Commit 32bd78e0a5d34cd8e34046502bddcf31aeb38e64
Committed by
Herbert Xu
Herbert Xu
1 parent
d12d6b6d37
Exists in
master
and in
39 other branches
crypto: camellia - use kernel-provided bitops, unaligned access
Remove the private implementation of 32-bit rotation and unaligned access with byteswapping. As a bonus, fixes sparse warnings: crypto/camellia.c:602:2: warning: cast to restricted __be32 crypto/camellia.c:603:2: warning: cast to restricted __be32 crypto/camellia.c:604:2: warning: cast to restricted __be32 crypto/camellia.c:605:2: warning: cast to restricted __be32 crypto/camellia.c:710:2: warning: cast to restricted __be32 crypto/camellia.c:711:2: warning: cast to restricted __be32 crypto/camellia.c:712:2: warning: cast to restricted __be32 crypto/camellia.c:713:2: warning: cast to restricted __be32 crypto/camellia.c:714:2: warning: cast to restricted __be32 crypto/camellia.c:715:2: warning: cast to restricted __be32 crypto/camellia.c:716:2: warning: cast to restricted __be32 crypto/camellia.c:717:2: warning: cast to restricted __be32 [Thanks to Tomoyuki Okazaki for spotting the typo] Tested-by: Carlo E. Prelz <fluido@fluido.as> Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 1 changed file with 36 additions and 48 deletions Side-by-side Diff
crypto/camellia.c
| ... | ... | @@ -35,6 +35,8 @@ |
| 35 | 35 | #include <linux/init.h> |
| 36 | 36 | #include <linux/kernel.h> |
| 37 | 37 | #include <linux/module.h> |
| 38 | +#include <linux/bitops.h> | |
| 39 | +#include <asm/unaligned.h> | |
| 38 | 40 | |
| 39 | 41 | static const u32 camellia_sp1110[256] = { |
| 40 | 42 | 0x70707000,0x82828200,0x2c2c2c00,0xececec00, |
| ... | ... | @@ -335,20 +337,6 @@ |
| 335 | 337 | /* |
| 336 | 338 | * macros |
| 337 | 339 | */ |
| 338 | -#define GETU32(v, pt) \ | |
| 339 | - do { \ | |
| 340 | - /* latest breed of gcc is clever enough to use move */ \ | |
| 341 | - memcpy(&(v), (pt), 4); \ | |
| 342 | - (v) = be32_to_cpu(v); \ | |
| 343 | - } while(0) | |
| 344 | - | |
| 345 | -/* rotation right shift 1byte */ | |
| 346 | -#define ROR8(x) (((x) >> 8) + ((x) << 24)) | |
| 347 | -/* rotation left shift 1bit */ | |
| 348 | -#define ROL1(x) (((x) << 1) + ((x) >> 31)) | |
| 349 | -/* rotation left shift 1byte */ | |
| 350 | -#define ROL8(x) (((x) << 8) + ((x) >> 24)) | |
| 351 | - | |
| 352 | 340 | #define ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ |
| 353 | 341 | do { \ |
| 354 | 342 | w0 = ll; \ |
| ... | ... | @@ -383,7 +371,7 @@ |
| 383 | 371 | ^ camellia_sp3033[(u8)(il >> 8)] \ |
| 384 | 372 | ^ camellia_sp4404[(u8)(il )]; \ |
| 385 | 373 | yl ^= yr; \ |
| 386 | - yr = ROR8(yr); \ | |
| 374 | + yr = ror32(yr, 8); \ | |
| 387 | 375 | yr ^= yl; \ |
| 388 | 376 | } while(0) |
| 389 | 377 | |
| ... | ... | @@ -405,7 +393,7 @@ |
| 405 | 393 | subL[7] ^= subL[1]; subR[7] ^= subR[1]; |
| 406 | 394 | subL[1] ^= subR[1] & ~subR[9]; |
| 407 | 395 | dw = subL[1] & subL[9], |
| 408 | - subR[1] ^= ROL1(dw); /* modified for FLinv(kl2) */ | |
| 396 | + subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl2) */ | |
| 409 | 397 | /* round 8 */ |
| 410 | 398 | subL[11] ^= subL[1]; subR[11] ^= subR[1]; |
| 411 | 399 | /* round 10 */ |
| ... | ... | @@ -414,7 +402,7 @@ |
| 414 | 402 | subL[15] ^= subL[1]; subR[15] ^= subR[1]; |
| 415 | 403 | subL[1] ^= subR[1] & ~subR[17]; |
| 416 | 404 | dw = subL[1] & subL[17], |
| 417 | - subR[1] ^= ROL1(dw); /* modified for FLinv(kl4) */ | |
| 405 | + subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl4) */ | |
| 418 | 406 | /* round 14 */ |
| 419 | 407 | subL[19] ^= subL[1]; subR[19] ^= subR[1]; |
| 420 | 408 | /* round 16 */ |
| ... | ... | @@ -430,7 +418,7 @@ |
| 430 | 418 | } else { |
| 431 | 419 | subL[1] ^= subR[1] & ~subR[25]; |
| 432 | 420 | dw = subL[1] & subL[25], |
| 433 | - subR[1] ^= ROL1(dw); /* modified for FLinv(kl6) */ | |
| 421 | + subR[1] ^= rol32(dw, 1); /* modified for FLinv(kl6) */ | |
| 434 | 422 | /* round 20 */ |
| 435 | 423 | subL[27] ^= subL[1]; subR[27] ^= subR[1]; |
| 436 | 424 | /* round 22 */ |
| ... | ... | @@ -450,7 +438,7 @@ |
| 450 | 438 | subL[26] ^= kw4l; subR[26] ^= kw4r; |
| 451 | 439 | kw4l ^= kw4r & ~subR[24]; |
| 452 | 440 | dw = kw4l & subL[24], |
| 453 | - kw4r ^= ROL1(dw); /* modified for FL(kl5) */ | |
| 441 | + kw4r ^= rol32(dw, 1); /* modified for FL(kl5) */ | |
| 454 | 442 | } |
| 455 | 443 | /* round 17 */ |
| 456 | 444 | subL[22] ^= kw4l; subR[22] ^= kw4r; |
| ... | ... | @@ -460,7 +448,7 @@ |
| 460 | 448 | subL[18] ^= kw4l; subR[18] ^= kw4r; |
| 461 | 449 | kw4l ^= kw4r & ~subR[16]; |
| 462 | 450 | dw = kw4l & subL[16], |
| 463 | - kw4r ^= ROL1(dw); /* modified for FL(kl3) */ | |
| 451 | + kw4r ^= rol32(dw, 1); /* modified for FL(kl3) */ | |
| 464 | 452 | /* round 11 */ |
| 465 | 453 | subL[14] ^= kw4l; subR[14] ^= kw4r; |
| 466 | 454 | /* round 9 */ |
| ... | ... | @@ -469,7 +457,7 @@ |
| 469 | 457 | subL[10] ^= kw4l; subR[10] ^= kw4r; |
| 470 | 458 | kw4l ^= kw4r & ~subR[8]; |
| 471 | 459 | dw = kw4l & subL[8], |
| 472 | - kw4r ^= ROL1(dw); /* modified for FL(kl1) */ | |
| 460 | + kw4r ^= rol32(dw, 1); /* modified for FL(kl1) */ | |
| 473 | 461 | /* round 5 */ |
| 474 | 462 | subL[6] ^= kw4l; subR[6] ^= kw4r; |
| 475 | 463 | /* round 3 */ |
| ... | ... | @@ -494,7 +482,7 @@ |
| 494 | 482 | SUBKEY_R(6) = subR[5] ^ subR[7]; |
| 495 | 483 | tl = subL[10] ^ (subR[10] & ~subR[8]); |
| 496 | 484 | dw = tl & subL[8], /* FL(kl1) */ |
| 497 | - tr = subR[10] ^ ROL1(dw); | |
| 485 | + tr = subR[10] ^ rol32(dw, 1); | |
| 498 | 486 | SUBKEY_L(7) = subL[6] ^ tl; /* round 6 */ |
| 499 | 487 | SUBKEY_R(7) = subR[6] ^ tr; |
| 500 | 488 | SUBKEY_L(8) = subL[8]; /* FL(kl1) */ |
| ... | ... | @@ -503,7 +491,7 @@ |
| 503 | 491 | SUBKEY_R(9) = subR[9]; |
| 504 | 492 | tl = subL[7] ^ (subR[7] & ~subR[9]); |
| 505 | 493 | dw = tl & subL[9], /* FLinv(kl2) */ |
| 506 | - tr = subR[7] ^ ROL1(dw); | |
| 494 | + tr = subR[7] ^ rol32(dw, 1); | |
| 507 | 495 | SUBKEY_L(10) = tl ^ subL[11]; /* round 7 */ |
| 508 | 496 | SUBKEY_R(10) = tr ^ subR[11]; |
| 509 | 497 | SUBKEY_L(11) = subL[10] ^ subL[12]; /* round 8 */ |
| ... | ... | @@ -516,7 +504,7 @@ |
| 516 | 504 | SUBKEY_R(14) = subR[13] ^ subR[15]; |
| 517 | 505 | tl = subL[18] ^ (subR[18] & ~subR[16]); |
| 518 | 506 | dw = tl & subL[16], /* FL(kl3) */ |
| 519 | - tr = subR[18] ^ ROL1(dw); | |
| 507 | + tr = subR[18] ^ rol32(dw, 1); | |
| 520 | 508 | SUBKEY_L(15) = subL[14] ^ tl; /* round 12 */ |
| 521 | 509 | SUBKEY_R(15) = subR[14] ^ tr; |
| 522 | 510 | SUBKEY_L(16) = subL[16]; /* FL(kl3) */ |
| ... | ... | @@ -525,7 +513,7 @@ |
| 525 | 513 | SUBKEY_R(17) = subR[17]; |
| 526 | 514 | tl = subL[15] ^ (subR[15] & ~subR[17]); |
| 527 | 515 | dw = tl & subL[17], /* FLinv(kl4) */ |
| 528 | - tr = subR[15] ^ ROL1(dw); | |
| 516 | + tr = subR[15] ^ rol32(dw, 1); | |
| 529 | 517 | SUBKEY_L(18) = tl ^ subL[19]; /* round 13 */ |
| 530 | 518 | SUBKEY_R(18) = tr ^ subR[19]; |
| 531 | 519 | SUBKEY_L(19) = subL[18] ^ subL[20]; /* round 14 */ |
| ... | ... | @@ -544,7 +532,7 @@ |
| 544 | 532 | } else { |
| 545 | 533 | tl = subL[26] ^ (subR[26] & ~subR[24]); |
| 546 | 534 | dw = tl & subL[24], /* FL(kl5) */ |
| 547 | - tr = subR[26] ^ ROL1(dw); | |
| 535 | + tr = subR[26] ^ rol32(dw, 1); | |
| 548 | 536 | SUBKEY_L(23) = subL[22] ^ tl; /* round 18 */ |
| 549 | 537 | SUBKEY_R(23) = subR[22] ^ tr; |
| 550 | 538 | SUBKEY_L(24) = subL[24]; /* FL(kl5) */ |
| ... | ... | @@ -553,7 +541,7 @@ |
| 553 | 541 | SUBKEY_R(25) = subR[25]; |
| 554 | 542 | tl = subL[23] ^ (subR[23] & ~subR[25]); |
| 555 | 543 | dw = tl & subL[25], /* FLinv(kl6) */ |
| 556 | - tr = subR[23] ^ ROL1(dw); | |
| 544 | + tr = subR[23] ^ rol32(dw, 1); | |
| 557 | 545 | SUBKEY_L(26) = tl ^ subL[27]; /* round 19 */ |
| 558 | 546 | SUBKEY_R(26) = tr ^ subR[27]; |
| 559 | 547 | SUBKEY_L(27) = subL[26] ^ subL[28]; /* round 20 */ |
| 560 | 548 | |
| 561 | 549 | |
| 562 | 550 | |
| 563 | 551 | |
| 564 | 552 | |
| ... | ... | @@ -573,17 +561,17 @@ |
| 573 | 561 | /* apply the inverse of the last half of P-function */ |
| 574 | 562 | i = 2; |
| 575 | 563 | do { |
| 576 | - dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = ROL8(dw);/* round 1 */ | |
| 564 | + dw = SUBKEY_L(i + 0) ^ SUBKEY_R(i + 0); dw = rol32(dw, 8);/* round 1 */ | |
| 577 | 565 | SUBKEY_R(i + 0) = SUBKEY_L(i + 0) ^ dw; SUBKEY_L(i + 0) = dw; |
| 578 | - dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = ROL8(dw);/* round 2 */ | |
| 566 | + dw = SUBKEY_L(i + 1) ^ SUBKEY_R(i + 1); dw = rol32(dw, 8);/* round 2 */ | |
| 579 | 567 | SUBKEY_R(i + 1) = SUBKEY_L(i + 1) ^ dw; SUBKEY_L(i + 1) = dw; |
| 580 | - dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = ROL8(dw);/* round 3 */ | |
| 568 | + dw = SUBKEY_L(i + 2) ^ SUBKEY_R(i + 2); dw = rol32(dw, 8);/* round 3 */ | |
| 581 | 569 | SUBKEY_R(i + 2) = SUBKEY_L(i + 2) ^ dw; SUBKEY_L(i + 2) = dw; |
| 582 | - dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = ROL8(dw);/* round 4 */ | |
| 570 | + dw = SUBKEY_L(i + 3) ^ SUBKEY_R(i + 3); dw = rol32(dw, 8);/* round 4 */ | |
| 583 | 571 | SUBKEY_R(i + 3) = SUBKEY_L(i + 3) ^ dw; SUBKEY_L(i + 3) = dw; |
| 584 | - dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = ROL8(dw);/* round 5 */ | |
| 572 | + dw = SUBKEY_L(i + 4) ^ SUBKEY_R(i + 4); dw = rol32(dw, 8);/* round 5 */ | |
| 585 | 573 | SUBKEY_R(i + 4) = SUBKEY_L(i + 4) ^ dw; SUBKEY_L(i + 4) = dw; |
| 586 | - dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = ROL8(dw);/* round 6 */ | |
| 574 | + dw = SUBKEY_L(i + 5) ^ SUBKEY_R(i + 5); dw = rol32(dw, 8);/* round 6 */ | |
| 587 | 575 | SUBKEY_R(i + 5) = SUBKEY_L(i + 5) ^ dw; SUBKEY_L(i + 5) = dw; |
| 588 | 576 | i += 8; |
| 589 | 577 | } while (i < max); |
| ... | ... | @@ -599,10 +587,10 @@ |
| 599 | 587 | /** |
| 600 | 588 | * k == kll || klr || krl || krr (|| is concatenation) |
| 601 | 589 | */ |
| 602 | - GETU32(kll, key ); | |
| 603 | - GETU32(klr, key + 4); | |
| 604 | - GETU32(krl, key + 8); | |
| 605 | - GETU32(krr, key + 12); | |
| 590 | + kll = get_unaligned_be32(key); | |
| 591 | + klr = get_unaligned_be32(key + 4); | |
| 592 | + krl = get_unaligned_be32(key + 8); | |
| 593 | + krr = get_unaligned_be32(key + 12); | |
| 606 | 594 | |
| 607 | 595 | /* generate KL dependent subkeys */ |
| 608 | 596 | /* kw1 */ |
| ... | ... | @@ -707,14 +695,14 @@ |
| 707 | 695 | * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) |
| 708 | 696 | * (|| is concatenation) |
| 709 | 697 | */ |
| 710 | - GETU32(kll, key ); | |
| 711 | - GETU32(klr, key + 4); | |
| 712 | - GETU32(krl, key + 8); | |
| 713 | - GETU32(krr, key + 12); | |
| 714 | - GETU32(krll, key + 16); | |
| 715 | - GETU32(krlr, key + 20); | |
| 716 | - GETU32(krrl, key + 24); | |
| 717 | - GETU32(krrr, key + 28); | |
| 698 | + kll = get_unaligned_be32(key); | |
| 699 | + klr = get_unaligned_be32(key + 4); | |
| 700 | + krl = get_unaligned_be32(key + 8); | |
| 701 | + krr = get_unaligned_be32(key + 12); | |
| 702 | + krll = get_unaligned_be32(key + 16); | |
| 703 | + krlr = get_unaligned_be32(key + 20); | |
| 704 | + krrl = get_unaligned_be32(key + 24); | |
| 705 | + krrr = get_unaligned_be32(key + 28); | |
| 718 | 706 | |
| 719 | 707 | /* generate KL dependent subkeys */ |
| 720 | 708 | /* kw1 */ |
| 721 | 709 | |
| ... | ... | @@ -870,13 +858,13 @@ |
| 870 | 858 | t0 &= ll; \ |
| 871 | 859 | t2 |= rr; \ |
| 872 | 860 | rl ^= t2; \ |
| 873 | - lr ^= ROL1(t0); \ | |
| 861 | + lr ^= rol32(t0, 1); \ | |
| 874 | 862 | t3 = krl; \ |
| 875 | 863 | t1 = klr; \ |
| 876 | 864 | t3 &= rl; \ |
| 877 | 865 | t1 |= lr; \ |
| 878 | 866 | ll ^= t1; \ |
| 879 | - rr ^= ROL1(t3); \ | |
| 867 | + rr ^= rol32(t3, 1); \ | |
| 880 | 868 | } while(0) |
| 881 | 869 | |
| 882 | 870 | #define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir) \ |
| ... | ... | @@ -892,7 +880,7 @@ |
| 892 | 880 | il ^= kl; \ |
| 893 | 881 | ir ^= il ^ kr; \ |
| 894 | 882 | yl ^= ir; \ |
| 895 | - yr ^= ROR8(il) ^ ir; \ | |
| 883 | + yr ^= ror32(il, 8) ^ ir; \ | |
| 896 | 884 | } while(0) |
| 897 | 885 | |
| 898 | 886 | /* max = 24: 128bit encrypt, max = 32: 256bit encrypt */ |