Partial revert of 2010-09-20 changes.

author Niels Möller <nisse@lysator.liu.se>

Fri, 24 Sep 2010 05:43:56 +0000 (07:43 +0200)

committer Niels Möller <nisse@lysator.liu.se>

Fri, 24 Sep 2010 05:43:56 +0000 (07:43 +0200)
author Niels Möller <nisse@lysator.liu.se>
Fri, 24 Sep 2010 05:43:56 +0000 (07:43 +0200)
committer Niels Möller <nisse@lysator.liu.se>
Fri, 24 Sep 2010 05:43:56 +0000 (07:43 +0200)
diff --git a/ChangeLog b/ChangeLog

index 592f22b8182e7ba94d2a1a3f6ffbab1fadbc1e77..b6be1848b0b8da981c6d7cca5eca76909337f446 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2010-09-24  Niels Möller  <nisse@lysator.liu.se>
+
+       Partial revert of 2010-09-20 changes.
+       * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
+       Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
+       * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
+       differing in where addition of the key is done.
+       * x86/camellia-crypt-internal.asm: Moved addition of key.
+
  2010-09-22  Niels Möller  <nisse@turmalin.hack.org>
  
         * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
diff --git a/camellia-crypt-internal.c b/camellia-crypt-internal.c

index 679c4db169288da9955a1cdfd941e07ad6776c16..8a9296e812efe021a3ad520d4ad126cd32a0292a 100644 (file)
--- a/camellia-crypt-internal.c
+++ b/camellia-crypt-internal.c
@@ -33,6 +33,7 @@
  #endif
  
  #include <assert.h>
+#include <limits.h>
  
  #include "camellia-internal.h"
  
@@ -62,33 +63,64 @@
    (x) = ((uint64_t) __xl << 32) | __xr;                \
  } while (0)
  
+#if HAVE_NATIVE_64_BIT
  #define CAMELLIA_ROUNDSM(T, x, k, y) do {                      \
      uint32_t __il, __ir;                                       \
      __ir                                                       \
-      = T->sp1110[(x) & 0xff]                          \
-      ^ T->sp0222[((x) >> 24) & 0xff]                  \
-      ^ T->sp3033[((x) >> 16) & 0xff]                  \
-      ^ T->sp4404[((x) >> 8) & 0xff];                  \
+      = T->sp1110[(x) & 0xff]                                  \
+      ^ T->sp0222[((x) >> 24) & 0xff]                          \
+      ^ T->sp3033[((x) >> 16) & 0xff]                          \
+      ^ T->sp4404[((x) >> 8) & 0xff];                          \
      /* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */    \
      __il                                                       \
-      = T->sp1110[ (x) >> 56]                          \
-      ^ T->sp0222[((x) >> 48) & 0xff]                  \
-      ^ T->sp3033[((x) >> 40) & 0xff]                  \
-      ^ T->sp4404[((x) >> 32) & 0xff];                 \
+      = T->sp1110[ (x) >> 56]                                  \
+      ^ T->sp0222[((x) >> 48) & 0xff]                          \
+      ^ T->sp3033[((x) >> 40) & 0xff]                          \
+      ^ T->sp4404[((x) >> 32) & 0xff];                         \
      /* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */    \
      __ir ^= __il;                                              \
      /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8),          \
-             (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7)           \
-          == y1,y2,y3,y4 */                                    \
+       (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7)                 \
+       == y1,y2,y3,y4 */                                       \
      __il = ROL32(24, __il);                                    \
      /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */    \
      __il ^= __ir;                                              \
      /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8),                        \
-             (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7)                 \
-          == y5,y6,y7,y8 */                                    \
+       (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7)                       \
+       == y5,y6,y7,y8 */                                       \
      y ^= (k);                                                  \
      y ^= ((uint64_t) __ir << 32) | __il;                       \
    } while (0)
+#else /* !HAVE_NATIVE_64_BIT */
+#define CAMELLIA_ROUNDSM(T, x, k, y) do {                      \
+    uint32_t __il, __ir;                                       \
+    __ir                                                       \
+      = T->sp1110[(x) & 0xff]                                  \
+      ^ T->sp0222[((x) >> 24) & 0xff]                          \
+      ^ T->sp3033[((x) >> 16) & 0xff]                          \
+      ^ T->sp4404[((x) >> 8) & 0xff];                          \
+    /* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */    \
+    __il                                                       \
+      = T->sp1110[ (x) >> 56]                                  \
+      ^ T->sp0222[((x) >> 48) & 0xff]                          \
+      ^ T->sp3033[((x) >> 40) & 0xff]                          \
+      ^ T->sp4404[((x) >> 32) & 0xff];                         \
+    /* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */    \
+    __il ^= (k) >> 32;                                         \
+    __ir ^= (k) & 0xffffffff;                                  \
+    __ir ^= __il;                                              \
+    /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8),          \
+       (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7)                 \
+       == y1,y2,y3,y4 */                                       \
+    __il = ROL32(24, __il);                                    \
+    /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */    \
+    __il ^= __ir;                                              \
+    /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8),                        \
+       (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7)                       \
+       == y5,y6,y7,y8 */                                       \
+    y ^= ((uint64_t) __ir << 32) | __il;                       \
+  } while (0)
+#endif
  
  void
  _camellia_crypt(const struct camellia_ctx *ctx,
diff --git a/camellia-set-encrypt-key.c b/camellia-set-encrypt-key.c

index ee3799466bb95dd48be13fabcdb386dd487983c2..989e3c7e79df2593d46eb1596ce4cc81ad15d2cc 100644 (file)
--- a/camellia-set-encrypt-key.c
+++ b/camellia-set-encrypt-key.c
@@ -36,6 +36,7 @@
  #endif
  
  #include <assert.h>
+#include <limits.h>
  
  #include "camellia-internal.h"
  
@@ -74,6 +75,16 @@
      (y) = ((uint64_t) __yl << 32) | __yr;      \
    } while (0)
  
+#if ! HAVE_NATIVE_64_BIT
+#define CAMELLIA_F_HALF_INV(x) do {            \
+    uint32_t __t, __w;                         \
+    __t = (x) >> 32;                           \
+    __w = __t ^(x);                            \
+    __w = ROL32(8, __w);                       \
+    (x) = ((uint64_t) __w << 32) | (__t ^ __w);        \
+  } while (0)
+#endif
+
  void
  camellia_set_encrypt_key(struct camellia_ctx *ctx,
                          unsigned length, const uint8_t *key)
@@ -309,4 +320,17 @@ camellia_set_encrypt_key(struct camellia_ctx *ctx,
      }
    ctx->keys[i-2] = subkey[i-2];
    ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
+
+#if !HAVE_NATIVE_64_BIT
+  for (i = 0; i < ctx->nkeys; i += 8)
+    {
+      /* apply the inverse of the last half of F-function */
+      CAMELLIA_F_HALF_INV(ctx->keys[i+1]);
+      CAMELLIA_F_HALF_INV(ctx->keys[i+2]);
+      CAMELLIA_F_HALF_INV(ctx->keys[i+3]);
+      CAMELLIA_F_HALF_INV(ctx->keys[i+4]);
+      CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
+      CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
+    }
+#endif
  }
author	Niels Möller <nisse@lysator.liu.se>
	Fri, 24 Sep 2010 05:43:56 +0000 (07:43 +0200)
committer	Niels Möller <nisse@lysator.liu.se>
	Fri, 24 Sep 2010 05:43:56 +0000 (07:43 +0200)
ChangeLog		patch \| blob \| blame \| history
camellia-crypt-internal.c		patch \| blob \| blame \| history
camellia-set-encrypt-key.c		patch \| blob \| blame \| history