1 /* camellia-glue.c - Glue for the Camellia cipher
2 * Copyright (C) 2007 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 * 02110-1301, USA.
20 */
21
22 /* I put all the libgcrypt-specific stuff in this file to keep the
23 camellia.c/camellia.h files exactly as provided by NTT. If they
24 update their code, this should make it easier to bring the changes
25 in. - dshaw
26
27 There is one small change which needs to be done: Include the
28 following code at the top of camellia.h: */
29 #if 0
30
31 /* To use Camellia with libraries it is often useful to keep the name
32 * space of the library clean. The following macro is thus useful:
33 *
34 * #define CAMELLIA_EXT_SYM_PREFIX foo_
35 *
36 * This prefixes all external symbols with "foo_".
37 */
38 #ifdef HAVE_CONFIG_H
39 #include <config.h>
40 #endif
41 #ifdef CAMELLIA_EXT_SYM_PREFIX
42 #define CAMELLIA_PREFIX1(x,y) x ## y
43 #define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y)
44 #define CAMELLIA_PREFIX(x) CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x)
45 #define Camellia_Ekeygen CAMELLIA_PREFIX(Camellia_Ekeygen)
46 #define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock)
47 #define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock)
48 #define camellia_decrypt128 CAMELLIA_PREFIX(camellia_decrypt128)
49 #define camellia_decrypt256 CAMELLIA_PREFIX(camellia_decrypt256)
50 #define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
51 #define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
52 #define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
53 #define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
54 #define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
55 #endif /*CAMELLIA_EXT_SYM_PREFIX*/
56
57 #endif /* Code sample. */
58
59
60 #include <config.h>
61 #include "types.h"
62 #include "g10lib.h"
63 #include "cipher.h"
64 #include "camellia.h"
65 #include "bufhelp.h"
66 #include "cipher-internal.h"
67 #include "cipher-selftest.h"
68
69 /* Helper macro to force alignment to 16 bytes. */
70 #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
71 # define ATTR_ALIGNED_16 __attribute__ ((aligned (16)))
72 #else
73 # define ATTR_ALIGNED_16
74 #endif
75
76 /* USE_AESNI inidicates whether to compile with Intel AES-NI/AVX code. */
77 #undef USE_AESNI_AVX
78 #if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)
79 # if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
80 defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
81 # define USE_AESNI_AVX 1
82 # endif
83 #endif
84
85 /* USE_AESNI_AVX2 inidicates whether to compile with Intel AES-NI/AVX2 code. */
86 #undef USE_AESNI_AVX2
87 #if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)
88 # if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
89 defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
90 # define USE_AESNI_AVX2 1
91 # endif
92 #endif
93
94 typedef struct
95 {
96 KEY_TABLE_TYPE keytable;
97 int keybitlength;
98 #ifdef USE_AESNI_AVX
99 unsigned int use_aesni_avx:1; /* AES-NI/AVX implementation shall be used. */
100 #endif /*USE_AESNI_AVX*/
101 #ifdef USE_AESNI_AVX2
102 unsigned int use_aesni_avx2:1;/* AES-NI/AVX2 implementation shall be used. */
103 #endif /*USE_AESNI_AVX2*/
104 } CAMELLIA_context;
105
106 /* Assembly implementations use SystemV ABI, ABI conversion and additional
107 * stack to store XMM6-XMM15 needed on Win64. */
108 #undef ASM_FUNC_ABI
109 #undef ASM_EXTRA_STACK
110 #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
111 # ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
112 # define ASM_FUNC_ABI __attribute__((sysv_abi))
113 # define ASM_EXTRA_STACK (10 * 16)
114 # else
115 # define ASM_FUNC_ABI
116 # define ASM_EXTRA_STACK 0
117 # endif
118 #endif
119
120 #ifdef USE_AESNI_AVX
121 /* Assembler implementations of Camellia using AES-NI and AVX. Process data
122 in 16 block same time.
123 */
124 extern void _gcry_camellia_aesni_avx_ctr_enc(CAMELLIA_context *ctx,
125 unsigned char *out,
126 const unsigned char *in,
127 unsigned char *ctr) ASM_FUNC_ABI;
128
129 extern void _gcry_camellia_aesni_avx_cbc_dec(CAMELLIA_context *ctx,
130 unsigned char *out,
131 const unsigned char *in,
132 unsigned char *iv) ASM_FUNC_ABI;
133
134 extern void _gcry_camellia_aesni_avx_cfb_dec(CAMELLIA_context *ctx,
135 unsigned char *out,
136 const unsigned char *in,
137 unsigned char *iv) ASM_FUNC_ABI;
138
139 extern void _gcry_camellia_aesni_avx_ocb_enc(CAMELLIA_context *ctx,
140 unsigned char *out,
141 const unsigned char *in,
142 unsigned char *offset,
143 unsigned char *checksum,
144 const u64 Ls[16]) ASM_FUNC_ABI;
145
146 extern void _gcry_camellia_aesni_avx_ocb_dec(CAMELLIA_context *ctx,
147 unsigned char *out,
148 const unsigned char *in,
149 unsigned char *offset,
150 unsigned char *checksum,
151 const u64 Ls[16]) ASM_FUNC_ABI;
152
153 extern void _gcry_camellia_aesni_avx_ocb_auth(CAMELLIA_context *ctx,
154 const unsigned char *abuf,
155 unsigned char *offset,
156 unsigned char *checksum,
157 const u64 Ls[16]) ASM_FUNC_ABI;
158
159 extern void _gcry_camellia_aesni_avx_keygen(CAMELLIA_context *ctx,
160 const unsigned char *key,
161 unsigned int keylen) ASM_FUNC_ABI;
162 #endif
163
164 #ifdef USE_AESNI_AVX2
165 /* Assembler implementations of Camellia using AES-NI and AVX2. Process data
166 in 32 block same time.
167 */
168 extern void _gcry_camellia_aesni_avx2_ctr_enc(CAMELLIA_context *ctx,
169 unsigned char *out,
170 const unsigned char *in,
171 unsigned char *ctr) ASM_FUNC_ABI;
172
173 extern void _gcry_camellia_aesni_avx2_cbc_dec(CAMELLIA_context *ctx,
174 unsigned char *out,
175 const unsigned char *in,
176 unsigned char *iv) ASM_FUNC_ABI;
177
178 extern void _gcry_camellia_aesni_avx2_cfb_dec(CAMELLIA_context *ctx,
179 unsigned char *out,
180 const unsigned char *in,
181 unsigned char *iv) ASM_FUNC_ABI;
182
183 extern void _gcry_camellia_aesni_avx2_ocb_enc(CAMELLIA_context *ctx,
184 unsigned char *out,
185 const unsigned char *in,
186 unsigned char *offset,
187 unsigned char *checksum,
188 const u64 Ls[32]) ASM_FUNC_ABI;
189
190 extern void _gcry_camellia_aesni_avx2_ocb_dec(CAMELLIA_context *ctx,
191 unsigned char *out,
192 const unsigned char *in,
193 unsigned char *offset,
194 unsigned char *checksum,
195 const u64 Ls[32]) ASM_FUNC_ABI;
196
197 extern void _gcry_camellia_aesni_avx2_ocb_auth(CAMELLIA_context *ctx,
198 const unsigned char *abuf,
199 unsigned char *offset,
200 unsigned char *checksum,
201 const u64 Ls[32]) ASM_FUNC_ABI;
202 #endif
203
204 static const char *selftest(void);
205
206 static void _gcry_camellia_ctr_enc (void *context, unsigned char *ctr,
207 void *outbuf_arg, const void *inbuf_arg,
208 size_t nblocks);
209 static void _gcry_camellia_cbc_dec (void *context, unsigned char *iv,
210 void *outbuf_arg, const void *inbuf_arg,
211 size_t nblocks);
212 static void _gcry_camellia_cfb_dec (void *context, unsigned char *iv,
213 void *outbuf_arg, const void *inbuf_arg,
214 size_t nblocks);
215 static size_t _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
216 const void *inbuf_arg, size_t nblocks,
217 int encrypt);
218 static size_t _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
219 size_t nblocks);
220
221 static gcry_err_code_t
camellia_setkey(void * c,const byte * key,unsigned keylen,cipher_bulk_ops_t * bulk_ops)222 camellia_setkey(void *c, const byte *key, unsigned keylen,
223 cipher_bulk_ops_t *bulk_ops)
224 {
225 CAMELLIA_context *ctx=c;
226 static int initialized=0;
227 static const char *selftest_failed=NULL;
228 #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
229 unsigned int hwf = _gcry_get_hw_features ();
230 #endif
231
232 if(keylen!=16 && keylen!=24 && keylen!=32)
233 return GPG_ERR_INV_KEYLEN;
234
235 if(!initialized)
236 {
237 initialized=1;
238 selftest_failed=selftest();
239 if(selftest_failed)
240 log_error("%s\n",selftest_failed);
241 }
242
243 if(selftest_failed)
244 return GPG_ERR_SELFTEST_FAILED;
245
246 #ifdef USE_AESNI_AVX
247 ctx->use_aesni_avx = (hwf & HWF_INTEL_AESNI) && (hwf & HWF_INTEL_AVX);
248 #endif
249 #ifdef USE_AESNI_AVX2
250 ctx->use_aesni_avx2 = (hwf & HWF_INTEL_AESNI) && (hwf & HWF_INTEL_AVX2);
251 #endif
252
253 ctx->keybitlength=keylen*8;
254
255 /* Setup bulk encryption routines. */
256 memset (bulk_ops, 0, sizeof(*bulk_ops));
257 bulk_ops->cbc_dec = _gcry_camellia_cbc_dec;
258 bulk_ops->cfb_dec = _gcry_camellia_cfb_dec;
259 bulk_ops->ctr_enc = _gcry_camellia_ctr_enc;
260 bulk_ops->ocb_crypt = _gcry_camellia_ocb_crypt;
261 bulk_ops->ocb_auth = _gcry_camellia_ocb_auth;
262
263 if (0)
264 { }
265 #ifdef USE_AESNI_AVX
266 else if (ctx->use_aesni_avx)
267 _gcry_camellia_aesni_avx_keygen(ctx, key, keylen);
268 else
269 #endif
270 {
271 Camellia_Ekeygen(ctx->keybitlength,key,ctx->keytable);
272 _gcry_burn_stack
273 ((19+34+34)*sizeof(u32)+2*sizeof(void*) /* camellia_setup256 */
274 +(4+32)*sizeof(u32)+2*sizeof(void*) /* camellia_setup192 */
275 +0+sizeof(int)+2*sizeof(void*) /* Camellia_Ekeygen */
276 +3*2*sizeof(void*) /* Function calls. */
277 );
278 }
279
280 return 0;
281 }
282
283 #ifdef USE_ARM_ASM
284
285 /* Assembly implementations of Camellia. */
286 extern void _gcry_camellia_arm_encrypt_block(const KEY_TABLE_TYPE keyTable,
287 byte *outbuf, const byte *inbuf,
288 const int keybits);
289
290 extern void _gcry_camellia_arm_decrypt_block(const KEY_TABLE_TYPE keyTable,
291 byte *outbuf, const byte *inbuf,
292 const int keybits);
