diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/camellia.c | 79 |
1 files changed, 41 insertions, 38 deletions
diff --git a/crypto/camellia.c b/crypto/camellia.c index f07a19b3caad..f7aaaaf86982 100644 --- a/crypto/camellia.c +++ b/crypto/camellia.c | |||
@@ -337,43 +337,40 @@ static const u32 camellia_sp4404[256] = { | |||
337 | /* | 337 | /* |
338 | * macros | 338 | * macros |
339 | */ | 339 | */ |
340 | #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ | 340 | #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) ({ \ |
341 | do { \ | ||
342 | w0 = ll; \ | 341 | w0 = ll; \ |
343 | ll = (ll << bits) + (lr >> (32 - bits)); \ | 342 | ll = (ll << bits) + (lr >> (32 - bits)); \ |
344 | lr = (lr << bits) + (rl >> (32 - bits)); \ | 343 | lr = (lr << bits) + (rl >> (32 - bits)); \ |
345 | rl = (rl << bits) + (rr >> (32 - bits)); \ | 344 | rl = (rl << bits) + (rr >> (32 - bits)); \ |
346 | rr = (rr << bits) + (w0 >> (32 - bits)); \ | 345 | rr = (rr << bits) + (w0 >> (32 - bits)); \ |
347 | } while (0) | 346 | }) |
348 | 347 | ||
349 | #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ | 348 | #define ROLDQo32(ll, lr, rl, rr, w0, w1, bits) ({ \ |
350 | do { \ | ||
351 | w0 = ll; \ | 349 | w0 = ll; \ |
352 | w1 = lr; \ | 350 | w1 = lr; \ |
353 | ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ | 351 | ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ |
354 | lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ | 352 | lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ |
355 | rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ | 353 | rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ |
356 | rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ | 354 | rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ |
357 | } while (0) | 355 | }) |
358 | 356 | ||
359 | #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ | 357 | #define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) ({ \ |
360 | do { \ | ||
361 | il = xl ^ kl; \ | 358 | il = xl ^ kl; \ |
362 | ir = xr ^ kr; \ | 359 | ir = xr ^ kr; \ |
363 | t0 = il >> 16; \ | 360 | t0 = il >> 16; \ |
364 | t1 = ir >> 16; \ | 361 | t1 = ir >> 16; \ |
365 | yl = camellia_sp1110[(u8)(ir )] \ | 362 | yl = camellia_sp1110[(u8)(ir)] \ |
366 | ^ camellia_sp0222[ (t1 >> 8)] \ | 363 | ^ camellia_sp0222[(u8)(t1 >> 8)] \ |
367 | ^ camellia_sp3033[(u8)(t1 )] \ | 364 | ^ camellia_sp3033[(u8)(t1)] \ |
368 | ^ camellia_sp4404[(u8)(ir >> 8)]; \ | 365 | ^ camellia_sp4404[(u8)(ir >> 8)]; \ |
369 | yr = camellia_sp1110[ (t0 >> 8)] \ | 366 | yr = camellia_sp1110[(u8)(t0 >> 8)] \ |
370 | ^ camellia_sp0222[(u8)(t0 )] \ | 367 | ^ camellia_sp0222[(u8)(t0)] \ |
371 | ^ camellia_sp3033[(u8)(il >> 8)] \ | 368 | ^ camellia_sp3033[(u8)(il >> 8)] \ |
372 | ^ camellia_sp4404[(u8)(il )]; \ | 369 | ^ camellia_sp4404[(u8)(il)]; \ |
373 | yl ^= yr; \ | 370 | yl ^= yr; \ |
374 | yr = ror32(yr, 8); \ | 371 | yr = ror32(yr, 8); \ |
375 | yr ^= yl; \ | 372 | yr ^= yl; \ |
376 | } while (0) | 373 | }) |
377 | 374 | ||
378 | #define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) | 375 | #define SUBKEY_L(INDEX) (subkey[(INDEX)*2]) |
379 | #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) | 376 | #define SUBKEY_R(INDEX) (subkey[(INDEX)*2 + 1]) |
@@ -832,8 +829,7 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) | |||
832 | /* | 829 | /* |
833 | * Encrypt/decrypt | 830 | * Encrypt/decrypt |
834 | */ | 831 | */ |
835 | #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ | 832 | #define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) ({ \ |
836 | do { \ | ||
837 | t0 = kll; \ | 833 | t0 = kll; \ |
838 | t2 = krr; \ | 834 | t2 = krr; \ |
839 | t0 &= ll; \ | 835 | t0 &= ll; \ |
@@ -846,15 +842,14 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) | |||
846 | t1 |= lr; \ | 842 | t1 |= lr; \ |
847 | ll ^= t1; \ | 843 | ll ^= t1; \ |
848 | rr ^= rol32(t3, 1); \ | 844 | rr ^= rol32(t3, 1); \ |
849 | } while (0) | 845 | }) |
850 | 846 | ||
851 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ | 847 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) ({ \ |
852 | do { \ | ||
853 | yl ^= kl; \ | 848 | yl ^= kl; \ |
854 | yr ^= kr; \ | 849 | yr ^= kr; \ |
855 | ir = camellia_sp1110[(u8)xr]; \ | 850 | ir = camellia_sp1110[(u8)xr]; \ |
856 | il = camellia_sp1110[ (xl >> 24)]; \ | 851 | il = camellia_sp1110[(u8)(xl >> 24)]; \ |
857 | ir ^= camellia_sp0222[ (xr >> 24)]; \ | 852 | ir ^= camellia_sp0222[(u8)(xr >> 24)]; \ |
858 | il ^= camellia_sp0222[(u8)(xl >> 16)]; \ | 853 | il ^= camellia_sp0222[(u8)(xl >> 16)]; \ |
859 | ir ^= camellia_sp3033[(u8)(xr >> 16)]; \ | 854 | ir ^= camellia_sp3033[(u8)(xr >> 16)]; \ |
860 | il ^= camellia_sp3033[(u8)(xl >> 8)]; \ | 855 | il ^= camellia_sp3033[(u8)(xl >> 8)]; \ |
@@ -862,8 +857,8 @@ static void camellia_setup192(const unsigned char *key, u32 *subkey) | |||
862 | il ^= camellia_sp4404[(u8)xl]; \ | 857 | il ^= camellia_sp4404[(u8)xl]; \ |
863 | ir ^= il; \ | 858 | ir ^= il; \ |
864 | yl ^= ir; \ | 859 | yl ^= ir; \ |
865 | yr ^= ror32(il, 8) ^ ir; \ | 860 | yr ^= ror32(il, 8) ^ ir; \ |
866 | } while (0) | 861 | }) |
867 | 862 | ||
868 | /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ | 863 | /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ |
869 | static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) | 864 | static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) |
@@ -875,7 +870,7 @@ static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) | |||
875 | io[1] ^= SUBKEY_R(0); | 870 | io[1] ^= SUBKEY_R(0); |
876 | 871 | ||
877 | /* main iteration */ | 872 | /* main iteration */ |
878 | #define ROUNDS(i) do { \ | 873 | #define ROUNDS(i) ({ \ |
879 | CAMELLIA_ROUNDSM(io[0], io[1], \ | 874 | CAMELLIA_ROUNDSM(io[0], io[1], \ |
880 | SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ | 875 | SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ |
881 | io[2], io[3], il, ir); \ | 876 | io[2], io[3], il, ir); \ |
@@ -894,13 +889,13 @@ static void camellia_do_encrypt(const u32 *subkey, u32 *io, unsigned max) | |||
894 | CAMELLIA_ROUNDSM(io[2], io[3], \ | 889 | CAMELLIA_ROUNDSM(io[2], io[3], \ |
895 | SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ | 890 | SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ |
896 | io[0], io[1], il, ir); \ | 891 | io[0], io[1], il, ir); \ |
897 | } while (0) | 892 | }) |
898 | #define FLS(i) do { \ | 893 | #define FLS(i) ({ \ |
899 | CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ | 894 | CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ |
900 | SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ | 895 | SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ |
901 | SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ | 896 | SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ |
902 | t0, t1, il, ir); \ | 897 | t0, t1, il, ir); \ |
903 | } while (0) | 898 | }) |
904 | 899 | ||
905 | ROUNDS(0); | 900 | ROUNDS(0); |
906 | FLS(8); | 901 | FLS(8); |
@@ -930,7 +925,7 @@ static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i) | |||
930 | io[1] ^= SUBKEY_R(i); | 925 | io[1] ^= SUBKEY_R(i); |
931 | 926 | ||
932 | /* main iteration */ | 927 | /* main iteration */ |
933 | #define ROUNDS(i) do { \ | 928 | #define ROUNDS(i) ({ \ |
934 | CAMELLIA_ROUNDSM(io[0], io[1], \ | 929 | CAMELLIA_ROUNDSM(io[0], io[1], \ |
935 | SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ | 930 | SUBKEY_L(i + 7), SUBKEY_R(i + 7), \ |
936 | io[2], io[3], il, ir); \ | 931 | io[2], io[3], il, ir); \ |
@@ -949,13 +944,13 @@ static void camellia_do_decrypt(const u32 *subkey, u32 *io, unsigned i) | |||
949 | CAMELLIA_ROUNDSM(io[2], io[3], \ | 944 | CAMELLIA_ROUNDSM(io[2], io[3], \ |
950 | SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ | 945 | SUBKEY_L(i + 2), SUBKEY_R(i + 2), \ |
951 | io[0], io[1], il, ir); \ | 946 | io[0], io[1], il, ir); \ |
952 | } while (0) | 947 | }) |
953 | #define FLS(i) do { \ | 948 | #define FLS(i) ({ \ |
954 | CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ | 949 | CAMELLIA_FLS(io[0], io[1], io[2], io[3], \ |
955 | SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ | 950 | SUBKEY_L(i + 1), SUBKEY_R(i + 1), \ |
956 | SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ | 951 | SUBKEY_L(i + 0), SUBKEY_R(i + 0), \ |
957 | t0, t1, il, ir); \ | 952 | t0, t1, il, ir); \ |
958 | } while (0) | 953 | }) |
959 | 954 | ||
960 | if (i == 32) { | 955 | if (i == 32) { |
961 | ROUNDS(24); | 956 | ROUNDS(24); |
@@ -1017,6 +1012,7 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1017 | const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); | 1012 | const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); |
1018 | const __be32 *src = (const __be32 *)in; | 1013 | const __be32 *src = (const __be32 *)in; |
1019 | __be32 *dst = (__be32 *)out; | 1014 | __be32 *dst = (__be32 *)out; |
1015 | unsigned int max; | ||
1020 | 1016 | ||
1021 | u32 tmp[4]; | 1017 | u32 tmp[4]; |
1022 | 1018 | ||
@@ -1025,9 +1021,12 @@ static void camellia_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1025 | tmp[2] = be32_to_cpu(src[2]); | 1021 | tmp[2] = be32_to_cpu(src[2]); |
1026 | tmp[3] = be32_to_cpu(src[3]); | 1022 | tmp[3] = be32_to_cpu(src[3]); |
1027 | 1023 | ||
1028 | camellia_do_encrypt(cctx->key_table, tmp, | 1024 | if (cctx->key_length == 16) |
1029 | cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ | 1025 | max = 24; |
1030 | ); | 1026 | else |
1027 | max = 32; /* for key lengths of 24 and 32 */ | ||
1028 | |||
1029 | camellia_do_encrypt(cctx->key_table, tmp, max); | ||
1031 | 1030 | ||
1032 | /* do_encrypt returns 0,1 swapped with 2,3 */ | 1031 | /* do_encrypt returns 0,1 swapped with 2,3 */ |
1033 | dst[0] = cpu_to_be32(tmp[2]); | 1032 | dst[0] = cpu_to_be32(tmp[2]); |
@@ -1041,6 +1040,7 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1041 | const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); | 1040 | const struct camellia_ctx *cctx = crypto_tfm_ctx(tfm); |
1042 | const __be32 *src = (const __be32 *)in; | 1041 | const __be32 *src = (const __be32 *)in; |
1043 | __be32 *dst = (__be32 *)out; | 1042 | __be32 *dst = (__be32 *)out; |
1043 | unsigned int max; | ||
1044 | 1044 | ||
1045 | u32 tmp[4]; | 1045 | u32 tmp[4]; |
1046 | 1046 | ||
@@ -1049,9 +1049,12 @@ static void camellia_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) | |||
1049 | tmp[2] = be32_to_cpu(src[2]); | 1049 | tmp[2] = be32_to_cpu(src[2]); |
1050 | tmp[3] = be32_to_cpu(src[3]); | 1050 | tmp[3] = be32_to_cpu(src[3]); |
1051 | 1051 | ||
1052 | camellia_do_decrypt(cctx->key_table, tmp, | 1052 | if (cctx->key_length == 16) |
1053 | cctx->key_length == 16 ? 24 : 32 /* for key lengths of 24 and 32 */ | 1053 | max = 24; |
1054 | ); | 1054 | else |
1055 | max = 32; /* for key lengths of 24 and 32 */ | ||
1056 | |||
1057 | camellia_do_decrypt(cctx->key_table, tmp, max); | ||
1055 | 1058 | ||
1056 | /* do_decrypt returns 0,1 swapped with 2,3 */ | 1059 | /* do_decrypt returns 0,1 swapped with 2,3 */ |
1057 | dst[0] = cpu_to_be32(tmp[2]); | 1060 | dst[0] = cpu_to_be32(tmp[2]); |