Commit f1713dbe authored by Niels Möller's avatar Niels Möller

Partial revert of 2010-09-20 changes.

* camellia-set-encrypt-key.c (camellia_set_encrypt_key):
Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
* camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
differing in where addition of the key is done.
* x86/camellia-crypt-internal.asm: Moved addition of key.

Rev: nettle/ChangeLog:1.110
Rev: nettle/camellia-crypt-internal.c:1.4
Rev: nettle/camellia-set-encrypt-key.c:1.6
parent 0aa9fcb0
2010-09-24 Niels Mller <nisse@lysator.liu.se>
Partial revert of 2010-09-20 changes.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key):
Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
* camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
differing in where addition of the key is done.
* x86/camellia-crypt-internal.asm: Moved addition of key.
2010-09-22 Niels Mller <nisse@turmalin.hack.org> 2010-09-22 Niels Mller <nisse@turmalin.hack.org>
* examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#endif #endif
#include <assert.h> #include <assert.h>
#include <limits.h>
#include "camellia-internal.h" #include "camellia-internal.h"
...@@ -62,33 +63,64 @@ ...@@ -62,33 +63,64 @@
(x) = ((uint64_t) __xl << 32) | __xr; \ (x) = ((uint64_t) __xl << 32) | __xr; \
} while (0) } while (0)
#if HAVE_NATIVE_64_BIT
#define CAMELLIA_ROUNDSM(T, x, k, y) do { \ #define CAMELLIA_ROUNDSM(T, x, k, y) do { \
uint32_t __il, __ir; \ uint32_t __il, __ir; \
__ir \ __ir \
= T->sp1110[(x) & 0xff] \ = T->sp1110[(x) & 0xff] \
^ T->sp0222[((x) >> 24) & 0xff] \ ^ T->sp0222[((x) >> 24) & 0xff] \
^ T->sp3033[((x) >> 16) & 0xff] \ ^ T->sp3033[((x) >> 16) & 0xff] \
^ T->sp4404[((x) >> 8) & 0xff]; \ ^ T->sp4404[((x) >> 8) & 0xff]; \
/* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \ /* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
__il \ __il \
= T->sp1110[ (x) >> 56] \ = T->sp1110[ (x) >> 56] \
^ T->sp0222[((x) >> 48) & 0xff] \ ^ T->sp0222[((x) >> 48) & 0xff] \
^ T->sp3033[((x) >> 40) & 0xff] \ ^ T->sp3033[((x) >> 40) & 0xff] \
^ T->sp4404[((x) >> 32) & 0xff]; \ ^ T->sp4404[((x) >> 32) & 0xff]; \
/* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \ /* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
__ir ^= __il; \ __ir ^= __il; \
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \ == y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \ __il = ROL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \ __il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
(t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \ (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
== y5,y6,y7,y8 */ \ == y5,y6,y7,y8 */ \
y ^= (k); \ y ^= (k); \
y ^= ((uint64_t) __ir << 32) | __il; \ y ^= ((uint64_t) __ir << 32) | __il; \
} while (0) } while (0)
#else /* !HAVE_NATIVE_64_BIT */
#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
uint32_t __il, __ir; \
__ir \
= T->sp1110[(x) & 0xff] \
^ T->sp0222[((x) >> 24) & 0xff] \
^ T->sp3033[((x) >> 16) & 0xff] \
^ T->sp4404[((x) >> 8) & 0xff]; \
/* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
__il \
= T->sp1110[ (x) >> 56] \
^ T->sp0222[((x) >> 48) & 0xff] \
^ T->sp3033[((x) >> 40) & 0xff] \
^ T->sp4404[((x) >> 32) & 0xff]; \
/* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
__il ^= (k) >> 32; \
__ir ^= (k) & 0xffffffff; \
__ir ^= __il; \
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \
__il = ROL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
(t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
== y5,y6,y7,y8 */ \
y ^= ((uint64_t) __ir << 32) | __il; \
} while (0)
#endif
void void
_camellia_crypt(const struct camellia_ctx *ctx, _camellia_crypt(const struct camellia_ctx *ctx,
......
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#endif #endif
#include <assert.h> #include <assert.h>
#include <limits.h>
#include "camellia-internal.h" #include "camellia-internal.h"
...@@ -74,6 +75,16 @@ ...@@ -74,6 +75,16 @@
(y) = ((uint64_t) __yl << 32) | __yr; \ (y) = ((uint64_t) __yl << 32) | __yr; \
} while (0) } while (0)
#if ! HAVE_NATIVE_64_BIT
#define CAMELLIA_F_HALF_INV(x) do { \
uint32_t __t, __w; \
__t = (x) >> 32; \
__w = __t ^(x); \
__w = ROL32(8, __w); \
(x) = ((uint64_t) __w << 32) | (__t ^ __w); \
} while (0)
#endif
void void
camellia_set_encrypt_key(struct camellia_ctx *ctx, camellia_set_encrypt_key(struct camellia_ctx *ctx,
unsigned length, const uint8_t *key) unsigned length, const uint8_t *key)
...@@ -309,4 +320,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -309,4 +320,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
} }
ctx->keys[i-2] = subkey[i-2]; ctx->keys[i-2] = subkey[i-2];
ctx->keys[i-1] = subkey[i] ^ subkey[i-1]; ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
#if !HAVE_NATIVE_64_BIT
for (i = 0; i < ctx->nkeys; i += 8)
{
/* apply the inverse of the last half of F-function */
CAMELLIA_F_HALF_INV(ctx->keys[i+1]);
CAMELLIA_F_HALF_INV(ctx->keys[i+2]);
CAMELLIA_F_HALF_INV(ctx->keys[i+3]);
CAMELLIA_F_HALF_INV(ctx->keys[i+4]);
CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
}
#endif
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment