PolarSSL v1.1.4
|
00001 /* 00002 * Camellia implementation 00003 * 00004 * Copyright (C) 2006-2010, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The Camellia block cipher was designed by NTT and Mitsubishi Electric 00027 * Corporation. 00028 * 00029 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf 00030 */ 00031 00032 #include "polarssl/config.h" 00033 00034 #if defined(POLARSSL_CAMELLIA_C) 00035 00036 #include "polarssl/camellia.h" 00037 00038 /* 00039 * 32-bit integer manipulation macros (big endian) 00040 */ 00041 #ifndef GET_ULONG_BE 00042 #define GET_ULONG_BE(n,b,i) \ 00043 { \ 00044 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ 00045 | ( (unsigned long) (b)[(i) + 1] << 16 ) \ 00046 | ( (unsigned long) (b)[(i) + 2] << 8 ) \ 00047 | ( (unsigned long) (b)[(i) + 3] ); \ 00048 } 00049 #endif 00050 00051 #ifndef PUT_ULONG_BE 00052 #define PUT_ULONG_BE(n,b,i) \ 00053 { \ 00054 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00055 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00056 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00057 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00058 } 00059 #endif 00060 00061 static const unsigned char SIGMA_CHARS[6][8] = 00062 { 00063 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, 00064 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 }, 00065 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe }, 00066 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c }, 00067 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d }, 00068 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd } 00069 }; 00070 00071 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY) 00072 00073 static const unsigned char FSb[256] = 00074 { 00075 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, 00076 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, 00077 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, 00078 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, 00079 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, 00080 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, 00081 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, 00082 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, 00083 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, 00084 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, 00085 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, 00086 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, 00087 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, 00088 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, 00089 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, 00090 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 00091 }; 00092 00093 #define SBOX1(n) FSb[(n)] 00094 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff) 00095 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff) 00096 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff] 00097 00098 #else 00099 00100 static const unsigned char FSb[256] = 00101 { 00102 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, 00103 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, 00104 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, 00105 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, 00106 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, 00107 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, 00108 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, 00109 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, 00110 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, 00111 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, 00112 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, 00113 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, 00114 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, 00115 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, 00116 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, 00117 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 00118 }; 00119 00120 static const unsigned char FSb2[256] = 00121 { 00122 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, 00123 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, 00124 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, 00125 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, 00126 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, 00127 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, 00128 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, 00129 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, 00130 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, 00131 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, 00132 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, 00133 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, 00134 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, 00135 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, 00136 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, 00137 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 00138 }; 00139 00140 static const unsigned char FSb3[256] = 00141 { 00142 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, 00143 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, 00144 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, 00145 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, 00146 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, 00147 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, 00148 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, 00149 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, 00150 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, 00151 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, 00152 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, 00153 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, 00154 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, 00155 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, 00156 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, 00157 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 00158 }; 00159 00160 static const unsigned char FSb4[256] = 00161 { 00162 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, 00163 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, 00164 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, 00165 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, 00166 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, 00167 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, 00168 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, 00169 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, 00170 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, 00171 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, 00172 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, 00173 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, 00174 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, 00175 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, 00176 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, 00177 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 00178 }; 00179 00180 #define SBOX1(n) FSb[(n)] 00181 #define SBOX2(n) FSb2[(n)] 00182 #define SBOX3(n) FSb3[(n)] 00183 #define SBOX4(n) FSb4[(n)] 00184 00185 #endif 00186 00187 static const unsigned char shifts[2][4][4] = 00188 { 00189 { 00190 { 1, 1, 1, 1 }, /* KL */ 00191 { 0, 0, 0, 0 }, /* KR */ 00192 { 1, 1, 1, 1 }, /* KA */ 00193 { 0, 0, 0, 0 } /* KB */ 00194 }, 00195 { 00196 { 1, 0, 1, 1 }, /* KL */ 00197 { 1, 1, 0, 1 }, /* KR */ 00198 { 1, 1, 1, 0 }, /* KA */ 00199 { 1, 1, 0, 1 } /* KB */ 00200 } 00201 }; 00202 00203 static const signed char indexes[2][4][20] = 00204 { 00205 { 00206 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, 00207 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ 00208 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00209 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ 00210 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, 00211 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ 00212 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 00213 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ 00214 }, 00215 { 00216 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, 00217 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ 00218 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, 00219 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ 00220 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, 00221 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ 00222 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, 00223 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ 00224 } 00225 }; 00226 00227 static const signed char transposes[2][20] = 00228 { 00229 { 00230 21, 22, 23, 20, 00231 -1, -1, -1, -1, 00232 18, 19, 16, 17, 00233 11, 8, 9, 10, 00234 15, 12, 13, 14 00235 }, 00236 { 00237 25, 26, 27, 24, 00238 29, 30, 