falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69670 Commits
32 Branches
896MB
Tree: 54eac5195d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '54eac5195d'
${ noResults }
FFmpeg/libavutil/camellia.c

473 lines
17KB
Raw Blame History 

  1. /*

  2.  * An implementation of the CAMELLIA algorithm as mentioned in RFC3713

  3.  * Copyright (c) 2014 Supraja Meedinti

  4.  *

  5.  * This file is part of FFmpeg.

  6.  *

  7.  * FFmpeg is free software; you can redistribute it and/or

  8.  * modify it under the terms of the GNU Lesser General Public

  9.  * License as published by the Free Software Foundation; either

  10.  * version 2.1 of the License, or (at your option) any later version.

  11.  *

  12.  * FFmpeg is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  15.  * Lesser General Public License for more details.

  16.  *

  17.  * You should have received a copy of the GNU Lesser General Public

  18.  * License along with FFmpeg; if not, write to the Free Software

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

  20.  */

  21. #include "camellia.h"

  22. #include "common.h"

  23. #include "intreadwrite.h"

  24. #include "attributes.h"

  25. 

  26. #define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))

  27. #define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))

  28. 

  29. #define MASK8 0xff

  30. #define MASK32 0xffffffff

  31. #define MASK64 0xffffffffffffffff

  32. 

  33. #define Sigma1  0xA09E667F3BCC908B

  34. #define Sigma2  0xB67AE8584CAA73B2

  35. #define Sigma3  0xC6EF372FE94F82BE

  36. #define Sigma4  0x54FF53A5F1D36F1C

  37. #define Sigma5  0x10E527FADE682D1D

  38. #define Sigma6  0xB05688C2B3E6C1FD

  39. 

  40. static uint64_t SP[8][256];

  41. 

  42. typedef struct AVCAMELLIA {

  43.     uint64_t Kw[4];

  44.     uint64_t Ke[6];

  45.     uint64_t K[24];

  46.     int key_bits;

  47. } AVCAMELLIA;

  48. 

  49. static const uint8_t SBOX1[256] = {

  50. 112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,

  51.  35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,

  52. 134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,

  53. 166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,

  54. 139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,

  55. 223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,

  56.  20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,

  57. 254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,

  58. 170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,

  59.  16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,

  60. 135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,

  61.  82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,

  62. 233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,

  63. 120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,

  64. 114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,

  65.  64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158

  66. };

  67. 

  68. static const uint8_t SBOX2[256] = {

  69. 224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,

  70.  70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,

  71.  13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,

  72.  77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,

  73.  23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,

  74. 191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,

  75.  40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,

  76. 253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,

  77.  85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,

  78.  32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,

  79.  15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,

  80. 164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,

  81. 211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,

  82. 240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,

  83. 228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,

  84. 128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61

  85. };

  86. 

  87. static const uint8_t SBOX3[256] = {

  88.  56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,

  89. 145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,

  90.  67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,

  91.  83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,

  92. 197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,

  93. 239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,

  94.  10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,

  95. 127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,

  96.  85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,

  97.   8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,

  98. 195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,

  99.  41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,

  100. 244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,

  101.  60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,

  102.  57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,

  103.  32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79

  104. };

  105. 

  106. static const uint8_t SBOX4[256] = {

  107. 112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,

  108. 134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,

  109. 139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,

  110.  20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,

  111. 170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,

  112. 135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,

  113. 233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,

  114. 114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,

  115. 130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,

  116. 184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,

  117.  13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,

  118.  88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,

  119. 208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,

  120.  92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,

  121. 121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,

  122.   7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158

  123. };

  124. 

  125. const int av_camellia_size = sizeof(AVCAMELLIA);

  126. 

  127. static void LR128(uint64_t d[2], const uint64_t K[2], int x)

  128. {

  129.     int i = 0;

  130.     if (64 <= x && x < 128) {

  131.         i = 1;

  132.         x -= 64;

  133.     }

  134.     if (x <= 0 || x >= 128) {

  135.         d[0] = K[i];

  136.         d[1] = K[!i];

  137.         return;

  138.     }

  139.     d[0] = (K[i] << x | K[!i] >> (64 - x));

  140.     d[1] = (K[!i] << x | K[i] >> (64 - x));

  141. }

  142. 

  143. static uint64_t F(uint64_t F_IN, uint64_t KE)

  144. {

  145.     uint8_t y[8];

  146.     KE ^= F_IN;

  147.     AV_WB64(y,KE);

  148.     KE=SP[0][y[0]] ^ SP[1][y[1]] ^ SP[2][y[2]] ^ SP[3][y[3]] ^ SP[4][y[4]] ^ SP[5][y[5]] ^ SP[6][y[6]] ^ SP[7][y[7]];

  149.     return KE;

  150. }

  151. 

