kris
/
pqcrypto
réplica de https://github.com/henrydcase/pqc.git
1
1
Fork 0
Código Incidencias 1 Lanzamientos 2 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
1003 Commits
9 Ramas
121 MiB
 
 
 
Árbol: bdcc631260
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'bdcc631260'
${ noResults }
pqcrypto/crypto_sign/sphincs-shake256-192s-robust/avx2/fips202x4.c

206 líneas
5.7 KiB
Original Blame Histórico 

  1. #include <immintrin.h>

  2. #include <stdint.h>

  3. #include <string.h>

  4. 

  5. #include "fips202.h"

  6. #include "fips202x4.h"

  7. 

  8. #define NROUNDS 24

  9. #define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))

  10. 

  11. static uint64_t load64(const unsigned char *x) {

  12.     unsigned long long r = 0, i;

  13. 

  14.     for (i = 0; i < 8; ++i) {

  15.         r |= (unsigned long long)x[i] << 8 * i;

  16.     }

  17.     return r;

  18. }

  19. 

  20. static void store64(uint8_t *x, uint64_t u) {

  21.     unsigned int i;

  22. 

  23.     for (i = 0; i < 8; ++i) {

  24.         x[i] = (uint8_t)u;

  25.         u >>= 8;

  26.     }

  27. }

  28. 

  29. /* Use implementation from the Keccak Code Package */

  30. extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);

  31. #define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds

  32. 

  33. static void keccak_absorb4x(__m256i *s,

  34.                             unsigned int r,

  35.                             const unsigned char *m0,

  36.                             const unsigned char *m1,

  37.                             const unsigned char *m2,

  38.                             const unsigned char *m3,

  39.                             size_t mlen,

  40.                             unsigned char p) {

  41.     unsigned char t0[200] = {0};

  42.     unsigned char t1[200] = {0};

  43.     unsigned char t2[200] = {0};

  44.     unsigned char t3[200] = {0};

  45. 

  46.     unsigned long long *ss = (unsigned long long *)s;

  47. 

  48. 

  49.     while (mlen >= r) {

  50.         for (size_t i = 0; i < r / 8; ++i) {

  51.             ss[4 * i + 0] ^= load64(m0 + 8 * i);

  52.             ss[4 * i + 1] ^= load64(m1 + 8 * i);

  53.             ss[4 * i + 2] ^= load64(m2 + 8 * i);

  54.             ss[4 * i + 3] ^= load64(m3 + 8 * i);

  55.         }

  56. 

  57.         KeccakF1600_StatePermute4x(s);

  58.         mlen -= r;

  59.         m0 += r;

  60.         m1 += r;

  61.         m2 += r;

  62.         m3 += r;

  63.     }

  64. 

  65.     memcpy(t0, m0, mlen);

  66.     memcpy(t1, m1, mlen);

  67.     memcpy(t2, m2, mlen);

  68.     memcpy(t3, m3, mlen);

  69. 

  70.     t0[mlen] = p;

  71.     t1[mlen] = p;

  72.     t2[mlen] = p;

  73.     t3[mlen] = p;

  74. 

  75.     t0[r - 1] |= 128;

  76.     t1[r - 1] |= 128;

  77.     t2[r - 1] |= 128;

  78.     t3[r - 1] |= 128;

  79. 

  80.     for (size_t i = 0; i < r / 8; ++i) {

  81.         ss[4 * i + 0] ^= load64(t0 + 8 * i);

  82.         ss[4 * i + 1] ^= load64(t1 + 8 * i);

  83.         ss[4 * i + 2] ^= load64(t2 + 8 * i);

  84.         ss[4 * i + 3] ^= load64(t3 + 8 * i);

  85.     }

  86. }

  87. 

  88. 

  89. static void keccak_squeezeblocks4x(unsigned char *h0,

  90.                                    unsigned char *h1,

  91.                                    unsigned char *h2,

  92.                                    unsigned char *h3,

  93.                                    unsigned long long int nblocks,

  94.                                    __m256i *s,

  95.                                    unsigned int r) {

  96.     unsigned int i;

  97. 

