
814	{ 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
815	0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
816	0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
817	,
818	{ 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
819	0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
820	0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
821	0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
822	};
823
824	static const unsigned char camellia_test_cbc_iv[16] =
825
826	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
827	0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
828	;
829
830	static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
831	{
832	{ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
833	0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
834	{ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
835	0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
836	{ 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
837	0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
838
839	};
840
841	static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
842	{
843	{
844	{ 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
845	0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
846	{ 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
847	0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
848	{ 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
849	0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
850	},
851	{
852	{ 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
853	0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
854	{ 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
855	0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
856	{ 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
857	0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
858	},
859	{
860	{ 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
861	0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
862	{ 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
863	0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
864	{ 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
865	0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
866	}
867	};
868	#endif /* MBEDTLS_CIPHER_MODE_CBC */
869
870	#if defined(MBEDTLS_CIPHER_MODE_CTR)
871	/*
872	* Camellia-CTR test vectors from:
873	*
874	* http://www.faqs.org/rfcs/rfc5528.html
875	*/
876
877	static const unsigned char camellia_test_ctr_key[3][16] =
878	{
879	{ 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
880	0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
881	{ 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
882	0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
883	{ 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
884	0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
885	};
886
887	static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
888	{
889	{ 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
890	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
891	{ 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
892	0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
893	{ 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
894	0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
895	};
896
897	static const unsigned char camellia_test_ctr_pt[3][48] =
898	{
899	{ 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
900	0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
901
902	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
903	0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
904	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
905	0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
906
907	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
908	0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
909	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
910	0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
911	0x20, 0x21, 0x22, 0x23 }
912	};
913
914	static const unsigned char camellia_test_ctr_ct[3][48] =
915	{
916	{ 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
917	0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
918	{ 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
919	0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
920	0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
921	0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
922	{ 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
923	0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
924	0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
925	0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
926	0xDF, 0x50, 0x86, 0x96 }
927	};
928
929	static const int camellia_test_ctr_len[3] =
930	{ 16, 32, 36 };
931	#endif /* MBEDTLS_CIPHER_MODE_CTR */
932
933	/*
934	* Checkup routine
935	*/
936	int mbedtls_camellia_self_test( int verbose )
937	{
938	int i, j, u, v;
939	unsigned char key[32];
940	unsigned char buf[64];
941	unsigned char src[16];
942	unsigned char dst[16];
943	#if defined(MBEDTLS_CIPHER_MODE_CBC)
944	unsigned char iv[16];
945	#endif
946	#if defined(MBEDTLS_CIPHER_MODE_CTR)
947	size_t offset, len;
948	unsigned char nonce_counter[16];
949	unsigned char stream_block[16];
950	#endif
951
952	mbedtls_camellia_context ctx;
953
954	memset( key, 0, 32 );
955
956	for( j = 0; j < 6; j++ ) {
957	u = j >> 1;
958	v = j & 1;
959
960	if( verbose != 0 )
961	mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
962	(v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
963
964	for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
965	memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
966
967	if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
968	mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
969	memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
970	memcpy( dst, camellia_test_ecb_plain[i], 16 );
971	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
972	mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
973	memcpy( src, camellia_test_ecb_plain[i], 16 );
974	memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
975	}
976
977	mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
978
979	if( memcmp( buf, dst, 16 ) != 0 )
980	{
981	if( verbose != 0 )
982	mbedtls_printf( "failed\n" );
983
984	return( 1 );
985	}
986	}
987
988	if( verbose != 0 )
989	mbedtls_printf( "passed\n" );
990	}
991
992	if( verbose != 0 )
993	mbedtls_printf( "\n" );
994
995	#if defined(MBEDTLS_CIPHER_MODE_CBC)
996	/*
997	* CBC mode
998	*/
999	for( j = 0; j < 6; j++ )
1000	{
1001	u = j >> 1;
1002	v = j & 1;
1003
1004	if( verbose != 0 )
1005	mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
1006	( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
1007
1008	memcpy( src, camellia_test_cbc_iv, 16 );
1009	memcpy( dst, camellia_test_cbc_iv, 16 );
1010	memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
1011
1012	if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
1013	mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
1014	} else {
1015	mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
1016	}
1017
1018	for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
1019
1020	if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
1021	memcpy( iv , src, 16 );
1022	memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
1023	memcpy( dst, camellia_test_cbc_plain[i], 16 );
1024	} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
1025	memcpy( iv , dst, 16 );
1026	memcpy( src, camellia_test_cbc_plain[i], 16 );
1027	memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
1028	}
1029
1030	mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
1031
1032	if( memcmp( buf, dst, 16 ) != 0 )
1033	{
1034	if( verbose != 0 )
1035	mbedtls_printf( "failed\n" );
1036
1037	return( 1 );
1038	}
1039	}
1040
1041	if( verbose != 0 )
1042	mbedtls_printf( "passed\n" );
1043	}
1044	#endif /* MBEDTLS_CIPHER_MODE_CBC */
1045
1046	if( verbose != 0 )
1047	mbedtls_printf( "\n" );
1048
1049	#if defined(MBEDTLS_CIPHER_MODE_CTR)
1050	/*
1051	* CTR mode
1052	*/
1053	for( i = 0; i < 6; i++ )
1054	{
1055	u = i >> 1;
1056	v = i & 1;
1057
1058	if( verbose != 0 )
1059	mbedtls_printf( " CAMELLIA-CTR-128 (%s): ",
1060	( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
1061
1062	memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1063	memcpy( key, camellia_test_ctr_key[u], 16 );
1064
1065	offset = 0;
1066	mbedtls_camellia_setkey_enc( &ctx, key, 128 );
1067
1068	if( v == MBEDTLS_CAMELLIA_DECRYPT )
1069	{
1070	len = camellia_test_ctr_len[u];
1071	memcpy( buf, camellia_test_ctr_ct[u], len );
1072
1073	mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1074	buf, buf );
1075
1076	if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1077	{
1078	if( verbose != 0 )
1079	mbedtls_printf( "failed\n" );
1080
1081	return( 1 );
1082	}
1083	}
1084	else
1085	{
1086	len = camellia_test_ctr_len[u];
1087	memcpy( buf, camellia_test_ctr_pt[u], len );
1088
1089	mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1090	buf, buf );
1091
1092	if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1093	{
1094	if( verbose != 0 )
1095	mbedtls_printf( "failed\n" );
1096
1097	return( 1 );
1098	}
1099	}
1100
1101	if( verbose != 0 )
1102	mbedtls_printf( "passed\n" );
1103	}
1104
1105	if( verbose != 0 )
1106	mbedtls_printf( "\n" );
1107	#endif /* MBEDTLS_CIPHER_MODE_CTR */
1108
1109	return( 0 );
1110	}
1111
1112	#endif /* MBEDTLS_SELF_TEST */
1113
1114	#endif /* MBEDTLS_CAMELLIA_C */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: azure_iot_hub_mbedtls/trunk/mbedtls-2.16.1/library/camellia.c@ 398

Download in other formats: