]> git.zerfleddert.de Git - proxmark3-svn/blame - common/mbedtls/camellia.c
fix 'lf pcf7931 bruteforce' (bug reported in http://www.proxmark.org/forum/viewtopic...
[proxmark3-svn] / common / mbedtls / camellia.c
CommitLineData
700d8687
OM
1/*
2 * Camellia implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23/*
24 * The Camellia block cipher was designed by NTT and Mitsubishi Electric
25 * Corporation.
26 *
27 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
28 */
29
30#if !defined(MBEDTLS_CONFIG_FILE)
31#include "mbedtls/config.h"
32#else
33#include MBEDTLS_CONFIG_FILE
34#endif
35
36#if defined(MBEDTLS_CAMELLIA_C)
37
38#include "mbedtls/camellia.h"
39#include "mbedtls/platform_util.h"
40
41#include <string.h>
42
43#if defined(MBEDTLS_SELF_TEST)
44#if defined(MBEDTLS_PLATFORM_C)
45#include "mbedtls/platform.h"
46#else
47#include <stdio.h>
48#define mbedtls_printf printf
49#endif /* MBEDTLS_PLATFORM_C */
50#endif /* MBEDTLS_SELF_TEST */
51
52#if !defined(MBEDTLS_CAMELLIA_ALT)
53
54/*
55 * 32-bit integer manipulation macros (big endian)
56 */
57#ifndef GET_UINT32_BE
58#define GET_UINT32_BE(n,b,i) \
59{ \
60 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
61 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
62 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
63 | ( (uint32_t) (b)[(i) + 3] ); \
64}
65#endif
66
67#ifndef PUT_UINT32_BE
68#define PUT_UINT32_BE(n,b,i) \
69{ \
70 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
71 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
72 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
73 (b)[(i) + 3] = (unsigned char) ( (n) ); \
74}
75#endif
76
77static const unsigned char SIGMA_CHARS[6][8] =
78{
79 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
80 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
81 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
82 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
83 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
84 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
85};
86
87#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
88
89static const unsigned char FSb[256] =
90{
91 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
92 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
93 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
94 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
95 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
96 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
97 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
98 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
99 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
100 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
101 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
102 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
103 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
104 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
105 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
106 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
107};
108
109#define SBOX1(n) FSb[(n)]
110#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
111#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
112#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
113
114#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
115
116static const unsigned char FSb[256] =
117{
118 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
119 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
120 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
121 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
122 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
123 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
124 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
125 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
126 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
127 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
128 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
129 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
130 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
131 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
132 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
133 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
134};
135
136static const unsigned char FSb2[256] =
137{
138 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
139 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
140 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
141 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
142 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
143 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
144 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
145 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
146 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
147 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
148 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
149 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
150 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
