TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c0eabdc63657f784dee45167b010534cd3924cfa / . / library / camellia.c
blob: 16f2dd0ef42300f21ce5461348c46e6b0fd2c315 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]18 */
19/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]20 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
21 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]22 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]23 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]24 */
25
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]26#include "common.h"
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if defined(MBEDTLS_CAMELLIA_C)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]29
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]30# include "mbedtls/camellia.h"
31# include "mbedtls/platform_util.h"
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]32
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]33# include <string.h>
Manuel Pégourié-Gonnard394608e2015-02-17 16:01:07 +0100[diff] [blame]34
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]35# if defined(MBEDTLS_SELF_TEST)
36# if defined(MBEDTLS_PLATFORM_C)
37# include "mbedtls/platform.h"
38# else
39# include <stdio.h>
40# define mbedtls_printf printf
41# endif /* MBEDTLS_PLATFORM_C */
42# endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]43
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]44# if !defined(MBEDTLS_CAMELLIA_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]45
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]46/* Parameter validation macros */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]47# define CAMELLIA_VALIDATE_RET(cond) \
48 MBEDTLS_INTERNAL_VALIDATE_RET(cond, \
49 MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
50# define CAMELLIA_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]51
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]52/*
53 * 32-bit integer manipulation macros (big endian)
54 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]55# ifndef GET_UINT32_BE
56# define GET_UINT32_BE(n, b, i) \
57 { \
58 (n) = ((uint32_t)(b)[(i)] << 24) | \
59 ((uint32_t)(b)[(i) + 1] << 16) | \
60 ((uint32_t)(b)[(i) + 2] << 8) | \
61 ((uint32_t)(b)[(i) + 3]); \
62 }
63# endif
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]64
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]65# ifndef PUT_UINT32_BE
66# define PUT_UINT32_BE(n, b, i) \
67 { \
68 (b)[(i)] = (unsigned char)((n) >> 24); \
69 (b)[(i) + 1] = (unsigned char)((n) >> 16); \
70 (b)[(i) + 2] = (unsigned char)((n) >> 8); \
71 (b)[(i) + 3] = (unsigned char)((n)); \
72 }
73# endif
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]74
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]75static const unsigned char SIGMA_CHARS[6][8] = {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]76 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
77 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
78 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
79 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
80 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
81 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]82};
83
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]84# if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]85
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]86static const unsigned char FSb[256] = {
87 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174,
88 65, 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101,
89 146, 189, 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94,
90 197, 11, 26, 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214,
91 81, 86, 108, 77, 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43,
92 32, 240, 177, 132, 153, 223, 76, 203, 194, 52, 126, 118, 5, 109, 183,
93 169, 49, 209, 23, 4, 215, 20, 88, 58, 97, 222, 27, 17, 28, 50,
94 15, 156, 22, 83, 24, 242, 34, 254, 68, 207, 178, 195, 181, 122, 145,
95 36, 8, 232, 168, 96, 252, 105, 80, 170, 208, 160, 125, 161, 137, 98,
96 151, 84, 91, 30, 149, 224, 255, 100, 210, 16, 196, 0, 72, 163, 247,
97 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 135, 92, 131, 2, 205,
98 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 82, 155, 216, 38,
99 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 233, 121, 167,
100 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 120, 152,
101 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 114,
102 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
103 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128,
104 158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]105};
106
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]107# define SBOX1(n) FSb[(n)]
108# define SBOX2(n) \
109 (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
110# define SBOX3(n) \
111 (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
112# define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) & 0xff]
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]113
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]114# else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]115
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]116static const unsigned char FSb[256] = {
117 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174,
118 65, 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101,
119 146, 189, 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94,
120 197, 11, 26, 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214,
121 81, 86, 108, 77, 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43,
122 32, 240, 177, 132, 153, 223, 76, 203, 194, 52, 126, 118, 5, 109, 183,
123 169, 49, 209, 23, 4, 215, 20, 88, 58, 97, 222, 27, 17, 28, 50,
124 15, 156, 22, 83, 24, 242, 34, 254, 68, 207, 178, 195, 181, 122, 145,
125 36, 8, 232, 168, 96, 252, 105, 80, 170, 208, 160, 125, 161, 137, 98,
126 151, 84, 91, 30, 149, 224, 255, 100, 210, 16, 196, 0, 72, 163, 247,
127 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 135, 92, 131, 2, 205,
128 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 82, 155, 216, 38,
129 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 233, 121, 167,
130 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 120, 152,
131 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 114,
132 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
133 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128,
134 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]135};
136
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]137static const unsigned char FSb2[256] = {
138 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93,
139 130, 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202,
140 37, 123, 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188,
141 139, 22, 52, 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173,
142 162, 172, 216, 154, 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86,
143 64, 225, 99, 9, 51, 191, 152, 151, 133, 104, 252, 236, 10, 218, 111,
144 83, 98, 163, 46, 8, 175, 40, 176, 116, 194, 189, 54, 34, 56, 100,
145 30, 57, 44, 166, 48, 229, 68, 253, 136, 159, 101, 135, 107, 244, 35,
146 72, 16, 209, 81, 192, 249, 210, 160, 85, 161, 65, 250, 67, 19, 196,
147 47, 168, 182, 60, 43, 193, 255, 200, 165, 32, 137, 0, 144, 71, 239,
148 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, 15, 184, 7, 4, 155,
149 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, 164, 55, 177, 76,
150 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, 211, 242, 79,
151 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, 240, 49,
152 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, 228,
153 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
154 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1,
155 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]156};
157
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]158static const unsigned char FSb3[256] = {
159 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87,
160 160, 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178,
161 73, 222, 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47,
162 226, 133, 13, 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107,
163 168, 43, 54, 166, 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149,
164 16, 120, 216, 66, 204, 239, 38, 229, 97, 26, 63, 59, 130, 182, 219,
165 212, 152, 232, 139, 2, 235, 10, 44, 29, 176, 111, 141, 136, 14, 25,
166 135, 78, 11, 169, 12, 121, 17, 127, 34, 231, 89, 225, 218, 61, 200,
167 18, 4, 116, 84, 48, 126, 180, 40, 85, 104, 80, 190, 208, 196, 49,
168 203, 42, 173, 15, 202, 112, 255, 50, 105, 8, 98, 0, 36, 209, 251,
169 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, 195, 46, 193, 1, 230,
170 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, 41, 205, 108, 19,
171 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, 244, 188, 211,
172 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, 60, 76,
173 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, 57,
174 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
175 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64,
176 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]177};
178
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]179static const unsigned char FSb4[256] = {
180 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29,
181 146, 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90,
182 81, 108, 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109,
183 169, 209, 4, 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122,
184 36, 232, 96, 105, 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163,
185 117, 138, 230, 9, 221, 135, 131, 205, 144, 115, 246, 157, 191, 82, 216,
186 200, 198, 129, 111, 19, 99, 233, 167, 159, 188, 41, 249, 47, 180, 120,
187 6, 231, 113, 212, 171, 136, 141, 114, 185, 248, 172, 54, 42, 60, 241,
188 64, 211, 187, 67, 21, 173, 119, 128, 130, 236, 39, 229, 133, 53, 12,
189 65, 239, 147, 25, 33, 14, 78, 101, 189, 184, 143, 235, 206, 48, 95,
190 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, 13, 102, 204, 45, 18,
191 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, 88, 97, 27, 28,
192 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, 208, 125, 137,
193 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, 92, 2,
194 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, 121,
195 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
196 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199,
197 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]198};
199
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]200# define SBOX1(n) FSb[(n)]
201# define SBOX2(n) FSb2[(n)]
202# define SBOX3(n) FSb3[(n)]
203# define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]204
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]205# endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]206
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]207static const unsigned char shifts[2][4][4] = { {
208 { 1, 1, 1, 1 }, /* KL */
209 { 0, 0, 0, 0 }, /* KR */
210 { 1, 1, 1, 1 }, /* KA */
211 { 0, 0, 0, 0 } /* KB */
212 },
213 {
214 { 1, 0, 1, 1 }, /* KL */
215 { 1, 1, 0, 1 }, /* KR */
216 { 1, 1, 1, 0 }, /* KA */
217 { 1, 1, 0, 1 } /* KB */
218 } };
219
220static const signed char indexes[2][4][20] = {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]221 {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]222 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]223 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
224 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
225 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]226 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]227 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
228 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]229 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]230 },
231 {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]232 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]233 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]234 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]235 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
236 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
237 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]238 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
239 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]240 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]241};
242
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]243static const signed char transposes[2][20] = {
244 { 21, 22, 23, 20, -1, -1, -1, -1, 18, 19,
245 16, 17, 11, 8, 9, 10, 15, 12, 13, 14 },
246 { 25, 26, 27, 24, 29, 30, 31, 28, 18, 19,
247 16, 17, -1, -1, -1, -1, -1, -1, -1, -1 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]248};
249
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]250/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]251# define ROTL(DEST, SRC, SHIFT) \
252 { \
253 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
254 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
255 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
256 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
257 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]258
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]259# define FL(XL, XR, KL, KR) \
260 { \
261 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
262 (XL) = ((XR) | (KR)) ^ (XL); \
263 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]264
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]265# define FLInv(YL, YR, KL, KR) \
266 { \
267 (YL) = ((YR) | (KR)) ^ (YL); \
268 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
269 }
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]270
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]271# define SHIFT_AND_PLACE(INDEX, OFFSET) \
272 { \
273 TK[0] = KC[(OFFSET)*4 + 0]; \
274 TK[1] = KC[(OFFSET)*4 + 1]; \
275 TK[2] = KC[(OFFSET)*4 + 2]; \
276 TK[3] = KC[(OFFSET)*4 + 3]; \
277 \
278 for (i = 1; i <= 4; i++) \
279 if (shifts[(INDEX)][(OFFSET)][i - 1]) \
280 ROTL(TK + i * 4, TK, (15 * i) % 32); \
281 \
282 for (i = 0; i < 20; i++) \
283 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
284 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i]; \
285 } \
286 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]287
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]288static void
289camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]290{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]291 uint32_t I0, I1;
292 I0 = x[0] ^ k[0];
293 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]294
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]295 I0 = ((uint32_t)SBOX1((I0 >> 24) & 0xFF) << 24) |
296 ((uint32_t)SBOX2((I0 >> 16) & 0xFF) << 16) |
297 ((uint32_t)SBOX3((I0 >> 8) & 0xFF) << 8) |
298 ((uint32_t)SBOX4((I0)&0xFF));
299 I1 = ((uint32_t)SBOX2((I1 >> 24) & 0xFF) << 24) |
300 ((uint32_t)SBOX3((I1 >> 16) & 0xFF) << 16) |
301 ((uint32_t)SBOX4((I1 >> 8) & 0xFF) << 8) |
302 ((uint32_t)SBOX1((I1)&0xFF));
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]303
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]304 I0 ^= (I1 << 8) | (I1 >> 24);
305 I1 ^= (I0 << 16) | (I0 >> 16);
306 I0 ^= (I1 >> 8) | (I1 << 24);
307 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]308
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]309 z[0] ^= I1;
310 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]311}
312
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]313void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]314{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]315 CAMELLIA_VALIDATE(ctx != NULL);
316 memset(ctx, 0, sizeof(mbedtls_camellia_context));
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]317}
318
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]319void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]320{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]321 if (ctx == NULL)
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]322 return;
323
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]324 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]325}
326
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]327/*
328 * Camellia key schedule (encryption)
329 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]330int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
331 const unsigned char *key,
332 unsigned int keybits)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]333{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]334 int idx;
335 size_t i;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]336 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]337 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]338 uint32_t SIGMA[6][2];
339 uint32_t KC[16];
340 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]341
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]342 CAMELLIA_VALIDATE_RET(ctx != NULL);
343 CAMELLIA_VALIDATE_RET(key != NULL);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]344
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]345 RK = ctx->rk;
346
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]347 memset(t, 0, 64);
348 memset(RK, 0, sizeof(ctx->rk));
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]349
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]350 switch (keybits) {
351 case 128:
352 ctx->nr = 3;
353 idx = 0;
354 break;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]355 case 192:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]356 case 256:
357 ctx->nr = 4;
358 idx = 1;
359 break;
360 default:
361 return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]362 }
363
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]364 for (i = 0; i < keybits / 8; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]365 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]366
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]367 if (keybits == 192) {
368 for (i = 0; i < 8; i++)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]369 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]370 }
371
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]372 /*
373 * Prepare SIGMA values
374 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]375 for (i = 0; i < 6; i++) {
376 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
377 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]378 }
379
380 /*
381 * Key storage in KC
382 * Order: KL, KR, KA, KB
383 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]384 memset(KC, 0, sizeof(KC));
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]385
386 /* Store KL, KR */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]387 for (i = 0; i < 8; i++)
388 GET_UINT32_BE(KC[i], t, i * 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]389
390 /* Generate KA */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]391 for (i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]392 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]393
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]394 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
395 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]396
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]397 for (i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]398 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]399
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]400 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
401 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]402
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]403 if (keybits > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]404 /* Generate KB */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]405 for (i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]406 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]407
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]408 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
409 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]410 }
411
412 /*
413 * Generating subkeys
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]414 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]415
416 /* Manipulating KL */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]417 SHIFT_AND_PLACE(idx, 0);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]418
419 /* Manipulating KR */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]420 if (keybits > 128) {
421 SHIFT_AND_PLACE(idx, 1);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]422 }
423
424 /* Manipulating KA */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]425 SHIFT_AND_PLACE(idx, 2);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]426
427 /* Manipulating KB */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]428 if (keybits > 128) {
429 SHIFT_AND_PLACE(idx, 3);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]430 }
431
432 /* Do transpositions */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]433 for (i = 0; i < 20; i++) {
434 if (transposes[idx][i] != -1) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]435 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
436 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]437 }
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]438
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]439 return 0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]440}
441
442/*
443 * Camellia key schedule (decryption)
444 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]445int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
446 const unsigned char *key,
447 unsigned int keybits)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]448{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]449 int idx, ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]450 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]451 mbedtls_camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]452 uint32_t *RK;
453 uint32_t *SK;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]454 CAMELLIA_VALIDATE_RET(ctx != NULL);
455 CAMELLIA_VALIDATE_RET(key != NULL);
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]456
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]457 mbedtls_camellia_init(&cty);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]458
Manuel Pégourié-Gonnardb8186a52015-06-18 14:58:58 +0200[diff] [blame]459 /* Also checks keybits */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]460 if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0)
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]461 goto exit;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]462
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]463 ctx->nr = cty.nr;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]464 idx = (ctx->nr == 4);
Manuel Pégourié-Gonnard3ac6a2b2014-05-28 22:04:25 +0200[diff] [blame]465
466 RK = ctx->rk;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]467 SK = cty.rk + 24 * 2 + 8 * idx * 2;
468
469 *RK++ = *SK++;
470 *RK++ = *SK++;
471 *RK++ = *SK++;
472 *RK++ = *SK++;
473
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]474 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]475 *RK++ = *SK++;
476 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]477 }
478
479 SK -= 2;
480
481 *RK++ = *SK++;
482 *RK++ = *SK++;
483 *RK++ = *SK++;
484 *RK++ = *SK++;
485
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]486exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]487 mbedtls_camellia_free(&cty);
Paul Bakker2b222c82009-07-27 21:03:45 +0000[diff] [blame]488
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]489 return ret;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]490}
491
492/*
493 * Camellia-ECB block encryption/decryption
494 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]495int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
496 int mode,
497 const unsigned char input[16],
498 unsigned char output[16])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]499{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]500 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]501 uint32_t *RK, X[4];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]502 CAMELLIA_VALIDATE_RET(ctx != NULL);
503 CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
504 mode == MBEDTLS_CAMELLIA_DECRYPT);
505 CAMELLIA_VALIDATE_RET(input != NULL);
506 CAMELLIA_VALIDATE_RET(output != NULL);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]507
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]508 ((void)mode);
Paul Bakkerc2547b02009-07-20 20:40:52 +0000[diff] [blame]509
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]510 NR = ctx->nr;
511 RK = ctx->rk;
512
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]513 GET_UINT32_BE(X[0], input, 0);
514 GET_UINT32_BE(X[1], input, 4);
515 GET_UINT32_BE(X[2], input, 8);
516 GET_UINT32_BE(X[3], input, 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]517
518 X[0] ^= *RK++;
519 X[1] ^= *RK++;
520 X[2] ^= *RK++;
521 X[3] ^= *RK++;
522
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]523 while (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]524 --NR;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]525 camellia_feistel(X, RK, X + 2);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]526 RK += 2;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]527 camellia_feistel(X + 2, RK, X);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]528 RK += 2;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]529 camellia_feistel(X, RK, X + 2);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]530 RK += 2;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]531 camellia_feistel(X + 2, RK, X);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]532 RK += 2;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]533 camellia_feistel(X, RK, X + 2);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]534 RK += 2;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]535 camellia_feistel(X + 2, RK, X);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]536 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]537
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]538 if (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]539 FL(X[0], X[1], RK[0], RK[1]);
540 RK += 2;
541 FLInv(X[2], X[3], RK[0], RK[1]);
542 RK += 2;
543 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]544 }
545
546 X[2] ^= *RK++;
547 X[3] ^= *RK++;
548 X[0] ^= *RK++;
549 X[1] ^= *RK++;
550
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]551 PUT_UINT32_BE(X[2], output, 0);
552 PUT_UINT32_BE(X[3], output, 4);
553 PUT_UINT32_BE(X[0], output, 8);
554 PUT_UINT32_BE(X[1], output, 12);
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]555
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]556 return 0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]557}
558
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]559# if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]560/*
561 * Camellia-CBC buffer encryption/decryption
562 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]563int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
564 int mode,
565 size_t length,
566 unsigned char iv[16],
567 const unsigned char *input,
568 unsigned char *output)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]569{
570 int i;
571 unsigned char temp[16];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]572 CAMELLIA_VALIDATE_RET(ctx != NULL);
573 CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
574 mode == MBEDTLS_CAMELLIA_DECRYPT);
575 CAMELLIA_VALIDATE_RET(iv != NULL);
576 CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
577 CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]578
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]579 if (length % 16)
580 return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]581
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]582 if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
583 while (length > 0) {
584 memcpy(temp, input, 16);
585 mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]586
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]587 for (i = 0; i < 16; i++)
588 output[i] = (unsigned char)(output[i] ^ iv[i]);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]589
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]590 memcpy(iv, temp, 16);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]591
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]592 input += 16;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]593 output += 16;
594 length -= 16;
595 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]596 } else {
597 while (length > 0) {
598 for (i = 0; i < 16; i++)
599 output[i] = (unsigned char)(input[i] ^ iv[i]);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]600
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]601 mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
602 memcpy(iv, output, 16);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]603
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]604 input += 16;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]605 output += 16;
606 length -= 16;
607 }
608 }
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]609
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]610 return 0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]611}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]612# endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]613
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]614# if defined(MBEDTLS_CIPHER_MODE_CFB)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]615/*
616 * Camellia-CFB128 buffer encryption/decryption
617 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]618int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
619 int mode,
620 size_t length,
621 size_t *iv_off,
622 unsigned char iv[16],
623 const unsigned char *input,
624 unsigned char *output)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]625{
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]626 int c;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]627 size_t n;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]628 CAMELLIA_VALIDATE_RET(ctx != NULL);
629 CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT ||
630 mode == MBEDTLS_CAMELLIA_DECRYPT);
631 CAMELLIA_VALIDATE_RET(iv != NULL);
632 CAMELLIA_VALIDATE_RET(iv_off != NULL);
633 CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
634 CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]635
636 n = *iv_off;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]637 if (n >= 16)
638 return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]639
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]640 if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
641 while (length--) {
642 if (n == 0)
643 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv,
644 iv);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]645
646 c = *input++;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]647 *output++ = (unsigned char)(c ^ iv[n]);
648 iv[n] = (unsigned char)c;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]649
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]650 n = (n + 1) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]651 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]652 } else {
653 while (length--) {
654 if (n == 0)
655 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv,
656 iv);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]657
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]658 iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]659
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]660 n = (n + 1) & 0x0F;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]661 }
662 }
663
664 *iv_off = n;
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]665
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]666 return 0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]667}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]668# endif /* MBEDTLS_CIPHER_MODE_CFB */
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]669
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]670# if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]671/*
672 * Camellia-CTR buffer encryption/decryption
673 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]674int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
675 size_t length,
676 size_t *nc_off,
677 unsigned char nonce_counter[16],
678 unsigned char stream_block[16],
679 const unsigned char *input,
680 unsigned char *output)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]681{
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]682 int c, i;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]683 size_t n;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]684 CAMELLIA_VALIDATE_RET(ctx != NULL);
685 CAMELLIA_VALIDATE_RET(nonce_counter != NULL);
686 CAMELLIA_VALIDATE_RET(stream_block != NULL);
687 CAMELLIA_VALIDATE_RET(nc_off != NULL);
688 CAMELLIA_VALIDATE_RET(length == 0 || input != NULL);
689 CAMELLIA_VALIDATE_RET(length == 0 || output != NULL);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]690
691 n = *nc_off;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]692 if (n >= 16)
693 return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]694
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]695 while (length--) {
696 if (n == 0) {
697 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT,
698 nonce_counter, stream_block);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]699
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]700 for (i = 16; i > 0; i--)
701 if (++nonce_counter[i - 1] != 0)
Paul Bakker369e14b2012-04-18 14:16:09 +0000[diff] [blame]702 break;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]703 }
704 c = *input++;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]705 *output++ = (unsigned char)(c ^ stream_block[n]);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]706
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]707 n = (n + 1) & 0x0F;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]708 }
709
710 *nc_off = n;
711
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]712 return 0;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]713}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]714# endif /* MBEDTLS_CIPHER_MODE_CTR */
715# endif /* !MBEDTLS_CAMELLIA_ALT */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]716
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]717# if defined(MBEDTLS_SELF_TEST)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]718
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]719/*
720 * Camellia test vectors from:
721 *
722 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
723 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
724 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]725 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]726 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]727# define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]728
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]729static const unsigned char
730 camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = {
731 { { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba,
732 0x98, 0x76, 0x54, 0x32, 0x10 },
733 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
734 0x00, 0x00, 0x00, 0x00, 0x00 } },
735 { { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
736 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
737 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
738 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
739 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
740 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
741 { { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba,
742 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
743 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
744 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
745 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
746 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
747 };
748
749static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = {
750 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98,
751 0x76, 0x54, 0x32, 0x10 },
752 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
753 0x00, 0x00, 0x00, 0x00 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]754};
755
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]756static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = {
757 { { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 0x08, 0x57, 0x06, 0x56,
758 0x48, 0xea, 0xbe, 0x43 },
759 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, 0x25, 0xCD, 0x47, 0x0B,
760 0xF7, 0x74, 0xA3, 0x31 } },
761 { { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 0x4e, 0xe5, 0xce, 0xe7,
762 0xd7, 0x9b, 0x09, 0xb9 },
763 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, 0x30, 0xBF, 0xF2, 0xA5,
764 0x6F, 0x7C, 0x93, 0x64 } },
765 { { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91,
766 0x9e, 0x3a, 0x75, 0x09 },
767 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, 0xF4, 0x5D, 0x8C, 0xDE,
768 0xEE, 0x47, 0x43, 0x35 } }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]769};
770
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]771# if defined(MBEDTLS_CIPHER_MODE_CBC)
772# define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]773
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]774static const unsigned char camellia_test_cbc_key[3][32] = {
775 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
776 0x09, 0xCF, 0x4F, 0x3C },
777 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 0xC8, 0x10, 0xF3, 0x2B,
778 0x80, 0x90, 0x79, 0xE5, 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
779 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 0x2B, 0x73, 0xAE,
780 0xF0, 0x85, 0x7D, 0x77, 0x81, 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61,
781 0x08, 0xD7, 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]782};
783
784static const unsigned char camellia_test_cbc_iv[16] =
785
786 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]787 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]788
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]789static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = {
790 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
791 0x73, 0x93, 0x17, 0x2A },
792 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 0x9E, 0xB7, 0x6F, 0xAC,
793 0x45, 0xAF, 0x8E, 0x51 },
794 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 0xE5, 0xFB, 0xC1, 0x19,
795 0x1A, 0x0A, 0x52, 0xEF }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]796
797};
798
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]799static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = {
800 { { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, 0x0D, 0xAE, 0xB0, 0xB5,
801 0x03, 0xC8, 0x31, 0xAB },
802 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, 0x40, 0xC5, 0xA5, 0xDF,
803 0xB5, 0x07, 0x48, 0x87 },
804 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, 0x5A, 0x63, 0x58, 0x63,
805 0x62, 0x54, 0x3E, 0x54 } },
806 { { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, 0x40, 0x59, 0x55, 0xFD,
807 0x21, 0x95, 0xCF, 0x93 },
808 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, 0x64, 0xF8, 0x92, 0xA6,
809 0xDD, 0x2E, 0xC3, 0xD5 },
810 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, 0x84, 0xE3, 0x10, 0xAD,
811 0xDF, 0x68, 0xC4, 0x49 } },
812 { { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, 0x4D, 0x2C, 0x0B, 0x67,
813 0x37, 0xAC, 0x3E, 0xDA },
814 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, 0x70, 0xB1, 0xB7, 0xDE,
815 0x2B, 0x21, 0xEB, 0x50 },
816 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, 0x33, 0x30, 0xCD, 0xF1,
817 0xB1, 0x86, 0x0A, 0x83 } }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]818};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]819# endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]820
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]821# if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]822/*
823 * Camellia-CTR test vectors from:
824 *
825 * http://www.faqs.org/rfcs/rfc5528.html
826 */
827
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]828static const unsigned char camellia_test_ctr_key[3][16] = {
829 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 0x4B, 0xF7, 0xA5, 0x76,
830 0x55, 0x77, 0xF3, 0x9E },
831 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 0x43, 0xD6, 0xCE, 0x1F,
832 0x32, 0x53, 0x91, 0x63 },
833 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 0xAC, 0x6E, 0x61, 0x85,
834 0x29, 0xF9, 0xA0, 0xDC }
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]835};
836
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]837static const unsigned char camellia_test_ctr_nonce_counter[3][16] = {
838 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
839 0x00, 0x00, 0x00, 0x01 },
840 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 0xDA, 0x48, 0xD9, 0x0B,
841 0x00, 0x00, 0x00, 0x01 },
842 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 0x4A, 0x17, 0x86, 0xF0,
843 0x00, 0x00, 0x00, 0x01 }
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]844};
845
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]846static const unsigned char camellia_test_ctr_pt[3][48] = {
847 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 0x6C, 0x6F, 0x63, 0x6B,
848 0x20, 0x6D, 0x73, 0x67 },
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]849
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]850 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
851 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
852 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]853
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]854 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
855 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
856 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23 }
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]857};
858
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]859static const unsigned char camellia_test_ctr_ct[3][48] = {
860 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, 0x20, 0x87, 0x7C, 0x76,
861 0xDB, 0x1F, 0x0B, 0x3F },
862 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, 0xDA, 0x7C, 0x90,
863 0x77, 0x65, 0xBB, 0xCB, 0x44, 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0,
864 0xDC, 0xA7, 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
865 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, 0x2F, 0x84, 0x9C, 0xE2,
866 0x4D, 0x85, 0xCF, 0x73, 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
867 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, 0xDF, 0x50, 0x86, 0x96 }
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]868};
869
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]870static const int camellia_test_ctr_len[3] = { 16, 32, 36 };
871# endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]872
873/*
874 * Checkup routine
875 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]876int mbedtls_camellia_self_test(int verbose)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]877{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]878 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]879 unsigned char key[32];
880 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]881 unsigned char src[16];
882 unsigned char dst[16];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]883# if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]884 unsigned char iv[16];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]885# endif
886# if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakker1ef71df2011-06-09 14:14:58 +0000[diff] [blame]887 size_t offset, len;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]888 unsigned char nonce_counter[16];
889 unsigned char stream_block[16];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]890# endif
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]891 int ret = 1;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]892
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]893 mbedtls_camellia_context ctx;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]894
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]895 mbedtls_camellia_init(&ctx);
896 memset(key, 0, 32);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]897
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]898 for (j = 0; j < 6; j++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]899 u = j >> 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]900 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]901
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]902 if (verbose != 0)
903 mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
904 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]905
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]906 for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
907 memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]908
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]909 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
910 mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
911 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
912 memcpy(dst, camellia_test_ecb_plain[i], 16);
913 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
914 mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
915 memcpy(src, camellia_test_ecb_plain[i], 16);
916 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
917 }
918
919 mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
920
921 if (memcmp(buf, dst, 16) != 0) {
922 if (verbose != 0)
923 mbedtls_printf("failed\n");
924 goto exit;
925 }
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]926 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]927
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]928 if (verbose != 0)
929 mbedtls_printf("passed\n");
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]930 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]931
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]932 if (verbose != 0)
933 mbedtls_printf("\n");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]934
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]935# if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]936 /*
937 * CBC mode
938 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]939 for (j = 0; j < 6; j++) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]940 u = j >> 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]941 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]942
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]943 if (verbose != 0)
944 mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
945 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]946
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]947 memcpy(src, camellia_test_cbc_iv, 16);
948 memcpy(dst, camellia_test_cbc_iv, 16);
949 memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]950
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]951 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
952 mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]953 } else {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]954 mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]955 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]956
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]957 for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
958 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
959 memcpy(iv, src, 16);
960 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
961 memcpy(dst, camellia_test_cbc_plain[i], 16);
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]962 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]963 memcpy(iv, dst, 16);
964 memcpy(src, camellia_test_cbc_plain[i], 16);
965 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]966 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]967
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]968 mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]969
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]970 if (memcmp(buf, dst, 16) != 0) {
971 if (verbose != 0)
972 mbedtls_printf("failed\n");
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]973 goto exit;
Janos Follath98e28a72016-05-31 14:03:54 +0100[diff] [blame]974 }
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame]975 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]976
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]977 if (verbose != 0)
978 mbedtls_printf("passed\n");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]979 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]980# endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]981
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]982 if (verbose != 0)
983 mbedtls_printf("\n");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]984
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]985# if defined(MBEDTLS_CIPHER_MODE_CTR)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]986 /*
987 * CTR mode
988 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]989 for (i = 0; i < 6; i++) {
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]990 u = i >> 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]991 v = i & 1;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]992
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]993 if (verbose != 0)
994 mbedtls_printf(" CAMELLIA-CTR-128 (%s): ",
995 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]996
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]997 memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
998 memcpy(key, camellia_test_ctr_key[u], 16);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]999
1000 offset = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1001 mbedtls_camellia_setkey_enc(&ctx, key, 128);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1002
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1003 if (v == MBEDTLS_CAMELLIA_DECRYPT) {
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1004 len = camellia_test_ctr_len[u];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1005 memcpy(buf, camellia_test_ctr_ct[u], len);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1006
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1007 mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter,
1008 stream_block, buf, buf);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1009
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1010 if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1011 if (verbose != 0)
1012 mbedtls_printf("failed\n");
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]1013 goto exit;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1014 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1015 } else {
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1016 len = camellia_test_ctr_len[u];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1017 memcpy(buf, camellia_test_ctr_pt[u], len);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1018
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1019 mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter,
1020 stream_block, buf, buf);
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1021
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1022 if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1023 if (verbose != 0)
1024 mbedtls_printf("failed\n");
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]1025 goto exit;
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1026 }
1027 }
1028
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1029 if (verbose != 0)
1030 mbedtls_printf("passed\n");
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1031 }
1032
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1033 if (verbose != 0)
1034 mbedtls_printf("\n");
1035# endif /* MBEDTLS_CIPHER_MODE_CTR */
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]1036
Gilles Peskinec537aa82021-05-25 09:17:46 +0200[diff] [blame]1037 ret = 0;
1038
1039exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1040 mbedtls_camellia_free(&ctx);
1041 return ret;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1042}
1043
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1044# endif /* MBEDTLS_SELF_TEST */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1045
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1046#endif /* MBEDTLS_CAMELLIA_C */