34 #if defined(POLARSSL_CAMELLIA_C)
38 #if !defined(POLARSSL_CAMELLIA_ALT)
44 #define GET_UINT32_BE(n,b,i) \
46 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49 | ( (uint32_t) (b)[(i) + 3] ); \
54 #define PUT_UINT32_BE(n,b,i) \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
63 static const unsigned char SIGMA_CHARS[6][8] =
65 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
66 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
67 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
68 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
69 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
70 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
73 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
75 static const unsigned char FSb[256] =
77 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
78 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
79 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
80 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
81 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
82 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
83 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
84 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
85 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
86 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
87 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
88 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
89 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
90 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
91 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
92 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
95 #define SBOX1(n) FSb[(n)]
96 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
97 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
98 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
102 static const unsigned char FSb[256] =
104 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
105 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
106 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
107 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
108 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
109 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
110 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
111 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
112 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
113 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
114 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
115 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
116 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
117 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
118 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
119 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
122 static const unsigned char FSb2[256] =
124 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
125 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
126 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
127 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
128 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
129 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
130 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
131 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
132 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
133 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
134 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
135 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
136 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
137 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
138 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
139 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
142 static const unsigned char FSb3[256] =
144 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
145 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
146 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
147 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
148 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
149 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
150 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
151 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
152 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
153 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
154 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
155 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
156 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
157 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
158 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
159 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
162 static const unsigned char FSb4[256] =
164 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
165 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
166 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
167 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
168 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
169 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
170 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
171 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
172 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
173 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
174 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
175 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
176 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
177 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
178 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
179 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
182 #define SBOX1(n) FSb[(n)]
183 #define SBOX2(n) FSb2[(n)]
184 #define SBOX3(n) FSb3[(n)]
185 #define SBOX4(n) FSb4[(n)]
189 static const unsigned char shifts[2][4][4] =
205 static const signed char indexes[2][4][20] =
208 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
209 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 },
210 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
211 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
212 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
213 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 },
214 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
215 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }
218 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
219 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 },
220 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
221 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 },
222 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
223 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 },
224 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
225 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }
229 static const signed char transposes[2][20] =
248 #define ROTL(DEST, SRC, SHIFT) \
250 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
251 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
252 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
253 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
256 #define FL(XL, XR, KL, KR) \
258 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
259 (XL) = ((XR) | (KR)) ^ (XL); \
262 #define FLInv(YL, YR, KL, KR) \
264 (YL) = ((YR) | (KR)) ^ (YL); \
265 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
268 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
270 TK[0] = KC[(OFFSET) * 4 + 0]; \
271 TK[1] = KC[(OFFSET) * 4 + 1]; \
272 TK[2] = KC[(OFFSET) * 4 + 2]; \
273 TK[3] = KC[(OFFSET) * 4 + 3]; \
275 for ( i = 1; i <= 4; i++ ) \
276 if (shifts[(INDEX)][(OFFSET)][i -1]) \
277 ROTL(TK + i * 4, TK, (15 * i) % 32); \
279 for ( i = 0; i < 20; i++ ) \
280 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
281 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
285 static void camellia_feistel(
const uint32_t x[2],
const uint32_t k[2], uint32_t z[2])
291 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
292 (SBOX2((I0 >> 16) & 0xFF) << 16) |
293 (SBOX3((I0 >> 8) & 0xFF) << 8) |
294 (SBOX4((I0 ) & 0xFF) );
295 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
296 (SBOX3((I1 >> 16) & 0xFF) << 16) |
297 (SBOX4((I1 >> 8) & 0xFF) << 8) |
298 (SBOX1((I1 ) & 0xFF) );
300 I0 ^= (I1 << 8) | (I1 >> 24);
301 I1 ^= (I0 << 16) | (I0 >> 16);
302 I0 ^= (I1 >> 8) | (I1 << 24);
303 I1 ^= (I0 >> 8) | (I0 << 24);
318 uint32_t SIGMA[6][2];
325 memset(RK, 0,
sizeof(ctx->
rk));
329 case 128: ctx->
nr = 3; idx = 0;
break;
331 case 256: ctx->
nr = 4; idx = 1;
break;
335 for( i = 0; i < keysize / 8; ++i)
338 if (keysize == 192) {
339 for (i = 0; i < 8; i++)
340 t[24 + i] = ~t[16 + i];
346 for (i = 0; i < 6; i++) {
355 memset(KC, 0,
sizeof(KC));
358 for (i = 0; i < 8; i++)
362 for( i = 0; i < 4; ++i)
363 KC[8 + i] = KC[i] ^ KC[4 + i];
365 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
366 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
368 for( i = 0; i < 4; ++i)
371 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
372 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
376 for( i = 0; i < 4; ++i)
377 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
379 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
380 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
388 SHIFT_AND_PLACE(idx, 0);
392 SHIFT_AND_PLACE(idx, 1);
396 SHIFT_AND_PLACE(idx, 2);
400 SHIFT_AND_PLACE(idx, 3);
404 for ( i = 0; i < 20; i++ ) {
405 if (transposes[idx][i] != -1) {
406 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
427 case 128: ctx->
nr = 3; idx = 0;
break;
429 case 256: ctx->
nr = 4; idx = 1;
break;
439 SK = cty.
rk + 24 * 2 + 8 * idx * 2;
446 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
469 const unsigned char input[16],
470 unsigned char output[16] )
492 camellia_feistel(X, RK, X + 2);
494 camellia_feistel(X + 2, RK, X);
496 camellia_feistel(X, RK, X + 2);
498 camellia_feistel(X + 2, RK, X);
500 camellia_feistel(X, RK, X + 2);
502 camellia_feistel(X + 2, RK, X);
506 FL(X[0], X[1], RK[0], RK[1]);
508 FLInv(X[2], X[3], RK[0], RK[1]);
526 #if defined(POLARSSL_CIPHER_MODE_CBC)
533 unsigned char iv[16],
534 const unsigned char *input,
535 unsigned char *output )
538 unsigned char temp[16];
547 memcpy( temp, input, 16 );
550 for( i = 0; i < 16; i++ )
551 output[i] = (
unsigned char)( output[i] ^ iv[i] );
553 memcpy( iv, temp, 16 );
564 for( i = 0; i < 16; i++ )
565 output[i] = (
unsigned char)( input[i] ^ iv[i] );
568 memcpy( iv, output, 16 );
580 #if defined(POLARSSL_CIPHER_MODE_CFB)
588 unsigned char iv[16],
589 const unsigned char *input,
590 unsigned char *output )
603 *output++ = (
unsigned char)( c ^ iv[n] );
604 iv[n] = (
unsigned char) c;
616 iv[n] = *output++ = (
unsigned char)( iv[n] ^ *input++ );
628 #if defined(POLARSSL_CIPHER_MODE_CTR)
635 unsigned char nonce_counter[16],
636 unsigned char stream_block[16],
637 const unsigned char *input,
638 unsigned char *output )
648 for( i = 16; i > 0; i-- )
649 if( ++nonce_counter[i - 1] != 0 )
653 *output++ = (
unsigned char)( c ^ stream_block[n] );
665 #if defined(POLARSSL_SELF_TEST)
677 #define CAMELLIA_TESTS_ECB 2
679 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
682 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
683 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
684 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
685 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
688 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
689 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
690 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
691 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
692 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
693 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
696 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
697 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
698 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
699 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
700 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
701 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
702 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
703 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
707 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
709 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
710 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
711 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
712 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
715 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
718 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
719 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
720 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
721 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
724 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
725 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
726 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
727 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
730 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
731 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
732 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
733 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
737 #if defined(POLARSSL_CIPHER_MODE_CBC)
738 #define CAMELLIA_TESTS_CBC 3
740 static const unsigned char camellia_test_cbc_key[3][32] =
742 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
743 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
745 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
746 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
747 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
749 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
750 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
751 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
752 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
755 static const unsigned char camellia_test_cbc_iv[16] =
757 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
758 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
761 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
763 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
764 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
765 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
766 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
767 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
768 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
772 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
775 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
776 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
777 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
778 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
779 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
780 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
783 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
784 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
785 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
786 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
787 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
788 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
791 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
792 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
793 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
794 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
795 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
796 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
801 #if defined(POLARSSL_CIPHER_MODE_CTR)
808 static const unsigned char camellia_test_ctr_key[3][16] =
810 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
811 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
812 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
813 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
814 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
815 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
818 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
820 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
821 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
822 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
823 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
824 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
825 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
828 static const unsigned char camellia_test_ctr_pt[3][48] =
830 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
831 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
833 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
834 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
835 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
836 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
838 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
839 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
840 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
841 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
842 0x20, 0x21, 0x22, 0x23 }
845 static const unsigned char camellia_test_ctr_ct[3][48] =
847 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
848 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
849 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
850 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
851 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
852 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
853 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
854 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
855 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
856 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
857 0xDF, 0x50, 0x86, 0x96 }
860 static const int camellia_test_ctr_len[3] =
870 unsigned char key[32];
871 unsigned char buf[64];
872 unsigned char src[16];
873 unsigned char dst[16];
874 #if defined(POLARSSL_CIPHER_MODE_CBC)
875 unsigned char iv[16];
877 #if defined(POLARSSL_CIPHER_MODE_CTR)
879 unsigned char nonce_counter[16];
880 unsigned char stream_block[16];
885 memset( key, 0, 32 );
887 for (j = 0; j < 6; j++) {
892 printf(
" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
895 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
896 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
900 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
901 memcpy(dst, camellia_test_ecb_plain[i], 16);
904 memcpy(src, camellia_test_ecb_plain[i], 16);
905 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
910 if( memcmp( buf, dst, 16 ) != 0 )
913 printf(
"failed\n" );
920 printf(
"passed\n" );
926 #if defined(POLARSSL_CIPHER_MODE_CBC)
930 for( j = 0; j < 6; j++ )
936 printf(
" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
939 memcpy( src, camellia_test_cbc_iv, 16);
940 memcpy( dst, camellia_test_cbc_iv, 16);
941 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
949 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
952 memcpy( iv , src, 16 );
953 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
954 memcpy(dst, camellia_test_cbc_plain[i], 16);
956 memcpy( iv , dst, 16 );
957 memcpy(src, camellia_test_cbc_plain[i], 16);
958 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
963 if( memcmp( buf, dst, 16 ) != 0 )
966 printf(
"failed\n" );
973 printf(
"passed\n" );
980 #if defined(POLARSSL_CIPHER_MODE_CTR)
984 for( i = 0; i < 6; i++ )
990 printf(
" CAMELLIA-CTR-128 (%s): ",
993 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
994 memcpy( key, camellia_test_ctr_key[u], 16 );
1001 len = camellia_test_ctr_len[u];
1002 memcpy( buf, camellia_test_ctr_ct[u], len );
1006 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1009 printf(
"failed\n" );
1016 len = camellia_test_ctr_len[u];
1017 memcpy( buf, camellia_test_ctr_pt[u], len );
1021 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1024 printf(
"failed\n" );
1031 printf(
"passed\n" );
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define PUT_UINT32_BE(n, b, i)
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
CAMELLIA context structure.
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define GET_UINT32_BE(n, b, i)
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.