Commit 55d15220 authored by Niels Möller's avatar Niels Möller

* camellia.h (struct camellia_ctx): Eliminate the two unused

subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
* camellia-set-decrypt-key.c (camellia_invert_key): Likewise.

Rev: nettle/ChangeLog:1.101
Rev: nettle/camellia-crypt-internal.c:1.2
Rev: nettle/camellia-set-decrypt-key.c:1.2
Rev: nettle/camellia-set-encrypt-key.c:1.4
Rev: nettle/camellia.h:1.5
parent adcde24f
2010-07-25 Niels Mller <nisse@lysator.liu.se> 2010-07-25 Niels Mller <nisse@lysator.liu.se>
* camellia.h (struct camellia_ctx): Eliminate the two unused
subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
* camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline * camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
the expansion of camellia_setup128 and camellia_setup256, keeping the expansion of camellia_setup128 and camellia_setup256, keeping
the unexpanded key in scalar variables. the unexpanded key in scalar variables.
......
...@@ -110,28 +110,28 @@ _camellia_crypt(const struct camellia_ctx *ctx, ...@@ -110,28 +110,28 @@ _camellia_crypt(const struct camellia_ctx *ctx,
/* main iteration */ /* main iteration */
CAMELLIA_ROUNDSM(T, i0,ctx->keys[2], i1); CAMELLIA_ROUNDSM(T, i0,ctx->keys[1], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[3], i0); CAMELLIA_ROUNDSM(T, i1,ctx->keys[2], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[4], i1); CAMELLIA_ROUNDSM(T, i0,ctx->keys[3], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[5], i0); CAMELLIA_ROUNDSM(T, i1,ctx->keys[4], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[6], i1); CAMELLIA_ROUNDSM(T, i0,ctx->keys[5], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[7], i0); CAMELLIA_ROUNDSM(T, i1,ctx->keys[6], i0);
for (i = 0; i < ctx->nkeys - 10; i+= 8) for (i = 0; i < ctx->nkeys - 8; i+= 8)
{ {
CAMELLIA_FL(i0, ctx->keys[i+8]); CAMELLIA_FL(i0, ctx->keys[i+7]);
CAMELLIA_FLINV(i1, ctx->keys[i+9]); CAMELLIA_FLINV(i1, ctx->keys[i+8]);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+10], i1); CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+9], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+11], i0); CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+10], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+12], i1); CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+11], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+13], i0); CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+12], i0);
CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+14], i1); CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+13], i1);
CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+15], i0); CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+14], i0);
} }
/* post whitening but kw4 */ /* post whitening but kw4 */
i1 ^= ctx->keys[i+8]; i1 ^= ctx->keys[i+7];
WRITE_UINT64(dst , i1); WRITE_UINT64(dst , i1);
WRITE_UINT64(dst + 8, i0); WRITE_UINT64(dst + 8, i0);
......
...@@ -40,17 +40,15 @@ camellia_invert_key(struct camellia_ctx *dst, ...@@ -40,17 +40,15 @@ camellia_invert_key(struct camellia_ctx *dst,
unsigned i; unsigned i;
if (dst == src) if (dst == src)
{ {
SWAP(dst->keys[0], dst->keys[nkeys - 2]); for (i = 0; i < nkeys - 1 - i; i++)
for (i = 2; i < nkeys - 1 - i; i++)
SWAP(dst->keys[i], dst->keys[nkeys - 1 - i]); SWAP(dst->keys[i], dst->keys[nkeys - 1 - i]);
} }
else else
{ {
dst->nkeys = nkeys; dst->nkeys = nkeys;
dst->keys[0] = src->keys[nkeys - 2];
for (i = 2; i < nkeys - 2; i++) for (i = 0; i < nkeys; i++)
dst->keys[i] = src->keys[nkeys - 1 - i]; dst->keys[i] = src->keys[nkeys - 1 - i];
dst->keys[nkeys - 2] = src->keys[0];
} }
} }
......
...@@ -99,7 +99,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -99,7 +99,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
if (length == 16) if (length == 16)
{ {
ctx->nkeys = 26; ctx->nkeys = 24;
/** /**
* generate KL dependent subkeys * generate KL dependent subkeys
*/ */
...@@ -157,7 +157,8 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -157,7 +157,8 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
else else
{ {
uint64_t k2, k3; uint64_t k2, k3;
ctx->nkeys = 34;
ctx->nkeys = 32;
k2 = READ_UINT64(key + 16); k2 = READ_UINT64(key + 16);
if (length == 24) if (length == 24)
...@@ -254,7 +255,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -254,7 +255,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[3] ^= kw2; subkey[3] ^= kw2;
subkey[5] ^= kw2; subkey[5] ^= kw2;
subkey[7] ^= kw2; subkey[7] ^= kw2;
for (i = 8; i < ctx->nkeys - 2; i += 8) for (i = 8; i < ctx->nkeys; i += 8)
{ {
/* FIXME: gcc for x86_32 is smart enough to fetch the 32 low bits /* FIXME: gcc for x86_32 is smart enough to fetch the 32 low bits
and xor the result into the 32 high bits, but it still generates and xor the result into the 32 high bits, but it still generates
...@@ -269,9 +270,9 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -269,9 +270,9 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
subkey[i] ^= kw2; subkey[i] ^= kw2;
/* absorb kw4 to other subkeys */ /* absorb kw4 to other subkeys */
kw4 = subkey[ctx->nkeys - 1]; kw4 = subkey[ctx->nkeys + 1];
for (i = ctx->nkeys - 10; i > 0; i -= 8) for (i = ctx->nkeys - 8; i > 0; i -= 8)
{ {
subkey[i+6] ^= kw4; subkey[i+6] ^= kw4;
subkey[i+4] ^= kw4; subkey[i+4] ^= kw4;
...@@ -287,44 +288,44 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, ...@@ -287,44 +288,44 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
/* key XOR is end of F-function */ /* key XOR is end of F-function */
ctx->keys[0] = subkey[0] ^ subkey[2]; ctx->keys[0] = subkey[0] ^ subkey[2];
ctx->keys[2] = subkey[3]; ctx->keys[1] = subkey[3];
ctx->keys[3] = subkey[2] ^ subkey[4]; ctx->keys[2] = subkey[2] ^ subkey[4];
ctx->keys[4] = subkey[3] ^ subkey[5]; ctx->keys[3] = subkey[3] ^ subkey[5];
ctx->keys[5] = subkey[4] ^ subkey[6]; ctx->keys[4] = subkey[4] ^ subkey[6];
ctx->keys[6] = subkey[5] ^ subkey[7]; ctx->keys[5] = subkey[5] ^ subkey[7];
for (i = 8; i < ctx->nkeys - 2; i += 8) for (i = 8; i < ctx->nkeys; i += 8)
{ {
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]); tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32); dw = tl & (subkey[i] >> 32);
tr = subkey[i+2] ^ ROL32(1, dw); tr = subkey[i+2] ^ ROL32(1, dw);
ctx->keys[i-1] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr); ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i] = subkey[i]; ctx->keys[i-1] = subkey[i];
ctx->keys[i+1] = subkey[i+1]; ctx->keys[i] = subkey[i+1];
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]); tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32); dw = tl & (subkey[i+1] >> 32);
tr = subkey[i-1] ^ ROL32(1, dw); tr = subkey[i-1] ^ ROL32(1, dw);
ctx->keys[i+2] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr); ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i+3] = subkey[i+2] ^ subkey[i+4]; ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];
ctx->keys[i+4] = subkey[i+3] ^ subkey[i+5]; ctx->keys[i+3] = subkey[i+3] ^ subkey[i+5];
ctx->keys[i+5] = subkey[i+4] ^ subkey[i+6]; ctx->keys[i+4] = subkey[i+4] ^ subkey[i+6];
ctx->keys[i+6] = subkey[i+5] ^ subkey[i+7]; ctx->keys[i+5] = subkey[i+5] ^ subkey[i+7];
} }
ctx->keys[i-1] = subkey[i-2]; ctx->keys[i-2] = subkey[i-2];
ctx->keys[i] = subkey[i] ^ subkey[i-1]; ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
for (i = 0; i < ctx->nkeys - 2; i += 8) for (i = 0; i < ctx->nkeys; i += 8)
{ {
/* apply the inverse of the last half of F-function */ /* apply the inverse of the last half of F-function */
CAMELLIA_F_HALF_INV(ctx->keys[i+1]);
CAMELLIA_F_HALF_INV(ctx->keys[i+2]); CAMELLIA_F_HALF_INV(ctx->keys[i+2]);
CAMELLIA_F_HALF_INV(ctx->keys[i+3]); CAMELLIA_F_HALF_INV(ctx->keys[i+3]);
CAMELLIA_F_HALF_INV(ctx->keys[i+4]); CAMELLIA_F_HALF_INV(ctx->keys[i+4]);
CAMELLIA_F_HALF_INV(ctx->keys[i+5]); CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
CAMELLIA_F_HALF_INV(ctx->keys[i+6]); CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
CAMELLIA_F_HALF_INV(ctx->keys[i+7]);
} }
} }
...@@ -54,9 +54,9 @@ struct camellia_ctx ...@@ -54,9 +54,9 @@ struct camellia_ctx
a total of 34 subkeys. */ a total of 34 subkeys. */
/* The clever combination of subkeys imply one of the pre- and /* The clever combination of subkeys imply one of the pre- and
post-whitening keys is folded with the round keys, so that subkey post-whitening keys is folded with the round keys, so that subkey
#1 and the last one (#25 or #33) is not used. FIXME: Renumber to #1 and the last one (#25 or #33) is not used. The result is that
eliminate them. */ we have only 24 or 32 subkeys at the end of key setup. */
uint64_t keys[34]; uint64_t keys[32];
}; };
void void
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment