LCOV - code coverage report
Current view: top level - src/libavutil - camellia.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 220 221 99.5 %
Date: 2017-01-21 09:32:20 Functions: 11 11 100.0 %

          Line data    Source code
       1             : /*
       2             :  * An implementation of the CAMELLIA algorithm as mentioned in RFC3713
       3             :  * Copyright (c) 2014 Supraja Meedinti
       4             :  *
       5             :  * This file is part of FFmpeg.
       6             :  *
       7             :  * FFmpeg is free software; you can redistribute it and/or
       8             :  * modify it under the terms of the GNU Lesser General Public
       9             :  * License as published by the Free Software Foundation; either
      10             :  * version 2.1 of the License, or (at your option) any later version.
      11             :  *
      12             :  * FFmpeg is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      15             :  * Lesser General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU Lesser General Public
      18             :  * License along with FFmpeg; if not, write to the Free Software
      19             :  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      20             :  */
      21             : #include "camellia.h"
      22             : #include "common.h"
      23             : #include "intreadwrite.h"
      24             : #include "attributes.h"
      25             : 
      26             : #define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))
      27             : #define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))
      28             : 
      29             : #define MASK8 0xff
      30             : #define MASK32 0xffffffff
      31             : #define MASK64 0xffffffffffffffff
      32             : 
      33             : #define Sigma1  0xA09E667F3BCC908B
      34             : #define Sigma2  0xB67AE8584CAA73B2
      35             : #define Sigma3  0xC6EF372FE94F82BE
      36             : #define Sigma4  0x54FF53A5F1D36F1C
      37             : #define Sigma5  0x10E527FADE682D1D
      38             : #define Sigma6  0xB05688C2B3E6C1FD
      39             : 
      40             : static uint64_t SP[8][256];
      41             : 
      42             : typedef struct AVCAMELLIA {
      43             :     uint64_t Kw[4];
      44             :     uint64_t Ke[6];
      45             :     uint64_t K[24];
      46             :     int key_bits;
      47             : } AVCAMELLIA;
      48             : 
      49             : static const uint8_t SBOX1[256] = {
      50             : 112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
      51             :  35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
      52             : 134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
      53             : 166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
      54             : 139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
      55             : 223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
      56             :  20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
      57             : 254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
      58             : 170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
      59             :  16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
      60             : 135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
      61             :  82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
      62             : 233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
      63             : 120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
      64             : 114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
      65             :  64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
      66             : };
      67             : 
      68             : static const uint8_t SBOX2[256] = {
      69             : 224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
      70             :  70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
      71             :  13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
      72             :  77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
      73             :  23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
      74             : 191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
      75             :  40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
      76             : 253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
      77             :  85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
      78             :  32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
      79             :  15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
      80             : 164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
      81             : 211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
      82             : 240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
      83             : 228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
      84             : 128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
      85             : };
      86             : 
      87             : static const uint8_t SBOX3[256] = {
      88             :  56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
      89             : 145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
      90             :  67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
      91             :  83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
      92             : 197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
      93             : 239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
      94             :  10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
      95             : 127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
      96             :  85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
      97             :   8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
      98             : 195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
      99             :  41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
     100             : 244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
     101             :  60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
     102             :  57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
     103             :  32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
     104             : };
     105             : 
     106             : static const uint8_t SBOX4[256] = {
     107             : 112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
     108             : 134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
     109             : 139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
     110             :  20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
     111             : 170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
     112             : 135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
     113             : 233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
     114             : 114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
     115             : 130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
     116             : 184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
     117             :  13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
     118             :  88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
     119             : 208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
     120             :  92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
     121             : 121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
     122             :   7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
     123             : };
     124             : 
     125             : const int av_camellia_size = sizeof(AVCAMELLIA);
     126             : 
     127          58 : static void LR128(uint64_t d[2], const uint64_t K[2], int x)
     128             : {
     129          58 :     int i = 0;
     130          58 :     if (64 <= x && x < 128) {
     131          22 :         i = 1;
     132          22 :         x -= 64;
     133             :     }
     134          58 :     if (x <= 0 || x >= 128) {
     135           4 :         d[0] = K[i];
     136           4 :         d[1] = K[!i];
     137           4 :         return;
     138             :     }
     139          54 :     d[0] = (K[i] << x | K[!i] >> (64 - x));
     140          54 :     d[1] = (K[!i] << x | K[i] >> (64 - x));
     141             : }
     142             : 
     143         224 : static uint64_t F(uint64_t F_IN, uint64_t KE)
     144             : {
     145         224 :     KE ^= F_IN;
     146         224 :     F_IN=SP[0][KE >> 56]^SP[1][(KE >> 48) & MASK8]^SP[2][(KE >> 40) & MASK8]^SP[3][(KE >> 32) & MASK8]^SP[4][(KE >> 24) & MASK8]^SP[5][(KE >> 16) & MASK8]^SP[6][(KE >> 8) & MASK8]^SP[7][KE & MASK8];
     147         224 :     return F_IN;
     148             : }
     149             : 
     150          24 : static uint64_t FL(uint64_t FL_IN, uint64_t KE)
     151             : {
     152             :     uint32_t x1, x2, k1, k2;
     153          24 :     x1 = FL_IN >> 32;
     154          24 :     x2 = FL_IN & MASK32;
     155          24 :     k1 = KE >> 32;
     156          24 :     k2 = KE & MASK32;
     157          24 :     x2 = x2 ^ LR32((x1 & k1), 1);
     158          24 :     x1 = x1 ^ (x2 | k2);
     159          24 :     return ((uint64_t)x1 << 32) | (uint64_t)x2;
     160             : }
     161             : 
     162          24 : static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)
     163             : {
     164             :     uint32_t x1, x2, k1, k2;
     165          24 :     x1 = FLINV_IN >> 32;
     166          24 :     x2 = FLINV_IN & MASK32;
     167          24 :     k1 = KE >> 32;
     168          24 :     k2 = KE & MASK32;
     169          24 :     x1 = x1 ^ (x2 | k2);
     170          24 :     x2 = x2 ^ LR32((x1 & k1), 1);
     171          24 :     return ((uint64_t)x1 << 32) | (uint64_t)x2;
     172             : }
     173             : 
     174             : static const uint8_t shifts[2][12] = {
     175             :     {0, 15, 15, 45, 45, 60, 94, 94, 111},
     176             :     {0, 15, 15, 30, 45, 45, 60, 60,  77, 94, 94, 111}
     177             : };
     178             : 
     179             : static const uint8_t vars[2][12] = {
     180             :     {2, 0, 2, 0, 2, 2, 0, 2, 0},
     181             :     {3, 1, 2, 3, 0, 2, 1, 3, 0, 1, 2, 0}
     182             : };
     183             : 
     184           4 : static void generate_round_keys(AVCAMELLIA *cs, uint64_t Kl[2], uint64_t Kr[2], uint64_t Ka[2], uint64_t Kb[2])
     185             : {
     186             :     int i;
     187             :     uint64_t *Kd[4], d[2];
     188           4 :     Kd[0] = Kl;
     189           4 :     Kd[1] = Kr;
     190           4 :     Kd[2] = Ka;
     191           4 :     Kd[3] = Kb;
     192           4 :     cs->Kw[0] = Kl[0];
     193           4 :     cs->Kw[1] = Kl[1];
     194           4 :     if (cs->key_bits == 128) {
     195          20 :         for (i = 0; i < 9; i++) {
     196          18 :             LR128(d, Kd[vars[0][i]], shifts[0][i]);
     197          18 :             cs->K[2*i] = d[0];
     198          18 :             cs->K[2*i+1] = d[1];
     199             :         }
     200           2 :         LR128(d, Kd[0], 60);
     201           2 :         cs->K[9] = d[1];
     202           2 :         LR128(d, Kd[2], 30);
     203           2 :         cs->Ke[0] = d[0];
     204           2 :         cs->Ke[1] = d[1];
     205           2 :         LR128(d, Kd[0], 77);
     206           2 :         cs->Ke[2] = d[0];
     207           2 :         cs->Ke[3] = d[1];
     208           2 :         LR128(d, Kd[2], 111);
     209           2 :         cs->Kw[2] = d[0];
     210           2 :         cs->Kw[3] = d[1];
     211             :     } else {
     212          26 :         for (i = 0; i < 12; i++) {
     213          24 :             LR128(d, Kd[vars[1][i]], shifts[1][i]);
     214          24 :             cs->K[2*i] = d[0];
     215          24 :             cs->K[2*i+1] = d[1];
     216             :         }
     217           2 :         LR128(d, Kd[1], 30);
     218           2 :         cs->Ke[0] = d[0];
     219           2 :         cs->Ke[1] = d[1];
     220           2 :         LR128(d, Kd[0], 60);
     221           2 :         cs->Ke[2] = d[0];
     222           2 :         cs->Ke[3] = d[1];
     223           2 :         LR128(d, Kd[2], 77);
     224           2 :         cs->Ke[4] = d[0];
     225           2 :         cs->Ke[5] = d[1];
     226           2 :         LR128(d, Kd[3], 111);
     227           2 :         cs->Kw[2] = d[0];
     228           2 :         cs->Kw[3] = d[1];
     229             :     }
     230           4 : }
     231             : 
     232           5 : static void camellia_encrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src)
     233             : {
     234             :     uint64_t D1, D2;
     235           5 :     D1 = AV_RB64(src);
