34 #if defined(POLARSSL_CAMELLIA_C)
38 #if !defined(POLARSSL_CAMELLIA_ALT)
44 #define GET_UINT32_BE(n,b,i) \
46 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49 | ( (uint32_t) (b)[(i) + 3] ); \
54 #define PUT_UINT32_BE(n,b,i) \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
63 static const unsigned char SIGMA_CHARS[6][8] =
65 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
66 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
67 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
68 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
69 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
70 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
73 #if defined(POLARSSL_CAMELLIA_SMALL_MEMORY)
75 static const unsigned char FSb[256] =
77 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
78 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
79 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
80 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
81 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
82 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
83 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
84 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
85 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
86 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
87 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
88 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
89 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
90 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
91 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
92 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
95 #define SBOX1(n) FSb[(n)]
96 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
97 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
98 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
102 static const unsigned char FSb[256] =
104 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
105 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
106 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
107 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
108 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
109 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
110 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
111 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
112 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
113 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
114 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
115 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
116 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
117 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
118 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
119 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
122 static const unsigned char FSb2[256] =
124 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
125 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
126 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
127 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
128 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
129 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
130 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
131 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
132 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
133 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
134 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
135 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
136 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
137 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
138 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
139 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
142 static const unsigned char FSb3[256] =
144 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
145 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
146 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
147 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
148 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
149 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
150 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
151 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
152 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
153 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
154 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
155 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
156 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
157 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
158 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
159 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
162 static const unsigned char FSb4[256] =
164 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
165 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
166 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
167 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
168 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
169 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
170 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
171 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
172 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
173 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
174 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
175 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
176 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
177 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
178 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
179 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
182 #define SBOX1(n) FSb[(n)]
183 #define SBOX2(n) FSb2[(n)]
184 #define SBOX3(n) FSb3[(n)]
185 #define SBOX4(n) FSb4[(n)]
189 static const unsigned char shifts[2][4][4] =
205 static const signed char indexes[2][4][20] =
208 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
209 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 },
210 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
211 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
212 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
213 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 },
214 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
215 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }
218 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
219 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 },
220 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
221 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 },
222 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
223 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 },
224 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
225 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }
229 static const signed char transposes[2][20] =
248 #define ROTL(DEST, SRC, SHIFT) \
250 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
251 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
252 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
253 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
256 #define FL(XL, XR, KL, KR) \
258 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
259 (XL) = ((XR) | (KR)) ^ (XL); \
262 #define FLInv(YL, YR, KL, KR) \
264 (YL) = ((YR) | (KR)) ^ (YL); \
265 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
268 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
270 TK[0] = KC[(OFFSET) * 4 + 0]; \
271 TK[1] = KC[(OFFSET) * 4 + 1]; \
272 TK[2] = KC[(OFFSET) * 4 + 2]; \
273 TK[3] = KC[(OFFSET) * 4 + 3]; \
275 for ( i = 1; i <= 4; i++ ) \
276 if (shifts[(INDEX)][(OFFSET)][i -1]) \
277 ROTL(TK + i * 4, TK, (15 * i) % 32); \
279 for ( i = 0; i < 20; i++ ) \
280 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
281 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
285 static void camellia_feistel(
const uint32_t x[2],
const uint32_t k[2], uint32_t z[2])
291 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
292 (SBOX2((I0 >> 16) & 0xFF) << 16) |
293 (SBOX3((I0 >> 8) & 0xFF) << 8) |
294 (SBOX4((I0 ) & 0xFF) );
295 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
296 (SBOX3((I1 >> 16) & 0xFF) << 16) |
297 (SBOX4((I1 >> 8) & 0xFF) << 8) |
298 (SBOX1((I1 ) & 0xFF) );
300 I0 ^= (I1 << 8) | (I1 >> 24);
301 I1 ^= (I0 << 16) | (I0 >> 16);
302 I0 ^= (I1 >> 8) | (I1 << 24);
303 I1 ^= (I0 >> 8) | (I0 << 24);
318 uint32_t SIGMA[6][2];
325 memset(RK, 0,
sizeof(ctx->
rk));
329 case 128: ctx->
nr = 3; idx = 0;
break;
331 case 256: ctx->
nr = 4; idx = 1;
break;
335 for( i = 0; i < keysize / 8; ++i)
338 if (keysize == 192) {
339 for (i = 0; i < 8; i++)
340 t[24 + i] = ~t[16 + i];
346 for (i = 0; i < 6; i++) {
347 GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
348 GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
355 memset(KC, 0,
sizeof(KC));
358 for (i = 0; i < 8; i++)
359 GET_UINT32_BE(KC[i], t, i * 4);
362 for( i = 0; i < 4; ++i)
363 KC[8 + i] = KC[i] ^ KC[4 + i];
365 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
366 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
368 for( i = 0; i < 4; ++i)
371 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
372 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
376 for( i = 0; i < 4; ++i)
377 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
379 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
380 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
388 SHIFT_AND_PLACE(idx, 0);
392 SHIFT_AND_PLACE(idx, 1);
396 SHIFT_AND_PLACE(idx, 2);
400 SHIFT_AND_PLACE(idx, 3);
404 for ( i = 0; i < 20; i++ ) {
405 if (transposes[idx][i] != -1) {
406 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
427 case 128: ctx->
nr = 3; idx = 0;
break;
429 case 256: ctx->
nr = 4; idx = 1;
break;
439 SK = cty.
rk + 24 * 2 + 8 * idx * 2;
446 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
469 const unsigned char input[16],
470 unsigned char output[16] )
480 GET_UINT32_BE( X[0], input, 0 );
481 GET_UINT32_BE( X[1], input, 4 );
482 GET_UINT32_BE( X[2], input, 8 );
483 GET_UINT32_BE( X[3], input, 12 );
492 camellia_feistel(X, RK, X + 2);
494 camellia_feistel(X + 2, RK, X);
496 camellia_feistel(X, RK, X + 2);
498 camellia_feistel(X + 2, RK, X);
500 camellia_feistel(X, RK, X + 2);
502 camellia_feistel(X + 2, RK, X);
506 FL(X[0], X[1], RK[0], RK[1]);
508 FLInv(X[2], X[3], RK[0], RK[1]);
518 PUT_UINT32_BE( X[2], output, 0 );
519 PUT_UINT32_BE( X[3], output, 4 );
520 PUT_UINT32_BE( X[0], output, 8 );
521 PUT_UINT32_BE( X[1], output, 12 );
532 unsigned char iv[16],
533 const unsigned char *input,
534 unsigned char *output )
537 unsigned char temp[16];
546 memcpy( temp, input, 16 );
549 for( i = 0; i < 16; i++ )
550 output[i] = (
unsigned char)( output[i] ^ iv[i] );
552 memcpy( iv, temp, 16 );
563 for( i = 0; i < 16; i++ )
564 output[i] = (
unsigned char)( input[i] ^ iv[i] );
567 memcpy( iv, output, 16 );
578 #if defined(POLARSSL_CIPHER_MODE_CFB)
586 unsigned char iv[16],
587 const unsigned char *input,
588 unsigned char *output )
601 *output++ = (
unsigned char)( c ^ iv[n] );
602 iv[n] = (
unsigned char) c;
614 iv[n] = *output++ = (
unsigned char)( iv[n] ^ *input++ );
626 #if defined(POLARSSL_CIPHER_MODE_CTR)
633 unsigned char nonce_counter[16],
634 unsigned char stream_block[16],
635 const unsigned char *input,
636 unsigned char *output )
646 for( i = 16; i > 0; i-- )
647 if( ++nonce_counter[i - 1] != 0 )
651 *output++ = (
unsigned char)( c ^ stream_block[n] );
663 #if defined(POLARSSL_SELF_TEST)
675 #define CAMELLIA_TESTS_ECB 2
677 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
680 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
681 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
682 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
683 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
686 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
687 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
688 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
689 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
690 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
691 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
694 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
695 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
696 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
697 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
698 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
699 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
700 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
701 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
705 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
707 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
708 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
709 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
710 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
713 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
716 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
717 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
718 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
719 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
722 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
723 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
724 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
725 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
728 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
729 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
730 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
731 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
735 #define CAMELLIA_TESTS_CBC 3
737 static const unsigned char camellia_test_cbc_key[3][32] =
739 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
740 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
742 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
743 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
744 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
746 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
747 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
748 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
749 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
752 static const unsigned char camellia_test_cbc_iv[16] =
754 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
755 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
758 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
760 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
761 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
762 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
763 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
764 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
765 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
769 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
772 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
773 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
774 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
775 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
776 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
777 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
780 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
781 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
782 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
783 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
784 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
785 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
788 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
789 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
790 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
791 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
792 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
793 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
797 #if defined(POLARSSL_CIPHER_MODE_CTR)
804 static const unsigned char camellia_test_ctr_key[3][16] =
806 { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
807 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
808 { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
809 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
810 { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
811 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
814 static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
816 { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
817 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
818 { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
819 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
820 { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
821 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
824 static const unsigned char camellia_test_ctr_pt[3][48] =
826 { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
827 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
829 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
830 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
831 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
832 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
834 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
835 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
836 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
837 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
838 0x20, 0x21, 0x22, 0x23 }
841 static const unsigned char camellia_test_ctr_ct[3][48] =
843 { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
844 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
845 { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
846 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
847 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
848 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
849 { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
850 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
851 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
852 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
853 0xDF, 0x50, 0x86, 0x96 }
856 static const int camellia_test_ctr_len[3] =
866 unsigned char key[32];
867 unsigned char buf[64];
868 unsigned char src[16];
869 unsigned char dst[16];
870 unsigned char iv[16];
871 #if defined(POLARSSL_CIPHER_MODE_CTR)
873 unsigned char nonce_counter[16];
874 unsigned char stream_block[16];
879 memset( key, 0, 32 );
881 for (j = 0; j < 6; j++) {
886 printf(
" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
889 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
890 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
894 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
895 memcpy(dst, camellia_test_ecb_plain[i], 16);
898 memcpy(src, camellia_test_ecb_plain[i], 16);
899 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
904 if( memcmp( buf, dst, 16 ) != 0 )
907 printf(
"failed\n" );
914 printf(
"passed\n" );
923 for( j = 0; j < 6; j++ )
929 printf(
" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
932 memcpy( src, camellia_test_cbc_iv, 16);
933 memcpy( dst, camellia_test_cbc_iv, 16);
934 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
942 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
945 memcpy( iv , src, 16 );
946 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
947 memcpy(dst, camellia_test_cbc_plain[i], 16);
949 memcpy( iv , dst, 16 );
950 memcpy(src, camellia_test_cbc_plain[i], 16);
951 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
956 if( memcmp( buf, dst, 16 ) != 0 )
959 printf(
"failed\n" );
966 printf(
"passed\n" );
972 #if defined(POLARSSL_CIPHER_MODE_CTR)
976 for( i = 0; i < 6; i++ )
982 printf(
" CAMELLIA-CTR-128 (%s): ",
985 memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
986 memcpy( key, camellia_test_ctr_key[u], 16 );
993 len = camellia_test_ctr_len[u];
994 memcpy( buf, camellia_test_ctr_ct[u], len );
998 if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
1001 printf(
"failed\n" );
1008 len = camellia_test_ctr_len[u];
1009 memcpy( buf, camellia_test_ctr_pt[u], len );
1013 if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
1016 printf(
"failed\n" );
1023 printf(
"passed\n" );
asn1_buf buf
Buffer containing the given ASN.1 item.
int camellia_crypt_cbc(camellia_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CBC buffer encryption/decryption Length should be a multiple of the block size (16 bytes) ...
Configuration options (set of defines)
int camellia_setkey_enc(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (encryption)
int camellia_crypt_ctr(camellia_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CTR buffer encryption/decryption.
int camellia_self_test(int verbose)
Checkup routine.
int camellia_crypt_cfb128(camellia_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
CAMELLIA-CFB128 buffer encryption/decryption.
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Invalid data input length.
CAMELLIA context structure.
int camellia_crypt_ecb(camellia_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
CAMELLIA-ECB block encryption/decryption.
int camellia_setkey_dec(camellia_context *ctx, const unsigned char *key, unsigned int keysize)
CAMELLIA key schedule (decryption)
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
Invalid key length.