151 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
152 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
153 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
154};
155
156static const unsigned char FSb3[256] =
157{
158 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
159 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
160 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
161 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
162 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
163 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
164 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
165 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
166 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
167 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
168 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
169 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
170 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
171 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
172 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
173 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
174};
175
176static const unsigned char FSb4[256] =
177{
178 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
179 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
180 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
181 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
182 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
183 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
184 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
185 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
186 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
187 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
188 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
189 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
190 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
191 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
192 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
193 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
194};
195
196#define SBOX1(n) FSb[(n)]
197#define SBOX2(n) FSb2[(n)]
198#define SBOX3(n) FSb3[(n)]
199#define SBOX4(n) FSb4[(n)]
200
201#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
202
203static const unsigned char shifts[2][4][4] =
204{
205 {
206 { 1, 1, 1, 1 }, /* KL */
207 { 0, 0, 0, 0 }, /* KR */
208 { 1, 1, 1, 1 }, /* KA */
209 { 0, 0, 0, 0 } /* KB */
210 },
211 {
212 { 1, 0, 1, 1 }, /* KL */
213 { 1, 1, 0, 1 }, /* KR */
214 { 1, 1, 1, 0 }, /* KA */
215 { 1, 1, 0, 1 } /* KB */
216 }
217};
218
219static const signed char indexes[2][4][20] =
220{
221 {
222 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
223 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
224 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
225 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
226 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
227 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
228 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
229 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
230 },
231 {
232 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
233 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
234 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
235 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
236 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
237 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
238 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
239 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
240 }
241};
242
243static const signed char transposes[2][20] =
244{
245 {
246 21, 22, 23, 20,
247 -1, -1, -1, -1,
248 18, 19, 16, 17,
249 11, 8, 9, 10,
250 15, 12, 13, 14
251 },
252 {
253 25, 26, 27, 24,
254 29, 30, 31, 28,
255 18, 19, 16, 17,
256 -1, -1, -1, -1,
257 -1, -1, -1, -1
258 }
259};
260
261/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
262#define ROTL(DEST, SRC, SHIFT) \
263{ \
264 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
265 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
266 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
267 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
268}
269
270#define FL(XL, XR, KL, KR) \
271{ \
272 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
273 (XL) = ((XR) | (KR)) ^ (XL); \
274}
275
276#define FLInv(YL, YR, KL, KR) \
277{ \
278 (YL) = ((YR) | (KR)) ^ (YL); \
279 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
280}
281
282#define SHIFT_AND_PLACE(INDEX, OFFSET) \
283{ \
284 TK[0] = KC[(OFFSET) * 4 + 0]; \
285 TK[1] = KC[(OFFSET) * 4 + 1]; \
286 TK[2] = KC[(OFFSET) * 4 + 2]; \
287 TK[3] = KC[(OFFSET) * 4 + 3]; \
288 \
289 for( i = 1; i <= 4; i++ ) \
290 if( shifts[(INDEX)][(OFFSET)][i -1] ) \
291 ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
292 \
293 for( i = 0; i < 20; i++ ) \
294 if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
295 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
296 } \
297}
298
299static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