     236           5 :     D2 = AV_RB64(src + 8);
     237           5 :     D1 ^= cs->Kw[0];
     238           5 :     D2 ^= cs->Kw[1];
     239           5 :     D2 ^= F(D1, cs->K[0]);
     240           5 :     D1 ^= F(D2, cs->K[1]);
     241           5 :     D2 ^= F(D1, cs->K[2]);
     242           5 :     D1 ^= F(D2, cs->K[3]);
     243           5 :     D2 ^= F(D1, cs->K[4]);
     244           5 :     D1 ^= F(D2, cs->K[5]);
     245           5 :     D1 = FL(D1, cs->Ke[0]);
     246           5 :     D2 = FLINV(D2, cs->Ke[1]);
     247           5 :     D2 ^= F(D1, cs->K[6]);
     248           5 :     D1 ^= F(D2, cs->K[7]);
     249           5 :     D2 ^= F(D1, cs->K[8]);
     250           5 :     D1 ^= F(D2, cs->K[9]);
     251           5 :     D2 ^= F(D1, cs->K[10]);
     252           5 :     D1 ^= F(D2, cs->K[11]);
     253           5 :     D1 = FL(D1, cs->Ke[2]);
     254           5 :     D2 = FLINV(D2, cs->Ke[3]);
     255           5 :     D2 ^= F(D1, cs->K[12]);
     256           5 :     D1 ^= F(D2, cs->K[13]);
     257           5 :     D2 ^= F(D1, cs->K[14]);
     258           5 :     D1 ^= F(D2, cs->K[15]);
     259           5 :     D2 ^= F(D1, cs->K[16]);
     260           5 :     D1 ^= F(D2, cs->K[17]);
     261           5 :     if (cs->key_bits != 128) {
     262           2 :         D1 = FL(D1, cs->Ke[4]);
     263           2 :         D2 = FLINV(D2, cs->Ke[5]);
     264           2 :         D2 ^= F(D1, cs->K[18]);
     265           2 :         D1 ^= F(D2, cs->K[19]);
     266           2 :         D2 ^= F(D1, cs->K[20]);
     267           2 :         D1 ^= F(D2, cs->K[21]);
     268           2 :         D2 ^= F(D1, cs->K[22]);
     269           2 :         D1 ^= F(D2, cs->K[23]);
     270             :     }
     271           5 :     D2 ^= cs->Kw[2];
     272           5 :     D1 ^= cs->Kw[3];
     273           5 :     AV_WB64(dst, D2);
     274           5 :     AV_WB64(dst + 8, D1);
     275           5 : }
     276             : 
     277           5 : static void camellia_decrypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, uint8_t *iv)
     278             : {
     279             :     uint64_t D1, D2;
     280           5 :     D1 = AV_RB64(src);
     281           5 :     D2 = AV_RB64(src + 8);
     282           5 :     D1 ^= cs->Kw[2];
     283           5 :     D2 ^= cs->Kw[3];
     284           5 :     if (cs->key_bits != 128) {
     285           2 :         D2 ^= F(D1, cs->K[23]);
     286           2 :         D1 ^= F(D2, cs->K[22]);
     287           2 :         D2 ^= F(D1, cs->K[21]);
     288           2 :         D1 ^= F(D2, cs->K[20]);
     289           2 :         D2 ^= F(D1, cs->K[19]);
     290           2 :         D1 ^= F(D2, cs->K[18]);
     291           2 :         D1 = FL(D1, cs->Ke[5]);
     292           2 :         D2 = FLINV(D2, cs->Ke[4]);
     293             :     }
     294           5 :     D2 ^= F(D1, cs->K[17]);
     295           5 :     D1 ^= F(D2, cs->K[16]);
     296           5 :     D2 ^= F(D1, cs->K[15]);
     297           5 :     D1 ^= F(D2, cs->K[14]);
     298           5 :     D2 ^= F(D1, cs->K[13]);
     299           5 :     D1 ^= F(D2, cs->K[12]);
     300           5 :     D1 = FL(D1, cs->Ke[3]);
     301           5 :     D2 = FLINV(D2, cs->Ke[2]);
     302           5 :     D2 ^= F(D1, cs->K[11]);
     303           5 :     D1 ^= F(D2, cs->K[10]);
     304           5 :     D2 ^= F(D1, cs->K[9]);
     305           5 :     D1 ^= F(D2, cs->K[8]);
     306           5 :     D2 ^= F(D1, cs->K[7]);
     307           5 :     D1 ^= F(D2, cs->K[6]);
     308           5 :     D1 = FL(D1, cs->Ke[1]);
     309           5 :     D2 = FLINV(D2, cs->Ke[0]);
     310           5 :     D2 ^= F(D1, cs->K[5]);
     311           5 :     D1 ^= F(D2, cs->K[4]);
     312           5 :     D2 ^= F(D1, cs->K[3]);
     313           5 :     D1 ^= F(D2, cs->K[2]);
     314           5 :     D2 ^= F(D1, cs->K[1]);
     315           5 :     D1 ^= F(D2, cs->K[0]);
     316           5 :     D2 ^= cs->Kw[0];
     317           5 :     D1 ^= cs->Kw[1];
     318           5 :     if (iv) {
     319           2 :         D2 ^= AV_RB64(iv);
     320           2 :         D1 ^= AV_RB64(iv + 8);
     321           2 :         memcpy(iv, src, 16);
     322             :     }
     323           5 :     AV_WB64(dst, D2);
     324           5 :     AV_WB64(dst + 8, D1);
     325           5 : }
     326             : 
     327           4 : static void computeSP(void)
