FFmpeg
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
camellia.c
Go to the documentation of this file.
1 /*
2  * An implementation of the CAMELLIA algorithm as mentioned in RFC3713
3  * Copyright (c) 2014 Supraja Meedinti
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 #include "camellia.h"
22 #include "common.h"
23 #include "intreadwrite.h"
24 #include "attributes.h"
25 
26 #define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))
27 #define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))
28 
29 #define MASK8 0xff
30 #define MASK32 0xffffffff
31 #define MASK64 0xffffffffffffffff
32 
33 #define Sigma1 0xA09E667F3BCC908B
34 #define Sigma2 0xB67AE8584CAA73B2
35 #define Sigma3 0xC6EF372FE94F82BE
36 #define Sigma4 0x54FF53A5F1D36F1C
37 #define Sigma5 0x10E527FADE682D1D
38 #define Sigma6 0xB05688C2B3E6C1FD
39 
40 static uint64_t SP[8][256];
41 
42 typedef struct AVCAMELLIA {
43  uint64_t Kw[4];
44  uint64_t Ke[6];
45  uint64_t K[24];
46  int key_bits;
47 } AVCAMELLIA;
48 
49 static const uint8_t SBOX1[256] = {
50 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
51  35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
52 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
53 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
54 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
55 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
56  20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
57 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
58 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
59  16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
60 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
61  82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
62 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
63 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
64 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
65  64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
66 };
67 
68 static const uint8_t SBOX2[256] = {
69 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
70  70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
71  13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
72  77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
73  23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
74 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
75  40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
76 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
77  85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
78  32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
79  15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
80 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
81 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
82 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
83 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
84 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
85 };
86 
87 static const uint8_t SBOX3[256] = {
88  56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
89 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
90  67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
91  83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
92 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
93 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
94  10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
95 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
96  85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
97  8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
98 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
99  41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
100 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
101  60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
102  57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
103  32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
104 };
105 
106 static const uint8_t SBOX4[256] = {
107 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
108 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
109 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
110  20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
111 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
112 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
113 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
114 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
115 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
116 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
117  13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
118  88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
119 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
120  92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
121 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
122  7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
123 };
124 
125 const int av_camellia_size = sizeof(AVCAMELLIA);
126 
127 static void LR128(uint64_t d[2], const uint64_t K[2], int x)
128 {
129  int i = 0;
130  if (64 <= x && x < 128) {
131  i = 1;
132  x -= 64;
133  }
134  if (x <= 0 || x >= 128) {
135  d[0] = K[i];
136  d[1] = K[!i];
137  return;
138  }
139  d[0] = (K[i] << x | K[!i] >> (64 - x));
140  d[1] = (K[!i] << x | K[i] >> (64 - x));
141 }
142 
143 static uint64_t F(uint64_t F_IN, uint64_t KE)
144 {
145  KE ^= F_IN;
146  F_IN=SP[0][KE >> 56]^SP[1][(KE >> 48) & MASK8]^SP[2][(KE >> 40) & MASK8]^SP[3][(KE >> 32) & MASK8]^SP[4][(KE >> 24) & MASK8]^SP[5][(KE >> 16) & MASK8]^SP[6][(KE >> 8) & MASK8]^SP[7][KE & MASK8];
147  return F_IN;
148 }
149 
150 static uint64_t FL(uint64_t FL_IN, uint64_t KE)
151 {
152  uint32_t x1, x2, k1, k2;
153  x1 = FL_IN >> 32;
154  x2 = FL_IN & MASK32;
155  k1 = KE >> 32;
156  k2 = KE & MASK32;
157  x2 = x2 ^ LR32((x1 & k1), 1);
158  x1 = x1 ^ (x2 | k2);
159  return ((uint64_t)x1 << 32) | (uint64_t)x2;
160 }
161 
162 static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)
163 {
164  uint32_t x1, x2, k1, k2;
165  x1 = FLINV_IN >> 32;
166  x2 = FLINV_IN & MASK32;
167  k1 = KE >> 32;
168  k2 = KE & MASK32;
169  x1 = x1 ^ (x2 | k2);
170  x2 = x2 ^ LR32((x1 & k1), 1);
171  return ((uint64_t)x1 << 32) | (uint64_t)x2;
172 }
173 
174 static const uint8_t shifts[2][12] = {
175  {0, 15, 15, 45, 45, 60, 94, 94, 111},
176  {0, 15, 15, 30, 45, 45, 60, 60, 77, 94, 94, 111}
177 };
178 
179 static const uint8_t vars[2][12] = {
180  {2, 0, 2, 0, 2, 2, 0, 2, 0},
181  {3, 1, 2, 3, 0, 2, 1, 3, 0, 1, 2, 0}
182 };
183 
184 static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])
185 {
186  int i;
187  uint64_t *Kd[4], d[2];
188  Kd[0] = Kl;
189  Kd[1] = Kr;
190  Kd[2] = Ka;
191  Kd[3] = Kb;
192  cs->Kw[0] = Kl[0];
193  cs->Kw[1] = Kl[1];
194  if (cs->key_bits == 128) {
195  for (i = 0; i < 9; i++) {
196  LR128(d, Kd[vars[0][i]], shifts[0][i]);
197  cs->K[2*i] = d[0];
198  cs->K[2*i+1] = d[1];
199  }
200  LR128(d, Kd[0], 60);
201  cs->K[9] = d[1];
202  LR128(d, Kd[2], 30);
203  cs->Ke[0] = d[0];
204  cs->Ke[1] = d[1];
205  LR128(d, Kd[0], 77);
206  cs->Ke[2] = d[0];
207  cs->Ke[3] = d[1];
208  LR128(d, Kd[2], 111);
209  cs->Kw[2] = d[0];
210  cs->Kw[3] = d[1];
211  } else {
212  for (i = 0; i < 12; i++) {
213  LR128(d, Kd[vars[1][i]], shifts[1][i]);
214  cs->K[2*i] = d[0];
215  cs->K[2*i+1] = d[1];
216  }
217  LR128(d, Kd[1], 30);
218  cs->Ke[0] = d[0];
219  cs->Ke[1] = d[1];
220  LR128(d, Kd[0], 60);
221  cs->Ke[2] = d[0];
222  cs->Ke[3] = d[1];
223  LR128(d, Kd[2], 77);
224  cs->Ke[4] = d[0];
225  cs->Ke[5] = d[1];
226  LR128(d, Kd[3], 111);
227  cs->Kw[2] = d[0];
228  cs->Kw[3] = d[1];
229  }
230 }
231 
232 static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)
233 {
234  uint64_t D1, D2;
235  D1 = AV_RB64(src);
236  D2 = AV_RB64(src + 8);
237  D1 ^= cs->Kw[0];
238  D2 ^= cs->Kw[1];
239  D2 ^= F(D1, cs->K[0]);
240  D1 ^= F(D2, cs->K[1]);
241  D2 ^= F(D1, cs->K[2]);
242  D1 ^= F(D2, cs->K[3]);
243  D2 ^= F(D1, cs->K[4]);
244  D1 ^= F(D2, cs->K[5]);
245  D1 = FL(D1, cs->Ke[0]);
246  D2 = FLINV(D2, cs->Ke[1]);
247  D2 ^= F(D1, cs->K[6]);
248  D1 ^= F(D2, cs->K[7]);
249  D2 ^= F(D1, cs->K[8]);
250  D1 ^= F(D2, cs->K[9]);
251  D2 ^= F(D1, cs->K[10]);
252  D1 ^= F(D2, cs->K[11]);
253  D1 = FL(D1, cs->Ke[2]);
254  D2 = FLINV(D2, cs->Ke[3]);
255  D2 ^= F(D1, cs->K[12]);
256  D1 ^= F(D2, cs->K[13]);
257  D2 ^= F(D1, cs->K[14]);
258  D1 ^= F(D2, cs->K[15]);
259  D2 ^= F(D1, cs->K[16]);
260  D1 ^= F(D2, cs->K[17]);
261  if (cs->key_bits != 128) {
262  D1 = FL(D1, cs->Ke[4]);
263  D2 = FLINV(D2, cs->Ke[5]);
264  D2 ^= F(D1, cs->K[18]);
265  D1 ^= F(D2, cs->K[19]);
266  D2 ^= F(D1, cs->K[20]);
267  D1 ^= F(D2, cs->K[21]);
268  D2 ^= F(D1, cs->K[22]);
269  D1 ^= F(D2, cs->K[23]);
270  }
271  D2 ^= cs->Kw[2];
272  D1 ^= cs->Kw[3];
273  AV_WB64(dst, D2);
274  AV_WB64(dst + 8, D1);
275 }
276 
277 static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)
278 {
279  uint64_t D1, D2;
280  D1 = AV_RB64(src);
281  D2 = AV_RB64(src + 8);
282  D1 ^= cs->Kw[2];
283  D2 ^= cs->Kw[3];
284  if (cs->key_bits != 128) {
285  D2 ^= F(D1, cs->K[23]);
286  D1 ^= F(D2, cs->K[22]);
287  D2 ^= F(D1, cs->K[21]);
288  D1 ^= F(D2, cs->K[20]);
289  D2 ^= F(D1, cs->K[19]);
290  D1 ^= F(D2, cs->K[18]);
291  D1 = FL(D1, cs->Ke[5]);
292  D2 = FLINV(D2, cs->Ke[4]);
293  }
294  D2 ^= F(D1, cs->K[17]);
295  D1 ^= F(D2, cs->K[16]);
296  D2 ^= F(D1, cs->K[15]);
297  D1 ^= F(D2, cs->K[14]);
298  D2 ^= F(D1, cs->K[13]);
299  D1 ^= F(D2, cs->K[12]);
300  D1 = FL(D1, cs->Ke[3]);
301  D2 = FLINV(D2, cs->Ke[2]);
302  D2 ^= F(D1, cs->K[11]);
303  D1 ^= F(D2, cs->K[10]);
304  D2 ^= F(D1, cs->K[9]);
305  D1 ^= F(D2, cs->K[8]);
306  D2 ^= F(D1, cs->K[7]);
307  D1 ^= F(D2, cs->K[6]);
308  D1 = FL(D1, cs->Ke[1]);
309  D2 = FLINV(D2, cs->Ke[0]);
310  D2 ^= F(D1, cs->K[5]);
311  D1 ^= F(D2, cs->K[4]);
312  D2 ^= F(D1, cs->K[3]);
313  D1 ^= F(D2, cs->K[2]);
314  D2 ^= F(D1, cs->K[1]);
315  D1 ^= F(D2, cs->K[0]);
316  D2 ^= cs->Kw[0];
317  D1 ^= cs->Kw[1];
318  if (iv) {
319  D2 ^= AV_RB64(iv);
320  D1 ^= AV_RB64(iv + 8);
321  memcpy(iv, src, 16);
322  }
323  AV_WB64(dst, D2);
324  AV_WB64(dst + 8, D1);
325 }
326 
327 static void computeSP(void)
328 {
329  uint64_t z;
330  int i;
331  for (i = 0; i < 256; i++) {
332  z = SBOX1[i];
333  SP[0][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ z;
334  SP[7][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ (z << 16) ^ (z << 8);
335  z = SBOX2[i];
336  SP[1][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 16);
337  SP[4][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8) ^ z;
338  z = SBOX3[i];
339  SP[2][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8);
340  SP[5][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 8) ^ z;
341  z = SBOX4[i];
342  SP[3][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 8) ^ z;
343  SP[6][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 24) ^ (z << 16) ^ z;
344  }
345 }
346 
348 {
349  return av_mallocz(sizeof(struct AVCAMELLIA));
350 }
351 
353 {
354  uint64_t Kl[2], Kr[2], Ka[2], Kb[2];
355  uint64_t D1, D2;
356  if (key_bits != 128 && key_bits != 192 && key_bits != 256)
357  return -1;
358  memset(Kb, 0, sizeof(Kb));
359  memset(Kr, 0, sizeof(Kr));
360  cs->key_bits = key_bits;
361  Kl[0] = AV_RB64(key);
362  Kl[1] = AV_RB64(key + 8);
363  if (key_bits == 192) {
364  Kr[0] = AV_RB64(key + 16);
365  Kr[1] = ~Kr[0];
366  } else if (key_bits == 256) {
367  Kr[0] = AV_RB64(key + 16);
368  Kr[1] = AV_RB64(key + 24);
369  }
370  computeSP();
371  D1 = Kl[0] ^ Kr[0];
372  D2 = Kl[1] ^ Kr[1];
373  D2 ^= F(D1, Sigma1);
374  D1 ^= F(D2, Sigma2);
375  D1 ^= Kl[0];
376  D2 ^= Kl[1];
377  D2 ^= F(D1, Sigma3);
378  D1 ^= F(D2, Sigma4);
379  Ka[0] = D1;
380  Ka[1] = D2;
381  if (key_bits != 128) {
382  D1 = Ka[0] ^ Kr[0];
383  D2 = Ka[1] ^ Kr[1];
384  D2 ^= F(D1, Sigma5);
385  D1 ^= F(D2, Sigma6);
386  Kb[0] = D1;
387  Kb[1] = D2;
388  }
389  generate_round_keys(cs, Kl, Kr, Ka, Kb);
390  return 0;
391 }
392 
393 void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
394 {
395  int i;
396  while (count--) {
397  if (decrypt) {
398  camellia_decrypt(cs, dst, src, iv);
399  } else {
400  if (iv) {
401  for (i = 0; i < 16; i++)
402  dst[i] = src[i] ^ iv[i];
403  camellia_encrypt(cs, dst, dst);
404  memcpy(iv, dst, 16);
405  } else {
406  camellia_encrypt(cs, dst, src);
407  }
408  }
409  src = src + 16;
410  dst = dst + 16;
411  }
412 }
413 
414 #ifdef TEST
415 #include<stdio.h>
416 #include<stdlib.h>
417 #include"log.h"
418 
419 int main(int argc, char *argv[])
420 {
421  const uint8_t Key[3][32] = {
422  {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
423  {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77},
424  {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}
425  };
426  const uint8_t rct[3][16] = {
427  {0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43},
