Commit 94de4dd9 authored by Niels Möller's avatar Niels Möller
Browse files

Use ROTL32 in the camellia code.

parent 67cd46aa
...@@ -5,6 +5,11 @@ ...@@ -5,6 +5,11 @@
* aes-set-encrypt-key.c: Include macros.h. * aes-set-encrypt-key.c: Include macros.h.
(aes_set_encrypt_key): Use ROTL32. (aes_set_encrypt_key): Use ROTL32.
* aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros. * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
* camellia-internal.h (ROL32): Deleted macro.
(ROTL128): Renamed for consistency, from...
(ROL128): ... old name.
* camellia-crypt-internal.c: Updated for renamed rotation macros.
* camellia-set-encrypt-key.c: Likewise.
2012-03-30 Niels Möller <nisse@lysator.liu.se> 2012-03-30 Niels Möller <nisse@lysator.liu.se>
......
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
__kl = (k) >> 32; \ __kl = (k) >> 32; \
__kr = (k) & 0xffffffff; \ __kr = (k) & 0xffffffff; \
__t = __xl & __kl; \ __t = __xl & __kl; \
__xr ^= ROL32(1, __t); \ __xr ^= ROTL32(1, __t); \
__xl ^= (__xr | __kr); \ __xl ^= (__xr | __kr); \
(x) = ((uint64_t) __xl << 32) | __xr; \ (x) = ((uint64_t) __xl << 32) | __xr; \
} while (0) } while (0)
...@@ -59,7 +59,7 @@ ...@@ -59,7 +59,7 @@
__kr = (k) & 0xffffffff; \ __kr = (k) & 0xffffffff; \
__xl ^= (__xr | __kr); \ __xl ^= (__xr | __kr); \
__t = __xl & __kl; \ __t = __xl & __kl; \
__xr ^= ROL32(1, __t); \ __xr ^= ROTL32(1, __t); \
(x) = ((uint64_t) __xl << 32) | __xr; \ (x) = ((uint64_t) __xl << 32) | __xr; \
} while (0) } while (0)
...@@ -82,7 +82,7 @@ ...@@ -82,7 +82,7 @@
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \ == y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \ __il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \ __il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
...@@ -112,7 +112,7 @@ ...@@ -112,7 +112,7 @@
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \ == y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \ __il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \ __il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
......
...@@ -45,11 +45,8 @@ ...@@ -45,11 +45,8 @@
* macros * macros
*/ */
/* Rotation of 32-bit values. */
#define ROL32(bits, x) (((x) << (bits)) | ((x) >> (32 - (bits))))
/* Destructive rotation of 128 bit values. */ /* Destructive rotation of 128 bit values. */
#define ROL128(bits, xl, xr) do { \ #define ROTL128(bits, xl, xr) do { \
uint64_t __rol128_t = (xl); \ uint64_t __rol128_t = (xl); \
(xl) = ((xl) << (bits)) | ((xr) >> (64 - (bits))); \ (xl) = ((xl) << (bits)) | ((xr) >> (64 - (bits))); \
(xr) = ((xr) << (bits)) | (__rol128_t >> (64 - (bits))); \ (xr) = ((xr) << (bits)) | (__rol128_t >> (64 - (bits))); \
......
...@@ -70,7 +70,7 @@ ...@@ -70,7 +70,7 @@
^ CAMELLIA_SP3033((__i >> 40) & 0xff) \ ^ CAMELLIA_SP3033((__i >> 40) & 0xff) \
^ CAMELLIA_SP4404((__i >> 32) & 0xff); \ ^ CAMELLIA_SP4404((__i >> 32) & 0xff); \
__yl ^= __yr; \ __yl ^= __yr; \
__yr = ROL32(24, __yr); \ __yr = ROTL32(24, __yr); \
__yr ^= __yl; \ __yr ^= __yl; \
(y) = ((uint64_t) __yl << 32) | __yr; \ (y) = ((uint64_t) __yl << 32) | __yr; \
} while (0) } while (0)
...@@ -80,7 +80,7 @@ ...@@ -80,7 +80,7 @@
uint32_t __t, __w; \ uint32_t __t, __w; \
__t = (x) >> 32; \ __t = (x) >> 32; \
__w = __t ^(x); \ __w = __t ^(x); \
__w = ROL32(8, __w); \ __w = ROTL32(8, __w); \
(x) = ((uint64_t) __w << 32) | (__t ^ __w); \ (x) = ((uint64_t) __w << 32) | (__t ^ __w); \
} while (0) } while (0)
#endif #endif
...@@ -107,17 +107,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -107,17 +107,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
* generate KL dependent subkeys * generate KL dependent subkeys
*/ */
subkey[0] = k0; subkey[1] = k1; subkey[0] = k0; subkey[1] = k1;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[4] = k0; subkey[5] = k1; subkey[4] = k0; subkey[5] = k1;
ROL128(30, k0, k1); ROTL128(30, k0, k1);
subkey[10] = k0; subkey[11] = k1; subkey[10] = k0; subkey[11] = k1;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[13] = k1; subkey[13] = k1;
ROL128(17, k0, k1); ROTL128(17, k0, k1);
subkey[16] = k0; subkey[17] = k1; subkey[16] = k0; subkey[17] = k1;
ROL128(17, k0, k1); ROTL128(17, k0, k1);
subkey[18] = k0; subkey[19] = k1; subkey[18] = k0; subkey[19] = k1;
ROL128(17, k0, k1); ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1; subkey[22] = k0; subkey[23] = k1;
/* generate KA. D1 is k0, d2 is k1. */ /* generate KA. D1 is k0, d2 is k1. */
...@@ -144,17 +144,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -144,17 +144,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
/* generate KA dependent subkeys */ /* generate KA dependent subkeys */
subkey[2] = k0; subkey[3] = k1; subkey[2] = k0; subkey[3] = k1;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1; subkey[6] = k0; subkey[7] = k1;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[8] = k0; subkey[9] = k1; subkey[8] = k0; subkey[9] = k1;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[12] = k0; subkey[12] = k0;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[14] = k0; subkey[15] = k1; subkey[14] = k0; subkey[15] = k1;
