[proxmark3-svn] / common / mbedtls / camellia.h

/**
 * \file camellia.h
 *
 * \brief Camellia block cipher
 */
/*
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: GPL-2.0
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H

#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

#include <stddef.h>
#include <stdint.h>

#define MBEDTLS_CAMELLIA_ENCRYPT     1
#define MBEDTLS_CAMELLIA_DECRYPT     0

#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED              -0x0027  /**< Camellia hardware accelerator failed. */

#ifdef __cplusplus
extern "C" {
#endif

#if !defined(MBEDTLS_CAMELLIA_ALT)
// Regular implementation
//

/**
 * \brief          CAMELLIA context structure
 */
typedef struct mbedtls_camellia_context
{
    int nr;                     /*!<  number of rounds  */
    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
}
mbedtls_camellia_context;

#else  /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */

/**
 * \brief          Initialize CAMELLIA context
 *
 * \param ctx      CAMELLIA context to be initialized
 */
void mbedtls_camellia_init( mbedtls_camellia_context *ctx );

/**
 * \brief          Clear CAMELLIA context
 *
 * \param ctx      CAMELLIA context to be cleared
 */
void mbedtls_camellia_free( mbedtls_camellia_context *ctx );

/**
 * \brief          CAMELLIA key schedule (encryption)
 *
 * \param ctx      CAMELLIA context to be initialized
 * \param key      encryption key
 * \param keybits  must be 128, 192 or 256
 *
 * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
 */
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
                         unsigned int keybits );

/**
 * \brief          CAMELLIA key schedule (decryption)
 *
 * \param ctx      CAMELLIA context to be initialized
 * \param key      decryption key
 * \param keybits  must be 128, 192 or 256
 *
 * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
 */
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
                         unsigned int keybits );

/**
 * \brief          CAMELLIA-ECB block encryption/decryption
 *
 * \param ctx      CAMELLIA context
 * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
 * \param input    16-byte input block
 * \param output   16-byte output block
 *
 * \return         0 if successful
 */
int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
                    int mode,
                    const unsigned char input[16],
                    unsigned char output[16] );

#if defined(MBEDTLS_CIPHER_MODE_CBC)
/**
 * \brief          CAMELLIA-CBC buffer encryption/decryption
 *                 Length should be a multiple of the block
 *                 size (16 bytes)
 *
 * \note           Upon exit, the content of the IV is updated so that you can
 *                 call the function same function again on the following
 *                 block(s) of data and get the same result as if it was
 *                 encrypted in one call. This allows a "streaming" usage.
 *                 If on the other hand you need to retain the contents of the
 *                 IV, you should either save it manually or use the cipher
 *                 module instead.
 *
 * \param ctx      CAMELLIA context
 * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
 * \param length   length of the input data
 * \param iv       initialization vector (updated after use)
 * \param input    buffer holding the input data
 * \param output   buffer holding the output data
 *
 * \return         0 if successful, or
 *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
 */
int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
                    int mode,
                    size_t length,
                    unsigned char iv[16],
                    const unsigned char *input,
                    unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CBC */

#if defined(MBEDTLS_CIPHER_MODE_CFB)
/**
 * \brief          CAMELLIA-CFB128 buffer encryption/decryption
 *
 * Note: Due to the nature of CFB you should use the same key schedule for
 * both encryption and decryption. So a context initialized with
 * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
 *
 * \note           Upon exit, the content of the IV is updated so that you can
 *                 call the function same function again on the following
 *                 block(s) of data and get the same result as if it was
 *                 encrypted in one call. This allows a "streaming" usage.
 *                 If on the other hand you need to retain the contents of the
 *                 IV, you should either save it manually or use the cipher
 *                 module instead.
 *
 * \param ctx      CAMELLIA context
 * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
 * \param length   length of the input data
 * \param iv_off   offset in IV (updated after use)
 * \param iv       initialization vector (updated after use)
 * \param input    buffer holding the input data
 * \param output   buffer holding the output data
 *
 * \return         0 if successful, or
 *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
 */
int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
                       int mode,
                       size_t length,
                       size_t *iv_off,
                       unsigned char iv[16],
                       const unsigned char *input,
                       unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CFB */

