Commit 55d15220 authored by Niels Möller's avatar Niels Möller

* camellia.h (struct camellia_ctx): Eliminate the two unused

subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
* camellia-set-decrypt-key.c (camellia_invert_key): Likewise.

Rev: nettle/ChangeLog:1.101
Rev: nettle/camellia-crypt-internal.c:1.2
Rev: nettle/camellia-set-decrypt-key.c:1.2
Rev: nettle/camellia-set-encrypt-key.c:1.4
Rev: nettle/camellia.h:1.5
parent adcde24f
2010-07-25 Niels Mller <nisse@lysator.liu.se>
* camellia.h (struct camellia_ctx): Eliminate the two unused
subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
* camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
the expansion of camellia_setup128 and camellia_setup256, keeping
the unexpanded key in scalar variables.
......
......@@ -110,28 +110,28 @@ _camellia_crypt(const struct camellia_ctx *ctx,
/* main iteration */
CAMELLIA_ROUNDSM(T, i0,ctx->keys[2], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[3], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[4], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[5], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[6], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[7], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[1], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[2], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[3], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[4], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[5], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[6], i0);
for (i = 0; i < ctx->nkeys - 10; i+= 8)
for (i = 0; i < ctx->nkeys - 8; i+= 8)
{
CAMELLIA_FL(i0, ctx->keys[i+8]);
CAMELLIA_FLINV(i1, ctx->keys[i+9]);
CAMELLIA_FL(i0, ctx->keys[i+7]);
CAMELLIA_FLINV(i1, ctx->keys[i+8]);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+10], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+11], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+12], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+13], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+14], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+15], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+9], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+10], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+11], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+12], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+13], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+14], i0);
}
/* post whitening but kw4 */
i1 ^= ctx->keys[i+8];
i1 ^= ctx->keys[i+7];
WRITE_UINT64(dst , i1);
WRITE_UINT64(dst + 8, i0);
......
......@@ -40,17 +40,15 @@ camellia_invert_key(struct camellia_ctx *dst,
unsigned i;
if (dst == src)
{
SWAP(dst->keys[0], dst->keys[nkeys - 2]);
for (i = 2; i < nkeys - 1 - i; i++)
for (i = 0; i < nkeys - 1 - i; i++)
SWAP(dst->keys[i], dst->keys[nkeys - 1 - i]);
}
else
{
dst->nkeys = nkeys;
dst->keys[0] = src->keys[nkeys - 2];
for (i = 2; i < nkeys - 2; i++)
for (i = 0; i < nkeys; i++)
dst->keys[i] = src->keys[nkeys - 1 - i];
dst->keys[nkeys - 2] = src->keys[0];
}
}
......
......@@ -99,7 +99,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
if (length == 16)
{
ctx->nkeys = 26;
ctx->nkeys = 24;
/**
* generate KL dependent subkeys
*/
......@@ -157,7 +157,8 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
else
{
uint64_t k2, k3;
ctx->nkeys = 34;
ctx->nkeys = 32;
k2 = READ_UINT64(key + 16);
if (length == 24)
......@@ -254,7 +255,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[3] ^= kw2;
subkey[5] ^= kw2;
subkey[7] ^= kw2;
for (i = 8; i < ctx->nkeys - 2; i += 8)
for (i = 8; i < ctx->nkeys; i += 8)
{
/* FIXME: gcc for x86_32 is smart enough to fetch the 32 low bits
and xor the result into the 32 high bits, but it still generates
......@@ -269,9 +270,9 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[i] ^= kw2;
/* absorb kw4 to other subkeys */
kw4 = subkey[ctx->nkeys - 1];
kw4 = subkey[ctx->nkeys + 1];
for (i = ctx->nkeys - 10; i > 0; i -= 8)
for (i = ctx->nkeys - 8; i > 0; i -= 8)
{
subkey[i+6] ^= kw4;
subkey[i+4] ^= kw4;
......@@ -287,44 +288,44 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
/* key XOR is end of F-function */
ctx->keys[0] = subkey[0] ^ subkey[2];
ctx->keys[2] = subkey[3];
ctx->keys[1] = subkey[3];
ctx->keys[3] = subkey[2] ^ subkey[4];
ctx->keys[4] = subkey[3] ^ subkey[5];
ctx->keys[5] = subkey[4] ^ subkey[6];
ctx->keys[6] = subkey[5] ^ subkey[7];
ctx->keys[2] = subkey[2] ^ subkey[4];
ctx->keys[3] = subkey[3] ^ subkey[5];
ctx->keys[4] = subkey[4] ^ subkey[6];
ctx->keys[5] = subkey[5] ^ subkey[7];
for (i = 8; i < ctx->nkeys - 2; i += 8)
for (i = 8; i < ctx->nkeys; i += 8)
{
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32);
tr = subkey[i+2] ^ ROL32(1, dw);
ctx->keys[i-1] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i] = subkey[i];
ctx->keys[i+1] = subkey[i+1];
ctx->keys[i-1] = subkey[i];
ctx->keys[i] = subkey[i+1];
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32);
tr = subkey[i-1] ^ ROL32(1, dw);
ctx->keys[i+2] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i+3] = subkey[i+2] ^ subkey[i+4];
ctx->keys[i+4] = subkey[i+3] ^ subkey[i+5];
ctx->keys[i+5] = subkey[i+4] ^ subkey[i+6];
ctx->keys[i+6] = subkey[i+5] ^ subkey[i+7];
ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];
ctx->keys[i+3] = subkey[i+3] ^ subkey[i+5];
ctx->keys[i+4] = subkey[i+4] ^ subkey[i+6];
ctx->keys[i+5] = subkey[i+5] ^ subkey[i+7];
}
ctx->keys[i-1] = subkey[i-2];
ctx->keys[i] = subkey[i] ^ subkey[i-1];
ctx->keys[i-2] = subkey[i-2];
ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
for (i = 0; i < ctx->nkeys - 2; i += 8)
for (i = 0; i < ctx->nkeys; i += 8)
{
/* apply the inverse of the last half of F-function */
CAMELLIA_F_HALF_INV(ctx->keys[i+1]);
CAMELLIA_F_HALF_INV(ctx->keys[i+2]);
CAMELLIA_F_HALF_INV(ctx->keys[i+3]);
CAMELLIA_F_HALF_INV(ctx->keys[i+4]);
CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
CAMELLIA_F_HALF_INV(ctx->keys[i+7]);
}
}
......@@ -54,9 +54,9 @@ struct camellia_ctx
a total of 34 subkeys. */
/* The clever combination of subkeys imply one of the pre- and
post-whitening keys is folded with the round keys, so that subkey
#1 and the last one (#25 or #33) is not used. FIXME: Renumber to
eliminate them. */
uint64_t keys[34];
#1 and the last one (#25 or #33) is not used. The result is that
we have only 24 or 32 subkeys at the end of key setup. */
uint64_t keys[32];
};
void
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment