Add compile-time rotation functions

The problem with asm rol/ror is the compiler can't schedule effectively.
But we only need asm in the case when the rotation is variable, so distinguish
the two cases. If a compile time constant, then static_assert that the rotation
is in the correct range and do the straightforward expression knowing the compiler
will probably do the right thing. Otherwise do a tricky expression that both
GCC and Clang happen to have recognize. Avoid the reduction case; instead
require that the rotation be in range (this reverts 2b37c13dcf).

Remove the asm rotations (making this branch illnamed), because now both Clang
and GCC will create a roll without any extra help.

Remove the reduction/mask by the word size for the variable case. The compiler
can't optimize that it out well, but it's easy to ensure it is valid in the callers,
especially now that the variable input cases are easy to grep for.

2 files changed, 16 insertions, 16 deletions

diff --git a/src/lib/stream/chacha/chacha.cpp b/src/lib/stream/chacha/chacha.cpp
index d56f9e60a..0bbb47bcb 100644
--- a/src/lib/stream/chacha/chacha.cpp
+++ b/src/lib/stream/chacha/chacha.cpp
@@ -49,12 +49,12 @@ void ChaCha::chacha_x4(uint8_t output[64*4], uint32_t input[16], size_t rounds)
              x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
              x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
 
-#define CHACHA_QUARTER_ROUND(a, b, c, d)        \
-      do {                                      \
-      a += b; d ^= a; d = rotate_left(d, 16);   \
-      c += d; b ^= c; b = rotate_left(b, 12);   \
-      a += b; d ^= a; d = rotate_left(d, 8);    \
-      c += d; b ^= c; b = rotate_left(b, 7);    \
+#define CHACHA_QUARTER_ROUND(a, b, c, d) \
+      do {                               \
+      a += b; d ^= a; d = rotl<16>(d);   \
+      c += d; b ^= c; b = rotl<12>(b);   \
+      a += b; d ^= a; d = rotl<8>(d);    \
+      c += d; b ^= c; b = rotl<7>(b);    \
       } while(0)
 
       for(size_t r = 0; r != rounds / 2; ++r)
diff --git a/src/lib/stream/salsa20/salsa20.cpp b/src/lib/stream/salsa20/salsa20.cpp
index 1c8846183..e27b2d2bb 100644
--- a/src/lib/stream/salsa20/salsa20.cpp
+++ b/src/lib/stream/salsa20/salsa20.cpp
@@ -14,10 +14,10 @@ namespace {
 
 #define SALSA20_QUARTER_ROUND(x1, x2, x3, x4)    \
    do {                                          \
-      x2 ^= rotate_left(x1 + x4,  7);            \
-      x3 ^= rotate_left(x2 + x1,  9);            \
-      x4 ^= rotate_left(x3 + x2, 13);            \
-      x1 ^= rotate_left(x4 + x3, 18);            \
+      x2 ^= rotl<7>(x1 + x4);                    \
+      x3 ^= rotl<9>(x2 + x1);                    \
+      x4 ^= rotl<13>(x3 + x2);                   \
+      x1 ^= rotl<18>(x4 + x3);                   \
    } while(0)
 
 /*
@@ -26,9 +26,9 @@ namespace {
 void hsalsa20(uint32_t output[8], const uint32_t input[16])
    {
    uint32_t x00 = input[ 0], x01 = input[ 1], x02 = input[ 2], x03 = input[ 3],
-          x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7],
-          x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
-          x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
+            x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7],
+            x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
+            x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
 
    for(size_t i = 0; i != 10; ++i)
       {
@@ -59,9 +59,9 @@ void hsalsa20(uint32_t output[8], const uint32_t input[16])
 void salsa20(uint8_t output[64], const uint32_t input[16])
    {
    uint32_t x00 = input[ 0], x01 = input[ 1], x02 = input[ 2], x03 = input[ 3],
-          x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7],
-          x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
-          x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
+            x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7],
+            x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
+            x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
 
    for(size_t i = 0; i != 10; ++i)
       {