#if defined(MBEDTLS_CIPHER_MODE_CTR)
/**
 * \brief               CAMELLIA-CTR buffer encryption/decryption
 *
 * Note: Due to the nature of CTR you should use the same key schedule for
 * both encryption and decryption. So a context initialized with
 * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
 *
 * \warning    You must never reuse a nonce value with the same key. Doing so
 *             would void the encryption for the two messages encrypted with
 *             the same nonce and key.
 *
 *             There are two common strategies for managing nonces with CTR:
 *
 *             1. You can handle everything as a single message processed over
 *             successive calls to this function. In that case, you want to
 *             set \p nonce_counter and \p nc_off to 0 for the first call, and
 *             then preserve the values of \p nonce_counter, \p nc_off and \p
 *             stream_block across calls to this function as they will be
 *             updated by this function.
 *
 *             With this strategy, you must not encrypt more than 2**128
 *             blocks of data with the same key.
 *
 *             2. You can encrypt separate messages by dividing the \p
 *             nonce_counter buffer in two areas: the first one used for a
 *             per-message nonce, handled by yourself, and the second one
 *             updated by this function internally.
 *
 *             For example, you might reserve the first 12 bytes for the
 *             per-message nonce, and the last 4 bytes for internal use. In that
 *             case, before calling this function on a new message you need to
 *             set the first 12 bytes of \p nonce_counter to your chosen nonce
 *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
 *             stream_block to be ignored). That way, you can encrypt at most
 *             2**96 messages of up to 2**32 blocks each with the same key.
 *
 *             The per-message nonce (or information sufficient to reconstruct
 *             it) needs to be communicated with the ciphertext and must be unique.
 *             The recommended way to ensure uniqueness is to use a message
 *             counter. An alternative is to generate random nonces, but this
 *             limits the number of messages that can be securely encrypted:
 *             for example, with 96-bit random nonces, you should not encrypt
 *             more than 2**32 messages with the same key.
 *
 *             Note that for both stategies, sizes are measured in blocks and
 *             that a CAMELLIA block is 16 bytes.
 *
 * \warning    Upon return, \p stream_block contains sensitive data. Its
 *             content must not be written to insecure storage and should be
 *             securely discarded as soon as it's no longer needed.
 *
 * \param ctx           CAMELLIA context
 * \param length        The length of the data
 * \param nc_off        The offset in the current stream_block (for resuming
 *                      within current cipher stream). The offset pointer to
 *                      should be 0 at the start of a stream.
 * \param nonce_counter The 128-bit nonce and counter.
 * \param stream_block  The saved stream-block for resuming. Is overwritten
 *                      by the function.
 * \param input         The input data stream
 * \param output        The output data stream
 *
 * \return         0 if successful
 */
int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
                       size_t length,
                       size_t *nc_off,
                       unsigned char nonce_counter[16],
                       unsigned char stream_block[16],
                       const unsigned char *input,
                       unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */

/**
 * \brief          Checkup routine
 *
 * \return         0 if successful, or 1 if the test failed
 */
int mbedtls_camellia_self_test( int verbose );

#ifdef __cplusplus
}
#endif

#endif /* camellia.h */
Commit	Line	Data
700d8687 OM	1	/**
	2	* \file camellia.h
	3	*
	4	* \brief Camellia block cipher
	5	*/
	6	/*
	7	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
	8	* SPDX-License-Identifier: GPL-2.0
	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; either version 2 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* This program is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	* GNU General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU General Public License along
	21	* with this program; if not, write to the Free Software Foundation, Inc.,
	22	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	23	*
	24	* This file is part of mbed TLS (https://tls.mbed.org)
	25	*/
	26	#ifndef MBEDTLS_CAMELLIA_H
	27	#define MBEDTLS_CAMELLIA_H
	28
	29	#if !defined(MBEDTLS_CONFIG_FILE)
	30	#include "config.h"
	31	#else
	32	#include MBEDTLS_CONFIG_FILE
	33	#endif
	34
	35	#include <stddef.h>
	36	#include <stdint.h>
	37
	38	#define MBEDTLS_CAMELLIA_ENCRYPT 1
	39	#define MBEDTLS_CAMELLIA_DECRYPT 0
	40
	41	#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /*< Invalid key length. /
	42	#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /*< Invalid data input length. /
	43	#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /*< Camellia hardware accelerator failed. /
	44
	45	#ifdef __cplusplus
	46	extern "C" {
	47	#endif
	48
	49	#if !defined(MBEDTLS_CAMELLIA_ALT)
	50	// Regular implementation
	51	//
	52
	53	/**
	54	* \brief CAMELLIA context structure
	55	*/
	56	typedef struct mbedtls_camellia_context
	57	{
	58	int nr; /!< number of rounds /
	59	uint32_t rk[68]; /!< CAMELLIA round keys /
	60	}
	61	mbedtls_camellia_context;
	62
	63	#else /* MBEDTLS_CAMELLIA_ALT */
	64	#include "camellia_alt.h"
65	#endif /* MBEDTLS_CAMELLIA_ALT */
66
67	/**
68	* \brief Initialize CAMELLIA context
69	*
70	* \param ctx CAMELLIA context to be initialized
71	*/
72	void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
73
74	/**
75	* \brief Clear CAMELLIA context
76	*
77	* \param ctx CAMELLIA context to be cleared
78	*/
79	void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
80
81	/**
82	* \brief CAMELLIA key schedule (encryption)
83	*
84	* \param ctx CAMELLIA context to be initialized
85	* \param key encryption key
86	* \param keybits must be 128, 192 or 256
87	*
88	* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
89	*/
90	int mbedtls_camellia_setkey_enc( mbedtls_camellia_context ctx, const unsigned char key,
91	unsigned int keybits );
92
93	/**
94	* \brief CAMELLIA key schedule (decryption)
95	*
96	* \param ctx CAMELLIA context to be initialized
97	* \param key decryption key
98	* \param keybits must be 128, 192 or 256
99	*
100	* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
101	*/
102	int mbedtls_camellia_setkey_dec( mbedtls_camellia_context ctx, const unsigned char key,
103	unsigned int keybits );
104
105	/**
106	* \brief CAMELLIA-ECB block encryption/decryption
107	*
108	* \param ctx CAMELLIA context
109	* \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
110	* \param input 16-byte input block
111	* \param output 16-byte output block
112	*
113	* \return 0 if successful
114	*/
115	int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
116	int mode,
117	const unsigned char input[16],
118	unsigned char output[16] );
119
120	#if defined(MBEDTLS_CIPHER_MODE_CBC)
121	/**
122	* \brief CAMELLIA-CBC buffer encryption/decryption
123	* Length should be a multiple of the block
124	* size (16 bytes)
125	*
126	* \note Upon exit, the content of the IV is updated so that you can
127	* call the function same function again on the following
128	* block(s) of data and get the same result as if it was
129	* encrypted in one call. This allows a "streaming" usage.
130	* If on the other hand you need to retain the contents of the
131	* IV, you should either save it manually or use the cipher
132	* module instead.
133	*
134	* \param ctx CAMELLIA context
135	* \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
136	* \param length length of the input data
137	* \param iv initialization vector (updated after use)
138	* \param input buffer holding the input data
139	* \param output buffer holding the output data
140	*
141	* \return 0 if successful, or
142	* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
143	*/
144	int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
145	int mode,
146	size_t length,
147	unsigned char iv[16],
148	const unsigned char *input,
149	unsigned char *output );
150	#endif /* MBEDTLS_CIPHER_MODE_CBC */
151
152	#if defined(MBEDTLS_CIPHER_MODE_CFB)
153	/**
154	* \brief CAMELLIA-CFB128 buffer encryption/decryption
155	*
156	* Note: Due to the nature of CFB you should use the same key schedule for
157	* both encryption and decryption. So a context initialized with
