AEGIS/ARM: help the compiler emit eor3 instructions on recent ARM CPUs

2024-12-19 10:05:05 -07:00 · 2023-03-12 23:41:23 +01:00 · 2023-03-12 23:41:23 +01:00 · 66a68f0947
commit 66a68f0947
parent da1be5bf55
2 changed files with 4 additions and 7 deletions
--- a/src/libsodium/crypto_aead/aegis128l/armcrypto/aead_aegis128l_armcrypto.c
+++ b/src/libsodium/crypto_aead/aegis128l/armcrypto/aead_aegis128l_armcrypto.c
@ -36,14 +36,11 @@ aegis128l_update(aes_block_t *const state, const aes_block_t d1, const aes_block
    state[7] = AES_ENC(state[6], state[7]);
    state[6] = AES_ENC(state[5], state[6]);
    state[5] = AES_ENC(state[4], state[5]);
-    state[4] = AES_ENC(state[3], state[4]);
+    state[4] = AES_BLOCK_XOR(AES_ENC(state[3], state[4]), d2);
    state[3] = AES_ENC(state[2], state[3]);
    state[2] = AES_ENC(state[1], state[2]);
    state[1] = AES_ENC(state[0], state[1]);
-    state[0] = AES_ENC(tmp, state[0]);
-
-    state[0] = AES_BLOCK_XOR(state[0], d1);
-    state[4] = AES_BLOCK_XOR(state[4], d2);
+    state[0] = AES_BLOCK_XOR(AES_ENC(tmp, state[0]), d1);
 }

 static void
--- a/src/libsodium/crypto_aead/aegis256/armcrypto/aead_aegis256_armcrypto.c
+++ b/src/libsodium/crypto_aead/aegis256/armcrypto/aead_aegis256_armcrypto.c
@ -32,13 +32,13 @@ aegis256_update(aes_block_t *const state, const aes_block_t data)
 {
    aes_block_t tmp;

-    tmp      = AES_ENC(state[5], state[0]);
+    tmp      = AES_BLOCK_XOR(AES_ENC(state[5], state[0]), data);
    state[5] = AES_ENC(state[4], state[5]);
    state[4] = AES_ENC(state[3], state[4]);
    state[3] = AES_ENC(state[2], state[3]);
    state[2] = AES_ENC(state[1], state[2]);
    state[1] = AES_ENC(state[0], state[1]);
-    state[0] = AES_BLOCK_XOR(tmp, data);
+    state[0] = tmp;
 }

 static void