PolarSSL v1.3.2
camellia.c
Go to the documentation of this file.
1 /*
2  * Camellia implementation
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The Camellia block cipher was designed by NTT and Mitsubishi Electric
27  * Corporation.
28  *
29  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
30  */
31 
32 #include "polarssl/config.h"
33 
34 #if defined(POLARSSL_CAMELLIA_C)
35 
36 #include "polarssl/camellia.h"
37 
38 #if !defined(POLARSSL_CAMELLIA_ALT)
39 
40 /*
41  * 32-bit integer manipulation macros (big endian)
42  */
43 #ifndef GET_UINT32_BE
44 #define GET_UINT32_BE(n,b,i) \
45 { \
46  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49  | ( (uint32_t) (b)[(i) + 3] ); \
50 }
51 #endif
52 
53 #ifndef PUT_UINT32_BE
54 #define PUT_UINT32_BE(n,b,i) \
55 { \
56  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59  (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 }
61 #endif
62 
63 static const unsigned char SIGMA_CHARS[6][8] =
64 {
65  { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
66  { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
67  { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
68  { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
69  { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
70  { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
71 };
72 
73 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
74 
75 static const unsigned char FSb[256] =
76 {
77  112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
78  35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
79  134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
80  166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
81  139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
82  223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
83  20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
84  254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
85  170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
86  16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
87  135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
88  82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
89  233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
90  120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
91  114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
92  64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
93 };
94 
95 #define SBOX1(n) FSb[(n)]
96 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
97 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
98 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
99 
100 #else
101 
102 static const unsigned char FSb[256] =
103 {
104  112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
105  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
106  134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
107  166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
108  139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
109  223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
110  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
111  254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
112  170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
113  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
114  135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
115  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
116  233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
117  120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
118  114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
119  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
120 };
121 
122 static const unsigned char FSb2[256] =
123 {
124  224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
125  70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
126  13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
127  77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
128  23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
129  191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
130  40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
131  253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
132  85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
133  32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
134  15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
135  164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
136  211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
137  240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
138  228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
139  128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
140 };
141 
142 static const unsigned char FSb3[256] =
143 {
144  56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
145  145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
146  67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
147  83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
148  197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
149  239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
150  10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
151  127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
152  85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
153  8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
154  195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
155  41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
156  244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
157  60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
158  57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
159  32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
160 };
161 
162 static const unsigned char FSb4[256] =
163 {
164  112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
165  134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
166  139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
167  20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
168  170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
169  135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
170  233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
171  114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
172  130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
173  184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
174  13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
175  88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
176  208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
177  92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
178  121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
179  7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
180 };
181 
182 #define SBOX1(n) FSb[(n)]
183 #define SBOX2(n) FSb2[(n)]
184 #define SBOX3(n) FSb3[(n)]
185 #define SBOX4(n) FSb4[(n)]
186 
187 #endif
188 
189 static const unsigned char shifts[2][4][4] =
190 {
191  {
192  { 1, 1, 1, 1 }, /* KL */
193  { 0, 0, 0, 0 }, /* KR */
194  { 1, 1, 1, 1 }, /* KA */
195  { 0, 0, 0, 0 } /* KB */
196  },
197  {
198  { 1, 0, 1, 1 }, /* KL */
199  { 1, 1, 0, 1 }, /* KR */
200  { 1, 1, 1, 0 }, /* KA */
201  { 1, 1, 0, 1 } /* KB */
202  }
203 };
204 
205 static const signed char indexes[2][4][20] =
206 {
207  {
208  { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
209  36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
210  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
211  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
212  { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
213  18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
214  { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
215  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */
216  },
217  {
218  { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
219  -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
220  { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
221  18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
222  { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
223  56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
224  { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
225  22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
226  }
227 };
228 
229 static const signed char transposes[2][20] =
230 {
231  {
232  21, 22, 23, 20,
233  -1, -1, -1, -1,
234  18, 19, 16, 17,
235  11, 8, 9, 10,
236  15, 12, 13, 14
237  },
238  {
239  25, 26, 27, 24,
240  29, 30, 31, 28,
241  18, 19, 16, 17,
242  -1, -1, -1, -1,
243  -1, -1, -1, -1
244  }
245 };
246 
247 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
248 #define ROTL(DEST, SRC, SHIFT) \
249 { \
250  (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
251  (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
252  (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
253  (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
254 }
255 
256 #define FL(XL, XR, KL, KR) \
257 { \
258  (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
259  (XL) = ((XR) | (KR)) ^ (XL); \
260 }
261 
262 #define FLInv(YL, YR, KL, KR) \
263 { \
264  (YL) = ((YR) | (KR)) ^ (YL); \
265  (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
266 }
267 
268 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
269 { \
270  TK[0] = KC[(OFFSET) * 4 + 0]; \
271  TK[1] = KC[(OFFSET) * 4 + 1]; \
272  TK[2] = KC[(OFFSET) * 4 + 2]; \
273  TK[3] = KC[(OFFSET) * 4 + 3]; \
274  \
275  for ( i = 1; i <= 4; i++ ) \
276  if (shifts[(INDEX)][(OFFSET)][i -1]) \
277  ROTL(TK + i * 4, TK, (15 * i) % 32); \
278  \
279  for ( i = 0; i < 20; i++ ) \
280  if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
281  RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
282  } \
283 }
284 
285 static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2])
286 {
287  uint32_t I0, I1;
288  I0 = x[0] ^ k[0];
289  I1 = x[1] ^ k[1];
290 
291  I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
292  (SBOX2((I0 >> 16) & 0xFF) << 16) |
293  (SBOX3((I0 >> 8) & 0xFF) << 8) |
294  (SBOX4((I0 ) & 0xFF) );
295  I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
296  (SBOX3((I1 >> 16) & 0xFF) << 16) |
297  (SBOX4((I1 >> 8) & 0xFF) << 8) |
298  (SBOX1((I1 ) & 0xFF) );
299 
300  I0 ^= (I1 << 8) | (I1 >> 24);
301  I1 ^= (I0 << 16) | (I0 >> 16);
302  I0 ^= (I1 >> 8) | (I1 << 24);
303  I1 ^= (I0 >> 8) | (I0 << 24);
304 
305  z[0] ^= I1;
306  z[1] ^= I0;
307 }
308 
309 /*
310  * Camellia key schedule (encryption)
311  */
312 int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
313 {
314  int idx;
315  size_t i;
316  uint32_t *RK;
317  unsigned char t[64];
318  uint32_t SIGMA[6][2];
319  uint32_t KC[16];
320  uint32_t TK[20];
321 
322  RK = ctx->rk;
323 
324  memset(t, 0, 64);
325  memset(RK, 0, sizeof(ctx->rk));
326 
327  switch( keysize )
328  {
329  case 128: ctx->nr = 3; idx = 0; break;
330  case 192:
331  case 256: ctx->nr = 4; idx = 1; break;
332  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
333  }
334 
335  for( i = 0; i < keysize / 8; ++i)
336  t[i] = key[i];
337 
338  if (keysize == 192) {
339  for (i = 0; i < 8; i++)
340  t[24 + i] = ~t[16 + i];
341  }
342 
343  /*
344  * Prepare SIGMA values
345  */
346  for (i = 0; i < 6; i++) {
347  GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
348  GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
349  }
350 
351  /*
352  * Key storage in KC
353  * Order: KL, KR, KA, KB
354  */
355  memset(KC, 0, sizeof(KC));
356 
357  /* Store KL, KR */
358  for (i = 0; i < 8; i++)
359  GET_UINT32_BE(KC[i], t, i * 4);
360 
361  /* Generate KA */
362  for( i = 0; i < 4; ++i)
363  KC[8 + i] = KC[i] ^ KC[4 + i];
364 
365  camellia_feistel(KC + 8, SIGMA[0], KC + 10);
366  camellia_feistel(KC + 10, SIGMA[1], KC + 8);
367 
368  for( i = 0; i < 4; ++i)
369  KC[8 + i] ^= KC[i];
370 
371  camellia_feistel(KC + 8, SIGMA[2], KC + 10);
372  camellia_feistel(KC + 10, SIGMA[3], KC + 8);
373 
374  if (keysize > 128) {
375  /* Generate KB */
376  for( i = 0; i < 4; ++i)
377  KC[12 + i] = KC[4 + i] ^ KC[8 + i];
378 
379  camellia_feistel(KC + 12, SIGMA[4], KC + 14);
380  camellia_feistel(KC + 14, SIGMA[5], KC + 12);
381  }
382 
383  /*
384  * Generating subkeys
385  */
386 
387  /* Manipulating KL */
388  SHIFT_AND_PLACE(idx, 0);
389 
390  /* Manipulating KR */
391  if (keysize > 128) {
392  SHIFT_AND_PLACE(idx, 1);
393  }
394 
395  /* Manipulating KA */
396  SHIFT_AND_PLACE(idx, 2);
397 
398  /* Manipulating KB */
399  if (keysize > 128) {
400  SHIFT_AND_PLACE(idx, 3);
401  }
402 
403  /* Do transpositions */
404  for ( i = 0; i < 20; i++ ) {
405  if (transposes[idx][i] != -1) {
406  RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
407  }
408  }
409 
410  return( 0 );
411 }
412 
413 /*
414  * Camellia key schedule (decryption)
415  */
416 int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
417 {
418  int idx;
419  size_t i;
420  camellia_context cty;
421  uint32_t *RK;
422  uint32_t *SK;
423  int ret;
424 
425  switch( keysize )
426  {
427  case 128: ctx->nr = 3; idx = 0; break;
428  case 192:
429  case 256: ctx->nr = 4; idx = 1; break;
430  default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
431  }
432 
433  RK = ctx->rk;
434 
435  ret = camellia_setkey_enc(&cty, key, keysize);
436  if( ret != 0 )
437  return( ret );
438 
439  SK = cty.rk + 24 * 2 + 8 * idx * 2;
440 
441  *RK++ = *SK++;
442  *RK++ = *SK++;
443  *RK++ = *SK++;
444  *RK++ = *SK++;
445 
446  for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
447  {
448  *RK++ = *SK++;
449  *RK++ = *SK++;
450  }
451 
452  SK -= 2;
453 
454  *RK++ = *SK++;
455  *RK++ = *SK++;
456  *RK++ = *SK++;
457  *RK++ = *SK++;
458 
459  memset( &cty, 0, sizeof( camellia_context ) );
460 
461  return( 0 );
462 }
463 
464 /*
465  * Camellia-ECB block encryption/decryption
466  */
468  int mode,
469  const unsigned char input[16],
470  unsigned char output[16] )
471 {
472  int NR;
473  uint32_t *RK, X[4];
474 
475  ( (void) mode );
476 
477  NR = ctx->nr;
478  RK = ctx->rk;
479 
480  GET_UINT32_BE( X[0], input, 0 );
481  GET_UINT32_BE( X[1], input, 4 );
482  GET_UINT32_BE( X[2], input, 8 );
483  GET_UINT32_BE( X[3], input, 12 );
484 
485  X[0] ^= *RK++;
486  X[1] ^= *RK++;
487  X[2] ^= *RK++;
488  X[3] ^= *RK++;
489 
490  while (NR) {
491  --NR;
492  camellia_feistel(X, RK, X + 2);
493  RK += 2;
494  camellia_feistel(X + 2, RK, X);
495  RK += 2;
496  camellia_feistel(X, RK, X + 2);
497  RK += 2;
498  camellia_feistel(X + 2, RK, X);
499  RK += 2;
500  camellia_feistel(X, RK, X + 2);
501  RK += 2;
502  camellia_feistel(X + 2, RK, X);
503  RK += 2;
504 
505  if (NR) {
506  FL(X[0], X[1], RK[0], RK[1]);
507  RK += 2;
508  FLInv(X[2], X[3], RK[0], RK[1]);
509  RK += 2;
510  }
511  }
512 
513  X[2] ^= *RK++;
514  X[3] ^= *RK++;
515  X[0] ^= *RK++;
516  X[1] ^= *RK++;
517 
518  PUT_UINT32_BE( X[2], output, 0 );
519  PUT_UINT32_BE( X[3], output, 4 );
520  PUT_UINT32_BE( X[0], output, 8 );
521  PUT_UINT32_BE( X[1], output, 12 );
522 
523  return( 0 );
524 }
525 
526 #if defined(POLARSSL_CIPHER_MODE_CBC)
527 /*
528  * Camellia-CBC buffer encryption/decryption
529  */
531  int mode,
532  size_t length,
533  unsigned char iv[16],
534  const unsigned char *input,
535  unsigned char *output )
536 {
537  int i;
538  unsigned char temp[16];
539 
540  if( length % 16 )
542 
543  if( mode == CAMELLIA_DECRYPT )
544  {
545  while( length > 0 )
546  {
547  memcpy( temp, input, 16 );
548  camellia_crypt_ecb( ctx, mode, input, output );
549 
550  for( i = 0; i < 16; i++ )
551  output[i] = (unsigned char)( output[i] ^ iv[i] );
552 
553  memcpy( iv, temp, 16 );
554 
555  input += 16;
556  output += 16;
557  length -= 16;
558  }
559  }
560  else
561  {
562  while( length > 0 )
563  {
564  for( i = 0; i < 16; i++ )
565  output[i] = (unsigned char)( input[i] ^ iv[i] );
566 
567  camellia_crypt_ecb( ctx, mode, output, output );
568  memcpy( iv, output, 16 );
569 
570  input += 16;
571  output += 16;
572  length -= 16;
573  }
574  }
575 
576  return( 0 );
577 }
578 #endif /* POLARSSL_CIPHER_MODE_CBC */
579 
580 #if defined(POLARSSL_CIPHER_MODE_CFB)
581 /*
582  * Camellia-CFB128 buffer encryption/decryption
583  */
585  int mode,
586  size_t length,
587  size_t *iv_off,
588  unsigned char iv[16],
589  const unsigned char *input,
590  unsigned char *output )
591 {
592  int c;
593  size_t n = *iv_off;
594 
595  if( mode == CAMELLIA_DECRYPT )
596  {
597  while( length-- )
598  {
599  if( n == 0 )
600  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
601 
602  c = *input++;
603  *output++ = (unsigned char)( c ^ iv[n] );
604  iv[n] = (unsigned char) c;
605 
606  n = (n + 1) & 0x0F;
607  }
608  }
609  else
610  {
611  while( length-- )
612  {
613  if( n == 0 )
614  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
615 
616  iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
617 
618  n = (n + 1) & 0x0F;
619  }
620  }
621 
622  *iv_off = n;
623 
624  return( 0 );
625 }
626 #endif /* POLARSSL_CIPHER_MODE_CFB */
627 
628 #if defined(POLARSSL_CIPHER_MODE_CTR)
629 /*
630  * Camellia-CTR buffer encryption/decryption
631  */
633  size_t length,
634  size_t *nc_off,
635  unsigned char nonce_counter[16],
636  unsigned char stream_block[16],
637  const unsigned char *input,
638  unsigned char *output )
639 {
640  int c, i;
641  size_t n = *nc_off;
642 
643  while( length-- )
644  {
645  if( n == 0 ) {
646  camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, stream_block );
647 
648  for( i = 16; i > 0; i-- )
649  if( ++nonce_counter[i - 1] != 0 )
650  break;
651  }
652  c = *input++;
653  *output++ = (unsigned char)( c ^ stream_block[n] );
654 
655  n = (n + 1) & 0x0F;
656  }
657 
658  *nc_off = n;
659 
660  return( 0 );
661 }
662 #endif /* POLARSSL_CIPHER_MODE_CTR */
663 #endif /* !POLARSSL_CAMELLIA_ALT */
664 
665 #if defined(POLARSSL_SELF_TEST)
666 
667 #include <stdio.h>
668 
669 /*
670  * Camellia test vectors from:
671  *
672  * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
673  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
674  * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
675  * (For each bitlength: Key 0, Nr 39)
676  */
677 #define CAMELLIA_TESTS_ECB 2
678 
679 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
680 {
681  {
682  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
683  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
684  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
685  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
686  },
687  {
688  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
689  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
690  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
691  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
692  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
693  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
694  },
695  {
696  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
697  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
698  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
699  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
700  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
701  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
702  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
703  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
704  },
705 };
706 
707 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
708 {
709  { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
710  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
711  { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
712  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
713 };
714 
715 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
716 {
717  {
718  { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
719  0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
720  { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
721  0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
722  },
723  {
724  { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
725  0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
726  { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
727  0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
728  },
729  {
730  { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
731  0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
732  { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
733  0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
734  }
735 };
736 
737 #if defined(POLARSSL_CIPHER_MODE_CBC)
738 #define CAMELLIA_TESTS_CBC 3
739 
740 static const unsigned char camellia_test_cbc_key[3][32] =
741 {
742  { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
743  0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
744  ,
745  { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
746  0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
747  0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
748  ,
749  { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
750  0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
751  0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
752  0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
753 };
754 
755 static const unsigned char camellia_test_cbc_iv[16] =
756 
757  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
758  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
759 ;
760 
761 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
762 {
763  { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
764  0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
765  { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
766  0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
767  { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
768  0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
769 
770 };
771 
772 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
773 {
774  {
775  { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
776  0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
777  { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
778  0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
779  { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
780  0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
781  },
782  {
783  { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
784  0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
785  { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
786  0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
787  { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
788  0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
789  },
790  {
791  { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
792  0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
793  { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
794  0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
795  { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
796  0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
797  }
798 };
799 #endif /* POLARSSL_CIPHER_MODE_CBC */
800 
801 #if defined(POLARSSL_CIPHER_MODE_CTR)
802 /*
803  * Camellia-CTR test vectors from:
804  *
805  * http://www.faqs.org/rfcs/rfc5528.html
806  */
807 
808 static const unsigned char camellia_test_ctr_key[3][16] =
809 {
810  { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
811  0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
812  { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
813  0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
814  { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
815  0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
816 };
817 
818 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
819 {
820  { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
821  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
822  { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
823  0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
824  { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
825  0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
826 };
827 
828 static const unsigned char camellia_test_ctr_pt[3][48] =
829 {
830  { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
831  0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
832 
833  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
837 
838  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
842  0x20, 0x21, 0x22, 0x23 }
843 };
844 
845 static const unsigned char camellia_test_ctr_ct[3][48] =
846 {
847  { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
848  0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
849  { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
850  0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
851  0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
852  0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
853  { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
854  0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
855  0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
856  0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
857  0xDF, 0x50, 0x86, 0x96 }
858 };
859 
860 static const int camellia_test_ctr_len[3] =
861  { 16, 32, 36 };
862 #endif /* POLARSSL_CIPHER_MODE_CTR */
863 
864 /*
865  * Checkup routine
866  */
867 int camellia_self_test( int verbose )
868 {
869  int i, j, u, v;
870  unsigned char key[32];
871  unsigned char buf[64];
872  unsigned char src[16];
873  unsigned char dst[16];
874 #if defined(POLARSSL_CIPHER_MODE_CBC)
875  unsigned char iv[16];
876 #endif
877 #if defined(POLARSSL_CIPHER_MODE_CTR)
878  size_t offset, len;
879  unsigned char nonce_counter[16];
880  unsigned char stream_block[16];
881 #endif
882 
883  camellia_context ctx;
884 
885  memset( key, 0, 32 );
886 
887  for (j = 0; j < 6; j++) {
888  u = j >> 1;
889  v = j & 1;
890 
891  if( verbose != 0 )
892  printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
893  (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
894 
895  for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
896  memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
897 
898  if (v == CAMELLIA_DECRYPT) {
899  camellia_setkey_dec(&ctx, key, 128 + u * 64);
900  memcpy(src, camellia_test_ecb_cipher[u][i], 16);
901  memcpy(dst, camellia_test_ecb_plain[i], 16);
902  } else { /* CAMELLIA_ENCRYPT */
903  camellia_setkey_enc(&ctx, key, 128 + u * 64);
904  memcpy(src, camellia_test_ecb_plain[i], 16);
905  memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
906  }
907 
908  camellia_crypt_ecb(&ctx, v, src, buf);
909 
910  if( memcmp( buf, dst, 16 ) != 0 )
911  {
912  if( verbose != 0 )
913  printf( "failed\n" );
914 
915  return( 1 );
916  }
917  }
918 
919  if( verbose != 0 )
920  printf( "passed\n" );
921  }
922 
923  if( verbose != 0 )
924  printf( "\n" );
925 
926 #if defined(POLARSSL_CIPHER_MODE_CBC)
927  /*
928  * CBC mode
929  */
930  for( j = 0; j < 6; j++ )
931  {
932  u = j >> 1;
933  v = j & 1;
934 
935  if( verbose != 0 )
936  printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
937  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
938 
939  memcpy( src, camellia_test_cbc_iv, 16);
940  memcpy( dst, camellia_test_cbc_iv, 16);
941  memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
942 
943  if (v == CAMELLIA_DECRYPT) {
944  camellia_setkey_dec(&ctx, key, 128 + u * 64);
945  } else {
946  camellia_setkey_enc(&ctx, key, 128 + u * 64);
947  }
948 
949  for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
950 
951  if (v == CAMELLIA_DECRYPT) {
952  memcpy( iv , src, 16 );
953  memcpy(src, camellia_test_cbc_cipher[u][i], 16);
954  memcpy(dst, camellia_test_cbc_plain[i], 16);
955  } else { /* CAMELLIA_ENCRYPT */
956  memcpy( iv , dst, 16 );
957  memcpy(src, camellia_test_cbc_plain[i], 16);
958  memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
959  }
960 
961  camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
962 
963  if( memcmp( buf, dst, 16 ) != 0 )
964  {
965  if( verbose != 0 )
966  printf( "failed\n" );
967 
968  return( 1 );
969  }
970  }
971 
972  if( verbose != 0 )
973  printf( "passed\n" );
974  }
975 #endif /* POLARSSL_CIPHER_MODE_CBC */
976 
977  if( verbose != 0 )
978  printf( "\n" );
979 
980 #if defined(POLARSSL_CIPHER_MODE_CTR)
981  /*
982  * CTR mode
983  */
984  for( i = 0; i < 6; i++ )
985  {
986  u = i >> 1;
987  v = i & 1;
988 
989  if( verbose != 0 )
990  printf( " CAMELLIA-CTR-128 (%s): ",
991  ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
992 
993  memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
994  memcpy( key, camellia_test_ctr_key[u], 16 );
995 
996  offset = 0;
997  camellia_setkey_enc( &ctx, key, 128 );
998 
999  if( v == CAMELLIA_DECRYPT )
1000  {
1001  len = camellia_test_ctr_len[u];
1002  memcpy( buf, camellia_test_ctr_ct[u], len );
1003 
1004  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
1005 
1006  if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1007  {
1008  if( verbose != 0 )
1009  printf( "failed\n" );
1010 
1011  return( 1 );
1012  }
1013  }
1014  else
1015  {
1016  len = camellia_test_ctr_len[u];
1017  memcpy( buf, camellia_test_ctr_pt[u], len );
1018 
1019  camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
1020 
1021  if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1022  {
1023  if( verbose != 0 )
1024  printf( "failed\n" );
1025 
1026  return( 1 );
1027  }
1028  }
1029 
1030  if( verbose != 0 )
1031  printf( "passed\n" );
1032  }
1033 
1034  if( verbose != 0 )
1035  printf( "\n" );
1036 #endif /* POLARSSL_CIPHER_MODE_CTR */
1037 
1038  return ( 0 );
1039 }
1040 
1041 #endif
1042 
1043 #endif
uint32_t rk[68]
Definition: camellia.h:61
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
Camellia block cipher.
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define PUT_UINT32_BE(n, b, i)
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
Definition: camellia.h:45
CAMELLIA context structure.
Definition: camellia.h:58
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define CAMELLIA_DECRYPT
Definition: camellia.h:42
#define GET_UINT32_BE(n, b, i)
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.
Definition: camellia.h:44
#define CAMELLIA_ENCRYPT
Definition: camellia.h:41