300 uint32_t z[2])
301{
302 uint32_t I0, I1;
303 I0 = x[0] ^ k[0];
304 I1 = x[1] ^ k[1];
305
306 I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
307 ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
308 ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
309 ((uint32_t) SBOX4((I0 ) & 0xFF) );
310 I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
311 ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
312 ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
313 ((uint32_t) SBOX1((I1 ) & 0xFF) );
314
315 I0 ^= (I1 << 8) | (I1 >> 24);
316 I1 ^= (I0 << 16) | (I0 >> 16);
317 I0 ^= (I1 >> 8) | (I1 << 24);
318 I1 ^= (I0 >> 8) | (I0 << 24);
319
320 z[0] ^= I1;
321 z[1] ^= I0;
322}
323
324void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
325{
326 memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
327}
328
329void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
330{
331 if( ctx == NULL )
332 return;
333
334 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
335}
336
337/*
338 * Camellia key schedule (encryption)
339 */
340int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
341 unsigned int keybits )
342{
343 int idx;
344 size_t i;
345 uint32_t *RK;
346 unsigned char t[64];
347 uint32_t SIGMA[6][2];
348 uint32_t KC[16];
349 uint32_t TK[20];
350
351 RK = ctx->rk;
352
353 memset( t, 0, 64 );
354 memset( RK, 0, sizeof(ctx->rk) );
355
356 switch( keybits )
357 {
358 case 128: ctx->nr = 3; idx = 0; break;
359 case 192:
360 case 256: ctx->nr = 4; idx = 1; break;
361 default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
362 }
363
364 for( i = 0; i < keybits / 8; ++i )
365 t[i] = key[i];
366
367 if( keybits == 192 ) {
368 for( i = 0; i < 8; i++ )
369 t[24 + i] = ~t[16 + i];
370 }
371
372 /*
373 * Prepare SIGMA values
374 */
375 for( i = 0; i < 6; i++ ) {
376 GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
377 GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
378 }
379
380 /*
381 * Key storage in KC
382 * Order: KL, KR, KA, KB
383 */
384 memset( KC, 0, sizeof(KC) );
385
386 /* Store KL, KR */
387 for( i = 0; i < 8; i++ )
388 GET_UINT32_BE( KC[i], t, i * 4 );
389
390 /* Generate KA */
391 for( i = 0; i < 4; ++i )
392 KC[8 + i] = KC[i] ^ KC[4 + i];
393
394 camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
395 camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
396
397 for( i = 0; i < 4; ++i )
398 KC[8 + i] ^= KC[i];
399
400 camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
401 camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
402
403 if( keybits > 128 ) {
404 /* Generate KB */
405 for( i = 0; i < 4; ++i )
406 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
407
408 camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
409 camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
410 }
411
412 /*
413 * Generating subkeys
414 */
415
416 /* Manipulating KL */
417 SHIFT_AND_PLACE( idx, 0 );
418
419 /* Manipulating KR */
420 if( keybits > 128 ) {
421 SHIFT_AND_PLACE( idx, 1 );
422 }
423
424 /* Manipulating KA */
425 SHIFT_AND_PLACE( idx, 2 );
426
427 /* Manipulating KB */
428 if( keybits > 128 ) {
429 SHIFT_AND_PLACE( idx, 3 );
430 }
431
432 /* Do transpositions */
433 for( i = 0; i < 20; i++ ) {
434 if( transposes[idx][i] != -1 ) {
435 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
436 }
437 }
438
439 return( 0 );
440}
441
442/*
443 * Camellia key schedule (decryption)
444 */
445int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
446 unsigned int keybits )
447{
448 int idx, ret;
449 size_t i;
450 mbedtls_camellia_context cty;
451 uint32_t *RK;
452 uint32_t *SK;
453
454 mbedtls_camellia_init( &cty );
455
456 /* Also checks keybits */
457 if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
458 goto exit;
459
460 ctx->nr = cty.nr;
461 idx = ( ctx->nr == 4 );
462
463 RK = ctx->rk;
464 SK = cty.rk + 24 * 2 + 8 * idx * 2;
465
466 *RK++ = *SK++;
467 *RK++ = *SK++;
468 *RK++ = *SK++;
469 *RK++ = *SK++;
470
471 for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
472 {
473 *RK++ = *SK++;
474 *RK++ = *SK++;
475 }
476
477 SK -= 2;
478
479 *RK++ = *SK++;
480 *RK++ = *SK++;
481 *RK++ = *SK++;
482 *RK++ = *SK++;
483
484exit:
485 mbedtls_camellia_free( &cty );
486
487 return( ret );
488}
489
490/*
491 * Camellia-ECB block encryption/decryption
492 */
493int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
494 int mode,
495 const unsigned char input[16],
496 unsigned char output[16] )
497{
498 int NR;
499 uint32_t *RK, X[4];
500
501 ( (void) mode );
502
503 NR = ctx->nr;
504 RK = ctx->rk;
505
506 GET_UINT32_BE( X[0], input, 0 );
507 GET_UINT32_BE( X[1], input, 4 );
508 GET_UINT32_BE( X[2], input, 8 );
509 GET_UINT32_BE( X[3], input, 12 );
510
511 X[0] ^= *RK++;
512 X[1] ^= *RK++;
513 X[2] ^= *RK++;
514 X[3] ^= *RK++;
515
516 while( NR ) {
517 --NR;
518 camellia_feistel( X, RK, X + 2 );
519 RK += 2;
520 camellia_feistel( X + 2, RK, X );
521 RK += 2;
522 camellia_feistel( X, RK, X + 2 );
523 RK += 2;
524 camellia_feistel( X + 2, RK, X );
525 RK += 2;
526 camellia_feistel( X, RK, X + 2 );
527 RK += 2;
528 camellia_feistel( X + 2, RK, X );
529 RK += 2;
530
531 if( NR ) {
532 FL(X[0], X[1], RK[0], RK[1]);
533 RK += 2;
534 FLInv(X[2], X[3], RK[0], RK[1]);
535 RK += 2;
536 }
537 }
538
539 X[2] ^= *RK++;
540 X[3] ^= *RK++;
541 X[0] ^= *RK++;
542 X[1] ^= *RK++;
543
544 PUT_UINT32_BE( X[2], output, 0 );
545 PUT_UINT32_BE( X[3], output, 4 );
546 PUT_UINT32_BE( X[0], output, 8 );
547 PUT_UINT32_BE( X[1], output, 12 );
548
549 return( 0 );
550}
551
552#if defined(MBEDTLS_CIPHER_MODE_CBC)
553/*
554 * Camellia-CBC buffer encryption/decryption
555 */
556int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
557 int mode,
558 size_t length,
559 unsigned char iv[16],
560 const unsigned char *input,
561 unsigned char *output )
562{
563 int i;
564 unsigned char temp[16];
565
566 if( length % 16 )
567 return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
568
569 if( mode == MBEDTLS_CAMELLIA_DECRYPT )
570 {
571 while( length > 0 )
572 {
573 memcpy( temp, input, 16 );
574 mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
575
576 for( i = 0; i < 16; i++ )
577 output[i] = (unsigned char)( output[i] ^ iv[i] );
578
579 memcpy( iv, temp, 16 );
580
581 input += 16;
582 output += 16;
583 length -= 16;
584 }
585 }
586 else
587 {
588 while( length > 0 )
589 {
590 for( i = 0; i < 16; i++ )
591 output[i] = (unsigned char)( input[i] ^ iv[i] );
592
593 mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
594 memcpy( iv, output, 16 );
595
596 input += 16;
597 output += 16;
598 length -= 16;
599 }
600 }
601
602 return( 0 );
603}
604#endif /* MBEDTLS_CIPHER_MODE_CBC */
605
606#if defined(MBEDTLS_CIPHER_MODE_CFB)
607/*
608 * Camellia-CFB128 buffer encryption/decryption
609 */
610int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
611 int mode,
612 size_t length,
613 size_t *iv_off,
614 unsigned char iv[16],
615 const unsigned char *input,
616 unsigned char *output )
617{
618 int c;
619 size_t n = *iv_off;
620
621 if( mode == MBEDTLS_CAMELLIA_DECRYPT )
622 {
623 while( length-- )
624 {
625 if( n == 0 )
626 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
627
628 c = *input++;
629 *output++ = (unsigned char)( c ^ iv[n] );
630 iv[n] = (unsigned char) c;
631
632 n = ( n + 1 ) & 0x0F;
633 }
634 }
635 else
636 {
637 while( length-- )
638 {
639 if( n == 0 )
640 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
641
642 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
643
644 n = ( n + 1 ) & 0x0F;
645 }
646 }
647
648 *iv_off = n;
649
650 return( 0 );
651}
652#endif /* MBEDTLS_CIPHER_MODE_CFB */
653
654#if defined(MBEDTLS_CIPHER_MODE_CTR)
655/*
656 * Camellia-CTR buffer encryption/decryption
657 */
658int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
659 size_t length,
660 size_t *nc_off,
661 unsigned char nonce_counter[16],
662 unsigned char stream_block[16],
663 const unsigned char *input,
664 unsigned char *output )
665{
666 int c, i;
667 size_t n = *nc_off;
668
669 while( length-- )
670 {
671 if( n == 0 ) {
672 mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
673 stream_block );
674
675 for( i = 16; i > 0; i-- )
676 if( ++nonce_counter[i - 1] != 0 )
677 break;
678 }
679 c = *input++;
680 *output++ = (unsigned char)( c ^ stream_block[n] );
681
682 n = ( n + 1 ) & 0x0F;
683 }
684
685 *nc_off = n;
686
687 return( 0 );
688}
689#endif /* MBEDTLS_CIPHER_MODE_CTR */
690#endif /* !MBEDTLS_CAMELLIA_ALT */
691
692#if defined(MBEDTLS_SELF_TEST)
693
694/*
695 * Camellia test vectors from:
696 *
697 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
698 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
699 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
700 * (For each bitlength: Key 0, Nr 39)
701 */
702#define CAMELLIA_TESTS_ECB 2
703
704static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
705{
706 {
707 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
708 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
709 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
710 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
711 },
712 {
713 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
714 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
715 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
716 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
718 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
719 },
720 {
721 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
722 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
723 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
724 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
725 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
727 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
728 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
729 },
730};
731
732static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
733{
734 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
735 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
736 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
737 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
738};
739
740static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
741{
742 {
743 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
744 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
745 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
746 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
747 },
748 {
749 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
750 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
751 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
752 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
753 },
754 {
755 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
756 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
757 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
758 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
759 }
760};
761
762#if defined(MBEDTLS_CIPHER_MODE_CBC)
763#define CAMELLIA_TESTS_CBC 3
764
765static const unsigned char camellia_test_cbc_key[3][32] =
766{
767 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
768 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
769 ,
770 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
771 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
772 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
773 ,
774 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
775 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
776 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
777 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
778};
779
780static const unsigned char camellia_test_cbc_iv[16] =
781
782 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
783 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
784;
785
786static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
787{
788 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
789 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
790 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
791 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
792 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
793 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
794
795};
796
797static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
798{
799 {
800 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
801 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
802 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
803 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
804 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
805 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
806 },
807 {
808 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
809 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
810 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
811 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
812 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
813 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
814 },
815 {
816 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
817 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
818 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
819 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
820 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
821 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
822 }
823};
824#endif /* MBEDTLS_CIPHER_MODE_CBC */
825
826#if defined(MBEDTLS_CIPHER_MODE_CTR)
827/*
828 * Camellia-CTR test vectors from:
829 *
830 * http://www.faqs.org/rfcs/rfc5528.html
831 */
832
833static const unsigned char camellia_test_ctr_key[3][16] =
834{
835 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
836 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
837 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
838 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
839 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
840 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
841};
842
843static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
844{
845 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
846 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
847 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
848 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
849 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
850 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
851};
852
853static const unsigned char camellia_test_ctr_pt[3][48] =
854{
855 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
856 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
857
858 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
859 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
860 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
861 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
862
863 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
864 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
865 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
866 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
867 0x20, 0x21, 0x22, 0x23 }
868};
869
870static const unsigned char camellia_test_ctr_ct[3][48] =
871{
872 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
873 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
874 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
875 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
