34 #if defined(POLARSSL_CAMELLIA_C)
38 #if !defined(POLARSSL_CAMELLIA_ALT)
41 static void polarssl_zeroize(
void *v,
size_t n ) {
42 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
49 #define GET_UINT32_BE(n,b,i) \
51 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
52 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
53 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
54 | ( (uint32_t) (b)[(i) + 3] ); \
59 #define PUT_UINT32_BE(n,b,i) \
61 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
62 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
63 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
64 (b)[(i) + 3] = (unsigned char) ( (n) ); \
68 static const unsigned char SIGMA_CHARS[6][8] =
70 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
71 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
72 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
73 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
74 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
75 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
78 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
80 static const unsigned char FSb[256] =
82 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
83 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
84 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
85 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
86 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
87 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
88 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
89 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
90 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
91 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
92 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
93 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
94 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
95 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
96 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
97 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
100 #define SBOX1(n) FSb[(n)]
101 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
102 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
103 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
107 static const unsigned char FSb[256] =
109 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
110 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
111 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
112 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
113 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
114 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
115 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
116 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
117 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
118 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
119 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
120 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
121 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
122 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
123 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
124 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
127 static const unsigned char FSb2[256] =
129 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
130 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
131 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
132 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
133 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
134 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
135 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
136 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
137 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
138 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
139 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
140 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
141 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
142 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
143 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
144 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
147 static const unsigned char FSb3[256] =
149 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
150 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
151 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
152 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
153 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
154 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
155 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
156 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
157 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
158 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
159 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
160 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
161 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
162 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
163 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
164 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
167 static const unsigned char FSb4[256] =
169 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
170 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
171 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
172 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
173 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
174 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
175 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
176 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
177 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
178 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
179 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
180 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
181 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
182 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
183 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
184 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
187 #define SBOX1(n) FSb[(n)]
188 #define SBOX2(n) FSb2[(n)]
189 #define SBOX3(n) FSb3[(n)]
190 #define SBOX4(n) FSb4[(n)]
194 static const unsigned char shifts[2][4][4] =
210 static const signed char indexes[2][4][20] =
213 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
214 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 },
215 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
216 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
217 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
218 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 },
219 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
220 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }
223 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
224 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 },
225 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
226 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 },
227 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
228 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 },
229 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
230 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }
234 static const signed char transposes[2][20] =
253 #define ROTL(DEST, SRC, SHIFT) \
255 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
256 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
257 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
258 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
261 #define FL(XL, XR, KL, KR) \
263 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
264 (XL) = ((XR) | (KR)) ^ (XL); \
267 #define FLInv(YL, YR, KL, KR) \
269 (YL) = ((YR) | (KR)) ^ (YL); \
270 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
273 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
275 TK[0] = KC[(OFFSET) * 4 + 0]; \
276 TK[1] = KC[(OFFSET) * 4 + 1]; \
277 TK[2] = KC[(OFFSET) * 4 + 2]; \
278 TK[3] = KC[(OFFSET) * 4 + 3]; \
280 for ( i = 1; i <= 4; i++ ) \
281 if (shifts[(INDEX)][(OFFSET)][i -1]) \
282 ROTL(TK + i * 4, TK, (15 * i) % 32); \
284 for ( i = 0; i < 20; i++ ) \
285 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
286 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
290 static void camellia_feistel(
const uint32_t x[2],
const uint32_t k[2], uint32_t z[2])
296 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
297 (SBOX2((I0 >> 16) & 0xFF) << 16) |
298 (SBOX3((I0 >> 8) & 0xFF) << 8) |
299 (SBOX4((I0 ) & 0xFF) );
300 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
301 (SBOX3((I1 >> 16) & 0xFF) << 16) |
302 (SBOX4((I1 >> 8) & 0xFF) << 8) |
303 (SBOX1((I1 ) & 0xFF) );
305 I0 ^= (I1 << 8) | (I1 >> 24);
306 I1 ^= (I0 << 16) | (I0 >> 16);
307 I0 ^= (I1 >> 8) | (I1 << 24);
308 I1 ^= (I0 >> 8) | (I0 << 24);
323 uint32_t SIGMA[6][2];
330 memset(RK, 0,
sizeof(ctx->
rk));
334 case 128: ctx->
nr = 3; idx = 0;
break;
336 case 256: ctx->
nr = 4; idx = 1;
break;
340 for( i = 0; i < keysize / 8; ++i)
343 if (keysize == 192) {
344 for (i = 0; i < 8; i++)
345 t[24 + i] = ~t[16 + i];
351 for (i = 0; i < 6; i++) {
352 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
353 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
360 memset(KC, 0,
sizeof(KC));
363 for (i = 0; i < 8; i++)
364 GET_UINT32_BE(KC[i], t, i * 4);
367 for( i = 0; i < 4; ++i)
368 KC[8 + i] = KC[i] ^ KC[4 + i];
370 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
371 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
373 for( i = 0; i < 4; ++i)
376 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
377 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
381 for( i = 0; i < 4; ++i)
382 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
384 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
385 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
393 SHIFT_AND_PLACE(idx, 0);
397 SHIFT_AND_PLACE(idx, 1);
401 SHIFT_AND_PLACE(idx, 2);
405 SHIFT_AND_PLACE(idx, 3);
409 for ( i = 0; i < 20; i++ ) {
410 if (transposes[idx][i] != -1) {
411 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
432 case 128: ctx->
nr = 3; idx = 0;
break;
434 case 256: ctx->
nr = 4; idx = 1;
break;
444 SK = cty.
rk + 24 * 2 + 8 * idx * 2;
451 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
474 const unsigned char input[16],
475 unsigned char output[16] )
485 GET_UINT32_BE( X[0], input, 0 );
486 GET_UINT32_BE( X[1], input, 4 );
487 GET_UINT32_BE( X[2], input, 8 );
488 GET_UINT32_BE( X[3], input, 12 );
497 camellia_feistel(X, RK, X + 2);
499 camellia_feistel(X + 2, RK, X);
501 camellia_feistel(X, RK, X + 2);
503 camellia_feistel(X + 2, RK, X);
505 camellia_feistel(X, RK, X + 2);
507 camellia_feistel(X + 2, RK, X);
511 FL(X[0], X[1], RK[0], RK[1]);
513 FLInv(X[2], X[3], RK[0], RK[1]);
523 PUT_UINT32_BE( X[2], output, 0 );
524 PUT_UINT32_BE( X[3], output, 4 );
525 PUT_UINT32_BE( X[0], output, 8 );
526 PUT_UINT32_BE( X[1], output, 12 );
537 unsigned char iv[16],
538 const unsigned char *input,
539 unsigned char *output )
542 unsigned char temp[16];
551 memcpy( temp, input, 16 );
554 for( i = 0; i < 16; i++ )
555 output[i] = (
unsigned char)( output[i] ^ iv[i] );
557 memcpy( iv, temp, 16 );
568 for( i = 0; i < 16; i++ )
569 output[i] = (
unsigned char)( input[i] ^ iv[i] );
572 memcpy( iv, output, 16 );
583 #if defined(POLARSSL_CIPHER_MODE_CFB)
591 unsigned char iv[16],
592 const unsigned char *input,
593 unsigned char *output )
606 *output++ = (
unsigned char)( c ^ iv[n] );
607 iv[n] = (
unsigned char) c;
619 iv[n] = *output++ = (
unsigned char)( iv[n] ^ *input++ );
631 #if defined(POLARSSL_CIPHER_MODE_CTR)
638 unsigned char nonce_counter[16],
639 unsigned char stream_block[16],
640 const unsigned char *input,
641 unsigned char *output )
651 for( i = 16; i > 0; i-- )
652 if( ++nonce_counter[i - 1] != 0 )
656 *output++ = (
unsigned char)( c ^ stream_block[n] );
668 #if defined(POLARSSL_SELF_TEST)
680 #define CAMELLIA_TESTS_ECB 2
682 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
685 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
686 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
687 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
688 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
691 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
692 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
693 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
694 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
695 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
696 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
699 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
700 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
701 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
702 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
703 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
704 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
705 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
710 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
712 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
713 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
714 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
715 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
718 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
721 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
722 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
723 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
724 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
727 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
728 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
729 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
730 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
733 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
734 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
735 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
736 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
740 #define CAMELLIA_TESTS_CBC 3
742 static const unsigned char camellia_test_cbc_key[3][32] =
744 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
745 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
747 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
748 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
749 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
751 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
752 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
753 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
754 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
757 static const unsigned char camellia_test_cbc_iv[16] =
759 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
760 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
763 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
765 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
766 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
767 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
768 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
769 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
770 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
774 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
777 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
778 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
779 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
780 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
781 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
782 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
785 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
786 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
787 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
788 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
789 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
790 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
793 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
794 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
795 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
796 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
797 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
798 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
802 #if defined(POLARSSL_CIPHER_MODE_CTR)
809 static const unsigned char camellia_test_ctr_key[3][16] =
811 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
812 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
813 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
814 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
815 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
816 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
819 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
821 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
822 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
823 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
824 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
825 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
826 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
829 static const unsigned char camellia_test_ctr_pt[3][48] =
831 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
832 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
834 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
835 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
836 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
837 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
839 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
840 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
841 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
842 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
843 0x20, 0x21, 0x22, 0x23 }
846 static const unsigned char camellia_test_ctr_ct[3][48] =
848 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
849 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
850 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
851 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
852 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
853 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
854 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
855 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
856 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
857 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
858 0xDF, 0x50, 0x86, 0x96 }
861 static const int camellia_test_ctr_len[3] =
871 unsigned char key[32];
872 unsigned char buf[64];
873 unsigned char src[16];
874 unsigned char dst[16];
875 unsigned char iv[16];
876 #if defined(POLARSSL_CIPHER_MODE_CTR)
878 unsigned char nonce_counter[16];
879 unsigned char stream_block[16];
884 memset( key, 0, 32 );
886 for (j = 0; j < 6; j++) {
891 printf(
" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
894 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
895 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
899 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
900 memcpy(dst, camellia_test_ecb_plain[i], 16);
903 memcpy(src, camellia_test_ecb_plain[i], 16);
904 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
909 if( memcmp( buf, dst, 16 ) != 0 )
912 printf(
"failed\n" );
919 printf(
"passed\n" );
928 for( j = 0; j < 6; j++ )
934 printf(
" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
937 memcpy( src, camellia_test_cbc_iv, 16);
938 memcpy( dst, camellia_test_cbc_iv, 16);
939 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
947 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
950 memcpy( iv , src, 16 );
951 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
952 memcpy(dst, camellia_test_cbc_plain[i], 16);
954 memcpy( iv , dst, 16 );
955 memcpy(src, camellia_test_cbc_plain[i], 16);
956 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
961 if( memcmp( buf, dst, 16 ) != 0 )
964 printf(
"failed\n" );
971 printf(
"passed\n" );
977 #if defined(POLARSSL_CIPHER_MODE_CTR)
981 for( i = 0; i < 6; i++ )
987 printf(
" CAMELLIA-CTR-128 (%s): ",
990 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
991 memcpy( key, camellia_test_ctr_key[u], 16 );
998 len = camellia_test_ctr_len[u];
999 memcpy( buf, camellia_test_ctr_ct[u], len );
1003 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1006 printf(
"failed\n" );
1013 len = camellia_test_ctr_len[u];
1014 memcpy( buf, camellia_test_ctr_pt[u], len );
1018 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1021 printf(
"failed\n" );
1028 printf(
"passed\n" );
asn1_buf buf
Buffer containing the given ASN.1 item.
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
CAMELLIA context structure.
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.