diff options
| author | Jack Lloyd <[email protected]> | 2017-10-11 17:02:20 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-10-12 11:13:11 -0400 |
| commit | 175f09ffd806f2f19cd509017a67ae1384f29ae1 (patch) | |
| tree | 6194884467e4720dd79797cd106a45d60211f35f /src/lib/block | |
| parent | 40b3f979723b2b3dfb5c44047d7f786a73fd7f6f (diff) | |
Add compile-time rotation functions
The problem with asm rol/ror is the compiler can't schedule effectively.
But we only need asm in the case when the rotation is variable, so distinguish
the two cases. If a compile time constant, then static_assert that the rotation
is in the correct range and do the straightforward expression knowing the compiler
will probably do the right thing. Otherwise do a tricky expression that both
GCC and Clang happen to have recognize. Avoid the reduction case; instead
require that the rotation be in range (this reverts 2b37c13dcf).
Remove the asm rotations (making this branch illnamed), because now both Clang
and GCC will create a roll without any extra help.
Remove the reduction/mask by the word size for the variable case. The compiler
can't optimize that it out well, but it's easy to ensure it is valid in the callers,
especially now that the variable input cases are easy to grep for.
Diffstat (limited to 'src/lib/block')
| -rw-r--r-- | src/lib/block/aes/aes.cpp | 60 | ||||
| -rw-r--r-- | src/lib/block/aria/aria.cpp | 12 | ||||
| -rw-r--r-- | src/lib/block/camellia/camellia.cpp | 16 | ||||
| -rw-r--r-- | src/lib/block/cast/cast128.cpp | 6 | ||||
| -rw-r--r-- | src/lib/block/cast/cast256.cpp | 24 | ||||
| -rw-r--r-- | src/lib/block/des/des.cpp | 24 | ||||
| -rw-r--r-- | src/lib/block/gost_28147/gost_28147.cpp | 25 | ||||
| -rw-r--r-- | src/lib/block/gost_28147/gost_28147.h | 6 | ||||
| -rw-r--r-- | src/lib/block/kasumi/kasumi.cpp | 26 | ||||
| -rw-r--r-- | src/lib/block/noekeon/noekeon.cpp | 44 | ||||
| -rw-r--r-- | src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp | 38 | ||||
| -rw-r--r-- | src/lib/block/serpent/serpent.cpp | 22 | ||||
| -rw-r--r-- | src/lib/block/serpent/serpent_simd/serpent_simd.cpp | 24 | ||||
| -rw-r--r-- | src/lib/block/shacal2/shacal2.cpp | 12 | ||||
| -rw-r--r-- | src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp | 8 | ||||
| -rw-r--r-- | src/lib/block/sm4/sm4.cpp | 4 | ||||
| -rw-r--r-- | src/lib/block/threefish/threefish.cpp | 16 | ||||
| -rw-r--r-- | src/lib/block/twofish/twofish.cpp | 28 |
18 files changed, 199 insertions, 196 deletions
diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp index 71a8c6a44..1893ab4a0 100644 --- a/src/lib/block/aes/aes.cpp +++ b/src/lib/block/aes/aes.cpp @@ -114,9 +114,9 @@ const std::vector<uint32_t>& AES_TE() const uint32_t x = make_uint32(xtime(s), s, s, xtime3(s)); TE[i] = x; - TE[i+256] = rotate_right(x, 8); - TE[i+512] = rotate_right(x, 16); - TE[i+768] = rotate_right(x, 24); + TE[i+256] = rotr< 8>(x); + TE[i+512] = rotr<16>(x); + TE[i+768] = rotr<24>(x); } return TE; }; @@ -135,9 +135,9 @@ const std::vector<uint32_t>& AES_TD() const uint32_t x = make_uint32(xtime14(s), xtime9(s), xtime13(s), xtime11(s)); TD[i] = x; - TD[i+256] = rotate_right(x, 8); - TD[i+512] = rotate_right(x, 16); - TD[i+768] = rotate_right(x, 24); + TD[i+256] = rotr< 8>(x); + TD[i+512] = rotr<16>(x); + TD[i+768] = rotr<24>(x); } return TD; }; @@ -188,24 +188,24 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], */ uint32_t B0 = TE[get_byte(0, T0)] ^ - rotate_right(TE[get_byte(1, T1)], 8) ^ - rotate_right(TE[get_byte(2, T2)], 16) ^ - rotate_right(TE[get_byte(3, T3)], 24) ^ EK[4]; + rotr< 8>(TE[get_byte(1, T1)]) ^ + rotr<16>(TE[get_byte(2, T2)]) ^ + rotr<24>(TE[get_byte(3, T3)]) ^ EK[4]; uint32_t B1 = TE[get_byte(0, T1)] ^ - rotate_right(TE[get_byte(1, T2)], 8) ^ - rotate_right(TE[get_byte(2, T3)], 16) ^ - rotate_right(TE[get_byte(3, T0)], 24) ^ EK[5]; + rotr< 8>(TE[get_byte(1, T2)]) ^ + rotr<16>(TE[get_byte(2, T3)]) ^ + rotr<24>(TE[get_byte(3, T0)]) ^ EK[5]; uint32_t B2 = TE[get_byte(0, T2)] ^ - rotate_right(TE[get_byte(1, T3)], 8) ^ - rotate_right(TE[get_byte(2, T0)], 16) ^ - rotate_right(TE[get_byte(3, T1)], 24) ^ EK[6]; + rotr< 8>(TE[get_byte(1, T3)]) ^ + rotr<16>(TE[get_byte(2, T0)]) ^ + rotr<24>(TE[get_byte(3, T1)]) ^ EK[6]; uint32_t B3 = TE[get_byte(0, T3)] ^ - rotate_right(TE[get_byte(1, T0)], 8) ^ - rotate_right(TE[get_byte(2, T1)], 16) ^ - rotate_right(TE[get_byte(3, T2)], 24) ^ EK[7]; + rotr< 8>(TE[get_byte(1, T0)]) ^ + rotr<16>(TE[get_byte(2, T1)]) ^ + rotr<24>(TE[get_byte(3, T2)]) ^ EK[7]; for(size_t r = 2*4; r < EK.size(); r += 2*4) { @@ -276,24 +276,24 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, T0 ^= Z; uint32_t B0 = TD[get_byte(0, T0)] ^ - rotate_right(TD[get_byte(1, T3)], 8) ^ - rotate_right(TD[get_byte(2, T2)], 16) ^ - rotate_right(TD[get_byte(3, T1)], 24) ^ DK[4]; + rotr< 8>(TD[get_byte(1, T3)]) ^ + rotr<16>(TD[get_byte(2, T2)]) ^ + rotr<24>(TD[get_byte(3, T1)]) ^ DK[4]; uint32_t B1 = TD[get_byte(0, T1)] ^ - rotate_right(TD[get_byte(1, T0)], 8) ^ - rotate_right(TD[get_byte(2, T3)], 16) ^ - rotate_right(TD[get_byte(3, T2)], 24) ^ DK[5]; + rotr< 8>(TD[get_byte(1, T0)]) ^ + rotr<16>(TD[get_byte(2, T3)]) ^ + rotr<24>(TD[get_byte(3, T2)]) ^ DK[5]; uint32_t B2 = TD[get_byte(0, T2)] ^ - rotate_right(TD[get_byte(1, T1)], 8) ^ - rotate_right(TD[get_byte(2, T0)], 16) ^ - rotate_right(TD[get_byte(3, T3)], 24) ^ DK[6]; + rotr< 8>(TD[get_byte(1, T1)]) ^ + rotr<16>(TD[get_byte(2, T0)]) ^ + rotr<24>(TD[get_byte(3, T3)]) ^ DK[6]; uint32_t B3 = TD[get_byte(0, T3)] ^ - rotate_right(TD[get_byte(1, T2)], 8) ^ - rotate_right(TD[get_byte(2, T1)], 16) ^ - rotate_right(TD[get_byte(3, T0)], 24) ^ DK[7]; + rotr< 8>(TD[get_byte(1, T2)]) ^ + rotr<16>(TD[get_byte(2, T1)]) ^ + rotr<24>(TD[get_byte(3, T0)]) ^ DK[7]; for(size_t r = 2*4; r < DK.size(); r += 2*4) { diff --git a/src/lib/block/aria/aria.cpp b/src/lib/block/aria/aria.cpp index 5b449722a..1583dd7d3 100644 --- a/src/lib/block/aria/aria.cpp +++ b/src/lib/block/aria/aria.cpp @@ -183,7 +183,7 @@ inline void ARIA_FO(uint32_t& T0, uint32_t& T1, uint32_t& T2, uint32_t& T3) T1 ^= T2; T1 = ((T1 << 8) & 0xFF00FF00) | ((T1 >> 8) & 0x00FF00FF); - T2 = rotate_right(T2, 16); + T2 = rotr<16>(T2); T3 = reverse_bytes(T3); T1 ^= T2; @@ -205,7 +205,7 @@ inline void ARIA_FE(uint32_t& T0, uint32_t& T1, uint32_t& T2, uint32_t& T3) T1 ^= T2; T3 = ((T3 << 8) & 0xFF00FF00) | ((T3 >> 8) & 0x00FF00FF); - T0 = rotate_right(T0, 16); + T0 = rotr<16>(T0); T1 = reverse_bytes(T1); T1 ^= T2; @@ -411,9 +411,9 @@ void key_schedule(secure_vector<uint32_t>& ERK, { for(size_t j = 0; j != 4; ++j) { - DRK[i+j] = rotate_right(DRK[i+j], 8) ^ - rotate_right(DRK[i+j], 16) ^ - rotate_right(DRK[i+j], 24); + DRK[i+j] = rotr<8>(DRK[i+j]) ^ + rotr<16>(DRK[i+j]) ^ + rotr<24>(DRK[i+j]); } DRK[i+1] ^= DRK[i+2]; DRK[i+2] ^= DRK[i+3]; @@ -421,7 +421,7 @@ void key_schedule(secure_vector<uint32_t>& ERK, DRK[i+2] ^= DRK[i+0]; DRK[i+1] ^= DRK[i+2]; DRK[i+1] = ((DRK[i+1] << 8) & 0xFF00FF00) | ((DRK[i+1] >> 8) & 0x00FF00FF); - DRK[i+2] = rotate_right(DRK[i+2], 16); + DRK[i+2] = rotr<16>(DRK[i+2]); DRK[i+3] = reverse_bytes(DRK[i+3]); DRK[i+1] ^= DRK[i+2]; DRK[i+2] ^= DRK[i+3]; diff --git a/src/lib/block/camellia/camellia.cpp b/src/lib/block/camellia/camellia.cpp index ea84fa313..89db6f8b9 100644 --- a/src/lib/block/camellia/camellia.cpp +++ b/src/lib/block/camellia/camellia.cpp @@ -577,12 +577,12 @@ uint64_t F_SLOW(uint64_t v, uint64_t K) const uint64_t x = v ^ K; const uint8_t t1 = SBOX[get_byte(0, x)]; - const uint8_t t2 = rotate_left(SBOX[get_byte(1, x)], 1); - const uint8_t t3 = rotate_left(SBOX[get_byte(2, x)], 7); - const uint8_t t4 = SBOX[rotate_left(get_byte(3, x), 1)]; - const uint8_t t5 = rotate_left(SBOX[get_byte(4, x)], 1); - const uint8_t t6 = rotate_left(SBOX[get_byte(5, x)], 7); - const uint8_t t7 = SBOX[rotate_left(get_byte(6, x), 1)]; + const uint8_t t2 = rotl<1>(SBOX[get_byte(1, x)]); + const uint8_t t3 = rotl<7>(SBOX[get_byte(2, x)]); + const uint8_t t4 = SBOX[rotl<1>(get_byte(3, x))]; + const uint8_t t5 = rotl<1>(SBOX[get_byte(4, x)]); + const uint8_t t6 = rotl<7>(SBOX[get_byte(5, x)]); + const uint8_t t7 = SBOX[rotl<1>(get_byte(6, x))]; const uint8_t t8 = SBOX[get_byte(7, x)]; const uint8_t y1 = t1 ^ t3 ^ t4 ^ t6 ^ t7 ^ t8; @@ -619,7 +619,7 @@ inline uint64_t FL(uint64_t v, uint64_t K) const uint32_t k1 = static_cast<uint32_t>(K >> 32); const uint32_t k2 = static_cast<uint32_t>(K & 0xFFFFFFFF); - x2 ^= rotate_left(x1 & k1, 1); + x2 ^= rotl<1>(x1 & k1); x1 ^= (x2 | k2); return ((static_cast<uint64_t>(x1) << 32) | x2); @@ -634,7 +634,7 @@ inline uint64_t FLINV(uint64_t v, uint64_t K) const uint32_t k2 = static_cast<uint32_t>(K & 0xFFFFFFFF); x1 ^= (x2 | k2); - x2 ^= rotate_left(x1 & k1, 1); + x2 ^= rotl<1>(x1 & k1); return ((static_cast<uint64_t>(x1) << 32) | x2); } diff --git a/src/lib/block/cast/cast128.cpp b/src/lib/block/cast/cast128.cpp index d6ded8cd2..d54d0614e 100644 --- a/src/lib/block/cast/cast128.cpp +++ b/src/lib/block/cast/cast128.cpp @@ -18,7 +18,7 @@ namespace { */ inline uint32_t R1(uint32_t R, uint32_t MK, uint8_t RK) { - uint32_t T = rotate_left(MK + R, RK); + const uint32_t T = rotl_var(MK + R, RK); return (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - CAST_SBOX3[get_byte(2, T)] + CAST_SBOX4[get_byte(3, T)]; } @@ -28,7 +28,7 @@ inline uint32_t R1(uint32_t R, uint32_t MK, uint8_t RK) */ inline uint32_t R2(uint32_t R, uint32_t MK, uint8_t RK) { - uint32_t T = rotate_left(MK ^ R, RK); + const uint32_t T = rotl_var(MK ^ R, RK); return (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + CAST_SBOX3[get_byte(2, T)]) ^ CAST_SBOX4[get_byte(3, T)]; } @@ -38,7 +38,7 @@ inline uint32_t R2(uint32_t R, uint32_t MK, uint8_t RK) */ inline uint32_t R3(uint32_t R, uint32_t MK, uint8_t RK) { - uint32_t T = rotate_left(MK - R, RK); + const uint32_t T = rotl_var(MK - R, RK); return ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ CAST_SBOX3[get_byte(2, T)]) - CAST_SBOX4[get_byte(3, T)]; } diff --git a/src/lib/block/cast/cast256.cpp b/src/lib/block/cast/cast256.cpp index a4a7dbd36..b4aa49166 100644 --- a/src/lib/block/cast/cast256.cpp +++ b/src/lib/block/cast/cast256.cpp @@ -16,31 +16,31 @@ namespace { /* * CAST-256 Round Type 1 */ -void round1(uint32_t& out, uint32_t in, uint32_t mask, uint32_t rot) +void round1(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) { - uint32_t temp = rotate_left(mask + in, rot); - out ^= (CAST_SBOX1[get_byte(0, temp)] ^ CAST_SBOX2[get_byte(1, temp)]) - - CAST_SBOX3[get_byte(2, temp)] + CAST_SBOX4[get_byte(3, temp)]; + const uint32_t T = rotl_var(MK + in, RK); + out ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - + CAST_SBOX3[get_byte(2, T)] + CAST_SBOX4[get_byte(3, T)]; } /* * CAST-256 Round Type 2 */ -void round2(uint32_t& out, uint32_t in, uint32_t mask, uint32_t rot) +void round2(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) { - uint32_t temp = rotate_left(mask ^ in, rot); - out ^= (CAST_SBOX1[get_byte(0, temp)] - CAST_SBOX2[get_byte(1, temp)] + - CAST_SBOX3[get_byte(2, temp)]) ^ CAST_SBOX4[get_byte(3, temp)]; + const uint32_t T = rotl_var(MK ^ in, RK); + out ^= (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + + CAST_SBOX3[get_byte(2, T)]) ^ CAST_SBOX4[get_byte(3, T)]; } /* * CAST-256 Round Type 3 */ -void round3(uint32_t& out, uint32_t in, uint32_t mask, uint32_t rot) +void round3(uint32_t& out, uint32_t in, uint32_t MK, uint32_t RK) { - uint32_t temp = rotate_left(mask - in, rot); - out ^= ((CAST_SBOX1[get_byte(0, temp)] + CAST_SBOX2[get_byte(1, temp)]) ^ - CAST_SBOX3[get_byte(2, temp)]) - CAST_SBOX4[get_byte(3, temp)]; + const uint32_t T = rotl_var(MK - in, RK); + out ^= ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ + CAST_SBOX3[get_byte(2, T)]) - CAST_SBOX4[get_byte(3, T)]; } } diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp index 44f315047..15c2adb66 100644 --- a/src/lib/block/des/des.cpp +++ b/src/lib/block/des/des.cpp @@ -91,16 +91,16 @@ void des_encrypt(uint32_t& L, uint32_t& R, { uint32_t T0, T1; - T0 = rotate_right(R, 4) ^ round_key[2*i]; - T1 = R ^ round_key[2*i + 1]; + T0 = rotr<4>(R) ^ round_key[2*i]; + T1 = R ^ round_key[2*i + 1]; L ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ DES_SPBOX5[get_byte(2, T0)] ^ DES_SPBOX6[get_byte(2, T1)] ^ DES_SPBOX7[get_byte(3, T0)] ^ DES_SPBOX8[get_byte(3, T1)]; - T0 = rotate_right(L, 4) ^ round_key[2*i + 2]; - T1 = L ^ round_key[2*i + 3]; + T0 = rotr<4>(L) ^ round_key[2*i + 2]; + T1 = L ^ round_key[2*i + 3]; R ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ @@ -119,16 +119,16 @@ void des_decrypt(uint32_t& L, uint32_t& R, { uint32_t T0, T1; - T0 = rotate_right(R, 4) ^ round_key[2*i - 2]; - T1 = R ^ round_key[2*i - 1]; + T0 = rotr<4>(R) ^ round_key[2*i - 2]; + T1 = R ^ round_key[2*i - 1]; L ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ DES_SPBOX5[get_byte(2, T0)] ^ DES_SPBOX6[get_byte(2, T1)] ^ DES_SPBOX7[get_byte(3, T0)] ^ DES_SPBOX8[get_byte(3, T1)]; - T0 = rotate_right(L, 4) ^ round_key[2*i - 4]; - T1 = L ^ round_key[2*i - 3]; + T0 = rotr<4>(L) ^ round_key[2*i - 4]; + T1 = L ^ round_key[2*i - 3]; R ^= DES_SPBOX1[get_byte(0, T0)] ^ DES_SPBOX2[get_byte(0, T1)] ^ DES_SPBOX3[get_byte(1, T0)] ^ DES_SPBOX4[get_byte(1, T1)] ^ @@ -160,7 +160,7 @@ void DES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const (DES_FPTAB1[get_byte(2, L)] << 1) | (DES_FPTAB2[get_byte(3, L)] << 1) | (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out + 8*i); } @@ -188,7 +188,7 @@ void DES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out + BLOCK_SIZE*i); } @@ -232,7 +232,7 @@ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out); @@ -265,7 +265,7 @@ void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons (DES_FPTAB1[get_byte(0, R)] << 4) | (DES_FPTAB1[get_byte(1, R)] << 2) | (DES_FPTAB1[get_byte(2, R)] ) | (DES_FPTAB2[get_byte(3, R)] ); - T = rotate_left(T, 32); + T = rotl<32>(T); store_be(T, out); diff --git a/src/lib/block/gost_28147/gost_28147.cpp b/src/lib/block/gost_28147/gost_28147.cpp index f73ac5910..ffe9b5d66 100644 --- a/src/lib/block/gost_28147/gost_28147.cpp +++ b/src/lib/block/gost_28147/gost_28147.cpp @@ -12,11 +12,17 @@ namespace Botan { uint8_t GOST_28147_89_Params::sbox_entry(size_t row, size_t col) const { - uint8_t x = m_sboxes[4 * col + (row / 2)]; - + const uint8_t x = m_sboxes[4 * col + (row / 2)]; return (row % 2 == 0) ? (x >> 4) : (x & 0x0F); } +uint8_t GOST_28147_89_Params::sbox_pair(size_t row, size_t col) const + { + const uint8_t x = m_sboxes[4 * (col % 16) + row]; + const uint8_t y = m_sboxes[4 * (col / 16) + row]; + return (x >> 4) | (y << 4); + } + GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : m_name(n) { // Encoded in the packed fromat from RFC 4357 @@ -53,13 +59,14 @@ GOST_28147_89_Params::GOST_28147_89_Params(const std::string& n) : m_name(n) GOST_28147_89::GOST_28147_89(const GOST_28147_89_Params& param) : m_SBOX(1024) { // Convert the parallel 4x4 sboxes into larger word-based sboxes - for(size_t i = 0; i != 4; ++i) - for(size_t j = 0; j != 256; ++j) - { - const uint32_t T = (param.sbox_entry(2*i , j % 16)) | - (param.sbox_entry(2*i+1, j / 16) << 4); - m_SBOX[256*i+j] = rotate_left(T, (11+8*i) % 32); - } + + for(size_t i = 0; i != 256; ++i) + { + m_SBOX[i ] = rotl<11, uint32_t>(param.sbox_pair(0, i)); + m_SBOX[i+256] = rotl<19, uint32_t>(param.sbox_pair(1, i)); + m_SBOX[i+512] = rotl<27, uint32_t>(param.sbox_pair(2, i)); + m_SBOX[i+768] = rotl< 3, uint32_t>(param.sbox_pair(3, i)); + } } std::string GOST_28147_89::name() const diff --git a/src/lib/block/gost_28147/gost_28147.h b/src/lib/block/gost_28147/gost_28147.h index 09581191e..34e45779b 100644 --- a/src/lib/block/gost_28147/gost_28147.h +++ b/src/lib/block/gost_28147/gost_28147.h @@ -34,6 +34,12 @@ class BOTAN_PUBLIC_API(2,0) GOST_28147_89_Params final std::string param_name() const { return m_name; } /** + * Return a representation used for building larger tables + * For internal use + */ + uint8_t sbox_pair(size_t row, size_t col) const; + + /** * Default GOST parameters are the ones given in GOST R 34.11 for * testing purposes; these sboxes are also used by Crypto++, and, * at least according to Wikipedia, the Central Bank of Russian diff --git a/src/lib/block/kasumi/kasumi.cpp b/src/lib/block/kasumi/kasumi.cpp index ed2524e0b..a9b5d8274 100644 --- a/src/lib/block/kasumi/kasumi.cpp +++ b/src/lib/block/kasumi/kasumi.cpp @@ -121,8 +121,8 @@ void KASUMI::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { const uint16_t* K = &m_EK[8*j]; - uint16_t R = B1 ^ (rotate_left(B0, 1) & K[0]); - uint16_t L = B0 ^ (rotate_left(R, 1) | K[1]); + uint16_t R = B1 ^ (rotl<1>(B0) & K[0]); + uint16_t L = B0 ^ (rotl<1>(R) | K[1]); L = FI(L ^ K[ 2], K[ 3]) ^ R; R = FI(R ^ K[ 4], K[ 5]) ^ L; @@ -135,8 +135,8 @@ void KASUMI::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const L = FI(L ^ K[12], K[13]) ^ R; R = FI(R ^ K[14], K[15]) ^ L; - R ^= (rotate_left(L, 1) & K[8]); - L ^= (rotate_left(R, 1) | K[9]); + R ^= (rotl<1>(L) & K[8]); + L ^= (rotl<1>(R) | K[9]); B0 ^= L; B1 ^= R; @@ -171,14 +171,14 @@ void KASUMI::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const R = FI(R ^ K[12], K[13]) ^ L; L = FI(L ^ K[14], K[15]) ^ R; - L ^= (rotate_left(R, 1) & K[8]); - R ^= (rotate_left(L, 1) | K[9]); + L ^= (rotl<1>(R) & K[8]); + R ^= (rotl<1>(L) | K[9]); R = B0 ^= R; L = B1 ^= L; - L ^= (rotate_left(R, 1) & K[0]); - R ^= (rotate_left(L, 1) | K[1]); + L ^= (rotl<1>(R) & K[0]); + R ^= (rotl<1>(L) | K[1]); R = FI(R ^ K[2], K[3]) ^ L; L = FI(L ^ K[4], K[5]) ^ R; @@ -214,13 +214,13 @@ void KASUMI::key_schedule(const uint8_t key[], size_t) for(size_t i = 0; i != 8; ++i) { - m_EK[8*i ] = rotate_left(K[(i+0) % 8 ], 2); - m_EK[8*i+1] = rotate_left(K[(i+2) % 8 + 8], 1); - m_EK[8*i+2] = rotate_left(K[(i+1) % 8 ], 5); + m_EK[8*i ] = rotl<2>(K[(i+0) % 8]); + m_EK[8*i+1] = rotl<1>(K[(i+2) % 8 + 8]); + m_EK[8*i+2] = rotl<5>(K[(i+1) % 8]); m_EK[8*i+3] = K[(i+4) % 8 + 8]; - m_EK[8*i+4] = rotate_left(K[(i+5) % 8 ], 8); + m_EK[8*i+4] = rotl<8>(K[(i+5) % 8]); m_EK[8*i+5] = K[(i+3) % 8 + 8]; - m_EK[8*i+6] = rotate_left(K[(i+6) % 8 ], 13); + m_EK[8*i+6] = rotl<13>(K[(i+6) % 8]); m_EK[8*i+7] = K[(i+7) % 8 + 8]; } } diff --git a/src/lib/block/noekeon/noekeon.cpp b/src/lib/block/noekeon/noekeon.cpp index c82badd4c..a7f60a0fd 100644 --- a/src/lib/block/noekeon/noekeon.cpp +++ b/src/lib/block/noekeon/noekeon.cpp @@ -21,7 +21,7 @@ inline void theta(uint32_t& A0, uint32_t& A1, const uint32_t EK[4]) { uint32_t T = A0 ^ A2; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A1 ^= T; A3 ^= T; @@ -31,7 +31,7 @@ inline void theta(uint32_t& A0, uint32_t& A1, A3 ^= EK[3]; T = A1 ^ A3; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A0 ^= T; A2 ^= T; } @@ -43,12 +43,12 @@ inline void theta(uint32_t& A0, uint32_t& A1, uint32_t& A2, uint32_t& A3) { uint32_t T = A0 ^ A2; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A1 ^= T; A3 ^= T; T = A1 ^ A3; - T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + T ^= rotl<8>(T) ^ rotr<8>(T); A0 ^= T; A2 ^= T; } @@ -135,15 +135,15 @@ void Noekeon::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const A0 ^= RC[j]; theta(A0, A1, A2, A3, m_EK.data()); - A1 = rotate_left(A1, 1); - A2 = rotate_left(A2, 5); - A3 = rotate_left(A3, 2); + A1 = rotl<1>(A1); + A2 = rotl<5>(A2); + A3 = rotl<2>(A3); gamma(A0, A1, A2, A3); - A1 = rotate_right(A1, 1); - A2 = rotate_right(A2, 5); - A3 = rotate_right(A3, 2); + A1 = rotr<1>(A1); + A2 = rotr<5>(A2); + A3 = rotr<2>(A3); } A0 ^= RC[16]; @@ -186,15 +186,15 @@ void Noekeon::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const theta(A0, A1, A2, A3, m_DK.data()); A0 ^= RC[j]; - A1 = rotate_left(A1, 1); - A2 = rotate_left(A2, 5); - A3 = rotate_left(A3, 2); + A1 = rotl<1>(A1); + A2 = rotl<5>(A2); + A3 = rotl<2>(A3); gamma(A0, A1, A2, A3); - A1 = rotate_right(A1, 1); - A2 = rotate_right(A2, 5); - A3 = rotate_right(A3, 2); + A1 = rotr<1>(A1); + A2 = rotr<5>(A2); + A3 = rotr<2>(A3); } theta(A0, A1, A2, A3, m_DK.data()); @@ -222,15 +222,15 @@ void Noekeon::key_schedule(const uint8_t key[], size_t) A0 ^= RC[i]; theta(A0, A1, A2, A3); - A1 = rotate_left(A1, 1); - A2 = rotate_left(A2, 5); - A3 = rotate_left(A3, 2); + A1 = rotl<1>(A1); + A2 = rotl<5>(A2); + A3 = rotl<2>(A3); gamma(A0, A1, A2, A3); - A1 = rotate_right(A1, 1); - A2 = rotate_right(A2, 5); - A3 = rotate_right(A3, 2); + A1 = rotr<1>(A1); + A2 = rotr<5>(A2); + A3 = rotr<2>(A3); } A0 ^= RC[16]; diff --git a/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp b/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp index a77ba7b8c..f9a696d29 100644 --- a/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp +++ b/src/lib/block/noekeon/noekeon_simd/noekeon_simd.cpp @@ -16,12 +16,7 @@ namespace Botan { #define NOK_SIMD_THETA(A0, A1, A2, A3, K0, K1, K2, K3) \ do { \ SIMD_32 T = A0 ^ A2; \ - SIMD_32 T_l8 = T; \ - SIMD_32 T_r8 = T; \ - T_l8.rotate_left(8); \ - T_r8.rotate_right(8); \ - T ^= T_l8; \ - T ^= T_r8; \ + T ^= T.rotl<8>() ^ T.rotr<8>(); \ A1 ^= T; \ A3 ^= T; \ \ @@ -31,12 +26,7 @@ namespace Botan { A3 ^= K3; \ \ T = A1 ^ A3; \ - T_l8 = T; \ - T_r8 = T; \ - T_l8.rotate_left(8); \ - T_r8.rotate_right(8); \ - T ^= T_l8; \ - T ^= T_r8; \ + T ^= T.rotl<8>() ^ T.rotr<8>(); \ A0 ^= T; \ A2 ^= T; \ } while(0) @@ -83,15 +73,15 @@ void Noekeon::simd_encrypt_4(const uint8_t in[], uint8_t out[]) const NOK_SIMD_THETA(A0, A1, A2, A3, K0, K1, K2, K3); - A1.rotate_left(1); - A2.rotate_left(5); - A3.rotate_left(2); + A1 = A1.rotl<1>(); + A2 = A2.rotl<5>(); + A3 = A3.rotl<2>(); NOK_SIMD_GAMMA(A0, A1, A2, A3); - A1.rotate_right(1); - A2.rotate_right(5); - A3.rotate_right(2); + A1 = A1.rotr<1>(); + A2 = A2.rotr<5>(); + A3 = A3.rotr<2>(); } A0 ^= SIMD_32::splat(RC[16]); @@ -128,15 +118,15 @@ void Noekeon::simd_decrypt_4(const uint8_t in[], uint8_t out[]) const A0 ^= SIMD_32::splat(RC[16-i]); - A1.rotate_left(1); - A2.rotate_left(5); - A3.rotate_left(2); + A1 = A1.rotl<1>(); + A2 = A2.rotl<5>(); + A3 = A3.rotl<2>(); NOK_SIMD_GAMMA(A0, A1, A2, A3); - A1.rotate_right(1); - A2.rotate_right(5); - A3.rotate_right(2); + A1 = A1.rotr<1>(); + A2 = A2.rotr<5>(); + A3 = A3.rotr<2>(); } NOK_SIMD_THETA(A0, A1, A2, A3, K0, K1, K2, K3); diff --git a/src/lib/block/serpent/serpent.cpp b/src/lib/block/serpent/serpent.cpp index 93af81231..6e1d79766 100644 --- a/src/lib/block/serpent/serpent.cpp +++ b/src/lib/block/serpent/serpent.cpp @@ -22,11 +22,11 @@ namespace { */ inline void transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) { - B0 = rotate_left(B0, 13); B2 = rotate_left(B2, 3); - B1 ^= B0 ^ B2; B3 ^= B2 ^ (B0 << 3); - B1 = rotate_left(B1, 1); B3 = rotate_left(B3, 7); - B0 ^= B1 ^ B3; B2 ^= B3 ^ (B1 << 7); - B0 = rotate_left(B0, 5); B2 = rotate_left(B2, 22); + B0 = rotl<13>(B0); B2 = rotl<3>(B2); + B1 ^= B0 ^ B2; B3 ^= B2 ^ (B0 << 3); + B1 = rotl<1>(B1); B3 = rotl<7>(B3); + B0 ^= B1 ^ B3; B2 ^= B3 ^ (B1 << 7); + B0 = rotl<5>(B0); B2 = rotl<22>(B2); } /* @@ -34,11 +34,11 @@ inline void transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) */ inline void i_transform(uint32_t& B0, uint32_t& B1, uint32_t& B2, uint32_t& B3) { - B2 = rotate_right(B2, 22); B0 = rotate_right(B0, 5); - B2 ^= B3 ^ (B1 << 7); B0 ^= B1 ^ B3; - B3 = rotate_right(B3, 7); B1 = rotate_right(B1, 1); - B3 ^= B2 ^ (B0 << 3); B1 ^= B0 ^ B2; - B2 = rotate_right(B2, 3); B0 = rotate_right(B0, 13); + B2 = rotr<22>(B2); B0 = rotr<5>(B0); + B2 ^= B3 ^ (B1 << 7); B0 ^= B1 ^ B3; + B3 = rotr<7>(B3); B1 = rotr<1>(B1); + B3 ^= B2 ^ (B0 << 3); B1 ^= B0 ^ B2; + B2 = rotr<3>(B2); B0 = rotr<13>(B0); } } @@ -192,7 +192,7 @@ void Serpent::key_schedule(const uint8_t key[], size_t length) for(size_t i = 8; i != 140; ++i) { uint32_t wi = W[i-8] ^ W[i-5] ^ W[i-3] ^ W[i-1] ^ PHI ^ uint32_t(i-8); - W[i] = rotate_left(wi, 11); + W[i] = rotl<11>(wi); } SBoxE1(W[ 20],W[ 21],W[ 22],W[ 23]); diff --git a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp index 94b3cf9ad..b184b0d4a 100644 --- a/src/lib/block/serpent/serpent_simd/serpent_simd.cpp +++ b/src/lib/block/serpent/serpent_simd/serpent_simd.cpp @@ -24,30 +24,30 @@ namespace Botan { */ #define transform(B0, B1, B2, B3) \ do { \ - B0.rotate_left(13); \ - B2.rotate_left(3); \ + B0 = B0.rotl<13>(); \ + B2 = B2.rotl<3>(); \ B1 ^= B0 ^ B2; \ B3 ^= B2 ^ (B0 << 3); \ - B1.rotate_left(1); \ - B3.rotate_left(7); \ + B1 = B1.rotl<1>(); \ + B3 = B3.rotl<7>(); \ B0 ^= B1 ^ B3; \ B2 ^= B3 ^ (B1 << 7); \ - B0.rotate_left(5); \ - B2.rotate_left(22); \ + B0 = B0.rotl<5>(); \ + B2 = B2.rotl<22>(); \ } while(0); #define i_transform(B0, B1, B2, B3) \ do { \ - B2.rotate_right(22); \ - B0.rotate_right(5); \ + B2 = B2.rotr<22>(); \ + B0 = B0.rotr<5>(); \ B2 ^= B3 ^ (B1 << 7); \ B0 ^= B1 ^ B3; \ - B3.rotate_right(7); \ - B1.rotate_right(1); \ + B3 = B3.rotr<7>(); \ + B1 = B1.rotr<1>(); \ B3 ^= B2 ^ (B0 << 3); \ B1 ^= B0 ^ B2; \ - B2.rotate_right(3); \ - B0.rotate_right(13); \ + B2 = B2.rotr<3>(); \ + B0 = B0.rotr<13>(); \ } while(0); /* diff --git a/src/lib/block/shacal2/shacal2.cpp b/src/lib/block/shacal2/shacal2.cpp index 30ad711db..12c87c426 100644 --- a/src/lib/block/shacal2/shacal2.cpp +++ b/src/lib/block/shacal2/shacal2.cpp @@ -17,8 +17,8 @@ inline void SHACAL2_Fwd(uint32_t A, uint32_t B, uint32_t C, uint32_t& D, uint32_t E, uint32_t F, uint32_t G, uint32_t& H, uint32_t RK) { - const uint32_t A_rho = rotate_right(A, 2) ^ rotate_right(A, 13) ^ rotate_right(A, 22); - const uint32_t E_rho = rotate_right(E, 6) ^ rotate_right(E, 11) ^ rotate_right(E, 25); + const uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); + const uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); H += E_rho + ((E & F) ^ (~E & G)) + RK; D += H; @@ -29,8 +29,8 @@ inline void SHACAL2_Rev(uint32_t A, uint32_t B, uint32_t C, uint32_t& D, uint32_t E, uint32_t F, uint32_t G, uint32_t& H, uint32_t RK) { - const uint32_t A_rho = rotate_right(A, 2) ^ rotate_right(A, 13) ^ rotate_right(A, 22); - const uint32_t E_rho = rotate_right(E, 6) ^ rotate_right(E, 11) ^ rotate_right(E, 25); + const uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); + const uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); H -= A_rho + ((A & B) | ((A | B) & C)); D -= H; @@ -175,8 +175,8 @@ void SHACAL2::key_schedule(const uint8_t key[], size_t len) for(size_t i = 16; i != 64; ++i) { - const uint32_t sigma0_15 = rotate_right(m_RK[i-15], 7) ^ rotate_right(m_RK[i-15], 18) ^ (m_RK[i-15] >> 3); - const uint32_t sigma1_2 = rotate_right(m_RK[i-2], 17) ^ rotate_right(m_RK[i-2], 19) ^ (m_RK[i-2] >> 10); + const uint32_t sigma0_15 = rotr<7>(m_RK[i-15]) ^ rotr<18>(m_RK[i-15]) ^ (m_RK[i-15] >> 3); + const uint32_t sigma1_2 = rotr<17>(m_RK[i-2]) ^ rotr<19>(m_RK[i-2]) ^ (m_RK[i-2] >> 10); m_RK[i] = m_RK[i-16] + sigma0_15 + m_RK[i-7] + sigma1_2; } diff --git a/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp b/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp index a4324c8fb..bdcac1482 100644 --- a/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp +++ b/src/lib/block/shacal2/shacal2_simd/shacal2_simd.cpp @@ -17,9 +17,9 @@ void SHACAL2_Fwd(const SIMD_32& A, const SIMD_32& B, const SIMD_32& C, SIMD_32& const SIMD_32& E, const SIMD_32& F, const SIMD_32& G, SIMD_32& H, uint32_t RK) { - H += E.rho(6,11,25) + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); + H += E.rho<6,11,25>() + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); D += H; - H += A.rho(2,13,22) + ((A & B) | ((A | B) & C)); + H += A.rho<2,13,22>() + ((A & B) | ((A | B) & C)); } inline @@ -27,9 +27,9 @@ void SHACAL2_Rev(const SIMD_32& A, const SIMD_32& B, const SIMD_32& C, SIMD_32& const SIMD_32& E, const SIMD_32& F, const SIMD_32& G, SIMD_32& H, uint32_t RK) { - H -= A.rho(2,13,22) + ((A & B) | ((A | B) & C)); + H -= A.rho<2,13,22>() + ((A & B) | ((A | B) & C)); D -= H; - H -= E.rho(6,11,25) + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); + H -= E.rho<6,11,25>() + ((E & F) ^ (~E & G)) + SIMD_32::splat(RK); } } diff --git a/src/lib/block/sm4/sm4.cpp b/src/lib/block/sm4/sm4.cpp index 979491566..42c865faf 100644 --- a/src/lib/block/sm4/sm4.cpp +++ b/src/lib/block/sm4/sm4.cpp @@ -46,7 +46,7 @@ inline uint32_t T(uint32_t b) const uint32_t t = make_uint32(SBOX[b0], SBOX[b1], SBOX[b2], SBOX[b3]); // L linear transform - return t ^ rotate_left(t, 2) ^ rotate_left(t, 10) ^ rotate_left(t, 18) ^ rotate_left(t, 24); + return t ^ rotl<2>(t) ^ rotl<10>(t) ^ rotl<18>(t) ^ rotl<24>(t); } // Variant of T for key schedule @@ -59,7 +59,7 @@ inline uint32_t Tp(uint32_t b) const uint32_t t = make_uint32(SBOX[b0], SBOX[b1], SBOX[b2], SBOX[b3]); // L' linear transform - return t ^ rotate_left(t, 13) ^ rotate_left(t, 23); + return t ^ rotl<13>(t) ^ rotl<23>(t); } } diff --git a/src/lib/block/threefish/threefish.cpp b/src/lib/block/threefish/threefish.cpp index 99ce135d5..937a673fd 100644 --- a/src/lib/block/threefish/threefish.cpp +++ b/src/lib/block/threefish/threefish.cpp @@ -17,10 +17,10 @@ namespace Botan { X1 += X5; \ X2 += X6; \ X3 += X7; \ - X4 = rotate_left(X4, ROT1); \ - X5 = rotate_left(X5, ROT2); \ - X6 = rotate_left(X6, ROT3); \ - X7 = rotate_left(X7, ROT4); \ + X4 = rotl<ROT1>(X4); \ + X5 = rotl<ROT2>(X5); \ + X6 = rotl<ROT3>(X6); \ + X7 = rotl<ROT4>(X7); \ X4 ^= X0; \ X5 ^= X1; \ X6 ^= X2; \ @@ -177,10 +177,10 @@ void Threefish_512::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) X5 ^= X1; \ X6 ^= X2; \ X7 ^= X3; \ - X4 = rotate_right(X4, ROT1); \ - X5 = rotate_right(X5, ROT2); \ - X6 = rotate_right(X6, ROT3); \ - X7 = rotate_right(X7, ROT4); \ + X4 = rotr<ROT1>(X4); \ + X5 = rotr<ROT2>(X5); \ + X6 = rotr<ROT3>(X6); \ + X7 = rotr<ROT4>(X7); \ X0 -= X4; \ X1 -= X5; \ X2 -= X6; \ diff --git a/src/lib/block/twofish/twofish.cpp b/src/lib/block/twofish/twofish.cpp index 51ef01ea9..3a09af8da 100644 --- a/src/lib/block/twofish/twofish.cpp +++ b/src/lib/block/twofish/twofish.cpp @@ -41,8 +41,8 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[2*j + 9]; X += m_RK[2*j + 8]; - C = rotate_right(C ^ X, 1); - D = rotate_left(D, 1) ^ Y; + C = rotr<1>(C ^ X); + D = rotl<1>(D) ^ Y; X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; @@ -52,8 +52,8 @@ void Twofish::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[2*j + 11]; X += m_RK[2*j + 10]; - A = rotate_right(A ^ X, 1); - B = rotate_left(B, 1) ^ Y; + A = rotr<1>(A ^ X); + B = rotl<1>(B) ^ Y; } C ^= m_RK[4]; @@ -92,8 +92,8 @@ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[39 - 2*j]; X += m_RK[38 - 2*j]; - C = rotate_left(C, 1) ^ X; - D = rotate_right(D ^ Y, 1); + C = rotl<1>(C) ^ X; + D = rotr<1>(D ^ Y); X = m_SB[ get_byte(3, C)] ^ m_SB[256+get_byte(2, C)] ^ m_SB[512+get_byte(1, C)] ^ m_SB[768+get_byte(0, C)]; @@ -103,8 +103,8 @@ void Twofish::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const Y += X + m_RK[37 - 2*j]; X += m_RK[36 - 2*j]; - A = rotate_left(A, 1) ^ X; - B = rotate_right(B ^ Y, 1); + A = rotl<1>(A) ^ X; + B = rotr<1>(B ^ Y); } C ^= m_RK[0]; @@ -167,11 +167,11 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) MDS1[Q0[Q1[i+1]^key[13]]^key[ 5]] ^ MDS2[Q1[Q0[i+1]^key[14]]^key[ 6]] ^ MDS3[Q1[Q1[i+1]^key[15]]^key[ 7]]; - Y = rotate_left(Y, 8); + Y = rotl<8>(Y); X += Y; Y += X; m_RK[i] = X; - m_RK[i+1] = rotate_left(Y, 9); + m_RK[i+1] = rotl<9>(Y); } } else if(length == 24) @@ -194,11 +194,11 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) MDS1[Q0[Q1[Q1[i+1]^key[21]]^key[13]]^key[ 5]] ^ MDS2[Q1[Q0[Q0[i+1]^key[22]]^key[14]]^key[ 6]] ^ MDS3[Q1[Q1[Q0[i+1]^key[23]]^key[15]]^key[ 7]]; - Y = rotate_left(Y, 8); + Y = rotl<8>(Y); X += Y; Y += X; m_RK[i] = X; - m_RK[i+1] = rotate_left(Y, 9); + m_RK[i+1] = rotl<9>(Y); } } else if(length == 32) @@ -221,11 +221,11 @@ void Twofish::key_schedule(const uint8_t key[], size_t length) MDS1[Q0[Q1[Q1[Q0[i+1]^key[29]]^key[21]]^key[13]]^key[ 5]] ^ MDS2[Q1[Q0[Q0[Q0[i+1]^key[30]]^key[22]]^key[14]]^key[ 6]] ^ MDS3[Q1[Q1[Q0[Q1[i+1]^key[31]]^key[23]]^key[15]]^key[ 7]]; - Y = rotate_left(Y, 8); + Y = rotl<8>(Y); X += Y; Y += X; m_RK[i] = X; - m_RK[i+1] = rotate_left(Y, 9); + m_RK[i+1] = rotl<9>(Y); } } } |