     328             : {
     329             :     uint64_t z;
     330             :     int i;
     331        1028 :     for (i = 0; i < 256; i++) {
     332        1024 :         z = SBOX1[i];
     333        1024 :         SP[0][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ z;
     334        1024 :         SP[7][i] = (z << 56) ^ (z << 48) ^ (z << 40) ^ (z << 24) ^ (z << 16) ^ (z << 8);
     335        1024 :         z = SBOX2[i];
     336        1024 :         SP[1][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 16);
     337        1024 :         SP[4][i] = (z << 48) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8) ^ z;
     338        1024 :         z = SBOX3[i];
     339        1024 :         SP[2][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 16) ^ (z << 8);
     340        1024 :         SP[5][i] = (z << 56) ^ (z << 40) ^ (z << 32) ^ (z << 24) ^ (z << 8) ^ z;
     341        1024 :         z = SBOX4[i];
     342        1024 :         SP[3][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 8) ^ z;
     343        1024 :         SP[6][i] = (z << 56) ^ (z << 48) ^ (z << 32) ^ (z << 24) ^ (z << 16) ^ z;
     344             :     }
     345           4 : }
     346             : 
     347           1 : struct AVCAMELLIA *av_camellia_alloc(void)
     348             : {
     349           1 :     return av_mallocz(sizeof(struct AVCAMELLIA));
     350             : }
     351             : 
     352           4 : av_cold int av_camellia_init(AVCAMELLIA *cs, const uint8_t *key, int key_bits)
     353             : {
     354             :     uint64_t Kl[2], Kr[2], Ka[2], Kb[2];
     355             :     uint64_t D1, D2;
     356           4 :     if (key_bits != 128 && key_bits != 192 && key_bits != 256)
     357           0 :         return AVERROR(EINVAL);
     358           4 :     memset(Kb, 0, sizeof(Kb));
     359           4 :     memset(Kr, 0, sizeof(Kr));
     360           4 :     cs->key_bits = key_bits;
     361           4 :     Kl[0] = AV_RB64(key);
     362           4 :     Kl[1] = AV_RB64(key + 8);
     363           4 :     if (key_bits == 192) {
     364           1 :         Kr[0] = AV_RB64(key + 16);
     365           1 :         Kr[1] = ~Kr[0];
     366           3 :     } else if (key_bits == 256) {
     367           1 :         Kr[0] = AV_RB64(key + 16);
     368           1 :         Kr[1] = AV_RB64(key + 24);
     369             :     }
     370           4 :     computeSP();
     371           4 :     D1 = Kl[0] ^ Kr[0];
     372           4 :     D2 = Kl[1] ^ Kr[1];
     373           4 :     D2 ^= F(D1, Sigma1);
     374           4 :     D1 ^= F(D2, Sigma2);
     375           4 :     D1 ^= Kl[0];
     376           4 :     D2 ^= Kl[1];
     377           4 :     D2 ^= F(D1, Sigma3);
     378           4 :     D1 ^= F(D2, Sigma4);
     379           4 :     Ka[0] = D1;
     380           4 :     Ka[1] = D2;
     381           4 :     if (key_bits != 128) {
     382           2 :         D1 = Ka[0] ^ Kr[0];
     383           2 :         D2 = Ka[1] ^ Kr[1];
     384           2 :         D2 ^= F(D1, Sigma5);
     385           2 :         D1 ^= F(D2, Sigma6);
     386           2 :         Kb[0] = D1;
     387           2 :         Kb[1] = D2;
     388             :     }
     389           4 :     generate_round_keys(cs, Kl, Kr, Ka, Kb);
     390           4 :     return 0;
     391             : }
     392             : 
     393           8 : void av_camellia_crypt(AVCAMELLIA *cs, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
     394             : {
     395             :     int i;
     396          26 :     while (count--) {
     397          10 :         if (decrypt) {
     398           5 :             camellia_decrypt(cs, dst, src, iv);
     399             :         } else {
     400           5 :             if (iv) {
     401          34 :                 for (i = 0; i < 16; i++)
     402          32 :                     dst[i] = src[i] ^ iv[i];
     403           2 :                 camellia_encrypt(cs, dst, dst);
     404           2 :                 memcpy(iv, dst, 16);
     405             :             } else {
     406           3 :                 camellia_encrypt(cs, dst, src);
     407             :             }
     408             :         }
     409          10 :         src = src + 16;
     410          10 :         dst = dst + 16;
     411             :     }
     412           8 : }

Generated by: LCOV version 1.12