From f1713dbe0a233a986d2134eeecf1518c15409379 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Fri, 24 Sep 2010 07:43:56 +0200
Subject: [PATCH] Partial revert of 2010-09-20 changes. *
camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reintroduce
CAMELLIA_F_HALF_INV, for 32-bit machines. * camellia-crypt-internal.c
(CAMELLIA_ROUNDSM): Two variants, differing in where addition of the key is
done. * x86/camellia-crypt-internal.asm: Moved addition of key.
Rev: nettle/ChangeLog:1.110
Rev: nettle/camellia-crypt-internal.c:1.4
Rev: nettle/camellia-set-encrypt-key.c:1.6
---
ChangeLog | 9 ++++++
camellia-crypt-internal.c | 56 ++++++++++++++++++++++++++++++--------
camellia-set-encrypt-key.c | 24 ++++++++++++++++
3 files changed, 77 insertions(+), 12 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 592f22b8..b6be1848 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2010-09-24 Niels M�ller <nisse@lysator.liu.se>
+
+ Partial revert of 2010-09-20 changes.
+ * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
+ Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
+ * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
+ differing in where addition of the key is done.
+ * x86/camellia-crypt-internal.asm: Moved addition of key.
+
2010-09-22 Niels M�ller <nisse@turmalin.hack.org>
* examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
diff --git a/camellia-crypt-internal.c b/camellia-crypt-internal.c
index 679c4db1..8a9296e8 100644
--- a/camellia-crypt-internal.c
+++ b/camellia-crypt-internal.c
@@ -33,6 +33,7 @@
#endif
#include <assert.h>
+#include <limits.h>
#include "camellia-internal.h"
@@ -62,33 +63,64 @@
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
+#if HAVE_NATIVE_64_BIT
#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
uint32_t __il, __ir; \
__ir \
- = T->sp1110[(x) & 0xff] \
- ^ T->sp0222[((x) >> 24) & 0xff] \
- ^ T->sp3033[((x) >> 16) & 0xff] \
- ^ T->sp4404[((x) >> 8) & 0xff]; \
+ = T->sp1110[(x) & 0xff] \
+ ^ T->sp0222[((x) >> 24) & 0xff] \
+ ^ T->sp3033[((x) >> 16) & 0xff] \
+ ^ T->sp4404[((x) >> 8) & 0xff]; \
/* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
__il \
- = T->sp1110[ (x) >> 56] \
- ^ T->sp0222[((x) >> 48) & 0xff] \
- ^ T->sp3033[((x) >> 40) & 0xff] \
- ^ T->sp4404[((x) >> 32) & 0xff]; \
+ = T->sp1110[ (x) >> 56] \
+ ^ T->sp0222[((x) >> 48) & 0xff] \
+ ^ T->sp3033[((x) >> 40) & 0xff] \
+ ^ T->sp4404[((x) >> 32) & 0xff]; \
/* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
__ir ^= __il; \
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
- (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
- == y1,y2,y3,y4 */ \
+ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
+ == y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
- (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
- == y5,y6,y7,y8 */ \
+ (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
+ == y5,y6,y7,y8 */ \
y ^= (k); \
y ^= ((uint64_t) __ir << 32) | __il; \
} while (0)
+#else /* !HAVE_NATIVE_64_BIT */
+#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
+ uint32_t __il, __ir; \
+ __ir \
+ = T->sp1110[(x) & 0xff] \
+ ^ T->sp0222[((x) >> 24) & 0xff] \
+ ^ T->sp3033[((x) >> 16) & 0xff] \
+ ^ T->sp4404[((x) >> 8) & 0xff]; \
+ /* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
+ __il \
+ = T->sp1110[ (x) >> 56] \
+ ^ T->sp0222[((x) >> 48) & 0xff] \
+ ^ T->sp3033[((x) >> 40) & 0xff] \
+ ^ T->sp4404[((x) >> 32) & 0xff]; \
+ /* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
+ __il ^= (k) >> 32; \
+ __ir ^= (k) & 0xffffffff; \
+ __ir ^= __il; \
+ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
+ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
+ == y1,y2,y3,y4 */ \
+ __il = ROL32(24, __il); \
+ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
+ __il ^= __ir; \
+ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
+ (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
+ == y5,y6,y7,y8 */ \
+ y ^= ((uint64_t) __ir << 32) | __il; \
+ } while (0)
+#endif
void
_camellia_crypt(const struct camellia_ctx *ctx,
diff --git a/camellia-set-encrypt-key.c b/camellia-set-encrypt-key.c
index ee379946..989e3c7e 100644
--- a/camellia-set-encrypt-key.c
+++ b/camellia-set-encrypt-key.c
@@ -36,6 +36,7 @@
#endif
#include <assert.h>
+#include <limits.h>
#include "camellia-internal.h"
@@ -74,6 +75,16 @@
(y) = ((uint64_t) __yl << 32) | __yr; \
} while (0)
+#if ! HAVE_NATIVE_64_BIT
+#define CAMELLIA_F_HALF_INV(x) do { \
+ uint32_t __t, __w; \
+ __t = (x) >> 32; \
+ __w = __t ^(x); \
+ __w = ROL32(8, __w); \
+ (x) = ((uint64_t) __w << 32) | (__t ^ __w); \
+ } while (0)
+#endif
+
void
camellia_set_encrypt_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key)
@@ -309,4 +320,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
}
ctx->keys[i-2] = subkey[i-2];
ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
+
+#if !HAVE_NATIVE_64_BIT
+ for (i = 0; i < ctx->nkeys; i += 8)
+ {
+ /* apply the inverse of the last half of F-function */
+ CAMELLIA_F_HALF_INV(ctx->keys[i+1]);
+ CAMELLIA_F_HALF_INV(ctx->keys[i+2]);
+ CAMELLIA_F_HALF_INV(ctx->keys[i+3]);
+ CAMELLIA_F_HALF_INV(ctx->keys[i+4]);
+ CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
+ CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
+ }
+#endif
}
--
GitLab