FFmpeg coverage

Directory: ../../../ffmpeg/
File: src/libavutil/camellia.c
Date: 2024-04-26 14:42:52
Exec Total Coverage
Lines: 220 221 99.5%
Functions: 11 11 100.0%
Branches: 44 48 91.7%
Line Branch Exec Source
1 /*
2 * An implementation of the CAMELLIA algorithm as mentioned in RFC3713
3 * Copyright (c) 2014 Supraja Meedinti
4 *
5 * This file is part of FFmpeg.
6 *
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include <string.h>
23
24 #include "camellia.h"
25 #include "error.h"
26 #include "intreadwrite.h"
27 #include "mem.h"
28 #include "attributes.h"
29
30 #define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))
31 #define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))
32
33 #define MASK8 0xff
34 #define MASK32 0xffffffff
35 #define MASK64 0xffffffffffffffff
36
37 #define Sigma1 0xA09E667F3BCC908B
38 #define Sigma2 0xB67AE8584CAA73B2
39 #define Sigma3 0xC6EF372FE94F82BE
40 #define Sigma4 0x54FF53A5F1D36F1C
41 #define Sigma5 0x10E527FADE682D1D
42 #define Sigma6 0xB05688C2B3E6C1FD
43
44 static uint64_t SP[8][256];
45
46 typedef struct AVCAMELLIA {
47 uint64_t Kw[4];
48 uint64_t Ke[6];
49 uint64_t K[24];
50 int key_bits;
51 } AVCAMELLIA;
52
53 static const uint8_t SBOX1[256] = {
54 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
55 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
56 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
57 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
58 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
59 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
60 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
61 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
62 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
63 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
64 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
65 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
66 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
67 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
68 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
69 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
70 };
71
72 static const uint8_t SBOX2[256] = {
73 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
74 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
75 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
76 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
77 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
78 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
79 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
80 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
81 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
82 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
83 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
84 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92,
85 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
86 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
87 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
88 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
89 };
90
91 static const uint8_t SBOX3[256] = {
92 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
93 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
94 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
95 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
96 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
97 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
98 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
99 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
100 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
101 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
102 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
103 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
104 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
105 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
106 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
107 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
108 };
109
110 static const uint8_t SBOX4[256] = {
111 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
112 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
113 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
114 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
115 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
116 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
117 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
118 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
119 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
120 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
121 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
122 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
123 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
124 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
125 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
126 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
127 };
128
129 const int av_camellia_size = sizeof(AVCAMELLIA);
130
131 58 static void LR128(uint64_t d[2], const uint64_t K[2], int x)
132 {
133 58 int i = 0;
134
3/4
✓ Branch 0 taken 22 times.
✓ Branch 1 taken 36 times.
✓ Branch 2 taken 22 times.
✗ Branch 3 not taken.
 58 if (64 <= x && x < 128) {
135 22 i = 1;
136 22 x -= 64;
137 }
138
3/4
✓ Branch 0 taken 54 times.
✓ Branch 1 taken 4 times.
✗ Branch 2 not taken.
✓ Branch 3 taken 54 times.
 58 if (x <= 0 || x >= 128) {
139 4 d[0] = K[i];
140
1/2
✓ Branch 0 taken 4 times.
✗ Branch 1 not taken.
 4 d[1] = K[!i];
141 4 return;
142 }
143
2/2
✓ Branch 0 taken 32 times.
✓ Branch 1 taken 22 times.
 54 d[0] = (K[i] << x | K[!i] >> (64 - x));
144
2/2
✓ Branch 0 taken 32 times.
✓ Branch 1 taken 22 times.
 54 d[1] = (K[!i] << x | K[i] >> (64 - x));
145 }
146
147 224 static uint64_t F(uint64_t F_IN, uint64_t KE)
148 {
149 224 KE ^= F_IN;
150 224 F_IN=SP[0][KE >> 56]^SP[1][(KE >> 48) & MASK8]^SP[2][(KE >> 40) & MASK8]^SP[3][(KE >> 32) & MASK8]^SP[4][(KE >> 24) & MASK8]^SP[5][(KE >> 16) & MASK8]^SP[6][(KE >> 8) & MASK8]^SP[7][KE & MASK8];
151 224 return F_IN;
152 }
153
154 24 static uint64_t FL(uint64_t FL_IN, uint64_t KE)
155 {
156 uint32_t x1, x2, k1, k2;
157 24 x1 = FL_IN >> 32;
158 24 x2 = FL_IN & MASK32;
159 24 k1 = KE >> 32;
160 24 k2 = KE & MASK32;
161 24 x2 = x2 ^ LR32((x1 & k1), 1);
162 24 x1 = x1 ^ (x2 | k2);
163 24 return ((uint64_t)x1 << 32) | (uint64_t)x2;
164 }
165
166 24 static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)
167 {
168 uint32_t x1, x2, k1, k2;
169 24 x1 = FLINV_IN >> 32;
170 24 x2 = FLINV_IN & MASK32;
171 24 k1 = KE >> 32;
172 24 k2 = KE & MASK32;
173 24 x1 = x1 ^ (x2 | k2);
174 24 x2 = x2 ^ LR32((x1 & k1), 1);
175 24 return ((uint64_t)x1 << 32) | (uint64_t)x2;
176 }
177
178 static const uint8_t shifts[2][12] = {
179 {0, 15, 15, 45, 45, 60, 94, 94, 111},
180 {0, 15, 15, 30, 45, 45, 60, 60, 77, 94, 94, 111}
181 };
182
183 static const uint8_t vars[2][12] = {
184 {2, 0, 2, 0, 2, 2, 0, 2, 0},
185 {3, 1, 2, 3, 0, 2, 1, 3, 0, 1, 2, 0}
186 };
187
188 4 static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])
189 {
190 int i;
191 uint64_t *Kd[4], d[2];
192 4 Kd[0] = Kl;
193 4 Kd[1] = Kr;
194 4 Kd[2] = Ka;
195 4 Kd[3] = Kb;
196 4 cs->Kw[0] = Kl[0];
197 4 cs->Kw[1] = Kl[1];
198
2/2
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 2 times.
 4 if (cs->key_bits == 128) {
199
2/2
✓ Branch 0 taken 18 times.
✓ Branch 1 taken 2 times.
 20 for (i = 0; i < 9; i++) {
200 18 LR128(d, Kd[vars[0][i]], shifts[0][i]);
201 18 cs->K[2*i] = d[0];
202 18 cs->K[2*i+1] = d[1];
203 }
204 2 LR128(d, Kd[0], 60);
205 2 cs->K[9] = d[1];
206 2 LR128(d, Kd[2], 30);
207 2 cs->Ke[0] = d[0];
208 2 cs->Ke[1] = d[1];
209 2 LR128(d, Kd[0], 77);
210 2 cs->Ke[2] = d[0];
211 2 cs->Ke[3] = d[1];
212 2 LR128(d, Kd[2], 111);
213 2 cs->Kw[2] = d[0];
214 2 cs->Kw[3] = d[1];
215 } else {
216
2/2
✓ Branch 0 taken 24 times.
✓ Branch 1 taken 2 times.
 26 for (i = 0; i < 12; i++) {
217 24 LR128(d, Kd[vars[1][i]], shifts[1][i]);
218 24 cs->K[2*i] = d[0];
219 24 cs->K[2*i+1] = d[1];
220 }
221 2 LR128(d, Kd[1], 30);
222 2 cs->Ke[0] = d[0];
223 2 cs->Ke[1] = d[1];
224 2 LR128(d, Kd[0], 60);
225 2 cs->Ke[2] = d[0];
226 2 cs->Ke[3] = d[1];
227 2 LR128(d, Kd[2], 77);
228 2 cs->Ke[4] = d[0];
229 2 cs->Ke[5] = d[1];
230 2 LR128(d, Kd[3], 111);
231 2 cs->Kw[2] = d[0];
232 2 cs->Kw[3] = d[1];
233 }
234 4 }
235
236 5 static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)
237 {
238 uint64_t D1, D2;
239 5 D1 = AV_RB64(src);
240 5 D2 = AV_RB64(src + 8);
241 5 D1 ^= cs->Kw[0];
242 5 D2 ^= cs->Kw[1];
243 5 D2 ^= F(D1, cs->K[0]);
244 5 D1 ^= F(D2, cs->K[1]);
245 5 D2 ^= F(D1, cs->K[2]);
246 5 D1 ^= F(D2, cs->K[3]);
247 5 D2 ^= F(D1, cs->K[4]);
248 5 D1 ^= F(D2, cs->K[5]);
249 5 D1 = FL(D1, cs->Ke[0]);
250 5 D2 = FLINV(D2, cs->Ke[1]);
251 5 D2 ^= F(D1, cs->K[6]);
252 5 D1 ^= F(D2, cs->K[7]);
253 5 D2 ^= F(D1, cs->K[8]);
254 5 D1 ^= F(D2, cs->K[9]);
255 5 D2 ^= F(D1, cs->K[10]);
256 5 D1 ^= F(D2, cs->K[11]);
257 5 D1 = FL(D1, cs->Ke[2]);
258 5 D2 = FLINV(D2, cs->Ke[3]);
259 5 D2 ^= F(D1, cs->K[12]);
260 5 D1 ^= F(D2, cs->K[13]);
261 5 D2 ^= F(D1, cs->K[14]);
262 5 D1 ^= F(D2, cs->K[15]);
263 5 D2 ^= F(D1, cs->K[16]);
264 5 D1 ^= F(D2, cs->K[17]);
265
2/2
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 3 times.
 5 if (cs->key_bits != 128) {
266 2 D1 = FL(D1, cs->Ke[4]);
267 2 D2 = FLINV(D2, cs->Ke[5]);
268 2 D2 ^= F(D1, cs->K[18]);
269 2 D1 ^= F(D2, cs->K[19]);
270 2 D2 ^= F(D1, cs->K[20]);
271 2 D1 ^= F(D2, cs->K[21]);
272 2 D2 ^= F(D1, cs->K[22]);
273 2 D1 ^= F(D2, cs->K[23]);
274 }
275 5 D2 ^= cs->Kw[2];
276 5 D1 ^= cs->Kw[3];
277 5 AV_WB64(dst, D2);
278 5 AV_WB64(dst + 8, D1);
279 5 }
280
281 5 static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)
282 {
283 uint64_t D1, D2;
284 5 D1 = AV_RB64(src);
285 5 D2 = AV_RB64(src + 8);
286 5 D1 ^= cs->Kw[2];
287 5 D2 ^= cs->Kw[3];
288
2/2
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 3 times.
 5 if (cs->key_bits != 128) {
289 2 D2 ^= F(D1, cs->K[23]);
290 2 D1 ^= F(D2, cs->K[22]);
291 2 D2 ^= F(D1, cs->K[21]);
292 2 D1 ^= F(D2, cs->K[20]);
293 2 D2 ^= F(D1, cs->K[19]);
294 2 D1 ^= F(D2, cs->K[18]);
295 2 D1 = FL(D1, cs->Ke[5]);
296 2 D2 = FLINV(D2, cs->Ke[4]);
297 }
298 5 D2 ^= F(D1, cs->K[17]);
299 5 D1 ^= F(D2, cs->K[16]);
300 5 D2 ^= F(D1, cs->K[15]);
301 5 D1 ^= F(D2, cs->K[14]);
302 5 D2 ^= F(D1, cs->K[13]);
303 5 D1 ^= F(D2, cs->K[12]);
304 5 D1 = FL(D1, cs->Ke[3]);
305 5 D2 = FLINV(D2, cs->Ke[2]);
306 5 D2 ^= F(D1, cs->K[11]);
307 5 D1 ^= F(D2, cs->K[10]);
308 5 D2 ^= F(D1, cs->K[9]);
309 5 D1 ^= F(D2, cs->K[8]);
310 5 D2 ^= F(D1, cs->K[7]);
311 5 D1 ^= F(D2, cs->K[6]);
312 5 D1 = FL(D1, cs->Ke[1]);
313 5 D2 = FLINV(D2, cs->Ke[0]);
314 5 D2 ^= F(D1, cs->K[5]);
315 5 D1 ^= F(D2, cs->K[4]);
316 5 D2 ^= F(D1, cs->K[3]);
317 5 D1 ^= F(D2, cs->K[2]);
318 5 D2 ^= F(D1, cs->K[1]);
319 5 D1 ^= F(D2, cs->K[0]);
320 5 D2 ^= cs->Kw[0];
321 5 D1 ^= cs->Kw[1];
322
2/2
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 3 times.
 5 if (iv) {
323 2 D2 ^= AV_RB64(iv);
324 2 D1 ^= AV_RB64(iv + 8);
325 2 memcpy(iv, src, 16);
326 }
327 5 AV_WB64(dst, D2);
328 5 AV_WB64(dst + 8, D1);
329 5 }
330
331 4 static void computeSP(void)
332 {
333 uint64_t z;
334 int i;
335
2/2
✓ Branch 0 taken 1024 times.