293
Camellia_EncryptBlock(const int keyBitLength,const unsigned char * plaintext,const KEY_TABLE_TYPE keyTable,unsigned char * cipherText)294 static void Camellia_EncryptBlock(const int keyBitLength,
295 const unsigned char *plaintext,
296 const KEY_TABLE_TYPE keyTable,
297 unsigned char *cipherText)
298 {
299 _gcry_camellia_arm_encrypt_block(keyTable, cipherText, plaintext,
300 keyBitLength);
301 }
302
Camellia_DecryptBlock(const int keyBitLength,const unsigned char * cipherText,const KEY_TABLE_TYPE keyTable,unsigned char * plaintext)303 static void Camellia_DecryptBlock(const int keyBitLength,
304 const unsigned char *cipherText,
305 const KEY_TABLE_TYPE keyTable,
306 unsigned char *plaintext)
307 {
308 _gcry_camellia_arm_decrypt_block(keyTable, plaintext, cipherText,
309 keyBitLength);
310 }
311
312 #ifdef __aarch64__
313 # define CAMELLIA_encrypt_stack_burn_size (0)
314 # define CAMELLIA_decrypt_stack_burn_size (0)
315 #else
316 # define CAMELLIA_encrypt_stack_burn_size (15*4)
317 # define CAMELLIA_decrypt_stack_burn_size (15*4)
318 #endif
319
320 static unsigned int
camellia_encrypt(void * c,byte * outbuf,const byte * inbuf)321 camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
322 {
323 CAMELLIA_context *ctx = c;
324 Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
325 return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size);
326 }
327
328 static unsigned int
camellia_decrypt(void * c,byte * outbuf,const byte * inbuf)329 camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
330 {
331 CAMELLIA_context *ctx=c;
332 Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
333 return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size);
334 }
335
336 #else /*USE_ARM_ASM*/
337
338 static unsigned int
camellia_encrypt(void * c,byte * outbuf,const byte * inbuf)339 camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
340 {
341 CAMELLIA_context *ctx=c;
342
343 Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
344
345 #define CAMELLIA_encrypt_stack_burn_size \
346 (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \
347 +4*sizeof(u32)+4*sizeof(u32) \
348 +2*sizeof(u32*)+4*sizeof(u32) \
349 +2*2*sizeof(void*) /* Function calls. */ \
350 )
351
352 return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size);
353 }
354
355 static unsigned int
camellia_decrypt(void * c,byte * outbuf,const byte * inbuf)356 camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
357 {
358 CAMELLIA_context *ctx=c;
359
360 Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
361
362 #define CAMELLIA_decrypt_stack_burn_size \
363 (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \
364 +4*sizeof(u32)+4*sizeof(u32) \
365 +2*sizeof(u32*)+4*sizeof(u32) \
366 +2*2*sizeof(void*) /* Function calls. */ \
367 )
368
369 return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size);
370 }
371
372 #endif /*!USE_ARM_ASM*/
373
374 /* Bulk encryption of complete blocks in CTR mode. This function is only
375 intended for the bulk encryption feature of cipher.c. CTR is expected to be
376 of size CAMELLIA_BLOCK_SIZE. */
377 static void
_gcry_camellia_ctr_enc(void * context,unsigned char * ctr,void * outbuf_arg,const void * inbuf_arg,size_t nblocks)378 _gcry_camellia_ctr_enc(void *context, unsigned char *ctr,
379 void *outbuf_arg, const void *inbuf_arg,
380 size_t nblocks)
381 {
382 CAMELLIA_context *ctx = context;
383 unsigned char *outbuf = outbuf_arg;
384 const unsigned char *inbuf = inbuf_arg;
385 unsigned char tmpbuf[CAMELLIA_BLOCK_SIZE];
386 int burn_stack_depth = CAMELLIA_encrypt_stack_burn_size;
387
388 #ifdef USE_AESNI_AVX2
389 if (ctx->use_aesni_avx2)
390 {
391 int did_use_aesni_avx2 = 0;
392
393 /* Process data in 32 block chunks. */
394 while (nblocks >= 32)
395 {
396 _gcry_camellia_aesni_avx2_ctr_enc(ctx, outbuf, inbuf, ctr);
397
398 nblocks -= 32;
399 outbuf += 32 * CAMELLIA_BLOCK_SIZE;
400 inbuf += 32 * CAMELLIA_BLOCK_SIZE;
401 did_use_aesni_avx2 = 1;
402 }
403
404 if (did_use_aesni_avx2)
405 {
406 int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 +
