diff --git a/ChangeLog b/ChangeLog
index 267b510a64d2d2510ad2640f8350dcc7121d41de..69ec07dc1a34ffe78c073928466a3eded8032ea7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
2023-10-04 Niels Möller <nisse@lysator.liu.se>
+ * bswap-internal.h (bswap32_if_be, bswap32_if_le): New macros.
+ * blowfish-bcrypt.c (bswap32_if_le_n): Rename, to not collide with
+ new macro.
+ (bswap32_if_le): ... old name, deleted.
+ * umac-set-key.c (bswap32_if_le_n): Define in the same way as for
+ bcrypt, replacing...
+ (BE_SWAP32_N): ...deleted macro.
+ * umac-l3.c (_nettle_umac_l3_init): Use bswap64_if_le.
+ * umac-l2.c (_nettle_umac_l2_init): Use bswap32_if_le.
+ * chacha-core-internal.c (_nettle_chacha_core): Use bswap32_if_be.
+ * salsa20-core-internal.c (_nettle_salsa20_core): Likewise
+
* umac-l2.c (_nettle_umac_l2_final): Delete redundant assignment.
2023-10-03 Niels Möller <nisse@lysator.liu.se>
diff --git a/blowfish-bcrypt.c b/blowfish-bcrypt.c
index 08b1e32e6e2f6fde11e85e56c4cc6e0a1beedbaf..ee7c0eb859d891048099754fdf09cab0371c6e3a 100644
--- a/blowfish-bcrypt.c
+++ b/blowfish-bcrypt.c
@@ -150,9 +150,10 @@ static uint32_t magic_w[6] = {
};
#if WORDS_BIGENDIAN
-#define bswap32_if_le(x, n)
+#define bswap32_if_le_n(n, x)
#else
-static void bswap32_if_le (uint32_t *x, unsigned n)
+static void
+bswap32_if_le_n (unsigned n, uint32_t *x)
{
unsigned i;
for (i = 0; i < n; i++)
@@ -340,7 +341,7 @@ static int ibcrypt(uint8_t *dst,
else if (lenscheme < HASHOFFSET)
return 0;
memcpy(psalt, data.binary.salt, BLOWFISH_BCRYPT_BINSALT_SIZE);
- bswap32_if_le (data.binary.salt, 4);
+ bswap32_if_le_n (4, data.binary.salt);
if (log2rounds < minlog2rounds || log2rounds > 31)
return 0;
@@ -445,7 +446,7 @@ static int ibcrypt(uint8_t *dst,
dst = (uint8_t*)
encode_radix64((char*) dst, BLOWFISH_BCRYPT_BINSALT_SIZE, psalt) - 1;
- bswap32_if_le (data.binary.output, 6);
+ bswap32_if_le_n (6, data.binary.output);
/* This has to be bug-compatible with the original implementation, so
only encode 23 of the 24 bytes. */
encode_radix64((char*) dst, 23, (uint8_t *) data.binary.output);
diff --git a/bswap-internal.h b/bswap-internal.h
index b9923f99291f449ee46f77b477ee292a87cd7aa3..30af52214cc2fbf86aec306f3ac859c3e174d975 100644
--- a/bswap-internal.h
+++ b/bswap-internal.h
@@ -62,16 +62,16 @@ nettle_bswap32 (uint32_t x)
}
#endif
-#if WORDS_BIGENDIAN
-#define bswap64_if_le(x) (x)
-#else
-#define bswap64_if_le nettle_bswap64
-#endif
-
#if WORDS_BIGENDIAN
#define bswap64_if_be nettle_bswap64
+#define bswap32_if_be nettle_bswap32
+#define bswap64_if_le(x) (x)
+#define bswap32_if_le(x) (x)
#else
#define bswap64_if_be(x) (x)
+#define bswap32_if_be(x) (x)
