PolarSSL v1.2.12
camellia.c
Go to the documentation of this file.
1 /*
2  * Camellia implementation
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27  * Corporation.
28  *
29  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
30  */
31 
32 #include "polarssl/config.h"
33 
34 #if defined(POLARSSL_CAMELLIA_C)
35 
36 #include "polarssl/camellia.h"
37 
38 #if !defined(POLARSSL_CAMELLIA_ALT)
39 
40 /* Implementation that should never be optimized out by the compiler */
41 static void polarssl_zeroize( void *v, size_t n ) {
42  volatile unsigned char *p = v; while( n-- ) *p++ = 0;
43 }
44 
45 /*
46  * 32-bit integer manipulation macros (big endian)
47  */
48 #ifndef GET_UINT32_BE
49 #define GET_UINT32_BE(n,b,i) \
50 { \
51  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
52  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
53  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
54  | ( (uint32_t) (b)[(i) + 3] ); \
55 }
56 #endif
57 
58 #ifndef PUT_UINT32_BE
59 #define PUT_UINT32_BE(n,b,i) \
60 { \
61  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
62  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
63  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
64  (b)[(i) + 3] = (unsigned char) ( (n) ); \
65 }
66 #endif
67 
68 static const unsigned char SIGMA_CHARS[6][8] =
69 {
70  { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
71  { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
72  { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
73  { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
74  { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
75  { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
76 };
77 
78 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
79 
80 static const unsigned char FSb[256] =
81 {
82  112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
83  35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
84  134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
85  166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
86  139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
87  223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
88  20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
89  254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
90  170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
91  16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
92  135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
93  82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
94  233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
95  120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
96  114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
97  64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
98 };
99 
100 #define SBOX1(n) FSb[(n)]
101 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
102 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
103 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
104 
105 #else
106 
107 static const unsigned char FSb[256] =
108 {
109  112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
110  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
111  134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
112  166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
113  139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
114  223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
115  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
116  254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
117  170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
118  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
119  135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
120  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
121  233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
122  120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
123  114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
124  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
125 };
126 
127 static const unsigned char FSb2[256] =
128 {
129  224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
130  70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
131  13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
132  77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
133  23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
134  191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
135  40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
136  253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
137  85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
138  32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
139  15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
140  164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
141  211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
142  240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
143  228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
144  128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
145 };
146 
147 static const unsigned char FSb3[256] =
148 {
149  56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
150  145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
151  67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
152  83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
153  197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
154  239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
155  10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
156  127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
157  85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
158  8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
159  195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
160  41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
161  244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
162  60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
163  57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
164  32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
165 };
166 
167 static const unsigned char FSb4[256] =
168 {
169  112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
170  134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
171  139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
172  20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
173  170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
174  135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
175  233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
176  114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
177  130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
178  184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
179  13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
180  88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
181  208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
182  92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
183  121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
184  7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
185 };
186 
187 #define SBOX1(n) FSb[(n)]
188 #define SBOX2(n) FSb2[(n)]
189 #define SBOX3(n) FSb3[(n)]
190 #define SBOX4(n) FSb4[(n)]
191 
192 #endif
193 
194 static const unsigned char shifts[2][4][4] =
195 {
196  {
197  { 1, 1, 1, 1 }, /* KL */
198  { 0, 0, 0, 0 }, /* KR */
199  { 1, 1, 1, 1 }, /* KA */
200  { 0, 0, 0, 0 } /* KB */
201  },
202  {
203  { 1, 0, 1, 1 }, /* KL */
204  { 1, 1, 0, 1 }, /* KR */
205  { 1, 1, 1, 0 }, /* KA */
206  { 1, 1, 0, 1 } /* KB */
207  }
208 };
209 
210 static const signed char indexes[2][4][20] =
211 {
212  {
213  { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
214  36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
215  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
216  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
217  { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
218  18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
219  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
220  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
221  },
222  {
223  { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
224  -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
225  { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
226  18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
227  { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
228  56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
229  { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
230  22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
231  }
232 };
233 
234 static const signed char transposes[2][20] =
235 {
236  {
237  21, 22, 23, 20,
238  -1, -1, -1, -1,
239  18, 19, 16, 17,
240  11, 8, 9, 10,
241  15, 12, 13, 14
242  },
243  {
244  25, 26, 27, 24,
245  29, 30, 31, 28,
246  18, 19, 16, 17,
247  -1, -1, -1, -1,
248  -1, -1, -1, -1
249  }
250 };
251 
252 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
253 #define ROTL(DEST, SRC, SHIFT) \
254 { \
255  (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
256  (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
257  (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
258  (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
259 }
260 
261 #define FL(XL, XR, KL, KR) \
262 { \
263  (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
264  (XL) = ((XR) | (KR)) ^ (XL); \
265 }
266 
267 #define FLInv(YL, YR, KL, KR) \
268 { \
269  (YL) = ((YR) | (KR)) ^ (YL); \
270  (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
271 }
272 
273 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
274 { \
275  TK[0] = KC[(OFFSET) * 4 + 0]; \
276  TK[1] = KC[(OFFSET) * 4 + 1]; \
277  TK[2] = KC[(OFFSET) * 4 + 2]; \
278  TK[3] = KC[(OFFSET) * 4 + 3]; \
279  \
280  for ( i = 1; i <= 4; i++ ) \
281  if (shifts[(INDEX)][(OFFSET)][i -1]) \
282  ROTL(TK + i * 4, TK, (15 * i) % 32); \
283  \
284  for ( i = 0; i < 20; i++ ) \
285  if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
286  RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
287  } \
288 }
289 
290 static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2])
