TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c81f6c3f0614d614cb6b949b5b0c7dc00df1d4f7 / . / library / camellia.c
blob: 1255fa0ad2bca8cb7c819c5c14eb1c64023890d0 [file] [log] [blame]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]1/*
2 * Camellia implementation
3 *
Paul Bakker785a9ee2009-01-25 14:15:10 +0000[diff] [blame]4 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20/*
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]21 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
22 * Corporation.
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]23 *
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]24 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]25 */
26
27#include "polarssl/config.h"
28
29#if defined(POLARSSL_CAMELLIA_C)
30
31#include "polarssl/camellia.h"
32
33#include <string.h>
34
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]35/*
36 * 32-bit integer manipulation macros (big endian)
37 */
38#ifndef GET_ULONG_BE
39#define GET_ULONG_BE(n,b,i) \
40{ \
41 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]42 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
43 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
44 | ( (unsigned long) (b)[(i) + 3] ); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]45}
46#endif
47
48#ifndef PUT_ULONG_BE
49#define PUT_ULONG_BE(n,b,i) \
50{ \
51 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
52 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
53 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
54 (b)[(i) + 3] = (unsigned char) ( (n) ); \
55}
56#endif
57
58static const unsigned char SIGMA_CHARS[6][8] =
59{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]60 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
61 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
62 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
63 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
64 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
65 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]66};
67
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]68#ifdef POLARSSL_CAMELLIA_SMALL_MEMORY
69
70static const unsigned char FSb[256] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]71{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]72 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
73 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
74 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
75 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
76 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
77 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
78 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
79 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
80 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
81 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
82 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
83 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
84 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
85 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
86 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
87 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]88};
89
90#define SBOX1(n) FSb[(n)]
91#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
92#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]93#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
94
95#else
96
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]97static const unsigned char FSb[256] =
98{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]99 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
100 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
101 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
102 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
103 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
104 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
105 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
106 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
107 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
108 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
109 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
110 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
111 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
112 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
113 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
114 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]115};
116
117static const unsigned char FSb2[256] =
118{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]119 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
120 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
121 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
122 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
123 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
124 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
125 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
126 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
127 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
128 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
129 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
130 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
131 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
132 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
133 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
134 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]135};
136
137static const unsigned char FSb3[256] =
138{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]139 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
140 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
141 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
142 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
143 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
144 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
145 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
146 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
147 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
148 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
149 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
150 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
151 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
152 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
153 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
154 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]155};
156
157static const unsigned char FSb4[256] =
158{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]159 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
160 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
161 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
162 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
163 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
164 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
165 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
166 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
167 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
168 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
169 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
170 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
171 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
172 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
173 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
174 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]175};
176
177#define SBOX1(n) FSb[(n)]
178#define SBOX2(n) FSb2[(n)]
179#define SBOX3(n) FSb3[(n)]
180#define SBOX4(n) FSb4[(n)]
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]181
Paul Bakkerfa049db2009-01-12 22:12:03 +0000[diff] [blame]182#endif
183
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]184static const unsigned char shifts[2][4][4] =
185{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]186 {
187 { 1, 1, 1, 1 }, /* KL */
188 { 0, 0, 0, 0 }, /* KR */
189 { 1, 1, 1, 1 }, /* KA */
190 { 0, 0, 0, 0 } /* KB */
191 },
192 {
193 { 1, 0, 1, 1 }, /* KL */
194 { 1, 1, 0, 1 }, /* KR */
195 { 1, 1, 1, 0 }, /* KA */
196 { 1, 1, 0, 1 } /* KB */
197 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]198};
199
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]200static const signed char indexes[2][4][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]201{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]202 {
203 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
204 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
205 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
206 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
207 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
208 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
209 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
210 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
211 },
212 {
213 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
214 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
215 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
216 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
217 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
218 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
219 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
220 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
221 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]222};
223
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]224static const signed char transposes[2][20] =
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]225{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]226 {
227 21, 22, 23, 20,
228 -1, -1, -1, -1,
229 18, 19, 16, 17,
230 11, 8, 9, 10,
231 15, 12, 13, 14
232 },
233 {
234 25, 26, 27, 24,
235 29, 30, 31, 28,
236 18, 19, 16, 17,
237 -1, -1, -1, -1,
238 -1, -1, -1, -1
239 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]240};
241
Paul Bakkerc32c6b52009-01-11 21:36:43 +0000[diff] [blame]242/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]243#define ROTL(DEST, SRC, SHIFT) \
244{ \
245 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
246 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
247 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
248 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]249}
250
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]251#define FL(XL, XR, KL, KR) \
252{ \
253 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
254 (XL) = ((XR) | (KR)) ^ (XL); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]255}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]256
257#define FLInv(YL, YR, KL, KR) \
258{ \
259 (YL) = ((YR) | (KR)) ^ (YL); \
260 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]261}
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]262
263#define SHIFT_AND_PLACE(INDEX, OFFSET) \
264{ \
265 TK[0] = KC[(OFFSET) * 4 + 0]; \
266 TK[1] = KC[(OFFSET) * 4 + 1]; \
267 TK[2] = KC[(OFFSET) * 4 + 2]; \
268 TK[3] = KC[(OFFSET) * 4 + 3]; \
269 \
270 for ( i = 1; i <= 4; i++ ) \
271 if (shifts[(INDEX)][(OFFSET)][i -1]) \
272 ROTL(TK + i * 4, TK, (15 * i) % 32); \
273 \
274 for ( i = 0; i < 20; i++ ) \
275 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
276 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
277 } \
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]278}
279
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]280static void camellia_feistel(uint32_t x[2], uint32_t k[2], uint32_t z[2])
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]281{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]282 uint32_t I0, I1;
283 I0 = x[0] ^ k[0];
284 I1 = x[1] ^ k[1];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]285
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]286 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
287 (SBOX2((I0 >> 16) & 0xFF) << 16) |
288 (SBOX3((I0 >> 8) & 0xFF) << 8) |
289 (SBOX4((I0 ) & 0xFF) );
290 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
291 (SBOX3((I1 >> 16) & 0xFF) << 16) |
292 (SBOX4((I1 >> 8) & 0xFF) << 8) |
293 (SBOX1((I1 ) & 0xFF) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]294
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]295 I0 ^= (I1 << 8) | (I1 >> 24);
296 I1 ^= (I0 << 16) | (I0 >> 16);
297 I0 ^= (I1 >> 8) | (I1 << 24);
298 I1 ^= (I0 >> 8) | (I0 << 24);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]299
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]300 z[0] ^= I1;
301 z[1] ^= I0;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]302}
303
304/*
305 * Camellia key schedule (encryption)
306 */
307void camellia_setkey_enc( camellia_context *ctx, unsigned char *key, int keysize )
308{
309 int i, idx;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]310 uint32_t *RK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]311 unsigned char t[64];
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]312 uint32_t SIGMA[6][2];
313 uint32_t KC[16];
314 uint32_t TK[20];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]315
316 RK = ctx->rk;
317
318 memset(t, 0, 64);
319 memset(RK, 0, sizeof(ctx->rk));
320
321 switch( keysize )
322 {
323 case 128: ctx->nr = 3; idx = 0; break;
324 case 192:
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]325 case 256: ctx->nr = 4; idx = 1; break;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]326 default : return;
327 }
328
329 for( i = 0; i < keysize / 8; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]330 t[i] = key[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]331
332 if (keysize == 192) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]333 for (i = 0; i < 8; i++)
334 t[24 + i] = ~t[16 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]335 }
336
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]337 /*
338 * Prepare SIGMA values
339 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]340 for (i = 0; i < 6; i++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]341 GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
342 GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]343 }
344
345 /*
346 * Key storage in KC
347 * Order: KL, KR, KA, KB
348 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]349 memset(KC, 0, sizeof(KC));
350
351 /* Store KL, KR */
352 for (i = 0; i < 8; i++)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]353 GET_ULONG_BE(KC[i], t, i * 4);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]354
355 /* Generate KA */
356 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]357 KC[8 + i] = KC[i] ^ KC[4 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]358
359 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
360 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
361
362 for( i = 0; i < 4; ++i)
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]363 KC[8 + i] ^= KC[i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]364
365 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
366 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
367
368 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]369 /* Generate KB */
370 for( i = 0; i < 4; ++i)
371 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]372
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]373 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
374 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]375 }
376
377 /*
378 * Generating subkeys
379 */
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]380
381 /* Manipulating KL */
382 SHIFT_AND_PLACE(idx, 0);
383
384 /* Manipulating KR */
385 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]386 SHIFT_AND_PLACE(idx, 1);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]387 }
388
389 /* Manipulating KA */
390 SHIFT_AND_PLACE(idx, 2);
391
392 /* Manipulating KB */
393 if (keysize > 128) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]394 SHIFT_AND_PLACE(idx, 3);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]395 }
396
397 /* Do transpositions */
398 for ( i = 0; i < 20; i++ ) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]399 if (transposes[idx][i] != -1) {
400 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
401 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]402 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]403}
404
405/*
406 * Camellia key schedule (decryption)
407 */
408void camellia_setkey_dec( camellia_context *ctx, unsigned char *key, int keysize )
409{
410 int i, idx;
411 camellia_context cty;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]412 uint32_t *RK;
413 uint32_t *SK;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]414
415 switch( keysize )
416 {
417 case 128: ctx->nr = 3; idx = 0; break;
418 case 192:
419 case 256: ctx->nr = 4; idx = 1; break;
420 default : return;
421 }
422
423 RK = ctx->rk;
424
425 camellia_setkey_enc(&cty, key, keysize);
426
427 SK = cty.rk + 24 * 2 + 8 * idx * 2;
428
429 *RK++ = *SK++;
430 *RK++ = *SK++;
431 *RK++ = *SK++;
432 *RK++ = *SK++;
433
434 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
435 {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]436 *RK++ = *SK++;
437 *RK++ = *SK++;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]438 }
439
440 SK -= 2;
441
442 *RK++ = *SK++;
443 *RK++ = *SK++;
444 *RK++ = *SK++;
445 *RK++ = *SK++;
446
447 memset( &cty, 0, sizeof( camellia_context ) );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]448}
449
450/*
451 * Camellia-ECB block encryption/decryption
452 */
453void camellia_crypt_ecb( camellia_context *ctx,
454 int mode,
455 unsigned char input[16],
456 unsigned char output[16] )
457{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]458 int NR;
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]459 uint32_t *RK, X[4];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]460
461 NR = ctx->nr;
462 RK = ctx->rk;
463
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]464 GET_ULONG_BE( X[0], input, 0 );
465 GET_ULONG_BE( X[1], input, 4 );
466 GET_ULONG_BE( X[2], input, 8 );
467 GET_ULONG_BE( X[3], input, 12 );
468
469 X[0] ^= *RK++;
470 X[1] ^= *RK++;
471 X[2] ^= *RK++;
472 X[3] ^= *RK++;
473
474 while (NR) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]475 --NR;
476 camellia_feistel(X, RK, X + 2);
477 RK += 2;
478 camellia_feistel(X + 2, RK, X);
479 RK += 2;
480 camellia_feistel(X, RK, X + 2);
481 RK += 2;
482 camellia_feistel(X + 2, RK, X);
483 RK += 2;
484 camellia_feistel(X, RK, X + 2);
485 RK += 2;
486 camellia_feistel(X + 2, RK, X);
487 RK += 2;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]488
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]489 if (NR) {
490 FL(X[0], X[1], RK[0], RK[1]);
491 RK += 2;
492 FLInv(X[2], X[3], RK[0], RK[1]);
493 RK += 2;
494 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]495 }
496
497 X[2] ^= *RK++;
498 X[3] ^= *RK++;
499 X[0] ^= *RK++;
500 X[1] ^= *RK++;
501
502 PUT_ULONG_BE( X[2], output, 0 );
503 PUT_ULONG_BE( X[3], output, 4 );
504 PUT_ULONG_BE( X[0], output, 8 );
505 PUT_ULONG_BE( X[1], output, 12 );
506}
507
508/*
509 * Camellia-CBC buffer encryption/decryption
510 */
511void camellia_crypt_cbc( camellia_context *ctx,
512 int mode,
513 int length,
514 unsigned char iv[16],
515 unsigned char *input,
516 unsigned char *output )
517{
518 int i;
519 unsigned char temp[16];
520
521 if( mode == CAMELLIA_DECRYPT )
522 {
523 while( length > 0 )
524 {
525 memcpy( temp, input, 16 );
526 camellia_crypt_ecb( ctx, mode, input, output );
527
528 for( i = 0; i < 16; i++ )
529 output[i] = (unsigned char)( output[i] ^ iv[i] );
530
531 memcpy( iv, temp, 16 );
532
533 input += 16;
534 output += 16;
535 length -= 16;
536 }
537 }
538 else
539 {
540 while( length > 0 )
541 {
542 for( i = 0; i < 16; i++ )
543 output[i] = (unsigned char)( input[i] ^ iv[i] );
544
545 camellia_crypt_ecb( ctx, mode, output, output );
546 memcpy( iv, output, 16 );
547
548 input += 16;
549 output += 16;
550 length -= 16;
551 }
552 }
553}
554
555/*
556 * Camellia-CFB128 buffer encryption/decryption
557 */
558void camellia_crypt_cfb128( camellia_context *ctx,
559 int mode,
560 int length,
561 int *iv_off,
562 unsigned char iv[16],
563 unsigned char *input,
564 unsigned char *output )
565{
566 int c, n = *iv_off;
567
568 if( mode == CAMELLIA_DECRYPT )
569 {
570 while( length-- )
571 {
572 if( n == 0 )
573 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
574
575 c = *input++;
576 *output++ = (unsigned char)( c ^ iv[n] );
577 iv[n] = (unsigned char) c;
578
579 n = (n + 1) & 0x0F;
580 }
581 }
582 else
583 {
584 while( length-- )
585 {
586 if( n == 0 )
587 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
588
589 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
590
591 n = (n + 1) & 0x0F;
592 }
593 }
594
595 *iv_off = n;
596}
597
598#if defined(POLARSSL_SELF_TEST)
599
600#include <stdio.h>
601
602/*
603 * Camellia test vectors from:
604 *
605 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
606 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
607 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]608 * (For each bitlength: Key 0, Nr 39)
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]609 */
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]610#define CAMELLIA_TESTS_ECB 2
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]611
612static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
613{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]614 {
615 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
616 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
617 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
619 },
620 {
621 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
622 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
623 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
624 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
626 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
627 },
628 {
629 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
630 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
631 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
632 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
633 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
634 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
637 },
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]638};
639
640static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
641{
642 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
643 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
644 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
645 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
646};
647
648static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
649{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]650 {