+#define bswap64_if_le nettle_bswap64
+#define bswap32_if_le nettle_bswap32
#endif
#endif /* NETTLE_BSWAP_INTERNAL_H_INCLUDED */
diff --git a/chacha-core-internal.c b/chacha-core-internal.c
index 23e6833408493174265c73d811f63172dc9ed390..ff483494a695a2ebd3b4f3d1aed9401e578b686c 100644
--- a/chacha-core-internal.c
+++ b/chacha-core-internal.c
@@ -49,6 +49,7 @@
#include "chacha.h"
#include "chacha-internal.h"
+#include "bswap-internal.h"
#include "macros.h"
/* For fat builds */
@@ -80,14 +81,6 @@ _nettle_chacha_core_c(uint32_t *dst, const uint32_t *src, unsigned rounds);
# define DEBUG(i)
#endif
-#ifdef WORDS_BIGENDIAN
-#define LE_SWAP32(v) \
- ((ROTL32(8, v) & 0x00FF00FFUL) | \
- (ROTL32(24, v) & 0xFF00FF00UL))
-#else
-#define LE_SWAP32(v) (v)
-#endif
-
#define QROUND(x0, x1, x2, x3) do { \
x0 = x0 + x1; x3 = ROTL32(16, (x0 ^ x3)); \
x2 = x2 + x3; x1 = ROTL32(12, (x1 ^ x2)); \
@@ -123,7 +116,7 @@ _nettle_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
for (i = 0; i < _CHACHA_STATE_LENGTH; i++)
{
uint32_t t = x[i] + src[i];
- dst[i] = LE_SWAP32 (t);
+ dst[i] = bswap32_if_be (t);
}
}
diff --git a/salsa20-core-internal.c b/salsa20-core-internal.c
index 8f6b2fc9a391bcfc6421533619b9b753e59fb8c6..b8633540c4fa717c3a0ab2024ca469a77ea0a61f 100644
--- a/salsa20-core-internal.c
+++ b/salsa20-core-internal.c
@@ -47,6 +47,7 @@
#include "salsa20.h"
#include "salsa20-internal.h"
+#include "bswap-internal.h"
#include "macros.h"
/* For fat builds */
@@ -78,14 +79,6 @@ _nettle_salsa20_core_c(uint32_t *dst, const uint32_t *src, unsigned rounds);
# define DEBUG(i)
#endif
-#ifdef WORDS_BIGENDIAN
-#define LE_SWAP32(v) \
- ((ROTL32(8, v) & 0x00FF00FFUL) | \
- (ROTL32(24, v) & 0xFF00FF00UL))
-#else
-#define LE_SWAP32(v) (v)
-#endif
-
#define QROUND(x0, x1, x2, x3) do { \
x1 ^= ROTL32(7, x0 + x3); \
x2 ^= ROTL32(9, x1 + x0); \
@@ -121,6 +114,6 @@ _nettle_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
for (i = 0; i < _SALSA20_INPUT_LENGTH; i++)
{
uint32_t t = x[i] + src[i];
- dst[i] = LE_SWAP32 (t);
+ dst[i] = bswap32_if_be (t);
}
}
diff --git a/umac-l2.c b/umac-l2.c
index c0bc1a6caaba9e624f7247c68715bd0815d0aab2..a91b2bcd4733b04a7275dc7918d6ddb94080da76 100644
--- a/umac-l2.c
+++ b/umac-l2.c
@@ -39,19 +39,11 @@
#include "umac.h"
#include "umac-internal.h"
-#include "macros.h"
+#include "bswap-internal.h"
/* Same mask applied to low and high halves */
#define KEY_MASK 0x01ffffffUL
-#if WORDS_BIGENDIAN
-#define BE_SWAP32(x) x
-#else
-#define BE_SWAP32(x) \
- ((ROTL32(8, x) & 0x00FF00FFUL) | \
- (ROTL32(24, x) & 0xFF00FF00UL))
-#endif
-
void
_nettle_umac_l2_init (unsigned size, uint32_t *k)
{
@@ -59,7 +51,7 @@ _nettle_umac_l2_init (unsigned size, uint32_t *k)
for (i = 0; i < size; i++)
{
uint32_t w = k[i];
- w = BE_SWAP32 (w);
+ w = bswap32_if_le (w);
k[i] = w & KEY_MASK;
}
}
diff --git a/umac-l3.c b/umac-l3.c
index dc1450344940c3e602aea7c6f8af8e6f57ce463c..89ae62951c9ccef91fa9bcd2ae2e1b1b89e3a912 100644
--- a/umac-l3.c
+++ b/umac-l3.c
@@ -36,25 +36,11 @@
#include "umac.h"
#include "umac-internal.h"
-#include "macros.h"
+#include "bswap-internal.h"
/* 2^36 - 5 */
#define P 0x0000000FFFFFFFFBULL
-#if WORDS_BIGENDIAN
-#define BE_SWAP64(x) x
-#else
-#define BE_SWAP64(x) \
- (((x & 0xff) << 56) \
- | ((x & 0xff00) << 40) \
- | ((x & 0xff0000) << 24) \
- | ((x & 0xff000000) << 8) \
- | ((x >> 8) & 0xff000000) \
- | ((x >> 24) & 0xff0000) \
- | ((x >> 40) & 0xff00) \
- | (x >> 56) )
-#endif
-
void
_nettle_umac_l3_init (unsigned size, uint64_t *k)
{
@@ -62,7 +48,7 @@ _nettle_umac_l3_init (unsigned size, uint64_t *k)
for (i = 0; i < size; i++)
{
uint64_t w = k[i];
- w = BE_SWAP64 (w);
+ w = bswap64_if_le (w);
k[i] = w % P;
}
}
@@ -88,9 +74,5 @@ _nettle_umac_l3 (const uint64_t *key, const uint64_t *m)
uint32_t y = (umac_l3_word (key, m[0])
+ umac_l3_word (key + 4, m[1])) % P;
-#if !WORDS_BIGENDIAN
- y = ((ROTL32(8, y) & 0x00FF00FFUL)
- | (ROTL32(24, y) & 0xFF00FF00UL));
-#endif
- return y;
+ return bswap32_if_le (y);
}
diff --git a/umac-set-key.c b/umac-set-key.c
index 9f7464f0a303a1a81589ba1b75b7959ac9d7856a..9f7bfe60f0641a665514619ee19d13ee239e8fc8 100644
--- a/umac-set-key.c
+++ b/umac-set-key.c
@@ -39,6 +39,7 @@
#include "umac-internal.h"
#include "macros.h"
+#include "bswap-internal.h"
static void
umac_kdf (struct aes128_ctx *aes, unsigned index, unsigned length, uint8_t *dst)
@@ -61,20 +62,16 @@ umac_kdf (struct aes128_ctx *aes, unsigned index, unsigned length, uint8_t *dst)
}
#if WORDS_BIGENDIAN
-#define BE_SWAP32(x) x
-#define BE_SWAP32_N(n, x)
+/* FIXME: Duplicated with blowfish-bcrypt.c. */
+#define bswap32_if_le_n(n, x)
#else
-#define BE_SWAP32(x) \
- ((ROTL32(8, x) & 0x00FF00FFUL) | \
- (ROTL32(24, x) & 0xFF00FF00UL))
-#define BE_SWAP32_N(n, x) do { \
- unsigned be_i; \
- for (be_i = 0; be_i < n; be_i++) \
- { \
- uint32_t be_x = (x)[be_i]; \
- (x)[be_i] = BE_SWAP32 (be_x); \
- } \
- } while (0)
+static void
+bswap32_if_le_n (unsigned n, uint32_t *x)
+{
+ unsigned i;
+ for (i = 0; i < n; i++)
+ x[i] = nettle_bswap32 (x[i]);
+}
#endif
void
@@ -89,7 +86,7 @@ _nettle_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
size = UMAC_BLOCK_SIZE / 4 + 4*(n-1);
umac_kdf (aes, 1, size * sizeof(uint32_t), (uint8_t *) l1_key);
- BE_SWAP32_N (size, l1_key);
+ bswap32_if_le_n (size, l1_key);
size = 6*n;
umac_kdf (aes, 2, size * sizeof(uint32_t), (uint8_t *) l2_key);