2
0

e_camellia.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366
  1. /*
  2. * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/opensslconf.h>
  10. #ifdef OPENSSL_NO_CAMELLIA
  11. NON_EMPTY_TRANSLATION_UNIT
  12. #else
  13. # include <openssl/evp.h>
  14. # include <openssl/err.h>
  15. # include <string.h>
  16. # include <assert.h>
  17. # include <openssl/camellia.h>
  18. # include "internal/evp_int.h"
  19. # include "modes_lcl.h"
  20. static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  21. const unsigned char *iv, int enc);
  22. /* Camellia subkey Structure */
  23. typedef struct {
  24. CAMELLIA_KEY ks;
  25. block128_f block;
  26. union {
  27. cbc128_f cbc;
  28. ctr128_f ctr;
  29. } stream;
  30. } EVP_CAMELLIA_KEY;
  31. # define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
  32. /* Attribute operation for Camellia */
  33. # define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
  34. # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
  35. /* ---------^^^ this is not a typo, just a way to detect that
  36. * assembler support was in general requested... */
  37. # include "sparc_arch.h"
  38. extern unsigned int OPENSSL_sparcv9cap_P[];
  39. # define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
  40. void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
  41. void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
  42. const CAMELLIA_KEY *key);
  43. void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
  44. const CAMELLIA_KEY *key);
  45. void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  46. size_t len, const CAMELLIA_KEY *key,
  47. unsigned char *ivec);
  48. void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  49. size_t len, const CAMELLIA_KEY *key,
  50. unsigned char *ivec);
  51. void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  52. size_t len, const CAMELLIA_KEY *key,
  53. unsigned char *ivec);
  54. void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  55. size_t len, const CAMELLIA_KEY *key,
  56. unsigned char *ivec);
  57. void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  58. size_t blocks, const CAMELLIA_KEY *key,
  59. unsigned char *ivec);
  60. void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  61. size_t blocks, const CAMELLIA_KEY *key,
  62. unsigned char *ivec);
  63. static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  64. const unsigned char *iv, int enc)
  65. {
  66. int ret, mode, bits;
  67. EVP_CAMELLIA_KEY *dat =
  68. (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
  69. mode = EVP_CIPHER_CTX_mode(ctx);
  70. bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
  71. cmll_t4_set_key(key, bits, &dat->ks);
  72. if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
  73. && !enc) {
  74. ret = 0;
  75. dat->block = (block128_f) cmll_t4_decrypt;
  76. switch (bits) {
  77. case 128:
  78. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  79. (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
  80. break;
  81. case 192:
  82. case 256:
  83. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  84. (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
  85. break;
  86. default:
  87. ret = -1;
  88. }
  89. } else {
  90. ret = 0;
  91. dat->block = (block128_f) cmll_t4_encrypt;
  92. switch (bits) {
  93. case 128:
  94. if (mode == EVP_CIPH_CBC_MODE)
  95. dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
  96. else if (mode == EVP_CIPH_CTR_MODE)
  97. dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
  98. else
  99. dat->stream.cbc = NULL;
  100. break;
  101. case 192:
  102. case 256:
  103. if (mode == EVP_CIPH_CBC_MODE)
  104. dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
  105. else if (mode == EVP_CIPH_CTR_MODE)
  106. dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
  107. else
  108. dat->stream.cbc = NULL;
  109. break;
  110. default:
  111. ret = -1;
  112. }
  113. }
  114. if (ret < 0) {
  115. EVPerr(EVP_F_CMLL_T4_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
  116. return 0;
  117. }
  118. return 1;
  119. }
  120. # define cmll_t4_cbc_cipher camellia_cbc_cipher
  121. static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  122. const unsigned char *in, size_t len);
  123. # define cmll_t4_ecb_cipher camellia_ecb_cipher
  124. static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  125. const unsigned char *in, size_t len);
  126. # define cmll_t4_ofb_cipher camellia_ofb_cipher
  127. static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  128. const unsigned char *in, size_t len);
  129. # define cmll_t4_cfb_cipher camellia_cfb_cipher
  130. static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  131. const unsigned char *in, size_t len);
  132. # define cmll_t4_cfb8_cipher camellia_cfb8_cipher
  133. static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  134. const unsigned char *in, size_t len);
  135. # define cmll_t4_cfb1_cipher camellia_cfb1_cipher
  136. static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  137. const unsigned char *in, size_t len);
  138. # define cmll_t4_ctr_cipher camellia_ctr_cipher
  139. static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  140. const unsigned char *in, size_t len);
  141. # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
  142. static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
  143. nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
  144. flags|EVP_CIPH_##MODE##_MODE, \
  145. cmll_t4_init_key, \
  146. cmll_t4_##mode##_cipher, \
  147. NULL, \
  148. sizeof(EVP_CAMELLIA_KEY), \
  149. NULL,NULL,NULL,NULL }; \
  150. static const EVP_CIPHER camellia_##keylen##_##mode = { \
  151. nid##_##keylen##_##nmode,blocksize, \
  152. keylen/8,ivlen, \
  153. flags|EVP_CIPH_##MODE##_MODE, \
  154. camellia_init_key, \
  155. camellia_##mode##_cipher, \
  156. NULL, \
  157. sizeof(EVP_CAMELLIA_KEY), \
  158. NULL,NULL,NULL,NULL }; \
  159. const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
  160. { return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
  161. # else
  162. # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
  163. static const EVP_CIPHER camellia_##keylen##_##mode = { \
  164. nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
  165. flags|EVP_CIPH_##MODE##_MODE, \
  166. camellia_init_key, \
  167. camellia_##mode##_cipher, \
  168. NULL, \
  169. sizeof(EVP_CAMELLIA_KEY), \
  170. NULL,NULL,NULL,NULL }; \
  171. const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
  172. { return &camellia_##keylen##_##mode; }
  173. # endif
  174. # define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
  175. BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  176. BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  177. BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  178. BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
  179. BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
  180. BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
  181. BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
  182. /* The subkey for Camellia is generated. */
  183. static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  184. const unsigned char *iv, int enc)
  185. {
  186. int ret, mode;
  187. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  188. ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
  189. if (ret < 0) {
  190. EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
  191. return 0;
  192. }
  193. mode = EVP_CIPHER_CTX_mode(ctx);
  194. if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
  195. && !enc) {
  196. dat->block = (block128_f) Camellia_decrypt;
  197. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  198. (cbc128_f) Camellia_cbc_encrypt : NULL;
  199. } else {
  200. dat->block = (block128_f) Camellia_encrypt;
  201. dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
  202. (cbc128_f) Camellia_cbc_encrypt : NULL;
  203. }
  204. return 1;
  205. }
  206. static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  207. const unsigned char *in, size_t len)
  208. {
  209. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  210. if (dat->stream.cbc)
  211. (*dat->stream.cbc) (in, out, len, &dat->ks,
  212. EVP_CIPHER_CTX_iv_noconst(ctx),
  213. EVP_CIPHER_CTX_encrypting(ctx));
  214. else if (EVP_CIPHER_CTX_encrypting(ctx))
  215. CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
  216. EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
  217. else
  218. CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
  219. EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
  220. return 1;
  221. }
  222. static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  223. const unsigned char *in, size_t len)
  224. {
  225. size_t bl = EVP_CIPHER_CTX_block_size(ctx);
  226. size_t i;
  227. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  228. if (len < bl)
  229. return 1;
  230. for (i = 0, len -= bl; i <= len; i += bl)
  231. (*dat->block) (in + i, out + i, &dat->ks);
  232. return 1;
  233. }
  234. static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  235. const unsigned char *in, size_t len)
  236. {
  237. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  238. int num = EVP_CIPHER_CTX_num(ctx);
  239. CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
  240. EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
  241. EVP_CIPHER_CTX_set_num(ctx, num);
  242. return 1;
  243. }
  244. static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  245. const unsigned char *in, size_t len)
  246. {
  247. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  248. int num = EVP_CIPHER_CTX_num(ctx);
  249. CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
  250. EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
  251. EVP_CIPHER_CTX_set_num(ctx, num);
  252. return 1;
  253. }
  254. static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  255. const unsigned char *in, size_t len)
  256. {
  257. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  258. int num = EVP_CIPHER_CTX_num(ctx);
  259. CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
  260. EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
  261. EVP_CIPHER_CTX_set_num(ctx, num);
  262. return 1;
  263. }
  264. static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  265. const unsigned char *in, size_t len)
  266. {
  267. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  268. if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
  269. int num = EVP_CIPHER_CTX_num(ctx);
  270. CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
  271. EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
  272. EVP_CIPHER_CTX_set_num(ctx, num);
  273. return 1;
  274. }
  275. while (len >= MAXBITCHUNK) {
  276. int num = EVP_CIPHER_CTX_num(ctx);
  277. CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
  278. EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
  279. EVP_CIPHER_CTX_set_num(ctx, num);
  280. len -= MAXBITCHUNK;
  281. out += MAXBITCHUNK;
  282. in += MAXBITCHUNK;
  283. }
  284. if (len) {
  285. int num = EVP_CIPHER_CTX_num(ctx);
  286. CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
  287. EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
  288. EVP_CIPHER_CTX_set_num(ctx, num);
  289. }
  290. return 1;
  291. }
  292. static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  293. const unsigned char *in, size_t len)
  294. {
  295. unsigned int num = EVP_CIPHER_CTX_num(ctx);
  296. EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
  297. if (dat->stream.ctr)
  298. CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
  299. EVP_CIPHER_CTX_iv_noconst(ctx),
  300. EVP_CIPHER_CTX_buf_noconst(ctx), &num,
  301. dat->stream.ctr);
  302. else
  303. CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
  304. EVP_CIPHER_CTX_iv_noconst(ctx),
  305. EVP_CIPHER_CTX_buf_noconst(ctx), &num,
  306. dat->block);
  307. EVP_CIPHER_CTX_set_num(ctx, num);
  308. return 1;
  309. }
  310. BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
  311. BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
  312. BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
  313. #endif