  98.     unsigned long long *ss = (unsigned long long *)s;

  99. 

  100.     while (nblocks > 0) {

  101.         KeccakF1600_StatePermute4x(s);

  102.         for (i = 0; i < (r >> 3); i++) {

  103.             store64(h0 + 8 * i, ss[4 * i + 0]);

  104.             store64(h1 + 8 * i, ss[4 * i + 1]);

  105.             store64(h2 + 8 * i, ss[4 * i + 2]);

  106.             store64(h3 + 8 * i, ss[4 * i + 3]);

  107.         }

  108.         h0 += r;

  109.         h1 += r;

  110.         h2 += r;

  111.         h3 += r;

  112.         nblocks--;

  113.     }

  114. }

  115. 

  116. 

  117. 

  118. void PQCLEAN_SPHINCSSHAKE256192SROBUST_AVX2_shake128x4(unsigned char *out0,

  119.         unsigned char *out1,

  120.         unsigned char *out2,

  121.         unsigned char *out3,

  122.         unsigned long long outlen,

  123.         unsigned char *in0,

  124.         unsigned char *in1,

  125.         unsigned char *in2,

  126.         unsigned char *in3,

  127.         unsigned long long inlen) {

  128.     __m256i s[25];

  129.     unsigned char t0[SHAKE128_RATE];

  130.     unsigned char t1[SHAKE128_RATE];

  131.     unsigned char t2[SHAKE128_RATE];

  132.     unsigned char t3[SHAKE128_RATE];

  133.     unsigned int i;

  134. 

  135.     /* zero state */

  136.     for (i = 0; i < 25; i++) {

  137.         s[i] = _mm256_xor_si256(s[i], s[i]);

  138.     }

  139. 

  140.     /* absorb 4 message of identical length in parallel */

  141.     keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, (size_t)inlen, 0x1F);

  142. 

  143.     /* Squeeze output */

  144.     keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);

  145. 

  146.     out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;

  147.     out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;

  148.     out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;

  149.     out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;

  150. 

  151.     if (outlen % SHAKE128_RATE) {

  152.         keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);

  153.         for (i = 0; i < outlen % SHAKE128_RATE; i++) {

  154.             out0[i] = t0[i];

  155.             out1[i] = t1[i];

  156.             out2[i] = t2[i];

  157.             out3[i] = t3[i];

  158.         }

  159.     }

  160. }

  161. 

  162. 

  163. void PQCLEAN_SPHINCSSHAKE256192SROBUST_AVX2_shake256x4(unsigned char *out0,

  164.         unsigned char *out1,

  165.         unsigned char *out2,

  166.         unsigned char *out3,

  167.         unsigned long long outlen,

  168.         unsigned char *in0,

  169.         unsigned char *in1,

  170.         unsigned char *in2,

  171.         unsigned char *in3,

  172.         unsigned long long inlen) {

  173.     __m256i s[25];

  174.     unsigned char t0[SHAKE256_RATE];

  175.     unsigned char t1[SHAKE256_RATE];

  176.     unsigned char t2[SHAKE256_RATE];

  177.     unsigned char t3[SHAKE256_RATE];

  178.     unsigned int i;

  179. 

  180.     /* zero state */

  181.     for (i = 0; i < 25; i++) {

  182.         s[i] = _mm256_xor_si256(s[i], s[i]);

  183.     }

  184. 

  185.     /* absorb 4 message of identical length in parallel */

  186.     keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, (size_t)inlen, 0x1F);

  187. 

  188.     /* Squeeze output */

  189.     keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);

  190. 

  191.     out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;

  192.     out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;

  193.     out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;

  194.     out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;

  195. 

  196.     if (outlen % SHAKE256_RATE) {

  197.         keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);

  198.         for (i = 0; i < outlen % SHAKE256_RATE; i++) {

  199.             out0[i] = t0[i];

  200.             out1[i] = t1[i];

  201.             out2[i] = t2[i];

  202.             out3[i] = t3[i];

  203.         }

  204.     }

  205. }