ROL128(34, k0, k1); ROTL128(34, k0, k1);
subkey[20] = k0; subkey[21] = k1; subkey[20] = k0; subkey[21] = k1;
ROL128(17, k0, k1); ROTL128(17, k0, k1);
subkey[24] = k0; subkey[25] = k1; subkey[24] = k0; subkey[25] = k1;
} }
else else
...@@ -173,25 +173,25 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -173,25 +173,25 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
} }
/* generate KL dependent subkeys */ /* generate KL dependent subkeys */
subkey[0] = k0; subkey[1] = k1; subkey[0] = k0; subkey[1] = k1;
ROL128(45, k0, k1); ROTL128(45, k0, k1);
subkey[12] = k0; subkey[13] = k1; subkey[12] = k0; subkey[13] = k1;
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[16] = k0; subkey[17] = k1; subkey[16] = k0; subkey[17] = k1;
ROL128(17, k0, k1); ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1; subkey[22] = k0; subkey[23] = k1;
ROL128(34, k0, k1); ROTL128(34, k0, k1);
subkey[30] = k0; subkey[31] = k1; subkey[30] = k0; subkey[31] = k1;
/* generate KR dependent subkeys */ /* generate KR dependent subkeys */
ROL128(15, k2, k3); ROTL128(15, k2, k3);
subkey[4] = k2; subkey[5] = k3; subkey[4] = k2; subkey[5] = k3;
ROL128(15, k2, k3); ROTL128(15, k2, k3);
subkey[8] = k2; subkey[9] = k3; subkey[8] = k2; subkey[9] = k3;
ROL128(30, k2, k3); ROTL128(30, k2, k3);
subkey[18] = k2; subkey[19] = k3; subkey[18] = k2; subkey[19] = k3;
ROL128(34, k2, k3); ROTL128(34, k2, k3);
subkey[26] = k2; subkey[27] = k3; subkey[26] = k2; subkey[27] = k3;
ROL128(34, k2, k3); ROTL128(34, k2, k3);
/* generate KA */ /* generate KA */
/* The construction of KA is done as /* The construction of KA is done as
...@@ -230,22 +230,22 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -230,22 +230,22 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
k2 ^= w; k2 ^= w;
/* generate KA dependent subkeys */ /* generate KA dependent subkeys */
ROL128(15, k0, k1); ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1; subkey[6] = k0; subkey[7] = k1;
ROL128(30, k0, k1); ROTL128(30, k0, k1);
subkey[14] = k0; subkey[15] = k1; subkey[14] = k0; subkey[15] = k1;
ROL128(32, k0, k1); ROTL128(32, k0, k1);
subkey[24] = k0; subkey[25] = k1; subkey[24] = k0; subkey[25] = k1;
ROL128(17, k0, k1); ROTL128(17, k0, k1);
subkey[28] = k0; subkey[29] = k1; subkey[28] = k0; subkey[29] = k1;
/* generate KB dependent subkeys */ /* generate KB dependent subkeys */
subkey[2] = k2; subkey[3] = k3; subkey[2] = k2; subkey[3] = k3;
ROL128(30, k2, k3); ROTL128(30, k2, k3);
subkey[10] = k2; subkey[11] = k3; subkey[10] = k2; subkey[11] = k3;
ROL128(30, k2, k3); ROTL128(30, k2, k3);
subkey[20] = k2; subkey[21] = k3; subkey[20] = k2; subkey[21] = k3;
ROL128(51, k2, k3); ROTL128(51, k2, k3);
subkey[32] = k2; subkey[33] = k3; subkey[32] = k2; subkey[33] = k3;
} }
...@@ -264,7 +264,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -264,7 +264,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
and xor the result into the 32 high bits, but it still generates and xor the result into the 32 high bits, but it still generates
worse code than for explicit 32-bit operations. */ worse code than for explicit 32-bit operations. */
kw2 ^= (kw2 & ~subkey[i+1]) << 32; kw2 ^= (kw2 & ~subkey[i+1]) << 32;
dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROL32(1, dw); dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROTL32(1, dw);
subkey[i+3] ^= kw2; subkey[i+3] ^= kw2;
subkey[i+5] ^= kw2; subkey[i+5] ^= kw2;
...@@ -281,7 +281,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -281,7 +281,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[i+4] ^= kw4; subkey[i+4] ^= kw4;
subkey[i+2] ^= kw4; subkey[i+2] ^= kw4;
kw4 ^= (kw4 & ~subkey[i]) << 32; kw4 ^= (kw4 & ~subkey[i]) << 32;
dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROL32(1, dw); dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROTL32(1, dw);
} }
subkey[6] ^= kw4; subkey[6] ^= kw4;
...@@ -302,7 +302,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -302,7 +302,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
{ {
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]); tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32); dw = tl & (subkey[i] >> 32);
tr = subkey[i+2] ^ ROL32(1, dw); tr = subkey[i+2] ^ ROTL32(1, dw);
ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr); ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i-1] = subkey[i]; ctx->keys[i-1] = subkey[i];
...@@ -310,7 +310,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -310,7 +310,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]); tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32); dw = tl & (subkey[i+1] >> 32);
tr = subkey[i-1] ^ ROL32(1, dw); tr = subkey[i-1] ^ ROTL32(1, dw);
ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr); ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4]; ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment