2
0

e_camellia.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Camellia low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <openssl/opensslconf.h>
  15. #include <openssl/evp.h>
  16. #include <openssl/err.h>
  17. #include <string.h>
  18. #include <assert.h>
  19. #include <openssl/camellia.h>
  20. #include "crypto/evp.h"
  21. #include "crypto/modes.h"
  22. #include "crypto/cmll_platform.h"
  23. #include "evp_local.h"
  24. static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  25. const unsigned char *iv, int enc);
  26. /* Camellia subkey Structure */
  27. typedef struct {
  28. CAMELLIA_KEY ks;
  29. block128_f block;
  30. union {
  31. cbc128_f cbc;
  32. ctr128_f ctr;
  33. } stream;
  34. } EVP_CAMELLIA_KEY;
  35. #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
  36. /* Attribute operation for Camellia */
  37. #define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
  38. #if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
  39. /* ---------^^^ this is not a typo, just a way to detect that
  40. * assembler support was in general requested... */
  41. # include "crypto/sparc_arch.h"
  42. static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  43. const unsigned char *iv, int enc)
  44. {
  45. int ret, mode, bits;
  46. EVP_CAMELLIA_KEY *dat =
  47. (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  48. mode = EVP_CIPHER_CTX_get_mode(ctx);
  49. bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
  50. cmll_t4_set_key(key, bits, &dat->ks);
  51. if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
  52. && !enc) {
  53. ret = 0;
  54. dat->block = (block128_f) cmll_t4_decrypt;
  55. switch (bits) {
  56. case 128:
  57. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  58. (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
  59. break;
  60. case 192:
  61. case 256:
  62. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  63. (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
  64. break;
  65. default:
  66. ret = -1;
  67. }
  68. } else {
  69. ret = 0;
  70. dat->block = (block128_f) cmll_t4_encrypt;
  71. switch (bits) {
  72. case 128:
  73. if (mode == EVP_CIPH_CBC_MODE)
  74. dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
  75. else if (mode == EVP_CIPH_CTR_MODE)
  76. dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
  77. else
  78. dat->stream.cbc = NULL;
  79. break;
  80. case 192:
  81. case 256:
  82. if (mode == EVP_CIPH_CBC_MODE)
  83. dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
  84. else if (mode == EVP_CIPH_CTR_MODE)
  85. dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
  86. else
  87. dat->stream.cbc = NULL;
  88. break;
  89. default:
  90. ret = -1;
  91. }
  92. }
  93. if (ret < 0) {
  94. ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
  95. return 0;
  96. }
  97. return 1;
  98. }
  99. # define cmll_t4_cbc_cipher camellia_cbc_cipher
  100. static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  101. const unsigned char *in, size_t len);
  102. # define cmll_t4_ecb_cipher camellia_ecb_cipher
  103. static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  104. const unsigned char *in, size_t len);
  105. # define cmll_t4_ofb_cipher camellia_ofb_cipher
  106. static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  107. const unsigned char *in, size_t len);
  108. # define cmll_t4_cfb_cipher camellia_cfb_cipher
  109. static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  110. const unsigned char *in, size_t len);
  111. # define cmll_t4_cfb8_cipher camellia_cfb8_cipher
  112. static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  113. const unsigned char *in, size_t len);
  114. # define cmll_t4_cfb1_cipher camellia_cfb1_cipher
  115. static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  116. const unsigned char *in, size_t len);
  117. # define cmll_t4_ctr_cipher camellia_ctr_cipher
  118. static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  119. const unsigned char *in, size_t len);
  120. # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
  121. static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
  122. nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
  123. flags|EVP_CIPH_##MODE##_MODE, \
  124. EVP_ORIG_GLOBAL, \
  125. cmll_t4_init_key, \
  126. cmll_t4_##mode##_cipher, \
  127. NULL, \
  128. sizeof(EVP_CAMELLIA_KEY), \
  129. NULL,NULL,NULL,NULL }; \
  130. static const EVP_CIPHER camellia_##keylen##_##mode = { \
  131. nid##_##keylen##_##nmode,blocksize, \
  132. keylen/8,ivlen, \
  133. flags|EVP_CIPH_##MODE##_MODE, \
  134. EVP_ORIG_GLOBAL, \
  135. camellia_init_key, \
  136. camellia_##mode##_cipher, \
  137. NULL, \
  138. sizeof(EVP_CAMELLIA_KEY), \
  139. NULL,NULL,NULL,NULL }; \
  140. const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
  141. { return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
  142. #else
  143. # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
  144. static const EVP_CIPHER camellia_##keylen##_##mode = { \
  145. nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
  146. flags|EVP_CIPH_##MODE##_MODE, \
  147. EVP_ORIG_GLOBAL, \
  148. camellia_init_key, \
  149. camellia_##mode##_cipher, \
  150. NULL, \
  151. sizeof(EVP_CAMELLIA_KEY), \
  152. NULL,NULL,NULL,NULL }; \
  153. const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
  154. { return &camellia_##keylen##_##mode; }
  155. #endif
  156. #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
  157. BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  158. BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  159. BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  160. BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  161. BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
  162. BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
  163. BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
  164. /* The subkey for Camellia is generated. */
  165. static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  166. const unsigned char *iv, int enc)
  167. {
  168. int ret, mode;
  169. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  170. ret = Camellia_set_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
  171. &dat->ks);
  172. if (ret < 0) {
  173. ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
  174. return 0;
  175. }
  176. mode = EVP_CIPHER_CTX_get_mode(ctx);
  177. if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
  178. && !enc) {
  179. dat->block = (block128_f) Camellia_decrypt;
  180. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  181. (cbc128_f) Camellia_cbc_encrypt : NULL;
  182. } else {
  183. dat->block = (block128_f) Camellia_encrypt;
  184. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  185. (cbc128_f) Camellia_cbc_encrypt : NULL;
  186. }
  187. return 1;
  188. }
  189. static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  190. const unsigned char *in, size_t len)
  191. {
  192. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  193. if (dat->stream.cbc)
  194. (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
  195. EVP_CIPHER_CTX_is_encrypting(ctx));
  196. else if (EVP_CIPHER_CTX_is_encrypting(ctx))
  197. CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
  198. else
  199. CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
  200. return 1;
  201. }
  202. static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  203. const unsigned char *in, size_t len)
  204. {
  205. size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
  206. size_t i;
  207. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  208. if (len < bl)
  209. return 1;
  210. for (i = 0, len -= bl; i <= len; i += bl)
  211. (*dat->block) (in + i, out + i, &dat->ks);
  212. return 1;
  213. }
  214. static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  215. const unsigned char *in, size_t len)
  216. {
  217. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  218. int num = EVP_CIPHER_CTX_get_num(ctx);
  219. CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block);
  220. EVP_CIPHER_CTX_set_num(ctx, num);
  221. return 1;
  222. }
  223. static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  224. const unsigned char *in, size_t len)
  225. {
  226. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  227. int num = EVP_CIPHER_CTX_get_num(ctx);
  228. CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
  229. EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
  230. EVP_CIPHER_CTX_set_num(ctx, num);
  231. return 1;
  232. }
  233. static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  234. const unsigned char *in, size_t len)
  235. {
  236. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  237. int num = EVP_CIPHER_CTX_get_num(ctx);
  238. CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
  239. EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
  240. EVP_CIPHER_CTX_set_num(ctx, num);
  241. return 1;
  242. }
  243. static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  244. const unsigned char *in, size_t len)
  245. {
  246. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  247. if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
  248. int num = EVP_CIPHER_CTX_get_num(ctx);
  249. CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
  250. EVP_CIPHER_CTX_is_encrypting(ctx),
  251. dat->block);
  252. EVP_CIPHER_CTX_set_num(ctx, num);
  253. return 1;
  254. }
  255. while (len >= MAXBITCHUNK) {
  256. int num = EVP_CIPHER_CTX_get_num(ctx);
  257. CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
  258. ctx->iv, &num,
  259. EVP_CIPHER_CTX_is_encrypting(ctx),
  260. dat->block);
  261. EVP_CIPHER_CTX_set_num(ctx, num);
  262. len -= MAXBITCHUNK;
  263. out += MAXBITCHUNK;
  264. in += MAXBITCHUNK;
  265. }
  266. if (len) {
  267. int num = EVP_CIPHER_CTX_get_num(ctx);
  268. CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
  269. ctx->iv, &num,
  270. EVP_CIPHER_CTX_is_encrypting(ctx),
  271. dat->block);
  272. EVP_CIPHER_CTX_set_num(ctx, num);
  273. }
  274. return 1;
  275. }
  276. static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  277. const unsigned char *in, size_t len)
  278. {
  279. int snum = EVP_CIPHER_CTX_get_num(ctx);
  280. unsigned int num;
  281. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY, ctx);
  282. if (snum < 0)
  283. return 0;
  284. num = snum;
  285. if (dat->stream.ctr)
  286. CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv,
  287. EVP_CIPHER_CTX_buf_noconst(ctx),
  288. &num,
  289. dat->stream.ctr);
  290. else
  291. CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
  292. EVP_CIPHER_CTX_buf_noconst(ctx), &num,
  293. dat->block);
  294. EVP_CIPHER_CTX_set_num(ctx, num);
  295. return 1;
  296. }
  297. BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
  298. BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
  299. BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)