1 /* crypto/evp/e_camellia.c */
2 /* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
31 * 6. Redistributions of any form whatsoever must retain the following
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
56 #include <openssl/opensslconf.h>
57 #ifndef OPENSSL_NO_CAMELLIA
58 # include <openssl/evp.h>
59 # include <openssl/err.h>
62 # include <openssl/camellia.h>
63 # include "internal/evp_int.h"
64 # include "modes_lcl.h"
66 static int camellia_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
67 const unsigned char *iv
, int enc
);
69 /* Camellia subkey Structure */
79 # define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
81 /* Attribute operation for Camellia */
82 # define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
84 # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
85 /* ---------^^^ this is not a typo, just a way to detect that
86 * assembler support was in general requested... */
87 # include "sparc_arch.h"
89 extern unsigned int OPENSSL_sparcv9cap_P
[];
91 # define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
93 void cmll_t4_set_key(const unsigned char *key
, int bits
, CAMELLIA_KEY
*ks
);
94 void cmll_t4_encrypt(const unsigned char *in
, unsigned char *out
,
95 const CAMELLIA_KEY
*key
);
96 void cmll_t4_decrypt(const unsigned char *in
, unsigned char *out
,
97 const CAMELLIA_KEY
*key
);
99 void cmll128_t4_cbc_encrypt(const unsigned char *in
, unsigned char *out
,
100 size_t len
, const CAMELLIA_KEY
*key
,
101 unsigned char *ivec
);
102 void cmll128_t4_cbc_decrypt(const unsigned char *in
, unsigned char *out
,
103 size_t len
, const CAMELLIA_KEY
*key
,
104 unsigned char *ivec
);
105 void cmll256_t4_cbc_encrypt(const unsigned char *in
, unsigned char *out
,
106 size_t len
, const CAMELLIA_KEY
*key
,
107 unsigned char *ivec
);
108 void cmll256_t4_cbc_decrypt(const unsigned char *in
, unsigned char *out
,
109 size_t len
, const CAMELLIA_KEY
*key
,
110 unsigned char *ivec
);
111 void cmll128_t4_ctr32_encrypt(const unsigned char *in
, unsigned char *out
,
112 size_t blocks
, const CAMELLIA_KEY
*key
,
113 unsigned char *ivec
);
114 void cmll256_t4_ctr32_encrypt(const unsigned char *in
, unsigned char *out
,
115 size_t blocks
, const CAMELLIA_KEY
*key
,
116 unsigned char *ivec
);
118 static int cmll_t4_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
119 const unsigned char *iv
, int enc
)
122 EVP_CAMELLIA_KEY
*dat
= (EVP_CAMELLIA_KEY
*) EVP_CIPHER_CTX_cipher_data(ctx
);
124 mode
= EVP_CIPHER_CTX_mode(ctx
);
125 bits
= EVP_CIPHER_CTX_key_length(ctx
) * 8;
127 cmll_t4_set_key(key
, bits
, &dat
->ks
);
129 if ((mode
== EVP_CIPH_ECB_MODE
|| mode
== EVP_CIPH_CBC_MODE
)
132 dat
->block
= (block128_f
) cmll_t4_decrypt
;
135 dat
->stream
.cbc
= mode
== EVP_CIPH_CBC_MODE
?
136 (cbc128_f
) cmll128_t4_cbc_decrypt
: NULL
;
140 dat
->stream
.cbc
= mode
== EVP_CIPH_CBC_MODE
?
141 (cbc128_f
) cmll256_t4_cbc_decrypt
: NULL
;
148 dat
->block
= (block128_f
) cmll_t4_encrypt
;
151 if (mode
== EVP_CIPH_CBC_MODE
)
152 dat
->stream
.cbc
= (cbc128_f
) cmll128_t4_cbc_encrypt
;
153 else if (mode
== EVP_CIPH_CTR_MODE
)
154 dat
->stream
.ctr
= (ctr128_f
) cmll128_t4_ctr32_encrypt
;
156 dat
->stream
.cbc
= NULL
;
160 if (mode
== EVP_CIPH_CBC_MODE
)
161 dat
->stream
.cbc
= (cbc128_f
) cmll256_t4_cbc_encrypt
;
162 else if (mode
== EVP_CIPH_CTR_MODE
)
163 dat
->stream
.ctr
= (ctr128_f
) cmll256_t4_ctr32_encrypt
;
165 dat
->stream
.cbc
= NULL
;
173 EVPerr(EVP_F_CMLL_T4_INIT_KEY
, EVP_R_CAMELLIA_KEY_SETUP_FAILED
);
180 # define cmll_t4_cbc_cipher camellia_cbc_cipher
181 static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
182 const unsigned char *in
, size_t len
);
184 # define cmll_t4_ecb_cipher camellia_ecb_cipher
185 static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
186 const unsigned char *in
, size_t len
);
188 # define cmll_t4_ofb_cipher camellia_ofb_cipher
189 static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
190 const unsigned char *in
, size_t len
);
192 # define cmll_t4_cfb_cipher camellia_cfb_cipher
193 static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
194 const unsigned char *in
, size_t len
);
196 # define cmll_t4_cfb8_cipher camellia_cfb8_cipher
197 static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
198 const unsigned char *in
, size_t len
);
200 # define cmll_t4_cfb1_cipher camellia_cfb1_cipher
201 static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
202 const unsigned char *in
, size_t len
);
204 # define cmll_t4_ctr_cipher camellia_ctr_cipher
205 static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
206 const unsigned char *in
, size_t len
);
208 # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
209 static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
210 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
211 flags|EVP_CIPH_##MODE##_MODE, \
213 cmll_t4_##mode##_cipher, \
215 sizeof(EVP_CAMELLIA_KEY), \
216 NULL,NULL,NULL,NULL }; \
217 static const EVP_CIPHER camellia_##keylen##_##mode = { \
218 nid##_##keylen##_##nmode,blocksize, \
220 flags|EVP_CIPH_##MODE##_MODE, \
222 camellia_##mode##_cipher, \
224 sizeof(EVP_CAMELLIA_KEY), \
225 NULL,NULL,NULL,NULL }; \
226 const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
227 { return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
231 # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
232 static const EVP_CIPHER camellia_##keylen##_##mode = { \
233 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
234 flags|EVP_CIPH_##MODE##_MODE, \
236 camellia_##mode##_cipher, \
238 sizeof(EVP_CAMELLIA_KEY), \
239 NULL,NULL,NULL,NULL }; \
240 const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
241 { return &camellia_##keylen##_##mode; }
245 # define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
246 BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
247 BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
248 BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
249 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
250 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
251 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
252 BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
254 /* The subkey for Camellia is generated. */
255 static int camellia_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
256 const unsigned char *iv
, int enc
)
259 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
261 ret
= Camellia_set_key(key
, EVP_CIPHER_CTX_key_length(ctx
) * 8, &dat
->ks
);
263 EVPerr(EVP_F_CAMELLIA_INIT_KEY
, EVP_R_CAMELLIA_KEY_SETUP_FAILED
);
267 mode
= EVP_CIPHER_CTX_mode(ctx
);
268 if ((mode
== EVP_CIPH_ECB_MODE
|| mode
== EVP_CIPH_CBC_MODE
)
270 dat
->block
= (block128_f
) Camellia_decrypt
;
271 dat
->stream
.cbc
= mode
== EVP_CIPH_CBC_MODE
?
272 (cbc128_f
) Camellia_cbc_encrypt
: NULL
;
274 dat
->block
= (block128_f
) Camellia_encrypt
;
275 dat
->stream
.cbc
= mode
== EVP_CIPH_CBC_MODE
?
