mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-24 12:36:01 -07:00
AEGIS: improve performance of AD absorption on x86_64
No apparent regression on other platforms. Adapted from libaegis.
This commit is contained in:
parent
193cab86d3
commit
a67325c42c
@ -74,6 +74,19 @@ aegis128l_absorb(const uint8_t *const src, aes_block_t *const state)
|
|||||||
aegis128l_update(state, msg0, msg1);
|
aegis128l_update(state, msg0, msg1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline void
|
||||||
|
aegis128l_absorb2(const uint8_t *const src, aes_block_t *const state)
|
||||||
|
{
|
||||||
|
aes_block_t msg0, msg1, msg2, msg3;
|
||||||
|
|
||||||
|
msg0 = AES_BLOCK_LOAD(src + 0 * AES_BLOCK_LENGTH);
|
||||||
|
msg1 = AES_BLOCK_LOAD(src + 1 * AES_BLOCK_LENGTH);
|
||||||
|
msg2 = AES_BLOCK_LOAD(src + 2 * AES_BLOCK_LENGTH);
|
||||||
|
msg3 = AES_BLOCK_LOAD(src + 3 * AES_BLOCK_LENGTH);
|
||||||
|
aegis128l_update(state, msg0, msg1);
|
||||||
|
aegis128l_update(state, msg2, msg3);
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
aegis128l_enc(uint8_t *const dst, const uint8_t *const src, aes_block_t *const state)
|
aegis128l_enc(uint8_t *const dst, const uint8_t *const src, aes_block_t *const state)
|
||||||
{
|
{
|
||||||
@ -154,7 +167,10 @@ encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size
|
|||||||
|
|
||||||
aegis128l_init(k, npub, state);
|
aegis128l_init(k, npub, state);
|
||||||
|
|
||||||
for (i = 0; i + RATE <= adlen; i += RATE) {
|
for (i = 0; i + RATE * 2 <= adlen; i += RATE * 2) {
|
||||||
|
aegis128l_absorb2(ad + i, state);
|
||||||
|
}
|
||||||
|
for (; i + RATE <= adlen; i += RATE) {
|
||||||
aegis128l_absorb(ad + i, state);
|
aegis128l_absorb(ad + i, state);
|
||||||
}
|
}
|
||||||
if (adlen % RATE) {
|
if (adlen % RATE) {
|
||||||
@ -189,7 +205,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac,
|
|||||||
|
|
||||||
aegis128l_init(k, npub, state);
|
aegis128l_init(k, npub, state);
|
||||||
|
|
||||||
for (i = 0; i + RATE <= adlen; i += RATE) {
|
for (i = 0; i + RATE * 2 <= adlen; i += RATE * 2) {
|
||||||
|
aegis128l_absorb2(ad + i, state);
|
||||||
|
}
|
||||||
|
for (; i + RATE <= adlen; i += RATE) {
|
||||||
aegis128l_absorb(ad + i, state);
|
aegis128l_absorb(ad + i, state);
|
||||||
}
|
}
|
||||||
if (adlen % RATE) {
|
if (adlen % RATE) {
|
||||||
|
@ -73,6 +73,17 @@ aegis256_absorb(const uint8_t *const src, aes_block_t *const state)
|
|||||||
aegis256_update(state, msg);
|
aegis256_update(state, msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline void
|
||||||
|
aegis256_absorb2(const uint8_t *const src, aes_block_t *const state)
|
||||||
|
{
|
||||||
|
aes_block_t msg, msg2;
|
||||||
|
|
||||||
|
msg = AES_BLOCK_LOAD(src + 0 * AES_BLOCK_LENGTH);
|
||||||
|
msg2 = AES_BLOCK_LOAD(src + 1 * AES_BLOCK_LENGTH);
|
||||||
|
aegis256_update(state, msg);
|
||||||
|
aegis256_update(state, msg2);
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
aegis256_enc(uint8_t *const dst, const uint8_t *const src, aes_block_t *const state)
|
aegis256_enc(uint8_t *const dst, const uint8_t *const src, aes_block_t *const state)
|
||||||
{
|
{
|
||||||
@ -139,7 +150,10 @@ encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size
|
|||||||
|
|
||||||
aegis256_init(k, npub, state);
|
aegis256_init(k, npub, state);
|
||||||
|
|
||||||
for (i = 0; i + RATE <= adlen; i += RATE) {
|
for (i = 0; i + 2 * RATE <= adlen; i += 2 * RATE) {
|
||||||
|
aegis256_absorb2(ad + i, state);
|
||||||
|
}
|
||||||
|
for (; i + RATE <= adlen; i += RATE) {
|
||||||
aegis256_absorb(ad + i, state);
|
aegis256_absorb(ad + i, state);
|
||||||
}
|
}
|
||||||
if (adlen % RATE) {
|
if (adlen % RATE) {
|
||||||
@ -174,7 +188,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac,
|
|||||||
|
|
||||||
aegis256_init(k, npub, state);
|
aegis256_init(k, npub, state);
|
||||||
|
|
||||||
for (i = 0; i + RATE <= adlen; i += RATE) {
|
for (i = 0; i + 2 * RATE <= adlen; i += 2 * RATE) {
|
||||||
|
aegis256_absorb2(ad + i, state);
|
||||||
|
}
|
||||||
|
for (; i + RATE <= adlen; i += RATE) {
|
||||||
aegis256_absorb(ad + i, state);
|
aegis256_absorb(ad + i, state);
|
||||||
}
|
}
|
||||||
if (adlen % RATE) {
|
if (adlen % RATE) {
|
||||||
|
Loading…
Reference in New Issue
Block a user