Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Download
52867 views
Tweet
Share
Share
1
/*

2
 * An implementation of the CAMELLIA algorithm as mentioned in RFC3713

3
 * Copyright (c) 2014 Supraja Meedinti

4
 *

5
 * This file is part of FFmpeg.

6
 *

7
 * FFmpeg is free software; you can redistribute it and/or

8
 * modify it under the terms of the GNU Lesser General Public

9
 * License as published by the Free Software Foundation; either

10
 * version 2.1 of the License, or (at your option) any later version.

11
 *

12
 * FFmpeg is distributed in the hope that it will be useful,

13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of

14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

15
 * Lesser General Public License for more details.

16
 *

17
 * You should have received a copy of the GNU Lesser General Public

18
 * License along with FFmpeg; if not, write to the Free Software

19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

20
 */

21
#include "camellia.h"

22
#include "common.h"

23
#include "intreadwrite.h"

24
#include "attributes.h"

25


26
#define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))

27
#define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))

28


29
#define MASK8 0xff

30
#define MASK32 0xffffffff

31
#define MASK64 0xffffffffffffffff

32


33
#define Sigma1  0xA09E667F3BCC908B

34
#define Sigma2  0xB67AE8584CAA73B2

35
#define Sigma3  0xC6EF372FE94F82BE

36
#define Sigma4  0x54FF53A5F1D36F1C

37
#define Sigma5  0x10E527FADE682D1D

38
#define Sigma6  0xB05688C2B3E6C1FD

39


40
static uint64_t SP[8][256];

41


42
typedef struct AVCAMELLIA {

43
    uint64_t Kw[4];

44
    uint64_t Ke[6];

45
    uint64_t K[24];

46
    int key_bits;

47
} AVCAMELLIA;

48


49
static const uint8_t SBOX1[256] = {

50
112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,

51
 35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,

52
134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,

53
166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,

54
139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,

55
223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,

56
 20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,

57
254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,

58
170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,

59
 16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,

60
135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,

61
 82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,

62
233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,

63
120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,

64
114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,

65
 64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158

66
};

67


68
static const uint8_t SBOX2[256] = {

69
224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,

70
 70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,

71
 13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,

72
 77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,

73
 23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,

74
191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,

75
 40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,

76
253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,

77
 85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,

78
 32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,

79
 15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,

80
164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,

81
211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,

82
240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,

83
228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,

84
128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61

85
};

86


87
static const uint8_t SBOX3[256] = {

88
 56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,

89
145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,

90
 67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,

91
 83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,

92
197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,

93
239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,

94
 10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,

95
127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,

96
 85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,

97
  8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,

98
195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,

99
 41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,

100
244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,

101
 60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,

102
 57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,

103
 32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79

104
};

105


106
static const uint8_t SBOX4[256] = {

107
112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,

108
134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,

109
139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,

110
 20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,

111
170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,

112
135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,

113
233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,

114
114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,

115
130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,

116
184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,

117
 13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,

118
 88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,

119
208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,

120
 92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,

121
121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,

122
  7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158

123
};

124


125
const int av_camellia_size = sizeof(AVCAMELLIA);

126


127
static void LR128(uint64_t d[2], const uint64_t K[2], int x)

128
{

129
    int i = 0;

130
    if (64 <= x && x < 128) {

131
        i = 1;

132
        x -= 64;

133
    }

134
    if (x <= 0 || x >= 128) {

135
        d[0] = K[i];

136
        d[1] = K[!i];

137
        return;

138
    }

139
    d[0] = (K[i] << x | K[!i] >> (64 - x));

140
    d[1] = (K[!i] << x | K[i] >> (64 - x));

141
}

142


143
static uint64_t F(uint64_t F_IN, uint64_t KE)

144
{

145
    KE ^= F_IN;

146
    F_IN=SP[0][KE >> 56]^SP[1][(KE >> 48) & MASK8]^SP[2][(KE >> 40) & MASK8]^SP[3][(KE >> 32) & MASK8]^SP[4][(KE >> 24) & MASK8]^SP[5][(KE >> 16) & MASK8]^SP[6][(KE >> 8) & MASK8]^SP[7][KE & MASK8];

147
    return F_IN;

148
}

149


150
static uint64_t FL(uint64_t FL_IN, uint64_t KE)

151
{

152
    uint32_t x1, x2, k1, k2;

153
    x1 = FL_IN >> 32;

154
    x2 = FL_IN & MASK32;

155
    k1 = KE >> 32;

156
    k2 = KE & MASK32;

157
    x2 = x2 ^ LR32((x1 & k1), 1);

158
    x1 = x1 ^ (x2 | k2);

159
    return ((uint64_t)x1 << 32) | (uint64_t)x2;

160
}

161


162
static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)

163
{

164
    uint32_t x1, x2, k1, k2;

165
    x1 = FLINV_IN >> 32;

166
    x2 = FLINV_IN & MASK32;

167
    k1 = KE >> 32;

168
    k2 = KE & MASK32;

169
    x1 = x1 ^ (x2 | k2);

170
    x2 = x2 ^ LR32((x1 & k1), 1);

171
    return ((uint64_t)x1 << 32) | (uint64_t)x2;

172
}

173


174
static const uint8_t shifts[2][12] = {

175
    {0, 15, 15, 45, 45, 60, 94, 94, 111},

176
    {0, 15, 15, 30, 45, 45, 60, 60,  77, 94, 94, 111}

177
};

178


179
static const uint8_t vars[2][12] = {

180
    {2, 0, 2, 0, 2, 2, 0, 2, 0},

181
    {3, 1, 2, 3, 0, 2, 1, 3, 0, 1, 2, 0}

182
};

183


184
static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])

185
{

186
    int i;

187
    uint64_t *Kd[4], d[2];

188
    Kd[0] = Kl;

189
    Kd[1] = Kr;

190
    Kd[2] = Ka;

191
    Kd[3] = Kb;

192
    cs->Kw[0] = Kl[0];

193
    cs->Kw[1] = Kl[1];

194
    if (cs->key_bits == 128) {

195
        for (i = 0; i < 9; i++) {

196
            LR128(d, Kd[vars[0][i]], shifts[0][i]);

197
            cs->K[2*i] = d[0];

198
            cs->K[2*i+1] = d[1];

199
        }

200
        LR128(d, Kd[0], 60);

201
        cs->K[9] = d[1];

202
        LR128(d, Kd[2], 30);

203
        cs->Ke[0] = d[0];

204
        cs->Ke[1] = d[1];

205
        LR128(d, Kd[0], 77);

206
        cs->Ke[2] = d[0];

207
        cs->Ke[3] = d[1];

208
        LR128(d, Kd[2], 111);

209
        cs->Kw[2] = d[0];

210
        cs->Kw[3] = d[1];

211
    } else {

212
        for (i = 0; i < 12; i++) {

213
            LR128(d, Kd[vars[1][i]], shifts[1][i]);

214
            cs->K[2*i] = d[0];

215
            cs->K[2*i+1] = d[1];

216
        }

217
        LR128(d, Kd[1], 30);

218
        cs->Ke[0] = d[0];

219
        cs->Ke[1] = d[1];

220
        LR128(d, Kd[0], 60);

221
        cs->Ke[2] = d[0];

222
        cs->Ke[3] = d[1];

223
        LR128(d, Kd[2], 77);

224
        cs->Ke[4] = d[0];

225
        cs->Ke[5] = d[1];

226
        LR128(d, Kd[3], 111);

227
        cs->Kw[2] = d[0];

228
        cs->Kw[3] = d[1];

229
    }

230
}

231


232
static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)

233
{

234
    uint64_t D1, D2;

235
    D1 = AV_RB64(src);

236
    D2 = AV_RB64(src + 8);

237
    D1 ^= cs->Kw[0];

238
    D2 ^= cs->Kw[1];

239
    D2 ^= F(D1, cs->K[0]);

240
    D1 ^= F(D2, cs->K[1]);

241
    D2 ^= F(D1, cs->K[2]);

242
    D1 ^= F(D2, cs->K[3]);

243
    D2 ^= F(D1, cs->K[4]);

244
    D1 ^= F(D2, cs->K[5]);

245
    D1 = FL(D1, cs->Ke[0]);

246
    D2 = FLINV(D2, cs->Ke[1]);

247
    D2 ^= F(D1, cs->K[6]);

248
    D1 ^= F(D2, cs->K[7]);

249
    D2 ^= F(D1, cs->K[8]);

250
    D1 ^= F(D2, cs->K[9]);

251
    D2 ^= F(D1, cs->K[10]);

252
    D1 ^= F(D2, cs->K[11]);

253
    D1 = FL(D1, cs->Ke[2]);

254
    D2 = FLINV(D2, cs->Ke[3]);

255
    D2 ^= F(D1, cs->K[12]);

256
    D1 ^= F(D2, cs->K[13]);

257
    D2 ^= F(D1, cs->K[14]);

258
    D1 ^= F(D2, cs->K[15]);

259
    D2 ^= F(D1, cs->K[16]);

260
    D1 ^= F(D2, cs->K[17]);

261
    if (cs->key_bits != 128) {

262
        D1 = FL(D1, cs->Ke[4]);

263
        D2 = FLINV(D2, cs->Ke[5]);

264
        D2 ^= F(D1, cs->K[18]);

265
        D1 ^= F(D2, cs->K[19]);

266
        D2 ^= F(D1, cs->K[20]);

267
        D1 ^= F(D2, cs->K[21]);

268
        D2 ^= F(D1, cs->K[22]);

269
        D1 ^= F(D2, cs->K[23]);

270
    }

271
    D2 ^= cs->Kw[2];

272
    D1 ^= cs->Kw[3];

273
    AV_WB64(dst, D2);

274
    AV_WB64(dst + 8, D1);

275
}

276


277
static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)

278
{

279
    uint64_t D1, D2;

280
    D1 = AV_RB64(src);

281
    D2 = AV_RB64(src + 8);

282
    D1 ^= cs->Kw[2];

283
    D2 ^= cs->Kw[3];

284
    if (cs->key_bits != 128) {

285
        D2 ^= F(D1, cs->K[23]);

286
        D1 ^= F(D2, cs->K[22]);

287
        D2 ^= F(D1, cs->K[21]);

288
        D1 ^= F(D2, cs->K[20]);

289
        D2 ^= F(D1, cs->K[19]);

290
        D1 ^= F(D2, cs->K[18]);

291
        D1 = FL(D1, cs->Ke[5]);

292
        D2 = FLINV(D2, cs->Ke[4]);

293
    }

294
    D2 ^= F(D1, cs->K[17]);

295
    D1 ^= F(D2, cs->K[16]);

296
    D2 ^= F(D1, cs->K[15]);

297
    D1 ^= F(D2, cs->K[14]);

298
    D2 ^= F(D1, cs->K[13]);

299
    D1 ^= F(D2, cs->K[12]);

300
    D1 = FL(D1, cs->Ke[3]);

301
    D2 = FLINV(D2, cs->Ke[2]);

302
    D2 ^= F(D1, cs->K[11]);

303
    D1 ^= F(D2, cs->K[10]);

304
    D2 ^= F(D1, cs->K[9]);

305
    D1 ^= F(D2, cs->K[8]);

306
    D2 ^= F(D1, cs->K[7]);

307
    D1 ^= F(D2, cs->K[6]);

308
    D1 = FL(D1, cs->Ke[1]);

309
    D2 = FLINV(D2, cs->Ke[0]);

310
    D2 ^= F(D1, cs->K[5]);

311
    D1 ^= F(D2, cs->K[4]);

312
    D2 ^= F(D1, cs->K[3]);

313
    D1 ^= F(D2, cs->K[2]);

314
    D2 ^= F(D1, cs->K[1]);

315
    D1 ^= F(D2, cs->K[0]);

316
    D2 ^= cs->Kw[0];

317
    D1 ^= cs->Kw[1];

318
    if (iv) {

319
        D2 ^= AV_RB64(iv);

320
        D1 ^= AV_RB64(iv + 8);

321
        memcpy(iv, src, 16);

322
    }

323
    AV_WB64(dst, D2);

324
    AV_WB64(dst + 8, D1);

325
}

326


327
static void computeSP(void)

328
{

329
    uint64_t z;

330
    int i;

331
    for (i = 0; i < 256; i++) {

332
        z = SBOX1[i];

333
        SP[0][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ z;

334
        SP[7][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ (z << 16) ^ (z << 8);

335
        z = SBOX2[i];

336
        SP[1][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 16);

337
        SP[4][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8) ^ z;

338
        z = SBOX3[i];

339
        SP[2][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8);

340
        SP[5][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 8) ^ z;

341
        z = SBOX4[i];

342
        SP[3][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 8) ^ z;

343
        SP[6][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 24) ^ (z << 16) ^ z;

344
    }

345
}

346


347
struct AVCAMELLIA *av_camellia_alloc(void)

348
{

349
    return av_mallocz(sizeof(struct AVCAMELLIA));

350
}

351


352
av_cold int av_camellia_init(AVCAMELLIA *cs, const uint8_t *key, int key_bits)

353
{

354
    uint64_t Kl[2], Kr[2], Ka[2], Kb[2];

355
    uint64_t D1, D2;

356
    if (key_bits != 128 && key_bits != 192 && key_bits != 256)

357
        return AVERROR(EINVAL);

358
    memset(Kb, 0, sizeof(Kb));

359
    memset(Kr, 0, sizeof(Kr));

360
    cs->key_bits = key_bits;

361
    Kl[0] = AV_RB64(key);

362
    Kl[1] = AV_RB64(key + 8);

363
    if (key_bits == 192) {

364
        Kr[0] = AV_RB64(key + 16);

365
        Kr[1] = ~Kr[0];

366
    } else if (key_bits == 256) {

367
        Kr[0] = AV_RB64(key + 16);

368
        Kr[1] = AV_RB64(key + 24);

369
    }

370
    computeSP();

371
    D1 = Kl[0] ^ Kr[0];

372
    D2 = Kl[1] ^ Kr[1];

373
    D2 ^= F(D1, Sigma1);

374
    D1 ^= F(D2, Sigma2);

375
    D1 ^= Kl[0];

376
    D2 ^= Kl[1];

377
    D2 ^= F(D1, Sigma3);

378
    D1 ^= F(D2, Sigma4);

379
    Ka[0] = D1;

380
    Ka[1] = D2;

381
    if (key_bits != 128) {

382
        D1 = Ka[0] ^ Kr[0];

383
        D2 = Ka[1] ^ Kr[1];

384
        D2 ^= F(D1, Sigma5);

385
        D1 ^= F(D2, Sigma6);

386
        Kb[0] = D1;

387
        Kb[1] = D2;

388
    }

389
    generate_round_keys(cs, Kl, Kr, Ka, Kb);

390
    return 0;

391
}

392


393
void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)

394
{

395
    int i;

396
    while (count--) {

397
        if (decrypt) {

398
            camellia_decrypt(cs, dst, src, iv);

399
        } else {

400
            if (iv) {

401
                for (i = 0; i < 16; i++)

402
                    dst[i] = src[i] ^ iv[i];

403
                camellia_encrypt(cs, dst, dst);

404
                memcpy(iv, dst, 16);

405
            } else {

406
                camellia_encrypt(cs, dst, src);

407
            }

408
        }

409
        src = src + 16;

410
        dst = dst + 16;

411
    }

412
}

413


414
#ifdef TEST

415
#include<stdio.h>

416
#include<stdlib.h>

417
#include"log.h"

418


419
int main(int argc, char *argv[])

420
{

421
    const uint8_t Key[3][32] = {

422
        {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},

423
        {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77},

424
        {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}

425
    };

426
    const uint8_t rct[3][16] = {

427
        {0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43},

428
        {0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9,0x96, 0xf8, 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9},

429
        {0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09}

430
    };

431
    const uint8_t rpt[32] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};

432
    const int kbits[3] = {128, 192, 256};

433
    int i, j, err = 0;

434
    uint8_t temp[32], iv[16];

435
    AVCAMELLIA *cs;

436
    cs = av_camellia_alloc();

437
    if (!cs)

438
        return 1;

439
    for (j = 0; j < 3; j++) {

440
        av_camellia_init(cs, Key[j], kbits[j]);

441
        av_camellia_crypt(cs, temp, rpt, 1, NULL, 0);

442
        for (i = 0; i < 16; i++) {

443
            if (rct[j][i] != temp[i]) {

444
                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[j][i], temp[i]);

445
                err = 1;

446
            }

447
        }

448
        av_camellia_crypt(cs, temp, rct[j], 1, NULL, 1);

449
        for (i = 0; i < 16; i++) {

450
            if (rpt[i] != temp[i]) {

451
                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);

452
                err = 1;

453
            }

454
        }

455
    }

456
    av_camellia_init(cs, Key[0], 128);

457
    memcpy(iv, "HALLO123HALLO123", 16);

458
    av_camellia_crypt(cs, temp, rpt, 2, iv, 0);

459
    memcpy(iv, "HALLO123HALLO123", 16);

460
    av_camellia_crypt(cs, temp, temp, 2, iv, 1);

461
    for (i = 0; i < 32; i++) {

462
        if (rpt[i] != temp[i]) {

463
            av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);

464
            err = 1;

465
        }

466
    }

467
    av_free(cs);

468
    return err;

469
}

470
#endif

471


472