feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

ascon: use individual word64 to help compiler

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2025-01-29 11:49:09 +01:00
parent 78a7d12955
commit b0ab7f0d26
1 changed files with 30 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
wolfcrypt/src/ascon.c
View File

@@ -87,33 +87,28 @@ static byte start_index(byte rounds)
static WC_INLINE void ascon_round(AsconState* a, byte round) static WC_INLINE void ascon_round(AsconState* a, byte round)
{ {
AsconState tmp; word64 tmp0, tmp1, tmp2, tmp3, tmp4;
/* 3.2 Constant-Addition Layer */ /* 3.2 Constant-Addition Layer */
a->s64[2] ^= round_constants[round]; a->s64[2] ^= round_constants[round];
/* 3.3 Substitution Layer */ /* 3.3 Substitution Layer */
a->s64[0] ^= a->s64[4]; a->s64[0] ^= a->s64[4];
a->s64[4] ^= a->s64[3]; a->s64[4] ^= a->s64[3];
a->s64[2] ^= a->s64[1]; a->s64[2] ^= a->s64[1];
tmp.s64[0] = a->s64[0] ^ (~a->s64[1] & a->s64[2]); tmp0 = a->s64[0] ^ (~a->s64[1] & a->s64[2]);
tmp.s64[2] = a->s64[2] ^ (~a->s64[3] & a->s64[4]); tmp2 = a->s64[2] ^ (~a->s64[3] & a->s64[4]);
tmp.s64[4] = a->s64[4] ^ (~a->s64[0] & a->s64[1]); tmp4 = a->s64[4] ^ (~a->s64[0] & a->s64[1]);
tmp.s64[1] = a->s64[1] ^ (~a->s64[2] & a->s64[3]); tmp1 = a->s64[1] ^ (~a->s64[2] & a->s64[3]);
tmp.s64[3] = a->s64[3] ^ (~a->s64[4] & a->s64[0]); tmp3 = a->s64[3] ^ (~a->s64[4] & a->s64[0]);
tmp.s64[1] ^= tmp.s64[0]; tmp1 ^= tmp0;
tmp.s64[3] ^= tmp.s64[2]; tmp3 ^= tmp2;
tmp.s64[0] ^= tmp.s64[4]; tmp0 ^= tmp4;
tmp.s64[2] = ~tmp.s64[2]; tmp2 = ~tmp2;
/* 3.4 Linear Diffusion Layer */ /* 3.4 Linear Diffusion Layer */
a->s64[4] = a->s64[4] = tmp4 ^ rotrFixed64(tmp4, 7) ^ rotrFixed64(tmp4, 41);
tmp.s64[4] ^ rotrFixed64(tmp.s64[4], 7) ^ rotrFixed64(tmp.s64[4], 41); a->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39);
a->s64[1] = a->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17);
tmp.s64[1] ^ rotrFixed64(tmp.s64[1], 61) ^ rotrFixed64(tmp.s64[1], 39); a->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28);
a->s64[3] = a->s64[2] = tmp2 ^ rotrFixed64(tmp2, 1) ^ rotrFixed64(tmp2, 6);
tmp.s64[3] ^ rotrFixed64(tmp.s64[3], 10) ^ rotrFixed64(tmp.s64[3], 17);
a->s64[0] =
tmp.s64[0] ^ rotrFixed64(tmp.s64[0], 19) ^ rotrFixed64(tmp.s64[0], 28);
a->s64[2] =
tmp.s64[2] ^ rotrFixed64(tmp.s64[2], 1) ^ rotrFixed64(tmp.s64[2], 6);
} }
static void permutation(AsconState* a, byte rounds) static void permutation(AsconState* a, byte rounds)
@@ -127,33 +122,28 @@ static void permutation(AsconState* a, byte rounds)
#else #else
#define p(a, c) do { \ #define p(a, c) do { \
AsconState tmp; \ word64 tmp0, tmp1, tmp2, tmp3, tmp4; \
/* 3.2 Constant-Addition Layer */ \ /* 3.2 Constant-Addition Layer */ \
(a)->s64[2] ^= c; \ (a)->s64[2] ^= c; \
/* 3.3 Substitution Layer */ \ /* 3.3 Substitution Layer */ \
(a)->s64[0] ^= (a)->s64[4]; \ (a)->s64[0] ^= (a)->s64[4]; \
(a)->s64[4] ^= (a)->s64[3]; \ (a)->s64[4] ^= (a)->s64[3]; \
(a)->s64[2] ^= (a)->s64[1]; \ (a)->s64[2] ^= (a)->s64[1]; \
tmp.s64[0] = (a)->s64[0] ^ (~(a)->s64[1] & (a)->s64[2]); \ tmp0 = (a)->s64[0] ^ (~(a)->s64[1] & (a)->s64[2]); \
tmp.s64[2] = (a)->s64[2] ^ (~(a)->s64[3] & (a)->s64[4]); \ tmp2 = (a)->s64[2] ^ (~(a)->s64[3] & (a)->s64[4]); \
tmp.s64[4] = (a)->s64[4] ^ (~(a)->s64[0] & (a)->s64[1]); \ tmp4 = (a)->s64[4] ^ (~(a)->s64[0] & (a)->s64[1]); \
tmp.s64[1] = (a)->s64[1] ^ (~(a)->s64[2] & (a)->s64[3]); \ tmp1 = (a)->s64[1] ^ (~(a)->s64[2] & (a)->s64[3]); \
tmp.s64[3] = (a)->s64[3] ^ (~(a)->s64[4] & (a)->s64[0]); \ tmp3 = (a)->s64[3] ^ (~(a)->s64[4] & (a)->s64[0]); \
tmp.s64[1] ^= tmp.s64[0]; \ tmp1 ^= tmp0; \
tmp.s64[3] ^= tmp.s64[2]; \ tmp3 ^= tmp2; \
tmp.s64[0] ^= tmp.s64[4]; \ tmp0 ^= tmp4; \
tmp.s64[2] = ~tmp.s64[2]; \ tmp2 = ~tmp2; \
/* 3.4 Linear Diffusion Layer */ \ /* 3.4 Linear Diffusion Layer */ \
(a)->s64[4] = \ (a)->s64[4] = tmp4 ^ rotrFixed64(tmp4, 7) ^ rotrFixed64(tmp4, 41); \
tmp.s64[4] ^ rotrFixed64(tmp.s64[4], 7) ^ rotrFixed64(tmp.s64[4], 41); \ (a)->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39); \
(a)->s64[1] = \ (a)->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17); \
tmp.s64[1] ^ rotrFixed64(tmp.s64[1], 61) ^ rotrFixed64(tmp.s64[1], 39); \ (a)->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28); \
(a)->s64[3] = \ (a)->s64[2] = tmp2 ^ rotrFixed64(tmp2, 1) ^ rotrFixed64(tmp2, 6); \
tmp.s64[3] ^ rotrFixed64(tmp.s64[3], 10) ^ rotrFixed64(tmp.s64[3], 17); \
(a)->s64[0] = \
tmp.s64[0] ^ rotrFixed64(tmp.s64[0], 19) ^ rotrFixed64(tmp.s64[0], 28); \
(a)->s64[2] = \
tmp.s64[2] ^ rotrFixed64(tmp.s64[2], 1) ^ rotrFixed64(tmp.s64[2], 6); \
} while (0) } while (0)
#define p8(a) \ #define p8(a) \