Commit 94de4dd9 authored by Niels Möller's avatar Niels Möller

Use ROTL32 in the camellia code.

parent 67cd46aa
......@@ -5,6 +5,11 @@
* aes-set-encrypt-key.c: Include macros.h.
(aes_set_encrypt_key): Use ROTL32.
* aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
* camellia-internal.h (ROL32): Deleted macro.
(ROTL128): Renamed for consistency, from...
(ROL128): ... old name.
* camellia-crypt-internal.c: Updated for renamed rotation macros.
* camellia-set-encrypt-key.c: Likewise.
2012-03-30 Niels Möller <nisse@lysator.liu.se>
......
......@@ -46,7 +46,7 @@
__kl = (k) >> 32; \
__kr = (k) & 0xffffffff; \
__t = __xl & __kl; \
__xr ^= ROL32(1, __t); \
__xr ^= ROTL32(1, __t); \
__xl ^= (__xr | __kr); \
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
......@@ -59,7 +59,7 @@
__kr = (k) & 0xffffffff; \
__xl ^= (__xr | __kr); \
__t = __xl & __kl; \
__xr ^= ROL32(1, __t); \
__xr ^= ROTL32(1, __t); \
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
......@@ -82,7 +82,7 @@
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \
__il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
......@@ -112,7 +112,7 @@
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \
__il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
......
......@@ -45,11 +45,8 @@
* macros
*/
/* Rotation of 32-bit values. */
#define ROL32(bits, x) (((x) << (bits)) | ((x) >> (32 - (bits))))
/* Destructive rotation of 128 bit values. */
#define ROL128(bits, xl, xr) do { \
#define ROTL128(bits, xl, xr) do { \
uint64_t __rol128_t = (xl); \
(xl) = ((xl) << (bits)) | ((xr) >> (64 - (bits))); \
(xr) = ((xr) << (bits)) | (__rol128_t >> (64 - (bits))); \
......
......@@ -70,7 +70,7 @@
^ CAMELLIA_SP3033((__i >> 40) & 0xff) \
^ CAMELLIA_SP4404((__i >> 32) & 0xff); \
__yl ^= __yr; \
__yr = ROL32(24, __yr); \
__yr = ROTL32(24, __yr); \
__yr ^= __yl; \
(y) = ((uint64_t) __yl << 32) | __yr; \
} while (0)
......@@ -80,7 +80,7 @@
uint32_t __t, __w; \
__t = (x) >> 32; \
__w = __t ^(x); \
__w = ROL32(8, __w); \
__w = ROTL32(8, __w); \
(x) = ((uint64_t) __w << 32) | (__t ^ __w); \
} while (0)
#endif
......@@ -107,17 +107,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
* generate KL dependent subkeys
*/
subkey[0] = k0; subkey[1] = k1;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[4] = k0; subkey[5] = k1;
ROL128(30, k0, k1);
ROTL128(30, k0, k1);
subkey[10] = k0; subkey[11] = k1;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[13] = k1;
ROL128(17, k0, k1);
ROTL128(17, k0, k1);
subkey[16] = k0; subkey[17] = k1;
ROL128(17, k0, k1);
ROTL128(17, k0, k1);
subkey[18] = k0; subkey[19] = k1;
ROL128(17, k0, k1);
ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1;
/* generate KA. D1 is k0, d2 is k1. */
......@@ -144,17 +144,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
/* generate KA dependent subkeys */
subkey[2] = k0; subkey[3] = k1;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[8] = k0; subkey[9] = k1;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[12] = k0;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[14] = k0; subkey[15] = k1;
ROL128(34, k0, k1);
ROTL128(34, k0, k1);
subkey[20] = k0; subkey[21] = k1;
ROL128(17, k0, k1);
ROTL128(17, k0, k1);
subkey[24] = k0; subkey[25] = k1;
}
else
......@@ -173,25 +173,25 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
}
/* generate KL dependent subkeys */
subkey[0] = k0; subkey[1] = k1;
ROL128(45, k0, k1);
ROTL128(45, k0, k1);
subkey[12] = k0; subkey[13] = k1;
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[16] = k0; subkey[17] = k1;
ROL128(17, k0, k1);
ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1;
ROL128(34, k0, k1);
ROTL128(34, k0, k1);
subkey[30] = k0; subkey[31] = k1;
/* generate KR dependent subkeys */
ROL128(15, k2, k3);
ROTL128(15, k2, k3);
subkey[4] = k2; subkey[5] = k3;
ROL128(15, k2, k3);
ROTL128(15, k2, k3);
subkey[8] = k2; subkey[9] = k3;
ROL128(30, k2, k3);
ROTL128(30, k2, k3);
subkey[18] = k2; subkey[19] = k3;
ROL128(34, k2, k3);
ROTL128(34, k2, k3);
subkey[26] = k2; subkey[27] = k3;
ROL128(34, k2, k3);
ROTL128(34, k2, k3);
/* generate KA */
/* The construction of KA is done as
......@@ -230,22 +230,22 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
k2 ^= w;
/* generate KA dependent subkeys */
ROL128(15, k0, k1);
ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1;
ROL128(30, k0, k1);
ROTL128(30, k0, k1);
subkey[14] = k0; subkey[15] = k1;
ROL128(32, k0, k1);
ROTL128(32, k0, k1);
subkey[24] = k0; subkey[25] = k1;
ROL128(17, k0, k1);
ROTL128(17, k0, k1);
subkey[28] = k0; subkey[29] = k1;
/* generate KB dependent subkeys */
subkey[2] = k2; subkey[3] = k3;
ROL128(30, k2, k3);
ROTL128(30, k2, k3);
subkey[10] = k2; subkey[11] = k3;
ROL128(30, k2, k3);
ROTL128(30, k2, k3);
subkey[20] = k2; subkey[21] = k3;
ROL128(51, k2, k3);
ROTL128(51, k2, k3);
subkey[32] = k2; subkey[33] = k3;
}
......@@ -264,7 +264,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
and xor the result into the 32 high bits, but it still generates
worse code than for explicit 32-bit operations. */
kw2 ^= (kw2 & ~subkey[i+1]) << 32;
dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROL32(1, dw);
dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROTL32(1, dw);
subkey[i+3] ^= kw2;
subkey[i+5] ^= kw2;
......@@ -281,7 +281,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[i+4] ^= kw4;
subkey[i+2] ^= kw4;
kw4 ^= (kw4 & ~subkey[i]) << 32;
dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROL32(1, dw);
dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROTL32(1, dw);
}
subkey[6] ^= kw4;
......@@ -302,7 +302,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
{
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32);
tr = subkey[i+2] ^ ROL32(1, dw);
tr = subkey[i+2] ^ ROTL32(1, dw);
ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i-1] = subkey[i];
......@@ -310,7 +310,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32);
tr = subkey[i-1] ^ ROL32(1, dw);
tr = subkey[i-1] ^ ROTL32(1, dw);
ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment