Add Camellia. Do not enable this if you are not doing interop

testing.  It is not (yet) legal OpenPGP, is not interop tested yet
(obviously), and it's a great way to lose your data.  Just don't do
it.

ChangeLog

@@ -1,3 +1,8 @@
+2007-06-13  David Shaw  <dshaw@jabberwocky.com>
+
+	* configure.ac: Add --enable-camellia.  Disabled by default.  Do
+	not enable this unless you're doing interop testing.
+
 2007-04-16  Werner Koch  <wk@g10code.com>
 
 	* acinclude.m4: Fix last change.  Make test self-conatined by

cipher/ChangeLog

@@ -1,5 +1,16 @@
-2006-12-11  Werner Koch  <wk@g10code.com>
+2007-06-13  David Shaw  <dshaw@jabberwocky.com>
 
+	* Makefile.am, algorithms.h, cipher.c (setup_cipher_table): Add
+	Camellia.
+
+	* camellia-glue.c: New.  These are glue functions to interface
+	GnuPG to the stock NTT Camellia distribution.
+
+	* camellia.h, camellia.c: New.  Version 1.2.0 of the Camellia code
+	(GPL) unchanged from
+	http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html
+
+2006-12-11  Werner Koch  <wk@g10code.com>
 
 	* elgamal.c (test_keys): Use new mpi_nlimb_hint_from_nbits
 	function.  This also rounds up the value.

cipher/Makefile.am

@@ -1,5 +1,5 @@
-# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005,
-#               2005 Free Software Foundation, Inc.
+#               2007 Free Software Foundation, Inc.
 #
 # This file is part of GnuPG.
 #
@@ -38,6 +38,7 @@ libcipher_a_SOURCES = cipher.c	\
 		 blowfish.c	\
 		 cast5.c	\
 		 rijndael.c     \
+		 camellia.c camellia.h camellia-glue.c \
 		 elgamal.c	\
 		 elgamal.h	\
 		 rsa.c rsa.h    \

cipher/algorithms.h

@@ -138,4 +138,12 @@ idea_get_info( int algo, size_t *keylen,
                void (**decryptf)( void *c, byte *outbuf, const byte *inbuf )
                );
 
+const char *
+camellia_get_info(int algo, size_t *keylen,
+		  size_t *blocksize, size_t *contextsize,
+		  int (**setkeyf)( void *c, const byte *key, unsigned keylen ),
+		  void (**encryptf)( void *c, byte *outbuf, const byte *inbuf),
+		  void (**decryptf)( void *c, byte *outbuf, const byte *inbuf )
+		  );
+
 #endif /*GNUPG_ALGORITHMS_H*/

cipher/camellia-glue.c

@@ -0,0 +1,173 @@
+/* camellia-glue.c - Glue for the Camellia cipher
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+/* I put the GnuPG-specific stuff in this file to keep the
+   camellia.c/camellia.h files exactly as provided by NTT.  If they
+   update their code, this should make it easier to bring the changes
+   in. - dshaw */
+
+#include <config.h>
+#include <sys/types.h>
+#include <string.h>
+#include "types.h"
+#include "cipher.h"
+#include "algorithms.h"
+#include "util.h"
+#include "errors.h"
+#include "camellia.h"
+
+typedef struct
+{
+  int keybitlength;
+  KEY_TABLE_TYPE keytable;
+} CAMELLIA_context;
+
+static const char *selftest(void);
+
+static void
+burn_stack(int bytes)
+{
+  char buf[128];
+
+  wipememory(buf,sizeof buf);
+  bytes -= sizeof buf;
+  if (bytes > 0)
+    burn_stack (bytes);
+}
+
+static int
+camellia_setkey(void *c, const byte *key, unsigned keylen)
+{
+  CAMELLIA_context *ctx=c;
+  static int initialized=0;
+  static const char *selftest_failed=NULL;
+
+  if(keylen!=32)
+    return G10ERR_WRONG_KEYLEN;
+
+  if(!initialized)
+    {
+      initialized=1;
+      selftest_failed=selftest();
+      if(selftest_failed)
+        log_error("%s\n",selftest_failed);
+    }
+
+  if(selftest_failed)
+    return G10ERR_SELFTEST_FAILED;
+
+  ctx->keybitlength=keylen*8;
+  Camellia_Ekeygen(ctx->keybitlength,key,ctx->keytable); 
+
+  burn_stack
+    ((19+34+34)*sizeof(u32)+2*sizeof(void*) /* camellia_setup256 */
+     +(4+32)*sizeof(u32)+2*sizeof(void*)    /* camellia_setup192 */
+     +0+sizeof(int)+2*sizeof(void*)         /* Camellia_Ekeygen */
+     +3*2*sizeof(void*)                     /* Function calls.  */
+     );
+
+  return 0;
+}
+
+static void
+camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
+{
+  CAMELLIA_context *ctx=c;
+
+  Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
+  burn_stack
+    (sizeof(int)+2*sizeof(unsigned char *)+sizeof(KEY_TABLE_TYPE)
+     +4*sizeof(u32)
+     +2*sizeof(u32*)+4*sizeof(u32)
+     +2*2*sizeof(void*) /* Function calls.  */
+    );
+}
+
+static void
+camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
+{
+  CAMELLIA_context *ctx=c;
+
+  Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
+  burn_stack
+    (sizeof(int)+2*sizeof(unsigned char *)+sizeof(KEY_TABLE_TYPE)
+     +4*sizeof(u32)
+     +2*sizeof(u32*)+4*sizeof(u32)
+     +2*2*sizeof(void*) /* Function calls.  */
+    );
+}
+
+static const char *
+selftest(void)
+{
+  CAMELLIA_context ctx;
+  byte scratch[16];
+
+  /* These test vectors are from RFC-3713 */
+  const byte plaintext[]=
+    {
+      0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+      0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
+    };
+  const byte key_256[]=
+    {
+      0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,
+      0x98,0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,
+      0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
+    };
+  const byte ciphertext_256[]=
+    {
+      0x9a,0xcc,0x23,0x7d,0xff,0x16,0xd7,0x6c,
+      0x20,0xef,0x7c,0x91,0x9e,0x3a,0x75,0x09
+    };
+
+  camellia_setkey(&ctx,key_256,sizeof(key_256));
+  camellia_encrypt(&ctx,scratch,plaintext);
+  if(memcmp(scratch,ciphertext_256,sizeof(ciphertext_256))!=0)
+    return "CAMELLIA-256 test encryption failed.";
+  camellia_decrypt(&ctx,scratch,scratch);
+  if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
+    return "CAMELLIA-256 test decryption failed.";
+
+  return NULL;
+}
+
+const char *
+camellia_get_info(int algo, size_t *keylen,
+		  size_t *blocksize, size_t *contextsize,
+		  int (**r_setkey)(void *c, const byte *key, unsigned keylen),
+		  void (**r_encrypt)(void *c, byte *outbuf, const byte *inbuf),
+		  void (**r_decrypt)(void *c, byte *outbuf, const byte *inbuf)
+		  )
+{
+  *keylen = 256;
+  *blocksize = CAMELLIA_BLOCK_SIZE;
+  *contextsize = sizeof (CAMELLIA_context);
+
+  *r_setkey = camellia_setkey;
+  *r_encrypt = camellia_encrypt;
+  *r_decrypt = camellia_decrypt;
+
+  if(algo==CIPHER_ALGO_CAMELLIA)
+    return "CAMELLIA";
+
+  return NULL;
+}

cipher/camellia.h

@@ -0,0 +1,54 @@
+/* camellia.h	ver 1.2.0
+ *
+ * Copyright (C) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+
+void Camellia_Ekeygen(const int keyBitLength,
+		      const unsigned char *rawKey, 
+		      KEY_TABLE_TYPE keyTable);
+
+void Camellia_EncryptBlock(const int keyBitLength,
+			   const unsigned char *plaintext, 
+			   const KEY_TABLE_TYPE keyTable, 
+			   unsigned char *cipherText);
+
+void Camellia_DecryptBlock(const int keyBitLength, 
+			   const unsigned char *cipherText, 
+			   const KEY_TABLE_TYPE keyTable, 
+			   unsigned char *plaintext);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_CAMELLIA_H */

cipher/cipher.c

@@ -1,5 +1,6 @@
 /* cipher.c  -	cipher dispatcher
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+ *               2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -178,6 +179,20 @@ setup_cipher_table(void)
 	BUG();
     i++;
 
+#ifdef USE_CAMELLIA
+    cipher_table[i].algo = CIPHER_ALGO_CAMELLIA;
+    cipher_table[i].name = camellia_get_info( cipher_table[i].algo,
+					      &cipher_table[i].keylen,
+					      &cipher_table[i].blocksize,
+					      &cipher_table[i].contextsize,
+					      &cipher_table[i].setkey,
+					      &cipher_table[i].encrypt,
+					      &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+#endif
+
 #ifdef USE_IDEA
     cipher_table[i].algo = CIPHER_ALGO_IDEA;
     cipher_table[i].name = idea_get_info( cipher_table[i].algo,

configure.ac

@@ -1,6 +1,6 @@
 dnl configure.ac script for GnuPG
-dnl Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+dnl Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
-dnl               2006 Free Software Foundation, Inc.
+dnl               2007 Free Software Foundation, Inc.
 dnl
 dnl This file is part of GnuPG.
 dnl
@@ -140,6 +140,7 @@ use_cast5=yes
 use_blowfish=yes
 use_aes=yes
 use_twofish=yes
+use_camellia=no
 use_sha256=yes
 use_sha512=yes
 use_bzip2=yes
@@ -158,6 +159,7 @@ AC_ARG_ENABLE(minimal,
    use_blowfish=no
    use_aes=no
    use_twofish=no
+   use_camellia=no
    use_sha256=no
    use_sha512=no
    use_bzip2=no
@@ -255,7 +257,20 @@ if test x"$use_twofish" = xyes ; then
    AC_DEFINE(USE_TWOFISH,1,[Define to include the TWOFISH cipher])
 fi
 
-AC_MSG_CHECKING([whether to enable the SHA-256 digest])
+AC_MSG_CHECKING([whether to enable the CAMELLIA cipher])
+AC_ARG_ENABLE(camellia,
+   AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher]),
+   use_camellia=$enableval)
+AC_MSG_RESULT($use_camellia)
+if test x"$use_camellia" = xyes ; then
+   AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher])
+   AC_MSG_WARN([[
+***
+*** The Camellia cipher is for testing only and is NOT for production use!
+***]])
+fi
+
+AC_MSG_CHECKING([whether to enable the SHA-224 and SHA-256 digests])
 AC_ARG_ENABLE(sha256,
    AC_HELP_STRING([--disable-sha256],[disable the SHA-224 and SHA-256 digests]),
    use_sha256=$enableval)
@@ -1407,3 +1422,8 @@ if test -n "$show_extraasm"; then
   echo "  Extra cpu specific functions:$show_extraasm"
 fi
 echo
+
+if test  x"$use_camellia" = xyes ; then
+  echo "WARNING: The Camellia cipher is for testing only and is NOT for production use!"
+  echo
+fi

include/ChangeLog

@@ -1,3 +1,7 @@
+2007-06-13  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.h (CIPHER_ALGO_CAMELLIA): Add Camellia define.
+
 2007-04-16  David Shaw  <dshaw@jabberwocky.com>
 
 	* util.h (ascii_toupper, ascii_tolower, ascii_strcasecmp,

include/cipher.h

@@ -1,6 +1,6 @@
 /* cipher.h
- * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
- *               2006 Free Software Foundation, Inc.
+ *               2007 Free Software Foundation, Inc.
  *
  * This file is part of GNUPG.
  *
@@ -38,6 +38,8 @@
 #define CIPHER_ALGO_AES192       8
 #define CIPHER_ALGO_AES256       9
 #define CIPHER_ALGO_TWOFISH 	10  /* twofish 256 bit */
+#define CIPHER_ALGO_CAMELLIA    11  /* camellia 256 bit */
+
 #define CIPHER_ALGO_DUMMY      110  /* no encryption at all */
 
 #define PUBKEY_ALGO_RSA        1