276 (cbc128_f
) Camellia_cbc_encrypt
: NULL
;
282 static int camellia_cbc_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
283 const unsigned char *in
, size_t len
)
285 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
288 (*dat
->stream
.cbc
) (in
, out
, len
, &dat
->ks
,
289 EVP_CIPHER_CTX_iv_noconst(ctx
),
290 EVP_CIPHER_CTX_encrypting(ctx
));
291 else if (EVP_CIPHER_CTX_encrypting(ctx
))
292 CRYPTO_cbc128_encrypt(in
, out
, len
, &dat
->ks
,
293 EVP_CIPHER_CTX_iv_noconst(ctx
), dat
->block
);
295 CRYPTO_cbc128_decrypt(in
, out
, len
, &dat
->ks
,
296 EVP_CIPHER_CTX_iv_noconst(ctx
), dat
->block
);
301 static int camellia_ecb_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
302 const unsigned char *in
, size_t len
)
304 size_t bl
= EVP_CIPHER_CTX_block_size(ctx
);
306 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
311 for (i
= 0, len
-= bl
; i
<= len
; i
+= bl
)
312 (*dat
->block
) (in
+ i
, out
+ i
, &dat
->ks
);
317 static int camellia_ofb_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
318 const unsigned char *in
, size_t len
)
320 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
322 int num
= EVP_CIPHER_CTX_num(ctx
);
323 CRYPTO_ofb128_encrypt(in
, out
, len
, &dat
->ks
,
324 EVP_CIPHER_CTX_iv_noconst(ctx
), &num
, dat
->block
);
325 EVP_CIPHER_CTX_set_num(ctx
, num
);
329 static int camellia_cfb_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
330 const unsigned char *in
, size_t len
)
332 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
334 int num
= EVP_CIPHER_CTX_num(ctx
);
335 CRYPTO_cfb128_encrypt(in
, out
, len
, &dat
->ks
,
336 EVP_CIPHER_CTX_iv_noconst(ctx
), &num
, EVP_CIPHER_CTX_encrypting(ctx
), dat
->block
);
337 EVP_CIPHER_CTX_set_num(ctx
, num
);
341 static int camellia_cfb8_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
342 const unsigned char *in
, size_t len
)
344 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
346 int num
= EVP_CIPHER_CTX_num(ctx
);
347 CRYPTO_cfb128_8_encrypt(in
, out
, len
, &dat
->ks
,
348 EVP_CIPHER_CTX_iv_noconst(ctx
), &num
, EVP_CIPHER_CTX_encrypting(ctx
), dat
->block
);
349 EVP_CIPHER_CTX_set_num(ctx
, num
);
353 static int camellia_cfb1_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
354 const unsigned char *in
, size_t len
)
356 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
358 if (EVP_CIPHER_CTX_test_flags(ctx
, EVP_CIPH_FLAG_LENGTH_BITS
)) {
359 int num
= EVP_CIPHER_CTX_num(ctx
);
360 CRYPTO_cfb128_1_encrypt(in
, out
, len
, &dat
->ks
,
361 EVP_CIPHER_CTX_iv_noconst(ctx
), &num
, EVP_CIPHER_CTX_encrypting(ctx
), dat
->block
);
362 EVP_CIPHER_CTX_set_num(ctx
, num
);
366 while (len
>= MAXBITCHUNK
) {
367 int num
= EVP_CIPHER_CTX_num(ctx
);
368 CRYPTO_cfb128_1_encrypt(in
, out
, MAXBITCHUNK
* 8, &dat
->ks
,
369 EVP_CIPHER_CTX_iv_noconst(ctx
), &num
, EVP_CIPHER_CTX_encrypting(ctx
), dat
->block
);
371 EVP_CIPHER_CTX_set_num(ctx
, num
);
374 int num
= EVP_CIPHER_CTX_num(ctx
);
375 CRYPTO_cfb128_1_encrypt(in
, out
, len
* 8, &dat
->ks
,
376 EVP_CIPHER_CTX_iv_noconst(ctx
), &num
, EVP_CIPHER_CTX_encrypting(ctx
), dat
->block
);
377 EVP_CIPHER_CTX_set_num(ctx
, num
);
383 static int camellia_ctr_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
384 const unsigned char *in
, size_t len
)
386 unsigned int num
= EVP_CIPHER_CTX_num(ctx
);
387 EVP_CAMELLIA_KEY
*dat
= EVP_C_DATA(EVP_CAMELLIA_KEY
,ctx
);
390 CRYPTO_ctr128_encrypt_ctr32(in
, out
, len
, &dat
->ks
,
391 EVP_CIPHER_CTX_iv_noconst(ctx
),
392 EVP_CIPHER_CTX_buf_noconst(ctx
), &num
,
395 CRYPTO_ctr128_encrypt(in
, out
, len
, &dat
->ks
,
396 EVP_CIPHER_CTX_iv_noconst(ctx
),
397 EVP_CIPHER_CTX_buf_noconst(ctx
), &num
,
399 EVP_CIPHER_CTX_set_num(ctx
, num
);
403 BLOCK_CIPHER_generic_pack(NID_camellia
, 128, 0)
404 BLOCK_CIPHER_generic_pack(NID_camellia
, 192, 0)
405 BLOCK_CIPHER_generic_pack(NID_camellia
, 256, 0)
409 static void *dummy
= &dummy
;