~ubuntu-branches/ubuntu/vivid/nettle/vivid-proposed

Viewing changes to camellia-set-encrypt-key.c

Committer: Package Import Robot
Author(s): Magnus Holmgren
Date: 2013-05-04 19:50:28 UTC
mfrom: (1.4.6) (3.1.11 experimental)
mto: This revision was merged to the branch mainline in revision 14.
Revision ID: package-import@ubuntu.com-20130504195028-fp6c9fw1tsm5scwa

Tags: 2.7-1

http://bugs.debian.org/706081

* New upstream release (Closes: #706081).
* Include watch file improvements from Bart Martens <bartm@debian.org>
via the QA system.

files added:
arm

arm/aes-decrypt-internal.asm

arm/aes-encrypt-internal.asm

arm/aes.m4

arm/ecc-192-modp.asm

arm/ecc-224-modp.asm

arm/ecc-256-redc.asm

arm/ecc-384-modp.asm

arm/ecc-521-modp.asm

arm/machine.m4

arm/memxor.asm

arm/neon

arm/neon/salsa20-core-internal.asm

arm/neon/sha3-permute.asm

arm/neon/sha512-compress.asm

arm/neon/umac-nh-n.asm

arm/neon/umac-nh.asm

arm/sha1-compress.asm

arm/sha256-compress.asm

cnd-copy.c

ecc-192.c

ecc-224.c

ecc-256.c

ecc-384.c

ecc-521.c

ecc-a-to-j.c

ecc-add-jja.c

ecc-add-jjj.c

ecc-curve.h

ecc-dup-jj.c

ecc-ecdsa-sign.c

ecc-ecdsa-verify.c

ecc-generic-modp.c

ecc-generic-modq.c

ecc-generic-redc.c

ecc-hash.c

ecc-internal.h

ecc-j-to-a.c

ecc-mod.c

ecc-modp.c

ecc-modq.c

ecc-mul-a.c

ecc-mul-g.c

ecc-point-mul-g.c

ecc-point-mul.c

ecc-point.c

ecc-random.c

ecc-scalar.c

ecc-size.c

ecc.h

eccdata.c

ecdsa-keygen.c

ecdsa-sign.c

ecdsa-verify.c

ecdsa.h

examples/base16dec.c

examples/base16enc.c

examples/base64dec.c

examples/base64enc.c

examples/ecc-benchmark.c

examples/hogweed-benchmark.c

examples/timing.c

examples/timing.h

getopt.c

getopt.h

getopt1.c

gmp-glue.c

gmp-glue.h

gosthash94-meta.c

gosthash94.c

gosthash94.h

mini-gmp.c

mini-gmp.h

pbkdf2-hmac-sha1.c

pbkdf2-hmac-sha256.c

pbkdf2.c

pbkdf2.h

pkcs1-decrypt.c

pkcs1-encrypt.c

pkcs1-rsa-digest.c

rsa-blind.c

rsa-decrypt-tr.c

rsa-pkcs1-sign-tr.c

rsa-pkcs1-sign.c

rsa-pkcs1-verify.c

run-tests

salsa20-core-internal.c

salsa20-crypt.c

salsa20-set-key.c

salsa20.h

salsa20r12-crypt.c

sec-add-1.c

sec-modinv.c

sec-sub-1.c

sec-tabselect.c

sha1.h

sha2.h

sha3-224-meta.c

sha3-224.c

sha3-256-meta.c

sha3-256.c

sha3-384-meta.c

sha3-384.c

sha3-512-meta.c

sha3-512.c

sha3-permute.c

sha3.c

sha3.h

testsuite/ecc-mod-test.c

testsuite/ecc-modinv-test.c

testsuite/ecc-mul-a-test.c

testsuite/ecc-mul-g-test.c

testsuite/ecc-redc-test.c

testsuite/ecdsa-keygen-test.c

testsuite/ecdsa-sign-test.c

testsuite/ecdsa-verify-test.c

testsuite/gosthash94-test.c

testsuite/pbkdf2-test.c

testsuite/salsa20-test.c

testsuite/setup-env

testsuite/sha3-224-test.c

testsuite/sha3-256-test.c

testsuite/sha3-384-test.c

testsuite/sha3-512-test.c

testsuite/sha3-permute-test.c

testsuite/sha3.awk

testsuite/umac-test.c

twofishdata.c

umac-l2.c

umac-l3.c

umac-nh-n.c

umac-nh.c

umac-poly128.c

umac-poly64.c

umac-set-key.c

umac.h

umac128.c

umac32.c

umac64.c

umac96.c

write-le64.c

x86_64/ecc-192-modp.asm

x86_64/ecc-224-modp.asm

x86_64/ecc-256-redc.asm

x86_64/ecc-384-modp.asm

x86_64/ecc-521-modp.asm

x86_64/salsa20-core-internal.asm

x86_64/salsa20-crypt.asm

x86_64/salsa20.m4

x86_64/sha256-compress.asm

x86_64/sha3-permute.asm

x86_64/sha512-compress.asm

x86_64/umac-nh-n.asm

x86_64/umac-nh.asm

files removed:
debian/nettle-bin.postinst

examples/getopt.c

examples/getopt.h

examples/getopt1.c

examples/run-tests

testsuite/run-tests

tools/getopt.c

tools/getopt.h

tools/getopt1.c

x86_64/arcfour-crypt.asm

files modified:
ChangeLog

Makefile.in

NEWS

README

aclocal.m4

aes-decrypt-internal.c

aes-decrypt.c

aes-encrypt-internal.c

aes-encrypt-table.c

aes-encrypt.c

aes-internal.h

aes-meta.c

aes-set-decrypt-key.c

aes-set-encrypt-key.c

aes.h

aesdata.c

arcfour-crypt.c

arcfour-meta.c

arcfour.c

arcfour.h

arctwo-meta.c

arctwo.c

arctwo.h

asm.m4

asn1.h

base16-decode.c

base16-encode.c

base16-meta.c

base16.h

base64-decode.c

base64-encode.c

base64-meta.c

base64.h

bignum-next-prime.c

bignum-random-prime.c

bignum-random.c

bignum.c

bignum.h

blowfish.c

blowfish.h

buffer-init.c

buffer.c

buffer.h

camellia-crypt-internal.c

camellia-crypt.c

camellia-internal.h

camellia-meta.c

camellia-set-decrypt-key.c

camellia-set-encrypt-key.c

camellia-table.c

camellia.h

cast128-meta.c

cast128.c

cast128.h

cast128_sboxes.h

cbc.c

cbc.h

config.guess

config.h.in

config.m4.in

config.make.in

config.sub

configure

configure.ac

ctr.c

ctr.h

debian/changelog

debian/control

debian/libhogweed2.symbols

debian/libnettle4.symbols

debian/watch

der-iterator.c

der2dsa.c

der2rsa.c

des-compat.c

des-compat.h

des.c

des.h

des3.c

desCode.h

descore.README

desdata.c

desinfo.h

dsa-keygen.c

dsa-sha1-sign.c

dsa-sha1-verify.c

dsa-sha256-sign.c

dsa-sha256-verify.c

dsa-sign.c

dsa-verify.c

dsa.c

dsa.h

dsa2sexp.c

examples/Makefile.in

examples/eratosthenes.c

examples/io.c

examples/io.h

examples/nettle-benchmark.c

examples/nettle-openssl.c

examples/next-prime.c

examples/random-prime.c

examples/read_rsa_key.c

examples/rsa-decrypt.c

examples/rsa-encrypt-test

examples/rsa-encrypt.c

examples/rsa-keygen.c

examples/rsa-sign-test

examples/rsa-sign.c

examples/rsa-verify-test

examples/rsa-verify.c

examples/setup-env

examples/teardown-env

gcm-aes.c

gcm.c

gcm.h

gcmdata.c

hmac-md5.c

hmac-ripemd160.c

hmac-sha1.c

hmac-sha224.c

hmac-sha256.c

hmac-sha384.c

hmac-sha512.c

hmac.c

hmac.h

knuth-lfib.c

knuth-lfib.h

macros.h

md2-meta.c

md2.c

md2.h

md4-meta.c

md4.c

md4.h

md5-compat.c

md5-compat.h

md5-compress.c

md5-meta.c

md5.c

md5.h

memxor.c

nettle-internal.c

nettle-internal.h

nettle-meta-armors.c

nettle-meta-ciphers.c

nettle-meta-hashes.c

nettle-meta.h

nettle-types.h

nettle-write.h

nettle.html

nettle.info

nettle.pdf

nettle.texinfo

pgp-encode.c

pgp.h

pkcs1-rsa-md5.c

pkcs1-rsa-sha1.c

pkcs1-rsa-sha256.c

pkcs1-rsa-sha512.c

pkcs1.c

pkcs1.h

realloc.c

realloc.h

ripemd160-compress.c

ripemd160-meta.c

ripemd160.c

ripemd160.h

rsa-compat.c

rsa-compat.h

rsa-decrypt.c

rsa-encrypt.c

rsa-keygen.c

rsa-md5-sign.c

rsa-md5-verify.c

rsa-sha1-sign.c

rsa-sha1-verify.c

rsa-sha256-sign.c

rsa-sha256-verify.c

rsa-sha512-sign.c

rsa-sha512-verify.c

rsa-sign.c

rsa-verify.c

rsa.c

rsa.h

rsa2openpgp.c

rsa2sexp.c

serpent-decrypt.c

serpent-encrypt.c

serpent-internal.h

serpent-meta.c

serpent-set-key.c

serpent.h

sexp-format.c

sexp-transport-format.c

sexp-transport.c

sexp.c

sexp.h

sexp2bignum.c

sexp2dsa.c

sexp2rsa.c

sha-example.c

sha.h

sha1-compress.c

sha1-meta.c

sha1.c

sha224-meta.c

sha256-compress.c

sha256-meta.c

sha256.c

sha384-meta.c

sha512-compress.c

sha512-meta.c

sha512.c

shadata.c

sparc32/aes-decrypt-internal.asm

sparc32/aes-encrypt-internal.asm

sparc32/arcfour-crypt.asm

sparc64/aes-decrypt-internal.asm

sparc64/aes-encrypt-internal.asm

sparc64/arcfour-crypt.asm

testsuite/.test-rules.make

testsuite/Makefile.in

testsuite/aes-test.c

testsuite/arcfour-test.c

testsuite/arctwo-test.c

testsuite/base16-test.c

testsuite/base64-test.c

testsuite/bignum-test.c

testsuite/blowfish-test.c

testsuite/buffer-test.c

testsuite/camellia-test.c

testsuite/cast128-test.c

testsuite/cbc-test.c

testsuite/ctr-test.c

testsuite/cxx-test.cxx

testsuite/des-compat-test.c

testsuite/des-test.c

testsuite/des3-test.c

testsuite/dsa-keygen-test.c

testsuite/dsa-test.c

testsuite/gcm-test.c

testsuite/hmac-test.c

testsuite/knuth-lfib-test.c

testsuite/md2-test.c

testsuite/md4-test.c

testsuite/md5-compat-test.c

testsuite/md5-test.c

testsuite/memxor-test.c

testsuite/meta-armor-test.c

testsuite/meta-cipher-test.c

testsuite/meta-hash-test.c

testsuite/pkcs1-conv-test

testsuite/pkcs1-test.c

testsuite/random-prime-test.c

testsuite/ripemd160-test.c

testsuite/rsa-encrypt-test.c

testsuite/rsa-keygen-test.c

testsuite/rsa-test.c

testsuite/rsa2sexp-test.c

testsuite/serpent-test.c

testsuite/sexp-conv-test

testsuite/sexp-format-test.c

testsuite/sexp-test.c

testsuite/sexp2rsa-test.c

testsuite/sha1-huge-test.c

testsuite/sha1-test.c

testsuite/sha224-test.c

testsuite/sha256-test.c

testsuite/sha384-test.c

testsuite/sha512-test.c

testsuite/symbols-test

testsuite/teardown-env

testsuite/testutils.c

testsuite/testutils.h

testsuite/twofish-test.c

testsuite/yarrow-test.c

tools/Makefile.in

tools/input.c

tools/input.h

tools/misc.c

tools/misc.h

tools/nettle-hash.c

tools/nettle-lfib-stream.c

tools/output.c

tools/output.h

tools/parse.c

tools/parse.h

tools/pkcs1-conv.c

tools/sexp-conv.c

twofish-meta.c

twofish.c

twofish.h

write-be32.c

write-le32.c

x86/aes-decrypt-internal.asm

x86/aes-encrypt-internal.asm

x86/arcfour-crypt.asm

x86/camellia-crypt-internal.asm

x86/md5-compress.asm

x86/sha1-compress.asm

x86_64/aes-decrypt-internal.asm

x86_64/aes-encrypt-internal.asm

x86_64/camellia-crypt-internal.asm

x86_64/machine.m4

x86_64/memxor.asm

x86_64/serpent-decrypt.asm

x86_64/serpent-encrypt.asm

x86_64/serpent.m4

x86_64/sha1-compress.asm

yarrow.h

yarrow256.c

yarrow_key_event.c

Show diffs side-by-side

added added

removed removed

camellia-set-encrypt-key.c

* NTT (Nippon Telegraph and Telephone Corporation).

* This library is free software; you can redistribute it and/or

* modify it under the terms of the GNU Lesser General Public

^ CAMELLIA_SP3033((__i >> 40) & 0xff) \

^ CAMELLIA_SP4404((__i >> 32) & 0xff); \

__yl ^= __yr; \

__yr = ROL32(24, __yr); \

__yr = ROTL32(24, __yr); \

__yr ^= __yl; \

(y) = ((uint64_t) __yl << 32) | __yr; \

} while (0)

uint32_t __t, __w; \

__t = (x) >> 32; \

__w = __t ^(x); \

__w = ROL32(8, __w); \

__w = ROTL32(8, __w); \

(x) = ((uint64_t) __w << 32) | (__t ^ __w); \

} while (0)

#endif

107

* generate KL dependent subkeys

108

109

subkey[0] = k0; subkey[1] = k1;

110

ROL128(15, k0, k1);

110

ROTL128(15, k0, k1);

111

subkey[4] = k0; subkey[5] = k1;

112

ROL128(30, k0, k1);

112

ROTL128(30, k0, k1);

113

subkey[10] = k0; subkey[11] = k1;

114

ROL128(15, k0, k1);

114

ROTL128(15, k0, k1);

115

subkey[13] = k1;

116

ROL128(17, k0, k1);

116

ROTL128(17, k0, k1);

117

subkey[16] = k0; subkey[17] = k1;

118

ROL128(17, k0, k1);

118

ROTL128(17, k0, k1);

119

subkey[18] = k0; subkey[19] = k1;

120

ROL128(17, k0, k1);

120

ROTL128(17, k0, k1);

121

subkey[22] = k0; subkey[23] = k1;

122

123

/* generate KA. D1 is k0, d2 is k1. */

144

145

/* generate KA dependent subkeys */

146

subkey[2] = k0; subkey[3] = k1;

147

ROL128(15, k0, k1);

147

ROTL128(15, k0, k1);

148

subkey[6] = k0; subkey[7] = k1;

149

ROL128(15, k0, k1);

149

ROTL128(15, k0, k1);

150

subkey[8] = k0; subkey[9] = k1;

151

ROL128(15, k0, k1);

151

ROTL128(15, k0, k1);

152

subkey[12] = k0;

153

ROL128(15, k0, k1);

153

ROTL128(15, k0, k1);

154

subkey[14] = k0; subkey[15] = k1;

155

ROL128(34, k0, k1);

155

ROTL128(34, k0, k1);

156

subkey[20] = k0; subkey[21] = k1;

157

ROL128(17, k0, k1);

157

ROTL128(17, k0, k1);

158

subkey[24] = k0; subkey[25] = k1;

159

}

160

else

173

}

174

/* generate KL dependent subkeys */

175

subkey[0] = k0; subkey[1] = k1;

176

ROL128(45, k0, k1);

176

ROTL128(45, k0, k1);

177

subkey[12] = k0; subkey[13] = k1;

178

ROL128(15, k0, k1);

178

ROTL128(15, k0, k1);

179

subkey[16] = k0; subkey[17] = k1;

180

ROL128(17, k0, k1);

180

ROTL128(17, k0, k1);

181

subkey[22] = k0; subkey[23] = k1;

182

ROL128(34, k0, k1);

182

ROTL128(34, k0, k1);

183

subkey[30] = k0; subkey[31] = k1;

184

185

/* generate KR dependent subkeys */

186

ROL128(15, k2, k3);

186

ROTL128(15, k2, k3);

187

subkey[4] = k2; subkey[5] = k3;

188

ROL128(15, k2, k3);

188

ROTL128(15, k2, k3);

189

subkey[8] = k2; subkey[9] = k3;

190

ROL128(30, k2, k3);

190

ROTL128(30, k2, k3);

191

subkey[18] = k2; subkey[19] = k3;

192

ROL128(34, k2, k3);

192

ROTL128(34, k2, k3);

193

subkey[26] = k2; subkey[27] = k3;

194

ROL128(34, k2, k3);

194

ROTL128(34, k2, k3);

195

196

/* generate KA */

197

/* The construction of KA is done as

230

k2 ^= w;

231

232

/* generate KA dependent subkeys */

233

ROL128(15, k0, k1);

233

ROTL128(15, k0, k1);

234

subkey[6] = k0; subkey[7] = k1;

235

ROL128(30, k0, k1);

235

ROTL128(30, k0, k1);

236

subkey[14] = k0; subkey[15] = k1;

237

ROL128(32, k0, k1);

237

ROTL128(32, k0, k1);

238

subkey[24] = k0; subkey[25] = k1;

239

ROL128(17, k0, k1);

239

ROTL128(17, k0, k1);

240

subkey[28] = k0; subkey[29] = k1;

241

242

/* generate KB dependent subkeys */

243

subkey[2] = k2; subkey[3] = k3;

244

ROL128(30, k2, k3);

244

ROTL128(30, k2, k3);

245

subkey[10] = k2; subkey[11] = k3;

246

ROL128(30, k2, k3);

246

ROTL128(30, k2, k3);

247

subkey[20] = k2; subkey[21] = k3;

248

ROL128(51, k2, k3);

248

ROTL128(51, k2, k3);

249

subkey[32] = k2; subkey[33] = k3;

250

}

251

264

and xor the result into the 32 high bits, but it still generates

265

worse code than for explicit 32-bit operations. */

266

kw2 ^= (kw2 & ~subkey[i+1]) << 32;

267

dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROL32(1, dw);

267

dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROTL32(1, dw);

268

269

subkey[i+3] ^= kw2;

270

subkey[i+5] ^= kw2;

281

subkey[i+4] ^= kw4;

282

subkey[i+2] ^= kw4;

283

kw4 ^= (kw4 & ~subkey[i]) << 32;

284

dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROL32(1, dw);

284

dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROTL32(1, dw);

285

}

286

287

subkey[6] ^= kw4;

302

{

303

tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);

304

dw = tl & (subkey[i] >> 32);

305

tr = subkey[i+2] ^ ROL32(1, dw);

305

tr = subkey[i+2] ^ ROTL32(1, dw);

306

ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);

307

308

ctx->keys[i-1] = subkey[i];

310

311

tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);

312

dw = tl & (subkey[i+1] >> 32);

313

tr = subkey[i-1] ^ ROL32(1, dw);

313

tr = subkey[i-1] ^ ROTL32(1, dw);

314

ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);

315

316

ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];

Older »