00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028 #include "polarssl/config.h"
00029
00030 #if defined(POLARSSL_CAMELLIA_C)
00031
00032 #include "polarssl/camellia.h"
00033
00034 #include <string.h>
00035
00036
00037
00038
00039 #ifndef GET_ULONG_BE
00040 #define GET_ULONG_BE(n,b,i) \
00041 { \
00042 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
00043 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
00044 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
00045 | ( (unsigned long) (b)[(i) + 3] ); \
00046 }
00047 #endif
00048
00049 #ifndef PUT_ULONG_BE
00050 #define PUT_ULONG_BE(n,b,i) \
00051 { \
00052 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
00053 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
00054 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
00055 (b)[(i) + 3] = (unsigned char) ( (n) ); \
00056 }
00057 #endif
00058
00059 static const unsigned char SIGMA_CHARS[6][8] =
00060 {
00061 { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
00062 { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
00063 { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
00064 { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
00065 { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
00066 { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
00067 };
00068
00069 #ifdef POLARSSL_CAMELLIA_SMALL_MEMORY
00070
00071 static const unsigned char FSb[256] =
00072 {
00073 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
00074 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
00075 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
00076 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
00077 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
00078 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
00079 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
00080 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
00081 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
00082 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
00083 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
00084 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
00085 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
00086 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
00087 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
00088 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
00089 };
00090
00091 #define SBOX1(n) FSb[(n)]
00092 #define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
00093 #define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
00094 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
00095
00096 #else
00097
00098 static const unsigned char FSb[256] =
00099 {
00100 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
00101 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
00102 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
00103 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
00104 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
00105 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
00106 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
00107 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
00108 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
00109 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
00110 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
00111 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
00112 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
00113 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
00114 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
00115 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
00116 };
00117
00118 static const unsigned char FSb2[256] =
00119 {
00120 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
00121 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
00122 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
00123 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
00124 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
00125 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
00126 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
00127 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
00128 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
00129 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
00130 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
00131 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
00132 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
00133 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
00134 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
00135 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
00136 };
00137
00138 static const unsigned char FSb3[256] =
00139 {
00140 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
00141 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
00142 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
00143 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
00144 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
00145 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
00146 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
00147 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
00148 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
00149 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
00150 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
00151 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
00152 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
00153 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
00154 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
00155 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
00156 };
00157
00158 static const unsigned char FSb4[256] =
00159 {
00160 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
00161 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
00162 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
00163 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
00164 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
00165 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
00166 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
00167 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
00168 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
00169 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
00170 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
00171 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
00172 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
00173 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
00174 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
00175 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
00176 };
00177
00178 #define SBOX1(n) FSb[(n)]
00179 #define SBOX2(n) FSb2[(n)]
00180 #define SBOX3(n) FSb3[(n)]
00181 #define SBOX4(n) FSb4[(n)]
00182
00183 #endif
00184
00185 static const unsigned char shifts[2][4][4] =
00186 {
00187 {
00188 { 1, 1, 1, 1 },
00189 { 0, 0, 0, 0 },
00190 { 1, 1, 1, 1 },
00191 { 0, 0, 0, 0 }
00192 },
00193 {
00194 { 1, 0, 1, 1 },
00195 { 1, 1, 0, 1 },
00196 { 1, 1, 1, 0 },
00197 { 1, 1, 0, 1 }
00198 }
00199 };
00200
00201 static const signed char indexes[2][4][20] =
00202 {
00203 {
00204 { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39,
00205 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 },
00206 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
00207 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
00208 { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17,
00209 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 },
00210 { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
00211 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }
00212 },
00213 {
00214 { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1,
00215 -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 },
00216 { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17,
00217 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 },
00218 { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
00219 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 },
00220 { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21,
00221 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }
00222 }
00223 };
00224
00225 static const signed char transposes[2][20] =
00226 {
00227 {
00228 21, 22, 23, 20,
00229 -1, -1, -1, -1,
00230 18, 19, 16, 17,
00231 11, 8, 9, 10,
00232 15, 12, 13, 14
00233 },
00234 {
00235 25, 26, 27, 24,
00236 29, 30, 31, 28,
00237 18, 19, 16, 17,
00238 -1, -1, -1, -1,
00239 -1, -1, -1, -1
00240 }
00241 };
00242
00243
00244 #define ROTL(DEST, SRC, SHIFT) \
00245 { \
00246 (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT)); \
00247 (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT)); \
00248 (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT)); \
00249 (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT)); \
00250 }
00251
00252 #define FL(XL, XR, KL, KR) \
00253 { \
00254 (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR); \
00255 (XL) = ((XR) | (KR)) ^ (XL); \
00256 }
00257
00258 #define FLInv(YL, YR, KL, KR) \
00259 { \
00260 (YL) = ((YR) | (KR)) ^ (YL); \
00261 (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR); \
00262 }
00263
00264 #define SHIFT_AND_PLACE(INDEX, OFFSET) \
00265 { \
00266 TK[0] = KC[(OFFSET) * 4 + 0]; \
00267 TK[1] = KC[(OFFSET) * 4 + 1]; \
00268 TK[2] = KC[(OFFSET) * 4 + 2]; \
00269 TK[3] = KC[(OFFSET) * 4 + 3]; \
00270 \
00271 for ( i = 1; i <= 4; i++ ) \
00272 if (shifts[(INDEX)][(OFFSET)][i -1]) \
00273 ROTL(TK + i * 4, TK, (15 * i) % 32); \
00274 \
00275 for ( i = 0; i < 20; i++ ) \
00276 if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
00277 RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
00278 } \
00279 }
00280
00281 static void camellia_feistel(uint32_t x[2], uint32_t k[2], uint32_t z[2])
00282 {
00283 uint32_t I0, I1;
00284 I0 = x[0] ^ k[0];
00285 I1 = x[1] ^ k[1];
00286
00287 I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
00288 (SBOX2((I0 >> 16) & 0xFF) << 16) |
00289 (SBOX3((I0 >> 8) & 0xFF) << 8) |
00290 (SBOX4((I0 ) & 0xFF) );
00291 I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
00292 (SBOX3((I1 >> 16) & 0xFF) << 16) |
00293 (SBOX4((I1 >> 8) & 0xFF) << 8) |
00294 (SBOX1((I1 ) & 0xFF) );
00295
00296 I0 ^= (I1 << 8) | (I1 >> 24);
00297 I1 ^= (I0 << 16) | (I0 >> 16);
00298 I0 ^= (I1 >> 8) | (I1 << 24);
00299 I1 ^= (I0 >> 8) | (I0 << 24);
00300
00301 z[0] ^= I1;
00302 z[1] ^= I0;
00303 }
00304
00305
00306
00307
00308 int camellia_setkey_enc( camellia_context *ctx, unsigned char *key, int keysize )
00309 {
00310 int i, idx;
00311 uint32_t *RK;
00312 unsigned char t[64];
00313 uint32_t SIGMA[6][2];
00314 uint32_t KC[16];
00315 uint32_t TK[20];
00316
00317 RK = ctx->rk;
00318
00319 memset(t, 0, 64);
00320 memset(RK, 0, sizeof(ctx->rk));
00321
00322 switch( keysize )
00323 {
00324 case 128: ctx->nr = 3; idx = 0; break;
00325 case 192:
00326 case 256: ctx->nr = 4; idx = 1; break;
00327 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
00328 }
00329
00330 for( i = 0; i < keysize / 8; ++i)
00331 t[i] = key[i];
00332
00333 if (keysize == 192) {
00334 for (i = 0; i < 8; i++)
00335 t[24 + i] = ~t[16 + i];
00336 }
00337
00338
00339
00340
00341 for (i = 0; i < 6; i++) {
00342 GET_ULONG_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
00343 GET_ULONG_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
00344 }
00345
00346
00347
00348
00349
00350 memset(KC, 0, sizeof(KC));
00351
00352
00353 for (i = 0; i < 8; i++)
00354 GET_ULONG_BE(KC[i], t, i * 4);
00355
00356
00357 for( i = 0; i < 4; ++i)
00358 KC[8 + i] = KC[i] ^ KC[4 + i];
00359
00360 camellia_feistel(KC + 8, SIGMA[0], KC + 10);
00361 camellia_feistel(KC + 10, SIGMA[1], KC + 8);
00362
00363 for( i = 0; i < 4; ++i)
00364 KC[8 + i] ^= KC[i];
00365
00366 camellia_feistel(KC + 8, SIGMA[2], KC + 10);
00367 camellia_feistel(KC + 10, SIGMA[3], KC + 8);
00368
00369 if (keysize > 128) {
00370
00371 for( i = 0; i < 4; ++i)
00372 KC[12 + i] = KC[4 + i] ^ KC[8 + i];
00373
00374 camellia_feistel(KC + 12, SIGMA[4], KC + 14);
00375 camellia_feistel(KC + 14, SIGMA[5], KC + 12);
00376 }
00377
00378
00379
00380
00381
00382
00383 SHIFT_AND_PLACE(idx, 0);
00384
00385
00386 if (keysize > 128) {
00387 SHIFT_AND_PLACE(idx, 1);
00388 }
00389
00390
00391 SHIFT_AND_PLACE(idx, 2);
00392
00393
00394 if (keysize > 128) {
00395 SHIFT_AND_PLACE(idx, 3);
00396 }
00397
00398
00399 for ( i = 0; i < 20; i++ ) {
00400 if (transposes[idx][i] != -1) {
00401 RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
00402 }
00403 }
00404
00405 return( 0 );
00406 }
00407
00408
00409
00410
00411 int camellia_setkey_dec( camellia_context *ctx, unsigned char *key, int keysize )
00412 {
00413 int i, idx;
00414 camellia_context cty;
00415 uint32_t *RK;
00416 uint32_t *SK;
00417 int ret;
00418
00419 switch( keysize )
00420 {
00421 case 128: ctx->nr = 3; idx = 0; break;
00422 case 192:
00423 case 256: ctx->nr = 4; idx = 1; break;
00424 default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
00425 }
00426
00427 RK = ctx->rk;
00428
00429 ret = camellia_setkey_enc(&cty, key, keysize);
00430 if( ret != 0 )
00431 return( ret );
00432
00433 SK = cty.rk + 24 * 2 + 8 * idx * 2;
00434
00435 *RK++ = *SK++;
00436 *RK++ = *SK++;
00437 *RK++ = *SK++;
00438 *RK++ = *SK++;
00439
00440 for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
00441 {
00442 *RK++ = *SK++;
00443 *RK++ = *SK++;
00444 }
00445
00446 SK -= 2;
00447
00448 *RK++ = *SK++;
00449 *RK++ = *SK++;
00450 *RK++ = *SK++;
00451 *RK++ = *SK++;
00452
00453 memset( &cty, 0, sizeof( camellia_context ) );
00454
00455 return( 0 );
00456 }
00457
00458
00459
00460
00461 void camellia_crypt_ecb( camellia_context *ctx,
00462 int mode,
00463 unsigned char input[16],
00464 unsigned char output[16] )
00465 {
00466 int NR;
00467 uint32_t *RK, X[4];
00468
00469 ( (void) mode );
00470
00471 NR = ctx->nr;
00472 RK = ctx->rk;
00473
00474 GET_ULONG_BE( X[0], input, 0 );
00475 GET_ULONG_BE( X[1], input, 4 );
00476 GET_ULONG_BE( X[2], input, 8 );
00477 GET_ULONG_BE( X[3], input, 12 );
00478
00479 X[0] ^= *RK++;
00480 X[1] ^= *RK++;
00481 X[2] ^= *RK++;
00482 X[3] ^= *RK++;
00483
00484 while (NR) {
00485 --NR;
00486 camellia_feistel(X, RK, X + 2);
00487 RK += 2;
00488 camellia_feistel(X + 2, RK, X);
00489 RK += 2;
00490 camellia_feistel(X, RK, X + 2);
00491 RK += 2;
00492 camellia_feistel(X + 2, RK, X);
00493 RK += 2;
00494 camellia_feistel(X, RK, X + 2);
00495 RK += 2;
00496 camellia_feistel(X + 2, RK, X);
00497 RK += 2;
00498
00499 if (NR) {
00500 FL(X[0], X[1], RK[0], RK[1]);
00501 RK += 2;
00502 FLInv(X[2], X[3], RK[0], RK[1]);
00503 RK += 2;
00504 }
00505 }
00506
00507 X[2] ^= *RK++;
00508 X[3] ^= *RK++;
00509 X[0] ^= *RK++;
00510 X[1] ^= *RK++;
00511
00512 PUT_ULONG_BE( X[2], output, 0 );
00513 PUT_ULONG_BE( X[3], output, 4 );
00514 PUT_ULONG_BE( X[0], output, 8 );
00515 PUT_ULONG_BE( X[1], output, 12 );
00516 }
00517
00518
00519
00520
00521 void camellia_crypt_cbc( camellia_context *ctx,
00522 int mode,
00523 int length,
00524 unsigned char iv[16],
00525 unsigned char *input,
00526 unsigned char *output )
00527 {
00528 int i;
00529 unsigned char temp[16];
00530
00531 if( mode == CAMELLIA_DECRYPT )
00532 {
00533 while( length > 0 )
00534 {
00535 memcpy( temp, input, 16 );
00536 camellia_crypt_ecb( ctx, mode, input, output );
00537
00538 for( i = 0; i < 16; i++ )
00539 output[i] = (unsigned char)( output[i] ^ iv[i] );
00540
00541 memcpy( iv, temp, 16 );
00542
00543 input += 16;
00544 output += 16;
00545 length -= 16;
00546 }
00547 }
00548 else
00549 {
00550 while( length > 0 )
00551 {
00552 for( i = 0; i < 16; i++ )
00553 output[i] = (unsigned char)( input[i] ^ iv[i] );
00554
00555 camellia_crypt_ecb( ctx, mode, output, output );
00556 memcpy( iv, output, 16 );
00557
00558 input += 16;
00559 output += 16;
00560 length -= 16;
00561 }
00562 }
00563 }
00564
00565
00566
00567
00568 void camellia_crypt_cfb128( camellia_context *ctx,
00569 int mode,
00570 int length,
00571 int *iv_off,
00572 unsigned char iv[16],
00573 unsigned char *input,
00574 unsigned char *output )
00575 {
00576 int c, n = *iv_off;
00577
00578 if( mode == CAMELLIA_DECRYPT )
00579 {
00580 while( length-- )
00581 {
00582 if( n == 0 )
00583 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
00584
00585 c = *input++;
00586 *output++ = (unsigned char)( c ^ iv[n] );
00587 iv[n] = (unsigned char) c;
00588
00589 n = (n + 1) & 0x0F;
00590 }
00591 }
00592 else
00593 {
00594 while( length-- )
00595 {
00596 if( n == 0 )
00597 camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, iv, iv );
00598
00599 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
00600
00601 n = (n + 1) & 0x0F;
00602 }
00603 }
00604
00605 *iv_off = n;
00606 }
00607
00608 #if defined(POLARSSL_SELF_TEST)
00609
00610 #include <stdio.h>
00611
00612
00613
00614
00615
00616
00617
00618
00619
00620 #define CAMELLIA_TESTS_ECB 2
00621
00622 static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
00623 {
00624 {
00625 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00626 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
00627 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00628 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00629 },
00630 {
00631 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00632 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
00633 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
00634 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00637 },
00638 {
00639 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00640 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
00641 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
00642 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
00643 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00644 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00645 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00646 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00647 },
00648 };
00649
00650 static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
00651 {
00652 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
00653 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
00654 { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
00655 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
00656 };
00657
00658 static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
00659 {
00660 {
00661 { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
00662 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
00663 { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
00664 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
00665 },
00666 {
00667 { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
00668 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
00669 { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
00670 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
00671 },
00672 {
00673 { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
00674 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
00675 { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
00676 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
00677 }
00678 };
00679
00680 #define CAMELLIA_TESTS_CBC 3
00681
00682 static const unsigned char camellia_test_cbc_key[3][32] =
00683 {
00684 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
00685 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
00686 ,
00687 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
00688 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
00689 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
00690 ,
00691 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
00692 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
00693 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
00694 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
00695 };
00696
00697 static const unsigned char camellia_test_cbc_iv[16] =
00698
00699 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00700 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
00701 ;
00702
00703 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
00704 {
00705 { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
00706 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
00707 { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
00708 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
00709 { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
00710 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
00711
00712 };
00713
00714 static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
00715 {
00716 {
00717 { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
00718 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
00719 { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
00720 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
00721 { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
00722 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
00723 },
00724 {
00725 { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
00726 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
00727 { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
00728 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
00729 { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
00730 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
00731 },
00732 {
00733 { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
00734 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
00735 { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
00736 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
00737 { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
00738 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
00739 }
00740 };
00741
00742
00743
00744
00745
00746 int camellia_self_test( int verbose )
00747 {
00748 int i, j, u, v;
00749 unsigned char key[32];
00750 unsigned char buf[64];
00751 unsigned char src[16];
00752 unsigned char dst[16];
00753 unsigned char iv[16];
00754 camellia_context ctx;
00755
00756 memset( key, 0, 32 );
00757
00758 for (j = 0; j < 6; j++) {
00759 u = j >> 1;
00760 v = j & 1;
00761
00762 if( verbose != 0 )
00763 printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
00764 (v == CAMELLIA_DECRYPT) ? "dec" : "enc");
00765
00766 for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
00767 memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
00768
00769 if (v == CAMELLIA_DECRYPT) {
00770 camellia_setkey_dec(&ctx, key, 128 + u * 64);
00771 memcpy(src, camellia_test_ecb_cipher[u][i], 16);
00772 memcpy(dst, camellia_test_ecb_plain[i], 16);
00773 } else {
00774 camellia_setkey_enc(&ctx, key, 128 + u * 64);
00775 memcpy(src, camellia_test_ecb_plain[i], 16);
00776 memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
00777 }
00778
00779 camellia_crypt_ecb(&ctx, v, src, buf);
00780
00781 if( memcmp( buf, dst, 16 ) != 0 )
00782 {
00783 if( verbose != 0 )
00784 printf( "failed\n" );
00785
00786 return( 1 );
00787 }
00788 }
00789
00790 if( verbose != 0 )
00791 printf( "passed\n" );
00792 }
00793
00794 if( verbose != 0 )
00795 printf( "\n" );
00796
00797
00798
00799
00800 for( j = 0; j < 6; j++ )
00801 {
00802 u = j >> 1;
00803 v = j & 1;
00804
00805 if( verbose != 0 )
00806 printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
00807 ( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
00808
00809 memcpy( src, camellia_test_cbc_iv, 16);
00810 memcpy( dst, camellia_test_cbc_iv, 16);
00811 memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
00812
00813 if (v == CAMELLIA_DECRYPT) {
00814 camellia_setkey_dec(&ctx, key, 128 + u * 64);
00815 } else {
00816 camellia_setkey_enc(&ctx, key, 128 + u * 64);
00817 }
00818
00819 for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
00820
00821 if (v == CAMELLIA_DECRYPT) {
00822 memcpy( iv , src, 16 );
00823 memcpy(src, camellia_test_cbc_cipher[u][i], 16);
00824 memcpy(dst, camellia_test_cbc_plain[i], 16);
00825 } else {
00826 memcpy( iv , dst, 16 );
00827 memcpy(src, camellia_test_cbc_plain[i], 16);
00828 memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
00829 }
00830
00831 camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
00832
00833 if( memcmp( buf, dst, 16 ) != 0 )
00834 {
00835 if( verbose != 0 )
00836 printf( "failed\n" );
00837
00838 return( 1 );
00839 }
00840 }
00841
00842 if( verbose != 0 )
00843 printf( "passed\n" );
00844 }
00845
00846 if( verbose != 0 )
00847 printf( "\n" );
00848
00849 return ( 0 );
00850 }
00851
00852 #endif
00853
00854 #endif