428  {0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9,0x96, 0xf8, 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9},
429  {0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09}
430  };
431  const uint8_t rpt[32] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
432  const int kbits[3] = {128, 192, 256};
433  int i, j, err = 0;
434  uint8_t temp[32], iv[16];
435  AVCAMELLIA *cs;
436  cs = av_camellia_alloc();
437  if (!cs)
438  return 1;
439  for (j = 0; j < 3; j++) {
440  av_camellia_init(cs, Key[j], kbits[j]);
441  av_camellia_crypt(cs, temp, rpt, 1, NULL, 0);
442  for (i = 0; i < 16; i++) {
443  if (rct[j][i] != temp[i]) {
444  av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[j][i], temp[i]);
445  err = 1;
446  }
447  }
448  av_camellia_crypt(cs, temp, rct[j], 1, NULL, 1);
449  for (i = 0; i < 16; i++) {
450  if (rpt[i] != temp[i]) {
451  av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);
452  err = 1;
453  }
454  }
455  }
456  av_camellia_init(cs, Key[0], 128);
457  memcpy(iv, "HALLO123HALLO123", 16);
458  av_camellia_crypt(cs, temp, rpt, 2, iv, 0);
459  memcpy(iv, "HALLO123HALLO123", 16);
460  av_camellia_crypt(cs, temp, temp, 2, iv, 1);
461  for (i = 0; i < 32; i++) {
462  if (rpt[i] != temp[i]) {
463  av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);
464  err = 1;
465  }
466  }
467  av_free(cs);
468  return err;
469 }
470 #endif
#define NULL
Definition: coverity.c:32
static uint64_t FL(uint64_t FL_IN, uint64_t KE)
Definition: camellia.c:150
#define Sigma6
Definition: camellia.c:38
static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)
Definition: camellia.c:232
else temp
Definition: vf_mcdeint.c:257
static void LR128(uint64_t d[2], const uint64_t K[2], int x)
Definition: camellia.c:127
static uint64_t SP[8][256]
Definition: camellia.c:40
static uint64_t F(uint64_t F_IN, uint64_t KE)
Definition: camellia.c:143
#define MASK32
Definition: camellia.c:30
#define Sigma4
Definition: camellia.c:36
struct AVCAMELLIA * av_camellia_alloc(void)
Allocate an AVCAMELLIA context To free the struct: av_free(ptr)
Definition: camellia.c:347
uint64_t K[24]
Definition: camellia.c:45
Macro definitions for various function/variable attributes.
#define MASK8
Definition: camellia.c:29
#define AV_WB64(p, v)
Definition: intreadwrite.h:433
uint8_t
#define av_cold
Definition: attributes.h:74
Public header for libavutil CAMELLIA algorithm.
static const uint8_t SBOX3[256]
Definition: camellia.c:87
void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
Encrypt or decrypt a buffer using a previously initialized context.
Definition: camellia.c:393
static const uint8_t SBOX2[256]
Definition: camellia.c:68
static void computeSP(void)
Definition: camellia.c:327
#define av_log(a,...)
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
Definition: log.h:176
av_cold int av_camellia_init(AVCAMELLIA *cs, const uint8_t *key, int key_bits)
Initialize an AVCAMELLIA context.
Definition: camellia.c:352
static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])
Definition: camellia.c:184
const int av_camellia_size
Definition: camellia.c:125
uint64_t Ke[6]
Definition: camellia.c:44
GLsizei count
Definition: opengl_enc.c:109
static const uint8_t SBOX1[256]
Definition: camellia.c:49
#define Sigma1
Definition: camellia.c:33
static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)
Definition: camellia.c:162
uint64_t Kw[4]
Definition: camellia.c:43
#define Sigma3
Definition: camellia.c:35
static const uint8_t SBOX4[256]
Definition: camellia.c:106
static const uint8_t vars[2][12]
Definition: camellia.c:179
AVS_Value src
Definition: avisynth_c.h:482
#define LR32(x, c)
Definition: camellia.c:26
uint64_t_TMPL AV_WL64 unsigned int_TMPL AV_WL32 unsigned int_TMPL AV_WL24 unsigned int_TMPL AV_WL16 uint64_t_TMPL AV_RB64
Definition: bytestream.h:87
common internal and external API header
#define Sigma2
Definition: camellia.c:34
static const uint8_t shifts[2][12]
Definition: camellia.c:174
int key_bits
Definition: camellia.c:46
static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)
Definition: camellia.c:277
#define av_free(p)
#define Sigma5
Definition: camellia.c:37
int main(int argc, char **argv)
Definition: main.c:22
void * av_mallocz(size_t size)
Allocate a block of size bytes with alignment suitable for all memory accesses (including vectors if ...
Definition: mem.c:252