CoCalc -- camellia.c

GitHub Repository: godotengine/godot
Path: blob/master/thirdparty/mbedtls/library/camellia.c
⁹⁸⁹⁸ views
1
/*
2
 *  Camellia implementation
3
 *
4
 *  Copyright The Mbed TLS Contributors
5
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
 */
7
/*
8
 *  The Camellia block cipher was designed by NTT and Mitsubishi Electric
9
 *  Corporation.
10
 *
11
 *  http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
12
 */
13

14
#include "common.h"
15

16
#if defined(MBEDTLS_CAMELLIA_C)
17

18
#include "mbedtls/camellia.h"
19
#include "mbedtls/platform_util.h"
20

21
#include <string.h>
22

23
#include "mbedtls/platform.h"
24

25
#if !defined(MBEDTLS_CAMELLIA_ALT)
26

27
static const unsigned char SIGMA_CHARS[6][8] =
28
{
29
    { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
30
    { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
31
    { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
32
    { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
33
    { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
34
    { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
35
};
36

37
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
38

39
static const unsigned char FSb[256] =
40
{
41
    112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
42
    35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
43
    134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
44
    166, 225, 57, 202, 213, 71, 93, 61, 217,  1, 90, 214, 81, 86, 108, 77,
45
    139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
46
    223, 76, 203, 194, 52, 126, 118,  5, 109, 183, 169, 49, 209, 23,  4, 215,
47
    20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
48
    254, 68, 207, 178, 195, 181, 122, 145, 36,  8, 232, 168, 96, 252, 105, 80,
49
    170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
50
    16, 196,  0, 72, 163, 247, 117, 219, 138,  3, 230, 218,  9, 63, 221, 148,
51
    135, 92, 131,  2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
52
    82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
53
    233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
54
    120, 152,  6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
55
    114,  7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
56
    64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
57
};
58

59
#define SBOX1(n) FSb[(n)]
60
#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
61
#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
62
#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
63

64
#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
65

66
static const unsigned char FSb[256] =
67
{
68
    112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
69
    35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
70
    134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
71
    166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
72
    139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
73
    223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
74
    20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
75
    254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
76
    170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
77
    16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
78
    135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
79
    82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
80
    233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
81
    120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
82
    114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
83
    64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
84
};
85

86
static const unsigned char FSb2[256] =
87
{
88
    224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
89
    70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
90
    13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
91
    77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
92
    23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
93
    191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
94
    40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
95
    253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
96
    85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
97
    32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
98
    15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
99
    164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
100
    211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
101
    240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
102
    228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
103
    128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
104
};
105

106
static const unsigned char FSb3[256] =
107
{
108
    56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
109
    145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
110
    67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
111
    83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
112
    197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
113
    239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
114
    10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
115
    127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
116
    85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
117
    8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
118
    195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
119
    41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
120
    244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
121
    60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
122
    57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
123
    32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
124
};
125

126
static const unsigned char FSb4[256] =
127
{
128
    112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
129
    134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
130
    139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
131
    20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
132
    170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
133
    135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
134
    233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
135
    114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
136
    130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
137
    184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
138
    13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
139
    88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
140
    208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
141
    92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
142
    121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
143
    7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
144
};
145

146
#define SBOX1(n) FSb[(n)]
147
#define SBOX2(n) FSb2[(n)]
148
#define SBOX3(n) FSb3[(n)]
149
#define SBOX4(n) FSb4[(n)]
150

151
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
152

153
static const unsigned char shifts[2][4][4] =
154
{
155
    {
156
        { 1, 1, 1, 1 }, /* KL */
157
        { 0, 0, 0, 0 }, /* KR */
158
        { 1, 1, 1, 1 }, /* KA */
159
        { 0, 0, 0, 0 }  /* KB */
160
    },
161
    {
162
        { 1, 0, 1, 1 }, /* KL */
163
        { 1, 1, 0, 1 }, /* KR */
164
        { 1, 1, 1, 0 }, /* KA */
165
        { 1, 1, 0, 1 }  /* KB */
166
    }
167
};
168

169
static const signed char indexes[2][4][20] =
170
{
171
    {
172
        {  0,  1,  2,  3,  8,  9, 10, 11, 38, 39,
173
           36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
174
        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
175
          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
176
        {  4,  5,  6,  7, 12, 13, 14, 15, 16, 17,
177
           18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
178
        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
179
          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }  /* KB -> RK */
180
    },
181
    {
182
        {  0,  1,  2,  3, 61, 62, 63, 60, -1, -1,
183
           -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
184
        { -1, -1, -1, -1,  8,  9, 10, 11, 16, 17,
185
          18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
186
        { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
187
          56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
188
        {  4,  5,  6,  7, 65, 66, 67, 64, 20, 21,
189
           22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
190
    }
191
};
192

193
static const signed char transposes[2][20] =
194
{
195
    {
196
        21, 22, 23, 20,
197
        -1, -1, -1, -1,
198
        18, 19, 16, 17,
199
        11,  8,  9, 10,
200
        15, 12, 13, 14
201
    },
202
    {
203
        25, 26, 27, 24,
204
        29, 30, 31, 28,
205
        18, 19, 16, 17,
206
        -1, -1, -1, -1,
207
        -1, -1, -1, -1
208
    }
209
};
210

211
/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
212
#define ROTL(DEST, SRC, SHIFT)                                      \
213
    {                                                                   \
214
        (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
215
        (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
216
        (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
217
        (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
218
    }
219

220
#define FL(XL, XR, KL, KR)                                          \
221
    {                                                                   \
222
        (XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR);   \
223
        (XL) = ((XR) | (KR)) ^ (XL);                                    \
224
    }
225

226
#define FLInv(YL, YR, KL, KR)                                       \
227
    {                                                                   \
228
        (YL) = ((YR) | (KR)) ^ (YL);                                    \
229
        (YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR);   \
230
    }
231

232
#define SHIFT_AND_PLACE(INDEX, OFFSET)                      \
233
    {                                                           \
234
        TK[0] = KC[(OFFSET) * 4 + 0];                           \
235
        TK[1] = KC[(OFFSET) * 4 + 1];                           \
236
        TK[2] = KC[(OFFSET) * 4 + 2];                           \
237
        TK[3] = KC[(OFFSET) * 4 + 3];                           \
238
                                                            \
239
        for (i = 1; i <= 4; i++)                               \
240
        if (shifts[(INDEX)][(OFFSET)][i -1])               \
241
        ROTL(TK + i * 4, TK, (15 * i) % 32);          \
242
                                                            \
243
        for (i = 0; i < 20; i++)                               \
244
        if (indexes[(INDEX)][(OFFSET)][i] != -1) {         \
245
            RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i];    \
246
        }                                                   \
247
    }
248

249
static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
250
                             uint32_t z[2])
251
{
252
    uint32_t I0, I1;
253
    I0 = x[0] ^ k[0];
254
    I1 = x[1] ^ k[1];
255

256
    I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) |
257
         ((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) |
258
         ((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) <<  8) |
259
         ((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
260
    I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) |
261
         ((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) |
262
         ((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) <<  8) |
263
         ((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
264

265
    I0 ^= (I1 << 8) | (I1 >> 24);
266
    I1 ^= (I0 << 16) | (I0 >> 16);
267
    I0 ^= (I1 >> 8) | (I1 << 24);
268
    I1 ^= (I0 >> 8) | (I0 << 24);
269

270
    z[0] ^= I1;
271
    z[1] ^= I0;
272
}
273

274
void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
275
{
276
    memset(ctx, 0, sizeof(mbedtls_camellia_context));
277
}
278

279
void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
280
{
281
    if (ctx == NULL) {
282
        return;
283
    }
284

285
    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
286
}
287

288
/*
289
 * Camellia key schedule (encryption)
290
 */
291
int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
292
                                const unsigned char *key,
293
                                unsigned int keybits)
294
{
295
    int idx;
296
    size_t i;
297
    uint32_t *RK;
298
    unsigned char t[64];
299
    uint32_t SIGMA[6][2];
300
    uint32_t KC[16];
301
    uint32_t TK[20];
302

303
    RK = ctx->rk;
304

305
    memset(t, 0, 64);
306
    memset(RK, 0, sizeof(ctx->rk));
307

308
    switch (keybits) {
309
        case 128: ctx->nr = 3; idx = 0; break;
310
        case 192:
311
        case 256: ctx->nr = 4; idx = 1; break;
312
        default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
313
    }
314

315
    for (i = 0; i < keybits / 8; ++i) {
316
        t[i] = key[i];
317
    }
318

319
    if (keybits == 192) {
320
        for (i = 0; i < 8; i++) {
321
            t[24 + i] = ~t[16 + i];
322
        }
323
    }
324

325
    /*
326
     * Prepare SIGMA values
327
     */
328
    for (i = 0; i < 6; i++) {
329
        SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
330
        SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
331
    }
332

333
    /*
334
     * Key storage in KC
335
     * Order: KL, KR, KA, KB
336
     */
337
    memset(KC, 0, sizeof(KC));
338

339
    /* Store KL, KR */
340
    for (i = 0; i < 8; i++) {
341
        KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
342
    }
343

344
    /* Generate KA */
345
    for (i = 0; i < 4; ++i) {
346
        KC[8 + i] = KC[i] ^ KC[4 + i];
347
    }
348

349
    camellia_feistel(KC + 8, SIGMA[0], KC + 10);
350
    camellia_feistel(KC + 10, SIGMA[1], KC + 8);
351

352
    for (i = 0; i < 4; ++i) {
353
        KC[8 + i] ^= KC[i];
354
    }
355

356
    camellia_feistel(KC + 8, SIGMA[2], KC + 10);
357
    camellia_feistel(KC + 10, SIGMA[3], KC + 8);
358

359
    if (keybits > 128) {
360
        /* Generate KB */
361
        for (i = 0; i < 4; ++i) {
362
            KC[12 + i] = KC[4 + i] ^ KC[8 + i];
363
        }
364

365
        camellia_feistel(KC + 12, SIGMA[4], KC + 14);
366
        camellia_feistel(KC + 14, SIGMA[5], KC + 12);
367
    }
368

369
    /*
370
     * Generating subkeys
371
     */
372

373
    /* Manipulating KL */
374
    SHIFT_AND_PLACE(idx, 0);
375

376
    /* Manipulating KR */
377
    if (keybits > 128) {
378
        SHIFT_AND_PLACE(idx, 1);
379
    }
380

381
    /* Manipulating KA */
382
    SHIFT_AND_PLACE(idx, 2);
383

384
    /* Manipulating KB */
385
    if (keybits > 128) {
386
        SHIFT_AND_PLACE(idx, 3);
387
    }
388

389
    /* Do transpositions */
390
    for (i = 0; i < 20; i++) {
391
        if (transposes[idx][i] != -1) {
392
            RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
393
        }
394
    }
395

396
    return 0;
397
}
398

399
/*
400
 * Camellia key schedule (decryption)
401
 */
402
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
403
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
404
                                const unsigned char *key,
405
                                unsigned int keybits)
406
{
407
    int idx, ret;
408
    size_t i;
409
    mbedtls_camellia_context cty;
410
    uint32_t *RK;
411
    uint32_t *SK;
412

413
    mbedtls_camellia_init(&cty);
414

415
    /* Also checks keybits */
416
    if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
417
        goto exit;
418
    }
419

420
    ctx->nr = cty.nr;
421
    idx = (ctx->nr == 4);
422

423
    RK = ctx->rk;
424
    SK = cty.rk + 24 * 2 + 8 * idx * 2;
425

426
    *RK++ = *SK++;
427
    *RK++ = *SK++;
428
    *RK++ = *SK++;
429
    *RK++ = *SK++;
430

431
    for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
432
        *RK++ = *SK++;
433
        *RK++ = *SK++;
434
    }
435

436
    SK -= 2;
437

438
    *RK++ = *SK++;
439
    *RK++ = *SK++;
440
    *RK++ = *SK++;
441
    *RK++ = *SK++;
442

443
exit:
444
    mbedtls_camellia_free(&cty);
445

446
    return ret;
447
}
448
#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
449

450
/*
451
 * Camellia-ECB block encryption/decryption
452
 */
453
int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
454
                               int mode,
455
                               const unsigned char input[16],
456
                               unsigned char output[16])
457
{
458
    int NR;
459
    uint32_t *RK, X[4];
460
    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
461
        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
462
    }
463

464
    ((void) mode);
465

466
    NR = ctx->nr;
467
    RK = ctx->rk;
468

469
    X[0] = MBEDTLS_GET_UINT32_BE(input,  0);
470
    X[1] = MBEDTLS_GET_UINT32_BE(input,  4);
471
    X[2] = MBEDTLS_GET_UINT32_BE(input,  8);
472
    X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
473

474
    X[0] ^= *RK++;
475
    X[1] ^= *RK++;
476
    X[2] ^= *RK++;
477
    X[3] ^= *RK++;
478

479
    while (NR) {
480
        --NR;
481
        camellia_feistel(X, RK, X + 2);
482
        RK += 2;
483
        camellia_feistel(X + 2, RK, X);
484
        RK += 2;
485
        camellia_feistel(X, RK, X + 2);
486
        RK += 2;
487
        camellia_feistel(X + 2, RK, X);
488
        RK += 2;
489
        camellia_feistel(X, RK, X + 2);
490
        RK += 2;
491
        camellia_feistel(X + 2, RK, X);
492
        RK += 2;
493

494
        if (NR) {
495
            FL(X[0], X[1], RK[0], RK[1]);
496
            RK += 2;
497
            FLInv(X[2], X[3], RK[0], RK[1]);
498
            RK += 2;
499
        }
500
    }
501

502
    X[2] ^= *RK++;
503
    X[3] ^= *RK++;
504
    X[0] ^= *RK++;
505
    X[1] ^= *RK++;
506

507
    MBEDTLS_PUT_UINT32_BE(X[2], output,  0);
508
    MBEDTLS_PUT_UINT32_BE(X[3], output,  4);
509
    MBEDTLS_PUT_UINT32_BE(X[0], output,  8);
510
    MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
511

512
    return 0;
513
}
514

515
#if defined(MBEDTLS_CIPHER_MODE_CBC)
516
/*
517
 * Camellia-CBC buffer encryption/decryption
518
 */
519
int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
520
                               int mode,
521
                               size_t length,
522
                               unsigned char iv[16],
523
                               const unsigned char *input,
524
                               unsigned char *output)
525
{
526
    unsigned char temp[16];
527
    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
528
        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
529
    }
530

531
    if (length % 16) {
532
        return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
533
    }
534

535
    if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
536
        while (length > 0) {
537
            memcpy(temp, input, 16);
538
            mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
539

540
            mbedtls_xor(output, output, iv, 16);
541

542
            memcpy(iv, temp, 16);
543

544
            input  += 16;
545
            output += 16;
546
            length -= 16;
547
        }
548
    } else {
549
        while (length > 0) {
550
            mbedtls_xor(output, input, iv, 16);
551

552
            mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
553
            memcpy(iv, output, 16);
554

555
            input  += 16;
556
            output += 16;
557
            length -= 16;
558
        }
559
    }
560

561
    return 0;
562
}
563
#endif /* MBEDTLS_CIPHER_MODE_CBC */
564

565
#if defined(MBEDTLS_CIPHER_MODE_CFB)
566
/*
567
 * Camellia-CFB128 buffer encryption/decryption
568
 */
569
int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
570
                                  int mode,
571
                                  size_t length,
572
                                  size_t *iv_off,
573
                                  unsigned char iv[16],
574
                                  const unsigned char *input,
575
                                  unsigned char *output)
576
{
577
    int c;
578
    size_t n;
579
    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
580
        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
581
    }
582

583
    n = *iv_off;
584
    if (n >= 16) {
585
        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
586
    }
587

588
    if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
589
        while (length--) {
590
            if (n == 0) {
591
                mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
592
            }
593

594
            c = *input++;
595
            *output++ = (unsigned char) (c ^ iv[n]);
596
            iv[n] = (unsigned char) c;
597

598
            n = (n + 1) & 0x0F;
599
        }
600
    } else {
601
        while (length--) {
602
            if (n == 0) {
603
                mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
604
            }
605

606
            iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
607

608
            n = (n + 1) & 0x0F;
609
        }
610
    }
611

612
    *iv_off = n;
613

614
    return 0;
615
}
616
#endif /* MBEDTLS_CIPHER_MODE_CFB */
617

618
#if defined(MBEDTLS_CIPHER_MODE_CTR)
619
/*
620
 * Camellia-CTR buffer encryption/decryption
621
 */
622
int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
623
                               size_t length,
624
                               size_t *nc_off,
625
                               unsigned char nonce_counter[16],
626
                               unsigned char stream_block[16],
627
                               const unsigned char *input,
628
                               unsigned char *output)
629
{
630
    int c, i;
631
    size_t n;
632

633
    n = *nc_off;
634
    if (n >= 16) {
635
        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
636
    }
637

638
    while (length--) {
639
        if (n == 0) {
640
            mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
641
                                       stream_block);
642

643
            for (i = 16; i > 0; i--) {
644
                if (++nonce_counter[i - 1] != 0) {
645
                    break;
646
                }
647
            }
648
        }
649
        c = *input++;
650
        *output++ = (unsigned char) (c ^ stream_block[n]);
651

652
        n = (n + 1) & 0x0F;
653
    }
654

655
    *nc_off = n;
656

657
    return 0;
658
}
659
#endif /* MBEDTLS_CIPHER_MODE_CTR */
660
#endif /* !MBEDTLS_CAMELLIA_ALT */
661

662
#if defined(MBEDTLS_SELF_TEST)
663

664
/*
665
 * Camellia test vectors from:
666
 *
667
 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
668
 *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
669
 *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
670
 *                      (For each bitlength: Key 0, Nr 39)
671
 */
672
#define CAMELLIA_TESTS_ECB  2
673

674
static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
675
{
676
    {
677
        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
678
          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
679
        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
680
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
681
    },
682
    {
683
        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
684
          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
685
          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
686
        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
687
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
688
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
689
    },
690
    {
691
        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
692
          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
693
          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
694
          0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
695
        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
696
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
697
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
698
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699
    },
700
};
701

702
static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
703
{
704
    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
705
      0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
706
    { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
707
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
708
};
709

710
static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
711
{
712
    {
713
        { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
714
          0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
715
        { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
716
          0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
717
    },
718
    {
719
        { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
720
          0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
721
        { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
722
          0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
723
    },
724
    {
725
        { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
726
          0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
727
        { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
728
          0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
729
    }
730
};
731

732
#if defined(MBEDTLS_CIPHER_MODE_CBC)
733
#define CAMELLIA_TESTS_CBC  3
734

735
static const unsigned char camellia_test_cbc_key[3][32] =
736
{
737
    { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
738
      0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
739
    ,
740
    { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
741
      0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
742
      0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
743
    ,
744
    { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
745
      0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
746
      0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
747
      0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
748
};
749

750
static const unsigned char camellia_test_cbc_iv[16] =
751

752
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
753
  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
754
;
755

756
static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
757
{
758
    { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
759
      0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
760
    { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
761
      0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
762
    { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
763
      0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
764

765
};
766

767
static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
768
{
769
    {
770
        { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
771
          0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
772
        { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
773
          0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
774
        { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
775
          0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
776
    },
777
    {
778
        { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
779
          0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
780
        { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
781
          0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
782
        { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
783
          0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
784
    },
785
    {
786
        { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
787
          0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
788
        { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
789
          0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
790
        { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
791
          0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
792
    }
793
};
794
#endif /* MBEDTLS_CIPHER_MODE_CBC */
795

796
#if defined(MBEDTLS_CIPHER_MODE_CTR)
797
/*
798
 * Camellia-CTR test vectors from:
799
 *
800
 * http://www.faqs.org/rfcs/rfc5528.html
801
 */
802

803
static const unsigned char camellia_test_ctr_key[3][16] =
804
{
805
    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
806
      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
807
    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
808
      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
809
    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
810
      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
811
};
812

813
static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
814
{
815
    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
816
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
817
    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
818
      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
819
    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
820
      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
821
};
822

823
static const unsigned char camellia_test_ctr_pt[3][48] =
824
{
825
    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
826
      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
827

828
    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
829
      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
830
      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
831
      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
832

833
    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834
      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835
      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836
      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
837
      0x20, 0x21, 0x22, 0x23 }
838
};
839

840
static const unsigned char camellia_test_ctr_ct[3][48] =
841
{
842
    { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
843
      0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
844
    { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
845
      0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
846
      0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
847
      0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
848
    { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
849
      0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
850
      0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
851
      0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
852
      0xDF, 0x50, 0x86, 0x96 }
853
};
854

855
static const int camellia_test_ctr_len[3] =
856
{ 16, 32, 36 };
857
#endif /* MBEDTLS_CIPHER_MODE_CTR */
858

859
/*
860
 * Checkup routine
861
 */
862
int mbedtls_camellia_self_test(int verbose)
863
{
864
    int i, j, u, v;
865
    unsigned char key[32];
866
    unsigned char buf[64];
867
    unsigned char src[16];
868
    unsigned char dst[16];
869
#if defined(MBEDTLS_CIPHER_MODE_CBC)
870
    unsigned char iv[16];
871
#endif
872
#if defined(MBEDTLS_CIPHER_MODE_CTR)
873
    size_t offset, len;
874
    unsigned char nonce_counter[16];
875
    unsigned char stream_block[16];
876
#endif
877
    int ret = 1;
878

879
    mbedtls_camellia_context ctx;
880

881
    mbedtls_camellia_init(&ctx);
882
    memset(key, 0, 32);
883

884
    for (j = 0; j < 6; j++) {
885
        u = j >> 1;
886
        v = j & 1;
887

888
        if (verbose != 0) {
889
            mbedtls_printf("  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
890
                           (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
891
        }
892

893
#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
894
        if (v == MBEDTLS_CAMELLIA_DECRYPT) {
895
            if (verbose != 0) {
896
                mbedtls_printf("skipped\n");
897
            }
898
            continue;
899
        }
900
#endif
901

902
        for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
903
            memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
904

905
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
906
            if (v == MBEDTLS_CAMELLIA_DECRYPT) {
907
                mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
908
                memcpy(src, camellia_test_ecb_cipher[u][i], 16);
909
                memcpy(dst, camellia_test_ecb_plain[i], 16);
910
            } else
911
#endif
912
            { /* MBEDTLS_CAMELLIA_ENCRYPT */
913
                mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
914
                memcpy(src, camellia_test_ecb_plain[i], 16);
915
                memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
916
            }
917

918
            mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
919

920
            if (memcmp(buf, dst, 16) != 0) {
921
                if (verbose != 0) {
922
                    mbedtls_printf("failed\n");
923
                }
924
                goto exit;
925
            }
926
        }
927

928
        if (verbose != 0) {
929
            mbedtls_printf("passed\n");
930
        }
931
    }
932

933
    if (verbose != 0) {
934
        mbedtls_printf("\n");
935
    }
936

937
#if defined(MBEDTLS_CIPHER_MODE_CBC)
938
    /*
939
     * CBC mode
940
     */
941
    for (j = 0; j < 6; j++) {
942
        u = j >> 1;
943
        v = j  & 1;
944

945
        if (verbose != 0) {
946
            mbedtls_printf("  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
947
                           (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
948
        }
949

950
        memcpy(src, camellia_test_cbc_iv, 16);
951
        memcpy(dst, camellia_test_cbc_iv, 16);
952
        memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
953

954
        if (v == MBEDTLS_CAMELLIA_DECRYPT) {
955
            mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
956
        } else {
957
            mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
958
        }
959

960
        for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
961

962
            if (v == MBEDTLS_CAMELLIA_DECRYPT) {
963
                memcpy(iv, src, 16);
964
                memcpy(src, camellia_test_cbc_cipher[u][i], 16);
965
                memcpy(dst, camellia_test_cbc_plain[i], 16);
966
            } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
967
                memcpy(iv, dst, 16);
968
                memcpy(src, camellia_test_cbc_plain[i], 16);
969
                memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
970
            }
971

972
            mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
973

974
            if (memcmp(buf, dst, 16) != 0) {
975
                if (verbose != 0) {
976
                    mbedtls_printf("failed\n");
977
                }
978
                goto exit;
979
            }
980
        }
981

982
        if (verbose != 0) {
983
            mbedtls_printf("passed\n");
984
        }
985
    }
986
#endif /* MBEDTLS_CIPHER_MODE_CBC */
987

988
    if (verbose != 0) {
989
        mbedtls_printf("\n");
990
    }
991

992
#if defined(MBEDTLS_CIPHER_MODE_CTR)
993
    /*
994
     * CTR mode
995
     */
996
    for (i = 0; i < 6; i++) {
997
        u = i >> 1;
998
        v = i  & 1;
999

1000
        if (verbose != 0) {
1001
            mbedtls_printf("  CAMELLIA-CTR-128 (%s): ",
1002
                           (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
1003
        }
1004

1005
        memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
1006
        memcpy(key, camellia_test_ctr_key[u], 16);
1007

1008
        offset = 0;
1009
        mbedtls_camellia_setkey_enc(&ctx, key, 128);
1010

1011
        if (v == MBEDTLS_CAMELLIA_DECRYPT) {
1012
            len = camellia_test_ctr_len[u];
1013
            memcpy(buf, camellia_test_ctr_ct[u], len);
1014

1015
            mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1016
                                       buf, buf);
1017

1018
            if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
1019
                if (verbose != 0) {
1020
                    mbedtls_printf("failed\n");
1021
                }
1022
                goto exit;
1023
            }
1024
        } else {
1025
            len = camellia_test_ctr_len[u];
1026
            memcpy(buf, camellia_test_ctr_pt[u], len);
1027

1028
            mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
1029
                                       buf, buf);
1030

1031
            if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
1032
                if (verbose != 0) {
1033
                    mbedtls_printf("failed\n");
1034
                }
1035
                goto exit;
1036
            }
1037
        }
1038

1039
        if (verbose != 0) {
1040
            mbedtls_printf("passed\n");
1041
        }
1042
    }
1043

1044
    if (verbose != 0) {
1045
        mbedtls_printf("\n");
1046
    }
1047
#endif /* MBEDTLS_CIPHER_MODE_CTR */
1048

1049
    ret = 0;
1050

1051
exit:
1052
    mbedtls_camellia_free(&ctx);
1053
    return ret;
1054
}
1055

1056
#endif /* MBEDTLS_SELF_TEST */
1057

1058
#endif /* MBEDTLS_CAMELLIA_C */
1059

1060
Product

Resources

Company