✓ Branch 1 taken 4 times.
 1028 for (i = 0; i < 256; i++) {
336 1024 z = SBOX1[i];
337 1024 SP[0][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ z;
338 1024 SP[7][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ (z << 16) ^ (z << 8);
339 1024 z = SBOX2[i];
340 1024 SP[1][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 16);
341 1024 SP[4][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8) ^ z;
342 1024 z = SBOX3[i];
343 1024 SP[2][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8);
344 1024 SP[5][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 8) ^ z;
345 1024 z = SBOX4[i];
346 1024 SP[3][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 8) ^ z;
347 1024 SP[6][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 24) ^ (z << 16) ^ z;
348 }
349 4 }
350
351 1 struct AVCAMELLIA *av_camellia_alloc(void)
352 {
353 1 return av_mallocz(sizeof(struct AVCAMELLIA));
354 }
355
356 4 av_cold int av_camellia_init(AVCAMELLIA *cs, const uint8_t *key, int key_bits)
357 {
358 uint64_t Kl[2], Kr[2], Ka[2], Kb[2];
359 uint64_t D1, D2;
360
5/6
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 2 times.
✓ Branch 2 taken 1 times.
✓ Branch 3 taken 1 times.
✗ Branch 4 not taken.
✓ Branch 5 taken 1 times.
 4 if (key_bits != 128 && key_bits != 192 && key_bits != 256)
361 return AVERROR(EINVAL);
362 4 memset(Kb, 0, sizeof(Kb));
363 4 memset(Kr, 0, sizeof(Kr));
364 4 cs->key_bits = key_bits;
365 4 Kl[0] = AV_RB64(key);
366 4 Kl[1] = AV_RB64(key + 8);
367
2/2
✓ Branch 0 taken 1 times.
✓ Branch 1 taken 3 times.
 4 if (key_bits == 192) {
368 1 Kr[0] = AV_RB64(key + 16);
369 1 Kr[1] = ~Kr[0];
370
2/2
✓ Branch 0 taken 1 times.
✓ Branch 1 taken 2 times.
 3 } else if (key_bits == 256) {
371 1 Kr[0] = AV_RB64(key + 16);
372 1 Kr[1] = AV_RB64(key + 24);
373 }
374 4 computeSP();
375 4 D1 = Kl[0] ^ Kr[0];
376 4 D2 = Kl[1] ^ Kr[1];
377 4 D2 ^= F(D1, Sigma1);
378 4 D1 ^= F(D2, Sigma2);
379 4 D1 ^= Kl[0];
380 4 D2 ^= Kl[1];
381 4 D2 ^= F(D1, Sigma3);
382 4 D1 ^= F(D2, Sigma4);
383 4 Ka[0] = D1;
384 4 Ka[1] = D2;
385
2/2
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 2 times.
 4 if (key_bits != 128) {
386 2 D1 = Ka[0] ^ Kr[0];
387 2 D2 = Ka[1] ^ Kr[1];
388 2 D2 ^= F(D1, Sigma5);
389 2 D1 ^= F(D2, Sigma6);
390 2 Kb[0] = D1;
391 2 Kb[1] = D2;
392 }
393 4 generate_round_keys(cs, Kl, Kr, Ka, Kb);
394 4 return 0;
395 }
396
397 8 void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
398 {
399 int i;
400
2/2
✓ Branch 0 taken 10 times.
✓ Branch 1 taken 8 times.
 18 while (count--) {
401
2/2
✓ Branch 0 taken 5 times.
✓ Branch 1 taken 5 times.
 10 if (decrypt) {
402 5 camellia_decrypt(cs, dst, src, iv);
403 } else {
404
2/2
✓ Branch 0 taken 2 times.
✓ Branch 1 taken 3 times.
 5 if (iv) {
405
2/2
✓ Branch 0 taken 32 times.
✓ Branch 1 taken 2 times.
 34 for (i = 0; i < 16; i++)
406 32 dst[i] = src[i] ^ iv[i];
407 2 camellia_encrypt(cs, dst, dst);
408 2 memcpy(iv, dst, 16);
409 } else {
410 3 camellia_encrypt(cs, dst, src);
411 }
412 }
413 10 src = src + 16;
414 10 dst = dst + 16;
415 }
416 8 }
417