diff options
author | Jack Lloyd <[email protected]> | 2017-10-11 17:02:20 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-10-12 11:13:11 -0400 |
commit | 175f09ffd806f2f19cd509017a67ae1384f29ae1 (patch) | |
tree | 6194884467e4720dd79797cd106a45d60211f35f /src/lib/hash/sha3/sha3.cpp | |
parent | 40b3f979723b2b3dfb5c44047d7f786a73fd7f6f (diff) |
Add compile-time rotation functions
The problem with asm rol/ror is the compiler can't schedule effectively.
But we only need asm in the case when the rotation is variable, so distinguish
the two cases. If a compile time constant, then static_assert that the rotation
is in the correct range and do the straightforward expression knowing the compiler
will probably do the right thing. Otherwise do a tricky expression that both
GCC and Clang happen to have recognize. Avoid the reduction case; instead
require that the rotation be in range (this reverts 2b37c13dcf).
Remove the asm rotations (making this branch illnamed), because now both Clang
and GCC will create a roll without any extra help.
Remove the reduction/mask by the word size for the variable case. The compiler
can't optimize that it out well, but it's easy to ensure it is valid in the callers,
especially now that the variable input cases are easy to grep for.
Diffstat (limited to 'src/lib/hash/sha3/sha3.cpp')
-rw-r--r-- | src/lib/hash/sha3/sha3.cpp | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/src/lib/hash/sha3/sha3.cpp b/src/lib/hash/sha3/sha3.cpp index e829c3f70..1556e5498 100644 --- a/src/lib/hash/sha3/sha3.cpp +++ b/src/lib/hash/sha3/sha3.cpp @@ -37,37 +37,37 @@ void SHA_3::permute(uint64_t A[25]) const uint64_t C3 = A[3] ^ A[8] ^ A[13] ^ A[18] ^ A[23]; const uint64_t C4 = A[4] ^ A[9] ^ A[14] ^ A[19] ^ A[24]; - const uint64_t D0 = rotate_left(C0, 1) ^ C3; - const uint64_t D1 = rotate_left(C1, 1) ^ C4; - const uint64_t D2 = rotate_left(C2, 1) ^ C0; - const uint64_t D3 = rotate_left(C3, 1) ^ C1; - const uint64_t D4 = rotate_left(C4, 1) ^ C2; + const uint64_t D0 = rotl<1>(C0) ^ C3; + const uint64_t D1 = rotl<1>(C1) ^ C4; + const uint64_t D2 = rotl<1>(C2) ^ C0; + const uint64_t D3 = rotl<1>(C3) ^ C1; + const uint64_t D4 = rotl<1>(C4) ^ C2; const uint64_t B00 = A[ 0] ^ D1; - const uint64_t B10 = rotate_left(A[ 1] ^ D2, 1); - const uint64_t B20 = rotate_left(A[ 2] ^ D3, 62); - const uint64_t B05 = rotate_left(A[ 3] ^ D4, 28); - const uint64_t B15 = rotate_left(A[ 4] ^ D0, 27); - const uint64_t B16 = rotate_left(A[ 5] ^ D1, 36); - const uint64_t B01 = rotate_left(A[ 6] ^ D2, 44); - const uint64_t B11 = rotate_left(A[ 7] ^ D3, 6); - const uint64_t B21 = rotate_left(A[ 8] ^ D4, 55); - const uint64_t B06 = rotate_left(A[ 9] ^ D0, 20); - const uint64_t B07 = rotate_left(A[10] ^ D1, 3); - const uint64_t B17 = rotate_left(A[11] ^ D2, 10); - const uint64_t B02 = rotate_left(A[12] ^ D3, 43); - const uint64_t B12 = rotate_left(A[13] ^ D4, 25); - const uint64_t B22 = rotate_left(A[14] ^ D0, 39); - const uint64_t B23 = rotate_left(A[15] ^ D1, 41); - const uint64_t B08 = rotate_left(A[16] ^ D2, 45); - const uint64_t B18 = rotate_left(A[17] ^ D3, 15); - const uint64_t B03 = rotate_left(A[18] ^ D4, 21); - const uint64_t B13 = rotate_left(A[19] ^ D0, 8); - const uint64_t B14 = rotate_left(A[20] ^ D1, 18); - const uint64_t B24 = rotate_left(A[21] ^ D2, 2); - const uint64_t B09 = rotate_left(A[22] ^ D3, 61); - const uint64_t B19 = rotate_left(A[23] ^ D4, 56); - const uint64_t B04 = rotate_left(A[24] ^ D0, 14); + const uint64_t B10 = rotl<1>(A[ 1] ^ D2); + const uint64_t B20 = rotl<62>(A[ 2] ^ D3); + const uint64_t B05 = rotl<28>(A[ 3] ^ D4); + const uint64_t B15 = rotl<27>(A[ 4] ^ D0); + const uint64_t B16 = rotl<36>(A[ 5] ^ D1); + const uint64_t B01 = rotl<44>(A[ 6] ^ D2); + const uint64_t B11 = rotl<6>(A[ 7] ^ D3); + const uint64_t B21 = rotl<55>(A[ 8] ^ D4); + const uint64_t B06 = rotl<20>(A[ 9] ^ D0); + const uint64_t B07 = rotl<3>(A[10] ^ D1); + const uint64_t B17 = rotl<10>(A[11] ^ D2); + const uint64_t B02 = rotl<43>(A[12] ^ D3); + const uint64_t B12 = rotl<25>(A[13] ^ D4); + const uint64_t B22 = rotl<39>(A[14] ^ D0); + const uint64_t B23 = rotl<41>(A[15] ^ D1); + const uint64_t B08 = rotl<45>(A[16] ^ D2); + const uint64_t B18 = rotl<15>(A[17] ^ D3); + const uint64_t B03 = rotl<21>(A[18] ^ D4); + const uint64_t B13 = rotl<8>(A[19] ^ D0); + const uint64_t B14 = rotl<18>(A[20] ^ D1); + const uint64_t B24 = rotl<2>(A[21] ^ D2); + const uint64_t B09 = rotl<61>(A[22] ^ D3); + const uint64_t B19 = rotl<56>(A[23] ^ D4); + const uint64_t B04 = rotl<14>(A[24] ^ D0); A[ 0] = B00 ^ (~B01 & B02); A[ 1] = B01 ^ (~B02 & B03); |