Hello,

I have updated the patch. Please let me know if any further changes are
required.

Thanks,

Supraja

On Sat, Dec 27, 2014 at 11:04 PM, Giorgio Vazzana <mywin...@gmail.com>
wrote:

> 2014-12-26 20:01 GMT+01:00 Michael Niedermayer <michae...@gmx.at>:
> > [...]
> >
> >> +static uint64_t F(uint64_t F_IN, uint64_t KE)
> >> +{
> >> +    uint32_t Zl, Zr;
> >
> >> +    Zl = (F_IN >> 32) ^ (KE >> 32);
> >> +    Zr = (F_IN & MASK32) ^ (KE & MASK32);
> >
> > KE ^= F_IN;
> > Zl = KE >> 32;
> > Zr = KE & MASK32;
> >
> >
> >> +    Zl = ((SBOX1[(Zl >> 24) & MASK8] << 24) | (SBOX2[(Zl >> 16) &
> MASK8] << 16) |(SBOX3[(Zl >> 8) & MASK8] << 8) |(SBOX4[Zl & MASK8]));
> >> +    Zr = ((SBOX2[(Zr >> 24) & MASK8] << 24) | (SBOX3[(Zr >> 16) &
> MASK8] << 16) |(SBOX4[(Zr >> 8) & MASK8] << 8) |(SBOX1[Zr & MASK8]));
> >
> > (Zl >> 24) and (Zr >> 24) are limited to 8bit they should not need
> > & MASK8
> >
> > ((uint32_t)SBOX1[Zl >> 24]) << 24)
>
> Maybe this will be useful later: on 64-bit processors, if MASK8 is a
> 64-bit constant, this may be faster:
>
> KE ^= F_IN;
> Zl = ((uint32_t)SBOX1[KE >> 56] << 24) | ((uint32_t)SBOX2[(KE >> 48) &
> MASK8] << 16) | ...
>
> > +    Zl ^= LR32(Zr, 8);
> > +    Zr ^= LR32(Zl, 16);
> > +    Zl ^= RR32(Zr, 8);
> > +    Zr ^= RR32(Zl, 8);
>
> The instructions above have a long critical path (each one depends on
> the previous one), and this is probably where we lose most speed at
> the moment.
>
> > it would also be possible to reduce the number of operations at the
> > expense of larger tables but iam not sure that would be a good idea
>
> On 64-bit processors, a big speedup can be obtained by computing S and
> P operation together, using 8 8x64 bit sboxes (a total of 16kB of
> data) that can be computed in the initialization phase from
> SBOX1...SBOX4.
>
> But all these suggestions can be implemented later. My main objection
> with this patch is using one big array for all subkeys.
>
> >
> >
> > [...]
> >
> >> +static const int shift1[2][6] = {
> >> +    {0, 15, 30, 17, 17, 17},
> >> +    {0, 15, 15, 15, 34, 17}
> >> +};
> >> +static const int pos1[2][6] = {
> >> +    {0, 4, 10, 16, 18, 22},
> >> +    {2, 6, 8, 14, 20, 24}
> >> +};
> >> +static const int pos2[4][4]= {
> >> +    {0, 12, 16, 22},
> >> +    {6, 14, 24, 28},
> >> +    {2, 10, 20, 32},
> >> +    {4, 8, 18, 26}
> >> +};
> >> +static const int shift2[4][5]= {
> >> +    {0, 45, 15, 17},
> >> +    {15, 30, 32, 17},
> >> +    {0, 30, 30, 51},
> >> +    {15, 15, 30, 34}
> >> +};
> >
> > these could be made uint8_t
> >
> > [...]
> >
> > --
> > Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> >
> > Frequently ignored answer#1 FFmpeg bugs should be sent to our
> bugtracker. User
> > questions about the command line tools should be sent to the ffmpeg-user
> ML.
> > And questions about how to use libav* should be sent to the libav-user
> ML.