31, 28, 00239 18, 19, 16, 17, 00240 -1, -1, -1, -1, 00241 -1, -1, -1, -1 00242 } 00243 }; 00244 00245 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */ 00246 #define ROTL(DEST, SRC, SHIFT) \ 00247 { \ 00248 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \ 00249 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \ 00250 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \ 00251 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \ 00252 } 00253 00254 #define FL(XL, XR, KL, KR) \ 00255 { \ 00256 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \ 00257 (XL) = ((XR) | (KR)) ^ (XL); \ 00258 } 00259 00260 #define FLInv(YL, YR, KL, KR) \ 00261 { \ 00262 (YL) = ((YR) | (KR)) ^ (YL); \ 00263 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \ 00264 } 00265 00266 #define SHIFT_AND_PLACE(INDEX, OFFSET) \ 00267 { \ 00268 TK[0] = KC[(OFFSET) * 4 + 0]; \ 00269 TK[1] = KC[(OFFSET) * 4 + 1]; \ 00270 TK[2] = KC[(OFFSET) * 4 + 2]; \ 00271 TK[3] = KC[(OFFSET) * 4 + 3]; \ 00272 \ 00273 for ( i = 1; i <= 4; i++ ) \ 00274 if (shifts[(INDEX)][(OFFSET)][i -1]) \ 00275 ROTL(TK + i * 4, TK, (15 * i) % 32); \ 00276 \ 00277 for ( i = 0; i < 20; i++ ) \ 00278 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \ 00279 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \ 00280 } \ 00281 } 00282 00283 static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2]) 00284 { 00285 uint32_t I0, I1; 00286 I0 = x[0] ^ k[0]; 00287 I1 = x[1] ^ k[1]; 00288 00289 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) | 00290 (SBOX2((I0 >> 16) & 0xFF) << 16) | 00291 (SBOX3((I0 >> 8) & 0xFF) << 8) | 00292 (SBOX4((I0 ) & 0xFF) ); 00293 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) | 00294 (SBOX3((I1 >> 16) & 0xFF) << 16) | 00295 (SBOX4((I1 >> 8) & 0xFF) << 8) | 00296 (SBOX1((I1 ) & 0xFF) ); 00297 00298 I0 ^= (I1 << 8) | (I1 >> 24); 00299 I1 ^= (I0 << 16) | (I0 >> 16); 00300 I0 ^= (I1 >> 8) | (I1 << 24); 00301 I1 ^= (I0 >> 8) | (I0 << 24); 00302 00303 z[0] ^= I1; 00304 z[1] ^= I0; 00305 } 00306 00307 /* 00308 * Camellia key schedule (encryption) 00309 */ 00310 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize ) 00311 { 00312 int idx; 00313 size_t i; 00314 uint32_t *RK; 00315 unsigned char t[64]; 00316 uint32_t SIGMA[6][2]; 00317 uint32_t KC[16]; 00318 uint32_t TK[20]; 00319 00320 RK = ctx->rk; 00321 00322 memset(t, 0, 64); 00323 memset(RK, 0, sizeof(ctx->rk)); 00324 00325 switch( keysize ) 00326 { 00327 case 128: ctx->nr = 3; idx = 0; break; 00328 case 192: 00329 case 256: ctx->nr = 4; idx = 1; break; 00330 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH ); 00331 } 00332 00333 for( i = 0; i < keysize / 8; ++i) 00334 t[i] = key[i]; 00335 00336 if (keysize == 192) { 00337 for (i = 0; i < 8; i++) 00338 t[24 + i] = ~t[16 + i]; 00339 } 00340 00341 /* 00342 * Prepare SIGMA values 00343 */ 00344 for (i = 0; i < 6; i++) { 00345 GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0); 00346 GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4); 00347 } 00348 00349 /* 00350 * Key storage in KC 00351 * Order: KL, KR, KA, KB 00352 */ 00353 memset(KC, 0, sizeof(KC)); 00354 00355 /* Store KL, KR */ 00356 for (i = 0; i < 8; i++) 00357 GET_ULONG_BE(KC[i], t, i * 4); 00358 00359 /* Generate KA */ 00360 for( i = 0; i < 4; ++i) 00361 KC[8 + i] = KC[i] ^ KC[4 + i]; 00362 00363 camellia_feistel(KC + 8, SIGMA[0], KC + 10); 00364 camellia_feistel(KC + 10, SIGMA[1], KC + 8); 00365 00366 for( i = 0; i < 4; ++i) 00367 KC[8 + i] ^= KC[i]; 00368 00369 camellia_feistel(KC + 8, SIGMA[2], KC + 10); 00370 camellia_feistel(KC + 10, SIGMA[3], KC + 8); 00371 00372 if (keysize > 128) { 00373 /* Generate KB */ 00374 for( i = 0; i < 4; ++i) 00375 KC[12 + i] = KC[4 + i] ^ KC[8 + i]; 00376 00377 camellia_feistel(KC + 12, SIGMA[4], KC + 14); 00378 camellia_feistel(KC + 14, SIGMA[5], KC + 12); 00379 } 00380 00381 /* 00382 * Generating subkeys 00383 */ 00384 00385 /* Manipulating KL */ 00386 SHIFT_AND_PLACE(idx, 0); 00387 00388 /* Manipulating KR */ 00389 if (keysize > 128) { 00390 SHIFT_AND_PLACE(idx, 1); 00391 } 00392 00393 /* Manipulating KA */ 00394 SHIFT_AND_PLACE(idx, 2); 00395 00396 /* Manipulating KB */ 00397 if (keysize > 128) { 00398 SHIFT_AND_PLACE(idx, 3); 00399 } 00400 00401 /* Do transpositions */ 00402 for ( i = 0; i < 20; i++ ) { 00403 if (transposes[idx][i] != -1) { 00404 RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; 00405 } 00406 } 00407 00408 return( 0 ); 00409 } 00410 00411 /* 00412 * Camellia key schedule (decryption) 00413 */ 00414 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize ) 00415 { 00416 int idx; 00417 size_t i; 00418 camellia_context cty; 00419 uint32_t *RK; 00420 uint32_t *SK; 00421 int ret; 00422 00423 switch( keysize ) 00424 { 00425 case 128: ctx->nr = 3; idx = 0; break; 00426 case 192: 00427 case 256: ctx->nr = 4; idx = 1; break; 00428 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH ); 00429 } 00430 00431 RK = ctx->rk; 00432 00433 ret = camellia_setkey_enc(&cty, key, keysize); 00434 if( ret != 0 ) 00435 return( ret ); 00436 00437 SK = cty.rk + 24 * 2 + 8 * idx * 2; 00438 00439 *RK++ = *SK++; 00440 *RK++ = *SK++; 00441 *RK++ = *SK++; 00442 *RK++ = *SK++; 00443 00444 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) 00445 { 00446 *RK++ = *SK++; 00447 *RK++ = *SK++; 00448 } 00449 00450 SK -= 2; 00451 00452 *RK++ = *SK++; 00453 *RK++ = *SK++; 00454 *RK++ = *SK++; 00455 *RK++ = *SK++; 00456 00457 memset( &cty, 0, sizeof( camellia_context ) ); 00458 00459 return( 0 ); 00460 } 00461 00462 /* 00463 * Camellia-ECB block encryption/decryption 00464 */ 00465 int camellia_crypt_ecb( camellia_context *ctx, 00466 int mode, 00467 const unsigned char input[16], 00468 unsigned char output[16] ) 00469 { 00470 int NR; 00471 uint32_t *RK, X[4]; 00472 00473 ( (void) mode ); 00474 00475 NR = ctx->nr; 00476 RK = ctx->rk; 00477 00478 GET_ULONG_BE( X[0], input, 0 ); 00479 GET_ULONG_BE( X[1], input, 4 ); 00480 GET_ULONG_BE( X[2], input, 8 ); 00481 GET_ULONG_BE( X[3], input, 12 ); 00482 00483 X[0] ^= *RK++; 00484 X[1] ^= *RK++; 00485 X[2] ^= *RK++; 00486 X[3] ^= *RK++; 00487 00488 while (NR) { 00489 --NR; 00490 camellia_feistel(X, RK, X + 2); 00491 RK += 2; 00492 camellia_feistel(X + 2, RK, X); 00493 RK += 2; 00494 camellia_feistel(X, RK, X + 2); 00495 RK += 2; 00496 camellia_feistel(X + 2, RK, X); 00497 RK += 2; 00498 camellia_feistel(X, RK, X + 2); 00499 RK += 2; 00500 camellia_feistel(X + 2, RK, X); 00501 RK += 2; 00502 00503 if (NR) { 00504 FL(X[0], X[1], RK[0], RK[1]); 00505 RK += 2; 00506 FLInv(X[2], X[3], RK[0], RK[1]); 00507 RK += 2; 00508 } 00509 } 00510 00511 X[2] ^= *RK++; 00512 X[3] ^= *RK++; 00513 X[0] ^= *RK++; 00514 X[1] ^= *RK++; 00515 00516 PUT_ULONG_BE( X[2], output, 0 ); 00517 PUT_ULONG_BE( X[3], output, 4 ); 00518 PUT_ULONG_BE( X[0], output, 8 ); 00519 PUT_ULONG_BE( X[1], output, 12 ); 00520 00521 return( 0 ); 00522 } 00523 00524 /* 00525 * Camellia-CBC buffer encryption/decryption 00526 */ 00527 int camellia_crypt_cbc( camellia_context *ctx, 00528 int mode, 00529 size_t length, 00530 unsigned char iv[16], 00531 const unsigned char *input, 00532 unsigned char *output ) 00533 { 00534 int i; 00535 unsigned char temp[16]; 00536 00537 if( length % 16 ) 00538 return( POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); 00539 00540 if( mode == CAMELLIA_DECRYPT ) 00541 { 00542 while( length > 0 ) 00543 { 00544 memcpy( temp, input, 16 ); 00545 camellia_crypt_ecb( ctx, mode, input, output ); 00546 00547 for( i = 0; i < 16; i++ ) 00548 output[i] = (unsigned char)( output[i] ^ iv[i] ); 00549 00550 memcpy( iv, temp, 16 ); 00551 00552 input += 16; 00553 output += 16; 00554 length -= 16; 00555 } 00556 } 00557 else 00558 { 00559 while( length > 0 ) 00560 { 00561 for( i = 0; i < 16; i++ ) 00562 output[i] = (unsigned char)( input[i] ^ iv[i] ); 00563 00564 camellia_crypt_ecb( ctx, mode, output, output ); 00565 memcpy( iv, output, 16 ); 00566 00567 input += 16; 00568 output += 16; 00569 length -= 16; 00570 } 00571 } 00572 00573 return( 0 ); 00574 } 00575 00576 #if defined(POLARSSL_CIPHER_MODE_CFB) 00577 /* 00578 * Camellia-CFB128 buffer encryption/decryption 00579 */ 00580 int camellia_crypt_cfb128( camellia_context *ctx, 00581 int mode, 00582 size_t length, 00583 size_t *iv_off, 00584 unsigned char iv[16], 00585 const unsigned char *input, 00586 unsigned char *output ) 00587 { 00588 int c; 00589 size_t n = *iv_off; 00590 00591 if( mode == CAMELLIA_DECRYPT ) 00592 { 00593 while( length-- ) 00594 { 00595 if( n == 0 ) 00596 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv ); 00597 00598 c = *input++; 00599 *output++ = (unsigned char)( c ^ iv[n] ); 00600 iv[n] = (unsigned char) c; 00601 00602 n = (n + 1) & 0x0F; 00603 } 00604 } 00605 else 00606 { 00607 while( length-- ) 00608 { 00609 if( n == 0 ) 00610 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv ); 00611 00612 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); 00613 00614 n = (n + 1) & 0x0F; 00615 } 00616 } 00617 00618 *iv_off = n; 00619 00620 return( 0 ); 00621 } 00622 #endif /* POLARSSL_CIPHER_MODE_CFB */ 00623 00624 #if defined(POLARSSL_CIPHER_MODE_CTR) 00625 /* 00626 * Camellia-CTR buffer encryption/decryption 00627 */ 00628 int camellia_crypt_ctr( camellia_context *ctx, 00629 size_t length, 00630 size_t *nc_off, 00631 unsigned char nonce_counter[16], 00632 unsigned char stream_block[16], 00633 const unsigned char *input, 00634 unsigned char *output ) 00635 { 00636 int c, i, cb; 00637 size_t n = *nc_off; 00638 00639 while( length-- ) 00640 { 00641 if( n == 0 ) { 00642 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, stream_block ); 00643 00644 i = 15; 00645 do { 00646 nonce_counter[i]++; 00647 cb = nonce_counter[i] == 0; 00648 } while( i-- && cb ); 00649 00650 } 00651 c = *input++; 00652 *output++ = (unsigned char)( c ^ stream_block[n] ); 00653 00654 n = (n + 1) & 0x0F; 00655 } 00656 00657 *nc_off = n; 00658 00659 return( 0 ); 00660 } 00661 #endif /* POLARSSL_CIPHER_MODE_CTR */ 00662 00663 #if defined(POLARSSL_SELF_TEST) 00664 00665 #include <stdio.h> 00666 00667 /* 00668 * Camellia test vectors from: 00669 * 00670 * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html: 00671 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt 00672 * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt 00673 * (For each bitlength: Key 0, Nr 39) 00674 */ 00675 #define CAMELLIA_TESTS_ECB 2 00676 00677 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = 00678 { 00679 { 00680 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00681 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00682 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00683 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00684 }, 00685 { 00686 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00687 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00688 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, 00689 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00690 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00691 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00692 }, 00693 { 00694 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00695 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 00696 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 00697 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 00698 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00699 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00700 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 00701 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00702 }, 00703 }; 00704 00705 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = 00706 { 00707 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 00708 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, 00709 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 00710 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 00711 }; 00712 00713 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = 00714 { 00715 { 00716 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 00717 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, 00718 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, 00719 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 } 00720 }, 00721 { 00722 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 00723 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, 00724 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, 00725 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 } 00726 }, 00727 { 00728 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 00729 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, 00730 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, 00731 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 } 00732 } 00733 }; 00734 00735 #define CAMELLIA_TESTS_CBC 3 00736 00737 static const unsigned char camellia_test_cbc_key[3][32] = 00738 { 00739 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 00740 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } 00741 , 00742 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 00743 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, 00744 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } 00745 , 00746 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 00747 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 00748 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 00749 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } 00750 }; 00751 00752 static const unsigned char camellia_test_cbc_iv[16] = 00753 00754 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00755 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } 00756 ; 00757 00758 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = 00759 { 00760 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 00761 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }, 00762 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 00763 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }, 00764 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 00765 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF } 00766 00767 }; 00768 00769 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = 00770 { 00771 { 00772 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, 00773 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB }, 00774 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, 00775 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 }, 00776 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, 00777 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 } 00778 }, 00779 { 00780 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, 00781 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 }, 00782 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, 00783 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 }, 00784 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, 00785 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 } 00786 }, 00787 { 00788 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, 00789 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA }, 00790 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, 00791 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 }, 00792 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, 00793 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } 00794 } 00795 }; 00796 00797 #if defined(POLARSSL_CIPHER_MODE_CTR) 00798 /* 00799 * Camellia-CTR test vectors from: 00800 * 00801 * http://www.faqs.org/rfcs/rfc5528.html 00802 */ 00803 00804 static const unsigned char camellia_test_ctr_key[3][16] = 00805 { 00806 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, 00807 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, 00808 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, 00809 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, 00810 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, 00811 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } 00812 }; 00813 00814 static const unsigned char camellia_test_ctr_nonce_counter[3][16] = 00815 { 00816 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 00817 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 00818 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, 00819 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, 00820 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, 00821 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } 00822 }; 00823 00824 static const unsigned char camellia_test_ctr_pt[3][48] = 00825 { 00826 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, 00827 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, 00828 00829 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00830 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00831 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00832 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, 00833 00834 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 00835 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 00836 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 00837 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 00838 0x20, 0x21, 0x22, 0x23 } 00839 }; 00840 00841 static const unsigned char camellia_test_ctr_ct[3][48] = 00842 { 00843 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, 00844 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F }, 00845 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, 00846 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, 00847 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, 00848 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 }, 00849 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, 00850 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, 00851 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, 00852 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, 00853 0xDF, 0x50, 0x86, 0x96 } 00854 }; 00855 00856 static