  152. static uint64_t FL(uint64_t FL_IN, uint64_t KE)

  153. {

  154.     uint32_t x1, x2, k1, k2;

  155.     x1 = FL_IN >> 32;

  156.     x2 = FL_IN & MASK32;

  157.     k1 = KE >> 32;

  158.     k2 = KE & MASK32;

  159.     x2 = x2 ^ LR32((x1 & k1), 1);

  160.     x1 = x1 ^ (x2 | k2);

  161.     return ((uint64_t)x1 << 32) | (uint64_t)x2;

  162. }

  163. 

  164. static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)

  165. {

  166.     uint32_t x1, x2, k1, k2;

  167.     x1 = FLINV_IN >> 32;

  168.     x2 = FLINV_IN & MASK32;

  169.     k1 = KE >> 32;

  170.     k2 = KE & MASK32;

  171.     x1 = x1 ^ (x2 | k2);

  172.     x2 = x2 ^ LR32((x1 & k1), 1);

  173.     return ((uint64_t)x1 << 32) | (uint64_t)x2;

  174. }

  175. 

  176. static const uint8_t shifts[2][12] = {

  177.     {0, 15, 15, 45, 45, 60, 94, 94, 111},

  178.     {0, 15, 15, 30, 45, 45, 60, 60,  77, 94, 94, 111}

  179. };

  180. 

  181. static const uint8_t vars[2][12] = {

  182.     {2, 0, 2, 0, 2, 2, 0, 2, 0},

  183.     {3, 1, 2, 3, 0, 2, 1, 3, 0, 1, 2, 0}

  184. };

  185. 

  186. static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])

  187. {

  188.     int i;

  189.     uint64_t *Kd[4], d[2];

  190.     Kd[0] = Kl;

  191.     Kd[1] = Kr;

  192.     Kd[2] = Ka;

  193.     Kd[3] = Kb;

  194.     cs->Kw[0] = Kl[0];

  195.     cs->Kw[1] = Kl[1];

  196.     if (cs->key_bits == 128) {

  197.         for (i = 0; i < 9; i++) {

  198.             LR128(d, Kd[vars[0][i]], shifts[0][i]);

  199.             cs->K[2*i] = d[0];

  200.             cs->K[2*i+1] = d[1];

  201.         }

  202.         LR128(d, Kd[0], 60);

  203.         cs->K[9] = d[1];

  204.         LR128(d, Kd[2], 30);

  205.         cs->Ke[0] = d[0];

  206.         cs->Ke[1] = d[1];

  207.         LR128(d, Kd[0], 77);

  208.         cs->Ke[2] = d[0];

  209.         cs->Ke[3] = d[1];

  210.         LR128(d, Kd[2], 111);

  211.         cs->Kw[2] = d[0];

  212.         cs->Kw[3] = d[1];

  213.     } else {

  214.         for (i = 0; i < 12; i++) {

  215.             LR128(d, Kd[vars[1][i]], shifts[1][i]);

  216.             cs->K[2*i] = d[0];

  217.             cs->K[2*i+1] = d[1];

  218.         }

  219.         LR128(d, Kd[1], 30);

  220.         cs->Ke[0] = d[0];

  221.         cs->Ke[1] = d[1];

  222.         LR128(d, Kd[0], 60);

  223.         cs->Ke[2] = d[0];

  224.         cs->Ke[3] = d[1];

  225.         LR128(d, Kd[2], 77);

  226.         cs->Ke[4] = d[0];

  227.         cs->Ke[5] = d[1];

  228.         LR128(d, Kd[3], 111);

  229.         cs->Kw[2] = d[0];

  230.         cs->Kw[3] = d[1];

  231.     }

  232. }

  233. 

  234. static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)

  235. {

  236.     uint64_t D1, D2;

  237.     D1 = AV_RB64(src);

  238.     D2 = AV_RB64(src + 8);

  239.     D1 ^= cs->Kw[0];

  240.     D2 ^= cs->Kw[1];

  241.     D2 ^= F(D1, cs->K[0]);

  242.     D1 ^= F(D2, cs->K[1]);

  243.     D2 ^= F(D1, cs->K[2]);

  244.     D1 ^= F(D2, cs->K[3]);

  245.     D2 ^= F(D1, cs->K[4]);

  246.     D1 ^= F(D2, cs->K[5]);

  247.     D1 = FL(D1, cs->Ke[0]);

  248.     D2 = FLINV(D2, cs->Ke[1]);

  249.     D2 ^= F(D1, cs->K[6]);

  250.     D1 ^= F(D2, cs->K[7]);

  251.     D2 ^= F(D1, cs->K[8]);

  252.     D1 ^= F(D2, cs->K[9]);

  253.     D2 ^= F(D1, cs->K[10]);

  254.     D1 ^= F(D2, cs->K[11]);

  255.     D1 = FL(D1, cs->Ke[2]);

  256.     D2 = FLINV(D2, cs->Ke[3]);

  257.     D2 ^= F(D1, cs->K[12]);

  258.     D1 ^= F(D2, cs->K[13]);

  259.     D2 ^= F(D1, cs->K[14]);

  260.     D1 ^= F(D2, cs->K[15]);

  261.     D2 ^= F(D1, cs->K[16]);

  262.     D1 ^= F(D2, cs->K[17]);

  263.     if (cs->key_bits != 128) {

  264.         D1 = FL(D1, cs->Ke[4]);

  265.         D2 = FLINV(D2, cs->Ke[5]);

  266.         D2 ^= F(D1, cs->K[18]);

  267.         D1 ^= F(D2, cs->K[19]);

  268.         D2 ^= F(D1, cs->K[20]);

  269.         D1 ^= F(D2, cs->K[21]);

  270.         D2 ^= F(D1, cs->K[22]);

  271.         D1 ^= F(D2, cs->K[23]);

  272.     }

  273.     D2 ^= cs->Kw[2];

  274.     D1 ^= cs->Kw[3];

  275.     AV_WB64(dst, D2);

  276.     AV_WB64(dst + 8, D1);

  277. }

  278. 

  279. static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)

  280. {

  281.     uint64_t D1, D2;

  282.     D1 = AV_RB64(src);

  283.     D2 = AV_RB64(src + 8);

  284.     D1 ^= cs->Kw[2];

  285.     D2 ^= cs->Kw[3];

  286.     if (cs->key_bits != 128) {

  287.         D2 ^= F(D1, cs->K[23]);

  288.         D1 ^= F(D2, cs->K[22]);

  289.         D2 ^= F(D1, cs->K[21]);

  290.         D1 ^= F(D2, cs->K[20]);

  291.         D2 ^= F(D1, cs->K[19]);

  292.         D1 ^= F(D2, cs->K[18]);

  293.         D1 = FL(D1, cs->Ke[5]);

  294.         D2 = FLINV(D2, cs->Ke[4]);

  295.     }

  296.     D2 ^= F(D1, cs->K[17]);

  297.     D1 ^= F(D2, cs->K[16]);

  298.     D2 ^= F(D1, cs->K[15]);

  299.     D1 ^= F(D2, cs->K[14]);

  300.     D2 ^= F(D1, cs->K[13]);

  301.     D1 ^= F(D2, cs->K[12]);

  302.     D1 = FL(D1, cs->Ke[3]);

  303.     D2 = FLINV(D2, cs->Ke[2]);

  304.     D2 ^= F(D1, cs->K[11]);

  305.     D1 ^= F(D2, cs->K[10]);

  306.     D2 ^= F(D1, cs->K[9]);

  307.     D1 ^= F(D2, cs->K[8]);

  308.     D2 ^= F(D1, cs->K[7]);

  309.     D1 ^= F(D2, cs->K[6]);

  310.     D1 = FL(D1, cs->Ke[1]);

  311.     D2 = FLINV(D2, cs->Ke[0]);

  312.     D2 ^= F(D1, cs->K[5]);

  313.     D1 ^= F(D2, cs->K[4]);

  314.     D2 ^= F(D1, cs->K[3]);

  315.     D1 ^= F(D2, cs->K[2]);

  316.     D2 ^= F(D1, cs->K[1]);

  317.     D1 ^= F(D2, cs->K[0]);

  318.     D2 ^= cs->Kw[0];

  319.     D1 ^= cs->Kw[1];

  320.     if (iv) {

  321.         D2 ^= AV_RB64(iv);

  322.         D1 ^= AV_RB64(iv + 8);

  323.         memcpy(iv, src, 16);

  324.     }

  325.     AV_WB64(dst, D2);

  326.     AV_WB64(dst + 8, D1);

  327. }

  328. 

  329. static void computeSP(void)

  330. {

  331.     uint64_t z;

  332.     int i;

  333.     for (i = 0; i < 256; i++) {

  334.         z = (uint64_t)SBOX1[i];

  335.         SP[0][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ z;

  336.         SP[7][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ (z << 16) ^ (z << 8);

  337.         z = (uint64_t)SBOX2[i];

  338.         SP[1][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 16);

  339.         SP[4][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8) ^ z;

  340.         z = (uint64_t)SBOX3[i];

  341.         SP[2][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8);

  342.         SP[5][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 8) ^ z;

  343.         z = (uint64_t)SBOX4[i];

  344.         SP[3][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 8) ^ z;

  345.         SP[6][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 24) ^ (z << 16) ^ z;

  346.     }

  347. }

  348. 

  349. struct AVCAMELLIA *av_camellia_alloc(void)

  350. {

  351.     return av_mallocz(sizeof(struct AVCAMELLIA));

  352. }

  353. 

  354. av_cold int av_camellia_init(AVCAMELLIA *cs, const uint8_t *key, int key_bits)

  355. {

  356.     uint64_t Kl[2], Kr[2], Ka[2], Kb[2];

  357.     uint64_t D1, D2;

  358.     if (key_bits != 128 && key_bits != 192 && key_bits != 256)

  359.         return -1;

  360.     memset(Kb, 0, sizeof(Kb));

  361.     memset(Kr, 0, sizeof(Kr));

  362.     cs->key_bits = key_bits;

  363.     Kl[0] = AV_RB64(key);

  364.     Kl[1] = AV_RB64(key + 8);

  365.     if (key_bits == 192) {

  366.         Kr[0] = AV_RB64(key + 16);

  367.         Kr[1] = ~Kr[0];

  368.     } else if (key_bits == 256) {

  369.         Kr[0] = AV_RB64(key + 16);

  370.         Kr[1] = AV_RB64(key + 24);

  371.     }

  372.     computeSP();

  373.     D1 = Kl[0] ^ Kr[0];

  374.     D2 = Kl[1] ^ Kr[1];

  375.     D2 ^= F(D1, Sigma1);

  376.     D1 ^= F(D2, Sigma2);

  377.     D1 ^= Kl[0];

  378.     D2 ^= Kl[1];

  379.     D2 ^= F(D1, Sigma3);

  380.     D1 ^= F(D2, Sigma4);

  381.     Ka[0] = D1;

  382.     Ka[1] = D2;

  383.     if (key_bits != 128) {

  384.         D1 = Ka[0] ^ Kr[0];

  385.         D2 = Ka[1] ^ Kr[1];

  386.         D2 ^= F(D1, Sigma5);

  387.         D1 ^= F(D2, Sigma6);

  388.         Kb[0] = D1;

  389.         Kb[1] = D2;

  390.     }

  391.     generate_round_keys(cs, Kl, Kr, Ka, Kb);

  392.     return 0;

  393. }

  394. 

  395. void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)

  396. {

  397.     int i;

  398.     while (count--) {

  399.         if (decrypt) {

  400.             camellia_decrypt(cs, dst, src, iv);

  401.         } else {

  402.             if (iv) {

  403.                 for (i = 0; i < 16; i++)

  404.                     dst[i] = src[i] ^ iv[i];

  405.                 camellia_encrypt(cs, dst, dst);

  406.                 memcpy(iv, dst, 16);

  407.             } else {

  408.                 camellia_encrypt(cs, dst, src);

  409.             }

  410.         }

  411.         src = src + 16;

  412.         dst = dst + 16;

  413.     }

  414. }

  415. 

  416. #ifdef TEST

  417. #include<stdio.h>

  418. #include<stdlib.h>

  419. #include"log.h"

  420. 

  421. int main(int argc, char *argv[])

  422. {

  423.     const uint8_t Key[3][32] = {

  424.         {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},

  425.         {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77},

  426.         {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}

  427.     };

  428.     const uint8_t rct[3][16] = {

  429.         {0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43},

  430.         {0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9,0x96, 0xf8, 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9},

  431.         {0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09}

  432.     };

  433.     const uint8_t rpt[32] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};

  434.     const int kbits[3] = {128, 192, 256};

  435.     int i, j, err = 0;

  436.     uint8_t temp[32], iv[16];

  437.     AVCAMELLIA *cs;

  438.     cs = av_camellia_alloc();

  439.     if (!cs)

  440.         return 1;

  441.     for (j = 0; j < 3; j++) {

  442.         av_camellia_init(cs, Key[j], kbits[j]);

  443.         av_camellia_crypt(cs, temp, rpt, 1, NULL, 0);

  444.         for (i = 0; i < 16; i++) {

  445.             if (rct[j][i] != temp[i]) {

  446.                 av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[j][i], temp[i]);

  447.                 err = 1;

  448.             }

  449.         }

  450.         av_camellia_crypt(cs, temp, rct[j], 1, NULL, 1);

  451.         for (i = 0; i < 16; i++) {

  452.             if (rpt[i] != temp[i]) {

  453.                 av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);

  454.                 err = 1;

  455.             }

  456.         }

  457.     }

  458.     av_camellia_init(cs, Key[0], 128);

  459.     memcpy(iv, "HALLO123HALLO123", 16);

  460.     av_camellia_crypt(cs, temp, rpt, 2, iv, 0);

  461.     memcpy(iv, "HALLO123HALLO123", 16);

  462.     av_camellia_crypt(cs, temp, temp, 2, iv, 1);

  463.     for (i = 0; i < 32; i++) {

  464.         if (rpt[i] != temp[i]) {

  465.             av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);

  466.             err = 1;

  467.         }

  468.     }

  469.     av_free(cs);

  470.     return err;

  471. }

  472. #endif