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
From 4d702f288d5681659ce5fcb8aa847d40cc3627c5 Mon Sep 17 00:00:00 2001
From: Supraja Meedinti <supraja0...@gmail.com>
Date: Mon, 29 Dec 2014 22:02:43 +0530
Subject: [PATCH] libavutil: Added camellia block cipher

Signed-off-by: Supraja Meedinti <supraja0...@gmail.com>
---
 libavutil/Makefile   |   3 +
 libavutil/camellia.c | 470 +++++++++++++++++++++++++++++++++++++++++++++++++++
 libavutil/camellia.h |  68 ++++++++
 3 files changed, 541 insertions(+)
 create mode 100644 libavutil/camellia.c
 create mode 100644 libavutil/camellia.h

diff --git a/libavutil/Makefile b/libavutil/Makefile
index c1aa8aa..4db89b8 100644
--- a/libavutil/Makefile
+++ b/libavutil/Makefile
@@ -16,6 +16,7 @@ HEADERS = adler32.h                                                     \
           bswap.h                                                       \
           buffer.h                                                      \
           cast5.h                                                       \
+          camellia.h                                                    \
           channel_layout.h                                              \
           common.h                                                      \
           cpu.h                                                         \
@@ -84,6 +85,7 @@ OBJS = adler32.o                                                        \
        bprint.o                                                         \
        buffer.o                                                         \
        cast5.o                                                          \
+       camellia.o                                                       \
        channel_layout.o                                                 \
        cpu.o                                                            \
        crc.o                                                            \
@@ -154,6 +156,7 @@ TESTPROGS = adler32                                                     \
             blowfish                                                    \
             bprint                                                      \
             cast5                                                       \
+            camellia                                                    \
             cpu                                                         \
             crc                                                         \
             des                                                         \
diff --git a/libavutil/camellia.c b/libavutil/camellia.c
new file mode 100644
index 0000000..e422c3d
--- /dev/null
+++ b/libavutil/camellia.c
@@ -0,0 +1,470 @@
+/*
+ * An implementation of the CAMELLIA algorithm as mentioned in RFC3713
+ * Copyright (c) 2014 Supraja Meedinti
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include "camellia.h"
+#include "common.h"
+#include "intreadwrite.h"
+#include "attributes.h"
+
+#define LR32(x,c) ((x) << (c) | (x) >> (32 - (c)))
+#define RR32(x,c) ((x) >> (c) | (x) << (32 - (c)))
+
+#define MASK8 0xff
+#define MASK32 0xffffffff
+#define MASK64 0xffffffffffffffff
+
+#define Sigma1  0xA09E667F3BCC908B
+#define Sigma2  0xB67AE8584CAA73B2
+#define Sigma3  0xC6EF372FE94F82BE
+#define Sigma4  0x54FF53A5F1D36F1C
+#define Sigma5  0x10E527FADE682D1D
+#define Sigma6  0xB05688C2B3E6C1FD
+
+typedef struct AVCAMELLIA {
+    uint64_t Kw[4];
+    uint64_t Ke[6];
+    uint64_t K[24];
+    int key_bits;
+} AVCAMELLIA;
+
+
+static void LR128(uint64_t* d, uint64_t *K, int x)
+{
+    if (!x) {
+        d[0] = K[0];
+        d[1] = K[1];
+    } else if (x > 64) {
+        x -= 64;
+        d[0] = (K[1] << x | K[0] >> (64 - x));
+        d[1] = (K[0] << x | K[1] >> (64 - x));
+    } else {
+        d[0] = (K[0] << x | K[1] >> (64 - x));
+        d[1] = (K[1] << x | K[0] >> (64 - x));
+    }