651 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
652 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
653 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
654 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
655 },
656 {
657 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
658 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
659 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
660 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
661 },
662 {
663 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
664 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
665 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
666 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
667 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]668};
669
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]670#define CAMELLIA_TESTS_CBC 3
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]671
672static const unsigned char camellia_test_cbc_key[3][32] =
673{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]674 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
675 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
676 ,
677 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
678 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
679 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
680 ,
681 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
682 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
683 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
684 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]685};
686
687static const unsigned char camellia_test_cbc_iv[16] =
688
689 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
690 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
691;
692
693static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
694{
695 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
696 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
697 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
698 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
699 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
700 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
701
702};
703
704static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
705{
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]706 {
707 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
708 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
709 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
710 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
711 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
712 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
713 },
714 {
715 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
716 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
717 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
718 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
719 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
720 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
721 },
722 {
723 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
724 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
725 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
726 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
727 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
728 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
729 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]730};
731
732
733/*
734 * Checkup routine
735 */
736int camellia_self_test( int verbose )
737{
Paul Bakker026c03b2009-03-28 17:53:03 +0000[diff] [blame]738 int i, j, u, v;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]739 unsigned char key[32];
740 unsigned char buf[64];
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]741 unsigned char src[16];
742 unsigned char dst[16];
743 unsigned char iv[16];
744 camellia_context ctx;
745
746 memset( key, 0, 32 );
747
748 for (j = 0; j < 6; j++) {
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]749 u = j >> 1;
750 v = j & 1;
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]751
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]752 if( verbose != 0 )
753 printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
754 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]755
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]756 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
757 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]758
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]759 if (v == CAMELLIA_DECRYPT) {
760 camellia_setkey_dec(&ctx, key, 128 + u * 64);
761 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
762 memcpy(dst, camellia_test_ecb_plain[i], 16);
763 } else { /* CAMELLIA_ENCRYPT */
764 camellia_setkey_enc(&ctx, key, 128 + u * 64);
765 memcpy(src, camellia_test_ecb_plain[i], 16);
766 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
767 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]768
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]769 camellia_crypt_ecb(&ctx, v, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]770
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]771 if( memcmp( buf, dst, 16 ) != 0 )
772 {
773 if( verbose != 0 )
774 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]775
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]776 return( 1 );
777 }
778 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]779
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]780 if( verbose != 0 )
781 printf( "passed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]782 }
783
784 if( verbose != 0 )
785 printf( "\n" );
786
787 /*
788 * CBC mode
789 */
790 for( j = 0; j < 6; j++ )
791 {
792 u = j >> 1;
793 v = j & 1;
794
795 if( verbose != 0 )
796 printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
797 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
798
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]799 memcpy( src, camellia_test_cbc_iv, 16);
800 memcpy( dst, camellia_test_cbc_iv, 16);
801 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]802
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]803 if (v == CAMELLIA_DECRYPT) {
804 camellia_setkey_dec(&ctx, key, 128 + u * 64);
805 } else {
806 camellia_setkey_enc(&ctx, key, 128 + u * 64);
807 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]808
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]809 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]810
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]811 if (v == CAMELLIA_DECRYPT) {
812 memcpy( iv , src, 16 );
813 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
814 memcpy(dst, camellia_test_cbc_plain[i], 16);
815 } else { /* CAMELLIA_ENCRYPT */
816 memcpy( iv , dst, 16 );
817 memcpy(src, camellia_test_cbc_plain[i], 16);
818 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
819 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]820
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]821 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]822
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]823 if( memcmp( buf, dst, 16 ) != 0 )
824 {
825 if( verbose != 0 )
826 printf( "failed\n" );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]827
Paul Bakkerc81f6c32009-05-03 13:09:15 +0000[diff] [blame^]828 return( 1 );
829 }
830 }
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]831
832 if( verbose != 0 )
833 printf( "passed\n" );
834 }
835
836 if( verbose != 0 )
837 printf( "\n" );
838
839 return ( 0 );
Paul Bakker38119b12009-01-10 23:31:23 +0000[diff] [blame]840}
841
842#endif
843
844#endif