1 /* ====================================================================
2 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
55 #include <openssl/opensslconf.h>
56 #ifdef OPENSSL_NO_CAMELLIA
57 NON_EMPTY_TRANSLATION_UNIT
60 # include <openssl/evp.h>
61 # include <openssl/err.h>
64 # include <openssl/camellia.h>
65 # include "internal/evp_int.h"
66 # include "modes_lcl.h"
68 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv, int enc);
71 /* Camellia subkey Structure */
81 # define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
83 /* Attribute operation for Camellia */
84 # define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
86 # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
87 /* ---------^^^ this is not a typo, just a way to detect that
88 * assembler support was in general requested... */
89 # include "sparc_arch.h"
91 extern unsigned int OPENSSL_sparcv9cap_P[];
93 # define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
95 void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
96 void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
97 const CAMELLIA_KEY *key);
98 void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
99 const CAMELLIA_KEY *key);
101 void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
102 size_t len, const CAMELLIA_KEY *key,
103 unsigned char *ivec);
104 void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
105 size_t len, const CAMELLIA_KEY *key,
106 unsigned char *ivec);
107 void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
108 size_t len, const CAMELLIA_KEY *key,
109 unsigned char *ivec);
110 void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
111 size_t len, const CAMELLIA_KEY *key,
112 unsigned char *ivec);
113 void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
114 size_t blocks, const CAMELLIA_KEY *key,
115 unsigned char *ivec);
116 void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
117 size_t blocks, const CAMELLIA_KEY *key,
118 unsigned char *ivec);
120 static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
121 const unsigned char *iv, int enc)
124 EVP_CAMELLIA_KEY *dat =
125 (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
127 mode = EVP_CIPHER_CTX_mode(ctx);
128 bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
130 cmll_t4_set_key(key, bits, &dat->ks);
132 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
135 dat->block = (block128_f) cmll_t4_decrypt;
138 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
139 (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
143 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
144 (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
151 dat->block = (block128_f) cmll_t4_encrypt;
154 if (mode == EVP_CIPH_CBC_MODE)
155 dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
156 else if (mode == EVP_CIPH_CTR_MODE)
157 dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
159 dat->stream.cbc = NULL;
163 if (mode == EVP_CIPH_CBC_MODE)
164 dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
165 else if (mode == EVP_CIPH_CTR_MODE)
166 dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
168 dat->stream.cbc = NULL;
176 EVPerr(EVP_F_CMLL_T4_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
183 # define cmll_t4_cbc_cipher camellia_cbc_cipher
184 static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
185 const unsigned char *in, size_t len);
187 # define cmll_t4_ecb_cipher camellia_ecb_cipher
188 static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
189 const unsigned char *in, size_t len);
191 # define cmll_t4_ofb_cipher camellia_ofb_cipher
192 static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
193 const unsigned char *in, size_t len);
195 # define cmll_t4_cfb_cipher camellia_cfb_cipher
196 static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
197 const unsigned char *in, size_t len);
199 # define cmll_t4_cfb8_cipher camellia_cfb8_cipher
200 static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
201 const unsigned char *in, size_t len);
203 # define cmll_t4_cfb1_cipher camellia_cfb1_cipher
204 static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
205 const unsigned char *in, size_t len);
207 # define cmll_t4_ctr_cipher camellia_ctr_cipher
208 static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
209 const unsigned char *in, size_t len);
211 # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
212 static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
213 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
214 flags|EVP_CIPH_##MODE##_MODE, \
216 cmll_t4_##mode##_cipher, \
218 sizeof(EVP_CAMELLIA_KEY), \
219 NULL,NULL,NULL,NULL }; \
220 static const EVP_CIPHER camellia_##keylen##_##mode = { \
221 nid##_##keylen##_##nmode,blocksize, \
223 flags|EVP_CIPH_##MODE##_MODE, \
225 camellia_##mode##_cipher, \
227 sizeof(EVP_CAMELLIA_KEY), \
228 NULL,NULL,NULL,NULL }; \
229 const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
230 { return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
234 # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
235 static const EVP_CIPHER camellia_##keylen##_##mode = { \
236 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
237 flags|EVP_CIPH_##MODE##_MODE, \
239 camellia_##mode##_cipher, \
241 sizeof(EVP_CAMELLIA_KEY), \
242 NULL,NULL,NULL,NULL }; \
243 const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
244 { return &camellia_##keylen##_##mode; }
248 # define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
249 BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
250 BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
251 BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
252 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
253 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
254 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
255 BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
257 /* The subkey for Camellia is generated. */
258 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
259 const unsigned char *iv, int enc)
262 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
264 ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
266 EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
270 mode = EVP_CIPHER_CTX_mode(ctx);
271 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
273 dat->block = (block128_f) Camellia_decrypt;
274 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
275 (cbc128_f) Camellia_cbc_encrypt : NULL;
277 dat->block = (block128_f) Camellia_encrypt;
278 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
279 (cbc128_f) Camellia_cbc_encrypt : NULL;
285 static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
286 const unsigned char *in, size_t len)
288 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
291 (*dat->stream.cbc) (in, out, len, &dat->ks,
292 EVP_CIPHER_CTX_iv_noconst(ctx),
293 EVP_CIPHER_CTX_encrypting(ctx));
294 else if (EVP_CIPHER_CTX_encrypting(ctx))
295 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
296 EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
298 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
299 EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
304 static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
305 const unsigned char *in, size_t len)
307 size_t bl = EVP_CIPHER_CTX_block_size(ctx);
309 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
314 for (i = 0, len -= bl; i <= len; i += bl)
315 (*dat->block) (in + i, out + i, &dat->ks);
320 static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
321 const unsigned char *in, size_t len)
323 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
325 int num = EVP_CIPHER_CTX_num(ctx);
326 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
327 EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
328 EVP_CIPHER_CTX_set_num(ctx, num);
332 static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
333 const unsigned char *in, size_t len)
335 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
337 int num = EVP_CIPHER_CTX_num(ctx);
338 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
339 EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
340 EVP_CIPHER_CTX_set_num(ctx, num);
344 static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
345 const unsigned char *in, size_t len)
347 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
349 int num = EVP_CIPHER_CTX_num(ctx);
350 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
351 EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
352 EVP_CIPHER_CTX_set_num(ctx, num);
356 static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
357 const unsigned char *in, size_t len)
359 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
361 if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
362 int num = EVP_CIPHER_CTX_num(ctx);
363 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
364 EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
365 EVP_CIPHER_CTX_set_num(ctx, num);
369 while (len >= MAXBITCHUNK) {
370 int num = EVP_CIPHER_CTX_num(ctx);
371 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
372 EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
374 EVP_CIPHER_CTX_set_num(ctx, num);
377 int num = EVP_CIPHER_CTX_num(ctx);
378 CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
379 EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
380 EVP_CIPHER_CTX_set_num(ctx, num);
386 static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
387 const unsigned char *in, size_t len)
389 unsigned int num = EVP_CIPHER_CTX_num(ctx);
390 EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
393 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
394 EVP_CIPHER_CTX_iv_noconst(ctx),
395 EVP_CIPHER_CTX_buf_noconst(ctx), &num,
398 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
399 EVP_CIPHER_CTX_iv_noconst(ctx),
400 EVP_CIPHER_CTX_buf_noconst(ctx), &num,
402 EVP_CIPHER_CTX_set_num(ctx, num);
406 BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
407 BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
408 BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)