diff options
author | Niels Möller <nisse@lysator.liu.se> | 2012-03-31 21:32:01 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2012-03-31 21:32:01 +0200 |
commit | 94de4dd997cd68e1df84131582d3c5f2a8632966 (patch) | |
tree | c5ec5dcc3d9fab344da1ba70da78d9b0dc131823 | |
parent | 67cd46aad27bdfee385048d1e256e8a5a03ad22d (diff) | |
download | nettle-94de4dd997cd68e1df84131582d3c5f2a8632966.tar.gz |
Use ROTL32 in the camellia code.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | camellia-crypt-internal.c | 8 | ||||
-rw-r--r-- | camellia-internal.h | 5 | ||||
-rw-r--r-- | camellia-set-encrypt-key.c | 68 |
4 files changed, 44 insertions, 42 deletions
@@ -5,6 +5,11 @@ * aes-set-encrypt-key.c: Include macros.h. (aes_set_encrypt_key): Use ROTL32. * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros. + * camellia-internal.h (ROL32): Deleted macro. + (ROTL128): Renamed for consistency, from... + (ROL128): ... old name. + * camellia-crypt-internal.c: Updated for renamed rotation macros. + * camellia-set-encrypt-key.c: Likewise. 2012-03-30 Niels Möller <nisse@lysator.liu.se> diff --git a/camellia-crypt-internal.c b/camellia-crypt-internal.c index 70051589..21c52400 100644 --- a/camellia-crypt-internal.c +++ b/camellia-crypt-internal.c @@ -46,7 +46,7 @@ __kl = (k) >> 32; \ __kr = (k) & 0xffffffff; \ __t = __xl & __kl; \ - __xr ^= ROL32(1, __t); \ + __xr ^= ROTL32(1, __t); \ __xl ^= (__xr | __kr); \ (x) = ((uint64_t) __xl << 32) | __xr; \ } while (0) @@ -59,7 +59,7 @@ __kr = (k) & 0xffffffff; \ __xl ^= (__xr | __kr); \ __t = __xl & __kl; \ - __xr ^= ROL32(1, __t); \ + __xr ^= ROTL32(1, __t); \ (x) = ((uint64_t) __xl << 32) | __xr; \ } while (0) @@ -82,7 +82,7 @@ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \ == y1,y2,y3,y4 */ \ - __il = ROL32(24, __il); \ + __il = ROTL32(24, __il); \ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \ __il ^= __ir; \ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \ @@ -112,7 +112,7 @@ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \ == y1,y2,y3,y4 */ \ - __il = ROL32(24, __il); \ + __il = ROTL32(24, __il); \ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \ __il ^= __ir; \ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \ diff --git a/camellia-internal.h b/camellia-internal.h index e0cfdf56..c0f67c8a 100644 --- a/camellia-internal.h +++ b/camellia-internal.h @@ -45,11 +45,8 @@ * macros */ -/* Rotation of 32-bit values. */ -#define ROL32(bits, x) (((x) << (bits)) | ((x) >> (32 - (bits)))) - /* Destructive rotation of 128 bit values. */ -#define ROL128(bits, xl, xr) do { \ +#define ROTL128(bits, xl, xr) do { \ uint64_t __rol128_t = (xl); \ (xl) = ((xl) << (bits)) | ((xr) >> (64 - (bits))); \ (xr) = ((xr) << (bits)) | (__rol128_t >> (64 - (bits))); \ diff --git a/camellia-set-encrypt-key.c b/camellia-set-encrypt-key.c index 20bb0322..408ed721 100644 --- a/camellia-set-encrypt-key.c +++ b/camellia-set-encrypt-key.c @@ -70,7 +70,7 @@ ^ CAMELLIA_SP3033((__i >> 40) & 0xff) \ ^ CAMELLIA_SP4404((__i >> 32) & 0xff); \ __yl ^= __yr; \ - __yr = ROL32(24, __yr); \ + __yr = ROTL32(24, __yr); \ __yr ^= __yl; \ (y) = ((uint64_t) __yl << 32) | __yr; \ } while (0) @@ -80,7 +80,7 @@ uint32_t __t, __w; \ __t = (x) >> 32; \ __w = __t ^(x); \ - __w = ROL32(8, __w); \ + __w = ROTL32(8, __w); \ (x) = ((uint64_t) __w << 32) | (__t ^ __w); \ } while (0) #endif @@ -107,17 +107,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, * generate KL dependent subkeys */ subkey[0] = k0; subkey[1] = k1; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[4] = k0; subkey[5] = k1; - ROL128(30, k0, k1); + ROTL128(30, k0, k1); subkey[10] = k0; subkey[11] = k1; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[13] = k1; - ROL128(17, k0, k1); + ROTL128(17, k0, k1); subkey[16] = k0; subkey[17] = k1; - ROL128(17, k0, k1); + ROTL128(17, k0, k1); subkey[18] = k0; subkey[19] = k1; - ROL128(17, k0, k1); + ROTL128(17, k0, k1); subkey[22] = k0; subkey[23] = k1; /* generate