158	* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
159	*
160	* \note Upon exit, the content of the IV is updated so that you can
161	* call the function same function again on the following
162	* block(s) of data and get the same result as if it was
163	* encrypted in one call. This allows a "streaming" usage.
164	* If on the other hand you need to retain the contents of the
165	* IV, you should either save it manually or use the cipher
166	* module instead.
167	*
168	* \param ctx CAMELLIA context
169	* \param mode MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
170	* \param length length of the input data
171	* \param iv_off offset in IV (updated after use)
172	* \param iv initialization vector (updated after use)
173	* \param input buffer holding the input data
174	* \param output buffer holding the output data
175	*
176	* \return 0 if successful, or
177	* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
178	*/
179	int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
180	int mode,
181	size_t length,
182	size_t *iv_off,
183	unsigned char iv[16],
184	const unsigned char *input,
185	unsigned char *output );
186	#endif /* MBEDTLS_CIPHER_MODE_CFB */
187
188	#if defined(MBEDTLS_CIPHER_MODE_CTR)
189	/**
190	* \brief CAMELLIA-CTR buffer encryption/decryption
191	*
192	* Note: Due to the nature of CTR you should use the same key schedule for
193	* both encryption and decryption. So a context initialized with
194	* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
195	*
196	* \warning You must never reuse a nonce value with the same key. Doing so
197	* would void the encryption for the two messages encrypted with
198	* the same nonce and key.
199	*
200	* There are two common strategies for managing nonces with CTR:
201	*
202	* 1. You can handle everything as a single message processed over
203	* successive calls to this function. In that case, you want to
204	* set \p nonce_counter and \p nc_off to 0 for the first call, and
205	* then preserve the values of \p nonce_counter, \p nc_off and \p
206	* stream_block across calls to this function as they will be
207	* updated by this function.
208	*
209	* With this strategy, you must not encrypt more than 2**128
210	* blocks of data with the same key.
211	*
212	* 2. You can encrypt separate messages by dividing the \p
213	* nonce_counter buffer in two areas: the first one used for a
214	* per-message nonce, handled by yourself, and the second one
215	* updated by this function internally.
216	*
217	* For example, you might reserve the first 12 bytes for the
218	* per-message nonce, and the last 4 bytes for internal use. In that
219	* case, before calling this function on a new message you need to
220	* set the first 12 bytes of \p nonce_counter to your chosen nonce
221	* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
222	* stream_block to be ignored). That way, you can encrypt at most
223	* 296 messages of up to 232 blocks each with the same key.
224	*
225	* The per-message nonce (or information sufficient to reconstruct
226	* it) needs to be communicated with the ciphertext and must be unique.
227	* The recommended way to ensure uniqueness is to use a message
228	* counter. An alternative is to generate random nonces, but this
229	* limits the number of messages that can be securely encrypted:
230	* for example, with 96-bit random nonces, you should not encrypt
231	* more than 2**32 messages with the same key.
232	*
233	* Note that for both stategies, sizes are measured in blocks and
234	* that a CAMELLIA block is 16 bytes.
235	*
236	* \warning Upon return, \p stream_block contains sensitive data. Its
237	* content must not be written to insecure storage and should be
238	* securely discarded as soon as it's no longer needed.
239	*
240	* \param ctx CAMELLIA context
241	* \param length The length of the data
242	* \param nc_off The offset in the current stream_block (for resuming
243	* within current cipher stream). The offset pointer to
244	* should be 0 at the start of a stream.
245	* \param nonce_counter The 128-bit nonce and counter.
246	* \param stream_block The saved stream-block for resuming. Is overwritten
247	* by the function.
248	* \param input The input data stream
249	* \param output The output data stream
250	*
251	* \return 0 if successful
252	*/
253	int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
254	size_t length,
255	size_t *nc_off,
256	unsigned char nonce_counter[16],
257	unsigned char stream_block[16],
258	const unsigned char *input,
259	unsigned char *output );
260	#endif /* MBEDTLS_CIPHER_MODE_CTR */
261
262	/**
263	* \brief Checkup routine
264	*
265	* \return 0 if successful, or 1 if the test failed
266	*/
267	int mbedtls_camellia_self_test( int verbose );
268
269	#ifdef __cplusplus
270	}
271	#endif
272
273	#endif /* camellia.h */