TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / b9e4e2c97a2e448090ff3fcc0f99b8f6dbc08897 / . / library / camellia.c
blob: 524e6ffae45a344f8d7b1194d8c13913fd41ee65 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]26 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]28 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]29 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]30 */
31
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]33#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]34#else
35#include POLARSSL_CONFIG_FILE
36#endif
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]37
38#if defined(POLARSSL_CAMELLIA_C)
39
40#include "polarssl/camellia.h"
41
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]42#if defined(POLARSSL_PLATFORM_C)
43#include "polarssl/platform.h"
44#else
45#define polarssl_printf printf
46#endif
47
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]48#if !defined(POLARSSL_CAMELLIA_ALT)
49
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]50/*
51 * 32-bit integer manipulation macros (big endian)
52 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]53#ifndef GET_UINT32_BE
54#define GET_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]55{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]56 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
57 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
58 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
59 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]60}
61#endif
62
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]63#ifndef PUT_UINT32_BE
64#define PUT_UINT32_BE(n,b,i) \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]65{ \
66 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
67 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
68 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
69 (b)[(i) + 3] = (unsigned char) ( (n) ); \
70}
71#endif
72
73static const unsigned char SIGMA_CHARS[6][8] =
74{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]75 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
76 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
77 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
78 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
79 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
80 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]81};
82
Paul Bakker33008ee2011-11-18 12:58:25 +0000[diff] [blame]83#if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]84
85static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]86{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]87 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
88 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
89 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
90 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
91 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
92 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
93 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
94 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
95 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
96 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
97 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
98 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
99 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
100 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
101 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
102 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]103};
104
105#define SBOX1(n) FSb[(n)]
106#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
107#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]108#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
109
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]110#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]111
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]112static const unsigned char FSb[256] =
113{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]114 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
115 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
116 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
117 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
118 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
119 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
120 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
121 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
122 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
123 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
124 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
125 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
126 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
127 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
128 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
129 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]130};
131
132static const unsigned char FSb2[256] =
133{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]134 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
135 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
136 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
137 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
138 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
139 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
140 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
141 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
142 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
143 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
144 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
145 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
146 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
147 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
148 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
149 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]150};
151
152static const unsigned char FSb3[256] =
153{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]154 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
155 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
156 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
157 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
158 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
159 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
160 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
161 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
162 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
163 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
164 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
165 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
166 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
167 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
168 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
169 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]170};
171
172static const unsigned char FSb4[256] =
173{
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]174 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
175 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
176 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
177 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
178 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
179 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
180 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
181 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
182 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
183 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
184 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
185 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
186 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
187 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
188 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
189 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]190};
191
192#define SBOX1(n) FSb[(n)]
193#define SBOX2(n) FSb2[(n)]
194#define SBOX3(n) FSb3[(n)]
195#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]196
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]197#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]198
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]199static const unsigned char shifts[2][4][4] =
200{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]201 {
202 { 1, 1, 1, 1 }, /* KL */
203 { 0, 0, 0, 0 }, /* KR */
204 { 1, 1, 1, 1 }, /* KA */
205 { 0, 0, 0, 0 } /* KB */
206 },
207 {
208 { 1, 0, 1, 1 }, /* KL */
209 { 1, 1, 0, 1 }, /* KR */
210 { 1, 1, 1, 0 }, /* KA */
211 { 1, 1, 0, 1 } /* KB */
212 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]213};
214
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]215static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]216{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]217 {
218 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
219 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
220 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
221 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
222 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
223 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
224 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
225 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
226 },
227 {
228 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
229 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
230 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
231 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
232 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
233 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
234 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
235 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
236 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]237};
238
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]239static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]240{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]241 {
242 21, 22, 23, 20,
243 -1, -1, -1, -1,
244 18, 19, 16, 17,
245 11, 8, 9, 10,
246 15, 12, 13, 14
247 },
248 {
249 25, 26, 27, 24,
250 29, 30, 31, 28,
251 18, 19, 16, 17,
252 -1, -1, -1, -1,
253 -1, -1, -1, -1
254 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]255};
256
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]257/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]258#define ROTL(DEST, SRC, SHIFT) \
259{ \
260 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
261 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
262 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
263 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]264}
265
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]266#define FL(XL, XR, KL, KR) \
267{ \
268 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
269 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]270}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]271
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]272#define FLInv(YL, YR, KL, KR) \
273{ \
274 (YL) = ((YR) | (KR)) ^ (YL); \
275 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]276}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]277
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]278#define SHIFT_AND_PLACE(INDEX, OFFSET) \
279{ \
280 TK[0] = KC[(OFFSET) * 4 + 0]; \
281 TK[1] = KC[(OFFSET) * 4 + 1]; \
282 TK[2] = KC[(OFFSET) * 4 + 2]; \
283 TK[3] = KC[(OFFSET) * 4 + 3]; \
284 \
285 for ( i = 1; i <= 4; i++ ) \
286 if (shifts[(INDEX)][(OFFSET)][i -1]) \
287 ROTL(TK + i * 4, TK, (15 * i) % 32); \
288 \
289 for ( i = 0; i < 20; i++ ) \
290 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
291 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
292 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]293}
294
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]295static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
296 uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]297{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]298 uint32_t I0, I1;
299 I0 = x[0] ^ k[0];
300 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]301
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]302 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
303 (SBOX2((I0 >> 16) & 0xFF) << 16) |
304 (SBOX3((I0 >> 8) & 0xFF) << 8) |
305 (SBOX4((I0 ) & 0xFF) );
306 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
307 (SBOX3((I1 >> 16) & 0xFF) << 16) |
308 (SBOX4((I1 >> 8) & 0xFF) << 8) |
309 (SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]310
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]311 I0 ^= (I1 << 8) | (I1 >> 24);
312 I1 ^= (I0 << 16) | (I0 >> 16);
313 I0 ^= (I1 >> 8) | (I1 << 24);
314 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]315
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]316 z[0] ^= I1;
317 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]318}
319
320/*
321 * Camellia key schedule (encryption)
322 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]323int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
324 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]325{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]326 int idx;
327 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]328 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]329 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]330 uint32_t SIGMA[6][2];
331 uint32_t KC[16];
332 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]333
334 RK = ctx->rk;
335
336 memset(t, 0, 64);
337 memset(RK, 0, sizeof(ctx->rk));
338
339 switch( keysize )
340 {
341 case 128: ctx->nr = 3; idx = 0; break;
342 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]343 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]344 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]345 }
346
347 for( i = 0; i < keysize / 8; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]348 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]349
350 if (keysize == 192) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]351 for (i = 0; i < 8; i++)
352 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]353 }
354
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]355 /*
356 * Prepare SIGMA values
357 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]358 for (i = 0; i < 6; i++) {
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]359 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
360 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]361 }
362
363 /*
364 * Key storage in KC
365 * Order: KL, KR, KA, KB
366 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]367 memset(KC, 0, sizeof(KC));
368
369 /* Store KL, KR */
370 for (i = 0; i < 8; i++)
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]371 GET_UINT32_BE(KC[i], t, i * 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]372
373 /* Generate KA */
374 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]375 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]376
377 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
378 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
379
380 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]381 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]382
383 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
384 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
385
386 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]387 /* Generate KB */
388 for( i = 0; i < 4; ++i)
389 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]390
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]391 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
392 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]393 }
394
395 /*
396 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]397 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]398
399 /* Manipulating KL */
400 SHIFT_AND_PLACE(idx, 0);
401
402 /* Manipulating KR */
403 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]404 SHIFT_AND_PLACE(idx, 1);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]405 }
406
407 /* Manipulating KA */
408 SHIFT_AND_PLACE(idx, 2);
409
410 /* Manipulating KB */
411 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]412 SHIFT_AND_PLACE(idx, 3);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]413 }
414
415 /* Do transpositions */
416 for ( i = 0; i < 20; i++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]417 if (transposes[idx][i] != -1) {
418 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
419 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]420 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]421
422 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]423}
424
425/*
426 * Camellia key schedule (decryption)
427 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]428int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
429 unsigned int keysize )
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]430{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]431 int idx;
432 size_t i;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]433 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]434 uint32_t *RK;
435 uint32_t *SK;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]436 int ret;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]437
438 switch( keysize )
439 {
440 case 128: ctx->nr = 3; idx = 0; break;
441 case 192:
442 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]443 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]444 }
445
446 RK = ctx->rk;
447
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]448 ret = camellia_setkey_enc(&cty, key, keysize);
449 if( ret != 0 )
450 return( ret );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]451
452 SK = cty.rk + 24 * 2 + 8 * idx * 2;
453
454 *RK++ = *SK++;
455 *RK++ = *SK++;
456 *RK++ = *SK++;
457 *RK++ = *SK++;
458
459 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
460 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]461 *RK++ = *SK++;
462 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]463 }
464
465 SK -= 2;
466
467 *RK++ = *SK++;
468 *RK++ = *SK++;
469 *RK++ = *SK++;
470 *RK++ = *SK++;
471
472 memset( &cty, 0, sizeof( camellia_context ) );
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]473
474 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]475}
476
477/*
478 * Camellia-ECB block encryption/decryption
479 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]480int camellia_crypt_ecb( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]481 int mode,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]482 const unsigned char input[16],
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]483 unsigned char output[16] )
484{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]485 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]486 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]487
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]488 ( (void) mode );
489
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]490 NR = ctx->nr;
491 RK = ctx->rk;
492
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]493 GET_UINT32_BE( X[0], input, 0 );
494 GET_UINT32_BE( X[1], input, 4 );
495 GET_UINT32_BE( X[2], input, 8 );
496 GET_UINT32_BE( X[3], input, 12 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]497
498 X[0] ^= *RK++;
499 X[1] ^= *RK++;
500 X[2] ^= *RK++;
501 X[3] ^= *RK++;
502
503 while (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]504 --NR;
505 camellia_feistel(X, RK, X + 2);
506 RK += 2;
507 camellia_feistel(X + 2, RK, X);
508 RK += 2;
509 camellia_feistel(X, RK, X + 2);
510 RK += 2;
511 camellia_feistel(X + 2, RK, X);
512 RK += 2;
513 camellia_feistel(X, RK, X + 2);
514 RK += 2;
515 camellia_feistel(X + 2, RK, X);
516 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]517
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]518 if (NR) {
519 FL(X[0], X[1], RK[0], RK[1]);
520 RK += 2;
521 FLInv(X[2], X[3], RK[0], RK[1]);
522 RK += 2;
523 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]524 }
525
526 X[2] ^= *RK++;
527 X[3] ^= *RK++;
528 X[0] ^= *RK++;
529 X[1] ^= *RK++;
530
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]531 PUT_UINT32_BE( X[2], output, 0 );
532 PUT_UINT32_BE( X[3], output, 4 );
533 PUT_UINT32_BE( X[0], output, 8 );
534 PUT_UINT32_BE( X[1], output, 12 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]535
536 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]537}
538
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]539#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]540/*
541 * Camellia-CBC buffer encryption/decryption
542 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]543int camellia_crypt_cbc( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]544 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]545 size_t length,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]546 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]547 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]548 unsigned char *output )
549{
550 int i;
551 unsigned char temp[16];
552
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]553 if( length % 16 )
554 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
555
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]556 if( mode == CAMELLIA_DECRYPT )
557 {
558 while( length > 0 )
559 {
560 memcpy( temp, input, 16 );
561 camellia_crypt_ecb( ctx, mode, input, output );
562
563 for( i = 0; i < 16; i++ )
564 output[i] = (unsigned char)( output[i] ^ iv[i] );
565
566 memcpy( iv, temp, 16 );
567
568 input += 16;
569 output += 16;
570 length -= 16;
571 }
572 }
573 else
574 {
575 while( length > 0 )
576 {
577 for( i = 0; i < 16; i++ )
578 output[i] = (unsigned char)( input[i] ^ iv[i] );
579
580 camellia_crypt_ecb( ctx, mode, output, output );
581 memcpy( iv, output, 16 );
582
583 input += 16;
584 output += 16;
585 length -= 16;
586 }
587 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]588
589 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]590}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]591#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]592
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]593#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]594/*
595 * Camellia-CFB128 buffer encryption/decryption
596 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]597int camellia_crypt_cfb128( camellia_context *ctx,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]598 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]599 size_t length,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]600 size_t *iv_off,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]601 unsigned char iv[16],
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]602 const unsigned char *input,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]603 unsigned char *output )
604{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]605 int c;
606 size_t n = *iv_off;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]607
608 if( mode == CAMELLIA_DECRYPT )
609 {
610 while( length-- )
611 {
612 if( n == 0 )
613 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
614
615 c = *input++;
616 *output++ = (unsigned char)( c ^ iv[n] );
617 iv[n] = (unsigned char) c;
618
619 n = (n + 1) & 0x0F;
620 }
621 }
622 else
623 {
624 while( length-- )
625 {
626 if( n == 0 )
627 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
628
629 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
630
631 n = (n + 1) & 0x0F;
632 }
633 }
634
635 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]636
637 return( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]638}
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]639#endif /* POLARSSL_CIPHER_MODE_CFB */
640
641#if defined(POLARSSL_CIPHER_MODE_CTR)
642/*
643 * Camellia-CTR buffer encryption/decryption
644 */
645int camellia_crypt_ctr( camellia_context *ctx,
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]646 size_t length,
647 size_t *nc_off,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]648 unsigned char nonce_counter[16],
649 unsigned char stream_block[16],
650 const unsigned char *input,
651 unsigned char *output )
652{
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]653 int c, i;
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]654 size_t n = *nc_off;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]655
656 while( length-- )
657 {
658 if( n == 0 ) {
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]659 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
660 stream_block );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]661
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]662 for( i = 16; i > 0; i-- )
663 if( ++nonce_counter[i - 1] != 0 )
664 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]665 }
666 c = *input++;
667 *output++ = (unsigned char)( c ^ stream_block[n] );
668
669 n = (n + 1) & 0x0F;
670 }
671
672 *nc_off = n;
673
674 return( 0 );
675}
676#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]677#endif /* !POLARSSL_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]678
679#if defined(POLARSSL_SELF_TEST)
680
681#include <stdio.h>
682
683/*
684 * Camellia test vectors from:
685 *
686 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
687 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
688 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]689 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]690 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]691#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]692
693static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
694{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]695 {
696 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
697 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]698 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]699 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
700 },
701 {
702 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
703 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
704 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]705 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
707 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
708 },
709 {
710 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
711 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
712 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
713 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]714 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]715 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
716 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]719};
720
721static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
722{
723 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
724 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]725 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
727};
728
729static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
730{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]731 {
732 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
733 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
734 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
735 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
736 },
737 {
738 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
739 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
740 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
741 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
742 },
743 {
744 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
745 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
746 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
747 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
748 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]749};
750
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]751#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]752#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]753
754static const unsigned char camellia_test_cbc_key[3][32] =
755{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]756 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
757 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
758 ,
759 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
760 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
761 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
762 ,
763 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
764 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
765 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
766 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]767};
768
769static const unsigned char camellia_test_cbc_iv[16] =
770
771 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
772 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
773;
774
775static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
776{
777 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
778 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
779 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
780 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
781 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
782 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
783
784};
785
786static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
787{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]788 {
789 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
790 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
791 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
792 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
793 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
794 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
795 },
796 {
797 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
798 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
799 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
800 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
801 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
802 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
803 },
804 {
805 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
806 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
807 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
808 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
809 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
810 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
811 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]812};
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]813#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]814
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]815#if defined(POLARSSL_CIPHER_MODE_CTR)
816/*
817 * Camellia-CTR test vectors from:
818 *
819 * http://www.faqs.org/rfcs/rfc5528.html
820 */
821
822static const unsigned char camellia_test_ctr_key[3][16] =
823{
824 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
825 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
826 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
827 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
828 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
829 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
830};
831
832static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
833{
834 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
835 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
836 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
837 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
838 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
839 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
840};
841
842static const unsigned char camellia_test_ctr_pt[3][48] =
843{
844 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
845 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
846
847 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
848 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
849 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
850 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
851
852 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
853 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
854 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
855 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
856 0x20, 0x21, 0x22, 0x23 }
857};
858
859static const unsigned char camellia_test_ctr_ct[3][48] =
860{
861 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
862 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
863 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
864 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
865 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
866 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
867 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
868 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
869 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
870 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
871 0xDF, 0x50, 0x86, 0x96 }
872};
873
874static const int camellia_test_ctr_len[3] =
875 { 16, 32, 36 };
876#endif /* POLARSSL_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]877
878/*
879 * Checkup routine
880 */
881int camellia_self_test( int verbose )
882{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]883 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]884 unsigned char key[32];
885 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]886 unsigned char src[16];
887 unsigned char dst[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]888#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]889 unsigned char iv[16];
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]890#endif
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]891#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]892 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]893 unsigned char nonce_counter[16];
894 unsigned char stream_block[16];
895#endif
896
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]897 camellia_context ctx;
898
899 memset( key, 0, 32 );
900
901 for (j = 0; j < 6; j++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]902 u = j >> 1;
903 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]904
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]905 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]906 polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
907 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]908
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]909 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
910 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]911
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]912 if (v == CAMELLIA_DECRYPT) {
913 camellia_setkey_dec(&ctx, key, 128 + u * 64);
914 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
915 memcpy(dst, camellia_test_ecb_plain[i], 16);
916 } else { /* CAMELLIA_ENCRYPT */
917 camellia_setkey_enc(&ctx, key, 128 + u * 64);
918 memcpy(src, camellia_test_ecb_plain[i], 16);
919 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
920 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]921
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]922 camellia_crypt_ecb(&ctx, v, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]923
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]924 if( memcmp( buf, dst, 16 ) != 0 )
925 {
926 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]927 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]928
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]929 return( 1 );
930 }
931 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]932
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]933 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]934 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]935 }
936
937 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]938 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]939
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]940#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]941 /*
942 * CBC mode
943 */
944 for( j = 0; j < 6; j++ )
945 {
946 u = j >> 1;
947 v = j & 1;
948
949 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]950 polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
951 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]952
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]953 memcpy( src, camellia_test_cbc_iv, 16);
954 memcpy( dst, camellia_test_cbc_iv, 16);
955 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]956
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]957 if (v == CAMELLIA_DECRYPT) {
958 camellia_setkey_dec(&ctx, key, 128 + u * 64);
959 } else {
960 camellia_setkey_enc(&ctx, key, 128 + u * 64);
961 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]962
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]963 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]964
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]965 if (v == CAMELLIA_DECRYPT) {
966 memcpy( iv , src, 16 );
967 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
968 memcpy(dst, camellia_test_cbc_plain[i], 16);
969 } else { /* CAMELLIA_ENCRYPT */
970 memcpy( iv , dst, 16 );
971 memcpy(src, camellia_test_cbc_plain[i], 16);
972 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
973 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]974
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]975 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]976
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]977 if( memcmp( buf, dst, 16 ) != 0 )
978 {
979 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]980 polarssl_printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]981
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]982 return( 1 );
983 }
984 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]985
986 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]987 polarssl_printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]988 }
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]989#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]990
991 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]992 polarssl_printf( "\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]993
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]994#if defined(POLARSSL_CIPHER_MODE_CTR)
995 /*
996 * CTR mode
997 */
998 for( i = 0; i < 6; i++ )
999 {
1000 u = i >> 1;
1001 v = i & 1;
1002
1003 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1004 polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
1005 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1006
1007 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1008 memcpy( key, camellia_test_ctr_key[u], 16 );
1009
1010 offset = 0;
1011 camellia_setkey_enc( &ctx, key, 128 );
1012
1013 if( v == CAMELLIA_DECRYPT )
1014 {
1015 len = camellia_test_ctr_len[u];
1016 memcpy( buf, camellia_test_ctr_ct[u], len );
1017
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]1018 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1019 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1020
1021 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1022 {
1023 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1024 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1025
1026 return( 1 );
1027 }
1028 }
1029 else
1030 {
1031 len = camellia_test_ctr_len[u];
1032 memcpy( buf, camellia_test_ctr_pt[u], len );
1033
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]1034 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1035 buf, buf );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1036
1037 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1038 {
1039 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1040 polarssl_printf( "failed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1041
1042 return( 1 );
1043 }
1044 }
1045
1046 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1047 polarssl_printf( "passed\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1048 }
1049
1050 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]1051 polarssl_printf( "\n" );
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1052#endif /* POLARSSL_CIPHER_MODE_CTR */
1053
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1054 return ( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1055}
1056
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1057#endif /* POLARSSL_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1058
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]1059#endif /* POLARSSL_CAMELLIA_C */