KA. D1 is k0, d2 is k1. */ @@ -144,17 +144,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, /* generate KA dependent subkeys */ subkey[2] = k0; subkey[3] = k1; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[6] = k0; subkey[7] = k1; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[8] = k0; subkey[9] = k1; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[12] = k0; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[14] = k0; subkey[15] = k1; - ROL128(34, k0, k1); + ROTL128(34, k0, k1); subkey[20] = k0; subkey[21] = k1; - ROL128(17, k0, k1); + ROTL128(17, k0, k1); subkey[24] = k0; subkey[25] = k1; } else @@ -173,25 +173,25 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, } /* generate KL dependent subkeys */ subkey[0] = k0; subkey[1] = k1; - ROL128(45, k0, k1); + ROTL128(45, k0, k1); subkey[12] = k0; subkey[13] = k1; - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[16] = k0; subkey[17] = k1; - ROL128(17, k0, k1); + ROTL128(17, k0, k1); subkey[22] = k0; subkey[23] = k1; - ROL128(34, k0, k1); + ROTL128(34, k0, k1); subkey[30] = k0; subkey[31] = k1; /* generate KR dependent subkeys */ - ROL128(15, k2, k3); + ROTL128(15, k2, k3); subkey[4] = k2; subkey[5] = k3; - ROL128(15, k2, k3); + ROTL128(15, k2, k3); subkey[8] = k2; subkey[9] = k3; - ROL128(30, k2, k3); + ROTL128(30, k2, k3); subkey[18] = k2; subkey[19] = k3; - ROL128(34, k2, k3); + ROTL128(34, k2, k3); subkey[26] = k2; subkey[27] = k3; - ROL128(34, k2, k3); + ROTL128(34, k2, k3); /* generate KA */ /* The construction of KA is done as @@ -230,22 +230,22 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, k2 ^= w; /* generate KA dependent subkeys */ - ROL128(15, k0, k1); + ROTL128(15, k0, k1); subkey[6] = k0; subkey[7] = k1; - ROL128(30, k0, k1); + ROTL128(30, k0, k1); subkey[14] = k0; subkey[15] = k1; - ROL128(32, k0, k1); + ROTL128(32, k0, k1); subkey[24] = k0; subkey[25] = k1; - ROL128(17, k0, k1); + ROTL128(17, k0, k1); subkey[28] = k0; subkey[29] = k1; /* generate KB dependent subkeys */ subkey[2] = k2; subkey[3] = k3; - ROL128(30, k2, k3); + ROTL128(30, k2, k3); subkey[10] = k2; subkey[11] = k3; - ROL128(30, k2, k3); + ROTL128(30, k2, k3); subkey[20] = k2; subkey[21] = k3; - ROL128(51, k2, k3); + ROTL128(51, k2, k3); subkey[32] = k2; subkey[33] = k3; } @@ -264,7 +264,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, and xor the result into the 32 high bits, but it still generates worse code than for explicit 32-bit operations. */ kw2 ^= (kw2 & ~subkey[i+1]) << 32; - dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROL32(1, dw); + dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROTL32(1, dw); subkey[i+3] ^= kw2; subkey[i+5] ^= kw2; @@ -281,7 +281,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, subkey[i+4] ^= kw4; subkey[i+2] ^= kw4; kw4 ^= (kw4 & ~subkey[i]) << 32; - dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROL32(1, dw); + dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROTL32(1, dw); } subkey[6] ^= kw4; @@ -302,7 +302,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, { tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]); dw = tl & (subkey[i] >> 32); - tr = subkey[i+2] ^ ROL32(1, dw); + tr = subkey[i+2] ^ ROTL32(1, dw); ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr); ctx->keys[i-1] = subkey[i]; @@ -310,7 +310,7 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx, tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]); dw = tl & (subkey[i+1] >> 32); - tr = subkey[i-1] ^ ROL32(1, dw); + tr = subkey[i-1] ^ ROTL32(1, dw); ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr); ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4]; |