876 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
877 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
878 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
879 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
880 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
881 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
882 0xDF, 0x50, 0x86, 0x96 }
883};
884
885static const int camellia_test_ctr_len[3] =
886 { 16, 32, 36 };
887#endif /* MBEDTLS_CIPHER_MODE_CTR */
888
889/*
890 * Checkup routine
891 */
892int mbedtls_camellia_self_test( int verbose )
893{
894 int i, j, u, v;
895 unsigned char key[32];
896 unsigned char buf[64];
897 unsigned char src[16];
898 unsigned char dst[16];
899#if defined(MBEDTLS_CIPHER_MODE_CBC)
900 unsigned char iv[16];
901#endif
902#if defined(MBEDTLS_CIPHER_MODE_CTR)
903 size_t offset, len;
904 unsigned char nonce_counter[16];
905 unsigned char stream_block[16];
906#endif
907
908 mbedtls_camellia_context ctx;
909
910 memset( key, 0, 32 );
911
912 for( j = 0; j < 6; j++ ) {
913 u = j >> 1;
914 v = j & 1;
915
916 if( verbose != 0 )
917 mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
918 (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
919
920 for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
921 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
922
923 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
924 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
925 memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
926 memcpy( dst, camellia_test_ecb_plain[i], 16 );
927 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
928 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
929 memcpy( src, camellia_test_ecb_plain[i], 16 );
930 memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
931 }
932
933 mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
934
935 if( memcmp( buf, dst, 16 ) != 0 )
936 {
937 if( verbose != 0 )
938 mbedtls_printf( "failed\n" );
939
940 return( 1 );
941 }
942 }
943
944 if( verbose != 0 )
945 mbedtls_printf( "passed\n" );
946 }
947
948 if( verbose != 0 )
949 mbedtls_printf( "\n" );
950
951#if defined(MBEDTLS_CIPHER_MODE_CBC)
952 /*
953 * CBC mode
954 */
955 for( j = 0; j < 6; j++ )
956 {
957 u = j >> 1;
958 v = j & 1;
959
960 if( verbose != 0 )
961 mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
962 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
963
964 memcpy( src, camellia_test_cbc_iv, 16 );
965 memcpy( dst, camellia_test_cbc_iv, 16 );
966 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
967
968 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
969 mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
970 } else {
971 mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
972 }
973
974 for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
975
976 if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
977 memcpy( iv , src, 16 );
978 memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
979 memcpy( dst, camellia_test_cbc_plain[i], 16 );
980 } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
981 memcpy( iv , dst, 16 );
982 memcpy( src, camellia_test_cbc_plain[i], 16 );
983 memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
984 }
985
986 mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
987
988 if( memcmp( buf, dst, 16 ) != 0 )
989 {
990 if( verbose != 0 )
991 mbedtls_printf( "failed\n" );
992
993 return( 1 );
994 }
995 }
996
997 if( verbose != 0 )
998 mbedtls_printf( "passed\n" );
999 }
1000#endif /* MBEDTLS_CIPHER_MODE_CBC */
1001
1002 if( verbose != 0 )
1003 mbedtls_printf( "\n" );
1004
1005#if defined(MBEDTLS_CIPHER_MODE_CTR)
1006 /*
1007 * CTR mode
1008 */
1009 for( i = 0; i < 6; i++ )
1010 {
1011 u = i >> 1;
1012 v = i & 1;
1013
1014 if( verbose != 0 )
1015 mbedtls_printf( " CAMELLIA-CTR-128 (%s): ",
1016 ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
1017
1018 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
1019 memcpy( key, camellia_test_ctr_key[u], 16 );
1020
1021 offset = 0;
1022 mbedtls_camellia_setkey_enc( &ctx, key, 128 );
1023
1024 if( v == MBEDTLS_CAMELLIA_DECRYPT )
1025 {
1026 len = camellia_test_ctr_len[u];
1027 memcpy( buf, camellia_test_ctr_ct[u], len );
1028
1029 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1030 buf, buf );
1031
1032 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1033 {
1034 if( verbose != 0 )
1035 mbedtls_printf( "failed\n" );
1036
1037 return( 1 );
1038 }
1039 }
1040 else
1041 {
1042 len = camellia_test_ctr_len[u];
1043 memcpy( buf, camellia_test_ctr_pt[u], len );
1044
1045 mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
1046 buf, buf );
1047
1048 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1049 {
1050 if( verbose != 0 )
1051 mbedtls_printf( "failed\n" );
1052
1053 return( 1 );
1054 }
1055 }
1056
1057 if( verbose != 0 )
1058 mbedtls_printf( "passed\n" );
1059 }
1060
1061 if( verbose != 0 )
1062 mbedtls_printf( "\n" );
1063#endif /* MBEDTLS_CIPHER_MODE_CTR */
1064
1065 return( 0 );
1066}
1067
1068#endif /* MBEDTLS_SELF_TEST */
1069
1070#endif /* MBEDTLS_CAMELLIA_C */
Impressum, Datenschutz