407 2 * sizeof(void *) + ASM_EXTRA_STACK;
408
409 if (burn_stack_depth < avx2_burn_stack_depth)
410 burn_stack_depth = avx2_burn_stack_depth;
411 }
412
413 /* Use generic code to handle smaller chunks... */
414 /* TODO: use caching instead? */
415 }
416 #endif
417
418 #ifdef USE_AESNI_AVX
419 if (ctx->use_aesni_avx)
420 {
421 int did_use_aesni_avx = 0;
422
423 /* Process data in 16 block chunks. */
424 while (nblocks >= 16)
425 {
426 _gcry_camellia_aesni_avx_ctr_enc(ctx, outbuf, inbuf, ctr);
427
428 nblocks -= 16;
429 outbuf += 16 * CAMELLIA_BLOCK_SIZE;
430 inbuf += 16 * CAMELLIA_BLOCK_SIZE;
431 did_use_aesni_avx = 1;
432 }
433
434 if (did_use_aesni_avx)
435 {
436 int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE +
437 2 * sizeof(void *) + ASM_EXTRA_STACK;
438
439 if (burn_stack_depth < avx_burn_stack_depth)
440 burn_stack_depth = avx_burn_stack_depth;
441 }
442
443 /* Use generic code to handle smaller chunks... */
444 /* TODO: use caching instead? */
445 }
446 #endif
447
448 for ( ;nblocks; nblocks-- )
449 {
450 /* Encrypt the counter. */
451 Camellia_EncryptBlock(ctx->keybitlength, ctr, ctx->keytable, tmpbuf);
452 /* XOR the input with the encrypted counter and store in output. */
453 cipher_block_xor(outbuf, tmpbuf, inbuf, CAMELLIA_BLOCK_SIZE);
454 outbuf += CAMELLIA_BLOCK_SIZE;
455 inbuf += CAMELLIA_BLOCK_SIZE;
456 /* Increment the counter. */
457 cipher_block_add(ctr, 1, CAMELLIA_BLOCK_SIZE);
458 }
459
460 wipememory(tmpbuf, sizeof(tmpbuf));
461 _gcry_burn_stack(burn_stack_depth);
462 }
463
464 /* Bulk decryption of complete blocks in CBC mode. This function is only
465 intended for the bulk encryption feature of cipher.c. */
466 static void
_gcry_camellia_cbc_dec(void * context,unsigned char * iv,void * outbuf_arg,const void * inbuf_arg,size_t nblocks)467 _gcry_camellia_cbc_dec(void *context, unsigned char *iv,
468 void *outbuf_arg, const void *inbuf_arg,
469 size_t nblocks)
470 {
471 CAMELLIA_context *ctx = context;
472 unsigned char *outbuf = outbuf_arg;
473 const unsigned char *inbuf = inbuf_arg;
474 unsigned char savebuf[CAMELLIA_BLOCK_SIZE];
475 int burn_stack_depth = CAMELLIA_decrypt_stack_burn_size;
476
477 #ifdef USE_AESNI_AVX2
478 if (ctx->use_aesni_avx2)
479 {
480 int did_use_aesni_avx2 = 0;
481
482 /* Process data in 32 block chunks. */
483 while (nblocks >= 32)
484 {
485 _gcry_camellia_aesni_avx2_cbc_dec(ctx, outbuf, inbuf, iv);
486
487 nblocks -= 32;
488 outbuf += 32 * CAMELLIA_BLOCK_SIZE;
489 inbuf += 32 * CAMELLIA_BLOCK_SIZE;
490 did_use_aesni_avx2 = 1;
491 }
492
493 if (did_use_aesni_avx2)
494 {
495 int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 +
496 2 * sizeof(void *) + ASM_EXTRA_STACK;;
497
498 if (burn_stack_depth < avx2_burn_stack_depth)
499 burn_stack_depth = avx2_burn_stack_depth;
500 }
501
502 /* Use generic code to handle smaller chunks... */
503 }
504 #endif
505
506 #ifdef USE_AESNI_AVX
507 if (ctx->use_aesni_avx)
508 {
509 int did_use_aesni_avx = 0;
510
511 /* Process data in 16 block chunks. */
512 while (nblocks >= 16)
513 {
514 _gcry_camellia_aesni_avx_cbc_dec(ctx, outbuf, inbuf, iv);
515
516 nblocks -= 16;
517 outbuf += 16 * CAMELLIA_BLOCK_SIZE;
518 inbuf += 16 * CAMELLIA_BLOCK_SIZE;
519 did_use_aesni_avx = 1;
520 }
521
522 if (did_use_aesni_avx)
523 {
524 int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE +
525 2 * sizeof(void *) + ASM_EXTRA_STACK;
526
527 if (burn_stack_depth < avx_burn_stack_depth)
528 burn_stack_depth = avx_burn_stack_depth;
529 }
530
531 /* Use generic code to handle smaller chunks... */
532 }
533 #endif
534
535 for ( ;nblocks; nblocks-- )
536 {
537 /* INBUF is needed later and it may be identical to OUTBUF, so store
538 the intermediate result to SAVEBUF. */
539 Camellia_DecryptBlock(ctx->keybitlength, inbuf, ctx->keytable, savebuf);
540
541 cipher_block_xor_n_copy_2(outbuf, savebuf, iv, inbuf,
542 CAMELLIA_BLOCK_SIZE);
543 inbuf += CAMELLIA_BLOCK_SIZE;
544 outbuf += CAMELLIA_BLOCK_SIZE;
545 }
546
547 wipememory(savebuf, sizeof(savebuf));
548 _gcry_burn_stack(burn_stack_depth);
549 }
550
