diff options
author | Niels Möller <nisse@lysator.liu.se> | 2010-07-24 18:05:37 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2010-07-24 18:05:37 +0200 |
commit | c1552ab2821946603a57e0fc4a35cb1afb20454b (patch) | |
tree | 5a0061d1b28a5961b09243aca22dc2f641540fd8 /camellia-crypt-internal.c | |
parent | 5af860741ff620190b330e1bda26312c9abc902c (diff) | |
download | nettle-c1552ab2821946603a57e0fc4a35cb1afb20454b.tar.gz |
* camellia-set-encrypt-key.c (camellia_setup128): Generate
unmodified subkeys according to the spec. Moved clever combination
of subkeys to camellia_set_encrypt_key.
(camellia_setup256): Likewise.
(camellia_set_encrypt_key): Moved subkey post-processing code
here, and reduce code duplication between 128-bit keys and larger
keys.
* camellia.c: Deleted file, split into several new files...
* camellia-table.c (_camellia_table): New file with the constant
sbox tables.
* camellia-set-encrypt-key.c: New file.
(camellia_setup128): Generate unmodified subkeys according to the
spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
(camellia_setup256): Likewise.
* camellia-set-decrypt-key.c: New file.
(camellia_invert_key): Key inversion function.
(camellia_set_decrypt_key): New key setup function.
* camellia-internal.h: New file.
* camellia-crypt.c (camellia_crypt): New file, new wrapper
function passing the sbox table to _camellia_crypt.
* camellia-crypt-internal.c (_camellia_crypt): New file, with main
encrypt/decrypt function.
* Makefile.in (nettle_SOURCES): Updated list of camellia source files.
(DISTFILES): Added camellia-internal.h.
Rev: nettle/ChangeLog:1.96
Rev: nettle/Makefile.in:1.26
Rev: nettle/camellia-crypt-internal.c:1.1
Rev: nettle/camellia-crypt.c:1.1
Rev: nettle/camellia-internal.h:1.1
Rev: nettle/camellia-set-decrypt-key.c:1.1
Rev: nettle/camellia-set-encrypt-key.c:1.1
Rev: nettle/camellia-table.c:1.1
Rev: nettle/camellia.c:1.5(DEAD)
Diffstat (limited to 'camellia-crypt-internal.c')
-rw-r--r-- | camellia-crypt-internal.c | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/camellia-crypt-internal.c b/camellia-crypt-internal.c new file mode 100644 index 00000000..4c5dce85 --- /dev/null +++ b/camellia-crypt-internal.c @@ -0,0 +1,139 @@ +/* camellia-crypt-internal.c + * + * Copyright (C) 2006,2007 + * NTT (Nippon Telegraph and Telephone Corporation). + * + * Copyright (C) 2010 Niels Möller + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/* + * Algorithm Specification + * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html + */ + +/* Based on camellia.c ver 1.2.0, see + http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz. + */ +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "camellia-internal.h" + +#include "macros.h" + +#define CAMELLIA_FL(x, k) do { \ + uint32_t __xl, __xr, __kl, __kr, __t; \ + __xl = (x) >> 32; \ + __xr = (x) & 0xffffffff; \ + __kl = (k) >> 32; \ + __kr = (k) & 0xffffffff; \ + __t = __xl & __kl; \ + __xr ^= ROL32(1, __t); \ + __xl ^= (__xr | __kr); \ + (x) = ((uint64_t) __xl << 32) | __xr; \ +} while (0) + +#define CAMELLIA_FLINV(x, k) do { \ + uint32_t __xl, __xr, __kl, __kr, __t; \ + __xl = (x) >> 32; \ + __xr = (x) & 0xffffffff; \ + __kl = (k) >> 32; \ + __kr = (k) & 0xffffffff; \ + __xl ^= (__xr | __kr); \ + __t = __xl & __kl; \ + __xr ^= ROL32(1, __t); \ + (x) = ((uint64_t) __xl << 32) | __xr; \ +} while (0) + +#define CAMELLIA_ROUNDSM(T, x, k, y) do { \ + uint32_t __il, __ir; \ + __ir \ + = T->sp1110[(x) & 0xff] \ + ^ T->sp0222[((x) >> 24) & 0xff] \ + ^ T->sp3033[((x) >> 16) & 0xff] \ + ^ T->sp4404[((x) >> 8) & 0xff]; \ + /* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \ + __il \ + = T->sp1110[ (x) >> 56] \ + ^ T->sp0222[((x) >> 48) & 0xff] \ + ^ T->sp3033[((x) >> 40) & 0xff] \ + ^ T->sp4404[((x) >> 32) & 0xff]; \ + /* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \ + __il ^= (k) >> 32; \ + __ir ^= (k) & 0xffffffff; \ + __ir ^= __il; \ + /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \ + (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \ + == y1,y2,y3,y4 */ \ + __il = ROL32(24, __il); \ + /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \ + __il ^= __ir; \ + /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \ + (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \ + == y5,y6,y7,y8 */ \ + y ^= ((uint64_t) __ir << 32) | __il; \ + } while (0) + +void +_camellia_crypt(const struct camellia_ctx *ctx, + const struct camellia_table *T, + unsigned length, uint8_t *dst, + const uint8_t *src) +{ + FOR_BLOCKS(length, dst, src, CAMELLIA_BLOCK_SIZE) + { + uint64_t i0,i1; + unsigned i; + + i0 = READ_UINT64(src); + i1 = READ_UINT64(src + 8); + + /* pre whitening but absorb kw2*/ + i0 ^= ctx->keys[0]; + + /* main iteration */ + + CAMELLIA_ROUNDSM(T, i0,ctx->keys[2], i1); + CAMELLIA_ROUNDSM(T, i1,ctx->keys[3], i0); + CAMELLIA_ROUNDSM(T, i0,ctx->keys[4], i1); + CAMELLIA_ROUNDSM(T, i1,ctx->keys[5], i0); + CAMELLIA_ROUNDSM(T, i0,ctx->keys[6], i1); + CAMELLIA_ROUNDSM(T, i1,ctx->keys[7], i0); + + for (i = 0; i < ctx->nkeys - 10; i+= 8) + { + CAMELLIA_FL(i0, ctx->keys[i+8]); + CAMELLIA_FLINV(i1, ctx->keys[i+9]); + + CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+10], i1); + CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+11], i0); + CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+12], i1); + CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+13], i0); + CAMELLIA_ROUNDSM(T, i0,ctx->keys[i+14], i1); + CAMELLIA_ROUNDSM(T, i1,ctx->keys[i+15], i0); + } + + /* post whitening but kw4 */ + i1 ^= ctx->keys[i+8]; + + WRITE_UINT64(dst , i1); + WRITE_UINT64(dst + 8, i0); + } +} |