Commit 5af86074 authored by Niels Möller's avatar Niels Möller

* camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.

* camellia.h (struct camellia_ctx): Replaced flag camellia128 by
expanded key length nkeys.

* camellia.c (camellia_set_encrypt_key): Renamed, from...
(camellia_set_key): ... old name.
(camellia_invert_key): New function.
(camellia_set_decrypt_key): New function, using
camellia_invert_key.
(camellia_crypt): Renamed, from...
(camellia_encrypt): ... old name.
(camellia_decrypt): Deleted, no longer needed. camellia_crypt used
for both encryption and decryption.

Rev: nettle/ChangeLog:1.95
Rev: nettle/camellia-meta.c:1.2
Rev: nettle/camellia.c:1.4
Rev: nettle/camellia.h:1.4
parent 1cff2b5a
2010-07-20 Niels Mller <nisse@lysator.liu.se> 2010-07-20 Niels Mller <nisse@lysator.liu.se>
* camellia.h (struct camellia_ctx): Replaced flag camellia128 by
expanded key length nkeys.
* camellia.c (camellia_set_encrypt_key): Renamed, from...
(camellia_set_key): ... old name.
(camellia_invert_key): New function.
(camellia_set_decrypt_key): New function, using
camellia_invert_key.
(camellia_crypt): Renamed, from...
(camellia_encrypt): ... old name.
(camellia_decrypt): Deleted, no longer needed. camellia_crypt used
for both encryption and decryption.
* nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro. * nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
* dsa-keygen.c: Removed unnecessary include of memxor.h. * dsa-keygen.c: Removed unnecessary include of memxor.h.
......
...@@ -29,10 +29,10 @@ ...@@ -29,10 +29,10 @@
#include "camellia.h" #include "camellia.h"
const struct nettle_cipher nettle_camellia128 const struct nettle_cipher nettle_camellia128
= _NETTLE_CIPHER(camellia, CAMELLIA, 128); = _NETTLE_CIPHER_SEP_SET_KEY(camellia, CAMELLIA, 128);
const struct nettle_cipher nettle_camellia192 const struct nettle_cipher nettle_camellia192
= _NETTLE_CIPHER(camellia, CAMELLIA, 192); = _NETTLE_CIPHER_SEP_SET_KEY(camellia, CAMELLIA, 192);
const struct nettle_cipher nettle_camellia256 const struct nettle_cipher nettle_camellia256
= _NETTLE_CIPHER(camellia, CAMELLIA, 256); = _NETTLE_CIPHER_SEP_SET_KEY(camellia, CAMELLIA, 256);
...@@ -751,7 +751,7 @@ camellia_setup256(struct camellia_ctx *ctx, uint64_t *key) ...@@ -751,7 +751,7 @@ camellia_setup256(struct camellia_ctx *ctx, uint64_t *key)
subkey[4] ^= kw4; subkey[4] ^= kw4;
subkey[2] ^= kw4; subkey[2] ^= kw4;
subkey[0] ^= kw4; subkey[0] ^= kw4;
/* key XOR is end of F-function */ /* key XOR is end of F-function */
ctx->keys[0] = subkey[0] ^subkey[2]; ctx->keys[0] = subkey[0] ^subkey[2];
...@@ -818,7 +818,7 @@ camellia_setup256(struct camellia_ctx *ctx, uint64_t *key) ...@@ -818,7 +818,7 @@ camellia_setup256(struct camellia_ctx *ctx, uint64_t *key)
ctx->keys[31] = subkey[30]; ctx->keys[31] = subkey[30];
ctx->keys[32] = subkey[32] ^ subkey[31]; ctx->keys[32] = subkey[32] ^ subkey[31];
/* apply the inverse of the last half of P-function */ /* apply the inverse of the last half of F-function */
CAMELLIA_F_HALF_INV(ctx->keys[2]); CAMELLIA_F_HALF_INV(ctx->keys[2]);
CAMELLIA_F_HALF_INV(ctx->keys[3]); CAMELLIA_F_HALF_INV(ctx->keys[3]);
CAMELLIA_F_HALF_INV(ctx->keys[4]); CAMELLIA_F_HALF_INV(ctx->keys[4]);
...@@ -851,8 +851,8 @@ camellia_setup256(struct camellia_ctx *ctx, uint64_t *key) ...@@ -851,8 +851,8 @@ camellia_setup256(struct camellia_ctx *ctx, uint64_t *key)
} }
void void
camellia_set_key(struct camellia_ctx *ctx, camellia_set_encrypt_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key) unsigned length, const uint8_t *key)
{ {
uint64_t k[4]; uint64_t k[4];
k[0] = READ_UINT64(key); k[0] = READ_UINT64(key);
...@@ -860,12 +860,12 @@ camellia_set_key(struct camellia_ctx *ctx, ...@@ -860,12 +860,12 @@ camellia_set_key(struct camellia_ctx *ctx,
if (length == 16) if (length == 16)
{ {
ctx->camellia128 = 1; ctx->nkeys = 26;
camellia_setup128(ctx, k); camellia_setup128(ctx, k);
} }
else else
{ {
ctx->camellia128 = 0; ctx->nkeys = 34;
k[2] = READ_UINT64(key + 16); k[2] = READ_UINT64(key + 16);
if (length == 24) if (length == 24)
...@@ -877,10 +877,43 @@ camellia_set_key(struct camellia_ctx *ctx, ...@@ -877,10 +877,43 @@ camellia_set_key(struct camellia_ctx *ctx,
} }
camellia_setup256(ctx, k); camellia_setup256(ctx, k);
} }
} }
#define SWAP(a, b) \
do { uint64_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
void
camellia_invert_key(struct camellia_ctx *dst,
const struct camellia_ctx *src)
{
unsigned nkeys = src->nkeys;
unsigned i;
if (dst == src)
{
SWAP(dst->keys[0], dst->keys[nkeys - 2]);
for (i = 2; i < nkeys - 1 - i; i++)
SWAP(dst->keys[i], dst->keys[nkeys - 1 - i]);
}
else
{
dst->nkeys = nkeys;
dst->keys[0] = src->keys[nkeys - 2];
for (i = 2; i < nkeys - 2; i++)
dst->keys[i] = src->keys[nkeys - 1 - i];
dst->keys[nkeys - 2] = src->keys[0];
}
}
void void
camellia_encrypt(const struct camellia_ctx *ctx, camellia_set_decrypt_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key)
{
camellia_set_encrypt_key(ctx, length, key);
camellia_invert_key(ctx, ctx);
}
void
camellia_crypt(const struct camellia_ctx *ctx,
unsigned length, uint8_t *dst, unsigned length, uint8_t *dst,
const uint8_t *src) const uint8_t *src)
{ {
...@@ -904,7 +937,7 @@ camellia_encrypt(const struct camellia_ctx *ctx, ...@@ -904,7 +937,7 @@ camellia_encrypt(const struct camellia_ctx *ctx,
CAMELLIA_ROUNDSM(i0,ctx->keys[6], i1); CAMELLIA_ROUNDSM(i0,ctx->keys[6], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[7], i0); CAMELLIA_ROUNDSM(i1,ctx->keys[7], i0);
for (i = 0; i < 16 + 8 * !ctx->camellia128; i+= 8) for (i = 0; i < ctx->nkeys - 10; i+= 8)
{ {
CAMELLIA_FL(i0, ctx->keys[i+8]); CAMELLIA_FL(i0, ctx->keys[i+8]);
CAMELLIA_FLINV(i1, ctx->keys[i+9]); CAMELLIA_FLINV(i1, ctx->keys[i+9]);
...@@ -924,50 +957,3 @@ camellia_encrypt(const struct camellia_ctx *ctx, ...@@ -924,50 +957,3 @@ camellia_encrypt(const struct camellia_ctx *ctx,
WRITE_UINT64(dst + 8, i0); WRITE_UINT64(dst + 8, i0);
} }
} }
void
camellia_decrypt(const struct camellia_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
FOR_BLOCKS(length, dst, src, CAMELLIA_BLOCK_SIZE)
{
uint64_t i0,i1;
unsigned i;
i0 = READ_UINT64(src);
i1 = READ_UINT64(src + 8);
i = ctx->camellia128 ? 24 : 32;
/* pre whitening but absorb kw2*/
i0 ^= ctx->keys[i];
/* main iteration */
for (i -= 8; i >= 8; i -= 8)
{
CAMELLIA_ROUNDSM(i0,ctx->keys[i+7], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[i+6], i0);
CAMELLIA_ROUNDSM(i0,ctx->keys[i+5], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[i+4], i0);
CAMELLIA_ROUNDSM(i0,ctx->keys[i+3], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[i+2], i0);
CAMELLIA_FL(i0, ctx->keys[i+1]);
CAMELLIA_FLINV(i1, ctx->keys[i]);
}
CAMELLIA_ROUNDSM(i0,ctx->keys[7], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[6], i0);
CAMELLIA_ROUNDSM(i0,ctx->keys[5], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[4], i0);
CAMELLIA_ROUNDSM(i0,ctx->keys[3], i1);
CAMELLIA_ROUNDSM(i1,ctx->keys[2], i0);
/* post whitening but kw4 */
i1 ^= ctx->keys[0];
WRITE_UINT64(dst , i1);
WRITE_UINT64(dst + 8, i0);
}
}
...@@ -30,9 +30,11 @@ extern "C" { ...@@ -30,9 +30,11 @@ extern "C" {
#endif #endif
/* Name mangling */ /* Name mangling */
#define camellia_set_key nettle_camellia_set_key #define camellia_set_encrypt_key nettle_camellia_set_encrypt_key
#define camellia_encrypt nettle_camellia_encrypt #define camellia_set_decrypt_key nettle_camellia_set_decrypt_key
#define camellia_decrypt nettle_camellia_decrypt #define camellia_invert_key nettle_camellia_invert_key
#define camellia_crypt nettle_camellia_crypt
#define camellia_crypt nettle_camellia_crypt
#define CAMELLIA_BLOCK_SIZE 16 #define CAMELLIA_BLOCK_SIZE 16
/* Valid key sizes are 128, 192 or 256 bits (16, 24 or 32 bytes) */ /* Valid key sizes are 128, 192 or 256 bits (16, 24 or 32 bytes) */
...@@ -42,37 +44,21 @@ extern "C" { ...@@ -42,37 +44,21 @@ extern "C" {
struct camellia_ctx struct camellia_ctx
{ {
int camellia128; /* Number of subkeys. */
unsigned nkeys;
/* For 128-bit keys, there are 18 regular rounds, pre- and /* For 128-bit keys, there are 18 regular rounds, pre- and
post-whitening, and two FL and FLINV rounds, using a total of 26 post-whitening, and two FL and FLINV rounds, using a total of 26
subkeys, each of 64 bit. For 192- and 256-bit keys, there are 6 subkeys, each of 64 bit. For 192- and 256-bit keys, there are 6
additional regular rounds and one additional FL and FLINV, using additional regular rounds and one additional FL and FLINV, using
a total of 34 subkeys. */ a total of 34 subkeys. */
/* The clever combination of subkeys imply one of the pre- and /* The clever combination of subkeys imply one of the pre- and
post-whitening keys is folded fith the round keys, so that subkey post-whitening keys is folded with the round keys, so that subkey
subkey #1 and the last one (#25 or #33) is not used. FIXME: #1 and the last one (#25 or #33) is not used. FIXME: Renumber to
Renumber to eliminate them. */ eliminate them. */
uint64_t keys[34]; uint64_t keys[34];
}; };
void
camellia_set_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key);
void
camellia_encrypt(const struct camellia_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
camellia_decrypt(const struct camellia_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#if 0
/* FIXME: Use a single crypt function, and let key setup for
decryption reverse the order of the subkeys. */
void void
camellia_set_encrypt_key(struct camellia_ctx *ctx, camellia_set_encrypt_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key); unsigned length, const uint8_t *key);
...@@ -81,16 +67,14 @@ void ...@@ -81,16 +67,14 @@ void
camellia_set_decrypt_key(struct camellia_ctx *ctx, camellia_set_decrypt_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key); unsigned length, const uint8_t *key);
void
camellia_crypt(struct camellia_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
void void
camellia_invert_key(struct camellia_ctx *dst, camellia_invert_key(struct camellia_ctx *dst,
const struct camellia_ctx *src); const struct camellia_ctx *src);
#endif void
camellia_crypt(const struct camellia_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment