aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/camellia.c79
1 files changed, 41 insertions, 38 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c
index f07a19b3caad..f7aaaaf86982 100644
--- a/crypto/camellia.c
+++ b/crypto/camellia.c
@@ -337,43 +337,40 @@ static const u32 camellia_sp4404[256] = {
337/* 337/*
338 * macros 338 * macros
339 */ 339 */
340#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ 340#define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \
341 do { \
342 w0 = ll; \ 341 w0 = ll; \
343 ll = (ll << bits) + (lr >> (32 - bits)); \ 342 ll = (ll << bits) + (lr >> (32 - bits)); \
344 lr = (lr << bits) + (rl >> (32 - bits)); \ 343 lr = (lr << bits) + (rl >> (32 - bits)); \
345 rl = (rl << bits) + (rr >> (32 - bits)); \ 344 rl = (rl << bits) + (rr >> (32 - bits)); \
346 rr = (rr << bits) + (w0 >> (32 - bits)); \ 345 rr = (rr << bits) + (w0 >> (32 - bits)); \
347 } while (0) 346})
348 347
349#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ 348#define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \
350 do { \
351 w0 = ll; \ 349 w0 = ll; \
352 w1 = lr; \ 350 w1 = lr; \
353 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ 351 ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
354 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ 352 lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
355 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ 353 rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
356 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ 354 rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
357 } while (0) 355})
358 356
359#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ 357#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \
360 do { \
361 il = xl ^ kl; \ 358 il = xl ^ kl; \
362 ir = xr ^ kr; \ 359 ir = xr ^ kr; \
363 t0 = il >> 16; \ 360 t0 = il >> 16; \
364 t1 = ir >> 16; \ 361 t1 = ir >> 16; \
365 yl = camellia_sp1110[(u8)(ir )] \ 362 yl = camellia_sp1110[(u8)(ir)] \
366 ^ camellia_sp0222[ (t1 >> 8)] \ 363 ^ camellia_sp0222[(u8)(t1 >> 8)] \
367 ^ camellia_sp3033[(u8)(t1 )] \ 364 ^ camellia_sp3033[(u8)(t1)] \
368 ^ camellia_sp4404[(u8)(ir >> 8)]; \ 365 ^ camellia_sp4404[(u8)(ir >> 8)]; \
369 yr = camellia_sp1110[ (t0 >> 8)] \ 366 yr = camellia_sp1110[(u8)(t0 >> 8)] \
370 ^ camellia_sp0222[(u8)(t0 )] \ 367 ^ camellia_sp0222[(u8)(t0)] \
371 ^ camellia_sp3033[(u8)(il >> 8)] \ 368 ^ camellia_sp3033[(u8)(il >> 8)] \
372 ^ camellia_sp4404[(u8)(il )]; \ 369 ^ camellia_sp4404[(u8)(il)]; \
373 yl ^= yr; \ 370 yl ^= yr; \
374 yr = ror32(yr, 8); \ 371 yr = ror32(yr, 8); \
375 yr ^= yl; \ 372 yr ^= yl; \
376 } while (0) 373})
377 374
378#define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) 375#define SUBKEY_L(INDEX) (subkey[(INDEX)*2])
379#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) 376#define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1])
@@ -832,8 +829,7 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
832/* 829/*
833 * Encrypt/decrypt 830 * Encrypt/decrypt
834 */ 831 */
835#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ 832#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \
836 do { \
837 t0 = kll; \ 833 t0 = kll; \
838 t2 = krr; \ 834 t2 = krr; \
839 t0 &= ll; \ 835 t0 &= ll; \
@@ -846,15 +842,14 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
846 t1 |= lr; \ 842 t1 |= lr; \
847 ll ^= t1; \ 843 ll ^= t1; \
848 rr ^= rol32(t3, 1); \ 844 rr ^= rol32(t3, 1); \
849 } while (0) 845})
850 846
851#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ 847#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \
852 do { \
853 yl ^= kl; \ 848 yl ^= kl; \
854 yr ^= kr; \ 849 yr ^= kr; \
855 ir = camellia_sp1110[(u8)xr]; \ 850 ir = camellia_sp1110[(u8)xr]; \
856 il = camellia_sp1110[ (xl >> 24)]; \ 851 il = camellia_sp1110[(u8)(xl >> 24)]; \
857 ir ^= camellia_sp0222[ (xr >> 24)]; \ 852 ir ^= camellia_sp0222[(u8)(xr >> 24)]; \
858 il ^= camellia_sp0222[(u8)(xl >> 16)]; \ 853 il ^= camellia_sp0222[(u8)(xl >> 16)]; \
859 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \ 854 ir ^= camellia_sp3033[(u8)(xr >> 16)]; \
860 il ^= camellia_sp3033[(u8)(xl >> 8)]; \ 855 il ^= camellia_sp3033[(u8)(xl >> 8)]; \
@@ -862,8 +857,8 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey)
862 il ^= camellia_sp4404[(u8)xl]; \ 857 il ^= camellia_sp4404[(u8)xl]; \
863 ir ^= il; \ 858 ir ^= il; \
864 yl ^= ir; \ 859 yl ^= ir; \
865 yr ^= ror32(il, 8) ^ ir; \ 860 yr ^= ror32(il, 8) ^ ir; \
866 } while (0) 861})
867 862
868/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ 863/* max = 24: 128bit encrypt, max = 32: 256bit encrypt */
869static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) 864static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
@@ -875,7 +870,7 @@ static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
875 io[1] ^= SUBKEY_R(0); 870 io[1] ^= SUBKEY_R(0);
876 871
877 /* main iteration */ 872 /* main iteration */
878#define ROUNDS(i) do { \ 873#define ROUNDS(i) ({ \
879 CAMELLIA_ROUNDSM(io[0], io[1], \ 874 CAMELLIA_ROUNDSM(io[0], io[1], \
880 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ 875 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
881 io[2], io[3], il, ir); \ 876 io[2], io[3], il, ir); \
@@ -894,13 +889,13 @@ static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max)
894 CAMELLIA_ROUNDSM(io[2], io[3], \ 889 CAMELLIA_ROUNDSM(io[2], io[3], \
895 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ 890 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
896 io[0], io[1], il, ir); \ 891 io[0], io[1], il, ir); \
897} while (0) 892})
898#define FLS(i) do { \ 893#define FLS(i) ({ \
899 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ 894 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
900 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ 895 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
901 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ 896 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
902 t0, t1, il, ir); \ 897 t0, t1, il, ir); \
903} while (0) 898})
904 899
905 ROUNDS(0); 900 ROUNDS(0);
906 FLS(8); 901 FLS(8);
@@ -930,7 +925,7 @@ static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
930 io[1] ^= SUBKEY_R(i); 925 io[1] ^= SUBKEY_R(i);
931 926
932 /* main iteration */ 927 /* main iteration */
933#define ROUNDS(i) do { \ 928#define ROUNDS(i) ({ \
934 CAMELLIA_ROUNDSM(io[0], io[1], \ 929 CAMELLIA_ROUNDSM(io[0], io[1], \
935 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ 930 SUBKEY_L(i + 7), SUBKEY_R(i + 7), \
936 io[2], io[3], il, ir); \ 931 io[2], io[3], il, ir); \
@@ -949,13 +944,13 @@ static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i)
949 CAMELLIA_ROUNDSM(io[2], io[3], \ 944 CAMELLIA_ROUNDSM(io[2], io[3], \
950 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ 945 SUBKEY_L(i + 2), SUBKEY_R(i + 2), \
951 io[0], io[1], il, ir); \ 946 io[0], io[1], il, ir); \
952} while (0) 947})
953#define FLS(i) do { \ 948#define FLS(i) ({ \
954 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ 949 CAMELLIA_FLS(io[0], io[1], io[2], io[3], \
955 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ 950 SUBKEY_L(i + 1), SUBKEY_R(i + 1), \
956 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ 951 SUBKEY_L(i + 0), SUBKEY_R(i + 0), \
957 t0, t1, il, ir); \ 952 t0, t1, il, ir); \
958} while (0) 953})
959 954
960 if (i == 32) { 955 if (i == 32) {
961 ROUNDS(24); 956 ROUNDS(24);
@@ -1017,6 +1012,7 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1017 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1012 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1018 const __be32 *src = (const __be32 *)in; 1013 const __be32 *src = (const __be32 *)in;
1019 __be32 *dst = (__be32 *)out; 1014 __be32 *dst = (__be32 *)out;
1015 unsigned int max;
1020 1016
1021 u32 tmp[4]; 1017 u32 tmp[4];
1022 1018
@@ -1025,9 +1021,12 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1025 tmp[2] = be32_to_cpu(src[2]); 1021 tmp[2] = be32_to_cpu(src[2]);
1026 tmp[3] = be32_to_cpu(src[3]); 1022 tmp[3] = be32_to_cpu(src[3]);
1027 1023
1028 camellia_do_encrypt(cctx->key_table, tmp, 1024 if (cctx->key_length == 16)
1029 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ 1025 max = 24;
1030 ); 1026 else
1027 max = 32; /* for key lengths of 24 and 32 */
1028
1029 camellia_do_encrypt(cctx->key_table, tmp, max);
1031 1030
1032 /* do_encrypt returns 0,1 swapped with 2,3 */ 1031 /* do_encrypt returns 0,1 swapped with 2,3 */
1033 dst[0] = cpu_to_be32(tmp[2]); 1032 dst[0] = cpu_to_be32(tmp[2]);
@@ -1041,6 +1040,7 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1041 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); 1040 const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm);
1042 const __be32 *src = (const __be32 *)in; 1041 const __be32 *src = (const __be32 *)in;
1043 __be32 *dst = (__be32 *)out; 1042 __be32 *dst = (__be32 *)out;
1043 unsigned int max;
1044 1044
1045 u32 tmp[4]; 1045 u32 tmp[4];
1046 1046
@@ -1049,9 +1049,12 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
1049 tmp[2] = be32_to_cpu(src[2]); 1049 tmp[2] = be32_to_cpu(src[2]);
1050 tmp[3] = be32_to_cpu(src[3]); 1050 tmp[3] = be32_to_cpu(src[3]);
1051 1051
1052 camellia_do_decrypt(cctx->key_table, tmp, 1052 if (cctx->key_length == 16)
1053 cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ 1053 max = 24;
1054 ); 1054 else
1055 max = 32; /* for key lengths of 24 and 32 */
1056
1057 camellia_do_decrypt(cctx->key_table, tmp, max);
1055 1058
1056 /* do_decrypt returns 0,1 swapped with 2,3 */ 1059 /* do_decrypt returns 0,1 swapped with 2,3 */
1057 dst[0] = cpu_to_be32(tmp[2]); 1060 dst[0] = cpu_to_be32(tmp[2]);