From 175f09ffd806f2f19cd509017a67ae1384f29ae1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 11 Oct 2017 17:02:20 -0400 Subject: Add compile-time rotation functions The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for. --- src/lib/mac/siphash/siphash.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src/lib/mac/siphash/siphash.cpp') diff --git a/src/lib/mac/siphash/siphash.cpp b/src/lib/mac/siphash/siphash.cpp index 54adcd5a5..255a35493 100644 --- a/src/lib/mac/siphash/siphash.cpp +++ b/src/lib/mac/siphash/siphash.cpp @@ -19,16 +19,16 @@ void SipRounds(uint64_t M, secure_vector& V, size_t r) for(size_t i = 0; i != r; ++i) { V0 += V1; V2 += V3; - V1 = rotate_left(V1, 13); - V3 = rotate_left(V3, 16); + V1 = rotl<13>(V1); + V3 = rotl<16>(V3); V1 ^= V0; V3 ^= V2; - V0 = rotate_left(V0, 32); + V0 = rotl<32>(V0); V2 += V1; V0 += V3; - V1 = rotate_left(V1, 17); - V3 = rotate_left(V3, 21); + V1 = rotl<17>(V1); + V3 = rotl<21>(V3); V1 ^= V2; V3 ^= V0; - V2 = rotate_left(V2, 32); + V2 = rotl<32>(V2); } V0 ^= M; -- cgit v1.2.3