291 {
292  uint32_t I0, I1;
293  I0 = x[0] ^ k[0];
294  I1 = x[1] ^ k[1];
295 
296  I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
297  (SBOX2((I0 >> 16) & 0xFF) << 16) |
298  (SBOX3((I0 >> 8) & 0xFF) << 8) |
299  (SBOX4((I0 ) & 0xFF) );
300  I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
301  (SBOX3((I1 >> 16) & 0xFF) << 16) |
302  (SBOX4((I1 >> 8) & 0xFF) << 8) |
303  (SBOX1((I1 ) & 0xFF) );
304 
305  I0 ^= (I1 << 8) | (I1 >> 24);
306  I1 ^= (I0 << 16) | (I0 >> 16);
307  I0 ^= (I1 >> 8) | (I1 << 24);
308  I1 ^= (I0 >> 8) | (I0 << 24);
309 
310  z[0] ^= I1;
311  z[1] ^= I0;
312 }
313 
314 /*
315  * Camellia key schedule (encryption)
316  */
317 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
318 {
319  int idx;
320  size_t i;
321  uint32_t *RK;
322  unsigned char t[64];
323  uint32_t SIGMA[6][2];
324  uint32_t KC[16];
325  uint32_t TK[20];
326 
327  RK = ctx->rk;
328 
329  memset(t, 0, 64);
330  memset(RK, 0, sizeof(ctx->rk));
331 
332  switch( keysize )
333  {
334  case 128: ctx->nr = 3; idx = 0; break;
335  case 192:
336  case 256: ctx->nr = 4; idx = 1; break;
337  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
338  }
339 
340  for( i = 0; i < keysize / 8; ++i)
341  t[i] = key[i];
342 
343  if (keysize == 192) {
344  for (i = 0; i < 8; i++)
345  t[24 + i] = ~t[16 + i];
346  }
347 
348  /*
349  * Prepare SIGMA values
350  */
351  for (i = 0; i < 6; i++) {
352  GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
353  GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
354  }
355 
356  /*
357  * Key storage in KC
358  * Order: KL, KR, KA, KB
359  */
360  memset(KC, 0, sizeof(KC));
361 
362  /* Store KL, KR */
363  for (i = 0; i < 8; i++)
364  GET_UINT32_BE(KC[i], t, i * 4);
365 
366  /* Generate KA */
367  for( i = 0; i < 4; ++i)
368  KC[8 + i] = KC[i] ^ KC[4 + i];
369 
370  camellia_feistel(KC + 8, SIGMA[0], KC + 10);
371  camellia_feistel(KC + 10, SIGMA[1], KC + 8);
372 
373  for( i = 0; i < 4; ++i)
374  KC[8 + i] ^= KC[i];
375 
376  camellia_feistel(KC + 8, SIGMA[2], KC + 10);
377  camellia_feistel(KC + 10, SIGMA[3], KC + 8);
378 
379  if (keysize > 128) {
380  /* Generate KB */
381  for( i = 0; i < 4; ++i)
382  KC[12 + i] = KC[4 + i] ^ KC[8 + i];
383 
384  camellia_feistel(KC + 12, SIGMA[4], KC + 14);
385  camellia_feistel(KC + 14, SIGMA[5], KC + 12);
386  }
387 
388  /*
389  * Generating subkeys
390  */
391 
392  /* Manipulating KL */
393  SHIFT_AND_PLACE(idx, 0);
394 
395  /* Manipulating KR */
396  if (keysize > 128) {
397  SHIFT_AND_PLACE(idx, 1);
398  }
399 
400  /* Manipulating KA */
401  SHIFT_AND_PLACE(idx, 2);
402 
403  /* Manipulating KB */
404  if (keysize > 128) {
405  SHIFT_AND_PLACE(idx, 3);
406  }
407 
408  /* Do transpositions */
409  for ( i = 0; i < 20; i++ ) {
410  if (transposes[idx][i] != -1) {
411  RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
412  }
413  }
414 
415  return( 0 );
416 }
417 
418 /*
419  * Camellia key schedule (decryption)
420  */
421 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
422 {
423  int idx;
424  size_t i;
425  camellia_context cty;
426  uint32_t *RK;
427  uint32_t *SK;
428  int ret;
429 
430  switch( keysize )
431  {
432  case 128: ctx->nr = 3; idx = 0; break;
433  case 192:
434  case 256: ctx->nr = 4; idx = 1; break;
435  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
436  }
437 
438  RK = ctx->rk;
439 
440  ret = camellia_setkey_enc(&cty, key, keysize);
441  if( ret != 0 )
442  return( ret );
443 
444  SK = cty.rk + 24 * 2 + 8 * idx * 2;
445 
446  *RK++ = *SK++;
447  *RK++ = *SK++;
448  *RK++ = *SK++;
449  *RK++ = *SK++;
450 
451  for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
452  {
453  *RK++ = *SK++;
454  *RK++ = *SK++;
455  }
456 
457  SK -= 2;
458 
459  *RK++ = *SK++;
460  *RK++ = *SK++;
461  *RK++ = *SK++;
462  *RK++ = *SK++;
463 
464  polarssl_zeroize( &cty, sizeof( camellia_context ) );
465 
466  return( 0 );
467 }
468 
469 /*
470  * Camellia-ECB block encryption/decryption
471  */
473  int mode,
474  const unsigned char input[16],
475  unsigned char output[16] )
476 {
477  int NR;
478  uint32_t *RK, X[4];
479 
480  ( (void) mode );
481 
482  NR = ctx->nr;
483  RK = ctx->rk;
484 
485  GET_UINT32_BE( X[0], input, 0 );
486  GET_UINT32_BE( X[1], input, 4 );
487  GET_UINT32_BE( X[2], input, 8 );
488  GET_UINT32_BE( X[3], input, 12 );
489 
490  X[0] ^= *RK++;
491  X[1] ^= *RK++;
492  X[2] ^= *RK++;
493  X[3] ^= *RK++;
494 
495  while (NR) {
496  --NR;
497  camellia_feistel(X, RK, X + 2);
498  RK += 2;
499  camellia_feistel(X + 2, RK, X);
500  RK += 2;
501  camellia_feistel(X, RK, X + 2);
502  RK += 2;
503  camellia_feistel(X + 2, RK, X);
504  RK += 2;
505  camellia_feistel(X, RK, X + 2);
506  RK += 2;
507  camellia_feistel(X + 2, RK, X);
508  RK += 2;
509 
510  if (NR) {
511  FL(X[0], X[1], RK[0], RK[1]);
512  RK += 2;
513  FLInv(X[2], X[3], RK[0], RK[1]);
514  RK += 2;
515  }
516  }
517 
518  X[2] ^= *RK++;
519  X[3] ^= *RK++;
520  X[0] ^= *RK++;
521  X[1] ^= *RK++;
522 
523  PUT_UINT32_BE( X[2], output, 0 );
524  PUT_UINT32_BE( X[3], output, 4 );