+}
+
+static const uint8_t SBOX1[256] =
+{
+    112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
+    35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
+    134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
+    166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
+    139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
+    223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
+    20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
+    254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
+    170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
+    16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9,  63, 221, 148,
+    135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
+    82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
+    233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
+    120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
+    114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
+    64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
+};
+
+static const uint8_t SBOX2[256] =
+{
+    224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130,
+    70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123,
+    13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52,
+    77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154,
+    23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51,
+    191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175,
+    40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68,
+    253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160,
+    85, 161,  65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165,
+    32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41,
+    15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197,
+    164, 55, 177, 76, 145, 110, 141, 118, 3,  45, 222, 150, 38, 125, 198, 92,
+    211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178,
+    240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245,
+    228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73,
+    128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61
+};
+
+static const uint8_t SBOX3[256] =
+{
+    56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160,
+    145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222,
+    67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13,
+    83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166,
+    197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204,
+    239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235,
+    10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17,
+    127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40,
+    85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105,
+    8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74,
+    195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
+    41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23,
+    244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172,
+    60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125,
+    57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82,
+    32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79
+};
+
+static const uint8_t SBOX4[256] =
+{
+    112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146,
+    134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108,
+    139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4,
+    20, 58, 222, 17,  50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105,
+    170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221,
+    135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99,
+    233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141,
+    114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128,
+    130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189,
+    184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77,
+    13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215,
+    88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80,
+    208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148,
+    92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46,
+    121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250,
+    7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158
+};
+
+const int av_camellia_size = sizeof(AVCAMELLIA);
+
+static uint64_t F(uint64_t F_IN, uint64_t KE)
+{
+    uint32_t Zl, Zr;
+    Zl = (F_IN >> 32) ^ (KE >> 32);
+    Zr = (F_IN & MASK32) ^ (KE & MASK32);
+    Zl = (((uint32_t)SBOX1[(Zl >> 24)] << 24) | ((uint32_t)SBOX2[(Zl >> 16) & MASK8] << 16) | ((uint32_t)SBOX3[(Zl >> 8) & MASK8] << 8) |(SBOX4[Zl & MASK8]));
+    Zr = (((uint32_t)SBOX2[(Zr >> 24)] << 24) | ((uint32_t)SBOX3[(Zr >> 16) & MASK8] << 16) | ((uint32_t)SBOX4[(Zr >> 8) & MASK8] << 8) |(SBOX1[Zr & MASK8]));
+    Zl ^= LR32(Zr, 8);
+    Zr ^= LR32(Zl, 16);
+    Zl ^= RR32(Zr, 8);
+    Zr ^= RR32(Zl, 8);
+    return ((uint64_t)Zr << 32) | (uint64_t)Zl;
+}
+
+static uint64_t FL(uint64_t FL_IN, uint64_t KE)
+{
+    uint32_t x1, x2, k1, k2;
+    x1 = FL_IN >> 32;
+    x2 = FL_IN & MASK32;
+    k1 = KE >> 32;
+    k2 = KE & MASK32;
+    x2 = x2 ^ LR32((x1 & k1), 1);
+    x1 = x1 ^ (x2 | k2);
+    return ((uint64_t)x1 << 32) | (uint64_t)x2;
+}
+
+static uint64_t FLINV(uint64_t FLINV_IN, uint64_t KE)
+{
+    uint32_t x1, x2, k1, k2;
+    x1 = FLINV_IN >> 32;
+    x2 = FLINV_IN & MASK32;
+    k1 = KE >> 32;
+    k2 = KE & MASK32;
+    x1 = x1 ^ (x2 | k2);
+    x2 = x2 ^ LR32((x1 & k1), 1);
+    return ((uint64_t)x1 << 32) | (uint64_t)x2;
+}
+
+static const uint8_t shifts[2][12] = {
+    {0,15,15,45,45,60,94,94,111},
+    {0,15,15,30,45,45,60,60,77,94,94,111}
+};
+
+static const uint8_t vars[2][12] = {
+    {2,0,2,0,2,2,0,2,0},
+    {3,1,2,3,0,2,1,3,0,1,2,0}
+};
+
+static void generate_round_keys(AVCAMELLIA* cs, uint64_t *Ka, uint64_t *Kb, uint64_t *Kl, uint64_t *Kr)
+{
+    int i;
+    uint64_t *Kd[4], d[2];
+    Kd[0] = Kl;
+    Kd[1] = Kr;
+    Kd[2] = Ka;
+    Kd[3] = Kb;
+    cs->Kw[0] = Kl[0];
+    cs->Kw[1] = Kl[1];
+    if (cs->key_bits == 128) {
+        for (i = 0; i < 9; i++) {
+            LR128(d, Kd[vars[0][i]], shifts[0][i]);
+            cs->K[2*i] = d[0];
+            cs->K[2*i+1] = d[1];
+        }
+        LR128(d, Kd[0], 60);
+        cs->K[9] = d[1];
+        LR128(d, Kd[2], 30);
+        cs->Ke[0] = d[0];
+        cs->Ke[1] = d[1];
+        LR128(d, Kd[0], 77);
+        cs->Ke[2] = d[0];
+        cs->Ke[3] = d[1];
+        LR128(d, Kd[2], 111);
+        cs->Kw[2] = d[0];
+        cs->Kw[3] = d[1];
+    } else {
+        for ( i = 0; i < 12; i++) {
+
+            LR128(d, Kd[vars[1][i]], shifts[1][i]);
+            cs->K[2*i] = d[0];
+            cs->K[2*i+1] = d[1];
+        }
+        LR128(d, Kd[1], 30);
+        cs->Ke[0] = d[0];
+        cs->Ke[1] = d[1];
+        LR128(d, Kd[0], 60);
+        cs->Ke[2] = d[0];
+        cs->Ke[3] = d[1];
+        LR128(d, Kd[2], 77);
+        cs->Ke[4] = d[0];
+        cs->Ke[5] = d[1];
+        LR128(d, Kd[3], 111);
+        cs->Kw[2] = d[0];
+        cs->Kw[3] = d[1];
+    }
+}
+
+static void camellia_decrypt(AVCAMELLIA* cs, uint8_t* dst, const uint8_t* src, uint8_t* iv)
+{
+    uint64_t D1, D2;
+    D1 = AV_RB64(src);
+    D2 = AV_RB64(src + 8);
+    D1 ^= cs->Kw[2];
+    D2 ^= cs->Kw[3];
+    if (cs->key_bits != 128) {
+        D2 ^= F(D1, cs->K[23]);
+        D1 ^= F(D2, cs->K[22]);
+        D2 ^= F(D1, cs->K[21]);
+        D1 ^= F(D2, cs->K[20]);
+        D2 ^= F(D1, cs->K[19]);
+        D1 ^= F(D2, cs->K[18]);
+        D1 = FL(D1, cs->Ke[5]);
+        D2 = FLINV(D2, cs->Ke[4]);
+    }
+    D2 ^= F(D1, cs->K[17]);
+    D1 ^= F(D2, cs->K[16]);
+    D2 ^= F(D1, cs->K[15]);
+    D1 ^= F(D2, cs->K[14]);
+    D2 ^= F(D1, cs->K[13]);
+    D1 ^= F(D2, cs->K[12]);
+    D1 = FL(D1, cs->Ke[3]);
+    D2 = FLINV(D2, cs->Ke[2]);
+    D2 ^= F(D1, cs->K[11]);
+    D1 ^= F(D2, cs->K[10]);
+    D2 ^= F(D1, cs->K[9]);
+    D1 ^= F(D2, cs->K[8]);
+    D2 ^= F(D1, cs->K[7]);
+    D1 ^= F(D2, cs->K[6]);
+    D1 = FL(D1, cs->Ke[1]);
+    D2 = FLINV(D2, cs->Ke[0]);
+    D2 ^= F(D1, cs->K[5]);
+    D1 ^= F(D2, cs->K[4]);
+    D2 ^= F(D1, cs->K[3]);
+    D1 ^= F(D2, cs->K[2]);
+    D2 ^= F(D1, cs->K[1]);
+    D1 ^= F(D2, cs->K[0]);
+    D2 ^= cs->Kw[0];
+    D1 ^= cs->Kw[1];
+    if (iv) {
+        D2 ^= AV_RB64(iv);
+        D1 ^= AV_RB64(iv + 8);
+        memcpy(iv, src, 16);
+    }
+    AV_WB64(dst, D2);
+    AV_WB64(dst + 8, D1);
+}
+
+static void camellia_encrypt(AVCAMELLIA* cs, uint8_t* dst, const uint8_t* src)
+{
+    uint64_t D1, D2;
+    D1 = AV_RB64(src);
+    D2 = AV_RB64(src + 8);
+    D1 ^= cs->Kw[0];
+    D2 ^= cs->Kw[1];
+    D2 ^= F(D1, cs->K[0]);
+    D1 ^= F(D2, cs->K[1]);
+    D2 ^= F(D1, cs->K[2]);
+    D1 ^= F(D2, cs->K[3]);
+    D2 ^= F(D1, cs->K[4]);
+    D1 ^= F(D2, cs->K[5]);
+    D1 = FL(D1, cs->Ke[0]);
+    D2 = FLINV(D2, cs->Ke[1]);
+    D2 ^= F(D1, cs->K[6]);
+    D1 ^= F(D2, cs->K[7]);
+    D2 ^= F(D1, cs->K[8]);
+    D1 ^= F(D2, cs->K[9]);
+    D2 ^= F(D1, cs->K[10]);
+    D1 ^= F(D2, cs->K[11]);
+    D1 = FL(D1, cs->Ke[2]);
+    D2 = FLINV(D2, cs->Ke[3]);
+    D2 ^= F(D1, cs->K[12]);
+    D1 ^= F(D2, cs->K[13]);
+    D2 ^= F(D1, cs->K[14]);
+    D1 ^= F(D2, cs->K[15]);
+    D2 ^= F(D1, cs->K[16]);
+    D1 ^= F(D2, cs->K[17]);
+    if (cs->key_bits != 128) {
+        D1 = FL(D1, cs->Ke[4]);
+        D2 = FLINV(D2, cs->Ke[5]);
+        D2 ^= F(D1, cs->K[18]);
+        D1 ^= F(D2, cs->K[19]);
+        D2 ^= F(D1, cs->K[20]);
+        D1 ^= F(D2, cs->K[21]);
+        D2 ^= F(D1, cs->K[22]);
+        D1 ^= F(D2, cs->K[23]);
+    }
+    D2 ^= cs->Kw[2];
+    D1 ^= cs->Kw[3];
+    AV_WB64(dst, D2);
+    AV_WB64(dst + 8, D1);
+}
+
+struct AVCAMELLIA *av_camellia_alloc(void)
+{
+    return av_mallocz(sizeof(struct AVCAMELLIA));
+}
+
+av_cold int av_camellia_init(AVCAMELLIA* cs, const uint8_t *key, int key_bits)
+{
+    uint64_t Kl[2], Kr[2], Ka[2], Kb[2];
+    uint64_t D1, D2;
+    if (key_bits != 128 && key_bits != 192 && key_bits != 256)
+        return -1;
+    memset(Kb, 0, sizeof(Kb));
+    memset(Kr, 0, sizeof(Kr));
+    cs->key_bits = key_bits;
+    Kl[0] = AV_RB64(key);
+    Kl[1] = AV_RB64(key + 8);
+    if (key_bits == 192) {
+        Kr[0] = AV_RB64(key + 16);
+        Kr[1] = ~Kr[0];
+    } else if (key_bits == 256) {
+        Kr[0] = AV_RB64(key + 16);
+        Kr[1] = AV_RB64(key + 24);
+    }
+    D1 = Kl[0] ^ Kr[0];
+    D2 = Kl[1] ^ Kr[1];
+    D2 ^= F(D1, Sigma1);
+    D1 ^= F(D2, Sigma2);
+    D1 ^= Kl[0];
+    D2 ^= Kl[1];
+    D2 ^= F(D1, Sigma3);
+    D1 ^= F(D2, Sigma4);
+    Ka[0] = D1;
+    Ka[1] = D2;
+    if (key_bits != 128) {
+        D1 = Ka[0] ^ Kr[0];
+        D2 = Ka[1] ^ Kr[1];
+        D2 ^= F(D1, Sigma5);
+        D1 ^= F(D2, Sigma6);
+        Kb[0] = D1;
+        Kb[1] = D2;
+    }
+    generate_round_keys(cs, Ka, Kb, Kl, Kr);
+    return 0;
+}
+
+void av_camellia_crypt(AVCAMELLIA* cs, uint8_t* dst, const uint8_t* src, int count, uint8_t *iv, int decrypt)
+{
+    int i;
+    while (count--) {
+        if (decrypt) {
+            camellia_decrypt(cs, dst, src, iv);
+        } else {
+            if (iv) {
+                for (i = 0; i < 16; i++)
+                    dst[i] = src[i] ^ iv[i];
+                camellia_encrypt(cs, dst, dst);
+                memcpy(iv, dst, 16);
+            } else {
+                camellia_encrypt(cs, dst, src);
+            }
+        }
+        src = src + 16;
+        dst = dst + 16;
+    }
+}
+
+#ifdef TEST
+#include<stdio.h>
+#include<stdlib.h>
+#include"log.h"
+
+int main(int argc, char** argv)
+{
+    const uint8_t Key[3][32] = {
+        {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+        {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77},
+        {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}
+    };
+    const uint8_t rpt[16] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
+    const uint8_t rct[3][16] = {
+        {0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43},
+        {0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9,0x96, 0xf8, 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9},
+        {0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09}
+    };
+    const uint8_t rpt2[32] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
+    const int kbits[3] = {128, 192, 256};
+    int i, j, err = 0;
+    uint8_t temp[16], temp2[32], iv[16];
+    AVCAMELLIA *cs;
+    cs = av_camellia_alloc();
+    if (!cs)
+        return 1;
+    for (j = 0; j < 3; j++) {
+        av_camellia_init(cs, Key[j], kbits[j]);
+        av_camellia_crypt(cs, temp, rpt, 1, NULL, 0);
+        for (i = 0; i < 16; i++) {
+            if (rct[j][i] != temp[i]) {
+                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rct[j][i], temp[i]);
+                err = 1;
+            }
+        }
+        av_camellia_crypt(cs, temp, rct[j], 1, NULL, 1);
+        for (i = 0; i < 16; i++) {
+            if (rpt[i] != temp[i]) {
+                av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt[i], temp[i]);
+                err = 1;
+            }
+        }
+    }
+
+    av_camellia_init(cs, Key[2], 256);
+    av_camellia_crypt(cs, temp2, rpt2, 2, NULL, 0);
+    av_camellia_crypt(cs, temp2, temp2, 2, NULL, 1);
+    for (i = 0; i < 32; i++) {
+        if (rpt2[i] != temp2[i]) {
+            av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt2[i], temp2[i]);
+            err = 1;
+        }
+    }
+    av_camellia_init(cs, Key[0], 128);
+    memcpy(iv, "HALLO123HALLO123", 16);
+    av_camellia_crypt(cs, temp2, rpt2, 2, iv, 0);
+    memcpy(iv, "HALLO123HALLO123", 16);
+    av_camellia_crypt(cs, temp2, temp2, 2, iv, 1);
+    for (i = 0; i < 32; i++) {
+        if (rpt2[i] != temp2[i]) {
+            av_log(NULL, AV_LOG_ERROR, "%d %02x %02x\n", i, rpt2[i], temp2[i]);
+            err = 1;
+        }
+    }
+    av_free(cs);
+    return err;
+}
+#endif
diff --git a/libavutil/camellia.h b/libavutil/camellia.h
new file mode 100644
index 0000000..41076d4
--- /dev/null
+++ b/libavutil/camellia.h
@@ -0,0 +1,68 @@
+/*
+ * An implementation of the CAMELLIA algorithm as mentioned in RFC3713
+ * Copyright (c) 2014 Supraja Meedinti
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVUTIL_CAMELLIA_H
+#define AVUTIL_CAMELLIA_H
+
+#include <stdint.h>
+
+
+/**
+  * @file
+  * @brief Public header for libavutil CAMELLIA algorithm
+  * @defgroup lavu_camellia CAMELLIA
+  * @ingroup lavu_crypto
+  * @{
+  */
+
+extern const int av_camellia_size;
+
+struct AVCAMELLIA;
+
+/**
+  * Allocate an AVCAMELLIA context
+  * To free the struct: av_free(ptr)
+  */
+struct AVCAMELLIA *av_camellia_alloc(void);
+/**
+  * Initialize an AVCAMELLIA context.
+  *
+  * @param ctx an AVCAMELLIA context
+  * @param key a key of 16, 24, 32 bytes used for encryption/decryption
+  * @param key_bits number of keybits: possible are 128, 192, 256
+ */
+int av_camellia_init(struct AVCAMELLIA *ctx, const uint8_t *key, int key_bits);
+
+/**
+  * Encrypt or decrypt a buffer using a previously initialized context
+  *
+  * @param ctx an AVCAMELLIA context
+  * @param dst destination array, can be equal to src
+  * @param src source array, can be equal to dst
+  * @param count number of 8 byte blocks
+  * @paran iv initialization vector for CBC mode, NULL for ECB mode
+  * @param decrypt 0 for encryption, 1 for decryption
+ */
+void av_camellia_crypt(struct AVCAMELLIA *ctx, uint8_t *dst, const uint8_t *src, int count, uint8_t* iv, int decrypt);
+/**
+ * @}
+ */
+#endif /* AVUTIL_CAMELLIA_H */
-- 
1.8.3.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to