From 55d15220791c10c6b1aaba02a82398162895086d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sun, 25 Jul 2010 11:14:19 +0200
Subject: [PATCH] * camellia.h (struct camellia_ctx): Eliminate the two unused
subkeys, and renumber the remaining ones. * camellia-crypt-internal.c
(_camellia_crypt): Updated for renumbered subkeys. *
camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise. *
camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
Rev: nettle/ChangeLog:1.101
Rev: nettle/camellia-crypt-internal.c:1.2
Rev: nettle/camellia-set-decrypt-key.c:1.2
Rev: nettle/camellia-set-encrypt-key.c:1.4
Rev: nettle/camellia.h:1.5
---
ChangeLog | 7 ++++++
camellia-crypt-internal.c | 32 +++++++++++++-------------
camellia-set-decrypt-key.c | 8 +++----
camellia-set-encrypt-key.c | 47 +++++++++++++++++++-------------------
camellia.h | 6 ++---
5 files changed, 53 insertions(+), 47 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index eff78421..dc64fece 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2010-07-25 Niels M�ller <nisse@lysator.liu.se>
+ * camellia.h (struct camellia_ctx): Eliminate the two unused
+ subkeys, and renumber the remaining ones.
+ * camellia-crypt-internal.c (_camellia_crypt): Updated for
+ renumbered subkeys.
+ * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
+ * camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
+
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
the expansion of camellia_setup128 and camellia_setup256, keeping
the unexpanded key in scalar variables.
diff --git a/camellia-crypt-internal.c b/camellia-crypt-internal.c
index 4c5dce85..c38c225f 100644
--- a/camellia-crypt-internal.c
+++ b/camellia-crypt-internal.c
@@ -110,28 +110,28 @@ _camellia_crypt(const struct camellia_ctx *ctx,
/* main iteration */
- CAMELLIA_ROUNDSM(T, i0,ctx->keys[2], i1);
- CAMELLIA_ROUNDSM(T, i1,ctx->keys[3], i0);
- CAMELLIA_ROUNDSM(T, i0,ctx->keys[4], i1);
- CAMELLIA_ROUNDSM(T, i1,ctx->keys[5], i0);
- CAMELLIA_ROUNDSM(T, i0,ctx->keys[6], i1);
- CAMELLIA_ROUNDSM(T, i1,ctx->keys[7], i0);
+ CAMELLIA_ROUNDSM(T, i0,ctx->keys[1], i1);
+ CAMELLIA_ROUNDSM(T, i1,ctx->keys[2], i0);
+ CAMELLIA_ROUNDSM(T, i0,ctx->keys[3], i1);
+ CAMELLIA_ROUNDSM(T, i1,ctx->keys[4], i0);
+ CAMELLIA_ROUNDSM(T, i0,ctx->keys[5], i1);
+ CAMELLIA_ROUNDSM(T, i1,ctx->keys[6], i0);
- for (i = 0; i < ctx->nkeys - 10; i+= 8)
+ for (i = 0; i < ctx->nkeys - 8; i+= 8)
{
- CAMELLIA_FL(i0, ctx->keys[i+8]);
- CAMELLIA_FLINV(i1, ctx->keys[i+9]);
+ CAMELLIA_FL(i0, ctx->keys[i+7]);
+ CAMELLIA_FLINV(i1, ctx->keys[i+8]);
- CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+10], i1);
- CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+11], i0);
- CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+12], i1);
- CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+13], i0);
- CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+14], i1);
- CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+15], i0);
+ CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+9], i1);
+ CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+10], i0);
+ CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+11], i1);
+ CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+12], i0);
+ CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+13], i1);
+ CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+14], i0);
}
/* post whitening but kw4 */
- i1 ^= ctx->keys[i+8];
+ i1 ^= ctx->keys[i+7];
WRITE_UINT64(dst , i1);
WRITE_UINT64(dst + 8, i0);
diff --git a/camellia-set-decrypt-key.c b/camellia-set-decrypt-key.c
index 761dcda8..cd49c11b 100644
--- a/camellia-set-decrypt-key.c
+++ b/camellia-set-decrypt-key.c
@@ -40,17 +40,15 @@ camellia_invert_key(struct camellia_ctx *dst,
unsigned i;
if (dst == src)
{
- SWAP(dst->keys[0], dst->keys[nkeys - 2]);
- for (i = 2; i < nkeys - 1 - i; i++)
+ for (i = 0; i < nkeys - 1 - i; i++)
SWAP(dst->keys[i], dst->keys[nkeys - 1 - i]);
}
else
{
dst->nkeys = nkeys;
- dst->keys[0] = src->keys[nkeys - 2];
- for (i = 2; i < nkeys - 2; i++)
+
+ for (i = 0; i < nkeys; i++)
dst->keys[i] = src->keys[nkeys - 1 - i];
- dst->keys[nkeys - 2] = src->keys[0];
}
}
diff --git a/camellia-set-encrypt-key.c b/camellia-set-encrypt-key.c
index 0fd0270d..500128fe 100644
--- a/camellia-set-encrypt-key.c
+++ b/camellia-set-encrypt-key.c
@@ -99,7 +99,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
if (length == 16)
{
- ctx->nkeys = 26;
+ ctx->nkeys = 24;
/**
* generate KL dependent subkeys
*/
@@ -157,7 +157,8 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
else
{
uint64_t k2, k3;
- ctx->nkeys = 34;
+
+ ctx->nkeys = 32;
k2 = READ_UINT64(key + 16);
if (length == 24)
@@ -254,7 +255,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[3] ^= kw2;
subkey[5] ^= kw2;
subkey[7] ^= kw2;
- for (i = 8; i < ctx->nkeys - 2; i += 8)
+ for (i = 8; i < ctx->nkeys; i += 8)
{
/* FIXME: gcc for x86_32 is smart enough to fetch the 32 low bits
and xor the result into the 32 high bits, but it still generates
@@ -269,9 +270,9 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[i] ^= kw2;
/* absorb kw4 to other subkeys */
- kw4 = subkey[ctx->nkeys - 1];
+ kw4 = subkey[ctx->nkeys + 1];
- for (i = ctx->nkeys - 10; i > 0; i -= 8)
+ for (i = ctx->nkeys - 8; i > 0; i -= 8)
{
subkey[i+6] ^= kw4;
subkey[i+4] ^= kw4;
@@ -287,44 +288,44 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
/* key XOR is end of F-function */
ctx->keys[0] = subkey[0] ^ subkey[2];
- ctx->keys[2] = subkey[3];
+ ctx->keys[1] = subkey[3];
- ctx->keys[3] = subkey[2] ^ subkey[4];
- ctx->keys[4] = subkey[3] ^ subkey[5];
- ctx->keys[5] = subkey[4] ^ subkey[6];
- ctx->keys[6] = subkey[5] ^ subkey[7];
+ ctx->keys[2] = subkey[2] ^ subkey[4];
+ ctx->keys[3] = subkey[3] ^ subkey[5];
+ ctx->keys[4] = subkey[4] ^ subkey[6];
+ ctx->keys[5] = subkey[5] ^ subkey[7];
- for (i = 8; i < ctx->nkeys - 2; i += 8)
+ for (i = 8; i < ctx->nkeys; i += 8)
{
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32);
tr = subkey[i+2] ^ ROL32(1, dw);
- ctx->keys[i-1] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
+ ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
- ctx->keys[i] = subkey[i];
- ctx->keys[i+1] = subkey[i+1];
+ ctx->keys[i-1] = subkey[i];
+ ctx->keys[i] = subkey[i+1];
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32);
tr = subkey[i-1] ^ ROL32(1, dw);
- ctx->keys[i+2] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
+ ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
- ctx->keys[i+3] = subkey[i+2] ^ subkey[i+4];
- ctx->keys[i+4] = subkey[i+3] ^ subkey[i+5];
- ctx->keys[i+5] = subkey[i+4] ^ subkey[i+6];
- ctx->keys[i+6] = subkey[i+5] ^ subkey[i+7];
+ ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];
+ ctx->keys[i+3] = subkey[i+3] ^ subkey[i+5];
+ ctx->keys[i+4] = subkey[i+4] ^ subkey[i+6];
+ ctx->keys[i+5] = subkey[i+5] ^ subkey[i+7];
}
- ctx->keys[i-1] = subkey[i-2];
- ctx->keys[i] = subkey[i] ^ subkey[i-1];
+ ctx->keys[i-2] = subkey[i-2];
+ ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
- for (i = 0; i < ctx->nkeys - 2; i += 8)
+ for (i = 0; i < ctx->nkeys; i += 8)
{
/* apply the inverse of the last half of F-function */
+ CAMELLIA_F_HALF_INV(ctx->keys[i+1]);
CAMELLIA_F_HALF_INV(ctx->keys[i+2]);
CAMELLIA_F_HALF_INV(ctx->keys[i+3]);
CAMELLIA_F_HALF_INV(ctx->keys[i+4]);
CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
- CAMELLIA_F_HALF_INV(ctx->keys[i+7]);
}
}
diff --git a/camellia.h b/camellia.h
index db266287..f4f3e1ea 100644
--- a/camellia.h
+++ b/camellia.h
@@ -54,9 +54,9 @@ struct camellia_ctx
a total of 34 subkeys. */
/* The clever combination of subkeys imply one of the pre- and
post-whitening keys is folded with the round keys, so that subkey
- #1 and the last one (#25 or #33) is not used. FIXME: Renumber to
- eliminate them. */
- uint64_t keys[34];
+ #1 and the last one (#25 or #33) is not used. The result is that
+ we have only 24 or 32 subkeys at the end of key setup. */
+ uint64_t keys[32];
};
void
--
GitLab