ascon: added forced permutation unroll

2024-12-23 18:04:24 +01:00
parent 0e7bee9577
commit e4100d977c
2 changed files with 64 additions and 0 deletions
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -41,6 +41,7 @@ jobs:
          '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
            --enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
          '--enable-ascon',
+          '--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL',
        ]
    name: make check
    if: github.repository_owner == 'wolfssl'
--- a/wolfcrypt/src/ascon.c
+++ b/wolfcrypt/src/ascon.c
@@ -50,6 +50,8 @@

 #define MAX_ROUNDS 12

+#ifndef WOLFSSL_ASCON_UNROLL
+
 /* Table 4 */
 static const byte round_constants[MAX_ROUNDS] = {
    0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b
@@ -110,6 +112,67 @@ static void permutation(AsconState* a, byte rounds)
    }
 }

+#else
+
+#define p(a, c) do {                                                           \
+    AsconState tmp;                                                            \
+    /* 2.6.1 Addition of Constants */                                          \
+    (a)->s64[2] ^= c;                                                          \
+    /* 2.6.2 Substitution Layer */                                             \
+    (a)->s64[0] ^= (a)->s64[4];                                                \
+    (a)->s64[4] ^= (a)->s64[3];                                                \
+    (a)->s64[2] ^= (a)->s64[1];                                                \
+    tmp.s64[0] = (a)->s64[0] ^ (~(a)->s64[1] & (a)->s64[2]);                   \
+    tmp.s64[2] = (a)->s64[2] ^ (~(a)->s64[3] & (a)->s64[4]);                   \
+    tmp.s64[4] = (a)->s64[4] ^ (~(a)->s64[0] & (a)->s64[1]);                   \
+    tmp.s64[1] = (a)->s64[1] ^ (~(a)->s64[2] & (a)->s64[3]);                   \
+    tmp.s64[3] = (a)->s64[3] ^ (~(a)->s64[4] & (a)->s64[0]);                   \
+    tmp.s64[1] ^= tmp.s64[0];                                                  \
+    tmp.s64[3] ^= tmp.s64[2];                                                  \
+    tmp.s64[0] ^= tmp.s64[4];                                                  \
+    tmp.s64[2] = ~tmp.s64[2];                                                  \
+    /* 2.6.3 Linear Diffusion Layer */                                         \
+    (a)->s64[4] =                                                              \
+       tmp.s64[4] ^ rotrFixed64(tmp.s64[4],  7) ^ rotrFixed64(tmp.s64[4], 41); \
+    (a)->s64[1] =                                                              \
+       tmp.s64[1] ^ rotrFixed64(tmp.s64[1], 61) ^ rotrFixed64(tmp.s64[1], 39); \
+    (a)->s64[3] =                                                              \
+       tmp.s64[3] ^ rotrFixed64(tmp.s64[3], 10) ^ rotrFixed64(tmp.s64[3], 17); \
+    (a)->s64[0] =                                                              \
+       tmp.s64[0] ^ rotrFixed64(tmp.s64[0], 19) ^ rotrFixed64(tmp.s64[0], 28); \
+    (a)->s64[2] =                                                              \
+       tmp.s64[2] ^ rotrFixed64(tmp.s64[2],  1) ^ rotrFixed64(tmp.s64[2],  6); \
+    } while (0)
+
+#define p6(a) \
+    p(a, 0x96); \
+    p(a, 0x87); \
+    p(a, 0x78); \
+    p(a, 0x69); \
+    p(a, 0x5a); \
+    p(a, 0x4b)
+
+#define p8(a) \
+    p(a, 0xb4); \
+    p(a, 0xa5); \
+    p6(a)
+
+#define p12(a) \
+    p(a, 0xf0); \
+    p(a, 0xe1); \
+    p(a, 0xd2); \
+    p(a, 0xc3); \
+    p8(a)
+
+/* Needed layer to evaluate the macro values */
+#define _permutation(a, rounds) \
+    p ## rounds(a)
+
+#define permutation(a, rounds) \
+    _permutation(a, rounds)
+
+#endif
+
 /* AsconHash API */

 wc_AsconHash256* wc_AsconHash256_New(void)