525  PUT_UINT32_BE( X[0], output, 8 );
526  PUT_UINT32_BE( X[1], output, 12 );
527 
528  return( 0 );
529 }
530 
531 /*
532  * Camellia-CBC buffer encryption/decryption
533  */
535  int mode,
536  size_t length,
537  unsigned char iv[16],
538  const unsigned char *input,
539  unsigned char *output )
540 {
541  int i;
542  unsigned char temp[16];
543 
544  if( length % 16 )
546 
547  if( mode == CAMELLIA_DECRYPT )
548  {
549  while( length > 0 )
550  {
551  memcpy( temp, input, 16 );
552  camellia_crypt_ecb( ctx, mode, input, output );
553 
554  for( i = 0; i < 16; i++ )
555  output[i] = (unsigned char)( output[i] ^ iv[i] );
556 
557  memcpy( iv, temp, 16 );
558 
559  input += 16;
560  output += 16;
561  length -= 16;
562  }
563  }
564  else
565  {
566  while( length > 0 )
567  {
568  for( i = 0; i < 16; i++ )
569  output[i] = (unsigned char)( input[i] ^ iv[i] );
570 
571  camellia_crypt_ecb( ctx, mode, output, output );
572  memcpy( iv, output, 16 );
573 
574  input += 16;
575  output += 16;
576  length -= 16;
577  }
578  }
579 
580  return( 0 );
581 }
582 
583 #if defined(POLARSSL_CIPHER_MODE_CFB)
584 /*
585  * Camellia-CFB128 buffer encryption/decryption
586  */
588  int mode,
589  size_t length,
590  size_t *iv_off,
591  unsigned char iv[16],
592  const unsigned char *input,
593  unsigned char *output )
594 {
595  int c;
596  size_t n = *iv_off;
597 
598  if( mode == CAMELLIA_DECRYPT )
599  {
600  while( length-- )
601  {
602  if( n == 0 )
603  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
604 
605  c = *input++;
606  *output++ = (unsigned char)( c ^ iv[n] );
607  iv[n] = (unsigned char) c;
608 
609  n = (n + 1) & 0x0F;
610  }
611  }
612  else
613  {
614  while( length-- )
615  {
616  if( n == 0 )
617  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
618 
619  iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
620 
621  n = (n + 1) & 0x0F;
622  }
623  }
624 
625  *iv_off = n;
626 
627  return( 0 );
628 }
629 #endif /* POLARSSL_CIPHER_MODE_CFB */
630 
631 #if defined(POLARSSL_CIPHER_MODE_CTR)
632 /*
633  * Camellia-CTR buffer encryption/decryption
634  */
636  size_t length,
637  size_t *nc_off,
638  unsigned char nonce_counter[16],
639  unsigned char stream_block[16],
640  const unsigned char *input,
641  unsigned char *output )
642 {
643  int c, i;
644  size_t n = *nc_off;
645 
646  while( length-- )
647  {
648  if( n == 0 ) {
649  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, stream_block );
650 
651  for( i = 16; i > 0; i-- )
652  if( ++nonce_counter[i - 1] != 0 )
653  break;
654  }
655  c = *input++;
656  *output++ = (unsigned char)( c ^ stream_block[n] );
657 
658  n = (n + 1) & 0x0F;
659  }
660 
661  *nc_off = n;
662 
663  return( 0 );
664 }
665 #endif /* POLARSSL_CIPHER_MODE_CTR */
666 #endif /* !POLARSSL_CAMELLIA_ALT */
667 
668 #if defined(POLARSSL_SELF_TEST)
669 
670 #include <stdio.h>
671 
672 /*
673  * Camellia test vectors from:
674  *
675  * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
676  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
677  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
678  * (For each bitlength: Key 0, Nr 39)
679  */
680 #define CAMELLIA_TESTS_ECB 2
681 
682 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
683 {
684  {
685  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
686  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
687  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
688  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
689  },
690  {
691  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
692  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
693  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
694  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
695  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
696  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
697  },
698  {
699  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
700  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
701  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
702  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
703  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
704  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
705  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
707  },
708 };
709 
710 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
711 {
712  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
713  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
714  { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
715  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
716 };
717 
718 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
719 {
720  {
721  { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
722  0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
723  { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
724  0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
725  },
726  {
727  { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
728  0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
729  { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
730  0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
731  },
732  {
733  { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
734  0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
735  { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
736  0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
737  }
738 };
739 
740 #define CAMELLIA_TESTS_CBC 3
741 
742 static const unsigned char camellia_test_cbc_key[3][32] =
743 {
744  { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
745  0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
746  ,
747  { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
748  0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
749  0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
750  ,
751  { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
752  0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
753  0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
754  0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
755 };
756 
757 static const unsigned char camellia_test_cbc_iv[16] =
758 
759  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
760  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
761 ;
762 
763 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
764 {
765  { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
766  0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
767  { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
768  0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
769  { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
770  0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
771 
772 };
773 
774 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
775 {
776  {
777  { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
778  0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
779  { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
780  0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
781  { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
782  0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
783  },
784  {
785  { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
786  0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
787  { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
788  0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
789  { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
790  0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
791  },
792  {
793  { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
794  0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
795  { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
796  0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
797  { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
798  0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
799  }
800 };
801 
802 #if defined(POLARSSL_CIPHER_MODE_CTR)
803 /*
804  * Camellia-CTR test vectors from:
805  *
806  * http://www.faqs.org/rfcs/rfc5528.html
807  */
808 
809 static const unsigned char camellia_test_ctr_key[3][16] =
810 {
811  { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
812  0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
813  { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
814  0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
815  { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
816  0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
817 };
818 
819 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
820 {
821  { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
822  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
823  { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
824  0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
825  { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
826  0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
827 };
828 
829 static const unsigned char camellia_test_ctr_pt[3][48] =
830 {
831  { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
832  0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
833 
834  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
835  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
836  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
837  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
838 
839  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
840  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
841  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
842  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
843  0x20, 0x21, 0x22, 0x23 }
844 };
845 
846 static const unsigned char camellia_test_ctr_ct[3][48] =
847 {
848  { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
849  0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
850  { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
851  0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
852  0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
853  0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
854  { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
855  0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
856  0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
857  0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
858  0xDF, 0x50, 0x86, 0x96 }
859 };
860 
861 static const int camellia_test_ctr_len[3] =
862  { 16, 32, 36 };
863 #endif /* POLARSSL_CIPHER_MODE_CTR */
864 
865 /*
866  * Checkup routine
867  */
868 int camellia_self_test( int verbose )
869 {
870  int i, j, u, v;
871  unsigned char key[32];
872  unsigned char buf[64];
873  unsigned char src[16];
874  unsigned char dst[16];
875  unsigned char iv[16];
876 #if defined(POLARSSL_CIPHER_MODE_CTR)
877  size_t offset, len;
878  unsigned char nonce_counter[16];
879  unsigned char stream_block[16];
880 #endif
881 
882  camellia_context ctx;
883 
884  memset( key, 0, 32 );
885 
886  for (j = 0; j < 6; j++) {
887  u = j >> 1;
888  v = j & 1;
889 
890  if( verbose != 0 )
891  printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
892  (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
893 
894  for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
895  memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
896 
897  if (v == CAMELLIA_DECRYPT) {
898  camellia_setkey_dec(&ctx, key, 128 + u * 64);
899  memcpy(src, camellia_test_ecb_cipher[u][i], 16);
900  memcpy(dst, camellia_test_ecb_plain[i], 16);
901  } else { /* CAMELLIA_ENCRYPT */
902  camellia_setkey_enc(&ctx, key, 128 + u * 64);
903  memcpy(src, camellia_test_ecb_plain[i], 16);
904  memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
905  }
906 
907  camellia_crypt_ecb(&ctx, v, src, buf);
908 
909  if( memcmp( buf, dst, 16 ) != 0 )
910  {
911  if( verbose != 0 )
912  printf( "failed\n" );
913 
914  return( 1 );
915  }
916  }
917 
918  if( verbose != 0 )
919  printf( "passed\n" );
920  }
921 
922  if( verbose != 0 )
923  printf( "\n" );
924 
925  /*
926  * CBC mode
927  */
928  for( j = 0; j < 6; j++ )
929  {
930  u = j >> 1;
931  v = j & 1;
932 
933  if( verbose != 0 )
934  printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
935  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
936 
937  memcpy( src, camellia_test_cbc_iv, 16);
938  memcpy( dst, camellia_test_cbc_iv, 16);
939  memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
940 
941  if (v == CAMELLIA_DECRYPT) {
942  camellia_setkey_dec(&ctx, key, 128 + u * 64);
943  } else {
944  camellia_setkey_enc(&ctx, key, 128 + u * 64);
945  }
946 
947  for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
948 
949  if (v == CAMELLIA_DECRYPT) {
950  memcpy( iv , src, 16 );
951  memcpy(src, camellia_test_cbc_cipher[u][i], 16);
952  memcpy(dst, camellia_test_cbc_plain[i], 16);
953  } else { /* CAMELLIA_ENCRYPT */
954  memcpy( iv , dst, 16 );
955  memcpy(src, camellia_test_cbc_plain[i], 16);
956  memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
957  }
958 
959  camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
960 
961  if( memcmp( buf, dst, 16 ) != 0 )
962  {
963  if( verbose != 0 )
964  printf( "failed\n" );
965 
966  return( 1 );
967  }
968  }
969 
970  if( verbose != 0 )
971  printf( "passed\n" );
972  }
973 
974  if( verbose != 0 )
975  printf( "\n" );
976 
977 #if defined(POLARSSL_CIPHER_MODE_CTR)
978  /*
979  * CTR mode
980  */
981  for( i = 0; i < 6; i++ )
982  {
983  u = i >> 1;
984  v = i & 1;
985 
986  if( verbose != 0 )
987  printf( " CAMELLIA-CTR-128 (%s): ",
988  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
989 
990  memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
991  memcpy( key, camellia_test_ctr_key[u], 16 );
992 
993  offset = 0;
994  camellia_setkey_enc( &ctx, key, 128 );
995 
996  if( v == CAMELLIA_DECRYPT )
997  {
998  len = camellia_test_ctr_len[u];
999  memcpy( buf, camellia_test_ctr_ct[u], len );
1000 
1001  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
1002 
1003  if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1004  {
1005  if( verbose != 0 )
1006  printf( "failed\n" );
1007 
1008  return( 1 );
1009  }
1010  }
1011  else
1012  {
1013  len = camellia_test_ctr_len[u];
1014  memcpy( buf, camellia_test_ctr_pt[u], len );
1015 
1016  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
1017 
1018  if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1019  {
1020  if( verbose != 0 )
1021  printf( "failed\n" );
1022 
1023  return( 1 );
1024  }
1025  }
1026 
1027  if( verbose != 0 )
1028  printf( "passed\n" );
1029  }
1030 
1031  if( verbose != 0 )
1032  printf( "\n" );
1033 #endif /* POLARSSL_CIPHER_MODE_CTR */
1034 
1035  return ( 0 );
1036 }
1037 
1038 #endif
1039 
1040 #endif
uint32_t rk[68]
Definition: camellia.h:57
asn1_buf buf
Buffer containing the given ASN.1 item.
Definition: asn1.h:132
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
Camellia block cipher.
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Definition: camellia.h:45
CAMELLIA context structure.
Definition: camellia.h:54
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define CAMELLIA_DECRYPT
Definition: camellia.h:42
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.
Definition: camellia.h:44
#define CAMELLIA_ENCRYPT
Definition: camellia.h:41