const int camellia_test_ctr_len[3] = 00857 { 16, 32, 36 }; 00858 #endif /* POLARSSL_CIPHER_MODE_CTR */ 00859 00860 /* 00861 * Checkup routine 00862 */ 00863 int camellia_self_test( int verbose ) 00864 { 00865 int i, j, u, v; 00866 unsigned char key[32]; 00867 unsigned char buf[64]; 00868 unsigned char src[16]; 00869 unsigned char dst[16]; 00870 unsigned char iv[16]; 00871 #if defined(POLARSSL_CIPHER_MODE_CTR) 00872 size_t offset, len; 00873 unsigned char nonce_counter[16]; 00874 unsigned char stream_block[16]; 00875 #endif 00876 00877 camellia_context ctx; 00878 00879 memset( key, 0, 32 ); 00880 00881 for (j = 0; j < 6; j++) { 00882 u = j >> 1; 00883 v = j & 1; 00884 00885 if( verbose != 0 ) 00886 printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, 00887 (v == CAMELLIA_DECRYPT) ? "dec" : "enc"); 00888 00889 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { 00890 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u); 00891 00892 if (v == CAMELLIA_DECRYPT) { 00893 camellia_setkey_dec(&ctx, key, 128 + u * 64); 00894 memcpy(src, camellia_test_ecb_cipher[u][i], 16); 00895 memcpy(dst, camellia_test_ecb_plain[i], 16); 00896 } else { /* CAMELLIA_ENCRYPT */ 00897 camellia_setkey_enc(&ctx, key, 128 + u * 64); 00898 memcpy(src, camellia_test_ecb_plain[i], 16); 00899 memcpy(dst, camellia_test_ecb_cipher[u][i], 16); 00900 } 00901 00902 camellia_crypt_ecb(&ctx, v, src, buf); 00903 00904 if( memcmp( buf, dst, 16 ) != 0 ) 00905 { 00906 if( verbose != 0 ) 00907 printf( "failed\n" ); 00908 00909 return( 1 ); 00910 } 00911 } 00912 00913 if( verbose != 0 ) 00914 printf( "passed\n" ); 00915 } 00916 00917 if( verbose != 0 ) 00918 printf( "\n" ); 00919 00920 /* 00921 * CBC mode 00922 */ 00923 for( j = 0; j < 6; j++ ) 00924 { 00925 u = j >> 1; 00926 v = j & 1; 00927 00928 if( verbose != 0 ) 00929 printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, 00930 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 00931 00932 memcpy( src, camellia_test_cbc_iv, 16); 00933 memcpy( dst, camellia_test_cbc_iv, 16); 00934 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u); 00935 00936 if (v == CAMELLIA_DECRYPT) { 00937 camellia_setkey_dec(&ctx, key, 128 + u * 64); 00938 } else { 00939 camellia_setkey_enc(&ctx, key, 128 + u * 64); 00940 } 00941 00942 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { 00943 00944 if (v == CAMELLIA_DECRYPT) { 00945 memcpy( iv , src, 16 ); 00946 memcpy(src, camellia_test_cbc_cipher[u][i], 16); 00947 memcpy(dst, camellia_test_cbc_plain[i], 16); 00948 } else { /* CAMELLIA_ENCRYPT */ 00949 memcpy( iv , dst, 16 ); 00950 memcpy(src, camellia_test_cbc_plain[i], 16); 00951 memcpy(dst, camellia_test_cbc_cipher[u][i], 16); 00952 } 00953 00954 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf); 00955 00956 if( memcmp( buf, dst, 16 ) != 0 ) 00957 { 00958 if( verbose != 0 ) 00959 printf( "failed\n" ); 00960 00961 return( 1 ); 00962 } 00963 } 00964 00965 if( verbose != 0 ) 00966 printf( "passed\n" ); 00967 } 00968 00969 if( verbose != 0 ) 00970 printf( "\n" ); 00971 00972 #if defined(POLARSSL_CIPHER_MODE_CTR) 00973 /* 00974 * CTR mode 00975 */ 00976 for( i = 0; i < 6; i++ ) 00977 { 00978 u = i >> 1; 00979 v = i & 1; 00980 00981 if( verbose != 0 ) 00982 printf( " CAMELLIA-CTR-128 (%s): ", 00983 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" ); 00984 00985 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); 00986 memcpy( key, camellia_test_ctr_key[u], 16 ); 00987 00988 offset = 0; 00989 camellia_setkey_enc( &ctx, key, 128 ); 00990 00991 if( v == CAMELLIA_DECRYPT ) 00992 { 00993 len = camellia_test_ctr_len[u]; 00994 memcpy( buf, camellia_test_ctr_ct[u], len ); 00995 00996 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf ); 00997 00998 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) 00999 { 01000 if( verbose != 0 ) 01001 printf( "failed\n" ); 01002 01003 return( 1 ); 01004 } 01005 } 01006 else 01007 { 01008 len = camellia_test_ctr_len[u]; 01009 memcpy( buf, camellia_test_ctr_pt[u], len ); 01010 01011 camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf ); 01012 01013 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) 01014 { 01015 if( verbose != 0 ) 01016 printf( "failed\n" ); 01017 01018 return( 1 ); 01019 } 01020 } 01021 01022 if( verbose != 0 ) 01023 printf( "passed\n" ); 01024 } 01025 01026 if( verbose != 0 ) 01027 printf( "\n" ); 01028 #endif /* POLARSSL_CIPHER_MODE_CTR */ 01029 01030 return ( 0 ); 01031 } 01032 01033 #endif 01034 01035 #endif