551 /* Bulk decryption of complete blocks in CFB mode. This function is only
552 intended for the bulk encryption feature of cipher.c. */
553 static void
_gcry_camellia_cfb_dec(void * context,unsigned char * iv,void * outbuf_arg,const void * inbuf_arg,size_t nblocks)554 _gcry_camellia_cfb_dec(void *context, unsigned char *iv,
555 void *outbuf_arg, const void *inbuf_arg,
556 size_t nblocks)
557 {
558 CAMELLIA_context *ctx = context;
559 unsigned char *outbuf = outbuf_arg;
560 const unsigned char *inbuf = inbuf_arg;
561 int burn_stack_depth = CAMELLIA_decrypt_stack_burn_size;
562
563 #ifdef USE_AESNI_AVX2
564 if (ctx->use_aesni_avx2)
565 {
566 int did_use_aesni_avx2 = 0;
567
568 /* Process data in 32 block chunks. */
569 while (nblocks >= 32)
570 {
571 _gcry_camellia_aesni_avx2_cfb_dec(ctx, outbuf, inbuf, iv);
572
573 nblocks -= 32;
574 outbuf += 32 * CAMELLIA_BLOCK_SIZE;
575 inbuf += 32 * CAMELLIA_BLOCK_SIZE;
576 did_use_aesni_avx2 = 1;
577 }
578
579 if (did_use_aesni_avx2)
580 {
581 int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 +
582 2 * sizeof(void *) + ASM_EXTRA_STACK;
583
584 if (burn_stack_depth < avx2_burn_stack_depth)
585 burn_stack_depth = avx2_burn_stack_depth;
586 }
587
588 /* Use generic code to handle smaller chunks... */
589 }
590 #endif
591
592 #ifdef USE_AESNI_AVX
593 if (ctx->use_aesni_avx)
594 {
595 int did_use_aesni_avx = 0;
596
597 /* Process data in 16 block chunks. */
598 while (nblocks >= 16)
599 {
600 _gcry_camellia_aesni_avx_cfb_dec(ctx, outbuf, inbuf, iv);
601
602 nblocks -= 16;
603 outbuf += 16 * CAMELLIA_BLOCK_SIZE;
604 inbuf += 16 * CAMELLIA_BLOCK_SIZE;
605 did_use_aesni_avx = 1;
606 }
607
608 if (did_use_aesni_avx)
609 {
610 int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE +
611 2 * sizeof(void *) + ASM_EXTRA_STACK;
612
613 if (burn_stack_depth < avx_burn_stack_depth)
614 burn_stack_depth = avx_burn_stack_depth;
615 }
616
617 /* Use generic code to handle smaller chunks... */
618 }
619 #endif
620
621 for ( ;nblocks; nblocks-- )
622 {
623 Camellia_EncryptBlock(ctx->keybitlength, iv, ctx->keytable, iv);
624 cipher_block_xor_n_copy(outbuf, iv, inbuf, CAMELLIA_BLOCK_SIZE);
625 outbuf += CAMELLIA_BLOCK_SIZE;
626 inbuf += CAMELLIA_BLOCK_SIZE;
627 }
628
629 _gcry_burn_stack(burn_stack_depth);
630 }
631
632 /* Bulk encryption/decryption of complete blocks in OCB mode. */
633 static size_t
_gcry_camellia_ocb_crypt(gcry_cipher_hd_t c,void * outbuf_arg,const void * inbuf_arg,size_t nblocks,int encrypt)634 _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
635 const void *inbuf_arg, size_t nblocks, int encrypt)
636 {
637 #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
638 CAMELLIA_context *ctx = (void *)&c->context.c;
639 unsigned char *outbuf = outbuf_arg;
640 const unsigned char *inbuf = inbuf_arg;
641 int burn_stack_depth;
642 u64 blkn = c->u_mode.ocb.data_nblocks;
643
644 burn_stack_depth = encrypt ? CAMELLIA_encrypt_stack_burn_size :
645 CAMELLIA_decrypt_stack_burn_size;
646 #else
647 (void)c;
648 (void)outbuf_arg;
649 (void)inbuf_arg;
650 (void)encrypt;
651 #endif
652
653 #ifdef USE_AESNI_AVX2
654 if (ctx->use_aesni_avx2)
655 {
656 int did_use_aesni_avx2 = 0;
657 u64 Ls[32];
658 unsigned int n = 32 - (blkn % 32);
659 u64 *l;
660 int i;
661
662 if (nblocks >= 32)
663 {
664 for (i = 0; i < 32; i += 8)
665 {
666 /* Use u64 to store pointers for x32 support (assembly function
667 * assumes 64-bit pointers). */
668 Ls[(i + 0 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
669 Ls[(i + 1 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
670 Ls[(i + 2 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
671 Ls[(i + 3 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
672 Ls[(i + 4 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
673 Ls[(i + 5 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
674 Ls[(i + 6 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
675 }
676
677 Ls[(7 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
678 Ls[(15 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[4];
679 Ls[(23 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
680 l = &Ls[(31 + n) % 32];
681
682 /* Process data in 32 block chunks. */
683 while (nblocks >= 32)
684 {
685 blkn += 32;
686 *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 32);
687
688 if (encrypt)
689 _gcry_camellia_aesni_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
690 c->u_ctr.ctr, Ls);
691 else
692 _gcry_camellia_aesni_avx2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv,
693 c->u_ctr.ctr, Ls);
694
695 nblocks -= 32;
696 outbuf += 32 * CAMELLIA_BLOCK_SIZE;
697 inbuf += 32 * CAMELLIA_BLOCK_SIZE;
698 did_use_aesni_avx2 = 1;
699 }
700 }
701
702 if (did_use_aesni_avx2)
703 {
704 int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE +
705 2 * sizeof(void *) + ASM_EXTRA_STACK;
706
707 if (burn_stack_depth < avx2_burn_stack_depth)
708 burn_stack_depth = avx2_burn_stack_depth;
709 }
710
711 /* Use generic code to handle smaller chunks... */
712 }
713 #endif
714
715 #ifdef USE_AESNI_AVX
716 if (ctx->use_aesni_avx)
717 {
718 int did_use_aesni_avx = 0;
719 u64 Ls[16];
720 unsigned int n = 16 - (blkn % 16);
721 u64 *l;
722 int i;
723
724 if (nblocks >= 16)
725 {
726 for (i = 0; i < 16; i += 8)
727 {
728 /* Use u64 to store pointers for x32 support (assembly function
729 * assumes 64-bit pointers). */
730 Ls[(i + 0 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
731 Ls[(i + 1 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
732 Ls[(i + 2 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
733 Ls[(i + 3 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
734 Ls[(i + 4 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
735 Ls[(i + 5 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
736 Ls[(i + 6 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
737 }
738
739 Ls[(7 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
740 l = &Ls[(15 + n) % 16];
741
742 /* Process data in 16 block chunks. */
743 while (nblocks >= 16)
744 {
745 blkn += 16;
746 *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16);
747
748 if (encrypt)
749 _gcry_camellia_aesni_avx_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
750 c->u_ctr.ctr, Ls);
751 else
752 _gcry_camellia_aesni_avx_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv,
753 c->u_ctr.ctr, Ls);
754
755 nblocks -= 16;
756 outbuf += 16 * CAMELLIA_BLOCK_SIZE;
757 inbuf += 16 * CAMELLIA_BLOCK_SIZE;
758 did_use_aesni_avx = 1;
759 }
760 }
761
762 if (did_use_aesni_avx)
763 {
764 int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE +
765 2 * sizeof(void *) + ASM_EXTRA_STACK;
766
767 if (burn_stack_depth < avx_burn_stack_depth)
768 burn_stack_depth = avx_burn_stack_depth;
769 }
770
771 /* Use generic code to handle smaller chunks... */
772 }
773 #endif
774
775 #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
776 c->u_mode.ocb.data_nblocks = blkn;
777
778 if (burn_stack_depth)
779 _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *));
780 #endif
781
782 return nblocks;
783 }
784
785 /* Bulk authentication of complete blocks in OCB mode. */
786 static size_t
_gcry_camellia_ocb_auth(gcry_cipher_hd_t c,const void * abuf_arg,size_t nblocks)787 _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
788 size_t nblocks)
789 {
790 #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
791 CAMELLIA_context *ctx = (void *)&c->context.c;
792 const unsigned char *abuf = abuf_arg;
793 int burn_stack_depth;
794 u64 blkn = c->u_mode.ocb.aad_nblocks;
795
796 burn_stack_depth = CAMELLIA_encrypt_stack_burn_size;
797 #else
798 (void)c;
799 (void)abuf_arg;
800 #endif
801
802 #ifdef USE_AESNI_AVX2
803 if (ctx->use_aesni_avx2)
804 {
805 int did_use_aesni_avx2 = 0;
806 u64 Ls[32];
807 unsigned int n = 32 - (blkn % 32);
808 u64 *l;
809 int i;
810
811 if (nblocks >= 32)
812 {
813 for (i = 0; i < 32; i += 8)
814 {
815 /* Use u64 to store pointers for x32 support (assembly function
816 * assumes 64-bit pointers). */
817 Ls[(i + 0 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
818 Ls[(i + 1 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
819 Ls[(i + 2 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
820 Ls[(i + 3 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
821 Ls[(i + 4 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
822 Ls[(i + 5 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
823 Ls[(i + 6 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
824 }
825
826 Ls[(7 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
827 Ls[(15 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[4];
828 Ls[(23 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
829 l = &Ls[(31 + n) % 32];
830
831 /* Process data in 32 block chunks. */
832 while (nblocks >= 32)
833 {
834 blkn += 32;
835 *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 32);
836
837 _gcry_camellia_aesni_avx2_ocb_auth(ctx, abuf,
838 c->u_mode.ocb.aad_offset,
839 c->u_mode.ocb.aad_sum, Ls);
840
841 nblocks -= 32;
842 abuf += 32 * CAMELLIA_BLOCK_SIZE;
843 did_use_aesni_avx2 = 1;
844 }
845 }
846
847 if (did_use_aesni_avx2)
848 {
849 int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE +
850 2 * sizeof(void *) + ASM_EXTRA_STACK;
851
852 if (burn_stack_depth < avx2_burn_stack_depth)
853 burn_stack_depth = avx2_burn_stack_depth;
854 }
855
856 /* Use generic code to handle smaller chunks... */
857 }
858 #endif
859
860 #ifdef USE_AESNI_AVX
861 if (ctx->use_aesni_avx)
862 {
863 int did_use_aesni_avx = 0;
864 u64 Ls[16];
865 unsigned int n = 16 - (blkn % 16);
866 u64 *l;
867 int i;
868
869 if (nblocks >= 16)
870 {
871 for (i = 0; i < 16; i += 8)
872 {
873 /* Use u64 to store pointers for x32 support (assembly function
874 * assumes 64-bit pointers). */
875 Ls[(i + 0 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
876 Ls[(i + 1 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
877 Ls[(i + 2 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
878 Ls[(i + 3 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
879 Ls[(i + 4 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
880 Ls[(i + 5 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
881 Ls[(i + 6 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
882 }
883
884 Ls[(7 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
885 l = &Ls[(15 + n) % 16];
886
887 /* Process data in 16 block chunks. */
888 while (nblocks >= 16)
889 {
890 blkn += 16;
891 *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16);
892
893 _gcry_camellia_aesni_avx_ocb_auth(ctx, abuf,
894 c->u_mode.ocb.aad_offset,
895 c->u_mode.ocb.aad_sum, Ls);
896
897 nblocks -= 16;
898 abuf += 16 * CAMELLIA_BLOCK_SIZE;
899 did_use_aesni_avx = 1;
900 }
901 }
902
903 if (did_use_aesni_avx)
904 {
905 int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE +
906 2 * sizeof(void *) + ASM_EXTRA_STACK;
907
908 if (burn_stack_depth < avx_burn_stack_depth)
909 burn_stack_depth = avx_burn_stack_depth;
910 }
911
912 /* Use generic code to handle smaller chunks... */
913 }
914 #endif
915
916 #if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
917 c->u_mode.ocb.aad_nblocks = blkn;
918
919 if (burn_stack_depth)
920 _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *));
921 #endif
922
923 return nblocks;
924 }
925
926 /* Run the self-tests for CAMELLIA-CTR-128, tests IV increment of bulk CTR
927 encryption. Returns NULL on success. */
928 static const char*
selftest_ctr_128(void)929 selftest_ctr_128 (void)
930 {
931 const int nblocks = 32+16+1;
932 const int blocksize = CAMELLIA_BLOCK_SIZE;
933 const int context_size = sizeof(CAMELLIA_context);
934
935 return _gcry_selftest_helper_ctr("CAMELLIA", &camellia_setkey,
936 &camellia_encrypt, nblocks, blocksize, context_size);
937 }
938
939 /* Run the self-tests for CAMELLIA-CBC-128, tests bulk CBC decryption.
940 Returns NULL on success. */
941 static const char*
selftest_cbc_128(void)942 selftest_cbc_128 (void)
943 {
944 const int nblocks = 32+16+2;
945 const int blocksize = CAMELLIA_BLOCK_SIZE;
946 const int context_size = sizeof(CAMELLIA_context);
947
948 return _gcry_selftest_helper_cbc("CAMELLIA", &camellia_setkey,
949 &camellia_encrypt, nblocks, blocksize, context_size);
950 }
951
952 /* Run the self-tests for CAMELLIA-CFB-128, tests bulk CFB decryption.
953 Returns NULL on success. */
954 static const char*
selftest_cfb_128(void)955 selftest_cfb_128 (void)
956 {
957 const int nblocks = 32+16+2;
958 const int blocksize = CAMELLIA_BLOCK_SIZE;
959 const int context_size = sizeof(CAMELLIA_context);
960
961 return _gcry_selftest_helper_cfb("CAMELLIA", &camellia_setkey,
962 &camellia_encrypt, nblocks, blocksize, context_size);
963 }
964
965 static const char *
selftest(void)966 selftest(void)
967 {
968 CAMELLIA_context ctx;
969 byte scratch[16];
970 cipher_bulk_ops_t bulk_ops;
971 const char *r;
972
973 /* These test vectors are from RFC-3713 */
974 static const byte plaintext[]=
975 {
976 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
977 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
978 };
979 static const byte key_128[]=
980 {
981 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
982 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
983 };
984 static const byte ciphertext_128[]=
985 {
986 0x67,0x67,0x31,0x38,0x54,0x96,0x69,0x73,
987 0x08,0x57,0x06,0x56,0x48,0xea,0xbe,0x43
988 };
989 static const byte key_192[]=
990 {
991 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,
992 0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77
993 };
994 static const byte ciphertext_192[]=
995 {
996 0xb4,0x99,0x34,0x01,0xb3,0xe9,0x96,0xf8,
997 0x4e,0xe5,0xce,0xe7,0xd7,0x9b,0x09,0xb9
998 };
999 static const byte key_256[]=
1000 {
1001 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,
1002 0x98,0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,
1003 0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
1004 };
1005 static const byte ciphertext_256[]=
1006 {
1007 0x9a,0xcc,0x23,0x7d,0xff,0x16,0xd7,0x6c,
1008 0x20,0xef,0x7c,0x91,0x9e,0x3a,0x75,0x09
1009 };
1010
1011 camellia_setkey(&ctx,key_128,sizeof(key_128),&bulk_ops);
1012 camellia_encrypt(&ctx,scratch,plaintext);
1013 if(memcmp(scratch,ciphertext_128,sizeof(ciphertext_128))!=0)
1014 return "CAMELLIA-128 test encryption failed.";
1015 camellia_decrypt(&ctx,scratch,scratch);
1016 if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
1017 return "CAMELLIA-128 test decryption failed.";
1018
1019 camellia_setkey(&ctx,key_192,sizeof(key_192),&bulk_ops);
1020 camellia_encrypt(&ctx,scratch,plaintext);
1021 if(memcmp(scratch,ciphertext_192,sizeof(ciphertext_192))!=0)
1022 return "CAMELLIA-192 test encryption failed.";
1023 camellia_decrypt(&ctx,scratch,scratch);
1024 if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
1025 return "CAMELLIA-192 test decryption failed.";
1026
1027 camellia_setkey(&ctx,key_256,sizeof(key_256),&bulk_ops);
1028 camellia_encrypt(&ctx,scratch,plaintext);
1029 if(memcmp(scratch,ciphertext_256,sizeof(ciphertext_256))!=0)
1030 return "CAMELLIA-256 test encryption failed.";
1031 camellia_decrypt(&ctx,scratch,scratch);
1032 if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
1033 return "CAMELLIA-256 test decryption failed.";
1034
1035 if ( (r = selftest_ctr_128 ()) )
1036 return r;
1037
1038 if ( (r = selftest_cbc_128 ()) )
1039 return r;
1040
1041 if ( (r = selftest_cfb_128 ()) )
1042 return r;
1043
1044 return NULL;
1045 }
1046
1047 /* These oids are from
1048 <http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications_oid.html>,
1049 retrieved May 1, 2007. */
1050
1051 static gcry_cipher_oid_spec_t camellia128_oids[] =
1052 {
1053 {"1.2.392.200011.61.1.1.1.2", GCRY_CIPHER_MODE_CBC},
1054 {"0.3.4401.5.3.1.9.1", GCRY_CIPHER_MODE_ECB},
1055 {"0.3.4401.5.3.1.9.3", GCRY_CIPHER_MODE_OFB},
1056 {"0.3.4401.5.3.1.9.4", GCRY_CIPHER_MODE_CFB},
1057 { NULL }
1058 };
1059
1060 static gcry_cipher_oid_spec_t camellia192_oids[] =
1061 {
1062 {"1.2.392.200011.61.1.1.1.3", GCRY_CIPHER_MODE_CBC},
1063 {"0.3.4401.5.3.1.9.21", GCRY_CIPHER_MODE_ECB},
1064 {"0.3.4401.5.3.1.9.23", GCRY_CIPHER_MODE_OFB},
1065 {"0.3.4401.5.3.1.9.24", GCRY_CIPHER_MODE_CFB},
1066 { NULL }
1067 };
1068
1069 static gcry_cipher_oid_spec_t camellia256_oids[] =
1070 {
1071 {"1.2.392.200011.61.1.1.1.4", GCRY_CIPHER_MODE_CBC},
1072 {"0.3.4401.5.3.1.9.41", GCRY_CIPHER_MODE_ECB},
1073 {"0.3.4401.5.3.1.9.43", GCRY_CIPHER_MODE_OFB},
1074 {"0.3.4401.5.3.1.9.44", GCRY_CIPHER_MODE_CFB},
1075 { NULL }
1076 };
1077
1078 gcry_cipher_spec_t _gcry_cipher_spec_camellia128 =
1079 {
1080 GCRY_CIPHER_CAMELLIA128, {0, 0},
1081 "CAMELLIA128",NULL,camellia128_oids,CAMELLIA_BLOCK_SIZE,128,
1082 sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
1083 };
1084
1085 gcry_cipher_spec_t _gcry_cipher_spec_camellia192 =
1086 {
1087 GCRY_CIPHER_CAMELLIA192, {0, 0},
1088 "CAMELLIA192",NULL,camellia192_oids,CAMELLIA_BLOCK_SIZE,192,
1089 sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
1090 };
1091
1092 gcry_cipher_spec_t _gcry_cipher_spec_camellia256 =
1093 {
1094 GCRY_CIPHER_CAMELLIA256, {0, 0},
1095 "CAMELLIA256",NULL,camellia256_oids,CAMELLIA_BLOCK_SIZE,256,
1096 sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
1097 };
1098